[Qemu-devel] [PATCH 00/38] Add double-word addition and widening multiply tcg ops

[Richard Henderson]

... and use them where appropriate in the targets.  As can be seen,
most targets can make use of a widening multiply.  And if one is
sufficiently clever, one can use add2 to significantly improve carry
generation for the target.

This patch series is based on the target-i386 flags rewrite that I
just posted, but except for the two target-i386 patches, isn't really
dependant on it.

This patch series also cleans up target-ppc more ought to be present
here, but I didn't feel up to breaking it out as a prerequisite.


r~


Richard Henderson (38):
  tcg: Make 32-bit multiword operations optional for 64-bit hosts
  tcg-i386: Always implement 32-bit multiword ops
  tcg-sparc: Always implement 32-bit multiword ops
  tcg: Add 64-bit multiword arithmetic operations
  tcg: Add signed multiword multiplication operations
  tcg: Implement a 64-bit to 32-bit extraction helper
  tcg: Implement multiword multiply helpers
  tcg: Implement multiword addition helpers
  tcg-i386: Implement multiword arithmetic ops
  tcg-arm: Implement muls2_i32
  target-i386: Use mulu2 and muls2
  target-i386: Use add2 to implement the ADX extension
  tcg: Implement muls2 with mulu2
  tcg: Apply life analysis to 64-bit multiword arithmetic ops
  target-alpha: Use mulu2 for umulh insn
  target-s390x: Use mulu2 for mlgr insn
  target-arm: Use mul[us]2 in gen_mul[us]_i64_i32
  target-arm: Use mul[us]2 and add2 in umlal et al
  target-arm: Use add2 in gen_add_CC
  target-arm: Implement adc_cc inline
  target-arm: Implement sbc_cc inline
  target-mips: Use mul[us]2 in [D]MULT[U] insns
  target-cris: Use mul*2 in mul* insns
  target-ppc: Use mul*2 in mulh* insns
  target-ppc: Split out SO, OV, CA fields from XER
  target-ppc: Use setcond in gen_op_cmp
  target-ppc: Compute addition overflow without branches
  target-ppc: Compute addition carry with setcond
  target-ppc: Use add2 for carry generation
  target-ppc: Implement neg in terms of subf
  target-ppc: Compute arithmetic shift carry without branches
  target-ppc: Compute mullwo without branches
  target-sparc: Use official add2/sub2 interfaces for addx/subx
  target-sparc: Use mul*2 for multiply
  target-sh4: Use mul*2 for dmul*
  target-unicore32: Use mul*2 for do_mult
  target-xtensa: Use mul*2 for mul*hi
  target-xtensa: Use add2/sub2 for mac

 target-alpha/helper.h|   1 -
 target-alpha/int_helper.c|   7 -
 target-alpha/translate.c |  20 +-
 target-arm/helper.c  |   5 -
 target-arm/helper.h  |   5 -
 target-arm/op_helper.c   |  30 --
 target-arm/translate.c   | 157 +++---
 target-cris/translate.c  |  44 +--
 target-i386/helper.h |   4 -
 target-i386/int_helper.c |  40 ---
 target-i386/translate.c  | 187 +---
 target-mips/helper.h |   2 -
 target-mips/op_helper.c  |  12 -
 target-mips/translate.c  |  48 ++-
 target-ppc/cpu.h |  24 +-
 target-ppc/helper.h  |   2 -
 target-ppc/int_helper.c  |  56 +---
 target-ppc/kvm.c |   4 +-
 target-ppc/machine.c |   8 +-
 target-ppc/translate.c   | 676 ++-
 target-ppc/translate_init.c  |   4 +-
 target-s390x/helper.h|   1 -
 target-s390x/int_helper.c|   8 -
 target-s390x/translate.c |   3 +-
 target-sh4/translate.c   |  30 +-
 target-sparc/translate.c |  87 +++---
 target-unicore32/translate.c |  83 +-
 target-xtensa/translate.c|  49 ++--
 tcg-runtime.c|  16 +-
 tcg/README   |  30 +-
 tcg/arm/tcg-target.c |   4 +
 tcg/arm/tcg-target.h |   1 +
 tcg/hppa/tcg-target.h|   1 +
 tcg/i386/tcg-target.c|  49 ++--
 tcg/i386/tcg-target.h|   8 +
 tcg/ia64/tcg-target.h|   8 +
 tcg/mips/tcg-target.h|   1 +
 tcg/optimize.c   |   5 +-
 tcg/ppc/tcg-target.h |   1 +
 tcg/ppc64/tcg-target.h   |   8 +
 tcg/s390/tcg-target.h|   8 +
 tcg/sparc/tcg-target.c   |   6 +-
 tcg/sparc/tcg-target.h   |   8 +
 tcg/tcg-op.h | 228 +++
 tcg/tcg-opc.h|  12 +-
 tcg/tcg-runtime.h|   2 +
 tcg/tcg.c|  28 +-
 tcg/tcg.h|  10 +-
 tcg/tci/tcg-target.h |   9 +
 49 files changed, 1013 insertions(+), 1027 deletions(-)

-- 
1.8.1.2

[Qemu-devel] [PATCH v1 5/5] xilinx_spips: seperate SPI and QSPI as two classes

[Peter Crosthwaite]

Make SPI and QSPI different classes. QSPIPS is setup as a child of SPIPS.
Only QSPI has the LQSPI functionality, so move all that to the child class.

Signed-off-by: Peter Crosthwaite 
---

 hw/xilinx_spips.c |   66 ++--
 hw/xilinx_zynq.c  |2 +-
 2 files changed, 54 insertions(+), 14 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 530ef47..46883a5 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -149,15 +149,23 @@ typedef struct {
 uint8_t num_txrx_bytes;
 
 uint32_t regs[R_MAX];
+} XilinxSPIPS;
+
+typedef struct {
+XilinxSPIPS parent;
 
 uint32_t lqspi_buf[LQSPI_CACHE_SIZE];
 hwaddr lqspi_cached_addr;
-} XilinxSPIPS;
+} XilinxQSPIPS;
 
-#define TYPE_XILINX_SPIPS "xilinx,spips"
+
+#define TYPE_XILINX_SPIPS "xlnx.ps7-spi"
+#define TYPE_XILINX_QSPIPS "xlnx.ps7-qspi"
 
 #define XILINX_SPIPS(obj) \
  OBJECT_CHECK(XilinxSPIPS, (obj), TYPE_XILINX_SPIPS)
+#define XILINX_QSPIPS(obj) \
+ OBJECT_CHECK(XilinxQSPIPS, (obj), TYPE_XILINX_QSPIPS)
 
 static inline int num_effective_busses(XilinxSPIPS *s)
 {
@@ -436,11 +444,12 @@ static uint64_t
 lqspi_read(void *opaque, hwaddr addr, unsigned int size)
 {
 int i;
+XilinxQSPIPS *q = opaque;
 XilinxSPIPS *s = opaque;
 
-if (addr >= s->lqspi_cached_addr &&
-addr <= s->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) {
-return s->lqspi_buf[(addr - s->lqspi_cached_addr) >> 2];
+if (addr >= q->lqspi_cached_addr &&
+addr <= q->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) {
+return q->lqspi_buf[(addr - q->lqspi_cached_addr) >> 2];
 } else {
 int flash_addr = (addr / num_effective_busses(s));
 int slave = flash_addr >> LQSPI_ADDRESS_BITS;
@@ -484,14 +493,14 @@ lqspi_read(void *opaque, hwaddr addr, unsigned int size)
 for (i = 0; i < LQSPI_CACHE_SIZE / 4; ++i) {
 tx_data_bytes(s, 0, 4);
 xilinx_spips_flush_txfifo(s);
-rx_data_bytes(s, &s->lqspi_buf[cache_entry], 4);
+rx_data_bytes(s, &q->lqspi_buf[cache_entry], 4);
 cache_entry++;
 }
 
 s->regs[R_CONFIG] |= CS;
 xilinx_spips_update_cs_lines(s);
 
-s->lqspi_cached_addr = addr;
+q->lqspi_cached_addr = addr;
 return lqspi_read(opaque, addr, size);
 }
 }
@@ -511,7 +520,7 @@ static void xilinx_spips_realize(DeviceState *dev, Error 
**errp)
 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 int i;
 
-DB_PRINT("inited device model\n");
+DB_PRINT("realized spips\n");
 
 s->spi = g_new(SSIBus *, s->num_busses);
 for (i = 0; i < s->num_busses; ++i) {
@@ -531,17 +540,32 @@ static void xilinx_spips_realize(DeviceState *dev, Error 
**errp)
 memory_region_init_io(&s->iomem, &spips_ops, s, "spi", R_MAX*4);
 sysbus_init_mmio(sbd, &s->iomem);
 
-memory_region_init_io(&s->mmlqspi, &lqspi_ops, s, "lqspi",
-  (1 << LQSPI_ADDRESS_BITS) * 2);
-sysbus_init_mmio(sbd, &s->mmlqspi);
-
 s->irqline = -1;
-s->lqspi_cached_addr = ~0ULL;
 
 fifo8_create(&s->rx_fifo, RXFF_A);
 fifo8_create(&s->tx_fifo, TXFF_A);
 }
 
+static void xilinx_qspips_realize(DeviceState *dev, Error **errp)
+{
+XilinxSPIPS *s = XILINX_SPIPS(dev);
+XilinxQSPIPS *q = XILINX_SPIPS(dev);
+SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+DB_PRINT("realized qspips\n");
+
+s->num_busses = 2;
+s->num_cs = 2;
+s->num_txrx_bytes = 4;
+
+xilinx_spips_realize(dev, errp);
+memory_region_init_io(&s->mmlqspi, &lqspi_ops, s, "lqspi",
+  (1 << LQSPI_ADDRESS_BITS) * 2);
+sysbus_init_mmio(sbd, &s->mmlqspi);
+
+q->lqspi_cached_addr = ~0ULL;
+}
+
 static int xilinx_spips_post_load(void *opaque, int version_id)
 {
 xilinx_spips_update_ixr((XilinxSPIPS *)opaque);
@@ -570,6 +594,14 @@ static Property xilinx_spips_properties[] = {
 DEFINE_PROP_UINT8("num-txrx-bytes", XilinxSPIPS, num_txrx_bytes, 1),
 DEFINE_PROP_END_OF_LIST(),
 };
+
+static void xilinx_qspips_class_init(ObjectClass *klass, void * data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->realize = xilinx_qspips_realize;
+}
+
 static void xilinx_spips_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -587,9 +619,17 @@ static const TypeInfo xilinx_spips_info = {
 .class_init = xilinx_spips_class_init,
 };
 
+static const TypeInfo xilinx_qspips_info = {
+.name  = TYPE_XILINX_QSPIPS,
+.parent = TYPE_XILINX_SPIPS,
+.instance_size  = sizeof(XilinxQSPIPS),
+.class_init = xilinx_qspips_class_init,
+};
+
 static void xilinx_spips_register_types(void)
 {
 type_register_static(&xilinx_spips_info);
+type_register_static(&xilinx_qspips_info);
 }
 
 type_init(xilinx_spips_register_types)
diff --git a/hw/xilinx_zynq.c b/hw/xilinx_zynq.c
index 311f791..a4909f4 100644
--- a/hw/xilinx_zynq.c
+++ b/hw/xilinx_zynq.c
@@ -62,7 +62,7 @@ static inline void

[Qemu-devel] [PATCH v1 1/5] xilinx_spips: Set unused IRQs to NULL

[Peter Crosthwaite]

Unused CS lines should init to 0 to avoid segfaulting when accessing an
unattached QSPI controller.

Signed-off-by: Peter Crosthwaite 
---

 hw/xilinx_spips.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 42e019d..3eee828 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -497,7 +497,7 @@ static int xilinx_spips_init(SysBusDevice *dev)
 s->spi[i] = ssi_create_bus(&dev->qdev, bus_name);
 }
 
-s->cs_lines = g_new(qemu_irq, s->num_cs * s->num_busses);
+s->cs_lines = g_new0(qemu_irq, s->num_cs * s->num_busses);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[0]);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[1]);
 sysbus_init_irq(dev, &s->irq);
-- 
1.7.0.4

[Qemu-devel] [PATCH v1 4/5] xilinx_spips: QOM styling fixes

[Peter Crosthwaite]

Few fixes for the latest QOM styling guides.

Signed-off-by: Peter Crosthwaite 
---

 hw/xilinx_spips.c |   29 -
 1 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 45a1c51..530ef47 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -154,6 +154,11 @@ typedef struct {
 hwaddr lqspi_cached_addr;
 } XilinxSPIPS;
 
+#define TYPE_XILINX_SPIPS "xilinx,spips"
+
+#define XILINX_SPIPS(obj) \
+ OBJECT_CHECK(XilinxSPIPS, (obj), TYPE_XILINX_SPIPS)
+
 static inline int num_effective_busses(XilinxSPIPS *s)
 {
 return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS &&
@@ -210,7 +215,7 @@ static void xilinx_spips_update_ixr(XilinxSPIPS *s)
 
 static void xilinx_spips_reset(DeviceState *d)
 {
-XilinxSPIPS *s = DO_UPCAST(XilinxSPIPS, busdev.qdev, d);
+XilinxSPIPS *s = XILINX_SPIPS(d);
 
 int i;
 for (i = 0; i < R_MAX; i++) {
@@ -500,9 +505,10 @@ static const MemoryRegionOps lqspi_ops = {
 }
 };
 
-static int xilinx_spips_init(SysBusDevice *dev)
+static void xilinx_spips_realize(DeviceState *dev, Error **errp)
 {
-XilinxSPIPS *s = FROM_SYSBUS(typeof(*s), dev);
+XilinxSPIPS *s = XILINX_SPIPS(dev);
+SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 int i;
 
 DB_PRINT("inited device model\n");
@@ -511,31 +517,29 @@ static int xilinx_spips_init(SysBusDevice *dev)
 for (i = 0; i < s->num_busses; ++i) {
 char bus_name[16];
 snprintf(bus_name, 16, "spi%d", i);
-s->spi[i] = ssi_create_bus(&dev->qdev, bus_name);
+s->spi[i] = ssi_create_bus(dev, bus_name);
 }
 
 s->cs_lines = g_new0(qemu_irq, s->num_cs * s->num_busses);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[0]);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[1]);
-sysbus_init_irq(dev, &s->irq);
+sysbus_init_irq(sbd, &s->irq);
 for (i = 0; i < s->num_cs * s->num_busses; ++i) {
-sysbus_init_irq(dev, &s->cs_lines[i]);
+sysbus_init_irq(sbd, &s->cs_lines[i]);
 }
 
 memory_region_init_io(&s->iomem, &spips_ops, s, "spi", R_MAX*4);
-sysbus_init_mmio(dev, &s->iomem);
+sysbus_init_mmio(sbd, &s->iomem);
 
 memory_region_init_io(&s->mmlqspi, &lqspi_ops, s, "lqspi",
   (1 << LQSPI_ADDRESS_BITS) * 2);
-sysbus_init_mmio(dev, &s->mmlqspi);
+sysbus_init_mmio(sbd, &s->mmlqspi);
 
 s->irqline = -1;
 s->lqspi_cached_addr = ~0ULL;
 
 fifo8_create(&s->rx_fifo, RXFF_A);
 fifo8_create(&s->tx_fifo, TXFF_A);
-
-return 0;
 }
 
 static int xilinx_spips_post_load(void *opaque, int version_id)
@@ -569,16 +573,15 @@ static Property xilinx_spips_properties[] = {
 static void xilinx_spips_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
 
-sdc->init = xilinx_spips_init;
+dc->realize = xilinx_spips_realize;
 dc->reset = xilinx_spips_reset;
 dc->props = xilinx_spips_properties;
 dc->vmsd = &vmstate_xilinx_spips;
 }
 
 static const TypeInfo xilinx_spips_info = {
-.name  = "xilinx,spips",
+.name  = TYPE_XILINX_SPIPS,
 .parent = TYPE_SYS_BUS_DEVICE,
 .instance_size  = sizeof(XilinxSPIPS),
 .class_init = xilinx_spips_class_init,
-- 
1.7.0.4

[Qemu-devel] [PATCH v1 2/5] xilinx_spips: Fix bus setup conditional check

[Peter Crosthwaite]

From: Nathan Rossi 

The R_LQPSI_CFG register has the LQSPI_CFG_SEP_BUS and LQSPI_CFG_TWO_MEM bits.

Signed-off-by: Nathan Rossi 
Signed-off-by: Peter Crosthwaite 
---

 hw/xilinx_spips.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 3eee828..03797c3 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -143,8 +143,8 @@ typedef struct {
 
 static inline int num_effective_busses(XilinxSPIPS *s)
 {
-return (s->regs[R_LQSPI_STS] & LQSPI_CFG_SEP_BUS &&
-s->regs[R_LQSPI_STS] & LQSPI_CFG_TWO_MEM) ? s->num_busses : 1;
+return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS &&
+s->regs[R_LQSPI_CFG] & LQSPI_CFG_TWO_MEM) ? s->num_busses : 1;
 }
 
 static void xilinx_spips_update_cs_lines(XilinxSPIPS *s)
-- 
1.7.0.4

[Qemu-devel] [PATCH v1 0/5] Xilinx SPIPS updates

[Peter Crosthwaite]

Few updates to the Zynq SPI controller. Couple of bug-fixes/completions followed
by some QOMifying cleanup.


Nathan Rossi (2):
  xilinx_spips: Fix bus setup conditional check
  xilinx_spips: Add missing dual-bus snoop commands

Peter Crosthwaite (3):
  xilinx_spips: Set unused IRQs to NULL
  xilinx_spips: QOM styling fixes
  xilinx_spips: seperate SPI and QSPI as two classes

 hw/xilinx_spips.c |  124 +++--
 hw/xilinx_zynq.c  |2 +-
 2 files changed, 93 insertions(+), 33 deletions(-)

Re: [Qemu-devel] [PATCH v2 2/2] migration: add migrate_set_state(), add trace_migrate_set_state()

[Paolo Bonzini]

Il 20/02/2013 07:32, Kazuya Saito ha scritto:
> Signed-off-by: Kazuya Saito 

Unfortunately, this conflicts with my series to simplify migration.c
(branch migration-thread-20130115 in git://github.com/bonzini/qemu.git).

I'm not sure how to proceed here, because migrate_set_state doesn't
exist anymore.  Probably you need many different tracepoints.

Paolo

> ---
>  include/migration/migration.h |2 ++
>  migration.c   |   19 +--
>  trace-events  |3 +++
>  3 files changed, 18 insertions(+), 6 deletions(-)
> 
> diff --git a/include/migration/migration.h b/include/migration/migration.h
> index a8c9639..3d8b2a8 100644
> --- a/include/migration/migration.h
> +++ b/include/migration/migration.h
> @@ -132,4 +132,6 @@ int migrate_use_xbzrle(void);
>  int64_t migrate_xbzrle_cache_size(void);
> 
>  int64_t xbzrle_cache_resize(int64_t new_size);
> +
> +void migrate_set_state(MigrationState *s, int new_state);
>  #endif
> diff --git a/migration.c b/migration.c
> index b1ebb01..c52d634 100644
> --- a/migration.c
> +++ b/migration.c
> @@ -23,6 +23,7 @@
>  #include "migration/block.h"
>  #include "qemu/thread.h"
>  #include "qmp-commands.h"
> +#include "trace.h"
> 
>  //#define DEBUG_MIGRATION
> 
> @@ -277,7 +278,7 @@ static int migrate_fd_cleanup(MigrationState *s)
>  void migrate_fd_error(MigrationState *s)
>  {
>  DPRINTF("setting error state\n");
> -s->state = MIG_STATE_ERROR;
> +migrate_set_state(s, MIG_STATE_ERROR);
>  notifier_list_notify(&migration_state_notifiers, s);
>  migrate_fd_cleanup(s);
>  }
> @@ -286,9 +287,9 @@ static void migrate_fd_completed(MigrationState *s)
>  {
>  DPRINTF("setting completed state\n");
>  if (migrate_fd_cleanup(s) < 0) {
> -s->state = MIG_STATE_ERROR;
> +migrate_set_state(s, MIG_STATE_ERROR);
>  } else {
> -s->state = MIG_STATE_COMPLETED;
> +migrate_set_state(s, MIG_STATE_COMPLETED);
>  runstate_set(RUN_STATE_POSTMIGRATE);
>  }
>  notifier_list_notify(&migration_state_notifiers, s);
> @@ -320,7 +321,7 @@ static void migrate_fd_cancel(MigrationState *s)
> 
>  DPRINTF("cancelling migration\n");
> 
> -s->state = MIG_STATE_CANCELLED;
> +migrate_set_state(s, MIG_STATE_CANCELLED);
>  notifier_list_notify(&migration_state_notifiers, s);
>  qemu_savevm_state_cancel();
> 
> @@ -381,7 +382,7 @@ static MigrationState *migrate_init(const
> MigrationParams *params)
>  s->xbzrle_cache_size = xbzrle_cache_size;
> 
>  s->bandwidth_limit = bandwidth_limit;
> -s->state = MIG_STATE_SETUP;
> +migrate_set_state(s, MIG_STATE_SETUP);
>  s->total_time = qemu_get_clock_ms(rt_clock);
> 
>  return s;
> @@ -769,7 +770,7 @@ static const QEMUFileOps buffered_file_ops = {
> 
>  void migrate_fd_connect(MigrationState *s)
>  {
> -s->state = MIG_STATE_ACTIVE;
> +migrate_set_state(s, MIG_STATE_ACTIVE);
>  s->bytes_xfer = 0;
>  s->buffer = NULL;
>  s->buffer_size = 0;
> @@ -784,3 +785,9 @@ void migrate_fd_connect(MigrationState *s)
> QEMU_THREAD_DETACHED);
>  notifier_list_notify(&migration_state_notifiers, s);
>  }
> +
> +void migrate_set_state(MigrationState *s, int new_state)
> +{
> +s->state = new_state;
> +trace_migrate_set_state(new_state);
> +}
> diff --git a/trace-events b/trace-events
> index bf508f0..1be907e 100644
> --- a/trace-events
> +++ b/trace-events
> @@ -1091,3 +1091,6 @@ css_io_interrupt(int cssid, int ssid, int schid,
> uint32_t intparm, uint8_t isc,
>  # hw/s390x/virtio-ccw.c
>  virtio_ccw_interpret_ccw(int cssid, int ssid, int schid, int cmd_code)
> "VIRTIO-CCW: %x.%x.%04x: interpret command %x"
>  virtio_ccw_new_device(int cssid, int ssid, int schid, int devno, const
> char *devno_mode) "VIRTIO-CCW: add subchannel %x.%x.%04x, devno %04x (%s)"
> +
> +# migration.c
> +migrate_set_state(int new_state) "new state %d"
> 

Re: [Qemu-devel] [PATCH v3 1/6] RFC: Efficient VM backup for qemu

[Dietmar Maurer]

First, many thanks for the review!

> It is customary to send a 0/6 cover letter for details like this, rather than
> slamming it into the first patch (git send-email --cover-letter).
> Remember, once it is in git, it is no longer as easy to identify where a 
> series
> starts and ends, so the contents of the cover letter is not essential to git
> history, just to reviewers.
> 
> >
> > The file docs/backup-rfc.txt contains more details.
> 
> While naming the file *-rfc is fine for an RFC patch series, it better not be 
> the
> final name that you actually want committed.
> 
> >
> > Changes since v1:
> >
> > * fix spelling errors
> > * move BackupInfo from BDS to BackupBlockJob
> > * introduce BackupDriver to allow more than one backup format
> > * vma: add suport to store vmstate (size is not known in advance)
> > * add ability to store VM state
> >
> > Changes since v2:
> >
> > * BackupDriver: remove cancel_cb
> > * use enum for BackupFormat
> > * vma: use bdrv_open instead of bdrv_file_open
> > * vma: fix aio, use O_DIRECT
> > * backup one drive after another (try to avoid high load)
> 
> Also, it is customary to list series revision history after the --- separator;
> again, something useful for reviewers, but pointless in the actual git 
> history.
> 

OK, I will send a cover-letter next time.

> > Signed-off-by: Dietmar Maurer 
> > ---
> >  docs/backup-rfc.txt |  119
> > +++
> >  1 files changed, 119 insertions(+), 0 deletions(-)  create mode
> > 100644 docs/backup-rfc.txt
> >
> > diff --git a/docs/backup-rfc.txt b/docs/backup-rfc.txt new file mode
> > 100644 index 000..5b4b3df
> > --- /dev/null
> > +++ b/docs/backup-rfc.txt
> > @@ -0,0 +1,119 @@
> > +RFC: Efficient VM backup for qemu
> 
> You already have RFC in the subject line; you don't need it here in your
> proposed contents.

OK

> 
> > +
> > +That basically means that any data written during backup involve
> > +considerable overhead. For LVM we get the following steps:
> > +
> > +1.) read original data (VM write)
> 
> Shouldn't that be '(VM read)'?

No, that 'read' is triggered by the VM write .

> > +2.) write original data into snapshot (VM write)
> > +3.) write new data (VM write)
> > +4.) read data from snapshot (backup)
> > +5.) write data from snapshot into tar file (backup)
> > +
> > +Another approach to backup VM images is to create a new qcow2 image
> > +which use the old image as base. During backup, writes are redirected
> > +to the new image, so the old image represents a 'snapshot'. After
> > +backup, data need to be copied back from new image into the old one
> > +(commit). So a simple write during backup triggers the following
> > +steps:
> > +
> > +1.) write new data to new image (VM write)
> > +2.) read data from old image (backup)
> > +3.) write data from old image into tar file (backup)
> > +
> > +4.) read data from new image (commit)
> > +5.) write data to old image (commit)
> > +
> > +This is in fact the same overhead as before. Other tools like qemu
> > +livebackup produces similar overhead (2 reads, 3 writes).
> > +
> > +Some storage types/formats supports internal snapshots using some
> > +kind of reference counting (rados, sheepdog, dm-thin, qcow2). It
> > +would be possible to use that for backups, but for now we want to be
> storage-independent.
> > +
> > +Note: It turned out that taking a qcow2 snapshot can take a very long
> > +time on larger files.
> 
> That's an independent issue, and there have been patches proposed to try
> and reduce that time.

will remove that comment.

> 
> > +
> > +=Make it more efficient=
> > +
> > +The be more efficient, we simply need to avoid unnecessary steps. The
> > +following steps are always required:
> > +
> > +1.) read old data before it gets overwritten
> > +2.) write that data into the backup archive
> > +3.) write new data (VM write)
> > +
> > +As you can see, this involves only one read, an two writes.
> 
> s/an/and/
> 
> > +
> > +To make that work, our backup archive need to be able to store image
> > +data 'out of order'. It is important to notice that this will not
> > +work with traditional archive formats like tar.
> 
> Are you also requiring that the output file descriptor be seekable?  

No, it works with pipes (like tar). 

Re: [Qemu-devel] [PATCH 54/57] target-i386: Implement ADX extension

[Richard Henderson]

On 2013-02-19 09:40, Richard Henderson wrote:

+/* Otherwise compute the carry-out in two steps.  */
+tcg_gen_add_tl(cpu_T[0], cpu_T[0], cpu_regs[reg]);
+tcg_gen_setcond_tl(TCG_COND_LTU, cpu_tmp4,
+   cpu_T[0], cpu_regs[reg]);
+tcg_gen_add_tl(cpu_regs[reg], cpu_T[0], carry_in);
+tcg_gen_setcond_tl(TCG_COND_LTU, carry_out,
+   cpu_T[0], carry_in);


Typo in the carry_out computation here.  Fixed for the next revision.


r~

Re: [Qemu-devel] 3 new x86 instructions

[Richard Henderson]

On 2013-02-19 13:52, Torbjorn Granlund wrote:

Execute.  I believe correct behaviour is to print:

 000d 000d 040b 000a

The program under your special qemu instead prints:

 000e 000d 040b 000a

Perhaps I am being silly and the program is behaving correctly.


Nope, you found a typo in the comparison.  Annoyingly, not in the i686
version, which is what I'd tested by hand before.

I've pushed an update to my x86-next branch, and updated the eflags3
branch against which I posted patches for review this afternoon.


r~

[Qemu-devel] [PATCH] spapr pci: getting rid of "busname" property

[Alexey Kardashevskiy]

As sPAPRPHBState struct incapsulates DeviceState struct,
the "id" property can be set from the command line.
So there is no need in the "busname" property which is only used
to pass a PCI bus name from the spapr-pci-host-bridge device to
pci_register_bus().

Signed-off-by: Alexey Kardashevskiy 
---
 hw/spapr_pci.c |   13 +++--
 hw/spapr_pci.h |1 -
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/spapr_pci.c b/hw/spapr_pci.c
index a6885c4..45373ec 100644
--- a/hw/spapr_pci.c
+++ b/hw/spapr_pci.c
@@ -519,6 +519,7 @@ static int spapr_phb_init(SysBusDevice *s)
 sPAPRPHBState *sphb = SPAPR_PCI_HOST_BRIDGE(s);
 PCIHostState *phb = PCI_HOST_BRIDGE(s);
 char *namebuf;
+const char *busname;
 int i;
 PCIBus *bus;
 
@@ -575,9 +576,6 @@ static int spapr_phb_init(SysBusDevice *s)
 }   
 
 sphb->dtbusname = g_strdup_printf("pci@%" PRIx64, sphb->buid);
-if (!sphb->busname) {
-sphb->busname = sphb->dtbusname;
-}
 
 namebuf = alloca(strlen(sphb->dtbusname) + 32);
 
@@ -621,7 +619,11 @@ static int spapr_phb_init(SysBusDevice *s)
 &sphb->msiwindow);
 }
 
-bus = pci_register_bus(DEVICE(s), sphb->busname,
+busname = s->qdev.id;
+if (!busname || !busname[0]) {
+busname = sphb->dtbusname;
+}
+bus = pci_register_bus(DEVICE(s), busname,
pci_spapr_set_irq, pci_spapr_map_irq, sphb,
&sphb->memspace, &sphb->iospace,
PCI_DEVFN(0, 0), PCI_NUM_PINS);
@@ -663,7 +665,6 @@ static void spapr_phb_reset(DeviceState *qdev)
 }
 
 static Property spapr_phb_properties[] = {
-DEFINE_PROP_STRING("busname", sPAPRPHBState, busname),
 DEFINE_PROP_INT32("index", sPAPRPHBState, index, -1),
 DEFINE_PROP_HEX64("buid", sPAPRPHBState, buid, -1),
 DEFINE_PROP_HEX32("liobn", sPAPRPHBState, dma_liobn, -1),
@@ -750,7 +751,7 @@ PCIHostState *spapr_create_phb(sPAPREnvironment *spapr, int 
index,
 
 dev = qdev_create(NULL, TYPE_SPAPR_PCI_HOST_BRIDGE);
 qdev_prop_set_uint32(dev, "index", index);
-qdev_prop_set_string(dev, "busname", busname);
+dev->id = g_strdup(busname);
 qdev_init_nofail(dev);
 
 return PCI_HOST_BRIDGE(dev);
diff --git a/hw/spapr_pci.h b/hw/spapr_pci.h
index b05241d..35960d7 100644
--- a/hw/spapr_pci.h
+++ b/hw/spapr_pci.h
@@ -39,7 +39,6 @@ typedef struct sPAPRPHBState {
 
 int32_t index;
 uint64_t buid;
-char *busname;
 char *dtbusname;
 
 MemoryRegion memspace, iospace;
-- 
1.7.10.4

[Qemu-devel] Segmentation fault (core dumped)

[Rekha SR]

Hello all,

I ran OKL4 and got an image file as output.

I am trying to run OKL4 image by using QEMU.

I didn't use "-start-addr 0x0790" option.

I used the below command.

*# qemu-system-arm -M versatileab -nographic -kernel
build.nano-debug/images/image.elf*
*Segmentation fault (core dumped)*

Got this error.

Do you have any idea about this error?

Please help me

Thanks in Advance

[Qemu-devel] [PATCH] target-mips: fix mips16 MULT/DIV (broken by ASE_DSP)

[Leon Yu]

using bit[11-12] of opcode as acc is not correct for ASE_MIPS16 instructions.
doing so generates RI/DSPDIS exception when decoding MIPS16 MULT/DIV.

Signed-off-by: Leon Yu 
---
 target-mips/translate.c |   14 +++---
 1 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/target-mips/translate.c b/target-mips/translate.c
index 4ee9615..c5834cd 100644
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@@ -2594,7 +2594,7 @@ static void gen_HILO (DisasContext *ctx, uint32_t opc, 
int reg)
 }
 
 if (opc == OPC_MFHI || opc == OPC_MFLO) {
-acc = ((ctx->opcode) >> 21) & 0x03;
+acc = (ctx->hflags & MIPS_HFLAG_M16) ? 0 : ((ctx->opcode) >> 21) & 
0x03;
 } else {
 acc = ((ctx->opcode) >> 11) & 0x03;
 }
@@ -2717,7 +2717,7 @@ static void gen_muldiv (DisasContext *ctx, uint32_t opc,
 {
 TCGv_i64 t2 = tcg_temp_new_i64();
 TCGv_i64 t3 = tcg_temp_new_i64();
-acc = ((ctx->opcode) >> 11) & 0x03;
+acc = (ctx->hflags & MIPS_HFLAG_M16) ? 0 : ((ctx->opcode) >> 11) & 
0x03;
 if (acc != 0) {
 check_dsp(ctx);
 }
@@ -2739,7 +2739,7 @@ static void gen_muldiv (DisasContext *ctx, uint32_t opc,
 {
 TCGv_i64 t2 = tcg_temp_new_i64();
 TCGv_i64 t3 = tcg_temp_new_i64();
-acc = ((ctx->opcode) >> 11) & 0x03;
+acc = (ctx->hflags & MIPS_HFLAG_M16) ? 0 : ((ctx->opcode) >> 11) & 
0x03;
 if (acc != 0) {
 check_dsp(ctx);
 }
@@ -2803,7 +2803,7 @@ static void gen_muldiv (DisasContext *ctx, uint32_t opc,
 {
 TCGv_i64 t2 = tcg_temp_new_i64();
 TCGv_i64 t3 = tcg_temp_new_i64();
-acc = ((ctx->opcode) >> 11) & 0x03;
+acc = (ctx->hflags & MIPS_HFLAG_M16) ? 0 : ((ctx->opcode) >> 11) & 
0x03;
 if (acc != 0) {
 check_dsp(ctx);
 }
@@ -2827,7 +2827,7 @@ static void gen_muldiv (DisasContext *ctx, uint32_t opc,
 {
 TCGv_i64 t2 = tcg_temp_new_i64();
 TCGv_i64 t3 = tcg_temp_new_i64();
-acc = ((ctx->opcode) >> 11) & 0x03;
+acc = (ctx->hflags & MIPS_HFLAG_M16) ? 0 : ((ctx->opcode) >> 11) & 
0x03;
 if (acc != 0) {
 check_dsp(ctx);
 }
@@ -2853,7 +2853,7 @@ static void gen_muldiv (DisasContext *ctx, uint32_t opc,
 {
 TCGv_i64 t2 = tcg_temp_new_i64();
 TCGv_i64 t3 = tcg_temp_new_i64();
-acc = ((ctx->opcode) >> 11) & 0x03;
+acc = (ctx->hflags & MIPS_HFLAG_M16) ? 0 : ((ctx->opcode) >> 11) & 
0x03;
 if (acc != 0) {
 check_dsp(ctx);
 }
@@ -2877,7 +2877,7 @@ static void gen_muldiv (DisasContext *ctx, uint32_t opc,
 {
 TCGv_i64 t2 = tcg_temp_new_i64();
 TCGv_i64 t3 = tcg_temp_new_i64();
-acc = ((ctx->opcode) >> 11) & 0x03;
+acc = (ctx->hflags & MIPS_HFLAG_M16) ? 0 : ((ctx->opcode) >> 11) & 
0x03;
 if (acc != 0) {
 check_dsp(ctx);
 }
-- 
1.7.0.4

[Qemu-devel] [PATCH] machine: correct macro name for default boot_order

[liguang]

DEFAULT_MACHINE_OPTIONS is setting default boot_order,
while QEMUMachine already has default_machine_opts
to encapsulate some default options, so change it to
DEFAULT_MACHINE_BOOT_ORDER.

Signed-off-by: liguang 
---
 hw/alpha_dp264.c  |2 +-
 hw/an5206.c   |2 +-
 hw/axis_dev88.c   |2 +-
 hw/boards.h   |2 +-
 hw/collie.c   |2 +-
 hw/dummy_m68k.c   |2 +-
 hw/exynos4_boards.c   |4 ++--
 hw/gumstix.c  |4 ++--
 hw/highbank.c |2 +-
 hw/integratorcp.c |2 +-
 hw/kzm.c  |2 +-
 hw/leon3.c|2 +-
 hw/lm32_boards.c  |4 ++--
 hw/mainstone.c|2 +-
 hw/mcf5208.c  |2 +-
 hw/milkymist.c|2 +-
 hw/mips_fulong2e.c|2 +-
 hw/mips_jazz.c|4 ++--
 hw/mips_malta.c   |2 +-
 hw/mips_mipssim.c |2 +-
 hw/mips_r4k.c |2 +-
 hw/musicpal.c |2 +-
 hw/nseries.c  |4 ++--
 hw/null-machine.c |2 +-
 hw/omap_sx1.c |4 ++--
 hw/openrisc_sim.c |2 +-
 hw/palm.c |2 +-
 hw/pc_piix.c  |   26 +-
 hw/pc_q35.c   |2 +-
 hw/petalogix_ml605_mmu.c  |2 +-
 hw/petalogix_s3adsp1800_mmu.c |2 +-
 hw/ppc/e500plat.c |2 +-
 hw/ppc/mac_newworld.c |2 +-
 hw/ppc/mac_oldworld.c |2 +-
 hw/ppc/mpc8544ds.c|2 +-
 hw/ppc/prep.c |2 +-
 hw/ppc405_boards.c|4 ++--
 hw/ppc440_bamboo.c|2 +-
 hw/puv3.c |2 +-
 hw/r2d.c  |2 +-
 hw/realview.c |8 
 hw/s390x/s390-virtio-ccw.c|2 +-
 hw/s390x/s390-virtio.c|2 +-
 hw/shix.c |2 +-
 hw/spitz.c|8 
 hw/stellaris.c|4 ++--
 hw/sun4m.c|   24 
 hw/sun4u.c|6 +++---
 hw/tosa.c |2 +-
 hw/versatilepb.c  |4 ++--
 hw/vexpress.c |4 ++--
 hw/virtex_ml507.c |2 +-
 hw/xen_machine_pv.c   |2 +-
 hw/xilinx_zynq.c  |2 +-
 hw/xtensa_lx60.c  |4 ++--
 hw/xtensa_sim.c   |2 +-
 hw/z2.c   |2 +-
 57 files changed, 99 insertions(+), 99 deletions(-)

diff --git a/hw/alpha_dp264.c b/hw/alpha_dp264.c
index 1cd549c..643d236 100644
--- a/hw/alpha_dp264.c
+++ b/hw/alpha_dp264.c
@@ -171,7 +171,7 @@ static QEMUMachine clipper_machine = {
 .init = clipper_init,
 .max_cpus = 4,
 .is_default = 1,
-DEFAULT_MACHINE_OPTIONS,
+DEFAULT_MACHINE_BOOT_ORDER,
 };
 
 static void clipper_machine_init(void)
diff --git a/hw/an5206.c b/hw/an5206.c
index 924be81..fb132a4 100644
--- a/hw/an5206.c
+++ b/hw/an5206.c
@@ -89,7 +89,7 @@ static QEMUMachine an5206_machine = {
 .name = "an5206",
 .desc = "Arnewsh 5206",
 .init = an5206_init,
-DEFAULT_MACHINE_OPTIONS,
+DEFAULT_MACHINE_BOOT_ORDER,
 };
 
 static void an5206_machine_init(void)
diff --git a/hw/axis_dev88.c b/hw/axis_dev88.c
index dd37fa1..002025f 100644
--- a/hw/axis_dev88.c
+++ b/hw/axis_dev88.c
@@ -355,7 +355,7 @@ static QEMUMachine axisdev88_machine = {
 .desc = "AXIS devboard 88",
 .init = axisdev88_init,
 .is_default = 1,
-DEFAULT_MACHINE_OPTIONS,
+DEFAULT_MACHINE_BOOT_ORDER,
 };
 
 static void axisdev88_machine_init(void)
diff --git a/hw/boards.h b/hw/boards.h
index 3813d4e..6ed38a1 100644
--- a/hw/boards.h
+++ b/hw/boards.h
@@ -6,7 +6,7 @@
 #include "sysemu/blockdev.h"
 #include "qdev.h"
 
-#define DEFAULT_MACHINE_OPTIONS \
+#define DEFAULT_MACHINE_BOOT_ORDER \
 .boot_order = "cad"
 
 typedef struct QEMUMachineInitArgs {
diff --git a/hw/collie.c b/hw/collie.c
index d19db59..68e8a1a 100644
--- a/hw/collie.c
+++ b/hw/collie.c
@@ -62,7 +62,7 @@ static QEMUMachine collie_machine = {
 .name = "collie",
 .desc = "Collie PDA (SA-1110)",
 .init = collie_init,
-DEFAULT_MACHINE_OPTIONS,
+DEFAULT_MACHINE_BOOT_ORDER,
 };
 
 static void collie_machine_init(void)
diff --git a/hw/dummy_m68k.c b/hw/dummy_m68k.c
index 3a88805..5d72bb0 100644
--- a/hw/dummy_m68k.c
+++ b/hw/dummy_m68k.c
@@ -73,7 +73,7 @@ static QEMUMachine dummy_m68k_machine = {
 .name = "dummy",
 .desc = "Dummy board",
 .init = dummy_m68k_init,
-DEFAULT_MACHINE_OPTIONS,
+DEFAULT_MACHINE_BOOT_ORDER,
 };
 
 static void dummy_m68k_machine_init(void)
diff --git a/hw/exynos4_boards.c b/hw/exynos4_boards.c
index b59e6aa..aeee2cf 100644
--- a/hw/exynos4_boards.c
+++ b/hw/exynos4_boards.c
@@ -150,14 +150,14 @@ static QEMUMachine 
exyno

[Qemu-devel] [PATCH v2 2/2] migration: add migrate_set_state(), add trace_migrate_set_state()

[Kazuya Saito]

Signed-off-by: Kazuya Saito 
---
 include/migration/migration.h |2 ++
 migration.c   |   19 +--
 trace-events  |3 +++
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index a8c9639..3d8b2a8 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -132,4 +132,6 @@ int migrate_use_xbzrle(void);
 int64_t migrate_xbzrle_cache_size(void);

 int64_t xbzrle_cache_resize(int64_t new_size);
+
+void migrate_set_state(MigrationState *s, int new_state);
 #endif
diff --git a/migration.c b/migration.c
index b1ebb01..c52d634 100644
--- a/migration.c
+++ b/migration.c
@@ -23,6 +23,7 @@
 #include "migration/block.h"
 #include "qemu/thread.h"
 #include "qmp-commands.h"
+#include "trace.h"

 //#define DEBUG_MIGRATION

@@ -277,7 +278,7 @@ static int migrate_fd_cleanup(MigrationState *s)
 void migrate_fd_error(MigrationState *s)
 {
 DPRINTF("setting error state\n");
-s->state = MIG_STATE_ERROR;
+migrate_set_state(s, MIG_STATE_ERROR);
 notifier_list_notify(&migration_state_notifiers, s);
 migrate_fd_cleanup(s);
 }
@@ -286,9 +287,9 @@ static void migrate_fd_completed(MigrationState *s)
 {
 DPRINTF("setting completed state\n");
 if (migrate_fd_cleanup(s) < 0) {
-s->state = MIG_STATE_ERROR;
+migrate_set_state(s, MIG_STATE_ERROR);
 } else {
-s->state = MIG_STATE_COMPLETED;
+migrate_set_state(s, MIG_STATE_COMPLETED);
 runstate_set(RUN_STATE_POSTMIGRATE);
 }
 notifier_list_notify(&migration_state_notifiers, s);
@@ -320,7 +321,7 @@ static void migrate_fd_cancel(MigrationState *s)

 DPRINTF("cancelling migration\n");

-s->state = MIG_STATE_CANCELLED;
+migrate_set_state(s, MIG_STATE_CANCELLED);
 notifier_list_notify(&migration_state_notifiers, s);
 qemu_savevm_state_cancel();

@@ -381,7 +382,7 @@ static MigrationState *migrate_init(const
MigrationParams *params)
 s->xbzrle_cache_size = xbzrle_cache_size;

 s->bandwidth_limit = bandwidth_limit;
-s->state = MIG_STATE_SETUP;
+migrate_set_state(s, MIG_STATE_SETUP);
 s->total_time = qemu_get_clock_ms(rt_clock);

 return s;
@@ -769,7 +770,7 @@ static const QEMUFileOps buffered_file_ops = {

 void migrate_fd_connect(MigrationState *s)
 {
-s->state = MIG_STATE_ACTIVE;
+migrate_set_state(s, MIG_STATE_ACTIVE);
 s->bytes_xfer = 0;
 s->buffer = NULL;
 s->buffer_size = 0;
@@ -784,3 +785,9 @@ void migrate_fd_connect(MigrationState *s)
QEMU_THREAD_DETACHED);
 notifier_list_notify(&migration_state_notifiers, s);
 }
+
+void migrate_set_state(MigrationState *s, int new_state)
+{
+s->state = new_state;
+trace_migrate_set_state(new_state);
+}
diff --git a/trace-events b/trace-events
index bf508f0..1be907e 100644
--- a/trace-events
+++ b/trace-events
@@ -1091,3 +1091,6 @@ css_io_interrupt(int cssid, int ssid, int schid,
uint32_t intparm, uint8_t isc,
 # hw/s390x/virtio-ccw.c
 virtio_ccw_interpret_ccw(int cssid, int ssid, int schid, int cmd_code)
"VIRTIO-CCW: %x.%x.%04x: interpret command %x"
 virtio_ccw_new_device(int cssid, int ssid, int schid, int devno, const
char *devno_mode) "VIRTIO-CCW: add subchannel %x.%x.%04x, devno %04x (%s)"
+
+# migration.c
+migrate_set_state(int new_state) "new state %d"
-- 
1.7.1

[Qemu-devel] [PATCH v2 1/2] vl: add trace_runstate_set()

[Kazuya Saito]

Signed-off-by: Kazuya Saito 
---
 trace-events |1 +
 vl.c |2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/trace-events b/trace-events
index 1011f27..bf508f0 100644
--- a/trace-events
+++ b/trace-events
@@ -472,6 +472,7 @@ scsi_request_sense(int target, int lun, int tag)
"target %d lun %d tag %d"

 # vl.c
 vm_state_notify(int running, int reason) "running %d reason %d"
+runstate_set(int new_state) "new state %d"

 # block/qcow2.c
 qcow2_writev_start_req(void *co, int64_t sector, int nb_sectors) "co %p
sector %" PRIx64 " nb_sectors %d"
diff --git a/vl.c b/vl.c
index c5b0eea..30d8b46 100644
--- a/vl.c
+++ b/vl.c
@@ -612,7 +612,7 @@ void runstate_set(RunState new_state)
 RunState_lookup[new_state]);
 abort();
 }
-
+trace_runstate_set(new_state);
 current_run_state = new_state;
 }

-- 
1.7.1

[Qemu-devel] [PATCH v2 0/2] Add some tracepoints for live migration

[Kazuya Saito]

This series adds tracepoints about state transition of VM to get
information of live migration. I fixed the function names to
"migrate_" prefix as Stefan pointed out[1] and tested it.

The previous version[2] doesn't seem to be taken in qemu tree, so
if this version is better, please take it in.

[1]: http://lists.gnu.org/archive/html/qemu-devel/2013-02/msg01198.html
[2]: http://lists.gnu.org/archive/html/qemu-devel/2013-02/msg00775.html


Kazuya Saito (2):
  vl: add trace_runstate_set()
  migration: add migrate_set_state(), add trace_migrate_set_state()

 include/migration/migration.h |2 ++
 migration.c   |   19 +--
 trace-events  |4 
 vl.c  |2 +-
 4 files changed, 20 insertions(+), 7 deletions(-)

[Qemu-devel] [PATCH v1 6/6] xilinx_zynq: Add i2c components

[Peter Crosthwaite]

Add the I2C controllers/switches and EEPROMs attached to Zynq boards.

Signed-off-by: Peter Crosthwaite 
---

 hw/xilinx_zynq.c |   30 ++
 1 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/hw/xilinx_zynq.c b/hw/xilinx_zynq.c
index 311f791..2608015 100644
--- a/hw/xilinx_zynq.c
+++ b/hw/xilinx_zynq.c
@@ -25,6 +25,7 @@
 #include "sysemu/blockdev.h"
 #include "loader.h"
 #include "ssi.h"
+#include "i2c.h"
 
 #define NUM_SPI_FLASHES 4
 #define NUM_QSPI_FLASHES 2
@@ -33,6 +34,8 @@
 #define FLASH_SIZE (64 * 1024 * 1024)
 #define FLASH_SECTOR_SIZE (128 * 1024)
 
+#define NUM_I2C_EEPROMS 2
+
 #define IRQ_OFFSET 32 /* pic interrupts start from index 32 */
 
 static struct arm_boot_info zynq_binfo = {};
@@ -93,6 +96,30 @@ static inline void zynq_init_spi_flashes(uint32_t base_addr, 
qemu_irq irq,
 
 }
 
+static inline void zynq_init_zc70x_i2c(uint32_t base_addr, qemu_irq irq)
+{
+DeviceState *dev = sysbus_create_simple("cadence.i2c", base_addr, irq);
+i2c_bus *i2c = (i2c_bus *)qdev_get_child_bus(dev, "i2c");
+int i, bus;
+
+dev = i2c_create_slave(i2c, "pca9548", 0);
+for (bus = 2; bus <= 3; bus++) {
+char bus_name[16];
+
+snprintf(bus_name, sizeof(bus_name), "i2c%d", bus);
+i2c = (i2c_bus *)qdev_get_child_bus(dev, bus_name);
+assert(i2c);
+
+assert(NUM_I2C_EEPROMS <= 2); /* not enough address space for anymore 
*/
+for (i = 0; i < NUM_I2C_EEPROMS; ++i) {
+DeviceState *eeprom_dev = i2c_create_slave_no_init(i2c, "m24cxx",
+   0x50 + 0x4 * i);
+qdev_prop_set_uint16(eeprom_dev, "size", 1024); /* M24C08 */
+qdev_init_nofail(eeprom_dev);
+}
+}
+}
+
 static void zynq_init(QEMUMachineInitArgs *args)
 {
 ram_addr_t ram_size = args->ram_size;
@@ -163,6 +190,9 @@ static void zynq_init(QEMUMachineInitArgs *args)
 pic[n] = qdev_get_gpio_in(dev, n);
 }
 
+zynq_init_zc70x_i2c(0xE0004000, pic[57-IRQ_OFFSET]);
+zynq_init_zc70x_i2c(0xE0005000, pic[80-IRQ_OFFSET]);
+
 zynq_init_spi_flashes(0xE0006000, pic[58-IRQ_OFFSET], false);
 zynq_init_spi_flashes(0xE0007000, pic[81-IRQ_OFFSET], false);
 zynq_init_spi_flashes(0xE000D000, pic[51-IRQ_OFFSET], true);
-- 
1.7.0.4

[Qemu-devel] [PATCH v1 5/6] hw: pca9548: Device model

[Peter Crosthwaite]

Initial version of device model for PCA9548 8 way I2C switch.

Signed-off-by: Peter Crosthwaite 
---

 default-configs/arm-softmmu.mak |1 +
 hw/Makefile.objs|1 +
 hw/pca9548.c|  229 +++
 3 files changed, 231 insertions(+), 0 deletions(-)
 create mode 100644 hw/pca9548.c

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 9114382..27f2a19 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -27,6 +27,7 @@ CONFIG_LAN9118=y
 CONFIG_SMC91C111=y
 CONFIG_DS1338=y
 CONFIG_M24CXX=y
+CONFIG_PCA9548=y
 CONFIG_PFLASH_CFI01=y
 CONFIG_PFLASH_CFI02=y
 
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index dc75c9f..56f1c00 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -179,6 +179,7 @@ common-obj-$(CONFIG_MAX111X) += max111x.o
 common-obj-$(CONFIG_DS1338) += ds1338.o
 common-obj-y += i2c.o smbus.o smbus_eeprom.o
 common-obj-$(CONFIG_M24CXX) += m24cxx.o
+common-obj-$(CONFIG_PCA9548) += pca9548.o
 common-obj-y += eeprom93xx.o
 common-obj-y += scsi-disk.o cdrom.o hd-geometry.o block-common.o
 common-obj-y += scsi-generic.o scsi-bus.o
diff --git a/hw/pca9548.c b/hw/pca9548.c
new file mode 100644
index 000..c1d57ae
--- /dev/null
+++ b/hw/pca9548.c
@@ -0,0 +1,229 @@
+/*
+ * PCA9548 I2C Switch Dummy model
+ *
+ * Copyright (c) 2012 Xilinx Inc.
+ * Copyright (c) 2012 Peter Crosthwaite 
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "i2c.h"
+#include "hw.h"
+#include "sysemu/blockdev.h"
+
+#ifndef PCA9548_DEBUG
+#define PCA9548_DEBUG 0
+#endif
+#define DB_PRINT(fmt, args...) do {\
+if (PCA9548_DEBUG) {\
+fprintf(stderr, "PCA9548: "fmt, ## args);\
+} \
+} while (0);
+
+#define NUM_BUSSES 8
+#define pca9548_CONTROL_ADDR 0x74
+
+typedef struct {
+I2CSlave i2c;
+i2c_bus *busses[NUM_BUSSES];
+
+/*state */
+uint8_t control_reg;
+enum i2c_event event;
+bool control_decoded;
+
+uint8_t chip_enable; /*property */
+} PCA9548State;
+
+#define TYPE_PCA9548 "pca-9548"
+
+#define PCA9548(obj) \
+ OBJECT_CHECK(PCA9548State, (obj), TYPE_PCA9548)
+
+static void pca9548_reset(DeviceState *dev)
+{
+PCA9548State *s = PCA9548(dev);
+
+s->control_reg = 0;
+}
+
+static int pca9548_recv(I2CSlave *i2c)
+{
+PCA9548State *s = PCA9548(i2c);
+int i;
+int ret = 0;
+
+if (s->control_decoded) {
+ret |= s->control_reg;
+DB_PRINT("returning control register: %x\n", ret);
+} else {
+for (i = 0; i < NUM_BUSSES; ++i) {
+if (s->control_reg & (1 << i)) {
+ret |= i2c_recv(s->busses[i]);
+DB_PRINT("recieving from active bus %d:%x\n", i, ret);
+}
+}
+}
+
+return ret;
+}
+
+static int pca9548_send(I2CSlave *i2c, uint8_t data)
+{
+PCA9548State *s = PCA9548(i2c);
+int i;
+int ret = -1;
+
+if (s->control_decoded) {
+DB_PRINT("setting control register: %x\n", data);
+s->control_reg = data;
+ret = 0;
+} else {
+for (i = 0; i < NUM_BUSSES; ++i) {
+if (s->control_reg & (1 << i)) {
+DB_PRINT("sending to active bus %d:%x\n", i, data);
+ret &= i2c_send(s->busses[i], data);
+}
+}
+}
+
+return ret;
+}
+
+static void pca9548_event(I2CSlave *i2c, enum i2c_event event)
+{
+PCA9548State *s = PCA9548(i2c);
+int i;
+
+s->event = event;
+for (i = 0; i < NUM_BUSSES; ++i) {
+if (s->control_reg & (1 << i)) {
+switch (event) {
+/* defer START conditions until we have an address */
+case I2C_START_SEND:
+case I2C_START_RECV:
+break;
+/* Forward others to sub busses */
+case I2C_FINISH:
+if (!s->control_decoded) {
+DB_PRINT("stopping active bus %d\n", i);
+i2c_end_transfer(s->busses[i]);
+}
+break;
+case I2C_NACK:
+if (!s->control_decoded) {
+DB_PRINT("nacking active bus %d\n", i);
+i2c_nack(s->busses[i]);
+}
+break;
+}
+}
+}
+}
+
+static void pca9548_decode_address(I2CSlave *i2c, uint8_t address)
+{
+ 

[Qemu-devel] [PATCH v1 3/6] cadence_i2c: first revision

[Peter Crosthwaite]

Cadence I2C controller as current implemented in Xilinx Zynq.

Signed-off-by: Peter Crosthwaite 
---

 hw/Makefile.objs |1 +
 hw/cadence_i2c.c |  388 ++
 2 files changed, 389 insertions(+), 0 deletions(-)
 create mode 100644 hw/cadence_i2c.c

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 447e32a..6b278cc 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -101,6 +101,7 @@ common-obj-$(CONFIG_VERSATILE_I2C) += versatile_i2c.o
 common-obj-$(CONFIG_CADENCE) += cadence_uart.o
 common-obj-$(CONFIG_CADENCE) += cadence_ttc.o
 common-obj-$(CONFIG_CADENCE) += cadence_gem.o
+common-obj-$(CONFIG_CADENCE) += cadence_i2c.o
 common-obj-$(CONFIG_XGMAC) += xgmac.o
 
 # PCI watchdog devices
diff --git a/hw/cadence_i2c.c b/hw/cadence_i2c.c
new file mode 100644
index 000..2052ab5
--- /dev/null
+++ b/hw/cadence_i2c.c
@@ -0,0 +1,388 @@
+/*
+ *  Cadence I2C controller
+ *
+ *  Copyright (C) 2012 Xilinx Inc.
+ *  Copyright (C) 2012 Peter Crosthwaite 
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "qemu/bitops.h"
+#include "qemu/timer.h"
+#include "sysbus.h"
+#include "i2c.h"
+#include "fifo.h"
+#include "qemu/log.h"
+
+#define TYPE_CADENCE_I2C  "cadence.i2c"
+#define CADENCE_I2C(obj)  \
+OBJECT_CHECK(CadenceI2CState, (obj), TYPE_CADENCE_I2C)
+
+/* Cadence I2C memory map */
+#define R_CONTROL(0x00 / 4)
+#define CONTROL_DIV_A_SHIFT  14
+#define CONTROL_DIV_A_WIDTH  2
+#define CONTROL_DIV_B_SHIFT  8
+#define CONTROL_DIV_B_WIDTH  6
+#define CONTROL_CLR_FIFO (1 << 6)
+#define CONTROL_SLVMON   (1 << 5)
+#define CONTROL_HOLD (1 << 4)
+#define CONTROL_ACKEN(1 << 3)
+#define CONTROL_NEA  (1 << 2)
+#define CONTROL_MS   (1 << 1)
+#define CONTROL_RW   (1 << 0)
+#define R_STATUS (0x04 / 4)
+#define STATUS_BA(1 << 8)
+#define STATUS_RXOVF (1 << 7)
+#define STATUS_TXDV  (1 << 6)
+#define STATUS_RXDV  (1 << 5)
+#define STATUS_RXRW  (1 << 3)
+#define R_ADDRESS(0x08 / 4)
+#define R_DATA   (0x0C / 4)
+#define R_ISR(0x10 / 4)
+#define ISR_RX_UNF   (1 << 7)
+#define ISR_TX_OVF   (1 << 6)
+#define ISR_RX_OVF   (1 << 5)
+#define ISR_SLV_RDY  (1 << 4)
+#define ISR_TO   (1 << 3)
+#define ISR_NACK (1 << 2)
+#define ISR_DATA (1 << 1)
+#define ISR_COMP (1 << 0)
+#define R_TRANSFER_SIZE  (0x14 / 4)
+#define R_INTRPT_MASK(0x20 / 4)
+#define R_INTRPT_ENABLE  (0x24 / 4)
+#define R_INTRPT_DISABLE (0x28 / 4)
+#define R_MAX(R_INTRPT_DISABLE + 1)
+
+/* Just approximate for the moment */
+
+#define NS_PER_PCLK 10ull
+
+/* FIXME: this struct defintion is generic, may belong in bitops or somewhere
+ * like that
+ */
+
+typedef struct CadenceI2CRegInfo {
+const char *name;
+uint32_t ro;
+uint32_t wtc;
+uint32_t reset;
+int width;
+}  CadenceI2CRegInfo;
+
+static const CadenceI2CRegInfo cadence_i2c_reg_info[] = {
+[R_CONTROL]= {.name = "CONTROL", .width = 16,
+  .ro = CONTROL_CLR_FIFO | (1 << 7) },
+[R_STATUS] = {.name = "STATUS", .width = 9, .ro = ~0 },
+[R_ADDRESS]= {.name = "ADDRESS", .width = 10 },
+[R_DATA]   = {.name = "DATA", .width = 8 },
+[R_ISR]= {.name = "ISR", .width = 10, .wtc = 0x2FF,
+  .ro = 0x100 },
+[R_TRANSFER_SIZE]  = {.name = "TRANSFER_SIZE", .width = 8 },
+[R_INTRPT_MASK]= {.name = "INTRPT_MASK", .width = 10, .ro = ~0,
+  .reset = 0x2FF },
+[R_INTRPT_ENABLE]  = {.name = "INTRPT_ENABLE", .width = 10, .wtc = ~0 },
+[R_INTRPT_DISABLE] = {.name

Re: [Qemu-devel] [PATCH v3 1/6] RFC: Efficient VM backup for qemu

[Dietmar Maurer]

> > * Backup to a single archive file
> > * Backup contain all data to restore VM (full backup)
> > * Do not depend on storage type or image format
> > * Avoid use of temporary storage
> > * store sparse images efficiently
> 
> It is customary to send a 0/6 cover letter for details like this, rather than
> slamming it into the first patch (git send-email --cover-letter).

But how do I maintain the content of that cover-letter when it is not part of 
the git tree?

[Qemu-devel] [PATCH v1 0/6] Xilinx Zynq I2C

[Peter Crosthwaite]

Device models and machine model changed for the Xilinx Zynq I2C controller and
the devices attached to the ZC70x development boards.


Peter Crosthwaite (6):
  i2c: support address ranges
  i2c: Add no_init version of i2c_create_slave
  cadence_i2c: first revision
  hw: M24Cxx I2C EEPROM device model
  hw: pca9548: Device model
  xilinx_zynq: Add i2c components

 default-configs/arm-softmmu.mak |2 +
 hw/Makefile.objs|3 +
 hw/cadence_i2c.c|  388 +++
 hw/i2c.c|   25 ++-
 hw/i2c.h|8 +
 hw/m24cxx.c |  243 
 hw/pca9548.c|  229 +++
 hw/xilinx_zynq.c|   30 +++
 8 files changed, 923 insertions(+), 5 deletions(-)
 create mode 100644 hw/cadence_i2c.c
 create mode 100644 hw/m24cxx.c
 create mode 100644 hw/pca9548.c

Re: [Qemu-devel] [PATCH 2/3] spapr vfio: added support

[Alexey Kardashevskiy]

On 20/02/13 08:49, Alex Williamson wrote:

On Tue, 2013-02-19 at 18:43 +1100, Alexey Kardashevskiy wrote:

The patch adds the following functionality:

1. Implements VFIO-IOMMU host kernel driver support;

2. Implements interface between SPAPR TCE and VFIO via
sPAPRVFIOData's map/unmap hooks;

3. Implements PHB scan for devices within the same IOMMU group.

To use VFIO on spapr platform, the "spapr-pci-host-bridge" device needs
to be created with mandatory "index" and "iommu" properties such as:

-device spapr-pci-host-bridge,busname=USB,iommu=4,index=5

where:
"index" - PHB number which is used to build all other PHB properties
such as MMIO window, BUID, etc;
"iommu" - IOMMU ID which represents a Partitionable Endpoint.

Optional parameters are:
"forceaddr" - forces QEMU to assign device:function from the host address;
"multifunction" - enables multifunction what might make sense if the user
wants to use the configuration from the host in the guest such as
NEC USB PCI adapter which is visible as a single device with 3 PCI
functions, without this switch QEMU will create 3 device with 1 function
on each;


This is a confusing naming conflict with the generic PCI
multifunction=on option.


It is "mf" actually as you noticed already :) Is it still a problem?



"scan" - disables scan and lets the user put to QEMU only some devices
from PE;


The value passed to scan seems to be more than true/false.  Does it also
imply a depth?


0 - do not scan, 1 - scans device but not bridges, >=2 - scans everything.

With the code I post to maillists scan=2 does not work as the current 
system firmware (aka bios) reallocates buses (and it does it a bit 
different than the kernel) and breaks everything. I have some debug/hack 
patches to fix that (for the kernel or the firmware) but they have no 
chance to get through and for now it is simpler just to skip bridges. But I 
hope one day it will just work :)




"busname" - name of the bus, it used to connect vfio-pci devices with
a PHB when scan is disabled.


Doesn't PCI just use "id" for this?  I'm not sure we need another way to
name a bus.


Hm. I thought it is only for PCI (and spapr-pci-host-bridge is not a PCI 
device but a host bridge) but actually every device in QEMU has "id". Will 
rework.




If scan is disabled, no PCI device is automatically added and the user
has to add them manuall as in the example below which adds PHB and
3 PCI devices::

  -device spapr-pci-host-bridge,busname=USB,iommu=4,scan=0,index=5 \
  -device vfio-pci,host=4:0:1.0,addr=1.0,bus=USB,multifunction=true \
  -device vfio-pci,host=4:0:1.1,addr=1.1 \
  -device vfio-pci,host=4:0:1.2,addr=1.2


Functions 1 & 2 require bus= as well, right?  Otherwise they'd end up on
bus 0?


True. I have to rework commit message a lot. Sorry.



I'd be a bit concerned about the namespace and overlaps of the
parameters you're adding to spapr-pci-host-bridge.  For instance, scan
invokes vfio, but you don't really know that from the option.  forceaddr
seems to imply multifunction, but either only means anything with scan !
= 0.


"forceaddr" could force multifunction but if there are 3 single function 
devices (00:00.0, 00:01.0, 00:02.0) which I want to keep addresses for, I 
would like not to set "multifunction" bit for them (no real reason, just 
not sure if it is harmless to set multifunction when it is not).




Cc: David Gibson 
Signed-off-by: Alexey Kardashevskiy 
---
  hw/spapr.h |4 ++
  hw/spapr_iommu.c   |  111 ++
  hw/spapr_iommu_vfio.h  |   34 
  hw/spapr_pci.c |  129 +---
  hw/spapr_pci.h |6 +++
  hw/vfio_pci.c  |   62 +
  linux-headers/linux/vfio.h |   27 ++
  trace-events   |6 ++-
  8 files changed, 370 insertions(+), 9 deletions(-)
  create mode 100644 hw/spapr_iommu_vfio.h


This should be at least 3 patches.  One that updates linux-headers via
scripts/update-linux-headers.sh (all of it, not piecemeal updates), one
that adds spapr backing, and one that enables vfio support.



Since vfio.h is already in scripts/update-linux-headers.sh, I simply keep 
linux-headers/linux/vfio.h and scripts/update-linux-headers.sh untouched, 
right?


[no more comments]





diff --git a/hw/spapr.h b/hw/spapr.h
index bc0cd27..0ecfae2 100644
--- a/hw/spapr.h
+++ b/hw/spapr.h
@@ -3,6 +3,7 @@

  #include "dma.h"
  #include "hw/xics.h"
+#include "hw/spapr_iommu_vfio.h"

  struct VIOsPAPRBus;
  struct sPAPRPHBState;
@@ -406,4 +407,7 @@ int spapr_dma_dt(void *fdt, int node_off, const char 
*propname,
  int spapr_tcet_dma_dt(void *fdt, int node_off, const char *propname,
DMAContext *dma);

+DMAContext *spapr_vfio_init_dma(uint32_t liobn, int iommu_id,
+sPAPRVFIOData *data);
+
  #endif /* !defined (__HW_SPAPR_H__) */
diff --git a/hw/spapr_iommu.c b/hw/spapr_iommu.c
i

[Qemu-devel] [PATCH v1 4/6] hw: M24Cxx I2C EEPROM device model

[Peter Crosthwaite]

Device model for the ST M24Cxx I2C EEPROM devices. Device can optionally be
backed onto a file for persistent storage (using -mtd-block).

Signed-off-by: Peter Crosthwaite 
---

 default-configs/arm-softmmu.mak |1 +
 hw/Makefile.objs|1 +
 hw/m24cxx.c |  243 +++
 3 files changed, 245 insertions(+), 0 deletions(-)
 create mode 100644 hw/m24cxx.c

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 2f1a5c9..9114382 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -26,6 +26,7 @@ CONFIG_SSI_M25P80=y
 CONFIG_LAN9118=y
 CONFIG_SMC91C111=y
 CONFIG_DS1338=y
+CONFIG_M24CXX=y
 CONFIG_PFLASH_CFI01=y
 CONFIG_PFLASH_CFI02=y
 
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 6b278cc..dc75c9f 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -178,6 +178,7 @@ common-obj-$(CONFIG_ADS7846) += ads7846.o
 common-obj-$(CONFIG_MAX111X) += max111x.o
 common-obj-$(CONFIG_DS1338) += ds1338.o
 common-obj-y += i2c.o smbus.o smbus_eeprom.o
+common-obj-$(CONFIG_M24CXX) += m24cxx.o
 common-obj-y += eeprom93xx.o
 common-obj-y += scsi-disk.o cdrom.o hd-geometry.o block-common.o
 common-obj-y += scsi-generic.o scsi-bus.o
diff --git a/hw/m24cxx.c b/hw/m24cxx.c
new file mode 100644
index 000..567b820
--- /dev/null
+++ b/hw/m24cxx.c
@@ -0,0 +1,243 @@
+/*
+ * ST m24Cxx I2C EEPROMs
+ *
+ * Copyright (c) 2012 Xilinx Inc.
+ * Copyright (c) 2012 Peter Crosthwaite 
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "i2c.h"
+#include "hw.h"
+#include "sysemu/blockdev.h"
+
+#ifndef M24CXX_DEBUG
+#define M24CXX_DEBUG 0
+#endif
+#define DB_PRINT(fmt, args...) do {\
+if (M24CXX_DEBUG) {\
+fprintf(stderr, "M24CXX: %s:" fmt, __func__, ## args);\
+} \
+} while (0);
+
+typedef enum {
+STOPPED,
+ADDRESSING,
+READING,
+WRITING,
+} M24CXXXferState;
+
+const char *m24cxx_state_names[] = {
+[STOPPED] = "STOPPED",
+[ADDRESSING] = "ADDRESSING",
+[READING] = "READING",
+[WRITING] = "WRITING",
+};
+
+typedef struct {
+I2CSlave i2c;
+uint16_t cur_addr;
+uint8_t state;
+
+BlockDriverState *bdrv;
+uint16_t size;
+
+uint8_t *storage;
+} M24CXXState;
+
+#define TYPE_M24CXX "m24cxx"
+
+#define M24CXX(obj) \
+ OBJECT_CHECK(M24CXXState, (obj), TYPE_M24CXX)
+
+static void m24cxx_sync_complete(void *opaque, int ret)
+{
+/* do nothing. Masters do not directly interact with the backing store,
+ * only the working copy so no mutexing required.
+ */
+}
+
+static void m24cxx_sync(I2CSlave *i2c)
+{
+M24CXXState *s = M24CXX(i2c);
+int64_t nb_sectors;
+QEMUIOVector iov;
+
+if (!s->bdrv) {
+return;
+}
+
+/* the device is so small, just sync the whole thing */
+nb_sectors = DIV_ROUND_UP(s->size, BDRV_SECTOR_SIZE);
+qemu_iovec_init(&iov, 1);
+qemu_iovec_add(&iov, s->storage, nb_sectors * BDRV_SECTOR_SIZE);
+bdrv_aio_writev(s->bdrv, 0, &iov, nb_sectors, m24cxx_sync_complete, NULL);
+}
+
+static void m24cxx_reset(DeviceState *dev)
+{
+M24CXXState *s = M24CXX(dev);
+
+m24cxx_sync(I2C_SLAVE(s));
+s->state = STOPPED;
+s->cur_addr = 0;
+}
+
+static int m24cxx_recv(I2CSlave *i2c)
+{
+M24CXXState *s = M24CXX(i2c);
+int ret = 0;
+
+if (s->state == READING) {
+ret = s->storage[s->cur_addr++];
+DB_PRINT("storage %x <-> %x\n", s->cur_addr-1, ret);
+s->cur_addr %= s->size;
+} else {
+/* should be impossible even with a degenerate guest */
+qemu_log_mask(LOG_GUEST_ERROR, "read from m24cxx not in read state");
+}
+DB_PRINT("data: %02x\n", ret);
+return ret;
+}
+
+static int m24cxx_send(I2CSlave *i2c, uint8_t data)
+{
+M24CXXState *s = M24CXX(i2c);
+
+switch (s->state) {
+case (ADDRESSING):
+s->cur_addr &= ~0xFF;
+s->cur_addr |= data;
+DB_PRINT("setting address to %x\n", s->cur_addr);
+s->state = WRITING;
+return 0;
+case (WRITING):
+DB_PRINT("storage %x <-> %x\n", s->cur_addr, data);
+s->storage[s->cur_addr++] = data;
+s->cur_addr %= s->size;
+return 0;
+default:
+DB_PRINT("write to m24cxx not in writable state\n");
+qemu_log_mask(LOG_GUEST_ERROR, "write to m24cxx not in writable 
state");
+  

[Qemu-devel] [PATCH v1 2/6] i2c: Add no_init version of i2c_create_slave

[Peter Crosthwaite]

Add a version of i2c_create_slave that does not qdev init the created device.
This give the machine model a chance to set properites of the created device
before qdev_init time. Based on equivalent function in ssi.c.

Signed-off-by: Peter Crosthwaite 
---

 hw/i2c.c |   11 ++-
 hw/i2c.h |2 ++
 2 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/hw/i2c.c b/hw/i2c.c
index a9004e6..db2a5d9 100644
--- a/hw/i2c.c
+++ b/hw/i2c.c
@@ -216,12 +216,21 @@ static int i2c_slave_qdev_init(DeviceState *dev)
 return sc->init(s);
 }
 
-DeviceState *i2c_create_slave(i2c_bus *bus, const char *name, uint8_t addr)
+
+DeviceState *i2c_create_slave_no_init(i2c_bus *bus, const char *name,
+  uint8_t addr)
 {
 DeviceState *dev;
 
 dev = qdev_create(&bus->qbus, name);
 qdev_prop_set_uint8(dev, "address", addr);
+return dev;
+}
+
+DeviceState *i2c_create_slave(i2c_bus *bus, const char *name, uint8_t addr)
+{
+DeviceState *dev = i2c_create_slave_no_init(bus, name, addr);
+
 qdev_init_nofail(dev);
 return dev;
 }
diff --git a/hw/i2c.h b/hw/i2c.h
index 0021125..9f761bc 100644
--- a/hw/i2c.h
+++ b/hw/i2c.h
@@ -68,6 +68,8 @@ int i2c_recv(i2c_bus *bus);
 #define FROM_I2C_SLAVE(type, dev) DO_UPCAST(type, i2c, dev)
 
 DeviceState *i2c_create_slave(i2c_bus *bus, const char *name, uint8_t addr);
+DeviceState *i2c_create_slave_no_init(i2c_bus *bus, const char *name,
+  uint8_t addr);
 
 /* wm8750.c */
 void wm8750_data_req_set(DeviceState *dev,
-- 
1.7.0.4

[Qemu-devel] [PATCH v1 1/6] i2c: support address ranges

[Peter Crosthwaite]

Some I2C devices (eg m24c08) can decode a linear range of addresses
(e.g. 0b10100xx). Add the address_range field to I2C slave that specifies the
number of consecutive addresses the device decodes.

Signed-off-by: Peter Crosthwaite 
---

 hw/i2c.c |   14 ++
 hw/i2c.h |6 ++
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/hw/i2c.c b/hw/i2c.c
index ec314a4..a9004e6 100644
--- a/hw/i2c.c
+++ b/hw/i2c.c
@@ -19,6 +19,7 @@ struct i2c_bus
 
 static Property i2c_props[] = {
 DEFINE_PROP_UINT8("address", struct I2CSlave, address, 0),
+DEFINE_PROP_UINT8("address-range", struct I2CSlave, address_range, 1),
 DEFINE_PROP_END_OF_LIST(),
 };
 
@@ -93,7 +94,8 @@ int i2c_start_transfer(i2c_bus *bus, uint8_t address, int 
recv)
 QTAILQ_FOREACH(kid, &bus->qbus.children, sibling) {
 DeviceState *qdev = kid->child;
 I2CSlave *candidate = I2C_SLAVE(qdev);
-if (candidate->address == address) {
+if (address >= candidate->address &&
+address < candidate->address + candidate->address_range) {
 slave = candidate;
 break;
 }
@@ -110,6 +112,9 @@ int i2c_start_transfer(i2c_bus *bus, uint8_t address, int 
recv)
 if (sc->event) {
 sc->event(slave, recv ? I2C_START_RECV : I2C_START_SEND);
 }
+if (sc->decode_address) {
+sc->decode_address(slave, address);
+}
 return 0;
 }
 
@@ -192,12 +197,13 @@ static int i2c_slave_post_load(void *opaque, int 
version_id)
 
 const VMStateDescription vmstate_i2c_slave = {
 .name = "I2CSlave",
-.version_id = 1,
-.minimum_version_id = 1,
-.minimum_version_id_old = 1,
+.version_id = 2,
+.minimum_version_id = 2,
+.minimum_version_id_old = 2,
 .post_load = i2c_slave_post_load,
 .fields  = (VMStateField []) {
 VMSTATE_UINT8(address, I2CSlave),
+VMSTATE_UINT8(address_range, I2CSlave),
 VMSTATE_END_OF_LIST()
 }
 };
diff --git a/hw/i2c.h b/hw/i2c.h
index 0e80d5a..0021125 100644
--- a/hw/i2c.h
+++ b/hw/i2c.h
@@ -40,6 +40,11 @@ typedef struct I2CSlaveClass
 
 /* Notify the slave of a bus state change.  */
 void (*event)(I2CSlave *s, enum i2c_event event);
+
+/* Notify the slave what address was decoded. Only needed for slaves that
+ * decode multiple addresses. Called after event() for I2C_START_RECV/SEND
+ */
+void (*decode_address)(I2CSlave *s, uint8_t address);
 } I2CSlaveClass;
 
 struct I2CSlave
@@ -48,6 +53,7 @@ struct I2CSlave
 
 /* Remaining fields for internal use by the I2C code.  */
 uint8_t address;
+uint8_t address_range;
 };
 
 i2c_bus *i2c_init_bus(DeviceState *parent, const char *name);
-- 
1.7.0.4

Re: [Qemu-devel] [Qemu-stable] Patch queue for qemu-1.1.3 stable release

[Doug Goldstein]

On Mon, Feb 18, 2013 at 11:25 PM, Michael Tokarev  wrote:
> Hello.
>
> Since there's no interest in 1.1 series - neither from users nor
> from the official qemu maintainers, I'm cancelling this series.
>
> Thanks all.
>
> /mjt
>

I follow it for Gentoo support. I just didn't have feedback other than
"ah that's a good patch to use".

-- 
Doug Goldstein

[Qemu-devel] [PATCH v10 2/3] vl.c: allow for repeated -sd arguments

[Peter Crosthwaite]

Allows for repeating of -sd arguments in the same way as -pflash and -mtdblock.

Acked-by: Igor Mitsyanko 
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Crosthwaite 
---

 vl.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/vl.c b/vl.c
index c5b0eea..fb6ff1c 100644
--- a/vl.c
+++ b/vl.c
@@ -2986,7 +2986,7 @@ int main(int argc, char **argv, char **envp)
 drive_add(IF_MTD, -1, optarg, MTD_OPTS);
 break;
 case QEMU_OPTION_sd:
-drive_add(IF_SD, 0, optarg, SD_OPTS);
+drive_add(IF_SD, -1, optarg, SD_OPTS);
 break;
 case QEMU_OPTION_pflash:
 drive_add(IF_PFLASH, -1, optarg, PFLASH_OPTS);
-- 
1.7.0.4

[Qemu-devel] [PATCH v10 3/3] xilinx_zynq: Added SD controllers

[Peter Crosthwaite]

The Xilinx Zynq device has two SDHCI controllers. Added to the machine model.

Reviewed-by: Peter Maydell 
Signed-off-by: Peter Crosthwaite 
---

 hw/xilinx_zynq.c |   10 ++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/hw/xilinx_zynq.c b/hw/xilinx_zynq.c
index 311f791..39d9fb3 100644
--- a/hw/xilinx_zynq.c
+++ b/hw/xilinx_zynq.c
@@ -187,6 +187,16 @@ static void zynq_init(QEMUMachineInitArgs *args)
 }
 }
 
+dev = qdev_create(NULL, "generic-sdhci");
+qdev_init_nofail(dev);
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xE010);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[56-IRQ_OFFSET]);
+
+dev = qdev_create(NULL, "generic-sdhci");
+qdev_init_nofail(dev);
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xE0101000);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[79-IRQ_OFFSET]);
+
 zynq_binfo.ram_size = ram_size;
 zynq_binfo.kernel_filename = kernel_filename;
 zynq_binfo.kernel_cmdline = kernel_cmdline;
-- 
1.7.0.4

[Qemu-devel] [PATCH v10 0/3] Standard SD host controller model

[Peter Crosthwaite]

[Original cover by Igor]
First patch introduces standard SD host controller model. This is accumulated
version of my previous patch I sent a while ago and a recent SDHCI patch by
Peter A. G. Crosthwaite.

Second patch changes the -sd command line argument to be repeatable, to support
multiple SD controllers in one system. Third patch adds 2x SDHCI controllers to
the Xilinx Zynq machine

Changelog:
Changed from v9:
Changed init function ino realize function
Changed from v8:
Addressed Igor review
Changed from v6:
Dropped exynos4210 patch
Addressed PMM review
Changed from v5:
Igors IRQ changes RE PMM review.
Changed from v4:
Igors changes re PMM review (P1/2)
Typo in commit msg (P3)
removed redundant braces in P4
Changed from v3:
Rebased for new Makefile system
Fixed include guard in sdhci.h
Typos in commit messages
Changed from v2:
corrected typo errors in ADMA1 support
added patches 3-4
v1->v2
 PATCH1:
  add support for ADMA1 (I havn't tested it though).
  fixed s->prnsts <-> s->pwrcon typo (thanks to Peter, strange that it even
  worked before).
 PATCH2:
  change header prefix from "target-arm" to "exynos4210"


Igor Mitsyanko (1):
  hw: introduce standard SD host controller

Peter Crosthwaite (2):
  vl.c: allow for repeated -sd arguments
  xilinx_zynq: Added SD controllers

 default-configs/arm-softmmu.mak |2 +
 hw/Makefile.objs|1 +
 hw/sdhci.c  | 1300 +++
 hw/sdhci.h  |  312 ++
 hw/xilinx_zynq.c|   10 +
 vl.c|2 +-
 6 files changed, 1626 insertions(+), 1 deletions(-)
 create mode 100644 hw/sdhci.c
 create mode 100644 hw/sdhci.h

Re: [Qemu-devel] [PATCH v9 1/3] iov: Factor out hexdumper

[Peter Crosthwaite]

On Tue, Feb 19, 2013 at 6:35 PM, Gerd Hoffmann  wrote:
>   Hi,
>
>> I ran git blame on it and its actually Gerds code. Gerd you want
>> co-authorship and the (c) of this hexdump.c?
>
> Yes.
>
> And don't break iov_hexdump() behavior please.  I suggest to just
> iov_to_buf() into a temporary buffer, then pass that to a single hexdump
> call.

Done, thanks for the correction. Do you have a lightweight test vector
that exercises this? The iovec stuff in my areas is all limited to
single iovec element.  Interdiff below.

Regards,
Peter

When calling hexdump for each iovec element the buffer offsets
> printed are wrong for all but the first iovec element.
>
> cheers,
>   Gerd
>
>

diff --git a/util/hexdump.c b/util/hexdump.c
index 0bf0f38..0d0efc8 100644
--- a/util/hexdump.c
+++ b/util/hexdump.c
@@ -1,12 +1,11 @@
 /*
  * Helper to hexdump a buffer
  *
+ * Copyright (c) 2013 Red Hat, Inc.
+ * Copyright (c) 2013 Gerd Hoffmann 
  * Copyright (c) 2013 Peter Crosthwaite 
  * Copyright (c) 2013 Xilinx, Inc
  *
- * Based on git commit 3a1dca94d6dba00fe0fd4c4a28449f57e01b9b6c
- * Author: Gerd Hoffmann 
- *
  * This work is licensed under the terms of the GNU GPL, version 2.  See
  * the COPYING file in the top-level directory.
  *
diff --git a/util/iov.c b/util/iov.c
index 91d79ae..99f0b50 100644
--- a/util/iov.c
+++ b/util/iov.c
@@ -202,11 +202,16 @@ void iov_hexdump(const struct iovec *iov, const
unsigned int iov_cnt,
  FILE *fp, const char *prefix, size_t limit)
 {
 int v;
-for (v = 0; v < iov_cnt && limit; v++) {
-int size = limit < iov[v].iov_len ? limit : iov[v].iov_len;
-hexdump(iov[v].iov_base, fp, prefix, size);
-limit -= size;
+size_t size = 0;
+char *buf;
+
+for (v = 0; v < iov_cnt; v++) {
+size += iov[v].iov_len;
 }
+size = size > limit ? limit : size;
+buf = g_malloc(size);
+iov_to_buf(iov, iov_cnt, 0, buf, size);
+g_free(buf);
 }

[Qemu-devel] [PATCH v2 3/5] arm: mptimer: Remove WDT distinction

[Peter Crosthwaite]

In QEMU emulation, there is no functional difference between the ARM mpcore
private timers and watchdogs. Removed all the distinction between the two from
arm_mptimer.c and converted it to be just the mptimer. a9mpcore and arm11mpcore
just instantiate the same mptimer object twice to get both timer and WDT.

If in the future we want to make the WDT functionally different then we can use
either QOM hierachy to derive WDT from from mptimer, or we can add a property
"is-wdt" or some such.

Signed-off-by: Peter Crosthwaite 
---
changed from v1:
s/heirachy/hierachy (PMM review)
Deleted bogus comment about VMSD in arm_mptimer_reset() (PMM review)

 hw/a9mpcore.c|   18 +-
 hw/arm11mpcore.c |   21 -
 hw/arm_mptimer.c |   66 +++--
 3 files changed, 41 insertions(+), 64 deletions(-)

diff --git a/hw/a9mpcore.c b/hw/a9mpcore.c
index 33b9e07..0032f53 100644
--- a/hw/a9mpcore.c
+++ b/hw/a9mpcore.c
@@ -21,6 +21,7 @@ typedef struct A9MPPrivState {
 MemoryRegion scu_iomem;
 MemoryRegion container;
 DeviceState *mptimer;
+DeviceState *wdt;
 DeviceState *gic;
 uint32_t num_irq;
 } A9MPPrivState;
@@ -129,7 +130,7 @@ static void a9mp_priv_set_irq(void *opaque, int irq, int 
level)
 static int a9mp_priv_init(SysBusDevice *dev)
 {
 A9MPPrivState *s = FROM_SYSBUS(A9MPPrivState, dev);
-SysBusDevice *busdev, *gicbusdev;
+SysBusDevice *timerbusdev, *wdtbusdev, *gicbusdev;
 int i;
 
 s->gic = qdev_create(NULL, "arm_gic");
@@ -147,7 +148,12 @@ static int a9mp_priv_init(SysBusDevice *dev)
 s->mptimer = qdev_create(NULL, "arm_mptimer");
 qdev_prop_set_uint32(s->mptimer, "num-cpu", s->num_cpu);
 qdev_init_nofail(s->mptimer);
-busdev = SYS_BUS_DEVICE(s->mptimer);
+timerbusdev = SYS_BUS_DEVICE(s->mptimer);
+
+s->wdt = qdev_create(NULL, "arm_mptimer");
+qdev_prop_set_uint32(s->wdt, "num-cpu", s->num_cpu);
+qdev_init_nofail(s->wdt);
+wdtbusdev = SYS_BUS_DEVICE(s->wdt);
 
 /* Memory map (addresses are offsets from PERIPHBASE):
  *  0x-0x00ff -- Snoop Control Unit
@@ -170,9 +176,9 @@ static int a9mp_priv_init(SysBusDevice *dev)
  * memory region, not the "timer/watchdog for core X" ones 11MPcore has.
  */
 memory_region_add_subregion(&s->container, 0x600,
-sysbus_mmio_get_region(busdev, 0));
+sysbus_mmio_get_region(timerbusdev, 0));
 memory_region_add_subregion(&s->container, 0x620,
-sysbus_mmio_get_region(busdev, 1));
+sysbus_mmio_get_region(wdtbusdev, 0));
 memory_region_add_subregion(&s->container, 0x1000,
 sysbus_mmio_get_region(gicbusdev, 0));
 
@@ -183,9 +189,9 @@ static int a9mp_priv_init(SysBusDevice *dev)
  */
 for (i = 0; i < s->num_cpu; i++) {
 int ppibase = (s->num_irq - 32) + i * 32;
-sysbus_connect_irq(busdev, i * 2,
+sysbus_connect_irq(timerbusdev, i,
qdev_get_gpio_in(s->gic, ppibase + 29));
-sysbus_connect_irq(busdev, i * 2 + 1,
+sysbus_connect_irq(wdtbusdev, i,
qdev_get_gpio_in(s->gic, ppibase + 30));
 }
 return 0;
diff --git a/hw/arm11mpcore.c b/hw/arm11mpcore.c
index b900b35..ca49948 100644
--- a/hw/arm11mpcore.c
+++ b/hw/arm11mpcore.c
@@ -21,6 +21,7 @@ typedef struct ARM11MPCorePriveState {
 MemoryRegion iomem;
 MemoryRegion container;
 DeviceState *mptimer;
+DeviceState *wdtimer;
 DeviceState *gic;
 uint32_t num_irq;
 } ARM11MPCorePriveState;
@@ -84,7 +85,8 @@ static void mpcore_priv_map_setup(ARM11MPCorePriveState *s)
 {
 int i;
 SysBusDevice *gicbusdev = SYS_BUS_DEVICE(s->gic);
-SysBusDevice *busdev = SYS_BUS_DEVICE(s->mptimer);
+SysBusDevice *timerbusdev = SYS_BUS_DEVICE(s->mptimer);
+SysBusDevice *wdtbusdev = SYS_BUS_DEVICE(s->wdtimer);
 memory_region_init(&s->container, "mpcode-priv-container", 0x2000);
 memory_region_init_io(&s->iomem, &mpcore_scu_ops, s, "mpcore-scu", 0x100);
 memory_region_add_subregion(&s->container, 0, &s->iomem);
@@ -99,11 +101,13 @@ static void mpcore_priv_map_setup(ARM11MPCorePriveState *s)
 /* Add the regions for timer and watchdog for "current CPU" and
  * for each specific CPU.
  */
-for (i = 0; i < (s->num_cpu + 1) * 2; i++) {
+for (i = 0; i < (s->num_cpu + 1); i++) {
 /* Timers at 0x600, 0x700, ...; watchdogs at 0x620, 0x720, ... */
-hwaddr offset = 0x600 + (i >> 1) * 0x100 + (i & 1) * 0x20;
+hwaddr offset = 0x600 + i * 0x100;
 memory_region_add_subregion(&s->container, offset,
-sysbus_mmio_get_region(busdev, i));
+sysbus_mmio_get_region(timerbusdev, i));
+memory_region_add_subregion(&s->container, offset + 0x20,
+  

[Qemu-devel] [PATCH v2 4/5] a9mpcore: remove old_timer_status field

[Peter Crosthwaite]

This field was write only and thus unused. Removed.

Signed-off-by: Peter Crosthwaite 
---
Set minimum version ID to 3 (PMM review)

 hw/a9mpcore.c |   11 +++
 1 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/hw/a9mpcore.c b/hw/a9mpcore.c
index 0032f53..23630af 100644
--- a/hw/a9mpcore.c
+++ b/hw/a9mpcore.c
@@ -16,7 +16,6 @@ typedef struct A9MPPrivState {
 SysBusDevice busdev;
 uint32_t scu_control;
 uint32_t scu_status;
-uint32_t old_timer_status[8];
 uint32_t num_cpu;
 MemoryRegion scu_iomem;
 MemoryRegion container;
@@ -114,11 +113,8 @@ static const MemoryRegionOps a9_scu_ops = {
 static void a9mp_priv_reset(DeviceState *dev)
 {
 A9MPPrivState *s = FROM_SYSBUS(A9MPPrivState, SYS_BUS_DEVICE(dev));
-int i;
+
 s->scu_control = 0;
-for (i = 0; i < ARRAY_SIZE(s->old_timer_status); i++) {
-s->old_timer_status[i] = 0;
-}
 }
 
 static void a9mp_priv_set_irq(void *opaque, int irq, int level)
@@ -199,11 +195,10 @@ static int a9mp_priv_init(SysBusDevice *dev)
 
 static const VMStateDescription vmstate_a9mp_priv = {
 .name = "a9mpcore_priv",
-.version_id = 2,
-.minimum_version_id = 1,
+.version_id = 3,
+.minimum_version_id = 3,
 .fields = (VMStateField[]) {
 VMSTATE_UINT32(scu_control, A9MPPrivState),
-VMSTATE_UINT32_ARRAY(old_timer_status, A9MPPrivState, 8),
 VMSTATE_UINT32_V(scu_status, A9MPPrivState, 2),
 VMSTATE_END_OF_LIST()
 }
-- 
1.7.0.4

[Qemu-devel] [PATCH v2 0/5] Cleanup of ARM MPCore

[Peter Crosthwaite]

Patches 1-3 and 5 are trivial code cleanup and may be candidate to go via
trivial queue inpdependent of review of this work. Patch 4 unifies the MPTimer
and WDT into one device. My motivation for doing this is so I can dynamically
create one without the other (Im throwing away MPCore altogether in one of my
flows and creating these components individually). See commit message for
further discussion. Patch 6 coreifies the SCU which was built into the MPCore.
This is a self contained MPCore subcomponent and should be a child device of
the MPCore wrapper. This makes it consistent with MPTimer and GIC. After this
series, MPCore is just a wrapper device around its components.

Changed from v1:
Dropped patch 2
Addressed PMM review


Peter Crosthwaite (5):
  arm: mptimer: CamelCased type names
  arm: *mpcore.c: CamelCased type names
  arm: mptimer: Remove WDT distinction
  a9mpcore: remove old_timer_status field
  arm: a9mpcore: Coreify the SCU

 hw/a9mpcore.c|  157 ---
 hw/a9scu.c   |  164 ++
 hw/arm/Makefile.objs |1 +
 hw/arm11mpcore.c |   41 -
 hw/arm_mptimer.c |  112 +++---
 5 files changed, 254 insertions(+), 221 deletions(-)
 create mode 100644 hw/a9scu.c

[Qemu-devel] [PATCH v2 2/5] arm: *mpcore.c: CamelCased type names

[Peter Crosthwaite]

To conform with QEMU coding style.

Signed-off-by: Peter Crosthwaite 
---
changed from v1:
s/MPCorePrivState/ARM11MPCorePriveState (PMM review)

 hw/a9mpcore.c|   26 +-
 hw/arm11mpcore.c |   20 ++--
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/hw/a9mpcore.c b/hw/a9mpcore.c
index 673bbd8..33b9e07 100644
--- a/hw/a9mpcore.c
+++ b/hw/a9mpcore.c
@@ -12,7 +12,7 @@
 
 /* A9MP private memory region.  */
 
-typedef struct a9mp_priv_state {
+typedef struct A9MPPrivState {
 SysBusDevice busdev;
 uint32_t scu_control;
 uint32_t scu_status;
@@ -23,12 +23,12 @@ typedef struct a9mp_priv_state {
 DeviceState *mptimer;
 DeviceState *gic;
 uint32_t num_irq;
-} a9mp_priv_state;
+} A9MPPrivState;
 
 static uint64_t a9_scu_read(void *opaque, hwaddr offset,
 unsigned size)
 {
-a9mp_priv_state *s = (a9mp_priv_state *)opaque;
+A9MPPrivState *s = (A9MPPrivState *)opaque;
 switch (offset) {
 case 0x00: /* Control */
 return s->scu_control;
@@ -59,7 +59,7 @@ static uint64_t a9_scu_read(void *opaque, hwaddr offset,
 static void a9_scu_write(void *opaque, hwaddr offset,
  uint64_t value, unsigned size)
 {
-a9mp_priv_state *s = (a9mp_priv_state *)opaque;
+A9MPPrivState *s = (A9MPPrivState *)opaque;
 uint32_t mask;
 uint32_t shift;
 switch (size) {
@@ -112,7 +112,7 @@ static const MemoryRegionOps a9_scu_ops = {
 
 static void a9mp_priv_reset(DeviceState *dev)
 {
-a9mp_priv_state *s = FROM_SYSBUS(a9mp_priv_state, SYS_BUS_DEVICE(dev));
+A9MPPrivState *s = FROM_SYSBUS(A9MPPrivState, SYS_BUS_DEVICE(dev));
 int i;
 s->scu_control = 0;
 for (i = 0; i < ARRAY_SIZE(s->old_timer_status); i++) {
@@ -122,13 +122,13 @@ static void a9mp_priv_reset(DeviceState *dev)
 
 static void a9mp_priv_set_irq(void *opaque, int irq, int level)
 {
-a9mp_priv_state *s = (a9mp_priv_state *)opaque;
+A9MPPrivState *s = (A9MPPrivState *)opaque;
 qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level);
 }
 
 static int a9mp_priv_init(SysBusDevice *dev)
 {
-a9mp_priv_state *s = FROM_SYSBUS(a9mp_priv_state, dev);
+A9MPPrivState *s = FROM_SYSBUS(A9MPPrivState, dev);
 SysBusDevice *busdev, *gicbusdev;
 int i;
 
@@ -196,22 +196,22 @@ static const VMStateDescription vmstate_a9mp_priv = {
 .version_id = 2,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
-VMSTATE_UINT32(scu_control, a9mp_priv_state),
-VMSTATE_UINT32_ARRAY(old_timer_status, a9mp_priv_state, 8),
-VMSTATE_UINT32_V(scu_status, a9mp_priv_state, 2),
+VMSTATE_UINT32(scu_control, A9MPPrivState),
+VMSTATE_UINT32_ARRAY(old_timer_status, A9MPPrivState, 8),
+VMSTATE_UINT32_V(scu_status, A9MPPrivState, 2),
 VMSTATE_END_OF_LIST()
 }
 };
 
 static Property a9mp_priv_properties[] = {
-DEFINE_PROP_UINT32("num-cpu", a9mp_priv_state, num_cpu, 1),
+DEFINE_PROP_UINT32("num-cpu", A9MPPrivState, num_cpu, 1),
 /* The Cortex-A9MP may have anything from 0 to 224 external interrupt
  * IRQ lines (with another 32 internal). We default to 64+32, which
  * is the number provided by the Cortex-A9MP test chip in the
  * Realview PBX-A9 and Versatile Express A9 development boards.
  * Other boards may differ and should set this property appropriately.
  */
-DEFINE_PROP_UINT32("num-irq", a9mp_priv_state, num_irq, 96),
+DEFINE_PROP_UINT32("num-irq", A9MPPrivState, num_irq, 96),
 DEFINE_PROP_END_OF_LIST(),
 };
 
@@ -229,7 +229,7 @@ static void a9mp_priv_class_init(ObjectClass *klass, void 
*data)
 static const TypeInfo a9mp_priv_info = {
 .name  = "a9mpcore_priv",
 .parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(a9mp_priv_state),
+.instance_size = sizeof(A9MPPrivState),
 .class_init= a9mp_priv_class_init,
 };
 
diff --git a/hw/arm11mpcore.c b/hw/arm11mpcore.c
index 324e503..b900b35 100644
--- a/hw/arm11mpcore.c
+++ b/hw/arm11mpcore.c
@@ -12,7 +12,7 @@
 
 /* MPCore private memory region.  */
 
-typedef struct mpcore_priv_state {
+typedef struct ARM11MPCorePriveState {
 SysBusDevice busdev;
 uint32_t scu_control;
 int iomemtype;
@@ -23,14 +23,14 @@ typedef struct mpcore_priv_state {
 DeviceState *mptimer;
 DeviceState *gic;
 uint32_t num_irq;
-} mpcore_priv_state;
+} ARM11MPCorePriveState;
 
 /* Per-CPU private memory mapped IO.  */
 
 static uint64_t mpcore_scu_read(void *opaque, hwaddr offset,
 unsigned size)
 {
-mpcore_priv_state *s = (mpcore_priv_state *)opaque;
+ARM11MPCorePriveState *s = (ARM11MPCorePriveState *)opaque;
 int id;
 /* SCU */
 switch (offset) {
@@ -53,7 +53,7 @@ static uint64_t mpcore_scu_read(void *opaque, hwaddr offset,
 static void mpcore_scu_write(void *opaque, hwaddr offset,
  uint64_t value, unsigned size)
 {
-mpcore_priv_s

[Qemu-devel] [PATCH v2 1/5] arm: mptimer: CamelCased type names

[Peter Crosthwaite]

Trivial find replace on type names "timerblock" and "arm_mptimer_state" to
conform with QEMU coding style.

Signed-off-by: Peter Crosthwaite 
Reviewed-by: Peter Maydell 
---

 hw/arm_mptimer.c |   56 +++---
 1 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/hw/arm_mptimer.c b/hw/arm_mptimer.c
index 32817d3..de0ef36 100644
--- a/hw/arm_mptimer.c
+++ b/hw/arm_mptimer.c
@@ -38,16 +38,16 @@ typedef struct {
 QEMUTimer *timer;
 qemu_irq irq;
 MemoryRegion iomem;
-} timerblock;
+} TimerBlock;
 
 typedef struct {
 SysBusDevice busdev;
 uint32_t num_cpu;
-timerblock timerblock[MAX_CPUS * 2];
+TimerBlock timerblock[MAX_CPUS * 2];
 MemoryRegion iomem[2];
-} arm_mptimer_state;
+} ARMMPTimerState;
 
-static inline int get_current_cpu(arm_mptimer_state *s)
+static inline int get_current_cpu(ARMMPTimerState *s)
 {
 CPUState *cpu_single_cpu = ENV_GET_CPU(cpu_single_env);
 
@@ -58,18 +58,18 @@ static inline int get_current_cpu(arm_mptimer_state *s)
 return cpu_single_cpu->cpu_index;
 }
 
-static inline void timerblock_update_irq(timerblock *tb)
+static inline void timerblock_update_irq(TimerBlock *tb)
 {
 qemu_set_irq(tb->irq, tb->status);
 }
 
 /* Return conversion factor from mpcore timer ticks to qemu timer ticks.  */
-static inline uint32_t timerblock_scale(timerblock *tb)
+static inline uint32_t timerblock_scale(TimerBlock *tb)
 {
 return (((tb->control >> 8) & 0xff) + 1) * 10;
 }
 
-static void timerblock_reload(timerblock *tb, int restart)
+static void timerblock_reload(TimerBlock *tb, int restart)
 {
 if (tb->count == 0) {
 return;
@@ -83,7 +83,7 @@ static void timerblock_reload(timerblock *tb, int restart)
 
 static void timerblock_tick(void *opaque)
 {
-timerblock *tb = (timerblock *)opaque;
+TimerBlock *tb = (TimerBlock *)opaque;
 tb->status = 1;
 if (tb->control & 2) {
 tb->count = tb->load;
@@ -97,7 +97,7 @@ static void timerblock_tick(void *opaque)
 static uint64_t timerblock_read(void *opaque, hwaddr addr,
 unsigned size)
 {
-timerblock *tb = (timerblock *)opaque;
+TimerBlock *tb = (TimerBlock *)opaque;
 int64_t val;
 switch (addr) {
 case 0: /* Load */
@@ -125,7 +125,7 @@ static uint64_t timerblock_read(void *opaque, hwaddr addr,
 static void timerblock_write(void *opaque, hwaddr addr,
  uint64_t value, unsigned size)
 {
-timerblock *tb = (timerblock *)opaque;
+TimerBlock *tb = (TimerBlock *)opaque;
 int64_t old;
 switch (addr) {
 case 0: /* Load */
@@ -164,7 +164,7 @@ static void timerblock_write(void *opaque, hwaddr addr,
 static uint64_t arm_thistimer_read(void *opaque, hwaddr addr,
unsigned size)
 {
-arm_mptimer_state *s = (arm_mptimer_state *)opaque;
+ARMMPTimerState *s = (ARMMPTimerState *)opaque;
 int id = get_current_cpu(s);
 return timerblock_read(&s->timerblock[id * 2], addr, size);
 }
@@ -172,7 +172,7 @@ static uint64_t arm_thistimer_read(void *opaque, hwaddr 
addr,
 static void arm_thistimer_write(void *opaque, hwaddr addr,
 uint64_t value, unsigned size)
 {
-arm_mptimer_state *s = (arm_mptimer_state *)opaque;
+ARMMPTimerState *s = (ARMMPTimerState *)opaque;
 int id = get_current_cpu(s);
 timerblock_write(&s->timerblock[id * 2], addr, value, size);
 }
@@ -180,7 +180,7 @@ static void arm_thistimer_write(void *opaque, hwaddr addr,
 static uint64_t arm_thiswdog_read(void *opaque, hwaddr addr,
   unsigned size)
 {
-arm_mptimer_state *s = (arm_mptimer_state *)opaque;
+ARMMPTimerState *s = (ARMMPTimerState *)opaque;
 int id = get_current_cpu(s);
 return timerblock_read(&s->timerblock[id * 2 + 1], addr, size);
 }
@@ -188,7 +188,7 @@ static uint64_t arm_thiswdog_read(void *opaque, hwaddr addr,
 static void arm_thiswdog_write(void *opaque, hwaddr addr,
uint64_t value, unsigned size)
 {
-arm_mptimer_state *s = (arm_mptimer_state *)opaque;
+ARMMPTimerState *s = (ARMMPTimerState *)opaque;
 int id = get_current_cpu(s);
 timerblock_write(&s->timerblock[id * 2 + 1], addr, value, size);
 }
@@ -223,7 +223,7 @@ static const MemoryRegionOps timerblock_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static void timerblock_reset(timerblock *tb)
+static void timerblock_reset(TimerBlock *tb)
 {
 tb->count = 0;
 tb->load = 0;
@@ -237,8 +237,8 @@ static void timerblock_reset(timerblock *tb)
 
 static void arm_mptimer_reset(DeviceState *dev)
 {
-arm_mptimer_state *s =
-FROM_SYSBUS(arm_mptimer_state, SYS_BUS_DEVICE(dev));
+ARMMPTimerState *s =
+FROM_SYSBUS(ARMMPTimerState, SYS_BUS_DEVICE(dev));
 int i;
 /* We reset every timer in the array, not just the ones we're using,
  * because vmsave will look at every array element.
@@ -250,7 +2

[Qemu-devel] [PATCH] ICH9 LPC: Reset Control Register, basic implementation

[Laszlo Ersek]

This commit does the same for the ICH9 LPC as commit 1ec4ba74 for the
PIIX3. For the present we're ignoring the Full Reset (FULL_RST) and System
Reset (SYS_RST) bits; the guest can read them back but that's it.

Signed-off-by: Laszlo Ersek 
---
 Tested retention of RCR contents and reset functionality in a pc-q35-1.4 VM
 with a Fedora 18 Live CD; plus info mtree:

 I/O
 - (prio 0, RW): io
   0cf8-0cfb (prio 0, RW): pci-conf-idx
   0cf9-0cf9 (prio 1, RW): lpc-reset-control

 hw/ich9.h |   11 +++
 hw/lpc_ich9.c |   57 +
 2 files changed, 68 insertions(+), 0 deletions(-)

diff --git a/hw/ich9.h b/hw/ich9.h
index d4509bb..dbc4495 100644
--- a/hw/ich9.h
+++ b/hw/ich9.h
@@ -49,6 +49,15 @@ typedef struct ICH9LPCState {
 /* 10.1 Chipset Configuration registers(Memory Space)
  which is pointed by RCBA */
 uint8_t chip_config[ICH9_CC_SIZE];
+
+/*
+ * 13.7.5 RST_CNT---Reset Control Register (LPC I/F---D31:F0)
+ *
+ * register contents and IO memory region
+ */
+uint8_t rst_cnt;
+MemoryRegion rst_cnt_mem;
+
 /* isa bus */
 ISABus *isa_bus;
 MemoryRegion rbca_mem;
@@ -103,6 +112,8 @@ typedef struct ICH9LPCState {
 
 #define ICH9_D2P_A2_REVISION0x92
 
+/* D31:F0 LPC Processor Interface */
+#define ICH9_RST_CNT_IOPORT 0xCF9
 
 /* D31:F1 LPC controller */
 #define ICH9_A2_LPC "ICH9 A2 LPC"
diff --git a/hw/lpc_ich9.c b/hw/lpc_ich9.c
index e25689b..eceb052 100644
--- a/hw/lpc_ich9.c
+++ b/hw/lpc_ich9.c
@@ -466,6 +466,7 @@ static void ich9_lpc_reset(DeviceState *qdev)
 ich9_lpc_rcba_update(lpc, rbca_old);
 
 lpc->sci_level = 0;
+lpc->rst_cnt = 0;
 }
 
 static const MemoryRegionOps rbca_mmio_ops = {
@@ -498,6 +499,32 @@ static void ich9_lpc_machine_ready(Notifier *n, void 
*opaque)
 }
 }
 
+/* reset control */
+static void ich9_rst_cnt_write(void *opaque, hwaddr addr, uint64_t val,
+   unsigned len)
+{
+ICH9LPCState *lpc = opaque;
+
+if (val & 4) {
+qemu_system_reset_request();
+return;
+}
+lpc->rst_cnt = val & 0xA; /* keep FULL_RST (bit 3) and SYS_RST (bit 1) */
+}
+
+static uint64_t ich9_rst_cnt_read(void *opaque, hwaddr addr, unsigned len)
+{
+ICH9LPCState *lpc = opaque;
+
+return lpc->rst_cnt;
+}
+
+static const MemoryRegionOps ich9_rst_cnt_ops = {
+.read = ich9_rst_cnt_read,
+.write = ich9_rst_cnt_write,
+.endianness = DEVICE_LITTLE_ENDIAN
+};
+
 static int ich9_lpc_initfn(PCIDevice *d)
 {
 ICH9LPCState *lpc = ICH9_LPC_DEVICE(d);
@@ -519,9 +546,32 @@ static int ich9_lpc_initfn(PCIDevice *d)
 lpc->machine_ready.notify = ich9_lpc_machine_ready;
 qemu_add_machine_init_done_notifier(&lpc->machine_ready);
 
+memory_region_init_io(&lpc->rst_cnt_mem, &ich9_rst_cnt_ops, lpc,
+  "lpc-reset-control", 1);
+memory_region_add_subregion_overlap(pci_address_space_io(d),
+ICH9_RST_CNT_IOPORT, &lpc->rst_cnt_mem,
+1);
+
 return 0;
 }
 
+static bool ich9_rst_cnt_needed(void *opaque)
+{
+ICH9LPCState *lpc = opaque;
+
+return (lpc->rst_cnt != 0);
+}
+
+static const VMStateDescription vmstate_ich9_rst_cnt = {
+.name = "ICH9LPC/rst_cnt",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT8(rst_cnt, ICH9LPCState),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_ich9_lpc = {
 .name = "ICH9LPC",
 .version_id = 1,
@@ -535,6 +585,13 @@ static const VMStateDescription vmstate_ich9_lpc = {
 VMSTATE_UINT8_ARRAY(chip_config, ICH9LPCState, ICH9_CC_SIZE),
 VMSTATE_UINT32(sci_level, ICH9LPCState),
 VMSTATE_END_OF_LIST()
+},
+.subsections = (VMStateSubsection[]) {
+{
+.vmsd = &vmstate_ich9_rst_cnt,
+.needed = ich9_rst_cnt_needed
+},
+{ 0 }
 }
 };
 
-- 
1.7.1

[Qemu-devel] [PATCH v2 5/5] arm: a9mpcore: Coreify the SCU

[Peter Crosthwaite]

Split the SCU in a9mpcore out into its own object definition. mpcore is now
just a container for the mpcore components.

Signed-off-by: Peter Crosthwaite 
---
changed from v1:
added DeviceState pointer for SCU in APMPPrivState (PMM review)
Deleted stale comment (PMM review)
hyphenated strings (PMM review)
Change Sysbus->init over to Device->realize (PMM Review)
removed usages of FROM_SYSBUS
constified TypeInfo (Andreas review)

 hw/a9mpcore.c|  122 +++--
 hw/a9scu.c   |  164 ++
 hw/arm/Makefile.objs |1 +
 3 files changed, 174 insertions(+), 113 deletions(-)
 create mode 100644 hw/a9scu.c

diff --git a/hw/a9mpcore.c b/hw/a9mpcore.c
index 23630af..01aee02 100644
--- a/hw/a9mpcore.c
+++ b/hw/a9mpcore.c
@@ -10,113 +10,17 @@
 
 #include "sysbus.h"
 
-/* A9MP private memory region.  */
-
 typedef struct A9MPPrivState {
 SysBusDevice busdev;
-uint32_t scu_control;
-uint32_t scu_status;
 uint32_t num_cpu;
-MemoryRegion scu_iomem;
 MemoryRegion container;
 DeviceState *mptimer;
 DeviceState *wdt;
 DeviceState *gic;
+DeviceState *scu;
 uint32_t num_irq;
 } A9MPPrivState;
 
-static uint64_t a9_scu_read(void *opaque, hwaddr offset,
-unsigned size)
-{
-A9MPPrivState *s = (A9MPPrivState *)opaque;
-switch (offset) {
-case 0x00: /* Control */
-return s->scu_control;
-case 0x04: /* Configuration */
-return (((1 << s->num_cpu) - 1) << 4) | (s->num_cpu - 1);
-case 0x08: /* CPU Power Status */
-return s->scu_status;
-case 0x09: /* CPU status.  */
-return s->scu_status >> 8;
-case 0x0a: /* CPU status.  */
-return s->scu_status >> 16;
-case 0x0b: /* CPU status.  */
-return s->scu_status >> 24;
-case 0x0c: /* Invalidate All Registers In Secure State */
-return 0;
-case 0x40: /* Filtering Start Address Register */
-case 0x44: /* Filtering End Address Register */
-/* RAZ/WI, like an implementation with only one AXI master */
-return 0;
-case 0x50: /* SCU Access Control Register */
-case 0x54: /* SCU Non-secure Access Control Register */
-/* unimplemented, fall through */
-default:
-return 0;
-}
-}
-
-static void a9_scu_write(void *opaque, hwaddr offset,
- uint64_t value, unsigned size)
-{
-A9MPPrivState *s = (A9MPPrivState *)opaque;
-uint32_t mask;
-uint32_t shift;
-switch (size) {
-case 1:
-mask = 0xff;
-break;
-case 2:
-mask = 0x;
-break;
-case 4:
-mask = 0x;
-break;
-default:
-fprintf(stderr, "Invalid size %u in write to a9 scu register %x\n",
-size, (unsigned)offset);
-return;
-}
-
-switch (offset) {
-case 0x00: /* Control */
-s->scu_control = value & 1;
-break;
-case 0x4: /* Configuration: RO */
-break;
-case 0x08: case 0x09: case 0x0A: case 0x0B: /* Power Control */
-shift = (offset - 0x8) * 8;
-s->scu_status &= ~(mask << shift);
-s->scu_status |= ((value & mask) << shift);
-break;
-case 0x0c: /* Invalidate All Registers In Secure State */
-/* no-op as we do not implement caches */
-break;
-case 0x40: /* Filtering Start Address Register */
-case 0x44: /* Filtering End Address Register */
-/* RAZ/WI, like an implementation with only one AXI master */
-break;
-case 0x50: /* SCU Access Control Register */
-case 0x54: /* SCU Non-secure Access Control Register */
-/* unimplemented, fall through */
-default:
-break;
-}
-}
-
-static const MemoryRegionOps a9_scu_ops = {
-.read = a9_scu_read,
-.write = a9_scu_write,
-.endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static void a9mp_priv_reset(DeviceState *dev)
-{
-A9MPPrivState *s = FROM_SYSBUS(A9MPPrivState, SYS_BUS_DEVICE(dev));
-
-s->scu_control = 0;
-}
-
 static void a9mp_priv_set_irq(void *opaque, int irq, int level)
 {
 A9MPPrivState *s = (A9MPPrivState *)opaque;
@@ -126,7 +30,7 @@ static void a9mp_priv_set_irq(void *opaque, int irq, int 
level)
 static int a9mp_priv_init(SysBusDevice *dev)
 {
 A9MPPrivState *s = FROM_SYSBUS(A9MPPrivState, dev);
-SysBusDevice *timerbusdev, *wdtbusdev, *gicbusdev;
+SysBusDevice *timerbusdev, *wdtbusdev, *gicbusdev, *scubusdev;
 int i;
 
 s->gic = qdev_create(NULL, "arm_gic");
@@ -141,6 +45,11 @@ static int a9mp_priv_init(SysBusDevice *dev)
 /* Pass through inbound GPIO lines to the GIC */
 qdev_init_gpio_in(&s->busdev.qdev, a9mp_priv_set_irq, s->num_irq - 32);
 
+s->scu = qdev_create(NULL, "a9-scu");
+qdev_prop_set_uint32(s->scu, "num-cpu", s->num_cpu);
+qdev_init_nofail(s->scu);
+scubusdev = SYS_BUS_DEVICE(s->scu);
+
 s->mptimer = qdev_create(NULL, "arm_mptimer");
 qd

Re: [Qemu-devel] [PATCH v3 15/20] arm: add Faraday FTMAC110 10/100Mbps ethernet support

[Kuo-Jung Su]

2013/2/19 Stefan Hajnoczi :
> On Tue, Feb 19, 2013 at 09:43:27AM +0800, Kuo-Jung Su wrote:
>> 2013/2/19 Kuo-Jung Su :
>> > 2013/2/18 Stefan Hajnoczi :
>> >> On Mon, Feb 18, 2013 at 05:44:38PM +0800, Kuo-Jung Su wrote:
>> >>> 2013/2/18 Stefan Hajnoczi :
>> >>> > On Wed, Feb 06, 2013 at 05:45:19PM +0800, Kuo-Jung Su wrote:
>> >>> >> From: Kuo-Jung Su 
>> >>> >>
>> >>> >> The FTMAC110 is an Ethernet controller that provides AHB master 
>> >>> >> capability
>> >>> >> and is in full compliance with the IEEE 802.3 10/100 Mbps 
>> >>> >> specifications.
>> >>> >> Its DMA controller handles all data transfers between system memory
>> >>> >> and on-chip memories.
>> >>> >> It supports half-word data transfer for Linux. However it has a weird 
>> >>> >> DMA
>> >>> >> alignment issue:
>> >>> >>
>> >>> >> (1) Tx DMA Buffer Address:
>> >>> >> 1 bytes aligned: Invalid
>> >>> >> 2 bytes aligned: O.K
>> >>> >> 4 bytes aligned: O.K
>> >>> >>
>> >>> >> (2) Rx DMA Buffer Address:
>> >>> >> 1 bytes aligned: Invalid
>> >>> >> 2 bytes aligned: O.K
>> >>> >> 4 bytes aligned: Invalid (It means 0x0, 0x4, 0x8, 0xC are invalid)
>> >>> >>
>> >>> >> Signed-off-by: Kuo-Jung Su 
>> >>> >> ---
>> >>> >>  hw/arm/Makefile.objs  |1 +
>> >>> >>  hw/arm/faraday_a360.c |   10 +
>> >>> >>  hw/arm/ftmac110.c |  681 
>> >>> >> +
>> >>> >>  hw/arm/ftmac110.h |  131 ++
>> >>> >>  4 files changed, 823 insertions(+)
>> >>> >>  create mode 100644 hw/arm/ftmac110.c
>> >>> >>  create mode 100644 hw/arm/ftmac110.h
>> >>> >
>> >>> > Hi Kuo-Jung,
>> >>> > Is there a datasheet and/or driver programming guide for this Ethernet
>> >>> > controller?
>> >>> >
>> >>>
>> >>> The datasheet distribution is prohibited in Faraday, while it's 
>> >>> absolutely O.K
>> >>> to deliver software codes along with register description.
>> >>>
>> >>> So, I can't share the datasheets with you, but I can add register 
>> >>> description
>> >>> to the source files. Is this what you need?
>> >>
>> >> I'm asking because I'd like to confirm that the device keeps checking
>> >> for available receive descriptors via DMA reads (owner bit) and there is
>> >> no hw register access to kick the Ethernet controller?
>> >>
>> >
>> > In a descriptor based ethernet MAC, there is usually a dedicated
>> > register to kick-off DMA
>> > engine, and of course, FTMAC110/FTGMAC100 has such register, too.
>> >
>> > They are:
>> >
>> > 1. ftgmac100:
>> > 1-1. REG_TXPD (0x18):  Kick-off Tx DMA engine
>> > 1-2. REG_RXPD (0x1c): Kick-off Rx DMA engine
>> > 1-3. REG_HPTXPD (0x28): Kick-off High Priority Tx DMA engine
>> >
>> > 2. ftmac110:
>> > 2-1. REG_TXPD (0x18):  Kick-off Tx DMA engine
>> > 2-2. REG_RXPD (0x1c): Kick-off Rx DMA engine
>> >
>> > Writing an arbitrary value to these registers would trigger the
>> > corresponding DMA engine.
>> >
>> >> You work at Faraday, so maybe you have the definitive answer to this :).
>> >>
>> >> Stefan
>>
>> If you're looking for a basic example code, I'll recommend the u-boot 
>> drivers,
>> The files are available from my own github:
>>
>> https://github.com/dantesu1218/u-boot/blob/master/drivers/net/ftgmac100.c
>> https://github.com/dantesu1218/u-boot/blob/master/drivers/net/ftmac110.c
>
> Both your u-boot and the Linux driver for ftmac110 do not kick the NIC.
> They simply set the hw owner bit in the rx descriptor.
>

Descriptor based Ethernet MAC usually triggers the Rx DMA by the
hardware MII pin
called CRS (MII Carier Sense), so most of them, only has a Tx Poll
register, no Rx Poll.

For example:

1. BCM963xx builtin Ethernet mac


http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=blob;f=drivers/net/ethernet/broadcom/bcm63xx_enet.c;h=39387d67b7222beee3a5fd122218c645851f90c6;hb=19f949f52599ba7c3f67a5897ac6be14bfcb1200

2. RealTek 8139C+:


http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=blob;f=drivers/net/ethernet/realtek/8139cp.c;h=5ac93323a40cfa40995fbbaa3a4bc5ce0c3bea0a;hb=19f949f52599ba7c3f67a5897ac6be14bfcb1200

3. RDC R6040:


http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=blob;f=drivers/net/ethernet/rdc/r6040.c;h=63c13125db6c9d0a58dcc70438d4af4058bcfd1e;hb=19f949f52599ba7c3f67a5897ac6be14bfcb1200

It's also a mystery to me that why we have a Rx Poll register in
Faraday Ethernet MACs.
They're all designed long before I participate in Faraday. I guess
this rx poll register might be
designed for test purpose only.

> As Peter and Anthony discussed previously, this design does not lend
> itself nicely to emulation because QEMU has to poll or try to trap
> memory accesses (which we don't do today).
>
> Normally, we'd like to stop host tap device rx when the emulated NIC has
> no rx buffers.  When the guest refills rx buffers we can restart rx.
> All this happens without polling if the guest kicks the NIC to refill rx
> buffers.
>
> I think Peter's suggestion earlier in this th

Re: [Qemu-devel] [PATCH v1 6/6] arm: a9mpcore: Coreify the SCU

[Peter Crosthwaite]

On Tue, Feb 19, 2013 at 4:49 AM, Peter Maydell  wrote:
> On 8 February 2013 04:03, Peter Crosthwaite
>  wrote:
>> Split the SCU in a9mpcore out into its own object definition. mpcore is now
>> just a container for the mpcore components.
>
> Good idea.
>
>> --- a/hw/a9mpcore.c
>> +++ b/hw/a9mpcore.c
>> @@ -14,107 +14,12 @@
>>
>>  typedef struct A9MPPrivState {
>>  SysBusDevice busdev;
>> -uint32_t scu_control;
>> -uint32_t scu_status;
>>  uint32_t num_cpu;
>> -MemoryRegion scu_iomem;
>>  MemoryRegion container;
>>  DeviceState *gic;
>>  uint32_t num_irq;
>>  } A9MPPrivState;
>
> You need to add a DeviceState* for the scu.
>

Done

>> diff --git a/hw/a9scu.c b/hw/a9scu.c
>> new file mode 100644
>> index 000..0a3d411
>> --- /dev/null
>> +++ b/hw/a9scu.c
>> @@ -0,0 +1,162 @@
>> +/*
>> + * Cortex-A9MPCore Snoop Control Unit (SCU) emulation.
>> + *
>> + * Copyright (c) 2009 CodeSourcery.
>> + * Copyright (c) 2011 Linaro Limited.
>> + * Written by Paul Brook, Peter Maydell.
>> + *
>> + * This code is licensed under the GPL.
>> + */
>> +
>> +#include "sysbus.h"
>> +
>> +/* A9MP private memory region.  */
>
> Stale comment (you could just delete it).
>

Done

>> +
>> +typedef struct A9SCUState {
>> +SysBusDevice busdev;
>> +MemoryRegion iomem;
>> +uint32_t control;
>> +uint32_t status;
>> +uint32_t num_cpu;
>> +} A9SCUState;
>
>> +static const VMStateDescription vmstate_a9_scu = {
>> +.name = "a9_scu",
>
> For new devices, hyphen is preferred, so "a9-scu".
>

Fixed globally

>> +.version_id = 1,
>> +.minimum_version_id = 1,
>> +.fields = (VMStateField[]) {
>> +VMSTATE_UINT32(control, A9SCUState),
>> +VMSTATE_UINT32(status, A9SCUState),
>> +VMSTATE_END_OF_LIST()
>> +}
>> +};
>> +
>> +static Property a9_scu_properties[] = {
>> +DEFINE_PROP_UINT32("num-cpu", A9SCUState, num_cpu, 1),
>> +DEFINE_PROP_END_OF_LIST(),
>> +};
>> +
>> +static void a9_scu_class_init(ObjectClass *klass, void *data)
>> +{
>> +DeviceClass *dc = DEVICE_CLASS(klass);
>> +SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
>> +
>> +k->init = a9_scu_init;
>
> This should have an instance_init and/or realize method,
> not a SysBusDeviceClass::init (see comments on PL330 patch).
>

Fixed as per PL330 review.

Regards,
Peter

>> +dc->props = a9_scu_properties;
>> +dc->vmsd = &vmstate_a9_scu;
>> +dc->reset = a9_scu_reset;
>> +}
>> +
>> +static TypeInfo a9_scu_info = {
>> +.name  = "arm_a9_scu",
>
> Again, hyphens preferred.
>
>> +.parent= TYPE_SYS_BUS_DEVICE,
>> +.instance_size = sizeof(A9SCUState),
>> +.class_init= a9_scu_class_init,
>> +};
>
> thanks
> -- PMM
>

Re: [Qemu-devel] [PATCH v10 2/3] pl330: Initial version

[Igor Mitsyanko]

On 02/19/2013 09:53 PM, Peter Maydell wrote:

On 19 February 2013 17:44, Igor Mitsyanko  wrote:

On 02/19/2013 11:46 AM, Peter Crosthwaite wrote:

Device model for Primecell PL330 DMA controller.

Signed-off-by: Peter Crosthwaite 
Signed-off-by: Kirill Batuzov 
Tested-by: Igor Mitsyanko 


Is my reviewed-by required if it already has my tested-by? I have a few
minor comments bellow and then you can add my reviewed-by tag if you want.

They mean different things (both worth noting):
Tested-by means you ran the code and it did the right thing
Reviewed-by means you read the code and it looks good


I thought reviewed-by implied tested-by) I'll add this tag to a next 
patch version then.




-- PMM



--
Mitsyanko Igor
ASWG, Moscow R&D center, Samsung Electronics
email: i.mitsya...@samsung.com

Re: [Qemu-devel] [PATCH v10 2/3] pl330: Initial version

[Peter Crosthwaite]

On Wed, Feb 20, 2013 at 4:02 AM, Igor Mitsyanko  wrote:
>
> On 02/19/2013 09:53 PM, Peter Maydell wrote:
>>
>> On 19 February 2013 17:44, Igor Mitsyanko  wrote:
>>>
>>> On 02/19/2013 11:46 AM, Peter Crosthwaite wrote:

 Device model for Primecell PL330 DMA controller.

 Signed-off-by: Peter Crosthwaite 
 Signed-off-by: Kirill Batuzov 
 Tested-by: Igor Mitsyanko 
>>>
>>>
>>> Is my reviewed-by required if it already has my tested-by? I have a few
>>> minor comments bellow and then you can add my reviewed-by tag if you
>>> want.
>>
>> They mean different things (both worth noting):
>> Tested-by means you ran the code and it did the right thing
>> Reviewed-by means you read the code and it looks good
>
>
> I thought reviewed-by implied tested-by) I'll add this tag to a next patch
> version then.
>

I got told off on LKML for adding both a reviewed by and tested by tag
for the one patch. My understanding was tested-by trumps reviewed by,
but they are completely different things IMO so should be able to add
both.

Regards,
Peter

>>
>> -- PMM
>>
>
> --
> Mitsyanko Igor
> ASWG, Moscow R&D center, Samsung Electronics
> email: i.mitsya...@samsung.com
>
>

[Qemu-devel] [PATCH 15/57] target-i386: Don't clobber s->cc_op in gen_update_cc_op

[Richard Henderson]

Use a dirty flag to know whether env->cc_op is up to date,
rather than forcing s->cc_op to DYNAMIC and losing info.

Signed-off-by: Richard Henderson 
---
 target-i386/translate.c | 37 ++---
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 6df76d6..cabdeda 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -90,6 +90,7 @@ typedef struct DisasContext {
 #endif
 int ss32;   /* 32 bit stack segment */
 CCOp cc_op;  /* current CC operation */
+bool cc_op_dirty;
 int addseg; /* non zero if either DS/ES/SS have a non zero base */
 int f_st;   /* currently unused */
 int vm86;   /* vm86 mode */
@@ -173,9 +174,27 @@ enum {
 OR_A0, /* temporary register used when doing address evaluation */
 };
 
-static inline void set_cc_op(DisasContext *s, CCOp op)
+static void set_cc_op(DisasContext *s, CCOp op)
 {
-s->cc_op = op;
+if (s->cc_op != op) {
+s->cc_op = op;
+/* The DYNAMIC setting is translator only, and should never be
+   stored.  Thus we always consider it clean.  */
+s->cc_op_dirty = (op != CC_OP_DYNAMIC);
+}
+}
+
+static inline void gen_op_set_cc_op(int32_t val)
+{
+tcg_gen_movi_i32(cpu_cc_op, val);
+}
+
+static void gen_update_cc_op(DisasContext *s)
+{
+if (s->cc_op_dirty) {
+gen_op_set_cc_op(s->cc_op);
+s->cc_op_dirty = false;
+}
 }
 
 static inline void gen_op_movl_T0_0(void)
@@ -444,11 +463,6 @@ static inline void gen_op_add_reg_T0(int size, int reg)
 }
 }
 
-static inline void gen_op_set_cc_op(int32_t val)
-{
-tcg_gen_movi_i32(cpu_cc_op, val);
-}
-
 static inline void gen_op_addl_A0_reg_sN(int shift, int reg)
 {
 tcg_gen_mov_tl(cpu_tmp0, cpu_regs[reg]);
@@ -800,14 +814,6 @@ static inline void gen_movs(DisasContext *s, int ot)
 gen_op_add_reg_T0(s->aflag, R_EDI);
 }
 
-static inline void gen_update_cc_op(DisasContext *s)
-{
-if (s->cc_op != CC_OP_DYNAMIC) {
-gen_op_set_cc_op(s->cc_op);
-set_cc_op(s, CC_OP_DYNAMIC);
-}
-}
-
 static void gen_op_update1_cc(void)
 {
 tcg_gen_discard_tl(cpu_cc_src);
@@ -7816,6 +7822,7 @@ static inline void 
gen_intermediate_code_internal(CPUX86State *env,
 dc->tf = (flags >> TF_SHIFT) & 1;
 dc->singlestep_enabled = env->singlestep_enabled;
 dc->cc_op = CC_OP_DYNAMIC;
+dc->cc_op_dirty = false;
 dc->cs_base = cs_base;
 dc->tb = tb;
 dc->popl_esp_hack = 0;
-- 
1.8.1.2

[Qemu-devel] [PATCH 53/57] target-i386: Implement RORX

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target-i386/translate.c | 32 
 1 file changed, 32 insertions(+)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index c1a2886..68e30e6 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -4433,6 +4433,38 @@ static void gen_sse(CPUX86State *env, DisasContext *s, 
int b,
 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
 sse_fn_eppi(cpu_env, cpu_ptr0, cpu_ptr1, tcg_const_i32(val));
 break;
+
+case 0x33a:
+/* Various integer extensions at 0f 3a f[0-f].  */
+b = modrm | (b1 << 8);
+modrm = cpu_ldub_code(env, s->pc++);
+reg = ((modrm >> 3) & 7) | rex_r;
+
+switch (b) {
+case 0x3f0: /* rorx Gy,Ey, Ib */
+if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
+|| !(s->prefix & PREFIX_VEX)
+|| s->vex_l != 0) {
+goto illegal_op;
+}
+ot = s->dflag == 2 ? OT_QUAD : OT_LONG;
+gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
+b = cpu_ldub_code(env, s->pc++);
+if (ot == OT_QUAD) {
+tcg_gen_rotri_tl(cpu_T[0], cpu_T[0], b & 63);
+} else {
+tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
+tcg_gen_rotri_i32(cpu_tmp2_i32, cpu_tmp2_i32, b & 31);
+tcg_gen_extu_i32_tl(cpu_T[0], cpu_tmp2_i32);
+}
+gen_op_mov_reg_T0(ot, reg);
+break;
+
+default:
+goto illegal_op;
+}
+break;
+
 default:
 goto illegal_op;
 }
-- 
1.8.1.2

[Qemu-devel] [PATCH v3 00/57] target-i386 flags improvements and bmi/adx extensions

[Richard Henderson]

I'll have to apologize to Paolo here, in that (1) during some of the
various rewriting and rebasing, the original author credit got dropped
and (2) most of the signed-off-by is still there, despite the large changes.

I've fixed the performance regression that Laurent reported on nbench.

I've misplaced the spreadsheet that I'd done with the numbers, but as
I recall the result of that benchmarking is that, for -march=i386 guest,
most tests had unchanged speed with a few startling improvements, whereas
for -march=i686 guest we had more across the board minor improvements.
My guess at the time was that was primarily due to the improved code gen
of the cmov insn.

The tree can be found at

  git://github.com/rth7680/qemu.git eflags3

Please review.


r~


Paolo Bonzini (19):
  test-i386: QEMU_PACKED is not defined here
  test-i386: make it compile with a recent gcc
  target-i386: use OT_* consistently
  target-i386: introduce gen_ext_tl
  target-i386: factor setting of s->cc_op handling for string functions
  target-i386: drop cc_op argument of gen_jcc1
  target-i386: move carry computation for inc/dec closer to
gen_op_set_cc_op
  target-i386: move eflags computation closer to gen_op_set_cc_op
  target-i386: compute eflags outside rcl/rcr helper
  target-i386: clean up sahf
  target-i386: use gen_jcc1 to compile loopz
  target-i386: factor gen_op_set_cc_op/tcg_gen_discard_tl around
computing flags
  target-i386: add helper functions to get other flags
  target-i386: change gen_setcc_slow_T0 to gen_setcc_slow
  target-i386: optimize setcc instructions
  target-i386: use CCPrepare to generate conditional jumps
  target-i386: cleanup temporary macros for CCPrepare
  target-i386: introduce gen_cmovcc1
  target-i386: kill cpu_T3

Richard Henderson (38):
  target-i386: Name the cc_op enumeration
  target-i386: Introduce set_cc_op
  target-i386: Don't clobber s->cc_op in gen_update_cc_op
  target-i386: Use gen_update_cc_op everywhere
  target-i386: do not compute eflags multiple times consecutively
  target-i386: no need to flush out cc_op before gen_eob
  target-i386: Move CC discards to set_cc_op
  target-i386: do not call helper to compute ZF/SF
  target-i386: use inverted setcond when computing NS or NZ
  target-i386: convert gen_compute_eflags_c to TCG
  target-i386: optimize setbe
  target-i386: optimize setle
  target-i386: introduce CCPrepare
  target-i386: introduce gen_prepare_cc
  target-i386: inline gen_prepare_cc_slow
  target-i386: expand cmov via movcond
  target-i386: use gen_op for cmps/scas
  target-i386: introduce gen_jcc1_noeob
  target-i386: Update cc_op before TCG branches
  target-i386: optimize flags checking after sub using CC_SRCT
  target-i386: Don't reference ENV through most of cc helpers
  target-i386: Make helper_cc_compute_{all,c} const
  target-i386: Use CC_SRC2 for ADC and SBB
  target-i386: Tidy prefix parsing
  target-i386: Decode the VEX prefixes
  target-i386: Implement MOVBE
  target-i386: Implement ANDN
  target-i386: Implement BEXTR
  target-i386: Implement BLSR, BLSMSK, BLSI
  target-i386: Implement BZHI
  target-i386: Implement MULX
  target-i386: Implement PDEP, PEXT
  target-i386: Implement SHLX, SARX, SHRX
  target-i386: Implement RORX
  target-i386: Implement ADX extension
  target-i386: Use clz/ctz for bsf/bsr helpers
  target-i386: Implement tzcnt and fix lzcnt
  target-i386: Add CC_OP_CLR

 target-i386/cc_helper.c |  260 +++--
 target-i386/cc_helper_template.h|  261 ++---
 target-i386/cpu.c   |   18 +-
 target-i386/cpu.h   |   26 +-
 target-i386/helper.c|   13 +-
 target-i386/helper.h|   13 +-
 target-i386/int_helper.c|   69 +-
 target-i386/shift_helper_template.h |   12 +-
 target-i386/translate.c | 2205 +--
 tests/tcg/test-i386.c   |   10 +-
 10 files changed, 1670 insertions(+), 1217 deletions(-)

-- 
1.8.1.2

[Qemu-devel] [PATCH 25/57] target-i386: optimize setbe

[Richard Henderson]

This is looking at EFLAGS, but it can do so more efficiently with
setcond.

Reviewed-by: Blue Swirl 
Signed-off-by: Paolo Bonzini 
Signed-off-by: Richard Henderson 
---
 target-i386/translate.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index c510732..dab6983 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -1060,10 +1060,9 @@ static void gen_setcc_slow(DisasContext *s, int jcc_op, 
TCGv reg, bool inv)
 break;
 case JCC_BE:
 gen_compute_eflags(s);
-tcg_gen_shri_tl(reg, cpu_cc_src, 6);
-tcg_gen_or_tl(reg, reg, cpu_cc_src);
-tcg_gen_andi_tl(reg, reg, 1);
-break;
+tcg_gen_andi_tl(reg, cpu_cc_src, CC_Z | CC_C);
+tcg_gen_setcondi_tl(inv ? TCG_COND_EQ : TCG_COND_NE, reg, reg, 0);
+return;
 case JCC_S:
 gen_compute_eflags_s(s, reg, inv);
 inv = false;
-- 
1.8.1.2

Re: [Qemu-devel] [PATCH for-1.4] pc: tag apic as overlap region

[Jan Kiszka]

On 2013-02-19 16:54, Peter Maydell wrote:
> On 19 February 2013 15:51, Jan Kiszka  wrote:
>> On 2013-02-19 16:20, Michael S. Tsirkin wrote:
>>>  qdev_init_nofail(dev);
>>>  d = SYS_BUS_DEVICE(dev);
>>> -sysbus_mmio_map(d, 0, 0xfec0);
>>> +/* APIC overlaps the PCI window. */
>>> +sysbus_mmio_map_overlap(d, 0, 0xfec0, 1000);
>>
>> That's the IOAPIC, not the APIC. If you mean the IOAPIC, APIC and HPET
>> would require higher prio, too. But I suppose this is really about the
>> APIC and its special priority due to CPU-local access dispatching, right?
> 
> Is this a proposed minimally invasive patch for 1.4 with a
> different approach (possibly involving reworking things with
> a better managed set of container regions) for master, or
> is this the planned fix for master too?

I'm not yet sure we need any overhaul at all. If hardware prioritizes
certain windows like APIC, IOAPIC, HPET over PCI device mappings, then
we can already express this today - we just need to do it.

Jan

-- 
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux

[Qemu-devel] how to ues qemu -sd option?

[Weng Fan]

Hi all:
I want to use the qemu's -sd option to  emulate a sd card, so that I can 
get more free space.
When I use the command "qemu-system-ppc -M mpc8544ds -kernel uImage 
-initrd initrd.img
-append "root=/dev/ram rdinit=/linuxrc" -nographic -sd sd.img" to start 
the kernel image, I can't

find any device like mmcblk in the /dev .

Any ideas how to get this work?

Regards
sailer

--

Re: [Qemu-devel] [SeaBIOS] [edk2] (PAM stuff) reset doesn't work on OVMF + SeaBIOS CSM

[Gleb Natapov]

On Mon, Feb 18, 2013 at 02:33:23PM -0500, Kevin O'Connor wrote:
> On Mon, Feb 18, 2013 at 09:17:05PM +0200, Gleb Natapov wrote:
> > On Mon, Feb 18, 2013 at 02:00:52PM -0500, Kevin O'Connor wrote:
> > > Why not fix KVM so that it runs at fff0 after reset?
> > > 
> > Because KVM uses VMX extension and VMX on CPU without "unrestricted
> > guest" is not capable of doing so. Recent KVM code should be able
> > to emulate real mode from the fff0 address instead of trying to
> > enter vmx guest mode. I asked Laszlo to check if it is so, but even if
> > KVM in 3.9 will work it will not fix all existent kernels out there.
> > Old behaviour of approximating real mode by vm86 is still supported by
> > using emulate_invalid_guest_state=false kernel module option and it will
> > be nice if it will not break OVMF since it can be used as a workaround
> > in case unemulated instruction is encountered.
> 
> For old versions of KVM, SeaBIOS can detect the loop and issue a
> shutdown.  Not nice for users to have their "reboot" turn into a
> "poweroff", but likely better than just a hang.
> 
> > > The only thing SeaBIOS could do is setup the segment registers and
> > > then jump to fff0, which is a bit of work for the same end result.
> > > 
> > If it will jump to fff0 KVM will jump to 0 instead :) It should
> > restore pre-CSM loaded OVMF state and reset.
> 
> I take it you mean copy 0xfffe to 0xe?  That would not be fun.
> SeaBIOS would need to detect that it's in the state (it's definitely
> not correct to do that on real-hardware or on "working" kvm
> instances), then setup a trampoline somewhere outside of
> 0xe-0xf to do the memcpy, jump to that trampoline, copy the
> memory, restore segment registers, and then jump to 0xfff0.
> That's a lot of kvm specific code to add to seabios as a workaround
> and it seems fragile anyway.
> 
Isn't this exactly what qemu_prep_reset() is doing now?

--
Gleb.

[Qemu-devel] [PATCH 2/8] virtio: put struct VirtIOFeature in a header

[Jesse Larrew]

Move the definition of struct VirtIOFeature from virtio-net.c to virtio.h
so other virtio devices can benefit.

Signed-off-by: Jesse Larrew 
---
 hw/virtio-net.c | 12 
 hw/virtio.h | 12 
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/hw/virtio-net.c b/hw/virtio-net.c
index bdbfc18..78dc97d 100644
--- a/hw/virtio-net.c
+++ b/hw/virtio-net.c
@@ -75,18 +75,6 @@ typedef struct VirtIONet
 uint16_t curr_queues;
 } VirtIONet;
 
-/*
- * Calculate the number of bytes up to and including the given 'field' of
- * 'container'.
- */
-#define endof(container, field) \
-(offsetof(container, field) + sizeof(((container *)0)->field))
-
-typedef struct VirtIOFeature {
-uint32_t flags;
-size_t end;
-} VirtIOFeature;
-
 static VirtIOFeature feature_sizes[] = {
 {.flags = 1 << VIRTIO_NET_F_MAC,
  .end = endof(struct virtio_net_config, mac)},
diff --git a/hw/virtio.h b/hw/virtio.h
index 1e206b8..7755fec 100644
--- a/hw/virtio.h
+++ b/hw/virtio.h
@@ -67,6 +67,18 @@
 /* This means don't interrupt guest when buffer consumed. */
 #define VRING_AVAIL_F_NO_INTERRUPT  1
 
+/*
+ * Calculate the number of bytes up to and including the given 'field' of
+ * 'container'.
+ */
+#define endof(container, field) \
+(offsetof(container, field) + sizeof(((container *)0)->field))
+
+typedef struct VirtIOFeature {
+uint32_t flags;
+size_t end;
+} VirtIOFeature;
+
 struct VirtQueue;
 
 static inline hwaddr vring_align(hwaddr addr,
-- 
1.7.11.7

Re: [Qemu-devel] [PATCH v1 4/6] arm: mptimer: Remove WDT distinction

[Peter Crosthwaite]

On Tue, Feb 19, 2013 at 4:37 AM, Peter Maydell  wrote:
> On 8 February 2013 04:03, Peter Crosthwaite
>  wrote:
>> In QEMU emulation, there is no functional difference between the ARM mpcore
>> private timers and watchdogs. Removed all the distinction between the two 
>> from
>> arm_mptimer.c and converted it to be just the mptimer. a9mpcore and 
>> arm11mpcore
>> just instantiate the same mptimer object twice to get both timer and WDT.
>>
>> If in the future we want to make the WDT functionally different then we can 
>> use
>> either QOM heirachy to derive WDT from from mptimer, or we can add a property
>
> "hierarchy".
>

Fixed.

>> "is-wdt" or some such.
>>
>> Signed-off-by: Peter Crosthwaite 
>
> I was sceptical about this change initially but you're right that it's much
> cleaner this way.
>
> One minor nit:
>
>>  static const VMStateDescription vmstate_arm_mptimer = {
>>  .name = "arm_mptimer",
>> -.version_id = 1,
>> -.minimum_version_id = 1,
>> +.version_id = 2,
>> +.minimum_version_id = 2,
>>  .fields = (VMStateField[]) {
>> -VMSTATE_STRUCT_ARRAY(timerblock, ARMMPTimerState, (MAX_CPUS * 2),
>> - 1, vmstate_timerblock, TimerBlock),
>> +VMSTATE_STRUCT_VARRAY_UINT32(timerblock, ARMMPTimerState, num_cpu,
>> + 2, vmstate_timerblock, TimerBlock),
>>  VMSTATE_END_OF_LIST()
>>  }
>
> This changes us from sending every timerblock to only the ones
> that actually exist on this machine config, which renders the
> comment in arm_mptimer_reset() irrelevant, so it should be deleted.
>

Fixed.

Regards,
Peter

> -- PMM
>

[Qemu-devel] [PATCH 3/8] virtio: pass host features to driver init functions

[Jesse Larrew]

Drivers affected:
 * virtio_balloon
 * virtio_serial_bus
 * virtio_scsi
 * virtio_blk
 * virtio_9p
 * virtio_rng

Signed-off-by: Jesse Larrew 
---
 hw/s390x/s390-virtio-bus.c |  8 +---
 hw/s390x/virtio-ccw.c  | 11 +++
 hw/virtio-balloon.c|  2 +-
 hw/virtio-blk.c|  3 ++-
 hw/virtio-pci.c|  9 +
 hw/virtio-scsi.c   |  3 ++-
 hw/virtio-serial-bus.c |  3 ++-
 hw/virtio.h| 11 +++
 8 files changed, 31 insertions(+), 19 deletions(-)

diff --git a/hw/s390x/s390-virtio-bus.c b/hw/s390x/s390-virtio-bus.c
index 089ed92..2abd598 100644
--- a/hw/s390x/s390-virtio-bus.c
+++ b/hw/s390x/s390-virtio-bus.c
@@ -166,7 +166,7 @@ static int s390_virtio_blk_init(VirtIOS390Device *dev)
 {
 VirtIODevice *vdev;
 
-vdev = virtio_blk_init((DeviceState *)dev, &dev->blk);
+vdev = virtio_blk_init((DeviceState *)dev, &dev->blk, dev->host_features);
 if (!vdev) {
 return -1;
 }
@@ -182,7 +182,8 @@ static int s390_virtio_serial_init(VirtIOS390Device *dev)
 
 bus = DO_UPCAST(VirtIOS390Bus, bus, dev->qdev.parent_bus);
 
-vdev = virtio_serial_init((DeviceState *)dev, &dev->serial);
+vdev = virtio_serial_init((DeviceState *)dev, &dev->serial,
+  dev->host_features);
 if (!vdev) {
 return -1;
 }
@@ -199,7 +200,8 @@ static int s390_virtio_scsi_init(VirtIOS390Device *dev)
 {
 VirtIODevice *vdev;
 
-vdev = virtio_scsi_init((DeviceState *)dev, &dev->scsi);
+vdev = virtio_scsi_init((DeviceState *)dev, &dev->scsi,
+ dev->host_features);
 if (!vdev) {
 return -1;
 }
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index d92e427..32edd2d 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -574,7 +574,8 @@ static int virtio_ccw_blk_init(VirtioCcwDevice *dev)
 {
 VirtIODevice *vdev;
 
-vdev = virtio_blk_init((DeviceState *)dev, &dev->blk);
+vdev = virtio_blk_init((DeviceState *)dev, &dev->blk,
+   dev->host_features[0]);
 if (!vdev) {
 return -1;
 }
@@ -593,7 +594,8 @@ static int virtio_ccw_serial_init(VirtioCcwDevice *dev)
 {
 VirtIODevice *vdev;
 
-vdev = virtio_serial_init((DeviceState *)dev, &dev->serial);
+vdev = virtio_serial_init((DeviceState *)dev, &dev->serial,
+  dev->host_features[0]);
 if (!vdev) {
 return -1;
 }
@@ -611,7 +613,7 @@ static int virtio_ccw_balloon_init(VirtioCcwDevice *dev)
 {
 VirtIODevice *vdev;
 
-vdev = virtio_balloon_init((DeviceState *)dev);
+vdev = virtio_balloon_init((DeviceState *)dev, dev->host_features[0]);
 if (!vdev) {
 return -1;
 }
@@ -629,7 +631,8 @@ static int virtio_ccw_scsi_init(VirtioCcwDevice *dev)
 {
 VirtIODevice *vdev;
 
-vdev = virtio_scsi_init((DeviceState *)dev, &dev->scsi);
+vdev = virtio_scsi_init((DeviceState *)dev, &dev->scsi,
+dev->host_features[0]);
 if (!vdev) {
 return -1;
 }
diff --git a/hw/virtio-balloon.c b/hw/virtio-balloon.c
index c0a7902..4574db6 100644
--- a/hw/virtio-balloon.c
+++ b/hw/virtio-balloon.c
@@ -349,7 +349,7 @@ static int virtio_balloon_load(QEMUFile *f, void *opaque, 
int version_id)
 return 0;
 }
 
-VirtIODevice *virtio_balloon_init(DeviceState *dev)
+VirtIODevice *virtio_balloon_init(DeviceState *dev, uint32_t host_features)
 {
 VirtIOBalloon *s;
 int ret;
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 34913ee..b3ab267 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -639,7 +639,8 @@ static const BlockDevOps virtio_block_ops = {
 .resize_cb = virtio_blk_resize,
 };
 
-VirtIODevice *virtio_blk_init(DeviceState *dev, VirtIOBlkConf *blk)
+VirtIODevice *virtio_blk_init(DeviceState *dev, VirtIOBlkConf *blk,
+  uint32_t host_features)
 {
 VirtIOBlock *s;
 static int virtio_blk_id;
diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
index a869f53..07fbf98 100644
--- a/hw/virtio-pci.c
+++ b/hw/virtio-pci.c
@@ -933,7 +933,7 @@ static int virtio_blk_init_pci(PCIDevice *pci_dev)
 proxy->class_code != PCI_CLASS_STORAGE_OTHER)
 proxy->class_code = PCI_CLASS_STORAGE_SCSI;
 
-vdev = virtio_blk_init(&pci_dev->qdev, &proxy->blk);
+vdev = virtio_blk_init(&pci_dev->qdev, &proxy->blk, proxy->host_features);
 if (!vdev) {
 return -1;
 }
@@ -971,7 +971,8 @@ static int virtio_serial_init_pci(PCIDevice *pci_dev)
 proxy->class_code != PCI_CLASS_OTHERS)  /* qemu-kvm  */
 proxy->class_code = PCI_CLASS_COMMUNICATION_OTHER;
 
-vdev = virtio_serial_init(&pci_dev->qdev, &proxy->serial);
+vdev = virtio_serial_init(&pci_dev->qdev, &proxy->serial,
+  proxy->host_features);
 if (!vdev) {
 return -1;
 }
@@ -1027,7 +1028,7 @@ static int virtio_balloon_init_pci(PCIDevice *pci_dev)
 proxy->cla

Re: [Qemu-devel] [PATCH v1 3/6] arm: *mpcore.c: CamelCased type names

[Peter Crosthwaite]

On Tue, Feb 19, 2013 at 4:16 AM, Peter Maydell  wrote:
> On 8 February 2013 04:03, Peter Crosthwaite
>  wrote:
>> --- a/hw/arm11mpcore.c
>> +++ b/hw/arm11mpcore.c
>> @@ -12,7 +12,7 @@
>>
>>  /* MPCore private memory region.  */
>>
>> -typedef struct mpcore_priv_state {
>> +typedef struct MPCorePrivState {
>>  SysBusDevice busdev;
>>  uint32_t scu_control;
>>  int iomemtype;
>> @@ -23,14 +23,14 @@ typedef struct mpcore_priv_state {
>>  DeviceState *mptimer;
>>  DeviceState *gic;
>>  uint32_t num_irq;
>> -} mpcore_priv_state;
>> +} MPCorePrivState;
>
> ARM11MPCorePrivState, please (matches the QOM device
> name). This was only missing the core name in the
> struct type name because it was the first one implemented
> and never got renamed, but if we're doing a rename of
> the type anyway we might as well bring it in line with
> the others.
>

Fixed,

Regards,
Peter

> thanks
> -- PMM
>

Re: [Qemu-devel] [PATCH v1 2/6] a9mpcore: localised temporary init-only variables

[Peter Crosthwaite]

On Tue, Feb 19, 2013 at 4:12 AM, Peter Maydell  wrote:
> On 8 February 2013 04:03, Peter Crosthwaite
>  wrote:
>> The DeviceState *mptimer var in a9mp_priv_state was only used by the init
>> function and had no reason for persistence. Made a local variable and removed
>> from state struct.
>
> Nope. We're a container object, we can't just forget about our
> children. Granted (like many QEMU devices) we don't actually have
> any implementation of device destruction, but in principle we
> need to keep hold of a pointer to the things we create.
>

Patch dropped pending resolution of QOM container inline-struct discussion.

Regards,
Peter

> -- PMM
>

[Qemu-devel] [PATCH 7/8] virtio-scsi: fill in table of feature sizes

[Jesse Larrew]

Since none of the existing feature bits changed the layout of struct
VirtIOSCSIConf, set the minimum struct size to use the full struct (i.e
endof(struct VirtIOSCSIConf, cmd_per_lun)).

Signed-off-by: Jesse Larrew 
---
 hw/virtio-scsi.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
index 6c92975..4a0be44 100644
--- a/hw/virtio-scsi.c
+++ b/hw/virtio-scsi.c
@@ -18,8 +18,12 @@
 #include 
 
 static VirtIOFeature feature_sizes[] = {
-{.flags = 0x,
- .end = sizeof(struct VirtIOSCSIConf)},
+{.flags = 1 << VIRTIO_SCSI_F_INOUT,
+ .end = endof(struct VirtIOSCSIConf, cmd_per_lun)},
+{.flags = 1 << VIRTIO_SCSI_F_HOTPLUG,
+ .end = endof(struct VirtIOSCSIConf, cmd_per_lun)},
+{.flags = 1 << VIRTIO_SCSI_F_CHANGE,
+ .end = endof(struct VirtIOSCSIConf, cmd_per_lun)},
 {}
 };
 
-- 
1.7.11.7

[Qemu-devel] [PATCH 5/8] virtio-balloon: fill in the table of feature_sizes

[Jesse Larrew]

There are two feature bits for virtio-balloon:

   VIRTIO_BALLOON_F_MUST_TELL_HOST, and
   VIRTIO_BALLOON_F_STATS_VQ.

Since these features don't require additional fields in the config struct,
set the 'end' field to the end of the last field in the struct.

Signed-off-by: Jesse Larrew 
---
 hw/virtio-balloon.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/virtio-balloon.c b/hw/virtio-balloon.c
index 81f27e9..c64e1b7 100644
--- a/hw/virtio-balloon.c
+++ b/hw/virtio-balloon.c
@@ -30,8 +30,10 @@
 #endif
 
 static VirtIOFeature feature_sizes[] = {
-{.flags = 0x, /* dummy table -- all features included. */
- .end = sizeof(struct virtio_balloon_config)},
+{.flags = 1 << VIRTIO_BALLOON_F_MUST_TELL_HOST,
+ .end = endof(struct virtio_balloon_config, actual)},
+{.flags = 1 << VIRTIO_BALLOON_F_STATS_VQ,
+ .end = endof(struct virtio_balloon_config, actual)},
 {}
 };
 
-- 
1.7.11.7

Re: [Qemu-devel] [PATCH 12/41] migration: do not nest flushing of device data

[Orit Wasserman]

On 02/15/2013 07:46 PM, Paolo Bonzini wrote:
> Completion of migration is currently done with a "nested" loop that
> invokes buffered_flush: migrate_fd_completed is called by
> buffered_file_thread, which calls migrate_fd_cleanup, which calls
> buffered_close (via qemu_fclose), which flushes the buffer.
> 
> Simplify this, by reusing the buffered_flush call of buffered_file_thread.
> Then if qemu_savevm_state_complete was called, and the buffer is empty
> (including the QEMUFile buffer, for which we need the previous patch), we
> are done.
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  migration.c |   55 ---
>  1 files changed, 24 insertions(+), 31 deletions(-)
> 
> diff --git a/migration.c b/migration.c
> index 75dd38a..b0b5578 100644
> --- a/migration.c
> +++ b/migration.c
> @@ -262,41 +262,34 @@ void 
> qmp_migrate_set_capabilities(MigrationCapabilityStatusList *params,
>  
>  static void migrate_fd_cleanup(MigrationState *s)
>  {
> -int ret = 0;
> -
>  if (s->file) {
>  DPRINTF("closing file\n");
> -ret = qemu_fclose(s->file);
> +qemu_fclose(s->file);
>  s->file = NULL;
>  }
>  
>  assert(s->fd == -1);
> -if (ret < 0 && s->state == MIG_STATE_ACTIVE) {
> -s->state = MIG_STATE_ERROR;
> -}
> +assert(s->state != MIG_STATE_ACTIVE);
>  
> -if (s->state != MIG_STATE_ACTIVE) {
> +if (s->state != MIG_STATE_COMPLETED) {
>  qemu_savevm_state_cancel();
>  }
> +
> +notifier_list_notify(&migration_state_notifiers, s);
>  }
>  
>  void migrate_fd_error(MigrationState *s)
>  {
>  DPRINTF("setting error state\n");
>  s->state = MIG_STATE_ERROR;
> -notifier_list_notify(&migration_state_notifiers, s);
>  migrate_fd_cleanup(s);
>  }
>  
>  static void migrate_fd_completed(MigrationState *s)
>  {
>  DPRINTF("setting completed state\n");
> +s->state = MIG_STATE_COMPLETED;
>  migrate_fd_cleanup(s);
> -if (s->state == MIG_STATE_ACTIVE) {
> -s->state = MIG_STATE_COMPLETED;
> -runstate_set(RUN_STATE_POSTMIGRATE);
> -}
> -notifier_list_notify(&migration_state_notifiers, s);
>  }
>  
>  static ssize_t migrate_fd_put_buffer(MigrationState *s, const void *data,
> @@ -326,8 +319,6 @@ static void migrate_fd_cancel(MigrationState *s)
>  DPRINTF("cancelling migration\n");
>  
>  s->state = MIG_STATE_CANCELLED;
> -notifier_list_notify(&migration_state_notifiers, s);
> -
>  migrate_fd_cleanup(s);
>  }
>  
> @@ -592,10 +583,6 @@ static int buffered_close(void *opaque)
>  
>  DPRINTF("closing\n");
>  
> -s->xfer_limit = INT_MAX;
> -while (!qemu_file_get_error(s->file) && s->buffer_size) {
> -buffered_flush(s);
> -}
>  return migrate_fd_close(s);
>  }
>  
> @@ -657,6 +644,8 @@ static void *buffered_file_thread(void *opaque)
>  MigrationState *s = opaque;
>  int64_t initial_time = qemu_get_clock_ms(rt_clock);
>  int64_t max_size = 0;
> +int64_t start_time = initial_time;
> +bool old_vm_running = false;
>  bool last_round = false;
>  
>  qemu_mutex_lock_iothread();
> @@ -674,23 +663,13 @@ static void *buffered_file_thread(void *opaque)
>  if (pending_size && pending_size >= max_size) {
>  qemu_savevm_state_iterate(s->file);
>  } else {
> -int old_vm_running = runstate_is_running();
> -int64_t start_time, end_time;
> -
>  DPRINTF("done iterating\n");
>  start_time = qemu_get_clock_ms(rt_clock);
>  qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER);
> +old_vm_running = runstate_is_running();
>  vm_stop_force_state(RUN_STATE_FINISH_MIGRATE);
> +s->xfer_limit = INT_MAX;
>  qemu_savevm_state_complete(s->file);
> -migrate_fd_completed(s);
> -end_time = qemu_get_clock_ms(rt_clock);
> -s->total_time = end_time - s->total_time;
> -s->downtime = end_time - start_time;
> -if (s->state != MIG_STATE_COMPLETED) {
> -if (old_vm_running) {
> -vm_start();
> -}
> -}
>  last_round = true;
>  }
>  }
> @@ -716,6 +695,20 @@ static void *buffered_file_thread(void *opaque)
>  qemu_mutex_lock_iothread();
>  if (qemu_file_get_error(s->file)) {
>  migrate_fd_error(s);
> +} else if (last_round && s->buffer_size == 0) {
> +migrate_fd_completed(s);
> +}
> +}
> +
> +if (s->state == MIG_STATE_COMPLETED) {
> +int64_t end_time = qemu_get_clock_ms(rt_clock);
> +s->total_time = end_time - s->total_time;
> +s->downtime = end_time - start_time;
> +runstate_set(RUN_STATE_POSTMIGRATE);
> +} else {
> +if (old_vm_running) {
> +

[Qemu-devel] [PATCH 21/57] target-i386: do not call helper to compute ZF/SF

[Richard Henderson]

ZF, SF and PF can always be computed from CC_DST except in the
CC_OP_EFLAGS case (and CC_OP_DYNAMIC, which just resolves to CC_OP_EFLAGS
in gen_compute_eflags).  Use setcond to compute ZF and SF.

We could also use a table lookup to compute PF.

Reviewed-by: Blue Swirl 
Signed-off-by: Paolo Bonzini 
Signed-off-by: Richard Henderson 
---
 target-i386/translate.c | 37 +++--
 1 file changed, 31 insertions(+), 6 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index a767b50..026fbd6 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -900,9 +900,22 @@ static void gen_compute_eflags_p(DisasContext *s, TCGv reg)
 /* compute eflags.S to reg */
 static void gen_compute_eflags_s(DisasContext *s, TCGv reg)
 {
-gen_compute_eflags(s);
-tcg_gen_shri_tl(reg, cpu_cc_src, 7);
-tcg_gen_andi_tl(reg, reg, 1);
+switch (s->cc_op) {
+case CC_OP_DYNAMIC:
+gen_compute_eflags(s);
+/* FALLTHRU */
+case CC_OP_EFLAGS:
+tcg_gen_shri_tl(reg, cpu_cc_src, 7);
+tcg_gen_andi_tl(reg, reg, 1);
+break;
+default:
+{
+int size = (s->cc_op - CC_OP_ADDB) & 3;
+TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, true);
+tcg_gen_setcondi_tl(TCG_COND_LT, reg, t0, 0);
+}
+break;
+}
 }
 
 /* compute eflags.O to reg */
@@ -916,9 +929,21 @@ static void gen_compute_eflags_o(DisasContext *s, TCGv reg)
 /* compute eflags.Z to reg */
 static void gen_compute_eflags_z(DisasContext *s, TCGv reg)
 {
-gen_compute_eflags(s);
-tcg_gen_shri_tl(reg, cpu_cc_src, 6);
-tcg_gen_andi_tl(reg, reg, 1);
+switch (s->cc_op) {
+case CC_OP_DYNAMIC:
+gen_compute_eflags(s);
+/* FALLTHRU */
+case CC_OP_EFLAGS:
+tcg_gen_shri_tl(reg, cpu_cc_src, 6);
+tcg_gen_andi_tl(reg, reg, 1);
+break;
+default:
+{
+int size = (s->cc_op - CC_OP_ADDB) & 3;
+TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
+tcg_gen_setcondi_tl(TCG_COND_EQ, reg, t0, 0);
+}
+}
 }
 
 static inline void gen_setcc_slow_T0(DisasContext *s, int jcc_op)
-- 
1.8.1.2

[Qemu-devel] [PATCH 22/57] target-i386: use inverted setcond when computing NS or NZ

[Richard Henderson]

Make gen_compute_eflags_z and gen_compute_eflags_s able to compute the
inverted condition, and use this in gen_setcc_slow_T0.  We cannot do it
yet in gen_compute_eflags_c, but prepare the code for it anyway.  It is
not worthwhile for PF, as usual.

shr+and+xor could be replaced by and+setcond.  I'm not doing it yet.

Reviewed-by: Blue Swirl 
Signed-off-by: Paolo Bonzini 
Signed-off-by: Richard Henderson 
---
 target-i386/translate.c | 49 +++--
 1 file changed, 31 insertions(+), 18 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 026fbd6..06aa7bf 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -870,11 +870,14 @@ static void gen_op_update_neg_cc(void)
 }
 
 /* compute eflags.C to reg */
-static void gen_compute_eflags_c(DisasContext *s, TCGv reg)
+static void gen_compute_eflags_c(DisasContext *s, TCGv reg, bool inv)
 {
 gen_update_cc_op(s);
 gen_helper_cc_compute_c(cpu_tmp2_i32, cpu_env, cpu_cc_op);
 tcg_gen_extu_i32_tl(reg, cpu_tmp2_i32);
+if (inv) {
+tcg_gen_xori_tl(reg, reg, 1);
+}
 }
 
 /* compute all eflags to cc_src */
@@ -898,7 +901,7 @@ static void gen_compute_eflags_p(DisasContext *s, TCGv reg)
 }
 
 /* compute eflags.S to reg */
-static void gen_compute_eflags_s(DisasContext *s, TCGv reg)
+static void gen_compute_eflags_s(DisasContext *s, TCGv reg, bool inv)
 {
 switch (s->cc_op) {
 case CC_OP_DYNAMIC:
@@ -907,12 +910,15 @@ static void gen_compute_eflags_s(DisasContext *s, TCGv 
reg)
 case CC_OP_EFLAGS:
 tcg_gen_shri_tl(reg, cpu_cc_src, 7);
 tcg_gen_andi_tl(reg, reg, 1);
+if (inv) {
+tcg_gen_xori_tl(reg, reg, 1);
+}
 break;
 default:
 {
 int size = (s->cc_op - CC_OP_ADDB) & 3;
 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, true);
-tcg_gen_setcondi_tl(TCG_COND_LT, reg, t0, 0);
+tcg_gen_setcondi_tl(inv ? TCG_COND_GE : TCG_COND_LT, reg, t0, 0);
 }
 break;
 }
@@ -927,7 +933,7 @@ static void gen_compute_eflags_o(DisasContext *s, TCGv reg)
 }
 
 /* compute eflags.Z to reg */
-static void gen_compute_eflags_z(DisasContext *s, TCGv reg)
+static void gen_compute_eflags_z(DisasContext *s, TCGv reg, bool inv)
 {
 switch (s->cc_op) {
 case CC_OP_DYNAMIC:
@@ -936,27 +942,33 @@ static void gen_compute_eflags_z(DisasContext *s, TCGv 
reg)
 case CC_OP_EFLAGS:
 tcg_gen_shri_tl(reg, cpu_cc_src, 6);
 tcg_gen_andi_tl(reg, reg, 1);
+if (inv) {
+tcg_gen_xori_tl(reg, reg, 1);
+}
 break;
 default:
 {
 int size = (s->cc_op - CC_OP_ADDB) & 3;
 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
-tcg_gen_setcondi_tl(TCG_COND_EQ, reg, t0, 0);
+tcg_gen_setcondi_tl(inv ? TCG_COND_NE : TCG_COND_EQ, reg, t0, 0);
 }
+break;
 }
 }
 
-static inline void gen_setcc_slow_T0(DisasContext *s, int jcc_op)
+static inline void gen_setcc_slow_T0(DisasContext *s, int jcc_op, bool inv)
 {
 switch(jcc_op) {
 case JCC_O:
 gen_compute_eflags_o(s, cpu_T[0]);
 break;
 case JCC_B:
-gen_compute_eflags_c(s, cpu_T[0]);
+gen_compute_eflags_c(s, cpu_T[0], inv);
+inv = false;
 break;
 case JCC_Z:
-gen_compute_eflags_z(s, cpu_T[0]);
+gen_compute_eflags_z(s, cpu_T[0], inv);
+inv = false;
 break;
 case JCC_BE:
 gen_compute_eflags(s);
@@ -965,7 +977,8 @@ static inline void gen_setcc_slow_T0(DisasContext *s, int 
jcc_op)
 tcg_gen_andi_tl(cpu_T[0], cpu_T[0], 1);
 break;
 case JCC_S:
-gen_compute_eflags_s(s, cpu_T[0]);
+gen_compute_eflags_s(s, cpu_T[0], inv);
+inv = false;
 break;
 case JCC_P:
 gen_compute_eflags_p(s, cpu_T[0]);
@@ -988,6 +1001,9 @@ static inline void gen_setcc_slow_T0(DisasContext *s, int 
jcc_op)
 tcg_gen_andi_tl(cpu_T[0], cpu_T[0], 1);
 break;
 }
+if (inv) {
+tcg_gen_xori_tl(cpu_T[0], cpu_T[0], 1);
+}
 }
 
 /* return true if setcc_slow is not needed (WARNING: must be kept in
@@ -1153,7 +1169,7 @@ static inline void gen_jcc1(DisasContext *s, int b, int 
l1)
 break;
 default:
 slow_jcc:
-gen_setcc_slow_T0(s, jcc_op);
+gen_setcc_slow_T0(s, jcc_op, false);
 tcg_gen_brcondi_tl(inv ? TCG_COND_EQ : TCG_COND_NE, 
cpu_T[0], 0, l1);
 break;
@@ -1367,7 +1383,7 @@ static void gen_op(DisasContext *s1, int op, int ot, int 
d)
 }
 switch(op) {
 case OP_ADCL:
-gen_compute_eflags_c(s1, cpu_tmp4);
+gen_compute_eflags_c(s1, cpu_tmp4, false);
 tcg_gen_add_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
 tcg_gen_add_tl(cpu_T[0], cpu_T[0], cpu_tmp4);
 if (d != OR_TMP0)
@@ -1382,7 +1398,7 @@ static void gen_op(DisasContext *s1, int op, int ot,

Re: [Qemu-devel] [PATCH v1 6/6] arm: a9mpcore: Coreify the SCU

[Peter Maydell]

On 19 February 2013 23:54, Peter Crosthwaite
 wrote:
> On Tue, Feb 19, 2013 at 6:19 AM, Andreas Färber  wrote:
>> Am 18.02.2013 19:49, schrieb Peter Maydell:
>>> You need to add a DeviceState* for the scu.
>>
>> No, not a DeviceState*, an A9SCUState. With object_initialize() and
>> qdev_set_parent_bus(NULL) instead of qdev_create() to be exact and some
>> child property for ownership transfer. 2/7 and commit
>> message say why.
>
> Hi Andreas, what you are proposing is a major change pattern to pretty
> much the entire tree - every device that is part of a container object
> needs to inlined (thus creating public headers). Despite the fact that
> I disagree with that approach, this change is way out of scope of this
> series and changing just the SCU to be like this will make it
> inconsistent with its peer devices GIC and MPTimer. This is cut and
> paste re-organisation of existing code that is groundwork for what you
> are talking about and the patch still stands in its own right in that
> this scheme is better than what we have today.
>
> So I'd like to take a crawl before we walk approach to this patch. For
> the next revision i'm going to do it Peters way and ask that we sort
> out the big questions about QOM containers and inline-structs for
> MPCore in another patch series. Then we can fix GIC and MPTimer at the
> same time and everything is consistent. Too often when contributors
> submit patches some minor issue get tangled in large out of scope
> discussions about QOM that relate to the entire tree. The whole series
> then ends up bitrotting on list or living out of tree forever.

I agree with all of this. I would like us to actually thrash out
the "how do we do child devices in the QOM way" and write up
the answers (rather than repeating the same skirmishes in every
patch review thread). But we shouldn't derail every patch series
until we have figured that out...

For the moment this patch series is a clear improvement and
(once the minor review issues are fixed) I'm happy to commit
it to arm-devs.next.

-- PMM

[Qemu-devel] [PATCH 4/8] virtio: set config size using host features

[Jesse Larrew]

Move the config size calculation from virtio_net_init() to
virtio_common_init() so that all virtio devices can benefit. This requires
that the host_features be passed to virtio_common_init(), and the size of
the config struct will be calculated based on which feature bits are
enabled. This calculation is performed using a per-driver table that maps
each feature bit to the size of the config struct at the time that the
feature was introduced. virtio_common_init() also takes a minimum config
size to use in the case that all feature bits are disabled.

For now, each driver contains a dummy table that uses the full size of the
config struct. These dummy tables will be replaced on a per-driver basis.

Signed-off-by: Jesse Larrew 
---
 hw/9pfs/virtio-9p-device.c | 15 ++-
 hw/virtio-balloon.c| 15 ---
 hw/virtio-blk.c| 14 +++---
 hw/virtio-net.c| 11 +++
 hw/virtio-rng.c|  8 +++-
 hw/virtio-scsi.c   | 10 +-
 hw/virtio-serial-bus.c | 13 ++---
 hw/virtio.c| 13 -
 hw/virtio.h|  4 +++-
 9 files changed, 77 insertions(+), 26 deletions(-)

diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c
index 74155fb..24d033b 100644
--- a/hw/9pfs/virtio-9p-device.c
+++ b/hw/9pfs/virtio-9p-device.c
@@ -20,6 +20,12 @@
 #include "virtio-9p-xattr.h"
 #include "virtio-9p-coth.h"
 
+static VirtIOFeature feature_sizes[] = {
+{.flags = 0x, /* dummy table -- all features included. */
+ .end = endof(struct virtio_9p_config, tag) + MAX_TAG_LEN},
+{}
+};
+
 static uint32_t virtio_9p_get_features(VirtIODevice *vdev, uint32_t features)
 {
 features |= 1 << VIRTIO_9P_MOUNT_TAG;
@@ -54,11 +60,10 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf 
*conf)
 FsDriverEntry *fse;
 V9fsPath path;
 
-s = (V9fsState *)virtio_common_init("virtio-9p",
-VIRTIO_ID_9P,
-sizeof(struct virtio_9p_config)+
-MAX_TAG_LEN,
-sizeof(V9fsState));
+s = (V9fsState *)virtio_common_init("virtio-9p", VIRTIO_ID_9P,
+host_features, feature_sizes,
+sizeof(struct virtio_9p_config) +
+MAX_TAG_LEN, sizeof(V9fsState));
 /* initialize pdu allocator */
 QLIST_INIT(&s->free_list);
 QLIST_INIT(&s->active_list);
diff --git a/hw/virtio-balloon.c b/hw/virtio-balloon.c
index 4574db6..81f27e9 100644
--- a/hw/virtio-balloon.c
+++ b/hw/virtio-balloon.c
@@ -29,6 +29,12 @@
 #include 
 #endif
 
+static VirtIOFeature feature_sizes[] = {
+{.flags = 0x, /* dummy table -- all features included. */
+ .end = sizeof(struct virtio_balloon_config)},
+{}
+};
+
 typedef struct VirtIOBalloon
 {
 VirtIODevice vdev;
@@ -278,7 +284,7 @@ static void virtio_balloon_get_config(VirtIODevice *vdev, 
uint8_t *config_data)
 config.num_pages = cpu_to_le32(dev->num_pages);
 config.actual = cpu_to_le32(dev->actual);
 
-memcpy(config_data, &config, 8);
+memcpy(config_data, &config, vdev->config_len);
 }
 
 static void virtio_balloon_set_config(VirtIODevice *vdev,
@@ -287,7 +293,7 @@ static void virtio_balloon_set_config(VirtIODevice *vdev,
 VirtIOBalloon *dev = to_virtio_balloon(vdev);
 struct virtio_balloon_config config;
 uint32_t oldactual = dev->actual;
-memcpy(&config, config_data, 8);
+memcpy(&config, config_data, vdev->config_len);
 dev->actual = le32_to_cpu(config.actual);
 if (dev->actual != oldactual) {
 qemu_balloon_changed(ram_size -
@@ -356,7 +362,10 @@ VirtIODevice *virtio_balloon_init(DeviceState *dev, 
uint32_t host_features)
 
 s = (VirtIOBalloon *)virtio_common_init("virtio-balloon",
 VIRTIO_ID_BALLOON,
-8, sizeof(VirtIOBalloon));
+host_features, feature_sizes,
+endof(struct virtio_balloon_config,
+  actual),
+sizeof(VirtIOBalloon));
 
 s->vdev.get_config = virtio_balloon_get_config;
 s->vdev.set_config = virtio_balloon_set_config;
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index b3ab267..788a4c7 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -25,6 +25,12 @@
 # include 
 #endif
 
+static VirtIOFeature feature_sizes[] = {
+{.flags = 0x, /* dummy table -- all features included */
+ .end = sizeof(struct virtio_blk_config)},
+{}
+};
+
 typedef struct VirtIOBlock
 {
 VirtIODevice vdev;
@@ -531,7 +537,7 @@ static void virtio_blk_update_config(VirtIODevice *vdev, 
uint8_t *config)
 blkcfg.physical_block_exp = get_physical_block_ex

Re: [Qemu-devel] [RFC][PATCH] iscsi: retry read, write, flush and unmap on unit attention check conditions

[Peter Lieven]

Am 18.02.2013 um 17:14 schrieb Paolo Bonzini :

> Il 18/02/2013 16:58, Peter Lieven ha scritto:
>> 
>> +acb = qemu_aio_get(&iscsi_aiocb_info, bs, cb, opaque);
>> +
>> +acb->iscsilun = iscsilun;
>> +acb->retries  = ISCSI_CMD_RETRIES;
>> +acb->nb_sectors  = nb_sectors;
>> +acb->sector_num  = sector_num;
>> +acb->retries = ISCSI_CMD_RETRIES;
> 
> Looks good apart from the duplication here.  I can fix that up when
> committing.

Thanks. I will do some additional testing on Thursday. Will let you know the 
results.

Peter

> 
> Paolo

[Qemu-devel] [PATCH 1/8] virtio-net: replace redundant config_size field with config_len

[Jesse Larrew]

Commit 14f9b664b34bbd37a488cb5c762aa278c60e1fb6 added a config_size field
to struct VirtIONet. However, struct VirtIONet has an embedded struct
VirtIODevice that already contains a config_len field for this purpose, so
config_size is unnecessary. This patch simply replaces it with
vdev->config_len instead.

Signed-off-by: Jesse Larrew 
---
 hw/virtio-net.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/hw/virtio-net.c b/hw/virtio-net.c
index 573c669..bdbfc18 100644
--- a/hw/virtio-net.c
+++ b/hw/virtio-net.c
@@ -73,7 +73,6 @@ typedef struct VirtIONet
 int multiqueue;
 uint16_t max_queues;
 uint16_t curr_queues;
-size_t config_size;
 } VirtIONet;
 
 /*
@@ -127,7 +126,7 @@ static void virtio_net_get_config(VirtIODevice *vdev, 
uint8_t *config)
 stw_p(&netcfg.status, n->status);
 stw_p(&netcfg.max_virtqueue_pairs, n->max_queues);
 memcpy(netcfg.mac, n->mac, ETH_ALEN);
-memcpy(config, &netcfg, n->config_size);
+memcpy(config, &netcfg, vdev->config_len);
 }
 
 static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
@@ -135,7 +134,7 @@ static void virtio_net_set_config(VirtIODevice *vdev, const 
uint8_t *config)
 VirtIONet *n = to_virtio_net(vdev);
 struct virtio_net_config netcfg = {};
 
-memcpy(&netcfg, config, n->config_size);
+memcpy(&netcfg, config, vdev->config_len);
 
 if (!(n->vdev.guest_features >> VIRTIO_NET_F_CTRL_MAC_ADDR & 1) &&
 memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
@@ -1316,7 +1315,6 @@ VirtIODevice *virtio_net_init(DeviceState *dev, NICConf 
*conf,
 n = (VirtIONet *)virtio_common_init("virtio-net", VIRTIO_ID_NET,
 config_size, sizeof(VirtIONet));
 
-n->config_size = config_size;
 n->vdev.get_config = virtio_net_get_config;
 n->vdev.set_config = virtio_net_set_config;
 n->vdev.get_features = virtio_net_get_features;
-- 
1.7.11.7

[Qemu-devel] [PATCH 26/57] target-i386: optimize setle

[Richard Henderson]

And allow gen_setcc_slow to operate on cpu_cc_src.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Richard Henderson 
---
 target-i386/translate.c | 15 ++-
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index dab6983..fea43c7 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -1045,7 +1045,6 @@ static void gen_compute_eflags_z(DisasContext *s, TCGv 
reg, bool inv)
 
 static void gen_setcc_slow(DisasContext *s, int jcc_op, TCGv reg, bool inv)
 {
-assert(!TCGV_EQUAL(reg, cpu_cc_src));
 switch(jcc_op) {
 case JCC_O:
 gen_compute_eflags_o(s, reg);
@@ -1072,20 +1071,18 @@ static void gen_setcc_slow(DisasContext *s, int jcc_op, 
TCGv reg, bool inv)
 break;
 case JCC_L:
 gen_compute_eflags(s);
-tcg_gen_shri_tl(reg, cpu_cc_src, 11); /* CC_O */
-tcg_gen_shri_tl(cpu_tmp0, cpu_cc_src, 7); /* CC_S */
+tcg_gen_shri_tl(cpu_tmp0, cpu_cc_src, 11); /* CC_O */
+tcg_gen_shri_tl(reg, cpu_cc_src, 7); /* CC_S */
 tcg_gen_xor_tl(reg, reg, cpu_tmp0);
 tcg_gen_andi_tl(reg, reg, 1);
 break;
 default:
 case JCC_LE:
 gen_compute_eflags(s);
-tcg_gen_shri_tl(reg, cpu_cc_src, 11); /* CC_O */
-tcg_gen_shri_tl(cpu_tmp4, cpu_cc_src, 7); /* CC_S */
-tcg_gen_shri_tl(cpu_tmp0, cpu_cc_src, 6); /* CC_Z */
-tcg_gen_xor_tl(reg, reg, cpu_tmp4);
-tcg_gen_or_tl(reg, reg, cpu_tmp0);
-tcg_gen_andi_tl(reg, reg, 1);
+tcg_gen_shri_tl(cpu_tmp0, cpu_cc_src, 4); /* CC_O -> CC_S */
+tcg_gen_xor_tl(reg, cpu_tmp0, cpu_cc_src);
+tcg_gen_andi_tl(reg, reg, CC_S | CC_Z);
+tcg_gen_setcondi_tl(inv ? TCG_COND_EQ : TCG_COND_NE, reg, reg, 0);
 break;
 }
 if (inv) {
-- 
1.8.1.2

[Qemu-devel] [PATCH 6/8] virtio-serial: fill in the feature table

[Jesse Larrew]

VIRTIO_CONSOLE_F_MULTIPORT is set when max_nr_ports > 1, so set the config
size to include max_nr_ports.

Signed-off-by: Jesse Larrew 
---
 hw/virtio-serial-bus.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/virtio-serial-bus.c b/hw/virtio-serial-bus.c
index 9cd9fbd..00d06da 100644
--- a/hw/virtio-serial-bus.c
+++ b/hw/virtio-serial-bus.c
@@ -26,8 +26,8 @@
 #include "virtio-serial.h"
 
 static VirtIOFeature feature_sizes[] = {
-{.flags = 0x, /* dummy table -- all features included. */
- .end = sizeof(struct virtio_console_config)},
+{.flags = 1 << VIRTIO_CONSOLE_F_MULTIPORT,
+ .end = endof(struct virtio_console_config, max_nr_ports)},
 {}
 };
 
-- 
1.7.11.7

Re: [Qemu-devel] [PATCH v1 6/6] arm: a9mpcore: Coreify the SCU

[Peter Crosthwaite]

Hi Andreas,

On Tue, Feb 19, 2013 at 6:19 AM, Andreas Färber  wrote:
> Am 18.02.2013 19:49, schrieb Peter Maydell:
>> On 8 February 2013 04:03, Peter Crosthwaite
>>  wrote:
>>> Split the SCU in a9mpcore out into its own object definition. mpcore is now
>>> just a container for the mpcore components.
>>
>> Good idea.
>>
>>> --- a/hw/a9mpcore.c
>>> +++ b/hw/a9mpcore.c
>>> @@ -14,107 +14,12 @@
>>>
>>>  typedef struct A9MPPrivState {
>>>  SysBusDevice busdev;
>>> -uint32_t scu_control;
>>> -uint32_t scu_status;
>>>  uint32_t num_cpu;
>>> -MemoryRegion scu_iomem;
>>>  MemoryRegion container;
>>>  DeviceState *gic;
>>>  uint32_t num_irq;
>>>  } A9MPPrivState;
>>
>> You need to add a DeviceState* for the scu.
>
> No, not a DeviceState*, an A9SCUState. With object_initialize() and
> qdev_set_parent_bus(NULL) instead of qdev_create() to be exact and some
> child property for ownership transfer. 2/7 and commit
> message say why.
>

Hi Andreas, what you are proposing is a major change pattern to pretty
much the entire tree - every device that is part of a container object
needs to inlined (thus creating public headers). Despite the fact that
I disagree with that approach, this change is way out of scope of this
series and changing just the SCU to be like this will make it
inconsistent with its peer devices GIC and MPTimer. This is cut and
paste re-organisation of existing code that is groundwork for what you
are talking about and the patch still stands in its own right in that
this scheme is better than what we have today.

So I'd like to take a crawl before we walk approach to this patch. For
the next revision i'm going to do it Peters way and ask that we sort
out the big questions about QOM containers and inline-structs for
MPCore in another patch series. Then we can fix GIC and MPTimer at the
same time and everything is consistent. Too often when contributors
submit patches some minor issue get tangled in large out of scope
discussions about QOM that relate to the entire tree. The whole series
then ends up bitrotting on list or living out of tree forever.

Regards,
Peter

>>> diff --git a/hw/a9scu.c b/hw/a9scu.c
>>> new file mode 100644
>>> index 000..0a3d411
>>> --- /dev/null
>>> +++ b/hw/a9scu.c
> [...]
>>> +static void a9_scu_class_init(ObjectClass *klass, void *data)
>>> +{
>>> +DeviceClass *dc = DEVICE_CLASS(klass);
>>> +SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
>>> +
>>> +k->init = a9_scu_init;
>>
>> This should have an instance_init and/or realize method,
>> not a SysBusDeviceClass::init (see comments on PL330 patch).
>>
>>> +dc->props = a9_scu_properties;
>>> +dc->vmsd = &vmstate_a9_scu;
>>> +dc->reset = a9_scu_reset;
>>> +}
>>> +
>>> +static TypeInfo a9_scu_info = {
>
> static const
>

Fixed

Regards,
Peter

> Regards,
> Andreas
>
> --
> SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
> GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
>

[Qemu-devel] [PATCH 40/57] target-i386: Don't reference ENV through most of cc helpers

[Richard Henderson]

In preparation for making this a const helper.

By using the proper types in the parameters to the helper functions,
we get to avoid quite a lot of subsequent casting.

Signed-off-by: Richard Henderson 
---
 target-i386/cc_helper.c  | 217 ++
 target-i386/cc_helper_template.h | 245 +++
 2 files changed, 180 insertions(+), 282 deletions(-)

diff --git a/target-i386/cc_helper.c b/target-i386/cc_helper.c
index 9422003..61427dd 100644
--- a/target-i386/cc_helper.c
+++ b/target-i386/cc_helper.c
@@ -75,125 +75,108 @@ const uint8_t parity_table[256] = {
 
 #endif
 
-static int compute_all_eflags(CPUX86State *env)
-{
-return CC_SRC;
-}
-
-static int compute_c_eflags(CPUX86State *env)
-{
-return CC_SRC & CC_C;
-}
-
 uint32_t helper_cc_compute_all(CPUX86State *env, int op)
 {
+target_ulong dst = CC_DST, src1 = CC_SRC;
+
 switch (op) {
 default: /* should never happen */
 return 0;
 
 case CC_OP_EFLAGS:
-return compute_all_eflags(env);
+return src1;
 
 case CC_OP_MULB:
-return compute_all_mulb(env);
+return compute_all_mulb(dst, src1);
 case CC_OP_MULW:
-return compute_all_mulw(env);
+return compute_all_mulw(dst, src1);
 case CC_OP_MULL:
-return compute_all_mull(env);
+return compute_all_mull(dst, src1);
 
 case CC_OP_ADDB:
-return compute_all_addb(env);
+return compute_all_addb(dst, src1);
 case CC_OP_ADDW:
-return compute_all_addw(env);
+return compute_all_addw(dst, src1);
 case CC_OP_ADDL:
-return compute_all_addl(env);
+return compute_all_addl(dst, src1);
 
 case CC_OP_ADCB:
-return compute_all_adcb(env);
+return compute_all_adcb(dst, src1);
 case CC_OP_ADCW:
-return compute_all_adcw(env);
+return compute_all_adcw(dst, src1);
 case CC_OP_ADCL:
-return compute_all_adcl(env);
+return compute_all_adcl(dst, src1);
 
 case CC_OP_SUBB:
-return compute_all_subb(env);
+return compute_all_subb(dst, src1);
 case CC_OP_SUBW:
-return compute_all_subw(env);
+return compute_all_subw(dst, src1);
 case CC_OP_SUBL:
-return compute_all_subl(env);
+return compute_all_subl(dst, src1);
 
 case CC_OP_SBBB:
-return compute_all_sbbb(env);
+return compute_all_sbbb(dst, src1);
 case CC_OP_SBBW:
-return compute_all_sbbw(env);
+return compute_all_sbbw(dst, src1);
 case CC_OP_SBBL:
-return compute_all_sbbl(env);
+return compute_all_sbbl(dst, src1);
 
 case CC_OP_LOGICB:
-return compute_all_logicb(env);
+return compute_all_logicb(dst, src1);
 case CC_OP_LOGICW:
-return compute_all_logicw(env);
+return compute_all_logicw(dst, src1);
 case CC_OP_LOGICL:
-return compute_all_logicl(env);
+return compute_all_logicl(dst, src1);
 
 case CC_OP_INCB:
-return compute_all_incb(env);
+return compute_all_incb(dst, src1);
 case CC_OP_INCW:
-return compute_all_incw(env);
+return compute_all_incw(dst, src1);
 case CC_OP_INCL:
-return compute_all_incl(env);
+return compute_all_incl(dst, src1);
 
 case CC_OP_DECB:
-return compute_all_decb(env);
+return compute_all_decb(dst, src1);
 case CC_OP_DECW:
-return compute_all_decw(env);
+return compute_all_decw(dst, src1);
 case CC_OP_DECL:
-return compute_all_decl(env);
+return compute_all_decl(dst, src1);
 
 case CC_OP_SHLB:
-return compute_all_shlb(env);
+return compute_all_shlb(dst, src1);
 case CC_OP_SHLW:
-return compute_all_shlw(env);
+return compute_all_shlw(dst, src1);
 case CC_OP_SHLL:
-return compute_all_shll(env);
+return compute_all_shll(dst, src1);
 
 case CC_OP_SARB:
-return compute_all_sarb(env);
+return compute_all_sarb(dst, src1);
 case CC_OP_SARW:
-return compute_all_sarw(env);
+return compute_all_sarw(dst, src1);
 case CC_OP_SARL:
-return compute_all_sarl(env);
+return compute_all_sarl(dst, src1);
 
 #ifdef TARGET_X86_64
 case CC_OP_MULQ:
-return compute_all_mulq(env);
-
+return compute_all_mulq(dst, src1);
 case CC_OP_ADDQ:
-return compute_all_addq(env);
-
+return compute_all_addq(dst, src1);
 case CC_OP_ADCQ:
-return compute_all_adcq(env);
-
+return compute_all_adcq(dst, src1);
 case CC_OP_SUBQ:
-return compute_all_subq(env);
-
+return compute_all_subq(dst, src1);
 case CC_OP_SBBQ:
-return compute_all_sbbq(env);
-
+return compute_all_sbbq(dst, src1);
 case CC_OP_LOGICQ:
-return compute_all_logicq(env);
-
+return compute_all_logicq(dst, src1);
 case CC_OP_INCQ:
-

[Qemu-devel] [PATCH V24 4/7] Build the TPM frontend code

[Stefan Berger]

Build the TPM frontend code that has been added so far.

Signed-off-by: Stefan Berger 
Reviewed-by: Corey Bryant 
---
 configure  | 11 +++
 default-configs/i386-softmmu.mak   |  1 +
 default-configs/x86_64-softmmu.mak |  1 +
 tpm/Makefile.objs  |  3 +++
 4 files changed, 16 insertions(+)

diff --git a/configure b/configure
index bf5970f..c125570 100755
--- a/configure
+++ b/configure
@@ -226,6 +226,7 @@ coroutine=""
 seccomp=""
 glusterfs=""
 virtio_blk_data_plane=""
+tpm="no"
 
 # parse CC options first
 for opt do
@@ -897,6 +898,8 @@ for opt do
   ;;
   --enable-virtio-blk-data-plane) virtio_blk_data_plane="yes"
   ;;
+  --enable-tpm) tpm="yes"
+  ;;
   *) echo "ERROR: unknown option $opt"; show_help="yes"
   ;;
   esac
@@ -1146,6 +1149,7 @@ echo "  --enable-glusterfs   enable GlusterFS backend"
 echo "  --disable-glusterfs  disable GlusterFS backend"
 echo "  --enable-gcovenable test coverage analysis with gcov"
 echo "  --gcov=GCOV  use specified gcov [$gcov_tool]"
+echo "  --enable-tpm enable TPM support"
 echo ""
 echo "NOTE: The object files are built at the place where configure is 
launched"
 exit 1
@@ -3360,6 +3364,7 @@ echo "GlusterFS support $glusterfs"
 echo "virtio-blk-data-plane $virtio_blk_data_plane"
 echo "gcov  $gcov_tool"
 echo "gcov enabled  $gcov"
+echo "TPM support   $tpm"
 
 if test "$sdl_too_old" = "yes"; then
 echo "-> Your SDL version is too old - please upgrade to have SDL support"
@@ -4271,6 +4276,12 @@ if test "$gprof" = "yes" ; then
   fi
 fi
 
+if test "$tpm" = "yes"; then
+  if test "$target_softmmu" = "yes" ; then
+echo "CONFIG_TPM=y" >> $config_host_mak
+  fi
+fi
+
 if test "$ARCH" = "tci"; then
   linker_script=""
 else
diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index 2c78175..4a32342 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -25,3 +25,4 @@ CONFIG_HPET=y
 CONFIG_APPLESMC=y
 CONFIG_I8259=y
 CONFIG_PFLASH_CFI01=y
+CONFIG_TPM_TIS=y
diff --git a/default-configs/x86_64-softmmu.mak 
b/default-configs/x86_64-softmmu.mak
index 233a856..d518f51 100644
--- a/default-configs/x86_64-softmmu.mak
+++ b/default-configs/x86_64-softmmu.mak
@@ -25,3 +25,4 @@ CONFIG_HPET=y
 CONFIG_APPLESMC=y
 CONFIG_I8259=y
 CONFIG_PFLASH_CFI01=y
+CONFIG_TPM_TIS=y
diff --git a/tpm/Makefile.objs b/tpm/Makefile.objs
index dffb567..94ad2e7 100644
--- a/tpm/Makefile.objs
+++ b/tpm/Makefile.objs
@@ -1 +1,4 @@
 common-obj-y = tpm.o
+ifeq ($(CONFIG_TPM),y)
+common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
+endif
-- 
1.7.11.7

Re: [Qemu-devel] [PATCH V24 5/7] Add a TPM Passthrough backend driver implementation

[Stefan Berger]

On 02/19/2013 05:43 PM, Corey Bryant wrote:



diff --git a/tpm/Makefile.objs b/tpm/Makefile.objs
index 94ad2e7..8abd0f9 100644
--- a/tpm/Makefile.objs
+++ b/tpm/Makefile.objs
@@ -1,4 +1,6 @@
-common-obj-y = tpm.o
+common-obj-y = tpm.o tpm_backend.o
  ifeq ($(CONFIG_TPM),y)
  common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
  endif
+common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o
+


Should the ifeq be surrounding more than just tpm_tis?


Yes, that then also eliminates the stub functions.

Re: [Qemu-devel] [edk2] (PAM stuff) reset doesn't work on OVMF + SeaBIOS CSM

[David Woodhouse]

On Tue, 2013-02-19 at 21:49 +0100, Paolo Bonzini wrote:
> > And in fact it probably shouldn't use the hard-coded 0xcf9 reset; it
> > should use the one indicated by the ACPI RESET_REG field (which *is*
> > 0xcf9... or should be).
> 
> We should implement this: http://mjg59.dreamwidth.org/3561.html

Matthew fails to distinguish between a hard reset and a soft reset. From
the CSM if we do find ourselves running at 0x0 (which should never
happen except under buggy KVM emulation anyway), we really do need to be
using the 0xcf9 reset (or the ACPI reset, which is going to point to the
same thing in general), and *not* the keyboard reset. And, of course, we
need it to work correctly and reset the PAM configuration (qv).

However, a single bash on the 0xcf9 register ought to suffice so the
ACPI/kbd/ACPI/kbd loop that Matthew describes is probably acceptable. As
long as it does the ACPI one *first*.

( It's also interesting that, as Laszlo observes, machines tend to set
the RESET_REG in the FADT *without* setting the enabled bit in the FADT
flags. Does Windows use it anyway? And is there are reason for *not*
setting the enabled bit, or is it just that all PC BIOSes are written by
crack-smoking hobos that they drag in off the street, and this is just
an artefact of the rule "anything they *can* get wrong and still boot
Windows, they *will* get wrong"? )


-- 
dwmw2



smime.p7s
Description: S/MIME cryptographic signature

[Qemu-devel] [Bug 1129571] Re: libreoffice armhf FTBFS

[Peter Maydell]

The actual command from the build log:

/usr/lib/jvm/java-6-openjdk-armhf/bin/java   -cp 
".:../../unxlngr.pro/class:/usr/lib/jvm/java-6-openjdk-armhf/jre/lib/rt.jar:.:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin
/jaxp.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/juh.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/parser.jar:/build/buildd/libreoffice-3.5.7/solver/unx
lngr.pro/bin/xt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/unoil.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/ridl.jar:/build/buildd/libreoffice-3.5.7/
solver/unxlngr.pro/bin/jurt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xmlsearch.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/LuceneHelpWrapper.jar:/bu
ild/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/HelpIndexerTool.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-core-2.3.jar:/build/buildd/libreoffice-3.5.7/so
lver/unxlngr.pro/bin/lucene-analyzers-2.3.jar" 
com.sun.star.help.HelpIndexerTool -lang cs -mod swriter -zipdir 
../../unxlngr.pro/misc/ziptmpswriter_cs -o ../../unxlngr.pro/bin/swrit
er_cs.zip.unxlngr.pro
dmake:  Error code 132, while making '../../unxlngr.pro/bin/swriter_cs.zip'


Interestingly, this happens after we've successfully run exactly the same Java 
command to produce swriter_foo.zip for various other values of 'foo' (different 
locales/languages?) My suspicion is that (a) maybe we're running out of address 
space? (b) this is going to be really painful to track down because it's 
obviously dependent on the data input to the tool. Does the build reproducibly 
fail on exactly the same bit every time?

Serge: that also looks like it's probably some issue with running Java
under QEMU, but it doesn't seem to be the same thing at all as the
LibreOffice errors in the build log...

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1129571

Title:
  libreoffice armhf FTBFS

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Confirmed

Bug description:
  We have been experiencing FTBFS of LibreOffice 3.5.7, 12.04, armhf in
  the launchpad buildds. We believe this is likely due to an error in
  qemu.

  While we do not have a small test case yet, we do have a build log
  (attaching here).

  The relevant snippet from the build log is:

  
3.5.7/solver/unxlngr.pro/bin/jaxp.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/juh.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/parser.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/unoil.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/ridl.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/jurt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xmlsearch.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/LuceneHelpWrapper.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/HelpIndexerTool.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-core-2.3.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-analyzers-2.3.jar"
 com.sun.star.help.HelpIndexerTool -lang cs -mod swriter -zipdir 
../../unxlngr.pro/misc/ziptmpswriter_cs -o 
../../unxlngr.pro/bin/swriter_cs.zip.unxlngr.pro
  dmake:  Error code 132, while making '../../unxlngr.pro/bin/swriter_cs.zip'

  We believe this is from bash error code 128 + 4, where 4 is illegal
  instruction, thus leading us to suspect qemu.

  Any help in tracking this down would be appreciated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1129571/+subscriptions

Re: [Qemu-devel] [RFC PATCH v4 00/30] ACPI memory hotplug

[Erlon Cruz]

On Tue, Dec 18, 2012 at 10:41 AM, Vasilis Liaskovitis <
vasilis.liaskovi...@profitbricks.com> wrote:

> This is v4 of the ACPI memory hotplug functionality. Only x86_64 target is
> supported (both i440fx and q35). There are still several issues, but it's
> been a while since v3 and I wanted to get some more feedback on the current
> state of the patchseries.
>
>
We are working in memory hotplug functionality on pSeries machine. I'm
wondering whether and how we can better integrate things. Do you think the
DIMM abstraction is generic enough to be used in other machine types?


> Overview:
>
> Dimm device layout is modeled with a normal qemu device:
>
> "-device dimm,id=name,size=sz,node=pxm,populated=on|off,bus=membus.0"
>
>
 How does this will handle the no-hotplugable memory for example the memory
passed in '-m' parameter?


> The starting physical address for all dimms is calculated from top of
> memory,
> during memory controller init, skipping the pci hole at [PCI_HOLE_START,
> 4G).
> e.g.
> "-device dimm,id=dimm0,size=512M,node=0,populated=off,bus=membus.0"
> will define a 512M memory dimm belonging to numa node 0, on bus membus.0.
>
> Because dimm layout needs to be configured on machine-boot, all dimm
> devices
> need to be specified on startup command line (either with populated=on or
> with
> populated=off). The dimm information is stored in dimm configuration
> structures.
>
> After machine startup, dimms are hot-added or removed with normal
> device_add
> and device_del operations e.g.:
> Hot-add syntax: "device_add dimm,id=mydimm0,bus=membus.0"
> Hot-remove syntax: "device_del dimm,id=mydimm0"
>
> Changes v3->v4
>
> - Dimms added with normal -device argument (extra -dimm arg dropped).
> - multiple memory buses can be registered. Memory buses of the real
> hw/chipset
>   or a paravirtual memory bus can be added.
> - acpi implementation uses memory API instead of old ioports.
> - Support for q35/ich9 added (still buggy, see patch 12/31).
> - piix4/i440fx initialization code has been refactored to resemble q35.
> This
> will allow memory map initialization at chipset qdev init time for both
> machines, as well as more similar code.
> - Hot-remove functionality has been moved to separate patches. Hot-remove
> no
> longer frees memory but unmaps the dimm/qdev device from the guest's view.
> Freeing the memory should happen when the last user unrefs/unmaps the
> memory,
> see also (work in progress):
> https://lists.gnu.org/archive/html/qemu-devel/2012-11/msg00728.html
> https://lists.gnu.org/archive/html/qemu-devel/2012-11/msg02697.html
> - new qmp/hmp command for the state of each dimm (on/off)
>
> Changes v2->v3
>
> - qdev integration. Dimms are attached to a dimmbus. The dimmbus is a child
>   of i440fx device in the pc machine. Hot-add and remove are done with
> normal
>   device_add / device_del operations on the dimmbus. New commands
> "dimm_add" and
>   "dimm_del" are obsolete.
> - Add _PS3 method to allow OSPM-induced hot operations.
> - pci-window calculation in Seabios takes dimms into account(for both
> 32-bit and
>   64-bit windows)
> - rename new qmp commands: query-memory-total and query-memory-hotplug
> - balloon driver can see the hotplugged memory
>
> Changes v1->v2
>
> - memory map is automatically calculated for hotplug dimms. Dimms are
> added from
> top-of-memory skipping the pci hole at [PCI_HOLE_START, 4G).
> - Renamed from "-memslot" to "-dimm". Commands changed to "dimm_add",
> "dimm_del"
> - Seabios ejection array reduced to a byte. Use extraction macros for dimm
> ssdt.
> - additional SRAT paravirt info does not break previous SRAT fw_cfg layout.
> - Documentation of new acpi_piix4 registers and paravirt data.
> - add ACPI _OST support for _OST enabled guests. This allows qemu to
> receive
> notification for success / failure of memory hot-add and hot-remove
> operations.
> Guest needs to support _OST (https://lkml.org/lkml/2012/6/25/321)
> - add monitor info command to report total guest memory (initial +
> hot-added)
>
> Issues:
>
> - hot-remove needs to only unmap the dimm device from guest's view.
> Freeing the
> memory should happen when the last user of the device (e.g. virtio-blk)
> unrefs
> the device. A testcase is needed for this.
>
> - Live Migration: Ramblocks are migrated before qdev VMStates are
> migrated. So
> the DimmDevice is handled diferrently than other devices. Should this be
> reworked ?( DimmDevice structure currently does not define a
> VMStateDescription)
> Live migration works as long as the dimm layout (command line args) are
> identical at the source and destination qemu command line, and destination
> takes
> into account hot-operations that have occured on source. (v3 patch 10/19
> created the DimmDevice that corresponds to an unknown incoming ramblock,
> e.g.
> for a dimm that was hot-added on source. but has been dropped for the
> moment).
>
> - A main blocker issue is windows guest functionality. The patchset does
> not
> work for windows 

[Qemu-devel] [PATCH 29/57] target-i386: introduce gen_prepare_cc

[Richard Henderson]

This makes the i386 front-end able to create CCPrepare structs for all
condition, not just those that come from a single flag.  In particular,
JCC_L and JCC_LE can be optimized because gen_prepare_cc is not forced
to return a result in bit 0 (unlike gen_setcc_slow).

However, for now the slow jcc operations will still go through CC
computation in a single-bit temporary, followed by a brcond if the
temporary is nonzero.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Richard Henderson 
---
 target-i386/translate.c | 91 +++--
 1 file changed, 42 insertions(+), 49 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 06f0fbc..046d82f 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -1042,14 +1042,6 @@ static CCPrepare gen_prepare_eflags_z(DisasContext *s, 
TCGv reg)
 
 #define gen_compute_eflags_c(s, reg, inv) \
 gen_do_setcc(reg, gen_prepare_eflags_c(s, reg), inv)
-#define gen_compute_eflags_p(s, reg) \
-gen_do_setcc(reg, gen_prepare_eflags_p(s, reg), false)
-#define gen_compute_eflags_s(s, reg, inv) \
-gen_do_setcc(reg, gen_prepare_eflags_s(s, reg), inv)
-#define gen_compute_eflags_o(s, reg) \
-gen_do_setcc(reg, gen_prepare_eflags_o(s, reg), false)
-#define gen_compute_eflags_z(s, reg, inv) \
-gen_do_setcc(reg, gen_prepare_eflags_z(s, reg), inv)
 
 static void gen_do_setcc(TCGv reg, struct CCPrepare cc, bool inv)
 {
@@ -1074,6 +1066,7 @@ static void gen_do_setcc(TCGv reg, struct CCPrepare cc, 
bool inv)
 }
 if (cc.mask != -1) {
 tcg_gen_andi_tl(reg, cc.reg, cc.mask);
+cc.reg = reg;
 }
 if (cc.use_reg2) {
 tcg_gen_setcond_tl(cc.cond, reg, cc.reg, cc.reg2);
@@ -1082,58 +1075,50 @@ static void gen_do_setcc(TCGv reg, struct CCPrepare cc, 
bool inv)
 }
 }
 
-static void gen_setcc_slow(DisasContext *s, int jcc_op, TCGv reg, bool inv)
+static CCPrepare gen_prepare_cc_slow(DisasContext *s, int jcc_op, TCGv reg)
 {
 switch(jcc_op) {
 case JCC_O:
-gen_compute_eflags_o(s, reg);
-break;
+return gen_prepare_eflags_o(s, reg);
 case JCC_B:
-gen_compute_eflags_c(s, reg, inv);
-inv = false;
-break;
+return gen_prepare_eflags_c(s, reg);
 case JCC_Z:
-gen_compute_eflags_z(s, reg, inv);
-inv = false;
-break;
+return gen_prepare_eflags_z(s, reg);
 case JCC_BE:
 gen_compute_eflags(s);
-tcg_gen_andi_tl(reg, cpu_cc_src, CC_Z | CC_C);
-tcg_gen_setcondi_tl(inv ? TCG_COND_EQ : TCG_COND_NE, reg, reg, 0);
-return;
+return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
+ .mask = CC_Z | CC_C };
 case JCC_S:
-gen_compute_eflags_s(s, reg, inv);
-inv = false;
-break;
+return gen_prepare_eflags_s(s, reg);
 case JCC_P:
-gen_compute_eflags_p(s, reg);
-break;
+return gen_prepare_eflags_p(s, reg);
 case JCC_L:
 gen_compute_eflags(s);
-tcg_gen_shri_tl(cpu_tmp0, cpu_cc_src, 11); /* CC_O */
-tcg_gen_shri_tl(reg, cpu_cc_src, 7); /* CC_S */
-tcg_gen_xor_tl(reg, reg, cpu_tmp0);
-tcg_gen_andi_tl(reg, reg, 1);
-break;
+if (TCGV_EQUAL(reg, cpu_cc_src)) {
+reg = cpu_tmp0;
+}
+tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
+tcg_gen_xor_tl(reg, reg, cpu_cc_src);
+return (CCPrepare) { .cond = TCG_COND_NE, .reg = reg, .mask = CC_S };
 default:
 case JCC_LE:
 gen_compute_eflags(s);
-tcg_gen_shri_tl(cpu_tmp0, cpu_cc_src, 4); /* CC_O -> CC_S */
-tcg_gen_xor_tl(reg, cpu_tmp0, cpu_cc_src);
-tcg_gen_andi_tl(reg, reg, CC_S | CC_Z);
-tcg_gen_setcondi_tl(inv ? TCG_COND_EQ : TCG_COND_NE, reg, reg, 0);
-break;
-}
-if (inv) {
-tcg_gen_xori_tl(reg, reg, 1);
+if (TCGV_EQUAL(reg, cpu_cc_src)) {
+reg = cpu_tmp0;
+}
+tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
+tcg_gen_xor_tl(reg, reg, cpu_cc_src);
+return (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
+ .mask = CC_S | CC_Z };
 }
 }
 
 /* perform a conditional store into register 'reg' according to jump opcode
value 'b'. In the fast case, T0 is guaranted not to be used. */
-static inline void gen_setcc1(DisasContext *s, int b, TCGv reg)
+static CCPrepare gen_prepare_cc(DisasContext *s, int b, TCGv reg)
 {
 int inv, jcc_op, size, cond;
+CCPrepare cc;
 TCGv t0;
 
 inv = b & 1;
@@ -1148,23 +1133,24 @@ static inline void gen_setcc1(DisasContext *s, int b, 
TCGv reg)
 size = s->cc_op - CC_OP_SUBB;
 switch (jcc_op) {
 case JCC_BE:
-cond = inv ? TCG_COND_GTU : TCG_COND_LEU;
 tcg_gen_add_tl(cpu_tmp4, cpu_cc_dst, cpu_cc_src);
 gen_extu(size, cpu_tmp4);
 t0 = gen_ext_tl(cpu_

Re: [Qemu-devel] [PATCH 4/4] pc_piix: Add compat handling for qemu-kvm VGA mem size

[Paolo Bonzini]

Il 19/02/2013 23:59, Cole Robinson ha scritto:
> On 02/19/2013 05:52 PM, Paolo Bonzini wrote:
>> Il 19/02/2013 23:40, Cole Robinson ha scritto:
>>> +#ifdef CONFIG_MIGRATE_FROM_QEMU_KVM
>>> +/* qemu-kvm defaulted to 16MB video memory since 0.15 at least. */
>>> +# define OLD_VGA_MEM stringify(16)
>>> +#else
>>> +# define OLD_VGA_MEM stringify(8)
>>> +#endif
>>> +
>>>  #define PC_COMPAT_1_2 \
>>>  PC_COMPAT_1_3,\
>>>  {\
>>> @@ -354,6 +361,10 @@ static QEMUMachine pc_machine_v1_3 = {
>>>  .property = "revision",\
>>>  .value= stringify(3),\
>>>  },{\
>>> +.driver   = "cirrus-vga",\
>>> +.property = "vgamem_mb",\
>>> +.value= OLD_VGA_MEM,\
>>> +},{\
>>>  .driver   = "VGA",\
>>>  .property = "mmio",\
>>>  .value= "off",\
>>
>> Because this is now 1.5, you also need to define pc_machine_v1_4 and add
>> the compat property there.
> 
> I'm confused, pc-1.4 cirrus has vgamem_mb=8, and we want it that way
> regardless of whether --enable-migration-from-qemu-kvm is specified.
> 
> (this patch doesn't change the default cirrus memory as you suggested in the
> referenced mail)

Yes, that's it.  Better go to bed.  That would be a separate patch that
wouldn't have to be Cc-ed to stable.

Paolo

>> Also, please add the "Cc: qemu-sta...@nongnu.org" in the body of the
>> message.  It's an easy way for maintainers to pick up patches only after
>> they've been committed.
>>
> 
> Will do if/when reposting.
> 
> Thanks,
> Cole
> 
> 

[Qemu-devel] [PATCH 8/8] virtio-blk: fill in the feature table

[Jesse Larrew]

Fill in the feature table with the last field of struct virtio_blk_config
at the time that the feature flag was introduced. The table was constructed
by searching through the git history.

Signed-off-by: Jesse Larrew 
---
 hw/virtio-blk.c | 22 --
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 788a4c7..47c57d8 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -26,8 +26,26 @@
 #endif
 
 static VirtIOFeature feature_sizes[] = {
-{.flags = 0x, /* dummy table -- all features included */
- .end = sizeof(struct virtio_blk_config)},
+{.flags = 1 << VIRTIO_BLK_F_BARRIER,
+ .end = endof(struct virtio_blk_config, sectors)},
+{.flags = 1 << VIRTIO_BLK_F_SIZE_MAX,
+ .end = endof(struct virtio_blk_config, sectors)},
+{.flags = 1 << VIRTIO_BLK_F_SEG_MAX,
+ .end = endof(struct virtio_blk_config, sectors)},
+{.flags = 1 << VIRTIO_BLK_F_GEOMETRY,
+ .end = endof(struct virtio_blk_config, sectors)},
+{.flags = 1 << VIRTIO_BLK_F_RO,
+ .end = endof(struct virtio_blk_config, sectors)},
+{.flags = 1 << VIRTIO_BLK_F_BLK_SIZE,
+ .end = endof(struct virtio_blk_config, sectors)},
+{.flags = 1 << VIRTIO_BLK_F_SCSI,
+ .end = endof(struct virtio_blk_config, sectors)},
+{.flags = 1 << VIRTIO_BLK_F_WCE,
+ .end = endof(struct virtio_blk_config, blk_size)},
+{.flags = 1 << VIRTIO_BLK_F_TOPOLOGY,
+ .end = endof(struct virtio_blk_config, opt_io_size)},
+{.flags = 1 << VIRTIO_BLK_F_CONFIG_WCE,
+ .end = endof(struct virtio_blk_config, wce)},
 {}
 };
 
-- 
1.7.11.7

[Qemu-devel] [PATCH v2 0/8] virtio: set config size using host features

[Jesse Larrew]

To ensure compatibility between qemu versions, virtio drivers should set
the size of their config structs according to the feature bits that are
set. This should keep the size from changing as new features are introduced
and avoid breaking older drivers.

Changes since v1:
* Fixed a build error on s390.

[PATCH 1/8] virtio-net: replace redundant config_size field with
[PATCH 2/8] virtio: put struct VirtIOFeature in a header
[PATCH 3/8] virtio: pass host features to driver init functions
[PATCH 4/8] virtio: set config size using host features
[PATCH 5/8] virtio-balloon: fill in the table of feature_sizes
[PATCH 6/8] virtio-serial: fill in the feature table
[PATCH 7/8] virtio-scsi: fill in table of feature sizes
[PATCH 8/8] virtio-blk: fill in the feature table

Re: [Qemu-devel] [PATCH V6 06/14] block: add image info query function bdrv_query_image_info()

[Eric Blake]

On 02/18/2013 07:09 AM, Wenchao Xia wrote:
>   This patch add function bdrv_query_image_info(), which will return
> image info in qmp object format. The implementation code are based
> on the code moved from qemu-img.c, but use block layer function to get
> snapshot info.
>   A check with bdrv_can_read_snapshot(), was done before collecting
> snapshot info.
> 
> Signed-off-by: Wenchao Xia 
> Reviewed-by: Eric Blake 

Again, your cover letter says you heavily touched this patch; leaving my
Reviewed-by intact is misleading.

> +++ b/block.c
> @@ -2649,6 +2649,11 @@ void bdrv_iterate(void (*it)(void *opaque, 
> BlockDriverState *bs), void *opaque)
>  }
>  }
>  
> +static const char *bdrv_get_filename(const BlockDriverState *bs)
> +{
> +return bs->filename;
> +}

This function is now a waste.  Since it is static to this file only, and
the only thing it is doing is accessing a field inside bs, all
call-sites have access to the same field directly, without having to go
through this wrapper.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] .gitignore: Ignore optionrom/*.asm

[Cole Robinson]

Signed-off-by: Cole Robinson 
---
 .gitignore | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitignore b/.gitignore
index 53fe9c3..27ad002 100644
--- a/.gitignore
+++ b/.gitignore
@@ -83,12 +83,15 @@ fsdev/virtfs-proxy-helper.pod
 patches
 pc-bios/bios-pq/status
 pc-bios/vgabios-pq/status
+pc-bios/optionrom/linuxboot.asm
 pc-bios/optionrom/linuxboot.bin
 pc-bios/optionrom/linuxboot.raw
 pc-bios/optionrom/linuxboot.img
+pc-bios/optionrom/multiboot.asm
 pc-bios/optionrom/multiboot.bin
 pc-bios/optionrom/multiboot.raw
 pc-bios/optionrom/multiboot.img
+pc-bios/optionrom/kvmvapic.asm
 pc-bios/optionrom/kvmvapic.bin
 pc-bios/optionrom/kvmvapic.raw
 pc-bios/optionrom/kvmvapic.img
-- 
1.8.1.2

Re: [Qemu-devel] [PATCH v3 3/6] add backup related monitor commands

[Eric Blake]

On 02/19/2013 04:31 AM, Dietmar Maurer wrote:
> We use a generic BackupDriver struct to encapsulate all archive format
> related function.
> 
> Another option would be to simply dump  to
> the output fh (pipe), and an external binary saves the data. That way we
> could move the whole archive format related code out of qemu.
> 
> Signed-off-by: Dietmar Maurer 
> ---

Focusing my review on just the QMP interface:


> +++ b/qapi-schema.json
> @@ -425,6 +425,39 @@
>  { 'type': 'EventInfo', 'data': {'name': 'str'} }
>  
>  ##
> +# @BackupStatus:
> +#
> +# Detailed backup status.
> +#
> +# @status: #optional string describing the current backup status.
> +#  This can be 'active', 'done', 'error'. If this field is not
> +#  returned, no backup process has been initiated

This should be an enum type, not an open-coded 'str'.

> +#
> +# @errmsg: #optional error message (only returned if status is 'error')
> +#
> +# @total: #optional total amount of bytes involved in the backup process
> +#
> +# @transferred: #optional amount of bytes already backed up.
> +#
> +# @zero-bytes: #optional amount of 'zero' bytes detected.
> +#
> +# @start-time: #optional time (epoch) when backup job started.
> +#
> +# @end-time: #optional time (epoch) when backup job finished.

Is 1-second resolution good enough, or should we be accounting for
sub-second information?

> +#
> +# @backupfile: #optional backup file name
> +#
> +# @uuid: #optional uuid for this backup job
> +#
> +# Since: 1.5.0
> +##
> +{ 'type': 'BackupStatus',
> +  'data': {'*status': 'str', '*errmsg': 'str', '*total': 'int',
> +   '*transferred': 'int', '*zero-bytes': 'int',
> +   '*start-time': 'int', '*end-time': 'int',
> +   '*backupfile': 'str', '*uuid': 'str' } }

You can optional set the speed when starting a backup job, but can you
later change the job speed on the fly, and if so, with what command?
Also, shouldn't the current speed be displayed as part of BackupStatus?

> +
> +##
>  # @query-events:
>  #
>  # Return a list of supported QMP events by this server
> @@ -1824,6 +1857,64 @@
>'data': { 'path': 'str' },
>'returns': [ 'ObjectPropertyInfo' ] }
>  
> +
> +##
> +# @BackupFormat
> +#
> +# An enumeration of supported backup formats.
> +#
> +# @vma: Proxmox vma backup format
> +##
> +{ 'enum': 'BackupFormat',
> +  'data': [ 'vma' ] }
> +
> +##
> +# @backup:
> +#
> +# Starts a VM backup.
> +#
> +# @backupfile: the backup file name
> +#
> +# @format: format of the backup file
> +#
> +# @config-filename: #optional name of a configuration file to include into
> +# the backup archive.

'backupfile' vs. 'config-filename' feels inconsistent; better might be
'backup-file' and 'config-file'.

> +#
> +# @speed: #optional the maximum speed, in bytes per second
> +#

@devlist is missing.

> +# Returns: the uuid of the backup job
> +#
> +# Since: 1.5.0
> +##
> +{ 'command': 'backup', 'data': { 'backupfile': 'str', '*format': 
> 'BackupFormat',
> + '*config-filename': 'str',
> + '*devlist': 'str', '*speed': 'int' },
> +  'returns': 'str' }
> +
> +##
> +# @query-backup
> +#
> +# Returns information about current/last backup task.
> +#
> +# Returns: @BackupStatus
> +#
> +# Since: 1.5.0
> +##
> +{ 'command': 'query-backup', 'returns': 'BackupStatus' }
> +
> +##
> +# @backup-cancel
> +#
> +# Cancel the current executing backup process.
> +#
> +# Returns: nothing on success
> +#
> +# Notes: This command succeeds even if there is no backup process running.
> +#
> +# Since: 1.5.0
> +##
> +{ 'command': 'backup-cancel' }
> +

> +++ b/qmp-commands.hx
> @@ -889,6 +889,18 @@ EQMP
>  },
>  
>  {
> +.name   = "backup",
> +.args_type  = 
> "backupfile:s,format:s?,config-filename:F?,speed:o?,devlist:s?",
> +.mhandler.cmd_new = qmp_marshal_input_backup,
> +},
> +
> +{
> +.name   = "backup_cancel",

This doesn't match the spelling in the .json file.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 4/4] pc_piix: Add compat handling for qemu-kvm VGA mem size

[Cole Robinson]

On 02/19/2013 05:52 PM, Paolo Bonzini wrote:
> Il 19/02/2013 23:40, Cole Robinson ha scritto:
>> +#ifdef CONFIG_MIGRATE_FROM_QEMU_KVM
>> +/* qemu-kvm defaulted to 16MB video memory since 0.15 at least. */
>> +# define OLD_VGA_MEM stringify(16)
>> +#else
>> +# define OLD_VGA_MEM stringify(8)
>> +#endif
>> +
>>  #define PC_COMPAT_1_2 \
>>  PC_COMPAT_1_3,\
>>  {\
>> @@ -354,6 +361,10 @@ static QEMUMachine pc_machine_v1_3 = {
>>  .property = "revision",\
>>  .value= stringify(3),\
>>  },{\
>> +.driver   = "cirrus-vga",\
>> +.property = "vgamem_mb",\
>> +.value= OLD_VGA_MEM,\
>> +},{\
>>  .driver   = "VGA",\
>>  .property = "mmio",\
>>  .value= "off",\
> 
> Because this is now 1.5, you also need to define pc_machine_v1_4 and add
> the compat property there.
> 

I'm confused, pc-1.4 cirrus has vgamem_mb=8, and we want it that way
regardless of whether --enable-migration-from-qemu-kvm is specified.

(this patch doesn't change the default cirrus memory as you suggested in the
referenced mail)

> Also, please add the "Cc: qemu-sta...@nongnu.org" in the body of the
> message.  It's an easy way for maintainers to pick up patches only after
> they've been committed.
> 

Will do if/when reposting.

Thanks,
Cole

[Qemu-devel] [PATCH 1/4] configure: Add --enable-migration-from-qemu-kvm

[Cole Robinson]

This switch will turn on all the migration compat bits needed to
perform migration from qemu-kvm to qemu. It's just a stub for now.

This compat will break incoming migration from qemu < 1.3, but for
distros where qemu-kvm was the only shipped package for years it's
not a big loss (and I don't know any way to avoid it).

Signed-off-by: Cole Robinson 
---
 configure | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/configure b/configure
index bf5970f..296f488 100755
--- a/configure
+++ b/configure
@@ -170,6 +170,7 @@ xfs=""
 
 vhost_net="no"
 kvm="no"
+migrate_from_kvm="no"
 gprof="no"
 debug_tcg="no"
 debug="no"
@@ -759,6 +760,8 @@ for opt do
   ;;
   --enable-kvm) kvm="yes"
   ;;
+  --enable-migration-from-qemu-kvm) migrate_from_kvm="yes"
+  ;;
   --disable-tcg-interpreter) tcg_interpreter="no"
   ;;
   --enable-tcg-interpreter) tcg_interpreter="yes"
@@ -1087,6 +1090,9 @@ echo "  --enable-bluez   enable bluez stack 
connectivity"
 echo "  --disable-slirp  disable SLIRP userspace network connectivity"
 echo "  --disable-kvmdisable KVM acceleration support"
 echo "  --enable-kvm enable KVM acceleration support"
+echo "  --enable-migration-from-qemu-kvm  Allow migration from qemu-kvm."
+echo "This will break migration from "
+echo "qemu < 1.3 in most cases"
 echo "  --enable-tcg-interpreter enable TCG with bytecode interpreter (TCI)"
 echo "  --disable-nptl   disable usermode NPTL support"
 echo "  --enable-nptlenable usermode NPTL support"
@@ -3334,6 +3340,7 @@ echo "Linux AIO support $linux_aio"
 echo "ATTR/XATTR support $attr"
 echo "Install blobs $blobs"
 echo "KVM support   $kvm"
+echo "Migrate from qemu-kvm $migrate_from_kvm"
 echo "TCG interpreter   $tcg_interpreter"
 echo "fdt support   $fdt"
 echo "preadv support$preadv"
@@ -3622,6 +3629,9 @@ fi
 if test "$signalfd" = "yes" ; then
   echo "CONFIG_SIGNALFD=y" >> $config_host_mak
 fi
+if test "$migrate_from_kvm" = "yes"; then
+  echo "CONFIG_MIGRATE_FROM_QEMU_KVM=y" >> $config_host_mak
+fi
 if test "$tcg_interpreter" = "yes" ; then
   echo "CONFIG_TCG_INTERPRETER=y" >> $config_host_mak
 fi
-- 
1.8.1.2

Re: [Qemu-devel] [PATCH 4/4] pc_piix: Add compat handling for qemu-kvm VGA mem size

[Paolo Bonzini]

Il 19/02/2013 23:40, Cole Robinson ha scritto:
> +#ifdef CONFIG_MIGRATE_FROM_QEMU_KVM
> +/* qemu-kvm defaulted to 16MB video memory since 0.15 at least. */
> +# define OLD_VGA_MEM stringify(16)
> +#else
> +# define OLD_VGA_MEM stringify(8)
> +#endif
> +
>  #define PC_COMPAT_1_2 \
>  PC_COMPAT_1_3,\
>  {\
> @@ -354,6 +361,10 @@ static QEMUMachine pc_machine_v1_3 = {
>  .property = "revision",\
>  .value= stringify(3),\
>  },{\
> +.driver   = "cirrus-vga",\
> +.property = "vgamem_mb",\
> +.value= OLD_VGA_MEM,\
> +},{\
>  .driver   = "VGA",\
>  .property = "mmio",\
>  .value= "off",\

Because this is now 1.5, you also need to define pc_machine_v1_4 and add
the compat property there.

Also, please add the "Cc: qemu-sta...@nongnu.org" in the body of the
message.  It's an easy way for maintainers to pick up patches only after
they've been committed.

Paolo

Re: [Qemu-devel] [RFC PATCH] Distinguish between reset types

[Peter Maydell]

On 19 February 2013 22:17, Anthony Liguori  wrote:
> David Woodhouse  writes:
>> On Tue, 2013-02-19 at 14:29 -0600, Anthony Liguori wrote:
>>> So should we even be resetting anything other than the CPU during soft
>>> reset?
>>
>> I suspect not. A soft reset triggered by the RCR, keyboard controller,
>> port 92 etc. should all just reset the CPU and nothing else.
>
> I suspect what we need to do is convert qemu_system_reset_request() into
> a qemu_system_cpu_reset() that takes a callback.  Once the VCPUs have
> been reset, the callback can then be used to reset all or some of the
> device model.

If we're just solving a PC problem here and it really is just
"only reset the CPU, nothing else", why don't we give the
x86 CPU a qemu_irq input for "reset this CPU core" and wire it
up to the relevant bit of hardware on the PC board? I don't
see the need for a specific 'qemu_system_cpu_reset()' here
(and not having one avoids the swamp of trying to define its
semantics...)

>> How far down this road do we go? Do we end up wiring up the full reset
>> topology and abandoning the special-case qemu_system_reset()
>> altogether?
>
> Long term, yes.  Short term, whatever we need that's reasonable to get
> the CSM happy without making things worse.

I definitely think we should be modelling reset lines, yes.
It would be nice if we could sketch a path for how we get from
here to there. Here's a strawman proposal that's probably full
of holes:

(1) we retain the existing 'reset' Device method as meaning "full
power-cycle style reset" and qemu_system_reset_request() as
meaning "power cycle entire machine". (Eventually the latter
might go away as I doubt much real hardware has a "power
cycle the world" wiring.)

(2) we recommend that for new devices etc, where the device has
one or more physical reset pins those should be modeled as
qdev_gpio input lines, with the behaviour the hardware has
when those are asserted. [Q: what do we do about logic-low-is-assert
vs logic-high-is-assert hardware?] This reset can obviously share
code with the DeviceState::reset in many cases, but it's
conceptually separate.

(3) when we need to implement a particular effect on a particular
board (as here with the PC) we do that by:
 a. making sure all affected devices implement reset
 b. wiring up reset on the board model
 c. having the implementation of the 'reset' register or whatever
assert the irq line

(4) as and when we have time, convert existing code (ho ho)

This obviously works best when the "not actually a full power
cycle" reset you want in (3) is a very limited focus one,
like "just reset the CPU"...

It also exposes some "not there yet" features like the fact
we can't have named gpio input lines so you have to have a
numbering convention for smooshing all your inputs into a
single array. Pins, anybody? :-)

-- PMM

Re: [Qemu-devel] [RFC PATCH] Distinguish between reset types

[Paolo Bonzini]

Il 19/02/2013 23:17, Anthony Liguori ha scritto:
>>> >> >  if (val & 4) {
>>> >> > +if (val & 2)
>>> >> > +qemu_irq_pulse(d->reset_out);
>>> >> >  qemu_system_reset_request();
>> >> 
>> >> 
>> >> This is a bit strange to me. 
> >
> > The reset_out "IRQ" isn't actually what triggers the I440FX/PAM reset.
> 
> Right, this is what's strange to me.  There's no hardware analog AFAICT
> so I'm not sure why we're exposing it as a qemu_irq other than we want
> to jump through a function pointer invocation instead of making a
> straight funciton call :-)

True, OTOH I agreed with David's explanation that the hard reset could
happen too early.

IOW, doing the irq this way is a consequence of having
qemu_system_reset_request() instead of qemu_system_reset().

Paolo

[Qemu-devel] [PATCH 57/57] target-i386: Add CC_OP_CLR

[Richard Henderson]

Special case xor with self.  We need not even store the known
zero into cc_src.

Signed-off-by: Richard Henderson 
---
 target-i386/cc_helper.c |  3 +++
 target-i386/cpu.h   |  2 ++
 target-i386/helper.c|  2 ++
 target-i386/translate.c | 17 ++---
 4 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/target-i386/cc_helper.c b/target-i386/cc_helper.c
index 6cf57a7..9daa1a0 100644
--- a/target-i386/cc_helper.c
+++ b/target-i386/cc_helper.c
@@ -102,6 +102,8 @@ target_ulong helper_cc_compute_all(target_ulong dst, 
target_ulong src1,
 
 case CC_OP_EFLAGS:
 return src1;
+case CC_OP_CLR:
+return CC_Z;
 
 case CC_OP_MULB:
 return compute_all_mulb(dst, src1);
@@ -228,6 +230,7 @@ target_ulong helper_cc_compute_c(target_ulong dst, 
target_ulong src1,
 case CC_OP_LOGICW:
 case CC_OP_LOGICL:
 case CC_OP_LOGICQ:
+case CC_OP_CLR:
 return 0;
 
 case CC_OP_EFLAGS:
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index e0443d8..493dda8 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -645,6 +645,8 @@ typedef enum {
 CC_OP_ADOX, /* CC_DST = O, CC_SRC = rest.  */
 CC_OP_ADCOX, /* CC_DST = C, CC_SRC2 = O, CC_SRC = rest.  */
 
+CC_OP_CLR, /* Z set, all other flags clear.  */
+
 CC_OP_NB,
 } CCOp;
 
diff --git a/target-i386/helper.c b/target-i386/helper.c
index 66c3624..82a731c 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -117,6 +117,8 @@ static const char *cc_op_str[CC_OP_NB] = {
 "ADCX",
 "ADOX",
 "ADCOX",
+
+"CLR",
 };
 
 static void
diff --git a/target-i386/translate.c b/target-i386/translate.c
index 30e88da..aa552b1 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -213,6 +213,7 @@ static const uint8_t cc_op_live[CC_OP_NB] = {
 [CC_OP_ADCX] = USES_CC_DST | USES_CC_SRC,
 [CC_OP_ADOX] = USES_CC_SRC | USES_CC_SRC2,
 [CC_OP_ADCOX] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
+[CC_OP_CLR] = 0,
 };
 
 static void set_cc_op(DisasContext *s, CCOp op)
@@ -906,6 +907,11 @@ static void gen_compute_eflags(DisasContext *s)
 if (s->cc_op == CC_OP_EFLAGS) {
 return;
 }
+if (s->cc_op == CC_OP_CLR) {
+tcg_gen_movi_tl(cpu_cc_src, CC_Z);
+set_cc_op(s, CC_OP_EFLAGS);
+return;
+}
 
 TCGV_UNUSED(zero);
 dst = cpu_cc_dst;
@@ -974,6 +980,7 @@ static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv 
reg)
  .reg2 = t1, .mask = -1, .use_reg2 = true };
 
 case CC_OP_LOGICB ... CC_OP_LOGICQ:
+case CC_OP_CLR:
 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
 
 case CC_OP_INCB ... CC_OP_INCQ:
@@ -1040,6 +1047,8 @@ static CCPrepare gen_prepare_eflags_s(DisasContext *s, 
TCGv reg)
 case CC_OP_ADCOX:
 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
  .mask = CC_S };
+case CC_OP_CLR:
+return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
 default:
 {
 int size = (s->cc_op - CC_OP_ADDB) & 3;
@@ -1057,7 +1066,8 @@ static CCPrepare gen_prepare_eflags_o(DisasContext *s, 
TCGv reg)
 case CC_OP_ADCOX:
 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src2,
  .mask = -1, .no_setcond = true };
-
+case CC_OP_CLR:
+return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
 default:
 gen_compute_eflags(s);
 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
@@ -1078,6 +1088,8 @@ static CCPrepare gen_prepare_eflags_z(DisasContext *s, 
TCGv reg)
 case CC_OP_ADCOX:
 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
  .mask = CC_Z };
+case CC_OP_CLR:
+return (CCPrepare) { .cond = TCG_COND_ALWAYS, .mask = -1 };
 default:
 {
 int size = (s->cc_op - CC_OP_ADDB) & 3;
@@ -4890,10 +4902,9 @@ static target_ulong disas_insn(CPUX86State *env, 
DisasContext *s,
 } else if (op == OP_XORL && rm == reg) {
 xor_zero:
 /* xor reg, reg optimisation */
+set_cc_op(s, CC_OP_CLR);
 gen_op_movl_T0_0();
-set_cc_op(s, CC_OP_LOGICB + ot);
 gen_op_mov_reg_T0(ot, reg);
-gen_op_update1_cc();
 break;
 } else {
 opreg = rm;
-- 
1.8.1.2

Re: [Qemu-devel] [PATCH V24 5/7] Add a TPM Passthrough backend driver implementation

[Corey Bryant]

diff --git a/tpm/Makefile.objs b/tpm/Makefile.objs
index 94ad2e7..8abd0f9 100644
--- a/tpm/Makefile.objs
+++ b/tpm/Makefile.objs
@@ -1,4 +1,6 @@
-common-obj-y = tpm.o
+common-obj-y = tpm.o tpm_backend.o
  ifeq ($(CONFIG_TPM),y)
  common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
  endif
+common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o
+


Should the ifeq be surrounding more than just tpm_tis?

--
Regards,
Corey Bryant

Re: [Qemu-devel] [RFC PATCH] Distinguish between reset types

[David Woodhouse]

On Tue, 2013-02-19 at 16:17 -0600, Anthony Liguori wrote:
> Right, this is what's strange to me.  There's no hardware analog AFAICT
> so I'm not sure why we're exposing it as a qemu_irq other than we want
> to jump through a function pointer invocation instead of making a
> straight funciton call :-)

Hey, don't ask me. I was just trying to do what Paolo said in response
to me first attempt — which just accessed the 'hard reset' flag in the
PIIX directly from the I440FX reset handler.

> > That just sets a flag to say that the coming *system* reset is a hard
> > reset and not a soft reset.
> 
> Yes, but this flag is in PIIX, not the i440fx.

Yes. The Reset Control Register is in the PIIX. And the i440fx just
happens to be the only other device that *cares* if it's a hard reset or
a soft reset. For now. Thankfully they're implemented in the same C file
and even initialised together, which lets us do a special-case hack
relatively easily.

> I suspect what we need to do is convert qemu_system_reset_request() into
> a qemu_system_cpu_reset() that takes a callback.  Once the VCPUs have
> been reset, the callback can then be used to reset all or some of the
> device model.  This of course means removing the reset handlers in the
> CPUs as they exist today.
> 
> Cc'ing Andreas to get his thoughts.
> 
> FWIW, I'm not expecting you to do this to fix this issue.  Just thinking
> out loud here really.

Sounds good to me. I'm beginning to wish I'd just ignored the fact that
we need a properly working "soft" reset to get back from 286 protected
mode to real mode, and wired up the damn PAM reset unconditionally. I'm
not convinced that the protected->real mode transition will work for
anyone anyway.

> I'm not terribly happy exposing an IRQ that doesn't exist in real life
> to "model hardware".  We could just as easily call into i440fx to set
> the hard_reset flag without jumping through qemu_irq hoops if we're just
> looking to make it work.  I think that's clearer if what we're doing is
> essentially a short term hack.

That was basically my first attempt, before Paulo's feedback? I had
i440fx calling into PIIX to *read* the flag, rather than PIIX calling
into i440fx to *set* it, but if you feel strongly it wouldn't be hard to
switch that round.

-- 
dwmw2



smime.p7s
Description: S/MIME cryptographic signature

[Qemu-devel] [PATCH 3/4] i8254: Fix migration from qemu-kvm < 1.1

[Cole Robinson]

qemu-kvm commit 81bdec908fb2be0ccaff1d4ee67956c509e440ad did this,
but the logic can't be carried unconditionally in qemu.git without
breaking migration from qemu < 1.1.

Conditionalize it with --enable-migrate-from-qemu-kvm

Signed-off-by: Cole Robinson 
---
 hw/i8254_common.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/hw/i8254_common.c b/hw/i8254_common.c
index 8c2e45a..072fa09 100644
--- a/hw/i8254_common.c
+++ b/hw/i8254_common.c
@@ -275,7 +275,15 @@ static const VMStateDescription vmstate_pit_common = {
 .pre_save = pit_dispatch_pre_save,
 .post_load = pit_dispatch_post_load,
 .fields = (VMStateField[]) {
+#ifdef CONFIG_MIGRATE_FROM_QEMU_KVM
+/* qemu-kvm version_id=2 had 'flags' here which is equivalent
+ * This fixes incoming migration from qemu-kvm 1.0, but breaks
+ * incoming migration from qemu < 1.1
+ */
+VMSTATE_UINT32(channels[0].irq_disabled, PITCommonState),
+#else
 VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3),
+#endif
 VMSTATE_STRUCT_ARRAY(channels, PITCommonState, 3, 2,
  vmstate_pit_channel, PITChannelState),
 VMSTATE_INT64(channels[0].next_transition_time,
-- 
1.8.1.2

[Qemu-devel] [PATCH 4/4] pc_piix: Add compat handling for qemu-kvm VGA mem size

[Cole Robinson]

Paolo outlines this here:

https://lists.gnu.org/archive/html/qemu-devel/2013-01/msg02540.html

qemu-kvm defaulted to vgamem=16MB since at least 0.15, while qemu used
8MB. For qemu 1.2, the default was changed to 16MB for all devices
except cirrus.

If --enable-migration-from-qemu-kvm is specified, make sure cirrus
uses 16MB for <= pc-1.2 (the qemu-kvm merge), and 16MB always for
all others. This will break incoming qemu migration for qemu < 1.3.

Signed-off-by: Cole Robinson 
---
 hw/pc_piix.c | 20 
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index 0af436c..e3f8e96 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -331,6 +331,13 @@ static QEMUMachine pc_machine_v1_3 = {
 DEFAULT_MACHINE_OPTIONS,
 };
 
+#ifdef CONFIG_MIGRATE_FROM_QEMU_KVM
+/* qemu-kvm defaulted to 16MB video memory since 0.15 at least. */
+# define OLD_VGA_MEM stringify(16)
+#else
+# define OLD_VGA_MEM stringify(8)
+#endif
+
 #define PC_COMPAT_1_2 \
 PC_COMPAT_1_3,\
 {\
@@ -354,6 +361,10 @@ static QEMUMachine pc_machine_v1_3 = {
 .property = "revision",\
 .value= stringify(3),\
 },{\
+.driver   = "cirrus-vga",\
+.property = "vgamem_mb",\
+.value= OLD_VGA_MEM,\
+},{\
 .driver   = "VGA",\
 .property = "mmio",\
 .value= "off",\
@@ -371,6 +382,7 @@ static QEMUMachine pc_machine_v1_2 = {
 DEFAULT_MACHINE_OPTIONS,
 };
 
+
 #define PC_COMPAT_1_1 \
 PC_COMPAT_1_2,\
 {\
@@ -384,19 +396,19 @@ static QEMUMachine pc_machine_v1_2 = {
 },{\
 .driver   = "VGA",\
 .property = "vgamem_mb",\
-.value= stringify(8),\
+.value= OLD_VGA_MEM,\
 },{\
 .driver   = "vmware-svga",\
 .property = "vgamem_mb",\
-.value= stringify(8),\
+.value= OLD_VGA_MEM,\
 },{\
 .driver   = "qxl-vga",\
 .property = "vgamem_mb",\
-.value= stringify(8),\
+.value= OLD_VGA_MEM,\
 },{\
 .driver   = "qxl",\
 .property = "vgamem_mb",\
-.value= stringify(8),\
+.value= OLD_VGA_MEM,\
 },{\
 .driver   = "virtio-blk-pci",\
 .property = "config-wce",\
-- 
1.8.1.2

[Qemu-devel] [PATCH 2/4] acpi_piix4: Drop minimum_version_id to handle qemu-kvm migration

[Cole Robinson]

qemu-kvm 1.2 advertised version_id=2, but it was not the same
format as qemu.git version_id=2.

commit b0b873a07872f7ab7f66f259c73fb9dd42aa66a9 added the qemu-kvm
format to qemu.git, but was forced to call it version_id=3, and
bumped minimum_version_id to 3. This breaks incoming migration from
qemu-kvm.

If --enable-migration-from-qemu-kvm is enabled, drop minimum_version_id
to 2. Migration from qemu-kvm version_id=2 and qemu 1.3+ version_id=3
works, but migration from qemu < 1.3 is broken.

Signed-off-by: Cole Robinson 
---
 hw/acpi_piix4.c | 15 +--
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
index 65b2601..e3d2e41 100644
--- a/hw/acpi_piix4.c
+++ b/hw/acpi_piix4.c
@@ -257,16 +257,19 @@ static int acpi_load_old(QEMUFile *f, void *opaque, int 
version_id)
 return ret;
 }
 
-/* qemu-kvm 1.2 uses version 3 but advertised as 2
- * To support incoming qemu-kvm 1.2 migration, change version_id
- * and minimum_version_id to 2 below (which breaks migration from
- * qemu 1.2).
- *
- */
 static const VMStateDescription vmstate_acpi = {
 .name = "piix4_pm",
 .version_id = 3,
+#ifdef CONFIG_MIGRATE_FROM_QEMU_KVM
+/*
+ * qemu-kvm 1.2 uses qemu.git version 3 format, but advertised as 2.
+ * This allows incoming migration from qemu-kvm, but breaks incoming
+ * migration from qemu < 1.3.
+ */
+.minimum_version_id = 2,
+#else
 .minimum_version_id = 3,
+#endif
 .minimum_version_id_old = 1,
 .load_state_old = acpi_load_old,
 .post_load = vmstate_acpi_post_load,
-- 
1.8.1.2

[Qemu-devel] [PATCH 44/57] target-i386: Decode the VEX prefixes

[Richard Henderson]

No actual required uses of these encodings yet.

Signed-off-by: Richard Henderson 
---
 target-i386/translate.c | 68 ++---
 1 file changed, 64 insertions(+), 4 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index e5cda94..f824b99 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -37,6 +37,7 @@
 #define PREFIX_LOCK   0x04
 #define PREFIX_DATA   0x08
 #define PREFIX_ADR0x10
+#define PREFIX_VEX0x20
 
 #ifdef TARGET_X86_64
 #define CODE64(s) ((s)->code64)
@@ -98,6 +99,8 @@ typedef struct DisasContext {
 int code64; /* 64 bit code segment */
 int rex_x, rex_b;
 #endif
+int vex_l;  /* vex vector length */
+int vex_v;  /* vex  register, without 1's compliment.  */
 int ss32;   /* 32 bit stack segment */
 CCOp cc_op;  /* current CC operation */
 bool cc_op_dirty;
@@ -4264,6 +4267,8 @@ static target_ulong disas_insn(CPUX86State *env, 
DisasContext *s,
 x86_64_hregs = 0;
 #endif
 s->rip_offset = 0; /* for relative ip address */
+s->vex_l = 0;
+s->vex_v = 0;
  next_byte:
 b = cpu_ldub_code(env, s->pc);
 s->pc++;
@@ -4315,6 +4320,63 @@ static target_ulong disas_insn(CPUX86State *env, 
DisasContext *s,
 }
 break;
 #endif
+case 0xc5: /* 2-byte VEX */
+case 0xc4: /* 3-byte VEX */
+/* VEX prefixes cannot be used except in 32-bit mode.
+   Otherwise the instruction is LES or LDS.  */
+if (s->code32 && !s->vm86) {
+static const int pp_prefix[4] = {
+0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ
+};
+int vex3, vex2 = cpu_ldub_code(env, s->pc);
+
+if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
+/* 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b,
+   otherwise the instruction is LES or LDS.  */
+break;
+}
+s->pc++;
+
+/* 4.1.1-4.1.3: No preceeding lock, 66, f2, f3, or rex prefixes. */
+if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ
+| PREFIX_LOCK | PREFIX_DATA)) {
+goto illegal_op;
+}
+#ifdef TARGET_X86_64
+if (x86_64_hregs) {
+goto illegal_op;
+}
+#endif
+rex_r = (~vex2 >> 4) & 8;
+if (b == 0xc5) {
+vex3 = vex2;
+b = cpu_ldub_code(env, s->pc++);
+} else {
+#ifdef TARGET_X86_64
+s->rex_x = (~vex2 >> 3) & 8;
+s->rex_b = (~vex2 >> 2) & 8;
+#endif
+vex3 = cpu_ldub_code(env, s->pc++);
+rex_w = (vex3 >> 7) & 1;
+switch (vex2 & 0x1f) {
+case 0x01: /* Implied 0f leading opcode bytes.  */
+b = cpu_ldub_code(env, s->pc++) | 0x100;
+break;
+case 0x02: /* Implied 0f 38 leading opcode bytes.  */
+b = 0x138;
+break;
+case 0x03: /* Implied 0f 3a leading opcode bytes.  */
+b = 0x13a;
+break;
+default:   /* Reserved for future use.  */
+goto illegal_op;
+}
+}
+s->vex_v = (~vex3 >> 3) & 0xf;
+s->vex_l = (vex3 >> 2) & 1;
+prefixes |= pp_prefix[vex3 & 3] | PREFIX_VEX;
+}
+break;
 }
 
 /* Post-process prefixes.  */
@@ -5461,13 +5523,11 @@ static target_ulong disas_insn(CPUX86State *env, 
DisasContext *s,
 }
 break;
 case 0xc4: /* les Gv */
-if (CODE64(s))
-goto illegal_op;
+/* In CODE64 this is VEX3; see above.  */
 op = R_ES;
 goto do_lxx;
 case 0xc5: /* lds Gv */
-if (CODE64(s))
-goto illegal_op;
+/* In CODE64 this is VEX2; see above.  */
 op = R_DS;
 goto do_lxx;
 case 0x1b2: /* lss Gv */
-- 
1.8.1.2

Re: [Qemu-devel] [PATCH V24 1/7] Support for TPM command line options

[Corey Bryant]

diff --git a/tpm/tpm.c b/tpm/tpm.c
new file mode 100644
index 000..51eaf7e
--- /dev/null
+++ b/tpm/tpm.c
@@ -0,0 +1,345 @@
+/*
+ * TPM configuration
+ *
+ * Copyright (C) 2011-2013 IBM Corporation
+ *
+ * Authors:
+ *  Stefan Berger
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * Based on net.c
+ */
+#include "config-host.h"
+
+#include "monitor/monitor.h"
+#include "qapi/qmp/qerror.h"
+#include "tpm_int.h"
+#include "tpm/tpm.h"
+#include "qemu/config-file.h"
+#include "qmp-commands.h"
+
+static QLIST_HEAD(, TPMBackend) tpm_backends =
+QLIST_HEAD_INITIALIZER(tpm_backends);
+
+
+#define TPM_MAX_MODELS  1
+#define TPM_MAX_DRIVERS 2
+
+static TPMDriverOps const *be_drivers[TPM_MAX_DRIVERS] = {
+NULL,
+};
+
+static enum TpmModel tpm_models[TPM_MAX_MODELS] = {
+-1,
+};
+
+int tpm_register_model(enum TpmModel model)


It seems like there is inconsistency with the functions that are #ifdef'd.

One example is that tpm_register_model() isn't surrounded by #ifdef 
CONFIG_TPM..



+{
+int i;
+
+for (i = 0; i < TPM_MAX_MODELS; i++) {
+if (tpm_models[i] == -1) {
+tpm_models[i] = model;
+return 0;
+}
+}
+error_report("Could not register TPM model");
+return 1;
+}
+
+static bool tpm_model_is_registered(enum TpmModel model)
+{
+int i;
+
+for (i = 0; i < TPM_MAX_MODELS; i++) {
+if (tpm_models[i] == model) {
+return true;
+}
+}
+return false;
+}
+
+const TPMDriverOps *tpm_get_backend_driver(const char *type)
+{
+int i;
+
+for (i = 0; i < TPM_MAX_DRIVERS && be_drivers[i] != NULL; i++) {
+if (!strcmp(TpmType_lookup[be_drivers[i]->type], type)) {
+return be_drivers[i];
+}
+}
+
+return NULL;
+}
+
+#ifdef CONFIG_TPM
+
+int tpm_register_driver(const TPMDriverOps *tdo)


..but tpm_register_driver() is surrounded by #ifdef CONFIG_TPM.

--
Regards,
Corey Bryant

Re: [Qemu-devel] [PATCH V24 1/7] Support for TPM command line options

[Stefan Berger]

On 02/19/2013 04:42 PM, Corey Bryant wrote:



diff --git a/tpm/Makefile.objs b/tpm/Makefile.objs
new file mode 100644
index 000..dffb567
--- /dev/null
+++ b/tpm/Makefile.objs
@@ -0,0 +1 @@
+common-obj-y = tpm.o
diff --git a/tpm/tpm.c b/tpm/tpm.c
new file mode 100644
index 000..51eaf7e
--- /dev/null
+++ b/tpm/tpm.c
@@ -0,0 +1,345 @@
+/*
+ * TPM configuration
+ *
+ * Copyright (C) 2011-2013 IBM Corporation
+ *
+ * Authors:
+ *  Stefan Berger
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 
or later.

+ * See the COPYING file in the top-level directory.
+ *
+ * Based on net.c
+ */
+#include "config-host.h"
+
+#include "monitor/monitor.h"
+#include "qapi/qmp/qerror.h"
+#include "tpm_int.h"
+#include "tpm/tpm.h"
+#include "qemu/config-file.h"
+#include "qmp-commands.h"
+
+static QLIST_HEAD(, TPMBackend) tpm_backends =
+QLIST_HEAD_INITIALIZER(tpm_backends);
+
+
+#define TPM_MAX_MODELS  1
+#define TPM_MAX_DRIVERS 2


Should TPM_MAX_DRIVERS be 1?



It leaves us room for 1 more already -- libtpms driver.

[Qemu-devel] [PATCH 30/57] target-i386: use CCPrepare to generate conditional jumps

[Richard Henderson]

From: Paolo Bonzini 

This simplifies all the jump generation code.  CCPrepare allows the
code to create an efficient brcond always, so there is no need to
duplicate the setcc and jcc code.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Richard Henderson 
---
 target-i386/translate.c | 119 
 1 file changed, 9 insertions(+), 110 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 046d82f..b081fc0 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -1178,117 +1178,16 @@ static CCPrepare gen_prepare_cc(DisasContext *s, int 
b, TCGv reg)
value 'b'. In the fast case, T0 is guaranted not to be used. */
 static inline void gen_jcc1(DisasContext *s, int b, int l1)
 {
-int inv, jcc_op, size, cond;
-TCGv t0;
+CCPrepare cc = gen_prepare_cc(s, b, cpu_T[0]);
 
-inv = b & 1;
-jcc_op = (b >> 1) & 7;
-
-switch (s->cc_op) {
-/* we optimize the cmp/jcc case */
-case CC_OP_SUBB:
-case CC_OP_SUBW:
-case CC_OP_SUBL:
-case CC_OP_SUBQ:
-
-size = s->cc_op - CC_OP_SUBB;
-switch(jcc_op) {
-case JCC_Z:
-fast_jcc_z:
-t0 = gen_ext_tl(cpu_tmp0, cpu_cc_dst, size, false);
-tcg_gen_brcondi_tl(inv ? TCG_COND_NE : TCG_COND_EQ, t0, 0, l1);
-break;
-case JCC_S:
-fast_jcc_s:
-t0 = gen_ext_tl(cpu_tmp0, cpu_cc_dst, size, true);
-tcg_gen_brcondi_tl(inv ? TCG_COND_GE : TCG_COND_LT, t0, 0, l1);
-break;
-
-case JCC_B:
-cond = inv ? TCG_COND_GEU : TCG_COND_LTU;
-goto fast_jcc_b;
-case JCC_BE:
-cond = inv ? TCG_COND_GTU : TCG_COND_LEU;
-fast_jcc_b:
-tcg_gen_add_tl(cpu_tmp4, cpu_cc_dst, cpu_cc_src);
-gen_extu(size, cpu_tmp4);
-t0 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
-tcg_gen_brcond_tl(cond, cpu_tmp4, t0, l1);
-break;
-
-case JCC_L:
-cond = inv ? TCG_COND_GE : TCG_COND_LT;
-goto fast_jcc_l;
-case JCC_LE:
-cond = inv ? TCG_COND_GT : TCG_COND_LE;
-fast_jcc_l:
-tcg_gen_add_tl(cpu_tmp4, cpu_cc_dst, cpu_cc_src);
-gen_exts(size, cpu_tmp4);
-t0 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, true);
-tcg_gen_brcond_tl(cond, cpu_tmp4, t0, l1);
-break;
-
-default:
-goto slow_jcc;
-}
-break;
-
-/* some jumps are easy to compute */
-case CC_OP_ADDB:
-case CC_OP_ADDW:
-case CC_OP_ADDL:
-case CC_OP_ADDQ:
-
-case CC_OP_ADCB:
-case CC_OP_ADCW:
-case CC_OP_ADCL:
-case CC_OP_ADCQ:
-
-case CC_OP_SBBB:
-case CC_OP_SBBW:
-case CC_OP_SBBL:
-case CC_OP_SBBQ:
-
-case CC_OP_LOGICB:
-case CC_OP_LOGICW:
-case CC_OP_LOGICL:
-case CC_OP_LOGICQ:
-
-case CC_OP_INCB:
-case CC_OP_INCW:
-case CC_OP_INCL:
-case CC_OP_INCQ:
-
-case CC_OP_DECB:
-case CC_OP_DECW:
-case CC_OP_DECL:
-case CC_OP_DECQ:
-
-case CC_OP_SHLB:
-case CC_OP_SHLW:
-case CC_OP_SHLL:
-case CC_OP_SHLQ:
-
-case CC_OP_SARB:
-case CC_OP_SARW:
-case CC_OP_SARL:
-case CC_OP_SARQ:
-switch(jcc_op) {
-case JCC_Z:
-size = (s->cc_op - CC_OP_ADDB) & 3;
-goto fast_jcc_z;
-case JCC_S:
-size = (s->cc_op - CC_OP_ADDB) & 3;
-goto fast_jcc_s;
-default:
-goto slow_jcc;
-}
-break;
-default:
-slow_jcc:
-gen_setcc1(s, b, cpu_T[0]);
-tcg_gen_brcondi_tl(TCG_COND_NE, cpu_T[0], 0, l1);
-break;
+if (cc.mask != -1) {
+tcg_gen_andi_tl(cpu_T[0], cc.reg, cc.mask);
+cc.reg = cpu_T[0];
+}
+if (cc.use_reg2) {
+tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1);
+} else {
+tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1);
 }
 }
 
-- 
1.8.1.2

Re: [Qemu-devel] [RFC PATCH] Distinguish between reset types

[Anthony Liguori]

David Woodhouse  writes:

> On Tue, 2013-02-19 at 14:29 -0600, Anthony Liguori wrote:
>> David Woodhouse  writes:
>> >  if (val & 4) {
>> > +if (val & 2)
>> > +qemu_irq_pulse(d->reset_out);
>> >  qemu_system_reset_request();
>> 
>> 
>> This is a bit strange to me. 
>
> The reset_out "IRQ" isn't actually what triggers the I440FX/PAM reset.

Right, this is what's strange to me.  There's no hardware analog AFAICT
so I'm not sure why we're exposing it as a qemu_irq other than we want
to jump through a function pointer invocation instead of making a
straight funciton call :-)

> That just sets a flag to say that the coming *system* reset is a hard
> reset and not a soft reset.

Yes, but this flag is in PIIX, not the i440fx.

> I did comment about the possibility of doing
> the reset directly from the qemu_irq handler, and why I hadn't done it
> that way...
>
>> So should we even be resetting anything other than the CPU during soft
>> reset?
>
> I suspect not. A soft reset triggered by the RCR, keyboard controller,
> port 92 etc. should all just reset the CPU and nothing else.

I suspect what we need to do is convert qemu_system_reset_request() into
a qemu_system_cpu_reset() that takes a callback.  Once the VCPUs have
been reset, the callback can then be used to reset all or some of the
device model.  This of course means removing the reset handlers in the
CPUs as they exist today.

Cc'ing Andreas to get his thoughts.

FWIW, I'm not expecting you to do this to fix this issue.  Just thinking
out loud here really.

>> In the very least, shouldn't we expose qemu_irqs from the PIIX and let
>> the i440fx decide what to do with them?  In this case, it would be an
>> INIT# and CPURST# qemu_irq corresponding to soft and hard reset
>> respectively.
>
> How far down this road do we go? Do we end up wiring up the full reset
> topology and abandoning the special-case qemu_system_reset()
> altogether?

Long term, yes.  Short term, whatever we need that's reasonable to get
the CSM happy without making things worse.

I'm not terribly happy exposing an IRQ that doesn't exist in real life
to "model hardware".  We could just as easily call into i440fx to set
the hard_reset flag without jumping through qemu_irq hoops if we're just
looking to make it work.  I think that's clearer if what we're doing is
essentially a short term hack.

If we were going to model an INIT# and CPURST# qemu_irq and raise them
based on what the hardware does, I'm happy with that.  But AFAICT
'reset_out' has no hardware analogy.

Regards,

Anthony Liguori

>
> -- 
> dwmw2

[Qemu-devel] [PATCH 55/57] target-i386: Use clz/ctz for bsf/bsr helpers

[Richard Henderson]

And mark the helpers as NO_RWG_SE.

Signed-off-by: Richard Henderson 
---
 target-i386/helper.h |  6 +++---
 target-i386/int_helper.c | 45 +++--
 2 files changed, 14 insertions(+), 37 deletions(-)

diff --git a/target-i386/helper.h b/target-i386/helper.h
index 81e0fbd..e1ecdb8 100644
--- a/target-i386/helper.h
+++ b/target-i386/helper.h
@@ -195,9 +195,9 @@ DEF_HELPER_3(frstor, void, env, tl, int)
 DEF_HELPER_3(fxsave, void, env, tl, int)
 DEF_HELPER_3(fxrstor, void, env, tl, int)
 
-DEF_HELPER_1(bsf, tl, tl)
-DEF_HELPER_1(bsr, tl, tl)
-DEF_HELPER_2(lzcnt, tl, tl, int)
+DEF_HELPER_FLAGS_1(bsf, TCG_CALL_NO_RWG_SE, tl, tl)
+DEF_HELPER_FLAGS_1(bsr, TCG_CALL_NO_RWG_SE, tl, tl)
+DEF_HELPER_FLAGS_2(lzcnt, TCG_CALL_NO_RWG_SE, tl, tl, int)
 DEF_HELPER_FLAGS_2(pdep, TCG_CALL_NO_RWG_SE, tl, tl, tl)
 DEF_HELPER_FLAGS_2(pext, TCG_CALL_NO_RWG_SE, tl, tl, tl)
 
diff --git a/target-i386/int_helper.c b/target-i386/int_helper.c
index 527af40..7bec4eb 100644
--- a/target-i386/int_helper.c
+++ b/target-i386/int_helper.c
@@ -447,53 +447,30 @@ void helper_idivq_EAX(CPUX86State *env, target_ulong t0)
 }
 #endif
 
+#if TARGET_LONG_BITS == 32
+# define ctztl  ctz32
+# define clztl  clz32
+#else
+# define ctztl  ctz64
+# define clztl  clz64
+#endif
+
 /* bit operations */
 target_ulong helper_bsf(target_ulong t0)
 {
-int count;
-target_ulong res;
-
-res = t0;
-count = 0;
-while ((res & 1) == 0) {
-count++;
-res >>= 1;
-}
-return count;
+return ctztl(t0);
 }
 
 target_ulong helper_lzcnt(target_ulong t0, int wordsize)
 {
-int count;
-target_ulong res, mask;
-
-if (wordsize > 0 && t0 == 0) {
-return wordsize;
-}
-res = t0;
-count = TARGET_LONG_BITS - 1;
-mask = (target_ulong)1 << (TARGET_LONG_BITS - 1);
-while ((res & mask) == 0) {
-count--;
-res <<= 1;
-}
-if (wordsize > 0) {
-return wordsize - 1 - count;
-}
-return count;
+return clztl(t0) - (TARGET_LONG_BITS - wordsize);
 }
 
 target_ulong helper_bsr(target_ulong t0)
 {
-return helper_lzcnt(t0, 0);
+return clztl(t0) ^ (TARGET_LONG_BITS - 1);
 }
 
-#if TARGET_LONG_BITS == 32
-# define ctztl  ctz32
-#else
-# define ctztl  ctz64
-#endif
-
 target_ulong helper_pdep(target_ulong src, target_ulong mask)
 {
 target_ulong dest = 0;
-- 
1.8.1.2

Re: [Qemu-devel] [PATCH 0/8] virtio: set config size using host features

[Anthony Liguori]

Jesse Larrew  writes:

> To ensure compatibility between qemu versions, virtio drivers should set
> the size of their config structs according to the feature bits that are
> set. This should keep the size from changing as new features are introduced
> and avoid breaking older drivers.
>
> [PATCH 1/8] virtio-net: replace redundant config_size field with config_len
> [PATCH 2/8] virtio: put struct VirtIOFeature in a header
> [PATCH 3/8] virtio: pass host features to driver init functions
> [PATCH 4/8] virtio: set config size using host features
> [PATCH 5/8] virtio-balloon: fill in the table of feature_sizes
> [PATCH 6/8] virtio-serial: fill in the feature table
> [PATCH 7/8] virtio-scsi: fill in table of feature sizes
> [PATCH 8/8] virtio-blk: fill in the feature table

Breaks the build.  There's no good reason for this either.  Don't send
patches unless you've done a full build (without a --target-list option).

  CCs390x-softmmu/hw/s390x/s390-virtio-bus.o
/home/aliguori/git/qemu/hw/s390x/s390-virtio-bus.c: In function 
‘s390_virtio_scsi_init’:
/home/aliguori/git/qemu/hw/s390x/s390-virtio-bus.c:203:5: error: too few 
arguments to function ‘virtio_scsi_init’
In file included from /home/aliguori/git/qemu/hw/s390x/s390-virtio-bus.c:27:0:
/home/aliguori/git/qemu/hw/virtio.h:268:15: note: declared here
/home/aliguori/git/qemu/hw/s390x/s390-virtio-bus.c:208:5: error: too many 
arguments to function ‘s390_virtio_device_init’
/home/aliguori/git/qemu/hw/s390x/s390-virtio-bus.c:123:12: note: declared here
make[1]: *** [hw/s390x/s390-virtio-bus.o] Error 1
make: *** [subdir-s390x-softmmu] Error 2

Regards,

Anthony Liguori

Re: [Qemu-devel] [PATCH V24 1/7] Support for TPM command line options

[Stefan Berger]

On 02/19/2013 05:04 PM, Corey Bryant wrote:



diff --git a/tpm/tpm.c b/tpm/tpm.c
new file mode 100644
index 000..51eaf7e
--- /dev/null
+++ b/tpm/tpm.c
@@ -0,0 +1,345 @@
+/*
+ * TPM configuration
+ *
+ * Copyright (C) 2011-2013 IBM Corporation
+ *
+ * Authors:
+ *  Stefan Berger
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 
or later.

+ * See the COPYING file in the top-level directory.
+ *
+ * Based on net.c
+ */
+#include "config-host.h"
+
+#include "monitor/monitor.h"
+#include "qapi/qmp/qerror.h"
+#include "tpm_int.h"
+#include "tpm/tpm.h"
+#include "qemu/config-file.h"
+#include "qmp-commands.h"
+
+static QLIST_HEAD(, TPMBackend) tpm_backends =
+QLIST_HEAD_INITIALIZER(tpm_backends);
+
+
+#define TPM_MAX_MODELS  1
+#define TPM_MAX_DRIVERS 2
+
+static TPMDriverOps const *be_drivers[TPM_MAX_DRIVERS] = {
+NULL,
+};
+
+static enum TpmModel tpm_models[TPM_MAX_MODELS] = {
+-1,
+};
+
+int tpm_register_model(enum TpmModel model)


It seems like there is inconsistency with the functions that are 
#ifdef'd.


One example is that tpm_register_model() isn't surrounded by #ifdef 
CONFIG_TPM..



+{
+int i;
+
+for (i = 0; i < TPM_MAX_MODELS; i++) {
+if (tpm_models[i] == -1) {
+tpm_models[i] = model;
+return 0;
+}
+}
+error_report("Could not register TPM model");
+return 1;
+}
+
+static bool tpm_model_is_registered(enum TpmModel model)
+{
+int i;
+
+for (i = 0; i < TPM_MAX_MODELS; i++) {
+if (tpm_models[i] == model) {
+return true;
+}
+}
+return false;
+}
+
+const TPMDriverOps *tpm_get_backend_driver(const char *type)
+{
+int i;
+
+for (i = 0; i < TPM_MAX_DRIVERS && be_drivers[i] != NULL; i++) {
+if (!strcmp(TpmType_lookup[be_drivers[i]->type], type)) {
+return be_drivers[i];
+}
+}
+
+return NULL;
+}
+
+#ifdef CONFIG_TPM
+
+int tpm_register_driver(const TPMDriverOps *tdo)


..but tpm_register_driver() is surrounded by #ifdef CONFIG_TPM.


and? there's a stub function further below ...

[Qemu-devel] [PATCH 10/57] target-i386: clean up sahf

[Richard Henderson]

From: Paolo Bonzini 

Discard CC_DST and set s->cc_op immediately after computing EFLAGS.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Richard Henderson 
---
 target-i386/translate.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 80483c0..64564e0 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -6502,10 +6502,12 @@ static target_ulong disas_insn(CPUX86State *env, 
DisasContext *s,
 if (s->cc_op != CC_OP_DYNAMIC)
 gen_op_set_cc_op(s->cc_op);
 gen_compute_eflags(cpu_cc_src);
+tcg_gen_discard_tl(cpu_cc_dst);
+s->cc_op = CC_OP_EFLAGS;
+
 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, CC_O);
 tcg_gen_andi_tl(cpu_T[0], cpu_T[0], CC_S | CC_Z | CC_A | CC_P | CC_C);
 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, cpu_T[0]);
-s->cc_op = CC_OP_EFLAGS;
 break;
 case 0x9f: /* lahf */
 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
-- 
1.8.1.2

Re: [Qemu-devel] [PATCH V24 1/7] Support for TPM command line options

[Corey Bryant]

diff --git a/tpm/Makefile.objs b/tpm/Makefile.objs
new file mode 100644
index 000..dffb567
--- /dev/null
+++ b/tpm/Makefile.objs
@@ -0,0 +1 @@
+common-obj-y = tpm.o
diff --git a/tpm/tpm.c b/tpm/tpm.c
new file mode 100644
index 000..51eaf7e
--- /dev/null
+++ b/tpm/tpm.c
@@ -0,0 +1,345 @@
+/*
+ * TPM configuration
+ *
+ * Copyright (C) 2011-2013 IBM Corporation
+ *
+ * Authors:
+ *  Stefan Berger
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * Based on net.c
+ */
+#include "config-host.h"
+
+#include "monitor/monitor.h"
+#include "qapi/qmp/qerror.h"
+#include "tpm_int.h"
+#include "tpm/tpm.h"
+#include "qemu/config-file.h"
+#include "qmp-commands.h"
+
+static QLIST_HEAD(, TPMBackend) tpm_backends =
+QLIST_HEAD_INITIALIZER(tpm_backends);
+
+
+#define TPM_MAX_MODELS  1
+#define TPM_MAX_DRIVERS 2


Should TPM_MAX_DRIVERS be 1?

--
Regards,
Corey Bryant