[Qemu-devel] [Bug 1262081] [NEW] qemu-system-sparc in qemu 1.7.0 fails to boot with Sun ROM

[Peter Bartoli]

Public bug reported:


1.7.0 seems to have broken booting on SPARC ... at least with a Sun ROM.  
Everything fails with "data access exception."  1.6.{1,2} qemu-system-sparc 
binaries both boot the same images that 1.7.0 fails to boot.

Type  help  for more information
ok boot disk1
Boot device: /iommu/sbus/espdma@5,840/esp@5,880/sd@1,0  File and args: 
Data Access Exception

Starting with following command:

sudo qemu-system-sparc -m 256 -M SS-5 -nographic -bios 
/home/img/ROMs/sun/ss5-170.bin \
  -prom-env 'boot-device=disk1' -prom-env 'auto-boot?=true' \
  -drive file=/home/doc/VMs/slagheap/sd0.raw,if=scsi,bus=0,unit=3 \
  -drive file=/home/doc/VMs/slagheap/sd1.raw,if=scsi,bus=0,unit=1 \
  -drive file=/home/doc/VMs/slagheap/sd2.raw,if=scsi,bus=0,unit=2 \
  -net nic,macaddr=DE:EE:DD:FF:EE:DD,model=lance \
  -net 
tap,ifname=tap0,script=/home/doc/VMs/slagheap/ifup,downscript=/home/doc/VMs/slagheap/ifdown

** Affects: qemu
 Importance: Undecided
 Status: New

** Attachment added: "qemu-sparc-1.7.txt"
   
https://bugs.launchpad.net/bugs/1262081/+attachment/3931661/+files/qemu-sparc-1.7.txt

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1262081

Title:
  qemu-system-sparc  in qemu 1.7.0 fails to boot with Sun ROM

Status in QEMU:
  New

Bug description:
  
  1.7.0 seems to have broken booting on SPARC ... at least with a Sun ROM.  
Everything fails with "data access exception."  1.6.{1,2} qemu-system-sparc 
binaries both boot the same images that 1.7.0 fails to boot.

  Type  help  for more information
  ok boot disk1
  Boot device: /iommu/sbus/espdma@5,840/esp@5,880/sd@1,0  File and 
args: 
  Data Access Exception

  Starting with following command:

  sudo qemu-system-sparc -m 256 -M SS-5 -nographic -bios 
/home/img/ROMs/sun/ss5-170.bin \
-prom-env 'boot-device=disk1' -prom-env 'auto-boot?=true' \
-drive file=/home/doc/VMs/slagheap/sd0.raw,if=scsi,bus=0,unit=3 \
-drive file=/home/doc/VMs/slagheap/sd1.raw,if=scsi,bus=0,unit=1 \
-drive file=/home/doc/VMs/slagheap/sd2.raw,if=scsi,bus=0,unit=2 \
-net nic,macaddr=DE:EE:DD:FF:EE:DD,model=lance \
-net 
tap,ifname=tap0,script=/home/doc/VMs/slagheap/ifup,downscript=/home/doc/VMs/slagheap/ifdown

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1262081/+subscriptions

Re: [Qemu-devel] [PATCH v2 0/7] target-arm: Support AArch64 KVM

[Christoffer Dall]

On Tue, Dec 17, 2013 at 12:15:15PM +, Peter Maydell wrote:
> This patchset adds support for basic AArch64 KVM VM control;
> it's based on current master. This is a quick resend with the very
> minor nits Christoffer pointed out fixed; I'm planning to put it into
> a target-arm pullreq in the next day or two.
> 
> This patch series supports:
>  * 64 bit KVM VM control
>  * SMP and UP
>  * PSCI boot of secondary CPUs
> It doesn't support:
>  * migration
>  * reset (partly because there's no way to reset a mach-virt system yet)
>  * anything except "-cpu host"
>  * debugging the VM via qemu gdbstub
>  * running 32 bit VMs on a 64 bit system
>[Mian's patchset includes support for that but I have left it out
>for the moment because it needs more thought about UI and so on]

I finally managed to test this on the foundation model.  I verified the
following works:

 - virtio-block
 - virtio-net
 - ssh/shell environemnt in guest
 - apache in guest (tested with apachebench - the model is slow)
 - gcc in guest
 - hackbench in guest (the model is slow)
 - php in guest
 - python in guest

-Christoffer

> 
> Changes v1->v2:
>  * improved a couple of comments
>  * compat string for 64 bit is "arm,arm-v8", not -v7
>  * removed superfluous include of usb.mak and pci.mak from config
> 
> Mian M. Hamayun (2):
>   target-arm: Add minimal KVM AArch64 support
>   hw/arm/boot: Add boot support for AArch64 processor
> 
> Peter Maydell (5):
>   target-arm/kvm: Split 32 bit only code into its own file
>   target-arm: Clean up handling of AArch64 PSTATE
>   configure: Enable KVM for aarch64 host/target combination
>   hw/arm/boot: Allow easier swapping in of different loader code
>   default-configs: Add config for aarch64-softmmu
> 
>  configure   |   2 +-
>  default-configs/aarch64-softmmu.mak |   6 +
>  hw/arm/boot.c   | 193 ++
>  linux-user/signal.c |   6 +-
>  target-arm/Makefile.objs|   2 +
>  target-arm/cpu.c|   6 +
>  target-arm/cpu.h|  70 -
>  target-arm/gdbstub64.c  |   4 +-
>  target-arm/kvm.c| 495 +-
>  target-arm/kvm32.c  | 515 
> 
>  target-arm/kvm64.c  | 204 ++
>  target-arm/translate-a64.c  |  12 +-
>  12 files changed, 954 insertions(+), 561 deletions(-)
>  create mode 100644 default-configs/aarch64-softmmu.mak
>  create mode 100644 target-arm/kvm32.c
>  create mode 100644 target-arm/kvm64.c
> 
> -- 
> 1.8.5
> 

-- 
Christoffer

[Qemu-devel] [PATCH v4 resend] rdma: rename 'x-rdma' => 'rdma'

[mrhines]

From: "Michael R. Hines" 

As far as we can tell, all known bugs have been fixed:

1. Parallel migrations are working
2. IPv6 migration is working
3. virt-test is working

I'm not comfortable sending the revised libvirt patch
until this is accepted or review suggestions are addressed,
(including pin-all support. It does not make sense to
remove experimental for one thing and not the other. That's
too many trips through the libvirt community).

Reviewed-by: Eric Blake 
Signed-off-by: Michael R. Hines 
---
 docs/rdma.txt|   24 ++--
 migration-rdma.c |2 +-
 migration.c  |6 +++---
 qapi-schema.json |7 +++
 4 files changed, 17 insertions(+), 22 deletions(-)

diff --git a/docs/rdma.txt b/docs/rdma.txt
index 2aca63b..1f5d9e9 100644
--- a/docs/rdma.txt
+++ b/docs/rdma.txt
@@ -66,7 +66,7 @@ bulk-phase round of the migration and can be enabled for 
extremely
 high-performance RDMA hardware using the following command:
 
 QEMU Monitor Command:
-$ migrate_set_capability x-rdma-pin-all on # disabled by default
+$ migrate_set_capability rdma-pin-all on # disabled by default
 
 Performing this action will cause all 8GB to be pinned, so if that's
 not what you want, then please ignore this step altogether.
@@ -93,12 +93,12 @@ $ migrate_set_speed 40g # or whatever is the MAX of your 
RDMA device
 
 Next, on the destination machine, add the following to the QEMU command line:
 
-qemu . -incoming x-rdma:host:port
+qemu . -incoming rdma:host:port
 
 Finally, perform the actual migration on the source machine:
 
 QEMU Monitor Command:
-$ migrate -d x-rdma:host:port
+$ migrate -d rdma:host:port
 
 PERFORMANCE
 ===
@@ -120,8 +120,8 @@ For example, in the same 8GB RAM example with all 8GB of 
memory in
 active use and the VM itself is completely idle using the same 40 gbps
 infiniband link:
 
-1. x-rdma-pin-all disabled total time: approximately 7.5 seconds @ 9.5 Gbps
-2. x-rdma-pin-all enabled total time: approximately 4 seconds @ 26 Gbps
+1. rdma-pin-all disabled total time: approximately 7.5 seconds @ 9.5 Gbps
+2. rdma-pin-all enabled total time: approximately 4 seconds @ 26 Gbps
 
 These numbers would of course scale up to whatever size virtual machine
 you have to migrate using RDMA.
@@ -407,18 +407,14 @@ socket is broken during a non-RDMA based migration.
 
 TODO:
 =
-1. 'migrate x-rdma:host:port' and '-incoming x-rdma' options will be
-   renamed to 'rdma' after the experimental phase of this work has
-   completed upstream.
-2. Currently, 'ulimit -l' mlock() limits as well as cgroups swap limits
+1. Currently, 'ulimit -l' mlock() limits as well as cgroups swap limits
are not compatible with infinband memory pinning and will result in
an aborted migration (but with the source VM left unaffected).
-3. Use of the recent /proc//pagemap would likely speed up
+2. Use of the recent /proc//pagemap would likely speed up
the use of KSM and ballooning while using RDMA.
-4. Also, some form of balloon-device usage tracking would also
+3. Also, some form of balloon-device usage tracking would also
help alleviate some issues.
-5. Move UNREGISTER requests to a separate thread.
-6. Use LRU to provide more fine-grained direction of UNREGISTER
+4. Use LRU to provide more fine-grained direction of UNREGISTER
requests for unpinning memory in an overcommitted environment.
-7. Expose UNREGISTER support to the user by way of workload-specific
+5. Expose UNREGISTER support to the user by way of workload-specific
hints about application behavior.
diff --git a/migration-rdma.c b/migration-rdma.c
index f94f3b4..eeb4302 100644
--- a/migration-rdma.c
+++ b/migration-rdma.c
@@ -3412,7 +3412,7 @@ void rdma_start_outgoing_migration(void *opaque,
 }
 
 ret = qemu_rdma_source_init(rdma, &local_err,
-s->enabled_capabilities[MIGRATION_CAPABILITY_X_RDMA_PIN_ALL]);
+s->enabled_capabilities[MIGRATION_CAPABILITY_RDMA_PIN_ALL]);
 
 if (ret) {
 goto err;
diff --git a/migration.c b/migration.c
index 2b1ab20..71356f8 100644
--- a/migration.c
+++ b/migration.c
@@ -81,7 +81,7 @@ void qemu_start_incoming_migration(const char *uri, Error 
**errp)
 if (strstart(uri, "tcp:", &p))
 tcp_start_incoming_migration(p, errp);
 #ifdef CONFIG_RDMA
-else if (strstart(uri, "x-rdma:", &p))
+else if (strstart(uri, "rdma:", &p))
 rdma_start_incoming_migration(p, errp);
 #endif
 #if !defined(WIN32)
@@ -424,7 +424,7 @@ void qmp_migrate(const char *uri, bool has_blk, bool blk,
 if (strstart(uri, "tcp:", &p)) {
 tcp_start_outgoing_migration(s, p, &local_err);
 #ifdef CONFIG_RDMA
-} else if (strstart(uri, "x-rdma:", &p)) {
+} else if (strstart(uri, "rdma:", &p)) {
 rdma_start_outgoing_migration(s, p, &local_err);
 #endif
 #if !defined(WIN32)
@@ -502,7 +502,7 @@ bool migrate_rdma_pin_all(void)
 
 s = migrate_get_current();
 
-return s->enabled_capabilities[MIGRATION_CAPABILITY_X_RDMA_PIN_ALL];
+return s

Re: [Qemu-devel] [PATCH V4] char: restore read callback on a reattached (hotplug) chardev

[Amit Shah]

On (Tue) 17 Dec 2013 [11:12:02], Gal Hammer wrote:
> On 16/12/2013 22:32, Amit Shah wrote:
> >On (Sun) 15 Dec 2013 [12:26:37], Gal Hammer wrote:
> >>Fix a bug that was introduced in commit 386a5a1e. A removal of a device
> >>set the chr handlers to NULL. However when the device is plugged back,
> >>its read callback is not restored so data can't be transferred from the
> >>host to the guest (e.g. via the virtio-serial port).
> >>
> >>https://bugzilla.redhat.com/show_bug.cgi?id=1027181
> >>
> >>Signed-off-by: Gal Hammer 
> >>
> >>---
> >>  qemu-char.c | 17 +++--
> >>  1 file changed, 15 insertions(+), 2 deletions(-)
> >>
> >>V4: - Same as V3, but this time done right.
> >>
> >>V3: - fix a typo in comment.
> >> - move the revision history after the "signed-off-by" tag.
> >>
> >>V2: - do not call chr_update_read_handler on device removal.
> >> - add asserts to verify chr_update_read_handler is not called
> >>   with an assigned fd_in_tag to prevent fd leaks.
> >> - update fd and udp backends' chr_update_read_handler function
> >>   so it won't remove fd_in to prevent a double release.
> >
> >Looks like you missed the pty backend.  Can't blame you -- this
> >chardev stuff is really messy.  pty is doing is own handling + polling
> >+ HUP detection, which really is equally applicable to tcp and udp as
> >well.
> 
> As far as I could tell the pty backend doesn't suffer from this
> issue. That's why I didn't change anything there.

pty_chr_update_read_handler() calls pty_chr_state(), which calls
remove_fd_in_watch().

Amit

Re: [Qemu-devel] outlined TLB lookup on x86

[Xin Tong]

why is QEMU TLB organized based on the modes, e.g. on x86 there are 3
modes. what i think is that there may be conflicts between virtual
addresses and physical addresses. organizing it by modes guarantees
that QEMU does not hit a physical address translation entry when in
user mode and vice versa ?

Thank you,
Xin

On Tue, Dec 17, 2013 at 10:52 PM, Xin Tong  wrote:
> On Sun, Dec 8, 2013 at 2:54 AM, Xin Tong  wrote:
>>
>>
>>
>> On Thu, Nov 28, 2013 at 8:12 AM, Lluís Vilanova  wrote:
>>>
>>> Xin Tong writes:
>>>
>>> > Hi LIuis
>>> > we can probably generate vector intrinsics using the tcg, e.g. add
>>> > support to
>>> > tcg to emit vector instructions directly in code cache
>>>
>>> There was some discussion long ago about adding vector instructions to
>>> TCG, but
>>> I don't remember what was the conclusion.
>>>
>>> Also remember that using vector instructions will "emulate" a
>>> low-associativity
>>> TLB; don't know how much better than a 1-way TLB will that be, though.
>>>
>>>
>>> > why would a larger TLB make some operations slower, the TLB is a
>>> > direct-mapped
>>> > hash and lookup should be O(1) there. In the cputlb, the CPU_TLB_SIZE is
>>> > always
>>> > used to index into the TLB, i.e. (X & (CPU_TLB_SIZE -1)).
>>>
>>> It would make TLB invalidations slower (e.g., see 'tlb_flush' in
>>> "cputlb.c"). And right now QEMU performs full TLB invalidations more
>>> frequently
>>> than the equivalent HW needs to, although I suppose that should be
>>> quantified
>>> too.
>
> I see QEMU executed ~1M instructions per context switch for
> qemu-system-x86_64. Is this because of the fact that the periodical
> time interval interrupt is delivered in real time while QEMU is
> significantly slower than real hw ?
>
> Xin
>
>>>
>> you are right LIuis. QEMU does context switch quite more often that real hw,
>> this is probably primarily due to the fact that QEMU is magnitude slower
>> than real hw.  I am wondering where timer is emulated in QEMU system-x86_64.
>> I imagine the guest OS must program the timers to do interrupt for context
>> switches.
>>
>> Another question, what happens when a vcpu is stuck in an infinite loop ?
>> QEMU must need an timer interrupt somewhere as well ?
>>
>> Is my understanding correct ?
>>
>> Xin
>>>
>>>
>>> Lluis
>>>
>>> --
>>>  "And it's much the same thing with knowledge, for whenever you learn
>>>  something new, the whole world becomes that much richer."
>>>  -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
>>>  Tollbooth
>>
>>

Re: [Qemu-devel] [PATCH V7 0/6] qcow2: rollback the modification on fail in snapshot creation

[Wenchao Xia]

Hello, any comments? I hope to have a new year gift

Re: [Qemu-devel] [PATCHv2] block: add native support for NFS

[Peter Lieven]

> Am 17.12.2013 um 18:32 schrieb "Daniel P. Berrange" :
> 
>> On Tue, Dec 17, 2013 at 10:15:25AM +0100, Peter Lieven wrote:
>> This patch adds native support for accessing images on NFS shares without
>> the requirement to actually mount the entire NFS share on the host.
>> 
>> NFS Images can simply be specified by an url of the form:
>> nfs:
>> 
>> For example:
>> qemu-img create -f qcow2 nfs://10.0.0.1/qemu-images/test.qcow2
> 
> Does it support other config tunables, eg specifying which
> NFS version to use 2/3/4 ? If so will they be available as
> URI parameters in the obvious manner ?

currently only v3 is supported by libnfs. what other tunables would you like to 
see?

> 
> Daniel
> -- 
> |: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org  -o- http://virt-manager.org :|
> |: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCHv2] block: add native support for NFS

[Peter Lieven]

> Am 17.12.2013 um 17:53 schrieb ronnie sahlberg :
> 
> NFSTask
> 
> Task is a very scsi-ish term. Maybe RPC is better ?
> 
> NFSrpc ?

will change it in v3

> 
> 
> 
>> On Tue, Dec 17, 2013 at 1:15 AM, Peter Lieven  wrote:
>> This patch adds native support for accessing images on NFS shares without
>> the requirement to actually mount the entire NFS share on the host.
>> 
>> NFS Images can simply be specified by an url of the form:
>> nfs:
>> 
>> For example:
>> qemu-img create -f qcow2 nfs://10.0.0.1/qemu-images/test.qcow2
>> 
>> You need libnfs from Ronnie Sahlberg available at:
>>   git://github.com/sahlberg/libnfs.git
>> for this to work.
>> 
>> During configure it is automatically probed for libnfs and support
>> is enabled on-the-fly. You can forbid or enforce libnfs support
>> with --disable-libnfs or --enable-libnfs respectively.
>> 
>> Due to NFS restrictions you might need to execute your binaries
>> as root, allow them to open priviledged ports (<1024) or specify
>> insecure option on the NFS server.
>> 
>> Signed-off-by: Peter Lieven 
>> ---
>> v1->v2:
>> - fixed block/Makefile.objs [Ronnie]
>> - do not always register a read handler [Ronnie]
>> - add support for reading beyond EOF [Fam]
>> - fixed struct and paramter naming [Fam]
>> - fixed overlong lines and whitespace errors [Fam]
>> - return return status from libnfs whereever possible [Fam]
>> - added comment why we set allocated_file_size to -ENOTSUP after write [Fam]
>> - avoid segfault when parsing filname [Fam]
>> - remove unused close_bh from NFSClient [Fam]
>> - avoid dividing and mutliplying total_size by BDRV_SECTOR_SIZE in 
>> nfs_file_create [Fam]
>> 
>> MAINTAINERS |5 +
>> block/Makefile.objs |1 +
>> block/nfs.c |  419 
>> +++
>> configure   |   38 +
>> 4 files changed, 463 insertions(+)
>> create mode 100644 block/nfs.c
>> 
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index c19133f..f53d184 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -899,6 +899,11 @@ M: Peter Lieven 
>> S: Supported
>> F: block/iscsi.c
>> 
>> +NFS
>> +M: Peter Lieven 
>> +S: Maintained
>> +F: block/nfs.c
>> +
>> SSH
>> M: Richard W.M. Jones 
>> S: Supported
>> diff --git a/block/Makefile.objs b/block/Makefile.objs
>> index f43ecbc..aa8eaf9 100644
>> --- a/block/Makefile.objs
>> +++ b/block/Makefile.objs
>> @@ -12,6 +12,7 @@ block-obj-$(CONFIG_LINUX_AIO) += linux-aio.o
>> ifeq ($(CONFIG_POSIX),y)
>> block-obj-y += nbd.o sheepdog.o
>> block-obj-$(CONFIG_LIBISCSI) += iscsi.o
>> +block-obj-$(CONFIG_LIBNFS) += nfs.o
>> block-obj-$(CONFIG_CURL) += curl.o
>> block-obj-$(CONFIG_RBD) += rbd.o
>> block-obj-$(CONFIG_GLUSTERFS) += gluster.o
>> diff --git a/block/nfs.c b/block/nfs.c
>> new file mode 100644
>> index 000..006b8cc
>> --- /dev/null
>> +++ b/block/nfs.c
>> @@ -0,0 +1,419 @@
>> +/*
>> + * QEMU Block driver for native access to files on NFS shares
>> + *
>> + * Copyright (c) 2013 Peter Lieven 
>> + *
>> + * Permission is hereby granted, free of charge, to any person obtaining a 
>> copy
>> + * of this software and associated documentation files (the "Software"), to 
>> deal
>> + * in the Software without restriction, including without limitation the 
>> rights
>> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
>> + * copies of the Software, and to permit persons to whom the Software is
>> + * furnished to do so, subject to the following conditions:
>> + *
>> + * The above copyright notice and this permission notice shall be included 
>> in
>> + * all copies or substantial portions of the Software.
>> + *
>> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 
>> OR
>> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
>> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
>> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 
>> OTHER
>> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
>> FROM,
>> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
>> + * THE SOFTWARE.
>> + */
>> +
>> +#include "config-host.h"
>> +
>> +#include 
>> +#include "qemu-common.h"
>> +#include "qemu/config-file.h"
>> +#include "qemu/error-report.h"
>> +#include "block/block_int.h"
>> +#include "trace.h"
>> +#include "qemu/iov.h"
>> +#include "sysemu/sysemu.h"
>> +
>> +#include 
>> +#include 
>> +#include 
>> +#include 
>> +
>> +typedef struct nfsclient {
>> +struct nfs_context *context;
>> +struct nfsfh *fh;
>> +int events;
>> +bool has_zero_init;
>> +int64_t allocated_file_size;
>> +} NFSClient;
>> +
>> +typedef struct NFSTask {
>> +int status;
>> +int complete;
>> +QEMUIOVector *iov;
>> +Coroutine *co;
>> +QEMUBH *bh;
>> +} NFSTask;
>> +
>> +static void nfs_process_read(void *arg);
>> +static void nfs_process_write(void *arg);
>> +
>> +static void nfs_set_events(NF

Re: [Qemu-devel] [PATCHv2] block: add native support for NFS

[Peter Lieven]

> Am 17.12.2013 um 18:28 schrieb ronnie sahlberg :
> 
>> On Tue, Dec 17, 2013 at 9:03 AM, Peter Lieven  wrote:
>>> On 17.12.2013 17:47, Stefan Hajnoczi wrote:
>>> 
>>> On Tue, Dec 17, 2013 at 10:15:25AM +0100, Peter Lieven wrote:
> 
> ...
 +if (nfs_pwrite_async(client->context, client->fh,
 + sector_num * BDRV_SECTOR_SIZE,
 + nb_sectors * BDRV_SECTOR_SIZE,
 + buf, nfs_co_generic_cb, &task) != 0) {
 +g_free(buf);
 +return -EIO;
>>> 
>>> Can we get a more detailed errno here?  (e.g. ENOSPC)
>> 
>> libnfs only returns 0 or -1 if the setup of the call
>> fails. the status code from the RPC is more detailed
>> and available in task.status.
> 
> The *_async() functions only allocates memory and marshalls the
> arguments to the buffer.
> So barring marshalling bugs, it will only fail due to OOM.
> 
> So -ENOMEM is perhaps a better error for when *_async() returns an error.
> That is really the only condition where these functions will fail.

i guess the same applies to libiscsi?!
i will change it in v3 and make a patch for the iscsi driver.

> 
> 
> If *_async() returns success you are guaranteed that
> nfs_co_generic_cb() will be invoked
> and there you can inspect the status argument for more detailed reason why.

[Qemu-devel] converting pci-assign to qerror_report()?

[Laszlo Ersek]

Hi Anthony,

I'm thinking about converting the error reporting in assigned_initfn()
[hw/i386/kvm/pci-assign.c] from error_report() to qerror_report[_err]().

Internally I might use error propagation, but I don't intend to convert
pci-assign from qdev to QOM / true realizefn. (I intend to *re*-try
error propagation up to and thru device_add even less.) So internal
errors wouldn't propagate out of assigned_initfn(), I'd probably consume
them there with qerror_report_err().

Considering your earlier message

  https://lists.nongnu.org/archive/html/qemu-devel/2012-02/msg03102.html

will you NAK such a patch?

(I'll note that this is not a *new* QMP function.)

Thanks!
Laszlo

[Qemu-devel] [PULL 39/62] target-arm: A64: add support for logical (shifted register)

[Peter Maydell]

From: Alexander Graf 

Add support for the instructions described in "C3.5.10 Logical
(shifted register)".

We store the flags in the same locations as the 32 bit decoder.
This is slightly awkward when calculating 64 bit results, but seems
a better tradeoff than having to rework the whole 32 bit decoder
and also make 32 bit result calculation in A64 awkward.

Signed-off-by: Alexander Graf 
[claudio: some refactoring to avoid hidden allocation of temps,
  rework flags, use enums for shift types,
  renaming of functions]
Signed-off-by: Claudio Fontana 
[PMM: Use TCG's andc/orc/eqv ops rather than manually inverting]
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 197 +++--
 1 file changed, 191 insertions(+), 6 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 13eedf4..a459ce6 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -36,7 +36,7 @@
 
 static TCGv_i64 cpu_X[32];
 static TCGv_i64 cpu_pc;
-static TCGv_i32 pstate;
+static TCGv_i32 cpu_NF, cpu_ZF, cpu_CF, cpu_VF;
 
 static const char *regnames[] = {
 "x0", "x1", "x2", "x3", "x4", "x5", "x6", "x7",
@@ -45,6 +45,13 @@ static const char *regnames[] = {
 "x24", "x25", "x26", "x27", "x28", "x29", "lr", "sp"
 };
 
+enum a64_shift_type {
+A64_SHIFT_TYPE_LSL = 0,
+A64_SHIFT_TYPE_LSR = 1,
+A64_SHIFT_TYPE_ASR = 2,
+A64_SHIFT_TYPE_ROR = 3
+};
+
 /* initialize TCG globals.  */
 void a64_translate_init(void)
 {
@@ -59,9 +66,10 @@ void a64_translate_init(void)
   regnames[i]);
 }
 
-pstate = tcg_global_mem_new_i32(TCG_AREG0,
-offsetof(CPUARMState, pstate),
-"pstate");
+cpu_NF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, NF), 
"NF");
+cpu_ZF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, ZF), 
"ZF");
+cpu_CF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, CF), 
"CF");
+cpu_VF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, VF), 
"VF");
 }
 
 void aarch64_cpu_dump_state(CPUState *cs, FILE *f,
@@ -221,6 +229,33 @@ static TCGv_i64 read_cpu_reg(DisasContext *s, int reg, int 
sf)
 return v;
 }
 
+/* Set ZF and NF based on a 64 bit result. This is alas fiddlier
+ * than the 32 bit equivalent.
+ */
+static inline void gen_set_NZ64(TCGv_i64 result)
+{
+TCGv_i64 flag = tcg_temp_new_i64();
+
+tcg_gen_setcondi_i64(TCG_COND_NE, flag, result, 0);
+tcg_gen_trunc_i64_i32(cpu_ZF, flag);
+tcg_gen_shri_i64(flag, result, 32);
+tcg_gen_trunc_i64_i32(cpu_NF, flag);
+tcg_temp_free_i64(flag);
+}
+
+/* Set NZCV as for a logical operation: NZ as per result, CV cleared. */
+static inline void gen_logic_CC(int sf, TCGv_i64 result)
+{
+if (sf) {
+gen_set_NZ64(result);
+} else {
+tcg_gen_trunc_i64_i32(cpu_ZF, result);
+tcg_gen_trunc_i64_i32(cpu_NF, result);
+}
+tcg_gen_movi_i32(cpu_CF, 0);
+tcg_gen_movi_i32(cpu_VF, 0);
+}
+
 /*
  * the instruction disassembly implemented here matches
  * the instruction encoding classifications in chapter 3 (C3)
@@ -682,10 +717,160 @@ static void disas_data_proc_imm(DisasContext *s, 
uint32_t insn)
 }
 }
 
-/* Logical (shifted register) */
+/* Shift a TCGv src by TCGv shift_amount, put result in dst.
+ * Note that it is the caller's responsibility to ensure that the
+ * shift amount is in range (ie 0..31 or 0..63) and provide the ARM
+ * mandated semantics for out of range shifts.
+ */
+static void shift_reg(TCGv_i64 dst, TCGv_i64 src, int sf,
+  enum a64_shift_type shift_type, TCGv_i64 shift_amount)
+{
+switch (shift_type) {
+case A64_SHIFT_TYPE_LSL:
+tcg_gen_shl_i64(dst, src, shift_amount);
+break;
+case A64_SHIFT_TYPE_LSR:
+tcg_gen_shr_i64(dst, src, shift_amount);
+break;
+case A64_SHIFT_TYPE_ASR:
+if (!sf) {
+tcg_gen_ext32s_i64(dst, src);
+}
+tcg_gen_sar_i64(dst, sf ? src : dst, shift_amount);
+break;
+case A64_SHIFT_TYPE_ROR:
+if (sf) {
+tcg_gen_rotr_i64(dst, src, shift_amount);
+} else {
+TCGv_i32 t0, t1;
+t0 = tcg_temp_new_i32();
+t1 = tcg_temp_new_i32();
+tcg_gen_trunc_i64_i32(t0, src);
+tcg_gen_trunc_i64_i32(t1, shift_amount);
+tcg_gen_rotr_i32(t0, t0, t1);
+tcg_gen_extu_i32_i64(dst, t0);
+tcg_temp_free_i32(t0);
+tcg_temp_free_i32(t1);
+}
+break;
+default:
+assert(FALSE); /* all shift types should be handled */
+break;
+}
+
+if (!sf) { /* zero extend final result */
+tcg_gen_ext32u_i64(dst, dst);
+}
+}
+
+/* Shift a TCGv src by immediate, put result in dst.
+ * The shift amount must be in range (this should always

[Qemu-devel] [PULL 02/62] rename pflash_t member width to bank_width

[Peter Maydell]

From: Roy Franz 

Rename the 'width' member of the pflash_t structure
in preparation for adding a bank_width member.

Signed-off-by: Roy Franz 
Reviewed-by: Peter Maydell 
Message-id: 1386279359-32286-2-git-send-email-roy.fr...@linaro.org
Signed-off-by: Peter Maydell 
---
 hw/block/pflash_cfi01.c | 17 +
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 018a967..a0d7a16 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -71,7 +71,7 @@ struct pflash_t {
 BlockDriverState *bs;
 uint32_t nb_blocs;
 uint64_t sector_len;
-uint8_t width;
+uint8_t bank_width;
 uint8_t be;
 uint8_t wcycle; /* if 0, the flash is read normally */
 int ro;
@@ -126,10 +126,11 @@ static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
 ret = -1;
 boff = offset & 0xFF; /* why this here ?? */
 
-if (pfl->width == 2)
+if (pfl->bank_width == 2) {
 boff = boff >> 1;
-else if (pfl->width == 4)
+} else if (pfl->bank_width == 4) {
 boff = boff >> 2;
+}
 
 #if 0
 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n",
@@ -665,7 +666,7 @@ static void pflash_cfi01_realize(DeviceState *dev, Error 
**errp)
 pfl->cfi_table[0x28] = 0x02;
 pfl->cfi_table[0x29] = 0x00;
 /* Max number of bytes in multi-bytes write */
-if (pfl->width == 1) {
+if (pfl->bank_width == 1) {
 pfl->cfi_table[0x2A] = 0x08;
 } else {
 pfl->cfi_table[0x2A] = 0x0B;
@@ -706,7 +707,7 @@ static Property pflash_cfi01_properties[] = {
 DEFINE_PROP_DRIVE("drive", struct pflash_t, bs),
 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0),
-DEFINE_PROP_UINT8("width", struct pflash_t, width, 0),
+DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0),
 DEFINE_PROP_UINT8("big-endian", struct pflash_t, be, 0),
 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
@@ -745,8 +746,8 @@ pflash_t *pflash_cfi01_register(hwaddr base,
 DeviceState *qdev, const char *name,
 hwaddr size,
 BlockDriverState *bs,
-uint32_t sector_len, int nb_blocs, int width,
-uint16_t id0, uint16_t id1,
+uint32_t sector_len, int nb_blocs,
+int bank_width, uint16_t id0, uint16_t id1,
 uint16_t id2, uint16_t id3, int be)
 {
 DeviceState *dev = qdev_create(NULL, TYPE_CFI_PFLASH01);
@@ -756,7 +757,7 @@ pflash_t *pflash_cfi01_register(hwaddr base,
 }
 qdev_prop_set_uint32(dev, "num-blocks", nb_blocs);
 qdev_prop_set_uint64(dev, "sector-length", sector_len);
-qdev_prop_set_uint8(dev, "width", width);
+qdev_prop_set_uint8(dev, "width", bank_width);
 qdev_prop_set_uint8(dev, "big-endian", !!be);
 qdev_prop_set_uint16(dev, "id0", id0);
 qdev_prop_set_uint16(dev, "id1", id1);
-- 
1.8.5

[Qemu-devel] [PULL 17/62] ARM: cpu: add "reset_hivecs" property

[Peter Maydell]

From: Antony Pavlov 

Add an ARM CPU property for the reset value of hivecs as it is a
board/SoC configurable setting.

The existence of the property is conditional on the ARM CPU not being M
class.

Signed-off-by: Antony Pavlov 
Signed-off-by: Peter Crosthwaite 
Message-id: 
b04216c6bda4bd163f44a55bba552d0e8267481f.1387160489.git.peter.crosthwa...@xilinx.com
[ PC Changes:
 * Elaborated commit message
 * refactored to use qdev_property_add_static
]
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Peter Maydell 
---
 target-arm/cpu-qom.h |  1 +
 target-arm/cpu.c | 13 +
 2 files changed, 14 insertions(+)

diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
index f32178a..afbd422 100644
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@@ -139,6 +139,7 @@ typedef struct ARMCPU {
 uint32_t ccsidr[16];
 uint32_t reset_cbar;
 uint32_t reset_auxcr;
+bool reset_hivecs;
 } ARMCPU;
 
 #define TYPE_AARCH64_CPU "aarch64-cpu"
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index fd04b36..3bce1d6 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -235,6 +235,9 @@ static void arm_cpu_initfn(Object *obj)
 static Property arm_cpu_reset_cbar_property =
 DEFINE_PROP_UINT32("reset-cbar", ARMCPU, reset_cbar, 0);
 
+static Property arm_cpu_reset_hivecs_property =
+DEFINE_PROP_BOOL("reset-hivecs", ARMCPU, reset_hivecs, false);
+
 static void arm_cpu_post_init(Object *obj)
 {
 ARMCPU *cpu = ARM_CPU(obj);
@@ -245,6 +248,12 @@ static void arm_cpu_post_init(Object *obj)
  &err);
 assert_no_error(err);
 }
+
+if (!arm_feature(&cpu->env, ARM_FEATURE_M)) {
+qdev_property_add_static(DEVICE(obj), &arm_cpu_reset_hivecs_property,
+ &err);
+assert_no_error(err);
+}
 }
 
 static void arm_cpu_finalizefn(Object *obj)
@@ -307,6 +316,10 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 set_feature(env, ARM_FEATURE_PXN);
 }
 
+if (cpu->reset_hivecs) {
+cpu->reset_sctlr |= (1 << 13);
+}
+
 register_cp_regs_for_features(cpu);
 arm_cpu_register_gdb_regs_for_features(cpu);
 
-- 
1.8.5

Re: [Qemu-devel] [PATCHv2] block: add native support for NFS

[Peter Lieven]

> Am 17.12.2013 um 23:51 schrieb ronnie sahlberg :
> 
>> On Tue, Dec 17, 2013 at 2:36 PM, Peter Lieven  wrote:
>> 
>> 
 Am 17.12.2013 um 18:13 schrieb ronnie sahlberg :
 
 On Tue, Dec 17, 2013 at 9:03 AM, Peter Lieven  wrote:
 On 17.12.2013 17:47, Stefan Hajnoczi wrote:
>>> ...
> Which NFS protocol versions are supported by current libnfs?
 
 Will check that out. Ronnie?
>>> 
>>> It uses NFS v3 only.
>> 
>> should we use nfs3:// for the urls then?
> 
> No, I think we should leave it as nfs://... so that we are compatilbe
> with rfc2224
> 
> Once/if/when I add support for v2 and v4 we can force a protocol
> version using ?version=2
> 
> Then
> nfs://server/foo/bar   would be "use whatever versions the server offers"
> but
> nfs://server/foo/bar?version=2 would become "use version 2 only"

then i would leave it as is and add a comment to the commit message that only 
v3 is supported atm.

[Qemu-devel] [PATCH v3 03/19] bsd-user: move strace OS/arch dependent code to host/arch dirs

[Stacey Son]

This change moves host OS and arch dependent code for the sysarch
system call related to the -strace functionality into the
appropriate host OS and target arch directories.
---
 bsd-user/arm/syscall.h |   36 +++
 bsd-user/arm/target_arch_sysarch.h |   78 ++
 bsd-user/freebsd/os-strace.h   |   29 +
 bsd-user/freebsd/strace.list   |   76 +--
 bsd-user/i386/syscall.h|   23 
 bsd-user/i386/target_arch_sysarch.h|   78 ++
 bsd-user/mips/syscall.h|   52 ++
 bsd-user/mips/target_arch_sysarch.h|   69 +
 bsd-user/mips64/syscall.h  |   53 ++
 bsd-user/mips64/target_arch_sysarch.h  |   69 +
 bsd-user/netbsd/os-strace.h|1 +
 bsd-user/openbsd/os-strace.h   |1 +
 bsd-user/qemu.h|   26 +
 bsd-user/sparc/syscall.h   |   29 +-
 bsd-user/sparc/target_arch_sysarch.h   |   52 ++
 bsd-user/sparc64/syscall.h |   28 +-
 bsd-user/sparc64/target_arch_sysarch.h |   52 ++
 bsd-user/strace.c  |  175 +--
 bsd-user/x86_64/syscall.h  |   26 +-
 bsd-user/x86_64/target_arch_sysarch.h  |   76 ++
 20 files changed, 962 insertions(+), 67 deletions(-)
 create mode 100644 bsd-user/arm/syscall.h
 create mode 100644 bsd-user/arm/target_arch_sysarch.h
 create mode 100644 bsd-user/freebsd/os-strace.h
 create mode 100644 bsd-user/i386/target_arch_sysarch.h
 create mode 100644 bsd-user/mips/syscall.h
 create mode 100644 bsd-user/mips/target_arch_sysarch.h
 create mode 100644 bsd-user/mips64/syscall.h
 create mode 100644 bsd-user/mips64/target_arch_sysarch.h
 create mode 100644 bsd-user/netbsd/os-strace.h
 create mode 100644 bsd-user/openbsd/os-strace.h
 create mode 100644 bsd-user/sparc/target_arch_sysarch.h
 create mode 100644 bsd-user/sparc64/target_arch_sysarch.h
 create mode 100644 bsd-user/x86_64/target_arch_sysarch.h

diff --git a/bsd-user/arm/syscall.h b/bsd-user/arm/syscall.h
new file mode 100644
index 000..bc3d6e6
--- /dev/null
+++ b/bsd-user/arm/syscall.h
@@ -0,0 +1,36 @@
+#ifndef __ARCH_SYSCALL_H_
+#define __ARCH_SYSCALL_H_
+
+struct target_pt_regs {
+abi_long uregs[17];
+};
+
+#define ARM_cpsruregs[16]
+#define ARM_pc  uregs[15]
+#define ARM_lr  uregs[14]
+#define ARM_sp  uregs[13]
+#define ARM_ip  uregs[12]
+#define ARM_fp  uregs[11]
+#define ARM_r10 uregs[10]
+#define ARM_r9  uregs[9]
+#define ARM_r8  uregs[8]
+#define ARM_r7  uregs[7]
+#define ARM_r6  uregs[6]
+#define ARM_r5  uregs[5]
+#define ARM_r4  uregs[4]
+#define ARM_r3  uregs[3]
+#define ARM_r2  uregs[2]
+#define ARM_r1  uregs[1]
+#define ARM_r0  uregs[0]
+
+#define ARM_SYSCALL_BASE0 /* XXX: FreeBSD only */
+
+#define TARGET_FREEBSD_ARM_SYNC_ICACHE  0
+#define TARGET_FREEBSD_ARM_DRAIN_WRITEBUF   1
+#define TARGET_FREEBSD_ARM_SET_TP   2
+#define TARGET_FREEBSD_ARM_GET_TP   3
+
+#define TARGET_HW_MACHINE   "arm"
+#define TARGET_HW_MACHINE_ARCH  "armv6"
+
+#endif /* !__ARCH_SYSCALL_H_ */
diff --git a/bsd-user/arm/target_arch_sysarch.h 
b/bsd-user/arm/target_arch_sysarch.h
new file mode 100644
index 000..96d617a
--- /dev/null
+++ b/bsd-user/arm/target_arch_sysarch.h
@@ -0,0 +1,78 @@
+/*
+ *  arm sysarch() system call emulation
+ *
+ *  Copyright (c) 2013 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef __ARCH_SYSARCH_H_
+#define __ARCH_SYSARCH_H_
+
+#include "syscall.h"
+#include "target_arch.h"
+
+static inline abi_long do_freebsd_arch_sysarch(CPUARMState *env, int op,
+abi_ulong parms)
+{
+int ret = 0;
+
+switch (op) {
+case TARGET_FREEBSD_ARM_SYNC_ICACHE:
+case TARGET_FREEBSD_ARM_DRAIN_WRITEBUF:
+break;
+
+case TARGET_FREEBSD_ARM_SET_TP:
+target_cpu_set_tls(env, parms);
+break;
+
+case TARGET_FREEBSD_ARM_GET_TP:
+ret = target_cpu_get_tls(env);
+break;
+
+default:
+ret = -TARGET_EINVAL;
+break;
+}
+return ret;
+}
+
+static inline void do_freebsd_arch_print_sysarch(
+const struct syscallname *name, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5, abi_lon

Re: [Qemu-devel] [PATCH 2/7] target-arm: Clean up handling of AArch64 PSTATE

[Christoffer Dall]

On Tue, Dec 17, 2013 at 11:42:42AM +, Peter Maydell wrote:
> On 17 December 2013 04:45, Christoffer Dall  
> wrote:
> > I think this could be written slightly more clearly for the uninitiated,
> > but maybe I'm just not qemu-savy enough.
> 
> It was a bit compressed; I've reworded it to:
> /* PSTATE isn't an architectural register for ARMv8. However, it is
>  * convenient for us to assemble the underlying state into a 32 bit format
>  * identical to the architectural format used for the SPSR. (This is also
>  * what the Linux kernel's 'pstate' field in signal handlers and KVM's
>  * 'pstate' register are.) Of the PSTATE bits:
>  *  NZCV are kept in the split out env->CF/VF/NF/ZF, (which have the same
>  *semantics as for AArch32, as described in the comments on each 
> field)
>  *  nRW (also known as M[4]) is kept, inverted, in env->aarch64
>  *  all other bits are stored in their correct places in env->pstate
>  */
> 

Much clearer, thanks!
-- 
Christoffer

[Qemu-devel] [PATCH v3 01/19] bsd-user: refresh freebsd system call numbers

[Stacey Son]

Update FreeBSD system call numbers in freebsd/syscall_nr.h.

Reviewed-by: Ed Maste 
---
 bsd-user/freebsd/syscall_nr.h |  813 ++---
 1 files changed, 445 insertions(+), 368 deletions(-)

diff --git a/bsd-user/freebsd/syscall_nr.h b/bsd-user/freebsd/syscall_nr.h
index 36336ab..d849024 100644
--- a/bsd-user/freebsd/syscall_nr.h
+++ b/bsd-user/freebsd/syscall_nr.h
@@ -1,373 +1,450 @@
 /*
  * System call numbers.
  *
- * $FreeBSD: src/sys/sys/syscall.h,v 1.224 2008/08/24 21:23:08 rwatson Exp $
- * created from FreeBSD: head/sys/kern/syscalls.master 182123 2008-08-24 
21:20:35Z rwatson
+ * created from FreeBSD: releng/9.1/sys/kern/syscalls.master 229723
+ * 2012-01-06 19:29:16Z jhb
  */
 
-#define TARGET_FREEBSD_NR_syscall 0
-#define TARGET_FREEBSD_NR_exit1
-#define TARGET_FREEBSD_NR_fork2
-#define TARGET_FREEBSD_NR_read3
-#define TARGET_FREEBSD_NR_write   4
-#define TARGET_FREEBSD_NR_open5
-#define TARGET_FREEBSD_NR_close   6
-#define TARGET_FREEBSD_NR_wait4   7
-#define TARGET_FREEBSD_NR_link9
-#define TARGET_FREEBSD_NR_unlink  10
-#define TARGET_FREEBSD_NR_chdir   12
-#define TARGET_FREEBSD_NR_fchdir  13
-#define TARGET_FREEBSD_NR_mknod   14
-#define TARGET_FREEBSD_NR_chmod   15
-#define TARGET_FREEBSD_NR_chown   16
-#define TARGET_FREEBSD_NR_break   17
-#define TARGET_FREEBSD_NR_freebsd4_getfsstat  18
-#define TARGET_FREEBSD_NR_getpid  20
-#define TARGET_FREEBSD_NR_mount   21
-#define TARGET_FREEBSD_NR_unmount 22
-#define TARGET_FREEBSD_NR_setuid  23
-#define TARGET_FREEBSD_NR_getuid  24
-#define TARGET_FREEBSD_NR_geteuid 25
-#define TARGET_FREEBSD_NR_ptrace  26
-#define TARGET_FREEBSD_NR_recvmsg 27
-#define TARGET_FREEBSD_NR_sendmsg 28
-#define TARGET_FREEBSD_NR_recvfrom29
-#define TARGET_FREEBSD_NR_accept  30
-#define TARGET_FREEBSD_NR_getpeername 31
-#define TARGET_FREEBSD_NR_getsockname 32
-#define TARGET_FREEBSD_NR_access  33
-#define TARGET_FREEBSD_NR_chflags 34
-#define TARGET_FREEBSD_NR_fchflags35
-#define TARGET_FREEBSD_NR_sync36
-#define TARGET_FREEBSD_NR_kill37
-#define TARGET_FREEBSD_NR_getppid 39
-#define TARGET_FREEBSD_NR_dup 41
-#define TARGET_FREEBSD_NR_pipe42
-#define TARGET_FREEBSD_NR_getegid 43
-#define TARGET_FREEBSD_NR_profil  44
-#define TARGET_FREEBSD_NR_ktrace  45
-#define TARGET_FREEBSD_NR_getgid  47
-#define TARGET_FREEBSD_NR_getlogin49
-#define TARGET_FREEBSD_NR_setlogin50
-#define TARGET_FREEBSD_NR_acct51
-#define TARGET_FREEBSD_NR_sigaltstack 53
-#define TARGET_FREEBSD_NR_ioctl   54
-#define TARGET_FREEBSD_NR_reboot  55
-#define TARGET_FREEBSD_NR_revoke  56
-#define TARGET_FREEBSD_NR_symlink 57
-#define TARGET_FREEBSD_NR_readlink58
-#define TARGET_FREEBSD_NR_execve  59
-#define TARGET_FREEBSD_NR_umask   60
-#define TARGET_FREEBSD_NR_chroot  61
-#define TARGET_FREEBSD_NR_msync   65
-#define TARGET_FREEBSD_NR_vfork   66
-#define TARGET_FREEBSD_NR_sbrk69
-#define TARGET_FREEBSD_NR_sstk70
-#define TARGET_FREEBSD_NR_vadvise 72
-#define TARGET_FREEBSD_NR_munmap  73
-#define TARGET_FREEBSD_NR_mprotect74
-#define TARGET_FREEBSD_NR_madvise 75
-#define TARGET_FREEBSD_NR_mincore 78
-#define TARGET_FREEBSD_NR_getgroups   79
-#define TARGET_FREEBSD_NR_setgroups   80
-#define TARGET_FREEBSD_NR_getpgrp 81
-#define TARGET_FREEBSD_NR_setpgid 82
-#define TARGET_FREEBSD_NR_setitimer   83
-#define TARGET_FREEBSD_NR_swapon  85
-#define TARGET_FREEBSD_NR_getitimer   86
-#define TARGET_FREEBSD_NR_getdtablesize   89
-#define TARGET_FREEBSD_NR_dup290
-#define TARGET_FREEBSD_NR_fcntl   92
-#define TARGET_FREEBSD_NR_select  93
-#define TARGET_FREEBSD_NR_fsync   95
-#define TARGET_FREEBSD_NR_setpriority 96
-#define TARGET_FREEBSD_NR_socket  97
-#define TARGET_FREEBSD_NR_connect 98
-#define TARGET_FREEBSD_NR_getpriority 100
-#define TARGET_FREEBSD_NR_bind104
-#define TARGET_FREEBSD_NR_setsockopt  105
-#define TARGET_FREEBSD_NR_listen  106
-#define TARGET_FREEBSD_NR_gettimeofday116
-#define TARGET_FREEBSD_NR_getrusage   117
-#define TARGET_FREEBSD_NR_getsockopt  118
-#define TARGET_FREEBSD_NR_readv   120
-#define TARGET_FREEBSD_NR_writev  121
-#define TARGET_FREEBSD_NR_settimeofday122
-#define TARGET_FREEBSD_NR_fchown  123
-#define TARGET_FREEBSD_NR_fchmod  124
-#define TARGET_FREEBSD_NR_setreuid126
-#define TARGET_FREEBSD_NR_setregid127
-#define TARGET_FREEBSD_NR_rename  128
-#define TARGET_FREEBSD_NR_flock   131
-#define TARGET_FREEBSD_NR_mkfifo  132
-#define TARGET_FREEBSD_NR_sendto  133
-#define TARGET_FREEBSD_NR_shutdown134
-#define TARGET_FREEBSD_NR_socketpair  135
-#define TARGET_FREEBSD_NR_mkdir   136
-#define TARGET_FREEBSD_NR_rmdir   137
-#define TARGET_FREEBSD_NR_utimes

Re: [Qemu-devel] [PATCH 1/2] xen_backend: introduce xenstore_read_uint64 and xenstore_read_fe_uint64

[Stefano Stabellini]

On Tue, 17 Dec 2013, Peter Maydell wrote:
> On 17 December 2013 17:30, Stefano Stabellini
>  wrote:
> > Signed-off-by: Stefano Stabellini 
> > ---
> >  hw/xen/xen_backend.c |   18 ++
> >  include/hw/xen/xen_backend.h |2 ++
> >  2 files changed, 20 insertions(+)
> >
> > diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
> > index 197795f..5f9be5a 100644
> > --- a/hw/xen/xen_backend.c
> > +++ b/hw/xen/xen_backend.c
> > @@ -112,6 +112,19 @@ int xenstore_read_int(const char *base, const char 
> > *node, int *ival)
> >  return rc;
> >  }
> >
> > +int xenstore_read_uint64(const char *base, const char *node, uint64_t 
> > *uval)
> > +{
> > +char *val;
> > +int rc = -1;
> > +
> > +val = xenstore_read_str(base, node);
> > +if (val && 1 == sscanf(val, "%"PRIu64, uval)) {
> 
> PRIxxx are printf format macros, not scanf format ones. You want
> SCNu64
> 
> http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/inttypes.h.html

Well spotted, thanks.

[Qemu-devel] [PATCH v3 02/19] bsd-user: add HOST_VARIANT_DIR for various *BSD dependent code

[Stacey Son]

This change adds HOST_VARIANT_DIR so the various BSD OS dependent
code can be seperated into its own directories rather than
using #ifdef's.   This may also allow an BSD variant OS to host
another BSD variant's executible as a target.
---
 Makefile.target |3 ++-
 configure   |   11 +++
 2 files changed, 13 insertions(+), 1 deletions(-)

diff --git a/Makefile.target b/Makefile.target
index af6ac7e..1306b24 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -99,7 +99,8 @@ endif #CONFIG_LINUX_USER
 
 ifdef CONFIG_BSD_USER
 
-QEMU_CFLAGS+=-I$(SRC_PATH)/bsd-user -I$(SRC_PATH)/bsd-user/$(TARGET_ABI_DIR)
+QEMU_CFLAGS+=-I$(SRC_PATH)/bsd-user -I$(SRC_PATH)/bsd-user/$(TARGET_ABI_DIR) \
+-I$(SRC_PATH)/bsd-user/$(HOST_VARIANT_DIR)
 
 obj-y += bsd-user/
 obj-y += gdbstub.o user-exec.o
diff --git a/configure b/configure
index edfea95..4e834cf 100755
--- a/configure
+++ b/configure
@@ -465,6 +465,9 @@ fi
 
 # OS specific
 
+# host *BSD for user mode
+HOST_VARIANT_DIR=""
+
 case $targetos in
 CYGWIN*)
   mingw32="yes"
@@ -490,12 +493,14 @@ FreeBSD)
   # needed for kinfo_getvmmap(3) in libutil.h
   LIBS="-lutil $LIBS"
   netmap=""  # enable netmap autodetect
+  HOST_VARIANT_DIR="freebsd"
 ;;
 DragonFly)
   bsd="yes"
   make="${MAKE-gmake}"
   audio_drv_list="oss"
   audio_possible_drivers="oss sdl esd pa"
+  HOST_VARIANT_DIR="dragonfly"
 ;;
 NetBSD)
   bsd="yes"
@@ -503,12 +508,14 @@ NetBSD)
   audio_drv_list="oss"
   audio_possible_drivers="oss sdl esd"
   oss_lib="-lossaudio"
+  HOST_VARIANT_DIR="netbsd"
 ;;
 OpenBSD)
   bsd="yes"
   make="${MAKE-gmake}"
   audio_drv_list="sdl"
   audio_possible_drivers="sdl esd"
+  HOST_VARIANT_DIR="openbsd"
 ;;
 Darwin)
   bsd="yes"
@@ -527,6 +534,7 @@ Darwin)
   # Disable attempts to use ObjectiveC features in os/object.h since they
   # won't work when we're compiling with gcc as a C compiler.
   QEMU_CFLAGS="-DOS_OBJECT_USE_OBJC=0 $QEMU_CFLAGS"
+  HOST_VARIANT_DIR="darwin"
 ;;
 SunOS)
   solaris="yes"
@@ -4538,6 +4546,9 @@ if [ "$TARGET_ABI_DIR" = "" ]; then
   TARGET_ABI_DIR=$TARGET_ARCH
 fi
 echo "TARGET_ABI_DIR=$TARGET_ABI_DIR" >> $config_target_mak
+if [ "$HOST_VARIANT_DIR" != "" ]; then
+echo "HOST_VARIANT_DIR=$HOST_VARIANT_DIR" >> $config_target_mak
+fi
 case "$target_name" in
   i386|x86_64)
 if test "$xen" = "yes" -a "$target_softmmu" = "yes" ; then
-- 
1.7.8

[Qemu-devel] [PULL 07/62] Fix CFI query responses for NOR flash

[Peter Maydell]

From: Roy Franz 

This change fixes the CFI query responses to handle NOR device
widths that are different from the bank width.  Support is also
added for multi-width devices in a x8 configuration.  This is
typically x8/x16 devices, but the CFI specification mentions
x8/x32 devices so those should be supported as well if they
exist.
The query response data is now replicated per-device in the bank,
and is adjusted for x16 or x32 parts configured in x8 mode.

The existing code is left in place for boards that have not
been updated to specify an explicit device_width.  The VExpress
board has been updated in an earlier patch in this series so
this is the only board currently affected.

Signed-off-by: Roy Franz 
Message-id: 1386279359-32286-7-git-send-email-roy.fr...@linaro.org
[PMM: fixed a few formatting nits]
Signed-off-by: Peter Maydell 
---
 hw/block/pflash_cfi01.c | 105 +++-
 1 file changed, 94 insertions(+), 11 deletions(-)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index de7a6c0..8fd50fb 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -119,6 +119,67 @@ static void pflash_timer (void *opaque)
 pfl->cmd = 0;
 }
 
+/* Perform a CFI query based on the bank width of the flash.
+ * If this code is called we know we have a device_width set for
+ * this flash.
+ */
+static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr offset)
+{
+int i;
+uint32_t resp = 0;
+hwaddr boff;
+
+/* Adjust incoming offset to match expected device-width
+ * addressing. CFI query addresses are always specified in terms of
+ * the maximum supported width of the device.  This means that x8
+ * devices and x8/x16 devices in x8 mode behave differently.  For
+ * devices that are not used at their max width, we will be
+ * provided with addresses that use higher address bits than
+ * expected (based on the max width), so we will shift them lower
+ * so that they will match the addresses used when
+ * device_width==max_device_width.
+ */
+boff = offset >> (ctz32(pfl->bank_width) +
+  ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
+
+if (boff > pfl->cfi_len) {
+return 0;
+}
+/* Now we will construct the CFI response generated by a single
+ * device, then replicate that for all devices that make up the
+ * bus.  For wide parts used in x8 mode, CFI query responses
+ * are different than native byte-wide parts.
+ */
+resp = pfl->cfi_table[boff];
+if (pfl->device_width != pfl->max_device_width) {
+/* The only case currently supported is x8 mode for a
+ * wider part.
+ */
+if (pfl->device_width != 1 || pfl->bank_width > 4) {
+DPRINTF("%s: Unsupported device configuration: "
+"device_width=%d, max_device_width=%d\n",
+__func__, pfl->device_width,
+pfl->max_device_width);
+return 0;
+}
+/* CFI query data is repeated, rather than zero padded for
+ * wide devices used in x8 mode.
+ */
+for (i = 1; i < pfl->max_device_width; i++) {
+resp = deposit32(resp, 8 * i, 8, pfl->cfi_table[boff]);
+}
+}
+/* Replicate responses for each device in bank. */
+if (pfl->device_width < pfl->bank_width) {
+for (i = pfl->device_width;
+ i < pfl->bank_width; i += pfl->device_width) {
+resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
+}
+}
+
+return resp;
+}
+
 static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
  int width, int be)
 {
@@ -127,13 +188,6 @@ static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
 uint8_t *p;
 
 ret = -1;
-boff = offset & 0xFF; /* why this here ?? */
-
-if (pfl->bank_width == 2) {
-boff = boff >> 1;
-} else if (pfl->bank_width == 4) {
-boff = boff >> 2;
-}
 
 #if 0
 DPRINTF("%s: reading offset " TARGET_FMT_plx " under cmd %02x width %d\n",
@@ -213,6 +267,13 @@ static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
 DPRINTF("%s: status %x\n", __func__, ret);
 break;
 case 0x90:
+boff = offset & 0xFF;
+if (pfl->bank_width == 2) {
+boff = boff >> 1;
+} else if (pfl->bank_width == 4) {
+boff = boff >> 2;
+}
+
 switch (boff) {
 case 0:
 ret = pfl->ident0 << 8 | pfl->ident1;
@@ -230,10 +291,32 @@ static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
 }
 break;
 case 0x98: /* Query mode */
-if (boff > pfl->cfi_len)
-ret = 0;
-else
-ret = pfl->cfi_table[boff];
+if (!pfl->device_width) {
+/* Preserve old behavior if device width not specified */
+boff = offset & 0xFF;
+if (pfl->bank_width == 2) {

Re: [Qemu-devel] [PATCH 00/11 v3] Refactor PCI/SHPC/PCIE hotplug to use a more generic hotplug API

[Anthony Liguori]

On Tue, Dec 17, 2013 at 4:38 AM, Paolo Bonzini  wrote:
> Il 17/12/2013 00:26, Anthony Liguori ha scritto:
>> Sharing hot plug code is a good thing.  Making hotplug a qdev-level
>> concept seems like a bad thing to me.
>
> Can you explain what you mean?

The question is whether "hotpluggable" as a property applies to all
devices or not.

But hotplug is strictly a bus level concept.  It's a sequence of
events that correspond to what happens when you add a new device to a
bus after power on.

>> The series is a net add of code so I don't think we're winning anything
>> by generalizing here.
>
> Any generalization that's used just once will be a net add of code (and
> this code will be reused by SCSI and x86 memory hotplug at least;
> perhaps x86 CPU hotplug too).

The question is whether there can be code sharing without touching the
base class.  You could certainly have a HotpluggableBusState and then
a HotpluggableDeviceState.

Interfaces would be another option too.

> Any generalization that requires some boilerplate code will be a net add
> of code, too.  QEMU being written in C, we unfortunately cannot avoid that.
>
> So I don't think that lines of code are a good metric.

The general concern is about polluting widely used base classes.  It's
better if we can avoid adding things to DeviceState and Object
whenever possible.

Regards,

Anthony Liguori

> Paolo
>
>> Is there a use-case this enables that isn't possible today?
>>
>> Regards,
>>
>> Anthony Liguori
>>
>>>
>>> Patches 8-11 are should be merged as one and are split only for
>>> simplifying review (they compile fine but PCI hotplug is broken
>>> until the last patch is applyed).
>>>
>>> git tree for testing:
>>> https://github.com/imammedo/qemu/commits/hotplug_dev_inf_v3
>>>
>>> tested only ACPI and PCIE hotplug.
>>>
>>> Hervé Poussineau (1):
>>>   qom: detect bad reentrance during object_class_foreach
>>>
>>> Igor Mammedov (9):
>>>   define hotplug interface
>>>   qdev: add to BusState "hotplug-handler" link
>>>   qdev: add "hotpluggable" property to Device
>>>   hw/acpi: move typeinfo to the file end
>>>   qdev:pci: refactor PCIDevice to use generic "hotpluggable" property
>>>   acpi/piix4pm: convert ACPI PCI hotplug to use hotplug-handler API
>>>   pci/shpc: convert SHPC hotplug to use hotplug-handler API
>>>   pci/pcie: convert PCIE hotplug to use hotplug-handler API
>>>   hw/pci: switch to a generic hotplug handling for PCIDevice
>>>
>>> Paolo Bonzini (1):
>>>   qom: do not register interface "types" in the type table
>>>
>>>  hw/acpi/piix4.c| 151 
>>> ++---
>>>  hw/core/Makefile.objs  |   1 +
>>>  hw/core/hotplug.c  |  48 +
>>>  hw/core/qdev.c |  50 --
>>>  hw/display/cirrus_vga.c|   2 +-
>>>  hw/display/qxl.c   |   2 +-
>>>  hw/display/vga-pci.c   |   2 +-
>>>  hw/display/vmware_vga.c|   2 +-
>>>  hw/i386/acpi-build.c   |   6 +-
>>>  hw/ide/piix.c  |   4 +-
>>>  hw/isa/piix4.c |   2 +-
>>>  hw/pci-bridge/pci_bridge_dev.c |   9 +++
>>>  hw/pci-host/piix.c |   6 +-
>>>  hw/pci/pci.c   |  40 +--
>>>  hw/pci/pcie.c  |  73 +---
>>>  hw/pci/pcie_port.c |   8 +++
>>>  hw/pci/shpc.c  | 133 +++-
>>>  hw/usb/hcd-ehci-pci.c  |   2 +-
>>>  hw/usb/hcd-ohci.c  |   2 +-
>>>  hw/usb/hcd-uhci.c  |   2 +-
>>>  hw/usb/hcd-xhci.c  |   2 +-
>>>  include/hw/hotplug.h   |  75 
>>>  include/hw/pci/pci.h   |  13 
>>>  include/hw/pci/pci_bus.h   |   2 -
>>>  include/hw/pci/pcie.h  |   5 ++
>>>  include/hw/pci/shpc.h  |   8 +++
>>>  include/hw/qdev-core.h |   8 +++
>>>  qom/object.c   |  17 -
>>>  28 files changed, 455 insertions(+), 220 deletions(-)
>>>  create mode 100644 hw/core/hotplug.c
>>>  create mode 100644 include/hw/hotplug.h
>>>
>>> --
>>> 1.8.3.1
>

[Qemu-devel] [PULL 35/62] target-arm: A64: add support for conditional branches

[Peter Maydell]

From: Alexander Graf 

This patch adds emulation for the conditional branch (b.cond) instruction.

Signed-off-by: Alexander Graf 
[claudio: adapted to new decoder structure,
  reused arm infrastructure for checking the flags]
Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 29 +++--
 target-arm/translate.c | 14 +-
 target-arm/translate.h |  2 ++
 3 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index b694665..4eb2992 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -239,10 +239,35 @@ static void disas_test_b_imm(DisasContext *s, uint32_t 
insn)
 unsupported_encoding(s, insn);
 }
 
-/* Conditional branch (immediate) */
+/* C3.2.2 / C5.6.19 Conditional branch (immediate)
+ *  31   25  24  23  5   4  30
+ * +---++-++--+
+ * | 0 1 0 1 0 1 0 | o1 | imm19   | o0 | cond |
+ * +---++-++--+
+ */
 static void disas_cond_b_imm(DisasContext *s, uint32_t insn)
 {
-unsupported_encoding(s, insn);
+unsigned int cond;
+uint64_t addr;
+
+if ((insn & (1 << 4)) || (insn & (1 << 24))) {
+unallocated_encoding(s);
+return;
+}
+addr = s->pc + sextract32(insn, 5, 19) * 4 - 4;
+cond = extract32(insn, 0, 4);
+
+if (cond < 0x0e) {
+/* genuinely conditional branches */
+int label_match = gen_new_label();
+arm_gen_test_cc(cond, label_match);
+gen_goto_tb(s, 0, s->pc);
+gen_set_label(label_match);
+gen_goto_tb(s, 1, addr);
+} else {
+/* 0xe and 0xf are both "always" conditions */
+gen_goto_tb(s, 0, addr);
+}
 }
 
 /* C5.6.68 HINT */
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 679b3c3..1403ecf 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -671,7 +671,11 @@ static void gen_thumb2_parallel_addsub(int op1, int op2, 
TCGv_i32 a, TCGv_i32 b)
 }
 #undef PAS_OP
 
-static void gen_test_cc(int cc, int label)
+/*
+ * generate a conditional branch based on ARM condition code cc.
+ * This is common between ARM and Aarch64 targets.
+ */
+void arm_gen_test_cc(int cc, int label)
 {
 TCGv_i32 tmp;
 int inv;
@@ -7131,7 +7135,7 @@ static void disas_arm_insn(CPUARMState * env, 
DisasContext *s)
 /* if not always execute, we generate a conditional jump to
next instruction */
 s->condlabel = gen_new_label();
-gen_test_cc(cond ^ 1, s->condlabel);
+arm_gen_test_cc(cond ^ 1, s->condlabel);
 s->condjmp = 1;
 }
 if ((insn & 0x0f90) == 0x0300) {
@@ -9148,7 +9152,7 @@ static int disas_thumb2_insn(CPUARMState *env, 
DisasContext *s, uint16_t insn_hw
 op = (insn >> 22) & 0xf;
 /* Generate a conditional jump to next instruction.  */
 s->condlabel = gen_new_label();
-gen_test_cc(op ^ 1, s->condlabel);
+arm_gen_test_cc(op ^ 1, s->condlabel);
 s->condjmp = 1;
 
 /* offset[11:1] = insn[10:0] */
@@ -9505,7 +9509,7 @@ static void disas_thumb_insn(CPUARMState *env, 
DisasContext *s)
 cond = s->condexec_cond;
 if (cond != 0x0e) { /* Skip conditional when condition is AL. */
   s->condlabel = gen_new_label();
-  gen_test_cc(cond ^ 1, s->condlabel);
+  arm_gen_test_cc(cond ^ 1, s->condlabel);
   s->condjmp = 1;
 }
 }
@@ -10178,7 +10182,7 @@ static void disas_thumb_insn(CPUARMState *env, 
DisasContext *s)
 }
 /* generate a conditional jump to next instruction */
 s->condlabel = gen_new_label();
-gen_test_cc(cond ^ 1, s->condlabel);
+arm_gen_test_cc(cond ^ 1, s->condlabel);
 s->condjmp = 1;
 
 /* jump to the offset */
diff --git a/target-arm/translate.h b/target-arm/translate.h
index 23a45da..a6f6b3e 100644
--- a/target-arm/translate.h
+++ b/target-arm/translate.h
@@ -65,4 +65,6 @@ static inline void gen_a64_set_pc_im(uint64_t val)
 }
 #endif
 
+void arm_gen_test_cc(int cc, int label);
+
 #endif /* TARGET_ARM_TRANSLATE_H */
-- 
1.8.5

Re: [Qemu-devel] [PATCH 08/42] input: qapi: add pause key

[Eric Blake]

On 12/16/2013 03:48 AM, Gerd Hoffmann wrote:
> It's missing.
> 
> Signed-off-by: Gerd Hoffmann 
> ---
>  qapi-schema.json | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Another case worth documenting as 'since 2.0', and probably worth
backporting to stable branches.

> 
> diff --git a/qapi-schema.json b/qapi-schema.json
> index 89d8060..56981d9 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -3372,7 +3372,7 @@
>  'kp_9', 'less', 'f11', 'f12', 'print', 'home', 'pgup', 'pgdn', 
> 'end',
>  'left', 'up', 'down', 'right', 'insert', 'delete', 'stop', 
> 'again',
>  'props', 'undo', 'front', 'copy', 'open', 'paste', 'find', 'cut',
> - 'lf', 'help', 'meta_l', 'meta_r', 'compose' ] }
> + 'lf', 'help', 'meta_l', 'meta_r', 'compose', 'pause' ] }
>  
>  ##
>  # @KeyValue
> 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PULL 12/62] arm/highbank: Use object_new() rather than cpu_arm_init()

[Peter Maydell]

From: Peter Crosthwaite 

To allow the machine model to set device properties before CPU
realization.

Signed-off-by: Peter Crosthwaite 
Reviewed-by: Peter Maydell 
Message-id: 
8c671e500390c8be0cc363e887e32867d1d1b0d2.1387160489.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 hw/arm/highbank.c | 12 +---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
index fe98ef1..1d19d8f 100644
--- a/hw/arm/highbank.c
+++ b/hw/arm/highbank.c
@@ -26,6 +26,7 @@
 #include "hw/boards.h"
 #include "sysemu/blockdev.h"
 #include "exec/address-spaces.h"
+#include "qemu/error-report.h"
 
 #define SMP_BOOT_ADDR 0x100
 #define SMP_BOOT_REG  0x40
@@ -229,10 +230,15 @@ static void calxeda_init(QEMUMachineInitArgs *args, enum 
cxmachines machine)
 }
 
 for (n = 0; n < smp_cpus; n++) {
+ObjectClass *oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
 ARMCPU *cpu;
-cpu = cpu_arm_init(cpu_model);
-if (cpu == NULL) {
-fprintf(stderr, "Unable to find CPU definition\n");
+Error *err = NULL;
+
+cpu = ARM_CPU(object_new(object_class_get_name(oc)));
+
+object_property_set_bool(OBJECT(cpu), true, "realized", &err);
+if (err) {
+error_report("%s", error_get_pretty(err));
 exit(1);
 }
 
-- 
1.8.5

[Qemu-devel] [PULL 21/62] target-arm: Add minimal KVM AArch64 support

[Peter Maydell]

From: "Mian M. Hamayun" 

Add the bare minimum set of functions needed for control of an
AArch64 KVM vcpu:
 * CPU initialization
 * minimal get/put register functions which only handle the
   basic state of the CPU

Signed-off-by: Mian M. Hamayun 
Signed-off-by: Peter Maydell 
Message-id: 1385645602-18662-4-git-send-email-peter.mayd...@linaro.org
[PMM: significantly overhauled; most notably:
 * code lives in kvm64.c rather than using #ifdefs
 * support '-cpu host' rather than implicitly using whatever the
   host's CPU is regardless of what the user requests
 * fix bug attempting to get/set nonexistent X[31]
 * fix bug writing 64 bit kernel pstate into uint32_t env field
]
Signed-off-by: Peter Maydell 
Reviewed-by: Christoffer Dall 
---
 target-arm/Makefile.objs |   1 +
 target-arm/kvm.c |   4 +
 target-arm/kvm64.c   | 204 +++
 3 files changed, 209 insertions(+)
 create mode 100644 target-arm/kvm64.c

diff --git a/target-arm/Makefile.objs b/target-arm/Makefile.objs
index 869ecd0..190499f 100644
--- a/target-arm/Makefile.objs
+++ b/target-arm/Makefile.objs
@@ -2,6 +2,7 @@ obj-y += arm-semi.o
 obj-$(CONFIG_SOFTMMU) += machine.o
 obj-$(CONFIG_KVM) += kvm.o
 obj-$(call land,$(CONFIG_KVM),$(call lnot,$(TARGET_AARCH64))) += kvm32.o
+obj-$(call land,$(CONFIG_KVM),$(TARGET_AARCH64)) += kvm64.o
 obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 obj-y += translate.o op_helper.o helper.o cpu.o
 obj-y += neon_helper.o iwmmxt_helper.o
diff --git a/target-arm/kvm.c b/target-arm/kvm.c
index 5cdb3b9..1d2688d 100644
--- a/target-arm/kvm.c
+++ b/target-arm/kvm.c
@@ -128,7 +128,11 @@ static void kvm_arm_host_cpu_initfn(Object *obj)
 
 static const TypeInfo host_arm_cpu_type_info = {
 .name = TYPE_ARM_HOST_CPU,
+#ifdef TARGET_AARCH64
+.parent = TYPE_AARCH64_CPU,
+#else
 .parent = TYPE_ARM_CPU,
+#endif
 .instance_init = kvm_arm_host_cpu_initfn,
 .class_init = kvm_arm_host_cpu_class_init,
 .class_size = sizeof(ARMHostCPUClass),
diff --git a/target-arm/kvm64.c b/target-arm/kvm64.c
new file mode 100644
index 000..1b7ca90
--- /dev/null
+++ b/target-arm/kvm64.c
@@ -0,0 +1,204 @@
+/*
+ * ARM implementation of KVM hooks, 64 bit specific code
+ *
+ * Copyright Mian-M. Hamayun 2013, Virtual Open Systems
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+#include "qemu-common.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/kvm.h"
+#include "kvm_arm.h"
+#include "cpu.h"
+#include "hw/arm/arm.h"
+
+static inline void set_feature(uint64_t *features, int feature)
+{
+*features |= 1ULL << feature;
+}
+
+bool kvm_arm_get_host_cpu_features(ARMHostCPUClass *ahcc)
+{
+/* Identify the feature bits corresponding to the host CPU, and
+ * fill out the ARMHostCPUClass fields accordingly. To do this
+ * we have to create a scratch VM, create a single CPU inside it,
+ * and then query that CPU for the relevant ID registers.
+ * For AArch64 we currently don't care about ID registers at
+ * all; we just want to know the CPU type.
+ */
+int fdarray[3];
+uint64_t features = 0;
+/* Old kernels may not know about the PREFERRED_TARGET ioctl: however
+ * we know these will only support creating one kind of guest CPU,
+ * which is its preferred CPU type. Fortunately these old kernels
+ * support only a very limited number of CPUs.
+ */
+static const uint32_t cpus_to_try[] = {
+KVM_ARM_TARGET_AEM_V8,
+KVM_ARM_TARGET_FOUNDATION_V8,
+KVM_ARM_TARGET_CORTEX_A57,
+QEMU_KVM_ARM_TARGET_NONE
+};
+struct kvm_vcpu_init init;
+
+if (!kvm_arm_create_scratch_host_vcpu(cpus_to_try, fdarray, &init)) {
+return false;
+}
+
+ahcc->target = init.target;
+ahcc->dtb_compatible = "arm,arm-v8";
+
+kvm_arm_destroy_scratch_host_vcpu(fdarray);
+
+   /* We can assume any KVM supporting CPU is at least a v8
+ * with VFPv4+Neon; this in turn implies most of the other
+ * feature bits.
+ */
+set_feature(&features, ARM_FEATURE_V8);
+set_feature(&features, ARM_FEATURE_VFP4);
+set_feature(&features, ARM_FEATURE_NEON);
+set_feature(&features, ARM_FEATURE_AARCH64);
+
+ahcc->features = features;
+
+return true;
+}
+
+int kvm_arch_init_vcpu(CPUState *cs)
+{
+ARMCPU *cpu = ARM_CPU(cs);
+struct kvm_vcpu_init init;
+int ret;
+
+if (cpu->kvm_target == QEMU_KVM_ARM_TARGET_NONE ||
+!arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
+fprintf(stderr, "KVM is not supported for this guest CPU type\n");
+return -EINVAL;
+}
+
+init.target = cpu->kvm_target;
+memset(init.features, 0, sizeof(init.features));
+if (cpu->start_powered_off) {
+init.features[0] = 1 << KVM_ARM_VCPU_POWER_OFF;
+}
+ret = kvm_vcpu_ioctl(cs, KVM_ARM_

Re: [Qemu-devel] [PATCHv2] block: add native support for NFS

[ronnie sahlberg]

On Tue, Dec 17, 2013 at 2:36 PM, Peter Lieven  wrote:
>
>
>> Am 17.12.2013 um 18:13 schrieb ronnie sahlberg :
>>
>>> On Tue, Dec 17, 2013 at 9:03 AM, Peter Lieven  wrote:
>>> On 17.12.2013 17:47, Stefan Hajnoczi wrote:
>> ...
 Which NFS protocol versions are supported by current libnfs?
>>>
>>> Will check that out. Ronnie?
>>
>> It uses NFS v3 only.
>
> should we use nfs3:// for the urls then?

No, I think we should leave it as nfs://... so that we are compatilbe
with rfc2224

Once/if/when I add support for v2 and v4 we can force a protocol
version using ?version=2

Then
nfs://server/foo/bar   would be "use whatever versions the server offers"
but
nfs://server/foo/bar?version=2 would become "use version 2 only"

[Qemu-devel] [PULL 59/62] hw/intc: add allwinner A10 interrupt controller

[Peter Maydell]

From: liguang 

Signed-off-by: liguang 
Reviewed-by: Peter Crosthwaite 
Reviewed-by: Peter Maydell 
Message-id: 1387159292-10436-4-git-send-email-lig.f...@cn.fujitsu.com
Signed-off-by: Peter Maydell 
---
 default-configs/arm-softmmu.mak |   1 +
 hw/intc/Makefile.objs   |   1 +
 hw/intc/allwinner-a10-pic.c | 200 
 include/hw/intc/allwinner-a10-pic.h |  40 
 4 files changed, 242 insertions(+)
 create mode 100644 hw/intc/allwinner-a10-pic.c
 create mode 100644 include/hw/intc/allwinner-a10-pic.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 14c68b4..216651e 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -85,3 +85,4 @@ CONFIG_SDHCI=y
 CONFIG_INTEGRATOR_DEBUG=y
 
 CONFIG_ALLWINNER_A10_PIT=y
+CONFIG_ALLWINNER_A10_PIC=y
diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 47ac442..60eb936 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -24,3 +24,4 @@ obj-$(CONFIG_OPENPIC_KVM) += openpic_kvm.o
 obj-$(CONFIG_SH4) += sh_intc.o
 obj-$(CONFIG_XICS) += xics.o
 obj-$(CONFIG_XICS_KVM) += xics_kvm.o
+obj-$(CONFIG_ALLWINNER_A10_PIC) += allwinner-a10-pic.o
diff --git a/hw/intc/allwinner-a10-pic.c b/hw/intc/allwinner-a10-pic.c
new file mode 100644
index 000..407d563
--- /dev/null
+++ b/hw/intc/allwinner-a10-pic.c
@@ -0,0 +1,200 @@
+/*
+ * Allwinner A10 interrupt controller device emulation
+ *
+ * Copyright (C) 2013 Li Guang
+ * Written by Li Guang 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/devices.h"
+#include "sysemu/sysemu.h"
+#include "hw/intc/allwinner-a10-pic.h"
+
+static void aw_a10_pic_update(AwA10PICState *s)
+{
+uint8_t i;
+int irq = 0, fiq = 0;
+
+for (i = 0; i < AW_A10_PIC_REG_NUM; i++) {
+irq |= s->irq_pending[i] & ~s->mask[i];
+fiq |= s->select[i] & s->irq_pending[i] & ~s->mask[i];
+}
+
+qemu_set_irq(s->parent_irq, !!irq);
+qemu_set_irq(s->parent_fiq, !!fiq);
+}
+
+static void aw_a10_pic_set_irq(void *opaque, int irq, int level)
+{
+AwA10PICState *s = opaque;
+
+if (level) {
+set_bit(irq % 32, (void *)&s->irq_pending[irq / 32]);
+}
+aw_a10_pic_update(s);
+}
+
+static uint64_t aw_a10_pic_read(void *opaque, hwaddr offset, unsigned size)
+{
+AwA10PICState *s = opaque;
+uint8_t index = (offset & 0xc) / 4;
+
+switch (offset) {
+case AW_A10_PIC_VECTOR:
+return s->vector;
+case AW_A10_PIC_BASE_ADDR:
+return s->base_addr;
+case AW_A10_PIC_PROTECT:
+return s->protect;
+case AW_A10_PIC_NMI:
+return s->nmi;
+case AW_A10_PIC_IRQ_PENDING ... AW_A10_PIC_IRQ_PENDING + 8:
+return s->irq_pending[index];
+case AW_A10_PIC_FIQ_PENDING ... AW_A10_PIC_FIQ_PENDING + 8:
+return s->fiq_pending[index];
+case AW_A10_PIC_SELECT ... AW_A10_PIC_SELECT + 8:
+return s->select[index];
+case AW_A10_PIC_ENABLE ... AW_A10_PIC_ENABLE + 8:
+return s->enable[index];
+case AW_A10_PIC_MASK ... AW_A10_PIC_MASK + 8:
+return s->mask[index];
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: Bad offset 0x%x\n",  __func__, (int)offset);
+break;
+}
+
+return 0;
+}
+
+static void aw_a10_pic_write(void *opaque, hwaddr offset, uint64_t value,
+ unsigned size)
+{
+AwA10PICState *s = opaque;
+uint8_t index = (offset & 0xc) / 4;
+
+switch (offset) {
+case AW_A10_PIC_VECTOR:
+s->vector = value & ~0x3;
+break;
+case AW_A10_PIC_BASE_ADDR:
+s->base_addr = value & ~0x3;
+case AW_A10_PIC_PROTECT:
+s->protect = value;
+break;
+case AW_A10_PIC_NMI:
+s->nmi = value;
+break;
+case AW_A10_PIC_IRQ_PENDING ... AW_A10_PIC_IRQ_PENDING + 8:
+s->irq_pending[index] &= ~value;
+break;
+case AW_A10_PIC_FIQ_PENDING ... AW_A10_PIC_FIQ_PENDING + 8:
+s->fiq_pending[index] &= ~value;
+break;
+case AW_A10_PIC_SELECT ... AW_A10_PIC_SELECT + 8:
+s->select[index] = value;
+break;
+case AW_A10_PIC_ENABLE ... AW_A10_PIC_ENABLE + 8:
+s->enable[index] = value;
+break;
+case AW_A10_PIC_MASK ... AW_A10_PIC_MASK + 8:
+s->mask[index] = value;
+break;
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: Bad offset 0x%x\n",  __func__, (int)offset);
+ 

[Qemu-devel] [PULL 40/62] target-arm: A64: add support for ADR and ADRP

[Peter Maydell]

From: Alexander Graf 

Add support for the instructions described in
"C3.4.6 PC-rel. addressing" (ADR and ADRP).

Signed-off-by: Alexander Graf 
[claudio: adapted to new decoder structure]
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Peter Maydell 
---
 target-arm/translate-a64.c | 25 +++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index a459ce6..9677d01 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -653,10 +653,31 @@ static void disas_ldst(DisasContext *s, uint32_t insn)
 }
 }
 
-/* PC-rel. addressing */
+/* C3.4.6 PC-rel. addressing
+ *   31  30   29 28   24 235 40
+ * ++---+---+---+--+
+ * | op | immlo | 1 0 0 0 0 |   immhi   |  Rd  |
+ * ++---+---+---+--+
+ */
 static void disas_pc_rel_adr(DisasContext *s, uint32_t insn)
 {
-unsupported_encoding(s, insn);
+unsigned int page, rd;
+uint64_t base;
+int64_t offset;
+
+page = extract32(insn, 31, 1);
+/* SignExtend(immhi:immlo) -> offset */
+offset = ((int64_t)sextract32(insn, 5, 19) << 2) | extract32(insn, 29, 2);
+rd = extract32(insn, 0, 5);
+base = s->pc - 4;
+
+if (page) {
+/* ADRP (page based) */
+base &= ~0xfff;
+offset <<= 12;
+}
+
+tcg_gen_movi_i64(cpu_reg(s, rd), base + offset);
 }
 
 /* Add/subtract (immediate) */
-- 
1.8.5

[Qemu-devel] [PATCH 8/8] s390x/ioinst: CHSC has to set a condition code

[Jens Freimann]

From: Thomas Huth 

I missed to set the CC in the CHSC instruction when I refactored
the CC setting in the IO instructions with the following commit:
5d9bf1c07c1369ab3506fc82cc65a10f4415d867
s390/ioinst: Moved the CC setting to the IO instruction handlers
This patch now restores the correct behaviour of CHSC by setting the
condition code 0 at the end of the instruction.

Signed-off-by: Thomas Huth 
Reviewed-by: Cornelia Huck 
Signed-off-by: Jens Freimann 
---
 target-s390x/ioinst.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target-s390x/ioinst.c b/target-s390x/ioinst.c
index 8d6363d..b8a6486 100644
--- a/target-s390x/ioinst.c
+++ b/target-s390x/ioinst.c
@@ -622,6 +622,7 @@ void ioinst_handle_chsc(S390CPU *cpu, uint32_t ipb)
 break;
 }
 
+setcc(cpu, 0);/* Command execution complete */
 out:
 s390_cpu_physical_memory_unmap(env, req, map_size, 1);
 }
-- 
1.8.3.4

[Qemu-devel] [PATCH v3 16/19] bsd-user: add support for extattr and ACL related syscalls

[Stacey Son]

This change add support for extended attribute and Access
Control List (ACL) related system calls including extattrctl(),
extattr_set_file(2), extattr_delete_file(2), extattr_set_fd(2),
extattr_get_fd(2), extattr_delete_fd(2), extattr_get_link(2),
extattr_set_link(2), extattr_delete_link(2), extattr_list_fd(2),
extattr_list_file(2), extattr_list_link(2), __acl_aclcheck_fd(),
__acl_aclcheck_file(), __acl_aclcheck_link(), __acl_delete_fd(),
__acl_delete_file(), __acl_delete_link(), __acl_get_fd(),
__acl_get_file(), __acl_get_link(), __acl_get_fd(),
__acl_set_file(), and __acl_set_link().
---
 bsd-user/Makefile.objs|2 +-
 bsd-user/freebsd/os-extattr.c |  118 
 bsd-user/freebsd/os-extattr.h |  654 +
 bsd-user/freebsd/qemu-os.h|6 +
 bsd-user/netbsd/os-extattr.h  |  247 
 bsd-user/openbsd/os-extattr.h |  247 
 bsd-user/syscall.c|  104 +++
 7 files changed, 1377 insertions(+), 1 deletions(-)
 create mode 100644 bsd-user/freebsd/os-extattr.c
 create mode 100644 bsd-user/freebsd/os-extattr.h
 create mode 100644 bsd-user/netbsd/os-extattr.h
 create mode 100644 bsd-user/openbsd/os-extattr.h

diff --git a/bsd-user/Makefile.objs b/bsd-user/Makefile.objs
index a6dba89..d2e005b 100644
--- a/bsd-user/Makefile.objs
+++ b/bsd-user/Makefile.objs
@@ -1,6 +1,6 @@
 obj-y = main.o bsdload.o elfload.o mmap.o signal.o strace.o syscall.o \
uaccess.o bsd-ioctl.o bsd-mem.o bsd-proc.o bsd-socket.o \
-   $(HOST_VARIANT_DIR)/os-proc.o \
+   $(HOST_VARIANT_DIR)/os-extattr.o 
$(HOST_VARIANT_DIR)/os-proc.o \
$(HOST_VARIANT_DIR)/os-socket.o 
$(HOST_VARIANT_DIR)/os-stat.o \
$(HOST_VARIANT_DIR)/os-sys.o 
$(HOST_VARIANT_DIR)/os-thread.o \
$(HOST_VARIANT_DIR)/os-time.o 
$(TARGET_ABI_DIR)/target_arch_cpu.o
diff --git a/bsd-user/freebsd/os-extattr.c b/bsd-user/freebsd/os-extattr.c
new file mode 100644
index 000..95e7b24
--- /dev/null
+++ b/bsd-user/freebsd/os-extattr.c
@@ -0,0 +1,118 @@
+/*
+ *  FreeBSD extend attributes and ACL conversions
+ *
+ *  Copyright (c) 2013 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include 
+#ifndef _ACL_PRIVATE
+#define _ACL_PRIVATE
+#endif
+#include 
+
+#include "qemu.h"
+#include "qemu-os.h"
+
+/*
+ * FreeBSD ACL conversion.
+ */
+abi_long t2h_freebsd_acl(struct acl *host_acl, abi_ulong target_addr)
+{
+uint32_t i;
+struct target_freebsd_acl *target_acl;
+
+if (!lock_user_struct(VERIFY_READ, target_acl, target_addr, 1)) {
+return -TARGET_EFAULT;
+}
+__get_user(host_acl->acl_maxcnt, &target_acl->acl_maxcnt);
+__get_user(host_acl->acl_cnt, &target_acl->acl_cnt);
+
+for (i = 0; i < host_acl->acl_maxcnt; i++) {
+__get_user(host_acl->acl_entry[i].ae_tag,
+&target_acl->acl_entry[i].ae_tag);
+__get_user(host_acl->acl_entry[i].ae_id,
+&target_acl->acl_entry[i].ae_id);
+__get_user(host_acl->acl_entry[i].ae_perm,
+&target_acl->acl_entry[i].ae_perm);
+__get_user(host_acl->acl_entry[i].ae_entry_type,
+&target_acl->acl_entry[i].ae_entry_type);
+__get_user(host_acl->acl_entry[i].ae_flags,
+&target_acl->acl_entry[i].ae_flags);
+}
+
+unlock_user_struct(target_acl, target_addr, 0);
+return 0;
+}
+
+abi_long h2t_freebsd_acl(abi_ulong target_addr, struct acl *host_acl)
+{
+uint32_t i;
+struct target_freebsd_acl *target_acl;
+
+if (!lock_user_struct(VERIFY_WRITE, target_acl, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+
+__put_user(host_acl->acl_maxcnt, &target_acl->acl_maxcnt);
+__put_user(host_acl->acl_cnt, &target_acl->acl_cnt);
+
+for (i = 0; i < host_acl->acl_maxcnt; i++) {
+__put_user(host_acl->acl_entry[i].ae_tag,
+&target_acl->acl_entry[i].ae_tag);
+__put_user(host_acl->acl_entry[i].ae_id,
+&target_acl->acl_entry[i].ae_id);
+__put_user(host_acl->acl_entry[i].ae_perm,
+&target_acl->acl_entry[i].ae_perm);
+__put_user(host_acl->acl_entry[i].ae_entry_type,
+&target_acl->acl_entry[i].ae_entry_type);
+__put_user(host_acl->acl_entry[i].ae_flags,
+&target_acl->acl_entry[i]

[Qemu-devel] [PULL 26/62] target-arm: Split A64 from A32/T32 gen_intermediate_code_internal()

[Peter Maydell]

The A32/T32 gen_intermediate_code_internal() is complicated because it
has to deal with:
 * conditionally executed instructions
 * Thumb IT blocks
 * kernel helper page
 * M profile exception-exit special casing

None of these apply to A64, so putting the "this is A64 so
call the A64 decoder" check in the middle of the A32/T32
loop is confusing and means the A64 decoder's handling of
things like conditional jump and singlestepping has to take
account of the conditional-execution jumps the main loop
might emit.

Refactor the code to give A64 its own gen_intermediate_code_internal
function instead.

Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 209 +++--
 target-arm/translate.c |  62 ++
 target-arm/translate.h |  20 -
 3 files changed, 246 insertions(+), 45 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 932b601..a713137 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -28,6 +28,8 @@
 #include "translate.h"
 #include "qemu/host-utils.h"
 
+#include "exec/gen-icount.h"
+
 #include "helper.h"
 #define GEN_HELPER 1
 #include "helper.h"
@@ -106,7 +108,42 @@ static void gen_exception_insn(DisasContext *s, int 
offset, int excp)
 {
 gen_a64_set_pc_im(s->pc - offset);
 gen_exception(excp);
-s->is_jmp = DISAS_JUMP;
+s->is_jmp = DISAS_EXC;
+}
+
+static inline bool use_goto_tb(DisasContext *s, int n, uint64_t dest)
+{
+/* No direct tb linking with singlestep or deterministic io */
+if (s->singlestep_enabled || (s->tb->cflags & CF_LAST_IO)) {
+return false;
+}
+
+/* Only link tbs from inside the same guest page */
+if ((s->tb->pc & TARGET_PAGE_MASK) != (dest & TARGET_PAGE_MASK)) {
+return false;
+}
+
+return true;
+}
+
+static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
+{
+TranslationBlock *tb;
+
+tb = s->tb;
+if (use_goto_tb(s, n, dest)) {
+tcg_gen_goto_tb(n);
+gen_a64_set_pc_im(dest);
+tcg_gen_exit_tb((tcg_target_long)tb + n);
+s->is_jmp = DISAS_TB_JUMP;
+} else {
+gen_a64_set_pc_im(dest);
+if (s->singlestep_enabled) {
+gen_exception(EXCP_DEBUG);
+}
+tcg_gen_exit_tb(0);
+s->is_jmp = DISAS_JUMP;
+}
 }
 
 static void real_unallocated_encoding(DisasContext *s)
@@ -120,7 +157,7 @@ static void real_unallocated_encoding(DisasContext *s)
 real_unallocated_encoding(s); \
 } while (0)
 
-void disas_a64_insn(CPUARMState *env, DisasContext *s)
+static void disas_a64_insn(CPUARMState *env, DisasContext *s)
 {
 uint32_t insn;
 
@@ -133,9 +170,171 @@ void disas_a64_insn(CPUARMState *env, DisasContext *s)
 unallocated_encoding(s);
 break;
 }
+}
 
-if (unlikely(s->singlestep_enabled) && (s->is_jmp == DISAS_TB_JUMP)) {
-/* go through the main loop for single step */
-s->is_jmp = DISAS_JUMP;
+void gen_intermediate_code_internal_a64(ARMCPU *cpu,
+TranslationBlock *tb,
+bool search_pc)
+{
+CPUState *cs = CPU(cpu);
+CPUARMState *env = &cpu->env;
+DisasContext dc1, *dc = &dc1;
+CPUBreakpoint *bp;
+uint16_t *gen_opc_end;
+int j, lj;
+target_ulong pc_start;
+target_ulong next_page_start;
+int num_insns;
+int max_insns;
+
+pc_start = tb->pc;
+
+dc->tb = tb;
+
+gen_opc_end = tcg_ctx.gen_opc_buf + OPC_MAX_SIZE;
+
+dc->is_jmp = DISAS_NEXT;
+dc->pc = pc_start;
+dc->singlestep_enabled = cs->singlestep_enabled;
+dc->condjmp = 0;
+
+dc->aarch64 = 1;
+dc->thumb = 0;
+dc->bswap_code = 0;
+dc->condexec_mask = 0;
+dc->condexec_cond = 0;
+#if !defined(CONFIG_USER_ONLY)
+dc->user = 0;
+#endif
+dc->vfp_enabled = 0;
+dc->vec_len = 0;
+dc->vec_stride = 0;
+
+next_page_start = (pc_start & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
+lj = -1;
+num_insns = 0;
+max_insns = tb->cflags & CF_COUNT_MASK;
+if (max_insns == 0) {
+max_insns = CF_COUNT_MASK;
+}
+
+gen_tb_start();
+
+tcg_clear_temp_count();
+
+do {
+if (unlikely(!QTAILQ_EMPTY(&env->breakpoints))) {
+QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
+if (bp->pc == dc->pc) {
+gen_exception_insn(dc, 0, EXCP_DEBUG);
+/* Advance PC so that clearing the breakpoint will
+   invalidate this TB.  */
+dc->pc += 2;
+goto done_generating;
+}
+}
+}
+
+if (search_pc) {
+j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
+if (lj < j) {
+lj++;
+while (lj < j) {
+tcg_ctx.gen_opc_instr_start[lj++] = 0;
+}
+}
+

[Qemu-devel] [PULL 60/62] hw/arm: add allwinner a10 SoC support

[Peter Maydell]

From: liguang 

Signed-off-by: liguang 
Reviewed-by: Peter Crosthwaite 
Message-id: 1387159292-10436-5-git-send-email-lig.f...@cn.fujitsu.com
Signed-off-by: Peter Maydell 
---
 default-configs/arm-softmmu.mak |   1 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/allwinner-a10.c  | 103 
 include/hw/arm/allwinner-a10.h  |  35 ++
 4 files changed, 140 insertions(+)
 create mode 100644 hw/arm/allwinner-a10.c
 create mode 100644 include/hw/arm/allwinner-a10.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 216651e..ce1d620 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -86,3 +86,4 @@ CONFIG_INTEGRATOR_DEBUG=y
 
 CONFIG_ALLWINNER_A10_PIT=y
 CONFIG_ALLWINNER_A10_PIC=y
+CONFIG_ALLWINNER_A10=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index d7d37f2..fab30a7 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -7,3 +7,4 @@ obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o 
z2.o
 obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
 obj-$(CONFIG_DIGIC) += digic.o
 obj-y += omap1.o omap2.o strongarm.o
+obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o
diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
new file mode 100644
index 000..4658e19
--- /dev/null
+++ b/hw/arm/allwinner-a10.c
@@ -0,0 +1,103 @@
+/*
+ * Allwinner A10 SoC emulation
+ *
+ * Copyright (C) 2013 Li Guang
+ * Written by Li Guang 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/devices.h"
+#include "hw/arm/allwinner-a10.h"
+
+static void aw_a10_init(Object *obj)
+{
+AwA10State *s = AW_A10(obj);
+
+object_initialize(&s->cpu, sizeof(s->cpu), "cortex-a8-" TYPE_ARM_CPU);
+object_property_add_child(obj, "cpu", OBJECT(&s->cpu), NULL);
+
+object_initialize(&s->intc, sizeof(s->intc), TYPE_AW_A10_PIC);
+qdev_set_parent_bus(DEVICE(&s->intc), sysbus_get_default());
+
+object_initialize(&s->timer, sizeof(s->timer), TYPE_AW_A10_PIT);
+qdev_set_parent_bus(DEVICE(&s->timer), sysbus_get_default());
+}
+
+static void aw_a10_realize(DeviceState *dev, Error **errp)
+{
+AwA10State *s = AW_A10(dev);
+SysBusDevice *sysbusdev;
+uint8_t i;
+qemu_irq fiq, irq;
+Error *err = NULL;
+
+object_property_set_bool(OBJECT(&s->cpu), true, "realized", &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
+}
+irq = qdev_get_gpio_in(DEVICE(&s->cpu), ARM_CPU_IRQ);
+fiq = qdev_get_gpio_in(DEVICE(&s->cpu), ARM_CPU_FIQ);
+
+object_property_set_bool(OBJECT(&s->intc), true, "realized", &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
+}
+sysbusdev = SYS_BUS_DEVICE(&s->intc);
+sysbus_mmio_map(sysbusdev, 0, AW_A10_PIC_REG_BASE);
+sysbus_connect_irq(sysbusdev, 0, irq);
+sysbus_connect_irq(sysbusdev, 1, fiq);
+for (i = 0; i < AW_A10_PIC_INT_NR; i++) {
+s->irq[i] = qdev_get_gpio_in(DEVICE(&s->intc), i);
+}
+
+object_property_set_bool(OBJECT(&s->timer), true, "realized", &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
+}
+sysbusdev = SYS_BUS_DEVICE(&s->timer);
+sysbus_mmio_map(sysbusdev, 0, AW_A10_PIT_REG_BASE);
+sysbus_connect_irq(sysbusdev, 0, s->irq[22]);
+sysbus_connect_irq(sysbusdev, 1, s->irq[23]);
+sysbus_connect_irq(sysbusdev, 2, s->irq[24]);
+sysbus_connect_irq(sysbusdev, 3, s->irq[25]);
+sysbus_connect_irq(sysbusdev, 4, s->irq[67]);
+sysbus_connect_irq(sysbusdev, 5, s->irq[68]);
+
+serial_mm_init(get_system_memory(), AW_A10_UART0_REG_BASE, 2, s->irq[1],
+   115200, serial_hds[0], DEVICE_NATIVE_ENDIAN);
+}
+
+static void aw_a10_class_init(ObjectClass *oc, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(oc);
+
+dc->realize = aw_a10_realize;
+}
+
+static const TypeInfo aw_a10_type_info = {
+.name = TYPE_AW_A10,
+.parent = TYPE_DEVICE,
+.instance_size = sizeof(AwA10State),
+.instance_init = aw_a10_init,
+.class_init = aw_a10_class_init,
+};
+
+static void aw_a10_register_types(void)
+{
+type_register_static(&aw_a10_type_info);
+}
+
+type_init(aw_a10_register_types)
diff --git a/include/hw/arm/allwinner-a10.h b/include/hw/arm/allwinner-a10.h
new file mode 100644
index 000..da36647
--- /dev/null
+++ b/include/hw/arm/allwinner-a10.h
@@ -0,0 +1,35 @@
+#ifndef ALLWINNER_H_
+
+#include "qemu-common.h"
+#i

[Qemu-devel] [PULL 08/62] Fix NOR flash device ID reading

[Peter Maydell]

From: Roy Franz 

Fix NOR flash manufacturer and device ID reading.  This now
properly takes into account device widths and device max widths
as required.  The reading of these IDs uses the same max_width
dependent addressing as CFI queries.

The old code remains for chips that don't specify a device width,
as the new code relies on a device width being set in order to
properly operate.  The existing code seems very broken.

Only ident0 and ident1 are used in the new code, as other fields
relate to the lock state of blocks in flash.

The VExpress flash configuration has been updated to match
the new code, as the existing definition was 'wrong' in order
to return the expected results with the broken device ID code.

Signed-off-by: Roy Franz 
Message-id: 1386279359-32286-8-git-send-email-roy.fr...@linaro.org
Signed-off-by: Peter Maydell 
---
 hw/arm/vexpress.c   |   6 +--
 hw/block/pflash_cfi01.c | 105 +++-
 2 files changed, 88 insertions(+), 23 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 939b468..aaa863e 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -499,10 +499,10 @@ static pflash_t *ve_pflash_cfi01_register(hwaddr base, 
const char *name,
 qdev_prop_set_uint8(dev, "width", 4);
 qdev_prop_set_uint8(dev, "device-width", 2);
 qdev_prop_set_uint8(dev, "big-endian", 0);
-qdev_prop_set_uint16(dev, "id0", 0x00);
-qdev_prop_set_uint16(dev, "id1", 0x89);
+qdev_prop_set_uint16(dev, "id0", 0x89);
+qdev_prop_set_uint16(dev, "id1", 0x18);
 qdev_prop_set_uint16(dev, "id2", 0x00);
-qdev_prop_set_uint16(dev, "id3", 0x18);
+qdev_prop_set_uint16(dev, "id3", 0x00);
 qdev_prop_set_string(dev, "name", name);
 qdev_init_nofail(dev);
 
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 8fd50fb..0c95d53 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -180,6 +180,58 @@ static uint32_t pflash_cfi_query(pflash_t *pfl, hwaddr 
offset)
 return resp;
 }
 
+
+
+/* Perform a device id query based on the bank width of the flash. */
+static uint32_t pflash_devid_query(pflash_t *pfl, hwaddr offset)
+{
+int i;
+uint32_t resp;
+hwaddr boff;
+
+/* Adjust incoming offset to match expected device-width
+ * addressing. Device ID read addresses are always specified in
+ * terms of the maximum supported width of the device.  This means
+ * that x8 devices and x8/x16 devices in x8 mode behave
+ * differently. For devices that are not used at their max width,
+ * we will be provided with addresses that use higher address bits
+ * than expected (based on the max width), so we will shift them
+ * lower so that they will match the addresses used when
+ * device_width==max_device_width.
+ */
+boff = offset >> (ctz32(pfl->bank_width) +
+  ctz32(pfl->max_device_width) - ctz32(pfl->device_width));
+
+/* Mask off upper bits which may be used in to query block
+ * or sector lock status at other addresses.
+ * Offsets 2/3 are block lock status, is not emulated.
+ */
+switch (boff & 0xFF) {
+case 0:
+resp = pfl->ident0;
+DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret);
+break;
+case 1:
+resp = pfl->ident1;
+DPRINTF("%s: Device ID Code %04x\n", __func__, ret);
+break;
+default:
+DPRINTF("%s: Read Device Information offset=%x\n", __func__,
+(unsigned)offset);
+return 0;
+break;
+}
+/* Replicate responses for each device in bank. */
+if (pfl->device_width < pfl->bank_width) {
+for (i = pfl->device_width;
+  i < pfl->bank_width; i += pfl->device_width) {
+resp = deposit32(resp, 8 * i, 8 * pfl->device_width, resp);
+}
+}
+
+return resp;
+}
+
 static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
  int width, int be)
 {
@@ -267,27 +319,40 @@ static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
 DPRINTF("%s: status %x\n", __func__, ret);
 break;
 case 0x90:
-boff = offset & 0xFF;
-if (pfl->bank_width == 2) {
-boff = boff >> 1;
-} else if (pfl->bank_width == 4) {
-boff = boff >> 2;
-}
+if (!pfl->device_width) {
+/* Preserve old behavior if device width not specified */
+boff = offset & 0xFF;
+if (pfl->bank_width == 2) {
+boff = boff >> 1;
+} else if (pfl->bank_width == 4) {
+boff = boff >> 2;
+}
 
-switch (boff) {
-case 0:
-ret = pfl->ident0 << 8 | pfl->ident1;
-DPRINTF("%s: Manufacturer Code %04x\n", __func__, ret);
-break;
-case 1:
-ret = pfl->ident2 << 8 | pfl->ident3;
-DPRINTF("%s: Device ID Code %04x\n", __func__, ret);
-bre

[Qemu-devel] [PATCH v3 10/19] bsd-user: add support for file system related system calls

[Stacey Son]

This change adds support or stubs for file system (except stat)
related system calls including read(2), pread(2), readv(2),
write(2), pwrite(2), writev(2), pwritev(2),  open(2), openat(2),
close(2), closefrom(2), revoke(2), access(2), eaccess(2),
faccessat(2), chdir(2), fchdir(2), rename(2), renameat(2), link(2),
linkat(2), unlink(2), unlinkat(2), mkdir(2), mkdirat(2), rmdir(2),
__getcwd(), dup(2), dup2(2), truncate(2), ftruncate(2), acct(2),
sync(2), mount(2), nmount(2), symlink(2), symlinkat(2), readlink(2),
readlinkat(2), chmod(2), fchmod(2), lchmod(2), fchmodat(2), mknod(2),
mknodat(2), chown(2), fchown(2), lchown(2), fchownat(2), chflags(2),
lchflags(2), fchflags(2), chroot(2), flock(2), mkfifo(2),
mkfifoat(2), pathconf(2), lpathconf(2), fpathconf(2), undelete(2),
poll(2), lseek(2), pipe(2), swapon(2), swapoff(2),
the undocumented openbsd_poll() and freebsd6_*() system calls.
---
 bsd-user/bsd-file.h |  +++
 bsd-user/qemu.h |   36 ++
 bsd-user/syscall.c  |  391 ++
 3 files changed, 1454 insertions(+), 84 deletions(-)
 create mode 100644 bsd-user/bsd-file.h

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
new file mode 100644
index 000..fc279a8
--- /dev/null
+++ b/bsd-user/bsd-file.h
@@ -0,0 +1, @@
+/*
+ *  file related system call shims and definitions
+ *
+ *  Copyright (c) 2013 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef __BSD_FILE_H_
+#define __BSD_FILE_H_
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define target_to_host_bitmask(x, tbl) (x)
+
+#define LOCK_PATH(p, arg)  do { \
+(p) =  lock_user_string(arg);   \
+if ((p) == NULL) {  \
+return -TARGET_EFAULT;  \
+}   \
+} while (0)
+
+#define UNLOCK_PATH(p, arg)   unlock_user((p), (arg), 0)
+
+struct target_pollfd {
+int32_t fd; /* file descriptor */
+int16_t events; /* requested events */
+int16_t revents;/* returned events */
+};
+
+static abi_long lock_iovec(int type, struct iovec *vec, abi_ulong target_addr,
+int count, int copy);
+static abi_long unlock_iovec(struct iovec *vec, abi_ulong target_addr,
+int count, int copy);
+extern int __getcwd(char *path, size_t len);
+
+/* read(2) */
+static inline abi_long do_bsd_read(abi_long arg1, abi_long arg2, abi_long arg3)
+{
+abi_long ret;
+void *p;
+
+p = lock_user(VERIFY_WRITE, arg2, arg3, 0);
+if (p == NULL) {
+return -TARGET_EFAULT;
+}
+ret = get_errno(read(arg1, p, arg3));
+unlock_user(p, arg2, ret);
+
+return ret;
+}
+
+/* pread(2) */
+static inline abi_long do_bsd_pread(void *cpu_env, abi_long arg1,
+abi_long arg2, abi_long arg3, abi_long arg4, abi_long arg5, abi_long arg6)
+{
+abi_long ret;
+void *p;
+
+p = lock_user(VERIFY_WRITE, arg2, arg3, 0);
+if (p == NULL) {
+return -TARGET_EFAULT;
+}
+if (regpairs_aligned(cpu_env) != 0) {
+arg4 = arg5;
+arg5 = arg6;
+}
+ret = get_errno(pread(arg1, p, arg3, target_offset64(arg4, arg5)));
+unlock_user(p, arg2, ret);
+
+return ret;
+}
+
+/* readv(2) */
+static inline abi_long do_bsd_readv(abi_long arg1, abi_long arg2, abi_long 
arg3)
+{
+abi_long ret;
+int count = arg3;
+struct iovec *vec;
+
+vec = alloca(count * sizeof(struct iovec));
+if (vec == NULL) {
+return -TARGET_ENOMEM;
+}
+if (lock_iovec(VERIFY_WRITE, vec, arg2, count, 0) < 0) {
+return -TARGET_EFAULT;
+}
+ret = get_errno(readv(arg1, vec, count));
+unlock_iovec(vec, arg2, count, 1);
+
+return ret;
+}
+
+/* write(2) */
+static inline abi_long do_bsd_write(abi_long arg1, abi_long arg2, abi_long 
arg3)
+{
+abi_long ret;
+void *p;
+
+p = lock_user(VERIFY_READ, arg2, arg3, 1);
+if (p == NULL) {
+return -TARGET_EFAULT;
+}
+ret = get_errno(write(arg1, p, arg3));
+unlock_user(p, arg2, 0);
+
+return ret;
+}
+
+/* pwrite(2) */
+static inline abi_long do_bsd_pwrite(void *cpu_env, abi_long arg1,
+abi_long arg2, abi_long arg3, abi_long arg4, abi_long arg5, abi_long arg6)
+{
+abi_long ret;
+void *p;
+
+p = lock_user(VERIFY_READ, arg2, arg3, 1);
+if (p == NULL) 

Re: [Qemu-devel] [PATCHv2] block: add native support for NFS

[Eric Blake]

On 12/17/2013 03:36 PM, Peter Lieven wrote:
> 
> 
>> Am 17.12.2013 um 18:13 schrieb ronnie sahlberg :
>>
>>> On Tue, Dec 17, 2013 at 9:03 AM, Peter Lieven  wrote:
>>> On 17.12.2013 17:47, Stefan Hajnoczi wrote:
>> ...
 Which NFS protocol versions are supported by current libnfs?
>>>
>>> Will check that out. Ronnie?
>>
>> It uses NFS v3 only.
> 
> should we use nfs3:// for the urls then?

Or maybe nfs://10.0.0.1/qemu-images/test.qcow2?protocol=3 (where
?protocol= is optional and defaults to 3, but could be expanded to
include 4 in the future, and that way the single nfs:// URI covers both
protocols).

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PULL 04/62] return status for each NOR flash device

[Peter Maydell]

From: Roy Franz 

Now that we know how wide each flash device that makes up the bank is,
return status for each device in the bank.  Leave existing code
that treats 32 bit wide banks as composed of two 16 bit devices as otherwise
we may break configurations that do not set the device_width propery.

Signed-off-by: Roy Franz 
Message-id: 1386279359-32286-4-git-send-email-roy.fr...@linaro.org
Signed-off-by: Peter Maydell 
---
 hw/block/pflash_cfi01.c | 15 +--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index a458ad6..82a2519 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -193,9 +193,20 @@ static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
 case 0x60: /* Block /un)lock */
 case 0x70: /* Status Register */
 case 0xe8: /* Write block */
-/* Status register read */
+/* Status register read.  Return status from each device in
+ * bank.
+ */
 ret = pfl->status;
-if (width > 2) {
+if (pfl->device_width && width > pfl->device_width) {
+int shift = pfl->device_width * 8;
+while (shift + pfl->device_width * 8 <= width * 8) {
+ret |= pfl->status << shift;
+shift += pfl->device_width * 8;
+}
+} else if (!pfl->device_width && width > 2) {
+/* Handle 32 bit flash cases where device width is not
+ * set. (Existing behavior before device width added.)
+ */
 ret |= pfl->status << 16;
 }
 DPRINTF("%s: status %x\n", __func__, ret);
-- 
1.8.5

[Qemu-devel] [PULL 36/62] target-arm: A64: add support for 'test and branch' imm

[Peter Maydell]

From: Alexander Graf 

This patch adds emulation for the test and branch insns,
TBZ and TBNZ.

Signed-off-by: Alexander Graf 
[claudio:
  adapted for new decoder
  always compare with 0
  remove a TCG temporary
]
Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 27 +--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 4eb2992..1d04303 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -233,10 +233,33 @@ static void disas_comp_b_imm(DisasContext *s, uint32_t 
insn)
 unsupported_encoding(s, insn);
 }
 
-/* Test & branch (immediate) */
+/* C3.2.5 Test & branch (immediate)
+ *   31  30 25  24  23   19 18  5 40
+ * ++-++---+-+--+
+ * | b5 | 0 1 1 0 1 1 | op |  b40  |imm14|  Rt  |
+ * ++-++---+-+--+
+ */
 static void disas_test_b_imm(DisasContext *s, uint32_t insn)
 {
-unsupported_encoding(s, insn);
+unsigned int bit_pos, op, rt;
+uint64_t addr;
+int label_match;
+TCGv_i64 tcg_cmp;
+
+bit_pos = (extract32(insn, 31, 1) << 5) | extract32(insn, 19, 5);
+op = extract32(insn, 24, 1); /* 0: TBZ; 1: TBNZ */
+addr = s->pc + sextract32(insn, 5, 14) * 4 - 4;
+rt = extract32(insn, 0, 5);
+
+tcg_cmp = tcg_temp_new_i64();
+tcg_gen_andi_i64(tcg_cmp, cpu_reg(s, rt), (1ULL << bit_pos));
+label_match = gen_new_label();
+tcg_gen_brcondi_i64(op ? TCG_COND_NE : TCG_COND_EQ,
+tcg_cmp, 0, label_match);
+tcg_temp_free_i64(tcg_cmp);
+gen_goto_tb(s, 0, s->pc);
+gen_set_label(label_match);
+gen_goto_tb(s, 1, addr);
 }
 
 /* C3.2.2 / C5.6.19 Conditional branch (immediate)
-- 
1.8.5

[Qemu-devel] [PULL 38/62] target-arm: A64: add support for conditional select

[Peter Maydell]

From: Claudio Fontana 

This patch adds support for the instruction group "C3.5.6
Conditional select": CSEL, CSINC, CSINV, CSNEG.

Signed-off-by: Claudio Fontana 
[PMM: Improved code generated in the nomatch case as per RTH suggestions]
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 67 --
 1 file changed, 65 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 5ae3a85..13eedf4 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -724,10 +724,73 @@ static void disas_cc_reg(DisasContext *s, uint32_t insn)
 unsupported_encoding(s, insn);
 }
 
-/* Conditional select */
+/* C3.5.6 Conditional select
+ *   31   30  29  28 21 20  16 15  12 11 10 95 40
+ * +++---+-+--+--+-+--+--+
+ * | sf | op | S | 1 1 0 1 0 1 0 0 |  Rm  | cond | op2 |  Rn  |  Rd  |
+ * +++---+-+--+--+-+--+--+
+ */
 static void disas_cond_select(DisasContext *s, uint32_t insn)
 {
-unsupported_encoding(s, insn);
+unsigned int sf, else_inv, rm, cond, else_inc, rn, rd;
+TCGv_i64 tcg_rd, tcg_src;
+
+if (extract32(insn, 29, 1) || extract32(insn, 11, 1)) {
+/* S == 1 or op2<1> == 1 */
+unallocated_encoding(s);
+return;
+}
+sf = extract32(insn, 31, 1);
+else_inv = extract32(insn, 30, 1);
+rm = extract32(insn, 16, 5);
+cond = extract32(insn, 12, 4);
+else_inc = extract32(insn, 10, 1);
+rn = extract32(insn, 5, 5);
+rd = extract32(insn, 0, 5);
+
+if (rd == 31) {
+/* silly no-op write; until we use movcond we must special-case
+ * this to avoid a dead temporary across basic blocks.
+ */
+return;
+}
+
+tcg_rd = cpu_reg(s, rd);
+
+if (cond >= 0x0e) { /* condition "always" */
+tcg_src = read_cpu_reg(s, rn, sf);
+tcg_gen_mov_i64(tcg_rd, tcg_src);
+} else {
+/* OPTME: we could use movcond here, at the cost of duplicating
+ * a lot of the arm_gen_test_cc() logic.
+ */
+int label_match = gen_new_label();
+int label_continue = gen_new_label();
+
+arm_gen_test_cc(cond, label_match);
+/* nomatch: */
+tcg_src = cpu_reg(s, rm);
+
+if (else_inv && else_inc) {
+tcg_gen_neg_i64(tcg_rd, tcg_src);
+} else if (else_inv) {
+tcg_gen_not_i64(tcg_rd, tcg_src);
+} else if (else_inc) {
+tcg_gen_addi_i64(tcg_rd, tcg_src, 1);
+} else {
+tcg_gen_mov_i64(tcg_rd, tcg_src);
+}
+if (!sf) {
+tcg_gen_ext32u_i64(tcg_rd, tcg_rd);
+}
+tcg_gen_br(label_continue);
+/* match: */
+gen_set_label(label_match);
+tcg_src = read_cpu_reg(s, rn, sf);
+tcg_gen_mov_i64(tcg_rd, tcg_src);
+/* continue: */
+gen_set_label(label_continue);
+}
 }
 
 /* Data-processing (1 source) */
-- 
1.8.5

[Qemu-devel] [PULL 51/62] hw/arm: add very initial support for Canon DIGIC SoC

[Peter Maydell]

From: Antony Pavlov 

DIGIC is Canon Inc.'s name for a family of SoC
for digital cameras and camcorders.

There is no publicly available specification for
DIGIC chips. All information about DIGIC chip
internals is based on reverse engineering efforts
made by CHDK (http://chdk.wikia.com) and
Magic Lantern (http://www.magiclantern.fm) projects
contributors.

Signed-off-by: Antony Pavlov 
Reviewed-by: Andreas Färber 
Reviewed-by: Peter Maydell 
Reviewed-by: Peter Crosthwaite 
Message-id: 1387188908-754-2-git-send-email-antonynpav...@gmail.com
Signed-off-by: Peter Maydell 
---
 default-configs/arm-softmmu.mak |  1 +
 hw/arm/Makefile.objs|  1 +
 hw/arm/digic.c  | 71 +
 include/hw/arm/digic.h  | 35 
 4 files changed, 108 insertions(+)
 create mode 100644 hw/arm/digic.c
 create mode 100644 include/hw/arm/digic.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index e48f102..2135be3 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -64,6 +64,7 @@ CONFIG_XILINX_SPIPS=y
 
 CONFIG_ARM11SCU=y
 CONFIG_A9SCU=y
+CONFIG_DIGIC=y
 CONFIG_MARVELL_88W8618=y
 CONFIG_OMAP=y
 CONFIG_TSC210X=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 78b5614..8789807 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -4,4 +4,5 @@ obj-y += omap_sx1.o palm.o realview.o spitz.o stellaris.o
 obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o z2.o
 
 obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
+obj-$(CONFIG_DIGIC) += digic.o
 obj-y += omap1.o omap2.o strongarm.o
diff --git a/hw/arm/digic.c b/hw/arm/digic.c
new file mode 100644
index 000..2620262
--- /dev/null
+++ b/hw/arm/digic.c
@@ -0,0 +1,71 @@
+/*
+ * QEMU model of the Canon DIGIC SoC.
+ *
+ * Copyright (C) 2013 Antony Pavlov 
+ *
+ * This model is based on reverse engineering efforts
+ * made by CHDK (http://chdk.wikia.com) and
+ * Magic Lantern (http://www.magiclantern.fm) projects
+ * contributors.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ */
+
+#include "hw/arm/digic.h"
+
+static void digic_init(Object *obj)
+{
+DigicState *s = DIGIC(obj);
+
+object_initialize(&s->cpu, sizeof(s->cpu), "arm946-" TYPE_ARM_CPU);
+object_property_add_child(obj, "cpu", OBJECT(&s->cpu), NULL);
+}
+
+static void digic_realize(DeviceState *dev, Error **errp)
+{
+DigicState *s = DIGIC(dev);
+Error *err = NULL;
+
+object_property_set_bool(OBJECT(&s->cpu), true, "reset-hivecs", &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
+}
+
+object_property_set_bool(OBJECT(&s->cpu), true, "realized", &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
+}
+}
+
+static void digic_class_init(ObjectClass *oc, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(oc);
+
+dc->realize = digic_realize;
+}
+
+static const TypeInfo digic_type_info = {
+.name = TYPE_DIGIC,
+.parent = TYPE_DEVICE,
+.instance_size = sizeof(DigicState),
+.instance_init = digic_init,
+.class_init = digic_class_init,
+};
+
+static void digic_register_types(void)
+{
+type_register_static(&digic_type_info);
+}
+
+type_init(digic_register_types)
diff --git a/include/hw/arm/digic.h b/include/hw/arm/digic.h
new file mode 100644
index 000..b7d16fb
--- /dev/null
+++ b/include/hw/arm/digic.h
@@ -0,0 +1,35 @@
+/*
+ * Misc Canon DIGIC declarations.
+ *
+ * Copyright (C) 2013 Antony Pavlov 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ */
+
+#ifndef HW_ARM_DIGIC_H
+#define HW_ARM_DIGIC_H
+
+#include "cpu.h"
+
+#define TYPE_DIGIC "digic"
+
+#define DIGIC(obj) OBJECT_CHECK(DigicState, (obj), TYPE_DIGIC)
+
+typedef struct DigicState {
+/*< private >*/
+DeviceState parent_obj;
+/*< public >*/
+
+ARMCPU cpu;
+} DigicState;
+
+#endif /* HW_ARM_DIGIC_H */
-- 
1.8.5

[Qemu-devel] [PULL 42/62] target-arm: A64: add support for 2-src data processing and DIV

[Peter Maydell]

From: Alexander Graf 

This patch adds support for decoding 2-src data processing insns,
and the first users, UDIV and SDIV.

Signed-off-by: Alexander Graf 
[claudio: adapted to new decoder adding the 2-src decoding level,
  always zero-extend result in 32bit mode]
Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/helper-a64.c| 21 ++
 target-arm/helper-a64.h|  2 ++
 target-arm/translate-a64.c | 72 --
 3 files changed, 93 insertions(+), 2 deletions(-)

diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c
index adb8428..abb98c0 100644
--- a/target-arm/helper-a64.c
+++ b/target-arm/helper-a64.c
@@ -23,3 +23,24 @@
 #include "qemu/host-utils.h"
 #include "sysemu/sysemu.h"
 #include "qemu/bitops.h"
+
+/* C2.4.7 Multiply and divide */
+/* special cases for 0 and LLONG_MIN are mandated by the standard */
+uint64_t HELPER(udiv64)(uint64_t num, uint64_t den)
+{
+if (den == 0) {
+return 0;
+}
+return num / den;
+}
+
+int64_t HELPER(sdiv64)(int64_t num, int64_t den)
+{
+if (den == 0) {
+return 0;
+}
+if (num == LLONG_MIN && den == -1) {
+return LLONG_MIN;
+}
+return num / den;
+}
diff --git a/target-arm/helper-a64.h b/target-arm/helper-a64.h
index dd28306..e0d6506 100644
--- a/target-arm/helper-a64.h
+++ b/target-arm/helper-a64.h
@@ -16,3 +16,5 @@
  * You should have received a copy of the GNU Lesser General Public
  * License along with this library; if not, see .
  */
+DEF_HELPER_FLAGS_2(udiv64, TCG_CALL_NO_RWG_SE, i64, i64, i64)
+DEF_HELPER_FLAGS_2(sdiv64, TCG_CALL_NO_RWG_SE, s64, s64, s64)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index f9336de..a0bc876 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1050,10 +1050,78 @@ static void disas_data_proc_1src(DisasContext *s, 
uint32_t insn)
 unsupported_encoding(s, insn);
 }
 
-/* Data-processing (2 source) */
+static void handle_div(DisasContext *s, bool is_signed, unsigned int sf,
+   unsigned int rm, unsigned int rn, unsigned int rd)
+{
+TCGv_i64 tcg_n, tcg_m, tcg_rd;
+tcg_rd = cpu_reg(s, rd);
+
+if (!sf && is_signed) {
+tcg_n = new_tmp_a64(s);
+tcg_m = new_tmp_a64(s);
+tcg_gen_ext32s_i64(tcg_n, cpu_reg(s, rn));
+tcg_gen_ext32s_i64(tcg_m, cpu_reg(s, rm));
+} else {
+tcg_n = read_cpu_reg(s, rn, sf);
+tcg_m = read_cpu_reg(s, rm, sf);
+}
+
+if (is_signed) {
+gen_helper_sdiv64(tcg_rd, tcg_n, tcg_m);
+} else {
+gen_helper_udiv64(tcg_rd, tcg_n, tcg_m);
+}
+
+if (!sf) { /* zero extend final result */
+tcg_gen_ext32u_i64(tcg_rd, tcg_rd);
+}
+}
+
+/* C3.5.8 Data-processing (2 source)
+ *   31   30  29 28 21 20  16 1510 95 40
+ * ++---+---+-+--++--+--+
+ * | sf | 0 | S | 1 1 0 1 0 1 1 0 |  Rm  | opcode |  Rn  |  Rd  |
+ * ++---+---+-+--++--+--+
+ */
 static void disas_data_proc_2src(DisasContext *s, uint32_t insn)
 {
-unsupported_encoding(s, insn);
+unsigned int sf, rm, opcode, rn, rd;
+sf = extract32(insn, 31, 1);
+rm = extract32(insn, 16, 5);
+opcode = extract32(insn, 10, 6);
+rn = extract32(insn, 5, 5);
+rd = extract32(insn, 0, 5);
+
+if (extract32(insn, 29, 1)) {
+unallocated_encoding(s);
+return;
+}
+
+switch (opcode) {
+case 2: /* UDIV */
+handle_div(s, false, sf, rm, rn, rd);
+break;
+case 3: /* SDIV */
+handle_div(s, true, sf, rm, rn, rd);
+break;
+case 8: /* LSLV */
+case 9: /* LSRV */
+case 10: /* ASRV */
+case 11: /* RORV */
+case 16:
+case 17:
+case 18:
+case 19:
+case 20:
+case 21:
+case 22:
+case 23: /* CRC32 */
+unsupported_encoding(s, insn);
+break;
+default:
+unallocated_encoding(s);
+break;
+}
 }
 
 /* C3.5 Data processing - register */
-- 
1.8.5

[Qemu-devel] [PULL 46/62] target-arm: A64: add support for 1-src REV insns

[Peter Maydell]

From: Claudio Fontana 

This adds support for C5.6.149 REV, C5.6.151 REV32, C5.6.150 REV16.

Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 73 +-
 1 file changed, 72 insertions(+), 1 deletion(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 0ed21fc..3c702a9 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1080,6 +1080,73 @@ static void handle_rbit(DisasContext *s, unsigned int sf,
 }
 }
 
+/* C5.6.149 REV with sf==1, opcode==3 ("REV64") */
+static void handle_rev64(DisasContext *s, unsigned int sf,
+ unsigned int rn, unsigned int rd)
+{
+if (!sf) {
+unallocated_encoding(s);
+return;
+}
+tcg_gen_bswap64_i64(cpu_reg(s, rd), cpu_reg(s, rn));
+}
+
+/* C5.6.149 REV with sf==0, opcode==2
+ * C5.6.151 REV32 (sf==1, opcode==2)
+ */
+static void handle_rev32(DisasContext *s, unsigned int sf,
+ unsigned int rn, unsigned int rd)
+{
+TCGv_i64 tcg_rd = cpu_reg(s, rd);
+
+if (sf) {
+TCGv_i64 tcg_tmp = tcg_temp_new_i64();
+TCGv_i64 tcg_rn = read_cpu_reg(s, rn, sf);
+
+/* bswap32_i64 requires zero high word */
+tcg_gen_ext32u_i64(tcg_tmp, tcg_rn);
+tcg_gen_bswap32_i64(tcg_rd, tcg_tmp);
+tcg_gen_shri_i64(tcg_tmp, tcg_rn, 32);
+tcg_gen_bswap32_i64(tcg_tmp, tcg_tmp);
+tcg_gen_concat32_i64(tcg_rd, tcg_rd, tcg_tmp);
+
+tcg_temp_free_i64(tcg_tmp);
+} else {
+tcg_gen_ext32u_i64(tcg_rd, cpu_reg(s, rn));
+tcg_gen_bswap32_i64(tcg_rd, tcg_rd);
+}
+}
+
+/* C5.6.150 REV16 (opcode==1) */
+static void handle_rev16(DisasContext *s, unsigned int sf,
+ unsigned int rn, unsigned int rd)
+{
+TCGv_i64 tcg_rd = cpu_reg(s, rd);
+TCGv_i64 tcg_tmp = tcg_temp_new_i64();
+TCGv_i64 tcg_rn = read_cpu_reg(s, rn, sf);
+
+tcg_gen_andi_i64(tcg_tmp, tcg_rn, 0x);
+tcg_gen_bswap16_i64(tcg_rd, tcg_tmp);
+
+tcg_gen_shri_i64(tcg_tmp, tcg_rn, 16);
+tcg_gen_andi_i64(tcg_tmp, tcg_tmp, 0x);
+tcg_gen_bswap16_i64(tcg_tmp, tcg_tmp);
+tcg_gen_deposit_i64(tcg_rd, tcg_rd, tcg_tmp, 16, 16);
+
+if (sf) {
+tcg_gen_shri_i64(tcg_tmp, tcg_rn, 32);
+tcg_gen_andi_i64(tcg_tmp, tcg_tmp, 0x);
+tcg_gen_bswap16_i64(tcg_tmp, tcg_tmp);
+tcg_gen_deposit_i64(tcg_rd, tcg_rd, tcg_tmp, 32, 16);
+
+tcg_gen_shri_i64(tcg_tmp, tcg_rn, 48);
+tcg_gen_bswap16_i64(tcg_tmp, tcg_tmp);
+tcg_gen_deposit_i64(tcg_rd, tcg_rd, tcg_tmp, 48, 16);
+}
+
+tcg_temp_free_i64(tcg_tmp);
+}
+
 /* C3.5.7 Data-processing (1 source)
  *   31  30  29  28 21 20 16 1510 95 40
  * ++---+---+-+-++--+--+
@@ -1105,9 +1172,13 @@ static void disas_data_proc_1src(DisasContext *s, 
uint32_t insn)
 handle_rbit(s, sf, rn, rd);
 break;
 case 1: /* REV16 */
+handle_rev16(s, sf, rn, rd);
+break;
 case 2: /* REV32 */
+handle_rev32(s, sf, rn, rd);
+break;
 case 3: /* REV64 */
-unsupported_encoding(s, insn);
+handle_rev64(s, sf, rn, rd);
 break;
 case 4: /* CLZ */
 handle_clz(s, sf, rn, rd);
-- 
1.8.5

[Qemu-devel] [PULL 11/62] target-arm/cpu: Convert reset CBAR to a property

[Peter Maydell]

From: Peter Crosthwaite 

The reset value of the CP15 CBAR is a vendor (machine) configurable
property. If ARM_FEATURE_CBAR is set, add it as a property at
post_init time.

Signed-off-by: Peter Crosthwaite 
Message-id: 
2f1eec3f912135deea6252360e03645003d12e0a.1387160489.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.c | 17 +
 1 file changed, 17 insertions(+)

diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index f21e995..fd04b36 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -21,6 +21,7 @@
 #include "cpu.h"
 #include "qemu-common.h"
 #include "hw/qdev-properties.h"
+#include "qapi/qmp/qerror.h"
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/loader.h"
 #endif
@@ -231,6 +232,21 @@ static void arm_cpu_initfn(Object *obj)
 }
 }
 
+static Property arm_cpu_reset_cbar_property =
+DEFINE_PROP_UINT32("reset-cbar", ARMCPU, reset_cbar, 0);
+
+static void arm_cpu_post_init(Object *obj)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+Error *err = NULL;
+
+if (arm_feature(&cpu->env, ARM_FEATURE_CBAR)) {
+qdev_property_add_static(DEVICE(obj), &arm_cpu_reset_cbar_property,
+ &err);
+assert_no_error(err);
+}
+}
+
 static void arm_cpu_finalizefn(Object *obj)
 {
 ARMCPU *cpu = ARM_CPU(obj);
@@ -994,6 +1010,7 @@ static const TypeInfo arm_cpu_type_info = {
 .parent = TYPE_CPU,
 .instance_size = sizeof(ARMCPU),
 .instance_init = arm_cpu_initfn,
+.instance_post_init = arm_cpu_post_init,
 .instance_finalize = arm_cpu_finalizefn,
 .abstract = true,
 .class_size = sizeof(ARMCPUClass),
-- 
1.8.5

[Qemu-devel] [PULL 49/62] target-arm: A64: add support for 1-src CLS insn

[Peter Maydell]

From: Claudio Fontana 

this patch adds support for the CLS instruction.

Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/helper-a64.c| 10 ++
 target-arm/helper-a64.h|  2 ++
 target-arm/translate-a64.c | 20 +++-
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c
index cccaac6..d3f7067 100644
--- a/target-arm/helper-a64.c
+++ b/target-arm/helper-a64.c
@@ -50,6 +50,16 @@ uint64_t HELPER(clz64)(uint64_t x)
 return clz64(x);
 }
 
+uint64_t HELPER(cls64)(uint64_t x)
+{
+return clrsb64(x);
+}
+
+uint32_t HELPER(cls32)(uint32_t x)
+{
+return clrsb32(x);
+}
+
 uint64_t HELPER(rbit64)(uint64_t x)
 {
 /* assign the correct byte position */
diff --git a/target-arm/helper-a64.h b/target-arm/helper-a64.h
index 9959139..a163a94 100644
--- a/target-arm/helper-a64.h
+++ b/target-arm/helper-a64.h
@@ -19,4 +19,6 @@
 DEF_HELPER_FLAGS_2(udiv64, TCG_CALL_NO_RWG_SE, i64, i64, i64)
 DEF_HELPER_FLAGS_2(sdiv64, TCG_CALL_NO_RWG_SE, s64, s64, s64)
 DEF_HELPER_FLAGS_1(clz64, TCG_CALL_NO_RWG_SE, i64, i64)
+DEF_HELPER_FLAGS_1(cls64, TCG_CALL_NO_RWG_SE, i64, i64)
+DEF_HELPER_FLAGS_1(cls32, TCG_CALL_NO_RWG_SE, i32, i32)
 DEF_HELPER_FLAGS_1(rbit64, TCG_CALL_NO_RWG_SE, i64, i64)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 2111bcd..2bb1795 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1114,6 +1114,24 @@ static void handle_clz(DisasContext *s, unsigned int sf,
 }
 }
 
+static void handle_cls(DisasContext *s, unsigned int sf,
+   unsigned int rn, unsigned int rd)
+{
+TCGv_i64 tcg_rd, tcg_rn;
+tcg_rd = cpu_reg(s, rd);
+tcg_rn = cpu_reg(s, rn);
+
+if (sf) {
+gen_helper_cls64(tcg_rd, tcg_rn);
+} else {
+TCGv_i32 tcg_tmp32 = tcg_temp_new_i32();
+tcg_gen_trunc_i64_i32(tcg_tmp32, tcg_rn);
+gen_helper_cls32(tcg_tmp32, tcg_tmp32);
+tcg_gen_extu_i32_i64(tcg_rd, tcg_tmp32);
+tcg_temp_free_i32(tcg_tmp32);
+}
+}
+
 static void handle_rbit(DisasContext *s, unsigned int sf,
 unsigned int rn, unsigned int rd)
 {
@@ -1236,7 +1254,7 @@ static void disas_data_proc_1src(DisasContext *s, 
uint32_t insn)
 handle_clz(s, sf, rn, rd);
 break;
 case 5: /* CLS */
-unsupported_encoding(s, insn);
+handle_cls(s, sf, rn, rd);
 break;
 }
 }
-- 
1.8.5

Re: [Qemu-devel] [qemu-kvm PATCH] docs: updated qemu-img man page and qemu-doc to reflect VHDX support.

[Stefan Weil]

Am 17.12.2013 19:41, schrieb Jeff Cody:
> The man page for qemu-img, and the qemu-doc, did not mention VHDX
> as a supported format.  This adds in reference to VHDX in those
> documents.
>
> Signed-off-by: Jeff Cody 
> ---
>  qemu-doc.texi | 15 +++
>  qemu-img.texi |  4 ++--
>  2 files changed, 17 insertions(+), 2 deletions(-)
>
> diff --git a/qemu-doc.texi b/qemu-doc.texi
> index 185dd47..10b4ae9 100644
> --- a/qemu-doc.texi
> +++ b/qemu-doc.texi
> @@ -654,6 +654,21 @@ Supported options:
>  Specifies which VHD subformat to use. Valid options are
>  @code{dynamic} (default) and @code{fixed}.
>  @end table
> +
> +@item VHDX
> +Hyper-V compatible image format (VHDX).
> +Supported options:
> +@table @code
> +@item subformat
> +Specifies which VHDX subformat to use. Valid options are
> +@code{dynamic} (default) and @code{fixed}.
> +@item block_state_zero
> +Force use of payload blocks of type 'ZERO'.
> +@item block_size
> +Block Size; min 1MB, max 256MB.  0 means auto-calculate based on image size.

Please add blanks: 1 MB, max 256 MB.

> +@item log_size
> +Log size; min 1MB.

1 MB

> +@end table
>  @end table
>  
>  @subsubsection Read-only formats
> diff --git a/qemu-img.texi b/qemu-img.texi
> index be31191..1bba91e 100644
> --- a/qemu-img.texi
> +++ b/qemu-img.texi
> @@ -431,8 +431,8 @@ This option can only be enabled if @code{compat=1.1} is 
> specified.
>  
>  @item Other
>  QEMU also supports various other image file formats for compatibility with
> -older QEMU versions or other hypervisors, including VMDK, VDI, VHD (vpc), 
> qcow1
> -and QED. For a full list of supported formats see @code{qemu-img --help}.
> +older QEMU versions or other hypervisors, including VMDK, VDI, VHD (vpc), 
> VHDX,
> +qcow1 and QED. For a full list of supported formats see @code{qemu-img 
> --help}.
>  For a more detailed description of these formats, see the QEMU Emulation User
>  Documentation.

Otherwise okay. I appreciate efforts to improve the documentation.

Reviewed-by: Stefan Weil 

[Qemu-devel] [PULL 48/62] host-utils: add clrsb32/64 - count leading redundant sign bits

[Peter Maydell]

From: Claudio Fontana 

this patch introduces wrappers for the clrsb builtins,
which count the leading redundant sign bits.

Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 include/qemu/host-utils.h | 32 
 1 file changed, 32 insertions(+)

diff --git a/include/qemu/host-utils.h b/include/qemu/host-utils.h
index 0f688c1..de85d28 100644
--- a/include/qemu/host-utils.h
+++ b/include/qemu/host-utils.h
@@ -228,6 +228,38 @@ static inline int cto64(uint64_t val)
 }
 
 /**
+ * clrsb32 - count leading redundant sign bits in a 32-bit value.
+ * @val: The value to search
+ *
+ * Returns the number of bits following the sign bit that are equal to it.
+ * No special cases; output range is [0-31].
+ */
+static inline int clrsb32(uint32_t val)
+{
+#if QEMU_GNUC_PREREQ(4, 7)
+return __builtin_clrsb(val);
+#else
+return clz32(val ^ ((int32_t)val >> 1)) - 1;
+#endif
+}
+
+/**
+ * clrsb64 - count leading redundant sign bits in a 64-bit value.
+ * @val: The value to search
+ *
+ * Returns the number of bits following the sign bit that are equal to it.
+ * No special cases; output range is [0-63].
+ */
+static inline int clrsb64(uint64_t val)
+{
+#if QEMU_GNUC_PREREQ(4, 7)
+return __builtin_clrsbll(val);
+#else
+return clz64(val ^ ((int64_t)val >> 1)) - 1;
+#endif
+}
+
+/**
  * ctpop8 - count the population of one bits in an 8-bit value.
  * @val: The value to search
  */
-- 
1.8.5

[Qemu-devel] [PULL 24/62] hw/arm/boot: Add boot support for AArch64 processor

[Peter Maydell]

From: "Mian M. Hamayun" 

This commit adds support for booting a single AArch64 CPU by setting
appropriate registers. The bootloader includes placeholders for Board-ID
that are used to implement uniform indexing across different bootloaders.

Signed-off-by: Mian M. Hamayun 
Signed-off-by: Peter Maydell 
Message-id: 1385645602-18662-7-git-send-email-peter.mayd...@linaro.org
[PMM:
 * updated to use ARMInsnFixup style bootloader fragments
 * dropped virt.c additions
 * use runtime checks for "is this an AArch64 core" rather than ifdefs
 * drop some unnecessary setting of registers in reset hook
]
Signed-off-by: Peter Maydell 
Reviewed-by: Christoffer Dall 
---
 hw/arm/boot.c | 43 ++-
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 0c05a64..90e9534 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -17,8 +17,13 @@
 #include "sysemu/device_tree.h"
 #include "qemu/config-file.h"
 
+/* Kernel boot protocol is specified in the kernel docs
+ * Documentation/arm/Booting and Documentation/arm64/booting.txt
+ * They have different preferred image load offsets from system RAM base.
+ */
 #define KERNEL_ARGS_ADDR 0x100
 #define KERNEL_LOAD_ADDR 0x0001
+#define KERNEL64_LOAD_ADDR 0x0008
 
 typedef enum {
 FIXUP_NONE = 0,   /* do nothing */
@@ -37,6 +42,20 @@ typedef struct ARMInsnFixup {
 FixupType fixup;
 } ARMInsnFixup;
 
+static const ARMInsnFixup bootloader_aarch64[] = {
+{ 0x58c0 }, /* ldr x0, arg ; Load the lower 32-bits of DTB */
+{ 0xaa1f03e1 }, /* mov x1, xzr */
+{ 0xaa1f03e2 }, /* mov x2, xzr */
+{ 0xaa1f03e3 }, /* mov x3, xzr */
+{ 0x5884 }, /* ldr x4, entry ; Load the lower 32-bits of kernel entry 
*/
+{ 0xd61f0080 }, /* br x4  ; Jump to the kernel entry point */
+{ 0, FIXUP_ARGPTR }, /* arg: .word @DTB Lower 32-bits */
+{ 0 }, /* .word @DTB Higher 32-bits */
+{ 0, FIXUP_ENTRYPOINT }, /* entry: .word @Kernel Entry Lower 32-bits */
+{ 0 }, /* .word @Kernel Entry Higher 32-bits */
+{ 0, FIXUP_TERMINATOR }
+};
+
 /* The worlds second smallest bootloader.  Set r0-r2, then jump to kernel.  */
 static const ARMInsnFixup bootloader[] = {
 { 0xe3a0 }, /* mov r0, #0 */
@@ -396,7 +415,12 @@ static void do_cpu_reset(void *opaque)
 env->thumb = info->entry & 1;
 } else {
 if (CPU(cpu) == first_cpu) {
-env->regs[15] = info->loader_start;
+if (env->aarch64) {
+env->pc = info->loader_start;
+} else {
+env->regs[15] = info->loader_start;
+}
+
 if (!info->dtb_filename) {
 if (old_param) {
 set_kernel_args_old(info);
@@ -418,8 +442,9 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info 
*info)
 int initrd_size;
 int is_linux = 0;
 uint64_t elf_entry;
-hwaddr entry;
+hwaddr entry, kernel_load_offset;
 int big_endian;
+static const ARMInsnFixup *primary_loader;
 
 /* Load the kernel.  */
 if (!info->kernel_filename) {
@@ -429,6 +454,14 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info 
*info)
 return;
 }
 
+if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
+primary_loader = bootloader_aarch64;
+kernel_load_offset = KERNEL64_LOAD_ADDR;
+} else {
+primary_loader = bootloader;
+kernel_load_offset = KERNEL_LOAD_ADDR;
+}
+
 info->dtb_filename = qemu_opt_get(qemu_get_machine_opts(), "dtb");
 
 if (!info->secondary_cpu_reset_hook) {
@@ -469,9 +502,9 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info 
*info)
   &is_linux);
 }
 if (kernel_size < 0) {
-entry = info->loader_start + KERNEL_LOAD_ADDR;
+entry = info->loader_start + kernel_load_offset;
 kernel_size = load_image_targphys(info->kernel_filename, entry,
-  info->ram_size - KERNEL_LOAD_ADDR);
+  info->ram_size - kernel_load_offset);
 is_linux = 1;
 }
 if (kernel_size < 0) {
@@ -532,7 +565,7 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info 
*info)
 fixupcontext[FIXUP_ENTRYPOINT] = entry;
 
 write_bootloader("bootloader", info->loader_start,
- bootloader, fixupcontext);
+ primary_loader, fixupcontext);
 
 if (info->nb_cpus > 1) {
 info->write_secondary_boot(cpu, info);
-- 
1.8.5

[Qemu-devel] [PULL 44/62] target-arm: A64: add support for 1-src data processing and CLZ

[Peter Maydell]

From: Claudio Fontana 

This patch adds support for decoding 1-src data processing insns,
and the first user, C5.6.40 CLZ (count leading zeroes).

Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/helper-a64.c|  5 +
 target-arm/helper-a64.h|  1 +
 target-arm/translate-a64.c | 52 --
 3 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c
index abb98c0..e4c5346 100644
--- a/target-arm/helper-a64.c
+++ b/target-arm/helper-a64.c
@@ -44,3 +44,8 @@ int64_t HELPER(sdiv64)(int64_t num, int64_t den)
 }
 return num / den;
 }
+
+uint64_t HELPER(clz64)(uint64_t x)
+{
+return clz64(x);
+}
diff --git a/target-arm/helper-a64.h b/target-arm/helper-a64.h
index e0d6506..b10b6c3 100644
--- a/target-arm/helper-a64.h
+++ b/target-arm/helper-a64.h
@@ -18,3 +18,4 @@
  */
 DEF_HELPER_FLAGS_2(udiv64, TCG_CALL_NO_RWG_SE, i64, i64, i64)
 DEF_HELPER_FLAGS_2(sdiv64, TCG_CALL_NO_RWG_SE, s64, s64, s64)
+DEF_HELPER_FLAGS_1(clz64, TCG_CALL_NO_RWG_SE, i64, i64)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index acf30c3..e5481da 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1044,10 +1044,58 @@ static void disas_cond_select(DisasContext *s, uint32_t 
insn)
 }
 }
 
-/* Data-processing (1 source) */
+static void handle_clz(DisasContext *s, unsigned int sf,
+   unsigned int rn, unsigned int rd)
+{
+TCGv_i64 tcg_rd, tcg_rn;
+tcg_rd = cpu_reg(s, rd);
+tcg_rn = cpu_reg(s, rn);
+
+if (sf) {
+gen_helper_clz64(tcg_rd, tcg_rn);
+} else {
+TCGv_i32 tcg_tmp32 = tcg_temp_new_i32();
+tcg_gen_trunc_i64_i32(tcg_tmp32, tcg_rn);
+gen_helper_clz(tcg_tmp32, tcg_tmp32);
+tcg_gen_extu_i32_i64(tcg_rd, tcg_tmp32);
+tcg_temp_free_i32(tcg_tmp32);
+}
+}
+
+/* C3.5.7 Data-processing (1 source)
+ *   31  30  29  28 21 20 16 1510 95 40
+ * ++---+---+-+-++--+--+
+ * | sf | 1 | S | 1 1 0 1 0 1 1 0 | opcode2 | opcode |  Rn  |  Rd  |
+ * ++---+---+-+-++--+--+
+ */
 static void disas_data_proc_1src(DisasContext *s, uint32_t insn)
 {
-unsupported_encoding(s, insn);
+unsigned int sf, opcode, rn, rd;
+
+if (extract32(insn, 29, 1) || extract32(insn, 16, 5)) {
+unallocated_encoding(s);
+return;
+}
+
+sf = extract32(insn, 31, 1);
+opcode = extract32(insn, 10, 6);
+rn = extract32(insn, 5, 5);
+rd = extract32(insn, 0, 5);
+
+switch (opcode) {
+case 0: /* RBIT */
+case 1: /* REV16 */
+case 2: /* REV32 */
+case 3: /* REV64 */
+unsupported_encoding(s, insn);
+break;
+case 4: /* CLZ */
+handle_clz(s, sf, rn, rd);
+break;
+case 5: /* CLS */
+unsupported_encoding(s, insn);
+break;
+}
 }
 
 static void handle_div(DisasContext *s, bool is_signed, unsigned int sf,
-- 
1.8.5

[Qemu-devel] [PULL 61/62] hw/arm: add cubieboard support

[Peter Maydell]

From: liguang 

Signed-off-by: liguang 
Reviewed-by: Peter Crosthwaite 
Message-id: 1387159292-10436-6-git-send-email-lig.f...@cn.fujitsu.com
Signed-off-by: Peter Maydell 
---
 hw/arm/Makefile.objs |  2 +-
 hw/arm/cubieboard.c  | 69 
 tests/qom-test.c |  1 +
 3 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/cubieboard.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index fab30a7..6088e53 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -7,4 +7,4 @@ obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o 
z2.o
 obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
 obj-$(CONFIG_DIGIC) += digic.o
 obj-y += omap1.o omap2.o strongarm.o
-obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o
+obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
diff --git a/hw/arm/cubieboard.c b/hw/arm/cubieboard.c
new file mode 100644
index 000..3fcb6d2
--- /dev/null
+++ b/hw/arm/cubieboard.c
@@ -0,0 +1,69 @@
+/*
+ * cubieboard emulation
+ *
+ * Copyright (C) 2013 Li Guang
+ * Written by Li Guang 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/devices.h"
+#include "hw/boards.h"
+#include "hw/arm/allwinner-a10.h"
+
+static struct arm_boot_info cubieboard_binfo = {
+.loader_start = AW_A10_SDRAM_BASE,
+.board_id = 0x1008,
+};
+
+typedef struct CubieBoardState {
+AwA10State *a10;
+MemoryRegion sdram;
+} CubieBoardState;
+
+static void cubieboard_init(QEMUMachineInitArgs *args)
+{
+CubieBoardState *s = g_new(CubieBoardState, 1);
+Error *err = NULL;
+
+s->a10 = AW_A10(object_new(TYPE_AW_A10));
+object_property_set_bool(OBJECT(s->a10), true, "realized", &err);
+if (err != NULL) {
+error_report("Couldn't realize Allwinner A10: %s\n",
+error_get_pretty(err));
+exit(1);
+}
+
+memory_region_init_ram(&s->sdram, NULL, "cubieboard.ram", args->ram_size);
+vmstate_register_ram_global(&s->sdram);
+memory_region_add_subregion(get_system_memory(), AW_A10_SDRAM_BASE,
+&s->sdram);
+
+cubieboard_binfo.ram_size = args->ram_size;
+cubieboard_binfo.kernel_filename = args->kernel_filename;
+cubieboard_binfo.kernel_cmdline = args->kernel_cmdline;
+arm_load_kernel(&s->a10->cpu, &cubieboard_binfo);
+}
+
+static QEMUMachine cubieboard_machine = {
+.name = "cubieboard",
+.desc = "cubietech cubieboard",
+.init = cubieboard_init,
+};
+
+
+static void cubieboard_machine_init(void)
+{
+qemu_register_machine(&cubieboard_machine);
+}
+
+machine_init(cubieboard_machine_init)
diff --git a/tests/qom-test.c b/tests/qom-test.c
index f67f7c2..5e5af7a 100644
--- a/tests/qom-test.c
+++ b/tests/qom-test.c
@@ -71,6 +71,7 @@ static const char *arm_machines[] = {
 "highbank",
 "midway",
 "canon-a1100",
+"cubieboard",
 };
 
 static const char *cris_machines[] = {
-- 
1.8.5

Re: [Qemu-devel] [PATCHv2] block: add native support for NFS

[Peter Lieven]

> Am 17.12.2013 um 18:13 schrieb ronnie sahlberg :
> 
>> On Tue, Dec 17, 2013 at 9:03 AM, Peter Lieven  wrote:
>> On 17.12.2013 17:47, Stefan Hajnoczi wrote:
> ...
>>> Which NFS protocol versions are supported by current libnfs?
>> 
>> Will check that out. Ronnie?
> 
> It uses NFS v3 only.

should we use nfs3:// for the urls then?

[Qemu-devel] [PULL 52/62] hw/arm/digic: prepare DIGIC-based boards support

[Peter Maydell]

From: Antony Pavlov 

Also this patch adds initial support for Canon
PowerShot A1100 IS compact camera.

Signed-off-by: Antony Pavlov 
Message-id: 1387188908-754-3-git-send-email-antonynpav...@gmail.com
Signed-off-by: Peter Maydell 
---
 hw/arm/Makefile.objs  |  1 +
 hw/arm/digic_boards.c | 84 +++
 tests/qom-test.c  |  1 +
 3 files changed, 86 insertions(+)
 create mode 100644 hw/arm/digic_boards.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 8789807..d7d37f2 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -1,4 +1,5 @@
 obj-y += boot.o collie.o exynos4_boards.o gumstix.o highbank.o
+obj-$(CONFIG_DIGIC) += digic_boards.o
 obj-y += integratorcp.o kzm.o mainstone.o musicpal.o nseries.o
 obj-y += omap_sx1.o palm.o realview.o spitz.o stellaris.o
 obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o z2.o
diff --git a/hw/arm/digic_boards.c b/hw/arm/digic_boards.c
new file mode 100644
index 000..87a9c4b
--- /dev/null
+++ b/hw/arm/digic_boards.c
@@ -0,0 +1,84 @@
+/*
+ * QEMU model of the Canon DIGIC boards (cameras indeed :).
+ *
+ * Copyright (C) 2013 Antony Pavlov 
+ *
+ * This model is based on reverse engineering efforts
+ * made by CHDK (http://chdk.wikia.com) and
+ * Magic Lantern (http://www.magiclantern.fm) projects
+ * contributors.
+ *
+ * See docs here:
+ *   http://magiclantern.wikia.com/wiki/Register_Map
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ */
+
+#include "hw/boards.h"
+#include "exec/address-spaces.h"
+#include "qemu/error-report.h"
+#include "hw/arm/digic.h"
+
+typedef struct DigicBoardState {
+DigicState *digic;
+MemoryRegion ram;
+} DigicBoardState;
+
+typedef struct DigicBoard {
+hwaddr ram_size;
+} DigicBoard;
+
+static void digic4_board_setup_ram(DigicBoardState *s, hwaddr ram_size)
+{
+memory_region_init_ram(&s->ram, NULL, "ram", ram_size);
+memory_region_add_subregion(get_system_memory(), 0, &s->ram);
+vmstate_register_ram_global(&s->ram);
+}
+
+static void digic4_board_init(DigicBoard *board)
+{
+Error *err = NULL;
+
+DigicBoardState *s = g_new(DigicBoardState, 1);
+
+s->digic = DIGIC(object_new(TYPE_DIGIC));
+object_property_set_bool(OBJECT(s->digic), true, "realized", &err);
+if (err != NULL) {
+error_report("Couldn't realize DIGIC SoC: %s\n",
+ error_get_pretty(err));
+exit(1);
+}
+
+digic4_board_setup_ram(s, board->ram_size);
+}
+
+static DigicBoard digic4_board_canon_a1100 = {
+.ram_size = 64 * 1024 * 1024,
+};
+
+static void canon_a1100_init(QEMUMachineInitArgs *args)
+{
+digic4_board_init(&digic4_board_canon_a1100);
+}
+
+static QEMUMachine canon_a1100 = {
+.name = "canon-a1100",
+.desc = "Canon PowerShot A1100 IS",
+.init = &canon_a1100_init,
+};
+
+static void digic_register_machines(void)
+{
+qemu_register_machine(&canon_a1100);
+}
+
+machine_init(digic_register_machines)
diff --git a/tests/qom-test.c b/tests/qom-test.c
index 499be40..f67f7c2 100644
--- a/tests/qom-test.c
+++ b/tests/qom-test.c
@@ -70,6 +70,7 @@ static const char *arm_machines[] = {
 "xilinx-zynq-a9",
 "highbank",
 "midway",
+"canon-a1100",
 };
 
 static const char *cris_machines[] = {
-- 
1.8.5

Re: [Qemu-devel] [qemu-kvm PATCH] docs: updated qemu-img man page and qemu-doc to reflect VHDX support.

[Jeff Cody]

On Tue, Dec 17, 2013 at 07:51:49PM +0100, Stefan Weil wrote:
> Am 17.12.2013 19:41, schrieb Jeff Cody:
> > The man page for qemu-img, and the qemu-doc, did not mention VHDX
> > as a supported format.  This adds in reference to VHDX in those
> > documents.
> >
> > Signed-off-by: Jeff Cody 
> > ---
> >  qemu-doc.texi | 15 +++
> >  qemu-img.texi |  4 ++--
> >  2 files changed, 17 insertions(+), 2 deletions(-)
> >
> > diff --git a/qemu-doc.texi b/qemu-doc.texi
> > index 185dd47..10b4ae9 100644
> > --- a/qemu-doc.texi
> > +++ b/qemu-doc.texi
> > @@ -654,6 +654,21 @@ Supported options:
> >  Specifies which VHD subformat to use. Valid options are
> >  @code{dynamic} (default) and @code{fixed}.
> >  @end table
> > +
> > +@item VHDX
> > +Hyper-V compatible image format (VHDX).
> > +Supported options:
> > +@table @code
> > +@item subformat
> > +Specifies which VHDX subformat to use. Valid options are
> > +@code{dynamic} (default) and @code{fixed}.
> > +@item block_state_zero
> > +Force use of payload blocks of type 'ZERO'.
> > +@item block_size
> > +Block Size; min 1MB, max 256MB.  0 means auto-calculate based on image 
> > size.
> 
> Please add blanks: 1 MB, max 256 MB.
> 
> > +@item log_size
> > +Log size; min 1MB.
> 
> 1 MB
>

OK, thanks.

> > +@end table
> >  @end table
> >  
> >  @subsubsection Read-only formats
> > diff --git a/qemu-img.texi b/qemu-img.texi
> > index be31191..1bba91e 100644
> > --- a/qemu-img.texi
> > +++ b/qemu-img.texi
> > @@ -431,8 +431,8 @@ This option can only be enabled if @code{compat=1.1} is 
> > specified.
> >  
> >  @item Other
> >  QEMU also supports various other image file formats for compatibility with
> > -older QEMU versions or other hypervisors, including VMDK, VDI, VHD (vpc), 
> > qcow1
> > -and QED. For a full list of supported formats see @code{qemu-img --help}.
> > +older QEMU versions or other hypervisors, including VMDK, VDI, VHD (vpc), 
> > VHDX,
> > +qcow1 and QED. For a full list of supported formats see @code{qemu-img 
> > --help}.
> >  For a more detailed description of these formats, see the QEMU Emulation 
> > User
> >  Documentation.
> 
> Otherwise okay. I appreciate efforts to improve the documentation.
> 
> Reviewed-by: Stefan Weil 
> 

Re: [Qemu-devel] [PATCH 01/38] bitmap: use long as index

[Stefan Weil]

Am 17.12.2013 19:05, schrieb Eric Blake:
> On 12/17/2013 08:25 AM, Juan Quintela wrote:
>> Move index and size fields from int to long.  We need that for
>> migration.  long is 64 bits on sane architectures, and 32bits should
>> be enough on all the 32bits architectures.


Does this also work for "insane" architectures like Windows (64 bit) where
long is only 32 bit? Wouldn't uintptr_t or intptr_t be better (also for
x32)?


>>
>>
>> Signed-off-by: Juan Quintela 
>> ---
>>  include/qemu/bitmap.h | 77
++-
>>  include/qemu/bitops.h | 14 +-
>>  util/bitmap.c | 60 +++
>>  3 files changed, 76 insertions(+), 75 deletions(-)
>>
>> diff --git a/include/qemu/bitmap.h b/include/qemu/bitmap.h
>> index 308bbb7..afdd257 100644
>> --- a/include/qemu/bitmap.h
>> +++ b/include/qemu/bitmap.h
>> @@ -31,7 +31,7 @@
>>   * bitmap_andnot(dst, src1, src2, nbits)*dst = *src1 & ~(*src2)
>>   * bitmap_complement(dst, src, nbits)*dst = ~(*src)
>>   * bitmap_equal(src1, src2, nbits)Are *src1 and *src2 equal?
>> - * bitmap_intersects(src1, src2, nbits) Do *src1 and *src2 overlap?
>> + * bitmap_intersects(src1, src2, nbits) Do *src1 and *src2
overlap?
>
> Spurious whitespace change?
>
>>   * bitmap_empty(src, nbits)Are all bits zero in *src?
>>   * bitmap_full(src, nbits)Are all bits set in *src?
>>   * bitmap_set(dst, pos, nbits)Set specified bit area
>> @@ -62,71 +62,71 @@
>>  )
>>
>>  #define DECLARE_BITMAP(name,bits)  \
>> -unsigned long name[BITS_TO_LONGS(bits)]
>> +unsigned long name[BITS_TO_LONGS(bits)]
>>
>>  #define small_nbits(nbits)  \
>> -((nbits) <= BITS_PER_LONG)
>> +((nbits) <= BITS_PER_LONG)
>
> Whitespace change, but in same hunk as real changes, so ok for
> checkpatch.pl reasons.
>
>> +++ b/include/qemu/bitops.h
>> @@ -28,7 +28,7 @@
>>   * @nr: the bit to set
>>   * @addr: the address to start counting from
>>   */
>> -static inline void set_bit(int nr, unsigned long *addr)
>> +static inline void set_bit(long nr, unsigned long *addr)
>>  {
>>  unsigned long mask = BIT_MASK(nr);
>>  unsigned long *p = addr + BIT_WORD(nr);
>
> Worth cleaning up this whitespace while in the area?
>
> Content changes seem sane to me:
> Reviewed-by: Eric Blake 
>

Cheers,
Stefan

[Qemu-devel] [PULL 34/62] target-arm: A64: add support for BR, BLR and RET insns

[Peter Maydell]

From: Alexander Graf 

Implement BR, BLR and RET. This is all of the 'unconditional
branch (register)' instruction category except for ERET
and DPRS (which are system mode only).

Signed-off-by: Alexander Graf 
[claudio: reimplemented on top of new decoder structure]
Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 43 +--
 1 file changed, 41 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index ead5658..b694665 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -384,10 +384,49 @@ static void disas_exc(DisasContext *s, uint32_t insn)
 unsupported_encoding(s, insn);
 }
 
-/* Unconditional branch (register) */
+/* C3.2.7 Unconditional branch (register)
+ *  31   25 24   21 20   16 15   10 95 4 0
+ * +---+---+---+---+--+---+
+ * | 1 1 0 1 0 1 1 |  opc  |  op2  |  op3  |  Rn  |  op4  |
+ * +---+---+---+---+--+---+
+ */
 static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
 {
-unsupported_encoding(s, insn);
+unsigned int opc, op2, op3, rn, op4;
+
+opc = extract32(insn, 21, 4);
+op2 = extract32(insn, 16, 5);
+op3 = extract32(insn, 10, 6);
+rn = extract32(insn, 5, 5);
+op4 = extract32(insn, 0, 5);
+
+if (op4 != 0x0 || op3 != 0x0 || op2 != 0x1f) {
+unallocated_encoding(s);
+return;
+}
+
+switch (opc) {
+case 0: /* BR */
+case 2: /* RET */
+break;
+case 1: /* BLR */
+tcg_gen_movi_i64(cpu_reg(s, 30), s->pc);
+break;
+case 4: /* ERET */
+case 5: /* DRPS */
+if (rn != 0x1f) {
+unallocated_encoding(s);
+} else {
+unsupported_encoding(s, insn);
+}
+return;
+default:
+unallocated_encoding(s);
+return;
+}
+
+tcg_gen_mov_i64(cpu_pc, cpu_reg(s, rn));
+s->is_jmp = DISAS_JUMP;
 }
 
 /* C3.2 Branches, exception generating and system instructions */
-- 
1.8.5

[Qemu-devel] [PULL 05/62] Set proper device-width for vexpress flash

[Peter Maydell]

From: Roy Franz 

Create vexpress specific pflash registration
function which properly configures the device-width
of 16 bits (2 bytes) for the NOR flash on the
vexpress platform.  This change is required for
buffered flash writes to work properly.

Signed-off-by: Roy Franz 
Message-id: 1386279359-32286-5-git-send-email-roy.fr...@linaro.org
Signed-off-by: Peter Maydell 
---
 hw/arm/vexpress.c | 44 ++--
 1 file changed, 34 insertions(+), 10 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index f48de00..939b468 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -480,6 +480,36 @@ static void vexpress_modify_dtb(const struct arm_boot_info 
*info, void *fdt)
 }
 }
 
+
+/* Open code a private version of pflash registration since we
+ * need to set non-default device width for VExpress platform.
+ */
+static pflash_t *ve_pflash_cfi01_register(hwaddr base, const char *name,
+  DriveInfo *di)
+{
+DeviceState *dev = qdev_create(NULL, "cfi.pflash01");
+
+if (di && qdev_prop_set_drive(dev, "drive", di->bdrv)) {
+abort();
+}
+
+qdev_prop_set_uint32(dev, "num-blocks",
+ VEXPRESS_FLASH_SIZE / VEXPRESS_FLASH_SECT_SIZE);
+qdev_prop_set_uint64(dev, "sector-length", VEXPRESS_FLASH_SECT_SIZE);
+qdev_prop_set_uint8(dev, "width", 4);
+qdev_prop_set_uint8(dev, "device-width", 2);
+qdev_prop_set_uint8(dev, "big-endian", 0);
+qdev_prop_set_uint16(dev, "id0", 0x00);
+qdev_prop_set_uint16(dev, "id1", 0x89);
+qdev_prop_set_uint16(dev, "id2", 0x00);
+qdev_prop_set_uint16(dev, "id3", 0x18);
+qdev_prop_set_string(dev, "name", name);
+qdev_init_nofail(dev);
+
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+return OBJECT_CHECK(pflash_t, (dev), "cfi.pflash01");
+}
+
 static void vexpress_common_init(VEDBoardInfo *daughterboard,
  QEMUMachineInitArgs *args)
 {
@@ -561,11 +591,8 @@ static void vexpress_common_init(VEDBoardInfo 
*daughterboard,
 sysbus_create_simple("pl111", map[VE_CLCD], pic[14]);
 
 dinfo = drive_get_next(IF_PFLASH);
-pflash0 = pflash_cfi01_register(map[VE_NORFLASH0], NULL, "vexpress.flash0",
-VEXPRESS_FLASH_SIZE, dinfo ? dinfo->bdrv : NULL,
-VEXPRESS_FLASH_SECT_SIZE,
-VEXPRESS_FLASH_SIZE / VEXPRESS_FLASH_SECT_SIZE, 4,
-0x00, 0x89, 0x00, 0x18, 0);
+pflash0 = ve_pflash_cfi01_register(map[VE_NORFLASH0], "vexpress.flash0",
+   dinfo);
 if (!pflash0) {
 fprintf(stderr, "vexpress: error registering flash 0.\n");
 exit(1);
@@ -580,11 +607,8 @@ static void vexpress_common_init(VEDBoardInfo 
*daughterboard,
 }
 
 dinfo = drive_get_next(IF_PFLASH);
-if (!pflash_cfi01_register(map[VE_NORFLASH1], NULL, "vexpress.flash1",
-VEXPRESS_FLASH_SIZE, dinfo ? dinfo->bdrv : NULL,
-VEXPRESS_FLASH_SECT_SIZE,
-VEXPRESS_FLASH_SIZE / VEXPRESS_FLASH_SECT_SIZE, 4,
-0x00, 0x89, 0x00, 0x18, 0)) {
+if (!ve_pflash_cfi01_register(map[VE_NORFLASH1], "vexpress.flash1",
+  dinfo)) {
 fprintf(stderr, "vexpress: error registering flash 1.\n");
 exit(1);
 }
-- 
1.8.5

[Qemu-devel] [PULL 50/62] target-arm: A64: add support for logical (immediate) insns

[Peter Maydell]

From: Alexander Graf 

This patch adds support for C3.4.4 Logical (immediate),
which include AND, ANDS, ORR, EOR.

Signed-off-by: Alexander Graf 
[claudio: adapted to new decoder, function renaming,
  removed a TCG temp variable]
Signed-off-by: Claudio Fontana 
[PMM: cleaned up some unnecessary code in logic_imm_decode_wmask
and added clarifying commentary on what it's actually doing.
Dropped an ext32u that's not needed if we've just done an AND.]
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 175 -
 1 file changed, 173 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 2bb1795..0a76130 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -201,6 +201,21 @@ static TCGv_i64 new_tmp_a64_zero(DisasContext *s)
 return t;
 }
 
+/*
+ * Register access functions
+ *
+ * These functions are used for directly accessing a register in where
+ * changes to the final register value are likely to be made. If you
+ * need to use a register for temporary calculation (e.g. index type
+ * operations) use the read_* form.
+ *
+ * B1.2.1 Register mappings
+ *
+ * In instruction register encoding 31 can refer to ZR (zero register) or
+ * the SP (stack pointer) depending on context. In QEMU's case we map SP
+ * to cpu_X[31] and ZR accesses to a temporary which can be discarded.
+ * This is the point of the _sp forms.
+ */
 static TCGv_i64 cpu_reg(DisasContext *s, int reg)
 {
 if (reg == 31) {
@@ -210,6 +225,12 @@ static TCGv_i64 cpu_reg(DisasContext *s, int reg)
 }
 }
 
+/* register access for when 31 == SP */
+static TCGv_i64 cpu_reg_sp(DisasContext *s, int reg)
+{
+return cpu_X[reg];
+}
+
 /* read a cpu register in 32bit/64bit mode. Returns a TCGv_i64
  * representing the register contents. This TCGv is an auto-freed
  * temporary so it need not be explicitly freed, and may be modified.
@@ -686,10 +707,160 @@ static void disas_add_sub_imm(DisasContext *s, uint32_t 
insn)
 unsupported_encoding(s, insn);
 }
 
-/* Logical (immediate) */
+/* The input should be a value in the bottom e bits (with higher
+ * bits zero); returns that value replicated into every element
+ * of size e in a 64 bit integer.
+ */
+static uint64_t bitfield_replicate(uint64_t mask, unsigned int e)
+{
+assert(e != 0);
+while (e < 64) {
+mask |= mask << e;
+e *= 2;
+}
+return mask;
+}
+
+/* Return a value with the bottom len bits set (where 0 < len <= 64) */
+static inline uint64_t bitmask64(unsigned int length)
+{
+assert(length > 0 && length <= 64);
+return ~0ULL >> (64 - length);
+}
+
+/* Simplified variant of pseudocode DecodeBitMasks() for the case where we
+ * only require the wmask. Returns false if the imms/immr/immn are a reserved
+ * value (ie should cause a guest UNDEF exception), and true if they are
+ * valid, in which case the decoded bit pattern is written to result.
+ */
+static bool logic_imm_decode_wmask(uint64_t *result, unsigned int immn,
+   unsigned int imms, unsigned int immr)
+{
+uint64_t mask;
+unsigned e, levels, s, r;
+int len;
+
+assert(immn < 2 && imms < 64 && immr < 64);
+
+/* The bit patterns we create here are 64 bit patterns which
+ * are vectors of identical elements of size e = 2, 4, 8, 16, 32 or
+ * 64 bits each. Each element contains the same value: a run
+ * of between 1 and e-1 non-zero bits, rotated within the
+ * element by between 0 and e-1 bits.
+ *
+ * The element size and run length are encoded into immn (1 bit)
+ * and imms (6 bits) as follows:
+ * 64 bit elements: immn = 1, imms = 
+ * 32 bit elements: immn = 0, imms = 0 : 
+ * 16 bit elements: immn = 0, imms = 10 : 
+ *  8 bit elements: immn = 0, imms = 110 : 
+ *  4 bit elements: immn = 0, imms = 1110 : 
+ *  2 bit elements: immn = 0, imms = 0 : 
+ * Notice that immn = 0, imms = 1x is the only combination
+ * not covered by one of the above options; this is reserved.
+ * Further,  all-ones is a reserved pattern.
+ *
+ * In all cases the rotation is by immr % e (and immr is 6 bits).
+ */
+
+/* First determine the element size */
+len = 31 - clz32((immn << 6) | (~imms & 0x3f));
+if (len < 1) {
+/* This is the immn == 0, imms == 0x1x case */
+return false;
+}
+e = 1 << len;
+
+levels = e - 1;
+s = imms & levels;
+r = immr & levels;
+
+if (s == levels) {
+/*  mustn't be all-ones. */
+return false;
+}
+
+/* Create the value of one element: s+1 set bits rotated
+ * by r within the element (which is e bits wide)...
+ */
+mask = bitmask64(s + 1);
+mask = (mask >> r) | (mask << (e - r));
+/* ...then replicate the element over the whole 64 bit value */
+mask = bitfield_replicate(mask, e);
+*result

[Qemu-devel] [PATCH v3 12/19] bsd-user: add support for memory management related syscalls

[Stacey Son]

This change adds support or stubs for memory management related
system calls including mmap(2), munmap(2), mprotect(2), msync(2),
mlock(2), munlock(2), mlockall(2), munlockall(2), madvise(2),
minherit(2), mincore(2), shm_open(2), shm_unlink(2), shmget(2),
shmctl(2), shmat(2), shmdt(2), vadvise(), sbrk(), sstk(), and
freebsd6_mmap().
---
 bsd-user/Makefile.objs |2 +-
 bsd-user/bsd-mem.c |  122 +++
 bsd-user/bsd-mem.h |  393 
 bsd-user/mmap.c|  178 --
 bsd-user/qemu-bsd.h|   10 ++
 bsd-user/qemu.h|3 +-
 bsd-user/syscall.c |  174 +-
 7 files changed, 700 insertions(+), 182 deletions(-)
 create mode 100644 bsd-user/bsd-mem.c
 create mode 100644 bsd-user/bsd-mem.h

diff --git a/bsd-user/Makefile.objs b/bsd-user/Makefile.objs
index caf95ed..77709cd 100644
--- a/bsd-user/Makefile.objs
+++ b/bsd-user/Makefile.objs
@@ -1,5 +1,5 @@
 obj-y = main.o bsdload.o elfload.o mmap.o signal.o strace.o syscall.o \
-   uaccess.o bsd-proc.o \
+   uaccess.o bsd-mem.o bsd-proc.o \
$(HOST_VARIANT_DIR)/os-proc.o \
$(HOST_VARIANT_DIR)/os-stat.o \
$(HOST_VARIANT_DIR)/os-sys.o \
diff --git a/bsd-user/bsd-mem.c b/bsd-user/bsd-mem.c
new file mode 100644
index 000..bfe03aa
--- /dev/null
+++ b/bsd-user/bsd-mem.c
@@ -0,0 +1,122 @@
+/*
+ *  memory management system conversion routines
+ *
+ *  Copyright (c) 2013 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include 
+#include 
+
+#include "qemu.h"
+#include "qemu-bsd.h"
+
+struct bsd_shm_regions bsd_shm_regions[N_BSD_SHM_REGIONS];
+
+abi_ulong bsd_target_brk;
+abi_ulong bsd_target_original_brk;
+
+void target_set_brk(abi_ulong new_brk)
+{
+
+bsd_target_original_brk = bsd_target_brk = HOST_PAGE_ALIGN(new_brk);
+}
+
+abi_long target_to_host_ipc_perm(struct ipc_perm *host_ip,
+abi_ulong target_addr)
+{
+struct target_ipc_perm *target_ip;
+
+if (!lock_user_struct(VERIFY_READ, target_ip, target_addr, 1)) {
+return -TARGET_EFAULT;
+}
+__get_user(host_ip->cuid, &target_ip->cuid);
+__get_user(host_ip->cgid, &target_ip->cgid);
+__get_user(host_ip->uid, &target_ip->uid);
+__get_user(host_ip->gid, &target_ip->gid);
+__get_user(host_ip->mode, &target_ip->mode);
+__get_user(host_ip->seq, &target_ip->seq);
+__get_user(host_ip->key, &target_ip->key);
+unlock_user_struct(target_ip, target_addr, 0);
+
+return 0;
+}
+
+abi_long host_to_target_ipc_perm(abi_ulong target_addr,
+struct ipc_perm *host_ip)
+{
+struct target_ipc_perm *target_ip;
+
+if (!lock_user_struct(VERIFY_WRITE, target_ip, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+__put_user(host_ip->cuid, &target_ip->cuid);
+__put_user(host_ip->cgid, &target_ip->cgid);
+__put_user(host_ip->uid, &target_ip->uid);
+__put_user(host_ip->gid, &target_ip->gid);
+__put_user(host_ip->mode, &target_ip->mode);
+__put_user(host_ip->seq, &target_ip->seq);
+__put_user(host_ip->key, &target_ip->key);
+unlock_user_struct(target_ip, target_addr, 1);
+
+return 0;
+}
+
+abi_long target_to_host_shmid_ds(struct shmid_ds *host_sd,
+abi_ulong target_addr)
+{
+struct target_shmid_ds *target_sd;
+
+if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1)) {
+return -TARGET_EFAULT;
+}
+if (target_to_host_ipc_perm(&(host_sd->shm_perm), target_addr)) {
+return -TARGET_EFAULT;
+}
+__get_user(host_sd->shm_segsz, &target_sd->shm_segsz);
+__get_user(host_sd->shm_lpid, &target_sd->shm_lpid);
+__get_user(host_sd->shm_cpid, &target_sd->shm_cpid);
+__get_user(host_sd->shm_nattch, &target_sd->shm_nattch);
+__get_user(host_sd->shm_atime, &target_sd->shm_atime);
+__get_user(host_sd->shm_dtime, &target_sd->shm_dtime);
+__get_user(host_sd->shm_ctime, &target_sd->shm_ctime);
+unlock_user_struct(target_sd, target_addr, 0);
+
+return 0;
+}
+
+abi_long host_to_target_shmid_ds(abi_ulong target_addr,
+struct shmid_ds *host_sd)
+{
+struct target_shmid_ds *target_sd;
+
+if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+if (host_to_target_ipc_pe

Re: [Qemu-devel] [PATCH 2/2] xen: build on ARM

[Peter Maydell]

On 17 December 2013 18:20, Stefano Stabellini
 wrote:
> On Tue, 17 Dec 2013, Peter Maydell wrote:
>> Per-host-architecture ifdef ladders are kind of nasty. What's this
>> code actually trying to do ? (looks like maybe "64 bit host addresses
>> vs 32 bit host addresses" ?)
>
> Almost.
> It is trying to decide how much stuff we can map into QEMU's address
> space (that is what the "Cap" is referring to). In particular consider
> the case where we are running on an ARMv8 system, dom0 and QEMU are
> 32-bit and the guest is 64-bit.

Right, so you essentially want to know the size of a host address
(that's 32 bits in a 32 bit QEMU even if the h/w is ARMv8).

#if HOST_LONG_BITS == 32
[stuff for 32 bit address space]
#else
[stuff for 64 bit address space]
#endif

thanks
-- PMM

[Qemu-devel] [PULL 18/62] ARM: arm_cpu_reset: make it possible to use high vectors for reset_exc

[Peter Maydell]

From: Antony Pavlov 

If hivecs are being used on reset, the CPU should come out of reset at
the hivecs reset vector (0x)

Signed-off-by: Antony Pavlov 
Signed-off-by: Peter Crosthwaite 
Message-id: 
3afc69c4f58f60aa2bbee7b91574a4eb414b1c23.1387160489.git.peter.crosthwa...@xilinx.com
[ PC Changes:
 * Fixed Grammar error in commit message
 * Elaborated commit message.
]
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 3bce1d6..8288c7d 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -121,6 +121,11 @@ static void arm_cpu_reset(CPUState *s)
 env->regs[15] = pc & ~1;
 }
 }
+
+if (env->cp15.c1_sys & (1 << 13)) {
+env->regs[15] = 0x;
+}
+
 env->vfp.xregs[ARM_VFP_FPEXC] = 0;
 #endif
 set_flush_to_zero(1, &env->vfp.standard_fp_status);
-- 
1.8.5

[Qemu-devel] [PULL 37/62] target-arm: A64: add support for compare and branch imm

[Peter Maydell]

From: Alexander Graf 

This patch adds emulation for the compare and branch insns,
CBZ and CBNZ.

Signed-off-by: Alexander Graf 
[claudio: adapted to new decoder,
  compare with immediate 0,
  introduce read_cpu_reg to get the 0 extension on (!sf)]
Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 46 --
 1 file changed, 44 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 1d04303..5ae3a85 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -202,6 +202,25 @@ static TCGv_i64 cpu_reg(DisasContext *s, int reg)
 }
 }
 
+/* read a cpu register in 32bit/64bit mode. Returns a TCGv_i64
+ * representing the register contents. This TCGv is an auto-freed
+ * temporary so it need not be explicitly freed, and may be modified.
+ */
+static TCGv_i64 read_cpu_reg(DisasContext *s, int reg, int sf)
+{
+TCGv_i64 v = new_tmp_a64(s);
+if (reg != 31) {
+if (sf) {
+tcg_gen_mov_i64(v, cpu_X[reg]);
+} else {
+tcg_gen_ext32u_i64(v, cpu_X[reg]);
+}
+} else {
+tcg_gen_movi_i64(v, 0);
+}
+return v;
+}
+
 /*
  * the instruction disassembly implemented here matches
  * the instruction encoding classifications in chapter 3 (C3)
@@ -227,10 +246,33 @@ static void disas_uncond_b_imm(DisasContext *s, uint32_t 
insn)
 gen_goto_tb(s, 0, addr);
 }
 
-/* Compare & branch (immediate) */
+/* C3.2.1 Compare & branch (immediate)
+ *   31  30 25  24  23  5 4  0
+ * ++-++-++
+ * | sf | 0 1 1 0 1 0 | op | imm19   |   Rt   |
+ * ++-++-++
+ */
 static void disas_comp_b_imm(DisasContext *s, uint32_t insn)
 {
-unsupported_encoding(s, insn);
+unsigned int sf, op, rt;
+uint64_t addr;
+int label_match;
+TCGv_i64 tcg_cmp;
+
+sf = extract32(insn, 31, 1);
+op = extract32(insn, 24, 1); /* 0: CBZ; 1: CBNZ */
+rt = extract32(insn, 0, 5);
+addr = s->pc + sextract32(insn, 5, 19) * 4 - 4;
+
+tcg_cmp = read_cpu_reg(s, rt, sf);
+label_match = gen_new_label();
+
+tcg_gen_brcondi_i64(op ? TCG_COND_NE : TCG_COND_EQ,
+tcg_cmp, 0, label_match);
+
+gen_goto_tb(s, 0, s->pc);
+gen_set_label(label_match);
+gen_goto_tb(s, 1, addr);
 }
 
 /* C3.2.5 Test & branch (immediate)
-- 
1.8.5

[Qemu-devel] [PULL 57/62] vmstate: Add support for an array of ptimer_state *

[Peter Maydell]

Add support for defining a vmstate field which is an array
of pointers to structures, and use this to define a
VMSTATE_PTIMER_ARRAY() which allows an array of ptimer_state*
to be used by devices.

Signed-off-by: Peter Maydell 
Message-id: 1387159292-10436-2-git-send-email-lig.f...@cn.fujitsu.com
---
 include/hw/ptimer.h |  4 
 include/migration/vmstate.h | 10 ++
 2 files changed, 14 insertions(+)

diff --git a/include/hw/ptimer.h b/include/hw/ptimer.h
index 28fcaf1..a33edf4 100644
--- a/include/hw/ptimer.h
+++ b/include/hw/ptimer.h
@@ -36,4 +36,8 @@ extern const VMStateDescription vmstate_ptimer;
 .offset = vmstate_offset_pointer(_state, _field, ptimer_state), \
 }
 
+#define VMSTATE_PTIMER_ARRAY(_f, _s, _n)\
+VMSTATE_ARRAY_OF_POINTER_TO_STRUCT(_f, _s, _n, 0,   \
+   vmstate_ptimer, ptimer_state)
+
 #endif
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 9d09e60..be193ba 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -339,6 +339,16 @@ extern const VMStateInfo vmstate_info_bitmap;
 .offset = vmstate_offset_array(_state, _field, _type, _num), \
 }
 
+#define VMSTATE_ARRAY_OF_POINTER_TO_STRUCT(_f, _s, _n, _v, _vmsd, _type) { \
+.name   = (stringify(_f)),   \
+.version_id = (_v),  \
+.num= (_n),  \
+.vmsd   = &(_vmsd),  \
+.size   = sizeof(_type *),\
+.flags  = VMS_ARRAY|VMS_STRUCT|VMS_ARRAY_OF_POINTER, \
+.offset = vmstate_offset_array(_s, _f, _type*, _n),  \
+}
+
 #define VMSTATE_STRUCT_ARRAY_TEST(_field, _state, _num, _test, _version, 
_vmsd, _type) { \
 .name = (stringify(_field)), \
 .num  = (_num),  \
-- 
1.8.5

Re: [Qemu-devel] [V2 PATCH 11/18] softfloat: Fix float64_to_uint32

[Peter Maydell]

On 17 December 2013 17:45, Peter Maydell  wrote:
> I'm partway through fixing this bug in an implementation of
> float*_to_uint16 which the ARM AArch64 needs. I think the
> cleanest approach to this looks like this:
>
> uint32 float64_to_uint32( float64 a STATUS_PARAM )
> {
> int64_t v;
> uint32 res;
> int old_exc_flags = get_float_exception_flags(status);
>
> v = float64_to_uint64(a STATUS_VAR);
> if (v > 0x) {
> res = 0x;
> } else {
> return v;
> }
> set_float_exception_flags(old_exc_flags);

...should be
set_float_exception_flags(old_exc_flags, status);

> float_raise(float_flag_invalid STATUS_VAR);
> return res;
> }

thanks
-- PMM

[Qemu-devel] [PULL 43/62] target-arm: A64: add support for 2-src shift reg insns

[Peter Maydell]

From: Alexander Graf 

This adds 2-src variable shift register instructions:
C5.6.115 LSLV, C5.6.118 LSRV, C5.6.17 ASRV, C5.6.154 RORV

Signed-off-by: Alexander Graf 
[claudio: adapted to new decoder, use enums for shift types]
Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index a0bc876..acf30c3 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1077,6 +1077,20 @@ static void handle_div(DisasContext *s, bool is_signed, 
unsigned int sf,
 }
 }
 
+/* C5.6.115 LSLV, C5.6.118 LSRV, C5.6.17 ASRV, C5.6.154 RORV */
+static void handle_shift_reg(DisasContext *s,
+ enum a64_shift_type shift_type, unsigned int sf,
+ unsigned int rm, unsigned int rn, unsigned int rd)
+{
+TCGv_i64 tcg_shift = tcg_temp_new_i64();
+TCGv_i64 tcg_rd = cpu_reg(s, rd);
+TCGv_i64 tcg_rn = read_cpu_reg(s, rn, sf);
+
+tcg_gen_andi_i64(tcg_shift, cpu_reg(s, rm), sf ? 63 : 31);
+shift_reg(tcg_rd, tcg_rn, sf, shift_type, tcg_shift);
+tcg_temp_free_i64(tcg_shift);
+}
+
 /* C3.5.8 Data-processing (2 source)
  *   31   30  29 28 21 20  16 1510 95 40
  * ++---+---+-+--++--+--+
@@ -1105,9 +1119,17 @@ static void disas_data_proc_2src(DisasContext *s, 
uint32_t insn)
 handle_div(s, true, sf, rm, rn, rd);
 break;
 case 8: /* LSLV */
+handle_shift_reg(s, A64_SHIFT_TYPE_LSL, sf, rm, rn, rd);
+break;
 case 9: /* LSRV */
+handle_shift_reg(s, A64_SHIFT_TYPE_LSR, sf, rm, rn, rd);
+break;
 case 10: /* ASRV */
+handle_shift_reg(s, A64_SHIFT_TYPE_ASR, sf, rm, rn, rd);
+break;
 case 11: /* RORV */
+handle_shift_reg(s, A64_SHIFT_TYPE_ROR, sf, rm, rn, rd);
+break;
 case 16:
 case 17:
 case 18:
-- 
1.8.5

[Qemu-devel] [PULL 20/62] target-arm: Clean up handling of AArch64 PSTATE

[Peter Maydell]

The env->pstate field is a little odd since it doesn't strictly
speaking represent an architectural register. However it's convenient
for QEMU to use it to hold the various PSTATE architectural bits
in the same format the architecture specifies for SPSR registers
(since this is the same format the kernel uses for signal handlers
and the KVM register). Add some structure to how we deal with it:
 * document what env->pstate is
 * add some #defines for various bits in it
 * add helpers for reading/writing it taking account of caching
   of NZCV, and use them where appropriate
 * reset it on startup

Signed-off-by: Peter Maydell 
Message-id: 1385645602-18662-3-git-send-email-peter.mayd...@linaro.org
Reviewed-by: Christoffer Dall 
---
 linux-user/signal.c|  6 ++--
 target-arm/cpu.c   |  6 
 target-arm/cpu.h   | 70 ++
 target-arm/gdbstub64.c |  4 +--
 target-arm/translate-a64.c | 12 
 5 files changed, 78 insertions(+), 20 deletions(-)

diff --git a/linux-user/signal.c b/linux-user/signal.c
index 7751c47..4e7148a 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -1171,7 +1171,7 @@ static int target_setup_sigframe(struct 
target_rt_sigframe *sf,
 }
 __put_user(env->xregs[31], &sf->uc.tuc_mcontext.sp);
 __put_user(env->pc, &sf->uc.tuc_mcontext.pc);
-__put_user(env->pstate, &sf->uc.tuc_mcontext.pstate);
+__put_user(pstate_read(env), &sf->uc.tuc_mcontext.pstate);
 
 __put_user(/*current->thread.fault_address*/ 0,
 &sf->uc.tuc_mcontext.fault_address);
@@ -1210,6 +1210,7 @@ static int target_restore_sigframe(CPUARMState *env,
 struct target_aux_context *aux =
 (struct target_aux_context *)sf->uc.tuc_mcontext.__reserved;
 uint32_t magic, size;
+uint64_t pstate;
 
 target_to_host_sigset(&set, &sf->uc.tuc_sigmask);
 sigprocmask(SIG_SETMASK, &set, NULL);
@@ -1220,7 +1221,8 @@ static int target_restore_sigframe(CPUARMState *env,
 
 __get_user(env->xregs[31], &sf->uc.tuc_mcontext.sp);
 __get_user(env->pc, &sf->uc.tuc_mcontext.pc);
-__get_user(env->pstate, &sf->uc.tuc_mcontext.pstate);
+__get_user(pstate, &sf->uc.tuc_mcontext.pstate);
+pstate_write(env, pstate);
 
 __get_user(magic, &aux->fpsimd.head.magic);
 __get_user(size, &aux->fpsimd.head.size);
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 8288c7d..408d207 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -89,6 +89,12 @@ static void arm_cpu_reset(CPUState *s)
 if (arm_feature(env, ARM_FEATURE_AARCH64)) {
 /* 64 bit CPUs always start in 64 bit mode */
 env->aarch64 = 1;
+#if defined(CONFIG_USER_ONLY)
+env->pstate = PSTATE_MODE_EL0t;
+#else
+env->pstate = PSTATE_D | PSTATE_A | PSTATE_I | PSTATE_F
+| PSTATE_MODE_EL1h;
+#endif
 }
 
 #if defined(CONFIG_USER_ONLY)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index c6c19e9..3af4ed3 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -113,8 +113,15 @@ typedef struct CPUARMState {
 /* Regs for A64 mode.  */
 uint64_t xregs[32];
 uint64_t pc;
-/* TODO: pstate doesn't correspond to an architectural register;
- * it would be better modelled as the underlying fields.
+/* PSTATE isn't an architectural register for ARMv8. However, it is
+ * convenient for us to assemble the underlying state into a 32 bit format
+ * identical to the architectural format used for the SPSR. (This is also
+ * what the Linux kernel's 'pstate' field in signal handlers and KVM's
+ * 'pstate' register are.) Of the PSTATE bits:
+ *  NZCV are kept in the split out env->CF/VF/NF/ZF, (which have the same
+ *semantics as for AArch32, as described in the comments on each field)
+ *  nRW (also known as M[4]) is kept, inverted, in env->aarch64
+ *  all other bits are stored in their correct places in env->pstate
  */
 uint32_t pstate;
 uint32_t aarch64; /* 1 if CPU is in aarch64 state; inverse of PSTATE.nRW */
@@ -309,15 +316,6 @@ static inline bool is_a64(CPUARMState *env)
 return env->aarch64;
 }
 
-#define PSTATE_N_SHIFT 3
-#define PSTATE_N  (1 << PSTATE_N_SHIFT)
-#define PSTATE_Z_SHIFT 2
-#define PSTATE_Z  (1 << PSTATE_Z_SHIFT)
-#define PSTATE_C_SHIFT 1
-#define PSTATE_C  (1 << PSTATE_C_SHIFT)
-#define PSTATE_V_SHIFT 0
-#define PSTATE_V  (1 << PSTATE_V_SHIFT)
-
 /* you can call this signal handler from your SIGBUS and SIGSEGV
signal handlers to inform the virtual CPU of exceptions. non zero
is returned if the signal was handled by the virtual CPU.  */
@@ -352,6 +350,56 @@ int cpu_arm_handle_mmu_fault (CPUARMState *env, 
target_ulong address, int rw,
 /* Execution state bits.  MRS read as zero, MSR writes ignored.  */
 #define CPSR_EXEC (CPSR_T | CPSR_IT | CPSR_J)
 
+/* Bit definitions for ARMv8 SPSR (PSTATE) format.
+ * Only these are valid when in AArch64 mode; in
+ * AArch32 mode SPSRs are basically CPSR-format.
+ */
+#d

Re: [Qemu-devel] [qemu-kvm PATCH v2] docs: updated qemu-img man page and qemu-doc to reflect VHDX support.

[Stefan Weil]

Am 17.12.2013 19:56, schrieb Jeff Cody:
> The man page for qemu-img, and the qemu-doc, did not mention VHDX
> as a supported format.  This adds in reference to VHDX in those
> documents.
>
> Signed-off-by: Jeff Cody 
> ---
>  qemu-doc.texi | 15 +++
>  qemu-img.texi |  4 ++--
>  2 files changed, 17 insertions(+), 2 deletions(-)
>
> diff --git a/qemu-doc.texi b/qemu-doc.texi
> index 185dd47..f9f11ae 100644
> --- a/qemu-doc.texi
> +++ b/qemu-doc.texi
> @@ -654,6 +654,21 @@ Supported options:
>  Specifies which VHD subformat to use. Valid options are
>  @code{dynamic} (default) and @code{fixed}.
>  @end table
> +
> +@item VHDX
> +Hyper-V compatible image format (VHDX).
> +Supported options:
> +@table @code
> +@item subformat
> +Specifies which VHDX subformat to use. Valid options are
> +@code{dynamic} (default) and @code{fixed}.
> +@item block_state_zero
> +Force use of payload blocks of type 'ZERO'.
> +@item block_size
> +Block Size; min 1 MB, max 256 MB.  0 means auto-calculate based on image 
> size.

s/Size/size/ (can be fixed by Kevin or Stefan, no need for a v3 patch)

> +@item log_size
> +Log size; min 1 MB.
> +@end table
>  @end table
>  
>  @subsubsection Read-only formats
> diff --git a/qemu-img.texi b/qemu-img.texi
> index be31191..1bba91e 100644
> --- a/qemu-img.texi
> +++ b/qemu-img.texi
> @@ -431,8 +431,8 @@ This option can only be enabled if @code{compat=1.1} is 
> specified.
>  
>  @item Other
>  QEMU also supports various other image file formats for compatibility with
> -older QEMU versions or other hypervisors, including VMDK, VDI, VHD (vpc), 
> qcow1
> -and QED. For a full list of supported formats see @code{qemu-img --help}.
> +older QEMU versions or other hypervisors, including VMDK, VDI, VHD (vpc), 
> VHDX,
> +qcow1 and QED. For a full list of supported formats see @code{qemu-img 
> --help}.
>  For a more detailed description of these formats, see the QEMU Emulation User
>  Documentation.

Reviewed-by: Stefan Weil 

[Qemu-devel] [PULL 09/62] target-arm/helper.c: Allow cp15.c15 dummy override

[Peter Maydell]

From: Peter Crosthwaite 

The cp15.c15 space is implementation defined. Currently there is a
dummy placeholder register RAZing it. Allow overriding of this RAZ
so implementations of specific registers can take precedence.

Signed-off-by: Peter Crosthwaite 
Reviewed-by: Peter Maydell 
Message-id: 
ed1bacec56dae00cb398c798f8240e8e685f949c.1387160489.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 target-arm/helper.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 5e5e5aa..71d6be3 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1338,7 +1338,8 @@ static const ARMCPRegInfo dummy_c15_cp_reginfo[] = {
  */
 { .name = "C15_IMPDEF", .cp = 15, .crn = 15,
   .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
-  .access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE,
+  .access = PL1_RW,
+  .type = ARM_CP_CONST | ARM_CP_NO_MIGRATE | ARM_CP_OVERRIDE,
   .resetvalue = 0 },
 REGINFO_SENTINEL
 };
-- 
1.8.5

[Qemu-devel] [PULL 03/62] Add device-width property to pflash_cfi01

[Peter Maydell]

From: Roy Franz 

The width of the devices that make up the flash interface
is required to mask certain commands, in particular the
write length for buffered writes.  This length will be presented
to each device on the interface by the program writing the flash,
and the flash emulation code needs to be able to determine
the length of the write as recieved by each flash device.
The device-width defaults to the bank width which should
maintain existing behavior for platforms that don't need
this change.
This change is required to support buffered writes on the
vexpress platform that has a 32 bit flash interface with 2
16 bit devices on it.

Signed-off-by: Roy Franz 
Message-id: 1386279359-32286-3-git-send-email-roy.fr...@linaro.org
Signed-off-by: Peter Maydell 
---
 hw/block/pflash_cfi01.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index a0d7a16..a458ad6 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -40,6 +40,7 @@
 #include "hw/block/flash.h"
 #include "block/block.h"
 #include "qemu/timer.h"
+#include "qemu/bitops.h"
 #include "exec/address-spaces.h"
 #include "qemu/host-utils.h"
 #include "hw/sysbus.h"
@@ -72,6 +73,7 @@ struct pflash_t {
 uint32_t nb_blocs;
 uint64_t sector_len;
 uint8_t bank_width;
+uint8_t device_width; /* If 0, device width not specified. */
 uint8_t be;
 uint8_t wcycle; /* if 0, the flash is read normally */
 int ro;
@@ -379,6 +381,14 @@ static void pflash_write(pflash_t *pfl, hwaddr offset,
 
 break;
 case 0xe8:
+/* Mask writeblock size based on device width, or bank width if
+ * device width not specified.
+ */
+if (pfl->device_width) {
+value = extract32(value, 0, pfl->device_width * 8);
+} else {
+value = extract32(value, 0, pfl->bank_width * 8);
+}
 DPRINTF("%s: block write of %x bytes\n", __func__, value);
 pfl->counter = value;
 pfl->wcycle++;
@@ -708,6 +718,7 @@ static Property pflash_cfi01_properties[] = {
 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0),
 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0),
+DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0),
 DEFINE_PROP_UINT8("big-endian", struct pflash_t, be, 0),
 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
-- 
1.8.5

[Qemu-devel] [PULL 47/62] target-arm: A64: add support for bitfield insns

[Peter Maydell]

From: Claudio Fontana 

This patch implements the C3.4.2 Bitfield instructions:
SBFM, BFM, UBFM.

Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 56 --
 1 file changed, 54 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 3c702a9..2111bcd 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -698,10 +698,62 @@ static void disas_movw_imm(DisasContext *s, uint32_t insn)
 unsupported_encoding(s, insn);
 }
 
-/* Bitfield */
+/* C3.4.2 Bitfield
+ *   31  30 29 28 23 22  21  16 15  10 95 40
+ * ++-+-+---+--+--+--+--+
+ * | sf | opc | 1 0 0 1 1 0 | N | immr | imms |  Rn  |  Rd  |
+ * ++-+-+---+--+--+--+--+
+ */
 static void disas_bitfield(DisasContext *s, uint32_t insn)
 {
-unsupported_encoding(s, insn);
+unsigned int sf, n, opc, ri, si, rn, rd, bitsize, pos, len;
+TCGv_i64 tcg_rd, tcg_tmp;
+
+sf = extract32(insn, 31, 1);
+opc = extract32(insn, 29, 2);
+n = extract32(insn, 22, 1);
+ri = extract32(insn, 16, 6);
+si = extract32(insn, 10, 6);
+rn = extract32(insn, 5, 5);
+rd = extract32(insn, 0, 5);
+bitsize = sf ? 64 : 32;
+
+if (sf != n || ri >= bitsize || si >= bitsize || opc > 2) {
+unallocated_encoding(s);
+return;
+}
+
+tcg_rd = cpu_reg(s, rd);
+tcg_tmp = read_cpu_reg(s, rn, sf);
+
+/* OPTME: probably worth recognizing common cases of ext{8,16,32}{u,s} */
+
+if (opc != 1) { /* SBFM or UBFM */
+tcg_gen_movi_i64(tcg_rd, 0);
+}
+
+/* do the bit move operation */
+if (si >= ri) {
+/* Wd = Wn */
+tcg_gen_shri_i64(tcg_tmp, tcg_tmp, ri);
+pos = 0;
+len = (si - ri) + 1;
+} else {
+/* Wd<32+s-r,32-r> = Wn */
+pos = bitsize - ri;
+len = si + 1;
+}
+
+tcg_gen_deposit_i64(tcg_rd, tcg_rd, tcg_tmp, pos, len);
+
+if (opc == 0) { /* SBFM - sign extend the destination field */
+tcg_gen_shli_i64(tcg_rd, tcg_rd, 64 - (pos + len));
+tcg_gen_sari_i64(tcg_rd, tcg_rd, 64 - (pos + len));
+}
+
+if (!sf) { /* zero extend final result */
+tcg_gen_ext32u_i64(tcg_rd, tcg_rd);
+}
 }
 
 /* C3.4.3 Extract
-- 
1.8.5

[Qemu-devel] [PATCH v3 13/19] bsd-user: add support for socket related system calls

[Stacey Son]

This change adds support or stubs for socket related system calls
including accept(2), bind(2), connect(2), getpeername(2),
getsockname(2), getsockopt(2), setsockopt(2), listen(2),
recvfrom(2), recvmsg(2), sendmsg(2), sendto(2), socket(2),
socketpair(2), shutdown(2), setfib(2), sctp_peeloff(2),
sctp_generic_sendmsg(2), sctp_generic_recvmsg(2), sendfile(2), and
freebsd4_sendfile(2).
---
 bsd-user/Makefile.objs   |4 +-
 bsd-user/bsd-socket.c|  108 +
 bsd-user/bsd-socket.h|  266 
 bsd-user/freebsd/os-socket.c |  149 
 bsd-user/freebsd/os-socket.h |  548 ++
 bsd-user/freebsd/qemu-os.h   |6 +
 bsd-user/netbsd/os-socket.c  |1 +
 bsd-user/netbsd/os-socket.h  |   98 
 bsd-user/openbsd/os-socket.c |1 +
 bsd-user/openbsd/os-socket.h |   98 
 bsd-user/qemu-bsd.h  |8 +
 bsd-user/syscall.c   |   93 +++
 12 files changed, 1378 insertions(+), 2 deletions(-)
 create mode 100644 bsd-user/bsd-socket.c
 create mode 100644 bsd-user/bsd-socket.h
 create mode 100644 bsd-user/freebsd/os-socket.c
 create mode 100644 bsd-user/freebsd/os-socket.h
 create mode 100644 bsd-user/netbsd/os-socket.c
 create mode 100644 bsd-user/netbsd/os-socket.h
 create mode 100644 bsd-user/openbsd/os-socket.c
 create mode 100644 bsd-user/openbsd/os-socket.h

diff --git a/bsd-user/Makefile.objs b/bsd-user/Makefile.objs
index 77709cd..635d879 100644
--- a/bsd-user/Makefile.objs
+++ b/bsd-user/Makefile.objs
@@ -1,6 +1,6 @@
 obj-y = main.o bsdload.o elfload.o mmap.o signal.o strace.o syscall.o \
-   uaccess.o bsd-mem.o bsd-proc.o \
+   uaccess.o bsd-mem.o bsd-proc.o bsd-socket.o \
$(HOST_VARIANT_DIR)/os-proc.o \
-   $(HOST_VARIANT_DIR)/os-stat.o \
+   $(HOST_VARIANT_DIR)/os-socket.o 
$(HOST_VARIANT_DIR)/os-stat.o \
$(HOST_VARIANT_DIR)/os-sys.o \
$(HOST_VARIANT_DIR)/os-time.o 
$(TARGET_ABI_DIR)/target_arch_cpu.o
diff --git a/bsd-user/bsd-socket.c b/bsd-user/bsd-socket.c
new file mode 100644
index 000..c1a3b49
--- /dev/null
+++ b/bsd-user/bsd-socket.c
@@ -0,0 +1,108 @@
+/*
+ *  BSD socket system call related helpers
+ *
+ *  Copyright (c) 2013 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include "qemu.h"
+#include "qemu-bsd.h"
+
+/*
+ * socket conversion
+ */
+abi_long target_to_host_sockaddr(struct sockaddr *addr, abi_ulong target_addr,
+socklen_t len)
+{
+const socklen_t unix_maxlen = sizeof(struct sockaddr_un);
+sa_family_t sa_family;
+struct target_sockaddr *target_saddr;
+
+target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
+if (target_saddr == 0) {
+return -TARGET_EFAULT;
+}
+
+sa_family = target_saddr->sa_family;
+
+/*
+ * Oops. The caller might send a incomplete sun_path; sun_path
+ * must be terminated by \0 (see the manual page), but unfortunately
+ * it is quite common to specify sockaddr_un length as
+ * "strlen(x->sun_path)" while it should be "strlen(...) + 1". We will
+ * fix that here if needed.
+ */
+if (target_saddr->sa_family == AF_UNIX) {
+if (len < unix_maxlen && len > 0) {
+char *cp = (char *)target_saddr;
+
+if (cp[len-1] && !cp[len]) {
+len++;
+}
+}
+if (len > unix_maxlen) {
+len = unix_maxlen;
+}
+}
+
+memcpy(addr, target_saddr, len);
+addr->sa_family = sa_family;/* type uint8_t */
+addr->sa_len = target_saddr->sa_len;/* type uint8_t */
+unlock_user(target_saddr, target_addr, 0);
+
+return 0;
+}
+
+abi_long host_to_target_sockaddr(abi_ulong target_addr, struct sockaddr *addr,
+socklen_t len)
+{
+struct target_sockaddr *target_saddr;
+
+target_saddr = lock_user(VERIFY_WRITE, target_addr, len, 0);
+if (target_saddr == 0) {
+return -TARGET_EFAULT;
+}
+memcpy(target_saddr, addr, len);
+target_saddr->sa_family = addr->sa_family;  /* type uint8_t */
+target_saddr->sa_len = addr->sa_len;/* type uint8_t */
+unlock_user(target_saddr, target_addr, len);
+
+return 0;
+}
+
+abi_long target_to_host_ip_m

[Qemu-devel] [PULL 19/62] target-arm/kvm: Split 32 bit only code into its own file

[Peter Maydell]

Split ARM KVM support code which is 32 bit specific out into its
own file, which we only compile on 32 bit hosts. This will give
us a place to add the 64 bit support code without adding lots of
ifdefs to kvm.c.

Signed-off-by: Peter Maydell 
Message-id: 1385645602-18662-2-git-send-email-peter.mayd...@linaro.org
Reviewed-by: Christoffer Dall 
---
 target-arm/Makefile.objs |   1 +
 target-arm/kvm.c | 491 
 target-arm/kvm32.c   | 515 +++
 3 files changed, 516 insertions(+), 491 deletions(-)
 create mode 100644 target-arm/kvm32.c

diff --git a/target-arm/Makefile.objs b/target-arm/Makefile.objs
index f428b5b..869ecd0 100644
--- a/target-arm/Makefile.objs
+++ b/target-arm/Makefile.objs
@@ -1,6 +1,7 @@
 obj-y += arm-semi.o
 obj-$(CONFIG_SOFTMMU) += machine.o
 obj-$(CONFIG_KVM) += kvm.o
+obj-$(call land,$(CONFIG_KVM),$(call lnot,$(TARGET_AARCH64))) += kvm32.o
 obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 obj-y += translate.o op_helper.o helper.o cpu.o
 obj-y += neon_helper.o iwmmxt_helper.o
diff --git a/target-arm/kvm.c b/target-arm/kvm.c
index f865dac..5cdb3b9 100644
--- a/target-arm/kvm.c
+++ b/target-arm/kvm.c
@@ -100,120 +100,6 @@ void kvm_arm_destroy_scratch_host_vcpu(int *fdarray)
 }
 }
 
-static inline void set_feature(uint64_t *features, int feature)
-{
-*features |= 1ULL << feature;
-}
-
-bool kvm_arm_get_host_cpu_features(ARMHostCPUClass *ahcc)
-{
-/* Identify the feature bits corresponding to the host CPU, and
- * fill out the ARMHostCPUClass fields accordingly. To do this
- * we have to create a scratch VM, create a single CPU inside it,
- * and then query that CPU for the relevant ID registers.
- */
-int i, ret, fdarray[3];
-uint32_t midr, id_pfr0, id_isar0, mvfr1;
-uint64_t features = 0;
-/* Old kernels may not know about the PREFERRED_TARGET ioctl: however
- * we know these will only support creating one kind of guest CPU,
- * which is its preferred CPU type.
- */
-static const uint32_t cpus_to_try[] = {
-QEMU_KVM_ARM_TARGET_CORTEX_A15,
-QEMU_KVM_ARM_TARGET_NONE
-};
-struct kvm_vcpu_init init;
-struct kvm_one_reg idregs[] = {
-{
-.id = KVM_REG_ARM | KVM_REG_SIZE_U32
-| ENCODE_CP_REG(15, 0, 0, 0, 0, 0),
-.addr = (uintptr_t)&midr,
-},
-{
-.id = KVM_REG_ARM | KVM_REG_SIZE_U32
-| ENCODE_CP_REG(15, 0, 0, 1, 0, 0),
-.addr = (uintptr_t)&id_pfr0,
-},
-{
-.id = KVM_REG_ARM | KVM_REG_SIZE_U32
-| ENCODE_CP_REG(15, 0, 0, 2, 0, 0),
-.addr = (uintptr_t)&id_isar0,
-},
-{
-.id = KVM_REG_ARM | KVM_REG_SIZE_U32
-| KVM_REG_ARM_VFP | KVM_REG_ARM_VFP_MVFR1,
-.addr = (uintptr_t)&mvfr1,
-},
-};
-
-if (!kvm_arm_create_scratch_host_vcpu(cpus_to_try, fdarray, &init)) {
-return false;
-}
-
-ahcc->target = init.target;
-
-/* This is not strictly blessed by the device tree binding docs yet,
- * but in practice the kernel does not care about this string so
- * there is no point maintaining an KVM_ARM_TARGET_* -> string table.
- */
-ahcc->dtb_compatible = "arm,arm-v7";
-
-for (i = 0; i < ARRAY_SIZE(idregs); i++) {
-ret = ioctl(fdarray[2], KVM_GET_ONE_REG, &idregs[i]);
-if (ret) {
-break;
-}
-}
-
-kvm_arm_destroy_scratch_host_vcpu(fdarray);
-
-if (ret) {
-return false;
-}
-
-/* Now we've retrieved all the register information we can
- * set the feature bits based on the ID register fields.
- * We can assume any KVM supporting CPU is at least a v7
- * with VFPv3, LPAE and the generic timers; this in turn implies
- * most of the other feature bits, but a few must be tested.
- */
-set_feature(&features, ARM_FEATURE_V7);
-set_feature(&features, ARM_FEATURE_VFP3);
-set_feature(&features, ARM_FEATURE_LPAE);
-set_feature(&features, ARM_FEATURE_GENERIC_TIMER);
-
-switch (extract32(id_isar0, 24, 4)) {
-case 1:
-set_feature(&features, ARM_FEATURE_THUMB_DIV);
-break;
-case 2:
-set_feature(&features, ARM_FEATURE_ARM_DIV);
-set_feature(&features, ARM_FEATURE_THUMB_DIV);
-break;
-default:
-break;
-}
-
-if (extract32(id_pfr0, 12, 4) == 1) {
-set_feature(&features, ARM_FEATURE_THUMB2EE);
-}
-if (extract32(mvfr1, 20, 4) == 1) {
-set_feature(&features, ARM_FEATURE_VFP_FP16);
-}
-if (extract32(mvfr1, 12, 4) == 1) {
-set_feature(&features, ARM_FEATURE_NEON);
-}
-if (extract32(mvfr1, 28, 4) == 1) {
-/* FMAC support implies VFPv4 */
-set_feature(&features, ARM_FEATURE_VFP4);
-}
-
-ahcc->features = features;
-
-return true;
-}
-
 static void kvm_arm_host_cpu_class_init(Obj

[Qemu-devel] [PULL 22/62] configure: Enable KVM for aarch64 host/target combination

[Peter Maydell]

Enable KVM if the host and target CPU are both aarch64. Note
that host aarch64 + target arm is not valid for KVM acceleration:
the 64 bit kernel does not support the ioctl interface for
32 bit CPUs. 32 bit VMs on 64 bit hosts need to be created
using the 64 bit ioctl interface; when QEMU supports this it
will be on the arch64-softmmu target with a -cpu parameter for
a 32 bit CPU, which is still an aarch64/aarch64 combination
as far as configure is concerned.

Signed-off-by: Peter Maydell 
Message-id: 1385645602-18662-5-git-send-email-peter.mayd...@linaro.org
Reviewed-by: Christoffer Dall 
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index edfea95..02c94e2 100755
--- a/configure
+++ b/configure
@@ -4550,7 +4550,7 @@ case "$target_name" in
   *)
 esac
 case "$target_name" in
-  arm|i386|x86_64|ppcemb|ppc|ppc64|s390x)
+  aarch64|arm|i386|x86_64|ppcemb|ppc|ppc64|s390x)
 # Make sure the target and host cpus are compatible
 if test "$kvm" = "yes" -a "$target_softmmu" = "yes" -a \
   \( "$target_name" = "$cpu" -o \
-- 
1.8.5

[Qemu-devel] [PULL 45/62] target-arm: A64: add support for 1-src RBIT insn

[Peter Maydell]

From: Alexander Graf 

This adds support for the C5.6.147 RBIT instruction.

Signed-off-by: Alexander Graf 
[claudio: adapted to new decoder, use bswap64,
  make RBIT part standalone from the rest of the patch,
  splitting REV into a separate patch]
Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/helper-a64.c| 18 ++
 target-arm/helper-a64.h|  1 +
 target-arm/translate-a64.c | 20 
 3 files changed, 39 insertions(+)

diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c
index e4c5346..cccaac6 100644
--- a/target-arm/helper-a64.c
+++ b/target-arm/helper-a64.c
@@ -49,3 +49,21 @@ uint64_t HELPER(clz64)(uint64_t x)
 {
 return clz64(x);
 }
+
+uint64_t HELPER(rbit64)(uint64_t x)
+{
+/* assign the correct byte position */
+x = bswap64(x);
+
+/* assign the correct nibble position */
+x = ((x & 0xf0f0f0f0f0f0f0f0ULL) >> 4)
+| ((x & 0x0f0f0f0f0f0f0f0fULL) << 4);
+
+/* assign the correct bit position */
+x = ((x & 0xULL) >> 3)
+| ((x & 0xULL) >> 1)
+| ((x & 0xULL) << 1)
+| ((x & 0xULL) << 3);
+
+return x;
+}
diff --git a/target-arm/helper-a64.h b/target-arm/helper-a64.h
index b10b6c3..9959139 100644
--- a/target-arm/helper-a64.h
+++ b/target-arm/helper-a64.h
@@ -19,3 +19,4 @@
 DEF_HELPER_FLAGS_2(udiv64, TCG_CALL_NO_RWG_SE, i64, i64, i64)
 DEF_HELPER_FLAGS_2(sdiv64, TCG_CALL_NO_RWG_SE, s64, s64, s64)
 DEF_HELPER_FLAGS_1(clz64, TCG_CALL_NO_RWG_SE, i64, i64)
+DEF_HELPER_FLAGS_1(rbit64, TCG_CALL_NO_RWG_SE, i64, i64)
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index e5481da..0ed21fc 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1062,6 +1062,24 @@ static void handle_clz(DisasContext *s, unsigned int sf,
 }
 }
 
+static void handle_rbit(DisasContext *s, unsigned int sf,
+unsigned int rn, unsigned int rd)
+{
+TCGv_i64 tcg_rd, tcg_rn;
+tcg_rd = cpu_reg(s, rd);
+tcg_rn = cpu_reg(s, rn);
+
+if (sf) {
+gen_helper_rbit64(tcg_rd, tcg_rn);
+} else {
+TCGv_i32 tcg_tmp32 = tcg_temp_new_i32();
+tcg_gen_trunc_i64_i32(tcg_tmp32, tcg_rn);
+gen_helper_rbit(tcg_tmp32, tcg_tmp32);
+tcg_gen_extu_i32_i64(tcg_rd, tcg_tmp32);
+tcg_temp_free_i32(tcg_tmp32);
+}
+}
+
 /* C3.5.7 Data-processing (1 source)
  *   31  30  29  28 21 20 16 1510 95 40
  * ++---+---+-+-++--+--+
@@ -1084,6 +1102,8 @@ static void disas_data_proc_1src(DisasContext *s, 
uint32_t insn)
 
 switch (opcode) {
 case 0: /* RBIT */
+handle_rbit(s, sf, rn, rd);
+break;
 case 1: /* REV16 */
 case 2: /* REV32 */
 case 3: /* REV64 */
-- 
1.8.5

[Qemu-devel] [PULL 53/62] hw/arm/digic: add timer support

[Peter Maydell]

From: Antony Pavlov 

Signed-off-by: Antony Pavlov 
Reviewed-by: Peter Crosthwaite 
Message-id: 1387188908-754-4-git-send-email-antonynpav...@gmail.com
Signed-off-by: Peter Maydell 
---
 hw/arm/digic.c |  28 +++
 hw/timer/Makefile.objs |   1 +
 hw/timer/digic-timer.c | 163 +
 include/hw/arm/digic.h |   6 ++
 include/hw/timer/digic-timer.h |  46 
 5 files changed, 244 insertions(+)
 create mode 100644 hw/timer/digic-timer.c
 create mode 100644 include/hw/timer/digic-timer.h

diff --git a/hw/arm/digic.c b/hw/arm/digic.c
index 2620262..e8eb0de 100644
--- a/hw/arm/digic.c
+++ b/hw/arm/digic.c
@@ -22,18 +22,35 @@
 
 #include "hw/arm/digic.h"
 
+#define DIGIC4_TIMER_BASE(n)(0xc021 + (n) * 0x100)
+
 static void digic_init(Object *obj)
 {
 DigicState *s = DIGIC(obj);
+DeviceState *dev;
+int i;
 
 object_initialize(&s->cpu, sizeof(s->cpu), "arm946-" TYPE_ARM_CPU);
 object_property_add_child(obj, "cpu", OBJECT(&s->cpu), NULL);
+
+for (i = 0; i < DIGIC4_NB_TIMERS; i++) {
+#define DIGIC_TIMER_NAME_MLEN11
+char name[DIGIC_TIMER_NAME_MLEN];
+
+object_initialize(&s->timer[i], sizeof(s->timer[i]), TYPE_DIGIC_TIMER);
+dev = DEVICE(&s->timer[i]);
+qdev_set_parent_bus(dev, sysbus_get_default());
+snprintf(name, DIGIC_TIMER_NAME_MLEN, "timer[%d]", i);
+object_property_add_child(obj, name, OBJECT(&s->timer[i]), NULL);
+}
 }
 
 static void digic_realize(DeviceState *dev, Error **errp)
 {
 DigicState *s = DIGIC(dev);
 Error *err = NULL;
+SysBusDevice *sbd;
+int i;
 
 object_property_set_bool(OBJECT(&s->cpu), true, "reset-hivecs", &err);
 if (err != NULL) {
@@ -46,6 +63,17 @@ static void digic_realize(DeviceState *dev, Error **errp)
 error_propagate(errp, err);
 return;
 }
+
+for (i = 0; i < DIGIC4_NB_TIMERS; i++) {
+object_property_set_bool(OBJECT(&s->timer[i]), true, "realized", &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
+}
+
+sbd = SYS_BUS_DEVICE(&s->timer[i]);
+sysbus_mmio_map(sbd, 0, DIGIC4_TIMER_BASE(i));
+}
 }
 
 static void digic_class_init(ObjectClass *oc, void *data)
diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
index 3ae091c..ea9f11f 100644
--- a/hw/timer/Makefile.objs
+++ b/hw/timer/Makefile.objs
@@ -26,5 +26,6 @@ obj-$(CONFIG_OMAP) += omap_synctimer.o
 obj-$(CONFIG_PXA2XX) += pxa2xx_timer.o
 obj-$(CONFIG_SH4) += sh_timer.o
 obj-$(CONFIG_TUSB6010) += tusb6010.o
+obj-$(CONFIG_DIGIC) += digic-timer.o
 
 obj-$(CONFIG_MC146818RTC) += mc146818rtc.o
diff --git a/hw/timer/digic-timer.c b/hw/timer/digic-timer.c
new file mode 100644
index 000..1fde22c
--- /dev/null
+++ b/hw/timer/digic-timer.c
@@ -0,0 +1,163 @@
+/*
+ * QEMU model of the Canon DIGIC timer block.
+ *
+ * Copyright (C) 2013 Antony Pavlov 
+ *
+ * This model is based on reverse engineering efforts
+ * made by CHDK (http://chdk.wikia.com) and
+ * Magic Lantern (http://www.magiclantern.fm) projects
+ * contributors.
+ *
+ * See "Timer/Clock Module" docs here:
+ *   http://magiclantern.wikia.com/wiki/Register_Map
+ *
+ * The QEMU model of the OSTimer in PKUnity SoC by Guan Xuetao
+ * is used as a template.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ */
+
+#include "hw/sysbus.h"
+#include "hw/ptimer.h"
+#include "qemu/main-loop.h"
+
+#include "hw/timer/digic-timer.h"
+
+static const VMStateDescription vmstate_digic_timer = {
+.name = "digic.timer",
+.version_id = 1,
+.minimum_version_id = 1,
+.minimum_version_id_old = 1,
+.fields = (VMStateField[]) {
+VMSTATE_PTIMER(ptimer, DigicTimerState),
+VMSTATE_UINT32(control, DigicTimerState),
+VMSTATE_UINT32(relvalue, DigicTimerState),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static void digic_timer_reset(DeviceState *dev)
+{
+DigicTimerState *s = DIGIC_TIMER(dev);
+
+ptimer_stop(s->ptimer);
+s->control = 0;
+s->relvalue = 0;
+}
+
+static uint64_t digic_timer_read(void *opaque, hwaddr offset, unsigned size)
+{
+DigicTimerState *s = opaque;
+uint64_t ret = 0;
+
+switch (offset) {
+case DIGIC_TIMER_CONTROL:
+ret = s->control;
+break;
+case DIGIC_TIMER_RELVALUE:
+ret = s->relvalue;
+break;
+case DIGIC_TIMER_VALUE:
+ret = ptimer_get_count(s->ptimer) & 0x;
+break;
+default:
+qemu_lo

Re: [Qemu-devel] [PATCH 01/38] bitmap: use long as index

[Juan Quintela]

Eric Blake  wrote:
> On 12/17/2013 08:25 AM, Juan Quintela wrote:
>> Move index and size fields from int to long.  We need that for
>> migration.  long is 64 bits on sane architectures, and 32bits should
>> be enough on all the 32bits architectures.
>> 
>> Signed-off-by: Juan Quintela 
>> ---
>>  include/qemu/bitmap.h | 77 
>> ++-
>>  include/qemu/bitops.h | 14 +-
>>  util/bitmap.c | 60 +++
>>  3 files changed, 76 insertions(+), 75 deletions(-)
>> 
>> diff --git a/include/qemu/bitmap.h b/include/qemu/bitmap.h
>> index 308bbb7..afdd257 100644
>> --- a/include/qemu/bitmap.h
>> +++ b/include/qemu/bitmap.h
>> @@ -31,7 +31,7 @@
>>   * bitmap_andnot(dst, src1, src2, nbits)*dst = *src1 & ~(*src2)
>>   * bitmap_complement(dst, src, nbits)   *dst = ~(*src)
>>   * bitmap_equal(src1, src2, nbits)  Are *src1 and *src2 equal?
>> - * bitmap_intersects(src1, src2, nbits) Do *src1 and *src2 overlap?
>> + * bitmap_intersects(src1, src2, nbits) Do *src1 and *src2 overlap?
>
> Spurious whitespace change?
>
> Worth cleaning up this whitespace while in the area?

Yeap.  After passing checkpatch, it complained about lots of lines.  And
after that only three tabs or so were left, so I fixed them.

And forget to fix the comment.

>
> Content changes seem sane to me:
> Reviewed-by: Eric Blake 

Thanks, Juan.

[Qemu-devel] [PULL 10/62] target-arm: Define and use ARM_FEATURE_CBAR

[Peter Maydell]

From: Peter Crosthwaite 

Some processors (notably A9 within Highbank) define and use the
CP15 configuration base address (CBAR). This is vendor specific
so its best implemented as a CPU property (otherwise we would need
vendor specific child classes for every ARM implementation).

This patch prepares support for converting CBAR reset value to
a CPU property by moving the CP registration out of the CPU
init fn, as registration will need to happen at realize time
to pick up any property updates. The easiest way to do this
is via definition of a new ARM_FEATURE to flag the existence
of the register.

Signed-off-by: Peter Crosthwaite 
Reviewed-by: Peter Maydell 
Message-id: 
9f697ef1e2ee60a3b9ef971a7f3bc3fa6752a9b7.1387160489.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.c| 12 +++-
 target-arm/cpu.h|  1 +
 target-arm/helper.c |  9 +
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index a03743f..f21e995 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -617,6 +617,7 @@ static void cortex_a9_initfn(Object *obj)
  * and valid configurations; we don't model A9UP).
  */
 set_feature(&cpu->env, ARM_FEATURE_V7MP);
+set_feature(&cpu->env, ARM_FEATURE_CBAR);
 cpu->midr = 0x410fc090;
 cpu->reset_fpsid = 0x41033090;
 cpu->mvfr0 = 0x0222;
@@ -639,15 +640,7 @@ static void cortex_a9_initfn(Object *obj)
 cpu->clidr = (1 << 27) | (1 << 24) | 3;
 cpu->ccsidr[0] = 0xe00fe015; /* 16k L1 dcache. */
 cpu->ccsidr[1] = 0x200fe015; /* 16k L1 icache. */
-{
-ARMCPRegInfo cbar = {
-.name = "CBAR", .cp = 15, .crn = 15,  .crm = 0, .opc1 = 4,
-.opc2 = 0, .access = PL1_R|PL3_W, .resetvalue = cpu->reset_cbar,
-.fieldoffset = offsetof(CPUARMState, cp15.c15_config_base_address)
-};
-define_one_arm_cp_reg(cpu, &cbar);
-define_arm_cp_regs(cpu, cortexa9_cp_reginfo);
-}
+define_arm_cp_regs(cpu, cortexa9_cp_reginfo);
 }
 
 #ifndef CONFIG_USER_ONLY
@@ -686,6 +679,7 @@ static void cortex_a15_initfn(Object *obj)
 set_feature(&cpu->env, ARM_FEATURE_ARM_DIV);
 set_feature(&cpu->env, ARM_FEATURE_GENERIC_TIMER);
 set_feature(&cpu->env, ARM_FEATURE_DUMMY_C15_REGS);
+set_feature(&cpu->env, ARM_FEATURE_CBAR);
 set_feature(&cpu->env, ARM_FEATURE_LPAE);
 cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A15;
 cpu->midr = 0x412fc0f1;
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 00fd80d..c6c19e9 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -468,6 +468,7 @@ enum arm_features {
 ARM_FEATURE_V8,
 ARM_FEATURE_AARCH64, /* supports 64 bit mode */
 ARM_FEATURE_V8_AES, /* implements AES part of v8 Crypto Extensions */
+ARM_FEATURE_CBAR, /* has cp15 CBAR */
 };
 
 static inline int arm_feature(CPUARMState *env, int feature)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 71d6be3..cfbb14c 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1745,6 +1745,15 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 define_one_arm_cp_reg(cpu, &auxcr);
 }
 
+if (arm_feature(env, ARM_FEATURE_CBAR)) {
+ARMCPRegInfo cbar = {
+.name = "CBAR", .cp = 15, .crn = 15, .crm = 0, .opc1 = 4, .opc2 = 
0,
+.access = PL1_R|PL3_W, .resetvalue = cpu->reset_cbar,
+.fieldoffset = offsetof(CPUARMState, cp15.c15_config_base_address)
+};
+define_one_arm_cp_reg(cpu, &cbar);
+}
+
 /* Generic registers whose values depend on the implementation */
 {
 ARMCPRegInfo sctlr = {
-- 
1.8.5

[Qemu-devel] [PATCH v3 11/19] bsd-user: add support for stat, dir, and fcntl related syscalls

[Stacey Son]

This change adds support or stubs for stat, directory, and file
control related system calls including stat(2), lstat(2),
fstat(2), fstatat(2), nstat(), nfstat(), nlstat(), getfh(2),
lgetfh(2), fhopen(2), fhstat(2), fhstatfs(2), statfs(2),
fstatfs(2), getfsstat(2), getdents(2), getdirentries(2), and
fcntl(2).
---
 bsd-user/Makefile.objs |1 +
 bsd-user/freebsd/os-stat.c |  234 +++
 bsd-user/freebsd/os-stat.h |  437 
 bsd-user/freebsd/qemu-os.h |8 +
 bsd-user/netbsd/os-stat.c  |1 +
 bsd-user/netbsd/os-stat.h  |1 +
 bsd-user/openbsd/os-stat.c |1 +
 bsd-user/openbsd/os-stat.h |  176 ++
 bsd-user/syscall.c |   76 
 9 files changed, 935 insertions(+), 0 deletions(-)
 create mode 100644 bsd-user/freebsd/os-stat.c
 create mode 100644 bsd-user/freebsd/os-stat.h
 create mode 100644 bsd-user/netbsd/os-stat.c
 create mode 100644 bsd-user/netbsd/os-stat.h
 create mode 100644 bsd-user/openbsd/os-stat.c
 create mode 100644 bsd-user/openbsd/os-stat.h

diff --git a/bsd-user/Makefile.objs b/bsd-user/Makefile.objs
index fac11bb..caf95ed 100644
--- a/bsd-user/Makefile.objs
+++ b/bsd-user/Makefile.objs
@@ -1,5 +1,6 @@
 obj-y = main.o bsdload.o elfload.o mmap.o signal.o strace.o syscall.o \
uaccess.o bsd-proc.o \
$(HOST_VARIANT_DIR)/os-proc.o \
+   $(HOST_VARIANT_DIR)/os-stat.o \
$(HOST_VARIANT_DIR)/os-sys.o \
$(HOST_VARIANT_DIR)/os-time.o 
$(TARGET_ABI_DIR)/target_arch_cpu.o
diff --git a/bsd-user/freebsd/os-stat.c b/bsd-user/freebsd/os-stat.c
new file mode 100644
index 000..50885d1
--- /dev/null
+++ b/bsd-user/freebsd/os-stat.c
@@ -0,0 +1,234 @@
+/*
+ *  FreeBSD stat related conversion routines
+ *
+ *  Copyright (c) 2013 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include 
+#include 
+#include 
+
+#include "qemu.h"
+#include "qemu-os.h"
+
+/*
+ * stat conversion
+ */
+abi_long h2t_freebsd_stat(abi_ulong target_addr, struct stat *host_st)
+{
+struct target_freebsd_stat *target_st;
+
+if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+memset(target_st, 0, sizeof(*target_st));
+__put_user(host_st->st_dev, &target_st->st_dev);
+__put_user(host_st->st_ino, &target_st->st_ino);
+__put_user(host_st->st_mode, &target_st->st_mode);
+__put_user(host_st->st_nlink, &target_st->st_nlink);
+__put_user(host_st->st_uid, &target_st->st_uid);
+__put_user(host_st->st_gid, &target_st->st_gid);
+__put_user(host_st->st_rdev, &target_st->st_rdev);
+__put_user(host_st->st_atim.tv_sec, &target_st->st_atim.tv_sec);
+__put_user(host_st->st_atim.tv_nsec, &target_st->st_atim.tv_nsec);
+__put_user(host_st->st_mtim.tv_sec, &target_st->st_mtim.tv_sec);
+__put_user(host_st->st_mtim.tv_nsec, &target_st->st_mtim.tv_nsec);
+__put_user(host_st->st_ctim.tv_sec, &target_st->st_ctim.tv_sec);
+__put_user(host_st->st_ctim.tv_nsec, &target_st->st_ctim.tv_nsec);
+__put_user(host_st->st_size, &target_st->st_size);
+__put_user(host_st->st_blocks, &target_st->st_blocks);
+__put_user(host_st->st_blksize, &target_st->st_blksize);
+__put_user(host_st->st_flags, &target_st->st_flags);
+__put_user(host_st->st_gen, &target_st->st_gen);
+/* st_lspare not used */
+__put_user(host_st->st_birthtim.tv_sec, &target_st->st_birthtim.tv_sec);
+__put_user(host_st->st_birthtim.tv_nsec, &target_st->st_birthtim.tv_nsec);
+unlock_user_struct(target_st, target_addr, 1);
+
+return 0;
+}
+
+abi_long h2t_freebsd_nstat(abi_ulong target_addr, struct stat *host_st)
+{
+struct target_freebsd_nstat *target_st;
+
+if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+memset(target_st, 0, sizeof(*target_st));
+__put_user(host_st->st_dev, &target_st->st_dev);
+__put_user(host_st->st_ino, &target_st->st_ino);
+__put_user(host_st->st_mode, &target_st->st_mode);
+__put_user(host_st->st_nlink, &target_st->st_nlink);
+__put_user(host_st->st_uid, &target_st->st_uid);
+__put_user(host_st->st_gid, &target_st->st_gid);
+__put_user(host_st->st_rdev, &target_st->st_rdev);
+__put_user(host_st->st_ati

[Qemu-devel] [qemu-kvm PATCH v2] docs: updated qemu-img man page and qemu-doc to reflect VHDX support.

[Jeff Cody]

The man page for qemu-img, and the qemu-doc, did not mention VHDX
as a supported format.  This adds in reference to VHDX in those
documents.

Signed-off-by: Jeff Cody 
---
 qemu-doc.texi | 15 +++
 qemu-img.texi |  4 ++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/qemu-doc.texi b/qemu-doc.texi
index 185dd47..f9f11ae 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -654,6 +654,21 @@ Supported options:
 Specifies which VHD subformat to use. Valid options are
 @code{dynamic} (default) and @code{fixed}.
 @end table
+
+@item VHDX
+Hyper-V compatible image format (VHDX).
+Supported options:
+@table @code
+@item subformat
+Specifies which VHDX subformat to use. Valid options are
+@code{dynamic} (default) and @code{fixed}.
+@item block_state_zero
+Force use of payload blocks of type 'ZERO'.
+@item block_size
+Block Size; min 1 MB, max 256 MB.  0 means auto-calculate based on image size.
+@item log_size
+Log size; min 1 MB.
+@end table
 @end table
 
 @subsubsection Read-only formats
diff --git a/qemu-img.texi b/qemu-img.texi
index be31191..1bba91e 100644
--- a/qemu-img.texi
+++ b/qemu-img.texi
@@ -431,8 +431,8 @@ This option can only be enabled if @code{compat=1.1} is 
specified.
 
 @item Other
 QEMU also supports various other image file formats for compatibility with
-older QEMU versions or other hypervisors, including VMDK, VDI, VHD (vpc), qcow1
-and QED. For a full list of supported formats see @code{qemu-img --help}.
+older QEMU versions or other hypervisors, including VMDK, VDI, VHD (vpc), VHDX,
+qcow1 and QED. For a full list of supported formats see @code{qemu-img --help}.
 For a more detailed description of these formats, see the QEMU Emulation User
 Documentation.
 
-- 
1.8.3.1

[Qemu-devel] [PATCH uq/master] kvm: x86: Separately write feature control MSR on reset

[Jan Kiszka]

If the guest is running in nested mode on system reset, clearing the
feature MSR signals the kernel to leave this mode. Recent kernels
processes this properly, but leave the VCPU state undefined behind. It
is the job of userspace to bring it to a proper shape. Therefore, write
this specific MSR first so that no state transfer gets lost.

This allows to cleanly reset a guest with VMX in use.

Signed-off-by: Jan Kiszka 
---
 target-i386/kvm.c | 32 
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 1188482..ec51447 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -1104,6 +1104,25 @@ static int kvm_put_tscdeadline_msr(X86CPU *cpu)
 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, &msr_data);
 }
 
+/*
+ * Provide a separate write service for the feature control MSR in order to
+ * kick the VCPU out of VMXON or even guest mode on reset. This has to be done
+ * before writing any other state because forcibly leaving nested mode
+ * invalidates the VCPU state.
+ */
+static int kvm_put_msr_feature_control(X86CPU *cpu)
+{
+struct {
+struct kvm_msrs info;
+struct kvm_msr_entry entry;
+} msr_data;
+
+kvm_msr_entry_set(&msr_data.entry, MSR_IA32_FEATURE_CONTROL,
+  cpu->env.msr_ia32_feature_control);
+msr_data.info.nmsrs = 1;
+return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, &msr_data);
+}
+
 static int kvm_put_msrs(X86CPU *cpu, int level)
 {
 CPUX86State *env = &cpu->env;
@@ -1204,10 +1223,8 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
 if (cpu->hyperv_vapic) {
 kvm_msr_entry_set(&msrs[n++], HV_X64_MSR_APIC_ASSIST_PAGE, 0);
 }
-if (has_msr_feature_control) {
-kvm_msr_entry_set(&msrs[n++], MSR_IA32_FEATURE_CONTROL,
-  env->msr_ia32_feature_control);
-}
+/* Note: MSR_IA32_FEATURE_CONTROL is written separately, see
+ *   kvm_put_msr_feature_control. */
 }
 if (env->mcg_cap) {
 int i;
@@ -1801,6 +1818,13 @@ int kvm_arch_put_registers(CPUState *cpu, int level)
 
 assert(cpu_is_stopped(cpu) || qemu_cpu_is_self(cpu));
 
+if (level >= KVM_PUT_RESET_STATE && has_msr_feature_control) {
+ret = kvm_put_msr_feature_control(x86_cpu);
+if (ret < 0) {
+return ret;
+}
+}
+
 ret = kvm_getput_regs(x86_cpu, 1);
 if (ret < 0) {
 return ret;
-- 
1.8.1.1.298.ge7eed54

[Qemu-devel] [PULL 13/62] arm/highbank: Fix CBAR initialisation

[Peter Maydell]

From: Peter Crosthwaite 

Fix the CBAR initialisation by using the newly defined static property.
CBAR is now set before realization, so the intended value is now
actually used.

So I have kind of tested this. I booted an ARM kernel on Highbank with
the stock Highbank DTB. It doesn't boot (and I will be doing something
wrong), but before this patch I got this:

[ cut here ]
WARNING: CPU: 0 PID: 0 at 
/workspaces/pcrost/public/linux2.git/arch/arm/mm/ioremap.c:301 
__arm_ioremap_pfn_caller+0x180/0x198()
CPU: 0 PID: 0 Comm: swapper/0 Tainted: GW 
3.13.0-rc1-next-20131126-dirty #2
[] (unwind_backtrace) from [] (show_stack+0x10/0x14)
[] (show_stack) from [] (dump_stack+0x78/0x90)
[] (dump_stack) from [] (warn_slowpath_common+0x68/0x84)
[] (warn_slowpath_common) from [] 
(warn_slowpath_null+0x1c/0x24)
[] (warn_slowpath_null) from [] 
(__arm_ioremap_pfn_caller+0x180/0x198)
[] (__arm_ioremap_pfn_caller) from [] 
(__arm_ioremap_caller+0x54/0x5c)
[] (__arm_ioremap_caller) from [] (__arm_ioremap+0x18/0x1c)
[] (__arm_ioremap) from [] (highbank_init_irq+0x34/0x8c)
[] (highbank_init_irq) from [] (init_IRQ+0x28/0x2c)
[] (init_IRQ) from [] (start_kernel+0x234/0x398)
[] (start_kernel) from [<8074>] (0x8074)
---[ end trace 3406ff24bd97382f ]---

Which disappears with this patch.

Signed-off-by: Peter Crosthwaite 
Reviewed-by: Peter Maydell 
Message-id: 
fedec366aaa512d75093635f523d1dbcb3358361.1387160489.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 hw/arm/highbank.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
index 1d19d8f..cb32325 100644
--- a/hw/arm/highbank.c
+++ b/hw/arm/highbank.c
@@ -236,14 +236,16 @@ static void calxeda_init(QEMUMachineInitArgs *args, enum 
cxmachines machine)
 
 cpu = ARM_CPU(object_new(object_class_get_name(oc)));
 
+object_property_set_int(OBJECT(cpu), GIC_BASE_ADDR, "reset-cbar", 
&err);
+if (err) {
+error_report("%s", error_get_pretty(err));
+exit(1);
+}
 object_property_set_bool(OBJECT(cpu), true, "realized", &err);
 if (err) {
 error_report("%s", error_get_pretty(err));
 exit(1);
 }
-
-/* This will become a QOM property eventually */
-cpu->reset_cbar = GIC_BASE_ADDR;
 cpu_irq[n] = qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ);
 }
 
-- 
1.8.5

Re: [Qemu-devel] [PATCH v2 4/5] monitor: add object-add (QMP) and object_add (HMP) command

[Peter Crosthwaite]

On Tue, Dec 17, 2013 at 11:07 PM, Markus Armbruster  wrote:
> Peter Crosthwaite  writes:
>
>> On Tue, Dec 17, 2013 at 10:24 PM, Paolo Bonzini  wrote:
>>> Il 17/12/2013 12:54, Peter Crosthwaite ha scritto:
> +visit_start_struct(opts_get_visitor(ov), &dummy, NULL, NULL, 0, 
> &err);
> +if (error_is_set(&err)) {
> +goto out_clean;
> +}

 So I have been thinking about repeated if(error_is_set(&err)) { goto
 foo; } and how to reduce its verbosity in situations like this. Can it
 be solved with a simple semantic:

 "Error ** accepting APIs will perform no action if the Error **
 argument is already set."
>>>
>>> I think this is a case where verbosity <<< ease of use.
>>>
>>> In this case, the caller code is particularly simple, but what if I
>>> needed to dereference the return value of the first called function, to
>>> get the argument to the second?  You would still need an "if".
>>>
>>
>> Yes thats right. This isn't going to work universally and callers will
>> always have the responsibility of knowing whether they can continue or
>> not. But it will help a lot for repetitive collections of similar
>> independent functions calls. The ultimate example is probably the
>> device tree API calls in hw/ppc/e500.c.
>>
>> I want to patch the device tree API to be nice and Error**ified (for
>> my own future reasons) but I sure don't want to have to patch e500 to
>> check every qemu_devtree_foo API call with these 3 LOC. TBH i'll
>> probably just preserve current behavior using &error_abort in next rev
>> of that series, but it should be possible to do less verbose
>> caller-customized collective error handling in some way.
>
> error_set() & friends currently have a "errp doesn't contain an error
> already" precondition:
>
> if (errp == NULL) {
> return;
> }
> assert(*errp == NULL);
>
> You could change the function contracts to ignore additional errors.
> Theoretical drawback: in situations where that isn't intended,
> programming errors no longer get caught.  If people actually care for
> that enough to veto your change, you can try adding new functions for
> use when it is intended.
>

That will work for some cases. But pre-checking in the API call ASAP
guards you against the case where subsequent API calls depends upon
the first. This is similar to the problem Paolo flagged. What happens
if an API returns a ptr but fails, then that ptr is passes to the
second API which derefs it? (before any error checks).

Regards,
Peter

[Qemu-devel] [PULL 41/62] target-arm: A64: add support for EXTR

[Peter Maydell]

From: Alexander Graf 

This patch adds emulation support for the EXTR instruction.

Signed-off-by: Alexander Graf 

[claudio: adapted for new decoder, removed a few temporaries,
  fixed the 32bit bug, added checks for more
  unallocated cases]

Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 49 --
 1 file changed, 47 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 9677d01..f9336de 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -704,10 +704,55 @@ static void disas_bitfield(DisasContext *s, uint32_t insn)
 unsupported_encoding(s, insn);
 }
 
-/* Extract */
+/* C3.4.3 Extract
+ *   31  30  29 28 23 22   21  20  16 1510 95 40
+ * ++--+-+---++--++--+--+
+ * | sf | op21 | 1 0 0 1 1 1 | N | o0 |  Rm  |  imms  |  Rn  |  Rd  |
+ * ++--+-+---++--++--+--+
+ */
 static void disas_extract(DisasContext *s, uint32_t insn)
 {
-unsupported_encoding(s, insn);
+unsigned int sf, n, rm, imm, rn, rd, bitsize, op21, op0;
+
+sf = extract32(insn, 31, 1);
+n = extract32(insn, 22, 1);
+rm = extract32(insn, 16, 5);
+imm = extract32(insn, 10, 6);
+rn = extract32(insn, 5, 5);
+rd = extract32(insn, 0, 5);
+op21 = extract32(insn, 29, 2);
+op0 = extract32(insn, 21, 1);
+bitsize = sf ? 64 : 32;
+
+if (sf != n || op21 || op0 || imm >= bitsize) {
+unallocated_encoding(s);
+} else {
+TCGv_i64 tcg_rd, tcg_rm, tcg_rn;
+
+tcg_rd = cpu_reg(s, rd);
+
+if (imm) {
+/* OPTME: we can special case rm==rn as a rotate */
+tcg_rm = read_cpu_reg(s, rm, sf);
+tcg_rn = read_cpu_reg(s, rn, sf);
+tcg_gen_shri_i64(tcg_rm, tcg_rm, imm);
+tcg_gen_shli_i64(tcg_rn, tcg_rn, bitsize - imm);
+tcg_gen_or_i64(tcg_rd, tcg_rm, tcg_rn);
+if (!sf) {
+tcg_gen_ext32u_i64(tcg_rd, tcg_rd);
+}
+} else {
+/* tcg shl_i32/shl_i64 is undefined for 32/64 bit shifts,
+ * so an extract from bit 0 is a special case.
+ */
+if (sf) {
+tcg_gen_mov_i64(tcg_rd, cpu_reg(s, rm));
+} else {
+tcg_gen_ext32u_i64(tcg_rd, cpu_reg(s, rm));
+}
+}
+
+}
 }
 
 /* C3.4 Data processing - immediate */
-- 
1.8.5

[Qemu-devel] [PULL 23/62] hw/arm/boot: Allow easier swapping in of different loader code

[Peter Maydell]

For AArch64 we will obviously require a different set of
primary and secondary boot loader code fragments. However currently
we hardcode the offsets into the loader code where we must write
the entrypoint and other data into arm_load_kernel(). This makes it
hard to substitute a different loader fragment, so switch to a more
flexible scheme where instead of a raw array of instructions we use
an array of (instruction, fixup-type) pairs that indicate which
words need special action or data written into them.

Signed-off-by: Peter Maydell 
Message-id: 1385645602-18662-6-git-send-email-peter.mayd...@linaro.org
Reviewed-by: Christoffer Dall 
Reviewed-by: Peter Crosthwaite 
---
 hw/arm/boot.c | 152 +-
 1 file changed, 107 insertions(+), 45 deletions(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 55d552f..0c05a64 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -20,15 +20,33 @@
 #define KERNEL_ARGS_ADDR 0x100
 #define KERNEL_LOAD_ADDR 0x0001
 
+typedef enum {
+FIXUP_NONE = 0,   /* do nothing */
+FIXUP_TERMINATOR, /* end of insns */
+FIXUP_BOARDID,/* overwrite with board ID number */
+FIXUP_ARGPTR, /* overwrite with pointer to kernel args */
+FIXUP_ENTRYPOINT, /* overwrite with kernel entry point */
+FIXUP_GIC_CPU_IF, /* overwrite with GIC CPU interface address */
+FIXUP_BOOTREG,/* overwrite with boot register address */
+FIXUP_DSB,/* overwrite with correct DSB insn for cpu */
+FIXUP_MAX,
+} FixupType;
+
+typedef struct ARMInsnFixup {
+uint32_t insn;
+FixupType fixup;
+} ARMInsnFixup;
+
 /* The worlds second smallest bootloader.  Set r0-r2, then jump to kernel.  */
-static uint32_t bootloader[] = {
-  0xe3a0, /* mov r0, #0 */
-  0xe59f1004, /* ldr r1, [pc, #4] */
-  0xe59f2004, /* ldr r2, [pc, #4] */
-  0xe59ff004, /* ldr pc, [pc, #4] */
-  0, /* Board ID */
-  0, /* Address of kernel args.  Set by integratorcp_init.  */
-  0  /* Kernel entry point.  Set by integratorcp_init.  */
+static const ARMInsnFixup bootloader[] = {
+{ 0xe3a0 }, /* mov r0, #0 */
+{ 0xe59f1004 }, /* ldr r1, [pc, #4] */
+{ 0xe59f2004 }, /* ldr r2, [pc, #4] */
+{ 0xe59ff004 }, /* ldr pc, [pc, #4] */
+{ 0, FIXUP_BOARDID },
+{ 0, FIXUP_ARGPTR },
+{ 0, FIXUP_ENTRYPOINT },
+{ 0, FIXUP_TERMINATOR }
 };
 
 /* Handling for secondary CPU boot in a multicore system.
@@ -48,39 +66,83 @@ static uint32_t bootloader[] = {
 #define DSB_INSN 0xf57ff04f
 #define CP15_DSB_INSN 0xee070f9a /* mcr cp15, 0, r0, c7, c10, 4 */
 
-static uint32_t smpboot[] = {
-  0xe59f2028, /* ldr r2, gic_cpu_if */
-  0xe59f0028, /* ldr r0, startaddr */
-  0xe3a01001, /* mov r1, #1 */
-  0xe5821000, /* str r1, [r2] - set GICC_CTLR.Enable */
-  0xe3a010ff, /* mov r1, #0xff */
-  0xe5821004, /* str r1, [r2, 4] - set GIC_PMR.Priority to 0xff */
-  DSB_INSN,   /* dsb */
-  0xe320f003, /* wfi */
-  0xe5901000, /* ldr r1, [r0] */
-  0xe1110001, /* tst r1, r1 */
-  0x0afb, /* beq  */
-  0xe12fff11, /* bx  r1 */
-  0,  /* gic_cpu_if: base address of GIC CPU interface */
-  0   /* bootreg: Boot register address is held here */
+static const ARMInsnFixup smpboot[] = {
+{ 0xe59f2028 }, /* ldr r2, gic_cpu_if */
+{ 0xe59f0028 }, /* ldr r0, bootreg_addr */
+{ 0xe3a01001 }, /* mov r1, #1 */
+{ 0xe5821000 }, /* str r1, [r2] - set GICC_CTLR.Enable */
+{ 0xe3a010ff }, /* mov r1, #0xff */
+{ 0xe5821004 }, /* str r1, [r2, 4] - set GIC_PMR.Priority to 0xff */
+{ 0, FIXUP_DSB },   /* dsb */
+{ 0xe320f003 }, /* wfi */
+{ 0xe5901000 }, /* ldr r1, [r0] */
+{ 0xe1110001 }, /* tst r1, r1 */
+{ 0x0afb }, /* beq  */
+{ 0xe12fff11 }, /* bx  r1 */
+{ 0, FIXUP_GIC_CPU_IF }, /* gic_cpu_if: .word 0x */
+{ 0, FIXUP_BOOTREG }, /* bootreg_addr: .word 0x */
+{ 0, FIXUP_TERMINATOR }
 };
 
+static void write_bootloader(const char *name, hwaddr addr,
+ const ARMInsnFixup *insns, uint32_t *fixupcontext)
+{
+/* Fix up the specified bootloader fragment and write it into
+ * guest memory using rom_add_blob_fixed(). fixupcontext is
+ * an array giving the values to write in for the fixup types
+ * which write a value into the code array.
+ */
+int i, len;
+uint32_t *code;
+
+len = 0;
+while (insns[len].fixup != FIXUP_TERMINATOR) {
+len++;
+}
+
+code = g_new0(uint32_t, len);
+
+for (i = 0; i < len; i++) {
+uint32_t insn = insns[i].insn;
+FixupType fixup = insns[i].fixup;
+
+switch (fixup) {
+case FIXUP_NONE:
+break;
+case FIXUP_BOARDID:
+case FIXUP_ARGPTR:
+case FIXUP_ENTRYPOINT:
+case FIXUP_GIC_CPU_IF:
+case FIXUP_BOOTREG:
+case FIXUP_DSB:
+insn = fixupcontext[fixup];
+break;
+default:
+abort

[Qemu-devel] [PULL 14/62] arm/xilinx_zynq: Use object_new() rather than cpu_arm_init()

[Peter Maydell]

From: Peter Crosthwaite 

To allow the machine model to set device properties before CPU
realization.

Signed-off-by: Peter Crosthwaite 
Reviewed-by: Peter Maydell 
Message-id: 
e57658b4506b26ab6b6fadbe6d7827f669f51895.1387160489.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 hw/arm/xilinx_zynq.c | 12 +---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index 46924a0..1c954a3 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -25,6 +25,7 @@
 #include "sysemu/blockdev.h"
 #include "hw/loader.h"
 #include "hw/ssi.h"
+#include "qemu/error-report.h"
 
 #define NUM_SPI_FLASHES 4
 #define NUM_QSPI_FLASHES 2
@@ -102,6 +103,7 @@ static void zynq_init(QEMUMachineInitArgs *args)
 const char *kernel_filename = args->kernel_filename;
 const char *kernel_cmdline = args->kernel_cmdline;
 const char *initrd_filename = args->initrd_filename;
+ObjectClass *cpu_oc;
 ARMCPU *cpu;
 MemoryRegion *address_space_mem = get_system_memory();
 MemoryRegion *ext_ram = g_new(MemoryRegion, 1);
@@ -110,15 +112,19 @@ static void zynq_init(QEMUMachineInitArgs *args)
 SysBusDevice *busdev;
 qemu_irq pic[64];
 NICInfo *nd;
+Error *err = NULL;
 int n;
 
 if (!cpu_model) {
 cpu_model = "cortex-a9";
 }
+cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
 
-cpu = cpu_arm_init(cpu_model);
-if (!cpu) {
-fprintf(stderr, "Unable to find CPU definition\n");
+cpu = ARM_CPU(object_new(object_class_get_name(cpu_oc)));
+
+object_property_set_bool(OBJECT(cpu), true, "realized", &err);
+if (err) {
+error_report("%s", error_get_pretty(err));
 exit(1);
 }
 
-- 
1.8.5

[Qemu-devel] [PULL 32/62] target-arm: A64: expand decoding skeleton for system instructions

[Peter Maydell]

From: Claudio Fontana 

Decode the various kinds of system instructions:
 hints (HINT), which include NOP, YIELD, WFE, WFI, SEV, SEL
 sync instructions, which include CLREX, DSB, DMB, ISB
 msr_i, which move immediate to processor state field
 sys, which include all SYS and SYSL instructions
 msr, which move from a gp register to a system register
 mrs, which move from a system register to a gp register

Provide implementations where they are trivial nops.

Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 131 -
 1 file changed, 129 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 8e16cb1..1e2b371 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -190,12 +190,139 @@ static void disas_cond_b_imm(DisasContext *s, uint32_t 
insn)
 unsupported_encoding(s, insn);
 }
 
-/* System */
-static void disas_system(DisasContext *s, uint32_t insn)
+/* C5.6.68 HINT */
+static void handle_hint(DisasContext *s, uint32_t insn,
+unsigned int op1, unsigned int op2, unsigned int crm)
+{
+unsigned int selector = crm << 3 | op2;
+
+if (op1 != 3) {
+unallocated_encoding(s);
+return;
+}
+
+switch (selector) {
+case 0: /* NOP */
+return;
+case 1: /* YIELD */
+case 2: /* WFE */
+case 3: /* WFI */
+case 4: /* SEV */
+case 5: /* SEVL */
+/* we treat all as NOP at least for now */
+return;
+default:
+/* default specified as NOP equivalent */
+return;
+}
+}
+
+/* CLREX, DSB, DMB, ISB */
+static void handle_sync(DisasContext *s, uint32_t insn,
+unsigned int op1, unsigned int op2, unsigned int crm)
+{
+if (op1 != 3) {
+unallocated_encoding(s);
+return;
+}
+
+switch (op2) {
+case 2: /* CLREX */
+unsupported_encoding(s, insn);
+return;
+case 4: /* DSB */
+case 5: /* DMB */
+case 6: /* ISB */
+/* We don't emulate caches so barriers are no-ops */
+return;
+default:
+unallocated_encoding(s);
+return;
+}
+}
+
+/* C5.6.130 MSR (immediate) - move immediate to processor state field */
+static void handle_msr_i(DisasContext *s, uint32_t insn,
+ unsigned int op1, unsigned int op2, unsigned int crm)
 {
 unsupported_encoding(s, insn);
 }
 
+/* C5.6.204 SYS */
+static void handle_sys(DisasContext *s, uint32_t insn, unsigned int l,
+   unsigned int op1, unsigned int op2,
+   unsigned int crn, unsigned int crm, unsigned int rt)
+{
+unsupported_encoding(s, insn);
+}
+
+/* C5.6.129 MRS - move from system register */
+static void handle_mrs(DisasContext *s, uint32_t insn, unsigned int op0,
+   unsigned int op1, unsigned int op2,
+   unsigned int crn, unsigned int crm, unsigned int rt)
+{
+unsupported_encoding(s, insn);
+}
+
+/* C5.6.131 MSR (register) - move to system register */
+static void handle_msr(DisasContext *s, uint32_t insn, unsigned int op0,
+   unsigned int op1, unsigned int op2,
+   unsigned int crn, unsigned int crm, unsigned int rt)
+{
+unsupported_encoding(s, insn);
+}
+
+/* C3.2.4 System
+ *  31 22 21  20 19 18 16 15   12 118 7   5 40
+ * +-+---+-+-+---+---+-+--+
+ * | 1 1 0 1 0 1 0 1 0 0 | L | op0 | op1 |  CRn  |  CRm  | op2 |  Rt  |
+ * +-+---+-+-+---+---+-+--+
+ */
+static void disas_system(DisasContext *s, uint32_t insn)
+{
+unsigned int l, op0, op1, crn, crm, op2, rt;
+l = extract32(insn, 21, 1);
+op0 = extract32(insn, 19, 2);
+op1 = extract32(insn, 16, 3);
+crn = extract32(insn, 12, 4);
+crm = extract32(insn, 8, 4);
+op2 = extract32(insn, 5, 3);
+rt = extract32(insn, 0, 5);
+
+if (op0 == 0) {
+if (l || rt != 31) {
+unallocated_encoding(s);
+return;
+}
+switch (crn) {
+case 2: /* C5.6.68 HINT */
+handle_hint(s, insn, op1, op2, crm);
+break;
+case 3: /* CLREX, DSB, DMB, ISB */
+handle_sync(s, insn, op1, op2, crm);
+break;
+case 4: /* C5.6.130 MSR (immediate) */
+handle_msr_i(s, insn, op1, op2, crm);
+break;
+default:
+unallocated_encoding(s);
+break;
+}
+return;
+}
+
+if (op0 == 1) {
+/* C5.6.204 SYS */
+handle_sys(s, insn, l, op1, op2, crn, crm, rt);
+} else if (l) { /* op0 > 1 */
+/* C5.6.129 MRS - move from system register */
+handle_mrs(s, insn, op0, op1, op2, crn, crm, rt);
+} else {
+/* C5.6.131 MSR (register) - move to system registe

[Qemu-devel] [PATCH v3 19/19] bsd-user: fix linking conflicts with FreeBSD libcrypto

[Stacey Son]

FreeBSD has it's own AES_set_decrypt_key, etc. in libcrypto.  This
change fixes these conflicts and allows statically linking BSD
user mode qemu.
---
 include/qemu/aes.h |9 +
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/include/qemu/aes.h b/include/qemu/aes.h
index e79c707..6d253a3 100644
--- a/include/qemu/aes.h
+++ b/include/qemu/aes.h
@@ -10,6 +10,15 @@ struct aes_key_st {
 };
 typedef struct aes_key_st AES_KEY;
 
+/* FreeBSD has it's own AES_set_decrypt_key in -lcrypto, avoid conflicts. */
+#ifdef __FreeBSD__
+#define AES_set_encrypt_key QEMU_AES_set_encrypt_key
+#define AES_set_decrypt_key QEMU_AES_set_decrypt_key
+#define AES_encrypt QEMU_AES_encrypt
+#define AES_decrypt QEMU_AES_decrypt
+#define AES_cbc_encrypt QEMU_AES_cbc_encrypt
+#endif
+
 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key);
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-- 
1.7.8

[Qemu-devel] [PATCH v3 18/19] bsd-user: add arm, mips and mips64 options to configure target-list

[Stacey Son]

This change adds arm-bsd-user, mips-bsd-user, mips64-bsd-user,
mips64el-bsd-user, and mipsel-bsd-user as --target-list options to configure.
---
 default-configs/arm-bsd-user.mak  |3 +++
 default-configs/mips-bsd-user.mak |1 +
 default-configs/mips64-bsd-user.mak   |1 +
 default-configs/mips64el-bsd-user.mak |1 +
 default-configs/mipsel-bsd-user.mak   |1 +
 5 files changed, 7 insertions(+), 0 deletions(-)
 create mode 100644 default-configs/arm-bsd-user.mak
 create mode 100644 default-configs/mips-bsd-user.mak
 create mode 100644 default-configs/mips64-bsd-user.mak
 create mode 100644 default-configs/mips64el-bsd-user.mak
 create mode 100644 default-configs/mipsel-bsd-user.mak

diff --git a/default-configs/arm-bsd-user.mak b/default-configs/arm-bsd-user.mak
new file mode 100644
index 000..869e6fb
--- /dev/null
+++ b/default-configs/arm-bsd-user.mak
@@ -0,0 +1,3 @@
+# Default configuration for arm-bsd-user
+
+CONFIG_GDBSTUB_XML=y
diff --git a/default-configs/mips-bsd-user.mak 
b/default-configs/mips-bsd-user.mak
new file mode 100644
index 000..3fb129a
--- /dev/null
+++ b/default-configs/mips-bsd-user.mak
@@ -0,0 +1 @@
+# Default configuration for mips-bsd-user
diff --git a/default-configs/mips64-bsd-user.mak 
b/default-configs/mips64-bsd-user.mak
new file mode 100644
index 000..d4e72a6
--- /dev/null
+++ b/default-configs/mips64-bsd-user.mak
@@ -0,0 +1 @@
+# Default configuration for mips64-bsd-user
diff --git a/default-configs/mips64el-bsd-user.mak 
b/default-configs/mips64el-bsd-user.mak
new file mode 100644
index 000..b879228
--- /dev/null
+++ b/default-configs/mips64el-bsd-user.mak
@@ -0,0 +1 @@
+# Default configuration for mips64el-bsd-user
diff --git a/default-configs/mipsel-bsd-user.mak 
b/default-configs/mipsel-bsd-user.mak
new file mode 100644
index 000..312b9d5
--- /dev/null
+++ b/default-configs/mipsel-bsd-user.mak
@@ -0,0 +1 @@
+# Default configuration for mipsel-bsd-user
-- 
1.7.8

[Qemu-devel] [PULL 06/62] Add max device width parameter for NOR devices

[Peter Maydell]

From: Roy Franz 

For handling CFI and device ID reads, we need to not only know the
width that a NOR flash device is configured for, but also its maximum
width.  The maximum width addressing mode is used for multi-width
parts no matter which width they are configured for.  The most common
case is x16 parts that also support x8 mode.  When configured for x8
operation these devices respond to CFI and device ID requests differently
than native x8 NOR parts.

Signed-off-by: Roy Franz 
Message-id: 1386279359-32286-6-git-send-email-roy.fr...@linaro.org
[PMM: Added comment explaining the semantics of width vs device-width
 vs max-device-width]
Signed-off-by: Peter Maydell 
---
 hw/block/pflash_cfi01.c | 25 +
 1 file changed, 25 insertions(+)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 82a2519..de7a6c0 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -74,6 +74,7 @@ struct pflash_t {
 uint64_t sector_len;
 uint8_t bank_width;
 uint8_t device_width; /* If 0, device width not specified. */
+uint8_t max_device_width;  /* max device width in bytes */
 uint8_t be;
 uint8_t wcycle; /* if 0, the flash is read normally */
 int ro;
@@ -635,6 +636,13 @@ static void pflash_cfi01_realize(DeviceState *dev, Error 
**errp)
 pfl->ro = 0;
 }
 
+/* Default to devices being used at their maximum device width. This was
+ * assumed before the device_width support was added.
+ */
+if (!pfl->max_device_width) {
+pfl->max_device_width = pfl->device_width;
+}
+
 pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl);
 pfl->wcycle = 0;
 pfl->cmd = 0;
@@ -728,8 +736,25 @@ static Property pflash_cfi01_properties[] = {
 DEFINE_PROP_DRIVE("drive", struct pflash_t, bs),
 DEFINE_PROP_UINT32("num-blocks", struct pflash_t, nb_blocs, 0),
 DEFINE_PROP_UINT64("sector-length", struct pflash_t, sector_len, 0),
+/* width here is the overall width of this QEMU device in bytes.
+ * The QEMU device may be emulating a number of flash devices
+ * wired up in parallel; the width of each individual flash
+ * device should be specified via device-width. If the individual
+ * devices have a maximum width which is greater than the width
+ * they are being used for, this maximum width should be set via
+ * max-device-width (which otherwise defaults to device-width).
+ * So for instance a 32-bit wide QEMU flash device made from four
+ * 16-bit flash devices used in 8-bit wide mode would be configured
+ * with width = 4, device-width = 1, max-device-width = 2.
+ *
+ * If device-width is not specified we default to backwards
+ * compatible behaviour which is a bad emulation of two
+ * 16 bit devices making up a 32 bit wide QEMU device. This
+ * is deprecated for new uses of this device.
+ */
 DEFINE_PROP_UINT8("width", struct pflash_t, bank_width, 0),
 DEFINE_PROP_UINT8("device-width", struct pflash_t, device_width, 0),
+DEFINE_PROP_UINT8("max-device-width", struct pflash_t, max_device_width, 
0),
 DEFINE_PROP_UINT8("big-endian", struct pflash_t, be, 0),
 DEFINE_PROP_UINT16("id0", struct pflash_t, ident0, 0),
 DEFINE_PROP_UINT16("id1", struct pflash_t, ident1, 0),
-- 
1.8.5

[Qemu-devel] [PULL 00/62] target-arm queue

[Peter Maydell]

Only took a week for the target-arm queue to fill up again :-)
Please pull...

thanks
-- PMM

The following changes since commit f46e720a82ccdf1a521cf459448f3f96ed895d43:

  qemu_opts_parse(): always check return value (2013-12-16 15:33:48 -0800)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20131217

for you to fetch changes up to 84291fe7a34f8c2d595bcdb77ff506d1d60fcd7c:

  MAINTAINERS: add myself to maintain allwinner-a10 (2013-12-17 20:12:51 +)


target-arm queue:
 * AES instruction support for 32 bit ARM
 * pflash01: much better emulation of 2x16bit and similar configs
   where multiple flash devices are banked together
 * fixed CBAR handling on Zynq, Highbank
 * initial AArch64 KVM control support
 * first two chunks of patches for A64 instruction emulation
 * new board: canon-a1100 (Canon DIGIC SoC)
 * new board: cubieboard (Allwinner A10 SoC)


Alexander Graf (14):
  target-arm: A64: add set_pc cpu method
  target-arm: A64: add stubs for a64 specific helpers
  target-arm: A64: add support for B and BL insns
  target-arm: A64: add support for BR, BLR and RET insns
  target-arm: A64: add support for conditional branches
  target-arm: A64: add support for 'test and branch' imm
  target-arm: A64: add support for compare and branch imm
  target-arm: A64: add support for logical (shifted register)
  target-arm: A64: add support for ADR and ADRP
  target-arm: A64: add support for EXTR
  target-arm: A64: add support for 2-src data processing and DIV
  target-arm: A64: add support for 2-src shift reg insns
  target-arm: A64: add support for 1-src RBIT insn
  target-arm: A64: add support for logical (immediate) insns

Antony Pavlov (8):
  ARM: cpu: add "reset_hivecs" property
  ARM: arm_cpu_reset: make it possible to use high vectors for reset_exc
  hw/arm: add very initial support for Canon DIGIC SoC
  hw/arm/digic: prepare DIGIC-based boards support
  hw/arm/digic: add timer support
  hw/arm/digic: add UART support
  hw/arm/digic: add NOR ROM support
  MAINTAINERS: Document 'Canon DIGIC' machine

Ard Biesheuvel (1):
  target-arm: add support for v8 AES instructions

Claudio Fontana (8):
  target-arm: A64: provide skeleton for a64 insn decoding
  target-arm: A64: expand decoding skeleton for system instructions
  target-arm: A64: add support for conditional select
  target-arm: A64: add support for 1-src data processing and CLZ
  target-arm: A64: add support for 1-src REV insns
  target-arm: A64: add support for bitfield insns
  host-utils: add clrsb32/64 - count leading redundant sign bits
  target-arm: A64: add support for 1-src CLS insn

Mian M. Hamayun (2):
  target-arm: Add minimal KVM AArch64 support
  hw/arm/boot: Add boot support for AArch64 processor

Peter Crosthwaite (8):
  target-arm/helper.c: Allow cp15.c15 dummy override
  target-arm: Define and use ARM_FEATURE_CBAR
  target-arm/cpu: Convert reset CBAR to a property
  arm/highbank: Use object_new() rather than cpu_arm_init()
  arm/highbank: Fix CBAR initialisation
  arm/xilinx_zynq: Use object_new() rather than cpu_arm_init()
  arm/xilinx_zynq: Implement CBAR initialisation
  arm/highbank.c: Fix MPCore periphbase name

Peter Maydell (9):
  target-arm/kvm: Split 32 bit only code into its own file
  target-arm: Clean up handling of AArch64 PSTATE
  configure: Enable KVM for aarch64 host/target combination
  hw/arm/boot: Allow easier swapping in of different loader code
  default-configs: Add config for aarch64-softmmu
  target-arm: Split A64 from A32/T32 gen_intermediate_code_internal()
  target-arm: A64: provide functions for accessing FPCR and FPSR
  target-arm: Support fp registers in gdb stub
  vmstate: Add support for an array of ptimer_state *

Roy Franz (7):
  rename pflash_t member width to bank_width
  Add device-width property to pflash_cfi01
  return status for each NOR flash device
  Set proper device-width for vexpress flash
  Add max device width parameter for NOR devices
  Fix CFI query responses for NOR flash
  Fix NOR flash device ID reading

liguang (5):
  hw/timer: add allwinner a10 timer
  hw/intc: add allwinner A10 interrupt controller
  hw/arm: add allwinner a10 SoC support
  hw/arm: add cubieboard support
  MAINTAINERS: add myself to maintain allwinner-a10

 MAINTAINERS  |   13 +
 configure|4 +-
 default-configs/aarch64-softmmu.mak  |6 +
 default-configs/arm-softmmu.mak  |5 +
 gdb-xml/aarch64-fpu.xml  |   86 ++
 hw/arm/Makefile.objs |3 +
 hw/arm/allwin

[Qemu-devel] [PULL 15/62] arm/xilinx_zynq: Implement CBAR initialisation

[Peter Maydell]

From: Peter Crosthwaite 

Fix the CBAR initialisation by using the newly defined static property.
Zynq will now correctly init the CBAR to the SCU base address.

Needed to boot Linux on the xilinx_zynq machine model.

Signed-off-by: Peter Crosthwaite 
Reviewed-by: Peter Maydell 
Message-id: 
8db7d57ebe5418fed397fcc86ea719f98446c178.1387160489.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 hw/arm/xilinx_zynq.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index 1c954a3..17251c7 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -36,6 +36,8 @@
 
 #define IRQ_OFFSET 32 /* pic interrupts start from index 32 */
 
+#define MPCORE_PERIPHBASE 0xF8F0
+
 static const int dma_irqs[8] = {
 46, 47, 48, 49, 72, 73, 74, 75
 };
@@ -122,6 +124,11 @@ static void zynq_init(QEMUMachineInitArgs *args)
 
 cpu = ARM_CPU(object_new(object_class_get_name(cpu_oc)));
 
+object_property_set_int(OBJECT(cpu), MPCORE_PERIPHBASE, "reset-cbar", 
&err);
+if (err) {
+error_report("%s", error_get_pretty(err));
+exit(1);
+}
 object_property_set_bool(OBJECT(cpu), true, "realized", &err);
 if (err) {
 error_report("%s", error_get_pretty(err));
@@ -160,7 +167,7 @@ static void zynq_init(QEMUMachineInitArgs *args)
 qdev_prop_set_uint32(dev, "num-cpu", 1);
 qdev_init_nofail(dev);
 busdev = SYS_BUS_DEVICE(dev);
-sysbus_mmio_map(busdev, 0, 0xF8F0);
+sysbus_mmio_map(busdev, 0, MPCORE_PERIPHBASE);
 sysbus_connect_irq(busdev, 0,
qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ));
 
-- 
1.8.5

[Qemu-devel] [qemu-kvm PATCH] docs: updated qemu-img man page and qemu-doc to reflect VHDX support.

[Jeff Cody]

The man page for qemu-img, and the qemu-doc, did not mention VHDX
as a supported format.  This adds in reference to VHDX in those
documents.

Signed-off-by: Jeff Cody 
---
 qemu-doc.texi | 15 +++
 qemu-img.texi |  4 ++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/qemu-doc.texi b/qemu-doc.texi
index 185dd47..10b4ae9 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -654,6 +654,21 @@ Supported options:
 Specifies which VHD subformat to use. Valid options are
 @code{dynamic} (default) and @code{fixed}.
 @end table
+
+@item VHDX
+Hyper-V compatible image format (VHDX).
+Supported options:
+@table @code
+@item subformat
+Specifies which VHDX subformat to use. Valid options are
+@code{dynamic} (default) and @code{fixed}.
+@item block_state_zero
+Force use of payload blocks of type 'ZERO'.
+@item block_size
+Block Size; min 1MB, max 256MB.  0 means auto-calculate based on image size.
+@item log_size
+Log size; min 1MB.
+@end table
 @end table
 
 @subsubsection Read-only formats
diff --git a/qemu-img.texi b/qemu-img.texi
index be31191..1bba91e 100644
--- a/qemu-img.texi
+++ b/qemu-img.texi
@@ -431,8 +431,8 @@ This option can only be enabled if @code{compat=1.1} is 
specified.
 
 @item Other
 QEMU also supports various other image file formats for compatibility with
-older QEMU versions or other hypervisors, including VMDK, VDI, VHD (vpc), qcow1
-and QED. For a full list of supported formats see @code{qemu-img --help}.
+older QEMU versions or other hypervisors, including VMDK, VDI, VHD (vpc), VHDX,
+qcow1 and QED. For a full list of supported formats see @code{qemu-img --help}.
 For a more detailed description of these formats, see the QEMU Emulation User
 Documentation.
 
-- 
1.8.3.1

[Qemu-devel] [PULL 29/62] target-arm: Support fp registers in gdb stub

[Peter Maydell]

Register the aarch64-fpu XML and implement the necessary
read/write handlers so we can support reading and writing
of FP registers in the gdb stub.

Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 configure   |  2 +-
 gdb-xml/aarch64-fpu.xml | 86 +
 target-arm/helper.c | 48 ++-
 3 files changed, 134 insertions(+), 2 deletions(-)
 create mode 100644 gdb-xml/aarch64-fpu.xml

diff --git a/configure b/configure
index 02c94e2..07b6be3 100755
--- a/configure
+++ b/configure
@@ -4438,7 +4438,7 @@ case "$target_name" in
   aarch64)
 TARGET_BASE_ARCH=arm
 bflt="yes"
-gdb_xml_files="aarch64-core.xml"
+gdb_xml_files="aarch64-core.xml aarch64-fpu.xml"
   ;;
   cris)
   ;;
diff --git a/gdb-xml/aarch64-fpu.xml b/gdb-xml/aarch64-fpu.xml
new file mode 100644
index 000..997197e
--- /dev/null
+++ b/gdb-xml/aarch64-fpu.xml
@@ -0,0 +1,86 @@
+
+
+
+
+
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+
+
+
+  
+  
+
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+  
+  
+
+
+
+
+
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+
diff --git a/target-arm/helper.c b/target-arm/helper.c
index cfbb14c..6ebd7dc 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -65,6 +65,48 @@ static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf, 
int reg)
 return 0;
 }
 
+static int aarch64_fpu_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
+{
+switch (reg) {
+case 0 ... 31:
+/* 128 bit FP register */
+stfq_le_p(buf, env->vfp.regs[reg * 2]);
+stfq_le_p(buf + 8, env->vfp.regs[reg * 2 + 1]);
+return 16;
+case 32:
+/* FPSR */
+stl_p(buf, vfp_get_fpsr(env));
+return 4;
+case 33:
+/* FPCR */
+stl_p(buf, vfp_get_fpcr(env));
+return 4;
+default:
+return 0;
+}
+}
+
+static int aarch64_fpu_gdb_set_reg(CPUARMState *env, uint8_t *buf, int reg)
+{
+switch (reg) {
+case 0 ... 31:
+/* 128 bit FP register */
+env->vfp.regs[reg * 2] = ldfq_le_p(buf);
+env->vfp.regs[reg * 2 + 1] = ldfq_le_p(buf + 8);
+return 16;
+case 32:
+/* FPSR */
+vfp_set_fpsr(env, ldl_p(buf));
+return 4;
+case 33:
+/* FPCR */
+vfp_set_fpcr(env, ldl_p(buf));
+return 4;
+default:
+return 0;
+}
+}
+
 static int raw_read(CPUARMState *env, const ARMCPRegInfo *ri,
 uint64_t *value)
 {
@@ -1795,7 +1837,11 @@ void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
 CPUState *cs = CPU(cpu);
 CPUARMState *env = &cpu->env;
 
-if (arm_feature(env, ARM_FEATURE_NEON)) {
+if (arm_feature(env, ARM_FEATURE_AARCH64)) {
+gdb_register_coprocessor(cs, aarch64_fpu_gdb_get_reg,
+ aarch64_fpu_gdb_set_reg,
+ 34, "aarch64-fpu.xml", 0);
+} else if (arm_feature(env, ARM_FEATURE_NEON)) {
 gdb_register_coprocessor(cs, vfp_gdb_get_reg, vfp_gdb_set_reg,
  51, "arm-neon.xml", 0);
 } else if (arm_feature(env, ARM_FEATURE_VFP3)) {
-- 
1.8.5

[Qemu-devel] [PULL 55/62] hw/arm/digic: add NOR ROM support

[Peter Maydell]

From: Antony Pavlov 

Signed-off-by: Antony Pavlov 
Message-id: 1387188908-754-6-git-send-email-antonynpav...@gmail.com
[PMM: don't try to load ROM blob if qtest_enabled()]
Signed-off-by: Peter Maydell 
---
 hw/arm/digic_boards.c | 78 +++
 1 file changed, 78 insertions(+)

diff --git a/hw/arm/digic_boards.c b/hw/arm/digic_boards.c
index 87a9c4b..32fc30a 100644
--- a/hw/arm/digic_boards.c
+++ b/hw/arm/digic_boards.c
@@ -27,6 +27,14 @@
 #include "exec/address-spaces.h"
 #include "qemu/error-report.h"
 #include "hw/arm/digic.h"
+#include "hw/block/flash.h"
+#include "hw/loader.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
+
+#define DIGIC4_ROM0_BASE  0xf000
+#define DIGIC4_ROM1_BASE  0xf800
+#define DIGIC4_ROM_MAX_SIZE   0x0800
 
 typedef struct DigicBoardState {
 DigicState *digic;
@@ -35,6 +43,10 @@ typedef struct DigicBoardState {
 
 typedef struct DigicBoard {
 hwaddr ram_size;
+void (*add_rom0)(DigicBoardState *, hwaddr, const char *);
+const char *rom0_def_filename;
+void (*add_rom1)(DigicBoardState *, hwaddr, const char *);
+const char *rom1_def_filename;
 } DigicBoard;
 
 static void digic4_board_setup_ram(DigicBoardState *s, hwaddr ram_size)
@@ -59,10 +71,76 @@ static void digic4_board_init(DigicBoard *board)
 }
 
 digic4_board_setup_ram(s, board->ram_size);
+
+if (board->add_rom0) {
+board->add_rom0(s, DIGIC4_ROM0_BASE, board->rom0_def_filename);
+}
+
+if (board->add_rom1) {
+board->add_rom1(s, DIGIC4_ROM1_BASE, board->rom1_def_filename);
+}
+}
+
+static void digic_load_rom(DigicBoardState *s, hwaddr addr,
+   hwaddr max_size, const char *def_filename)
+{
+target_long rom_size;
+const char *filename;
+
+if (qtest_enabled()) {
+/* qtest runs no code so don't attempt a ROM load which
+ * could fail and result in a spurious test failure.
+ */
+return;
+}
+
+if (bios_name) {
+filename = bios_name;
+} else {
+filename = def_filename;
+}
+
+if (filename) {
+char *fn = qemu_find_file(QEMU_FILE_TYPE_BIOS, filename);
+
+if (!fn) {
+error_report("Couldn't find rom image '%s'.\n", filename);
+exit(1);
+}
+
+rom_size = load_image_targphys(fn, addr, max_size);
+if (rom_size < 0 || rom_size > max_size) {
+error_report("Couldn't load rom image '%s'.\n", filename);
+exit(1);
+}
+}
+}
+
+/*
+ * Samsung K8P3215UQB
+ * 64M Bit (4Mx16) Page Mode / Multi-Bank NOR Flash Memory
+ */
+static void digic4_add_k8p3215uqb_rom(DigicBoardState *s, hwaddr addr,
+  const char *def_filename)
+{
+#define FLASH_K8P3215UQB_SIZE (4 * 1024 * 1024)
+#define FLASH_K8P3215UQB_SECTOR_SIZE (64 * 1024)
+
+pflash_cfi02_register(addr, NULL, "pflash", FLASH_K8P3215UQB_SIZE,
+  NULL, FLASH_K8P3215UQB_SECTOR_SIZE,
+  FLASH_K8P3215UQB_SIZE / FLASH_K8P3215UQB_SECTOR_SIZE,
+  DIGIC4_ROM_MAX_SIZE / FLASH_K8P3215UQB_SIZE,
+  4,
+  0x00EC, 0x007E, 0x0003, 0x0001,
+  0x0555, 0x2aa, 0);
+
+digic_load_rom(s, addr, FLASH_K8P3215UQB_SIZE, def_filename);
 }
 
 static DigicBoard digic4_board_canon_a1100 = {
 .ram_size = 64 * 1024 * 1024,
+.add_rom1 = digic4_add_k8p3215uqb_rom,
+.rom1_def_filename = "canon-a1100-rom1.bin",
 };
 
 static void canon_a1100_init(QEMUMachineInitArgs *args)
-- 
1.8.5

[Qemu-devel] [PULL 30/62] target-arm: A64: add stubs for a64 specific helpers

[Peter Maydell]

From: Alexander Graf 

We will need helpers that only make sense with AArch64. Add
helper-a64.{c,h} files as stubs that we can fill with these
helpers in the following patches.

Signed-off-by: Alexander Graf 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/Makefile.objs |  2 +-
 target-arm/helper-a64.c  | 25 +
 target-arm/helper-a64.h  | 18 ++
 target-arm/helper.h  |  4 
 4 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 target-arm/helper-a64.c
 create mode 100644 target-arm/helper-a64.h

diff --git a/target-arm/Makefile.objs b/target-arm/Makefile.objs
index 190499f..dcd167e 100644
--- a/target-arm/Makefile.objs
+++ b/target-arm/Makefile.objs
@@ -7,5 +7,5 @@ obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 obj-y += translate.o op_helper.o helper.o cpu.o
 obj-y += neon_helper.o iwmmxt_helper.o
 obj-y += gdbstub.o
-obj-$(TARGET_AARCH64) += cpu64.o translate-a64.o gdbstub64.o
+obj-$(TARGET_AARCH64) += cpu64.o translate-a64.o helper-a64.o gdbstub64.o
 obj-y += crypto_helper.o
diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c
new file mode 100644
index 000..adb8428
--- /dev/null
+++ b/target-arm/helper-a64.c
@@ -0,0 +1,25 @@
+/*
+ *  AArch64 specific helpers
+ *
+ *  Copyright (c) 2013 Alexander Graf 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "cpu.h"
+#include "exec/gdbstub.h"
+#include "helper.h"
+#include "qemu/host-utils.h"
+#include "sysemu/sysemu.h"
+#include "qemu/bitops.h"
diff --git a/target-arm/helper-a64.h b/target-arm/helper-a64.h
new file mode 100644
index 000..dd28306
--- /dev/null
+++ b/target-arm/helper-a64.h
@@ -0,0 +1,18 @@
+/*
+ *  AArch64 specific helper definitions
+ *
+ *  Copyright (c) 2013 Alexander Graf 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
diff --git a/target-arm/helper.h b/target-arm/helper.h
index 496eb65..73d67dc 100644
--- a/target-arm/helper.h
+++ b/target-arm/helper.h
@@ -466,4 +466,8 @@ DEF_HELPER_3(neon_qzip32, void, env, i32, i32)
 DEF_HELPER_4(crypto_aese, void, env, i32, i32, i32)
 DEF_HELPER_4(crypto_aesmc, void, env, i32, i32, i32)
 
+#ifdef TARGET_AARCH64
+#include "helper-a64.h"
+#endif
+
 #include "exec/def-helper.h"
-- 
1.8.5

[Qemu-devel] [PULL 58/62] hw/timer: add allwinner a10 timer

[Peter Maydell]

From: liguang 

Signed-off-by: liguang 
Reviewed-by: Peter Crosthwaite 
Message-id: 1387159292-10436-3-git-send-email-lig.f...@cn.fujitsu.com
Signed-off-by: Peter Maydell 
---
 default-configs/arm-softmmu.mak  |   2 +
 hw/timer/Makefile.objs   |   2 +
 hw/timer/allwinner-a10-pit.c | 254 +++
 include/hw/timer/allwinner-a10-pit.h |  58 
 4 files changed, 316 insertions(+)
 create mode 100644 hw/timer/allwinner-a10-pit.c
 create mode 100644 include/hw/timer/allwinner-a10-pit.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 2135be3..14c68b4 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -83,3 +83,5 @@ CONFIG_VERSATILE_I2C=y
 
 CONFIG_SDHCI=y
 CONFIG_INTEGRATOR_DEBUG=y
+
+CONFIG_ALLWINNER_A10_PIT=y
diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
index ea9f11f..2c86c3d 100644
--- a/hw/timer/Makefile.objs
+++ b/hw/timer/Makefile.objs
@@ -29,3 +29,5 @@ obj-$(CONFIG_TUSB6010) += tusb6010.o
 obj-$(CONFIG_DIGIC) += digic-timer.o
 
 obj-$(CONFIG_MC146818RTC) += mc146818rtc.o
+
+obj-$(CONFIG_ALLWINNER_A10_PIT) += allwinner-a10-pit.o
diff --git a/hw/timer/allwinner-a10-pit.c b/hw/timer/allwinner-a10-pit.c
new file mode 100644
index 000..b27fce8
--- /dev/null
+++ b/hw/timer/allwinner-a10-pit.c
@@ -0,0 +1,254 @@
+/*
+ * Allwinner A10 timer device emulation
+ *
+ * Copyright (C) 2013 Li Guang
+ * Written by Li Guang 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "hw/timer/allwinner-a10-pit.h"
+
+static uint64_t a10_pit_read(void *opaque, hwaddr offset, unsigned size)
+{
+AwA10PITState *s = AW_A10_PIT(opaque);
+uint8_t index;
+
+switch (offset) {
+case AW_A10_PIT_TIMER_IRQ_EN:
+return s->irq_enable;
+case AW_A10_PIT_TIMER_IRQ_ST:
+return s->irq_status;
+case AW_A10_PIT_TIMER_BASE ... AW_A10_PIT_TIMER_BASE_END:
+index = offset & 0xf0;
+index >>= 4;
+index -= 1;
+switch (offset & 0x0f) {
+case AW_A10_PIT_TIMER_CONTROL:
+return s->control[index];
+case AW_A10_PIT_TIMER_INTERVAL:
+return s->interval[index];
+case AW_A10_PIT_TIMER_COUNT:
+s->count[index] = ptimer_get_count(s->timer[index]);
+return s->count[index];
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: Bad offset 0x%x\n",  __func__, (int)offset);
+break;
+}
+case AW_A10_PIT_WDOG_CONTROL:
+break;
+case AW_A10_PIT_WDOG_MODE:
+break;
+case AW_A10_PIT_COUNT_LO:
+return s->count_lo;
+case AW_A10_PIT_COUNT_HI:
+return s->count_hi;
+case AW_A10_PIT_COUNT_CTL:
+return s->count_ctl;
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: Bad offset 0x%x\n",  __func__, (int)offset);
+break;
+}
+
+return 0;
+}
+
+static void a10_pit_write(void *opaque, hwaddr offset, uint64_t value,
+unsigned size)
+{
+ AwA10PITState *s = AW_A10_PIT(opaque);
+ uint8_t index;
+
+switch (offset) {
+case AW_A10_PIT_TIMER_IRQ_EN:
+s->irq_enable = value;
+break;
+case AW_A10_PIT_TIMER_IRQ_ST:
+s->irq_status &= ~value;
+break;
+case AW_A10_PIT_TIMER_BASE ... AW_A10_PIT_TIMER_BASE_END:
+index = offset & 0xf0;
+index >>= 4;
+index -= 1;
+switch (offset & 0x0f) {
+case AW_A10_PIT_TIMER_CONTROL:
+s->control[index] = value;
+if (s->control[index] & AW_A10_PIT_TIMER_RELOAD) {
+ptimer_set_count(s->timer[index], s->interval[index]);
+}
+if (s->control[index] & AW_A10_PIT_TIMER_EN) {
+int oneshot = 0;
+if (s->control[index] & AW_A10_PIT_TIMER_MODE) {
+oneshot = 1;
+}
+ptimer_run(s->timer[index], oneshot);
+} else {
+ptimer_stop(s->timer[index]);
+}
+break;
+case AW_A10_PIT_TIMER_INTERVAL:
+s->interval[index] = value;
+ptimer_set_limit(s->timer[index], s->interval[index], 1);
+break;
+case AW_A10_PIT_TIMER_COUNT:
+s->count[index] = value;
+break;
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+

[Qemu-devel] [PULL 31/62] target-arm: A64: provide skeleton for a64 insn decoding

[Peter Maydell]

From: Claudio Fontana 

Provide a skeleton for a64 instruction decoding in translate-a64.c,
by dividing instructions into the classes defined by the
ARM Architecture Reference Manual(DDI0487A_a) section C3.

Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 370 -
 1 file changed, 362 insertions(+), 8 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index a713137..8e16cb1 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -146,17 +146,348 @@ static inline void gen_goto_tb(DisasContext *s, int n, 
uint64_t dest)
 }
 }
 
-static void real_unallocated_encoding(DisasContext *s)
+static void unallocated_encoding(DisasContext *s)
 {
-fprintf(stderr, "Unknown instruction: %#x\n", s->insn);
 gen_exception_insn(s, 4, EXCP_UDEF);
 }
 
-#define unallocated_encoding(s) do { \
-fprintf(stderr, "unallocated encoding at line: %d\n", __LINE__); \
-real_unallocated_encoding(s); \
-} while (0)
+#define unsupported_encoding(s, insn)\
+do { \
+qemu_log_mask(LOG_UNIMP, \
+  "%s:%d: unsupported instruction encoding 0x%08x "  \
+  "at pc=%016" PRIx64 "\n",  \
+  __FILE__, __LINE__, insn, s->pc - 4);  \
+unallocated_encoding(s); \
+} while (0);
 
+/*
+ * the instruction disassembly implemented here matches
+ * the instruction encoding classifications in chapter 3 (C3)
+ * of the ARM Architecture Reference Manual (DDI0487A_a)
+ */
+
+/* Unconditional branch (immediate) */
+static void disas_uncond_b_imm(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* Compare & branch (immediate) */
+static void disas_comp_b_imm(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* Test & branch (immediate) */
+static void disas_test_b_imm(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* Conditional branch (immediate) */
+static void disas_cond_b_imm(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* System */
+static void disas_system(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* Exception generation */
+static void disas_exc(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* Unconditional branch (register) */
+static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* C3.2 Branches, exception generating and system instructions */
+static void disas_b_exc_sys(DisasContext *s, uint32_t insn)
+{
+switch (extract32(insn, 25, 7)) {
+case 0x0a: case 0x0b:
+case 0x4a: case 0x4b: /* Unconditional branch (immediate) */
+disas_uncond_b_imm(s, insn);
+break;
+case 0x1a: case 0x5a: /* Compare & branch (immediate) */
+disas_comp_b_imm(s, insn);
+break;
+case 0x1b: case 0x5b: /* Test & branch (immediate) */
+disas_test_b_imm(s, insn);
+break;
+case 0x2a: /* Conditional branch (immediate) */
+disas_cond_b_imm(s, insn);
+break;
+case 0x6a: /* Exception generation / System */
+if (insn & (1 << 24)) {
+disas_system(s, insn);
+} else {
+disas_exc(s, insn);
+}
+break;
+case 0x6b: /* Unconditional branch (register) */
+disas_uncond_b_reg(s, insn);
+break;
+default:
+unallocated_encoding(s);
+break;
+}
+}
+
+/* Load/store exclusive */
+static void disas_ldst_excl(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* Load register (literal) */
+static void disas_ld_lit(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* Load/store pair (all forms) */
+static void disas_ldst_pair(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* Load/store register (all forms) */
+static void disas_ldst_reg(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* AdvSIMD load/store multiple structures */
+static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* AdvSIMD load/store single structure */
+static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
+{
+unsupported_encoding(s, insn);
+}
+
+/* C3.3 Loads and stores */
+static void disas_ldst(DisasContext *s, uint32_t insn)
+{
+switch (extract32(insn, 24, 6)) {
+case 0x08: /* Load/store exclusive */
+disas_ldst_excl(s, insn);
+break;
+case 0x18: case 0x1c: /* Load register (literal) */
+disas_ld_lit(s, i

[Qemu-devel] [PULL 56/62] MAINTAINERS: Document 'Canon DIGIC' machine

[Peter Maydell]

From: Antony Pavlov 

Signed-off-by: Antony Pavlov 
Message-id: 1387188908-754-7-git-send-email-antonynpav...@gmail.com
Signed-off-by: Peter Maydell 
---
 MAINTAINERS | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 7f45d1d..1fce9a5 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -233,6 +233,12 @@ S: Supported
 F: hw/arm/highbank.c
 F: hw/net/xgmac.c
 
+Canon DIGIC
+M: Antony Pavlov 
+S: Maintained
+F: include/hw/arm/digic.h
+F: hw/*/digic*
+
 Gumstix
 M: qemu-devel@nongnu.org
 S: Orphan
-- 
1.8.5

[Qemu-devel] [PULL 62/62] MAINTAINERS: add myself to maintain allwinner-a10

[Peter Maydell]

From: liguang 

Signed-off-by: liguang 
Message-id: 1387159292-10436-7-git-send-email-lig.f...@cn.fujitsu.com
Signed-off-by: Peter Maydell 
---
 MAINTAINERS | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 1fce9a5..a5ab8f8 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -219,6 +219,13 @@ F: *win32*
 
 ARM Machines
 
+Allwinner-a10
+M: Li Guang 
+S: Maintained
+F: hw/*/allwinner-a10*
+F: include/hw/*/allwinner-a10*
+F: hw/arm/cubieboard.c
+
 Exynos
 M: Evgeny Voevodin 
 M: Maksim Kozlov 
-- 
1.8.5

[Qemu-devel] [PATCH v3 00/19] bsd-user: Add system call and mips/arm support.

[Stacey Son]

[v3]

- Rebases to commit f46e720a82ccdf1a521cf459448f3f96ed895d43 (HEAD).
- Changes 'HOST_API_DIR' to 'HOST_VARIANT_DIR' for the BSD variant.
- Fixes boundry condition bug in mmap() system call handler.
- Fixes floating point support for MIPS64.
- Fixes execve() syscall handler so shell scripts are properly exec'ed.
- Fixes uninitialized data bug for extended attribute syscall handlers.
- Fixes minor typos in ACL syscall structures.

[v2]

- Rebases to 1.7.0-rc0. (Requires, however, Andreas Tobler's patch to
  build: see
  http://lists.nongnu.org/archive/html/qemu-devel/2013-11/msg0.html)
- Fixes deadlock in the _umtx_op() system call handler.
- Fixes race condition in mmap() system call handler.
- Makes qemu-mips (o32) usable.
- A small code clean up to the ARM cpu_loop().
- Fixes comment in arm-bsd-user.mak to match filename.
- Fixes symbol conflicts with FreeBSD's libcrypto for static link.

[v1]

This patch series adds a significant number of system calls and mips/arm
support for bsd-user.  In its current state it can emulate most
FreeBSD mips/mips64 and arm target binaries on a x86 host in a simple
chroot environment. (see https://wiki.freebsd.org/QemuUserModeHowTo for
the details.)

Besides adding a lot of shims and other support code this change
restructures the code significantly to reduce the amount of C
preprocessor conditionals for the various target and host arch/OS's.
In general, the target cpu depedent code has been moved into into
the various arch directories and the host OS dependent code (ie.
FreeBSD, NetBSD, OpenBSD) has been moved into the OS directories as
much as possible.

I would like to recognize Olivier Houchard for a lot of the arm
dependent code and Juergen Lock, the maintainer of the FreeBSD
Qemu port, for their contributions.

Note that these patches are also available at:

http://people.freebsd.org/~sson/qemu/qemu-bsd-user/

and on github in the 'bsd-user' branch of the following repository:

https://github.com/staceyson/qemu-bsd-user

Best Regards,

Stacey D. Son
---

Stacey Son (19):
  bsd-user: refresh freebsd system call numbers
  bsd-user: add HOST_VARIANT_DIR for various *BSD dependent code
  bsd-user: move strace OS/arch dependent code to host/arch dirs
  bsd-user: move arch/OS dependent code out of main.c
  bsd-user: move arch/OS dependent code out of syscall.c
  bsd-user: add support for freebsd time related system calls
  bsd-user: add support for freebsd signal related system calls
  bsd-user: move arch/OS dependent code out of elfload.c
  bsd-user: add support for freebsd process related system calls
  bsd-user: add support for file system related system calls
  bsd-user: add support for stat, dir, and fcntl related syscalls
  bsd-user: add support for memory management related syscalls
  bsd-user: add support for socket related system calls
  bsd-user: add support for thread related system calls
  bsd-user: add support for the ioctl system call
  bsd-user: add support for extattr and ACL related syscalls
  bsd-user: add support for miscellaneous system calls
  bsd-user: add arm, mips and mips64 options to configure target-list
  bsd-user: fix linking conflicts with FreeBSD libcrypto

 Makefile.target |5 +-
 bsd-user/Makefile.objs  |6 +-
 bsd-user/arm/syscall.h  |   36 +
 bsd-user/arm/target_arch.h  |   10 +
 bsd-user/arm/target_arch_cpu.c  |   27 +
 bsd-user/arm/target_arch_cpu.h  |  375 ++
 bsd-user/arm/target_arch_elf.h  |   54 +
 bsd-user/arm/target_arch_signal.h   |  257 +
 bsd-user/arm/target_arch_sigtramp.h |   33 +
 bsd-user/arm/target_arch_sysarch.h  |   78 ++
 bsd-user/arm/target_arch_thread.h   |   67 ++
 bsd-user/arm/target_arch_vmparam.h  |   48 +
 bsd-user/bsd-file.h |  ++
 bsd-user/bsd-ioctl.c|  448 
 bsd-user/bsd-ioctl.h|   27 +
 bsd-user/bsd-mem.c  |  122 ++
 bsd-user/bsd-mem.h  |  393 +++
 bsd-user/bsd-misc.c |  209 
 bsd-user/bsd-misc.h |  339 ++
 bsd-user/bsd-proc.c |  160 +++
 bsd-user/bsd-proc.h |  434 +++
 bsd-user/bsd-signal.h   |  232 
 bsd-user/bsd-socket.c   |  108 ++
 bsd-user/bsd-socket.h   |  266 +
 bsd-user/bsdload.c  |  170 ++-
 bsd-user/elfload.c  |  956 -
 bsd-user/errno_defs.h   |   13 +-
 bsd-user/freebsd/host_os.h  |   46 +
 bsd-user/freebsd/os-extattr.c   |  118 ++
 bsd-user/freebsd/os-extattr.h   |  654 +++
 bsd-user/freebsd/os-ioctl-cmds.h|   47 +
 bsd-user/freebsd/os-ioctl-filio.h   |   45 +
 bsd-user/freebsd/os-ioctl-ioccom.h  |   54 +
 bsd-user/freebsd/os-ioctl-ttycom.h  |  257 +

[Qemu-devel] [PULL 54/62] hw/arm/digic: add UART support

[Peter Maydell]

From: Antony Pavlov 

Signed-off-by: Antony Pavlov 
Reviewed-by: Peter Maydell 
Reviewed-by: Peter Crosthwaite 
Message-id: 1387188908-754-5-git-send-email-antonynpav...@gmail.com
Signed-off-by: Peter Maydell 
---
 hw/arm/digic.c   |  16 
 hw/char/Makefile.objs|   1 +
 hw/char/digic-uart.c | 195 +++
 include/hw/arm/digic.h   |   2 +
 include/hw/char/digic-uart.h |  47 +++
 5 files changed, 261 insertions(+)
 create mode 100644 hw/char/digic-uart.c
 create mode 100644 include/hw/char/digic-uart.h

diff --git a/hw/arm/digic.c b/hw/arm/digic.c
index e8eb0de..ec8c330 100644
--- a/hw/arm/digic.c
+++ b/hw/arm/digic.c
@@ -24,6 +24,8 @@
 
 #define DIGIC4_TIMER_BASE(n)(0xc021 + (n) * 0x100)
 
+#define DIGIC_UART_BASE  0xc080
+
 static void digic_init(Object *obj)
 {
 DigicState *s = DIGIC(obj);
@@ -43,6 +45,11 @@ static void digic_init(Object *obj)
 snprintf(name, DIGIC_TIMER_NAME_MLEN, "timer[%d]", i);
 object_property_add_child(obj, name, OBJECT(&s->timer[i]), NULL);
 }
+
+object_initialize(&s->uart, sizeof(s->uart), TYPE_DIGIC_UART);
+dev = DEVICE(&s->uart);
+qdev_set_parent_bus(dev, sysbus_get_default());
+object_property_add_child(obj, "uart", OBJECT(&s->uart), NULL);
 }
 
 static void digic_realize(DeviceState *dev, Error **errp)
@@ -74,6 +81,15 @@ static void digic_realize(DeviceState *dev, Error **errp)
 sbd = SYS_BUS_DEVICE(&s->timer[i]);
 sysbus_mmio_map(sbd, 0, DIGIC4_TIMER_BASE(i));
 }
+
+object_property_set_bool(OBJECT(&s->uart), true, "realized", &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
+}
+
+sbd = SYS_BUS_DEVICE(&s->uart);
+sysbus_mmio_map(sbd, 0, DIGIC_UART_BASE);
 }
 
 static void digic_class_init(ObjectClass *oc, void *data)
diff --git a/hw/char/Makefile.objs b/hw/char/Makefile.objs
index cbd6a00..be2a7d9 100644
--- a/hw/char/Makefile.objs
+++ b/hw/char/Makefile.objs
@@ -14,6 +14,7 @@ obj-$(CONFIG_COLDFIRE) += mcf_uart.o
 obj-$(CONFIG_OMAP) += omap_uart.o
 obj-$(CONFIG_SH4) += sh_serial.o
 obj-$(CONFIG_PSERIES) += spapr_vty.o
+obj-$(CONFIG_DIGIC) += digic-uart.o
 
 common-obj-$(CONFIG_ETRAXFS) += etraxfs_ser.o
 common-obj-$(CONFIG_ISA_DEBUG) += debugcon.o
diff --git a/hw/char/digic-uart.c b/hw/char/digic-uart.c
new file mode 100644
index 000..fd8e077
--- /dev/null
+++ b/hw/char/digic-uart.c
@@ -0,0 +1,195 @@
+/*
+ * QEMU model of the Canon DIGIC UART block.
+ *
+ * Copyright (C) 2013 Antony Pavlov 
+ *
+ * This model is based on reverse engineering efforts
+ * made by CHDK (http://chdk.wikia.com) and
+ * Magic Lantern (http://www.magiclantern.fm) projects
+ * contributors.
+ *
+ * See "Serial terminal" docs here:
+ *   http://magiclantern.wikia.com/wiki/Register_Map#Misc_Registers
+ *
+ * The QEMU model of the Milkymist UART block by Michael Walle
+ * is used as a template.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ */
+
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "sysemu/char.h"
+
+#include "hw/char/digic-uart.h"
+
+enum {
+ST_RX_RDY = (1 << 0),
+ST_TX_RDY = (1 << 1),
+};
+
+static uint64_t digic_uart_read(void *opaque, hwaddr addr,
+unsigned size)
+{
+DigicUartState *s = opaque;
+uint64_t ret = 0;
+
+addr >>= 2;
+
+switch (addr) {
+case R_RX:
+s->reg_st &= ~(ST_RX_RDY);
+ret = s->reg_rx;
+break;
+
+case R_ST:
+ret = s->reg_st;
+break;
+
+default:
+qemu_log_mask(LOG_UNIMP,
+  "digic-uart: read access to unknown register 0x"
+  TARGET_FMT_plx, addr << 2);
+}
+
+return ret;
+}
+
+static void digic_uart_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
+{
+DigicUartState *s = opaque;
+unsigned char ch = value;
+
+addr >>= 2;
+
+switch (addr) {
+case R_TX:
+if (s->chr) {
+qemu_chr_fe_write_all(s->chr, &ch, 1);
+}
+break;
+
+case R_ST:
+/*
+ * Ignore write to R_ST.
+ *
+ * The point is that this register is actively used
+ * during receiving and transmitting symbols,
+ * but we don't know the function of most of bits.
+ *
+ * Ignoring writes to R_ST is only a simplification
+ * of the model. It has no perceptible side effects
+ * for existing guests.
+

[Qemu-devel] [PULL 33/62] target-arm: A64: add support for B and BL insns

[Peter Maydell]

From: Alexander Graf 

Implement the B and BL instructions (PC relative branches and calls).

For convenience in managing TCG temporaries which might be generated
if a source register is the zero-register XZR, we provide a simple
mechanism for creating a new temp which is automatically freed at the
end of decode of the instruction.

Signed-off-by: Alexander Graf 
[claudio: renamed functions, adapted to new decoder layout]
Signed-off-by: Claudio Fontana 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/translate-a64.c | 64 --
 target-arm/translate.h |  3 +++
 2 files changed, 65 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 1e2b371..ead5658 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -160,16 +160,71 @@ static void unallocated_encoding(DisasContext *s)
 unallocated_encoding(s); \
 } while (0);
 
+static void init_tmp_a64_array(DisasContext *s)
+{
+#ifdef CONFIG_DEBUG_TCG
+int i;
+for (i = 0; i < ARRAY_SIZE(s->tmp_a64); i++) {
+TCGV_UNUSED_I64(s->tmp_a64[i]);
+}
+#endif
+s->tmp_a64_count = 0;
+}
+
+static void free_tmp_a64(DisasContext *s)
+{
+int i;
+for (i = 0; i < s->tmp_a64_count; i++) {
+tcg_temp_free_i64(s->tmp_a64[i]);
+}
+init_tmp_a64_array(s);
+}
+
+static TCGv_i64 new_tmp_a64(DisasContext *s)
+{
+assert(s->tmp_a64_count < TMP_A64_MAX);
+return s->tmp_a64[s->tmp_a64_count++] = tcg_temp_new_i64();
+}
+
+static TCGv_i64 new_tmp_a64_zero(DisasContext *s)
+{
+TCGv_i64 t = new_tmp_a64(s);
+tcg_gen_movi_i64(t, 0);
+return t;
+}
+
+static TCGv_i64 cpu_reg(DisasContext *s, int reg)
+{
+if (reg == 31) {
+return new_tmp_a64_zero(s);
+} else {
+return cpu_X[reg];
+}
+}
+
 /*
  * the instruction disassembly implemented here matches
  * the instruction encoding classifications in chapter 3 (C3)
  * of the ARM Architecture Reference Manual (DDI0487A_a)
  */
 
-/* Unconditional branch (immediate) */
+/* C3.2.7 Unconditional branch (immediate)
+ *   31  30   26 25  0
+ * ++---+-+
+ * | op | 0 0 1 0 1 | imm26   |
+ * ++---+-+
+ */
 static void disas_uncond_b_imm(DisasContext *s, uint32_t insn)
 {
-unsupported_encoding(s, insn);
+uint64_t addr = s->pc + sextract32(insn, 0, 26) * 4 - 4;
+
+if (insn & (1 << 31)) {
+/* C5.6.26 BL Branch with link */
+tcg_gen_movi_i64(cpu_reg(s, 30), s->pc);
+}
+
+/* C5.6.20 B Branch / C5.6.26 BL Branch with link */
+gen_goto_tb(s, 0, addr);
 }
 
 /* Compare & branch (immediate) */
@@ -651,6 +706,9 @@ static void disas_a64_insn(CPUARMState *env, DisasContext 
*s)
 assert(FALSE); /* all 15 cases should be handled above */
 break;
 }
+
+/* if we allocated any temporaries, free them here */
+free_tmp_a64(s);
 }
 
 void gen_intermediate_code_internal_a64(ARMCPU *cpu,
@@ -691,6 +749,8 @@ void gen_intermediate_code_internal_a64(ARMCPU *cpu,
 dc->vec_len = 0;
 dc->vec_stride = 0;
 
+init_tmp_a64_array(dc);
+
 next_page_start = (pc_start & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
 lj = -1;
 num_insns = 0;
diff --git a/target-arm/translate.h b/target-arm/translate.h
index 8789181..23a45da 100644
--- a/target-arm/translate.h
+++ b/target-arm/translate.h
@@ -24,6 +24,9 @@ typedef struct DisasContext {
 int vec_len;
 int vec_stride;
 int aarch64;
+#define TMP_A64_MAX 16
+int tmp_a64_count;
+TCGv_i64 tmp_a64[TMP_A64_MAX];
 } DisasContext;
 
 extern TCGv_ptr cpu_env;
-- 
1.8.5

[Qemu-devel] [PULL 27/62] target-arm: A64: add set_pc cpu method

[Peter Maydell]

From: Alexander Graf 

When executing translation blocks we need to be able to recover
our program counter. Add a method to set it for AArch64 CPUs.
This covers user-mode, but for system mode emulation we will
need to check if the CPU is in an AArch32 execution state.

Signed-off-by: Alexander Graf 
Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target-arm/cpu64.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
index 3e99c21..04ce879 100644
--- a/target-arm/cpu64.c
+++ b/target-arm/cpu64.c
@@ -68,11 +68,22 @@ static void aarch64_cpu_finalizefn(Object *obj)
 {
 }
 
+static void aarch64_cpu_set_pc(CPUState *cs, vaddr value)
+{
+ARMCPU *cpu = ARM_CPU(cs);
+/*
+ * TODO: this will need updating for system emulation,
+ * when the core may be in AArch32 mode.
+ */
+cpu->env.pc = value;
+}
+
 static void aarch64_cpu_class_init(ObjectClass *oc, void *data)
 {
 CPUClass *cc = CPU_CLASS(oc);
 
 cc->dump_state = aarch64_cpu_dump_state;
+cc->set_pc = aarch64_cpu_set_pc;
 cc->gdb_read_register = aarch64_cpu_gdb_read_register;
 cc->gdb_write_register = aarch64_cpu_gdb_write_register;
 cc->gdb_num_core_regs = 34;
-- 
1.8.5