Re: [Qemu-devel] [PATCH 1/1] virtio-rng: fix check for period_ms validity

[Gonglei]

On 2014/12/11 15:49, Amit Shah wrote:

> This was reported for this warning:
> 
> hw/virtio/virtio-rng.c:150:31: warning: logical not is only applied to
> the left hand side of comparison [-Wlogical-not-parentheses]
> 
> Reported-by: dcb
> Suggested-by: dcb
> Bug: https://bugs.launchpad.net/qemu/+bug/1393486
> Signed-off-by: Amit Shah 
> ---
>  hw/virtio/virtio-rng.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Gonglei 

Re: [Qemu-devel] [RFC PATCH v6 08/32] icount: implement icount requesting

[Pavel Dovgaluk]

> From: Paolo Bonzini [mailto:paolo.bonz...@gmail.com] On Behalf Of Paolo 
> Bonzini
> On 10/12/2014 07:35, Pavel Dovgalyuk wrote:
> > No, it worked well and I deleted _nocache version of that function.
> > But I still need _raw one to get the instructions counter.
> 
> Oh, great.  This patch can also go in early.

What's the next? Will you upstream some of the patches to simplify reviewing of 
the others?

Pavel Dovgalyuk

Re: [Qemu-devel] [PATCH 1/1] MAINTAINERS: Update for migrated migration code

[Amit Shah]

On (Wed) 10 Dec 2014 [11:03:54], Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> My previous patches migrated the migration code into migration/
> but didn't update MAINTAINERS.
> 
> Note that does mean that the owner for block-migration.c
> changes, but I'll ask block people what they want to do.
> 
> Signed-off-by: Dr. David Alan Gilbert 
> ---
>  MAINTAINERS | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index bcb69e8..fc6e23b 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -930,7 +930,7 @@ Migration
>  M: Juan Quintela 
>  S: Maintained
>  F: include/migration/
> -F: migration*
> +F: migration/
>  F: savevm.c
>  F: arch_init.c
>  F: vmstate.c

vmstate.c needs to be removed from here; I'll do that myself in the
pull req.

Amit

[Qemu-devel] [PULL] Migration pull for 2.3

[Amit Shah]

The following changes since commit 7fb8da2b8861795e0013e6ee97acd0363d868a35:

  Open 2.3 development tree (2014-12-09 21:48:34 +)

are available in the git repository at:

  git://git.kernel.org/pub/scm/virt/qemu/amit/migration.git tags/for-2.3-1

for you to fetch changes up to 26b6d4a4c837aeb3655090696d385d1d02f2d313:

  MAINTAINERS: Update for migrated migration code (2014-12-11 12:48:06 +0530)


Migration pull for 2.3.  Mostly moving the code to the migration/
directory, and updating MAINTAINERS.

I've also folded my other MAINTAINERS update patches into this, as
they're small by themselves.


Amit Shah (4):
  MAINTAINERS: Add myself to migration maintainers
  MAINTAINERS: migration: add vmstate static checker files
  MAINTAINERS: add entry for virtio-rng
  MAINTAINERS: add include files to virtio-serial entry

Dr. David Alan Gilbert (5):
  Start migrating migration code into a migration directory
  Remove migration- pre/post fixes off files in migration/ dir
  Split struct QEMUFile out
  Split the QEMU buffered file code out
  MAINTAINERS: Update for migrated migration code

Michael S. Tsirkin (3):
  exec: add wrapper for host pointer access
  cpu: assert host pointer offset within block
  cpu: verify that block->host is set

zhanghailiang (1):
  qmp-command.hx: add missing docs for migration capabilites

 MAINTAINERS  |  14 ++-
 Makefile.objs|  10 +-
 exec.c   |  10 +-
 include/exec/cpu-all.h   |   7 ++
 migration/Makefile.objs  |  10 ++
 block-migration.c => migration/block.c   |   0
 migration-exec.c => migration/exec.c |   0
 migration-fd.c => migration/fd.c |   0
 migration.c => migration/migration.c |   0
 qemu-file.c => migration/qemu-file-buf.c | 511 
+-
 migration/qemu-file-internal.h   |  53 
 qemu-file-stdio.c => migration/qemu-file-stdio.c |   0
 qemu-file-unix.c => migration/qemu-file-unix.c   |   0
 migration/qemu-file.c| 519 

 migration-rdma.c => migration/rdma.c |   0
 migration-tcp.c => migration/tcp.c   |   0
 migration-unix.c => migration/unix.c |   0
 vmstate.c => migration/vmstate.c |   0
 xbzrle.c => migration/xbzrle.c   |   0
 qmp-commands.hx  |   6 +
 tests/Makefile   |   7 +-
 21 files changed, 619 insertions(+), 528 deletions(-)
 create mode 100644 migration/Makefile.objs
 rename block-migration.c => migration/block.c (100%)
 rename migration-exec.c => migration/exec.c (100%)
 rename migration-fd.c => migration/fd.c (100%)
 rename migration.c => migration/migration.c (100%)
 rename qemu-file.c => migration/qemu-file-buf.c (51%)
 create mode 100644 migration/qemu-file-internal.h
 rename qemu-file-stdio.c => migration/qemu-file-stdio.c (100%)
 rename qemu-file-unix.c => migration/qemu-file-unix.c (100%)
 create mode 100644 migration/qemu-file.c
 rename migration-rdma.c => migration/rdma.c (100%)
 rename migration-tcp.c => migration/tcp.c (100%)
 rename migration-unix.c => migration/unix.c (100%)
 rename vmstate.c => migration/vmstate.c (100%)
 rename xbzrle.c => migration/xbzrle.c (100%)


Amit

Re: [Qemu-devel] [PATCH 0/5] bootdevice: Refactor and improvement

[Gonglei]

On 2014/12/4 19:19, Gonglei (Arei) wrote:

> From: Gonglei 
> 
> Patch 1 just move boot order related code to bootdevice.c.
> Patch 2,3,5 add an argument to corresponding functions.
> This way, we can propagate the error messages to the caller.
> Maybe somebody will say we will remove the legacy boot order
> in the future, instead of using bootindex. But at present,
> for PPC, the have no way support bootindex, ARM on the flight
> (Laszlo Ersek) as far as know.
> 
> After this work, we can easily to add QMP command for existing
> HMP command 'boot_set' if we have a requirement.
> 
> Gonglei (5):
>   bootdevice: move code about bootorder from vl.c to bootdevice.c
>   bootdevice: add Error **errp argument for validate_bootdevices()
>   bootdevice: add Error **errp argument for qemu_boot_set()
>   bootdevice: add validate check for qemu_boot_set()
>   bootdevice: add Error **errp argument for QEMUBootSetHandler
> 
>  bootdevice.c| 73 ++
>  hw/i386/pc.c| 21 ++
>  hw/ppc/mac_newworld.c   |  4 +--
>  hw/ppc/mac_oldworld.c   |  5 ++--
>  hw/sparc/sun4m.c|  4 +--
>  hw/sparc64/sun4u.c  |  4 +--
>  include/hw/hw.h |  6 
>  include/sysemu/sysemu.h |  7 +
>  monitor.c   | 14 -
>  vl.c| 77 
> +
>  10 files changed, 116 insertions(+), 99 deletions(-)
> 

Any comments and/or Acks will be appreciated.
Then I'll send a pull request if no one is against  this :)

Regards,
-Gonglei

Re: [Qemu-devel] [PATCH] vt82c686: avoid out-of-bounds read

[zhanghailiang]

On 2014/12/10 17:17, Paolo Bonzini wrote:

superio_ioport_readb can read the 256th element of the array.
Coverity reports an out-of-bounds write in superio_ioport_writeb,
but it does not show the corresponding out-of-bounds read
because it cannot prove that it can happen.  Fix the root
cause of the problem (zhanghailang's patch instead fixes
the logic in superio_ioport_writeb).

Signed-off-by: Paolo Bonzini 
---
  hw/isa/vt82c686.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
index e0c235c..a43e26d 100644
--- a/hw/isa/vt82c686.c
+++ b/hw/isa/vt82c686.c
@@ -36,7 +36,7 @@

  typedef struct SuperIOConfig
  {
-uint8_t config[0xff];
+uint8_t config[0x100];
  uint8_t index;
  uint8_t data;
  } SuperIOConfig;


Reviewed-by: zhanghailiang 

Re: [Qemu-devel] [PATCH 2/2] pc: acpi-build: make linker & RSDP tables dynamic

[Igor Mammedov]

On Wed, 10 Dec 2014 22:18:53 +0200
"Michael S. Tsirkin"  wrote:

> On Wed, Dec 10, 2014 at 08:43:55PM +0100, Igor Mammedov wrote:
> > On Wed, 10 Dec 2014 20:28:01 +0200
> > "Michael S. Tsirkin"  wrote:
> > 
> > > On Wed, Dec 10, 2014 at 06:39:49PM +0100, Igor Mammedov wrote:
> > > > On Wed, 10 Dec 2014 19:13:59 +0200
> > > > "Michael S. Tsirkin"  wrote:
> > > > 
> > > > > On Wed, Dec 10, 2014 at 05:45:58PM +0100, Igor Mammedov wrote:
> > > > > > On Wed, 10 Dec 2014 18:24:24 +0200
> > > > > > "Michael S. Tsirkin"  wrote:
> > > > > > 
> > > > > > > On Wed, Dec 10, 2014 at 04:06:56PM +, Igor Mammedov wrote:
> > > > > > > > linker and RSDP tables are build only once, so if later
> > > > > > > > during rebuild sizes of other ACPI tables change
> > > > > > > > pointers will be patched incorrectly due to wrong
> > > > > > > > offsets.
> > > > > > > > 
> > > > > > > > To fix it rebuild linker and RSDP tables along with
> > > > > > > > the rest of ACPI tables so that they would have correct
> > > > > > > > offsets.
> > > > > > > > 
> > > > > > > > Here is a simple reproducer:
> > > > > > > >  1: hotplug bridge using command:
> > > > > > > >  device_add pci-bridge,chassis_nr=1
> > > > > > > >  2: reset system from monitor:
> > > > > > > >  system_reset
> > > > > > > > 
> > > > > > > > As result pointers to ACPI tables are not correct
> > > > > > > > and guest can't read/parse ACPI tables.
> > > > > > > > Windows guests just refuse to boot and
> > > > > > > > Linux guests are more resilient and try to boot without
> > > > > > > > ACPI, sometimes successfully.
> > > > > > > > 
> > > > > > > > PS:
> > > > > > > >  keep brokenness in 2.2 and older machine types for the sake
> > > > > > > >  of migration
> > > > > > > > 
> > > > > > > > Signed-off-by: Igor Mammedov 
> > > > > > > 
> > > > > > > I'd like to fix 2.2 as well.
> > > > > > that's easy,
> > > > > >  has_imutable_rsdp = true
> > > > > > should be moved into
> > > > > >  pc_compat_2_1()
> > > > > > 
> > > > > > > 
> > > > > > > Why does adding bridge in this way cause tables to
> > > > > > > be resized?
> > > > > > > I think this is a root-cause that should be fixed.
> > > > > > That's because there wasn't any bridge described in tables
> > > > > > on startup, but after hotplug and reset tables are rebuild
> > > > > > which pickups hotplugged bridge and its secondary PCI bus.
> > > > > > 
> > > > > > This behavior seems sane, I'd expect bare-metal behave
> > > > > > the same way.
> > > > > 
> > > > > For a simple fix, we can skip bridges added by hotplug -
> > > > > treat them as regular devices.
> > > > > 
> > > > > It defintely seems nicer - at least for old machine types -
> > > > > than "keep brokenness".
> > > > > 
> > > > > I think the following should do the trcik, but it's completely
> > > > > untested.
> > > > > Could you pls try?
> > > > > 
> > > > > 
> > > > > diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> > > > > index b37a397..039776d 100644
> > > > > --- a/hw/i386/acpi-build.c
> > > > > +++ b/hw/i386/acpi-build.c
> > > > > @@ -844,7 +844,8 @@ static void build_pci_bus_end(PCIBus *bus,
> > > > > void *bus_state)
> > > > >   * Skip bridge subtree creation if bridge hotplug is disabled
> > > > >   * to make acpi tables compatible with legacy machine types.
> > > > >   */
> > > > > -if (!child->pcihp_bridge_en && bus->parent_dev) {
> > > > > +if (bus->parent_dev && (!child->pcihp_bridge_en ||
> > > > > +!DEVICE(bus->parent_dev)->hotplugged))
> > > > > { return;
> > > > >  }
> > > > What will happen if
> > > > hotplug may bridges in
> > > >  QEMU-fixed^^ -M 2.1
> > > > migrate to target:
> > > >  QEMU-2.1 -M 2.1 + hotplugged on sourcebridges on CLI
> > > > 
> > > > My guess it may fail due to ACPI blob size difference.
> > > 
> > > Yes it might if we are unlucky and cross a 64 k boundary.
> > > The robust fix is still to resize ROMs on receive.
> > > We'll also put this patch on a stable branch.
> > > 
> > 
> > Well, in my opinion though above snippet is sipmlier but it's papering
> > over the bug in table linker and RSDP, instead of fixing it.
> 
> I'm not against making the change for new machine types,
> but I'm also looking for a fix for 2.2.1
we can ignore 2.2.0, like Paolo did with yesterday's migration bugs
and fix 2.2.1 with this patch.

> 
> 
> > In this case SSDT size change is quite legetimate and in future there
> > could be other cases when it changes. So it would be better fix the root
> > problem which is corrupting tables due to changed SSDT size on reboot
> > instead of pretending that issue doesn't exist.
> 
> For -M 2.3 and up, I'm fine with this approach generally.
> Of course it all only works on the assumption we make
> ROM regions resizeable.
> If not your patch creates migration problems:
> -hot-add bridge on source
> -hot-add on destination
> 
> Size now depends on whether source rebooted, destination
> has no way to know that.
Patch of cause doesn't fix

Re: [Qemu-devel] [PATCH for-2.3 0/2] block: Fix for trailing whitespace in qemu-img create and its tests

[Markus Armbruster]

Fam Zheng  writes:

> On Wed, 12/10 13:50, Markus Armbruster wrote:
>> Fam Zheng  writes:
>> 
>> > This will make it easier to keep checkpatch.pl happy.
>> >
>> > Fam Zheng (2):
>> >   qemu-iotests: Remove traling whitespaces in *.out
>> >   block: Don't add trailing space in "Formating..." message
>> 
>> Sounds like PATCH 1 breaks the test, and PATCH 2 unbreaks it.  If that's
>> the case, they need to be squashed.
>
> No. Our qemu-iotests driver ignores ending space:
>
> if diff -w "$reference" $tmp.out >/dev/null 2>&1
> then
> echo ""
> if $err
> then
> :
> else
> echo "$seq `expr $stop - $start`" >>$tmp.time
> fi
> else
> echo " - output mismatch (see $seq.out.bad)"
> mv $tmp.out $seq.out.bad
> $diff -w "$reference" $seq.out.bad
> err=true
> fi

Right, thanks for the reminder :)

> Are you happy with the "sep" or do you want a full-fledged version?

Your choice.  The function is kind of odd, but it's not an important
one.

Series
Reviewed-by: Markus Armbruster 

Re: [Qemu-devel] [PATCH v2 04/10] vnc: switch to QemuOpts, allow multiple servers

[Gerd Hoffmann]

  Hi,

> > +fprintf(stderr, "%s: id \"%s\"\n", __func__, id);
> 
> A debug message, isn't it?

Yes, dropped.

> > +
> > +vnc_display_init(id);
> > +vnc_display_open(id, &local_err);
> > +if (local_err != NULL) {
> > +error_report("Failed to start VNC server on `%s': %s",
> > + qemu_opt_get(opts, "display"),
> > + error_get_pretty(local_err));
> > +error_free(local_err);
> > +exit(1);
> 
> Now, this function is called by main() and qmp_change_vnc_listen() ,
> That's ok for main() exit if encounter any errors, but don't adapt to qmp
> command IMHO.

Correct.  Fixed qmp up to call vnc_display_open directly.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH RESEND for 2.3 5/6] migration: optimize xbzrle by reducing data copy

[Dr. David Alan Gilbert]

* ChenLiang (chenlian...@huawei.com) wrote:
> On 2014/12/10 18:39, Dr. David Alan Gilbert wrote:
> 
> > * Juan Quintela (quint...@redhat.com) wrote:
> >>  wrote:
> >>> From: ChenLiang 
> >>>
> >>> Signed-off-by: ChenLiang 
> >>> Signed-off-by: Gonglei 
> >>> Reviewed-by: Dr. David Alan Gilbert 
> >>> ---
> >>>  arch_init.c | 8 +++-
> >>>  1 file changed, 3 insertions(+), 5 deletions(-)
> >>>
> >>> diff --git a/arch_init.c b/arch_init.c
> >>> index 846e4c5..0d0ba4a 100644
> >>> --- a/arch_init.c
> >>> +++ b/arch_init.c
> >>> @@ -376,11 +376,8 @@ static int save_xbzrle_page(QEMUFile *f, uint8_t 
> >>> **current_data,
> >>>  
> >>>  prev_cached_page = get_cached_data(XBZRLE.cache, current_addr);
> >>>  
> >>> -/* save current buffer into memory */
> >>> -memcpy(XBZRLE.current_buf, *current_data, TARGET_PAGE_SIZE);
> >>> -
> >>
> >> I think this is wrong.
> >> Remember that now migration is done in parallel with the guest running.
> >> If the guest modifies the page while we are encoding it, we end with a
> >> different contents in the cache and in the real page, and that causes
> >> corruption.
> >>
> >> This way, what we encoded is a "private copy of the page, so we don't
> >> have that problem".
> >>
> >> Makes sense?
> > 
> > Kind of; see back in March I hit this while testing the 1st version of this
> > patch:
> > https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg05631.html
> > 
> > but then we had some patches that fixed it; and the discussion was here:
> > https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg05677.html
> > and then I summarized it as:
> > https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg05768.html
> > 
> > * It's an interesting, if unusual, observation; it means we can send
> > * completely bogus data at this point because we know it will get
> > * overwritten later; I think the requirements are:
> > * 
> > *   1) That we meet the protocol (which seems to require that the run 
> > lengths are
> > *  not allowed to be 0)
> > *   2) That we don't get stuck in any loops or go over the end of the page
> > *  (I think this means we have to be careful of those byte loops within
> > *  the word-at-a-time cases)
> > *   3) The page that ends up in our xbzrle cache must match the destination
> > *  page, since the next cycle of xbzrle will use it as reference.
> > * 
> > 
> > Dave
> 
> >
> Hi
> The content that is discussed above is helpful to understand
> the principle of xbzrle. Do you mind that I add it into xbzrle.txt?

That's fine.

Dave

> 
> Best regards
> ChenLiang
> 
> >>>  /* XBZRLE encoding (if there is no overflow) */
> >>> -encoded_len = xbzrle_encode_buffer(prev_cached_page, 
> >>> XBZRLE.current_buf,
> >>> +encoded_len = xbzrle_encode_buffer(prev_cached_page, *current_data,
> >>> TARGET_PAGE_SIZE, 
> >>> XBZRLE.encoded_buf,
> >>> TARGET_PAGE_SIZE);
> >>>  if (encoded_len == 0) {
> >>> @@ -399,7 +396,8 @@ static int save_xbzrle_page(QEMUFile *f, uint8_t 
> >>> **current_data,
> >>>  
> >>>  /* we need to update the data in the cache, in order to get the same 
> >>> data */
> >>>  if (!last_stage) {
> >>> -memcpy(prev_cached_page, XBZRLE.current_buf, TARGET_PAGE_SIZE);
> >>> +xbzrle_decode_buffer(XBZRLE.encoded_buf, encoded_len, 
> >>> prev_cached_page,
> >>> + TARGET_PAGE_SIZE);
> >>>  }
> >>>  
> >>>  /* Send XBZRLE based compressed page */
> > --
> > Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
> > 
> > .
> > 
> 
> 
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH 4/4] block: vhdx - set .bdrv_has_zero_init to bdrv_has_zero_init_1

[Max Reitz]

On 2014-12-11 at 05:21, Lokesha, Amulya wrote:

Hi,

I raised a bug https://bugs.launchpad.net/qemu/+bug/1399191 in the qemu 
bugzilla and immediately started getting these patch mails. But, I am not 
seeing any update in the bugzilla site.
Till now I have got 4 patch mails regarding the issue. Please let me know which 
patch I should apply. Also let me know where can I get the patch files 
individually to be downloaded.

We are waiting for the patch to provide to our customers.

Thanks,
Amulya


Hi Amulya,

Patches 3 and 4 are absolutely necessary for this issue; however, I 
would recommend to simply apply all patches of the series.


In order to download the patches you can simply save the patch emails 
and apply them with git am. If for some reason you don't want to use 
git, patch -p1 works as well.


Max

Re: [Qemu-devel] [PATCH v2 09/10] monitor: add query-vnc2 command

[Gerd Hoffmann]

  Hi,

> > +# @auth: The current authentication type used by the server
> > +#'none' if no authentication is being used
> > +#'vnc' if VNC authentication is being used
> > +#'vencrypt+plain' if VEncrypt is used with plain text 
> > authentication
> > +#'vencrypt+tls+none' if VEncrypt is used with TLS and no 
> > authentication
> > +#'vencrypt+tls+vnc' if VEncrypt is used with TLS and VNC 
> > authentication
> > +#'vencrypt+tls+plain' if VEncrypt is used with TLS and plain text 
> > auth
> > +#'vencrypt+x509+none' if VEncrypt is used with x509 and no auth
> > +#'vencrypt+x509+vnc' if VEncrypt is used with x509 and VNC auth
> > +#'vencrypt+x509+plain' if VEncrypt is used with x509 and plain 
> > text auth
> > +#'vencrypt+tls+sasl' if VEncrypt is used with TLS and SASL auth
> > +#'vencrypt+x509+sasl' if VEncrypt is used with x509 and SASL auth
> 
> This feels like an open-coded string that should instead be an array of
> enum values.

This is just copyed over from the old query-vnc command.

We can try to do that in a cleaner way for query-vnc2.  That implies
libvirt needs to be able to handle both formats though.

Adding danbp who did most vnc auth stuff for comments.

>   That is,
> 
> { 'enum': 'VncAuth', 'data', [ 'none', 'vnc', 'vencrypt', 'plain',
> 'tls', 'x509' ] }

> ... 'auth': ['VcnAuth']

Looked at the source, figured the list grew meanwhile.

Do we need 'none' here?  When we have a list anyway we can have an empty
list instead.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v2 10/10] monitor: add vnc websockets

[Gerd Hoffmann]

> > +# @websocket: #optional true in case the socket is a websocket (since 2.2).
> 
> s/2.2/2.3/

Fixed.

> Is it optional because you omit it when false?  Why not just always
> output the bool, so that clients know they are talking to a new-enough
> qemu that knows about websockets (and this is explicitly not one), vs.
> having to guess that the omission of the bool implies that it is not
> rather than being an older qemu.

Makes sense, dropped optional.  Also simplifies the code a bit ;)

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v2] rbd: print a clear error message when write beyond EOF

[Kevin Wolf]

Am 11.12.2014 um 07:25 hat Jun Li geschrieben:
> Currently, as rbd driver do not support dynamic growth when write beyond EOF,
> so just print a clear error message.
> 
> Signed-off-by: Jun Li 
> ---
> v2:
> Just use rbd_aio_write to realize error detection.
> ---
>  block/rbd.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/block/rbd.c b/block/rbd.c
> index 5b5a64a..710ee3e 100644
> --- a/block/rbd.c
> +++ b/block/rbd.c
> @@ -661,6 +661,10 @@ static BlockAIOCB *rbd_start_aio(BlockDriverState *bs,
>  }
>  
>  if (r < 0) {
> +if (r == -EINVAL && cmd == RBD_AIO_WRITE) {
> +fprintf(stderr, "Image formats that grow on demand "
> +"are not supported on rbd.\n");
> +}
>  goto failed_completion;
>  }

You can't fill up the log with messages like that. In general, if you
use fprintf() in a function whose call can be triggered by the guest,
you're doing it wrong.

What needs to be done is to check at open time whether the configuration
works. Max has sent a series to that end a while ago, not sure what its
status is. I think it ended up depending on some blockdev work.

Kevin

Re: [Qemu-devel] [PATCH v2] rbd: print a clear error message when write beyond EOF

[Max Reitz]

On 2014-12-11 at 10:12, Kevin Wolf wrote:

Am 11.12.2014 um 07:25 hat Jun Li geschrieben:

Currently, as rbd driver do not support dynamic growth when write beyond EOF,
so just print a clear error message.

Signed-off-by: Jun Li 
---
v2:
Just use rbd_aio_write to realize error detection.
---
  block/rbd.c | 4 
  1 file changed, 4 insertions(+)

diff --git a/block/rbd.c b/block/rbd.c
index 5b5a64a..710ee3e 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -661,6 +661,10 @@ static BlockAIOCB *rbd_start_aio(BlockDriverState *bs,
  }
  
  if (r < 0) {

+if (r == -EINVAL && cmd == RBD_AIO_WRITE) {
+fprintf(stderr, "Image formats that grow on demand "
+"are not supported on rbd.\n");
+}
  goto failed_completion;
  }

You can't fill up the log with messages like that. In general, if you
use fprintf() in a function whose call can be triggered by the guest,
you're doing it wrong.

What needs to be done is to check at open time whether the configuration
works. Max has sent a series to that end a while ago, not sure what its
status is. I think it ended up depending on some blockdev work.


Yes, the status is that we need to remove "growable" from the BDS first.

Max

[Qemu-devel] [PATCH] hpet: increase spelling precision

[Stefan Hajnoczi]

Signed-off-by: Stefan Hajnoczi 
---
 hw/timer/hpet.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c
index e160e8f..d8bc231 100644
--- a/hw/timer/hpet.c
+++ b/hw/timer/hpet.c
@@ -1,5 +1,5 @@
 /*
- *  High Precisition Event Timer emulation
+ *  High Precision Event Timer emulation
  *
  *  Copyright (c) 2007 Alexander Graf
  *  Copyright (c) 2008 IBM Corporation
-- 
2.1.0

Re: [Qemu-devel] [PATCH v2] pc: acpi-build: make linker & RSDP tables dynamic

[Marcel Apfelbaum]

On Thu, 2014-12-11 at 09:10 +, Igor Mammedov wrote:
> linker and RSDP tables are build only once, so if later
> during rebuild sizes of other ACPI tables change
> pointers will be patched incorrectly due to wrong
> offsets.
> 
> To fix it rebuild linker and RSDP tables along with
> the rest of ACPI tables so that they would have correct
> offsets.
> 
> Here is a simple reproducer:
>  1: hotplug bridge using command:
>  device_add pci-bridge,chassis_nr=1
>  2: reset system from monitor:
>  system_reset
> 
> As result pointers to ACPI tables are not correct
> and guest can't read/parse ACPI tables.
> 
> Windows guests just refuse to boot and
> Linux guests are more resilient and try to boot without
> ACPI, sometimes successfully.
> 
> keep brokenness in 2.1 and older machine types for
> the sake of migration. 2.2.0 can't be helped but we
> can fix it with 2.2.1

Hi Igor,
I followed the prev conversation and I agree with the patch,
I do have one question:
Why you didn't set has_imutable_rsdp to true for 2.2.0 machines?
What is special about it? I think I missed it.

Thanks,
Marcel

> 
> Signed-off-by: Igor Mammedov 
> ---
> v2:
>   move compat fix to 2.1 machine type,
>suggsted by: "Michael S. Tsirkin" 
> ---
>  hw/i386/acpi-build.c | 30 +++---
>  hw/i386/pc_piix.c|  3 +++
>  hw/i386/pc_q35.c |  3 +++
>  include/hw/i386/pc.h |  1 +
>  4 files changed, 30 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index b37a397..4d2452d 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -1509,6 +1509,10 @@ struct AcpiBuildState {
>  /* Copy of table in RAM (for patching). */
>  ram_addr_t table_ram;
>  uint32_t table_size;
> +ram_addr_t linker_ram;
> +uint32_t linker_size;
> +ram_addr_t rsdp_ram;
> +uint32_t rsdp_size;
>  /* Is table patched? */
>  uint8_t patched;
>  PcGuestInfo *guest_info;
> @@ -1714,6 +1718,10 @@ static void acpi_build_update(void *build_opaque, 
> uint32_t offset)
>  assert(acpi_data_len(tables.table_data) == build_state->table_size);
>  memcpy(qemu_get_ram_ptr(build_state->table_ram), tables.table_data->data,
> build_state->table_size);
> +memcpy(qemu_get_ram_ptr(build_state->linker_ram), tables.linker->data,
> +   build_state->linker_size);
> +memcpy(qemu_get_ram_ptr(build_state->rsdp_ram), tables.rsdp->data,
> +   build_state->rsdp_size);
>  
>  cpu_physical_memory_set_dirty_range_nocode(build_state->table_ram,
> build_state->table_size);
> @@ -1779,17 +1787,25 @@ void acpi_setup(PcGuestInfo *guest_info)
>  assert(build_state->table_ram != RAM_ADDR_MAX);
>  build_state->table_size = acpi_data_len(tables.table_data);
>  
> -acpi_add_rom_blob(NULL, tables.linker, "etc/table-loader");
> +build_state->linker_ram = acpi_add_rom_blob(build_state, tables.linker,
> +"etc/table-loader");
> +build_state->linker_size = acpi_data_len(tables.linker);
>  
>  fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
>  tables.tcpalog->data, acpi_data_len(tables.tcpalog));
>  
> -/*
> - * RSDP is small so it's easy to keep it immutable, no need to
> - * bother with ROM blobs.
> - */
> -fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
> -tables.rsdp->data, acpi_data_len(tables.rsdp));
> +if (guest_info->has_imutable_rsdp) {
> +/*
> + * RSDP is small so it's easy to keep it immutable, no need to
> + * bother with ROM blobs.
> + */
> +fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
> +tables.rsdp->data, acpi_data_len(tables.rsdp));
> +} else {
> +build_state->rsdp_ram = acpi_add_rom_blob(build_state, tables.rsdp,
> +  ACPI_BUILD_RSDP_FILE);
> +build_state->rsdp_size = acpi_data_len(tables.rsdp);
> +}
>  
>  qemu_register_reset(acpi_build_reset, build_state);
>  acpi_build_reset(build_state);
> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> index 685fa54..61170de 100644
> --- a/hw/i386/pc_piix.c
> +++ b/hw/i386/pc_piix.c
> @@ -60,6 +60,7 @@ static const int ide_iobase2[MAX_IDE_BUS] = { 0x3f6, 0x376 
> };
>  static const int ide_irq[MAX_IDE_BUS] = { 14, 15 };
>  
>  static bool has_acpi_build = true;
> +static bool has_imutable_rsdp;
>  static int legacy_acpi_table_size;
>  static bool smbios_defaults = true;
>  static bool smbios_legacy_mode;
> @@ -168,6 +169,7 @@ static void pc_init1(MachineState *machine,
>  
>  guest_info->isapc_ram_fw = !pci_enabled;
>  guest_info->has_reserved_memory = has_reserved_memory;
> +guest_info->has_imutable_rsdp = has_imutable_rsdp;
>  
>  if (smbios_defaults) {
>  MachineClass *mc = MACHINE_GET_CLASS(machine);
> @@ 

Re: [Qemu-devel] [PATCH 2/2] target-arm: Add checks that cpreg raw accesses are handled

[Peter Maydell]

On 10 December 2014 at 23:18, Greg Bellows  wrote:
>
>
> On 10 December 2014 at 16:50, Peter Maydell 
> wrote:
>>
>> On 10 December 2014 at 22:26, Greg Bellows 
>> wrote:
>> >
>> >
>> > On 9 December 2014 at 13:46, Peter Maydell 
>> > wrote:
>> >> +static bool raw_accessors_valid(const ARMCPRegInfo *ri)
>> >> +{
>> >> +/* Return true if a raw access on this register is OK (ie will not
>> >> + * fall into the assert in raw_read() or raw_write())
>> >> + */
>> >
>> >
>> > I believe this comment is somewhat misleading as there are registers
>> > that
>> > would return true from this function yet still hit the aforementioned
>> > asserts.
>>
>> Really? I think it is misleading (really it will return false if
>> a raw access is definitely not valid, but may return true even if
>> a raw access is still a bad idea), but I don't think there are any
>> cases that would return true and then hit the assert.
>>
>
> If you called the routine on PMCCNTR, for instance, this routine would
> return true and if you then called raw_read or raw_write you would hit the
> assert, correct?  This may be contrived, but I believe there are cases that
> the comment is incorrect.

Ah, I see the confusion. By 'raw access' in the comment I meant "a call
to read_raw_cp_reg/write_raw_cp_reg" -- doing that for PMCCNTR will
end up calling its read and write accessors, so we don't fall into
the raw_read() or raw_write() calls and won't hit the assert.

How about we invert the sense of the function and call it
raw_accessors_invalid(), and make the comment read:

   /* Return true if the regdef would cause an assertion if you called
* read_raw_cp_reg() or write_raw_cp_reg() on it (ie if it is a
* program bug for it not to have the NO_RAW flag).
* NB that returning false here doesn't necessarily mean that calling
* read/write_raw_cp_reg() is safe, because we can't distinguish "has
* read/write access functions which are safe for raw use" from "has
* read/write access functions which have side effects but has forgotten
* to provide raw access functions".
* The tests here line up with the conditions in read/write_raw_cp_reg()
* and assertions in raw_read()/raw_write().
*/

?

-- PMM

Re: [Qemu-devel] [PATCH 1/1] virtio-rng: fix check for period_ms validity

[Amos Kong]

On Thu, Dec 11, 2014 at 01:19:27PM +0530, Amit Shah wrote:
> This was reported for this warning:
> 
> hw/virtio/virtio-rng.c:150:31: warning: logical not is only applied to
> the left hand side of comparison [-Wlogical-not-parentheses]
> 
> Reported-by: dcb
> Suggested-by: dcb
> Bug: https://bugs.launchpad.net/qemu/+bug/1393486
> Signed-off-by: Amit Shah 
> ---
>  hw/virtio/virtio-rng.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/virtio/virtio-rng.c b/hw/virtio/virtio-rng.c
> index 473c044..06e7178 100644
> --- a/hw/virtio/virtio-rng.c
> +++ b/hw/virtio/virtio-rng.c
> @@ -149,7 +149,7 @@ static void virtio_rng_device_realize(DeviceState *dev, 
> Error **errp)
>  VirtIORNG *vrng = VIRTIO_RNG(dev);
>  Error *local_err = NULL;
>  
> -if (!vrng->conf.period_ms > 0) {
> +if (vrng->conf.period_ms <= 0) {

Thanks.

Reviewed-by: Amos Kong 

>  error_setg(errp, "'period' parameter expects a positive integer");
>  return;
>  }
> -- 
> 2.1.0

-- 
Amos.


signature.asc
Description: Digital signature

Re: [Qemu-devel] [PATCH v2 09/10] monitor: add query-vnc2 command

[Daniel P. Berrange]

On Wed, Dec 10, 2014 at 09:52:05AM -0700, Eric Blake wrote:
> On 12/10/2014 02:37 AM, Gerd Hoffmann wrote:
> > Add new query vnc qmp command, for the lack of better ideas just name it
> > "query-vnc2".  Changes over query-vnc:
> > 
> >  * It returns a list of vnc servers, so multiple vnc server instances
> >are covered.
> >  * Each vnc server returns a list of server sockets.  Followup patch
> >will use that to also report websockets.  In case we add support for
> >multiple server sockets server sockets (to better support ipv4+ipv6
> >dualstack) we can add them to the list too.
> > 
> > Signed-off-by: Gerd Hoffmann 
> > ---
> 
> > +# @VncInfo2:
> > +#
> > +# Information about a vnc server
> > +#
> > +# @id: vnc server name.
> > +#
> > +# @server: A list of @VncBasincInfo describing all listening sockets.
> > +#  The list can be empty (in case the vnc server is disabled).
> > +#  It also may have multiple entries: normal + websocket,
> > +#  possibly also ipv4 + ipv6 in the future.
> > +#
> > +# @clients: A list of @VncClientInfo of all currently connected clients.
> > +#   The list can be empty, for obvious reasons.
> 
> Seems okay.
> 
> > +#
> > +# @auth: The current authentication type used by the server
> > +#'none' if no authentication is being used
> > +#'vnc' if VNC authentication is being used
> > +#'vencrypt+plain' if VEncrypt is used with plain text 
> > authentication
> > +#'vencrypt+tls+none' if VEncrypt is used with TLS and no 
> > authentication
> > +#'vencrypt+tls+vnc' if VEncrypt is used with TLS and VNC 
> > authentication
> > +#'vencrypt+tls+plain' if VEncrypt is used with TLS and plain text 
> > auth
> > +#'vencrypt+x509+none' if VEncrypt is used with x509 and no auth
> > +#'vencrypt+x509+vnc' if VEncrypt is used with x509 and VNC auth
> > +#'vencrypt+x509+plain' if VEncrypt is used with x509 and plain 
> > text auth
> > +#'vencrypt+tls+sasl' if VEncrypt is used with TLS and SASL auth
> > +#'vencrypt+x509+sasl' if VEncrypt is used with x509 and SASL auth
> 
> This feels like an open-coded string that should instead be an array of
> enum values.  That is,
> 
> { 'enum': 'VncAuth', 'data', [ 'none', 'vnc', 'vencrypt', 'plain',
> 'tls', 'x509' ] }
> ... 'auth': ['VcnAuth']
> 
> might be friendlier to applications (having to post-parse the '+' is not
> friendly).

That's not a correct interpretation of the auth values - tls and x509 are
not separate auth codes. VNC has one set of primary auth codes really

  none, vnc, vencrypt

If using the vencrypt option there are a number of sub-auth codes

   tls-none, tls-vnc, tls-plain, tls-sasl x509-none, x509-vnc, x509-plain, 
x509-sasl

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH 1/3] target-mips: Add n32/n64 configuration files

[Peter Maydell]

On 10 December 2014 at 23:25, Maciej W. Rozycki  wrote:
> On Wed, 10 Dec 2014, Peter Maydell wrote:
>
>> >  Except that apart from coming to an agreement someone has to make it
>> > happen yet. ;)
>>
>> Ah, but I'm happy with the current state of the codebase...
>
>  Ack.

To clarify, that was a slightly tongue-in-cheek response, but I
do actually feel strongly enough that we shouldn't create new
wrong executables that I'd rather we left the bugs here unaddressed
than try to fix them with a lot of new softmmu executables.

>> Er, I'm not sure what you mean there. Trying a softmmu config for
>> mipsn32 or mipsn32el fails gracefully already:
>>
>> manooth$ (cd build/mips && ../../configure --target-list=mipsn32-softmmu)
>>
>> ERROR: Unknown target name 'mipsn32-softmmu'
>
>  It looks like the issue I had in mind has been fixed in a generic way
> then since I last checked.  Previously a build error happened sometime
> along the process.  Apologies for not double-checking with current trunk.
> I'll send updates.

Yes, we fixed configure to sanity check user target-list arguments
some time last year. Note that the list of valid targets is driven
by looking at what files exist in default-configs/, so you'll want
to delete any stale or local files you have there from previous
versions of this patchset.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 09/10] monitor: add query-vnc2 command

[Daniel P. Berrange]

On Thu, Dec 11, 2014 at 10:07:24AM +0100, Gerd Hoffmann wrote:
>   Hi,
> 
> > > +# @auth: The current authentication type used by the server
> > > +#'none' if no authentication is being used
> > > +#'vnc' if VNC authentication is being used
> > > +#'vencrypt+plain' if VEncrypt is used with plain text 
> > > authentication
> > > +#'vencrypt+tls+none' if VEncrypt is used with TLS and no 
> > > authentication
> > > +#'vencrypt+tls+vnc' if VEncrypt is used with TLS and VNC 
> > > authentication
> > > +#'vencrypt+tls+plain' if VEncrypt is used with TLS and plain 
> > > text auth
> > > +#'vencrypt+x509+none' if VEncrypt is used with x509 and no auth
> > > +#'vencrypt+x509+vnc' if VEncrypt is used with x509 and VNC auth
> > > +#'vencrypt+x509+plain' if VEncrypt is used with x509 and plain 
> > > text auth
> > > +#'vencrypt+tls+sasl' if VEncrypt is used with TLS and SASL auth
> > > +#'vencrypt+x509+sasl' if VEncrypt is used with x509 and SASL auth
> > 
> > This feels like an open-coded string that should instead be an array of
> > enum values.
> 
> This is just copyed over from the old query-vnc command.
> 
> We can try to do that in a cleaner way for query-vnc2.  That implies
> libvirt needs to be able to handle both formats though.

It isn't a big deal if the format changes. Libvirt doesn't use the
auth value for any functional purpose. It just passes the string
auth scheme name to the event callback that fires whenever a user
completes authentication. So if the fields were split, libvirt
would just concatenate them again.


> 
> >   That is,
> > 
> > { 'enum': 'VncAuth', 'data', [ 'none', 'vnc', 'vencrypt', 'plain',
> > 'tls', 'x509' ] }
> 
> > ... 'auth': ['VcnAuth']
> 
> Looked at the source, figured the list grew meanwhile.
> 
> Do we need 'none' here?  When we have a list anyway we can have an empty
> list instead.

Yes, I think "none" should be explicit, because you'll need it in
combination with vencrypt too - eg vencrypt-tls-none where you can
infer it from an empty list.

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH v2] rbd: print a clear error message when write beyond EOF

[jun muzi]

Jun Li
2014-12-11 下午5:13于 "Max Reitz" 写道：
>
> On 2014-12-11 at 10:12, Kevin Wolf wrote:
>>
>> Am 11.12.2014 um 07:25 hat Jun Li geschrieben:
>>>
>>> Currently, as rbd driver do not support dynamic growth when write
beyond EOF,
>>> so just print a clear error message.
>>>
>>> Signed-off-by: Jun Li 
>>> ---
>>> v2:
>>> Just use rbd_aio_write to realize error detection.
>>> ---
>>>   block/rbd.c | 4 
>>>   1 file changed, 4 insertions(+)
>>>
>>> diff --git a/block/rbd.c b/block/rbd.c
>>> index 5b5a64a..710ee3e 100644
>>> --- a/block/rbd.c
>>> +++ b/block/rbd.c
>>> @@ -661,6 +661,10 @@ static BlockAIOCB *rbd_start_aio(BlockDriverState
*bs,
>>>   }
>>> if (r < 0) {
>>> +if (r == -EINVAL && cmd == RBD_AIO_WRITE) {
>>> +fprintf(stderr, "Image formats that grow on demand "
>>> +"are not supported on rbd.\n");
>>> +}
>>>   goto failed_completion;
>>>   }
>>
>> You can't fill up the log with messages like that. In general, if you
>> use fprintf() in a function whose call can be triggered by the guest,
>> you're doing it wrong.
>>
>> What needs to be done is to check at open time whether the configuration
>> works. Max has sent a series to that end a while ago, not sure what its
>> status is. I think it ended up depending on some blockdev work.
>
>
> Yes, the status is that we need to remove "growable" from the BDS first.
>

Hi, which serial do you mean? Could you give a link? Thx.

Jun Li

Re: [Qemu-devel] [PATCH v2] rbd: print a clear error message when write beyond EOF

[Max Reitz]

On 2014-12-11 at 10:54, jun muzi wrote:


Jun Li
2014-12-11 下午5:13于 "Max Reitz" >写道：

>
> On 2014-12-11 at 10:12, Kevin Wolf wrote:
>>
>> Am 11.12.2014 um 07:25 hat Jun Li geschrieben:
>>>
>>> Currently, as rbd driver do not support dynamic growth when write 
beyond EOF,

>>> so just print a clear error message.
>>>
>>> Signed-off-by: Jun Li mailto:junm...@gmail.com>>
>>> ---
>>> v2:
>>> Just use rbd_aio_write to realize error detection.
>>> ---
>>>   block/rbd.c | 4 
>>>   1 file changed, 4 insertions(+)
>>>
>>> diff --git a/block/rbd.c b/block/rbd.c
>>> index 5b5a64a..710ee3e 100644
>>> --- a/block/rbd.c
>>> +++ b/block/rbd.c
>>> @@ -661,6 +661,10 @@ static BlockAIOCB 
*rbd_start_aio(BlockDriverState *bs,

>>>   }
>>> if (r < 0) {
>>> +if (r == -EINVAL && cmd == RBD_AIO_WRITE) {
>>> +fprintf(stderr, "Image formats that grow on demand "
>>> +"are not supported on rbd.\n");
>>> +}
>>>   goto failed_completion;
>>>   }
>>
>> You can't fill up the log with messages like that. In general, if you
>> use fprintf() in a function whose call can be triggered by the guest,
>> you're doing it wrong.
>>
>> What needs to be done is to check at open time whether the 
configuration

>> works. Max has sent a series to that end a while ago, not sure what its
>> status is. I think it ended up depending on some blockdev work.
>
>
> Yes, the status is that we need to remove "growable" from the BDS first.
>

Hi, which serial do you mean? Could you give a link? Thx.



Hi, here it is: 
http://lists.nongnu.org/archive/html/qemu-devel/2014-07/msg02088.html


Max

Re: [Qemu-devel] [PATCH RFC for-2.3 0/6] qga: add three logical memory hotplug related commands

[zhanghailiang]

Ping... ;)

On 2014/12/6 14:59, zhanghailiang wrote:

Hi,

This patch series add three guest commands about memory block:
guest-get-memory-blocks, guest-set-memory-blocks, guest-get-memory-block-size.

With these three commands, we can get information about guest's memory block
online/offline status and memory block size (unit of memory online/offline
operation ). Also, we can change guest's memory block status (Logical memory
hotplug/unplug) from host.

zhanghailiang (6):
   qga: introduce three guest memory block commands with stubs
   qga: introduce three help functions for memory block functions
   qga: implement qmp_guest_get_memory_blocks() for Linux with sysfs
   qga: implement qmp_guest_set_memory_blocks() for Linux with sysfs
   qga: implement qmp_guest_get_memory_block_size() for Linux with sysfs
   qga: add memory block command that unsupported to blacklist

  qga/commands-posix.c | 266 ++-
  qga/commands-win32.c |  21 
  qga/qapi-schema.json |  88 +
  3 files changed, 374 insertions(+), 1 deletion(-)

Re: [Qemu-devel] [PATCH v2] pc: acpi-build: make linker & RSDP tables dynamic

[Michael S. Tsirkin]

On Thu, Dec 11, 2014 at 09:10:53AM +, Igor Mammedov wrote:
> linker and RSDP tables are build only once, so if later

s/build/built/

> during rebuild sizes of other ACPI tables change
> pointers will be patched incorrectly due to wrong
> offsets.
> 
> To fix it rebuild linker and RSDP tables along with
> the rest of ACPI tables so that they would have correct
> offsets.

Actually, I understand the argument about the
linker, but do you really believe RSDP will ever change?

How about we split out RSDP and linker changes?

Also s/imutable/immutable/ in a bunch of places below.

> Here is a simple reproducer:
>  1: hotplug bridge using command:
>  device_add pci-bridge,chassis_nr=1
>  2: reset system from monitor:
>  system_reset
> 
> As result pointers to ACPI tables are not correct
> and guest can't read/parse ACPI tables.
> 
> Windows guests just refuse to boot and
> Linux guests are more resilient and try to boot without
> ACPI, sometimes successfully.
> 
> keep brokenness in 2.1 and older machine types for
> the sake of migration. 2.2.0 can't be helped but we
> can fix it with 2.2.1


Why do you say this?
It can be helped by patch that I sent, skipping
hotplugged bridges, no?


> Signed-off-by: Igor Mammedov 
> ---
> v2:
>   move compat fix to 2.1 machine type,
>suggsted by: "Michael S. Tsirkin" 
> ---
>  hw/i386/acpi-build.c | 30 +++---
>  hw/i386/pc_piix.c|  3 +++
>  hw/i386/pc_q35.c |  3 +++
>  include/hw/i386/pc.h |  1 +
>  4 files changed, 30 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index b37a397..4d2452d 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -1509,6 +1509,10 @@ struct AcpiBuildState {
>  /* Copy of table in RAM (for patching). */
>  ram_addr_t table_ram;
>  uint32_t table_size;
> +ram_addr_t linker_ram;
> +uint32_t linker_size;
> +ram_addr_t rsdp_ram;
> +uint32_t rsdp_size;
>  /* Is table patched? */
>  uint8_t patched;
>  PcGuestInfo *guest_info;
> @@ -1714,6 +1718,10 @@ static void acpi_build_update(void *build_opaque, 
> uint32_t offset)
>  assert(acpi_data_len(tables.table_data) == build_state->table_size);
>  memcpy(qemu_get_ram_ptr(build_state->table_ram), tables.table_data->data,
> build_state->table_size);
> +memcpy(qemu_get_ram_ptr(build_state->linker_ram), tables.linker->data,
> +   build_state->linker_size);
> +memcpy(qemu_get_ram_ptr(build_state->rsdp_ram), tables.rsdp->data,
> +   build_state->rsdp_size);
>  
>  cpu_physical_memory_set_dirty_range_nocode(build_state->table_ram,
> build_state->table_size);
> @@ -1779,17 +1787,25 @@ void acpi_setup(PcGuestInfo *guest_info)
>  assert(build_state->table_ram != RAM_ADDR_MAX);
>  build_state->table_size = acpi_data_len(tables.table_data);
>  
> -acpi_add_rom_blob(NULL, tables.linker, "etc/table-loader");
> +build_state->linker_ram = acpi_add_rom_blob(build_state, tables.linker,
> +"etc/table-loader");
> +build_state->linker_size = acpi_data_len(tables.linker);
>  
>  fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
>  tables.tcpalog->data, acpi_data_len(tables.tcpalog));
>  
> -/*
> - * RSDP is small so it's easy to keep it immutable, no need to
> - * bother with ROM blobs.
> - */
> -fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
> -tables.rsdp->data, acpi_data_len(tables.rsdp));
> +if (guest_info->has_imutable_rsdp) {
> +/*
> + * RSDP is small so it's easy to keep it immutable, no need to
> + * bother with ROM blobs.
> + */
> +fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
> +tables.rsdp->data, acpi_data_len(tables.rsdp));
> +} else {
> +build_state->rsdp_ram = acpi_add_rom_blob(build_state, tables.rsdp,
> +  ACPI_BUILD_RSDP_FILE);
> +build_state->rsdp_size = acpi_data_len(tables.rsdp);
> +}
>  
>  qemu_register_reset(acpi_build_reset, build_state);
>  acpi_build_reset(build_state);
> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> index 685fa54..61170de 100644
> --- a/hw/i386/pc_piix.c
> +++ b/hw/i386/pc_piix.c
> @@ -60,6 +60,7 @@ static const int ide_iobase2[MAX_IDE_BUS] = { 0x3f6, 0x376 
> };
>  static const int ide_irq[MAX_IDE_BUS] = { 14, 15 };
>  
>  static bool has_acpi_build = true;
> +static bool has_imutable_rsdp;

s/imutable/immutable/

>  static int legacy_acpi_table_size;
>  static bool smbios_defaults = true;
>  static bool smbios_legacy_mode;
> @@ -168,6 +169,7 @@ static void pc_init1(MachineState *machine,
>  
>  guest_info->isapc_ram_fw = !pci_enabled;
>  guest_info->has_reserved_memory = has_reserved_memory;
> +guest_info->has_imutabl

[Qemu-devel] [PATCH 10/10] sdl2: move sdl2_2d_refresh to sdl2-2d.c

[Gerd Hoffmann]

Now that common event handling code is split off, we can move
over sdl_refresh to sdl2-2d.c, and rename it to sdl2_2d_refresh.

Signed-off-by: Gerd Hoffmann 
---
 include/ui/sdl2.h |  1 +
 ui/sdl2-2d.c  |  9 +
 ui/sdl2.c | 10 +-
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
index 27b3132..9e9a92d 100644
--- a/include/ui/sdl2.h
+++ b/include/ui/sdl2.h
@@ -23,4 +23,5 @@ void sdl2_2d_update(DisplayChangeListener *dcl,
 int x, int y, int w, int h);
 void sdl2_2d_switch(DisplayChangeListener *dcl,
 DisplaySurface *new_surface);
+void sdl2_2d_refresh(DisplayChangeListener *dcl);
 void sdl2_2d_redraw(struct sdl2_console *scon);
diff --git a/ui/sdl2-2d.c b/ui/sdl2-2d.c
index 40a552c..9c60075 100644
--- a/ui/sdl2-2d.c
+++ b/ui/sdl2-2d.c
@@ -103,6 +103,15 @@ void sdl2_2d_switch(DisplayChangeListener *dcl,
 sdl2_2d_redraw(scon);
 }
 
+void sdl2_2d_refresh(DisplayChangeListener *dcl)
+{
+struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
+
+assert(!scon->opengl);
+graphic_hw_update(dcl->con);
+sdl2_poll_events(scon);
+}
+
 void sdl2_2d_redraw(struct sdl2_console *scon)
 {
 if (!scon->surface) {
diff --git a/ui/sdl2.c b/ui/sdl2.c
index 8d10e0e..a1def81 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -594,14 +594,6 @@ void sdl2_poll_events(struct sdl2_console *scon)
 }
 }
 
-static void sdl_refresh(DisplayChangeListener *dcl)
-{
-struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
-
-graphic_hw_update(dcl->con);
-sdl2_poll_events(scon);
-}
-
 static void sdl_mouse_warp(DisplayChangeListener *dcl,
int x, int y, int on)
 {
@@ -667,7 +659,7 @@ static const DisplayChangeListenerOps dcl_2d_ops = {
 .dpy_name  = "sdl2-2d",
 .dpy_gfx_update= sdl2_2d_update,
 .dpy_gfx_switch= sdl2_2d_switch,
-.dpy_refresh   = sdl_refresh,
+.dpy_refresh   = sdl2_2d_refresh,
 .dpy_mouse_set = sdl_mouse_warp,
 .dpy_cursor_define = sdl_mouse_define,
 };
-- 
1.8.3.1

[Qemu-devel] [PATCH 06/10] sdl2: overhaul window size handling

[Gerd Hoffmann]

Split do_sdl_resize function (which does alot more than just resizing)
into three: sdl2_window_{create,destroy,resize}.

Fix SDL_Renderer handling: must be guest display size not host window
size, and SDL2 will magically handle all scaling for us.

Make fullscreen actually enter fullscreen mode and simplify the code.
There is no need to store the original window size, the window manager
will do that for us.

Signed-off-by: Gerd Hoffmann 
---
 ui/sdl2.c | 172 +-
 1 file changed, 79 insertions(+), 93 deletions(-)

diff --git a/ui/sdl2.c b/ui/sdl2.c
index 47a757a..70f79a5 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -41,9 +41,6 @@ static struct sdl2_console *sdl2_console;
 static SDL_Surface *guest_sprite_surface;
 static int gui_grab; /* if true, all keyboard/mouse events are grabbed */
 
-static bool gui_saved_scaling;
-static int gui_saved_width;
-static int gui_saved_height;
 static int gui_saved_grab;
 static int gui_fullscreen;
 static int gui_noframe;
@@ -56,7 +53,6 @@ static int absolute_enabled;
 static int guest_cursor;
 static int guest_x, guest_y;
 static SDL_Cursor *guest_sprite;
-static int scaling_active;
 static Notifier mouse_mode_notifier;
 
 static void sdl_update_caption(struct sdl2_console *scon);
@@ -72,86 +68,96 @@ static struct sdl2_console *get_scon_from_window(uint32_t 
window_id)
 return NULL;
 }
 
-static void do_sdl_resize(struct sdl2_console *scon, int width, int height,
-  int bpp)
+static void sdl2_window_create(struct sdl2_console *scon)
 {
-int flags;
+int flags = 0;
 
-if (scon->real_window && scon->real_renderer) {
-if (width && height) {
-SDL_RenderSetLogicalSize(scon->real_renderer, width, height);
-SDL_SetWindowSize(scon->real_window, width, height);
-} else {
-SDL_DestroyRenderer(scon->real_renderer);
-SDL_DestroyWindow(scon->real_window);
-scon->real_renderer = NULL;
-scon->real_window = NULL;
-}
+if (!scon->surface) {
+return;
+}
+assert(!scon->real_window);
+
+if (gui_fullscreen) {
+flags |= SDL_WINDOW_FULLSCREEN;
 } else {
-if (!width || !height) {
-return;
-}
-flags = 0;
-if (gui_fullscreen) {
-flags |= SDL_WINDOW_FULLSCREEN;
-} else {
-flags |= SDL_WINDOW_RESIZABLE;
-}
-if (scon->hidden) {
-flags |= SDL_WINDOW_HIDDEN;
-}
+flags |= SDL_WINDOW_RESIZABLE;
+}
+if (scon->hidden) {
+flags |= SDL_WINDOW_HIDDEN;
+}
 
-scon->real_window = SDL_CreateWindow("", SDL_WINDOWPOS_UNDEFINED,
- SDL_WINDOWPOS_UNDEFINED,
- width, height, flags);
-scon->real_renderer = SDL_CreateRenderer(scon->real_window, -1, 0);
-sdl_update_caption(scon);
+scon->real_window = SDL_CreateWindow("", SDL_WINDOWPOS_UNDEFINED,
+ SDL_WINDOWPOS_UNDEFINED,
+ surface_width(scon->surface),
+ surface_height(scon->surface),
+ flags);
+scon->real_renderer = SDL_CreateRenderer(scon->real_window, -1, 0);
+sdl_update_caption(scon);
+}
+
+static void sdl2_window_destroy(struct sdl2_console *scon)
+{
+if (!scon->real_window) {
+return;
 }
+
+SDL_DestroyRenderer(scon->real_renderer);
+scon->real_renderer = NULL;
+SDL_DestroyWindow(scon->real_window);
+scon->real_window = NULL;
+}
+
+static void sdl2_window_resize(struct sdl2_console *scon)
+{
+if (!scon->real_window) {
+return;
+}
+
+SDL_SetWindowSize(scon->real_window,
+  surface_width(scon->surface),
+  surface_height(scon->surface));
 }
 
 static void sdl_switch(DisplayChangeListener *dcl,
DisplaySurface *new_surface)
 {
 struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
-int format = 0;
-int idx = scon->idx;
 DisplaySurface *old_surface = scon->surface;
+int format = 0;
 
-/* temporary hack: allows to call sdl_switch to handle scaling changes */
-if (new_surface) {
-scon->surface = new_surface;
-}
+scon->surface = new_surface;
 
-if (!new_surface && idx > 0) {
-scon->surface = NULL;
+if (scon->texture) {
+SDL_DestroyTexture(scon->texture);
+scon->texture = NULL;
 }
 
-if (new_surface == NULL) {
-do_sdl_resize(scon, 0, 0, 0);
-} else {
-do_sdl_resize(scon, surface_width(scon->surface),
-  surface_height(scon->surface), 0);
+if (!new_surface) {
+sdl2_window_destroy(scon);
+return;
 }
 
-if (old_surface && scon->texture) {
-SDL_Destro

[Qemu-devel] [PATCH 00/10] sdl2: fixes, cleanups and opengl preparation.

[Gerd Hoffmann]

  Hi,

This patch series is a brings a bunch of fixes and inprovements
to the sdl2 ui code.  Proper window scaling and working keyboard
grabs are the most noteworthy ones.  It also reorganizes the code
in preparation for adding opengl support to sdl2.

please review,
  Gerd

Gerd Hoffmann (10):
  sdl: move version logic from source code to makefile
  sdl2: rename sdl2_state to sdl2_console, move to header file
  sdl2: move keyboard input code to new sdl2-input.c
  sdl2: turn on keyboard grabs
  sdl2: move sdl_update to new sdl2-2d.c
  sdl2: overhaul window size handling
  sdl2: move sdl_switch to sdl2-2d.c
  sdl2: add+use sdl2_2d_redraw function.
  sdl2: factor out sdl2_poll_events
  sdl2: move sdl2_2d_refresh to sdl2-2d.c

 include/ui/sdl2.h |  27 +
 ui/Makefile.objs  |   7 +-
 ui/sdl.c  |   3 -
 ui/sdl2-2d.c  | 123 
 ui/sdl2-input.c   | 106 +
 ui/sdl2.c | 333 +-
 6 files changed, 343 insertions(+), 256 deletions(-)
 create mode 100644 include/ui/sdl2.h
 create mode 100644 ui/sdl2-2d.c
 create mode 100644 ui/sdl2-input.c

-- 
1.8.3.1

[Qemu-devel] [PATCH 02/10] sdl2: rename sdl2_state to sdl2_console, move to header file

[Gerd Hoffmann]

Create sdl2.h header file, in preparation for sdl2 code splitup.
Populate it with sdl2_console struct (renamed from sdl2_state).

Signed-off-by: Gerd Hoffmann 
---
 include/ui/sdl2.h | 11 ++
 ui/sdl2.c | 63 ---
 2 files changed, 38 insertions(+), 36 deletions(-)
 create mode 100644 include/ui/sdl2.h

diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
new file mode 100644
index 000..7f91a75
--- /dev/null
+++ b/include/ui/sdl2.h
@@ -0,0 +1,11 @@
+struct sdl2_console {
+DisplayChangeListener dcl;
+DisplaySurface *surface;
+SDL_Texture *texture;
+SDL_Window *real_window;
+SDL_Renderer *real_renderer;
+int idx;
+int last_vm_running; /* per console for caption reasons */
+int x, y;
+int hidden;
+};
diff --git a/ui/sdl2.c b/ui/sdl2.c
index 45f23b1..375e1a3 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -32,22 +32,13 @@
 #include "qemu-common.h"
 #include "ui/console.h"
 #include "ui/input.h"
+#include "ui/sdl2.h"
 #include "sysemu/sysemu.h"
 
 #include "sdl2-keymap.h"
 
 static int sdl2_num_outputs;
-static struct sdl2_state {
-DisplayChangeListener dcl;
-DisplaySurface *surface;
-SDL_Texture *texture;
-SDL_Window *real_window;
-SDL_Renderer *real_renderer;
-int idx;
-int last_vm_running; /* per console for caption reasons */
-int x, y;
-int hidden;
-} *sdl2_console;
+static struct sdl2_console *sdl2_console;
 
 static SDL_Surface *guest_sprite_surface;
 static int gui_grab; /* if true, all keyboard/mouse events are grabbed */
@@ -71,9 +62,9 @@ static SDL_Cursor *guest_sprite;
 static int scaling_active;
 static Notifier mouse_mode_notifier;
 
-static void sdl_update_caption(struct sdl2_state *scon);
+static void sdl_update_caption(struct sdl2_console *scon);
 
-static struct sdl2_state *get_scon_from_window(uint32_t window_id)
+static struct sdl2_console *get_scon_from_window(uint32_t window_id)
 {
 int i;
 for (i = 0; i < sdl2_num_outputs; i++) {
@@ -87,7 +78,7 @@ static struct sdl2_state *get_scon_from_window(uint32_t 
window_id)
 static void sdl_update(DisplayChangeListener *dcl,
int x, int y, int w, int h)
 {
-struct sdl2_state *scon = container_of(dcl, struct sdl2_state, dcl);
+struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
 SDL_Rect rect;
 DisplaySurface *surf = qemu_console_surface(dcl->con);
 
@@ -109,7 +100,7 @@ static void sdl_update(DisplayChangeListener *dcl,
 SDL_RenderPresent(scon->real_renderer);
 }
 
-static void do_sdl_resize(struct sdl2_state *scon, int width, int height,
+static void do_sdl_resize(struct sdl2_console *scon, int width, int height,
   int bpp)
 {
 int flags;
@@ -149,7 +140,7 @@ static void do_sdl_resize(struct sdl2_state *scon, int 
width, int height,
 static void sdl_switch(DisplayChangeListener *dcl,
DisplaySurface *new_surface)
 {
-struct sdl2_state *scon = container_of(dcl, struct sdl2_state, dcl);
+struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
 int format = 0;
 int idx = scon->idx;
 DisplaySurface *old_surface = scon->surface;
@@ -191,7 +182,7 @@ static void sdl_switch(DisplayChangeListener *dcl,
 }
 }
 
-static void reset_keys(struct sdl2_state *scon)
+static void reset_keys(struct sdl2_console *scon)
 {
 QemuConsole *con = scon ? scon->dcl.con : NULL;
 int i;
@@ -205,7 +196,7 @@ static void reset_keys(struct sdl2_state *scon)
 }
 }
 
-static void sdl_process_key(struct sdl2_state *scon,
+static void sdl_process_key(struct sdl2_console *scon,
 SDL_KeyboardEvent *ev)
 {
 int qcode = sdl2_scancode_to_qcode[ev->keysym.scancode];
@@ -257,7 +248,7 @@ static void sdl_process_key(struct sdl2_state *scon,
 }
 }
 
-static void sdl_update_caption(struct sdl2_state *scon)
+static void sdl_update_caption(struct sdl2_console *scon)
 {
 char win_title[1024];
 char icon_title[1024];
@@ -321,7 +312,7 @@ static void sdl_show_cursor(void)
 }
 }
 
-static void sdl_grab_start(struct sdl2_state *scon)
+static void sdl_grab_start(struct sdl2_console *scon)
 {
 QemuConsole *con = scon ? scon->dcl.con : NULL;
 
@@ -349,7 +340,7 @@ static void sdl_grab_start(struct sdl2_state *scon)
 sdl_update_caption(scon);
 }
 
-static void sdl_grab_end(struct sdl2_state *scon)
+static void sdl_grab_end(struct sdl2_console *scon)
 {
 SDL_SetWindowGrab(scon->real_window, SDL_FALSE);
 gui_grab = 0;
@@ -357,7 +348,7 @@ static void sdl_grab_end(struct sdl2_state *scon)
 sdl_update_caption(scon);
 }
 
-static void absolute_mouse_grab(struct sdl2_state *scon)
+static void absolute_mouse_grab(struct sdl2_console *scon)
 {
 int mouse_x, mouse_y;
 int scr_w, scr_h;
@@ -384,7 +375,7 @@ static void sdl_mouse_mode_change(Notifier *notify, void 
*data)
 }
 }
 
-static void sdl_send_mouse_event(struct sdl2_state *scon, i

[Qemu-devel] [PATCH 04/10] sdl2: turn on keyboard grabs

[Gerd Hoffmann]

Makes quite some keys actually go to the guest instead of
being captured by the host window manager.

Signed-off-by: Gerd Hoffmann 
---
 ui/sdl2.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ui/sdl2.c b/ui/sdl2.c
index b8d592f..9b66017 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -189,11 +189,11 @@ static void sdl_update_caption(struct sdl2_console *scon)
 status = " [Stopped]";
 } else if (gui_grab) {
 if (alt_grab) {
-status = " - Press Ctrl-Alt-Shift to exit mouse grab";
+status = " - Press Ctrl-Alt-Shift to exit grab";
 } else if (ctrl_grab) {
-status = " - Press Right-Ctrl to exit mouse grab";
+status = " - Press Right-Ctrl to exit grab";
 } else {
-status = " - Press Ctrl-Alt to exit mouse grab";
+status = " - Press Ctrl-Alt to exit grab";
 }
 }
 
@@ -785,6 +785,7 @@ void sdl_display_init(DisplayState *ds, int full_screen, 
int no_frame)
 SDL_GetError());
 exit(1);
 }
+SDL_SetHint(SDL_HINT_GRAB_KEYBOARD, "1");
 
 for (i = 0;; i++) {
 QemuConsole *con = qemu_console_lookup_by_index(i);
-- 
1.8.3.1

[Qemu-devel] [PATCH 05/10] sdl2: move sdl_update to new sdl2-2d.c

[Gerd Hoffmann]

Create new sdl2-2d file for 2d display rendering.
Move over sdl_update code, and rename to sdl2_2d_update.

Signed-off-by: Gerd Hoffmann 
---
 include/ui/sdl2.h |  3 +++
 ui/Makefile.objs  |  2 +-
 ui/sdl2-2d.c  | 61 +++
 ui/sdl2.c | 35 +--
 4 files changed, 70 insertions(+), 31 deletions(-)
 create mode 100644 ui/sdl2-2d.c

diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
index e1c304a..0573e2a 100644
--- a/include/ui/sdl2.h
+++ b/include/ui/sdl2.h
@@ -13,3 +13,6 @@ struct sdl2_console {
 void sdl2_reset_keys(struct sdl2_console *scon);
 void sdl2_process_key(struct sdl2_console *scon,
   SDL_KeyboardEvent *ev);
+
+void sdl2_2d_update(DisplayChangeListener *dcl,
+int x, int y, int w, int h);
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index 011c5bb..13b5cfb 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -20,7 +20,7 @@ ifeq ($(CONFIG_SDLABI),1.2)
 sdl.mo-objs := sdl.o sdl_zoom.o
 endif
 ifeq ($(CONFIG_SDLABI),2.0)
-sdl.mo-objs := sdl2.o sdl2-input.o
+sdl.mo-objs := sdl2.o sdl2-input.o sdl2-2d.o
 endif
 sdl.mo-cflags := $(SDL_CFLAGS)
 
diff --git a/ui/sdl2-2d.c b/ui/sdl2-2d.c
new file mode 100644
index 000..7b0039b
--- /dev/null
+++ b/ui/sdl2-2d.c
@@ -0,0 +1,61 @@
+/*
+ * QEMU SDL display driver
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+/* Ported SDL 1.2 code to 2.0 by Dave Airlie. */
+
+/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
+#undef WIN32_LEAN_AND_MEAN
+
+#include 
+#include 
+
+#include "qemu-common.h"
+#include "ui/console.h"
+#include "ui/input.h"
+#include "ui/sdl2.h"
+#include "sysemu/sysemu.h"
+
+void sdl2_2d_update(DisplayChangeListener *dcl,
+int x, int y, int w, int h)
+{
+struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
+DisplaySurface *surf = qemu_console_surface(dcl->con);
+SDL_Rect rect;
+
+if (!surf) {
+return;
+}
+if (!scon->texture) {
+return;
+}
+
+rect.x = x;
+rect.y = y;
+rect.w = w;
+rect.h = h;
+
+SDL_UpdateTexture(scon->texture, NULL, surface_data(surf),
+  surface_stride(surf));
+SDL_RenderCopy(scon->real_renderer, scon->texture, &rect, &rect);
+SDL_RenderPresent(scon->real_renderer);
+}
diff --git a/ui/sdl2.c b/ui/sdl2.c
index 9b66017..47a757a 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -72,31 +72,6 @@ static struct sdl2_console *get_scon_from_window(uint32_t 
window_id)
 return NULL;
 }
 
-static void sdl_update(DisplayChangeListener *dcl,
-   int x, int y, int w, int h)
-{
-struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
-SDL_Rect rect;
-DisplaySurface *surf = qemu_console_surface(dcl->con);
-
-if (!surf) {
-return;
-}
-if (!scon->texture) {
-return;
-}
-
-rect.x = x;
-rect.y = y;
-rect.w = w;
-rect.h = h;
-
-SDL_UpdateTexture(scon->texture, NULL, surface_data(surf),
-  surface_stride(surf));
-SDL_RenderCopy(scon->real_renderer, scon->texture, &rect, &rect);
-SDL_RenderPresent(scon->real_renderer);
-}
-
 static void do_sdl_resize(struct sdl2_console *scon, int width, int height,
   int bpp)
 {
@@ -609,7 +584,7 @@ static void handle_windowevent(DisplayChangeListener *dcl, 
SDL_Event *ev)
 break;
 case SDL_WINDOWEVENT_EXPOSED:
 SDL_GetWindowSize(SDL_GetWindowFromID(ev->window.windowID), &w, &h);
-sdl_update(dcl, 0, 0, w, h);
+sdl2_2d_update(dcl, 0, 0, w, h);
 break;
 case SDL_WINDOWEVENT_FOCUS_GAINED:
 case SDL_WINDOWEVENT_ENTER:
@@ -746,9 +721,9 @@ static void sdl_cleanup(void)
 SDL_QuitSubSystem(SDL_INIT_VIDEO);
 }
 
-static const DisplayChangeListenerOps dcl_ops = {
-  

[Qemu-devel] [PATCH 09/10] sdl2: factor out sdl2_poll_events

[Gerd Hoffmann]

Create a new function to poll and handle sdl2 events,
which is then just called from the refresh timer.

Signed-off-by: Gerd Hoffmann 
---
 include/ui/sdl2.h |  1 +
 ui/sdl2.c | 23 +--
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
index 048340f..27b3132 100644
--- a/include/ui/sdl2.h
+++ b/include/ui/sdl2.h
@@ -13,6 +13,7 @@ struct sdl2_console {
 void sdl2_window_create(struct sdl2_console *scon);
 void sdl2_window_destroy(struct sdl2_console *scon);
 void sdl2_window_resize(struct sdl2_console *scon);
+void sdl2_poll_events(struct sdl2_console *scon);
 
 void sdl2_reset_keys(struct sdl2_console *scon);
 void sdl2_process_key(struct sdl2_console *scon,
diff --git a/ui/sdl2.c b/ui/sdl2.c
index 1798902..8d10e0e 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -507,10 +507,8 @@ static void handle_mousewheel(SDL_Event *ev)
 qemu_input_event_sync();
 }
 
-static void handle_windowevent(DisplayChangeListener *dcl, SDL_Event *ev)
+static void handle_windowevent(struct sdl2_console *scon, SDL_Event *ev)
 {
-struct sdl2_console *scon = get_scon_from_window(ev->key.windowID);
-
 switch (ev->window.event) {
 case SDL_WINDOWEVENT_RESIZED:
 {
@@ -537,10 +535,10 @@ static void handle_windowevent(DisplayChangeListener 
*dcl, SDL_Event *ev)
 }
 break;
 case SDL_WINDOWEVENT_RESTORED:
-update_displaychangelistener(dcl, GUI_REFRESH_INTERVAL_DEFAULT);
+update_displaychangelistener(&scon->dcl, GUI_REFRESH_INTERVAL_DEFAULT);
 break;
 case SDL_WINDOWEVENT_MINIMIZED:
-update_displaychangelistener(dcl, 500);
+update_displaychangelistener(&scon->dcl, 500);
 break;
 case SDL_WINDOWEVENT_CLOSE:
 if (!no_quit) {
@@ -551,9 +549,8 @@ static void handle_windowevent(DisplayChangeListener *dcl, 
SDL_Event *ev)
 }
 }
 
-static void sdl_refresh(DisplayChangeListener *dcl)
+void sdl2_poll_events(struct sdl2_console *scon)
 {
-struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
 SDL_Event ev1, *ev = &ev1;
 
 if (scon->last_vm_running != runstate_is_running()) {
@@ -561,8 +558,6 @@ static void sdl_refresh(DisplayChangeListener *dcl)
 sdl_update_caption(scon);
 }
 
-graphic_hw_update(dcl->con);
-
 while (SDL_PollEvent(ev)) {
 switch (ev->type) {
 case SDL_KEYDOWN:
@@ -591,7 +586,7 @@ static void sdl_refresh(DisplayChangeListener *dcl)
 handle_mousewheel(ev);
 break;
 case SDL_WINDOWEVENT:
-handle_windowevent(dcl, ev);
+handle_windowevent(scon, ev);
 break;
 default:
 break;
@@ -599,6 +594,14 @@ static void sdl_refresh(DisplayChangeListener *dcl)
 }
 }
 
+static void sdl_refresh(DisplayChangeListener *dcl)
+{
+struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
+
+graphic_hw_update(dcl->con);
+sdl2_poll_events(scon);
+}
+
 static void sdl_mouse_warp(DisplayChangeListener *dcl,
int x, int y, int on)
 {
-- 
1.8.3.1

[Qemu-devel] [PATCH 08/10] sdl2: add+use sdl2_2d_redraw function.

[Gerd Hoffmann]

Add a new sdl2_2d_redraw function for a complete screen refresh,
so we can stop using graphic_hw_invalidate for that.  There is
no need to bother console / gfx emulation code if we are just
going to re-blit the screen after window resizes.

Signed-off-by: Gerd Hoffmann 
---
 include/ui/sdl2.h |  1 +
 ui/sdl2-2d.c  | 11 +++
 ui/sdl2.c | 17 ++---
 3 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
index 2c48c4f..048340f 100644
--- a/include/ui/sdl2.h
+++ b/include/ui/sdl2.h
@@ -22,3 +22,4 @@ void sdl2_2d_update(DisplayChangeListener *dcl,
 int x, int y, int w, int h);
 void sdl2_2d_switch(DisplayChangeListener *dcl,
 DisplaySurface *new_surface);
+void sdl2_2d_redraw(struct sdl2_console *scon);
diff --git a/ui/sdl2-2d.c b/ui/sdl2-2d.c
index 29ada53..40a552c 100644
--- a/ui/sdl2-2d.c
+++ b/ui/sdl2-2d.c
@@ -100,4 +100,15 @@ void sdl2_2d_switch(DisplayChangeListener *dcl,
   SDL_TEXTUREACCESS_STREAMING,
   surface_width(new_surface),
   surface_height(new_surface));
+sdl2_2d_redraw(scon);
+}
+
+void sdl2_2d_redraw(struct sdl2_console *scon)
+{
+if (!scon->surface) {
+return;
+}
+sdl2_2d_update(&scon->dcl, 0, 0,
+   surface_width(scon->surface),
+   surface_height(scon->surface));
 }
diff --git a/ui/sdl2.c b/ui/sdl2.c
index 28b1e22..1798902 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -316,8 +316,7 @@ static void toggle_full_screen(struct sdl2_console *scon)
 }
 SDL_SetWindowFullscreen(scon->real_window, 0);
 }
-graphic_hw_invalidate(scon->dcl.con);
-graphic_hw_update(scon->dcl.con);
+sdl2_2d_redraw(scon);
 }
 
 static void handle_keydown(SDL_Event *ev)
@@ -365,8 +364,8 @@ static void handle_keydown(SDL_Event *ev)
 case SDL_SCANCODE_U:
 sdl2_window_destroy(scon);
 sdl2_window_create(scon);
-graphic_hw_invalidate(scon->dcl.con);
-graphic_hw_update(scon->dcl.con);
+/* re-create texture */
+sdl2_2d_switch(&scon->dcl, scon->surface);
 gui_keysym = 1;
 break;
 #if 0
@@ -385,8 +384,7 @@ static void handle_keydown(SDL_Event *ev)
 fprintf(stderr, "%s: scale to %dx%d\n",
 __func__, width, height);
 sdl_scale(scon, width, height);
-graphic_hw_invalidate(NULL);
-graphic_hw_update(NULL);
+sdl2_2d_redraw(scon);
 gui_keysym = 1;
 }
 #endif
@@ -511,7 +509,6 @@ static void handle_mousewheel(SDL_Event *ev)
 
 static void handle_windowevent(DisplayChangeListener *dcl, SDL_Event *ev)
 {
-int w, h;
 struct sdl2_console *scon = get_scon_from_window(ev->key.windowID);
 
 switch (ev->window.event) {
@@ -523,12 +520,10 @@ static void handle_windowevent(DisplayChangeListener 
*dcl, SDL_Event *ev)
 info.height = ev->window.data2;
 dpy_set_ui_info(scon->dcl.con, &info);
 }
-graphic_hw_invalidate(scon->dcl.con);
-graphic_hw_update(scon->dcl.con);
+sdl2_2d_redraw(scon);
 break;
 case SDL_WINDOWEVENT_EXPOSED:
-SDL_GetWindowSize(SDL_GetWindowFromID(ev->window.windowID), &w, &h);
-sdl2_2d_update(dcl, 0, 0, w, h);
+sdl2_2d_redraw(scon);
 break;
 case SDL_WINDOWEVENT_FOCUS_GAINED:
 case SDL_WINDOWEVENT_ENTER:
-- 
1.8.3.1

[Qemu-devel] [PATCH 07/10] sdl2: move sdl_switch to sdl2-2d.c

[Gerd Hoffmann]

Move sdl_switch to sdl2-2d.c file, rename to sdl2_2d_switch.

Signed-off-by: Gerd Hoffmann 
---
 include/ui/sdl2.h |  6 ++
 ui/sdl2-2d.c  | 42 ++
 ui/sdl2.c | 50 --
 3 files changed, 52 insertions(+), 46 deletions(-)

diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
index 0573e2a..2c48c4f 100644
--- a/include/ui/sdl2.h
+++ b/include/ui/sdl2.h
@@ -10,9 +10,15 @@ struct sdl2_console {
 int hidden;
 };
 
+void sdl2_window_create(struct sdl2_console *scon);
+void sdl2_window_destroy(struct sdl2_console *scon);
+void sdl2_window_resize(struct sdl2_console *scon);
+
 void sdl2_reset_keys(struct sdl2_console *scon);
 void sdl2_process_key(struct sdl2_console *scon,
   SDL_KeyboardEvent *ev);
 
 void sdl2_2d_update(DisplayChangeListener *dcl,
 int x, int y, int w, int h);
+void sdl2_2d_switch(DisplayChangeListener *dcl,
+DisplaySurface *new_surface);
diff --git a/ui/sdl2-2d.c b/ui/sdl2-2d.c
index 7b0039b..29ada53 100644
--- a/ui/sdl2-2d.c
+++ b/ui/sdl2-2d.c
@@ -59,3 +59,45 @@ void sdl2_2d_update(DisplayChangeListener *dcl,
 SDL_RenderCopy(scon->real_renderer, scon->texture, &rect, &rect);
 SDL_RenderPresent(scon->real_renderer);
 }
+
+void sdl2_2d_switch(DisplayChangeListener *dcl,
+DisplaySurface *new_surface)
+{
+struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
+DisplaySurface *old_surface = scon->surface;
+int format = 0;
+
+scon->surface = new_surface;
+
+if (scon->texture) {
+SDL_DestroyTexture(scon->texture);
+scon->texture = NULL;
+}
+
+if (!new_surface) {
+sdl2_window_destroy(scon);
+return;
+}
+
+if (!scon->real_window) {
+sdl2_window_create(scon);
+} else if (old_surface &&
+   ((surface_width(old_surface)  != surface_width(new_surface)) ||
+(surface_height(old_surface) != surface_height(new_surface 
{
+sdl2_window_resize(scon);
+}
+
+SDL_RenderSetLogicalSize(scon->real_renderer,
+ surface_width(new_surface),
+ surface_height(new_surface));
+
+if (surface_bits_per_pixel(scon->surface) == 16) {
+format = SDL_PIXELFORMAT_RGB565;
+} else if (surface_bits_per_pixel(scon->surface) == 32) {
+format = SDL_PIXELFORMAT_ARGB;
+}
+scon->texture = SDL_CreateTexture(scon->real_renderer, format,
+  SDL_TEXTUREACCESS_STREAMING,
+  surface_width(new_surface),
+  surface_height(new_surface));
+}
diff --git a/ui/sdl2.c b/ui/sdl2.c
index 70f79a5..28b1e22 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -68,7 +68,7 @@ static struct sdl2_console *get_scon_from_window(uint32_t 
window_id)
 return NULL;
 }
 
-static void sdl2_window_create(struct sdl2_console *scon)
+void sdl2_window_create(struct sdl2_console *scon)
 {
 int flags = 0;
 
@@ -95,7 +95,7 @@ static void sdl2_window_create(struct sdl2_console *scon)
 sdl_update_caption(scon);
 }
 
-static void sdl2_window_destroy(struct sdl2_console *scon)
+void sdl2_window_destroy(struct sdl2_console *scon)
 {
 if (!scon->real_window) {
 return;
@@ -107,7 +107,7 @@ static void sdl2_window_destroy(struct sdl2_console *scon)
 scon->real_window = NULL;
 }
 
-static void sdl2_window_resize(struct sdl2_console *scon)
+void sdl2_window_resize(struct sdl2_console *scon)
 {
 if (!scon->real_window) {
 return;
@@ -118,48 +118,6 @@ static void sdl2_window_resize(struct sdl2_console *scon)
   surface_height(scon->surface));
 }
 
-static void sdl_switch(DisplayChangeListener *dcl,
-   DisplaySurface *new_surface)
-{
-struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
-DisplaySurface *old_surface = scon->surface;
-int format = 0;
-
-scon->surface = new_surface;
-
-if (scon->texture) {
-SDL_DestroyTexture(scon->texture);
-scon->texture = NULL;
-}
-
-if (!new_surface) {
-sdl2_window_destroy(scon);
-return;
-}
-
-if (!scon->real_window) {
-sdl2_window_create(scon);
-} else if (old_surface &&
-   ((surface_width(old_surface)  != surface_width(new_surface)) ||
-(surface_height(old_surface) != surface_height(new_surface 
{
-sdl2_window_resize(scon);
-}
-
-SDL_RenderSetLogicalSize(scon->real_renderer,
- surface_width(new_surface),
- surface_height(new_surface));
-
-if (surface_bits_per_pixel(scon->surface) == 16) {
-format = SDL_PIXELFORMAT_RGB565;
-} else if (surface_bits_per_pixel(scon->surface) == 32) {
-format = SDL_PIXELFORMAT_ARGB;
-}
-scon->tex

[Qemu-devel] [PATCH 01/10] sdl: move version logic from source code to makefile

[Gerd Hoffmann]

Compile sdl.c / sdl2.c depending on CONFIG_SDLABI instead of
compiling both and have version #ifdefs in the source code.

Signed-off-by: Gerd Hoffmann 
---
 ui/Makefile.objs | 7 ++-
 ui/sdl.c | 3 ---
 ui/sdl2.c| 3 ---
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index 801cba2..b25e85f 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -16,7 +16,12 @@ common-obj-$(CONFIG_CURSES) += curses.o
 common-obj-$(CONFIG_VNC) += $(vnc-obj-y)
 common-obj-$(CONFIG_GTK) += gtk.o x_keymap.o
 
-sdl.mo-objs := sdl.o sdl_zoom.o sdl2.o
+ifeq ($(CONFIG_SDLABI),1.2)
+sdl.mo-objs := sdl.o sdl_zoom.o
+endif
+ifeq ($(CONFIG_SDLABI),2.0)
+sdl.mo-objs := sdl2.o
+endif
 sdl.mo-cflags := $(SDL_CFLAGS)
 
 gtk.o-cflags := $(GTK_CFLAGS) $(VTE_CFLAGS)
diff --git a/ui/sdl.c b/ui/sdl.c
index 94c1d9d..3e9d810 100644
--- a/ui/sdl.c
+++ b/ui/sdl.c
@@ -26,8 +26,6 @@
 #undef WIN32_LEAN_AND_MEAN
 
 #include 
-
-#if SDL_MAJOR_VERSION == 1
 #include 
 
 #include "qemu-common.h"
@@ -958,4 +956,3 @@ void sdl_display_init(DisplayState *ds, int full_screen, 
int no_frame)
 
 atexit(sdl_cleanup);
 }
-#endif
diff --git a/ui/sdl2.c b/ui/sdl2.c
index 1ad74ba..45f23b1 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -27,8 +27,6 @@
 #undef WIN32_LEAN_AND_MEAN
 
 #include 
-
-#if SDL_MAJOR_VERSION == 2
 #include 
 
 #include "qemu-common.h"
@@ -912,4 +910,3 @@ void sdl_display_init(DisplayState *ds, int full_screen, 
int no_frame)
 
 atexit(sdl_cleanup);
 }
-#endif
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v4 05/26] qcow2: Use unsigned addend for update_refcount()

[Stefan Hajnoczi]

On Wed, Dec 03, 2014 at 02:37:25PM +0100, Max Reitz wrote:
> @@ -530,8 +530,16 @@ found:
>  }
>  
>  /* XXX: cache several refcount block clusters ? */
> +/* In order to decrease refcounts, set @addend to the two's complement 
> (giving a
> + * negative value and letting the implicit cast handle it is enough) and set
> + * @decrease to true. @decrease must be false if the refcount should be
> + * increased. */

The first time I read this patch I missed this quirk and thought that a
lot of places seemed to be doing the wrong thing with addend.

This is likely to cause confusion, why not make uint16_t addend truly
unsigned and leave the sign to bool decrease, as suggested by the
function prototype?


pgpbBldSbwQE6.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 05/26] qcow2: Use unsigned addend for update_refcount()

[Max Reitz]

On 2014-12-11 at 11:58, Stefan Hajnoczi wrote:

On Wed, Dec 03, 2014 at 02:37:25PM +0100, Max Reitz wrote:

@@ -530,8 +530,16 @@ found:
  }
  
  /* XXX: cache several refcount block clusters ? */

+/* In order to decrease refcounts, set @addend to the two's complement (giving 
a
+ * negative value and letting the implicit cast handle it is enough) and set
+ * @decrease to true. @decrease must be false if the refcount should be
+ * increased. */

The first time I read this patch I missed this quirk and thought that a
lot of places seemed to be doing the wrong thing with addend.

This is likely to cause confusion, why not make uint16_t addend truly
unsigned and leave the sign to bool decrease, as suggested by the
function prototype?


Because it's very easy to call it with e.g. target_refcount - 
current_refcount, and using an addition to apply the addend will always 
work.


So, the code is a bit shorter by doing this. On the other hand, I don't 
have trouble making all callers do llabs(addend) or imaxabs(addend) (if 
the absolute value is not known at compile time) and use addition or 
subtraction in this function, depending on the boolean.


Max

Re: [Qemu-devel] [PATCH v4 06/26] qcow2: Use 64 bits for refcount values

[Stefan Hajnoczi]

On Wed, Dec 03, 2014 at 02:37:26PM +0100, Max Reitz wrote:
> Refcounts may have a width of up to 64 bits, so qemu should use the same
> width to represent refcount values internally.
> 
> Signed-off-by: Max Reitz 
> ---
>  block/qcow2-cluster.c  |  2 +-
>  block/qcow2-refcount.c | 42 --
>  block/qcow2.h  |  4 ++--
>  3 files changed, 23 insertions(+), 25 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpMnBTs1zeWE.pgp
Description: PGP signature

[Qemu-devel] [RfC PATCH 3/3] sdl2: move SDL_* includes to sdl2.h

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann 
---
 include/ui/sdl2.h | 7 +++
 ui/sdl2-2d.c  | 6 --
 ui/sdl2-gl.c  | 7 ---
 ui/sdl2-input.c   | 6 --
 ui/sdl2.c | 6 --
 5 files changed, 7 insertions(+), 25 deletions(-)

diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
index ba90a91..0b63556 100644
--- a/include/ui/sdl2.h
+++ b/include/ui/sdl2.h
@@ -1,3 +1,10 @@
+/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
+#undef WIN32_LEAN_AND_MEAN
+
+#include 
+#include 
+#include 
+
 struct sdl2_console {
 DisplayChangeListener dcl;
 DisplaySurface *surface;
diff --git a/ui/sdl2-2d.c b/ui/sdl2-2d.c
index 85f1be4..f6cb438 100644
--- a/ui/sdl2-2d.c
+++ b/ui/sdl2-2d.c
@@ -23,12 +23,6 @@
  */
 /* Ported SDL 1.2 code to 2.0 by Dave Airlie. */
 
-/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
-#undef WIN32_LEAN_AND_MEAN
-
-#include 
-#include 
-
 #include "qemu-common.h"
 #include "ui/console.h"
 #include "ui/input.h"
diff --git a/ui/sdl2-gl.c b/ui/sdl2-gl.c
index 30018d4..3046d2d 100644
--- a/ui/sdl2-gl.c
+++ b/ui/sdl2-gl.c
@@ -23,13 +23,6 @@
  */
 /* Ported SDL 1.2 code to 2.0 by Dave Airlie. */
 
-/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
-#undef WIN32_LEAN_AND_MEAN
-
-#include 
-#include 
-#include 
-
 #include "qemu-common.h"
 #include "ui/console.h"
 #include "ui/input.h"
diff --git a/ui/sdl2-input.c b/ui/sdl2-input.c
index 6702e8e..252f099 100644
--- a/ui/sdl2-input.c
+++ b/ui/sdl2-input.c
@@ -23,12 +23,6 @@
  */
 /* Ported SDL 1.2 code to 2.0 by Dave Airlie. */
 
-/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
-#undef WIN32_LEAN_AND_MEAN
-
-#include 
-#include 
-
 #include "qemu-common.h"
 #include "ui/console.h"
 #include "ui/input.h"
diff --git a/ui/sdl2.c b/ui/sdl2.c
index 1e14a2a..24e4c9a 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -23,12 +23,6 @@
  */
 /* Ported SDL 1.2 code to 2.0 by Dave Airlie. */
 
-/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
-#undef WIN32_LEAN_AND_MEAN
-
-#include 
-#include 
-
 #include "qemu-common.h"
 #include "ui/console.h"
 #include "ui/input.h"
-- 
1.8.3.1

[Qemu-devel] [RfC PATCH 2/3] sdl2: add support for display rendering using opengl.

[Gerd Hoffmann]

Add new sdl2-gl.c file, with display
rendering functions using opengl.

Signed-off-by: Gerd Hoffmann 
---
 include/ui/sdl2.h |  10 
 ui/Makefile.objs  |   4 ++
 ui/sdl2-2d.c  |   6 +++
 ui/sdl2-gl.c  | 143 ++
 ui/sdl2.c |  50 ---
 5 files changed, 206 insertions(+), 7 deletions(-)
 create mode 100644 ui/sdl2-gl.c

diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
index 9e9a92d..ba90a91 100644
--- a/include/ui/sdl2.h
+++ b/include/ui/sdl2.h
@@ -8,6 +8,9 @@ struct sdl2_console {
 int last_vm_running; /* per console for caption reasons */
 int x, y;
 int hidden;
+int opengl;
+int updates;
+SDL_GLContext winctx;
 };
 
 void sdl2_window_create(struct sdl2_console *scon);
@@ -25,3 +28,10 @@ void sdl2_2d_switch(DisplayChangeListener *dcl,
 DisplaySurface *new_surface);
 void sdl2_2d_refresh(DisplayChangeListener *dcl);
 void sdl2_2d_redraw(struct sdl2_console *scon);
+
+void sdl2_gl_update(DisplayChangeListener *dcl,
+int x, int y, int w, int h);
+void sdl2_gl_switch(DisplayChangeListener *dcl,
+DisplaySurface *new_surface);
+void sdl2_gl_refresh(DisplayChangeListener *dcl);
+void sdl2_gl_redraw(struct sdl2_console *scon);
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index 13b5cfb..b86bdb1 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -21,6 +21,10 @@ sdl.mo-objs := sdl.o sdl_zoom.o
 endif
 ifeq ($(CONFIG_SDLABI),2.0)
 sdl.mo-objs := sdl2.o sdl2-input.o sdl2-2d.o
+ifeq ($(CONFIG_OPENGL),y)
+sdl.mo-objs += sdl2-gl.o
+libs_softmmu += $(OPENGL_LIBS)
+endif
 endif
 sdl.mo-cflags := $(SDL_CFLAGS)
 
diff --git a/ui/sdl2-2d.c b/ui/sdl2-2d.c
index 9c60075..85f1be4 100644
--- a/ui/sdl2-2d.c
+++ b/ui/sdl2-2d.c
@@ -42,6 +42,8 @@ void sdl2_2d_update(DisplayChangeListener *dcl,
 DisplaySurface *surf = qemu_console_surface(dcl->con);
 SDL_Rect rect;
 
+assert(!scon->opengl);
+
 if (!surf) {
 return;
 }
@@ -67,6 +69,8 @@ void sdl2_2d_switch(DisplayChangeListener *dcl,
 DisplaySurface *old_surface = scon->surface;
 int format = 0;
 
+assert(!scon->opengl);
+
 scon->surface = new_surface;
 
 if (scon->texture) {
@@ -114,6 +118,8 @@ void sdl2_2d_refresh(DisplayChangeListener *dcl)
 
 void sdl2_2d_redraw(struct sdl2_console *scon)
 {
+assert(!scon->opengl);
+
 if (!scon->surface) {
 return;
 }
diff --git a/ui/sdl2-gl.c b/ui/sdl2-gl.c
new file mode 100644
index 000..30018d4
--- /dev/null
+++ b/ui/sdl2-gl.c
@@ -0,0 +1,143 @@
+/*
+ * QEMU SDL display driver
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+/* Ported SDL 1.2 code to 2.0 by Dave Airlie. */
+
+/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
+#undef WIN32_LEAN_AND_MEAN
+
+#include 
+#include 
+#include 
+
+#include "qemu-common.h"
+#include "ui/console.h"
+#include "ui/input.h"
+#include "ui/sdl2.h"
+#include "sysemu/sysemu.h"
+
+static void sdl2_gl_render_surface(struct sdl2_console *scon)
+{
+int gw, gh, ww, wh, stripe;
+float sw, sh;
+GLuint tex;
+
+gw = surface_width(scon->surface);
+gh = surface_height(scon->surface);
+SDL_GetWindowSize(scon->real_window, &ww, &wh);
+SDL_GL_MakeCurrent(scon->real_window, scon->winctx);
+
+sw = (float)ww/gw;
+sh = (float)wh/gh;
+if (sw < sh) {
+stripe = wh - wh*sw/sh;
+glViewport(0, stripe / 2, ww, wh - stripe);
+} else {
+stripe = ww - ww*sh/sw;
+glViewport(stripe / 2, 0, ww - stripe, wh);
+}
+
+glMatrixMode(GL_PROJECTION);
+glLoadIdentity();
+
+glMatrixMode(GL_MODELVIEW);
+glLoadIdentity();
+
+glClearColor(0.0, 0.0, 0.0, 0);
+glClear(GL_COLOR_BUFFER_BIT | GL_DEPTH_BUFFER_BIT);
+
+glGenTextures(1, &tex);
+glBindTexture(GL_TEXTURE_2D, tex);
+glTexImage2D(GL_TEXTURE_2D, 0,

[Qemu-devel] [RfC PATCH 1/3] configure: opengl overhaul

[Gerd Hoffmann]

Rename config option from "glx" to "opengl", glx will not be the only
option for opengl in near future.  Also switch over to pkg-config for
opengl support detection.

Signed-off-by: Gerd Hoffmann 
---
 configure| 39 +--
 default-configs/lm32-softmmu.mak |  2 +-
 hw/display/Makefile.objs |  2 +-
 hw/lm32/milkymist-hw.h   |  4 ++--
 4 files changed, 21 insertions(+), 26 deletions(-)

diff --git a/configure b/configure
index 47048f0..175dea2 100755
--- a/configure
+++ b/configure
@@ -309,7 +309,7 @@ rbd=""
 smartcard_nss=""
 libusb=""
 usb_redir=""
-glx=""
+opengl=""
 zlib="yes"
 lzo=""
 snappy=""
@@ -1026,9 +1026,9 @@ for opt do
   ;;
   --enable-vhost-scsi) vhost_scsi="yes"
   ;;
-  --disable-glx) glx="no"
+  --disable-opengl) opengl="no"
   ;;
-  --enable-glx) glx="yes"
+  --enable-opengl) opengl="yes"
   ;;
   --disable-rbd) rbd="no"
   ;;
@@ -3056,23 +3056,18 @@ fi
 libs_softmmu="$libs_softmmu $fdt_libs"
 
 ##
-# GLX probe, used by milkymist-tmu2
-if test "$glx" != "no" ; then
-  glx_libs="-lGL -lX11"
-  cat > $TMPC << EOF
-#include 
-#include 
-#include 
-int main(void) { glBegin(0); glXQueryVersion(0,0,0); return 0; }
-EOF
-  if compile_prog "" "-lGL -lX11" ; then
-glx=yes
+# opengl probe, used by milkymist-tmu2
+if test "$opengl" != "no" ; then
+  opengl_pkgs="gl"
+  if $pkg_config $opengl_pkgs; then
+opengl_libs="$($pkg_config --libs $opengl_pkgs) -lX11"
+opengl=yes
   else
-if test "$glx" = "yes" ; then
-  feature_not_found "glx" "Install GL devel (e.g. MESA)"
+if test "$opengl" = "yes" ; then
+  feature_not_found "opengl" "Install GL devel (e.g. MESA)"
 fi
-glx_libs=
-glx=no
+opengl_libs=""
+opengl=no
   fi
 fi
 
@@ -4320,7 +4315,7 @@ echo "xfsctl support$xfs"
 echo "nss used  $smartcard_nss"
 echo "libusb$libusb"
 echo "usb net redir $usb_redir"
-echo "GLX support   $glx"
+echo "OpenGL support$opengl"
 echo "libiscsi support  $libiscsi"
 echo "libnfs support$libnfs"
 echo "build guest agent $guest_agent"
@@ -4682,9 +4677,9 @@ if test "$usb_redir" = "yes" ; then
   echo "CONFIG_USB_REDIR=y" >> $config_host_mak
 fi
 
-if test "$glx" = "yes" ; then
-  echo "CONFIG_GLX=y" >> $config_host_mak
-  echo "GLX_LIBS=$glx_libs" >> $config_host_mak
+if test "$opengl" = "yes" ; then
+  echo "CONFIG_OPENGL=y" >> $config_host_mak
+  echo "OPENGL_LIBS=$opengl_libs" >> $config_host_mak
 fi
 
 if test "$lzo" = "yes" ; then
diff --git a/default-configs/lm32-softmmu.mak b/default-configs/lm32-softmmu.mak
index 7df58c8..4889348 100644
--- a/default-configs/lm32-softmmu.mak
+++ b/default-configs/lm32-softmmu.mak
@@ -2,7 +2,7 @@
 
 CONFIG_LM32=y
 CONFIG_MILKYMIST=y
-CONFIG_MILKYMIST_TMU2=$(CONFIG_GLX)
+CONFIG_MILKYMIST_TMU2=$(CONFIG_OPENGL)
 CONFIG_FRAMEBUFFER=y
 CONFIG_PTIMER=y
 CONFIG_PFLASH_CFI01=y
diff --git a/hw/display/Makefile.objs b/hw/display/Makefile.objs
index 7ed76a9..e18ea57 100644
--- a/hw/display/Makefile.objs
+++ b/hw/display/Makefile.objs
@@ -20,7 +20,7 @@ common-obj-$(CONFIG_ZAURUS) += tc6393xb.o
 
 ifeq ($(CONFIG_MILKYMIST_TMU2),y)
 common-obj-y += milkymist-tmu2.o
-libs_softmmu += $(GLX_LIBS)
+libs_softmmu += $(OPENGL_LIBS)
 endif
 
 obj-$(CONFIG_OMAP) += omap_dss.o
diff --git a/hw/lm32/milkymist-hw.h b/hw/lm32/milkymist-hw.h
index 5317ce6..8d20cac 100644
--- a/hw/lm32/milkymist-hw.h
+++ b/hw/lm32/milkymist-hw.h
@@ -86,7 +86,7 @@ static inline DeviceState *milkymist_pfpu_create(hwaddr base,
 return dev;
 }
 
-#ifdef CONFIG_GLX
+#ifdef CONFIG_OPENGL
 #include 
 #include 
 static const int glx_fbconfig_attr[] = {
@@ -100,7 +100,7 @@ static const int glx_fbconfig_attr[] = {
 static inline DeviceState *milkymist_tmu2_create(hwaddr base,
 qemu_irq irq)
 {
-#ifdef CONFIG_GLX
+#ifdef CONFIG_OPENGL
 DeviceState *dev;
 Display *d;
 GLXFBConfig *configs;
-- 
1.8.3.1

Re: [Qemu-devel] [RFC PATCH v6 08/32] icount: implement icount requesting

[Paolo Bonzini]

On 11/12/2014 09:16, Pavel Dovgaluk wrote:
>>> > > No, it worked well and I deleted _nocache version of that function.
>>> > > But I still need _raw one to get the instructions counter.
>> > 
>> > Oh, great.  This patch can also go in early.
> What's the next? Will you upstream some of the patches to simplify reviewing 
> of the others?

I'm waiting for Alex to review the PPC bits, but I've already queued these:

Paolo Bonzini (9):
  target-mips: kvm: do not use get_clock()

Pavel Dovgalyuk (8):
  cpu-exec: fix cpu_exec_nocache
  cpu-exec: reset exception_index correctly
  icount: set can_do_io outside TB execution
  icount: introduce cpu_get_icount_raw
  cpu-exec: invalidate nocache translation if they are interrupted
  timer: introduce new QEMU_CLOCK_VIRTUAL_RT clock
  cpus: make icount warp behave well with respect to stop/cont
  i386: do not cross the pages boundaries in replay mode

Also, more get_clock() changes were in Kevin's block pull request.

Paolo

[Qemu-devel] [PATCH V2 9/9] pc: acpi-build: simplify PCI bus tree generation

[Igor Mammedov]

it basicaly does the same as original approach,
* just without bus/notify tables tracking (less obscure)
  which is easier to follow.
* drops unnecessary loops and bitmaps,
  creating devices and notification method in the same loop.
* saves us ~100LOC

Signed-off-by: Igor Mammedov 
---
 hw/i386/acpi-build.c | 262 ---
 1 file changed, 80 insertions(+), 182 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index a615cd1..6b0e983 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -95,7 +95,6 @@ typedef struct AcpiPmInfo {
 typedef struct AcpiMiscInfo {
 bool has_hpet;
 bool has_tpm;
-DECLARE_BITMAP(slot_hotplug_enable, PCI_SLOT_MAX);
 const unsigned char *dsdt_code;
 unsigned dsdt_size;
 uint16_t pvpanic_port;
@@ -641,242 +640,147 @@ static void acpi_set_pci_info(void)
 }
 }
 
-static void build_pci_bus_state_init(AcpiBuildPciBusHotplugState *state,
- AcpiBuildPciBusHotplugState *parent,
- bool pcihp_bridge_en)
+static void build_append_pcihp_notify(GArray *method, int slot)
 {
-state->parent = parent;
-state->device_table = build_alloc_array();
-state->notify_table = build_alloc_array();
-state->pcihp_bridge_en = pcihp_bridge_en;
-}
+GArray *notify;
 
-static void build_pci_bus_state_cleanup(AcpiBuildPciBusHotplugState *state)
-{
-build_free_array(state->device_table);
-build_free_array(state->notify_table);
+notify = build_alloc_array();
+build_append_byte(notify, 0x7B); /* AndOp */
+build_append_byte(notify, 0x68); /* Arg0Op */
+build_append_int(notify, 0x1U << slot);
+build_append_byte(notify, 0x00); /* NullName */
+build_append_byte(notify, 0x86); /* NotifyOp */
+build_append_namestring(notify, "S%.02X", PCI_DEVFN(slot, 0));
+build_append_byte(notify, 0x69); /* Arg1Op */
+
+/* Pack it up */
+build_package(notify, 0xA0 /* IfOp */);
+build_append_array(method, notify);
+build_free_array(notify);
 }
 
-static void *build_pci_bus_begin(PCIBus *bus, void *parent_state)
+static void build_append_pcihp_dev(GArray *table, int slot)
 {
-AcpiBuildPciBusHotplugState *parent = parent_state;
-AcpiBuildPciBusHotplugState *child = g_malloc(sizeof *child);
-
-build_pci_bus_state_init(child, parent, parent->pcihp_bridge_en);
+void *pcihp = acpi_data_push(table, ACPI_PCINOHP_SIZEOF);
 
-return child;
+memcpy(pcihp, ACPI_PCINOHP_AML, ACPI_PCINOHP_SIZEOF);
+patch_pcinohp(slot, pcihp);
 }
 
-static void build_pci_bus_end(PCIBus *bus, void *bus_state)
+static void build_append_pci_bus_devices(GArray *parent_scope, PCIBus *bus,
+ bool pcihp_bridge_en)
 {
-AcpiBuildPciBusHotplugState *child = bus_state;
-AcpiBuildPciBusHotplugState *parent = child->parent;
 GArray *bus_table = build_alloc_array();
-DECLARE_BITMAP(slot_hotplug_enable, PCI_SLOT_MAX);
-DECLARE_BITMAP(slot_device_present, PCI_SLOT_MAX);
-DECLARE_BITMAP(slot_device_system, PCI_SLOT_MAX);
-DECLARE_BITMAP(slot_device_vga, PCI_SLOT_MAX);
-DECLARE_BITMAP(slot_device_qxl, PCI_SLOT_MAX);
-uint8_t op;
-int i;
+GArray *method = NULL;
 QObject *bsel;
-GArray *method;
-bool bus_hotplug_support = false;
-
-/*
- * Skip bridge subtree creation if bridge hotplug is disabled
- * to make acpi tables compatible with legacy machine types.
- */
-if (!child->pcihp_bridge_en && bus->parent_dev) {
-return;
-}
+PCIBus *sec;
+int i;
 
 if (bus->parent_dev) {
-op = 0x82; /* DeviceOp */
-build_append_namestring(bus_table, "S%.02X",
- bus->parent_dev->devfn);
-build_append_byte(bus_table, 0x08); /* NameOp */
-build_append_namestring(bus_table, "_SUN");
-build_append_value(bus_table, PCI_SLOT(bus->parent_dev->devfn), 1);
-build_append_byte(bus_table, 0x08); /* NameOp */
-build_append_namestring(bus_table, "_ADR");
-build_append_value(bus_table, (PCI_SLOT(bus->parent_dev->devfn) << 16) 
|
-   PCI_FUNC(bus->parent_dev->devfn), 4);
+build_append_namestring(bus_table, "S%.02X_", bus->parent_dev->devfn);
 } else {
-op = 0x10; /* ScopeOp */;
 build_append_namestring(bus_table, "PCI0");
 }
 
-bsel = object_property_get_qobject(OBJECT(bus), ACPI_PCIHP_PROP_BSEL, 
NULL);
+bsel = object_property_get_qobject(OBJECT(bus), ACPI_PCIHP_PROP_BSEL,
+   NULL);
 if (bsel) {
 build_append_byte(bus_table, 0x08); /* NameOp */
 build_append_namestring(bus_table, "BSEL");
 build_append_int(bus_table, qint_get_int(qobject_to_qint(bsel)));
-memset(slot_hotplug_enable, 0xff, sizeof slot_hotplug_enable);
-} else {
-/* No bsel - no slots are hot-pluggable */
-

Re: [Qemu-devel] [PATCH v4 07/26] qcow2: Respect error in qcow2_alloc_bytes()

[Stefan Hajnoczi]

On Wed, Dec 03, 2014 at 02:37:27PM +0100, Max Reitz wrote:
> qcow2_update_cluster_refcount() may fail, and qcow2_alloc_bytes() should
> mind that case.
> 
> Signed-off-by: Max Reitz 
> ---
>  block/qcow2-refcount.c | 33 +
>  1 file changed, 21 insertions(+), 12 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpTM0F6GXx5R.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 08/26] qcow2: Refcount overflow and qcow2_alloc_bytes()

[Stefan Hajnoczi]

On Wed, Dec 03, 2014 at 02:37:28PM +0100, Max Reitz wrote:
> qcow2_alloc_bytes() may reuse a cluster multiple times, in which case
> the refcount is increased accordingly. However, if this would lead to an
> overflow the function should instead just not reuse this cluster and
> allocate a new one.
> 
> Signed-off-by: Max Reitz 
> ---
>  block/qcow2-refcount.c | 31 ++-
>  1 file changed, 30 insertions(+), 1 deletion(-)

Reviewed-by: Stefan Hajnoczi 


pgp_q_o2sbz9v.pgp
Description: PGP signature

[Qemu-devel] [PATCH v2] pc: acpi-build: make linker & RSDP tables dynamic

[Igor Mammedov]

linker and RSDP tables are build only once, so if later
during rebuild sizes of other ACPI tables change
pointers will be patched incorrectly due to wrong
offsets.

To fix it rebuild linker and RSDP tables along with
the rest of ACPI tables so that they would have correct
offsets.

Here is a simple reproducer:
 1: hotplug bridge using command:
 device_add pci-bridge,chassis_nr=1
 2: reset system from monitor:
 system_reset

As result pointers to ACPI tables are not correct
and guest can't read/parse ACPI tables.

Windows guests just refuse to boot and
Linux guests are more resilient and try to boot without
ACPI, sometimes successfully.

keep brokenness in 2.1 and older machine types for
the sake of migration. 2.2.0 can't be helped but we
can fix it with 2.2.1

Signed-off-by: Igor Mammedov 
---
v2:
  move compat fix to 2.1 machine type,
   suggsted by: "Michael S. Tsirkin" 
---
 hw/i386/acpi-build.c | 30 +++---
 hw/i386/pc_piix.c|  3 +++
 hw/i386/pc_q35.c |  3 +++
 include/hw/i386/pc.h |  1 +
 4 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index b37a397..4d2452d 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1509,6 +1509,10 @@ struct AcpiBuildState {
 /* Copy of table in RAM (for patching). */
 ram_addr_t table_ram;
 uint32_t table_size;
+ram_addr_t linker_ram;
+uint32_t linker_size;
+ram_addr_t rsdp_ram;
+uint32_t rsdp_size;
 /* Is table patched? */
 uint8_t patched;
 PcGuestInfo *guest_info;
@@ -1714,6 +1718,10 @@ static void acpi_build_update(void *build_opaque, 
uint32_t offset)
 assert(acpi_data_len(tables.table_data) == build_state->table_size);
 memcpy(qemu_get_ram_ptr(build_state->table_ram), tables.table_data->data,
build_state->table_size);
+memcpy(qemu_get_ram_ptr(build_state->linker_ram), tables.linker->data,
+   build_state->linker_size);
+memcpy(qemu_get_ram_ptr(build_state->rsdp_ram), tables.rsdp->data,
+   build_state->rsdp_size);
 
 cpu_physical_memory_set_dirty_range_nocode(build_state->table_ram,
build_state->table_size);
@@ -1779,17 +1787,25 @@ void acpi_setup(PcGuestInfo *guest_info)
 assert(build_state->table_ram != RAM_ADDR_MAX);
 build_state->table_size = acpi_data_len(tables.table_data);
 
-acpi_add_rom_blob(NULL, tables.linker, "etc/table-loader");
+build_state->linker_ram = acpi_add_rom_blob(build_state, tables.linker,
+"etc/table-loader");
+build_state->linker_size = acpi_data_len(tables.linker);
 
 fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
 tables.tcpalog->data, acpi_data_len(tables.tcpalog));
 
-/*
- * RSDP is small so it's easy to keep it immutable, no need to
- * bother with ROM blobs.
- */
-fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
-tables.rsdp->data, acpi_data_len(tables.rsdp));
+if (guest_info->has_imutable_rsdp) {
+/*
+ * RSDP is small so it's easy to keep it immutable, no need to
+ * bother with ROM blobs.
+ */
+fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
+tables.rsdp->data, acpi_data_len(tables.rsdp));
+} else {
+build_state->rsdp_ram = acpi_add_rom_blob(build_state, tables.rsdp,
+  ACPI_BUILD_RSDP_FILE);
+build_state->rsdp_size = acpi_data_len(tables.rsdp);
+}
 
 qemu_register_reset(acpi_build_reset, build_state);
 acpi_build_reset(build_state);
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 685fa54..61170de 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -60,6 +60,7 @@ static const int ide_iobase2[MAX_IDE_BUS] = { 0x3f6, 0x376 };
 static const int ide_irq[MAX_IDE_BUS] = { 14, 15 };
 
 static bool has_acpi_build = true;
+static bool has_imutable_rsdp;
 static int legacy_acpi_table_size;
 static bool smbios_defaults = true;
 static bool smbios_legacy_mode;
@@ -168,6 +169,7 @@ static void pc_init1(MachineState *machine,
 
 guest_info->isapc_ram_fw = !pci_enabled;
 guest_info->has_reserved_memory = has_reserved_memory;
+guest_info->has_imutable_rsdp = has_imutable_rsdp;
 
 if (smbios_defaults) {
 MachineClass *mc = MACHINE_GET_CLASS(machine);
@@ -323,6 +325,7 @@ static void pc_compat_2_1(MachineState *machine)
 x86_cpu_compat_set_features("core2duo", FEAT_1_ECX, CPUID_EXT_VMX, 0);
 x86_cpu_compat_kvm_no_autodisable(FEAT_8000_0001_ECX, CPUID_EXT3_SVM);
 pcms->enforce_aligned_dimm = false;
+has_imutable_rsdp = true;
 }
 
 static void pc_compat_2_0(MachineState *machine)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 121f620..0f071a9 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -50,6 +50,7 @@
 #define MAX_SATA_PORTS 6
 
 

Re: [Qemu-devel] [PATCH v3 3/5] block: Add driver methods to probe blocksizes and geometry

[Ekaterina Tumanova]

On 12/10/2014 04:14 PM, Thomas Huth wrote:

On Fri,  5 Dec 2014 18:56:19 +0100
Ekaterina Tumanova  wrote:


This patch introduces driver methods of defining disk blocksizes
(physical and logical) and hard drive geometry.
The method is only implemented for "host_device". For "raw" devices
driver calls child's method.

For the time being geometry detection will only work for DASD devices.
In order to check that a local check_for_dasd function was introduced,
which calls BIODASDINFO2 ioctl and returns its rc.

Blocksizes detection fuction will probe sizes for DASD devices and
set default for other devices.

Signed-off-by: Ekaterina Tumanova 
---
  block/raw-posix.c | 91 +++
  block/raw_bsd.c   | 14 +
  2 files changed, 105 insertions(+)

diff --git a/block/raw-posix.c b/block/raw-posix.c
index 633d5bc..33f9983 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -56,6 +56,7 @@
  #include 
  #include 
  #include 
+#include 
  #ifndef FS_NOCOW_FL
  #define FS_NOCOW_FL 0x0080 /* Do not cow file */
  #endif
@@ -90,6 +91,10 @@
  #include 
  #endif

+#ifdef __s390__
+#include 
+#endif
+
  //#define DEBUG_FLOPPY

  //#define DEBUG_BLOCK
@@ -242,6 +247,20 @@ static int probe_logical_blocksize(int fd, unsigned int 
*sector_size)
  return 0;
  }

+/*
+ * Set physical block size via ioctl. On success return 0. Otherwise -errno.
+ */
+static int probe_physical_blocksize(int fd, unsigned int *blk_size)
+{
+#ifdef BLKPBSZGET
+if (ioctl(fd, BLKPBSZGET, blk_size) < 0) {
+return -errno;
+}
+#endif
+
+return 0;
+}
+
  static void raw_probe_alignment(BlockDriverState *bs, int fd, Error **errp)
  {
  BDRVRawState *s = bs->opaque;
@@ -662,6 +681,76 @@ static void raw_refresh_limits(BlockDriverState *bs, Error 
**errp)
  bs->bl.opt_mem_alignment = s->buf_align;
  }

+static int check_for_dasd(int fd)
+{
+#ifdef BIODASDINFO2
+struct dasd_information2_t info = {0};
+
+return ioctl(fd, BIODASDINFO2, &info);
+#endif
+return -1;


I'd put the "return -1" line into an #else branch of the #ifdef, so
that you do not end up with two consecutive return statements in case
BIODASDINFO2 is defined.


+}
+
+/*
+ * Try to get the device blocksize. On success 0. On failure return -errno.
+ * Currently only implemented for DASD drives.
+ */
+static int hdev_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz)
+{
+BDRVRawState *s = bs->opaque;
+int ret;
+
+/* If DASD, get blocksizes */
+if (check_for_dasd(s->fd) < 0) {
+return -1;
+}
+ret = probe_logical_blocksize(s->fd, &bsz->log);
+if (ret < 0) {
+return ret;
+}
+return probe_physical_blocksize(s->fd, &bsz->phys);
+}
+
+/*
+ * Try to get the device geometry. On success 0. On failure return -errno.


"On success return 0"


+ * Currently only implemented for DASD drives.
+ */
+static int hdev_probe_geometry(BlockDriverState *bs, hdGeometry *geo)
+{
+BDRVRawState *s = bs->opaque;
+struct hd_geometry ioctl_geo = {0};
+uint32_t blksize;
+
+/* If DASD, get it's geometry */
+if (check_for_dasd(s->fd) < 0) {
+return -1;
+}
+if (ioctl(s->fd, HDIO_GETGEO, &ioctl_geo) < 0) {
+return -errno;
+}
+/* HDIO_GETGEO may return success even though geo contains zeros
+   (e.g. certain multipath setups) */
+if (!ioctl_geo.heads || !ioctl_geo.sectors || !ioctl_geo.cylinders) {
+return -1;
+}
+/* Do not return a geometry for partition */
+if (ioctl_geo.start != 0) {
+return -1;
+}
+geo->heads = ioctl_geo.heads;
+geo->sectors = ioctl_geo.sectors;
+if (bs->total_sectors) {


Maybe add a comment here why you've got to calculate the cylinders here
instead of using ioctl_geo.cylinders ?


+if (!probe_physical_blocksize(s->fd, &blksize)) {
+geo->cylinders = bs->total_sectors / (blksize / BDRV_SECTOR_SIZE)
+   / (geo->heads * geo->sectors);
+return 0;
+}
+}
+geo->cylinders = ioctl_geo.cylinders;
+
+return 0;
+}
+
  static ssize_t handle_aiocb_ioctl(RawPosixAIOData *aiocb)
  {
  int ret;
@@ -2127,6 +2216,8 @@ static BlockDriver bdrv_host_device = {
  .bdrv_get_info = raw_get_info,
  .bdrv_get_allocated_file_size
  = raw_get_allocated_file_size,
+.bdrv_probe_blocksizes = hdev_probe_blocksizes,
+.bdrv_probe_geometry = hdev_probe_geometry,

  .bdrv_detach_aio_context = raw_detach_aio_context,
  .bdrv_attach_aio_context = raw_attach_aio_context,
diff --git a/block/raw_bsd.c b/block/raw_bsd.c
index 401b967..cfd5249 100644
--- a/block/raw_bsd.c
+++ b/block/raw_bsd.c
@@ -173,6 +173,18 @@ static int raw_probe(const uint8_t *buf, int buf_size, 
const char *filename)
  return 1;
  }

+static int raw_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz)
+{
+bdrv_probe_blocksizes(bs->file, bsz);

[Qemu-devel] [PATCH] MAINTAINERS: Add migration/block* to block subsystem

[Fam Zheng]

We are moving block-migration.c to the separated migration directory,
keep this file watched by block maintainers is a good idea.

Signed-off-by: Fam Zheng 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index bcb69e8..e1cc487 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -743,6 +743,7 @@ F: aio-*.c
 F: block*
 F: block/
 F: hw/block/
+F: migration/block*
 F: qemu-img*
 F: qemu-io*
 F: tests/image-fuzzer/
-- 
1.9.3

Re: [Qemu-devel] [PATCH v2] pc: acpi-build: make linker & RSDP tables dynamic

[Igor Mammedov]

On Thu, 11 Dec 2014 11:18:50 +0200
Marcel Apfelbaum  wrote:

> On Thu, 2014-12-11 at 09:10 +, Igor Mammedov wrote:
> > linker and RSDP tables are build only once, so if later
> > during rebuild sizes of other ACPI tables change
> > pointers will be patched incorrectly due to wrong
> > offsets.
> > 
> > To fix it rebuild linker and RSDP tables along with
> > the rest of ACPI tables so that they would have correct
> > offsets.
> > 
> > Here is a simple reproducer:
> >  1: hotplug bridge using command:
> >  device_add pci-bridge,chassis_nr=1
> >  2: reset system from monitor:
> >  system_reset
> > 
> > As result pointers to ACPI tables are not correct
> > and guest can't read/parse ACPI tables.
> > 
> > Windows guests just refuse to boot and
> > Linux guests are more resilient and try to boot without
> > ACPI, sometimes successfully.
> > 
> > keep brokenness in 2.1 and older machine types for
> > the sake of migration. 2.2.0 can't be helped but we
> > can fix it with 2.2.1
> 
> Hi Igor,
> I followed the prev conversation and I agree with the patch,
> I do have one question:
> Why you didn't set has_imutable_rsdp to true for 2.2.0 machines?
> What is special about it? I think I missed it.
V1 was only from 2.3 leaving 2.2 broken, but Michael asked
about fixing 2.2 as well.

Since 2.2.0 is out we can't fix it without breaking migration
whichever way we choose to fix it, but we can fix 2.2 machine
in 2.2.1 at least allowing downstream to pickup and ship
fixed version without shipping broken one.

> 
> Thanks,
> Marcel
> 
> > 
> > Signed-off-by: Igor Mammedov 
> > ---
> > v2:
> >   move compat fix to 2.1 machine type,
> >suggsted by: "Michael S. Tsirkin" 
> > ---
> >  hw/i386/acpi-build.c | 30 +++---
> >  hw/i386/pc_piix.c|  3 +++
> >  hw/i386/pc_q35.c |  3 +++
> >  include/hw/i386/pc.h |  1 +
> >  4 files changed, 30 insertions(+), 7 deletions(-)
> > 
> > diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> > index b37a397..4d2452d 100644
> > --- a/hw/i386/acpi-build.c
> > +++ b/hw/i386/acpi-build.c
> > @@ -1509,6 +1509,10 @@ struct AcpiBuildState {
> >  /* Copy of table in RAM (for patching). */
> >  ram_addr_t table_ram;
> >  uint32_t table_size;
> > +ram_addr_t linker_ram;
> > +uint32_t linker_size;
> > +ram_addr_t rsdp_ram;
> > +uint32_t rsdp_size;
> >  /* Is table patched? */
> >  uint8_t patched;
> >  PcGuestInfo *guest_info;
> > @@ -1714,6 +1718,10 @@ static void acpi_build_update(void *build_opaque, 
> > uint32_t offset)
> >  assert(acpi_data_len(tables.table_data) == build_state->table_size);
> >  memcpy(qemu_get_ram_ptr(build_state->table_ram), 
> > tables.table_data->data,
> > build_state->table_size);
> > +memcpy(qemu_get_ram_ptr(build_state->linker_ram), tables.linker->data,
> > +   build_state->linker_size);
> > +memcpy(qemu_get_ram_ptr(build_state->rsdp_ram), tables.rsdp->data,
> > +   build_state->rsdp_size);
> >  
> >  cpu_physical_memory_set_dirty_range_nocode(build_state->table_ram,
> > build_state->table_size);
> > @@ -1779,17 +1787,25 @@ void acpi_setup(PcGuestInfo *guest_info)
> >  assert(build_state->table_ram != RAM_ADDR_MAX);
> >  build_state->table_size = acpi_data_len(tables.table_data);
> >  
> > -acpi_add_rom_blob(NULL, tables.linker, "etc/table-loader");
> > +build_state->linker_ram = acpi_add_rom_blob(build_state, tables.linker,
> > +"etc/table-loader");
> > +build_state->linker_size = acpi_data_len(tables.linker);
> >  
> >  fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
> >  tables.tcpalog->data, acpi_data_len(tables.tcpalog));
> >  
> > -/*
> > - * RSDP is small so it's easy to keep it immutable, no need to
> > - * bother with ROM blobs.
> > - */
> > -fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
> > -tables.rsdp->data, acpi_data_len(tables.rsdp));
> > +if (guest_info->has_imutable_rsdp) {
> > +/*
> > + * RSDP is small so it's easy to keep it immutable, no need to
> > + * bother with ROM blobs.
> > + */
> > +fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
> > +tables.rsdp->data, acpi_data_len(tables.rsdp));
> > +} else {
> > +build_state->rsdp_ram = acpi_add_rom_blob(build_state, tables.rsdp,
> > +  ACPI_BUILD_RSDP_FILE);
> > +build_state->rsdp_size = acpi_data_len(tables.rsdp);
> > +}
> >  
> >  qemu_register_reset(acpi_build_reset, build_state);
> >  acpi_build_reset(build_state);
> > diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> > index 685fa54..61170de 100644
> > --- a/hw/i386/pc_piix.c
> > +++ b/hw/i386/pc_piix.c
> > @@ -60,6 +60,7 @@ static const int ide_iobase2[MAX_IDE_B

Re: [Qemu-devel] [PATCH v4 09/26] qcow2: Helper for refcount array reallocation

[Stefan Hajnoczi]

On Wed, Dec 03, 2014 at 02:37:29PM +0100, Max Reitz wrote:
> Add a helper function for reallocating a refcount array, independent of
> the refcount order. The newly allocated space is zeroed and the function
> handles failed reallocations gracefully.
> 
> The helper function will always align the buffer size to a cluster
> boundary; if storing the refcounts in such an array in big endian byte
> order, this makes it possible to write parts of the array directly as
> refcount blocks into the image file.
> 
> Signed-off-by: Max Reitz 
> ---
>  block/qcow2-refcount.c | 137 
> +++--
>  1 file changed, 88 insertions(+), 49 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgp9spqO9fh_5.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 09/10] monitor: add query-vnc2 command

[Gerd Hoffmann]

  Hi,

> That's not a correct interpretation of the auth values - tls and x509 are
> not separate auth codes. VNC has one set of primary auth codes really
> 
>   none, vnc, vencrypt

Well, the source code also has (see vnc_auth_name in ui/vnc.c):

ra2, ra2ne, tight, ultra, tls, sasl

> If using the vencrypt option there are a number of sub-auth codes
> 
>tls-none, tls-vnc, tls-plain, tls-sasl x509-none, x509-vnc, x509-plain, 
> x509-sasl

So better add a 'vencrypt-subauth' enum with this list?

cheers,
  Gerd

Re: [Qemu-devel] [PULL 0/2] vnc patch queue

[Peter Maydell]

On 10 December 2014 at 09:32, Gerd Hoffmann  wrote:
>   Hi,
>
> Starting to flush queues after the 2.2 release, starting with two little
> vnc fixes.  Well, keymap is strictly speaking not vnc, but vnc is the
> major user of keymap support, so I sticked it in here.
>
> please pull,
>   Gerd
>
> The following changes since commit 45e1611de8be0eae55967694dd6e627c2dc354f2:
>
>   Update version for v2.2.0 release (2014-12-09 12:13:37 +)
>
> are available in the git repository at:
>
>   git://git.kraxel.org/qemu tags/pull-vnc-20141210-1
>
> for you to fetch changes up to 43948386bb109b97b3de0bb48573f317bdcb5008:
>
>   keymaps: correct keymaps.c following Qemu coding style (2014-12-10 10:08:12 
> +0100)
>
> 
> vnc-enc-tight fix, keymaps code style.
>
> 

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH v2] pc: acpi-build: make linker & RSDP tables dynamic

[Marcel Apfelbaum]

On Thu, 2014-12-11 at 12:23 +0100, Igor Mammedov wrote:
> On Thu, 11 Dec 2014 11:18:50 +0200
> Marcel Apfelbaum  wrote:
> 
> > On Thu, 2014-12-11 at 09:10 +, Igor Mammedov wrote:
> > > linker and RSDP tables are build only once, so if later
> > > during rebuild sizes of other ACPI tables change
> > > pointers will be patched incorrectly due to wrong
> > > offsets.
> > > 
> > > To fix it rebuild linker and RSDP tables along with
> > > the rest of ACPI tables so that they would have correct
> > > offsets.
> > > 
> > > Here is a simple reproducer:
> > >  1: hotplug bridge using command:
> > >  device_add pci-bridge,chassis_nr=1
> > >  2: reset system from monitor:
> > >  system_reset
> > > 
> > > As result pointers to ACPI tables are not correct
> > > and guest can't read/parse ACPI tables.
> > > 
> > > Windows guests just refuse to boot and
> > > Linux guests are more resilient and try to boot without
> > > ACPI, sometimes successfully.
> > > 
> > > keep brokenness in 2.1 and older machine types for
> > > the sake of migration. 2.2.0 can't be helped but we
> > > can fix it with 2.2.1
> > 
> > Hi Igor,
> > I followed the prev conversation and I agree with the patch,
> > I do have one question:
> > Why you didn't set has_imutable_rsdp to true for 2.2.0 machines?
> > What is special about it? I think I missed it.
> V1 was only from 2.3 leaving 2.2 broken, but Michael asked
> about fixing 2.2 as well.
> 
> Since 2.2.0 is out we can't fix it without breaking migration
> whichever way we choose to fix it, but we can fix 2.2 machine
> in 2.2.1 at least allowing downstream to pickup and ship
> fixed version without shipping broken one.
This I understood, but it doesn't answer my question (I think...)
I will rephrase:
Machines < 2.2 have has_imutable_rsdp = true => remain the same 
Machines >= 2.3 have has_imutable_rsdp = false => new functionality

For Machine 2.2 we *also* have has_imutable_rsdp = false => new
functionality, not old. Am I right? If yes, why not retaining the
same policy for 2.2 as we did for 2.1 and less?

This was my question, forgive me if it wasn't clear
Thanks,
Marcel

> 
> > 
> > Thanks,
> > Marcel
> > 
> > > 
> > > Signed-off-by: Igor Mammedov 
> > > ---
> > > v2:
> > >   move compat fix to 2.1 machine type,
> > >suggsted by: "Michael S. Tsirkin" 
> > > ---
> > >  hw/i386/acpi-build.c | 30 +++---
> > >  hw/i386/pc_piix.c|  3 +++
> > >  hw/i386/pc_q35.c |  3 +++
> > >  include/hw/i386/pc.h |  1 +
> > >  4 files changed, 30 insertions(+), 7 deletions(-)
> > > 
> > > diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> > > index b37a397..4d2452d 100644
> > > --- a/hw/i386/acpi-build.c
> > > +++ b/hw/i386/acpi-build.c
> > > @@ -1509,6 +1509,10 @@ struct AcpiBuildState {
> > >  /* Copy of table in RAM (for patching). */
> > >  ram_addr_t table_ram;
> > >  uint32_t table_size;
> > > +ram_addr_t linker_ram;
> > > +uint32_t linker_size;
> > > +ram_addr_t rsdp_ram;
> > > +uint32_t rsdp_size;
> > >  /* Is table patched? */
> > >  uint8_t patched;
> > >  PcGuestInfo *guest_info;
> > > @@ -1714,6 +1718,10 @@ static void acpi_build_update(void *build_opaque, 
> > > uint32_t offset)
> > >  assert(acpi_data_len(tables.table_data) == build_state->table_size);
> > >  memcpy(qemu_get_ram_ptr(build_state->table_ram), 
> > > tables.table_data->data,
> > > build_state->table_size);
> > > +memcpy(qemu_get_ram_ptr(build_state->linker_ram), 
> > > tables.linker->data,
> > > +   build_state->linker_size);
> > > +memcpy(qemu_get_ram_ptr(build_state->rsdp_ram), tables.rsdp->data,
> > > +   build_state->rsdp_size);
> > >  
> > >  cpu_physical_memory_set_dirty_range_nocode(build_state->table_ram,
> > > build_state->table_size);
> > > @@ -1779,17 +1787,25 @@ void acpi_setup(PcGuestInfo *guest_info)
> > >  assert(build_state->table_ram != RAM_ADDR_MAX);
> > >  build_state->table_size = acpi_data_len(tables.table_data);
> > >  
> > > -acpi_add_rom_blob(NULL, tables.linker, "etc/table-loader");
> > > +build_state->linker_ram = acpi_add_rom_blob(build_state, 
> > > tables.linker,
> > > +"etc/table-loader");
> > > +build_state->linker_size = acpi_data_len(tables.linker);
> > >  
> > >  fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
> > >  tables.tcpalog->data, acpi_data_len(tables.tcpalog));
> > >  
> > > -/*
> > > - * RSDP is small so it's easy to keep it immutable, no need to
> > > - * bother with ROM blobs.
> > > - */
> > > -fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
> > > -tables.rsdp->data, acpi_data_len(tables.rsdp));
> > > +if (guest_info->has_imutable_rsdp) {
> > > +/*
> > > + * RSDP is small so it's easy to keep it immutable, no need to
> > > + * 

[Qemu-devel] [PATCH 1/1] Sort include/qemu/typedefs.h

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Mainly to make it less likely to conflict during merges.

Signed-off-by: Dr. David Alan Gilbert 
---
 include/qemu/typedefs.h | 105 +++-
 1 file changed, 50 insertions(+), 55 deletions(-)

diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 3475177..57ff47f 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -3,80 +3,75 @@
 
 /* A load of opaque types so that device init declarations don't have to
pull in all the real definitions.  */
-typedef struct QEMUTimer QEMUTimer;
-typedef struct QEMUTimerListGroup QEMUTimerListGroup;
-typedef struct QEMUFile QEMUFile;
-typedef struct QEMUBH QEMUBH;
-
-typedef struct AioContext AioContext;
-
-typedef struct Visitor Visitor;
-
 struct Monitor;
-typedef struct Monitor Monitor;
-typedef struct MigrationParams MigrationParams;
-
-typedef struct Property Property;
-typedef struct PropertyInfo PropertyInfo;
-typedef struct CompatProperty CompatProperty;
-typedef struct DeviceState DeviceState;
-typedef struct BusState BusState;
-typedef struct BusClass BusClass;
 
+/* Please keep this list in alphabetical order */
+typedef struct AdapterInfo AdapterInfo;
 typedef struct AddressSpace AddressSpace;
-typedef struct MemoryRegion MemoryRegion;
-typedef struct MemoryRegionSection MemoryRegionSection;
-typedef struct MemoryListener MemoryListener;
-
-typedef struct MemoryMappingList MemoryMappingList;
-
-typedef struct QEMUMachine QEMUMachine;
-typedef struct MachineClass MachineClass;
-typedef struct MachineState MachineState;
-typedef struct NICInfo NICInfo;
-typedef struct HCIInfo HCIInfo;
+typedef struct AioContext AioContext;
 typedef struct AudioState AudioState;
 typedef struct BlockBackend BlockBackend;
 typedef struct BlockDriverState BlockDriverState;
-typedef struct DriveInfo DriveInfo;
-typedef struct DisplayState DisplayState;
+typedef struct BusClass BusClass;
+typedef struct BusState BusState;
+typedef struct CharDriverState CharDriverState;
+typedef struct CompatProperty CompatProperty;
+typedef struct DeviceState DeviceState;
 typedef struct DisplayChangeListener DisplayChangeListener;
+typedef struct DisplayState DisplayState;
 typedef struct DisplaySurface DisplaySurface;
-typedef struct PixelFormat PixelFormat;
-typedef struct QemuConsole QemuConsole;
-typedef struct CharDriverState CharDriverState;
-typedef struct MACAddr MACAddr;
-typedef struct NetClientState NetClientState;
+typedef struct DriveInfo DriveInfo;
+typedef struct EventNotifier EventNotifier;
+typedef struct FWCfgState FWCfgState;
+typedef struct HCIInfo HCIInfo;
 typedef struct I2CBus I2CBus;
+typedef struct I2SCodec I2SCodec;
 typedef struct ISABus ISABus;
 typedef struct ISADevice ISADevice;
-typedef struct SMBusDevice SMBusDevice;
-typedef struct PCIHostState PCIHostState;
-typedef struct PCIExpressHost PCIExpressHost;
+typedef struct MACAddr MACAddr;
+typedef struct MachineClass MachineClass;
+typedef struct MachineState MachineState;
+typedef struct MemoryListener MemoryListener;
+typedef struct MemoryMappingList MemoryMappingList;
+typedef struct MemoryRegion MemoryRegion;
+typedef struct MemoryRegionSection MemoryRegionSection;
+typedef struct MigrationParams MigrationParams;
+typedef struct Monitor Monitor;
+typedef struct MouseTransformInfo MouseTransformInfo;
+typedef struct MSIMessage MSIMessage;
+typedef struct NetClientState NetClientState;
+typedef struct NICInfo NICInfo;
+typedef struct PcGuestInfo PcGuestInfo;
+typedef struct PCIBridge PCIBridge;
 typedef struct PCIBus PCIBus;
 typedef struct PCIDevice PCIDevice;
-typedef struct PCIExpressDevice PCIExpressDevice;
-typedef struct PCIBridge PCIBridge;
-typedef struct PCIEAERMsg PCIEAERMsg;
-typedef struct PCIEAERLog PCIEAERLog;
 typedef struct PCIEAERErr PCIEAERErr;
+typedef struct PCIEAERLog PCIEAERLog;
+typedef struct PCIEAERMsg PCIEAERMsg;
 typedef struct PCIEPort PCIEPort;
 typedef struct PCIESlot PCIESlot;
-typedef struct MSIMessage MSIMessage;
-typedef struct SerialState SerialState;
+typedef struct PCIExpressDevice PCIExpressDevice;
+typedef struct PCIExpressHost PCIExpressHost;
+typedef struct PCIHostState PCIHostState;
 typedef struct PCMCIACardState PCMCIACardState;
-typedef struct MouseTransformInfo MouseTransformInfo;
-typedef struct uWireSlave uWireSlave;
-typedef struct I2SCodec I2SCodec;
-typedef struct SSIBus SSIBus;
-typedef struct EventNotifier EventNotifier;
-typedef struct VirtIODevice VirtIODevice;
+typedef struct PixelFormat PixelFormat;
+typedef struct PropertyInfo PropertyInfo;
+typedef struct Property Property;
+typedef struct QEMUBH QEMUBH;
+typedef struct QemuConsole QemuConsole;
+typedef struct QEMUFile QEMUFile;
+typedef struct QEMUMachine QEMUMachine;
 typedef struct QEMUSGList QEMUSGList;
 typedef struct QEMUSizedBuffer QEMUSizedBuffer;
-typedef struct SHPCDevice SHPCDevice;
-typedef struct FWCfgState FWCfgState;
-typedef struct PcGuestInfo PcGuestInfo;
+typedef struct QEMUTimerListGr

Re: [Qemu-devel] [PATCH v2 09/10] monitor: add query-vnc2 command

[Daniel P. Berrange]

On Thu, Dec 11, 2014 at 12:33:35PM +0100, Gerd Hoffmann wrote:
>   Hi,
> 
> > That's not a correct interpretation of the auth values - tls and x509 are
> > not separate auth codes. VNC has one set of primary auth codes really
> > 
> >   none, vnc, vencrypt
> 
> Well, the source code also has (see vnc_auth_name in ui/vnc.c):
> 
> ra2, ra2ne, tight, ultra, tls, sasl

True, though most of those aren't actually implemented (only SASL is)

> > If using the vencrypt option there are a number of sub-auth codes
> > 
> >tls-none, tls-vnc, tls-plain, tls-sasl x509-none, x509-vnc, x509-plain, 
> > x509-sasl
> 
> So better add a 'vencrypt-subauth' enum with this list?

Yeah probably a good idea


Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

[Qemu-devel] [RfC PATCH 0/3] sdl2: add opengl rendering support

[Gerd Hoffmann]

  Hi,

This series add support for screen rendering using opengl.  This only
blits classic DisplaySurfaces to the screen using opengl, it does not
(yet) enable gfx emulation use opengl for rendering.

It depends on the "sdl2: fixes, cleanups and opengl preparation"
series just posted.

The big question mark (and the reason this is RfC) is how we are going
to enable/disable opengl at runtime.  The options I see are:

 (1) make that a ui option, i.e. '-display sdl,opengl={on,off}'.
 (2) make that a global option, i.e. -opengl={on,off}

I'd tend to go for (2).

First, because we have a initialization order issue once gfx emulation
starts using opengl:  ui code is initialized after device code (and this
can't be changed easily because devices need register displays before we
init the ui).  Therefore with (1) the device emulation doesn't know at
init time time whenever opengl is available or not.

Second for the long term there will be 3d support in a number of UIs:
I expect sdl2, gtk, egl (using render nodes, for headless) and spice.
Having a global switch for them all looks easier.

Comments?
Other suggestions?

cheers,
  Gerd

Gerd Hoffmann (3):
  configure: opengl overhaul
  sdl2: add support for display rendering using opengl.
  sdl2: move SDL_* includes to sdl2.h

 configure|  39 +--
 default-configs/lm32-softmmu.mak |   2 +-
 hw/display/Makefile.objs |   2 +-
 hw/lm32/milkymist-hw.h   |   4 +-
 include/ui/sdl2.h|  17 +
 ui/Makefile.objs |   4 ++
 ui/sdl2-2d.c |  12 ++--
 ui/sdl2-gl.c | 136 +++
 ui/sdl2-input.c  |   6 --
 ui/sdl2.c|  56 
 10 files changed, 227 insertions(+), 51 deletions(-)
 create mode 100644 ui/sdl2-gl.c

-- 
1.8.3.1

[Qemu-devel] [PATCH] block-migration: fix pending() return value

[Vladimir Sementsov-Ogievskiy]

Because of wrong return value of .save_live_pending() in
block-migration, migration finishes before the whole disk
is transferred. Such situation occures when the migration
process is fast enouth, for example when source and dest
are on the same host.

If in the bulk phase we return something < max_size, we will skip
transferring the tail of the device. Currently we have "set pending to
BLOCK_SIZE if it is zero" for bulk phase, but there no guarantee, that
it will be < max_size.

True approach is to return, for example, max_size+1 when we are in the
bulk phase.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block-migration.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block-migration.c b/block-migration.c
index 73cdd07..bf78bd8 100644
--- a/block-migration.c
+++ b/block-migration.c
@@ -756,8 +756,8 @@ static uint64_t block_save_pending(QEMUFile *f, void 
*opaque, uint64_t max_size)
block_mig_state.read_done * BLOCK_SIZE;
 
 /* Report at least one block pending during bulk phase */
-if (pending == 0 && !block_mig_state.bulk_completed) {
-pending = BLOCK_SIZE;
+if (pending <= max_size && !block_mig_state.bulk_completed) {
+pending = max_size + BLOCK_SIZE;
 }
 blk_mig_unlock();
 qemu_mutex_unlock_iothread();
-- 
1.9.1

[Qemu-devel] [PATCH] Fix block migration bug

[Vladimir Sementsov-Ogievskiy]

Because of wrong return value of .save_live_pending() in
block-migration, migration finishes before the whole disk
is transferred. Such situation occures when the migration
process is fast enouth, for example when source and dest 
are on the same host.

It's easy to test this with the following:

bug.sh
=
#!/bin/sh

size=$1
addr=$2

rm /tmp/fifo-mig /tmp/a /tmp/b /tmp/sock-mig

./qemu-img create -f qcow2 /tmp/a $size
./qemu-img create -f qcow2 /tmp/b $size

./qemu-io -c "write -P 0x22 $addr 512" /tmp/a

mkfifo /tmp/fifo-mig

./x86_64-softmmu/qemu-system-x86_64 -drive file=/tmp/b,id=disk\
-qmp unix:/tmp/sock-mig,server,nowait\
-incoming "exec: cat /tmp/fifo-mig" &

echo 'migrate -b exec:cat>/tmp/fifo-mig\nquit\n' |\
./x86_64-softmmu/qemu-system-x86_64 -drive file=/tmp/a,id=disk\
-monitor stdio

./scripts/qmp/qmp --path=/tmp/sock-mig quit
sleep 3

echo checking
./qemu-io -c "read -P 0x22 $addr 512" /tmp/b
=

For './bug.sh 1G 1M' qemu-io check finishes successfully,
but for './bug.sh 1G 1022M' it finishes with 'Pattern verification
failed' status.

The following patch fixes this bug.

Vladimir Sementsov-Ogievskiy (1):
  block-migration: fix pending() return value

 block-migration.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
1.9.1

Re: [Qemu-devel] [PULL 0/9] tricore patches

[Peter Maydell]

On 10 December 2014 at 11:36, Bastian Koppelmann
 wrote:
> Hi,
>
> here is my first round of TriCore patches for 2.3.
>
> Cheers,
> Bastian
>
> The following changes since commit 7fb8da2b8861795e0013e6ee97acd0363d868a35:
>
>   Open 2.3 development tree (2014-12-09 21:48:34 +)
>
> are available in the git repository at:
>
>   https://github.com/bkoppelmann/qemu-tricore-upstream.git 
> tags/pull-tricore-20141210
>
> for you to fetch changes up to 328f1f0f08f1aa303eef7493bd7c3d97a8d9636a:
>
>   target-tricore: Add instructions of RCR opcode format (2014-12-10 11:13:45 
> +)
>
> 
> TriCore BOL, BRC, BRN, BRR, RC, RCPW, RCRR, RCR, RLC and RCR insn added
>
> 

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 33/33] target-arm: Check error conditions on kvm_arm_reset_vcpu

[Peter Maydell]

From: Christoffer Dall 

When resetting a VCPU we currently call both kvm_arm_vcpu_init() and
write_kvmstate_to_list(), both of which can fail, but we never check the
return value.

The only choice here is to print an error an exit if the calls fail.

Signed-off-by: Christoffer Dall 
Reviewed-by: Peter Maydell 
Message-id: 1418039630-11773-1-git-send-email-christoffer.d...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/kvm.c | 13 +++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/target-arm/kvm.c b/target-arm/kvm.c
index 191e759..4d81f3d 100644
--- a/target-arm/kvm.c
+++ b/target-arm/kvm.c
@@ -442,11 +442,20 @@ bool write_list_to_kvmstate(ARMCPU *cpu)
 
 void kvm_arm_reset_vcpu(ARMCPU *cpu)
 {
+int ret;
+
 /* Re-init VCPU so that all registers are set to
  * their respective reset values.
  */
-kvm_arm_vcpu_init(CPU(cpu));
-write_kvmstate_to_list(cpu);
+ret = kvm_arm_vcpu_init(CPU(cpu));
+if (ret < 0) {
+fprintf(stderr, "kvm_arm_vcpu_init failed: %s\n", strerror(-ret));
+abort();
+}
+if (!write_kvmstate_to_list(cpu)) {
+fprintf(stderr, "write_kvmstate_to_list failed\n");
+abort();
+}
 }
 
 void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
-- 
1.9.1

[Qemu-devel] [PULL 18/33] target-arm: make TTBR0/1 banked

[Peter Maydell]

From: Fabian Aggeler 

Adds secure and non-secure bank register suport for TTBR0 and TTBR1.
Changes include adding secure and non-secure instances of ttbr0 and ttbr1 as
well as a CP register definition for TTBR0_EL3.  Added a union containing
both EL based array fields and secure and non-secure fields mapped to them.
Updated accesses to use A32_BANKED_CURRENT_REG_GET macro.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-17-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 hw/arm/pxa2xx.c |  2 +-
 target-arm/cpu.h| 20 ++--
 target-arm/helper.c | 37 +
 3 files changed, 44 insertions(+), 15 deletions(-)

diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 11d51af..2b00b59 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -275,7 +275,7 @@ static void pxa2xx_pwrmode_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 s->cpu->env.daif = PSTATE_A | PSTATE_F | PSTATE_I;
 s->cpu->env.cp15.sctlr_ns = 0;
 s->cpu->env.cp15.c1_coproc = 0;
-s->cpu->env.cp15.ttbr0_el1 = 0;
+s->cpu->env.cp15.ttbr0_el[1] = 0;
 s->cpu->env.cp15.c3 = 0;
 s->pm_regs[PSSR >> 2] |= 0x8; /* Set STS */
 s->pm_regs[RCSR >> 2] |= 0x8; /* Set GPR */
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index f06d209..efe7010 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -199,8 +199,24 @@ typedef struct CPUARMState {
 uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
 uint64_t sder; /* Secure debug enable register. */
 uint32_t nsacr; /* Non-secure access control register. */
-uint64_t ttbr0_el1; /* MMU translation table base 0. */
-uint64_t ttbr1_el1; /* MMU translation table base 1. */
+union { /* MMU translation table base 0. */
+struct {
+uint64_t _unused_ttbr0_0;
+uint64_t ttbr0_ns;
+uint64_t _unused_ttbr0_1;
+uint64_t ttbr0_s;
+};
+uint64_t ttbr0_el[4];
+};
+union { /* MMU translation table base 1. */
+struct {
+uint64_t _unused_ttbr1_0;
+uint64_t ttbr1_ns;
+uint64_t _unused_ttbr1_1;
+uint64_t ttbr1_s;
+};
+uint64_t ttbr1_el[4];
+};
 uint64_t c2_control; /* MMU translation table base control.  */
 uint32_t c2_mask; /* MMU translation table base selection mask.  */
 uint32_t c2_base_mask; /* MMU translation table base 0 mask. */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 961dd37..171b841 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1646,13 +1646,15 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
   .access = PL1_RW,
   .fieldoffset = offsetof(CPUARMState, cp15.esr_el[1]), .resetvalue = 0, },
 { .name = "TTBR0_EL1", .state = ARM_CP_STATE_BOTH,
-  .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
-  .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el1),
-  .writefn = vmsa_ttbr_write, .resetvalue = 0 },
+  .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 0, .opc2 = 0,
+  .access = PL1_RW, .writefn = vmsa_ttbr_write, .resetvalue = 0,
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.ttbr0_s),
+ offsetof(CPUARMState, cp15.ttbr0_ns) } },
 { .name = "TTBR1_EL1", .state = ARM_CP_STATE_BOTH,
-  .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 1,
-  .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.ttbr1_el1),
-  .writefn = vmsa_ttbr_write, .resetvalue = 0 },
+  .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 0, .opc2 = 1,
+  .access = PL1_RW, .writefn = vmsa_ttbr_write, .resetvalue = 0,
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.ttbr1_s),
+ offsetof(CPUARMState, cp15.ttbr1_ns) } },
 { .name = "TCR_EL1", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
   .access = PL1_RW, .writefn = vmsa_tcr_el1_write,
@@ -1883,11 +1885,13 @@ static const ARMCPRegInfo lpae_cp_reginfo[] = {
   .fieldoffset = offsetof(CPUARMState, cp15.par_el1), .resetvalue = 0 },
 { .name = "TTBR0", .cp = 15, .crm = 2, .opc1 = 0,
   .access = PL1_RW, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE,
-  .fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el1),
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.ttbr0_s),
+ offsetof(CPUARMState, cp15.ttbr0_ns) },
   .writefn = vmsa_ttbr_write, .resetfn = arm_cp_reset_ignore },
 { .name = "TTBR1", .cp = 15, .crm = 2, .opc1 = 1,
   .access = PL1_RW, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE,
-  .fieldoffset = offsetof(CPUARMState, cp15.ttbr1_el1),
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.ttbr1_s),
+   

[Qemu-devel] [PULL 32/33] target-arm: Support save/load for 64 bit CPUs

[Peter Maydell]

For migration to work on 64 bit CPUs, we need to include both
the 64-bit integer register file and the PSTATE. Everything
else is either stored in the same place as existing 32-bit CPU
state or handled by the generic sysreg mechanism.

Signed-off-by: Peter Maydell 
Message-id: 1417788683-4038-3-git-send-email-peter.mayd...@linaro.org
---
 target-arm/machine.c | 22 +++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/target-arm/machine.c b/target-arm/machine.c
index 6437690..c29e7a2 100644
--- a/target-arm/machine.c
+++ b/target-arm/machine.c
@@ -127,6 +127,13 @@ static int get_cpsr(QEMUFile *f, void *opaque, size_t size)
 CPUARMState *env = &cpu->env;
 uint32_t val = qemu_get_be32(f);
 
+env->aarch64 = ((val & PSTATE_nRW) == 0);
+
+if (is_a64(env)) {
+pstate_write(env, val);
+return 0;
+}
+
 /* Avoid mode switch when restoring CPSR */
 env->uncached_cpsr = val & CPSR_M;
 cpsr_write(env, val, 0x);
@@ -137,8 +144,15 @@ static void put_cpsr(QEMUFile *f, void *opaque, size_t 
size)
 {
 ARMCPU *cpu = opaque;
 CPUARMState *env = &cpu->env;
+uint32_t val;
+
+if (is_a64(env)) {
+val = pstate_read(env);
+} else {
+val = cpsr_read(env);
+}
 
-qemu_put_be32(f, cpsr_read(env));
+qemu_put_be32(f, val);
 }
 
 static const VMStateInfo vmstate_cpsr = {
@@ -222,12 +236,14 @@ static int cpu_post_load(void *opaque, int version_id)
 
 const VMStateDescription vmstate_arm_cpu = {
 .name = "cpu",
-.version_id = 21,
-.minimum_version_id = 21,
+.version_id = 22,
+.minimum_version_id = 22,
 .pre_save = cpu_pre_save,
 .post_load = cpu_post_load,
 .fields = (VMStateField[]) {
 VMSTATE_UINT32_ARRAY(env.regs, ARMCPU, 16),
+VMSTATE_UINT64_ARRAY(env.xregs, ARMCPU, 32),
+VMSTATE_UINT64(env.pc, ARMCPU),
 {
 .name = "cpsr",
 .version_id = 0,
-- 
1.9.1

[Qemu-devel] [PULL 24/33] target-arm: make PAR banked

[Peter Maydell]

From: Fabian Aggeler 

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
PAR has a secure and a non-secure instance.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-23-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h| 10 +-
 target-arm/helper.c | 23 +--
 2 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 52d5719..2f8d607 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -279,7 +279,15 @@ typedef struct CPUARMState {
 };
 uint64_t far_el[4];
 };
-uint64_t par_el1;  /* Translation result. */
+union { /* Translation result. */
+struct {
+uint64_t _unused_par_0;
+uint64_t par_ns;
+uint64_t _unused_par_1;
+uint64_t par_s;
+};
+uint64_t par_el[4];
+};
 uint32_t c9_insn; /* Cache lockdown registers.  */
 uint32_t c9_data;
 uint64_t c9_pmcr; /* performance monitor control register */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 0c8b532..d2e7652 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1404,6 +1404,7 @@ static void ats_write(CPUARMState *env, const 
ARMCPRegInfo *ri, uint64_t value)
 int prot;
 int ret, is_user = ri->opc2 & 2;
 int access_type = ri->opc2 & 1;
+uint64_t par64;
 
 ret = get_phys_addr(env, value, access_type, is_user,
 &phys_addr, &prot, &page_size);
@@ -1412,7 +1413,7 @@ static void ats_write(CPUARMState *env, const 
ARMCPRegInfo *ri, uint64_t value)
  * translation table format, but with WnR always clear.
  * Convert it to a 64-bit PAR.
  */
-uint64_t par64 = (1 << 11); /* LPAE bit always set */
+par64 = (1 << 11); /* LPAE bit always set */
 if (ret == 0) {
 par64 |= phys_addr & ~0xfffULL;
 /* We don't set the ATTR or SH fields in the PAR. */
@@ -1424,7 +1425,6 @@ static void ats_write(CPUARMState *env, const 
ARMCPRegInfo *ri, uint64_t value)
  * fault.
  */
 }
-env->cp15.par_el1 = par64;
 } else {
 /* ret is a DFSR/IFSR value for the short descriptor
  * translation table format (with WnR always clear).
@@ -1434,23 +1434,25 @@ static void ats_write(CPUARMState *env, const 
ARMCPRegInfo *ri, uint64_t value)
 /* We do not set any attribute bits in the PAR */
 if (page_size == (1 << 24)
 && arm_feature(env, ARM_FEATURE_V7)) {
-env->cp15.par_el1 = (phys_addr & 0xff00) | 1 << 1;
+par64 = (phys_addr & 0xff00) | (1 << 1);
 } else {
-env->cp15.par_el1 = phys_addr & 0xf000;
+par64 = phys_addr & 0xf000;
 }
 } else {
-env->cp15.par_el1 = ((ret & (1 << 10)) >> 5) |
-((ret & (1 << 12)) >> 6) |
-((ret & 0xf) << 1) | 1;
+par64 = ((ret & (1 << 10)) >> 5) | ((ret & (1 << 12)) >> 6) |
+((ret & 0xf) << 1) | 1;
 }
 }
+
+A32_BANKED_CURRENT_REG_SET(env, par, par64);
 }
 #endif
 
 static const ARMCPRegInfo vapa_cp_reginfo[] = {
 { .name = "PAR", .cp = 15, .crn = 7, .crm = 4, .opc1 = 0, .opc2 = 0,
   .access = PL1_RW, .resetvalue = 0,
-  .fieldoffset = offsetoflow32(CPUARMState, cp15.par_el1),
+  .bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.par_s),
+ offsetoflow32(CPUARMState, cp15.par_ns) },
   .writefn = par_write },
 #ifndef CONFIG_USER_ONLY
 { .name = "ATS", .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = CP_ANY,
@@ -1903,8 +1905,9 @@ static const ARMCPRegInfo lpae_cp_reginfo[] = {
   .access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_OVERRIDE,
   .resetvalue = 0 },
 { .name = "PAR", .cp = 15, .crm = 7, .opc1 = 0,
-  .access = PL1_RW, .type = ARM_CP_64BIT,
-  .fieldoffset = offsetof(CPUARMState, cp15.par_el1), .resetvalue = 0 },
+  .access = PL1_RW, .type = ARM_CP_64BIT, .resetvalue = 0,
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.par_s),
+ offsetof(CPUARMState, cp15.par_ns)} },
 { .name = "TTBR0", .cp = 15, .crm = 2, .opc1 = 0,
   .access = PL1_RW, .type = ARM_CP_64BIT | ARM_CP_NO_MIGRATE,
   .bank_fieldoffsets = { offsetof(CPUARMState, cp15.ttbr0_s),
-- 
1.9.1

[Qemu-devel] [PULL 00/33] target-arm queue

[Peter Maydell]

First ARM pullreq for 2.3; the big thing here is all the TrustZone
support, though we still don't enable it for any CPUs yet, so in
theory no behavioural changes.

The following changes since commit a09f2d16f6b9f5bcdedb4d116bb54da86e9a3f6e:

  Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-20141210' 
into staging (2014-12-11 11:41:11 +)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20141211

for you to fetch changes up to 25f2895e0e437a3548f9794846001fb5d5ab853d:

  target-arm: Check error conditions on kvm_arm_reset_vcpu (2014-12-11 12:07:53 
+)


target-arm queue:
 * pass semihosting exit code out to system
 * more TrustZone support code (still not enabled yet)
 * allow user to direct semihosting to gdb or native explicitly
   rather than always auto-guessing the destination
 * fix memory leak in realview_init
 * fix coverity warning in hw/arm/boot
 * get state migration working for AArch64 CPUs
 * check errors in kvm_arm_reset_vcpu


Alex Bennée (1):
  target-arm/kvm: make reg sync code common between kvm32/64

Christoffer Dall (1):
  target-arm: Check error conditions on kvm_arm_reset_vcpu

Fabian Aggeler (18):
  target-arm: add banked register accessors
  target-arm: add CPREG secure state support
  target-arm: insert AArch32 cpregs twice into hashtable
  target-arm: move AArch32 SCR into security reglist
  target-arm: implement IRQ/FIQ routing to Monitor mode
  target-arm: add NSACR register
  target-arm: add MVBAR support
  target-arm: add SCTLR_EL3 and make SCTLR banked
  target-arm: respect SCR.FW, SCR.AW and SCTLR.NMFI
  target-arm: make CSSELR banked
  target-arm: make TTBR0/1 banked
  target-arm: make TTBCR banked
  target-arm: make DACR banked
  target-arm: make IFSR banked
  target-arm: make DFSR banked
  target-arm: make IFAR/DFAR banked
  target-arm: make PAR banked
  target-arm: make c13 cp regs banked (FCSEIDR, ...)

Greg Bellows (5):
  target-arm: extend async excp masking
  target-arm: add async excp target_el function
  target-arm: add SDER definition
  target-arm: make VBAR banked
  target-arm: make MAIR0/1 banked

Liviu Ionescu (2):
  Pass semihosting exit code back to system.
  Add the "-semihosting-config" option.

Nikita Belov (1):
  hw/arm/realview.c: Fix memory leak in realview_init()

Peter Maydell (3):
  target-arm: add secure state bit to CPREG hash
  arm_gic_kvm: Tell kernel about number of IRQs
  target-arm: Support save/load for 64 bit CPUs

Sergey Fedorov (1):
  target-arm: add non-secure Translation Block flag

zhanghailiang (1):
  hw/arm/boot: fix uninitialized scalar variable warning reported by 
coverity

 gdbstub.c   |  15 +-
 hw/arm/boot.c   |   4 +-
 hw/arm/pxa2xx.c |   6 +-
 hw/arm/realview.c   |   3 +-
 hw/intc/arm_gic_kvm.c   |  20 ++
 include/exec/gdbstub.h  |   6 +
 linux-user/aarch64/target_cpu.h |   2 +-
 linux-user/arm/target_cpu.h |   2 +-
 linux-user/main.c   |   2 +-
 qemu-options.hx |  12 +-
 target-arm/arm-semi.c   |  11 +-
 target-arm/cpu.c|  10 +-
 target-arm/cpu.h| 364 ++---
 target-arm/helper.c | 677 ++--
 target-arm/internals.h  |   6 +-
 target-arm/kvm.c| 107 +++
 target-arm/kvm32.c  | 100 +-
 target-arm/kvm64.c  |  24 +-
 target-arm/kvm_arm.h|  22 ++
 target-arm/machine.c|  22 +-
 target-arm/op_helper.c  |   4 +-
 target-arm/translate.c  |  15 +-
 target-arm/translate.h  |   1 +
 vl.c|  48 +++
 24 files changed, 1141 insertions(+), 342 deletions(-)

[Qemu-devel] [PULL 28/33] hw/arm/realview.c: Fix memory leak in realview_init()

[Peter Maydell]

From: Nikita Belov 

Variable 'ram_lo' is allocated unconditionally, but used only in some cases.
When it is unused pointer will be lost at function exit, resulting in a
memory leak. Allocate memory for 'ram_lo' only if it is needed.

Valgrind output:
==16879== 240 bytes in 1 blocks are definitely lost in loss record 6,033 of 
7,018
==16879==at 0x4C2AB80: malloc (in 
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16879==by 0x33D2CE: malloc_and_trace (vl.c:2804)
==16879==by 0x509E610: g_malloc (in 
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==16879==by 0x288836: realview_init (realview.c:55)
==16879==by 0x28988C: realview_pb_a8_init (realview.c:375)
==16879==by 0x341426: main (vl.c:4413)

Signed-off-by: Nikita Belov 
Reviewed-by: Markus Armbruster 
Signed-off-by: Peter Maydell 
---
 hw/arm/realview.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/arm/realview.c b/hw/arm/realview.c
index af65aa4..d41ec97 100644
--- a/hw/arm/realview.c
+++ b/hw/arm/realview.c
@@ -52,7 +52,7 @@ static void realview_init(MachineState *machine,
 CPUARMState *env;
 ObjectClass *cpu_oc;
 MemoryRegion *sysmem = get_system_memory();
-MemoryRegion *ram_lo = g_new(MemoryRegion, 1);
+MemoryRegion *ram_lo;
 MemoryRegion *ram_hi = g_new(MemoryRegion, 1);
 MemoryRegion *ram_alias = g_new(MemoryRegion, 1);
 MemoryRegion *ram_hack = g_new(MemoryRegion, 1);
@@ -135,6 +135,7 @@ static void realview_init(MachineState *machine,
 
 if (is_pb && ram_size > 0x2000) {
 /* Core tile RAM.  */
+ram_lo = g_new(MemoryRegion, 1);
 low_ram_size = ram_size - 0x2000;
 ram_size = 0x2000;
 memory_region_init_ram(ram_lo, NULL, "realview.lowmem", low_ram_size,
-- 
1.9.1

[Qemu-devel] [PULL 21/33] target-arm: make IFSR banked

[Peter Maydell]

From: Fabian Aggeler 

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
IFSR has a secure and a non-secure instance.  Adds IFSR32_EL2 definition and
storage.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-20-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h| 10 +-
 target-arm/helper.c | 13 +
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 1906fc1..e8bb057 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -242,7 +242,15 @@ typedef struct CPUARMState {
 uint32_t pmsav5_insn_ap; /* PMSAv5 MPU insn access permissions */
 uint64_t hcr_el2; /* Hypervisor configuration register */
 uint64_t scr_el3; /* Secure configuration register.  */
-uint32_t ifsr_el2; /* Fault status registers.  */
+union { /* Fault status registers.  */
+struct {
+uint64_t ifsr_ns;
+uint64_t ifsr_s;
+};
+struct {
+uint64_t ifsr32_el2;
+};
+};
 uint64_t esr_el[4];
 uint32_t c6_region[8]; /* MPU base/size registers.  */
 uint64_t far_el[4]; /* Fault address registers.  */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index ad9481c..cfb267f 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1654,8 +1654,9 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
   .fieldoffset = offsetoflow32(CPUARMState, cp15.esr_el[1]),
   .resetfn = arm_cp_reset_ignore, },
 { .name = "IFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
-  .access = PL1_RW,
-  .fieldoffset = offsetof(CPUARMState, cp15.ifsr_el2), .resetvalue = 0, },
+  .access = PL1_RW, .resetvalue = 0,
+  .bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.ifsr_s),
+ offsetoflow32(CPUARMState, cp15.ifsr_ns) } },
 { .name = "ESR_EL1", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .crn = 5, .crm = 2, .opc1 = 0, .opc2 = 0,
   .access = PL1_RW,
@@ -2347,6 +2348,10 @@ static const ARMCPRegInfo v8_el2_cp_reginfo[] = {
   .type = ARM_CP_NO_MIGRATE,
   .opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0,
   .access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.esr_el[2]) },
+{ .name = "IFSR32_EL2", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 4, .crn = 5, .crm = 0, .opc2 = 1,
+  .access = PL2_RW, .resetvalue = 0,
+  .fieldoffset = offsetof(CPUARMState, cp15.ifsr32_el2) },
 { .name = "FAR_EL2", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 0,
   .access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.far_el[2]) },
@@ -4323,11 +4328,11 @@ void arm_cpu_do_interrupt(CPUState *cs)
 env->exception.fsr = 2;
 /* Fall through to prefetch abort.  */
 case EXCP_PREFETCH_ABORT:
-env->cp15.ifsr_el2 = env->exception.fsr;
+A32_BANKED_CURRENT_REG_SET(env, ifsr, env->exception.fsr);
 env->cp15.far_el[1] = deposit64(env->cp15.far_el[1], 32, 32,
 env->exception.vaddress);
 qemu_log_mask(CPU_LOG_INT, "...with IFSR 0x%x IFAR 0x%x\n",
-  env->cp15.ifsr_el2, (uint32_t)env->exception.vaddress);
+  env->exception.fsr, (uint32_t)env->exception.vaddress);
 new_mode = ARM_CPU_MODE_ABT;
 addr = 0x0c;
 mask = CPSR_A | CPSR_I;
-- 
1.9.1

[Qemu-devel] [PULL 25/33] target-arm: make VBAR banked

[Peter Maydell]

From: Greg Bellows 

When EL3 is running in Aarch32 (or ARMv7 with Security Extensions)
VBAR has a secure and a non-secure instance, which are mapped to
VBAR_EL1 and VBAR_EL3.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-24-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h| 10 +-
 target-arm/helper.c |  5 +++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 2f8d607..fc64497 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -297,7 +297,15 @@ typedef struct CPUARMState {
 uint32_t c9_pmuserenr; /* perf monitor user enable */
 uint32_t c9_pminten; /* perf monitor interrupt enables */
 uint64_t mair_el1;
-uint64_t vbar_el[4]; /* vector base address register */
+union { /* vector base address register */
+struct {
+uint64_t _unused_vbar;
+uint64_t vbar_ns;
+uint64_t hvbar;
+uint64_t vbar_s;
+};
+uint64_t vbar_el[4];
+};
 uint32_t mvbar; /* (monitor) vector base address register */
 uint32_t c13_fcse; /* FCSE PID.  */
 uint64_t contextidr_el1; /* Context ID.  */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index d2e7652..bc73c4f 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -911,7 +911,8 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
 { .name = "VBAR", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
   .access = PL1_RW, .writefn = vbar_write,
-  .fieldoffset = offsetof(CPUARMState, cp15.vbar_el[1]),
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.vbar_s),
+ offsetof(CPUARMState, cp15.vbar_ns) },
   .resetvalue = 0 },
 { .name = "CCSIDR", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
@@ -4401,7 +4402,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
  * This register is only followed in non-monitor mode, and is banked.
  * Note: only bits 31:5 are valid.
  */
-addr += env->cp15.vbar_el[1];
+addr += A32_BANKED_CURRENT_REG_GET(env, vbar);
 }
 
 if ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_MON) {
-- 
1.9.1

[Qemu-devel] [PULL 29/33] hw/arm/boot: fix uninitialized scalar variable warning reported by coverity

[Peter Maydell]

From: zhanghailiang 

Coverity reports the 'size' may be used uninitialized, but that can't happen,
because the caller has checked "if (binfo->dtb_filename || binfo->get_dtb)"
before call 'load_dtb'.

Here we simply remove the 'if (binfo->get_dtb)' to satisfy coverity.

Signed-off-by: zhanghailiang 
Message-id: 1416826240-12368-1-git-send-email-zhang.zhanghaili...@huawei.com
Signed-off-by: Peter Maydell 
---
 hw/arm/boot.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 0014c34..e6a3c5b 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -329,6 +329,8 @@ static void set_kernel_args_old(const struct arm_boot_info 
*info)
  * Returns: the size of the device tree image on success,
  *  0 if the image size exceeds the limit,
  *  -1 on errors.
+ *
+ * Note: Must not be called unless have_dtb(binfo) is true.
  */
 static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
 hwaddr addr_limit)
@@ -352,7 +354,7 @@ static int load_dtb(hwaddr addr, const struct arm_boot_info 
*binfo,
 goto fail;
 }
 g_free(filename);
-} else if (binfo->get_dtb) {
+} else {
 fdt = binfo->get_dtb(binfo, &size);
 if (!fdt) {
 fprintf(stderr, "Board was unable to create a dtb blob\n");
-- 
1.9.1

[Qemu-devel] [PULL 30/33] arm_gic_kvm: Tell kernel about number of IRQs

[Peter Maydell]

Newer kernels support a device attribute on the GIC which allows us to
tell it how many IRQs this GIC instance is configured with; use it, if
it exists.

Signed-off-by: Peter Maydell 
Reviewed-by: Christoffer Dall 
Message-id: 1417718679-1071-1-git-send-email-peter.mayd...@linaro.org
---
 hw/intc/arm_gic_kvm.c | 20 
 1 file changed, 20 insertions(+)

diff --git a/hw/intc/arm_gic_kvm.c b/hw/intc/arm_gic_kvm.c
index 5038885..1ad3eb0 100644
--- a/hw/intc/arm_gic_kvm.c
+++ b/hw/intc/arm_gic_kvm.c
@@ -92,6 +92,21 @@ static bool kvm_arm_gic_can_save_restore(GICState *s)
 return s->dev_fd >= 0;
 }
 
+static bool kvm_gic_supports_attr(GICState *s, int group, int attrnum)
+{
+struct kvm_device_attr attr = {
+.group = group,
+.attr = attrnum,
+.flags = 0,
+};
+
+if (s->dev_fd == -1) {
+return false;
+}
+
+return kvm_device_ioctl(s->dev_fd, KVM_HAS_DEVICE_ATTR, &attr) == 0;
+}
+
 static void kvm_gic_access(GICState *s, int group, int offset,
int cpu, uint32_t *val, bool write)
 {
@@ -553,6 +568,11 @@ static void kvm_arm_gic_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
+if (kvm_gic_supports_attr(s, KVM_DEV_ARM_VGIC_GRP_NR_IRQS, 0)) {
+uint32_t numirqs = s->num_irq;
+kvm_gic_access(s, KVM_DEV_ARM_VGIC_GRP_NR_IRQS, 0, 0, &numirqs, 1);
+}
+
 /* Distributor */
 memory_region_init_reservation(&s->iomem, OBJECT(s),
"kvm-gic_dist", 0x1000);
-- 
1.9.1

[Qemu-devel] [PULL 10/33] target-arm: move AArch32 SCR into security reglist

[Peter Maydell]

From: Fabian Aggeler 

Define a new ARM CP register info list for the ARMv7 Security Extension
feature. Register that list only for ARM cores with Security Extension/EL3
support. Moving AArch32 SCR into Security Extension register group.

Signed-off-by: Sergey Fedorov 
Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-9-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/helper.c | 19 +--
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 96284f1..d3180dd 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -898,9 +898,6 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
   .access = PL1_RW, .writefn = vbar_write,
   .fieldoffset = offsetof(CPUARMState, cp15.vbar_el[1]),
   .resetvalue = 0 },
-{ .name = "SCR", .cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
-  .access = PL1_RW, .fieldoffset = offsetoflow32(CPUARMState, 
cp15.scr_el3),
-  .resetvalue = 0, .writefn = scr_write },
 { .name = "CCSIDR", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
   .access = PL1_R, .readfn = ccsidr_read, .type = ARM_CP_NO_MIGRATE },
@@ -2335,11 +2332,18 @@ static const ARMCPRegInfo v8_el3_cp_reginfo[] = {
   .access = PL3_RW, .writefn = vbar_write,
   .fieldoffset = offsetof(CPUARMState, cp15.vbar_el[3]),
   .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+
+static const ARMCPRegInfo el3_cp_reginfo[] = {
 { .name = "SCR_EL3", .state = ARM_CP_STATE_AA64,
-  .type = ARM_CP_NO_MIGRATE,
   .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 0,
   .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.scr_el3),
-  .writefn = scr_write },
+  .resetvalue = 0, .writefn = scr_write },
+{ .name = "SCR",  .type = ARM_CP_NO_MIGRATE,
+  .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 0,
+  .access = PL3_RW, .fieldoffset = offsetoflow32(CPUARMState, 
cp15.scr_el3),
+  .resetfn = arm_cp_reset_ignore, .writefn = scr_write },
 REGINFO_SENTINEL
 };
 
@@ -2960,7 +2964,10 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 }
 }
 if (arm_feature(env, ARM_FEATURE_EL3)) {
-define_arm_cp_regs(cpu, v8_el3_cp_reginfo);
+if (arm_feature(env, ARM_FEATURE_V8)) {
+define_arm_cp_regs(cpu, v8_el3_cp_reginfo);
+}
+define_arm_cp_regs(cpu, el3_cp_reginfo);
 }
 if (arm_feature(env, ARM_FEATURE_MPU)) {
 /* These are the MPU registers prior to PMSAv6. Any new
-- 
1.9.1

[Qemu-devel] [PULL 31/33] target-arm/kvm: make reg sync code common between kvm32/64

[Peter Maydell]

From: Alex Bennée 

Before we launch a guest we query KVM for the list of "co-processor"
registers it knows about. This is used to synchronize system
register state for the bulk of coprocessor/system registers.
Move this code from the 32-bit specific vcpu init function into
a common routine and call it also from the 64-bit vcpu init.

This allows system registers to migrate correctly when using
KVM, and also permits QEMU code to see the current KVM register
state (which will be needed to support big-endian guests, since
the virtio endianness callback must check for some system register
settings).

Since vcpu reset also has to sync registers, we move the
32 bit kvm_arm_reset_vcpu() into common code as well and
share it with the 64 bit version.

Signed-off-by: Alex Bennée 
[PMM: just copy the 32-bit code rather than improving it along the way;
 don't share reg_syncs_via_tuple_list() between 32 and 64 bit;
 tweak function names; move reset]
Signed-off-by: Peter Maydell 
---
 target-arm/kvm.c | 98 
 target-arm/kvm32.c   | 94 ++---
 target-arm/kvm64.c   | 24 +++--
 target-arm/kvm_arm.h | 22 
 4 files changed, 137 insertions(+), 101 deletions(-)

diff --git a/target-arm/kvm.c b/target-arm/kvm.c
index 319784d..191e759 100644
--- a/target-arm/kvm.c
+++ b/target-arm/kvm.c
@@ -21,6 +21,7 @@
 #include "sysemu/kvm.h"
 #include "kvm_arm.h"
 #include "cpu.h"
+#include "internals.h"
 #include "hw/arm/arm.h"
 
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
@@ -279,6 +280,94 @@ void kvm_arm_register_device(MemoryRegion *mr, uint64_t 
devid, uint64_t group,
 memory_region_ref(kd->mr);
 }
 
+static int compare_u64(const void *a, const void *b)
+{
+if (*(uint64_t *)a > *(uint64_t *)b) {
+return 1;
+}
+if (*(uint64_t *)a < *(uint64_t *)b) {
+return -1;
+}
+return 0;
+}
+
+/* Initialize the CPUState's cpreg list according to the kernel's
+ * definition of what CPU registers it knows about (and throw away
+ * the previous TCG-created cpreg list).
+ */
+int kvm_arm_init_cpreg_list(ARMCPU *cpu)
+{
+struct kvm_reg_list rl;
+struct kvm_reg_list *rlp;
+int i, ret, arraylen;
+CPUState *cs = CPU(cpu);
+
+rl.n = 0;
+ret = kvm_vcpu_ioctl(cs, KVM_GET_REG_LIST, &rl);
+if (ret != -E2BIG) {
+return ret;
+}
+rlp = g_malloc(sizeof(struct kvm_reg_list) + rl.n * sizeof(uint64_t));
+rlp->n = rl.n;
+ret = kvm_vcpu_ioctl(cs, KVM_GET_REG_LIST, rlp);
+if (ret) {
+goto out;
+}
+/* Sort the list we get back from the kernel, since cpreg_tuples
+ * must be in strictly ascending order.
+ */
+qsort(&rlp->reg, rlp->n, sizeof(rlp->reg[0]), compare_u64);
+
+for (i = 0, arraylen = 0; i < rlp->n; i++) {
+if (!kvm_arm_reg_syncs_via_cpreg_list(rlp->reg[i])) {
+continue;
+}
+switch (rlp->reg[i] & KVM_REG_SIZE_MASK) {
+case KVM_REG_SIZE_U32:
+case KVM_REG_SIZE_U64:
+break;
+default:
+fprintf(stderr, "Can't handle size of register in kernel list\n");
+ret = -EINVAL;
+goto out;
+}
+
+arraylen++;
+}
+
+cpu->cpreg_indexes = g_renew(uint64_t, cpu->cpreg_indexes, arraylen);
+cpu->cpreg_values = g_renew(uint64_t, cpu->cpreg_values, arraylen);
+cpu->cpreg_vmstate_indexes = g_renew(uint64_t, cpu->cpreg_vmstate_indexes,
+ arraylen);
+cpu->cpreg_vmstate_values = g_renew(uint64_t, cpu->cpreg_vmstate_values,
+arraylen);
+cpu->cpreg_array_len = arraylen;
+cpu->cpreg_vmstate_array_len = arraylen;
+
+for (i = 0, arraylen = 0; i < rlp->n; i++) {
+uint64_t regidx = rlp->reg[i];
+if (!kvm_arm_reg_syncs_via_cpreg_list(regidx)) {
+continue;
+}
+cpu->cpreg_indexes[arraylen] = regidx;
+arraylen++;
+}
+assert(cpu->cpreg_array_len == arraylen);
+
+if (!write_kvmstate_to_list(cpu)) {
+/* Shouldn't happen unless kernel is inconsistent about
+ * what registers exist.
+ */
+fprintf(stderr, "Initial read of kernel register state failed\n");
+ret = -EINVAL;
+goto out;
+}
+
+out:
+g_free(rlp);
+return ret;
+}
+
 bool write_kvmstate_to_list(ARMCPU *cpu)
 {
 CPUState *cs = CPU(cpu);
@@ -351,6 +440,15 @@ bool write_list_to_kvmstate(ARMCPU *cpu)
 return ok;
 }
 
+void kvm_arm_reset_vcpu(ARMCPU *cpu)
+{
+/* Re-init VCPU so that all registers are set to
+ * their respective reset values.
+ */
+kvm_arm_vcpu_init(CPU(cpu));
+write_kvmstate_to_list(cpu);
+}
+
 void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
 {
 }
diff --git a/target-arm/kvm32.c b/target-arm/kvm32.c
index a5e67da..94030d1 100644
--- a/target-arm/kvm32.c
+++ b/target-arm/kvm32.c
@@ -138,7 +138

[Qemu-devel] [PULL 26/33] target-arm: make c13 cp regs banked (FCSEIDR, ...)

[Peter Maydell]

From: Fabian Aggeler 

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
FCSEIDR, CONTEXTIDR, TPIDRURW, TPIDRURO and TPIDRPRW have a secure
and a non-secure instance.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-25-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 linux-user/aarch64/target_cpu.h |  2 +-
 linux-user/arm/target_cpu.h |  2 +-
 linux-user/main.c   |  2 +-
 target-arm/cpu.h| 36 +
 target-arm/helper.c | 58 -
 target-arm/op_helper.c  |  2 +-
 6 files changed, 80 insertions(+), 22 deletions(-)

diff --git a/linux-user/aarch64/target_cpu.h b/linux-user/aarch64/target_cpu.h
index 21560ef..b5593dc 100644
--- a/linux-user/aarch64/target_cpu.h
+++ b/linux-user/aarch64/target_cpu.h
@@ -32,7 +32,7 @@ static inline void cpu_set_tls(CPUARMState *env, target_ulong 
newtls)
 /* Note that AArch64 Linux keeps the TLS pointer in TPIDR; this is
  * different from AArch32 Linux, which uses TPIDRRO.
  */
-env->cp15.tpidr_el0 = newtls;
+env->cp15.tpidr_el[0] = newtls;
 }
 
 #endif
diff --git a/linux-user/arm/target_cpu.h b/linux-user/arm/target_cpu.h
index 39d65b6..d8a534d 100644
--- a/linux-user/arm/target_cpu.h
+++ b/linux-user/arm/target_cpu.h
@@ -29,7 +29,7 @@ static inline void cpu_clone_regs(CPUARMState *env, 
target_ulong newsp)
 
 static inline void cpu_set_tls(CPUARMState *env, target_ulong newtls)
 {
-env->cp15.tpidrro_el0 = newtls;
+env->cp15.tpidrro_el[0] = newtls;
 }
 
 #endif
diff --git a/linux-user/main.c b/linux-user/main.c
index 5c14c1e..186ee4d 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -564,7 +564,7 @@ do_kernel_trap(CPUARMState *env)
 end_exclusive();
 break;
 case 0x0fe0: /* __kernel_get_tls */
-env->regs[0] = env->cp15.tpidrro_el0;
+env->regs[0] = env->cp15.tpidrro_el[0];
 break;
 case 0x0f60: /* __kernel_cmpxchg64 */
 arm_kernel_cmpxchg64_helper(env);
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index fc64497..a1fefe4 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -307,11 +307,37 @@ typedef struct CPUARMState {
 uint64_t vbar_el[4];
 };
 uint32_t mvbar; /* (monitor) vector base address register */
-uint32_t c13_fcse; /* FCSE PID.  */
-uint64_t contextidr_el1; /* Context ID.  */
-uint64_t tpidr_el0; /* User RW Thread register.  */
-uint64_t tpidrro_el0; /* User RO Thread register.  */
-uint64_t tpidr_el1; /* Privileged Thread register.  */
+struct { /* FCSE PID. */
+uint32_t fcseidr_ns;
+uint32_t fcseidr_s;
+};
+union { /* Context ID. */
+struct {
+uint64_t _unused_contextidr_0;
+uint64_t contextidr_ns;
+uint64_t _unused_contextidr_1;
+uint64_t contextidr_s;
+};
+uint64_t contextidr_el[4];
+};
+union { /* User RW Thread register. */
+struct {
+uint64_t tpidrurw_ns;
+uint64_t tpidrprw_ns;
+uint64_t htpidr;
+uint64_t _tpidr_el3;
+};
+uint64_t tpidr_el[4];
+};
+/* The secure banks of these registers don't map anywhere */
+uint64_t tpidrurw_s;
+uint64_t tpidrprw_s;
+uint64_t tpidruro_s;
+
+union { /* User RO Thread register. */
+uint64_t tpidruro_ns;
+uint64_t tpidrro_el[1];
+};
 uint64_t c14_cntfrq; /* Counter Frequency register */
 uint64_t c14_cntkctl; /* Timer Control register */
 ARMGenericTimer c14_timer[NUM_GTIMERS];
diff --git a/target-arm/helper.c b/target-arm/helper.c
index bc73c4f..0357f41 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -424,13 +424,36 @@ static void tlbimvaa_is_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 }
 
 static const ARMCPRegInfo cp_reginfo[] = {
-{ .name = "FCSEIDR", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 0,
-  .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c13_fcse),
+/* Define the secure and non-secure FCSE identifier CP registers
+ * separately because there is no secure bank in V8 (no _EL3).  This allows
+ * the secure register to be properly reset and migrated. There is also no
+ * v8 EL1 version of the register so the non-secure instance stands alone.
+ */
+{ .name = "FCSEIDR(NS)",
+  .cp = 15, .opc1 = 0, .crn = 13, .crm = 0, .opc2 = 0,
+  .access = PL1_RW, .secure = ARM_CP_SECSTATE_NS,
+  .fieldoffset = offsetof(CPUARMState, cp15.fcseidr_ns),
+  .resetvalue = 0, .writefn = fcse_write, .raw_writefn = raw_write, },
+{ .name = "FCSEIDR(S)",
+  .cp = 15, .opc1 = 0, .crn = 13, .crm = 0, .opc2 =

[Qemu-devel] [PULL 27/33] target-arm: make MAIR0/1 banked

[Peter Maydell]

From: Greg Bellows 

Added CP register info entries for the ARMv7 MAIR0/1 secure banks.

Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-26-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h| 21 -
 target-arm/helper.c | 12 +---
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index a1fefe4..7ba55f0 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -296,7 +296,26 @@ typedef struct CPUARMState {
 uint32_t c9_pmxevtyper; /* perf monitor event type */
 uint32_t c9_pmuserenr; /* perf monitor user enable */
 uint32_t c9_pminten; /* perf monitor interrupt enables */
-uint64_t mair_el1;
+union { /* Memory attribute redirection */
+struct {
+#ifdef HOST_WORDS_BIGENDIAN
+uint64_t _unused_mair_0;
+uint32_t mair1_ns;
+uint32_t mair0_ns;
+uint64_t _unused_mair_1;
+uint32_t mair1_s;
+uint32_t mair0_s;
+#else
+uint64_t _unused_mair_0;
+uint32_t mair0_ns;
+uint32_t mair1_ns;
+uint64_t _unused_mair_1;
+uint32_t mair0_s;
+uint32_t mair1_s;
+#endif
+};
+uint64_t mair_el[4];
+};
 union { /* vector base address register */
 struct {
 uint64_t _unused_vbar;
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 0357f41..96abbed 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -965,20 +965,26 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
  */
 { .name = "MAIR_EL1", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 0,
-  .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.mair_el1),
+  .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.mair_el[1]),
   .resetvalue = 0 },
 /* For non-long-descriptor page tables these are PRRR and NMRR;
  * regardless they still act as reads-as-written for QEMU.
  * The override is necessary because of the overly-broad TLB_LOCKDOWN
  * definition.
  */
+ /* MAIR0/1 are defined seperately from their 64-bit counterpart which
+  * allows them to assign the correct fieldoffset based on the endianness
+  * handled in the field definitions.
+  */
 { .name = "MAIR0", .state = ARM_CP_STATE_AA32, .type = ARM_CP_OVERRIDE,
   .cp = 15, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 0, .access = PL1_RW,
-  .fieldoffset = offsetoflow32(CPUARMState, cp15.mair_el1),
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.mair0_s),
+ offsetof(CPUARMState, cp15.mair0_ns) },
   .resetfn = arm_cp_reset_ignore },
 { .name = "MAIR1", .state = ARM_CP_STATE_AA32, .type = ARM_CP_OVERRIDE,
   .cp = 15, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 1, .access = PL1_RW,
-  .fieldoffset = offsetofhigh32(CPUARMState, cp15.mair_el1),
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.mair1_s),
+ offsetof(CPUARMState, cp15.mair1_ns) },
   .resetfn = arm_cp_reset_ignore },
 { .name = "ISR_EL1", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 1, .opc2 = 0,
-- 
1.9.1

[Qemu-devel] [PULL 07/33] target-arm: add CPREG secure state support

[Peter Maydell]

From: Fabian Aggeler 

Prepare ARMCPRegInfo to support specifying two fieldoffsets per
register definition. This will allow us to keep one register
definition for banked registers (different offsets for secure/
non-secure world).

Also added secure state tracking field and flags.  This allows for
identification of the register info secure state.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-6-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h | 36 ++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 6881098..dd7d229 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -993,6 +993,21 @@ enum {
 ARM_CP_STATE_BOTH = 2,
 };
 
+/* ARM CP register secure state flags.  These flags identify security state
+ * attributes for a given CP register entry.
+ * The existence of both or neither secure and non-secure flags indicates that
+ * the register has both a secure and non-secure hash entry.  A single one of
+ * these flags causes the register to only be hashed for the specified
+ * security state.
+ * Although definitions may have any combination of the S/NS bits, each
+ * registered entry will only have one to identify whether the entry is secure
+ * or non-secure.
+ */
+enum {
+ARM_CP_SECSTATE_S =   (1 << 0), /* bit[0]: Secure state register */
+ARM_CP_SECSTATE_NS =  (1 << 1), /* bit[1]: Non-secure state register */
+};
+
 /* Return true if cptype is a valid type field. This is used to try to
  * catch errors where the sentinel has been accidentally left off the end
  * of a list of registers.
@@ -1127,6 +1142,8 @@ struct ARMCPRegInfo {
 int type;
 /* Access rights: PL*_[RW] */
 int access;
+/* Security state: ARM_CP_SECSTATE_* bits/values */
+int secure;
 /* The opaque pointer passed to define_arm_cp_regs_with_opaque() when
  * this register was defined: can be used to hand data through to the
  * register read/write functions, since they are passed the ARMCPRegInfo*.
@@ -1136,12 +1153,27 @@ struct ARMCPRegInfo {
  * fieldoffset is non-zero, the reset value of the register.
  */
 uint64_t resetvalue;
-/* Offset of the field in CPUARMState for this register. This is not
- * needed if either:
+/* Offset of the field in CPUARMState for this register.
+ *
+ * This is not needed if either:
  *  1. type is ARM_CP_CONST or one of the ARM_CP_SPECIALs
  *  2. both readfn and writefn are specified
  */
 ptrdiff_t fieldoffset; /* offsetof(CPUARMState, field) */
+
+/* Offsets of the secure and non-secure fields in CPUARMState for the
+ * register if it is banked.  These fields are only used during the static
+ * registration of a register.  During hashing the bank associated
+ * with a given security state is copied to fieldoffset which is used from
+ * there on out.
+ *
+ * It is expected that register definitions use either fieldoffset or
+ * bank_fieldoffsets in the definition but not both.  It is also expected
+ * that both bank offsets are set when defining a banked register.  This
+ * use indicates that a register is banked.
+ */
+ptrdiff_t bank_fieldoffsets[2];
+
 /* Function for making any access checks for this register in addition to
  * those specified by the 'access' permissions bits. If NULL, no extra
  * checks required. The access check is performed at runtime, not at
-- 
1.9.1

[Qemu-devel] [PULL 17/33] target-arm: make CSSELR banked

[Peter Maydell]

From: Fabian Aggeler 

Rename CSSELR (cache size selection register) and add secure
instance (AArch32).

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-16-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h| 10 +-
 target-arm/helper.c | 14 +++---
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 6559aa8..f06d209 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -177,7 +177,15 @@ typedef struct CPUARMState {
 /* System control coprocessor (cp15) */
 struct {
 uint32_t c0_cpuid;
-uint64_t c0_cssel; /* Cache size selection.  */
+union { /* Cache size selection */
+struct {
+uint64_t _unused_csselr0;
+uint64_t csselr_ns;
+uint64_t _unused_csselr1;
+uint64_t csselr_s;
+};
+uint64_t csselr_el[4];
+};
 union { /* System control register. */
 struct {
 uint64_t _unused_sctlr;
diff --git a/target-arm/helper.c b/target-arm/helper.c
index d43d208..961dd37 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -776,7 +776,14 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo 
*ri, uint64_t value)
 static uint64_t ccsidr_read(CPUARMState *env, const ARMCPRegInfo *ri)
 {
 ARMCPU *cpu = arm_env_get_cpu(env);
-return cpu->ccsidr[env->cp15.c0_cssel];
+
+/* Acquire the CSSELR index from the bank corresponding to the CCSIDR
+ * bank
+ */
+uint32_t index = A32_BANKED_REG_GET(env, csselr,
+ri->secure & ARM_CP_SECSTATE_S);
+
+return cpu->ccsidr[index];
 }
 
 static void csselr_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -903,8 +910,9 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
   .access = PL1_R, .readfn = ccsidr_read, .type = ARM_CP_NO_MIGRATE },
 { .name = "CSSELR", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
-  .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c0_cssel),
-  .writefn = csselr_write, .resetvalue = 0 },
+  .access = PL1_RW, .writefn = csselr_write, .resetvalue = 0,
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.csselr_s),
+ offsetof(CPUARMState, cp15.csselr_ns) } },
 /* Auxiliary ID register: this actually has an IMPDEF value but for now
  * just RAZ for all cores:
  */
-- 
1.9.1

[Qemu-devel] [PULL 23/33] target-arm: make IFAR/DFAR banked

[Peter Maydell]

From: Fabian Aggeler 

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
IFAR and DFAR have a secure and a non-secure instance.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-22-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.c|  2 +-
 target-arm/cpu.h| 19 ++-
 target-arm/helper.c | 16 +---
 3 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index fdb7b35..d3db279 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -552,7 +552,7 @@ static void arm1026_initfn(Object *obj)
 ARMCPRegInfo ifar = {
 .name = "IFAR", .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 1,
 .access = PL1_RW,
-.fieldoffset = offsetofhigh32(CPUARMState, cp15.far_el[1]),
+.fieldoffset = offsetof(CPUARMState, cp15.ifar_ns),
 .resetvalue = 0
 };
 define_one_arm_cp_reg(cpu, &ifar);
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 29870bd..52d5719 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -261,7 +261,24 @@ typedef struct CPUARMState {
 uint64_t esr_el[4];
 };
 uint32_t c6_region[8]; /* MPU base/size registers.  */
-uint64_t far_el[4]; /* Fault address registers.  */
+union { /* Fault address registers. */
+struct {
+uint64_t _unused_far0;
+#ifdef HOST_WORDS_BIGENDIAN
+uint32_t ifar_ns;
+uint32_t dfar_ns;
+uint32_t ifar_s;
+uint32_t dfar_s;
+#else
+uint32_t dfar_ns;
+uint32_t ifar_ns;
+uint32_t dfar_s;
+uint32_t ifar_s;
+#endif
+uint64_t _unused_far3;
+};
+uint64_t far_el[4];
+};
 uint64_t par_el1;  /* Translation result. */
 uint32_t c9_insn; /* Cache lockdown registers.  */
 uint32_t c9_data;
diff --git a/target-arm/helper.c b/target-arm/helper.c
index ebb6694..0c8b532 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -559,7 +559,8 @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
   .access = PL0_W, .type = ARM_CP_NOP },
 { .name = "IFAR", .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 2,
   .access = PL1_RW,
-  .fieldoffset = offsetofhigh32(CPUARMState, cp15.far_el[1]),
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.ifar_s),
+ offsetof(CPUARMState, cp15.ifar_ns) },
   .resetvalue = 0, },
 /* Watchpoint Fault Address Register : should actually only be present
  * for 1136, 1176, 11MPCore.
@@ -1682,11 +1683,14 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
   .resetfn = arm_cp_reset_ignore, .raw_writefn = vmsa_ttbcr_raw_write,
   .bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.tcr_el[3]),
  offsetoflow32(CPUARMState, cp15.tcr_el[1])} },
-/* 64-bit FAR; this entry also gives us the AArch32 DFAR */
-{ .name = "FAR_EL1", .state = ARM_CP_STATE_BOTH,
+{ .name = "FAR_EL1", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 0,
   .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.far_el[1]),
   .resetvalue = 0, },
+{ .name = "DFAR", .cp = 15, .opc1 = 0, .crn = 6, .crm = 0, .opc2 = 0,
+  .access = PL1_RW, .resetvalue = 0,
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.dfar_s),
+ offsetof(CPUARMState, cp15.dfar_ns) } },
 REGINFO_SENTINEL
 };
 
@@ -4330,8 +4334,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
 /* Fall through to prefetch abort.  */
 case EXCP_PREFETCH_ABORT:
 A32_BANKED_CURRENT_REG_SET(env, ifsr, env->exception.fsr);
-env->cp15.far_el[1] = deposit64(env->cp15.far_el[1], 32, 32,
-env->exception.vaddress);
+A32_BANKED_CURRENT_REG_SET(env, ifar, env->exception.vaddress);
 qemu_log_mask(CPU_LOG_INT, "...with IFSR 0x%x IFAR 0x%x\n",
   env->exception.fsr, (uint32_t)env->exception.vaddress);
 new_mode = ARM_CPU_MODE_ABT;
@@ -4341,8 +4344,7 @@ void arm_cpu_do_interrupt(CPUState *cs)
 break;
 case EXCP_DATA_ABORT:
 A32_BANKED_CURRENT_REG_SET(env, dfsr, env->exception.fsr);
-env->cp15.far_el[1] = deposit64(env->cp15.far_el[1], 0, 32,
-env->exception.vaddress);
+A32_BANKED_CURRENT_REG_SET(env, dfar, env->exception.vaddress);
 qemu_log_mask(CPU_LOG_INT, "...with DFSR 0x%x DFAR 0x%x\n",
   env->exception.fsr,
   (uint32_t)env->exception.vaddress);
-- 
1.9.1

[Qemu-devel] [PULL 16/33] target-arm: respect SCR.FW, SCR.AW and SCTLR.NMFI

[Peter Maydell]

From: Fabian Aggeler 

Add checks of SCR AW/FW bits when performing writes of CPSR.  These SCR bits
are used to control whether the CPSR masking bits can be adjusted from
non-secure state.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-15-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/helper.c | 54 +
 1 file changed, 54 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 769a182..d43d208 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3644,6 +3644,8 @@ uint32_t cpsr_read(CPUARMState *env)
 
 void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
 {
+uint32_t changed_daif;
+
 if (mask & CPSR_NZCV) {
 env->ZF = (~val) & CPSR_Z;
 env->NF = val;
@@ -3666,6 +3668,58 @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t 
mask)
 env->GE = (val >> 16) & 0xf;
 }
 
+/* In a V7 implementation that includes the security extensions but does
+ * not include Virtualization Extensions the SCR.FW and SCR.AW bits control
+ * whether non-secure software is allowed to change the CPSR_F and CPSR_A
+ * bits respectively.
+ *
+ * In a V8 implementation, it is permitted for privileged software to
+ * change the CPSR A/F bits regardless of the SCR.AW/FW bits.
+ */
+if (!arm_feature(env, ARM_FEATURE_V8) &&
+arm_feature(env, ARM_FEATURE_EL3) &&
+!arm_feature(env, ARM_FEATURE_EL2) &&
+!arm_is_secure(env)) {
+
+changed_daif = (env->daif ^ val) & mask;
+
+if (changed_daif & CPSR_A) {
+/* Check to see if we are allowed to change the masking of async
+ * abort exceptions from a non-secure state.
+ */
+if (!(env->cp15.scr_el3 & SCR_AW)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "Ignoring attempt to switch CPSR_A flag from "
+  "non-secure world with SCR.AW bit clear\n");
+mask &= ~CPSR_A;
+}
+}
+
+if (changed_daif & CPSR_F) {
+/* Check to see if we are allowed to change the masking of FIQ
+ * exceptions from a non-secure state.
+ */
+if (!(env->cp15.scr_el3 & SCR_FW)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "Ignoring attempt to switch CPSR_F flag from "
+  "non-secure world with SCR.FW bit clear\n");
+mask &= ~CPSR_F;
+}
+
+/* Check whether non-maskable FIQ (NMFI) support is enabled.
+ * If this bit is set software is not allowed to mask
+ * FIQs, but is allowed to set CPSR_F to 0.
+ */
+if ((A32_BANKED_CURRENT_REG_GET(env, sctlr) & SCTLR_NMFI) &&
+(val & CPSR_F)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "Ignoring attempt to enable CPSR_F flag "
+  "(non-maskable FIQ [NMFI] support enabled)\n");
+mask &= ~CPSR_F;
+}
+}
+}
+
 env->daif &= ~(CPSR_AIF & mask);
 env->daif |= val & CPSR_AIF & mask;
 
-- 
1.9.1

[Qemu-devel] [PULL 19/33] target-arm: make TTBCR banked

[Peter Maydell]

From: Fabian Aggeler 

Adds secure and non-secure bank register suport for TTBCR.
Added new struct to compartmentalize the TCR data and masks.  Removed old
tcr/ttbcr data and added a 4 element array of the new structs in cp15.  This
allows for one entry per EL.  Added a CP register definition for TCR_EL3.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-18-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h   | 11 +---
 target-arm/helper.c| 72 --
 target-arm/internals.h |  6 ++---
 3 files changed, 58 insertions(+), 31 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index efe7010..0eaf981 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -120,6 +120,12 @@ typedef struct ARMGenericTimer {
 #define GTIMER_VIRT 1
 #define NUM_GTIMERS 2
 
+typedef struct {
+uint64_t raw_tcr;
+uint32_t mask;
+uint32_t base_mask;
+} TCR;
+
 typedef struct CPUARMState {
 /* Regs for current mode.  */
 uint32_t regs[16];
@@ -217,9 +223,8 @@ typedef struct CPUARMState {
 };
 uint64_t ttbr1_el[4];
 };
-uint64_t c2_control; /* MMU translation table base control.  */
-uint32_t c2_mask; /* MMU translation table base selection mask.  */
-uint32_t c2_base_mask; /* MMU translation table base 0 mask. */
+/* MMU translation table base control. */
+TCR tcr_el[4];
 uint32_t c2_data; /* MPU data cachable bits.  */
 uint32_t c2_insn; /* MPU instruction cachable bits.  */
 uint32_t c3; /* MMU domain access control register
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 171b841..b80608c 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -136,6 +136,11 @@ static void raw_write(CPUARMState *env, const ARMCPRegInfo 
*ri,
 }
 }
 
+static void *raw_ptr(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+return (char *)env + ri->fieldoffset;
+}
+
 static uint64_t read_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri)
 {
 /* Raw read of a coprocessor register (as needed for migration, etc). */
@@ -1560,6 +1565,7 @@ static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
 static void vmsa_ttbcr_raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
  uint64_t value)
 {
+TCR *tcr = raw_ptr(env, ri);
 int maskshift = extract32(value, 0, 3);
 
 if (!arm_feature(env, ARM_FEATURE_V8)) {
@@ -1578,14 +1584,15 @@ static void vmsa_ttbcr_raw_write(CPUARMState *env, 
const ARMCPRegInfo *ri,
 }
 }
 
-/* Note that we always calculate c2_mask and c2_base_mask, but
+/* Update the masks corresponding to the the TCR bank being written
+ * Note that we always calculate mask and base_mask, but
  * they are only used for short-descriptor tables (ie if EAE is 0);
- * for long-descriptor tables the TTBCR fields are used differently
- * and the c2_mask and c2_base_mask values are meaningless.
+ * for long-descriptor tables the TCR fields are used differently
+ * and the mask and base_mask values are meaningless.
  */
-raw_write(env, ri, value);
-env->cp15.c2_mask = ~(((uint32_t)0xu) >> maskshift);
-env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> maskshift);
+tcr->raw_tcr = value;
+tcr->mask = ~(((uint32_t)0xu) >> maskshift);
+tcr->base_mask = ~((uint32_t)0x3fffu >> maskshift);
 }
 
 static void vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -1604,19 +1611,25 @@ static void vmsa_ttbcr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 
 static void vmsa_ttbcr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
 {
-env->cp15.c2_base_mask = 0xc000u;
-raw_write(env, ri, 0);
-env->cp15.c2_mask = 0;
+TCR *tcr = raw_ptr(env, ri);
+
+/* Reset both the TCR as well as the masks corresponding to the bank of
+ * the TCR being reset.
+ */
+tcr->raw_tcr = 0;
+tcr->mask = 0;
+tcr->base_mask = 0xc000u;
 }
 
 static void vmsa_tcr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
 {
 ARMCPU *cpu = arm_env_get_cpu(env);
+TCR *tcr = raw_ptr(env, ri);
 
 /* For AArch64 the A1 bit could result in a change of ASID, so TLB flush. 
*/
 tlb_flush(CPU(cpu), 1);
-raw_write(env, ri, value);
+tcr->raw_tcr = value;
 }
 
 static void vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -1659,11 +1672,12 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
   .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
   .access = PL1_RW, .writefn = vmsa_tcr_el1_write,
   .resetfn = vmsa_ttbcr_reset, .raw_writefn = raw_write,
-  .fieldoffset = offsetof(CPUARMState, cp15.c2_control) },
+  .fieldoffset = offsetof(CPUARMState, cp15.tcr_el[1]) },
 { .name = "TTBCR", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .op

[Qemu-devel] [PULL 20/33] target-arm: make DACR banked

[Peter Maydell]

From: Fabian Aggeler 

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
DACR has a secure and a non-secure instance.  Adds definition for DACR32_EL2.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-19-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 hw/arm/pxa2xx.c |  2 +-
 target-arm/cpu.h| 13 +++--
 target-arm/helper.c | 28 ++--
 3 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 2b00b59..8967cc4 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -276,7 +276,7 @@ static void pxa2xx_pwrmode_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 s->cpu->env.cp15.sctlr_ns = 0;
 s->cpu->env.cp15.c1_coproc = 0;
 s->cpu->env.cp15.ttbr0_el[1] = 0;
-s->cpu->env.cp15.c3 = 0;
+s->cpu->env.cp15.dacr_ns = 0;
 s->pm_regs[PSSR >> 2] |= 0x8; /* Set STS */
 s->pm_regs[RCSR >> 2] |= 0x8; /* Set GPR */
 
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 0eaf981..1906fc1 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -227,8 +227,17 @@ typedef struct CPUARMState {
 TCR tcr_el[4];
 uint32_t c2_data; /* MPU data cachable bits.  */
 uint32_t c2_insn; /* MPU instruction cachable bits.  */
-uint32_t c3; /* MMU domain access control register
-MPU write buffer control.  */
+union { /* MMU domain access control register
+ * MPU write buffer control.
+ */
+struct {
+uint64_t dacr_ns;
+uint64_t dacr_s;
+};
+struct {
+uint64_t dacr32_el2;
+};
+};
 uint32_t pmsav5_data_ap; /* PMSAv5 MPU data access permissions */
 uint32_t pmsav5_insn_ap; /* PMSAv5 MPU insn access permissions */
 uint64_t hcr_el2; /* Hypervisor configuration register */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index b80608c..ad9481c 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -440,10 +440,12 @@ static const ARMCPRegInfo not_v8_cp_reginfo[] = {
  * definitions that don't use CP_ANY wildcards (mostly in v8_cp_reginfo[]).
  */
 /* MMU Domain access control / MPU write buffer control */
-{ .name = "DACR", .cp = 15,
-  .crn = 3, .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
-  .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c3),
-  .resetvalue = 0, .writefn = dacr_write, .raw_writefn = raw_write, },
+{ .name = "DACR",
+  .cp = 15, .opc1 = CP_ANY, .crn = 3, .crm = CP_ANY, .opc2 = CP_ANY,
+  .access = PL1_RW, .resetvalue = 0,
+  .writefn = dacr_write, .raw_writefn = raw_write,
+  .bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.dacr_s),
+ offsetoflow32(CPUARMState, cp15.dacr_ns) } },
 /* ??? This covers not just the impdef TLB lockdown registers but also
  * some v7VMSA registers relating to TEX remap, so it is overly broad.
  */
@@ -2257,10 +2259,11 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
 { .name = "DCCISW", .cp = 15, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 2,
   .type = ARM_CP_NOP, .access = PL1_W },
 /* MMU Domain access control / MPU write buffer control */
-{ .name = "DACR", .cp = 15,
-  .opc1 = 0, .crn = 3, .crm = 0, .opc2 = 0,
-  .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c3),
-  .resetvalue = 0, .writefn = dacr_write, .raw_writefn = raw_write, },
+{ .name = "DACR", .cp = 15, .opc1 = 0, .crn = 3, .crm = 0, .opc2 = 0,
+  .access = PL1_RW, .resetvalue = 0,
+  .writefn = dacr_write, .raw_writefn = raw_write,
+  .bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.dacr_s),
+ offsetoflow32(CPUARMState, cp15.dacr_ns) } },
 { .name = "ELR_EL1", .state = ARM_CP_STATE_AA64,
   .type = ARM_CP_NO_MIGRATE,
   .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 0, .opc2 = 1,
@@ -2330,6 +2333,11 @@ static const ARMCPRegInfo v8_el2_cp_reginfo[] = {
   .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
   .access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.hcr_el2),
   .writefn = hcr_write },
+{ .name = "DACR32_EL2", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 4, .crn = 3, .crm = 0, .opc2 = 0,
+  .access = PL2_RW, .resetvalue = 0,
+  .writefn = dacr_write, .raw_writefn = raw_write,
+  .fieldoffset = offsetof(CPUARMState, cp15.dacr32_el2) },
 { .name = "ELR_EL2", .state = ARM_CP_STATE_AA64,
   .type = ARM_CP_NO_MIGRATE,
   .opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 1,
@@ -4517,7 +4525,7 @@ static int get_phys_addr_v5(CPUARMState *env, uint32_t 
address, int access_type,
 desc = ldl_phys(cs->as, table);
 type = (desc & 3);
 domain = (desc >> 5) & 0x0f;
-domain_prot = (env->cp15.c3 >>

[Qemu-devel] [PULL 22/33] target-arm: make DFSR banked

[Peter Maydell]

From: Fabian Aggeler 

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
DFSR has a secure and a non-secure instance.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-21-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h| 10 +-
 target-arm/helper.c |  7 ---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index e8bb057..29870bd 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -251,7 +251,15 @@ typedef struct CPUARMState {
 uint64_t ifsr32_el2;
 };
 };
-uint64_t esr_el[4];
+union {
+struct {
+uint64_t _unused_dfsr;
+uint64_t dfsr_ns;
+uint64_t hsr;
+uint64_t dfsr_s;
+};
+uint64_t esr_el[4];
+};
 uint32_t c6_region[8]; /* MPU base/size registers.  */
 uint64_t far_el[4]; /* Fault address registers.  */
 uint64_t par_el1;  /* Translation result. */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index cfb267f..ebb6694 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1651,7 +1651,8 @@ static void vmsa_ttbr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 static const ARMCPRegInfo vmsa_cp_reginfo[] = {
 { .name = "DFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 0,
   .access = PL1_RW, .type = ARM_CP_NO_MIGRATE,
-  .fieldoffset = offsetoflow32(CPUARMState, cp15.esr_el[1]),
+  .bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.dfsr_s),
+ offsetoflow32(CPUARMState, cp15.dfsr_ns) },
   .resetfn = arm_cp_reset_ignore, },
 { .name = "IFSR", .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
   .access = PL1_RW, .resetvalue = 0,
@@ -4339,11 +4340,11 @@ void arm_cpu_do_interrupt(CPUState *cs)
 offset = 4;
 break;
 case EXCP_DATA_ABORT:
-env->cp15.esr_el[1] = env->exception.fsr;
+A32_BANKED_CURRENT_REG_SET(env, dfsr, env->exception.fsr);
 env->cp15.far_el[1] = deposit64(env->cp15.far_el[1], 0, 32,
 env->exception.vaddress);
 qemu_log_mask(CPU_LOG_INT, "...with DFSR 0x%x DFAR 0x%x\n",
-  (uint32_t)env->cp15.esr_el[1],
+  env->exception.fsr,
   (uint32_t)env->exception.vaddress);
 new_mode = ARM_CPU_MODE_ABT;
 addr = 0x10;
-- 
1.9.1

[Qemu-devel] [PULL 12/33] target-arm: add NSACR register

[Peter Maydell]

From: Fabian Aggeler 

Implements NSACR register with corresponding read/write functions
for ARMv7 and ARMv8.

Signed-off-by: Sergey Fedorov 
Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-11-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h| 1 +
 target-arm/helper.c | 4 
 2 files changed, 5 insertions(+)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 532f698..2afe93a 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -181,6 +181,7 @@ typedef struct CPUARMState {
 uint64_t c1_sys; /* System control register.  */
 uint64_t c1_coproc; /* Coprocessor access register.  */
 uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
+uint32_t nsacr; /* Non-secure access control register. */
 uint64_t ttbr0_el1; /* MMU translation table base 0. */
 uint64_t ttbr1_el1; /* MMU translation table base 1. */
 uint64_t c2_control; /* MMU translation table base control.  */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 973b5a9..ace7ef9 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2344,6 +2344,10 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
   .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 0,
   .access = PL3_RW, .fieldoffset = offsetoflow32(CPUARMState, 
cp15.scr_el3),
   .resetfn = arm_cp_reset_ignore, .writefn = scr_write },
+  /* TODO: Implement NSACR trapping of secure EL1 accesses to EL3 */
+{ .name = "NSACR", .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 2,
+  .access = PL3_W | PL1_R, .resetvalue = 0,
+  .fieldoffset = offsetof(CPUARMState, cp15.nsacr) },
 REGINFO_SENTINEL
 };
 
-- 
1.9.1

[Qemu-devel] [PULL 11/33] target-arm: implement IRQ/FIQ routing to Monitor mode

[Peter Maydell]

From: Fabian Aggeler 

SCR.{IRQ/FIQ} bits allow to route IRQ/FIQ exceptions to monitor CPU
mode. When taking IRQ exception to monitor mode FIQ exception is
additionally masked.

Signed-off-by: Sergey Fedorov 
Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-10-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/helper.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index d3180dd..973b5a9 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -4233,12 +4233,21 @@ void arm_cpu_do_interrupt(CPUState *cs)
 /* Disable IRQ and imprecise data aborts.  */
 mask = CPSR_A | CPSR_I;
 offset = 4;
+if (env->cp15.scr_el3 & SCR_IRQ) {
+/* IRQ routed to monitor mode */
+new_mode = ARM_CPU_MODE_MON;
+mask |= CPSR_F;
+}
 break;
 case EXCP_FIQ:
 new_mode = ARM_CPU_MODE_FIQ;
 addr = 0x1c;
 /* Disable FIQ, IRQ and imprecise data aborts.  */
 mask = CPSR_A | CPSR_I | CPSR_F;
+if (env->cp15.scr_el3 & SCR_FIQ) {
+/* FIQ routed to monitor mode */
+new_mode = ARM_CPU_MODE_MON;
+}
 offset = 4;
 break;
 case EXCP_SMC:
-- 
1.9.1

[Qemu-devel] [PATCH 03/10] sdl2: move keyboard input code to new sdl2-input.c

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann 
---
 include/ui/sdl2.h |   4 +++
 ui/Makefile.objs  |   2 +-
 ui/sdl2-input.c   | 106 ++
 ui/sdl2.c |  75 ++
 4 files changed, 114 insertions(+), 73 deletions(-)
 create mode 100644 ui/sdl2-input.c

diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
index 7f91a75..e1c304a 100644
--- a/include/ui/sdl2.h
+++ b/include/ui/sdl2.h
@@ -9,3 +9,7 @@ struct sdl2_console {
 int x, y;
 int hidden;
 };
+
+void sdl2_reset_keys(struct sdl2_console *scon);
+void sdl2_process_key(struct sdl2_console *scon,
+  SDL_KeyboardEvent *ev);
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index b25e85f..011c5bb 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -20,7 +20,7 @@ ifeq ($(CONFIG_SDLABI),1.2)
 sdl.mo-objs := sdl.o sdl_zoom.o
 endif
 ifeq ($(CONFIG_SDLABI),2.0)
-sdl.mo-objs := sdl2.o
+sdl.mo-objs := sdl2.o sdl2-input.o
 endif
 sdl.mo-cflags := $(SDL_CFLAGS)
 
diff --git a/ui/sdl2-input.c b/ui/sdl2-input.c
new file mode 100644
index 000..6702e8e
--- /dev/null
+++ b/ui/sdl2-input.c
@@ -0,0 +1,106 @@
+/*
+ * QEMU SDL display driver
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+/* Ported SDL 1.2 code to 2.0 by Dave Airlie. */
+
+/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
+#undef WIN32_LEAN_AND_MEAN
+
+#include 
+#include 
+
+#include "qemu-common.h"
+#include "ui/console.h"
+#include "ui/input.h"
+#include "ui/sdl2.h"
+#include "sysemu/sysemu.h"
+
+#include "sdl2-keymap.h"
+
+static uint8_t modifiers_state[SDL_NUM_SCANCODES];
+
+void sdl2_reset_keys(struct sdl2_console *scon)
+{
+QemuConsole *con = scon ? scon->dcl.con : NULL;
+int i;
+
+for (i = 0; i < 256; i++) {
+if (modifiers_state[i]) {
+int qcode = sdl2_scancode_to_qcode[i];
+qemu_input_event_send_key_qcode(con, qcode, false);
+modifiers_state[i] = 0;
+}
+}
+}
+
+void sdl2_process_key(struct sdl2_console *scon,
+  SDL_KeyboardEvent *ev)
+{
+int qcode = sdl2_scancode_to_qcode[ev->keysym.scancode];
+QemuConsole *con = scon ? scon->dcl.con : NULL;
+
+if (!qemu_console_is_graphic(con)) {
+if (ev->type == SDL_KEYDOWN) {
+switch (ev->keysym.scancode) {
+case SDL_SCANCODE_RETURN:
+kbd_put_keysym_console(con, '\n');
+break;
+case SDL_SCANCODE_BACKSPACE:
+kbd_put_keysym_console(con, QEMU_KEY_BACKSPACE);
+break;
+default:
+kbd_put_qcode_console(con, qcode);
+break;
+}
+}
+return;
+}
+
+switch (ev->keysym.scancode) {
+#if 0
+case SDL_SCANCODE_NUMLOCKCLEAR:
+case SDL_SCANCODE_CAPSLOCK:
+/* SDL does not send the key up event, so we generate it */
+qemu_input_event_send_key_qcode(con, qcode, true);
+qemu_input_event_send_key_qcode(con, qcode, false);
+return;
+#endif
+case SDL_SCANCODE_LCTRL:
+case SDL_SCANCODE_LSHIFT:
+case SDL_SCANCODE_LALT:
+case SDL_SCANCODE_LGUI:
+case SDL_SCANCODE_RCTRL:
+case SDL_SCANCODE_RSHIFT:
+case SDL_SCANCODE_RALT:
+case SDL_SCANCODE_RGUI:
+if (ev->type == SDL_KEYUP) {
+modifiers_state[ev->keysym.scancode] = 0;
+} else {
+modifiers_state[ev->keysym.scancode] = 1;
+}
+/* fall though */
+default:
+qemu_input_event_send_key_qcode(con, qcode,
+ev->type == SDL_KEYDOWN);
+}
+}
diff --git a/ui/sdl2.c b/ui/sdl2.c
index 375e1a3..b8d592f 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -35,8 +35,6 @@
 #include "ui/sdl2.h"
 #include "sysemu/sysemu.h"
 
-#include "sdl2-keymap.h"
-
 static int sdl2_num_outputs;
 static struct sdl2_console *sdl2

[Qemu-devel] [PULL 14/33] target-arm: add MVBAR support

[Peter Maydell]

From: Fabian Aggeler 

Use MVBAR register as exception vector base address for
exceptions taken to CPU monitor mode.

Signed-off-by: Sergey Fedorov 
Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-13-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h|  1 +
 target-arm/helper.c | 15 +--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 12bd6ec..cdf2dd7 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -211,6 +211,7 @@ typedef struct CPUARMState {
 uint32_t c9_pminten; /* perf monitor interrupt enables */
 uint64_t mair_el1;
 uint64_t vbar_el[4]; /* vector base address register */
+uint32_t mvbar; /* (monitor) vector base address register */
 uint32_t c13_fcse; /* FCSE PID.  */
 uint64_t contextidr_el1; /* Context ID.  */
 uint64_t tpidr_el0; /* User RW Thread register.  */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 0d49489..412c465 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2356,6 +2356,9 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
 { .name = "NSACR", .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 2,
   .access = PL3_W | PL1_R, .resetvalue = 0,
   .fieldoffset = offsetof(CPUARMState, cp15.nsacr) },
+{ .name = "MVBAR", .cp = 15, .opc1 = 0, .crn = 12, .crm = 0, .opc2 = 1,
+  .access = PL3_RW, .writefn = vbar_write, .resetvalue = 0,
+  .fieldoffset = offsetof(CPUARMState, cp15.mvbar) },
 REGINFO_SENTINEL
 };
 
@@ -4272,16 +4275,16 @@ void arm_cpu_do_interrupt(CPUState *cs)
 cpu_abort(cs, "Unhandled exception 0x%x\n", cs->exception_index);
 return; /* Never happens.  Keep compiler happy.  */
 }
-/* High vectors.  */
-if (env->cp15.c1_sys & SCTLR_V) {
-/* when enabled, base address cannot be remapped.  */
+
+if (new_mode == ARM_CPU_MODE_MON) {
+addr += env->cp15.mvbar;
+} else if (env->cp15.c1_sys & SCTLR_V) {
+/* High vectors. When enabled, base address cannot be remapped. */
 addr += 0x;
 } else {
 /* ARM v7 architectures provide a vector base address register to remap
  * the interrupt vector table.
- * This register is only followed in non-monitor mode, and has a secure
- * and un-secure copy. Since the cpu is always in a un-secure operation
- * and is never in monitor mode this feature is always active.
+ * This register is only followed in non-monitor mode, and is banked.
  * Note: only bits 31:5 are valid.
  */
 addr += env->cp15.vbar_el[1];
-- 
1.9.1

[Qemu-devel] [PULL 02/33] Add the "-semihosting-config" option.

[Peter Maydell]

From: Liviu Ionescu 

The usual semihosting behaviour is to process the system calls locally and
return; unfortuantelly the initial implementation dinamically changed the
target to GDB during debug sessions, which, for the usual arm-none-eabi-gdb,
is not implemented. The result was that during debug sessions the semihosting
calls were discarded.

This patch adds a configuration variable and an option to set it on the
command line:

-semihosting-config [enable=on|off,]target=native|gdb|auto

This option enables semihosting and defines where the semihosting calls will
be addressed, to QEMU ('native') or to GDB ('gdb'). The default is auto, which
means 'gdb' during debug sessions and 'native' otherwise.

Signed-off-by: Liviu Ionescu 
Message-id: 1416341957-9796-1-git-send-email-...@livius.net
[PMM: moved declaration and definition of semihosting_target to
 gdbstub.h and gdbstub.c to fix build failure on linux-user]
Signed-off-by: Peter Maydell 
---
 gdbstub.c  | 15 +--
 include/exec/gdbstub.h |  6 ++
 qemu-options.hx| 12 +++-
 vl.c   | 48 
 4 files changed, 78 insertions(+), 3 deletions(-)

diff --git a/gdbstub.c b/gdbstub.c
index 0faca56..e4a1a79 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -317,6 +317,8 @@ static GDBState *gdbserver_state;
 
 bool gdb_has_xml;
 
+int semihosting_target = SEMIHOSTING_TARGET_AUTO;
+
 #ifdef CONFIG_USER_ONLY
 /* XXX: This is not thread safe.  Do we care?  */
 static int gdbserver_fd = -1;
@@ -351,10 +353,19 @@ static enum {
 GDB_SYS_DISABLED,
 } gdb_syscall_mode;
 
-/* If gdb is connected when the first semihosting syscall occurs then use
-   remote gdb syscalls.  Otherwise use native file IO.  */
+/* Decide if either remote gdb syscalls or native file IO should be used. */
 int use_gdb_syscalls(void)
 {
+if (semihosting_target == SEMIHOSTING_TARGET_NATIVE) {
+/* -semihosting-config target=native */
+return false;
+} else if (semihosting_target == SEMIHOSTING_TARGET_GDB) {
+/* -semihosting-config target=gdb */
+return true;
+}
+
+/* -semihosting-config target=auto */
+/* On the first call check if gdb is connected and remember. */
 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
 : GDB_SYS_DISABLED);
diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
index a608a26..c633248 100644
--- a/include/exec/gdbstub.h
+++ b/include/exec/gdbstub.h
@@ -95,4 +95,10 @@ extern bool gdb_has_xml;
 /* in gdbstub-xml.c, generated by scripts/feature_to_c.sh */
 extern const char *const xml_builtin[][2];
 
+/* Command line option defining whether semihosting should go via gdb or not */
+extern int semihosting_target;
+#define SEMIHOSTING_TARGET_AUTO 0
+#define SEMIHOSTING_TARGET_NATIVE   1
+#define SEMIHOSTING_TARGET_GDB  2
+
 #endif
diff --git a/qemu-options.hx b/qemu-options.hx
index 64af16d..afab995 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3218,7 +3218,17 @@ DEF("semihosting", 0, QEMU_OPTION_semihosting,
 STEXI
 @item -semihosting
 @findex -semihosting
-Semihosting mode (ARM, M68K, Xtensa only).
+Enable semihosting mode (ARM, M68K, Xtensa only).
+ETEXI
+DEF("semihosting-config", HAS_ARG, QEMU_OPTION_semihosting_config,
+"-semihosting-config [enable=on|off,]target=native|gdb|auto   semihosting 
configuration\n",
+QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | QEMU_ARCH_LM32)
+STEXI
+@item -semihosting-config [enable=on|off,]target=native|gdb|auto
+@findex -semihosting-config
+Enable semihosting and define where the semihosting calls will be addressed,
+to QEMU (@code{native}) or to GDB (@code{gdb}). The default is @code{auto}, 
which means
+@code{gdb} during debug sessions and @code{native} otherwise (ARM, M68K, 
Xtensa only).
 ETEXI
 DEF("old-param", 0, QEMU_OPTION_old_param,
 "-old-param  old param mode\n", QEMU_ARCH_ARM)
diff --git a/vl.c b/vl.c
index eb89d62..7cdfd49 100644
--- a/vl.c
+++ b/vl.c
@@ -554,6 +554,22 @@ static QemuOptsList qemu_icount_opts = {
 },
 };
 
+static QemuOptsList qemu_semihosting_config_opts = {
+.name = "semihosting-config",
+.implied_opt_name = "enable",
+.head = QTAILQ_HEAD_INITIALIZER(qemu_semihosting_config_opts.head),
+.desc = {
+{
+.name = "enable",
+.type = QEMU_OPT_BOOL,
+}, {
+.name = "target",
+.type = QEMU_OPT_STRING,
+},
+{ /* end of list */ }
+},
+};
+
 /**
  * Get machine options
  *
@@ -2811,6 +2827,7 @@ int main(int argc, char **argv, char **envp)
 qemu_add_opts(&qemu_name_opts);
 qemu_add_opts(&qemu_numa_opts);
 qemu_add_opts(&qemu_icount_opts);
+qemu_add_opts(&qemu_semihosting_config_opts);
 
 runstate_init();
 
@@ -3618,6 +3635,37 @@ int main(int argc, char **argv, char **envp)
break;

[Qemu-devel] [PULL 08/33] target-arm: add secure state bit to CPREG hash

[Peter Maydell]

Added additional NS-bit to CPREG hash encoding.  Updated hash lookup
locations to specify hash bit currently set to non-secure.

Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-7-git-send-email-greg.bell...@linaro.org
[PMM: fix uses of ENCODE_CP_REG in kvm32.c to add extra argument]
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h   | 25 -
 target-arm/helper.c|  7 ---
 target-arm/kvm32.c |  6 +++---
 target-arm/translate.c | 14 +-
 4 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index dd7d229..532f698 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -879,6 +879,7 @@ void armv7m_nvic_complete_irq(void *opaque, int irq);
  *  Crn, Crm, opc1, opc2 fields
  *  32 or 64 bit register (ie is it accessed via MRC/MCR
  *or via MRRC/MCRR?)
+ *  non-secure/secure bank (AArch32 only)
  * We allow 4 bits for opc1 because MRRC/MCRR have a 4 bit field.
  * (In this case crn and opc2 should be zero.)
  * For AArch64, there is no 32/64 bit size distinction;
@@ -896,9 +897,16 @@ void armv7m_nvic_complete_irq(void *opaque, int irq);
 #define CP_REG_AA64_SHIFT 28
 #define CP_REG_AA64_MASK (1 << CP_REG_AA64_SHIFT)
 
-#define ENCODE_CP_REG(cp, is64, crn, crm, opc1, opc2)   \
-(((cp) << 16) | ((is64) << 15) | ((crn) << 11) |\
- ((crm) << 7) | ((opc1) << 3) | (opc2))
+/* To enable banking of coprocessor registers depending on ns-bit we
+ * add a bit to distinguish between secure and non-secure cpregs in the
+ * hashtable.
+ */
+#define CP_REG_NS_SHIFT 29
+#define CP_REG_NS_MASK (1 << CP_REG_NS_SHIFT)
+
+#define ENCODE_CP_REG(cp, is64, ns, crn, crm, opc1, opc2)   \
+((ns) << CP_REG_NS_SHIFT | ((cp) << 16) | ((is64) << 15) |   \
+ ((crn) << 11) | ((crm) << 7) | ((opc1) << 3) | (opc2))
 
 #define ENCODE_AA64_CP_REG(cp, crn, crm, op0, op1, op2) \
 (CP_REG_AA64_MASK | \
@@ -917,8 +925,15 @@ static inline uint32_t kvm_to_cpreg_id(uint64_t kvmid)
 uint32_t cpregid = kvmid;
 if ((kvmid & CP_REG_ARCH_MASK) == CP_REG_ARM64) {
 cpregid |= CP_REG_AA64_MASK;
-} else if ((kvmid & CP_REG_SIZE_MASK) == CP_REG_SIZE_U64) {
-cpregid |= (1 << 15);
+} else {
+if ((kvmid & CP_REG_SIZE_MASK) == CP_REG_SIZE_U64) {
+cpregid |= (1 << 15);
+}
+
+/* KVM is always non-secure so add the NS flag on AArch32 register
+ * entries.
+ */
+ cpregid |= 1 << CP_REG_NS_SHIFT;
 }
 return cpregid;
 }
diff --git a/target-arm/helper.c b/target-arm/helper.c
index a4483d8..5fc8203 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3287,7 +3287,7 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error 
**errp)
 }
 
 static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
-   void *opaque, int state,
+   void *opaque, int state, int secstate,
int crm, int opc1, int opc2)
 {
 /* Private utility function for define_one_arm_cp_reg_with_opaque():
@@ -3296,6 +3296,7 @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const 
ARMCPRegInfo *r,
 uint32_t *key = g_new(uint32_t, 1);
 ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
 int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
+int ns = (r->secure & ARM_CP_SECSTATE_NS) ? 1 : 0;
 if (r->state == ARM_CP_STATE_BOTH && state == ARM_CP_STATE_AA32) {
 /* The AArch32 view of a shared register sees the lower 32 bits
  * of a 64 bit backing field. It is not migratable as the AArch64
@@ -3327,7 +3328,7 @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const 
ARMCPRegInfo *r,
 *key = ENCODE_AA64_CP_REG(r2->cp, r2->crn, crm,
   r2->opc0, opc1, opc2);
 } else {
-*key = ENCODE_CP_REG(r2->cp, is64, r2->crn, crm, opc1, opc2);
+*key = ENCODE_CP_REG(r2->cp, is64, ns, r2->crn, crm, opc1, opc2);
 }
 if (opaque) {
 r2->opaque = opaque;
@@ -3477,7 +3478,7 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
 continue;
 }
 add_cpreg_to_hashtable(cpu, r, opaque, state,
-   crm, opc1, opc2);
+   ARM_CP_SECSTATE_NS, crm, opc1, 
opc2);
 }
 }
 }
diff --git a/target-arm/kvm32.c b/target-arm/kvm32.c
index 5ec4eb1..a5e67da 100644
--- a/target-arm/kvm32.c
+++ b/target-arm/kvm32.c
@@ -51,17 +51,17 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUClass *ahcc)
 struct kvm_one_reg idregs[] = {
 {
 .id = KVM_REG_ARM | KVM_REG_SIZE_U32
-| ENCODE_CP_REG(15, 0, 0, 0, 0, 0),
+| ENCODE_CP_REG(15, 0, 0, 0, 0, 0, 0),
 .addr = (uintptr_t)&midr,
 },
 {
 .id = KVM_REG_

[Qemu-devel] [PULL 15/33] target-arm: add SCTLR_EL3 and make SCTLR banked

[Peter Maydell]

From: Fabian Aggeler 

Implements SCTLR_EL3 and uses secure/non-secure instance when
needed.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-14-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 hw/arm/pxa2xx.c|  2 +-
 target-arm/cpu.c   |  8 --
 target-arm/cpu.h   | 10 ++-
 target-arm/helper.c| 72 +-
 target-arm/op_helper.c |  2 +-
 5 files changed, 59 insertions(+), 35 deletions(-)

diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 693dfec..11d51af 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -273,7 +273,7 @@ static void pxa2xx_pwrmode_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 case 3:
 s->cpu->env.uncached_cpsr = ARM_CPU_MODE_SVC;
 s->cpu->env.daif = PSTATE_A | PSTATE_F | PSTATE_I;
-s->cpu->env.cp15.c1_sys = 0;
+s->cpu->env.cp15.sctlr_ns = 0;
 s->cpu->env.cp15.c1_coproc = 0;
 s->cpu->env.cp15.ttbr0_el1 = 0;
 s->cpu->env.cp15.c3 = 0;
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 5ce7350..fdb7b35 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -109,7 +109,7 @@ static void arm_cpu_reset(CPUState *s)
 #if defined(CONFIG_USER_ONLY)
 env->pstate = PSTATE_MODE_EL0t;
 /* Userspace expects access to DC ZVA, CTL_EL0 and the cache ops */
-env->cp15.c1_sys |= SCTLR_UCT | SCTLR_UCI | SCTLR_DZE;
+env->cp15.sctlr_el[1] |= SCTLR_UCT | SCTLR_UCI | SCTLR_DZE;
 /* and to the FP/Neon instructions */
 env->cp15.c1_coproc = deposit64(env->cp15.c1_coproc, 20, 2, 3);
 #else
@@ -167,7 +167,11 @@ static void arm_cpu_reset(CPUState *s)
 env->thumb = initial_pc & 1;
 }
 
-if (env->cp15.c1_sys & SCTLR_V) {
+/* AArch32 has a hard highvec setting of 0x.  If we are currently
+ * executing as AArch32 then check if highvecs are enabled and
+ * adjust the PC accordingly.
+ */
+if (A32_BANKED_CURRENT_REG_GET(env, sctlr) & SCTLR_V) {
 env->regs[15] = 0x;
 }
 
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index cdf2dd7..6559aa8 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -178,7 +178,15 @@ typedef struct CPUARMState {
 struct {
 uint32_t c0_cpuid;
 uint64_t c0_cssel; /* Cache size selection.  */
-uint64_t c1_sys; /* System control register.  */
+union { /* System control register. */
+struct {
+uint64_t _unused_sctlr;
+uint64_t sctlr_ns;
+uint64_t hsctlr;
+uint64_t sctlr_s;
+};
+uint64_t sctlr_el[4];
+};
 uint64_t c1_coproc; /* Coprocessor access register.  */
 uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
 uint64_t sder; /* Secure debug enable register. */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 412c465..769a182 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1908,7 +1908,7 @@ static void aa64_fpsr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 
 static CPAccessResult aa64_daif_access(CPUARMState *env, const ARMCPRegInfo 
*ri)
 {
-if (arm_current_el(env) == 0 && !(env->cp15.c1_sys & SCTLR_UMA)) {
+if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UMA)) {
 return CP_ACCESS_TRAP;
 }
 return CP_ACCESS_OK;
@@ -1926,7 +1926,7 @@ static CPAccessResult aa64_cacheop_access(CPUARMState 
*env,
 /* Cache invalidate/clean: NOP, but EL0 must UNDEF unless
  * SCTLR_EL1.UCI is set.
  */
-if (arm_current_el(env) == 0 && !(env->cp15.c1_sys & SCTLR_UCI)) {
+if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UCI)) {
 return CP_ACCESS_TRAP;
 }
 return CP_ACCESS_OK;
@@ -2003,7 +2003,7 @@ static CPAccessResult aa64_zva_access(CPUARMState *env, 
const ARMCPRegInfo *ri)
 /* We don't implement EL2, so the only control on DC ZVA is the
  * bit in the SCTLR which can prohibit access for EL0.
  */
-if (arm_current_el(env) == 0 && !(env->cp15.c1_sys & SCTLR_DZE)) {
+if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_DZE)) {
 return CP_ACCESS_TRAP;
 }
 return CP_ACCESS_OK;
@@ -2042,6 +2042,24 @@ static void spsel_write(CPUARMState *env, const 
ARMCPRegInfo *ri, uint64_t val)
 update_spsel(env, val);
 }
 
+static void sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+ARMCPU *cpu = arm_env_get_cpu(env);
+
+if (raw_read(env, ri) == value) {
+/* Skip the TLB flush if nothing actually changed; Linux likes
+ * to do a lot of pointless SCTLR writes.
+ */
+return;
+}
+
+raw_write(env, ri, value);
+/* ??? Lots of these bits are not implemented.  */
+/* This may enable/disable the MMU, so do a TLB flush.  */
+tlb_flush(CPU(cpu), 

[Qemu-devel] [PULL 13/33] target-arm: add SDER definition

[Peter Maydell]

From: Greg Bellows 

Added CP register defintions for SDER and SDER32_EL3 as well as cp15.sder for
register storage.

Signed-off-by: Sergey Fedorov 
Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-12-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h| 1 +
 target-arm/helper.c | 8 
 2 files changed, 9 insertions(+)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 2afe93a..12bd6ec 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -181,6 +181,7 @@ typedef struct CPUARMState {
 uint64_t c1_sys; /* System control register.  */
 uint64_t c1_coproc; /* Coprocessor access register.  */
 uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
+uint64_t sder; /* Secure debug enable register. */
 uint32_t nsacr; /* Non-secure access control register. */
 uint64_t ttbr0_el1; /* MMU translation table base 0. */
 uint64_t ttbr1_el1; /* MMU translation table base 1. */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index ace7ef9..0d49489 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2344,6 +2344,14 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
   .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 0,
   .access = PL3_RW, .fieldoffset = offsetoflow32(CPUARMState, 
cp15.scr_el3),
   .resetfn = arm_cp_reset_ignore, .writefn = scr_write },
+{ .name = "SDER32_EL3", .state = ARM_CP_STATE_AA64,
+  .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 1,
+  .access = PL3_RW, .resetvalue = 0,
+  .fieldoffset = offsetof(CPUARMState, cp15.sder) },
+{ .name = "SDER",
+  .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 1,
+  .access = PL3_RW, .resetvalue = 0,
+  .fieldoffset = offsetoflow32(CPUARMState, cp15.sder) },
   /* TODO: Implement NSACR trapping of secure EL1 accesses to EL3 */
 { .name = "NSACR", .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 2,
   .access = PL3_W | PL1_R, .resetvalue = 0,
-- 
1.9.1

[Qemu-devel] [PULL 05/33] target-arm: add banked register accessors

[Peter Maydell]

From: Fabian Aggeler 

If EL3 is in AArch32 state certain cp registers are banked (secure and
non-secure instance). When reading or writing to coprocessor registers
the following macros can be used.

- A32_BANKED macros are used for choosing the banked register based on provided
  input security argument.  This macro is used to choose the bank during
  translation of MRC/MCR instructions that are dependent on something other
  than the current secure state.
- A32_BANKED_CURRENT macros are used for choosing the banked register based on
  current secure state.  This is NOT to be used for choosing the bank used
  during translation as it breaks monitor mode.

If EL3 is operating in AArch64 state coprocessor registers are not
banked anymore. The macros use the non-secure instance (_ns) in this
case, which is architecturally mapped to the AArch64 EL register.

Signed-off-by: Sergey Fedorov 
Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-4-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h | 27 +++
 1 file changed, 27 insertions(+)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 810cc0b..1ad5d38 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -817,6 +817,33 @@ static inline bool arm_el_is_aa64(CPUARMState *env, int el)
 return arm_feature(env, ARM_FEATURE_AARCH64);
 }
 
+/* Macros for accessing a specified CP register bank */
+#define A32_BANKED_REG_GET(_env, _regname, _secure)\
+((_secure) ? (_env)->cp15._regname##_s : (_env)->cp15._regname##_ns)
+
+#define A32_BANKED_REG_SET(_env, _regname, _secure, _val)   \
+do {\
+if (_secure) {   \
+(_env)->cp15._regname##_s = (_val);\
+} else {\
+(_env)->cp15._regname##_ns = (_val);   \
+}   \
+} while (0)
+
+/* Macros for automatically accessing a specific CP register bank depending on
+ * the current secure state of the system.  These macros are not intended for
+ * supporting instruction translation reads/writes as these are dependent
+ * solely on the SCR.NS bit and not the mode.
+ */
+#define A32_BANKED_CURRENT_REG_GET(_env, _regname)\
+A32_BANKED_REG_GET((_env), _regname,\
+   ((!arm_el_is_aa64((_env), 3) && arm_is_secure(_env
+
+#define A32_BANKED_CURRENT_REG_SET(_env, _regname, _val)   
\
+A32_BANKED_REG_SET((_env), _regname,\
+   ((!arm_el_is_aa64((_env), 3) && arm_is_secure(_env))),  
\
+   (_val))
+
 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf);
 unsigned int arm_excp_target_el(CPUState *cs, unsigned int excp_idx);
 
-- 
1.9.1

[Qemu-devel] [PULL 09/33] target-arm: insert AArch32 cpregs twice into hashtable

[Peter Maydell]

From: Fabian Aggeler 

Prepare for cp register banking by inserting every cp register twice,
once for secure world and once for non-secure world.

Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-8-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/helper.c | 98 +++--
 1 file changed, 81 insertions(+), 17 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 5fc8203..96284f1 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3296,23 +3296,59 @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const 
ARMCPRegInfo *r,
 uint32_t *key = g_new(uint32_t, 1);
 ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
 int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
-int ns = (r->secure & ARM_CP_SECSTATE_NS) ? 1 : 0;
-if (r->state == ARM_CP_STATE_BOTH && state == ARM_CP_STATE_AA32) {
-/* The AArch32 view of a shared register sees the lower 32 bits
- * of a 64 bit backing field. It is not migratable as the AArch64
- * view handles that. AArch64 also handles reset.
- * We assume it is a cp15 register if the .cp field is left unset.
+int ns = (secstate & ARM_CP_SECSTATE_NS) ? 1 : 0;
+
+/* Reset the secure state to the specific incoming state.  This is
+ * necessary as the register may have been defined with both states.
+ */
+r2->secure = secstate;
+
+if (r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1]) {
+/* Register is banked (using both entries in array).
+ * Overwriting fieldoffset as the array is only used to define
+ * banked registers but later only fieldoffset is used.
  */
-if (r2->cp == 0) {
-r2->cp = 15;
+r2->fieldoffset = r->bank_fieldoffsets[ns];
+}
+
+if (state == ARM_CP_STATE_AA32) {
+if (r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1]) {
+/* If the register is banked then we don't need to migrate or
+ * reset the 32-bit instance in certain cases:
+ *
+ * 1) If the register has both 32-bit and 64-bit instances then we
+ *can count on the 64-bit instance taking care of the
+ *non-secure bank.
+ * 2) If ARMv8 is enabled then we can count on a 64-bit version
+ *taking care of the secure bank.  This requires that separate
+ *32 and 64-bit definitions are provided.
+ */
+if ((r->state == ARM_CP_STATE_BOTH && ns) ||
+(arm_feature(&cpu->env, ARM_FEATURE_V8) && !ns)) {
+r2->type |= ARM_CP_NO_MIGRATE;
+r2->resetfn = arm_cp_reset_ignore;
+}
+} else if ((secstate != r->secure) && !ns) {
+/* The register is not banked so we only want to allow migration of
+ * the non-secure instance.
+ */
+r2->type |= ARM_CP_NO_MIGRATE;
+r2->resetfn = arm_cp_reset_ignore;
 }
-r2->type |= ARM_CP_NO_MIGRATE;
-r2->resetfn = arm_cp_reset_ignore;
+
+if (r->state == ARM_CP_STATE_BOTH) {
+/* We assume it is a cp15 register if the .cp field is left unset.
+ */
+if (r2->cp == 0) {
+r2->cp = 15;
+}
+
 #ifdef HOST_WORDS_BIGENDIAN
-if (r2->fieldoffset) {
-r2->fieldoffset += sizeof(uint32_t);
-}
+if (r2->fieldoffset) {
+r2->fieldoffset += sizeof(uint32_t);
+}
 #endif
+}
 }
 if (state == ARM_CP_STATE_AA64) {
 /* To allow abbreviation of ARMCPRegInfo
@@ -3461,10 +3497,14 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
  */
 if (!(r->type & (ARM_CP_SPECIAL|ARM_CP_CONST))) {
 if (r->access & PL3_R) {
-assert(r->fieldoffset || r->readfn);
+assert((r->fieldoffset ||
+   (r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1])) ||
+   r->readfn);
 }
 if (r->access & PL3_W) {
-assert(r->fieldoffset || r->writefn);
+assert((r->fieldoffset ||
+   (r->bank_fieldoffsets[0] && r->bank_fieldoffsets[1])) ||
+   r->writefn);
 }
 }
 /* Bad type field probably means missing sentinel at end of reg list */
@@ -3477,8 +3517,32 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
 if (r->state != state && r->state != ARM_CP_STATE_BOTH) {
 continue;
 }
-add_cpreg_to_hashtable(cpu, r, opaque, state,
-   ARM_CP_SECSTATE_NS, crm, opc1, 
opc2);
+if (state == ARM_CP_STATE_AA32) {
+/* Under AArch32 CP registers can be common
+ * (same for sec

[Qemu-devel] [PULL 01/33] Pass semihosting exit code back to system.

[Peter Maydell]

From: Liviu Ionescu 

In order to run unit tests under semihosting, it is necessary to pass the
application exit code back to the system.

ARM defines only the code to be used for non-error application exit
(ADP_Stopped_ApplicationExit), all other codes should return non-zero
exit codes.

This patch checks if the application code passed via TARGET_SYS_EXIT is
ADP_Stopped_ApplicationExit, and return 0, otherwise return 1.

Signed-off-by: Liviu Ionescu 
Signed-off-by: Peter Maydell 
---
 target-arm/arm-semi.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/target-arm/arm-semi.c b/target-arm/arm-semi.c
index ebb5235..a8b83e6 100644
--- a/target-arm/arm-semi.c
+++ b/target-arm/arm-semi.c
@@ -58,6 +58,10 @@
 #define TARGET_SYS_HEAPINFO0x16
 #define TARGET_SYS_EXIT0x18
 
+/* ADP_Stopped_ApplicationExit is used for exit(0),
+ * anything else is implemented as exit(1) */
+#define ADP_Stopped_ApplicationExit (0x20026)
+
 #ifndef O_BINARY
 #define O_BINARY 0
 #endif
@@ -551,8 +555,11 @@ uint32_t do_arm_semihosting(CPUARMState *env)
 return 0;
 }
 case TARGET_SYS_EXIT:
-gdb_exit(env, 0);
-exit(0);
+/* ARM specifies only Stopped_ApplicationExit as normal
+ * exit, everything else is considered an error */
+ret = (args == ADP_Stopped_ApplicationExit) ? 0 : 1;
+gdb_exit(env, ret);
+exit(ret);
 default:
 fprintf(stderr, "qemu: Unsupported SemiHosting SWI 0x%02x\n", nr);
 cpu_dump_state(cs, stderr, fprintf, 0);
-- 
1.9.1

Re: [Qemu-devel] [PATCH v2] pc: acpi-build: make linker & RSDP tables dynamic

[Igor Mammedov]

On Thu, 11 Dec 2014 13:41:07 +0200
Marcel Apfelbaum  wrote:

> On Thu, 2014-12-11 at 12:23 +0100, Igor Mammedov wrote:
> > On Thu, 11 Dec 2014 11:18:50 +0200
> > Marcel Apfelbaum  wrote:
> > 
> > > On Thu, 2014-12-11 at 09:10 +, Igor Mammedov wrote:
> > > > linker and RSDP tables are build only once, so if later
> > > > during rebuild sizes of other ACPI tables change
> > > > pointers will be patched incorrectly due to wrong
> > > > offsets.
> > > > 
> > > > To fix it rebuild linker and RSDP tables along with
> > > > the rest of ACPI tables so that they would have correct
> > > > offsets.
> > > > 
> > > > Here is a simple reproducer:
> > > >  1: hotplug bridge using command:
> > > >  device_add pci-bridge,chassis_nr=1
> > > >  2: reset system from monitor:
> > > >  system_reset
> > > > 
> > > > As result pointers to ACPI tables are not correct
> > > > and guest can't read/parse ACPI tables.
> > > > 
> > > > Windows guests just refuse to boot and
> > > > Linux guests are more resilient and try to boot without
> > > > ACPI, sometimes successfully.
> > > > 
> > > > keep brokenness in 2.1 and older machine types for
> > > > the sake of migration. 2.2.0 can't be helped but we
> > > > can fix it with 2.2.1
> > > 
> > > Hi Igor,
> > > I followed the prev conversation and I agree with the patch,
> > > I do have one question:
> > > Why you didn't set has_imutable_rsdp to true for 2.2.0 machines?
> > > What is special about it? I think I missed it.
> > V1 was only from 2.3 leaving 2.2 broken, but Michael asked
> > about fixing 2.2 as well.
> > 
> > Since 2.2.0 is out we can't fix it without breaking migration
> > whichever way we choose to fix it, but we can fix 2.2 machine
> > in 2.2.1 at least allowing downstream to pickup and ship
> > fixed version without shipping broken one.
> This I understood, but it doesn't answer my question (I think...)
> I will rephrase:
> Machines < 2.2 have has_imutable_rsdp = true => remain the same 
> Machines >= 2.3 have has_imutable_rsdp = false => new functionality
> 
> For Machine 2.2 we *also* have has_imutable_rsdp = false => new
> functionality, not old. Am I right? If yes, why not retaining the
> same policy for 2.2 as we did for 2.1 and less?
It would break migration due to missing rsdp section i.e.
QEMU-2.1 -M pc-2.1 => QEMU-2.3 -M pc-2.1

> 
> This was my question, forgive me if it wasn't clear
> Thanks,
> Marcel
> 
> > 
> > > 
> > > Thanks,
> > > Marcel
> > > 
> > > > 
> > > > Signed-off-by: Igor Mammedov 
> > > > ---
> > > > v2:
> > > >   move compat fix to 2.1 machine type,
> > > >suggsted by: "Michael S. Tsirkin" 
> > > > ---
> > > >  hw/i386/acpi-build.c | 30 +++---
> > > >  hw/i386/pc_piix.c|  3 +++
> > > >  hw/i386/pc_q35.c |  3 +++
> > > >  include/hw/i386/pc.h |  1 +
> > > >  4 files changed, 30 insertions(+), 7 deletions(-)
> > > > 
> > > > diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> > > > index b37a397..4d2452d 100644
> > > > --- a/hw/i386/acpi-build.c
> > > > +++ b/hw/i386/acpi-build.c
> > > > @@ -1509,6 +1509,10 @@ struct AcpiBuildState {
> > > >  /* Copy of table in RAM (for patching). */
> > > >  ram_addr_t table_ram;
> > > >  uint32_t table_size;
> > > > +ram_addr_t linker_ram;
> > > > +uint32_t linker_size;
> > > > +ram_addr_t rsdp_ram;
> > > > +uint32_t rsdp_size;
> > > >  /* Is table patched? */
> > > >  uint8_t patched;
> > > >  PcGuestInfo *guest_info;
> > > > @@ -1714,6 +1718,10 @@ static void acpi_build_update(void 
> > > > *build_opaque, uint32_t offset)
> > > >  assert(acpi_data_len(tables.table_data) == 
> > > > build_state->table_size);
> > > >  memcpy(qemu_get_ram_ptr(build_state->table_ram), 
> > > > tables.table_data->data,
> > > > build_state->table_size);
> > > > +memcpy(qemu_get_ram_ptr(build_state->linker_ram), 
> > > > tables.linker->data,
> > > > +   build_state->linker_size);
> > > > +memcpy(qemu_get_ram_ptr(build_state->rsdp_ram), tables.rsdp->data,
> > > > +   build_state->rsdp_size);
> > > >  
> > > >  cpu_physical_memory_set_dirty_range_nocode(build_state->table_ram,
> > > > 
> > > > build_state->table_size);
> > > > @@ -1779,17 +1787,25 @@ void acpi_setup(PcGuestInfo *guest_info)
> > > >  assert(build_state->table_ram != RAM_ADDR_MAX);
> > > >  build_state->table_size = acpi_data_len(tables.table_data);
> > > >  
> > > > -acpi_add_rom_blob(NULL, tables.linker, "etc/table-loader");
> > > > +build_state->linker_ram = acpi_add_rom_blob(build_state, 
> > > > tables.linker,
> > > > +"etc/table-loader");
> > > > +build_state->linker_size = acpi_data_len(tables.linker);
> > > >  
> > > >  fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
> > > >  tables.tcpalog->data, 
> > > > acpi_data_len(tables.tcpalog));
> > > >  
> > > > -/*
> > > > - 

[Qemu-devel] [PULL 06/33] target-arm: add non-secure Translation Block flag

[Peter Maydell]

From: Sergey Fedorov 

This patch is based on idea found in patch at
git://github.com/jowinter/qemu-trustzone.git
f3d955c6c0ed8c46bc0eb10b634201032a651dd2 by
Johannes Winter .

The TBFLAG captures the SCR NS secure state at the time when a TB is created so
the correct bank is accessed on system register accesses.

Signed-off-by: Sergey Fedorov 
Signed-off-by: Fabian Aggeler 
Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-5-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h   | 27 +++
 target-arm/translate.c |  1 +
 target-arm/translate.h |  1 +
 3 files changed, 29 insertions(+)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 1ad5d38..6881098 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -817,6 +817,22 @@ static inline bool arm_el_is_aa64(CPUARMState *env, int el)
 return arm_feature(env, ARM_FEATURE_AARCH64);
 }
 
+/* Function for determing whether guest cp register reads and writes should
+ * access the secure or non-secure bank of a cp register.  When EL3 is
+ * operating in AArch32 state, the NS-bit determines whether the secure
+ * instance of a cp register should be used. When EL3 is AArch64 (or if
+ * it doesn't exist at all) then there is no register banking, and all
+ * accesses are to the non-secure version.
+ */
+static inline bool access_secure_reg(CPUARMState *env)
+{
+bool ret = (arm_feature(env, ARM_FEATURE_EL3) &&
+!arm_el_is_aa64(env, 3) &&
+!(env->cp15.scr_el3 & SCR_NS));
+
+return ret;
+}
+
 /* Macros for accessing a specified CP register bank */
 #define A32_BANKED_REG_GET(_env, _regname, _secure)\
 ((_secure) ? (_env)->cp15._regname##_s : (_env)->cp15._regname##_ns)
@@ -1467,6 +1483,12 @@ static inline bool arm_singlestep_active(CPUARMState 
*env)
  */
 #define ARM_TBFLAG_XSCALE_CPAR_SHIFT 20
 #define ARM_TBFLAG_XSCALE_CPAR_MASK (3 << ARM_TBFLAG_XSCALE_CPAR_SHIFT)
+/* Indicates whether cp register reads and writes by guest code should access
+ * the secure or nonsecure bank of banked registers; note that this is not
+ * the same thing as the current security state of the processor!
+ */
+#define ARM_TBFLAG_NS_SHIFT 22
+#define ARM_TBFLAG_NS_MASK  (1 << ARM_TBFLAG_NS_SHIFT)
 
 /* Bit usage when in AArch64 state */
 #define ARM_TBFLAG_AA64_EL_SHIFT0
@@ -1511,6 +1533,8 @@ static inline bool arm_singlestep_active(CPUARMState *env)
 (((F) & ARM_TBFLAG_AA64_SS_ACTIVE_MASK) >> ARM_TBFLAG_AA64_SS_ACTIVE_SHIFT)
 #define ARM_TBFLAG_AA64_PSTATE_SS(F) \
 (((F) & ARM_TBFLAG_AA64_PSTATE_SS_MASK) >> ARM_TBFLAG_AA64_PSTATE_SS_SHIFT)
+#define ARM_TBFLAG_NS(F) \
+(((F) & ARM_TBFLAG_NS_MASK) >> ARM_TBFLAG_NS_SHIFT)
 
 static inline void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
 target_ulong *cs_base, int *flags)
@@ -1560,6 +1584,9 @@ static inline void cpu_get_tb_cpu_state(CPUARMState *env, 
target_ulong *pc,
 if (privmode) {
 *flags |= ARM_TBFLAG_PRIV_MASK;
 }
+if (!(access_secure_reg(env))) {
+*flags |= ARM_TBFLAG_NS_MASK;
+}
 if (env->vfp.xregs[ARM_VFP_FPEXC] & (1 << 30)
 || arm_el_is_aa64(env, 1)) {
 *flags |= ARM_TBFLAG_VFPEN_MASK;
diff --git a/target-arm/translate.c b/target-arm/translate.c
index af51568..17c459a 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -11031,6 +11031,7 @@ static inline void 
gen_intermediate_code_internal(ARMCPU *cpu,
 #if !defined(CONFIG_USER_ONLY)
 dc->user = (ARM_TBFLAG_PRIV(tb->flags) == 0);
 #endif
+dc->ns = ARM_TBFLAG_NS(tb->flags);
 dc->cpacr_fpen = ARM_TBFLAG_CPACR_FPEN(tb->flags);
 dc->vfp_enabled = ARM_TBFLAG_VFPEN(tb->flags);
 dc->vec_len = ARM_TBFLAG_VECLEN(tb->flags);
diff --git a/target-arm/translate.h b/target-arm/translate.h
index 41a9071..f6ee789 100644
--- a/target-arm/translate.h
+++ b/target-arm/translate.h
@@ -20,6 +20,7 @@ typedef struct DisasContext {
 #if !defined(CONFIG_USER_ONLY)
 int user;
 #endif
+bool ns;/* Use non-secure CPREG bank on access */
 bool cpacr_fpen; /* FP enabled via CPACR.FPEN */
 bool vfp_enabled; /* FP enabled via FPSCR.EN */
 int vec_len;
-- 
1.9.1

[Qemu-devel] [PULL 04/33] target-arm: add async excp target_el function

[Peter Maydell]

From: Greg Bellows 

Adds a dedicated function and a lookup table for determining the target
exception level of IRQ and FIQ exceptions.  The lookup table is taken from the
ARMv7 and ARMv8 specification exception routing tables.

Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-3-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/helper.c | 116 +++-
 1 file changed, 97 insertions(+), 19 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index b74d348..a4483d8 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3761,6 +3761,101 @@ void switch_mode(CPUARMState *env, int mode)
 env->spsr = env->banked_spsr[i];
 }
 
+/* Physical Interrupt Target EL Lookup Table
+ *
+ * [ From ARM ARM section G1.13.4 (Table G1-15) ]
+ *
+ * The below multi-dimensional table is used for looking up the target
+ * exception level given numerous condition criteria.  Specifically, the
+ * target EL is based on SCR and HCR routing controls as well as the
+ * currently executing EL and secure state.
+ *
+ *Dimensions:
+ *target_el_table[2][2][2][2][2][4]
+ *|  |  |  |  |  +--- Current EL
+ *|  |  |  |  +-- Non-secure(0)/Secure(1)
+ *|  |  |  +- HCR mask override
+ *|  |  + SCR exec state control
+ *|  +--- SCR mask override
+ *+-- 32-bit(0)/64-bit(1) EL3
+ *
+ *The table values are as such:
+ *0-3 = EL0-EL3
+ * -1 = Cannot occur
+ *
+ * The ARM ARM target EL table includes entries indicating that an "exception
+ * is not taken".  The two cases where this is applicable are:
+ *1) An exception is taken from EL3 but the SCR does not have the exception
+ *routed to EL3.
+ *2) An exception is taken from EL2 but the HCR does not have the exception
+ *routed to EL2.
+ * In these two cases, the below table contain a target of EL1.  This value is
+ * returned as it is expected that the consumer of the table data will check
+ * for "target EL >= current EL" to ensure the exception is not taken.
+ *
+ *SCR HCR
+ * 64  EA AMO From
+ *BIT IRQ IMO  Non-secure Secure
+ *EL3 FIQ  RW FMO   EL0 EL1 EL2 EL3   EL0 EL1 EL2 EL3
+ */
+const int8_t target_el_table[2][2][2][2][2][4] = {
+/* 0   0   0   0 */{ 1,  1,  2, -1 },{ 3, -1, -1,  3 },},
+   {/* 0   0   0   1 */{ 2,  2,  2, -1 },{ 3, -1, -1,  3 },},},
+  {{/* 0   0   1   0 */{ 1,  1,  2, -1 },{ 3, -1, -1,  3 },},
+   {/* 0   0   1   1 */{ 2,  2,  2, -1 },{ 3, -1, -1,  3 },},},},
+ {{{/* 0   1   0   0 */{ 3,  3,  3, -1 },{ 3, -1, -1,  3 },},
+   {/* 0   1   0   1 */{ 3,  3,  3, -1 },{ 3, -1, -1,  3 },},},
+  {{/* 0   1   1   0 */{ 3,  3,  3, -1 },{ 3, -1, -1,  3 },},
+   {/* 0   1   1   1 */{ 3,  3,  3, -1 },{ 3, -1, -1,  3 },},},},},
+/* 1   0   0   0 */{ 1,  1,  2, -1 },{ 1,  1, -1,  1 },},
+   {/* 1   0   0   1 */{ 2,  2,  2, -1 },{ 1,  1, -1,  1 },},},
+  {{/* 1   0   1   0 */{ 1,  1,  1, -1 },{ 1,  1, -1,  1 },},
+   {/* 1   0   1   1 */{ 2,  2,  2, -1 },{ 1,  1, -1,  1 },},},},
+ {{{/* 1   1   0   0 */{ 3,  3,  3, -1 },{ 3,  3, -1,  3 },},
+   {/* 1   1   0   1 */{ 3,  3,  3, -1 },{ 3,  3, -1,  3 },},},
+  {{/* 1   1   1   0 */{ 3,  3,  3, -1 },{ 3,  3, -1,  3 },},
+   {/* 1   1   1   1 */{ 3,  3,  3, -1 },{ 3,  3, -1,  3 },},},},},
+};
+
+/*
+ * Determine the target EL for physical exceptions
+ */
+static inline uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
+uint32_t cur_el, bool secure)
+{
+CPUARMState *env = cs->env_ptr;
+int rw = ((env->cp15.scr_el3 & SCR_RW) == SCR_RW);
+int scr;
+int hcr;
+int target_el;
+int is64 = arm_el_is_aa64(env, 3);
+
+switch (excp_idx) {
+case EXCP_IRQ:
+scr = ((env->cp15.scr_el3 & SCR_IRQ) == SCR_IRQ);
+hcr = ((env->cp15.hcr_el2 & HCR_IMO) == HCR_IMO);
+break;
+case EXCP_FIQ:
+scr = ((env->cp15.scr_el3 & SCR_FIQ) == SCR_FIQ);
+hcr = ((env->cp15.hcr_el2 & HCR_FMO) == HCR_FMO);
+break;
+default:
+scr = ((env->cp15.scr_el3 & SCR_EA) == SCR_EA);
+hcr = ((env->cp15.hcr_el2 & HCR_AMO) == HCR_AMO);
+break;
+};
+
+/* If HCR.TGE is set then HCR is treated as being 1 */
+hcr |= ((env->cp15.hcr_el2 & HCR_TGE) == HCR_TGE);
+
+/* Perform a table-lookup for the target EL given the current state */
+target_el = target_el_table[is64][scr][rw][hcr][secure][cur_el];
+
+assert(target_el > 0);
+
+return target_el;
+}
+
 /*
  * Determine the target EL for a given exception type.
  */
@@ -3770,13 +3865,7 @@ unsigned int arm_excp_target_el(CPUState *cs, unsigned 
int excp_idx)
 CPUARMState *en

Re: [Qemu-devel] [PATCH v2] pc: acpi-build: make linker & RSDP tables dynamic

[Michael S. Tsirkin]

On Thu, Dec 11, 2014 at 01:21:13PM +0100, Igor Mammedov wrote:
> On Thu, 11 Dec 2014 13:41:07 +0200
> Marcel Apfelbaum  wrote:
> 
> > On Thu, 2014-12-11 at 12:23 +0100, Igor Mammedov wrote:
> > > On Thu, 11 Dec 2014 11:18:50 +0200
> > > Marcel Apfelbaum  wrote:
> > > 
> > > > On Thu, 2014-12-11 at 09:10 +, Igor Mammedov wrote:
> > > > > linker and RSDP tables are build only once, so if later
> > > > > during rebuild sizes of other ACPI tables change
> > > > > pointers will be patched incorrectly due to wrong
> > > > > offsets.
> > > > > 
> > > > > To fix it rebuild linker and RSDP tables along with
> > > > > the rest of ACPI tables so that they would have correct
> > > > > offsets.
> > > > > 
> > > > > Here is a simple reproducer:
> > > > >  1: hotplug bridge using command:
> > > > >  device_add pci-bridge,chassis_nr=1
> > > > >  2: reset system from monitor:
> > > > >  system_reset
> > > > > 
> > > > > As result pointers to ACPI tables are not correct
> > > > > and guest can't read/parse ACPI tables.
> > > > > 
> > > > > Windows guests just refuse to boot and
> > > > > Linux guests are more resilient and try to boot without
> > > > > ACPI, sometimes successfully.
> > > > > 
> > > > > keep brokenness in 2.1 and older machine types for
> > > > > the sake of migration. 2.2.0 can't be helped but we
> > > > > can fix it with 2.2.1
> > > > 
> > > > Hi Igor,
> > > > I followed the prev conversation and I agree with the patch,
> > > > I do have one question:
> > > > Why you didn't set has_imutable_rsdp to true for 2.2.0 machines?
> > > > What is special about it? I think I missed it.
> > > V1 was only from 2.3 leaving 2.2 broken, but Michael asked
> > > about fixing 2.2 as well.
> > > 
> > > Since 2.2.0 is out we can't fix it without breaking migration
> > > whichever way we choose to fix it, but we can fix 2.2 machine
> > > in 2.2.1 at least allowing downstream to pickup and ship
> > > fixed version without shipping broken one.
> > This I understood, but it doesn't answer my question (I think...)
> > I will rephrase:
> > Machines < 2.2 have has_imutable_rsdp = true => remain the same 
> > Machines >= 2.3 have has_imutable_rsdp = false => new functionality
> > 
> > For Machine 2.2 we *also* have has_imutable_rsdp = false => new
> > functionality, not old. Am I right? If yes, why not retaining the
> > same policy for 2.2 as we did for 2.1 and less?
> It would break migration due to missing rsdp section i.e.
> QEMU-2.1 -M pc-2.1 => QEMU-2.3 -M pc-2.1

Igor, could you create a minimal bugfix patch appropriate
for stable?
I think something along the lines of the patch I sent
would be the most appropriate.


> > 
> > This was my question, forgive me if it wasn't clear
> > Thanks,
> > Marcel
> > 
> > > 
> > > > 
> > > > Thanks,
> > > > Marcel
> > > > 
> > > > > 
> > > > > Signed-off-by: Igor Mammedov 
> > > > > ---
> > > > > v2:
> > > > >   move compat fix to 2.1 machine type,
> > > > >suggsted by: "Michael S. Tsirkin" 
> > > > > ---
> > > > >  hw/i386/acpi-build.c | 30 +++---
> > > > >  hw/i386/pc_piix.c|  3 +++
> > > > >  hw/i386/pc_q35.c |  3 +++
> > > > >  include/hw/i386/pc.h |  1 +
> > > > >  4 files changed, 30 insertions(+), 7 deletions(-)
> > > > > 
> > > > > diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> > > > > index b37a397..4d2452d 100644
> > > > > --- a/hw/i386/acpi-build.c
> > > > > +++ b/hw/i386/acpi-build.c
> > > > > @@ -1509,6 +1509,10 @@ struct AcpiBuildState {
> > > > >  /* Copy of table in RAM (for patching). */
> > > > >  ram_addr_t table_ram;
> > > > >  uint32_t table_size;
> > > > > +ram_addr_t linker_ram;
> > > > > +uint32_t linker_size;
> > > > > +ram_addr_t rsdp_ram;
> > > > > +uint32_t rsdp_size;
> > > > >  /* Is table patched? */
> > > > >  uint8_t patched;
> > > > >  PcGuestInfo *guest_info;
> > > > > @@ -1714,6 +1718,10 @@ static void acpi_build_update(void 
> > > > > *build_opaque, uint32_t offset)
> > > > >  assert(acpi_data_len(tables.table_data) == 
> > > > > build_state->table_size);
> > > > >  memcpy(qemu_get_ram_ptr(build_state->table_ram), 
> > > > > tables.table_data->data,
> > > > > build_state->table_size);
> > > > > +memcpy(qemu_get_ram_ptr(build_state->linker_ram), 
> > > > > tables.linker->data,
> > > > > +   build_state->linker_size);
> > > > > +memcpy(qemu_get_ram_ptr(build_state->rsdp_ram), 
> > > > > tables.rsdp->data,
> > > > > +   build_state->rsdp_size);
> > > > >  
> > > > >  
> > > > > cpu_physical_memory_set_dirty_range_nocode(build_state->table_ram,
> > > > > 
> > > > > build_state->table_size);
> > > > > @@ -1779,17 +1787,25 @@ void acpi_setup(PcGuestInfo *guest_info)
> > > > >  assert(build_state->table_ram != RAM_ADDR_MAX);
> > > > >  build_state->table_size = acpi_data_len(tables.table_data);
> > > > >  
> > > > > -acpi_add_rom_blob(NULL, tables.linker, "e

[Qemu-devel] [PULL 03/33] target-arm: extend async excp masking

[Peter Maydell]

From: Greg Bellows 

This patch extends arm_excp_unmasked() to use lookup tables for determining
whether IRQ and FIQ exceptions are masked.  The lookup tables are based on the
ARMv8 and ARMv7 specification physical interrupt masking tables.

If EL3 is using AArch64 IRQ/FIQ masking is ignored in all exception levels
other than EL3 if SCR.{FIQ|IRQ} is set to 1 (routed to EL3).

Signed-off-by: Greg Bellows 
Reviewed-by: Peter Maydell 
Message-id: 1416242878-876-2-git-send-email-greg.bell...@linaro.org
Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h | 66 
 1 file changed, 52 insertions(+), 14 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 7f80090..810cc0b 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -1247,27 +1247,50 @@ static inline bool arm_excp_unmasked(CPUState *cs, 
unsigned int excp_idx)
 CPUARMState *env = cs->env_ptr;
 unsigned int cur_el = arm_current_el(env);
 unsigned int target_el = arm_excp_target_el(cs, excp_idx);
-/* FIXME: Use actual secure state.  */
-bool secure = false;
-/* If in EL1/0, Physical IRQ routing to EL2 only happens from NS state.  */
-bool irq_can_hyp = !secure && cur_el < 2 && target_el == 2;
-
-/* Don't take exceptions if they target a lower EL.  */
+bool secure = arm_is_secure(env);
+uint32_t scr;
+uint32_t hcr;
+bool pstate_unmasked;
+int8_t unmasked = 0;
+
+/* Don't take exceptions if they target a lower EL.
+ * This check should catch any exceptions that would not be taken but left
+ * pending.
+ */
 if (cur_el > target_el) {
 return false;
 }
 
 switch (excp_idx) {
 case EXCP_FIQ:
-if (irq_can_hyp && (env->cp15.hcr_el2 & HCR_FMO)) {
-return true;
-}
-return !(env->daif & PSTATE_F);
+/* If FIQs are routed to EL3 or EL2 then there are cases where we
+ * override the CPSR.F in determining if the exception is masked or
+ * not.  If neither of these are set then we fall back to the CPSR.F
+ * setting otherwise we further assess the state below.
+ */
+hcr = (env->cp15.hcr_el2 & HCR_FMO);
+scr = (env->cp15.scr_el3 & SCR_FIQ);
+
+/* When EL3 is 32-bit, the SCR.FW bit controls whether the CPSR.F bit
+ * masks FIQ interrupts when taken in non-secure state.  If SCR.FW is
+ * set then FIQs can be masked by CPSR.F when non-secure but only
+ * when FIQs are only routed to EL3.
+ */
+scr &= !((env->cp15.scr_el3 & SCR_FW) && !hcr);
+pstate_unmasked = !(env->daif & PSTATE_F);
+break;
+
 case EXCP_IRQ:
-if (irq_can_hyp && (env->cp15.hcr_el2 & HCR_IMO)) {
-return true;
-}
-return !(env->daif & PSTATE_I);
+/* When EL3 execution state is 32-bit, if HCR.IMO is set then we may
+ * override the CPSR.I masking when in non-secure state.  The SCR.IRQ
+ * setting has already been taken into consideration when setting the
+ * target EL, so it does not have a further affect here.
+ */
+hcr = (env->cp15.hcr_el2 & HCR_IMO);
+scr = false;
+pstate_unmasked = !(env->daif & PSTATE_I);
+break;
+
 case EXCP_VFIQ:
 if (secure || !(env->cp15.hcr_el2 & HCR_FMO)) {
 /* VFIQs are only taken when hypervized and non-secure.  */
@@ -1283,6 +1306,21 @@ static inline bool arm_excp_unmasked(CPUState *cs, 
unsigned int excp_idx)
 default:
 g_assert_not_reached();
 }
+
+/* Use the target EL, current execution state and SCR/HCR settings to
+ * determine whether the corresponding CPSR bit is used to mask the
+ * interrupt.
+ */
+if ((target_el > cur_el) && (target_el != 1)) {
+if (arm_el_is_aa64(env, 3) || ((scr || hcr) && (!secure))) {
+unmasked = 1;
+}
+}
+
+/* The PSTATE bits only mask the interrupt if we have not overriden the
+ * ability above.
+ */
+return unmasked || pstate_unmasked;
 }
 
 static inline CPUARMState *cpu_init(const char *cpu_model)
-- 
1.9.1

Re: [Qemu-devel] [RfC PATCH 0/3] sdl2: add opengl rendering support

[Daniel P. Berrange]

On Thu, Dec 11, 2014 at 12:05:53PM +0100, Gerd Hoffmann wrote:
>   Hi,
> 
> This series add support for screen rendering using opengl.  This only
> blits classic DisplaySurfaces to the screen using opengl, it does not
> (yet) enable gfx emulation use opengl for rendering.
> 
> It depends on the "sdl2: fixes, cleanups and opengl preparation"
> series just posted.
> 
> The big question mark (and the reason this is RfC) is how we are going
> to enable/disable opengl at runtime.  The options I see are:
> 
>  (1) make that a ui option, i.e. '-display sdl,opengl={on,off}'.
>  (2) make that a global option, i.e. -opengl={on,off}
> 
> I'd tend to go for (2).
> 
> First, because we have a initialization order issue once gfx emulation
> starts using opengl:  ui code is initialized after device code (and this
> can't be changed easily because devices need register displays before we
> init the ui).  Therefore with (1) the device emulation doesn't know at
> init time time whenever opengl is available or not.
> 
> Second for the long term there will be 3d support in a number of UIs:
> I expect sdl2, gtk, egl (using render nodes, for headless) and spice.
> Having a global switch for them all looks easier.

In libvirt we model the ability to turn on 3d support for guests against
the video device, rather than the backend device, since it is a guest
visible feature. So should we do this against the virtual virtio-vga
device and have the backends just tie their behaviour to that ?

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH v2] pc: acpi-build: make linker & RSDP tables dynamic

[Igor Mammedov]

On Thu, 11 Dec 2014 12:37:10 +0200
"Michael S. Tsirkin"  wrote:

> On Thu, Dec 11, 2014 at 09:10:53AM +, Igor Mammedov wrote:
> > linker and RSDP tables are build only once, so if later
> 
> s/build/built/
> 
> > during rebuild sizes of other ACPI tables change
> > pointers will be patched incorrectly due to wrong
> > offsets.
> > 
> > To fix it rebuild linker and RSDP tables along with
> > the rest of ACPI tables so that they would have correct
> > offsets.
> 
> Actually, I understand the argument about the
> linker, but do you really believe RSDP will ever change?
it changes since RSDT is at the end and its offset changes
every time a below table changes its size.

If RSDT were at the start then it might be
possible to keep RSDP immutable.

I'll check if it's feasible.

This fix however is more robust and doesn't care about
to table order, the best would be to combine ordering
fix for old machines for stable and this patch for 
new machines since 2.3.

> 
> How about we split out RSDP and linker changes?
> 
> Also s/imutable/immutable/ in a bunch of places below.
Thanks, I'll fix this one.

> 
> > Here is a simple reproducer:
> >  1: hotplug bridge using command:
> >  device_add pci-bridge,chassis_nr=1
> >  2: reset system from monitor:
> >  system_reset
> > 
> > As result pointers to ACPI tables are not correct
> > and guest can't read/parse ACPI tables.
> > 
> > Windows guests just refuse to boot and
> > Linux guests are more resilient and try to boot without
> > ACPI, sometimes successfully.
> > 
> > keep brokenness in 2.1 and older machine types for
> > the sake of migration. 2.2.0 can't be helped but we
> > can fix it with 2.2.1
> 
> 
> Why do you say this?
> It can be helped by patch that I sent, skipping
> hotplugged bridges, no?
> 
> 
> > Signed-off-by: Igor Mammedov 
> > ---
> > v2:
> >   move compat fix to 2.1 machine type,
> >suggsted by: "Michael S. Tsirkin" 
> > ---
> >  hw/i386/acpi-build.c | 30 +++---
> >  hw/i386/pc_piix.c|  3 +++
> >  hw/i386/pc_q35.c |  3 +++
> >  include/hw/i386/pc.h |  1 +
> >  4 files changed, 30 insertions(+), 7 deletions(-)
> > 
> > diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> > index b37a397..4d2452d 100644
> > --- a/hw/i386/acpi-build.c
> > +++ b/hw/i386/acpi-build.c
> > @@ -1509,6 +1509,10 @@ struct AcpiBuildState {
> >  /* Copy of table in RAM (for patching). */
> >  ram_addr_t table_ram;
> >  uint32_t table_size;
> > +ram_addr_t linker_ram;
> > +uint32_t linker_size;
> > +ram_addr_t rsdp_ram;
> > +uint32_t rsdp_size;
> >  /* Is table patched? */
> >  uint8_t patched;
> >  PcGuestInfo *guest_info;
> > @@ -1714,6 +1718,10 @@ static void acpi_build_update(void *build_opaque, 
> > uint32_t offset)
> >  assert(acpi_data_len(tables.table_data) == build_state->table_size);
> >  memcpy(qemu_get_ram_ptr(build_state->table_ram), 
> > tables.table_data->data,
> > build_state->table_size);
> > +memcpy(qemu_get_ram_ptr(build_state->linker_ram), tables.linker->data,
> > +   build_state->linker_size);
> > +memcpy(qemu_get_ram_ptr(build_state->rsdp_ram), tables.rsdp->data,
> > +   build_state->rsdp_size);
> >  
> >  cpu_physical_memory_set_dirty_range_nocode(build_state->table_ram,
> > build_state->table_size);
> > @@ -1779,17 +1787,25 @@ void acpi_setup(PcGuestInfo *guest_info)
> >  assert(build_state->table_ram != RAM_ADDR_MAX);
> >  build_state->table_size = acpi_data_len(tables.table_data);
> >  
> > -acpi_add_rom_blob(NULL, tables.linker, "etc/table-loader");
> > +build_state->linker_ram = acpi_add_rom_blob(build_state, tables.linker,
> > +"etc/table-loader");
> > +build_state->linker_size = acpi_data_len(tables.linker);
> >  
> >  fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
> >  tables.tcpalog->data, acpi_data_len(tables.tcpalog));
> >  
> > -/*
> > - * RSDP is small so it's easy to keep it immutable, no need to
> > - * bother with ROM blobs.
> > - */
> > -fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
> > -tables.rsdp->data, acpi_data_len(tables.rsdp));
> > +if (guest_info->has_imutable_rsdp) {
> > +/*
> > + * RSDP is small so it's easy to keep it immutable, no need to
> > + * bother with ROM blobs.
> > + */
> > +fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
> > +tables.rsdp->data, acpi_data_len(tables.rsdp));
> > +} else {
> > +build_state->rsdp_ram = acpi_add_rom_blob(build_state, tables.rsdp,
> > +  ACPI_BUILD_RSDP_FILE);
> > +build_state->rsdp_size = acpi_data_len(tables.rsdp);
> > +}
> >  
> >  qemu_register_reset(acpi_build_reset, build_state);
> >  acpi_b

Re: [Qemu-devel] [PATCH v2] pc: acpi-build: make linker & RSDP tables dynamic

[Michael S. Tsirkin]

On Thu, Dec 11, 2014 at 01:31:58PM +0100, Igor Mammedov wrote:
> On Thu, 11 Dec 2014 12:37:10 +0200
> "Michael S. Tsirkin"  wrote:
> 
> > On Thu, Dec 11, 2014 at 09:10:53AM +, Igor Mammedov wrote:
> > > linker and RSDP tables are build only once, so if later
> > 
> > s/build/built/
> > 
> > > during rebuild sizes of other ACPI tables change
> > > pointers will be patched incorrectly due to wrong
> > > offsets.
> > > 
> > > To fix it rebuild linker and RSDP tables along with
> > > the rest of ACPI tables so that they would have correct
> > > offsets.
> > 
> > Actually, I understand the argument about the
> > linker, but do you really believe RSDP will ever change?
> it changes since RSDT is at the end and its offset changes
> every time a below table changes its size.

At the end of what?
It's in a separate file, isn't it?

> If RSDT were at the start then it might be
> possible to keep RSDP immutable.
> 
> I'll check if it's feasible.
> 
> This fix however is more robust and doesn't care about
> to table order, the best would be to combine ordering
> fix for old machines for stable and this patch for 
> new machines since 2.3.
> 
> > 
> > How about we split out RSDP and linker changes?
> > 
> > Also s/imutable/immutable/ in a bunch of places below.
> Thanks, I'll fix this one.
> 
> > 
> > > Here is a simple reproducer:
> > >  1: hotplug bridge using command:
> > >  device_add pci-bridge,chassis_nr=1
> > >  2: reset system from monitor:
> > >  system_reset
> > > 
> > > As result pointers to ACPI tables are not correct
> > > and guest can't read/parse ACPI tables.
> > > 
> > > Windows guests just refuse to boot and
> > > Linux guests are more resilient and try to boot without
> > > ACPI, sometimes successfully.
> > > 
> > > keep brokenness in 2.1 and older machine types for
> > > the sake of migration. 2.2.0 can't be helped but we
> > > can fix it with 2.2.1
> > 
> > 
> > Why do you say this?
> > It can be helped by patch that I sent, skipping
> > hotplugged bridges, no?
> > 
> > 
> > > Signed-off-by: Igor Mammedov 
> > > ---
> > > v2:
> > >   move compat fix to 2.1 machine type,
> > >suggsted by: "Michael S. Tsirkin" 
> > > ---
> > >  hw/i386/acpi-build.c | 30 +++---
> > >  hw/i386/pc_piix.c|  3 +++
> > >  hw/i386/pc_q35.c |  3 +++
> > >  include/hw/i386/pc.h |  1 +
> > >  4 files changed, 30 insertions(+), 7 deletions(-)
> > > 
> > > diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> > > index b37a397..4d2452d 100644
> > > --- a/hw/i386/acpi-build.c
> > > +++ b/hw/i386/acpi-build.c
> > > @@ -1509,6 +1509,10 @@ struct AcpiBuildState {
> > >  /* Copy of table in RAM (for patching). */
> > >  ram_addr_t table_ram;
> > >  uint32_t table_size;
> > > +ram_addr_t linker_ram;
> > > +uint32_t linker_size;
> > > +ram_addr_t rsdp_ram;
> > > +uint32_t rsdp_size;
> > >  /* Is table patched? */
> > >  uint8_t patched;
> > >  PcGuestInfo *guest_info;
> > > @@ -1714,6 +1718,10 @@ static void acpi_build_update(void *build_opaque, 
> > > uint32_t offset)
> > >  assert(acpi_data_len(tables.table_data) == build_state->table_size);
> > >  memcpy(qemu_get_ram_ptr(build_state->table_ram), 
> > > tables.table_data->data,
> > > build_state->table_size);
> > > +memcpy(qemu_get_ram_ptr(build_state->linker_ram), 
> > > tables.linker->data,
> > > +   build_state->linker_size);
> > > +memcpy(qemu_get_ram_ptr(build_state->rsdp_ram), tables.rsdp->data,
> > > +   build_state->rsdp_size);
> > >  
> > >  cpu_physical_memory_set_dirty_range_nocode(build_state->table_ram,
> > > build_state->table_size);
> > > @@ -1779,17 +1787,25 @@ void acpi_setup(PcGuestInfo *guest_info)
> > >  assert(build_state->table_ram != RAM_ADDR_MAX);
> > >  build_state->table_size = acpi_data_len(tables.table_data);
> > >  
> > > -acpi_add_rom_blob(NULL, tables.linker, "etc/table-loader");
> > > +build_state->linker_ram = acpi_add_rom_blob(build_state, 
> > > tables.linker,
> > > +"etc/table-loader");
> > > +build_state->linker_size = acpi_data_len(tables.linker);
> > >  
> > >  fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
> > >  tables.tcpalog->data, acpi_data_len(tables.tcpalog));
> > >  
> > > -/*
> > > - * RSDP is small so it's easy to keep it immutable, no need to
> > > - * bother with ROM blobs.
> > > - */
> > > -fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
> > > -tables.rsdp->data, acpi_data_len(tables.rsdp));
> > > +if (guest_info->has_imutable_rsdp) {
> > > +/*
> > > + * RSDP is small so it's easy to keep it immutable, no need to
> > > + * bother with ROM blobs.
> > > + */
> > > +fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE,
> > > +t