[Qemu-devel] [PULL 2/3] virtio-input: move sys/ioctl.h include

2015-07-16 Thread Gerd Hoffmann 
Drop from include/standard-headers/linux/input.h
Add to hw/input/virtio-input-host.c instead.

That allows to build virtio-input (except pass-through) on windows.

Signed-off-by: Gerd Hoffmann 
---
 hw/input/virtio-input-host.c   | 1 +
 include/standard-headers/linux/input.h | 1 -
 scripts/update-linux-headers.sh| 1 +
 3 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/input/virtio-input-host.c b/hw/input/virtio-input-host.c
index f7e3d84..8978f16 100644
--- a/hw/input/virtio-input-host.c
+++ b/hw/input/virtio-input-host.c
@@ -11,6 +11,7 @@
 #include "hw/virtio/virtio.h"
 #include "hw/virtio/virtio-input.h"
 
+#include 
 #include "standard-headers/linux/input.h"
 
 /* - */
diff --git a/include/standard-headers/linux/input.h 
b/include/standard-headers/linux/input.h
index a459dd2..b003c67 100644
--- a/include/standard-headers/linux/input.h
+++ b/include/standard-headers/linux/input.h
@@ -10,7 +10,6 @@
 
 
 #include 
-#include 
 #include 
 #include "standard-headers/linux/types.h"
 
diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
index 47378d9..f0e830c 100755
--- a/scripts/update-linux-headers.sh
+++ b/scripts/update-linux-headers.sh
@@ -56,6 +56,7 @@ cp_virtio() {
 -e 's/__bitwise__//' \
 -e 's/__attribute__((packed))/QEMU_PACKED/' \
 -e 's/__inline__/inline/' \
+-e '/sys\/ioctl.h/d' \
 "$f" > "$to/$header";
 done
 fi
-- 
1.8.3.1

[Qemu-devel] net: Next steps to deprecate -net (was: [RFC PATCH] Enable vlans and dump for -netdev, too)

2015-07-16 Thread Thomas Huth 
On 05/26/2015 04:29 PM, Markus Armbruster wrote:
> Stefan Hajnoczi  writes:
[...]
>> We thought the QEMU "vlan" concept would be dropped completely in the
>> future, so it was never added to -netdev.  No patches to do that have
>> been posted over the years, so I think it was more of a conceptual goal
>> than a concrete requirement.
> 
> Well, patches to do that first need to replace the VLAN-only dump
> feature.
> 
> To fully deprecate -net, we also have to replace -net nic for
> configuring onboard NICs.
> 
> Prior discussion:
> http://lists.nongnu.org/archive/html/qemu-devel/2013-02/msg03743.html
> 
> We haven't really tried either.

Ok, assuming that my "Network traffic dumping for -netdev devices" patch
series is going to solve the dumping-for-netdev problem, how do we
tackle the remaining problems that we have to solve before we can
deprecate -net? Does anybody have a survey of the (onboard) NICs that
can only be configured with -net but not with -device? Could they
nowadays be changed to work with -device, too, or are there still major
obstacles to solve first?

 Thomas




signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PULL 3/3] hid: clarify hid_keyboard_process_keycode

2015-07-16 Thread Gerd Hoffmann 
From: Paolo Bonzini 

Coverity thinks the fallthroughs are smelly.  They are correct, but
everything else in this function is like "wut?".

Refer explicitly to bits 8 and 9 of hs->kbd.modifiers instead of
shifting right first and using (1 << 7).  Document what the scancode
is when hid_code is 0xe0.  And add plenty of comments.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Gerd Hoffmann 
---
 hw/input/hid.c | 32 
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/hw/input/hid.c b/hw/input/hid.c
index 6841cb8..21ebd9e 100644
--- a/hw/input/hid.c
+++ b/hw/input/hid.c
@@ -239,7 +239,7 @@ static void hid_keyboard_event(DeviceState *dev, 
QemuConsole *src,
 
 static void hid_keyboard_process_keycode(HIDState *hs)
 {
-uint8_t hid_code, key;
+uint8_t hid_code, index, key;
 int i, keycode, slot;
 
 if (hs->n == 0) {
@@ -249,7 +249,8 @@ static void hid_keyboard_process_keycode(HIDState *hs)
 keycode = hs->kbd.keycodes[slot];
 
 key = keycode & 0x7f;
-hid_code = hid_usage_keys[key | ((hs->kbd.modifiers >> 1) & (1 << 7))];
+index = key | ((hs->kbd.modifiers & (1 << 8)) >> 1);
+hid_code = hid_usage_keys[index];
 hs->kbd.modifiers &= ~(1 << 8);
 
 switch (hid_code) {
@@ -257,18 +258,41 @@ static void hid_keyboard_process_keycode(HIDState *hs)
 return;
 
 case 0xe0:
+assert(key == 0x1d);
 if (hs->kbd.modifiers & (1 << 9)) {
-hs->kbd.modifiers ^= 3 << 8;
+/* The hid_codes for the 0xe1/0x1d scancode sequence are 0xe9/0xe0.
+ * Here we're processing the second hid_code.  By dropping bit 9
+ * and setting bit 8, the scancode after 0x1d will access the
+ * second half of the table.
+ */
+hs->kbd.modifiers ^= (1 << 8) | (1 << 9);
 return;
 }
+/* fall through to process Ctrl_L */
 case 0xe1 ... 0xe7:
+/* Ctrl_L/Ctrl_R, Shift_L/Shift_R, Alt_L/Alt_R, Win_L/Win_R.
+ * Handle releases here, or fall through to process presses.
+ */
 if (keycode & (1 << 7)) {
 hs->kbd.modifiers &= ~(1 << (hid_code & 0x0f));
 return;
 }
-case 0xe8 ... 0xef:
+/* fall through */
+case 0xe8 ... 0xe9:
+/* USB modifiers are just 1 byte long.  Bits 8 and 9 of
+ * hs->kbd.modifiers implement a state machine that detects the
+ * 0xe0 and 0xe1/0x1d sequences.  These bits do not follow the
+ * usual rules where bit 7 marks released keys; they are cleared
+ * elsewhere in the function as the state machine dictates.
+ */
 hs->kbd.modifiers |= 1 << (hid_code & 0x0f);
 return;
+
+case 0xea ... 0xef:
+abort();
+
+default:
+break;
 }
 
 if (keycode & (1 << 7)) {
-- 
1.8.3.1

[Qemu-devel] [PULL v2 for-2.4 0/3] input: fixes for 2.4

2015-07-16 Thread Gerd Hoffmann 
  Hi,

Dropped the patch to enable virtio-input for non-linux systems.
Otherwise unmodified.

please pull,
  Gerd

The following changes since commit 2d5ee9e7a7dd495d233cf9613a865f63f88e3375:

  Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150716' into staging 
(2015-07-16 10:40:23 +0100)

are available in the git repository at:


  git://git.kraxel.org/qemu tags/pull-input-20150717-1

for you to fetch changes up to 562f93754b95fd6dc65ad9a2aa15a90b2da7e8a4:

  hid: clarify hid_keyboard_process_keycode (2015-07-17 08:44:41 +0200)


input: fixes for 2.4


Gerd Hoffmann (1):
  virtio-input: move sys/ioctl.h include

Lin Ma (1):
  virtio-input: fix segfault in virtio_input_hid_properties

Paolo Bonzini (1):
  hid: clarify hid_keyboard_process_keycode

 hw/input/hid.c | 32 
 hw/input/virtio-input-hid.c|  1 +
 hw/input/virtio-input-host.c   |  1 +
 include/standard-headers/linux/input.h |  1 -
 scripts/update-linux-headers.sh|  1 +
 5 files changed, 31 insertions(+), 5 deletions(-)

[Qemu-devel] [PULL 1/3] virtio-input: fix segfault in virtio_input_hid_properties

2015-07-16 Thread Gerd Hoffmann 
From: Lin Ma 

commit 5cce173 introduced virtio-input segfault, This patch fixes it.

Signed-off-by: Lin Ma 
Signed-off-by: Gerd Hoffmann 
---
 hw/input/virtio-input-hid.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/input/virtio-input-hid.c b/hw/input/virtio-input-hid.c
index 616a815..4d85dad 100644
--- a/hw/input/virtio-input-hid.c
+++ b/hw/input/virtio-input-hid.c
@@ -308,6 +308,7 @@ static void virtio_input_hid_handle_status(VirtIOInput 
*vinput,
 static Property virtio_input_hid_properties[] = {
 DEFINE_PROP_STRING("display", VirtIOInputHID, display),
 DEFINE_PROP_UINT32("head", VirtIOInputHID, head, 0),
+DEFINE_PROP_END_OF_LIST(),
 };
 
 static void virtio_input_hid_class_init(ObjectClass *klass, void *data)
-- 
1.8.3.1

Re: [Qemu-devel] [PULL for-2.4 0/4] input: fixes for 2.4

2015-07-16 Thread Gerd Hoffmann 
  Hi,

> I'm afraid this doesn't build for Windows:
> 
> In file included from
> /home/petmay01/linaro/qemu-for-merges/hw/input/virtio-input.c:13:
> /home/petmay01/linaro/qemu-for-merges/include/standard-headers/linux/input.h:890:1:
> error: "SW_MAX" redefined
> In file included from
> /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/include/windows.h:55,
>  from
> /home/petmay01/linaro/qemu-for-merges/include/sysemu/os-win32.h:29,
>  from
> /home/petmay01/linaro/qemu-for-merges/include/qemu-common.h:48,
>  from
> /home/petmay01/linaro/qemu-for-merges/include/qemu/iov.h:17,
>  from
> /home/petmay01/linaro/qemu-for-merges/hw/input/virtio-input.c:7:
> /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/include/winuser.h:729:1:
> error: this is the location of the previous definition

Lovely.  Looks like a bug in the mingw headers to me, especially as my
machine cross-builds this just fine for both win32 and win64.

We are in hard-freeze though, so no time to experiments here, I'll redo
the pull with patch #3 dropped, lets sort this post-2.4.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH RFC 9/9] tcg: update README about size changing ops

2015-07-16 Thread Richard Henderson 

On 07/15/2015 12:03 PM, Aurelien Jarno wrote:

+These ops are all optional in that case they are implemented as mov.
+This is to allow some optimizations if the target maintains registers
+zero or sign extended. For example a MIPS64 CPU requires that all
+32-bit values are stored sign-extended in the registers. This means
+the trunc_shr_i64_i32 should sign-extend the value when moving it
+from a 64-bit to a 32-bit register. It also means ext_i32_i64 can be
+implemented as a simple mov as the value is already sign extended.


We need better wording.  Each one of the three are optional, and the other two 
must be implemented.  I think we ought to have a check in tcg.c about this, in 
tcg_add_target_add_op_defs.



r~

Re: [Qemu-devel] [PATCH RFC 8/9] tcg/optimize: do not simplify size changing moves

2015-07-16 Thread Richard Henderson 

On 07/15/2015 12:03 PM, Aurelien Jarno wrote:

Now that we have real size changing ops, we don't need to marked high
bits of the destination as garbage. The goal of the optimizer is to
predict the value of the temps (and not of the registers) and do
simplifications when possible. The problem there is therefore not the
fact that those bits are not counted as garbage, but that a size
changing op is replaced by a move.

This patch is basically a revert of 24666baf, including the changes that
have been made since then.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Signed-off-by: Aurelien Jarno 


What we're missing here is whether the omitted size changing op is extu or 
exts.  Mask should be extended to match.  Which means keeping most of this code.



r~

Re: [Qemu-devel] [virtio guest] vring_need_event() from virtqueue_kick_prepare()

2015-07-16 Thread Catalin Vasile 
Do you mean vhost_net - old kernel, qemu - latest, guest - latest?

On Thu, Jul 16, 2015 at 7:33 PM, Stefan Hajnoczi  wrote:
> On Thu, Jul 16, 2015 at 1:54 PM, Catalin Vasile
>  wrote:
>> Both. The compiled kernel was common for both.
>
> Does vhost_net work with the old kernel + new QEMU combo?
>
> Stefan

Re: [Qemu-devel] [PATCH RFC 7/9] tcg: replace ext/u_i32_i64 by a mov when not implemented

2015-07-16 Thread Richard Henderson 

On 07/15/2015 12:03 PM, Aurelien Jarno wrote:

When ext_i32_i64 and extu_i32_i64 ops are not implemented, this means
that the register is already properly zero/sign extended, so we can
simply replace it by a mov.

In practice it means at least one of the two ops should always be
implemented on 64-bit targets.

Cc: Paolo Bonzini
Cc: Richard Henderson
Signed-off-by: Aurelien Jarno
---
  tcg/tcg-op.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)


If we're going to do this (and of course pick a solution for all of the other 
backends), I think perhaps x86 should choose trunc + exts as the two that 
should be implemented, leaving extu the one that can be folded away.


Something to experiment with...


r~

Re: [Qemu-devel] [PATCH RFC 4/9] tcg/optimize: add optimizations for ext_i32_i64 and extu_i32_i64 ops

2015-07-16 Thread Richard Henderson 

On 07/15/2015 12:03 PM, Aurelien Jarno wrote:

They behave the same as ext32s_i64 and ext32u_i64 from the constant
folding and zero propagation point of view, except that they can't
be replaced by a mov, so we don't compute the affected value.

Cc: Paolo Bonzini
Cc: Richard Henderson
Signed-off-by: Aurelien Jarno
---
  tcg/optimize.c | 10 ++
  1 file changed, 10 insertions(+)


Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH RFC 3/9] tcg: implement real ext_i32_i64 and extu_i32_i64 ops

2015-07-16 Thread Richard Henderson 

On 07/15/2015 12:03 PM, Aurelien Jarno wrote:

Implement optional but real ext_i32_i64 and extu_i32_i64 ops. When
implemented, these ensure that a 32-bit value is always converted to
a 64-bit value and not propagated through the register allocator or
the optimizer.

Cc: Paolo Bonzini
Cc: Richard Henderson
Signed-off-by: Aurelien Jarno
---
  tcg/aarch64/tcg-target.h | 6 +-
  tcg/i386/tcg-target.h| 7 ++-
  tcg/ia64/tcg-target.h| 6 +-
  tcg/ppc/tcg-target.h | 7 ++-
  tcg/s390/tcg-target.h| 6 +-
  tcg/sparc/tcg-target.h   | 6 +-
  tcg/tcg-op.c | 6 ++
  tcg/tcg-opc.h| 3 +++
  tcg/tci/tcg-target.h | 7 ++-
  9 files changed, 47 insertions(+), 7 deletions(-)



Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH RFC 2/9] tcg: don't abuse TCG type in tcg_gen_trunc_shr_i64_i32

2015-07-16 Thread Richard Henderson 

On 07/15/2015 12:03 PM, Aurelien Jarno wrote:

The tcg_gen_trunc_shr_i64_i32 function takes a 64-bit argument and
returns a 32-bit value. Directly call tcg_gen_op3 with the correct
types instead of calling tcg_gen_op3i_i32 and abusing the TCG types.

Cc: Paolo Bonzini
Cc: Richard Henderson
Signed-off-by: Aurelien Jarno
---
  tcg/tcg-op.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)



Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH RFC 1/9] tcg: rename trunc_shr_i32 into trunc_shr_i64_i32

2015-07-16 Thread Richard Henderson 

On 07/15/2015 12:03 PM, Aurelien Jarno wrote:

The op is sometimes named trunc_shr_i32 and sometimes trunc_shr_i64_i32,
and the name in the README doesn't match the name offered to the
frontends.

Always use the long name to make it clear it is a size changing op.

Cc: Paolo Bonzini
Cc: Richard Henderson
Signed-off-by: Aurelien Jarno
---
  tcg/README   | 2 +-
  tcg/aarch64/tcg-target.h | 2 +-
  tcg/i386/tcg-target.h| 2 +-
  tcg/ia64/tcg-target.h| 2 +-
  tcg/optimize.c   | 6 +++---
  tcg/ppc/tcg-target.h | 2 +-
  tcg/s390/tcg-target.h| 2 +-
  tcg/sparc/tcg-target.c   | 4 ++--
  tcg/sparc/tcg-target.h   | 2 +-
  tcg/tcg-op.c | 4 ++--
  tcg/tcg-opc.h| 4 ++--
  tcg/tcg.h| 2 +-
  tcg/tci/tcg-target.h | 2 +-
  13 files changed, 18 insertions(+), 18 deletions(-)


Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH 2/2] tcg/i386: Reserve register for guest_base if a segment isn't available

2015-07-16 Thread Richard Henderson 

On 07/17/2015 02:33 AM, Peter Maydell wrote:

On 16 July 2015 at 22:25, Richard Henderson  wrote:

This saves 2 insns and 10 bytes from the implementation of
each memory operation.


Do we have an idea of which platforms/configs don't let
us have a segment register for guest_base?


We've only bothered to fill in code for Linux so far.

These days we should probably probe for fsgsbase insns and use those.  Though I 
don't know how many of the various operating systems enable that...



r~

Re: [Qemu-devel] [RFC PATCH qemu v3 4/4] vfio: spapr: Add SPAPR IOMMU v2 support (DMA memory preregistering)

2015-07-16 Thread David Gibson 
On Thu, Jul 16, 2015 at 08:44:59AM -0600, Alex Williamson wrote:
> On Thu, 2015-07-16 at 15:11 +1000, David Gibson wrote:
> > On Tue, Jul 14, 2015 at 10:21:54PM +1000, Alexey Kardashevskiy wrote:
> > > This makes use of the new "memory registering" feature. The idea is
> > > to provide the userspace ability to notify the host kernel about pages
> > > which are going to be used for DMA. Having this information, the host
> > > kernel can pin them all once per user process, do locked pages
> > > accounting (once) and not spent time on doing that in real time with
> > > possible failures which cannot be handled nicely in some cases.
> > > 
> > > This adds a guest RAM memory listener which notifies a VFIO container
> > > about memory which needs to be pinned/unpinned. VFIO MMIO regions
> > > (i.e. "skip dump" regions) are skipped.
> > > 
> > > The feature is only enabled for SPAPR IOMMU v2. The host kernel changes
> > > are required. Since v2 does not need/support VFIO_IOMMU_ENABLE, this does
> > > not call it when v2 is detected and enabled.
> > > 
> > > This does not change the guest visible interface.
> > > 
> > > Signed-off-by: Alexey Kardashevskiy 
> > 
> > I've looked at this in more depth now, and attempting to unify the
> > pre-reg and mapping listeners like this can't work - they need to be
> > listening on different address spaces:  mapping actions need to be
> > listening on the PCI address space, whereas the pre-reg needs to be
> > listening on address_space_memory.  For x86 - for now - those end up
> > being the same thing, but on Power they're not.
> > 
> > We do need to be clear about what differences are due to the presence
> > of a guest IOMMU versus which are due to arch or underlying IOMMU
> > type.  For now Power has a guest IOMMU and x86 doesn't, but that could
> > well change in future: we could well implement the guest side IOMMU
> > for x86 in future (or x86 could invent a paravirt IOMMU interface).
> > On the other side, BenH's experimental powernv machine type could
> > introduce Power machines without a guest side IOMMU (or at least an
> > optional guest side IOMMU).
> > 
> > The quick and dirty approach here is:
> >1. Leave the main listener as is
> >2. Add a new pre-reg notifier to the spapr iommu specific code,
> >   which listens on address_space_memory, *not* the PCI space
> 
> It is dirty and that's exactly what I've been advising Alexey against
> because we have entirely too much dirty spapr specific code that doesn't
> need to be spapr specific.  I don't see why separate address space
> matters, that's done at the point of registering the listener and so far
> doesn't play much a role in the actual listener behavior, just which
> regions it sees.

Well, there's two parts to this - the different address spaces means
they need to be different listener instances.  They also need
different callbacks - or at least parameterized callback behaviour
because they do different things (one maps, the other preregs).

So I really don't see any sense in which these can be accomplished by
the same listener.  *Maybe* they could share some region walking code,
but I'm not sure there's going to be anything of significant size here.

> > The more generally correct approach, which allows for more complex
> > IOMMU arrangements and the possibility of new IOMMU types with pre-reg
> > is:
> >1. Have the core implement both a mapping listener and a pre-reg
> >   listener (optionally enabled by a per-iommu-type flag).
> >   Basically the first one sees what *is* mapped, the second sees
> >   what *could* be mapped.
> 
> This just sounds like different address spaces, address_space_memory vs
> address_space_physical_memory

Um.. what?  I'm not even sure what you mean by
address_space_physical_memory (I see no such thing in the source).

The idea was that the (top level) pre-reg listener would spawn more
listeners for any AS which could get (partially) mapped into the PCI
addres space.

But.. I looked a bit closer and realised this scheme doesn't actually
work.  IOMMU memory regions don't actually have a fixed target AS
property (by which I mean the address space the IOMMU translates
*into* rather than translates from - address_space_memory in most
cases).  Instead any individual IOMMU mapping can point to a different
AS supplied in the IOMMUTLB structure.

> >2. As now, the mapping listener listens on PCI address space, if
> >   RAM blocks are added, immediately map them into the host IOMMU,
> >   if guest IOMMU blocks appear register a notifier which will
> >   mirror guest IOMMU mappings to the host IOMMU (this is what we
> >   do now).
> 
> Right, this is done now, nothing new required.

Yes, I was just spelling that out for comparison with the other part.

> >3. The pre-reg listener also listens on the PCI address space.  RAM
> >   blocks added are pre-registered immediately.  But, if guest
> >   IOMMU blocks are added, instead of register

Re: [Qemu-devel] [PATCH v2 0/3] AioContext: ctx->dispatching is dead, all hail ctx->notify_me

2015-07-16 Thread Paolo Bonzini 


On 16/07/2015 21:05, Richard W.M. Jones wrote:
> 
> Sorry to spoil things, but I'm still seeing this bug, although it is
> now a lot less frequent with your patch.  I would estimate it happens
> more often than 1 in 5 runs with qemu.git, and probably 1 in 200 runs
> with qemu.git + the v2 patch series.
> 
> It's the exact same hang in both cases.
> 
> Is it possible that this patch doesn't completely close any race?
> 
> Still, it is an improvement, so there is that.

Would seem at first glance like a different bug.

Interestingly, adding some "tracing" (qemu_clock_get_ns) makes the bug
more likely: now it reproduces in about 10 tries.  Of course :) adding
other kinds of tracing instead make it go away again (>50 tries).

Perhaps this:

   i/o thread vcpu thread   worker thread
   -
   lock_iothread
   notify_me = 1
   ...
   unlock_iothread
  lock_iothread
  notify_me = 3
  ppoll
  notify_me = 1
 bh->scheduled = 1
 event_notifier_set
  event_notifier_test_and_clear
   ppoll
^^ hang

In the exact shape above, it doesn't seem too likely to happen, but
perhaps there's another simpler case.  Still, the bug exists.

The above is not really related to notify_me.  Here the notification is
not being optimized away!  So I wonder if this one has been there forever.

Fam suggested putting the event_notifier_test_and_clear before
aio_bh_poll(), but it does not work.  I'll look more close

However, an unconditional event_notifier_test_and_clear is pretty
expensive.  On one hand, obviously correctness comes first.  On the
other hand, an expensive operation at the wrong place can mask the race
very easily; I'll let the fix run for a while, but I'm not sure if a
successful test really says anything useful.

Paolo

Re: [Qemu-devel] [PATCH v2 3/3] AioContext: fix broken ctx->dispatching optimization

2015-07-16 Thread Paolo Bonzini 


On 16/07/2015 11:56, Paolo Bonzini wrote:
> @@ -286,13 +283,15 @@ bool aio_poll(AioContext *ctx, bool blocking)
>  npfd = 0;
>  ctx->walking_handlers--;
>  
> +if (blocking) {
> +atomic_sub(&ctx->notify_me, 2);
> +}
> +

I kept this place for subtracting notify_me because it is the same place
where aio_set_dispatching was called.  However, it can be anticipated to

 /* if we have any readable fds, dispatch event */
 if (ret > 0) {
 for (i = 0; i < npfd; i++) {

i.e. right after poll.  As poll has exited, it can't be blocking the
thread anymore.  Stefan, please let me send v3 on Monday.

Paolo

> 
>  /* Run dispatch even if there were no readable fds to run timers */
> -aio_set_dispatching(ctx, true);
>  if (aio_dispatch(ctx)) {
>  progress = true;
>  }
>

Re: [Qemu-devel] [PATCH v2 3/3] AioContext: fix broken ctx->dispatching optimization

2015-07-16 Thread Paolo Bonzini 


On 17/07/2015 04:25, Fam Zheng wrote:
> What if aio_notify happens after the previous aio_dispatch() but before the
> next necessary atomic_add? The aio_notify would still skip the
> event_notifier_set(), and the next ppoll() will not return. For example:
> 
>   Thread A Thread B
> 
>   aio_poll(blocking=true)
>aio_notify()
>  smp_mb()
>  if (ctx->notify_me) /* false! */
> atomic_add(ctx->notify_me, 2)
> ppoll()
> atomic_sub(ctx->notify_me, 2)   event_notifier_set() /* not run */

It's not a problem because ppoll() has exited.  The next call to
aio_poll or aio_ctx_prepare will notice the bottom half, do a
non-blocking ppoll(), and then service the bottom half.

> 
> And if that's not a problem, why don't we need something like ACCESS_ONCE in
> aio_noitfy()?

Because there's already a smp_mb() which is stronger.

Paolo

Re: [Qemu-devel] [PATCH v4 1/1] vhost user: add support of live migration

2015-07-16 Thread Paolo Bonzini 


On 17/07/2015 02:19, Marc-André Lureau wrote:
>>> >> How does vhost-user do this?  I can see this patch providing enough
>>> >> support for *non*live migration.  However, it cannot be enough for live
>>> >> migration unless I'm missing something obvious.
>>> >>
>>> >> Paolo
>> >
>> > Agree. vhost-user should mmap the log memory and mark dirty pages when send
>> > or receive packets.
> This is already supported by vhost-user protocol, isn't it? The
> LOG_BASE/FD and vring log_guest_addr are provided. I can't find any
> vhost-user backend implementing dirty bitmaps yet though, but it looks
> like it should work. I suppose the backend should stop all IO after
> RESET_OWNER is received.

But LOG_BASE makes little sense across processes, and LOG_FD is unused
in QEMU, isn't it?  So this patch is not enough to add support of live
migration.

Paolo

Re: [Qemu-devel] [PATCH v2 3/3] AioContext: fix broken ctx->dispatching optimization

2015-07-16 Thread Fam Zheng 
On Thu, 07/16 11:56, Paolo Bonzini wrote:
> diff --git a/aio-posix.c b/aio-posix.c
> index 4abec38..268d14d 100644
> --- a/aio-posix.c
> +++ b/aio-posix.c
> @@ -233,26 +233,23 @@ static void add_pollfd(AioHandler *node)
>  bool aio_poll(AioContext *ctx, bool blocking)
>  {
>  AioHandler *node;
> -bool was_dispatching;
>  int i, ret;
>  bool progress;
>  int64_t timeout;
>  
>  aio_context_acquire(ctx);
> -was_dispatching = ctx->dispatching;
>  progress = false;
>  
>  /* aio_notify can avoid the expensive event_notifier_set if
>   * everything (file descriptors, bottom halves, timers) will
>   * be re-evaluated before the next blocking poll().  This is
>   * already true when aio_poll is called with blocking == false;
> - * if blocking == true, it is only true after poll() returns.
> - *
> - * If we're in a nested event loop, ctx->dispatching might be true.
> - * In that case we can restore it just before returning, but we
> - * have to clear it now.
> + * if blocking == true, it is only true after poll() returns,
> + * so disable the optimization now.
>   */
> -aio_set_dispatching(ctx, !blocking);
> +if (blocking) {
> +atomic_add(&ctx->notify_me, 2);
> +}

Sorry if my questions are stupid, but I'm having difficulties in fully
understanding it.

What if aio_notify happens after the previous aio_dispatch() but before the
next necessary atomic_add? The aio_notify would still skip the
event_notifier_set(), and the next ppoll() will not return. For example:

  Thread A Thread B

  aio_poll(blocking=true)
   aio_notify()
 smp_mb()
 if (ctx->notify_me) /* false! */
atomic_add(ctx->notify_me, 2)
ppoll()
atomic_sub(ctx->notify_me, 2)   event_notifier_set() /* not run */


And if that's not a problem, why don't we need something like ACCESS_ONCE in
aio_noitfy()?

Fam

>  
>  ctx->walking_handlers++;
>  
> @@ -286,13 +283,15 @@ bool aio_poll(AioContext *ctx, bool blocking)
>  npfd = 0;
>  ctx->walking_handlers--;
>  
> +if (blocking) {
> +atomic_sub(&ctx->notify_me, 2);
> +}
> +
>  /* Run dispatch even if there were no readable fds to run timers */
> -aio_set_dispatching(ctx, true);
>  if (aio_dispatch(ctx)) {
>  progress = true;
>  }
>  
> -aio_set_dispatching(ctx, was_dispatching);
>  aio_context_release(ctx);
>  
>  return progress;
> diff --git a/aio-win32.c b/aio-win32.c
> index 9268b5c..9d6c12f 100644
> --- a/aio-win32.c
> +++ b/aio-win32.c
> @@ -279,25 +279,23 @@ bool aio_poll(AioContext *ctx, bool blocking)
>  {
>  AioHandler *node;
>  HANDLE events[MAXIMUM_WAIT_OBJECTS + 1];
> -bool was_dispatching, progress, have_select_revents, first;
> +bool progress, have_select_revents, first;
>  int count;
>  int timeout;
>  
>  aio_context_acquire(ctx);
> -was_dispatching = ctx->dispatching;
>  progress = false;
>  
>  /* aio_notify can avoid the expensive event_notifier_set if
>   * everything (file descriptors, bottom halves, timers) will
>   * be re-evaluated before the next blocking poll().  This is
>   * already true when aio_poll is called with blocking == false;
> - * if blocking == true, it is only true after poll() returns.
> - *
> - * If we're in a nested event loop, ctx->dispatching might be true.
> - * In that case we can restore it just before returning, but we
> - * have to clear it now.
> + * if blocking == true, it is only true after poll() returns,
> + * so disable the optimization now.
>   */
> -aio_set_dispatching(ctx, !blocking);
> +if (blocking) {
> +atomic_add(&ctx->notify_me, 2);
> +}
>  
>  have_select_revents = aio_prepare(ctx);
>  
> @@ -334,7 +332,10 @@ bool aio_poll(AioContext *ctx, bool blocking)
>  if (timeout) {
>  aio_context_acquire(ctx);
>  }
> -aio_set_dispatching(ctx, true);
> +if (blocking) {
> +assert(first);
> +atomic_sub(&ctx->notify_me, 2);
> +}
>  
>  if (first && aio_bh_poll(ctx)) {
>  progress = true;
> @@ -358,7 +359,6 @@ bool aio_poll(AioContext *ctx, bool blocking)
>  
>  progress |= timerlistgroup_run_timers(&ctx->tlg);
>  
> -aio_set_dispatching(ctx, was_dispatching);
>  aio_context_release(ctx);
>  return progress;
>  }
> diff --git a/async.c b/async.c
> index 77d080d..a232192 100644
> --- a/async.c
> +++ b/async.c
> @@ -184,6 +184,8 @@ aio_ctx_prepare(GSource *source, gint*timeout)
>  {
>  AioContext *ctx = (AioContext *) source;
>  
> +atomic_or(&ctx->notify_me, 1);
> +
>  /* We assume there is no timeout already supplied */
>  *timeout =

Re: [Qemu-devel] Commit 812c1057f, Handle G_IO_HUP in tcp_chr_read for tcp chardev, broke CloudStack

2015-07-16 Thread Paolo Bonzini 


On 17/07/2015 00:51, Nils Carlson wrote:
> 
> The commit 812c1057f, Handle G_IO_HUP in tcp_chr_read for tcp chardev,
> broke CloudStack. CloudStack was relying on fire-and-forget style
> messaging across a unix socket to the VM. Because the host "fires" the
> message and then closes the socket a HUP is present on the line when the
> VM starts reading the socket. Commit 812c1057f ensured that the socket
> was checked for a HUP prior to calling recv, causing recv never to be
> called by the VM and no data to be read.
> 
> I've posted a patch, attached here, which moves the HUP detection to
> after all data has been read, but only for Linux as I suspect windows
> requires HUPs to be detected prior to reading data.

I'm not sure, but I don't think this is the case.  Why do you think
Windows has this requirement?  In any case, you should prepare a patch
that has no Windows-specific paths and Cc Kirill Batuzov
(batuz...@ispras.ru) for him to test the patch.

Alternatively I or you could test under Wine.

> Amit also has concerns regarding the return values from the tcp_chr_read
> function, which seem a bit odd as they are all TRUE, even for failure
> paths.

This is okay, I think, because the source is removed in tcp_chr_disconnect.

Paolo

[Qemu-devel] [PATCH v3] more check for replaced node

2015-07-16 Thread Wen Congyang 
We use mirror+replace to fix quorum's broken child. bs/s->common.bs
is quorum, and to_replace is the broken child. The new child is target_bs.
Without this patch, the replace node can be any node, and it can be
top BDS with BB, or another quorum's child. We just check if the broken
child is part of the quorum BDS in this patch.

Signed-off-by: Wen Congyang 
---
 block.c   | 5 +++--
 block/mirror.c| 3 ++-
 blockdev.c| 2 +-
 include/block/block.h | 3 ++-
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/block.c b/block.c
index d088ee0..090923c 100644
--- a/block.c
+++ b/block.c
@@ -4077,7 +4077,8 @@ bool bdrv_is_first_non_filter(BlockDriverState *candidate)
 return false;
 }
 
-BlockDriverState *check_to_replace_node(const char *node_name, Error **errp)
+BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs,
+const char *node_name, Error **errp)
 {
 BlockDriverState *to_replace_bs = bdrv_find_node(node_name);
 AioContext *aio_context;
@@ -4100,7 +4101,7 @@ BlockDriverState *check_to_replace_node(const char 
*node_name, Error **errp)
  * Another benefit is that this tests exclude backing files which are
  * blocked by the backing blockers.
  */
-if (!bdrv_is_first_non_filter(to_replace_bs)) {
+if (!bdrv_recurse_is_first_non_filter(parent_bs, to_replace_bs)) {
 error_setg(errp, "Only top most non filter can be replaced");
 to_replace_bs = NULL;
 goto out;
diff --git a/block/mirror.c b/block/mirror.c
index 323f747..68067fa 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -637,9 +637,9 @@ static void mirror_complete(BlockJob *job, Error **errp)
 if (s->replaces) {
 AioContext *replace_aio_context;
 
-s->to_replace = check_to_replace_node(s->replaces, &local_err);
+s->to_replace = bdrv_find_node(s->replaces);
 if (!s->to_replace) {
-error_propagate(errp, local_err);
+error_setg(errp, "Node name '%s' not found", s->replaces);
 return;
 }
 
diff --git a/blockdev.c b/blockdev.c
index 62a4586..07c72d3 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -2754,7 +2754,7 @@ void qmp_drive_mirror(const char *device, const char 
*target,
 goto out;
 }
 
-to_replace_bs = check_to_replace_node(replaces, &local_err);
+to_replace_bs = check_to_replace_node(bs, replaces, &local_err);
 
 if (!to_replace_bs) {
 error_propagate(errp, local_err);
diff --git a/include/block/block.h b/include/block/block.h
index 37916f7..608cd4e 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -317,7 +317,8 @@ bool bdrv_recurse_is_first_non_filter(BlockDriverState *bs,
 bool bdrv_is_first_non_filter(BlockDriverState *candidate);
 
 /* check if a named node can be replaced when doing drive-mirror */
-BlockDriverState *check_to_replace_node(const char *node_name, Error **errp);
+BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs,
+const char *node_name, Error **errp);
 
 /* async block I/O */
 typedef void BlockDriverDirtyHandler(BlockDriverState *bs, int64_t sector,
-- 
2.4.3

Re: [Qemu-devel] [PATCH 2/2] tcg/i386: Reserve register for guest_base if a segment isn't available

2015-07-16 Thread Peter Maydell 
On 16 July 2015 at 22:25, Richard Henderson  wrote:
> This saves 2 insns and 10 bytes from the implementation of
> each memory operation.

Do we have an idea of which platforms/configs don't let
us have a segment register for guest_base?

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2] more check for replaced node

2015-07-16 Thread Wen Congyang 
On 07/15/2015 11:05 AM, Fam Zheng wrote:
> On Wed, 07/15 09:41, Wen Congyang wrote:
>> We use mirror+replace to fix quorum's broken child. bs/s->common.bs
>> is quorum, and to_replace is the broken child. The new child is target_bs.
>> Without this patch, the replace node can be any node, and it can be
>> top BDS with BB, or another quorum's child. We just check if the broken
>> child is part of the quorum BDS in this patch.
>>
>> Signed-off-by: Wen Congyang 
>> ---
>>  block.c   | 5 +++--
>>  block/mirror.c| 3 ++-
>>  blockdev.c| 2 +-
>>  include/block/block.h | 3 ++-
>>  4 files changed, 8 insertions(+), 5 deletions(-)
>>
>> diff --git a/block.c b/block.c
>> index d088ee0..090923c 100644
>> --- a/block.c
>> +++ b/block.c
>> @@ -4077,7 +4077,8 @@ bool bdrv_is_first_non_filter(BlockDriverState 
>> *candidate)
>>  return false;
>>  }
>>  
>> -BlockDriverState *check_to_replace_node(const char *node_name, Error **errp)
>> +BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs,
>> +const char *node_name, Error **errp)
>>  {
>>  BlockDriverState *to_replace_bs = bdrv_find_node(node_name);
>>  AioContext *aio_context;
>> @@ -4100,7 +4101,7 @@ BlockDriverState *check_to_replace_node(const char 
>> *node_name, Error **errp)
>>   * Another benefit is that this tests exclude backing files which are
>>   * blocked by the backing blockers.
>>   */
>> -if (!bdrv_is_first_non_filter(to_replace_bs)) {
>> +if (!bdrv_recurse_is_first_non_filter(parent_bs, to_replace_bs)) {
>>  error_setg(errp, "Only top most non filter can be replaced");
>>  to_replace_bs = NULL;
>>  goto out;
>> diff --git a/block/mirror.c b/block/mirror.c
>> index 238a070..b81077e 100644
>> --- a/block/mirror.c
>> +++ b/block/mirror.c
>> @@ -626,7 +626,8 @@ static void mirror_complete(BlockJob *job, Error **errp)
>>  if (s->replaces) {
>>  AioContext *replace_aio_context;
>>  
>> -s->to_replace = check_to_replace_node(s->replaces, &local_err);
>> +s->to_replace = check_to_replace_node(s->common.bs, s->replaces,
>> +  &local_err);
> 
> Why is the check in qmp_drive_mirror not enough? Isn't this redundant?

I guess the reason is that: we only pass replaced node name to the job, and
we only need to get the BDS here. So we can use bdrv_find_node() to replace
check_to_replace_node() here.

Thanks
Wen Congyang

> 
> Fam
> 
>>  if (!s->to_replace) {
>>  error_propagate(errp, local_err);
>>  return;
>> diff --git a/blockdev.c b/blockdev.c
>> index c11611d..bf12e2e 100644
>> --- a/blockdev.c
>> +++ b/blockdev.c
>> @@ -2757,7 +2757,7 @@ void qmp_drive_mirror(const char *device, const char 
>> *target,
>>  goto out;
>>  }
>>  
>> -to_replace_bs = check_to_replace_node(replaces, &local_err);
>> +to_replace_bs = check_to_replace_node(bs, replaces, &local_err);
>>  
>>  if (!to_replace_bs) {
>>  error_propagate(errp, local_err);
>> diff --git a/include/block/block.h b/include/block/block.h
>> index 37916f7..608cd4e 100644
>> --- a/include/block/block.h
>> +++ b/include/block/block.h
>> @@ -317,7 +317,8 @@ bool bdrv_recurse_is_first_non_filter(BlockDriverState 
>> *bs,
>>  bool bdrv_is_first_non_filter(BlockDriverState *candidate);
>>  
>>  /* check if a named node can be replaced when doing drive-mirror */
>> -BlockDriverState *check_to_replace_node(const char *node_name, Error 
>> **errp);
>> +BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs,
>> +const char *node_name, Error 
>> **errp);
>>  
>>  /* async block I/O */
>>  typedef void BlockDriverDirtyHandler(BlockDriverState *bs, int64_t sector,
>> -- 
>> 2.4.3
>>
> .
>

Re: [Qemu-devel] [PATCH v2] more check for replaced node

2015-07-16 Thread Wen Congyang 
On 07/16/2015 09:36 PM, Stefan Hajnoczi wrote:
> On Wed, Jul 15, 2015 at 11:22:52AM +0800, Wen Congyang wrote:
>> On 07/15/2015 11:05 AM, Fam Zheng wrote:
>>> On Wed, 07/15 09:41, Wen Congyang wrote:
 We use mirror+replace to fix quorum's broken child. bs/s->common.bs
 is quorum, and to_replace is the broken child. The new child is target_bs.
 Without this patch, the replace node can be any node, and it can be
 top BDS with BB, or another quorum's child. We just check if the broken
 child is part of the quorum BDS in this patch.

 Signed-off-by: Wen Congyang 
 ---
  block.c   | 5 +++--
  block/mirror.c| 3 ++-
  blockdev.c| 2 +-
  include/block/block.h | 3 ++-
  4 files changed, 8 insertions(+), 5 deletions(-)

 diff --git a/block.c b/block.c
 index d088ee0..090923c 100644
 --- a/block.c
 +++ b/block.c
 @@ -4077,7 +4077,8 @@ bool bdrv_is_first_non_filter(BlockDriverState 
 *candidate)
  return false;
  }
  
 -BlockDriverState *check_to_replace_node(const char *node_name, Error 
 **errp)
 +BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs,
 +const char *node_name, Error 
 **errp)
  {
  BlockDriverState *to_replace_bs = bdrv_find_node(node_name);
  AioContext *aio_context;
 @@ -4100,7 +4101,7 @@ BlockDriverState *check_to_replace_node(const char 
 *node_name, Error **errp)
   * Another benefit is that this tests exclude backing files which are
   * blocked by the backing blockers.
   */
 -if (!bdrv_is_first_non_filter(to_replace_bs)) {
 +if (!bdrv_recurse_is_first_non_filter(parent_bs, to_replace_bs)) {
  error_setg(errp, "Only top most non filter can be replaced");
  to_replace_bs = NULL;
  goto out;
 diff --git a/block/mirror.c b/block/mirror.c
 index 238a070..b81077e 100644
 --- a/block/mirror.c
 +++ b/block/mirror.c
 @@ -626,7 +626,8 @@ static void mirror_complete(BlockJob *job, Error 
 **errp)
  if (s->replaces) {
  AioContext *replace_aio_context;
  
 -s->to_replace = check_to_replace_node(s->replaces, &local_err);
 +s->to_replace = check_to_replace_node(s->common.bs, s->replaces,
 +  &local_err);
>>>
>>> Why is the check in qmp_drive_mirror not enough? Isn't this redundant?
>>
>> I don't know why we check it twice. And I think it is redundant too.
> 
> Okay, does that mean you are dropping this patch now?
> 

No, we call check_to_replace_node() twice. So we can remove it from 
mirror_complete().

Will update it in the next version.

Thanks
Wen Congyang

[Qemu-devel] [ANNOUNCE] QEMU 2.4.0-rc1 is now available

2015-07-16 Thread Michael Roth 
Hello,

On behalf of the QEMU Team, I'd like to announce the availability of the
second release candidate for the QEMU 2.4 release.  This release is meant
for testing purposes and should not be used in a production environment.

http://wiki.qemu.org/download/qemu-2.4.0-rc1.tar.bz2

You can help improve the quality of the QEMU 2.4 release by testing this
release and reporting bugs on Launchpad:

https://bugs.launchpad.net/qemu/

The release plan for the 2.4 release is available at:

http://wiki.qemu.org/Planning/2.4

Please add entries to the ChangeLog for the 2.4 release below:

http://wiki.qemu.org/ChangeLog/2.4

Changes since 2.4.0-rc0:

b4329bf: Update version for v2.4.0-rc1 release (Peter Maydell)
d3462e3: crypto: avoid undefined behavior in nettle calls (Radim Krčmář)
becaeb7: crypto: fix build with nettle >= 3.0.0 (Radim Krčmář)
c6742b1: memory: fix refcount leak in memory_region_present (Paolo Bonzini)
24b41d6: RDMA: Fix error exits (Dr. David Alan Gilbert)
5348c62: arm/xlnx-zynqmp: fix memory leak (Gonglei)
586d214: ppc/spapr_drc: fix memory leak (Gonglei)
02dae26: mips/kvm: Sign extend registers written to KVM (James Hogan)
f8b3e48: mips/kvm: Fix Big endian 32-bit register access (James Hogan)
567161f: qxl: allow to specify head limit to qxl driver (Frediano Ziglio)
3046bb5: target-i386: emulate CPUID level of real hardware (Radim Krčmář)
d461a44: target-i386: Don't strdup() alias property name (Eduardo Habkost)
672558d: numa: Fix memory leak in numa_set_mem_node_id() (Bharata B Rao)
76e2aef: hw/arm/boot: Increase fdt alignment (Alexander Graf)
e46e1a7: target-arm: Fix broken SCTLR_EL3 reset (Peter Maydell)
908680c: target-mips: fix page fault address for LWL/LWR/LDL/LDR (Aurelien 
Jarno)
f01a361: linux-user: Fix MIPS N64 trap and break instruction bug (Andrew 
Bennett)
26e7e98: target-mips: fix resource leak reported by Coverity (Leon Alrae)
47ada0a: target-mips: fix logically dead code reported by Coverity (Leon Alrae)
fe87c2b: target-mips: correct DERET instruction (Leon Alrae)
6a973e6: target-mips: fix ASID synchronisation for MIPS MT (Aurelien Jarno)
6b9c26f: disas/mips: fix disassembling R6 instructions (Yongbok Kim)
d4f4f0d: target-mips: fix to clear MSACSR.Cause (Yongbok Kim)
4dc89b7: target-mips: fix MIPS64R6-generic configuration (Yongbok Kim)
560d027: migration: We also want to store the global state for savevm (Juan 
Quintela)
9f5f380: migration: reduce the count of strlen call (Liang Li)
48212d8: migration: Register global state section before loadvm (Juan Quintela)
72e72e1: migration: Write documetation for events capabilites (Juan Quintela)
4ba4bc5: migration: Trace event and migration event are different things (Juan 
Quintela)
172c435: migration: Only change state after migration has finished (Juan 
Quintela)
796a060: block/curl: Don't lose original error when a connection fails. 
(Richard W.M. Jones)
48ac0a4: mirror: correct buf_size (Wen Congyang)
17d9716: block: keep bitmap if incremental backup job is cancelled (Stefan 
Hajnoczi)
299bf09: blockdev: no need to drain in qmp_block_commit (Paolo Bonzini)
4c0cbd6: block/mirror: Sleep periodically during bitmap scanning (Fam Zheng)
2af9170: s390/virtio-ccw: Fix migration (Christian Borntraeger)
0c7322c: watchdog/diag288: correctly register for system reset requests (Xu 
Wang)
e34d8f2: rbd: fix ceph settings precedence (Josh Durgin)
99a3c89: rbd: make qemu's cache setting override any ceph setting (Josh Durgin)
5a8ac6d: MAINTAINERS: update email address (Josh Durgin)
3dbf00e: rbd: remove unused constants and fields (Josh Durgin)
80a1e13: block: Fix backing file child when modifying graph (Kevin Wolf)
9a7dedb: block: Reorder cleanups in bdrv_close() (Kevin Wolf)
33a6040: block: Introduce bdrv_unref_child() (Kevin Wolf)
b4b059f: block: Introduce bdrv_open_child() (Kevin Wolf)
df58179: block: Move bdrv_attach_child() calls up the call chain (Kevin Wolf)
30349fd: nvme: properly report volatile write caches (Christoph Hellwig)
8b9d74e: nvme: implement the Flush command (Christoph Hellwig)
a169513: vnc: fix vnc client authentication (Wolfgang Bumiller)
4421c6a: pc: fix reuse of pc-i440fx-2.4 in pc-i440fx-2.3 (Eduardo Habkost)
06c4670: Revert "virtio-net: enable virtio 1.0" (Jason Wang)
2a63912: virtio-pci: don't crash on illegal length (Michael S. Tsirkin)
8aedc36: qdev: fix 64 bit properties (Cornelia Huck)
6e3c0c6: tci: Fix regression with INDEX_op_qemu_st_i32, INDEX_op_qemu_st_i64 
(Stefan Weil)

Re: [Qemu-devel] [PATCH v4 0/1] Add live migration for vhost user

2015-07-16 Thread Marc-André Lureau 
Hi Thibaut

On Fri, Jun 26, 2015 at 11:22 AM, Thibaut Collet
 wrote:
> v3->v4
> 1. The first patch is updated by:
>- removing the warning trace
>- setting the error trace inside a static bool flag to only print this once
>- removing the vhost_net_inject_rarp function (no more useful)
> 2. The second patch is temporarly removed.
>vhost user backend is responsible to send the RARP for guest that does not
>support VIRTIO_NET_F_GUEST_ANNOUNCE. More tricks will be delivered later
>([PATCH RFC]) to help vhost user backend to send RARP at the best time 
> (today
>RARP is sent when the virtual ring is kicked and can occur late).

Are you still working on this RFC?

thanks

-- 
Marc-André Lureau

Re: [Qemu-devel] [PATCH v4 1/1] vhost user: add support of live migration

2015-07-16 Thread Marc-André Lureau 
Hi

On Mon, Jul 13, 2015 at 4:27 AM, Linhaifeng  wrote:
>> When a packet is received by vhost-user, the vhost-user writes the
>> packet in guest memory.  QEMU must then copy that page of guest memory
>> from source to destination; it uses a dirty bitmap for this purpose.
>>
>> How does vhost-user do this?  I can see this patch providing enough
>> support for *non*live migration.  However, it cannot be enough for live
>> migration unless I'm missing something obvious.
>>
>> Paolo
>
> Agree. vhost-user should mmap the log memory and mark dirty pages when send
> or receive packets.

This is already supported by vhost-user protocol, isn't it? The
LOG_BASE/FD and vring log_guest_addr are provided. I can't find any
vhost-user backend implementing dirty bitmaps yet though, but it looks
like it should work. I suppose the backend should stop all IO after
RESET_OWNER is received.

-- 
Marc-André Lureau

Re: [Qemu-devel] [PATCH v2 0/3] AioContext: ctx->dispatching is dead, all hail ctx->notify_me

2015-07-16 Thread Paolo Bonzini 


On 17/07/2015 00:06, Paolo Bonzini wrote:
> 
> 
> On 16/07/2015 21:05, Richard W.M. Jones wrote:
>> Sorry to spoil things, but I'm still seeing this bug, although it is
>> now a lot less frequent with your patch.  I would estimate it happens
>> more often than 1 in 5 runs with qemu.git, and probably 1 in 200 runs
>> with qemu.git + the v2 patch series.
>>
>> It's the exact same hang in both cases.
>>
>> Is it possible that this patch doesn't completely close any race?
>>
>> Still, it is an improvement, so there is that.
> 
> I would guess instead that there are two separate bugs, but it's not
> impossible that it's still there.

Reproduced after ~80 runs...

Paolo

[Qemu-devel] Commit 812c1057f, Handle G_IO_HUP in tcp_chr_read for tcp chardev, broke CloudStack

2015-07-16 Thread Nils Carlson 

Hi,

The commit 812c1057f, Handle G_IO_HUP in tcp_chr_read for tcp chardev, 
broke CloudStack. CloudStack was relying on fire-and-forget style 
messaging across a unix socket to the VM. Because the host "fires" the 
message and then closes the socket a HUP is present on the line when the 
VM starts reading the socket. Commit 812c1057f ensured that the socket was 
checked for a HUP prior to calling recv, causing recv never to be called 
by the VM and no data to be read.


I've posted a patch, attached here, which moves the HUP detection to after 
all data has been read, but only for Linux as I suspect windows requires 
HUPs to be detected prior to reading data.


Could you comment on the validity of this assumption? I would be really 
happy to have this issue solved as it stops us from upgrading to later 
versions of qemu.


Amit also has concerns regarding the return values from the tcp_chr_read 
function, which seem a bit odd as they are all TRUE, even for failure 
paths.


All feedback very much appreciated.

Best Regards,
Nils Carlson


From pyssl...@ludd.ltu.se Thu Jul 16 01:01:31 2015
Date: Wed, 15 Jul 2015 23:00:23 +
From: pyssl...@ludd.ltu.se
To: pbonz...@redhat.com, qemu-devel@nongnu.org
Cc: Nils Carlson 
Subject: [Qemu-devel] [PATCH v2] qemu-char: Fix missed data on unix socket

From: Nils Carlson 

Commit 812c1057 introduced HUP detection on unix and tcp sockets prior
to a read in tcp_chr_read. This unfortunately broke CloudStack 4.2
which relied on the old behaviour where data on a socket was readable
even if a HUP was present.

On Linux a working solution seems to be to simply check the HUP after
reading all available data, i.e. recv returns a negative value,
while keeping the previous behaviour for Windows as it is known to
work.

Signed-off-by: Nils Carlson 
---
 qemu-char.c |4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/qemu-char.c b/qemu-char.c
index 617e034..1e9895e 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -2847,11 +2847,13 @@ static gboolean tcp_chr_read(GIOChannel *chan, GIOCondition cond, void *opaque)
 uint8_t buf[READ_BUF_LEN];
 int len, size;
 
+#ifdef _WIN32
 if (cond & G_IO_HUP) {
 /* connection closed */
 tcp_chr_disconnect(chr);
 return TRUE;
 }
+#endif
 
 if (!s->connected || s->max_size <= 0) {
 return TRUE;
@@ -2860,7 +2862,7 @@ static gboolean tcp_chr_read(GIOChannel *chan, GIOCondition cond, void *opaque)
 if (len > s->max_size)
 len = s->max_size;
 size = tcp_chr_recv(chr, (void *)buf, len);
-if (size == 0) {
+if (size == 0 || (size < 0 && (cond & G_IO_HUP))) {
 /* connection closed */
 tcp_chr_disconnect(chr);
 } else if (size > 0) {
-- 
1.7.10.4

Re: [Qemu-devel] [PATCH v2 0/3] AioContext: ctx->dispatching is dead, all hail ctx->notify_me

2015-07-16 Thread Paolo Bonzini 


On 16/07/2015 21:05, Richard W.M. Jones wrote:
> Sorry to spoil things, but I'm still seeing this bug, although it is
> now a lot less frequent with your patch.  I would estimate it happens
> more often than 1 in 5 runs with qemu.git, and probably 1 in 200 runs
> with qemu.git + the v2 patch series.
> 
> It's the exact same hang in both cases.
> 
> Is it possible that this patch doesn't completely close any race?
> 
> Still, it is an improvement, so there is that.

I would guess instead that there are two separate bugs, but it's not
impossible that it's still there.

Paolo

[Qemu-devel] [Bug 921208] Re: win7/x64 installer hangs on startup with 0x0000005d.

2015-07-16 Thread Brendan Dolan-Gavitt 
The initial bluescreen is caused because of unsupported CPU feature bits
(the DE flag, specifically). The experimental patch Clemens mentioned is
here:

http://lists.gnu.org/archive/html/qemu-devel/2012-09/msg01412.html

Past that, however, there is a bug in QEMU's self-modifying code support
that causes trouble with PatchGuard and results in a different BSOD.
Patrick Hulin did some work debugging and fixing this:

http://lists.gnu.org/archive/html/qemu-devel/2014-08/msg02161.html

After that, 64-bit Windows 7 will run correctly under TCG. However it
should be noted that his patch introduces other problems – e.g., running
Paint Shop Pro 8.0 on Windows 7 32-bit will now crash on startup.

So there is no proper fix yet, but for some use cases these patches may
suffice.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/921208

Title:
  win7/x64 installer hangs on startup with 0x005d.

Status in QEMU:
  Confirmed
Status in qemu package in Ubuntu:
  Triaged

Bug description:
  hi,

  during booting win7/x64 installer i'm observing a bsod with 0x005d
  ( msdn: unsupported_processor ).

  used command line: qemu-system-x86_64 -m 2048 -hda w7-system.img
  -cdrom win7_x64.iso -boot d

  adding '-machine accel=kvm' instead of default tcg accel helps to
  boot.

  
  installed software:

  qemu-1.0
  linux-3.2.1
  glibc-2.14.1
  gcc-4.6.2

  hw cpu:

  processor   : 0..7
  vendor_id   : GenuineIntel
  cpu family  : 6
  model   : 42
  model name  : Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
  stepping: 7
  microcode   : 0x14
  cpu MHz : 1995.739
  cache size  : 6144 KB
  physical id : 0
  siblings: 8
  core id : 3
  cpu cores   : 4
  apicid  : 7
  initial apicid  : 7
  fpu : yes
  fpu_exception   : yes
  cpuid level : 13
  wp  : yes
  flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca 
cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx 
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology 
nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 
cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer xsave avx 
lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid
  bogomips: 3992.23
  clflush size: 64
  cache_alignment : 64
  address sizes   : 36 bits physical, 48 bits virtual

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/921208/+subscriptions

Re: [Qemu-devel] [PATCH v2 00/13] tcg/sparc v8plus code generation

2015-07-16 Thread Richard Henderson 

On 07/15/2015 09:54 PM, Aurelien Jarno wrote:

While I understand why we need the new trunc_shr_i32 opcode for MIPS64
(the 32-bit values must be kept sign-extended), I currently fail to
see why it is needed for SPARC.


As far as I recall, it improves code for extracting high parts of 64-bit 
quantities.  Without this, we wind up with a 64-bit shift, requiring a 64-bit 
temp register, followed by the "real" truncate which can copy the data to a 
32-bit destination register.



r~

[Qemu-devel] [PATCH v13 18/19] i.MX: Add qtest support for I2C device emulator.

2015-07-16 Thread Jean-Christophe Dubois 
This is using a ds1338 RTC chip on the I2C bus. This RTC chip is
not present on the real 3DS PDK board.

Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* use a common header file for I2C regs definition

Changes since v3:
* rework GPL headers.

Changes since v4:
* none

Changes since v5:
* none

Changes since v6:
* none

Changes since v7:
* adapt to new i.MX I2C header file.

Changes since v8:
* no change

Changes since v9:
* no change

Changes since v10:
* no change

Changes since v11:
* no change

Changes since v12:
* no change

 tests/Makefile |   3 +
 tests/ds1338-test.c|  75 ++
 tests/libqos/i2c-imx.c | 209 +
 tests/libqos/i2c.h |   3 +
 4 files changed, 290 insertions(+)
 create mode 100644 tests/ds1338-test.c
 create mode 100644 tests/libqos/i2c-imx.c

diff --git a/tests/Makefile b/tests/Makefile
index c5e4744..93890a8 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -193,6 +193,7 @@ check-qtest-sparc64-y = tests/endianness-test$(EXESUF)
 gcov-files-sparc-y += hw/timer/m48t59.c
 gcov-files-sparc64-y += hw/timer/m48t59.c
 check-qtest-arm-y = tests/tmp105-test$(EXESUF)
+check-qtest-arm-y = tests/ds1338-test$(EXESUF)
 gcov-files-arm-y += hw/misc/tmp105.c
 check-qtest-arm-y += tests/virtio-blk-test$(EXESUF)
 gcov-files-arm-y += arm-softmmu/hw/block/virtio-blk.c
@@ -342,6 +343,7 @@ libqos-pc-obj-y = $(libqos-obj-y) tests/libqos/pci-pc.o
 libqos-pc-obj-y += tests/libqos/malloc-pc.o tests/libqos/libqos-pc.o
 libqos-pc-obj-y += tests/libqos/ahci.o
 libqos-omap-obj-y = $(libqos-obj-y) tests/libqos/i2c-omap.o
+libqos-imx-obj-y = $(libqos-obj-y) tests/libqos/i2c-imx.o
 libqos-usb-obj-y = $(libqos-pc-obj-y) tests/libqos/usb.o
 libqos-virtio-obj-y = $(libqos-pc-obj-y) tests/libqos/virtio.o 
tests/libqos/virtio-pci.o tests/libqos/virtio-mmio.o 
tests/libqos/malloc-generic.o
 
@@ -356,6 +358,7 @@ tests/hd-geo-test$(EXESUF): tests/hd-geo-test.o
 tests/boot-order-test$(EXESUF): tests/boot-order-test.o $(libqos-obj-y)
 tests/bios-tables-test$(EXESUF): tests/bios-tables-test.o $(libqos-obj-y)
 tests/tmp105-test$(EXESUF): tests/tmp105-test.o $(libqos-omap-obj-y)
+tests/ds1338-test$(EXESUF): tests/ds1338-test.o $(libqos-imx-obj-y)
 tests/i440fx-test$(EXESUF): tests/i440fx-test.o $(libqos-pc-obj-y)
 tests/q35-test$(EXESUF): tests/q35-test.o $(libqos-pc-obj-y)
 tests/fw_cfg-test$(EXESUF): tests/fw_cfg-test.o $(libqos-pc-obj-y)
diff --git a/tests/ds1338-test.c b/tests/ds1338-test.c
new file mode 100644
index 000..fbc989b
--- /dev/null
+++ b/tests/ds1338-test.c
@@ -0,0 +1,75 @@
+/*
+ * QTest testcase for the DS1338 RTC
+ *
+ * Copyright (c) 2013 Jean-Christophe Dubois
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "libqtest.h"
+#include "libqos/i2c.h"
+
+#include 
+
+#define IMX25_I2C_0_BASE 0x43F8
+
+#define DS1338_ADDR 0x68
+
+static I2CAdapter *i2c;
+static uint8_t addr;
+
+#define bcd2bin(x)(((x) & 0x0f) + ((x) >> 4) * 10)
+
+static void send_and_receive(void)
+{
+uint8_t cmd[1];
+uint8_t resp[7];
+time_t now = time(NULL);
+struct tm *tm_ptr = gmtime(&now);
+
+/* reset the index in the RTC memory */
+cmd[0] = 0;
+i2c_send(i2c, addr, cmd, 1);
+
+/* retrieve the date */
+i2c_recv(i2c, addr, resp, 7);
+
+/* check retreived time againt local time */
+g_assert_cmpuint(bcd2bin(resp[4]), == , tm_ptr->tm_mday);
+g_assert_cmpuint(bcd2bin(resp[5]), == , 1 + tm_ptr->tm_mon);
+g_assert_cmpuint(2000 + bcd2bin(resp[6]), == , 1900 + tm_ptr->tm_year);
+}
+
+int main(int argc, char **argv)
+{
+QTestState *s = NULL;
+int ret;
+
+g_test_init(&argc, &argv, NULL);
+
+s = qtest_start("-display none -machine imx25_3ds");
+i2c = imx_i2c_create(IMX25_I2C_0_BASE);
+addr = DS1338_ADDR;
+
+qtest_add_func("/ds1338/tx-rx", send_and_receive);
+
+ret = g_test_run();
+
+if (s) {
+qtest_quit(s);
+}
+g_free(i2c);
+
+return ret;
+}
diff --git a/tests/libqos/i2c-imx.c b/tests/libqos/i2c-imx.c
new file mode 100644
index 000..b5cef66
--- /dev/null
+++ b/tests/libqos/i2c-imx.c
@@ -0,0 +1,209 @@
+/*
+ * QTest i.MX I2C driver
+ *
+ * Copyright (c) 2013 Jean-Christophe Dubois
+ *
+ *  This program is free software; you

[Qemu-devel] [PATCH 1/2] tcg/i386: Extend addresses for 32-bit guests

2015-07-16 Thread Richard Henderson 
Removing the ??? comment explaining why it (mostly) worked.

Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.c | 105 +++---
 1 file changed, 65 insertions(+), 40 deletions(-)

diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c
index ff4d9cf..bbe2963 100644
--- a/tcg/i386/tcg-target.c
+++ b/tcg/i386/tcg-target.c
@@ -1434,8 +1434,8 @@ static inline void setup_guest_base_seg(void) { }
 #endif /* SOFTMMU */
 
 static void tcg_out_qemu_ld_direct(TCGContext *s, TCGReg datalo, TCGReg datahi,
-   TCGReg base, intptr_t ofs, int seg,
-   TCGMemOp memop)
+   TCGReg base, int index, intptr_t ofs,
+   int seg, TCGMemOp memop)
 {
 const TCGMemOp real_bswap = memop & MO_BSWAP;
 TCGMemOp bswap = real_bswap;
@@ -1448,13 +1448,16 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, 
TCGReg datalo, TCGReg datahi,
 
 switch (memop & MO_SSIZE) {
 case MO_UB:
-tcg_out_modrm_offset(s, OPC_MOVZBL + seg, datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, OPC_MOVZBL + seg, datalo,
+ base, index, 0, ofs);
 break;
 case MO_SB:
-tcg_out_modrm_offset(s, OPC_MOVSBL + P_REXW + seg, datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, OPC_MOVSBL + P_REXW + seg, datalo,
+ base, index, 0, ofs);
 break;
 case MO_UW:
-tcg_out_modrm_offset(s, OPC_MOVZWL + seg, datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, OPC_MOVZWL + seg, datalo,
+ base, index, 0, ofs);
 if (real_bswap) {
 tcg_out_rolw_8(s, datalo);
 }
@@ -1462,20 +1465,21 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, 
TCGReg datalo, TCGReg datahi,
 case MO_SW:
 if (real_bswap) {
 if (have_movbe) {
-tcg_out_modrm_offset(s, OPC_MOVBE_GyMy + P_DATA16 + seg,
- datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, OPC_MOVBE_GyMy + P_DATA16 + seg,
+ datalo, base, index, 0, ofs);
 } else {
-tcg_out_modrm_offset(s, OPC_MOVZWL + seg, datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, OPC_MOVZWL + seg, datalo,
+ base, index, 0, ofs);
 tcg_out_rolw_8(s, datalo);
 }
 tcg_out_modrm(s, OPC_MOVSWL + P_REXW, datalo, datalo);
 } else {
-tcg_out_modrm_offset(s, OPC_MOVSWL + P_REXW + seg,
- datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, OPC_MOVSWL + P_REXW + seg,
+ datalo, base, index, 0, ofs);
 }
 break;
 case MO_UL:
-tcg_out_modrm_offset(s, movop + seg, datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, movop + seg, datalo, base, index, 0, ofs);
 if (bswap) {
 tcg_out_bswap32(s, datalo);
 }
@@ -1483,19 +1487,22 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, 
TCGReg datalo, TCGReg datahi,
 #if TCG_TARGET_REG_BITS == 64
 case MO_SL:
 if (real_bswap) {
-tcg_out_modrm_offset(s, movop + seg, datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, movop + seg, datalo,
+ base, index, 0, ofs);
 if (bswap) {
 tcg_out_bswap32(s, datalo);
 }
 tcg_out_ext32s(s, datalo, datalo);
 } else {
-tcg_out_modrm_offset(s, OPC_MOVSLQ + seg, datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, OPC_MOVSLQ + seg, datalo,
+ base, index, 0, ofs);
 }
 break;
 #endif
 case MO_Q:
 if (TCG_TARGET_REG_BITS == 64) {
-tcg_out_modrm_offset(s, movop + P_REXW + seg, datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, movop + P_REXW + seg, datalo,
+ base, index, 0, ofs);
 if (bswap) {
 tcg_out_bswap64(s, datalo);
 }
@@ -1506,11 +1513,15 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, 
TCGReg datalo, TCGReg datahi,
 datahi = t;
 }
 if (base != datalo) {
-tcg_out_modrm_offset(s, movop + seg, datalo, base, ofs);
-tcg_out_modrm_offset(s, movop + seg, datahi, base, ofs + 4);
+tcg_out_modrm_sib_offset(s, movop + seg, datalo,
+ base, index, 0, ofs);
+tcg_out_modrm_sib_offset(s, movop + seg, datahi,
+ base, index, 0, ofs + 4);
 } else {
-tcg_out_modrm_offset(s, movop + seg, datahi, base, ofs + 4);
-tcg_out_modrm_off

[Qemu-devel] [PATCH for-2.4 0/2] tcg/i386 address zero-extension

2015-07-16 Thread Richard Henderson 
This is an alternative to the patch that Aurelien posted yesterday.


r~


Richard Henderson (2):
  tcg/i386: Extend addresses for 32-bit guests
  tcg/i386: Reserve register for guest_base if a segment isn't available

 tcg/i386/tcg-target.c | 163 --
 1 file changed, 90 insertions(+), 73 deletions(-)

-- 
2.4.3

[Qemu-devel] [PATCH v13 13/19] i.MX: KZM now uses the standalone i.MX31 SOC support

2015-07-16 Thread Jean-Christophe Dubois 
Tested by booting a minimal Linux system on the emulated platform

Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1: 
* not present on v1

Changes since v2: 
* not present on v2

Changes since v3: 
* not present on v3

Changes since v4: 
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6 

Changes since v7:
* update KZM target to use new emulators

Changes since v8:
* update KZM to user i.MX31 SOC
* rework SDRAM memory initialisation

Changes since v9:
* remove all Qdev construction helper fucntions.

Changes since v10:
* use memory_region_allocate_system_memory()
* rework of memory initialization loop.
* remove all Qdev construction helper in device files.

Changes since v10:
* no change.

Changes since v11:
* no change.

Changes since v12:
* no change.

 hw/arm/Makefile.objs |   4 +-
 hw/arm/kzm.c | 206 +--
 hw/char/imx_serial.c |  35 -
 hw/timer/imx_epit.c  |  11 ---
 hw/timer/imx_gpt.c   |  11 ---
 include/hw/arm/imx.h |  26 ---
 6 files changed, 105 insertions(+), 188 deletions(-)
 delete mode 100644 include/hw/arm/imx.h

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index f35f731..2fbe344 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -1,6 +1,6 @@
 obj-y += boot.o collie.o exynos4_boards.o gumstix.o highbank.o
 obj-$(CONFIG_DIGIC) += digic_boards.o
-obj-y += integratorcp.o kzm.o mainstone.o musicpal.o nseries.o
+obj-y += integratorcp.o mainstone.o musicpal.o nseries.o
 obj-y += omap_sx1.o palm.o realview.o spitz.o stellaris.o
 obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o z2.o
 obj-$(CONFIG_ACPI) += virt-acpi-build.o
@@ -13,4 +13,4 @@ obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
-obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o
+obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
diff --git a/hw/arm/kzm.c b/hw/arm/kzm.c
index d7af230..51f6194 100644
--- a/hw/arm/kzm.c
+++ b/hw/arm/kzm.c
@@ -13,131 +13,131 @@
  * i.MX31 SoC
  */
 
-#include "hw/sysbus.h"
+#include "hw/arm/fsl-imx31.h"
+#include "hw/boards.h"
+#include "qemu/error-report.h"
 #include "exec/address-spaces.h"
-#include "hw/hw.h"
-#include "hw/arm/arm.h"
-#include "hw/devices.h"
 #include "net/net.h"
-#include "sysemu/sysemu.h"
-#include "hw/boards.h"
+#include "hw/devices.h"
 #include "hw/char/serial.h"
-#include "hw/intc/imx_avic.h"
-#include "hw/arm/imx.h"
-
-/* Memory map for Kzm Emulation Baseboard:
- * 0x-0x3fff 16k secure ROM   IGNORED
- * 0x4000-0x00407fff Reserved IGNORED
- * 0x00404000-0x00407fff ROM  IGNORED
- * 0x00408000-0x0fff Reserved IGNORED
- * 0x1000-0x1fffbfff RAM aliasing IGNORED
- * 0x1fffc000-0x1fff RAM  EMULATED
- * 0x2000-0x2fff Reserved IGNORED
- * 0x3000-0x7fff I.MX31 Internal Register Space
- *   0x43f0 IO_AREA0
- *   0x43f9 UART1 EMULATED
- *   0x43f94000 UART2 EMULATED
- *   0x6800 AVIC  EMULATED
- *   0x53f8 CCM   EMULATED
- *   0x53f94000 PIT 1 EMULATED
- *   0x53f98000 PIT 2 EMULATED
- *   0x53f9 GPT   EMULATED
- * 0x8000-0x87ff RAM  EMULATED
- * 0x8800-0x8fff RAM Aliasing EMULATED
- * 0xa000-0xafff NAND Flash   IGNORED
- * 0xb000-0xb3ff Unavailable  IGNORED
- * 0xb400-0xb4000fff 8-bit free space IGNORED
- * 0xb4001000-0xb400100f Board controlIGNORED
- *  0xb4001003   DIP switch
- * 0xb4001010-0xb400101f 7-segment LEDIGNORED
- * 0xb4001020-0xb400102f LED  IGNORED
- * 0xb4001030-0xb400103f LED  IGNORED
- * 0xb4001040-0xb400104f FPGA, UART   EMULATED
- * 0xb4001050-0xb400105f FPGA, UART   EMULATED
- * 0xb4001060-0xb40f FPGA IGNORED
- * 0xb600-0xb61f LAN controller   EMULATED
- * 0xb620-0xb62f FPGA NAND Controller IGNORED
- * 0xb630-0xb7ff Free IGNORED
- * 0xb800-0xb8004fff Memory control registers IGNORED
- * 0xc000-0xc3ff PCMCIA/CFIGNORED
- * 0xc400-0x Reserved IGNORED
- */
-
-#define KZM_RAMADDRESS (0x8000)
-#define KZM_FPGA   (0xb4001040)
+#include "sysemu/qtest.h"
+
+/* Memory map for Kzm Emulation Baseboard:
+ * 0x-0x7fff See i.MX31 SOC for support
+ * 0x8000-0x8fff RAM

[Qemu-devel] [PATCH v13 14/19] i.MX: Add I2C controller emulator

2015-07-16 Thread Jean-Christophe Dubois 
The slave mode is not implemented.

Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1: 
* none

Changes since v2:
* use QOM cast
* reworked debug printf
* use CamelCase for state type
* warn with qemu_log_mask(LOG_GUEST_ERROR) or qemu_log_mask(LOG_UNIMP)
* move to dma_memory_read/write API
* rework interrupt handling
* use qemu_flush_queued_packets() in rx_enable()

Changes since v3:
* use realise for device initialization
* More QOM cast 
* reworked debug printf some more
* standardise GPL header
* use CamelCase for buffer descriptor type

Changes since v4:
* none

Changes since v5:
* replace hw_error() with qemu_log_mask(LOG_GUEST_ERROR, ...)
* remove reformating of imx.h header file.
* remove unnecessary spaces.

Changes since v6:
* port to new memory API

Change since v7:
* refactor emulator to be used by SOC

Changes since v8:
* no change

Changes since v9:
* no change

Changes since v10:
* no change.

Changes since v11:
* no change.

Changes since v12:
* no change.

 default-configs/arm-softmmu.mak |   2 +
 hw/i2c/Makefile.objs|   1 +
 hw/i2c/imx_i2c.c| 339 
 include/hw/i2c/imx_i2c.h|  85 ++
 4 files changed, 427 insertions(+)
 create mode 100644 hw/i2c/imx_i2c.c
 create mode 100644 include/hw/i2c/imx_i2c.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 3f86e7e..47390db 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -100,6 +100,8 @@ CONFIG_ALLWINNER_A10=y
 
 CONFIG_FSL_IMX31=y
 
+CONFIG_IMX_I2C=y
+
 CONFIG_XIO3130=y
 CONFIG_IOH3420=y
 CONFIG_I82801B11=y
diff --git a/hw/i2c/Makefile.objs b/hw/i2c/Makefile.objs
index 0f13060..aeb8f38 100644
--- a/hw/i2c/Makefile.objs
+++ b/hw/i2c/Makefile.objs
@@ -4,4 +4,5 @@ common-obj-$(CONFIG_ACPI_X86) += smbus_ich9.o
 common-obj-$(CONFIG_APM) += pm_smbus.o
 common-obj-$(CONFIG_BITBANG_I2C) += bitbang_i2c.o
 common-obj-$(CONFIG_EXYNOS4) += exynos4210_i2c.o
+common-obj-$(CONFIG_IMX_I2C) += imx_i2c.o
 obj-$(CONFIG_OMAP) += omap_i2c.o
diff --git a/hw/i2c/imx_i2c.c b/hw/i2c/imx_i2c.c
new file mode 100644
index 000..468712b
--- /dev/null
+++ b/hw/i2c/imx_i2c.c
@@ -0,0 +1,339 @@
+/*
+ *  i.MX I2C Bus Serial Interface Emulation
+ *
+ *  Copyright (C) 2013 Jean-Christophe Dubois. 
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ *
+ */
+
+#include "hw/i2c/imx_i2c.h"
+#include "hw/i2c/i2c.h"
+
+#ifndef IMX_I2C_DEBUG
+#define IMX_I2C_DEBUG 0
+#endif
+
+#if IMX_I2C_DEBUG
+#define DPRINT(fmt, args...)  \
+do { fprintf(stderr, "%s: "fmt, __func__, ## args); } while (0)
+
+static const char *imx_i2c_get_regname(unsigned offset)
+{
+switch (offset) {
+case IADR_ADDR:
+return "IADR";
+case IFDR_ADDR:
+return "IFDR";
+case I2CR_ADDR:
+return "I2CR";
+case I2SR_ADDR:
+return "I2SR";
+case I2DR_ADDR:
+return "I2DR";
+default:
+return "[?]";
+}
+}
+#else
+#define DPRINT(fmt, args...)  do { } while (0)
+#endif
+
+static inline bool imx_i2c_is_enabled(IMXI2CState *s)
+{
+return s->i2cr & I2CR_IEN;
+}
+
+static inline bool imx_i2c_interrupt_is_enabled(IMXI2CState *s)
+{
+return s->i2cr & I2CR_IIEN;
+}
+
+static inline bool imx_i2c_is_master(IMXI2CState *s)
+{
+return s->i2cr & I2CR_MSTA;
+}
+
+static inline bool imx_i2c_direction_is_tx(IMXI2CState *s)
+{
+return s->i2cr & I2CR_MTX;
+}
+
+static void imx_i2c_reset(DeviceState *dev)
+{
+IMXI2CState *s = IMX_I2C(dev);
+
+if (s->address != ADDR_RESET) {
+i2c_end_transfer(s->bus);
+}
+
+s->address= ADDR_RESET;
+s->iadr   = IADR_RESET;
+s->ifdr   = IFDR_RESET;
+s->i2cr   = I2CR_RESET;
+s->i2sr   = I2SR_RESET;
+s->i2dr_read  = I2DR_RESET;
+s->i2dr_write = I2DR_RESET;
+}
+
+static inline void imx_i2c_raise_interrupt(IMXI2CState *s)
+{
+/*
+ * raise an interrupt if the device is enabled and it is configured
+ * to generate some interrupts.
+ */
+if (imx_i2c_is_enabled(s) && imx_i2c_interrupt_is_enabled(s)) {
+s->i2sr |= I2SR_IIF;
+qemu_irq_raise(s->irq);
+}
+}
+
+static uint64_t imx_i2c_read(vo

[Qemu-devel] [PATCH v13 15/19] i.MX: Add FEC Ethernet Emulator

2015-07-16 Thread Jean-Christophe Dubois 
This is based on mcf_fec.c FEC implementation for Coldfire

  * A generic PHY was added (borrowwed from LAN9118)
  * The buffer management is also modified as buffers are
slightly different between Coldfire and i.MX

Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* none

Changes since v2:
* use QOM cast
* reworked debug printf
* use CamelCase for state type
* warn with qemu_log_mask(LOG_GUEST_ERROR) or qemu_log_mask(LOG_UNIMP)
* move to dma_memory_read/write API
* rework interrupt handling
* use qemu_flush_queued_packets() in rx_enable()

Changes since v3:
* use realise for device initialization
* More QOM cast
* reworked debug printf some more
* standardise GPL header
* use CamelCase for buffer descriptor type

Changes since v4:
* none

Changes since v5: 
* replace hw_error() with qemu_log_mask(LOG_GUEST_ERROR, ...)
* remove reformating of imx.h header file.
* remove unnecessary spaces.

Changes since v6:
* port to new memory API

Changes since v7:
* refactor to be used by SOC

Changes since v8:
* no change

Changes since v9:
* no change

Changes since v10:
* no change

Changes since v11:
* no change

Changes since v12:
* no change

 default-configs/arm-softmmu.mak |   1 +
 hw/net/Makefile.objs|   1 +
 hw/net/imx_fec.c| 709 
 include/hw/net/imx_fec.h| 113 +++
 4 files changed, 824 insertions(+)
 create mode 100644 hw/net/imx_fec.c
 create mode 100644 include/hw/net/imx_fec.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 47390db..5fa84c6 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -28,6 +28,7 @@ CONFIG_SSI_M25P80=y
 CONFIG_LAN9118=y
 CONFIG_SMC91C111=y
 CONFIG_ALLWINNER_EMAC=y
+CONFIG_IMX_FEC=y
 CONFIG_DS1338=y
 CONFIG_PFLASH_CFI01=y
 CONFIG_PFLASH_CFI02=y
diff --git a/hw/net/Makefile.objs b/hw/net/Makefile.objs
index 9880173..64d0449 100644
--- a/hw/net/Makefile.objs
+++ b/hw/net/Makefile.objs
@@ -19,6 +19,7 @@ common-obj-$(CONFIG_XGMAC) += xgmac.o
 common-obj-$(CONFIG_MIPSNET) += mipsnet.o
 common-obj-$(CONFIG_XILINX_AXI) += xilinx_axienet.o
 common-obj-$(CONFIG_ALLWINNER_EMAC) += allwinner_emac.o
+common-obj-$(CONFIG_IMX_FEC) += imx_fec.o
 
 common-obj-$(CONFIG_CADENCE) += cadence_gem.o
 common-obj-$(CONFIG_STELLARIS_ENET) += stellaris_enet.o
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
new file mode 100644
index 000..725f3fa
--- /dev/null
+++ b/hw/net/imx_fec.c
@@ -0,0 +1,709 @@
+/*
+ * i.MX Fast Ethernet Controller emulation.
+ *
+ * Copyright (c) 2013 Jean-Christophe Dubois. 
+ *
+ * Based on Coldfire Fast Ethernet Controller emulation.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "hw/net/imx_fec.h"
+#include "sysemu/dma.h"
+
+/* For crc32 */
+#include 
+
+#ifndef IMX_FEC_DEBUG
+#define IMX_FEC_DEBUG  0
+#endif
+
+#ifndef IMX_PHY_DEBUG
+#define IMX_PHY_DEBUG  0
+#endif
+
+#if IMX_FEC_DEBUG
+#define FEC_PRINTF(fmt, ...) \
+do { fprintf(stderr, "%s[%s]: " fmt , TYPE_IMX_FEC, __func__, \
+ ## __VA_ARGS__); \
+} while (0)
+#else
+#define FEC_PRINTF(fmt, ...) do {} while (0)
+#endif
+
+#if IMX_PHY_DEBUG
+#define PHY_PRINTF(fmt, ...) \
+do { fprintf(stderr, "%s.phy[%s]: " fmt , TYPE_IMX_FEC, __func__, \
+ ## __VA_ARGS__); \
+} while (0)
+#else
+#define PHY_PRINTF(fmt, ...) do {} while (0)
+#endif
+
+static const VMStateDescription vmstate_imx_fec = {
+.name = TYPE_IMX_FEC,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(irq_state, IMXFECState),
+VMSTATE_UINT32(eir, IMXFECState),
+VMSTATE_UINT32(eimr, IMXFECState),
+VMSTATE_UINT32(rx_enabled, IMXFECState),
+VMSTATE_UINT32(rx_descriptor, IMXFECState),
+VMSTATE_UINT32(tx_descriptor, IMXFECState),
+VMSTATE_UINT32(ecr, IMXFECState),
+VMSTATE_UINT32(mmfr, IMXFECState),
+VMSTATE_UINT32(mscr, IMXFECState),
+VMSTATE_UINT32(mibc, IMXFECState),
+VMSTATE_UINT32(rcr, IMXFECState),
+VMSTATE_UINT32(tcr, IMXFECState),
+VMSTATE_UINT32(tfwr, IMXFECState),
+VMS

[Qemu-devel] [PATCH v13 12/19] i.MX: Add SOC support for i.MX31

2015-07-16 Thread Jean-Christophe Dubois 
For now we support the following devices:
  * CPU: ARM1136
  * Interrupt Controller: AVIC
  * CCM
  * UART x 2
  * EPIT x 2
  * GPT

Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1: 
* not present on v1

Changes since v2: 
* not present on v2

Changes since v3: 
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* use defines instead of hardcoded values for IRQ and ADDR
* Add i.MX31 SOC support

Changes since v9:
* no change.

Changes since v10:
* added description of supported devices
* rework of UART init to use chardev property
* use memory_region_allocate_system_memory()
* Fix coding style.

Changes since v11:
* no change.

Changes since v12:
* no change.

 default-configs/arm-softmmu.mak |   2 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/fsl-imx31.c  | 203 
 include/hw/arm/fsl-imx31.h  |  98 +++
 4 files changed, 304 insertions(+)
 create mode 100644 hw/arm/fsl-imx31.c
 create mode 100644 include/hw/arm/fsl-imx31.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 74f1db3..3f86e7e 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -98,6 +98,8 @@ CONFIG_ALLWINNER_A10_PIT=y
 CONFIG_ALLWINNER_A10_PIC=y
 CONFIG_ALLWINNER_A10=y
 
+CONFIG_FSL_IMX31=y
+
 CONFIG_XIO3130=y
 CONFIG_IOH3420=y
 CONFIG_I82801B11=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index cf346c1..f35f731 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -13,3 +13,4 @@ obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
+obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
new file mode 100644
index 000..8d349c9
--- /dev/null
+++ b/hw/arm/fsl-imx31.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright (c) 2013 Jean-Christophe Dubois 
+ *
+ * i.MX31 SOC emulation.
+ *
+ * Based on hw/arm/fsl-imx31.c
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "hw/arm/fsl-imx31.h"
+#include "sysemu/sysemu.h"
+#include "exec/address-spaces.h"
+#include "hw/boards.h"
+#include "sysemu/char.h"
+
+static void fsl_imx31_init(Object *obj)
+{
+FslIMX31State *s = FSL_IMX31(obj);
+int i;
+
+object_initialize(&s->cpu, sizeof(s->cpu), "arm1136-" TYPE_ARM_CPU);
+
+object_initialize(&s->avic, sizeof(s->avic), TYPE_IMX_AVIC);
+qdev_set_parent_bus(DEVICE(&s->avic), sysbus_get_default());
+
+object_initialize(&s->ccm, sizeof(s->ccm), TYPE_IMX_CCM);
+qdev_set_parent_bus(DEVICE(&s->ccm), sysbus_get_default());
+
+for (i = 0; i < FSL_IMX31_NUM_UARTS; i++) {
+object_initialize(&s->uart[i], sizeof(s->uart[i]), TYPE_IMX_SERIAL);
+qdev_set_parent_bus(DEVICE(&s->uart[i]), sysbus_get_default());
+}
+
+object_initialize(&s->gpt, sizeof(s->gpt), TYPE_IMX_GPT);
+qdev_set_parent_bus(DEVICE(&s->gpt), sysbus_get_default());
+
+for (i = 0; i < FSL_IMX31_NUM_EPITS; i++) {
+object_initialize(&s->epit[i], sizeof(s->epit[i]), TYPE_IMX_EPIT);
+qdev_set_parent_bus(DEVICE(&s->epit[i]), sysbus_get_default());
+}
+}
+
+static void fsl_imx31_realize(DeviceState *dev, Error **errp)
+{
+FslIMX31State *s = FSL_IMX31(dev);
+uint16_t i;
+Error *err = NULL;
+
+object_property_set_bool(OBJECT(&s->cpu), true, "realized", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+object_property_set_bool(OBJECT(&s->avic), true, "realized", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->avic), 0, FSL_IMX31_AVIC_ADDR);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->avic), 0,
+   qdev_get_gpio_in(DEVICE(&s->cpu), ARM_CPU_IRQ));
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->avic), 1,
+   qdev_get_gpio_in(DEVICE(&s->cpu), ARM_CPU_FIQ));
+
+object_property_set_bool(OBJECT(&s->ccm), true, "realized", &err);
+if (err) {
+error_propag

Re: [Qemu-devel] [PATCH for-2.4] tcg/i386: ignore high bits for user mode 32-bit qemu_ld/st

2015-07-16 Thread Richard Henderson 

On 07/15/2015 02:55 PM, Aurelien Jarno wrote:

Fix that by either using the ADDR32 prefix (in case GUEST_BASE == 0 or
a segment register is in use), or by doing an explicit zero-extension.
The zero-extension can be done in place as we know the registers holds
a 32-bit value.


I'd prefer not to do that, even if we can show that it's true.  I have an 
alternative that I'll post shortly.



r~

[Qemu-devel] [PATCH v13 07/19] i.MX: Fix Coding style for CCM emulator

2015-07-16 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* Improve logs

Changes since v9:
* Change patch title.

Changes since v10:
* no change.

Changes since v11: 
* no change.

Changes since v12:  
* no change.

 hw/misc/imx_ccm.c | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/hw/misc/imx_ccm.c b/hw/misc/imx_ccm.c
index 2e9bd9c..2e19dbb 100644
--- a/hw/misc/imx_ccm.c
+++ b/hw/misc/imx_ccm.c
@@ -16,11 +16,10 @@
 #define CKIH_FREQ 2600 /* 26MHz crystal input */
 #define CKIL_FREQ32768 /* nominal 32khz clock */
 
-
 //#define DEBUG_CCM 1
 #ifdef DEBUG_CCM
 #define DPRINTF(fmt, args...) \
-do { printf("imx_ccm: " fmt , ##args); } while (0)
+do { printf("%s: " fmt , TYPE_IMX_CCM, ##args); } while (0)
 #else
 #define DPRINTF(fmt, args...) do {} while (0)
 #endif
@@ -28,7 +27,7 @@ do { printf("imx_ccm: " fmt , ##args); } while (0)
 static int imx_ccm_post_load(void *opaque, int version_id);
 
 static const VMStateDescription vmstate_imx_ccm = {
-.name = "imx-ccm",
+.name = TYPE_IMX_CCM,
 .version_id = 1,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
@@ -110,7 +109,7 @@ static void update_clocks(IMXCCMState *s)
 s->hsp_clk_freq = s->mcu_clk_freq / (1 + EXTRACT(s->pdr0, HSP));
 s->ipg_clk_freq = s->hsp_clk_freq / (1 + EXTRACT(s->pdr0, IPG));
 
-DPRINTF("Clocks: mcu %uMHz, HSP %uMHz, IPG %uHz\n",
+DPRINTF("%s: mcu %uMHz, HSP %uMHz, IPG %uHz\n", __func__,
 s->mcu_clk_freq / 100,
 s->hsp_clk_freq / 100,
 s->ipg_clk_freq);
@@ -136,7 +135,7 @@ static uint64_t imx_ccm_read(void *opaque, hwaddr offset,
 {
 IMXCCMState *s = (IMXCCMState *)opaque;
 
-DPRINTF("read(offset=%x)", offset >> 2);
+DPRINTF("%s(offset=%x)", __func__, offset >> 2);
 switch (offset >> 2) {
 case 0: /* CCMR */
 DPRINTF(" ccmr = 0x%x\n", s->ccmr);
@@ -177,7 +176,7 @@ static void imx_ccm_write(void *opaque, hwaddr offset,
 {
 IMXCCMState *s = (IMXCCMState *)opaque;
 
-DPRINTF("write(offset=%x, value = %x)\n",
+DPRINTF("%s(offset=%x, value = %x)\n", __func__,
 offset >> 2, (unsigned int)value);
 switch (offset >> 2) {
 case 0:
-- 
2.1.4

[Qemu-devel] [PATCH 2/2] tcg/i386: Reserve register for guest_base if a segment isn't available

2015-07-16 Thread Richard Henderson 
This saves 2 insns and 10 bytes from the implementation of
each memory operation.

Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.c | 120 +++---
 1 file changed, 56 insertions(+), 64 deletions(-)

diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c
index bbe2963..beffbbe 100644
--- a/tcg/i386/tcg-target.c
+++ b/tcg/i386/tcg-target.c
@@ -1421,16 +1421,25 @@ static void tcg_out_qemu_st_slow_path(TCGContext *s, 
TCGLabelQemuLdst *l)
 
 int arch_prctl(int code, unsigned long addr);
 
+static int32_t guest_base_ofs;
 static int guest_base_flags;
-static inline void setup_guest_base_seg(void)
+static int guest_base_reg = -1;
+static inline void setup_guest_base(TCGContext *s)
 {
 if (arch_prctl(ARCH_SET_GS, GUEST_BASE) == 0) {
 guest_base_flags = P_GS;
+} else if (GUEST_BASE == (int32_t)GUEST_BASE) {
+guest_base_ofs = GUEST_BASE;
+} else {
+guest_base_reg = TCG_REG_EBP;
+tcg_regset_set_reg(s->reserved_regs, guest_base_reg);
+tcg_out_movi(s, TCG_TYPE_PTR, guest_base_reg, GUEST_BASE);
 }
 }
 #else
-# define guest_base_flags 0
-static inline void setup_guest_base_seg(void) { }
+# define guest_base_flags  0
+# define guest_base_reg-1
+# define guest_base_ofsGUEST_BASE
 #endif /* SOFTMMU */
 
 static void tcg_out_qemu_ld_direct(TCGContext *s, TCGReg datalo, TCGReg datahi,
@@ -1571,38 +1580,28 @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg 
*args, bool is64)
 s->code_ptr, label_ptr);
 #else
 {
-int32_t offset = GUEST_BASE;
 TCGReg base = addrlo;
-int index = -1;
-int seg = 0;
+int flags = 0;
 
-if (GUEST_BASE && guest_base_flags) {
-seg = guest_base_flags;
-offset = 0;
+if (GUEST_BASE == 0 || guest_base_flags) {
+flags = guest_base_flags;
 if (TCG_TARGET_REG_BITS == 64 && TARGET_LONG_BITS == 32) {
-seg |= P_ADDR32;
-}
-} else if (TCG_TARGET_REG_BITS == 64) {
-if (TARGET_LONG_BITS == 32) {
-tcg_out_ext32u(s, TCG_REG_L0, base);
-base = TCG_REG_L0;
-}
-if (offset != GUEST_BASE) {
-tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_L1, GUEST_BASE);
-index = TCG_REG_L1;
-offset = 0;
+flags |= P_ADDR32;
 }
+} else if (TCG_TARGET_REG_BITS == 64 && TARGET_LONG_BITS == 32) {
+tcg_out_ext32u(s, TCG_REG_L1, base);
+base = TCG_REG_L1;
 }
 
-tcg_out_qemu_ld_direct(s, datalo, datahi,
-   base, index, offset, seg, opc);
+tcg_out_qemu_ld_direct(s, datalo, datahi, base, guest_base_reg,
+   guest_base_ofs, flags, opc);
 }
 #endif
 }
 
 static void tcg_out_qemu_st_direct(TCGContext *s, TCGReg datalo, TCGReg datahi,
-   TCGReg base, intptr_t ofs, int seg,
-   TCGMemOp memop)
+   TCGReg base, int index, intptr_t ofs,
+   int seg, TCGMemOp memop)
 {
 /* ??? Ideally we wouldn't need a scratch register.  For user-only,
we could perform the bswap twice to restore the original value
@@ -1626,8 +1625,8 @@ static void tcg_out_qemu_st_direct(TCGContext *s, TCGReg 
datalo, TCGReg datahi,
 tcg_out_mov(s, TCG_TYPE_I32, scratch, datalo);
 datalo = scratch;
 }
-tcg_out_modrm_offset(s, OPC_MOVB_EvGv + P_REXB_R + seg,
- datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, OPC_MOVB_EvGv + P_REXB_R + seg, datalo,
+ base, index, 0, ofs);
 break;
 case MO_16:
 if (bswap) {
@@ -1635,7 +1634,8 @@ static void tcg_out_qemu_st_direct(TCGContext *s, TCGReg 
datalo, TCGReg datahi,
 tcg_out_rolw_8(s, scratch);
 datalo = scratch;
 }
-tcg_out_modrm_offset(s, movop + P_DATA16 + seg, datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, movop + P_DATA16 + seg, datalo,
+ base, index, 0, ofs);
 break;
 case MO_32:
 if (bswap) {
@@ -1643,7 +1643,7 @@ static void tcg_out_qemu_st_direct(TCGContext *s, TCGReg 
datalo, TCGReg datahi,
 tcg_out_bswap32(s, scratch);
 datalo = scratch;
 }
-tcg_out_modrm_offset(s, movop + seg, datalo, base, ofs);
+tcg_out_modrm_sib_offset(s, movop + seg, datalo, base, index, 0, ofs);
 break;
 case MO_64:
 if (TCG_TARGET_REG_BITS == 64) {
@@ -1652,22 +1652,27 @@ static void tcg_out_qemu_st_direct(TCGContext *s, 
TCGReg datalo, TCGReg datahi,
 tcg_out_bswap64(s, scratch);
 datalo = scratch;
 }
-tcg_out_modrm_offset(s, movop + P_REXW

[Qemu-devel] [PATCH v13 16/19] i.MX: Add SOC support for i.MX25

2015-07-16 Thread Jean-Christophe Dubois 
For now we support the following devices:
  * CPU: ARM926
  * Interrupt Controller: AVIC
  * CCM
  * UART x 5
  * EPIT x 2
  * GPT x 4
  * FEC
  * I2C x 3

Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1: 
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* Added a SOC specific file for i.MX25

Changes since v8:
* use defines instead of hardcoded values for IRQ and ADDR
* reworked the memory allocation for SOC memory

Changes since v9:
* no change

Changes since v10:
* added deescription of supported devices
* rework of UART init to use chardev property
* use memory_region_allocate_system_memory()
* Fix coding style.

Changes since v11:
* no change

Changes since v12:
* no change

 default-configs/arm-softmmu.mak |   1 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/fsl-imx25.c  | 260 
 include/hw/arm/fsl-imx25.h  | 234 
 4 files changed, 496 insertions(+)
 create mode 100644 hw/arm/fsl-imx25.c
 create mode 100644 include/hw/arm/fsl-imx25.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 5fa84c6..bf7572b 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -100,6 +100,7 @@ CONFIG_ALLWINNER_A10_PIC=y
 CONFIG_ALLWINNER_A10=y
 
 CONFIG_FSL_IMX31=y
+CONFIG_FSL_IMX25=y
 
 CONFIG_IMX_I2C=y
 
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 2fbe344..b83aaca 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -13,4 +13,5 @@ obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
+obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
new file mode 100644
index 000..df440e9
--- /dev/null
+++ b/hw/arm/fsl-imx25.c
@@ -0,0 +1,260 @@
+/*
+ * Copyright (c) 2013 Jean-Christophe Dubois 
+ *
+ * i.MX25 SOC emulation.
+ *
+ * Based on hw/arm/xlnx-zynqmp.c
+ *
+ * Copyright (C) 2015 Xilinx Inc
+ * Written by Peter Crosthwaite 
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "hw/arm/fsl-imx25.h"
+#include "sysemu/sysemu.h"
+#include "exec/address-spaces.h"
+#include "hw/boards.h"
+#include "sysemu/char.h"
+
+static void fsl_imx25_init(Object *obj)
+{
+FslIMX25State *s = FSL_IMX25(obj);
+int i;
+
+object_initialize(&s->cpu, sizeof(s->cpu), "arm926-" TYPE_ARM_CPU);
+
+object_initialize(&s->avic, sizeof(s->avic), TYPE_IMX_AVIC);
+qdev_set_parent_bus(DEVICE(&s->avic), sysbus_get_default());
+
+object_initialize(&s->ccm, sizeof(s->ccm), TYPE_IMX_CCM);
+qdev_set_parent_bus(DEVICE(&s->ccm), sysbus_get_default());
+
+for (i = 0; i < FSL_IMX25_NUM_UARTS; i++) {
+object_initialize(&s->uart[i], sizeof(s->uart[i]), TYPE_IMX_SERIAL);
+qdev_set_parent_bus(DEVICE(&s->uart[i]), sysbus_get_default());
+}
+
+for (i = 0; i < FSL_IMX25_NUM_GPTS; i++) {
+object_initialize(&s->gpt[i], sizeof(s->gpt[i]), TYPE_IMX_GPT);
+qdev_set_parent_bus(DEVICE(&s->gpt[i]), sysbus_get_default());
+}
+
+for (i = 0; i < FSL_IMX25_NUM_EPITS; i++) {
+object_initialize(&s->epit[i], sizeof(s->epit[i]), TYPE_IMX_EPIT);
+qdev_set_parent_bus(DEVICE(&s->epit[i]), sysbus_get_default());
+}
+
+object_initialize(&s->fec, sizeof(s->fec), TYPE_IMX_FEC);
+qdev_set_parent_bus(DEVICE(&s->fec), sysbus_get_default());
+
+for (i = 0; i < FSL_IMX25_NUM_I2CS; i++) {
+object_initialize(&s->i2c[i], sizeof(s->i2c[i]), TYPE_IMX_I2C);
+qdev_set_parent_bus(DEVICE(&s->i2c[i]), sysbus_get_default());
+}
+}
+
+static void fsl_imx25_realize(DeviceState *dev, Error **errp)
+{
+FslIMX25State *s = FSL_IMX25(dev);
+uint8_t i;
+Error *err = NULL;
+
+object_property_set_bool(OBJECT(&s->cpu), true, "realized", &err);
+if (err) {
+error_propagate((errp), (err));
+return;
+}
+
+object_property_se

[Qemu-devel] [PATCH v13 11/19] i.MX: Fix Coding style for GPT emulator

2015-07-16 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1: 
* not present on v1

Changes since v2: 
* not present on v2

Changes since v3: 
* not present on v3

Changes since v4: 
* not present on v4

Changes since v5: 
* not present on v5

Changes since v6: 
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* Fix coding style

Changes since v9:
* no change

Changes since v10:
* no change.

Changes since v11:
* no change.

Changes since v12:
* no change.

 hw/timer/imx_gpt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/timer/imx_gpt.c b/hw/timer/imx_gpt.c
index f61d4e5..01f802e 100644
--- a/hw/timer/imx_gpt.c
+++ b/hw/timer/imx_gpt.c
@@ -70,7 +70,7 @@ static char const *imx_gpt_reg_name(uint32_t reg)
 #endif
 
 static const VMStateDescription vmstate_imx_timer_gpt = {
-.name = "imx.gpt",
+.name = TYPE_IMX_GPT,
 .version_id = 3,
 .minimum_version_id = 3,
 .fields = (VMStateField[]) {
@@ -107,7 +107,7 @@ static void imx_gpt_set_freq(IMXGPTState *s)
 {
 uint32_t clksrc = extract32(s->cr, GPT_CR_CLKSRC_SHIFT, 3);
 uint32_t freq = imx_clock_frequency(s->ccm, imx_gpt_clocks[clksrc])
-/ (1 + s->pr);
+/ (1 + s->pr);
 s->freq = freq;
 
 DPRINTF("Setting clksrc %d to frequency %d\n", clksrc, freq);
@@ -134,7 +134,7 @@ static uint32_t imx_gpt_update_count(IMXGPTState *s)
 }
 
 static inline uint32_t imx_gpt_find_limit(uint32_t count, uint32_t reg,
- uint32_t timeout)
+  uint32_t timeout)
 {
 if ((count < reg) && (timeout > reg)) {
 timeout = reg;
-- 
2.1.4

[Qemu-devel] [PATCH v13 09/19] i.MX: Fix Coding style for EPIT emulator

2015-07-16 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1: 
* not present on v1

Changes since v2: 
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6: 
* not present on v6

Changes since v7:
* not present on v7

Changes since v8: 
* Fix coding style

Changes since v9:
* no change

Changes since v10:
* no change.

Changes since v11:
* no change.

Changes since v12: 
* no change.

 hw/timer/imx_epit.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
index f1f82e9..10c5d2b 100644
--- a/hw/timer/imx_epit.c
+++ b/hw/timer/imx_epit.c
@@ -128,9 +128,9 @@ static void imx_epit_reset(DeviceState *dev)
 
 static uint32_t imx_epit_update_count(IMXEPITState *s)
 {
- s->cnt = ptimer_get_count(s->timer_reload);
+s->cnt = ptimer_get_count(s->timer_reload);
 
- return s->cnt;
+return s->cnt;
 }
 
 static uint64_t imx_epit_read(void *opaque, hwaddr offset, unsigned size)
@@ -298,13 +298,13 @@ void imx_timerp_create(const hwaddr addr, qemu_irq irq, 
DeviceState *ccm)
 }
 
 static const MemoryRegionOps imx_epit_ops = {
-  .read = imx_epit_read,
-  .write = imx_epit_write,
-  .endianness = DEVICE_NATIVE_ENDIAN,
+.read = imx_epit_read,
+.write = imx_epit_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static const VMStateDescription vmstate_imx_timer_epit = {
-.name = "imx.epit",
+.name = TYPE_IMX_EPIT,
 .version_id = 2,
 .minimum_version_id = 2,
 .fields = (VMStateField[]) {
-- 
2.1.4

[Qemu-devel] [PATCH v13 19/19] i.MX: Adding i2C devices to i.MX31 SOC

2015-07-16 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5 

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* not present on v8

Changes since v9:
* Added 3 I2C devices to i.MX31 SOC

Changes since v10:
* no change.

Changes since v11:  
* no change.

Changes since v12:  
* no change.

 hw/arm/fsl-imx31.c | 30 ++
 include/hw/arm/fsl-imx31.h | 12 
 2 files changed, 42 insertions(+)

diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
index 8d349c9..fb46577 100644
--- a/hw/arm/fsl-imx31.c
+++ b/hw/arm/fsl-imx31.c
@@ -50,6 +50,11 @@ static void fsl_imx31_init(Object *obj)
 object_initialize(&s->epit[i], sizeof(s->epit[i]), TYPE_IMX_EPIT);
 qdev_set_parent_bus(DEVICE(&s->epit[i]), sysbus_get_default());
 }
+
+for (i = 0; i < FSL_IMX31_NUM_I2CS; i++) {
+object_initialize(&s->i2c[i], sizeof(s->i2c[i]), TYPE_IMX_I2C);
+qdev_set_parent_bus(DEVICE(&s->i2c[i]), sysbus_get_default());
+}
 }
 
 static void fsl_imx31_realize(DeviceState *dev, Error **errp)
@@ -154,6 +159,31 @@ static void fsl_imx31_realize(DeviceState *dev, Error 
**errp)
 epit_table[i].irq));
 }
 
+/* Initialize all I2C */
+for (i = 0; i < FSL_IMX31_NUM_I2CS; i++) {
+static const struct {
+hwaddr addr;
+unsigned int irq;
+} i2c_table[FSL_IMX31_NUM_I2CS] = {
+{ FSL_IMX31_I2C1_ADDR, FSL_IMX31_I2C1_IRQ  },
+{ FSL_IMX31_I2C2_ADDR, FSL_IMX31_I2C2_IRQ  },
+{ FSL_IMX31_I2C3_ADDR, FSL_IMX31_I2C3_IRQ }
+};
+
+/* Initialize the I2C */
+object_property_set_bool(OBJECT(&s->i2c[i]), true, "realized", &err);
+if (err) {
+error_propagate((errp), (err));
+return;
+}
+/* Map I2C memory */
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->i2c[i]), 0, i2c_table[i].addr);
+/* Connet I2C IRQ to PIC */
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->i2c[i]), 0,
+   qdev_get_gpio_in(DEVICE(&s->avic),
+i2c_table[i].irq));
+}
+
 /* On a real system, the first 16k is a `secure boot rom' */
 memory_region_init_rom_device(&s->secure_rom, NULL, NULL, NULL,
   "imx31.secure_rom",
diff --git a/include/hw/arm/fsl-imx31.h b/include/hw/arm/fsl-imx31.h
index d8a7e86..32744a1 100644
--- a/include/hw/arm/fsl-imx31.h
+++ b/include/hw/arm/fsl-imx31.h
@@ -23,6 +23,7 @@
 #include "hw/char/imx_serial.h"
 #include "hw/timer/imx_gpt.h"
 #include "hw/timer/imx_epit.h"
+#include "hw/i2c/imx_i2c.h"
 #include "exec/memory.h"
 
 #define TYPE_FSL_IMX31 "fsl,imx31"
@@ -30,6 +31,7 @@
 
 #define FSL_IMX31_NUM_UARTS 2
 #define FSL_IMX31_NUM_EPITS 2
+#define FSL_IMX31_NUM_I2CS 3
 
 typedef struct FslIMX31State{
 /*< private >*/
@@ -42,6 +44,7 @@ typedef struct FslIMX31State{
 IMXSerialState uart[FSL_IMX31_NUM_UARTS];
 IMXGPTStategpt;
 IMXEPITState   epit[FSL_IMX31_NUM_EPITS];
+IMXI2CStatei2c[FSL_IMX31_NUM_I2CS];
 MemoryRegion   secure_rom;
 MemoryRegion   rom;
 MemoryRegion   iram;
@@ -56,10 +59,16 @@ typedef struct FslIMX31State{
 #define FSL_IMX31_IRAM_ALIAS_SIZE  0xFFC
 #define FSL_IMX31_IRAM_ADDR0x1FFFC000
 #define FSL_IMX31_IRAM_SIZE0x4000
+#define FSL_IMX31_I2C1_ADDR0x43F8
+#define FSL_IMX31_I2C1_SIZE0x4000
+#define FSL_IMX31_I2C3_ADDR0x43F84000
+#define FSL_IMX31_I2C3_SIZE0x4000
 #define FSL_IMX31_UART1_ADDR   0x43F9
 #define FSL_IMX31_UART1_SIZE   0x4000
 #define FSL_IMX31_UART2_ADDR   0x43F94000
 #define FSL_IMX31_UART2_SIZE   0x4000
+#define FSL_IMX31_I2C2_ADDR0x43F98000
+#define FSL_IMX31_I2C2_SIZE0x4000
 #define FSL_IMX31_CCM_ADDR 0x53F8
 #define FSL_IMX31_CCM_SIZE 0x4000
 #define FSL_IMX31_GPT_ADDR 0x53F9
@@ -94,5 +103,8 @@ typedef struct FslIMX31State{
 #define FSL_IMX31_GPT_IRQ  29
 #define FSL_IMX31_UART2_IRQ32
 #define FSL_IMX31_UART1_IRQ45
+#define FSL_IMX31_I2C1_IRQ 10
+#define FSL_IMX31_I2C2_IRQ 4
+#define FSL_IMX31_I2C3_IRQ 3
 
 #endif /* FSL_IMX31_H */
-- 
2.1.4

[Qemu-devel] [PATCH v13 05/19] i.MX: Fix Coding style for AVIC emulator.

2015-07-16 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8: 
* improve log
* Do style cleaning

Changes since v9:
* Change patch title.

Changes since v10:
* no change.

Changes since v11:
* no change.

Changes since v12:
* no change.

 hw/intc/imx_avic.c | 16 +++-
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/hw/intc/imx_avic.c b/hw/intc/imx_avic.c
index c5eecb5..96c376b 100644
--- a/hw/intc/imx_avic.c
+++ b/hw/intc/imx_avic.c
@@ -22,7 +22,7 @@
 
 #ifdef DEBUG_INT
 #define DPRINTF(fmt, args...) \
-do { printf("imx_avic: " fmt , ##args); } while (0)
+do { printf("%s: " fmt , TYPE_IMX_AVIC, ##args); } while (0)
 #else
 #define DPRINTF(fmt, args...) do {} while (0)
 #endif
@@ -34,13 +34,13 @@ do { printf("imx_avic: " fmt , ##args); } while (0)
 #define DEBUG_IMPLEMENTATION 1
 #if DEBUG_IMPLEMENTATION
 #  define IPRINTF(fmt, args...) \
-do  { fprintf(stderr, "imx_avic: " fmt, ##args); } while (0)
+do  { fprintf(stderr, "%s: " fmt, TYPE_IMX_AVIC, ##args); } while (0)
 #else
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
 static const VMStateDescription vmstate_imx_avic = {
-.name = "imx-avic",
+.name = TYPE_IMX_AVIC,
 .version_id = 1,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
@@ -54,8 +54,6 @@ static const VMStateDescription vmstate_imx_avic = {
 },
 };
 
-
-
 static inline int imx_avic_prio(IMXAVICState *s, int irq)
 {
 uint32_t word = irq / PRIO_PER_WORD;
@@ -215,7 +213,7 @@ static uint64_t imx_avic_read(void *opaque,
 return 0x4;
 
 default:
-IPRINTF("imx_avic_read: Bad offset 0x%x\n", (int)offset);
+IPRINTF("%s: Bad offset 0x%x\n", __func__, (int)offset);
 return 0;
 }
 }
@@ -227,12 +225,12 @@ static void imx_avic_write(void *opaque, hwaddr offset,
 
 /* Vector Registers not yet supported */
 if (offset >= 0x100 && offset <= 0x2fc) {
-IPRINTF("imx_avic_write to vector register %d ignored\n",
+IPRINTF("%s to vector register %d ignored\n", __func__,
 (unsigned int)((offset - 0x100) >> 2));
 return;
 }
 
-DPRINTF("imx_avic_write(0x%x) = %x\n",
+DPRINTF("%s(0x%x) = %x\n", __func__,
 (unsigned int)offset>>2, (unsigned int)val);
 switch (offset >> 2) {
 case 0: /* Interrupt Control Register, INTCNTL */
@@ -307,7 +305,7 @@ static void imx_avic_write(void *opaque, hwaddr offset,
 return;
 
 default:
-IPRINTF("imx_avic_write: Bad offset %x\n", (int)offset);
+IPRINTF("%s: Bad offset %x\n", __func__, (int)offset);
 }
 imx_avic_update(s);
 }
-- 
2.1.4

[Qemu-devel] [PATCH v13 17/19] i.MX: Add the i.MX25 PDK plateform

2015-07-16 Thread Jean-Christophe Dubois 
Tested by booting a minimal Linux system on the emulated platform
Tested by booting the Xvisor hyprvisor on the emulated platform

Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* Added a ds1338 I2C device for qtest purpose.

Changes since v2:
* none

Changes since v3:
* Rework GPL header
* use I2C constructor helper.

Changes since v4:
* use sysbus_create_simple() instead of I2C constructor helper

Changes since v5:
* Add ds1338 only for qtest mode.
* small comment fixes.

Changes since v6:
* Allow for more than 4 serial if suppoted by Qemu.

Changes since v7:
* Move the SOC part into its own file.

Changes since v8:
* rework SDRAM memory initialisation

Changes since v9: 
* no change

Changes since v10:
* rename board from 3DS to PDK
* use memory_region_allocate_system_memory()
* rework of memory initialization loop.

Changes since v11:
* no change

Changes since v12:
* no change

 hw/arm/Makefile.objs |   2 +-
 hw/arm/imx25_pdk.c   | 162 +++
 2 files changed, 163 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/imx25_pdk.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index b83aaca..2195b60 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -13,5 +13,5 @@ obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
-obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o
+obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
diff --git a/hw/arm/imx25_pdk.c b/hw/arm/imx25_pdk.c
new file mode 100644
index 000..c07349f
--- /dev/null
+++ b/hw/arm/imx25_pdk.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 2013 Jean-Christophe Dubois 
+ *
+ * PDK Board System emulation.
+ *
+ * Based on hw/arm/kzm.c
+ *
+ * Copyright (c) 2008 OKL and 2011 NICTA
+ * Written by Hans at OK-Labs
+ * Updated by Peter Chubb.
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "hw/arm/fsl-imx25.h"
+#include "hw/boards.h"
+#include "qemu/error-report.h"
+#include "exec/address-spaces.h"
+#include "sysemu/qtest.h"
+#include "hw/i2c/i2c.h"
+
+/* Memory map for PDK Emulation Baseboard:
+ * 0x-0x7fff See i.MX25 SOC fr support
+ * 0x8000-0x87ff RAM + Alias  EMULATED
+ * 0x9000-0x9fff RAM + Alias  EMULATED
+ * 0xa000-0xa7ff FlashIGNORED
+ * 0xa800-0xafff FlashIGNORED
+ * 0xb000-0xb1ff SRAM IGNORED
+ * 0xb200-0xb3ff SRAM IGNORED
+ * 0xb400-0xb5ff CS4  IGNORED
+ * 0xb600-0xb8000fff Reserved IGNORED
+ * 0xb8001000-0xb8001fff SDRAM CTRL reg   IGNORED
+ * 0xb8002000-0xb8002fff WEIM CTRL regIGNORED
+ * 0xb8003000-0xb8003fff M3IF CTRL regIGNORED
+ * 0xb8004000-0xb8004fff EMI CTRL reg IGNORED
+ * 0xb8005000-0xbaff Reserved IGNORED
+ * 0xbb00-0xbb000fff NAND flash area buf  IGNORED
+ * 0xbb001000-0xbb0011ff NAND flash reserved  IGNORED
+ * 0xbb001200-0xbb001dff Reserved IGNORED
+ * 0xbb001e00-0xbb001fff NAN flash CTRL reg   IGNORED
+ * 0xbb012000-0xbfff Reserved IGNORED
+ * 0xc000-0x Reserved IGNORED
+ */
+
+typedef struct IMX25Pdk {
+FslIMX25State soc;
+MemoryRegion ram[2];
+MemoryRegion ram_alias;
+} IMX25Pdk;
+
+#define IMX25_PDK_ADDRESS   (FSL_IMX25_SDRAM0_ADDR)
+
+static struct arm_boot_info imx25_pdk_binfo;
+
+static void imx25_pdk_init(MachineState *machine)
+{
+IMX25Pdk *s = g_new0(IMX25Pdk, 1);
+Error *err = NULL;
+unsigned int ram_size;
+int i;
+
+object_initialize(&s->soc, sizeof(s->soc), TYPE_FSL_IMX25);
+object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc),
+  &error_abort);
+
+object_property_set_bool(OBJECT(&s->soc), true, "realized", &err);
+if (err != NULL) {
+error_report("%s", error_get_pretty(err));
+exit(1);
+}
+
+/* We need to initialize our memory */
+if (machine->ram_size > (FSL_IMX25_SDRAM0_SIZE + FSL_IMX25_SDRAM1_SIZE)) {
+   error_report("WARNING: RAM size " RAM_ADDR_FMT " above max s

[Qemu-devel] [PATCH v13 04/19] i.MX: Split AVIC emulator in a header file and a source file

2015-07-16 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* Splited the i.MX AVIC emulator into a header file and a source file

Changes since v8:
* no changes

Changes since v9:
* Small style rework.

Changes since v10:
* no change

Changes since v11:
* no change

Changes since v12:
* no change

 hw/arm/kzm.c   |  3 ++-
 hw/intc/imx_avic.c | 40 +++--
 include/hw/intc/imx_avic.h | 55 ++
 3 files changed, 60 insertions(+), 38 deletions(-)
 create mode 100644 include/hw/intc/imx_avic.h

diff --git a/hw/arm/kzm.c b/hw/arm/kzm.c
index 5be0369..c906da7 100644
--- a/hw/arm/kzm.c
+++ b/hw/arm/kzm.c
@@ -22,6 +22,7 @@
 #include "sysemu/sysemu.h"
 #include "hw/boards.h"
 #include "hw/char/serial.h"
+#include "hw/intc/imx_avic.h"
 #include "hw/arm/imx.h"
 
 /* Memory map for Kzm Emulation Baseboard:
@@ -106,7 +107,7 @@ static void kzm_init(MachineState *machine)
 memory_region_init_ram(sram, NULL, "kzm.sram", 0x4000, &error_abort);
 memory_region_add_subregion(address_space_mem, 0x1FFFC000, sram);
 
-dev = sysbus_create_varargs("imx_avic", 0x6800,
+dev = sysbus_create_varargs(TYPE_IMX_AVIC, 0x6800,
 qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ),
 qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_FIQ),
 NULL);
diff --git a/hw/intc/imx_avic.c b/hw/intc/imx_avic.c
index e48f66c..c5eecb5 100644
--- a/hw/intc/imx_avic.c
+++ b/hw/intc/imx_avic.c
@@ -7,6 +7,7 @@
  * Copyright (c) 2008 OKL
  * Copyright (c) 2011 NICTA Pty Ltd
  * Originally written by Hans Jiang
+ * Updated by Jean-Christophe Dubois 
  *
  * This code is licensed under the GPL version 2 or later.  See
  * the COPYING file in the top-level directory.
@@ -14,9 +15,7 @@
  * TODO: implement vectors.
  */
 
-#include "hw/hw.h"
-#include "hw/sysbus.h"
-#include "qemu/host-utils.h"
+#include "hw/intc/imx_avic.h"
 
 #define DEBUG_INT 1
 #undef DEBUG_INT /* comment out for debugging */
@@ -40,39 +39,6 @@ do { printf("imx_avic: " fmt , ##args); } while (0)
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
-#define IMX_AVIC_NUM_IRQS 64
-
-/* Interrupt Control Bits */
-#define ABFLAG (1<<25)
-#define ABFEN (1<<24)
-#define NIDIS (1<<22) /* Normal Interrupt disable */
-#define FIDIS (1<<21) /* Fast interrupt disable */
-#define NIAD  (1<<20) /* Normal Interrupt Arbiter Rise ARM level */
-#define FIAD  (1<<19) /* Fast Interrupt Arbiter Rise ARM level */
-#define NM(1<<18) /* Normal interrupt mode */
-
-
-#define PRIO_PER_WORD (sizeof(uint32_t) * 8 / 4)
-#define PRIO_WORDS (IMX_AVIC_NUM_IRQS/PRIO_PER_WORD)
-
-#define TYPE_IMX_AVIC "imx_avic"
-#define IMX_AVIC(obj) \
-OBJECT_CHECK(IMXAVICState, (obj), TYPE_IMX_AVIC)
-
-typedef struct IMXAVICState {
-SysBusDevice parent_obj;
-
-MemoryRegion iomem;
-uint64_t pending;
-uint64_t enabled;
-uint64_t is_fiq;
-uint32_t intcntl;
-uint32_t intmask;
-qemu_irq irq;
-qemu_irq fiq;
-uint32_t prio[PRIO_WORDS]; /* Priorities are 4-bits each */
-} IMXAVICState;
-
 static const VMStateDescription vmstate_imx_avic = {
 .name = "imx-avic",
 .version_id = 1,
@@ -370,7 +336,7 @@ static int imx_avic_init(SysBusDevice *sbd)
 IMXAVICState *s = IMX_AVIC(dev);
 
 memory_region_init_io(&s->iomem, OBJECT(s), &imx_avic_ops, s,
-  "imx_avic", 0x1000);
+  TYPE_IMX_AVIC, 0x1000);
 sysbus_init_mmio(sbd, &s->iomem);
 
 qdev_init_gpio_in(dev, imx_avic_set_irq, IMX_AVIC_NUM_IRQS);
diff --git a/include/hw/intc/imx_avic.h b/include/hw/intc/imx_avic.h
new file mode 100644
index 000..1b80769
--- /dev/null
+++ b/include/hw/intc/imx_avic.h
@@ -0,0 +1,55 @@
+/*
+ * i.MX31 Vectored Interrupt Controller
+ *
+ * Note this is NOT the PL192 provided by ARM, but
+ * a custom implementation by Freescale.
+ *
+ * Copyright (c) 2008 OKL
+ * Copyright (c) 2011 NICTA Pty Ltd
+ * Originally written by Hans Jiang
+ * Updated by Jean-Christophe Dubois 
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ *
+ * TODO: implement vectors.
+ */
+#ifndef IMX_AVIC_H
+#define IMX_AVIC_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_IMX_AVIC "imx.avic"
+#define IMX_AVIC(obj) OBJECT_CHECK(IMXAVICState, (obj), TYPE_IMX_AVIC)
+
+#define IMX_AVIC_NUM_IRQS 64
+
+/* Interrupt Control Bits */
+#define ABFLAG (1<<25)
+#define ABFEN  (1<<24)
+#define NIDIS  (1<<22) /* Normal Interrupt disable */
+#define FIDIS  (1<<21) /* Fast interrupt disable */
+#define NIAD   (1<<20) /* Nor

[Qemu-devel] [PATCH v13 08/19] i.MX: Split EPIT emulator in a header file and a source file

2015-07-16 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1: 
* not present on v1

Changes since v2: 
* not present on v2

Changes since v3: 
* not present on v3

Changes since v4: 
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* Splited the i.MX EPIT emulator into a header file and a source file

Changes since: v8:
* no change

Changes since v9:
* no change

Changes since v10:
* Coding style changes.

Changes since v11:
* no change

Changes since v12:
* no change

 hw/timer/imx_epit.c | 52 ++---
 include/hw/timer/imx_epit.h | 79 +
 2 files changed, 82 insertions(+), 49 deletions(-)
 create mode 100644 include/hw/timer/imx_epit.h

diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
index ffefc22..f1f82e9 100644
--- a/hw/timer/imx_epit.c
+++ b/hw/timer/imx_epit.c
@@ -5,23 +5,18 @@
  * Copyright (c) 2011 NICTA Pty Ltd
  * Originally written by Hans Jiang
  * Updated by Peter Chubb
- * Updated by Jean-Christophe Dubois
+ * Updated by Jean-Christophe Dubois 
  *
  * This code is licensed under GPL version 2 or later.  See
  * the COPYING file in the top-level directory.
  *
  */
 
-#include "hw/hw.h"
-#include "qemu/bitops.h"
-#include "qemu/timer.h"
-#include "hw/ptimer.h"
-#include "hw/sysbus.h"
 #include "hw/arm/imx.h"
+#include "hw/timer/imx_epit.h"
+#include "hw/misc/imx_ccm.h"
 #include "qemu/main-loop.h"
 
-#define TYPE_IMX_EPIT "imx.epit"
-
 #define DEBUG_TIMER 0
 #if DEBUG_TIMER
 
@@ -61,30 +56,6 @@ static char const *imx_epit_reg_name(uint32_t reg)
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
-#define IMX_EPIT(obj) \
-OBJECT_CHECK(IMXEPITState, (obj), TYPE_IMX_EPIT)
-
-/*
- * EPIT: Enhanced periodic interrupt timer
- */
-
-#define CR_EN   (1 << 0)
-#define CR_ENMOD(1 << 1)
-#define CR_OCIEN(1 << 2)
-#define CR_RLD  (1 << 3)
-#define CR_PRESCALE_SHIFT (4)
-#define CR_PRESCALE_MASK  (0xfff)
-#define CR_SWR  (1 << 16)
-#define CR_IOVW (1 << 17)
-#define CR_DBGEN(1 << 18)
-#define CR_WAITEN   (1 << 19)
-#define CR_DOZEN(1 << 20)
-#define CR_STOPEN   (1 << 21)
-#define CR_CLKSRC_SHIFT (24)
-#define CR_CLKSRC_MASK  (0x3 << CR_CLKSRC_SHIFT)
-
-#define EPIT_TIMER_MAX  0XUL
-
 /*
  * Exact clock frequencies vary from board to board.
  * These are typical.
@@ -96,23 +67,6 @@ static const IMXClk imx_epit_clocks[] =  {
 CLK_32k,  /* 11 ipg_clk_32k -- ~32kHz */
 };
 
-typedef struct {
-SysBusDevice busdev;
-ptimer_state *timer_reload;
-ptimer_state *timer_cmp;
-MemoryRegion iomem;
-DeviceState *ccm;
-
-uint32_t cr;
-uint32_t sr;
-uint32_t lr;
-uint32_t cmp;
-uint32_t cnt;
-
-uint32_t freq;
-qemu_irq irq;
-} IMXEPITState;
-
 /*
  * Update interrupt status
  */
diff --git a/include/hw/timer/imx_epit.h b/include/hw/timer/imx_epit.h
new file mode 100644
index 000..c5328ae
--- /dev/null
+++ b/include/hw/timer/imx_epit.h
@@ -0,0 +1,79 @@
+/*
+ * i.MX EPIT Timer
+ *
+ * Copyright (c) 2008 OK Labs
+ * Copyright (c) 2011 NICTA Pty Ltd
+ * Originally written by Hans Jiang
+ * Updated by Peter Chubb
+ * Updated by Jean-Christophe Dubois 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef IMX_EPIT_H
+#define IMX_EPIT_H
+
+#include "hw/sysbus.h"
+#include "hw/ptimer.h"
+
+/*
+ * EPIT: Enhanced periodic interrupt timer
+ */
+
+#define CR_EN   (1 << 0)
+#define CR_ENMOD(1 << 1)
+#define CR_OCIEN(1 << 2)
+#define CR_RLD  (1 << 3)
+#define CR_PRESCALE_SHIFT (4)
+#define CR_PRESCALE_MASK  (0xfff)
+#define CR_SWR  (1 << 16)
+#define CR_IOVW (1 << 17)
+#define CR_DBGEN(1 << 18)
+#define CR_WAITEN   (1 << 19)
+#define CR_DOZEN(1 << 20)
+#define CR_STOPEN   (1 << 21)
+#define CR_CLKSRC_SHIFT (24)
+#def

[Qemu-devel] [PATCH v13 06/19] i.MX: Split CCM emulator in a header file and a source file

2015-07-16 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6: 
* not present on v6

Changes since v7:
* Splited the i.MX CCM emulator into a header file and a source file

Changes since v8:
* no change

Changes since v9:
* change kzm to avoid run time error on CCM creation.

Changes since v10:
* no change

Changes since v11:
* no change

Changes since v12:
* no change

 hw/arm/kzm.c  |  2 +-
 hw/misc/imx_ccm.c | 70 ++--
 include/hw/arm/imx.h  | 12 ++-
 include/hw/misc/imx_ccm.h | 91 +++
 4 files changed, 97 insertions(+), 78 deletions(-)
 create mode 100644 include/hw/misc/imx_ccm.h

diff --git a/hw/arm/kzm.c b/hw/arm/kzm.c
index c906da7..d7af230 100644
--- a/hw/arm/kzm.c
+++ b/hw/arm/kzm.c
@@ -115,7 +115,7 @@ static void kzm_init(MachineState *machine)
 imx_serial_create(0, 0x43f9, qdev_get_gpio_in(dev, 45));
 imx_serial_create(1, 0x43f94000, qdev_get_gpio_in(dev, 32));
 
-ccm = sysbus_create_simple("imx_ccm", 0x53f8, NULL);
+ccm = sysbus_create_simple(TYPE_IMX_CCM, 0x53f8, NULL);
 
 imx_timerp_create(0x53f94000, qdev_get_gpio_in(dev, 28), ccm);
 imx_timerp_create(0x53f98000, qdev_get_gpio_in(dev, 27), ccm);
diff --git a/hw/misc/imx_ccm.c b/hw/misc/imx_ccm.c
index 0920288..2e9bd9c 100644
--- a/hw/misc/imx_ccm.c
+++ b/hw/misc/imx_ccm.c
@@ -2,6 +2,7 @@
  * IMX31 Clock Control Module
  *
  * Copyright (C) 2012 NICTA
+ * Updated by Jean-Christophe Dubois 
  *
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
@@ -10,10 +11,7 @@
  * the CCM.
  */
 
-#include "hw/hw.h"
-#include "hw/sysbus.h"
-#include "sysemu/sysemu.h"
-#include "hw/arm/imx.h"
+#include "hw/misc/imx_ccm.h"
 
 #define CKIH_FREQ 2600 /* 26MHz crystal input */
 #define CKIL_FREQ32768 /* nominal 32khz clock */
@@ -29,30 +27,6 @@ do { printf("imx_ccm: " fmt , ##args); } while (0)
 
 static int imx_ccm_post_load(void *opaque, int version_id);
 
-#define TYPE_IMX_CCM "imx_ccm"
-#define IMX_CCM(obj) OBJECT_CHECK(IMXCCMState, (obj), TYPE_IMX_CCM)
-
-typedef struct IMXCCMState {
-SysBusDevice parent_obj;
-
-MemoryRegion iomem;
-
-uint32_t ccmr;
-uint32_t pdr0;
-uint32_t pdr1;
-uint32_t mpctl;
-uint32_t spctl;
-uint32_t cgr[3];
-uint32_t pmcr0;
-uint32_t pmcr1;
-
-/* Frequencies precalculated on register changes */
-uint32_t pll_refclk_freq;
-uint32_t mcu_clk_freq;
-uint32_t hsp_clk_freq;
-uint32_t ipg_clk_freq;
-} IMXCCMState;
-
 static const VMStateDescription vmstate_imx_ccm = {
 .name = "imx-ccm",
 .version_id = 1,
@@ -72,44 +46,6 @@ static const VMStateDescription vmstate_imx_ccm = {
 .post_load = imx_ccm_post_load,
 };
 
-/* CCMR */
-#define CCMR_FPME (1<<0)
-#define CCMR_MPE  (1<<3)
-#define CCMR_MDS  (1<<7)
-#define CCMR_FPMF (1<<26)
-#define CCMR_PRCS (3<<1)
-
-/* PDR0 */
-#define PDR0_MCU_PODF_SHIFT (0)
-#define PDR0_MCU_PODF_MASK (0x7)
-#define PDR0_MAX_PODF_SHIFT (3)
-#define PDR0_MAX_PODF_MASK (0x7)
-#define PDR0_IPG_PODF_SHIFT (6)
-#define PDR0_IPG_PODF_MASK (0x3)
-#define PDR0_NFC_PODF_SHIFT (8)
-#define PDR0_NFC_PODF_MASK (0x7)
-#define PDR0_HSP_PODF_SHIFT (11)
-#define PDR0_HSP_PODF_MASK (0x7)
-#define PDR0_PER_PODF_SHIFT (16)
-#define PDR0_PER_PODF_MASK (0x1f)
-#define PDR0_CSI_PODF_SHIFT (23)
-#define PDR0_CSI_PODF_MASK (0x1ff)
-
-#define EXTRACT(value, name) (((value) >> PDR0_##name##_PODF_SHIFT) \
-  & PDR0_##name##_PODF_MASK)
-#define INSERT(value, name) (((value) & PDR0_##name##_PODF_MASK) << \
- PDR0_##name##_PODF_SHIFT)
-/* PLL control registers */
-#define PD(v) (((v) >> 26) & 0xf)
-#define MFD(v) (((v) >> 16) & 0x3ff)
-#define MFI(v) (((v) >> 10) & 0xf);
-#define MFN(v) ((v) & 0x3ff)
-
-#define PLL_PD(x)   (((x) & 0xf) << 26)
-#define PLL_MFD(x)  (((x) & 0x3ff) << 16)
-#define PLL_MFI(x)  (((x) & 0xf) << 10)
-#define PLL_MFN(x)  (((x) & 0x3ff) << 0)
-
 uint32_t imx_clock_frequency(DeviceState *dev, IMXClk clock)
 {
 IMXCCMState *s = IMX_CCM(dev);
@@ -286,7 +222,7 @@ static int imx_ccm_init(SysBusDevice *dev)
 IMXCCMState *s = IMX_CCM(dev);
 
 memory_region_init_io(&s->iomem, OBJECT(dev), &imx_ccm_ops, s,
-  "imx_ccm", 0x1000);
+  TYPE_IMX_CCM, 0x1000);
 sysbus_init_mmio(dev, &s->iomem);
 
 return 0;
diff --git a/include/hw/arm/imx.h b/include/hw/arm/imx.h
index ea9e093..b188560 100644
--- a/include/hw/arm/imx.h
+++ b/include/hw/arm/imx.h
@@ -11,17 +11,9 @@
 #ifndef IMX_H

[Qemu-devel] [PATCH v13 10/19] i.MX: Split GPT emulator in a header file and a source file

2015-07-16 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* not present on v1

Changes since v2: 
* not present on v2

Changes since v3:
* not present on v3

Changes since v4: 
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* Splited the i.MX GPT emulator into a header file and a source file

Changes since v8:
* no change

Changes since v9:
* no change

Changes since v10:
* Fix coding style.

Changes since v11:
* no change

Changes since v12:
* no change

 hw/timer/imx_gpt.c |  79 ++---
 include/hw/timer/imx_gpt.h | 107 +
 2 files changed, 110 insertions(+), 76 deletions(-)
 create mode 100644 include/hw/timer/imx_gpt.h

diff --git a/hw/timer/imx_gpt.c b/hw/timer/imx_gpt.c
index 3b31010..f61d4e5 100644
--- a/hw/timer/imx_gpt.c
+++ b/hw/timer/imx_gpt.c
@@ -5,23 +5,18 @@
  * Copyright (c) 2011 NICTA Pty Ltd
  * Originally written by Hans Jiang
  * Updated by Peter Chubb
- * Updated by Jean-Christophe Dubois
+ * Updated by Jean-Christophe Dubois 
  *
  * This code is licensed under GPL version 2 or later.  See
  * the COPYING file in the top-level directory.
  *
  */
 
-#include "hw/hw.h"
-#include "qemu/bitops.h"
-#include "qemu/timer.h"
-#include "hw/ptimer.h"
-#include "hw/sysbus.h"
 #include "hw/arm/imx.h"
+#include "hw/timer/imx_gpt.h"
+#include "hw/misc/imx_ccm.h"
 #include "qemu/main-loop.h"
 
-#define TYPE_IMX_GPT "imx.gpt"
-
 /*
  * Define to 1 for debug messages
  */
@@ -74,74 +69,6 @@ static char const *imx_gpt_reg_name(uint32_t reg)
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
-#define IMX_GPT(obj) \
-OBJECT_CHECK(IMXGPTState, (obj), TYPE_IMX_GPT)
-/*
- * GPT : General purpose timer
- *
- * This timer counts up continuously while it is enabled, resetting itself
- * to 0 when it reaches GPT_TIMER_MAX (in freerun mode) or when it
- * reaches the value of one of the ocrX (in periodic mode).
- */
-
-#define GPT_TIMER_MAX  0XUL
-
-/* Control register.  Not all of these bits have any effect (yet) */
-#define GPT_CR_EN (1 << 0)  /* GPT Enable */
-#define GPT_CR_ENMOD  (1 << 1)  /* GPT Enable Mode */
-#define GPT_CR_DBGEN  (1 << 2)  /* GPT Debug mode enable */
-#define GPT_CR_WAITEN (1 << 3)  /* GPT Wait Mode Enable  */
-#define GPT_CR_DOZEN  (1 << 4)  /* GPT Doze mode enable */
-#define GPT_CR_STOPEN (1 << 5)  /* GPT Stop Mode Enable */
-#define GPT_CR_CLKSRC_SHIFT (6)
-#define GPT_CR_CLKSRC_MASK  (0x7)
-
-#define GPT_CR_FRR(1 << 9)  /* Freerun or Restart */
-#define GPT_CR_SWR(1 << 15) /* Software Reset */
-#define GPT_CR_IM1(3 << 16) /* Input capture channel 1 mode (2 bits) */
-#define GPT_CR_IM2(3 << 18) /* Input capture channel 2 mode (2 bits) */
-#define GPT_CR_OM1(7 << 20) /* Output Compare Channel 1 Mode (3 bits) */
-#define GPT_CR_OM2(7 << 23) /* Output Compare Channel 2 Mode (3 bits) */
-#define GPT_CR_OM3(7 << 26) /* Output Compare Channel 3 Mode (3 bits) */
-#define GPT_CR_FO1(1 << 29) /* Force Output Compare Channel 1 */
-#define GPT_CR_FO2(1 << 30) /* Force Output Compare Channel 2 */
-#define GPT_CR_FO3(1 << 31) /* Force Output Compare Channel 3 */
-
-#define GPT_SR_OF1  (1 << 0)
-#define GPT_SR_OF2  (1 << 1)
-#define GPT_SR_OF3  (1 << 2)
-#define GPT_SR_ROV  (1 << 5)
-
-#define GPT_IR_OF1IE  (1 << 0)
-#define GPT_IR_OF2IE  (1 << 1)
-#define GPT_IR_OF3IE  (1 << 2)
-#define GPT_IR_ROVIE  (1 << 5)
-
-typedef struct {
-SysBusDevice busdev;
-ptimer_state *timer;
-MemoryRegion iomem;
-DeviceState *ccm;
-
-uint32_t cr;
-uint32_t pr;
-uint32_t sr;
-uint32_t ir;
-uint32_t ocr1;
-uint32_t ocr2;
-uint32_t ocr3;
-uint32_t icr1;
-uint32_t icr2;
-uint32_t cnt;
-
-uint32_t next_timeout;
-uint32_t next_int;
-
-uint32_t freq;
-
-qemu_irq irq;
-} IMXGPTState;
-
 static const VMStateDescription vmstate_imx_timer_gpt = {
 .name = "imx.gpt",
 .version_id = 3,
diff --git a/include/hw/timer/imx_gpt.h b/include/hw/timer/imx_gpt.h
new file mode 100644
index 000..3f02d3b
--- /dev/null
+++ b/include/hw/timer/imx_gpt.h
@@ -0,0 +1,107 @@
+/*
+ * i.MX GPT Timer
+ *
+ * Copyright (c) 2008 OK Labs
+ * Copyright (c) 2011 NICTA Pty Ltd
+ * Originally written by Hans Jiang
+ * Updated by Peter Chubb
+ * Updated by Jean-Christophe Dubois 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and th

[Qemu-devel] [PATCH v13 02/19] i.MX: Move serial initialization to init/realize of DeviceClass.

2015-07-16 Thread Jean-Christophe Dubois 
Move constructor to DeviceClass methods
 * imx_serial_init
 * imx_serial_realize

imx32_serial_properties is renamed to imx_serial_properties.

Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* Remove Qdev construction helper

Changes since v9: 
* Qdev construction helper is reintegrated and moved to a header file
  as an inline function.

Changes since v10:
* Qdev construction helper is put back in the main file.
* Qdev construction helper is reworked
* We don't use qemu_char_get_next_serial() anymore but the chardev
  property instead.
* Fix code to work with an unitialized (null) chardev property

Changes since v11:
* remove fix to work with an unitialized (null) chardev property
* restore Qdev construction helper to initial state.

Changes since v12:
* move some coding style fixes to patch 03

 hw/char/imx_serial.c | 35 +++
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
index 1dcb325..f0ed255 100644
--- a/hw/char/imx_serial.c
+++ b/hw/char/imx_serial.c
@@ -306,16 +306,10 @@ static const struct MemoryRegionOps imx_serial_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static int imx_serial_init(SysBusDevice *dev)
+static void imx_serial_realize(DeviceState *dev, Error **errp)
 {
 IMXSerialState *s = IMX_SERIAL(dev);
 
-
-memory_region_init_io(&s->iomem, OBJECT(s), &imx_serial_ops, s,
-  "imx-serial", 0x1000);
-sysbus_init_mmio(dev, &s->iomem);
-sysbus_init_irq(dev, &s->irq);
-
 if (s->chr) {
 qemu_chr_add_handlers(s->chr, imx_can_receive, imx_receive,
   imx_event, s);
@@ -323,8 +317,17 @@ static int imx_serial_init(SysBusDevice *dev)
 DPRINTF("No char dev for uart at 0x%lx\n",
 (unsigned long)s->iomem.ram_addr);
 }
+}
+
+static void imx_serial_init(Object *obj)
+{
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+IMXSerialState *s = IMX_SERIAL(obj);
 
-return 0;
+memory_region_init_io(&s->iomem, obj, &imx_serial_ops, s,
+  TYPE_IMX_SERIAL, 0x1000);
+sysbus_init_mmio(sbd, &s->iomem);
+sysbus_init_irq(sbd, &s->irq);
 }
 
 void imx_serial_create(int uart, const hwaddr addr, qemu_irq irq)
@@ -361,7 +364,7 @@ void imx_serial_create(int uart, const hwaddr addr, 
qemu_irq irq)
 }
 
 
-static Property imx32_serial_properties[] = {
+static Property imx_serial_properties[] = {
 DEFINE_PROP_CHR("chardev", IMXSerialState, chr),
 DEFINE_PROP_END_OF_LIST(),
 };
@@ -369,21 +372,21 @@ static Property imx32_serial_properties[] = {
 static void imx_serial_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
 
-k->init = imx_serial_init;
+dc->realize = imx_serial_realize;
 dc->vmsd = &vmstate_imx_serial;
 dc->reset = imx_serial_reset_at_boot;
 set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
 dc->desc = "i.MX series UART";
-dc->props = imx32_serial_properties;
+dc->props = imx_serial_properties;
 }
 
 static const TypeInfo imx_serial_info = {
-.name = TYPE_IMX_SERIAL,
-.parent = TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(IMXSerialState),
-.class_init = imx_serial_class_init,
+.name   = TYPE_IMX_SERIAL,
+.parent = TYPE_SYS_BUS_DEVICE,
+.instance_size  = sizeof(IMXSerialState),
+.instance_init  = imx_serial_init,
+.class_init = imx_serial_class_init,
 };
 
 static void imx_serial_register_types(void)
-- 
2.1.4

[Qemu-devel] [PATCH v13 01/19] i.MX: Split UART emulator in a header file and a source file

2015-07-16 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3: 
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5
  
Changes since v6:
* not present on v6 
  
Changes since v7:
* Splited the i.MX serial emulator into a header file and a source file
  
Changes since v8:
* no change
  
Changes since v9:  
* Small style rework
  
Changes since v10:
* no change 
  
Changes since v11:
* no change

Changes since v12:
* no change

 hw/char/imx_serial.c |  82 +-
 include/hw/char/imx_serial.h | 102 +++
 2 files changed, 104 insertions(+), 80 deletions(-)
 create mode 100644 include/hw/char/imx_serial.h

diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
index f3fbc77..1dcb325 100644
--- a/hw/char/imx_serial.c
+++ b/hw/char/imx_serial.c
@@ -4,6 +4,7 @@
  * Copyright (c) 2008 OKL
  * Originally Written by Hans Jiang
  * Copyright (c) 2011 NICTA Pty Ltd.
+ * Updated by Jean-Christophe Dubois 
  *
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
@@ -17,8 +18,7 @@
  * is a real serial device.
  */
 
-#include "hw/hw.h"
-#include "hw/sysbus.h"
+#include "hw/char/imx_serial.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/char.h"
 #include "hw/arm/imx.h"
@@ -43,35 +43,6 @@ do { printf("imx_serial: " fmt , ##args); } while (0)
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
-#define TYPE_IMX_SERIAL "imx-serial"
-#define IMX_SERIAL(obj) OBJECT_CHECK(IMXSerialState, (obj), TYPE_IMX_SERIAL)
-
-typedef struct IMXSerialState {
-SysBusDevice parent_obj;
-
-MemoryRegion iomem;
-int32_t readbuff;
-
-uint32_t usr1;
-uint32_t usr2;
-uint32_t ucr1;
-uint32_t ucr2;
-uint32_t uts1;
-
-/*
- * The registers below are implemented just so that the
- * guest OS sees what it has written
- */
-uint32_t onems;
-uint32_t ufcr;
-uint32_t ubmr;
-uint32_t ubrc;
-uint32_t ucr3;
-
-qemu_irq irq;
-CharDriverState *chr;
-} IMXSerialState;
-
 static const VMStateDescription vmstate_imx_serial = {
 .name = "imx-serial",
 .version_id = 1,
@@ -91,55 +62,6 @@ static const VMStateDescription vmstate_imx_serial = {
 },
 };
 
-
-#define URXD_CHARRDY(1<<15)   /* character read is valid */
-#define URXD_ERR(1<<14)   /* Character has error */
-#define URXD_BRK(1<<11)   /* Break received */
-
-#define USR1_PARTYER(1<<15)   /* Parity Error */
-#define USR1_RTSS   (1<<14)   /* RTS pin status */
-#define USR1_TRDY   (1<<13)   /* Tx ready */
-#define USR1_RTSD   (1<<12)   /* RTS delta: pin changed state */
-#define USR1_ESCF   (1<<11)   /* Escape sequence interrupt */
-#define USR1_FRAMERR(1<<10)   /* Framing error  */
-#define USR1_RRDY   (1<<9)/* receiver ready */
-#define USR1_AGTIM  (1<<8)/* Aging timer interrupt */
-#define USR1_DTRD   (1<<7)/* DTR changed */
-#define USR1_RXDS   (1<<6)/* Receiver is idle */
-#define USR1_AIRINT (1<<5)/* Aysnch IR interrupt */
-#define USR1_AWAKE  (1<<4)/* Falling edge detected on RXd pin */
-
-#define USR2_ADET   (1<<15)   /* Autobaud complete */
-#define USR2_TXFE   (1<<14)   /* Transmit FIFO empty */
-#define USR2_DTRF   (1<<13)   /* DTR/DSR transition */
-#define USR2_IDLE   (1<<12)   /* UART has been idle for too long */
-#define USR2_ACST   (1<<11)   /* Autobaud counter stopped */
-#define USR2_RIDELT (1<<10)   /* Ring Indicator delta */
-#define USR2_RIIN   (1<<9)/* Ring Indicator Input */
-#define USR2_IRINT  (1<<8)/* Serial Infrared Interrupt */
-#define USR2_WAKE   (1<<7)/* Start bit detected */
-#define USR2_DCDDELT(1<<6)/* Data Carrier Detect delta */
-#define USR2_DCDIN  (1<<5)/* Data Carrier Detect Input */
-#define USR2_RTSF   (1<<4)/* RTS transition */
-#define USR2_TXDC   (1<<3)/* Transmission complete */
-#define USR2_BRCD   (1<<2)/* Break condition detected */
-#define USR2_ORE(1<<1)/* Overrun error */
-#define USR2_RDR(1<<0)/* Receive data ready */
-
-#define UCR1_TRDYEN (1<<13)   /* Tx Ready Interrupt Enable */
-#define UCR1_RRDYEN (1<<9)/* Rx Ready Interrupt Enable */
-#define UCR1_TXMPTYEN   (1<<6)/* Tx Empty Interrupt Enable */
-#define UCR1_UARTEN (1<<0)/* UART Enable */
-
-#define UCR2_TXEN   (1<<2)/* Transmitter enable */
-#define UCR2_RXEN   (1<<1)/* Receiver enable */
-#define UCR2_SRST   (1<<0)/* Reset complete */
-
-#define UTS1_TXEMPTY(1<<6)
-#define UTS1_RXEMPTY(1<<5)
-#define UTS1_TXFULL (1<<4)
-#define UTS1_RXFULL (1<<3)
-
 static void imx_update(IMXSerialS

[Qemu-devel] [PATCH v13 03/19] i.MX:Fix Coding style for UART emulator.

2015-07-16 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5: 
* not present on v5 

Changes since v6:
* not present on v6

Changes since v7:
* not preset on v7

Changes since v8: 
* Fix coding style

Changes since v9:
* no change

Changes since v10:
* no change

Changes since v11:
* no change

Changes since v12:
* Some more coding style fixes from patch 02

 hw/char/imx_serial.c | 34 +-
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
index f0ed255..f9da59f 100644
--- a/hw/char/imx_serial.c
+++ b/hw/char/imx_serial.c
@@ -26,7 +26,7 @@
 //#define DEBUG_SERIAL 1
 #ifdef DEBUG_SERIAL
 #define DPRINTF(fmt, args...) \
-do { printf("imx_serial: " fmt , ##args); } while (0)
+do { printf("%s: " fmt , TYPE_IMX_SERIAL, ##args); } while (0)
 #else
 #define DPRINTF(fmt, args...) do {} while (0)
 #endif
@@ -38,13 +38,13 @@ do { printf("imx_serial: " fmt , ##args); } while (0)
 //#define DEBUG_IMPLEMENTATION 1
 #ifdef DEBUG_IMPLEMENTATION
 #  define IPRINTF(fmt, args...) \
-do  { fprintf(stderr, "imx_serial: " fmt, ##args); } while (0)
+do  { fprintf(stderr, "%s: " fmt, TYPE_IMX_SERIAL, ##args); } while (0)
 #else
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
 static const VMStateDescription vmstate_imx_serial = {
-.name = "imx-serial",
+.name = TYPE_IMX_SERIAL,
 .version_id = 1,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
@@ -164,13 +164,13 @@ static uint64_t imx_serial_read(void *opaque, hwaddr 
offset,
 return 0x0; /* TODO */
 
 default:
-IPRINTF("imx_serial_read: bad offset: 0x%x\n", (int)offset);
+IPRINTF("%s: bad offset: 0x%x\n", __func__, (int)offset);
 return 0;
 }
 }
 
 static void imx_serial_write(void *opaque, hwaddr offset,
-  uint64_t value, unsigned size)
+ uint64_t value, unsigned size)
 {
 IMXSerialState *s = (IMXSerialState *)opaque;
 unsigned char ch;
@@ -220,25 +220,25 @@ static void imx_serial_write(void *opaque, hwaddr offset,
 
 case 0x25: /* USR1 */
 value &= USR1_AWAKE | USR1_AIRINT | USR1_DTRD | USR1_AGTIM |
-USR1_FRAMERR | USR1_ESCF | USR1_RTSD | USR1_PARTYER;
+ USR1_FRAMERR | USR1_ESCF | USR1_RTSD | USR1_PARTYER;
 s->usr1 &= ~value;
 break;
 
 case 0x26: /* USR2 */
-   /*
-* Writing 1 to some bits clears them; all other
-* values are ignored
-*/
+/*
+ * Writing 1 to some bits clears them; all other
+ * values are ignored
+ */
 value &= USR2_ADET | USR2_DTRF | USR2_IDLE | USR2_ACST |
-USR2_RIDELT | USR2_IRINT | USR2_WAKE |
-USR2_DCDDELT | USR2_RTSF | USR2_BRCD | USR2_ORE;
+ USR2_RIDELT | USR2_IRINT | USR2_WAKE |
+ USR2_DCDDELT | USR2_RTSF | USR2_BRCD | USR2_ORE;
 s->usr2 &= ~value;
 break;
 
-/*
- * Linux expects to see what it writes to these registers
- * We don't currently alter the baud rate
- */
+/*
+ * Linux expects to see what it writes to these registers
+ * We don't currently alter the baud rate
+ */
 case 0x29: /* UBIR */
 s->ubrc = value & 0x;
 break;
@@ -266,7 +266,7 @@ static void imx_serial_write(void *opaque, hwaddr offset,
 break;
 
 default:
-IPRINTF("imx_serial_write: Bad offset 0x%x\n", (int)offset);
+IPRINTF("%s: Bad offset 0x%x\n", __func__, (int)offset);
 }
 }
 
-- 
2.1.4

[Qemu-devel] [PATCH v13 00/19] i.MX: Add i.MX25 support through the PDK evaluation board

2015-07-16 Thread Jean-Christophe Dubois 
This series of patches add the support for the i.MX25 processor through the
Freescale PDK evaluation board.

For now a limited set of devices is supported.
* GPT timers (from i.MX31)
* EPIT timers (from i.MX31)
* Serial ports (from i.MX31)
* Ethernet FEC port
* I2C controller

In the process the KZM platform was split into an i.MX31 SOC
and a plateform part.

Also, I2C devices was added to the i.MX31 SOC.

This was tested by:
* booting a minimal linux system on the i.MX25 PDK platform
* booting the Xvisor hypervisor on the i.MX25 PDK platform
* booting a minimal linux system on the KZM platform

Jean-Christophe Dubois (19):
  i.MX: Split UART emulator in a header file and a source file
  i.MX: Move serial initialization to init/realize of DeviceClass.
  i.MX:Fix Coding style for UART emulator.
  i.MX: Split AVIC emulator in a header file and a source file
  i.MX: Fix Coding style for AVIC emulator.
  i.MX: Split CCM emulator in a header file and a source file
  i.MX: Fix Coding style for CCM emulator
  i.MX: Split EPIT emulator in a header file and a source file
  i.MX: Fix Coding style for EPIT emulator
  i.MX: Split GPT emulator in a header file and a source file
  i.MX: Fix Coding style for GPT emulator
  i.MX: Add SOC support for i.MX31
  i.MX: KZM now uses the standalone i.MX31 SOC support
  i.MX: Add I2C controller emulator
  i.MX: Add FEC Ethernet Emulator
  i.MX: Add SOC support for i.MX25
  i.MX: Add the i.MX25 PDK plateform
  i.MX: Add qtest support for I2C device emulator.
  i.MX: Adding i2C devices to i.MX31 SOC

 default-configs/arm-softmmu.mak |   6 +
 hw/arm/Makefile.objs|   4 +-
 hw/arm/fsl-imx25.c  | 260 +++
 hw/arm/fsl-imx31.c  | 233 +
 hw/arm/imx25_pdk.c  | 162 +
 hw/arm/kzm.c| 205 ++--
 hw/char/imx_serial.c| 180 ++
 hw/i2c/Makefile.objs|   1 +
 hw/i2c/imx_i2c.c| 339 +++
 hw/intc/imx_avic.c  |  56 +---
 hw/misc/imx_ccm.c   |  81 +
 hw/net/Makefile.objs|   1 +
 hw/net/imx_fec.c| 709 
 hw/timer/imx_epit.c |  75 +
 hw/timer/imx_gpt.c  |  96 +-
 include/hw/arm/fsl-imx25.h  | 234 +
 include/hw/arm/fsl-imx31.h  | 110 +++
 include/hw/arm/imx.h|  34 --
 include/hw/char/imx_serial.h| 102 ++
 include/hw/i2c/imx_i2c.h|  85 +
 include/hw/intc/imx_avic.h  |  55 
 include/hw/misc/imx_ccm.h   |  91 ++
 include/hw/net/imx_fec.h| 113 +++
 include/hw/timer/imx_epit.h |  79 +
 include/hw/timer/imx_gpt.h  | 107 ++
 tests/Makefile  |   3 +
 tests/ds1338-test.c |  75 +
 tests/libqos/i2c-imx.c  | 209 
 tests/libqos/i2c.h  |   3 +
 29 files changed, 3151 insertions(+), 557 deletions(-)
 create mode 100644 hw/arm/fsl-imx25.c
 create mode 100644 hw/arm/fsl-imx31.c
 create mode 100644 hw/arm/imx25_pdk.c
 create mode 100644 hw/i2c/imx_i2c.c
 create mode 100644 hw/net/imx_fec.c
 create mode 100644 include/hw/arm/fsl-imx25.h
 create mode 100644 include/hw/arm/fsl-imx31.h
 delete mode 100644 include/hw/arm/imx.h
 create mode 100644 include/hw/char/imx_serial.h
 create mode 100644 include/hw/i2c/imx_i2c.h
 create mode 100644 include/hw/intc/imx_avic.h
 create mode 100644 include/hw/misc/imx_ccm.h
 create mode 100644 include/hw/net/imx_fec.h
 create mode 100644 include/hw/timer/imx_epit.h
 create mode 100644 include/hw/timer/imx_gpt.h
 create mode 100644 tests/ds1338-test.c
 create mode 100644 tests/libqos/i2c-imx.c

-- 
2.1.4

[Qemu-devel] [Bug 1354167] Re: On VM restart: Could not open 'poppy.qcow2': Could not read snapshots: File too large

2015-07-16 Thread Nenad Cuturic 
I used Rob Schultz's binary to convert the image-files and it is working
now.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1354167

Title:
  On VM restart: Could not open 'poppy.qcow2': Could not read snapshots:
  File too large

Status in QEMU:
  New

Bug description:
  I'm unable to restart a VM.   virt-manager is giving me:

  Error starting domain: internal error: process exited while connecting
  to monitor: qemu-system-x86_64: -drive
  file=/var/lib/libvirt/images/poppy.qcow2,if=none,id=drive-virtio-
  disk0,format=qcow2: could not open disk image
  /var/lib/libvirt/images/poppy.qcow2: Could not read snapshots: File
  too large

  
  From the command line trying to check the image also gives me:
  qemu-img check poppy.qcow2
  qemu-img: Could not open 'poppy.qcow2': Could not read snapshots: File too 
large

  
  This bug appears with both the default install of qemu for ubuntu 14.04:
  qemu-img version 2.0.0, Copyright (c) 2004-2008 Fabrice Bellard

  And the latest version.
  qemu-img version 2.1.50, Copyright (c) 2004-2008 Fabrice Bellard

  
  Host: 
  Dual E5-2650 v2 @ 2.60GHz
  32GB Memory
  4TB Disk space (2.1TB Free) 

  Host OS: Ubuntu 14.04.1 LTS 64bit

  Guest:
  Ubuntu 14.04 64bit
  Storage Size: 500gb

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1354167/+subscriptions

Re: [Qemu-devel] [PATCH] hostmem: Fix qemu_opt_get_bool() crash in host_memory_backend_init()

2015-07-16 Thread Igor Mammedov 
On Thu, 16 Jul 2015 17:39:17 -0300
Eduardo Habkost  wrote:

> This fixes the following crash, introduced by commit
> 49d2e648e8087d154d8bf8b91f27c8e05e79d5a6:
> 
>   $ gdb --args qemu-system-x86_64 -machine pc,mem-merge=off -object
> memory-backend-ram,id=ram-node0,size=1024 [...]
>   Program received signal SIGABRT, Aborted.
>   (gdb) bt
>   #0  0x7253b8c7 in raise () at /lib64/libc.so.6
>   #1  0x7253d52a in abort () at /lib64/libc.so.6
>   #2  0x7253446d in __assert_fail_base () at /lib64/libc.so.6
>   #3  0x72534522 in  () at /lib64/libc.so.6
>   #4  0x558bb80a in qemu_opt_get_bool_helper
> (opts=0x5621b650, name=name@entry=0x558ec922 "mem-merge",
> defval=defval@entry=true, del=del@entry=false) at
> qemu/util/qemu-option.c:388 #5  0x558bbb5a in
> qemu_opt_get_bool (opts=,
> name=name@entry=0x558ec922 "mem-merge", defval=defval@entry=true)
> at qemu/util/qemu-option.c:398 #6  0x55720a24 in
> host_memory_backend_init (obj=0x562ac970) at
> qemu/backends/hostmem.c:226
> 
> Instead of using qemu_opt_get_bool(), that didn't work with
> qemu_machine_opts for a long time, we can use the machine QOM
> properties directly.
> 
> Signed-off-by: Eduardo Habkost 
> ---
>  backends/hostmem.c | 9 +
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/backends/hostmem.c b/backends/hostmem.c
> index 61c1ac0..38a32ed 100644
> --- a/backends/hostmem.c
> +++ b/backends/hostmem.c
> @@ -10,6 +10,7 @@
>   * See the COPYING file in the top-level directory.
>   */
>  #include "sysemu/hostmem.h"
> +#include "hw/boards.h"
>  #include "qapi/visitor.h"
>  #include "qapi-types.h"
>  #include "qapi-visit.h"
> @@ -223,10 +224,10 @@ static void host_memory_backend_init(Object
> *obj) {
>  HostMemoryBackend *backend = MEMORY_BACKEND(obj);
>  
> -backend->merge = qemu_opt_get_bool(qemu_get_machine_opts(),
> -   "mem-merge", true);
> -backend->dump = qemu_opt_get_bool(qemu_get_machine_opts(),
> -  "dump-guest-core", true);
> +backend->merge =
> object_property_get_bool(OBJECT(current_machine),
maybe use qdev_get_machine() instead of OBJECT(current_machine)


> +  "mem-merge",
> &error_abort);
> +backend->dump = object_property_get_bool(OBJECT(current_machine),
> +"dump-guest-core",
> &error_abort); backend->prealloc = mem_prealloc;
>  
>  object_property_add_bool(obj, "merge",

[Qemu-devel] [Bug 1354167] Re: On VM restart: Could not open 'poppy.qcow2': Could not read snapshots: File too large

2015-07-16 Thread Nenad Cuturic 
I've got the same problem again while release-upgrading to 14.04.2 but this 
time I was careful to shutdown vm's and disable autostart prior to 
release-upgrade to prevent anything happening in background. Nevertheless after 
the upgrade one vm is not starting.
I'll repeat the procedure about converting the image and report the result.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1354167

Title:
  On VM restart: Could not open 'poppy.qcow2': Could not read snapshots:
  File too large

Status in QEMU:
  New

Bug description:
  I'm unable to restart a VM.   virt-manager is giving me:

  Error starting domain: internal error: process exited while connecting
  to monitor: qemu-system-x86_64: -drive
  file=/var/lib/libvirt/images/poppy.qcow2,if=none,id=drive-virtio-
  disk0,format=qcow2: could not open disk image
  /var/lib/libvirt/images/poppy.qcow2: Could not read snapshots: File
  too large

  
  From the command line trying to check the image also gives me:
  qemu-img check poppy.qcow2
  qemu-img: Could not open 'poppy.qcow2': Could not read snapshots: File too 
large

  
  This bug appears with both the default install of qemu for ubuntu 14.04:
  qemu-img version 2.0.0, Copyright (c) 2004-2008 Fabrice Bellard

  And the latest version.
  qemu-img version 2.1.50, Copyright (c) 2004-2008 Fabrice Bellard

  
  Host: 
  Dual E5-2650 v2 @ 2.60GHz
  32GB Memory
  4TB Disk space (2.1TB Free) 

  Host OS: Ubuntu 14.04.1 LTS 64bit

  Guest:
  Ubuntu 14.04 64bit
  Storage Size: 500gb

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1354167/+subscriptions

[Qemu-devel] [PATCH v2] raw-posix.c: Make physical devices usable in QEMU under Mac OS X host

2015-07-16 Thread Programmingkid 
Mac OS X can be picky when it comes to allowing the user to use physical devices
in QEMU. This patch fixes that issue by testing each physical device first
before using it in QEMU. If an issue is detected, a message is displayed
showing the user how to unmount a volume. 

Signed-off-by: John Arbuckle 

---
Removed volume unmounting code.
Removed automatic remounting code.
Displays helpful error message in place of remounting code.

 block/raw-posix.c |  115 
 1 files changed, 88 insertions(+), 27 deletions(-)

diff --git a/block/raw-posix.c b/block/raw-posix.c
index cbe6574..9de37ea 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -42,9 +42,8 @@
 #include 
 #include 
 #include 
-//#include 
 #include 
-#endif
+#endif /* (__APPLE__) && (__MACH__) */
 
 #ifdef __sun__
 #define _POSIX_PTHREAD_SEMANTICS 1
@@ -1972,8 +1971,9 @@ BlockDriver bdrv_file = {
 /* host device */
 
 #if defined(__APPLE__) && defined(__MACH__)
-static kern_return_t FindEjectableCDMedia( io_iterator_t *mediaIterator );
-static kern_return_t GetBSDPath( io_iterator_t mediaIterator, char *bsdPath, 
CFIndex maxPathSize );
+static kern_return_t FindEjectableCDMedia(io_iterator_t *mediaIterator);
+static kern_return_t GetBSDPath(io_iterator_t mediaIterator, char *bsdPath,
+CFIndex maxPathSize, int flags);
 
 kern_return_t FindEjectableCDMedia( io_iterator_t *mediaIterator )
 {
@@ -2001,7 +2001,8 @@ kern_return_t FindEjectableCDMedia( io_iterator_t 
*mediaIterator )
 return kernResult;
 }
 
-kern_return_t GetBSDPath( io_iterator_t mediaIterator, char *bsdPath, CFIndex 
maxPathSize )
+kern_return_t GetBSDPath(io_iterator_t mediaIterator, char *bsdPath,
+ CFIndex maxPathSize, int flags)
 {
 io_object_t nextMedia;
 kern_return_t   kernResult = KERN_FAILURE;
@@ -2014,7 +2015,9 @@ kern_return_t GetBSDPath( io_iterator_t mediaIterator, 
char *bsdPath, CFIndex ma
 if ( bsdPathAsCFString ) {
 size_t devPathLength;
 strcpy( bsdPath, _PATH_DEV );
-strcat( bsdPath, "r" );
+if (flags & BDRV_O_NOCACHE) {
+strcat(bsdPath, "r");
+}
 devPathLength = strlen( bsdPath );
 if ( CFStringGetCString( bsdPathAsCFString, bsdPath + 
devPathLength, maxPathSize - devPathLength, kCFStringEncodingASCII ) ) {
 kernResult = KERN_SUCCESS;
@@ -2027,7 +2030,67 @@ kern_return_t GetBSDPath( io_iterator_t mediaIterator, 
char *bsdPath, CFIndex ma
 return kernResult;
 }
 
-#endif
+/* Sets up a physical device for use in QEMU */
+static void setupDevice(const char *bsdPath)
+{
+   /*
+* Mac OS X does not like allowing QEMU to use physical devices that are
+* mounted. Attempts to do so result in 'Resource busy' errors.
+*/
+
+int fd;
+fd = qemu_open(bsdPath, O_RDONLY | O_BINARY | O_LARGEFILE);
+
+/* if the device fails to open */
+if (fd < 0) {
+printf("Error: failed to open %s\n", bsdPath);
+printf("If device %s is mounted on the desktop, unmount it"
+   " first before using it in QEMU.\n", bsdPath);
+printf("\nCommand to unmount device: diskutil unmountDisk %s", 
bsdPath);
+printf("\nCommand to mount device: diskutil mountDisk %s\n\n", 
bsdPath);
+}
+
+/* if the device opens */
+else {
+qemu_close(fd);
+}
+}
+
+/* Sets up a real cdrom for use in QEMU */
+static void setupCDROM(char *bsdPath)
+{
+int index, numOfTestPartitions = 2, fd;
+char testPartition[MAXPATHLEN];
+bool partitionFound = false;
+
+/* look for a working partition */
+for (index = 0; index < numOfTestPartitions; index++) {
+strncpy(testPartition, bsdPath, MAXPATHLEN);
+snprintf(testPartition, MAXPATHLEN, "%ss%d", testPartition, index);
+fd = qemu_open(testPartition, O_RDONLY | O_BINARY | O_LARGEFILE);
+if (fd > 0) {
+partitionFound = true;
+qemu_close(fd);
+break;
+}
+}
+
+/* if a working partition on the device was not found */
+if (partitionFound == false) {
+printf("Error: Failed to find a working partition on disc!\n");
+printf("If your disc is mounted on the desktop, trying unmounting it"
+   " first before using it in QEMU.\n");
+printf("\nCommand to unmount disc: "
+"diskutil unmountDisk %s\n", bsdPath);
+printf("Command to mount disc: "
+   "diskutil mountDisk %s\n\n", bsdPath);
+}
+
+DPRINTF("Using %s as CDROM\n", testPartition);
+strncpy(bsdPath, testPartition, MAXPATHLEN);
+}
+
+#endif /* defined(__APPLE__) && defined(__MACH__) */
 
 static int hdev_probe_device(const char *filename)
 {
@@ -2119,30 +2182,28 @@ static int hdev_open(BlockDriverState *bs, QDict 
*options, int flags,
 #if defined(__APPLE__) && defined(__MACH__)
 const char *filename = qdict_get_str(

Re: [Qemu-devel] RFC: guest-side retrieval of fw_cfg file

2015-07-16 Thread Gabriel L. Somlo 
On Thu, Jul 16, 2015 at 01:27:15PM -0600, Eric Blake wrote:
> On 07/15/2015 06:43 PM, Gabriel L. Somlo wrote:
> 
> > 
> > OK, so I replaced my port i/o with mmio equivalents:
> > 
> > -#define FW_CFG_PORT_CTL  0x510
> > +#define FW_CFG_PORT_CTL  (void *)0x09020008
> > 
> > -#define FW_CFG_PORT_DATA 0x511
> > +#define FW_CFG_PORT_DATA (void *)0x0902
> 
> Under-parenthesized; you'll want:
> 
> #define FW_CFG_PORT_DATA ((void *)0x0902)
> 
> to be useful in all possible locations where an identifier can appear in
> an expression.
> 
> > 
> > -   outw(select, FW_CFG_PORT_CTL);
> > +   writew(select, FW_CFG_PORT_CTL);
> > 
> > -   inb(FW_CFG_PORT_DATA);
> > +   readb(FW_CFG_PORT_DATA);
> > 
> > -   insb(FW_CFG_PORT_DATA, buf, count);
> > +   readsb(FW_CFG_PORT_DATA, buf, count);
> 
> But as it doesn't affect your usage here...
> 
> > 
> > I'm probably missing something that'll turn out to be really obvious
> > in retrospect... :)
> 
> I probably didn't spot the really obvious problem.

After some meditation (and digging around), I now think I may have missed
some of the pomp and circumstance surrounding mmio access, beyond the simple
writew/readsb calls I was using. Such as [request|check|release]_mem_region(),
ioremap(), and maybe even ioport_[map|unmap](), to hopefully make things
more uniform across the mmio vs. ioport architectures :)

Guess Section 9.4 of LDD3 is my new bestest friend :)
(http://www.makelinux.net/ldd3/chp-9-sect-4)

Thanks,
--Gabriel

[Qemu-devel] [PATCH] hostmem: Fix qemu_opt_get_bool() crash in host_memory_backend_init()

2015-07-16 Thread Eduardo Habkost 
This fixes the following crash, introduced by commit
49d2e648e8087d154d8bf8b91f27c8e05e79d5a6:

  $ gdb --args qemu-system-x86_64 -machine pc,mem-merge=off -object 
memory-backend-ram,id=ram-node0,size=1024
  [...]
  Program received signal SIGABRT, Aborted.
  (gdb) bt
  #0  0x7253b8c7 in raise () at /lib64/libc.so.6
  #1  0x7253d52a in abort () at /lib64/libc.so.6
  #2  0x7253446d in __assert_fail_base () at /lib64/libc.so.6
  #3  0x72534522 in  () at /lib64/libc.so.6
  #4  0x558bb80a in qemu_opt_get_bool_helper (opts=0x5621b650, 
name=name@entry=0x558ec922 "mem-merge", defval=defval@entry=true, 
del=del@entry=false) at qemu/util/qemu-option.c:388
  #5  0x558bbb5a in qemu_opt_get_bool (opts=, 
name=name@entry=0x558ec922 "mem-merge", defval=defval@entry=true) at 
qemu/util/qemu-option.c:398
  #6  0x55720a24 in host_memory_backend_init (obj=0x562ac970) at 
qemu/backends/hostmem.c:226

Instead of using qemu_opt_get_bool(), that didn't work with
qemu_machine_opts for a long time, we can use the machine QOM properties
directly.

Signed-off-by: Eduardo Habkost 
---
 backends/hostmem.c | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/backends/hostmem.c b/backends/hostmem.c
index 61c1ac0..38a32ed 100644
--- a/backends/hostmem.c
+++ b/backends/hostmem.c
@@ -10,6 +10,7 @@
  * See the COPYING file in the top-level directory.
  */
 #include "sysemu/hostmem.h"
+#include "hw/boards.h"
 #include "qapi/visitor.h"
 #include "qapi-types.h"
 #include "qapi-visit.h"
@@ -223,10 +224,10 @@ static void host_memory_backend_init(Object *obj)
 {
 HostMemoryBackend *backend = MEMORY_BACKEND(obj);
 
-backend->merge = qemu_opt_get_bool(qemu_get_machine_opts(),
-   "mem-merge", true);
-backend->dump = qemu_opt_get_bool(qemu_get_machine_opts(),
-  "dump-guest-core", true);
+backend->merge = object_property_get_bool(OBJECT(current_machine),
+  "mem-merge", &error_abort);
+backend->dump = object_property_get_bool(OBJECT(current_machine),
+"dump-guest-core", &error_abort);
 backend->prealloc = mem_prealloc;
 
 object_property_add_bool(obj, "merge",
-- 
2.1.0

Re: [Qemu-devel] [RFC v3 0/8] Fix QEMU crash during memory hotplug with vhost=on

2015-07-16 Thread Andrey Korolyov 
On Wed, Jul 15, 2015 at 7:46 PM, Andrey Korolyov  wrote:
> On Wed, Jul 15, 2015 at 7:08 PM, Michael S. Tsirkin  wrote:
>> On Wed, Jul 15, 2015 at 06:26:03PM +0300, Andrey Korolyov wrote:
>>> On Wed, Jul 15, 2015 at 6:18 PM, Igor Mammedov  wrote:
>>> > On Thu, 9 Jul 2015 20:04:35 +0300
>>> > Andrey Korolyov  wrote:
>>> >
>>> >> On Wed, Jul 8, 2015 at 6:46 PM, Igor Mammedov  
>>> >> wrote:
>>> >> > On Wed, 8 Jul 2015 13:01:05 +0300
>>> >> > "Michael S. Tsirkin"  wrote:
>>> >> >
>>> >> > [...]
>>> >> >> - this fixes qemu on current kernels, so it's a bugfix
>>> >> >>
>>> >> >> - this changes the semantics of memory hot unplug slightly
>>> >> >>   so I think it's important to merge in 2.4 before we
>>> >> >>   release qemu with memory hot unplug, this way we
>>> >> >>   won't have to maintain old semantics forever
>>> >> > concerning semantic change, I've just chatted with Peter
>>> >> > who implemented libvirt side of the memory hotplug stack.
>>> >> > And it's not a problem for libvirt since it always does
>>> >> > unplug dimm -> remove backend sequence.
>>> >> >
>>> >> >
>>> >>
>>> >>
>>> >> Just for the record - top of the series somehow fixed mysterious guest
>>> >> memory corruption issue described in
>>> >> https://lists.gnu.org/archive/html/qemu-devel/2015-06/msg03117.html
>>> >> which existed right from a moment of a memory hotplug introduction, I
>>> >> checked series for its disappearance only with vhost for now.  Thanks
>>> >> Igor!
>>> > just to be sure which patch exactly fixed issue for you?
>>> >
>>>
>>> Had not bisected this yet, 2.3 is fairly distant from mine production
>>> yet... will post a result today or tomorrow. Until then, I`ll be
>>> absolutely out of clues of what was behind mentioned corruption.
>>
>> Igor merely asked which of his 8 patches fixed it.
>
> I mentioned exactly the same thing - right now I`m bisecting over his
> series from abovementioned branch to find out what commit fixes the
> issue, it should take about a hour for completion of the test series.
> The expression is about nature of the bug, as it should be ultimately
> weird or well-hidded, given conditions of its exposure.


Whoops.. I`m horribly sorry for the statement above, messed up testing
result in my head. So far, picture looks as following

acf7b7fdf31fa76b53803790917c8acf23a2badb (pre- vhost_one_hp_range_v4
series) - good
e5b3a24181ea0cebf1c5b20f44d016311b7048f0 (2.3.0 tag) - bad

This means that the issue is fixed elsewhere during rc, I am not
promising to find a commit quickly, but I would elaborate as fast as
possible in a spare time. Apologies again for messing things up a
little.

[Qemu-devel] [PATCH v1 1/2] MAINTAINERS: Update Xilinx Maintainership

2015-07-16 Thread Alistair Francis 
Peter C is leaving Xilinx, so update the maintainer list
to point to Alistair and Edgar from Xilinx and Peter's
personal email address.

Signed-off-by: Alistair Francis 
---

 MAINTAINERS |   19 ++-
 1 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 411da3c..8e644c7 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -349,7 +349,8 @@ S: Maintained
 F: hw/*/versatile*
 
 Xilinx Zynq
-M: Peter Crosthwaite 
+M: Alistair Francis 
+M: Peter Crosthwaite 
 S: Maintained
 F: hw/arm/xilinx_zynq.c
 F: hw/misc/zynq_slcr.c
@@ -405,7 +406,7 @@ S: Maintained
 F: hw/microblaze/petalogix_s3adsp1800_mmu.c
 
 petalogix_ml605
-M: Peter Crosthwaite 
+M: Edgar E. Iglesias 
 S: Maintained
 F: hw/microblaze/petalogix_ml605_mmu.c
 
@@ -683,10 +684,17 @@ S: Orphan
 F: hw/scsi/lsi53c895a.c
 
 SSI
-M: Peter Crosthwaite 
+M: Peter Crosthwaite 
 S: Maintained
 F: hw/ssi/*
 F: hw/block/m25p80.c
+X: hw/ssi/xilinx_*
+
+Xilinx SPI
+M: Alistair Francis 
+M: Peter Crosthwaite 
+S: Maintained
+F: hw/ssi/xilinx_*
 
 USB
 M: Gerd Hoffmann 
@@ -775,8 +783,9 @@ F: hw/scsi/megasas.c
 F: hw/scsi/mfi.h
 
 Xilinx EDK
-M: Peter Crosthwaite 
 M: Edgar E. Iglesias 
+M: Alistair Francis 
+M: Peter Crosthwaite 
 S: Maintained
 F: hw/*/xilinx_*
 F: include/hw/xilinx.h
@@ -878,7 +887,7 @@ F: include/hw/cpu/icc_bus.h
 F: hw/cpu/icc_bus.c
 
 Device Tree
-M: Peter Crosthwaite 
+M: Peter Crosthwaite 
 M: Alexander Graf 
 S: Maintained
 F: device_tree.[ch]
-- 
1.7.1

[Qemu-devel] [PATCH v1 0/2] MAINTAINERS: Update the MAINTAINERS file

2015-07-16 Thread Alistair Francis 
Two simple patches that update the Xilinx related contacts
in the maintainer file and add ZynqMP to the file.

Alistair Francis (2):
  MAINTAINERS: Update Xilinx Maintainership
  MAINTAINERS: Add ZynqMP to MAINTAINERS file

 MAINTAINERS |   27 ++-
 1 files changed, 22 insertions(+), 5 deletions(-)

[Qemu-devel] [PATCH v1 2/2] MAINTAINERS: Add ZynqMP to MAINTAINERS file

2015-07-16 Thread Alistair Francis 
Add the Xilinx ZynqMP SoC and EP108 machine to the maintainers
file.

Signed-off-by: Alistair Francis 
---

 MAINTAINERS |8 
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 8e644c7..a4aa6f4 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -357,6 +357,14 @@ F: hw/misc/zynq_slcr.c
 F: hw/*/cadence_*
 F: hw/ssi/xilinx_spips.c
 
+Xilinx ZynqMP
+M: Alistair Francis 
+M: Peter Crosthwaite 
+S: Maintained
+F: hw/arm/xlnx-zynqmp.c
+F: hw/arm/xlnx-ep108.c
+F: include/hw/arm/xlnx-zynqmp.h
+
 ARM ACPI Subsystem
 M: Shannon Zhao 
 M: Shannon Zhao 
-- 
1.7.1

[Qemu-devel] [PATCH v2 4/6] hw/cpu/{a15mpcore, a9mpcore}: enable TrustZone in GIC if it is enabled in CPUs

2015-07-16 Thread Peter Maydell 
If the A9 and A15 CPUs which we're creating the peripherals for have
TrustZone (EL3) enabled, then also enable it in the GIC we create.

Signed-off-by: Peter Maydell 
---
 hw/cpu/a15mpcore.c | 13 +
 hw/cpu/a9mpcore.c  | 11 +++
 2 files changed, 24 insertions(+)

diff --git a/hw/cpu/a15mpcore.c b/hw/cpu/a15mpcore.c
index 49727d0..fd0c46a 100644
--- a/hw/cpu/a15mpcore.c
+++ b/hw/cpu/a15mpcore.c
@@ -56,10 +56,23 @@ static void a15mp_priv_realize(DeviceState *dev, Error 
**errp)
 SysBusDevice *busdev;
 int i;
 Error *err = NULL;
+bool has_el3;
+Object *cpuobj;
 
 gicdev = DEVICE(&s->gic);
 qdev_prop_set_uint32(gicdev, "num-cpu", s->num_cpu);
 qdev_prop_set_uint32(gicdev, "num-irq", s->num_irq);
+
+if (!kvm_irqchip_in_kernel()) {
+/* Make the GIC's TZ support match the CPUs. We assume that
+ * either all the CPUs have TZ, or none do.
+ */
+cpuobj = OBJECT(qemu_get_cpu(0));
+has_el3 = object_property_find(cpuobj, "has_el3", &error_abort) &&
+object_property_get_bool(cpuobj, "has_el3", &error_abort);
+qdev_prop_set_bit(gicdev, "has-security-extensions", has_el3);
+}
+
 object_property_set_bool(OBJECT(&s->gic), true, "realized", &err);
 if (err != NULL) {
 error_propagate(errp, err);
diff --git a/hw/cpu/a9mpcore.c b/hw/cpu/a9mpcore.c
index c09358c..7046246 100644
--- a/hw/cpu/a9mpcore.c
+++ b/hw/cpu/a9mpcore.c
@@ -49,6 +49,8 @@ static void a9mp_priv_realize(DeviceState *dev, Error **errp)
  *wdtbusdev;
 Error *err = NULL;
 int i;
+bool has_el3;
+Object *cpuobj;
 
 scudev = DEVICE(&s->scu);
 qdev_prop_set_uint32(scudev, "num-cpu", s->num_cpu);
@@ -62,6 +64,15 @@ static void a9mp_priv_realize(DeviceState *dev, Error **errp)
 gicdev = DEVICE(&s->gic);
 qdev_prop_set_uint32(gicdev, "num-cpu", s->num_cpu);
 qdev_prop_set_uint32(gicdev, "num-irq", s->num_irq);
+
+/* Make the GIC's TZ support match the CPUs. We assume that
+ * either all the CPUs have TZ, or none do.
+ */
+cpuobj = OBJECT(qemu_get_cpu(0));
+has_el3 = object_property_find(cpuobj, "has_el3", &error_abort) &&
+object_property_get_bool(cpuobj, "has_el3", &error_abort);
+qdev_prop_set_bit(gicdev, "has-security-extensions", has_el3);
+
 object_property_set_bool(OBJECT(&s->gic), true, "realized", &err);
 if (err != NULL) {
 error_propagate(errp, err);
-- 
1.9.1

[Qemu-devel] [PATCH v2 1/6] qom: Add recursive version of object_child_for_each

2015-07-16 Thread Peter Maydell 
From: Peter Crosthwaite 

Useful for iterating through an entire QOM subtree.

Signed-off-by: Peter Crosthwaite 
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 include/qom/object.h | 15 +++
 qom/object.c | 25 ++---
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/include/qom/object.h b/include/qom/object.h
index 807978e..be7280c 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -1494,6 +1494,21 @@ int object_child_foreach(Object *obj, int (*fn)(Object 
*child, void *opaque),
  void *opaque);
 
 /**
+ * object_child_foreach_recursive:
+ * @obj: the object whose children will be navigated
+ * @fn: the iterator function to be called
+ * @opaque: an opaque value that will be passed to the iterator
+ *
+ * Call @fn passing each child of @obj and @opaque to it, until @fn returns
+ * non-zero. Calls recursively, all child nodes of @obj will also be passed
+ * all the way down to the leaf nodes of the tree. Depth first ordering.
+ *
+ * Returns: The last value returned by @fn, or 0 if there is no child.
+ */
+int object_child_foreach_recursive(Object *obj,
+   int (*fn)(Object *child, void *opaque),
+   void *opaque);
+/**
  * container_get:
  * @root: root of the #path, e.g., object_get_root()
  * @path: path to the container
diff --git a/qom/object.c b/qom/object.c
index eea8edf..b7b05d3 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -775,23 +775,42 @@ void object_class_foreach(void (*fn)(ObjectClass *klass, 
void *opaque),
 enumerating_types = false;
 }
 
-int object_child_foreach(Object *obj, int (*fn)(Object *child, void *opaque),
- void *opaque)
+static int do_object_child_foreach(Object *obj,
+   int (*fn)(Object *child, void *opaque),
+   void *opaque, bool recurse)
 {
 ObjectProperty *prop, *next;
 int ret = 0;
 
 QTAILQ_FOREACH_SAFE(prop, &obj->properties, node, next) {
 if (object_property_is_child(prop)) {
-ret = fn(prop->opaque, opaque);
+Object *child = prop->opaque;
+
+ret = fn(child, opaque);
 if (ret != 0) {
 break;
 }
+if (recurse) {
+do_object_child_foreach(child, fn, opaque, true);
+}
 }
 }
 return ret;
 }
 
+int object_child_foreach(Object *obj, int (*fn)(Object *child, void *opaque),
+ void *opaque)
+{
+return do_object_child_foreach(obj, fn, opaque, false);
+}
+
+int object_child_foreach_recursive(Object *obj,
+   int (*fn)(Object *child, void *opaque),
+   void *opaque)
+{
+return do_object_child_foreach(obj, fn, opaque, true);
+}
+
 static void object_class_get_list_tramp(ObjectClass *klass, void *opaque)
 {
 GSList **list = opaque;
-- 
1.9.1

[Qemu-devel] [PATCH v2 3/6] hw/intc/arm_gic_common: Configure IRQs as NS if doing direct NS kernel boot

2015-07-16 Thread Peter Maydell 
If we directly boot a kernel in NonSecure on a system where the GIC
supports the security extensions then we must cause the GIC to
configure its interrupts into group 1 (NonSecure) rather than the
usual group 0, and with their initial priority set to the highest
NonSecure priority rather than the usual highest Secure priority.
Otherwise the guest kernel will be unable to use any interrupts.

Implement this behaviour, controlled by a flag which we set if
appropriate when the ARM bootloader code calls our ARMLinuxBootIf
interface callback.

Signed-off-by: Peter Maydell 
---
 hw/intc/arm_gic_common.c | 51 +---
 include/hw/intc/arm_gic_common.h |  1 +
 2 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/hw/intc/arm_gic_common.c b/hw/intc/arm_gic_common.c
index a64d071..ae7c74e 100644
--- a/hw/intc/arm_gic_common.c
+++ b/hw/intc/arm_gic_common.c
@@ -19,6 +19,7 @@
  */
 
 #include "gic_internal.h"
+#include "hw/arm/linux-boot-if.h"
 
 static void gic_pre_save(void *opaque)
 {
@@ -124,12 +125,27 @@ static void arm_gic_common_reset(DeviceState *dev)
 {
 GICState *s = ARM_GIC_COMMON(dev);
 int i, j;
+int resetprio;
+
+/* If we're resetting a TZ-aware GIC as if secure firmware
+ * had set it up ready to start a kernel in non-secure,
+ * we need to set interrupt priorities to a "zero for the
+ * NS view" value. This is particularly critical for the
+ * priority_mask[] values, because if they are zero then NS
+ * code cannot ever rewrite the priority to anything else.
+ */
+if (s->security_extn && s->irq_reset_nonsecure) {
+resetprio = 0x80;
+} else {
+resetprio = 0;
+}
+
 memset(s->irq_state, 0, GIC_MAXIRQ * sizeof(gic_irq_state));
 for (i = 0 ; i < s->num_cpu; i++) {
 if (s->revision == REV_11MPCORE) {
 s->priority_mask[i] = 0xf0;
 } else {
-s->priority_mask[i] = 0;
+s->priority_mask[i] = resetprio;
 }
 s->current_pending[i] = 1023;
 s->running_irq[i] = 1023;
@@ -138,7 +154,7 @@ static void arm_gic_common_reset(DeviceState *dev)
 s->bpr[i] = GIC_MIN_BPR;
 s->abpr[i] = GIC_MIN_ABPR;
 for (j = 0; j < GIC_INTERNAL; j++) {
-s->priority1[j][i] = 0;
+s->priority1[j][i] = resetprio;
 }
 for (j = 0; j < GIC_NR_SGIS; j++) {
 s->sgi_pending[j][i] = 0;
@@ -150,7 +166,7 @@ static void arm_gic_common_reset(DeviceState *dev)
 }
 
 for (i = 0; i < ARRAY_SIZE(s->priority2); i++) {
-s->priority2[i] = 0;
+s->priority2[i] = resetprio;
 }
 
 for (i = 0; i < GIC_MAXIRQ; i++) {
@@ -161,9 +177,32 @@ static void arm_gic_common_reset(DeviceState *dev)
 s->irq_target[i] = 0;
 }
 }
+if (s->security_extn && s->irq_reset_nonsecure) {
+for (i = 0; i < GIC_MAXIRQ; i++) {
+GIC_SET_GROUP(i, ALL_CPU_MASK);
+}
+}
+
 s->ctlr = 0;
 }
 
+static void arm_gic_common_linux_init(ARMLinuxBootIf *obj,
+  bool secure_boot)
+{
+GICState *s = ARM_GIC_COMMON(obj);
+
+if (s->security_extn && !secure_boot) {
+/* We're directly booting a kernel into NonSecure. If this GIC
+ * implements the security extensions then we must configure it
+ * to have all the interrupts be NonSecure (this is a job that
+ * is done by the Secure boot firmware in real hardware, and in
+ * this mode QEMU is acting as a minimalist firmware-and-bootloader
+ * equivalent).
+ */
+s->irq_reset_nonsecure = true;
+}
+}
+
 static Property arm_gic_common_properties[] = {
 DEFINE_PROP_UINT32("num-cpu", GICState, num_cpu, 1),
 DEFINE_PROP_UINT32("num-irq", GICState, num_irq, 32),
@@ -180,11 +219,13 @@ static Property arm_gic_common_properties[] = {
 static void arm_gic_common_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
+ARMLinuxBootIfClass *albifc = ARM_LINUX_BOOT_IF_CLASS(klass);
 
 dc->reset = arm_gic_common_reset;
 dc->realize = arm_gic_common_realize;
 dc->props = arm_gic_common_properties;
 dc->vmsd = &vmstate_gic;
+albifc->arm_linux_init = arm_gic_common_linux_init;
 }
 
 static const TypeInfo arm_gic_common_type = {
@@ -194,6 +235,10 @@ static const TypeInfo arm_gic_common_type = {
 .class_size = sizeof(ARMGICCommonClass),
 .class_init = arm_gic_common_class_init,
 .abstract = true,
+.interfaces = (InterfaceInfo []) {
+{ TYPE_ARM_LINUX_BOOT_IF },
+{ },
+},
 };
 
 static void register_types(void)
diff --git a/include/hw/intc/arm_gic_common.h b/include/hw/intc/arm_gic_common.h
index 899db3d..cfc1cce 100644
--- a/include/hw/intc/arm_gic_common.h
+++ b/include/hw/intc/arm_gic_common.h
@@ -118,6 +118,7 @@ typedef struct GICState {
 uint32_t num_irq;
 uint32_t revision;
 bool security_extn;
+

[Qemu-devel] [PATCH v2 2/6] hw/arm: new interface for devices which need to behave differently for kernel boot

2015-07-16 Thread Peter Maydell 
For ARM we have a little minimalist bootloader in hw/arm/boot.c which
takes the place of firmware if we're directly booting a Linux kernel.
Unfortunately a few devices need special case handling in this situation
to do the initialization which on real hardware would be done by
firmware. (In particular if we're booting a kernel in NonSecure state
then we need to make a TZ-aware GIC put all its interrupts into Group 1,
or the guest will be unable to use them.)

Create a new QOM interface which can be implemented by devices which
need to do something different from their default reset behaviour.
The callback will be called after machine initialization and before
first reset.

Suggested-by: Peter Crosthwaite 
Signed-off-by: Peter Maydell 
---
 hw/arm/boot.c  | 34 +
 include/hw/arm/linux-boot-if.h | 43 ++
 2 files changed, 77 insertions(+)
 create mode 100644 include/hw/arm/linux-boot-if.h

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 5b969cd..4bac6dc 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -10,6 +10,7 @@
 #include "config.h"
 #include "hw/hw.h"
 #include "hw/arm/arm.h"
+#include "hw/arm/linux-boot-if.h"
 #include "sysemu/sysemu.h"
 #include "hw/boards.h"
 #include "hw/loader.h"
@@ -555,6 +556,20 @@ static void load_image_to_fw_cfg(FWCfgState *fw_cfg, 
uint16_t size_key,
 fw_cfg_add_bytes(fw_cfg, data_key, data, size);
 }
 
+static int do_arm_linux_init(Object *obj, void *opaque)
+{
+if (object_dynamic_cast(obj, TYPE_ARM_LINUX_BOOT_IF)) {
+ARMLinuxBootIf *albif = ARM_LINUX_BOOT_IF(obj);
+ARMLinuxBootIfClass *albifc = ARM_LINUX_BOOT_IF_GET_CLASS(obj);
+struct arm_boot_info *info = opaque;
+
+if (albifc->arm_linux_init) {
+albifc->arm_linux_init(albif, info->secure_boot);
+}
+}
+return 0;
+}
+
 static void arm_load_kernel_notify(Notifier *notifier, void *data)
 {
 CPUState *cs;
@@ -778,6 +793,12 @@ static void arm_load_kernel_notify(Notifier *notifier, 
void *data)
 if (info->nb_cpus > 1) {
 info->write_secondary_boot(cpu, info);
 }
+
+/* Notify devices which need to fake up firmware initialization
+ * that we'ro doing a direct kernel boot.
+ */
+object_child_foreach_recursive(object_get_root(),
+   do_arm_linux_init, info);
 }
 info->is_linux = is_linux;
 
@@ -803,3 +824,16 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info 
*info)
 qemu_register_reset(do_cpu_reset, ARM_CPU(cs));
 }
 }
+
+static const TypeInfo arm_linux_boot_if_info = {
+.name = TYPE_ARM_LINUX_BOOT_IF,
+.parent = TYPE_INTERFACE,
+.class_size = sizeof(ARMLinuxBootIfClass),
+};
+
+static void arm_linux_boot_register_types(void)
+{
+type_register_static(&arm_linux_boot_if_info);
+}
+
+type_init(arm_linux_boot_register_types)
diff --git a/include/hw/arm/linux-boot-if.h b/include/hw/arm/linux-boot-if.h
new file mode 100644
index 000..aba4479
--- /dev/null
+++ b/include/hw/arm/linux-boot-if.h
@@ -0,0 +1,43 @@
+/*
+ * hw/arm/linux-boot-if.h : interface for devices which need to behave
+ * specially for direct boot of an ARM Linux kernel
+ */
+
+#ifndef HW_ARM_LINUX_BOOT_IF_H
+#define HW_ARM_LINUX_BOOT_IF_H
+
+#include "qom/object.h"
+
+#define TYPE_ARM_LINUX_BOOT_IF "arm-linux-boot-if"
+#define ARM_LINUX_BOOT_IF_CLASS(klass) \
+OBJECT_CLASS_CHECK(ARMLinuxBootIfClass, (klass), TYPE_ARM_LINUX_BOOT_IF)
+#define ARM_LINUX_BOOT_IF_GET_CLASS(obj) \
+OBJECT_GET_CLASS(ARMLinuxBootIfClass, (obj), TYPE_ARM_LINUX_BOOT_IF)
+#define ARM_LINUX_BOOT_IF(obj) \
+INTERFACE_CHECK(ARMLinuxBootIf, (obj), TYPE_ARM_LINUX_BOOT_IF)
+
+typedef struct ARMLinuxBootIf {
+/*< private >*/
+Object parent_obj;
+} ARMLinuxBootIf;
+
+typedef struct ARMLinuxBootIfClass {
+/*< private >*/
+InterfaceClass parent_class;
+
+/*< public >*/
+/** arm_linux_init: configure the device for a direct boot
+ * of an ARM Linux kernel (so that device reset puts it into
+ * the state the kernel expects after firmware initialization,
+ * rather than the true hardware reset state). This callback is
+ * called once after machine construction is complete (before the
+ * first system reset).
+ *
+ * @obj: the object implementing this interface
+ * @secure_boot: true if we are booting Secure, false for NonSecure
+ * (or for a CPU which doesn't support TrustZone)
+ */
+void (*arm_linux_init)(ARMLinuxBootIf *obj, bool secure_boot);
+} ARMLinuxBootIfClass;
+
+#endif
-- 
1.9.1

[Qemu-devel] [PATCH v2 6/6] hw/arm/virt: Enable TZ extensions on the GIC if we are using them

2015-07-16 Thread Peter Maydell 
If we're creating a board with support for TrustZone, then enable
it on the GIC model as well as on the CPUs.

Signed-off-by: Peter Maydell 
---
 hw/arm/virt.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 2bcf565..fdfa91b 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -361,7 +361,7 @@ static void create_v2m(VirtBoardInfo *vbi, qemu_irq *pic)
 fdt_add_v2m_gic_node(vbi);
 }
 
-static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic)
+static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic, bool secure)
 {
 /* We create a standalone GIC v2 */
 DeviceState *gicdev;
@@ -380,6 +380,9 @@ static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic)
  * interrupts; there are always 32 of the former (mandated by GIC spec).
  */
 qdev_prop_set_uint32(gicdev, "num-irq", NUM_IRQS + 32);
+if (!kvm_irqchip_in_kernel()) {
+qdev_prop_set_bit(gicdev, "has-security-extensions", secure);
+}
 qdev_init_nofail(gicdev);
 gicbusdev = SYS_BUS_DEVICE(gicdev);
 sysbus_mmio_map(gicbusdev, 0, vbi->memmap[VIRT_GIC_DIST].base);
@@ -884,7 +887,7 @@ static void machvirt_init(MachineState *machine)
 
 create_flash(vbi);
 
-create_gic(vbi, pic);
+create_gic(vbi, pic, vms->secure);
 
 create_uart(vbi, pic);
 
-- 
1.9.1

[Qemu-devel] [PATCH v2 5/6] hw/arm/virt: Default to not providing TrustZone support

2015-07-16 Thread Peter Maydell 
Switch the default for the 'virt' board to not providing TrustZone
support in either the CPU or the GIC. This is primarily for the
benefit of UEFI, which currently assumes there is no TrustZone
support, and does not set the GIC up correctly if it is TZ-aware.
It also means the board is consistent about its behaviour whether
we're using KVM or TCG (KVM never has TrustZone support).

If TrustZone support is required (for instance for running test
suites or TZ-aware firmware) it can be enabled with the
"-machine secure=on" command line option.

Signed-off-by: Peter Maydell 
---
 hw/arm/virt.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 95b1a9a..2bcf565 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -946,8 +946,11 @@ static void virt_instance_init(Object *obj)
 {
 VirtMachineState *vms = VIRT_MACHINE(obj);
 
-/* EL3 is enabled by default on virt */
-vms->secure = true;
+/* EL3 is disabled by default on virt: this makes us consistent
+ * between KVM and TCG for this board, and it also allows us to
+ * boot UEFI blobs which assume no TrustZone support.
+ */
+vms->secure = false;
 object_property_add_bool(obj, "secure", virt_get_secure,
  virt_set_secure, NULL);
 object_property_set_description(obj, "secure",
-- 
1.9.1

[Qemu-devel] [PATCH v2 0/6] ARM: enable TZ in the GIC

2015-07-16 Thread Peter Maydell 
This patchset enables the TZ support in the GIC for the systems
where we enable TZ support in the CPU. In practice that means
just the "virt" and "vexpress" boards, since all the others
disable the CPU TZ support.

Andreas: I've cc'd you because of Peter C's patch to add
object_child_foreach_recursive(). None of the other patches
have anything particularly novel QOM-wise (since the GIC
property from v1 has gone away).

Changes since v1:
 * New patch which switches the default for the 'virt' board from
   "enable TZ" to "disable TZ". The UEFI blob can't handle TZ being
   fully enabled, so I had a choice of breaking it or breaking code
   which assumes TZ. As far as I know only the TZ test suite falls
   in the latter category. -machine secure=on will give you the
   old behaviour back.
 * rather than the property on the GIC, we take the approach Peter C
   suggested of defining an interface for devices to implement if
   they need to do firmware-equivalent setup. The API is a little
   different from Peter C's RFC patch, but the principle is the same.


The patches sit on top of the secure-timer patches I sent out earlier
today, which in turn sit on top of Edgar's hyp-timer patches. You
can find a git branch with everything at
https://git.linaro.org/people/peter.maydell/qemu-arm.git full-tz-enable


Peter Crosthwaite (1):
  qom: Add recursive version of object_child_for_each

Peter Maydell (5):
  hw/arm: new interface for devices which need to behave differently for
kernel boot
  hw/intc/arm_gic_common: Configure IRQs as NS if doing direct NS kernel
boot
  hw/cpu/{a15mpcore,a9mpcore}: enable TrustZone in GIC if it is enabled
in CPUs
  hw/arm/virt: Default to not providing TrustZone support
  hw/arm/virt: Enable TZ extensions on the GIC if we are using them

 hw/arm/boot.c| 34 +++
 hw/arm/virt.c| 14 +++
 hw/cpu/a15mpcore.c   | 13 ++
 hw/cpu/a9mpcore.c| 11 +
 hw/intc/arm_gic_common.c | 51 +---
 include/hw/arm/linux-boot-if.h   | 43 +
 include/hw/intc/arm_gic_common.h |  1 +
 include/qom/object.h | 15 
 qom/object.c | 25 +---
 9 files changed, 197 insertions(+), 10 deletions(-)
 create mode 100644 include/hw/arm/linux-boot-if.h

-- 
1.9.1

Re: [Qemu-devel] [Qemu-block] [PATCH] raw-posix.c: Make physical devices usable in QEMU

2015-07-16 Thread Programmingkid 

On Jul 16, 2015, at 3:43 PM, Stefan Hajnoczi wrote:

> On Thu, Jul 16, 2015 at 6:26 PM, Programmingkid
>  wrote:
>> 
>> On Jul 16, 2015, at 9:19 AM, Stefan Hajnoczi wrote:
>> 
>>> On Thu, Jul 09, 2015 at 10:02:26AM -0400, Programmingkid wrote:
 
 On Jul 9, 2015, at 6:52 AM, Stefan Hajnoczi wrote:
 
> On Tue, Jul 07, 2015 at 01:33:23PM -0400, Programmingkid wrote:
>> Make physical devices like a USB flash drive or a CDROM drive work in 
>> QEMU. With
>> this patch I can use a USB flash drive like a hard drive. Before this 
>> patch,
>> QEMU would just quit with a message like "resource busy".
> 
> The commit message and the description are missing "on Mac OS X".  It
> should be clear right away that this applies to Mac only.  This works
> fine on Linux and probably other host OSes.
 
 Yeah, that should have been done. Did you see any issues with the code?
>>> 
>>> QEMU shouldn't silently open a different file than the one given by the
>>> user.  The user should give the exact device file they want.  If there
>>> is magic behavior it needs to be documented, but I don't see a reason
>>> why that's necessary in the case of device files.
>> 
>> I think you are reviewing an older patch. The newest one doesn't do that.
> 
> I don't see a more recent patch on the mailing list.  What is the
> Message-Id of your latest patch email?

Since I will be uploading a new patch shortly, it doesn't matter anymore.

Re: [Qemu-devel] [Qemu-block] [PATCH] raw-posix.c: Make physical devices usable in QEMU

2015-07-16 Thread Stefan Hajnoczi 
On Thu, Jul 16, 2015 at 6:26 PM, Programmingkid
 wrote:
>
> On Jul 16, 2015, at 9:19 AM, Stefan Hajnoczi wrote:
>
>> On Thu, Jul 09, 2015 at 10:02:26AM -0400, Programmingkid wrote:
>>>
>>> On Jul 9, 2015, at 6:52 AM, Stefan Hajnoczi wrote:
>>>
 On Tue, Jul 07, 2015 at 01:33:23PM -0400, Programmingkid wrote:
> Make physical devices like a USB flash drive or a CDROM drive work in 
> QEMU. With
> this patch I can use a USB flash drive like a hard drive. Before this 
> patch,
> QEMU would just quit with a message like "resource busy".

 The commit message and the description are missing "on Mac OS X".  It
 should be clear right away that this applies to Mac only.  This works
 fine on Linux and probably other host OSes.
>>>
>>> Yeah, that should have been done. Did you see any issues with the code?
>>
>> QEMU shouldn't silently open a different file than the one given by the
>> user.  The user should give the exact device file they want.  If there
>> is magic behavior it needs to be documented, but I don't see a reason
>> why that's necessary in the case of device files.
>
> I think you are reviewing an older patch. The newest one doesn't do that.

I don't see a more recent patch on the mailing list.  What is the
Message-Id of your latest patch email?

Re: [Qemu-devel] [PULL v2 0/8] KVM, memory API, crypto, Coverity fixes for 2.4.0-rc1

2015-07-16 Thread Peter Maydell 
On 16 July 2015 at 19:02, Paolo Bonzini  wrote:
> The following changes since commit 2d5ee9e7a7dd495d233cf9613a865f63f88e3375:
>
>   Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150716' into 
> staging (2015-07-16 10:40:23 +0100)
>
> are available in the git repository at:
>
>   git://github.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to d3462e378f40ba6838b6c42584c30769ca633e6f:
>
>   crypto: avoid undefined behavior in nettle calls (2015-07-16 20:00:21 +0200)
>
> 
> * MIPS-KVM fixes.
> * Coverity fixes.
> * Nettle function prototype fixes.
> * Memory API refcount fix.
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] RFC: guest-side retrieval of fw_cfg file

2015-07-16 Thread Eric Blake 
On 07/15/2015 06:43 PM, Gabriel L. Somlo wrote:

> 
> OK, so I replaced my port i/o with mmio equivalents:
> 
> -#define FW_CFG_PORT_CTL  0x510
> +#define FW_CFG_PORT_CTL  (void *)0x09020008
> 
> -#define FW_CFG_PORT_DATA 0x511
> +#define FW_CFG_PORT_DATA (void *)0x0902

Under-parenthesized; you'll want:

#define FW_CFG_PORT_DATA ((void *)0x0902)

to be useful in all possible locations where an identifier can appear in
an expression.

> 
> -   outw(select, FW_CFG_PORT_CTL);
> +   writew(select, FW_CFG_PORT_CTL);
> 
> -   inb(FW_CFG_PORT_DATA);
> +   readb(FW_CFG_PORT_DATA);
> 
> -   insb(FW_CFG_PORT_DATA, buf, count);
> +   readsb(FW_CFG_PORT_DATA, buf, count);

But as it doesn't affect your usage here...

> 
> I'm probably missing something that'll turn out to be really obvious
> in retrospect... :)

I probably didn't spot the really obvious problem.

So much for my drive-by noise :)

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL 00/11] RCU, KVM, memory API, crypto, Coverity fixes for 2.4.0-rc1

2015-07-16 Thread Peter Maydell 
On 16 July 2015 at 18:44, Peter Maydell  wrote:
> On 16 July 2015 at 17:55, Paolo Bonzini  wrote:
>> The following changes since commit 6169b60285fe1ff730d840a49527e721bfb30899:
>>
>>   Update version for v2.4.0-rc0 release (2015-07-09 17:56:56 +0100)
>>
>> are available in the git repository at:
>>
>>   git://github.com/bonzini/qemu.git tags/for-upstream
>>
>> for you to fetch changes up to 4a8775ab71d2186fc1cd585ea80c000409965cde:
>>
>>   crypto: avoid undefined behavior in nettle calls (2015-07-16 18:54:21 
>> +0200)
>>
>> 
>> * rcu_register_thread fixes.
>> * MIPS-KVM fixes.
>> * Coverity fixes.
>> * Nettle function prototype fixes.
>> * Memory API refcount fix.
>>
>
> I get a pile of assertions on OSX running rcutorture:

This version of the pull also failed rcutorture on x86-64
linux host, though not with assertions -- looks like it
just exited nonzero.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 0/3] AioContext: ctx->dispatching is dead, all hail ctx->notify_me

2015-07-16 Thread Richard W.M. Jones 

Sorry to spoil things, but I'm still seeing this bug, although it is
now a lot less frequent with your patch.  I would estimate it happens
more often than 1 in 5 runs with qemu.git, and probably 1 in 200 runs
with qemu.git + the v2 patch series.

It's the exact same hang in both cases.

Is it possible that this patch doesn't completely close any race?

Still, it is an improvement, so there is that.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org

[Qemu-devel] [PATCH 1/1] virtio-mmio: return the max queue num of virtio-mmio with initial value

2015-07-16 Thread Wei Huang 
Recently we found that virtio-console devices consumes lots AArch64 guest
memory, roughly 1GB with 8 devices. After debugging, it turns out that lots
of factors contribute to this problem: i) guest PAGE_SIZE=64KB, ii)
virtio-mmio based devices, and iii) virtio-console device. Here is the
detailed analysis:

1. First, during initialization, virtio-mmio driver in guest pokes vq
   size by reading VIRTIO_MMIO_QUEUE_NUM_MAX (see virtio_mmio.c file).
2. QEMU returns VIRTQUEUE_MAX_SIZE (1024) to guest VM; And virtio-mmio uses
   it as the default vq size.
3. virtio-console driver allocates vring buffers based on this value (see
   add_inbuf() function of virtio_console.c file). Because PAGE_SIZE=64KB,
   ~64MB is allocated for each virtio-console vq.

This patch addresses the problem by returning the iniatlized vring size
when VM queries QEMU about VIRTIO_MMIO_QUEUE_NUM_MAX. This is similar to
virtio-pci's approach. By doing this, the vq memory consumption is reduced
substantially.

Signed-off-by: Wei Huang 
---
 hw/virtio/virtio-mmio.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c
index 10123f3..27840fe 100644
--- a/hw/virtio/virtio-mmio.c
+++ b/hw/virtio/virtio-mmio.c
@@ -93,6 +93,7 @@ static uint64_t virtio_mmio_read(void *opaque, hwaddr offset, 
unsigned size)
 {
 VirtIOMMIOProxy *proxy = (VirtIOMMIOProxy *)opaque;
 VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+uint64_t queue_num;
 
 DPRINTF("virtio_mmio_read offset 0x%x\n", (int)offset);
 
@@ -149,10 +150,8 @@ static uint64_t virtio_mmio_read(void *opaque, hwaddr 
offset, unsigned size)
 }
 return proxy->host_features;
 case VIRTIO_MMIO_QUEUENUMMAX:
-if (!virtio_queue_get_num(vdev, vdev->queue_sel)) {
-return 0;
-}
-return VIRTQUEUE_MAX_SIZE;
+queue_num = virtio_queue_get_num(vdev, vdev->queue_sel);
+return queue_num;
 case VIRTIO_MMIO_QUEUEPFN:
 return virtio_queue_get_addr(vdev, vdev->queue_sel)
 >> proxy->guest_page_shift;
-- 
1.8.3.1

[Qemu-devel] [PULL 7/8] crypto: fix build with nettle >= 3.0.0

2015-07-16 Thread Paolo Bonzini 
From: Radim Krčmář 

In nettle 3, cbc_encrypt() accepts 'nettle_cipher_func' instead of
'nettle_crypt_func' and these two differ in 'const' qualifier of the
first argument.  The build fails with:

  In file included from crypto/cipher.c:71:0:
  ./crypto/cipher-nettle.c: In function ‘qcrypto_cipher_encrypt’:
  ./crypto/cipher-nettle.c:154:38: error: passing argument 2 of
  ‘nettle_cbc_encrypt’ from incompatible pointer type
   cbc_encrypt(ctx->ctx_encrypt, ctx->alg_encrypt,
   ^
  In file included from ./crypto/cipher-nettle.c:24:0,
   from crypto/cipher.c:71:
  /usr/include/nettle/cbc.h:48:1: note: expected
  ‘void (*)(const void *, size_t, uint8_t *, const uint8_t *)
  but argument is of type
  ‘void (*)(  void *, size_t, uint8_t *, const uint8_t *)

To allow both versions, we switch to the new definition and #if typedef
it for old versions.

Signed-off-by: Radim Krčmář 
Message-Id: <1436548682-9315-2-git-send-email-rkrc...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 configure  |  4 +++-
 crypto/cipher-nettle.c | 16 ++--
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/configure b/configure
index 33b9455..cc0338d 100755
--- a/configure
+++ b/configure
@@ -2183,6 +2183,7 @@ if test "$gnutls_nettle" != "no"; then
 if $pkg_config --exists "nettle"; then
 nettle_cflags=`$pkg_config --cflags nettle`
 nettle_libs=`$pkg_config --libs nettle`
+nettle_version=`$pkg_config --modversion nettle`
 libs_softmmu="$nettle_libs $libs_softmmu"
 libs_tools="$nettle_libs $libs_tools"
 QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
@@ -4490,7 +4491,7 @@ echo "GTK support   $gtk"
 echo "GNUTLS support$gnutls"
 echo "GNUTLS hash   $gnutls_hash"
 echo "GNUTLS gcrypt $gnutls_gcrypt"
-echo "GNUTLS nettle $gnutls_nettle"
+echo "GNUTLS nettle $gnutls_nettle ${gnutls_nettle+($nettle_version)}"
 echo "VTE support   $vte"
 echo "curses support$curses"
 echo "curl support  $curl"
@@ -4858,6 +4859,7 @@ if test "$gnutls_gcrypt" = "yes" ; then
 fi
 if test "$gnutls_nettle" = "yes" ; then
   echo "CONFIG_GNUTLS_NETTLE=y" >> $config_host_mak
+  echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak
 fi
 if test "$vte" = "yes" ; then
   echo "CONFIG_VTE=y" >> $config_host_mak
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index e5a14bc..e61aaa2 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -23,12 +23,16 @@
 #include 
 #include 
 
+#if CONFIG_NETTLE_VERSION_MAJOR < 3
+typedef nettle_crypt_func nettle_cipher_func;
+#endif
+
 typedef struct QCryptoCipherNettle QCryptoCipherNettle;
 struct QCryptoCipherNettle {
 void *ctx_encrypt;
 void *ctx_decrypt;
-nettle_crypt_func *alg_encrypt;
-nettle_crypt_func *alg_decrypt;
+nettle_cipher_func *alg_encrypt;
+nettle_cipher_func *alg_decrypt;
 uint8_t *iv;
 size_t niv;
 };
@@ -83,8 +87,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
 des_set_key(ctx->ctx_encrypt, rfbkey);
 g_free(rfbkey);
 
-ctx->alg_encrypt = (nettle_crypt_func *)des_encrypt;
-ctx->alg_decrypt = (nettle_crypt_func *)des_decrypt;
+ctx->alg_encrypt = (nettle_cipher_func *)des_encrypt;
+ctx->alg_decrypt = (nettle_cipher_func *)des_decrypt;
 
 ctx->niv = DES_BLOCK_SIZE;
 break;
@@ -98,8 +102,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
 aes_set_encrypt_key(ctx->ctx_encrypt, nkey, key);
 aes_set_decrypt_key(ctx->ctx_decrypt, nkey, key);
 
-ctx->alg_encrypt = (nettle_crypt_func *)aes_encrypt;
-ctx->alg_decrypt = (nettle_crypt_func *)aes_decrypt;
+ctx->alg_encrypt = (nettle_cipher_func *)aes_encrypt;
+ctx->alg_decrypt = (nettle_cipher_func *)aes_decrypt;
 
 ctx->niv = AES_BLOCK_SIZE;
 break;
-- 
2.4.3

[Qemu-devel] [PULL 4/8] arm/xlnx-zynqmp: fix memory leak

2015-07-16 Thread Paolo Bonzini 
From: Gonglei 

fix CID 1311372.

Signed-off-by: Gonglei 
Message-Id: <1436489490-236-4-git-send-email-arei.gong...@huawei.com>
Signed-off-by: Paolo Bonzini 
---
 hw/arm/xlnx-zynqmp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index 5e72078..62ef4ce 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -144,6 +144,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
**errp)
 } else {
 s->boot_cpu_ptr = &s->apu_cpu[i];
 }
+g_free(name);
 
 object_property_set_int(OBJECT(&s->apu_cpu[i]), GIC_BASE_ADDR,
 "reset-cbar", &err);
@@ -181,6 +182,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
**errp)
 } else {
 s->boot_cpu_ptr = &s->rpu_cpu[i];
 }
+g_free(name);
 
 object_property_set_bool(OBJECT(&s->rpu_cpu[i]), true, "reset-hivecs",
  &err);
-- 
2.4.3

[Qemu-devel] [PULL 6/8] memory: fix refcount leak in memory_region_present

2015-07-16 Thread Paolo Bonzini 
memory_region_present() leaks a reference to a MemoryRegion in the
case "mr == container".  While fixing it, avoid reference counting
altogether for memory_region_present(), by using RCU only.

The return value could in principle be already invalid immediately
after memory_region_present returns, but presumably the caller knows
that and it's using memory_region_present to probe for devices that
are unpluggable, or something like that.  The RCU critical section
is needed anyway, because it protects as->current_map.

Reported-by: Peter Maydell 
Signed-off-by: Paolo Bonzini 
---
 memory.c | 44 
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/memory.c b/memory.c
index 5a0cc66..0acebb1 100644
--- a/memory.c
+++ b/memory.c
@@ -1887,23 +1887,16 @@ static FlatRange *flatview_lookup(FlatView *view, 
AddrRange addr)
sizeof(FlatRange), cmp_flatrange_addr);
 }
 
-bool memory_region_present(MemoryRegion *container, hwaddr addr)
-{
-MemoryRegion *mr = memory_region_find(container, addr, 1).mr;
-if (!mr || (mr == container)) {
-return false;
-}
-memory_region_unref(mr);
-return true;
-}
-
 bool memory_region_is_mapped(MemoryRegion *mr)
 {
 return mr->container ? true : false;
 }
 
-MemoryRegionSection memory_region_find(MemoryRegion *mr,
-   hwaddr addr, uint64_t size)
+/* Same as memory_region_find, but it does not add a reference to the
+ * returned region.  It must be called from an RCU critical section.
+ */
+static MemoryRegionSection memory_region_find_rcu(MemoryRegion *mr,
+  hwaddr addr, uint64_t size)
 {
 MemoryRegionSection ret = { .mr = NULL };
 MemoryRegion *root;
@@ -1924,11 +1917,10 @@ MemoryRegionSection memory_region_find(MemoryRegion *mr,
 }
 range = addrrange_make(int128_make64(addr), int128_make64(size));
 
-rcu_read_lock();
 view = atomic_rcu_read(&as->current_map);
 fr = flatview_lookup(view, range);
 if (!fr) {
-goto out;
+return ret;
 }
 
 while (fr > view->ranges && addrrange_intersects(fr[-1].addr, range)) {
@@ -1944,12 +1936,32 @@ MemoryRegionSection memory_region_find(MemoryRegion *mr,
 ret.size = range.size;
 ret.offset_within_address_space = int128_get64(range.start);
 ret.readonly = fr->readonly;
-memory_region_ref(ret.mr);
-out:
+return ret;
+}
+
+MemoryRegionSection memory_region_find(MemoryRegion *mr,
+   hwaddr addr, uint64_t size)
+{
+MemoryRegionSection ret;
+rcu_read_lock();
+ret = memory_region_find_rcu(mr, addr, size);
+if (ret.mr) {
+memory_region_ref(ret.mr);
+}
 rcu_read_unlock();
 return ret;
 }
 
+bool memory_region_present(MemoryRegion *container, hwaddr addr)
+{
+MemoryRegion *mr;
+
+rcu_read_lock();
+mr = memory_region_find_rcu(container, addr, 1).mr;
+rcu_read_unlock();
+return mr && mr != container;
+}
+
 void address_space_sync_dirty_bitmap(AddressSpace *as)
 {
 FlatView *view;
-- 
2.4.3

[Qemu-devel] [PULL 3/8] ppc/spapr_drc: fix memory leak

2015-07-16 Thread Paolo Bonzini 
From: Gonglei 

fix CID 1311373.

Signed-off-by: Gonglei 
Message-Id: <1436489490-236-3-git-send-email-arei.gong...@huawei.com>
Signed-off-by: Paolo Bonzini 
---
 hw/ppc/spapr_drc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index ef98538..ee87432 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -422,6 +422,7 @@ static void realize(DeviceState *d, Error **errp)
 error_free(err);
 object_unref(OBJECT(drc));
 }
+g_free(child_name);
 DPRINTFN("drc realize complete");
 }
 
-- 
2.4.3

[Qemu-devel] [PULL 2/8] mips/kvm: Sign extend registers written to KVM

2015-07-16 Thread Paolo Bonzini 
From: James Hogan 

In case we're running on a 64-bit host, be sure to sign extend the
general purpose registers and hi/lo/pc before writing them to KVM, so as
to take advantage of MIPS32/MIPS64 compatibility.

Signed-off-by: James Hogan 
Cc: Paolo Bonzini 
Cc: Leon Alrae 
Cc: Aurelien Jarno 
Cc: k...@vger.kernel.org
Cc: qemu-sta...@nongnu.org
Message-Id: <1429871214-23514-3-git-send-email-james.ho...@imgtec.com>
Signed-off-by: Paolo Bonzini 
---
 target-mips/kvm.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target-mips/kvm.c b/target-mips/kvm.c
index 85256f3..d287d42 100644
--- a/target-mips/kvm.c
+++ b/target-mips/kvm.c
@@ -628,12 +628,12 @@ int kvm_arch_put_registers(CPUState *cs, int level)
 
 /* Set the registers based on QEMU's view of things */
 for (i = 0; i < 32; i++) {
-regs.gpr[i] = env->active_tc.gpr[i];
+regs.gpr[i] = (int64_t)(target_long)env->active_tc.gpr[i];
 }
 
-regs.hi = env->active_tc.HI[0];
-regs.lo = env->active_tc.LO[0];
-regs.pc = env->active_tc.PC;
+regs.hi = (int64_t)(target_long)env->active_tc.HI[0];
+regs.lo = (int64_t)(target_long)env->active_tc.LO[0];
+regs.pc = (int64_t)(target_long)env->active_tc.PC;
 
 ret = kvm_vcpu_ioctl(cs, KVM_SET_REGS, ®s);
 
-- 
2.4.3

[Qemu-devel] [PULL 8/8] crypto: avoid undefined behavior in nettle calls

2015-07-16 Thread Paolo Bonzini 
From: Radim Krčmář 

Calling a function pointer that was cast from an incompatible function
results in undefined behavior.  'void *' isn't compatible with 'struct
XXX *', so we can't cast to nettle_cipher_func, but have to provide a
wrapper.  (Conversion from 'void *' to 'struct XXX *' might require
computation, which won't be done if we drop argument's true type, and
pointers can have different sizes so passing arguments on stack would
bug.)

Having two different prototypes based on nettle version doesn't make
this solution any nicer.

Reported-by: Peter Maydell 
Signed-off-by: Radim Krčmář 
Message-Id: <1437062641-12684-3-git-send-email-rkrc...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 crypto/cipher-nettle.c | 43 +++
 1 file changed, 39 insertions(+), 4 deletions(-)

diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index e61aaa2..a55a8e8 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -25,8 +25,43 @@
 
 #if CONFIG_NETTLE_VERSION_MAJOR < 3
 typedef nettle_crypt_func nettle_cipher_func;
+
+typedef void *   cipher_ctx_t;
+typedef unsigned cipher_length_t;
+#else
+typedef const void * cipher_ctx_t;
+typedef size_t   cipher_length_t;
 #endif
 
+static nettle_cipher_func aes_encrypt_wrapper;
+static nettle_cipher_func aes_decrypt_wrapper;
+static nettle_cipher_func des_encrypt_wrapper;
+static nettle_cipher_func des_decrypt_wrapper;
+
+static void aes_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+uint8_t *dst, const uint8_t *src)
+{
+aes_encrypt(ctx, length, dst, src);
+}
+
+static void aes_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+uint8_t *dst, const uint8_t *src)
+{
+aes_encrypt(ctx, length, dst, src);
+}
+
+static void des_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+uint8_t *dst, const uint8_t *src)
+{
+des_encrypt(ctx, length, dst, src);
+}
+
+static void des_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+uint8_t *dst, const uint8_t *src)
+{
+des_decrypt(ctx, length, dst, src);
+}
+
 typedef struct QCryptoCipherNettle QCryptoCipherNettle;
 struct QCryptoCipherNettle {
 void *ctx_encrypt;
@@ -87,8 +122,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
 des_set_key(ctx->ctx_encrypt, rfbkey);
 g_free(rfbkey);
 
-ctx->alg_encrypt = (nettle_cipher_func *)des_encrypt;
-ctx->alg_decrypt = (nettle_cipher_func *)des_decrypt;
+ctx->alg_encrypt = des_encrypt_wrapper;
+ctx->alg_decrypt = des_decrypt_wrapper;
 
 ctx->niv = DES_BLOCK_SIZE;
 break;
@@ -102,8 +137,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm 
alg,
 aes_set_encrypt_key(ctx->ctx_encrypt, nkey, key);
 aes_set_decrypt_key(ctx->ctx_decrypt, nkey, key);
 
-ctx->alg_encrypt = (nettle_cipher_func *)aes_encrypt;
-ctx->alg_decrypt = (nettle_cipher_func *)aes_decrypt;
+ctx->alg_encrypt = aes_encrypt_wrapper;
+ctx->alg_decrypt = aes_decrypt_wrapper;
 
 ctx->niv = AES_BLOCK_SIZE;
 break;
-- 
2.4.3

[Qemu-devel] [PULL 5/8] RDMA: Fix error exits

2015-07-16 Thread Paolo Bonzini 
From: "Dr. David Alan Gilbert" 

The error checks I added used 'break' after the error, but I'm
in a switch inside the while loop, so they need to be 'goto out'.

Spotted by coverity; entries 1311368 and 1311369

Fixes: afcddefd

Signed-off-by: Dr. David Alan Gilbert 
Message-Id: <1436555332-19076-1-git-send-email-dgilb...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 migration/rdma.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/migration/rdma.c b/migration/rdma.c
index f106b2a..74876fd 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -2997,7 +2997,7 @@ static int qemu_rdma_registration_handle(QEMUFile *f, 
void *opaque)
  (unsigned int)comp->block_idx,
  rdma->local_ram_blocks.nb_blocks);
 ret = -EIO;
-break;
+goto out;
 }
 block = &(rdma->local_ram_blocks.block[comp->block_idx]);
 
@@ -3092,7 +3092,7 @@ static int qemu_rdma_registration_handle(QEMUFile *f, 
void *opaque)
  (unsigned int)reg->current_index,
  rdma->local_ram_blocks.nb_blocks);
 ret = -ENOENT;
-break;
+goto out;
 }
 block = &(rdma->local_ram_blocks.block[reg->current_index]);
 if (block->is_ram_block) {
@@ -3102,7 +3102,7 @@ static int qemu_rdma_registration_handle(QEMUFile *f, 
void *opaque)
 block->block_name, block->offset,
 reg->key.current_addr);
 ret = -ERANGE;
-break;
+goto out;
 }
 host_addr = (block->local_host_addr +
 (reg->key.current_addr - block->offset));
@@ -3118,7 +3118,7 @@ static int qemu_rdma_registration_handle(QEMUFile *f, 
void *opaque)
 " chunk: %" PRIx64,
 block->block_name, reg->key.chunk);
 ret = -ERANGE;
-break;
+goto out;
 }
 }
 chunk_start = ram_chunk_start(block, chunk);
-- 
2.4.3

[Qemu-devel] [PULL v2 0/8] KVM, memory API, crypto, Coverity fixes for 2.4.0-rc1

2015-07-16 Thread Paolo Bonzini 
The following changes since commit 2d5ee9e7a7dd495d233cf9613a865f63f88e3375:

  Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150716' into staging 
(2015-07-16 10:40:23 +0100)

are available in the git repository at:

  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to d3462e378f40ba6838b6c42584c30769ca633e6f:

  crypto: avoid undefined behavior in nettle calls (2015-07-16 20:00:21 +0200)


* MIPS-KVM fixes.
* Coverity fixes.
* Nettle function prototype fixes.
* Memory API refcount fix.


Dr. David Alan Gilbert (1):
  RDMA: Fix error exits

Gonglei (2):
  ppc/spapr_drc: fix memory leak
  arm/xlnx-zynqmp: fix memory leak

James Hogan (2):
  mips/kvm: Fix Big endian 32-bit register access
  mips/kvm: Sign extend registers written to KVM

Paolo Bonzini (1):
  memory: fix refcount leak in memory_region_present

Radim Krčmář (2):
  crypto: fix build with nettle >= 3.0.0
  crypto: avoid undefined behavior in nettle calls

 configure  |  4 +++-
 crypto/cipher-nettle.c | 51 --
 hw/arm/xlnx-zynqmp.c   |  2 ++
 hw/ppc/spapr_drc.c |  1 +
 memory.c   | 44 +++
 migration/rdma.c   |  8 
 target-mips/kvm.c  | 21 +++--
 7 files changed, 90 insertions(+), 41 deletions(-)
-- 
2.4.3

[Qemu-devel] [PULL 1/8] mips/kvm: Fix Big endian 32-bit register access

2015-07-16 Thread Paolo Bonzini 
From: James Hogan 

Fix access to 32-bit registers on big endian targets. The pointer passed
to the kernel must be for the actual 32-bit value, not a temporary
64-bit value, otherwise on big endian systems the kernel will only
interpret the upper half.

Signed-off-by: James Hogan 
Cc: Paolo Bonzini 
Cc: Leon Alrae 
Cc: Aurelien Jarno 
Cc: k...@vger.kernel.org
Cc: qemu-sta...@nongnu.org
Message-Id: <1429871214-23514-2-git-send-email-james.ho...@imgtec.com>
Signed-off-by: Paolo Bonzini 
---
 target-mips/kvm.c | 13 +++--
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/target-mips/kvm.c b/target-mips/kvm.c
index bd64a70..85256f3 100644
--- a/target-mips/kvm.c
+++ b/target-mips/kvm.c
@@ -235,10 +235,9 @@ int kvm_mips_set_ipi_interrupt(MIPSCPU *cpu, int irq, int 
level)
 static inline int kvm_mips_put_one_reg(CPUState *cs, uint64_t reg_id,
int32_t *addr)
 {
-uint64_t val64 = *addr;
 struct kvm_one_reg cp0reg = {
 .id = reg_id,
-.addr = (uintptr_t)&val64
+.addr = (uintptr_t)addr
 };
 
 return kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &cp0reg);
@@ -270,18 +269,12 @@ static inline int kvm_mips_put_one_reg64(CPUState *cs, 
uint64_t reg_id,
 static inline int kvm_mips_get_one_reg(CPUState *cs, uint64_t reg_id,
int32_t *addr)
 {
-int ret;
-uint64_t val64 = 0;
 struct kvm_one_reg cp0reg = {
 .id = reg_id,
-.addr = (uintptr_t)&val64
+.addr = (uintptr_t)addr
 };
 
-ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &cp0reg);
-if (ret >= 0) {
-*addr = val64;
-}
-return ret;
+return kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &cp0reg);
 }
 
 static inline int kvm_mips_get_one_ulreg(CPUState *cs, uint64 reg_id,
-- 
2.4.3

Re: [Qemu-devel] [PATCH 3/3] PAM: make PAM emulation closer to documentation

2015-07-16 Thread Paolo Bonzini 


On 16/07/2015 16:41, Ефимов Василий wrote:
> The main problem is rendering memory tree to FlatView.

I don't believe it's necessary to render a memory tree to the FlatView.
 You can use existing AddressSpaces.

>> +/* Read from RAM and write to PCI */
>> +memory_region_init_io(&pam->region[1], OBJECT(dev), &pam_ops, pam,
>> +"pam-r-ram-w-pci", size); 
>>
>> This can be done with memory_region_set_readonly on the RAM region.  You
>> need to set mr->ops in order to point to pam_ops; for a first proof of
>> concept you can just set the field directly.
> The idea is to read directly from system RAM region and to write
> to PCI using I/O (because I do not see another way to emulate
> access type driven redirection with existent API). If we create RAM
> and make it read only then new useless RAM block will be created.

Don't create RAM; modify the existing one.

> It is useless because of ram_addr of new region will be set to
> one within system RAM block. Hence, cleaner way is to create I/O region.

You can use the existing RAM region and modify its properties (i.e.
toggle mr->readonly) after setting special mr->ops.  The special mr->ops
will be used for writes when mr->readonly = true.

>> Writes to the PCI memory space can use the PCI address space, with
>> address_space_st*.
> There is no PCI AddressSpace (only MemoryRegion). But
> address_space_st* requires AddressSpace as argument.

Then create one with address_space_init.

However, can the guest see the difference between "real" mode 1 and the
"fake" mode 1 that QEMU implements?  Perhaps mode 1 can be left as is.

>> +/* Read from PCI and write to RAM */
>> +memory_region_init_io(&pam->region[2], OBJECT(dev), &pam_ops, pam,
>> +"pam-r-pci-w-ram", size);
>>
>> Here you cannot run code from ROM, so it can be a pure MMIO region.
>> Reads can use address_space_ld*, while writes can use
>> memory_region_get_ram_ptr.
> 
> Even in this mode it is possible for code to be executed from ROM. This
> can happen when particular PCI address is within ROM device connected
> to PCI bus.

If it's just for pc.rom and isa-bios, introduce a new function
pam_create_pci_region that creates pc.rom with
memory_region_init_rom_device.  The mr->ops can write to RAM (mode 2) or
discard the write (mode 0).

They you can make pc.rom 256K instead of 128K, and instead of an alias,
you can manually copy the last 128K of the BIOS into the last 128K of
pc.rom.

Some adjustment will be necessary in order to support migration (perhaps
creating two 128K regions pc.rom and pc.rom.mirror), but for a proof of
concept the above should be enough.

Paolo

Re: [Qemu-devel] [PULL 00/11] RCU, KVM, memory API, crypto, Coverity fixes for 2.4.0-rc1

2015-07-16 Thread Peter Maydell 
On 16 July 2015 at 17:55, Paolo Bonzini  wrote:
> The following changes since commit 6169b60285fe1ff730d840a49527e721bfb30899:
>
>   Update version for v2.4.0-rc0 release (2015-07-09 17:56:56 +0100)
>
> are available in the git repository at:
>
>   git://github.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to 4a8775ab71d2186fc1cd585ea80c000409965cde:
>
>   crypto: avoid undefined behavior in nettle calls (2015-07-16 18:54:21 +0200)
>
> 
> * rcu_register_thread fixes.
> * MIPS-KVM fixes.
> * Coverity fixes.
> * Nettle function prototype fixes.
> * Memory API refcount fix.
>

I get a pile of assertions on OSX running rcutorture:

GTESTER tests/rcutorture
Assertion failed: (rcu_reader.depth == 0), function
rcu_unregister_thread, file /Users/pm215/srcAssertion failed:
(rcu_reader.de/qemu/util/rcu.c, line 304.
pth == 0), function rcu_unregister_thread, file
/Users/pm215/src/qemu/util/rcu.c, line 304.
Assertion failed: (rcu_reader.depth == 0), function
rcu_unregister_thread, file /Users/pm215/src/qemu/util/rcu.c, line
304.
Assertion failed: (rcu_reader.depth == 0), function
rcu_unregister_thread, file /Users/pm215/src/qemu/util/rcu.c, line
304.
Assertion failed: (rcu_reader.depth == 0), function
rcu_unregister_thread, file /Users/pm215/src/qemu/util/rcu.c, line
304.
Assertion failed: (rcu_reader.depth == 0), function
rcu_unregister_thread, file /Users/pm215/srcAssertion failed:
(rcu_reader.de/qemu/util/rcu.c, line 304.
pth == 0), function rcu_unregister_thread, file
/Users/pm215/src/qemu/util/rcu.c, line 304.
GTester: last random seed: R02S9b5149dbb406809df60686a3e8223c26
Assertion failed: (rcu_reader.depth == 0), function
rcu_unregister_thread, file /Users/pm215/src/qemu/util/rcu.c, line
304.
Assertion failed: (rcu_reader.depth == 0), function
rcu_unregister_thread, file /Users/pm215/src/qemu/util/rcu.c, line
304.
Assertion failed: (rcu_reader.depth == 0), function
rcu_unregister_thread, file /Users/pm215/src/qemu/util/rcu.c, line
304.
Assertion failed: (rcu_reader.deAssertion failed: (rcu_reader.depth ==
0), function rcu_unregistpth == 0), function rcu_unregister_thread,
file /Users/pm215/srcer_thread, file /Users/pm215/src/qemu/util/rcu.c,
line 304.
/qemu/util/rcu.c, line 304.
GTester: last random seed: R02Sb915fd85eca48d367fd186bdfd39d8c7
make: *** [check-tests/rcutorture] Error 1

-- PMM

Re: [Qemu-devel] [PULL for-2.4 0/4] input: fixes for 2.4

2015-07-16 Thread Peter Maydell 
On 16 July 2015 at 16:38, Gerd Hoffmann  wrote:
>   Hi,
>
> A few input fixes for 2.4.  Also enable virtio-input builds on
> non-linux hosts after fixing up the ioctl include.
>
> please pull,
>   Gerd
>
> The following changes since commit f3a1b5068cea303a55e2a21a97e66d057eaae638:
>
>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
> (2015-07-13 13:35:51 +0100)
>
> are available in the git repository at:
>
>
>   git://git.kraxel.org/qemu tags/pull-input-20150714-1
>
> for you to fetch changes up to 8121c09e8a52fd47254479d8f5ccbbc20e7bb718:
>
>   hid: clarify hid_keyboard_process_keycode (2015-07-14 13:48:45 +0200)
>
> 
> input: fixes for 2.4
>
> 

I'm afraid this doesn't build for Windows:

In file included from
/home/petmay01/linaro/qemu-for-merges/hw/input/virtio-input.c:13:
/home/petmay01/linaro/qemu-for-merges/include/standard-headers/linux/input.h:890:1:
error: "SW_MAX" redefined
In file included from
/usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/include/windows.h:55,
 from
/home/petmay01/linaro/qemu-for-merges/include/sysemu/os-win32.h:29,
 from
/home/petmay01/linaro/qemu-for-merges/include/qemu-common.h:48,
 from
/home/petmay01/linaro/qemu-for-merges/include/qemu/iov.h:17,
 from
/home/petmay01/linaro/qemu-for-merges/hw/input/virtio-input.c:7:
/usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/include/winuser.h:729:1:
error: this is the location of the previous definition


thanks
-- PMM

Re: [Qemu-devel] [PULL for-2.4 0/1] qxl: allow to specify head limit to qxl driver

2015-07-16 Thread Peter Maydell 
On 16 July 2015 at 16:34, Gerd Hoffmann  wrote:
>   Hi,
>
> A single spice patch, adding a new parameter to specify the number
> of heads for qxl (assuming spice-server version is new enough).
>
> please pull,
>   Gerd
>
> The following changes since commit 2d5ee9e7a7dd495d233cf9613a865f63f88e3375:
>
>   Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150716' into 
> staging (2015-07-16 10:40:23 +0100)
>
> are available in the git repository at:
>
>
>   git://anongit.freedesktop.org/spice/qemu tags/pull-spice-20150716-1
>
> for you to fetch changes up to 567161fdd47aeb6987e700702f6bbfef04ae0236:
>
>   qxl: allow to specify head limit to qxl driver (2015-07-16 17:31:05 +0200)
>
> 
> qxl: allow to specify head limit to qxl driver
>
> 

Applied, thanks.

-- PMM

Re: [Qemu-devel] [Qemu-block] [PATCH] raw-posix.c: Make physical devices usable in QEMU

2015-07-16 Thread Programmingkid 

On Jul 16, 2015, at 9:19 AM, Stefan Hajnoczi wrote:

> On Thu, Jul 09, 2015 at 10:02:26AM -0400, Programmingkid wrote:
>> 
>> On Jul 9, 2015, at 6:52 AM, Stefan Hajnoczi wrote:
>> 
>>> On Tue, Jul 07, 2015 at 01:33:23PM -0400, Programmingkid wrote:
 Make physical devices like a USB flash drive or a CDROM drive work in 
 QEMU. With
 this patch I can use a USB flash drive like a hard drive. Before this 
 patch, 
 QEMU would just quit with a message like "resource busy".
>>> 
>>> The commit message and the description are missing "on Mac OS X".  It
>>> should be clear right away that this applies to Mac only.  This works
>>> fine on Linux and probably other host OSes.
>> 
>> Yeah, that should have been done. Did you see any issues with the code?
> 
> QEMU shouldn't silently open a different file than the one given by the
> user.  The user should give the exact device file they want.  If there
> is magic behavior it needs to be documented, but I don't see a reason
> why that's necessary in the case of device files.

I think you are reviewing an older patch. The newest one doesn't do that. 

> 
> QEMU shouldn't mount/unmount the CD-ROM.  atexit(3) doesn't handle
> crashes or abort().  Users may be confused to find their CD-ROM
> unmounted in those cases and would see this as a bug.  Instead we should
> refuse mounted CD-ROMs so the user understands that block-level access
> requires them to unmount first.

That can be done. It just wouldn't be as user friendly as having QEMU do it for
the user :(

> 
> The strcpy/sprintf usage in this patch is unsafe and can lead to buffer
> overflow, for example in the case of generating command-lines.  The
> command-line buffer is only MAXPATHLEN so prepending the command to the
> filename could exceed the buffer size.
> 
> There is also a buffer overflow in the array of devices that need to be
> mounted.  What happens if there are more than 7 devices?

Ok. Will correct this issue.

Re: [Qemu-devel] [PATCH 2/5] virtio-blk: disable scsi passthrough for 1.0 device

2015-07-16 Thread Paolo Bonzini 


On 16/07/2015 14:47, Michael S. Tsirkin wrote:
> I think for 2.4 it's a good idea to avoid enabling modern interface
> by default. Therefore, for 2.4 we can keep scsi enabled unless modern
> is requested by user.

I agree.

> I am also fine with just doing
> 
>   if (modern && scsi)
>   exit;

exit is evil.

Paolo

[Qemu-devel] [PULL 10/11] crypto: fix build with nettle >= 3.0.0

2015-07-16 Thread Paolo Bonzini 
From: Radim Krčmář 

In nettle 3, cbc_encrypt() accepts 'nettle_cipher_func' instead of
'nettle_crypt_func' and these two differ in 'const' qualifier of the
first argument.  The build fails with:

  In file included from crypto/cipher.c:71:0:
  ./crypto/cipher-nettle.c: In function ‘qcrypto_cipher_encrypt’:
  ./crypto/cipher-nettle.c:154:38: error: passing argument 2 of
  ‘nettle_cbc_encrypt’ from incompatible pointer type
   cbc_encrypt(ctx->ctx_encrypt, ctx->alg_encrypt,
   ^
  In file included from ./crypto/cipher-nettle.c:24:0,
   from crypto/cipher.c:71:
  /usr/include/nettle/cbc.h:48:1: note: expected
  ‘void (*)(const void *, size_t, uint8_t *, const uint8_t *)
  but argument is of type
  ‘void (*)(  void *, size_t, uint8_t *, const uint8_t *)

To allow both versions, we switch to the new definition and #if typedef
it for old versions.

Signed-off-by: Radim Krčmář 
Message-Id: <1436548682-9315-2-git-send-email-rkrc...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 configure  |  4 +++-
 crypto/cipher-nettle.c | 16 ++--
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/configure b/configure
index 33b9455..cc0338d 100755
--- a/configure
+++ b/configure
@@ -2183,6 +2183,7 @@ if test "$gnutls_nettle" != "no"; then
 if $pkg_config --exists "nettle"; then
 nettle_cflags=`$pkg_config --cflags nettle`
 nettle_libs=`$pkg_config --libs nettle`
+nettle_version=`$pkg_config --modversion nettle`
 libs_softmmu="$nettle_libs $libs_softmmu"
 libs_tools="$nettle_libs $libs_tools"
 QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
@@ -4490,7 +4491,7 @@ echo "GTK support   $gtk"
 echo "GNUTLS support$gnutls"
 echo "GNUTLS hash   $gnutls_hash"
 echo "GNUTLS gcrypt $gnutls_gcrypt"
-echo "GNUTLS nettle $gnutls_nettle"
+echo "GNUTLS nettle $gnutls_nettle ${gnutls_nettle+($nettle_version)}"
 echo "VTE support   $vte"
 echo "curses support$curses"
 echo "curl support  $curl"
@@ -4858,6 +4859,7 @@ if test "$gnutls_gcrypt" = "yes" ; then
 fi
 if test "$gnutls_nettle" = "yes" ; then
   echo "CONFIG_GNUTLS_NETTLE=y" >> $config_host_mak
+  echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak
 fi
 if test "$vte" = "yes" ; then
   echo "CONFIG_VTE=y" >> $config_host_mak
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index e5a14bc..e61aaa2 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -23,12 +23,16 @@
 #include 
 #include 
 
+#if CONFIG_NETTLE_VERSION_MAJOR < 3
+typedef nettle_crypt_func nettle_cipher_func;
+#endif
+
 typedef struct QCryptoCipherNettle QCryptoCipherNettle;
 struct QCryptoCipherNettle {
 void *ctx_encrypt;
 void *ctx_decrypt;
-nettle_crypt_func *alg_encrypt;
-nettle_crypt_func *alg_decrypt;
+nettle_cipher_func *alg_encrypt;
+nettle_cipher_func *alg_decrypt;
 uint8_t *iv;
 size_t niv;
 };
@@ -83,8 +87,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
 des_set_key(ctx->ctx_encrypt, rfbkey);
 g_free(rfbkey);
 
-ctx->alg_encrypt = (nettle_crypt_func *)des_encrypt;
-ctx->alg_decrypt = (nettle_crypt_func *)des_decrypt;
+ctx->alg_encrypt = (nettle_cipher_func *)des_encrypt;
+ctx->alg_decrypt = (nettle_cipher_func *)des_decrypt;
 
 ctx->niv = DES_BLOCK_SIZE;
 break;
@@ -98,8 +102,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
 aes_set_encrypt_key(ctx->ctx_encrypt, nkey, key);
 aes_set_decrypt_key(ctx->ctx_decrypt, nkey, key);
 
-ctx->alg_encrypt = (nettle_crypt_func *)aes_encrypt;
-ctx->alg_decrypt = (nettle_crypt_func *)aes_decrypt;
+ctx->alg_encrypt = (nettle_cipher_func *)aes_encrypt;
+ctx->alg_decrypt = (nettle_cipher_func *)aes_decrypt;
 
 ctx->niv = AES_BLOCK_SIZE;
 break;
-- 
2.4.3

[Qemu-devel] [PULL 07/11] rcu: actually register threads that have RCU read-side critical sections

2015-07-16 Thread Paolo Bonzini 
Otherwise, grace periods are detected too early!

Signed-off-by: Paolo Bonzini 
---
 cpus.c| 6 ++
 iothread.c| 3 +++
 migration/migration.c | 3 +++
 tests/test-rcu-list.c | 2 ++
 util/rcu.c| 2 ++
 5 files changed, 16 insertions(+)

diff --git a/cpus.c b/cpus.c
index b00a423..a822ce3 100644
--- a/cpus.c
+++ b/cpus.c
@@ -954,6 +954,8 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
 CPUState *cpu = arg;
 int r;
 
+rcu_register_thread();
+
 qemu_mutex_lock_iothread();
 qemu_thread_get_self(cpu->thread);
 cpu->thread_id = qemu_get_thread_id();
@@ -995,6 +997,8 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
 sigset_t waitset;
 int r;
 
+rcu_register_thread();
+
 qemu_mutex_lock_iothread();
 qemu_thread_get_self(cpu->thread);
 cpu->thread_id = qemu_get_thread_id();
@@ -1034,6 +1038,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 {
 CPUState *cpu = arg;
 
+rcu_register_thread();
+
 qemu_mutex_lock_iothread();
 qemu_tcg_init_cpu_signals();
 qemu_thread_get_self(cpu->thread);
diff --git a/iothread.c b/iothread.c
index 6d2a33f..443d176 100644
--- a/iothread.c
+++ b/iothread.c
@@ -18,6 +18,7 @@
 #include "sysemu/iothread.h"
 #include "qmp-commands.h"
 #include "qemu/error-report.h"
+#include "qemu/rcu.h"
 
 typedef ObjectClass IOThreadClass;
 
@@ -31,6 +32,8 @@ static void *iothread_run(void *opaque)
 IOThread *iothread = opaque;
 bool blocking;
 
+rcu_register_thread();
+
 qemu_mutex_lock(&iothread->init_done_lock);
 iothread->thread_id = qemu_get_thread_id();
 qemu_cond_signal(&iothread->init_done_cond);
diff --git a/migration/migration.c b/migration/migration.c
index 45719a0..7f1e05a 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -22,6 +22,7 @@
 #include "block/block.h"
 #include "qapi/qmp/qerror.h"
 #include "qemu/sockets.h"
+#include "qemu/rcu.h"
 #include "migration/block.h"
 #include "qemu/thread.h"
 #include "qmp-commands.h"
@@ -911,6 +912,8 @@ static void *migration_thread(void *opaque)
 int64_t start_time = initial_time;
 bool old_vm_running = false;
 
+rcu_register_thread();
+
 qemu_savevm_state_header(s->file);
 qemu_savevm_state_begin(s->file, &s->params);
 
diff --git a/tests/test-rcu-list.c b/tests/test-rcu-list.c
index 4c5f62e..af98bdb 100644
--- a/tests/test-rcu-list.c
+++ b/tests/test-rcu-list.c
@@ -108,6 +108,8 @@ static void *rcu_q_reader(void *arg)
 long long n_reads_local = 0;
 struct list_element *el;
 
+rcu_register_thread();
+
 *(struct rcu_reader_data **)arg = &rcu_reader;
 atomic_inc(&nthreadsrunning);
 while (goflag == GOFLAG_INIT) {
diff --git a/util/rcu.c b/util/rcu.c
index 8830295..e21bb46 100644
--- a/util/rcu.c
+++ b/util/rcu.c
@@ -216,6 +216,8 @@ static void *call_rcu_thread(void *opaque)
 {
 struct rcu_head *node;
 
+rcu_register_thread();
+
 for (;;) {
 int tries = 0;
 int n = atomic_read(&rcu_call_count);
-- 
2.4.3

[Qemu-devel] [PULL 09/11] memory: fix refcount leak in memory_region_present

2015-07-16 Thread Paolo Bonzini 
memory_region_present() leaks a reference to a MemoryRegion in the
case "mr == container".  While fixing it, avoid reference counting
altogether for memory_region_present(), by using RCU only.

The return value could in principle be already invalid immediately
after memory_region_present returns, but presumably the caller knows
that and it's using memory_region_present to probe for devices that
are unpluggable, or something like that.  The RCU critical section
is needed anyway, because it protects as->current_map.

Reported-by: Peter Maydell 
Signed-off-by: Paolo Bonzini 
---
 memory.c | 44 
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/memory.c b/memory.c
index 5a0cc66..0acebb1 100644
--- a/memory.c
+++ b/memory.c
@@ -1887,23 +1887,16 @@ static FlatRange *flatview_lookup(FlatView *view, 
AddrRange addr)
sizeof(FlatRange), cmp_flatrange_addr);
 }
 
-bool memory_region_present(MemoryRegion *container, hwaddr addr)
-{
-MemoryRegion *mr = memory_region_find(container, addr, 1).mr;
-if (!mr || (mr == container)) {
-return false;
-}
-memory_region_unref(mr);
-return true;
-}
-
 bool memory_region_is_mapped(MemoryRegion *mr)
 {
 return mr->container ? true : false;
 }
 
-MemoryRegionSection memory_region_find(MemoryRegion *mr,
-   hwaddr addr, uint64_t size)
+/* Same as memory_region_find, but it does not add a reference to the
+ * returned region.  It must be called from an RCU critical section.
+ */
+static MemoryRegionSection memory_region_find_rcu(MemoryRegion *mr,
+  hwaddr addr, uint64_t size)
 {
 MemoryRegionSection ret = { .mr = NULL };
 MemoryRegion *root;
@@ -1924,11 +1917,10 @@ MemoryRegionSection memory_region_find(MemoryRegion *mr,
 }
 range = addrrange_make(int128_make64(addr), int128_make64(size));
 
-rcu_read_lock();
 view = atomic_rcu_read(&as->current_map);
 fr = flatview_lookup(view, range);
 if (!fr) {
-goto out;
+return ret;
 }
 
 while (fr > view->ranges && addrrange_intersects(fr[-1].addr, range)) {
@@ -1944,12 +1936,32 @@ MemoryRegionSection memory_region_find(MemoryRegion *mr,
 ret.size = range.size;
 ret.offset_within_address_space = int128_get64(range.start);
 ret.readonly = fr->readonly;
-memory_region_ref(ret.mr);
-out:
+return ret;
+}
+
+MemoryRegionSection memory_region_find(MemoryRegion *mr,
+   hwaddr addr, uint64_t size)
+{
+MemoryRegionSection ret;
+rcu_read_lock();
+ret = memory_region_find_rcu(mr, addr, size);
+if (ret.mr) {
+memory_region_ref(ret.mr);
+}
 rcu_read_unlock();
 return ret;
 }
 
+bool memory_region_present(MemoryRegion *container, hwaddr addr)
+{
+MemoryRegion *mr;
+
+rcu_read_lock();
+mr = memory_region_find_rcu(container, addr, 1).mr;
+rcu_read_unlock();
+return mr && mr != container;
+}
+
 void address_space_sync_dirty_bitmap(AddressSpace *as)
 {
 FlatView *view;
-- 
2.4.3

  1   2   3   >