Re: [Qemu-devel] [PATCH v2 3/6] libqos: use generic qtest_shutdown()

[Greg Kurz]

On Tue, 27 Sep 2016 20:55:56 +0200
Laurent Vivier  wrote:

> Machine specific shutdown function can be registered by
> the machine specific qtest_XXX_boot() if needed.
> 
> So we will not have to test twice the architecture (on boot and on
> shutdown) if the test can be run on several architectures.
> 
> Signed-off-by: Laurent Vivier 
> ---

Minor remarks below, but anyway:

Reviewed-by: Greg Kurz 

Cheers.

--
Greg

>  tests/libqos/libqos-pc.c|  3 ++-
>  tests/libqos/libqos-spapr.c |  5 +++--
>  tests/libqos/libqos.c   | 11 ++-
>  tests/libqos/libqos.h   |  8 ++--
>  tests/rtas-test.c   |  2 +-
>  5 files changed, 22 insertions(+), 7 deletions(-)
> 
> diff --git a/tests/libqos/libqos-pc.c b/tests/libqos/libqos-pc.c
> index aa17c98..219824d 100644
> --- a/tests/libqos/libqos-pc.c
> +++ b/tests/libqos/libqos-pc.c
> @@ -8,6 +8,7 @@ static QOSOps qos_ops = {
>  .uninit_allocator = pc_alloc_uninit,
>  .qpci_init = qpci_init_pc,
>  .qpci_free = qpci_free_pc,
> +.shutdown = qtest_pc_shutdown

Trailing comma ?

>  };
>  
>  QOSState *qtest_pc_vboot(const char *cmdline_fmt, va_list ap)
> @@ -31,5 +32,5 @@ QOSState *qtest_pc_boot(const char *cmdline_fmt, ...)
>  
>  void qtest_pc_shutdown(QOSState *qs)
>  {
> -return qtest_shutdown(qs);
> +return qtest_common_shutdown(qs);
>  }
> diff --git a/tests/libqos/libqos-spapr.c b/tests/libqos/libqos-spapr.c
> index 125c6b3..8f7fc14 100644
> --- a/tests/libqos/libqos-spapr.c
> +++ b/tests/libqos/libqos-spapr.c
> @@ -7,7 +7,8 @@ static QOSOps qos_ops = {
>  .init_allocator = spapr_alloc_init_flags,
>  .uninit_allocator = spapr_alloc_uninit,
>  .qpci_init = qpci_init_spapr,
> -.qpci_free = qpci_free_spapr
> +.qpci_free = qpci_free_spapr,
> +.shutdown = qtest_spapr_shutdown

Ditto.

>  };
>  
>  QOSState *qtest_spapr_vboot(const char *cmdline_fmt, va_list ap)
> @@ -29,5 +30,5 @@ QOSState *qtest_spapr_boot(const char *cmdline_fmt, ...)
>  
>  void qtest_spapr_shutdown(QOSState *qs)
>  {
> -return qtest_shutdown(qs);
> +return qtest_common_shutdown(qs);
>  }
> diff --git a/tests/libqos/libqos.c b/tests/libqos/libqos.c
> index d842bf5..7abb482 100644
> --- a/tests/libqos/libqos.c
> +++ b/tests/libqos/libqos.c
> @@ -52,7 +52,7 @@ QOSState *qtest_boot(QOSOps *ops, const char *cmdline_fmt, 
> ...)
>  /**
>   * Tear down the QEMU instance.
>   */
> -void qtest_shutdown(QOSState *qs)
> +void qtest_common_shutdown(QOSState *qs)
>  {
>  if (qs->ops) {
>  if (qs->pcibus && qs->ops->qpci_free) {
> @@ -68,6 +68,15 @@ void qtest_shutdown(QOSState *qs)
>  g_free(qs);
>  }
>  
> +void qtest_shutdown(QOSState *qs)
> +{
> +if (qs->ops && qs->ops->shutdown) {
> +qs->ops->shutdown(qs);
> +} else {
> +qtest_common_shutdown(qs);
> +}
> +}
> +
>  void set_context(QOSState *s)
>  {
>  global_qtest = s->qts;
> diff --git a/tests/libqos/libqos.h b/tests/libqos/libqos.h
> index a9f6990..2319697 100644
> --- a/tests/libqos/libqos.h
> +++ b/tests/libqos/libqos.h
> @@ -5,22 +5,26 @@
>  #include "libqos/pci.h"
>  #include "libqos/malloc-pc.h"
>  
> +typedef struct QOSState QOSState;
> +
>  typedef struct QOSOps {
>  QGuestAllocator *(*init_allocator)(QAllocOpts);
>  void (*uninit_allocator)(QGuestAllocator *);
>  QPCIBus *(*qpci_init)(QGuestAllocator *alloc);
>  void (*qpci_free)(QPCIBus *bus);
> +void (*shutdown)(QOSState *);
>  } QOSOps;
>  
> -typedef struct QOSState {
> +struct QOSState {
>  QTestState *qts;
>  QGuestAllocator *alloc;
>  QPCIBus *pcibus;
>  QOSOps *ops;
> -} QOSState;
> +};
>  
>  QOSState *qtest_vboot(QOSOps *ops, const char *cmdline_fmt, va_list ap);
>  QOSState *qtest_boot(QOSOps *ops, const char *cmdline_fmt, ...);
> +void qtest_common_shutdown(QOSState *qs);
>  void qtest_shutdown(QOSState *qs);
>  bool have_qemu_img(void);
>  void mkimg(const char *file, const char *fmt, unsigned size_mb);
> diff --git a/tests/rtas-test.c b/tests/rtas-test.c
> index 73c7803..ba0867a 100644
> --- a/tests/rtas-test.c
> +++ b/tests/rtas-test.c
> @@ -22,7 +22,7 @@ static void test_rtas_get_time_of_day(void)
>  t2 = mktimegm(&tm);
>  g_assert(t2 - t1 < 5); /* 5 sec max to run the test */
>  
> -qtest_spapr_shutdown(qs);
> +qtest_shutdown(qs);
>  }
>  
>  int main(int argc, char *argv[])

Re: [Qemu-devel] [PATCH v2 2/6] libqos: add PCI management in qtest_vboot()/qtest_shutdown()

[Greg Kurz]

On Tue, 27 Sep 2016 20:55:55 +0200
Laurent Vivier  wrote:

> Signed-off-by: Laurent Vivier 
> ---

Just a minor remark below, but anyway:

Reviewed-by: Greg Kurz 

Cheers.

--
Greg

>  tests/e1000e-test.c |  2 +-
>  tests/i440fx-test.c |  2 +-
>  tests/ide-test.c|  2 +-
>  tests/ivshmem-test.c|  2 +-
>  tests/libqos/ahci.c |  2 +-
>  tests/libqos/libqos-pc.c|  5 -
>  tests/libqos/libqos-spapr.c |  5 -
>  tests/libqos/libqos.c   | 21 -
>  tests/libqos/libqos.h   |  3 +++
>  tests/libqos/pci-pc.c   |  2 +-
>  tests/libqos/pci-pc.h   |  3 ++-
>  tests/q35-test.c|  2 +-
>  tests/rtl8139-test.c|  2 +-
>  tests/tco-test.c|  2 +-
>  tests/usb-hcd-ehci-test.c   |  2 +-
>  tests/usb-hcd-uhci-test.c   |  2 +-
>  tests/vhost-user-test.c |  4 ++--
>  tests/virtio-9p-test.c  |  2 +-
>  tests/virtio-blk-test.c |  2 +-
>  tests/virtio-net-test.c |  2 +-
>  tests/virtio-scsi-test.c|  2 +-
>  21 files changed, 46 insertions(+), 25 deletions(-)
> 
> diff --git a/tests/e1000e-test.c b/tests/e1000e-test.c
> index d497b08..3979b20 100644
> --- a/tests/e1000e-test.c
> +++ b/tests/e1000e-test.c
> @@ -390,7 +390,7 @@ static void data_test_init(e1000e_device *d)
>  qtest_start(cmdline);
>  g_free(cmdline);
>  
> -test_bus = qpci_init_pc();
> +test_bus = qpci_init_pc(NULL);
>  g_assert_nonnull(test_bus);
>  
>  test_alloc = pc_alloc_init();
> diff --git a/tests/i440fx-test.c b/tests/i440fx-test.c
> index 3542ad1..da2d5a5 100644
> --- a/tests/i440fx-test.c
> +++ b/tests/i440fx-test.c
> @@ -38,7 +38,7 @@ static QPCIBus *test_start_get_bus(const TestData *s)
>  cmdline = g_strdup_printf("-smp %d", s->num_cpus);
>  qtest_start(cmdline);
>  g_free(cmdline);
> -return qpci_init_pc();
> +return qpci_init_pc(NULL);
>  }
>  
>  static void test_i440fx_defaults(gconstpointer opaque)
> diff --git a/tests/ide-test.c b/tests/ide-test.c
> index 1e51af2..a8a4081 100644
> --- a/tests/ide-test.c
> +++ b/tests/ide-test.c
> @@ -143,7 +143,7 @@ static QPCIDevice *get_pci_device(uint16_t *bmdma_base)
>  uint16_t vendor_id, device_id;
>  
>  if (!pcibus) {
> -pcibus = qpci_init_pc();
> +pcibus = qpci_init_pc(NULL);
>  }
>  
>  /* Find PCI device and verify it's the right one */
> diff --git a/tests/ivshmem-test.c b/tests/ivshmem-test.c
> index 0957ee7..f36bfe7 100644
> --- a/tests/ivshmem-test.c
> +++ b/tests/ivshmem-test.c
> @@ -105,7 +105,7 @@ static void setup_vm_cmd(IVState *s, const char *cmd, 
> bool msix)
>  uint64_t barsize;
>  
>  s->qtest = qtest_start(cmd);
> -s->pcibus = qpci_init_pc();
> +s->pcibus = qpci_init_pc(NULL);
>  s->dev = get_device(s->pcibus);
>  
>  s->reg_base = qpci_iomap(s->dev, 0, &barsize);
> diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
> index f3be550..716ab79 100644
> --- a/tests/libqos/ahci.c
> +++ b/tests/libqos/ahci.c
> @@ -128,7 +128,7 @@ QPCIDevice *get_ahci_device(uint32_t *fingerprint)
>  uint32_t ahci_fingerprint;
>  QPCIBus *pcibus;
>  
> -pcibus = qpci_init_pc();
> +pcibus = qpci_init_pc(NULL);
>  
>  /* Find the AHCI PCI device and verify it's the right one. */
>  ahci = qpci_device_find(pcibus, QPCI_DEVFN(0x1F, 0x02));
> diff --git a/tests/libqos/libqos-pc.c b/tests/libqos/libqos-pc.c
> index df34092..aa17c98 100644
> --- a/tests/libqos/libqos-pc.c
> +++ b/tests/libqos/libqos-pc.c
> @@ -1,10 +1,13 @@
>  #include "qemu/osdep.h"
>  #include "libqos/libqos-pc.h"
>  #include "libqos/malloc-pc.h"
> +#include "libqos/pci-pc.h"
>  
>  static QOSOps qos_ops = {
>  .init_allocator = pc_alloc_init_flags,
> -.uninit_allocator = pc_alloc_uninit
> +.uninit_allocator = pc_alloc_uninit,
> +.qpci_init = qpci_init_pc,
> +.qpci_free = qpci_free_pc,
>  };
>  
>  QOSState *qtest_pc_vboot(const char *cmdline_fmt, va_list ap)
> diff --git a/tests/libqos/libqos-spapr.c b/tests/libqos/libqos-spapr.c
> index f19408b..125c6b3 100644
> --- a/tests/libqos/libqos-spapr.c
> +++ b/tests/libqos/libqos-spapr.c
> @@ -1,10 +1,13 @@
>  #include "qemu/osdep.h"
>  #include "libqos/libqos-spapr.h"
>  #include "libqos/malloc-spapr.h"
> +#include "libqos/pci-spapr.h"
>  
>  static QOSOps qos_ops = {
>  .init_allocator = spapr_alloc_init_flags,
> -.uninit_allocator = spapr_alloc_uninit
> +.uninit_allocator = spapr_alloc_uninit,
> +.qpci_init = qpci_init_spapr,
> +.qpci_free = qpci_free_spapr

Maybe add a trailing comma like in libqos-pc.c ?

>  };
>  
>  QOSState *qtest_spapr_vboot(const char *cmdline_fmt, va_list ap)
> diff --git a/tests/libqos/libqos.c b/tests/libqos/libqos.c
> index a852dc5..d842bf5 100644
> --- a/tests/libqos/libqos.c
> +++ b/tests/libqos/libqos.c
> @@ -20,8 +20,13 @@ QOSState *qtest_vboot(QOSOps *ops, const char 
> *cmdline_fmt, va_list ap)
>  cmdline = g_strdup_vprintf(cmdline_fmt, ap);
>  qs->qts = qtest_sta

Re: [Qemu-devel] [PATCH] 9pfs: fix information leak in xattr read

[Li Qiang]

Hi Greg,

What about this patch?

It seems you have forget it.

2016-09-27 12:44 GMT+08:00 Li Qiang :

> From: Li Qiang 
>
> 9pfs uses g_malloc() to allocate the xattr memory space, if the guest
> reads this memory before writing to it, this will leak host heap
> memory to the guest. This patch avoid this.
>
> Signed-off-by: Li Qiang 
> ---
>  hw/9pfs/9p.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> index b1ff8e7..4db1bd8 100644
> --- a/hw/9pfs/9p.c
> +++ b/hw/9pfs/9p.c
> @@ -3291,7 +3291,7 @@ static void v9fs_xattrcreate(void *opaque)
>  xattr_fidp->fs.xattr.flags = flags;
>  v9fs_string_init(&xattr_fidp->fs.xattr.name);
>  v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
> -xattr_fidp->fs.xattr.value = g_malloc(size);
> +xattr_fidp->fs.xattr.value = g_malloc0(size);
>  err = offset;
>  put_fid(pdu, file_fidp);
>  out_nofid:
> --
> 1.8.3.1
>
>

Re: [Qemu-devel] [PATCH] tests: Test IPv6 and ppc64 in the PXE tester

[Thomas Huth]

On 28.09.2016 03:59, David Gibson wrote:
> On Tue, Sep 27, 2016 at 09:17:19AM +0200, Thomas Huth wrote:
>> On 27.09.2016 06:17, David Gibson wrote:
>>> On Mon, Sep 26, 2016 at 10:17:46PM +0200, Thomas Huth wrote:
[...]
 diff --git a/tests/pxe-test.c b/tests/pxe-test.c
 index b2cc355..0bdb7a1 100644
 --- a/tests/pxe-test.c
 +++ b/tests/pxe-test.c
 @@ -21,14 +21,14 @@
  
  static const char *disk = "tests/pxe-test-disk.raw";
  
 -static void test_pxe_one(const char *params)
 +static void test_pxe_one(const char *params, bool ipv6)
>>>
>>> Is it wise to keep the "PXE" name.  OF style netbooting isn't really
>>> PXE in the sense of the Intel PXE spec, although it overlaps in the
>>> underlying protocols used.
>>
>> Strictly speaking, you're right. But the overlap from the networking
>> protocol point of view is 95%, I'd guess, basically you can say that:
>>
>>  PXE = TFTP + DHCP + some few DHCP extensions
> 
> (aside on subtle English usage at [0] if you're interested)
[...]
> [0] A native speaker would probably say "a few" DHCP extensions here.
> "some few", oddly enough, reads as very slight sarcasm implying that
> there are actually quite a lot of extensions, or at least more than
> you'd expect.

Oh, good to know, that's the things that you miss as a non-native
speaker ... so I actually really meant "a few" here (though some of the
extensions are IMHO rather strange).

 Thomas




signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 1587970] Re: QEMU Crashes when attaching USB 3.00 devices to xhci bus

[Yongjian Xu]

I also had this problem. You can try to configure the VM with core=1 and
thread=1. See if the "intr->er_full" assertion still exist.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1587970

Title:
  QEMU Crashes when attaching USB 3.00 devices to xhci bus

Status in QEMU:
  New

Bug description:
  Using qemu 2.6 with a windows7 32-bit VM, if I plug a USB 3.0 memory stick in 
to a USB 3.0 port, then pass it through to the VM via the monitor (device_add 
usb-host,bus=xhci.0,hostbus=xx,hostaddr=xx,id=stick1) then qemu asserts and 
dies - I have seen 2 different asserts one is from the xchi module - Assertion 
`intr->er_full, and one is in core.c (line 400 I IIRCC) with "Assertion 
dev->state == 3 failed"
  Tried to work around by only passing in an ehci controller to the VM, but 
then if I attach a usb 3.0 memory stick to that it doesn't work in windows.
  I have made sure the xhci drivers in the windows VM are up to date, latest 
version of SeaBios etc, but at the moment, I have had to disable xhci in my 
system bios and just use ehci for everything.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1587970/+subscriptions

Re: [Qemu-devel] [PATCH] 9pfs: make unmarshal V9fsString more robust

[Greg Kurz]

On Wed, 28 Sep 2016 10:14:00 +0800
李强  wrote:

> On 2016-09-28 0:40 GMT+08:00 Greg Kurz  wrote:
> 
> >
> > Talking about robustness was appropriate for your previous patches, but
> > it does not really apply here since v9fs_iov_vunmarshal() does not have
> > any issue with empty strings actually.
> >
> > I've changed the title to:
> >
> > 9pfs: allocate space for guest originated empty strings
> >
> > And while here, I've updated the changelog to provide a more detailed
> > justification:
> >
> > ...
> 
> Thanks very much to point out the mistakes, I will do more next time.
> 
> BTW, need I resend this patch formally?
> 

No, that's ok.

> Thanks.

Re: [Qemu-devel] [PATCH v6 RFC] block/vxhs: Initial commit to add Veritas HyperScale VxHS block device support

[ashish mittal]

On Tue, Sep 20, 2016 at 10:53 PM, Jeff Cody  wrote:
> On Tue, Sep 20, 2016 at 06:07:45PM -0700, Ashish Mittal wrote:
>> This patch adds support for a new block device type called "vxhs".
>> Source code for the library that this code loads can be downloaded from:
>> https://github.com/MittalAshish/libqnio.git
>>
>> Sample command line using JSON syntax:
>> ./qemu-system-x86_64 -name instance-0008 -S -vnc 0.0.0.0:0 -k en-us -vga 
>> cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -msg 
>> timestamp=on 
>> 'json:{"driver":"vxhs","vdisk_id":"{c3e9095a-a5ee-4dce-afeb-2a59fb387410}","server":[{"host":"172.172.17.4","port":""},{"host":"172.172.17.2","port":""}]}'
>>
>> Sample command line using URI syntax:
>> qemu-img convert -f raw -O raw -n 
>> /var/lib/nova/instances/_base/0c5eacd5ebea5ed914b6a3e7b18f1ce734c386ad 
>> vxhs://192.168.0.1:/%7Bc6718f6b-0401-441d-a8c3-1f0064d75ee0%7D
>>
>
> I could not get the configure to work without massaging it a bit, nor could
> I get QEMU to compile with the (presumably) latest version of libqnio from
> github.  I'm assuming there are some commits to libqnio that have not been
> pushed yet, between v5 and v6 of this RFC series?  (It's an RFC series, so
> that is fine, I am just curious because I was able to compile v5).
>
>

Yes some commits were pending. I checked them in the next day after
some cleanup. Latest patch v7 should build fine.

>> Signed-off-by: Ashish Mittal 
>> ---
>> v6 changelog:
>> (1) Removed cJSON dependency out of the libqnioshim layer.
>> (2) Merged libqnioshim code into qemu vxhs driver proper.
>> Now qemu-vxhs code only links with libqnio.so.
>> (3) Replaced use of custom spinlocks with qemu_spin_lock.
>>
>> v5 changelog:
>> (1) Removed unused functions.
>> (2) Changed all qemu_ prefix for functions defined in libqnio and vxhs.c.
>> (3) Fixed memory leaks in vxhs_qemu_init() and on the close of vxhs device.
>> (4) Added upper bounds check on num_servers.
>> (5) Close channel fds whereever necessary.
>> (6) Changed vdisk_size to int64_t for 32-bit compilations.
>> (7) Added message to configure file to indicate if vxhs is enabled or not.
>>
>> v4 changelog:
>> (1) Reworked QAPI/JSON parsing.
>> (2) Reworked URI parsing as suggested by Kevin.
>> (3) Fixes per review comments from Stefan on v1.
>> (4) Fixes per review comments from Daniel on v3.
>>
>> v3 changelog:
>> (1) Implemented QAPI interface for passing VxHS block device parameters.
>>
>> v2 changelog:
>> (1) Removed code to dlopen library. We now check if libqnio is installed 
>> during
>> configure, and directly link with it.
>> (2) Changed file headers to mention GPLv2-or-later license.
>> (3) Removed unnecessary type casts and inlines.
>> (4) Removed custom tokenize function and modified code to use g_strsplit.
>> (5) Replaced malloc/free with g_new/g_free and removed code that checks for
>> memory allocation failure conditions.
>> (6) Removed some block ops implementations that were place-holders only.
>> (7) Removed all custom debug messages. Added new messages in 
>> block/trace-events
>> (8) Other miscellaneous corrections.
>>
>> v1 changelog:
>> (1) First patch submission for review comments.
>>
>>  block/Makefile.objs |2 +
>>  block/trace-events  |   47 ++
>>  block/vxhs.c| 1602 
>> +++
>>  block/vxhs.h|  221 +++
>>  configure   |   41 ++
>>  5 files changed, 1913 insertions(+)
>>  create mode 100644 block/vxhs.c
>>  create mode 100644 block/vxhs.h
>>
>> diff --git a/block/Makefile.objs b/block/Makefile.objs
>> index 55da626..bafb7c9 100644
>> --- a/block/Makefile.objs
>> +++ b/block/Makefile.objs
>> @@ -18,6 +18,7 @@ block-obj-$(CONFIG_LIBNFS) += nfs.o
>>  block-obj-$(CONFIG_CURL) += curl.o
>>  block-obj-$(CONFIG_RBD) += rbd.o
>>  block-obj-$(CONFIG_GLUSTERFS) += gluster.o
>> +block-obj-$(CONFIG_VXHS) += vxhs.o
>>  block-obj-$(CONFIG_ARCHIPELAGO) += archipelago.o
>>  block-obj-$(CONFIG_LIBSSH2) += ssh.o
>>  block-obj-y += accounting.o dirty-bitmap.o
>> @@ -37,6 +38,7 @@ rbd.o-cflags   := $(RBD_CFLAGS)
>>  rbd.o-libs := $(RBD_LIBS)
>>  gluster.o-cflags   := $(GLUSTERFS_CFLAGS)
>>  gluster.o-libs := $(GLUSTERFS_LIBS)
>> +vxhs.o-libs:= $(VXHS_LIBS)
>>  ssh.o-cflags   := $(LIBSSH2_CFLAGS)
>>  ssh.o-libs := $(LIBSSH2_LIBS)
>>  archipelago.o-libs := $(ARCHIPELAGO_LIBS)
>> diff --git a/block/trace-events b/block/trace-events
>> index 05fa13c..b0098a7 100644
>> --- a/block/trace-events
>> +++ b/block/trace-events
>> @@ -114,3 +114,50 @@ qed_aio_write_data(void *s, void *acb, int ret, 
>> uint64_t offset, size_t len) "s
>>  qed_aio_write_prefill(void *s, void *acb, uint64_t start, size_t len, 
>> uint64_t offset) "s %p acb %p start %"PRIu64" len %zu offset %"PRIu64
>>  qed_aio_write_postfill(void *s, void *acb, uint64_t start, size_t len, 
>> uint64_t offset) "s %p acb %p start %"PRIu64" len %zu offset %"PRIu64
>>  qed_aio_write_main(void

[Qemu-devel] [PATCH 6/6] target-ppc: add vclzlsbb/vctzlsbb instructions

[Rajalakshmi Srinivasaraghavan]

The following vector instructions are added from ISA 3.0.

vclzlsbb - Vector Count Leading Zero Least-Significant Bits Byte
vctzlsbb - Vector Count Trailing Zero Least-Significant Bits Byte

Signed-off-by: Rajalakshmi Srinivasaraghavan 
---
 target-ppc/helper.h |2 ++
 target-ppc/int_helper.c |   28 
 target-ppc/translate/vmx-impl.inc.c |   14 ++
 target-ppc/translate/vmx-ops.inc.c  |2 ++
 4 files changed, 46 insertions(+), 0 deletions(-)

diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index 9c3095f..30c4429 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -343,6 +343,8 @@ DEF_HELPER_2(vpopcntb, void, avr, avr)
 DEF_HELPER_2(vpopcnth, void, avr, avr)
 DEF_HELPER_2(vpopcntw, void, avr, avr)
 DEF_HELPER_2(vpopcntd, void, avr, avr)
+DEF_HELPER_1(vclzlsbb, tl, avr)
+DEF_HELPER_1(vctzlsbb, tl, avr)
 DEF_HELPER_3(vbpermd, void, avr, avr, avr)
 DEF_HELPER_3(vbpermq, void, avr, avr, avr)
 DEF_HELPER_2(vgbbd, void, avr, avr)
diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
index f132f7b..759ead9 100644
--- a/target-ppc/int_helper.c
+++ b/target-ppc/int_helper.c
@@ -881,6 +881,34 @@ VCT(uxs, cvtsduw, u32)
 VCT(sxs, cvtsdsw, s32)
 #undef VCT
 
+target_ulong helper_vclzlsbb(ppc_avr_t *r)
+{
+target_ulong count = 0;
+int i;
+VECTOR_FOR_INORDER_I(i, u8) {
+if (r->u8[i] & 0x01) {
+break;
+}
+count++;
+}
+return count;
+}
+target_ulong helper_vctzlsbb(ppc_avr_t *r)
+{
+target_ulong count = 0;
+int i;
+#if defined(HOST_WORDS_BIGENDIAN)
+for (i = ARRAY_SIZE(r->u8) - 1; i >= 0; i--) {
+#else
+for (i = 0; i < ARRAY_SIZE(r->u8); i++) {
+#endif
+if (r->u8[i] & 0x01) {
+break;
+}
+count++;
+}
+return count;
+}
 void helper_vmhaddshs(CPUPPCState *env, ppc_avr_t *r, ppc_avr_t *a,
   ppc_avr_t *b, ppc_avr_t *c)
 {
diff --git a/target-ppc/translate/vmx-impl.inc.c 
b/target-ppc/translate/vmx-impl.inc.c
index 0bc7188..1649b34 100644
--- a/target-ppc/translate/vmx-impl.inc.c
+++ b/target-ppc/translate/vmx-impl.inc.c
@@ -691,6 +691,18 @@ static void glue(gen_, name)(DisasContext *ctx)
 \
 tcg_temp_free_ptr(rd);  \
 }
 
+#define GEN_VXFORM_NOA_3(name, opc2, opc3, opc4)\
+static void glue(gen_, name)(DisasContext *ctx) \
+{   \
+TCGv_ptr rb;\
+if (unlikely(!ctx->altivec_enabled)) {  \
+gen_exception(ctx, POWERPC_EXCP_VPU);   \
+return; \
+}   \
+rb = gen_avr_ptr(rB(ctx->opcode));  \
+gen_helper_##name(cpu_gpr[rD(ctx->opcode)], rb);\
+tcg_temp_free_ptr(rb);  \
+}
 GEN_VXFORM_NOA(vupkhsb, 7, 8);
 GEN_VXFORM_NOA(vupkhsh, 7, 9);
 GEN_VXFORM_NOA(vupkhsw, 7, 25);
@@ -905,6 +917,8 @@ GEN_VXFORM_NOA_2(vctzb, 1, 24, 28)
 GEN_VXFORM_NOA_2(vctzh, 1, 24, 29)
 GEN_VXFORM_NOA_2(vctzw, 1, 24, 30)
 GEN_VXFORM_NOA_2(vctzd, 1, 24, 31)
+GEN_VXFORM_NOA_3(vclzlsbb, 1, 24, 0)
+GEN_VXFORM_NOA_3(vctzlsbb, 1, 24, 1)
 GEN_VXFORM_NOA(vpopcntb, 1, 28)
 GEN_VXFORM_NOA(vpopcnth, 1, 29)
 GEN_VXFORM_NOA(vpopcntw, 1, 30)
diff --git a/target-ppc/translate/vmx-ops.inc.c 
b/target-ppc/translate/vmx-ops.inc.c
index 009e9b1..20d243f 100644
--- a/target-ppc/translate/vmx-ops.inc.c
+++ b/target-ppc/translate/vmx-ops.inc.c
@@ -223,6 +223,8 @@ GEN_VXFORM_300_EO(vctzb, 0x01, 0x18, 0x1C),
 GEN_VXFORM_300_EO(vctzh, 0x01, 0x18, 0x1D),
 GEN_VXFORM_300_EO(vctzw, 0x01, 0x18, 0x1E),
 GEN_VXFORM_300_EO(vctzd, 0x01, 0x18, 0x1F),
+GEN_VXFORM_300_EO(vclzlsbb, 0x01, 0x18, 0x0),
+GEN_VXFORM_300_EO(vctzlsbb, 0x01, 0x18, 0x1),
 GEN_VXFORM_300(vpermr, 0x1D, 0xFF),
 
 #define GEN_VXFORM_NOA(name, opc2, opc3)\
-- 
1.7.1

[Qemu-devel] [PATCH 4/6] target-ppc: fix invalid mask - cmpl, bctar

[Rajalakshmi Srinivasaraghavan]

From: Avinesh Kumar 

cmpl:  invalid bit mask should be 0x0041
bctar: invalid bit mask should be 0xE000

Signed-off-by: Avinesh Kumar 
Signed-off-by: Rajalakshmi Srinivasaraghavan 
---
 target-ppc/translate.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 8eefd82..dab8f19 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -6203,7 +6203,7 @@ static opcode_t opcodes[] = {
 GEN_HANDLER(invalid, 0x00, 0x00, 0x00, 0x, PPC_NONE),
 GEN_HANDLER(cmp, 0x1F, 0x00, 0x00, 0x0040, PPC_INTEGER),
 GEN_HANDLER(cmpi, 0x0B, 0xFF, 0xFF, 0x0040, PPC_INTEGER),
-GEN_HANDLER(cmpl, 0x1F, 0x00, 0x01, 0x0040, PPC_INTEGER),
+GEN_HANDLER(cmpl, 0x1F, 0x00, 0x01, 0x0041, PPC_INTEGER),
 GEN_HANDLER(cmpli, 0x0A, 0xFF, 0xFF, 0x0040, PPC_INTEGER),
 #if defined(TARGET_PPC64)
 GEN_HANDLER_E(cmpeqb, 0x1F, 0x00, 0x07, 0x0060, PPC_NONE, PPC2_ISA300),
@@ -6297,7 +6297,7 @@ GEN_HANDLER(b, 0x12, 0xFF, 0xFF, 0x, PPC_FLOW),
 GEN_HANDLER(bc, 0x10, 0xFF, 0xFF, 0x, PPC_FLOW),
 GEN_HANDLER(bcctr, 0x13, 0x10, 0x10, 0x, PPC_FLOW),
 GEN_HANDLER(bclr, 0x13, 0x10, 0x00, 0x, PPC_FLOW),
-GEN_HANDLER_E(bctar, 0x13, 0x10, 0x11, 0, PPC_NONE, PPC2_BCTAR_ISA207),
+GEN_HANDLER_E(bctar, 0x13, 0x10, 0x11, 0xE000, PPC_NONE, 
PPC2_BCTAR_ISA207),
 GEN_HANDLER(mcrf, 0x13, 0x00, 0xFF, 0x0001, PPC_INTEGER),
 GEN_HANDLER(rfi, 0x13, 0x12, 0x01, 0x03FF8001, PPC_FLOW),
 #if defined(TARGET_PPC64)
-- 
1.7.1

[Qemu-devel] [PATCH 1/6] target-ppc: add vmul10[u, eu, cu, ecu]q instructions

[Rajalakshmi Srinivasaraghavan]

From: Vasant Hegde 

vmul10uq  : Vector Multiply-by-10 Unsigned Quadword VX-form
vmul10euq : Vector Multiply-by-10 Extended Unsigned Quadword VX-form
vmul10cuq : Vector Multiply-by-10 & write Carry Unsigned Quadword VX-form
vmul10ecuq: Vector Multiply-by-10 Extended & write Carry Unsigned Quadword 
VX-form

Signed-off-by: Vasant Hegde 
[ Add GEN_VXFORM_DUAL_EXT with invalid bit mask ]
Signed-off-by: Nikunj A Dadhania 
Signed-off-by: Rajalakshmi Srinivasaraghavan 
---
 target-ppc/translate/vmx-impl.inc.c |   74 +++
 target-ppc/translate/vmx-ops.inc.c  |8 ++--
 2 files changed, 78 insertions(+), 4 deletions(-)

diff --git a/target-ppc/translate/vmx-impl.inc.c 
b/target-ppc/translate/vmx-impl.inc.c
index 3ce374d..abfde27 100644
--- a/target-ppc/translate/vmx-impl.inc.c
+++ b/target-ppc/translate/vmx-impl.inc.c
@@ -182,6 +182,54 @@ static void gen_mtvscr(DisasContext *ctx)
 tcg_temp_free_ptr(p);
 }
 
+#define GEN_VX_VMUL10(name, add_cin, ret_carry) \
+static void glue(gen_, name)(DisasContext *ctx) \
+{   \
+TCGv_i64 t0 = tcg_temp_new_i64();   \
+TCGv_i64 t1 = tcg_temp_new_i64();   \
+TCGv_i64 t2 = tcg_temp_new_i64();   \
+TCGv_i64 cin = tcg_temp_new_i64();  \
+TCGv_i64 val, z;\
+\
+if (unlikely(!ctx->altivec_enabled)) {  \
+gen_exception(ctx, POWERPC_EXCP_VPU);   \
+return; \
+}   \
+\
+val = tcg_const_i64(10);\
+z = tcg_const_i64(0);   \
+\
+if (add_cin) {  \
+tcg_gen_andi_i64(cin, cpu_avrl[rB(ctx->opcode)], 0xF);  \
+tcg_gen_movcond_i64(TCG_COND_LTU, cin, cin, val, cin, z);   \
+} else {\
+tcg_gen_movi_i64(cin, 0);   \
+}   \
+\
+tcg_gen_mulu2_i64(t0, t1, cpu_avrl[rA(ctx->opcode)], val);  \
+tcg_gen_add2_i64(cpu_avrl[rD(ctx->opcode)], t2, t0, z, cin, z); \
+tcg_gen_add2_i64(t2, t0, t1, z, t2, z); \
+tcg_gen_mulu2_i64(t0, t1, cpu_avrh[rA(ctx->opcode)], val);  \
+tcg_gen_add2_i64(cpu_avrh[rD(ctx->opcode)], t2, t0, z, t2, z);  \
+\
+if (ret_carry) {\
+tcg_gen_add2_i64(cpu_avrl[rD(ctx->opcode)], t0, t1, z, t2, z);  \
+tcg_gen_movi_i64(cpu_avrh[rD(ctx->opcode)], 0); \
+}   \
+\
+tcg_temp_free_i64(t0);  \
+tcg_temp_free_i64(t1);  \
+tcg_temp_free_i64(t2);  \
+tcg_temp_free_i64(val); \
+tcg_temp_free_i64(cin); \
+tcg_temp_free_i64(z);   \
+}   \
+
+GEN_VX_VMUL10(vmul10uq, 0, 0);
+GEN_VX_VMUL10(vmul10euq, 1, 0);
+GEN_VX_VMUL10(vmul10cuq, 0, 1);
+GEN_VX_VMUL10(vmul10ecuq, 1, 1);
+
 /* Logical operations */
 #define GEN_VX_LOGICAL(name, tcg_op, opc2, opc3)\
 static void glue(gen_, name)(DisasContext *ctx)
 \
@@ -276,8 +324,30 @@ static void glue(gen_, name0##_##name1)(DisasContext *ctx) 
\
 }  \
 }
 
+/* Adds support to provide invalid mask */
+#define GEN_VXFORM_DUAL_EXT(name0, flg0, flg2_0, inval0,\
+name1, flg1, flg2_1, inval1)\
+static void glue(gen_, name0##_##name1)(DisasContext *ctx)  \
+{   \
+if ((Rc(ctx->opcode) == 0) &&  

[Qemu-devel] [PATCH 0/6] POWER9 TCG enablement - part5

[Rajalakshmi Srinivasaraghavan]

This series contains 15 new instructions for POWER9 described in ISA3.0.

Patches:
01: Adds vector multiply instructions.
vmul10uq  : Vector Multiply-by-10 Unsigned Quadword
vmul10euq : Vector Multiply-by-10 Extended Unsigned Quadword
vmul10cuq : Vector Multiply-by-10 & write Carry Unsigned QW
vmul10ecuq: Vector Multiply-by-10 Extended write Carry Unsigned QW
02: Adds vector extract unsigned left indexed  instructions.
vextublx:  Vector Extract Unsigned Byte Left
vextuhlx:  Vector Extract Unsigned Halfword Left
vextuwlx:  Vector Extract Unsigned Word Left
03: Adds vector extract unsigned right indexed instructions.
vextubrx: Vector Extract Unsigned Byte Right-Indexed
vextuhrx: Vector Extract Unsigned  Halfword Right-Indexed
vextuwrx: Vector Extract Unsigned Word Right-Indexed
04: Fix invalid mask - cmpl, bctar.
05: Adds vector compare not equal instructions.
vcmpneb - Vector Compare Not Equal Byte
vcmpneh - Vector Compare Not Equal Halfword
vcmpnew - Vector Compare Not Equal Word
06: Adds vclzlsbb/vctzlsbb instructions
vclzlsbb - Vector Count Leading Zero Least-Significant Bits Byte
vctzlsbb - Vector Count Trailing Zero Least-Significant Bits Byte



 target-ppc/helper.h |   14 
 target-ppc/int_helper.c |  134 +++
 target-ppc/translate.c  |4 +-
 target-ppc/translate/vmx-impl.inc.c |  123 +++-
 target-ppc/translate/vmx-ops.inc.c  |   24 ---
 5 files changed, 274 insertions(+), 25 deletions(-)

[Qemu-devel] [PATCH 3/6] target-ppc: add vextu[bhw]rx instructions

[Rajalakshmi Srinivasaraghavan]

From: Hariharan T.S 

vextubrx: Vector Extract Unsigned Byte Right-Indexed VX-form
vextuhrx: Vector Extract Unsigned  Halfword Right-Indexed VX-form
vextuwrx: Vector Extract Unsigned Word Right-Indexed VX-form

Signed-off-by: Hariharan T.S. 
Signed-off-by: Avinesh Kumar 
Signed-off-by: Rajalakshmi Srinivasaraghavan 
---
 target-ppc/helper.h |3 ++
 target-ppc/int_helper.c |   38 ++-
 target-ppc/translate/vmx-impl.inc.c |5 
 target-ppc/translate/vmx-ops.inc.c  |4 ++-
 4 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index 3041199..aef2f30 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -347,6 +347,9 @@ DEF_HELPER_3(vpmsumd, void, avr, avr, avr)
 DEF_HELPER_2(vextublx, tl, tl, avr)
 DEF_HELPER_2(vextuhlx, tl, tl, avr)
 DEF_HELPER_2(vextuwlx, tl, tl, avr)
+DEF_HELPER_2(vextubrx, tl, tl, avr)
+DEF_HELPER_2(vextuhrx, tl, tl, avr)
+DEF_HELPER_2(vextuwrx, tl, tl, avr)
 
 DEF_HELPER_2(vsbox, void, avr, avr)
 DEF_HELPER_3(vcipher, void, avr, avr, avr)
diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
index c24cc07..09a1799 100644
--- a/target-ppc/int_helper.c
+++ b/target-ppc/int_helper.c
@@ -1561,7 +1561,6 @@ void helper_vpmsumd(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t 
*b)
 #endif
 }
 
-
 #if defined(HOST_WORDS_BIGENDIAN)
 #define PKBIG 1
 #else
@@ -1742,6 +1741,43 @@ VEXTULX_DO(vextuhlx, 2)
 VEXTULX_DO(vextuwlx, 4)
 #undef VEXTULX_DO
 
+#if defined(HOST_WORDS_BIGENDIAN)
+#define VEXTURX_DO(name, elem)  \
+target_ulong glue(helper_, name)(target_ulong a, ppc_avr_t *b)  \
+{   \
+target_ulong r = 0; \
+int i;  \
+int index = a & 0xf;\
+for (i = elem - 1; i >= 0; i--) {   \
+r = r << 8; \
+if ((15 - i - index) >= 0) {\
+r = r | b->u8[15 - i - index];  \
+}   \
+}   \
+return r;   \
+}
+#else
+#define VEXTURX_DO(name, elem)  \
+target_ulong glue(helper_, name)(target_ulong a, ppc_avr_t *b)  \
+{   \
+target_ulong r = 0; \
+int i;  \
+int index = 15 - (a & 0xf); \
+for (i = elem - 1; i >= 0; i--) {   \
+r = r << 8; \
+if ((15 + i - index) <= 15) {   \
+r = r | b->u8[15 + i - index];  \
+}   \
+}   \
+return r;   \
+}
+#endif
+
+VEXTURX_DO(vextubrx, 1)
+VEXTURX_DO(vextuhrx, 2)
+VEXTURX_DO(vextuwrx, 4)
+#undef VEXTURX_DO
+
 /* The specification says that the results are undefined if all of the
  * shift counts are not identical.  We check to make sure that they are
  * to conform to what real hardware appears to do.  */
diff --git a/target-ppc/translate/vmx-impl.inc.c 
b/target-ppc/translate/vmx-impl.inc.c
index 815ba96..10641dc 100644
--- a/target-ppc/translate/vmx-impl.inc.c
+++ b/target-ppc/translate/vmx-impl.inc.c
@@ -534,6 +534,11 @@ GEN_VXFORM_HETRO(vextuhlx, 6, 25)
 GEN_VXFORM_HETRO(vextuwlx, 6, 26)
 GEN_VXFORM_DUAL(vmrgow, PPC_NONE, PPC2_ALTIVEC_207,
 vextuwlx, PPC_NONE, PPC2_ISA300)
+GEN_VXFORM_HETRO(vextubrx, 6, 28)
+GEN_VXFORM_HETRO(vextuhrx, 6, 29)
+GEN_VXFORM_HETRO(vextuwrx, 6, 30)
+GEN_VXFORM_DUAL(vmrgew, PPC_NONE, PPC2_ALTIVEC_207, \
+vextuwrx, PPC_NONE, PPC2_ISA300)
 
 #define GEN_VXRFORM1(opname, name, str, opc2, opc3) \
 static void glue(gen_, name)(DisasContext *ctx) \
diff --git a/target-ppc/translate/vmx-ops.inc.c 
b/target-ppc/translate/vmx-ops.inc.c
index 3e0047d..87be6c6 100644
--- a/target-ppc/translate/vmx-ops.inc.c
+++ b/target-ppc/translate/vmx-ops.inc.c
@@ -94,7 +94,9 @@ GEN_VXFORM(vmrglw, 6, 6),
 GEN_VXFORM_300(vextublx, 6, 24),
 GEN_VXFORM_300(vextuhlx, 6, 25),
 GEN_VXFORM_DUAL(vmrgow, vextuwlx, 6, 26, PPC_ALTIVEC, PPC_NONE),
-GEN_VXFORM_207(vmrgew, 6, 30),
+GEN_VXFORM_300(vextu

[Qemu-devel] [PATCH 2/6] target-ppc: add vextu[bhw]lx instructions

[Rajalakshmi Srinivasaraghavan]

From: Avinesh Kumar 

vextublx:  Vector Extract Unsigned Byte Left
vextuhlx:  Vector Extract Unsigned Halfword Left
vextuwlx:  Vector Extract Unsigned Word Left

Signed-off-by: Avinesh Kumar 
[ Remove else part in helper ]
Signed-off-by: Rajalakshmi Srinivasaraghavan 
---
 target-ppc/helper.h |3 ++
 target-ppc/int_helper.c |   37 +++
 target-ppc/translate/vmx-impl.inc.c |   19 ++
 target-ppc/translate/vmx-ops.inc.c  |4 ++-
 4 files changed, 62 insertions(+), 1 deletions(-)

diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index a1c2962..3041199 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -344,6 +344,9 @@ DEF_HELPER_3(vpmsumb, void, avr, avr, avr)
 DEF_HELPER_3(vpmsumh, void, avr, avr, avr)
 DEF_HELPER_3(vpmsumw, void, avr, avr, avr)
 DEF_HELPER_3(vpmsumd, void, avr, avr, avr)
+DEF_HELPER_2(vextublx, tl, tl, avr)
+DEF_HELPER_2(vextuhlx, tl, tl, avr)
+DEF_HELPER_2(vextuwlx, tl, tl, avr)
 
 DEF_HELPER_2(vsbox, void, avr, avr)
 DEF_HELPER_3(vcipher, void, avr, avr, avr)
diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
index 51a9ac5..c24cc07 100644
--- a/target-ppc/int_helper.c
+++ b/target-ppc/int_helper.c
@@ -1705,6 +1705,43 @@ void helper_vlogefp(CPUPPCState *env, ppc_avr_t *r, 
ppc_avr_t *b)
 }
 }
 
+#if defined(HOST_WORDS_BIGENDIAN)
+#define VEXTULX_DO(name, elem)  \
+target_ulong glue(helper_, name)(target_ulong a, ppc_avr_t *b)  \
+{   \
+target_ulong r = 0; \
+int i;  \
+int index = a & 0xf;\
+for (i = 0; i < elem; i++) {\
+r = r << 8; \
+if (index + i <= 15) {  \
+r = r | b->u8[index + i];   \
+}   \
+}   \
+return r;   \
+}
+#else
+#define VEXTULX_DO(name, elem)  \
+target_ulong glue(helper_, name)(target_ulong a, ppc_avr_t *b)  \
+{   \
+target_ulong r = 0; \
+int i;  \
+int index = 15 - (a & 0xf); \
+for (i = 0; i < elem; i++) {\
+r = r << 8; \
+if (index - i >= 0) {   \
+r = r | b->u8[index - i];   \
+}   \
+}   \
+return r;   \
+}
+#endif
+
+VEXTULX_DO(vextublx, 1)
+VEXTULX_DO(vextuhlx, 2)
+VEXTULX_DO(vextuwlx, 4)
+#undef VEXTULX_DO
+
 /* The specification says that the results are undefined if all of the
  * shift counts are not identical.  We check to make sure that they are
  * to conform to what real hardware appears to do.  */
diff --git a/target-ppc/translate/vmx-impl.inc.c 
b/target-ppc/translate/vmx-impl.inc.c
index abfde27..815ba96 100644
--- a/target-ppc/translate/vmx-impl.inc.c
+++ b/target-ppc/translate/vmx-impl.inc.c
@@ -342,6 +342,19 @@ static void glue(gen_, name0##_##name1)(DisasContext *ctx) 
 \
 }   \
 }
 
+#define GEN_VXFORM_HETRO(name, opc2, opc3)  \
+static void glue(gen_, name)(DisasContext *ctx) \
+{   \
+TCGv_ptr rb;\
+if (unlikely(!ctx->altivec_enabled)) {  \
+gen_exception(ctx, POWERPC_EXCP_VPU);   \
+return; \
+}   \
+rb = gen_avr_ptr(rB(ctx->opcode));  \
+gen_helper_##name(cpu_gpr[rD(ctx->opcode)], cpu_gpr[rA(ctx->opcode)], rb); 
\
+tcg_temp_free_ptr(rb);  \
+}
+
 GEN_VXFORM(vaddubm, 0, 0);
 GEN_VXFORM_DUAL_EXT(vaddubm, PPC_NONE, PPC2_ALTIVEC_207, 0,   \
 vmul10cuq, PPC_NONE, PPC2_ISA300, 0xF800)
@@ -516,6 +529,12 @@ GEN_VXFORM_ENV(vsubfp, 5, 1);
 GEN_VXFORM_ENV(vmaxfp, 5, 16);
 GEN_VXFORM_ENV(vminfp, 5, 17);
 
+GEN_VXFORM_HETRO(vextublx, 6, 24)
+GEN_VXFORM_HETRO(vextuhlx

[Qemu-devel] [PATCH 5/6] target-ppc: add vector compare not equal instructions

[Rajalakshmi Srinivasaraghavan]

The following vector compare not equal instructions are added from ISA 3.0.

vcmpneb - Vector Compare Not Equal Byte
vcmpneh - Vector Compare Not Equal Halfword
vcmpnew - Vector Compare Not Equal Word

Signed-off-by: Rajalakshmi Srinivasaraghavan 
---
 target-ppc/helper.h |6 ++
 target-ppc/int_helper.c |   31 +++
 target-ppc/translate/vmx-impl.inc.c |   11 ++-
 target-ppc/translate/vmx-ops.inc.c  |6 +++---
 4 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index aef2f30..9c3095f 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -147,6 +147,9 @@ DEF_HELPER_4(vcmpequb, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpequh, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpequw, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpequd, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpneb, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpneh, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpnew, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpnezb, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpnezh, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpnezw, void, env, avr, avr, avr)
@@ -166,6 +169,9 @@ DEF_HELPER_4(vcmpequb_dot, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpequh_dot, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpequw_dot, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpequd_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpneb_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpneh_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpnew_dot, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpnezb_dot, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpnezh_dot, void, env, avr, avr, avr)
 DEF_HELPER_4(vcmpnezw_dot, void, env, avr, avr, avr)
diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
index 09a1799..f132f7b 100644
--- a/target-ppc/int_helper.c
+++ b/target-ppc/int_helper.c
@@ -735,20 +735,24 @@ VCMP(gtsd, >, s64)
 #undef VCMP_DO
 #undef VCMP
 
-#define VCMPNEZ_DO(suffix, element, etype, record)   \
-void helper_vcmpnez##suffix(CPUPPCState *env, ppc_avr_t *r,  \
+#define VCMPNE_DO(suffix, element, etype, cmpzero, record)  \
+void helper_vcmpne##suffix(CPUPPCState *env, ppc_avr_t *r,  \
 ppc_avr_t *a, ppc_avr_t *b) \
 {   \
 etype ones = (etype)-1; \
 etype all = ones;   \
-etype none = 0; \
+etype result, none = 0; \
 int i;  \
 \
 for (i = 0; i < ARRAY_SIZE(r->element); i++) {  \
-etype result = ((a->element[i] == 0)\
+if (cmpzero) {  \
+result = ((a->element[i] == 0)  \
|| (b->element[i] == 0)  \
|| (a->element[i] != b->element[i]) ?\
ones : 0x0); \
+} else {\
+result = (a->element[i] != b->element[i]) ? ones : 0x0; \
+}   \
 r->element[i] = result; \
 all &= result;  \
 none |= result; \
@@ -762,14 +766,17 @@ void helper_vcmpnez##suffix(CPUPPCState *env, ppc_avr_t 
*r,  \
  *   suffix  - instruction mnemonic suffix (b: byte, h: halfword, w: word)
  *   element - element type to access from vector
  */
-#define VCMPNEZ(suffix, element, etype) \
-VCMPNEZ_DO(suffix, element, etype, 0)   \
-VCMPNEZ_DO(suffix##_dot, element, etype, 1)
-VCMPNEZ(b, u8, uint8_t)
-VCMPNEZ(h, u16, uint16_t)
-VCMPNEZ(w, u32, uint32_t)
-#undef VCMPNEZ_DO
-#undef VCMPNEZ
+#define VCMPNE(suffix, element, etype, cmpzero) \
+VCMPNE_DO(suffix, element, etype, cmpzero, 0)   \
+VCMPNE_DO(suffix##_dot, element, etype, cmpzero, 1)
+VCMPNE(zb, u8, uint8_t, 1)
+VCMPNE(zh, u16, uint16_t, 1)
+VCMPNE(zw, u32, uint32_t, 1)
+VCMPNE(b, u8, uint8_t, 0)
+VCMPNE(h, u16, uint16_t, 0)
+VCMPNE(w, u32, uint32_t, 0)
+#undef VCMPNE_DO
+#undef VCMPNE
 
 #define VCMPFP_DO(suffix, compare, order, record)   \
 void helper_vcmp##suffix(CPUPPCState *env, ppc_avr_t *r,\
diff --git a/target-ppc/translate/vmx-impl.inc.c 
b/target-ppc/translate/vmx-impl.inc.c
index 10641dc..0bc7188 100644
--- a/target-pp

[Qemu-devel] [PATCH] block: modify top-id's comments

[Wang WeiWei]

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
Signed-off-by: zhanghailiang 
Signed-off-by: Gonglei 
Reviewed-by: Eric Blake 
---
 qapi/block-core.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index ada3202..0935b81 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2184,7 +2184,7 @@
 # @mode: the replication mode
 #
 # @top-id: #optional In secondary mode, node name or device ID of the root
-#  node who owns the replication node chain. Ignored in primary mode.
+#  node who owns the replication node chain. Must not be given in 
primary mode.
 #
 # Since: 2.8
 ##
-- 
1.9.3

Re: [Qemu-devel] [PATCH v4 0/9] POWER9 TCG enablements - part4

[Nikunj A Dadhania]

Nikunj A Dadhania  writes:

> This series contains 7 new instructions for POWER9 ISA3.0
> Use newer qemu load/store tcg helpers and optimize stxvw4x and lxvw4x.
>
> GCC was adding epilogue for every VSX instructions causing change in 
> behaviour. For testing the load vector instructions used mfvsrld/mfvsrd 
> for loading vsr to register. And for testing store vector, used mtvsrdd 
> instructions. This helped in getting rid of the epilogue added by gcc. Tried 
> adding the test cases to kvm-unit-tests, but executing vsx instructions 
> results in cpu exception. Will debug that later. I will send the test code 
> and steps to execute as reply to this email.

Source code for stxv_x.c and lxv_x.c is attached and following are the 
steps to use them:

Compile using IBM Advance toolchain[1]:
===
/opt/at10.0/bin/powerpc64-linux-gnu-gcc -static -O3 lxv_x.c -o be_lxv_x
/opt/at10.0/bin/powerpc64-linux-gnu-gcc -static -O3 stxv_x.c -o be_stxv_x
/opt/at10.0/bin/powerpc64le-linux-gnu-gcc -static -O3 lxv_x.c -o le_lxv_x
/opt/at10.0/bin/powerpc64le-linux-gnu-gcc -static -O3 stxv_x.c -o le_stxv_x

Run following for testing the instructions:
===

for i in lxv_x stxv_x
do
echo "Running ... $i"
echo " LE LE LE >>"
../qemu/ppc64le-linux-user/qemu-ppc64le   -cpu POWER9 le_${i}
echo " BE BE BE >>"
../qemu/ppc64-linux-user/qemu-ppc64   -cpu POWER9 be_${i}
echo ""
done

Regards
Nikunj

1. ftp://ftp.unicamp.br/pub/linuxpatch/toolchain/at/redhat/Fedora22

#include 
#include 
#include 

static void print16x1(uint8_t *p)
{
  int i;
  for(i = 0; i < 16; i++)
printf(" %02X ", p[i]);
  printf("\n");
}

int main(void) {
  __vector uint8_t vrt8;
  uint8_t rb8[16];
  unsigned long hi = 0x0001020310111213;
  unsigned long lo = 0x2021222330313233;

  asm volatile("mtvsrdd %x0, %2, %3;"
   "stxvw4x %x0, 0, %1;"
   : "=ws"(vrt8): "r"(&rb8), "r"(hi), "r"(lo));
  print16x1(rb8);

  asm volatile("mtvsrdd %x0, %2, %3;"
   "stxvh8x %x0, 0, %1;"
   : "=ws"(vrt8) : "r"(&rb8), "r"(hi), "r"(lo));
  print16x1(rb8);

  asm volatile("mtvsrdd %x0, %2, %3;"
   "stxvb16x %x0, 0, %1;"
   : "=ws"(vrt8) : "r"(&rb8), "r"(hi), "r"(lo));
  print16x1(rb8);

  return EXIT_SUCCESS;
}
#include 
#include 
#include 

int main(void) {
  __vector uint8_t vrt8;
  unsigned long lo, hi;

#if __BYTE_ORDER == __LITTLE_ENDIAN
  uint8_t rb32[16] = {0x03, 0x02, 0x01, 0x00, 0x13, 0x12, 0x11, 0x10,
  0x23, 0x22, 0x21, 0x20, 0x33, 0x32, 0x31, 0x30};
  uint8_t rb16[16] = {0x01, 0x00, 0x11, 0x10, 0x21, 0x20, 0x31, 0x30,
  0x41, 0x40, 0x51, 0x50, 0x61, 0x60, 0x71, 0x70};
#else
  uint8_t rb32[16] = {0x00, 0x01, 0x02, 0x03, 0x10, 0x11, 0x12, 0x13,
  0x20, 0x21, 0x22, 0x23, 0x30, 0x31, 0x32, 0x33};
  uint8_t rb16[16] = {0x00, 0x01, 0x10, 0x11, 0x20, 0x21, 0x30, 0x31,
  0x40, 0x41, 0x50, 0x51, 0x60, 0x61, 0x70, 0x71};
#endif

  uint8_t rb8[16] = {0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7};

  asm volatile("lxvw4x %x0, 0, %1;"
   "mfvsrd %2, %x0;"
   "mfvsrld %3, %x0;"
   : "=ws"(vrt8): "r"(&rb32), "r"(hi), "r"(lo));
  printf("lxvw4x:  hi %016lx lo %016lx \n", hi, lo);

  asm volatile("lxvh8x %x0, 0, %1;"
   "mfvsrd %2, %x0;"
   "mfvsrld %3, %x0;"
   : "=ws"(vrt8): "r"(&rb16), "r"(hi), "r"(lo));
  printf("lxvh8x:  hi %016lx lo %016lx \n", hi, lo);

  asm volatile("lxvb16x %x0, 0, %1;"
   "mfvsrd %2, %x0;"
   "mfvsrld %3, %x0;"
   : "=ws"(vrt8): "r"(&rb8), "r"(hi), "r"(lo));
  printf("lxvb16x: hi %016lx lo %016lx \n", hi, lo);

  return EXIT_SUCCESS;
}

[Qemu-devel] [PATCH v4 6/9] target-ppc: add lxvh8x instruction

[Nikunj A Dadhania]

lxvh8x:  Load VSX Vector Halfword*8

Big-Endian Storage
+---+---+---+---+---+---+---+---+
| 00 01 | 10 11 | 20 21 | 30 31 | 40 41 | 50 51 | 60 61 | 70 71 |
+---+---+---+---+---+---+---+---+

Little-Endian Storage
+---+---+---+---+---+---+---+---+
| 01 00 | 11 10 | 21 20 | 31 30 | 41 40 | 51 50 | 61 60 | 71 70 |
+---+---+---+---+---+---+---+---+

Vector load results in:
+---+---+---+---+---+---+---+---+
| 00 01 | 10 11 | 20 21 | 30 31 | 40 41 | 50 51 | 60 61 | 70 71 |
+---+---+---+---+---+---+---+---+

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/helper.h |  1 +
 target-ppc/mem_helper.c |  6 ++
 target-ppc/translate/vsx-impl.inc.c | 28 
 target-ppc/translate/vsx-ops.inc.c  |  1 +
 4 files changed, 36 insertions(+)

diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index a1c2962..9689000 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -298,6 +298,7 @@ DEF_HELPER_2(mtvscr, void, env, avr)
 DEF_HELPER_3(lvebx, void, env, avr, tl)
 DEF_HELPER_3(lvehx, void, env, avr, tl)
 DEF_HELPER_3(lvewx, void, env, avr, tl)
+DEF_HELPER_1(bswap16x4, i64, i64)
 DEF_HELPER_3(stvebx, void, env, avr, tl)
 DEF_HELPER_3(stvehx, void, env, avr, tl)
 DEF_HELPER_3(stvewx, void, env, avr, tl)
diff --git a/target-ppc/mem_helper.c b/target-ppc/mem_helper.c
index 6548715..29c7b5b 100644
--- a/target-ppc/mem_helper.c
+++ b/target-ppc/mem_helper.c
@@ -285,6 +285,12 @@ STVE(stvewx, cpu_stl_data_ra, bswap32, u32)
 #undef I
 #undef LVE
 
+uint64_t helper_bswap16x4(uint64_t x)
+{
+uint64_t m = 0x00ff00ff00ff00ffull;
+return ((x & m) << 8) | ((x >> 8) & m);
+}
+
 #undef HI_IDX
 #undef LO_IDX
 
diff --git a/target-ppc/translate/vsx-impl.inc.c 
b/target-ppc/translate/vsx-impl.inc.c
index 9fdab5f..51f3dcb 100644
--- a/target-ppc/translate/vsx-impl.inc.c
+++ b/target-ppc/translate/vsx-impl.inc.c
@@ -107,6 +107,34 @@ static void gen_lxvw4x(DisasContext *ctx)
 tcg_temp_free(EA);
 }
 
+static void gen_lxvh8x(DisasContext *ctx)
+{
+TCGv EA;
+TCGv_i64 xth = cpu_vsrh(xT(ctx->opcode));
+TCGv_i64 xtl = cpu_vsrl(xT(ctx->opcode));
+
+if (unlikely(!ctx->vsx_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VSXU);
+return;
+}
+gen_set_access_type(ctx, ACCESS_INT);
+EA = tcg_temp_new();
+gen_addr_reg_index(ctx, EA);
+
+if (ctx->le_mode) {
+tcg_gen_qemu_ld_i64(xth, EA, ctx->mem_idx, MO_BEQ);
+gen_helper_bswap16x4(xth, xth);
+tcg_gen_addi_tl(EA, EA, 8);
+tcg_gen_qemu_ld_i64(xtl, EA, ctx->mem_idx, MO_BEQ);
+gen_helper_bswap16x4(xtl, xtl);
+} else {
+tcg_gen_qemu_ld_i64(xth, EA, ctx->mem_idx, MO_BEQ);
+tcg_gen_addi_tl(EA, EA, 8);
+tcg_gen_qemu_ld_i64(xtl, EA, ctx->mem_idx, MO_BEQ);
+}
+tcg_temp_free(EA);
+}
+
 #define VSX_STORE_SCALAR(name, operation) \
 static void gen_##name(DisasContext *ctx) \
 { \
diff --git a/target-ppc/translate/vsx-ops.inc.c 
b/target-ppc/translate/vsx-ops.inc.c
index d5f5b87..c52e6ff 100644
--- a/target-ppc/translate/vsx-ops.inc.c
+++ b/target-ppc/translate/vsx-ops.inc.c
@@ -7,6 +7,7 @@ GEN_HANDLER_E(lxsspx, 0x1F, 0x0C, 0x10, 0, PPC_NONE, 
PPC2_VSX207),
 GEN_HANDLER_E(lxvd2x, 0x1F, 0x0C, 0x1A, 0, PPC_NONE, PPC2_VSX),
 GEN_HANDLER_E(lxvdsx, 0x1F, 0x0C, 0x0A, 0, PPC_NONE, PPC2_VSX),
 GEN_HANDLER_E(lxvw4x, 0x1F, 0x0C, 0x18, 0, PPC_NONE, PPC2_VSX),
+GEN_HANDLER_E(lxvh8x, 0x1F, 0x0C, 0x19, 0, PPC_NONE,  PPC2_ISA300),
 
 GEN_HANDLER_E(stxsdx, 0x1F, 0xC, 0x16, 0, PPC_NONE, PPC2_VSX),
 GEN_HANDLER_E(stxsibx, 0x1F, 0xD, 0x1C, 0, PPC_NONE, PPC2_ISA300),
-- 
2.7.4

[Qemu-devel] [PATCH v4 9/9] target-ppc: add stxvb16x instruction

[Nikunj A Dadhania]

stxvb16x: Store VSX Vector Byte*16

Vector:
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|F0|F1|F2|F3|F4|F5|F6|F7|E0|E1|E2|E3|E4|E5|E6|E7|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

Store results in following:

Little/Big-endian Storage
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|F0|F1|F2|F3|F4|F5|F6|F7|E0|E1|E2|E3|E4|E5|E6|E7|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate/vsx-impl.inc.c | 19 +++
 target-ppc/translate/vsx-ops.inc.c  |  2 ++
 2 files changed, 21 insertions(+)

diff --git a/target-ppc/translate/vsx-impl.inc.c 
b/target-ppc/translate/vsx-impl.inc.c
index 54e0c1e..31b3d45 100644
--- a/target-ppc/translate/vsx-impl.inc.c
+++ b/target-ppc/translate/vsx-impl.inc.c
@@ -252,6 +252,25 @@ static void gen_stxvh8x(DisasContext *ctx)
 tcg_temp_free(EA);
 }
 
+static void gen_stxvb16x(DisasContext *ctx)
+{
+TCGv_i64 xsh = cpu_vsrh(xS(ctx->opcode));
+TCGv_i64 xsl = cpu_vsrl(xS(ctx->opcode));
+TCGv EA;
+
+if (unlikely(!ctx->vsx_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VSXU);
+return;
+}
+gen_set_access_type(ctx, ACCESS_INT);
+EA = tcg_temp_new();
+gen_addr_reg_index(ctx, EA);
+tcg_gen_qemu_st_i64(xsh, EA, ctx->mem_idx, MO_BEQ);
+tcg_gen_addi_tl(EA, EA, 8);
+tcg_gen_qemu_st_i64(xsl, EA, ctx->mem_idx, MO_BEQ);
+tcg_temp_free(EA);
+}
+
 #define MV_VSRW(name, tcgop1, tcgop2, target, source)   \
 static void gen_##name(DisasContext *ctx)   \
 {   \
diff --git a/target-ppc/translate/vsx-ops.inc.c 
b/target-ppc/translate/vsx-ops.inc.c
index 17975ec..10eb4b9 100644
--- a/target-ppc/translate/vsx-ops.inc.c
+++ b/target-ppc/translate/vsx-ops.inc.c
@@ -8,6 +8,7 @@ GEN_HANDLER_E(lxvd2x, 0x1F, 0x0C, 0x1A, 0, PPC_NONE, PPC2_VSX),
 GEN_HANDLER_E(lxvdsx, 0x1F, 0x0C, 0x0A, 0, PPC_NONE, PPC2_VSX),
 GEN_HANDLER_E(lxvw4x, 0x1F, 0x0C, 0x18, 0, PPC_NONE, PPC2_VSX),
 GEN_HANDLER_E(lxvh8x, 0x1F, 0x0C, 0x19, 0, PPC_NONE,  PPC2_ISA300),
+GEN_HANDLER_E(lxvb16x, 0x1F, 0x0C, 0x1B, 0, PPC_NONE, PPC2_ISA300),
 
 GEN_HANDLER_E(stxsdx, 0x1F, 0xC, 0x16, 0, PPC_NONE, PPC2_VSX),
 GEN_HANDLER_E(stxsibx, 0x1F, 0xD, 0x1C, 0, PPC_NONE, PPC2_ISA300),
@@ -17,6 +18,7 @@ GEN_HANDLER_E(stxsspx, 0x1F, 0xC, 0x14, 0, PPC_NONE, 
PPC2_VSX207),
 GEN_HANDLER_E(stxvd2x, 0x1F, 0xC, 0x1E, 0, PPC_NONE, PPC2_VSX),
 GEN_HANDLER_E(stxvw4x, 0x1F, 0xC, 0x1C, 0, PPC_NONE, PPC2_VSX),
 GEN_HANDLER_E(stxvh8x, 0x1F, 0x0C, 0x1D, 0, PPC_NONE,  PPC2_ISA300),
+GEN_HANDLER_E(stxvb16x, 0x1F, 0x0C, 0x1F, 0, PPC_NONE, PPC2_ISA300),
 
 GEN_HANDLER_E(mfvsrwz, 0x1F, 0x13, 0x03, 0xF800, PPC_NONE, PPC2_VSX207),
 GEN_HANDLER_E(mtvsrwa, 0x1F, 0x13, 0x06, 0xF800, PPC_NONE, PPC2_VSX207),
-- 
2.7.4

[Qemu-devel] [PATCH v4 8/9] target-ppc: add lxvb16x instruction

[Nikunj A Dadhania]

lxvb16x: Load VSX Vector Byte*16

Little/Big-endian Storage
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|F0|F1|F2|F3|F4|F5|F6|F7|E0|E1|E2|E3|E4|E5|E6|E7|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

Vector load results in:
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|F0|F1|F2|F3|F4|F5|F6|F7|E0|E1|E2|E3|E4|E5|E6|E7|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate/vsx-impl.inc.c | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/target-ppc/translate/vsx-impl.inc.c 
b/target-ppc/translate/vsx-impl.inc.c
index 35168af..54e0c1e 100644
--- a/target-ppc/translate/vsx-impl.inc.c
+++ b/target-ppc/translate/vsx-impl.inc.c
@@ -135,6 +135,25 @@ static void gen_lxvh8x(DisasContext *ctx)
 tcg_temp_free(EA);
 }
 
+static void gen_lxvb16x(DisasContext *ctx)
+{
+TCGv EA;
+TCGv_i64 xth = cpu_vsrh(xT(ctx->opcode));
+TCGv_i64 xtl = cpu_vsrl(xT(ctx->opcode));
+
+if (unlikely(!ctx->vsx_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VSXU);
+return;
+}
+gen_set_access_type(ctx, ACCESS_INT);
+EA = tcg_temp_new();
+gen_addr_reg_index(ctx, EA);
+tcg_gen_qemu_ld_i64(xth, EA, ctx->mem_idx, MO_BEQ);
+tcg_gen_addi_tl(EA, EA, 8);
+tcg_gen_qemu_ld_i64(xtl, EA, ctx->mem_idx, MO_BEQ);
+tcg_temp_free(EA);
+}
+
 #define VSX_STORE_SCALAR(name, operation) \
 static void gen_##name(DisasContext *ctx) \
 { \
-- 
2.7.4

[Qemu-devel] [PATCH v4 5/9] target-ppc: improve stxvw4x implementation

[Nikunj A Dadhania]

Manipulate data and store 8bytes instead of 4bytes.

Vector:
+-+-+-+-+
| 00 11 22 33 | 44 55 66 77 | 88 99 AA BB | CC DD EE FF |
+-+-+-+-+

Store results in following:

Big-Endian Storage
+-+-+-+-+
| 00 11 22 33 | 44 55 66 77 | 88 99 AA BB | CC DD EE FF |
+-+-+-+-+

Little-Endian Storage
+-+-+-+-+
| 33 22 11 00 | 77 66 55 44 | BB AA 99 88 | FF EE DD CC |
+-+-+-+-+

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate/vsx-impl.inc.c | 33 +++--
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/target-ppc/translate/vsx-impl.inc.c 
b/target-ppc/translate/vsx-impl.inc.c
index 1eca042..9fdab5f 100644
--- a/target-ppc/translate/vsx-impl.inc.c
+++ b/target-ppc/translate/vsx-impl.inc.c
@@ -147,7 +147,8 @@ static void gen_stxvd2x(DisasContext *ctx)
 
 static void gen_stxvw4x(DisasContext *ctx)
 {
-TCGv_i64 tmp;
+TCGv_i64 xsh = cpu_vsrh(xS(ctx->opcode));
+TCGv_i64 xsl = cpu_vsrl(xS(ctx->opcode));
 TCGv EA;
 if (unlikely(!ctx->vsx_enabled)) {
 gen_exception(ctx, POWERPC_EXCP_VSXU);
@@ -156,21 +157,25 @@ static void gen_stxvw4x(DisasContext *ctx)
 gen_set_access_type(ctx, ACCESS_INT);
 EA = tcg_temp_new();
 gen_addr_reg_index(ctx, EA);
-tmp = tcg_temp_new_i64();
-
-tcg_gen_shri_i64(tmp, cpu_vsrh(xS(ctx->opcode)), 32);
-gen_qemu_st32_i64(ctx, tmp, EA);
-tcg_gen_addi_tl(EA, EA, 4);
-gen_qemu_st32_i64(ctx, cpu_vsrh(xS(ctx->opcode)), EA);
-
-tcg_gen_shri_i64(tmp, cpu_vsrl(xS(ctx->opcode)), 32);
-tcg_gen_addi_tl(EA, EA, 4);
-gen_qemu_st32_i64(ctx, tmp, EA);
-tcg_gen_addi_tl(EA, EA, 4);
-gen_qemu_st32_i64(ctx, cpu_vsrl(xS(ctx->opcode)), EA);
+if (ctx->le_mode) {
+TCGv_i64 t0 = tcg_temp_new_i64();
+TCGv_i64 t1 = tcg_temp_new_i64();
 
+tcg_gen_shri_i64(t0, xsh, 32);
+tcg_gen_deposit_i64(t1, t0, xsh, 32, 32);
+tcg_gen_qemu_st_i64(t1, EA, ctx->mem_idx, MO_LEQ);
+tcg_gen_addi_tl(EA, EA, 8);
+tcg_gen_shri_i64(t0, xsl, 32);
+tcg_gen_deposit_i64(t1, t0, xsl, 32, 32);
+tcg_gen_qemu_st_i64(t1, EA, ctx->mem_idx, MO_LEQ);
+tcg_temp_free_i64(t0);
+tcg_temp_free_i64(t1);
+} else {
+tcg_gen_qemu_st_i64(xsh, EA, ctx->mem_idx, MO_BEQ);
+tcg_gen_addi_tl(EA, EA, 8);
+tcg_gen_qemu_st_i64(xsl, EA, ctx->mem_idx, MO_BEQ);
+}
 tcg_temp_free(EA);
-tcg_temp_free_i64(tmp);
 }
 
 #define MV_VSRW(name, tcgop1, tcgop2, target, source)   \
-- 
2.7.4

[Qemu-devel] [PATCH v4 4/9] target-ppc: improve lxvw4x implementation

[Nikunj A Dadhania]

Load 8byte at a time and manipulate.

Big-Endian Storage
+-+-+-+-+
| 00 11 22 33 | 44 55 66 77 | 88 99 AA BB | CC DD EE FF |
+-+-+-+-+

Little-Endian Storage
+-+-+-+-+
| 33 22 11 00 | 77 66 55 44 | BB AA 99 88 | FF EE DD CC |
+-+-+-+-+

Vector load results in:
+-+-+-+-+
| 00 11 22 33 | 44 55 66 77 | 88 99 AA BB | CC DD EE FF |
+-+-+-+-+

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate/vsx-impl.inc.c | 33 +++--
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/target-ppc/translate/vsx-impl.inc.c 
b/target-ppc/translate/vsx-impl.inc.c
index 74d0533..1eca042 100644
--- a/target-ppc/translate/vsx-impl.inc.c
+++ b/target-ppc/translate/vsx-impl.inc.c
@@ -75,7 +75,6 @@ static void gen_lxvdsx(DisasContext *ctx)
 static void gen_lxvw4x(DisasContext *ctx)
 {
 TCGv EA;
-TCGv_i64 tmp;
 TCGv_i64 xth = cpu_vsrh(xT(ctx->opcode));
 TCGv_i64 xtl = cpu_vsrl(xT(ctx->opcode));
 if (unlikely(!ctx->vsx_enabled)) {
@@ -84,22 +83,28 @@ static void gen_lxvw4x(DisasContext *ctx)
 }
 gen_set_access_type(ctx, ACCESS_INT);
 EA = tcg_temp_new();
-tmp = tcg_temp_new_i64();
 
 gen_addr_reg_index(ctx, EA);
-gen_qemu_ld32u_i64(ctx, tmp, EA);
-tcg_gen_addi_tl(EA, EA, 4);
-gen_qemu_ld32u_i64(ctx, xth, EA);
-tcg_gen_deposit_i64(xth, xth, tmp, 32, 32);
-
-tcg_gen_addi_tl(EA, EA, 4);
-gen_qemu_ld32u_i64(ctx, tmp, EA);
-tcg_gen_addi_tl(EA, EA, 4);
-gen_qemu_ld32u_i64(ctx, xtl, EA);
-tcg_gen_deposit_i64(xtl, xtl, tmp, 32, 32);
-
+if (ctx->le_mode) {
+TCGv_i64 t0, t1;
+
+t0 = tcg_temp_new_i64();
+t1 = tcg_temp_new_i64();
+tcg_gen_qemu_ld_i64(t0, EA, ctx->mem_idx, MO_LEQ);
+tcg_gen_shri_i64(t1, t0, 32);
+tcg_gen_deposit_i64(xth, t1, t0, 32, 32);
+tcg_gen_addi_tl(EA, EA, 8);
+tcg_gen_qemu_ld_i64(t0, EA, ctx->mem_idx, MO_LEQ);
+tcg_gen_shri_i64(t1, t0, 32);
+tcg_gen_deposit_i64(xtl, t1, t0, 32, 32);
+tcg_temp_free_i64(t0);
+tcg_temp_free_i64(t1);
+} else {
+tcg_gen_qemu_ld_i64(xth, EA, ctx->mem_idx, MO_BEQ);
+tcg_gen_addi_tl(EA, EA, 8);
+tcg_gen_qemu_ld_i64(xtl, EA, ctx->mem_idx, MO_BEQ);
+}
 tcg_temp_free(EA);
-tcg_temp_free_i64(tmp);
 }
 
 #define VSX_STORE_SCALAR(name, operation) \
-- 
2.7.4

[Qemu-devel] [PATCH v4 7/9] target-ppc: add stxvh8x instruction

[Nikunj A Dadhania]

stxvh8x:  Store VSX Vector Halfword*8

Vector:
+---+---+---+---+---+---+---+---+
| 00 01 | 10 11 | 20 21 | 30 31 | 40 41 | 50 51 | 60 61 | 70 71 |
+---+---+---+---+---+---+---+---+

Store results in following:

Big-Endian Storage
+---+---+---+---+---+---+---+---+
| 00 01 | 10 11 | 20 21 | 30 31 | 40 41 | 50 51 | 60 61 | 70 71 |
+---+---+---+---+---+---+---+---+

Little-Endian Storage
+---+---+---+---+---+---+---+---+
| 01 00 | 11 10 | 21 20 | 31 30 | 41 40 | 51 50 | 61 60 | 71 70 |
+---+---+---+---+---+---+---+---+

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate/vsx-impl.inc.c | 27 +++
 target-ppc/translate/vsx-ops.inc.c  |  1 +
 2 files changed, 28 insertions(+)

diff --git a/target-ppc/translate/vsx-impl.inc.c 
b/target-ppc/translate/vsx-impl.inc.c
index 51f3dcb..35168af 100644
--- a/target-ppc/translate/vsx-impl.inc.c
+++ b/target-ppc/translate/vsx-impl.inc.c
@@ -206,6 +206,33 @@ static void gen_stxvw4x(DisasContext *ctx)
 tcg_temp_free(EA);
 }
 
+static void gen_stxvh8x(DisasContext *ctx)
+{
+TCGv_i64 xsh = cpu_vsrh(xS(ctx->opcode));
+TCGv_i64 xsl = cpu_vsrl(xS(ctx->opcode));
+TCGv EA;
+
+if (unlikely(!ctx->vsx_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VSXU);
+return;
+}
+gen_set_access_type(ctx, ACCESS_INT);
+EA = tcg_temp_new();
+gen_addr_reg_index(ctx, EA);
+if (ctx->le_mode) {
+gen_helper_bswap16x4(xsh, xsh);
+tcg_gen_qemu_st_i64(xsh, EA, ctx->mem_idx, MO_BEQ);
+tcg_gen_addi_tl(EA, EA, 8);
+gen_helper_bswap16x4(xsl, xsl);
+tcg_gen_qemu_st_i64(xsl, EA, ctx->mem_idx, MO_BEQ);
+} else {
+tcg_gen_qemu_st_i64(xsh, EA, ctx->mem_idx, MO_BEQ);
+tcg_gen_addi_tl(EA, EA, 8);
+tcg_gen_qemu_st_i64(xsl, EA, ctx->mem_idx, MO_BEQ);
+}
+tcg_temp_free(EA);
+}
+
 #define MV_VSRW(name, tcgop1, tcgop2, target, source)   \
 static void gen_##name(DisasContext *ctx)   \
 {   \
diff --git a/target-ppc/translate/vsx-ops.inc.c 
b/target-ppc/translate/vsx-ops.inc.c
index c52e6ff..17975ec 100644
--- a/target-ppc/translate/vsx-ops.inc.c
+++ b/target-ppc/translate/vsx-ops.inc.c
@@ -16,6 +16,7 @@ GEN_HANDLER_E(stxsiwx, 0x1F, 0xC, 0x04, 0, PPC_NONE, 
PPC2_VSX207),
 GEN_HANDLER_E(stxsspx, 0x1F, 0xC, 0x14, 0, PPC_NONE, PPC2_VSX207),
 GEN_HANDLER_E(stxvd2x, 0x1F, 0xC, 0x1E, 0, PPC_NONE, PPC2_VSX),
 GEN_HANDLER_E(stxvw4x, 0x1F, 0xC, 0x1C, 0, PPC_NONE, PPC2_VSX),
+GEN_HANDLER_E(stxvh8x, 0x1F, 0x0C, 0x1D, 0, PPC_NONE,  PPC2_ISA300),
 
 GEN_HANDLER_E(mfvsrwz, 0x1F, 0x13, 0x03, 0xF800, PPC_NONE, PPC2_VSX207),
 GEN_HANDLER_E(mtvsrwa, 0x1F, 0x13, 0x06, 0xF800, PPC_NONE, PPC2_VSX207),
-- 
2.7.4

[Qemu-devel] [PATCH v4 2/9] target-ppc: Implement mtvsrdd instruction

[Nikunj A Dadhania]

From: Ravi Bangoria 

mtvsrdd: Move To VSR Double Doubleword

Signed-off-by: Ravi Bangoria 
Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate/vsx-impl.inc.c | 23 +++
 target-ppc/translate/vsx-ops.inc.c  |  1 +
 2 files changed, 24 insertions(+)

diff --git a/target-ppc/translate/vsx-impl.inc.c 
b/target-ppc/translate/vsx-impl.inc.c
index b669e8c..f9db1d4 100644
--- a/target-ppc/translate/vsx-impl.inc.c
+++ b/target-ppc/translate/vsx-impl.inc.c
@@ -234,6 +234,29 @@ static void gen_mfvsrld(DisasContext *ctx)
 tcg_gen_mov_i64(cpu_gpr[rA(ctx->opcode)], cpu_vsrl(xS(ctx->opcode)));
 }
 
+static void gen_mtvsrdd(DisasContext *ctx)
+{
+if (xT(ctx->opcode) < 32) {
+if (unlikely(!ctx->vsx_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VSXU);
+return;
+}
+} else {
+if (unlikely(!ctx->altivec_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VPU);
+return;
+}
+}
+
+if (!rA(ctx->opcode)) {
+tcg_gen_movi_i64(cpu_vsrh(xT(ctx->opcode)), 0);
+} else {
+   tcg_gen_mov_i64(cpu_vsrh(xT(ctx->opcode)), cpu_gpr[rA(ctx->opcode)]);
+}
+
+tcg_gen_mov_i64(cpu_vsrl(xT(ctx->opcode)), cpu_gpr[rB(ctx->opcode)]);
+}
+
 #endif
 
 static void gen_xxpermdi(DisasContext *ctx)
diff --git a/target-ppc/translate/vsx-ops.inc.c 
b/target-ppc/translate/vsx-ops.inc.c
index 3b296f8..1287973 100644
--- a/target-ppc/translate/vsx-ops.inc.c
+++ b/target-ppc/translate/vsx-ops.inc.c
@@ -23,6 +23,7 @@ GEN_HANDLER_E(mtvsrwz, 0x1F, 0x13, 0x07, 0xF800, 
PPC_NONE, PPC2_VSX207),
 GEN_HANDLER_E(mfvsrd, 0x1F, 0x13, 0x01, 0xF800, PPC_NONE, PPC2_VSX207),
 GEN_HANDLER_E(mtvsrd, 0x1F, 0x13, 0x05, 0xF800, PPC_NONE, PPC2_VSX207),
 GEN_HANDLER_E(mfvsrld, 0X1F, 0x13, 0x09, 0xF800, PPC_NONE, PPC2_ISA300),
+GEN_HANDLER_E(mtvsrdd, 0X1F, 0x13, 0x0D, 0x0, PPC_NONE, PPC2_ISA300),
 #endif
 
 #define GEN_XX1FORM(name, opc2, opc3, fl2)  \
-- 
2.7.4

[Qemu-devel] [PATCH v4 0/9] POWER9 TCG enablements - part4

[Nikunj A Dadhania]

This series contains 7 new instructions for POWER9 ISA3.0
Use newer qemu load/store tcg helpers and optimize stxvw4x and lxvw4x.

GCC was adding epilogue for every VSX instructions causing change in 
behaviour. For testing the load vector instructions used mfvsrld/mfvsrd 
for loading vsr to register. And for testing store vector, used mtvsrdd 
instructions. This helped in getting rid of the epilogue added by gcc. Tried 
adding the test cases to kvm-unit-tests, but executing vsx instructions 
results in cpu exception. Will debug that later. I will send the test code 
and steps to execute as reply to this email.

Patches:
01:  mfvsrld: Move From VSR Lower Doubleword
02:  mtvsrdd: Move To VSR Double Doubleword
03:  mtvsrws: Move To VSR Word & Splat
05:  lxvw4x: improve implementation
05:  stxv4x: improve implementation
06:  lxvh8x: Load VSX Vector Halfword*8
07:  stxvh8x: Store VSX Vector Halfword*8
08:  lxvb16x: Load VSX Vector Byte*16
09:  stxvb16x: Store VSX Vector Byte*16

Changelog:
v3:
* Added 3 new VSR instructions.
* Fixed all the vector load/store instructions for BE/LE.
* Added detailed commit messages to patches.
* Dropped deposit32x2 and implemented it using tcg ops

v2: 
* Fix lxvw4x/stxv4x translation as LE/BE were both similar 
  one in tcg and other as helper
* Rename bswap32x2 to deposit32x2 as it does not need to 
  swap content(32bit)
* stxvh8x had a bug as David suggested.

v1: 
* More load/store cleanups in byte reverse routines
* ld64/st64 converted to newer macro and updated call sites
* Cleanup load with reservation and store conditional
* Return invalid random for darn instruction

v0:
* darn - read /dev/random to get the random number
* xxspltib - make is PPC64 only
* Consolidate load/store operations and use macros to generate qemu_st/ld
* Simplify load/store vsx endian manipulation

Nikunj A Dadhania (6):
  target-ppc: improve lxvw4x implementation
  target-ppc: improve stxvw4x implementation
  target-ppc: add lxvh8x instruction
  target-ppc: add stxvh8x instruction
  target-ppc: add lxvb16x instruction
  target-ppc: add stxvb16x instruction

Ravi Bangoria (3):
  target-ppc: Implement mfvsrld instruction
  target-ppc: Implement mtvsrdd instruction
  target-ppc: Implement mtvsrws instruction

 target-ppc/helper.h |   1 +
 target-ppc/mem_helper.c |   6 +
 target-ppc/translate/vsx-impl.inc.c | 214 
 target-ppc/translate/vsx-ops.inc.c  |   7 ++
 4 files changed, 204 insertions(+), 24 deletions(-)

-- 
2.7.4

[Qemu-devel] [PATCH v4 1/9] target-ppc: Implement mfvsrld instruction

[Nikunj A Dadhania]

From: Ravi Bangoria 

mfvsrld: Move From VSR Lower Doubleword

Signed-off-by: Ravi Bangoria 
Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate/vsx-impl.inc.c | 17 +
 target-ppc/translate/vsx-ops.inc.c  |  1 +
 2 files changed, 18 insertions(+)

diff --git a/target-ppc/translate/vsx-impl.inc.c 
b/target-ppc/translate/vsx-impl.inc.c
index eee6052..b669e8c 100644
--- a/target-ppc/translate/vsx-impl.inc.c
+++ b/target-ppc/translate/vsx-impl.inc.c
@@ -217,6 +217,23 @@ static void gen_##name(DisasContext *ctx)  
 \
 MV_VSRD(mfvsrd, cpu_gpr[rA(ctx->opcode)], cpu_vsrh(xS(ctx->opcode)))
 MV_VSRD(mtvsrd, cpu_vsrh(xT(ctx->opcode)), cpu_gpr[rA(ctx->opcode)])
 
+static void gen_mfvsrld(DisasContext *ctx)
+{
+if (xS(ctx->opcode) < 32) {
+if (unlikely(!ctx->vsx_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VSXU);
+return;
+}
+} else {
+if (unlikely(!ctx->altivec_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VPU);
+return;
+}
+}
+
+tcg_gen_mov_i64(cpu_gpr[rA(ctx->opcode)], cpu_vsrl(xS(ctx->opcode)));
+}
+
 #endif
 
 static void gen_xxpermdi(DisasContext *ctx)
diff --git a/target-ppc/translate/vsx-ops.inc.c 
b/target-ppc/translate/vsx-ops.inc.c
index 414b73b..3b296f8 100644
--- a/target-ppc/translate/vsx-ops.inc.c
+++ b/target-ppc/translate/vsx-ops.inc.c
@@ -22,6 +22,7 @@ GEN_HANDLER_E(mtvsrwz, 0x1F, 0x13, 0x07, 0xF800, 
PPC_NONE, PPC2_VSX207),
 #if defined(TARGET_PPC64)
 GEN_HANDLER_E(mfvsrd, 0x1F, 0x13, 0x01, 0xF800, PPC_NONE, PPC2_VSX207),
 GEN_HANDLER_E(mtvsrd, 0x1F, 0x13, 0x05, 0xF800, PPC_NONE, PPC2_VSX207),
+GEN_HANDLER_E(mfvsrld, 0X1F, 0x13, 0x09, 0xF800, PPC_NONE, PPC2_ISA300),
 #endif
 
 #define GEN_XX1FORM(name, opc2, opc3, fl2)  \
-- 
2.7.4

[Qemu-devel] [PATCH v4 3/9] target-ppc: Implement mtvsrws instruction

[Nikunj A Dadhania]

From: Ravi Bangoria 

mtvsrws: Move To VSR Word & Splat

Signed-off-by: Ravi Bangoria 
Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate/vsx-impl.inc.c | 23 +++
 target-ppc/translate/vsx-ops.inc.c  |  1 +
 2 files changed, 24 insertions(+)

diff --git a/target-ppc/translate/vsx-impl.inc.c 
b/target-ppc/translate/vsx-impl.inc.c
index f9db1d4..74d0533 100644
--- a/target-ppc/translate/vsx-impl.inc.c
+++ b/target-ppc/translate/vsx-impl.inc.c
@@ -257,6 +257,29 @@ static void gen_mtvsrdd(DisasContext *ctx)
 tcg_gen_mov_i64(cpu_vsrl(xT(ctx->opcode)), cpu_gpr[rB(ctx->opcode)]);
 }
 
+static void gen_mtvsrws(DisasContext *ctx)
+{
+TCGv_i64 tmp1 = tcg_temp_new_i64();
+
+if (xT(ctx->opcode) < 32) {
+if (unlikely(!ctx->vsx_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VSXU);
+return;
+}
+} else {
+if (unlikely(!ctx->altivec_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VPU);
+return;
+}
+}
+
+tcg_gen_andi_i64(tmp1, cpu_gpr[rA(ctx->opcode)], 0x);
+tcg_gen_deposit_i64(cpu_vsrl(xT(ctx->opcode)), tmp1, tmp1, 32, 32);
+tcg_gen_mov_i64(cpu_vsrh(xT(ctx->opcode)), cpu_vsrl(xT(ctx->opcode)));
+
+tcg_temp_free_i64(tmp1);
+}
+
 #endif
 
 static void gen_xxpermdi(DisasContext *ctx)
diff --git a/target-ppc/translate/vsx-ops.inc.c 
b/target-ppc/translate/vsx-ops.inc.c
index 1287973..d5f5b87 100644
--- a/target-ppc/translate/vsx-ops.inc.c
+++ b/target-ppc/translate/vsx-ops.inc.c
@@ -24,6 +24,7 @@ GEN_HANDLER_E(mfvsrd, 0x1F, 0x13, 0x01, 0xF800, PPC_NONE, 
PPC2_VSX207),
 GEN_HANDLER_E(mtvsrd, 0x1F, 0x13, 0x05, 0xF800, PPC_NONE, PPC2_VSX207),
 GEN_HANDLER_E(mfvsrld, 0X1F, 0x13, 0x09, 0xF800, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER_E(mtvsrdd, 0X1F, 0x13, 0x0D, 0x0, PPC_NONE, PPC2_ISA300),
+GEN_HANDLER_E(mtvsrws, 0x1F, 0x13, 0x0C, 0xF800, PPC_NONE, PPC2_ISA300),
 #endif
 
 #define GEN_XX1FORM(name, opc2, opc3, fl2)  \
-- 
2.7.4

[Qemu-devel] [PATCH] target-i386: fix losing XCR0 processor state component bits

[Wanpeng Li]

From: Wanpeng Li 

Commit 96193c22a "target-i386: Move xsave component mask to features array"
leverages features array to handle XCR0 processor state component bits, 
however, it introduces a regression:

warning: host doesn't support requested feature: CPUID.0DH:EAX [bit 0]
warning: host doesn't support requested feature: CPUID.0DH:EAX [bit 1]
warning: host doesn't support requested feature: CPUID.0DH:EAX [bit 2]

My desktop doesn't have enough advance features, so just X87,SSE,AVX 
warnings are splat when I boot a guest.

The get migratable flags logic in x86_cpu_filter_features() path will 
filter out the feature flags which are unsupported and unmigratable. 
However, the bits of XCR0 processor state component featureword don't 
have feat_names, and some features like SSE/AVX etc have feat_names in 
CPUID.01H:EDX, CPUID.01H:ECX, so they are treated as unsupported.

This patch fix it by don't filter out XCR0 processor state components 
bits though they don't have feat_names just as before commit 96193c22ab3.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: Michael S. Tsirkin 
Signed-off-by: Wanpeng Li 
---
 target-i386/cpu.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index ad09246..9d24eff 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2156,6 +2156,10 @@ static uint32_t 
x86_cpu_get_supported_feature_word(FeatureWord w,
 r = kvm_arch_get_supported_cpuid(kvm_state, wi->cpuid_eax,
 wi->cpuid_ecx,
 wi->cpuid_reg);
+if ((w == FEAT_XSAVE_COMP_LO) ||
+(w == FEAT_XSAVE_COMP_HI)) {
+return r;
+}
 } else if (tcg_enabled()) {
 r = wi->tcg_features;
 } else {
-- 
1.9.1

Re: [Qemu-devel] [PATCH v6 RFC] block/vxhs: Initial commit to add Veritas HyperScale VxHS block device support

[ashish mittal]

On Wed, Sep 21, 2016 at 8:03 AM, Paolo Bonzini  wrote:
>
>
> On 21/09/2016 03:07, Ashish Mittal wrote:
>> +int32_t vxhs_qnio_iio_writev(void *qnio_ctx, uint32_t rfd, struct iovec 
>> *iov,
>> +int iovcnt, uint64_t offset,
>> +void *ctx, uint32_t flags);
>> +int32_t vxhs_qnio_iio_readv(void *qnio_ctx, uint32_t rfd, struct iovec *iov,
>> +int iovcnt, uint64_t offset,
>> +void *ctx, uint32_t flags);
>> +int32_t vxhs_qnio_iio_ioctl(void *apictx, uint32_t rfd, uint32_t opcode,
>> +int64_t *in, void *ctx,
>> +uint32_t flags);
>
> Since you have wrappers for this, please use less verbose arguments, such as
>
> - BDRVVXHSState *s instead of the void * (qnio_ctx = s->qnio_ctx)
>
> - int idx instead of uint32_t rfd (rfd = s->vdisk_hostinfo[idx].vdisk_rfd)
>
> - the QEMUIOVector * instead of the iov/iovcnt pair
>

I have hopefully got all of these. Please let me know if any others
need changed.

> Likewise I suggest adding a wrapper
>
> void vxhs_qnio_iio_close(BDRVVXHSState *s, int idx)
> {
> if (s->vdisk_hostinfo[idx].vdisk_rfd >= 0) {
> iio_devclose(s->qnio_ctx, 0, s->vdisk_hostinfo[i].vdisk_rfd);
> s->vdisk_hostinfo[i].vdisk_rfd = -1;
> }
>
>
> if (s->vdisk_hostinfo[i].qnio_cfd >= 0) {
> iio_close(s->qnio_ctx, s->vdisk_hostinfo[i].qnio_cfd);
> s->vdisk_hostinfo[i].qnio_cfd = -1;
> }
> }
>

Done.

> (Likewise, iio_open/iio_devopen always happen in pairs and always build the
> openflame URI, so that's another candidate for a wrapper function).
>

Done.

> Also on the topic of closing:
>
> - there's no loop that initializes vdisk_rfd's and qnio_cfd's to -1.
>

vxhs_close() calling vxhs_qnio_iio_close() in a loop should initialize
rfd and cfd to -1 for all VXHS_MAX_HOSTS. Please let me know if I
missed this somewhere else.

> - here you are closing a vdisk_rfd twice:
>
> +if (s->vdisk_hostinfo[s->vdisk_cur_host_idx].vdisk_rfd >= 0) {
> +iio_devclose(s->qnio_ctx, 0,
> +s->vdisk_hostinfo[s->vdisk_cur_host_idx].vdisk_rfd);
> +}
>
> because later you have another call to iio_devclose within
> "for (i = 0; i < VXHS_MAX_HOSTS; i++) {".  (It's also the only place
> that calls iio_devclose and not iio_close).
>

Fixed. Thanks!

>>
>> +if (s->vdisk_hostinfo[index].qnio_cfd < 0) {
>> +s->vdisk_hostinfo[index].qnio_cfd =
>> +iio_open(global_qnio_ctx, of_vsa_addr, 0);
>
> s->qnio_ctx seems to be always equal to global_qnio_ctx.  If that's
> how the API works that's fine, however please use s->qnio_ctx consistently.
> Initialize it early.
>

Yes, they are the same. I am now using global_qnio_ctx in
vxhs_qnio_iio_open() to avoid passing an additional arg. Let me know
if I should change this to get rid of the global variable.

>> + * Return Value:
>> + *  On Success : return VXHS_VECTOR_ALIGNED
>> + *  On Failure : return VXHS_VECTOR_NOT_ALIGNED.
>> + */
>> +int vxhs_is_iovector_read_aligned(struct iovec *iov, int niov, size_t 
>> sector)
>
> Pass a QEMUIOVector here too.
>

Changed in all places to pass QEMUIOVector * instead of iiv/niov pair.

>> +{
>> +int i;
>> +
>> +if (!iov || niov == 0) {
>> +return VXHS_VECTOR_ALIGNED;
>> +}
>
> Unnecessary "if".  The loop below never rolls if niov == 0, and you should
> never have "!iov && niov > 0".
>

Fixed.

>> +for (i = 0; i < niov; i++) {
>> +if (iov[i].iov_len % sector != 0) {
>> +return VXHS_VECTOR_NOT_ALIGNED;
>> +}
>> +}
>> +return VXHS_VECTOR_ALIGNED;
>> +}
>
> Please return just true or false.
>

Fixed.

>> +void *vxhs_convert_iovector_to_buffer(struct iovec *iov, int niov,
>> +  size_t sector)
>> +{
>> +void *buf = NULL;
>> +size_t size = 0;
>> +
>> +if (!iov || niov == 0) {
>> +return buf;
>> +}
>> +
>> +size = vxhs_calculate_iovec_size(iov, niov);
>
> If you have the QEMUIOVector, vxhs_calculate_iovec_size is just qiov->size.
>

Fixed. Thanks!

>> +buf = qemu_memalign(sector, size);
>> +if (!buf) {
>> +trace_vxhs_convert_iovector_to_buffer(size);
>> +errno = -ENOMEM;
>> +return NULL;
>> +}
>> +return buf;
>> +}
>> +
>
> This function should use qemu_try_memalign, not qemu_memalign.  But it is
> obviously not very well tested, because the !iov || niov == 0 case doesn't
> set errno and returns NULL.
>
> You should just use qemu_try_memalign(qiov->size, BDRV_SECTOR_SIZE) in the
> caller.
>

Changed to use qemu_try_memalign(). The error condition should be
caught when we detect NULL as below:
buffer = vxhs_convert_iovector_to_buffer(qiov);
if (buffer == NULL) {
return -ENOMEM;
}


> However, why is alignment check 

Re: [Qemu-devel] [PATCH v2 2/6] intc/i8259: implement InterruptStatsProvider interface

[Hervé Poussineau]

Le 28/09/2016 à 03:37, David Gibson a écrit :

On Tue, Sep 27, 2016 at 08:49:47PM +0200, Hervé Poussineau wrote:

Le 27/09/2016 à 06:11, David Gibson a écrit :

On Mon, Sep 26, 2016 at 10:23:24PM +0200, Hervé Poussineau wrote:

Signed-off-by: Hervé Poussineau 
---
 hw/intc/i8259.c | 37 +
 1 file changed, 37 insertions(+)

diff --git a/hw/intc/i8259.c b/hw/intc/i8259.c
index c2607a5..75c8d22 100644
--- a/hw/intc/i8259.c
+++ b/hw/intc/i8259.c
@@ -29,6 +29,7 @@
 #include "qemu/timer.h"
 #include "qemu/log.h"
 #include "hw/isa/i8259_internal.h"
+#include "hw/intc/intc.h"

 /* debug PIC */
 //#define DEBUG_PIC
@@ -251,6 +252,35 @@ static void pic_reset(DeviceState *dev)
 pic_init_reset(s);
 }

+static bool pic_get_statistics(InterruptStatsProvider *obj,
+   uint64_t **irq_counts, unsigned int *nb_irqs)
+{
+PICCommonState *s = PIC_COMMON(obj);
+
+if (s->master) {
+#ifdef DEBUG_IRQ_COUNT
+*irq_counts = irq_count;


So, the irq_counts return parameter is set to point at an internal
structure of the intc, in this and the other implementations.

Is that safe, without some contract about how long the array pointer
is valid and/or correct?  Could it be a problem if in future we tried
to implement this for an intc that doesn't keep irq stats as a simple
array (e.g. kept the count in a structure also containing other
information for each irq)?


I implemented the interface with more than 15 interrupt controllers in hw/intc.
It worked well for all of them. In fact, most of the times, the device is doing 
something like:


Ok, that's a pretty strong argument.


my_device_irq_handler(int n)
{
  MyDeviceState *s = ...;
  qemu_irq_raise(s->master_irq);
}

realize()
{
  qemu_allocate_irqs(my_device_irq_handler, NB_IRQS)
}

It's quite easy to add in MyDeviceState:
  uint64_t irq_count[NB_IRQS] in MyDeviceState;
and adding in my_device_irq_handler
  s->irq_count[n]++;

We can maybe add a note on the interface that:
- the pointer must remain valid for the whole life of the device,
- the contents may stale, but must not be invalid

For your intc, you'll need to have a second array irq_count, which is updated 
on each
get_statistics() call.


I'm wondering if a safer interface might be to actually copy out a
snapshot of the counts, which the caller is responsible for freeing.


In that case, all implementations will have to do g_malloc + memcpy, and caller 
will have to call g_free.
That's possible, but IMO less easy to implement on device side.


True.

I still feel a bit uneasy without having some sort of description of
the length of validity of the pointer.  With the current
implementation and use cases, it seems like "until the BQL is next
dropped" would be about right.  Does that seem like it's correct to you?


Yes, it seems correct.
I can add in interface header that:
"Returned pointer and statistics must remain valid until the BQL is next 
dropped"

Does it require a v3?





Hervé




+*nb_irqs = ARRAY_SIZE(irq_count);
+#else
+return false;
+#endif
+} else {
+*irq_counts = NULL;
+*nb_irqs = 0;
+}
+return true;
+}
+

Re: [Qemu-devel] [PATCH v3] ide: Fix memory leak in ide_register_restart_cb()

[Ashijeet Acharya]

On Wed, Sep 28, 2016 at 3:58 AM, John Snow  wrote:
>
>
> On 09/27/2016 12:53 PM, Ashijeet Acharya wrote:
>>
>> Fix a memory leak in ide_register_restart_cb() in hw/ide/core.c and add
>> idebus_unrealize() in hw/ide/qdev.c to have calls to
>> qemu_del_vm_change_state_handler() to deal with the dangling change
>> state handler during hot-unplugging ide devices which might lead to a
>> crash.
>>
>
> In the future, please rebase your patches on top of the current git master
> when you resend.

Yeah, sorry about that.

>
>
>> Signed-off-by: Ashijeet Acharya 
>> ---
>> Changes in v3:
>> -Use smaller conditional (bus->vmstate) only
>> ---
>>  hw/ide/core.c |  2 +-
>>  hw/ide/qdev.c | 11 +++
>>  include/hw/ide/internal.h |  1 +
>>  3 files changed, 13 insertions(+), 1 deletion(-)
>>
>> diff --git a/hw/ide/core.c b/hw/ide/core.c
>> index 45b6df1..eecbb47 100644
>> --- a/hw/ide/core.c
>> +++ b/hw/ide/core.c
>> @@ -2582,7 +2582,7 @@ static void ide_restart_cb(void *opaque, int
>> running, RunState state)
>>  void ide_register_restart_cb(IDEBus *bus)
>>  {
>>  if (bus->dma->ops->restart_dma) {
>> -qemu_add_vm_change_state_handler(ide_restart_cb, bus);
>> +bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb,
>> bus);
>>  }
>>  }
>>
>> diff --git a/hw/ide/qdev.c b/hw/ide/qdev.c
>> index 2eb055a..7e186bd 100644
>> --- a/hw/ide/qdev.c
>> +++ b/hw/ide/qdev.c
>> @@ -31,6 +31,7 @@
>>  /* - */
>>
>>  static char *idebus_get_fw_dev_path(DeviceState *dev);
>> +static void idebus_unrealize(DeviceState *qdev, Error **errp);
>>
>>  static Property ide_props[] = {
>>  DEFINE_PROP_UINT32("unit", IDEDevice, unit, -1),
>> @@ -44,6 +45,15 @@ static void ide_bus_class_init(ObjectClass *klass, void
>> *data)
>>  k->get_fw_dev_path = idebus_get_fw_dev_path;
>>  }
>>
>> +static void idebus_unrealize(DeviceState *qdev, Error **errp)
>> +{
>> +IDEBus *bus = DO_UPCAST(IDEBus, qbus, qdev->parent_bus);
>> +
>> +if (bus->vmstate) {
>> +qemu_del_vm_change_state_handler(bus->vmstate);
>
>
> Also in the future, keep an eye out for whitespace changes, too.
>
>> +}
>> +}
>> +
>>  static const TypeInfo ide_bus_info = {
>>  .name = TYPE_IDE_BUS,
>>  .parent = TYPE_BUS,
>> @@ -355,6 +365,7 @@ static void ide_device_class_init(ObjectClass *klass,
>> void *data)
>>  k->init = ide_qdev_init;
>>  set_bit(DEVICE_CATEGORY_STORAGE, k->categories);
>>  k->bus_type = TYPE_IDE_BUS;
>> +k->unrealize = idebus_unrealize;
>>  k->props = ide_props;
>>  }
>>
>> diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h
>> index 7824bc3..2103261 100644
>> --- a/include/hw/ide/internal.h
>> +++ b/include/hw/ide/internal.h
>> @@ -480,6 +480,7 @@ struct IDEBus {
>>  uint8_t retry_unit;
>>  int64_t retry_sector_num;
>>  uint32_t retry_nsector;
>> +VMChangeStateEntry *vmstate;
>>  };
>>
>>  #define TYPE_IDE_DEVICE "ide-device"
>>
>
> I made the minor rebase and whitespace edit in my tree, and with that:
>
> Reviewed-by: John Snow 
>
> Thanks, applied to my IDE tree:

Great! Thanks a lot.

Ashijeet
>
> https://github.com/jnsnow/qemu/commits/ide
> https://github.com/jnsnow/qemu.git
>
> --js

[Qemu-devel] [PATCH v7 RFC] block/vxhs: Initial commit to add Veritas HyperScale VxHS block device support

[Ashish Mittal]

This patch adds support for a new block device type called "vxhs".
Source code for the library that this code loads can be downloaded from:
https://github.com/MittalAshish/libqnio.git

Sample command line using JSON syntax:
./qemu-system-x86_64 -name instance-0008 -S -vnc 0.0.0.0:0 -k en-us -vga 
cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -msg 
timestamp=on 
'json:{"driver":"vxhs","vdisk_id":"{c3e9095a-a5ee-4dce-afeb-2a59fb387410}","server":[{"host":"172.172.17.4","port":""},{"host":"172.172.17.2","port":""}]}'

Sample command line using URI syntax:
qemu-img convert -f raw -O raw -n 
/var/lib/nova/instances/_base/0c5eacd5ebea5ed914b6a3e7b18f1ce734c386ad 
vxhs://192.168.0.1:/%7Bc6718f6b-0401-441d-a8c3-1f0064d75ee0%7D

Signed-off-by: Ashish Mittal 
---
v7 changelog:
(1) Got rid of the header file and most of function forward-declarations.
(2) Added wrappers for vxhs_qnio_iio_open() and vxhs_qnio_iio_close()
(3) Fixed a double close attempt of vdisk_rfd.
(4) Changed to pass QEMUIOVector * in a couple of functions instead of
individual structure members.
(5) Got rid of VXHS_VECTOR_ALIGNED/NOT_ALIGNED.
(6) Got rid of vxhs_calculate_iovec_size().
(7) Changed to use qemu_try_memalign().
(8) Got rid of unnecessary "else" conditions in a couple of places.
(9) Limited the filename case to pass a single URI in vxhs_parse_uri().
Users will have to use the host/port/vdisk_id syntax to specify
multiple host information.
(10) Inlined couple of macros including the ones for qemu_spin_unlock.
(11) Other miscellaneous changes.

v6 changelog:
(1) Removed cJSON dependency out of the libqnioshim layer.
(2) Merged libqnioshim code into qemu vxhs driver proper.
Now qemu-vxhs code only links with libqnio.so.
(3) Replaced use of custom spinlocks with qemu_spin_lock.

v5 changelog:
(1) Removed unused functions.
(2) Changed all qemu_ prefix for functions defined in libqnio and vxhs.c.
(3) Fixed memory leaks in vxhs_qemu_init() and on the close of vxhs device.
(4) Added upper bounds check on num_servers.
(5) Close channel fds whereever necessary.
(6) Changed vdisk_size to int64_t for 32-bit compilations.
(7) Added message to configure file to indicate if vxhs is enabled or not.

v4 changelog:
(1) Reworked QAPI/JSON parsing.
(2) Reworked URI parsing as suggested by Kevin.
(3) Fixes per review comments from Stefan on v1.
(4) Fixes per review comments from Daniel on v3.

v3 changelog:
(1) Implemented QAPI interface for passing VxHS block device parameters.

v2 changelog:
(1) Removed code to dlopen library. We now check if libqnio is installed during
configure, and directly link with it.
(2) Changed file headers to mention GPLv2-or-later license.
(3) Removed unnecessary type casts and inlines.
(4) Removed custom tokenize function and modified code to use g_strsplit.
(5) Replaced malloc/free with g_new/g_free and removed code that checks for
memory allocation failure conditions.
(6) Removed some block ops implementations that were place-holders only.
(7) Removed all custom debug messages. Added new messages in block/trace-events
(8) Other miscellaneous corrections.

v1 changelog:
(1) First patch submission for review comments.

 block/Makefile.objs |2 +
 block/trace-events  |   47 ++
 block/vxhs.c| 1645 +++
 configure   |   41 ++
 4 files changed, 1735 insertions(+)
 create mode 100644 block/vxhs.c

diff --git a/block/Makefile.objs b/block/Makefile.objs
index 7d4031d..1861bb9 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -18,6 +18,7 @@ block-obj-$(CONFIG_LIBNFS) += nfs.o
 block-obj-$(CONFIG_CURL) += curl.o
 block-obj-$(CONFIG_RBD) += rbd.o
 block-obj-$(CONFIG_GLUSTERFS) += gluster.o
+block-obj-$(CONFIG_VXHS) += vxhs.o
 block-obj-$(CONFIG_ARCHIPELAGO) += archipelago.o
 block-obj-$(CONFIG_LIBSSH2) += ssh.o
 block-obj-y += accounting.o dirty-bitmap.o
@@ -38,6 +39,7 @@ rbd.o-cflags   := $(RBD_CFLAGS)
 rbd.o-libs := $(RBD_LIBS)
 gluster.o-cflags   := $(GLUSTERFS_CFLAGS)
 gluster.o-libs := $(GLUSTERFS_LIBS)
+vxhs.o-libs:= $(VXHS_LIBS)
 ssh.o-cflags   := $(LIBSSH2_CFLAGS)
 ssh.o-libs := $(LIBSSH2_LIBS)
 archipelago.o-libs := $(ARCHIPELAGO_LIBS)
diff --git a/block/trace-events b/block/trace-events
index 05fa13c..44de452 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -114,3 +114,50 @@ qed_aio_write_data(void *s, void *acb, int ret, uint64_t 
offset, size_t len) "s
 qed_aio_write_prefill(void *s, void *acb, uint64_t start, size_t len, uint64_t 
offset) "s %p acb %p start %"PRIu64" len %zu offset %"PRIu64
 qed_aio_write_postfill(void *s, void *acb, uint64_t start, size_t len, 
uint64_t offset) "s %p acb %p start %"PRIu64" len %zu offset %"PRIu64
 qed_aio_write_main(void *s, void *acb, int ret, uint64_t offset, size_t len) 
"s %p acb %p ret %d offset %"PRIu64" len %zu"
+
+# block/vxhs.c
+vxhs_bdrv_init(const char c) "Registering VxHS AIO driver%c"
+vxhs_iio_c

[Qemu-devel] help!

[zhun...@gmail.com]

 Hello，recently I study  qemu source code ,and I have some questions ,can you 
help me ?
 
> 1、what is the meaning of queues in structure NICConf ? I think it is the 
> number of queues to a NIC,and I do not where it is.
> 2、In NICConf init Function，I do not found it initulize the queues of 
> NICConf，relative code is
>
> #define DEFINE_NIC_PROPERTIES(_state, _conf)\
> DEFINE_PROP_MACADDR("mac",   _state, _conf.macaddr),\
> DEFINE_PROP_VLAN("vlan", _state, _conf.peers),   \
> DEFINE_PROP_NETDEV("netdev", _state, _conf.peers),   \
> DEFINE_PROP_INT32("bootindex", _state, _conf.bootindex, -1)
>
> 3、when new a NIC,I found conf->peers.ncs is a pointer which point a 
> NetClientState array,I want to know what the array stand for?hub ports?



zhun...@gmail.com

Re: [Qemu-devel] [Qemu-ppc] [PATCH 4/4] tests: enable ohci/uhci/xhci tests on PPC64

[David Gibson]

On Tue, Sep 27, 2016 at 09:43:27AM +0200, Laurent Vivier wrote:
> 
> 
> On 27/09/2016 05:53, David Gibson wrote:
> > On Mon, Sep 26, 2016 at 04:10:49PM +0200, Laurent Vivier wrote:
> 
> >>  void qusb_pci_init_one(QPCIBus *pcibus, struct qhc *hc, uint32_t devfn, 
> >> int bar)
> >>  {
> >>  hc->dev = qpci_device_find(pcibus, devfn);
> >> @@ -31,6 +38,13 @@ void uhci_port_test(struct qhc *hc, int port, uint16_t 
> >> expect)
> >>  uint16_t value = qpci_io_readw(hc->dev, addr);
> >>  uint16_t mask = ~(UHCI_PORT_WRITE_CLEAR | UHCI_PORT_RSVD1);
> >>  
> >> +if (qtest_big_endian() && host_big_endian) {
> >> +/* little endian device on big endian guest
> >> + * must be swapped on big endian host
> >> + */
> >> +value = bswap16(value);
> >> +}
> >> +
> > 
> > Hm.. should the qpci_io_*() helpers handle the endian conversion?
> 
> I'm really wondering how to manage correctly this case (I've the same
> kind of issue with virtio).
> 
> The protocol between guest and test program reads/writes data using the
> guest CPU endianess, so it works in the overall case.

Oh.. That seems bogus; maybe we should change that.  IIUC the protocol
is transferring whole word values as strings.  In which case we should
be transferring whole word values - endianness should only come into
play if we're associating bytes in the value with addresses.

So using (poorly defined) guest endianness is a design error here - we
should use "host endianness"; really "no endianness".

> But in this case,
> hcd-uhci is a little-endian device (.endianness = DEVICE_LITTLE_ENDIAN)
> on a big endian machine, so I think in the linux driver we should have a
> "le16_to_cpu()". But in our case we can't use "le16_to_cpu()" because
> endianess of the host cpu is not the same has the one of the guest CPU.
> Perhaps I should add a "target_le16_to_cpu()"?
> 
> Thanks,
> Laurent
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PULL 00/28] Misc patches for 2016-09-26

[Peter Xu]

On Tue, Sep 27, 2016 at 06:11:59AM -0400, Paolo Bonzini wrote:
> 
> > I think we should keep it as it is, because Jason's patchset will only
> > support intel-iommu, not amd-iommu. For now, it won't have problem
> > (just like Intel IOMMU one). But after Jason's patch is merged, people
> > will be able to boot a guest with vhost and amd-iommu (which we
> > actually do not support yet), and that might be problematic.
> 
> Let's fix Jason's patch instead. :)

Then I think Jason will need to add vhost DMAR support for AMD as
well, which I believe is not in his current plan. :)

Anyway, I think we can do it either way. I can hardly believe if
someone will like to run vhost with AMD IOMMU. So IMHO it's not a big
thing for all cases.

Thanks,

-- peterx

Re: [Qemu-devel] [PATCH] pci-testdev: enhance to support new testcases

[Peter Xu]

On Tue, Sep 27, 2016 at 06:13:29AM -0400, Paolo Bonzini wrote:
> 
> > Take my example: IOMMU unit test would want the guest to send DMA/IRQ
> > request from the device's perspective. In that case, we would like to
> > "tell" the pci-testdev about where to write the DMA, and what data to
> > write specifically, or which IRQ to trigger. That's something we
> > cannot do right now. And I don't want to just add a new test case for
> > that specifically. I think we can make it more common.
> 
> Do we need to use the pci-testdev?  There's also for example
> the edu device, or we could just use virtio-serial with a null
> backend.

It's interesting to know that there is such an edu device. So it not
only suits for education, but tailored for IOMMU unit test as well. :)

-- peterx

Re: [Qemu-devel] [PATCH 3/3] linux-aio: fix re-entrant completion processing

[Fam Zheng]

On Tue, 09/27 19:55, Roman Penyaev wrote:
> > The bug is 100% deterministic.  Just boot up a guest with -drive
> > format=qcow2,aio=native.
> 
> It turns out to be that everything is broken.  I started all my
> tests with format=raw,aio=native and immediately got coroutine
> recursive.  That is completely weird.
> 
> So, what I did is the following:
> 
> 1. Took latest master (nothing works)
> 2. Did interactive rebase to 12c8720
> 12c8720 2016-06-28 | Merge remote-tracking branch
> 'remotes/stefanha/tags/block-pull-request' into staging [Peter
> Maydell]
> 
> this merge request includes all your patches related to
> virtio-blk and MQ support.
> 
> 3. Applied 0ed93d84edab. Everything works fine.

Have you tried qcow2 at this point? raw crashes with 1a62d0accdf85 doesn't mean
qcow2 is fine without it.

Fam

> 
> 4. Rebased up till 0647d47:
> 0647d47 2016-09-13 | qcow2: avoid memcpy(dst, NULL, len) [Stefan Hajnoczi]
> 
> this is the point, after which 0ed93d84edab was applied
> on master.
> 
> Got recursive coroutine, so nothing works.
> 
> 5. Did a besect, which shows this commit:
> 
> --
> commit 1a62d0accdf85fbeac149018ee8d1728e754de73
> Author: Eric Blake 
> Date:   Fri Jul 15 12:31:59 2016 -0600
> 
> block: Fragment reads to max transfer length
> --
> 
> So after this commit my commit 0ed93d84edab stops working.
> And now for me is completely not clear what is happening there.
> 
> --
> Roman
> 

Re: [Qemu-devel] [Qemu-ppc] [PATCH v2 5/6] qtest: define target cpu endianness conversion function

[David Gibson]

On Tue, Sep 27, 2016 at 08:55:58PM +0200, Laurent Vivier wrote:
> Signed-off-by: Laurent Vivier 
> ---
>  tests/libqtest.h | 57 
> 
>  1 file changed, 57 insertions(+)
> 
> diff --git a/tests/libqtest.h b/tests/libqtest.h
> index 4be1f77..4c47f2d 100644
> --- a/tests/libqtest.h
> +++ b/tests/libqtest.h
> @@ -17,6 +17,7 @@
>  #ifndef LIBQTEST_H
>  #define LIBQTEST_H
>  
> +#include "qemu/bswap.h"
>  #include "qapi/qmp/qdict.h"
>  
>  typedef struct QTestState QTestState;
> @@ -891,6 +892,62 @@ static inline bool target_big_endian(void)
>  return qtest_big_endian(global_qtest);
>  }
>  
> +/* Endianness conversion function between target cpu and specified endianess

Since the qtest accelerator essentially replaces the target cpu, it's
not really clear to me how the (default) endianness of the target cpu
comes into play.

IIUC for the purposes of the test code you'll eventually want things
converted to the *host* endianness - since that's the test code is
actually running on.

> + * uint16_t target_le16_to_cpu(uint16_t v);
> + * uint32_t target_le32_to_cpu(uint32_t v);
> + * uint64_t target_le64_to_cpu(uint64_t v);
> + * uint16_t target_be16_to_cpu(uint16_t v);
> + * uint32_t target_be32_to_cpu(uint32_t v);
> + * uint64_t target_be64_to_cpu(uint64_t v);
> + *
> + * Convert the value @v from the specified format to the native
> + * endianness of the host CPU by byteswapping if necessary, and

Should this be target CPU?

> + * return the converted value.
> + *
> + * uint16_t target_cpu_to_le16(uint16_t v);
> + * uint32_t target_cpu_to_le32(uint32_t v);
> + * uint64_t target_cpu_to_le64(uint64_t v);
> + * uint16_t target_cpu_to_be16(uint16_t v);
> + * uint32_t target_cpu_to_be32(uint32_t v);
> + * uint64_t target_cpu_to_be64(uint64_t v);
> + *
> + * Convert the value @v from the native endianness of the host CPU to
and here 
> + * the specified format by byteswapping if necessary, and return
> + * the converted value.
> + *
> + * Both target_X_to_cpu() and target_cpu_to_X() perform the same operation; 
> you
> + * should use whichever one is better documenting of the function your
> + * code is performing.
> + *
> + */
> +
> +#define le_bswap(s, v, size) (qtest_big_endian(s) ? bswap ## size(v) : (v))
> +#define be_bswap(s, v, size) (qtest_big_endian(s) ? (v) : bswap ## size(v))
> +
> +#define TARGET_CPU_CONVERT(endian, size, type)\
> +static inline type target_ ## endian ## size ## _to_cpu(type v)\
> +{\
> +return glue(endian, _bswap)(global_qtest, v, size);\
> +} \
> +\
> +static inline type target_cpu_to_ ## endian ## size(type v)\
> +{\
> +return glue(endian, _bswap)(global_qtest, v, size);\
> +}
> +
> +TARGET_CPU_CONVERT(be, 16, uint16_t)
> +TARGET_CPU_CONVERT(be, 32, uint32_t)
> +TARGET_CPU_CONVERT(be, 64, uint64_t)
> +
> +TARGET_CPU_CONVERT(le, 16, uint16_t)
> +TARGET_CPU_CONVERT(le, 32, uint32_t)
> +TARGET_CPU_CONVERT(le, 64, uint64_t)
> +
> +#undef TARGET_CPU_CONVERT
> +#undef be_bswap
> +#undef le_bswap
> +
>  QDict *qmp_fd_receive(int fd);
>  void qmp_fd_sendv(int fd, const char *fmt, va_list ap);
>  void qmp_fd_send(int fd, const char *fmt, ...);

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-ppc] [PATCH v2 6/6] tests: enable ohci/uhci/xhci tests on PPC64

[David Gibson]

On Tue, Sep 27, 2016 at 08:55:59PM +0200, Laurent Vivier wrote:
> Signed-off-by: Laurent Vivier 
> ---
>  tests/Makefile.include|  8 +++-
>  tests/libqos/usb.c|  2 +-
>  tests/usb-hcd-uhci-test.c | 24 
>  3 files changed, 24 insertions(+), 10 deletions(-)
> 
> diff --git a/tests/Makefile.include b/tests/Makefile.include
> index bca2cbc..4136959 100644
> --- a/tests/Makefile.include
> +++ b/tests/Makefile.include
> @@ -270,6 +270,12 @@ check-qtest-ppc64-y += tests/drive_del-test$(EXESUF)
>  check-qtest-ppc64-y += tests/postcopy-test$(EXESUF)
>  check-qtest-ppc64-y += tests/boot-serial-test$(EXESUF)
>  check-qtest-ppc64-y += tests/rtas-test$(EXESUF)
> +check-qtest-ppc64-y += tests/usb-hcd-ohci-test$(EXESUF)
> +gcov-files-ppc64-y += hw/usb/hcd-ohci.c
> +check-qtest-ppc64-y += tests/usb-hcd-uhci-test$(EXESUF)
> +gcov-files-ppc64-y += hw/usb/hcd-uhci.c
> +check-qtest-ppc64-y += tests/usb-hcd-xhci-test$(EXESUF)
> +gcov-files-ppc64-y += hw/usb/hcd-xhci.c
>  
>  check-qtest-sh4-y = tests/endianness-test$(EXESUF)
>  
> @@ -595,7 +601,7 @@ libqos-pc-obj-y += tests/libqos/malloc-pc.o 
> tests/libqos/libqos-pc.o
>  libqos-pc-obj-y += tests/libqos/ahci.o
>  libqos-omap-obj-y = $(libqos-obj-y) tests/libqos/i2c-omap.o
>  libqos-imx-obj-y = $(libqos-obj-y) tests/libqos/i2c-imx.o
> -libqos-usb-obj-y = $(libqos-pc-obj-y) tests/libqos/usb.o
> +libqos-usb-obj-y = $(libqos-spapr-obj-y) $(libqos-pc-obj-y) 
> tests/libqos/usb.o
>  libqos-virtio-obj-y = $(libqos-pc-obj-y) tests/libqos/virtio.o 
> tests/libqos/virtio-pci.o tests/libqos/virtio-mmio.o 
> tests/libqos/malloc-generic.o
>  
>  tests/device-introspect-test$(EXESUF): tests/device-introspect-test.o
> diff --git a/tests/libqos/usb.c b/tests/libqos/usb.c
> index f794d92..25e5f38 100644
> --- a/tests/libqos/usb.c
> +++ b/tests/libqos/usb.c
> @@ -28,7 +28,7 @@ void qusb_pci_init_one(QPCIBus *pcibus, struct qhc *hc, 
> uint32_t devfn, int bar)
>  void uhci_port_test(struct qhc *hc, int port, uint16_t expect)
>  {
>  void *addr = hc->base + 0x10 + 2 * port;
> -uint16_t value = qpci_io_readw(hc->dev, addr);
> +uint16_t value = target_le16_to_cpu(qpci_io_readw(hc->dev, addr));

This doesn't look right.  Judging by the code using qpci_io_readw() in
qpci_device_foreach() and in other tests I'm looking at,
qpci_io_readw() (and the others) are expected to return results in
*host native* order - i.e. suitable for immediate comparisons and
masks within qtest code executing on the host.

>  uint16_t mask = ~(UHCI_PORT_WRITE_CLEAR | UHCI_PORT_RSVD1);
>  
>  g_assert((value & mask) == (expect & mask));
> diff --git a/tests/usb-hcd-uhci-test.c b/tests/usb-hcd-uhci-test.c
> index c24063e..4b951ce 100644
> --- a/tests/usb-hcd-uhci-test.c
> +++ b/tests/usb-hcd-uhci-test.c
> @@ -9,9 +9,13 @@
>  
>  #include "qemu/osdep.h"
>  #include "libqtest.h"
> +#include "libqos/libqos.h"
>  #include "libqos/usb.h"
> +#include "libqos/libqos-pc.h"
> +#include "libqos/libqos-spapr.h"
>  #include "hw/usb/uhci-regs.h"
>  
> +static QOSState *qs;
>  
>  static void test_uhci_init(void)
>  {
> @@ -19,13 +23,10 @@ static void test_uhci_init(void)
>  
>  static void test_port(int port)
>  {
> -QPCIBus *pcibus;
>  struct qhc uhci;
>  
>  g_assert(port > 0);
> -pcibus = qpci_init_pc(NULL);
> -g_assert(pcibus != NULL);
> -qusb_pci_init_one(pcibus, &uhci, QPCI_DEVFN(0x1d, 0), 4);
> +qusb_pci_init_one(qs->pcibus, &uhci, QPCI_DEVFN(0x1d, 0), 4);
>  uhci_port_test(&uhci, port - 1, UHCI_PORT_CCS);
>  }
>  
> @@ -75,6 +76,7 @@ static void test_usb_storage_hotplug(void)
>  
>  int main(int argc, char **argv)
>  {
> +const char *arch = qtest_get_arch();
>  int ret;
>  
>  g_test_init(&argc, &argv, NULL);
> @@ -84,11 +86,17 @@ int main(int argc, char **argv)
>  qtest_add_func("/uhci/pci/hotplug", test_uhci_hotplug);
>  qtest_add_func("/uhci/pci/hotplug/usb-storage", 
> test_usb_storage_hotplug);
>  
> -qtest_start("-device piix3-usb-uhci,id=uhci,addr=1d.0"
> -" -drive id=drive0,if=none,file=/dev/null,format=raw"
> -" -device usb-tablet,bus=uhci.0,port=1");
> +if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
> +qs = qtest_pc_boot("-device piix3-usb-uhci,id=uhci,addr=1d.0"
> +   " -drive 
> id=drive0,if=none,file=/dev/null,format=raw"
> +   " -device usb-tablet,bus=uhci.0,port=1");
> +} else if (strcmp(arch, "ppc64") == 0) {
> +qs = qtest_spapr_boot("-device piix3-usb-uhci,id=uhci,addr=1d.0"
> +   " -drive 
> id=drive0,if=none,file=/dev/null,format=raw"
> +   " -device usb-tablet,bus=uhci.0,port=1");

Why aren't there similar ifs needed for ohci, ehci and/or xhci?

> +}
>  ret = g_test_run();
> -qtest_end();
> +qtest_shutdown(qs);
>  
>  return ret;
>  }

-- 
David Gibson| I'll have my music baroque, and my co

Re: [Qemu-devel] [PATCH v2 3/3] linux-aio: fix re-entrant completion processing

[Fam Zheng]

On Tue, 09/27 16:18, Stefan Hajnoczi wrote:
> Commit 0ed93d84edabc7656f5c998ae1a346fe8b94ca54 ("linux-aio: process
> completions from ioq_submit()") added an optimization that processes
> completions each time ioq_submit() returns with requests in flight.
> This commit introduces a "Co-routine re-entered recursively" error which
> can be triggered with -drive format=qcow2,aio=native.
> 
> Fam Zheng , Kevin Wolf , and I
> debugged the following backtrace:
> 
>   (gdb) bt
>   #0  0x70a046f5 in raise () at /lib64/libc.so.6
>   #1  0x70a062fa in abort () at /lib64/libc.so.6
>   #2  0x55ac0013 in qemu_coroutine_enter (co=0x583464d0) at 
> util/qemu-coroutine.c:113
>   #3  0x55a4b663 in qemu_laio_process_completions 
> (s=s@entry=0x57e2f7f0) at block/linux-aio.c:218
>   #4  0x55a4b874 in ioq_submit (s=s@entry=0x57e2f7f0) at 
> block/linux-aio.c:331
>   #5  0x55a4ba12 in laio_do_submit (fd=fd@entry=13, 
> laiocb=laiocb@entry=0x59d38ae0, offset=offset@entry=2932727808, 
> type=type@entry=1) at block/linux-aio.c:383
>   #6  0x55a4bbd3 in laio_co_submit (bs=, 
> s=0x57e2f7f0, fd=13, offset=2932727808, qiov=0x59d38e20, type=1) at 
> block/linux-aio.c:402
>   #7  0x55a4fd23 in bdrv_driver_preadv (bs=bs@entry=0x5663bcb0, 
> offset=offset@entry=2932727808, bytes=bytes@entry=8192, 
> qiov=qiov@entry=0x59d38e20, flags=0) at block/io.c:804
>   #8  0x55a52b34 in bdrv_aligned_preadv (bs=bs@entry=0x5663bcb0, 
> req=req@entry=0x59d38d20, offset=offset@entry=2932727808, 
> bytes=bytes@entry=8192, align=align@entry=512, 
> qiov=qiov@entry=0x59d38e20, flags=0) at block/io.c:1041
>   #9  0x55a52db8 in bdrv_co_preadv (child=, 
> offset=2932727808, bytes=8192, qiov=qiov@entry=0x59d38e20, 
> flags=flags@entry=0) at block/io.c:1133
>   #10 0x55a29629 in qcow2_co_preadv (bs=0x56635890, 
> offset=6178725888, bytes=8192, qiov=0x57527840, flags=) at 
> block/qcow2.c:1509
>   #11 0x55a4fd23 in bdrv_driver_preadv (bs=bs@entry=0x56635890, 
> offset=offset@entry=6178725888, bytes=bytes@entry=8192, 
> qiov=qiov@entry=0x57527840, flags=0) at block/io.c:804
>   #12 0x55a52b34 in bdrv_aligned_preadv (bs=bs@entry=0x56635890, 
> req=req@entry=0x59d39000, offset=offset@entry=6178725888, 
> bytes=bytes@entry=8192, align=align@entry=1, qiov=qiov@entry=0x57527840, 
> flags=0) at block/io.c:1041
>   #13 0x55a52db8 in bdrv_co_preadv (child=, 
> offset=offset@entry=6178725888, bytes=bytes@entry=8192, 
> qiov=qiov@entry=0x57527840, flags=flags@entry=0) at block/io.c:1133
>   #14 0x55a4515a in blk_co_preadv (blk=0x566356d0, 
> offset=6178725888, bytes=8192, qiov=0x57527840, flags=0) at 
> block/block-backend.c:783
>   #15 0x55a45266 in blk_aio_read_entry (opaque=0x577025e0) at 
> block/block-backend.c:991
>   #16 0x55ac0cfa in coroutine_trampoline (i0=, 
> i1=) at util/coroutine-ucontext.c:78
> 
> It turned out that re-entrant ioq_submit() and completion processing
> between three requests caused this error.  The following check is not
> sufficient to prevent recursively entering coroutines:
> 
>   if (laiocb->co != qemu_coroutine_self()) {
>   qemu_coroutine_enter(laiocb->co);
>   }
> 
> As the following coroutine backtrace shows, not just the current
> coroutine (self) can be entered.  There might also be other coroutines
> that are currently entered and transferred control due to the qcow2 lock
> (CoMutex):
> 
>   (gdb) qemu coroutine 0x583464d0
>   #0  0x55ac0c90 in qemu_coroutine_switch 
> (from_=from_@entry=0x583464d0, to_=to_@entry=0x572f9890, 
> action=action@entry=COROUTINE_ENTER) at util/coroutine-ucontext.c:175
>   #1  0x55abfe54 in qemu_coroutine_enter (co=0x572f9890) at 
> util/qemu-coroutine.c:117
>   #2  0x55ac031c in qemu_co_queue_run_restart 
> (co=co@entry=0x583462c0) at util/qemu-coroutine-lock.c:60
>   #3  0x55abfe5e in qemu_coroutine_enter (co=0x583462c0) at 
> util/qemu-coroutine.c:119
>   #4  0x55a4b663 in qemu_laio_process_completions 
> (s=s@entry=0x57e2f7f0) at block/linux-aio.c:218
>   #5  0x55a4b874 in ioq_submit (s=s@entry=0x57e2f7f0) at 
> block/linux-aio.c:331
>   #6  0x55a4ba12 in laio_do_submit (fd=fd@entry=13, 
> laiocb=laiocb@entry=0x5a338b40, offset=offset@entry=2911477760, 
> type=type@entry=1) at block/linux-aio.c:383
>   #7  0x55a4bbd3 in laio_co_submit (bs=, 
> s=0x57e2f7f0, fd=13, offset=2911477760, qiov=0x5a338e80, type=1) at 
> block/linux-aio.c:402
>   #8  0x55a4fd23 in bdrv_driver_preadv (bs=bs@entry=0x5663bcb0, 
> offset=offset@entry=2911477760, bytes=bytes@entry=8192, 
> qiov=qiov@entry=0x5a338e80, flags=0) at block/io.c:804
>   #9  0x55a52b34 in bdrv_aligned_preadv (bs=bs@entry=0x5663bcb0, 
> req=req@entry=0x5a338d80, offset=offset@entry=2911477

Re: [Qemu-devel] [PATCH v2 2/3] test-coroutine: test qemu_coroutine_entered()

[Fam Zheng]

On Tue, 09/27 16:18, Stefan Hajnoczi wrote:
> Signed-off-by: Stefan Hajnoczi 
> ---
>  tests/test-coroutine.c | 42 ++
>  1 file changed, 42 insertions(+)
> 
> diff --git a/tests/test-coroutine.c b/tests/test-coroutine.c
> index 6431dd6..abd97c2 100644
> --- a/tests/test-coroutine.c
> +++ b/tests/test-coroutine.c
> @@ -53,6 +53,47 @@ static void test_self(void)
>  }
>  
>  /*
> + * Check that qemu_coroutine_entered() works
> + */

Not related to this patch:

It's a bit weird that in this file function header comments are followed by a
blank line, and in one case it even looks like as odd as this:


static void test_order(void)
{
int i;
const struct coroutine_position expected_pos[] = {
{1, 1,}, {2, 1}, {1, 2}, {2, 2}, {1, 3}
};
do_order_test();
g_assert_cmpint(record_pos, ==, 5);
for (i = 0; i < record_pos; i++) {
g_assert_cmpint(records[i].func , ==, expected_pos[i].func );
g_assert_cmpint(records[i].state, ==, expected_pos[i].state);
}
}
/*
 * Lifecycle benchmark
 */

static void coroutine_fn empty_coroutine(void *opaque)
{
/* Do nothing */
}

> +
> +static void coroutine_fn verify_entered_step_2(void *opaque)
> +{
> +Coroutine *caller = (Coroutine *)opaque;
> +
> +g_assert(qemu_coroutine_entered(caller));
> +g_assert(qemu_coroutine_entered(qemu_coroutine_self()));
> +qemu_coroutine_yield();
> +
> +/* Once more to check it still works after yielding */
> +g_assert(qemu_coroutine_entered(caller));
> +g_assert(qemu_coroutine_entered(qemu_coroutine_self()));
> +qemu_coroutine_yield();
> +}
> +
> +static void coroutine_fn verify_entered_step_1(void *opaque)
> +{
> +Coroutine *self = qemu_coroutine_self();
> +Coroutine *coroutine;
> +
> +g_assert(qemu_coroutine_entered(self));
> +
> +coroutine = qemu_coroutine_create(verify_entered_step_2, self);
> +g_assert(!qemu_coroutine_entered(coroutine));
> +qemu_coroutine_enter(coroutine);
> +g_assert(!qemu_coroutine_entered(coroutine));
> +qemu_coroutine_enter(coroutine);
> +}
> +
> +static void test_entered(void)
> +{
> +Coroutine *coroutine;
> +
> +coroutine = qemu_coroutine_create(verify_entered_step_1, NULL);
> +g_assert(!qemu_coroutine_entered(coroutine));
> +qemu_coroutine_enter(coroutine);
> +}
> +
> +/*
>   * Check that coroutines may nest multiple levels
>   */
>  
> @@ -389,6 +430,7 @@ int main(int argc, char **argv)
>  g_test_add_func("/basic/yield", test_yield);
>  g_test_add_func("/basic/nesting", test_nesting);
>  g_test_add_func("/basic/self", test_self);
> +g_test_add_func("/basic/entered", test_entered);
>  g_test_add_func("/basic/in_coroutine", test_in_coroutine);
>  g_test_add_func("/basic/order", test_order);
>  if (g_test_perf()) {
> -- 
> 2.7.4
> 

Reviewed-by: Fam Zheng 

Re: [Qemu-devel] [PATCH] tests: Test IPv6 and ppc64 in the PXE tester

[David Gibson]

On Tue, Sep 27, 2016 at 09:17:19AM +0200, Thomas Huth wrote:
> On 27.09.2016 06:17, David Gibson wrote:
> > On Mon, Sep 26, 2016 at 10:17:46PM +0200, Thomas Huth wrote:
> >> The firmware of the pseries machine, SLOF, is able to load files via
> >> IPv6 networking, too. So to test both, network bootloading on ppc64
> >> and IPv6 (via Slirp) , let's add some PXE tests for this environment,
> >> too. Since we can not use the normal x86 boot sector for network boot
> >> loading, we use a simple Forth script on ppc64 instead.
> >>
> >> Signed-off-by: Thomas Huth 
> > 
> > I certainly approve of testing IPv6 more, a couple of queries about
> > the details though:
> > 
> >> ---
> >>  tests/Makefile.include |  1 +
> >>  tests/boot-sector.c|  9 +
> >>  tests/pxe-test.c   | 22 +++---
> >>  3 files changed, 25 insertions(+), 7 deletions(-)
> >>
> >> diff --git a/tests/Makefile.include b/tests/Makefile.include
> >> index d8101b3..18bc698 100644
> >> --- a/tests/Makefile.include
> >> +++ b/tests/Makefile.include
> >> @@ -270,6 +270,7 @@ check-qtest-ppc64-y += tests/drive_del-test$(EXESUF)
> >>  check-qtest-ppc64-y += tests/postcopy-test$(EXESUF)
> >>  check-qtest-ppc64-y += tests/boot-serial-test$(EXESUF)
> >>  check-qtest-ppc64-y += tests/rtas-test$(EXESUF)
> >> +check-qtest-ppc64-y += tests/pxe-test$(EXESUF)
> >>  
> >>  check-qtest-sh4-y = tests/endianness-test$(EXESUF)
> >>  
> >> diff --git a/tests/boot-sector.c b/tests/boot-sector.c
> >> index 3ffe298..e3193c0 100644
> >> --- a/tests/boot-sector.c
> >> +++ b/tests/boot-sector.c
> >> @@ -77,6 +77,15 @@ int boot_sector_init(const char *fname)
> >>  fprintf(stderr, "Couldn't open \"%s\": %s", fname, 
> >> strerror(errno));
> >>  return 1;
> >>  }
> >> +
> >> +/* For Open Firmware based system, we can use a Forth script instead 
> >> */
> >> +if (strcmp(qtest_get_arch(), "ppc64") == 0) {
> > 
> > As always, I'm uneasy about using arch based tests for what's really a
> > machine type property.  Still, as a test case, I guess we can fix that
> > when and if someone actually tries to run it for a ppc machine that's
> > not spapr (or an x86 machine that's not pc, theoretically speaking).
> 
> As long as we don't have a fancy qtest_get_machine() function, I think
> this is the best we can do right now. And since this code has to be
> touched anyway when another machine type should be used to run the
> boot_sector_init() function, I think it's OK to postpone this to this
> later point in time.

I concur.

> >> +memset(boot_sector, ' ', sizeof boot_sector);
> >> +sprintf((char *)boot_sector, "\\ Bootscript\n%x %x c! %x %x c!\n",
> >> +LOW(SIGNATURE), BOOT_SECTOR_ADDRESS + SIGNATURE_OFFSET,
> >> +HIGH(SIGNATURE), BOOT_SECTOR_ADDRESS + SIGNATURE_OFFSET + 
> >> 1);
> >> +}
> >> +
> >>  fwrite(boot_sector, 1, sizeof boot_sector, f);
> >>  fclose(f);
> >>  return 0;
> >> diff --git a/tests/pxe-test.c b/tests/pxe-test.c
> >> index b2cc355..0bdb7a1 100644
> >> --- a/tests/pxe-test.c
> >> +++ b/tests/pxe-test.c
> >> @@ -21,14 +21,14 @@
> >>  
> >>  static const char *disk = "tests/pxe-test-disk.raw";
> >>  
> >> -static void test_pxe_one(const char *params)
> >> +static void test_pxe_one(const char *params, bool ipv6)
> > 
> > Is it wise to keep the "PXE" name.  OF style netbooting isn't really
> > PXE in the sense of the Intel PXE spec, although it overlaps in the
> > underlying protocols used.
> 
> Strictly speaking, you're right. But the overlap from the networking
> protocol point of view is 95%, I'd guess, basically you can say that:
> 
>  PXE = TFTP + DHCP + some few DHCP extensions

(aside on subtle English usage at [0] if you're interested)

> ... and PXE also defines a x86 API which of course does not apply for ppc.
> 
> So in my experience, most people simply talk / know about PXE, but
> rather mean network booting via DHCP + TFTP. So I'm fine with keeping
> the pxe wording here, but if you like, I can also add another patch to
> get rid of this (but then the whole file should also be renamed, I
> guess? ... is this worth the effort here?)

Hm.. you convinced me.  Let's just leave the name as is.

> 
> >>  {
> >>  char *args;
> >>  
> >> -args = g_strdup_printf("-machine accel=tcg "
> >> -   "-netdev user,id=" NETNAME 
> >> ",tftp=./,bootfile=%s "
> >> -   "%s ",
> >> -   disk, params);
> >> +args = g_strdup_printf("-machine accel=tcg -boot order=n "
> >> +   "-netdev user,id=" NETNAME 
> >> ",tftp=./,bootfile=%s,"
> >> +   "ipv4=%s,ipv6=%s %s", disk, ipv6 ? "off" : 
> >> "on",
> >> +   ipv6 ? "on" : "off", params);
> >>  
> >>  qtest_start(args);
> >>  boot_sector_test();
> >> @@ -38,12 +38,17 @@ static void test_pxe_one(const char *params)
> >>  
> >>  static void test_pxe_e1000(void)
> 

Re: [Qemu-devel] [PATCH v3 07/10] ppc/pnv: add XSCOM infrastructure

[David Gibson]

On Tue, Sep 27, 2016 at 07:54:37AM +0200, Cédric Le Goater wrote:
> On 09/27/2016 04:35 AM, David Gibson wrote:
> > On Mon, Sep 26, 2016 at 06:11:36PM +0200, Cédric Le Goater wrote:
> >> On 09/23/2016 04:46 AM, David Gibson wrote:
> >>> On Thu, Sep 22, 2016 at 10:25:59AM +0200, Cédric Le Goater wrote:
> >> @@ -493,6 +525,8 @@ static void pnv_chip_power9_class_init(ObjectClass 
> >> *klass, void *data)
> >>  k->chip_cfam_id = 0x100d10498000ull; /* P9 Nimbus DD1.0 */
> >>  k->cores_mask = POWER9_CORE_MASK;
> >>  k->core_pir = pnv_chip_core_pir_p9;
> >> +k->xscom_addr = pnv_chip_xscom_addr_p9;
> >> +k->xscom_pcba = pnv_chip_xscom_pcba_p9;
> >
> > So if you do as BenH (and I) suggested and have the "scom address
> > space" actually be addressed by (pcba << 3), I think you can probably
> > avoid these.  
> 
>  I will look at that option again. 
> 
>  I was trying to untangle a few things at the same time. I have better
>  view of the problem to solve now. The bus is gone, that's was one 
>  thing. How we map these xscom regions is the next. 
> 
>  Ben suggested to add some P7/P8 mangling before the dispatch in 
>  the &address_space_xscom. This should make things cleaner. I had 
>  not thought of doing that and this is why I introduced these helpers :
> 
>  +uint32_t pnv_xscom_pcba(PnvXScomInterface *dev, uint64_t addr)
>  +uint64_t pnv_xscom_addr(PnvXScomInterface *dev, uint32_t pcba)
> 
>  which I don't really like ...
> 
>  but we must make sure that we can do the mapping of the xscom 
>  subregions in the &address_space_xscom using (pcba << 3)
> 
> 
> > Instead you can handle it in the chip or ADU realize function by either:
> >
> > P8: * map one big subregion for the ADU into &address_space_memory
> > * have the handler for that subregion do the address mangling,
> >   then redispatch into the xscom address space
> >
> > P9: * Map the appropriate chunk of the xscom address space
> >   directly into address_space_memory
> 
>  Yes that was my feeling for a better solution but Ben chimed in with the 
>  HMER topic. I need to look at that.
> >>>
> >>> Right.  Doesn't change the basic concept though - it just means you
> >>> need (slightly different) redispatchers for both P8 and P9.
> >>
> >> In fact they are the same, you only need an "addr to pcba" handler at the
> >> chip class level : 
> > 
> > Ok.  I'd been thinking of using different dispatchers as an
> > alternative to using the chip class translator hook, 
> 
> ah. yes, why not. We could have per-chip dispatchers but they 
> would have a lot in common.

Would they?  Unless you're counting the core register dispatch - and
it sounds like splitting that for P8 vs. P9 would be a good idea
anyway - I don't see that there's much in common besides the address
translation.

Note of course, that you can add a helper function that both
dispatchers can use if it's useful.

> However, I think we can get rid of 
> the xscom_pcba' handlers, they should not be needed any where 
> else than in the XSCOM dispatchers. 
> 
> > but I guess if you have the decoding of those "core" registers 
> > here as well, then that doesn't make so much sense.
> 
> yes and there is also the handling of the XSCOM failures.

Hm, ok.

> I can add some prologue handler to cover those "core" registers
> but adding a MemoryRegion, ops, init and mapping would be a lot 
> of churn just to return 0.
> 
> Thanks,
> 
> C. 
> 
> 
> >> static uint64_t xscom_read(void *opaque, hwaddr addr, unsigned width)
> >> {
> >>PnvChip *chip = opaque;
> >>uint32_t pcba = PNV_CHIP_GET_CLASS(chip)->xscom_pcba(addr);
> >>uint64_t val = 0;
> >>MemTxResult result;
> >>
> >>...
> >>
> >> val = address_space_ldq(&chip->xscom_as, pcba << 3,
> >> MEMTXATTRS_UNSPECIFIED, &result);
> >> if (result != MEMTX_OK) {
> >>
> >>   
> >>
> >> And so, the result is pretty clean. I killed the proxy object and merged 
> >> the regions in the chip but I have kept the pnv_xscom.c file because the 
> >> code related to xscom is rather large : ~250 lines. 
> > 
> > Sure, makes sense.
> > 
> >> The objects declaring a xscom region need to do some register shifting but 
> >> this is usual in mmio regions.
> >>
> >> You will see in v4.
> > 
> > Ok.
> > 
> >> +static bool xscom_dispatch_read(PnvXScom *xscom, hwaddr addr, 
> >> uint64_t *val)
> >> +{
> >> +uint32_t success;
> >> +uint8_t data[8];
> >> +
> >> +success = !address_space_rw(&xscom->xscom_as, addr, 
> >> MEMTXATTRS_UNSPECIFIED,
> >> +data, 8, false);
> >> +*val = (((uint64_t) data[0]) << 56 |
> >> +((uint64_t) data[1]) << 48 |
> >> +((uint64_t) data[2]) << 40 |
> >> + 

Re: [Qemu-devel] [PATCH v2 2/6] intc/i8259: implement InterruptStatsProvider interface

[David Gibson]

On Tue, Sep 27, 2016 at 08:49:47PM +0200, Hervé Poussineau wrote:
> Le 27/09/2016 à 06:11, David Gibson a écrit :
> > On Mon, Sep 26, 2016 at 10:23:24PM +0200, Hervé Poussineau wrote:
> > > Signed-off-by: Hervé Poussineau 
> > > ---
> > >  hw/intc/i8259.c | 37 +
> > >  1 file changed, 37 insertions(+)
> > > 
> > > diff --git a/hw/intc/i8259.c b/hw/intc/i8259.c
> > > index c2607a5..75c8d22 100644
> > > --- a/hw/intc/i8259.c
> > > +++ b/hw/intc/i8259.c
> > > @@ -29,6 +29,7 @@
> > >  #include "qemu/timer.h"
> > >  #include "qemu/log.h"
> > >  #include "hw/isa/i8259_internal.h"
> > > +#include "hw/intc/intc.h"
> > > 
> > >  /* debug PIC */
> > >  //#define DEBUG_PIC
> > > @@ -251,6 +252,35 @@ static void pic_reset(DeviceState *dev)
> > >  pic_init_reset(s);
> > >  }
> > > 
> > > +static bool pic_get_statistics(InterruptStatsProvider *obj,
> > > +   uint64_t **irq_counts, unsigned int 
> > > *nb_irqs)
> > > +{
> > > +PICCommonState *s = PIC_COMMON(obj);
> > > +
> > > +if (s->master) {
> > > +#ifdef DEBUG_IRQ_COUNT
> > > +*irq_counts = irq_count;
> > 
> > So, the irq_counts return parameter is set to point at an internal
> > structure of the intc, in this and the other implementations.
> > 
> > Is that safe, without some contract about how long the array pointer
> > is valid and/or correct?  Could it be a problem if in future we tried
> > to implement this for an intc that doesn't keep irq stats as a simple
> > array (e.g. kept the count in a structure also containing other
> > information for each irq)?
> 
> I implemented the interface with more than 15 interrupt controllers in 
> hw/intc.
> It worked well for all of them. In fact, most of the times, the device is 
> doing something like:

Ok, that's a pretty strong argument.

> my_device_irq_handler(int n)
> {
>   MyDeviceState *s = ...;
>   qemu_irq_raise(s->master_irq);
> }
> 
> realize()
> {
>   qemu_allocate_irqs(my_device_irq_handler, NB_IRQS)
> }
> 
> It's quite easy to add in MyDeviceState:
>   uint64_t irq_count[NB_IRQS] in MyDeviceState;
> and adding in my_device_irq_handler
>   s->irq_count[n]++;
> 
> We can maybe add a note on the interface that:
> - the pointer must remain valid for the whole life of the device,
> - the contents may stale, but must not be invalid
> 
> For your intc, you'll need to have a second array irq_count, which is updated 
> on each
> get_statistics() call.
> 
> > I'm wondering if a safer interface might be to actually copy out a
> > snapshot of the counts, which the caller is responsible for freeing.
> 
> In that case, all implementations will have to do g_malloc + memcpy, and 
> caller will have to call g_free.
> That's possible, but IMO less easy to implement on device side.

True.

I still feel a bit uneasy without having some sort of description of
the length of validity of the pointer.  With the current
implementation and use cases, it seems like "until the BQL is next
dropped" would be about right.  Does that seem like it's correct to you?

> 
> Hervé
> 
> > 
> > > +*nb_irqs = ARRAY_SIZE(irq_count);
> > > +#else
> > > +return false;
> > > +#endif
> > > +} else {
> > > +*irq_counts = NULL;
> > > +*nb_irqs = 0;
> > > +}
> > > +return true;
> > > +}
> > > +
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 1/2] vhost: enable any layout feature

[Yuanhan Liu]

On Tue, Sep 27, 2016 at 10:56:40PM +0300, Michael S. Tsirkin wrote:
> On Tue, Sep 27, 2016 at 11:11:58AM +0800, Yuanhan Liu wrote:
> > On Mon, Sep 26, 2016 at 10:24:55PM +0300, Michael S. Tsirkin wrote:
> > > On Mon, Sep 26, 2016 at 11:01:58AM -0700, Stephen Hemminger wrote:
> > > > I assume that if using Version 1 that the bit will be ignored
> > 
> > Yes, but I will just quote what you just said: what if the guest
> > virtio device is a legacy device? I also gave my reasons in another
> > email why I consistently set this flag:
> > 
> >   - we have to return all features we support to the guest.
> >   
> > We don't know the guest is a modern or legacy device. That means
> > we should claim we support both: VERSION_1 and ANY_LAYOUT.
> >   
> > Assume guest is a legacy device and we just set VERSION_1 (the current
> > case), ANY_LAYOUT will never be negotiated.
> >   
> >   - I'm following the way Linux kernel takes: it also set both features.
> >   
> >   Maybe, we could unset ANY_LAYOUT when VERSION_1 is _negotiated_?
> > 
> > The unset after negotiation I proposed turned out it won't work: the
> > feature is already negotiated; unsetting it only in vhost side doesn't
> > change anything. Besides, it may break the migration as Michael stated
> > below.
> 
> I think the reverse. Teach vhost user that for future machine types
> only VERSION_1 implies ANY_LAYOUT.
> 
> 
> > > Therein lies a problem. If dpdk tweaks flags, updating it
> > > will break guest migration.
> > > 
> > > One way is to require that users specify all flags fully when
> > > creating the virtio net device. 
> > 
> > Like how? By a new command line option? And user has to type
> > all those features?
> 
> Make libvirt do this.  users use management normally. those that don't
> likely don't migrate VMs.

Fair enough.

> 
> > > QEMU could verify that all required
> > > flags are set, and fail init if not.
> > > 
> > > This has other advantages, e.g. it adds ability to
> > > init device without waiting for dpdk to connect.

Will the feature negotiation between DPDK and QEMU still exist
in your proposal?

> > > 
> > > However, enabling each new feature would now require
> > > management work. How about dpdk ships the list
> > > of supported features instead?
> > > Management tools could read them on source and destination
> > > and select features supported on both sides.
> > 
> > That means the management tool would somehow has a dependency on
> > DPDK project, which I have no objection at all. But, is that
> > a good idea?
> 
> It already starts the bridge somehow, does it not?

Indeed. I was firstly thinking about reading the dpdk source file
to determine the DPDK supported feature list, with which the bind
is too tight. I later realized you may ask DPDK to provide a binary
to dump the list, or something like that.

> 
> > BTW, I'm not quite sure I followed your idea. I mean, how it supposed
> > to fix the ANY_LAYOUT issue here? How this flag will be set for
> > legacy device?
> > 
> > --yliu
> 
> For ANY_LAYOUT, I think we should just set in in qemu,
> but only for new machine types.

What do you mean by "new machine types"? Virtio device with newer
virtio-spec version?

> This addresses migration
> concerns.

To make sure I followed you, do you mean the migration issue from
an older "dpdk + qemu" combo to a newer "dpdk + qemu" combo (that
more new features might be shipped)?

Besides that, your proposal looks like a big work to accomplish.
Are you okay to make it simple first: set it consistently like
what Linux kernel does? This would at least make the ANY_LAYOUT
actually be enabled for legacy device (which is also the default
one that's widely used so far).

--yliu

> 
> But there will be more new features in the future and
> it is necessary to think how we will enable them without
> breaking migration.
> 
> -- 
> MST

Re: [Qemu-devel] [PATCH v2 1/3] coroutine: add qemu_coroutine_entered() function

[Fam Zheng]

On Tue, 09/27 16:18, Stefan Hajnoczi wrote:
> See the doc comments for a description of this new coroutine API.
> 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  include/qemu/coroutine.h | 13 +
>  util/qemu-coroutine.c|  5 +
>  2 files changed, 18 insertions(+)
> 
> diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
> index 29a2078..e6a60d5 100644
> --- a/include/qemu/coroutine.h
> +++ b/include/qemu/coroutine.h
> @@ -92,6 +92,19 @@ Coroutine *coroutine_fn qemu_coroutine_self(void);
>   */
>  bool qemu_in_coroutine(void);
>  
> +/**
> + * Return true if the coroutine is currently entered
> + *
> + * A coroutine is "entered" if it has not yielded from the current
> + * qemu_coroutine_enter() call used to run it.  This does not mean that the
> + * coroutine is currently executing code since it may have transferred 
> control
> + * to another coroutine using qemu_coroutine_enter().
> + *
> + * When several coroutines enter each other there may be no way to know which
> + * ones have already been entered.  In such situations this function can be
> + * used to avoid recursively entering coroutines.
> + */
> +bool qemu_coroutine_entered(Coroutine *co);
>  
>  
>  /**
> diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
> index 3cbf225..737bffa 100644
> --- a/util/qemu-coroutine.c
> +++ b/util/qemu-coroutine.c
> @@ -146,3 +146,8 @@ void coroutine_fn qemu_coroutine_yield(void)
>  self->caller = NULL;
>  qemu_coroutine_switch(self, to, COROUTINE_YIELD);
>  }
> +
> +bool qemu_coroutine_entered(Coroutine *co)
> +{
> +return co->caller;
> +}
> -- 
> 2.7.4
> 

Reviewed-by: Fam Zheng 

Re: [Qemu-devel] [PATCH 0/2] Add error reporting in migration

[Markus Armbruster]

John Snow  writes:

> On 09/27/2016 02:56 PM, Dr. David Alan Gilbert (git) wrote:
>> From: "Dr. David Alan Gilbert" 
>>
>> At the moment if you use a VMSTATE_*_EQUAL macro and the value
>> doesn't match you just get an error about the section that failed
>>
>> e.g.
>>   qemu-system-ppc64: error while loading state for instance 0x0 of device 
>> 'cpu'
>>   qemu-system-ppc64: load of migration failed: Invalid argument
>>
>> with this pair you get the field and the mismatched values.
>> e.g.
>>   qemu-system-ppc64: 8000600FE1FF7AE1 != 8000600FE1FF3A21
>>   qemu-system-ppc64: Failed to load cpu:env.insns_flags
>>   qemu-system-ppc64: error while loading state for instance 0x0 of device 
>> 'cpu'
>>   qemu-system-ppc64: load of migration failed: Invalid argument
>>
>> which is much more likely to point you at the culprit.
>>
>> (Broken out from a larger vmstatification series, the only change since
>> then is the values are printed in hex except for the le case).
>>
>> Dave
>>
>> Dr. David Alan Gilbert (2):
>>   migration: report an error giving the failed field
>>   migration: Report values for comparisons
>>
>>  migration/vmstate.c | 10 ++
>>  1 file changed, 10 insertions(+)
>>
>
> I see this as a strict improvement; though I don't know if there will
> be complaints about printing error messages instead of adding pathways
> for the Error object.

Drive-by comment without having studied the patch: if a function can run
within a function that takes an Error * parameter, then error_report()
is probably wrong.  It's less wrong than not reporting the error at all,
though.  It's okay to point this out to the poster.  Perhaps he's
willing to go all the way, once aware.  Sometimes, going all the way is
more work than the poster can give.  Badgering him for it would be
ungrateful.  A small incremental improvement is still better than
nothing.  Recording the imperfect nature of the change in commit message
or comments may be in order then.

> Meh. Existing errors here simply use error_report anyway, so:
>
> Reviewed-by: John Snow 

Re: [Qemu-devel] [PATCH] 9pfs: make unmarshal V9fsString more robust

[李强]

On 2016-09-28 0:40 GMT+08:00 Greg Kurz  wrote:

>
> Talking about robustness was appropriate for your previous patches, but
> it does not really apply here since v9fs_iov_vunmarshal() does not have
> any issue with empty strings actually.
>
> I've changed the title to:
>
> 9pfs: allocate space for guest originated empty strings
>
> And while here, I've updated the changelog to provide a more detailed
> justification:
>
> ...

Thanks very much to point out the mistakes, I will do more next time.

BTW, need I resend this patch formally?

Thanks.

Re: [Qemu-devel] [PATCH RFC] tests: Run qtest cases in parallel

[Fam Zheng]

On Wed, 09/28 01:54, Gonglei (Arei) wrote:
> What do you mean about the realpath? Can we use it to set the environment 
> variable?

Basically just guess where QTEST_QEMU_BINARY is based on argv[0].

Fam

Re: [Qemu-devel] [PATCH v11 0/8] Add a generic loader

[Markus Armbruster]

Alistair Francis  writes:

> On Tue, Sep 27, 2016 at 8:40 AM, Markus Armbruster  wrote:
>> Paolo Bonzini  writes:
>>
>>> It does whatever cpu_physical_memory_write_rom (and hence
>>> cpu_memory_rw_debug, which has more callers) do.
>>>
 What happens when you try to monkey-patch and address that isn't
 connected to anything?
>>>
>>> /dev/null
>>>
 What happens when you try to monkey-patch some device's ROM?
>>>
>>> Overwritten.
>>>
 Memory-mapped I/O?
>>>
>>> Ignored.
>>>
 What happens when you monkey-patch persistent memory, such as pflash
 backed by a block backend?
>>>
>>> Overwritten (but not flushed).
>>>
 What happens if the address range crosses device boundaries?
>>>
>>> Writes over each area separately.
>>
>> Rejecting the ones that don't actually load stuff would be nice, but not
>> a condition for merging this.
>>
 >> If we decide to use this argument for the present interface design, I
 >> want it recorded in the code and commit messages.

 Fair request, don't you think?
>>>
>>> Yes, of course.
>>
>> Okay, looking forward to these improvements.
>
> Ok, so does this mean with the correct justification that Markus
> mentions above this is fine to keep using -device?

Yes, I've convinced myself that -device is no worse than -object.  All
I'm asking for is to record the argument for -device properly.

It took me a while to arrive at this conclusion.  If you'd like to
retrace my steps, look for "An argument for using -device could go as
follows" in Message-ID: <87ponvxcit@dusky.pond.sub.org>.

> The justification is along the lines of the backend required is so
> trivial that we just merged it in with the frontend.

Two points: one, why is this a device, and two, why isn't it a split
device.  Point one is more important.  The argument I could by there:
it's a thoroughly weird device that provides no hardware interface of
its own, but instead monkey patches memory provided by something else
(devices or the board).

Re: [Qemu-devel] [PATCH RFC] tests: Run qtest cases in parallel

[Gonglei (Arei)]

> -Original Message-
> From: Fam Zheng [mailto:f...@redhat.com]
> Sent: Wednesday, September 28, 2016 9:45 AM
> To: Gonglei (Arei)
> Cc: Daniel P. Berrange; pbonz...@redhat.com; John Snow;
> qemu-devel@nongnu.org; Wubin (H)
> Subject: Re: [Qemu-devel] [PATCH RFC] tests: Run qtest cases in parallel
> 
> On Wed, 09/28 01:31, Gonglei (Arei) wrote:
> > # ./tests/virtio-net-test
> > **
> > ERROR:tests/libqtest.c:561:qtest_get_arch: assertion failed: (qemu != NULL)
> > Aborted (core dumped)
> >
> > # ./tests/virtio-blk-test
> > **
> > ERROR:tests/libqtest.c:561:qtest_get_arch: assertion failed: (qemu != NULL)
> > Aborted (core dumped)
> >
> > But they work after I set the environment variable to specify architecture:
> >
> > #
> QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 ./tests/virtio-n
> et-test
> > /x86_64/virtio/net/pci/basic: OK
> > /x86_64/virtio/net/pci/rx_stop_cont: OK
> > /x86_64/virtio/net/pci/hotplug: OK
> >
> > #
> QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 ./tests/virtio-b
> lk-test
> > /x86_64/virtio/blk/pci/basic: OK
> > /x86_64/virtio/blk/pci/indirect: OK
> > /x86_64/virtio/blk/pci/config: OK
> > /x86_64/virtio/blk/pci/msix: OK
> > /x86_64/virtio/blk/pci/idx: OK
> > /x86_64/virtio/blk/pci/hotplug: OK
> >
> > So, Maybe we should add check if the environment relied on is set
> > before executing specific operations in this kind of tests. Right?
> 
> Or make a guess based on $(realpath $0]) (in this case, print the found path 
> to
> avoid testing against wrong binary by mistake).
> 
What do you mean about the realpath? Can we use it to set the environment 
variable?

Regards,
-Gonglei

Re: [Qemu-devel] [Qemu-block] [PATCH v24 11/12] support replication driver in blockdev-add

[wangweiwei]

在 2016年09月12日 22:01, Stefan Hajnoczi 写道:

On Mon, Aug 15, 2016 at 05:32:19PM +0800, Changlong Xie wrote:

On 08/15/2016 04:37 PM, Kevin Wolf wrote:

Am 15.08.2016 um 03:49 hat Changlong Xie geschrieben:

On 08/09/2016 05:08 PM, Kevin Wolf wrote:

Am 27.07.2016 um 09:01 hat Changlong Xie geschrieben:

From: Wen Congyang 

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
Signed-off-by: zhanghailiang 
Signed-off-by: Gonglei 
Reviewed-by: Eric Blake 



@@ -2078,6 +2079,23 @@
   { 'enum' : 'ReplicationMode', 'data' : [ 'primary', 'secondary' ] }

   ##
+# @BlockdevOptionsReplication
+#
+# Driver specific block device options for replication
+#
+# @mode: the replication mode
+#
+# @top-id: #optional In secondary mode, node name or device ID of the root
+#  node who owns the replication node chain. Ignored in primary mode.


Can we change this to "Must not be given in primary mode"? Not sure what
the code currently does, but I think it should error out if top-id is


Replication driver will ignore "top-id" parameter in Primary mode.


This is not good behaviour, which is why I requested a change.



Hi stefan

Would you like me send another [PATCH v25] based your block-next? Or a
separate patch until your tree is merged.


Sorry for the slow response.  Please send a new patch on top of my
block-next tree.

Stefan


ok, I will send a new patch on the top of block-next tree.

Re: [Qemu-devel] [PATCH RFC] tests: Run qtest cases in parallel

[Fam Zheng]

On Wed, 09/28 01:31, Gonglei (Arei) wrote:
> # ./tests/virtio-net-test
> **
> ERROR:tests/libqtest.c:561:qtest_get_arch: assertion failed: (qemu != NULL)
> Aborted (core dumped)
> 
> # ./tests/virtio-blk-test
> **
> ERROR:tests/libqtest.c:561:qtest_get_arch: assertion failed: (qemu != NULL)
> Aborted (core dumped)
> 
> But they work after I set the environment variable to specify architecture:
>  
> # QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 ./tests/virtio-net-test
> /x86_64/virtio/net/pci/basic: OK
> /x86_64/virtio/net/pci/rx_stop_cont: OK
> /x86_64/virtio/net/pci/hotplug: OK
> 
> # QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 ./tests/virtio-blk-test
> /x86_64/virtio/blk/pci/basic: OK
> /x86_64/virtio/blk/pci/indirect: OK
> /x86_64/virtio/blk/pci/config: OK
> /x86_64/virtio/blk/pci/msix: OK
> /x86_64/virtio/blk/pci/idx: OK
> /x86_64/virtio/blk/pci/hotplug: OK
> 
> So, Maybe we should add check if the environment relied on is set
> before executing specific operations in this kind of tests. Right?

Or make a guess based on $(realpath $0]) (in this case, print the found path to
avoid testing against wrong binary by mistake).

Fam

Re: [Qemu-devel] Questions about gcc linker errors in crypto sub-directory

[Gonglei (Arei)]

> -Original Message-
> From: Daniel P. Berrange [mailto:berra...@redhat.com]
> Sent: Tuesday, September 27, 2016 8:52 PM
> To: Gonglei (Arei)
> Cc: qemu-devel@nongnu.org
> Subject: Re: Questions about gcc linker errors in crypto sub-directory
> 
> On Mon, Sep 26, 2016 at 09:19:36AM +, Gonglei (Arei) wrote:
> > > -Original Message-
> > > From: Daniel P. Berrange [mailto:berra...@redhat.com]
> > > Sent: Monday, September 26, 2016 5:14 PM
> > > To: Gonglei (Arei)
> > > Cc: qemu-devel@nongnu.org
> > > Subject: Re: Questions about gcc linker errors in crypto sub-directory
> > >
> > > On Mon, Sep 26, 2016 at 09:03:45AM +, Gonglei (Arei) wrote:
> > > > Hi Daniel,
> > > >
> > > > I'm coding cryptodev-vhost-user.c as a new cryptodev backend,
> > > > but the gcc report some linker errors:
> > > >
> > > > crypto/cryptodev-vhost-user.o: In function
> > > `qcrypto_cryptodev_vhost_crypto_cleanup':
> > > > /mnt/sdb/gonglei/qemu.git/qemu/crypto/cryptodev-vhost-user.c:87:
> > > undefined reference to `vhost_dev_cleanup'
> > > > crypto/cryptodev-vhost-user.o: In function
> > > `qcrypto_cryptodev_vhost_crypto_init':
> > > > /mnt/sdb/gonglei/qemu.git/qemu/crypto/cryptodev-vhost-user.c:126:
> > > undefined reference to `vhost_dev_init'
> > > > crypto/cryptodev-vhost-user.o: In function
> > > `qcrypto_cryptodev_vhost_user_opened':
> > > > /mnt/sdb/gonglei/qemu.git/qemu/crypto/cryptodev-vhost-user.c:187:
> > > undefined reference to `qemu_chr_find'
> > > > /mnt/sdb/gonglei/qemu.git/qemu/crypto/cryptodev-vhost-user.c:194:
> > > undefined reference to `qemu_chr_fe_claim_no_fail'
> > > > crypto/cryptodev-vhost-user.o: In function
> > > `qcrypto_cryptodev_vhost_user_event':
> > > > /mnt/sdb/gonglei/qemu.git/qemu/crypto/cryptodev-vhost-user.c:213:
> > > undefined reference to `qemu_chr_set_reconnect_time'
> > > > crypto/cryptodev-vhost-user.o: In function
> > > `qcrypto_cryptodev_vhost_user_init':
> > > > /mnt/sdb/gonglei/qemu.git/qemu/crypto/cryptodev-vhost-user.c:257:
> > > undefined reference to `qemu_chr_add_handlers'
> > > > crypto/cryptodev-vhost-user.o: In function
> > > `qcrypto_cryptodev_vhost_user_finalize':
> > > > /mnt/sdb/gonglei/qemu.git/qemu/crypto/cryptodev-vhost-user.c:353:
> > > undefined reference to `qemu_chr_add_handlers'
> > > > /mnt/sdb/gonglei/qemu.git/qemu/crypto/cryptodev-vhost-user.c:354:
> > > undefined reference to `qemu_chr_fe_release'
> > > > collect2: ld returned 1 exit status
> > > > make: *** [qemu-nbd] Error 1
> > > >
> > > > Currently I only change the crypto/Makefile.objs:
> > > >
> > > > diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> > > > index b9ad26a..575f64e 100644
> > > > --- a/crypto/Makefile.objs
> > > > +++ b/crypto/Makefile.objs
> > > > @@ -28,6 +28,7 @@ crypto-obj-y += block-qcow.o
> > > >  crypto-obj-y += block-luks.o
> > > >  crypto-obj-y += cryptodev.o
> > > >  crypto-obj-y += cryptodev-builtin.o
> > > > +crypto-obj-y += cryptodev-vhost-user.o
> > >
> > > The $(crypto-obj-y) variable is intended to only contain general purpose
> > > crypto code, since it needs to be linked to all QEMU programs. Your
> > > cryptodev file is specific to system emulators, so must only be linked
> > > to the system emulator targets. Thus, it should not be added to the
> > > crypto-obj-y variable.
> > >
> > > It probably needs to be added to either common-obj-y or obj-y - I can't
> > > remember which is "best"
> > >
> > common-obj-y is fine! So all cryptodev stuff should be use
> > $( crypto-obj-y) variable, right? I'll change them in the next version.
> 
> Looking at this again, it actually makes me think that your
> cryptodev stuff would be better in the backends/ directory.
> 
> That would mean the crypto/ directory is kept as the place for
> generic crypto infrastructure, and avoiding system emulator
> specific device backend code. The backends/Makefile.objs is
> already setup to use common-obj-y and builds various other
> device backend models.
> 
Sounds reasonable and make senses. At present situation, I need
to do below changes for crypto subdirectory:

diff --git a/Makefile.objs b/Makefile.objs
index 6d5ddcf..f1a8f13 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -78,6 +78,7 @@ common-obj-$(CONFIG_SECCOMP) += qemu-seccomp.o
 
 common-obj-$(CONFIG_FDT) += device_tree.o
 
+common-obj-y += crypto/
 ##
 # qapi
 
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index a36d2d9..2632cbc 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -27,6 +27,10 @@ crypto-obj-y += block.o
 crypto-obj-y += block-qcow.o
 crypto-obj-y += block-luks.o
 
+# cryptodev file is specific to system emulators, so must only be linked
+# to the system emulator targets. 
+common-obj-y += cryptodev.o
+
 # Let the userspace emulators avoid linking gnutls/etc
 crypto-aes-obj-y = aes.o

I'll move them to backends/ directory.  But I still hope you can help to
review cryptdoev stuff in the following virtio-crypt

[Qemu-devel] [PULL 1/1] qdisk - hw/block/xen_disk: grant copy implementation

[Stefano Stabellini]

From: Paulina Szubarczyk 

Copy data operated on during request from/to local buffers to/from
the grant references.

Before grant copy operation local buffers must be allocated what is
done by calling ioreq_init_copy_buffers. For the 'read' operation,
first, the qemu device invokes the read operation on local buffers
and on the completion grant copy is called and buffers are freed.
For the 'write' operation grant copy is performed before invoking
write by qemu device.

A new value 'feature_grant_copy' is added to recognize when the
grant copy operation is supported by a guest.

Signed-off-by: Paulina Szubarczyk 
Reviewed-by: Stefano Stabellini 
Acked-by: Anthony PERARD 
Acked-by: Roger Pau Monné 
---
 configure   |  55 
 hw/block/xen_disk.c | 153 ++--
 include/hw/xen/xen_common.h |  14 
 3 files changed, 217 insertions(+), 5 deletions(-)

diff --git a/configure b/configure
index 8fa62ad..1fb343d 100755
--- a/configure
+++ b/configure
@@ -1955,6 +1955,61 @@ EOF
 /*
  * If we have stable libs the we don't want the libxc compat
  * layers, regardless of what CFLAGS we may have been given.
+ *
+ * Also, check if xengnttab_grant_copy_segment_t is defined and
+ * grant copy operation is implemented.
+ */
+#undef XC_WANT_COMPAT_EVTCHN_API
+#undef XC_WANT_COMPAT_GNTTAB_API
+#undef XC_WANT_COMPAT_MAP_FOREIGN_API
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#if !defined(HVM_MAX_VCPUS)
+# error HVM_MAX_VCPUS not defined
+#endif
+int main(void) {
+  xc_interface *xc = NULL;
+  xenforeignmemory_handle *xfmem;
+  xenevtchn_handle *xe;
+  xengnttab_handle *xg;
+  xen_domain_handle_t handle;
+  xengnttab_grant_copy_segment_t* seg = NULL;
+
+  xs_daemon_open();
+
+  xc = xc_interface_open(0, 0, 0);
+  xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
+  xc_domain_add_to_physmap(0, 0, XENMAPSPACE_gmfn, 0, 0);
+  xc_hvm_inject_msi(xc, 0, 0xf000, 0x);
+  xc_hvm_create_ioreq_server(xc, 0, HVM_IOREQSRV_BUFIOREQ_ATOMIC, NULL);
+  xc_domain_create(xc, 0, handle, 0, NULL, NULL);
+
+  xfmem = xenforeignmemory_open(0, 0);
+  xenforeignmemory_map(xfmem, 0, 0, 0, 0, 0);
+
+  xe = xenevtchn_open(0, 0);
+  xenevtchn_fd(xe);
+
+  xg = xengnttab_open(0, 0);
+  xengnttab_grant_copy(xg, 0, seg);
+
+  return 0;
+}
+EOF
+  compile_prog "" "$xen_libs $xen_stable_libs"
+then
+xen_ctrl_version=480
+xen=yes
+  elif
+  cat > $TMPC <= 480
+
+static void ioreq_free_copy_buffers(struct ioreq *ioreq)
+{
+int i;
+
+for (i = 0; i < ioreq->v.niov; i++) {
+ioreq->page[i] = NULL;
+}
+
+qemu_vfree(ioreq->pages);
+}
+
+static int ioreq_init_copy_buffers(struct ioreq *ioreq)
+{
+int i;
+
+if (ioreq->v.niov == 0) {
+return 0;
+}
+
+ioreq->pages = qemu_memalign(XC_PAGE_SIZE, ioreq->v.niov * XC_PAGE_SIZE);
+
+for (i = 0; i < ioreq->v.niov; i++) {
+ioreq->page[i] = ioreq->pages + i * XC_PAGE_SIZE;
+ioreq->v.iov[i].iov_base = ioreq->page[i];
+}
+
+return 0;
+}
+
+static int ioreq_grant_copy(struct ioreq *ioreq)
+{
+xengnttab_handle *gnt = ioreq->blkdev->xendev.gnttabdev;
+xengnttab_grant_copy_segment_t segs[BLKIF_MAX_SEGMENTS_PER_REQUEST];
+int i, count, rc;
+int64_t file_blk = ioreq->blkdev->file_blk;
+
+if (ioreq->v.niov == 0) {
+return 0;
+}
+
+count = ioreq->v.niov;
+
+for (i = 0; i < count; i++) {
+if (ioreq->req.operation == BLKIF_OP_READ) {
+segs[i].flags = GNTCOPY_dest_gref;
+segs[i].dest.foreign.ref = ioreq->refs[i];
+segs[i].dest.foreign.domid = ioreq->domids[i];
+segs[i].dest.foreign.offset = ioreq->req.seg[i].first_sect * 
file_blk;
+segs[i].source.virt = ioreq->v.iov[i].iov_base;
+} else {
+segs[i].flags = GNTCOPY_source_gref;
+segs[i].source.foreign.ref = ioreq->refs[i];
+segs[i].source.foreign.domid = ioreq->domids[i];
+segs[i].source.foreign.offset = ioreq->req.seg[i].first_sect * 
file_blk;
+segs[i].dest.virt = ioreq->v.iov[i].iov_base;
+}
+segs[i].len = (ioreq->req.seg[i].last_sect
+   - ioreq->req.seg[i].first_sect + 1) * file_blk;
+}
+
+rc = xengnttab_grant_copy(gnt, count, segs);
+
+if (rc) {
+xen_be_printf(&ioreq->blkdev->xendev, 0,
+  "failed to copy data %d\n", rc);
+ioreq->aio_errors++;
+return -1;
+}
+
+for (i = 0; i < count; i++) {
+if (segs[i].status != GNTST_okay) {
+xen_be_printf(&ioreq->blkdev->xendev, 3,
+  "failed to copy data %d for gref %d, domid %d\n",
+  segs[i].status, ioreq->refs[i], ioreq->domids[i]);
+ioreq->aio_errors++;
+rc = -1;
+}
+}
+
+return rc;
+}
+#else
+static void ioreq_free_copy_buffers(struct ioreq *ioreq)
+{
+ab

[Qemu-devel] [PULL 0/1] tags/xen-20160927-tag

[Stefano Stabellini]

The following changes since commit 25930ed60aad49f1fdd7de05272317c86ce1275b:

  Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into 
staging (2016-09-27 23:10:12 +0100)

are available in the git repository at:


  git://xenbits.xen.org/people/sstabellini/qemu-dm.git tags/xen-20160927-tag

for you to fetch changes up to b6eb9b45f7307638ff166401721ae6d0401e1d67:

  qdisk - hw/block/xen_disk: grant copy implementation (2016-09-27 18:18:55 
-0700)


Xen 2016/09/27


Paulina Szubarczyk (1):
  qdisk - hw/block/xen_disk: grant copy implementation

 configure   |  55 
 hw/block/xen_disk.c | 153 ++--
 include/hw/xen/xen_common.h |  14 
 3 files changed, 217 insertions(+), 5 deletions(-)

Re: [Qemu-devel] [PATCH] m68k: change default system clock for m5208evb

[Greg Ungerer]

On 28/09/16 10:22, Peter Maydell wrote:
> On 27 September 2016 at 16:49, Greg Ungerer  wrote:
>> On 27/09/16 23:27, Laurent Vivier wrote:
>>> It is better because 166.67 MHZ is clearly a rounded value computed from
>>> the period: 10/600 = 166....
>>
>> Perhaps it is, but again it is not documented that way.
>> All the 5208 documentation talks in terms of frequency.
>> Would it not be clearer to define it in the same way that
>> the documentation lists?
>>
>> Prime example from the M5208 Reference Manual regarding
>> the PLL settings:
>>
>> . Voltage controlled oscillator range from 350 MHz to 540 MHz, resulting in 
>> a core frequency
>>   (fvco ÷ 3 (or fvco ÷ 4)) of 87.5 MHz to 166.67 MHz (maximum rated for 
>> device)
> 
> Documentation quite often describes things in ways which
> aren't what the underlying hardware actually does -- there's
> an art to reading it and figuring out what's really going
> on under the hood :-)

That can certainly be true.


> In the text you list here it says specifically that the
> 87.5 and 166.67 MHz frequencies are the results of
> dividing the fvco clock by 3 or 4, which is obviously
>  350 / 4 == 87.5 (for the low end)
>  500 / 3 == 166.66... (for the high end)
> 
> (If you care you can probably work through what the PLL
> registers are set to that generates the 500MHz from
> the crystal frequency.)

It is reasonably strait forward, at least by what is documented
in the 5208 Reference Manual:

The output of the PLL is determined by:

  fsys = fref * (pfdr / (4 * cpudiv))

Where:

  fref is the external crystal (in this case 16MHz).
  pfdr is the PLL dividor register (set to 0x7d=125)
  cpudiv is from the PODR register (set to 3)

So that trivially gives fsys = 1

Anyway, perhaps the hardware designers set the maximum
operating frequency of the device based on cycle time
(ie 6ns) given internal path lengths, etc. Maybe there is
other reasons. Does it really matter? It is spelled out clearly
that the device limit is 166.67MHz, and that is by default
what the m5208evb is set to run at.

So what is an acceptable change to the frequency/cycle time
setting code in mcf5208.c for qemu? To just change the current
frequency definition, or change it to use period time and use
ptimer_set_period()?

Regards
Greg

Re: [Qemu-devel] [PATCH RFC] tests: Run qtest cases in parallel

[Gonglei (Arei)]

> -Original Message-
> From: Daniel P. Berrange [mailto:berra...@redhat.com]
> Sent: Tuesday, September 27, 2016 6:15 PM
> To: Fam Zheng
> Cc: Gonglei (Arei); pbonz...@redhat.com; John Snow; qemu-devel@nongnu.org
> Subject: Re: [Qemu-devel] [PATCH RFC] tests: Run qtest cases in parallel
> 
> On Fri, Sep 23, 2016 at 05:59:05PM +0800, Fam Zheng wrote:
> > On Fri, 09/23 09:39, Gonglei (Arei) wrote:
> > >
> > > Hi Fam,
> > >
> > >
> > > > -Original Message-
> > > > From: Qemu-devel
> > > > [mailto:qemu-devel-bounces+arei.gonglei=huawei@nongnu.org] On
> > > > Behalf Of Fam Zheng
> > > > Sent: Friday, September 23, 2016 3:58 PM
> > > > To: John Snow
> > > > Cc: pbonz...@redhat.com; qemu-devel@nongnu.org
> > > > Subject: Re: [Qemu-devel] [PATCH RFC] tests: Run qtest cases in parallel
> > > >
> > > > On Wed, 09/21 14:24, John Snow wrote:
> > > > >
> > > > >
> > > > > On 08/12/2016 05:19 AM, Fam Zheng wrote:
> > > > > > Previously all test cases in a category, such as check-qtest-y, are
> > > > > > executed in a single long gtester command. This patch separates each
> > > > > > test into its own make target to allow better parallism.
> > > > > >
> > >
> > > That's will be great if we can specify a test to run, especially for the
> scenario
> > > which add one use qtest case.
> > >
> > > For example:
> > >
> > >  # make check test-crypto-cipher
> > >
> > > then only run the tests/ test-crypto-cipher.
> > >
> > > Do you think it makes sense?
> >
> > Or more likely:
> >
> > # make check TESTS="test-crypto-cipher test-crypto-hash ..."
> >
> > Usually I just extract the gtester command line with V=1 and run it from my
> > shell prompt.  Feel free to send a patch, though.
> 
> Shouldn't even need todo that in most cases - I tend to just do
> 
>   make tests/test-crypto-cipher && ./tess/test-crypto-cipher
> 
> If there are tests which rely on some environment set by the Makefile,
> then really they should be fixed to have sensible defaults so that they
> can be directly executed.
> 
Thanks for your reminding! It works fine.

# ./tests/test-crypto-cipher 
/crypto/cipher/aes-ecb-128: OK
/crypto/cipher/aes-ecb-192: OK
/crypto/cipher/aes-ecb-256: OK
/crypto/cipher/aes-cbc-128: OK
/crypto/cipher/aes-cbc-192: OK
/crypto/cipher/aes-cbc-256: OK
/crypto/cipher/des-rfb-ecb-56: OK
/crypto/cipher/cast5-128: OK
/crypto/cipher/serpent-128: OK
/crypto/cipher/serpent-192: OK
/crypto/cipher/serpent-256a: OK
/crypto/cipher/serpent-256b: OK
/crypto/cipher/twofish-128: OK
/crypto/cipher/twofish-256: OK
/crypto/cipher/aes-xts-128-1: OK
/crypto/cipher/aes-xts-128-2: OK
/crypto/cipher/aes-xts-128-3: OK
/crypto/cipher/aes-xts-128-4: OK
/crypto/cipher/cast5-xts-128: OK
/crypto/cipher/aes-ctr-128: OK
/crypto/cipher/aes-ctr-192: OK
/crypto/cipher/aes-ctr-256: OK
/crypto/cipher/null-iv: OK
/crypto/cipher/short-plaintext: OK

# ./tests/virtio-net-test
**
ERROR:tests/libqtest.c:561:qtest_get_arch: assertion failed: (qemu != NULL)
Aborted (core dumped)

# ./tests/virtio-blk-test
**
ERROR:tests/libqtest.c:561:qtest_get_arch: assertion failed: (qemu != NULL)
Aborted (core dumped)

But they work after I set the environment variable to specify architecture:
 
# QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 ./tests/virtio-net-test
/x86_64/virtio/net/pci/basic: OK
/x86_64/virtio/net/pci/rx_stop_cont: OK
/x86_64/virtio/net/pci/hotplug: OK

# QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 ./tests/virtio-blk-test
/x86_64/virtio/blk/pci/basic: OK
/x86_64/virtio/blk/pci/indirect: OK
/x86_64/virtio/blk/pci/config: OK
/x86_64/virtio/blk/pci/msix: OK
/x86_64/virtio/blk/pci/idx: OK
/x86_64/virtio/blk/pci/hotplug: OK

So, Maybe we should add check if the environment relied on is set
before executing specific operations in this kind of tests. Right?

Regards,
-Gonglei

Re: [Qemu-devel] [Qemu-block] [PATCH v24 00/12] Block replication for continuous checkpoints

[wangweiwei]

在 2016年09月12日 22:11, Stefan Hajnoczi 写道:

On Mon, Aug 08, 2016 at 03:50:27PM +0100, Stefan Hajnoczi wrote:

On Wed, Jul 27, 2016 at 03:01:41PM +0800, Changlong Xie wrote:

Block replication is a very important feature which is used for
continuous checkpoints(for example: COLO).

You can get the detailed information about block replication from here:
http://wiki.qemu.org/Features/BlockReplication

Usage:
Please refer to docs/block-replication.txt

You can get the patch here:
https://github.com//Pating/qemu/tree/block-replication-v24

You can get the patch with framework here:
https://github.com//Pating/qemu/tree/colo_framework_v23

TODO:
1. Continuous block replication. It will be started after basic functions
are accepted.

Change Log:

V24:
1. Address comments from Max
p9: pass NULL to bdrv_lookup_bs(), and introduce bdrv_is_root_node() to check 
top_bs
p11: perfect @top-id description, and make it #optional
p12: "replication" => "Replication", add docs/block-replication.txt
Note: we need bdrv_is_root_node() in p9, so this patchset is based on 
kevin/qmp-node-name,
V23:
1. Address comments from Stefan and Max, this series introduce p7/p12
p2. add Copyright for block_backup.h
p7. support configure --disable-replication
p8. update 2.7 to 2.8
p11. update 2.7 to 2.8, add missing "top-id"
p12. update MAINTAINERS
V22:
1. Rebase to the lastest code
2. modify code adapt to the modification of backup_start & commit_active_start
3. rewrite io_read & io_write for interface changes
V21:
1. Rebase to the lastest code
2. use bdrv_pwrite_zeroes() and BDRV_SECTOR_BITS for p9
V20 Resend:
1. Resend to avoid bothering qemu-trivial maintainers
2. Address comments from Eric, fix header file issue and add a brief commit 
message for p7
V20:
1. Rebase to the lastest code
2. Address comments from stefan
p8:
1. error_setg() with an error message when check_top_bs() fails.
2. remove bdrv_ref(s->hidden_disk->bs) since commit 5c438bc6
3. use bloc_job_cancel_sync() before active commit
p9:
1. fix uninitialized 'pattern_buf'
2. introduce mkstemp(3) to fix unique filenames
3. use qemu_vfree() for qemu_blockalign() memory
4. add missing replication_start_all()
5. remove useless pattern for io_write()
V19:
1. Rebase to v2.6.0
2. Address comments from stefan
p3: a new patch that export interfaces for extra serialization
p8:
1. call replication_stop() before freeing s->top_id
2. check top_bs
3. reopen file readonly in error return paths
4. enable extra serialization between read and COW
p9: try to hanlde SIGABRT
V18:
p6: add local_err in all replication callbacks to prevent "errp == NULL"
p7: add missing qemu_iovec_destroy(xxx)
V17:
1. Rebase to the lastest codes
p2: refactor backup_do_checkpoint addressed comments from Jeff Cody
p4: fix bugs in "drive_add buddy xxx" hmp commands
p6: add "since: 2.7"
p7: fix bug in replication_close(), add missing "qapi/error.h", add 
test-replication
p8: add "since: 2.7"
V16:
1. Rebase to the newest codes
2. Address comments from Stefan & hailiang
p3: we don't need this patch now
p4: add "top-id" parameters for secondary
p6: fix NULL pointer in replication callbacks, remove unnecessary typedefs,
add doc comments that explain the semantics of Replication
p7: Refactor AioContext for thread-safe, remove unnecessary get_top_bs()
*Note*: I'm working on replication testcase now, will send out in V17
V15:
1. Rebase to the newest codes
2. Fix typos and coding style addresed Eric's comments
3. Address Stefan's comments
1) Make backup_do_checkpoint public, drop the changes on BlockJobDriver
2) Update the message and description for [PATCH 4/9]
3) Make replication_(start/stop/do_checkpoint)_all as global interfaces
4) Introduce AioContext lock to protect start/stop/do_checkpoint callbacks
5) Use BdrvChild instead of holding on to BlockDriverState * pointers
4. Clear BDRV_O_INACTIVE for hidden disk's open_flags since commit 09e0c771
5. Introduce replication_get_error_all to check replication status
6. Remove useless discard interface
V14:
1. Implement auto complete active commit
2. Implement active commit block job for replication.c
3. Address the comments from Stefan, add replication-specific API and data
structure, also remove old block layer APIs
V13:
1. Rebase to the newest codes
2. Remove redundant marcos and semicolon in replication.c
3. Fix typos in block-replication.txt
V12:
1. Rebase to the newest codes
2. Use backing reference to replcace 'allow-write-backing-file'
V11:
1. Reopen the backing file when starting blcok replication if it is not
opened in R/W mode
2. Unblock BLOCK_OP_TYPE_BACKUP_SOURCE and BLOCK_OP_TYPE_BACKUP_TARGET
when opening backing file
3. Block the top BDS so there is only one block job for the top BDS and
its backing chain.
V10:
1. Use blockdev-remove-medium and blockdev-insert-medium to replace backing
reference.
2. Address the comments from Eric Blake
V9:
1. Update the error messages
2. Rebase to the newest qemu
3. Split child add/delete sup

Re: [Qemu-devel] [PATCH v3 0/3] crypto: add ctr mode support and little inprovement

[Gonglei (Arei)]

> -Original Message-
> From: Daniel P. Berrange [mailto:berra...@redhat.com]
> Sent: Tuesday, September 27, 2016 8:50 PM
> To: Gonglei (Arei)
> Cc: qemu-devel@nongnu.org; Wubin (H)
> Subject: Re: [PATCH v3 0/3] crypto: add ctr mode support and little 
> inprovement
> 
> On Tue, Sep 27, 2016 at 09:32:10AM +, Gonglei (Arei) wrote:
> > Hi Daniel,
> >
> > I'll post virtio-crypto v4 based on this patch set.
> > Would you please merge it if it's ok? Thanks.
> >
> > Regards,
> > -Gonglei
> >
> >
> > > -Original Message-
> > > From: Gonglei (Arei)
> > > Sent: Monday, September 26, 2016 5:23 PM
> > > To: qemu-devel@nongnu.org
> > > Cc: berra...@redhat.com; Wubin (H); Gonglei (Arei)
> > > Subject: [PATCH v3 0/3] crypto: add ctr mode support and little 
> > > inprovement
> > >
> > > Please see the detailed description in each patch.
> > >
> > > v3:
> > >  - adjust the sequence of patch 1 and 2. (Daniel)
> > >  - fix a mising 'break' in code logic. (Daniel)
> > > v2:
> > >  - fix qtest complaint in cipher-builtin backend.
> > >  - introduce patch 2 and patch 3.
> > >
> > > Gonglei (3):
> > >   crypto: extend mode as a parameter in qcrypto_cipher_supports()
> > >   crypto: add CTR mode support
> > >   crypto: add mode check in qcrypto_cipher_new() for cipher-builtin
> > >
> > >  block/qcow.c   |  3 ++-
> > >  block/qcow2.c  |  3 ++-
> > >  crypto/cipher-builtin.c| 25 +++-
> > >  crypto/cipher-gcrypt.c | 38 +--
> > >  crypto/cipher-nettle.c | 28 +--
> > >  crypto/cipher.c|  1 +
> > >  include/crypto/cipher.h| 12 ++
> > >  qapi/crypto.json   |  3 ++-
> > >  tests/test-crypto-cipher.c | 57
> > > +-
> > >  ui/vnc.c   |  2 +-
> > >  10 files changed, 152 insertions(+), 20 deletions(-)
> 
> These 3 patches look good and pass my build tests, so I've added them
> to my crypto queue.
> 
Cool. There is another patch need to be picked up:

[PATCH v3] qtest: fix make check complaint in crypto module

Thanks,
-Gonglei

> Regards,
> Daniel
> --
> |: http://berrange.com  -o-
> http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org  -o-
> http://virt-manager.org :|
> |: http://autobuild.org   -o-
> http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org   -o-
> http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] Qtest virtio interfaces don't support virtio-1.0 devices

[Gonglei (Arei)]

> -Original Message-
> From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> Sent: Wednesday, September 28, 2016 12:27 AM
> To: Stefan Hajnoczi
> Cc: Gonglei (Arei); Cornelia Huck; qemu-devel@nongnu.org; Gerd Hoffmann;
> Wubin (H); m...@redhat.com
> Subject: Re: [Qemu-devel] Qtest virtio interfaces don't support virtio-1.0
> devices
> 
> On Mon, Sep 26, 2016 at 2:45 PM, Stefan Hajnoczi 
> wrote:
> > On Fri, Sep 23, 2016 at 09:19:57AM +, Gonglei (Arei) wrote:
> >> Based on the virtio-1.0 spec, the virtio pci devices' layout have been
> changed,
> >> such as PCI_SUBSYSTEM_ID and modern_mem_bar.
> >>
> >> But the current qtest still don't support the virtio-1.0 or later devices. 
> >> Such
> as virtio-gpu,
> >> Virtio-input and virtio-crypto devices.
> >>
> >> Refer to functions in tests/libqos/virtio-pci.c.
> >>
> >> Any plans to support them? Thanks!
> >
> > Patches welcome!  I'm not aware of anyone currently implementing VIRTIO
> > 1.0 support in libqos.
> 
> I have just added VIRTIO 1.0 support in libqos as an Outreachy
> December-March project idea:
> http://qemu-project.org/Outreachy_2016_DecemberMarch#VIRTIO_1.0_supp
> ort_in_libqos
> 
> Perhaps an intern will apply who wants to tackle this.
> 
> Stefan

Nice :)  It's indeed a good learning opportunity for non-worked people.


Regards,
-Gonglei

Re: [Qemu-devel] Making cputlb.c operations safe for MTTCG

[Richard Henderson]

On 09/27/2016 04:32 PM, Alex Bennée wrote:


Richard Henderson  writes:


On 09/27/2016 03:29 PM, Emilio G. Cota wrote:

What's a quick-and-dirty way to disable the fast-path TLB lookups?
Alex: you told me the monitor has an option for this, but I can't
find it. I'm looking for something that'd go in tcg/i386 to simply
bypass the fast path.


There is no easy way.  If you need that, you'd have to significantly modify the
tcg backend.


Surely all the backends force the slow-path when any of TLB_FLAGS_MASK
are set. Unless adding an extra bit is going to run out of spare bits on
some backends?


You could do that, yes.  You also need to adjust softmmu_template.h to match.


r~

Re: [Qemu-devel] [PATCH] m68k: change default system clock for m5208evb

[Peter Maydell]

On 27 September 2016 at 16:49, Greg Ungerer  wrote:
> On 27/09/16 23:27, Laurent Vivier wrote:
>> It is better because 166.67 MHZ is clearly a rounded value computed from
>> the period: 10/600 = 166....
>
> Perhaps it is, but again it is not documented that way.
> All the 5208 documentation talks in terms of frequency.
> Would it not be clearer to define it in the same way that
> the documentation lists?
>
> Prime example from the M5208 Reference Manual regarding
> the PLL settings:
>
> . Voltage controlled oscillator range from 350 MHz to 540 MHz, resulting in a 
> core frequency
>   (fvco ÷ 3 (or fvco ÷ 4)) of 87.5 MHz to 166.67 MHz (maximum rated for 
> device)

Documentation quite often describes things in ways which
aren't what the underlying hardware actually does -- there's
an art to reading it and figuring out what's really going
on under the hood :-)

In the text you list here it says specifically that the
87.5 and 166.67 MHz frequencies are the results of
dividing the fvco clock by 3 or 4, which is obviously
 350 / 4 == 87.5 (for the low end)
 500 / 3 == 166.66... (for the high end)

(If you care you can probably work through what the PLL
registers are set to that generates the 500MHz from
the crystal frequency.)

thanks
-- PMM

[Qemu-devel] [PATCHv2] m68k: change default system clock for m5208evb

[Greg Ungerer]

The shipping default setting for the Freescale M5208EVB board is to run
the CPU at 166.67MHz. The current qemu emulation code for this board is
defaulting to 66MHz. This results in time appearing to run way to slowly.
So a "sleep 5" in a standard ColdFire Linux build takes almost 15
seconds in real time to actually complete.

Change the hard coded default to match the default hardware setting.

Signed-off-by: Greg Ungerer 
---
 hw/m68k/mcf5208.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

v2: more accurately set frequency (1 instead of 16600)

diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c
index 9240ebf..3438314 100644
--- a/hw/m68k/mcf5208.c
+++ b/hw/m68k/mcf5208.c
@@ -21,7 +21,7 @@
 #include "elf.h"
 #include "exec/address-spaces.h"
 
-#define SYS_FREQ 6600
+#define SYS_FREQ 1
 
 #define PCSR_EN 0x0001
 #define PCSR_RLD0x0002
-- 
1.9.1

Re: [Qemu-devel] [PATCH] m68k: change default system clock for m5208evb

[Greg Ungerer]

On 27/09/16 23:27, Laurent Vivier wrote:
> Le 27/09/2016 à 15:22, Greg Ungerer a écrit :
>> Hi Laurent,
>>
>> On 27/09/16 18:11, Laurent Vivier wrote:
>>> Le 27/09/2016 à 09:33, Thomas Huth a écrit :
 On 27.09.2016 03:29, Greg Ungerer wrote:
> The shipping default setting for the Freescale M5208EVB board is to run
> the CPU at 166MHz. The current qemu emulation code for this board is
> defaulting to 66MHz. This results in time appearing to run way to
> slowly.
> So a "sleep 5" in a standard ColdFire Linux build takes almost 15
> seconds in real time to actually complete.
>
> Change the hard coded default to match the default hardware setting.
>
> Signed-off-by: Greg Ungerer 
> ---
>  hw/m68k/mcf5208.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c
> index 9240ebf..2d0b464 100644
> --- a/hw/m68k/mcf5208.c
> +++ b/hw/m68k/mcf5208.c
> @@ -21,7 +21,7 @@
>  #include "elf.h"
>  #include "exec/address-spaces.h"
>
> -#define SYS_FREQ 6600
> +#define SYS_FREQ 16600

 Good catch. But actually, the M5208EVB User's Manual talks about 166.67
 MHz, so while you're at it, maybe you should change it to 1
 instead?
>>>
>>> In this case, it should be better to use a period of 600 ns (and
>>> ptimer_set_period() instead of ptimer_set_freq()).
>>
>> Why is that better in this case?
>> All the documentation lists it as 166.67MHz, even on the PCB.
>> Isn't it clearer to define it based on the actual value documented?
> 
> It is better because 166.67 MHZ is clearly a rounded value computed from
> the period: 10/600 = 166....

Perhaps it is, but again it is not documented that way.
All the 5208 documentation talks in terms of frequency.
Would it not be clearer to define it in the same way that
the documentation lists?

Prime example from the M5208 Reference Manual regarding
the PLL settings:

. Voltage controlled oscillator range from 350 MHz to 540 MHz, resulting in a 
core frequency
  (fvco ÷ 3 (or fvco ÷ 4)) of 87.5 MHz to 166.67 MHz (maximum rated for device)


> And internally QEMU uses the period, not the frequency.

Ultimately I don't mind doing it in any way that results in
the patch being accepted :-)

Regards
Greg

Re: [Qemu-devel] [PATCH] linux-user: fix tcg/mmap test

[Peter Maydell]

On 19 September 2016 at 01:24, Marc-André Lureau
 wrote:
> tests/tcg/mmap test fails with values other than default target page
> size. When creating a map beyond EOF, extra anonymous pages are added up
> to the target page boundary. Currently, this operation is performed only
> when qemu_real_host_page_size < TARGET_PAGE_SIZE, but it should be
> performed if the configured page size (qemu -p) is larger than
> qemu_real_host_page_size too.

What is the purpose of the -p option, does anybody know?
I don't see why you'd want to be able to manually set what QEMU
thinks the host page size is, it seems like it would mostly
only break things.

> (also fixes some style issues to please checkpatch)
>
> Signed-off-by: Marc-André Lureau 
> ---
>  linux-user/mmap.c | 27 ++-
>  1 file changed, 14 insertions(+), 13 deletions(-)
>
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> index c4371d9..4bf79b5 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -415,31 +415,32 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, 
> int prot,
>  }
>
>  /* When mapping files into a memory area larger than the file, accesses
> -   to pages beyond the file size will cause a SIGBUS.
> +   to pages beyond the file size will cause a SIGBUS.
>
> For example, if mmaping a file of 100 bytes on a host with 4K pages
> emulating a target with 8K pages, the target expects to be able to
> access the first 8K. But the host will trap us on any access beyond
> -   4K.
> +   4K.
>
> When emulating a target with a larger page-size than the hosts, we
> may need to truncate file maps at EOF and add extra anonymous pages
> up to the targets page boundary.  */

This comment states what this code is trying to do (handle
the case where the target page size is larger than the
host page size)...

> -if ((qemu_real_host_page_size < TARGET_PAGE_SIZE)
> -&& !(flags & MAP_ANONYMOUS)) {
> -   struct stat sb;
> +if ((qemu_real_host_page_size < qemu_host_page_size) &&
> +!(flags & MAP_ANONYMOUS)) {

...but this changes the code so it is no longer doing that.

> +struct stat sb;
>
> -   if (fstat (fd, &sb) == -1)
> -   goto fail;
> +if (fstat(fd, &sb) == -1) {
> +goto fail;
> +}
>
> /* Are we trying to create a map beyond EOF?.  */
> -   if (offset + len > sb.st_size) {
> -   /* If so, truncate the file map at eof aligned with
> -  the hosts real pagesize. Additional anonymous maps
> -  will be created beyond EOF.  */
> -   len = REAL_HOST_PAGE_ALIGN(sb.st_size - offset);
> -   }
> +if (offset + len > sb.st_size) {
> +/* If so, truncate the file map at eof aligned with
> +   the hosts real pagesize. Additional anonymous maps
> +   will be created beyond EOF.  */
> +len = REAL_HOST_PAGE_ALIGN(sb.st_size - offset);
> +}
>  }
>
>  if (!(flags & MAP_FIXED)) {
> --
> 2.10.0

thanks
-- PMM

[Qemu-devel] [PATCH V2 1/7] nios2: Add disas entries

[Marek Vasut]

Add nios2 disassembler support. This patch is composed from binutils files
from commit "Opcodes and assembler support for Nios II R2". The files from
binutils used in this patch are:

include/opcode/nios2.h
include/opcode/nios2r1.h
include/opcode/nios2r2.h
opcodes/nios2-opc.c
opcodes/nios2-dis.c

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
V2: Replace the nios2.c with GPL2 licensed version
---
 disas/Makefile.objs |1 +
 disas/nios2.c   | 3534 +++
 include/disas/bfd.h |6 +
 3 files changed, 3541 insertions(+)
 create mode 100644 disas/nios2.c

diff --git a/disas/Makefile.objs b/disas/Makefile.objs
index 09bc992..ac79d16 100644
--- a/disas/Makefile.objs
+++ b/disas/Makefile.objs
@@ -14,6 +14,7 @@ common-obj-$(CONFIG_IA64_DIS) += ia64.o
 common-obj-$(CONFIG_M68K_DIS) += m68k.o
 common-obj-$(CONFIG_MICROBLAZE_DIS) += microblaze.o
 common-obj-$(CONFIG_MIPS_DIS) += mips.o
+common-obj-$(CONFIG_NIOS2_DIS) += nios2.o
 common-obj-$(CONFIG_MOXIE_DIS) += moxie.o
 common-obj-$(CONFIG_PPC_DIS) += ppc.o
 common-obj-$(CONFIG_S390_DIS) += s390.o
diff --git a/disas/nios2.c b/disas/nios2.c
new file mode 100644
index 000..b342936
--- /dev/null
+++ b/disas/nios2.c
@@ -0,0 +1,3534 @@
+/* Nios II opcode library for QEMU.
+   Copyright (C) 2012-2016 Free Software Foundation, Inc.
+   Contributed by Nigel Gray (ng...@altera.com).
+   Contributed by Mentor Graphics, Inc.
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public License
+   as published by the Free Software Foundation; either version 2
+   of the License, or (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor,
+   Boston, MA  02110-1301, USA.  */
+
+/* This file resembles a concatenation of the following files from
+   binutils:
+
+   include/opcode/nios2.h
+   include/opcode/nios2r1.h
+   include/opcode/nios2r2.h
+   opcodes/nios2-opc.c
+   opcodes/nios2-dis.c
+
+   It has been derived from the original patches which have been
+   relicensed by the contributors as GPL version 2 for inclusion
+   in QEMU.  */
+
+#ifndef _NIOS2_H_
+#define _NIOS2_H_
+
+/*#include "bfd.h"*/
+#include "qemu/osdep.h"
+#include "disas/bfd.h"
+
+
+/
+ * This file contains structures, bit masks and shift counts used
+ * by the GNU toolchain to define the Nios II instruction set and
+ * access various opcode fields.
+ /
+
+/* Instruction encoding formats.  */
+enum iw_format_type {
+  /* R1 formats.  */
+  iw_i_type,
+  iw_r_type,
+  iw_j_type,
+  iw_custom_type,
+
+  /* 32-bit R2 formats.  */
+  iw_L26_type,
+  iw_F2I16_type,
+  iw_F2X4I12_type,
+  iw_F1X4I12_type,
+  iw_F1X4L17_type,
+  iw_F3X6L5_type,
+  iw_F2X6L10_type,
+  iw_F3X6_type,
+  iw_F3X8_type,
+
+  /* 16-bit R2 formats.  */
+  iw_I10_type,
+  iw_T1I7_type,
+  iw_T2I4_type,
+  iw_T1X1I6_type,
+  iw_X1I7_type,
+  iw_L5I4X1_type,
+  iw_T2X1L3_type,
+  iw_T2X1I3_type,
+  iw_T3X1_type,
+  iw_T2X3_type,
+  iw_F1X1_type,
+  iw_X2L5_type,
+  iw_F1I5_type,
+  iw_F2_type
+};
+
+/* Identify different overflow situations for error messages.  */
+enum overflow_type
+{
+  call_target_overflow = 0,
+  branch_target_overflow,
+  address_offset_overflow,
+  signed_immed16_overflow,
+  unsigned_immed16_overflow,
+  unsigned_immed5_overflow,
+  signed_immed12_overflow,
+  custom_opcode_overflow,
+  enumeration_overflow,
+  no_overflow
+};
+
+/* This structure holds information for a particular instruction. 
+
+   The args field is a string describing the operands.  The following
+   letters can appear in the args:
+ c - a 5-bit control register index
+ d - a 5-bit destination register index
+ s - a 5-bit left source register index
+ t - a 5-bit right source register index
+ D - a 3-bit encoded destination register
+ S - a 3-bit encoded left source register
+ T - a 3-bit encoded right source register
+ i - a 16-bit signed immediate
+ j - a 5-bit unsigned immediate
+ k - a (second) 5-bit unsigned immediate
+ l - a 8-bit custom instruction constant
+ m - a 26-bit unsigned immediate
+ o - a 16-bit signed pc-relative offset
+ u - a 16-bit unsigned immediate
+ I - a 12-bit signed immediate
+ M - a 6-bit unsigned immediate
+ N - a 6-bit unsigned immediate with 2-bit shift
+ O - a 10

[Qemu-devel] [PATCH 2/7] nios2: Add architecture emulation support

[Marek Vasut]

From: Chris Wulff 

Add support for emulating Altera NiosII R1 architecture into qemu.
This patch is based on previous work by Chris Wulff from 2012 and
updated to latest mainline QEMU.

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 hw/nios2/cpu_pic.c |   70 +++
 target-nios2/Makefile.objs |4 +
 target-nios2/cpu.c |  229 +++
 target-nios2/cpu.h |  267 +
 target-nios2/helper.c  |  304 ++
 target-nios2/helper.h  |   41 ++
 target-nios2/instruction.c | 1427 
 target-nios2/instruction.h |  279 +
 target-nios2/machine.c |   38 ++
 target-nios2/mmu.c |  292 +
 target-nios2/mmu.h |   54 ++
 target-nios2/monitor.c |   35 ++
 target-nios2/op_helper.c   |   86 +++
 target-nios2/translate.c   |  242 
 14 files changed, 3368 insertions(+)
 create mode 100644 hw/nios2/cpu_pic.c
 create mode 100644 target-nios2/Makefile.objs
 create mode 100644 target-nios2/cpu.c
 create mode 100644 target-nios2/cpu.h
 create mode 100644 target-nios2/helper.c
 create mode 100644 target-nios2/helper.h
 create mode 100644 target-nios2/instruction.c
 create mode 100644 target-nios2/instruction.h
 create mode 100644 target-nios2/machine.c
 create mode 100644 target-nios2/mmu.c
 create mode 100644 target-nios2/mmu.h
 create mode 100644 target-nios2/monitor.c
 create mode 100644 target-nios2/op_helper.c
 create mode 100644 target-nios2/translate.c

diff --git a/hw/nios2/cpu_pic.c b/hw/nios2/cpu_pic.c
new file mode 100644
index 000..0f95987
--- /dev/null
+++ b/hw/nios2/cpu_pic.c
@@ -0,0 +1,70 @@
+/*
+ * Altera Nios2 CPU PIC
+ *
+ * Copyright (c) 2016 Marek Vasut 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+
+#include "qemu/config-file.h"
+
+#include "boot.h"
+
+static void nios2_pic_cpu_handler(void *opaque, int irq, int level)
+{
+Nios2CPU *cpu = opaque;
+CPUNios2State *env = &cpu->env;
+CPUState *cs = CPU(cpu);
+int type = irq ? CPU_INTERRUPT_NMI : CPU_INTERRUPT_HARD;
+
+if (type == CPU_INTERRUPT_HARD) {
+env->irq_pending = level;
+
+if (level && (env->regs[CR_STATUS] & CR_STATUS_PIE)) {
+env->irq_pending = 0;
+cpu_interrupt(cs, type);
+} else if (!level) {
+env->irq_pending = 0;
+cpu_reset_interrupt(cs, type);
+}
+} else {
+if (level) {
+cpu_interrupt(cs, type);
+} else {
+cpu_reset_interrupt(cs, type);
+}
+}
+}
+
+void nios2_check_interrupts(CPUNios2State *env)
+{
+Nios2CPU *cpu = nios2_env_get_cpu(env);
+CPUState *cs = CPU(cpu);
+
+if (env->irq_pending) {
+env->irq_pending = 0;
+cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+}
+}
+
+qemu_irq *nios2_cpu_pic_init(Nios2CPU *cpu)
+{
+return qemu_allocate_irqs(nios2_pic_cpu_handler, cpu, 2);
+}
diff --git a/target-nios2/Makefile.objs b/target-nios2/Makefile.objs
new file mode 100644
index 000..ea6a528
--- /dev/null
+++ b/target-nios2/Makefile.objs
@@ -0,0 +1,4 @@
+obj-y += translate.o op_helper.o helper.o cpu.o mmu.o instruction.o
+obj-$(CONFIG_SOFTMMU) += monitor.o
+
+$(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-nios2/cpu.c b/target-nios2/cpu.c
new file mode 100644
index 000..5b4a2f6
--- /dev/null
+++ b/target-nios2/cpu.c
@@ -0,0 +1,229 @@
+/*
+ * QEMU Nios II CPU
+ *
+ * Copyright (c) 2012 Chris Wulff 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#i

[Qemu-devel] [PATCH 6/7] nios2: Add Altera 10M50 GHRD emulation

[Marek Vasut]

Add the Altera 10M50 Nios2 GHRD model. This allows emulating the
10M50 development kit with the Nios2 GHRD loaded in the FPGA. It
is possible to boot Linux kernel and run userspace, thus far only
from initrd as storage support is not yet implemented.

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 hw/nios2/10m50_devboard.c | 125 ++
 hw/nios2/Makefile.objs|   1 +
 hw/nios2/boot.c   | 223 ++
 hw/nios2/boot.h   |  11 +++
 4 files changed, 360 insertions(+)
 create mode 100644 hw/nios2/10m50_devboard.c
 create mode 100644 hw/nios2/Makefile.objs
 create mode 100644 hw/nios2/boot.c
 create mode 100644 hw/nios2/boot.h

diff --git a/hw/nios2/10m50_devboard.c b/hw/nios2/10m50_devboard.c
new file mode 100644
index 000..8312fd9
--- /dev/null
+++ b/hw/nios2/10m50_devboard.c
@@ -0,0 +1,125 @@
+/*
+ * Altera 10M50 Nios2 GHRD
+ *
+ * Copyright (c) 2016 Marek Vasut 
+ *
+ * Based on LabX device code
+ *
+ * Copyright (c) 2012 Chris Wulff 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/char/serial.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+#include "qemu/config-file.h"
+
+#include "boot.h"
+
+#define BINARY_DEVICE_TREE_FILE"10m50-devboard.dtb"
+
+static void nios2_10m50_ghrd_init(MachineState *machine)
+{
+Nios2CPU *cpu;
+DeviceState *dev;
+MemoryRegion *address_space_mem = get_system_memory();
+MemoryRegion *phys_tcm = g_new(MemoryRegion, 1);
+MemoryRegion *phys_tcm_alias = g_new(MemoryRegion, 1);
+MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
+MemoryRegion *phys_ram_alias = g_new(MemoryRegion, 1);
+ram_addr_t tcm_base = 0x0;
+ram_addr_t tcm_size = 0x1000;/* 1 kiB, but QEMU limit is 4 kiB */
+ram_addr_t ram_base = 0x0800;
+ram_addr_t ram_size = 0x0800;
+qemu_irq *cpu_irq, irq[32];
+int i;
+
+/* Physical TCM (tb_ram_1k) with alias at 0xc000 */
+memory_region_init_ram(phys_tcm, NULL, "nios2.tcm", tcm_size, 
&error_abort);
+memory_region_init_alias(phys_tcm_alias, NULL, "nios2.tcm.alias",
+ phys_tcm, 0, tcm_size);
+vmstate_register_ram_global(phys_tcm);
+memory_region_add_subregion(address_space_mem, tcm_base, phys_tcm);
+memory_region_add_subregion(address_space_mem, 0xc000 + tcm_base,
+phys_tcm_alias);
+
+/* Physical DRAM with alias at 0xc000 */
+memory_region_init_ram(phys_ram, NULL, "nios2.ram", ram_size, 
&error_abort);
+memory_region_init_alias(phys_ram_alias, NULL, "nios2.ram.alias",
+ phys_ram, 0, ram_size);
+vmstate_register_ram_global(phys_ram);
+memory_region_add_subregion(address_space_mem, ram_base, phys_ram);
+memory_region_add_subregion(address_space_mem, 0xc000 + ram_base,
+phys_ram_alias);
+
+/* Create CPU -- FIXME */
+cpu = cpu_nios2_init("nios2");
+
+/* Register: CPU interrupt controller (PIC) */
+cpu_irq = nios2_cpu_pic_init(cpu);
+
+/* Register: Internal Interrupt Controller (IIC) */
+dev = qdev_create(NULL, "altera,iic");
+qdev_prop_set_ptr(dev, "cpu", cpu);
+qdev_init_nofail(dev);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, cpu_irq[0]);
+for (i = 0; i < 32; i++)
+irq[i] = qdev_get_gpio_in(dev, i);
+
+/* Register: Altera 16550 UART */
+serial_mm_init(address_space_mem, 0xf8001600, 2, irq[1], 115200,
+   serial_hds[0], DEVICE_NATIVE_ENDIAN);
+
+/* Register: Timer sys_clk_timer  */
+dev = qdev_create(NULL, "ALTR.timer");
+qdev_prop_set_uint32(dev, "clock-frequency", 75 * 100);
+qdev_init_nofail(dev);
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xf8001440);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq[0]);
+
+/* Register: Timer sys_clk_timer_1  */
+dev = qdev_create(NULL, "ALTR.timer");
+qdev_prop_set_uint32(dev, "clock-frequency", 75 * 100);
+qdev_init_nofail(dev);
+sysbus_mmio_

Re: [Qemu-devel] Making cputlb.c operations safe for MTTCG

[Alex Bennée]

Richard Henderson  writes:

> On 09/27/2016 03:29 PM, Emilio G. Cota wrote:
>> What's a quick-and-dirty way to disable the fast-path TLB lookups?
>> Alex: you told me the monitor has an option for this, but I can't
>> find it. I'm looking for something that'd go in tcg/i386 to simply
>> bypass the fast path.
>
> There is no easy way.  If you need that, you'd have to significantly modify 
> the 
> tcg backend.

Surely all the backends force the slow-path when any of TLB_FLAGS_MASK
are set. Unless adding an extra bit is going to run out of spare bits on
some backends?

>
>
> r~


-- 
Alex Bennée

[Qemu-devel] [PATCH 3/7] nios2: Add usermode binaries emulation

[Marek Vasut]

Add missing bits for qemu-user required for emulating Altera Nios2
userspace binaries.

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 include/elf.h |   2 +
 linux-user/elfload.c  |  58 +++
 linux-user/main.c | 136 +++-
 linux-user/nios2/syscall_nr.h | 330 ++
 linux-user/nios2/target_cpu.h |  38 +
 linux-user/nios2/target_signal.h  |  26 +++
 linux-user/nios2/target_structs.h |  58 +++
 linux-user/nios2/target_syscall.h |  37 +
 linux-user/nios2/termbits.h   | 220 +
 linux-user/signal.c   | 237 ++-
 linux-user/syscall_defs.h |   7 +-
 11 files changed, 1142 insertions(+), 7 deletions(-)
 create mode 100644 linux-user/nios2/syscall_nr.h
 create mode 100644 linux-user/nios2/target_cpu.h
 create mode 100644 linux-user/nios2/target_signal.h
 create mode 100644 linux-user/nios2/target_structs.h
 create mode 100644 linux-user/nios2/target_syscall.h
 create mode 100644 linux-user/nios2/termbits.h

diff --git a/include/elf.h b/include/elf.h
index 1c2975d..0dbd3e9 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -126,6 +126,8 @@ typedef int64_t  Elf64_Sxword;
  */
 #define EM_S390_OLD 0xA390
 
+#define EM_ALTERA_NIOS2 113 /* Altera Nios II soft-core processor */
+
 #define EM_MICROBLAZE  189
 #define EM_MICROBLAZE_OLD  0xBAAB
 
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 816272a..b610ad4 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -967,6 +967,64 @@ static void elf_core_copy_regs(target_elf_gregset_t *regs, 
const CPUMBState *env
 
 #endif /* TARGET_MICROBLAZE */
 
+#ifdef TARGET_NIOS2
+
+#define ELF_START_MMAP 0x8000
+
+#define elf_check_arch(x) ((x) == EM_ALTERA_NIOS2)
+
+#define ELF_CLASS   ELFCLASS32
+#define ELF_ARCHEM_ALTERA_NIOS2
+
+static inline void init_thread(struct target_pt_regs *regs,
+   struct image_info *infop)
+{
+regs->ea = infop->entry;
+regs->sp = infop->start_stack;
+regs->estatus = 0x3;
+}
+
+#define ELF_EXEC_PAGESIZE4096
+
+#define USE_ELF_CORE_DUMP
+#define ELF_NREG 49
+typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
+
+/* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
+static void elf_core_copy_regs(target_elf_gregset_t *regs,
+  const CPUNios2State *env)
+{
+int i;
+
+(*regs)[0] = -1;
+for (i = 1; i < 8; i++)/* r0-r7 */
+(*regs)[i] = tswapreg(env->regs[i + 7]);
+
+for (i = 8; i < 16; i++)   /* r8-r15 */
+(*regs)[i] = tswapreg(env->regs[i - 8]);
+
+for (i = 16; i < 24; i++)  /* r16-r23 */
+(*regs)[i] = tswapreg(env->regs[i + 7]);
+(*regs)[24] = -1;  /* R_ET */
+(*regs)[25] = -1;  /* R_BT */
+(*regs)[26] = tswapreg(env->regs[R_GP]);
+(*regs)[27] = tswapreg(env->regs[R_SP]);
+(*regs)[28] = tswapreg(env->regs[R_FP]);
+(*regs)[29] = tswapreg(env->regs[R_EA]);
+(*regs)[30] = -1;  /* R_SSTATUS */
+(*regs)[31] = tswapreg(env->regs[R_RA]);
+
+(*regs)[32] = tswapreg(env->regs[R_PC]);
+
+(*regs)[33] = -1; /* R_STATUS */
+(*regs)[34] = tswapreg(env->regs[CR_ESTATUS]);
+
+for (i = 35; i < 49; i++)  /* ... */
+   (*regs)[i] = -1;
+}
+
+#endif /* TARGET_NIOS2 */
+
 #ifdef TARGET_OPENRISC
 
 #define ELF_START_MMAP 0x0800
diff --git a/linux-user/main.c b/linux-user/main.c
index 8daebe0..0bdf6e5 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -68,8 +68,11 @@ do { 
   \
  * This way we will never overlap with our own libraries or binaries or stack
  * or anything else that QEMU maps.
  */
-# ifdef TARGET_MIPS
-/* MIPS only supports 31 bits of virtual address space for user space */
+# if defined(TARGET_MIPS) || defined(TARGET_NIOS2)
+/*
+ * MIPS only supports 31 bits of virtual address space for user space.
+ * Nios2 also only supports 31 bits.
+ */
 unsigned long reserved_va = 0x7700;
 # else
 unsigned long reserved_va = 0xf700;
@@ -2712,6 +2715,105 @@ error:
 }
 #endif
 
+#ifdef TARGET_NIOS2
+
+void cpu_loop(CPUNios2State *env)
+{
+CPUState *cs = ENV_GET_CPU(env);
+target_siginfo_t info;
+int trapnr, gdbsig, ret;
+
+for (;;) {
+cpu_exec_start(cs);
+trapnr = cpu_exec(cs);
+cpu_exec_end(cs);
+gdbsig = 0;
+
+switch (trapnr) {
+case EXCP_INTERRUPT:
+/* just indicate that signals should be handled asap */
+break;
+case EXCP_TRAP:
+if (env->regs[R_AT] == 0) {
+abi_long ret;
+qemu_log_mask(CPU_LOG_INT, "\nSyscall\n");
+
+ret = do_syscall(env, env->regs[2],
+ env->regs[4], env->regs[5], env->regs[6],
+  

Re: [Qemu-devel] [PULL 00/20] x86 and machine queue, 2016-09-27

[Peter Maydell]

On 27 September 2016 at 13:12, Eduardo Habkost  wrote:
> The following changes since commit 333ec4ca6a9f604331e2349cb91e9635f65d6462:
>
>   Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into 
> staging (2016-09-27 16:23:08 +0100)
>
> are available in the git repository at:
>
>   git://github.com/ehabkost/qemu.git tags/x86-pull-request
>
> for you to fetch changes up to 4f01a637795af77f1c191230b9f6e3a2547b0c28:
>
>   sysbus: Remove ignored return value of FindSysbusDeviceFunc (2016-09-27 
> 17:03:34 -0300)
>
> 
> x86 and machine queue, 2016-09-27
>
> 

Applied, thanks.

-- PMM

[Qemu-devel] [PATCH 7/7] nios2: Add support for Nios-II R1

[Marek Vasut]

Add remaining bits of the Altera NiosII R1 support into qemu, which
is documentation, MAINTAINERS file entry, configure bits, arch_init
and configuration files for both linux-user (userland binaries) and
softmmu (hardware emulation).

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 MAINTAINERS  | 8 
 arch_init.c  | 2 ++
 configure| 5 +
 default-configs/nios2-linux-user.mak | 1 +
 default-configs/nios2-softmmu.mak| 6 ++
 include/sysemu/arch_init.h   | 1 +
 qemu-doc.texi| 3 +++
 7 files changed, 26 insertions(+)
 create mode 100644 default-configs/nios2-linux-user.mak
 create mode 100644 default-configs/nios2-softmmu.mak

diff --git a/MAINTAINERS b/MAINTAINERS
index f3c1f7f..ad366ca 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -158,6 +158,14 @@ S: Maintained
 F: target-moxie/
 F: disas/moxie.c
 
+NiosII
+M: Chris Wulff 
+M: Marek Vasut 
+S: Maintained
+F: target-nios2/
+F: hw/nios2/
+F: disas/nios2.c
+
 OpenRISC
 M: Jia Liu 
 S: Maintained
diff --git a/arch_init.c b/arch_init.c
index 5cc58b2..20d83ff 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -64,6 +64,8 @@ int graphic_depth = 32;
 #define QEMU_ARCH QEMU_ARCH_MIPS
 #elif defined(TARGET_MOXIE)
 #define QEMU_ARCH QEMU_ARCH_MOXIE
+#elif defined(TARGET_NIOS2)
+#define QEMU_ARCH QEMU_ARCH_NIOS2
 #elif defined(TARGET_OPENRISC)
 #define QEMU_ARCH QEMU_ARCH_OPENRISC
 #elif defined(TARGET_PPC)
diff --git a/configure b/configure
index 8fa62ad..21d1e34 100755
--- a/configure
+++ b/configure
@@ -5669,6 +5669,8 @@ case "$target_name" in
   ;;
   moxie)
   ;;
+  nios2)
+  ;;
   or32)
 TARGET_ARCH=openrisc
 TARGET_BASE_ARCH=openrisc
@@ -5862,6 +5864,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
   moxie*)
 disas_config "MOXIE"
   ;;
+  nios2)
+disas_config "NIOS2"
+  ;;
   or32)
 disas_config "OPENRISC"
   ;;
diff --git a/default-configs/nios2-linux-user.mak 
b/default-configs/nios2-linux-user.mak
new file mode 100644
index 000..5be3eb7
--- /dev/null
+++ b/default-configs/nios2-linux-user.mak
@@ -0,0 +1 @@
+# Default configuration for nios2-linux-user
diff --git a/default-configs/nios2-softmmu.mak 
b/default-configs/nios2-softmmu.mak
new file mode 100644
index 000..74dc70c
--- /dev/null
+++ b/default-configs/nios2-softmmu.mak
@@ -0,0 +1,6 @@
+# Default configuration for nios2-softmmu
+
+CONFIG_NIOS2=y
+CONFIG_SERIAL=y
+CONFIG_PTIMER=y
+CONFIG_ALTERA_TIMER=y
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index 1c9dad1..fe60e11 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -23,6 +23,7 @@ enum {
 QEMU_ARCH_UNICORE32 = (1 << 14),
 QEMU_ARCH_MOXIE = (1 << 15),
 QEMU_ARCH_TRICORE = (1 << 16),
+QEMU_ARCH_NIOS2 = (1 << 17),
 };
 
 extern const uint32_t arch_type;
diff --git a/qemu-doc.texi b/qemu-doc.texi
index f37fd31..1e40d09 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -2856,6 +2856,9 @@ The binary format is detected automatically.
 @command{qemu-mips} TODO.
 @command{qemu-mipsel} TODO.
 
+@cindex user mode (NiosII)
+@command{qemu-nios2} TODO.
+
 @cindex user mode (PowerPC)
 @command{qemu-ppc64abi32} TODO.
 @command{qemu-ppc64} TODO.
-- 
2.9.3

[Qemu-devel] [PATCH 4/7] nios2: Add IIC interrupt controller emulation

[Marek Vasut]

From: Chris Wulff 

Add the Altera Nios2 internal interrupt controller model.

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 hw/intc/Makefile.objs |   1 +
 hw/intc/nios2_iic.c   | 103 ++
 2 files changed, 104 insertions(+)
 create mode 100644 hw/intc/nios2_iic.c

diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 05ec21b..3c29fe7 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -38,3 +38,4 @@ obj-$(CONFIG_S390_FLIC_KVM) += s390_flic_kvm.o
 obj-$(CONFIG_ASPEED_SOC) += aspeed_vic.o
 obj-$(CONFIG_ARM_GIC) += arm_gicv3_cpuif.o
 obj-$(CONFIG_MIPS_CPS) += mips_gic.o
+obj-$(CONFIG_NIOS2) += nios2_iic.o
diff --git a/hw/intc/nios2_iic.c b/hw/intc/nios2_iic.c
new file mode 100644
index 000..6da2cce
--- /dev/null
+++ b/hw/intc/nios2_iic.c
@@ -0,0 +1,103 @@
+/*
+ * QEMU Altera Internal Interrupt Controller.
+ *
+ * Copyright (c) 2012 Chris Wulff 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+
+#include "hw/sysbus.h"
+#include "cpu.h"
+
+#define TYPE_ALTERA_IIC "altera,iic"
+#define ALTERA_IIC(obj) \
+OBJECT_CHECK(AlteraIIC, (obj), TYPE_ALTERA_IIC)
+
+typedef struct AlteraIIC {
+SysBusDevice  parent_obj;
+void *cpu;
+qemu_irq  parent_irq;
+} AlteraIIC;
+
+static void update_irq(AlteraIIC *pv)
+{
+CPUNios2State *env = &((Nios2CPU*)(pv->cpu))->env;
+
+qemu_set_irq(pv->parent_irq,
+ env->regs[CR_IPENDING] & env->regs[CR_IENABLE]);
+}
+
+static void irq_handler(void *opaque, int irq, int level)
+{
+AlteraIIC *pv = opaque;
+CPUNios2State *env = &((Nios2CPU*)(pv->cpu))->env;
+
+env->regs[CR_IPENDING] &= ~(1 << irq);
+env->regs[CR_IPENDING] |= !!level << irq;
+
+update_irq(pv);
+}
+
+static void altera_iic_init(Object *obj)
+{
+AlteraIIC *pv = ALTERA_IIC(obj);
+
+qdev_init_gpio_in(DEVICE(pv), irq_handler, 32);
+sysbus_init_irq(SYS_BUS_DEVICE(obj), &pv->parent_irq);
+}
+
+static Property altera_iic_properties[] = {
+DEFINE_PROP_PTR("cpu", AlteraIIC, cpu),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static void altera_iic_realize(DeviceState *dev, Error **errp)
+{
+struct AlteraIIC *pv = ALTERA_IIC(dev);
+
+if (!pv->cpu) {
+error_setg(errp, "altera,iic: CPU not connected");
+return;
+}
+}
+
+static void altera_iic_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->props = altera_iic_properties;
+/* Reason: pointer property "cpu" */
+dc->cannot_instantiate_with_device_add_yet = true;
+dc->realize = altera_iic_realize;
+}
+
+static TypeInfo altera_iic_info = {
+.name  = "altera,iic",
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(AlteraIIC),
+.instance_init = altera_iic_init,
+.class_init= altera_iic_class_init,
+};
+
+static void altera_iic_register(void)
+{
+type_register_static(&altera_iic_info);
+}
+
+type_init(altera_iic_register)
-- 
2.9.3

[Qemu-devel] [PATCH 5/7] nios2: Add periodic timer emulation

[Marek Vasut]

From: Chris Wulff 

Add the Altera timer model.

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 hw/timer/Makefile.objs  |   1 +
 hw/timer/altera_timer.c | 236 
 2 files changed, 237 insertions(+)
 create mode 100644 hw/timer/altera_timer.c

diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
index 7ba8c23..0867a64 100644
--- a/hw/timer/Makefile.objs
+++ b/hw/timer/Makefile.objs
@@ -18,6 +18,7 @@ common-obj-$(CONFIG_IMX) += imx_gpt.o
 common-obj-$(CONFIG_LM32) += lm32_timer.o
 common-obj-$(CONFIG_MILKYMIST) += milkymist-sysctl.o
 
+obj-$(CONFIG_ALTERA_TIMER) += altera_timer.o
 obj-$(CONFIG_EXYNOS4) += exynos4210_mct.o
 obj-$(CONFIG_EXYNOS4) += exynos4210_pwm.o
 obj-$(CONFIG_EXYNOS4) += exynos4210_rtc.o
diff --git a/hw/timer/altera_timer.c b/hw/timer/altera_timer.c
new file mode 100644
index 000..4461438
--- /dev/null
+++ b/hw/timer/altera_timer.c
@@ -0,0 +1,236 @@
+/*
+ * QEMU model of the Altera timer.
+ *
+ * Copyright (c) 2012 Chris Wulff 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "hw/ptimer.h"
+
+#define R_STATUS  0
+#define R_CONTROL 1
+#define R_PERIODL 2
+#define R_PERIODH 3
+#define R_SNAPL   4
+#define R_SNAPH   5
+#define R_MAX 6
+
+#define STATUS_TO 0x0001
+#define STATUS_RUN0x0002
+
+#define CONTROL_ITO   0x0001
+#define CONTROL_CONT  0x0002
+#define CONTROL_START 0x0004
+#define CONTROL_STOP  0x0008
+
+#define TYPE_ALTERA_TIMER "ALTR.timer"
+#define ALTERA_TIMER(obj) \
+OBJECT_CHECK(AlteraTimer, (obj), TYPE_ALTERA_TIMER)
+
+typedef struct AlteraTimer {
+SysBusDevice  busdev;
+MemoryRegion  mmio;
+qemu_irq  irq;
+uint32_t  freq_hz;
+QEMUBH   *bh;
+ptimer_state *ptimer;
+uint32_t  regs[R_MAX];
+} AlteraTimer;
+
+static inline int timer_irq_state(AlteraTimer *t)
+{
+return (t->regs[R_STATUS] & STATUS_TO) &&
+   (t->regs[R_CONTROL] & CONTROL_ITO);
+}
+
+static uint64_t timer_read(void *opaque, hwaddr addr,
+   unsigned int size)
+{
+AlteraTimer *t = opaque;
+uint64_t r = 0;
+
+addr >>= 2;
+addr &= 0x7;
+switch (addr) {
+case R_CONTROL:
+r = t->regs[R_CONTROL] & (CONTROL_ITO | CONTROL_CONT);
+break;
+
+default:
+if (addr < ARRAY_SIZE(t->regs)) {
+r = t->regs[addr];
+}
+break;
+}
+
+return r;
+}
+
+static void timer_write(void *opaque, hwaddr addr,
+uint64_t value, unsigned int size)
+{
+AlteraTimer *t = opaque;
+uint64_t tvalue;
+uint32_t count = 0;
+int irqState = timer_irq_state(t);
+
+addr >>= 2;
+addr &= 0x7;
+switch (addr) {
+case R_STATUS:
+/* The timeout bit is cleared by writing the status register. */
+t->regs[R_STATUS] &= ~STATUS_TO;
+break;
+
+case R_CONTROL:
+t->regs[R_CONTROL] = value & (CONTROL_ITO | CONTROL_CONT);
+if ((value & CONTROL_START) &&
+!(t->regs[R_STATUS] & STATUS_RUN)) {
+ptimer_run(t->ptimer, 1);
+t->regs[R_STATUS] |= STATUS_RUN;
+}
+if ((value & CONTROL_STOP) && (t->regs[R_STATUS] & STATUS_RUN)) {
+ptimer_stop(t->ptimer);
+t->regs[R_STATUS] &= ~STATUS_RUN;
+}
+break;
+
+case R_PERIODL:
+case R_PERIODH:
+t->regs[addr] = value & 0x;
+if (t->regs[R_STATUS] & STATUS_RUN) {
+ptimer_stop(t->ptimer);
+t->regs[R_STATUS] &= ~STATUS_RUN;
+}
+tvalue = (t->regs[R_PERIODH] << 16) | t->regs[R_PERIODL];
+ptimer_set_limit(t->ptimer, tvalue + 1, 1);
+break;
+
+case R_SNAPL:
+case R_SNAPH:
+count = ptimer_get_count(t->ptimer);
+t->regs[R_SNAPL] = count & 0x;
+t->regs[R_SNAPH] = count >> 16;
+break;
+
+default:
+break;
+}
+
+if (irqState != timer_irq_state(t)) {
+qemu_set_irq(t->irq, timer_irq_state(t));
+}
+}
+
+static const MemoryRegionOps timer_ops = {
+.read = timer_read,
+.write = timer_writ

Re: [Qemu-devel] [PATCH 1/2] vhost: enable any layout feature

[Stephen Hemminger]

On Tue, 27 Sep 2016 11:11:58 +0800
Yuanhan Liu  wrote:

> On Mon, Sep 26, 2016 at 10:24:55PM +0300, Michael S. Tsirkin wrote:
> > On Mon, Sep 26, 2016 at 11:01:58AM -0700, Stephen Hemminger wrote:  
> > > I assume that if using Version 1 that the bit will be ignored  
> 
> Yes, but I will just quote what you just said: what if the guest
> virtio device is a legacy device? I also gave my reasons in another
> email why I consistently set this flag:
> 
>   - we have to return all features we support to the guest.
>   
> We don't know the guest is a modern or legacy device. That means
> we should claim we support both: VERSION_1 and ANY_LAYOUT.
>   
> Assume guest is a legacy device and we just set VERSION_1 (the current
> case), ANY_LAYOUT will never be negotiated.
>   
>   - I'm following the way Linux kernel takes: it also set both features.

Agreed, just do what the Linux kernel does.

Re: [Qemu-devel] Making cputlb.c operations safe for MTTCG

[Richard Henderson]

On 09/27/2016 03:29 PM, Emilio G. Cota wrote:

What's a quick-and-dirty way to disable the fast-path TLB lookups?
Alex: you told me the monitor has an option for this, but I can't
find it. I'm looking for something that'd go in tcg/i386 to simply
bypass the fast path.


There is no easy way.  If you need that, you'd have to significantly modify the 
tcg backend.



r~

Re: [Qemu-devel] Making cputlb.c operations safe for MTTCG

[Alex Bennée]

Emilio G. Cota  writes:

> On Tue, Sep 27, 2016 at 18:16:45 +0200, Paolo Bonzini wrote:
>> Anyhow, the next step is to merge either cmpxchg-based atomics
>> or iothread-free single-threaded TCG.  Either will do. :)
>>
>> I think that even iothread-free single-threaded TCG requires this
>> TLB stuff, because the iothread's address_space_write (and hence
>> invalidate_and_set_dirty) can race against the TCG thread's
>> code generation.
>
> What's a quick-and-dirty way to disable the fast-path TLB lookups?
> Alex: you told me the monitor has an option for this, but I can't
> find it. I'm looking for something that'd go in tcg/i386 to simply
> bypass the fast path.

Hack up tlb_set_page_with_attrs() to always set one of the TLB_FOO bits
(you might want to invent a new one as the other do have meanings).

>
> Forcing the slow TLB lookup would be an easy way to then implement
> a per-TLB seqlock. I think TLB corruption might explain the crashes I
> see when booting Ubuntu in a many-core guest (running on a many-core
> host).

TLB corruption is suspected but I've never come up with a clean test
case to force it. I find heavy compiles in a system image can do it but
my SMC torture test never crashes.

>
> Thanks,
>
>   Emilio


--
Alex Bennée

Re: [Qemu-devel] Making cputlb.c operations safe for MTTCG

[Emilio G. Cota]

On Tue, Sep 27, 2016 at 18:16:45 +0200, Paolo Bonzini wrote:
> Anyhow, the next step is to merge either cmpxchg-based atomics
> or iothread-free single-threaded TCG.  Either will do. :)
> 
> I think that even iothread-free single-threaded TCG requires this
> TLB stuff, because the iothread's address_space_write (and hence
> invalidate_and_set_dirty) can race against the TCG thread's
> code generation.

What's a quick-and-dirty way to disable the fast-path TLB lookups?
Alex: you told me the monitor has an option for this, but I can't
find it. I'm looking for something that'd go in tcg/i386 to simply
bypass the fast path.

Forcing the slow TLB lookup would be an easy way to then implement
a per-TLB seqlock. I think TLB corruption might explain the crashes I
see when booting Ubuntu in a many-core guest (running on a many-core
host).

Thanks,

Emilio

Re: [Qemu-devel] [PATCH v3] ide: Fix memory leak in ide_register_restart_cb()

[John Snow]

On 09/27/2016 12:53 PM, Ashijeet Acharya wrote:

Fix a memory leak in ide_register_restart_cb() in hw/ide/core.c and add
idebus_unrealize() in hw/ide/qdev.c to have calls to
qemu_del_vm_change_state_handler() to deal with the dangling change
state handler during hot-unplugging ide devices which might lead to a
crash.



In the future, please rebase your patches on top of the current git 
master when you resend.



Signed-off-by: Ashijeet Acharya 
---
Changes in v3:
-Use smaller conditional (bus->vmstate) only
---
 hw/ide/core.c |  2 +-
 hw/ide/qdev.c | 11 +++
 include/hw/ide/internal.h |  1 +
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 45b6df1..eecbb47 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2582,7 +2582,7 @@ static void ide_restart_cb(void *opaque, int running, 
RunState state)
 void ide_register_restart_cb(IDEBus *bus)
 {
 if (bus->dma->ops->restart_dma) {
-qemu_add_vm_change_state_handler(ide_restart_cb, bus);
+bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus);
 }
 }

diff --git a/hw/ide/qdev.c b/hw/ide/qdev.c
index 2eb055a..7e186bd 100644
--- a/hw/ide/qdev.c
+++ b/hw/ide/qdev.c
@@ -31,6 +31,7 @@
 /* - */

 static char *idebus_get_fw_dev_path(DeviceState *dev);
+static void idebus_unrealize(DeviceState *qdev, Error **errp);

 static Property ide_props[] = {
 DEFINE_PROP_UINT32("unit", IDEDevice, unit, -1),
@@ -44,6 +45,15 @@ static void ide_bus_class_init(ObjectClass *klass, void 
*data)
 k->get_fw_dev_path = idebus_get_fw_dev_path;
 }

+static void idebus_unrealize(DeviceState *qdev, Error **errp)
+{
+IDEBus *bus = DO_UPCAST(IDEBus, qbus, qdev->parent_bus);
+
+if (bus->vmstate) {
+qemu_del_vm_change_state_handler(bus->vmstate);


Also in the future, keep an eye out for whitespace changes, too.


+}
+}
+
 static const TypeInfo ide_bus_info = {
 .name = TYPE_IDE_BUS,
 .parent = TYPE_BUS,
@@ -355,6 +365,7 @@ static void ide_device_class_init(ObjectClass *klass, void 
*data)
 k->init = ide_qdev_init;
 set_bit(DEVICE_CATEGORY_STORAGE, k->categories);
 k->bus_type = TYPE_IDE_BUS;
+k->unrealize = idebus_unrealize;
 k->props = ide_props;
 }

diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h
index 7824bc3..2103261 100644
--- a/include/hw/ide/internal.h
+++ b/include/hw/ide/internal.h
@@ -480,6 +480,7 @@ struct IDEBus {
 uint8_t retry_unit;
 int64_t retry_sector_num;
 uint32_t retry_nsector;
+VMChangeStateEntry *vmstate;
 };

 #define TYPE_IDE_DEVICE "ide-device"



I made the minor rebase and whitespace edit in my tree, and with that:

Reviewed-by: John Snow 

Thanks, applied to my IDE tree:

https://github.com/jnsnow/qemu/commits/ide
https://github.com/jnsnow/qemu.git

--js

Re: [Qemu-devel] Making cputlb.c operations safe for MTTCG

[Alex Bennée]

Paolo Bonzini  writes:

> On 02/08/2016 08:37, Alex Bennée wrote:
>>> - in notdirty_mem_write, care must be put in the ordering of
>>> tb_invalidate_phys_page_fast (which itself calls tlb_unprotect_code and
>>> takes the tb_lock in tb_invalidate_phys_page_range) and tlb_set_dirty.
>>> At least it seems to me that the call to tb_invalidate_phys_page_fast
>>> should be after the write, but that's not all.  Perhaps merge this part
>>> of notdirty_mem_write:
>
> I looked at it again and you are already doing the right thing in patch 19.
> It's possible to simplify it a bit though like this:
>
> diff --git a/exec.c b/exec.c
> index c8389f9..7850c39 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1944,9 +1944,6 @@ ram_addr_t qemu_ram_addr_from_host(void *ptr)
>  static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
> uint64_t val, unsigned size)
>  {
> -if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
> -tb_invalidate_phys_page_fast(ram_addr, size);
> -}
>  switch (size) {
>  case 1:
>  stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
> @@ -1960,11 +1957,19 @@ static void notdirty_mem_write(void *opaque, hwaddr 
> ram_addr,
>   */
>  cpu_physical_memory_set_dirty_range(ram_addr, size,
>  DIRTY_CLIENTS_NOCODE);
> +tb_lock();
> +if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
> +/* tb_invalidate_phys_page_range will call tlb_unprotect_code
> + * once the last TB in this page is gone.
> + */
> +tb_invalidate_phys_page_fast(ram_addr, size);
> +}
>  /* we remove the notdirty callback only if the code has been
> flushed */
>  if (!cpu_physical_memory_is_clean(ram_addr)) {
>  tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
>  }
> +tb_unlock();
>  }
>
>  static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
>
>
> Anyhow, the next step is to merge either cmpxchg-based atomics
> or iothread-free single-threaded TCG.  Either will do. :)

By iothread-free single-threaded TCG you mean dropping the need to grab
the BQL when we start the TCG thread and making the BQL purely an
on-demand/when needed thing?

The cmpxchg stuff is looking good to me - I still have to do a pass over
rth's patch set since he re-based on async safe work. In fact once your
updated PULL req is in even better ;-)

> I think that even iothread-free single-threaded TCG requires this
> TLB stuff, because the iothread's address_space_write (and hence
> invalidate_and_set_dirty) can race against the TCG thread's
> code generation.

Yes.

>
> Thanks,
>
> Paolo


--
Alex Bennée

Re: [Qemu-devel] [PATCH v14 07/19] qapi: don't pass two copies of TestInputVisitorData to tests

[Eric Blake]

On 09/27/2016 05:10 PM, Eric Blake wrote:
> On 09/27/2016 08:13 AM, Daniel P. Berrange wrote:
>> The input_visitor_test_add() method was accepting an instance
>> of 'TestInputVisitorData' and passing it as the 'user_data'
>> parameter to test functions. The main 'TestInputVisitorData'
>> instance that was actually used, was meanwhile being allocated
>> automatically by the test framework fixture setup.
>>
>> Signed-off-by: Daniel P. Berrange 
>> ---
>>  tests/test-qobject-input-visitor.c | 76 
>> --
>>  1 file changed, 32 insertions(+), 44 deletions(-)
>>
> 
> Reviewed-by: Eric Blake 
> 

Having said that, I note that ALL callers now pass NULL for user_data.
If you plan on using it later in the series for something other than
NULL for some of the (new?) tests added at that point, it would be wise
to say so in the commit message; if not, I would suggest eliminating the
parameter altogether.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v14 07/19] qapi: don't pass two copies of TestInputVisitorData to tests

[Eric Blake]

On 09/27/2016 08:13 AM, Daniel P. Berrange wrote:
> The input_visitor_test_add() method was accepting an instance
> of 'TestInputVisitorData' and passing it as the 'user_data'
> parameter to test functions. The main 'TestInputVisitorData'
> instance that was actually used, was meanwhile being allocated
> automatically by the test framework fixture setup.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  tests/test-qobject-input-visitor.c | 76 
> --
>  1 file changed, 32 insertions(+), 44 deletions(-)
> 

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v14 04/19] qapi: add trace events for visitor

[Eric Blake]

On 09/27/2016 08:13 AM, Daniel P. Berrange wrote:
> Allow tracing of the operation of visitors

Ooooh, shiny!

> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  Makefile.objs  |  1 +
>  qapi/qapi-visit-core.c | 27 +++
>  qapi/trace-events  | 33 +
>  3 files changed, 61 insertions(+)
>  create mode 100644 qapi/trace-events
> 

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v14 03/19] option: allow qemu_opts_to_qdict to merge repeated options

[Eric Blake]

On 09/27/2016 08:13 AM, Daniel P. Berrange wrote:
> If given an option string such as
> 
>   size=1024,nodes=10,nodes=4-5,nodes=1-2,policy=bind
> 
> the qemu_opts_to_qdict() method will currently overwrite
> the values for repeated option keys, so only the last
> value is in the returned dict:
> 
> size=1024
> nodes=1-2
> policy=bind
> 
> This adds the ability for the caller to ask that the
> repeated keys be turned into list indexes:
> 
> size=1024
> nodes.0=10
> nodes.1=4-5
> nodes.2=1-2
> policy=bind
> 
> Note that the conversion has no way of knowing whether
> any given key is expected to be a list upfront - it can
> only figure that out when seeing the first duplicated
> key. Thus the caller has to be prepared to deal with the
> fact that if a key 'foo' is a list, then the returned
> qdict may contain either 'foo' (if only a single instance
> of the key was seen) or 'foo.NN' (if multiple instances
> of the key were seen).
> 
> Signed-off-by: Daniel P. Berrange 
> ---

If I'm not mistaken, this policy adds a new policy, but all existing
clients use the old policy, and the new policy is exercised only by the
testsuite additions.  Might be useful to mention that in the commit
message, rather than making me read the whole commit before guessing that.

> +++ b/blockdev.c
> @@ -911,7 +911,8 @@ DriveInfo *drive_new(QemuOpts *all_opts, 
> BlockInterfaceType block_default_type)
>  
>  /* Get a QDict for processing the options */
>  bs_opts = qdict_new();
> -qemu_opts_to_qdict(all_opts, bs_opts);
> +qemu_opts_to_qdict(all_opts, bs_opts,
> +   QEMU_OPTS_REPEAT_POLICY_LAST);

git send-email/format-patch -O/path/to/file (or the corresponding config
option) allows you to sort the diff to put the interesting stuff first
(in this case, the new enum).

> +++ b/include/qemu/option.h
> @@ -125,7 +125,13 @@ void qemu_opts_set_defaults(QemuOptsList *list, const 
> char *params,
>  int permit_abbrev);
>  QemuOpts *qemu_opts_from_qdict(QemuOptsList *list, const QDict *qdict,
> Error **errp);
> -QDict *qemu_opts_to_qdict(QemuOpts *opts, QDict *qdict);
> +typedef enum {
> +QEMU_OPTS_REPEAT_POLICY_LAST,
> +QEMU_OPTS_REPEAT_POLICY_LIST,

Hmm. I suspect this subtle difference (one vowel) to be the source of
typo bugs.  Can we come up with more obvious policy names, such as
LAST_ONLY vs. INTO_LIST?  Except that doing that makes it harder to fit
80 columns.  So up to you if you want to ignore me here.

On the other hand, a documentation comment here would go a long ways to
helping future readers:

LAST: last occurrence of a duplicate option silently overwrites all earlier
LIST: each occurrence of a duplicate option converts it into a list

maybe you also want to add:

ERROR: an occurrence of a duplicate option is considered an error

Also, while you turn 'foo=a,foo=b' into 'foo.0=a,foo.1=b', does your
code correctly handle the cases of 'foo.0=a,foo=b' and 'foo=a,foo.1=b'?
(And what IS the correct handling of those cases logically supposed to be?)

> +++ b/tests/test-qemu-opts.c
> @@ -421,6 +421,45 @@ static void test_qemu_opts_set(void)
>  g_assert(opts == NULL);
>  }
>  
> +
> +static void test_qemu_opts_to_qdict(void)
> +{

Here would be a good place to test the two mixed-use optstrings I
mentioned above (inconsistent use of plain vs. list syntax).

> +}
> +
>  int main(int argc, char *argv[])
>  {

> +++ b/util/qemu-option.c
> @@ -1058,10 +1058,12 @@ void qemu_opts_absorb_qdict(QemuOpts *opts, QDict 
> *qdict, Error **errp)
>   * TODO We'll want to use types appropriate for opt->desc->type, but
>   * this is enough for now.
>   */
> -QDict *qemu_opts_to_qdict(QemuOpts *opts, QDict *qdict)
> +QDict *qemu_opts_to_qdict(QemuOpts *opts, QDict *qdict,
> +  QemuOptsRepeatPolicy repeatPolicy)
>  {
>  QemuOpt *opt;
> -QObject *val;
> +QObject *val, *prevval;
> +QDict *lists = qdict_new();
>  
>  if (!qdict) {
>  qdict = qdict_new();
> @@ -1070,9 +1072,42 @@ QDict *qemu_opts_to_qdict(QemuOpts *opts, QDict *qdict)
>  qdict_put(qdict, "id", qstring_from_str(opts->id));
>  }
>  QTAILQ_FOREACH(opt, &opts->head, next) {
> +gchar *key = NULL;
>  val = QOBJECT(qstring_from_str(opt->str));
> -qdict_put_obj(qdict, opt->name, val);
> +switch (repeatPolicy) {
> +case QEMU_OPTS_REPEAT_POLICY_LIST:
> +if (qdict_haskey(lists, opt->name)) {
> +/* Current val goes into 'foo.N' */
> +int64_t max = qdict_get_int(lists, opt->name);
> +max++;
> +key = g_strdup_printf("%s.%" PRId64, opt->name, max);
> +qdict_put_obj(lists, opt->name, QOBJECT(qint_from_int(max)));
> +qdict_put_obj(qdict, key, val);
> +} else if (qdict_haskey(qdict, opt->name)) {
> +/* Move previous val from 'foo' t

Re: [Qemu-devel] [PATCH 5/5] intel_iommu: do not allow EIM without KVM support

[Paolo Bonzini]

- Original Message -
> From: "Radim Krčmář" 
> To: "Paolo Bonzini" 
> Cc: qemu-devel@nongnu.org, "Peter Xu" , "Igor Mammedov" 
> , "Richard Henderson"
> , "Eduardo Habkost" , "Michael S. 
> Tsirkin" 
> Sent: Tuesday, September 27, 2016 4:01:39 PM
> Subject: Re: [PATCH 5/5] intel_iommu: do not allow EIM without KVM support
> 
> 2016-09-23 11:27+0200, Paolo Bonzini:
> > Since the whole IOMMU feature is new and somewhat experimental, I think
> > it's okay to just make EIM the default for >=2.8 machine types if KVM is
> > on (using DEFINE_PROP_ON_OFF_AUTO; auto means true if KVM is on and
> 
> Sounds good.

BTW this also means KVM+vIOMMU requires 4.8.  Let's remember to document
it in the release notes.

> > false otherwise, and pc-2.7 would set eim=off).
> 
> What about eim=on in pc-2.7, to avoid breaking migration?

Yup, just a thinko.

Paolo

[Qemu-devel] [PATCH 1/2] tcg: Add tcg_gen_mulsu2_{i32,i64,tl}

[Richard Henderson]

This multiply has one signed input and one unsigned input,
producing the full double-width result.

Signed-off-by: Richard Henderson 
---
 tcg/tcg-op.c | 43 +++
 tcg/tcg-op.h |  4 
 2 files changed, 47 insertions(+)

diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index 291d50b..d92a6cd 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -688,6 +688,33 @@ void tcg_gen_muls2_i32(TCGv_i32 rl, TCGv_i32 rh, TCGv_i32 
arg1, TCGv_i32 arg2)
 }
 }
 
+void tcg_gen_mulsu2_i32(TCGv_i32 rl, TCGv_i32 rh, TCGv_i32 arg1, TCGv_i32 arg2)
+{
+if (TCG_TARGET_REG_BITS == 32) {
+TCGv_i32 t0 = tcg_temp_new_i32();
+TCGv_i32 t1 = tcg_temp_new_i32();
+TCGv_i32 t2 = tcg_temp_new_i32();
+tcg_gen_mulu2_i32(t0, t1, arg1, arg2);
+/* Adjust for negative input for the signed arg1.  */
+tcg_gen_sari_i32(t2, arg1, 31);
+tcg_gen_and_i32(t2, t2, arg2);
+tcg_gen_sub_i32(rh, t1, t2);
+tcg_gen_mov_i32(rl, t0);
+tcg_temp_free_i32(t0);
+tcg_temp_free_i32(t1);
+tcg_temp_free_i32(t2);
+} else {
+TCGv_i64 t0 = tcg_temp_new_i64();
+TCGv_i64 t1 = tcg_temp_new_i64();
+tcg_gen_ext_i32_i64(t0, arg1);
+tcg_gen_extu_i32_i64(t1, arg2);
+tcg_gen_mul_i64(t0, t0, t1);
+tcg_gen_extr_i64_i32(rl, rh, t0);
+tcg_temp_free_i64(t0);
+tcg_temp_free_i64(t1);
+}
+}
+
 void tcg_gen_ext8s_i32(TCGv_i32 ret, TCGv_i32 arg)
 {
 if (TCG_TARGET_HAS_ext8s_i32) {
@@ -1758,6 +1785,22 @@ void tcg_gen_muls2_i64(TCGv_i64 rl, TCGv_i64 rh, 
TCGv_i64 arg1, TCGv_i64 arg2)
 }
 }
 
+void tcg_gen_mulsu2_i64(TCGv_i64 rl, TCGv_i64 rh, TCGv_i64 arg1, TCGv_i64 arg2)
+{
+TCGv_i64 t0 = tcg_temp_new_i64();
+TCGv_i64 t1 = tcg_temp_new_i64();
+TCGv_i64 t2 = tcg_temp_new_i64();
+tcg_gen_mulu2_i64(t0, t1, arg1, arg2);
+/* Adjust for negative input for the signed arg1.  */
+tcg_gen_sari_i64(t2, arg1, 63);
+tcg_gen_and_i64(t2, t2, arg2);
+tcg_gen_sub_i64(rh, t1, t2);
+tcg_gen_mov_i64(rl, t0);
+tcg_temp_free_i64(t0);
+tcg_temp_free_i64(t1);
+tcg_temp_free_i64(t2);
+}
+
 /* Size changing operations.  */
 
 void tcg_gen_extrl_i64_i32(TCGv_i32 ret, TCGv_i64 arg)
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 02cb376..56407d2 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -306,6 +306,7 @@ void tcg_gen_sub2_i32(TCGv_i32 rl, TCGv_i32 rh, TCGv_i32 al,
   TCGv_i32 ah, TCGv_i32 bl, TCGv_i32 bh);
 void tcg_gen_mulu2_i32(TCGv_i32 rl, TCGv_i32 rh, TCGv_i32 arg1, TCGv_i32 arg2);
 void tcg_gen_muls2_i32(TCGv_i32 rl, TCGv_i32 rh, TCGv_i32 arg1, TCGv_i32 arg2);
+void tcg_gen_mulsu2_i32(TCGv_i32 rl, TCGv_i32 rh, TCGv_i32 arg1, TCGv_i32 
arg2);
 void tcg_gen_ext8s_i32(TCGv_i32 ret, TCGv_i32 arg);
 void tcg_gen_ext16s_i32(TCGv_i32 ret, TCGv_i32 arg);
 void tcg_gen_ext8u_i32(TCGv_i32 ret, TCGv_i32 arg);
@@ -482,6 +483,7 @@ void tcg_gen_sub2_i64(TCGv_i64 rl, TCGv_i64 rh, TCGv_i64 al,
   TCGv_i64 ah, TCGv_i64 bl, TCGv_i64 bh);
 void tcg_gen_mulu2_i64(TCGv_i64 rl, TCGv_i64 rh, TCGv_i64 arg1, TCGv_i64 arg2);
 void tcg_gen_muls2_i64(TCGv_i64 rl, TCGv_i64 rh, TCGv_i64 arg1, TCGv_i64 arg2);
+void tcg_gen_mulsu2_i64(TCGv_i64 rl, TCGv_i64 rh, TCGv_i64 arg1, TCGv_i64 
arg2);
 void tcg_gen_not_i64(TCGv_i64 ret, TCGv_i64 arg);
 void tcg_gen_ext8s_i64(TCGv_i64 ret, TCGv_i64 arg);
 void tcg_gen_ext16s_i64(TCGv_i64 ret, TCGv_i64 arg);
@@ -932,6 +934,7 @@ static inline void tcg_gen_qemu_st64(TCGv_i64 arg, TCGv 
addr, int mem_index)
 #define tcg_gen_sub2_tl tcg_gen_sub2_i64
 #define tcg_gen_mulu2_tl tcg_gen_mulu2_i64
 #define tcg_gen_muls2_tl tcg_gen_muls2_i64
+#define tcg_gen_mulsu2_tl tcg_gen_mulsu2_i64
 #else
 #define tcg_gen_movi_tl tcg_gen_movi_i32
 #define tcg_gen_mov_tl tcg_gen_mov_i32
@@ -1009,6 +1012,7 @@ static inline void tcg_gen_qemu_st64(TCGv_i64 arg, TCGv 
addr, int mem_index)
 #define tcg_gen_sub2_tl tcg_gen_sub2_i32
 #define tcg_gen_mulu2_tl tcg_gen_mulu2_i32
 #define tcg_gen_muls2_tl tcg_gen_muls2_i32
+#define tcg_gen_mulsu2_tl tcg_gen_mulsu2_i32
 #endif
 
 #if UINTPTR_MAX == UINT32_MAX
-- 
2.5.5

[Qemu-devel] [PATCH 0/2] tcg: Add tcg_gen_mulsu2_*

[Richard Henderson]

While reviewing the recent riscv patch set, I made a suggestion to copy
some of the bits from tcg_gen_muls2_i64 in order to implement the mulhsu
instruction.

However, I noticed that the same operation is present in another target,
so I thought that it would be better to have this as a standard operation.


r~


Richard Henderson (2):
  tcg: Add tcg_gen_mulsu2_{i32,i64,tl}
  target-microblaze: Cleanup dec_mul

 target-microblaze/translate.c | 61 +++
 tcg/tcg-op.c  | 43 ++
 tcg/tcg-op.h  |  4 +++
 3 files changed, 56 insertions(+), 52 deletions(-)

-- 
2.5.5

[Qemu-devel] [PATCH 2/2] target-microblaze: Cleanup dec_mul

[Richard Henderson]

Use tcg_gen_mul_tl for muli and mul instructions.
Use tcg_gen_muls2_tl for mulh instruction.
Use tcg_gen_mulu2_tl for mulhu instruction.
Use tcg_gen_mulsu2_tl for mulhsu instruction.

Note that this last fixes a bug, in that mulhsu was
previously treating both operands as signed, instead
of treating rb as unsigned.

Cc: Edgar E. Iglesias 
Signed-off-by: Richard Henderson 
---
 target-microblaze/translate.c | 61 +++
 1 file changed, 9 insertions(+), 52 deletions(-)

diff --git a/target-microblaze/translate.c b/target-microblaze/translate.c
index 5274191..de2090a 100644
--- a/target-microblaze/translate.c
+++ b/target-microblaze/translate.c
@@ -581,50 +581,10 @@ static void dec_msr(DisasContext *dc)
 }
 }
 
-/* 64-bit signed mul, lower result in d and upper in d2.  */
-static void t_gen_muls(TCGv d, TCGv d2, TCGv a, TCGv b)
-{
-TCGv_i64 t0, t1;
-
-t0 = tcg_temp_new_i64();
-t1 = tcg_temp_new_i64();
-
-tcg_gen_ext_i32_i64(t0, a);
-tcg_gen_ext_i32_i64(t1, b);
-tcg_gen_mul_i64(t0, t0, t1);
-
-tcg_gen_extrl_i64_i32(d, t0);
-tcg_gen_shri_i64(t0, t0, 32);
-tcg_gen_extrl_i64_i32(d2, t0);
-
-tcg_temp_free_i64(t0);
-tcg_temp_free_i64(t1);
-}
-
-/* 64-bit unsigned muls, lower result in d and upper in d2.  */
-static void t_gen_mulu(TCGv d, TCGv d2, TCGv a, TCGv b)
-{
-TCGv_i64 t0, t1;
-
-t0 = tcg_temp_new_i64();
-t1 = tcg_temp_new_i64();
-
-tcg_gen_extu_i32_i64(t0, a);
-tcg_gen_extu_i32_i64(t1, b);
-tcg_gen_mul_i64(t0, t0, t1);
-
-tcg_gen_extrl_i64_i32(d, t0);
-tcg_gen_shri_i64(t0, t0, 32);
-tcg_gen_extrl_i64_i32(d2, t0);
-
-tcg_temp_free_i64(t0);
-tcg_temp_free_i64(t1);
-}
-
 /* Multiplier unit.  */
 static void dec_mul(DisasContext *dc)
 {
-TCGv d[2];
+TCGv tmp;
 unsigned int subcode;
 
 if ((dc->tb_flags & MSR_EE_FLAG)
@@ -636,13 +596,11 @@ static void dec_mul(DisasContext *dc)
 }
 
 subcode = dc->imm & 3;
-d[0] = tcg_temp_new();
-d[1] = tcg_temp_new();
 
 if (dc->type_b) {
 LOG_DIS("muli r%d r%d %x\n", dc->rd, dc->ra, dc->imm);
-t_gen_mulu(cpu_R[dc->rd], d[1], cpu_R[dc->ra], *(dec_alu_op_b(dc)));
-goto done;
+tcg_gen_mul_tl(cpu_R[dc->rd], cpu_R[dc->ra], *(dec_alu_op_b(dc)));
+return;
 }
 
 /* mulh, mulhsu and mulhu are not available if C_USE_HW_MUL is < 2.  */
@@ -651,30 +609,29 @@ static void dec_mul(DisasContext *dc)
 /* nop??? */
 }
 
+tmp = tcg_temp_new();
 switch (subcode) {
 case 0:
 LOG_DIS("mul r%d r%d r%d\n", dc->rd, dc->ra, dc->rb);
-t_gen_mulu(cpu_R[dc->rd], d[1], cpu_R[dc->ra], cpu_R[dc->rb]);
+tcg_gen_mul_tl(cpu_R[dc->rd], cpu_R[dc->ra], cpu_R[dc->rb]);
 break;
 case 1:
 LOG_DIS("mulh r%d r%d r%d\n", dc->rd, dc->ra, dc->rb);
-t_gen_muls(d[0], cpu_R[dc->rd], cpu_R[dc->ra], cpu_R[dc->rb]);
+tcg_gen_muls2_tl(tmp, cpu_R[dc->rd], cpu_R[dc->ra], cpu_R[dc->rb]);
 break;
 case 2:
 LOG_DIS("mulhsu r%d r%d r%d\n", dc->rd, dc->ra, dc->rb);
-t_gen_muls(d[0], cpu_R[dc->rd], cpu_R[dc->ra], cpu_R[dc->rb]);
+tcg_gen_mulsu2_tl(tmp, cpu_R[dc->rd], cpu_R[dc->ra], 
cpu_R[dc->rb]);
 break;
 case 3:
 LOG_DIS("mulhu r%d r%d r%d\n", dc->rd, dc->ra, dc->rb);
-t_gen_mulu(d[0], cpu_R[dc->rd], cpu_R[dc->ra], cpu_R[dc->rb]);
+tcg_gen_mulu2_tl(tmp, cpu_R[dc->rd], cpu_R[dc->ra], cpu_R[dc->rb]);
 break;
 default:
 cpu_abort(CPU(dc->cpu), "unknown MUL insn %x\n", subcode);
 break;
 }
-done:
-tcg_temp_free(d[0]);
-tcg_temp_free(d[1]);
+tcg_temp_free(tmp);
 }
 
 /* Div unit.  */
-- 
2.5.5

Re: [Qemu-devel] [PATCH v14 01/19] qdict: implement a qdict_crumple method for un-flattening a dict

[Eric Blake]

On 09/27/2016 08:13 AM, Daniel P. Berrange wrote:
> The qdict_flatten() method will take a dict whose elements are
> further nested dicts/lists and flatten them by concatenating
> keys.
> 
> The qdict_crumple() method aims to do the reverse, taking a flat
> qdict, and turning it into a set of nested dicts/lists. It will
> apply nesting based on the key name, with a '.' indicating a
> new level in the hierarchy. If the keys in the nested structure
> are all numeric, it will create a list, otherwise it will create
> a dict.
> 
> If the keys are a mixture of numeric and non-numeric, or the
> numeric keys are not in strictly ascending order, an error will
> be reported.
> 

> 
> The intent of this function is that it allows a set of QemuOpts
> to be turned into a nested data structure that mirrors the nesting
> used when the same object is defined over QMP.
> 
> Reviewed-by: Kevin Wolf 
> Reviewed-by: Marc-André Lureau 
> Signed-off-by: Daniel P. Berrange 
> ---

> +
> +/**
> + * qdict_split_flat_key:
> + * @key: the key string to split
> + * @prefix: non-NULL pointer to hold extracted prefix
> + * @suffix: non-NULL pointer to remaining suffix
> + *
> + * Given a flattened key such as 'foo.0.bar', split it into two parts
> + * at the first '.' separator. Allows double dot ('..') to escape the
> + * normal separator.
> + *
> + * eg

s/eg/e.g./ or just spell it as 'for example'


> +static int qdict_is_list(QDict *maybe_list, Error **errp)

> +
> +/* NB this isn't a perfect check - eg it won't catch

Another such use.

> + * a list containing '1', '+1', '01', '3', but that
> + * does not matter - we've still proved that the
> + * input is a list. It is up the caller to do a
> + * stricter check if desired */
> +if (len != (max + 1)) {
> +error_setg(errp, "List indexes are not contiguous, "

s/indexes/indices/ ? (my spellchecker likes both, but indexes is a sign
that modern English speakers are getting lazy and drifting away from Latin)

> +/**
> + * qdict_crumple:
> + * @src: the original flat dictionary (only scalar values) to crumple
> + * @recursive: true to recursively crumple nested dictionaries

> + * For example, an input of:
> + *
> + * { 'foo.0.bar': 'one', 'foo.0.wizz': '1',
> + *   'foo.1.bar': 'two', 'foo.1.wizz': '2' }
> + *
> + * will result in any output of:

s/any/an/

> + *
> + * {
> + *   'foo': [
> + *  { 'bar': 'one', 'wizz': '1' },
> + *  { 'bar': 'two', 'wizz': '2' }
> + *   ],
> + * }
> + *
> + * The following scenarios in the input dict will result in an
> + * error being returned:
> + *
> + *  - Any values in @src are non-scalar types
> + *  - If keys in @src imply that a particular level is both a
> + *list and a dict. eg, "foo.0.bar" and "foo.eek.bar".
> + *  - If keys in @src imply that a particular level is a list,
> + *but the indexes are non-contigous. eg "foo.0.bar" and

s/contigous/contiguous/

and another pesky 'eg'

Modulo typo fixes and potential grammar changes,
Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 0/2] Add error reporting in migration

[John Snow]

On 09/27/2016 02:56 PM, Dr. David Alan Gilbert (git) wrote:

From: "Dr. David Alan Gilbert" 

At the moment if you use a VMSTATE_*_EQUAL macro and the value
doesn't match you just get an error about the section that failed

e.g.
  qemu-system-ppc64: error while loading state for instance 0x0 of device 'cpu'
  qemu-system-ppc64: load of migration failed: Invalid argument

with this pair you get the field and the mismatched values.
e.g.
  qemu-system-ppc64: 8000600FE1FF7AE1 != 8000600FE1FF3A21
  qemu-system-ppc64: Failed to load cpu:env.insns_flags
  qemu-system-ppc64: error while loading state for instance 0x0 of device 'cpu'
  qemu-system-ppc64: load of migration failed: Invalid argument

which is much more likely to point you at the culprit.

(Broken out from a larger vmstatification series, the only change since
then is the values are printed in hex except for the le case).

Dave

Dr. David Alan Gilbert (2):
  migration: report an error giving the failed field
  migration: Report values for comparisons

 migration/vmstate.c | 10 ++
 1 file changed, 10 insertions(+)



I see this as a strict improvement; though I don't know if there will be 
complaints about printing error messages instead of adding pathways for 
the Error object.


Meh. Existing errors here simply use error_report anyway, so:

Reviewed-by: John Snow 

Re: [Qemu-devel] Default CPU for NMI injection (QMP and IPMI)

[Christian Borntraeger]

On 09/27/2016 10:51 PM, Eduardo Habkost wrote:
> On Thu, Sep 22, 2016 at 02:49:35PM -0500, Corey Minyard wrote:
>> On 09/22/2016 01:42 PM, Eduardo Habkost wrote:
> [...]
>>> In the case of the inject-nmi QMP command, I need to understand
>>> what "default CPU" is supposed to mean in the inject-nmi
>>> documentation. Maybe it can be changed to use the first CPU, too
>>> (that's probably the existing behavior because there's no way to
>>> change cur_mon->mon_cpu in a QMP monitor).
>>>
>> I looked through is a bit, and the only place I found it was used was
>> the x390 code.
> 
> s390 maintainers: is the ability to send a NMI to a specific CPU
> really used in s390? The only way to use it today is to use HMP,
> so I guess no management interface really supports it.
> 
> s390-ccw is the only machine that uses the cpu_index parameter.
> If we remove it, it will allow us to simplify the code.
> Otherwise, we will need to extend the inject-nmi command to
> accept a "cpu" parameter.
> 

Doing it always on the first CPU should be ok for Linux guests.
This is wired up to a PSW restart interrupt, which has the same
handler on all CPUs. Originally it was wired up on the real 
old irons as a button, so I assume from a historical perspective
it is ok to not be able to specify the cpu number. Under z/VM it is 
possible to specify the CPU though. I will try to find out
if there is a real use case for specifying the CPU.

Christian

Re: [Qemu-devel] url http://git.qemu.org/git/qemu.git no longer works

[Jeff Cody]

On Tue, Sep 27, 2016 at 02:24:22PM -0400, James Hanley wrote:
> > On Sep 27, 2016, at 2:16 PM, Jeff Cody  wrote:
> > 
> >> On Tue, Sep 27, 2016 at 12:17:31PM -0400, James Hanley wrote:
> >>   Well - it's acting differently... It just hangs now...
> > 
> > Let it run a bit longer, it most likely is not hung, but just taking a
> > while.
> > 
> >>   but [1]http://git.qemu.org/git/dtc.git also fails:
> >> 
> >>   git clone [2]http://git.qemu.org/git/dtc.git
> >> 
> >>   Cloning into 'dtc'...
> >> 
> >>   fatal: repository '[3]http://git.qemu.org/git/dtc.git/' not found
> >> 
> >>   not sure what the problem is...
> > 
> > I see the same thing, I am looking into it.  The git:// protocol works fine,
> > but the gitweb http interface that is not working for some repos.  I'm not
> > sure if that is a new problem, or a pre-existing issue.  I'll see if I can
> > get to the bottom of it.
> > 
> > Jeff
>
> I can say that it was working Monday - I didn't do a pull yesterday.
> 
> -Jim
>

It should all be working over http:// now - a few of the bare git repos did
not have the auxiliary info files needed in them for 'dumb' servers (e.g.
http).  If you run into any other issues, just let me know.

Thanks,
Jeff

Re: [Qemu-devel] [PATCH v2 7/9] util/qht: atomically set b->hashes

[Alex Bennée]

Emilio G. Cota  writes:

> On Thu, Sep 22, 2016 at 11:13:14 +0100, Alex Bennée wrote:
>> ThreadSanitizer detects a possible race between reading/writing the
>> hashes. As ordering semantics are already documented for qht we just
>> need to ensure a race can't tear the hash value so we can use the
>> relaxed atomic_set/read functions.
>
> Just being pedantic, but I think the commit log could be improved.
> I think it would be more correct to say we're avoiding being out
> of C11's spec by using atomic_read/set, instead of tolerating concurrent
> regular loads/stores.
>
> Tearing is not really the issue, in the sense that the seqlock protects
> against that. IOW, we're not worried about tearing, we're worried about
> being out of spec, as Paolo pointed out:
>
> On Mon, Sep 19, 2016 at 20:37:06 +0200, Paolo Bonzini wrote:
>> On 19/09/2016 20:06, Emilio G. Cota wrote:
>> > On Mon, Sep 19, 2016 at 16:51:38 +0100, Alex Bennée wrote:
>> >> > ThreadSanitizer detects a possible race between reading/writing the
>> >> > hashes. As ordering semantics are already documented for qht we just
>> >> > need to ensure a race can't tear the hash value so we can use the
>> >> > relaxed atomic_set/read functions.
>> > This was discussed here:
>> >
>> > https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03658.html
>> >
>> > To reiterate: reading torn hash values is fine, since the retry will
>> > happen regardless (and all pointers[] remain valid through the RCU
>> > read-critical section).
>>
>> True, but C11 says data races are undefined, not merely unspecified.
>> seqlock-protected data requires a relaxed read and write, because they
>> are read concurrently in the read and write sides.

You are quite right. Having been in the guts of the ThreadSanitizer with
the toolchain guys I'm starting to see this is the only real way to mark
things (it doesn't actually implement stand-along barriers).

>
> Acknowledging in the commit log the tiny-yet-measurable perf hit would be
> good, too (I'd just copy the before/after results I posted).

Will do.

>
> That said,
>
>   Reviewed-by: Emilio G. Cota 
>
> Thanks,

Thnaks,


--
Alex Bennée

Re: [Qemu-devel] Default CPU for NMI injection (QMP and IPMI)

[Eduardo Habkost]

On Thu, Sep 22, 2016 at 02:49:35PM -0500, Corey Minyard wrote:
> On 09/22/2016 01:42 PM, Eduardo Habkost wrote:
[...]
> > In the case of the inject-nmi QMP command, I need to understand
> > what "default CPU" is supposed to mean in the inject-nmi
> > documentation. Maybe it can be changed to use the first CPU, too
> > (that's probably the existing behavior because there's no way to
> > change cur_mon->mon_cpu in a QMP monitor).
> > 
> I looked through is a bit, and the only place I found it was used was
> the x390 code.

s390 maintainers: is the ability to send a NMI to a specific CPU
really used in s390? The only way to use it today is to use HMP,
so I guess no management interface really supports it.

s390-ccw is the only machine that uses the cpu_index parameter.
If we remove it, it will allow us to simplify the code.
Otherwise, we will need to extend the inject-nmi command to
accept a "cpu" parameter.

-- 
Eduardo

[Qemu-devel] [PULL 19/20] target-i386: Remove has_msr_* global vars for KVM features

[Eduardo Habkost]

The global variables are not necessary because we can check KVM
feature flags in X86CPU directly.

Reviewed-by: Paolo Bonzini 
Signed-off-by: Eduardo Habkost 
---
 target-i386/kvm.c | 21 ++---
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 4046030..30b63b7 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -83,12 +83,9 @@ static bool has_msr_tsc_aux;
 static bool has_msr_tsc_adjust;
 static bool has_msr_tsc_deadline;
 static bool has_msr_feature_control;
-static bool has_msr_async_pf_en;
-static bool has_msr_pv_eoi_en;
 static bool has_msr_misc_enable;
 static bool has_msr_smbase;
 static bool has_msr_bndcfgs;
-static bool has_msr_kvm_steal_time;
 static int lm_capable_kernel;
 static bool has_msr_hv_hypercall;
 static bool has_msr_hv_crash;
@@ -754,12 +751,6 @@ int kvm_arch_init_vcpu(CPUState *cs)
 c = &cpuid_data.entries[cpuid_i++];
 c->function = KVM_CPUID_FEATURES | kvm_base;
 c->eax = env->features[FEAT_KVM];
-
-has_msr_async_pf_en = c->eax & (1 << KVM_FEATURE_ASYNC_PF);
-
-has_msr_pv_eoi_en = c->eax & (1 << KVM_FEATURE_PV_EOI);
-
-has_msr_kvm_steal_time = c->eax & (1 << KVM_FEATURE_STEAL_TIME);
 }
 
 cpu_x86_cpuid(env, 0, 0, &limit, &unused, &unused, &unused);
@@ -1639,13 +1630,13 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
 kvm_msr_entry_add(cpu, MSR_IA32_TSC, env->tsc);
 kvm_msr_entry_add(cpu, MSR_KVM_SYSTEM_TIME, env->system_time_msr);
 kvm_msr_entry_add(cpu, MSR_KVM_WALL_CLOCK, env->wall_clock_msr);
-if (has_msr_async_pf_en) {
+if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_ASYNC_PF)) {
 kvm_msr_entry_add(cpu, MSR_KVM_ASYNC_PF_EN, env->async_pf_en_msr);
 }
-if (has_msr_pv_eoi_en) {
+if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_PV_EOI)) {
 kvm_msr_entry_add(cpu, MSR_KVM_PV_EOI_EN, env->pv_eoi_en_msr);
 }
-if (has_msr_kvm_steal_time) {
+if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_STEAL_TIME)) {
 kvm_msr_entry_add(cpu, MSR_KVM_STEAL_TIME, env->steal_time_msr);
 }
 if (has_msr_architectural_pmu) {
@@ -2048,13 +2039,13 @@ static int kvm_get_msrs(X86CPU *cpu)
 #endif
 kvm_msr_entry_add(cpu, MSR_KVM_SYSTEM_TIME, 0);
 kvm_msr_entry_add(cpu, MSR_KVM_WALL_CLOCK, 0);
-if (has_msr_async_pf_en) {
+if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_ASYNC_PF)) {
 kvm_msr_entry_add(cpu, MSR_KVM_ASYNC_PF_EN, 0);
 }
-if (has_msr_pv_eoi_en) {
+if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_PV_EOI)) {
 kvm_msr_entry_add(cpu, MSR_KVM_PV_EOI_EN, 0);
 }
-if (has_msr_kvm_steal_time) {
+if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_STEAL_TIME)) {
 kvm_msr_entry_add(cpu, MSR_KVM_STEAL_TIME, 0);
 }
 if (has_msr_architectural_pmu) {
-- 
2.7.4

[Qemu-devel] [PULL 17/20] target-i386: Remove has_msr_hv_tsc global variable

[Eduardo Habkost]

The global variable is not necessary because we can check
cpu->hyperv_time directly.

We just need to ensure cpu->hyperv_time will be cleared if the
feature is not really being exposed to the guest due to missing
KVM_CAP_HYPERV_TIME capability.

Reviewed-by: Paolo Bonzini 
Signed-off-by: Eduardo Habkost 
---
 target-i386/kvm.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 031ae90..4046030 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -91,7 +91,6 @@ static bool has_msr_bndcfgs;
 static bool has_msr_kvm_steal_time;
 static int lm_capable_kernel;
 static bool has_msr_hv_hypercall;
-static bool has_msr_hv_tsc;
 static bool has_msr_hv_crash;
 static bool has_msr_hv_reset;
 static bool has_msr_hv_vpindex;
@@ -602,6 +601,11 @@ static int hyperv_handle_properties(CPUState *cs)
 X86CPU *cpu = X86_CPU(cs);
 CPUX86State *env = &cpu->env;
 
+if (cpu->hyperv_time &&
+kvm_check_extension(cs->kvm_state, KVM_CAP_HYPERV_TIME) <= 0) {
+cpu->hyperv_time = false;
+}
+
 if (cpu->hyperv_relaxed_timing) {
 env->features[FEAT_HYPERV_EAX] |= HV_X64_MSR_HYPERCALL_AVAILABLE;
 }
@@ -609,12 +613,10 @@ static int hyperv_handle_properties(CPUState *cs)
 env->features[FEAT_HYPERV_EAX] |= HV_X64_MSR_HYPERCALL_AVAILABLE;
 env->features[FEAT_HYPERV_EAX] |= HV_X64_MSR_APIC_ACCESS_AVAILABLE;
 }
-if (cpu->hyperv_time &&
-kvm_check_extension(cs->kvm_state, KVM_CAP_HYPERV_TIME) > 0) {
+if (cpu->hyperv_time) {
 env->features[FEAT_HYPERV_EAX] |= HV_X64_MSR_HYPERCALL_AVAILABLE;
 env->features[FEAT_HYPERV_EAX] |= HV_X64_MSR_TIME_REF_COUNT_AVAILABLE;
 env->features[FEAT_HYPERV_EAX] |= 0x200;
-has_msr_hv_tsc = true;
 }
 if (cpu->hyperv_crash && has_msr_hv_crash) {
 env->features[FEAT_HYPERV_EDX] |= HV_X64_GUEST_CRASH_MSR_AVAILABLE;
@@ -1683,7 +1685,7 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
 kvm_msr_entry_add(cpu, HV_X64_MSR_APIC_ASSIST_PAGE,
   env->msr_hv_vapic);
 }
-if (has_msr_hv_tsc) {
+if (cpu->hyperv_time) {
 kvm_msr_entry_add(cpu, HV_X64_MSR_REFERENCE_TSC, env->msr_hv_tsc);
 }
 if (has_msr_hv_crash) {
@@ -2087,7 +2089,7 @@ static int kvm_get_msrs(X86CPU *cpu)
 if (cpu->hyperv_vapic) {
 kvm_msr_entry_add(cpu, HV_X64_MSR_APIC_ASSIST_PAGE, 0);
 }
-if (has_msr_hv_tsc) {
+if (cpu->hyperv_time) {
 kvm_msr_entry_add(cpu, HV_X64_MSR_REFERENCE_TSC, 0);
 }
 if (has_msr_hv_crash) {
-- 
2.7.4

[Qemu-devel] [PULL 14/20] target-i386: Move xsave component mask to features array

[Eduardo Habkost]

This will reuse the existing check/enforce logic in
x86_cpu_filter_features() to check the xsave component bits
against GET_SUPPORTED_CPUID.

Reviewed-by: Richard Henderson 
Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 42 --
 target-i386/cpu.h |  3 ++-
 2 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 8bef3cf..ad09246 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -489,6 +489,18 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
 .cpuid_eax = 6, .cpuid_reg = R_EAX,
 .tcg_features = TCG_6_EAX_FEATURES,
 },
+[FEAT_XSAVE_COMP_LO] = {
+.cpuid_eax = 0xD,
+.cpuid_needs_ecx = true, .cpuid_ecx = 0,
+.cpuid_reg = R_EAX,
+.tcg_features = ~0U,
+},
+[FEAT_XSAVE_COMP_HI] = {
+.cpuid_eax = 0xD,
+.cpuid_needs_ecx = true, .cpuid_ecx = 0,
+.cpuid_reg = R_EDX,
+.tcg_features = ~0U,
+},
 };
 
 typedef struct X86RegisterInfo32 {
@@ -562,6 +574,12 @@ static uint32_t xsave_area_size(uint64_t mask)
 return ret;
 }
 
+static inline uint64_t x86_cpu_xsave_components(X86CPU *cpu)
+{
+return ((uint64_t)cpu->env.features[FEAT_XSAVE_COMP_HI]) << 32 |
+   cpu->env.features[FEAT_XSAVE_COMP_LO];
+}
+
 const char *get_register_name_32(unsigned int reg)
 {
 if (reg >= CPU_NB_REGS32) {
@@ -2514,15 +2532,15 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 }
 
 if (count == 0) {
-*ecx = xsave_area_size(env->xsave_components);
-*eax = env->xsave_components;
-*edx = env->xsave_components >> 32;
+*ecx = xsave_area_size(x86_cpu_xsave_components(cpu));
+*eax = env->features[FEAT_XSAVE_COMP_LO];
+*edx = env->features[FEAT_XSAVE_COMP_HI];
 *ebx = *ecx;
 } else if (count == 1) {
 *eax = env->features[FEAT_XSAVE];
 } else if (count < ARRAY_SIZE(x86_ext_save_areas)) {
-const ExtSaveArea *esa = &x86_ext_save_areas[count];
-if ((env->xsave_components >> count) & 1) {
+if ((x86_cpu_xsave_components(cpu) >> count) & 1) {
+const ExtSaveArea *esa = &x86_ext_save_areas[count];
 *eax = esa->size;
 *ebx = esa->offset;
 }
@@ -2957,26 +2975,22 @@ static void x86_cpu_enable_xsave_components(X86CPU *cpu)
 {
 CPUX86State *env = &cpu->env;
 int i;
+uint64_t mask;
 
 if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) {
 return;
 }
 
-env->xsave_components = (XSTATE_FP_MASK | XSTATE_SSE_MASK);
+mask = (XSTATE_FP_MASK | XSTATE_SSE_MASK);
 for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
 const ExtSaveArea *esa = &x86_ext_save_areas[i];
 if (env->features[esa->feature] & esa->bits) {
-env->xsave_components |= (1ULL << i);
+mask |= (1ULL << i);
 }
 }
 
-if (kvm_enabled()) {
-KVMState *s = kvm_state;
-uint64_t kvm_mask = kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EDX);
-kvm_mask <<= 32;
-kvm_mask |= kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EAX);
-env->xsave_components &= kvm_mask;
-}
+env->features[FEAT_XSAVE_COMP_LO] = mask;
+env->features[FEAT_XSAVE_COMP_HI] = mask >> 32;
 }
 
 #define IS_INTEL_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_INTEL_1 && \
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 6c457ed..1cb32ae 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -453,6 +453,8 @@ typedef enum FeatureWord {
 FEAT_SVM,   /* CPUID[8000_000A].EDX */
 FEAT_XSAVE, /* CPUID[EAX=0xd,ECX=1].EAX */
 FEAT_6_EAX, /* CPUID[6].EAX */
+FEAT_XSAVE_COMP_LO, /* CPUID[EAX=0xd,ECX=0].EAX */
+FEAT_XSAVE_COMP_HI, /* CPUID[EAX=0xd,ECX=0].EDX */
 FEATURE_WORDS,
 } FeatureWord;
 
@@ -1122,7 +1124,6 @@ typedef struct CPUX86State {
 uint32_t cpuid_vendor3;
 uint32_t cpuid_version;
 FeatureWordArray features;
-uint64_t xsave_components;
 uint32_t cpuid_model[12];
 
 /* MTRRs */
-- 
2.7.4

[Qemu-devel] [PULL 16/20] target-i386: Remove has_msr_hv_apic global variable

[Eduardo Habkost]

The global variable is not necessary because we can check
cpu->hyperv_vapic directly.

Reviewed-by: Paolo Bonzini 
Signed-off-by: Eduardo Habkost 
---
 target-i386/kvm.c | 8 +++-
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 5118562..031ae90 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -91,7 +91,6 @@ static bool has_msr_bndcfgs;
 static bool has_msr_kvm_steal_time;
 static int lm_capable_kernel;
 static bool has_msr_hv_hypercall;
-static bool has_msr_hv_vapic;
 static bool has_msr_hv_tsc;
 static bool has_msr_hv_crash;
 static bool has_msr_hv_reset;
@@ -609,7 +608,6 @@ static int hyperv_handle_properties(CPUState *cs)
 if (cpu->hyperv_vapic) {
 env->features[FEAT_HYPERV_EAX] |= HV_X64_MSR_HYPERCALL_AVAILABLE;
 env->features[FEAT_HYPERV_EAX] |= HV_X64_MSR_APIC_ACCESS_AVAILABLE;
-has_msr_hv_vapic = true;
 }
 if (cpu->hyperv_time &&
 kvm_check_extension(cs->kvm_state, KVM_CAP_HYPERV_TIME) > 0) {
@@ -728,7 +726,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
 if (cpu->hyperv_relaxed_timing) {
 c->eax |= HV_X64_RELAXED_TIMING_RECOMMENDED;
 }
-if (has_msr_hv_vapic) {
+if (cpu->hyperv_vapic) {
 c->eax |= HV_X64_APIC_ACCESS_RECOMMENDED;
 }
 c->ebx = cpu->hyperv_spinlock_attempts;
@@ -1681,7 +1679,7 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
 kvm_msr_entry_add(cpu, HV_X64_MSR_HYPERCALL,
   env->msr_hv_hypercall);
 }
-if (has_msr_hv_vapic) {
+if (cpu->hyperv_vapic) {
 kvm_msr_entry_add(cpu, HV_X64_MSR_APIC_ASSIST_PAGE,
   env->msr_hv_vapic);
 }
@@ -2086,7 +2084,7 @@ static int kvm_get_msrs(X86CPU *cpu)
 kvm_msr_entry_add(cpu, HV_X64_MSR_HYPERCALL, 0);
 kvm_msr_entry_add(cpu, HV_X64_MSR_GUEST_OS_ID, 0);
 }
-if (has_msr_hv_vapic) {
+if (cpu->hyperv_vapic) {
 kvm_msr_entry_add(cpu, HV_X64_MSR_APIC_ASSIST_PAGE, 0);
 }
 if (has_msr_hv_tsc) {
-- 
2.7.4

[Qemu-devel] [PULL 12/20] target-i386: xsave: Helper function to calculate xsave area size

[Eduardo Habkost]

Move the xsave area size calculation from cpu_x86_cpuid() inside
its own function. While doing it, change it to use the XSAVE area
struct sizes for the initial size, instead of the magic 0x240
number.

Reviewed-by: Richard Henderson 
Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 22 +++---
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 7e66003..9034d8e 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -548,6 +548,20 @@ static const ExtSaveArea x86_ext_save_areas[] = {
 .size = sizeof(XSavePKRU) },
 };
 
+static uint32_t xsave_area_size(uint64_t mask)
+{
+int i;
+uint64_t ret = sizeof(X86LegacyXSaveArea) + sizeof(X86XSaveHeader);
+
+for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
+const ExtSaveArea *esa = &x86_ext_save_areas[i];
+if ((mask >> i) & 1) {
+ret = MAX(ret, esa->offset + esa->size);
+}
+}
+return ret;
+}
+
 const char *get_register_name_32(unsigned int reg)
 {
 if (reg >= CPU_NB_REGS32) {
@@ -2519,13 +2533,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 }
 
 if (count == 0) {
-*ecx = 0x240;
-for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
-const ExtSaveArea *esa = &x86_ext_save_areas[i];
-if ((ena_mask >> i) & 1) {
-*ecx = MAX(*ecx, esa->offset + esa->size);
-}
-}
+*ecx = xsave_area_size(ena_mask);;
 *eax = ena_mask;
 *edx = ena_mask >> 32;
 *ebx = *ecx;
-- 
2.7.4

[Qemu-devel] [PULL 20/20] sysbus: Remove ignored return value of FindSysbusDeviceFunc

[Eduardo Habkost]

From: David Gibson 

Functions of type FindSysbusDeviceFunc currently return an integer.
However, this return value is always ignored by the caller in
find_sysbus_device().

This changes the function type to return void, to avoid confusion over
the function semantics.

Signed-off-by: David Gibson 
Reviewed-by: Eduardo Habkost 
Signed-off-by: Eduardo Habkost 
---
 hw/arm/sysbus-fdt.c| 4 ++--
 hw/core/machine.c  | 2 +-
 hw/core/platform-bus.c | 8 ++--
 hw/ppc/e500.c  | 4 +---
 hw/ppc/spapr.c | 4 +---
 include/hw/sysbus.h| 2 +-
 6 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/hw/arm/sysbus-fdt.c b/hw/arm/sysbus-fdt.c
index 5debb33..d68e3dc 100644
--- a/hw/arm/sysbus-fdt.c
+++ b/hw/arm/sysbus-fdt.c
@@ -436,7 +436,7 @@ static const NodeCreationPair add_fdt_node_functions[] = {
  * are dynamically instantiable and if so call the node creation
  * function.
  */
-static int add_fdt_node(SysBusDevice *sbdev, void *opaque)
+static void add_fdt_node(SysBusDevice *sbdev, void *opaque)
 {
 int i, ret;
 
@@ -445,7 +445,7 @@ static int add_fdt_node(SysBusDevice *sbdev, void *opaque)
 add_fdt_node_functions[i].typename)) {
 ret = add_fdt_node_functions[i].add_fdt_node_fn(sbdev, opaque);
 assert(!ret);
-return 0;
+return;
 }
 }
 error_report("Device %s can not be dynamically instantiated",
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 00fbe3e..afd84ac 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -332,7 +332,7 @@ static bool machine_get_enforce_config_section(Object *obj, 
Error **errp)
 return ms->enforce_config_section;
 }
 
-static int error_on_sysbus_device(SysBusDevice *sbdev, void *opaque)
+static void error_on_sysbus_device(SysBusDevice *sbdev, void *opaque)
 {
 error_report("Option '-device %s' cannot be handled by this machine",
  object_class_get_name(object_get_class(OBJECT(sbdev;
diff --git a/hw/core/platform-bus.c b/hw/core/platform-bus.c
index 36f84ab..329ac67 100644
--- a/hw/core/platform-bus.c
+++ b/hw/core/platform-bus.c
@@ -74,7 +74,7 @@ hwaddr platform_bus_get_mmio_addr(PlatformBusDevice *pbus, 
SysBusDevice *sbdev,
 return object_property_get_int(OBJECT(sbdev_mr), "addr", NULL);
 }
 
-static int platform_bus_count_irqs(SysBusDevice *sbdev, void *opaque)
+static void platform_bus_count_irqs(SysBusDevice *sbdev, void *opaque)
 {
 PlatformBusDevice *pbus = opaque;
 qemu_irq sbirq;
@@ -93,8 +93,6 @@ static int platform_bus_count_irqs(SysBusDevice *sbdev, void 
*opaque)
 }
 }
 }
-
-return 0;
 }
 
 /*
@@ -168,7 +166,7 @@ static void platform_bus_map_mmio(PlatformBusDevice *pbus, 
SysBusDevice *sbdev,
  * For each sysbus device, look for unassigned IRQ lines as well as
  * unassociated MMIO regions. Connect them to the platform bus if available.
  */
-static int link_sysbus_device(SysBusDevice *sbdev, void *opaque)
+static void link_sysbus_device(SysBusDevice *sbdev, void *opaque)
 {
 PlatformBusDevice *pbus = opaque;
 int i;
@@ -180,8 +178,6 @@ static int link_sysbus_device(SysBusDevice *sbdev, void 
*opaque)
 for (i = 0; sysbus_has_mmio(sbdev, i); i++) {
 platform_bus_map_mmio(pbus, sbdev, i);
 }
-
-return 0;
 }
 
 static void platform_bus_init_notify(Notifier *notifier, void *data)
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 0cd534d..cf8b122 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -196,7 +196,7 @@ static int create_devtree_etsec(SysBusDevice *sbdev, 
PlatformDevtreeData *data)
 return 0;
 }
 
-static int sysbus_device_create_devtree(SysBusDevice *sbdev, void *opaque)
+static void sysbus_device_create_devtree(SysBusDevice *sbdev, void *opaque)
 {
 PlatformDevtreeData *data = opaque;
 bool matched = false;
@@ -211,8 +211,6 @@ static int sysbus_device_create_devtree(SysBusDevice 
*sbdev, void *opaque)
  qdev_fw_name(DEVICE(sbdev)));
 exit(1);
 }
-
-return 0;
 }
 
 static void platform_bus_create_devtree(PPCE500Params *params, void *fdt,
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 9b506d5..648576e 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1110,7 +1110,7 @@ static void spapr_reallocate_hpt(sPAPRMachineState 
*spapr, int shift,
 }
 }
 
-static int find_unknown_sysbus_device(SysBusDevice *sbdev, void *opaque)
+static void find_unknown_sysbus_device(SysBusDevice *sbdev, void *opaque)
 {
 bool matched = false;
 
@@ -1123,8 +1123,6 @@ static int find_unknown_sysbus_device(SysBusDevice 
*sbdev, void *opaque)
  qdev_fw_name(DEVICE(sbdev)));
 exit(1);
 }
-
-return 0;
 }
 
 static void ppc_spapr_reset(void)
diff --git a/include/hw/sysbus.h b/include/hw/sysbus.h
index e73a5b2..e88bb6d 100644
--- a/include/hw/sysbus.h
+++ b/include/hw/sysbus.h
@@ -75,7 +75,7 @@ struct SysBusDevice {
 uint32_t pio[QDEV_MAX_PIO];
 };
 
-typedef int FindSysbusDevic