[Qemu-devel] [Bug 584514] Re: Qemu-KVM 0.12.4 Guest entered Paused State

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/584514

Title:
  Qemu-KVM 0.12.4 Guest entered Paused State

Status in QEMU:
  Expired

Bug description:
  I recently had a 0.12.4 qemu-kvm with a debian lenny guest which
  occasionally paused.

  There was no memory exhaustion as suggested earlier.

  qemu-kvm send the following output::

  VM internal error. Suberror: 1
  rax 0100 rbx 880017585bc0 rcx 7f84c6d5b000 rdx 
0001
  rsi  rdi 88001d322dec rsp 88001e133e88 rbp 
88001e133e88
  r8  01f25bc2 r9  0007 r10 7f84c6b4d97b r11 
0206
  r12 88001d322dec r13 88001d322de8 r14 0001 r15 

  rip 81039719 rflags 00010092
  cs 0010 (/ p 1 dpl 0 db 0 s 1 type b l 1 g 1 avl 0)
  ds  (/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  es  (/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  ss 0018 (/ p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
  fs  (7f84c6d53700/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  gs  (880001d0/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  tr 0040 (880001d13780/2087 p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0)
  ldt  (/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  gdt 880001d04000/7f
  idt 8195e000/fff
  cr0 80050033 cr2 7f84c6b38ec8 cr3 1db7d000 cr4 6e0 cr8 0 efer 501
  emulation failure, check dmesg for details

  Unfortunately, I found nothing in syslog or dmesg

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/584514/+subscriptions

[Qemu-devel] [Bug 589231] Re: cirrus vga is very slow in qemu-kvm-0.12

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/589231

Title:
  cirrus vga is very slow in qemu-kvm-0.12

Status in QEMU:
  Expired

Bug description:
  As has been reported multiple times (*), there were a regression in
  qemu-kvm from 0.11 to 0.12, which causes significant slowdown in
  cirrus vga emulation.  For windows guests, where "standard VGA" driver
  works reasonable well, -vga std is a good workaround. But for e.g.
  linux guests, where vesa driver is painfully slow by its own, that's
  not a solution.

  (*)
   debian qemu-kvm bug report #574988: http://bugs.debian.org/574988#17
   debian qemu bugreport (might be related): http://bugs.debian.org/575720
   kvm mailinglist thread: 
http://www.mail-archive.com/kvm@vger.kernel.org/msg33459.html
   another kvm ml thread: 
http://www.mail-archive.com/kvm@vger.kernel.org/msg32744.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/589231/+subscriptions

[Qemu-devel] [Bug 712337] Re: connecthon basic test5 failed with qemu 0.14 on Virtfs path in guest

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/712337

Title:
  connecthon basic test5 failed with qemu 0.14 on Virtfs path in guest

Status in QEMU:
  Expired

Bug description:
  connecthon basic test named test5 is failing with bigfile write failed
  bad address on .L passthru and .L mapped Virtfs path in guest. with
  fedora12

  Bug is with latest qemu-0.14.0-rc0

  connecthon tarball /root/project_CI/client/tests/connecthon/cthon04.tgz
  02/03 08:55:09 INFO |kvm_subpro:0880| 11:55:08 ERROR| [stderr]
./test5: (/root/mount3/test2011-02-0311:55) 'bigfile' write failed : Bad address
  02/03 08:55:09 INFO |kvm_subpro:0880| 11:55:08 ERROR| Test failed: Command 
<./runtests -N 100 -b -t /root/mount3/test2011-02-0311:55> failed, rc=1, 
Command returned non-zero exit status
  02/03 08:55:09 INFO |kvm_subpro:0880| * Command: 
  02/03 08:55:09 INFO |kvm_subpro:0880| ./runtests -N 100 -b -t 
/root/mount3/test2011-02-0311:55
  02/03 08:55:09 INFO |kvm_subpro:0880| Exit status: 1
  02/03 08:55:09 INFO |kvm_subpro:0880| Duration: 0
  02/03 08:55:09 INFO |kvm_subpro:0880| 
  02/03 08:55:09 INFO |kvm_subpro:0880| stdout:
  02/03 08:55:09 INFO |kvm_subpro:0880| ... Pass 1 ...
  02/03 08:55:09 INFO |kvm_subpro:0880| 
  02/03 08:55:09 INFO |kvm_subpro:0880| Starting BASIC tests: test directory 
/root/mount3/test2011-02-0311:55 (arg: -t)
  02/03 08:55:09 INFO |kvm_subpro:0880| 
  02/03 08:55:09 INFO |kvm_subpro:0880| ./test1: File and directory creation 
test
  02/03 08:55:09 INFO |kvm_subpro:0880| created 155 files 62 
directories 5 levels deep in 0.6  seconds
  02/03 08:55:09 INFO |kvm_subpro:0880| ./test1 ok.
  02/03 08:55:09 INFO |kvm_subpro:0880| 
  02/03 08:55:09 INFO |kvm_subpro:0880| ./test2: File and directory removal test
  02/03 08:55:09 INFO |kvm_subpro:0880| removed 155 files 62 
directories 5 levels deep in 0.4  seconds
  02/03 08:55:09 INFO |kvm_subpro:0880| ./test2 ok.
  02/03 08:55:09 INFO |kvm_subpro:0880| 
  02/03 08:55:09 INFO |kvm_subpro:0880| ./test3: lookups across mount point
  02/03 08:55:09 INFO |kvm_subpro:0880| 500 getcwd and stat calls in 
0.0  seconds
  02/03 08:55:09 INFO |kvm_subpro:0880| ./test3 ok.
  02/03 08:55:09 INFO |kvm_subpro:0880| 
  02/03 08:55:09 INFO |kvm_subpro:0880| ./test4: setattr, getattr, and lookup
  02/03 08:55:09 INFO |kvm_subpro:0880| 1000 chmods and stats on 10 
files in 0.24 seconds
  02/03 08:55:09 INFO |kvm_subpro:0880| ./test4 ok.
  02/03 08:55:09 INFO |kvm_subpro:0880| 
  02/03 08:55:09 INFO |kvm_subpro:0880| ./test5: read and write
  02/03 08:55:09 INFO |kvm_subpro:0880| basic tests failed
  02/03 08:55:09 INFO |kvm_subpro:0880| stderr:
  02/03 08:55:09 INFO |kvm_subpro:0880| ./test5: 
(/root/mount3/test2011-02-0311:55) 'bigfile' write failed : Bad address
  02/03 08:55:09 INFO |kvm_subpro:0880| 11:55:08 INFO | Test finished after 1 
iterations.
  02/03 08:55:10 INFO |kvm_subpro:0880| 11:55:09 ERROR| child process failed
  02/03 08:55:10 INFO |kvm_subpro:0880| 11:55:09 INFO | FAIL
connecthon.itera-pass-dotl-100-test-bt  connecthon.itera-pass-dotl-100-test-bt  
timestamp=1296752109

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/712337/+subscriptions

[Qemu-devel] [Resend PATCH] The QEMU crashes since invoking qemu_thread_set_name(), the backtrace is:

[zhanghailiang]

From: Caoxinhua 

(gdb) bt
#0 0x7f9a68b095d7 in __GI_raise (sig=sig@entry=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x7f9a68b0acc8 in __GI_abort () at abort.c:90
#2 0x7f9a69cda389 in PAT_abort () from /usr/lib64/libuvpuserhotfix.so
#3 0x7f9a69cdda0d in patchIllInsHandler () from 
/usr/lib64/libuvpuserhotfix.so
#4 
#5 pthread_setname_np (th=140298470549248, name=name@entry=0x8cc74a 
"io-task-worker") at ../nptl/sysdeps/unix/sysv/linux/pthread_setname.c:49
#6 0x007f5f20 in qemu_thread_set_name 
(thread=thread@entry=0x7ffd2ac09680, name=name@entry=0x8cc74a "io-task-worker") 
at util/qemu_thread_posix.c:459
#7 0x007f679e in qemu_thread_create 
(thread=thread@entry=0x7ffd2ac09680, name=name@entry=0x8cc74a 
"io-task-worker",start_routine=start_routine@entry=0x7c1300 
, arg=arg@entry=0x7f99b8001720, mode=mode@entry=1) at 
util/qemu_thread_posix.c:498
#8 0x007c15b6 in qio_task_run_in_thread 
(task=task@entry=0x7f99b80033d0, worker=worker@entry=0x7bd920 
, opaque=0x7f99b8003370, destroy=0x7c6220 
) at io/task.c:133
#9 0x007bda04 in qio_channel_socket_connect_async (ioc=0x7f99b80014c0, 
addr=0x37235d0, callback=callback@entry=0x54ad00 , 
opaque=opaque@entry=0x38118b0, destroy=destroy@entry=0x0) at 
io/channel_socket.c:191
#10 0x005487f6 in socket_reconnect_timeout (opaque=0x38118b0) at 
qemu_char.c:4402
#11 0x7f9a6a1533b3 in g_timeout_dispatch () from /usr/lib64/libglib-2.0.so.0
#12 0x7f9a6a15299a in g_main_context_dispatch () from 
/usr/lib64/libglib-2.0.so.0
#13 0x00747386 in glib_pollfds_poll () at main_loop.c:227
#14 0x00747424 in os_host_main_loop_wait (timeout=40400) at 
main_loop.c:272
#15 0x00747575 in main_loop_wait (nonblocking=nonblocking@entry=0) at 
main_loop.c:520
#16 0x00557d31 in main_loop () at vl.c:2170
#17 0x0041c8b7 in main (argc=, argv=, 
envp=) at vl.c:5083

That's because the corresponding child thread has been exited before the main 
thread calling qemu_thread_set_name().
Let's detach the thread after calling qemu_thread_set_name().

Signed-off-by: Caoxinhua 
---
 util/qemu-thread-posix.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
index d20cdde..d31793d 100644
--- a/util/qemu-thread-posix.c
+++ b/util/qemu-thread-posix.c
@@ -481,12 +481,6 @@ void qemu_thread_create(QemuThread *thread, const char 
*name,
 if (err) {
 error_exit(err, __func__);
 }
-if (mode == QEMU_THREAD_DETACHED) {
-err = pthread_attr_setdetachstate(, PTHREAD_CREATE_DETACHED);
-if (err) {
-error_exit(err, __func__);
-}
-}
 
 /* Leave signal handling to the iothread.  */
 sigfillset();
@@ -499,6 +493,12 @@ void qemu_thread_create(QemuThread *thread, const char 
*name,
 qemu_thread_set_name(thread, name);
 }
 
+if (mode == QEMU_THREAD_DETACHED) {
+err = pthread_detach(thread->thread);
+if (err) {
+error_exit(err, __func__);
+}
+}
 pthread_sigmask(SIG_SETMASK, , NULL);
 
 pthread_attr_destroy();
-- 
1.8.3.1

Re: [Qemu-devel] vfio/pci: guest error recovery proposal

[Cao jin]

On 12/16/2016 07:02 AM, Michael S. Tsirkin wrote:
> 
>>  1) We need to do the right thing for the guest, I don't think we
>> should be presuming that different reset types are equivalent,
>> leaving gaps where we expect the guest/host to do a reset and don't
>> follow through on other reset requests, and we need to notify the
>> guest immediately for the error.
> c>  2) We need to do the right thing for the host, that means we should
>> not give the user the opportunity to leave a device in a state
>> where we haven't at least performed a bus reset on link error (this
>> may be our current state and if so we should fix it).
> 
> Ok so here is a concrete proposal for improving guest device error
> recovery (1).  This is not trying to fix current bugs for 2, but
> also does not lock us into not fixing them.
> 
> I'll write up proposal for (2) but I feel we can't properly
> fix host without fixing (1) first and without breaking compatibility.
> 
> Background:
> 
> non-fatal errors:
> 
> - These errors are due to data link problems.
>   The problem is that a transaction was lost, so driver and device are
>   out of sync. Device reset is in theory enough to recover from these,
>   in practice some drivers might try to do link level reset instead.
> 
> 
> fatal errors:
> 
> - These errors are due to physical problems.
>   The problem is that a transaction was lost, so driver and device are
>   out of sync. Link reset might be necessary to recover from these,
>   sometimes device reset might be enough for very simple devices.
>   If a link above the device reports errors, device might have went away,
>   link reset is the only thing that might being it back.
> 
> current behaviour:
> 
> - vfio will always report that it recovered function from an error.
> - whether link reset will trigger depends on whether any other
>   function on the same link has a host driver that reports an error.
> - also, if there's a host driver that can't handle errors,
>   link reset will never trigger
> 
> 
> proposed enhancement:
> 
> 1- allow userspace to request reporting non fatal/fatal errors separately
> 2- report errors on monitor as events as well
> 3- forward correct error type to guest
> 4- set link error flag in userspace (this is optional, used for 5 below)
> 5- if guest requests link reset, and error flag is set,
>   stop vm (I hope we can distinguish this
>   from resets that happen on reboot here.
>   if yes we might not need error flag in 4 above)
> 

Hi,

I have a question about vm stop on fatal error.
Recently, When test my patches, I often saw fatal error(Malformed TLP
Status) happens, which disturbed my test. So I am wondering: why vm stop
is a better choice than qdev_unplug? Although we told user "Please
collect any data possible and then kill the guest", I still don't know
how to save any possible data. For example, if user is editing document,
vm_stop caused by a device fatal error will destroy user's effort.

-- 
Sincerely,
Cao jin
> 
> Results:
> The advantage of this is that we don't need to manage any state at all.
> Most drivers will handle non fatal errors by FLR and will recover fine.
> Drivers that attempt link reset will get vmstop which is not
> worse than what we have now.
> 
> I don't see how this can break any reasonable configuration
> that is not already broken, but we might want a flag
> to suppress aer reports to guest and just do vmstop
> unconditionally.
> Alternatively, management can pause vm itself when it sees the error.
> 
> 
> Pls remember to Cc qemu list on discussion, not just kvm.
> 

Re: [Qemu-devel] [PULL 0/4] cryptodev patches

[Gonglei (Arei)]

>
> From: Peter Maydell [mailto:peter.mayd...@linaro.org]
> Sent: Wednesday, December 28, 2016 1:29 AM
> To: Gonglei (Arei)
> Cc: QEMU Developers
> Subject: Re: [PULL 0/4] cryptodev patches
> 
> On 24 December 2016 at 06:12, Gonglei  wrote:
> > The following changes since commit
> a470b33259bf82ef2336bfcd5d07640562d3f63b:
> >
> >   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into
> staging (2016-12-22 19:23:51 +)
> >
> > are available in the git repository at:
> >
> >
> >   https://github.com/gongleiarei/qemu.git tags/cryptodev-next-20161224
> >
> > for you to fetch changes up to
> 48ae36c0ad16bb757d4f6e243b8e9072fc8e8c8e:
> >
> >   cryptodev: add 3des-ede support (2016-12-24 13:46:27 +0800)
> >
> > 
> > - add xts mode support
> > - add 3DES algorithm support
> > - other trivial fixes
> >
> > 
> > Longpeng(Mike) (4):
> >   cryptodev: fix the check of aes algorithm
> >   cryptodev: add xts(aes) support
> >   cryptodev: remove single-DES support in cryptodev
> >   cryptodev: add 3des-ede support
> >
> >  backends/cryptodev-builtin.c | 65
> ++---
> >  1 file changed, 50 insertions(+), 15 deletions(-)
> 
> Hi. This pull request does not appear to be signed by the GPG
> key that I have on record for you, and the key it is signed
> by seems to be only self-signed and not signed by anybody
> else...
> 
Sorry about that. Actually I had pushed the key to public key server.
I can search my key in the web site, pls see:

http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex=on=0x2ED7FDE9063C864D

How do I do now? Thanks!

Regards,
-Gonglei

Re: [Qemu-devel] [Nbd] [PATCH] Further tidy-up on block status

[Wouter Verhelst]

Hi Vladimir,

On Mon, Dec 26, 2016 at 05:52:54PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> Shouldn't we add some flags to REP_META_CONTEXT, for client to be insure, is
> returned string a direct context name or some kind of wildcard? Just a flags
> field, with one flag defined for now: NBD_REP_META_CONTEXT_LEAF and others
> reserved.

I think it should be up to the metadata context namespace definition to
define which syntax represents a direct context name and which
represents a wildcard (if the latter are supported).

A client which doesn't know what a given metadata context implements
can't reasonably ask for information from that context anyway (since
then the client wouldn't know what to do with the returned information),
so it doesn't help much to add a flag here.

-- 
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
   people in the world who think they really understand all of its rules,
   and pretty much all of them are just lying to themselves too.
 -- #debian-devel, OFTC, 2016-02-12

[Qemu-devel] [PATCH] hw/dma: Fix dead code in pl080.c

[Sergio Andrés Gómez Del Real]

The patch fixes dead code in pl080_read() and pl080_write() as reported
in bug #1637974. According to ARM's official Technical Reference Manual,
offsets handled by the switch statement are 0x100, 0x104, 0x108, 0x10C
and 0x110, so the solution suggested by the guy who reported the bug is
right.

Signed-off-by: Sergio Andrés Gómez Del Real 
---
 hw/dma/pl080.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
index 7724c93..3b0c20b 100644
--- a/hw/dma/pl080.c
+++ b/hw/dma/pl080.c
@@ -255,7 +255,7 @@ static uint64_t pl080_read(void *opaque, hwaddr offset,
 i = (offset & 0xe0) >> 5;
 if (i >= s->nchannels)
 goto bad_offset;
-switch (offset >> 2) {
+switch ((offset - 0x100) >> 2) {
 case 0: /* SrcAddr */
 return s->chan[i].src;
 case 1: /* DestAddr */
@@ -316,7 +316,7 @@ static void pl080_write(void *opaque, hwaddr offset,
 i = (offset & 0xe0) >> 5;
 if (i >= s->nchannels)
 goto bad_offset;
-switch (offset >> 2) {
+switch ((offset - 0x100) >> 2) {
 case 0: /* SrcAddr */
 s->chan[i].src = value;
 break;
-- 
2.10.2

Re: [Qemu-devel] Question - Is precise assembly code transpilation possible?

[Peter Maydell]

On 27 December 2016 at 21:45, Adeel Mujahid  wrote:
> For instance, consider a C/C++ project with couple of .asm/.S files
> containing Intel or ATT flavored assembly code for AMD64, and the
> aim is to port to AARCH64 -- is it even a deterministic problem
> to transpile precise and bug free AARCH64 assembly code, given the
> full usage context and all code paths at our disposal?

I don't think this approach is likely to produce useful results.
Generally the reason for some code being in assembly is because
it is a critical path for the program and has to execute as
fast as possible. If you try to automatedly translate that to
a different instruction set (with QEMU or otherwise) you will
produce output which is slower than it should be, because it
has to reproduce all the effects of the original code (like
setting flags correctly, getting the right floating point
results, etc).

If you want something that will work on any host architecture
(at the cost of being slightly slow) you should write a C
language version of the assembly code as a fallback path,
or even as the only code path. The C code can then correctly
express what the code actually requires (with no unwanted
side effects like having to set flags, etc) and the compiler
can produce good native code.
(This is useful anyway for testing whether the native assembly
version is broken.)

If the codepath is sufficiently hot that a native assembly
version is absolutely needed, then there is no substitute
for a real human doing the work, possibly starting from what
the C compiler produced. The oddities of different architecture
instruction sets (like how their SIMD works, whether they have
custom instructions for particular operations, etc) are not
something that's really possible for automatic code generation
to make full use of. (If it were possible, you could just
do that in the C compiler back end and write the code in C
in the first place.)

TLDR: doing C -> asm (with the C compiler) will get you
much better quality code than trying to do asm -> asm
with any kind of JIT/emulator like QEMU.

thanks
-- PMM

Re: [Qemu-devel] [Qemu-ppc] PowerPC question

[Peter Maydell]

On 27 December 2016 at 19:50, Дмитрий Смирнов  wrote:
> I haven't tried QEMU 2.8.0, because the job-task requires use QEMU 2.5.1.1.
> So I need to decide this problem on 2.5.1.1 version:(

You haven't really explained what the job-task is or why
it requires 2.5.1.1 in particular. Does this RTOS not work
on more recent versions?

That said, it looks like QEMU has supported displaying
the DECR value in the monitor 'info registers' command
for a very long time, so it probably should work in 2.5.
Could you say clearly:
 * what monitor command you're trying
 * what output it gives
 * why you think that's not right and what the output should be
?

thanks
-- PMM

[Qemu-devel] Question - Is precise assembly code transpilation possible?

[Adeel Mujahid]

Hello,


[sorry in advance -- this is bit of an off-topic / academic question w.r.t 
qemu-devel]


Given the userspace virtualization capability of qemu, is it possible to ship 
the code that deals with source-to-source mapping of assembly code (say MIPS64 
<-> AMD64) as a separate library, so we can potentially build assembly language 
converter utility?


For instance, consider a C/C++ project with couple of .asm/.S files containing 
Intel or ATT flavored assembly code for AMD64, and the aim is to port to 
AARCH64 -- is it even a deterministic problem to transpile precise and bug free 
AARCH64 assembly code, given the full usage context and all code paths at our 
disposal? In my understanding, qemu is doing something very similar; but I am 
not sure as there might be missing optimization opportunities, which render 
machine converted asm code less likely to match the one hand-roled by humans.


To this date, there are not many tools for assembly language, that convert 
between different dialects (ATT to Intel) or various architecture instruction 
sets. I have heard that LLVM has certain project, which aim to convert asmA -> 
via IR -> asmB but I haven't found it yet.


-- best

Adeel

Re: [Qemu-devel] [PATCH] hw/dma: Fix dead code in pl080.c

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Message-id: 20161227165947.20184-1-sergio.g.delr...@gmail.com
Type: series
Subject: [Qemu-devel] [PATCH] hw/dma: Fix dead code in pl080.c

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20161227165947.20184-1-sergio.g.delr...@gmail.com 
-> patchew/20161227165947.20184-1-sergio.g.delr...@gmail.com
Switched to a new branch 'test'
682cfa2 hw/dma: Fix dead code in pl080.c

=== OUTPUT BEGIN ===
Checking PATCH 1/1: hw/dma: Fix dead code in pl080.c...
ERROR: spaces required around that '-' (ctx:VxV)
#28: FILE: hw/dma/pl080.c:258:
+switch ((offset-0x100) >> 2) {
^

ERROR: spaces required around that '-' (ctx:VxV)
#37: FILE: hw/dma/pl080.c:319:
+switch ((offset-0x100) >> 2) {
^

total: 2 errors, 0 warnings, 16 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [Qemu-ppc] PowerPC question

[Дмитрий Смирнов]

I haven't tried QEMU 2.8.0, because the job-task requires use QEMU 2.5.1.1.
So I need to decide this problem on 2.5.1.1 version:(

2016-12-27 22:32 GMT+03:00 Programmingkid :

> I experience a similar situation with ReactOS. Have you tried it in QEMU
> 2.8.0 yet? If you haven't, it is possible the RealTime-OS might work.
>
> On Dec 27, 2016, at 2:25 PM, Дмитрий Смирнов wrote:
>
> > An old RealTime-OS. The requirements -- use QEMU 2.5.1.1
> >
> > 2016-12-27 22:18 GMT+03:00 Programmingkid :
> >
> > On Dec 27, 2016, at 2:16 PM, Дмитрий Смирнов wrote:
> >
> > > Unfortunately, I have to use version 2.5.1.1. Can I do something in
> this case?
> >
> > Why do you need to use it? What is the guest operating system you are
> using? Version 2.8 has a lot more bug fixes in it. You might find it easier
> to use.
> >
> > >
> > > 2016-12-27 22:01 GMT+03:00 G 3 :
> > > The version of qemu-system-ppc you are using is kind of old. Version
> 2.8.0 is the newest version. I suggest trying the newest version before
> trying to fix a broken feature in an older version.
> > >
> > > http://wiki.qemu.org/Download
> > >
> > >
> > > On Dec 27, 2016, at 1:57 PM, Дмитрий Смирнов wrote:
> > >
> > > qemu-system-ppc version: 2.5.1.1
> > >
> > > Ubuntu 14.04
> > > gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
> > > GTK 2.0, libsdl1.2-dev
> > > ./configure --target-list="ppc-softmmu" --disable-xfsctl
> > >
> > > By zero meaning, do you mean this: decr = 0
> > > Yes.
> > >
> > >
> > > 2016-12-27 21:16 GMT+03:00 G 3 :
> > > When I type 'info registers', I see 'DECR 3919147695' at the top of
> the screen, so it appears to be working. I think we need more information
> from you.
> > >
> > > qemu-system-ppc version:
> > >
> > > gcc version (gcc -v):
> > >
> > > Host info: Ubuntu 
> > >
> > > Front-end (GTK, SDL, ...):
> > >
> > > Compile command: ./configure 
> > >
> > > Note: please respond to this email with "reply all". That way everyone
> can try to help you.
> > >
> > > On Dec 27, 2016, at 1:06 PM, Дмитрий Смирнов wrote:
> > >
> > > All the registers, which are printing with 'info registers', dump to
> file before (./target-ppc/translate.c), but there is no SPR_DECR.
> > > I tried to add in 'translate.c' and ./monitor.c some code (print of
> cpu_ppc_load_decr(env), print of env->spr[SPR_DECR]), but I have zero
> meaning. Also I tried 'p $decr' with the same answer.
> > >
> > > By zero meaning, do you mean this: decr = 0
> > >
> > > Maybe I have this problem, because I using VirtualBox->Ubuntu->Qemu?
> > >
> > > This should not be a problem. An emulator can run anywhere.
> > >
> > >
> > > 2016-12-27 18:52 GMT+03:00 G 3 :
> > >
> > >
> > > On Dec 27, 2016, at 10:38 AM, qemu-ppc-requ...@nongnu.org wrote:
> > >
> > > Hello, devs!
> > >
> > > I'm using ppc-softmmu target, and in my qemu monitor I need to print
> the
> > > SPR_DECR meaning, but I don't understand how.
> > > Could anyone help me with my problem?
> > >
> > > Best regards!
> > >
> > > I think you want to try the 'info registers' command in the monitor.
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
>
>

Re: [Qemu-devel] [Qemu-ppc] PowerPC question

[Дмитрий Смирнов]

An old RealTime-OS. The requirements -- use QEMU 2.5.1.1

2016-12-27 22:18 GMT+03:00 Programmingkid :

>
> On Dec 27, 2016, at 2:16 PM, Дмитрий Смирнов wrote:
>
> > Unfortunately, I have to use version 2.5.1.1. Can I do something in this
> case?
>
> Why do you need to use it? What is the guest operating system you are
> using? Version 2.8 has a lot more bug fixes in it. You might find it easier
> to use.
>
> >
> > 2016-12-27 22:01 GMT+03:00 G 3 :
> > The version of qemu-system-ppc you are using is kind of old. Version
> 2.8.0 is the newest version. I suggest trying the newest version before
> trying to fix a broken feature in an older version.
> >
> > http://wiki.qemu.org/Download
> >
> >
> > On Dec 27, 2016, at 1:57 PM, Дмитрий Смирнов wrote:
> >
> > qemu-system-ppc version: 2.5.1.1
> >
> > Ubuntu 14.04
> > gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
> > GTK 2.0, libsdl1.2-dev
> > ./configure --target-list="ppc-softmmu" --disable-xfsctl
> >
> > By zero meaning, do you mean this: decr = 0
> > Yes.
> >
> >
> > 2016-12-27 21:16 GMT+03:00 G 3 :
> > When I type 'info registers', I see 'DECR 3919147695' at the top of the
> screen, so it appears to be working. I think we need more information from
> you.
> >
> > qemu-system-ppc version:
> >
> > gcc version (gcc -v):
> >
> > Host info: Ubuntu 
> >
> > Front-end (GTK, SDL, ...):
> >
> > Compile command: ./configure 
> >
> > Note: please respond to this email with "reply all". That way everyone
> can try to help you.
> >
> > On Dec 27, 2016, at 1:06 PM, Дмитрий Смирнов wrote:
> >
> > All the registers, which are printing with 'info registers', dump to
> file before (./target-ppc/translate.c), but there is no SPR_DECR.
> > I tried to add in 'translate.c' and ./monitor.c some code (print of
> cpu_ppc_load_decr(env), print of env->spr[SPR_DECR]), but I have zero
> meaning. Also I tried 'p $decr' with the same answer.
> >
> > By zero meaning, do you mean this: decr = 0
> >
> > Maybe I have this problem, because I using VirtualBox->Ubuntu->Qemu?
> >
> > This should not be a problem. An emulator can run anywhere.
> >
> >
> > 2016-12-27 18:52 GMT+03:00 G 3 :
> >
> >
> > On Dec 27, 2016, at 10:38 AM, qemu-ppc-requ...@nongnu.org wrote:
> >
> > Hello, devs!
> >
> > I'm using ppc-softmmu target, and in my qemu monitor I need to print the
> > SPR_DECR meaning, but I don't understand how.
> > Could anyone help me with my problem?
> >
> > Best regards!
> >
> > I think you want to try the 'info registers' command in the monitor.
> >
> >
> >
> >
> >
> >
>
>

[Qemu-devel] [PATCH] hw/dma: Fix dead code in pl080.c

[Sergio Andrés Gómez Del Real]

The patch fixes dead code in pl080_read() and pl080_write() as reported
in bug #1637974. According to ARM's official Technical Reference Manual,
offsets handled by the switch statement are 0x100, 0x104, 0x108, 0x10C
and 0x110, so the solution suggested by the guy who reported the bug is
right.

Signed-off-by: Sergio Andrés Gómez Del Real 
---
 hw/dma/pl080.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
index 7724c93..8f34f24 100644
--- a/hw/dma/pl080.c
+++ b/hw/dma/pl080.c
@@ -255,7 +255,7 @@ static uint64_t pl080_read(void *opaque, hwaddr offset,
 i = (offset & 0xe0) >> 5;
 if (i >= s->nchannels)
 goto bad_offset;
-switch (offset >> 2) {
+switch ((offset-0x100) >> 2) {
 case 0: /* SrcAddr */
 return s->chan[i].src;
 case 1: /* DestAddr */
@@ -316,7 +316,7 @@ static void pl080_write(void *opaque, hwaddr offset,
 i = (offset & 0xe0) >> 5;
 if (i >= s->nchannels)
 goto bad_offset;
-switch (offset >> 2) {
+switch ((offset-0x100) >> 2) {
 case 0: /* SrcAddr */
 s->chan[i].src = value;
 break;
-- 
2.10.2

Re: [Qemu-devel] [Qemu-ppc] PowerPC question

[Дмитрий Смирнов]

qemu-system-ppc version: 2.5.1.1

Ubuntu 14.04
gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
GTK 2.0, libsdl1.2-dev
./configure --target-list="ppc-softmmu" --disable-xfsctl

By zero meaning, do you mean this: decr = 0

Yes.


2016-12-27 21:16 GMT+03:00 G 3 :

> When I type 'info registers', I see 'DECR 3919147695' at the top of the
> screen, so it appears to be working. I think we need more information from
> you.
>
> qemu-system-ppc version:
>
> gcc version (gcc -v):
>
> Host info: Ubuntu 
>
> Front-end (GTK, SDL, ...):
>
> Compile command: ./configure 
>
> Note: please respond to this email with "reply all". That way everyone can
> try to help you.
>
> On Dec 27, 2016, at 1:06 PM, Дмитрий Смирнов wrote:
>
> All the registers, which are printing with 'info registers', dump to file
>> before (./target-ppc/translate.c), but there is no SPR_DECR.
>> I tried to add in 'translate.c' and ./monitor.c some code (print of
>> cpu_ppc_load_decr(env), print of env->spr[SPR_DECR]), but I have zero
>> meaning. Also I tried 'p $decr' with the same answer.
>>
>
> By zero meaning, do you mean this: decr = 0
>
> Maybe I have this problem, because I using VirtualBox->Ubuntu->Qemu?
>>
>
> This should not be a problem. An emulator can run anywhere.
>
>
>> 2016-12-27 18:52 GMT+03:00 G 3 :
>>
>>
>> On Dec 27, 2016, at 10:38 AM, qemu-ppc-requ...@nongnu.org wrote:
>>
>> Hello, devs!
>>
>> I'm using ppc-softmmu target, and in my qemu monitor I need to print the
>> SPR_DECR meaning, but I don't understand how.
>> Could anyone help me with my problem?
>>
>> Best regards!
>>
>> I think you want to try the 'info registers' command in the monitor.
>>
>>
>
>

Re: [Qemu-devel] [Qemu-ppc] PowerPC question

[Дмитрий Смирнов]

Unfortunately, I have to use version 2.5.1.1. Can I do something in this
case?

2016-12-27 22:01 GMT+03:00 G 3 :

> The version of qemu-system-ppc you are using is kind of old. Version 2.8.0
> is the newest version. I suggest trying the newest version before trying to
> fix a broken feature in an older version.
>
> http://wiki.qemu.org/Download
>
>
> On Dec 27, 2016, at 1:57 PM, Дмитрий Смирнов wrote:
>
> qemu-system-ppc version: 2.5.1.1
>>
>> Ubuntu 14.04
>> gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
>> GTK 2.0, libsdl1.2-dev
>> ./configure --target-list="ppc-softmmu" --disable-xfsctl
>>
>> By zero meaning, do you mean this: decr = 0
>> Yes.
>>
>>
>> 2016-12-27 21:16 GMT+03:00 G 3 :
>> When I type 'info registers', I see 'DECR 3919147695' at the top of the
>> screen, so it appears to be working. I think we need more information from
>> you.
>>
>> qemu-system-ppc version:
>>
>> gcc version (gcc -v):
>>
>> Host info: Ubuntu 
>>
>> Front-end (GTK, SDL, ...):
>>
>> Compile command: ./configure 
>>
>> Note: please respond to this email with "reply all". That way everyone
>> can try to help you.
>>
>> On Dec 27, 2016, at 1:06 PM, Дмитрий Смирнов wrote:
>>
>> All the registers, which are printing with 'info registers', dump to file
>> before (./target-ppc/translate.c), but there is no SPR_DECR.
>> I tried to add in 'translate.c' and ./monitor.c some code (print of
>> cpu_ppc_load_decr(env), print of env->spr[SPR_DECR]), but I have zero
>> meaning. Also I tried 'p $decr' with the same answer.
>>
>> By zero meaning, do you mean this: decr = 0
>>
>> Maybe I have this problem, because I using VirtualBox->Ubuntu->Qemu?
>>
>> This should not be a problem. An emulator can run anywhere.
>>
>>
>> 2016-12-27 18:52 GMT+03:00 G 3 :
>>
>>
>> On Dec 27, 2016, at 10:38 AM, qemu-ppc-requ...@nongnu.org wrote:
>>
>> Hello, devs!
>>
>> I'm using ppc-softmmu target, and in my qemu monitor I need to print the
>> SPR_DECR meaning, but I don't understand how.
>> Could anyone help me with my problem?
>>
>> Best regards!
>>
>> I think you want to try the 'info registers' command in the monitor.
>>
>>
>>
>>
>>
>

Re: [Qemu-devel] [PATCH v4] qqq: module for synchronizing with a simulation clock

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Message-id: 1482869621-24808-1-git-send-email-nutar...@ornl.gov
Type: series
Subject: [Qemu-devel] [PATCH v4] qqq: module for synchronizing with a 
simulation clock

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] 
patchew/1482869621-24808-1-git-send-email-nutar...@ornl.gov -> 
patchew/1482869621-24808-1-git-send-email-nutar...@ornl.gov
Switched to a new branch 'test'
62b7e47 qqq: module for synchronizing with a simulation clock

=== OUTPUT BEGIN ===
Checking PATCH 1/1: qqq: module for synchronizing with a simulation clock...
ERROR: spaces required around that '-' (ctx:VxV)
#197: FILE: include/qemu/timer.h:816:
+return ((tv.tv_sec * 10LL + (tv.tv_usec * 1000))-get_iced_ns());
 ^

ERROR: return is not a function, parentheses are not required
#197: FILE: include/qemu/timer.h:816:
+return ((tv.tv_sec * 10LL + (tv.tv_usec * 1000))-get_iced_ns());

ERROR: spaces required around that '-' (ctx:VxV)
#210: FILE: include/qemu/timer.h:845:
+return (ts.tv_sec * 10LL + ts.tv_nsec)-get_iced_ns();
   ^

ERROR: suspect code indent for conditional statements (4, 9)
#218: FILE: include/qemu/timer.h:896:
+if (ticks_is_frozen() > 0) {
+ return ticks_is_frozen();

ERROR: spaces required around that '-' (ctx:VxV)
#223: FILE: include/qemu/timer.h:900:
+return val-get_iced_ticks();
   ^

ERROR: suspect code indent for conditional statements (4, 9)
#231: FILE: include/qemu/timer.h:909:
+if (ticks_is_frozen() > 0) {
+ return ticks_is_frozen();

ERROR: spaces required around that '-' (ctx:VxV)
#239: FILE: include/qemu/timer.h:916:
+return val-get_iced_ticks();
   ^

ERROR: suspect code indent for conditional statements (4, 9)
#247: FILE: include/qemu/timer.h:933:
+if (ticks_is_frozen() > 0) {
+ return ticks_is_frozen();

ERROR: spaces required around that '-' (ctx:VxV)
#252: FILE: include/qemu/timer.h:937:
+return val-get_iced_ticks();
   ^

ERROR: do not initialise statics to 0 or NULL
#349: FILE: qqq.c:15:
+static bool enabled = false, syncing = false;

ERROR: do not use C99 // comments
#350: FILE: qqq.c:16:
+static int elapsed; // This must be zero on initialization

ERROR: trailing whitespace
#405: FILE: qqq.c:71:
+if (time_advance < 0) $

ERROR: braces {} are necessary for all arms of this statement
#405: FILE: qqq.c:71:
+if (time_advance < 0) 
[...]

WARNING: line over 80 characters
#425: FILE: qqq.c:91:
+/* Set the sync flag that will cause the vcpu to wait for 
synchronization

total: 13 errors, 1 warnings, 519 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PATCH v4] qqq: module for synchronizing with a simulation clock

[James J. Nutaro]

This patch adds an interface for pacing the execution of QEMU to match
an external simulation clock. Its aim is to permit QEMU to be used
as a module within a larger simulation system.

Signed-off-by: James J. Nutaro 
---
 Makefile.objs|   1 +
 Makefile.target  |   3 +
 cpus.c   |   8 +++
 docs/simulation-sync.txt |  59 +++
 freezer.c|  43 ++
 include/qemu/timer.h |  36 ++--
 include/sysemu/cpus.h|   1 +
 kvm-all.c|  14 +
 qemu-options.hx  |  16 +
 qqq.c| 150 +++
 qqq.h|  37 
 vl.c |  32 ++
 12 files changed, 394 insertions(+), 6 deletions(-)
 create mode 100644 docs/simulation-sync.txt
 create mode 100644 freezer.c
 create mode 100644 qqq.c
 create mode 100644 qqq.h

diff --git a/Makefile.objs b/Makefile.objs
index 51c36a4..31fa777 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -3,6 +3,7 @@
 stub-obj-y = stubs/ crypto/
 util-obj-y = util/ qobject/ qapi/
 util-obj-y += qmp-introspect.o qapi-types.o qapi-visit.o qapi-event.o
+util-obj-y += freezer.o
 
 ###
 # block-obj-y is code used by both qemu system emulation and qemu-img
diff --git a/Makefile.target b/Makefile.target
index 8ae82cb..0a08fd3 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -145,6 +145,9 @@ obj-y += dump.o
 obj-y += migration/ram.o migration/savevm.o
 LIBS := $(libs_softmmu) $(LIBS)
 
+# qqq support
+obj-y += qqq.o
+
 # xen support
 obj-$(CONFIG_XEN) += xen-common.o
 obj-$(CONFIG_XEN_I386) += xen-hvm.o xen-mapcache.o
diff --git a/cpus.c b/cpus.c
index 5213351..8a98d7f 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1688,3 +1688,11 @@ void dump_drift_info(FILE *f, fprintf_function 
cpu_fprintf)
 cpu_fprintf(f, "Max guest advance   NA\n");
 }
 }
+
+void kick_all_vcpus(void)
+{
+CPUState *cpu;
+CPU_FOREACH(cpu) {
+qemu_cpu_kick(cpu);
+}
+}
diff --git a/docs/simulation-sync.txt b/docs/simulation-sync.txt
new file mode 100644
index 000..e59b731
--- /dev/null
+++ b/docs/simulation-sync.txt
@@ -0,0 +1,59 @@
+= Synchronizing the virtual clock with an external source =
+
+QEMU has a protocol for synchronizing its virtual clock
+with the clock of a simulator in which QEMU is embedded
+as a component. This options is enabled with the -qqq
+argument, and it should generally be accompanied by the
+following additional command line arguments:
+
+-icount 1,sleep=off -rtc clock=vm
+
+The -qqq argument is used to supply file descriptors
+for two Unix pipes. The read pipe is used by QEMU to
+receive synchronization data from the external simulator.
+The write pipe is used by QEMU to supply synchronization
+data to the external emulator. The typical procedure for
+launching QEMU in is synchronization mode has three steps:
+
+(1) Create two pairs of pipes with the Linux pipe function.
+The code segment that does this might look like
+
+   int pipefd1[2];
+   int pipefd2[2];
+   pipe(pipefd1);
+   pipe(pipefd2);
+
+(2) Fork QEMU with the appropriate command line arguments.
+The -qqq part of the argument will look something like
+
+   -qqq write=pipefd1[1],read=pipefd2[0]
+
+(3) After forking QEMU, close pipefd1[1] and pipefd2[0].
+Retain the other pair of pipes for communicating with QEMU.
+
+The synchronization protocol is very simple. To start, the
+external simulator writes an integer to its write pipe with
+the amount of time in microseconds that QEMU is allowed to
+advance. The code segment that does this might look like:
+
+int ta = 1000; // Advance by 1 millisecond
+write(pipefd2[1],,sizeof(int));
+
+The external simulator can then advance its clock by this
+same amount. During this time, QEMU and the external simulator
+will be executing in parallel. When the external simulator
+completes its time advance, it waits for QEMU by reading from
+its read pipe. The value read will be the actual number of
+virtual microseconds by which QEMU has advanced its virtual clock.
+This will be greater than or equal to the requested advance.
+The code that does this might look like:
+
+   read(pipefd1[0],,sizeof(int));
+
+These steps are repeated until either (1) the external simulator
+closes its pipes thereby causing QEMU to terminate or (2) QEMU
+stops executing (e.g., if the emulated computer is shutdown) and
+causes SIGPIPE to be generated by the closing of its pipes.
+
+You can find an example of a simulator using this protocol in
+the adevs simulation package at http://sourceforge.net/projects/adevs/
diff --git a/freezer.c b/freezer.c
new file mode 100644
index 000..9e0c3f4
--- /dev/null
+++ b/freezer.c
@@ -0,0 +1,43 @@
+#include "qemu/osdep.h"
+#include "qemu/timer.h"
+
+/* These must all initialize to zero */
+static int64_t iced_ticks;
+static 

Re: [Qemu-devel] [PATCH v3] ps2: Fix lost scancodes by recent changes

[Hervé Poussineau]

Le 27/12/2016 à 20:55, OGAWA Hirofumi a écrit :


With "ps2: use QEMU qcodes instead of scancodes", key handling was
changed to qcode base. But all scancodes are not converted to new one.

This adds some missing qcodes/scancodes what I found in using.

[set1 and set3 are from ]
Signed-off-by: OGAWA Hirofumi 



Reviewed-by: Hervé Poussineau 

[Qemu-devel] [PATCH v3] ps2: Fix lost scancodes by recent changes

[OGAWA Hirofumi]

With "ps2: use QEMU qcodes instead of scancodes", key handling was
changed to qcode base. But all scancodes are not converted to new one.

This adds some missing qcodes/scancodes what I found in using.

[set1 and set3 are from ]
Signed-off-by: OGAWA Hirofumi 
---

 hw/input/ps2.c|   10 ++
 qapi-schema.json  |6 +-
 ui/input-keymap.c |3 +++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff -puN hw/input/ps2.c~fix-ps2-scancode hw/input/ps2.c
--- qemu/hw/input/ps2.c~fix-ps2-scancode2016-12-23 23:51:44.324955949 
+0900
+++ qemu-hirofumi/hw/input/ps2.c2016-12-28 04:50:05.075057779 +0900
@@ -252,6 +252,9 @@ static const uint16_t qcode_to_keycode_s
 [Q_KEY_CODE_ASTERISK] = 0x37,
 [Q_KEY_CODE_LESS] = 0x56,
 [Q_KEY_CODE_RO] = 0x73,
+[Q_KEY_CODE_HIRAGANA] = 0x70,
+[Q_KEY_CODE_HENKAN] = 0x79,
+[Q_KEY_CODE_YEN] = 0x7d,
 [Q_KEY_CODE_KP_COMMA] = 0x7e,
 };
 
@@ -394,6 +397,9 @@ static const uint16_t qcode_to_keycode_s
 [Q_KEY_CODE_LESS] = 0x61,
 [Q_KEY_CODE_SYSRQ] = 0x7f,
 [Q_KEY_CODE_RO] = 0x51,
+[Q_KEY_CODE_HIRAGANA] = 0x13,
+[Q_KEY_CODE_HENKAN] = 0x64,
+[Q_KEY_CODE_YEN] = 0x6a,
 [Q_KEY_CODE_KP_COMMA] = 0x6d,
 };
 
@@ -504,6 +510,10 @@ static const uint16_t qcode_to_keycode_s
 [Q_KEY_CODE_COMMA] = 0x41,
 [Q_KEY_CODE_DOT] = 0x49,
 [Q_KEY_CODE_SLASH] = 0x4a,
+
+[Q_KEY_CODE_HIRAGANA] = 0x87,
+[Q_KEY_CODE_HENKAN] = 0x86,
+[Q_KEY_CODE_YEN] = 0x5d,
 };
 
 static uint8_t translate_table[256] = {
diff -puN qapi-schema.json~fix-ps2-scancode qapi-schema.json
--- qemu/qapi-schema.json~fix-ps2-scancode  2016-12-23 23:51:44.324955949 
+0900
+++ qemu-hirofumi/qapi-schema.json  2016-12-24 08:32:46.658549598 +0900
@@ -3618,6 +3618,9 @@
 # @kp_comma: since 2.4
 # @kp_equals: since 2.6
 # @power: since 2.6
+# @hiragana: since 2.9
+# @henkan: since 2.9
+# @yen: since 2.9
 #
 # An enumeration of key name.
 #
@@ -3642,7 +3645,8 @@
 'kp_9', 'less', 'f11', 'f12', 'print', 'home', 'pgup', 'pgdn', 
'end',
 'left', 'up', 'down', 'right', 'insert', 'delete', 'stop', 'again',
 'props', 'undo', 'front', 'copy', 'open', 'paste', 'find', 'cut',
-'lf', 'help', 'meta_l', 'meta_r', 'compose', 'pause', 'ro',
+'lf', 'help', 'meta_l', 'meta_r', 'compose', 'pause',
+'ro', 'hiragana', 'henkan', 'yen',
 'kp_comma', 'kp_equals', 'power' ] }
 
 ##
diff -puN ui/input-keymap.c~fix-ps2-scancode ui/input-keymap.c
--- qemu/ui/input-keymap.c~fix-ps2-scancode 2016-12-23 23:51:44.325955954 
+0900
+++ qemu-hirofumi/ui/input-keymap.c 2016-12-23 23:51:44.327955966 +0900
@@ -131,6 +131,9 @@ static const int qcode_to_number[] = {
 [Q_KEY_CODE_DELETE] = 0xd3,
 
 [Q_KEY_CODE_RO] = 0x73,
+[Q_KEY_CODE_HIRAGANA] = 0x70,
+[Q_KEY_CODE_HENKAN] = 0x79,
+[Q_KEY_CODE_YEN] = 0x7d,
 [Q_KEY_CODE_KP_COMMA] = 0x7e,
 
 [Q_KEY_CODE__MAX] = 0,
_

-- 
OGAWA Hirofumi 

Re: [Qemu-devel] [PATCH] ps2: Fix lost scancodes by recent changes

[OGAWA Hirofumi]

Hervé Poussineau  writes:

> [from hw/input/ps2.c]
>>> Can you also add the keycodes for scancode set 1:
>>> +[Q_KEY_CODE_HIRAGANA] = 0x70,
>>> +[Q_KEY_CODE_HENKAN] = 0x79,
>>> +[Q_KEY_CODE_YEN] = 0x7d,
>>
>> Current linux can't use set1, so untested.
>
> Note that those are the same as those added in input-keymap.c

I see.

>> [... on qemu monitor "sendkey yen" ...]
>> 06:49:58.893893: EV_MSC MSC_SCAN 81
> -> 81 = 0x51
>> 06:49:58.893893: EV_KEY KEY_VOLUMEDOWN (0x72) pressed
>> 06:49:58.893893: EV_SYN code=0 value=0
>> 06:49:58.973841: EV_MSC MSC_SCAN 81
>> 06:49:58.973841: EV_KEY KEY_VOLUMEDOWN (0x72) released
>> 06:49:58.973841: EV_SYN code=0 value=0
>> timeout, quitting
>
> So, Linux is describing 0x51 make scancode as VOLUMEDOWN.
>
> Indeed, according to http://www.quadibloc.com/comp/scan.htm
>  Set 1  Set 2  Set 3
> HENKAN   79 64 86(kanji)
> HIRAGANA 70 13 87(katakana)
> YEN  7d 6a 5d(INT 4)
>
> So correct values for hw/input/ps2.c seem to be:

[...]

> Set 3:
> +[Q_KEY_CODE_HIRAGANA] = 0x87, // already verified
> +[Q_KEY_CODE_HENKAN] = 0x86, // already verified
> +[Q_KEY_CODE_YEN] = 0x5d,  // not 0x51,  as I said in a previous email
>
> Can you check those values?

04:32:33.111316: EV_MSC MSC_SCAN 93
04:32:33.111316: EV_KEY KEY_BACKSLASH (0x2b) pressed
04:32:33.111316: EV_SYN code=0 value=0

Sent 93==0x5d as expected, but keycode is BACKSLASH. Of course, linux
driver is using BACKSLASH(43) keycode for 0x5d. But linux driver has
several BACKSLASH entries for multiple scancodes in set3.

And qemu doesn't have 0x5d entry in set3.  Also

http://hp.vector.co.jp/authors/VA003720/lpproj/others/kbdjpn.htm

yet another site says 0x5d.

Some sites says about buggy keyboards using wrong scancode in set3, and
microsoft seems to removed set3 from specification. So linux translation
table for 43=>0x5d, maybe result of workarounds.

So looks like 0x5d is right value for set3.

Thanks.
-- 
OGAWA Hirofumi 

Re: [Qemu-devel] [Qemu-ppc] PowerPC question

[Programmingkid]

I experience a similar situation with ReactOS. Have you tried it in QEMU 2.8.0 
yet? If you haven't, it is possible the RealTime-OS might work. 

On Dec 27, 2016, at 2:25 PM, Дмитрий Смирнов wrote:

> An old RealTime-OS. The requirements -- use QEMU 2.5.1.1
> 
> 2016-12-27 22:18 GMT+03:00 Programmingkid :
> 
> On Dec 27, 2016, at 2:16 PM, Дмитрий Смирнов wrote:
> 
> > Unfortunately, I have to use version 2.5.1.1. Can I do something in this 
> > case?
> 
> Why do you need to use it? What is the guest operating system you are using? 
> Version 2.8 has a lot more bug fixes in it. You might find it easier to use.
> 
> >
> > 2016-12-27 22:01 GMT+03:00 G 3 :
> > The version of qemu-system-ppc you are using is kind of old. Version 2.8.0 
> > is the newest version. I suggest trying the newest version before trying to 
> > fix a broken feature in an older version.
> >
> > http://wiki.qemu.org/Download
> >
> >
> > On Dec 27, 2016, at 1:57 PM, Дмитрий Смирнов wrote:
> >
> > qemu-system-ppc version: 2.5.1.1
> >
> > Ubuntu 14.04
> > gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
> > GTK 2.0, libsdl1.2-dev
> > ./configure --target-list="ppc-softmmu" --disable-xfsctl
> >
> > By zero meaning, do you mean this: decr = 0
> > Yes.
> >
> >
> > 2016-12-27 21:16 GMT+03:00 G 3 :
> > When I type 'info registers', I see 'DECR 3919147695' at the top of the 
> > screen, so it appears to be working. I think we need more information from 
> > you.
> >
> > qemu-system-ppc version:
> >
> > gcc version (gcc -v):
> >
> > Host info: Ubuntu 
> >
> > Front-end (GTK, SDL, ...):
> >
> > Compile command: ./configure 
> >
> > Note: please respond to this email with "reply all". That way everyone can 
> > try to help you.
> >
> > On Dec 27, 2016, at 1:06 PM, Дмитрий Смирнов wrote:
> >
> > All the registers, which are printing with 'info registers', dump to file 
> > before (./target-ppc/translate.c), but there is no SPR_DECR.
> > I tried to add in 'translate.c' and ./monitor.c some code (print of 
> > cpu_ppc_load_decr(env), print of env->spr[SPR_DECR]), but I have zero 
> > meaning. Also I tried 'p $decr' with the same answer.
> >
> > By zero meaning, do you mean this: decr = 0
> >
> > Maybe I have this problem, because I using VirtualBox->Ubuntu->Qemu?
> >
> > This should not be a problem. An emulator can run anywhere.
> >
> >
> > 2016-12-27 18:52 GMT+03:00 G 3 :
> >
> >
> > On Dec 27, 2016, at 10:38 AM, qemu-ppc-requ...@nongnu.org wrote:
> >
> > Hello, devs!
> >
> > I'm using ppc-softmmu target, and in my qemu monitor I need to print the
> > SPR_DECR meaning, but I don't understand how.
> > Could anyone help me with my problem?
> >
> > Best regards!
> >
> > I think you want to try the 'info registers' command in the monitor.
> >
> >
> >
> >
> >
> >
> 
> 

[Qemu-devel] [PATCH 4/4] kvm: Allow migration with invtsc

[Eduardo Habkost]

Instead of blocking migration on the source when invtsc is
enabled, rely on the migration destination to ensure there's no
TSC frequency mismatch.

We can't allow migration unconditionally because we don't know if
the destination is a QEMU version that is really going to ensure
there's no TSC frequency mismatch. To ensure we are migrating to
a destination that won't ignore SET_TSC_KHZ errors, allow invtsc
migration only on pc-*-2.9 and newer.

Signed-off-by: Eduardo Habkost 
---
 include/hw/i386/pc.h |  7 ++-
 target/i386/cpu.h|  1 +
 target/i386/cpu.c|  1 +
 target/i386/kvm.c| 15 +--
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index ceeacca..4270923 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -375,7 +375,12 @@ int e820_get_num_entries(void);
 bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 
 #define PC_COMPAT_2_8 \
-HW_COMPAT_2_8
+HW_COMPAT_2_8 \
+{\
+.driver   = TYPE_X86_CPU,\
+.property = "invtsc-migration",\
+.value= "off",\
+},
 
 #define PC_COMPAT_2_7 \
 HW_COMPAT_2_7 \
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index a7f2f60..ec8cdbc 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1208,6 +1208,7 @@ struct X86CPU {
 bool expose_kvm;
 bool migratable;
 bool host_features;
+bool invtsc_migration;
 uint32_t apic_id;
 
 /* if true the CPUID code directly forward host cache leaves to the guest 
*/
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index b0640f1..cc93b81 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3678,6 +3678,7 @@ static Property x86_cpu_properties[] = {
 DEFINE_PROP_BOOL("cpuid-0xb", X86CPU, enable_cpuid_0xb, true),
 DEFINE_PROP_BOOL("lmce", X86CPU, enable_lmce, false),
 DEFINE_PROP_BOOL("l3-cache", X86CPU, enable_l3_cache, true),
+DEFINE_PROP_BOOL("invtsc-migration", X86CPU, invtsc_migration, true),
 DEFINE_PROP_END_OF_LIST()
 };
 
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 6a51399..2c3ee7b 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -962,7 +962,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
 has_msr_mcg_ext_ctl = has_msr_feature_control = true;
 }
 
-if (!env->user_tsc_khz) {
+if (!cpu->invtsc_migration && !env->user_tsc_khz) {
 if ((env->features[FEAT_8000_0007_EDX] & CPUID_APM_INVTSC) &&
 invtsc_mig_blocker == NULL) {
 /* for migration */
@@ -972,6 +972,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
 migrate_add_blocker(invtsc_mig_blocker);
 /* for savevm */
 vmstate_x86_cpu.unmigratable = 1;
+}
 }
 
 cpuid_data.cpuid.padding = 0;
@@ -2655,12 +2656,14 @@ int kvm_arch_put_registers(CPUState *cpu, int level)
 }
 
 if (level == KVM_PUT_FULL_STATE) {
-/* We don't check for kvm_arch_set_tsc_khz() errors here,
- * because TSC frequency mismatch shouldn't abort migration,
- * unless the user explicitly asked for a more strict TSC
- * setting (e.g. using an explicit "tsc-freq" option).
+/* Migration TSC frequency mismatch is fatal only if we are
+ * actually reporting Invariant TSC to the guest.
  */
-kvm_arch_set_tsc_khz(cpu);
+ret = kvm_arch_set_tsc_khz(cpu);
+if ((x86_cpu->env.features[FEAT_8000_0007_EDX] & CPUID_APM_INVTSC) &&
+ret < 0) {
+return ret;
+}
 }
 
 ret = kvm_getput_regs(x86_cpu, 1);
-- 
2.7.4

[Qemu-devel] [PATCH 0/4] Allow migration with invtsc if there's no frequency mismatch

[Eduardo Habkost]

This series makes QEMU accept migration with invtsc if:

a) The destination host has a matching TSC frequency; or
b) The destination host has TSC scaling available.

There are two cases where we can ensure the above conditions.
This series implements both:

1) tsc-khz explicitly set on the configuration. This case is
   trivial because the current code already refuses to start if
   there's a TSC frequency mismatch and tsc-khz is explicitly
   configured. (Implemented by patch 2/4)

2) A newer machine-type is being used. This means we know that
   the migration destination is running a QEMU version that will
   check for (a) and (b) on migration even if tsc-khz is not set
   explicitly. (Implemented by patch 4/4)

Eduardo Habkost (4):
  kvm: Simplify invtsc check
  kvm: Allow invtsc migration if tsc-khz is set explicitly
  pc: Add 2.9 machine-types
  kvm: Allow migration with invtsc

 include/hw/i386/pc.h |  6 ++
 target/i386/cpu.h|  1 +
 hw/i386/pc_piix.c| 15 ---
 hw/i386/pc_q35.c | 13 +++--
 target/i386/cpu.c|  1 +
 target/i386/kvm.c| 32 ++--
 6 files changed, 49 insertions(+), 19 deletions(-)

-- 
2.7.4

[Qemu-devel] [PATCH 2/4] kvm: Allow invtsc migration if tsc-khz is set explicitly

[Eduardo Habkost]

We can safely allow a VM to be migrated with invtsc enabled if
tsc-khz is set explicitly, because QEMU already refuses to start
if it can't set the TSC frequency to the configured value.

Signed-off-by: Eduardo Habkost 
---
 target/i386/kvm.c | 19 ++-
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index a26290f..6a51399 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -962,15 +962,16 @@ int kvm_arch_init_vcpu(CPUState *cs)
 has_msr_mcg_ext_ctl = has_msr_feature_control = true;
 }
 
-if ((env->features[FEAT_8000_0007_EDX] & CPUID_APM_INVTSC) &&
-invtsc_mig_blocker == NULL) {
-/* for migration */
-error_setg(_mig_blocker,
-   "State blocked by non-migratable CPU device"
-   " (invtsc flag)");
-migrate_add_blocker(invtsc_mig_blocker);
-/* for savevm */
-vmstate_x86_cpu.unmigratable = 1;
+if (!env->user_tsc_khz) {
+if ((env->features[FEAT_8000_0007_EDX] & CPUID_APM_INVTSC) &&
+invtsc_mig_blocker == NULL) {
+/* for migration */
+error_setg(_mig_blocker,
+   "State blocked by non-migratable CPU device"
+   " (invtsc flag)");
+migrate_add_blocker(invtsc_mig_blocker);
+/* for savevm */
+vmstate_x86_cpu.unmigratable = 1;
 }
 
 cpuid_data.cpuid.padding = 0;
-- 
2.7.4

[Qemu-devel] [PATCH 3/4] pc: Add 2.9 machine-types

[Eduardo Habkost]

Cc: "Michael S. Tsirkin" 
Cc: Laszlo Ersek 
Cc: Igor Mammedov 
Signed-off-by: Eduardo Habkost 
---
 include/hw/i386/pc.h |  1 +
 hw/i386/pc_piix.c| 15 ---
 hw/i386/pc_q35.c | 13 +++--
 3 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index b22e699..ceeacca 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -375,6 +375,7 @@ int e820_get_num_entries(void);
 bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 
 #define PC_COMPAT_2_8 \
+HW_COMPAT_2_8
 
 #define PC_COMPAT_2_7 \
 HW_COMPAT_2_7 \
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 5e1adbe..9f102aa 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -437,13 +437,24 @@ static void pc_i440fx_machine_options(MachineClass *m)
 m->default_display = "std";
 }
 
-static void pc_i440fx_2_8_machine_options(MachineClass *m)
+static void pc_i440fx_2_9_machine_options(MachineClass *m)
 {
 pc_i440fx_machine_options(m);
 m->alias = "pc";
 m->is_default = 1;
 }
 
+DEFINE_I440FX_MACHINE(v2_9, "pc-i440fx-2.9", NULL,
+  pc_i440fx_2_9_machine_options);
+
+static void pc_i440fx_2_8_machine_options(MachineClass *m)
+{
+pc_i440fx_2_9_machine_options(m);
+m->is_default = 0;
+m->alias = NULL;
+SET_MACHINE_COMPAT(m, PC_COMPAT_2_8);
+}
+
 DEFINE_I440FX_MACHINE(v2_8, "pc-i440fx-2.8", NULL,
   pc_i440fx_2_8_machine_options);
 
@@ -451,8 +462,6 @@ DEFINE_I440FX_MACHINE(v2_8, "pc-i440fx-2.8", NULL,
 static void pc_i440fx_2_7_machine_options(MachineClass *m)
 {
 pc_i440fx_2_8_machine_options(m);
-m->is_default = 0;
-m->alias = NULL;
 SET_MACHINE_COMPAT(m, PC_COMPAT_2_7);
 }
 
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index d042fe0..dd792a8 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -301,19 +301,28 @@ static void pc_q35_machine_options(MachineClass *m)
 m->max_cpus = 288;
 }
 
-static void pc_q35_2_8_machine_options(MachineClass *m)
+static void pc_q35_2_9_machine_options(MachineClass *m)
 {
 pc_q35_machine_options(m);
 m->alias = "q35";
 }
 
+DEFINE_Q35_MACHINE(v2_9, "pc-q35-2.9", NULL,
+   pc_q35_2_9_machine_options);
+
+static void pc_q35_2_8_machine_options(MachineClass *m)
+{
+pc_q35_2_9_machine_options(m);
+m->alias = NULL;
+SET_MACHINE_COMPAT(m, PC_COMPAT_2_8);
+}
+
 DEFINE_Q35_MACHINE(v2_8, "pc-q35-2.8", NULL,
pc_q35_2_8_machine_options);
 
 static void pc_q35_2_7_machine_options(MachineClass *m)
 {
 pc_q35_2_8_machine_options(m);
-m->alias = NULL;
 m->max_cpus = 255;
 SET_MACHINE_COMPAT(m, PC_COMPAT_2_7);
 }
-- 
2.7.4

[Qemu-devel] [PATCH 1/4] kvm: Simplify invtsc check

[Eduardo Habkost]

Instead of searching the table we have just built, we can check
the env->features field directly.

Signed-off-by: Eduardo Habkost 
---
 target/i386/kvm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 10a9cd8..a26290f 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -962,8 +962,8 @@ int kvm_arch_init_vcpu(CPUState *cs)
 has_msr_mcg_ext_ctl = has_msr_feature_control = true;
 }
 
-c = cpuid_find_entry(_data.cpuid, 0x8007, 0);
-if (c && (c->edx & 1<<8) && invtsc_mig_blocker == NULL) {
+if ((env->features[FEAT_8000_0007_EDX] & CPUID_APM_INVTSC) &&
+invtsc_mig_blocker == NULL) {
 /* for migration */
 error_setg(_mig_blocker,
"State blocked by non-migratable CPU device"
-- 
2.7.4

Re: [Qemu-devel] [Qemu-ppc] PowerPC question

[Programmingkid]

On Dec 27, 2016, at 2:16 PM, Дмитрий Смирнов wrote:

> Unfortunately, I have to use version 2.5.1.1. Can I do something in this case?

Why do you need to use it? What is the guest operating system you are using? 
Version 2.8 has a lot more bug fixes in it. You might find it easier to use.

> 
> 2016-12-27 22:01 GMT+03:00 G 3 :
> The version of qemu-system-ppc you are using is kind of old. Version 2.8.0 is 
> the newest version. I suggest trying the newest version before trying to fix 
> a broken feature in an older version.
> 
> http://wiki.qemu.org/Download
> 
> 
> On Dec 27, 2016, at 1:57 PM, Дмитрий Смирнов wrote:
> 
> qemu-system-ppc version: 2.5.1.1
> 
> Ubuntu 14.04
> gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
> GTK 2.0, libsdl1.2-dev
> ./configure --target-list="ppc-softmmu" --disable-xfsctl
> 
> By zero meaning, do you mean this: decr = 0
> Yes.
> 
> 
> 2016-12-27 21:16 GMT+03:00 G 3 :
> When I type 'info registers', I see 'DECR 3919147695' at the top of the 
> screen, so it appears to be working. I think we need more information from 
> you.
> 
> qemu-system-ppc version:
> 
> gcc version (gcc -v):
> 
> Host info: Ubuntu 
> 
> Front-end (GTK, SDL, ...):
> 
> Compile command: ./configure 
> 
> Note: please respond to this email with "reply all". That way everyone can 
> try to help you.
> 
> On Dec 27, 2016, at 1:06 PM, Дмитрий Смирнов wrote:
> 
> All the registers, which are printing with 'info registers', dump to file 
> before (./target-ppc/translate.c), but there is no SPR_DECR.
> I tried to add in 'translate.c' and ./monitor.c some code (print of 
> cpu_ppc_load_decr(env), print of env->spr[SPR_DECR]), but I have zero 
> meaning. Also I tried 'p $decr' with the same answer.
> 
> By zero meaning, do you mean this: decr = 0
> 
> Maybe I have this problem, because I using VirtualBox->Ubuntu->Qemu?
> 
> This should not be a problem. An emulator can run anywhere.
> 
> 
> 2016-12-27 18:52 GMT+03:00 G 3 :
> 
> 
> On Dec 27, 2016, at 10:38 AM, qemu-ppc-requ...@nongnu.org wrote:
> 
> Hello, devs!
> 
> I'm using ppc-softmmu target, and in my qemu monitor I need to print the
> SPR_DECR meaning, but I don't understand how.
> Could anyone help me with my problem?
> 
> Best regards!
> 
> I think you want to try the 'info registers' command in the monitor.
> 
> 
> 
> 
> 
> 

Re: [Qemu-devel] [RFC PATCH v3 0/6] translate: [tcg] Generic translation framework

[Lluís Vilanova]

no-reply  writes:

> Hi,
> Your series failed automatic build test. Please find the testing commands and
> their output below. If you have docker installed, you can probably reproduce 
> it
> locally.

I did try to compile all targets and it worked for me... I'll check again just
in case.

Cheers,
  Lluis

Re: [Qemu-devel] [RFC PATCH v3 0/6] translate: [tcg] Generic translation framework

[Lluís Vilanova]

no-reply  writes:

> Hi,
> Your series seems to have some coding style problems. See output below for
> more information:

Sorry for the noise. I'll resend after checking the style problems.

Cheers,
  Lluis

Re: [Qemu-devel] [PATCH v3 2/6] queue: Add macro for incremental traversal

[Lluís Vilanova]

Peter Maydell writes:

> On 27 December 2016 at 15:37, Lluís Vilanova  wrote:
>> Adds macro QTAILQ_FOREACH_CONTINUE to support incremental list
>> traversal.
>> 
>> Signed-off-by: Lluís Vilanova 
>> ---
>> include/qemu/queue.h |5 +
>> 1 file changed, 5 insertions(+)
>> 
>> diff --git a/include/qemu/queue.h b/include/qemu/queue.h
>> index 342073fb4d..0d709016f4 100644
>> --- a/include/qemu/queue.h
>> +++ b/include/qemu/queue.h
>> @@ -415,6 +415,11 @@ struct {
>> \
>> (var);  \
>> (var) = ((var)->field.tqe_next))
>> 
>> +#define QTAILQ_FOREACH_CONTINUE(var, field) \
>> +for ((var) = ((var)->field.tqe_next);   \
>> +(var);  \
>> +(var) = ((var)->field.tqe_next))
>> +
>> #define QTAILQ_FOREACH_SAFE(var, head, field, next_var) \
>> for ((var) = ((head)->tqh_first);   \
>> (var) && ((next_var) = ((var)->field.tqe_next), 1); \

> Could we have some documentation for the new macro, please?

Sure thing.

Lluis

Re: [Qemu-devel] [Qemu-ppc] PowerPC question

[G 3]

The version of qemu-system-ppc you are using is kind of old. Version  
2.8.0 is the newest version. I suggest trying the newest version  
before trying to fix a broken feature in an older version.


http://wiki.qemu.org/Download

On Dec 27, 2016, at 1:57 PM, Дмитрий Смирнов wrote:


qemu-system-ppc version: 2.5.1.1

Ubuntu 14.04
gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
GTK 2.0, libsdl1.2-dev
./configure --target-list="ppc-softmmu" --disable-xfsctl

By zero meaning, do you mean this: decr = 0
Yes.


2016-12-27 21:16 GMT+03:00 G 3 :
When I type 'info registers', I see 'DECR 3919147695' at the top of  
the screen, so it appears to be working. I think we need more  
information from you.


qemu-system-ppc version:

gcc version (gcc -v):

Host info: Ubuntu 

Front-end (GTK, SDL, ...):

Compile command: ./configure 

Note: please respond to this email with "reply all". That way  
everyone can try to help you.


On Dec 27, 2016, at 1:06 PM, Дмитрий Смирнов wrote:

All the registers, which are printing with 'info registers', dump  
to file before (./target-ppc/translate.c), but there is no SPR_DECR.
I tried to add in 'translate.c' and ./monitor.c some code (print of  
cpu_ppc_load_decr(env), print of env->spr[SPR_DECR]), but I have  
zero meaning. Also I tried 'p $decr' with the same answer.


By zero meaning, do you mean this: decr = 0

Maybe I have this problem, because I using VirtualBox->Ubuntu->Qemu?

This should not be a problem. An emulator can run anywhere.


2016-12-27 18:52 GMT+03:00 G 3 :


On Dec 27, 2016, at 10:38 AM, qemu-ppc-requ...@nongnu.org wrote:

Hello, devs!

I'm using ppc-softmmu target, and in my qemu monitor I need to  
print the

SPR_DECR meaning, but I don't understand how.
Could anyone help me with my problem?

Best regards!

I think you want to try the 'info registers' command in the monitor.

Re: [Qemu-devel] [Qemu-ppc] PowerPC question

[G 3]

When I type 'info registers', I see 'DECR 3919147695' at the top of  
the screen, so it appears to be working. I think we need more  
information from you.


qemu-system-ppc version:

gcc version (gcc -v):

Host info: Ubuntu 

Front-end (GTK, SDL, ...):

Compile command: ./configure 

Note: please respond to this email with "reply all". That way  
everyone can try to help you.


On Dec 27, 2016, at 1:06 PM, Дмитрий Смирнов wrote:

All the registers, which are printing with 'info registers', dump  
to file before (./target-ppc/translate.c), but there is no SPR_DECR.
I tried to add in 'translate.c' and ./monitor.c some code (print of  
cpu_ppc_load_decr(env), print of env->spr[SPR_DECR]), but I have  
zero meaning. Also I tried 'p $decr' with the same answer.


By zero meaning, do you mean this: decr = 0


Maybe I have this problem, because I using VirtualBox->Ubuntu->Qemu?


This should not be a problem. An emulator can run anywhere.



2016-12-27 18:52 GMT+03:00 G 3 :

On Dec 27, 2016, at 10:38 AM, qemu-ppc-requ...@nongnu.org wrote:

Hello, devs!

I'm using ppc-softmmu target, and in my qemu monitor I need to  
print the

SPR_DECR meaning, but I don't understand how.
Could anyone help me with my problem?

Best regards!

I think you want to try the 'info registers' command in the monitor.

[Qemu-devel] [PULL v2 10/12] target-m68k: Inline shifts

[Laurent Vivier]

From: Richard Henderson 

Also manage word and byte operands and fix the computation of
overflow in the case of M68000 arithmetic shifts.

Signed-off-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
Message-Id: <1478699171-10637-4-git-send-email-...@twiddle.net>
---
 target/m68k/helper.c|  52 ---
 target/m68k/helper.h|   3 -
 target/m68k/translate.c | 226 ++--
 3 files changed, 201 insertions(+), 80 deletions(-)

diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index 7aed9ff..f750d3d 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -284,58 +284,6 @@ void HELPER(set_sr)(CPUM68KState *env, uint32_t val)
 m68k_switch_sp(env);
 }
 
-uint32_t HELPER(shl_cc)(CPUM68KState *env, uint32_t val, uint32_t shift)
-{
-uint64_t result;
-
-shift &= 63;
-result = (uint64_t)val << shift;
-
-env->cc_c = (result >> 32) & 1;
-env->cc_n = result;
-env->cc_z = result;
-env->cc_v = 0;
-env->cc_x = shift ? env->cc_c : env->cc_x;
-
-return result;
-}
-
-uint32_t HELPER(shr_cc)(CPUM68KState *env, uint32_t val, uint32_t shift)
-{
-uint64_t temp;
-uint32_t result;
-
-shift &= 63;
-temp = (uint64_t)val << 32 >> shift;
-result = temp >> 32;
-
-env->cc_c = (temp >> 31) & 1;
-env->cc_n = result;
-env->cc_z = result;
-env->cc_v = 0;
-env->cc_x = shift ? env->cc_c : env->cc_x;
-
-return result;
-}
-
-uint32_t HELPER(sar_cc)(CPUM68KState *env, uint32_t val, uint32_t shift)
-{
-uint64_t temp;
-uint32_t result;
-
-shift &= 63;
-temp = (int64_t)val << 32 >> shift;
-result = temp >> 32;
-
-env->cc_c = (temp >> 31) & 1;
-env->cc_n = result;
-env->cc_z = result;
-env->cc_v = result ^ val;
-env->cc_x = shift ? env->cc_c : env->cc_x;
-
-return result;
-}
-
 /* FPU helpers.  */
 uint32_t HELPER(f64_to_i32)(CPUM68KState *env, float64 val)
 {
diff --git a/target/m68k/helper.h b/target/m68k/helper.h
index a6f88fc..17ec342 100644
--- a/target/m68k/helper.h
+++ b/target/m68k/helper.h
@@ -7,9 +7,6 @@ DEF_HELPER_4(divul, void, env, int, int, i32)
 DEF_HELPER_4(divsl, void, env, int, int, s32)
 DEF_HELPER_4(divull, void, env, int, int, i32)
 DEF_HELPER_4(divsll, void, env, int, int, s32)
-DEF_HELPER_3(shl_cc, i32, env, i32, i32)
-DEF_HELPER_3(shr_cc, i32, env, i32, i32)
-DEF_HELPER_3(sar_cc, i32, env, i32, i32)
 DEF_HELPER_2(set_sr, void, env, i32)
 DEF_HELPER_3(movec, void, env, i32, i32)
 DEF_HELPER_4(cas2w, void, env, i32, i32, i32)
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 0417c32..76c77ee 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -2883,48 +2883,217 @@ DISAS_INSN(addx_mem)
 gen_store(s, opsize, addr_dest, QREG_CC_N);
 }
 
-/* TODO: This could be implemented without helper functions.  */
-DISAS_INSN(shift_im)
+static inline void shift_im(DisasContext *s, uint16_t insn, int opsize)
 {
-TCGv reg;
-int tmp;
-TCGv shift;
+int count = (insn >> 9) & 7;
+int logical = insn & 8;
+int left = insn & 0x100;
+int bits = opsize_bytes(opsize) * 8;
+TCGv reg = gen_extend(DREG(insn, 0), opsize, !logical);
+
+if (count == 0) {
+count = 8;
+}
+
+tcg_gen_movi_i32(QREG_CC_V, 0);
+if (left) {
+tcg_gen_shri_i32(QREG_CC_C, reg, bits - count);
+tcg_gen_shli_i32(QREG_CC_N, reg, count);
+
+/* Note that ColdFire always clears V (done above),
+   while M68000 sets if the most significant bit is changed at
+   any time during the shift operation */
+if (!logical && m68k_feature(s->env, M68K_FEATURE_M68000)) {
+/* if shift count >= bits, V is (reg != 0) */
+if (count >= bits) {
+tcg_gen_setcond_i32(TCG_COND_NE, QREG_CC_V, reg, QREG_CC_V);
+} else {
+TCGv t0 = tcg_temp_new();
+tcg_gen_sari_i32(QREG_CC_V, reg, bits - 1);
+tcg_gen_sari_i32(t0, reg, bits - count - 1);
+tcg_gen_setcond_i32(TCG_COND_NE, QREG_CC_V, QREG_CC_V, t0);
+tcg_temp_free(t0);
+}
+tcg_gen_neg_i32(QREG_CC_V, QREG_CC_V);
+}
+} else {
+tcg_gen_shri_i32(QREG_CC_C, reg, count - 1);
+if (logical) {
+tcg_gen_shri_i32(QREG_CC_N, reg, count);
+} else {
+tcg_gen_sari_i32(QREG_CC_N, reg, count);
+}
+}
+
+gen_ext(QREG_CC_N, QREG_CC_N, opsize, 1);
+tcg_gen_andi_i32(QREG_CC_C, QREG_CC_C, 1);
+tcg_gen_mov_i32(QREG_CC_Z, QREG_CC_N);
+tcg_gen_mov_i32(QREG_CC_X, QREG_CC_C);
 
+gen_partset_reg(opsize, DREG(insn, 0), QREG_CC_N);
 set_cc_op(s, CC_OP_FLAGS);
+}
 
-reg = DREG(insn, 0);
-tmp = (insn >> 9) & 7;
-if (tmp == 0)
-tmp = 8;
-shift = tcg_const_i32(tmp);
-/* No need to flush flags becuse we know we will set C flag.  */
-if 

[Qemu-devel] [PULL v2 09/12] target-m68k: Do not cpu_abort on undefined insns

[Laurent Vivier]

From: Richard Henderson 

Report this properly via exception and, importantly, allow
the disassembler the chance to tell us what insn is not handled.

Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
Message-Id: <1478699171-10637-3-git-send-email-...@twiddle.net>
Signed-off-by: Laurent Vivier 
---
 target/m68k/translate.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index acc8182..0417c32 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -1214,10 +1214,12 @@ DISAS_INSN(undef_fpu)
 
 DISAS_INSN(undef)
 {
-M68kCPU *cpu = m68k_env_get_cpu(env);
-
+/* ??? This is both instructions that are as yet unimplemented
+   for the 680x0 series, as well as those that are implemented
+   but actually illegal for CPU32 or pre-68020.  */
+qemu_log_mask(LOG_UNIMP, "Illegal instruction: %04x @ %08x",
+  insn, s->pc - 2);
 gen_exception(s, s->pc - 2, EXCP_UNSUPPORTED);
-cpu_abort(CPU(cpu), "Illegal instruction: %04x @ %08x", insn, s->pc - 2);
 }
 
 DISAS_INSN(mulw)
-- 
2.7.4

[Qemu-devel] [PULL v2 08/12] target-m68k: Implement 680x0 movem

[Laurent Vivier]

680x0 movem can load/store words and long words and can use more
addressing modes.  Coldfire can only use long words with (Ax) and
(d16,Ax) addressing modes.

Signed-off-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
Message-Id: <1478699171-10637-2-git-send-email-...@twiddle.net>
---
 target/m68k/translate.c | 130 +++-
 1 file changed, 107 insertions(+), 23 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 0124820..acc8182 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -1645,40 +1645,122 @@ static void gen_push(DisasContext *s, TCGv val)
 tcg_gen_mov_i32(QREG_SP, tmp);
 }
 
+static TCGv mreg(int reg)
+{
+if (reg < 8) {
+/* Dx */
+return cpu_dregs[reg];
+}
+/* Ax */
+return cpu_aregs[reg & 7];
+}
+
 DISAS_INSN(movem)
 {
-TCGv addr;
+TCGv addr, incr, tmp, r[16];
+int is_load = (insn & 0x0400) != 0;
+int opsize = (insn & 0x40) != 0 ? OS_LONG : OS_WORD;
+uint16_t mask = read_im16(env, s);
+int mode = extract32(insn, 3, 3);
+int reg0 = REG(insn, 0);
 int i;
-uint16_t mask;
-TCGv reg;
-TCGv tmp;
-int is_load;
 
-mask = read_im16(env, s);
-tmp = gen_lea(env, s, insn, OS_LONG);
-if (IS_NULL_QREG(tmp)) {
+tmp = cpu_aregs[reg0];
+
+switch (mode) {
+case 0: /* data register direct */
+case 1: /* addr register direct */
+do_addr_fault:
 gen_addr_fault(s);
 return;
+
+case 2: /* indirect */
+break;
+
+case 3: /* indirect post-increment */
+if (!is_load) {
+/* post-increment is not allowed */
+goto do_addr_fault;
+}
+break;
+
+case 4: /* indirect pre-decrement */
+if (is_load) {
+/* pre-decrement is not allowed */
+goto do_addr_fault;
+}
+/* We want a bare copy of the address reg, without any pre-decrement
+   adjustment, as gen_lea would provide.  */
+break;
+
+default:
+tmp = gen_lea_mode(env, s, mode, reg0, opsize);
+if (IS_NULL_QREG(tmp)) {
+goto do_addr_fault;
+}
+break;
 }
+
 addr = tcg_temp_new();
 tcg_gen_mov_i32(addr, tmp);
-is_load = ((insn & 0x0400) != 0);
-for (i = 0; i < 16; i++, mask >>= 1) {
-if (mask & 1) {
-if (i < 8)
-reg = DREG(i, 0);
-else
-reg = AREG(i, 0);
-if (is_load) {
-tmp = gen_load(s, OS_LONG, addr, 0);
-tcg_gen_mov_i32(reg, tmp);
-} else {
-gen_store(s, OS_LONG, addr, reg);
+incr = tcg_const_i32(opsize_bytes(opsize));
+
+if (is_load) {
+/* memory to register */
+for (i = 0; i < 16; i++) {
+if (mask & (1 << i)) {
+r[i] = gen_load(s, opsize, addr, 1);
+tcg_gen_add_i32(addr, addr, incr);
+}
+}
+for (i = 0; i < 16; i++) {
+if (mask & (1 << i)) {
+tcg_gen_mov_i32(mreg(i), r[i]);
+tcg_temp_free(r[i]);
+}
+}
+if (mode == 3) {
+/* post-increment: movem (An)+,X */
+tcg_gen_mov_i32(cpu_aregs[reg0], addr);
+}
+} else {
+/* register to memory */
+if (mode == 4) {
+/* pre-decrement: movem X,-(An) */
+for (i = 15; i >= 0; i--) {
+if ((mask << i) & 0x8000) {
+tcg_gen_sub_i32(addr, addr, incr);
+if (reg0 + 8 == i &&
+m68k_feature(s->env, M68K_FEATURE_EXT_FULL)) {
+/* M68020+: if the addressing register is the
+ * register moved to memory, the value written
+ * is the initial value decremented by the size of
+ * the operation, regardless of how many actual
+ * stores have been performed until this point.
+ * M68000/M68010: the value is the initial value.
+ */
+tmp = tcg_temp_new();
+tcg_gen_sub_i32(tmp, cpu_aregs[reg0], incr);
+gen_store(s, opsize, addr, tmp);
+tcg_temp_free(tmp);
+} else {
+gen_store(s, opsize, addr, mreg(i));
+}
+}
+}
+tcg_gen_mov_i32(cpu_aregs[reg0], addr);
+} else {
+for (i = 0; i < 16; i++) {
+if (mask & (1 << i)) {
+gen_store(s, opsize, addr, mreg(i));
+tcg_gen_add_i32(addr, addr, incr);
+}
 }
-if (mask != 1)
-tcg_gen_addi_i32(addr, addr, 4);
 }
 }
+
+

[Qemu-devel] [PULL v2 03/12] target-m68k: add cmpm

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
Message-Id: <1477604609-2206-2-git-send-email-laur...@vivier.eu>
Signed-off-by: Richard Henderson 
Message-Id: <1478206203-4606-4-git-send-email-...@twiddle.net>
---
 target/m68k/translate.c | 16 
 1 file changed, 16 insertions(+)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index aaa221e..97edb7b 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -2224,6 +2224,21 @@ DISAS_INSN(cmpa)
 gen_update_cc_cmp(s, reg, src, OS_LONG);
 }
 
+DISAS_INSN(cmpm)
+{
+int opsize = insn_opsize(insn);
+TCGv src, dst;
+
+/* Post-increment load (mode 3) from Ay.  */
+src = gen_ea_mode(env, s, 3, REG(insn, 0), opsize,
+  NULL_QREG, NULL, EA_LOADS);
+/* Post-increment load (mode 3) from Ax.  */
+dst = gen_ea_mode(env, s, 3, REG(insn, 9), opsize,
+  NULL_QREG, NULL, EA_LOADS);
+
+gen_update_cc_cmp(s, dst, src, opsize);
+}
+
 DISAS_INSN(eor)
 {
 TCGv src;
@@ -3465,6 +3480,7 @@ void register_m68k_insns (CPUM68KState *env)
 INSN(cmpa,  b1c0, f1c0, CF_ISA_A);
 INSN(cmp,   b000, f100, M68000);
 INSN(eor,   b100, f100, M68000);
+INSN(cmpm,  b108, f138, M68000);
 INSN(cmpa,  b0c0, f0c0, M68000);
 INSN(eor,   b180, f1c0, CF_ISA_A);
 BASE(and,   c000, f000);
-- 
2.7.4

[Qemu-devel] [PULL v2 01/12] target-m68k: Delay autoinc writeback

[Laurent Vivier]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Message-Id: <1478206203-4606-2-git-send-email-...@twiddle.net>
---
 target/m68k/translate.c | 84 +
 1 file changed, 64 insertions(+), 20 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index d6ed883..a9066dc 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -59,12 +59,12 @@ static TCGv cpu_aregs[8];
 static TCGv_i64 cpu_fregs[8];
 static TCGv_i64 cpu_macc[4];
 
-#define REG(insn, pos) (((insn) >> (pos)) & 7)
+#define REG(insn, pos)  (((insn) >> (pos)) & 7)
 #define DREG(insn, pos) cpu_dregs[REG(insn, pos)]
-#define AREG(insn, pos) cpu_aregs[REG(insn, pos)]
+#define AREG(insn, pos) get_areg(s, REG(insn, pos))
 #define FREG(insn, pos) cpu_fregs[REG(insn, pos)]
-#define MACREG(acc) cpu_macc[acc]
-#define QREG_SP cpu_aregs[7]
+#define MACREG(acc) cpu_macc[acc]
+#define QREG_SP get_areg(s, 7)
 
 static TCGv NULL_QREG;
 #define IS_NULL_QREG(t) (TCGV_EQUAL(t, NULL_QREG))
@@ -141,8 +141,55 @@ typedef struct DisasContext {
 int singlestep_enabled;
 TCGv_i64 mactmp;
 int done_mac;
+int writeback_mask;
+TCGv writeback[8];
 } DisasContext;
 
+static TCGv get_areg(DisasContext *s, unsigned regno)
+{
+if (s->writeback_mask & (1 << regno)) {
+return s->writeback[regno];
+} else {
+return cpu_aregs[regno];
+}
+}
+
+static void delay_set_areg(DisasContext *s, unsigned regno,
+   TCGv val, bool give_temp)
+{
+if (s->writeback_mask & (1 << regno)) {
+if (give_temp) {
+tcg_temp_free(s->writeback[regno]);
+s->writeback[regno] = val;
+} else {
+tcg_gen_mov_i32(s->writeback[regno], val);
+}
+} else {
+s->writeback_mask |= 1 << regno;
+if (give_temp) {
+s->writeback[regno] = val;
+} else {
+TCGv tmp = tcg_temp_new();
+s->writeback[regno] = tmp;
+tcg_gen_mov_i32(tmp, val);
+}
+}
+}
+
+static void do_writebacks(DisasContext *s)
+{
+unsigned mask = s->writeback_mask;
+if (mask) {
+s->writeback_mask = 0;
+do {
+unsigned regno = ctz32(mask);
+tcg_gen_mov_i32(cpu_aregs[regno], s->writeback[regno]);
+tcg_temp_free(s->writeback[regno]);
+mask &= mask - 1;
+} while (mask);
+}
+}
+
 #define DISAS_JUMP_NEXT 4
 
 #if defined(CONFIG_USER_ONLY)
@@ -331,7 +378,7 @@ static inline uint32_t read_im32(CPUM68KState *env, 
DisasContext *s)
 }
 
 /* Calculate and address index.  */
-static TCGv gen_addr_index(uint16_t ext, TCGv tmp)
+static TCGv gen_addr_index(DisasContext *s, uint16_t ext, TCGv tmp)
 {
 TCGv add;
 int scale;
@@ -388,7 +435,7 @@ static TCGv gen_lea_indexed(CPUM68KState *env, DisasContext 
*s, TCGv base)
 tmp = tcg_temp_new();
 if ((ext & 0x44) == 0) {
 /* pre-index */
-add = gen_addr_index(ext, tmp);
+add = gen_addr_index(s, ext, tmp);
 } else {
 add = NULL_QREG;
 }
@@ -417,7 +464,7 @@ static TCGv gen_lea_indexed(CPUM68KState *env, DisasContext 
*s, TCGv base)
 /* memory indirect */
 base = gen_load(s, OS_LONG, add, 0);
 if ((ext & 0x44) == 4) {
-add = gen_addr_index(ext, tmp);
+add = gen_addr_index(s, ext, tmp);
 tcg_gen_add_i32(tmp, add, base);
 add = tmp;
 } else {
@@ -441,7 +488,7 @@ static TCGv gen_lea_indexed(CPUM68KState *env, DisasContext 
*s, TCGv base)
 } else {
 /* brief extension word format */
 tmp = tcg_temp_new();
-add = gen_addr_index(ext, tmp);
+add = gen_addr_index(s, ext, tmp);
 if (!IS_NULL_QREG(base)) {
 tcg_gen_add_i32(tmp, add, base);
 if ((int8_t)ext)
@@ -755,10 +802,11 @@ static TCGv gen_ea(CPUM68KState *env, DisasContext *s, 
uint16_t insn,
 case 3: /* Indirect postincrement.  */
 reg = AREG(insn, 0);
 result = gen_ldst(s, opsize, reg, val, what);
-/* ??? This is not exception safe.  The instruction may still
-   fault after this point.  */
-if (what == EA_STORE || !addrp)
-tcg_gen_addi_i32(reg, reg, opsize_bytes(opsize));
+if (what == EA_STORE || !addrp) {
+TCGv tmp = tcg_temp_new();
+tcg_gen_addi_i32(tmp, reg, opsize_bytes(opsize));
+delay_set_areg(s, REG(insn, 0), tmp, true);
+}
 return result;
 case 4: /* Indirect predecrememnt.  */
 {
@@ -773,11 +821,8 @@ static TCGv gen_ea(CPUM68KState *env, DisasContext *s, 
uint16_t insn,
 *addrp = tmp;
 }
 result = gen_ldst(s, opsize, tmp, val, what);
-/* ??? This is not exception safe.  The instruction may still
-  

[Qemu-devel] [PULL v2 11/12] target-m68k: add rol/ror/roxl/roxr instructions

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target/m68k/translate.c | 391 
 1 file changed, 391 insertions(+)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 76c77ee..bb5a299 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -3097,6 +3097,390 @@ DISAS_INSN(shift_mem)
 set_cc_op(s, CC_OP_FLAGS);
 }
 
+static void rotate(TCGv reg, TCGv shift, int left, int size)
+{
+switch (size) {
+case 8:
+/* Replicate the 8-bit input so that a 32-bit rotate works.  */
+tcg_gen_ext8u_i32(reg, reg);
+tcg_gen_muli_i32(reg, reg, 0x01010101);
+goto do_long;
+case 16:
+/* Replicate the 16-bit input so that a 32-bit rotate works.  */
+tcg_gen_deposit_i32(reg, reg, reg, 16, 16);
+goto do_long;
+do_long:
+default:
+if (left) {
+tcg_gen_rotl_i32(reg, reg, shift);
+} else {
+tcg_gen_rotr_i32(reg, reg, shift);
+}
+}
+
+/* compute flags */
+
+switch (size) {
+case 8:
+tcg_gen_ext8s_i32(reg, reg);
+break;
+case 16:
+tcg_gen_ext16s_i32(reg, reg);
+break;
+default:
+break;
+}
+
+/* QREG_CC_X is not affected */
+
+tcg_gen_mov_i32(QREG_CC_N, reg);
+tcg_gen_mov_i32(QREG_CC_Z, reg);
+
+if (left) {
+tcg_gen_andi_i32(QREG_CC_C, reg, 1);
+} else {
+tcg_gen_shri_i32(QREG_CC_C, reg, 31);
+}
+
+tcg_gen_movi_i32(QREG_CC_V, 0); /* always cleared */
+}
+
+static void rotate_x_flags(TCGv reg, TCGv X, int size)
+{
+switch (size) {
+case 8:
+tcg_gen_ext8s_i32(reg, reg);
+break;
+case 16:
+tcg_gen_ext16s_i32(reg, reg);
+break;
+default:
+break;
+}
+tcg_gen_mov_i32(QREG_CC_N, reg);
+tcg_gen_mov_i32(QREG_CC_Z, reg);
+tcg_gen_mov_i32(QREG_CC_X, X);
+tcg_gen_mov_i32(QREG_CC_C, X);
+tcg_gen_movi_i32(QREG_CC_V, 0);
+}
+
+/* Result of rotate_x() is valid if 0 <= shift <= size */
+static TCGv rotate_x(TCGv reg, TCGv shift, int left, int size)
+{
+TCGv X, shl, shr, shx, sz, zero;
+
+sz = tcg_const_i32(size);
+
+shr = tcg_temp_new();
+shl = tcg_temp_new();
+shx = tcg_temp_new();
+if (left) {
+tcg_gen_mov_i32(shl, shift);  /* shl = shift */
+tcg_gen_movi_i32(shr, size + 1);
+tcg_gen_sub_i32(shr, shr, shift); /* shr = size + 1 - shift */
+tcg_gen_subi_i32(shx, shift, 1);  /* shx = shift - 1 */
+/* shx = shx < 0 ? size : shx; */
+zero = tcg_const_i32(0);
+tcg_gen_movcond_i32(TCG_COND_LT, shx, shx, zero, sz, shx);
+tcg_temp_free(zero);
+} else {
+tcg_gen_mov_i32(shr, shift);  /* shr = shift */
+tcg_gen_movi_i32(shl, size + 1);
+tcg_gen_sub_i32(shl, shl, shift); /* shl = size + 1 - shift */
+tcg_gen_sub_i32(shx, sz, shift); /* shx = size - shift */
+}
+
+/* reg = (reg << shl) | (reg >> shr) | (x << shx); */
+
+tcg_gen_shl_i32(shl, reg, shl);
+tcg_gen_shr_i32(shr, reg, shr);
+tcg_gen_or_i32(reg, shl, shr);
+tcg_temp_free(shl);
+tcg_temp_free(shr);
+tcg_gen_shl_i32(shx, QREG_CC_X, shx);
+tcg_gen_or_i32(reg, reg, shx);
+tcg_temp_free(shx);
+
+/* X = (reg >> size) & 1 */
+
+X = tcg_temp_new();
+tcg_gen_shr_i32(X, reg, sz);
+tcg_gen_andi_i32(X, X, 1);
+tcg_temp_free(sz);
+
+return X;
+}
+
+/* Result of rotate32_x() is valid if 0 <= shift < 33 */
+static TCGv rotate32_x(TCGv reg, TCGv shift, int left)
+{
+TCGv_i64 t0, shift64;
+TCGv X, lo, hi, zero;
+
+shift64 = tcg_temp_new_i64();
+tcg_gen_extu_i32_i64(shift64, shift);
+
+t0 = tcg_temp_new_i64();
+
+X = tcg_temp_new();
+lo = tcg_temp_new();
+hi = tcg_temp_new();
+
+if (left) {
+/* create [reg:X:..] */
+
+tcg_gen_shli_i32(lo, QREG_CC_X, 31);
+tcg_gen_concat_i32_i64(t0, lo, reg);
+
+/* rotate */
+
+tcg_gen_rotl_i64(t0, t0, shift64);
+tcg_temp_free_i64(shift64);
+
+/* result is [reg:..:reg:X] */
+
+tcg_gen_extr_i64_i32(lo, hi, t0);
+tcg_gen_andi_i32(X, lo, 1);
+
+tcg_gen_shri_i32(lo, lo, 1);
+} else {
+/* create [..:X:reg] */
+
+tcg_gen_concat_i32_i64(t0, reg, QREG_CC_X);
+
+tcg_gen_rotr_i64(t0, t0, shift64);
+tcg_temp_free_i64(shift64);
+
+/* result is value: [X:reg:..:reg] */
+
+tcg_gen_extr_i64_i32(lo, hi, t0);
+
+/* extract X */
+
+tcg_gen_shri_i32(X, hi, 31);
+
+/* extract result */
+
+tcg_gen_shli_i32(hi, hi, 1);
+}
+tcg_temp_free_i64(t0);
+tcg_gen_or_i32(lo, lo, hi);
+tcg_temp_free(hi);
+
+/* if shift == 0, register and X are not affected */
+
+zero = tcg_const_i32(0);
+tcg_gen_movcond_i32(TCG_COND_EQ, X, shift, zero, QREG_CC_X, X);
+

[Qemu-devel] [PULL v2 02/12] target-m68k: Split gen_lea and gen_ea

[Laurent Vivier]

From: Richard Henderson 

Provide gen_lea_mode and gen_ea_mode, where the mode can be
specified manually, rather than taken from the instruction.

Signed-off-by: Richard Henderson 
Message-Id: <1478206203-4606-3-git-send-email-...@twiddle.net>
---
 target/m68k/translate.c | 112 +---
 1 file changed, 59 insertions(+), 53 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index a9066dc..aaa221e 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -697,37 +697,37 @@ static void gen_partset_reg(int opsize, TCGv reg, TCGv 
val)
 
 /* Generate code for an "effective address".  Does not adjust the base
register for autoincrement addressing modes.  */
-static TCGv gen_lea(CPUM68KState *env, DisasContext *s, uint16_t insn,
-int opsize)
+static TCGv gen_lea_mode(CPUM68KState *env, DisasContext *s,
+ int mode, int reg0, int opsize)
 {
 TCGv reg;
 TCGv tmp;
 uint16_t ext;
 uint32_t offset;
 
-switch ((insn >> 3) & 7) {
+switch (mode) {
 case 0: /* Data register direct.  */
 case 1: /* Address register direct.  */
 return NULL_QREG;
 case 2: /* Indirect register */
 case 3: /* Indirect postincrement.  */
-return AREG(insn, 0);
+return get_areg(s, reg0);
 case 4: /* Indirect predecrememnt.  */
-reg = AREG(insn, 0);
+reg = get_areg(s, reg0);
 tmp = tcg_temp_new();
 tcg_gen_subi_i32(tmp, reg, opsize_bytes(opsize));
 return tmp;
 case 5: /* Indirect displacement.  */
-reg = AREG(insn, 0);
+reg = get_areg(s, reg0);
 tmp = tcg_temp_new();
 ext = read_im16(env, s);
 tcg_gen_addi_i32(tmp, reg, (int16_t)ext);
 return tmp;
 case 6: /* Indirect index + displacement.  */
-reg = AREG(insn, 0);
+reg = get_areg(s, reg0);
 return gen_lea_indexed(env, s, reg);
 case 7: /* Other */
-switch (insn & 7) {
+switch (reg0) {
 case 0: /* Absolute short.  */
 offset = (int16_t)read_im16(env, s);
 return tcg_const_i32(offset);
@@ -749,39 +749,26 @@ static TCGv gen_lea(CPUM68KState *env, DisasContext *s, 
uint16_t insn,
 return NULL_QREG;
 }
 
-/* Helper function for gen_ea. Reuse the computed address between the
-   for read/write operands.  */
-static inline TCGv gen_ea_once(CPUM68KState *env, DisasContext *s,
-   uint16_t insn, int opsize, TCGv val,
-   TCGv *addrp, ea_what what)
+static TCGv gen_lea(CPUM68KState *env, DisasContext *s, uint16_t insn,
+int opsize)
 {
-TCGv tmp;
-
-if (addrp && what == EA_STORE) {
-tmp = *addrp;
-} else {
-tmp = gen_lea(env, s, insn, opsize);
-if (IS_NULL_QREG(tmp))
-return tmp;
-if (addrp)
-*addrp = tmp;
-}
-return gen_ldst(s, opsize, tmp, val, what);
+int mode = extract32(insn, 3, 3);
+int reg0 = REG(insn, 0);
+return gen_lea_mode(env, s, mode, reg0, opsize);
 }
 
-/* Generate code to load/store a value from/into an EA.  If VAL > 0 this is
+/* Generate code to load/store a value from/into an EA.  If WHAT > 0 this is
a write otherwise it is a read (0 == sign extend, -1 == zero extend).
ADDRP is non-null for readwrite operands.  */
-static TCGv gen_ea(CPUM68KState *env, DisasContext *s, uint16_t insn,
-   int opsize, TCGv val, TCGv *addrp, ea_what what)
+static TCGv gen_ea_mode(CPUM68KState *env, DisasContext *s, int mode, int reg0,
+int opsize, TCGv val, TCGv *addrp, ea_what what)
 {
-TCGv reg;
-TCGv result;
-uint32_t offset;
+TCGv reg, tmp, result;
+int32_t offset;
 
-switch ((insn >> 3) & 7) {
+switch (mode) {
 case 0: /* Data register direct.  */
-reg = DREG(insn, 0);
+reg = cpu_dregs[reg0];
 if (what == EA_STORE) {
 gen_partset_reg(opsize, reg, val);
 return store_dummy;
@@ -789,7 +776,7 @@ static TCGv gen_ea(CPUM68KState *env, DisasContext *s, 
uint16_t insn,
 return gen_extend(reg, opsize, what == EA_LOADS);
 }
 case 1: /* Address register direct.  */
-reg = AREG(insn, 0);
+reg = get_areg(s, reg0);
 if (what == EA_STORE) {
 tcg_gen_mov_i32(reg, val);
 return store_dummy;
@@ -797,45 +784,56 @@ static TCGv gen_ea(CPUM68KState *env, DisasContext *s, 
uint16_t insn,
 return gen_extend(reg, opsize, what == EA_LOADS);
 }
 case 2: /* Indirect register */
-reg = AREG(insn, 0);
+reg = get_areg(s, reg0);
 return gen_ldst(s, opsize, reg, val, what);
 case 3: /* Indirect postincrement.  */
-reg = AREG(insn, 0);
+reg = get_areg(s, reg0);
 result = gen_ldst(s, opsize, reg, val, 

[Qemu-devel] [PULL v2 12/12] target-m68k: free TCG variables that are not

[Laurent Vivier]

This is a cleanup patch. It adds call to tcg_temp_free()
when it is missing.

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target/m68k/translate.c | 41 -
 1 file changed, 32 insertions(+), 9 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index bb5a299..5329317 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -679,12 +679,14 @@ static void gen_partset_reg(int opsize, TCGv reg, TCGv 
val)
 tmp = tcg_temp_new();
 tcg_gen_ext8u_i32(tmp, val);
 tcg_gen_or_i32(reg, reg, tmp);
+tcg_temp_free(tmp);
 break;
 case OS_WORD:
 tcg_gen_andi_i32(reg, reg, 0x);
 tmp = tcg_temp_new();
 tcg_gen_ext16u_i32(tmp, val);
 tcg_gen_or_i32(reg, reg, tmp);
+tcg_temp_free(tmp);
 break;
 case OS_LONG:
 case OS_SINGLE:
@@ -1105,11 +1107,19 @@ static void gen_jmp(DisasContext *s, TCGv dest)
 s->is_jmp = DISAS_JUMP;
 }
 
+static void gen_raise_exception(int nr)
+{
+TCGv_i32 tmp = tcg_const_i32(nr);
+
+gen_helper_raise_exception(cpu_env, tmp);
+tcg_temp_free_i32(tmp);
+}
+
 static void gen_exception(DisasContext *s, uint32_t where, int nr)
 {
 update_cc_op(s);
 gen_jmp_im(s, where);
-gen_helper_raise_exception(cpu_env, tcg_const_i32(nr));
+gen_raise_exception(nr);
 }
 
 static inline void gen_addr_fault(DisasContext *s)
@@ -1240,6 +1250,7 @@ DISAS_INSN(mulw)
 tcg_gen_mul_i32(tmp, tmp, src);
 tcg_gen_mov_i32(reg, tmp);
 gen_logic_cc(s, tmp, OS_LONG);
+tcg_temp_free(tmp);
 }
 
 DISAS_INSN(divw)
@@ -1645,6 +1656,7 @@ static void gen_push(DisasContext *s, TCGv val)
 tcg_gen_subi_i32(tmp, QREG_SP, 4);
 gen_store(s, OS_LONG, tmp, val);
 tcg_gen_mov_i32(QREG_SP, tmp);
+tcg_temp_free(tmp);
 }
 
 static TCGv mreg(int reg)
@@ -2135,10 +2147,14 @@ DISAS_INSN(lea)
 DISAS_INSN(clr)
 {
 int opsize;
+TCGv zero;
+
+zero = tcg_const_i32(0);
 
 opsize = insn_opsize(insn);
-DEST_EA(env, insn, opsize, tcg_const_i32(0), NULL);
-gen_logic_cc(s, tcg_const_i32(0), opsize);
+DEST_EA(env, insn, opsize, zero, NULL);
+gen_logic_cc(s, zero, opsize);
+tcg_temp_free(zero);
 }
 
 static TCGv gen_get_ccr(DisasContext *s)
@@ -2244,6 +2260,8 @@ DISAS_INSN(swap)
 tcg_gen_shli_i32(src1, reg, 16);
 tcg_gen_shri_i32(src2, reg, 16);
 tcg_gen_or_i32(reg, src1, src2);
+tcg_temp_free(src2);
+tcg_temp_free(src1);
 gen_logic_cc(s, reg, OS_LONG);
 }
 
@@ -2282,6 +2300,7 @@ DISAS_INSN(ext)
 else
 tcg_gen_mov_i32(reg, tmp);
 gen_logic_cc(s, tmp, OS_LONG);
+tcg_temp_free(tmp);
 }
 
 DISAS_INSN(tst)
@@ -2316,6 +2335,7 @@ DISAS_INSN(tas)
 gen_logic_cc(s, src1, OS_BYTE);
 tcg_gen_ori_i32(dest, src1, 0x80);
 DEST_EA(env, insn, OS_BYTE, dest, );
+tcg_temp_free(dest);
 }
 
 DISAS_INSN(mull)
@@ -2423,6 +2443,7 @@ DISAS_INSN(unlk)
 tmp = gen_load(s, OS_LONG, src, 0);
 tcg_gen_mov_i32(reg, tmp);
 tcg_gen_addi_i32(QREG_SP, src, 4);
+tcg_temp_free(src);
 }
 
 DISAS_INSN(nop)
@@ -2499,7 +2520,9 @@ DISAS_INSN(addsubq)
 }
 gen_update_cc_add(dest, val, opsize);
 }
+tcg_temp_free(val);
 DEST_EA(env, insn, opsize, dest, );
+tcg_temp_free(dest);
 }
 
 DISAS_INSN(tpf)
@@ -2552,11 +2575,8 @@ DISAS_INSN(branch)
 
 DISAS_INSN(moveq)
 {
-uint32_t val;
-
-val = (int8_t)insn;
-tcg_gen_movi_i32(DREG(insn, 9), val);
-gen_logic_cc(s, tcg_const_i32(val), OS_LONG);
+tcg_gen_movi_i32(DREG(insn, 9), (int8_t)insn);
+gen_logic_cc(s, DREG(insn, 9), OS_LONG);
 }
 
 DISAS_INSN(mvzs)
@@ -2596,6 +2616,7 @@ DISAS_INSN(or)
 gen_partset_reg(opsize, DREG(insn, 9), dest);
 }
 gen_logic_cc(s, dest, opsize);
+tcg_temp_free(dest);
 }
 
 DISAS_INSN(suba)
@@ -2690,6 +2711,7 @@ DISAS_INSN(mov3q)
 src = tcg_const_i32(val);
 gen_logic_cc(s, src, OS_LONG);
 DEST_EA(env, insn, OS_LONG, src, NULL);
+tcg_temp_free(src);
 }
 
 DISAS_INSN(cmp)
@@ -2749,6 +2771,7 @@ DISAS_INSN(eor)
 tcg_gen_xor_i32(dest, src, DREG(insn, 9));
 gen_logic_cc(s, dest, opsize);
 DEST_EA(env, insn, opsize, dest, );
+tcg_temp_free(dest);
 }
 
 static void do_exg(TCGv reg1, TCGv reg2)
@@ -2799,8 +2822,8 @@ DISAS_INSN(and)
 tcg_gen_and_i32(dest, src, reg);
 gen_partset_reg(opsize, reg, dest);
 }
-tcg_temp_free(dest);
 gen_logic_cc(s, dest, opsize);
+tcg_temp_free(dest);
 }
 
 DISAS_INSN(adda)
-- 
2.7.4

[Qemu-devel] [PULL v2 05/12] target-m68k: add 680x0 divu/divs variants

[Laurent Vivier]

Update helper to set the throwing location in case of div-by-0.
Cleanup divX.w and add quad word variants of divX.l.

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
[laurent: modified to clear Z on overflow, as found with risu]
---
 linux-user/main.c   |   7 ++
 target/m68k/cpu.h   |   4 --
 target/m68k/helper.h|   8 ++-
 target/m68k/op_helper.c | 183 +---
 target/m68k/qregs.def   |   2 -
 target/m68k/translate.c |  84 --
 6 files changed, 218 insertions(+), 70 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index 75b199f..c1d5eb4 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -2864,6 +2864,13 @@ void cpu_loop(CPUM68KState *env)
 info._sifields._sigfault._addr = env->pc;
 queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
 break;
+case EXCP_DIV0:
+info.si_signo = TARGET_SIGFPE;
+info.si_errno = 0;
+info.si_code = TARGET_FPE_INTDIV;
+info._sifields._sigfault._addr = env->pc;
+queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
+break;
 case EXCP_TRAP0:
 {
 abi_long ret;
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 6dfb54e..0b4ed7b 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -95,10 +95,6 @@ typedef struct CPUM68KState {
 uint32_t macsr;
 uint32_t mac_mask;
 
-/* Temporary storage for DIV helpers.  */
-uint32_t div1;
-uint32_t div2;
-
 /* MMU status.  */
 struct {
 uint32_t ar;
diff --git a/target/m68k/helper.h b/target/m68k/helper.h
index 2697e32..6180dc5 100644
--- a/target/m68k/helper.h
+++ b/target/m68k/helper.h
@@ -1,8 +1,12 @@
 DEF_HELPER_1(bitrev, i32, i32)
 DEF_HELPER_1(ff1, i32, i32)
 DEF_HELPER_FLAGS_2(sats, TCG_CALL_NO_RWG_SE, i32, i32, i32)
-DEF_HELPER_2(divu, void, env, i32)
-DEF_HELPER_2(divs, void, env, i32)
+DEF_HELPER_3(divuw, void, env, int, i32)
+DEF_HELPER_3(divsw, void, env, int, s32)
+DEF_HELPER_4(divul, void, env, int, int, i32)
+DEF_HELPER_4(divsl, void, env, int, int, s32)
+DEF_HELPER_4(divull, void, env, int, int, i32)
+DEF_HELPER_4(divsll, void, env, int, int, s32)
 DEF_HELPER_3(shl_cc, i32, env, i32, i32)
 DEF_HELPER_3(shr_cc, i32, env, i32, i32)
 DEF_HELPER_3(sar_cc, i32, env, i32, i32)
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 48e02e4..04246a9 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -166,12 +166,17 @@ bool m68k_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 return false;
 }
 
-static void raise_exception(CPUM68KState *env, int tt)
+static void raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
 {
 CPUState *cs = CPU(m68k_env_get_cpu(env));
 
 cs->exception_index = tt;
-cpu_loop_exit(cs);
+cpu_loop_exit_restore(cs, raddr);
+}
+
+static void raise_exception(CPUM68KState *env, int tt)
+{
+raise_exception_ra(env, tt, 0);
 }
 
 void HELPER(raise_exception)(CPUM68KState *env, uint32_t tt)
@@ -179,51 +184,179 @@ void HELPER(raise_exception)(CPUM68KState *env, uint32_t 
tt)
 raise_exception(env, tt);
 }
 
-void HELPER(divu)(CPUM68KState *env, uint32_t word)
+void HELPER(divuw)(CPUM68KState *env, int destr, uint32_t den)
 {
-uint32_t num;
-uint32_t den;
-uint32_t quot;
-uint32_t rem;
+uint32_t num = env->dregs[destr];
+uint32_t quot, rem;
+
+if (den == 0) {
+raise_exception_ra(env, EXCP_DIV0, GETPC());
+}
+quot = num / den;
+rem = num % den;
+
+env->cc_c = 0; /* always cleared, even if overflow */
+if (quot > 0x) {
+env->cc_v = -1;
+/* real 68040 keeps N and unset Z on overflow,
+ * whereas documentation says "undefined"
+ */
+env->cc_z = 1;
+return;
+}
+env->dregs[destr] = deposit32(quot, 16, 16, rem);
+env->cc_z = (int16_t)quot;
+env->cc_n = (int16_t)quot;
+env->cc_v = 0;
+}
+
+void HELPER(divsw)(CPUM68KState *env, int destr, int32_t den)
+{
+int32_t num = env->dregs[destr];
+uint32_t quot, rem;
 
-num = env->div1;
-den = env->div2;
-/* ??? This needs to make sure the throwing location is accurate.  */
 if (den == 0) {
-raise_exception(env, EXCP_DIV0);
+raise_exception_ra(env, EXCP_DIV0, GETPC());
 }
 quot = num / den;
 rem = num % den;
 
-env->cc_v = (word && quot > 0x ? -1 : 0);
+env->cc_c = 0; /* always cleared, even if overflow */
+if (quot != (int16_t)quot) {
+env->cc_v = -1;
+/* nothing else is modified */
+/* real 68040 keeps N and unset Z on overflow,
+ * whereas documentation says "undefined"
+ */
+env->cc_z = 1;
+return;
+}
+env->dregs[destr] = deposit32(quot, 16, 16, rem);
+env->cc_z = (int16_t)quot;
+env->cc_n = (int16_t)quot;
+env->cc_v = 

[Qemu-devel] [PULL v2 00/12] M68k for 2.9 patches

[Laurent Vivier]

The following changes since commit e5fdf663cf01f824f0e29701551a2c29554d80a4:

  Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20161223' into 
staging (2016-12-27 14:56:47 +)

are available in the git repository at:

  git://github.com/vivier/qemu-m68k.git tags/m68k-for-2.9-pull-request

for you to fetch changes up to 2b5e2170678af36df48ab4b05dff81fe40b41a65:

  target-m68k: free TCG variables that are not (2016-12-27 18:28:40 +0100)


A series of patches queued since the beginning of the freeze period.
Compared to the m68k-for-2.9 branch, 3 patches implementing bitfield
ops are missing as they need new TCG functions. They will be pushed
later.
v2: remove warning for unused variables.


Laurent Vivier (8):
  target-m68k: add cmpm
  target-m68k: add 64bit mull
  target-m68k: add 680x0 divu/divs variants
  target-m68k: add abcd/sbcd/nbcd
  target-m68k: add cas/cas2 ops
  target-m68k: Implement 680x0 movem
  target-m68k: add rol/ror/roxl/roxr instructions
  target-m68k: free TCG variables that are not

Richard Henderson (4):
  target-m68k: Delay autoinc writeback
  target-m68k: Split gen_lea and gen_ea
  target-m68k: Do not cpu_abort on undefined insns
  target-m68k: Inline shifts

 linux-user/main.c   |7 +
 target/m68k/cpu.h   |4 -
 target/m68k/helper.c|   52 --
 target/m68k/helper.h|   13 +-
 target/m68k/op_helper.c |  292 -
 target/m68k/qregs.def   |2 -
 target/m68k/translate.c | 1520 +--
 7 files changed, 1624 insertions(+), 266 deletions(-)

-- 
2.7.4

[Qemu-devel] [PULL v2 06/12] target-m68k: add abcd/sbcd/nbcd

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target/m68k/translate.c | 220 
 1 file changed, 220 insertions(+)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 737009e..1567647 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -1313,6 +1313,221 @@ DISAS_INSN(divl)
 set_cc_op(s, CC_OP_FLAGS);
 }
 
+static void bcd_add(TCGv dest, TCGv src)
+{
+TCGv t0, t1;
+
+/*  dest10 = dest10 + src10 + X
+ *
+ *t1 = src
+ *t2 = t1 + 0x066
+ *t3 = t2 + dest + X
+ *t4 = t2 ^ dest
+ *t5 = t3 ^ t4
+ *t6 = ~t5 & 0x110
+ *t7 = (t6 >> 2) | (t6 >> 3)
+ *return t3 - t7
+ */
+
+/* t1 = (src + 0x066) + dest + X
+ *= result with some possible exceding 0x6
+ */
+
+t0 = tcg_const_i32(0x066);
+tcg_gen_add_i32(t0, t0, src);
+
+t1 = tcg_temp_new();
+tcg_gen_add_i32(t1, t0, dest);
+tcg_gen_add_i32(t1, t1, QREG_CC_X);
+
+/* we will remove exceding 0x6 where there is no carry */
+
+/* t0 = (src + 0x0066) ^ dest
+ *= t1 without carries
+ */
+
+tcg_gen_xor_i32(t0, t0, dest);
+
+/* extract the carries
+ * t0 = t0 ^ t1
+ *= only the carries
+ */
+
+tcg_gen_xor_i32(t0, t0, t1);
+
+/* generate 0x1 where there is no carry
+ * and for each 0x10, generate a 0x6
+ */
+
+tcg_gen_shri_i32(t0, t0, 3);
+tcg_gen_not_i32(t0, t0);
+tcg_gen_andi_i32(t0, t0, 0x22);
+tcg_gen_add_i32(dest, t0, t0);
+tcg_gen_add_i32(dest, dest, t0);
+tcg_temp_free(t0);
+
+/* remove the exceding 0x6
+ * for digits that have not generated a carry
+ */
+
+tcg_gen_sub_i32(dest, t1, dest);
+tcg_temp_free(t1);
+}
+
+static void bcd_sub(TCGv dest, TCGv src)
+{
+TCGv t0, t1, t2;
+
+/*  dest10 = dest10 - src10 - X
+ * = bcd_add(dest + 1 - X, 0x199 - src)
+ */
+
+/* t0 = 0x066 + (0x199 - src) */
+
+t0 = tcg_temp_new();
+tcg_gen_subfi_i32(t0, 0x1ff, src);
+
+/* t1 = t0 + dest + 1 - X*/
+
+t1 = tcg_temp_new();
+tcg_gen_add_i32(t1, t0, dest);
+tcg_gen_addi_i32(t1, t1, 1);
+tcg_gen_sub_i32(t1, t1, QREG_CC_X);
+
+/* t2 = t0 ^ dest */
+
+t2 = tcg_temp_new();
+tcg_gen_xor_i32(t2, t0, dest);
+
+/* t0 = t1 ^ t2 */
+
+tcg_gen_xor_i32(t0, t1, t2);
+
+/* t2 = ~t0 & 0x110
+ * t0 = (t2 >> 2) | (t2 >> 3)
+ *
+ * to fit on 8bit operands, changed in:
+ *
+ * t2 = ~(t0 >> 3) & 0x22
+ * t0 = t2 + t2
+ * t0 = t0 + t2
+ */
+
+tcg_gen_shri_i32(t2, t0, 3);
+tcg_gen_not_i32(t2, t2);
+tcg_gen_andi_i32(t2, t2, 0x22);
+tcg_gen_add_i32(t0, t2, t2);
+tcg_gen_add_i32(t0, t0, t2);
+tcg_temp_free(t2);
+
+/* return t1 - t0 */
+
+tcg_gen_sub_i32(dest, t1, t0);
+tcg_temp_free(t0);
+tcg_temp_free(t1);
+}
+
+static void bcd_flags(TCGv val)
+{
+tcg_gen_andi_i32(QREG_CC_C, val, 0x0ff);
+tcg_gen_or_i32(QREG_CC_Z, QREG_CC_Z, QREG_CC_C);
+
+tcg_gen_shri_i32(QREG_CC_C, val, 8);
+tcg_gen_andi_i32(QREG_CC_C, QREG_CC_C, 1);
+
+tcg_gen_mov_i32(QREG_CC_X, QREG_CC_C);
+}
+
+DISAS_INSN(abcd_reg)
+{
+TCGv src;
+TCGv dest;
+
+gen_flush_flags(s); /* !Z is sticky */
+
+src = gen_extend(DREG(insn, 0), OS_BYTE, 0);
+dest = gen_extend(DREG(insn, 9), OS_BYTE, 0);
+bcd_add(dest, src);
+gen_partset_reg(OS_BYTE, DREG(insn, 9), dest);
+
+bcd_flags(dest);
+}
+
+DISAS_INSN(abcd_mem)
+{
+TCGv src, dest, addr;
+
+gen_flush_flags(s); /* !Z is sticky */
+
+/* Indirect pre-decrement load (mode 4) */
+
+src = gen_ea_mode(env, s, 4, REG(insn, 0), OS_BYTE,
+  NULL_QREG, NULL, EA_LOADU);
+dest = gen_ea_mode(env, s, 4, REG(insn, 9), OS_BYTE,
+   NULL_QREG, , EA_LOADU);
+
+bcd_add(dest, src);
+
+gen_ea_mode(env, s, 4, REG(insn, 9), OS_BYTE, dest, , EA_STORE);
+
+bcd_flags(dest);
+}
+
+DISAS_INSN(sbcd_reg)
+{
+TCGv src, dest;
+
+gen_flush_flags(s); /* !Z is sticky */
+
+src = gen_extend(DREG(insn, 0), OS_BYTE, 0);
+dest = gen_extend(DREG(insn, 9), OS_BYTE, 0);
+
+bcd_sub(dest, src);
+
+gen_partset_reg(OS_BYTE, DREG(insn, 9), dest);
+
+bcd_flags(dest);
+}
+
+DISAS_INSN(sbcd_mem)
+{
+TCGv src, dest, addr;
+
+gen_flush_flags(s); /* !Z is sticky */
+
+/* Indirect pre-decrement load (mode 4) */
+
+src = gen_ea_mode(env, s, 4, REG(insn, 0), OS_BYTE,
+  NULL_QREG, NULL, EA_LOADU);
+dest = gen_ea_mode(env, s, 4, REG(insn, 9), OS_BYTE,
+   NULL_QREG, , EA_LOADU);
+
+bcd_sub(dest, src);
+
+gen_ea_mode(env, s, 4, REG(insn, 9), OS_BYTE, dest, , EA_STORE);
+
+bcd_flags(dest);
+}
+
+DISAS_INSN(nbcd)
+{
+TCGv src, dest;
+TCGv addr;
+
+gen_flush_flags(s); /* !Z is sticky */
+
+SRC_EA(env, src, 

[Qemu-devel] [PULL v2 07/12] target-m68k: add cas/cas2 ops

[Laurent Vivier]

Implement CAS using cmpxchg.
Implement CAS2 using helper and either cmpxchg when
the 32bit addresses are consecutive, or with
parallel_cpus+cpu_loop_exit_atomic() otherwise.

Suggested-by: Richard Henderson 
Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target/m68k/helper.h|   2 +
 target/m68k/op_helper.c | 109 ++
 target/m68k/translate.c | 154 
 3 files changed, 265 insertions(+)

diff --git a/target/m68k/helper.h b/target/m68k/helper.h
index 6180dc5..a6f88fc 100644
--- a/target/m68k/helper.h
+++ b/target/m68k/helper.h
@@ -12,6 +12,8 @@ DEF_HELPER_3(shr_cc, i32, env, i32, i32)
 DEF_HELPER_3(sar_cc, i32, env, i32, i32)
 DEF_HELPER_2(set_sr, void, env, i32)
 DEF_HELPER_3(movec, void, env, i32, i32)
+DEF_HELPER_4(cas2w, void, env, i32, i32, i32)
+DEF_HELPER_4(cas2l, void, env, i32, i32, i32)
 
 DEF_HELPER_2(f64_to_i32, f32, env, f64)
 DEF_HELPER_2(f64_to_f32, f32, env, f64)
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 04246a9..e56b815 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -360,3 +360,112 @@ void HELPER(divsll)(CPUM68KState *env, int numr, int 
regr, int32_t den)
 env->dregs[regr] = rem;
 env->dregs[numr] = quot;
 }
+
+void HELPER(cas2w)(CPUM68KState *env, uint32_t regs, uint32_t a1, uint32_t a2)
+{
+uint32_t Dc1 = extract32(regs, 9, 3);
+uint32_t Dc2 = extract32(regs, 6, 3);
+uint32_t Du1 = extract32(regs, 3, 3);
+uint32_t Du2 = extract32(regs, 0, 3);
+int16_t c1 = env->dregs[Dc1];
+int16_t c2 = env->dregs[Dc2];
+int16_t u1 = env->dregs[Du1];
+int16_t u2 = env->dregs[Du2];
+int16_t l1, l2;
+uintptr_t ra = GETPC();
+
+if (parallel_cpus) {
+/* Tell the main loop we need to serialize this insn.  */
+cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
+} else {
+/* We're executing in a serial context -- no need to be atomic.  */
+l1 = cpu_lduw_data_ra(env, a1, ra);
+l2 = cpu_lduw_data_ra(env, a2, ra);
+if (l1 == c1 && l2 == c2) {
+cpu_stw_data_ra(env, a1, u1, ra);
+cpu_stw_data_ra(env, a2, u2, ra);
+}
+}
+
+if (c1 != l1) {
+env->cc_n = l1;
+env->cc_v = c1;
+} else {
+env->cc_n = l2;
+env->cc_v = c2;
+}
+env->cc_op = CC_OP_CMPW;
+env->dregs[Dc1] = deposit32(env->dregs[Dc1], 0, 16, l1);
+env->dregs[Dc2] = deposit32(env->dregs[Dc2], 0, 16, l2);
+}
+
+void HELPER(cas2l)(CPUM68KState *env, uint32_t regs, uint32_t a1, uint32_t a2)
+{
+uint32_t Dc1 = extract32(regs, 9, 3);
+uint32_t Dc2 = extract32(regs, 6, 3);
+uint32_t Du1 = extract32(regs, 3, 3);
+uint32_t Du2 = extract32(regs, 0, 3);
+uint32_t c1 = env->dregs[Dc1];
+uint32_t c2 = env->dregs[Dc2];
+uint32_t u1 = env->dregs[Du1];
+uint32_t u2 = env->dregs[Du2];
+uint32_t l1, l2;
+uintptr_t ra = GETPC();
+#if defined(CONFIG_ATOMIC64) && !defined(CONFIG_USER_ONLY)
+int mmu_idx = cpu_mmu_index(env, 0);
+TCGMemOpIdx oi;
+#endif
+
+if (parallel_cpus) {
+/* We're executing in a parallel context -- must be atomic.  */
+#ifdef CONFIG_ATOMIC64
+uint64_t c, u, l;
+if ((a1 & 7) == 0 && a2 == a1 + 4) {
+c = deposit64(c2, 32, 32, c1);
+u = deposit64(u2, 32, 32, u1);
+#ifdef CONFIG_USER_ONLY
+l = helper_atomic_cmpxchgq_be(env, a1, c, u);
+#else
+oi = make_memop_idx(MO_BEQ, mmu_idx);
+l = helper_atomic_cmpxchgq_be_mmu(env, a1, c, u, oi, ra);
+#endif
+l1 = l >> 32;
+l2 = l;
+} else if ((a2 & 7) == 0 && a1 == a2 + 4) {
+c = deposit64(c1, 32, 32, c2);
+u = deposit64(u1, 32, 32, u2);
+#ifdef CONFIG_USER_ONLY
+l = helper_atomic_cmpxchgq_be(env, a2, c, u);
+#else
+oi = make_memop_idx(MO_BEQ, mmu_idx);
+l = helper_atomic_cmpxchgq_be_mmu(env, a2, c, u, oi, ra);
+#endif
+l2 = l >> 32;
+l1 = l;
+} else
+#endif
+{
+/* Tell the main loop we need to serialize this insn.  */
+cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
+}
+} else {
+/* We're executing in a serial context -- no need to be atomic.  */
+l1 = cpu_ldl_data_ra(env, a1, ra);
+l2 = cpu_ldl_data_ra(env, a2, ra);
+if (l1 == c1 && l2 == c2) {
+cpu_stl_data_ra(env, a1, u1, ra);
+cpu_stl_data_ra(env, a2, u2, ra);
+}
+}
+
+if (c1 != l1) {
+env->cc_n = l1;
+env->cc_v = c1;
+} else {
+env->cc_n = l2;
+env->cc_v = c2;
+}
+env->cc_op = CC_OP_CMPL;
+env->dregs[Dc1] = l1;
+env->dregs[Dc2] = l2;
+}
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 1567647..0124820 100644
--- a/target/m68k/translate.c
+++ 

[Qemu-devel] [PULL v2 04/12] target-m68k: add 64bit mull

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Richard Henderson 
---
 target/m68k/translate.c | 62 +++--
 1 file changed, 50 insertions(+), 12 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 97edb7b..6678b57 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -1863,24 +1863,62 @@ DISAS_INSN(tas)
 DISAS_INSN(mull)
 {
 uint16_t ext;
-TCGv reg;
 TCGv src1;
-TCGv dest;
+int sign;
 
-/* The upper 32 bits of the product are discarded, so
-   muls.l and mulu.l are functionally equivalent.  */
 ext = read_im16(env, s);
-if (ext & 0x87ff) {
-gen_exception(s, s->pc - 4, EXCP_UNSUPPORTED);
+
+sign = ext & 0x800;
+
+if (ext & 0x400) {
+if (!m68k_feature(s->env, M68K_FEATURE_QUAD_MULDIV)) {
+gen_exception(s, s->pc - 4, EXCP_UNSUPPORTED);
+return;
+}
+
+SRC_EA(env, src1, OS_LONG, 0, NULL);
+
+if (sign) {
+tcg_gen_muls2_i32(QREG_CC_Z, QREG_CC_N, src1, DREG(ext, 12));
+} else {
+tcg_gen_mulu2_i32(QREG_CC_Z, QREG_CC_N, src1, DREG(ext, 12));
+}
+/* if Dl == Dh, 68040 returns low word */
+tcg_gen_mov_i32(DREG(ext, 0), QREG_CC_N);
+tcg_gen_mov_i32(DREG(ext, 12), QREG_CC_Z);
+tcg_gen_or_i32(QREG_CC_Z, QREG_CC_Z, QREG_CC_N);
+
+tcg_gen_movi_i32(QREG_CC_V, 0);
+tcg_gen_movi_i32(QREG_CC_C, 0);
+
+set_cc_op(s, CC_OP_FLAGS);
 return;
 }
-reg = DREG(ext, 12);
 SRC_EA(env, src1, OS_LONG, 0, NULL);
-dest = tcg_temp_new();
-tcg_gen_mul_i32(dest, src1, reg);
-tcg_gen_mov_i32(reg, dest);
-/* Unlike m68k, coldfire always clears the overflow bit.  */
-gen_logic_cc(s, dest, OS_LONG);
+if (m68k_feature(s->env, M68K_FEATURE_M68000)) {
+tcg_gen_movi_i32(QREG_CC_C, 0);
+if (sign) {
+tcg_gen_muls2_i32(QREG_CC_N, QREG_CC_V, src1, DREG(ext, 12));
+/* QREG_CC_V is -(QREG_CC_V != (QREG_CC_N >> 31)) */
+tcg_gen_sari_i32(QREG_CC_Z, QREG_CC_N, 31);
+tcg_gen_setcond_i32(TCG_COND_NE, QREG_CC_V, QREG_CC_V, QREG_CC_Z);
+} else {
+tcg_gen_mulu2_i32(QREG_CC_N, QREG_CC_V, src1, DREG(ext, 12));
+/* QREG_CC_V is -(QREG_CC_V != 0), use QREG_CC_C as 0 */
+tcg_gen_setcond_i32(TCG_COND_NE, QREG_CC_V, QREG_CC_V, QREG_CC_C);
+}
+tcg_gen_neg_i32(QREG_CC_V, QREG_CC_V);
+tcg_gen_mov_i32(DREG(ext, 12), QREG_CC_N);
+
+tcg_gen_mov_i32(QREG_CC_Z, QREG_CC_N);
+
+set_cc_op(s, CC_OP_FLAGS);
+} else {
+/* The upper 32 bits of the product are discarded, so
+   muls.l and mulu.l are functionally equivalent.  */
+tcg_gen_mul_i32(DREG(ext, 12), src1, DREG(ext, 12));
+gen_logic_cc(s, DREG(ext, 12), OS_LONG);
+}
 }
 
 static void gen_link(DisasContext *s, uint16_t insn, int32_t offset)
-- 
2.7.4

Re: [Qemu-devel] [PULL 0/4] cryptodev patches

[Peter Maydell]

On 24 December 2016 at 06:12, Gonglei  wrote:
> The following changes since commit a470b33259bf82ef2336bfcd5d07640562d3f63b:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
> staging (2016-12-22 19:23:51 +)
>
> are available in the git repository at:
>
>
>   https://github.com/gongleiarei/qemu.git tags/cryptodev-next-20161224
>
> for you to fetch changes up to 48ae36c0ad16bb757d4f6e243b8e9072fc8e8c8e:
>
>   cryptodev: add 3des-ede support (2016-12-24 13:46:27 +0800)
>
> 
> - add xts mode support
> - add 3DES algorithm support
> - other trivial fixes
>
> 
> Longpeng(Mike) (4):
>   cryptodev: fix the check of aes algorithm
>   cryptodev: add xts(aes) support
>   cryptodev: remove single-DES support in cryptodev
>   cryptodev: add 3des-ede support
>
>  backends/cryptodev-builtin.c | 65 
> ++---
>  1 file changed, 50 insertions(+), 15 deletions(-)

Hi. This pull request does not appear to be signed by the GPG
key that I have on record for you, and the key it is signed
by seems to be only self-signed and not signed by anybody
else...

thanks
-- PMM

Re: [Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

On 27 December 2016 at 15:20, Peter Maydell <peter.mayd...@linaro.org> wrote:
> First target-arm pull for 2.9; nothing particularly exciting here.
>
> thanks
> -- PMM
>
> The following changes since commit a470b33259bf82ef2336bfcd5d07640562d3f63b:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
> staging (2016-12-22 19:23:51 +)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git 
> tags/pull-target-arm-20161227
>
> for you to fetch changes up to 91db4642f868cf2e591b62d31a19d35b02ea791e:
>
>   target-arm: Add VBAR support to ARM1176 CPUs (2016-12-27 14:59:30 +)
>
> 

Applied, thanks.

-- PMM

Re: [Qemu-devel] qemu: bunch of spelling-fixes

[Peter Maydell]

On 27 December 2016 at 17:19, Marc-André Lureau  wrote:
> Hi,
>
> - Original Message -
>> phew. sounds too complicated.. sitting on wrong machine, wrong email
>> addresses and want to keep my personal footprint out there as small as
>> possible.
>> And hey, this are just typo-fixes, no rocket-science. It was even easier
>> to get the fixes into openssl
>>
>> But throwing the stuff as its done not into /dev/null is also not good.
>> So i picked someone at random from the trivial-mailinglist... tada...
>>
>
> If you don't have the time to follow
> http://qemu-project.org/Contribute/SubmitAPatch, perhaps someone
> else will do it for you, or not.

An important part of the instructions is the part where you
have to provide your Signed-off-by: line with your name and
email address. This says "I own the copyright on these changes
and am happy for them to go into QEMU under the QEMU license".
Without that signoff we unfortunately can't accept the changes,
even if somebody else does the work of cleaning them up, reviewing
them and applying them :-(

thanks
-- PMM

Re: [Qemu-devel] qemu: bunch of spelling-fixes

[Marc-André Lureau]

Hi,

- Original Message -
> Hi,
> 
> I used misspell_fixer [1], [2] on qemu sources. (used
> http://git.qemu.org/qemu.git )
> found a bunch of typos, patches with spelling-fixes attached.
> 

Nice tool, thanks for the links.

> so.. i did all these stuff, before read and fully understood the full
> "howto submit patch".
> 
> phew. sounds too complicated.. sitting on wrong machine, wrong email
> addresses and want to keep my personal footprint out there as small as
> possible.
> And hey, this are just typo-fixes, no rocket-science. It was even easier
> to get the fixes into openssl
> 
> But throwing the stuff as its done not into /dev/null is also not good.
> So i picked someone at random from the trivial-mailinglist... tada...
> 

If you don't have the time to follow 
http://qemu-project.org/Contribute/SubmitAPatch, perhaps someone else will do 
it for you, or not.

> 
> I'm attaching 2 patches.
> 1) is just for comments and texts. ( all the .txt, CHANGELOG,
> /*comment*/ stuff )
> after applying, the compiled binary should [3] still be same.
> 2) some printf() related output.
> 
> ... and I did not test the stuff.

Not a good idea :)

> 
> lg
> .klemens
> 
> 1] https://github.com/ka7/misspell_fixer
>it also relays heavily to the spelling-dictionary of debian-linter
> 2] https://github.com/ka7/misspell_fixer/tree/master/motivation
> 3] https://wiki.debian.org/ReproducibleBuilds/About
From 3f946c9cebc4b5aec9bf4b7b081cf5ab017ba6c7 Mon Sep 17 00:00:00 2001
From: klemens 
Date: Sun, 25 Dec 2016 21:51:18 +0100
Subject: [PATCH 1/2] spelling fixes, just text, comments.

---
 Changelog| 2 +-
 aio-posix.c  | 2 +-
 block/gluster.c  | 2 +-
 block/vhdx.c | 2 +-
 disas/libvixl/vixl/a64/decoder-a64.h | 2 +-
 disas/libvixl/vixl/globals.h | 2 +-
 docs/COLO-FT.txt | 2 +-
 docs/multiseat.txt   | 2 +-
 docs/qcow2-cache.txt | 2 +-
 docs/rdma.txt| 2 +-
 docs/specs/ppc-spapr-hotplug.txt | 2 +-
 include/elf.h| 2 +-
 include/exec/memory.h| 2 +-
 include/hw/arm/exynos4210.h  | 2 +-
 include/hw/arm/omap.h| 2 +-
 include/hw/dma/xlnx_dpdma.h  | 2 +-
 include/hw/pci-host/q35.h| 2 +-
 include/hw/pci/pcie_aer.h| 2 +-
 include/hw/register.h| 2 +-
 include/io/task.h| 2 +-
 include/qemu/qht.h   | 2 +-
 include/qom/cpu.h| 4 ++--
 include/sysemu/char.h| 4 ++--
 include/sysemu/cryptodev.h   | 2 +-
 ioport.c | 2 +-
 linux-user/syscall.c | 2 +-
 net/checksum.c   | 4 ++--
 net/filter.c | 2 +-
 qapi-schema.json | 2 +-
 scripts/clean-header-guards.pl   | 2 +-
 target/arm/cpu.h | 4 ++--
 target/arm/helper.c  | 2 +-
 target/arm/translate-a64.c   | 2 +-
 target/cris/helper.c | 6 +++---
 target/cris/translate.c  | 4 ++--
 target/ppc/STATUS| 2 +-
 target/ppc/cpu.h | 2 +-
 target/ppc/excp_helper.c | 4 ++--
 target/ppc/mmu-hash64.c  | 4 ++--
 target/ppc/mmu_helper.c  | 2 +-
 target/s390x/cpu_models.h| 4 ++--
 target/s390x/insn-data.def   | 2 +-
 target/s390x/translate.c | 6 +++---
 target/sh4/cpu.h | 2 +-
 target/tricore/helper.c  | 2 +-
 tcg/aarch64/tcg-target.inc.c | 2 +-
 tests/ahci-test.c| 2 +-
 tests/bios-tables-test.c | 2 +-
 tests/migration/guestperf-batch.py   | 2 +-
 tests/migration/guestperf.py | 2 +-
 tests/postcopy-test.c| 2 +-
 tests/test-throttle.c| 2 +-
 trace-events | 2 +-
 util/qemu-progress.c | 4 ++--
 util/qemu-sockets.c  | 2 +-
 util/qemu-thread-win32.c | 2 +-
 util/qht.c   | 2 +-
 util/uri.c   | 2 +-
 58 files changed, 71 insertions(+), 71 deletions(-)

diff --git a/Changelog b/Changelog
index 1249b8a..ef38a44 100644
--- a/Changelog
+++ b/Changelog
@@ -241,7 +241,7 @@ version 0.8.0:
 version 0.7.2:
 
   - x86_64 fixes (Win2000 and Linux 2.6 boot in 32 bit)
-  - merge self modifying code handling in dirty ram page mecanism.
+  - merge self modifying code handling in dirty ram page mechanism.
   - MIPS fixes (Ralf Baechle)
   - better user net performances
 
diff --git a/aio-posix.c b/aio-posix.c
index e13b9ab..b2c1987 100644
--- a/aio-posix.c
+++ b/aio-posix.c
@@ -35,7 +35,7 @@ struct AioHandler
 
 #ifdef CONFIG_EPOLL_CREATE1
 
-/* The fd number threashold to switch to epoll */
+/* The fd number threshold to switch to 

Re: [Qemu-devel] [PATCH] [M25P80] Make sure not to overrun the internal data buffer.

[Jean-Christophe DUBOIS]

You can have a more detailed procedure on how to run Xvisor on Qemu 
Sabrelite (with Linux guests if you wish) at the following URL.


https://github.com/avpatel/xvisor-next/blob/master/docs/arm/imx6-sabrelite.txt

You don't need to start the guest to see the crash. Just boot Xvisor ...

JC

Le 24/12/2016 à 19:12, Jean-Christophe DUBOIS a écrit :

Le 24/12/2016 à 19:04, mar.krzeminski a écrit :



W dniu 24.12.2016 o 18:41, Jean-Christophe DUBOIS pisze:

Le 24/12/2016 à 18:18, mar.krzeminski a écrit :

Hello,

W dniu 24.12.2016 o 16:11, Jean-Christophe Dubois pisze:
It did happen that the internal data buffer was overrun leading to 
a Qemu

crash (in particular while emulating the i.MX6 sabrelite board).

This patch makes sure the data array would not be overrun and 
allow the

sabrelite emulation to run without crash.

Signed-off-by: Jean-Christophe Dubois 
---
  hw/block/m25p80.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index d29ff4c..a1c4e5d 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -1117,7 +1117,7 @@ static uint32_t m25p80_transfer8(SSISlave 
*ss, uint32_t tx)

  s->data[s->len] = (uint8_t)tx;
  s->len++;
  -if (s->len == s->needed_bytes) {
+if ((s->len >= s->needed_bytes) || (s->len >= 
sizeof(s->data))) {

  complete_collecting_data(s);
  }
  break;

Do you have exact scenario that caused the problem?


When booting Xvisor (http://xhypervisor.org/) on top of Qemu 
emulated Sabrelite.


During the boot Qemu would segfault while writing to the SPI flash.

Thanks, I'll try to take I look.


Once you have built Xvisor for "generic ARMv7" you can run the 
following command.


qemu-system-arm -M sabrelite -display none -serial null -serial stdio 
-kernel ./build/vmm.bin -initrd ./build/vmm.bin  -dtb 
./build/arch/arm/board/generic/dts/imx6/sabrelite-a9/one_guest_sabrelite-a9.dtb


You can also run Qemu  under valgrind that will pinpoint the problem.

JC




Generally it should not happen.


The fact is that there is no protection to make sure the data array 
is not overrun.
Yes. IMHO it could be nice to log some error here and reset state 
machine instead

of going to next state.


May be it should not happen but it did happen in this case 
Yeap, but this mean m25p80's state machine goes nuts. Overflow is 
just a symptom

that something wrong is going on.

Thanks,
Marcin


JC




Thanks,
Marcin

Re: [Qemu-devel] [PULL 00/12] M68k for 2.9 patches

[Peter Maydell]

On 24 December 2016 at 11:40, Laurent Vivier  wrote:
> The following changes since commit a470b33259bf82ef2336bfcd5d07640562d3f63b:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
> staging (2016-12-22 19:23:51 +)
>
> are available in the git repository at:
>
>   git://github.com/vivier/qemu-m68k.git tags/m68k-for-2.9-pull-request
>
> for you to fetch changes up to ed3c95af3dd314a58a83b83126633e4efbad817b:
>
>   target-m68k: free TCG variables that are not (2016-12-24 12:31:21 +0100)
>
> 
> A series of patches queued since the beginning of the freeze period.
> Compared to the m68k-for-2.9 branch, 3 patches implementing bitfield
> ops are missing as they need new TCG functions. They will be pushed
> later.
> 

clang complains about unused variables:

/Users/pm215/src/qemu-for-merges/target/m68k/op_helper.c:413:14: error: unused
  variable 'c' [-Werror,-Wunused-variable]
uint64_t c, u, l;
 ^
/Users/pm215/src/qemu-for-merges/target/m68k/op_helper.c:413:20: error: unused
  variable 'l' [-Werror,-Wunused-variable]
uint64_t c, u, l;
   ^
/Users/pm215/src/qemu-for-merges/target/m68k/op_helper.c:413:17: error: unused
  variable 'u' [-Werror,-Wunused-variable]
uint64_t c, u, l;
^

thanks
-- PMM

Re: [Qemu-devel] [PATCH kvm-unit-tests v8 03/10] arm/arm64: add some delay routines

[Andrew Jones]

On Tue, Dec 27, 2016 at 10:27:25AM -0500, Christopher Covington wrote:
> On 12/09/2016 07:15 AM, Andrew Jones wrote:
> > On Fri, Dec 09, 2016 at 11:41:06AM +, Andre Przywara wrote:
> >> Hi,
> >>
> >> On 08/12/16 17:50, Andrew Jones wrote:
> >>> Allow a thread to wait some specified amount of time. Can
> >>> specify in cycles, usecs, and msecs.
> 
> >>> +++ b/lib/arm/asm/delay.h
> >>> @@ -0,0 +1,14 @@
> >>> +#ifndef _ASMARM_DELAY_H_
> >>> +#define _ASMARM_DELAY_H_
> >>> +/*
> >>> + * Copyright (C) 2016, Red Hat Inc, Andrew Jones 
> >>> + *
> >>> + * This work is licensed under the terms of the GNU LGPL, version 2.
> >>> + */
> >>> +#include 
> >>> +
> >>> +extern void delay(u64 cycles);
> >>
> >> Nit: Shouldn't this parameter be called "ticks"? Cycles might be a bit
> >> misleading, especially since this prototype is the only documentation on
> >> this. You might just want to fix this when applying the patches.
> > 
> > Right or wrong the kernel uses 'cycles' for this function, named
> > __timer_delay for arm and __delay for arm64. I guess I prefer
> > consistency here.
> 
> I too expect timers to tick and CPUs to cycle. The benefit of
> parameter-name-precise consistency with the Linux source is not
> obvious to me.
>

I just didn't have a strong enough opinion on it to change it. It appears
I'm in a minority though. As this is in master already, patches welcome :)

Thanks,
drew

Re: [Qemu-devel] [PATCH 0/2] tcg/s390 improvements

[Peter Maydell]

On 24 December 2016 at 03:46, Richard Henderson  wrote:
> One bug fix, one cleanup.
>
>
> r~
>
>
>
> The following changes since commit a470b33259bf82ef2336bfcd5d07640562d3f63b:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
> staging (2016-12-22 19:23:51 +)
>
> are available in the git repository at:
>
>   git://github.com/rth7680/qemu.git tags/pull-tcg-20161223
>
> for you to fetch changes up to e45d4ef6e345831c8d67a5bffe0d057efc20f4ff:
>
>   tcg/s390: Remove 'R' constraint (2016-12-23 19:38:27 -0800)
>
> 
> queued s390 host fixes
>
> 
> Richard Henderson (2):
>   tcg/s390: Fix setcond expansion
>   tcg/s390: Remove 'R' constraint
>
>  tcg/s390/tcg-target.inc.c | 75 
> +--
>  1 file changed, 40 insertions(+), 35 deletions(-)

Applied, thanks.

-- PMM

Re: [Qemu-devel] [RFC PATCH v3 0/6] translate: [tcg] Generic translation framework

[no-reply]

Hi,

Your series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Subject: [Qemu-devel] [RFC PATCH v3 0/6] translate: [tcg] Generic translation 
framework
Message-id: 148285303159.12721.5833400768046299304.st...@fimbulvetr.bsc.es

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=16
make docker-test-quick@centos6
make docker-test-mingw@fedora
make docker-test-build@min-glib
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
f811b31 target: [tcg, arm] Port to generic translation framework
c032b9c target: [tcg, i386] Port to generic translation framework
2d11071 target: [tcg] Redefine DISAS_* onto the generic translation framework 
(DJ_*)
510f515 target: [tcg] Add generic translation framework
d6c2729 queue: Add macro for incremental traversal
e91a708 Pass generic CPUState to gen_intermediate_code()

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
  BUILD   centos6
make[1]: Entering directory `/var/tmp/patchew-tester-tmp-nw8zzz1n/src'
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
ccache-3.1.6-2.el6.x86_64
epel-release-6-8.noarch
gcc-4.4.7-17.el6.x86_64
git-1.7.1-4.el6_7.1.x86_64
glib2-devel-2.28.8-5.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
make-3.81-23.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
tar-1.23-15.el6_8.x86_64
zlib-devel-1.2.3-29.el6.x86_64

Environment variables:
PACKAGES=libfdt-devel ccache tar git make gcc g++ zlib-devel 
glib2-devel SDL-devel pixman-devel epel-release
HOSTNAME=067ccbcd979a
TERM=xterm
MAKEFLAGS= -j16
HISTSIZE=1000
J=16
USER=root
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
MAIL=/var/spool/mail/root
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
LANG=en_US.UTF-8
TARGET_LIST=
HISTCONTROL=ignoredups
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
LOGNAME=root
LESSOPEN=||/usr/bin/lesspipe.sh %s
FEATURES= dtc
DEBUG=
G_BROKEN_FILENAMES=1
CCACHE_HASHDIR=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/var/tmp/qemu-build/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/var/tmp/qemu-build/install
BIOS directory/var/tmp/qemu-build/install/share/qemu
binary directory  /var/tmp/qemu-build/install/bin
library directory /var/tmp/qemu-build/install/lib
module directory  /var/tmp/qemu-build/install/lib/qemu
libexec directory /var/tmp/qemu-build/install/libexec
include directory /var/tmp/qemu-build/install/include
config directory  /var/tmp/qemu-build/install/etc
local state directory   /var/tmp/qemu-build/install/var
Manual directory  /var/tmp/qemu-build/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g 
QEMU_CFLAGS   -I/usr/include/pixman-1-pthread -I/usr/include/glib-2.0 
-I/usr/lib64/glib-2.0/include   -fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels -Wmissing-include-dirs 
-Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wold-style-declaration -Wold-style-definition 
-Wtype-limits -fstack-protector-all
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
pixmansystem
SDL support   yes (1.2.14)
GTK support   no 
GTK GL supportno
VTE support   no 
TLS priority  NORMAL
GNUTLS supportno
GNUTLS rndno
libgcrypt no
libgcrypt kdf no
nettleno 
nettle kdfno
libtasn1  no
curses supportno
virgl support no
curl support  no
mingw32 support   no
Audio drivers oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportno
VNC support   yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support   no
brlapi supportno
bluez  supportno

Re: [Qemu-devel] [RFC PATCH v3 0/6] translate: [tcg] Generic translation framework

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Message-id: 148285303159.12721.5833400768046299304.st...@fimbulvetr.bsc.es
Type: series
Subject: [Qemu-devel] [RFC PATCH v3 0/6] translate: [tcg] Generic translation 
framework

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] 
patchew/148285303159.12721.5833400768046299304.st...@fimbulvetr.bsc.es -> 
patchew/148285303159.12721.5833400768046299304.st...@fimbulvetr.bsc.es
Switched to a new branch 'test'
f811b31 target: [tcg, arm] Port to generic translation framework
c032b9c target: [tcg, i386] Port to generic translation framework
2d11071 target: [tcg] Redefine DISAS_* onto the generic translation framework 
(DJ_*)
510f515 target: [tcg] Add generic translation framework
d6c2729 queue: Add macro for incremental traversal
e91a708 Pass generic CPUState to gen_intermediate_code()

=== OUTPUT BEGIN ===
Checking PATCH 1/6: Pass generic CPUState to gen_intermediate_code()...
ERROR: "foo * bar" should be "foo *bar"
#829: FILE: target/sh4/translate.c:1832:
+CPUSH4State * env = cpu->env_ptr;

ERROR: "foo * bar" should be "foo *bar"
#891: FILE: target/sparc/translate.c:5693:
+CPUSPARCState * env = cpu->env_ptr;

total: 2 errors, 0 warnings, 926 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 2/6: queue: Add macro for incremental traversal...
Checking PATCH 3/6: target: [tcg] Add generic translation framework...
ERROR: open brace '{' following enum go on the same line
#64: FILE: include/exec/translate-all_template.h:34:
+typedef enum BreakpointHitType
+{

ERROR: open brace '{' following enum go on the same line
#79: FILE: include/exec/translate-all_template.h:49:
+typedef enum DisasJumpType
+{

ERROR: open brace '{' following struct go on the same line
#97: FILE: include/exec/translate-all_template.h:67:
+typedef struct DisasContextBase
+{

ERROR: line over 90 characters
#116: FILE: include/qom/cpu.h:952:
+static inline CPUBreakpoint *cpu_breakpoint_get(CPUState *cpu, vaddr pc, 
CPUBreakpoint *bp)

ERROR: "foo * bar" should be "foo *bar"
#170: FILE: translate-all_template.h:26:
+DisasContext * restrict dc, CPUArchState * restrict env);

ERROR: "foo * bar" should be "foo *bar"
#173: FILE: translate-all_template.h:29:
+DisasContext * restrict dc, CPUArchState * restrict env);

ERROR: "foo * bar" should be "foo *bar"
#176: FILE: translate-all_template.h:32:
+DisasContext * restrict dc, CPUArchState * restrict env);

ERROR: "foo * bar" should be "foo *bar"
#179: FILE: translate-all_template.h:35:
+DisasContext * restrict dc, CPUArchState * restrict env);

ERROR: "foo * bar" should be "foo *bar"
#182: FILE: translate-all_template.h:38:
+DisasContext * restrict dc, CPUArchState * restrict env,

ERROR: "foo * bar" should be "foo *bar"
#183: FILE: translate-all_template.h:39:
+const CPUBreakpoint * restrict bp);

ERROR: "foo * bar" should be "foo *bar"
#186: FILE: translate-all_template.h:42:
+DisasContext * restrict dc, CPUArchState * restrict env);

ERROR: "foo * bar" should be "foo *bar"
#189: FILE: translate-all_template.h:45:
+DisasContext * restrict dc, CPUArchState * restrict env);

ERROR: "foo * bar" should be "foo *bar"
#192: FILE: translate-all_template.h:48:
+DisasContext * restrict dc, CPUArchState * restrict env);

ERROR: line over 90 characters
#257: FILE: translate-all_template.h:113:
+BreakpointHitType bh = 
gen_intermediate_code_target_breakpoint_hit(dc, env, bp);

WARNING: line over 80 characters
#335: FILE: translate-all_template.h:191:
+log_target_disas(cpu, dc->base.pc_first, dc->base.pc_next - 
dc->base.pc_first,

total: 14 errors, 1 warnings, 313 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 4/6: target: [tcg] Redefine DISAS_* onto the generic translation 
framework (DJ_*)...
ERROR: spaces required around that '+' (ctx:VxV)
#31: FILE: include/exec/exec-all.h:42:
+#define DISAS_JUMP(DJ_TARGET+0) /* only pc was modified dynamically */
 ^

ERROR: spaces required around that '+' (ctx:VxV)
#32: FILE: include/exec/exec-all.h:43:
+#define DISAS_UPDATE  

Re: [Qemu-devel] [PATCH] Further tidy-up on block status

[Eric Blake]

On 12/27/2016 08:09 AM, Vladimir Sementsov-Ogievskiy wrote:
> A bit out of topic, but...
> 
>> structured replies via `NBD_OPT_STRUCTURED_REPLY`.  Conversely, if
>> structured replies are negotiated, the server MUST use a
>> structured reply for any response with a payload, and MUST NOT use
>> a simple reply for `NBD_CMD_READ` (even for the case of an early
>> `EINVAL` due to bad flags), but MAY use either a simple reply or a
>> structured reply to all other requests.
> 
> What was the reason for it? Why not to negotiate forced structured read
> separately?

Because the whole reason we (want to) introduce structured replies IS to
fix the inability to do a partial read or an efficient read of zeroes.
The fact that structured reads make other extensions possible is icing
on the cake, but if you are going to implement structured replies at
all, you might as well make reads do it (since reads are mandatory,
while all other commands that utilize structured replies are optional).

> Actually, this spec forces any server, which wants to
> implement structured reply implement structured read too. But what if it
> don't want to? If it only wants to implement BLOCK_STATUS?

We intentionally do not want to permit such a server. Any server that
wants to implement BLOCK_STATUS must also implement structured reads.

> 
> So, what about changing it, to allow BLOCK_STATUS (or other future
> structured replies) without structured read? Structured read is good
> only for sparse formats,

Not true - it is also good for error recovery even on non-sparse
exports.  The existing read command is flawed in that it cannot be
implemented with partial read support - once the server has started
sending data, it MUST finish sending the number of bytes requested by
the client, which means the server MUST either buffer the read up front
(to ensure no read error is possible once the data sending is started),
or MUST disconnect if a read error is detected partway through.  With
structured reads, you can implement much more efficient servers that
start sending the reply right away without buffering, but which can
still error out on a read error partway through.

> when BLOCK_STATUS is more global. I understand,
> that servers may implement simple (and useless) one-chunk structured
> read, but I think that it is better to fix the spec, to not provoke
> servers use such workaround.

To date, we don't know of ANY servers that implement structured replies
at all, whether for structured reads or for BLOCK_STATUS.  I'm working
on qemu patches to make qemu implement both, and it will serve as an
example of how easy or hard it is to implement things.  But I see NO
reason to weaken the spec to allow structured BLOCK_STATUS without
structured reads.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3 2/6] queue: Add macro for incremental traversal

[Peter Maydell]

On 27 December 2016 at 15:37, Lluís Vilanova  wrote:
> Adds macro QTAILQ_FOREACH_CONTINUE to support incremental list
> traversal.
>
> Signed-off-by: Lluís Vilanova 
> ---
>  include/qemu/queue.h |5 +
>  1 file changed, 5 insertions(+)
>
> diff --git a/include/qemu/queue.h b/include/qemu/queue.h
> index 342073fb4d..0d709016f4 100644
> --- a/include/qemu/queue.h
> +++ b/include/qemu/queue.h
> @@ -415,6 +415,11 @@ struct { 
>\
>  (var);  \
>  (var) = ((var)->field.tqe_next))
>
> +#define QTAILQ_FOREACH_CONTINUE(var, field) \
> +for ((var) = ((var)->field.tqe_next);   \
> +(var);  \
> +(var) = ((var)->field.tqe_next))
> +
>  #define QTAILQ_FOREACH_SAFE(var, head, field, next_var) \
>  for ((var) = ((head)->tqh_first);   \
>  (var) && ((next_var) = ((var)->field.tqe_next), 1); \

Could we have some documentation for the new macro, please?

thanks
-- PMM

Re: [Qemu-devel] [PATCH kvm-unit-tests v8 03/10] arm/arm64: add some delay routines

[Christopher Covington]

On 12/09/2016 07:15 AM, Andrew Jones wrote:
> On Fri, Dec 09, 2016 at 11:41:06AM +, Andre Przywara wrote:
>> Hi,
>>
>> On 08/12/16 17:50, Andrew Jones wrote:
>>> Allow a thread to wait some specified amount of time. Can
>>> specify in cycles, usecs, and msecs.

>>> +++ b/lib/arm/asm/delay.h
>>> @@ -0,0 +1,14 @@
>>> +#ifndef _ASMARM_DELAY_H_
>>> +#define _ASMARM_DELAY_H_
>>> +/*
>>> + * Copyright (C) 2016, Red Hat Inc, Andrew Jones 
>>> + *
>>> + * This work is licensed under the terms of the GNU LGPL, version 2.
>>> + */
>>> +#include 
>>> +
>>> +extern void delay(u64 cycles);
>>
>> Nit: Shouldn't this parameter be called "ticks"? Cycles might be a bit
>> misleading, especially since this prototype is the only documentation on
>> this. You might just want to fix this when applying the patches.
> 
> Right or wrong the kernel uses 'cycles' for this function, named
> __timer_delay for arm and __delay for arm64. I guess I prefer
> consistency here.

I too expect timers to tick and CPUs to cycle. The benefit of
parameter-name-precise consistency with the Linux source is not
obvious to me.

Cov

-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm
Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code
Aurora Forum, a Linux Foundation Collaborative Project.

[Qemu-devel] [PATCH v3 1/6] Pass generic CPUState to gen_intermediate_code()

[Lluís Vilanova]

Needed to implement a target-agnostic gen_intermediate_code() in the
future.

Signed-off-by: Lluís Vilanova 
Reviewed-by: David Gibson 
---
 include/exec/exec-all.h   |2 +-
 target-alpha/translate.c  |   11 +--
 target-arm/translate.c|   24 
 target-cris/translate.c   |   17 -
 target-i386/translate.c   |   13 ++---
 target-lm32/translate.c   |   22 +++---
 target-m68k/translate.c   |   15 +++
 target-microblaze/translate.c |   22 +++---
 target-mips/translate.c   |   15 +++
 target-moxie/translate.c  |   14 +++---
 target-openrisc/translate.c   |   22 +++---
 target-ppc/translate.c|   15 +++
 target-s390x/translate.c  |   13 ++---
 target-sh4/translate.c|   15 +++
 target-sparc/translate.c  |   11 +--
 target-tilegx/translate.c |7 +++
 target-tricore/translate.c|9 -
 target-unicore32/translate.c  |   17 -
 target-xtensa/translate.c |   13 ++---
 translate-all.c   |2 +-
 20 files changed, 133 insertions(+), 146 deletions(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index a8c13cee66..0e45e1aedc 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -43,7 +43,7 @@ typedef ram_addr_t tb_page_addr_t;
 
 #include "qemu/log.h"
 
-void gen_intermediate_code(CPUArchState *env, struct TranslationBlock *tb);
+void gen_intermediate_code(CPUState *env, struct TranslationBlock *tb);
 void restore_state_to_opc(CPUArchState *env, struct TranslationBlock *tb,
   target_ulong *data);
 
diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 114927b751..6759ec28cc 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2873,10 +2873,9 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 return ret;
 }
 
-void gen_intermediate_code(CPUAlphaState *env, struct TranslationBlock *tb)
+void gen_intermediate_code(CPUState *cpu, struct TranslationBlock *tb)
 {
-AlphaCPU *cpu = alpha_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+CPUAlphaState *env = cpu->env_ptr;
 DisasContext ctx, *ctxp = 
 target_ulong pc_start;
 target_ulong pc_mask;
@@ -2891,7 +2890,7 @@ void gen_intermediate_code(CPUAlphaState *env, struct 
TranslationBlock *tb)
 ctx.pc = pc_start;
 ctx.mem_idx = cpu_mmu_index(env, false);
 ctx.implver = env->implver;
-ctx.singlestep_enabled = cs->singlestep_enabled;
+ctx.singlestep_enabled = cpu->singlestep_enabled;
 
 #ifdef CONFIG_USER_ONLY
 ctx.ir = cpu_std_ir;
@@ -2934,7 +2933,7 @@ void gen_intermediate_code(CPUAlphaState *env, struct 
TranslationBlock *tb)
 tcg_gen_insn_start(ctx.pc);
 num_insns++;
 
-if (unlikely(cpu_breakpoint_test(cs, ctx.pc, BP_ANY))) {
+if (unlikely(cpu_breakpoint_test(cpu, ctx.pc, BP_ANY))) {
 ret = gen_excp(, EXCP_DEBUG, 0);
 /* The address covered by the breakpoint must be included in
[tb->pc, tb->pc + tb->size) in order to for it to be
@@ -2996,7 +2995,7 @@ void gen_intermediate_code(CPUAlphaState *env, struct 
TranslationBlock *tb)
 && qemu_log_in_addr_range(pc_start)) {
 qemu_log_lock();
 qemu_log("IN: %s\n", lookup_symbol(pc_start));
-log_target_disas(cs, pc_start, ctx.pc - pc_start, 1);
+log_target_disas(cpu, pc_start, ctx.pc - pc_start, 1);
 qemu_log("\n");
 qemu_log_unlock();
 }
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 0ad9070b45..3aa766901c 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -11589,10 +11589,10 @@ static bool insn_crosses_page(CPUARMState *env, 
DisasContext *s)
 }
 
 /* generate intermediate code for basic block 'tb'.  */
-void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
+void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb)
 {
-ARMCPU *cpu = arm_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+CPUARMState *env = cpu->env_ptr;
+ARMCPU *arm_cpu = arm_env_get_cpu(env);
 DisasContext dc1, *dc = 
 target_ulong pc_start;
 target_ulong next_page_start;
@@ -11606,7 +11606,7 @@ void gen_intermediate_code(CPUARMState *env, 
TranslationBlock *tb)
  * the A32/T32 complexity to do with conditional execution/IT blocks/etc.
  */
 if (ARM_TBFLAG_AARCH64_STATE(tb->flags)) {
-gen_intermediate_code_a64(cpu, tb);
+gen_intermediate_code_a64(arm_cpu, tb);
 return;
 }
 
@@ -11616,7 +11616,7 @@ void gen_intermediate_code(CPUARMState *env, 
TranslationBlock *tb)
 
 dc->is_jmp = DISAS_NEXT;
 dc->pc = pc_start;
-dc->singlestep_enabled = cs->singlestep_enabled;
+dc->singlestep_enabled = 

[Qemu-devel] [PATCH v3 6/6] target: [tcg, arm] Port to generic translation framework

[Lluís Vilanova]

Signed-off-by: Lluís Vilanova 
---
 target-arm/translate-a64.c |  348 ++---
 target-arm/translate.c |  718 ++--
 target-arm/translate.h |   42 ++-
 3 files changed, 554 insertions(+), 554 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 6dc27a6115..3ea5cfa485 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -296,17 +296,17 @@ static void gen_exception(int excp, uint32_t syndrome, 
uint32_t target_el)
 
 static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
 {
-gen_a64_set_pc_im(s->pc - offset);
+gen_a64_set_pc_im(s->base.pc_next - offset);
 gen_exception_internal(excp);
-s->is_jmp = DISAS_EXC;
+s->base.jmp_type = DJ_EXC;
 }
 
 static void gen_exception_insn(DisasContext *s, int offset, int excp,
uint32_t syndrome, uint32_t target_el)
 {
-gen_a64_set_pc_im(s->pc - offset);
+gen_a64_set_pc_im(s->base.pc_next - offset);
 gen_exception(excp, syndrome, target_el);
-s->is_jmp = DISAS_EXC;
+s->base.jmp_type = DJ_EXC;
 }
 
 static void gen_ss_advance(DisasContext *s)
@@ -334,7 +334,7 @@ static void gen_step_complete_exception(DisasContext *s)
 gen_ss_advance(s);
 gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, 1, s->is_ldex),
   default_exception_el(s));
-s->is_jmp = DISAS_EXC;
+s->base.jmp_type = DJ_EXC;
 }
 
 static inline bool use_goto_tb(DisasContext *s, int n, uint64_t dest)
@@ -342,13 +342,13 @@ static inline bool use_goto_tb(DisasContext *s, int n, 
uint64_t dest)
 /* No direct tb linking with singlestep (either QEMU's or the ARM
  * debug architecture kind) or deterministic io
  */
-if (s->singlestep_enabled || s->ss_active || (s->tb->cflags & CF_LAST_IO)) 
{
+if (s->base.singlestep_enabled || s->ss_active || (s->base.tb->cflags & 
CF_LAST_IO)) {
 return false;
 }
 
 #ifndef CONFIG_USER_ONLY
 /* Only link tbs from inside the same guest page */
-if ((s->tb->pc & TARGET_PAGE_MASK) != (dest & TARGET_PAGE_MASK)) {
+if ((s->base.tb->pc & TARGET_PAGE_MASK) != (dest & TARGET_PAGE_MASK)) {
 return false;
 }
 #endif
@@ -360,21 +360,21 @@ static inline void gen_goto_tb(DisasContext *s, int n, 
uint64_t dest)
 {
 TranslationBlock *tb;
 
-tb = s->tb;
+tb = s->base.tb;
 if (use_goto_tb(s, n, dest)) {
 tcg_gen_goto_tb(n);
 gen_a64_set_pc_im(dest);
 tcg_gen_exit_tb((intptr_t)tb + n);
-s->is_jmp = DISAS_TB_JUMP;
+s->base.jmp_type = DJ_TB_JUMP;
 } else {
 gen_a64_set_pc_im(dest);
 if (s->ss_active) {
 gen_step_complete_exception(s);
-} else if (s->singlestep_enabled) {
+} else if (s->base.singlestep_enabled) {
 gen_exception_internal(EXCP_DEBUG);
 } else {
 tcg_gen_exit_tb(0);
-s->is_jmp = DISAS_TB_JUMP;
+s->base.jmp_type = DJ_TB_JUMP;
 }
 }
 }
@@ -405,11 +405,11 @@ static void unallocated_encoding(DisasContext *s)
 qemu_log_mask(LOG_UNIMP, \
   "%s:%d: unsupported instruction encoding 0x%08x "  \
   "at pc=%016" PRIx64 "\n",  \
-  __FILE__, __LINE__, insn, s->pc - 4);  \
+  __FILE__, __LINE__, insn, s->base.pc_next - 4);  
\
 unallocated_encoding(s); \
 } while (0);
 
-static void init_tmp_a64_array(DisasContext *s)
+void init_tmp_a64_array(DisasContext *s)
 {
 #ifdef CONFIG_DEBUG_TCG
 int i;
@@ -1223,11 +1223,11 @@ static inline AArch64DecodeFn *lookup_disas_fn(const 
AArch64DecodeTable *table,
  */
 static void disas_uncond_b_imm(DisasContext *s, uint32_t insn)
 {
-uint64_t addr = s->pc + sextract32(insn, 0, 26) * 4 - 4;
+uint64_t addr = s->base.pc_next + sextract32(insn, 0, 26) * 4 - 4;
 
 if (insn & (1U << 31)) {
 /* C5.6.26 BL Branch with link */
-tcg_gen_movi_i64(cpu_reg(s, 30), s->pc);
+tcg_gen_movi_i64(cpu_reg(s, 30), s->base.pc_next);
 }
 
 /* C5.6.20 B Branch / C5.6.26 BL Branch with link */
@@ -1250,7 +1250,7 @@ static void disas_comp_b_imm(DisasContext *s, uint32_t 
insn)
 sf = extract32(insn, 31, 1);
 op = extract32(insn, 24, 1); /* 0: CBZ; 1: CBNZ */
 rt = extract32(insn, 0, 5);
-addr = s->pc + sextract32(insn, 5, 19) * 4 - 4;
+addr = s->base.pc_next + sextract32(insn, 5, 19) * 4 - 4;
 
 tcg_cmp = read_cpu_reg(s, rt, sf);
 label_match = gen_new_label();
@@ -1258,7 +1258,7 @@ static void disas_comp_b_imm(DisasContext *s, uint32_t 
insn)
 tcg_gen_brcondi_i64(op ? TCG_COND_NE : TCG_COND_EQ,
 tcg_cmp, 0, label_match);
 
-gen_goto_tb(s, 0, s->pc);
+gen_goto_tb(s, 0, 

[Qemu-devel] [PATCH v3 5/6] target: [tcg, i386] Port to generic translation framework

[Lluís Vilanova]

Signed-off-by: Lluís Vilanova 
---
 target-i386/translate.c |  303 ++-
 1 file changed, 139 insertions(+), 164 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 61d73e286f..34c44b7686 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -69,6 +69,10 @@
 case (2 << 6) | (OP << 3) | 0 ... (2 << 6) | (OP << 3) | 7: \
 case (3 << 6) | (OP << 3) | 0 ... (3 << 6) | (OP << 3) | 7
 
+#include "exec/translate-all_template.h"
+#define DJ_JUMP (DJ_TARGET+0)   /* end of block due to call/jump */
+#define DJ_MISC (DJ_TARGET+1)   /* some other reason */
+
 //#define MACRO_TEST   1
 
 /* global register indexes */
@@ -94,7 +98,10 @@ static TCGv_i64 cpu_tmp1_i64;
 static int x86_64_hregs;
 #endif
 
+
 typedef struct DisasContext {
+DisasContextBase base;
+
 /* current insn context */
 int override; /* -1 if no override */
 int prefix;
@@ -102,8 +109,6 @@ typedef struct DisasContext {
 TCGMemOp dflag;
 target_ulong pc_start;
 target_ulong pc; /* pc = eip + cs_base */
-int is_jmp; /* 1 = means jump (stop translation), 2 means CPU
-   static state change (stop translation) */
 /* current block context */
 target_ulong cs_base; /* base of CS segment */
 int pe; /* protected mode */
@@ -124,12 +129,10 @@ typedef struct DisasContext {
 int cpl;
 int iopl;
 int tf; /* TF cpu flag */
-int singlestep_enabled; /* "hardware" single step enabled */
 int jmp_opt; /* use direct block chaining for direct jumps */
 int repz_opt; /* optimize jumps within repz instructions */
 int mem_index; /* select memory access functions */
 uint64_t flags; /* all execution flags */
-struct TranslationBlock *tb;
 int popl_esp_hack; /* for correct popl with esp base handling */
 int rip_offset; /* only used in x86_64, but left for simplicity */
 int cpuid_features;
@@ -140,6 +143,8 @@ typedef struct DisasContext {
 int cpuid_xsave_features;
 } DisasContext;
 
+#include "translate-all_template.h"
+
 static void gen_eob(DisasContext *s);
 static void gen_jmp(DisasContext *s, target_ulong eip);
 static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num);
@@ -1112,7 +1117,7 @@ static void gen_bpt_io(DisasContext *s, TCGv_i32 t_port, 
int ot)
 
 static inline void gen_ins(DisasContext *s, TCGMemOp ot)
 {
-if (s->tb->cflags & CF_USE_ICOUNT) {
+if (s->base.tb->cflags & CF_USE_ICOUNT) {
 gen_io_start();
 }
 gen_string_movl_A0_EDI(s);
@@ -1127,14 +1132,14 @@ static inline void gen_ins(DisasContext *s, TCGMemOp ot)
 gen_op_movl_T0_Dshift(ot);
 gen_op_add_reg_T0(s->aflag, R_EDI);
 gen_bpt_io(s, cpu_tmp2_i32, ot);
-if (s->tb->cflags & CF_USE_ICOUNT) {
+if (s->base.tb->cflags & CF_USE_ICOUNT) {
 gen_io_end();
 }
 }
 
 static inline void gen_outs(DisasContext *s, TCGMemOp ot)
 {
-if (s->tb->cflags & CF_USE_ICOUNT) {
+if (s->base.tb->cflags & CF_USE_ICOUNT) {
 gen_io_start();
 }
 gen_string_movl_A0_ESI(s);
@@ -1147,7 +1152,7 @@ static inline void gen_outs(DisasContext *s, TCGMemOp ot)
 gen_op_movl_T0_Dshift(ot);
 gen_op_add_reg_T0(s->aflag, R_ESI);
 gen_bpt_io(s, cpu_tmp2_i32, ot);
-if (s->tb->cflags & CF_USE_ICOUNT) {
+if (s->base.tb->cflags & CF_USE_ICOUNT) {
 gen_io_end();
 }
 }
@@ -2130,7 +2135,7 @@ static inline int insn_const_size(TCGMemOp ot)
 static inline bool use_goto_tb(DisasContext *s, target_ulong pc)
 {
 #ifndef CONFIG_USER_ONLY
-return (pc & TARGET_PAGE_MASK) == (s->tb->pc & TARGET_PAGE_MASK) ||
+return (pc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) ||
(pc & TARGET_PAGE_MASK) == (s->pc_start & TARGET_PAGE_MASK);
 #else
 return true;
@@ -2145,7 +2150,7 @@ static inline void gen_goto_tb(DisasContext *s, int 
tb_num, target_ulong eip)
 /* jump to same page: we can use a direct jump */
 tcg_gen_goto_tb(tb_num);
 gen_jmp_im(eip);
-tcg_gen_exit_tb((uintptr_t)s->tb + tb_num);
+tcg_gen_exit_tb((uintptr_t)s->base.tb + tb_num);
 } else {
 /* jump to another page: currently not optimized */
 gen_jmp_im(eip);
@@ -2166,7 +2171,7 @@ static inline void gen_jcc(DisasContext *s, int b,
 
 gen_set_label(l1);
 gen_goto_tb(s, 1, val);
-s->is_jmp = DISAS_TB_JUMP;
+s->base.jmp_type = DJ_JUMP;
 } else {
 l1 = gen_new_label();
 l2 = gen_new_label();
@@ -2237,11 +2242,11 @@ static void gen_movl_seg_T0(DisasContext *s, int 
seg_reg)
stop as a special handling must be done to disable hardware
interrupts for the next instruction */
 if (seg_reg == R_SS || (s->code32 && seg_reg < R_FS))
-s->is_jmp = DISAS_TB_JUMP;
+s->base.jmp_type = DJ_JUMP;
 } else {
 gen_op_movl_seg_T0_vm(seg_reg);
  

[Qemu-devel] [PATCH v3 3/6] target: [tcg] Add generic translation framework

[Lluís Vilanova]

Signed-off-by: Lluís Vilanova 
---
 include/exec/gen-icount.h |2 
 include/exec/translate-all_template.h |   76 
 include/qom/cpu.h |   21 +++
 translate-all_template.h  |  202 +
 4 files changed, 300 insertions(+), 1 deletion(-)
 create mode 100644 include/exec/translate-all_template.h
 create mode 100644 translate-all_template.h

diff --git a/include/exec/gen-icount.h b/include/exec/gen-icount.h
index 050de59b38..c91ac95ed7 100644
--- a/include/exec/gen-icount.h
+++ b/include/exec/gen-icount.h
@@ -45,7 +45,7 @@ static inline void gen_tb_start(TranslationBlock *tb)
 tcg_temp_free_i32(count);
 }
 
-static void gen_tb_end(TranslationBlock *tb, int num_insns)
+static inline void gen_tb_end(TranslationBlock *tb, int num_insns)
 {
 gen_set_label(exitreq_label);
 tcg_gen_exit_tb((uintptr_t)tb + TB_EXIT_REQUESTED);
diff --git a/include/exec/translate-all_template.h 
b/include/exec/translate-all_template.h
new file mode 100644
index 00..a552db02c8
--- /dev/null
+++ b/include/exec/translate-all_template.h
@@ -0,0 +1,76 @@
+/*
+ * Generic intermediate code generation.
+ *
+ * Copyright (C) 2016 Lluís Vilanova 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef EXEC__TRANSLATE_ALL_TEMPLATE_H
+#define EXEC__TRANSLATE_ALL_TEMPLATE_H
+
+/*
+ * Include this header from a target-specific file, and add a
+ *
+ * DisasContextBase base;
+ *
+ * member in your target-specific DisasContext.
+ */
+
+
+#include "exec/exec-all.h"
+
+
+/**
+ * BreakpointHitType:
+ * @BH_MISS: No hit
+ * @BH_HIT_INSN: Hit, but continue translating instruction
+ * @BH_HIT_TB: Hit, stop translating TB
+ *
+ * How to react to a breakpoint hit.
+ */
+typedef enum BreakpointHitType
+{
+BH_MISS,
+BH_HIT_INSN,
+BH_HIT_TB,
+} BreakpointHitType;
+
+/**
+ * DisasJumpType:
+ * @DJ_NEXT: Next instruction in program order
+ * @DJ_TOO_MANY: Too many instructions executed
+ * @DJ_TARGET: Start of target-specific conditions
+ *
+ * What instruction to disassemble next.
+ */
+typedef enum DisasJumpType
+{
+DJ_NEXT,
+DJ_TOO_MANY,
+DJ_TARGET,
+} DisasJumpType;
+
+/**
+ * DisasContextBase:
+ * @tb: Translation block for this disassembly.
+ * @singlestep_enabled: "Hardware" single stepping enabled.
+ * @pc_first: Address of first guest instruction in this TB.
+ * @pc_next: Address of next guest instruction in this TB (current during
+ *   disassembly).
+ * @num_insns: Number of translated instructions (including current).
+ *
+ * Architecture-agnostic disassembly context.
+ */
+typedef struct DisasContextBase
+{
+TranslationBlock *tb;
+bool singlestep_enabled;
+target_ulong pc_first;
+target_ulong pc_next;
+DisasJumpType jmp_type;
+unsigned int num_insns;
+} DisasContextBase;
+
+#endif  /* EXEC__TRANSLATE_ALL_TEMPLATE_H */
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 3f79a8e955..40c1ecb255 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -948,6 +948,27 @@ static inline bool cpu_breakpoint_test(CPUState *cpu, 
vaddr pc, int mask)
 return false;
 }
 
+/* Get first breakpoint matching a PC */
+static inline CPUBreakpoint *cpu_breakpoint_get(CPUState *cpu, vaddr pc, 
CPUBreakpoint *bp)
+{
+if (likely(bp == NULL)) {
+if (unlikely(!QTAILQ_EMPTY(>breakpoints))) {
+QTAILQ_FOREACH(bp, >breakpoints, entry) {
+if (bp->pc == pc) {
+return bp;
+}
+}
+}
+} else {
+QTAILQ_FOREACH_CONTINUE(bp, entry) {
+if (bp->pc == pc) {
+return bp;
+}
+}
+}
+return NULL;
+}
+
 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
   int flags, CPUWatchpoint **watchpoint);
 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr,
diff --git a/translate-all_template.h b/translate-all_template.h
new file mode 100644
index 00..80b56e5820
--- /dev/null
+++ b/translate-all_template.h
@@ -0,0 +1,202 @@
+/*
+ * Generic intermediate code generation.
+ *
+ * Copyright (C) 2016 Lluís Vilanova 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef TRANSLATE_ALL_TEMPLATE_H
+#define TRANSLATE_ALL_TEMPLATE_H
+
+/*
+ * Include this header from a target-specific file, which must define the
+ * target-specific functions declared below.
+ *
+ * These must be paired with instructions in "exec/translate-all_template.h".
+ */
+
+
+#include "cpu.h"
+#include "qemu/error-report.h"
+
+
+static void gen_intermediate_code_target_init_disas_context(
+DisasContext * restrict dc, CPUArchState * restrict env);
+
+static void gen_intermediate_code_target_init_globals(
+

[Qemu-devel] [RFC PATCH v3 0/6] translate: [tcg] Generic translation framework

[Lluís Vilanova]

This series proposes a generic (target-agnostic) instruction translation
framework.

It basically provides a generic main loop for instruction disassembly, which
calls target-specific functions when necessary. This generalization makes
inserting new code in the main loop easier, and helps in keeping all targets in
synch as to the contents of it.

This series also paves the way towards adding events to trace guest code
execution (BBLs and instructions).

I've ported i386/x86-64 and arm/aarch64 as an example to see how it fits in the
current organization, but will port the rest when this series gets merged.

Signed-off-by: Lluís Vilanova 
---

Changes in v3
=

* Rebase on 0737f32daf.


Changes in v2
=

* Port ARM and AARCH64 targets.
* Fold single-stepping checks into "max_insns" [Richard Henderson].
* Move instruction start marks to target code [Richard Henderson].
* Add target hook for TB start.
* Check for TCG temporary leaks.
* Move instruction disassembly into a target hook.
* Make breakpoint_hit() return an enum to accomodate target's needs (ARM).


Lluís Vilanova (6):
  Pass generic CPUState to gen_intermediate_code()
  queue: Add macro for incremental traversal
  target: [tcg] Add generic translation framework
  target: [tcg] Redefine DISAS_* onto the generic translation framework 
(DJ_*)
  target: [tcg,i386] Port to generic translation framework
  target: [tcg,arm] Port to generic translation framework


 include/exec/exec-all.h   |   13 -
 include/exec/gen-icount.h |2 
 include/exec/translate-all_template.h |   76 +++
 include/qemu/queue.h  |5 
 include/qom/cpu.h |   21 +
 target-alpha/translate.c  |   11 -
 target-arm/translate-a64.c|  348 
 target-arm/translate.c|  718 +
 target-arm/translate.h|   41 +-
 target-cris/translate.c   |   20 -
 target-i386/translate.c   |  304 ++
 target-lm32/translate.c   |   22 +
 target-m68k/translate.c   |   18 -
 target-microblaze/translate.c |   22 +
 target-mips/translate.c   |   15 -
 target-moxie/translate.c  |   14 -
 target-openrisc/translate.c   |   22 +
 target-ppc/translate.c|   15 -
 target-s390x/translate.c  |   16 -
 target-sh4/translate.c|   15 -
 target-sparc/translate.c  |   11 -
 target-tilegx/translate.c |7 
 target-tricore/translate.c|9 
 target-unicore32/translate.c  |   20 -
 target-xtensa/translate.c |   13 -
 translate-all.c   |2 
 translate-all_template.h  |  202 +
 27 files changed, 1128 insertions(+), 854 deletions(-)
 create mode 100644 include/exec/translate-all_template.h
 create mode 100644 translate-all_template.h


To: qemu-devel@nongnu.org
Cc: Paolo Bonzini 
Cc: Peter Crosthwaite 
Cc: Richard Henderson 

[Qemu-devel] [PULL 25/25] target-arm: Add VBAR support to ARM1176 CPUs

[Peter Maydell]

From: Cédric Le Goater 

ARM1176 CPUs have TrustZone support and can use the Vector Base
Address Register, but currently, qemu only adds VBAR support to ARMv7
CPUs. Fix this by adding a new feature ARM_FEATURE_VBAR which can used
for ARMv7 and ARM1176 CPUs.

The VBAR feature is always set for ARMv7 because some legacy boards
require it even if this is not architecturally correct.

Signed-off-by: Cédric Le Goater 
Message-id: 1481810970-9692-1-git-send-email-...@kaod.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h|  1 +
 target/arm/cpu.c|  9 +
 target/arm/helper.c | 19 +--
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index ca5c849..ab119e6 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1125,6 +1125,7 @@ enum arm_features {
 ARM_FEATURE_V8_PMULL, /* implements PMULL part of v8 Crypto Extensions */
 ARM_FEATURE_THUMB_DSP, /* DSP insns supported in the Thumb encodings */
 ARM_FEATURE_PMU, /* has PMU support */
+ARM_FEATURE_VBAR, /* has cp15 VBAR */
 };
 
 static inline int arm_feature(CPUARMState *env, int feature)
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 98e2c68..f5cb30a 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -597,6 +597,11 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 } else {
 set_feature(env, ARM_FEATURE_V6);
 }
+
+/* Always define VBAR for V7 CPUs even if it doesn't exist in
+ * non-EL3 configs. This is needed by some legacy boards.
+ */
+set_feature(env, ARM_FEATURE_VBAR);
 }
 if (arm_feature(env, ARM_FEATURE_V6K)) {
 set_feature(env, ARM_FEATURE_V6);
@@ -721,6 +726,10 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 }
 }
 
+if (arm_feature(env, ARM_FEATURE_EL3)) {
+set_feature(env, ARM_FEATURE_VBAR);
+}
+
 register_cp_regs_for_features(cpu);
 arm_cpu_register_gdb_regs_for_features(cpu);
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index b5b65ca..8dcabbf 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1252,12 +1252,6 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
   .access = PL1_RW, .accessfn = access_tpm, .type = ARM_CP_ALIAS,
   .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten),
   .writefn = pmintenclr_write },
-{ .name = "VBAR", .state = ARM_CP_STATE_BOTH,
-  .opc0 = 3, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
-  .access = PL1_RW, .writefn = vbar_write,
-  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.vbar_s),
- offsetof(CPUARMState, cp15.vbar_ns) },
-  .resetvalue = 0 },
 { .name = "CCSIDR", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
   .access = PL1_R, .readfn = ccsidr_read, .type = ARM_CP_NO_RAW },
@@ -5094,6 +5088,19 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 }
 }
 
+if (arm_feature(env, ARM_FEATURE_VBAR)) {
+ARMCPRegInfo vbar_cp_reginfo[] = {
+{ .name = "VBAR", .state = ARM_CP_STATE_BOTH,
+  .opc0 = 3, .crn = 12, .crm = 0, .opc1 = 0, .opc2 = 0,
+  .access = PL1_RW, .writefn = vbar_write,
+  .bank_fieldoffsets = { offsetof(CPUARMState, cp15.vbar_s),
+ offsetof(CPUARMState, cp15.vbar_ns) },
+  .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+define_arm_cp_regs(cpu, vbar_cp_reginfo);
+}
+
 /* Generic registers whose values depend on the implementation */
 {
 ARMCPRegInfo sctlr = {
-- 
2.7.4

[Qemu-devel] [PATCH v3 4/6] target: [tcg] Redefine DISAS_* onto the generic translation framework (DJ_*)

[Lluís Vilanova]

Temporarily redefine DISAS_* values based on DJ_TARGET. They should
disappear as targets get ported to the generic framework.

Signed-off-by: Lluís Vilanova 
---
 include/exec/exec-all.h  |   11 +++
 target-arm/translate.h   |   15 ---
 target-cris/translate.c  |3 ++-
 target-m68k/translate.c  |3 ++-
 target-s390x/translate.c |3 ++-
 target-unicore32/translate.c |3 ++-
 6 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 0e45e1aedc..75296570b3 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -36,10 +36,13 @@ typedef ram_addr_t tb_page_addr_t;
 #endif
 
 /* is_jmp field values */
-#define DISAS_NEXT0 /* next instruction can be analyzed */
-#define DISAS_JUMP1 /* only pc was modified dynamically */
-#define DISAS_UPDATE  2 /* cpu state was modified dynamically */
-#define DISAS_TB_JUMP 3 /* only pc was modified statically */
+/* TODO: delete after all targets are transitioned to generic translation */
+#include "exec/translate-all_template.h"
+#define DISAS_NEXTDJ_NEXT   /* next instruction can be analyzed */
+#define DISAS_JUMP(DJ_TARGET+0) /* only pc was modified dynamically */
+#define DISAS_UPDATE  (DJ_TARGET+1) /* cpu state was modified dynamically 
*/
+#define DISAS_TB_JUMP (DJ_TARGET+2) /* only pc was modified statically */
+#define DISAS_TARGET  (DJ_TARGET+3) /* base for target-specific values */
 
 #include "qemu/log.h"
 
diff --git a/target-arm/translate.h b/target-arm/translate.h
index 285e96f087..dbe98b7013 100644
--- a/target-arm/translate.h
+++ b/target-arm/translate.h
@@ -105,21 +105,22 @@ static inline int default_exception_el(DisasContext *s)
 }
 
 /* target-specific extra values for is_jmp */
+/* TODO: rename as DJ_* when transitioning this target to generic translation 
*/
 /* These instructions trap after executing, so the A32/T32 decoder must
  * defer them until after the conditional execution state has been updated.
  * WFI also needs special handling when single-stepping.
  */
-#define DISAS_WFI 4
-#define DISAS_SWI 5
+#define DISAS_WFI DISAS_TARGET + 0
+#define DISAS_SWI DISAS_TARGET + 1
 /* For instructions which unconditionally cause an exception we can skip
  * emitting unreachable code at the end of the TB in the A64 decoder
  */
-#define DISAS_EXC 6
+#define DISAS_EXC DISAS_TARGET + 2
 /* WFE */
-#define DISAS_WFE 7
-#define DISAS_HVC 8
-#define DISAS_SMC 9
-#define DISAS_YIELD 10
+#define DISAS_WFE DISAS_TARGET + 3
+#define DISAS_HVC DISAS_TARGET + 4
+#define DISAS_SMC DISAS_TARGET + 5
+#define DISAS_YIELD DISAS_TARGET + 6
 
 #ifdef TARGET_AARCH64
 void a64_translate_init(void);
diff --git a/target-cris/translate.c b/target-cris/translate.c
index ebcf7863bf..f8512181e0 100644
--- a/target-cris/translate.c
+++ b/target-cris/translate.c
@@ -50,7 +50,8 @@
 #define BUG() (gen_BUG(dc, __FILE__, __LINE__))
 #define BUG_ON(x) ({if (x) BUG();})
 
-#define DISAS_SWI 5
+/* TODO: rename as DJ_* when transitioning this target to generic translation 
*/
+#define DISAS_SWI DISAS_TARGET + 0
 
 /* Used by the decoder.  */
 #define EXTRACT_FIELD(src, start, end) \
diff --git a/target-m68k/translate.c b/target-m68k/translate.c
index 6da6f2b51b..a235fbbaa8 100644
--- a/target-m68k/translate.c
+++ b/target-m68k/translate.c
@@ -143,7 +143,8 @@ typedef struct DisasContext {
 int done_mac;
 } DisasContext;
 
-#define DISAS_JUMP_NEXT 4
+/* TODO: rename as DJ_* when transitioning this target to generic translation 
*/
+#define DISAS_JUMP_NEXT DISAS_TARGET + 0
 
 #if defined(CONFIG_USER_ONLY)
 #define IS_USER(s) 1
diff --git a/target-s390x/translate.c b/target-s390x/translate.c
index a3992dae5a..afc77c9390 100644
--- a/target-s390x/translate.c
+++ b/target-s390x/translate.c
@@ -74,7 +74,8 @@ typedef struct {
 } u;
 } DisasCompare;
 
-#define DISAS_EXCP 4
+/* TODO: rename as DJ_* when transitioning this target to generic translation 
*/
+#define DISAS_EXCP DISAS_TARGET + 0
 
 #ifdef DEBUG_INLINE_BRANCHES
 static uint64_t inline_branch_hit[CC_OP_MAX];
diff --git a/target-unicore32/translate.c b/target-unicore32/translate.c
index 39eaa76b50..8edabf0967 100644
--- a/target-unicore32/translate.c
+++ b/target-unicore32/translate.c
@@ -45,9 +45,10 @@ typedef struct DisasContext {
 #define IS_USER(s)  1
 #endif
 
+/* TODO: rename as DJ_* when transitioning this target to generic translation 
*/
 /* These instructions trap after executing, so defer them until after the
conditional executions state has been updated.  */
-#define DISAS_SYSCALL 5
+#define DISAS_SYSCALL DISAS_TARGET + 0
 
 static TCGv_env cpu_env;
 static TCGv_i32 cpu_R[32];

[Qemu-devel] [PULL 22/25] aspeed/smc: set the number of flash modules for the FMC controller

[Peter Maydell]

From: Cédric Le Goater 

Add a new configuration field at the board level and propagate the
value using the "num-cs" property of the FMC controller model.

Signed-off-by: Cédric Le Goater 
Message-id: 1480434248-27138-14-git-send-email-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/arm/aspeed.c | 6 ++
 hw/arm/aspeed_soc.c | 8 
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index bc70b38..40c1383 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -36,6 +36,7 @@ typedef struct AspeedBoardConfig {
 uint32_t hw_strap1;
 const char *fmc_model;
 const char *spi_model;
+uint32_t num_cs;
 } AspeedBoardConfig;
 
 enum {
@@ -85,18 +86,21 @@ static const AspeedBoardConfig aspeed_boards[] = {
 .hw_strap1 = PALMETTO_BMC_HW_STRAP1,
 .fmc_model = "n25q256a",
 .spi_model = "mx25l25635e",
+.num_cs= 1,
 },
 [AST2500_EVB]  = {
 .soc_name  = "ast2500-a1",
 .hw_strap1 = AST2500_EVB_HW_STRAP1,
 .fmc_model = "n25q256a",
 .spi_model = "mx25l25635e",
+.num_cs= 1,
 },
 [ROMULUS_BMC]  = {
 .soc_name  = "ast2500-a1",
 .hw_strap1 = ROMULUS_BMC_HW_STRAP1,
 .fmc_model = "n25q256a",
 .spi_model = "mx66l1g45g",
+.num_cs= 2,
 },
 };
 
@@ -143,6 +147,8 @@ static void aspeed_board_init(MachineState *machine,
_abort);
 object_property_set_int(OBJECT(>soc), cfg->hw_strap1, "hw-strap1",
 _abort);
+object_property_set_int(OBJECT(>soc), cfg->num_cs, "num-cs",
+_abort);
 object_property_set_bool(OBJECT(>soc), true, "realized",
  _abort);
 
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index d111d2e..b3e7f07 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -153,6 +153,8 @@ static void aspeed_soc_init(Object *obj)
 object_initialize(>fmc, sizeof(s->fmc), sc->info->fmc_typename);
 object_property_add_child(obj, "fmc", OBJECT(>fmc), NULL);
 qdev_set_parent_bus(DEVICE(>fmc), sysbus_get_default());
+object_property_add_alias(obj, "num-cs", OBJECT(>fmc), "num-cs",
+  _abort);
 
 for (i = 0; i < sc->info->spis_num; i++) {
 object_initialize(>spi[i], sizeof(s->spi[i]),
@@ -250,10 +252,8 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 sysbus_connect_irq(SYS_BUS_DEVICE(>i2c), 0,
qdev_get_gpio_in(DEVICE(>vic), 12));
 
-/* FMC */
-object_property_set_int(OBJECT(>fmc), 1, "num-cs", );
-object_property_set_bool(OBJECT(>fmc), true, "realized", _err);
-error_propagate(, local_err);
+/* FMC, The number of CS is set at the board level */
+object_property_set_bool(OBJECT(>fmc), true, "realized", );
 if (err) {
 error_propagate(errp, err);
 return;
-- 
2.7.4

[Qemu-devel] [PULL 24/25] hw/i2c: Add a NULL check for i2c slave init callbacks

[Peter Maydell]

From: Alastair D'Silva 

Add a NULL check for i2c slave init callbacks, so that we no longer
need to implement empty init functions.

Signed-off-by: Alastair D'Silva 
Message-id: 20161202054617.6749-4-alast...@au1.ibm.com
Reviewed-by: Peter Maydell 
[PMM: squashed in later tweak from Alistair to if() phrasing]
Signed-off-by: Peter Maydell 
---
 hw/arm/pxa2xx.c   | 7 ---
 hw/arm/tosa.c | 7 ---
 hw/arm/z2.c   | 7 ---
 hw/i2c/core.c | 6 +-
 hw/timer/ds1338.c | 6 --
 5 files changed, 5 insertions(+), 28 deletions(-)

diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 8aa0f8a..bdcf6bc 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -1449,17 +1449,10 @@ static const VMStateDescription vmstate_pxa2xx_i2c = {
 }
 };
 
-static int pxa2xx_i2c_slave_init(I2CSlave *i2c)
-{
-/* Nothing to do.  */
-return 0;
-}
-
 static void pxa2xx_i2c_slave_class_init(ObjectClass *klass, void *data)
 {
 I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
 
-k->init = pxa2xx_i2c_slave_init;
 k->event = pxa2xx_i2c_event;
 k->recv = pxa2xx_i2c_rx;
 k->send = pxa2xx_i2c_tx;
diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
index 1ee12f4..39d9dbb 100644
--- a/hw/arm/tosa.c
+++ b/hw/arm/tosa.c
@@ -202,12 +202,6 @@ static int tosa_dac_recv(I2CSlave *s)
 return -1;
 }
 
-static int tosa_dac_init(I2CSlave *i2c)
-{
-/* Nothing to do.  */
-return 0;
-}
-
 static void tosa_tg_init(PXA2xxState *cpu)
 {
 I2CBus *bus = pxa2xx_i2c_bus(cpu->i2c[0]);
@@ -275,7 +269,6 @@ static void tosa_dac_class_init(ObjectClass *klass, void 
*data)
 {
 I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
 
-k->init = tosa_dac_init;
 k->event = tosa_dac_event;
 k->recv = tosa_dac_recv;
 k->send = tosa_dac_send;
diff --git a/hw/arm/z2.c b/hw/arm/z2.c
index 68a92f3..b3a6bbd 100644
--- a/hw/arm/z2.c
+++ b/hw/arm/z2.c
@@ -263,12 +263,6 @@ static int aer915_recv(I2CSlave *slave)
 return retval;
 }
 
-static int aer915_init(I2CSlave *i2c)
-{
-/* Nothing to do.  */
-return 0;
-}
-
 static VMStateDescription vmstate_aer915_state = {
 .name = "aer915",
 .version_id = 1,
@@ -285,7 +279,6 @@ static void aer915_class_init(ObjectClass *klass, void 
*data)
 DeviceClass *dc = DEVICE_CLASS(klass);
 I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
 
-k->init = aer915_init;
 k->event = aer915_event;
 k->recv = aer915_recv;
 k->send = aer915_send;
diff --git a/hw/i2c/core.c b/hw/i2c/core.c
index abd4c4c..e40781e 100644
--- a/hw/i2c/core.c
+++ b/hw/i2c/core.c
@@ -260,7 +260,11 @@ static int i2c_slave_qdev_init(DeviceState *dev)
 I2CSlave *s = I2C_SLAVE(dev);
 I2CSlaveClass *sc = I2C_SLAVE_GET_CLASS(s);
 
-return sc->init(s);
+if (sc->init) {
+return sc->init(s);
+}
+
+return 0;
 }
 
 DeviceState *i2c_create_slave(I2CBus *bus, const char *name, uint8_t addr)
diff --git a/hw/timer/ds1338.c b/hw/timer/ds1338.c
index 0112949..f5d04dd 100644
--- a/hw/timer/ds1338.c
+++ b/hw/timer/ds1338.c
@@ -198,11 +198,6 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data)
 return 0;
 }
 
-static int ds1338_init(I2CSlave *i2c)
-{
-return 0;
-}
-
 static void ds1338_reset(DeviceState *dev)
 {
 DS1338State *s = DS1338(dev);
@@ -220,7 +215,6 @@ static void ds1338_class_init(ObjectClass *klass, void 
*data)
 DeviceClass *dc = DEVICE_CLASS(klass);
 I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
 
-k->init = ds1338_init;
 k->event = ds1338_event;
 k->recv = ds1338_recv;
 k->send = ds1338_send;
-- 
2.7.4

[Qemu-devel] [PULL 08/25] hw/intc/arm_gicv3: Remove incorrect usage of fieldoffset

[Peter Maydell]

In the ARMCPRegInfo definitions for the GICv3 CPU interface
registers, we were trying to use .fieldoffset to specify
the locations of data fields within the GICv3CPUState struct.
This is completely broken, because .fieldoffset is for offsets
into the CPUARMState struct. We didn't notice because we
were only using this for reads to BPR0, AP0R, IGRPEN0
and CTLR_EL3, and Linux doesn't use these registers.

Replace the .fieldoffset uses with explicit read functions.

Signed-off-by: Peter Maydell 
Reviewed-by: Edgar E. Iglesias 
---
 hw/intc/arm_gicv3_cpuif.c | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index bca30c4..35e8eb3 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -1118,35 +1118,35 @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
   .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 3,
   .type = ARM_CP_IO | ARM_CP_NO_RAW,
   .access = PL1_RW, .accessfn = gicv3_fiq_access,
-  .fieldoffset = offsetof(GICv3CPUState, icc_bpr[GICV3_G0]),
+  .readfn = icc_bpr_read,
   .writefn = icc_bpr_write,
 },
 { .name = "ICC_AP0R0_EL1", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 4,
   .type = ARM_CP_IO | ARM_CP_NO_RAW,
   .access = PL1_RW, .accessfn = gicv3_fiq_access,
-  .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][0]),
+  .readfn = icc_ap_read,
   .writefn = icc_ap_write,
 },
 { .name = "ICC_AP0R1_EL1", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 5,
   .type = ARM_CP_IO | ARM_CP_NO_RAW,
   .access = PL1_RW, .accessfn = gicv3_fiq_access,
-  .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][1]),
+  .readfn = icc_ap_read,
   .writefn = icc_ap_write,
 },
 { .name = "ICC_AP0R2_EL1", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 6,
   .type = ARM_CP_IO | ARM_CP_NO_RAW,
   .access = PL1_RW, .accessfn = gicv3_fiq_access,
-  .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][2]),
+  .readfn = icc_ap_read,
   .writefn = icc_ap_write,
 },
 { .name = "ICC_AP0R3_EL1", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 8, .opc2 = 7,
   .type = ARM_CP_IO | ARM_CP_NO_RAW,
   .access = PL1_RW, .accessfn = gicv3_fiq_access,
-  .fieldoffset = offsetof(GICv3CPUState, icc_apr[GICV3_G0][3]),
+  .readfn = icc_ap_read,
   .writefn = icc_ap_write,
 },
 /* All the ICC_AP1R*_EL1 registers are banked */
@@ -1275,7 +1275,7 @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
   .opc0 = 3, .opc1 = 0, .crn = 12, .crm = 12, .opc2 = 6,
   .type = ARM_CP_IO | ARM_CP_NO_RAW,
   .access = PL1_RW, .accessfn = gicv3_fiq_access,
-  .fieldoffset = offsetof(GICv3CPUState, icc_igrpen[GICV3_G0]),
+  .readfn = icc_igrpen_read,
   .writefn = icc_igrpen_write,
 },
 /* This register is banked */
@@ -1299,7 +1299,6 @@ static const ARMCPRegInfo gicv3_cpuif_reginfo[] = {
   .opc0 = 3, .opc1 = 6, .crn = 12, .crm = 12, .opc2 = 4,
   .type = ARM_CP_IO | ARM_CP_NO_RAW,
   .access = PL3_RW,
-  .fieldoffset = offsetof(GICv3CPUState, icc_ctlr_el3),
   .readfn = icc_ctlr_el3_read,
   .writefn = icc_ctlr_el3_write,
 },
-- 
2.7.4

[Qemu-devel] [PULL 17/25] aspeed: add a memory region for SRAM

[Peter Maydell]

From: Cédric Le Goater 

The size of the SRAM depends on the SoC model, so use a per-soc
definition when creating the region.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Reviewed-by: Andrew Jeffery 
Message-id: 1480434248-27138-9-git-send-email-...@kaod.org
Signed-off-by: Peter Maydell 
---
 include/hw/arm/aspeed_soc.h |  2 ++
 hw/arm/aspeed_soc.c | 52 +
 2 files changed, 45 insertions(+), 9 deletions(-)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index 6f1b679..1ab5dea 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -29,6 +29,7 @@ typedef struct AspeedSoCState {
 /*< public >*/
 ARMCPU cpu;
 MemoryRegion iomem;
+MemoryRegion sram;
 AspeedVICState vic;
 AspeedTimerCtrlState timerctrl;
 AspeedI2CState i2c;
@@ -46,6 +47,7 @@ typedef struct AspeedSoCInfo {
 const char *cpu_model;
 uint32_t silicon_rev;
 hwaddr sdram_base;
+uint64_t sram_size;
 int spis_num;
 const hwaddr *spi_bases;
 const char *fmc_typename;
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 82e2712..233a6b9 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -29,6 +29,7 @@
 #define ASPEED_SOC_VIC_BASE 0x1E6C
 #define ASPEED_SOC_SDMC_BASE0x1E6E
 #define ASPEED_SOC_SCU_BASE 0x1E6E2000
+#define ASPEED_SOC_SRAM_BASE0x1E72
 #define ASPEED_SOC_TIMER_BASE   0x1E782000
 #define ASPEED_SOC_I2C_BASE 0x1E78A000
 
@@ -47,15 +48,37 @@ static const char *aspeed_soc_ast2500_typenames[] = {
 "aspeed.smc.ast2500-spi1", "aspeed.smc.ast2500-spi2" };
 
 static const AspeedSoCInfo aspeed_socs[] = {
-{ "ast2400-a0", "arm926", AST2400_A0_SILICON_REV, AST2400_SDRAM_BASE,
-  1, aspeed_soc_ast2400_spi_bases,
-  "aspeed.smc.fmc", aspeed_soc_ast2400_typenames },
-{ "ast2400","arm926", AST2400_A0_SILICON_REV, AST2400_SDRAM_BASE,
-  1, aspeed_soc_ast2400_spi_bases,
- "aspeed.smc.fmc", aspeed_soc_ast2400_typenames },
-{ "ast2500-a1", "arm1176", AST2500_A1_SILICON_REV, AST2500_SDRAM_BASE,
-  2, aspeed_soc_ast2500_spi_bases,
-  "aspeed.smc.ast2500-fmc", aspeed_soc_ast2500_typenames },
+{
+.name = "ast2400-a0",
+.cpu_model= "arm926",
+.silicon_rev  = AST2400_A0_SILICON_REV,
+.sdram_base   = AST2400_SDRAM_BASE,
+.sram_size= 0x8000,
+.spis_num = 1,
+.spi_bases= aspeed_soc_ast2400_spi_bases,
+.fmc_typename = "aspeed.smc.fmc",
+.spi_typename = aspeed_soc_ast2400_typenames,
+}, {
+.name = "ast2400",
+.cpu_model= "arm926",
+.silicon_rev  = AST2400_A0_SILICON_REV,
+.sdram_base   = AST2400_SDRAM_BASE,
+.sram_size= 0x8000,
+.spis_num = 1,
+.spi_bases= aspeed_soc_ast2400_spi_bases,
+.fmc_typename = "aspeed.smc.fmc",
+.spi_typename = aspeed_soc_ast2400_typenames,
+}, {
+.name = "ast2500-a1",
+.cpu_model= "arm1176",
+.silicon_rev  = AST2500_A1_SILICON_REV,
+.sdram_base   = AST2500_SDRAM_BASE,
+.sram_size= 0x9000,
+.spis_num = 2,
+.spi_bases= aspeed_soc_ast2500_spi_bases,
+.fmc_typename = "aspeed.smc.ast2500-fmc",
+.spi_typename = aspeed_soc_ast2500_typenames,
+},
 };
 
 /*
@@ -157,6 +180,17 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
+/* SRAM */
+memory_region_init_ram(>sram, OBJECT(dev), "aspeed.sram",
+   sc->info->sram_size, );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+vmstate_register_ram_global(>sram);
+memory_region_add_subregion(get_system_memory(), ASPEED_SOC_SRAM_BASE,
+>sram);
+
 /* VIC */
 object_property_set_bool(OBJECT(>vic), true, "realized", );
 if (err) {
-- 
2.7.4

[Qemu-devel] [PATCH v3 2/6] queue: Add macro for incremental traversal

[Lluís Vilanova]

Adds macro QTAILQ_FOREACH_CONTINUE to support incremental list
traversal.

Signed-off-by: Lluís Vilanova 
---
 include/qemu/queue.h |5 +
 1 file changed, 5 insertions(+)

diff --git a/include/qemu/queue.h b/include/qemu/queue.h
index 342073fb4d..0d709016f4 100644
--- a/include/qemu/queue.h
+++ b/include/qemu/queue.h
@@ -415,6 +415,11 @@ struct {   
 \
 (var);  \
 (var) = ((var)->field.tqe_next))
 
+#define QTAILQ_FOREACH_CONTINUE(var, field) \
+for ((var) = ((var)->field.tqe_next);   \
+(var);  \
+(var) = ((var)->field.tqe_next))
+
 #define QTAILQ_FOREACH_SAFE(var, head, field, next_var) \
 for ((var) = ((head)->tqh_first);   \
 (var) && ((next_var) = ((var)->field.tqe_next), 1); \

[Qemu-devel] [PULL 21/25] aspeed/smc: improve segment register support

[Peter Maydell]

From: Cédric Le Goater 

The HW does not enforce all the rules in the specs and allows a few
"curious" setups like zero size segments and overlaps. So change the
model to be in sync but keep the warnings which are always interesting
for debug.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Message-id: 1480434248-27138-13-git-send-email-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/ssi/aspeed_smc.c | 17 +
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 6e8403e..78f5aed 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -253,7 +253,8 @@ static void aspeed_smc_flash_set_segment(AspeedSMCState *s, 
int cs,
 qemu_log_mask(LOG_GUEST_ERROR,
   "%s: Tried to change CS0 start address to 0x%"
   HWADDR_PRIx "\n", s->ctrl->name, seg.addr);
-return;
+seg.addr = s->ctrl->flash_window_base;
+new = aspeed_smc_segment_to_reg();
 }
 
 /*
@@ -267,8 +268,10 @@ static void aspeed_smc_flash_set_segment(AspeedSMCState 
*s, int cs,
 s->ctrl->segments[cs].size) {
 qemu_log_mask(LOG_GUEST_ERROR,
   "%s: Tried to change CS%d end address to 0x%"
-  HWADDR_PRIx "\n", s->ctrl->name, cs, seg.addr);
-return;
+  HWADDR_PRIx "\n", s->ctrl->name, cs, seg.addr + 
seg.size);
+seg.size = s->ctrl->segments[cs].addr + s->ctrl->segments[cs].size -
+seg.addr;
+new = aspeed_smc_segment_to_reg();
 }
 
 /* Keep the segment in the overall flash window */
@@ -281,16 +284,14 @@ static void aspeed_smc_flash_set_segment(AspeedSMCState 
*s, int cs,
 }
 
 /* Check start address vs. alignment */
-if (seg.addr % seg.size) {
+if (seg.size && !QEMU_IS_ALIGNED(seg.addr, seg.size)) {
 qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment for CS%d is not "
   "aligned : [ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n",
   s->ctrl->name, cs, seg.addr, seg.addr + seg.size);
 }
 
-/* And segments should not overlap */
-if (aspeed_smc_flash_overlap(s, , cs)) {
-return;
-}
+/* And segments should not overlap (in the specs) */
+aspeed_smc_flash_overlap(s, , cs);
 
 /* All should be fine now to move the region */
 memory_region_transaction_begin();
-- 
2.7.4

[Qemu-devel] [PULL 18/25] aspeed: add the definitions for the AST2400 A1 SoC

[Peter Maydell]

From: Cédric Le Goater 

There is not much differences with the A0 revision apart from the DDR
calibration.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Reviewed-by: Andrew Jeffery 
Message-id: 1480434248-27138-10-git-send-email-...@kaod.org
Signed-off-by: Peter Maydell 
---
 include/hw/misc/aspeed_scu.h |  1 +
 hw/arm/aspeed_soc.c  | 10 ++
 hw/misc/aspeed_scu.c |  2 ++
 hw/misc/aspeed_sdmc.c|  3 +++
 4 files changed, 16 insertions(+)

diff --git a/include/hw/misc/aspeed_scu.h b/include/hw/misc/aspeed_scu.h
index 14ffc43..bd4ac01 100644
--- a/include/hw/misc/aspeed_scu.h
+++ b/include/hw/misc/aspeed_scu.h
@@ -32,6 +32,7 @@ typedef struct AspeedSCUState {
 } AspeedSCUState;
 
 #define AST2400_A0_SILICON_REV   0x02000303U
+#define AST2400_A1_SILICON_REV   0x02010303U
 #define AST2500_A0_SILICON_REV   0x04000303U
 #define AST2500_A1_SILICON_REV   0x04010303U
 
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 233a6b9..d111d2e 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -59,6 +59,16 @@ static const AspeedSoCInfo aspeed_socs[] = {
 .fmc_typename = "aspeed.smc.fmc",
 .spi_typename = aspeed_soc_ast2400_typenames,
 }, {
+.name = "ast2400-a1",
+.cpu_model= "arm926",
+.silicon_rev  = AST2400_A1_SILICON_REV,
+.sdram_base   = AST2400_SDRAM_BASE,
+.sram_size= 0x8000,
+.spis_num = 1,
+.spi_bases= aspeed_soc_ast2400_spi_bases,
+.fmc_typename = "aspeed.smc.fmc",
+.spi_typename = aspeed_soc_ast2400_typenames,
+}, {
 .name = "ast2400",
 .cpu_model= "arm926",
 .silicon_rev  = AST2400_A0_SILICON_REV,
diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index b1f3e6f..34e8638 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -231,6 +231,7 @@ static void aspeed_scu_reset(DeviceState *dev)
 
 switch (s->silicon_rev) {
 case AST2400_A0_SILICON_REV:
+case AST2400_A1_SILICON_REV:
 reset = ast2400_a0_resets;
 break;
 case AST2500_A0_SILICON_REV:
@@ -249,6 +250,7 @@ static void aspeed_scu_reset(DeviceState *dev)
 
 static uint32_t aspeed_silicon_revs[] = {
 AST2400_A0_SILICON_REV,
+AST2400_A1_SILICON_REV,
 AST2500_A0_SILICON_REV,
 AST2500_A1_SILICON_REV,
 };
diff --git a/hw/misc/aspeed_sdmc.c b/hw/misc/aspeed_sdmc.c
index 8830dc0..5f3ac0b 100644
--- a/hw/misc/aspeed_sdmc.c
+++ b/hw/misc/aspeed_sdmc.c
@@ -119,6 +119,7 @@ static void aspeed_sdmc_write(void *opaque, hwaddr addr, 
uint64_t data,
 /* Make sure readonly bits are kept */
 switch (s->silicon_rev) {
 case AST2400_A0_SILICON_REV:
+case AST2400_A1_SILICON_REV:
 data &= ~ASPEED_SDMC_READONLY_MASK;
 break;
 case AST2500_A0_SILICON_REV:
@@ -193,6 +194,7 @@ static void aspeed_sdmc_reset(DeviceState *dev)
 /* Set ram size bit and defaults values */
 switch (s->silicon_rev) {
 case AST2400_A0_SILICON_REV:
+case AST2400_A1_SILICON_REV:
 s->regs[R_CONF] |=
 ASPEED_SDMC_VGA_COMPAT |
 ASPEED_SDMC_DRAM_SIZE(s->ram_bits);
@@ -224,6 +226,7 @@ static void aspeed_sdmc_realize(DeviceState *dev, Error 
**errp)
 
 switch (s->silicon_rev) {
 case AST2400_A0_SILICON_REV:
+case AST2400_A1_SILICON_REV:
 s->ram_bits = ast2400_rambits(s);
 break;
 case AST2500_A0_SILICON_REV:
-- 
2.7.4

[Qemu-devel] [PULL 16/25] aspeed: add support for the romulus-bmc board

[Peter Maydell]

From: Cédric Le Goater 

The Romulus machine is an OpenPOWER system with an AST2500 SoC for
the BMC and a POWER9 chip for the host. It does not make much
difference for qemu a part from the fact that the FMC controller has
two SPI flash module.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Message-id: 1480434248-27138-8-git-send-email-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/arm/aspeed.c | 44 
 1 file changed, 44 insertions(+)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 159d562..3509011 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -41,8 +41,10 @@ typedef struct AspeedBoardConfig {
 enum {
 PALMETTO_BMC,
 AST2500_EVB,
+ROMULUS_BMC,
 };
 
+/* Palmetto hardware value: 0x120CE416 */
 #define PALMETTO_BMC_HW_STRAP1 (\
 SCU_AST2400_HW_STRAP_DRAM_SIZE(DRAM_SIZE_256MB) |   \
 SCU_AST2400_HW_STRAP_DRAM_CONFIG(2 /* DDR3 with CL=6, CWL=5 */) | \
@@ -56,6 +58,7 @@ enum {
 SCU_HW_STRAP_VGA_SIZE_SET(VGA_16M_DRAM) |   \
 SCU_AST2400_HW_STRAP_BOOT_MODE(AST2400_SPI_BOOT))
 
+/* AST2500 evb hardware value: 0xF100C2E6 */
 #define AST2500_EVB_HW_STRAP1 ((\
 AST2500_HW_STRAP1_DEFAULTS |\
 SCU_AST2500_HW_STRAP_SPI_AUTOFETCH_ENABLE | \
@@ -66,6 +69,16 @@ enum {
 SCU_HW_STRAP_MAC0_RGMII) &  \
 ~SCU_HW_STRAP_2ND_BOOT_WDT)
 
+/* Romulus hardware value: 0xF10AD206 */
+#define ROMULUS_BMC_HW_STRAP1 ( \
+AST2500_HW_STRAP1_DEFAULTS |\
+SCU_AST2500_HW_STRAP_SPI_AUTOFETCH_ENABLE | \
+SCU_AST2500_HW_STRAP_GPIO_STRAP_ENABLE |\
+SCU_AST2500_HW_STRAP_UART_DEBUG |   \
+SCU_AST2500_HW_STRAP_DDR4_ENABLE |  \
+SCU_AST2500_HW_STRAP_ACPI_ENABLE |  \
+SCU_HW_STRAP_SPI_MODE(SCU_HW_STRAP_SPI_MASTER))
+
 static const AspeedBoardConfig aspeed_boards[] = {
 [PALMETTO_BMC] = {
 .soc_name  = "ast2400-a0",
@@ -79,6 +92,12 @@ static const AspeedBoardConfig aspeed_boards[] = {
 .fmc_model = "n25q256a",
 .spi_model = "mx25l25635e",
 },
+[ROMULUS_BMC]  = {
+.soc_name  = "ast2500-a1",
+.hw_strap1 = ROMULUS_BMC_HW_STRAP1,
+.fmc_model = "n25q256a",
+.spi_model = "mx66l1g45g",
+},
 };
 
 static void aspeed_board_init_flashes(AspeedSMCState *s, const char *flashtype,
@@ -200,10 +219,35 @@ static const TypeInfo ast2500_evb_type = {
 .class_init = ast2500_evb_class_init,
 };
 
+static void romulus_bmc_init(MachineState *machine)
+{
+aspeed_board_init(machine, _boards[ROMULUS_BMC]);
+}
+
+static void romulus_bmc_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+
+mc->desc = "OpenPOWER Romulus BMC (ARM1176)";
+mc->init = romulus_bmc_init;
+mc->max_cpus = 1;
+mc->no_sdcard = 1;
+mc->no_floppy = 1;
+mc->no_cdrom = 1;
+mc->no_parallel = 1;
+}
+
+static const TypeInfo romulus_bmc_type = {
+.name = MACHINE_TYPE_NAME("romulus-bmc"),
+.parent = TYPE_MACHINE,
+.class_init = romulus_bmc_class_init,
+};
+
 static void aspeed_machine_init(void)
 {
 type_register_static(_bmc_type);
 type_register_static(_evb_type);
+type_register_static(_bmc_type);
 }
 
 type_init(aspeed_machine_init)
-- 
2.7.4

[Qemu-devel] [PULL 07/25] target-arm: Log AArch64 exception returns

[Peter Maydell]

We already log exception entry; add logging of the AArch64 exception
return path as well.

Signed-off-by: Peter Maydell 
Reviewed-by: Edgar E. Iglesias 
---
 target/arm/op_helper.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index cd94216..ba796d8 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -17,6 +17,7 @@
  * License along with this library; if not, see .
  */
 #include "qemu/osdep.h"
+#include "qemu/log.h"
 #include "cpu.h"
 #include "exec/helper-proto.h"
 #include "internals.h"
@@ -972,6 +973,9 @@ void HELPER(exception_return)(CPUARMState *env)
 } else {
 env->regs[15] = env->elr_el[cur_el] & ~0x3;
 }
+qemu_log_mask(CPU_LOG_INT, "Exception return from AArch64 EL%d to "
+  "AArch32 EL%d PC 0x%" PRIx32 "\n",
+  cur_el, new_el, env->regs[15]);
 } else {
 env->aarch64 = 1;
 pstate_write(env, spsr);
@@ -980,6 +984,9 @@ void HELPER(exception_return)(CPUARMState *env)
 }
 aarch64_restore_sp(env, new_el);
 env->pc = env->elr_el[cur_el];
+qemu_log_mask(CPU_LOG_INT, "Exception return from AArch64 EL%d to "
+  "AArch64 EL%d PC 0x%" PRIx64 "\n",
+  cur_el, new_el, env->pc);
 }
 
 arm_call_el_change_hook(arm_env_get_cpu(env));
@@ -1002,6 +1009,8 @@ illegal_return:
 if (!arm_singlestep_active(env)) {
 env->pstate &= ~PSTATE_SS;
 }
+qemu_log_mask(LOG_GUEST_ERROR, "Illegal exception return at EL%d: "
+  "resuming execution at 0x%" PRIx64 "\n", cur_el, env->pc);
 }
 
 /* Return true if the linked breakpoint entry lbn passes its checks */
-- 
2.7.4

[Qemu-devel] [PULL 23/25] hw/arm: remove trailing whitespace

[Peter Maydell]

From: Alastair D'Silva 

Remove trailing whitespace in hw/arm/pxa2xx.c

Signed-off-by: Alastair D'Silva 
Message-id: 20161202054617.6749-3-alast...@au1.ibm.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/arm/pxa2xx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 21ea1d6..8aa0f8a 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -2070,7 +2070,7 @@ PXA2xxState *pxa270_init(MemoryRegion *address_space,
 }
 if (!revision)
 revision = "pxa270";
-
+
 s->cpu = cpu_arm_init(revision);
 if (s->cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
-- 
2.7.4

[Qemu-devel] [PULL 20/25] aspeed/scu: fix SCU region size

[Peter Maydell]

From: Cédric Le Goater 

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Reviewed-by: Andrew Jeffery 
Message-id: 1480434248-27138-12-git-send-email-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/misc/aspeed_scu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index 34e8638..95022d3 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -86,7 +86,7 @@
 #define BMC_DEV_ID   TO_REG(0x1A4)
 
 #define PROT_KEY_UNLOCK 0x1688A8A8
-#define SCU_IO_REGION_SIZE 0x2
+#define SCU_IO_REGION_SIZE 0x1000
 
 static const uint32_t ast2400_a0_resets[ASPEED_SCU_NR_REGS] = {
  [SYS_RST_CTRL]= 0xFFCFFEDCU,
-- 
2.7.4

[Qemu-devel] [PULL 15/25] aspeed: extend the board configuration with flash models

[Peter Maydell]

From: Cédric Le Goater 

Future machine will use different flash models for the FMC and the SPI
controllers.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Reviewed-by: Andrew Jeffery 
Message-id: 1480434248-27138-7-git-send-email-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/arm/aspeed.c | 20 
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index c7206fd..159d562 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -34,6 +34,8 @@ typedef struct AspeedBoardState {
 typedef struct AspeedBoardConfig {
 const char *soc_name;
 uint32_t hw_strap1;
+const char *fmc_model;
+const char *spi_model;
 } AspeedBoardConfig;
 
 enum {
@@ -65,8 +67,18 @@ enum {
 ~SCU_HW_STRAP_2ND_BOOT_WDT)
 
 static const AspeedBoardConfig aspeed_boards[] = {
-[PALMETTO_BMC] = { "ast2400-a0", PALMETTO_BMC_HW_STRAP1 },
-[AST2500_EVB]  = { "ast2500-a1", AST2500_EVB_HW_STRAP1 },
+[PALMETTO_BMC] = {
+.soc_name  = "ast2400-a0",
+.hw_strap1 = PALMETTO_BMC_HW_STRAP1,
+.fmc_model = "n25q256a",
+.spi_model = "mx25l25635e",
+},
+[AST2500_EVB]  = {
+.soc_name  = "ast2500-a1",
+.hw_strap1 = AST2500_EVB_HW_STRAP1,
+.fmc_model = "n25q256a",
+.spi_model = "mx25l25635e",
+},
 };
 
 static void aspeed_board_init_flashes(AspeedSMCState *s, const char *flashtype,
@@ -128,8 +140,8 @@ static void aspeed_board_init(MachineState *machine,
 object_property_add_const_link(OBJECT(>soc), "ram", OBJECT(>ram),
_abort);
 
-aspeed_board_init_flashes(>soc.fmc, "n25q256a", _abort);
-aspeed_board_init_flashes(>soc.spi[0], "mx25l25635e", _abort);
+aspeed_board_init_flashes(>soc.fmc, cfg->fmc_model, _abort);
+aspeed_board_init_flashes(>soc.spi[0], cfg->spi_model, _abort);
 
 aspeed_board_binfo.kernel_filename = machine->kernel_filename;
 aspeed_board_binfo.initrd_filename = machine->initrd_filename;
-- 
2.7.4

[Qemu-devel] [PULL 19/25] aspeed: change SoC revision of the palmetto-bmc machine

[Peter Maydell]

From: Cédric Le Goater 

The palmetto BMC machine uses a AST2400 revision A1 SoC.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Reviewed-by: Andrew Jeffery 
Message-id: 1480434248-27138-11-git-send-email-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/arm/aspeed.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 3509011..bc70b38 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -81,7 +81,7 @@ enum {
 
 static const AspeedBoardConfig aspeed_boards[] = {
 [PALMETTO_BMC] = {
-.soc_name  = "ast2400-a0",
+.soc_name  = "ast2400-a1",
 .hw_strap1 = PALMETTO_BMC_HW_STRAP1,
 .fmc_model = "n25q256a",
 .spi_model = "mx25l25635e",
-- 
2.7.4

[Qemu-devel] [PULL 06/25] hw/intc/arm_gicv3_common: fix aff3 in typer

[Peter Maydell]

From: Andrew Jones 

Signed-off-by: Andrew Jones 
Message-id: 20161209143703.29457-1-drjo...@redhat.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/intc/arm_gicv3_common.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
index 0f8c4b8..0aa9b9c 100644
--- a/hw/intc/arm_gicv3_common.c
+++ b/hw/intc/arm_gicv3_common.c
@@ -204,7 +204,8 @@ static void arm_gicv3_common_realize(DeviceState *dev, 
Error **errp)
 /* The CPU mp-affinity property is in MPIDR register format; squash
  * the affinity bytes into 32 bits as the GICR_TYPER has them.
  */
-cpu_affid = (cpu_affid & 0xFFULL >> 8) | (cpu_affid & 
0xFF);
+cpu_affid = ((cpu_affid & 0xFFULL) >> 8) |
+ (cpu_affid & 0xFF);
 s->cpu[i].gicr_typer = (cpu_affid << 32) |
 (1 << 24) |
 (i << 8) |
-- 
2.7.4

[Qemu-devel] [PULL 14/25] aspeed: attach the second SPI controller object to the SoC

[Peter Maydell]

From: Cédric Le Goater 

Signed-off-by: Cédric Le Goater 
Reviewed-by: Andrew Jeffery 
Message-id: 1480434248-27138-6-git-send-email-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/arm/aspeed_soc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 3a6b91f..82e2712 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -124,7 +124,7 @@ static void aspeed_soc_init(Object *obj)
 for (i = 0; i < sc->info->spis_num; i++) {
 object_initialize(>spi[i], sizeof(s->spi[i]),
   sc->info->spi_typename[i]);
-object_property_add_child(obj, "spi", OBJECT(>spi[i]), NULL);
+object_property_add_child(obj, "spi[*]", OBJECT(>spi[i]), NULL);
 qdev_set_parent_bus(DEVICE(>spi[i]), sysbus_get_default());
 }
 
-- 
2.7.4

[Qemu-devel] [PULL 10/25] hw/arm/virt: add 2.9 machine type

[Peter Maydell]

Signed-off-by: Peter Maydell 
Reviewed-by: Andrew Jones 
---
 include/hw/compat.h |  3 +++
 hw/arm/virt.c   | 19 +--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/include/hw/compat.h b/include/hw/compat.h
index 8dfc7a3..4fe44d1 100644
--- a/include/hw/compat.h
+++ b/include/hw/compat.h
@@ -1,6 +1,9 @@
 #ifndef HW_COMPAT_H
 #define HW_COMPAT_H
 
+#define HW_COMPAT_2_8 \
+/* empty */
+
 #define HW_COMPAT_2_7 \
 {\
 .driver   = "virtio-pci",\
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index d04e4ac..11c53a5 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1525,7 +1525,7 @@ static void machvirt_machine_init(void)
 }
 type_init(machvirt_machine_init);
 
-static void virt_2_8_instance_init(Object *obj)
+static void virt_2_9_instance_init(Object *obj)
 {
 VirtMachineState *vms = VIRT_MACHINE(obj);
 
@@ -1558,10 +1558,25 @@ static void virt_2_8_instance_init(Object *obj)
 "Valid values are 2, 3 and host", NULL);
 }
 
+static void virt_machine_2_9_options(MachineClass *mc)
+{
+}
+DEFINE_VIRT_MACHINE_AS_LATEST(2, 9)
+
+#define VIRT_COMPAT_2_8 \
+HW_COMPAT_2_8
+
+static void virt_2_8_instance_init(Object *obj)
+{
+virt_2_9_instance_init(obj);
+}
+
 static void virt_machine_2_8_options(MachineClass *mc)
 {
+virt_machine_2_9_options(mc);
+SET_MACHINE_COMPAT(mc, VIRT_COMPAT_2_8);
 }
-DEFINE_VIRT_MACHINE_AS_LATEST(2, 8)
+DEFINE_VIRT_MACHINE(2, 8)
 
 #define VIRT_COMPAT_2_7 \
 HW_COMPAT_2_7
-- 
2.7.4

[Qemu-devel] [PULL 11/25] m25p80: add support for the mx66l1g45g

[Peter Maydell]

From: Cédric Le Goater 

Signed-off-by: Cédric Le Goater 
Reviewed-by: Marcin Krzeminski 
Reviewed-by: Joel Stanley 
Reviewed-by: Andrew Jeffery 
Message-id: 1480434248-27138-3-git-send-email-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/block/m25p80.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index d29ff4c..e3c1166 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -203,6 +203,7 @@ static const FlashPartInfo known_devices[] = {
 { INFO("mx25l25655e", 0xc22619,  0,  64 << 10, 512, 0) },
 { INFO("mx66u51235f", 0xc2253a,  0,  64 << 10, 1024, ER_4K | ER_32K) },
 { INFO("mx66u1g45g",  0xc2253b,  0,  64 << 10, 2048, ER_4K | ER_32K) },
+{ INFO("mx66l1g45g",  0xc2201b,  0,  64 << 10, 2048, ER_4K | ER_32K) },
 
 /* Micron */
 { INFO("n25q032a11",  0x20bb16,  0,  64 << 10,  64, ER_4K) },
-- 
2.7.4

[Qemu-devel] [PULL 05/25] target-arm: Fix aarch64 disas_ldst_single_struct

[Peter Maydell]

From: Richard Henderson 

We add s->be_data within do_vec_ld/st.  Adding it here means that
we have the wrong bits set in SIZE for a big-endian host, leading
to g_assert_not_reached in write_vec_element and read_vec_element.

Signed-off-by: Richard Henderson 
Message-id: 1481085020-2614-3-git-send-email-...@twiddle.net
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/translate-a64.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index ef7601b..f673d93 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -2830,9 +2830,9 @@ static void disas_ldst_single_struct(DisasContext *s, 
uint32_t insn)
 } else {
 /* Load/store one element per register */
 if (is_load) {
-do_vec_ld(s, rt, index, tcg_addr, s->be_data + scale);
+do_vec_ld(s, rt, index, tcg_addr, scale);
 } else {
-do_vec_st(s, rt, index, tcg_addr, s->be_data + scale);
+do_vec_st(s, rt, index, tcg_addr, scale);
 }
 }
 tcg_gen_addi_i64(tcg_addr, tcg_addr, ebytes);
-- 
2.7.4

[Qemu-devel] [PULL 13/25] aspeed: remove cannot_destroy_with_object_finalize_yet

[Peter Maydell]

From: Cédric Le Goater 

With commit ce5b1bbf624b ("exec: move cpu_exec_init() calls to realize
functions"), we can now remove cannot_destroy_with_object_finalize_yet.

Suggested-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Message-id: 1480434248-27138-5-git-send-email-...@kaod.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/arm/aspeed_soc.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index db145e2..3a6b91f 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -251,12 +251,6 @@ static void aspeed_soc_class_init(ObjectClass *oc, void 
*data)
 
 sc->info = (AspeedSoCInfo *) data;
 dc->realize = aspeed_soc_realize;
-
-/*
- * Reason: creates an ARM CPU, thus use after free(), see
- * arm_cpu_class_init()
- */
-dc->cannot_destroy_with_object_finalize_yet = true;
 }
 
 static const TypeInfo aspeed_soc_type_info = {
-- 
2.7.4

[Qemu-devel] [PULL 04/25] target-arm: Fix aarch64 vec_reg_offset

[Peter Maydell]

From: Richard Henderson 

Since CPUARMState.vfp.regs is not 16 byte aligned, the ^ 8 fixup used
for a big-endian host doesn't do what's intended.  Fix this by adding
in the vfp.regs offset after computing the inter-register offset.

Signed-off-by: Richard Henderson 
Message-id: 1481085020-2614-2-git-send-email-...@twiddle.net
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/translate-a64.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 6dc27a6..ef7601b 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -527,7 +527,7 @@ static inline void assert_fp_access_checked(DisasContext *s)
 static inline int vec_reg_offset(DisasContext *s, int regno,
  int element, TCGMemOp size)
 {
-int offs = offsetof(CPUARMState, vfp.regs[regno * 2]);
+int offs = 0;
 #ifdef HOST_WORDS_BIGENDIAN
 /* This is complicated slightly because vfp.regs[2n] is
  * still the low half and  vfp.regs[2n+1] the high half
@@ -540,6 +540,7 @@ static inline int vec_reg_offset(DisasContext *s, int regno,
 #else
 offs += element * (1 << size);
 #endif
+offs += offsetof(CPUARMState, vfp.regs[regno * 2]);
 assert_fp_access_checked(s);
 return offs;
 }
-- 
2.7.4

[Qemu-devel] [PULL 09/25] hw/intc/arm_gicv3: Don't signal Pending+Active interrupts to CPU

[Peter Maydell]

The GICv3 requires that we only signal Pending interrupts to
the CPU. This category does not include Pending+Active interrupts,
which means we need to check whether the interrupt is Active in
the gicr_int_pending() and gicd_int_pending() functions.

Interrupts are rarely in the Active+Pending state, but KVM
uses this as part of its handling of the virtual timer, so
this bug was causing KVM to go into an infinite loop of
taking the vtimer interrupt when the guest first triggered it.

Signed-off-by: Peter Maydell 
Reviewed-by: Edgar E. Iglesias 
---
 hw/intc/arm_gicv3.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/intc/arm_gicv3.c b/hw/intc/arm_gicv3.c
index 8a6c647..f0c967b 100644
--- a/hw/intc/arm_gicv3.c
+++ b/hw/intc/arm_gicv3.c
@@ -54,6 +54,7 @@ static uint32_t gicd_int_pending(GICv3State *s, int irq)
  *  + the PENDING latch is set OR it is level triggered and the input is 1
  *  + its ENABLE bit is set
  *  + the GICD enable bit for its group is set
+ *  + its ACTIVE bit is not set (otherwise it would be Active+Pending)
  * Conveniently we can bulk-calculate this with bitwise operations.
  */
 uint32_t pend, grpmask;
@@ -63,9 +64,11 @@ static uint32_t gicd_int_pending(GICv3State *s, int irq)
 uint32_t group = *gic_bmp_ptr32(s->group, irq);
 uint32_t grpmod = *gic_bmp_ptr32(s->grpmod, irq);
 uint32_t enable = *gic_bmp_ptr32(s->enabled, irq);
+uint32_t active = *gic_bmp_ptr32(s->active, irq);
 
 pend = pending | (~edge_trigger & level);
 pend &= enable;
+pend &= ~active;
 
 if (s->gicd_ctlr & GICD_CTLR_DS) {
 grpmod = 0;
@@ -96,12 +99,14 @@ static uint32_t gicr_int_pending(GICv3CPUState *cs)
  *  + the PENDING latch is set OR it is level triggered and the input is 1
  *  + its ENABLE bit is set
  *  + the GICD enable bit for its group is set
+ *  + its ACTIVE bit is not set (otherwise it would be Active+Pending)
  * Conveniently we can bulk-calculate this with bitwise operations.
  */
 uint32_t pend, grpmask, grpmod;
 
 pend = cs->gicr_ipendr0 | (~cs->edge_trigger & cs->level);
 pend &= cs->gicr_ienabler0;
+pend &= ~cs->gicr_iactiver0;
 
 if (cs->gic->gicd_ctlr & GICD_CTLR_DS) {
 grpmod = 0;
-- 
2.7.4

[Qemu-devel] [PULL 02/25] cadence_uart: Check if receiver timeout counter is disabled

[Peter Maydell]

From: Andrew Gacek 

When register Rcvr_timeout_reg0 (R_RTOR in cadence_uart.c) is set to
0, the receiver timeout counter should be disabled. See page 1801 of
"Zynq-7000 AP SoC Technical Reference Manual". This commit adds a
such a check before setting the receive timeout interrupt.

Signed-off-by: Andrew Gacek 
Reviewed-by: Edgar E. Iglesias 
Signed-off-by: Peter Maydell 
---
 hw/char/cadence_uart.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
index dba1c53..4dcee57 100644
--- a/hw/char/cadence_uart.c
+++ b/hw/char/cadence_uart.c
@@ -138,9 +138,10 @@ static void fifo_trigger_update(void *opaque)
 {
 CadenceUARTState *s = opaque;
 
-s->r[R_CISR] |= UART_INTR_TIMEOUT;
-
-uart_update_status(s);
+if (s->r[R_RTOR]) {
+s->r[R_CISR] |= UART_INTR_TIMEOUT;
+uart_update_status(s);
+}
 }
 
 static void uart_rx_reset(CadenceUARTState *s)
-- 
2.7.4

[Qemu-devel] [PULL 00/25] target-arm queue

[Peter Maydell]

First target-arm pull for 2.9; nothing particularly exciting here.

thanks
-- PMM

The following changes since commit a470b33259bf82ef2336bfcd5d07640562d3f63b:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging 
(2016-12-22 19:23:51 +)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20161227

for you to fetch changes up to 91db4642f868cf2e591b62d31a19d35b02ea791e:

  target-arm: Add VBAR support to ARM1176 CPUs (2016-12-27 14:59:30 +)


target-arm queue:
 * add VBAR support to ARM1176 CPUs
 * hw/i2c: add NULL check to i2c slave init callbacks
 * pxa2xx.c: fix trailing whitespace
 * aspeed: various cleanups
 * aspeed: add romulus-bmc board
 * virt: add 2.9 machine type
 * gicv3: don't signal Pending+Active interrupts to CPU
 * gicv3: fix incorrect usage of fieldoffset
 * arm: log AArch64 exception returns
 * gicv3: fix aff3 field in typer register
 * aarch64: fix ldst_single_struct on BE hosts
 * aarch64: fix vec_reg_offset on BE hosts
 * arm: fix Cortex-A8 MVFR1 register value
 * cadence_uart: check if receiver timeout counter disabled
 * cadence_uart: check register values on migration


Alastair D'Silva (2):
  hw/arm: remove trailing whitespace
  hw/i2c: Add a NULL check for i2c slave init callbacks

Alistair Francis (1):
  cadence_uart: Check baud rate generator and divider values on migration

Andrew Gacek (1):
  cadence_uart: Check if receiver timeout counter is disabled

Andrew Jones (1):
  hw/intc/arm_gicv3_common: fix aff3 in typer

Cédric Le Goater (13):
  m25p80: add support for the mx66l1g45g
  aspeed: QOMify the CPU object and attach it to the SoC
  aspeed: remove cannot_destroy_with_object_finalize_yet
  aspeed: attach the second SPI controller object to the SoC
  aspeed: extend the board configuration with flash models
  aspeed: add support for the romulus-bmc board
  aspeed: add a memory region for SRAM
  aspeed: add the definitions for the AST2400 A1 SoC
  aspeed: change SoC revision of the palmetto-bmc machine
  aspeed/scu: fix SCU region size
  aspeed/smc: improve segment register support
  aspeed/smc: set the number of flash modules for the FMC controller
  target-arm: Add VBAR support to ARM1176 CPUs

Julian Brown (1):
  Correct value of ARM Cortex-A8 MVFR1 register.

Peter Maydell (4):
  target-arm: Log AArch64 exception returns
  hw/intc/arm_gicv3: Remove incorrect usage of fieldoffset
  hw/intc/arm_gicv3: Don't signal Pending+Active interrupts to CPU
  hw/arm/virt: add 2.9 machine type

Richard Henderson (2):
  target-arm: Fix aarch64 vec_reg_offset
  target-arm: Fix aarch64 disas_ldst_single_struct

 include/hw/arm/aspeed_soc.h  |  4 +-
 include/hw/compat.h  |  3 ++
 include/hw/misc/aspeed_scu.h |  1 +
 target/arm/cpu.h |  1 +
 hw/arm/aspeed.c  | 70 ++--
 hw/arm/aspeed_soc.c  | 95 +---
 hw/arm/pxa2xx.c  |  9 +
 hw/arm/tosa.c|  7 
 hw/arm/virt.c| 19 -
 hw/arm/z2.c  |  7 
 hw/block/m25p80.c|  1 +
 hw/char/cadence_uart.c   | 14 +--
 hw/i2c/core.c|  6 ++-
 hw/intc/arm_gicv3.c  |  5 +++
 hw/intc/arm_gicv3_common.c   |  3 +-
 hw/intc/arm_gicv3_cpuif.c| 13 +++---
 hw/misc/aspeed_scu.c |  4 +-
 hw/misc/aspeed_sdmc.c|  3 ++
 hw/ssi/aspeed_smc.c  | 17 
 hw/timer/ds1338.c|  6 ---
 target/arm/cpu.c | 11 -
 target/arm/helper.c  | 19 ++---
 target/arm/op_helper.c   |  9 +
 target/arm/translate-a64.c   |  7 ++--
 24 files changed, 245 insertions(+), 89 deletions(-)

[Qemu-devel] [PULL 03/25] Correct value of ARM Cortex-A8 MVFR1 register.

[Peter Maydell]

From: Julian Brown 

The value of the MVFR1 (Media and VFP Feature Register 1) register for
the Cortex-A8 appears to be incorrect (according to the TRM, DDI0344K),
with the "full denormal arithmetic" and "propagation of NaN" fields
holding both 0 instead of both 1.

I had a go tracing the history of the use of this value, and it seems
it's always just been wrong in QEMU: maybe it was derived from early
documentation, or guessed based on the use of a "VFP Lite" implementation
in the Cortex-A8.

Depending on the startup/early-boot code in use, this can manifest as
failure to perform denormal arithmetic properly: in our case, selecting
a Cortex-A8 CPU when using QEMU as an instruction-set simulator for
bare-metal GCC testing caused tests using denormal arithmetic to
fail. Problems might be masked (or not occur) when using a full OS kernel
with suitable trap handlers (I'm not sure).

Signed-off-by: Julian Brown 
Message-id: 1481130858-31767-1-git-send-email-jul...@codesourcery.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 99f0dbe..98e2c68 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1055,7 +1055,7 @@ static void cortex_a8_initfn(Object *obj)
 cpu->midr = 0x410fc080;
 cpu->reset_fpsid = 0x410330c0;
 cpu->mvfr0 = 0x0222;
-cpu->mvfr1 = 0x00011100;
+cpu->mvfr1 = 0x0001;
 cpu->ctr = 0x82048004;
 cpu->reset_sctlr = 0x00c50078;
 cpu->id_pfr0 = 0x1031;
-- 
2.7.4

[Qemu-devel] [PULL 01/25] cadence_uart: Check baud rate generator and divider values on migration

[Peter Maydell]

From: Alistair Francis 

The Cadence UART device emulator calculates speed by dividing the
baud rate by a 'baud rate generator' & 'baud rate divider' value.
The device specification defines these register values to be
non-zero and within certain limits. Checks were recently added when
writing to these registers but not when restoring from migration.

This patch adds checks when restoring from migration to avoid divide by
zero errors.

Reported-by: Huawei PSIRT 
Signed-off-by: Alistair Francis 
Message-id: 
04ae30ed8ee1758cd2d2af880da4d28f74c67738.1481132150.git.alistair.fran...@xilinx.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/char/cadence_uart.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
index 0215d65..dba1c53 100644
--- a/hw/char/cadence_uart.c
+++ b/hw/char/cadence_uart.c
@@ -502,6 +502,13 @@ static int cadence_uart_post_load(void *opaque, int 
version_id)
 {
 CadenceUARTState *s = opaque;
 
+/* Ensure these two aren't invalid numbers */
+if (s->r[R_BRGR] < 1 || s->r[R_BRGR] & ~0x ||
+s->r[R_BDIV] <= 3 || s->r[R_BDIV] & ~0xFF) {
+/* Value is invalid, abort */
+return 1;
+}
+
 uart_parameters_setup(s);
 uart_update_status(s);
 return 0;
-- 
2.7.4

[Qemu-devel] [PULL 12/25] aspeed: QOMify the CPU object and attach it to the SoC

[Peter Maydell]

From: Cédric Le Goater 

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Reviewed-by: Andrew Jeffery 
Message-id: 1480434248-27138-4-git-send-email-...@kaod.org
Signed-off-by: Peter Maydell 
---
 include/hw/arm/aspeed_soc.h |  2 +-
 hw/arm/aspeed_soc.c | 17 ++---
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index 5406b49..6f1b679 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -27,7 +27,7 @@ typedef struct AspeedSoCState {
 DeviceState parent;
 
 /*< public >*/
-ARMCPU *cpu;
+ARMCPU cpu;
 MemoryRegion iomem;
 AspeedVICState vic;
 AspeedTimerCtrlState timerctrl;
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index e14f5c2..db145e2 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -87,9 +87,13 @@ static void aspeed_soc_init(Object *obj)
 {
 AspeedSoCState *s = ASPEED_SOC(obj);
 AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
+char *cpu_typename;
 int i;
 
-s->cpu = cpu_arm_init(sc->info->cpu_model);
+cpu_typename = g_strdup_printf("%s-" TYPE_ARM_CPU, sc->info->cpu_model);
+object_initialize(>cpu, sizeof(s->cpu), cpu_typename);
+object_property_add_child(obj, "cpu", OBJECT(>cpu), NULL);
+g_free(cpu_typename);
 
 object_initialize(>vic, sizeof(s->vic), TYPE_ASPEED_VIC);
 object_property_add_child(obj, "vic", OBJECT(>vic), NULL);
@@ -146,6 +150,13 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 memory_region_add_subregion_overlap(get_system_memory(),
 ASPEED_SOC_IOMEM_BASE, >iomem, -1);
 
+/* CPU */
+object_property_set_bool(OBJECT(>cpu), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
 /* VIC */
 object_property_set_bool(OBJECT(>vic), true, "realized", );
 if (err) {
@@ -154,9 +165,9 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 }
 sysbus_mmio_map(SYS_BUS_DEVICE(>vic), 0, ASPEED_SOC_VIC_BASE);
 sysbus_connect_irq(SYS_BUS_DEVICE(>vic), 0,
-   qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ));
+   qdev_get_gpio_in(DEVICE(>cpu), ARM_CPU_IRQ));
 sysbus_connect_irq(SYS_BUS_DEVICE(>vic), 1,
-   qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_FIQ));
+   qdev_get_gpio_in(DEVICE(>cpu), ARM_CPU_FIQ));
 
 /* Timer */
 object_property_set_bool(OBJECT(>timerctrl), true, "realized", );
-- 
2.7.4

Re: [Qemu-devel] [PATCH 01/23] target-arm: Log AArch64 exception returns

[Peter Maydell]

On 20 December 2016 at 15:31, Andrew Jones  wrote:
> Should we output both the destination PC (ELR) and the source PC (where
> the eret was)? Otherwise if there are many erets to the same entry point,
> then the logs won't fully enlighten us.

We don't really conveniently have the source PC, because it isn't
written out to env->pc at the point when this helper function
is called (the calling code in translate-a64.c doesn't call
gen_a64_set_pc(), because it knows the helper doesn't need to
care about the PC value).

thanks
-- PMM

Re: [Qemu-devel] [PATCH] ps2: Fix lost scancodes by recent changes

[Hervé Poussineau]

Le 23/12/2016 à 23:49, OGAWA Hirofumi a écrit :

Hi,

Hervé Poussineau  writes:


[from ui/input-keymap.c]

 [Q_KEY_CODE_RO] = 0x73,
+[Q_KEY_CODE_HIRAGANA] = 0x70,
+[Q_KEY_CODE_HENKAN] = 0x79,
+[Q_KEY_CODE_YEN] = 0x7d,
 [Q_KEY_CODE_KP_COMMA] = 0x7e,

 [Q_KEY_CODE__MAX] = 0,




[from hw/input/ps2.c]

Can you also add the keycodes for scancode set 1:
+[Q_KEY_CODE_HIRAGANA] = 0x70,
+[Q_KEY_CODE_HENKAN] = 0x79,
+[Q_KEY_CODE_YEN] = 0x7d,


Current linux can't use set1, so untested.


Note that those are the same as those added in input-keymap.c




and scancode set 3:
+[Q_KEY_CODE_HIRAGANA] = 0x87,
+[Q_KEY_CODE_HENKAN] = 0x86,
+[Q_KEY_CODE_YEN] = 0x51,


Boot with "i8042.direct=1", then set set3.

# echo 3 > /sys/devices/platform/i8042/serio0/set
# cat /sys/devices/platform/i8042/serio0/set
3

HENKAN, HIRAGANA seems to be working, but YEN is not working.  I'm not
sure if it is your patch, testing, or kernel problem.

Can you point what is problem?

# lsinput

[...]

/dev/input/event4
   bustype : BUS_I8042
   vendor  : 0x1
   product : 0x3
   version : 43907
   name: "AT Raw Set 3 keyboard"
   phys: "isa0060/serio0/input0"
   bits ev : EV_SYN EV_KEY EV_MSC EV_LED EV_REP

# input-event
/dev/input/event4
   bustype : BUS_I8042
   vendor  : 0x1
   product : 0x3
   version : 43907
   name: "AT Raw Set 3 keyboard"
   phys: "isa0060/serio0/input0"
   bits ev : EV_SYN EV_KEY EV_MSC EV_LED EV_REP

waiting for events
[... on qemu monitor "sendkey henkan" ...]
06:49:58.061932: EV_KEY KEY_HENKAN (0x5c) pressed
06:49:58.061932: EV_SYN code=0 value=0
06:49:58.149812: EV_MSC MSC_SCAN 134

-> 134 = 0x86, as expected ([Q_KEY_CODE_HENKAN] = 0x86)


06:49:58.149812: EV_KEY KEY_HENKAN (0x5c) released
06:49:58.149812: EV_SYN code=0 value=0



[... on qemu monitor "sendkey hiragana" ...]
06:49:58.333876: EV_MSC MSC_SCAN 135

-> 135 = 0x87, as expected ([Q_KEY_CODE_HIRAGANA] = 0x87)


06:49:58.333876: EV_KEY KEY_KATAKANAHIRAGANA (0x5d) pressed
06:49:58.333876: EV_SYN code=0 value=0
06:49:58.421889: EV_MSC MSC_SCAN 135
06:49:58.421889: EV_KEY KEY_KATAKANAHIRAGANA (0x5d) released
06:49:58.421889: EV_SYN code=0 value=0



[... on qemu monitor "sendkey yen" ...]
06:49:58.893893: EV_MSC MSC_SCAN 81

-> 81 = 0x51

06:49:58.893893: EV_KEY KEY_VOLUMEDOWN (0x72) pressed
06:49:58.893893: EV_SYN code=0 value=0
06:49:58.973841: EV_MSC MSC_SCAN 81
06:49:58.973841: EV_KEY KEY_VOLUMEDOWN (0x72) released
06:49:58.973841: EV_SYN code=0 value=0
timeout, quitting


So, Linux is describing 0x51 make scancode as VOLUMEDOWN.

Indeed, according to http://www.quadibloc.com/comp/scan.htm
Set 1  Set 2  Set 3
HENKAN   79 64 86(kanji)
HIRAGANA 70 13 87(katakana)
YEN  7d 6a 5d(INT 4)

So correct values for hw/input/ps2.c seem to be:

Set 1 (same values as in ui/input-keymap.c)
+[Q_KEY_CODE_HIRAGANA] = 0x70,
+[Q_KEY_CODE_HENKAN] = 0x79,
+[Q_KEY_CODE_YEN] = 0x7d,

Set 2 (your initial patch)
+[Q_KEY_CODE_HIRAGANA] = 0x13,
+[Q_KEY_CODE_HENKAN] = 0x64,
+[Q_KEY_CODE_YEN] = 0x6a,

Set 3:
+[Q_KEY_CODE_HIRAGANA] = 0x87, // already verified
+[Q_KEY_CODE_HENKAN] = 0x86, // already verified
+[Q_KEY_CODE_YEN] = 0x5d,  // not 0x51,  as I said in a previous email

Can you check those values?

Regards,

Hervé

Re: [Qemu-devel] [PATCH] Further tidy-up on block status

[Vladimir Sementsov-Ogievskiy]

A bit out of topic, but...


structured replies via `NBD_OPT_STRUCTURED_REPLY`.  Conversely, if
structured replies are negotiated, the server MUST use a
structured reply for any response with a payload, and MUST NOT use
a simple reply for `NBD_CMD_READ` (even for the case of an early
`EINVAL` due to bad flags), but MAY use either a simple reply or a
structured reply to all other requests.


What was the reason for it? Why not to negotiate forced structured read 
separately? Actually, this spec forces any server, which wants to 
implement structured reply implement structured read too. But what if it 
don't want to? If it only wants to implement BLOCK_STATUS?


So, what about changing it, to allow BLOCK_STATUS (or other future 
structured replies) without structured read? Structured read is good 
only for sparse formats, when BLOCK_STATUS is more global. I understand, 
that servers may implement simple (and useless) one-chunk structured 
read, but I think that it is better to fix the spec, to not provoke 
servers use such workaround.



--
Best regards,
Vladimir

Re: [Qemu-devel] m68k: Remove dummy machine

[Thomas Huth]

Am Tue, 27 Dec 2016 12:52:30 +0100
schrieb Laurent Vivier :

> Le 20/12/2016 à 15:32, Thomas Huth a écrit :
> > You can get an empty machine with "-M none" nowadays, so the
> > m68k dummy board (introduced in 2007) seems to be pretty
> > redundant since the "none" machine has been added in 2012.
> > 
> > Signed-off-by: Thomas Huth 
> > ---
> >  MAINTAINERS   |  4 ---
> >  hw/m68k/Makefile.objs |  2 --
> >  hw/m68k/dummy_m68k.c  | 84
> > --- 3 files
> > changed, 90 deletions(-) delete mode 100644 hw/m68k/dummy_m68k.c
> > 
> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index 4a60579..88ee8cd 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -552,10 +552,6 @@ S: Orphan
> >  F: hw/m68k/an5206.c
> >  F: hw/m68k/mcf5206.c
> >  
> > -dummy_m68k
> > -S: Orphan
> > -F: hw/m68k/dummy_m68k.c
> > -
> >  mcf5208
> >  S: Orphan
> >  F: hw/m68k/mcf5208.c
> > diff --git a/hw/m68k/Makefile.objs b/hw/m68k/Makefile.objs
> > index c4352e7..d1f089c 100644
> > --- a/hw/m68k/Makefile.objs
> > +++ b/hw/m68k/Makefile.objs
> > @@ -1,4 +1,2 @@
> >  obj-y += an5206.o mcf5208.o
> > -obj-y += dummy_m68k.o
> > -
> >  obj-y += mcf5206.o mcf_intc.o
> > diff --git a/hw/m68k/dummy_m68k.c b/hw/m68k/dummy_m68k.c
> > deleted file mode 100644
> > index 0b11d20..000
> > --- a/hw/m68k/dummy_m68k.c
> > +++ /dev/null
> > @@ -1,84 +0,0 @@
> > -/*
> > - * Dummy board with just RAM and CPU for use as an ISS.
> > - *
> > - * Copyright (c) 2007 CodeSourcery.
> > - *
> > - * This code is licensed under the GPL
> > - */
> > -
> > -#include "qemu/osdep.h"
> > -#include "qemu-common.h"
> > -#include "cpu.h"
> > -#include "hw/hw.h"
> > -#include "hw/boards.h"
> > -#include "hw/loader.h"
> > -#include "elf.h"
> > -#include "exec/address-spaces.h"
> > -
> > -#define KERNEL_LOAD_ADDR 0x1
> > -
> > -/* Board init.  */
> > -
> > -static void dummy_m68k_init(MachineState *machine)
> > -{
> > -ram_addr_t ram_size = machine->ram_size;
> > -const char *cpu_model = machine->cpu_model;
> > -const char *kernel_filename = machine->kernel_filename;
> > -M68kCPU *cpu;
> > -CPUM68KState *env;
> > -MemoryRegion *address_space_mem =  get_system_memory();
> > -MemoryRegion *ram = g_new(MemoryRegion, 1);
> > -int kernel_size;
> > -uint64_t elf_entry;
> > -hwaddr entry;
> > -
> > -if (!cpu_model)
> > -cpu_model = "cfv4e";
> > -cpu = cpu_m68k_init(cpu_model);
> > -if (!cpu) {
> > -fprintf(stderr, "Unable to find m68k CPU definition\n");
> > -exit(1);
> > -}
> > -env = >env;
> > -
> > -/* Initialize CPU registers.  */
> > -env->vbr = 0;
> > -
> > -/* RAM at address zero */
> > -memory_region_allocate_system_memory(ram, NULL,
> > "dummy_m68k.ram",
> > - ram_size);
> > -memory_region_add_subregion(address_space_mem, 0, ram);
> > -
> > -/* Load kernel.  */
> > -if (kernel_filename) {
> > -kernel_size = load_elf(kernel_filename, NULL, NULL,
> > _entry,
> > -   NULL, NULL, 1, EM_68K, 0, 0);
> > -entry = elf_entry;
> > -if (kernel_size < 0) {
> > -kernel_size = load_uimage(kernel_filename, ,
> > NULL, NULL,
> > -  NULL, NULL);
> > -}
> > -if (kernel_size < 0) {
> > -kernel_size = load_image_targphys(kernel_filename,
> > -  KERNEL_LOAD_ADDR,
> > -  ram_size -
> > KERNEL_LOAD_ADDR);
> > -entry = KERNEL_LOAD_ADDR;
> > -}
> > -if (kernel_size < 0) {
> > -fprintf(stderr, "qemu: could not load kernel '%s'\n",
> > -kernel_filename);
> > -exit(1);
> > -}
> > -} else {
> > -entry = 0;
> > -}
> > -env->pc = entry;
> > -}
> > -
> > -static void dummy_m68k_machine_init(MachineClass *mc)
> > -{
> > -mc->desc = "Dummy board";
> > -mc->init = dummy_m68k_init;
> > -}
> > -
> > -DEFINE_MACHINE("dummy", dummy_m68k_machine_init)
> > 
> 
> I'm not sure the "none" machine can replace the "dummy" machine as the
> "dummy" machine can load a kernel whereas it seems the "none" one
> can't.

Oh, that's true ... I did not notice it 'cause there was no error
message when I tried to start the "none" machine with "-kernel". But
looking at the code in hw/core/null-machine.c, it really seems that
there is nothing in here :-( So never mind, please forget about this
patch. (but now I wonder whether the "none" machine could be improved to
provide the features of the "dummy" machine, too?)

 Thomas

Re: [Qemu-devel] m68k: Remove dummy machine

[Laurent Vivier]

Le 20/12/2016 à 15:32, Thomas Huth a écrit :
> You can get an empty machine with "-M none" nowadays, so the
> m68k dummy board (introduced in 2007) seems to be pretty
> redundant since the "none" machine has been added in 2012.
> 
> Signed-off-by: Thomas Huth 
> ---
>  MAINTAINERS   |  4 ---
>  hw/m68k/Makefile.objs |  2 --
>  hw/m68k/dummy_m68k.c  | 84 
> ---
>  3 files changed, 90 deletions(-)
>  delete mode 100644 hw/m68k/dummy_m68k.c
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 4a60579..88ee8cd 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -552,10 +552,6 @@ S: Orphan
>  F: hw/m68k/an5206.c
>  F: hw/m68k/mcf5206.c
>  
> -dummy_m68k
> -S: Orphan
> -F: hw/m68k/dummy_m68k.c
> -
>  mcf5208
>  S: Orphan
>  F: hw/m68k/mcf5208.c
> diff --git a/hw/m68k/Makefile.objs b/hw/m68k/Makefile.objs
> index c4352e7..d1f089c 100644
> --- a/hw/m68k/Makefile.objs
> +++ b/hw/m68k/Makefile.objs
> @@ -1,4 +1,2 @@
>  obj-y += an5206.o mcf5208.o
> -obj-y += dummy_m68k.o
> -
>  obj-y += mcf5206.o mcf_intc.o
> diff --git a/hw/m68k/dummy_m68k.c b/hw/m68k/dummy_m68k.c
> deleted file mode 100644
> index 0b11d20..000
> --- a/hw/m68k/dummy_m68k.c
> +++ /dev/null
> @@ -1,84 +0,0 @@
> -/*
> - * Dummy board with just RAM and CPU for use as an ISS.
> - *
> - * Copyright (c) 2007 CodeSourcery.
> - *
> - * This code is licensed under the GPL
> - */
> -
> -#include "qemu/osdep.h"
> -#include "qemu-common.h"
> -#include "cpu.h"
> -#include "hw/hw.h"
> -#include "hw/boards.h"
> -#include "hw/loader.h"
> -#include "elf.h"
> -#include "exec/address-spaces.h"
> -
> -#define KERNEL_LOAD_ADDR 0x1
> -
> -/* Board init.  */
> -
> -static void dummy_m68k_init(MachineState *machine)
> -{
> -ram_addr_t ram_size = machine->ram_size;
> -const char *cpu_model = machine->cpu_model;
> -const char *kernel_filename = machine->kernel_filename;
> -M68kCPU *cpu;
> -CPUM68KState *env;
> -MemoryRegion *address_space_mem =  get_system_memory();
> -MemoryRegion *ram = g_new(MemoryRegion, 1);
> -int kernel_size;
> -uint64_t elf_entry;
> -hwaddr entry;
> -
> -if (!cpu_model)
> -cpu_model = "cfv4e";
> -cpu = cpu_m68k_init(cpu_model);
> -if (!cpu) {
> -fprintf(stderr, "Unable to find m68k CPU definition\n");
> -exit(1);
> -}
> -env = >env;
> -
> -/* Initialize CPU registers.  */
> -env->vbr = 0;
> -
> -/* RAM at address zero */
> -memory_region_allocate_system_memory(ram, NULL, "dummy_m68k.ram",
> - ram_size);
> -memory_region_add_subregion(address_space_mem, 0, ram);
> -
> -/* Load kernel.  */
> -if (kernel_filename) {
> -kernel_size = load_elf(kernel_filename, NULL, NULL, _entry,
> -   NULL, NULL, 1, EM_68K, 0, 0);
> -entry = elf_entry;
> -if (kernel_size < 0) {
> -kernel_size = load_uimage(kernel_filename, , NULL, NULL,
> -  NULL, NULL);
> -}
> -if (kernel_size < 0) {
> -kernel_size = load_image_targphys(kernel_filename,
> -  KERNEL_LOAD_ADDR,
> -  ram_size - KERNEL_LOAD_ADDR);
> -entry = KERNEL_LOAD_ADDR;
> -}
> -if (kernel_size < 0) {
> -fprintf(stderr, "qemu: could not load kernel '%s'\n",
> -kernel_filename);
> -exit(1);
> -}
> -} else {
> -entry = 0;
> -}
> -env->pc = entry;
> -}
> -
> -static void dummy_m68k_machine_init(MachineClass *mc)
> -{
> -mc->desc = "Dummy board";
> -mc->init = dummy_m68k_init;
> -}
> -
> -DEFINE_MACHINE("dummy", dummy_m68k_machine_init)
> 

I'm not sure the "none" machine can replace the "dummy" machine as the
"dummy" machine can load a kernel whereas it seems the "none" one can't.

Laurent

Re: [Qemu-devel] [PATCH] migration: re-active images when migration fails to complete

[Hailiang Zhang]

On 2016/12/22 10:56, Hailiang Zhang wrote:

On 2016/12/9 4:02, Dr. David Alan Gilbert wrote:

* Hailiang Zhang (zhang.zhanghaili...@huawei.com) wrote:

Hi，

On 2016/12/6 23:24, Dr. David Alan Gilbert wrote:

* Kevin Wolf (kw...@redhat.com) wrote:

Am 19.11.2016 um 12:43 hat zhanghailiang geschrieben:

commit fe904ea8242cbae2d7e69c052c754b8f5f1ba1d6 fixed a case
which migration aborted QEMU because it didn't regain the control
of images while some errors happened.

Actually, we have another case in that error path to abort QEMU
because of the same reason:
   migration_thread()
   migration_completion()
  bdrv_inactivate_all() > inactivate images
  qemu_savevm_state_complete_precopy()
  socket_writev_buffer() > error because destination 
fails
qemu_fflush() ---> set error on migration stream
  qemu_mutex_unlock_iothread() --> unlock
   qmp_migrate_cancel() -> user cancelled migration
   migrate_set_state() --> set migrate CANCELLING


Important to note here: qmp_migrate_cancel() is executed by a concurrent
thread, it doesn't depend on any code paths in migration_completion().


   migration_completion() -> go on to fail_invalidate
   if (s->state == MIGRATION_STATUS_ACTIVE) -> Jump this branch
   migration_thread() ---> break migration loop
 vm_start() -> restart guest with inactive
   images
We failed to regain the control of images because we only regain it
while the migration state is "active", but here users cancelled the migration
when they found some errors happened (for example, libvirtd daemon is shutdown
in destination unexpectedly).

Signed-off-by: zhanghailiang 
---
migration/migration.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/migration/migration.c b/migration/migration.c
index f498ab8..0c1ee6d 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1752,7 +1752,8 @@ fail_invalidate:
/* If not doing postcopy, vm_start() will be called: let's regain
 * control on images.
 */
-if (s->state == MIGRATION_STATUS_ACTIVE) {


This if condition tries to check whether we ran the code path that
called bdrv_inactivate_all(), so that we only try to reactivate images
it if we really inactivated them first.

The problem with it is that it ignores a possible concurrent
modification of s->state.


+if (s->state == MIGRATION_STATUS_ACTIVE ||
+s->state == MIGRATION_STATUS_CANCELLING) {


This adds another state that we could end up with with a concurrent
modification, so that even in this case we undo the inactivation.

However, it is no longer limited to the cases where we inactivated the
image. It also applies to other code paths (like the postcopy one) where
we didn't inactivate images.

What saves the patch is that bdrv_invalidate_cache() is a no-op for
block devices that aren't inactivated, so calling it more often than
necessary is okay.

But then, if we're going to rely on this, it would be much better to
just remove the if altogether. I can't say whether there are any other
possible values of s->state that we should consider, and by removing the
if we would be guaranteed to catch all of them.

If we don't want to rely on it, just keep a local bool that remembers
whether we inactivated images and check that here.


Error *local_err = NULL;

bdrv_invalidate_cache_all(_err);


So in summary, this is a horrible patch because it checks the wrong
thing, and for I can't really say if it covers everything it needs to
cover, but arguably it happens to correctly fix the outcome of a
previously failing case.

Normally I would reject such a patch and require a clean solution, but
then we're on the day of -rc3, so if you can't send v2 right away, we
might not have the time for it.

Tough call...


Hmm, this case is messy; I created this function having split it out
of the main loop a couple of years back but it did get more messy
with more s->state checks; as far as I can tell it's always
done the transition to COMPLETED at the end well after the locked
section, so there's always been that chance that cancellation sneaks
in just before or just after the locked section.

Some of the bad cases that can happen:
  a) A cancel sneaks in after the ACTIVE check but before or after
the locked section;  should we reactivate the disks? Well that
depends on whether the destination actually got the full migration
stream - we don't know!
   If the destination actually starts running we must not reactivate
   the disk on the source even if the CPU is stopped.



Yes, we didn't have a mechanism to know exactly whether or not the VM in
destination 

[Qemu-devel] [PATCH V5 2/2] Add a new qmp command to do checkpoint, query xen replication status

[Zhang Chen]

We can call this qmp command to do checkpoint outside of qemu.
Like Xen colo need this function.

Signed-off-by: Zhang Chen 
Signed-off-by: Wen Congyang 
---
 docs/qmp-commands.txt | 24 
 migration/colo.c  | 17 +
 qapi-schema.json  | 50 ++
 3 files changed, 91 insertions(+)

diff --git a/docs/qmp-commands.txt b/docs/qmp-commands.txt
index d182147..a146745 100644
--- a/docs/qmp-commands.txt
+++ b/docs/qmp-commands.txt
@@ -450,6 +450,30 @@ Example:
  "arguments": {"enable": true, "primary": false} }
 <- { "return": {} }
 
+query-xen-replication-status
+
+
+Query replication status when vm is running.
+
+Arguments: None.
+
+Example:
+
+-> { "execute": "query-xen-replication-status" }
+<- { "return": { "status": "normal" } }
+
+xen-do-checkpoint
+-
+
+Xen use this command to notify replication to do checkpoint.
+
+Arguments: None.
+
+Example:
+
+-> { "execute": "xen-do-checkpoint" }
+<- { "return": {} }
+
 migrate
 ---
 
diff --git a/migration/colo.c b/migration/colo.c
index 6fc2ade..7fc9f8a 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -127,6 +127,23 @@ void qmp_xen_set_replication(bool enable, bool primary,
 }
 }
 
+ReplicationErrorResult *qmp_query_xen_replication_status(Error **errp)
+{
+Error *err = NULL;
+ReplicationErrorResult *result = g_new0(ReplicationErrorResult, 1);
+replication_get_error_all();
+result->status = err ?
+ REPLICATION_ERROR_STATUS_ERROR :
+ REPLICATION_ERROR_STATUS_NORMAL;
+error_free(err);
+return result;
+}
+
+void qmp_xen_do_checkpoint(Error **errp)
+{
+replication_do_checkpoint_all(errp);
+}
+
 static void colo_send_message(QEMUFile *f, COLOMessage msg,
   Error **errp)
 {
diff --git a/qapi-schema.json b/qapi-schema.json
index 78802f4..6c162a5 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -4695,6 +4695,56 @@
   'data': { 'enable': 'bool', 'primary': 'bool', '*failover' : 'bool' } }
 
 ##
+# @ReplicationErrorStatus
+#
+# Describe the status of replication error.
+#
+# @error: Replication have a error.
+#
+# @normal:  Replication running normal.
+#
+# Since 2.9
+##
+{ 'enum': 'ReplicationErrorStatus',
+  'data': [ 'error', 'normal' ] }
+
+##
+# @ReplicationErrorResult
+#
+# The result format for 'xen-get-replication-error'.
+#
+# @status: enum of @ReplicationErrorStatus, which shows current
+#  replication error status
+#
+# Since 2.9
+##
+{ 'struct': 'ReplicationErrorResult',
+  'data': { 'status': 'ReplicationErrorStatus'} }
+
+##
+# @query-xen-replication-status
+#
+# Query replication error that occurs when the vm is running.
+#
+# Returns: A @ReplicationErrorResult objects showing the status.
+#
+# Since: 2.9
+##
+{ 'command': 'query-xen-replication-status',
+  'returns': 'ReplicationErrorResult' }
+
+##
+# @xen-do-checkpoint
+#
+# Xen use this command to notify replication to do checkpoint.
+#
+# Returns: nothing.
+#
+# Since: 2.9
+##
+{ 'command': 'xen-do-checkpoint' }
+
+##
 # @GICCapability:
 #
 # The struct describes capability for a specific GIC (Generic
-- 
2.7.4