Re: [Qemu-devel] [PATCH] tests/prom-env: Bump the timeout, and test pseries only in slow mode

[Stefan Weil]

Am 21.09.2017 um 07:39 schrieb Thomas Huth:
> If QEMU has been compiled with the flags --enable-tcg-interpreter and
> --enable-debug, the guest is running incredibly slow. The prom-env
> test is approximately 10 times slower than normal in this case, and
> it takes up to 500 seconds until the test with the pseries machine
> finishs. While we should still look for ways to speed up the test
> on the pseries machine here, let's bump the timeout to 600 seconds to
> allow the test to pass with this unusal configuration already now.
> Also move the pseries test into the "slow" category - since it is
> really a very slow test.
> 
> Signed-off-by: Thomas Huth 
> ---
>  tests/prom-env-test.c | 14 --
>  1 file changed, 8 insertions(+), 6 deletions(-)
> 
> diff --git a/tests/prom-env-test.c b/tests/prom-env-test.c
> index eac207b..bc8b616 100644
> --- a/tests/prom-env-test.c
> +++ b/tests/prom-env-test.c
> @@ -1,7 +1,7 @@
>  /*
> - * Test OpenBIOS-based machines.
> + * Test Open-Firmware-based machines.
>   *
> - * Copyright (c) 2016 Red Hat Inc.
> + * Copyright (c) 2016, 2017 Red Hat Inc.
>   *
>   * Author:
>   *Thomas Huth 
> @@ -30,8 +30,8 @@ static void check_guest_memory(void)
>  uint32_t signature;
>  int i;
>  
> -/* Poll until code has run and modified memory. Wait at most 120 seconds 
> */
> -for (i = 0; i < 12000; ++i) {
> +/* Poll until code has run and modified memory. Wait at most 600 seconds 
> */
> +for (i = 0; i < 6; ++i) {
>  signature = readl(ADDRESS);
>  if (signature == MAGIC) {
>  break;
> @@ -78,7 +78,6 @@ int main(int argc, char *argv[])
>  const char *sparc_machines[] = { "SPARCbook", "Voyager", "SS-20", NULL };
>  const char *sparc64_machines[] = { "sun4u", NULL };
>  const char *ppc_machines[] = { "mac99", "g3beige", NULL };
> -const char *ppc64_machines[] = { "mac99", "g3beige", "pseries", NULL };
>  const char *arch = qtest_get_arch();
>  
>  g_test_init(, , NULL);
> @@ -86,7 +85,10 @@ int main(int argc, char *argv[])
>  if (!strcmp(arch, "ppc")) {
>  add_tests(ppc_machines);
>  } else if (!strcmp(arch, "ppc64")) {
> -add_tests(ppc64_machines);
> +add_tests(ppc_machines);
> +if (g_test_slow()) {
> +qtest_add_data_func("prom-env/pseries", "pseries", test_machine);
> +}
>  } else if (!strcmp(arch, "sparc")) {
>  add_tests(sparc_machines);
>  } else if (!strcmp(arch, "sparc64")) {
> 


Thanks!

Reviewed-by: Stefan Weil 

[Qemu-devel] [PATCH] tests/prom-env: Bump the timeout, and test pseries only in slow mode

[Thomas Huth]

If QEMU has been compiled with the flags --enable-tcg-interpreter and
--enable-debug, the guest is running incredibly slow. The prom-env
test is approximately 10 times slower than normal in this case, and
it takes up to 500 seconds until the test with the pseries machine
finishs. While we should still look for ways to speed up the test
on the pseries machine here, let's bump the timeout to 600 seconds to
allow the test to pass with this unusal configuration already now.
Also move the pseries test into the "slow" category - since it is
really a very slow test.

Signed-off-by: Thomas Huth 
---
 tests/prom-env-test.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/tests/prom-env-test.c b/tests/prom-env-test.c
index eac207b..bc8b616 100644
--- a/tests/prom-env-test.c
+++ b/tests/prom-env-test.c
@@ -1,7 +1,7 @@
 /*
- * Test OpenBIOS-based machines.
+ * Test Open-Firmware-based machines.
  *
- * Copyright (c) 2016 Red Hat Inc.
+ * Copyright (c) 2016, 2017 Red Hat Inc.
  *
  * Author:
  *Thomas Huth 
@@ -30,8 +30,8 @@ static void check_guest_memory(void)
 uint32_t signature;
 int i;
 
-/* Poll until code has run and modified memory. Wait at most 120 seconds */
-for (i = 0; i < 12000; ++i) {
+/* Poll until code has run and modified memory. Wait at most 600 seconds */
+for (i = 0; i < 6; ++i) {
 signature = readl(ADDRESS);
 if (signature == MAGIC) {
 break;
@@ -78,7 +78,6 @@ int main(int argc, char *argv[])
 const char *sparc_machines[] = { "SPARCbook", "Voyager", "SS-20", NULL };
 const char *sparc64_machines[] = { "sun4u", NULL };
 const char *ppc_machines[] = { "mac99", "g3beige", NULL };
-const char *ppc64_machines[] = { "mac99", "g3beige", "pseries", NULL };
 const char *arch = qtest_get_arch();
 
 g_test_init(, , NULL);
@@ -86,7 +85,10 @@ int main(int argc, char *argv[])
 if (!strcmp(arch, "ppc")) {
 add_tests(ppc_machines);
 } else if (!strcmp(arch, "ppc64")) {
-add_tests(ppc64_machines);
+add_tests(ppc_machines);
+if (g_test_slow()) {
+qtest_add_data_func("prom-env/pseries", "pseries", test_machine);
+}
 } else if (!strcmp(arch, "sparc")) {
 add_tests(sparc_machines);
 } else if (!strcmp(arch, "sparc64")) {
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH qemu v4 09/18] memory: Store physical root MR in FlatView

[Alexey Kardashevskiy]

On 21/09/17 10:02, Alexey Kardashevskiy wrote:
> On 21/09/17 03:15, Paolo Bonzini wrote:
>> On 20/09/2017 13:46, Alexey Kardashevskiy wrote:
>>> Address spaces get to keep a root MR (alias or not) but FlatView stores
>>> the actual MR as this is going to be used later on to decide whether to
>>> share a particular FlatView or not.
>>>
>>> Signed-off-by: Alexey Kardashevskiy 
>>> ---
>>> Changes:
>>> v4:
>>> * s/memory_region_unalias_entire/memory_region_get_flatview_root/
>>
>> Did you try the idea of checking for single-child regions too?
> 
> No, I did not, I do not see how I can actually measure the difference - the
> PCI and virtio root MRs or single child MRs are unique anyway, I can save
> some time by just checking for 2 @enabled flags instead of rendering a
> FlatView but rendering such cases itself is fast as well. I'll give a try
> though.

I tried. memory_region_get_flatview_root() returns a last child which still
covers the same space as the root; generate_memory_topology() checks for
@enabled first and only if it is enabled - renders a new FV (this solves
PCI busmater).

With 256 CPUs and 256 virtio devices this saves 0.1s (20.4s -> 20.3s) and
100MB of RAM (14.38G -> 14.28G) :) I'll push it out anyway.


-- 
Alexey

Re: [Qemu-devel] [PULL 00/16] Migration PULL request

[Peter Xu]

On Thu, Sep 21, 2017 at 12:10:39PM +0800, Peter Xu wrote:
> On Wed, Sep 20, 2017 at 08:32:46PM +0100, Peter Maydell wrote:
> > On 20 September 2017 at 12:42, Juan Quintela  wrote:
> > > Juan Quintela  wrote:
> > >> Hi
> > >>
> > >> To make merges easier, this includes:
> > >> - Peter Xu reviewed patches from Postocpy recovery (3)
> > >> - Alexey reviewed pages from block postcopy (4)
> > >
> > > I meaned here to include Vladimir series.  This is incomplete.
> > >
> > > Nacked myself.
> > 
> > It also fails to build on ppc64 and s390x (so probably
> > all bigendian hosts):
> > 
> > /home/pm215/qemu/util/bitmap.c: In function ‘bitmap_to_from_le’:
> > /home/pm215/qemu/util/bitmap.c:383:6: error: "__WORD_SIZE" is not
> > defined [-Werror=undef]
> >  # if __WORD_SIZE == 64
> >   ^
> 
> I'll look into this.  Thanks,

Oops... I think it should be __WORDSIZE (no "_" between "WORD" and
"SIZE").  Sorry.

Juan, do you want me to repost or you'd like to fix it directly?

-- 
Peter Xu

Re: [Qemu-devel] [RFC PATCH] NUMA: Enable adding NUMA node implicitly

[Dou Liyang]

Hi Igor,

I am sorry I missed some comments you gave to me.

my reply is below.
At 09/18/2017 05:24 PM, Dou Liyang wrote:
[...]

ranges where
  *the guest will attempt to probe for a device that QEMU doesn't
  *implement and a stub device is required.
+ * @numa_implicit_add_node0:
+ *Enable NUMA implicitly by add a NUMA node.

how about:
s/auto_enable_numa_with_memhp/


Yes, really better than me, will do it.


boolean instead, see below how it could improve patch.



I am not really sure why do we want to make this function boolean.


  */
 struct MachineClass {
 /*< private >*/
@@ -191,6 +193,8 @@ struct MachineClass {
 CpuInstanceProperties
(*cpu_index_to_instance_props)(MachineState *machine,
  unsigned
cpu_index);
 const CPUArchIdList *(*possible_cpu_arch_ids)(MachineState
*machine);
+
+void (*numa_implicit_add_node0)(void);
 };

 /**
diff --git a/vl.c b/vl.c
index fb1f05b..814a5fa 100644
--- a/vl.c
+++ b/vl.c
@@ -3030,6 +3030,7 @@ int main(int argc, char **argv, char **envp)
 Error *main_loop_err = NULL;
 Error *err = NULL;
 bool list_data_dirs = false;
+bool has_numa_config_in_CLI = false;
 typedef struct BlockdevOptions_queue {
 BlockdevOptions *bdo;
 Location loc;
@@ -3293,6 +3294,7 @@ int main(int argc, char **argv, char **envp)
 if (!opts) {
 exit(1);
 }
+has_numa_config_in_CLI = true;
 break;
 case QEMU_OPTION_display:
 display_type = select_display(optarg);
@@ -4585,6 +4587,18 @@ int main(int argc, char **argv, char **envp)
 default_drive(default_floppy, snapshot, IF_FLOPPY, 0, FD_OPTS);
 default_drive(default_sdcard, snapshot, IF_SD, 0, SD_OPTS);

+/*
+ * If memory hotplug is enabled i.e. slots > 0 and user hasn't add
+ * NUMA nodes explicitly on CLI
+ *
+ * Enable NUMA implicitly for guest to know the maximum memory
+ * from ACPI SRAT table, which is used for SWIOTLB.
+ */
+if (ram_slots > 0 && !has_numa_config_in_CLI) {
+if (machine_class->numa_implicit_add_node0) {
+machine_class->numa_implicit_add_node0();
+}
+}
 parse_numa_opts(current_machine);

it would be better to put this logic inside of parse_numa_opts()
I'd suggest to move:

current_machine->ram_size = ram_size;
current_machine->maxram_size = maxram_size;
current_machine->ram_slots = ram_slots;

before parse_numa_opts() is called, and then
handle 'memhp present+no numa on CLI" logic inside of
parse_numa_opts(). With this you won't have to track
'has_numa_config_in_CLI', drop callback numa_implicit_add_node0()
and numa nuances would be in place they are supposed to be: numa.c



Is "dropping the callback..." means :

static void auto_enable_numa_with_memhp(QemuOptsList *list)
{
...
}

void parse_numa_opts(MachineState *ms, uint64_t ram_slots)
{
QemuOptsList *numa_opts = qemu_find_opts("numa");
...
auto_enable_numa_with_memhp(numa_opts);
...
}

So, No matter what arch it is, if it support NUMA, we will enable NUMA
implicitly when it has already enabled memory hotplug by 
"slot=xx,maxmem=xx" CLI explicitly.


I am not sure that, but this bug only affects x86 as I know, seems no
need to affect other arches which support NUMA as well.

Thanks,
dou.


 if (qemu_opts_foreach(qemu_find_opts("mon"),

Re: [Qemu-devel] [PULL 00/16] Migration PULL request

[Peter Xu]

On Wed, Sep 20, 2017 at 08:32:46PM +0100, Peter Maydell wrote:
> On 20 September 2017 at 12:42, Juan Quintela  wrote:
> > Juan Quintela  wrote:
> >> Hi
> >>
> >> To make merges easier, this includes:
> >> - Peter Xu reviewed patches from Postocpy recovery (3)
> >> - Alexey reviewed pages from block postcopy (4)
> >
> > I meaned here to include Vladimir series.  This is incomplete.
> >
> > Nacked myself.
> 
> It also fails to build on ppc64 and s390x (so probably
> all bigendian hosts):
> 
> /home/pm215/qemu/util/bitmap.c: In function ‘bitmap_to_from_le’:
> /home/pm215/qemu/util/bitmap.c:383:6: error: "__WORD_SIZE" is not
> defined [-Werror=undef]
>  # if __WORD_SIZE == 64
>   ^

I'll look into this.  Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH] ppc/pnv: fix cores per chip for multiple cpus

[Nikunj A Dadhania]

David Gibson  writes:

> On Wed, Sep 20, 2017 at 12:48:55PM +0530, Nikunj A Dadhania wrote:
>> David Gibson  writes:
>> 
>> > On Wed, Sep 20, 2017 at 12:10:48PM +0530, Nikunj A Dadhania wrote:
>> >> David Gibson  writes:
>> >> 
>> >> > On Wed, Sep 20, 2017 at 10:43:19AM +0530, Nikunj A Dadhania wrote:
>> >> >> David Gibson  writes:
>> >> >> 
>> >> >> > On Wed, Sep 20, 2017 at 09:50:24AM +0530, Nikunj A Dadhania wrote:
>> >> >> >> David Gibson  writes:
>> >> >> >> 
>> >> >> >> > On Fri, Sep 15, 2017 at 02:39:16PM +0530, Nikunj A Dadhania wrote:
>> >> >> >> >> David Gibson  writes:
>> >> >> >> >> 
>> >> >> >> >> > On Fri, Sep 15, 2017 at 01:53:15PM +0530, Nikunj A Dadhania 
>> >> >> >> >> > wrote:
>> >> >> >> >> >> David Gibson  writes:
>> >> >> >> >> >> 
>> >> >> >> >> >> >> 
>> >> >> >> >> >> >> I thought, I am doing the same here for PowerNV, number of 
>> >> >> >> >> >> >> online cores
>> >> >> >> >> >> >> is equal to initial online vcpus / threads per core
>> >> >> >> >> >> >> 
>> >> >> >> >> >> >>int boot_cores_nr = smp_cpus / smp_threads;
>> >> >> >> >> >> >> 
>> >> >> >> >> >> >> Only difference that I see in PowerNV is that we have 
>> >> >> >> >> >> >> multiple chips
>> >> >> >> >> >> >> (max 2, at the moment)
>> >> >> >> >> >> >> 
>> >> >> >> >> >> >> cores_per_chip = smp_cpus / (smp_threads * 
>> >> >> >> >> >> >> pnv->num_chips);
>> >> >> >> >> >> >
>> >> >> >> >> >> > This doesn't make sense to me.  Cores per chip should 
>> >> >> >> >> >> > *always* equal
>> >> >> >> >> >> > smp_cores, you shouldn't need another calculation for it.
>> >> >> >> >> >> >
>> >> >> >> >> >> >> And in case user has provided sane smp_cores, we use it.
>> >> >> >> >> >> >
>> >> >> >> >> >> > If smp_cores isn't sane, you should simply reject it, not 
>> >> >> >> >> >> > try to fix
>> >> >> >> >> >> > it.  That's just asking for confusion.
>> >> >> >> >> >> 
>> >> >> >> >> >> This is the case where the user does not provide a 
>> >> >> >> >> >> topology(which is a
>> >> >> >> >> >> valid scenario), not sure we should reject it. So qemu 
>> >> >> >> >> >> defaults
>> >> >> >> >> >> smp_cores/smt_threads to 1. I think it makes sense to 
>> >> >> >> >> >> over-ride.
>> >> >> >> >> >
>> >> >> >> >> > If you can find a way to override it by altering smp_cores 
>> >> >> >> >> > when it's
>> >> >> >> >> > not explicitly specified, then ok.
>> >> >> >> >> 
>> >> >> >> >> Should I change the global smp_cores here as well ?
>> >> >> >> >
>> >> >> >> > I'm pretty uneasy with that option.
>> >> >> >> 
>> >> >> >> Me too.
>> >> >> >> 
>> >> >> >> > It would take a fair bit of checking to ensure that changing 
>> >> >> >> > smp_cores
>> >> >> >> > is safe here. An easier to verify option would be to make the 
>> >> >> >> > generic
>> >> >> >> > logic which splits up an unspecified -smp N into cores and sockets
>> >> >> >> > more flexible, possibly based on machine options for max values.
>> >> >> >> >
>> >> >> >> > That might still be more trouble than its worth.
>> >> >> >> 
>> >> >> >> I think the current approach is the simplest and less intrusive, as 
>> >> >> >> we
>> >> >> >> are handling a case where user has not bothered to provide a 
>> >> >> >> detailed
>> >> >> >> topology, the best we can do is create single threaded cores equal 
>> >> >> >> to
>> >> >> >> number of cores.
>> >> >> >
>> >> >> > No, sorry.  Having smp_cores not correspond to the number of cores 
>> >> >> > per
>> >> >> > chip in all cases is just not ok.  Add an error message if the
>> >> >> > topology isn't workable for powernv by all means.  But users having 
>> >> >> > to
>> >> >> > use a longer command line is better than breaking basic assumptions
>> >> >> > about what numbers reflect what topology.
>> >> >> 
>> >> >> Sorry to ask again, as I am still not convinced, we do similar
>> >> >> adjustment in spapr where the user did not provide the number of cores,
>> >> >> but qemu assumes them as single threaded cores and created
>> >> >> cores(boot_cores_nr) that were not same as smp_cores ?
>> >> >
>> >> > What?  boot_cores_nr has absolutely nothing to do with adjusting the
>> >> > topology, and it certainly doesn't assume they're single threaded.
>> >> 
>> >> When we start a TCG guest and user provides following commandline, e.g.
>> >> "-smp 4", smt_threads is set to 1 by default in vl.c. So the guest boots
>> >> with 4 cores, each having 1 thread.
>> >
>> > Ok.. and what's the problem with that behaviour on powernv?
>> 
>> As smp_thread defaults to 1 in vl.c, similarly smp_cores also has the
>> default value of 1 in vl.c. In powernv, we were setting nr-cores like
>> this:
>> 
>> object_property_set_int(chip, smp_cores, "nr-cores", _fatal);
>> 
>> Even when there were multiple cpus (-smp 4), when the guest boots up, we
>> just get 

[Qemu-devel] [Bug 1673976] Re: core dump

[Thomas Huth]

Could you please check whether the problem also occurs with QEMU v2.10?

** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1673976

Title:
  core dump

Status in QEMU:
  Incomplete

Bug description:
  I'm running a command (locale-gen) inside of an armv7h chroot mounted
  on my x86_64 desktop by putting qemu-arm-static into /usr/bin/ of the
  chroot file system and I get a core dump.

  locale-gen
  Generating locales...
    en_US.UTF-8...localedef: ../sysdeps/unix/sysv/linux/spawni.c:360: 
__spawnix: Assertion `ec >= 0' failed.
  qemu: uncaught target signal 6 (Aborted) - core dumped
  /usr/bin/locale-gen: line 41:34 Aborted (core dumped) 
localedef -i $input -c -f $charset -A /usr/share/locale/locale.alias $locale

  I've done this same thing successfully for years, but this breakage
  has appeared some time in the last 3 or so months. Possibly with the
  update to qemu version 2.8.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1673976/+subscriptions

Re: [Qemu-devel] [PATCH v3] spapr_pci: make index property mandatory

[David Gibson]

On Wed, Sep 20, 2017 at 04:46:20PM +0200, Greg Kurz wrote:
> PHBs can be created with an index property, in which case the machine
> code automatically sets all the MMIO windows at addresses derived from
> the index. Alternatively, they can be manually created without index,
> but the user has to provide addresses for all MMIO windows.
> 
> The non-index way happens to be more trouble than it's worth: it's
> difficult to use, keeps requiring (potentially incompatible) changes
> when some new parameter needs adding, and is awkward to check for
> collisions. It currently even has a bug that prevents to use two
> non-index PHBs because their child DRCs are all derived from the
> same index == -1 value, and, thus, collide.
> 
> This patch hence makes the index property mandatory. As a consequence,
> the PHB's memory regions and BUID are now always configured according
> to the index, and it is no longer possible to set them from the command
> line.
> 
> This DOES BREAK backwards compat, but we don't think the non-index
> PHB feature was used in practice (at least libvirt doesn't) and the
> simplification is worth it.
> 
> Signed-off-by: Greg Kurz 
> ---
> v2->v3: - re-write commit message
> - mem64_win_pciaddr no longer configurable
> - simplified check to map 64-bit window
> 
> v1->v2: - error out if mem64_win_pciaddr is set but mem64_win_size
>   isn't
> - set mem64_win_addr to -1 for old configuration with 32-bit
>   window below 2G in spapr_phb_realize()
> - drop instance init function
> 
> RFC->v1: - as suggested dy David, updated the changelog to explicitely
>mention that we intentionally break backwards compat.

Applied to ppc-for-2.11, thanks.

> ---

> ---
>  hw/ppc/spapr_pci.c |   62 
> +++-
>  1 file changed, 8 insertions(+), 54 deletions(-)
> 
> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
> index cf54160526fa..6126c800440f 100644
> --- a/hw/ppc/spapr_pci.c
> +++ b/hw/ppc/spapr_pci.c
> @@ -1523,16 +1523,6 @@ static void spapr_phb_realize(DeviceState *dev, Error 
> **errp)
>  sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(spapr);
>  Error *local_err = NULL;
>  
> -if ((sphb->buid != (uint64_t)-1) || (sphb->dma_liobn[0] != 
> (uint32_t)-1)
> -|| (sphb->dma_liobn[1] != (uint32_t)-1 && windows_supported == 2)
> -|| (sphb->mem_win_addr != (hwaddr)-1)
> -|| (sphb->mem64_win_addr != (hwaddr)-1)
> -|| (sphb->io_win_addr != (hwaddr)-1)) {
> -error_setg(errp, "Either \"index\" or other parameters must"
> -   " be specified for PAPR PHB, not both");
> -return;
> -}
> -
>  smc->phb_placement(spapr, sphb->index,
> >buid, >io_win_addr,
> >mem_win_addr, >mem64_win_addr,
> @@ -1541,46 +1531,20 @@ static void spapr_phb_realize(DeviceState *dev, Error 
> **errp)
>  error_propagate(errp, local_err);
>  return;
>  }
> -}
> -
> -if (sphb->buid == (uint64_t)-1) {
> -error_setg(errp, "BUID not specified for PHB");
> -return;
> -}
> -
> -if ((sphb->dma_liobn[0] == (uint32_t)-1) ||
> -((sphb->dma_liobn[1] == (uint32_t)-1) && (windows_supported > 1))) {
> -error_setg(errp, "LIOBN(s) not specified for PHB");
> -return;
> -}
> -
> -if (sphb->mem_win_addr == (hwaddr)-1) {
> -error_setg(errp, "Memory window address not specified for PHB");
> -return;
> -}
> -
> -if (sphb->io_win_addr == (hwaddr)-1) {
> -error_setg(errp, "IO window address not specified for PHB");
> +} else {
> +error_setg(errp, "\"index\" for PAPR PHB is mandatory");
>  return;
>  }
>  
>  if (sphb->mem64_win_size != 0) {
> -if (sphb->mem64_win_addr == (hwaddr)-1) {
> -error_setg(errp,
> -   "64-bit memory window address not specified for PHB");
> -return;
> -}
> -
>  if (sphb->mem_win_size > SPAPR_PCI_MEM32_WIN_SIZE) {
>  error_setg(errp, "32-bit memory window of size 0x%"HWADDR_PRIx
> " (max 2 GiB)", sphb->mem_win_size);
>  return;
>  }
>  
> -if (sphb->mem64_win_pciaddr == (hwaddr)-1) {
> -/* 64-bit window defaults to identity mapping */
> -sphb->mem64_win_pciaddr = sphb->mem64_win_addr;
> -}
> +/* 64-bit window defaults to identity mapping */
> +sphb->mem64_win_pciaddr = sphb->mem64_win_addr;
>  } else if (sphb->mem_win_size > SPAPR_PCI_MEM32_WIN_SIZE) {
>  /*
>   * For compatibility with old configuration, if no 64-bit MMIO
> @@ -1622,18 +1586,16 @@ static void spapr_phb_realize(DeviceState *dev, Error 
> **errp)
>  memory_region_add_subregion(get_system_memory(), sphb->mem_win_addr,
>  

Re: [Qemu-devel] [RFC 01/15] char-io: fix possible race on IOWatchPoll

[Peter Xu]

On Wed, Sep 20, 2017 at 12:29:21PM +0100, Daniel P. Berrange wrote:
> On Wed, Sep 20, 2017 at 07:18:49PM +0800, Peter Xu wrote:
> > On Wed, Sep 20, 2017 at 12:03:09PM +0100, Daniel P. Berrange wrote:
> > > On Wed, Sep 20, 2017 at 06:49:58PM +0800, Peter Xu wrote:
> > > > On Wed, Sep 20, 2017 at 10:14:38AM +0100, Daniel P. Berrange wrote:
> > > > > On Wed, Sep 20, 2017 at 05:09:26PM +0800, Peter Xu wrote:
> > > > > > On Wed, Sep 20, 2017 at 08:57:03AM +0100, Daniel P. Berrange wrote:
> > > > > > > On Thu, Sep 14, 2017 at 03:50:22PM +0800, Peter Xu wrote:
> > > > > > > > This is not a problem if we are only having one single loop 
> > > > > > > > thread like
> > > > > > > > before.  However, after per-monitor thread is introduced, this 
> > > > > > > > is not
> > > > > > > > true any more, and the race can happen.
> > > > > > > > 
> > > > > > > > The race can be triggered with "make check -j8" sometimes:
> > > > > > > > 
> > > > > > > >   qemu-system-x86_64: /root/git/qemu/chardev/char-io.c:91:
> > > > > > > >   io_watch_poll_finalize: Assertion `iwp->src == NULL' failed.
> > > > > > > > 
> > > > > > > > This patch keeps the reference for the watch object when 
> > > > > > > > creating in
> > > > > > > > io_add_watch_poll(), so that the object will never be released 
> > > > > > > > in the
> > > > > > > > context main loop, especially when the context loop is running 
> > > > > > > > in
> > > > > > > > another standalone thread.  Meanwhile, when we want to remove 
> > > > > > > > the watch
> > > > > > > > object, we always first detach the watch object from its owner 
> > > > > > > > context,
> > > > > > > > then we continue with the cleanup.
> > > > > > > > 
> > > > > > > > Without this patch, calling io_remove_watch_poll() in main loop 
> > > > > > > > thread
> > > > > > > > is not thread-safe, since the other per-monitor thread may be 
> > > > > > > > modifying
> > > > > > > > the watch object at the same time.
> > > > > > > 
> > > > > > > This doesn't feel right to me. Why is the main loop thread doing 
> > > > > > > anything
> > > > > > > at all with the Chardev, if there is a per-monitor thread ? The 
> > > > > > > Chardev
> > > > > > > code isn't thread safe so it isn't safe to have two separate 
> > > > > > > threads
> > > > > > > accessing the same Chardev. IOW, if we want a per-monitor thread, 
> > > > > > > then
> > > > > > > we must make sure the main thread never touches that monitor's 
> > > > > > > chardev
> > > > > > > at all.  While your patch here might have avoided the assertion 
> > > > > > > you
> > > > > > > mention above, I fear this is just papering over a fundamental 
> > > > > > > problem
> > > > > > > that still exists, that can only be solved by not letting the 
> > > > > > > mainloop
> > > > > > > touch the chardev at all.
> > > > > > 
> > > > > > The stack I encountered:
> > > > > > 
> > > > > > #0  0x7f658234c765 in __GI_raise (sig=sig@entry=6) at 
> > > > > > ../sysdeps/unix/sysv/linux/raise.c:54
> > > > > > #1  0x7f658234e36a in __GI_abort () at abort.c:89
> > > > > > #2  0x7f6582344f97 in __assert_fail_base (fmt=, 
> > > > > > assertion=assertion@entry=0x55c76345fce1 "iwp->src == NULL", 
> > > > > > file=file@entry=0x55c76345fcc0 "/root/git/qemu/chardev/char-io.c", 
> > > > > > line=line@entry=91, function=function@entry=0x55c76345fd10 
> > > > > > <__PRETTY_FUNCTION__.21863> "io_watch_poll_finalize") at assert.c:92
> > > > > > #3  0x7f6582345042 in __GI___assert_fail 
> > > > > > (assertion=0x55c76345fce1 "iwp->src == NULL", file=0x55c76345fcc0 
> > > > > > "/root/git/qemu/chardev/char-io.c", line=91, 
> > > > > > function=0x55c76345fd10 <__PRETTY_FUNCTION__.21863> 
> > > > > > "io_watch_poll_finalize") at assert.c:101
> > > > > > #4  0x55c7632c2be5 in io_watch_poll_finalize 
> > > > > > (source=0x55c7651cd450) at /root/git/qemu/chardev/char-io.c:91
> > > > > > #5  0x7f65847bb859 in g_source_unref_internal () at 
> > > > > > /lib64/libglib-2.0.so.0
> > > > > > #6  0x7f65847bca29 in g_source_destroy_internal () at 
> > > > > > /lib64/libglib-2.0.so.0
> > > > > > #7  0x55c7632c2d30 in io_remove_watch_poll 
> > > > > > (source=0x55c7651cd450) at /root/git/qemu/chardev/char-io.c:139
> > > > > > #8  0x55c7632c2d5c in remove_fd_in_watch (chr=0x55c7651ccdf0) 
> > > > > > at /root/git/qemu/chardev/char-io.c:145
> > > > > > #9  0x55c7632c2368 in qemu_chr_fe_set_handlers 
> > > > > > (b=0x55c7651f6410, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, 
> > > > > > be_change=0x0, opaque=0x0, context=0x0, set_open=true)
> > > > > > at /root/git/qemu/chardev/char-fe.c:267
> > > > > > #10 0x55c7632c2221 in qemu_chr_fe_deinit (b=0x55c7651f6410, 
> > > > > > del=false) at /root/git/qemu/chardev/char-fe.c:231
> > > > > > #11 0x55c762e2b15c in monitor_data_destroy (mon=0x55c7651f6410) 
> > > > > > at /root/git/qemu/monitor.c:600
> > > > > > #12 0x55c762e340ec in monitor_cleanup () at 
> > > > > > /root/git/qemu/monitor.c:4346
> > > > > > #13 

Re: [Qemu-devel] [PATCH V2] add migration capability to bypass the shared memory

[Zhang Haoyu]

Hi Jiangshan,

Any update from this patch?

Thanks,
Zhang Haoyu

On 2016/8/11 22:45, Lai Jiangshan wrote:
> Note, the old local migration patchset:
> https://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00073.html
> 
> this patch can be considered as a new local migration implementation,
> but with more restrictions (the memory must set shared when boot the qemu)
> 

Re: [Qemu-devel] block ais migration for machines <= 2.9

[Yi Min Zhao]

在 2017/9/21 上午12:04, Dr. David Alan Gilbert 写道:

* Christian Borntraeger (borntrae...@de.ibm.com) wrote:

Something like the following seems to do the tricks.
Needs proper patch description, review, full test with different kernel 
versions.

Without knowing anything about 'ais' - will this break migration from
2.10 -> 2.10+this fix?

I think it doesn't break. I will have a try later.


Dave


diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 1c7af39..2ff32ba 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -212,6 +212,7 @@ static void ccw_machine_class_init(ObjectClass *oc, void 
*data)
  s390mc->cpu_model_allowed = true;
  s390mc->css_migration_enabled = true;
  s390mc->gs_allowed = true;
+s390mc->ais_allowed = true;
  mc->init = ccw_init;
  mc->reset = s390_machine_reset;
  mc->hot_add_cpu = s390_hot_add_cpu;
@@ -305,6 +306,11 @@ bool gs_allowed(void)
  return false;
  }
  
+bool ais_allowed(void)

+{
+return get_machine_class()->ais_allowed;
+}
+
  static char *machine_get_loadparm(Object *obj, Error **errp)
  {
  S390CcwMachineState *ms = S390_CCW_MACHINE(obj);
@@ -533,6 +539,7 @@ static void ccw_machine_2_9_class_options(MachineClass *mc)
  S390CcwMachineClass *s390mc = S390_MACHINE_CLASS(mc);
  
  s390mc->gs_allowed = false;

+s390mc->ais_allowed = false;
  ccw_machine_2_10_class_options(mc);
  SET_MACHINE_COMPAT(mc, CCW_COMPAT_2_9);
  s390mc->css_migration_enabled = false;
diff --git a/include/hw/s390x/s390-virtio-ccw.h 
b/include/hw/s390x/s390-virtio-ccw.h
index 41a9d28..bba8660 100644
--- a/include/hw/s390x/s390-virtio-ccw.h
+++ b/include/hw/s390x/s390-virtio-ccw.h
@@ -41,6 +41,7 @@ typedef struct S390CcwMachineClass {
  bool cpu_model_allowed;
  bool css_migration_enabled;
  bool gs_allowed;
+bool ais_allowed;
  } S390CcwMachineClass;
  
  /* runtime-instrumentation allowed by the machine */

@@ -49,6 +50,8 @@ bool ri_allowed(void);
  bool cpu_model_allowed(void);
  /* guarded-storage allowed by the machine */
  bool gs_allowed(void);
+/* ais allowed by the machine */
+bool ais_allowed(void);
  
  /**

   * Returns true if (vmstate based) migration of the channel subsystem
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index c4c5791..531d474 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -309,7 +309,9 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
  }
  
  /* Try to enable AIS facility */

-kvm_vm_enable_cap(s, KVM_CAP_S390_AIS, 0);
+if (ais_allowed()) {
+   kvm_vm_enable_cap(s, KVM_CAP_S390_AIS, 0);
+}
  
  qemu_mutex_init(_sigp_mutex);




--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PULL 2/2] xen/pt: allow QEMU to request MSI unmasking at bind time

[Stefano Stabellini]

From: Roger Pau Monne 

When a MSI interrupt is bound to a guest using
xc_domain_update_msi_irq (XEN_DOMCTL_bind_pt_irq) the interrupt is
left masked by default.

This causes problems with guests that first configure interrupts and
clean the per-entry MSIX table mask bit and afterwards enable MSIX
globally. In such scenario the Xen internal msixtbl handlers would not
detect the unmasking of MSIX entries because vectors are not yet
registered since MSIX is not enabled, and vectors would be left
masked.

Introduce a new flag in the gflags field to signal Xen whether a MSI
interrupt should be unmasked after being bound.

This also requires to track the mask register for MSI interrupts, so
QEMU can also notify to Xen whether the MSI interrupt should be bound
masked or unmasked

Signed-off-by: Roger Pau Monné 
Reviewed-by: Jan Beulich 
Reported-by: Andreas Kinzler 
Reviewed-by: Stefano Stabellini 
Signed-off-by: Stefano Stabellini 
---
 hw/xen/xen_pt.h |  1 +
 hw/xen/xen_pt_config_init.c | 20 ++--
 hw/xen/xen_pt_msi.c | 13 ++---
 3 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
index 191d9ca..aa39a9a 100644
--- a/hw/xen/xen_pt.h
+++ b/hw/xen/xen_pt.h
@@ -180,6 +180,7 @@ typedef struct XenPTMSI {
 uint32_t addr_hi;  /* guest message upper address */
 uint16_t data; /* guest message data */
 uint32_t ctrl_offset; /* saved control offset */
+uint32_t mask; /* guest mask bits */
 int pirq;  /* guest pirq corresponding */
 bool initialized;  /* when guest MSI is initialized */
 bool mapped;   /* when pirq is mapped */
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index 1f04ec5..a3ce33e 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -1315,6 +1315,22 @@ static int 
xen_pt_msgdata_reg_write(XenPCIPassthroughState *s,
 return 0;
 }
 
+static int xen_pt_mask_reg_write(XenPCIPassthroughState *s, XenPTReg 
*cfg_entry,
+ uint32_t *val, uint32_t dev_value,
+ uint32_t valid_mask)
+{
+int rc;
+
+rc = xen_pt_long_reg_write(s, cfg_entry, val, dev_value, valid_mask);
+if (rc) {
+return rc;
+}
+
+s->msi->mask = *val;
+
+return 0;
+}
+
 /* MSI Capability Structure reg static information table */
 static XenPTRegInfo xen_pt_emu_reg_msi[] = {
 /* Next Pointer reg */
@@ -1393,7 +1409,7 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
 .emu_mask   = 0x,
 .init   = xen_pt_mask_reg_init,
 .u.dw.read  = xen_pt_long_reg_read,
-.u.dw.write = xen_pt_long_reg_write,
+.u.dw.write = xen_pt_mask_reg_write,
 },
 /* Mask reg (if PCI_MSI_FLAGS_MASKBIT set, for 64-bit devices) */
 {
@@ -1404,7 +1420,7 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
 .emu_mask   = 0x,
 .init   = xen_pt_mask_reg_init,
 .u.dw.read  = xen_pt_long_reg_read,
-.u.dw.write = xen_pt_long_reg_write,
+.u.dw.write = xen_pt_mask_reg_write,
 },
 /* Pending reg (if PCI_MSI_FLAGS_MASKBIT set, for 32-bit devices) */
 {
diff --git a/hw/xen/xen_pt_msi.c b/hw/xen/xen_pt_msi.c
index ff9a79f..6d1e3bd 100644
--- a/hw/xen/xen_pt_msi.c
+++ b/hw/xen/xen_pt_msi.c
@@ -24,6 +24,7 @@
 #define XEN_PT_GFLAGS_SHIFT_DM 9
 #define XEN_PT_GFLAGSSHIFT_DELIV_MODE 12
 #define XEN_PT_GFLAGSSHIFT_TRG_MODE   15
+#define XEN_PT_GFLAGSSHIFT_UNMASKED   16
 
 #define latch(fld) latch[PCI_MSIX_ENTRY_##fld / sizeof(uint32_t)]
 
@@ -155,7 +156,8 @@ static int msi_msix_update(XenPCIPassthroughState *s,
int pirq,
bool is_msix,
int msix_entry,
-   int *old_pirq)
+   int *old_pirq,
+   bool masked)
 {
 PCIDevice *d = >dev;
 uint8_t gvec = msi_vector(data);
@@ -171,6 +173,8 @@ static int msi_msix_update(XenPCIPassthroughState *s,
 table_addr = s->msix->mmio_base_addr;
 }
 
+gflags |= masked ? 0 : (1u << XEN_PT_GFLAGSSHIFT_UNMASKED);
+
 rc = xc_domain_update_msi_irq(xen_xc, xen_domid, gvec,
   pirq, gflags, table_addr);
 
@@ -273,8 +277,10 @@ int xen_pt_msi_setup(XenPCIPassthroughState *s)
 int xen_pt_msi_update(XenPCIPassthroughState *s)
 {
 XenPTMSI *msi = s->msi;
+
+/* Current MSI emulation in QEMU only supports 1 vector */
 return msi_msix_update(s, msi_addr64(msi), msi->data, msi->pirq,
-   false, 0, >pirq);
+   false, 0, >pirq, msi->mask & 1);
 }
 
 void xen_pt_msi_disable(XenPCIPassthroughState *s)
@@ -355,7 +361,8 @@ static int xen_pt_msix_update_one(XenPCIPassthroughState 

[Qemu-devel] [PULL 1/2] xen-disk: use g_new0 to fix build

[Stefano Stabellini]

From: Olaf Hering 

g_malloc0_n is available since glib-2.24. To allow build with older glib
versions use the generic g_new0, which is already used in many other
places in the code.

Fixes commit 3284fad728 ("xen-disk: add support for multi-page shared rings")

Signed-off-by: Olaf Hering 
Reviewed-by: Stefano Stabellini 
Signed-off-by: Stefano Stabellini 
---
 hw/block/xen_disk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index d42ed70..536e2ee 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -1232,7 +1232,7 @@ static int blk_connect(struct XenDevice *xendev)
 return -1;
 }
 
-domids = g_malloc0_n(blkdev->nr_ring_ref, sizeof(uint32_t));
+domids = g_new0(uint32_t, blkdev->nr_ring_ref);
 for (i = 0; i < blkdev->nr_ring_ref; i++) {
 domids[i] = blkdev->xendev.dom;
 }
-- 
1.9.1

[Qemu-devel] [PULL 0/2] xen-20170920-tag

[Stefano Stabellini]

The following changes since commit b62b7ed0fc9c58e373b8946c9bd2e193be98dae6:

  Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging 
(2017-09-20 20:33:48 +0100)

are available in the git repository at:


  git://xenbits.xen.org/people/sstabellini/qemu-dm.git tags/xen-20170920-tag

for you to fetch changes up to a8036336609d2e184fc3543a4c439c0ba7d7f3a2:

  xen/pt: allow QEMU to request MSI unmasking at bind time (2017-09-20 19:05:27 
-0700)


Xen 2017/09/20


Olaf Hering (1):
  xen-disk: use g_new0 to fix build

Roger Pau Monne (1):
  xen/pt: allow QEMU to request MSI unmasking at bind time

 hw/block/xen_disk.c |  2 +-
 hw/xen/xen_pt.h |  1 +
 hw/xen/xen_pt_config_init.c | 20 ++--
 hw/xen/xen_pt_msi.c | 13 ++---
 4 files changed, 30 insertions(+), 6 deletions(-)

Re: [Qemu-devel] [PATCH] virtio/vhost: reset dev->log after syncing

[Jason Wang]

On 2017年09月21日 02:53, Felipe Franciosi wrote:

vhost_log_put() is called to decomission the dirty log between qemu and
a vhost device when stopping the device. Such a call can happen from
migration_completion().

Present code sets dev->log_size to zero too early in vhost_log_put(),
causing the sync check to always return false. As a consequence, the
last pass on the dirty bitmap never happens at the end of migration.

If a vhost device was busy (writing to guest memory) until the last
moments before vhost_virtqueue_stop(), this error will result in guest
memory corruption (at least) following migrations.

Signed-off-by: Felipe Franciosi 
---
  hw/virtio/vhost.c |5 +++--
  1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 5fd69f0..ddc42f0 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -375,8 +375,6 @@ static void vhost_log_put(struct vhost_dev *dev, bool sync)
  if (!log) {
  return;
  }
-dev->log = NULL;
-dev->log_size = 0;
  
  --log->refcnt;

  if (log->refcnt == 0) {
@@ -396,6 +394,9 @@ static void vhost_log_put(struct vhost_dev *dev, bool sync)
  
  g_free(log);

  }
+
+dev->log = NULL;
+dev->log_size = 0;
  }
  
  static bool vhost_dev_log_is_shared(struct vhost_dev *dev)


Cc: qemu-sta...@nongnu.org

Acked-by: Jason Wang 

Thanks

[Qemu-devel] [PATCH v2] ide: fix enum comparison for gcc 4.7

[John Snow]

Apparently GCC gets bent over comparing enum values against zero.
Replace the conditional with something less readable.

Tested-by: Mark Cave-Ayland 
Signed-off-by: John Snow 

---

v2: Second verse, same as the first.
Signed-off-by: John Snow 
---
 hw/ide/ahci.c | 2 +-
 hw/ide/core.c | 2 +-
 include/hw/ide/internal.h | 3 +--
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 24c65df..32d1296 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -184,7 +184,7 @@ static void ahci_check_irq(AHCIState *s)
 static void ahci_trigger_irq(AHCIState *s, AHCIDevice *d,
  enum AHCIPortIRQ irqbit)
 {
-g_assert(irqbit >= 0 && irqbit < 32);
+g_assert((unsigned)irqbit < 32);
 uint32_t irq = 1U << irqbit;
 uint32_t irqstat = d->port_regs.irq_stat | irq;
 
diff --git a/hw/ide/core.c b/hw/ide/core.c
index a19bd90..d63eb4a 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -68,7 +68,7 @@ const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = {
 
 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval)
 {
-if (enval >= IDE_DMA__BEGIN && enval < IDE_DMA__COUNT) {
+if ((unsigned)enval < IDE_DMA__COUNT) {
 return IDE_DMA_CMD_lookup[enval];
 }
 return "DMA UNKNOWN CMD";
diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h
index 180e00e..e641012 100644
--- a/include/hw/ide/internal.h
+++ b/include/hw/ide/internal.h
@@ -333,8 +333,7 @@ struct unreported_events {
 };
 
 enum ide_dma_cmd {
-IDE_DMA__BEGIN = 0,
-IDE_DMA_READ = IDE_DMA__BEGIN,
+IDE_DMA_READ = 0,
 IDE_DMA_WRITE,
 IDE_DMA_TRIM,
 IDE_DMA_ATAPI,
-- 
2.9.5

Re: [Qemu-devel] [RFC PATCH v2 18/21] ppc/xive: add device tree support

[David Gibson]

On Wed, Sep 20, 2017 at 02:26:32PM +0200, Cédric Le Goater wrote:
> On 09/19/2017 10:44 AM, David Gibson wrote:
> > On Mon, Sep 11, 2017 at 07:12:32PM +0200, Cédric Le Goater wrote:
> >> Like for XICS, the XIVE interface for the guest is described in the
> >> device tree under the "interrupt-controller" node. A couple of new
> >> properties are specific to XIVE :
> >>
> >>  - "reg"
> >>
> >>contains the base address and size of the thread interrupt
> >>managnement areas (TIMA), also called rings, for the User level and
> >>for the Guest OS level. Only the Guest OS level is taken into
> >>account today.
> >>
> >>  - "ibm,xive-eq-sizes"
> >>
> >>the size of the event queues. One cell per size supported, contains
> >>log2 of size, in ascending order.
> >>
> >>  - "ibm,xive-lisn-ranges"
> >>
> >>the interrupt numbers ranges assigned to the guest. These are
> >>allocated using a simple bitmap.
> >>
> >> and also under the root node :
> >>
> >>  - "ibm,plat-res-int-priorities"
> >>
> >>contains a list of priorities that the hypervisor has reserved for
> >>its own use. Simulate ranges as defined by the PowerVM Hypervisor.
> >>
> >> Signed-off-by: Cédric Le Goater 
> >> ---
> >>  hw/intc/spapr_xive_hcall.c  | 54 
> >> +
> >>  include/hw/ppc/spapr_xive.h |  1 +
> >>  2 files changed, 55 insertions(+)
> >>
> >> diff --git a/hw/intc/spapr_xive_hcall.c b/hw/intc/spapr_xive_hcall.c
> >> index 4c77b65683de..7b19ea6373dd 100644
> >> --- a/hw/intc/spapr_xive_hcall.c
> >> +++ b/hw/intc/spapr_xive_hcall.c
> >> @@ -874,3 +874,57 @@ void spapr_xive_hcall_init(sPAPRMachineState *spapr)
> >>  spapr_register_hypercall(H_INT_SYNC, h_int_sync);
> >>  spapr_register_hypercall(H_INT_RESET, h_int_reset);
> >>  }
> >> +
> >> +void spapr_xive_populate(sPAPRXive *xive, void *fdt, uint32_t phandle)
> >> +{
> >> +int node;
> >> +uint64_t timas[2 * 2];
> >> +uint32_t lisn_ranges[] = {
> >> +cpu_to_be32(xive->nr_irqs - xive->nr_targets + xive->ics->offset),
> >> +cpu_to_be32(xive->nr_targets),
> >> +};
> >> +uint32_t eq_sizes[] = {
> >> +cpu_to_be32(12), /* 4K */
> >> +cpu_to_be32(16), /* 64K */
> >> +cpu_to_be32(21), /* 2M */
> >> +cpu_to_be32(24), /* 16M */
> >> +};
> >> +
> >> +/* Use some ranges to exercise the Linux driver, which should
> >> + * result in Linux choosing priority 6. This is not strictly
> >> + * necessary
> >> + */
> >> +uint32_t reserved_priorities[] = {
> >> +cpu_to_be32(1),  /* start */
> >> +cpu_to_be32(2),  /* count */
> >> +cpu_to_be32(7),  /* start */
> >> +cpu_to_be32(0xf8),  /* count */
> >> +};
> >> +int i;
> >> +
> >> +/* Thread Interrupt Management Areas : User and OS */
> >> +for (i = 0; i < 2; i++) {
> >> +timas[i * 2] = cpu_to_be64(xive->tm_base + i * (1 << 
> >> xive->tm_shift));
> >> +timas[i * 2 + 1] = cpu_to_be64(1 << xive->tm_shift);
> >> +}
> >> +
> >> +_FDT(node = fdt_add_subnode(fdt, 0, "interrupt-controller"));
> >> +
> >> +_FDT(fdt_setprop_string(fdt, node, "name", "interrupt-controller"));
> > 
> > Shouldn't need this - SLOF will figure it out from the node name above.
> 
> It is in the specs. phyp has it. we might as well keep it.

You misunderstand.  SLOF will *create* the name property based on the
node name.  Adding it here has *no effect*.

> >> +_FDT(fdt_setprop_string(fdt, node, "device_type", "power-ivpe"));
> >> +_FDT(fdt_setprop(fdt, node, "reg", timas, sizeof(timas)));
> >> +
> >> +_FDT(fdt_setprop_string(fdt, node, "compatible", "ibm,power-ivpe"));
> >> +_FDT(fdt_setprop(fdt, node, "ibm,xive-eq-sizes", eq_sizes,
> >> + sizeof(eq_sizes)));
> >> +_FDT(fdt_setprop(fdt, node, "ibm,xive-lisn-ranges", lisn_ranges,
> >> + sizeof(lisn_ranges)));
> > 
> > I note this doesn't have the interrupt-controller or #interrupt-cells
> > properties.  So what acts as the interrupt parent for all the devices
> > in the tree with XIVE?
> 
> these properties are not in the specs anymore for the interrupt-controller
> node and I don't think Linux makes use of them (even for XICS). So 
> it just works fine.

Um.. what!?  Are you saying that the PAPR XIVE spec completely broke
how interrupt specifiers have worked in the device tree since forever?

And I'm pretty sure Linux does make use of them.  Without
#interrupt-cells, there's no way it can properly interpret the
interrupts properties in the device nodes.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [RFC PATCH v2 00/21] Guest exploitation of the XIVE interrupt controller (POWER9)

[David Gibson]

On Wed, Sep 20, 2017 at 02:33:37PM +0200, Cédric Le Goater wrote:
> On 09/19/2017 10:46 AM, David Gibson wrote:
> > On Tue, Sep 19, 2017 at 06:20:20PM +1000, David Gibson wrote:
> >> On Mon, Sep 11, 2017 at 07:12:14PM +0200, Cédric Le Goater wrote:
> >>> On a POWER9 sPAPR machine, the Client Architecture Support (CAS)
> >>> negotiation process determines whether the guest operates with an
> >>> interrupt controller using the XICS legacy model, as found on POWER8,
> >>> or in XIVE exploitation mode, the newer POWER9 interrupt model. This
> >>> patchset is a proposal to add XIVE support in POWER9 sPAPR machine.
> >>>
> >>> Follows a model for the XIVE interrupt controller and support for the
> >>> Hypervisor's calls which are used to configure the interrupt sources
> >>> and the event/notification queues of the guest. The last patch
> >>> integrates XIVE in the sPAPR machine.
> >>>
> >>> Code is here:
> >>
> >>
> >> An overall comment:
> >>
> >> I note in several replies here that I think the way XICS objects are
> >> re-used for XIVE is really ugly, and I think it will make future
> >> maintenance pretty painful.
> 
> I agree. That was one way to identify what we need for migration 
> compatibility and CAS reset.   
> 
> >> I'm thinking maybe trying to support the CAS negotiation of interrupt
> >> controller from day 1 is warping the design.  A better approach might
> >> be first to implement XIVE only when given a specific machine option -
> >> guest gets one or the other and can't negotiate.
> 
> ok. 
> 
> CAS is not the most complex problem, we mostly need to share 
> the ICSIRQState array and the source offset. migration from older
> machine is a problem.

Uh.. what?  Migration from an older machine isn't a thing.  We can
migrate from an older qemu, but the machine type (and version) has to
be identical at each end.  That's *why* we keep around the older
machine types on newer qemus.

> We are doomed to keep the existing XICS
> framework available.
> 
> >> That should allow a more natural XIVE design to emerge, *then* we can
> >> look at what's necessary to make boot-time negotiation possible.
> > 
> > Actually, it just occurred to me that we might be making life hard for
> > ourselves by trying to actually switch between full XICS and XIVE
> > models.  Coudln't we have new machine types always construct the XIVE
> > infrastructure, 
> 
> yes.
> 
> > but then implement the XICS RTAS and hcalls in terms of the XIVE virtual 
> > hardware.
> 
> ok but migration will not be supported.

Right, this would only be for newer machine types, and you can never
migrate between different machine types.

> > Since something more or less equivalent
> > has already been done in both OPAL and the host kernel, I'm guessing
> > this shouldn't be too hard at this point.
> 
> Indeed that is how it is working currently on P9 kvm guests. hcalls are
> implemented on top of XIVE native.
> 
> Thanks,
> 
> 
> C.
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH 1/2] ide: generic ide_data_read

[John Snow]

Signed-off-by: John Snow 
---
 hw/ide/core.c | 99 +--
 hw/ide/trace-events   |  4 +-
 include/hw/ide/internal.h |  3 +-
 3 files changed, 49 insertions(+), 57 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index a19bd90..393f523 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2266,6 +2266,49 @@ static bool ide_is_pio_out(IDEState *s)
 abort();
 }
 
+uint32_t ide_data_read(void *opaque, uint32_t addr, short nbytes)
+{
+IDEBus *bus = opaque;
+IDEState *s = idebus_active_if(bus);
+uint8_t *p;
+int ret;
+
+g_assert(nbytes == 2 || nbytes == 4);
+
+/* PIO data access allowed only when DRQ bit is set. The result of a read
+ * during PIO in is indeterminate, return 0 and don't move forward. */
+if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
+ret = 0;
+goto out;
+}
+
+p = s->data_ptr;
+if (p + nbytes > s->data_end) {
+ret = 0;
+goto out;
+}
+
+if (nbytes == 2) {
+ret = cpu_to_le16(*(uint16_t *)p);
+} else if (nbytes == 4) {
+ret = cpu_to_le32(*(uint32_t *)p);
+} else {
+ret = 0;
+goto out;
+}
+
+p += nbytes;
+s->data_ptr = p;
+if (p >= s->data_end) {
+s->status &= ~DRQ_STAT;
+s->end_transfer_func(s);
+}
+
+ out:
+trace_ide_data_read(addr, nbytes, ret, bus, s);
+return ret;
+}
+
 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
 {
 IDEBus *bus = opaque;
@@ -2296,32 +2339,7 @@ void ide_data_writew(void *opaque, uint32_t addr, 
uint32_t val)
 
 uint32_t ide_data_readw(void *opaque, uint32_t addr)
 {
-IDEBus *bus = opaque;
-IDEState *s = idebus_active_if(bus);
-uint8_t *p;
-int ret;
-
-/* PIO data access allowed only when DRQ bit is set. The result of a read
- * during PIO in is indeterminate, return 0 and don't move forward. */
-if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
-return 0;
-}
-
-p = s->data_ptr;
-if (p + 2 > s->data_end) {
-return 0;
-}
-
-ret = cpu_to_le16(*(uint16_t *)p);
-p += 2;
-s->data_ptr = p;
-if (p >= s->data_end) {
-s->status &= ~DRQ_STAT;
-s->end_transfer_func(s);
-}
-
-trace_ide_data_readw(addr, ret, bus, s);
-return ret;
+return ide_data_read(opaque, addr, 2);
 }
 
 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
@@ -2354,34 +2372,7 @@ void ide_data_writel(void *opaque, uint32_t addr, 
uint32_t val)
 
 uint32_t ide_data_readl(void *opaque, uint32_t addr)
 {
-IDEBus *bus = opaque;
-IDEState *s = idebus_active_if(bus);
-uint8_t *p;
-int ret;
-
-/* PIO data access allowed only when DRQ bit is set. The result of a read
- * during PIO in is indeterminate, return 0 and don't move forward. */
-if (!(s->status & DRQ_STAT) || !ide_is_pio_out(s)) {
-ret = 0;
-goto out;
-}
-
-p = s->data_ptr;
-if (p + 4 > s->data_end) {
-return 0;
-}
-
-ret = cpu_to_le32(*(uint32_t *)p);
-p += 4;
-s->data_ptr = p;
-if (p >= s->data_end) {
-s->status &= ~DRQ_STAT;
-s->end_transfer_func(s);
-}
-
-out:
-trace_ide_data_readl(addr, ret, bus, s);
-return ret;
+return ide_data_read(opaque, addr, 4);
 }
 
 static void ide_dummy_transfer_stop(IDEState *s)
diff --git a/hw/ide/trace-events b/hw/ide/trace-events
index 601bd97..e42c428 100644
--- a/hw/ide/trace-events
+++ b/hw/ide/trace-events
@@ -7,10 +7,10 @@ ide_ioport_write(uint32_t addr, const char *reg, uint32_t 
val, void *bus, void *
 ide_status_read(uint32_t addr, uint32_t val, void *bus, void *s)   
"IDE PIO rd @ 0x%"PRIx32" (Alt Status); val 0x%02"PRIx32"; bus %p; IDEState 
%p"
 ide_cmd_write(uint32_t addr, uint32_t val, void *bus)  
"IDE PIO wr @ 0x%"PRIx32" (Device Control); val 0x%02"PRIx32"; bus %p"
 # Warning: verbose
-ide_data_readw(uint32_t addr, uint32_t val, void *bus, void *s)
"IDE PIO rd @ 0x%"PRIx32" (Data: Word); val 0x%04"PRIx32"; bus %p; IDEState 
%p"
 ide_data_writew(uint32_t addr, uint32_t val, void *bus, void *s)   
"IDE PIO wr @ 0x%"PRIx32" (Data: Word); val 0x%04"PRIx32"; bus %p; IDEState 
%p"
-ide_data_readl(uint32_t addr, uint32_t val, void *bus, void *s)
"IDE PIO rd @ 0x%"PRIx32" (Data: Long); val 0x%08"PRIx32"; bus %p; IDEState 
%p"
 ide_data_writel(uint32_t addr, uint32_t val, void *bus, void *s)   
"IDE PIO wr @ 0x%"PRIx32" (Data: Long); val 0x%08"PRIx32"; bus %p; IDEState 
%p"
+ide_data_read(uint32_t addr, short nbytes, uint32_t val, void *bus, void *s)   
"IDE PIO rd @ 0x%"PRIx32" (Data: %d bytes); val 0x%08"PRIx32"; bus %p; 
IDEState %p"
+
 # misc
 ide_exec_cmd(void *bus, void *state, uint32_t cmd) "IDE exec cmd: bus %p; 
state %p; cmd 0x%02x"
 ide_cancel_dma_sync_buffered(void *fn, void *req) 

[Qemu-devel] [PATCH 0/2] IDE: combine portio r/w functions

[John Snow]

Mark, here's a quick sketch for you. There are two things I don't like,
but didn't care enough to fix:

(1) Restricting nbytes to 2 or 4 means some extra boilerplate
to quiet compilers who don't know it will only ever be 2 or 4
(2) the address value is all-but-ignored, it carries over from the
portio signature and is useful primarily for tracing, but it's
a little ugly/deceiving to take a parameter and not use it.

Suggested-by: Mark Cave-Ayland 

John Snow (2):
  ide: generic ide_data_read
  ide: generic ide_data_write

 hw/ide/core.c | 185 +-
 hw/ide/trace-events   |   7 +-
 include/hw/ide/internal.h |   4 +-
 3 files changed, 89 insertions(+), 107 deletions(-)

-- 
2.9.5

[Qemu-devel] [PATCH 2/2] ide: generic ide_data_write

[John Snow]

Signed-off-by: John Snow 
---
 hw/ide/core.c | 86 +--
 hw/ide/trace-events   |  3 +-
 include/hw/ide/internal.h |  1 +
 3 files changed, 40 insertions(+), 50 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 393f523..af49de5 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2266,6 +2266,42 @@ static bool ide_is_pio_out(IDEState *s)
 abort();
 }
 
+void ide_data_write(void *opaque, uint32_t addr, short nbytes, uint32_t val)
+{
+IDEBus *bus = opaque;
+IDEState *s = idebus_active_if(bus);
+uint8_t *p;
+
+trace_ide_data_write(addr, nbytes, val, bus, s);
+
+/* PIO data access allowed only when DRQ bit is set. The result of a write
+ * during PIO out is indeterminate, just ignore it. */
+if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
+return;
+}
+
+if (nbytes != 2 && nbytes != 4) {
+return;
+}
+
+p = s->data_ptr;
+if (p + nbytes > s->data_end) {
+return;
+}
+
+if (nbytes == 2) {
+*(uint16_t *)p = le16_to_cpu(val);
+} else if (nbytes == 4) {
+*(uint32_t *)p = le32_to_cpu(val);
+}
+p += nbytes;
+s->data_ptr = p;
+if (p >= s->data_end) {
+s->status &= ~DRQ_STAT;
+s->end_transfer_func(s);
+}
+}
+
 uint32_t ide_data_read(void *opaque, uint32_t addr, short nbytes)
 {
 IDEBus *bus = opaque;
@@ -2311,30 +2347,7 @@ uint32_t ide_data_read(void *opaque, uint32_t addr, 
short nbytes)
 
 void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
 {
-IDEBus *bus = opaque;
-IDEState *s = idebus_active_if(bus);
-uint8_t *p;
-
-trace_ide_data_writew(addr, val, bus, s);
-
-/* PIO data access allowed only when DRQ bit is set. The result of a write
- * during PIO out is indeterminate, just ignore it. */
-if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
-return;
-}
-
-p = s->data_ptr;
-if (p + 2 > s->data_end) {
-return;
-}
-
-*(uint16_t *)p = le16_to_cpu(val);
-p += 2;
-s->data_ptr = p;
-if (p >= s->data_end) {
-s->status &= ~DRQ_STAT;
-s->end_transfer_func(s);
-}
+return ide_data_write(opaque, addr, 2, val);
 }
 
 uint32_t ide_data_readw(void *opaque, uint32_t addr)
@@ -2344,30 +2357,7 @@ uint32_t ide_data_readw(void *opaque, uint32_t addr)
 
 void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
 {
-IDEBus *bus = opaque;
-IDEState *s = idebus_active_if(bus);
-uint8_t *p;
-
-trace_ide_data_writel(addr, val, bus, s);
-
-/* PIO data access allowed only when DRQ bit is set. The result of a write
- * during PIO out is indeterminate, just ignore it. */
-if (!(s->status & DRQ_STAT) || ide_is_pio_out(s)) {
-return;
-}
-
-p = s->data_ptr;
-if (p + 4 > s->data_end) {
-return;
-}
-
-*(uint32_t *)p = le32_to_cpu(val);
-p += 4;
-s->data_ptr = p;
-if (p >= s->data_end) {
-s->status &= ~DRQ_STAT;
-s->end_transfer_func(s);
-}
+return ide_data_write(opaque, addr, 4, val);
 }
 
 uint32_t ide_data_readl(void *opaque, uint32_t addr)
diff --git a/hw/ide/trace-events b/hw/ide/trace-events
index e42c428..e92c0bb 100644
--- a/hw/ide/trace-events
+++ b/hw/ide/trace-events
@@ -7,9 +7,8 @@ ide_ioport_write(uint32_t addr, const char *reg, uint32_t val, 
void *bus, void *
 ide_status_read(uint32_t addr, uint32_t val, void *bus, void *s)   
"IDE PIO rd @ 0x%"PRIx32" (Alt Status); val 0x%02"PRIx32"; bus %p; IDEState 
%p"
 ide_cmd_write(uint32_t addr, uint32_t val, void *bus)  
"IDE PIO wr @ 0x%"PRIx32" (Device Control); val 0x%02"PRIx32"; bus %p"
 # Warning: verbose
-ide_data_writew(uint32_t addr, uint32_t val, void *bus, void *s)   
"IDE PIO wr @ 0x%"PRIx32" (Data: Word); val 0x%04"PRIx32"; bus %p; IDEState 
%p"
-ide_data_writel(uint32_t addr, uint32_t val, void *bus, void *s)   
"IDE PIO wr @ 0x%"PRIx32" (Data: Long); val 0x%08"PRIx32"; bus %p; IDEState 
%p"
 ide_data_read(uint32_t addr, short nbytes, uint32_t val, void *bus, void *s)   
"IDE PIO rd @ 0x%"PRIx32" (Data: %d bytes); val 0x%08"PRIx32"; bus %p; 
IDEState %p"
+ide_data_write(uint32_t addr, short nbytes, uint32_t val, void *bus, void *s)  
"IDE PIO wr @ 0x%"PRIx32" (Data: %d bytes); val 0x%08"PRIx32"; bus %p; 
IDEState %p"
 
 # misc
 ide_exec_cmd(void *bus, void *state, uint32_t cmd) "IDE exec cmd: bus %p; 
state %p; cmd 0x%02x"
diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h
index 3159c66..deb592d 100644
--- a/include/hw/ide/internal.h
+++ b/include/hw/ide/internal.h
@@ -598,6 +598,7 @@ void ide_ioport_write(void *opaque, uint32_t addr, uint32_t 
val);
 uint32_t ide_ioport_read(void *opaque, uint32_t addr1);
 uint32_t ide_status_read(void *opaque, uint32_t addr);
 void ide_cmd_write(void *opaque, uint32_t addr, uint32_t val);
+void 

Re: [Qemu-devel] [PATCH] xen: use vMSI related #define-s from public interface

[Stefano Stabellini]

On Fri, 1 Sep 2017, Jan Beulich wrote:
> Xen and qemu having identical #define-s (with different names) is a
> strong hint that these should have been part of the public interface
> from the very start. Use them if they're available, falling back to
> privately defined values only when using older headers.
> 
> Signed-off-by: Jan Beulich 

Hi Jan,

Thanks for the patch and sorry for the delay in reviewing it.


> --- a/hw/xen/xen_pt_msi.c
> +++ b/hw/xen/xen_pt_msi.c
> @@ -18,6 +18,11 @@
>  
>  #define XEN_PT_AUTO_ASSIGN -1
>  
> +#ifndef XEN_DOMCTL_VMSI_X86_DEST_ID_MASK
> +#if XEN_DOMCTL_INTERFACE_VERSION >= 0x000e
> +#error vMSI defines missing from domctl.h
> +#endif

All the version compatibility stuff goes to
include/hw/xen/xen_common.h. Please move it there.

We usually assume that the Xen version we are building against is
"sane", so we don't do #error's typically.


> +
>  /* shift count for gflags */
>  #define XEN_PT_GFLAGS_SHIFT_DEST_ID0
>  #define XEN_PT_GFLAGS_SHIFT_RH 8
> @@ -26,6 +31,16 @@
>  #define XEN_PT_GFLAGSSHIFT_TRG_MODE   15
>  #define XEN_PT_GFLAGSSHIFT_UNMASKED   16
>  
> +#define XEN_DOMCTL_VMSI_X86_DEST_ID_MASK (0xffU << 
> XEN_PT_GFLAGS_SHIFT_DEST_ID)
> +#define XEN_DOMCTL_VMSI_X86_RH_MASK  (1U << XEN_PT_GFLAGS_SHIFT_RH)
> +#define XEN_DOMCTL_VMSI_X86_DM_MASK  (1U << XEN_PT_GFLAGS_SHIFT_DM)
> +#define XEN_DOMCTL_VMSI_X86_DELIV_MASK   (7U << 
> XEN_PT_GFLAGSSHIFT_DELIV_MODE)
> +#define XEN_DOMCTL_VMSI_X86_TRIG_MASK(1U << XEN_PT_GFLAGSSHIFT_TRG_MODE)
> +#define XEN_DOMCTL_VMSI_X86_UNMASKED (1U << XEN_PT_GFLAGSSHIFT_UNMASKED)
> +#endif
> +
> +#define MASK_INSR(v, m) (((v) * ((m) & -(m))) & (m))

MASK_INSR can stay in this file.


>  #define latch(fld) latch[PCI_MSIX_ENTRY_##fld / sizeof(uint32_t)]
>  
>  /*
> @@ -49,21 +64,18 @@ static inline uint32_t msi_ext_dest_id(u
>  
>  static uint32_t msi_gflags(uint32_t data, uint64_t addr)
>  {
> -uint32_t result = 0;
> -int rh, dm, dest_id, deliv_mode, trig_mode;
> +int rh, dm, deliv_mode, trig_mode;
>  
>  rh = (addr >> MSI_ADDR_REDIRECTION_SHIFT) & 0x1;
>  dm = (addr >> MSI_ADDR_DEST_MODE_SHIFT) & 0x1;
> -dest_id = msi_dest_id(addr);
>  deliv_mode = (data >> MSI_DATA_DELIVERY_MODE_SHIFT) & 0x7;
>  trig_mode = (data >> MSI_DATA_TRIGGER_SHIFT) & 0x1;
>  
> -result = dest_id | (rh << XEN_PT_GFLAGS_SHIFT_RH)
> -| (dm << XEN_PT_GFLAGS_SHIFT_DM)
> -| (deliv_mode << XEN_PT_GFLAGSSHIFT_DELIV_MODE)
> -| (trig_mode << XEN_PT_GFLAGSSHIFT_TRG_MODE);
> -
> -return result;
> +return MASK_INSR(msi_dest_id(addr), XEN_DOMCTL_VMSI_X86_DEST_ID_MASK) |
> +   MASK_INSR(rh, XEN_DOMCTL_VMSI_X86_RH_MASK) |
> +   MASK_INSR(dm, XEN_DOMCTL_VMSI_X86_DM_MASK) |
> +   MASK_INSR(deliv_mode, XEN_DOMCTL_VMSI_X86_DELIV_MASK) |
> +   MASK_INSR(trig_mode, XEN_DOMCTL_VMSI_X86_TRIG_MASK);
>  }
>  
>  static inline uint64_t msi_addr64(XenPTMSI *msi)
> @@ -173,7 +185,7 @@ static int msi_msix_update(XenPCIPassthr
>  table_addr = s->msix->mmio_base_addr;
>  }
>  
> -gflags |= masked ? 0 : (1u << XEN_PT_GFLAGSSHIFT_UNMASKED);
> +gflags |= masked ? 0 : XEN_DOMCTL_VMSI_X86_UNMASKED;
>  
>  rc = xc_domain_update_msi_irq(xen_xc, xen_domid, gvec,
>pirq, gflags, table_addr);

Re: [Qemu-devel] [PATCH v3 5/5] s390x/css: support ccw IDA

[Dong Jia Shi]

* Halil Pasic  [2017-09-20 13:13:01 +0200]:

> 
> 
> On 09/20/2017 10:33 AM, Cornelia Huck wrote:
> > On Wed, 20 Sep 2017 15:42:38 +0800
> > Dong Jia Shi  wrote:
> > 
> >> * Halil Pasic  [2017-09-19 20:27:45 +0200]:
> >>
> >>> Let's add indirect data addressing support for our virtual channel
> >>> subsystem. This implementation does not bother with any kind of
> >>> prefetching. We simply step through the IDAL on demand.
> >>>
> >>> Signed-off-by: Halil Pasic 
> >>> Signed-off-by: Cornelia Huck 
> >>> ---
> >>>  hw/s390x/css.c | 117 
> >>> -
> >>>  1 file changed, 116 insertions(+), 1 deletion(-)
> >>>
> >>> diff --git a/hw/s390x/css.c b/hw/s390x/css.c
> >>> index 2d37a9ddde..a3ce6d89b6 100644
> >>> --- a/hw/s390x/css.c
> >>> +++ b/hw/s390x/css.c
> >>> @@ -827,6 +827,121 @@ incr:
> >>>  return 0;
> >>>  }
> >>>
> >>> +/* returns values between 1 and bsz, where bsz is a power of 2 */
> >>> +static inline uint16_t ida_continuous_left(hwaddr cda, uint64_t bsz)
> >>> +{
> >>> +return bsz - (cda & (bsz - 1));
> >>> +}
> >>> +
> >>> +static inline uint64_t ccw_ida_block_size(uint8_t flags)
> >>> +{
> >>> +if ((flags & CDS_F_C64) && !(flags & CDS_F_I2K)) {
> >>> +return 1ULL << 12;
> >>> +}
> >>> +return 1ULL << 11;
> >>> +}
> >>> +
> >>> +static inline int ida_read_next_idaw(CcwDataStream *cds, bool ccw_fmt1,
> >>> + bool idaw_fmt_2)
> >>> +{
> >>> +union {uint64_t fmt2; uint32_t fmt1; } idaw;
> >>> +int ret;
> >>> +hwaddr idaw_addr;
> >>> +
> >>> +if (idaw_fmt_2) {
> >>> +idaw_addr = cds->cda_orig + sizeof(idaw.fmt2) * cds->at_idaw;
> >>> +if (idaw_addr & 0x07 && cds_ccw_addrs_ok(idaw_addr, 0, 
> >>> ccw_fmt1)) {
> >>> +return -EINVAL; /* channel program check */
> >>> +}
> >>> +ret = address_space_rw(_space_memory, idaw_addr,  
> >> Ahh, just got one question here:
> >> Do we need to considerate endianess for idaw_addr?
> > 
> > That is taken care of below.
> > 
> > And the previous version worked on my laptop via tcg ;)
> 
> Nod.

My fault!

I was thinking of the idaw_addr itself, not the content of it. Now I
realized that, since we already converted (cds->cda_orig) in
copy_ccw_from_guest(), there is no need to convert (idaw_addr +
idaw_size * idaw_index) anymore.

Please ingnore my noise. ;P

> 
> > 
> >>
> >>> +   MEMTXATTRS_UNSPECIFIED, (void *) 
> >>> ,
> >>> +   sizeof(idaw.fmt2), false);
> >>> +cds->cda = be64_to_cpu(idaw.fmt2);
> >>> +} else {
> >>> +idaw_addr = cds->cda_orig + sizeof(idaw.fmt1) * cds->at_idaw;
> >>> +if (idaw_addr & 0x03 && cds_ccw_addrs_ok(idaw_addr, 0, 
> >>> ccw_fmt1)) {
> >>> +return -EINVAL; /* channel program check */
> >>> +}
> >>> +ret = address_space_rw(_space_memory, idaw_addr,
> >>> +   MEMTXATTRS_UNSPECIFIED, (void *) 
> >>> ,
> >>> +   sizeof(idaw.fmt1), false);
> >>> +cds->cda = be64_to_cpu(idaw.fmt1);  

[...]

-- 
Dong Jia Shi

Re: [Qemu-devel] [PATCH v3 5/5] s390x/css: support ccw IDA

[Dong Jia Shi]

* Halil Pasic  [2017-09-20 18:46:57 +0200]:

> 
> 
> On 09/20/2017 01:18 PM, Cornelia Huck wrote:
> > On Wed, 20 Sep 2017 13:13:01 +0200
> > Halil Pasic  wrote:
> > 
> >> On 09/20/2017 10:33 AM, Cornelia Huck wrote:
> >>> On Wed, 20 Sep 2017 15:42:38 +0800
> >>> Dong Jia Shi  wrote:
> >>>   
>  * Halil Pasic  [2017-09-19 20:27:45 +0200]:
> > 
> > +   MEMTXATTRS_UNSPECIFIED, (void *) 
> > ,
> > +   sizeof(idaw.fmt2), false);
> > +cds->cda = be64_to_cpu(idaw.fmt2);
> > +} else {
> > +idaw_addr = cds->cda_orig + sizeof(idaw.fmt1) * cds->at_idaw;
> > +if (idaw_addr & 0x03 && cds_ccw_addrs_ok(idaw_addr, 0, 
> > ccw_fmt1)) {
> > +return -EINVAL; /* channel program check */
> > +}
> > +ret = address_space_rw(_space_memory, idaw_addr,
> > +   MEMTXATTRS_UNSPECIFIED, (void *) 
> > ,
> > +   sizeof(idaw.fmt1), false);
> > +cds->cda = be64_to_cpu(idaw.fmt1);
>  Still need to check bit 0x8000 here I think.  
> >>>
> >>> Yes, I think this is 'must be zero' for format-1 idaws, and not covered
> >>> by the ccw-format specific checks above. (Although the PoP can be a bit
> >>> confusing with many similar terms...)
> >>>  
> >>
> >> It's taken care of in ccw_dstream_rw_ida before the actual
> >> access happens. Code looks like this:
> >> +if (!idaw_fmt2 && (cds->cda + iter_len) >= (1ULL << 31)) {
> >> +ret = -EINVAL; /* channel program check */
> >> +goto err;
> >> +}
> >>
> >> The idea was to have it similar to the non-indirect case.
> > 
> > 
> > 
> > Ah, I was simply looking for the wrong pattern. Looks correct.
> > 
> > 
> 
> Thinking about this some more. Since in case of IDA we are guaranteed
> to never cross a block boundary with a single IDAW we won't ever cross
> block boundary. So we can do the check in ida_read_next_idaw by checking
> bit 0x8000 on the ccw->cda. So we could keep idaw_fmt2 and ccw_fmt1
> local to ida_read_next_idaw and save one goto err. I think that would
> look a bit nicer than what I have here in v3. Agree?
Agree. That would also do the check in the first place. Sounds better.

> 
> > +static int ccw_dstream_rw_ida(CcwDataStream *cds, void *buff, int len,
> > +  CcwDataStreamOp op)
> > +{
> > +uint64_t bsz = ccw_ida_block_size(cds->flags);
> > +int ret = 0;
> > +uint16_t cont_left, iter_len;
> > +const bool idaw_fmt2 = cds->flags & CDS_F_C64;
> > +bool ccw_fmt1 = cds->flags & CDS_F_FMT;
>  Use 'const bool' either? Although I doubt the value of using const here.
>  ;)  
> >>>
> >>> Both being the same is still a good idea.
> >>>   
> >>
> >> Yeah. For which one should I go (with const or without)?
> > 
> > For the one you prefer :) (I'm not sure if the const adds value here.)
> > 
> 
> I think we generally don't care about const-ness in such situations,
> so I think I won't use consts.
> 
> I intend to fix the issues we have found and do a v4 tomorrow, unless
> somebody screams -- could do it today but I would like to give Dong
> Jia an opportunity to react.
Thanks. I'm coming. :)

> On the other hand waiting more that that will IMHO do us no favor
> either (I think of our storage/memory hierarchy).
> 
> Regards,
> Halil

-- 
Dong Jia Shi

Re: [Qemu-devel] [PATCH v10 03/13] scripts: Add archive-source.sh

[Fam Zheng]

On Wed, 09/20 08:20, Eric Blake wrote:
> On 09/19/2017 10:25 PM, Fam Zheng wrote:
> > Signed-off-by: Fam Zheng 
> > ---
> >  scripts/archive-source.sh | 51 
> > +++
> >  1 file changed, 51 insertions(+)
> >  create mode 100755 scripts/archive-source.sh
> > 
> 
> > +
> > +if test -n "$submodules"; then
> > +{
> > +git ls-files || error "git ls-files failed"
> > +for sm in $submodules; do
> > +(cd $sm; git ls-files) | sed "s:^:$sm/:"
> > +if test ${PIPESTATUS[0]} -ne 0 -o $? -ne 0; then
> 
> This relies on 'test ... -o ...' which is non-portable.  It "works"
> because there is no possible ambiguity in the contents of $PIPESTATUS
> that could cause a different parse of the test arguments, but I tend to
> discourage any use of -a/-o inside test on principle.  Sadly, writing:
> 
> if test ${PIPESTATUS[0]} -ne 0 || test $? -ne 0
> 
> has a flaw that $? is no longer what you want, at which point you would
> have to introduce a temporary variable.  But we're using bash, so you
> can instead write this as:
> 
> if test "${PIPESTATUS[@]}" != "0 0"; then

Hmm, with exactly this line here I get something like:

./scripts/archive-source.sh: line 36: test: too many arguments

But with

if test "${PIPESTATUS[0]} ${PIPESTATUS[1]}" != "0 0"; then

it seems to work fine. What is the magic here?

Fam

Re: [Qemu-devel] [PATCH v3 4/5] 390x/css: introduce maximum data address checking

[Dong Jia Shi]

* Halil Pasic  [2017-09-20 13:02:59 +0200]:

> 
> 
> On 09/20/2017 10:25 AM, Cornelia Huck wrote:
> > On Wed, 20 Sep 2017 15:47:51 +0800
> > Dong Jia Shi  wrote:
> > 
> >> * Halil Pasic  [2017-09-19 20:27:44 +0200]:
> > 
> >>> @@ -828,7 +836,9 @@ void ccw_dstream_init(CcwDataStream *cds, CCW1 const 
> >>> *ccw, ORB const *orb)
> >>>  g_assert(!(orb->ctrl1 & ORB_CTRL1_MASK_MIDAW));
> >>>  cds->flags = (orb->ctrl0 & ORB_CTRL0_MASK_I2K ? CDS_F_I2K : 0) |
> >>>   (orb->ctrl0 & ORB_CTRL0_MASK_C64 ? CDS_F_C64 : 0) |
> >>> + (orb->ctrl0 & ORB_CTRL0_MASK_FMT ? CDS_F_FMT : 0) |  
> >> This reminds me one more question:
> >> Calling ccw_dsteram_init() after copy_ccw_from_guest() may lead to a
> >> fmt-1 @ccw with an @orb that designates fmt-0 ccw. This sounds insane.
> > 
> > That's just a consequence of us translating everything to format-1
> > ccws. A bit confusing, but no problem if we pay attention to the format
> > bit everywhere it makes a difference.
> > 
> 
> Agree.
Ok. I'm fine with this.

> 
> Halil

-- 
Dong Jia Shi

Re: [Qemu-devel] [PATCH v10 03/13] scripts: Add archive-source.sh

[Fam Zheng]

On Wed, 09/20 08:20, Eric Blake wrote:
> On 09/19/2017 10:25 PM, Fam Zheng wrote:
> > Signed-off-by: Fam Zheng 
> > ---
> >  scripts/archive-source.sh | 51 
> > +++
> >  1 file changed, 51 insertions(+)
> >  create mode 100755 scripts/archive-source.sh
> > 
> 
> > +
> > +if test -n "$submodules"; then
> > +{
> > +git ls-files || error "git ls-files failed"
> > +for sm in $submodules; do
> > +(cd $sm; git ls-files) | sed "s:^:$sm/:"
> > +if test ${PIPESTATUS[0]} -ne 0 -o $? -ne 0; then
> 
> This relies on 'test ... -o ...' which is non-portable.  It "works"
> because there is no possible ambiguity in the contents of $PIPESTATUS
> that could cause a different parse of the test arguments, but I tend to
> discourage any use of -a/-o inside test on principle.  Sadly, writing:
> 
> if test ${PIPESTATUS[0]} -ne 0 || test $? -ne 0
> 
> has a flaw that $? is no longer what you want, at which point you would
> have to introduce a temporary variable.  But we're using bash, so you
> can instead write this as:
> 
> if test "${PIPESTATUS[@]}" != "0 0"; then

Okay.

> 
> > +error "git ls-files in submodule $sm failed"
> > +fi
> > +done
> > +} | grep -x -v $(for sm in $submodules; do echo "-e $sm"; done) > 
> > "$1".list
> > +else
> > +git ls-files > "$1".list
> > +fi
> 
> At this point, $1.list has been created, even if commands failed...
> 
> > +
> > +if test $? -ne 0; then
> > +error "failed to generate list file"
> > +fi
> 
> ...but this exits without cleanup.  If we really want it cleaned no
> matter what, it's probably better to do:
> 
> trap "status=$?; rm -f "$1".list; exit \$status" 0 1 2 3 15

Sounds good, will do.

> 
> earlier than anything that can create the file.
> 
> > +
> > +tar -cf "$1" -T "$1".list
> > +status=$?
> > +rm "$1".list
> > +if test $statue -ne 0; then
> 
> Umm, $statue is not the same as $status.

Oops, will fix.

Fam

Re: [Qemu-devel] [PATCH qemu v4 09/18] memory: Store physical root MR in FlatView

[Alexey Kardashevskiy]

On 21/09/17 03:15, Paolo Bonzini wrote:
> On 20/09/2017 13:46, Alexey Kardashevskiy wrote:
>> Address spaces get to keep a root MR (alias or not) but FlatView stores
>> the actual MR as this is going to be used later on to decide whether to
>> share a particular FlatView or not.
>>
>> Signed-off-by: Alexey Kardashevskiy 
>> ---
>> Changes:
>> v4:
>> * s/memory_region_unalias_entire/memory_region_get_flatview_root/
> 
> Did you try the idea of checking for single-child regions too?

No, I did not, I do not see how I can actually measure the difference - the
PCI and virtio root MRs or single child MRs are unique anyway, I can save
some time by just checking for 2 @enabled flags instead of rendering a
FlatView but rendering such cases itself is fast as well. I'll give a try
though.


-- 
Alexey

Re: [Qemu-devel] [PATCH qemu v4 18/18] memory: Give memory_region_transaction_commit a hint

[Alexey Kardashevskiy]

On 21/09/17 03:14, Paolo Bonzini wrote:
> On 20/09/2017 13:46, Alexey Kardashevskiy wrote:
>> This extends memory_region_transaction_commit() to receive a MR as
>> if it is a root MR or its topmost parent is, then we can only rebuild
>> its FlatView and update it for address spaces sharing it.
>>
>> The optimization gets disabled though if there is full update about to
>> commit.
>>
>> memory_region_set_enabled() is a special case here, it does not use
>> a hint when MR is being disabled.
>>
>> On POWER8 with 255 CPUs, 255 virtio-net, 40 PCI bridges guest this brings
>> down the boot time from 20s to 12s, the total memory footprint
>> goes down (17G -> 8G).
> 
> I think this is incorrect if MR has an alias (no matter if enabling or
> disabling)?

Hmmm. Right. I can add a aliases_nr counter to an MR (it does not even have
to go down as aliases are not creared/destroyed often) and take the slow
path if it is not zero, does it make sense?


-- 
Alexey

Re: [Qemu-devel] [PATCH qemu v4 12/18] memory: Share FlatView's and dispatch trees between address spaces

[Alexey Kardashevskiy]

On 21/09/17 03:18, Paolo Bonzini wrote:
> On 20/09/2017 13:46, Alexey Kardashevskiy wrote:
>> +QTAILQ_FOREACH(as, _spaces, address_spaces_link) {
>> +MemoryRegion *physmr = memory_region_get_flatview_root(as->root);
>> +FlatView *new_view = g_hash_table_lookup(flat_views, physmr);
>> +
>> +if (new_view) {
>> +continue;
>> +}
>> +
>> +new_view = generate_memory_topology(physmr);
>> +g_hash_table_insert(flat_views, physmr, new_view);
> 
> generate_memory_topology can do the g_hash_table_lookup + insert I think?

Yeah, I suppose. But rather g_hash_table_replace() if we decide to proceed
with 18/18 (or even if we do not - _replace() simply inserts if there was
no such element).


>>  static void flatview_set_to_address_space(AddressSpace *as)
>>  {
>> -FlatView *old_view = address_space_get_flatview(as);
>> +FlatView *old_view = address_space_to_flatview(as);
>>  MemoryRegion *physmr = memory_region_get_flatview_root(as->root);
>>  FlatView *new_view = g_hash_table_lookup(flat_views, physmr);
> 
> Rename to address_space_set_flatview?

Sure, why not :)


-- 
Alexey

Re: [Qemu-devel] [PATCH qemu v4 15/18] memory: Share special empty FlatView

[Alexey Kardashevskiy]

On 21/09/17 03:13, Paolo Bonzini wrote:
> On 20/09/2017 13:46, Alexey Kardashevskiy wrote:
>> This shares an cached empty FlatView among address spaces. The empty
>> FV is used every time when a root MR renders into a FV without memory
>> sections which happens when MR or its children are not enabled or
>> zero-sized. The empty_view is not NULL to keep the rest of memory
>> API intact; it also has a dispatch tree for the same reason.
>>
>> On POWER8 with 255 CPUs, 255 virtio-net, 40 PCI bridges guest this halves
>> the amount of FlatView's in use (557 -> 260) and dispatch tables
>> (~80 -> ~37), however the total memory footprint is pretty much
>> the same as RCU is holding all these temporary FVs which are created
>> (and then released) to make sure that they are empty and can be replaced
>> with @empty_view.
>>
>> Signed-off-by: Alexey Kardashevskiy 
>> ---
>>  memory.c | 14 ++
>>  1 file changed, 14 insertions(+)
>>
>> diff --git a/memory.c b/memory.c
>> index 4add0fd030..92b1304a20 100644
>> --- a/memory.c
>> +++ b/memory.c
>> @@ -48,6 +48,7 @@ static QTAILQ_HEAD(, AddressSpace) address_spaces
>>  = QTAILQ_HEAD_INITIALIZER(address_spaces);
>>  
>>  static GHashTable *flat_views;
>> +static FlatView *empty_view;
>>  
>>  typedef struct AddrRange AddrRange;
>>  
>> @@ -755,6 +756,19 @@ static FlatView *generate_memory_topology(MemoryRegion 
>> *mr)
>>  }
>>  flatview_simplify(view);
>>  
>> +if (!view->nr) {
>> +flatview_unref(view);
> 
> This can be changed to flatview_destroy directly to avoid overloading
> RCU with all these temporary FlatViews.


Yeah, this or just allocate every new FlatView on the stack first, I
thought about this a second after I posted this.


> 
> Paolo
> 
>> +if (!empty_view) {
>> +empty_view = flatview_new(NULL);
>> +}
>> +view = empty_view;
>> +flatview_ref(view);
>> +}
>> +
>> +if (view->dispatch) {
>> +return view;
>> +}
>> +
>>  view->dispatch = address_space_dispatch_new(view);
>>  for (i = 0; i < view->nr; i++) {
>>  MemoryRegionSection mrs =
>>
> 


-- 
Alexey

Re: [Qemu-devel] [PATCH] virtio/vhost: reset dev->log after syncing

[Felipe Franciosi]

Heya,

> On 20 Sep 2017, at 13:33, Marc-André Lureau  
> wrote:
> 
> Hi
> 
> - Original Message -
>> vhost_log_put() is called to decomission the dirty log between qemu and
>> a vhost device when stopping the device. Such a call can happen from
>> migration_completion().
>> 
>> Present code sets dev->log_size to zero too early in vhost_log_put(),
>> causing the sync check to always return false. As a consequence, the
>> last pass on the dirty bitmap never happens at the end of migration.
>> 
>> If a vhost device was busy (writing to guest memory) until the last
>> moments before vhost_virtqueue_stop(), this error will result in guest
>> memory corruption (at least) following migrations.
>> 
>> Signed-off-by: Felipe Franciosi 
>> ---
>> hw/virtio/vhost.c |5 +++--
>> 1 files changed, 3 insertions(+), 2 deletions(-)
>> 
>> diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
>> index 5fd69f0..ddc42f0 100644
>> --- a/hw/virtio/vhost.c
>> +++ b/hw/virtio/vhost.c
>> @@ -375,8 +375,6 @@ static void vhost_log_put(struct vhost_dev *dev, bool
>> sync)
>> if (!log) {
>> return;
>> }
>> -dev->log = NULL;
>> -dev->log_size = 0;
>> 
> 
> 
> Good catch. This reminds me of another patch, but I can't find it.

I actually ran into this error when testing migration with a vhost-user-scsi 
backed controller and a request that completes while quiescing on a 
VRING_GET_BASE. Took me a while to figure out why the bitmap wasn't being 
honoured by Qemu. :(

> 
> What if we replace dev->log_size with log->size below? 
> 
> (and I don't see a clear reason why dev->log_size would be different from 
> "log ? log->size : 0", am I missing something?)

I can see that vhost_dev_log_resize() changes dev->log_size without necessarily 
changing dev->log_size. Having said that, it seems like the latter gets 
correctly updated during vhost_log_get() which happens on the same function.

In any case, I feel like any further improvement to the function should be 
discussed and done in a separate commit.

Cheers,
Felipe

> 
>> --log->refcnt;
>> if (log->refcnt == 0) {
>> @@ -396,6 +394,9 @@ static void vhost_log_put(struct vhost_dev *dev, bool
>> sync)
>> 
>> g_free(log);
>> }
>> +
>> +dev->log = NULL;
>> +dev->log_size = 0;
> 
>> }
>> 
>> static bool vhost_dev_log_is_shared(struct vhost_dev *dev)
>> --
>> 1.7.1
>> 
>> 
> 

Re: [Qemu-devel] [PATCH 2/3] linux-user: add SO_LINGER to setsockopt

[Carlo Arenas]

On Wed, Sep 20, 2017 at 11:53 AM, Laurent Vivier  wrote:

> > the test for optlen is replaced by passing optlen to the underlying
> > setsockopt call directly, who would do the test and return the right
> error.
>
> You can't do that, because sizeof(struct linger) may be different from
> sizeof(struct target_linger).
>

Good point, will correct it, but considering that was mostly what I changed
from 陈刚's code, could we merge his instead so I can rebase my changes on
top of it?

just out of curiosity, do you know any such architecture? I assumed that
for everything qemu will care, a struct with 2 ints would be 8 bytes long.


> > as an interesting note, I noticed when testing (in ubuntu artful x86_64)
> > that regardless of how you interpret the documentation, setsockopt won't
> > fail just because the len is smaller than the size of the struct, and
>
> Right, see:
>
> http://elixir.free-electrons.com/linux/latest/source/net/core/sock.c#L830


Sorry; got confused and the one that doesn't fail is actually getsockopt:

http://elixir.free-electrons.com/linux/latest/source/net/core/sock.c#L1178

> therefore that code was not equivalent to the setsockopt it was trying
> > to emulate, and therefore this change doesn't only make the code simpler
> > but also more correct IMHO
> Next time add a revision history in your series explaining your changes
> (and don't reply to the previous patch series for the new series, it's
> better to start a new email thread).
>

Sorry about that, my original intent was to get the original submission to
add support of SO_LINGER to setsockopt out of patchwork limbo[1], hence the
threading and inherited CC

I see there is a lot more work to be done here though, specially when I
found out while trying to test my change for sparc that SOL_SOCKET was also
wrong[2]

is there any testing infrastructure that could be used here to make sure
that no regression is introduced?

Carlo

[1] https://patchwork.ozlabs.org/patch/565659/
[2] https://patchwork.ozlabs.org/patch/816043/

Re: [Qemu-devel] [PATCH 00/12] Patch Round-up for stable 2.10.1, freeze on 2017-09-27

[Greg Kurz]

On Tue, 19 Sep 2017 19:45:09 -0500
Michael Roth  wrote:

> Hi everyone,
> 
> The following new patches are queued for QEMU stable v2.10.1:
> 
>   https://github.com/mdroth/qemu/commits/stable-2.10-staging
> 
> The release is planned for 2017-10-02:
> 
>   https://wiki.qemu.org/Planning/2.10
> 
> Please respond here or CC qemu-sta...@nongnu.org on any patches you
> think should be included in the release.
> 

Hi Michael,

I'd like to suggest these patches that fix regressions introduced in 2.10:

6069537f4336a59054afda91a6545d3648c64619
"9pfs: fix readdir() for 9p2000.u"

4d8bc7334b06ef01a21cad3d1eb8dc183037a06b
"9pfs: fix name_to_path assertion in v9fs_complete_rename()"

772a73692ecb52bace0cff6f95df62f59b8cabe0
"9pfs: check the size of transport buffer before marshaling"

Cheers,

--
Greg

> Testing/feedback is greatly appreciated.
> 
> Thanks!
> 
> 
> Alex Williamson (1):
>   vhost: Release memory references on cleanup
> 
> Farhan Ali (1):
>   s390-ccw: Fix alignment for CCW1
> 
> Greg Kurz (1):
>   virtfs: error out gracefully when mandatory suboptions are missing
> 
> Hannes Reinecke (1):
>   scsi-bus: correct responses for INQUIRY and REQUEST SENSE
> 
> Marc-André Lureau (2):
>   libvhost-user: support resuming vq->last_avail_idx based on used_idx
>   vhost-user-bridge: fix resume regression (since 2.9)
> 
> Pavel Butsykin (1):
>   qcow2: move qcow2_store_persistent_dirty_bitmaps() before cache flushing
> 
> Peter Maydell (1):
>   mps2-an511: Fix wiring of UART overflow interrupt lines
> 
> Pranith Kumar (1):
>   arm_gicv3_kvm: Fix compile warning
> 
> Richard Henderson (1):
>   target/arm: Fix aa64 ldp register writeback
> 
> Samuel Thibault (1):
>   slirp: fix clearing ifq_so from pending packets
> 
> Thomas Huth (1):
>   hw/arm/allwinner-a10: Mark the allwinner-a10 device with user_creatable 
> = false
> 
>  block/qcow2.c | 16 +++---
>  contrib/libvhost-user/libvhost-user.c | 13 
>  contrib/libvhost-user/libvhost-user.h |  7 +++
>  hw/arm/allwinner-a10.c|  2 ++
>  hw/arm/mps2.c |  4 ++--
>  hw/intc/arm_gicv3_kvm.c   |  2 +-
>  hw/scsi/scsi-bus.c| 29 ++
>  hw/virtio/vhost.c |  4 
>  pc-bios/s390-ccw/cio.h|  2 +-
>  scripts/device-crash-test |  1 -
>  slirp/socket.c| 39 
> +--
>  target/arm/translate-a64.c| 29 +++---
>  tests/vhost-user-bridge.c |  7 +++
>  vl.c  | 16 --
>  14 files changed, 120 insertions(+), 51 deletions(-)
> 
> 
> 



-- 
Gregory Kurz kurzg...@fr.ibm.com
 gk...@linux.vnet.ibm.com
Software Engineer @ IBM/LTC  http://www.ibm.com
Tel 33-5-6218-1607

"Anarchy is about taking complete responsibility for yourself."
Alan Moore.

Re: [Qemu-devel] qemu-arm SIGSEGV for self-modifying code

[John Reiser]

I don't really know why we use 0xf700 as our
reserved_va value here, though. Alex, you added that
years ago, can you remember why you used that value?


IIRC I wanted to map the full 32 bits of address space possibly in use by a 
32bit application, but leave some room for something, but I don't remember what 
that something was :)


Now that I know the nature of the conflict, then I will spend a handful of 
instructions
to avoid [0xf700, +), and also the stack if it gets placed immediately 
below that.

Thank you, Peter and Alex.

--
John

[Qemu-devel] [PATCH v3 6/8] xlnx-zynqmp-ipi: Initial version of the Xilinx IPI device

[Alistair Francis]

This is the initial version of the Inter Processor Interrupt device.

Signed-off-by: Alistair Francis 
---

 hw/intc/Makefile.objs |   1 +
 hw/intc/xlnx-zynqmp-ipi.c | 377 ++
 include/hw/intc/xlnx-zynqmp-ipi.h |  57 ++
 3 files changed, 435 insertions(+)
 create mode 100644 hw/intc/xlnx-zynqmp-ipi.c
 create mode 100644 include/hw/intc/xlnx-zynqmp-ipi.h

diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 0fce61e2ce..8497d05695 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -4,6 +4,7 @@ common-obj-$(CONFIG_PL190) += pl190.o
 common-obj-$(CONFIG_PUV3) += puv3_intc.o
 common-obj-$(CONFIG_XILINX) += xilinx_intc.o
 common-obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-pmu-iomod-intc.o
+common-obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp-ipi.o
 common-obj-$(CONFIG_ETRAXFS) += etraxfs_pic.o
 common-obj-$(CONFIG_IMX) += imx_avic.o
 common-obj-$(CONFIG_LM32) += lm32_pic.o
diff --git a/hw/intc/xlnx-zynqmp-ipi.c b/hw/intc/xlnx-zynqmp-ipi.c
new file mode 100644
index 00..6203b27e56
--- /dev/null
+++ b/hw/intc/xlnx-zynqmp-ipi.c
@@ -0,0 +1,377 @@
+/*
+ * QEMU model of the IPI Inter Processor Interrupt block
+ *
+ * Copyright (c) 2014 Xilinx Inc.
+ *
+ * Written by Edgar E. Iglesias 
+ * Written by Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/register.h"
+#include "qemu/bitops.h"
+#include "qemu/log.h"
+#include "hw/intc/xlnx-zynqmp-ipi.h"
+
+#ifndef XLNX_ZYNQMP_IPI_ERR_DEBUG
+#define XLNX_ZYNQMP_IPI_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do {\
+if (XLNX_ZYNQMP_IPI_ERR_DEBUG >= lvl) {\
+qemu_log(TYPE_XLNX_ZYNQMP_IPI ": %s:" fmt, __func__, ## args);\
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+REG32(IPI_TRIG, 0x0)
+FIELD(IPI_TRIG, PL_3, 27, 1)
+FIELD(IPI_TRIG, PL_2, 26, 1)
+FIELD(IPI_TRIG, PL_1, 25, 1)
+FIELD(IPI_TRIG, PL_0, 24, 1)
+FIELD(IPI_TRIG, PMU_3, 19, 1)
+FIELD(IPI_TRIG, PMU_2, 18, 1)
+FIELD(IPI_TRIG, PMU_1, 17, 1)
+FIELD(IPI_TRIG, PMU_0, 16, 1)
+FIELD(IPI_TRIG, RPU_1, 9, 1)
+FIELD(IPI_TRIG, RPU_0, 8, 1)
+FIELD(IPI_TRIG, APU, 0, 1)
+REG32(IPI_OBS, 0x4)
+FIELD(IPI_OBS, PL_3, 27, 1)
+FIELD(IPI_OBS, PL_2, 26, 1)
+FIELD(IPI_OBS, PL_1, 25, 1)
+FIELD(IPI_OBS, PL_0, 24, 1)
+FIELD(IPI_OBS, PMU_3, 19, 1)
+FIELD(IPI_OBS, PMU_2, 18, 1)
+FIELD(IPI_OBS, PMU_1, 17, 1)
+FIELD(IPI_OBS, PMU_0, 16, 1)
+FIELD(IPI_OBS, RPU_1, 9, 1)
+FIELD(IPI_OBS, RPU_0, 8, 1)
+FIELD(IPI_OBS, APU, 0, 1)
+REG32(IPI_ISR, 0x10)
+FIELD(IPI_ISR, PL_3, 27, 1)
+FIELD(IPI_ISR, PL_2, 26, 1)
+FIELD(IPI_ISR, PL_1, 25, 1)
+FIELD(IPI_ISR, PL_0, 24, 1)
+FIELD(IPI_ISR, PMU_3, 19, 1)
+FIELD(IPI_ISR, PMU_2, 18, 1)
+FIELD(IPI_ISR, PMU_1, 17, 1)
+FIELD(IPI_ISR, PMU_0, 16, 1)
+FIELD(IPI_ISR, RPU_1, 9, 1)
+FIELD(IPI_ISR, RPU_0, 8, 1)
+FIELD(IPI_ISR, APU, 0, 1)
+REG32(IPI_IMR, 0x14)
+FIELD(IPI_IMR, PL_3, 27, 1)
+FIELD(IPI_IMR, PL_2, 26, 1)
+FIELD(IPI_IMR, PL_1, 25, 1)
+FIELD(IPI_IMR, PL_0, 24, 1)
+FIELD(IPI_IMR, PMU_3, 19, 1)
+FIELD(IPI_IMR, PMU_2, 18, 1)
+FIELD(IPI_IMR, PMU_1, 17, 1)
+FIELD(IPI_IMR, PMU_0, 16, 1)
+FIELD(IPI_IMR, RPU_1, 9, 1)
+FIELD(IPI_IMR, RPU_0, 8, 1)
+FIELD(IPI_IMR, APU, 0, 1)
+REG32(IPI_IER, 0x18)
+FIELD(IPI_IER, PL_3, 27, 1)
+FIELD(IPI_IER, PL_2, 26, 1)
+FIELD(IPI_IER, PL_1, 25, 1)
+FIELD(IPI_IER, PL_0, 24, 1)
+FIELD(IPI_IER, PMU_3, 19, 1)
+FIELD(IPI_IER, PMU_2, 18, 1)
+FIELD(IPI_IER, PMU_1, 17, 1)
+FIELD(IPI_IER, PMU_0, 16, 1)
+FIELD(IPI_IER, RPU_1, 9, 1)
+FIELD(IPI_IER, RPU_0, 8, 1)
+FIELD(IPI_IER, APU, 0, 1)
+REG32(IPI_IDR, 0x1c)
+FIELD(IPI_IDR, PL_3, 27, 1)
+

[Qemu-devel] [PATCH v3 8/8] xlnx-zynqmp: Connect the IPI device to the ZynqMP SoC

[Alistair Francis]

Signed-off-by: Alistair Francis 
---

 hw/arm/xlnx-zynqmp.c | 14 ++
 include/hw/arm/xlnx-zynqmp.h |  2 ++
 2 files changed, 16 insertions(+)

diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index 2b27daf51d..8aa1f02c62 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -46,6 +46,9 @@
 #define DPDMA_ADDR  0xfd4c
 #define DPDMA_IRQ   116
 
+#define IPI_ADDR0xFF30
+#define IPI_IRQ 64
+
 static const uint64_t gem_addr[XLNX_ZYNQMP_NUM_GEMS] = {
 0xFF0B, 0xFF0C, 0xFF0D, 0xFF0E,
 };
@@ -174,6 +177,9 @@ static void xlnx_zynqmp_init(Object *obj)
 
 object_initialize(>dpdma, sizeof(s->dpdma), TYPE_XLNX_DPDMA);
 qdev_set_parent_bus(DEVICE(>dpdma), sysbus_get_default());
+
+object_initialize(>ipi, sizeof(s->ipi), TYPE_XLNX_ZYNQMP_IPI);
+qdev_set_parent_bus(DEVICE(>ipi), sysbus_get_default());
 }
 
 static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)
@@ -422,6 +428,14 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
**errp)
  _abort);
 sysbus_mmio_map(SYS_BUS_DEVICE(>dpdma), 0, DPDMA_ADDR);
 sysbus_connect_irq(SYS_BUS_DEVICE(>dpdma), 0, gic_spi[DPDMA_IRQ]);
+
+object_property_set_bool(OBJECT(>ipi), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+sysbus_mmio_map(SYS_BUS_DEVICE(>ipi), 0, IPI_ADDR);
+sysbus_connect_irq(SYS_BUS_DEVICE(>ipi), 0, gic_spi[IPI_IRQ]);
 }
 
 static Property xlnx_zynqmp_props[] = {
diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
index 6eff81a995..dad2bda7b2 100644
--- a/include/hw/arm/xlnx-zynqmp.h
+++ b/include/hw/arm/xlnx-zynqmp.h
@@ -28,6 +28,7 @@
 #include "hw/ssi/xilinx_spips.h"
 #include "hw/dma/xlnx_dpdma.h"
 #include "hw/display/xlnx_dp.h"
+#include "hw/intc/xlnx-zynqmp-ipi.h"
 
 #define TYPE_XLNX_ZYNQMP "xlnx,zynqmp"
 #define XLNX_ZYNQMP(obj) OBJECT_CHECK(XlnxZynqMPState, (obj), \
@@ -85,6 +86,7 @@ typedef struct XlnxZynqMPState {
 XilinxSPIPS spi[XLNX_ZYNQMP_NUM_SPIS];
 XlnxDPState dp;
 XlnxDPDMAState dpdma;
+XlnxZynqMPIPI ipi;
 
 char *boot_cpu;
 ARMCPU *boot_cpu_ptr;
-- 
2.11.0

[Qemu-devel] [PATCH v3 4/8] xlnx-pmu-iomod-intc: Add the PMU Interrupt controller

[Alistair Francis]

Add the PMU IO Module Interrupt controller device.

Signed-off-by: Alistair Francis 
---

 default-configs/microblaze-softmmu.mak |   1 +
 hw/intc/Makefile.objs  |   1 +
 hw/intc/xlnx-pmu-iomod-intc.c  | 554 +
 include/hw/intc/xlnx-pmu-iomod-intc.h  |  58 
 4 files changed, 614 insertions(+)
 create mode 100644 hw/intc/xlnx-pmu-iomod-intc.c
 create mode 100644 include/hw/intc/xlnx-pmu-iomod-intc.h

diff --git a/default-configs/microblaze-softmmu.mak 
b/default-configs/microblaze-softmmu.mak
index ce2630818a..7fca8e4c99 100644
--- a/default-configs/microblaze-softmmu.mak
+++ b/default-configs/microblaze-softmmu.mak
@@ -9,3 +9,4 @@ CONFIG_XILINX_SPI=y
 CONFIG_XILINX_ETHLITE=y
 CONFIG_SSI=y
 CONFIG_SSI_M25P80=y
+CONFIG_XLNX_ZYNQMP=y
diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 78426a7daf..0fce61e2ce 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -3,6 +3,7 @@ common-obj-$(CONFIG_I8259) += i8259_common.o i8259.o
 common-obj-$(CONFIG_PL190) += pl190.o
 common-obj-$(CONFIG_PUV3) += puv3_intc.o
 common-obj-$(CONFIG_XILINX) += xilinx_intc.o
+common-obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-pmu-iomod-intc.o
 common-obj-$(CONFIG_ETRAXFS) += etraxfs_pic.o
 common-obj-$(CONFIG_IMX) += imx_avic.o
 common-obj-$(CONFIG_LM32) += lm32_pic.o
diff --git a/hw/intc/xlnx-pmu-iomod-intc.c b/hw/intc/xlnx-pmu-iomod-intc.c
new file mode 100644
index 00..4ec7991f4f
--- /dev/null
+++ b/hw/intc/xlnx-pmu-iomod-intc.c
@@ -0,0 +1,554 @@
+/*
+ * QEMU model of Xilinx I/O Module Interrupt Controller
+ *
+ * Copyright (c) 2013 Xilinx Inc
+ * Written by Edgar E. Iglesias 
+ * Written by Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/register.h"
+#include "qemu/bitops.h"
+#include "qemu/log.h"
+#include "hw/intc/xlnx-pmu-iomod-intc.h"
+
+#ifndef XLNX_PMU_IO_INTC_ERR_DEBUG
+#define XLNX_PMU_IO_INTC_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do {\
+if (XLNX_PMU_IO_INTC_ERR_DEBUG >= lvl) {\
+qemu_log(TYPE_XLNX_PMU_IO_INTC ": %s:" fmt, __func__, ## args);\
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+REG32(IRQ_MODE, 0xc)
+REG32(GPO0, 0x10)
+FIELD(GPO0, MAGIC_WORD_1, 24, 8)
+FIELD(GPO0, MAGIC_WORD_2, 16, 8)
+FIELD(GPO0, FT_INJECT_FAILURE, 13, 3)
+FIELD(GPO0, DISABLE_RST_FTSM, 12, 1)
+FIELD(GPO0, RST_FTSM, 11, 1)
+FIELD(GPO0, CLR_FTSTS, 10, 1)
+FIELD(GPO0, RST_ON_SLEEP, 9, 1)
+FIELD(GPO0, DISABLE_TRACE_COMP, 8, 1)
+FIELD(GPO0, PIT3_PRESCALE, 7, 1)
+FIELD(GPO0, PIT2_PRESCALE, 5, 2)
+FIELD(GPO0, PIT1_PRESCALE, 3, 2)
+FIELD(GPO0, PIT0_PRESCALE, 1, 2)
+FIELD(GPO0, DEBUG_REMAP, 0, 1)
+REG32(GPO1, 0x14)
+FIELD(GPO1, MIO_5, 5, 1)
+FIELD(GPO1, MIO_4, 4, 1)
+FIELD(GPO1, MIO_3, 3, 1)
+FIELD(GPO1, MIO_2, 2, 1)
+FIELD(GPO1, MIO_1, 1, 1)
+FIELD(GPO1, MIO_0, 0, 1)
+REG32(GPO2, 0x18)
+FIELD(GPO2, DAP_RPU_WAKE_ACK, 9, 1)
+FIELD(GPO2, DAP_FP_WAKE_ACK, 8, 1)
+FIELD(GPO2, PS_STATUS, 7, 1)
+FIELD(GPO2, PCAP_EN, 6, 1)
+REG32(GPO3, 0x1c)
+FIELD(GPO3, PL_GPO_31, 31, 1)
+FIELD(GPO3, PL_GPO_30, 30, 1)
+FIELD(GPO3, PL_GPO_29, 29, 1)
+FIELD(GPO3, PL_GPO_28, 28, 1)
+FIELD(GPO3, PL_GPO_27, 27, 1)
+FIELD(GPO3, PL_GPO_26, 26, 1)
+FIELD(GPO3, PL_GPO_25, 25, 1)
+FIELD(GPO3, PL_GPO_24, 24, 1)
+FIELD(GPO3, PL_GPO_23, 23, 1)
+FIELD(GPO3, PL_GPO_22, 22, 1)
+FIELD(GPO3, PL_GPO_21, 21, 1)
+FIELD(GPO3, PL_GPO_20, 20, 1)
+FIELD(GPO3, PL_GPO_19, 19, 1)
+FIELD(GPO3, PL_GPO_18, 18, 1)
+FIELD(GPO3, PL_GPO_17, 17, 1)
+FIELD(GPO3, PL_GPO_16, 16, 1)
+FIELD(GPO3, PL_GPO_15, 15, 1)
+FIELD(GPO3, PL_GPO_14, 14, 1)
+FIELD(GPO3, PL_GPO_13, 13, 1)
+FIELD(GPO3, 

[Qemu-devel] [PATCH v3 2/8] xlnx-zynqmp-pmu: Add the CPU and memory

[Alistair Francis]

Connect the MicroBlaze CPU and the ROM and RAM memory regions.

Signed-off-by: Alistair Francis 
---
V2:
 - Fix the pmu-cpu name
 - Use err and errp for CPU realise instead of error_fatal

 hw/microblaze/xlnx-zynqmp-pmu.c | 70 +++--
 1 file changed, 68 insertions(+), 2 deletions(-)

diff --git a/hw/microblaze/xlnx-zynqmp-pmu.c b/hw/microblaze/xlnx-zynqmp-pmu.c
index fc3c8b236f..b643125704 100644
--- a/hw/microblaze/xlnx-zynqmp-pmu.c
+++ b/hw/microblaze/xlnx-zynqmp-pmu.c
@@ -18,8 +18,11 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
+#include "exec/address-spaces.h"
 #include "hw/boards.h"
+#include "hw/qdev-properties.h"
 #include "cpu.h"
+#include "boot.h"
 
 /* Define the PMU device */
 
@@ -27,21 +30,56 @@
 #define XLNX_ZYNQMP_PMU(obj) OBJECT_CHECK(XlnxZynqMPPMUState, (obj), \
   TYPE_XLNX_ZYNQMP_PMU)
 
+#define XLNX_ZYNQMP_PMU_ROM_SIZE0x8000
+#define XLNX_ZYNQMP_PMU_ROM_ADDR0xFFD0
+#define XLNX_ZYNQMP_PMU_RAM_ADDR0xFFDC
+
 typedef struct XlnxZynqMPPMUState {
 /*< private >*/
 DeviceState parent_obj;
 
 /*< public >*/
+MicroBlazeCPU cpu;
 }  XlnxZynqMPPMUState;
 
 static void xlnx_zynqmp_pmu_init(Object *obj)
 {
+XlnxZynqMPPMUState *s = XLNX_ZYNQMP_PMU(obj);
 
+object_initialize(>cpu, sizeof(s->cpu),
+  TYPE_MICROBLAZE_CPU);
+object_property_add_child(obj, "pmu-cpu", OBJECT(>cpu),
+  _abort);
 }
 
 static void xlnx_zynqmp_pmu_realize(DeviceState *dev, Error **errp)
 {
-
+XlnxZynqMPPMUState *s = XLNX_ZYNQMP_PMU(dev);
+Error *err = NULL;
+
+object_property_set_uint(OBJECT(>cpu), XLNX_ZYNQMP_PMU_ROM_ADDR,
+ "base-vectors", _abort);
+object_property_set_bool(OBJECT(>cpu), true, "use-stack-protection",
+ _abort);
+object_property_set_uint(OBJECT(>cpu), 0, "use-fpu", _abort);
+object_property_set_uint(OBJECT(>cpu), 0, "use-hw-mul", _abort);
+object_property_set_bool(OBJECT(>cpu), true, "use-barrel",
+ _abort);
+object_property_set_bool(OBJECT(>cpu), true, "use-msr-instr",
+ _abort);
+object_property_set_bool(OBJECT(>cpu), true, "use-pcmp-instr",
+ _abort);
+object_property_set_bool(OBJECT(>cpu), false, "use-mmu", _abort);
+object_property_set_bool(OBJECT(>cpu), true, "endianness",
+ _abort);
+object_property_set_str(OBJECT(>cpu), "8.40.b", "version",
+_abort);
+object_property_set_uint(OBJECT(>cpu), 0, "pvr", _abort);
+object_property_set_bool(OBJECT(>cpu), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
 }
 
 static void xlnx_zynqmp_pmu_class_init(ObjectClass *oc, void *data)
@@ -70,7 +108,35 @@ type_init(xlnx_zynqmp_pmu_register_types)
 
 static void xlnx_zcu102_pmu_init(MachineState *machine)
 {
-
+XlnxZynqMPPMUState *pmu = g_new0(XlnxZynqMPPMUState, 1);
+MemoryRegion *address_space_mem = get_system_memory();
+MemoryRegion *pmu_rom = g_new(MemoryRegion, 1);
+MemoryRegion *pmu_ram = g_new(MemoryRegion, 1);
+
+/* Create the ROM */
+memory_region_init_rom(pmu_rom, NULL, "xlnx-zcu102-pmu.rom",
+   XLNX_ZYNQMP_PMU_ROM_SIZE, _fatal);
+memory_region_add_subregion(address_space_mem, XLNX_ZYNQMP_PMU_ROM_ADDR,
+pmu_rom);
+
+/* Create the RAM */
+memory_region_init_ram(pmu_ram, NULL, "xlnx-zcu102-pmu.ram",
+   machine->ram_size, _fatal);
+memory_region_add_subregion(address_space_mem, XLNX_ZYNQMP_PMU_RAM_ADDR,
+pmu_ram);
+
+/* Create the PMU device */
+object_initialize(pmu, sizeof(XlnxZynqMPPMUState), TYPE_XLNX_ZYNQMP_PMU);
+object_property_add_child(OBJECT(machine), "pmu", OBJECT(pmu),
+  _abort);
+object_property_set_bool(OBJECT(pmu), true, "realized", _fatal);
+
+/* Load the kernel */
+microblaze_load_kernel(>cpu, XLNX_ZYNQMP_PMU_RAM_ADDR,
+   machine->ram_size,
+   machine->kernel_filename,
+   machine->dtb,
+   NULL);
 }
 
 static void xlnx_zcu102_pmu_machine_init(MachineClass *mc)
-- 
2.11.0

[Qemu-devel] [PATCH v3 7/8] xlnx-zynqmp-pmu: Connect the IPI device to the PMU

[Alistair Francis]

Signed-off-by: Alistair Francis 
---

 hw/microblaze/xlnx-zynqmp-pmu.c | 40 ++--
 1 file changed, 34 insertions(+), 6 deletions(-)

diff --git a/hw/microblaze/xlnx-zynqmp-pmu.c b/hw/microblaze/xlnx-zynqmp-pmu.c
index ca98d82e87..2016e34db6 100644
--- a/hw/microblaze/xlnx-zynqmp-pmu.c
+++ b/hw/microblaze/xlnx-zynqmp-pmu.c
@@ -24,6 +24,7 @@
 #include "cpu.h"
 #include "boot.h"
 
+#include "hw/intc/xlnx-zynqmp-ipi.h"
 #include "hw/intc/xlnx-pmu-iomod-intc.h"
 
 /* Define the PMU device */
@@ -38,18 +39,28 @@
 
 #define XLNX_ZYNQMP_PMU_INTC_ADDR   0xFFD4
 
+#define XLNX_ZYNQMP_PMU_NUM_IPIS4
+static const uint64_t ipi_addr[XLNX_ZYNQMP_PMU_NUM_IPIS] = {
+0xFF34, 0xFF35, 0xFF36, 0xFF37,
+};
+static const uint64_t ipi_irq[XLNX_ZYNQMP_PMU_NUM_IPIS] = {
+19, 20, 21, 22,
+};
+
 typedef struct XlnxZynqMPPMUState {
 /*< private >*/
 DeviceState parent_obj;
 
 /*< public >*/
 MicroBlazeCPU cpu;
+XlnxZynqMPIPI ipi[XLNX_ZYNQMP_PMU_NUM_IPIS];
 XlnxPMUIOIntc intc;
 }  XlnxZynqMPPMUState;
 
 static void xlnx_zynqmp_pmu_init(Object *obj)
 {
 XlnxZynqMPPMUState *s = XLNX_ZYNQMP_PMU(obj);
+int i;
 
 object_initialize(>cpu, sizeof(s->cpu),
   TYPE_MICROBLAZE_CPU);
@@ -58,12 +69,19 @@ static void xlnx_zynqmp_pmu_init(Object *obj)
 
 object_initialize(>intc, sizeof(s->intc), TYPE_XLNX_PMU_IO_INTC);
 qdev_set_parent_bus(DEVICE(>intc), sysbus_get_default());
+
+   for (i = 0; i < XLNX_ZYNQMP_PMU_NUM_IPIS; i++) {
+object_initialize(>ipi[i], sizeof(s->ipi[i]), TYPE_XLNX_ZYNQMP_IPI);
+qdev_set_parent_bus(DEVICE(>ipi[i]), sysbus_get_default());
+}
 }
 
 static void xlnx_zynqmp_pmu_realize(DeviceState *dev, Error **errp)
 {
 XlnxZynqMPPMUState *s = XLNX_ZYNQMP_PMU(dev);
 Error *err = NULL;
+qemu_irq irq[32];
+int i;
 
 object_property_set_uint(OBJECT(>cpu), XLNX_ZYNQMP_PMU_ROM_ADDR,
  "base-vectors", _abort);
@@ -89,12 +107,9 @@ static void xlnx_zynqmp_pmu_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
-object_property_set_uint(OBJECT(>intc), 0x10, "intc-intr-size",
- _abort);
-object_property_set_uint(OBJECT(>intc), 0x0, "intc-level-edge",
- _abort);
-object_property_set_uint(OBJECT(>intc), 0x, "intc-positive",
- _abort);
+object_property_set_uint(OBJECT(>intc), 0x10, "intc-intr-size", 
_abort);
+object_property_set_uint(OBJECT(>intc), 0x0, "intc-level-edge", 
_abort);
+object_property_set_uint(OBJECT(>intc), 0x, "intc-positive", 
_abort);
 object_property_set_bool(OBJECT(>intc), true, "realized", );
 if (err) {
 error_propagate(errp, err);
@@ -103,6 +118,19 @@ static void xlnx_zynqmp_pmu_realize(DeviceState *dev, 
Error **errp)
 sysbus_mmio_map(SYS_BUS_DEVICE(>intc), 0, XLNX_ZYNQMP_PMU_INTC_ADDR);
 sysbus_connect_irq(SYS_BUS_DEVICE(>intc), 0,
qdev_get_gpio_in(DEVICE(>cpu), MB_CPU_IRQ));
+for (i = 0; i < 32; i++) {
+irq[i] = qdev_get_gpio_in(DEVICE(>intc), i);
+}
+
+for (i = 0; i < XLNX_ZYNQMP_PMU_NUM_IPIS; i++) {
+object_property_set_bool(OBJECT(>ipi[i]), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+sysbus_mmio_map(SYS_BUS_DEVICE(>ipi[i]), 0, ipi_addr[i]);
+sysbus_connect_irq(SYS_BUS_DEVICE(>ipi[i]), 0, irq[ipi_irq[i]]);
+}
 }
 
 static void xlnx_zynqmp_pmu_class_init(ObjectClass *oc, void *data)
-- 
2.11.0

[Qemu-devel] [PATCH v3 3/8] aarch64-softmmu.mak: Use an ARM specific config

[Alistair Francis]

In preperation for having an ARM and MicroBlaze ZynqMP machine let's
split out the current ARM specific config options.

Signed-off-by: Alistair Francis 
Acked-by: Peter Maydell 
---

 default-configs/aarch64-softmmu.mak | 1 +
 hw/arm/Makefile.objs| 2 +-
 hw/display/Makefile.objs| 2 +-
 hw/dma/Makefile.objs| 2 +-
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/default-configs/aarch64-softmmu.mak 
b/default-configs/aarch64-softmmu.mak
index 24494832cf..9ddccf855e 100644
--- a/default-configs/aarch64-softmmu.mak
+++ b/default-configs/aarch64-softmmu.mak
@@ -7,3 +7,4 @@ CONFIG_AUX=y
 CONFIG_DDC=y
 CONFIG_DPCD=y
 CONFIG_XLNX_ZYNQMP=y
+CONFIG_XLNX_ZYNQMP_ARM=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 5ee6f7da5b..01138b05f5 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -13,7 +13,7 @@ obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
-obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-zcu102.o
+obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zynqmp.o xlnx-zcu102.o
 obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
 obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
diff --git a/hw/display/Makefile.objs b/hw/display/Makefile.objs
index 551c050a6a..d3a4cb396e 100644
--- a/hw/display/Makefile.objs
+++ b/hw/display/Makefile.objs
@@ -40,4 +40,4 @@ virtio-gpu.o-libs += $(VIRGL_LIBS)
 virtio-gpu-3d.o-cflags := $(VIRGL_CFLAGS)
 virtio-gpu-3d.o-libs += $(VIRGL_LIBS)
 obj-$(CONFIG_DPCD) += dpcd.o
-obj-$(CONFIG_XLNX_ZYNQMP) += xlnx_dp.o
+obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx_dp.o
diff --git a/hw/dma/Makefile.objs b/hw/dma/Makefile.objs
index 087c8e6855..be98d5d3d8 100644
--- a/hw/dma/Makefile.objs
+++ b/hw/dma/Makefile.objs
@@ -9,7 +9,7 @@ common-obj-$(CONFIG_ZYNQ_DEVCFG) += xlnx-zynq-devcfg.o
 common-obj-$(CONFIG_ETRAXFS) += etraxfs_dma.o
 common-obj-$(CONFIG_STP2000) += sparc32_dma.o
 common-obj-$(CONFIG_SUN4M) += sun4m_iommu.o
-obj-$(CONFIG_XLNX_ZYNQMP) += xlnx_dpdma.o
+obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx_dpdma.o
 
 obj-$(CONFIG_OMAP) += omap_dma.o soc_dma.o
 obj-$(CONFIG_PXA2XX) += pxa2xx_dma.o
-- 
2.11.0

[Qemu-devel] [PATCH v3 0/8] Add the ZynqMP PMU and IPI

[Alistair Francis]

This series adds the ZynqMP Power Management Unit (PMU) machine with basic
functionality.

The machine only has the
 - CPU
 - Memory
 - Interrupt controller
 - IPI device

connected, but that is enough to run some of the ROM and firmware
code on the machine

The series also adds the IPI device and connects it to the ZynqMP ARM
side and the ZynqMP PMU. These IPI devices don't connect between the ARM
and MicroBlaze instances though.

v3:
 - Add the interrupt controller
 - Replace some of the error_fatals with errp
 - Fix the PMU CPU name



Alistair Francis (8):
  xlnx-zynqmp-pmu: Initial commit of the ZynqMP PMU
  xlnx-zynqmp-pmu: Add the CPU and memory
  aarch64-softmmu.mak: Use an ARM specific config
  xlnx-pmu-iomod-intc: Add the PMU Interrupt controller
  xlnx-zynqmp-pmu: Connect the PMU interrupt controller
  xlnx-zynqmp-ipi: Initial version of the Xilinx IPI device
  xlnx-zynqmp-pmu: Connect the IPI device to the PMU
  xlnx-zynqmp: Connect the IPI device to the ZynqMP SoC

 default-configs/aarch64-softmmu.mak|   1 +
 default-configs/microblaze-softmmu.mak |   1 +
 hw/arm/Makefile.objs   |   2 +-
 hw/arm/xlnx-zynqmp.c   |  14 +
 hw/display/Makefile.objs   |   2 +-
 hw/dma/Makefile.objs   |   2 +-
 hw/intc/Makefile.objs  |   2 +
 hw/intc/xlnx-pmu-iomod-intc.c  | 554 +
 hw/intc/xlnx-zynqmp-ipi.c  | 377 ++
 hw/microblaze/Makefile.objs|   1 +
 hw/microblaze/xlnx-zynqmp-pmu.c| 200 
 include/hw/arm/xlnx-zynqmp.h   |   2 +
 include/hw/intc/xlnx-pmu-iomod-intc.h  |  58 
 include/hw/intc/xlnx-zynqmp-ipi.h  |  57 
 14 files changed, 1270 insertions(+), 3 deletions(-)
 create mode 100644 hw/intc/xlnx-pmu-iomod-intc.c
 create mode 100644 hw/intc/xlnx-zynqmp-ipi.c
 create mode 100644 hw/microblaze/xlnx-zynqmp-pmu.c
 create mode 100644 include/hw/intc/xlnx-pmu-iomod-intc.h
 create mode 100644 include/hw/intc/xlnx-zynqmp-ipi.h

-- 
2.11.0

[Qemu-devel] [PATCH v3 1/8] xlnx-zynqmp-pmu: Initial commit of the ZynqMP PMU

[Alistair Francis]

The Xilinx ZynqMP SoC has two main processing systems in it. The ARM
processing system (which is already modeled in QEMU) and the MicroBlaze
Power Management Unit (PMU). This is the inital work for adding support
for the PMU.

The PMU susbsystem runs along side the ARM system on hardware, but due
to architecture limitations in QEMU the two instances are seperate for
the time being.

Let's follow the same setup we do with the ARM system, where there is an
SoC device and a ZCU102 board. Although the PMU is less board specific
we are still going to follow the same split as maybe in future we can
connect the PMU device to the ARM ZCU102 board. As the machine will be
fairly small let's keep them both together in one file.

Signed-off-by: Alistair Francis 
---

 hw/microblaze/Makefile.objs |  1 +
 hw/microblaze/xlnx-zynqmp-pmu.c | 83 +
 2 files changed, 84 insertions(+)
 create mode 100644 hw/microblaze/xlnx-zynqmp-pmu.c

diff --git a/hw/microblaze/Makefile.objs b/hw/microblaze/Makefile.objs
index b2517d87fe..ae9fd40de7 100644
--- a/hw/microblaze/Makefile.objs
+++ b/hw/microblaze/Makefile.objs
@@ -1,3 +1,4 @@
 obj-y += petalogix_s3adsp1800_mmu.o
 obj-y += petalogix_ml605_mmu.o
+obj-y += xlnx-zynqmp-pmu.o
 obj-y += boot.o
diff --git a/hw/microblaze/xlnx-zynqmp-pmu.c b/hw/microblaze/xlnx-zynqmp-pmu.c
new file mode 100644
index 00..fc3c8b236f
--- /dev/null
+++ b/hw/microblaze/xlnx-zynqmp-pmu.c
@@ -0,0 +1,83 @@
+/*
+ * Xilinx Zynq MPSoC PMU (Power Management Unit) emulation
+ *
+ * Copyright (C) 2017 Xilinx Inc
+ * Written by Alistair Francis 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "hw/boards.h"
+#include "cpu.h"
+
+/* Define the PMU device */
+
+#define TYPE_XLNX_ZYNQMP_PMU "xlnx,zynqmp-pmu"
+#define XLNX_ZYNQMP_PMU(obj) OBJECT_CHECK(XlnxZynqMPPMUState, (obj), \
+  TYPE_XLNX_ZYNQMP_PMU)
+
+typedef struct XlnxZynqMPPMUState {
+/*< private >*/
+DeviceState parent_obj;
+
+/*< public >*/
+}  XlnxZynqMPPMUState;
+
+static void xlnx_zynqmp_pmu_init(Object *obj)
+{
+
+}
+
+static void xlnx_zynqmp_pmu_realize(DeviceState *dev, Error **errp)
+{
+
+}
+
+static void xlnx_zynqmp_pmu_class_init(ObjectClass *oc, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(oc);
+
+dc->realize = xlnx_zynqmp_pmu_realize;
+}
+
+static const TypeInfo xlnx_zynqmp_pmu_type_info = {
+.name = TYPE_XLNX_ZYNQMP_PMU,
+.parent = TYPE_DEVICE,
+.instance_size = sizeof(XlnxZynqMPPMUState),
+.instance_init = xlnx_zynqmp_pmu_init,
+.class_init = xlnx_zynqmp_pmu_class_init,
+};
+
+static void xlnx_zynqmp_pmu_register_types(void)
+{
+type_register_static(_zynqmp_pmu_type_info);
+}
+
+type_init(xlnx_zynqmp_pmu_register_types)
+
+/* Define the PMU Machine */
+
+static void xlnx_zcu102_pmu_init(MachineState *machine)
+{
+
+}
+
+static void xlnx_zcu102_pmu_machine_init(MachineClass *mc)
+{
+mc->desc = "Xilinx ZynqMP ZCU102 PMU machine";
+mc->init = xlnx_zcu102_pmu_init;
+}
+
+DEFINE_MACHINE("xlnx-zcu102-pmu", xlnx_zcu102_pmu_machine_init)
+
-- 
2.11.0

Re: [Qemu-devel] [PATCH] ide: fix enum comparison for gcc 4.7

[Mark Cave-Ayland]

On 20/09/17 22:33, John Snow wrote:

> On 09/20/2017 05:28 PM, Mark Cave-Ayland wrote:
>> On 20/09/17 20:41, John Snow wrote:
>>
>>> Apparently GCC gets bent over comparing enum values against zero.
>>> Replace the conditional with something less readable.
>>>
>>> Signed-off-by: John Snow 
>>> ---
>>>  hw/ide/core.c | 2 +-
>>>  include/hw/ide/internal.h | 3 +--
>>>  2 files changed, 2 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/hw/ide/core.c b/hw/ide/core.c
>>> index a19bd90..d63eb4a 100644
>>> --- a/hw/ide/core.c
>>> +++ b/hw/ide/core.c
>>> @@ -68,7 +68,7 @@ const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = {
>>>  
>>>  static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval)
>>>  {
>>> -if (enval >= IDE_DMA__BEGIN && enval < IDE_DMA__COUNT) {
>>> +if ((unsigned)enval < IDE_DMA__COUNT) {
>>>  return IDE_DMA_CMD_lookup[enval];
>>>  }
>>>  return "DMA UNKNOWN CMD";
>>> diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h
>>> index 180e00e..e641012 100644
>>> --- a/include/hw/ide/internal.h
>>> +++ b/include/hw/ide/internal.h
>>> @@ -333,8 +333,7 @@ struct unreported_events {
>>>  };
>>>  
>>>  enum ide_dma_cmd {
>>> -IDE_DMA__BEGIN = 0,
>>> -IDE_DMA_READ = IDE_DMA__BEGIN,
>>> +IDE_DMA_READ = 0,
>>>  IDE_DMA_WRITE,
>>>  IDE_DMA_TRIM,
>>>  IDE_DMA_ATAPI,
>>>
>>
>> Really close - it fixes the error in hw/ide/core.c but then I see a
>> similar error a bit later in hw/ide/ahci.c:
>>
>> cc -I/home/build/src/qemu/git/qemu/hw/ide -Ihw/ide
>> -I/home/build/src/qemu/git/qemu/tcg
>> -I/home/build/src/qemu/git/qemu/tcg/i386
>> -I/home/build/src/qemu/git/qemu/linux-headers
>> -I/home/build/src/qemu/git/qemu/linux-headers -I.
>> -I/home/build/src/qemu/git/qemu
>> -I/home/build/src/qemu/git/qemu/accel/tcg
>> -I/home/build/src/qemu/git/qemu/include -I/usr/include/pixman-1
>> -I/home/build/src/qemu/git/qemu/dtc/libfdt -Werror -pthread
>> -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include
>> -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
>> -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings
>> -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv
>> -Wendif-labels -Wno-missing-include-dirs -Wempty-body -Wnested-externs
>> -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers
>> -Wold-style-declaration -Wold-style-definition -Wtype-limits
>> -fstack-protector-all -I/usr/include/p11-kit-1
>> -I/usr/include/libpng12   -I/home/build/src/qemu/git/qemu/tests -MMD -MP
>> -MT hw/ide/ahci.o -MF hw/ide/ahci.d -O2 -U_FORTIFY_SOURCE
>> -D_FORTIFY_SOURCE=2 -g   -c -o hw/ide/ahci.o hw/ide/ahci.c
>> hw/ide/ahci.c: In function ‘ahci_trigger_irq’:
>> hw/ide/ahci.c:187:5: error: comparison of unsigned expression >= 0 is
>> always true [-Werror=type-limits]
>> cc1: all warnings being treated as errors
>> make: *** [hw/ide/ahci.o] Error 1
>>
>>
>> ATB,
>>
>> Mark.
>>
> 
> Man, what's with your compiler? ...
> 
> OK, let's try:
> 
> diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
> index 24c65df..32d1296 100644
> --- a/hw/ide/ahci.c
> +++ b/hw/ide/ahci.c
> @@ -184,7 +184,7 @@ static void ahci_check_irq(AHCIState *s)
>  static void ahci_trigger_irq(AHCIState *s, AHCIDevice *d,
>   enum AHCIPortIRQ irqbit)
>  {
> -g_assert(irqbit >= 0 && irqbit < 32);
> +g_assert((unsigned)irqbit < 32);
>  uint32_t irq = 1U << irqbit;
>  uint32_t irqstat = d->port_regs.irq_stat | irq;
> 
> 
> I can't remember immediately if I have more spots that might cause a
> ruckus for you.

Nope, that's all folks! Combining these two together fixes the build for
me again:

Tested-by: Mark Cave-Ayland 


ATB,

Mark.

Re: [Qemu-devel] [Qemu-block] [PATCH 2/2] qcow2: truncate the tail of the image file after shrinking the image

[John Snow]

On 09/20/2017 09:58 AM, Pavel Butsykin wrote:
> Now after shrinking the image, at the end of the image file, there might be a
> tail that probably will never be used. So we can find the last used cluster 
> and
> cut the tail.
> 
> Signed-off-by: Pavel Butsykin 
> ---
>  block/qcow2-refcount.c | 21 +
>  block/qcow2.c  | 19 +++
>  block/qcow2.h  |  1 +
>  3 files changed, 41 insertions(+)
> 
> diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
> index 88d5a3f1ad..5e221a166c 100644
> --- a/block/qcow2-refcount.c
> +++ b/block/qcow2-refcount.c
> @@ -3181,3 +3181,24 @@ out:
>  g_free(reftable_tmp);
>  return ret;
>  }
> +
> +int64_t qcow2_get_last_cluster(BlockDriverState *bs, int64_t size)
> +{
> +BDRVQcow2State *s = bs->opaque;
> +int64_t i, last_cluster, nb_clusters = size_to_clusters(s, size);
> +uint64_t refcount;
> +
> +for (i = 0, last_cluster = 0; i < nb_clusters; i++) {
> +int ret = qcow2_get_refcount(bs, i, );
> +if (ret < 0) {
> +fprintf(stderr, "Can't get refcount for cluster %" PRId64 ": 
> %s\n",
> +i, strerror(-ret));
> +continue;
> +}
> +
> +if (refcount > 0) {
> +last_cluster = i;
> +}
> +}
> +return last_cluster;
> +}> diff --git a/block/qcow2.c b/block/qcow2.c
> index 8a4311d338..c3b6dd44c4 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -3106,6 +3106,7 @@ static int qcow2_truncate(BlockDriverState *bs, int64_t 
> offset,
>  new_l1_size = size_to_l1(s, offset);
>  
>  if (offset < old_length) {
> +int64_t image_end_offset, old_file_size;
>  if (prealloc != PREALLOC_MODE_OFF) {
>  error_setg(errp,
> "Preallocation can't be used for shrinking an image");
> @@ -3134,6 +3135,24 @@ static int qcow2_truncate(BlockDriverState *bs, 
> int64_t offset,
>   "Failed to discard unused refblocks");
>  return ret;
>  }
> +
> +old_file_size = bdrv_getlength(bs->file->bs);
> +if (old_file_size < 0) {
> +error_setg_errno(errp, -old_file_size,
> + "Failed to inquire current file length");
> +return old_file_size;
> +}
> +image_end_offset = (qcow2_get_last_cluster(bs, old_file_size) + 1) *
> +   s->cluster_size;
> +if (image_end_offset < old_file_size) {
> +ret = bdrv_truncate(bs->file, image_end_offset,
> +PREALLOC_MODE_OFF, NULL);
> +if (ret < 0) {
> +error_setg_errno(errp, -ret,
> + "Failed to truncate the tail of the image");

I've recently become skeptical of what partial resize successes look
like, but that's an issue for another day entirely.

> +return ret;
> +}
> +}
>  } else {
>  ret = qcow2_grow_l1_table(bs, new_l1_size, true);
>  if (ret < 0) {
> diff --git a/block/qcow2.h b/block/qcow2.h
> index 5a289a81e2..782a206ecb 100644
> --- a/block/qcow2.h
> +++ b/block/qcow2.h
> @@ -597,6 +597,7 @@ int qcow2_change_refcount_order(BlockDriverState *bs, int 
> refcount_order,
>  BlockDriverAmendStatusCB *status_cb,
>  void *cb_opaque, Error **errp);
>  int qcow2_shrink_reftable(BlockDriverState *bs);
> +int64_t qcow2_get_last_cluster(BlockDriverState *bs, int64_t size);
>  
>  /* qcow2-cluster.c functions */
>  int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t min_size,
> 

Reviewed-by: John Snow 

Looks sane to me, but under which circumstances might we grow such a
tail? I assume the actual truncate call aligns to cluster boundaries as
appropriate, so is this a bit of a "quick fix" to cull unused clusters
that happened to be near the truncate boundary?

It might be worth documenting the circumstances that produces this
unused space that will never get used. My hunch is that such unused
space should likely be getting reclaimed elsewhere and not here, but
perhaps I'm misunderstanding the causal factors.

--js

Re: [Qemu-devel] [PATCH] ide: fix enum comparison for gcc 4.7

[John Snow]

On 09/20/2017 05:28 PM, Mark Cave-Ayland wrote:
> On 20/09/17 20:41, John Snow wrote:
> 
>> Apparently GCC gets bent over comparing enum values against zero.
>> Replace the conditional with something less readable.
>>
>> Signed-off-by: John Snow 
>> ---
>>  hw/ide/core.c | 2 +-
>>  include/hw/ide/internal.h | 3 +--
>>  2 files changed, 2 insertions(+), 3 deletions(-)
>>
>> diff --git a/hw/ide/core.c b/hw/ide/core.c
>> index a19bd90..d63eb4a 100644
>> --- a/hw/ide/core.c
>> +++ b/hw/ide/core.c
>> @@ -68,7 +68,7 @@ const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = {
>>  
>>  static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval)
>>  {
>> -if (enval >= IDE_DMA__BEGIN && enval < IDE_DMA__COUNT) {
>> +if ((unsigned)enval < IDE_DMA__COUNT) {
>>  return IDE_DMA_CMD_lookup[enval];
>>  }
>>  return "DMA UNKNOWN CMD";
>> diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h
>> index 180e00e..e641012 100644
>> --- a/include/hw/ide/internal.h
>> +++ b/include/hw/ide/internal.h
>> @@ -333,8 +333,7 @@ struct unreported_events {
>>  };
>>  
>>  enum ide_dma_cmd {
>> -IDE_DMA__BEGIN = 0,
>> -IDE_DMA_READ = IDE_DMA__BEGIN,
>> +IDE_DMA_READ = 0,
>>  IDE_DMA_WRITE,
>>  IDE_DMA_TRIM,
>>  IDE_DMA_ATAPI,
>>
> 
> Really close - it fixes the error in hw/ide/core.c but then I see a
> similar error a bit later in hw/ide/ahci.c:
> 
> cc -I/home/build/src/qemu/git/qemu/hw/ide -Ihw/ide
> -I/home/build/src/qemu/git/qemu/tcg
> -I/home/build/src/qemu/git/qemu/tcg/i386
> -I/home/build/src/qemu/git/qemu/linux-headers
> -I/home/build/src/qemu/git/qemu/linux-headers -I.
> -I/home/build/src/qemu/git/qemu
> -I/home/build/src/qemu/git/qemu/accel/tcg
> -I/home/build/src/qemu/git/qemu/include -I/usr/include/pixman-1
> -I/home/build/src/qemu/git/qemu/dtc/libfdt -Werror -pthread
> -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include
> -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
> -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings
> -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv
> -Wendif-labels -Wno-missing-include-dirs -Wempty-body -Wnested-externs
> -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers
> -Wold-style-declaration -Wold-style-definition -Wtype-limits
> -fstack-protector-all -I/usr/include/p11-kit-1
> -I/usr/include/libpng12   -I/home/build/src/qemu/git/qemu/tests -MMD -MP
> -MT hw/ide/ahci.o -MF hw/ide/ahci.d -O2 -U_FORTIFY_SOURCE
> -D_FORTIFY_SOURCE=2 -g   -c -o hw/ide/ahci.o hw/ide/ahci.c
> hw/ide/ahci.c: In function ‘ahci_trigger_irq’:
> hw/ide/ahci.c:187:5: error: comparison of unsigned expression >= 0 is
> always true [-Werror=type-limits]
> cc1: all warnings being treated as errors
> make: *** [hw/ide/ahci.o] Error 1
> 
> 
> ATB,
> 
> Mark.
> 

Man, what's with your compiler? ...

OK, let's try:

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 24c65df..32d1296 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -184,7 +184,7 @@ static void ahci_check_irq(AHCIState *s)
 static void ahci_trigger_irq(AHCIState *s, AHCIDevice *d,
  enum AHCIPortIRQ irqbit)
 {
-g_assert(irqbit >= 0 && irqbit < 32);
+g_assert((unsigned)irqbit < 32);
 uint32_t irq = 1U << irqbit;
 uint32_t irqstat = d->port_regs.irq_stat | irq;


I can't remember immediately if I have more spots that might cause a
ruckus for you.

Re: [Qemu-devel] qemu-arm SIGSEGV for self-modifying code

[Alexander Graf]

On 20.09.17 20:04, Peter Maydell wrote:

On 20 September 2017 at 18:05, John Reiser  wrote:

Yes, the SEGV occurs on the store, "long" before the re-written
instruction ever is executed


OK, I've identified the immediate cause for this SEGV.

(1) when the guest initially mmap()s at 0xf700 and
above we pass that through to the host as an mmap rwx
(2) later, the guest wants to execute from some part
of this region; QEMU marks those pages as non-writable
so that we can catch guest writes and invalidate our
translated code cache (we then mark the page writable
and resume the guest code). This is a host page at a time,
so it covers the memory we're trying to modify
(3) when the translated guest code writes to the memory,
we get a host SIGSEGV, which is expected. Unfortunately
we then fail to recognize it as a case of a guest
write to a page that QEMU marked non-writeable.
(4) The reason we don't recognize the address is that
our test for "is this valid" (h2g_valid()) checks that the
guest address is within the chunk of the host address
space that we've carved out for the guest, and the
amount of space we carve out for that is 0xf700.
So guest execution above that won't work properly
(really we should probably fail the mmap() rather than
letting it succeed but misbehave).

I don't really know why we use 0xf700 as our
reserved_va value here, though. Alex, you added that
years ago, can you remember why you used that value?


IIRC I wanted to map the full 32 bits of address space possibly in use 
by a 32bit application, but leave some room for something, but I don't 
remember what that something was :)



Alex

Re: [Qemu-devel] [PATCH] ide: fix enum comparison for gcc 4.7

[Mark Cave-Ayland]

On 20/09/17 20:41, John Snow wrote:

> Apparently GCC gets bent over comparing enum values against zero.
> Replace the conditional with something less readable.
> 
> Signed-off-by: John Snow 
> ---
>  hw/ide/core.c | 2 +-
>  include/hw/ide/internal.h | 3 +--
>  2 files changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/ide/core.c b/hw/ide/core.c
> index a19bd90..d63eb4a 100644
> --- a/hw/ide/core.c
> +++ b/hw/ide/core.c
> @@ -68,7 +68,7 @@ const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = {
>  
>  static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval)
>  {
> -if (enval >= IDE_DMA__BEGIN && enval < IDE_DMA__COUNT) {
> +if ((unsigned)enval < IDE_DMA__COUNT) {
>  return IDE_DMA_CMD_lookup[enval];
>  }
>  return "DMA UNKNOWN CMD";
> diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h
> index 180e00e..e641012 100644
> --- a/include/hw/ide/internal.h
> +++ b/include/hw/ide/internal.h
> @@ -333,8 +333,7 @@ struct unreported_events {
>  };
>  
>  enum ide_dma_cmd {
> -IDE_DMA__BEGIN = 0,
> -IDE_DMA_READ = IDE_DMA__BEGIN,
> +IDE_DMA_READ = 0,
>  IDE_DMA_WRITE,
>  IDE_DMA_TRIM,
>  IDE_DMA_ATAPI,
> 

Really close - it fixes the error in hw/ide/core.c but then I see a
similar error a bit later in hw/ide/ahci.c:

cc -I/home/build/src/qemu/git/qemu/hw/ide -Ihw/ide
-I/home/build/src/qemu/git/qemu/tcg
-I/home/build/src/qemu/git/qemu/tcg/i386
-I/home/build/src/qemu/git/qemu/linux-headers
-I/home/build/src/qemu/git/qemu/linux-headers -I.
-I/home/build/src/qemu/git/qemu
-I/home/build/src/qemu/git/qemu/accel/tcg
-I/home/build/src/qemu/git/qemu/include -I/usr/include/pixman-1
-I/home/build/src/qemu/git/qemu/dtc/libfdt -Werror -pthread
-I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include
-m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv
-Wendif-labels -Wno-missing-include-dirs -Wempty-body -Wnested-externs
-Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers
-Wold-style-declaration -Wold-style-definition -Wtype-limits
-fstack-protector-all -I/usr/include/p11-kit-1
-I/usr/include/libpng12   -I/home/build/src/qemu/git/qemu/tests -MMD -MP
-MT hw/ide/ahci.o -MF hw/ide/ahci.d -O2 -U_FORTIFY_SOURCE
-D_FORTIFY_SOURCE=2 -g   -c -o hw/ide/ahci.o hw/ide/ahci.c
hw/ide/ahci.c: In function ‘ahci_trigger_irq’:
hw/ide/ahci.c:187:5: error: comparison of unsigned expression >= 0 is
always true [-Werror=type-limits]
cc1: all warnings being treated as errors
make: *** [hw/ide/ahci.o] Error 1


ATB,

Mark.

[Qemu-devel] [PATCH] hw/pci-bridge/pcie_pci_bridge: properly handle MSI unavailability case

[Aleksandr Bezzubikov]

Signed-off-by: Aleksandr Bezzubikov 
---
 hw/pci-bridge/pcie_pci_bridge.c | 24 ++--
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/hw/pci-bridge/pcie_pci_bridge.c b/hw/pci-bridge/pcie_pci_bridge.c
index 9aa5cc3..da562fe 100644
--- a/hw/pci-bridge/pcie_pci_bridge.c
+++ b/hw/pci-bridge/pcie_pci_bridge.c
@@ -65,10 +65,18 @@ static void pcie_pci_bridge_realize(PCIDevice *d, Error 
**errp)
 goto aer_error;
 }
 
+Error *local_err = NULL;
 if (pcie_br->msi != ON_OFF_AUTO_OFF) {
-rc = msi_init(d, 0, 1, true, true, errp);
+rc = msi_init(d, 0, 1, true, true, _err);
 if (rc < 0) {
-goto msi_error;
+assert(rc == -ENOTSUP);
+if (pcie_br->msi != ON_OFF_AUTO_ON) {
+error_free(local_err);
+} else {
+/* failed to satisfy user's explicit request for MSI */
+error_propagate(errp, local_err);
+goto msi_error;
+}
 }
 }
 pci_register_bar(d, 0, PCI_BASE_ADDRESS_SPACE_MEMORY |
@@ -81,7 +89,7 @@ aer_error:
 pm_error:
 pcie_cap_exit(d);
 cap_error:
-shpc_free(d);
+shpc_cleanup(d, _br->shpc_bar);
 error:
 pci_bridge_exitfn(d);
 }
@@ -98,7 +106,9 @@ static void pcie_pci_bridge_reset(DeviceState *qdev)
 {
 PCIDevice *d = PCI_DEVICE(qdev);
 pci_bridge_reset(qdev);
-msi_reset(d);
+if (msi_present(d)) {
+msi_reset(d);
+}
 shpc_reset(d);
 }
 
@@ -106,12 +116,14 @@ static void pcie_pci_bridge_write_config(PCIDevice *d,
 uint32_t address, uint32_t val, int len)
 {
 pci_bridge_write_config(d, address, val, len);
-msi_write_config(d, address, val, len);
+if (msi_present(d)) {
+msi_write_config(d, address, val, len);
+}
 shpc_cap_write_config(d, address, val, len);
 }
 
 static Property pcie_pci_bridge_dev_properties[] = {
-DEFINE_PROP_ON_OFF_AUTO("msi", PCIEPCIBridge, msi, ON_OFF_AUTO_ON),
+DEFINE_PROP_ON_OFF_AUTO("msi", PCIEPCIBridge, msi, ON_OFF_AUTO_AUTO),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.7.4

Re: [Qemu-devel] [PATCH v2 4/8] disas: Support the Capstone disassembler library

[Richard Henderson]

On 09/20/2017 06:17 AM, Alex Bennée wrote:
> Hmm I get a link failure:
> 
>   LINKtilegx-linux-user/qemu-tilegx
> disas.o: In function `cap_disas_start':
> /home/alex/lsrc/qemu/qemu.git/disas.c:196: undefined reference to `cs_open'

As discussed on IRC, this turned out to be wrong link ordering due to me
placing -lcapstone in LDFLAGS instead of LIBS.  Fixed locally.

Any other comments on the patch set?


r~

Re: [Qemu-devel] [PATCH 6/6] hw/arm/omap2.c: Don't use old_mmio

[Richard Henderson]

On 09/16/2017 11:46 AM, Peter Maydell wrote:
> Don't use old_mmio in the memory region ops struct.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/arm/omap2.c | 49 +
>  1 file changed, 37 insertions(+), 12 deletions(-)

Reviewed-by: Richard Henderson 

r~

Re: [Qemu-devel] [PULL 0/3] 9pfs fixes for 2.11 20170920

[Peter Maydell]

On 20 September 2017 at 14:50, Greg Kurz  wrote:
> The following changes since commit c51700273ad9802a21c19f8d2b4bcb67c38e74ac:
>
>   Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20170919-v2' into 
> staging (2017-09-19 18:08:48 +0100)
>
> are available in the git repository at:
>
>   https://github.com/gkurz/qemu.git tags/for-upstream
>
> for you to fetch changes up to 772a73692ecb52bace0cff6f95df62f59b8cabe0:
>
>   9pfs: check the size of transport buffer before marshaling (2017-09-20 
> 08:48:52 +0200)
>
> 
> These patches fix regressions in 2.10
>
> 
> Jan Dakinevich (3):
>   9pfs: fix readdir() for 9p2000.u
>   9pfs: fix name_to_path assertion in v9fs_complete_rename()
>   9pfs: check the size of transport buffer before marshaling
>
>  hw/9pfs/9p.c | 60 
> ++--
>  1 file changed, 30 insertions(+), 30 deletions(-)
> --
> 2.13.5

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH 5/6] hw/i2c/omap_i2c.c: Don't use old_mmio

[Richard Henderson]

On 09/16/2017 11:46 AM, Peter Maydell wrote:
> Don't use old_mmio in the memory region ops struct.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/i2c/omap_i2c.c | 44 
>  1 file changed, 32 insertions(+), 12 deletions(-)

Reviewed-by: Richard Henderson 

r~

Re: [Qemu-devel] [PATCH 4/6] hw/timer/omap_gptimer: Don't use old_mmio

[Richard Henderson]

On 09/16/2017 11:46 AM, Peter Maydell wrote:
> Don't use the old_mmio struct in memory region ops.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/timer/omap_gptimer.c | 49 
> +
>  1 file changed, 37 insertions(+), 12 deletions(-)

Reviewed-by: Richard Henderson 

r~

Re: [Qemu-devel] [PATCH 3/6] hw/timer/omap_synctimer.c: Don't use old_mmio

[Richard Henderson]

On 09/16/2017 11:46 AM, Peter Maydell wrote:
> Don't use the old_mmio in the memory region ops struct.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/timer/omap_synctimer.c | 35 +--
>  1 file changed, 21 insertions(+), 14 deletions(-)

Reviewed-by: Richard Henderson 

r~

Re: [Qemu-devel] [PATCH 2/6] hw/gpio/omap_gpio.c: Don't use old_mmio

[Richard Henderson]

On 09/16/2017 11:46 AM, Peter Maydell wrote:
> Drop the use of old_mmio in the omap2_gpio memory ops.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/gpio/omap_gpio.c | 26 --
>  1 file changed, 12 insertions(+), 14 deletions(-)

Reviewed-by: Richard Henderson 

r~

Re: [Qemu-devel] [PATCH 1/6] hw/arm/palm.c: Don't use old_mmio for static_ops

[Richard Henderson]

On 09/16/2017 11:46 AM, Peter Maydell wrote:
> Update the static_ops functions to use new-style mmio
> rather than the legacy old_mmio functions.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/arm/palm.c | 30 ++
>  1 file changed, 10 insertions(+), 20 deletions(-)

Reviewed-by: Richard Henderson 

r~

[Qemu-devel] [PATCH 1/2] slirp: Fix intermittent send queue hangs on a socket

[Kevin Cernekee]

if_output() originally sent one mbuf per call and used the slirp->next_m
variable to keep track of where it left off.  But nowadays it tries to
send all of the mbufs from the fastq, and one mbuf from each session on
the batchq.  The next_m variable is both redundant and harmful: there is
a case[0] involving delayed packets in which next_m ends up pointing
to >if_batchq when an active session still exists, and this
blocks all traffic for that session until qemu is restarted.

The test case was created to reproduce a problem that was seen on
long-running Chromium OS VM tests[1] which rapidly create and
destroy ssh connections through hostfwd.

[0] https://pastebin.com/NNy6LreF
[1] https://bugs.chromium.org/p/chromium/issues/detail?id=766323

Signed-off-by: Kevin Cernekee 
---
 slirp/if.c| 51 +--
 slirp/slirp.h |  1 -
 2 files changed, 17 insertions(+), 35 deletions(-)

diff --git a/slirp/if.c b/slirp/if.c
index 51ae0d0e9a38..6262d7749563 100644
--- a/slirp/if.c
+++ b/slirp/if.c
@@ -30,7 +30,6 @@ if_init(Slirp *slirp)
 {
 slirp->if_fastq.qh_link = slirp->if_fastq.qh_rlink = >if_fastq;
 slirp->if_batchq.qh_link = slirp->if_batchq.qh_rlink = >if_batchq;
-slirp->next_m = (struct mbuf *) >if_batchq;
 }
 
 /*
@@ -100,10 +99,6 @@ if_output(struct socket *so, struct mbuf *ifm)
}
 } else {
ifq = (struct mbuf *) slirp->if_batchq.qh_rlink;
-/* Set next_m if the queue was empty so far */
-if ((struct quehead *) slirp->next_m == >if_batchq) {
-slirp->next_m = ifm;
-}
 }
 
/* Create a new doubly linked list for this session */
@@ -143,21 +138,18 @@ diddit:
 }
 
 /*
- * Send a packet
- * We choose a packet based on its position in the output queues;
+ * Send one packet from each session.
  * If there are packets on the fastq, they are sent FIFO, before
- * everything else.  Otherwise we choose the first packet from the
- * batchq and send it.  the next packet chosen will be from the session
- * after this one, then the session after that one, and so on..  So,
- * for example, if there are 3 ftp session's fighting for bandwidth,
+ * everything else.  Then we choose the first packet from each
+ * batchq session (socket) and send it.
+ * For example, if there are 3 ftp sessions fighting for bandwidth,
  * one packet will be sent from the first session, then one packet
- * from the second session, then one packet from the third, then back
- * to the first, etc. etc.
+ * from the second session, then one packet from the third.
  */
 void if_start(Slirp *slirp)
 {
 uint64_t now = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
-bool from_batchq, next_from_batchq;
+bool from_batchq = false;
 struct mbuf *ifm, *ifm_next, *ifqt;
 
 DEBUG_CALL("if_start");
@@ -167,26 +159,29 @@ void if_start(Slirp *slirp)
 }
 slirp->if_start_busy = true;
 
+struct mbuf *batch_head = NULL;
+if (slirp->if_batchq.qh_link != >if_batchq) {
+batch_head = (struct mbuf *) slirp->if_batchq.qh_link;
+}
+
 if (slirp->if_fastq.qh_link != >if_fastq) {
 ifm_next = (struct mbuf *) slirp->if_fastq.qh_link;
-next_from_batchq = false;
-} else if ((struct quehead *) slirp->next_m != >if_batchq) {
-/* Nothing on fastq, pick up from batchq via next_m */
-ifm_next = slirp->next_m;
-next_from_batchq = true;
+} else if (batch_head) {
+/* Nothing on fastq, pick up from batchq */
+ifm_next = batch_head;
+from_batchq = true;
 } else {
 ifm_next = NULL;
 }
 
 while (ifm_next) {
 ifm = ifm_next;
-from_batchq = next_from_batchq;
 
 ifm_next = ifm->ifq_next;
 if ((struct quehead *) ifm_next == >if_fastq) {
 /* No more packets in fastq, switch to batchq */
-ifm_next = slirp->next_m;
-next_from_batchq = true;
+ifm_next = batch_head;
+from_batchq = true;
 }
 if ((struct quehead *) ifm_next == >if_batchq) {
 /* end of batchq */
@@ -199,11 +194,6 @@ void if_start(Slirp *slirp)
 continue;
 }
 
-if (ifm == slirp->next_m) {
-/* Set which packet to send on next iteration */
-slirp->next_m = ifm->ifq_next;
-}
-
 /* Remove it from the queue */
 ifqt = ifm->ifq_prev;
 remque(ifm);
@@ -214,15 +204,8 @@ void if_start(Slirp *slirp)
 
 insque(next, ifqt);
 ifs_remque(ifm);
-
 if (!from_batchq) {
-/* Next packet in fastq is from the same session */
 ifm_next = next;
-next_from_batchq = false;
-} else if ((struct quehead *) slirp->next_m == >if_batchq) {
-/* Set next_m and ifm_next if the session packet is now the
- * only one on 

[Qemu-devel] [PATCH 2/2] slirp: Add a special case for the NULL socket

[Kevin Cernekee]

NULL sockets are used for NDP, BOOTP, and other critical operations.
If the topmost mbuf in a NULL session is blocked pending resolution,
it may cause problems if it blocks other packets with a NULL socket.
So do not add mbufs with a NULL socket field to the same session.

Signed-off-by: Kevin Cernekee 
---
 slirp/if.c | 18 ++
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/slirp/if.c b/slirp/if.c
index 6262d7749563..590753c6582f 100644
--- a/slirp/if.c
+++ b/slirp/if.c
@@ -73,14 +73,16 @@ if_output(struct socket *so, struct mbuf *ifm)
 * We mustn't put this packet back on the fastq (or we'll send it out 
of order)
 * XXX add cache here?
 */
-   for (ifq = (struct mbuf *) slirp->if_batchq.qh_rlink;
-(struct quehead *) ifq != >if_batchq;
-ifq = ifq->ifq_prev) {
-   if (so == ifq->ifq_so) {
-   /* A match! */
-   ifm->ifq_so = so;
-   ifs_insque(ifm, ifq->ifs_prev);
-   goto diddit;
+   if (so) {
+   for (ifq = (struct mbuf *) slirp->if_batchq.qh_rlink;
+(struct quehead *) ifq != >if_batchq;
+ifq = ifq->ifq_prev) {
+   if (so == ifq->ifq_so) {
+   /* A match! */
+   ifm->ifq_so = so;
+   ifs_insque(ifm, ifq->ifs_prev);
+   goto diddit;
+   }
}
}
 
-- 
2.14.1.821.g8fa685d3b7-goog

Re: [Qemu-devel] [PATCH] virtio/vhost: reset dev->log after syncing

[Marc-André Lureau]

Hi

- Original Message -
> vhost_log_put() is called to decomission the dirty log between qemu and
> a vhost device when stopping the device. Such a call can happen from
> migration_completion().
> 
> Present code sets dev->log_size to zero too early in vhost_log_put(),
> causing the sync check to always return false. As a consequence, the
> last pass on the dirty bitmap never happens at the end of migration.
> 
> If a vhost device was busy (writing to guest memory) until the last
> moments before vhost_virtqueue_stop(), this error will result in guest
> memory corruption (at least) following migrations.
> 
> Signed-off-by: Felipe Franciosi 
> ---
>  hw/virtio/vhost.c |5 +++--
>  1 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> index 5fd69f0..ddc42f0 100644
> --- a/hw/virtio/vhost.c
> +++ b/hw/virtio/vhost.c
> @@ -375,8 +375,6 @@ static void vhost_log_put(struct vhost_dev *dev, bool
> sync)
>  if (!log) {
>  return;
>  }
> -dev->log = NULL;
> -dev->log_size = 0;
>  


Good catch. This reminds me of another patch, but I can't find it.

What if we replace dev->log_size with log->size below? 

(and I don't see a clear reason why dev->log_size would be different from "log 
? log->size : 0", am I missing something?)

>  --log->refcnt;
>  if (log->refcnt == 0) {
> @@ -396,6 +394,9 @@ static void vhost_log_put(struct vhost_dev *dev, bool
> sync)
>  
>  g_free(log);
>  }
> +
> +dev->log = NULL;
> +dev->log_size = 0;

>  }
>  
>  static bool vhost_dev_log_is_shared(struct vhost_dev *dev)
> --
> 1.7.1
> 
> 

[Qemu-devel] [Bug 1673976] Re: core dump

[Matheus Izvekov]

I can confirm this. The ninja build system is also affected.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1673976

Title:
  core dump

Status in QEMU:
  New

Bug description:
  I'm running a command (locale-gen) inside of an armv7h chroot mounted
  on my x86_64 desktop by putting qemu-arm-static into /usr/bin/ of the
  chroot file system and I get a core dump.

  locale-gen
  Generating locales...
    en_US.UTF-8...localedef: ../sysdeps/unix/sysv/linux/spawni.c:360: 
__spawnix: Assertion `ec >= 0' failed.
  qemu: uncaught target signal 6 (Aborted) - core dumped
  /usr/bin/locale-gen: line 41:34 Aborted (core dumped) 
localedef -i $input -c -f $charset -A /usr/share/locale/locale.alias $locale

  I've done this same thing successfully for years, but this breakage
  has appeared some time in the last 3 or so months. Possibly with the
  update to qemu version 2.8.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1673976/+subscriptions

[Qemu-devel] [PATCH v11 4/5] msf2: Add Smartfusion2 SoC

[Philippe Mathieu-Daudé]

From: Subbaraya Sundeep 

Smartfusion2 SoC has hardened Microcontroller subsystem
and flash based FPGA fabric. This patch adds support for
Microcontroller subsystem in the SoC.

Signed-off-by: Subbaraya Sundeep 
Reviewed-by: Alistair Francis 
Signed-off-by: Philippe Mathieu-Daudé 
[PMD: drop cpu_model to directly use cpu type, check m3clk non null]
---
 default-configs/arm-softmmu.mak |   1 +
 include/hw/arm/msf2-soc.h   |  67 +++
 hw/arm/msf2-soc.c   | 238 
 hw/arm/Makefile.objs|   1 +
 4 files changed, 307 insertions(+)
 create mode 100644 include/hw/arm/msf2-soc.h
 create mode 100644 hw/arm/msf2-soc.c

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index bbdd3c1d8b..5059d134c8 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -129,3 +129,4 @@ CONFIG_ACPI=y
 CONFIG_SMBIOS=y
 CONFIG_ASPEED_SOC=y
 CONFIG_GPIO_KEY=y
+CONFIG_MSF2=y
diff --git a/include/hw/arm/msf2-soc.h b/include/hw/arm/msf2-soc.h
new file mode 100644
index 00..3cfe5c76ee
--- /dev/null
+++ b/include/hw/arm/msf2-soc.h
@@ -0,0 +1,67 @@
+/*
+ * Microsemi Smartfusion2 SoC
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_ARM_MSF2_SOC_H
+#define HW_ARM_MSF2_SOC_H
+
+#include "hw/arm/armv7m.h"
+#include "hw/timer/mss-timer.h"
+#include "hw/misc/msf2-sysreg.h"
+#include "hw/ssi/mss-spi.h"
+
+#define TYPE_MSF2_SOC "msf2-soc"
+#define MSF2_SOC(obj) OBJECT_CHECK(MSF2State, (obj), TYPE_MSF2_SOC)
+
+#define MSF2_NUM_SPIS 2
+#define MSF2_NUM_UARTS2
+
+/*
+ * System timer consists of two programmable 32-bit
+ * decrementing counters that generate individual interrupts to
+ * the Cortex-M3 processor
+ */
+#define MSF2_NUM_TIMERS   2
+
+typedef struct MSF2State {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public >*/
+
+ARMv7MState armv7m;
+
+char *cpu_type;
+char *part_name;
+uint64_t envm_size;
+uint64_t esram_size;
+
+uint32_t m3clk;
+uint8_t apb0div;
+uint8_t apb1div;
+
+MSF2SysregState sysreg;
+MSSTimerState timer;
+MSSSpiState spi[MSF2_NUM_SPIS];
+} MSF2State;
+
+#endif
diff --git a/hw/arm/msf2-soc.c b/hw/arm/msf2-soc.c
new file mode 100644
index 00..6f97fa9fe3
--- /dev/null
+++ b/hw/arm/msf2-soc.c
@@ -0,0 +1,238 @@
+/*
+ * SmartFusion2 SoC emulation.
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "hw/arm/arm.h"
+#include "exec/address-spaces.h"
+#include "hw/char/serial.h"
+#include "hw/boards.h"
+#include 

[Qemu-devel] [PATCH v11 5/5] msf2: Add Emcraft's Smartfusion2 SOM kit

[Philippe Mathieu-Daudé]

From: Subbaraya Sundeep 

Emulated Emcraft's Smartfusion2 System On Module starter
kit.

Signed-off-by: Subbaraya Sundeep 
Signed-off-by: Philippe Mathieu-Daudé 
[PMD: drop cpu_model to directly use cpu type]
---
 hw/arm/msf2-som.c| 105 +++
 hw/arm/Makefile.objs |   2 +-
 2 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/msf2-som.c

diff --git a/hw/arm/msf2-som.c b/hw/arm/msf2-som.c
new file mode 100644
index 00..0795a3a3a1
--- /dev/null
+++ b/hw/arm/msf2-som.c
@@ -0,0 +1,105 @@
+/*
+ * SmartFusion2 SOM starter kit(from Emcraft) emulation.
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu/error-report.h"
+#include "hw/boards.h"
+#include "hw/arm/arm.h"
+#include "exec/address-spaces.h"
+#include "qemu/cutils.h"
+#include "hw/arm/msf2-soc.h"
+#include "cpu.h"
+
+#define DDR_BASE_ADDRESS  0xA000
+#define DDR_SIZE  (64 * M_BYTE)
+
+#define M2S010_ENVM_SIZE  (256 * K_BYTE)
+#define M2S010_ESRAM_SIZE (64 * K_BYTE)
+
+static void emcraft_sf2_s2s010_init(MachineState *machine)
+{
+DeviceState *dev;
+DeviceState *spi_flash;
+MSF2State *soc;
+MachineClass *mc = MACHINE_GET_CLASS(machine);
+DriveInfo *dinfo = drive_get_next(IF_MTD);
+qemu_irq cs_line;
+SSIBus *spi_bus;
+MemoryRegion *sysmem = get_system_memory();
+MemoryRegion *ddr = g_new(MemoryRegion, 1);
+
+if (strcmp(machine->cpu_type, mc->default_cpu_type) != 0) {
+error_report("This board can only be used with CPU %s",
+ mc->default_cpu_type);
+}
+
+memory_region_init_ram(ddr, NULL, "ddr-ram", DDR_SIZE,
+   _fatal);
+memory_region_add_subregion(sysmem, DDR_BASE_ADDRESS, ddr);
+
+dev = qdev_create(NULL, TYPE_MSF2_SOC);
+qdev_prop_set_string(dev, "part-name", "M2S010");
+qdev_prop_set_string(dev, "cpu-type", mc->default_cpu_type);
+
+qdev_prop_set_uint64(dev, "eNVM-size", M2S010_ENVM_SIZE);
+qdev_prop_set_uint64(dev, "eSRAM-size", M2S010_ESRAM_SIZE);
+
+/*
+ * CPU clock and peripheral clocks(APB0, APB1)are configurable
+ * in Libero. CPU clock is divided by APB0 and APB1 divisors for
+ * peripherals. Emcraft's SoM kit comes with these settings by default.
+ */
+qdev_prop_set_uint32(dev, "m3clk", 142 * 100);
+qdev_prop_set_uint32(dev, "apb0div", 2);
+qdev_prop_set_uint32(dev, "apb1div", 2);
+
+object_property_set_bool(OBJECT(dev), true, "realized", _fatal);
+
+soc = MSF2_SOC(dev);
+
+/* Attach SPI flash to SPI0 controller */
+spi_bus = (SSIBus *)qdev_get_child_bus(dev, "spi0");
+spi_flash = ssi_create_slave_no_init(spi_bus, "s25sl12801");
+qdev_prop_set_uint8(spi_flash, "spansion-cr2nv", 1);
+if (dinfo) {
+qdev_prop_set_drive(spi_flash, "drive", blk_by_legacy_dinfo(dinfo),
+_fatal);
+}
+qdev_init_nofail(spi_flash);
+cs_line = qdev_get_gpio_in_named(spi_flash, SSI_GPIO_CS, 0);
+sysbus_connect_irq(SYS_BUS_DEVICE(>spi[0]), 1, cs_line);
+
+armv7m_load_kernel(ARM_CPU(first_cpu), machine->kernel_filename,
+   soc->envm_size);
+}
+
+static void emcraft_sf2_machine_init(MachineClass *mc)
+{
+mc->desc = "SmartFusion2 SOM kit from Emcraft (M2S010)";
+mc->init = emcraft_sf2_s2s010_init;
+mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m3");
+}
+
+DEFINE_MACHINE("emcraft-sf2", emcraft_sf2_machine_init)
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index a6cf24f6ac..2794e086d6 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -19,4 +19,4 @@ obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
 obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o 

[Qemu-devel] [PATCH v11 1/5] msf2: Add Smartfusion2 System timer

[Philippe Mathieu-Daudé]

From: Subbaraya Sundeep 

Modelled System Timer in Microsemi's Smartfusion2 Soc.
Timer has two 32bit down counters and two interrupts.

Signed-off-by: Subbaraya Sundeep 
Reviewed-by: Alistair Francis 
Acked-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 include/hw/timer/mss-timer.h |  64 ++
 hw/timer/mss-timer.c | 289 +++
 hw/timer/Makefile.objs   |   1 +
 3 files changed, 354 insertions(+)
 create mode 100644 include/hw/timer/mss-timer.h
 create mode 100644 hw/timer/mss-timer.c

diff --git a/include/hw/timer/mss-timer.h b/include/hw/timer/mss-timer.h
new file mode 100644
index 00..d15d1732f8
--- /dev/null
+++ b/include/hw/timer/mss-timer.h
@@ -0,0 +1,64 @@
+/*
+ * Microsemi SmartFusion2 Timer.
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_MSS_TIMER_H
+#define HW_MSS_TIMER_H
+
+#include "hw/sysbus.h"
+#include "hw/ptimer.h"
+
+#define TYPE_MSS_TIMER "mss-timer"
+#define MSS_TIMER(obj) OBJECT_CHECK(MSSTimerState, \
+  (obj), TYPE_MSS_TIMER)
+
+/*
+ * There are two 32-bit down counting timers.
+ * Timers 1 and 2 can be concatenated into a single 64-bit Timer
+ * that operates either in Periodic mode or in One-shot mode.
+ * Writing 1 to the TIM64_MODE register bit 0 sets the Timers in 64-bit mode.
+ * In 64-bit mode, writing to the 32-bit registers has no effect.
+ * Similarly, in 32-bit mode, writing to the 64-bit mode registers
+ * has no effect. Only two 32-bit timers are supported currently.
+ */
+#define NUM_TIMERS2
+
+#define R_TIM1_MAX6
+
+struct Msf2Timer {
+QEMUBH *bh;
+ptimer_state *ptimer;
+
+uint32_t regs[R_TIM1_MAX];
+qemu_irq irq;
+};
+
+typedef struct MSSTimerState {
+SysBusDevice parent_obj;
+
+MemoryRegion mmio;
+uint32_t freq_hz;
+struct Msf2Timer timers[NUM_TIMERS];
+} MSSTimerState;
+
+#endif /* HW_MSS_TIMER_H */
diff --git a/hw/timer/mss-timer.c b/hw/timer/mss-timer.c
new file mode 100644
index 00..60f1213a3b
--- /dev/null
+++ b/hw/timer/mss-timer.c
@@ -0,0 +1,289 @@
+/*
+ * Block model of System timer present in
+ * Microsemi's SmartFusion2 and SmartFusion SoCs.
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep .
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/main-loop.h"
+#include "qemu/log.h"
+#include "hw/timer/mss-timer.h"
+
+#ifndef MSS_TIMER_ERR_DEBUG
+#define MSS_TIMER_ERR_DEBUG  0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+if (MSS_TIMER_ERR_DEBUG >= lvl) { \
+qemu_log("%s: " fmt "\n", __func__, ## args); \
+} \
+} while (0);
+
+#define DB_PRINT(fmt, 

[Qemu-devel] [PATCH v11 3/5] msf2: Add Smartfusion2 SPI controller

[Philippe Mathieu-Daudé]

From: Subbaraya Sundeep 

Modelled Microsemi's Smartfusion2 SPI controller.

Signed-off-by: Subbaraya Sundeep 
Reviewed-by: Alistair Francis 
Tested-by: Philippe Mathieu-Daudé 
---
 include/hw/ssi/mss-spi.h |  58 +++
 hw/ssi/mss-spi.c | 404 +++
 hw/ssi/Makefile.objs |   1 +
 3 files changed, 463 insertions(+)
 create mode 100644 include/hw/ssi/mss-spi.h
 create mode 100644 hw/ssi/mss-spi.c

diff --git a/include/hw/ssi/mss-spi.h b/include/hw/ssi/mss-spi.h
new file mode 100644
index 00..f0cf3243e0
--- /dev/null
+++ b/include/hw/ssi/mss-spi.h
@@ -0,0 +1,58 @@
+/*
+ * Microsemi SmartFusion2 SPI
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_MSS_SPI_H
+#define HW_MSS_SPI_H
+
+#include "hw/sysbus.h"
+#include "hw/ssi/ssi.h"
+#include "qemu/fifo32.h"
+
+#define TYPE_MSS_SPI   "mss-spi"
+#define MSS_SPI(obj)   OBJECT_CHECK(MSSSpiState, (obj), TYPE_MSS_SPI)
+
+#define R_SPI_MAX 16
+
+typedef struct MSSSpiState {
+SysBusDevice parent_obj;
+
+MemoryRegion mmio;
+
+qemu_irq irq;
+
+qemu_irq cs_line;
+
+SSIBus *spi;
+
+Fifo32 rx_fifo;
+Fifo32 tx_fifo;
+
+int fifo_depth;
+uint32_t frame_count;
+bool enabled;
+
+uint32_t regs[R_SPI_MAX];
+} MSSSpiState;
+
+#endif /* HW_MSS_SPI_H */
diff --git a/hw/ssi/mss-spi.c b/hw/ssi/mss-spi.c
new file mode 100644
index 00..5a8e308e69
--- /dev/null
+++ b/hw/ssi/mss-spi.c
@@ -0,0 +1,404 @@
+/*
+ * Block model of SPI controller present in
+ * Microsemi's SmartFusion2 and SmartFusion SoCs.
+ *
+ * Copyright (C) 2017 Subbaraya Sundeep 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/ssi/mss-spi.h"
+#include "qemu/log.h"
+
+#ifndef MSS_SPI_ERR_DEBUG
+#define MSS_SPI_ERR_DEBUG   0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+if (MSS_SPI_ERR_DEBUG >= lvl) { \
+qemu_log("%s: " fmt "\n", __func__, ## args); \
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+#define FIFO_CAPACITY 32
+
+#define R_SPI_CONTROL 0
+#define R_SPI_DFSIZE  1
+#define R_SPI_STATUS  2
+#define R_SPI_INTCLR  3
+#define R_SPI_RX  4
+#define R_SPI_TX  5
+#define R_SPI_CLKGEN  6
+#define R_SPI_SS  7
+#define R_SPI_MIS 8
+#define R_SPI_RIS 9
+
+#define S_TXDONE (1 << 0)
+#define S_RXRDY  (1 << 1)
+#define S_RXCHOVRF   (1 << 2)
+#define S_RXFIFOFUL  (1 << 4)
+#define S_RXFIFOFULNXT   (1 << 5)
+#define S_RXFIFOEMP  (1 << 6)
+#define S_RXFIFOEMPNXT   (1 << 7)
+#define 

[Qemu-devel] [PATCH v11 2/5] msf2: Microsemi Smartfusion2 System Register block

[Philippe Mathieu-Daudé]

From: Subbaraya Sundeep 

Added Sytem register block of Smartfusion2.
This block has PLL registers which are accessed by guest.

Signed-off-by: Subbaraya Sundeep 
Reviewed-by: Alistair Francis 
Acked-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 include/hw/misc/msf2-sysreg.h |  77 
 hw/misc/msf2-sysreg.c | 160 ++
 hw/misc/Makefile.objs |   1 +
 hw/misc/trace-events  |   5 ++
 4 files changed, 243 insertions(+)
 create mode 100644 include/hw/misc/msf2-sysreg.h
 create mode 100644 hw/misc/msf2-sysreg.c

diff --git a/include/hw/misc/msf2-sysreg.h b/include/hw/misc/msf2-sysreg.h
new file mode 100644
index 00..5993f67b4e
--- /dev/null
+++ b/include/hw/misc/msf2-sysreg.h
@@ -0,0 +1,77 @@
+/*
+ * Microsemi SmartFusion2 SYSREG
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_MSF2_SYSREG_H
+#define HW_MSF2_SYSREG_H
+
+#include "hw/sysbus.h"
+
+enum {
+ESRAM_CR= 0x00 / 4,
+ESRAM_MAX_LAT,
+DDR_CR,
+ENVM_CR,
+ENVM_REMAP_BASE_CR,
+ENVM_REMAP_FAB_CR,
+CC_CR,
+CC_REGION_CR,
+CC_LOCK_BASE_ADDR_CR,
+CC_FLUSH_INDX_CR,
+DDRB_BUF_TIMER_CR,
+DDRB_NB_ADDR_CR,
+DDRB_NB_SIZE_CR,
+DDRB_CR,
+
+SOFT_RESET_CR  = 0x48 / 4,
+M3_CR,
+
+GPIO_SYSRESET_SEL_CR = 0x58 / 4,
+
+MDDR_CR = 0x60 / 4,
+
+MSSDDR_PLL_STATUS_LOW_CR = 0x90 / 4,
+MSSDDR_PLL_STATUS_HIGH_CR,
+MSSDDR_FACC1_CR,
+MSSDDR_FACC2_CR,
+
+MSSDDR_PLL_STATUS = 0x150 / 4,
+};
+
+#define MSF2_SYSREG_MMIO_SIZE 0x300
+
+#define TYPE_MSF2_SYSREG  "msf2-sysreg"
+#define MSF2_SYSREG(obj)  OBJECT_CHECK(MSF2SysregState, (obj), 
TYPE_MSF2_SYSREG)
+
+typedef struct MSF2SysregState {
+SysBusDevice parent_obj;
+
+MemoryRegion iomem;
+
+uint8_t apb0div;
+uint8_t apb1div;
+
+uint32_t regs[MSF2_SYSREG_MMIO_SIZE / 4];
+} MSF2SysregState;
+
+#endif /* HW_MSF2_SYSREG_H */
diff --git a/hw/misc/msf2-sysreg.c b/hw/misc/msf2-sysreg.c
new file mode 100644
index 00..6eb501104b
--- /dev/null
+++ b/hw/misc/msf2-sysreg.c
@@ -0,0 +1,160 @@
+/*
+ * System Register block model of Microsemi SmartFusion2.
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep 
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu/log.h"
+#include "hw/misc/msf2-sysreg.h"
+#include "qemu/error-report.h"
+#include "trace.h"
+
+static inline int msf2_divbits(uint32_t div)
+{
+int r = ctz32(div);
+
+return (div < 8) ? r : r + 1;
+}
+
+static void msf2_sysreg_reset(DeviceState *d)
+{
+MSF2SysregState *s = MSF2_SYSREG(d);
+
+s->regs[MSSDDR_PLL_STATUS_LOW_CR] = 0x021A2358;
+s->regs[MSSDDR_PLL_STATUS] = 0x3;
+s->regs[MSSDDR_FACC1_CR] = msf2_divbits(s->apb0div) << 5 |
+   msf2_divbits(s->apb1div) << 2;
+}
+
+static uint64_t msf2_sysreg_read(void *opaque, hwaddr offset,
+unsigned size)
+{
+MSF2SysregState *s = opaque;
+uint32_t ret = 0;
+
+offset >>= 2;
+if (offset < ARRAY_SIZE(s->regs)) {
+ret = s->regs[offset];
+trace_msf2_sysreg_read(offset << 2, ret);
+} else {
+qemu_log_mask(LOG_GUEST_ERROR,
+"%s: Bad offset 0x%08" HWADDR_PRIx "\n", __func__,
+offset << 2);
+}
+
+return ret;
+}
+
+static 

[Qemu-devel] [PATCH v11 0/5] Add support for Smartfusion2 SoC

[Philippe Mathieu-Daudé]

Hi Peter,

Now than Igor's patch landed, I respin Sundeep's series updating it to work
after the "arm: drop intermediate cpu_model -> cpu type parsing and use cpu
type directly" patch.

v11:
- msf2-soc.c: add a check for null m3clk
- msf2-soc.c, msf2-som.c: drop cpu_model to directly use cpu type

--

Sundeep original cover:

I am trying to add Smartfusion2 SoC.
SoC is from Microsemi and System on Module(SOM)
board is from Emcraft systems. Smartfusion2 has hardened
Microcontroller(Cortex-M3)based Sub System and FPGA fabric.
At the moment only system timer, sysreg and SPI
controller are modelled.

Testing:
./arm-softmmu/qemu-system-arm -M emcraft-sf2 -serial mon:stdio \
-kernel u-boot.bin -display none -drive file=spi.bin,if=mtd,format=raw

Binaries u-boot.bin and spi.bin are at:
https://github.com/Subbaraya-Sundeep/qemu-test-binaries.git

U-boot is from Emcraft with modified
- SPI driver not to use PDMA.
- ugly hack to pass dtb to kernel in r1.
@
https://github.com/Subbaraya-Sundeep/emcraft-uboot-sf2.git

Linux is 4.5 linux with Smartfusion2 SoC dts and clocksource
driver added by myself @
https://github.com/Subbaraya-Sundeep/linux.git

v10:
Added msf2_sysreg_realize in msf2-sysreg.c
modified unimplemented devices names:
pdma->dma and hpdma->hs-dma
used uint8_t for apb divisors properties
simplified msf2_divbits() using ctz32()

v9:
used trace instead of DB_PRINT in msf2-sysreg.c
used LOG_UNIMP for non guest errors in msf2-sysreg.c
added unimplemented devices in msf2-soc.c
removed .alias suffix in alias memory region name for eNVM
removed mc->ignore_memory_transaction_failures in msf2-som.c

v8:
memory_region_init_ram to memory_region_init_rom in soc
%s/emcraft_sf2_init/emcraft_sf2_s2s010_init/g in som
Added mc->ignore_memory_transaction_failures = true in som
as per latest commit.
Code simplifications as suggested by Alistair in sysreg and ssi.

v7:
Removed vmstate_register_ram_global as per latest commit
Moved header files to C which are local to C source files
Removed abort() from msf2-sysreg.c
Added VMStateDescription in mss-timer.c

v6:
Moved some defines from header files to source files
Added properties m3clk, apb0div, apb0div1 properties
to soc.
Added properties apb0divisor, apb1divisor to sysreg
Update system_clock_source in msf2-soc.c
Changed machine name smartfusion2-som->emcraft-sf2

v5
As per Philippe comments:
Added abort in Sysreg if guest tries to remap memory
other than default mapping.
Use of CONFIG_MSF2 in Makefile for soc.c
Fixed incorrect logic in timer model.
Renamed msf2-timer.c -> mss-timer.c
msf2-spi.c -> mss-spi.c also type names
Renamed function msf2_init->emcraft_sf2_init in msf2-som.c
Added part-name,eNVM-size,eSRAM-size,pclk0 and pclk1
properties to soc.
Pass soc part-name,memory size and clock rate properties from som.
v4:
Fixed build failure by using PRIx macros.
v3:
Added SoC file and board file as per Alistair comments.
v2:
Added SPI controller so that u-boot loads kernel from spi flash.
v1:
Initial patch set with timer and sysreg

Thanks,
Sundeep

Subbaraya Sundeep (5):
  msf2: Add Smartfusion2 System timer
  msf2: Microsemi Smartfusion2 System Register block
  msf2: Add Smartfusion2 SPI controller
  msf2: Add Smartfusion2 SoC
  msf2: Add Emcraft's Smartfusion2 SOM kit

 default-configs/arm-softmmu.mak |   1 +
 include/hw/arm/msf2-soc.h   |  67 +++
 include/hw/misc/msf2-sysreg.h   |  77 
 include/hw/ssi/mss-spi.h|  58 ++
 include/hw/timer/mss-timer.h|  64 +++
 hw/arm/msf2-soc.c   | 238 +++
 hw/arm/msf2-som.c   | 105 +++
 hw/misc/msf2-sysreg.c   | 160 
 hw/ssi/mss-spi.c| 404 
 hw/timer/mss-timer.c| 289 
 hw/arm/Makefile.objs|   1 +
 hw/misc/Makefile.objs   |   1 +
 hw/misc/trace-events|   5 +
 hw/ssi/Makefile.objs|   1 +
 hw/timer/Makefile.objs  |   1 +
 15 files changed, 1472 insertions(+)
 create mode 100644 include/hw/arm/msf2-soc.h
 create mode 100644 include/hw/misc/msf2-sysreg.h
 create mode 100644 include/hw/ssi/mss-spi.h
 create mode 100644 include/hw/timer/mss-timer.h
 create mode 100644 hw/arm/msf2-soc.c
 create mode 100644 hw/arm/msf2-som.c
 create mode 100644 hw/misc/msf2-sysreg.c
 create mode 100644 hw/ssi/mss-spi.c
 create mode 100644 hw/timer/mss-timer.c

-- 
2.14.1

Re: [Qemu-devel] [Qemu-block] [PATCH 1/2] qcow2: fix return error code in qcow2_truncate()

[John Snow]

On 09/20/2017 09:58 AM, Pavel Butsykin wrote:
> Signed-off-by: Pavel Butsykin 
> ---
>  block/qcow2.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/block/qcow2.c b/block/qcow2.c
> index 2174a84d1f..8a4311d338 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -3166,7 +3166,7 @@ static int qcow2_truncate(BlockDriverState *bs, int64_t 
> offset,
>  if (old_file_size < 0) {
>  error_setg_errno(errp, -old_file_size,
>   "Failed to inquire current file length");
> -return ret;
> +return old_file_size;
>  }
>  
>  nb_new_data_clusters = DIV_ROUND_UP(offset - old_length,
> @@ -3195,7 +3195,7 @@ static int qcow2_truncate(BlockDriverState *bs, int64_t 
> offset,
>  if (allocation_start < 0) {
>  error_setg_errno(errp, -allocation_start,
>   "Failed to resize refcount structures");
> -return -allocation_start;
> +return allocation_start;
>  }
>  
>  clusters_allocated = qcow2_alloc_clusters_at(bs, allocation_start,
> 

Yikes...

Reviewed-by: John Snow 

Re: [Qemu-devel] [PATCH v10 07/13] tests: Add FreeBSD image

[Eric Blake]

On 09/19/2017 10:25 PM, Fam Zheng wrote:
> The image is prepared following instructions as in:
> 
> https://wiki.qemu.org/Hosts/BSD
> 
> Signed-off-by: Fam Zheng 
> ---
>  tests/vm/freebsd | 42 ++
>  1 file changed, 42 insertions(+)
>  create mode 100755 tests/vm/freebsd
> 

While testing v10, I got:

$ make vm-build-freebsd
...
VM-BUILD freebsd
./scripts/archive-source.sh: line 48: test: -ne: unary operator expected
ar: warning: creating libfdt/libfdt.a

At least the archive-source.sh warning is part of your series, and worth
fixing.


-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2/2] block/block-backend.c: remove blk_pread_unthrottled()

[John Snow]

On 09/20/2017 07:43 AM, Manos Pitsidianakis wrote:
> blk_pread_unthrottled was used to bypass I/O throttling on the BlockBackend in
> the case of async I/O. This is not needed anymore and we can just call
> blk_pread() directly.
> 
> Signed-off-by: Manos Pitsidianakis 
> ---
>  include/sysemu/block-backend.h |  2 --
>  block/block-backend.c  | 16 
>  hw/block/hd-geometry.c |  7 +--
>  3 files changed, 1 insertion(+), 24 deletions(-)
> 


Acked-by: John Snow 

Re: [Qemu-devel] [PATCH v7 1/4] hw/pci: introduce pcie-pci-bridge device

[Aleksandr Bezzubikov]

2017-09-20 17:02 GMT+03:00 Marcel Apfelbaum :
> On 20/09/2017 16:57, Eduardo Habkost wrote:
>>
>> On Wed, Sep 20, 2017 at 09:52:01AM +, Aleksandr Bezzubikov wrote:
>>>
>>> ср, 20 сент. 2017 г. в 10:13, Marcel Apfelbaum :
>>>
 On 19/09/2017 23:34, Eduardo Habkost wrote:
>
> On Fri, Aug 18, 2017 at 02:36:47AM +0300, Aleksandr Bezzubikov wrote:
>>
>> Introduce a new PCIExpress-to-PCI Bridge device,
>> which is a hot-pluggable PCI Express device and
>> supports devices hot-plug with SHPC.
>>
>> This device is intended to replace the DMI-to-PCI Bridge.
>>
>> Signed-off-by: Aleksandr Bezzubikov 
>> Reviewed-by: Marcel Apfelbaum 
>
>
> It's possible to crash QEMU by instantiating this device, with;
>
> $ qemu-system-ppc64 -machine prep -device pcie-pci-bridge
> qemu-system-ppc64: qemu/memory.c:1533: memory_region_finalize:

 Assertion `!mr->container' failed.
>
> Aborted


 Hi Edurado,

>
> I didn't investigate the root cause.
>

 Thanks for reporting it!
 Aleksandr, can you have a look? Maybe we should not compile
 the device for ppc arch. (x86 and arm is enough)
>>>
>>>
>>>
>>> I will see what can we do. Is x86 and arm really enough?
>>
>>
>> I would investigate the original cause before disabling the device on
>> other
>> architectures, as we could be hiding a bug that's also present in x86.
>
>
> Agreed, it worth finding out the reason. But the restriction
> still makes sense.
>
>
> Thanks,
> Marcel
>
>
>   The
>>
>> backtrace looks like broken error handling logic somewhere:
>>
>> #0  0x7fffea9ff1f7 in __GI_raise (sig=sig@entry=6) at
>> ../nptl/sysdeps/unix/sysv/linux/raise.c:56
>> #1  0x7fffeaa008e8 in __GI_abort () at abort.c:90
>> #2  0x7fffea9f8266 in __assert_fail_base (fmt=0x7fffeab4ae68
>> "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
>> assertion=assertion@entry=0x55be4ac1 "!mr->container",
>> file=file@entry=0x55be49c4 "/root/qemu/memory.c", line=line@entry=1533,
>> function=function@entry=0x55be5100 <__PRETTY_FUNCTION__.28908>
>> "memory_region_finalize") at assert.c:92
>> #3  0x7fffea9f8312 in __GI___assert_fail
>> (assertion=assertion@entry=0x55be4ac1 "!mr->container",
>> file=file@entry=0x55be49c4 "/root/qemu/memory.c", line=line@entry=1533,
>> function=function@entry=0x55be5100 <__PRETTY_FUNCTION__.28908>
>> "memory_region_finalize") at assert.c:101
>> #4  0x557ff2df in memory_region_finalize (obj=) at
>> /root/qemu/memory.c:1533
>> #5  0x55ae77a2 in object_unref (type=,
>> obj=0x57c00d80) at /root/qemu/qom/object.c:453
>> #6  0x55ae77a2 in object_unref (data=0x57c00d80) at
>> /root/qemu/qom/object.c:467
>> #7  0x55ae77a2 in object_unref (obj=0x57c00d80) at
>> /root/qemu/qom/object.c:902
>> #8  0x55ae67d7 in object_property_del_child (obj=0x57ab6500,
>> child=child@entry=0x57c00d80, errp=0x0) at /root/qemu/qom/object.c:427
>> #9  0x55ae6ff4 in object_unparent (obj=obj@entry=0x57c00d80)
>> at /root/qemu/qom/object.c:446
>> #10 0x55a1c94e in shpc_free (d=d@entry=0x57ab6500) at
>> /root/qemu/hw/pci/shpc.c:676
>> #11 0x55a12560 in pcie_pci_bridge_realize (d=0x57ab6500,
>> errp=0x7fffd530) at /root/qemu/hw/pci-bridge/pcie_pci_bridge.c:84
>> #12 0x55a18d07 in pci_qdev_realize (qdev=0x57ab6500,
>> errp=0x7fffd5d0) at /root/qemu/hw/pci/pci.c:2024
>> #13 0x559b53aa in device_set_realized (obj=,
>> value=, errp=0x7fffd708) at /root/qemu/hw/core/qdev.c:914
>> #14 0x55ae62fe in property_set_bool (obj=0x57ab6500,
>> v=, name=, opaque=0x57ab7b30,
>> errp=0x7fffd708) at /root/qemu/qom/object.c:1886
>> #15 0x55aea3ef in object_property_set_qobject
>> (obj=obj@entry=0x57ab6500, value=value@entry=0x57ab86b0,
>> name=name@entry=0x55c4f217 "realized", errp=errp@entry=0x7fffd708)
>> at /root/qemu/qom/qom-qobject.c:27
>> #16 0x55ae80a0 in object_property_set_bool (obj=0x57ab6500,
>> value=, name=0x55c4f217 "realized", errp=0x7fffd708)
>> at /root/qemu/qom/object.c:1162
>> #17 0x55949824 in qdev_device_add (opts=0x567795b0,
>> errp=errp@entry=0x7fffd7e0) at /root/qemu/qdev-monitor.c:630
>> #18 0x5594be87 in device_init_func (opaque=,
>> opts=, errp=) at /root/qemu/vl.c:2418
>> #19 0x55bc85ba in qemu_opts_foreach (list=,
>> func=func@entry=0x5594be60 , opaque=opaque@entry=0x0,
>> errp=errp@entry=0x0) at /root/qemu/util/qemu-option.c:1104
>> #20 0x5579f497 in main (argc=, argv=> out>, envp=) at /root/qemu/vl.c:4745
>> (gdb) fr 11
>> #11 0x55a12560 in pcie_pci_bridge_realize (d=0x57ab6500,
>> errp=0x7fffd530) at /root/qemu/hw/pci-bridge/pcie_pci_bridge.c:84
>> 84  shpc_free(d);
>> (gdb) l
>> 79  

Re: [Qemu-devel] [PATCH v4 0/6] QOMify MIPS cpu

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v4 0/6] QOMify MIPS cpu
Message-id: 20170920194934.23071-1-f4...@amsat.org
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]patchew/20170919201910.25656-1-ebl...@redhat.com -> 
patchew/20170919201910.25656-1-ebl...@redhat.com
 t [tag update]patchew/20170920194144.20101-1-js...@redhat.com -> 
patchew/20170920194144.20101-1-js...@redhat.com
 * [new tag]   patchew/20170920194934.23071-1-f4...@amsat.org -> 
patchew/20170920194934.23071-1-f4...@amsat.org
Switched to a new branch 'test'
b699ac6511 mips: replace cpu_mips_init() with cpu_generic_init()
5cc6cd0c43 mips: MIPSCPU model subclasses
37ab3cc153 mips: call cpu_mips_realize_env() from mips_cpu_realizefn()
f72459c7e1 mips: split cpu_mips_realize_env() out of cpu_mips_init()
08d47c8c54 mips: introduce internal.h and cleanup cpu.h
e5c334b86a mips: move hw/mips/cputimer.c to target/mips/

=== OUTPUT BEGIN ===
Checking PATCH 1/6: mips: move hw/mips/cputimer.c to target/mips/...
Checking PATCH 2/6: mips: introduce internal.h and cleanup cpu.h...
ERROR: space prohibited after that '&' (ctx:WxW)
#728: FILE: target/mips/internal.h:230:
+if ((env->CP0_VPControl >> CP0VPCtl_DIS) & 1) {
  ^

ERROR: space prohibited after that '&' (ctx:WxW)
#736: FILE: target/mips/internal.h:238:
+((other_cpu->env.CP0_VPControl >> CP0VPCtl_DIS) & 1)) {
 ^

ERROR: space prohibited after that '&' (ctx:WxW)
#756: FILE: target/mips/internal.h:258:
+env->hflags |= (env->CP0_Status >> CP0St_KSU) & MIPS_HFLAG_KSU;
   ^

total: 3 errors, 0 warnings, 842 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 3/6: mips: split cpu_mips_realize_env() out of cpu_mips_init()...
Checking PATCH 4/6: mips: call cpu_mips_realize_env() from 
mips_cpu_realizefn()...
Checking PATCH 5/6: mips: MIPSCPU model subclasses...
Checking PATCH 6/6: mips: replace cpu_mips_init() with cpu_generic_init()...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PATCH v4 6/6] mips: replace cpu_mips_init() with cpu_generic_init()

[Philippe Mathieu-Daudé]

From: Igor Mammedov 

now cpu_mips_init() reimplements subset of cpu_generic_init()
tasks, so just drop it and use cpu_generic_init() directly.

Signed-off-by: Igor Mammedov 
Reviewed-by: Hervé Poussineau 
Signed-off-by: Philippe Mathieu-Daudé 
[PMD: use internal.h instead of cpu.h]
Tested-by: James Hogan 
Reviewed-by: Eduardo Habkost 
---
 target/mips/cpu.h   |  3 +--
 hw/mips/cps.c   |  2 +-
 hw/mips/mips_fulong2e.c |  2 +-
 hw/mips/mips_jazz.c |  2 +-
 hw/mips/mips_malta.c|  2 +-
 hw/mips/mips_mipssim.c  |  2 +-
 hw/mips/mips_r4k.c  |  2 +-
 target/mips/translate.c | 17 -
 8 files changed, 7 insertions(+), 25 deletions(-)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 2f81e0f950..66265e4eb6 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -737,10 +737,9 @@ enum {
  */
 #define CPU_INTERRUPT_WAKE CPU_INTERRUPT_TGT_INT_0
 
-MIPSCPU *cpu_mips_init(const char *cpu_model);
 int cpu_mips_signal_handler(int host_signum, void *pinfo, void *puc);
 
-#define cpu_init(cpu_model) CPU(cpu_mips_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_MIPS_CPU, cpu_model)
 bool cpu_supports_cps_smp(const char *cpu_model);
 bool cpu_supports_isa(const char *cpu_model, unsigned int isa);
 void cpu_set_exception_base(int vp_index, target_ulong address);
diff --git a/hw/mips/cps.c b/hw/mips/cps.c
index 79d4c5e30a..fe5c630af6 100644
--- a/hw/mips/cps.c
+++ b/hw/mips/cps.c
@@ -71,7 +71,7 @@ static void mips_cps_realize(DeviceState *dev, Error **errp)
 bool itu_present = false;
 
 for (i = 0; i < s->num_vp; i++) {
-cpu = cpu_mips_init(s->cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, s->cpu_model));
 
 /* Init internal devices */
 cpu_mips_irq_init_cpu(cpu);
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index 439a3d7a66..75318680e1 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -280,7 +280,7 @@ static void mips_fulong2e_init(MachineState *machine)
 if (cpu_model == NULL) {
 cpu_model = "Loongson-2E";
 }
-cpu = cpu_mips_init(cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, cpu_model));
 env = >env;
 
 qemu_register_reset(main_cpu_reset, cpu);
diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index ae10670efd..7e6626dc88 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -151,7 +151,7 @@ static void mips_jazz_init(MachineState *machine,
 if (cpu_model == NULL) {
 cpu_model = "R4000";
 }
-cpu = cpu_mips_init(cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, cpu_model));
 env = >env;
 qemu_register_reset(main_cpu_reset, cpu);
 
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index e87cd3230b..2adb9bcf89 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -931,7 +931,7 @@ static void create_cpu_without_cps(const char *cpu_model,
 int i;
 
 for (i = 0; i < smp_cpus; i++) {
-cpu = cpu_mips_init(cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, cpu_model));
 
 /* Init internal devices */
 cpu_mips_irq_init_cpu(cpu);
diff --git a/hw/mips/mips_mipssim.c b/hw/mips/mips_mipssim.c
index 49cd38d680..a092072e2a 100644
--- a/hw/mips/mips_mipssim.c
+++ b/hw/mips/mips_mipssim.c
@@ -163,7 +163,7 @@ mips_mipssim_init(MachineState *machine)
 cpu_model = "24Kf";
 #endif
 }
-cpu = cpu_mips_init(cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, cpu_model));
 env = >env;
 
 reset_info = g_malloc0(sizeof(ResetData));
diff --git a/hw/mips/mips_r4k.c b/hw/mips/mips_r4k.c
index 7efee94431..1272d4ef9d 100644
--- a/hw/mips/mips_r4k.c
+++ b/hw/mips/mips_r4k.c
@@ -193,7 +193,7 @@ void mips_r4k_init(MachineState *machine)
 cpu_model = "24Kf";
 #endif
 }
-cpu = cpu_mips_init(cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, cpu_model));
 env = >env;
 
 reset_info = g_malloc0(sizeof(ResetData));
diff --git a/target/mips/translate.c b/target/mips/translate.c
index f7128bc91d..d16d879df7 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -20523,23 +20523,6 @@ void cpu_mips_realize_env(CPUMIPSState *env)
 mvp_init(env, env->cpu_model);
 }
 
-MIPSCPU *cpu_mips_init(const char *cpu_model)
-{
-ObjectClass *oc;
-MIPSCPU *cpu;
-
-oc = cpu_class_by_name(TYPE_MIPS_CPU, cpu_model);
-if (oc == NULL) {
-return NULL;
-}
-
-cpu = MIPS_CPU(object_new(object_class_get_name(oc)));
-
-object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
-
-return cpu;
-}
-
 bool cpu_supports_cps_smp(const char *cpu_model)
 {
 const mips_def_t *def = cpu_mips_find_by_name(cpu_model);
-- 
2.14.1

[Qemu-devel] [PATCH v4 2/6] mips: introduce internal.h and cleanup cpu.h

[Philippe Mathieu-Daudé]

no logical change, only code movement (and fix a comment typo).

Signed-off-by: Philippe Mathieu-Daudé 
Tested-by: Igor Mammedov 
Tested-by: James Hogan 
Acked-by: Eduardo Habkost 
---
This patch triggers 3 positive falses from checkpatch:

ERROR: space prohibited after that '&' (ctx:WxW)
#664: FILE: target/mips/internal.h:230:
+if ((env->CP0_VPControl >> CP0VPCtl_DIS) & 1) {
  ^
#672: FILE: target/mips/internal.h:238:
+((other_cpu->env.CP0_VPControl >> CP0VPCtl_DIS) & 1)) {
 ^
#692: FILE: target/mips/internal.h:258:
+env->hflags |= (env->CP0_Status >> CP0St_KSU) & MIPS_HFLAG_KSU;
   ^
total: 3 errors, 0 warnings, 842 lines checked

This is a "binary vs unary operators" confusion.

 target/mips/cpu.h| 354 +
 target/mips/internal.h   | 362 +++
 target/mips/cp0_timer.c  |   1 +
 target/mips/cpu.c|   1 +
 target/mips/gdbstub.c|   1 +
 target/mips/helper.c |   1 +
 target/mips/kvm.c|   1 +
 target/mips/machine.c|   1 +
 target/mips/msa_helper.c |   1 +
 target/mips/op_helper.c  |   1 +
 target/mips/translate.c  |   1 +
 11 files changed, 372 insertions(+), 353 deletions(-)
 create mode 100644 target/mips/internal.h

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 74f6a5b098..2f81e0f950 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1,8 +1,6 @@
 #ifndef MIPS_CPU_H
 #define MIPS_CPU_H
 
-//#define DEBUG_OP
-
 #define ALIGNED_ONLY
 
 #define CPUArchState struct CPUMIPSState
@@ -15,56 +13,11 @@
 
 struct CPUMIPSState;
 
-typedef struct r4k_tlb_t r4k_tlb_t;
-struct r4k_tlb_t {
-target_ulong VPN;
-uint32_t PageMask;
-uint16_t ASID;
-unsigned int G:1;
-unsigned int C0:3;
-unsigned int C1:3;
-unsigned int V0:1;
-unsigned int V1:1;
-unsigned int D0:1;
-unsigned int D1:1;
-unsigned int XI0:1;
-unsigned int XI1:1;
-unsigned int RI0:1;
-unsigned int RI1:1;
-unsigned int EHINV:1;
-uint64_t PFN[2];
-};
-
-#if !defined(CONFIG_USER_ONLY)
 typedef struct CPUMIPSTLBContext CPUMIPSTLBContext;
-struct CPUMIPSTLBContext {
-uint32_t nb_tlb;
-uint32_t tlb_in_use;
-int (*map_address) (struct CPUMIPSState *env, hwaddr *physical, int *prot, 
target_ulong address, int rw, int access_type);
-void (*helper_tlbwi)(struct CPUMIPSState *env);
-void (*helper_tlbwr)(struct CPUMIPSState *env);
-void (*helper_tlbp)(struct CPUMIPSState *env);
-void (*helper_tlbr)(struct CPUMIPSState *env);
-void (*helper_tlbinv)(struct CPUMIPSState *env);
-void (*helper_tlbinvf)(struct CPUMIPSState *env);
-union {
-struct {
-r4k_tlb_t tlb[MIPS_TLB_MAX];
-} r4k;
-} mmu;
-};
-#endif
 
 /* MSA Context */
 #define MSA_WRLEN (128)
 
-enum CPUMIPSMSADataFormat {
-DF_BYTE = 0,
-DF_HALF,
-DF_WORD,
-DF_DOUBLE
-};
-
 typedef union wr_t wr_t;
 union wr_t {
 int8_t  b[MSA_WRLEN/8];
@@ -682,40 +635,6 @@ static inline MIPSCPU *mips_env_get_cpu(CPUMIPSState *env)
 
 #define ENV_OFFSET offsetof(MIPSCPU, env)
 
-#ifndef CONFIG_USER_ONLY
-extern const struct VMStateDescription vmstate_mips_cpu;
-#endif
-
-void mips_cpu_do_interrupt(CPUState *cpu);
-bool mips_cpu_exec_interrupt(CPUState *cpu, int int_req);
-void mips_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
- int flags);
-hwaddr mips_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-int mips_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int mips_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
-void mips_cpu_do_unaligned_access(CPUState *cpu, vaddr addr,
-  MMUAccessType access_type,
-  int mmu_idx, uintptr_t retaddr);
-
-#if !defined(CONFIG_USER_ONLY)
-int no_mmu_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
-target_ulong address, int rw, int access_type);
-int fixed_mmu_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
-   target_ulong address, int rw, int access_type);
-int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
- target_ulong address, int rw, int access_type);
-void r4k_helper_tlbwi(CPUMIPSState *env);
-void r4k_helper_tlbwr(CPUMIPSState *env);
-void r4k_helper_tlbp(CPUMIPSState *env);
-void r4k_helper_tlbr(CPUMIPSState *env);
-void r4k_helper_tlbinv(CPUMIPSState *env);
-void r4k_helper_tlbinvf(CPUMIPSState *env);
-
-void mips_cpu_unassigned_access(CPUState *cpu, hwaddr addr,
-bool is_write, bool is_exec, int unused,
-unsigned size);
-#endif
-
 

[Qemu-devel] [PATCH v4 5/6] mips: MIPSCPU model subclasses

[Philippe Mathieu-Daudé]

From: Igor Mammedov 

Register separate QOM types for each mips cpu model,
so it would be possible to reuse generic CPU creation
routines.

Signed-off-by: Igor Mammedov 
Signed-off-by: Philippe Mathieu-Daudé 
[PMD: use internal.h, use void* to hold cpu_def in MIPSCPUClass,
 mark MIPSCPU abstract, address Eduardo Habkost review]
Tested-by: James Hogan 
Reviewed-by: Eduardo Habkost 
---
 target/mips/cpu-qom.h|  1 +
 target/mips/internal.h   | 59 
 target/mips/cpu.c| 50 -
 target/mips/translate.c  | 13 +-
 target/mips/translate_init.c | 58 ++-
 5 files changed, 117 insertions(+), 64 deletions(-)

diff --git a/target/mips/cpu-qom.h b/target/mips/cpu-qom.h
index 3f5bf23823..ee58606afe 100644
--- a/target/mips/cpu-qom.h
+++ b/target/mips/cpu-qom.h
@@ -49,6 +49,7 @@ typedef struct MIPSCPUClass {
 
 DeviceRealize parent_realize;
 void (*parent_reset)(CPUState *cpu);
+const struct mips_def_t *cpu_def;
 } MIPSCPUClass;
 
 typedef struct MIPSCPU MIPSCPU;
diff --git a/target/mips/internal.h b/target/mips/internal.h
index cf4c9db427..45ded3484c 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -7,6 +7,65 @@
 #ifndef MIPS_INTERNAL_H
 #define MIPS_INTERNAL_H
 
+
+/* MMU types, the first four entries have the same layout as the
+   CP0C0_MT field.  */
+enum mips_mmu_types {
+MMU_TYPE_NONE,
+MMU_TYPE_R4000,
+MMU_TYPE_RESERVED,
+MMU_TYPE_FMT,
+MMU_TYPE_R3000,
+MMU_TYPE_R6000,
+MMU_TYPE_R8000
+};
+
+struct mips_def_t {
+const char *name;
+int32_t CP0_PRid;
+int32_t CP0_Config0;
+int32_t CP0_Config1;
+int32_t CP0_Config2;
+int32_t CP0_Config3;
+int32_t CP0_Config4;
+int32_t CP0_Config4_rw_bitmask;
+int32_t CP0_Config5;
+int32_t CP0_Config5_rw_bitmask;
+int32_t CP0_Config6;
+int32_t CP0_Config7;
+target_ulong CP0_LLAddr_rw_bitmask;
+int CP0_LLAddr_shift;
+int32_t SYNCI_Step;
+int32_t CCRes;
+int32_t CP0_Status_rw_bitmask;
+int32_t CP0_TCStatus_rw_bitmask;
+int32_t CP0_SRSCtl;
+int32_t CP1_fcr0;
+int32_t CP1_fcr31_rw_bitmask;
+int32_t CP1_fcr31;
+int32_t MSAIR;
+int32_t SEGBITS;
+int32_t PABITS;
+int32_t CP0_SRSConf0_rw_bitmask;
+int32_t CP0_SRSConf0;
+int32_t CP0_SRSConf1_rw_bitmask;
+int32_t CP0_SRSConf1;
+int32_t CP0_SRSConf2_rw_bitmask;
+int32_t CP0_SRSConf2;
+int32_t CP0_SRSConf3_rw_bitmask;
+int32_t CP0_SRSConf3;
+int32_t CP0_SRSConf4_rw_bitmask;
+int32_t CP0_SRSConf4;
+int32_t CP0_PageGrain_rw_bitmask;
+int32_t CP0_PageGrain;
+target_ulong CP0_EBaseWG_rw_bitmask;
+int insn_flags;
+enum mips_mmu_types mmu_type;
+};
+
+extern const struct mips_def_t mips_defs[];
+extern const int mips_defs_number;
+
 enum CPUMIPSMSADataFormat {
 DF_BYTE = 0,
 DF_HALF,
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index e3ef835599..1a9a3ed94d 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -146,14 +146,36 @@ static void mips_cpu_initfn(Object *obj)
 CPUState *cs = CPU(obj);
 MIPSCPU *cpu = MIPS_CPU(obj);
 CPUMIPSState *env = >env;
+MIPSCPUClass *mcc = MIPS_CPU_GET_CLASS(obj);
 
 cs->env_ptr = env;
+env->cpu_model = mcc->cpu_def;
 
 if (tcg_enabled()) {
 mips_tcg_init();
 }
 }
 
+static char *mips_cpu_type_name(const char *cpu_model)
+{
+return g_strdup_printf("%s-" TYPE_MIPS_CPU, cpu_model);
+}
+
+static ObjectClass *mips_cpu_class_by_name(const char *cpu_model)
+{
+ObjectClass *oc;
+char *typename;
+
+if (cpu_model == NULL) {
+return NULL;
+}
+
+typename = mips_cpu_type_name(cpu_model);
+oc = object_class_by_name(typename);
+g_free(typename);
+return oc;
+}
+
 static void mips_cpu_class_init(ObjectClass *c, void *data)
 {
 MIPSCPUClass *mcc = MIPS_CPU_CLASS(c);
@@ -166,6 +188,7 @@ static void mips_cpu_class_init(ObjectClass *c, void *data)
 mcc->parent_reset = cc->reset;
 cc->reset = mips_cpu_reset;
 
+cc->class_by_name = mips_cpu_class_by_name;
 cc->has_work = mips_cpu_has_work;
 cc->do_interrupt = mips_cpu_do_interrupt;
 cc->cpu_exec_interrupt = mips_cpu_exec_interrupt;
@@ -193,14 +216,39 @@ static const TypeInfo mips_cpu_type_info = {
 .parent = TYPE_CPU,
 .instance_size = sizeof(MIPSCPU),
 .instance_init = mips_cpu_initfn,
-.abstract = false,
+.abstract = true,
 .class_size = sizeof(MIPSCPUClass),
 .class_init = mips_cpu_class_init,
 };
 
+static void mips_cpu_cpudef_class_init(ObjectClass *oc, void *data)
+{
+MIPSCPUClass *mcc = MIPS_CPU_CLASS(oc);
+mcc->cpu_def = data;
+}
+
+static void mips_register_cpudef_type(const struct mips_def_t *def)
+{
+char *typename = mips_cpu_type_name(def->name);

[Qemu-devel] [PATCH v4 3/6] mips: split cpu_mips_realize_env() out of cpu_mips_init()

[Philippe Mathieu-Daudé]

so it can be used in mips_cpu_realizefn() in the next commit

Signed-off-by: Philippe Mathieu-Daudé 
Tested-by: Igor Mammedov 
Tested-by: James Hogan 
Reviewed-by: Eduardo Habkost 
---
 target/mips/internal.h  |  1 +
 target/mips/translate.c | 19 ---
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/target/mips/internal.h b/target/mips/internal.h
index 91c2df4537..cf4c9db427 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -132,6 +132,7 @@ void mips_tcg_init(void);
 
 /* TODO QOM'ify CPU reset and remove */
 void cpu_state_reset(CPUMIPSState *s);
+void cpu_mips_realize_env(CPUMIPSState *env);
 
 /* cp0_timer.c */
 uint32_t cpu_mips_get_random(CPUMIPSState *env);
diff --git a/target/mips/translate.c b/target/mips/translate.c
index f0febaf1b2..5fc7979ac5 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -20512,6 +20512,17 @@ void mips_tcg_init(void)
 
 #include "translate_init.c"
 
+void cpu_mips_realize_env(CPUMIPSState *env)
+{
+env->exception_base = (int32_t)0xBFC0;
+
+#ifndef CONFIG_USER_ONLY
+mmu_init(env, env->cpu_model);
+#endif
+fpu_init(env, env->cpu_model);
+mvp_init(env, env->cpu_model);
+}
+
 MIPSCPU *cpu_mips_init(const char *cpu_model)
 {
 MIPSCPU *cpu;
@@ -20524,13 +20535,7 @@ MIPSCPU *cpu_mips_init(const char *cpu_model)
 cpu = MIPS_CPU(object_new(TYPE_MIPS_CPU));
 env = >env;
 env->cpu_model = def;
-env->exception_base = (int32_t)0xBFC0;
-
-#ifndef CONFIG_USER_ONLY
-mmu_init(env, def);
-#endif
-fpu_init(env, def);
-mvp_init(env, def);
+cpu_mips_realize_env(env);
 
 object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
 
-- 
2.14.1

[Qemu-devel] [PATCH v4 4/6] mips: call cpu_mips_realize_env() from mips_cpu_realizefn()

[Philippe Mathieu-Daudé]

This changes the order between cpu_mips_realize_env() and
cpu_exec_initfn(), but cpu_exec_initfn() don't have anything that
depends on cpu_mips_realize_env() being called first.

Signed-off-by: Philippe Mathieu-Daudé 
Tested-by: Igor Mammedov 
Tested-by: James Hogan 
Reviewed-by: Eduardo Habkost 
---
 target/mips/cpu.c   | 3 +++
 target/mips/translate.c | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 68bf423e9d..e3ef835599 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -123,6 +123,7 @@ static void mips_cpu_disas_set_info(CPUState *s, 
disassemble_info *info) {
 static void mips_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
+MIPSCPU *cpu = MIPS_CPU(dev);
 MIPSCPUClass *mcc = MIPS_CPU_GET_CLASS(dev);
 Error *local_err = NULL;
 
@@ -132,6 +133,8 @@ static void mips_cpu_realizefn(DeviceState *dev, Error 
**errp)
 return;
 }
 
+cpu_mips_realize_env(>env);
+
 cpu_reset(cs);
 qemu_init_vcpu(cs);
 
diff --git a/target/mips/translate.c b/target/mips/translate.c
index 5fc7979ac5..94c38e8755 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -20535,7 +20535,6 @@ MIPSCPU *cpu_mips_init(const char *cpu_model)
 cpu = MIPS_CPU(object_new(TYPE_MIPS_CPU));
 env = >env;
 env->cpu_model = def;
-cpu_mips_realize_env(env);
 
 object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
 
-- 
2.14.1

Re: [Qemu-devel] [PATCH v9 05/20] dirty-bitmap: Avoid size query failure during truncate

[John Snow]

On 09/20/2017 09:11 AM, Eric Blake wrote:
> On 09/19/2017 09:10 PM, Fam Zheng wrote:
> 
>>>
>>> Do you suspect that almost certainly if bdrv_truncate() fails overall
>>> that the image format driver will either unmount the image or become
>>> read-only?
> 
> Uggh - it feels like I've bitten off more than I can chew with this
> patch - I'm getting bogged down by trying to fix bad behavior in code
> that is mostly unrelated to the patch at hand, so I don't have a good
> opinion on WHAT is supposed to happen if bdrv_truncate() fails, only
> that I'm trying to avoid compounding that failure even worse.
> 

Yes, I apologize -- I realize I'm holding this series hostage. For now I
am just trying to legitimately understand the behavior. I am willing to
accept "It's sorta busted right now, but -EOUTOFSCOPE"

>>> I suppose if *not* that's a bug for callers of bdrv_truncate to allow
>>> that kind of monkey business, but if it CAN happen, hbitmap only guards
>>> against such things with an assert (which, IIRC, is not guaranteed to be
>>> on for all builds)
>>
>> It's guaranteed since a few hours ago:
>>
>> commit 262a69f4282e44426c7a132138581d400053e0a1
> 
> Indeed - but even without my patch, we would have hit the assertion
> failures when trying to resize the dirty bitmap to -1 when
> bdrv_nb_sectors() fails (which was likely if refresh_total_sectors()
> failed).
> 
>>> So the question is: "bdrv_truncate failure is NOT considered recoverable
>>> in ANY case, is it?"
>>>
>>> It may possibly be safer to, if the initial truncate request succeeds,
>>> apply a best-effort to the bitmap before returning the error.
>>
>> Like fallback "offset" (or it aligned up to bs cluster size) if
>> refresh_total_sectors() returns error? I think that is okay.
> 
> Here's my proposal for squashing in a best-effort dirty-bitmap resize no
> matter what happens in refresh_total_sectors() (but really, if you
> successfully truncate the disk but then get a failure while trying to
> read back the actual new size, which may differ from the requested size,
> you're probably doomed down the road anyways).
> 
> diff --git i/block.c w/block.c
> index 3caf6bb093..ef5af81f66 100644
> --- i/block.c
> +++ w/block.c
> @@ -3552,8 +3552,9 @@ int bdrv_truncate(BdrvChild *child, int64_t
> offset, PreallocMode prealloc,
>  if (ret < 0) {
>  error_setg_errno(errp, -ret, "Could not refresh total sector
> count");
>  } else {
> -bdrv_dirty_bitmap_truncate(bs, bs->total_sectors *
> BDRV_SECTOR_SIZE);
> +offset = bs->total_sectors * BDRV_SECTOR_SIZE;
>  }
> +bdrv_dirty_bitmap_truncate(bs, offset);
>  bdrv_parent_cb_resize(bs);
>  atomic_inc(>write_gen);
>  return ret;
> 
> 

Don't respin on my accord, I'm trying to find out if there is a problem;
I'm not convinced of one yet. Just thinking out loud.

Two cases:

(1) Attempt to resize larger. Resize succeeds, but refresh fails.
Possibly a temporary protocol failure, but we'll assume the resize
actually worked. Bitmap does not get resized, however any caller of
truncate *must* assume that the resize did not succeed. Any calls to
write beyond previous EOF are a bug by the calling module.

(2) Attempt to resize smaller, an actual truncate. Call succeeds but
refresh doesn't. Bitmap is now larger than the drive. The bitmap itself
is perfectly capable of describing reads/writes even to the now-OOB
area, but it's unlikely the BB would submit any. Problems may arise if
the BB does not treat this as a hard failure and a user later attempts
to use this bitmap for a backup operation, as the trailing bits now
reference disk segments that may or may not physically exist. Likely to
hit EIO problems during block jobs.


If we do decide to resize the bitmap even on refresh failure, We
probably do still run the risk of the bitmap being slightly bigger or
slightly smaller than the actual size due to alignment.

It sounds like the resize operation itself needs to be able to return to
the caller the actual size of the operation instead of forcing the
caller to query separately in a follow-up call to really "fix" this.

Considering that either resizing or not resizing the bitmap after a
partial failure probably still leaves us with a possibly dangerous
bitmap, I don't think I'll hold you to the flames over this one.

--js

[Qemu-devel] [PATCH v4 0/6] QOMify MIPS cpu

[Philippe Mathieu-Daudé]

Hi,

This series is based on Igor's "complete cpu QOMification" [1] but only modify
the MIPS part. Igor posted an updated series [2].

Yongbok: this series is now ready to apply to your MIPS tree :)

Regards,

Phil.

[1]: http://lists.nongnu.org/archive/html/qemu-devel/2017-07/msg04414.html
[2]: http://lists.nongnu.org/archive/html/qemu-devel/2017-08/msg03364.html

v4:
- rebased after "generalize parsing of cpu_model  (x86/arm)" merge

v3:
- added Eduardo Habkost Acked-by and Reviewed-by
- put Eduardo patch 4 review comment in commit message
- address Eduardo's patch 5 review (use correct type, unnecessary null check)
- drop patch 7 in favor of a "generic mechanism to list CPU models using the
  QOM hierarchy"

v2: 
- added Igor and James Tested-by
- squashed "!fixup mips: now than MIPSCPU is QOMified, mark it abstract"

PS: code movement somehow triggers a "binary vs unary operators" confusion
in checkpatch: "ERROR: space prohibited after that '&' (ctx:WxW)"

Igor Mammedov (2):
  mips: MIPSCPU model subclasses
  mips: replace cpu_mips_init() with cpu_generic_init()

Philippe Mathieu-Daudé (4):
  mips: move hw/mips/cputimer.c to target/mips/
  mips: introduce internal.h and cleanup cpu.h
  mips: split cpu_mips_realize_env() out of cpu_mips_init()
  mips: call cpu_mips_realize_env() from mips_cpu_realizefn()

 target/mips/cpu-qom.h |   1 +
 target/mips/cpu.h | 357 +-
 target/mips/internal.h| 422 ++
 hw/mips/cps.c |   2 +-
 hw/mips/mips_fulong2e.c   |   2 +-
 hw/mips/mips_jazz.c   |   2 +-
 hw/mips/mips_malta.c  |   2 +-
 hw/mips/mips_mipssim.c|   2 +-
 hw/mips/mips_r4k.c|   2 +-
 hw/mips/cputimer.c => target/mips/cp0_timer.c |   2 +-
 target/mips/cpu.c |  54 +++-
 target/mips/gdbstub.c |   1 +
 target/mips/helper.c  |   1 +
 target/mips/kvm.c |   1 +
 target/mips/machine.c |   1 +
 target/mips/msa_helper.c  |   1 +
 target/mips/op_helper.c   |   1 +
 target/mips/translate.c   |  23 +-
 target/mips/translate_init.c  |  58 +---
 hw/mips/Makefile.objs |   2 +-
 target/mips/Makefile.objs |   2 +-
 21 files changed, 500 insertions(+), 439 deletions(-)
 create mode 100644 target/mips/internal.h
 rename hw/mips/cputimer.c => target/mips/cp0_timer.c (99%)

-- 
2.14.1

[Qemu-devel] [PATCH v4 1/6] mips: move hw/mips/cputimer.c to target/mips/

[Philippe Mathieu-Daudé]

This timer is a required part of the MIPS32/MIPS64 System Control coprocessor
(CP0). Moving it with the other architecture related files will allow an opaque
use of CPUMIPSState* in the next commit (introduce "internal.h").

also remove it from 'user' targets, remove an unnecessary include.

Signed-off-by: Philippe Mathieu-Daudé 
Tested-by: Igor Mammedov 
Tested-by: James Hogan 
Acked-by: Eduardo Habkost 
---
 hw/mips/cputimer.c => target/mips/cp0_timer.c | 1 -
 hw/mips/Makefile.objs | 2 +-
 target/mips/Makefile.objs | 2 +-
 3 files changed, 2 insertions(+), 3 deletions(-)
 rename hw/mips/cputimer.c => target/mips/cp0_timer.c (99%)

diff --git a/hw/mips/cputimer.c b/target/mips/cp0_timer.c
similarity index 99%
rename from hw/mips/cputimer.c
rename to target/mips/cp0_timer.c
index 8a166b3ea7..a9a58c5604 100644
--- a/hw/mips/cputimer.c
+++ b/target/mips/cp0_timer.c
@@ -21,7 +21,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "hw/hw.h"
 #include "hw/mips/cpudevs.h"
 #include "qemu/timer.h"
 #include "sysemu/kvm.h"
diff --git a/hw/mips/Makefile.objs b/hw/mips/Makefile.objs
index 48cd2ef50e..17a311aaba 100644
--- a/hw/mips/Makefile.objs
+++ b/hw/mips/Makefile.objs
@@ -1,5 +1,5 @@
 obj-y += mips_r4k.o mips_malta.o mips_mipssim.o
-obj-y += addr.o cputimer.o mips_int.o
+obj-y += addr.o mips_int.o
 obj-$(CONFIG_JAZZ) += mips_jazz.o
 obj-$(CONFIG_FULONG) += mips_fulong2e.o
 obj-y += gt64xxx_pci.o
diff --git a/target/mips/Makefile.objs b/target/mips/Makefile.objs
index bc5ed8511f..651f36f517 100644
--- a/target/mips/Makefile.objs
+++ b/target/mips/Makefile.objs
@@ -1,4 +1,4 @@
 obj-y += translate.o dsp_helper.o op_helper.o lmi_helper.o helper.o cpu.o
 obj-y += gdbstub.o msa_helper.o mips-semi.o
-obj-$(CONFIG_SOFTMMU) += machine.o
+obj-$(CONFIG_SOFTMMU) += machine.o cp0_timer.o
 obj-$(CONFIG_KVM) += kvm.o
-- 
2.14.1

Re: [Qemu-devel] [PATCH] ide: fix enum comparison for gcc 4.7

[Eric Blake]

On 09/20/2017 02:41 PM, John Snow wrote:
> Apparently GCC gets bent over comparing enum values against zero.
> Replace the conditional with something less readable.
> 
> Signed-off-by: John Snow 
> ---
>  hw/ide/core.c | 2 +-
>  include/hw/ide/internal.h | 3 +--
>  2 files changed, 2 insertions(+), 3 deletions(-)

Unfortunate that the compiler conspires against aesthetics, but such is
life.

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] ide: fix enum comparison for gcc 4.7

[John Snow]

Apparently GCC gets bent over comparing enum values against zero.
Replace the conditional with something less readable.

Signed-off-by: John Snow 
---
 hw/ide/core.c | 2 +-
 include/hw/ide/internal.h | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index a19bd90..d63eb4a 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -68,7 +68,7 @@ const char *IDE_DMA_CMD_lookup[IDE_DMA__COUNT] = {
 
 static const char *IDE_DMA_CMD_str(enum ide_dma_cmd enval)
 {
-if (enval >= IDE_DMA__BEGIN && enval < IDE_DMA__COUNT) {
+if ((unsigned)enval < IDE_DMA__COUNT) {
 return IDE_DMA_CMD_lookup[enval];
 }
 return "DMA UNKNOWN CMD";
diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h
index 180e00e..e641012 100644
--- a/include/hw/ide/internal.h
+++ b/include/hw/ide/internal.h
@@ -333,8 +333,7 @@ struct unreported_events {
 };
 
 enum ide_dma_cmd {
-IDE_DMA__BEGIN = 0,
-IDE_DMA_READ = IDE_DMA__BEGIN,
+IDE_DMA_READ = 0,
 IDE_DMA_WRITE,
 IDE_DMA_TRIM,
 IDE_DMA_ATAPI,
-- 
2.9.5

Re: [Qemu-devel] [PULL 00/16] Migration PULL request

[Peter Maydell]

On 20 September 2017 at 12:42, Juan Quintela  wrote:
> Juan Quintela  wrote:
>> Hi
>>
>> To make merges easier, this includes:
>> - Peter Xu reviewed patches from Postocpy recovery (3)
>> - Alexey reviewed pages from block postcopy (4)
>
> I meaned here to include Vladimir series.  This is incomplete.
>
> Nacked myself.

It also fails to build on ppc64 and s390x (so probably
all bigendian hosts):

/home/pm215/qemu/util/bitmap.c: In function ‘bitmap_to_from_le’:
/home/pm215/qemu/util/bitmap.c:383:6: error: "__WORD_SIZE" is not
defined [-Werror=undef]
 # if __WORD_SIZE == 64
  ^

thanks
-- PMM

Re: [Qemu-devel] Block Migration and CPU throttling

[Peter Lieven]

Am 19.09.2017 um 16:41 schrieb Paolo Bonzini:
> On 19/09/2017 15:36, Peter Lieven wrote:
>> Hi,
>>
>> I just noticed that CPU throttling and Block Migration don't work
>> together very well.
>> During block migration the throttling heuristic detects that we
>> obviously make no progress
>> in ram transfer. But the reason is the running block migration and not a
>> too high dirty pages rate.
>>
>> The result is that any VM is throttled by 99% during block migration.
>>
>> I wonder what the best way would be fix this. I came up with the
>> following ideas so far:
>>
>> - disable throttling while block migration is in bulk stage
>> - check if absolute number of num_dirty_pages_period crosses a threshold
>> and not if its just
>>   greater than 50% of transferred bytes
>> - check if migration_dirty_pages > 0. This slows down throttling, but
>> does not avoid it completely.
> If you can use nbd-server and drive-mirror for block migration (libvirt
> would do it), then you will use multiple sockets and be able to migrate
> block and RAM at the same time.
>
> Otherwise, disabling throttling during the bulk stage is the one that
> seems nicest and most promising.

Okay, but this can be done independently of the nbd approach.
If someone uses classic block migration and auto converge his
vserver will freeze.

I will send a patch to fix that.

Thanks,
Peter

Re: [Qemu-devel] Block Migration and CPU throttling

[Peter Lieven]

Am 19.09.2017 um 16:41 schrieb Dr. David Alan Gilbert:
> * Peter Lieven (p...@kamp.de) wrote:
>> Am 19.09.2017 um 16:38 schrieb Dr. David Alan Gilbert:
>>> * Peter Lieven (p...@kamp.de) wrote:
 Hi,

 I just noticed that CPU throttling and Block Migration don't work together 
 very well.
 During block migration the throttling heuristic detects that we obviously 
 make no progress
 in ram transfer. But the reason is the running block migration and not a 
 too high dirty pages rate.

 The result is that any VM is throttled by 99% during block migration.
>>> Hmm that's unfortunate; do you have a bandwidth set lower than your
>>> actual network connection? I'm just wondering if it's actually going
>>> between the block and RAM iterative sections or getting stuck in ne.
>> It happens also if source and dest are on the same machine and speed is set 
>> to 100G.
> But does it happen if they're not and the speed is set low?

Yes, it does. I noticed it in our test environment between different nodes with 
a 10G
link in between. But its totally clear why it happens. During block migration 
we transfer
all dirty memory pages in each round (if there is moderate memory load), but 
all dirty
pages are obviously more than 50% of the transferred ram in that round.
It is more exactly 100%. But the current logic triggers on this condition.

I think I will go forward and send a patch which disables auto converge during
block migration bulk stage.

Thanks for your feedback,
Peter

Re: [Qemu-devel] [PULL 00/11] Ide patches

[Mark Cave-Ayland]

On 20/09/17 18:55, John Snow wrote:

> Guh. From which distro does your GCC 4.7 hail?
> 
> Regardless, I suppose I will revert to Eric's workaround, though I like
> the way it reads an awful lot less.

Thanks John - it's just a standard Debian Wheezy installation on amd64.


ATB,

Mark.

Re: [Qemu-devel] [PATCH 2/3] linux-user: add SO_LINGER to setsockopt

[Laurent Vivier]

Le 20/09/2017 à 19:29, Carlo Arenas a écrit :
> On Wed, Sep 20, 2017 at 1:39 AM, Laurent Vivier  > wrote:
> 
> Why did you remove "optname = SO_LINGER" and "if (optlen !=
> sizeof(struct target_linger))"?
> 
> 
> the optname assignment is not really needed, since it is only used for
> the setsockopt call and that call is clearer using SO_LINGER directly,
> so to avoid hard to see bugs like :
> 
>   http://lists.nongnu.org/archive/html/qemu-devel/2016-01/msg00980.html 

Okay

> the test for optlen is replaced by passing optlen to the underlying
> setsockopt call directly, who would do the test and return the right error.

You can't do that, because sizeof(struct linger) may be different from
sizeof(struct target_linger).

> as an interesting note, I noticed when testing (in ubuntu artful x86_64)
> that regardless of how you interpret the documentation, setsockopt won't
> fail just because the len is smaller than the size of the struct, and

Right, see:

http://elixir.free-electrons.com/linux/latest/source/net/core/sock.c#L830

> therefore that code was not equivalent to the setsockopt it was trying
> to emulate, and therefore this change doesn't only make the code simpler
> but also more correct IMHO
Next time add a revision history in your series explaining your changes
(and don't reply to the previous patch series for the new series, it's
better to start a new email thread).

Thanks,
Laurent

[Qemu-devel] [PATCH] virtio/vhost: reset dev->log after syncing

[Felipe Franciosi]

vhost_log_put() is called to decomission the dirty log between qemu and
a vhost device when stopping the device. Such a call can happen from
migration_completion().

Present code sets dev->log_size to zero too early in vhost_log_put(),
causing the sync check to always return false. As a consequence, the
last pass on the dirty bitmap never happens at the end of migration.

If a vhost device was busy (writing to guest memory) until the last
moments before vhost_virtqueue_stop(), this error will result in guest
memory corruption (at least) following migrations.

Signed-off-by: Felipe Franciosi 
---
 hw/virtio/vhost.c |5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 5fd69f0..ddc42f0 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -375,8 +375,6 @@ static void vhost_log_put(struct vhost_dev *dev, bool sync)
 if (!log) {
 return;
 }
-dev->log = NULL;
-dev->log_size = 0;
 
 --log->refcnt;
 if (log->refcnt == 0) {
@@ -396,6 +394,9 @@ static void vhost_log_put(struct vhost_dev *dev, bool sync)
 
 g_free(log);
 }
+
+dev->log = NULL;
+dev->log_size = 0;
 }
 
 static bool vhost_dev_log_is_shared(struct vhost_dev *dev)
-- 
1.7.1

Re: [Qemu-devel] [PATCH 2/2] ppc: remove all unused CPU definitions

[Thomas Huth]

On 19.09.2017 23:36, John Snow wrote:
> Remove *all* unused CPU definitions as indicated by compile-time
> `#if 0` constructs.
> 
> Signed-off-by: John Snow 
> ---
>  target/ppc/cpu-models.h | 223 
> 
>  1 file changed, 223 deletions(-)
> 
> diff --git a/target/ppc/cpu-models.h b/target/ppc/cpu-models.h
> index b34b512..248f833 100644
> --- a/target/ppc/cpu-models.h
> +++ b/target/ppc/cpu-models.h
[...]
> @@ -234,24 +105,11 @@ enum {
>  CPU_POWERPC_440GXb = 0x51B21851,
>  CPU_POWERPC_440GXc = 0x51B21892,
>  CPU_POWERPC_440GXf = 0x51B21894,
> -#if 0
> -CPU_POWERPC_440S   = xxx,
> -#endif
>  CPU_POWERPC_440SP  = 0x53221850,
>  CPU_POWERPC_440SP2 = 0x53221891,
>  CPU_POWERPC_440SPE = 0x53421890,
>  /* PowerPC 460 family */
> -#if 0
> -/* Generic PowerPC 464 */
> -#define CPU_POWERPC_464  CPU_POWERPC_464H90
> -#endif
>  /* PowerPC 464 microcontrolers */
> -#if 0
> -CPU_POWERPC_464H90 = xxx,
> -#endif
> -#if 0
> -CPU_POWERPC_464H90FP   = xxx,
> -#endif

I think you could also remove the "/* PowerPC 460 family */" and "/*
PowerPC 464 microcontrolers */" lines now.

Anyway:

Reviewed-by: Thomas Huth 

[Qemu-devel] SunOS support

[Peter Tribble]

Hi,

To introduce myself: I'm a member of the illumos community (the successor
to OpenSolaris, to those unfamiliar with us), and I maintain my own illumos
distribution.

Having seen the scary 'SUPPORT FOR THIS HOST OS WILL GO AWAY'
message, I'm reaching out to see what needs to be done so that support for
SunOS (not just illumos, I include Oracle's Solaris in the same family)
needs
to be kept and, where possible, enhanced.

I'm willing to act as a contact in this effort, and can work with others in
the illumos
community to see if there are other resources we can bring to bear.

One of my interests here is the sparc support; it would be helpful for us
to have
a working sparc emulator, as only a few of us have actual sparc hardware,
and
the qemu sparc emulation has dramatically improved in the last couple of
releases - it would be unfortunate if we were then unable to make use of it.

Thanks,

-- 
-Peter Tribble
http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/

Re: [Qemu-devel] [PATCH 1/2] ppc: remove unused CPU definitions

[Thomas Huth]

On 19.09.2017 23:36, John Snow wrote:
> Following commit aef77960, remove now-unused definitions from
> cpu-models.h.
> 
> Signed-off-by: John Snow 
> ---
>  target/ppc/cpu-models.h | 32 
>  1 file changed, 32 deletions(-)
> 
> diff --git a/target/ppc/cpu-models.h b/target/ppc/cpu-models.h
> index df31d7f..b34b512 100644
> --- a/target/ppc/cpu-models.h
> +++ b/target/ppc/cpu-models.h
> @@ -291,34 +291,6 @@ enum {
>  #endif
>  CPU_POWERPC_e200z5 = 0x8100,
>  CPU_POWERPC_e200z6 = 0x8112,
> -/* MPC55xx microcontrollers */
> -#define CPU_POWERPC_MPC55xx  CPU_POWERPC_MPC5567
> -#if 0
> -#define CPU_POWERPC_MPC5514E CPU_POWERPC_MPC5514E_v1
> -#define CPU_POWERPC_MPC5514E_v0  CPU_POWERPC_e200z0
> -#define CPU_POWERPC_MPC5514E_v1  CPU_POWERPC_e200z1
> -#define CPU_POWERPC_MPC5514G CPU_POWERPC_MPC5514G_v1
> -#define CPU_POWERPC_MPC5514G_v0  CPU_POWERPC_e200z0
> -#define CPU_POWERPC_MPC5514G_v1  CPU_POWERPC_e200z1
> -#define CPU_POWERPC_MPC5515S CPU_POWERPC_e200z1
> -#define CPU_POWERPC_MPC5516E CPU_POWERPC_MPC5516E_v1
> -#define CPU_POWERPC_MPC5516E_v0  CPU_POWERPC_e200z0
> -#define CPU_POWERPC_MPC5516E_v1  CPU_POWERPC_e200z1
> -#define CPU_POWERPC_MPC5516G CPU_POWERPC_MPC5516G_v1
> -#define CPU_POWERPC_MPC5516G_v0  CPU_POWERPC_e200z0
> -#define CPU_POWERPC_MPC5516G_v1  CPU_POWERPC_e200z1
> -#define CPU_POWERPC_MPC5516S CPU_POWERPC_e200z1
> -#endif
> -#if 0
> -#define CPU_POWERPC_MPC5533  CPU_POWERPC_e200z3
> -#define CPU_POWERPC_MPC5534  CPU_POWERPC_e200z3
> -#endif
> -#define CPU_POWERPC_MPC5553  CPU_POWERPC_e200z6
> -#define CPU_POWERPC_MPC5554  CPU_POWERPC_e200z6
> -#define CPU_POWERPC_MPC5561  CPU_POWERPC_e200z6
> -#define CPU_POWERPC_MPC5565  CPU_POWERPC_e200z6
> -#define CPU_POWERPC_MPC5566  CPU_POWERPC_e200z6
> -#define CPU_POWERPC_MPC5567  CPU_POWERPC_e200z6
>  /* e300 family */
>  /* e300 cores */
>  CPU_POWERPC_e300c1 = 0x00830010,
> @@ -326,11 +298,7 @@ enum {
>  CPU_POWERPC_e300c3 = 0x00850010,
>  CPU_POWERPC_e300c4 = 0x00860010,
>  /* MPC83xx microcontrollers */

I think you should also remove the above comment now?

> -#define CPU_POWERPC_MPC831x  CPU_POWERPC_e300c3
> -#define CPU_POWERPC_MPC832x  CPU_POWERPC_e300c2
>  #define CPU_POWERPC_MPC834x  CPU_POWERPC_e300c1
> -#define CPU_POWERPC_MPC835x  CPU_POWERPC_e300c1
> -#define CPU_POWERPC_MPC836x  CPU_POWERPC_e300c1
>  #define CPU_POWERPC_MPC837x  CPU_POWERPC_e300c4
>  /* e500 family */
>  /* e500 cores  */

With the above comment removed:

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH v10 01/10] userfault: update kernel header for UFFD_FEATURE_*

[Dr. David Alan Gilbert]

* Alexey Perevalov (a.pereva...@samsung.com) wrote:
> This commit adds modification for UFFD_FEATURE_SIGBUS and
> UFFD_FEATURE_THREAD_ID.
> 
> Signed-off-by: Alexey Perevalov 

This should be replaced with just running the 
   scripts/update-linux-headers.sh
against a 4.14-rc1 checkout.

That can be done as a separate patch or the first patch
of this series.

Dave

> ---
>  linux-headers/linux/userfaultfd.h | 16 +++-
>  1 file changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/linux-headers/linux/userfaultfd.h 
> b/linux-headers/linux/userfaultfd.h
> index 9701772..b43cf0d 100644
> --- a/linux-headers/linux/userfaultfd.h
> +++ b/linux-headers/linux/userfaultfd.h
> @@ -23,7 +23,9 @@
>  UFFD_FEATURE_EVENT_REMOVE |  \
>  UFFD_FEATURE_EVENT_UNMAP |   \
>  UFFD_FEATURE_MISSING_HUGETLBFS | \
> -UFFD_FEATURE_MISSING_SHMEM)
> +UFFD_FEATURE_MISSING_SHMEM | \
> +UFFD_FEATURE_SIGBUS |\
> +UFFD_FEATURE_THREAD_ID)
>  #define UFFD_API_IOCTLS  \
>   ((__u64)1 << _UFFDIO_REGISTER | \
>(__u64)1 << _UFFDIO_UNREGISTER |   \
> @@ -78,6 +80,9 @@ struct uffd_msg {
>   struct {
>   __u64   flags;
>   __u64   address;
> + union {
> + __u32 ptid;
> + } feat;
>   } pagefault;
>  
>   struct {
> @@ -153,6 +158,13 @@ struct uffdio_api {
>* UFFD_FEATURE_MISSING_SHMEM works the same as
>* UFFD_FEATURE_MISSING_HUGETLBFS, but it applies to shmem
>* (i.e. tmpfs and other shmem based APIs).
> +  *
> +  * UFFD_FEATURE_SIGBUS feature means no page-fault
> +  * (UFFD_EVENT_PAGEFAULT) event will be delivered, instead
> +  * a SIGBUS signal will be sent to the faulting process.
> +  *
> +  * UFFD_FEATURE_THREAD_ID pid of the page faulted task_struct will
> +  * be returned, if feature is not requested 0 will be returned.
>*/
>  #define UFFD_FEATURE_PAGEFAULT_FLAG_WP   (1<<0)
>  #define UFFD_FEATURE_EVENT_FORK  (1<<1)
> @@ -161,6 +173,8 @@ struct uffdio_api {
>  #define UFFD_FEATURE_MISSING_HUGETLBFS   (1<<4)
>  #define UFFD_FEATURE_MISSING_SHMEM   (1<<5)
>  #define UFFD_FEATURE_EVENT_UNMAP (1<<6)
> +#define UFFD_FEATURE_SIGBUS  (1<<7)
> +#define UFFD_FEATURE_THREAD_ID   (1<<8)
>   __u64 features;
>  
>   __u64 ioctls;
> -- 
> 1.9.1
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH 19/19] nvic: Support banked exceptions in acknowledge and complete

[Richard Henderson]

On 09/12/2017 01:14 PM, Peter Maydell wrote:
> Update armv7m_nvic_acknowledge_irq() and armv7m_nvic_complete_irq()
> to handle banked exceptions:
>  * acknowledge needs to use the correct vector, which may be
>in sec_vectors[]
>  * acknowledge needs to return to its caller whether the
>exception should be taken to secure or non-secure state
>  * complete needs its caller to tell it whether the exception
>being completed is a secure one or not
> 
> Signed-off-by: Peter Maydell 
> ---
>  target/arm/cpu.h  | 15 +--
>  hw/intc/armv7m_nvic.c | 26 --
>  target/arm/helper.c   |  8 +---
>  hw/intc/trace-events  |  4 ++--
>  4 files changed, 40 insertions(+), 13 deletions(-)

Reviewed-by: Richard Henderson 

r~

Re: [Qemu-devel] [PATCH 18/19] nvic: Make SHCSR banked for v8M

[Richard Henderson]

On 09/12/2017 01:14 PM, Peter Maydell wrote:
> Handle banking of SHCSR: some register bits are banked between
> Secure and Non-Secure, and some are only accessible to Secure.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/intc/armv7m_nvic.c | 221 
> ++
>  1 file changed, 169 insertions(+), 52 deletions(-)

Reviewed-by: Richard Henderson 

r~

[Qemu-devel] [Bug 1715700] Re: Windows 7 guest won't boot on qemu 2.10 (works on 2.9)

[Laszlo Ersek (Red Hat)]

edk2 commit range: b68c793144e8..947f3737abf6.

** Changed in: qemu
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1715700

Title:
  Windows 7 guest won't boot on qemu 2.10 (works on 2.9)

Status in QEMU:
  Fix Committed

Bug description:
  Qemu version: 2.10 stable.
  Guest: Windows 7 SP1 x64, virtio drivers are already installed in the guest.
  Command line:
  qemu-system-x86_64 \
  -nodefaults \
  -nodefconfig \
  -machine type=q35,accel=kvm \
  -enable-kvm \
  -cpu host \
  -m 2048 \
  -vga virtio \
  -boot menu=on \
  -smbios file=/path/dmidecode_BIOS.bin \
  -acpitable file=/path/acpi_slic.bin \
  -bios /path/OVMF_CODE.fd \
  -net none \
  -drive if=virtio,media=disk,file=/media/win7.qcow2 \
  -device pcie-root-port \
  -device ich9-usb-ehci1 \
  -device ich9-usb-uhci1 \
  -device ich9-usb-uhci2 \
  -device ich9-usb-uhci3

  Windows hangs at boot with waving flag screen (flag doesn't freeze,
  keeps waving indefinitely). Same command line boots fine with Qemu
  2.9. I tried changing machine type to pc-q35-2.9 - same result.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1715700/+subscriptions

Re: [Qemu-devel] [PULL 00/12] Machine/CPU/NUMA queue, 2017-09-19

[Peter Maydell]

On 19 September 2017 at 21:18, Eduardo Habkost  wrote:
> The following changes since commit a9158a5cba955b79d580a252cc58ff44d154e370:
>
>   Merge remote-tracking branch 
> 'remotes/kraxel/tags/audio-20170918-pull-request' into staging (2017-09-18 
> 12:40:54 +0100)
>
> are available in the git repository at:
>
>   git://github.com/ehabkost/qemu.git tags/machine-next-pull-request
>
> for you to fetch changes up to e3d038b89f1bf3f09da4d59aa16b16e8305e1a05:
>
>   MAINTAINERS: Update git URLs for my trees (2017-09-19 16:53:13 -0300)
>
> 
> Machine/CPU/NUMA queue, 2017-09-19
>
> 
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] qemu-arm SIGSEGV for self-modifying code

[Peter Maydell]

On 20 September 2017 at 18:05, John Reiser  wrote:
> Yes, the SEGV occurs on the store, "long" before the re-written
> instruction ever is executed

OK, I've identified the immediate cause for this SEGV.

(1) when the guest initially mmap()s at 0xf700 and
above we pass that through to the host as an mmap rwx
(2) later, the guest wants to execute from some part
of this region; QEMU marks those pages as non-writable
so that we can catch guest writes and invalidate our
translated code cache (we then mark the page writable
and resume the guest code). This is a host page at a time,
so it covers the memory we're trying to modify
(3) when the translated guest code writes to the memory,
we get a host SIGSEGV, which is expected. Unfortunately
we then fail to recognize it as a case of a guest
write to a page that QEMU marked non-writeable.
(4) The reason we don't recognize the address is that
our test for "is this valid" (h2g_valid()) checks that the
guest address is within the chunk of the host address
space that we've carved out for the guest, and the
amount of space we carve out for that is 0xf700.
So guest execution above that won't work properly
(really we should probably fail the mmap() rather than
letting it succeed but misbehave).

I don't really know why we use 0xf700 as our
reserved_va value here, though. Alex, you added that
years ago, can you remember why you used that value?

You can work around this by passing a different
reserved-space value to QEMU with -R -- in theory
0x would be the right answer (there's a
kernel-page above that), but QEMU says it can't
reserved that much space. -R 0xfffe seems to get it
past the immediate segv problem.

thanks
-- PMM

Re: [Qemu-devel] [PULL 00/11] Ide patches

[John Snow]

On 09/20/2017 01:02 PM, Mark Cave-Ayland wrote:
> On 18/09/17 19:14, Peter Maydell wrote:
> 
>> On 18 September 2017 at 19:00, Peter Maydell  
>> wrote:
>>> On 18 September 2017 at 18:55, John Snow  wrote:
 On 09/16/2017 10:34 AM, Peter Maydell wrote:
> Hi; I'm afraid this doesn't build with clang:
>
> /home/petmay01/linaro/qemu-for-merges/hw/ide/core.c:70:15: error:
> comparison of unsigned enum expression >= 0 is always true
> [-Werror,-Wtautological-compare]
> if (enval >= 0 && enval < IDE_DMA__COUNT) {
> ~ ^  ~
> 1 error generated
>>
>>
>>> I think you could argue that it would at least be helpful
>>> if clang didn't warn about comparisons that only happen
>>> to be useless for this particular platform/impdef choice
>>> but are useful for the same code compiled with a different
>>> compiler.
>>
>> A bit of googling and some experimentation reveals that
>> clang deliberately suppresses this warning in the special
>> case of comparing against an enum value which happens to
>> be zero (but not for literal constant zero!). So this will
>> be fine:
>>if (enval >= IDE_DMA_READ && enval < IDE_DMA__COUNT)
>>
>> (or more sensibly you'd want to define an enum constant
>> for IDE_DMA__FIRST or something rather than relying on
>> READ being 0.)
>>
>> (found here:
>> http://clang-developers.42468.n3.nabble.com/Possibly-invalid-enum-tautology-warning-td3233140.html
>> )
> 
> Doing a git pull and even with the applied version of this patch I get a
> build failure on my local gcc-4.7:
> 
> cc -I/home/build/src/qemu/git/qemu/hw/ide -Ihw/ide
> -I/home/build/src/qemu/git/qemu/tcg
> -I/home/build/src/qemu/git/qemu/tcg/i386
> -I/home/build/src/qemu/git/qemu/linux-headers
> -I/home/build/src/qemu/git/qemu/linux-headers -I.
> -I/home/build/src/qemu/git/qemu
> -I/home/build/src/qemu/git/qemu/accel/tcg
> -I/home/build/src/qemu/git/qemu/include -I/usr/include/pixman-1
> -I/home/build/src/qemu/git/qemu/dtc/libfdt -Werror -pthread
> -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include
> -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
> -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings
> -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv
> -Wendif-labels -Wno-missing-include-dirs -Wempty-body -Wnested-externs
> -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers
> -Wold-style-declaration -Wold-style-definition -Wtype-limits
> -fstack-protector-all -I/usr/include/p11-kit-1
> -I/usr/include/libpng12   -I/home/build/src/qemu/git/qemu/tests -MMD -MP
> -MT hw/ide/core.o -MF hw/ide/core.d -O2 -U_FORTIFY_SOURCE
> -D_FORTIFY_SOURCE=2 -g   -c -o hw/ide/core.o hw/ide/core.c
> hw/ide/core.c: In function ‘IDE_DMA_CMD_str’:
> hw/ide/core.c:71:5: error: comparison of unsigned expression >= 0 is
> always true [-Werror=type-limits]
> cc1: all warnings being treated as errors
> make: *** [hw/ide/core.o] Error 1
> 
> Are there any other workarounds for this at all?
> 
> 
> ATB,
> 
> Mark.
> 

Guh. From which distro does your GCC 4.7 hail?

Regardless, I suppose I will revert to Eric's workaround, though I like
the way it reads an awful lot less.

--js

Re: [Qemu-devel] [PATCH 17/19] nvic: Make ICSR banked for v8M

[Richard Henderson]

On 09/12/2017 01:14 PM, Peter Maydell wrote:
> The ICSR NVIC register is banked for v8M. This doesn't
> require any new state, but it does mean that some bits
> are controlled by BFHNFNMINS and some bits must work
> with the correct banked exception. There is also a new
> in v8M PENDNMICLR bit.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/intc/armv7m_nvic.c | 45 -
>  1 file changed, 32 insertions(+), 13 deletions(-)

Reviewed-by: Richard Henderson 

r~