Re: [Qemu-devel] [Qemu-arm] [PATCH v7 00/20] ARM SMMUv3 Emulation Support

[Linu Cherian]

Hi Eric,


On Fri Sep 01, 2017 at 07:21:03PM +0200, Eric Auger wrote:
> This series implements the emulation code for ARM SMMUv3.
> 
> Changes since v6:
> - DPDK testpmd now running on guest with 2 assigned VFs
> - Changed the instantiation method: add the following option to
>   the QEMU command line
>   -device smmuv3 # for virtio/vhost use cases
>   -device smmuv3,caching-mode # for vfio use cases (based on [1])
> - splitted the series into smaller patches to allow the review
> - the VFIO integration based on "tlbi-on-map" smmuv3 driver
>   is isolated from the rest: last 2 patches, not for upstream.
>   This is shipped for testing/bench until a better solution is found.
> - Reworked permission flag checks and event generation
> 
> testing:
> - in dt and ACPI modes
> - virtio-net-pci and vhost-net devices using dma ops with various
>   guest page sizes [2]
> - assigned VFs using dma ops [3]:
>   - AMD Overdrive and igbvf passthrough (using gsi direct mapping)
>   - Cavium ThunderX and ixgbevf passthrough (using KVM MSI routing)
> - DPDK testpmd on guest running with VFIO user space drivers (2 igbvf) [3]
>   with guest and host page size equal (4kB)
> 
> Known limitations:
> - no VMSAv8-32 suport
> - no nested stage support (S1 + S2)
> - no support for HYP mappings
> - register fine emulation, commands, interrupts and errors were
>   not accurately tested. Handling is sufficient to run use cases
>   described above though.
> - interrupts and event generation not observed yet.
> 
> Best Regards
> 
> Eric
>

Was looking at options to get rid of the existing hacks we have
in this implementation (last two patches) and also to reduce the 
map/unmap/translation 
overhead for the guest kernel devices.

Interestingly, the nested stage translation + smmu emulation at kernel
 that we were exploring, has been already tried by Will Deacon. 
https://www.linuxplumbersconf.org/2014/ocw/system/presentations/2019/original/vsmmu-lpc14.pdf
https://lists.gnu.org/archive/html/qemu-devel/2015-06/msg03379.html


It would be nice to understand, why this solution was not pursued atleast for 
vfio-pci devices.
OR
If you have already plans to do nested stage support in the future, would be 
interested to know 
about it.



 
> This series can be found at:
> v7: https://github.com/eauger/qemu/tree/v2.10.0-SMMU-v7
> Previous version at:
> v6: https://github.com/eauger/qemu/tree/v2.10.0-rc2-SMMU-v6
> 
> References:
> [1] [RFC v2 0/4] arm-smmu-v3 tlbi-on-map option
> https://lkml.org/lkml/2017/8/11/426
> 
> [2] qemu cmd line excerpt:
> -device smmuv3 \
> -netdev tap,id=tap0,script=no,downscript=no,ifname=tap0,vhost=off \
> -device 
> virtio-net-pci,netdev=tap0,mac=6a:f5:10:b1:3d:d2,iommu_platform,disable-modern=off,disable-legacy=on
>  \
> [3] use -device smmuv3,caching-mode
> 
> 
> History:
> v6 -> v7:
> - see above
> 
> v5 -> v6:
> - Rebase on 2.10 and IOMMUMemoryRegion
> - add ACPI TLBI_ON_MAP support (VFIO integration also works in
>   ACPI mode)
> - fix block replay
> - handle implementation defined SMMU_CMD_TLBI_NH_VA_AM cmd
>   (goes along with TLBI_ON_MAP FW quirk)
> - replay systematically unmap the whole range first
> - smmuv3_map_hook does not unmap anymore and the unmap is done
>   before the replay
> - add and use smmuv3_context_device_invalidate instead of
>   blindly replaying everything
> 
> v4 -> v5:
> - initial_level now part of SMMUTransCfg
> - smmu_page_walk_64 takes into account the max input size
> - implement sys->iommu_ops.replay and sys->iommu_ops.notify_flag_changed
> - smmuv3_translate: bug fix: don't walk on bypass
> - smmu_update_qreg: fix PROD index update
> - I did not yet address Peter's comments as the code is not mature enough
>   to be split into sub patches.
> 
> v3 -> v4 [Eric]:
> - page table walk rewritten to allow scan of the page table within a
>   range of IOVA. This prepares for VFIO integration and replay.
> - configuration parsing partially reworked.
> - do not advertise unsupported/untested features: S2, S1 + S2, HYP,
>   PRI, ATS, ..
> - added ACPI table generation
> - migrated to dynamic traces
> - mingw compilation fix
> 
> v2 -> v3 [Eric]:
> - rebased on 2.9
> - mostly code and patch reorganization to ease the review process
> - optional patches removed. They may be handled separately. I am currently
>   working on ACPI enablement.
> - optional instantiation of the smmu in mach-virt
> - removed [2/9] (fdt functions) since not mandated
> - start splitting main patch into base and derived object
> - no new function feature added
> 
> v1 -> v2 [Prem]:
> - Adopted review comments from Eric Auger
> - Make SMMU_DPRINTF to internally call qemu_log
> (since translation requests are too many, we need control
>  on the type of log we want)
> - SMMUTransCfg modified to suite simplicity
> - Change RegInfo to uint64 register array
> - Code cleanup
> - Test cleanups
> - Reshuffled patches
> 
> v0 -> v1 [Prem]:
> - As per SMMUv3 

[Qemu-devel] [PATCH v2] throttle: fix a qemu crash problem when calling blk_delete

[sochin jiang]

commit 7ca7f0 moves the throttling related part of the BDS life cycle
management to BlockBackend, adds call to
throttle_timers_detach_aio_context in blk_remove_bs.  commit 1606e
remove a block device from its throttle group in blk_delete by calling
blk_io_limits_disable, this fix an easily reproducible qemu crash. But
delete a BB without a BDS inserted could easily cause a qemu crash too
by calling bdrv_drained_begin in blk_io_limits_disable. Say, a simply
drive_add and then a drive_del command.

This patch removes draining BDS by calling throttle_group_unregister_tgm
directly instead of blk_io_limits_disable, leaves draining operation to
blk_remove_bs in case that there is no BDS inserted. Futhermore, make sure
throttle timers are initialized or attached before throttle_timers_destroy
is called in throttle_group_unregister_tgm.

Signed-off-by: sochin jiang 
---
 block/block-backend.c   | 2 +-
 block/throttle-groups.c | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/block/block-backend.c b/block/block-backend.c
index 45d9101..39c7cca 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -341,7 +341,7 @@ static void blk_delete(BlockBackend *blk)
 assert(!blk->name);
 assert(!blk->dev);
 if (blk->public.throttle_group_member.throttle_state) {
-blk_io_limits_disable(blk);
+throttle_group_unregister_tgm(>public.throttle_group_member);
 }
 if (blk->root) {
 blk_remove_bs(blk);
diff --git a/block/throttle-groups.c b/block/throttle-groups.c
index b291a88..c5f9af3 100644
--- a/block/throttle-groups.c
+++ b/block/throttle-groups.c
@@ -576,7 +576,9 @@ void throttle_group_unregister_tgm(ThrottleGroupMember *tgm)
 
 /* remove the current tgm from the list */
 QLIST_REMOVE(tgm, round_robin);
-throttle_timers_destroy(>throttle_timers);
+if (throttle_timers_are_initialized(>throttle_timers)) {
+throttle_timers_destroy(>throttle_timers);
+}
 qemu_mutex_unlock(>lock);
 
 throttle_group_unref(>ts);
-- 
1.8.3.1

Re: [Qemu-devel] [libfdt][PATCH v2] implement strnlen for systems that need it

[Programmingkid]

> On Oct 22, 2017, at 1:33 AM, David Gibson  wrote:
> 
> On Fri, Oct 20, 2017 at 04:44:58PM -0700, Richard Henderson wrote:
>> On 10/20/2017 10:55 AM, John Arbuckle wrote:
>>> +static inline size_t strnlen(const char *string, size_t max_count)
>>> +{
>>> +size_t count;
>>> +for (count = 0; count < max_count; count++) {
>>> +if (string[count] == '\0') {
>>> +break;
>>> +}
>>> +}
>>> +return count;
>> 
>> Not to nitpick, but
>> 
>>  const char *p = memchr(string, 0, max_count);
>>  return p ? max_count : p - string;
> 
> Richard's right, that's definitely a better implementation.

I was just wondering, what if we rewrote the code to use strlen() instead of 
strnlen(). Would that be an acceptable solution? 

Re: [Qemu-devel] [libfdt][PATCH v3] implement strnlen for systems that need it

[Programmingkid]

> On Oct 23, 2017, at 12:27 PM, Peter Maydell  wrote:
> 
> On 23 October 2017 at 17:09, Stefan Hajnoczi  wrote:
>>> +/* strnlen() is not available on Mac OS < 10.7 */
>>> +# if (MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_7)
>> 
>> Does this cover the case where MAC_OS_X_VERSION_MAX_ALLOWED is set to
>> <1070 on a 10.7+ build machine?  It's possible that the 
>> header would define strnlen() and your code redefines the function
>> (compiler error).
> 

I was operating under the assumption that MAC_OS_X_VERSION_MAX_ALLOWED would 
equal the version of the host. After making this little test program:

#include 
#include 

int main(int argc, char *argv[])
{
printf("value = %d\n", MAC_OS_X_VERSION_MAX_ALLOWED);
}

It reports:
"value = 101204" on Mac OS 10.12.6 (I'm not sure why there is a 04)
and
"Value = 1068" on Mac OS 10.6.8

Is using MAC_OS_X_VERSION_MAX_ALLOWED not a reliable macro to use to test for 
the version of the Mac OS? The ui/cocoa.m file seems to use it and have no 
problems. I don't think we have to worry about MAC_OS_X_VERSION_MAX_ALLOWED 
being set to less than 1070 on Mac OS 10.7 and up. 

> In that case you don't want to use the strnlen() declaration
> from the header, you want the inline somehow, because even if
> the declaration is present and using it doesn't fail compile
> the definition won't be around at runtime.
> 
>> It would be best to check how , , and
>>  work to make sure that all cases are handled.  I
>> don't have access to a Mac right now, sorry.
> 
> It uses the clang 'attribute availability' syntax:
> https://clang.llvm.org/docs/AttributeReference.html#availability

This feature appears to be a clang/gcc-only feature. Using it would mean making 
this code compiler locked. The Device Tree Compiler project (that this code 
belongs to) is made by IBM personnel. They might want to be able to use other 
compilers including their own IBM XL C compiler to compile this project. Even 
if that part of the code is only to run on Mac OS X I still would like to keep 
the code generic enough for any compiler to be able to build the Device Tree 
Compiler project.

Re: [Qemu-devel] [PATCH v7 21/52] tcg: Use offsets not indices for TCGv_*

[Philippe Mathieu-Daudé]

On 10/24/2017 12:22 AM, Philippe Mathieu-Daudé wrote:
> On 10/20/2017 08:19 PM, Richard Henderson wrote:
>> Using the offset of a temporary, relative to TCGContext, rather than
>> its index means that we don't use 0.  That leaves offset 0 free for
>> a NULL representation without having to leave index 0 unused.
>>
>> Signed-off-by: Richard Henderson 
>> ---
>>  tcg/tcg.h | 37 -
>>  1 file changed, 20 insertions(+), 17 deletions(-)
>>
[...]
>> +return (void *)_ctx + a;
> 
> Hmmm why not cast it as TCGTemp*?

just read next patch, so:

Reviewed-by: Philippe Mathieu-Daudé 

[Qemu-devel] qemu-img crash when resize a qcow2 file created with preallocation=full/falloc .

[Changlimin]

Hi,
I am glad to see that qcow2 file created with preallocation=full/falloc can be 
resized. But when I test it, qemu-img crashs.
qemu-img: block/qcow2-refcount.c:530: qcow2_refcount_area: Assertion 
`!(start_offset % s->cluster_size)' failed.

These are commands:
qemu-img create -f qcow2 -o preallocation=full full.img 1G
qemu-img resize --preallocation=full full.img +1G

BR
Chang Limin

Re: [Qemu-devel] [RFC v2] e1000: Faulty tx checksum offload corrupts packets

[Jason Wang]

On 2017年10月24日 08:22, Ed Swierk wrote:

[Resending to full set of maintainers]

v2: Cosmetic fixes for checkpatch/buildbot errors

The transmit checksum offload implementation in QEMU's e1000 device is
deficient and causes packet data corruption in some situations.

According to the Intel 8254x software developer's manual[1], the
hardware device maintains two separate contexts: the TCP segmentation
offload (TSO) context includes parameters for both segmentation
offload and checksum offload, and the normal (SUM,
i.e. checksum-offload-only) context includes only checksum offload
parameters. These parameters specify over which packet data to compute
the checksum, and where in the packet to store the computed
checksum(s).

[1] 
https://www.intel.com/content/dam/doc/manual/pci-pci-x-family-gbe-controllers-software-dev-manual.pdf

The e1000 driver can update either of these contexts by sending a
transmit context descriptor. The TSE bit in the TUCMD field controls
which context is modified by the descriptor. Crucially, a transmit
context descriptor with TSE=1 changes only the TSO context, leaving
the SUM context unchanged; with TSE=0 the opposite is true.

Fields in the transmit data descriptor determine which (if either) of
these two contexts the device uses when actually transmitting some
data:

- If the TSE bit in the DCMD field is set, then the device performs
   TCP segmentation offload using the parameters previously set in the
   TSO context. In addition, if TXSM and/or IXSM is set in the POPTS
   field, the device performs the appropriate checksum offloads using
   the parameters in the same (TSO) context.

- Otherwise, if the TSE bit in the DCMD field is clear, then there is
   no TCP segmentation offload. If TXSM and/or IXSM is set in the POPTS
   field, the device performs the appropriate checksum offloads using
   the parameters in the SUM context.

The e1000 driver is free to set up the TSO and SUM contexts and then
transmit a mixture of data, with each data descriptor using a
different (or neither) context. This is what the e1000 driver for
Windows (Intel(R) PRO/1000 MT Network Connection, aka E1G6023E.sys)
does in certain cases. Sometimes with quite undesirable results, since
the QEMU e1000 device doesn't work as described above.

Instead, the QEMU e1000 device maintains only one context in its state
structure. When it receives a transmit context descriptor from the
driver, it overwrites the context parameters regardless of the TSE bit
in the TUCMD field.


Good catch.



To see why this is wrong, suppose the driver first sets up a SUM
context with UDP checksum offload parameters (say, TUCSO pointing to
the appropriate offset for a UDP checksum, 6 bytes into the header),
and then sets up a TSO context with TCP checksum offload parameters
(TUCSO pointing to the appropriate offset for a TCP checksum, 16 bytes
into the header). The driver then sends a transmit data descriptor
with TSO=0 and TXSM=1 along with a UDP datagram. The QEMU e1000 device
computes the checksum using the last set of checksum offload
parameters, and writes the checksum to offset 16, stomping on two
bytes of UDP data, and leaving the wrong checksum in the UDP checksum
field.

To make matters worse, if the host network stack treats data
transmitted from a VM as locally originated, it may do its own UDP
checksum computation, "correcting" it to match the corrupt data before
sending it on the wire. Now the corrupt UDP packet makes its way all
the way to the destination.

(Another layer of icing on the cake is that QEMU ignores the
requirement that a UDP checksum computed as zero be sent as 0x,
since zero is a special value meaning no checksum. So even when QEMU
doesn't corrupt the packet data, the packet sometimes leaves the box
with no checksum at all.)


Please submit another patch for this.



I have instrumented QEMU and reproduced this behavior with a Windows
10 guest, rather easily with a TCP iperf and a UDP iperf running in
parallel. I have also attempted a fix, which is below in very rough
form.


How do you instrument qemu? Can this be reproduced without this?



Before I spend too much time refining a patch, I'd like to get
feedback on my approach.

One puzzle is what to do about e1000e: it shares shares some data
structures and a bit of code with e1000, but little else, which is
surprising given how similar they are (or should be). The e1000e's
handling of TCP segmentation offload and checksum offload is totally
different, and problematic for other reasons (it totally ignores most
of the context parameters provided by the driver and basically does
what it thinks is best by digging into the packet data). Is this
divergence intentional?


Somehow, and if we can find a way to unify the codes, it would be better.


Is there a reason not to change e1000e as long
as I'm trying to make e1000 more datasheet-conformant?


Please fix them individually.



Not ready for prime time, but nonetheless
Signed-off-by: Ed Swierk 

[Qemu-devel] 答复: [Qemu-block] [PATCH] block: all I/O should be completed before removing throttle timers.

[lizhengui]

Ok，thanks for your reply.

-邮件原件-
发件人: Stefan Hajnoczi [mailto:stefa...@gmail.com] 
发送时间: 2017年10月24日 1:41
收件人: lizhengui
抄送: kw...@redhat.com; jc...@redhat.com; mre...@redhat.com; pbonz...@redhat.com; 
Lulina (A); qemu-bl...@nongnu.org; Subo (A); Fangyi (C); qemu-devel@nongnu.org; 
wangjie (P); jiangxiaoqing (C)
主题: Re: [Qemu-block] [PATCH] block: all I/O should be completed before removing 
throttle timers.

On Sat, Oct 21, 2017 at 01:34:00PM +0800, Zhengui Li wrote:
> From: Zhengui 
> 
> In blk_remove_bs, all I/O should be completed before removing throttle 
> timers. If there has inflight I/O, removing throttle timers here will 
> cause the inflight I/O never return.
> This patch add bdrv_drained_begin before 
> throttle_timers_detach_aio_context
> to let all I/O completed before removing throttle timers.
> 
> Signed-off-by: Zhengui 
> ---
>  block/block-backend.c | 4 
>  1 file changed, 4 insertions(+)

Related (but not equivalent) patch here:
https://patchwork.kernel.org/patch/9970023/

Reviewed-by: Stefan Hajnoczi 

Re: [Qemu-devel] [PATCH v7 21/52] tcg: Use offsets not indices for TCGv_*

[Philippe Mathieu-Daudé]

On 10/23/2017 02:37 PM, Emilio G. Cota wrote:
> On Fri, Oct 20, 2017 at 16:19:52 -0700, Richard Henderson wrote:
>> Using the offset of a temporary, relative to TCGContext, rather than
>> its index means that we don't use 0.  That leaves offset 0 free for
>> a NULL representation without having to leave index 0 unused.
[...]
>>  /* used to align parameters */
>> -#define TCG_CALL_DUMMY_ARG  ((TCGArg)(-1))
>> +#define TCG_CALL_DUMMY_ARG  ((TCGArg)0)
> 
> We're doing something clever here (on a first read I thought TCGContext
> was a typo), so I'd leave a comment somewhere. TCG_CALL_DUMMY_ARG might
> be a good place to do so; a copy of the commit's message should suffice.

agreed.

Re: [Qemu-devel] [PATCH v7 21/52] tcg: Use offsets not indices for TCGv_*

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> Using the offset of a temporary, relative to TCGContext, rather than
> its index means that we don't use 0.  That leaves offset 0 free for
> a NULL representation without having to leave index 0 unused.
> 
> Signed-off-by: Richard Henderson 
> ---
>  tcg/tcg.h | 37 -
>  1 file changed, 20 insertions(+), 17 deletions(-)
> 
> diff --git a/tcg/tcg.h b/tcg/tcg.h
> index 8f692bc6cf..7fe0fb9e07 100644
> --- a/tcg/tcg.h
> +++ b/tcg/tcg.h
> @@ -429,13 +429,13 @@ typedef TCGv_ptr TCGv_env;
>  #endif
>  
>  /* Dummy definition to avoid compiler warnings.  */
> -#define TCGV_UNUSED_I32(x) (x = (TCGv_i32)-1)
> -#define TCGV_UNUSED_I64(x) (x = (TCGv_i64)-1)
> -#define TCGV_UNUSED_PTR(x) (x = (TCGv_ptr)-1)
> +#define TCGV_UNUSED_I32(x) (x = (TCGv_i32)NULL)
> +#define TCGV_UNUSED_I64(x) (x = (TCGv_i64)NULL)
> +#define TCGV_UNUSED_PTR(x) (x = (TCGv_ptr)NULL)
>  
> -#define TCGV_IS_UNUSED_I32(x) ((x) == (TCGv_i32)-1)
> -#define TCGV_IS_UNUSED_I64(x) ((x) == (TCGv_i64)-1)
> -#define TCGV_IS_UNUSED_PTR(x) ((x) == (TCGv_ptr)-1)
> +#define TCGV_IS_UNUSED_I32(x) ((x) == (TCGv_i32)NULL)
> +#define TCGV_IS_UNUSED_I64(x) ((x) == (TCGv_i64)NULL)
> +#define TCGV_IS_UNUSED_PTR(x) ((x) == (TCGv_ptr)NULL)
>  
>  /* call flags */
>  /* Helper does not read globals (either directly or through an exception). It
> @@ -454,7 +454,7 @@ typedef TCGv_ptr TCGv_env;
>  #define TCG_CALL_NO_WG_SE   (TCG_CALL_NO_WG | TCG_CALL_NO_SE)
>  
>  /* used to align parameters */
> -#define TCG_CALL_DUMMY_ARG  ((TCGArg)(-1))
> +#define TCG_CALL_DUMMY_ARG  ((TCGArg)0)
>  
>  /* Conditions.  Note that these are laid out for easy manipulation by
> the functions below:
> @@ -701,17 +701,20 @@ static inline size_t temp_idx(TCGTemp *ts)
>  
>  static inline TCGArg temp_arg(TCGTemp *ts)
>  {
> -return temp_idx(ts);
> +ptrdiff_t a = (void *)ts - (void *)_ctx;
> +tcg_debug_assert(a >= offsetof(TCGContext, temps)
> + && a < offsetof(TCGContext, temps[tcg_ctx.nb_temps]));
> +return a;
>  }
>  
>  static inline TCGTemp *arg_temp(TCGArg a)
>  {
> -return a == TCG_CALL_DUMMY_ARG ? NULL : _ctx.temps[a];
> -}
> -
> -static inline size_t arg_index(TCGArg a)
> -{
> -return a;
> +if (a == TCG_CALL_DUMMY_ARG) {
> +return NULL;
> +}
> +tcg_debug_assert(a >= offsetof(TCGContext, temps)
> + && a < offsetof(TCGContext, temps[tcg_ctx.nb_temps]));
> +return (void *)_ctx + a;

Hmmm why not cast it as TCGTemp*?

>  }
>  
>  static inline TCGArg tcgv_i32_arg(TCGv_i32 t)
> @@ -746,17 +749,17 @@ static inline TCGTemp *tcgv_ptr_temp(TCGv_ptr t)
>  
>  static inline TCGv_i32 temp_tcgv_i32(TCGTemp *t)
>  {
> -return (TCGv_i32)temp_idx(t);
> +return (TCGv_i32)temp_arg(t);
>  }
>  
>  static inline TCGv_i64 temp_tcgv_i64(TCGTemp *t)
>  {
> -return (TCGv_i64)temp_idx(t);
> +return (TCGv_i64)temp_arg(t);
>  }
>  
>  static inline TCGv_ptr temp_tcgv_ptr(TCGTemp *t)
>  {
> -return (TCGv_ptr)temp_idx(t);
> +return (TCGv_ptr)temp_arg(t);
>  }
>  
>  #if TCG_TARGET_REG_BITS == 32
> 

Re: [Qemu-devel] [libfdt][PATCH v3] implement strnlen for systems that need it

[Programmingkid]

> On Oct 23, 2017, at 12:09 PM, Stefan Hajnoczi  wrote:
> 
> On Sun, Oct 22, 2017 at 10:50:16PM -0400, John Arbuckle wrote:
>> Prior the Mac OS 10.7, the function strnlen() was not available. This patch
>> implements strnlen() on Mac OS X versions that are below 10.7.
>> 
>> Signed-off-by: John Arbuckle 
>> ---
>> v3 changes:
>> - Replaced loop with memchr()
>> 
>> v2 changes:
>> - Simplified the code to make it static inline'ed
>> - Changed the type of count to size_t
>> 
>> libfdt/libfdt_env.h | 24 
>> 1 file changed, 24 insertions(+)
>> 
>> diff --git a/libfdt/libfdt_env.h b/libfdt/libfdt_env.h
>> index 952056c..d43b66b 100644
>> --- a/libfdt/libfdt_env.h
>> +++ b/libfdt/libfdt_env.h
>> @@ -109,4 +109,28 @@ static inline fdt64_t cpu_to_fdt64(uint64_t x)
>> #undef CPU_TO_FDT16
>> #undef EXTRACT_BYTE
>> 
>> +#ifdef __APPLE__
>> +#include 
>> +
>> +#define MAC_OS_X_VERSION_10_7 1070
> 
> Apple has already defined MAC_OS_X_VERSION_10_7 here:
> https://opensource.apple.com/source/xnu/xnu-1699.24.8/EXTERNAL_HEADERS/AvailabilityMacros.h
> 
> To avoid a compiler warning, please use:
> 
> #ifndef MAC_OS_X_VERSION_10_7
> #define MAC_OS_X_VERSION_10_7 1070
> #endif

Sounds logical.

> 
>> +/* strnlen() is not available on Mac OS < 10.7 */
>> +# if (MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_7)
> 
> Does this cover the case where MAC_OS_X_VERSION_MAX_ALLOWED is set to
> <1070 on a 10.7+ build machine?  It's possible that the 
> header would define strnlen() and your code redefines the function
> (compiler error).

If MAC_OS_X_VERSION_MAX_ALLOWED is equal to 1070 then this code would not be 
executed. This branch would only be taken if MAC_OS_X_VERSION_MAX_ALLOWED is 
less than 1070. So there would not be a compiler error.

> 
> It would be best to check how , , and
>  work to make sure that all cases are handled.  I
> don't have access to a Mac right now, sorry.
> 
> Perhaps this approach works better:
> 
> # ifndef MAC_OS_X_VERSION_10_7

I think you are saying I should remove the "#ifdef __APPLE__" code and just 
check to see if MAC_OS_X_VERSION_10_7 is defined. That might work on Mac OS 
10.6 and 10.5, but it would probably cause problems with non-Mac-OS platforms. 

Re: [Qemu-devel] [PATCH v7 19/52] tcg: Remove TCGV_EQUAL*

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> When we used structures for TCGv_*, we needed a macro in order to
> perform a comparison.  Now that we use pointers, this is just clutter.
> 
> Signed-off-by: Richard Henderson 
> ---
>  tcg/tcg-op.h| 6 ++
>  tcg/tcg.h   | 4 
>  target/cris/translate.c | 6 +++---
>  target/i386/translate.c | 6 +++---
>  target/m68k/translate.c | 2 +-
>  target/ppc/translate.c  | 4 ++--
>  6 files changed, 11 insertions(+), 17 deletions(-)
> 
> diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
> index ab2f3c6cee..3129159907 100644
> --- a/tcg/tcg-op.h
> +++ b/tcg/tcg-op.h
> @@ -328,7 +328,7 @@ static inline void tcg_gen_discard_i32(TCGv_i32 arg)
>  
>  static inline void tcg_gen_mov_i32(TCGv_i32 ret, TCGv_i32 arg)
>  {
> -if (!TCGV_EQUAL_I32(ret, arg)) {
> +if (ret != arg) {
>  tcg_gen_op2_i32(INDEX_op_mov_i32, ret, arg);
>  }
>  }
> @@ -522,7 +522,7 @@ static inline void tcg_gen_discard_i64(TCGv_i64 arg)
>  
>  static inline void tcg_gen_mov_i64(TCGv_i64 ret, TCGv_i64 arg)
>  {
> -if (!TCGV_EQUAL_I64(ret, arg)) {
> +if (ret != arg) {
>  tcg_gen_op2_i64(INDEX_op_mov_i64, ret, arg);
>  }
>  }
> @@ -809,7 +809,6 @@ void tcg_gen_lookup_and_goto_ptr(void);
>  #define tcg_temp_free tcg_temp_free_i32
>  #define TCGV_UNUSED(x) TCGV_UNUSED_I32(x)
>  #define TCGV_IS_UNUSED(x) TCGV_IS_UNUSED_I32(x)
> -#define TCGV_EQUAL(a, b) TCGV_EQUAL_I32(a, b)
>  #define tcg_gen_qemu_ld_tl tcg_gen_qemu_ld_i32
>  #define tcg_gen_qemu_st_tl tcg_gen_qemu_st_i32
>  #else
> @@ -820,7 +819,6 @@ void tcg_gen_lookup_and_goto_ptr(void);
>  #define tcg_temp_free tcg_temp_free_i64
>  #define TCGV_UNUSED(x) TCGV_UNUSED_I64(x)
>  #define TCGV_IS_UNUSED(x) TCGV_IS_UNUSED_I64(x)
> -#define TCGV_EQUAL(a, b) TCGV_EQUAL_I64(a, b)
>  #define tcg_gen_qemu_ld_tl tcg_gen_qemu_ld_i64
>  #define tcg_gen_qemu_st_tl tcg_gen_qemu_st_i64
>  #endif
> diff --git a/tcg/tcg.h b/tcg/tcg.h
> index b7fac0db8a..8f692bc6cf 100644
> --- a/tcg/tcg.h
> +++ b/tcg/tcg.h
> @@ -428,10 +428,6 @@ typedef TCGv_ptr TCGv_env;
>  #error Unhandled TARGET_LONG_BITS value
>  #endif
>  
> -#define TCGV_EQUAL_I32(a, b) ((a) == (b))
> -#define TCGV_EQUAL_I64(a, b) ((a) == (b))
> -#define TCGV_EQUAL_PTR(a, b) ((a) == (b))
> -
>  /* Dummy definition to avoid compiler warnings.  */
>  #define TCGV_UNUSED_I32(x) (x = (TCGv_i32)-1)
>  #define TCGV_UNUSED_I64(x) (x = (TCGv_i64)-1)
> diff --git a/target/cris/translate.c b/target/cris/translate.c
> index 38a999e6f1..55a9202777 100644
> --- a/target/cris/translate.c
> +++ b/target/cris/translate.c
> @@ -839,7 +839,7 @@ static void cris_alu(DisasContext *dc, int op,
>  }
>  tcg_gen_or_tl(d, d, tmp);
>  }
> -if (!TCGV_EQUAL(tmp, d)) {
> +if (tmp != d) {
>  tcg_temp_free(tmp);
>  }
>  }
> @@ -1162,7 +1162,7 @@ static inline void t_gen_sext(TCGv d, TCGv s, int size)
>  tcg_gen_ext8s_i32(d, s);
>  } else if (size == 2) {
>  tcg_gen_ext16s_i32(d, s);
> -} else if (!TCGV_EQUAL(d, s)) {
> +} else {
>  tcg_gen_mov_tl(d, s);
>  }
>  }
> @@ -1173,7 +1173,7 @@ static inline void t_gen_zext(TCGv d, TCGv s, int size)
>  tcg_gen_ext8u_i32(d, s);
>  } else if (size == 2) {
>  tcg_gen_ext16u_i32(d, s);
> -} else if (!TCGV_EQUAL(d, s)) {
> +} else {
>  tcg_gen_mov_tl(d, s);
>  }
>  }
> diff --git a/target/i386/translate.c b/target/i386/translate.c
> index 5f24a2de3c..d6697f721c 100644
> --- a/target/i386/translate.c
> +++ b/target/i386/translate.c
> @@ -742,7 +742,7 @@ static CCPrepare gen_prepare_eflags_c(DisasContext *s, 
> TCGv reg)
>  size = s->cc_op - CC_OP_SUBB;
>  t1 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
>  /* If no temporary was used, be careful not to alias t1 and t0.  */
> -t0 = TCGV_EQUAL(t1, cpu_cc_src) ? cpu_tmp0 : reg;
> +t0 = t1 == cpu_cc_src ? cpu_tmp0 : reg;

As I noticed in a previous patch, this expression is a bit easier/faster
to read/review with parenthesis are used:

   t0 = (t1 == cpu_cc_src ? cpu_tmp0 : reg);

Reviewed-by: Philippe Mathieu-Daudé 

>  tcg_gen_mov_tl(t0, cpu_cc_srcT);
>  gen_extu(size, t0);
>  goto add_sub;
> @@ -951,7 +951,7 @@ static CCPrepare gen_prepare_cc(DisasContext *s, int b, 
> TCGv reg)
>  break;
>  case JCC_L:
>  gen_compute_eflags(s);
> -if (TCGV_EQUAL(reg, cpu_cc_src)) {
> +if (reg == cpu_cc_src) {
>  reg = cpu_tmp0;
>  }
>  tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
> @@ -962,7 +962,7 @@ static CCPrepare gen_prepare_cc(DisasContext *s, int b, 
> TCGv reg)
>  default:
>  case JCC_LE:
>  gen_compute_eflags(s);
> -if (TCGV_EQUAL(reg, cpu_cc_src)) {
> +if (reg == cpu_cc_src) {
>  reg = cpu_tmp0;
>  

Re: [Qemu-devel] [PATCH v7 07/52] tcg: Return NULL temp for TCG_CALL_DUMMY_ARG

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> From: Richard Henderson 
> 
> Reviewed-by: Emilio G. Cota 
> Signed-off-by: Richard Henderson 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  tcg/tcg.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

[Qemu-devel] Migration - Random guest kernel panics on target

[Fennosys]

Hi,

I'm encountering random guest kernel crashes while doing live migration with 
qemu (using qemu cli and monitor commands). 

QEMU emulator version 2.10.0
Host kernel: 4.13.9-gentoo
Guest kernel: 4.13.9-gentoo

Host cpu: 
model name  : AMD Opteron(tm) Processor 6128
stepping: 1
microcode   : 0x1d9


example of vm starup cli: 
qemu-system-x86_64 -daemonize -name VM50 -vnc :50 -enable-kvm -cpu host -serial 
file:/var/log/kvm/50-serial.log -k fi \
-kernel /somepath/bzImage \
root=/dev/vda -m 4096 -smp 4 -runas kvm-user \
-netdev 
type=tap,ifname=vm50,id=VM50,script=/etc/openvswitch/scripts/ifup-br0-50,downscript=/etc/openvswitch/scripts/ifdown-br0,vhost=on
 \
-device virtio-net-pci,mac=xx:xx:xx:xx:xx:xx,netdev=VM50 \
-drive file=/dev/drbd1,format=raw,if=virtio

backtrace:
[  370.984297] BUG: unable to handle kernel paging request at cc40fe20
[  370.985542] IP: receive_buf+0x7db/0xd20
[  370.986131] PGD 0 
[  370.986132] P4D 0 
[  370.986450] 
[  370.987463] Oops:  [#1] SMP
[  370.987972] Modules linked in: kvm_amd kvm irqbypass
[  370.988787] CPU: 1 PID: 14 Comm: ksoftirqd/1 Not tainted 4.13.9-gentoo #3
[  370.989816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1.fc27 04/01/2014
[  370.991131] task: 8ec1baae6c00 task.stack: 9cd9406b
[  370.992018] RIP: 0010:receive_buf+0x7db/0xd20
[  370.992673] RSP: 0018:9cd9406b3d10 EFLAGS: 00010286
[  370.993454] RAX: 713f RBX: 07dd RCX: 2b9d
[  370.994508] RDX: ca7c RSI: 9cd9406b3d4c RDI: 8ec1ba11c000
[  370.995571] RBP: 9cd9406b3d98 R08:  R09: 0600
[  370.996618] R10: cc40fe00 R11: 8ec1ba44d740 R12: 8ec1ba10f800
[  370.997676] R13: 8ec1b9bf2400 R14: 8000 R15: 8ec1b9bf2d00
[  370.998728] FS:  () GS:8ec1bfc8() 
knlGS:
[  370.24] CS:  0010 DS:  ES:  CR0: 80050033
[  371.000770] CR2: cc40fe20 CR3: 00013a551000 CR4: 06a0
[  371.001828] Call Trace:
[  371.002231]  ? load_balance+0x144/0x970
[  371.002802]  virtnet_poll+0x14e/0x260
[  371.003433]  net_rx_action+0x1ab/0x2b0
[  371.003996]  __do_softirq+0xdb/0x1e0
[  371.004558]  run_ksoftirqd+0x24/0x50
[  371.005107]  smpboot_thread_fn+0x107/0x160
[  371.005718]  kthread+0xff/0x140
[  371.006195]  ? sort_range+0x20/0x20
[  371.006725]  ? kthread_create_on_node+0x40/0x40
[  371.007415]  ret_from_fork+0x25/0x30
[  371.007965] Code: 0a 8c 00 4d 01 f2 72 0e 48 c7 c0 00 00 00 80 48 2b 05 ba 
6e 8e 00 49 01 c2 48 8b 15 a0 6e 8e 00 49 c1 ea 0c 49 c1 e2 06 49 01 d2 <49> 8b 
42 20 a8 01 48 8d 48 ff 8b 45 b4 4c 0f 45 d1 49 39 c1 0f 
[  371.010846] RIP: receive_buf+0x7db/0xd20 RSP: 9cd9406b3d10
[  371.011701] CR2: cc40fe20
[  371.012241] ---[ end trace b32e281709829620 ]---
[  371.012929] Kernel panic - not syncing: Fatal exception in interrupt
[  371.013999] Kernel Offset: 0x3100 from 0x8100 (relocation 
range: 0x8000-0xbfff)
[  371.015543] ---[ end Kernel panic - not syncing: Fatal exception in interrupt

conditions:
With low work-load the migration seems to perform as expected. 

If load average is between 3-4 the issue can be reproduced relatively easily 
(2-5 live migration till it's crashing).

The drbd block device is in dual primary mode during the migration.

RAM (ECC) on both hosts has been tested before these test.

Cheers,
Antti


-- 
Fennosys 

Re: [Qemu-devel] [PATCH v7 17/52] tcg: Introduce temp_tcgv_{i32, i64, ptr}

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> Signed-off-by: Richard Henderson 
> ---
>  tcg/tcg.h | 26 +-
>  tcg/tcg.c | 74 
> +++
>  2 files changed, 53 insertions(+), 47 deletions(-)
> 
> diff --git a/tcg/tcg.h b/tcg/tcg.h
> index fb8ce01664..9432962d7b 100644
> --- a/tcg/tcg.h
> +++ b/tcg/tcg.h
> @@ -786,6 +786,21 @@ static inline TCGTemp *tcgv_ptr_temp(TCGv_ptr t)
>  return arg_temp(tcgv_ptr_arg(t));
>  }
>  
> +static inline TCGv_i32 temp_tcgv_i32(TCGTemp *t)
> +{
> +return (TCGv_i32)temp_idx(t);
> +}
> +
> +static inline TCGv_i64 temp_tcgv_i64(TCGTemp *t)
> +{
> +return (TCGv_i64)temp_idx(t);
> +}
> +
> +static inline TCGv_ptr temp_tcgv_ptr(TCGTemp *t)
> +{
> +return (TCGv_ptr)temp_idx(t);
> +}
> +
>  static inline void tcg_set_insn_param(int op_idx, int arg, TCGArg v)
>  {
>  tcg_ctx.gen_op_buf[op_idx].args[arg] = v;
> @@ -837,7 +852,8 @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb);
>  
>  void tcg_set_frame(TCGContext *s, TCGReg reg, intptr_t start, intptr_t size);
>  
> -int tcg_global_mem_new_internal(TCGType, TCGv_ptr, intptr_t, const char *);
> +TCGTemp *tcg_global_mem_new_internal(TCGType, TCGv_ptr,
> + intptr_t, const char *);
>  
>  TCGv_i32 tcg_global_reg_new_i32(TCGReg reg, const char *name);
>  TCGv_i64 tcg_global_reg_new_i64(TCGReg reg, const char *name);
> @@ -851,8 +867,8 @@ void tcg_temp_free_i64(TCGv_i64 arg);
>  static inline TCGv_i32 tcg_global_mem_new_i32(TCGv_ptr reg, intptr_t offset,
>const char *name)
>  {
> -int idx = tcg_global_mem_new_internal(TCG_TYPE_I32, reg, offset, name);
> -return MAKE_TCGV_I32(idx);
> +TCGTemp *t = tcg_global_mem_new_internal(TCG_TYPE_I32, reg, offset, 
> name);
> +return temp_tcgv_i32(t);
>  }
>  
>  static inline TCGv_i32 tcg_temp_new_i32(void)
> @@ -868,8 +884,8 @@ static inline TCGv_i32 tcg_temp_local_new_i32(void)
>  static inline TCGv_i64 tcg_global_mem_new_i64(TCGv_ptr reg, intptr_t offset,
>const char *name)
>  {
> -int idx = tcg_global_mem_new_internal(TCG_TYPE_I64, reg, offset, name);
> -return MAKE_TCGV_I64(idx);
> +TCGTemp *t = tcg_global_mem_new_internal(TCG_TYPE_I64, reg, offset, 
> name);
> +return temp_tcgv_i64(t);
>  }
>  
>  static inline TCGv_i64 tcg_temp_new_i64(void)
> diff --git a/tcg/tcg.c b/tcg/tcg.c
> index cb985aabdc..0a9bfa4236 100644
> --- a/tcg/tcg.c
> +++ b/tcg/tcg.c
> @@ -492,8 +492,8 @@ static inline TCGTemp *tcg_global_alloc(TCGContext *s)
>  return ts;
>  }
>  
> -static int tcg_global_reg_new_internal(TCGContext *s, TCGType type,
> -   TCGReg reg, const char *name)
> +static TCGTemp *tcg_global_reg_new_internal(TCGContext *s, TCGType type,
> +TCGReg reg, const char *name)
>  {
>  TCGTemp *ts;
>  
> @@ -509,44 +509,43 @@ static int tcg_global_reg_new_internal(TCGContext *s, 
> TCGType type,
>  ts->name = name;
>  tcg_regset_set_reg(s->reserved_regs, reg);
>  
> -return temp_idx(ts);
> +return ts;
>  }
>  
>  void tcg_set_frame(TCGContext *s, TCGReg reg, intptr_t start, intptr_t size)
>  {
> -int idx;
>  s->frame_start = start;
>  s->frame_end = start + size;
> -idx = tcg_global_reg_new_internal(s, TCG_TYPE_PTR, reg, "_frame");
> -s->frame_temp = >temps[idx];
> +s->frame_temp
> += tcg_global_reg_new_internal(s, TCG_TYPE_PTR, reg, "_frame");
>  }
>  
>  TCGv_i32 tcg_global_reg_new_i32(TCGReg reg, const char *name)
>  {
>  TCGContext *s = _ctx;
> -int idx;
> +TCGTemp *t;
>  
>  if (tcg_regset_test_reg(s->reserved_regs, reg)) {
>  tcg_abort();
>  }
> -idx = tcg_global_reg_new_internal(s, TCG_TYPE_I32, reg, name);
> -return MAKE_TCGV_I32(idx);
> +t = tcg_global_reg_new_internal(s, TCG_TYPE_I32, reg, name);
> +return temp_tcgv_i32(t);
>  }
>  
>  TCGv_i64 tcg_global_reg_new_i64(TCGReg reg, const char *name)
>  {
>  TCGContext *s = _ctx;
> -int idx;
> +TCGTemp *t;
>  
>  if (tcg_regset_test_reg(s->reserved_regs, reg)) {
>  tcg_abort();
>  }
> -idx = tcg_global_reg_new_internal(s, TCG_TYPE_I64, reg, name);
> -return MAKE_TCGV_I64(idx);
> +t = tcg_global_reg_new_internal(s, TCG_TYPE_I64, reg, name);
> +return temp_tcgv_i64(t);
>  }
>  
> -int tcg_global_mem_new_internal(TCGType type, TCGv_ptr base,
> -intptr_t offset, const char *name)
> +TCGTemp *tcg_global_mem_new_internal(TCGType type, TCGv_ptr base,
> + intptr_t offset, const char *name)
>  {
>  TCGContext *s = _ctx;
>  TCGTemp *base_ts = >temps[GET_TCGV_PTR(base)];
> @@ -598,10 +597,10 @@ int tcg_global_mem_new_internal(TCGType type, TCGv_ptr 
> base,
>  

Re: [Qemu-devel] [PATCH v7 16/52] tcg: Introduce tcgv_{i32, i64, ptr}_{arg, temp}

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> Transform TCGv_* to an "argument" or a temporary.
> For now, an argument is simply the temporary index.
> 
> Signed-off-by: Richard Henderson 
> ---
>  include/exec/helper-gen.h  | 10 ++---
>  include/exec/helper-head.h | 12 +++---
>  tcg/tcg-op.h   | 94 
> +++---
>  tcg/tcg.h  | 32 +++-
>  tcg/tcg-op.c   | 14 +++
>  tcg/tcg.c  | 50 
>  6 files changed, 122 insertions(+), 90 deletions(-)
> 
> diff --git a/include/exec/helper-gen.h b/include/exec/helper-gen.h
> index 476acd9220..15204ab961 100644
> --- a/include/exec/helper-gen.h
> +++ b/include/exec/helper-gen.h
> @@ -16,7 +16,7 @@ static inline void glue(gen_helper_, 
> name)(dh_retvar_decl0(ret))\
>  static inline void glue(gen_helper_, name)(dh_retvar_decl(ret)  \
>  dh_arg_decl(t1, 1)) \
>  {   \
> -  TCGArg args[1] = { dh_arg(t1, 1) };   \
> +  TCGTemp *args[1] = { dh_arg(t1, 1) }; \
>tcg_gen_callN(HELPER(name), dh_retvar(ret), 1, args); \
>  }
>  
> @@ -24,7 +24,7 @@ static inline void glue(gen_helper_, 
> name)(dh_retvar_decl(ret)  \
>  static inline void glue(gen_helper_, name)(dh_retvar_decl(ret)  \
>  dh_arg_decl(t1, 1), dh_arg_decl(t2, 2)) \
>  {   \
> -  TCGArg args[2] = { dh_arg(t1, 1), dh_arg(t2, 2) };\
> +  TCGTemp *args[2] = { dh_arg(t1, 1), dh_arg(t2, 2) };  \
>tcg_gen_callN(HELPER(name), dh_retvar(ret), 2, args); \
>  }
>  
> @@ -32,7 +32,7 @@ static inline void glue(gen_helper_, 
> name)(dh_retvar_decl(ret)  \
>  static inline void glue(gen_helper_, name)(dh_retvar_decl(ret)  \
>  dh_arg_decl(t1, 1), dh_arg_decl(t2, 2), dh_arg_decl(t3, 3)) \
>  {   \
> -  TCGArg args[3] = { dh_arg(t1, 1), dh_arg(t2, 2), dh_arg(t3, 3) }; \
> +  TCGTemp *args[3] = { dh_arg(t1, 1), dh_arg(t2, 2), dh_arg(t3, 3) };   \
>tcg_gen_callN(HELPER(name), dh_retvar(ret), 3, args); \
>  }
>  
> @@ -41,7 +41,7 @@ static inline void glue(gen_helper_, 
> name)(dh_retvar_decl(ret)  \
>  dh_arg_decl(t1, 1), dh_arg_decl(t2, 2), \
>  dh_arg_decl(t3, 3), dh_arg_decl(t4, 4)) \
>  {   \
> -  TCGArg args[4] = { dh_arg(t1, 1), dh_arg(t2, 2),  \
> +  TCGTemp *args[4] = { dh_arg(t1, 1), dh_arg(t2, 2),\
>   dh_arg(t3, 3), dh_arg(t4, 4) };\
>tcg_gen_callN(HELPER(name), dh_retvar(ret), 4, args); \
>  }
> @@ -51,7 +51,7 @@ static inline void glue(gen_helper_, 
> name)(dh_retvar_decl(ret)  \
>  dh_arg_decl(t1, 1),  dh_arg_decl(t2, 2), dh_arg_decl(t3, 3),\
>  dh_arg_decl(t4, 4), dh_arg_decl(t5, 5)) \
>  {   \
> -  TCGArg args[5] = { dh_arg(t1, 1), dh_arg(t2, 2), dh_arg(t3, 3),   \
> +  TCGTemp *args[5] = { dh_arg(t1, 1), dh_arg(t2, 2), dh_arg(t3, 3), \
>   dh_arg(t4, 4), dh_arg(t5, 5) };\
>tcg_gen_callN(HELPER(name), dh_retvar(ret), 5, args); \
>  }
> diff --git a/include/exec/helper-head.h b/include/exec/helper-head.h
> index 1cfc43b9ff..13286018fd 100644
> --- a/include/exec/helper-head.h
> +++ b/include/exec/helper-head.h
> @@ -78,11 +78,11 @@
>  #define dh_retvar_decl_ptr TCGv_ptr retval,
>  #define dh_retvar_decl(t) glue(dh_retvar_decl_, dh_alias(t))
>  
> -#define dh_retvar_void TCG_CALL_DUMMY_ARG
> -#define dh_retvar_noreturn TCG_CALL_DUMMY_ARG
> -#define dh_retvar_i32 GET_TCGV_i32(retval)
> -#define dh_retvar_i64 GET_TCGV_i64(retval)
> -#define dh_retvar_ptr GET_TCGV_ptr(retval)
> +#define dh_retvar_void NULL
> +#define dh_retvar_noreturn NULL
> +#define dh_retvar_i32 tcgv_i32_temp(retval)
> +#define dh_retvar_i64 tcgv_i64_temp(retval)
> +#define dh_retvar_ptr tcgv_ptr_temp(retval)

ok

>  #define dh_retvar(t) glue(dh_retvar_, dh_alias(t))
>  
>  #define dh_is_64bit_void 0
> @@ -113,7 +113,7 @@
>((dh_is_64bit(t) << (n*2)) | (dh_is_signed(t) << (n*2+1)))
>  
>  #define dh_arg(t, n) \
> -  glue(GET_TCGV_, dh_alias(t))(glue(arg, n))
> +  glue(glue(tcgv_, dh_alias(t)), _temp)(glue(arg, n))

nasty...

>  
>  #define dh_arg_decl(t, n) glue(TCGv_, dh_alias(t)) glue(arg, n)
>  
> diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
> index 

Re: [Qemu-devel] [PATCH v7 15/52] tcg: Push tcg_ctx into tcg_gen_callN

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> Reviewed-by: Emilio G. Cota 
> Signed-off-by: Richard Henderson 
> ---
>  include/exec/helper-gen.h | 12 ++--
>  tcg/tcg.h |  3 +--
>  tcg/tcg.c |  4 ++--
>  3 files changed, 9 insertions(+), 10 deletions(-)
> 
> diff --git a/include/exec/helper-gen.h b/include/exec/helper-gen.h
> index 8239ffc77c..476acd9220 100644
> --- a/include/exec/helper-gen.h
> +++ b/include/exec/helper-gen.h
> @@ -9,7 +9,7 @@
>  #define DEF_HELPER_FLAGS_0(name, flags, ret)\
>  static inline void glue(gen_helper_, name)(dh_retvar_decl0(ret))\
>  {   \
> -  tcg_gen_callN(_ctx, HELPER(name), dh_retvar(ret), 0, NULL);   \
> +  tcg_gen_callN(HELPER(name), dh_retvar(ret), 0, NULL); \
>  }
>  
>  #define DEF_HELPER_FLAGS_1(name, flags, ret, t1)\
> @@ -17,7 +17,7 @@ static inline void glue(gen_helper_, 
> name)(dh_retvar_decl(ret)  \
>  dh_arg_decl(t1, 1)) \
>  {   \
>TCGArg args[1] = { dh_arg(t1, 1) };   \
> -  tcg_gen_callN(_ctx, HELPER(name), dh_retvar(ret), 1, args);   \
> +  tcg_gen_callN(HELPER(name), dh_retvar(ret), 1, args); \
>  }
>  
>  #define DEF_HELPER_FLAGS_2(name, flags, ret, t1, t2)\
> @@ -25,7 +25,7 @@ static inline void glue(gen_helper_, 
> name)(dh_retvar_decl(ret)  \
>  dh_arg_decl(t1, 1), dh_arg_decl(t2, 2)) \
>  {   \
>TCGArg args[2] = { dh_arg(t1, 1), dh_arg(t2, 2) };\
> -  tcg_gen_callN(_ctx, HELPER(name), dh_retvar(ret), 2, args);   \
> +  tcg_gen_callN(HELPER(name), dh_retvar(ret), 2, args); \
>  }
>  
>  #define DEF_HELPER_FLAGS_3(name, flags, ret, t1, t2, t3)\
> @@ -33,7 +33,7 @@ static inline void glue(gen_helper_, 
> name)(dh_retvar_decl(ret)  \
>  dh_arg_decl(t1, 1), dh_arg_decl(t2, 2), dh_arg_decl(t3, 3)) \
>  {   \
>TCGArg args[3] = { dh_arg(t1, 1), dh_arg(t2, 2), dh_arg(t3, 3) }; \
> -  tcg_gen_callN(_ctx, HELPER(name), dh_retvar(ret), 3, args);   \
> +  tcg_gen_callN(HELPER(name), dh_retvar(ret), 3, args); \
>  }
>  
>  #define DEF_HELPER_FLAGS_4(name, flags, ret, t1, t2, t3, t4)\
> @@ -43,7 +43,7 @@ static inline void glue(gen_helper_, 
> name)(dh_retvar_decl(ret)  \
>  {   \
>TCGArg args[4] = { dh_arg(t1, 1), dh_arg(t2, 2),  \
>   dh_arg(t3, 3), dh_arg(t4, 4) };\
> -  tcg_gen_callN(_ctx, HELPER(name), dh_retvar(ret), 4, args);   \
> +  tcg_gen_callN(HELPER(name), dh_retvar(ret), 4, args); \
>  }
>  
>  #define DEF_HELPER_FLAGS_5(name, flags, ret, t1, t2, t3, t4, t5)\
> @@ -53,7 +53,7 @@ static inline void glue(gen_helper_, 
> name)(dh_retvar_decl(ret)  \
>  {   \
>TCGArg args[5] = { dh_arg(t1, 1), dh_arg(t2, 2), dh_arg(t3, 3),   \
>   dh_arg(t4, 4), dh_arg(t5, 5) };\
> -  tcg_gen_callN(_ctx, HELPER(name), dh_retvar(ret), 5, args);   \
> +  tcg_gen_callN(HELPER(name), dh_retvar(ret), 5, args); \
>  }
>  
>  #include "helper.h"
> diff --git a/tcg/tcg.h b/tcg/tcg.h
> index 563e7d36aa..0d61932301 100644
> --- a/tcg/tcg.h
> +++ b/tcg/tcg.h
> @@ -951,8 +951,7 @@ do {\
>  
>  bool tcg_op_supported(TCGOpcode op);
>  
> -void tcg_gen_callN(TCGContext *s, void *func,
> -   TCGArg ret, int nargs, TCGArg *args);
> +void tcg_gen_callN(void *func, TCGArg ret, int nargs, TCGArg *args);
>  
>  void tcg_op_remove(TCGContext *s, TCGOp *op);
>  TCGOp *tcg_op_insert_before(TCGContext *s, TCGOp *op, TCGOpcode opc, int 
> narg);
> diff --git a/tcg/tcg.c b/tcg/tcg.c
> index c10e73babe..dac3e06a5b 100644
> --- a/tcg/tcg.c
> +++ b/tcg/tcg.c
> @@ -974,9 +974,9 @@ bool tcg_op_supported(TCGOpcode op)
>  /* Note: we convert the 64 bit args to 32 bit and do some alignment
> and endian swap. Maybe it would be better to do the alignment
> and endian swap in tcg_reg_alloc_call(). */
> -void tcg_gen_callN(TCGContext *s, void *func, TCGArg ret,
> -   int nargs, TCGArg *args)
> +void tcg_gen_callN(void *func, TCGArg ret, int nargs, TCGArg *args)
>  {
> +TCGContext *s = _ctx;

Reviewed-by: Philippe Mathieu-Daudé 

>  int i, real_args, nb_rets, pi;
>  unsigned sizemask, flags;
>  

Re: [Qemu-devel] [PATCH v7 14/52] tcg: Push tcg_ctx into generator functions

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> Reviewed-by: Emilio G. Cota 
> Signed-off-by: Richard Henderson 
> ---
>  tcg/tcg-op.h | 100 
> +++
>  tcg/tcg-op.c |  47 ++--
>  2 files changed, 69 insertions(+), 78 deletions(-)
> 
> diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
> index 18d01b2f43..de9a61206a 100644
> --- a/tcg/tcg-op.h
> +++ b/tcg/tcg-op.h
> @@ -28,173 +28,166 @@
>  
>  /* Basic output routines.  Not for general consumption.  */
>  
> -void tcg_gen_op1(TCGContext *, TCGOpcode, TCGArg);
> -void tcg_gen_op2(TCGContext *, TCGOpcode, TCGArg, TCGArg);
> -void tcg_gen_op3(TCGContext *, TCGOpcode, TCGArg, TCGArg, TCGArg);
> -void tcg_gen_op4(TCGContext *, TCGOpcode, TCGArg, TCGArg, TCGArg, TCGArg);
> -void tcg_gen_op5(TCGContext *, TCGOpcode, TCGArg, TCGArg, TCGArg,
> - TCGArg, TCGArg);
> -void tcg_gen_op6(TCGContext *, TCGOpcode, TCGArg, TCGArg, TCGArg,
> - TCGArg, TCGArg, TCGArg);
> -
> +void tcg_gen_op1(TCGOpcode, TCGArg);
> +void tcg_gen_op2(TCGOpcode, TCGArg, TCGArg);
> +void tcg_gen_op3(TCGOpcode, TCGArg, TCGArg, TCGArg);
> +void tcg_gen_op4(TCGOpcode, TCGArg, TCGArg, TCGArg, TCGArg);
> +void tcg_gen_op5(TCGOpcode, TCGArg, TCGArg, TCGArg, TCGArg, TCGArg);
> +void tcg_gen_op6(TCGOpcode, TCGArg, TCGArg, TCGArg, TCGArg, TCGArg, TCGArg);
>  
>  static inline void tcg_gen_op1_i32(TCGOpcode opc, TCGv_i32 a1)
>  {
> -tcg_gen_op1(_ctx, opc, GET_TCGV_I32(a1));
> +tcg_gen_op1(opc, GET_TCGV_I32(a1));
>  }
>  
>  static inline void tcg_gen_op1_i64(TCGOpcode opc, TCGv_i64 a1)
>  {
> -tcg_gen_op1(_ctx, opc, GET_TCGV_I64(a1));
> +tcg_gen_op1(opc, GET_TCGV_I64(a1));
>  }
>  
>  static inline void tcg_gen_op1i(TCGOpcode opc, TCGArg a1)
>  {
> -tcg_gen_op1(_ctx, opc, a1);
> +tcg_gen_op1(opc, a1);
>  }
>  
>  static inline void tcg_gen_op2_i32(TCGOpcode opc, TCGv_i32 a1, TCGv_i32 a2)
>  {
> -tcg_gen_op2(_ctx, opc, GET_TCGV_I32(a1), GET_TCGV_I32(a2));
> +tcg_gen_op2(opc, GET_TCGV_I32(a1), GET_TCGV_I32(a2));
>  }
>  
>  static inline void tcg_gen_op2_i64(TCGOpcode opc, TCGv_i64 a1, TCGv_i64 a2)
>  {
> -tcg_gen_op2(_ctx, opc, GET_TCGV_I64(a1), GET_TCGV_I64(a2));
> +tcg_gen_op2(opc, GET_TCGV_I64(a1), GET_TCGV_I64(a2));
>  }
>  
>  static inline void tcg_gen_op2i_i32(TCGOpcode opc, TCGv_i32 a1, TCGArg a2)
>  {
> -tcg_gen_op2(_ctx, opc, GET_TCGV_I32(a1), a2);
> +tcg_gen_op2(opc, GET_TCGV_I32(a1), a2);
>  }
>  
>  static inline void tcg_gen_op2i_i64(TCGOpcode opc, TCGv_i64 a1, TCGArg a2)
>  {
> -tcg_gen_op2(_ctx, opc, GET_TCGV_I64(a1), a2);
> +tcg_gen_op2(opc, GET_TCGV_I64(a1), a2);
>  }
>  
>  static inline void tcg_gen_op2ii(TCGOpcode opc, TCGArg a1, TCGArg a2)
>  {
> -tcg_gen_op2(_ctx, opc, a1, a2);
> +tcg_gen_op2(opc, a1, a2);
>  }
>  
>  static inline void tcg_gen_op3_i32(TCGOpcode opc, TCGv_i32 a1,
> TCGv_i32 a2, TCGv_i32 a3)
>  {
> -tcg_gen_op3(_ctx, opc, GET_TCGV_I32(a1),
> -GET_TCGV_I32(a2), GET_TCGV_I32(a3));
> +tcg_gen_op3(opc, GET_TCGV_I32(a1), GET_TCGV_I32(a2), GET_TCGV_I32(a3));
>  }
>  
>  static inline void tcg_gen_op3_i64(TCGOpcode opc, TCGv_i64 a1,
> TCGv_i64 a2, TCGv_i64 a3)
>  {
> -tcg_gen_op3(_ctx, opc, GET_TCGV_I64(a1),
> -GET_TCGV_I64(a2), GET_TCGV_I64(a3));
> +tcg_gen_op3(opc, GET_TCGV_I64(a1), GET_TCGV_I64(a2), GET_TCGV_I64(a3));
>  }
>  
>  static inline void tcg_gen_op3i_i32(TCGOpcode opc, TCGv_i32 a1,
>  TCGv_i32 a2, TCGArg a3)
>  {
> -tcg_gen_op3(_ctx, opc, GET_TCGV_I32(a1), GET_TCGV_I32(a2), a3);
> +tcg_gen_op3(opc, GET_TCGV_I32(a1), GET_TCGV_I32(a2), a3);
>  }
>  
>  static inline void tcg_gen_op3i_i64(TCGOpcode opc, TCGv_i64 a1,
>  TCGv_i64 a2, TCGArg a3)
>  {
> -tcg_gen_op3(_ctx, opc, GET_TCGV_I64(a1), GET_TCGV_I64(a2), a3);
> +tcg_gen_op3(opc, GET_TCGV_I64(a1), GET_TCGV_I64(a2), a3);
>  }
>  
>  static inline void tcg_gen_ldst_op_i32(TCGOpcode opc, TCGv_i32 val,
> TCGv_ptr base, TCGArg offset)
>  {
> -tcg_gen_op3(_ctx, opc, GET_TCGV_I32(val), GET_TCGV_PTR(base), 
> offset);
> +tcg_gen_op3(opc, GET_TCGV_I32(val), GET_TCGV_PTR(base), offset);
>  }
>  
>  static inline void tcg_gen_ldst_op_i64(TCGOpcode opc, TCGv_i64 val,
> TCGv_ptr base, TCGArg offset)
>  {
> -tcg_gen_op3(_ctx, opc, GET_TCGV_I64(val), GET_TCGV_PTR(base), 
> offset);
> +tcg_gen_op3(opc, GET_TCGV_I64(val), GET_TCGV_PTR(base), offset);
>  }
>  
>  static inline void tcg_gen_op4_i32(TCGOpcode opc, TCGv_i32 a1, TCGv_i32 a2,
> TCGv_i32 a3, TCGv_i32 a4)
>  {
> -tcg_gen_op4(_ctx, opc, GET_TCGV_I32(a1), GET_TCGV_I32(a2),
> +tcg_gen_op4(opc, GET_TCGV_I32(a1), 

Re: [Qemu-devel] [PATCH v7 11/52] tcg: Change temp_allocate_frame arg to TCGTemp

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> From: Richard Henderson 
> 
> Reviewed-by: Emilio G. Cota 
> Signed-off-by: Richard Henderson 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  tcg/tcg.c | 8 +++-
>  1 file changed, 3 insertions(+), 5 deletions(-)

Re: [Qemu-devel] [PATCH v7 10/52] tcg: Avoid loops against variable bounds

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> From: Richard Henderson 
> 
> Copy s->nb_globals or s->nb_temps to a local variable for the purposes
> of iteration.  This should allow the compiler to use low-overhead
> looping constructs on some hosts.
> 
> Reviewed-by: Emilio G. Cota 
> Reviewed-by: Alex Bennée 
> Signed-off-by: Richard Henderson 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  tcg/tcg.c | 27 ++-
>  1 file changed, 10 insertions(+), 17 deletions(-)

Re: [Qemu-devel] [PATCH v7 06/52] tcg: Add temp_global bit to TCGTemp

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> From: Richard Henderson 
> 
> This avoids needing to test the index of a temp against nb_globals.
> 
> Reviewed-by: Emilio G. Cota 
> Signed-off-by: Richard Henderson 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  tcg/tcg.h  | 12 
>  tcg/optimize.c | 15 ---
>  tcg/tcg.c  | 11 ---
>  3 files changed, 24 insertions(+), 14 deletions(-)

Re: [Qemu-devel] [PATCH v7 08/52] tcg: Introduce temp_arg, export temp_idx

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> From: Richard Henderson 
> 
> At the same time, adrop the TCGContext argument and use tcg_ctx instead.
> 
> Reviewed-by: Emilio G. Cota 
> Signed-off-by: Richard Henderson 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  tcg/tcg.h | 12 
>  tcg/tcg.c | 19 ++-
>  2 files changed, 18 insertions(+), 13 deletions(-)

Re: [Qemu-devel] [PATCH v7 05/52] tcg: Introduce arg_temp

[Philippe Mathieu-Daudé]

On 10/20/2017 08:19 PM, Richard Henderson wrote:
> From: Richard Henderson 
> 
> Reviewed-by: Emilio G. Cota 
> Reviewed-by: Alex Bennée 
> Signed-off-by: Richard Henderson 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  tcg/tcg.h  |  5 +
>  tcg/optimize.c |  4 ++--
>  tcg/tcg.c  | 51 +--
>  3 files changed, 32 insertions(+), 28 deletions(-)

Re: [Qemu-devel] SDL2 various fixes

[Philippe Mathieu-Daudé]

Cc'ing Gerd, the maintainer of this area, please include him if you respin.

On 10/23/2017 06:07 PM, Jindrich Makovicka wrote:
> I am sending a couple of patches I needed to apply to make the
> SDL2 GUI work reasonably on Debian Sid, which recently switched
> from SDL1.
> 
> The main issue is that the QEMU window stops updating when it is
> minimized, or after a virtual desktop switch. Then, there are
> some regressions due to recently added terminals in multiple
> windows, and some issues with fullscreen mode and window scaling.
> 
> I am using MATE desktop 1.18 and SDL 2.0.6.

Re: [Qemu-devel] [PATCH 3/7] sdl2: Do not hide the cursor on auxilliary windows

[Philippe Mathieu-Daudé]

Hi Jindrich,

This looks like 2 different patches, can you split?

On 10/23/2017 06:07 PM, Jindrich Makovicka wrote:
> ---
>  ui/sdl2.c | 41 ++---
>  1 file changed, 30 insertions(+), 11 deletions(-)
> 
> diff --git a/ui/sdl2.c b/ui/sdl2.c
> index aa37b39547..685e4fabec 100644
> --- a/ui/sdl2.c
> +++ b/ui/sdl2.c
> @@ -169,10 +169,10 @@ static void sdl_hide_cursor(void)
>  return;
>  }
>  
> -if (qemu_input_is_absolute()) {
> -SDL_ShowCursor(1);
> -SDL_SetCursor(sdl_cursor_hidden);
> -} else {
> +SDL_ShowCursor(SDL_DISABLE);
> +SDL_SetCursor(sdl_cursor_hidden);
> +
> +if (!qemu_input_is_absolute()) {
>  SDL_SetRelativeMouseMode(SDL_TRUE);
>  }
>  }
> @@ -185,14 +185,16 @@ static void sdl_show_cursor(void)
>  
>  if (!qemu_input_is_absolute()) {
>  SDL_SetRelativeMouseMode(SDL_FALSE);
> -SDL_ShowCursor(1);
> -if (guest_cursor &&
> -(gui_grab || qemu_input_is_absolute() || absolute_enabled)) {
> -SDL_SetCursor(guest_sprite);
> -} else {
> -SDL_SetCursor(sdl_cursor_normal);
> -}
>  }
> +
> +if (guest_cursor &&
> +(gui_grab || qemu_input_is_absolute() || absolute_enabled)) {
> +SDL_SetCursor(guest_sprite);
> +} else {
> +SDL_SetCursor(sdl_cursor_normal);
> +}
> +
> +SDL_ShowCursor(SDL_ENABLE);
>  }

first patch:
Reviewed-by: Philippe Mathieu-Daudé 

---

second patch:

>  
>  static void sdl_grab_start(struct sdl2_console *scon)
> @@ -463,6 +465,10 @@ static void handle_mousemotion(SDL_Event *ev)
>  int max_x, max_y;
>  struct sdl2_console *scon = get_scon_from_window(ev->key.windowID);
>  
> +if (!qemu_console_is_graphic(scon->dcl.con)) {
> +return;
> +}
> +
>  if (qemu_input_is_absolute() || absolute_enabled) {
>  int scr_w, scr_h;
>  SDL_GetWindowSize(scon->real_window, _w, _h);
> @@ -490,6 +496,10 @@ static void handle_mousebutton(SDL_Event *ev)
>  SDL_MouseButtonEvent *bev;
>  struct sdl2_console *scon = get_scon_from_window(ev->key.windowID);
>  
> +if (!qemu_console_is_graphic(scon->dcl.con)) {
> +return;
> +}
> +
>  bev = >button;
>  if (!gui_grab && !qemu_input_is_absolute()) {
>  if (ev->type == SDL_MOUSEBUTTONUP && bev->button == SDL_BUTTON_LEFT) 
> {
> @@ -512,6 +522,10 @@ static void handle_mousewheel(SDL_Event *ev)
>  SDL_MouseWheelEvent *wev = >wheel;
>  InputButton btn;
>  
> +if (!qemu_console_is_graphic(scon->dcl.con)) {
> +return;
> +}
> +
>  if (wev->y > 0) {
>  btn = INPUT_BUTTON_WHEEL_UP;
>  } else if (wev->y < 0) {
> @@ -651,6 +665,11 @@ static void sdl_mouse_warp(DisplayChangeListener *dcl,
> int x, int y, int on)
>  {
>  struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
> +
> +if (!qemu_console_is_graphic(scon->dcl.con)) {
> +return;
> +}
> +
>  if (on) {
>  if (!guest_cursor) {
>  sdl_show_cursor();
> 

Regards,

Phil.

Re: [Qemu-devel] [PATCH 3/3] vl: remove unnecessary #ifdef CONFIG_TPM

[Philippe Mathieu-Daudé]

Hi Richard,

On 10/23/2017 06:37 PM, Richard W.M. Jones wrote:
> The series fixes the build for me, thanks :-)

Good, does this mean I can add your Tested-by: tag?

Regards,

Phil.

Re: [Qemu-devel] [Qemu-arm] [PATCH v2] fix WFI/WFE length in syndrome register

[Philippe Mathieu-Daudé]

Hi Stefano,

On 10/21/2017 03:09 PM, Stefano Stabellini wrote:
[...]
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index a39b9d3..6f74589 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -11380,17 +11380,20 @@ static void aarch64_tr_tb_stop(DisasContextBase 
> *dcbase, CPUState *cpu)
>  gen_helper_yield(cpu_env);
>  break;
>  case DISAS_WFI:
> +{
> +TCGv_i32 tmp = tcg_const_i32((dc->insn & (1U << 31)) ? 4 : 2);

this alloc'd tmp var needs to be free'd.

>  /* This is a special case because we don't want to just halt the 
> CPU
>   * if trying to debug across a WFI.
>   */
>  gen_a64_set_pc_im(dc->pc);
> -gen_helper_wfi(cpu_env);
> +gen_helper_wfi(cpu_env, tmp);

as:
   tcg_temp_free_i32(tmp);

>  /* The helper doesn't necessarily throw an exception, but we
>   * must go back to the main loop to check for interrupts anyway.
>   */
>  tcg_gen_exit_tb(0);
>  break;
>  }
> +}
>  }
>  
>  /* Functions above can change dc->pc, so re-align db->pc_next */
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index 4da1a4c..a89518f 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -12325,12 +12325,15 @@ static void arm_tr_tb_stop(DisasContextBase 
> *dcbase, CPUState *cpu)
>  /* nothing more to generate */
>  break;
>  case DISAS_WFI:
> -gen_helper_wfi(cpu_env);
> +{
> +TCGv_i32 tmp = tcg_const_i32((dc->insn & (1U << 31)) ? 4 : 2);
> +gen_helper_wfi(cpu_env, tmp);

ditto.

>  /* The helper doesn't necessarily throw an exception, but we
>   * must go back to the main loop to check for interrupts anyway.
>   */
>  tcg_gen_exit_tb(0);
>  break;
> +}
>  case DISAS_WFE:
>  gen_helper_wfe(cpu_env);
>  break;
> 

Regards,

Phil.

Re: [Qemu-devel] [Qemu-arm] [PATCH v2] fix WFI/WFE length in syndrome register

[Philippe Mathieu-Daudé]

On 10/23/2017 05:52 PM, Stefano Stabellini wrote:
> On Sat, 21 Oct 2017, no-re...@patchew.org wrote:
>> Makefile:30: recipe for target 'git-submodule-update' failed
>> make: *** [git-submodule-update] Error 1
>> make: *** Waiting for unfinished jobs
>> make: *** wait: No child processes.  Stop.
>> === OUTPUT END ===
>>
>> Test command exited with code: 2
> 
> This is a false positive, isn't it?

Yes, it should be now fixed:
http://lists.nongnu.org/archive/html/qemu-devel/2017-10/msg05484.html

Re: [Qemu-devel] qemu compile error

[Chen, Farrah]

Yes, I saw that patch, thank you !


Thanks,
Fan



-Original Message-
From: Daniel P. Berrange [mailto:berra...@redhat.com] 
Sent: Monday, October 23, 2017 9:46 PM
To: Chen, Farrah 
Cc: Peter Maydell ; qemu-devel@nongnu.org; Hu, Robert 

Subject: Re: [Qemu-devel] qemu compile error

On Mon, Oct 23, 2017 at 01:43:30PM +, Chen, Farrah wrote:
> Thank you very much!
> I removed "1>/dev/null 2>&1" in scripts/git-submodule.sh and found I 
> can't git clone git://git.qemu-project.org/dtc.git without tsocks.
> I used Daniel's approach, created the wrapper script called 'git' that 
> runs 'exec tsocks /usr/bin/git "$@"', it succeeded.
> Considering we still need to use bare 'git'  to access our internal 
> repo, so, for the time being, I use tsocks to git clone 
> git://git.qemu-project.org/dtc.git and 
> git://git.qemu.org/keycodemapdb.git
> first, then modified url in .gitmodules before compiling. It works.

To avoid need to create the wrapper script, I copied you on a patch that would 
let you run

  ./configure --with-git="tsocks git"

As a further alternative, I think it might also be possible to just run

  tsocks ./scripts/git-submodule.sh dtc ui/keycodemapdb

immediately after configure, but before running make.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v4 1/4] vhost-user: add new vhost user messages to support virtio config space

[Liu, Changpeng]

> -Original Message-
> From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> Sent: Tuesday, October 24, 2017 1:26 AM
> To: Liu, Changpeng 
> Cc: Michael S. Tsirkin ; qemu-devel@nongnu.org;
> pbonz...@redhat.com; marcandre.lur...@redhat.com; fel...@nutanix.com;
> Harris, James R 
> Subject: Re: [PATCH v4 1/4] vhost-user: add new vhost user messages to support
> virtio config space
> 
> On Mon, Oct 23, 2017 at 04:47:00AM +, Liu, Changpeng wrote:
> >
> >
> > > -Original Message-
> > > From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> > > Sent: Friday, October 20, 2017 6:01 PM
> > > To: Michael S. Tsirkin 
> > > Cc: Liu, Changpeng ; qemu-devel@nongnu.org;
> > > pbonz...@redhat.com; marcandre.lur...@redhat.com; fel...@nutanix.com;
> > > Harris, James R 
> > > Subject: Re: [PATCH v4 1/4] vhost-user: add new vhost user messages to
> support
> > > virtio config space
> > >
> > > On Thu, Oct 19, 2017 at 06:36:00PM +0300, Michael S. Tsirkin wrote:
> > > > On Thu, Oct 19, 2017 at 04:09:35PM +0200, Stefan Hajnoczi wrote:
> > > > > On Thu, Oct 19, 2017 at 01:24:07PM +0800, Changpeng Liu wrote:
> > > > > > @@ -922,6 +931,91 @@ static void 
> > > > > > vhost_user_set_iotlb_callback(struct
> > > vhost_dev *dev, int enabled)
> > > > > >  /* No-op as the receive channel is not dedicated to IOTLB 
> > > > > > messages.
> */
> > > > > >  }
> > > > > >
> > > > > > +static int vhost_user_get_config(struct vhost_dev *dev, uint8_t 
> > > > > > *config,
> > > > > > + size_t config_len)
> > > > > > +{
> > > > > > +VhostUserMsg msg = {
> > > > > > +.request = VHOST_USER_GET_CONFIG,
> > > > > > +.flags = VHOST_USER_VERSION,
> > > > > > +.size = config_len,
> > > > > > +};
> > > > > > +
> > > > > > +if (config_len == 0 || config_len > VHOST_USER_PAYLOAD_SIZE) {
> > > > >
> > > > > config_len should be limited to 256 bytes:
> > > > >
> > > > >   if (config_len == 0 || config_len > sizeof(msg.payload.config) {
> > > >
> > > > I would just limit it to a reasonable value, acceptable to
> > > > both master and slave, not fail if it's bigger.
> > > >
> > > >
> > > > > > +error_report("bad config length");
> > > > > > +return -1;
> > > > > > +}
> > > > > > +
> > > > > > +if (vhost_user_write(dev, , NULL, 0) < 0) {
> > > > > > +return -1;
> > > > > > +}
> > > > > > +
> > > > > > +if (vhost_user_read(dev, ) < 0) {
> > > > > > +return -1;
> > > > > > +}
> > > > > > +
> > > > > > +if (msg.request != VHOST_USER_GET_CONFIG) {
> > > > > > +error_report("Received unexpected msg type. Expected %d
> > > received %d",
> > > > > > + VHOST_USER_GET_CONFIG, msg.request);
> > > > > > +return -1;
> > > > > > +}
> > > > > > +
> > > > > > +if (msg.size != config_len) {
> > > > > > +error_report("Received bad msg size.");
> > > > > > +return -1;
> > > > > > +}
> > > > > > +
> > > > > > +memcpy(config, , config_len);
> > > > >
> > > > > There is some complexity here: different virtio devices use different
> > > > > amounts of config space.  Devices may append new fields to the config
> > > > > space to support new features.
> > > > >
> > > > > Therefore I think the simplest protocol is to always fetch the full
> > > > > 256-byte configuration space.  This way the vhost-user slave process 
> > > > > can
> > > > > implement feature bits that the master process does not know about.
> > > > >
> > > > > In other words, I don't think the master process knows how much of the
> > > > > config space is used so it should always request 256 bytes.
> > > >
> > > > Each device knows the max config space size.
> > > >
> > > > vdev->config_len = config_size;
> > >
> > > I see you're referring to the field that is set in:
> > >
> > >   void virtio_init(VirtIODevice *vdev, const char *name,
> > >uint16_t device_id, size_t config_size)
> > >
> > > How does this work for vhost-user where different slave programs may
> > > offer different config sizes?
> > Each Qemu vhost controller e.g: vhost-user-scsi-pci and vhost-user-blk-pci
> should has different char devices,
> > so vhost-slave knows those messages are from vhost-scsi or vhost-blk, of
> course, each UNIX domain socket
> > should be assigned by users with types: vhsot-scsi or vhost-blk.
> 
> We're talking about different things.  Here is an example illustrating
> my question:
> 
> vhost-user-blk slave A only knows about struct virtio_blk_config fields
> up to wce (VIRTIO 1.0).  See
> http://docs.oasis-open.org/virtio/virtio/v1.0/cs04/virtio-v1.0-cs04.html#x1-
> 2070004.
> 
> vhost-user-blk slave B implements struct virtio_blk_config with the new
> num_queues field.  See
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/u

Re: [Qemu-devel] [PATCH v4 2/4] vhost-user-blk: introduce a new vhost-user-blk host device

[Liu, Changpeng]

> -Original Message-
> From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> Sent: Tuesday, October 24, 2017 1:12 AM
> To: Liu, Changpeng 
> Cc: qemu-devel@nongnu.org; pbonz...@redhat.com; m...@redhat.com;
> marcandre.lur...@redhat.com; fel...@nutanix.com; Harris, James R
> 
> Subject: Re: [PATCH v4 2/4] vhost-user-blk: introduce a new vhost-user-blk 
> host
> device
> 
> On Mon, Oct 23, 2017 at 04:26:36AM +, Liu, Changpeng wrote:
> >
> >
> > > -Original Message-
> > > From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> > > Sent: Friday, October 20, 2017 5:55 PM
> > > To: Liu, Changpeng 
> > > Cc: qemu-devel@nongnu.org; pbonz...@redhat.com; m...@redhat.com;
> > > marcandre.lur...@redhat.com; fel...@nutanix.com; Harris, James R
> > > 
> > > Subject: Re: [PATCH v4 2/4] vhost-user-blk: introduce a new vhost-user-blk
> host
> > > device
> > >
> > > On Fri, Oct 20, 2017 at 01:47:58AM +, Liu, Changpeng wrote:
> > > > > > +static Property vhost_user_blk_properties[] = {
> > > > > > +DEFINE_PROP_CHR("chardev", VHostUserBlk, chardev),
> > > > > > +DEFINE_PROP_UINT16("num_queues", VHostUserBlk, num_queues,
> 1),
> > > > > > +DEFINE_PROP_UINT32("queue_size", VHostUserBlk, queue_size, 
> > > > > > 128),
> > > > > > +DEFINE_PROP_BIT64("f_size_max", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_SIZE_MAX, true),
> > > > > > +DEFINE_PROP_BIT64("f_sizemax", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_SIZE_MAX, true),
> > > > > > +DEFINE_PROP_BIT64("f_segmax", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_SEG_MAX, true),
> > > > > > +DEFINE_PROP_BIT64("f_geometry", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_GEOMETRY, true),
> > > > > > +DEFINE_PROP_BIT64("f_readonly", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_RO, false),
> > > > > > +DEFINE_PROP_BIT64("f_blocksize", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_BLK_SIZE, true),
> > > > > > +DEFINE_PROP_BIT64("f_topology", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_TOPOLOGY, true),
> > > > > > +DEFINE_PROP_BIT64("f_multiqueue", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_MQ, true),
> > > > > > +DEFINE_PROP_BIT64("f_flush", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_FLUSH, true),
> > > > > > +DEFINE_PROP_BIT64("f_barrier", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_BARRIER, false),
> > > > > > +DEFINE_PROP_BIT64("f_scsi", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_SCSI, false),
> > > > > > +DEFINE_PROP_BIT64("f_wce", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_WCE, false),
> > > > >
> > > > > Please explain how feature negotation works.  The vhost-user slave
> > > > > advertises support features in the return value from
> > > > > VHOST_USER_GET_FEATURES.  How does this additional feature mask
> work
> > > and
> > > > > why is it useful?
> > > > According to Paolo's previous comments, VIRTIO_BLK_F_WCE/
> > > VIRTIO_BLK_F_SCSI/ VIRTIO_BLK_F_BARRIER
> > > > should be removed. Here I added all the feature flags just want to avoid
> the
> > > case that vhost-user slave target
> > > > can support but Qemu vhost block driver cannot support it.
> > >
> > > Please explain a bit more how these options can be used.
> > >
> > > When I looked at the vhost code it seemed like the vhost slave can
> > > report any feature bits it wishes (even things QEMU doesn't know about).
> > > What is the purpose of override some of the feature bits on the QEMU
> > > command-line?
> > Hi Stefan,
> > Here I added a switch which can override vhost-slave's feature bits, for
> example, vhost-slave reported `VIRTIO_BLK_F_RO`,
> > but Qemu vhost-master can disable it through command line when started the
> Qemu. Users don't need to change any
> > vhost-slave's code to disable this feature, and this is also aligned with 
> > vhost-
> scsi and vhost-net's implementation.
> 
> You said vhost-master can disable features but the code doesn't seem to
> work that way:
> 
> +/* Turn on pre-defined features */
> +features |= s->host_features;
User can append parameter when started Qemu: e.g: f_readonly=false to disable 
it.
> 
> If the use case isn't clear please remove these properties for now.
I can make it the same with virtio-blk, hardcoded the mandatory features, and 
put 
VIRTIO_BLK_F_MQ/VIRTIO_BLK_F_RO/VIRTIO_BLK_F_CONFIG_WCE configurable. Thoughts?
> 
> Stefan

Re: [Qemu-devel] [PATCH v4 2/4] vhost-user-blk: introduce a new vhost-user-blk host device

[Liu, Changpeng]

> -Original Message-
> From: Michael S. Tsirkin [mailto:m...@redhat.com]
> Sent: Monday, October 23, 2017 8:55 PM
> To: Liu, Changpeng 
> Cc: Stefan Hajnoczi ; qemu-devel@nongnu.org;
> pbonz...@redhat.com; marcandre.lur...@redhat.com; fel...@nutanix.com;
> Harris, James R 
> Subject: Re: [PATCH v4 2/4] vhost-user-blk: introduce a new vhost-user-blk 
> host
> device
> 
> On Mon, Oct 23, 2017 at 04:26:36AM +, Liu, Changpeng wrote:
> >
> >
> > > -Original Message-
> > > From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> > > Sent: Friday, October 20, 2017 5:55 PM
> > > To: Liu, Changpeng 
> > > Cc: qemu-devel@nongnu.org; pbonz...@redhat.com; m...@redhat.com;
> > > marcandre.lur...@redhat.com; fel...@nutanix.com; Harris, James R
> > > 
> > > Subject: Re: [PATCH v4 2/4] vhost-user-blk: introduce a new vhost-user-blk
> host
> > > device
> > >
> > > On Fri, Oct 20, 2017 at 01:47:58AM +, Liu, Changpeng wrote:
> > > > > > +static Property vhost_user_blk_properties[] = {
> > > > > > +DEFINE_PROP_CHR("chardev", VHostUserBlk, chardev),
> > > > > > +DEFINE_PROP_UINT16("num_queues", VHostUserBlk, num_queues,
> 1),
> > > > > > +DEFINE_PROP_UINT32("queue_size", VHostUserBlk, queue_size, 
> > > > > > 128),
> > > > > > +DEFINE_PROP_BIT64("f_size_max", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_SIZE_MAX, true),
> > > > > > +DEFINE_PROP_BIT64("f_sizemax", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_SIZE_MAX, true),
> > > > > > +DEFINE_PROP_BIT64("f_segmax", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_SEG_MAX, true),
> > > > > > +DEFINE_PROP_BIT64("f_geometry", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_GEOMETRY, true),
> > > > > > +DEFINE_PROP_BIT64("f_readonly", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_RO, false),
> > > > > > +DEFINE_PROP_BIT64("f_blocksize", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_BLK_SIZE, true),
> > > > > > +DEFINE_PROP_BIT64("f_topology", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_TOPOLOGY, true),
> > > > > > +DEFINE_PROP_BIT64("f_multiqueue", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_MQ, true),
> > > > > > +DEFINE_PROP_BIT64("f_flush", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_FLUSH, true),
> > > > > > +DEFINE_PROP_BIT64("f_barrier", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_BARRIER, false),
> > > > > > +DEFINE_PROP_BIT64("f_scsi", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_SCSI, false),
> > > > > > +DEFINE_PROP_BIT64("f_wce", VHostUserBlk, host_features,
> > > > > > +  VIRTIO_BLK_F_WCE, false),
> > > > >
> > > > > Please explain how feature negotation works.  The vhost-user slave
> > > > > advertises support features in the return value from
> > > > > VHOST_USER_GET_FEATURES.  How does this additional feature mask
> work
> > > and
> > > > > why is it useful?
> > > > According to Paolo's previous comments, VIRTIO_BLK_F_WCE/
> > > VIRTIO_BLK_F_SCSI/ VIRTIO_BLK_F_BARRIER
> > > > should be removed. Here I added all the feature flags just want to avoid
> the
> > > case that vhost-user slave target
> > > > can support but Qemu vhost block driver cannot support it.
> > >
> > > Please explain a bit more how these options can be used.
> > >
> > > When I looked at the vhost code it seemed like the vhost slave can
> > > report any feature bits it wishes (even things QEMU doesn't know about).
> > > What is the purpose of override some of the feature bits on the QEMU
> > > command-line?
> > Hi Stefan,
> > Here I added a switch which can override vhost-slave's feature bits, for
> example, vhost-slave reported `VIRTIO_BLK_F_RO`,
> > but Qemu vhost-master can disable it through command line when started the
> Qemu. Users don't need to change any
> > vhost-slave's code to disable this feature, and this is also aligned with 
> > vhost-
> scsi and vhost-net's implementation.
> 
> Yes but I don't see these properties in virtio_blk_properties. Please
> make the names consistent at least when virtio-blk has them.
> I am pretty sure you don't want to expose e.g. _F_SCSI.
Yes, I should remove F_SCSI/F_WCE/F_BARRIER features, Virtio-blk hardcoded 4 
features: VIRTIO_BLK_F_SEG_MAX/VIRTIO_BLK_F_GEOMETRY/
VIRTIO_BLK_F_TOPOLOGY/VIRTIO_BLK_F_BLK_SIZE, and extra several configuration 
parameters for VIRTIO_BLK_F_CONFIG_WCE/VIRTIO_BLK_F_MQ,
I can change those feature bits same as virtio-blk.
> 
> 
> > > Stefan

[Qemu-devel] [RFC v2] e1000: Faulty tx checksum offload corrupts packets

[Ed Swierk via Qemu-devel]

[Resending to full set of maintainers]

v2: Cosmetic fixes for checkpatch/buildbot errors

The transmit checksum offload implementation in QEMU's e1000 device is
deficient and causes packet data corruption in some situations.

According to the Intel 8254x software developer's manual[1], the
hardware device maintains two separate contexts: the TCP segmentation
offload (TSO) context includes parameters for both segmentation
offload and checksum offload, and the normal (SUM,
i.e. checksum-offload-only) context includes only checksum offload
parameters. These parameters specify over which packet data to compute
the checksum, and where in the packet to store the computed
checksum(s).

[1] 
https://www.intel.com/content/dam/doc/manual/pci-pci-x-family-gbe-controllers-software-dev-manual.pdf

The e1000 driver can update either of these contexts by sending a
transmit context descriptor. The TSE bit in the TUCMD field controls
which context is modified by the descriptor. Crucially, a transmit
context descriptor with TSE=1 changes only the TSO context, leaving
the SUM context unchanged; with TSE=0 the opposite is true.

Fields in the transmit data descriptor determine which (if either) of
these two contexts the device uses when actually transmitting some
data:

- If the TSE bit in the DCMD field is set, then the device performs
  TCP segmentation offload using the parameters previously set in the
  TSO context. In addition, if TXSM and/or IXSM is set in the POPTS
  field, the device performs the appropriate checksum offloads using
  the parameters in the same (TSO) context.

- Otherwise, if the TSE bit in the DCMD field is clear, then there is
  no TCP segmentation offload. If TXSM and/or IXSM is set in the POPTS
  field, the device performs the appropriate checksum offloads using
  the parameters in the SUM context.

The e1000 driver is free to set up the TSO and SUM contexts and then
transmit a mixture of data, with each data descriptor using a
different (or neither) context. This is what the e1000 driver for
Windows (Intel(R) PRO/1000 MT Network Connection, aka E1G6023E.sys)
does in certain cases. Sometimes with quite undesirable results, since
the QEMU e1000 device doesn't work as described above.

Instead, the QEMU e1000 device maintains only one context in its state
structure. When it receives a transmit context descriptor from the
driver, it overwrites the context parameters regardless of the TSE bit
in the TUCMD field.

To see why this is wrong, suppose the driver first sets up a SUM
context with UDP checksum offload parameters (say, TUCSO pointing to
the appropriate offset for a UDP checksum, 6 bytes into the header),
and then sets up a TSO context with TCP checksum offload parameters
(TUCSO pointing to the appropriate offset for a TCP checksum, 16 bytes
into the header). The driver then sends a transmit data descriptor
with TSO=0 and TXSM=1 along with a UDP datagram. The QEMU e1000 device
computes the checksum using the last set of checksum offload
parameters, and writes the checksum to offset 16, stomping on two
bytes of UDP data, and leaving the wrong checksum in the UDP checksum
field.

To make matters worse, if the host network stack treats data
transmitted from a VM as locally originated, it may do its own UDP
checksum computation, "correcting" it to match the corrupt data before
sending it on the wire. Now the corrupt UDP packet makes its way all
the way to the destination.

(Another layer of icing on the cake is that QEMU ignores the
requirement that a UDP checksum computed as zero be sent as 0x,
since zero is a special value meaning no checksum. So even when QEMU
doesn't corrupt the packet data, the packet sometimes leaves the box
with no checksum at all.)

I have instrumented QEMU and reproduced this behavior with a Windows
10 guest, rather easily with a TCP iperf and a UDP iperf running in
parallel. I have also attempted a fix, which is below in very rough
form.

Before I spend too much time refining a patch, I'd like to get
feedback on my approach.

One puzzle is what to do about e1000e: it shares shares some data
structures and a bit of code with e1000, but little else, which is
surprising given how similar they are (or should be). The e1000e's
handling of TCP segmentation offload and checksum offload is totally
different, and problematic for other reasons (it totally ignores most
of the context parameters provided by the driver and basically does
what it thinks is best by digging into the packet data). Is this
divergence intentional? Is there a reason not to change e1000e as long
as I'm trying to make e1000 more datasheet-conformant?

Not ready for prime time, but nonetheless
Signed-off-by: Ed Swierk 

---
 hw/net/e1000.c | 183 +++--
 hw/net/e1000x_common.h |   4 +-
 2 files changed, 132 insertions(+), 55 deletions(-)

diff --git a/hw/net/e1000.c b/hw/net/e1000.c
index 9324949..66ac7d3 100644
--- 

Re: [Qemu-devel] [PULL 0/3] Fixes 20171023 patches

[no-reply]

Hi,

This series failed build test on s390x host. Please find the details below.

Type: series
Message-id: 20171023080245.31300-1-kra...@redhat.com
Subject: [Qemu-devel] [PULL 0/3] Fixes 20171023 patches

=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
CC=$HOME/bin/cc
INSTALL=$PWD/install
BUILD=$PWD/build
echo -n "Using CC: "
realpath $CC
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --cc=$CC --prefix=$INSTALL
make -j4
# XXX: we need reliable clean up
# make check -j4 V=1
make install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20171023080245.31300-1-kra...@redhat.com -> 
patchew/20171023080245.31300-1-kra...@redhat.com
Switched to a new branch 'test'
e63d759 scripts: don't throw away stderr when checking out git submodules
12c2372 ui: add qemu-keymap and shader to .gitignore
9d8b29c configure: disable qemu-keymap for linux-user qemu

=== OUTPUT BEGIN ===
=== ENV ===
XDG_SESSION_ID=59408
SHELL=/bin/sh
USER=fam
PATCHEW=/home/fam/patchew/patchew-cli -s http://patchew.org --nodebug
PATH=/usr/bin:/bin
PWD=/var/tmp/patchew-tester-tmp-qe4vl6h9/src
LANG=en_US.UTF-8
HOME=/home/fam
SHLVL=2
LOGNAME=fam
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1012/bus
XDG_RUNTIME_DIR=/run/user/1012
_=/usr/bin/env
=== PACKAGES ===
gpg-pubkey-873529b8-54e386ff
xz-libs-5.2.2-2.fc24.s390x
libxshmfence-1.2-3.fc24.s390x
giflib-4.1.6-15.fc24.s390x
trousers-lib-0.3.13-6.fc24.s390x
ncurses-base-6.0-6.20160709.fc25.noarch
gmp-6.1.1-1.fc25.s390x
libidn-1.33-1.fc25.s390x
slang-2.3.0-7.fc25.s390x
pkgconfig-0.29.1-1.fc25.s390x
alsa-lib-1.1.1-2.fc25.s390x
yum-metadata-parser-1.1.4-17.fc25.s390x
python3-slip-dbus-0.6.4-4.fc25.noarch
python2-cssselect-0.9.2-1.fc25.noarch
createrepo_c-libs-0.10.0-6.fc25.s390x
initscripts-9.69-1.fc25.s390x
parted-3.2-21.fc25.s390x
flex-2.6.0-3.fc25.s390x
colord-libs-1.3.4-1.fc25.s390x
python-osbs-client-0.33-3.fc25.noarch
perl-Pod-Simple-3.35-1.fc25.noarch
python2-simplejson-3.10.0-1.fc25.s390x
brltty-5.4-2.fc25.s390x
librados2-10.2.4-2.fc25.s390x
tcp_wrappers-7.6-83.fc25.s390x
libcephfs_jni1-10.2.4-2.fc25.s390x
nettle-devel-3.3-1.fc25.s390x
bzip2-devel-1.0.6-21.fc25.s390x
libuuid-2.28.2-2.fc25.s390x
python3-dnf-1.1.10-6.fc25.noarch
texlive-kpathsea-doc-svn41139-33.fc25.1.noarch
openssh-7.4p1-4.fc25.s390x
texlive-kpathsea-bin-svn40473-33.20160520.fc25.1.s390x
texlive-graphics-svn41015-33.fc25.1.noarch
texlive-dvipdfmx-def-svn40328-33.fc25.1.noarch
texlive-mfware-svn40768-33.fc25.1.noarch
texlive-texlive-scripts-svn41433-33.fc25.1.noarch
texlive-euro-svn22191.1.1-33.fc25.1.noarch
texlive-etex-svn37057.0-33.fc25.1.noarch
texlive-iftex-svn29654.0.2-33.fc25.1.noarch
texlive-palatino-svn31835.0-33.fc25.1.noarch
texlive-texlive-docindex-svn41430-33.fc25.1.noarch
texlive-xunicode-svn30466.0.981-33.fc25.1.noarch
texlive-koma-script-svn41508-33.fc25.1.noarch
texlive-pst-grad-svn15878.1.06-33.fc25.1.noarch
texlive-pst-blur-svn15878.2.0-33.fc25.1.noarch
texlive-jknapltx-svn19440.0-33.fc25.1.noarch
texinfo-6.1-4.fc25.s390x
openssl-devel-1.0.2k-1.fc25.s390x
jansson-2.10-2.fc25.s390x
fedora-repos-25-4.noarch
perl-Errno-1.25-387.fc25.s390x
acl-2.2.52-13.fc25.s390x
systemd-pam-231-17.fc25.s390x
NetworkManager-libnm-1.4.4-5.fc25.s390x
poppler-0.45.0-5.fc25.s390x
ccache-3.3.4-1.fc25.s390x
valgrind-3.12.0-9.fc25.s390x
perl-open-1.10-387.fc25.noarch
libgcc-6.4.1-1.fc25.s390x
libsoup-2.56.1-1.fc25.s390x
libstdc++-devel-6.4.1-1.fc25.s390x
libobjc-6.4.1-1.fc25.s390x
python2-rpm-4.13.0.1-2.fc25.s390x
python2-gluster-3.10.5-1.fc25.s390x
rpm-build-4.13.0.1-2.fc25.s390x
glibc-static-2.24-10.fc25.s390x
lz4-1.8.0-1.fc25.s390x
xapian-core-libs-1.2.24-1.fc25.s390x
elfutils-libelf-devel-0.169-1.fc25.s390x
nss-softokn-3.32.0-1.2.fc25.s390x
pango-1.40.9-1.fc25.s390x
glibc-debuginfo-common-2.24-10.fc25.s390x
libaio-0.3.110-6.fc24.s390x
libfontenc-1.1.3-3.fc24.s390x
lzo-2.08-8.fc24.s390x
isl-0.14-5.fc24.s390x
libXau-1.0.8-6.fc24.s390x
linux-atm-libs-2.5.1-14.fc24.s390x
libXext-1.3.3-4.fc24.s390x
libXxf86vm-1.1.4-3.fc24.s390x
bison-3.0.4-4.fc24.s390x
perl-srpm-macros-1-20.fc25.noarch
gawk-4.1.3-8.fc25.s390x
libwayland-client-1.12.0-1.fc25.s390x
perl-Exporter-5.72-366.fc25.noarch
perl-version-0.99.17-1.fc25.s390x
fftw-libs-double-3.3.5-3.fc25.s390x
libssh2-1.8.0-1.fc25.s390x
ModemManager-glib-1.6.4-1.fc25.s390x
newt-python3-0.52.19-2.fc25.s390x
python-munch-2.0.4-3.fc25.noarch
python-bugzilla-1.2.2-4.fc25.noarch
libedit-3.1-16.20160618cvs.fc25.s390x
createrepo_c-0.10.0-6.fc25.s390x
device-mapper-multipath-libs-0.4.9-83.fc25.s390x
yum-3.4.3-510.fc25.noarch
mozjs17-17.0.0-16.fc25.s390x
libselinux-2.5-13.fc25.s390x
python2-pyparsing-2.1.10-1.fc25.noarch
cairo-gobject

Re: [Qemu-devel] [PATCH 3/3] vl: remove unnecessary #ifdef CONFIG_TPM

[Stefan Berger]

On 10/23/2017 05:33 PM, Philippe Mathieu-Daudé wrote:

a stub is now provided.

Signed-off-by: Philippe Mathieu-Daudé 
---
  vl.c | 2 --
  1 file changed, 2 deletions(-)

diff --git a/vl.c b/vl.c
index 0723835bbf..ec299099ff 100644
--- a/vl.c
+++ b/vl.c
@@ -4624,11 +4624,9 @@ int main(int argc, char **argv, char **envp)
  exit(1);
  }

-#ifdef CONFIG_TPM
  if (tpm_init() < 0) {
  exit(1);
  }
-#endif

  /* init the bluetooth world */
  if (foreach_device_config(DEV_BT, bt_parse))



Now you should be able to also remove the #ifdef CONFIG_TPM from ./tpm.c.

   Stefan

Re: [Qemu-devel] [Qemu-arm] [PATCH] hw/ide/ahci: Move allwinner code into a separate file

[Philippe Mathieu-Daudé]

On 10/23/2017 03:48 PM, Thomas Huth wrote:
> The allwinner code is only needed for the allwinner board (for which
> we also have a separate CONFIG_ALLWINNER_A10 config switch), so it
> does not make sense that we compile this for all the other boards
> that need AHCI, too. Let's move it to a separate file that is only
> compiled when CONFIG_ALLWINNER_A10 is set.
> 
> Signed-off-by: Thomas Huth 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  hw/ide/Makefile.objs|   1 +
>  hw/ide/ahci-allwinner.c | 127 
> 
>  hw/ide/ahci.c   |  95 
>  3 files changed, 128 insertions(+), 95 deletions(-)
>  create mode 100644 hw/ide/ahci-allwinner.c
> 
> diff --git a/hw/ide/Makefile.objs b/hw/ide/Makefile.objs
> index 729e9bd..f0edca3 100644
> --- a/hw/ide/Makefile.objs
> +++ b/hw/ide/Makefile.objs
> @@ -10,3 +10,4 @@ common-obj-$(CONFIG_IDE_VIA) += via.o
>  common-obj-$(CONFIG_MICRODRIVE) += microdrive.o
>  common-obj-$(CONFIG_AHCI) += ahci.o
>  common-obj-$(CONFIG_AHCI) += ich.o
> +common-obj-$(CONFIG_ALLWINNER_A10) += ahci-allwinner.o
> diff --git a/hw/ide/ahci-allwinner.c b/hw/ide/ahci-allwinner.c
> new file mode 100644
> index 000..c3f1604
> --- /dev/null
> +++ b/hw/ide/ahci-allwinner.c
> @@ -0,0 +1,127 @@
> +/*
> + * QEMU Allwinner AHCI Emulation
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License
> + * as published by the Free Software Foundation; either version 2
> + * of the License, or (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "hw/hw.h"
> +#include "qemu/error-report.h"
> +#include "sysemu/block-backend.h"
> +#include "sysemu/dma.h"
> +#include "hw/ide/internal.h"
> +#include "hw/ide/ahci_internal.h"
> +
> +#include "trace.h"
> +
> +#define ALLWINNER_AHCI_BISTAFR((0xa0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_BISTCR ((0xa4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_BISTFCTR   ((0xa8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_BISTSR ((0xac - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_BISTDECR   ((0xb0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_DIAGNR0((0xb4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_DIAGNR1((0xb8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_OOBR   ((0xbc - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_PHYCS0R((0xc0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_PHYCS1R((0xc4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_PHYCS2R((0xc8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_TIMER1MS   ((0xe0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_GPARAM1R   ((0xe8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_GPARAM2R   ((0xec - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_PPARAMR((0xf0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_TESTR  ((0xf4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_VERSIONR   ((0xf8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_IDR((0xfc - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +#define ALLWINNER_AHCI_RWCR   ((0xfc - ALLWINNER_AHCI_MMIO_OFF) / 4)
> +
> +static uint64_t allwinner_ahci_mem_read(void *opaque, hwaddr addr,
> +unsigned size)
> +{
> +AllwinnerAHCIState *a = opaque;
> +AHCIState *s = &(SYSBUS_AHCI(a)->ahci);
> +uint64_t val = a->regs[addr / 4];
> +
> +switch (addr / 4) {
> +case ALLWINNER_AHCI_PHYCS0R:
> +val |= 0x2 << 28;
> +break;
> +case ALLWINNER_AHCI_PHYCS2R:
> +val &= ~(0x1 << 24);
> +break;
> +}
> +trace_allwinner_ahci_mem_read(s, a, addr, val, size);
> +return  val;
> +}
> +
> +static void allwinner_ahci_mem_write(void *opaque, hwaddr addr,
> + uint64_t val, unsigned size)
> +{
> +AllwinnerAHCIState *a = opaque;
> +AHCIState *s = &(SYSBUS_AHCI(a)->ahci);
> +
> +trace_allwinner_ahci_mem_write(s, a, addr, val, size);
> +a->regs[addr / 4] = val;
> +}
> +
> +static const MemoryRegionOps allwinner_ahci_mem_ops = {
> +.read = allwinner_ahci_mem_read,
> +.write = allwinner_ahci_mem_write,
> +.valid.min_access_size = 4,
> +.valid.max_access_size = 4,
> +.endianness = DEVICE_LITTLE_ENDIAN,
> +};
> +
> +static void allwinner_ahci_init(Object *obj)
> +{
> +

[Qemu-devel] Command line option "-option-rom" doesn't take the ROM file

[Deema B]

Hi,

I'm trying to use the -option-rom option to supply my own virtio OpROM.

I am not able to see the ROM being launch (the built-in version comes up
instead).
The only way I am able to make it work is to rebuild the Qemu and iPXE
together.

I'm assuming this is working feature, and I'm simply doing something wrong.
Appreciate any suggestions, pointers, and to hear your experience with this
particular option.

 - Deema.

Re: [Qemu-devel] [PATCH v3 04/11] kinetis_k64_sim.h has been added

[Philippe Mathieu-Daudé]

On 10/23/2017 05:36 PM, Gabriel Costa wrote:
> The name SIM came from kinetis datasheet, it is the name of the peripheral.
> I believe others families of kinetis microcontrollers uses the same name.

SIM stands for "System Integration Module"; naming it
"kinetis_k64_sim.c" does not sound very helpful.
This is why I suggested "kinetis_k64_system.c" which better matches the
system controller of the other SoCs.

> On Fri, Oct 20, 2017 at 6:17 PM, Philippe Mathieu-Daudé 
> wrote:
>> I'd rather name it kinetis_k64_system.h or kinetis_k64_sysctl.h

Re: [Qemu-devel] [PATCH 3/3] vl: remove unnecessary #ifdef CONFIG_TPM

[Richard W.M. Jones]

The series fixes the build for me, thanks :-)

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/

[Qemu-devel] [PATCH 3/3] vl: remove unnecessary #ifdef CONFIG_TPM

[Philippe Mathieu-Daudé]

a stub is now provided.

Signed-off-by: Philippe Mathieu-Daudé 
---
 vl.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/vl.c b/vl.c
index 0723835bbf..ec299099ff 100644
--- a/vl.c
+++ b/vl.c
@@ -4624,11 +4624,9 @@ int main(int argc, char **argv, char **envp)
 exit(1);
 }
 
-#ifdef CONFIG_TPM
 if (tpm_init() < 0) {
 exit(1);
 }
-#endif
 
 /* init the bluetooth world */
 if (foreach_device_config(DEV_BT, bt_parse))
-- 
2.15.0.rc1

[Qemu-devel] [PATCH 1/3] tpm: add missing include

[Philippe Mathieu-Daudé]

else files including "sysemu/tpm.h" fail to compile:

  In file included from qemu/stubs/tpm.c:2:0:
  qemu/include/sysemu/tpm.h:36:19: error: implicit declaration of function 
‘object_resolve_path_type’ [-Werror=implicit-function-declaration]
   Object *obj = object_resolve_path_type("", TYPE_TPM_TIS, NULL);
 ^~~~

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/sysemu/tpm.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
index c8afa179e5..d7a2bd8556 100644
--- a/include/sysemu/tpm.h
+++ b/include/sysemu/tpm.h
@@ -13,6 +13,7 @@
 #define QEMU_TPM_H
 
 #include "qemu/option.h"
+#include "qom/object.h"
 
 typedef struct TPMState TPMState;
 
-- 
2.15.0.rc1

[Qemu-devel] [PATCH 2/3] tpm: add stubs

[Philippe Mathieu-Daudé]

this fixes compile with --disable-tpm

Reported-by: BALATON Zoltan 
Message-Id: <20171023102903.256af745...@zero.eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé 
---
 Makefile.objs   |  2 +-
 stubs/tpm.c | 33 +
 MAINTAINERS |  1 +
 stubs/Makefile.objs |  1 +
 4 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 stubs/tpm.c

diff --git a/Makefile.objs b/Makefile.objs
index d4f973a8fc..285c6f3c15 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -62,7 +62,7 @@ bt-host.o-cflags := $(BLUEZ_CFLAGS)
 common-obj-y += dma-helpers.o
 common-obj-y += vl.o
 vl.o-cflags := $(GPROF_CFLAGS) $(SDL_CFLAGS)
-common-obj-y += tpm.o
+common-obj-$(CONFIG_TPM) += tpm.o
 
 common-obj-$(CONFIG_SLIRP) += slirp/
 
diff --git a/stubs/tpm.c b/stubs/tpm.c
new file mode 100644
index 00..6b90557e42
--- /dev/null
+++ b/stubs/tpm.c
@@ -0,0 +1,33 @@
+/*
+ * TPM configuration
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "sysemu/tpm.h"
+#include "qmp-commands.h"
+
+int tpm_init(void)
+{
+return 0;
+}
+
+void tpm_cleanup(void)
+{
+}
+
+TPMInfoList *qmp_query_tpm(Error **errp)
+{
+return NULL;
+}
+
+TpmTypeList *qmp_query_tpm_types(Error **errp)
+{
+return NULL;
+}
+
+TpmModelList *qmp_query_tpm_models(Error **errp)
+{
+return NULL;
+}
diff --git a/MAINTAINERS b/MAINTAINERS
index 12175425a7..2650063242 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1544,6 +1544,7 @@ TPM
 M: Stefan Berger 
 S: Maintained
 F: tpm.c
+F: stubs/tpm.c
 F: hw/tpm/*
 F: include/hw/acpi/tpm.h
 F: include/sysemu/tpm*
diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs
index c7594796c3..8cfe34328a 100644
--- a/stubs/Makefile.objs
+++ b/stubs/Makefile.objs
@@ -28,6 +28,7 @@ stub-obj-y += runstate-check.o
 stub-obj-y += set-fd-handler.o
 stub-obj-y += slirp.o
 stub-obj-y += sysbus.o
+stub-obj-y += tpm.o
 stub-obj-y += trace-control.o
 stub-obj-y += uuid.o
 stub-obj-y += vm-stop.o
-- 
2.15.0.rc1

[Qemu-devel] [PATCH 0/3] tpm: add stubs to fix compiling with --disable-tpm

[Philippe Mathieu-Daudé]

This fixes building with --disable-tpm as reported by Zoltan:
  http://lists.nongnu.org/archive/html/qemu-devel/2017-10/msg05369.html

Cc'ing Peter in case this enters as build fix instead of via trivial.

Regards,

Phil.

Philippe Mathieu-Daudé (3):
  tpm: add missing include
  tpm: add stubs
  vl: remove unnecessary #ifdef CONFIG_TPM

 Makefile.objs|  2 +-
 include/sysemu/tpm.h |  1 +
 stubs/tpm.c  | 33 +
 vl.c |  2 --
 MAINTAINERS  |  1 +
 stubs/Makefile.objs  |  1 +
 6 files changed, 37 insertions(+), 3 deletions(-)
 create mode 100644 stubs/tpm.c

-- 
2.15.0.rc1

Re: [Qemu-devel] Running Qemu in discrete time/step by step

[Nutaro, James J.]

I don't expect exact repeatability, but I haven't tested for it either. The 
machinery that prevents repeatability with replay will probably have the same 
effect in the adevs/qemu simulator.

-Original Message-
From: Matt [mailto:matta...@gmail.com] 
Sent: Monday, October 23, 2017 5:38 AM
To: Nutaro, James J.
Cc: Emilio G. Cota; qemu-devel@nongnu.org; Hajime Tazaki
Subject: Re: [Qemu-devel] Running Qemu in discrete time/step by step

I did not know about Qemu's record/replay mode which is an interesting
feature but unneeded if a  2nd qemu run with the same inputs generated
the same outputs (as it's the case with DCE).
@nutaro Thanks for the updated patch. I will have a look at adevs. On
a related note https://github.com/qemu/qemu/blob/master/docs/replay.txt
enumerates different sources of indeterminism
==
Replaying of the execution of virtual machine is bound by sources of
non-determinism. These are inputs from clock and peripheral devices,
and QEMU thread scheduling. Thread scheduling affect on processing events
from timers, asynchronous input-output, and bottom halves.
==

Do you manage to achieve perfect reproducibility with adevs + qemu ?
If yes, is there any publication describing how you achieve this ?

Best regards
matt

2017-10-21 0:02 GMT+09:00 Nutaro, James J. :
> Thanks for taking a look at the patch. The most recent version of the patch 
> will also work with KVM if you need to speed things up. You can find it here:
>
> https://patchwork.kernel.org/patch/9960369/
>
> Somehow I messed up that post and it shows V8 when it should be V9.
>
> You can get the simulator that it works with at
>
> https://sourceforge.net/projects/adevs/
>
> If nothing else, this simulator would give you a blue print for integration 
> with another tool.
>
> Jim
>
> -Original Message-
> From: Emilio G. Cota [mailto:c...@braap.org]
> Sent: Thursday, October 19, 2017 4:54 PM
> To: Matt
> Cc: qemu-devel@nongnu.org; Hajime Tazaki; Nutaro, James J.
> Subject: Re: [Qemu-devel] Running Qemu in discrete time/step by step
>
> On Thu, Oct 19, 2017 at 14:14:12 +0900, Matt wrote:
> (snip)
>> - VMSimint does nearly that, it runs Qemu in discrete time but
>> interface it with a JAVA simulator
>> http://www.ikr.uni-stuttgart.de/Content/Publications/Archive/We_SIMUTools_2014_40209.pdf
>> (with the code http://www.ikr.uni-stuttgart.de/Content/IKRSimLib/Download/)
>> - http://web.ornl.gov/~nutarojj/adevs/ does sthg similar too
>
> Nutaro's work to interface with QEMU has been posted on the list:
>   https://patchwork.kernel.org/patch/9572497/
> I'm Cc'ing him in case he's not subscribed to the list.
>
>
>> My questions would be:
>> 1/ do you know of any other related work ?
>
> Is QEMU's record/replay mode of any use to you? Note that as is the
> case with Nutaro's patch, you'll need icount mode (i.e. single-core)
> enabled.
>
>> 2/ I believe there is interest from the research side but would it be
>> possible to merge either approach or a similar one (adevs patch
>> doesn't seem too big ~500 lines), would that be of interest for the
>> Qemu comminity too ?
>> 3/ if yes to 2. How to proceed, which one would be favorite ? if no,
>> what should be improved ? or would that be a definitive no ?
>
> I think the adevs approach is reasonable. The patch hasn't gotten much
> attention I guess because not many people care about this feature.
> But if you could review the patch and certify that it works for you
> (i.e. it works with simulators other than adevs), that could only help
> the patch getting in.
>
> That said, I make no merging decisions so take this as just my opinion.
>
> Cheers,
>
> Emilio
>

[Qemu-devel] Command line option "-option-rom" doesn't take the ROM file

[Deema B]

Hi,

I'm trying to use the -option-rom option to supply my own virtio OpROM.

I am not able to see the ROM being launch (the built-in version comes up
instead).
The only way I am able to make it work is to rebuild the Qemu and iPXE
together.

I'm assuming this is working feature, and I'm simply doing something wrong.
Appreciate any suggestions, pointers, and to hear your experience with this
particular option.

- Deema

[Qemu-devel] [Bug 1714331] Re: Virtual machines not working anymore on 2.10

[Mary Sherman]

> Should this be opened as a bug on the `ovmf` Ubuntu package
(xenial/zesty/artful)? I'm very familiar with the Ubuntu version
policies.

I've just noticed that I intended to write "I'm *not* very familiar with
the Ubuntu version policies".

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1714331

Title:
  Virtual machines not working anymore on 2.10

Status in QEMU:
  New

Bug description:
  Using 2.10, my virtual machine(s) don't work anymore. This happens
  100% of the times.

  -

  I use QEMU compiling it from source, on Ubuntu 16.04 amd64. This is
  the configure command:

  configure --target-list=x86_64-softmmu --enable-debug --enable-gtk
  --enable-spice --audio-drv-list=pa

  I have one virtual disk, with a Windows 10 64-bit, which I launch in
  two different ways; both work perfectly on 2.9 (and used to do on 2.8,
  but I haven't used it for a long time).

  This is the first way:

  qemu-system-x86_64
-drive if=pflash,format=raw,readonly,file=/path/to/OVMF_CODE.fd
-drive if=pflash,format=raw,file=/tmp/OVMF_VARS.fd.tmp
-enable-kvm
-machine q35,accel=kvm,mem-merge=off
-cpu 
host,kvm=off,hv_vendor_id=vgaptrocks,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time
-smp 4,cores=4,sockets=1,threads=1
-m 4096
-display gtk
-vga qxl
-rtc base=localtime
-serial none
-parallel none
-usb
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device virtio-scsi-pci,id=scsi
-drive 
file=/path/to/image-diff.img,id=hdd1,format=qcow2,if=none,cache=writeback
-device scsi-hd,drive=hdd1
-net nic,model=virtio
-net user

  On QEMU 2.10, I get the `Recovery - Your PC/Device needs to be
  repaired` windows screen; on 2.9, it boots regularly.

  This is the second way:

  qemu-system-x86_64
-drive if=pflash,format=raw,readonly,file=/path/to/OVMF_CODE.fd
-drive if=pflash,format=raw,file=/tmp/OVMF_VARS.fd.tmp
-enable-kvm
-machine q35,accel=kvm,mem-merge=off
-cpu 
host,kvm=off,hv_vendor_id=vgaptrocks,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time
-smp 4,cores=4,sockets=1,threads=1
-m 10240
-vga none
-rtc base=localtime
-serial none
-parallel none
-usb
-device vfio-pci,host=01:00.0,multifunction=on
-device vfio-pci,host=01:00.1
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device virtio-scsi-pci,id=scsi
-drive 
file=/path/to/image-diff.img,id=hdd1,format=qcow2,if=none,cache=writeback
-device scsi-hd,drive=hdd1
-net nic,model=virtio
-net user

  On QEMU 2.10, I get the debug window on the linux monitor, and blank screen 
on VFIO one (no BIOS screen at all); after 10/20 seconds, QEMU crashes without 
any message.
  On 2.9, this works perfectly.

  -

  I am able to perform a git bisect, if that helps, but if this is the
  case, I'd need this issue to be reviewed, since bisecting is going to
  take me a lot of time.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1714331/+subscriptions

[Qemu-devel] [PATCH 7/7] sdl2: Do not leave grab when fullscreen

[Jindrich Makovicka]

---
 ui/sdl2.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ui/sdl2.c b/ui/sdl2.c
index 3823f0a834..811c21da27 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -451,8 +451,9 @@ static void handle_mousemotion(SDL_Event *ev)
 SDL_GetWindowSize(scon->real_window, _w, _h);
 max_x = scr_w - 1;
 max_y = scr_h - 1;
-if (gui_grab && (ev->motion.x == 0 || ev->motion.y == 0 ||
- ev->motion.x == max_x || ev->motion.y == max_y)) {
+if (gui_grab && !gui_fullscreen
+&& (ev->motion.x == 0 || ev->motion.y == 0 ||
+ev->motion.x == max_x || ev->motion.y == max_y)) {
 sdl_grab_end(scon);
 }
 if (!gui_grab &&
-- 
2.15.0.rc0

[Qemu-devel] [PATCH 5/7] sdl2 uses surface relative coordinates

[Jindrich Makovicka]

---
 ui/sdl2.c | 28 ++--
 1 file changed, 2 insertions(+), 26 deletions(-)

diff --git a/ui/sdl2.c b/ui/sdl2.c
index fa54353430..092eab37dc 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -276,32 +276,8 @@ static void sdl_send_mouse_event(struct sdl2_console 
*scon, int dx, int dy,
 }
 
 if (qemu_input_is_absolute()) {
-int scr_w, scr_h;
-int max_w = 0, max_h = 0;
-int off_x = 0, off_y = 0;
-int cur_off_x = 0, cur_off_y = 0;
-int i;
-
-for (i = 0; i < sdl2_num_outputs; i++) {
-struct sdl2_console *thiscon = _console[i];
-if (thiscon->real_window && thiscon->surface) {
-SDL_GetWindowSize(thiscon->real_window, _w, _h);
-cur_off_x = thiscon->x;
-cur_off_y = thiscon->y;
-if (scr_w + cur_off_x > max_w) {
-max_w = scr_w + cur_off_x;
-}
-if (scr_h + cur_off_y > max_h) {
-max_h = scr_h + cur_off_y;
-}
-if (i == scon->idx) {
-off_x = cur_off_x;
-off_y = cur_off_y;
-}
-}
-}
-qemu_input_queue_abs(scon->dcl.con, INPUT_AXIS_X, off_x + x, 0, max_w);
-qemu_input_queue_abs(scon->dcl.con, INPUT_AXIS_Y, off_y + y, 0, max_h);
+qemu_input_queue_abs(scon->dcl.con, INPUT_AXIS_X, x, 0, 
surface_width(scon->surface));
+qemu_input_queue_abs(scon->dcl.con, INPUT_AXIS_Y, y, 0, 
surface_height(scon->surface));
 } else {
 if (guest_cursor) {
 x -= guest_x;
-- 
2.15.0.rc0

[Qemu-devel] [PATCH 6/7] sdl2: Fix dead keyboard after fullsceen

[Jindrich Makovicka]

---
 ui/sdl2.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ui/sdl2.c b/ui/sdl2.c
index 092eab37dc..3823f0a834 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -418,6 +418,7 @@ static void handle_keyup(SDL_Event *ev)
 sdl2_reset_keys(scon);
 return;
 }
+sdl2_reset_keys(scon);
 gui_keysym = 0;
 }
 if (!gui_keysym) {
-- 
2.15.0.rc0

[Qemu-devel] [PATCH 4/7] sdl2: Only accept the hotkeys on the main window

[Jindrich Makovicka]

---
 ui/sdl2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/sdl2.c b/ui/sdl2.c
index 685e4fabec..fa54353430 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -349,7 +349,7 @@ static void handle_keydown(SDL_Event *ev)
 }
 gui_key_modifier_pressed = mod_state;
 
-if (gui_key_modifier_pressed) {
+if (gui_key_modifier_pressed && !ev->key.repeat && 
qemu_console_is_graphic(scon->dcl.con)) {
 switch (ev->key.keysym.scancode) {
 case SDL_SCANCODE_2:
 case SDL_SCANCODE_3:
-- 
2.15.0.rc0

[Qemu-devel] [PATCH 3/7] sdl2: Do not hide the cursor on auxilliary windows

[Jindrich Makovicka]

---
 ui/sdl2.c | 41 ++---
 1 file changed, 30 insertions(+), 11 deletions(-)

diff --git a/ui/sdl2.c b/ui/sdl2.c
index aa37b39547..685e4fabec 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -169,10 +169,10 @@ static void sdl_hide_cursor(void)
 return;
 }
 
-if (qemu_input_is_absolute()) {
-SDL_ShowCursor(1);
-SDL_SetCursor(sdl_cursor_hidden);
-} else {
+SDL_ShowCursor(SDL_DISABLE);
+SDL_SetCursor(sdl_cursor_hidden);
+
+if (!qemu_input_is_absolute()) {
 SDL_SetRelativeMouseMode(SDL_TRUE);
 }
 }
@@ -185,14 +185,16 @@ static void sdl_show_cursor(void)
 
 if (!qemu_input_is_absolute()) {
 SDL_SetRelativeMouseMode(SDL_FALSE);
-SDL_ShowCursor(1);
-if (guest_cursor &&
-(gui_grab || qemu_input_is_absolute() || absolute_enabled)) {
-SDL_SetCursor(guest_sprite);
-} else {
-SDL_SetCursor(sdl_cursor_normal);
-}
 }
+
+if (guest_cursor &&
+(gui_grab || qemu_input_is_absolute() || absolute_enabled)) {
+SDL_SetCursor(guest_sprite);
+} else {
+SDL_SetCursor(sdl_cursor_normal);
+}
+
+SDL_ShowCursor(SDL_ENABLE);
 }
 
 static void sdl_grab_start(struct sdl2_console *scon)
@@ -463,6 +465,10 @@ static void handle_mousemotion(SDL_Event *ev)
 int max_x, max_y;
 struct sdl2_console *scon = get_scon_from_window(ev->key.windowID);
 
+if (!qemu_console_is_graphic(scon->dcl.con)) {
+return;
+}
+
 if (qemu_input_is_absolute() || absolute_enabled) {
 int scr_w, scr_h;
 SDL_GetWindowSize(scon->real_window, _w, _h);
@@ -490,6 +496,10 @@ static void handle_mousebutton(SDL_Event *ev)
 SDL_MouseButtonEvent *bev;
 struct sdl2_console *scon = get_scon_from_window(ev->key.windowID);
 
+if (!qemu_console_is_graphic(scon->dcl.con)) {
+return;
+}
+
 bev = >button;
 if (!gui_grab && !qemu_input_is_absolute()) {
 if (ev->type == SDL_MOUSEBUTTONUP && bev->button == SDL_BUTTON_LEFT) {
@@ -512,6 +522,10 @@ static void handle_mousewheel(SDL_Event *ev)
 SDL_MouseWheelEvent *wev = >wheel;
 InputButton btn;
 
+if (!qemu_console_is_graphic(scon->dcl.con)) {
+return;
+}
+
 if (wev->y > 0) {
 btn = INPUT_BUTTON_WHEEL_UP;
 } else if (wev->y < 0) {
@@ -651,6 +665,11 @@ static void sdl_mouse_warp(DisplayChangeListener *dcl,
int x, int y, int on)
 {
 struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
+
+if (!qemu_console_is_graphic(scon->dcl.con)) {
+return;
+}
+
 if (on) {
 if (!guest_cursor) {
 sdl_show_cursor();
-- 
2.15.0.rc0

[Qemu-devel] SDL2 various fixes

[Jindrich Makovicka]

Hi,

I am sending a couple of patches I needed to apply to make the
SDL2 GUI work reasonably on Debian Sid, which recently switched
from SDL1.

The main issue is that the QEMU window stops updating when it is
minimized, or after a virtual desktop switch. Then, there are
some regressions due to recently added terminals in multiple
windows, and some issues with fullscreen mode and window scaling.

I am using MATE desktop 1.18 and SDL 2.0.6.

Regards,
--
Jindrich Makovicka

[Qemu-devel] [PATCH 1/7] sdl2: Fix broken display updating after the window is hidden

[Jindrich Makovicka]

With SDL 2.0.6, calling SDL_ShowWindow during SDL_WINDOWEVENT_HIDDEN
blocks all subsequent display updates.
---
 ui/sdl2.c | 5 -
 1 file changed, 5 deletions(-)

diff --git a/ui/sdl2.c b/ui/sdl2.c
index 53dd447fd2..7f51933234 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -576,11 +576,6 @@ static void handle_windowevent(SDL_Event *ev)
 SDL_HideWindow(scon->real_window);
 }
 break;
-case SDL_WINDOWEVENT_HIDDEN:
-if (!scon->hidden) {
-SDL_ShowWindow(scon->real_window);
-}
-break;
 }
 }
 
-- 
2.15.0.rc0

Re: [Qemu-devel] [PATCH] tpm: Don't call tpm_cleanup unless CONFIG_TPM.

[Richard W.M. Jones]

Since I posted this, there are more failures with --disable-tpm ...

  LINKx86_64-softmmu/qemu-system-x86_64
../vl.o: In function `main':
/home/rjones/d/qemu/vl.c:4908: undefined reference to `tpm_cleanup'
../tpm.o: In function `qmp_query_tpm_types':
/home/rjones/d/qemu/tpm.c:230: undefined reference to `tpm_be_find_by_type'
../tpm.o: In function `qmp_query_tpm_types':
tpm.c:(.text+0x4a): undefined reference to `tpm_be_find_by_type'
tpm.c:(.text+0x7a): undefined reference to `tpm_be_find_by_type'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:193: qemu-system-x86_64] Error 1

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v

Re: [Qemu-devel] [PATCH v2] fix WFI/WFE length in syndrome register

[Stefano Stabellini]

On Sat, 21 Oct 2017, no-re...@patchew.org wrote:
> Makefile:30: recipe for target 'git-submodule-update' failed
> make: *** [git-submodule-update] Error 1
> make: *** Waiting for unfinished jobs
> make: *** wait: No child processes.  Stop.
> === OUTPUT END ===
> 
> Test command exited with code: 2

This is a false positive, isn't it?

[Qemu-devel] [RFC v2] e1000: Faulty tx checksum offload corrupts packets

[Ed Swierk via Qemu-devel]

v2: Cosmetic fixes for checkpatch/buildbot errors

The transmit checksum offload implementation in QEMU's e1000 device is
deficient and causes packet data corruption in some situations.

According to the Intel 8254x software developer's manual[1], the
hardware device maintains two separate contexts: the TCP segmentation
offload (TSO) context includes parameters for both segmentation
offload and checksum offload, and the normal (SUM,
i.e. checksum-offload-only) context includes only checksum offload
parameters. These parameters specify over which packet data to compute
the checksum, and where in the packet to store the computed
checksum(s).

[1] 
https://www.intel.com/content/dam/doc/manual/pci-pci-x-family-gbe-controllers-software-dev-manual.pdf

The e1000 driver can update either of these contexts by sending a
transmit context descriptor. The TSE bit in the TUCMD field controls
which context is modified by the descriptor. Crucially, a transmit
context descriptor with TSE=1 changes only the TSO context, leaving
the SUM context unchanged; with TSE=0 the opposite is true.

Fields in the transmit data descriptor determine which (if either) of
these two contexts the device uses when actually transmitting some
data:

- If the TSE bit in the DCMD field is set, then the device performs
  TCP segmentation offload using the parameters previously set in the
  TSO context. In addition, if TXSM and/or IXSM is set in the POPTS
  field, the device performs the appropriate checksum offloads using
  the parameters in the same (TSO) context.

- Otherwise, if the TSE bit in the DCMD field is clear, then there is
  no TCP segmentation offload. If TXSM and/or IXSM is set in the POPTS
  field, the device performs the appropriate checksum offloads using
  the parameters in the SUM context.

The e1000 driver is free to set up the TSO and SUM contexts and then
transmit a mixture of data, with each data descriptor using a
different (or neither) context. This is what the e1000 driver for
Windows (Intel(R) PRO/1000 MT Network Connection, aka E1G6023E.sys)
does in certain cases. Sometimes with quite undesirable results, since
the QEMU e1000 device doesn't work as described above.

Instead, the QEMU e1000 device maintains only one context in its state
structure. When it receives a transmit context descriptor from the
driver, it overwrites the context parameters regardless of the TSE bit
in the TUCMD field.

To see why this is wrong, suppose the driver first sets up a SUM
context with UDP checksum offload parameters (say, TUCSO pointing to
the appropriate offset for a UDP checksum, 6 bytes into the header),
and then sets up a TSO context with TCP checksum offload parameters
(TUCSO pointing to the appropriate offset for a TCP checksum, 16 bytes
into the header). The driver then sends a transmit data descriptor
with TSO=0 and TXSM=1 along with a UDP datagram. The QEMU e1000 device
computes the checksum using the last set of checksum offload
parameters, and writes the checksum to offset 16, stomping on two
bytes of UDP data, and leaving the wrong checksum in the UDP checksum
field.

To make matters worse, if the host network stack treats data
transmitted from a VM as locally originated, it may do its own UDP
checksum computation, "correcting" it to match the corrupt data before
sending it on the wire. Now the corrupt UDP packet makes its way all
the way to the destination.

(Another layer of icing on the cake is that QEMU ignores the
requirement that a UDP checksum computed as zero be sent as 0x,
since zero is a special value meaning no checksum. So even when QEMU
doesn't corrupt the packet data, the packet sometimes leaves the box
with no checksum at all.)

I have instrumented QEMU and reproduced this behavior with a Windows
10 guest, rather easily with a TCP iperf and a UDP iperf running in
parallel. I have also attempted a fix, which is below in very rough
form.

Before I spend too much time refining a patch, I'd like to get
feedback on my approach.

One puzzle is what to do about e1000e: it shares shares some data
structures and a bit of code with e1000, but little else, which is
surprising given how similar they are (or should be). The e1000e's
handling of TCP segmentation offload and checksum offload is totally
different, and problematic for other reasons (it totally ignores most
of the context parameters provided by the driver and basically does
what it thinks is best by digging into the packet data). Is this
divergence intentional? Is there a reason not to change e1000e as long
as I'm trying to make e1000 more datasheet-conformant?

Not ready for prime time, but nonetheless
Signed-off-by: Ed Swierk 

---
 hw/net/e1000.c | 183 +++--
 hw/net/e1000x_common.h |   4 +-
 2 files changed, 132 insertions(+), 55 deletions(-)

diff --git a/hw/net/e1000.c b/hw/net/e1000.c
index 9324949..66ac7d3 100644
--- a/hw/net/e1000.c
+++ b/hw/net/e1000.c
@@ -98,7 +98,10 

Re: [Qemu-devel] [PATCH v1] arm: Adding new arm machine, Kinetis K64 MK64FN1M0

[Gabriel Costa]

Hi Philippe,

Thanks for all your comments!
I will put all this corrections for the next patch, also I removed the
FlexTimer, it is not necessary to do this basic emulation.

Thanks,

Gabriel


On Fri, Oct 20, 2017 at 6:25 PM, Philippe Mathieu-Daudé 
wrote:

> > +/*dev = sysbus_create_simple(TYPE_KINETIS_SPI, 0x4002C000,
> > +qdev_get_gpio_in(nvic, 31)); *SPI0*/
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_SPI, 0x4002D000,
> > +qdev_get_gpio_in(nvic, 33)); *SPI1*/
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_ADC, 0x4003B000,
> > +qdev_get_gpio_in(nvic, 31)); *ADC0*/
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_DAC, 0x4002F000,
> > +qdev_get_gpio_in(nvic, 33)); *DAC0*/
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_I2C, 0x40066000,
> > +qdev_get_gpio_in(nvic, 31)); *I2C0*/
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_I2C, 0x40067000,
> > +qdev_get_gpio_in(nvic, 33)); *I2C1*/
> > +
> > +//sysbus_create_simple(TYPE_KINETIS_K64_UART, 0x4006A000,
> > +//qdev_get_gpio_in(nvic, 31)); /*UART0*/
> > +kinetis_k64_uart_create(0x4006A000, qdev_get_gpio_in(nvic, 31),
> > +serial_hds[0]);
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_K64_UART, 0x4006B000,
> > +qdev_get_gpio_in(nvic, 33)); *UART1*/
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_K64_UART, 0x4006C000,
> > +qdev_get_gpio_in(nvic, 35)); *UART2*/
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_K64_UART, 0x4006D000,
> > +qdev_get_gpio_in(nvic, 37)); *UART3*/
> > +
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_SPI, 0x400AC000,
> > +qdev_get_gpio_in(nvic, 65)); *SPI2*/
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_ADC, 0x400BB000,
> > +qdev_get_gpio_in(nvic, 73)); *ADC1*/
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_I2C, 0x400E6000,
> > +qdev_get_gpio_in(nvic, 74)); *I2C2*/
> > +
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_K64_UART, 0x400EA000,
> > +qdev_get_gpio_in(nvic, 66)); *UART4*/
> > +/*dev = sysbus_create_simple(TYPE_KINETIS_K64_UART, 0x400EB000,
> > +qdev_get_gpio_in(nvic, 68)); *UART5*/
>
> Just create those with create_unimplemented_device() instead...
>
> > +
> > +create_unimplemented_device("peripheral_bridge_0",  0x4000,
> 0x1000);
> > +create_unimplemented_device("Crossbar_Switch",  0x40004000,
> 0x1000);
> > +create_unimplemented_device("DMA_Controller",   0x40008000,
> 0x1000);
> > +create_unimplemented_device("DMA_Controller_t", 0x40009000,
> 0x1000);
> > +create_unimplemented_device("FlexBus",  0x4000C000,
> 0x1000);
> > +create_unimplemented_device("MPU",  0x4000D000,
> 0x1000);
> > +create_unimplemented_device("Flash_mem_ctrl",   0x4001F000,
> 0x1000);
> > +create_unimplemented_device("Flash_mem",0x4002,
> 0x1000);
> > +create_unimplemented_device("DMA_ch_multiplexer",   0x40021000,
> 0x1000);
> > +}
>

Re: [Qemu-devel] [PATCH v3 04/11] kinetis_k64_sim.h has been added

[Gabriel Costa]

Hi Philippe,

Thanks for all your comments!
The name SIM came from kinetis datasheet, it is the name of the peripheral.
I believe others families of kinetis microcontrollers uses the same name.

On Fri, Oct 20, 2017 at 6:17 PM, Philippe Mathieu-Daudé 
wrote:

> Hi Gabriel,
>
> On 10/20/2017 12:39 PM, Gabriel Augusto Costa wrote:
> > I made a new arm machine with some peripherals. The machine is
> mk64fn1m0, a
> > cortex-m4 microcontroller from NXP Kinetis family. The machine can run a
> > simple arm binary file using UART0 in polling mode.
> > I have prepared a series of patchs to include this machine:
> > PATCH v3 n/11: It adds the machine and peripherals devices;
> > PATCH v4 n/2: It changes the Make files to compile this machine.
> >
> > Signed-off-by: Gabriel Augusto Costa 
> > ---
> >  include/hw/misc/kinetis_k64_sim.h | 56 ++
> +
> >  1 file changed, 56 insertions(+)
> >  create mode 100644 include/hw/misc/kinetis_k64_sim.h
> >
> > diff --git a/include/hw/misc/kinetis_k64_sim.h
> b/include/hw/misc/kinetis_k64_sim.h
> > new file mode 100644
> > index 000..2eb1f5c
> > --- /dev/null
> > +++ b/include/hw/misc/kinetis_k64_sim.h
>
> I'd rather name it kinetis_k64_system.h or kinetis_k64_sysctl.h
>
> > @@ -0,0 +1,56 @@
> > +/*
> > + * Kinetis K64 peripheral microcontroller emulation.
> > + *
> > + * Copyright (c) 2017 Advantech Wireless
> > + * Written by Gabriel Costa 
> > + *
> > + *  This program is free software; you can redistribute it and/or modify
> > + *  it under the terms of the GNU General Public License version 2 or
> > + *  (at your option) any later version.
> > + */
> > +
> > +/* Kinetis K64 series SIM controller.  */
> > +
> > +#ifndef KINETIS_SIM_H
> > +#define KINETIS_SIM_H
> > +
> > +#include "hw/sysbus.h"
> > +#include "chardev/char-fe.h"
>
> not used
>
> > +#include "chardev/char-mux.h"
>
> not used
>
> > +#include "hw/hw.h"
> > +
> > +#define TYPE_KINETIS_K64_SIM "kinetis_k64_sim"
> > +#define KINETIS_K64_SIM(obj) \
> > +OBJECT_CHECK(kinetis_k64_sim_state, (obj), TYPE_KINETIS_K64_SIM)
> > +
> > +typedef struct {
> > +SysBusDevice parent_obj;
> > +
> > +MemoryRegion iomem;
> > +
> > +uint32_t SOPT1; /**< System Options Register 1, offset: 0x0 */
> > +uint32_t SOPT1CFG;  /**< SOPT1 Configuration Register, offset: 0x4
> */
> > +uint32_t SOPT2; /**< System Options Register 2, offset: 0x1004
> */
> > +uint32_t SOPT4; /**< System Options Register 4, offset: 0x100C
> */
> > +uint32_t SOPT5; /**< System Options Register 5, offset: 0x1010
> */
> > +uint32_t SOPT7; /**< System Options Register 7, offset: 0x1018
> */
>
> could be uint32_t SOPT[8] ...
>
> > +uint32_t SDID;  /**< System Device Id Register, offset: 0x1024
> */
> > +uint32_t SCGC1; /**< System Clock Gating Ctrl Reg 1, offset:
> 0x1028 */
> > +uint32_t SCGC2; /**< System Clock Gating Ctrl Reg 2, offset:
> 0x102C */
> > +uint32_t SCGC3; /**< System Clock Gating Ctrl Reg 3, offset:
> 0x1030 */
> > +uint32_t SCGC4; /**< System Clock Gating Ctrl Reg 4, offset:
> 0x1034 */
> > +uint32_t SCGC5; /**< System Clock Gating Ctrl Reg 5, offset:
> 0x1038 */
> > +uint32_t SCGC6; /**< System Clock Gating Ctrl Reg 6, offset:
> 0x103C */
> > +uint32_t SCGC7; /**< System Clock Gating Ctrl Reg 7, offset:
> 0x1040 */
>
> ... and uint32_t SCGC[8]
>
> Then in the source I'd do:
>
> case 0x:
> value = s->SOPT[0];
> break;
>
> case 0x0004:
> value = s->SOPTCFG[0];
> break;
>
> case 0x1004 ... 0x1018:
> value = s->SOPT[(value & 0x1f) >> 2];
> break;
>
> > +uint32_t CLKDIV1;   /**< System Clock Divider Register 1, offset:
> 0x1044 */
> > +uint32_t CLKDIV2;   /**< System Clock Divider Register 2, offset:
> 0x1048 */
> > +uint32_t FCFG1; /**< Flash Configuration Register 1, offset:
> 0x104C */
> > +uint32_t FCFG2; /**< Flash Configuration Register 2, offset:
> 0x1050 */
> > +uint32_t UIDH;  /**< Unique Id Register High, offset: 0x1054 */
> > +uint32_t UIDMH; /**< Unique Id Register Mid-High, offset:
> 0x1058 */
> > +uint32_t UIDML; /**< Unique Id Register Mid Low, offset: 0x105C
> */
> > +uint32_t UIDL;  /**< Unique Id Register Low, offset: 0x1060 */
> > +
> > +} kinetis_k64_sim_state;
> > +
> > +#endif
> >
>

[Qemu-devel] [PATCH v2 22/27] pci: Add support for Designware IP block

[Andrey Smirnov]

Add code needed to get a functional PCI subsytem when using in
conjunction with upstream Linux guest (4.13+). Tested to work against
"e1000e" (network adapter, using MSI interrupts) as well as
"usb-ehci" (USB controller, using legacy PCI interrupts).

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 default-configs/arm-softmmu.mak  |   2 +
 hw/pci-host/Makefile.objs|   2 +
 hw/pci-host/designware.c | 614 +++
 include/hw/pci-host/designware.h |  92 ++
 include/hw/pci/pci_ids.h |   2 +
 5 files changed, 712 insertions(+)
 create mode 100644 hw/pci-host/designware.c
 create mode 100644 include/hw/pci-host/designware.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index bbdd3c1d8b..225ebbd90a 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -129,3 +129,5 @@ CONFIG_ACPI=y
 CONFIG_SMBIOS=y
 CONFIG_ASPEED_SOC=y
 CONFIG_GPIO_KEY=y
+
+CONFIG_PCI_DESIGNWARE=y
diff --git a/hw/pci-host/Makefile.objs b/hw/pci-host/Makefile.objs
index 9c7909cf44..0e2c0a123b 100644
--- a/hw/pci-host/Makefile.objs
+++ b/hw/pci-host/Makefile.objs
@@ -17,3 +17,5 @@ common-obj-$(CONFIG_PCI_PIIX) += piix.o
 common-obj-$(CONFIG_PCI_Q35) += q35.o
 common-obj-$(CONFIG_PCI_GENERIC) += gpex.o
 common-obj-$(CONFIG_PCI_XILINX) += xilinx-pcie.o
+
+common-obj-$(CONFIG_PCI_DESIGNWARE) += designware.o
diff --git a/hw/pci-host/designware.c b/hw/pci-host/designware.c
new file mode 100644
index 00..7ae4126d96
--- /dev/null
+++ b/hw/pci-host/designware.c
@@ -0,0 +1,614 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * Designware PCIe IP block emulation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/pci_bridge.h"
+#include "hw/pci/pci_host.h"
+#include "hw/pci/pcie_port.h"
+#include "hw/pci-host/designware.h"
+
+#define PCIE_PORT_LINK_CONTROL  0x710
+
+#define PCIE_PHY_DEBUG_R1   0x72C
+#define PCIE_PHY_DEBUG_R1_XMLH_LINK_UP  BIT(4)
+
+#define PCIE_LINK_WIDTH_SPEED_CONTROL   0x80C
+
+#define PCIE_MSI_ADDR_LO0x820
+#define PCIE_MSI_ADDR_HI0x824
+#define PCIE_MSI_INTR0_ENABLE   0x828
+#define PCIE_MSI_INTR0_MASK 0x82C
+#define PCIE_MSI_INTR0_STATUS   0x830
+
+#define PCIE_ATU_VIEWPORT   0x900
+#define PCIE_ATU_REGION_INBOUND (0x1 << 31)
+#define PCIE_ATU_REGION_OUTBOUND(0x0 << 31)
+#define PCIE_ATU_REGION_INDEX2  (0x2 << 0)
+#define PCIE_ATU_REGION_INDEX1  (0x1 << 0)
+#define PCIE_ATU_REGION_INDEX0  (0x0 << 0)
+#define PCIE_ATU_CR10x904
+#define PCIE_ATU_TYPE_MEM   (0x0 << 0)
+#define PCIE_ATU_TYPE_IO(0x2 << 0)
+#define PCIE_ATU_TYPE_CFG0  (0x4 << 0)
+#define PCIE_ATU_TYPE_CFG1  (0x5 << 0)
+#define PCIE_ATU_CR20x908
+#define PCIE_ATU_ENABLE (0x1 << 31)
+#define PCIE_ATU_BAR_MODE_ENABLE(0x1 << 30)
+#define PCIE_ATU_LOWER_BASE 0x90C
+#define PCIE_ATU_UPPER_BASE 0x910
+#define PCIE_ATU_LIMIT  0x914
+#define PCIE_ATU_LOWER_TARGET   0x918
+#define PCIE_ATU_BUS(x) (((x) >> 24) & 0xff)
+#define PCIE_ATU_DEVFN(x)   (((x) >> 16) & 0xff)
+#define PCIE_ATU_UPPER_TARGET   0x91C
+
+static DesignwarePCIEHost *
+designware_pcie_root_to_host(DesignwarePCIERoot *root)
+{
+BusState *bus = qdev_get_parent_bus(DEVICE(root));
+return DESIGNWARE_PCIE_HOST(bus->parent);
+}
+
+static void designware_pcie_root_msi_write(void *opaque, hwaddr addr,
+   uint64_t val, unsigned len)
+{
+DesignwarePCIERoot *root = DESIGNWARE_PCIE_ROOT(opaque);
+DesignwarePCIEHost *host = designware_pcie_root_to_host(root);
+
+root->msi.intr[0].status |= (1 << val) & root->msi.intr[0].enable;
+
+if (root->msi.intr[0].status & ~root->msi.intr[0].mask) {
+qemu_set_irq(host->pci.irqs[0], 1);
+}
+}
+
+const MemoryRegionOps 

[Qemu-devel] [PATCH v2 24/27] i.MX: Add code to emulate i.MX7 ADC IP block

[Andrey Smirnov]

Add minimal code needed to allow upstream Linux guest to boot.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/misc/Makefile.objs  |  1 +
 hw/misc/imx7_adc.c | 99 ++
 include/hw/misc/imx7_adc.h | 22 +++
 3 files changed, 122 insertions(+)
 create mode 100644 hw/misc/imx7_adc.c
 create mode 100644 include/hw/misc/imx7_adc.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index c9944161bd..b578bd0cba 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -39,6 +39,7 @@ obj-$(CONFIG_IMX) += imx2_wdt.o
 obj-$(CONFIG_IMX) += imx7_snvs.o
 obj-$(CONFIG_IMX) += imx7_iomuxc.o
 obj-$(CONFIG_IMX) += imx_flexcan.o
+obj-$(CONFIG_IMX) += imx7_adc.o
 obj-$(CONFIG_IMX) += imx7_gpr.o
 obj-$(CONFIG_MILKYMIST) += milkymist-hpdmc.o
 obj-$(CONFIG_MILKYMIST) += milkymist-pfpu.o
diff --git a/hw/misc/imx7_adc.c b/hw/misc/imx7_adc.c
new file mode 100644
index 00..7945e99075
--- /dev/null
+++ b/hw/misc/imx7_adc.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX7 ADC block emulation code
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/misc/imx7_adc.h"
+#include "qemu/log.h"
+
+static void imx7_adc_reset(DeviceState *dev)
+{
+IMX7ADCState *s = IMX7_ADC(dev);
+
+memset(s->regs, 0, sizeof(s->regs));
+}
+
+static uint64_t imx7_adc_read(void *opaque, hwaddr offset,
+   unsigned size)
+{
+IMX7ADCState *s = opaque;
+return s->regs[offset / sizeof(uint32_t)];
+}
+
+static void imx7_adc_write(void *opaque, hwaddr offset,
+uint64_t value, unsigned size)
+{
+IMX7ADCState *s = opaque;
+s->regs[offset / sizeof(uint32_t)] = value;
+}
+
+static const struct MemoryRegionOps imx7_adc_ops = {
+.read = imx7_adc_read,
+.write = imx7_adc_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+/*
+ * Our device would not work correctly if the guest was doing
+ * unaligned access. This might not be a limitation on the real
+ * device but in practice there is no reason for a guest to access
+ * this device unaligned.
+ */
+.min_access_size = 4,
+.max_access_size = 4,
+.unaligned = false,
+},
+};
+
+static void imx7_adc_init(Object *obj)
+{
+SysBusDevice *sd = SYS_BUS_DEVICE(obj);
+IMX7ADCState *s = IMX7_ADC(obj);
+
+memory_region_init_io(>iomem,
+  obj,
+  _adc_ops,
+  s,
+  TYPE_IMX7_ADC ".iomem",
+  sizeof(s->regs));
+sysbus_init_mmio(sd, >iomem);
+}
+
+static const VMStateDescription vmstate_imx7_adc = {
+.name = TYPE_IMX7_ADC,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32_ARRAY(regs, IMX7ADCState, ADC_NUM),
+VMSTATE_END_OF_LIST()
+},
+};
+
+static void imx7_adc_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->reset = imx7_adc_reset;
+dc->vmsd  = _imx7_adc;
+dc->desc  = "i.MX ADC Module";
+}
+
+static const TypeInfo imx7_adc_info = {
+.name  = TYPE_IMX7_ADC,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(IMX7ADCState),
+.instance_init = imx7_adc_init,
+.class_init= imx7_adc_class_init,
+};
+
+static void imx7_adc_register_type(void)
+{
+type_register_static(_adc_info);
+}
+type_init(imx7_adc_register_type)
diff --git a/include/hw/misc/imx7_adc.h b/include/hw/misc/imx7_adc.h
new file mode 100644
index 00..4a61c52caf
--- /dev/null
+++ b/include/hw/misc/imx7_adc.h
@@ -0,0 +1,22 @@
+#ifndef IMX7_ADC_H
+#define IMX7_ADC_H
+
+#include "hw/sysbus.h"
+
+enum IMX7ADCRegisters {
+ADC_NUM = 0x130 / sizeof(uint32_t) + 1,
+};
+
+typedef struct IMX7ADCState {
+/*< private >*/
+SysBusDevice parent_obj;
+
+/*< public >*/
+MemoryRegion iomem;
+uint32_t regs[ADC_NUM];
+} IMX7ADCState;
+
+#define TYPE_IMX7_ADC "imx7-adc"
+#define IMX7_ADC(obj) OBJECT_CHECK(IMX7ADCState, (obj), TYPE_IMX7_ADC)
+
+#endif /* IMX7_ADC_H */
-- 
2.13.5

[Qemu-devel] [PATCH v2 23/27] i.MX: Add code to emulate i.MX7 USBMISC IP block

[Andrey Smirnov]

Add minimal code needed to allow upstream Linux guest to boot.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/usb/Makefile.objs |  1 +
 hw/usb/imx-usbmisc.c | 99 
 include/hw/usb/imx-usbmisc.h | 22 ++
 3 files changed, 122 insertions(+)
 create mode 100644 hw/usb/imx-usbmisc.c
 create mode 100644 include/hw/usb/imx-usbmisc.h

diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs
index 97f1c4561a..813359fadc 100644
--- a/hw/usb/Makefile.objs
+++ b/hw/usb/Makefile.objs
@@ -12,6 +12,7 @@ common-obj-$(CONFIG_USB_XHCI_NEC) += hcd-xhci-nec.o
 common-obj-$(CONFIG_USB_MUSB) += hcd-musb.o
 
 obj-$(CONFIG_TUSB6010) += tusb6010.o
+obj-$(CONFIG_IMX)  += imx-usbmisc.o
 
 # emulated usb devices
 common-obj-$(CONFIG_USB) += dev-hub.o
diff --git a/hw/usb/imx-usbmisc.c b/hw/usb/imx-usbmisc.c
new file mode 100644
index 00..d5e236a4be
--- /dev/null
+++ b/hw/usb/imx-usbmisc.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX7 IOMUXC block emulation code
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/usb/imx-usbmisc.h"
+#include "qemu/log.h"
+
+static void imx_usbmisc_reset(DeviceState *dev)
+{
+IMXUSBMiscState *s = IMX_USBMISC(dev);
+
+memset(s->regs, 0, sizeof(s->regs));
+}
+
+static uint64_t imx_usbmisc_read(void *opaque, hwaddr offset,
+   unsigned size)
+{
+IMXUSBMiscState *s = opaque;
+return s->regs[offset / sizeof(uint32_t)];
+}
+
+static void imx_usbmisc_write(void *opaque, hwaddr offset,
+uint64_t value, unsigned size)
+{
+IMXUSBMiscState *s = opaque;
+s->regs[offset / sizeof(uint32_t)] = value;
+}
+
+static const struct MemoryRegionOps imx_usbmisc_ops = {
+.read = imx_usbmisc_read,
+.write = imx_usbmisc_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+/*
+ * Our device would not work correctly if the guest was doing
+ * unaligned access. This might not be a limitation on the real
+ * device but in practice there is no reason for a guest to access
+ * this device unaligned.
+ */
+.min_access_size = 4,
+.max_access_size = 4,
+.unaligned = false,
+},
+};
+
+static void imx_usbmisc_init(Object *obj)
+{
+SysBusDevice *sd = SYS_BUS_DEVICE(obj);
+IMXUSBMiscState *s = IMX_USBMISC(obj);
+
+memory_region_init_io(>iomem,
+  obj,
+  _usbmisc_ops,
+  s,
+  TYPE_IMX_USBMISC ".iomem",
+  sizeof(s->regs));
+sysbus_init_mmio(sd, >iomem);
+}
+
+static const VMStateDescription vmstate_imx_usbmisc = {
+.name = TYPE_IMX_USBMISC,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32_ARRAY(regs, IMXUSBMiscState, USBMISC_NUM),
+VMSTATE_END_OF_LIST()
+},
+};
+
+static void imx_usbmisc_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->reset = imx_usbmisc_reset;
+dc->vmsd  = _imx_usbmisc;
+dc->desc  = "i.MX IOMUXC Module";
+}
+
+static const TypeInfo imx_usbmisc_info = {
+.name  = TYPE_IMX_USBMISC,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(IMXUSBMiscState),
+.instance_init = imx_usbmisc_init,
+.class_init= imx_usbmisc_class_init,
+};
+
+static void imx_usbmisc_register_type(void)
+{
+type_register_static(_usbmisc_info);
+}
+type_init(imx_usbmisc_register_type)
diff --git a/include/hw/usb/imx-usbmisc.h b/include/hw/usb/imx-usbmisc.h
new file mode 100644
index 00..64b06f3d3c
--- /dev/null
+++ b/include/hw/usb/imx-usbmisc.h
@@ -0,0 +1,22 @@
+#ifndef IMX_USBMISC_H
+#define IMX_USBMISC_H
+
+#include "hw/sysbus.h"
+
+enum IMXUSBMiscRegisters {
+USBMISC_NUM = 0x24 / sizeof(uint32_t) + 1,
+};
+
+typedef struct IMXUSBMiscState {
+/*< private >*/
+SysBusDevice parent_obj;
+
+/*< public >*/
+MemoryRegion iomem;
+uint32_t regs[USBMISC_NUM];
+} IMXUSBMiscState;
+
+#define TYPE_IMX_USBMISC "imx-usbmisc"
+#define IMX_USBMISC(obj) OBJECT_CHECK(IMXUSBMiscState, (obj), TYPE_IMX_USBMISC)
+
+#endif /* IMX_USBMISC_H */
-- 
2.13.5

[Qemu-devel] [PATCH v2 21/27] i.MX: Add implementation of i.MX7 GPR IP block

[Andrey Smirnov]

Add minimal code needed to allow upstream Linux guest to boot.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/misc/Makefile.objs  |   1 +
 hw/misc/imx7_gpr.c | 119 +
 include/hw/misc/imx7_gpr.h |  28 +++
 3 files changed, 148 insertions(+)
 create mode 100644 hw/misc/imx7_gpr.c
 create mode 100644 include/hw/misc/imx7_gpr.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 943b22af40..c9944161bd 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -39,6 +39,7 @@ obj-$(CONFIG_IMX) += imx2_wdt.o
 obj-$(CONFIG_IMX) += imx7_snvs.o
 obj-$(CONFIG_IMX) += imx7_iomuxc.o
 obj-$(CONFIG_IMX) += imx_flexcan.o
+obj-$(CONFIG_IMX) += imx7_gpr.o
 obj-$(CONFIG_MILKYMIST) += milkymist-hpdmc.o
 obj-$(CONFIG_MILKYMIST) += milkymist-pfpu.o
 obj-$(CONFIG_MAINSTONE) += mst_fpga.o
diff --git a/hw/misc/imx7_gpr.c b/hw/misc/imx7_gpr.c
new file mode 100644
index 00..9e8ccea9e8
--- /dev/null
+++ b/hw/misc/imx7_gpr.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX7 GPR IP block emulation code
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * Bare minimum emulation code needed to support being able to shut
+ * down linux guest gracefully.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/misc/imx7_gpr.h"
+#include "qemu/log.h"
+#include "sysemu/sysemu.h"
+
+enum IMX7GPRRegisters {
+IOMUXC_GPR0  = 0x00,
+IOMUXC_GPR1  = 0x04,
+IOMUXC_GPR2  = 0x08,
+IOMUXC_GPR3  = 0x0c,
+IOMUXC_GPR4  = 0x10,
+IOMUXC_GPR5  = 0x14,
+IOMUXC_GPR6  = 0x18,
+IOMUXC_GPR7  = 0x1c,
+IOMUXC_GPR8  = 0x20,
+IOMUXC_GPR9  = 0x24,
+IOMUXC_GPR10 = 0x28,
+IOMUXC_GPR11 = 0x2c,
+IOMUXC_GPR12 = 0x30,
+IOMUXC_GPR13 = 0x34,
+IOMUXC_GPR14 = 0x38,
+IOMUXC_GPR15 = 0x3c,
+IOMUXC_GPR16 = 0x40,
+IOMUXC_GPR17 = 0x44,
+IOMUXC_GPR18 = 0x48,
+IOMUXC_GPR19 = 0x4c,
+IOMUXC_GPR20 = 0x50,
+IOMUXC_GPR21 = 0x54,
+IOMUXC_GPR22 = 0x58,
+};
+
+#define IMX7D_GPR1_IRQ_MASK BIT(12)
+#define IMX7D_GPR1_ENET1_TX_CLK_SEL_MASKBIT(13)
+#define IMX7D_GPR1_ENET2_TX_CLK_SEL_MASKBIT(14)
+#define IMX7D_GPR1_ENET_TX_CLK_SEL_MASK (0x3 << 13)
+#define IMX7D_GPR1_ENET1_CLK_DIR_MASK   BIT(17)
+#define IMX7D_GPR1_ENET2_CLK_DIR_MASK   BIT(18)
+#define IMX7D_GPR1_ENET_CLK_DIR_MASK(0x3 << 17)
+
+#define IMX7D_GPR5_CSI_MUX_CONTROL_MIPI BIT(4)
+#define IMX7D_GPR12_PCIE_PHY_REFCLK_SEL BIT(5)
+#define IMX7D_GPR22_PCIE_PHY_PLL_LOCKED BIT(31)
+
+
+static uint64_t imx7_gpr_read(void *opaque, hwaddr offset, unsigned size)
+{
+if (offset == IOMUXC_GPR22) {
+return IMX7D_GPR22_PCIE_PHY_PLL_LOCKED;
+}
+
+return 0;
+}
+
+static void imx7_gpr_write(void *opaque, hwaddr offset,
+   uint64_t v, unsigned size)
+{
+}
+
+static const struct MemoryRegionOps imx7_gpr_ops = {
+.read = imx7_gpr_read,
+.write = imx7_gpr_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+/*
+ * Our device would not work correctly if the guest was doing
+ * unaligned access. This might not be a limitation on the
+ * real device but in practice there is no reason for a guest
+ * to access this device unaligned.
+ */
+.min_access_size = 4,
+.max_access_size = 4,
+.unaligned = false,
+},
+};
+
+static void imx7_gpr_init(Object *obj)
+{
+SysBusDevice *sd = SYS_BUS_DEVICE(obj);
+IMX7GPRState *s = IMX7_GPR(obj);
+
+memory_region_init_io(>mmio, obj, _gpr_ops, s,
+  TYPE_IMX7_GPR, 64 * 1024);
+sysbus_init_mmio(sd, >mmio);
+}
+
+static void imx7_gpr_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->desc  = "i.MX7 General Purpose Registers Module";
+}
+
+static const TypeInfo imx7_gpr_info = {
+.name  = TYPE_IMX7_GPR,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(IMX7GPRState),
+.instance_init = imx7_gpr_init,
+.class_init= imx7_gpr_class_init,
+};
+
+static void imx7_gpr_register_type(void)
+{
+type_register_static(_gpr_info);
+}
+type_init(imx7_gpr_register_type)
diff --git a/include/hw/misc/imx7_gpr.h b/include/hw/misc/imx7_gpr.h
new file mode 100644
index 00..e19373d274
--- /dev/null
+++ b/include/hw/misc/imx7_gpr.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX7 GPR IP block emulation code
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or 

[Qemu-devel] [PATCH v2 26/27] i.MX: Add i.MX7 SOC implementation.

[Andrey Smirnov]

The following interfaces are partially or fully emulated:

* up to 2 Cortex A9 cores (SMP works with PSCI)
* A7 MPCORE (identical to A15 MPCORE)
* 4 GPTs modules
* 7 GPIO controllers
* 2 IOMUXC controllers
* 1 CCM module
* 1 SVNS module
* 1 SRC module
* 1 GPCv2 controller
* 4 eCSPI controllers
* 4 I2C controllers
* 7 i.MX UART controllers
* 2 FlexCAN controllers
* 2 Ethernet controllers (FEC)
* 3 SD controllers (USDHC)
* 4 WDT modules
* 1 SDMA module
* 1 GPR module
* 2 USBMISC modules
* 2 ADC modules
* 1 PCIe controller

Tested to boot and work with upstream Linux (4.13+) guest.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 default-configs/arm-softmmu.mak |   1 +
 hw/arm/Makefile.objs|   2 +
 hw/arm/fsl-imx7.c   | 596 
 include/hw/arm/fsl-imx7.h   | 217 +++
 4 files changed, 816 insertions(+)
 create mode 100644 hw/arm/fsl-imx7.c
 create mode 100644 include/hw/arm/fsl-imx7.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 225ebbd90a..a2f318d6dd 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -118,6 +118,7 @@ CONFIG_ALLWINNER_A10=y
 CONFIG_FSL_IMX6=y
 CONFIG_FSL_IMX31=y
 CONFIG_FSL_IMX25=y
+CONFIG_FSL_IMX7=y
 
 CONFIG_IMX_I2C=y
 
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index a2e56ecaae..33f6051ae3 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -19,3 +19,5 @@ obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
 obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
 obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o aspeed.o
 obj-$(CONFIG_MPS2) += mps2.o
+obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o
+
diff --git a/hw/arm/fsl-imx7.c b/hw/arm/fsl-imx7.c
new file mode 100644
index 00..f1a6a79179
--- /dev/null
+++ b/hw/arm/fsl-imx7.c
@@ -0,0 +1,596 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX7 SoC definitions
+ *
+ * Author: Andrey Smirnov 
+ *
+ * Based on hw/arm/fsl-imx6.c
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "hw/arm/fsl-imx7.h"
+#include "sysemu/sysemu.h"
+#include "qemu/error-report.h"
+
+#define NAME_SIZE 20
+
+static void fsl_imx7_init(Object *obj)
+{
+BusState *sysbus = sysbus_get_default();
+FslIMX7State *s = FSL_IMX7(obj);
+char name[NAME_SIZE];
+int i;
+
+if (smp_cpus > FSL_IMX7_NUM_CPUS) {
+error_report("%s: Only %d CPUs are supported (%d requested)",
+ TYPE_FSL_IMX7, FSL_IMX7_NUM_CPUS, smp_cpus);
+exit(1);
+}
+
+for (i = 0; i < smp_cpus; i++) {
+object_initialize(>cpu[i], sizeof(s->cpu[i]),
+  "cortex-a7-" TYPE_ARM_CPU);
+snprintf(name, NAME_SIZE, "cpu%d", i);
+object_property_add_child(obj, name, OBJECT(>cpu[i]),
+  _fatal);
+}
+
+/*
+ * A7MPCORE
+ */
+object_initialize(>a7mpcore, sizeof(s->a7mpcore), TYPE_A15MPCORE_PRIV);
+qdev_set_parent_bus(DEVICE(>a7mpcore), sysbus);
+object_property_add_child(obj, "a7mpcore",
+  OBJECT(>a7mpcore), _fatal);
+
+/*
+ * GPIOs 1 to 7
+ */
+for (i = 0; i < FSL_IMX7_NUM_GPIOS; i++) {
+object_initialize(>gpio[i], sizeof(s->gpio[i]),
+  TYPE_IMX_GPIO);
+qdev_set_parent_bus(DEVICE(>gpio[i]), sysbus);
+snprintf(name, NAME_SIZE, "gpio%d", i);
+object_property_add_child(obj, name,
+  OBJECT(>gpio[i]), _fatal);
+}
+
+/*
+ * IOMUXC and IOMUXC_LPSR
+ */
+for (i = 0; i < FSL_IMX7_NUM_IOMUXCS; i++) {
+object_initialize(>iomuxc[i], sizeof(s->iomuxc[i]),
+  TYPE_IMX7_IOMUXC);
+qdev_set_parent_bus(DEVICE(>iomuxc[i]), sysbus);
+snprintf(name, NAME_SIZE, "iomuxc%d", i);
+object_property_add_child(obj, name,
+  OBJECT(>iomuxc[i]), _fatal);
+}
+
+/*
+ * GPT1, 2, 3, 4
+ */
+for (i = 0; i < FSL_IMX7_NUM_GPTS; i++) {
+object_initialize(>gpt[i], sizeof(s->gpt[i]), TYPE_IMX7_GPT);
+

[Qemu-devel] [PATCH v2 17/27] i.MX: Add code to emulate i.MX7 IOMUXC IP block

[Andrey Smirnov]

Add minimal code needed to allow upstream Linux guest to boot.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/misc/Makefile.objs |  1 +
 hw/misc/imx7_iomuxc.c | 99 +++
 include/hw/misc/imx7_iomuxc.h | 22 ++
 3 files changed, 122 insertions(+)
 create mode 100644 hw/misc/imx7_iomuxc.c
 create mode 100644 include/hw/misc/imx7_iomuxc.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 16cee88e0f..492c535330 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -37,6 +37,7 @@ obj-$(CONFIG_IMX) += imx6_src.o
 obj-$(CONFIG_IMX) += imx7_ccm.o
 obj-$(CONFIG_IMX) += imx2_wdt.o
 obj-$(CONFIG_IMX) += imx7_snvs.o
+obj-$(CONFIG_IMX) += imx7_iomuxc.o
 obj-$(CONFIG_MILKYMIST) += milkymist-hpdmc.o
 obj-$(CONFIG_MILKYMIST) += milkymist-pfpu.o
 obj-$(CONFIG_MAINSTONE) += mst_fpga.o
diff --git a/hw/misc/imx7_iomuxc.c b/hw/misc/imx7_iomuxc.c
new file mode 100644
index 00..aa26a7485f
--- /dev/null
+++ b/hw/misc/imx7_iomuxc.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX7 IOMUXC block emulation code
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/misc/imx7_iomuxc.h"
+#include "qemu/log.h"
+
+static void imx7_iomuxc_reset(DeviceState *dev)
+{
+IMX7IOMUXCState *s = IMX7_IOMUXC(dev);
+
+memset(s->regs, 0, sizeof(s->regs));
+}
+
+static uint64_t imx7_iomuxc_read(void *opaque, hwaddr offset,
+   unsigned size)
+{
+IMX7IOMUXCState *s = opaque;
+return s->regs[offset / sizeof(uint32_t)];
+}
+
+static void imx7_iomuxc_write(void *opaque, hwaddr offset,
+uint64_t value, unsigned size)
+{
+IMX7IOMUXCState *s = opaque;
+s->regs[offset / sizeof(uint32_t)] = value;
+}
+
+static const struct MemoryRegionOps imx7_iomuxc_ops = {
+.read = imx7_iomuxc_read,
+.write = imx7_iomuxc_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+/*
+ * Our device would not work correctly if the guest was doing
+ * unaligned access. This might not be a limitation on the real
+ * device but in practice there is no reason for a guest to access
+ * this device unaligned.
+ */
+.min_access_size = 4,
+.max_access_size = 4,
+.unaligned = false,
+},
+};
+
+static void imx7_iomuxc_init(Object *obj)
+{
+SysBusDevice *sd = SYS_BUS_DEVICE(obj);
+IMX7IOMUXCState *s = IMX7_IOMUXC(obj);
+
+memory_region_init_io(>iomem,
+  obj,
+  _iomuxc_ops,
+  s,
+  TYPE_IMX7_IOMUXC ".iomem",
+  sizeof(s->regs));
+sysbus_init_mmio(sd, >iomem);
+}
+
+static const VMStateDescription vmstate_imx7_iomuxc = {
+.name = TYPE_IMX7_IOMUXC,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32_ARRAY(regs, IMX7IOMUXCState, IOMUXC_NUM),
+VMSTATE_END_OF_LIST()
+},
+};
+
+static void imx7_iomuxc_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->reset = imx7_iomuxc_reset;
+dc->vmsd  = _imx7_iomuxc;
+dc->desc  = "i.MX IOMUXC Module";
+}
+
+static const TypeInfo imx7_iomuxc_info = {
+.name  = TYPE_IMX7_IOMUXC,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(IMX7IOMUXCState),
+.instance_init = imx7_iomuxc_init,
+.class_init= imx7_iomuxc_class_init,
+};
+
+static void imx7_iomuxc_register_type(void)
+{
+type_register_static(_iomuxc_info);
+}
+type_init(imx7_iomuxc_register_type)
diff --git a/include/hw/misc/imx7_iomuxc.h b/include/hw/misc/imx7_iomuxc.h
new file mode 100644
index 00..7041a1ff42
--- /dev/null
+++ b/include/hw/misc/imx7_iomuxc.h
@@ -0,0 +1,22 @@
+#ifndef IMX7_IOMUXC_H
+#define IMX7_IOMUXC_H
+
+#include "hw/sysbus.h"
+
+enum IMX7IOMUXCRegisters {
+IOMUXC_NUM = 0x740 / sizeof(uint32_t),
+};
+
+typedef struct IMX7IOMUXCState {
+/*< private >*/
+SysBusDevice parent_obj;
+
+/*< public >*/
+MemoryRegion iomem;
+uint32_t regs[IOMUXC_NUM];
+} IMX7IOMUXCState;
+
+#define TYPE_IMX7_IOMUXC "imx7-iomuxc"
+#define IMX7_IOMUXC(obj) OBJECT_CHECK(IMX7IOMUXCState, (obj), TYPE_IMX7_IOMUXC)
+
+#endif /* IMX7_IOMUXC_H */
-- 
2.13.5

[Qemu-devel] [PATCH v2 15/27] i.MX: Add code to emulate i.MX7 SNVS IP-block

[Andrey Smirnov]

Add code to emulate SNVS IP-block. Currently only the bits needed to
be able to emulate machine shutdown are implemented.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/misc/Makefile.objs   |  1 +
 hw/misc/imx7_snvs.c | 83 +
 include/hw/misc/imx7_snvs.h | 35 +++
 3 files changed, 119 insertions(+)
 create mode 100644 hw/misc/imx7_snvs.c
 create mode 100644 include/hw/misc/imx7_snvs.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index c393a93456..16cee88e0f 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -36,6 +36,7 @@ obj-$(CONFIG_IMX) += imx6_ccm.o
 obj-$(CONFIG_IMX) += imx6_src.o
 obj-$(CONFIG_IMX) += imx7_ccm.o
 obj-$(CONFIG_IMX) += imx2_wdt.o
+obj-$(CONFIG_IMX) += imx7_snvs.o
 obj-$(CONFIG_MILKYMIST) += milkymist-hpdmc.o
 obj-$(CONFIG_MILKYMIST) += milkymist-pfpu.o
 obj-$(CONFIG_MAINSTONE) += mst_fpga.o
diff --git a/hw/misc/imx7_snvs.c b/hw/misc/imx7_snvs.c
new file mode 100644
index 00..670b9f4639
--- /dev/null
+++ b/hw/misc/imx7_snvs.c
@@ -0,0 +1,83 @@
+/*
+ * IMX7 Secure Non-Volatile Storage
+ *
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * Bare minimum emulation code needed to support being able to shut
+ * down linux guest gracefully.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/misc/imx7_snvs.h"
+#include "qemu/log.h"
+#include "sysemu/sysemu.h"
+
+static uint64_t imx7_snvs_read(void *opaque, hwaddr offset, unsigned size)
+{
+return 0;
+}
+
+static void imx7_snvs_write(void *opaque, hwaddr offset,
+uint64_t v, unsigned size)
+{
+const uint32_t value = v;
+const uint32_t mask  = SNVS_LPCR_TOP | SNVS_LPCR_DP_EN;
+
+if (offset == SNVS_LPCR && ((value & mask) == mask)) {
+qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
+}
+}
+
+static const struct MemoryRegionOps imx7_snvs_ops = {
+.read = imx7_snvs_read,
+.write = imx7_snvs_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+/*
+ * Our device would not work correctly if the guest was doing
+ * unaligned access. This might not be a limitation on the real
+ * device but in practice there is no reason for a guest to access
+ * this device unaligned.
+ */
+.min_access_size = 4,
+.max_access_size = 4,
+.unaligned = false,
+},
+};
+
+static void imx7_snvs_init(Object *obj)
+{
+SysBusDevice *sd = SYS_BUS_DEVICE(obj);
+IMX7SNVSState *s = IMX7_SNVS(obj);
+
+memory_region_init_io(>mmio, obj, _snvs_ops, s,
+  TYPE_IMX7_SNVS, 0x1000);
+
+sysbus_init_mmio(sd, >mmio);
+}
+
+static void imx7_snvs_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->desc  = "i.MX7 Secure Non-Volatile Storage Module";
+}
+
+static const TypeInfo imx7_snvs_info = {
+.name  = TYPE_IMX7_SNVS,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(IMX7SNVSState),
+.instance_init = imx7_snvs_init,
+.class_init= imx7_snvs_class_init,
+};
+
+static void imx7_snvs_register_type(void)
+{
+type_register_static(_snvs_info);
+}
+type_init(imx7_snvs_register_type)
diff --git a/include/hw/misc/imx7_snvs.h b/include/hw/misc/imx7_snvs.h
new file mode 100644
index 00..255f8f26f9
--- /dev/null
+++ b/include/hw/misc/imx7_snvs.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX7 SNVS block emulation code
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef IMX7_SNVS_H
+#define IMX7_SNVS_H
+
+#include "qemu/bitops.h"
+#include "hw/sysbus.h"
+
+
+enum IMX7SNVSRegisters {
+SNVS_LPCR = 0x38,
+SNVS_LPCR_TOP   = BIT(6),
+SNVS_LPCR_DP_EN = BIT(5)
+};
+
+#define TYPE_IMX7_SNVS "imx7.snvs"
+#define IMX7_SNVS(obj) OBJECT_CHECK(IMX7SNVSState, (obj), TYPE_IMX7_SNVS)
+
+typedef struct IMX7SNVSState {
+/*  */
+SysBusDevice parent_obj;
+
+MemoryRegion mmio;
+} IMX7SNVSState;
+
+#endif /* IMX7_SNVS_H */
-- 
2.13.5

[Qemu-devel] [PATCH v2 19/27] i.MX: Add code to emulate SDMA IP block

[Andrey Smirnov]

Add minimal code needed to allow upstream Linux guest to boot.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/dma/Makefile.objs  |  1 +
 hw/dma/imx_sdma.c | 99 +++
 include/hw/dma/imx_sdma.h | 22 +++
 3 files changed, 122 insertions(+)
 create mode 100644 hw/dma/imx_sdma.c
 create mode 100644 include/hw/dma/imx_sdma.h

diff --git a/hw/dma/Makefile.objs b/hw/dma/Makefile.objs
index 087c8e6855..3cee0b1047 100644
--- a/hw/dma/Makefile.objs
+++ b/hw/dma/Makefile.objs
@@ -14,3 +14,4 @@ obj-$(CONFIG_XLNX_ZYNQMP) += xlnx_dpdma.o
 obj-$(CONFIG_OMAP) += omap_dma.o soc_dma.o
 obj-$(CONFIG_PXA2XX) += pxa2xx_dma.o
 obj-$(CONFIG_RASPI) += bcm2835_dma.o
+obj-$(CONFIG_IMX) += imx_sdma.o
diff --git a/hw/dma/imx_sdma.c b/hw/dma/imx_sdma.c
new file mode 100644
index 00..0776e41b9a
--- /dev/null
+++ b/hw/dma/imx_sdma.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX7 IOMUXC block emulation code
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/dma/imx_sdma.h"
+#include "qemu/log.h"
+
+static void imx_sdma_reset(DeviceState *dev)
+{
+IMXSDMAState *s = IMX_SDMA(dev);
+
+memset(s->regs, 0, sizeof(s->regs));
+}
+
+static uint64_t imx_sdma_read(void *opaque, hwaddr offset,
+   unsigned size)
+{
+IMXSDMAState *s = opaque;
+return s->regs[offset / sizeof(uint32_t)];
+}
+
+static void imx_sdma_write(void *opaque, hwaddr offset,
+uint64_t value, unsigned size)
+{
+IMXSDMAState *s = opaque;
+s->regs[offset / sizeof(uint32_t)] = value;
+}
+
+static const struct MemoryRegionOps imx_sdma_ops = {
+.read = imx_sdma_read,
+.write = imx_sdma_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+/*
+ * Our device would not work correctly if the guest was doing
+ * unaligned access. This might not be a limitation on the real
+ * device but in practice there is no reason for a guest to access
+ * this device unaligned.
+ */
+.min_access_size = 4,
+.max_access_size = 4,
+.unaligned = false,
+},
+};
+
+static void imx_sdma_init(Object *obj)
+{
+SysBusDevice *sd = SYS_BUS_DEVICE(obj);
+IMXSDMAState *s = IMX_SDMA(obj);
+
+memory_region_init_io(>iomem,
+  obj,
+  _sdma_ops,
+  s,
+  TYPE_IMX_SDMA ".iomem",
+  sizeof(s->regs));
+sysbus_init_mmio(sd, >iomem);
+}
+
+static const VMStateDescription vmstate_imx_sdma = {
+.name = TYPE_IMX_SDMA,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32_ARRAY(regs, IMXSDMAState, SDMA_NUM),
+VMSTATE_END_OF_LIST()
+},
+};
+
+static void imx_sdma_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->reset = imx_sdma_reset;
+dc->vmsd  = _imx_sdma;
+dc->desc  = "i.MX IOMUXC Module";
+}
+
+static const TypeInfo imx_sdma_info = {
+.name  = TYPE_IMX_SDMA,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(IMXSDMAState),
+.instance_init = imx_sdma_init,
+.class_init= imx_sdma_class_init,
+};
+
+static void imx_sdma_register_type(void)
+{
+type_register_static(_sdma_info);
+}
+type_init(imx_sdma_register_type)
diff --git a/include/hw/dma/imx_sdma.h b/include/hw/dma/imx_sdma.h
new file mode 100644
index 00..13c5be7a00
--- /dev/null
+++ b/include/hw/dma/imx_sdma.h
@@ -0,0 +1,22 @@
+#ifndef IMX_SDMA_H
+#define IMX_SDMA_H
+
+#include "hw/sysbus.h"
+
+enum IMXSDMARegisters {
+SDMA_NUM = 0x300 / sizeof(uint32_t) + 1,
+};
+
+typedef struct IMXSDMAState {
+/*< private >*/
+SysBusDevice parent_obj;
+
+/*< public >*/
+MemoryRegion iomem;
+uint32_t regs[SDMA_NUM];
+} IMXSDMAState;
+
+#define TYPE_IMX_SDMA "imx-sdma"
+#define IMX_SDMA(obj) OBJECT_CHECK(IMXSDMAState, (obj), TYPE_IMX_SDMA)
+
+#endif /* IMX_SDMA_H */
-- 
2.13.5

[Qemu-devel] [PATCH v2 20/27] i.MX: Add code to emulate FlexCAN IP block

[Andrey Smirnov]

Add minimal code needed to allow upstream Linux guest to boot.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/misc/Makefile.objs |  1 +
 hw/misc/imx_flexcan.c | 99 +++
 include/hw/misc/imx_flexcan.h | 22 ++
 3 files changed, 122 insertions(+)
 create mode 100644 hw/misc/imx_flexcan.c
 create mode 100644 include/hw/misc/imx_flexcan.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 492c535330..943b22af40 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -38,6 +38,7 @@ obj-$(CONFIG_IMX) += imx7_ccm.o
 obj-$(CONFIG_IMX) += imx2_wdt.o
 obj-$(CONFIG_IMX) += imx7_snvs.o
 obj-$(CONFIG_IMX) += imx7_iomuxc.o
+obj-$(CONFIG_IMX) += imx_flexcan.o
 obj-$(CONFIG_MILKYMIST) += milkymist-hpdmc.o
 obj-$(CONFIG_MILKYMIST) += milkymist-pfpu.o
 obj-$(CONFIG_MAINSTONE) += mst_fpga.o
diff --git a/hw/misc/imx_flexcan.c b/hw/misc/imx_flexcan.c
new file mode 100644
index 00..dd4d3d6dc1
--- /dev/null
+++ b/hw/misc/imx_flexcan.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX FlexCAN block emulation code
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/misc/imx_flexcan.h"
+#include "qemu/log.h"
+
+static void imx_flexcan_reset(DeviceState *dev)
+{
+IMXFlexCANState *s = IMX_FLEXCAN(dev);
+
+memset(s->regs, 0, sizeof(s->regs));
+}
+
+static uint64_t imx_flexcan_read(void *opaque, hwaddr offset,
+   unsigned size)
+{
+IMXFlexCANState *s = opaque;
+return s->regs[offset / sizeof(uint32_t)];
+}
+
+static void imx_flexcan_write(void *opaque, hwaddr offset,
+uint64_t value, unsigned size)
+{
+IMXFlexCANState *s = opaque;
+s->regs[offset / sizeof(uint32_t)] = value;
+}
+
+static const struct MemoryRegionOps imx_flexcan_ops = {
+.read = imx_flexcan_read,
+.write = imx_flexcan_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+/*
+ * Our device would not work correctly if the guest was doing
+ * unaligned access. This might not be a limitation on the real
+ * device but in practice there is no reason for a guest to access
+ * this device unaligned.
+ */
+.min_access_size = 4,
+.max_access_size = 4,
+.unaligned = false,
+},
+};
+
+static void imx_flexcan_init(Object *obj)
+{
+SysBusDevice *sd = SYS_BUS_DEVICE(obj);
+IMXFlexCANState *s = IMX_FLEXCAN(obj);
+
+memory_region_init_io(>iomem,
+  obj,
+  _flexcan_ops,
+  s,
+  TYPE_IMX_FLEXCAN ".iomem",
+  sizeof(s->regs));
+sysbus_init_mmio(sd, >iomem);
+}
+
+static const VMStateDescription vmstate_imx_flexcan = {
+.name = TYPE_IMX_FLEXCAN,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32_ARRAY(regs, IMXFlexCANState, FLEXCAN_NUM),
+VMSTATE_END_OF_LIST()
+},
+};
+
+static void imx_flexcan_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->reset = imx_flexcan_reset;
+dc->vmsd  = _imx_flexcan;
+dc->desc  = "i.MX FlexCAN Module";
+}
+
+static const TypeInfo imx_flexcan_info = {
+.name  = TYPE_IMX_FLEXCAN,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(IMXFlexCANState),
+.instance_init = imx_flexcan_init,
+.class_init= imx_flexcan_class_init,
+};
+
+static void imx_flexcan_register_type(void)
+{
+type_register_static(_flexcan_info);
+}
+type_init(imx_flexcan_register_type)
diff --git a/include/hw/misc/imx_flexcan.h b/include/hw/misc/imx_flexcan.h
new file mode 100644
index 00..da9980cf86
--- /dev/null
+++ b/include/hw/misc/imx_flexcan.h
@@ -0,0 +1,22 @@
+#ifndef IMX_FLEXCAN_H
+#define IMX_FLEXCAN_H
+
+#include "hw/sysbus.h"
+
+enum IMXFlexCANRegisters {
+FLEXCAN_NUM = 0x9E0 / sizeof(uint32_t) + 1,
+};
+
+typedef struct IMXFlexCANState {
+/*< private >*/
+SysBusDevice parent_obj;
+
+/*< public >*/
+MemoryRegion iomem;
+uint32_t regs[FLEXCAN_NUM];
+} IMXFlexCANState;
+
+#define TYPE_IMX_FLEXCAN "imx-flexcan"
+#define IMX_FLEXCAN(obj) OBJECT_CHECK(IMXFlexCANState, (obj), TYPE_IMX_FLEXCAN)
+
+#endif /* IMX_FLEXCAN_H */
-- 
2.13.5

[Qemu-devel] [PATCH v2 11/27] sdhci: Add i.MX specific subtype of SDHCI

[Andrey Smirnov]

IP block found on several generations of i.MX family does not use
vanilla SDHCI implementation and it comes with a number of quirks.

Introduce i.MX SDHCI subtype of SDHCI block to add code necessary to
support unmodified Linux guest driver.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/sd/sdhci-internal.h |  15 ++
 hw/sd/sdhci.c  | 127 -
 include/hw/sd/sdhci.h  |   8 
 3 files changed, 148 insertions(+), 2 deletions(-)

diff --git a/hw/sd/sdhci-internal.h b/hw/sd/sdhci-internal.h
index 161177cf39..2a1b4b06ee 100644
--- a/hw/sd/sdhci-internal.h
+++ b/hw/sd/sdhci-internal.h
@@ -91,6 +91,8 @@
 #define SDHC_CTRL_ADMA2_32 0x10
 #define SDHC_CTRL_ADMA2_64 0x18
 #define SDHC_DMA_TYPE(x)   ((x) & SDHC_CTRL_DMA_CHECK_MASK)
+#define SDHC_CTRL_4BITBUS  0x02
+#define SDHC_CTRL_8BITBUS  0x20
 
 /* R/W Power Control Register 0x0 */
 #define SDHC_PWRCON0x29
@@ -229,4 +231,17 @@ enum {
 
 extern const VMStateDescription sdhci_vmstate;
 
+
+#define ESDHC_MIX_CTRL  0x48
+#define ESDHC_VENDOR_SPEC   0xc0
+#define ESDHC_DLL_CTRL  0x60
+
+#define ESDHC_TUNING_CTRL   0xcc
+#define ESDHC_TUNE_CTRL_STATUS  0x68
+#define ESDHC_WTMK_LVL  0x44
+
+#define ESDHC_CTRL_4BITBUS  (0x1 << 1)
+#define ESDHC_CTRL_8BITBUS  (0x2 << 1)
+
+
 #endif
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 6d6a791ee9..f561cc44e3 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -265,7 +265,8 @@ static void sdhci_send_command(SDHCIState *s)
 }
 }
 
-if ((s->norintstsen & SDHC_NISEN_TRSCMP) &&
+if (!(s->quirks & SDHCI_QUIRK_NO_BUSY_IRQ) &&
+(s->norintstsen & SDHC_NISEN_TRSCMP) &&
 (s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY) {
 s->norintsts |= SDHC_NIS_TRSCMP;
 }
@@ -1191,6 +1192,8 @@ static void sdhci_initfn(SDHCIState *s)
 
 s->insert_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, 
sdhci_raise_insertion_irq, s);
 s->transfer_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_data_transfer, 
s);
+
+s->io_ops = _mmio_ops;
 }
 
 static void sdhci_uninitfn(SDHCIState *s)
@@ -1347,7 +1350,7 @@ static void sdhci_sysbus_realize(DeviceState *dev, Error 
** errp)
 s->buf_maxsz = sdhci_get_fifolen(s);
 s->fifo_buffer = g_malloc0(s->buf_maxsz);
 sysbus_init_irq(sbd, >irq);
-memory_region_init_io(>iomem, OBJECT(s), _mmio_ops, s, "sdhci",
+memory_region_init_io(>iomem, OBJECT(s), s->io_ops, s, "sdhci",
 SDHC_REGISTERS_MAP_SIZE);
 sysbus_init_mmio(sbd, >iomem);
 }
@@ -1386,11 +1389,131 @@ static const TypeInfo sdhci_bus_info = {
 .class_init = sdhci_bus_class_init,
 };
 
+static uint64_t usdhc_read(void *opaque, hwaddr offset, unsigned size)
+{
+SDHCIState *s = SYSBUS_SDHCI(opaque);
+uint32_t ret;
+uint16_t hostctl;
+
+switch (offset) {
+default:
+return sdhci_read(opaque, offset, size);
+
+case SDHC_HOSTCTL:
+hostctl = SDHC_DMA_TYPE(s->hostctl) << 5;
+
+if (s->hostctl & SDHC_CTRL_8BITBUS) {
+hostctl |= ESDHC_CTRL_8BITBUS;
+}
+
+if (s->hostctl & SDHC_CTRL_4BITBUS) {
+hostctl |= ESDHC_CTRL_4BITBUS;
+}
+
+ret = hostctl | (s->blkgap << 16) |
+(s->wakcon << 24);
+
+break;
+
+case ESDHC_DLL_CTRL:
+case ESDHC_TUNE_CTRL_STATUS:
+case 0x6c:
+case ESDHC_TUNING_CTRL:
+case ESDHC_VENDOR_SPEC:
+case ESDHC_MIX_CTRL:
+case ESDHC_WTMK_LVL:
+ret = 0;
+break;
+}
+
+return ret;
+}
+
+static void
+usdhc_write(void *opaque, hwaddr offset, uint64_t val, unsigned size)
+{
+SDHCIState *s = SYSBUS_SDHCI(opaque);
+uint8_t hostctl = 0;
+uint32_t value = (uint32_t)val;
+
+switch (offset) {
+case ESDHC_DLL_CTRL:
+case ESDHC_TUNE_CTRL_STATUS:
+case 0x6c:
+case ESDHC_TUNING_CTRL:
+case ESDHC_WTMK_LVL:
+case ESDHC_VENDOR_SPEC:
+break;
+
+case SDHC_HOSTCTL:
+if (value & ESDHC_CTRL_8BITBUS) {
+hostctl |= SDHC_CTRL_8BITBUS;
+}
+
+if (value & ESDHC_CTRL_4BITBUS) {
+hostctl |= ESDHC_CTRL_4BITBUS;
+}
+
+hostctl |= SDHC_DMA_TYPE(value >> 5);
+
+value &= ~0xFE;
+value |= hostctl;
+value &= ~0xFF00;
+value |= s->pwrcon;
+
+sdhci_write(opaque, offset, value, size);
+break;
+
+case ESDHC_MIX_CTRL:
+/*
+ * The layout of the register is slightly different, but we
+ * don't care about those bits
+ */
+s->trnmod = value & 0x;
+

[Qemu-devel] [PATCH v2 14/27] i.MX: Add code to emulate i.MX2 watchdog IP block

[Andrey Smirnov]

Add enough code to emulate i.MX2 watchdog IP block so it would be
possible to reboot the machine running Linux Guest.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/misc/Makefile.objs  |  1 +
 hw/misc/imx2_wdt.c | 88 ++
 include/hw/misc/imx2_wdt.h | 34 ++
 3 files changed, 123 insertions(+)
 create mode 100644 hw/misc/imx2_wdt.c
 create mode 100644 include/hw/misc/imx2_wdt.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index ac1be05a03..c393a93456 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -35,6 +35,7 @@ obj-$(CONFIG_IMX) += imx25_ccm.o
 obj-$(CONFIG_IMX) += imx6_ccm.o
 obj-$(CONFIG_IMX) += imx6_src.o
 obj-$(CONFIG_IMX) += imx7_ccm.o
+obj-$(CONFIG_IMX) += imx2_wdt.o
 obj-$(CONFIG_MILKYMIST) += milkymist-hpdmc.o
 obj-$(CONFIG_MILKYMIST) += milkymist-pfpu.o
 obj-$(CONFIG_MAINSTONE) += mst_fpga.o
diff --git a/hw/misc/imx2_wdt.c b/hw/misc/imx2_wdt.c
new file mode 100644
index 00..3a1c33aa51
--- /dev/null
+++ b/hw/misc/imx2_wdt.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX2 Watchdog IP block
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "sysemu/watchdog.h"
+
+#include "hw/misc/imx2_wdt.h"
+
+#define IMX2_WDT_WCR_WDABIT(5)  /* -> External Reset WDOG_B */
+#define IMX2_WDT_WCR_SRSBIT(4)  /* -> Software Reset Signal */
+
+static uint64_t imx2_wdt_read(void *opaque, hwaddr addr,
+  unsigned int size)
+{
+return 0;
+}
+
+static void imx2_wdt_write(void *opaque, hwaddr addr,
+   uint64_t value, unsigned int size)
+{
+if (addr == IMX2_WDT_WCR &&
+(value & (IMX2_WDT_WCR_WDA | IMX2_WDT_WCR_SRS))) {
+watchdog_perform_action();
+}
+}
+
+static const MemoryRegionOps imx2_wdt_ops = {
+.read  = imx2_wdt_read,
+.write = imx2_wdt_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+/*
+ * Our device would not work correctly if the guest was doing
+ * unaligned access. This might not be a limitation on the
+ * real device but in practice there is no reason for a guest
+ * to access this device unaligned.
+ */
+.min_access_size = 4,
+.max_access_size = 4,
+.unaligned = false,
+},
+};
+
+static void imx2_wdt_realize(DeviceState *dev, Error **errp)
+{
+IMX2WdtState *s = IMX2_WDT(dev);
+
+memory_region_init_io(>mmio, OBJECT(dev),
+  _wdt_ops, s,
+  TYPE_IMX2_WDT".mmio",
+  IMX2_WDT_REG_NUM * sizeof(uint16_t));
+sysbus_init_mmio(SYS_BUS_DEVICE(dev), >mmio);
+}
+
+static void imx2_wdt_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->realize = imx2_wdt_realize;
+set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+}
+
+static const TypeInfo imx2_wdt_info = {
+.name  = TYPE_IMX2_WDT,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(IMX2WdtState),
+.class_init= imx2_wdt_class_init,
+};
+
+static WatchdogTimerModel model = {
+.wdt_name = "imx2-watchdog",
+.wdt_description = "i.MX2 Watchdog",
+};
+
+static void imx2_wdt_register_type(void)
+{
+watchdog_add_model();
+type_register_static(_wdt_info);
+}
+type_init(imx2_wdt_register_type)
diff --git a/include/hw/misc/imx2_wdt.h b/include/hw/misc/imx2_wdt.h
new file mode 100644
index 00..e67ac6939d
--- /dev/null
+++ b/include/hw/misc/imx2_wdt.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX2 Watchdog IP block
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef IMX2_WDT_H
+#define IMX2_WDT_H
+
+#include "qemu/bitops.h"
+#include "hw/sysbus.h"
+
+#define TYPE_IMX2_WDT "imx2.wdt"
+#define IMX2_WDT(obj) OBJECT_CHECK(IMX2WdtState, (obj), TYPE_IMX2_WDT)
+
+enum IMX2WdtRegisters {
+IMX2_WDT_WCR = 0x,
+IMX2_WDT_REG_NUM = 0x0008 / sizeof(uint16_t) + 1,
+};
+
+
+typedef struct IMX2WdtState {
+/*  */
+SysBusDevice parent_obj;
+
+MemoryRegion mmio;
+} IMX2WdtState;
+
+#endif /* IMX7_SNVS_H */
-- 
2.13.5

[Qemu-devel] [PATCH v2 16/27] i.MX: Add code to emulate GPCv2 IP block

[Andrey Smirnov]

Add minimal code needed to allow upstream Linux guest to boot.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/intc/Makefile.objs   |   2 +-
 hw/intc/imx_gpcv2.c | 125 
 include/hw/intc/imx_gpcv2.h |  22 
 3 files changed, 148 insertions(+), 1 deletion(-)
 create mode 100644 hw/intc/imx_gpcv2.c
 create mode 100644 include/hw/intc/imx_gpcv2.h

diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 78426a7daf..db234901aa 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -4,7 +4,7 @@ common-obj-$(CONFIG_PL190) += pl190.o
 common-obj-$(CONFIG_PUV3) += puv3_intc.o
 common-obj-$(CONFIG_XILINX) += xilinx_intc.o
 common-obj-$(CONFIG_ETRAXFS) += etraxfs_pic.o
-common-obj-$(CONFIG_IMX) += imx_avic.o
+common-obj-$(CONFIG_IMX) += imx_avic.o imx_gpcv2.o
 common-obj-$(CONFIG_LM32) += lm32_pic.o
 common-obj-$(CONFIG_REALVIEW) += realview_gic.o
 common-obj-$(CONFIG_SLAVIO) += slavio_intctl.o
diff --git a/hw/intc/imx_gpcv2.c b/hw/intc/imx_gpcv2.c
new file mode 100644
index 00..496ed31b78
--- /dev/null
+++ b/hw/intc/imx_gpcv2.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX7 GPCv2 block emulation code
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/intc/imx_gpcv2.h"
+#include "qemu/log.h"
+
+#define GPC_PU_PGC_SW_PUP_REQ   0x0f8
+#define GPC_PU_PGC_SW_PDN_REQ   0x104
+
+#define USB_HSIC_PHY_SW_Pxx_REQ BIT(4)
+#define USB_OTG2_PHY_SW_Pxx_REQ BIT(3)
+#define USB_OTG1_PHY_SW_Pxx_REQ BIT(2)
+#define PCIE_PHY_SW_Pxx_REQ BIT(1)
+#define MIPI_PHY_SW_Pxx_REQ BIT(0)
+
+
+static void imx_gpcv2_reset(DeviceState *dev)
+{
+IMXGPCv2State *s = IMX_GPCV2(dev);
+
+memset(s->regs, 0, sizeof(s->regs));
+}
+
+static uint64_t imx_gpcv2_read(void *opaque, hwaddr offset,
+   unsigned size)
+{
+IMXGPCv2State *s = opaque;
+
+return s->regs[offset / sizeof(uint32_t)];
+}
+
+static void imx_gpcv2_write(void *opaque, hwaddr offset,
+uint64_t value, unsigned size)
+{
+IMXGPCv2State *s = opaque;
+const size_t idx = offset / sizeof(uint32_t);
+
+s->regs[idx] = value;
+
+/*
+ * Real HW will clear those bits once as a way to indicate that
+ * power up request is complete
+ */
+if (offset == GPC_PU_PGC_SW_PUP_REQ ||
+offset == GPC_PU_PGC_SW_PDN_REQ) {
+s->regs[idx] &= ~(USB_HSIC_PHY_SW_Pxx_REQ |
+  USB_OTG2_PHY_SW_Pxx_REQ |
+  USB_OTG1_PHY_SW_Pxx_REQ |
+  PCIE_PHY_SW_Pxx_REQ |
+  MIPI_PHY_SW_Pxx_REQ);
+}
+}
+
+static const struct MemoryRegionOps imx_gpcv2_ops = {
+.read = imx_gpcv2_read,
+.write = imx_gpcv2_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+/*
+ * Our device would not work correctly if the guest was doing
+ * unaligned access. This might not be a limitation on the real
+ * device but in practice there is no reason for a guest to access
+ * this device unaligned.
+ */
+.min_access_size = 4,
+.max_access_size = 4,
+.unaligned = false,
+},
+};
+
+static void imx_gpcv2_init(Object *obj)
+{
+SysBusDevice *sd = SYS_BUS_DEVICE(obj);
+IMXGPCv2State *s = IMX_GPCV2(obj);
+
+memory_region_init_io(>iomem,
+  obj,
+  _gpcv2_ops,
+  s,
+  TYPE_IMX_GPCV2 ".iomem",
+  sizeof(s->regs));
+sysbus_init_mmio(sd, >iomem);
+}
+
+static const VMStateDescription vmstate_imx_gpcv2 = {
+.name = TYPE_IMX_GPCV2,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32_ARRAY(regs, IMXGPCv2State, GPC_NUM),
+VMSTATE_END_OF_LIST()
+},
+};
+
+static void imx_gpcv2_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->reset = imx_gpcv2_reset;
+dc->vmsd  = _imx_gpcv2;
+dc->desc  = "i.MX GPCv2 Module";
+}
+
+static const TypeInfo imx_gpcv2_info = {
+.name  = TYPE_IMX_GPCV2,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(IMXGPCv2State),
+.instance_init = imx_gpcv2_init,
+.class_init= imx_gpcv2_class_init,
+};
+
+static void imx_gpcv2_register_type(void)
+{
+type_register_static(_gpcv2_info);
+}
+type_init(imx_gpcv2_register_type)
diff --git a/include/hw/intc/imx_gpcv2.h 

[Qemu-devel] [PATCH v2 13/27] i.MX: Add code to emulate i.MX7 CCM, PMU and ANALOG IP blocks

[Andrey Smirnov]

Add minimal code needed to allow upstream Linux guest to boot.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/misc/Makefile.objs  |   1 +
 hw/misc/imx7_ccm.c | 233 +
 include/hw/misc/imx7_ccm.h | 130 +
 3 files changed, 364 insertions(+)
 create mode 100644 hw/misc/imx7_ccm.c
 create mode 100644 include/hw/misc/imx7_ccm.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 29fb922cef..ac1be05a03 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -34,6 +34,7 @@ obj-$(CONFIG_IMX) += imx31_ccm.o
 obj-$(CONFIG_IMX) += imx25_ccm.o
 obj-$(CONFIG_IMX) += imx6_ccm.o
 obj-$(CONFIG_IMX) += imx6_src.o
+obj-$(CONFIG_IMX) += imx7_ccm.o
 obj-$(CONFIG_MILKYMIST) += milkymist-hpdmc.o
 obj-$(CONFIG_MILKYMIST) += milkymist-pfpu.o
 obj-$(CONFIG_MAINSTONE) += mst_fpga.o
diff --git a/hw/misc/imx7_ccm.c b/hw/misc/imx7_ccm.c
new file mode 100644
index 00..2876164cfa
--- /dev/null
+++ b/hw/misc/imx7_ccm.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.
+ *
+ * i.MX7 CCM, PMU and ANALOG IP blocks emulation code
+ *
+ * Author: Andrey Smirnov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+
+#include "hw/misc/imx7_ccm.h"
+
+static uint32_t imx7_ccm_get_clock_frequency(IMXCCMState *dev, IMXClk clock)
+{
+/*
+ * This function is "consumed" by GPT emulation code, however on
+ * i.MX7 each GPT block can have their own clock root. This means
+ * that this functions needs somehow to know requester's identity
+ * and the way to pass it: be it via additional IMXClk constants
+ * or by adding another argument to this method needs to be
+ * figured out
+ */
+qemu_log_mask(LOG_GUEST_ERROR, "[%s]%s: Not implemented\n",
+  TYPE_IMX7_CCM, __func__);
+return 0;
+}
+
+static void imx7_ccm_reset(DeviceState *dev)
+{
+IMX7CCMState *s = IMX7_CCM(dev);
+
+s->analog[CCM_ANALOG_PLL_ARM] = 0x2042;
+s->analog[CCM_ANALOG_PLL_DDR] = 0x0060302c;
+s->analog[CCM_ANALOG_PLL_DDR_SS]  = 0x;
+s->analog[CCM_ANALOG_PLL_DDR_NUM] = 0x06aaac4d;
+s->analog[CCM_ANALOG_PLL_DDR_DENOM]   = 0x13ec;
+s->analog[CCM_ANALOG_PLL_480] = 0x2000;
+s->analog[CCM_ANALOG_PLL_480A]= 0x52605a56;
+s->analog[CCM_ANALOG_PLL_480B]= 0x52525216;
+s->analog[CCM_ANALOG_PLL_ENET]= 0x1fc0;
+s->analog[CCM_ANALOG_PLL_AUDIO]   = 0x0001301b;
+s->analog[CCM_ANALOG_PLL_AUDIO_SS]= 0x;
+s->analog[CCM_ANALOG_PLL_AUDIO_NUM]   = 0x05f5e100;
+s->analog[CCM_ANALOG_PLL_AUDIO_DENOM] = 0x2964619c;
+s->analog[CCM_ANALOG_PLL_VIDEO]   = 0x0008201b;
+s->analog[CCM_ANALOG_PLL_VIDEO_SS]= 0x;
+s->analog[CCM_ANALOG_PLL_VIDEO_NUM]   = 0xf699;
+s->analog[CCM_ANALOG_PLL_VIDEO_DENOM] = 0x000f4240;
+s->analog[CCM_ANALOG_PLL_MISC0]   = 0x;
+
+/* all PLLs need to be locked */
+s->analog[CCM_ANALOG_PLL_ARM]   |= CCM_ANALOG_PLL_LOCK;
+s->analog[CCM_ANALOG_PLL_DDR]   |= CCM_ANALOG_PLL_LOCK;
+s->analog[CCM_ANALOG_PLL_480]   |= CCM_ANALOG_PLL_LOCK;
+s->analog[CCM_ANALOG_PLL_480A]  |= CCM_ANALOG_PLL_LOCK;
+s->analog[CCM_ANALOG_PLL_480B]  |= CCM_ANALOG_PLL_LOCK;
+s->analog[CCM_ANALOG_PLL_ENET]  |= CCM_ANALOG_PLL_LOCK;
+s->analog[CCM_ANALOG_PLL_AUDIO] |= CCM_ANALOG_PLL_LOCK;
+s->analog[CCM_ANALOG_PLL_VIDEO] |= CCM_ANALOG_PLL_LOCK;
+s->analog[CCM_ANALOG_PLL_MISC0] |= CCM_ANALOG_PLL_LOCK;
+
+/*
+ * Since I couldn't find any info about this in the reference
+ * manual the value of this register is based strictly on matching
+ * what Linux kernel expects it to be.
+ */
+s->analog[CCM_ANALOG_DIGPROG]  = 0x72;
+/*
+ * Set revision to be 1.0 (Arbitrary choice, no particular
+ * reason).
+ */
+s->analog[CCM_ANALOG_DIGPROG] |= 0x10;
+}
+
+#define CCM_INDEX(offset)   (((offset) & ~(hwaddr)0xF) / sizeof(uint32_t))
+#define CCM_BITOP(offset)   ((offset) & (hwaddr)0xF)
+
+enum {
+CCM_BITOP_NONE = 0x00,
+CCM_BITOP_SET  = 0x04,
+CCM_BITOP_CLR  = 0x08,
+CCM_BITOP_TOG  = 0x0C,
+};
+
+static uint64_t imx7_set_clr_tog_read(void *opaque, hwaddr offset,
+  unsigned size)
+{
+const uint32_t *mmio = opaque;
+
+return mmio[CCM_INDEX(offset)];
+}
+
+static void imx7_set_clr_tog_write(void *opaque, hwaddr offset,
+   uint64_t value, unsigned size)
+{
+const uint8_t  bitop = CCM_BITOP(offset);
+const uint32_t 

[Qemu-devel] [PATCH v2 12/27] sdhci: Implement write method of ACMD12ERRSTS register

[Andrey Smirnov]

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/sd/sdhci.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index f561cc44e3..53e5e011a7 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1139,6 +1139,9 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, 
unsigned size)
 s->admasysaddr = (s->admasysaddr & (0xULL |
 ((uint64_t)mask << 32))) | ((uint64_t)value << 32);
 break;
+case SDHC_ACMD12ERRSTS:
+MASKED_WRITE(s->acmd12errsts, mask, value);
+break;
 case SDHC_FEAER:
 s->acmd12errsts |= value;
 s->errintsts |= (value >> 16) & s->errintstsen;
-- 
2.13.5

[Qemu-devel] [PATCH v2 10/27] imx_fec: Reserve full 4K page for the register file

[Andrey Smirnov]

Some i.MX SoCs (e.g. i.MX7) have FEC registers going as far as offset
0x614, so to avoid getting aborts when accessing those on QEMU, extend
the register file to cover 4KB of address space instead of just 1K.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/net/imx_fec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 48d012cad6..e236bc933c 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -1252,7 +1252,7 @@ static void imx_eth_realize(DeviceState *dev, Error 
**errp)
 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 
 memory_region_init_io(>iomem, OBJECT(dev), _eth_ops, s,
-  TYPE_IMX_FEC, 0x400);
+  TYPE_IMX_FEC, 0x1000);
 sysbus_init_mmio(sbd, >iomem);
 sysbus_init_irq(sbd, >irq[0]);
 sysbus_init_irq(sbd, >irq[1]);
-- 
2.13.5

[Qemu-devel] [PATCH v2 07/27] imx_fec: Add support for multiple Tx DMA rings

[Andrey Smirnov]

More recent version of the IP block support more than one Tx DMA ring,
so add the code implementing that feature.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/net/imx_fec.c | 106 ++-
 include/hw/net/imx_fec.h |  18 +++-
 2 files changed, 102 insertions(+), 22 deletions(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 131e7fd734..38d8c27dcd 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -198,13 +198,13 @@ static const char *imx_eth_reg_name(IMXFECState *s, 
uint32_t index)
 
 static const VMStateDescription vmstate_imx_eth = {
 .name = TYPE_IMX_FEC,
-.version_id = 2,
-.minimum_version_id = 2,
+.version_id = 3,
+.minimum_version_id = 3,
 .fields = (VMStateField[]) {
 VMSTATE_UINT32_ARRAY(regs, IMXFECState, ENET_MAX),
 VMSTATE_UINT32(rx_descriptor, IMXFECState),
-VMSTATE_UINT32(tx_descriptor, IMXFECState),
-
+VMSTATE_UINT32_ARRAY(tx_descriptor, IMXFECState, ENET_TX_RING_NUM),
+VMSTATE_UINT32(tx_ring_num, IMXFECState),
 VMSTATE_UINT32(phy_status, IMXFECState),
 VMSTATE_UINT32(phy_control, IMXFECState),
 VMSTATE_UINT32(phy_advertise, IMXFECState),
@@ -407,7 +407,7 @@ static void imx_fec_do_tx(IMXFECState *s)
 int frame_size = 0, descnt = 0;
 uint8_t frame[ENET_MAX_FRAME_SIZE];
 uint8_t *ptr = frame;
-uint32_t addr = s->tx_descriptor;
+uint32_t addr = s->tx_descriptor[0];
 
 while (descnt++ < IMX_MAX_DESC) {
 IMXFECBufDesc bd;
@@ -448,17 +448,47 @@ static void imx_fec_do_tx(IMXFECState *s)
 }
 }
 
-s->tx_descriptor = addr;
+s->tx_descriptor[0] = addr;
 
 imx_eth_update(s);
 }
 
-static void imx_enet_do_tx(IMXFECState *s)
+static void imx_enet_do_tx(IMXFECState *s, uint32_t index)
 {
 int frame_size = 0, descnt = 0;
 uint8_t frame[ENET_MAX_FRAME_SIZE];
 uint8_t *ptr = frame;
-uint32_t addr = s->tx_descriptor;
+uint32_t addr, int_txb, int_txf, tdsr;
+size_t ring;
+
+switch (index) {
+case ENET_TDAR:
+ring= 0;
+int_txb = ENET_INT_TXB;
+int_txf = ENET_INT_TXF;
+tdsr= ENET_TDSR;
+break;
+case ENET_TDAR1:
+ring= 1;
+int_txb = ENET_INT_TXB1;
+int_txf = ENET_INT_TXF1;
+tdsr= ENET_TDSR1;
+break;
+case ENET_TDAR2:
+ring= 2;
+int_txb = ENET_INT_TXB2;
+int_txf = ENET_INT_TXF2;
+tdsr= ENET_TDSR2;
+break;
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: bogus value for index %x\n",
+  __func__, index);
+abort();
+break;
+}
+
+addr = s->tx_descriptor[ring];
 
 while (descnt++ < IMX_MAX_DESC) {
 IMXENETBufDesc bd;
@@ -502,32 +532,32 @@ static void imx_enet_do_tx(IMXFECState *s)
 ptr = frame;
 frame_size = 0;
 if (bd.option & ENET_BD_TX_INT) {
-s->regs[ENET_EIR] |= ENET_INT_TXF;
+s->regs[ENET_EIR] |= int_txf;
 }
 }
 if (bd.option & ENET_BD_TX_INT) {
-s->regs[ENET_EIR] |= ENET_INT_TXB;
+s->regs[ENET_EIR] |= int_txb;
 }
 bd.flags &= ~ENET_BD_R;
 /* Write back the modified descriptor.  */
 imx_enet_write_bd(, addr);
 /* Advance to the next descriptor.  */
 if ((bd.flags & ENET_BD_W) != 0) {
-addr = s->regs[ENET_TDSR];
+addr = s->regs[tdsr];
 } else {
 addr += sizeof(bd);
 }
 }
 
-s->tx_descriptor = addr;
+s->tx_descriptor[ring] = addr;
 
 imx_eth_update(s);
 }
 
-static void imx_eth_do_tx(IMXFECState *s)
+static void imx_eth_do_tx(IMXFECState *s, uint32_t index)
 {
 if (!s->is_fec && (s->regs[ENET_ECR] & ENET_ECR_EN1588)) {
-imx_enet_do_tx(s);
+imx_enet_do_tx(s, index);
 } else {
 imx_fec_do_tx(s);
 }
@@ -585,7 +615,7 @@ static void imx_eth_reset(DeviceState *d)
 }
 
 s->rx_descriptor = 0;
-s->tx_descriptor = 0;
+memset(s->tx_descriptor, 0, sizeof(s->tx_descriptor));
 
 /* We also reset the PHY */
 phy_reset(s);
@@ -791,6 +821,7 @@ static void imx_eth_write(void *opaque, hwaddr offset, 
uint64_t value,
unsigned size)
 {
 IMXFECState *s = IMX_FEC(opaque);
+const bool single_tx_ring = s->tx_ring_num != 3;
 uint32_t index = offset >> 2;
 
 FEC_PRINTF("reg[%s] <= 0x%" PRIx32 "\n", imx_eth_reg_name(s, index),
@@ -813,10 +844,18 @@ static void imx_eth_write(void *opaque, hwaddr offset, 
uint64_t value,
 s->regs[index] = 0;
 }
 break;
-case ENET_TDAR:
+case ENET_TDAR1:  

[Qemu-devel] [PATCH v2 05/27] imx_fec: Use MIN instead of explicit ternary operator

[Andrey Smirnov]

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Andrey Smirnov 
---
 hw/net/imx_fec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index dda0816fb3..18de508e8c 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -1076,7 +1076,7 @@ static ssize_t imx_enet_receive(NetClientState *nc, const 
uint8_t *buf,
   TYPE_IMX_FEC, __func__);
 break;
 }
-buf_len = (size <= s->regs[ENET_MRBR]) ? size : s->regs[ENET_MRBR];
+buf_len = MIN(size, s->regs[ENET_MRBR]);
 bd.length = buf_len;
 size -= buf_len;
 
-- 
2.13.5

[Qemu-devel] [PATCH v2 09/27] imx_fec: Fix a typo in imx_enet_receive()

[Andrey Smirnov]

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/net/imx_fec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index eefb3b2c62..48d012cad6 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -1121,7 +1121,7 @@ static ssize_t imx_enet_receive(NetClientState *nc, const 
uint8_t *buf,
 size += 2;
 }
 
-/* Huge frames are truncted.  */
+/* Huge frames are truncated. */
 if (size > s->regs[ENET_FTRL]) {
 size = s->regs[ENET_FTRL];
 flags |= ENET_BD_TR | ENET_BD_LG;
-- 
2.13.5

[Qemu-devel] [PATCH v2 08/27] imx_fec: Use correct length for packet size

[Andrey Smirnov]

Use 'frame_size' instead of 'len' when calling qemu_send_packet(),
failing to do so results in malformed packets send in case when that
packed is fragmented into multiple DMA transactions.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Reviewed-by: Peter Maydell 
Signed-off-by: Andrey Smirnov 
---
 hw/net/imx_fec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 38d8c27dcd..eefb3b2c62 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -528,7 +528,7 @@ static void imx_enet_do_tx(IMXFECState *s, uint32_t index)
 }
 }
 /* Last buffer in frame.  */
-qemu_send_packet(qemu_get_queue(s->nic), frame, len);
+qemu_send_packet(qemu_get_queue(s->nic), frame, frame_size);
 ptr = frame;
 frame_size = 0;
 if (bd.option & ENET_BD_TX_INT) {
-- 
2.13.5

[Qemu-devel] [PATCH v2 06/27] imx_fec: Emulate SHIFT16 in ENETx_RACC

[Andrey Smirnov]

Needed to support latest Linux kernel driver which relies on that
functionality.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Reviewed-by: Peter Maydell 
Signed-off-by: Andrey Smirnov 
---
 hw/net/imx_fec.c | 23 +++
 include/hw/net/imx_fec.h |  2 ++
 2 files changed, 25 insertions(+)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 18de508e8c..131e7fd734 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -1037,6 +1037,7 @@ static ssize_t imx_enet_receive(NetClientState *nc, const 
uint8_t *buf,
 uint8_t *crc_ptr;
 unsigned int buf_len;
 size_t size = len;
+bool shift16 = s->regs[ENET_RACC] & ENET_RACC_SHIFT16;
 
 FEC_PRINTF("len %d\n", (int)size);
 
@@ -1051,6 +1052,10 @@ static ssize_t imx_enet_receive(NetClientState *nc, 
const uint8_t *buf,
 crc = cpu_to_be32(crc32(~0, buf, size));
 crc_ptr = (uint8_t *) 
 
+if (shift16) {
+size += 2;
+}
+
 /* Huge frames are truncted.  */
 if (size > s->regs[ENET_FTRL]) {
 size = s->regs[ENET_FTRL];
@@ -1087,6 +1092,24 @@ static ssize_t imx_enet_receive(NetClientState *nc, 
const uint8_t *buf,
 buf_len += size - 4;
 }
 buf_addr = bd.data;
+
+if (shift16) {
+/*
+ * If SHIFT16 bit of ENETx_RACC register is set we need to
+ * align the payload to 4-byte boundary.
+ */
+const uint8_t zeros[2] = { 0 };
+
+dma_memory_write(_space_memory, buf_addr,
+ zeros, sizeof(zeros));
+
+buf_addr += sizeof(zeros);
+buf_len  -= sizeof(zeros);
+
+/* We only do this once per Ethernet frame */
+shift16 = false;
+}
+
 dma_memory_write(_space_memory, buf_addr, buf, buf_len);
 buf += buf_len;
 if (size < 4) {
diff --git a/include/hw/net/imx_fec.h b/include/hw/net/imx_fec.h
index 0fcc4f0c71..e482d1c13b 100644
--- a/include/hw/net/imx_fec.h
+++ b/include/hw/net/imx_fec.h
@@ -170,6 +170,8 @@
 #define ENET_TWFR_TFWR_LENGTH  (6)
 #define ENET_TWFR_STRFWD   (1 << 8)
 
+#define ENET_RACC_SHIFT16  BIT(7)
+
 /* Buffer Descriptor.  */
 typedef struct {
 uint16_t length;
-- 
2.13.5

[Qemu-devel] [PATCH v2 03/27] imx_fec: Change queue flushing heuristics

[Andrey Smirnov]

In current implementation, packet queue flushing logic seem to suffer
from a deadlock like scenario if a packet is received by the interface
before before Rx ring is initialized by Guest's driver. Consider the
following sequence of events:

1. A QEMU instance is started against a TAP device on Linux
   host, running Linux guest, e. g., something to the effect
   of:

   qemu-system-arm \
  -net nic,model=imx.fec,netdev=lan0 \
  netdev tap,id=lan0,ifname=tap0,script=no,downscript=no \
  ... rest of the arguments ...

2. Once QEMU starts, but before guest reaches the point where
   FEC deriver is done initializing the HW, Guest, via TAP
   interface, receives a number of multicast MDNS packets from
   Host (not necessarily true for every OS, but it happens at
   least on Fedora 25)

3. Recieving a packet in such a state results in
   imx_eth_can_receive() returning '0', which in turn causes
   tap_send() to disable corresponding event (tap.c:203)

4. Once Guest's driver reaches the point where it is ready to
   recieve packets it prepares Rx ring descriptors and writes
   ENET_RDAR_RDAR to ENET_RDAR register to indicate to HW that
   more descriptors are ready. And at this points emulation
   layer does this:

 s->regs[index] = ENET_RDAR_RDAR;
 imx_eth_enable_rx(s);

   which, combined with:

  if (!s->regs[ENET_RDAR]) {
 qemu_flush_queued_packets(qemu_get_queue(s->nic));
  }

   results in Rx queue never being flushed and corresponding
   I/O event beign disabled.

To prevent the problem, change the code to always flush packet queue
when ENET_RDAR transitions 0 -> ENET_RDAR_RDAR.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/net/imx_fec.c | 12 ++--
 include/hw/net/imx_fec.h |  1 +
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 8b2e4b8ffe..eb034ffd0c 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -533,7 +533,7 @@ static void imx_eth_do_tx(IMXFECState *s)
 }
 }
 
-static void imx_eth_enable_rx(IMXFECState *s)
+static void imx_eth_enable_rx(IMXFECState *s, bool flush)
 {
 IMXFECBufDesc bd;
 bool rx_ring_full;
@@ -544,7 +544,7 @@ static void imx_eth_enable_rx(IMXFECState *s)
 
 if (rx_ring_full) {
 FEC_PRINTF("RX buffer full\n");
-} else if (!s->regs[ENET_RDAR]) {
+} else if (flush) {
 qemu_flush_queued_packets(qemu_get_queue(s->nic));
 }
 
@@ -807,7 +807,7 @@ static void imx_eth_write(void *opaque, hwaddr offset, 
uint64_t value,
 if (s->regs[ENET_ECR] & ENET_ECR_ETHEREN) {
 if (!s->regs[index]) {
 s->regs[index] = ENET_RDAR_RDAR;
-imx_eth_enable_rx(s);
+imx_eth_enable_rx(s, true);
 }
 } else {
 s->regs[index] = 0;
@@ -930,7 +930,7 @@ static int imx_eth_can_receive(NetClientState *nc)
 
 FEC_PRINTF("\n");
 
-return s->regs[ENET_RDAR] ? 1 : 0;
+return !!s->regs[ENET_RDAR];
 }
 
 static ssize_t imx_fec_receive(NetClientState *nc, const uint8_t *buf,
@@ -1020,7 +1020,7 @@ static ssize_t imx_fec_receive(NetClientState *nc, const 
uint8_t *buf,
 }
 }
 s->rx_descriptor = addr;
-imx_eth_enable_rx(s);
+imx_eth_enable_rx(s, false);
 imx_eth_update(s);
 return len;
 }
@@ -1116,7 +1116,7 @@ static ssize_t imx_enet_receive(NetClientState *nc, const 
uint8_t *buf,
 }
 }
 s->rx_descriptor = addr;
-imx_eth_enable_rx(s);
+imx_eth_enable_rx(s, false);
 imx_eth_update(s);
 return len;
 }
diff --git a/include/hw/net/imx_fec.h b/include/hw/net/imx_fec.h
index 62ad473b05..4bc8f03ec2 100644
--- a/include/hw/net/imx_fec.h
+++ b/include/hw/net/imx_fec.h
@@ -252,6 +252,7 @@ typedef struct IMXFECState {
 uint32_t phy_int_mask;
 
 bool is_fec;
+bool needs_flush;
 } IMXFECState;
 
 #endif
-- 
2.13.5

[Qemu-devel] [PATCH v2 04/27] imx_fec: Use ENET_FTRL to determine truncation length

[Andrey Smirnov]

Frame truncation length, TRUNC_FL, is determined by the contents of
ENET_FTRL register, so convert the code to use it instead of a
hardcoded constant.

To avoid the case where TRUNC_FL is greater that ENET_MAX_FRAME_SIZE,
increase the value of the latter to its theoretical maximum of 16K.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
 hw/net/imx_fec.c | 4 ++--
 include/hw/net/imx_fec.h | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index eb034ffd0c..dda0816fb3 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -1052,8 +1052,8 @@ static ssize_t imx_enet_receive(NetClientState *nc, const 
uint8_t *buf,
 crc_ptr = (uint8_t *) 
 
 /* Huge frames are truncted.  */
-if (size > ENET_MAX_FRAME_SIZE) {
-size = ENET_MAX_FRAME_SIZE;
+if (size > s->regs[ENET_FTRL]) {
+size = s->regs[ENET_FTRL];
 flags |= ENET_BD_TR | ENET_BD_LG;
 }
 
diff --git a/include/hw/net/imx_fec.h b/include/hw/net/imx_fec.h
index 4bc8f03ec2..0fcc4f0c71 100644
--- a/include/hw/net/imx_fec.h
+++ b/include/hw/net/imx_fec.h
@@ -86,7 +86,6 @@
 #define ENET_TCCR3 393
 #define ENET_MAX   400
 
-#define ENET_MAX_FRAME_SIZE2032
 
 /* EIR and EIMR */
 #define ENET_INT_HB(1 << 31)
@@ -155,6 +154,8 @@
 #define ENET_RCR_NLC   (1 << 30)
 #define ENET_RCR_GRS   (1 << 31)
 
+#define ENET_MAX_FRAME_SIZE(1 << ENET_RCR_MAX_FL_LENGTH)
+
 /* TCR */
 #define ENET_TCR_GTS   (1 << 0)
 #define ENET_TCR_FDEN  (1 << 2)
-- 
2.13.5

[Qemu-devel] [PATCH v2 01/27] imx_fec: Do not link to netdev

[Andrey Smirnov]

Binding to a particular netdev doesn't seem to belong to this layer
and should probably be done as a part of board or SoC specific code.

Convert all of the users of this IP block to use
qdev_set_nic_properties() instead.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Reviewed-by: Peter Maydell 
Signed-off-by: Andrey Smirnov 
---
 hw/arm/fsl-imx6.c | 1 +
 hw/net/imx_fec.c  | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c
index 26fd214004..2ed7146c52 100644
--- a/hw/arm/fsl-imx6.c
+++ b/hw/arm/fsl-imx6.c
@@ -385,6 +385,7 @@ static void fsl_imx6_realize(DeviceState *dev, Error **errp)
 spi_table[i].irq));
 }
 
+qdev_set_nic_properties(DEVICE(>eth), _table[0]);
 object_property_set_bool(OBJECT(>eth), true, "realized", );
 if (err) {
 error_propagate(errp, err);
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 90e6ee35ba..88b4b049d7 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -1171,8 +1171,6 @@ static void imx_eth_realize(DeviceState *dev, Error 
**errp)
 
 qemu_macaddr_default_if_unset(>conf.macaddr);
 
-s->conf.peers.ncs[0] = nd_table[0].netdev;
-
 s->nic = qemu_new_nic(_eth_net_info, >conf,
   object_get_typename(OBJECT(dev)),
   DEVICE(dev)->id, s);
-- 
2.13.5

[Qemu-devel] [PATCH v2 02/27] imx_fec: Refactor imx_eth_enable_rx()

[Andrey Smirnov]

Refactor imx_eth_enable_rx() to have more meaningfull variable name
than 'tmp' and to reduce number of logical negations done.

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Reviewed-by: Peter Maydell 
Signed-off-by: Andrey Smirnov 
---
 hw/net/imx_fec.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 88b4b049d7..8b2e4b8ffe 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -536,19 +536,19 @@ static void imx_eth_do_tx(IMXFECState *s)
 static void imx_eth_enable_rx(IMXFECState *s)
 {
 IMXFECBufDesc bd;
-bool tmp;
+bool rx_ring_full;
 
 imx_fec_read_bd(, s->rx_descriptor);
 
-tmp = ((bd.flags & ENET_BD_E) != 0);
+rx_ring_full = !(bd.flags & ENET_BD_E);
 
-if (!tmp) {
+if (rx_ring_full) {
 FEC_PRINTF("RX buffer full\n");
 } else if (!s->regs[ENET_RDAR]) {
 qemu_flush_queued_packets(qemu_get_queue(s->nic));
 }
 
-s->regs[ENET_RDAR] = tmp ? ENET_RDAR_RDAR : 0;
+s->regs[ENET_RDAR] = rx_ring_full ? 0 : ENET_RDAR_RDAR;
 }
 
 static void imx_eth_reset(DeviceState *d)
-- 
2.13.5

[Qemu-devel] [PATCH v2 00/27] Initial i.MX7 support

[Andrey Smirnov]

Hi everyone,

This v2 of the patch series containing the work that I've done in
order to enable support for i.MX7 emulation in QEMU.

As the one before last commit in the series states the supported i.MX7
features are:

* up to 2 Cortex A9 cores (SMP works with PSCI)
* A7 MPCORE (identical to A15 MPCORE)
* 4 GPTs modules
* 7 GPIO controllers
* 2 IOMUXC controllers
* 1 CCM module
* 1 SVNS module
* 1 SRC module
* 1 GPCv2 controller
* 4 eCSPI controllers
* 4 I2C controllers
* 7 i.MX UART controllers
* 2 FlexCAN controllers
* 2 Ethernet controllers (FEC)
* 3 SD controllers (USDHC)
* 4 WDT modules
* 1 SDMA module
* 1 GPR module
* 2 USBMISC modules
* 2 ADC modules
* 1 PCIe controller

Feedback is welcome!

Changes since [v1]:

- Patchset no longer relies on "ignore_memory_transaction_failures = false"
  for its functionality

- As a consequnce of implementing the above a number of patches
  implementing dummy IP block emulation as well as PCIe emulation
  patches that I alluded to in [v1] are now included in this patch
  series

- "has_el3" property is no longer being set to "false" as a part
  of intialization of A7 CPU. I couldn't reproduce the issues that
  I thought I was having, so I just dropped that code.

- A number of smaller feedback items from Peter and other has been
  incorporated into the patches.


Peter, I didn't hear anything from you about the code of
mcimx7d_add_psci_node(), as discussed here:

https://www.mail-archive.com/qemu-devel@nongnu.org/msg486874.html

so I kept the original code intact. As I mentioned before, my goal was
to be able to boot into vanilla Linux kerenel and have working SMP
without needing to use a PSCI implementing bootloader. If that is
something that new board code shouldn't do, please let me know.

Thanks,
Andrey Smirnov

[v1] https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg04770.html

P.S.: I don't know the best way to specify mailing list message
archives, so if I did it wrong please let me know.

Andrey Smirnov (27):
  imx_fec: Do not link to netdev
  imx_fec: Refactor imx_eth_enable_rx()
  imx_fec: Change queue flushing heuristics
  imx_fec: Use ENET_FTRL to determine truncation length
  imx_fec: Use MIN instead of explicit ternary operator
  imx_fec: Emulate SHIFT16 in ENETx_RACC
  imx_fec: Add support for multiple Tx DMA rings
  imx_fec: Use correct length for packet size
  imx_fec: Fix a typo in imx_enet_receive()
  imx_fec: Reserve full 4K page for the register file
  sdhci: Add i.MX specific subtype of SDHCI
  sdhci: Implement write method of ACMD12ERRSTS register
  i.MX: Add code to emulate i.MX7 CCM, PMU and ANALOG IP blocks
  i.MX: Add code to emulate i.MX2 watchdog IP block
  i.MX: Add code to emulate i.MX7 SNVS IP-block
  i.MX: Add code to emulate GPCv2 IP block
  i.MX: Add code to emulate i.MX7 IOMUXC IP block
  i.MX: Add i.MX7 GPT variant
  i.MX: Add code to emulate SDMA IP block
  i.MX: Add code to emulate FlexCAN IP block
  i.MX: Add implementation of i.MX7 GPR IP block
  pci: Add support for Designware IP block
  i.MX: Add code to emulate i.MX7 USBMISC IP block
  i.MX: Add code to emulate i.MX7 ADC IP block
  i.MX: Add code to emulate i.MX7 SRC IP-block
  i.MX: Add i.MX7 SOC implementation.
  Implement support for i.MX7 Sabre board

 default-configs/arm-softmmu.mak  |   3 +
 hw/arm/Makefile.objs |   2 +
 hw/arm/fsl-imx6.c|   1 +
 hw/arm/fsl-imx7.c| 596 +
 hw/arm/mcimx7d-sabre.c   | 101 +++
 hw/dma/Makefile.objs |   1 +
 hw/dma/imx_sdma.c|  99 +++
 hw/intc/Makefile.objs|   2 +-
 hw/intc/imx_gpcv2.c  | 125 
 hw/misc/Makefile.objs|   8 +
 hw/misc/imx2_wdt.c   |  88 ++
 hw/misc/imx7_adc.c   |  99 +++
 hw/misc/imx7_ccm.c   | 233 +++
 hw/misc/imx7_gpr.c   | 119 
 hw/misc/imx7_iomuxc.c|  99 +++
 hw/misc/imx7_snvs.c  |  83 ++
 hw/misc/imx7_src.c   |  93 ++
 hw/misc/imx_flexcan.c|  99 +++
 hw/net/imx_fec.c | 163 ---
 hw/pci-host/Makefile.objs|   2 +
 hw/pci-host/designware.c | 614 +++
 hw/sd/sdhci-internal.h   |  15 +
 hw/sd/sdhci.c| 130 -
 hw/timer/imx_gpt.c   |  25 ++
 hw/usb/Makefile.objs |   1 +
 hw/usb/imx-usbmisc.c |  99 +++
 include/hw/arm/fsl-imx7.h| 217 ++
 include/hw/dma/imx_sdma.h|  22 ++
 include/hw/intc/imx_gpcv2.h  |  22 ++
 include/hw/misc/imx2_wdt.h   |  34 +++
 include/hw/misc/imx7_adc.h   |  22 ++
 include/hw/misc/imx7_ccm.h   | 130 +
 include/hw/misc/imx7_gpr.h   |  28 ++
 

[Qemu-devel] [Bug 1715700] Re: Windows 7 guest won't boot on qemu 2.10 (works on 2.9)

[Laszlo Ersek (Red Hat)]

See also LP#1725560.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1715700

Title:
  Windows 7 guest won't boot on qemu 2.10 (works on 2.9)

Status in QEMU:
  Fix Committed

Bug description:
  Qemu version: 2.10 stable.
  Guest: Windows 7 SP1 x64, virtio drivers are already installed in the guest.
  Command line:
  qemu-system-x86_64 \
  -nodefaults \
  -nodefconfig \
  -machine type=q35,accel=kvm \
  -enable-kvm \
  -cpu host \
  -m 2048 \
  -vga virtio \
  -boot menu=on \
  -smbios file=/path/dmidecode_BIOS.bin \
  -acpitable file=/path/acpi_slic.bin \
  -bios /path/OVMF_CODE.fd \
  -net none \
  -drive if=virtio,media=disk,file=/media/win7.qcow2 \
  -device pcie-root-port \
  -device ich9-usb-ehci1 \
  -device ich9-usb-uhci1 \
  -device ich9-usb-uhci2 \
  -device ich9-usb-uhci3

  Windows hangs at boot with waving flag screen (flag doesn't freeze,
  keeps waving indefinitely). Same command line boots fine with Qemu
  2.9. I tried changing machine type to pc-q35-2.9 - same result.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1715700/+subscriptions

[Qemu-devel] [Bug 1714331] Re: Virtual machines not working anymore on 2.10

[Laszlo Ersek (Red Hat)]

See also LP#1725560.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1714331

Title:
  Virtual machines not working anymore on 2.10

Status in QEMU:
  New

Bug description:
  Using 2.10, my virtual machine(s) don't work anymore. This happens
  100% of the times.

  -

  I use QEMU compiling it from source, on Ubuntu 16.04 amd64. This is
  the configure command:

  configure --target-list=x86_64-softmmu --enable-debug --enable-gtk
  --enable-spice --audio-drv-list=pa

  I have one virtual disk, with a Windows 10 64-bit, which I launch in
  two different ways; both work perfectly on 2.9 (and used to do on 2.8,
  but I haven't used it for a long time).

  This is the first way:

  qemu-system-x86_64
-drive if=pflash,format=raw,readonly,file=/path/to/OVMF_CODE.fd
-drive if=pflash,format=raw,file=/tmp/OVMF_VARS.fd.tmp
-enable-kvm
-machine q35,accel=kvm,mem-merge=off
-cpu 
host,kvm=off,hv_vendor_id=vgaptrocks,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time
-smp 4,cores=4,sockets=1,threads=1
-m 4096
-display gtk
-vga qxl
-rtc base=localtime
-serial none
-parallel none
-usb
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device virtio-scsi-pci,id=scsi
-drive 
file=/path/to/image-diff.img,id=hdd1,format=qcow2,if=none,cache=writeback
-device scsi-hd,drive=hdd1
-net nic,model=virtio
-net user

  On QEMU 2.10, I get the `Recovery - Your PC/Device needs to be
  repaired` windows screen; on 2.9, it boots regularly.

  This is the second way:

  qemu-system-x86_64
-drive if=pflash,format=raw,readonly,file=/path/to/OVMF_CODE.fd
-drive if=pflash,format=raw,file=/tmp/OVMF_VARS.fd.tmp
-enable-kvm
-machine q35,accel=kvm,mem-merge=off
-cpu 
host,kvm=off,hv_vendor_id=vgaptrocks,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time
-smp 4,cores=4,sockets=1,threads=1
-m 10240
-vga none
-rtc base=localtime
-serial none
-parallel none
-usb
-device vfio-pci,host=01:00.0,multifunction=on
-device vfio-pci,host=01:00.1
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device usb-host,vendorid=0x,productid=0x
-device virtio-scsi-pci,id=scsi
-drive 
file=/path/to/image-diff.img,id=hdd1,format=qcow2,if=none,cache=writeback
-device scsi-hd,drive=hdd1
-net nic,model=virtio
-net user

  On QEMU 2.10, I get the debug window on the linux monitor, and blank screen 
on VFIO one (no BIOS screen at all); after 10/20 seconds, QEMU crashes without 
any message.
  On 2.9, this works perfectly.

  -

  I am able to perform a git bisect, if that helps, but if this is the
  case, I'd need this issue to be reviewed, since bisecting is going to
  take me a lot of time.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1714331/+subscriptions

[Qemu-devel] [PATCH] hw/ide/ahci: Move allwinner code into a separate file

[Thomas Huth]

The allwinner code is only needed for the allwinner board (for which
we also have a separate CONFIG_ALLWINNER_A10 config switch), so it
does not make sense that we compile this for all the other boards
that need AHCI, too. Let's move it to a separate file that is only
compiled when CONFIG_ALLWINNER_A10 is set.

Signed-off-by: Thomas Huth 
---
 hw/ide/Makefile.objs|   1 +
 hw/ide/ahci-allwinner.c | 127 
 hw/ide/ahci.c   |  95 
 3 files changed, 128 insertions(+), 95 deletions(-)
 create mode 100644 hw/ide/ahci-allwinner.c

diff --git a/hw/ide/Makefile.objs b/hw/ide/Makefile.objs
index 729e9bd..f0edca3 100644
--- a/hw/ide/Makefile.objs
+++ b/hw/ide/Makefile.objs
@@ -10,3 +10,4 @@ common-obj-$(CONFIG_IDE_VIA) += via.o
 common-obj-$(CONFIG_MICRODRIVE) += microdrive.o
 common-obj-$(CONFIG_AHCI) += ahci.o
 common-obj-$(CONFIG_AHCI) += ich.o
+common-obj-$(CONFIG_ALLWINNER_A10) += ahci-allwinner.o
diff --git a/hw/ide/ahci-allwinner.c b/hw/ide/ahci-allwinner.c
new file mode 100644
index 000..c3f1604
--- /dev/null
+++ b/hw/ide/ahci-allwinner.c
@@ -0,0 +1,127 @@
+/*
+ * QEMU Allwinner AHCI Emulation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "hw/hw.h"
+#include "qemu/error-report.h"
+#include "sysemu/block-backend.h"
+#include "sysemu/dma.h"
+#include "hw/ide/internal.h"
+#include "hw/ide/ahci_internal.h"
+
+#include "trace.h"
+
+#define ALLWINNER_AHCI_BISTAFR((0xa0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_BISTCR ((0xa4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_BISTFCTR   ((0xa8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_BISTSR ((0xac - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_BISTDECR   ((0xb0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_DIAGNR0((0xb4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_DIAGNR1((0xb8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_OOBR   ((0xbc - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_PHYCS0R((0xc0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_PHYCS1R((0xc4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_PHYCS2R((0xc8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_TIMER1MS   ((0xe0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_GPARAM1R   ((0xe8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_GPARAM2R   ((0xec - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_PPARAMR((0xf0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_TESTR  ((0xf4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_VERSIONR   ((0xf8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_IDR((0xfc - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_RWCR   ((0xfc - ALLWINNER_AHCI_MMIO_OFF) / 4)
+
+static uint64_t allwinner_ahci_mem_read(void *opaque, hwaddr addr,
+unsigned size)
+{
+AllwinnerAHCIState *a = opaque;
+AHCIState *s = &(SYSBUS_AHCI(a)->ahci);
+uint64_t val = a->regs[addr / 4];
+
+switch (addr / 4) {
+case ALLWINNER_AHCI_PHYCS0R:
+val |= 0x2 << 28;
+break;
+case ALLWINNER_AHCI_PHYCS2R:
+val &= ~(0x1 << 24);
+break;
+}
+trace_allwinner_ahci_mem_read(s, a, addr, val, size);
+return  val;
+}
+
+static void allwinner_ahci_mem_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+AllwinnerAHCIState *a = opaque;
+AHCIState *s = &(SYSBUS_AHCI(a)->ahci);
+
+trace_allwinner_ahci_mem_write(s, a, addr, val, size);
+a->regs[addr / 4] = val;
+}
+
+static const MemoryRegionOps allwinner_ahci_mem_ops = {
+.read = allwinner_ahci_mem_read,
+.write = allwinner_ahci_mem_write,
+.valid.min_access_size = 4,
+.valid.max_access_size = 4,
+.endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void allwinner_ahci_init(Object *obj)
+{
+SysbusAHCIState *s = SYSBUS_AHCI(obj);
+AllwinnerAHCIState *a = ALLWINNER_AHCI(obj);
+
+memory_region_init_io(>mmio, OBJECT(obj), _ahci_mem_ops, a,
+  "allwinner-ahci", ALLWINNER_AHCI_MMIO_SIZE);
+memory_region_add_subregion(>ahci.mem, ALLWINNER_AHCI_MMIO_OFF,
+

Re: [Qemu-devel] [PATCH v7 00/52] tcg queued patches

[Emilio G. Cota]

On Fri, Oct 20, 2017 at 16:19:31 -0700, Richard Henderson wrote:
> A bit silly to keep calling this "tb_lock removal", since it
> doesn't quite, and it has accumulated several additional patches.

Thanks for doing all this work!

I think I went through all of the patches. I also did some testing
(tested the final result plus some intermediate commits that I
thought might be tricky). Looks good (and now we have a booting
icount+MTTCG, although I'm not sure of its usefulness).

Cheers,

Emilio

Re: [Qemu-devel] [PATCH v7 37/52] tcg: Remove CF_IGNORE_ICOUNT

[Emilio G. Cota]

On Fri, Oct 20, 2017 at 16:20:08 -0700, Richard Henderson wrote:
> Now that we have curr_cflags, we can include CF_USE_ICOUNT
> early and then remove it as necessary.
> 
> Signed-off-by: Richard Henderson 

Reviewed-by: Emilio G. Cota 

E.

Re: [Qemu-devel] [PATCH v7 36/52] tcg: Add CF_LAST_IO + CF_USE_ICOUNT to CF_HASH_MASK

[Emilio G. Cota]

On Fri, Oct 20, 2017 at 16:20:07 -0700, Richard Henderson wrote:
> These flags are used by target/*/translate.c,
> and affect code generation.
> 
> Signed-off-by: Richard Henderson 

Reviewed-by: Emilio G. Cota 

E.

Re: [Qemu-devel] QEMU CII Best Practices record

[Peter Maydell]

On 13 October 2017 at 14:25, Daniel P. Berrange  wrote:
> Many projects these days are recording progress wrt CII best practices
> for FLOOS projects. I filled out a record for QEMU:
>
>   https://bestpractices.coreinfrastructure.org/projects/1309
>
> I only looked at the 'Passing' criteria, not considered the 'Silver' and
> 'Gold' criteria. So if anyone else wants to contribute, register an
> account there and tell me the username whereupon I can add you as a
> collaborator.

For the questions about "50% of bug reports must be acknowledged"
and ditto enhancement requests, did you mine the launchpad data
or are you just guessing? :-) Similarly for vulnerability report
response time.

I think you're fudging the test-policy questions in our favour a bit.

>  -  The release notes MUST identify every publicly known vulnerability
> that is fixed in each new release.
>
> I don't see a list of CVEs mentioned in our release Changelogs or
> indeed a historic list of CVEs anywhere even outside the release
> notes ?

Indeed I don't think we do this. I would say that as a project we
essentially push the job of rolling new releases for CVEs, informing
users about CVE fixes, etc, to our downstream distributors.

I suspect we only pass the "no vulns unpatched for more than 60 days"
if you allow "patched in bleeding edge master and in distros
but not in any upstream release" to count.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v7 25/52] tcg: Include CF_COUNT_MASK in CF_HASH_MASK

[Emilio G. Cota]

On Fri, Oct 20, 2017 at 16:19:56 -0700, Richard Henderson wrote:
> Signed-off-by: Richard Henderson 

Reviewed-by: Emilio G. Cota 

E.

Re: [Qemu-devel] [PATCH v7 24/52] tcg: Add CPUState cflags_next_tb

[Emilio G. Cota]

On Fri, Oct 20, 2017 at 16:19:55 -0700, Richard Henderson wrote:
> We were generating code during tb_invalidate_phys_page_range,
> check_watchpoint, cpu_io_recompile, and (seemingly) discarding
> the TB, assuming that it would magically be picked up during
> the next iteration through the cpu_exec loop.
> 
> Instead, record the desired cflags in CPUState so that we request
> the proper TB so that there is no more magic.
> 
> Signed-off-by: Richard Henderson 

Reviewed-by: Emilio G. Cota 

This does indeed fix icount with and without MTTCG. Nice!

E.

Re: [Qemu-devel] [Qemu-block] [PATCH] block: all I/O should be completed before removing throttle timers.

[Stefan Hajnoczi]

On Sat, Oct 21, 2017 at 01:34:00PM +0800, Zhengui Li wrote:
> From: Zhengui 
> 
> In blk_remove_bs, all I/O should be completed before removing throttle
> timers. If there has inflight I/O, removing throttle timers here will
> cause the inflight I/O never return.
> This patch add bdrv_drained_begin before throttle_timers_detach_aio_context
> to let all I/O completed before removing throttle timers.
> 
> Signed-off-by: Zhengui 
> ---
>  block/block-backend.c | 4 
>  1 file changed, 4 insertions(+)

Related (but not equivalent) patch here:
https://patchwork.kernel.org/patch/9970023/

Reviewed-by: Stefan Hajnoczi 

Re: [Qemu-devel] [PATCH v7 22/52] tcg: Use pointers in TCGOp->args

[Emilio G. Cota]

On Fri, Oct 20, 2017 at 16:19:53 -0700, Richard Henderson wrote:
> This limits the indexing into tcg_ctx.temps to initial
> opcode generation time.
> 
> Signed-off-by: Richard Henderson 

Reviewed-by: Emilio G. Cota 

E.

Re: [Qemu-devel] [PATCH v7 21/52] tcg: Use offsets not indices for TCGv_*

[Emilio G. Cota]

On Fri, Oct 20, 2017 at 16:19:52 -0700, Richard Henderson wrote:
> Using the offset of a temporary, relative to TCGContext, rather than
> its index means that we don't use 0.  That leaves offset 0 free for
> a NULL representation without having to leave index 0 unused.
> 
> Signed-off-by: Richard Henderson 
> ---
>  tcg/tcg.h | 37 -
>  1 file changed, 20 insertions(+), 17 deletions(-)
> 
> diff --git a/tcg/tcg.h b/tcg/tcg.h
> index 8f692bc6cf..7fe0fb9e07 100644
> --- a/tcg/tcg.h
> +++ b/tcg/tcg.h
> @@ -429,13 +429,13 @@ typedef TCGv_ptr TCGv_env;
>  #endif
(snip)
>  /* used to align parameters */
> -#define TCG_CALL_DUMMY_ARG  ((TCGArg)(-1))
> +#define TCG_CALL_DUMMY_ARG  ((TCGArg)0)

We're doing something clever here (on a first read I thought TCGContext
was a typo), so I'd leave a comment somewhere. TCG_CALL_DUMMY_ARG might
be a good place to do so; a copy of the commit's message should suffice.

Reviewed-by: Emilio G. Cota 

E.

Re: [Qemu-devel] QEMU CII Best Practices record

[Stefan Hajnoczi]

On Fri, Oct 13, 2017 at 02:25:07PM +0100, Daniel P. Berrange wrote:
> Many projects these days are recording progress wrt CII best practices
> for FLOOS projects. I filled out a record for QEMU:
> 
>   https://bestpractices.coreinfrastructure.org/projects/1309
> 
> I only looked at the 'Passing' criteria, not considered the 'Silver' and
> 'Gold' criteria. So if anyone else wants to contribute, register an
> account there and tell me the username whereupon I can add you as a
> collaborator.
> 
> Two items I don't think QEMU achieves for the basic "Passing" criteria
> 
>  -  The release notes MUST identify every publicly known vulnerability
> that is fixed in each new release.
> 
> I don't see a list of CVEs mentioned in our release Changelogs or
> indeed a historic list of CVEs anywhere even outside the release
> notes ?
> 
>  - It is SUGGESTED that if the software produced by the project includes
>software written using a memory-unsafe language (e.g., C or C++), then
>at least one dynamic tool (e.g., a fuzzer or web application scanner)
>be routinely used in combination with a mechanism to detect memory
>safety problems such as buffer overwrites.
> 
>NB this is not 'coverity' which falls under the 'static anlaysis'
>group. I'm unclear if anyone in the community does regular fuzzing
>or analysis with ASAN & equiv ?

I'm not aware of automated ASAN or Valgrind runs although developers
tend to run them in ad-hoc fashion during development.

Stefan

Re: [Qemu-devel] [PATCH v4 1/4] vhost-user: add new vhost user messages to support virtio config space

[Stefan Hajnoczi]

On Mon, Oct 23, 2017 at 04:47:00AM +, Liu, Changpeng wrote:
> 
> 
> > -Original Message-
> > From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> > Sent: Friday, October 20, 2017 6:01 PM
> > To: Michael S. Tsirkin 
> > Cc: Liu, Changpeng ; qemu-devel@nongnu.org;
> > pbonz...@redhat.com; marcandre.lur...@redhat.com; fel...@nutanix.com;
> > Harris, James R 
> > Subject: Re: [PATCH v4 1/4] vhost-user: add new vhost user messages to 
> > support
> > virtio config space
> > 
> > On Thu, Oct 19, 2017 at 06:36:00PM +0300, Michael S. Tsirkin wrote:
> > > On Thu, Oct 19, 2017 at 04:09:35PM +0200, Stefan Hajnoczi wrote:
> > > > On Thu, Oct 19, 2017 at 01:24:07PM +0800, Changpeng Liu wrote:
> > > > > @@ -922,6 +931,91 @@ static void vhost_user_set_iotlb_callback(struct
> > vhost_dev *dev, int enabled)
> > > > >  /* No-op as the receive channel is not dedicated to IOTLB 
> > > > > messages. */
> > > > >  }
> > > > >
> > > > > +static int vhost_user_get_config(struct vhost_dev *dev, uint8_t 
> > > > > *config,
> > > > > + size_t config_len)
> > > > > +{
> > > > > +VhostUserMsg msg = {
> > > > > +.request = VHOST_USER_GET_CONFIG,
> > > > > +.flags = VHOST_USER_VERSION,
> > > > > +.size = config_len,
> > > > > +};
> > > > > +
> > > > > +if (config_len == 0 || config_len > VHOST_USER_PAYLOAD_SIZE) {
> > > >
> > > > config_len should be limited to 256 bytes:
> > > >
> > > >   if (config_len == 0 || config_len > sizeof(msg.payload.config) {
> > >
> > > I would just limit it to a reasonable value, acceptable to
> > > both master and slave, not fail if it's bigger.
> > >
> > >
> > > > > +error_report("bad config length");
> > > > > +return -1;
> > > > > +}
> > > > > +
> > > > > +if (vhost_user_write(dev, , NULL, 0) < 0) {
> > > > > +return -1;
> > > > > +}
> > > > > +
> > > > > +if (vhost_user_read(dev, ) < 0) {
> > > > > +return -1;
> > > > > +}
> > > > > +
> > > > > +if (msg.request != VHOST_USER_GET_CONFIG) {
> > > > > +error_report("Received unexpected msg type. Expected %d
> > received %d",
> > > > > + VHOST_USER_GET_CONFIG, msg.request);
> > > > > +return -1;
> > > > > +}
> > > > > +
> > > > > +if (msg.size != config_len) {
> > > > > +error_report("Received bad msg size.");
> > > > > +return -1;
> > > > > +}
> > > > > +
> > > > > +memcpy(config, , config_len);
> > > >
> > > > There is some complexity here: different virtio devices use different
> > > > amounts of config space.  Devices may append new fields to the config
> > > > space to support new features.
> > > >
> > > > Therefore I think the simplest protocol is to always fetch the full
> > > > 256-byte configuration space.  This way the vhost-user slave process can
> > > > implement feature bits that the master process does not know about.
> > > >
> > > > In other words, I don't think the master process knows how much of the
> > > > config space is used so it should always request 256 bytes.
> > >
> > > Each device knows the max config space size.
> > >
> > > vdev->config_len = config_size;
> > 
> > I see you're referring to the field that is set in:
> > 
> >   void virtio_init(VirtIODevice *vdev, const char *name,
> >uint16_t device_id, size_t config_size)
> > 
> > How does this work for vhost-user where different slave programs may
> > offer different config sizes?
> Each Qemu vhost controller e.g: vhost-user-scsi-pci and vhost-user-blk-pci 
> should has different char devices, 
> so vhost-slave knows those messages are from vhost-scsi or vhost-blk, of 
> course, each UNIX domain socket
> should be assigned by users with types: vhsot-scsi or vhost-blk.  

We're talking about different things.  Here is an example illustrating
my question:

vhost-user-blk slave A only knows about struct virtio_blk_config fields
up to wce (VIRTIO 1.0).  See
http://docs.oasis-open.org/virtio/virtio/v1.0/cs04/virtio-v1.0-cs04.html#x1-2070004.

vhost-user-blk slave B implements struct virtio_blk_config with the new
num_queues field.  See
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/virtio_blk.h#n56.

Slaves A and B use different struct virtio_blk_config sizes!

Which config size should the vhost-master use?  There is currently no
way to query the size from the slave.

What should slave programs do when the master requests configuration
space data that is the wrong size?

I think the simplest answer is that the master always uses 256 bytes.
Slaves also keep the full 256 bytes stored but their device
implementation may access fewer bytes.

> > The QEMU master process does not know the correct size ahead of time.
> > The size depends on the vhost-user slave process.  This is why I suggest
> > using the full 256 bytes that the VIRTIO spec defines.

Re: [Qemu-devel] [PATCH v4] NUMA: Enable adding NUMA node implicitly

[no-reply]

Hi,

This series failed build test on s390x host. Please find the details below.

Type: series
Message-id: 1508722422-3861-1-git-send-email-douly.f...@cn.fujitsu.com
Subject: [Qemu-devel] [PATCH v4] NUMA: Enable adding NUMA node implicitly

=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
CC=$HOME/bin/cc
INSTALL=$PWD/install
BUILD=$PWD/build
echo -n "Using CC: "
realpath $CC
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --cc=$CC --prefix=$INSTALL
make -j4
# XXX: we need reliable clean up
# make check -j4 V=1
make install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] 
patchew/1508722422-3861-1-git-send-email-douly.f...@cn.fujitsu.com -> 
patchew/1508722422-3861-1-git-send-email-douly.f...@cn.fujitsu.com
 - [tag update]  patchew/cover.1508329282.git.riku.voi...@linaro.org -> 
patchew/cover.1508329282.git.riku.voi...@linaro.org
Switched to a new branch 'test'
b8c0d92 NUMA: Enable adding NUMA node implicitly

=== OUTPUT BEGIN ===
=== ENV ===
XDG_SESSION_ID=59408
SHELL=/bin/sh
USER=fam
PATCHEW=/home/fam/patchew/patchew-cli -s http://patchew.org --nodebug
PATH=/usr/bin:/bin
PWD=/var/tmp/patchew-tester-tmp-s2f2_hxc/src
LANG=en_US.UTF-8
HOME=/home/fam
SHLVL=2
LOGNAME=fam
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1012/bus
XDG_RUNTIME_DIR=/run/user/1012
_=/usr/bin/env
=== PACKAGES ===
gpg-pubkey-873529b8-54e386ff
xz-libs-5.2.2-2.fc24.s390x
libxshmfence-1.2-3.fc24.s390x
giflib-4.1.6-15.fc24.s390x
trousers-lib-0.3.13-6.fc24.s390x
ncurses-base-6.0-6.20160709.fc25.noarch
gmp-6.1.1-1.fc25.s390x
libidn-1.33-1.fc25.s390x
slang-2.3.0-7.fc25.s390x
pkgconfig-0.29.1-1.fc25.s390x
alsa-lib-1.1.1-2.fc25.s390x
yum-metadata-parser-1.1.4-17.fc25.s390x
python3-slip-dbus-0.6.4-4.fc25.noarch
python2-cssselect-0.9.2-1.fc25.noarch
createrepo_c-libs-0.10.0-6.fc25.s390x
initscripts-9.69-1.fc25.s390x
parted-3.2-21.fc25.s390x
flex-2.6.0-3.fc25.s390x
colord-libs-1.3.4-1.fc25.s390x
python-osbs-client-0.33-3.fc25.noarch
perl-Pod-Simple-3.35-1.fc25.noarch
python2-simplejson-3.10.0-1.fc25.s390x
brltty-5.4-2.fc25.s390x
librados2-10.2.4-2.fc25.s390x
tcp_wrappers-7.6-83.fc25.s390x
libcephfs_jni1-10.2.4-2.fc25.s390x
nettle-devel-3.3-1.fc25.s390x
bzip2-devel-1.0.6-21.fc25.s390x
libuuid-2.28.2-2.fc25.s390x
python3-dnf-1.1.10-6.fc25.noarch
texlive-kpathsea-doc-svn41139-33.fc25.1.noarch
openssh-7.4p1-4.fc25.s390x
texlive-kpathsea-bin-svn40473-33.20160520.fc25.1.s390x
texlive-graphics-svn41015-33.fc25.1.noarch
texlive-dvipdfmx-def-svn40328-33.fc25.1.noarch
texlive-mfware-svn40768-33.fc25.1.noarch
texlive-texlive-scripts-svn41433-33.fc25.1.noarch
texlive-euro-svn22191.1.1-33.fc25.1.noarch
texlive-etex-svn37057.0-33.fc25.1.noarch
texlive-iftex-svn29654.0.2-33.fc25.1.noarch
texlive-palatino-svn31835.0-33.fc25.1.noarch
texlive-texlive-docindex-svn41430-33.fc25.1.noarch
texlive-xunicode-svn30466.0.981-33.fc25.1.noarch
texlive-koma-script-svn41508-33.fc25.1.noarch
texlive-pst-grad-svn15878.1.06-33.fc25.1.noarch
texlive-pst-blur-svn15878.2.0-33.fc25.1.noarch
texlive-jknapltx-svn19440.0-33.fc25.1.noarch
texinfo-6.1-4.fc25.s390x
openssl-devel-1.0.2k-1.fc25.s390x
jansson-2.10-2.fc25.s390x
fedora-repos-25-4.noarch
perl-Errno-1.25-387.fc25.s390x
acl-2.2.52-13.fc25.s390x
systemd-pam-231-17.fc25.s390x
NetworkManager-libnm-1.4.4-5.fc25.s390x
poppler-0.45.0-5.fc25.s390x
ccache-3.3.4-1.fc25.s390x
valgrind-3.12.0-9.fc25.s390x
perl-open-1.10-387.fc25.noarch
libgcc-6.4.1-1.fc25.s390x
libsoup-2.56.1-1.fc25.s390x
libstdc++-devel-6.4.1-1.fc25.s390x
libobjc-6.4.1-1.fc25.s390x
python2-rpm-4.13.0.1-2.fc25.s390x
python2-gluster-3.10.5-1.fc25.s390x
rpm-build-4.13.0.1-2.fc25.s390x
glibc-static-2.24-10.fc25.s390x
lz4-1.8.0-1.fc25.s390x
xapian-core-libs-1.2.24-1.fc25.s390x
elfutils-libelf-devel-0.169-1.fc25.s390x
nss-softokn-3.32.0-1.2.fc25.s390x
pango-1.40.9-1.fc25.s390x
glibc-debuginfo-common-2.24-10.fc25.s390x
libaio-0.3.110-6.fc24.s390x
libfontenc-1.1.3-3.fc24.s390x
lzo-2.08-8.fc24.s390x
isl-0.14-5.fc24.s390x
libXau-1.0.8-6.fc24.s390x
linux-atm-libs-2.5.1-14.fc24.s390x
libXext-1.3.3-4.fc24.s390x
libXxf86vm-1.1.4-3.fc24.s390x
bison-3.0.4-4.fc24.s390x
perl-srpm-macros-1-20.fc25.noarch
gawk-4.1.3-8.fc25.s390x
libwayland-client-1.12.0-1.fc25.s390x
perl-Exporter-5.72-366.fc25.noarch
perl-version-0.99.17-1.fc25.s390x
fftw-libs-double-3.3.5-3.fc25.s390x
libssh2-1.8.0-1.fc25.s390x
ModemManager-glib-1.6.4-1.fc25.s390x
newt-python3-0.52.19-2.fc25.s390x
python-munch-2.0.4-3.fc25.noarch
python-bugzilla-1.2.2-4.fc25.noarch
libedit-3.1-16.20160618cvs.fc25.s390x
createrepo_c-0.10.0-6.fc25.s390x
device-mapper-multipath-libs-0.4.9-83.fc25.s390x
yum-3.4.3-510.fc25.noarch
mozjs17-17.0.0-16.fc25.s390x
libselinux-2.5-13.fc25.s390x
python2-pyparsing-2.1.10-1.fc25.noarch

Re: [Qemu-devel] host physical address width issues/questions for x86_64

[Prasad Singamsetty]

On 10/22/2017 11:37 PM, Peter Xu wrote:

On Fri, Oct 20, 2017 at 03:54:21PM -0700, Prasad Singamsetty wrote:



On 10/18/2017 8:33 PM, Peter Xu wrote:

On Wed, Oct 18, 2017 at 10:19:31AM -0700, Prasad Singamsetty wrote:



On 10/16/2017 8:56 PM, Peter Xu wrote:

On Mon, Oct 16, 2017 at 10:02:25AM -0700, Prasad Singamsetty wrote:



On 10/14/2017 8:53 PM, Peter Xu wrote:

On Fri, Oct 13, 2017 at 11:14:03AM -0600, Alex Williamson wrote:

On Fri, 13 Oct 2017 18:01:44 +0100
"Dr. David Alan Gilbert"  wrote:


* Prasad Singamsetty (prasad.singamse...@oracle.com) wrote:

Hi,

I am new to the alias. I have some questions on this subject
and seek some clarifications from the experts in the team.
I ran into a couple of issues when I tried with large configuration
( >= 1TB memory, > 255 CPUs) for x86_64 guest machine.

1. QEMU uses the default value of 40 (TCG_PHYS_ADDR_BITS) for address
width if user has not specified phys-bits or host-phys-bits=true
property. The default value is obviously not sufficient and
causing guest kernel to crash if configured with >= 1TB
memory. Depending on the linux kernel version in the guest the
panic was in different code paths. The workaround is for the
user to specify the phys-bits property or set the property
host-phys-bits=true.

QUESTIONS:

...

2. host_address_width in DMAR table structure

In this case, the default value is set to 39
(VTD_HOST_ADDRESS_WIDTH - 1). With interrupt remapping
enabled for the intel iommu and the guest is configured
with > 255 cpus and >= 1TB memory, the guest kernel hangs
during boot up. This need to be fixed.

QUESTION:
The question here again is can we fix this to use the
real address width from the host as the default?


I don't know DMAR stuff; chatting to Alex (cc'd) it does sound
like that's an ommission that should be fixed.


[CC +Peter]

On physical hardware VT-d supports either 39 or 48 bit address widths
and generally you'd expect a sufficiently capable IOMMU to be matched
with the CPU.  Seems QEMU has only implemented a lower bit width and
it should probably be forcing phys bits of the VM to 39 to match until
the extended width can be implemented.  Thanks,

Alex


There were patches that tried to enable 48 bits GAW but it was
not accepted somehow:

   https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01886.html

Would this help in any way?



Thanks Alex for the patch info. Just curious why the patch was not
accepted. Any way, I will try it.


I don't sure I know the reason.  Anyway, it originated from one of
Fam's request for some NVMe tests.  If it can really help for your use
case as well, please feel free to revive those patches, or let me know
so that I can respin.  Thanks,



Thanks Peter. I will start with your patch and see if I can get
it to work first.

A quick question. Looking at the code, it doesn't look like there
is a way to disable dma remapping. User may have a case where he
is interested only in interrupt remapping (for > 255 cpus) and
not DMA remapping. Is that scenario considered before?


It can be done in the guest if the guest doesn't want DMAR.

Note that there are two isolated kernel tunables for the VT-d device:

- intel_iommu: "on" to turn on DMAR, "off" to turn off DMAR
- intremap:"on" to turn on IR, "off" to turn off IR

So even if guest has "intel_iommu=off" in its boot parameter, IR will
still be on by default (or specify it explicitly using "intremap=on").


Thanks Peter. I think I figured out the problem in my test case
due to VTD_HOST_ADDRESS_WIDTH.

Problem scenario:

Guest kernel (machine type q35) is configured with 1TB memory.
With interrupt remapping enabled, the interrupt remapping
table is allocated by the guest kernel which can be any
where in the available physical memory. In my test case,
the physical address of the table is 0xfc3ec0. And
this gets truncated by vtd_interrupt_remap_table_setup()
function to 0x7c3ec0. This causes guest kernel to
get invalid data later on and it loops forever in
qi_submit_sync() in the guest kernel trying check fault
status.

This is after applying the patch from Peter Xu. The patch
is incomplete as the VTD_HAW_MASK is unchanged so it is
defined for 39 bits. There are several other masks defined
based on this in accessing iommu data structures. So, more
changes needed to implement Peter's approach of providing
x-aw-bits property.


Indeed.



Proposal:

We can simply change the VTD_HOST_ADDRESS_WIDTH to 48 bits
with out any other changes to the code. The current set of
features in the intel iommu emulator code works for q35
machine type and it doesn't have any other side effect.
Since the remapping tables are allocated by the guest kernel
they are always within the phys-bits range and as long
as the same range supported by intel iommu code in QEMU
it works fine. For the current q35 machine type, all the
supported cpus have <= 48 bits as the physical address

Re: [Qemu-devel] [PATCH v1 2/2] ide: support reporting of rotation rate

[John Snow]

On 10/20/2017 05:02 AM, Daniel P. Berrange wrote:
> On Fri, Oct 20, 2017 at 10:42:21AM +0200, Kevin Wolf wrote:
>> [ Cc: qemu-block ]
>>
>> Am 04.10.2017 um 13:40 hat Daniel P. Berrange geschrieben:
>>> The Linux kernel will query the ATA IDENTITY DEVICE data, word 217
>>> to determine the rotations per minute of the disk. If this has
>>> the value 1, it is taken to be an SSD and so Linux sets the
>>> 'rotational' flag to 0 for the I/O queue and will stop using that
>>> disk as a source of random entropy. Other operating systems may
>>> also take into account rotation rate when setting up default
>>> behaviour.
>>>
>>> Mgmt apps should be able to set the rotation rate for virtualized
>>> block devices, based on characteristics of the host storage in use,
>>> so that the guest OS gets sensible behaviour out of the box. This
>>> patch thus adds a 'rotation-rate' parameter for 'ide-hd' device
>>> types.
>>>
>>> Signed-off-by: Daniel P. Berrange 
>>> ---
>>>  hw/ide/core.c | 1 +
>>>  hw/ide/qdev.c | 1 +
>>>  include/hw/ide/internal.h | 8 
>>>  3 files changed, 10 insertions(+)
>>>
>>> diff --git a/hw/ide/core.c b/hw/ide/core.c
>>> index 5f1cd3b91f..a04766aee7 100644
>>> --- a/hw/ide/core.c
>>> +++ b/hw/ide/core.c
>>> @@ -208,6 +208,7 @@ static void ide_identify(IDEState *s)
>>>  if (dev && dev->conf.discard_granularity) {
>>>  put_le16(p + 169, 1); /* TRIM support */
>>>  }
>>> +put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate 
>>> */
>>
>> Coverity points out that all other dereferences of dev have a NULL check
>> first. Are we sure that it is always non-NULL?
>>
>> A follow-up patch is necessary either way. Either fix the missing NULL
>> check here or remove useless NULL checks in the other places.
> 
> 'dev' comes from:
> 
> IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master;
> 
> IIUC, this is choosing either the first or the second unit on the IDE
> bus. Presumably this can be lead to dev==NULL, when the guest OS calls
> identify on a unit that doesn't have a drive attached. Soo the NULL
> checks looks like its required to me.
> 
> Regards,
> Daniel
> 

I'm sorry I didn't notice. I had an unexpected LOA, has this been addressed?

CC me and I will take care of it.

--John