[Qemu-devel] [PATCH qemu] vfio-pci: Remove unused fields from VFIOMSIXInfo

2017-11-21 Thread Alexey Kardashevskiy 
Signed-off-by: Alexey Kardashevskiy 
---
 hw/vfio/pci.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
index c5e168e..06dcf99 100644
--- a/hw/vfio/pci.h
+++ b/hw/vfio/pci.h
@@ -93,8 +93,6 @@ typedef struct VFIOMSIXInfo {
 uint16_t entries;
 uint32_t table_offset;
 uint32_t pba_offset;
-MemoryRegion mmap_mem;
-void *mmap;
 unsigned long *pending;
 } VFIOMSIXInfo;
 
-- 
2.11.0

[Qemu-devel] [PATCH] x86/cpu: Enable new SSE/AVX/AVX512 cpu features

2017-11-21 Thread Yang Zhong 
Intel IceLake cpu has added new cpu features,AVX512_VBMI2/GFNI/
VAES/VPCLMULQDQ/AVX512_VNNI/AVX512_BITALG. Those new cpu features
need expose to guest VM.

The bit definition:
CPUID.(EAX=7,ECX=0):ECX[bit 06] AVX512_VBMI2
CPUID.(EAX=7,ECX=0):ECX[bit 08] GFNI
CPUID.(EAX=7,ECX=0):ECX[bit 09] VAES
CPUID.(EAX=7,ECX=0):ECX[bit 10] VPCLMULQDQ
CPUID.(EAX=7,ECX=0):ECX[bit 11] AVX512_VNNI
CPUID.(EAX=7,ECX=0):ECX[bit 12] AVX512_BITALG

The release document ref below link:
https://software.intel.com/sites/default/files/managed/c5/15/\
architecture-instruction-set-extensions-programming-reference.pdf

Signed-off-by: Yang Zhong 
---
 target/i386/cpu.c | 6 +++---
 target/i386/cpu.h | 6 ++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 045d661..a67ced2 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -437,9 +437,9 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
 [FEAT_7_0_ECX] = {
 .feat_names = {
 NULL, "avx512vbmi", "umip", "pku",
-"ospke", NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, "avx512-vpopcntdq", NULL,
+"ospke", NULL, "avx512vbmi2", NULL,
+"gfni", "vaes", "vpclmulqdq", "avx512vnni",
+"avx512bitalg", NULL, "avx512-vpopcntdq", NULL,
 "la57", NULL, NULL, NULL,
 NULL, NULL, "rdpid", NULL,
 NULL, NULL, NULL, NULL,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index b086b15..cdbf8b0 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -635,6 +635,12 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
 #define CPUID_7_0_ECX_UMIP (1U << 2)
 #define CPUID_7_0_ECX_PKU  (1U << 3)
 #define CPUID_7_0_ECX_OSPKE(1U << 4)
+#define CPUID_7_0_ECX_VBMI2(1U << 6) /* Additional VBMI Instrs */
+#define CPUID_7_0_ECX_GFNI (1U << 8)
+#define CPUID_7_0_ECX_VAES (1U << 9)
+#define CPUID_7_0_ECX_VPCLMULQDQ (1U << 10)
+#define CPUID_7_0_ECX_AVX512VNNI (1U << 11)
+#define CPUID_7_0_ECX_AVX512BITALG (1U << 12)
 #define CPUID_7_0_ECX_AVX512_VPOPCNTDQ (1U << 14) /* POPCNT for vectors of 
DW/QW */
 #define CPUID_7_0_ECX_LA57 (1U << 16)
 #define CPUID_7_0_ECX_RDPID(1U << 22)
-- 
1.9.1

Re: [Qemu-devel] [PATCH] iotests: fix 075 and 078

2017-11-21 Thread Lukáš Doktor 
Dne 22.11.2017 v 01:16 John Snow napsal(a):
> Both of these tests are for formats which now stipulate that they are
> read-only. Adjust the tests to match.
> 
> Signed-off-by: John Snow 
> ---
>  tests/qemu-iotests/075 | 18 +-
>  tests/qemu-iotests/078 | 14 +++---
>  2 files changed, 16 insertions(+), 16 deletions(-)

Reviewed-by: Lukáš Doktor  

Yep, fixes the issue with "Opening cloop images without an explicit 
read-only=on option is deprecated. Future versions will refuse to open the 
image instead of automatically marking the image read-only.".

Lukáš



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] Remove MemoryRegionSection check code from sparc_cpu_get_phys_page_debug()

2017-11-21 Thread Jean-Christophe Dubois 
This code is preventing the MMU debug code from displaying virtual
mappings of IO devices (anything that is not located in the RAM).

Before this patch, Qemu would output 0x (-1) as the
physical address corresponding to a IO device virtual address.

With this patch the intended physical adresse is displayed.

Signed-off-by: Jean-Christophe Dubois 
---
 target/sparc/mmu_helper.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index d5b6c1e48c..f2d2250e7a 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -857,18 +857,12 @@ hwaddr sparc_cpu_get_phys_page_debug(CPUState *cs, vaddr 
addr)
 CPUSPARCState *env = >env;
 hwaddr phys_addr;
 int mmu_idx = cpu_mmu_index(env, false);
-MemoryRegionSection section;
 
 if (cpu_sparc_get_phys_page(env, _addr, addr, 2, mmu_idx) != 0) {
 if (cpu_sparc_get_phys_page(env, _addr, addr, 0, mmu_idx) != 0) {
 return -1;
 }
 }
-section = memory_region_find(get_system_memory(), phys_addr, 1);
-memory_region_unref(section.mr);
-if (!int128_nz(section.size)) {
-return -1;
-}
 return phys_addr;
 }
 #endif
-- 
2.14.1

[Qemu-devel] [Bug 1733720] Re: raspi2 with multiple CPU's #1

2017-11-21 Thread Ken Dickey 
Sorry again, "MPIDR"

Gotta learn to type!

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1733720

Title:
  raspi2 with multiple CPU's #1

Status in QEMU:
  Invalid

Bug description:
  Greetings,

  I am running a small program for raspi2 (from
  http://wiki.osdev.org/ARM_RaspberryPi_Tutorial_C).

  This code writes "Hello World", but the output ir repeated 4 times.

  My thought was that this is emulating a 4 cpu core system.

  However, when I check the MPIDR registed for CPU number, it always
  returns 1.

  I git cloned github.com/qemu/qemu.git, made & installed on Acer ARM
  CB5-311 under Crouton/ubuntu.

  
  ./qemu.sh 
  

  Linux:armv7l: ~/Downloads/RaspiTest/BareBones >>> uname -a
  Linux localhost 3.10.18 #1 SMP Mon Nov 13 16:34:10 PST 2017 armv7l armv7l 
armv7l GNU/Linux

  Linux:armv7l: ~/Downloads/RaspiTest/BareBones >>> qemu-system-arm --version
  QEMU emulator version 2.10.91 (v2.11.0-rc1-dirty)
  Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers

  =
  static inline uint32_t read_mpdir(void)
  {
uint32_t id;

asm volatile("mrc p15, 0, %[id], c0, c0, 0 @ read MIDR\n\t"
   : [id] "=r" (id));
return id;
  }
  ==
  void kernel_main(uint32_t r0, uint32_t r1, uint32_t atags)
  {
// Declare as unused
(void) r0;
(void) r1;
(void) atags;

  uint32_t cpu_id;

  cpu_id = read_mpdir() & 0x03;

  uart_putc( "01234"[cpu_id] ); /* output is "" */

  if (cpu_id == 0) { /* code never executes 8^( */ }

  == qemu.sh
  qemu-system-arm -m 256 -M raspi2 -no-reboot -serial stdio  -kernel myos.elf

  Thanks much,
  -KenD

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1733720/+subscriptions

[Qemu-devel] [Bug 1733720] Re: raspi2 with multiple CPU's #1

2017-11-21 Thread Ken Dickey 
NOT A BUG

Reviewed the code and found the problem.

asm volatile("mrc p15, 0, %[id], c0, c0, 0 @ read MIDR\n\t" ...

I miscopied the code above; MIDR should have been MIPDR ( 5 )

I now get:

Linux:armv7l: ~/Downloads/RaspiTest/BareBones >>> ./qemu.sh 
0H312ello, kernel World!

Sorry about the bogus report!
-KenD

** Changed in: qemu
   Status: New => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1733720

Title:
  raspi2 with multiple CPU's #1

Status in QEMU:
  Invalid

Bug description:
  Greetings,

  I am running a small program for raspi2 (from
  http://wiki.osdev.org/ARM_RaspberryPi_Tutorial_C).

  This code writes "Hello World", but the output ir repeated 4 times.

  My thought was that this is emulating a 4 cpu core system.

  However, when I check the MPIDR registed for CPU number, it always
  returns 1.

  I git cloned github.com/qemu/qemu.git, made & installed on Acer ARM
  CB5-311 under Crouton/ubuntu.

  
  ./qemu.sh 
  

  Linux:armv7l: ~/Downloads/RaspiTest/BareBones >>> uname -a
  Linux localhost 3.10.18 #1 SMP Mon Nov 13 16:34:10 PST 2017 armv7l armv7l 
armv7l GNU/Linux

  Linux:armv7l: ~/Downloads/RaspiTest/BareBones >>> qemu-system-arm --version
  QEMU emulator version 2.10.91 (v2.11.0-rc1-dirty)
  Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers

  =
  static inline uint32_t read_mpdir(void)
  {
uint32_t id;

asm volatile("mrc p15, 0, %[id], c0, c0, 0 @ read MIDR\n\t"
   : [id] "=r" (id));
return id;
  }
  ==
  void kernel_main(uint32_t r0, uint32_t r1, uint32_t atags)
  {
// Declare as unused
(void) r0;
(void) r1;
(void) atags;

  uint32_t cpu_id;

  cpu_id = read_mpdir() & 0x03;

  uart_putc( "01234"[cpu_id] ); /* output is "" */

  if (cpu_id == 0) { /* code never executes 8^( */ }

  == qemu.sh
  qemu-system-arm -m 256 -M raspi2 -no-reboot -serial stdio  -kernel myos.elf

  Thanks much,
  -KenD

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1733720/+subscriptions

[Qemu-devel] [PATCH qemu] vfio: Allow configuration without INTx

2017-11-21 Thread Alexey Kardashevskiy 
On some platforms INTx may not be enabled on a KVM host (one such
example is IBM pHyp hypervisor and this is intentional). However
the PCI_INTERRUPT_PIN is not 0 so QEMU tries initializing INTx, fails as
(!vdev->pdev->irq) in the VFIO's vfio_intx_enable() and this is
a fatal error.

This adds a debug switch - "x-no-intx" - in order to allow broken INTx
configuration.

Signed-off-by: Alexey Kardashevskiy 
---

In practice, test teams run PR KVM under HV KVM and there INTx is enabled
on all levels so having this as a debug switch is enough.
---
 hw/vfio/pci.h | 1 +
 hw/vfio/pci.c | 8 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
index 502a575..c5e168e 100644
--- a/hw/vfio/pci.h
+++ b/hw/vfio/pci.h
@@ -141,6 +141,7 @@ typedef struct VFIOPCIDevice {
 bool has_flr;
 bool has_pm_reset;
 bool rom_read_failed;
+bool no_intx;
 bool no_kvm_intx;
 bool no_kvm_msi;
 bool no_kvm_msix;
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index c977ee3..c9caf6a 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -2869,7 +2869,12 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
 pci_device_set_intx_routing_notifier(>pdev, vfio_intx_update);
 ret = vfio_intx_enable(vdev, errp);
 if (ret) {
-goto out_teardown;
+if (vdev->no_intx) {
+error_report_err(*errp);
+*errp = NULL;
+} else {
+goto out_teardown;
+}
 }
 }
 
@@ -2986,6 +2991,7 @@ static Property vfio_pci_dev_properties[] = {
 DEFINE_PROP_BIT("x-igd-opregion", VFIOPCIDevice, features,
 VFIO_FEATURE_ENABLE_IGD_OPREGION_BIT, false),
 DEFINE_PROP_BOOL("x-no-mmap", VFIOPCIDevice, vbasedev.no_mmap, false),
+DEFINE_PROP_BOOL("x-no-intx", VFIOPCIDevice, no_intx, false),
 DEFINE_PROP_BOOL("x-no-kvm-intx", VFIOPCIDevice, no_kvm_intx, false),
 DEFINE_PROP_BOOL("x-no-kvm-msi", VFIOPCIDevice, no_kvm_msi, false),
 DEFINE_PROP_BOOL("x-no-kvm-msix", VFIOPCIDevice, no_kvm_msix, false),
-- 
2.11.0

[Qemu-devel] [PATCH qemu] vfio/spapr: Allow fallback to SPAPR TCE IOMMU v1

2017-11-21 Thread Alexey Kardashevskiy 
The vfio_iommu_spapr_tce driver always advertises v1 and v2 IOMMU support,
however PR KVM (a special version of KVM designed to work in
a paravirtualized system; these days used for nested virtualizaion) only
supports the "pseries" platform which does not support v2. Since there is
no way to choose the IOMMU version in QEMU, it fails to start.

This adds a fallback to the v1 IOMMU if v2 cannot be used.

Signed-off-by: Alexey Kardashevskiy 
---
 hw/vfio/common.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 7b2924c..cd81cc9 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -1040,6 +1040,11 @@ static int vfio_connect_container(VFIOGroup *group, 
AddressSpace *as,
 v2 ? VFIO_SPAPR_TCE_v2_IOMMU : VFIO_SPAPR_TCE_IOMMU;
 ret = ioctl(fd, VFIO_SET_IOMMU, container->iommu_type);
 if (ret) {
+container->iommu_type = VFIO_SPAPR_TCE_IOMMU;
+v2 = false;
+ret = ioctl(fd, VFIO_SET_IOMMU, container->iommu_type);
+}
+if (ret) {
 error_setg_errno(errp, errno, "failed to set iommu for container");
 ret = -errno;
 goto free_container_exit;
-- 
2.11.0

Re: [Qemu-devel] [PATCH v2 4/7] s390x/pci: rework PCI STORE BLOCK

2017-11-21 Thread Yi Min Zhao 



在 2017/11/22 上午2:07, Pierre Morel 写道:

On 21/11/2017 11:42, Cornelia Huck wrote:

On Thu, 16 Nov 2017 18:51:52 +0100
Pierre Morel  wrote:


Enhance the fault detection.

Fixup the precedence to check the destination path existance
before checking for the source accessibility.

Add the maxstbl entry to both the Query PCI Function Group
response and the PCIBusDevice structure.

Initialize the maxstbl to 128 per default until we get
the actual data from the hardware.

Signed-off-by: Pierre Morel 
Reviewed-by: Yi Min Zhao 
---
  hw/s390x/s390-pci-bus.h  |  1 +
  hw/s390x/s390-pci-inst.c | 62 
+---

  hw/s390x/s390-pci-inst.h |  2 +-
  3 files changed, 40 insertions(+), 25 deletions(-)


@@ -700,8 +685,33 @@ int pcistb_service_call(S390CPU *cpu, uint8_t 
r1, uint8_t r3, uint64_t gaddr,

  break;
  }
  +    if (pcias > 5) {
+    DPRINTF("pcistb invalid space\n");
+    setcc(cpu, ZPCI_PCI_LS_ERR);
+    s390_set_status_code(env, r1, ZPCI_PCI_ST_INVAL_AS);
+    return 0;
+    }
+
+    /* Verify the address, offset and length */
+    /* offset must be a multiple of 8 */
+    if (offset % 8) {
+    goto addressing_error;
+    }
+    /* Length must be greater than 8, a multiple of 8, not greater 
maxstbl */


"not greater than maxstlb"


Better I know but greater that 80 characters, this is why I preferred 
broken English.

What do I do ? break the line or English ?

less than?





+    if ((len <= 8) || (len % 8) || (len > pbdev->maxstbl)) {
+    goto addressing_error;
+    }
+    /* Do not cross a 4K-byte boundary */
+    if (((offset & 0xfff) + len) > 0x1000) {
+    goto addressing_error;
+    }
+    /* Guest address must be double word aligned */
+    if (gaddr & 0x07UL) {
+    goto addressing_error;
+    }
+
  mr = pbdev->pdev->io_regions[pcias].memory;
-    if (!memory_region_access_valid(mr, env->regs[r3], len, true)) {
+    if (!memory_region_access_valid(mr, offset, len, true)) {
  program_interrupt(env, PGM_OPERAND, 6);
  return 0;
  }


Looks good.

[Qemu-devel] Why qemu with kvm enabled can boot kernel even if identity page map is not set correctly?

2017-11-21 Thread Ding Fei 
Hi all. Firstly, sorry if it's the wrong place to ask such a question!

In the early stages of boot process, kernel need identity mapped page
setup when switching gdt

[https://github.com/torvalds/linux/blob/ed30b147e1f6e396e70a52dbb6c7d66befedd786/arch/x86/kernel/head_64.S#L133-L137]

as code here

[https://github.com/torvalds/linux/blob/ed30b147e1f6e396e70a52dbb6c7d66befedd786/arch/x86/kernel/head64.c#L98-L138]

implies. That's why the first few entries of early_dynamic_pgts are
set to map the kernel text range [_text, _end].
But as we discussed about the role of these entries, we delete them

[https://github.com/torvalds/linux/blob/ed30b147e1f6e396e70a52dbb6c7d66befedd786/arch/x86/kernel/head64.c#L98-L138]

and recompile the kernel, then test it on qemu. Without '-enable-kvm'
option the kernel won't boot as we expected,
but with kvm option on, the kernel can boot and everything runs well,
really to our surprise.

So I guess there are something under the hood done by kvm, which
doesn't obey the rules of
how a real physical machine behaves.

I've setup a debug environment that the page table mis-configed kernel
runs inside qemu, which nested inside
vmware workstation with EPT enabled, and gdb on the host to debug the
kernel kvm of vmware kernel.

But without any luck I've spent a whole day try to catch what is
happening inside kvm, I still can't figure out the
real magic point that jump through the broken page table. It seems
that the code just jumps randomly.

Can anyone confirm what we've observed? Is it designed to be like that?
Any details or explanation would be really appreciated!

-- 
Best Regards

Ding Fei
E-mail: danix...@gmail.com

[Qemu-devel] [Bug 1733720] [NEW] raspi2 with multiple CPU's #1

2017-11-21 Thread Ken Dickey 
Public bug reported:

Greetings,

I am running a small program for raspi2 (from
http://wiki.osdev.org/ARM_RaspberryPi_Tutorial_C).

This code writes "Hello World", but the output ir repeated 4 times.

My thought was that this is emulating a 4 cpu core system.

However, when I check the MPIDR registed for CPU number, it always
returns 1.

I git cloned github.com/qemu/qemu.git, made & installed on Acer ARM
CB5-311 under Crouton/ubuntu.


./qemu.sh 


Linux:armv7l: ~/Downloads/RaspiTest/BareBones >>> uname -a
Linux localhost 3.10.18 #1 SMP Mon Nov 13 16:34:10 PST 2017 armv7l armv7l 
armv7l GNU/Linux

Linux:armv7l: ~/Downloads/RaspiTest/BareBones >>> qemu-system-arm --version
QEMU emulator version 2.10.91 (v2.11.0-rc1-dirty)
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers

=
static inline uint32_t read_mpdir(void)
{
  uint32_t id;
  
  asm volatile("mrc p15, 0, %[id], c0, c0, 0 @ read MIDR\n\t"
   : [id] "=r" (id));
  return id;
}
==
void kernel_main(uint32_t r0, uint32_t r1, uint32_t atags)
{
// Declare as unused
(void) r0;
(void) r1;
(void) atags;

uint32_t cpu_id;

cpu_id = read_mpdir() & 0x03;

uart_putc( "01234"[cpu_id] ); /* output is "" */

if (cpu_id == 0) { /* code never executes 8^( */ }

== qemu.sh
qemu-system-arm -m 256 -M raspi2 -no-reboot -serial stdio  -kernel myos.elf

Thanks much,
-KenD

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1733720

Title:
  raspi2 with multiple CPU's #1

Status in QEMU:
  New

Bug description:
  Greetings,

  I am running a small program for raspi2 (from
  http://wiki.osdev.org/ARM_RaspberryPi_Tutorial_C).

  This code writes "Hello World", but the output ir repeated 4 times.

  My thought was that this is emulating a 4 cpu core system.

  However, when I check the MPIDR registed for CPU number, it always
  returns 1.

  I git cloned github.com/qemu/qemu.git, made & installed on Acer ARM
  CB5-311 under Crouton/ubuntu.

  
  ./qemu.sh 
  

  Linux:armv7l: ~/Downloads/RaspiTest/BareBones >>> uname -a
  Linux localhost 3.10.18 #1 SMP Mon Nov 13 16:34:10 PST 2017 armv7l armv7l 
armv7l GNU/Linux

  Linux:armv7l: ~/Downloads/RaspiTest/BareBones >>> qemu-system-arm --version
  QEMU emulator version 2.10.91 (v2.11.0-rc1-dirty)
  Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers

  =
  static inline uint32_t read_mpdir(void)
  {
uint32_t id;

asm volatile("mrc p15, 0, %[id], c0, c0, 0 @ read MIDR\n\t"
   : [id] "=r" (id));
return id;
  }
  ==
  void kernel_main(uint32_t r0, uint32_t r1, uint32_t atags)
  {
// Declare as unused
(void) r0;
(void) r1;
(void) atags;

  uint32_t cpu_id;

  cpu_id = read_mpdir() & 0x03;

  uart_putc( "01234"[cpu_id] ); /* output is "" */

  if (cpu_id == 0) { /* code never executes 8^( */ }

  == qemu.sh
  qemu-system-arm -m 256 -M raspi2 -no-reboot -serial stdio  -kernel myos.elf

  Thanks much,
  -KenD

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1733720/+subscriptions

Re: [Qemu-devel] [PATCH 00/12] Add MVME3100 PPC SBC

2017-11-21 Thread Michael Davidsaver 
On 11/21/2017 10:12 PM, David Gibson wrote:
...
> I've applied several patches from this series to ppc-for-2.12, others
> I've commented on.  If you could address the comments and rebase
> what's left on ppc-for-2.12, that would be great.

Will do.



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 03/12] e500: note possible bug with host bridge

2017-11-21 Thread Michael Davidsaver 
On 11/21/2017 09:46 PM, David Gibson wrote:
> On Sun, Nov 19, 2017 at 09:24:11PM -0600, Michael Davidsaver wrote:
>> Signed-off-by: Michael Davidsaver 
> 
> I'm not sure if you're saying you think there is a hardware bug which
> we're faithfully emulating, or a software bug.

I mean that the emulation is incorrect in that it just sets
config[PCI_HEADER_TYPE]==PCI_HEADER_TYPE_BRIDGE but does none of the
other initialization of the base-pci-bridge class.

I specifically observed Linux being confused by the fact that the
primary, secondary, and subordinate bus registers don't work right
because they're actually the BAR2 address register.

Further, it seems odd that a host bridge would identify itself as a
pci-to-pci bridge.  The mpc8540 doesn't.  The mpc8544 docs aren't clear,
and I don't have a real one to test.  My inclination is to remove the
line changing PCI_HEADER_TYPE, but I'm hesitant about breaking things.
Especially since this doesn't trigger mis-behavior in Linux or RTEMS.

>> ---
>>  hw/pci-host/ppce500.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/hw/pci-host/ppce500.c b/hw/pci-host/ppce500.c
>> index f2d108bc8a..0e2833bd98 100644
>> --- a/hw/pci-host/ppce500.c
>> +++ b/hw/pci-host/ppce500.c
>> @@ -424,6 +424,9 @@ static void e500_pcihost_bridge_realize(PCIDevice *d, 
>> Error **errp)
>>  MemoryRegion *ccsr_mr = sysbus_mmio_get_region(ccsr, 0);
>>  
>>  pci_config_set_class(d->config, PCI_CLASS_BRIDGE_PCI);
>> +/* BUG? identifies as PCI_HEADER_TYPE_BRIDGE but uses
>> + * standard device config read/write
>> + */
>>  d->config[PCI_HEADER_TYPE] =
>>  (d->config[PCI_HEADER_TYPE] & PCI_HEADER_TYPE_MULTI_FUNCTION) |
>>  PCI_HEADER_TYPE_BRIDGE;
> 




signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PULL 3/3] ppc: fix VTB migration

2017-11-21 Thread David Gibson 
From: Laurent Vivier 

Migration of a system under stress (for example, with
"stress-ng --numa 2") triggers on the destination
some kernel watchdog messages like:

NMI watchdog: BUG: soft lockup - CPU#0 stuck for 3489660870s!
NMI watchdog: BUG: soft lockup - CPU#1 stuck for 3489660884s!

This problem appears with the changes introduced by
42043e4 spapr: clock should count only if vm is running

I think this commit only triggers the problem.

Kernel computes the soft lockup duration using the
Virtual Timebase register (VTB), not using the Timebase
Register (TBR, the one 42043e4 stops).

It appears VTB is not migrated, so this patch adds it in
the list of the SPRs to migrate, and fixes the problem.

For the migration, I've tested a migration from qemu-2.8.0 and
pseries-2.8.0 to a patched master (qemu-2.11.0-rc1). The received
VTB is 0 (as is it not initialized by qemu-2.8.0), but the value
seems to be ignored by KVM and a non zero VTB is used by the kernel.
I have no explanation for that, but as the original problem appears
only with SMP system under stress I suspect some problems in KVM
(I think because VTB is shared by all threads of a core).

Signed-off-by: Laurent Vivier 
Signed-off-by: David Gibson 
---
 target/ppc/translate_init.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index b9c49c22f2..4e11e6f489 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -8081,10 +8081,10 @@ static void gen_spr_power8_ebb(CPUPPCState *env)
 /* Virtual Time Base */
 static void gen_spr_vtb(CPUPPCState *env)
 {
-spr_register(env, SPR_VTB, "VTB",
+spr_register_kvm(env, SPR_VTB, "VTB",
  SPR_NOACCESS, SPR_NOACCESS,
  _read_tbl, SPR_NOACCESS,
- 0x);
+ KVM_REG_PPC_VTB, 0x);
 }
 
 static void gen_spr_power8_fscr(CPUPPCState *env)
-- 
2.14.3

[Qemu-devel] [PULL 2/3] spapr: Implement bug in spapr-vty device to be compatible with PowerVM

2017-11-21 Thread David Gibson 
The spapr-vty device implements the PAPR defined virtual console,
which is also implemented by IBM's proprietary PowerVM hypervisor.

PowerVM's implementation has a bug where it inserts an extra \0 after
every \r going to the guest.  Because of that Linux's guest side
driver has a workaround which strips \0 characters that appear
immediately after a \r.

That means that when running under qemu, sending a binary stream from
host to guest via spapr-vty which happens to include a \r\0 sequence
will get corrupted by that workaround.

To deal with that, this patch duplicates PowerVM's bug, inserting an
extra \0 after each \r.  Ugly, but the best option available.

Signed-off-by: David Gibson 
Reviewed-by: Thomas Huth 
Reviewed-by: Greg Kurz 
---
 hw/char/spapr_vty.c | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/hw/char/spapr_vty.c b/hw/char/spapr_vty.c
index 0fa416ca6b..6748334ded 100644
--- a/hw/char/spapr_vty.c
+++ b/hw/char/spapr_vty.c
@@ -58,6 +58,24 @@ static int vty_getchars(VIOsPAPRDevice *sdev, uint8_t *buf, 
int max)
 
 while ((n < max) && (dev->out != dev->in)) {
 buf[n++] = dev->buf[dev->out++ % VTERM_BUFSIZE];
+
+/* PowerVM's vty implementation has a bug where it inserts a
+ * \0 after every \r going to the guest.  Existing guests have
+ * a workaround for this which removes every \0 immediately
+ * following a \r, so here we make ourselves bug-for-bug
+ * compatible, so that the guest won't drop a real \0-after-\r
+ * that happens to occur in a binary stream. */
+if (buf[n - 1] == '\r') {
+if (n < max) {
+buf[n++] = '\0';
+} else {
+/* No room for the extra \0, roll back and try again
+ * next time */
+dev->out--;
+n--;
+break;
+}
+}
 }
 
 qemu_chr_fe_accept_input(>chardev);
-- 
2.14.3

[Qemu-devel] [PULL 0/3] ppc-for-2.11 queue 20171122

2017-11-21 Thread David Gibson 
The following changes since commit a15d835f00dce270fd3194e83d9910f4b5b44ac0:

  Update version for v2.11.0-rc2 release (2017-11-21 17:50:36 +)

are available in the Git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-2.11-20171122

for you to fetch changes up to 6dd836f5d32b989e18c6dda655a26f4d73a52f6a:

  ppc: fix VTB migration (2017-11-22 15:28:37 +1100)


ppc patch queue 2017-11-22

Several more fixes to merge for qemu-2.11.


David Gibson (1):
  spapr: Implement bug in spapr-vty device to be compatible with PowerVM

Laurent Vivier (1):
  ppc: fix VTB migration

Thomas Huth (1):
  hw/ppc/spapr: Fix virtio-scsi bootindex handling for LUNs >= 256

 hw/char/spapr_vty.c | 18 ++
 hw/ppc/spapr.c  |  4 
 target/ppc/translate_init.c |  4 ++--
 3 files changed, 24 insertions(+), 2 deletions(-)

[Qemu-devel] [PULL 1/3] hw/ppc/spapr: Fix virtio-scsi bootindex handling for LUNs >= 256

2017-11-21 Thread David Gibson 
From: Thomas Huth 

LUNs >= 256 have to be encoded with the so-called "flat space
addressing method" for virtio-scsi, where an additional bit has to
be set. SLOF already took care of this with the following commit:

 https://git.qemu.org/?p=SLOF.git;a=commitdiff;h=f72a37713fea47da
 (see https://bugzilla.redhat.com/show_bug.cgi?id=1431584 for details)

But QEMU does not use this encoding yet for device tree paths
that have to be handed over to SLOF to deal with the "bootindex"
property, so SLOF currently fails to boot from virtio-scsi devices
with LUNs >= 256 in the right boot order. Fix it by using the bit
to indicate the "flat space addressing method" for LUNs >= 256.

Signed-off-by: Thomas Huth 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 6285f7211f..4d0a84f3ec 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2663,6 +2663,10 @@ static char *spapr_get_fw_dev_path(FWPathProvider *p, 
BusState *bus,
  * swap 0100 or 10 << or 20 << ( target lun-id -- srplun )
  */
 unsigned id = 0x100 | (d->id << 16) | d->lun;
+if (d->lun >= 256) {
+/* Use the LUN "flat space addressing method" */
+id |= 0x4000;
+}
 return g_strdup_printf("%s@%"PRIX64, qdev_fw_name(dev),
(uint64_t)id << 32);
 } else if (usb) {
-- 
2.14.3

Re: [Qemu-devel] [PATCH 08/12] e500: add mpc8540 i2c controller to ccsr

2017-11-21 Thread David Gibson 
On Sun, Nov 19, 2017 at 09:24:16PM -0600, Michael Davidsaver wrote:
> Signed-off-by: Michael Davidsaver 

You're adding what seems to be a fairly specific device to the general
e500 init - this again suggests that it should be split, putting
creation of devices under control of individual machines.

> ---
>  hw/ppc/e500.c | 8 
>  1 file changed, 8 insertions(+)
> 
> diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
> index 6f77844303..bef7d313d4 100644
> --- a/hw/ppc/e500.c
> +++ b/hw/ppc/e500.c
> @@ -861,6 +861,14 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  qdev_init_nofail(dev);
>  ccsr_addr_space = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0);
>  
> +dev = qdev_create(NULL, "mpc8540-i2c");
> +object_property_add_child(qdev_get_machine(), "i2c[*]",
> +  OBJECT(dev), NULL);
> +qdev_init_nofail(dev);
> +s = SYS_BUS_DEVICE(dev);
> +memory_region_add_subregion(ccsr_addr_space, 0x3000,
> +sysbus_mmio_get_region(s, 0));
> +
>  mpicdev = ppce500_init_mpic(machine, params, ccsr_addr_space, irqs);
>  
>  /* Serial */

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 09/12] nvram: add AT24Cx i2c eeprom

2017-11-21 Thread David Gibson 
On Sun, Nov 19, 2017 at 09:24:17PM -0600, Michael Davidsaver wrote:
> Signed-off-by: Michael Davidsaver 

Applied to ppc-for-2.12.

> ---
>  hw/nvram/Makefile.objs  |   1 +
>  hw/nvram/eeprom_at24c.c | 205 
> 
>  2 files changed, 206 insertions(+)
>  create mode 100644 hw/nvram/eeprom_at24c.c
> 
> diff --git a/hw/nvram/Makefile.objs b/hw/nvram/Makefile.objs
> index c018f6b2ff..0f4ee71dcb 100644
> --- a/hw/nvram/Makefile.objs
> +++ b/hw/nvram/Makefile.objs
> @@ -1,5 +1,6 @@
>  common-obj-$(CONFIG_DS1225Y) += ds1225y.o
>  common-obj-y += eeprom93xx.o
> +common-obj-y += eeprom_at24c.o
>  common-obj-y += fw_cfg.o
>  common-obj-y += chrp_nvram.o
>  common-obj-$(CONFIG_MAC_NVRAM) += mac_nvram.o
> diff --git a/hw/nvram/eeprom_at24c.c b/hw/nvram/eeprom_at24c.c
> new file mode 100644
> index 00..efa3621ac6
> --- /dev/null
> +++ b/hw/nvram/eeprom_at24c.c
> @@ -0,0 +1,205 @@
> +/*
> + * *AT24C* series I2C EEPROM
> + *
> + * Copyright (c) 2015 Michael Davidsaver
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2.  See
> + * the LICENSE file in the top-level directory.
> + */
> +
> +#include 
> +
> +#include "qemu/osdep.h"
> +#include "qapi/error.h"
> +#include "hw/hw.h"
> +#include "hw/i2c/i2c.h"
> +#include "sysemu/block-backend.h"
> +
> +/* #define DEBUG_AT24C */
> +
> +#ifdef DEBUG_AT24C
> +#define DPRINTK(FMT, ...) printf(TYPE_AT24C_EE " : " FMT, ## __VA_ARGS__)
> +#else
> +#define DPRINTK(FMT, ...) do {} while (0)
> +#endif
> +
> +#define ERR(FMT, ...) fprintf(stderr, TYPE_AT24C_EE " : " FMT, \
> +## __VA_ARGS__)
> +
> +#define TYPE_AT24C_EE "at24c-eeprom"
> +#define AT24C_EE(obj) OBJECT_CHECK(EEPROMState, (obj), TYPE_AT24C_EE)
> +
> +typedef struct EEPROMState {
> +I2CSlave parent_obj;
> +
> +/* address counter */
> +uint16_t cur;
> +/* total size in bytes */
> +uint32_t rsize;
> +bool writable;
> +/* cells changed since last START? */
> +bool changed;
> +/* during WRITE, # of address bytes transfered */
> +uint8_t haveaddr;
> +
> +uint8_t *mem;
> +
> +BlockBackend *blk;
> +} EEPROMState;
> +
> +static
> +int at24c_eeprom_event(I2CSlave *s, enum i2c_event event)
> +{
> +EEPROMState *ee = container_of(s, EEPROMState, parent_obj);
> +
> +switch (event) {
> +case I2C_START_SEND:
> +case I2C_START_RECV:
> +case I2C_FINISH:
> +ee->haveaddr = 0;
> +DPRINTK("clear\n");
> +if (ee->blk && ee->changed) {
> +int len = blk_pwrite(ee->blk, 0, ee->mem, ee->rsize, 0);
> +if (len != ee->rsize) {
> +ERR(TYPE_AT24C_EE
> +" : failed to write backing file\n");
> +}
> +DPRINTK("Wrote to backing file\n");
> +}
> +ee->changed = false;
> +break;
> +case I2C_NACK:
> +break;
> +}
> +return 0;
> +}
> +
> +static
> +int at24c_eeprom_recv(I2CSlave *s)
> +{
> +EEPROMState *ee = AT24C_EE(s);
> +int ret;
> +
> +ret = ee->mem[ee->cur];
> +
> +ee->cur = (ee->cur + 1u) % ee->rsize;
> +DPRINTK("Recv %02x %c\n", ret, ret);
> +
> +return ret;
> +}
> +
> +static
> +int at24c_eeprom_send(I2CSlave *s, uint8_t data)
> +{
> +EEPROMState *ee = AT24C_EE(s);
> +
> +if (ee->haveaddr < 2) {
> +ee->cur <<= 8;
> +ee->cur |= data;
> +ee->haveaddr++;
> +if (ee->haveaddr == 2) {
> +ee->cur %= ee->rsize;
> +DPRINTK("Set pointer %04x\n", ee->cur);
> +}
> +
> +} else {
> +if (ee->writable) {
> +DPRINTK("Send %02x\n", data);
> +ee->mem[ee->cur] = data;
> +ee->changed = true;
> +} else {
> +DPRINTK("Send error %02x read-only\n", data);
> +}
> +ee->cur = (ee->cur + 1u) % ee->rsize;
> +
> +}
> +
> +return 0;
> +}
> +
> +static
> +int at24c_eeprom_init(I2CSlave *i2c)
> +{
> +EEPROMState *ee = AT24C_EE(i2c);
> +
> +ee->mem = g_malloc0(ee->rsize);
> +
> +if (ee->blk) {
> +int64_t len = blk_getlength(ee->blk);
> +
> +if (len != ee->rsize) {
> +ERR(TYPE_AT24C_EE " : Backing file size %lu != %u\n",
> +(unsigned long)len, (unsigned)ee->rsize);
> +exit(1);
> +}
> +
> +if (blk_set_perm(ee->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
> + BLK_PERM_ALL, _fatal) < 0)
> +{
> +ERR(TYPE_AT24C_EE
> +" : Backing file incorrect permission\n");
> +exit(1);
> +}
> +}
> +return 0;
> +}
> +
> +static
> +void at24c_eeprom_reset(DeviceState *state)
> +{
> +EEPROMState *ee = AT24C_EE(state);
> +
> +ee->changed = false;
> +ee->cur = 0;
> +ee->haveaddr = 0;
> +
> +memset(ee->mem, 0, ee->rsize);
> +
> +if (ee->blk) {
> +int len = blk_pread(ee->blk, 0,

Re: [Qemu-devel] [PATCH 00/12] Add MVME3100 PPC SBC

2017-11-21 Thread David Gibson 
On Sun, Nov 19, 2017 at 09:24:08PM -0600, Michael Davidsaver wrote:
> This series adds simulation of MVME3100 powerpc SBCs, originally from 
> Motorola,
> and now sold by Artesyn[1].  There are two variants differing in CPU
> speed and memory size.
> 
> I've been working on this sporadically for the past 2 year.  Recently I've
> finished all the features which I have in mind.  If this series is accepted
> there is a continuation which adds VME bus.  I've found it
> useful in software compatibility testing.  I wonder if there is
> any interest at large?
> 
> 
> There are two main parts of this series.  1-5 are changing code common
> with the "ppce500" and "mpc8544ds" boards, with the remainder being
> additions.
> 
> The changes are to how the CCSR region is handled in order to support
> the CCSRBAR register which allows the whole region to be relocated.
> Also added are a couple of memory and clock configuration registers
> which RTEMS guests read.
> 
> #3 is actually a minor issue I found recently with the mpc8544 PCI host 
> bridge,
> which I'm uncertain how to address.  The host bridge device 0:0 identifies
> itself as a bridge, but doesn't properly implement the bridge config 
> registers.
> This confuses Linux, which then does a full re-enumeration (successfully).
> 
> The rest are additions of an I2C controller, an I2C eeprom, an I2C RTC,
> and new board code.
> 
> My testing has been almost exclusively with an RTEMS guest[2].
> Though I have recently done a little with Linux.
> 
> RTEMS guests (and Linux too for now) require a stub bootloader[3] to
> put the system in the same state as the real bootloader.
> RTEMS has an unfortunately strong dependence on bootloader
> provided configuration (eg. it doesn't re-enumerate the PCI bus).

I've applied several patches from this series to ppc-for-2.12, others
I've commented on.  If you could address the comments and rebase
what's left on ppc-for-2.12, that would be great.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 01/12] e500: add board config options

2017-11-21 Thread David Gibson 
On Sun, Nov 19, 2017 at 09:24:09PM -0600, Michael Davidsaver wrote:
> allow board code to skip common NIC and guest image setup
> and configure decrementor frequency.
> Existing boards unchanged.
> 
> Signed-off-by: Michael Davidsaver 

So, it's spelled "decrementer".

Other than that, the patch looks correct.  However having a big common
function for overall init with a pile of ad-hoc configuration
parameters is usually not a great way to go.  I think what we want
instead is to eliminate ppce500_init(), instead doing the setup logic
separately in each of the e500 machines.   The large common slabs of
code can be helpers in e500.c, but the overall logic - including most
of the things controlled by the current params - would be under the
individual machine's control.

> ---
>  hw/ppc/e500.c  | 8 ++--
>  hw/ppc/e500.h  | 3 +++
>  hw/ppc/e500plat.c  | 1 +
>  hw/ppc/mpc8544ds.c | 1 +
>  4 files changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
> index 5cf0dabef3..9e7e1b29c4 100644
> --- a/hw/ppc/e500.c
> +++ b/hw/ppc/e500.c
> @@ -826,7 +826,7 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  env->mpic_iack = params->ccsrbar_base +
>   MPC8544_MPIC_REGS_OFFSET + 0xa0;
>  
> -ppc_booke_timers_init(cpu, 4, PPC_TIMER_E500);
> +ppc_booke_timers_init(cpu, params->decrementor_freq, PPC_TIMER_E500);
>  
>  /* Register reset handler */
>  if (!i) {
> @@ -899,7 +899,7 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  if (!pci_bus)
>  printf("couldn't create PCI controller!\n");
>  
> -if (pci_bus) {
> +if (pci_bus && !params->tsec_nic) {
>  /* Register network interfaces. */
>  for (i = 0; i < nb_nics; i++) {
>  pci_nic_init_nofail(_table[i], pci_bus, "virtio", NULL);
> @@ -948,6 +948,10 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  sysbus_mmio_get_region(s, 0));
>  }
>  
> +if (params->skip_load) {
> +return;
> +}
> +
>  /* Load kernel. */
>  if (machine->kernel_filename) {
>  kernel_base = cur_base;
> diff --git a/hw/ppc/e500.h b/hw/ppc/e500.h
> index 70ba1d8f4f..40f72f2de2 100644
> --- a/hw/ppc/e500.h
> +++ b/hw/ppc/e500.h
> @@ -22,6 +22,9 @@ typedef struct PPCE500Params {
>  hwaddr pci_mmio_base;
>  hwaddr pci_mmio_bus_base;
>  hwaddr spin_base;
> +uint32_t decrementor_freq; /* in Hz */
> +bool skip_load;
> +bool tsec_nic;
>  } PPCE500Params;
>  
>  void ppce500_init(MachineState *machine, PPCE500Params *params);
> diff --git a/hw/ppc/e500plat.c b/hw/ppc/e500plat.c
> index e59e80fb9e..3d07987bd1 100644
> --- a/hw/ppc/e500plat.c
> +++ b/hw/ppc/e500plat.c
> @@ -47,6 +47,7 @@ static void e500plat_init(MachineState *machine)
>  .pci_mmio_base = 0xCULL,
>  .pci_mmio_bus_base = 0xE000ULL,
>  .spin_base = 0xFEF00ULL,
> +.decrementor_freq = 4,
>  };
>  
>  /* Older KVM versions don't support EPR which breaks guests when we 
> announce
> diff --git a/hw/ppc/mpc8544ds.c b/hw/ppc/mpc8544ds.c
> index 1717953ec7..6d9931c475 100644
> --- a/hw/ppc/mpc8544ds.c
> +++ b/hw/ppc/mpc8544ds.c
> @@ -40,6 +40,7 @@ static void mpc8544ds_init(MachineState *machine)
>  .pci_mmio_bus_base = 0xC000ULL,
>  .pci_pio_base = 0xE100ULL,
>  .spin_base = 0xEF00ULL,
> +.decrementor_freq = 4,
>  };
>  
>  if (machine->ram_size > 0xc000) {

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 06/12] i2c: add mpc8540 i2c controller

2017-11-21 Thread David Gibson 
On Sun, Nov 19, 2017 at 09:24:14PM -0600, Michael Davidsaver wrote:
> Signed-off-by: Michael Davidsaver 

I can't speak to the accuracy of the emulation, but it's presumably
better than nothing at all.  Therefore, applied to ppc-for-2.12.

> ---
>  hw/i2c/Makefile.objs |   1 +
>  hw/i2c/mpc8540_i2c.c | 287 
> +++
>  2 files changed, 288 insertions(+)
>  create mode 100644 hw/i2c/mpc8540_i2c.c
> 
> diff --git a/hw/i2c/Makefile.objs b/hw/i2c/Makefile.objs
> index 0594dea3ae..79af1dd901 100644
> --- a/hw/i2c/Makefile.objs
> +++ b/hw/i2c/Makefile.objs
> @@ -9,3 +9,4 @@ common-obj-$(CONFIG_IMX_I2C) += imx_i2c.o
>  common-obj-$(CONFIG_ASPEED_SOC) += aspeed_i2c.o
>  obj-$(CONFIG_OMAP) += omap_i2c.o
>  obj-$(CONFIG_PPC4XX) += ppc4xx_i2c.o
> +obj-$(CONFIG_E500) += mpc8540_i2c.o
> diff --git a/hw/i2c/mpc8540_i2c.c b/hw/i2c/mpc8540_i2c.c
> new file mode 100644
> index 00..884052cc9b
> --- /dev/null
> +++ b/hw/i2c/mpc8540_i2c.c
> @@ -0,0 +1,287 @@
> +/*
> + * MPC8540 I2C bus interface
> + * As described in
> + * MPC8540 PowerQUICC III Integrated Host Processor Reference Manual, Rev. 1
> + * Part 2 chapter 11
> + *
> + * Copyright (c) 2015 Michael Davidsaver
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2.  See
> + * the LICENSE file in the top-level directory.
> + */
> +#include "qemu/osdep.h"
> +#include "qemu/log.h"
> +#include "hw/hw.h"
> +#include "hw/registerfields.h"
> +#include "hw/i2c/i2c.h"
> +#include "hw/sysbus.h"
> +
> +/* #define DEBUG_LVL 0 */
> +
> +#ifdef DEBUG_LVL
> +#define DPRINTK(LVL, FMT, ...) do { if ((LVL) <= DEBUG_LVL) { \
> +printf(TYPE_MPC8540_I2C " : " FMT, ## __VA_ARGS__); } } while (0)
> +#else
> +#define DPRINTK(LVL, FMT, ...) do {} while (0)
> +#endif
> +
> +#define LOG(MSK, FMT, ...) qemu_log_mask(MSK, TYPE_MPC8540_I2C \
> +" : " FMT, ## __VA_ARGS__)
> +
> +#define TYPE_MPC8540_I2C "mpc8540-i2c"
> +#define MPC8540_I2C(obj) OBJECT_CHECK(I2CState, (obj), TYPE_MPC8540_I2C)
> +
> +/* offsets relative to CCSR offset 0x3000 */
> +#define R_I2CADR (0)
> +#define R_I2CFDR (4)
> +#define R_I2CCR  (8)
> +#define R_I2CSR  (0xc)
> +#define R_I2CDR  (0x10)
> +#define R_I2CDFSRR (0x14)
> +
> +FIELD(I2CCR, MEN, 7, 1)
> +FIELD(I2CCR, MIEN, 6, 1)
> +FIELD(I2CCR, MSTA, 5, 1)
> +FIELD(I2CCR, MTX, 4, 1)
> +FIELD(I2CCR, TXAK, 3, 1)
> +FIELD(I2CCR, RSTA, 2, 1)
> +FIELD(I2CCR, BCST, 0, 1)
> +
> +FIELD(I2CSR, MCF, 7, 1)
> +FIELD(I2CSR, MAAS, 6, 1)
> +FIELD(I2CSR, MBB, 5, 1)
> +FIELD(I2CSR, MAL, 4, 1)
> +FIELD(I2CSR, BCSTM, 3, 1)
> +FIELD(I2CSR, SRW, 2, 1)
> +FIELD(I2CSR, MIF, 1, 1)
> +FIELD(I2CSR, RXAK, 0, 1)
> +
> +typedef struct I2CState {
> +SysBusDevice parent_obj;
> +
> +I2CBus *bus;
> +
> +uint8_t ctrl, sts;
> +uint8_t freq, filt;
> +/* Reads are pipelined, this is the next data value */
> +uint8_t dbuf;
> +
> +qemu_irq irq;
> +
> +MemoryRegion mmio;
> +} I2CState;
> +
> +#define I2CCR(BIT) FIELD_EX32(i2c->ctrl, I2CCR, BIT)
> +#define I2CSR(BIT) FIELD_EX32(i2c->sts, I2CSR, BIT)
> +
> +#define I2CSR_SET(BIT, VAL) do {\
> +i2c->sts = FIELD_DP32(i2c->sts, I2CSR, BIT, VAL);\
> +} while (0)
> +
> +static
> +void mpc8540_update_irq(I2CState *i2c)
> +{
> +int ena = i2c->ctrl & 0x40,
> +sts = i2c->sts & 0x02,
> +act = !!(ena && sts);
> +
> +DPRINTK(1, "IRQ %c ena %c sts %c\n",
> +act ? 'X' : '_',
> +ena ? 'X' : '_',
> +sts ? 'X' : '_');
> +
> +qemu_set_irq(i2c->irq, act);
> +}
> +
> +static
> +uint64_t mpc8540_i2c_read(void *opaque, hwaddr addr, unsigned size)
> +{
> +I2CState *i2c = opaque;
> +uint32_t val, offset = addr;
> +
> +switch (offset) {
> +case R_I2CADR: /* ADDR */
> +val = 0;
> +break;
> +case R_I2CFDR: /* Freq Div. */
> +val = i2c->freq;
> +break;
> +case R_I2CCR: /* CONTROL */
> +val = i2c->ctrl & ~0x06;
> +break;
> +case R_I2CSR: /* STATUS */
> +val = i2c->sts;
> +break;
> +case R_I2CDR: /* DATA */
> +/* Reads are "pipelined" and so return the previous value of the
> + * register
> + */
> +val = i2c->dbuf;
> +if (I2CCR(MEN) && I2CSR(MBB)) { /* enabled and busy */
> +if (!i2c_bus_busy(i2c->bus) || I2CCR(MTX)) {
> +LOG(LOG_GUEST_ERROR, "Read during addr or tx\n");
> +i2c->dbuf = 0xff;
> +} else {
> +int ret = i2c_recv(i2c->bus);
> +i2c->dbuf = (uint8_t)ret;
> +DPRINTK(0, "READ %02x ('%c')\n", i2c->dbuf, (char)i2c->dbuf);
> +I2CSR_SET(MIF, 1);
> +I2CSR_SET(RXAK, 0);
> +mpc8540_update_irq(i2c);
> +}
> +} else {
> +i2c->dbuf = 0xff;
> +LOG(LOG_GUEST_ERROR, "Read when not enabled or busy\n");
> +}
> +break;
> +case R_I2CDFSRR: /* FILTER

Re: [Qemu-devel] [PATCH 02/12] e500: consolidate mpc8540 guts with e500-ccsr

2017-11-21 Thread David Gibson 
On Sun, Nov 19, 2017 at 09:24:10PM -0600, Michael Davidsaver wrote:
> Preparation for adding more MPC control
> registers.
> 
> Use e500 SVR to enable part specific registers.
> Only the mpc8544 reset register at present.
> 
> Expose CCSR as SysBusDevice region to eliminate
> e500-ccsr.h.
> 
> Track CCSR base address within device, and map on reset,
> in preparation for CCSRBAR.
> 
> Signed-off-by: Michael Davidsaver 

Applied to ppc-for-2.12.

> ---
>  hw/pci-host/ppce500.c |  10 ++--
>  hw/ppc/Makefile.objs  |   3 +-
>  hw/ppc/e500-ccsr.h|  17 --
>  hw/ppc/e500.c |  37 +---
>  hw/ppc/e500_ccsr.c| 152 
> ++
>  hw/ppc/mpc8544_guts.c | 143 ---
>  6 files changed, 162 insertions(+), 200 deletions(-)
>  delete mode 100644 hw/ppc/e500-ccsr.h
>  create mode 100644 hw/ppc/e500_ccsr.c
>  delete mode 100644 hw/ppc/mpc8544_guts.c
> 
> diff --git a/hw/pci-host/ppce500.c b/hw/pci-host/ppce500.c
> index 39cd24464d..f2d108bc8a 100644
> --- a/hw/pci-host/ppce500.c
> +++ b/hw/pci-host/ppce500.c
> @@ -16,7 +16,6 @@
>  
>  #include "qemu/osdep.h"
>  #include "hw/hw.h"
> -#include "hw/ppc/e500-ccsr.h"
>  #include "hw/pci/pci.h"
>  #include "hw/pci/pci_host.h"
>  #include "qemu/bswap.h"
> @@ -420,16 +419,17 @@ static const VMStateDescription vmstate_ppce500_pci = {
>  static void e500_pcihost_bridge_realize(PCIDevice *d, Error **errp)
>  {
>  PPCE500PCIBridgeState *b = PPC_E500_PCI_BRIDGE(d);
> -PPCE500CCSRState *ccsr = CCSR(container_get(qdev_get_machine(),
> -  "/e500-ccsr"));
> +SysBusDevice *ccsr = SYS_BUS_DEVICE(container_get(qdev_get_machine(),
> +  "/e500-ccsr"));
> +MemoryRegion *ccsr_mr = sysbus_mmio_get_region(ccsr, 0);
>  
>  pci_config_set_class(d->config, PCI_CLASS_BRIDGE_PCI);
>  d->config[PCI_HEADER_TYPE] =
>  (d->config[PCI_HEADER_TYPE] & PCI_HEADER_TYPE_MULTI_FUNCTION) |
>  PCI_HEADER_TYPE_BRIDGE;
>  
> -memory_region_init_alias(>bar0, OBJECT(ccsr), "e500-pci-bar0", 
> >ccsr_space,
> - 0, int128_get64(ccsr->ccsr_space.size));
> +memory_region_init_alias(>bar0, OBJECT(ccsr), "e500-pci-bar0", 
> ccsr_mr,
> + 0, memory_region_size(ccsr_mr));
>  pci_register_bar(d, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, >bar0);
>  }
>  
> diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
> index 7efc686748..c1a63d0c39 100644
> --- a/hw/ppc/Makefile.objs
> +++ b/hw/ppc/Makefile.objs
> @@ -24,6 +24,7 @@ obj-$(CONFIG_MAC) += mac_oldworld.o
>  obj-$(CONFIG_MAC) += mac_newworld.o
>  # e500
>  obj-$(CONFIG_E500) += e500.o mpc8544ds.o e500plat.o
> -obj-$(CONFIG_E500) += mpc8544_guts.o ppce500_spin.o
> +obj-$(CONFIG_E500) += ppce500_spin.o
> +obj-$(CONFIG_E500) += e500_ccsr.o
>  # PowerPC 440 Xilinx ML507 reference board.
>  obj-$(CONFIG_XILINX) += virtex_ml507.o
> diff --git a/hw/ppc/e500-ccsr.h b/hw/ppc/e500-ccsr.h
> deleted file mode 100644
> index 12a2ba4b97..00
> --- a/hw/ppc/e500-ccsr.h
> +++ /dev/null
> @@ -1,17 +0,0 @@
> -#ifndef E500_CCSR_H
> -#define E500_CCSR_H
> -
> -#include "hw/sysbus.h"
> -
> -typedef struct PPCE500CCSRState {
> -/*< private >*/
> -SysBusDevice parent;
> -/*< public >*/
> -
> -MemoryRegion ccsr_space;
> -} PPCE500CCSRState;
> -
> -#define TYPE_CCSR "e500-ccsr"
> -#define CCSR(obj) OBJECT_CHECK(PPCE500CCSRState, (obj), TYPE_CCSR)
> -
> -#endif /* E500_CCSR_H */
> diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
> index 9e7e1b29c4..474a46a985 100644
> --- a/hw/ppc/e500.c
> +++ b/hw/ppc/e500.c
> @@ -15,10 +15,10 @@
>   */
>  
>  #include "qemu/osdep.h"
> +#include "qemu/log.h"
>  #include "qapi/error.h"
>  #include "qemu-common.h"
>  #include "e500.h"
> -#include "e500-ccsr.h"
>  #include "net/net.h"
>  #include "qemu/config-file.h"
>  #include "hw/hw.h"
> @@ -795,7 +795,6 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  CPUPPCState *firstenv = NULL;
>  MemoryRegion *ccsr_addr_space;
>  SysBusDevice *s;
> -PPCE500CCSRState *ccsr;
>  
>  irqs = g_malloc0(smp_cpus * sizeof(qemu_irq *));
>  irqs[0] = g_malloc0(smp_cpus * sizeof(qemu_irq) * OPENPIC_OUTPUT_NB);
> @@ -854,11 +853,9 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  dev = qdev_create(NULL, "e500-ccsr");
>  object_property_add_child(qdev_get_machine(), "e500-ccsr",
>OBJECT(dev), NULL);
> +qdev_prop_set_uint32(dev, "base", params->ccsrbar_base);
>  qdev_init_nofail(dev);
> -ccsr = CCSR(dev);
> -ccsr_addr_space = >ccsr_space;
> -memory_region_add_subregion(address_space_mem, params->ccsrbar_base,
> -ccsr_addr_space);
> +ccsr_addr_space = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0);
>  
>  mpicdev = ppce500_init_mpic(machine,

Re: [Qemu-devel] [PATCH 04/12] e500: additional CCSR registers

2017-11-21 Thread David Gibson 
On Sun, Nov 19, 2017 at 09:24:12PM -0600, Michael Davidsaver wrote:
> Add CCSRBAR to allow CCSR region to be relocated.
> Guest memory size introspection.
> Dummy RAM error controls.
> Guest clock introspection.
> 
> Signed-off-by: Michael Davidsaver 

Looks fine from the POV of someone who doesn't know details about
e500.

Reviewed-by: David Gibson 

> ---
>  hw/ppc/e500.c  |  2 ++
>  hw/ppc/e500.h  |  1 +
>  hw/ppc/e500_ccsr.c | 72 
> --
>  hw/ppc/e500plat.c  |  1 +
>  hw/ppc/mpc8544ds.c |  1 +
>  5 files changed, 75 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
> index 474a46a985..057be1751b 100644
> --- a/hw/ppc/e500.c
> +++ b/hw/ppc/e500.c
> @@ -853,7 +853,9 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  dev = qdev_create(NULL, "e500-ccsr");
>  object_property_add_child(qdev_get_machine(), "e500-ccsr",
>OBJECT(dev), NULL);
> +qdev_prop_set_uint32(dev, "porpllsr", params->porpllsr);
>  qdev_prop_set_uint32(dev, "base", params->ccsrbar_base);
> +qdev_prop_set_uint32(dev, "ram-size", ram_size);
>  qdev_init_nofail(dev);
>  ccsr_addr_space = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0);
>  
> diff --git a/hw/ppc/e500.h b/hw/ppc/e500.h
> index 40f72f2de2..1f39095dfa 100644
> --- a/hw/ppc/e500.h
> +++ b/hw/ppc/e500.h
> @@ -22,6 +22,7 @@ typedef struct PPCE500Params {
>  hwaddr pci_mmio_base;
>  hwaddr pci_mmio_bus_base;
>  hwaddr spin_base;
> +uint32_t porpllsr; /* value of PORPLLSR register */
>  uint32_t decrementor_freq; /* in Hz */
>  bool skip_load;
>  bool tsec_nic;
> diff --git a/hw/ppc/e500_ccsr.c b/hw/ppc/e500_ccsr.c
> index 1b586c3f42..c58b17f06b 100644
> --- a/hw/ppc/e500_ccsr.c
> +++ b/hw/ppc/e500_ccsr.c
> @@ -31,6 +31,16 @@
>  
>  /* E500_ denotes registers common to all */
>  
> +#define E500_CCSRBAR (0)
> +
> +#define E500_CS0_BNDS(0x2000)
> +
> +#define E500_CS0_CONFIG  (0x2080)
> +
> +#define E500_ERR_DETECT  (0x2e40)
> +#define E500_ERR_DISABLE (0x2e44)
> +
> +#define E500_PORPLLSR(0xE)
>  #define E500_PVR (0xE00A0)
>  #define E500_SVR (0xE00A4)
>  
> @@ -44,7 +54,11 @@ typedef struct {
>  
>  MemoryRegion iomem;
>  
> -uint32_t defbase;
> +uint32_t defbase, base;
> +uint32_t ram_size;
> +uint32_t merrd;
> +
> +uint32_t porpllsr;
>  } CCSRState;
>  
>  #define TYPE_E500_CCSR "e500-ccsr"
> @@ -53,10 +67,28 @@ typedef struct {
>  static uint64_t e500_ccsr_read(void *opaque, hwaddr addr,
>unsigned size)
>  {
> +CCSRState *ccsr = opaque;
>  PowerPCCPU *cpu = POWERPC_CPU(current_cpu);
>  CPUPPCState *env = >env;
>  
>  switch (addr) {
> +case E500_CCSRBAR:
> +return ccsr->base >> 12;
> +case E500_CS0_BNDS:
> +/* we model all RAM in a single chip with addresses [0, ram_size) */
> +return (ccsr->ram_size - 1) >> 24;
> +case E500_CS0_CONFIG:
> +return 1 << 31;
> +case E500_ERR_DETECT:
> +return 0; /* (errors not modeled) */
> +case E500_ERR_DISABLE:
> +return ccsr->merrd;
> +case E500_PORPLLSR:
> +if (!ccsr->porpllsr) {
> +qemu_log_mask(LOG_UNIMP,
> +  "Machine does not provide valid PORPLLSR\n");
> +}
> +return ccsr->porpllsr;
>  case E500_PVR:
>  return env->spr[SPR_PVR];
>  case E500_SVR:
> @@ -72,10 +104,22 @@ static uint64_t e500_ccsr_read(void *opaque, hwaddr addr,
>  static void e500_ccsr_write(void *opaque, hwaddr addr,
> uint64_t value, unsigned size)
>  {
> +CCSRState *ccsr = opaque;
>  PowerPCCPU *cpu = POWERPC_CPU(current_cpu);
>  CPUPPCState *env = >env;
>  uint32_t svr = env->spr[SPR_E500_SVR] >> 16;
>  
> +switch (addr) {
> +case E500_CCSRBAR:
> +value &= 0x000fff00;
> +ccsr->base = value << 12;
> +sysbus_mmio_map(SYS_BUS_DEVICE(ccsr), 0, ccsr->base);
> +return;
> +case E500_ERR_DISABLE:
> +ccsr->merrd = value & 0xd;
> +return;
> +}
> +
>  switch (svr) {
>  case 0: /* generic.  assumed to be mpc8544ds or e500plat board */
>  case 0x8034: /* mpc8544 */
> @@ -104,11 +148,20 @@ static const MemoryRegionOps e500_ccsr_ops = {
>  }
>  };
>  
> +static int e500_ccsr_post_load(void *opaque, int version_id)
> +{
> +CCSRState *ccsr = opaque;
> +
> +sysbus_mmio_map(SYS_BUS_DEVICE(ccsr), 0, ccsr->base);
> +return 0;
> +}
> +
>  static void e500_ccsr_reset(DeviceState *dev)
>  {
>  CCSRState *ccsr = E500_CCSR(dev);
>  
> -sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, ccsr->defbase);
> +ccsr->base = ccsr->defbase;
> +e500_ccsr_post_load(ccsr, 1);
>  }
>  
>  static void e500_ccsr_initfn(Object *obj)
> @@ -123,15 +176,30 @@ static void

Re: [Qemu-devel] [PATCH 05/12] e500: name openpic and pci host bridge

2017-11-21 Thread David Gibson 
On Sun, Nov 19, 2017 at 09:24:13PM -0600, Michael Davidsaver wrote:
> Signed-off-by: Michael Davidsaver 

Applied to ppc-for-2.12.

> ---
>  hw/ppc/e500.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
> index 057be1751b..6f77844303 100644
> --- a/hw/ppc/e500.c
> +++ b/hw/ppc/e500.c
> @@ -685,6 +685,8 @@ static DeviceState *ppce500_init_mpic_qemu(PPCE500Params 
> *params,
>  int i, j, k;
>  
>  dev = qdev_create(NULL, TYPE_OPENPIC);
> +object_property_add_child(qdev_get_machine(), "pic", OBJECT(dev),
> +  _fatal);
>  qdev_prop_set_uint32(dev, "model", params->mpic_version);
>  qdev_prop_set_uint32(dev, "nb_cpus", smp_cpus);
>  
> @@ -876,6 +878,8 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  
>  /* PCI */
>  dev = qdev_create(NULL, "e500-pcihost");
> +object_property_add_child(qdev_get_machine(), "pci-host", OBJECT(dev),
> +  _abort);
>  qdev_prop_set_uint32(dev, "first_slot", params->pci_first_slot);
>  qdev_prop_set_uint32(dev, "first_pin_irq", pci_irq_nrs[0]);
>  qdev_init_nofail(dev);

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 03/12] e500: note possible bug with host bridge

2017-11-21 Thread David Gibson 
On Sun, Nov 19, 2017 at 09:24:11PM -0600, Michael Davidsaver wrote:
> Signed-off-by: Michael Davidsaver 

I'm not sure if you're saying you think there is a hardware bug which
we're faithfully emulating, or a software bug.

> ---
>  hw/pci-host/ppce500.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/hw/pci-host/ppce500.c b/hw/pci-host/ppce500.c
> index f2d108bc8a..0e2833bd98 100644
> --- a/hw/pci-host/ppce500.c
> +++ b/hw/pci-host/ppce500.c
> @@ -424,6 +424,9 @@ static void e500_pcihost_bridge_realize(PCIDevice *d, 
> Error **errp)
>  MemoryRegion *ccsr_mr = sysbus_mmio_get_region(ccsr, 0);
>  
>  pci_config_set_class(d->config, PCI_CLASS_BRIDGE_PCI);
> +/* BUG? identifies as PCI_HEADER_TYPE_BRIDGE but uses
> + * standard device config read/write
> + */
>  d->config[PCI_HEADER_TYPE] =
>  (d->config[PCI_HEADER_TYPE] & PCI_HEADER_TYPE_MULTI_FUNCTION) |
>  PCI_HEADER_TYPE_BRIDGE;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 10/12] timer: add ds1375 RTC

2017-11-21 Thread David Gibson 
On Sun, Nov 19, 2017 at 09:24:18PM -0600, Michael Davidsaver wrote:
> only basic functionality implemented (read time and sram).
> no set time or alarms.
> 
> Signed-off-by: Michael Davidsaver 

I know there about a zillion different Dallas/Maxim sram/rtc chips,
many of which have a lot of similarities.  Is it possible to share any
code with the existing hw/timer/ds1338.c?

> ---
>  default-configs/ppc-softmmu.mak |   1 +
>  hw/timer/Makefile.objs  |   1 +
>  hw/timer/ds1375-i2c.c   | 293 
> 
>  3 files changed, 295 insertions(+)
>  create mode 100644 hw/timer/ds1375-i2c.c
> 
> diff --git a/default-configs/ppc-softmmu.mak b/default-configs/ppc-softmmu.mak
> index bb225c6e46..04bfa79154 100644
> --- a/default-configs/ppc-softmmu.mak
> +++ b/default-configs/ppc-softmmu.mak
> @@ -52,3 +52,4 @@ CONFIG_SERIAL_ISA=y
>  CONFIG_MC146818RTC=y
>  CONFIG_ISA_TESTDEV=y
>  CONFIG_RS6000_MC=y
> +CONFIG_DS1375=y
> diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
> index 8c19eac3b6..6521d47367 100644
> --- a/hw/timer/Makefile.objs
> +++ b/hw/timer/Makefile.objs
> @@ -4,6 +4,7 @@ common-obj-$(CONFIG_ARM_V7M) += armv7m_systick.o
>  common-obj-$(CONFIG_A9_GTIMER) += a9gtimer.o
>  common-obj-$(CONFIG_CADENCE) += cadence_ttc.o
>  common-obj-$(CONFIG_DS1338) += ds1338.o
> +common-obj-$(CONFIG_DS1375) += ds1375-i2c.o
>  common-obj-$(CONFIG_HPET) += hpet.o
>  common-obj-$(CONFIG_I8254) += i8254_common.o i8254.o
>  common-obj-$(CONFIG_M48T59) += m48t59.o
> diff --git a/hw/timer/ds1375-i2c.c b/hw/timer/ds1375-i2c.c
> new file mode 100644
> index 00..dba9cc05c4
> --- /dev/null
> +++ b/hw/timer/ds1375-i2c.c
> @@ -0,0 +1,293 @@
> +/*
> + * Dallas/Maxim ds1375 I2C RTC w/ SRAM
> + *
> + * Copyright (c) 2017 Michael Davidsaver
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2.  See
> + * the LICENSE file in the top-level directory.
> + *
> + * Only basic functionality is modeled (time and user SRAM).
> + * Alarms not modeled.
> + */
> +#include "qemu/osdep.h"
> +#include "qemu-common.h"
> +#include "qemu/log.h"
> +#include "qemu/timer.h"
> +#include "qemu/bcd.h"
> +#include "hw/hw.h"
> +#include "hw/registerfields.h"
> +#include "hw/i2c/i2c.h"
> +
> +#define DEBUG_DS1375
> +
> +#ifdef DEBUG_DS1375
> +#define DPRINTK(FMT, ...) printf(TYPE_DS1375 " : " FMT, ## __VA_ARGS__)
> +#else
> +#define DPRINTK(FMT, ...) do {} while (0)
> +#endif
> +
> +#define LOG(MSK, FMT, ...) qemu_log_mask(MSK, TYPE_DS1375 " : " FMT, \
> +## __VA_ARGS__)
> +
> +#define TYPE_DS1375 "ds1375"
> +#define DS1375(obj) OBJECT_CHECK(DS1375State, (obj), TYPE_DS1375)
> +
> +#define DS1375_REGSIZE 0x20
> +
> +#define R_SEC   (0x0)
> +#define R_MIN   (0x1)
> +#define R_HOUR  (0x2)
> +#define R_WDAY  (0x3)
> +#define R_DATE  (0x4)
> +#define R_MONTH (0x5)
> +#define R_YEAR  (0x6)
> +#define R_A1SEC   (0x7)
> +#define R_A1MIN   (0x8)
> +#define R_A1HOUR  (0x9)
> +#define R_A1DAY   (0xa)
> +#define R_A2SEC   (0xb)
> +#define R_A2MIN   (0xc)
> +#define R_A2HOUR  (0xd)
> +#define R_CTRL  (0xe)
> +#define R_STS   (0xf)
> +
> +FIELD(HOUR, SET12, 6, 1)
> +FIELD(HOUR, HOUR24, 0, 6)
> +FIELD(HOUR, AMPM, 5, 1)
> +FIELD(HOUR, HOUR12, 0, 5)
> +
> +FIELD(MONTH, MONTH, 0, 5)
> +FIELD(MONTH, CENTURY, 7, 1)
> +
> +FIELD(CTRL, ECLK, 7, 1)
> +FIELD(CTRL, CLKSEL, 5, 2)
> +FIELD(CTRL, RS, 3, 2)
> +FIELD(CTRL, INTCN, 2, 1)
> +FIELD(CTRL, A2IE, 1, 1)
> +FIELD(CTRL, A1IE, 0, 1)
> +
> +typedef struct DS1375State {
> +I2CSlave parent_obj;
> +
> +/* register address counter */
> +uint8_t addr;
> +/* when writing, whether the address has been sent */
> +bool addrd;
> +
> +int time_offset;
> +
> +uint8_t regs[DS1375_REGSIZE];
> +} DS1375State;
> +
> +/* update current time register if clock enabled */
> +static
> +void ds1375_latch(DS1375State *ds)
> +{
> +struct tm now;
> +
> +if (!ARRAY_FIELD_EX32(ds->regs, CTRL, ECLK)) {
> +return;
> +}
> +
> +qemu_get_timedate(, ds->time_offset);
> +
> +DPRINTK("Current Time %3u/%2u/%u %2u:%2u:%2u (wday %u)\n",
> +now.tm_year, now.tm_mon, now.tm_mday,
> +now.tm_hour, now.tm_min, now.tm_sec,
> +now.tm_wday);
> +
> +/* ensure unused bits are zero */
> +memset(ds->regs, 0, R_YEAR + 1);
> +
> +ds->regs[R_SEC] = to_bcd(now.tm_sec);
> +ds->regs[R_MIN] = to_bcd(now.tm_min);
> +
> +if (ARRAY_FIELD_EX32(ds->regs, HOUR, SET12) == 0) {
> +/* 24 hour */
> +ARRAY_FIELD_DP32(ds->regs, HOUR, HOUR24, to_bcd(now.tm_hour));
> +} else {
> +/* 12 hour am/pm */
> +ARRAY_FIELD_DP32(ds->regs, HOUR, AMPM, now.tm_hour >= 12);
> +ARRAY_FIELD_DP32(ds->regs, HOUR, HOUR12, to_bcd(now.tm_hour % 12u));
> +}
> +
> +ds->regs[R_WDAY] = now.tm_wday; /* day of the week */
> +ds->regs[R_DATE] = to_bcd(now.tm_mday);
> +
> +ARRAY_FIELD_DP32(ds->regs, MONTH, MONTH, to_bcd(now.tm_mon +

Re: [Qemu-devel] [ANNOUNCE] QEMU 2.11.0-rc2 is now available

2017-11-21 Thread Michael Roth 
Quoting Christian Borntraeger (2017-11-21 15:38:32)
> forgot to cc qemu-devel
> 
> On 11/21/2017 10:37 PM, Christian Borntraeger wrote:
> > a quick heads up . Rc2 now triggers
> > +qemu-img: block/block-backend.c:2088: blk_root_drained_end: Assertion 
> > `blk->quiesce_counter' failed.
> > for several qemu iotests. 
> > 
> > I have not looked into any details.

It looks to be due to:

4afeffc8572f40d8844b946a30c00b10da4442b1
blockjob: do not allow coroutine double entry or entry-after-completion

> > 
> > Christian
> > 
> > On 11/21/2017 08:08 PM, Michael Roth wrote:
> >> Hello,
> >>
> >> On behalf of the QEMU Team, I'd like to announce the availability of the
> >> third release candidate for the QEMU 2.11 release.  This release is meant
> >> for testing purposes and should not be used in a production environment.
> >>
> >>   http://download.qemu-project.org/qemu-2.11.0-rc2.tar.xz
> >>   http://download.qemu-project.org/qemu-2.11.0-rc2.tar.xz.sig
> >>
> >> You can help improve the quality of the QEMU 2.11 release by testing this
> >> release and reporting bugs on Launchpad:
> >>
> >>   https://bugs.launchpad.net/qemu/
> >>
> >> The release plan, as well a documented known issues for release
> >> candidates, are available at:
> >>
> >>   http://wiki.qemu.org/Planning/2.11
> >>
> >> Please add entries to the ChangeLog for the 2.11 release below:
> >>
> >>   http://wiki.qemu.org/ChangeLog/2.11
> >>
> >> Changes since rc1:
> >>
> >> a15d835f00: Update version for v2.11.0-rc2 release (Peter Maydell)
> >> d975301dc8: qemu-iotest: add test for blockjob coroutine race condition 
> >> (Jeff Cody)
> >> a2339699c3: qemu-iotests: add option in common.qemu for mismatch only 
> >> (Jeff Cody)
> >> 6133b39f3c: coroutine: abort if we try to schedule or enter a pending 
> >> coroutine (Jeff Cody)
> >> 4afeffc857: blockjob: do not allow coroutine double entry or 
> >> entry-after-completion (Jeff Cody)
> >> 7c3d1917fd: build: disarm the TCG unit test trap (Daniel P. Berrange)
> >> 2807746ff1: iotests: Fix 176 on 32-bit host (Eric Blake)
> >> 50a3efb0f0: block: Close a BlockDriverState completely even when bs->drv 
> >> is NULL (Alberto Garcia)
> >> 70a5afedd6: block: Error out on load_vm with active dirty bitmaps (Kevin 
> >> Wolf)
> >> 2b624fe079: block: Add errp to bdrv_all_goto_snapshot() (Kevin Wolf)
> >> 0b62bcbc61: block: Add errp to bdrv_snapshot_goto() (Kevin Wolf)
> >> 1f4ad7d3b8: block: Don't request I/O permission with BDRV_O_NO_IO (Kevin 
> >> Wolf)
> >> dacaa16238: block: Don't use BLK_PERM_CONSISTENT_READ for format probing 
> >> (Kevin Wolf)
> >> 70b7fba987: Use HTTPS for qemu.org and other domains (Stefan Hajnoczi)
> >> 1b3bbc6887: Use qemu.org domain name (Stefan Hajnoczi)
> >> d0dead3b6d: scripts/make-release: ship u-boot source as a tarball (Michael 
> >> Roth)
> >> 34d49937e4: accel/tcg: Handle atomic accesses to notdirty memory correctly 
> >> (Peter Maydell)
> >> 2726627197: exec.c: Factor out before/after actions for notdirty memory 
> >> writes (Peter Maydell)
> >> df83eabd52: qga: replace GetIfEntry with GetIfEntry2 for interface stats 
> >> (ZhiPeng Lu)
> >> 6cbf1ec85c: pc-bios/s390-ccw.img: update image (Cornelia Huck)
> >> f516511ea8: linux-user: Fix calculation of auxv length (Peter Maydell)
> >> b350ae138f: hw/arm: Silence xlnx-ep108 deprecation warning during tests 
> >> (Thomas Huth)
> >> b6e70d1d7f: hw/arm/aspeed: Unlock SCU when running kernel (Joel Stanley)
> >> 50cd71b0d3: arm: check regime, not current state, for ATS write PAR format 
> >> (Peter Maydell)
> >> 2b75ef01ca: nvic: Fix ARMv7M MPU_RBAR reads (Peter Maydell)
> >> 96a8b92ed8: target/arm: Report GICv3 sysregs present in ID registers if 
> >> needed (Peter Maydell)
> >> b11ce33fe0: Revert "cpu-exec: don't overwrite exception_index" (Peter 
> >> Maydell)
> >> 8775d91a0f: pc-bios/s390-ccw: Fix problem with invalid virtio-scsi LUN 
> >> when rebooting (Thomas Huth)
> >> 7337c6eb98: s390x/tcg: fix DIAG 308 with > 1 VCPU (MTTCG) (David 
> >> Hildenbrand)
> >> dc0bbef5e6: s390x: fix storing CPU status (again) (David Hildenbrand)
> >> c527e0afcd: hw/net/vmxnet3: Fix code to work on big endian hosts, too 
> >> (Thomas Huth)
> >> 0dacea92d2: net: Transmit zero UDP checksum as 0x (Ed Swierk)
> >> ebc2327f07: MAINTAINERS: Add missing entry for eepro100 emulation (Stefan 
> >> Weil)
> >> 8f8e8053d9: hw/net/eepro100: Fix endianness problem on big endian hosts 
> >> (Thomas Huth)
> >> 2ec405524e: Revert "Add new PCI ID for i82559a" (Jason Wang)
> >> 4d36623520: colo-compare: fix the dangerous assignment (Mao Zhongyi)
> >> 8251248394: spapr: reset DRCs after devices (Greg Kurz)
> >> 7abd43baec: target/ppc: Update setting of cpu features to account for 
> >> compat modes (Suraj Jitindar Singh)
> >> c0012e9a22: iotests: Make 087 pass without AIO enabled (Max Reitz)
> >> 5e003f17ec: block: Make bdrv_next() keep strong references (Max Reitz)
> >> 08546bcfb2: qcow2: Fix overly broad madvise() (Max Reitz)
> >> 4efb1f7c61: qcow2: Refuse to

Re: [Qemu-devel] [PATCH for-2.12 v3 2/3] spapr/rtas: fix reboot of a a SMP TCG guest

2017-11-21 Thread David Gibson 
On Mon, Nov 20, 2017 at 11:03:46AM +0100, Cédric Le Goater wrote:
> Just like for hot unplug CPUs, when a guest is rebooted, the secondary
> CPUs can be awaken by the decrementer and start entering SLOF at the
> same time the boot CPU is.
> 
> To be safe, let's disable on the secondaries all the exceptions which
> can cause an exit while the CPU is in power-saving mode.
> 
> Based on previous work from Nikunj A Dadhania 
> 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: David Gibson 

but not applying pending an update on 1/3.

> ---
> 
> Changes in v3:
> 
>  - used the cpu_ppc_papr_pece_bits() helper 
> 
>  hw/ppc/spapr_cpu_core.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> index 3a4c17401226..4ba8563d49e4 100644
> --- a/hw/ppc/spapr_cpu_core.c
> +++ b/hw/ppc/spapr_cpu_core.c
> @@ -35,6 +35,13 @@ static void spapr_cpu_reset(void *opaque)
>  cs->halted = 1;
>  
>  env->spr[SPR_HIOR] = 0;
> +
> +/* Disable Power-saving mode Exit Cause exceptions for the CPU.
> + * This can cause issues when rebooting the guest if a secondary
> + * is awaken */
> +if (cs != first_cpu) {
> +env->spr[SPR_LPCR] &= ~cpu_ppc_papr_pece_bits(env);
> +}
>  }
>  
>  static void spapr_cpu_destroy(PowerPCCPU *cpu)

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH for-2.12 v3 1/3] spapr/rtas: disable the decrementer interrupt when a CPU is unplugged

2017-11-21 Thread David Gibson 
On Mon, Nov 20, 2017 at 11:03:45AM +0100, Cédric Le Goater wrote:
> When a CPU is stopped with the 'stop-self' RTAS call, its state
> 'halted' is switched to 1 and, in this case, the MSR is not taken into
> account anymore in the cpu_has_work() routine. Only the pending
> hardware interrupts are checked with their LPCR:PECE* enablement bit.
> 
> If the DECR timer fires after 'stop-self' is called and before the CPU
> 'stop' state is reached, the nearly-dead CPU will have some work to do
> and the guest will crash. This case happens very frequently with the
> not yet upstream P9 XIVE exploitation mode. In XICS mode, the DECR is
> occasionally fired but after 'stop' state, so no work is to be done
> and the guest survives.
> 
> I suspect there is a race between the QEMU mainloop triggering the
> timers and the TCG CPU thread but I could not quite identify the root
> cause. To be safe, let's disable in the LPCR all the exceptions which
> can cause an exit while the CPU is in power-saving mode and reenable
> them when the CPU is started.
> 
> For this purpose, we introduce a little helper routine to calculate
> the PECE bits for a processor variant. We could also use the mask
> value LPCR_PECE_L_MASK for the P8 and P9 processors. bit 47 and 48 are
> reserved on P7 but it is still compatible.
> 
> Signed-off-by: Cédric Le Goater 

I'm not thrilled about addressing this without 100% knowing what's
going on, but this seems like a sensible change in any case, so I'm ok
with applying something like this.

A detail however..

[snip]
>  #if !defined(CONFIG_USER_ONLY)
> +
> +target_ulong cpu_ppc_papr_pece_bits(CPUPPCState *env)
> +{
> +switch (env->mmu_model) {
> +case POWERPC_MMU_3_00:
> +return LPCR_PDEE | LPCR_HDEE | LPCR_EEE | LPCR_DEE | LPCR_OEE;
> +default:
> +/* P7 and P8 has slightly different PECE bits, mostly because P8 adds
> + * bit 47 and 48 which are reserved on P7. Here we set them all, 
> which
> + * will work as expected for both implementations
> + */
> +return LPCR_P8_PECE0 | LPCR_P8_PECE1 | LPCR_P8_PECE2 | LPCR_P8_PECE3 
> |
> +LPCR_P8_PECE4;
> +}
> +}

..since we're working in this area, might as well clean up this
inappropriate use of mmu_model.  Two options which I'd be ok with:

1) Add a pece_bits field to the PowerPCCPUClass, correctly initialized
for the various processors.

2) A similar helper but using ppc_check_compat() to check the arch
level, instead of using env->mmu_model.
-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH v4 3/4] hw/block: Use errp directly rather than local_err

2017-11-21 Thread Mao Zhongyi 
Cc: John Snow 
Cc: Kevin Wolf 
Cc: Max Reitz 
Cc: Keith Busch 
Cc: Stefan Hajnoczi 
Cc: "Michael S. Tsirkin" 
Cc: Paolo Bonzini 
Cc: Gerd Hoffmann 
Cc: Markus Armbruster 

Signed-off-by: Mao Zhongyi 
Reviewed-by: Stefan Hajnoczi 
---
 hw/block/fdc.c| 17 ++---
 hw/block/nvme.c   |  7 ++-
 hw/block/virtio-blk.c | 18 ++
 hw/ide/qdev.c | 12 
 hw/scsi/scsi-disk.c   | 13 -
 hw/usb/dev-storage.c  |  9 +++--
 6 files changed, 25 insertions(+), 51 deletions(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 67f78ac..7b7dd41 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -473,16 +473,13 @@ static void fd_revalidate(FDrive *drv)
 static void fd_change_cb(void *opaque, bool load, Error **errp)
 {
 FDrive *drive = opaque;
-Error *local_err = NULL;
 
 if (!load) {
 blk_set_perm(drive->blk, 0, BLK_PERM_ALL, _abort);
 } else {
-blkconf_apply_backend_options(drive->conf,
-  blk_is_read_only(drive->blk), false,
-  _err);
-if (local_err) {
-error_propagate(errp, local_err);
+if (!blkconf_apply_backend_options(drive->conf,
+   blk_is_read_only(drive->blk), false,
+   errp)) {
 return;
 }
 }
@@ -522,7 +519,6 @@ static void floppy_drive_realize(DeviceState *qdev, Error 
**errp)
 FloppyDrive *dev = FLOPPY_DRIVE(qdev);
 FloppyBus *bus = FLOPPY_BUS(qdev->parent_bus);
 FDrive *drive;
-Error *local_err = NULL;
 int ret;
 
 if (dev->unit == -1) {
@@ -568,10 +564,9 @@ static void floppy_drive_realize(DeviceState *qdev, Error 
**errp)
 dev->conf.rerror = BLOCKDEV_ON_ERROR_AUTO;
 dev->conf.werror = BLOCKDEV_ON_ERROR_AUTO;
 
-blkconf_apply_backend_options(>conf, blk_is_read_only(dev->conf.blk),
-  false, _err);
-if (local_err) {
-error_propagate(errp, local_err);
+if (!blkconf_apply_backend_options(>conf,
+   blk_is_read_only(dev->conf.blk),
+   false, errp)) {
 return;
 }
 
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index e530ba7..e529e88 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -928,7 +928,6 @@ static void nvme_realize(PCIDevice *pci_dev, Error **errp)
 int i;
 int64_t bs_size;
 uint8_t *pci_conf;
-Error *local_err = NULL;
 
 if (!n->conf.blk) {
 error_setg(errp, "drive property not set");
@@ -947,10 +946,8 @@ static void nvme_realize(PCIDevice *pci_dev, Error **errp)
 return;
 }
 blkconf_blocksizes(>conf);
-blkconf_apply_backend_options(>conf, blk_is_read_only(n->conf.blk),
-  false, _err);
-if (local_err) {
-error_propagate(errp, local_err);
+if (!blkconf_apply_backend_options(>conf, blk_is_read_only(n->conf.blk),
+   false, errp)) {
 return;
 }
 
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 05d1440..ae3356f 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -913,7 +913,6 @@ static void virtio_blk_device_realize(DeviceState *dev, 
Error **errp)
 VirtIODevice *vdev = VIRTIO_DEVICE(dev);
 VirtIOBlock *s = VIRTIO_BLK(dev);
 VirtIOBlkConf *conf = >conf;
-Error *err = NULL;
 unsigned i;
 
 if (!conf->conf.blk) {
@@ -930,19 +929,16 @@ static void virtio_blk_device_realize(DeviceState *dev, 
Error **errp)
 }
 
 blkconf_serial(>conf, >serial);
-blkconf_apply_backend_options(>conf,
-  blk_is_read_only(conf->conf.blk), true,
-  );
-if (err) {
-error_propagate(errp, err);
+if (!blkconf_apply_backend_options(>conf,
+   blk_is_read_only(conf->conf.blk), true,
+   errp)) {
 return;
 }
 s->original_wce = blk_enable_write_cache(conf->conf.blk);
-blkconf_geometry(>conf, NULL, 65535, 255, 255, );
-if (err) {
-error_propagate(errp, err);
+if (!blkconf_geometry(>conf, NULL, 65535, 255, 255, errp)) {
 return;
 }
+
 blkconf_blocksizes(>conf);
 
 virtio_init(vdev, "virtio-blk", VIRTIO_ID_BLOCK,
@@ -955,9 +951,7 @@ static void virtio_blk_device_realize(DeviceState *dev, 
Error **errp)
 for (i = 0; i < conf->num_queues; i++) {
 virtio_add_queue(vdev, 128, virtio_blk_handle_output);
 }
-virtio_blk_data_plane_create(vdev, conf, >dataplane, );
-if (err != NULL) {
-error_propagate(errp, err);
+

[Qemu-devel] [PATCH v4 4/4] dev-storage: Fix the unusual function name

2017-11-21 Thread Mao Zhongyi 
The function name of usb_msd_{realize,unrealize}_*,
usb_msd_class_initfn_* are unusual. Rename it to
usb_msd_*_{realize,unrealize}, usb_msd_class_*_initfn.

Cc: Gerd Hoffmann 

Signed-off-by: Mao Zhongyi 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/usb/dev-storage.c | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index a9bcc67..9722ac8 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -596,7 +596,7 @@ static void usb_msd_unrealize_storage(USBDevice *dev, Error 
**errp)
 object_unref(OBJECT(>bus));
 }
 
-static void usb_msd_realize_storage(USBDevice *dev, Error **errp)
+static void usb_msd_storage_realize(USBDevice *dev, Error **errp)
 {
 MSDState *s = USB_STORAGE_DEV(dev);
 BlockBackend *blk = s->conf.blk;
@@ -643,14 +643,14 @@ static void usb_msd_realize_storage(USBDevice *dev, Error 
**errp)
 s->scsi_dev = scsi_dev;
 }
 
-static void usb_msd_unrealize_bot(USBDevice *dev, Error **errp)
+static void usb_msd_bot_unrealize(USBDevice *dev, Error **errp)
 {
 MSDState *s = USB_STORAGE_DEV(dev);
 
 object_unref(OBJECT(>bus));
 }
 
-static void usb_msd_realize_bot(USBDevice *dev, Error **errp)
+static void usb_msd_bot_realize(USBDevice *dev, Error **errp)
 {
 MSDState *s = USB_STORAGE_DEV(dev);
 DeviceState *d = DEVICE(dev);
@@ -764,12 +764,12 @@ static void usb_msd_class_initfn_common(ObjectClass 
*klass, void *data)
 dc->vmsd = _usb_msd;
 }
 
-static void usb_msd_class_initfn_storage(ObjectClass *klass, void *data)
+static void usb_msd_class_storage_initfn(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
 
-uc->realize = usb_msd_realize_storage;
+uc->realize = usb_msd_storage_realize;
 uc->unrealize = usb_msd_unrealize_storage;
 dc->props = msd_properties;
 }
@@ -828,26 +828,26 @@ static void usb_msd_instance_init(Object *obj)
 object_property_set_int(obj, -1, "bootindex", NULL);
 }
 
-static void usb_msd_class_initfn_bot(ObjectClass *klass, void *data)
+static void usb_msd_class_bot_initfn(ObjectClass *klass, void *data)
 {
 USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
 
-uc->realize = usb_msd_realize_bot;
-uc->unrealize = usb_msd_unrealize_bot;
+uc->realize = usb_msd_bot_realize;
+uc->unrealize = usb_msd_bot_unrealize;
 uc->attached_settable = true;
 }
 
 static const TypeInfo msd_info = {
 .name  = "usb-storage",
 .parent= TYPE_USB_STORAGE,
-.class_init= usb_msd_class_initfn_storage,
+.class_init= usb_msd_class_storage_initfn,
 .instance_init = usb_msd_instance_init,
 };
 
 static const TypeInfo bot_info = {
 .name  = "usb-bot",
 .parent= TYPE_USB_STORAGE,
-.class_init= usb_msd_class_initfn_bot,
+.class_init= usb_msd_class_bot_initfn,
 };
 
 static void usb_msd_register_types(void)
-- 
2.9.4

[Qemu-devel] [PATCH v4 2/4] hw/block: Fix the return type

2017-11-21 Thread Mao Zhongyi 
When the function no success value to transmit, it usually make the
function return void. It has turned out not to be a success, because
it means that the extra local_err variable and error_propagate() will
be needed. It leads to cumbersome code, therefore, transmit success/
failure in the return value is worth.

So fix the return type of blkconf_apply_backend_options(),
blkconf_geometry() and virtio_blk_data_plane_create() to avoid it.

Cc: John Snow 
Cc: Kevin Wolf 
Cc: Max Reitz 
Cc: Stefan Hajnoczi 

Signed-off-by: Mao Zhongyi 
Reviewed-by: Stefan Hajnoczi 
---
 hw/block/block.c| 15 +--
 hw/block/dataplane/virtio-blk.c | 12 +++-
 hw/block/dataplane/virtio-blk.h |  2 +-
 include/hw/block/block.h|  4 ++--
 4 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/hw/block/block.c b/hw/block/block.c
index 27878d0..b0269c8 100644
--- a/hw/block/block.c
+++ b/hw/block/block.c
@@ -51,7 +51,7 @@ void blkconf_blocksizes(BlockConf *conf)
 }
 }
 
-void blkconf_apply_backend_options(BlockConf *conf, bool readonly,
+bool blkconf_apply_backend_options(BlockConf *conf, bool readonly,
bool resizable, Error **errp)
 {
 BlockBackend *blk = conf->blk;
@@ -76,7 +76,7 @@ void blkconf_apply_backend_options(BlockConf *conf, bool 
readonly,
 
 ret = blk_set_perm(blk, perm, shared_perm, errp);
 if (ret < 0) {
-return;
+return false;
 }
 
 switch (conf->wce) {
@@ -99,9 +99,11 @@ void blkconf_apply_backend_options(BlockConf *conf, bool 
readonly,
 
 blk_set_enable_write_cache(blk, wce);
 blk_set_on_error(blk, rerror, werror);
+
+return true;
 }
 
-void blkconf_geometry(BlockConf *conf, int *ptrans,
+bool blkconf_geometry(BlockConf *conf, int *ptrans,
   unsigned cyls_max, unsigned heads_max, unsigned secs_max,
   Error **errp)
 {
@@ -129,15 +131,16 @@ void blkconf_geometry(BlockConf *conf, int *ptrans,
 if (conf->cyls || conf->heads || conf->secs) {
 if (conf->cyls < 1 || conf->cyls > cyls_max) {
 error_setg(errp, "cyls must be between 1 and %u", cyls_max);
-return;
+return false;
 }
 if (conf->heads < 1 || conf->heads > heads_max) {
 error_setg(errp, "heads must be between 1 and %u", heads_max);
-return;
+return false;
 }
 if (conf->secs < 1 || conf->secs > secs_max) {
 error_setg(errp, "secs must be between 1 and %u", secs_max);
-return;
+return false;
 }
 }
+return true;
 }
diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
index 5556f0e..f6fc639 100644
--- a/hw/block/dataplane/virtio-blk.c
+++ b/hw/block/dataplane/virtio-blk.c
@@ -76,7 +76,7 @@ static void notify_guest_bh(void *opaque)
 }
 
 /* Context: QEMU global mutex held */
-void virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf,
+bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf,
   VirtIOBlockDataPlane **dataplane,
   Error **errp)
 {
@@ -91,11 +91,11 @@ void virtio_blk_data_plane_create(VirtIODevice *vdev, 
VirtIOBlkConf *conf,
 error_setg(errp,
"device is incompatible with iothread "
"(transport does not support notifiers)");
-return;
+return false;
 }
 if (!virtio_device_ioeventfd_enabled(vdev)) {
 error_setg(errp, "ioeventfd is required for iothread");
-return;
+return false;
 }
 
 /* If dataplane is (re-)enabled while the guest is running there could
@@ -103,12 +103,12 @@ void virtio_blk_data_plane_create(VirtIODevice *vdev, 
VirtIOBlkConf *conf,
  */
 if (blk_op_is_blocked(conf->conf.blk, BLOCK_OP_TYPE_DATAPLANE, errp)) {
 error_prepend(errp, "cannot start virtio-blk dataplane: ");
-return;
+return false;
 }
 }
 /* Don't try if transport does not support notifiers. */
 if (!virtio_device_ioeventfd_enabled(vdev)) {
-return;
+return false;
 }
 
 s = g_new0(VirtIOBlockDataPlane, 1);
@@ -126,6 +126,8 @@ void virtio_blk_data_plane_create(VirtIODevice *vdev, 
VirtIOBlkConf *conf,
 s->batch_notify_vqs = bitmap_new(conf->num_queues);
 
 *dataplane = s;
+
+return true;
 }
 
 /* Context: QEMU global mutex held */
diff --git a/hw/block/dataplane/virtio-blk.h b/hw/block/dataplane/virtio-blk.h
index db3f47b..5e18bb9 100644
--- a/hw/block/dataplane/virtio-blk.h
+++ b/hw/block/dataplane/virtio-blk.h
@@ -19,7 +19,7 @@
 
 typedef struct VirtIOBlockDataPlane VirtIOBlockDataPlane;
 
-void virtio_blk_data_plane_create(VirtIODevice

[Qemu-devel] [PATCH v4 0/4] Convert to realize and improve error handling

2017-11-21 Thread Mao Zhongyi 
This series mainly implements the conversions of ide, floppy and nvme
device to realize. Add some error handling messages and remove the local
variable local_err, use errp to propagate the error directly. Also
fix the unusual function name.

v4:
  -rebased it on top of block-next branch

v3:
  -patch1: update the test output in 051  [John Snow]
  -patch2: update the test putput in 172  [John Snow]

v2:
  -use bool as the return type instead of int. [Markus Armbruster & Stefan 
Hajnoczi]

Cc: Kevin Wolf 
Cc: Max Reitz 
Cc: Keith Busch 
Cc: Stefan Hajnoczi 
Cc: "Michael S. Tsirkin" 
Cc: Paolo Bonzini 
Cc: Gerd Hoffmann 
Cc: Markus Armbruster 

Mao Zhongyi (4):
  hw/block/nvme: Convert to realize
  hw/block: Fix the return type
  hw/block: Use errp directly rather than local_err
  dev-storage: Fix the unusual function name

 hw/block/block.c| 15 +--
 hw/block/dataplane/virtio-blk.c | 12 +++-
 hw/block/dataplane/virtio-blk.h |  2 +-
 hw/block/fdc.c  | 17 ++---
 hw/block/nvme.c | 23 +++
 hw/block/virtio-blk.c   | 18 ++
 hw/ide/qdev.c   | 12 
 hw/scsi/scsi-disk.c | 13 -
 hw/usb/dev-storage.c| 29 +
 include/hw/block/block.h|  4 ++--
 10 files changed, 63 insertions(+), 82 deletions(-)

-- 
2.9.4

[Qemu-devel] [PATCH v4 1/4] hw/block/nvme: Convert to realize

2017-11-21 Thread Mao Zhongyi 
Convert nvme_init() to realize and rename it to nvme_realize().

Cc: John Snow 
Cc: Keith Busch 
Cc: Kevin Wolf 
Cc: Max Reitz 
Cc: Markus Armbruster 

Signed-off-by: Mao Zhongyi 
---
 hw/block/nvme.c | 18 ++
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 441e21e..e530ba7 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -920,7 +920,7 @@ static const MemoryRegionOps nvme_cmb_ops = {
 },
 };
 
-static int nvme_init(PCIDevice *pci_dev)
+static void nvme_realize(PCIDevice *pci_dev, Error **errp)
 {
 NvmeCtrl *n = NVME(pci_dev);
 NvmeIdCtrl *id = >id_ctrl;
@@ -931,24 +931,27 @@ static int nvme_init(PCIDevice *pci_dev)
 Error *local_err = NULL;
 
 if (!n->conf.blk) {
-return -1;
+error_setg(errp, "drive property not set");
+return;
 }
 
 bs_size = blk_getlength(n->conf.blk);
 if (bs_size < 0) {
-return -1;
+error_setg(errp, "could not get backing file size");
+return;
 }
 
 blkconf_serial(>conf, >serial);
 if (!n->serial) {
-return -1;
+error_setg(errp, "serial property not set");
+return;
 }
 blkconf_blocksizes(>conf);
 blkconf_apply_backend_options(>conf, blk_is_read_only(n->conf.blk),
   false, _err);
 if (local_err) {
-error_report_err(local_err);
-return -1;
+error_propagate(errp, local_err);
+return;
 }
 
 pci_conf = pci_dev->config;
@@ -1046,7 +1049,6 @@ static int nvme_init(PCIDevice *pci_dev)
 cpu_to_le64(n->ns_size >>
 id_ns->lbaf[NVME_ID_NS_FLBAS_INDEX(ns->id_ns.flbas)].ds);
 }
-return 0;
 }
 
 static void nvme_exit(PCIDevice *pci_dev)
@@ -1081,7 +1083,7 @@ static void nvme_class_init(ObjectClass *oc, void *data)
 DeviceClass *dc = DEVICE_CLASS(oc);
 PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc);
 
-pc->init = nvme_init;
+pc->realize = nvme_realize;
 pc->exit = nvme_exit;
 pc->class_id = PCI_CLASS_STORAGE_EXPRESS;
 pc->vendor_id = PCI_VENDOR_ID_INTEL;
-- 
2.9.4

Re: [Qemu-devel] [PATCH v5 1/4] vhost-user: add new vhost user messages to support virtio config space

2017-11-21 Thread Liu, Changpeng 


> -Original Message-
> From: Michael S. Tsirkin [mailto:m...@redhat.com]
> Sent: Tuesday, November 21, 2017 4:45 AM
> To: Stefan Hajnoczi 
> Cc: Liu, Changpeng ; qemu-devel@nongnu.org;
> pbonz...@redhat.com; marcandre.lur...@redhat.com; fel...@nutanix.com;
> Harris, James R 
> Subject: Re: [PATCH v5 1/4] vhost-user: add new vhost user messages to support
> virtio config space
> 
> On Mon, Nov 20, 2017 at 04:26:31PM +, Stefan Hajnoczi wrote:
> > On Fri, Nov 17, 2017 at 04:44:37AM +0800, Changpeng Liu wrote:
> > > Add VHOST_USER_GET_CONFIG/VHOST_USER_SET_CONFIG messages which
> can be
> > > used for live migration of vhost user devices, also vhost user devices
> > > can benefit from the messages to get/set virtio config space from/to the
> > > I/O target. For the purpose to support virtio config space change,
> > > VHOST_USER_SET_CONFIG_FD message is added as the event notifier
> > > in case virtio config space change in the I/O target.
> > >
> > > Signed-off-by: Changpeng Liu 
> > > ---
> > >  docs/interop/vhost-user.txt   | 39 
> > >  hw/virtio/vhost-user.c| 98
> +++
> > >  hw/virtio/vhost.c | 63 +
> > >  include/hw/virtio/vhost-backend.h |  8 
> > >  include/hw/virtio/vhost.h | 16 +++
> > >  5 files changed, 224 insertions(+)
> > >
> > > diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
> > > index 954771d..1b98388 100644
> > > --- a/docs/interop/vhost-user.txt
> > > +++ b/docs/interop/vhost-user.txt
> > > @@ -116,6 +116,16 @@ Depending on the request type, payload can be:
> > >  - 3: IOTLB invalidate
> > >  - 4: IOTLB access fail
> > >
> > > + * Virtio device config space
> > > +   ---
> > > +   | offset | size | payload |
> > > +   ---
> > > +
> > > +   Offset: a 32-bit offset of virtio device's configuration space
> >
> > s/of/in the/
> >
> > > +   Size: a 32-bit size of configuration space that master wanted to 
> > > change
> >
> > Is this also used for GET_CONFIG?  If yes, I suggest "a 32-bit
> > configuration space access size in bytes".
> >
> > Please mention that Size must be <= 256 bytes.
> >
> > > +   Payload: a 256-bytes array holding the contents of the virtio
> > > +   device's configuration space
> >
> > What about bytes outside the [offset, offset+size) range?  I guess they
> > must be 0 and are ignored by the master/slave.
> >
> > Would it be cleaner to make Payload a variable-sized field with Size
> > bytes?  That way it's not necessary to transfer 0s and memcpy() a subset
> > of the payload array.
> >
> > > +
> > >  In QEMU the vhost-user message is implemented with the following struct:
> > >
> > >  typedef struct VhostUserMsg {
> > > @@ -129,6 +139,7 @@ typedef struct VhostUserMsg {
> > >  VhostUserMemory memory;
> > >  VhostUserLog log;
> > >  struct vhost_iotlb_msg iotlb;
> > > +VhostUserConfig config;
> > >  };
> > >  } QEMU_PACKED VhostUserMsg;
> > >
> > > @@ -596,6 +607,34 @@ Master message types
> > >and expect this message once (per VQ) during device configuration
> > >(ie. before the master starts the VQ).
> > >
> > > + * VHOST_USER_GET_CONFIG
> > > +  Id: 24
> > > +  Equivalent ioctl: N/A
> > > +  Master payload: virtio device config space
> > > +
> > > +  Submitted by the vhost-user master to fetch the contents of the 
> > > virtio
> > > +  device configuration space. The vhost-user master may cache the 
> > > contents
> > > +  to avoid repeated VHOST_USER_GET_CONFIG calls.
> > > +
> > > +* VHOST_USER_SET_CONFIG
> > > +  Id: 25
> > > +  Equivalent ioctl: N/A
> > > +  Master payload: virtio device config space
> > > +
> > > +  Submitted by the vhost-user master when the Guest changes the 
> > > virtio
> > > +  device configuration space and also can be used for live migration
> > > +  on the destination host.
> >
> > There might be security issues if the vhost slave cannot tell whether
> > SET_CONFIG is coming from the guest driver or from the master process
> > (live migration).  Typically certain fields are read-only for the guest
> > driver.  Maybe those fields need to be set by the master after live
> > migration.
> >
> > One way to solve this is adding a flags field to the message.  A special
> > flag can be used for live migration so the slave knows that this
> > SET_CONFIG message is allowed to write to read-only fields.
> >
> > It's also worth documenting that slaves MUST NOT accept SET_CONFIG for
> > read-only configuration space fields unless the live migration bit is
> > set.  Hopefully this will remind implementors to think through the
> > security issues.
> 
> Live migrations is supposed to be migrating guest writeable state too.
> If you mean migrating

Re: [Qemu-devel] [PATCH v5 1/4] vhost-user: add new vhost user messages to support virtio config space

2017-11-21 Thread Liu, Changpeng 


> -Original Message-
> From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> Sent: Tuesday, November 21, 2017 12:27 AM
> To: Liu, Changpeng 
> Cc: qemu-devel@nongnu.org; pbonz...@redhat.com; m...@redhat.com;
> marcandre.lur...@redhat.com; fel...@nutanix.com; Harris, James R
> 
> Subject: Re: [PATCH v5 1/4] vhost-user: add new vhost user messages to support
> virtio config space
> 
> On Fri, Nov 17, 2017 at 04:44:37AM +0800, Changpeng Liu wrote:
> > Add VHOST_USER_GET_CONFIG/VHOST_USER_SET_CONFIG messages which can
> be
> > used for live migration of vhost user devices, also vhost user devices
> > can benefit from the messages to get/set virtio config space from/to the
> > I/O target. For the purpose to support virtio config space change,
> > VHOST_USER_SET_CONFIG_FD message is added as the event notifier
> > in case virtio config space change in the I/O target.
> >
> > Signed-off-by: Changpeng Liu 
> > ---
> >  docs/interop/vhost-user.txt   | 39 
> >  hw/virtio/vhost-user.c| 98 
> > +++
> >  hw/virtio/vhost.c | 63 +
> >  include/hw/virtio/vhost-backend.h |  8 
> >  include/hw/virtio/vhost.h | 16 +++
> >  5 files changed, 224 insertions(+)
> >
> > diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
> > index 954771d..1b98388 100644
> > --- a/docs/interop/vhost-user.txt
> > +++ b/docs/interop/vhost-user.txt
> > @@ -116,6 +116,16 @@ Depending on the request type, payload can be:
> >  - 3: IOTLB invalidate
> >  - 4: IOTLB access fail
> >
> > + * Virtio device config space
> > +   ---
> > +   | offset | size | payload |
> > +   ---
> > +
> > +   Offset: a 32-bit offset of virtio device's configuration space
> 
> s/of/in the/
> 
> > +   Size: a 32-bit size of configuration space that master wanted to change
> 
> Is this also used for GET_CONFIG?  If yes, I suggest "a 32-bit
> configuration space access size in bytes".
ok.
> 
> Please mention that Size must be <= 256 bytes.
> 
> > +   Payload: a 256-bytes array holding the contents of the virtio
> > +   device's configuration space
> 
> What about bytes outside the [offset, offset+size) range?  I guess they
> must be 0 and are ignored by the master/slave.
> 
> Would it be cleaner to make Payload a variable-sized field with Size
> bytes?  That way it's not necessary to transfer 0s and memcpy() a subset
> of the payload array.
sounds good, but for vhost-blk driver it can call get_config for the whole 
virtio_blk_config space.
> 
> > +
> >  In QEMU the vhost-user message is implemented with the following struct:
> >
> >  typedef struct VhostUserMsg {
> > @@ -129,6 +139,7 @@ typedef struct VhostUserMsg {
> >  VhostUserMemory memory;
> >  VhostUserLog log;
> >  struct vhost_iotlb_msg iotlb;
> > +VhostUserConfig config;
> >  };
> >  } QEMU_PACKED VhostUserMsg;
> >
> > @@ -596,6 +607,34 @@ Master message types
> >and expect this message once (per VQ) during device configuration
> >(ie. before the master starts the VQ).
> >
> > + * VHOST_USER_GET_CONFIG
> > +  Id: 24
> > +  Equivalent ioctl: N/A
> > +  Master payload: virtio device config space
> > +
> > +  Submitted by the vhost-user master to fetch the contents of the 
> > virtio
> > +  device configuration space. The vhost-user master may cache the 
> > contents
> > +  to avoid repeated VHOST_USER_GET_CONFIG calls.
> > +
> > +* VHOST_USER_SET_CONFIG
> > +  Id: 25
> > +  Equivalent ioctl: N/A
> > +  Master payload: virtio device config space
> > +
> > +  Submitted by the vhost-user master when the Guest changes the virtio
> > +  device configuration space and also can be used for live migration
> > +  on the destination host.
> 
> There might be security issues if the vhost slave cannot tell whether
> SET_CONFIG is coming from the guest driver or from the master process
> (live migration).  Typically certain fields are read-only for the guest
> driver.  Maybe those fields need to be set by the master after live
> migration.
> 
> One way to solve this is adding a flags field to the message.  A special
> flag can be used for live migration so the slave knows that this
> SET_CONFIG message is allowed to write to read-only fields.
> 
Ok.
> It's also worth documenting that slaves MUST NOT accept SET_CONFIG for
> read-only configuration space fields unless the live migration bit is
> set.  Hopefully this will remind implementors to think through the
> security issues.

Re: [Qemu-devel] [PATCH qemu] fdc: Exit if ISA controller does not support DMA

2017-11-21 Thread Alexey Kardashevskiy 
On 07/11/17 11:58, John Snow wrote:
> 
> 
> On 10/26/2017 02:46 AM, Alexey Kardashevskiy wrote:
>> A "powernv" machine type defines an ISA bus but it does not add any DMA
>> controller to it so it is possible to hit assert(fdctrl->dma) by
>> adding "-machine powernv -device isa-fdc".
>>
>> This replaces assert() with an error message.
>>
>> Signed-off-by: Alexey Kardashevskiy 
>> ---
>>
>> Is it a must for ISA to have DMA controllers?
>>
>>
>> ---
>>  hw/block/fdc.c | 5 -
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/hw/block/fdc.c b/hw/block/fdc.c
>> index 67f78ac702..ed8b367572 100644
>> --- a/hw/block/fdc.c
>> +++ b/hw/block/fdc.c
>> @@ -2700,7 +2700,10 @@ static void isabus_fdc_realize(DeviceState *dev, 
>> Error **errp)
>>  fdctrl->dma_chann = isa->dma;
>>  if (fdctrl->dma_chann != -1) {
>>  fdctrl->dma = isa_get_dma(isa_bus_from_device(isadev), isa->dma);
>> -assert(fdctrl->dma);
>> +if (!fdctrl->dma) {
>> +error_setg(errp, "ISA controller does not support DMA, 
>> exiting");
>> +return;
>> +}
>>  }
>>  
>>  qdev_set_legacy_instance_id(dev, isa->iobase, 2);
>>
> 
> I've been MIA for a little while, so I'm out of the loop -- but I am not
> sure this is entirely the right way to fix this problem. I think it is
> more the case that certain boards should not be able to ask for certain
> types of devices, and we should prohibit e.g. powernv from being able to
> ask for an ISA floppy disk controller.
> 
> (It doesn't seem to have an ISA DMA controller by default, but I have no
> idea if that means it can't EVER have one...)
> 
> Papering over this by making it a soft error when we fail to execute
> isa_get_dma and then assuming in retrospect it's because the machine
> type we're on cannot have an ISA DMA controller seems a little
> wrong-headed. It also leaves side-effects from isa_register_portio_list
> and isa_init_irq, so we can't just bail here -- it's only marginally
> better than the assert() it's doing.
> 
> That said, I am not really sure what the right thing to do is ... I
> suspect the "right thing" is to express the dependency that isa-fdc
> requires an ISA DMA controller -- and maybe that check happens here when
> isa_get_dma fails and we have to unwind the realize function, but we
> need to do it gracefully.
> 
> Give me a day to think about it, but I do want to make sure this is in
> the next release.


The day has passed, any news? :)


-- 
Alexey

Re: [Qemu-devel] [PATCH v5 1/4] vhost-user: add new vhost user messages to support virtio config space

2017-11-21 Thread Liu, Changpeng 


> -Original Message-
> From: Paolo Bonzini [mailto:pbonz...@redhat.com]
> Sent: Tuesday, November 21, 2017 8:16 AM
> To: Michael S. Tsirkin ; Stefan Hajnoczi 
> Cc: Liu, Changpeng ; qemu-devel@nongnu.org;
> marcandre.lur...@redhat.com; fel...@nutanix.com; Harris, James R
> 
> Subject: Re: [PATCH v5 1/4] vhost-user: add new vhost user messages to support
> virtio config space
> 
> On 20/11/2017 21:44, Michael S. Tsirkin wrote:
> > Live migrations is supposed to be migrating guest writeable state too.
> > If you mean migrating RO fields like size, then
> > I don't think it's a good idea to reuse SET_CONFIG for that.
> > SET_CONFIG should obey exactly the virtio semantics.
> >
> > And I agree, it should say that slave must treat it as a write,
> > and get config as a read according to virtio semantics.
> >
> > If someone needs to pass configuration from qemu to
> > slave, let's add specific messages with precisely defined semantics.
> 
> Fair enough, but I'd add nevertheless a 32-bit flags field to both
> GET_CONFIG and SET_CONFIG, and document that the slave MUST check that
> it is zero and otherwise fail.
Ok.
> 
> Paolo

Re: [Qemu-devel] [PATCH v3 0/6] Convert to realize and improve error handling

2017-11-21 Thread Mao Zhongyi 

Hi, Kevin

On 11/10/2017 10:25 PM, Kevin Wolf wrote:

Am 19.09.2017 um 01:59 hat John Snow geschrieben:

On 09/18/2017 10:05 AM, Mao Zhongyi wrote:

This series mainly implements the conversions of ide, floppy and nvme
device to realize. Add some error handling messages and remove the local
variable local_err, use errp to propagate the error directly. Also
fix the unusual function name.


I've staged patches one and two here for my IDE pull request.

I think patches 3-6 here would belong to Kevin.


Sorry, I completely missed this.


That's all right.


Thanks, applied patch 3 (nvme) to the block-next branch. I did not take
patches 4 and 5 because patch 5 doesn't apply cleanly any more, and
honestly I think the result is uglier than before.


I will rebase the patches right away.

Thanks,
Mao


Patch 6 is for Gerd.
Kevin

Re: [Qemu-devel] [PATCH] iotests: fix 075 and 078

2017-11-21 Thread Eric Blake 
On 11/21/2017 06:16 PM, John Snow wrote:
> Both of these tests are for formats which now stipulate that they are
> read-only. Adjust the tests to match.
> 
> Signed-off-by: John Snow 
> ---
>  tests/qemu-iotests/075 | 18 +-
>  tests/qemu-iotests/078 | 14 +++---
>  2 files changed, 16 insertions(+), 16 deletions(-)
> 

Reviewed-by: Eric Blake 

Safe for 2.11, although now that -rc2 is out, it's also okay if this
slips into 2.12.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v6 00/26] tcg: generic vector operations

2017-11-21 Thread no-reply 
Hi,

This series failed build test on s390x host. Please find the details below.

Subject: [Qemu-devel] [PATCH v6 00/26] tcg: generic vector operations
Type: series
Message-id: 20171121212534.5177-1-richard.hender...@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
CC=$HOME/bin/cc
INSTALL=$PWD/install
BUILD=$PWD/build
echo -n "Using CC: "
realpath $CC
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --cc=$CC --prefix=$INSTALL
make -j4
# XXX: we need reliable clean up
# make check -j4 V=1
make install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20171121212534.5177-1-richard.hender...@linaro.org 
-> patchew/20171121212534.5177-1-richard.hender...@linaro.org
Switched to a new branch 'test'
25cb597 tcg/aarch64: Add vector operations
3f5327e tcg/i386: Add vector operations/expansions for mul/extend
9842ec4 target/arm: Use vector infrastructure for aa64 widening shifts
5baa8f3 tcg: Add generic vector ops for extension
f31da52 target/arm: Use vector infrastructure for aa64 multiplies
32e5841 tcg: Add generic vector ops for multiplication
02b126c tcg/i386: Add vector operations/expansions for shift/cmp/interleave
bd28e62 target/arm: Use vector infrastructure for aa64 compares
c1bffde tcg: Add generic vector ops for comparisons
c6dfe9f target/arm: Use vector infrastructure for aa64 constant shifts
692cd85 tcg: Add generic vector ops for constant shifts
77a9e02 target/arm: Use vector infrastructure for aa64 zip/uzp/trn/xtn
8b8ba00 tcg: Add generic vector ops for interleave
e5c9bc0 tcg: Add tcg_expand_vec_op and tcg-target.opc.h
8f26874 tcg/i386: Add vector operations
2895593 target/arm: Use vector infrastructure for aa64 dup/movi
75b6cdb target/arm: Use vector infrastructure for aa64 mov/not/neg
01af1be target/arm: Use vector infrastructure for aa64 add/sub/logic
f368c49 target/arm: Align vector registers
0870bb2 tcg: Add tcg_signed_cond
0ac77ec tcg: Allow multiple word entries into the constant pool
729ef74 tcg: Add generic vector expanders
b0b5925 tcg: Add types and basic operations for host vectors
cfb2262 tcg: Generalize TCGOp parameters
17d3aaf tcg: Dynamically allocate TCGOps
795ee71 tcg: Remove TCGV_UNUSED* and TCGV_IS_UNUSED*

=== OUTPUT BEGIN ===
=== ENV ===
XDG_SESSION_ID=101459
SHELL=/bin/sh
USER=fam
PATCHEW=/home/fam/patchew/patchew-cli -s http://patchew.org --nodebug
PATH=/usr/bin:/bin
PWD=/var/tmp/patchew-tester-tmp-w75fwes8/src
LANG=en_US.UTF-8
HOME=/home/fam
SHLVL=2
LOGNAME=fam
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1012/bus
XDG_RUNTIME_DIR=/run/user/1012
_=/usr/bin/env
=== PACKAGES ===
gpg-pubkey-873529b8-54e386ff
xz-libs-5.2.2-2.fc24.s390x
libxshmfence-1.2-3.fc24.s390x
giflib-4.1.6-15.fc24.s390x
trousers-lib-0.3.13-6.fc24.s390x
ncurses-base-6.0-6.20160709.fc25.noarch
gmp-6.1.1-1.fc25.s390x
libidn-1.33-1.fc25.s390x
slang-2.3.0-7.fc25.s390x
pkgconfig-0.29.1-1.fc25.s390x
alsa-lib-1.1.1-2.fc25.s390x
yum-metadata-parser-1.1.4-17.fc25.s390x
python3-slip-dbus-0.6.4-4.fc25.noarch
python2-cssselect-0.9.2-1.fc25.noarch
createrepo_c-libs-0.10.0-6.fc25.s390x
initscripts-9.69-1.fc25.s390x
parted-3.2-21.fc25.s390x
flex-2.6.0-3.fc25.s390x
colord-libs-1.3.4-1.fc25.s390x
python-osbs-client-0.33-3.fc25.noarch
perl-Pod-Simple-3.35-1.fc25.noarch
python2-simplejson-3.10.0-1.fc25.s390x
brltty-5.4-2.fc25.s390x
librados2-10.2.4-2.fc25.s390x
tcp_wrappers-7.6-83.fc25.s390x
libcephfs_jni1-10.2.4-2.fc25.s390x
nettle-devel-3.3-1.fc25.s390x
bzip2-devel-1.0.6-21.fc25.s390x
libuuid-2.28.2-2.fc25.s390x
python3-dnf-1.1.10-6.fc25.noarch
texlive-kpathsea-doc-svn41139-33.fc25.1.noarch
openssh-7.4p1-4.fc25.s390x
texlive-kpathsea-bin-svn40473-33.20160520.fc25.1.s390x
texlive-graphics-svn41015-33.fc25.1.noarch
texlive-dvipdfmx-def-svn40328-33.fc25.1.noarch
texlive-mfware-svn40768-33.fc25.1.noarch
texlive-texlive-scripts-svn41433-33.fc25.1.noarch
texlive-euro-svn22191.1.1-33.fc25.1.noarch
texlive-etex-svn37057.0-33.fc25.1.noarch
texlive-iftex-svn29654.0.2-33.fc25.1.noarch
texlive-palatino-svn31835.0-33.fc25.1.noarch
texlive-texlive-docindex-svn41430-33.fc25.1.noarch
texlive-xunicode-svn30466.0.981-33.fc25.1.noarch
texlive-koma-script-svn41508-33.fc25.1.noarch
texlive-pst-grad-svn15878.1.06-33.fc25.1.noarch
texlive-pst-blur-svn15878.2.0-33.fc25.1.noarch
texlive-jknapltx-svn19440.0-33.fc25.1.noarch
texinfo-6.1-4.fc25.s390x
openssl-devel-1.0.2k-1.fc25.s390x
jansson-2.10-2.fc25.s390x
fedora-repos-25-4.noarch
perl-Errno-1.25-387.fc25.s390x
acl-2.2.52-13.fc25.s390x
systemd-pam-231-17.fc25.s390x
NetworkManager-libnm-1.4.4-5.fc25.s390x
poppler-0.45.0-5.fc25.s390x
ccache-3.3.4-1.fc25.s390x
valgrind-3.12.0-9.fc25.s390x
perl-open-1.10-387.fc25.noarch
libgcc-6.4.1-1.fc25.s390x

[Qemu-devel] [PATCH] iotests: fix 075 and 078

2017-11-21 Thread John Snow 
Both of these tests are for formats which now stipulate that they are
read-only. Adjust the tests to match.

Signed-off-by: John Snow 
---
 tests/qemu-iotests/075 | 18 +-
 tests/qemu-iotests/078 | 14 +++---
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/tests/qemu-iotests/075 b/tests/qemu-iotests/075
index 770d51c6cb..caa30d4743 100755
--- a/tests/qemu-iotests/075
+++ b/tests/qemu-iotests/075
@@ -48,56 +48,56 @@ offsets_offset=136
 echo
 echo "== check that the first sector can be read =="
 _use_sample_img simple-pattern.cloop.bz2
-$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
+$QEMU_IO -r -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
 
 echo
 echo "== check that the last sector can be read =="
 _use_sample_img simple-pattern.cloop.bz2
-$QEMU_IO -c "read $((1024 * 1024 - 512)) 512" $TEST_IMG 2>&1 | _filter_qemu_io 
| _filter_testdir
+$QEMU_IO -r -c "read $((1024 * 1024 - 512)) 512" $TEST_IMG 2>&1 | 
_filter_qemu_io | _filter_testdir
 
 echo
 echo "== block_size must be a multiple of 512 =="
 _use_sample_img simple-pattern.cloop.bz2
 poke_file "$TEST_IMG" "$block_size_offset" "\x00\x00\x02\x01"
-$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
+$QEMU_IO -r -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
 
 echo
 echo "== block_size cannot be zero =="
 _use_sample_img simple-pattern.cloop.bz2
 poke_file "$TEST_IMG" "$block_size_offset" "\x00\x00\x00\x00"
-$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
+$QEMU_IO -r -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
 
 echo
 echo "== huge block_size ==="
 _use_sample_img simple-pattern.cloop.bz2
 poke_file "$TEST_IMG" "$block_size_offset" "\xff\xff\xfe\x00"
-$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
+$QEMU_IO -r -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
 
 echo
 echo "== offsets_size overflow ==="
 _use_sample_img simple-pattern.cloop.bz2
 poke_file "$TEST_IMG" "$n_blocks_offset" "\xff\xff\xff\xff"
-$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
+$QEMU_IO -r -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
 
 echo
 echo "== refuse images that require too many offsets ==="
 _use_sample_img simple-pattern.cloop.bz2
 poke_file "$TEST_IMG" "$n_blocks_offset" "\x04\x00\x00\x01"
-$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
+$QEMU_IO -r -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
 
 echo
 echo "== refuse images with non-monotonically increasing offsets =="
 _use_sample_img simple-pattern.cloop.bz2
 poke_file "$TEST_IMG" "$offsets_offset" "\x00\x00\x00\x00\xff\xff\xff\xff"
 poke_file "$TEST_IMG" $((offsets_offset + 8)) 
"\x00\x00\x00\x00\xff\xfe\x00\x00"
-$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
+$QEMU_IO -r -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
 
 echo
 echo "== refuse images with invalid compressed block size =="
 _use_sample_img simple-pattern.cloop.bz2
 poke_file "$TEST_IMG" "$offsets_offset" "\x00\x00\x00\x00\x00\x00\x00\x00"
 poke_file "$TEST_IMG" $((offsets_offset + 8)) 
"\xff\xff\xff\xff\xff\xff\xff\xff"
-$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
+$QEMU_IO -r -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir
 
 # success, all done
 echo "*** done"
diff --git a/tests/qemu-iotests/078 b/tests/qemu-iotests/078
index f333e9ac84..a106c26f6b 100755
--- a/tests/qemu-iotests/078
+++ b/tests/qemu-iotests/078
@@ -48,41 +48,41 @@ disk_size_offset=$((0x58))
 echo
 echo "== Read from a valid image =="
 _use_sample_img empty.bochs.bz2
-{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | 
_filter_testdir
+{ $QEMU_IO -r -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | 
_filter_testdir
 
 echo
 echo "== Negative catalog size =="
 _use_sample_img empty.bochs.bz2
 poke_file "$TEST_IMG" "$catalog_size_offset" "\xff\xff\xff\xff"
-{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | 
_filter_testdir
+{ $QEMU_IO -r -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | 
_filter_testdir
 
 echo
 echo "== Overflow for catalog size * sizeof(uint32_t) =="
 _use_sample_img empty.bochs.bz2
 poke_file "$TEST_IMG" "$catalog_size_offset" "\x00\x00\x00\x40"
-{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | 
_filter_testdir
+{ $QEMU_IO -r -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | 
_filter_testdir
 
 echo
 echo "== Too small catalog bitmap for image size =="
 _use_sample_img empty.bochs.bz2
 poke_file "$TEST_IMG" "$disk_size_offset" "\x00\xc0\x0f\x00\x00\x00\x00\x7f"
-{ $QEMU_IO -c "read 2T 4k" $TEST_IMG; } 2>&1 | _filter_qemu_io | 
_filter_testdir
+{ $QEMU_IO -r -c "read 2T 4k" $TEST_IMG; } 2>&1 | _filter_qemu_io | 
_filter_testdir
 
 _use_sample_img empty.bochs.bz2

Re: [Qemu-devel] [Qemu-block] segfault in parallel blockjobs (iotest 30)

2017-11-21 Thread John Snow 
CC Jeff Cody

... who may or may not be preoccupied with Thanksgiving travel now.

Convenient URL for reading past replies:
https://lists.nongnu.org/archive/html/qemu-devel/2017-11/msg03844.html

On 11/21/2017 10:31 AM, Alberto Garcia wrote:
> On Tue 21 Nov 2017 04:18:13 PM CET, Anton Nefedov wrote:
> 
 Or, perhaps another approach, keep BlockJob referenced while it is
 paused (by block_job_pause/resume_all()). That should prevent it
 from deleting the BB.
>>>
>>> Yes, I tried this and it actually solves the issue. But I still think
>>> that the problem is that block jobs are allowed to finish when they
>>> are paused.
>>
>> Agree, but
>>
>>> Adding block_job_pause_point(>common) at the end of stream_run()
>>> fixes the problem too.
>>
>> would be a nice fix, but it only works unless the job is already
>> deferred, right?
> 
> Right, I didn't mean to propose it as the proper solution (it would
> still leave mirror job vulnerable because it's already paused by the
> time it calls defer_to_main_loop()).
> 
>> This:
>>
>>  >> keep BlockJob referenced while it is
>>  >> paused (by block_job_pause/resume_all()). That should prevent it from
>>  >> deleting the BB.
>>
>> looks kind of hacky; maybe referencing in block_job_pause() (and not
>> just pause_all) seems more correct? I think it didn't work for me
>> right away though. But I can look more.
> 
> You have to be careful when you unref the block job because you may
> destroy it, and therefore block_job_next() in block_job_resume_all()
> would be using freed memory.
> 
> Berto
>

Re: [Qemu-devel] [PATCH for-2.12 0/4] qmp dirty bitmap API

2017-11-21 Thread John Snow 


On 11/21/2017 12:23 PM, Kevin Wolf wrote:
> Am 17.11.2017 um 22:35 hat John Snow geschrieben:
> usage is like this:
>
> 1. we have dirty bitmap bitmap0 for incremental backup.
>
> 2. prepare image fleecing (create temporary image with backing=our_disk)
> 3. in qmp transaction:
>     - disable bitmap0
>     - create bitmap1
>     - start image fleecing (backup sync=none our_disk -> temp_disk)
 This could probably just be its own command, though:

 block-job-fleece node=foobar bitmap=bitmap0 etc=etera etc=etera

 Could handle forking the bitmap. I'm not sure what the arguments would
 look like, but we could name the NBD export here, too. (Assuming the
 server is already started and we just need to create the share.)

 Then, we can basically do what mirror does:

 (1) Cancel
 (2) Complete

 Cancel would instruct QEMU to keep the bitmap changes (i.e. roll back),
 and Complete would instruct QEMU to discard the changes.

 This way we don't need to expose commands like split or merge that will
 almost always be dangerous to use over QMP.

 In fact, a fleecing job would be really convenient even without a
 bitmap, because it'd still be nice to have a convenience command for it.
 Using an existing infrastructure and understood paradigm is just a bonus.
>>>
>>> 1. If I understand correctly, Kevin and Max said in their report in
>>> Prague about new block-job approach,
>>>   using filter nodes, so I'm not sure that this is a good Idea to
>>> introduce now new old-style block-job, where we can
>>>   do without it.
>>
>> We could do without it, but it might be a lot better to have everything
>> wrapped up in a command that's easy to digest instead of releasing 10
>> smaller commands that have to be executed in a very specific way in
>> order to work correctly.
>>
>> I'm thinking about the complexity of error checking here with all the
>> smaller commands, versus error checking on a larger workflow we
>> understand and can quality test better.
>>
>> I'm not sure that filter nodes becoming the new normal for block jobs
>> precludes our ability to use the job-management API as a handle for
>> managing the lifetime of a long-running task like fleecing, but I'll
>> check with Max and Kevin about this.
> 
> We have a general tendency at least in the block layer, but in fact I
> think in qemu in general, to switch from exposing high-level
> functionality to exposing lower-level operations via QAPI.
> 

I am aware of that, yeah. I worry about going too far to the other
extreme in some cases. Even at the API level where we don't care about
the feelings of, or the ease-of-use by a robot, if a certain action
requires several API commands to be issued in a very specific order,
that increases our test matrix and it increases the complexity in the
management API.

There's a middle ground, I think.

"Fleecing" is one of those cases where we can already fleece today with
component commands, but a composite command that encapsulates that
functionality would be helpful.

In this case, I worry about adding low-level commands for bitmaps that
will almost always be incorrect to use except in conjunction with other
commands -- and even then generally only useful when issued via
transaction specifically.

(You might be able to make the case to me that we should add these
commands but ONLY as transaction primitives, foregoing their traditional
standalone QMP command counterparts.)

If I capitulate and let the more targeted primitives into QEMU instead
of an encompassing job, it means a higher number of QMP commands
overall, more tests, and more interfaces to test and maintain.

Maybe I am being wrong-headed, but I actually think a new job would
actually give us less to maintain, test and verify than several new
primitives would, especially when considering that these primitives will
in general only be used by transactions with other commands anyway, it
increases the evidence that the right paradigm here is a new job, not
more transaction primitives.

...maybe. I won't draw a line in the sand, but it's an approach I would
like you to consider.

> If we expose high-level commands, then every new use case will require a
> change in both qemu and libvirt. With low-level commands, often libvirt
> already has all of the required tools to implement what it needs.
> 

I am receptive to how "big" commands often need to change frequently,
though. Primitives certainly have a purity of design about them that
larger job commands do not possess.

> So I do see good reasons for exposing low-level commands.
> 
> 
> On another note, I would double check before adding a new block job type
> that this is the right way to go. We have recently noticed that many, if
> not all, of the existing block jobs (at least mirror, commit and backup)
> are so similar that they implement the same things multiple times and
> are just lacking different

[Qemu-devel] qemu-iotest 059 vmdk failure

2017-11-21 Thread John Snow 
The last sub-test in 059, which uses an AFL fuzzer image to test for how
a large L1 table of a specific size is handled has a slight regression.

Previously, QEMU expects -EFBIG to come out the vmdk_open call. Now, we
get -EINVAL. Not too ominous.

Now, QEMU actually allocates the L1 table (1.6GB) and gets a little
further, only to eventually trip up here:

#0  vmdk_read_cid (bs=0x55d4c5a0, parent=0, pcid=0x55d5786c) at
/home/bos/jhuston/src/qemu/block/vmdk.c:272
#1  0x555947cb in vmdk_open (bs=0x55d4c5a0,
options=0x55d509b0, flags=65536, errp=0x7fffd950)
at /home/bos/jhuston/src/qemu/block/vmdk.c:989

where p_name is NULL, so we return -EINVAL back up the stack. We get all
the way through vmdk_open_sparse --> vmdk_open_vmdk4 before we
eventually catch an error in the header and return a fairly nondescript
EINVAL which doesn't tell the end user much.

We don't error out earlier because the vmdk_add_extent function checks
to see if we are exceeding 512*1024*1024 ... entries, which means that
later when we get to vmdk_init_tables, we do multiply this number by
four again, so our actual maximum L1 table size in terms of bytes is
2GiB, not 512MiB.

(Maybe you knew that, I didn't, enjoy useless facts. The comment in code
seemed to suggest the size was a literal size in bytes, but it's treated
more as the number of L1 entries, which is different.)

Anyway, this still seems slightly silly that we don't catch obviously
bogus images a little sooner, so I wanna rewind and see why we don't get
-EFBIG anymore.

The output changes as of 9877860e which adds the p_name check, so we
appear to actually be failing even earlier, just not before we
apparently load up a 2GB L1 table from a file that clocks in at less
than 1KB.

(Wait, why does that work? Am I tracing this wrong? -EOUTTATIME)

Anyway, we can fix this by amending the reference test output, or we
might want to shore up the vmdk input validation a bit.

Not a regression, and the test was broken in v2.10 anyway, so not
critical to fix during rc phase, I think.

Anyway, I need to go prepare some food for Thanksgiving, so I won't come
back to this one for a few days. If it's not important to anyone else,
I'll get back around to it eventually.

--js

Re: [Qemu-devel] [PATCH] ppc: fix VTB migration

2017-11-21 Thread David Gibson 
On Tue, Nov 21, 2017 at 09:16:43PM +0100, Laurent Vivier wrote:
> Migration of a system under stress (for example, with
> "stress-ng --numa 2") triggers on the destination
> some kernel watchdog messages like:
> 
> NMI watchdog: BUG: soft lockup - CPU#0 stuck for 3489660870s!
> NMI watchdog: BUG: soft lockup - CPU#1 stuck for 3489660884s!
> 
> This problem appears with the changes introduced by
> 42043e4 spapr: clock should count only if vm is running
> 
> I think this commit only triggers the problem.
> 
> Kernel computes the soft lockup duration using the
> Virtual Timebase register (VTB), not using the Timebase
> Register (TBR, the one 42043e4 stops).
> 
> It appears VTB is not migrated, so this patch adds it in
> the list of the SPRs to migrate, and fixes the problem.
> 
> For the migration, I've tested a migration from qemu-2.8.0 and
> pseries-2.8.0 to a patched master (qemu-2.11.0-rc1). The received
> VTB is 0 (as is it not initialized by qemu-2.8.0), but the value
> seems to be ignored by KVM and a non zero VTB is used by the kernel.
> I have no explanation for that, but as the original problem appears
> only with SMP system under stress I suspect some problems in KVM
> (I think because VTB is shared by all threads of a core).
> 
> Signed-off-by: Laurent Vivier 

Applied to ppc-for-2.11, thanks.

> ---
>  target/ppc/translate_init.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
> index b9c49c22f2..4e11e6f489 100644
> --- a/target/ppc/translate_init.c
> +++ b/target/ppc/translate_init.c
> @@ -8081,10 +8081,10 @@ static void gen_spr_power8_ebb(CPUPPCState *env)
>  /* Virtual Time Base */
>  static void gen_spr_vtb(CPUPPCState *env)
>  {
> -spr_register(env, SPR_VTB, "VTB",
> +spr_register_kvm(env, SPR_VTB, "VTB",
>   SPR_NOACCESS, SPR_NOACCESS,
>   _read_tbl, SPR_NOACCESS,
> - 0x);
> + KVM_REG_PPC_VTB, 0x);
>  }
>  
>  static void gen_spr_power8_fscr(CPUPPCState *env)

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v6 00/26] tcg: generic vector operations

2017-11-21 Thread no-reply 
Hi,

This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Subject: [Qemu-devel] [PATCH v6 00/26] tcg: generic vector operations
Type: series
Message-id: 20171121212534.5177-1-richard.hender...@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
time make docker-test-build@min-glib
time make docker-test-mingw@fedora
time make docker-test-block@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
25cb597f1f tcg/aarch64: Add vector operations
3f5327e6d4 tcg/i386: Add vector operations/expansions for mul/extend
9842ec4914 target/arm: Use vector infrastructure for aa64 widening shifts
5baa8f3688 tcg: Add generic vector ops for extension
f31da52954 target/arm: Use vector infrastructure for aa64 multiplies
32e58411b7 tcg: Add generic vector ops for multiplication
02b126c0de tcg/i386: Add vector operations/expansions for shift/cmp/interleave
bd28e62249 target/arm: Use vector infrastructure for aa64 compares
c1bffde42b tcg: Add generic vector ops for comparisons
c6dfe9f8f3 target/arm: Use vector infrastructure for aa64 constant shifts
692cd8553b tcg: Add generic vector ops for constant shifts
77a9e02822 target/arm: Use vector infrastructure for aa64 zip/uzp/trn/xtn
8b8ba000ae tcg: Add generic vector ops for interleave
e5c9bc047b tcg: Add tcg_expand_vec_op and tcg-target.opc.h
8f2687485e tcg/i386: Add vector operations
2895593422 target/arm: Use vector infrastructure for aa64 dup/movi
75b6cdbaa6 target/arm: Use vector infrastructure for aa64 mov/not/neg
01af1be046 target/arm: Use vector infrastructure for aa64 add/sub/logic
f368c49794 target/arm: Align vector registers
0870bb2a3c tcg: Add tcg_signed_cond
0ac77ecb27 tcg: Allow multiple word entries into the constant pool
729ef7471e tcg: Add generic vector expanders
b0b5925754 tcg: Add types and basic operations for host vectors
cfb22624a4 tcg: Generalize TCGOp parameters
17d3aaf14a tcg: Dynamically allocate TCGOps
795ee71296 tcg: Remove TCGV_UNUSED* and TCGV_IS_UNUSED*

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-5gdjpuh6/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-5gdjpuh6/src'
  GEN 
/var/tmp/patchew-tester-tmp-5gdjpuh6/src/docker-src.2017-11-21-17.20.00.19187/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-5gdjpuh6/src/docker-src.2017-11-21-17.20.00.19187/qemu.tar.vroot'...
done.
Checking out files:  44% (2539/5669)   
Checking out files:  45% (2552/5669)   
Checking out files:  46% (2608/5669)   
Checking out files:  47% (2665/5669)   
Checking out files:  48% (2722/5669)   
Checking out files:  49% (2778/5669)   
Checking out files:  50% (2835/5669)   
Checking out files:  51% (2892/5669)   
Checking out files:  52% (2948/5669)   
Checking out files:  53% (3005/5669)   
Checking out files:  54% (3062/5669)   
Checking out files:  55% (3118/5669)   
Checking out files:  56% (3175/5669)   
Checking out files:  57% (3232/5669)   
Checking out files:  58% (3289/5669)   
Checking out files:  59% (3345/5669)   
Checking out files:  60% (3402/5669)   
Checking out files:  61% (3459/5669)   
Checking out files:  62% (3515/5669)   
Checking out files:  63% (3572/5669)   
Checking out files:  64% (3629/5669)   
Checking out files:  65% (3685/5669)   
Checking out files:  66% (3742/5669)   
Checking out files:  67% (3799/5669)   
Checking out files:  68% (3855/5669)   
Checking out files:  69% (3912/5669)   
Checking out files:  70% (3969/5669)   
Checking out files:  71% (4025/5669)   
Checking out files:  72% (4082/5669)   
Checking out files:  73% (4139/5669)   
Checking out files:  74% (4196/5669)   
Checking out files:  75% (4252/5669)   
Checking out files:  76% (4309/5669)   
Checking out files:  77% (4366/5669)   
Checking out files:  78% (4422/5669)   
Checking out files:  79% (4479/5669)   
Checking out files:  80% (4536/5669)   
Checking out files:  81% (4592/5669)   
Checking out files:  82% (4649/5669)   
Checking out files:  83% (4706/5669)   
Checking out files:  84% (4762/5669)   
Checking out files:  84% (4774/5669)   
Checking out files:  85% (4819/5669)   
Checking out files:  86% (4876/5669)   
Checking out files:  87% (4933/5669)   
Checking out files:  88% (4989/5669)   
Checking out files:  89% (5046/5669)   
Checking out files:  90% (5103/5669)   
Checking out files:  91% (5159/5669)   
Checking out files:  92% (5216/5669)   
Checking out files:  93% (5273/5669)   
Checking out files:  94% (5329/5669)   
Checking out files:  95% (5386/5669)   
Checking out files:  96% (5443/5669)   
Checking out files:  97%

Re: [Qemu-devel] [PATCH v6 00/26] tcg: generic vector operations

2017-11-21 Thread no-reply 
Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v6 00/26] tcg: generic vector operations
Type: series
Message-id: 20171121212534.5177-1-richard.hender...@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/20171121212534.5177-1-richard.hender...@linaro.org -> 
patchew/20171121212534.5177-1-richard.hender...@linaro.org
Switched to a new branch 'test'
25cb597f1f tcg/aarch64: Add vector operations
3f5327e6d4 tcg/i386: Add vector operations/expansions for mul/extend
9842ec4914 target/arm: Use vector infrastructure for aa64 widening shifts
5baa8f3688 tcg: Add generic vector ops for extension
f31da52954 target/arm: Use vector infrastructure for aa64 multiplies
32e58411b7 tcg: Add generic vector ops for multiplication
02b126c0de tcg/i386: Add vector operations/expansions for shift/cmp/interleave
bd28e62249 target/arm: Use vector infrastructure for aa64 compares
c1bffde42b tcg: Add generic vector ops for comparisons
c6dfe9f8f3 target/arm: Use vector infrastructure for aa64 constant shifts
692cd8553b tcg: Add generic vector ops for constant shifts
77a9e02822 target/arm: Use vector infrastructure for aa64 zip/uzp/trn/xtn
8b8ba000ae tcg: Add generic vector ops for interleave
e5c9bc047b tcg: Add tcg_expand_vec_op and tcg-target.opc.h
8f2687485e tcg/i386: Add vector operations
2895593422 target/arm: Use vector infrastructure for aa64 dup/movi
75b6cdbaa6 target/arm: Use vector infrastructure for aa64 mov/not/neg
01af1be046 target/arm: Use vector infrastructure for aa64 add/sub/logic
f368c49794 target/arm: Align vector registers
0870bb2a3c tcg: Add tcg_signed_cond
0ac77ecb27 tcg: Allow multiple word entries into the constant pool
729ef7471e tcg: Add generic vector expanders
b0b5925754 tcg: Add types and basic operations for host vectors
cfb22624a4 tcg: Generalize TCGOp parameters
17d3aaf14a tcg: Dynamically allocate TCGOps
795ee71296 tcg: Remove TCGV_UNUSED* and TCGV_IS_UNUSED*

=== OUTPUT BEGIN ===
Checking PATCH 1/26: tcg: Remove TCGV_UNUSED* and TCGV_IS_UNUSED*...
Checking PATCH 2/26: tcg: Dynamically allocate TCGOps...
ERROR: line over 90 characters
#64: FILE: include/qemu/queue.h:430:
+ (var) && ((prev_var) = (*(((struct headname 
*)((var)->field.tqe_prev))->tqh_last)), 1); \

ERROR: spaces prohibited around that ':' (ctx:WxW)
#538: FILE: tcg/tcg.h:575:
+unsigned life   : 16;   /* 32 */
 ^

total: 2 errors, 0 warnings, 520 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 3/26: tcg: Generalize TCGOp parameters...
ERROR: spaces prohibited around that ':' (ctx:WxW)
#110: FILE: tcg/tcg.h:570:
+unsigned param1 : 4;/* 12 */
 ^

ERROR: spaces prohibited around that ':' (ctx:WxW)
#111: FILE: tcg/tcg.h:571:
+unsigned param2 : 4;/* 16 */
 ^

ERROR: Macros with complex values should be enclosed in parenthesis
#119: FILE: tcg/tcg.h:583:
+#define TCGOP_CALLI(X)(X)->param1

ERROR: Macros with complex values should be enclosed in parenthesis
#120: FILE: tcg/tcg.h:584:
+#define TCGOP_CALLO(X)(X)->param2

total: 4 errors, 0 warnings, 92 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 4/26: tcg: Add types and basic operations for host vectors...
ERROR: externs should be avoided in .c files
#137: FILE: tcg/tcg-op-vec.c:37:
+extern TCGv_i32 TCGV_LOW_link_error(TCGv_i64);

ERROR: externs should be avoided in .c files
#138: FILE: tcg/tcg-op-vec.c:38:
+extern TCGv_i32 TCGV_HIGH_link_error(TCGv_i64);

ERROR: Macros with complex values should be enclosed in parenthesis
#535: FILE: tcg/tcg-opc.h:209:
+#define IMPLVEC  TCG_OPF_VECTOR | IMPL(TCG_TARGET_MAYBE_vec)

WARNING: line over 80 characters
#538: FILE: tcg/tcg-opc.h:212:
+DEF(movi_vec, 1, 0, 0, TCG_OPF_VECTOR | TCG_OPF_NOT_PRESENT) /* vecl defines 
const args */

ERROR: Macros with complex values should be enclosed in parenthesis
#800: FILE: tcg/tcg.h:615:
+#define TCGOP_VECL(X) (X)->param1

ERROR: Macros with complex values should be enclosed in parenthesis
#801: FILE: tcg/tcg.h:616:
+#define TCGOP_VECE(X) (X)->param2

total: 5 errors, 1

[Qemu-devel] qemu iotest 020 failing for vmdk after 2b7731938d9

2017-11-21 Thread John Snow 
Commit 2b7731938d9 adds a blkdebug driver test for failing commits, but
the vmdk driver doesn't appear to appreciate this format:

+_qemu_img_wrapper create -f vmdk -b "json:{'driver': 'raw',
+ 'file': {
+ 'driver': 'blkdebug',
+ 'inject-error': [{
+ 'event': 'write_aio',
+ 'errno': 28,
+ 'once': true
+ }],
+ 'image': {
+ 'driver': 'null-co'
+ }}}"
"/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/scratch/t.vmdk"
+qemu-img: TEST_DIR/t.IMGFMT: Could not create image: Invalid argument


...so;

(A) VMDK should be dropped from 020, or
(B) This sub-test should be rewritten, or
(C) This sub-test should be split out into a new unit where VMDK can be
dropped.

I don't like (A) very much because I like testing our weird formats when
possible, I don't like (B) very much because I don't really like
wrangling QMP commands inside of the bash unit tests.

(C) Could work; though it's odd to have it away from its kin in 020.

Opinions?

--js

[Qemu-devel] [PATCH v6 21/26] tcg: Add generic vector ops for multiplication

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime.h  |  5 +
 tcg/i386/tcg-target.h|  1 +
 tcg/tcg-op-gvec.h|  2 ++
 tcg/tcg-op.h |  1 +
 tcg/tcg-opc.h|  1 +
 tcg/tcg.h|  1 +
 accel/tcg/tcg-runtime-gvec.c | 44 
 tcg/tcg-op-gvec.c| 29 +
 tcg/tcg-op-vec.c | 22 ++
 tcg/tcg.c|  2 ++
 tcg/README   |  4 
 11 files changed, 112 insertions(+)

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index 28abf30d76..c4a2e6b215 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -152,6 +152,11 @@ DEF_HELPER_FLAGS_4(gvec_sub16, TCG_CALL_NO_RWG, void, ptr, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_sub32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_sub64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(gvec_mul8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_mul16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_mul32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_mul64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_3(gvec_neg8, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(gvec_neg16, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(gvec_neg32, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index 60d3684750..949d138c9d 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -184,6 +184,7 @@ extern bool have_avx2;
 #define TCG_TARGET_HAS_uzp_vec  0
 #define TCG_TARGET_HAS_trn_vec  0
 #define TCG_TARGET_HAS_cmp_vec  1
+#define TCG_TARGET_HAS_mul_vec  0
 
 #define TCG_TARGET_deposit_i32_valid(ofs, len) \
 (((ofs) == 0 && (len) == 8) || ((ofs) == 8 && (len) == 8) || \
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
index 308bdc13b4..ad5e22e1bf 100644
--- a/tcg/tcg-op-gvec.h
+++ b/tcg/tcg-op-gvec.h
@@ -134,6 +134,8 @@ void tcg_gen_gvec_add(unsigned vece, uint32_t dofs, 
uint32_t aofs,
   uint32_t bofs, uint32_t opsz, uint32_t clsz);
 void tcg_gen_gvec_sub(unsigned vece, uint32_t dofs, uint32_t aofs,
   uint32_t bofs, uint32_t opsz, uint32_t clsz);
+void tcg_gen_gvec_mul(unsigned vece, uint32_t dofs, uint32_t aofs,
+  uint32_t bofs, uint32_t opsz, uint32_t clsz);
 
 void tcg_gen_gvec_and(unsigned vece, uint32_t dofs, uint32_t aofs,
   uint32_t bofs, uint32_t opsz, uint32_t clsz);
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index b4f73c6048..3296a7baa5 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -920,6 +920,7 @@ void tcg_gen_movi_v128(TCGv_vec, uint64_t, uint64_t);
 void tcg_gen_movi_v256(TCGv_vec, uint64_t, uint64_t, uint64_t, uint64_t);
 void tcg_gen_add_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 void tcg_gen_sub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_mul_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 void tcg_gen_and_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 void tcg_gen_or_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 void tcg_gen_xor_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index d3fa014507..b21a30273c 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -220,6 +220,7 @@ DEF(st_vec, 0, 2, 1, IMPLVEC)
 
 DEF(add_vec, 1, 2, 0, IMPLVEC)
 DEF(sub_vec, 1, 2, 0, IMPLVEC)
+DEF(mul_vec, 1, 2, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_mul_vec))
 DEF(neg_vec, 1, 1, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_neg_vec))
 
 DEF(and_vec, 1, 2, 0, IMPLVEC)
diff --git a/tcg/tcg.h b/tcg/tcg.h
index 96760dd2d6..a729e66b66 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -185,6 +185,7 @@ typedef uint64_t TCGRegSet;
 #define TCG_TARGET_HAS_uzp_vec  0
 #define TCG_TARGET_HAS_trn_vec  0
 #define TCG_TARGET_HAS_cmp_vec  0
+#define TCG_TARGET_HAS_mul_vec  0
 #else
 #define TCG_TARGET_MAYBE_vec1
 #endif
diff --git a/accel/tcg/tcg-runtime-gvec.c b/accel/tcg/tcg-runtime-gvec.c
index e0cde3216f..9406ccd769 100644
--- a/accel/tcg/tcg-runtime-gvec.c
+++ b/accel/tcg/tcg-runtime-gvec.c
@@ -141,6 +141,50 @@ void HELPER(gvec_sub64)(void *d, void *a, void *b, 
uint32_t desc)
 clear_high(d, oprsz, desc);
 }
 
+void HELPER(gvec_mul8)(void *d, void *a, void *b, uint32_t desc)
+{
+intptr_t oprsz = simd_oprsz(desc);
+intptr_t i;
+
+for (i = 0; i < oprsz; i += sizeof(vec8)) {
+*(vec8 *)(d + i) = *(vec8 *)(a + i) * *(vec8 *)(b + i);
+}
+clear_high(d, oprsz, desc);
+}
+
+void HELPER(gvec_mul16)(void *d, void *a, void *b, uint32_t desc)
+{
+intptr_t oprsz = simd_oprsz(desc);
+intptr_t i;
+
+for (i = 0; i < oprsz; i += sizeof(vec16)) {
+*(vec16 *)(d

Re: [Qemu-devel] [ANNOUNCE] QEMU 2.11.0-rc2 is now available

2017-11-21 Thread Christian Borntraeger 
forgot to cc qemu-devel

On 11/21/2017 10:37 PM, Christian Borntraeger wrote:
> a quick heads up . Rc2 now triggers
> +qemu-img: block/block-backend.c:2088: blk_root_drained_end: Assertion 
> `blk->quiesce_counter' failed.
> for several qemu iotests. 
> 
> I have not looked into any details.
> 
> Christian
> 
> On 11/21/2017 08:08 PM, Michael Roth wrote:
>> Hello,
>>
>> On behalf of the QEMU Team, I'd like to announce the availability of the
>> third release candidate for the QEMU 2.11 release.  This release is meant
>> for testing purposes and should not be used in a production environment.
>>
>>   http://download.qemu-project.org/qemu-2.11.0-rc2.tar.xz
>>   http://download.qemu-project.org/qemu-2.11.0-rc2.tar.xz.sig
>>
>> You can help improve the quality of the QEMU 2.11 release by testing this
>> release and reporting bugs on Launchpad:
>>
>>   https://bugs.launchpad.net/qemu/
>>
>> The release plan, as well a documented known issues for release
>> candidates, are available at:
>>
>>   http://wiki.qemu.org/Planning/2.11
>>
>> Please add entries to the ChangeLog for the 2.11 release below:
>>
>>   http://wiki.qemu.org/ChangeLog/2.11
>>
>> Changes since rc1:
>>
>> a15d835f00: Update version for v2.11.0-rc2 release (Peter Maydell)
>> d975301dc8: qemu-iotest: add test for blockjob coroutine race condition 
>> (Jeff Cody)
>> a2339699c3: qemu-iotests: add option in common.qemu for mismatch only (Jeff 
>> Cody)
>> 6133b39f3c: coroutine: abort if we try to schedule or enter a pending 
>> coroutine (Jeff Cody)
>> 4afeffc857: blockjob: do not allow coroutine double entry or 
>> entry-after-completion (Jeff Cody)
>> 7c3d1917fd: build: disarm the TCG unit test trap (Daniel P. Berrange)
>> 2807746ff1: iotests: Fix 176 on 32-bit host (Eric Blake)
>> 50a3efb0f0: block: Close a BlockDriverState completely even when bs->drv is 
>> NULL (Alberto Garcia)
>> 70a5afedd6: block: Error out on load_vm with active dirty bitmaps (Kevin 
>> Wolf)
>> 2b624fe079: block: Add errp to bdrv_all_goto_snapshot() (Kevin Wolf)
>> 0b62bcbc61: block: Add errp to bdrv_snapshot_goto() (Kevin Wolf)
>> 1f4ad7d3b8: block: Don't request I/O permission with BDRV_O_NO_IO (Kevin 
>> Wolf)
>> dacaa16238: block: Don't use BLK_PERM_CONSISTENT_READ for format probing 
>> (Kevin Wolf)
>> 70b7fba987: Use HTTPS for qemu.org and other domains (Stefan Hajnoczi)
>> 1b3bbc6887: Use qemu.org domain name (Stefan Hajnoczi)
>> d0dead3b6d: scripts/make-release: ship u-boot source as a tarball (Michael 
>> Roth)
>> 34d49937e4: accel/tcg: Handle atomic accesses to notdirty memory correctly 
>> (Peter Maydell)
>> 2726627197: exec.c: Factor out before/after actions for notdirty memory 
>> writes (Peter Maydell)
>> df83eabd52: qga: replace GetIfEntry with GetIfEntry2 for interface stats 
>> (ZhiPeng Lu)
>> 6cbf1ec85c: pc-bios/s390-ccw.img: update image (Cornelia Huck)
>> f516511ea8: linux-user: Fix calculation of auxv length (Peter Maydell)
>> b350ae138f: hw/arm: Silence xlnx-ep108 deprecation warning during tests 
>> (Thomas Huth)
>> b6e70d1d7f: hw/arm/aspeed: Unlock SCU when running kernel (Joel Stanley)
>> 50cd71b0d3: arm: check regime, not current state, for ATS write PAR format 
>> (Peter Maydell)
>> 2b75ef01ca: nvic: Fix ARMv7M MPU_RBAR reads (Peter Maydell)
>> 96a8b92ed8: target/arm: Report GICv3 sysregs present in ID registers if 
>> needed (Peter Maydell)
>> b11ce33fe0: Revert "cpu-exec: don't overwrite exception_index" (Peter 
>> Maydell)
>> 8775d91a0f: pc-bios/s390-ccw: Fix problem with invalid virtio-scsi LUN when 
>> rebooting (Thomas Huth)
>> 7337c6eb98: s390x/tcg: fix DIAG 308 with > 1 VCPU (MTTCG) (David Hildenbrand)
>> dc0bbef5e6: s390x: fix storing CPU status (again) (David Hildenbrand)
>> c527e0afcd: hw/net/vmxnet3: Fix code to work on big endian hosts, too 
>> (Thomas Huth)
>> 0dacea92d2: net: Transmit zero UDP checksum as 0x (Ed Swierk)
>> ebc2327f07: MAINTAINERS: Add missing entry for eepro100 emulation (Stefan 
>> Weil)
>> 8f8e8053d9: hw/net/eepro100: Fix endianness problem on big endian hosts 
>> (Thomas Huth)
>> 2ec405524e: Revert "Add new PCI ID for i82559a" (Jason Wang)
>> 4d36623520: colo-compare: fix the dangerous assignment (Mao Zhongyi)
>> 8251248394: spapr: reset DRCs after devices (Greg Kurz)
>> 7abd43baec: target/ppc: Update setting of cpu features to account for compat 
>> modes (Suraj Jitindar Singh)
>> c0012e9a22: iotests: Make 087 pass without AIO enabled (Max Reitz)
>> 5e003f17ec: block: Make bdrv_next() keep strong references (Max Reitz)
>> 08546bcfb2: qcow2: Fix overly broad madvise() (Max Reitz)
>> 4efb1f7c61: qcow2: Refuse to get unaligned offsets from cache (Max Reitz)
>> 23482f8a60: qcow2: Add bounds check to get_refblock_offset() (Max Reitz)
>> d470ad42ac: block: Guard against NULL bs->drv (Max Reitz)
>> 93bbaf03ff: qcow2: Unaligned zero cluster in handle_alloc() (Max Reitz)
>> 791fff504c: qcow2: check_errors are fatal (Max Reitz)
>> 3e3b838ffe: qcow2: reject unaligned offsets in write compressed (Anton 
>> Nefedov)

[Qemu-devel] [PATCH v6 18/26] tcg: Add generic vector ops for comparisons

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime.h  |  30 +++
 tcg/i386/tcg-target.h|   1 +
 tcg/tcg-op-gvec.h|   4 +
 tcg/tcg-op.h |   3 +
 tcg/tcg-opc.h|   2 +
 tcg/tcg.h|   1 +
 accel/tcg/tcg-runtime-gvec.c |  24 +
 tcg/tcg-op-gvec.c| 202 +++
 tcg/tcg-op-vec.c |  23 +
 tcg/tcg.c|   2 +
 tcg/README   |   4 +
 11 files changed, 296 insertions(+)

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index cb05a755b8..28abf30d76 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -193,3 +193,33 @@ DEF_HELPER_FLAGS_4(gvec_trn8, TCG_CALL_NO_RWG, void, ptr, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_trn16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_trn32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_trn64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_eq8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_eq16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_eq32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_eq64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_ne8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ne16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ne32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ne64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_lt8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_lt16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_lt32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_lt64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_le8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_le16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_le32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_le64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_ltu8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ltu16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ltu32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ltu64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_leu8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_leu16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_leu32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_leu64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index 92d533eb92..46c4dca7be 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -183,6 +183,7 @@ extern bool have_avx2;
 #define TCG_TARGET_HAS_zip_vec  0
 #define TCG_TARGET_HAS_uzp_vec  0
 #define TCG_TARGET_HAS_trn_vec  0
+#define TCG_TARGET_HAS_cmp_vec  0
 
 #define TCG_TARGET_deposit_i32_valid(ofs, len) \
 (((ofs) == 0 && (len) == 8) || ((ofs) == 8 && (len) == 8) || \
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
index de2c0e669a..308bdc13b4 100644
--- a/tcg/tcg-op-gvec.h
+++ b/tcg/tcg-op-gvec.h
@@ -178,6 +178,10 @@ void tcg_gen_gvec_trne(unsigned vece, uint32_t dofs, 
uint32_t aofs,
 void tcg_gen_gvec_trno(unsigned vece, uint32_t dofs, uint32_t aofs,
uint32_t bofs, uint32_t opsz, uint32_t clsz);
 
+void tcg_gen_gvec_cmp(TCGCond cond, unsigned vece, uint32_t dofs,
+  uint32_t aofs, uint32_t bofs,
+  uint32_t opsz, uint32_t clsz);
+
 /*
  * 64-bit vector operations.  Use these when the register has been allocated
  * with tcg_global_mem_new_i64, and so we cannot also address it via pointer.
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 83478ab006..b4f73c6048 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -939,6 +939,9 @@ void tcg_gen_uzpo_vec(unsigned vece, TCGv_vec r, TCGv_vec 
a, TCGv_vec b);
 void tcg_gen_trne_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 void tcg_gen_trno_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 
+void tcg_gen_cmp_vec(TCGCond cond, unsigned vece, TCGv_vec r,
+ TCGv_vec a, TCGv_vec b);
+
 void tcg_gen_ld_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset);
 void tcg_gen_st_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset);
 void tcg_gen_stl_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset, TCGType t);
diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index a085fc077b..d3fa014507 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -248,6 +248,8 @@ DEF(uzpo_vec, 1, 2, 0, IMPLVEC | 
IMPL(TCG_TARGET_HAS_uzp_vec))
 DEF(trne_vec, 1, 2, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_trn_vec))
 DEF(trno_vec,

[Qemu-devel] [PATCH] hw/input/hid: Fix some wrong hid usage mappings.

2017-11-21 Thread Tao Wu via Qemu-devel 
There are some wrong hid usage mapping in hid_usage_keys table.
It can be confirmed with "sendkey" command in monitor and verify
the behavior in guest OS.
This CL fixed some wrong hid usage mapping for these keys:

kp_equals kp_comma audiomute volumedown volumeup power

There still are some wrong mapping left in hid_usage_keys table, but
they are not as important as above keys. The list of left buggy keys:

open paste ro hiragana henkan yen again props undo front audioprev audionext
calculator audioplay audiostop cut find sleep ac_refresh stop ac_forward
ac_back help copy

Signed-off-by: Tao Wu 
---
 hw/input/hid.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/input/hid.c b/hw/input/hid.c
index 0d049ff61c..08a0f07bbf 100644
--- a/hw/input/hid.c
+++ b/hw/input/hid.c
@@ -47,24 +47,24 @@ static const uint8_t hid_usage_keys[0x100] = {
 0x3f, 0x40, 0x41, 0x42, 0x43, 0x53, 0x47, 0x5f,
 0x60, 0x61, 0x56, 0x5c, 0x5d, 0x5e, 0x57, 0x59,
 0x5a, 0x5b, 0x62, 0x63, 0x46, 0x00, 0x64, 0x44,
-0x45, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+0x45, 0x67, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
 0xe8, 0xe9, 0x71, 0x72, 0x73, 0x00, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x85, 0x00, 0x00, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0xe3, 0xe7, 0x65,
+0x00, 0x00, 0x00, 0x00, 0x00, 0xe3, 0x85, 0x65,
 
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x00, 0x58, 0xe4, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00, 0x46,
+0x7f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x00,
+0x80, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00, 0x46,
 0xe6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x48, 0x4a,
 0x52, 0x4b, 0x00, 0x50, 0x00, 0x4f, 0x00, 0x4d,
 0x51, 0x4e, 0x49, 0x4c, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0xe3, 0xe7, 0x65, 0x00, 0x00,
+0x00, 0x00, 0x00, 0xe3, 0xe7, 0x65, 0x66, 0x00,
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 
2.15.0.448.gf294e3d99a-goog

[Qemu-devel] [PATCH v6 17/26] target/arm: Use vector infrastructure for aa64 constant shifts

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 386 ++---
 tcg/tcg-op-gvec.c  |  18 ++-
 tcg/tcg-op-vec.c   |   9 +-
 3 files changed, 351 insertions(+), 62 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 8769b4505a..c47faa5633 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -6432,17 +6432,6 @@ static void handle_shri_with_rndacc(TCGv_i64 tcg_res, 
TCGv_i64 tcg_src,
 }
 }
 
-/* Common SHL/SLI - Shift left with an optional insert */
-static void handle_shli_with_ins(TCGv_i64 tcg_res, TCGv_i64 tcg_src,
- bool insert, int shift)
-{
-if (insert) { /* SLI */
-tcg_gen_deposit_i64(tcg_res, tcg_res, tcg_src, shift, 64 - shift);
-} else { /* SHL */
-tcg_gen_shli_i64(tcg_res, tcg_src, shift);
-}
-}
-
 /* SRI: shift right with insert */
 static void handle_shri_with_ins(TCGv_i64 tcg_res, TCGv_i64 tcg_src,
  int size, int shift)
@@ -6546,7 +6535,11 @@ static void handle_scalar_simd_shli(DisasContext *s, 
bool insert,
 tcg_rn = read_fp_dreg(s, rn);
 tcg_rd = insert ? read_fp_dreg(s, rd) : tcg_temp_new_i64();
 
-handle_shli_with_ins(tcg_rd, tcg_rn, insert, shift);
+if (insert) {
+tcg_gen_deposit_i64(tcg_rd, tcg_rd, tcg_rn, shift, 64 - shift);
+} else {
+tcg_gen_shli_i64(tcg_rd, tcg_rn, shift);
+}
 
 write_fp_dreg(s, rd, tcg_rd);
 
@@ -8283,16 +8276,195 @@ static void 
disas_simd_scalar_two_reg_misc(DisasContext *s, uint32_t insn)
 }
 }
 
+static void gen_ssra8_i64(TCGv_i64 d, TCGv_i64 a, unsigned shift)
+{
+tcg_gen_vec_sar8i_i64(a, a, shift);
+tcg_gen_vec_add8_i64(d, d, a);
+}
+
+static void gen_ssra16_i64(TCGv_i64 d, TCGv_i64 a, unsigned shift)
+{
+tcg_gen_vec_sar16i_i64(a, a, shift);
+tcg_gen_vec_add16_i64(d, d, a);
+}
+
+static void gen_ssra32_i32(TCGv_i32 d, TCGv_i32 a, unsigned shift)
+{
+tcg_gen_sari_i32(a, a, shift);
+tcg_gen_add_i32(d, d, a);
+}
+
+static void gen_ssra64_i64(TCGv_i64 d, TCGv_i64 a, unsigned shift)
+{
+tcg_gen_sari_i64(a, a, shift);
+tcg_gen_add_i64(d, d, a);
+}
+
+static void gen_ssra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, unsigned sh)
+{
+tcg_gen_sari_vec(vece, a, a, sh);
+tcg_gen_add_vec(vece, d, d, a);
+}
+
+static void gen_usra8_i64(TCGv_i64 d, TCGv_i64 a, unsigned shift)
+{
+tcg_gen_vec_shr8i_i64(a, a, shift);
+tcg_gen_vec_add8_i64(d, d, a);
+}
+
+static void gen_usra16_i64(TCGv_i64 d, TCGv_i64 a, unsigned shift)
+{
+tcg_gen_vec_shr16i_i64(a, a, shift);
+tcg_gen_vec_add16_i64(d, d, a);
+}
+
+static void gen_usra32_i32(TCGv_i32 d, TCGv_i32 a, unsigned shift)
+{
+tcg_gen_shri_i32(a, a, shift);
+tcg_gen_add_i32(d, d, a);
+}
+
+static void gen_usra64_i64(TCGv_i64 d, TCGv_i64 a, unsigned shift)
+{
+tcg_gen_shri_i64(a, a, shift);
+tcg_gen_add_i64(d, d, a);
+}
+
+static void gen_usra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, unsigned sh)
+{
+tcg_gen_shri_vec(vece, a, a, sh);
+tcg_gen_add_vec(vece, d, d, a);
+}
+
+static void gen_shr8_ins_i64(TCGv_i64 d, TCGv_i64 a, unsigned shift)
+{
+uint64_t mask = (0xff >> shift) * (-1ull / 0xff);
+TCGv_i64 t = tcg_temp_new_i64();
+
+tcg_gen_shri_i64(t, a, shift);
+tcg_gen_andi_i64(t, t, mask);
+tcg_gen_andi_i64(d, d, ~mask);
+tcg_gen_or_i64(d, d, t);
+tcg_temp_free_i64(t);
+}
+
+static void gen_shr16_ins_i64(TCGv_i64 d, TCGv_i64 a, unsigned shift)
+{
+uint64_t mask = (0x >> shift) * (-1ull / 0x);
+TCGv_i64 t = tcg_temp_new_i64();
+
+tcg_gen_shri_i64(t, a, shift);
+tcg_gen_andi_i64(t, t, mask);
+tcg_gen_andi_i64(d, d, ~mask);
+tcg_gen_or_i64(d, d, t);
+tcg_temp_free_i64(t);
+}
+
+static void gen_shr32_ins_i32(TCGv_i32 d, TCGv_i32 a, unsigned shift)
+{
+tcg_gen_shri_i32(a, a, shift);
+tcg_gen_deposit_i32(d, d, a, 0, 32 - shift);
+}
+
+static void gen_shr64_ins_i64(TCGv_i64 d, TCGv_i64 a, unsigned shift)
+{
+tcg_gen_shri_i64(a, a, shift);
+tcg_gen_deposit_i64(d, d, a, 0, 64 - shift);
+}
+
+static void gen_shr_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, unsigned sh)
+{
+uint64_t mask = (2ull << ((8 << vece) - 1)) - 1;
+TCGv_vec t = tcg_temp_new_vec_matching(d);
+TCGv_vec m = tcg_temp_new_vec_matching(d);
+
+tcg_gen_dupi_vec(vece, m, mask ^ (mask >> sh));
+tcg_gen_shri_vec(vece, t, a, sh);
+tcg_gen_and_vec(vece, d, d, m);
+tcg_gen_or_vec(vece, d, d, t);
+
+tcg_temp_free_vec(t);
+tcg_temp_free_vec(m);
+}
+
 /* SSHR[RA]/USHR[RA] - Vector shift right (optional rounding/accumulate) */
 static void handle_vec_simd_shri(DisasContext *s, bool is_q, bool is_u,
  int immh, int immb, int opcode, int rn, int 
rd)
 {
+static const GVecGen2i ssra_op[4] = {
+{ .fni8 = gen_ssra8_i64,
+  .fniv = gen_ssra_vec,
+

[Qemu-devel] [PATCH v6 23/26] tcg: Add generic vector ops for extension

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime.h  |   8 +++
 tcg/i386/tcg-target.h|   2 +
 tcg/tcg-op-gvec.h|   9 +++
 tcg/tcg-op.h |   5 ++
 tcg/tcg-opc.h|   5 ++
 tcg/tcg.h|   2 +
 accel/tcg/tcg-runtime-gvec.c |  26 
 tcg/tcg-op-gvec.c| 138 +++
 tcg/tcg-op-vec.c |  39 
 tcg/tcg.c|   6 ++
 tcg/README   |  13 
 11 files changed, 253 insertions(+)

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index c4a2e6b215..d1b3542946 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -199,6 +199,14 @@ DEF_HELPER_FLAGS_4(gvec_trn16, TCG_CALL_NO_RWG, void, ptr, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_trn32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_trn64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_3(gvec_extu8, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_extu16, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_extu32, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_exts8, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_exts16, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_exts32, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_4(gvec_eq8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_eq16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_eq32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index 949d138c9d..fedc3449c1 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -185,6 +185,8 @@ extern bool have_avx2;
 #define TCG_TARGET_HAS_trn_vec  0
 #define TCG_TARGET_HAS_cmp_vec  1
 #define TCG_TARGET_HAS_mul_vec  0
+#define TCG_TARGET_HAS_extl_vec 0
+#define TCG_TARGET_HAS_exth_vec 0
 
 #define TCG_TARGET_deposit_i32_valid(ofs, len) \
 (((ofs) == 0 && (len) == 8) || ((ofs) == 8 && (len) == 8) || \
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
index ad5e22e1bf..188c3368bd 100644
--- a/tcg/tcg-op-gvec.h
+++ b/tcg/tcg-op-gvec.h
@@ -180,6 +180,15 @@ void tcg_gen_gvec_trne(unsigned vece, uint32_t dofs, 
uint32_t aofs,
 void tcg_gen_gvec_trno(unsigned vece, uint32_t dofs, uint32_t aofs,
uint32_t bofs, uint32_t opsz, uint32_t clsz);
 
+void tcg_gen_gvec_extul(unsigned vece, uint32_t dofs, uint32_t aofs,
+uint32_t opsz, uint32_t clsz);
+void tcg_gen_gvec_extuh(unsigned vece, uint32_t dofs, uint32_t aofs,
+uint32_t opsz, uint32_t clsz);
+void tcg_gen_gvec_extsl(unsigned vece, uint32_t dofs, uint32_t aofs,
+uint32_t opsz, uint32_t clsz);
+void tcg_gen_gvec_extsh(unsigned vece, uint32_t dofs, uint32_t aofs,
+uint32_t opsz, uint32_t clsz);
+
 void tcg_gen_gvec_cmp(TCGCond cond, unsigned vece, uint32_t dofs,
   uint32_t aofs, uint32_t bofs,
   uint32_t opsz, uint32_t clsz);
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 3296a7baa5..a722c400c2 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -940,6 +940,11 @@ void tcg_gen_uzpo_vec(unsigned vece, TCGv_vec r, TCGv_vec 
a, TCGv_vec b);
 void tcg_gen_trne_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 void tcg_gen_trno_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 
+void tcg_gen_extul_vec(unsigned vece, TCGv_vec r, TCGv_vec a);
+void tcg_gen_extuh_vec(unsigned vece, TCGv_vec r, TCGv_vec a);
+void tcg_gen_extsl_vec(unsigned vece, TCGv_vec r, TCGv_vec a);
+void tcg_gen_extsh_vec(unsigned vece, TCGv_vec r, TCGv_vec a);
+
 void tcg_gen_cmp_vec(TCGCond cond, unsigned vece, TCGv_vec r,
  TCGv_vec a, TCGv_vec b);
 
diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index b21a30273c..3dfd872a0f 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -249,6 +249,11 @@ DEF(uzpo_vec, 1, 2, 0, IMPLVEC | 
IMPL(TCG_TARGET_HAS_uzp_vec))
 DEF(trne_vec, 1, 2, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_trn_vec))
 DEF(trno_vec, 1, 2, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_trn_vec))
 
+DEF(extul_vec, 1, 1, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_extl_vec))
+DEF(extuh_vec, 1, 1, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_exth_vec))
+DEF(extsl_vec, 1, 1, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_extl_vec))
+DEF(extsh_vec, 1, 1, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_exth_vec))
+
 DEF(cmp_vec, 1, 2, 1, IMPLVEC)
 
 DEF(last_generic, 0, 0, 0, TCG_OPF_NOT_PRESENT)
diff --git a/tcg/tcg.h b/tcg/tcg.h
index a729e66b66..b3dae8bcde 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -186,6 +186,8 @@ typedef uint64_t TCGRegSet;
 #define TCG_TARGET_HAS_trn_vec  0
 #define TCG_TARGET_HAS_cmp_vec  0
 #define TCG_TARGET_HAS_mul_vec  0
+#define TCG_TARGET_HAS_extl_vec 0
+#define TCG_TARGET_HAS_exth_vec

[Qemu-devel] [PATCH v6 15/26] target/arm: Use vector infrastructure for aa64 zip/uzp/trn/xtn

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 103 +++--
 1 file changed, 35 insertions(+), 68 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 55a4902fc2..8769b4505a 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -5576,11 +5576,7 @@ static void disas_simd_zip_trn(DisasContext *s, uint32_t 
insn)
 int opcode = extract32(insn, 12, 2);
 bool part = extract32(insn, 14, 1);
 bool is_q = extract32(insn, 30, 1);
-int esize = 8 << size;
-int i, ofs;
-int datasize = is_q ? 128 : 64;
-int elements = datasize / esize;
-TCGv_i64 tcg_res, tcg_resl, tcg_resh;
+GVecGen3Fn *gvec_fn;
 
 if (opcode == 0 || (size == 3 && !is_q)) {
 unallocated_encoding(s);
@@ -5591,60 +5587,24 @@ static void disas_simd_zip_trn(DisasContext *s, 
uint32_t insn)
 return;
 }
 
-tcg_resl = tcg_const_i64(0);
-tcg_resh = tcg_const_i64(0);
-tcg_res = tcg_temp_new_i64();
-
-for (i = 0; i < elements; i++) {
-switch (opcode) {
-case 1: /* UZP1/2 */
-{
-int midpoint = elements / 2;
-if (i < midpoint) {
-read_vec_element(s, tcg_res, rn, 2 * i + part, size);
-} else {
-read_vec_element(s, tcg_res, rm,
- 2 * (i - midpoint) + part, size);
-}
-break;
-}
-case 2: /* TRN1/2 */
-if (i & 1) {
-read_vec_element(s, tcg_res, rm, (i & ~1) + part, size);
-} else {
-read_vec_element(s, tcg_res, rn, (i & ~1) + part, size);
-}
-break;
-case 3: /* ZIP1/2 */
-{
-int base = part * elements / 2;
-if (i & 1) {
-read_vec_element(s, tcg_res, rm, base + (i >> 1), size);
-} else {
-read_vec_element(s, tcg_res, rn, base + (i >> 1), size);
-}
-break;
-}
-default:
-g_assert_not_reached();
-}
-
-ofs = i * esize;
-if (ofs < 64) {
-tcg_gen_shli_i64(tcg_res, tcg_res, ofs);
-tcg_gen_or_i64(tcg_resl, tcg_resl, tcg_res);
-} else {
-tcg_gen_shli_i64(tcg_res, tcg_res, ofs - 64);
-tcg_gen_or_i64(tcg_resh, tcg_resh, tcg_res);
-}
+switch (opcode) {
+case 1: /* UZP1/2 */
+gvec_fn = part ? tcg_gen_gvec_uzpo : tcg_gen_gvec_uzpe;
+break;
+case 2: /* TRN1/2 */
+gvec_fn = part ? tcg_gen_gvec_trno : tcg_gen_gvec_trne;
+break;
+case 3: /* ZIP1/2 */
+gvec_fn = part ? tcg_gen_gvec_ziph : tcg_gen_gvec_zipl;
+break;
+default:
+g_assert_not_reached();
 }
 
-tcg_temp_free_i64(tcg_res);
-
-write_vec_element(s, tcg_resl, rd, 0, MO_64);
-tcg_temp_free_i64(tcg_resl);
-write_vec_element(s, tcg_resh, rd, 1, MO_64);
-tcg_temp_free_i64(tcg_resh);
+gvec_fn(size, vec_full_reg_offset(s, rd),
+vec_full_reg_offset(s, rn),
+vec_full_reg_offset(s, rm),
+is_q ? 16 : 8, vec_full_reg_size(s));
 }
 
 static void do_minmaxop(DisasContext *s, TCGv_i32 tcg_elt1, TCGv_i32 tcg_elt2,
@@ -7922,6 +7882,22 @@ static void handle_2misc_narrow(DisasContext *s, bool 
scalar,
 int destelt = is_q ? 2 : 0;
 int passes = scalar ? 1 : 2;
 
+if (opcode == 0x12 && !u) { /* XTN, XTN2 */
+tcg_debug_assert(!scalar);
+if (is_q) { /* XTN2 */
+tcg_gen_gvec_uzpe(size, vec_reg_offset(s, rd, 1, MO_64),
+  vec_reg_offset(s, rn, 0, MO_64),
+  vec_reg_offset(s, rn, 1, MO_64),
+  8, vec_full_reg_size(s) - 8);
+} else {
+tcg_gen_gvec_uzpe(size, vec_reg_offset(s, rd, 0, MO_64),
+  vec_reg_offset(s, rn, 0, MO_64),
+  vec_reg_offset(s, rn, 1, MO_64),
+  8, vec_full_reg_size(s));
+}
+return;
+}
+
 if (scalar) {
 tcg_res[1] = tcg_const_i32(0);
 }
@@ -7939,23 +7915,14 @@ static void handle_2misc_narrow(DisasContext *s, bool 
scalar,
 tcg_res[pass] = tcg_temp_new_i32();
 
 switch (opcode) {
-case 0x12: /* XTN, SQXTUN */
+case 0x12: /* , SQXTUN */
 {
-static NeonGenNarrowFn * const xtnfns[3] = {
-gen_helper_neon_narrow_u8,
-gen_helper_neon_narrow_u16,
-tcg_gen_extrl_i64_i32,
-};
 static NeonGenNarrowEnvFn * const sqxtunfns[3] = {
 gen_helper_neon_unarrow_sat8,
 gen_helper_neon_unarrow_sat16,
 gen_helper_neon_unarrow_sat32,
 };
-if (u) {
-genenvfn = sqxtunfns[size];
-

[Qemu-devel] [PATCH v6 25/26] tcg/i386: Add vector operations/expansions for mul/extend

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.h |   4 +-
 tcg/i386/tcg-target.opc.h |   1 +
 tcg/i386/tcg-target.inc.c | 186 ++
 3 files changed, 174 insertions(+), 17 deletions(-)

diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index fedc3449c1..e77b95cc2c 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -184,8 +184,8 @@ extern bool have_avx2;
 #define TCG_TARGET_HAS_uzp_vec  0
 #define TCG_TARGET_HAS_trn_vec  0
 #define TCG_TARGET_HAS_cmp_vec  1
-#define TCG_TARGET_HAS_mul_vec  0
-#define TCG_TARGET_HAS_extl_vec 0
+#define TCG_TARGET_HAS_mul_vec  1
+#define TCG_TARGET_HAS_extl_vec 1
 #define TCG_TARGET_HAS_exth_vec 0
 
 #define TCG_TARGET_deposit_i32_valid(ofs, len) \
diff --git a/tcg/i386/tcg-target.opc.h b/tcg/i386/tcg-target.opc.h
index 77125ef818..5f05df65e0 100644
--- a/tcg/i386/tcg-target.opc.h
+++ b/tcg/i386/tcg-target.opc.h
@@ -8,3 +8,4 @@ DEF(x86_blend_vec, 1, 2, 1, IMPLVEC)
 DEF(x86_packss_vec, 1, 2, 0, IMPLVEC)
 DEF(x86_packus_vec, 1, 2, 0, IMPLVEC)
 DEF(x86_psrldq_vec, 1, 1, 1, IMPLVEC)
+DEF(x86_vperm2i128_vec, 1, 2, 1, IMPLVEC)
diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
index 694d9e5cb5..e61aeebf3e 100644
--- a/tcg/i386/tcg-target.inc.c
+++ b/tcg/i386/tcg-target.inc.c
@@ -393,6 +393,14 @@ static inline int tcg_target_const_match(tcg_target_long 
val, TCGType type,
 #define OPC_PCMPGTW (0x65 | P_EXT | P_DATA16)
 #define OPC_PCMPGTD (0x66 | P_EXT | P_DATA16)
 #define OPC_PCMPGTQ (0x37 | P_EXT38 | P_DATA16)
+#define OPC_PMOVSXBW(0x20 | P_EXT38 | P_DATA16)
+#define OPC_PMOVSXWD(0x23 | P_EXT38 | P_DATA16)
+#define OPC_PMOVSXDQ(0x25 | P_EXT38 | P_DATA16)
+#define OPC_PMOVZXBW(0x30 | P_EXT38 | P_DATA16)
+#define OPC_PMOVZXWD(0x33 | P_EXT38 | P_DATA16)
+#define OPC_PMOVZXDQ(0x35 | P_EXT38 | P_DATA16)
+#define OPC_PMULLW  (0xd5 | P_EXT | P_DATA16)
+#define OPC_PMULLD  (0x40 | P_EXT38 | P_DATA16)
 #define OPC_POR (0xeb | P_EXT | P_DATA16)
 #define OPC_PSHUFB  (0x00 | P_EXT38 | P_DATA16)
 #define OPC_PSHUFD  (0x70 | P_EXT | P_DATA16)
@@ -2675,6 +2683,9 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 static int const sub_insn[4] = {
 OPC_PSUBB, OPC_PSUBW, OPC_PSUBD, OPC_PSUBQ
 };
+static int const mul_insn[4] = {
+OPC_UD2, OPC_PMULLW, OPC_PMULLD, OPC_UD2
+};
 static int const shift_imm_insn[4] = {
 OPC_UD2, OPC_PSHIFTW_Ib, OPC_PSHIFTD_Ib, OPC_PSHIFTQ_Ib
 };
@@ -2690,6 +2701,18 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 static int const punpckh_insn[4] = {
 OPC_PUNPCKHBW, OPC_PUNPCKHWD, OPC_PUNPCKHDQ, OPC_PUNPCKHQDQ
 };
+static int const packss_insn[4] = {
+OPC_PACKSSWB, OPC_PACKSSDW, OPC_UD2, OPC_UD2
+};
+static int const packus_insn[4] = {
+OPC_PACKUSWB, OPC_PACKUSDW, OPC_UD2, OPC_UD2
+};
+static int const pmovsx_insn[3] = {
+OPC_PMOVSXBW, OPC_PMOVSXWD, OPC_PMOVSXDQ
+};
+static int const pmovzx_insn[3] = {
+OPC_PMOVZXBW, OPC_PMOVZXWD, OPC_PMOVZXDQ
+};
 
 TCGType type = vecl + TCG_TYPE_V64;
 int insn, sub;
@@ -2706,6 +2729,9 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 case INDEX_op_sub_vec:
 insn = sub_insn[vece];
 goto gen_simd;
+case INDEX_op_mul_vec:
+insn = mul_insn[vece];
+goto gen_simd;
 case INDEX_op_and_vec:
 insn = OPC_PAND;
 goto gen_simd;
@@ -2722,30 +2748,33 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 insn = punpckh_insn[vece];
 goto gen_simd;
 case INDEX_op_x86_packss_vec:
-if (vece == MO_8) {
-insn = OPC_PACKSSWB;
-} else if (vece == MO_16) {
-insn = OPC_PACKSSDW;
-} else {
-g_assert_not_reached();
-}
+insn = packss_insn[vece];
 goto gen_simd;
 case INDEX_op_x86_packus_vec:
-if (vece == MO_8) {
-insn = OPC_PACKUSWB;
-} else if (vece == MO_16) {
-insn = OPC_PACKUSDW;
-} else {
-g_assert_not_reached();
-}
+insn = packus_insn[vece];
 goto gen_simd;
 gen_simd:
+tcg_debug_assert(insn != OPC_UD2);
 if (type == TCG_TYPE_V256) {
 insn |= P_VEXL;
 }
 tcg_out_vex_modrm(s, insn, a0, a1, a2);
 break;
 
+case INDEX_op_extsl_vec:
+insn = pmovsx_insn[vece];
+goto gen_simd2;
+case INDEX_op_extul_vec:
+insn = pmovzx_insn[vece];
+goto gen_simd2;
+gen_simd2:
+tcg_debug_assert(vece < MO_64);
+if (type == TCG_TYPE_V256) {
+insn |= P_VEXL;
+}
+tcg_out_vex_modrm(s, insn, a0, 0, a1);
+break;
+
 case INDEX_op_cmp_vec:
 sub = args[3];
 if

[Qemu-devel] [PATCH v6 19/26] target/arm: Use vector infrastructure for aa64 compares

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 96 ++
 1 file changed, 62 insertions(+), 34 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index c47faa5633..1ea7e37b03 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -7115,6 +7115,28 @@ static void 
disas_simd_scalar_three_reg_diff(DisasContext *s, uint32_t insn)
 }
 }
 
+/* CMTST : test is "if (X & Y != 0)". */
+static void gen_cmtst_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+tcg_gen_and_i32(d, a, b);
+tcg_gen_setcondi_i32(TCG_COND_NE, d, d, 0);
+tcg_gen_neg_i32(d, d);
+}
+
+static void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
+{
+tcg_gen_and_i64(d, a, b);
+tcg_gen_setcondi_i64(TCG_COND_NE, d, d, 0);
+tcg_gen_neg_i64(d, d);
+}
+
+static void gen_cmtst_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
+{
+tcg_gen_and_vec(vece, d, a, b);
+tcg_gen_dupi_vec(vece, a, 0);
+tcg_gen_cmp_vec(TCG_COND_NE, vece, d, d, a);
+}
+
 static void handle_3same_64(DisasContext *s, int opcode, bool u,
 TCGv_i64 tcg_rd, TCGv_i64 tcg_rn, TCGv_i64 tcg_rm)
 {
@@ -7158,10 +7180,7 @@ static void handle_3same_64(DisasContext *s, int opcode, 
bool u,
 cond = TCG_COND_EQ;
 goto do_cmop;
 }
-/* CMTST : test is "if (X & Y != 0)". */
-tcg_gen_and_i64(tcg_rd, tcg_rn, tcg_rm);
-tcg_gen_setcondi_i64(TCG_COND_NE, tcg_rd, tcg_rd, 0);
-tcg_gen_neg_i64(tcg_rd, tcg_rd);
+gen_cmtst_i64(tcg_rd, tcg_rn, tcg_rm);
 break;
 case 0x8: /* SSHL, USHL */
 if (u) {
@@ -9684,6 +9703,7 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 int rd = extract32(insn, 0, 5);
 int pass;
 GVecGen3Fn *gvec_op;
+TCGCond cond;
 
 switch (opcode) {
 case 0x13: /* MUL, PMUL */
@@ -9731,6 +9751,44 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 vec_full_reg_offset(s, rm),
 is_q ? 16 : 8, vec_full_reg_size(s));
 return;
+case 0x11:
+if (u) { /* CMEQ */
+cond = TCG_COND_EQ;
+goto do_gvec_cmp;
+} else { /* CMTST */
+static const GVecGen3 cmtst_op[4] = {
+{ .fni4 = gen_helper_neon_tst_u8,
+  .fniv = gen_cmtst_vec,
+  .vece = MO_8 },
+{ .fni4 = gen_helper_neon_tst_u16,
+  .fniv = gen_cmtst_vec,
+  .vece = MO_16 },
+{ .fni4 = gen_cmtst_i32,
+  .fniv = gen_cmtst_vec,
+  .vece = MO_32 },
+{ .fni8 = gen_cmtst_i64,
+  .fniv = gen_cmtst_vec,
+  .prefer_i64 = TCG_TARGET_REG_BITS == 64,
+  .vece = MO_64 },
+};
+tcg_gen_gvec_3(vec_full_reg_offset(s, rd),
+   vec_full_reg_offset(s, rn),
+   vec_full_reg_offset(s, rm),
+   is_q ? 16 : 8, vec_full_reg_size(s),
+   _op[size]);
+}
+return;
+case 0x06: /* CMGT, CMHI */
+cond = u ? TCG_COND_GTU : TCG_COND_GT;
+goto do_gvec_cmp;
+case 0x07: /* CMGE, CMHS */
+cond = u ? TCG_COND_GEU : TCG_COND_GE;
+do_gvec_cmp:
+tcg_gen_gvec_cmp(cond, size, vec_full_reg_offset(s, rd),
+ vec_full_reg_offset(s, rn),
+ vec_full_reg_offset(s, rm),
+ is_q ? 16 : 8, vec_full_reg_size(s));
+return;
 }
 
 if (size == 3) {
@@ -9813,26 +9871,6 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 genenvfn = fns[size][u];
 break;
 }
-case 0x6: /* CMGT, CMHI */
-{
-static NeonGenTwoOpFn * const fns[3][2] = {
-{ gen_helper_neon_cgt_s8, gen_helper_neon_cgt_u8 },
-{ gen_helper_neon_cgt_s16, gen_helper_neon_cgt_u16 },
-{ gen_helper_neon_cgt_s32, gen_helper_neon_cgt_u32 },
-};
-genfn = fns[size][u];
-break;
-}
-case 0x7: /* CMGE, CMHS */
-{
-static NeonGenTwoOpFn * const fns[3][2] = {
-{ gen_helper_neon_cge_s8, gen_helper_neon_cge_u8 },
-{ gen_helper_neon_cge_s16, gen_helper_neon_cge_u16 },
-{ gen_helper_neon_cge_s32, gen_helper_neon_cge_u32 },
-};
-genfn = fns[size][u];
-break;
-}
 case 0x8: /* SSHL, USHL */
 {
 static NeonGenTwoOpFn * const fns[3][2] = {
@@ -9905,16 +9943,6 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 genfn

[Qemu-devel] [Bug 1728256] Re: Memory corruption in Windows 10 guest / amd64

2017-11-21 Thread Jimi 
I just reported the bug in the kernel:
https://bugzilla.kernel.org/show_bug.cgi?id=197951

If you reported or commented on the bug here, please go comment on that
report confirming as well. A lot of open-source bugzilla projects tend
to rarely pay attention to bug reports that only one person has
confirmed/reported.

** Bug watch added: Linux Kernel Bug Tracker #197951
   https://bugzilla.kernel.org/show_bug.cgi?id=197951

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1728256

Title:
  Memory corruption in Windows 10 guest / amd64

Status in QEMU:
  New

Bug description:
  I have a Win 10 Pro x64 guest inside a qemu/kvm running on an Arch x86_64 
host. The VM has a physical GPU passed through, as well as the physical USB 
controllers, as well as a dedicated SSD attached via SATA; you can find the 
complete libvirt xml here: https://pastebin.com/U1ZAXBNg
  I built qemu from source using the qemu-minimal-git AUR package; you can find 
the build script here: 
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=qemu-minimal-git (if you 
aren't familiar with Arch, this is essentially a bash script where build() and 
package() are run to build the files, and then install them into the $pkgdir to 
later tar them up.)

  Starting with qemu v2.10.0, Windows crashes randomly with a bluescreen
  about CRITICAL_STRUCTURE_CORRUPTION. I also tested the git heads
  f90ea7ba7c, 861cd431c9 and e822e81e35, before I went back to v2.9.0,
  which is running stable for over 50 hours right now.

  During my tests I found that locking the memory pages alleviates the
  problem somewhat, but never completely avoids it. However, with the
  crashes occuring randomly, that could as well be false conclusions; I
  had crashes within minutes after boot with that too.

  I will now start `git bisect`ing; if you have any other suggestions on
  what I could try or possible patches feel free to leave them with me.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1728256/+subscriptions

[Qemu-devel] [PATCH v6 12/26] tcg/i386: Add vector operations

2017-11-21 Thread Richard Henderson 
The x86 vector instruction set is extremely irregular.  With newer
editions, Intel has filled in some of the blanks.  However, we don't
get many 64-bit operations until SSE4.2, introduced in 2009.

The subsequent edition was for AVX1, introduced in 2011, which added
three-operand addressing, and adjusts how all instructions should be
encoded.

Given the relatively narrow 2 year window between possible to support
and desirable to support, and to vastly simplify code maintainence,
I am only planning to support AVX1 and later cpus.

Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.h |  36 ++-
 tcg/i386/tcg-target.inc.c | 561 ++
 2 files changed, 546 insertions(+), 51 deletions(-)

diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index b89dababf4..f9d3fc4a93 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -30,10 +30,10 @@
 
 #ifdef __x86_64__
 # define TCG_TARGET_REG_BITS  64
-# define TCG_TARGET_NB_REGS   16
+# define TCG_TARGET_NB_REGS   32
 #else
 # define TCG_TARGET_REG_BITS  32
-# define TCG_TARGET_NB_REGS8
+# define TCG_TARGET_NB_REGS   24
 #endif
 
 typedef enum {
@@ -56,6 +56,26 @@ typedef enum {
 TCG_REG_R13,
 TCG_REG_R14,
 TCG_REG_R15,
+
+TCG_REG_XMM0,
+TCG_REG_XMM1,
+TCG_REG_XMM2,
+TCG_REG_XMM3,
+TCG_REG_XMM4,
+TCG_REG_XMM5,
+TCG_REG_XMM6,
+TCG_REG_XMM7,
+
+/* 64-bit registers; likewise always define.  */
+TCG_REG_XMM8,
+TCG_REG_XMM9,
+TCG_REG_XMM10,
+TCG_REG_XMM11,
+TCG_REG_XMM12,
+TCG_REG_XMM13,
+TCG_REG_XMM14,
+TCG_REG_XMM15,
+
 TCG_REG_RAX = TCG_REG_EAX,
 TCG_REG_RCX = TCG_REG_ECX,
 TCG_REG_RDX = TCG_REG_EDX,
@@ -77,6 +97,8 @@ typedef enum {
 
 extern bool have_bmi1;
 extern bool have_popcnt;
+extern bool have_avx1;
+extern bool have_avx2;
 
 /* optional instructions */
 #define TCG_TARGET_HAS_div2_i32 1
@@ -146,6 +168,16 @@ extern bool have_popcnt;
 #define TCG_TARGET_HAS_mulsh_i640
 #endif
 
+/* We do not support older SSE systems, only beginning with AVX1.  */
+#define TCG_TARGET_HAS_v64  have_avx1
+#define TCG_TARGET_HAS_v128 have_avx1
+#define TCG_TARGET_HAS_v256 have_avx2
+
+#define TCG_TARGET_HAS_andc_vec 1
+#define TCG_TARGET_HAS_orc_vec  0
+#define TCG_TARGET_HAS_not_vec  0
+#define TCG_TARGET_HAS_neg_vec  0
+
 #define TCG_TARGET_deposit_i32_valid(ofs, len) \
 (((ofs) == 0 && (len) == 8) || ((ofs) == 8 && (len) == 8) || \
  ((ofs) == 0 && (len) == 16))
diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
index 63d27f10e7..e9a4d92598 100644
--- a/tcg/i386/tcg-target.inc.c
+++ b/tcg/i386/tcg-target.inc.c
@@ -28,10 +28,15 @@
 static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
 #if TCG_TARGET_REG_BITS == 64
 "%rax", "%rcx", "%rdx", "%rbx", "%rsp", "%rbp", "%rsi", "%rdi",
-"%r8",  "%r9",  "%r10", "%r11", "%r12", "%r13", "%r14", "%r15",
 #else
 "%eax", "%ecx", "%edx", "%ebx", "%esp", "%ebp", "%esi", "%edi",
 #endif
+"%r8",  "%r9",  "%r10", "%r11", "%r12", "%r13", "%r14", "%r15",
+"%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7",
+#if TCG_TARGET_REG_BITS == 64
+"%xmm8", "%xmm9", "%xmm10", "%xmm11",
+"%xmm12", "%xmm13", "%xmm14", "%xmm15",
+#endif
 };
 #endif
 
@@ -61,6 +66,28 @@ static const int tcg_target_reg_alloc_order[] = {
 TCG_REG_EDX,
 TCG_REG_EAX,
 #endif
+TCG_REG_XMM0,
+TCG_REG_XMM1,
+TCG_REG_XMM2,
+TCG_REG_XMM3,
+TCG_REG_XMM4,
+TCG_REG_XMM5,
+#ifndef _WIN64
+/* The Win64 ABI has xmm6-xmm15 as caller-saves, and we do not save
+   any of them.  Therefore only allow xmm0-xmm5 to be allocated.  */
+TCG_REG_XMM6,
+TCG_REG_XMM7,
+#if TCG_TARGET_REG_BITS == 64
+TCG_REG_XMM8,
+TCG_REG_XMM9,
+TCG_REG_XMM10,
+TCG_REG_XMM11,
+TCG_REG_XMM12,
+TCG_REG_XMM13,
+TCG_REG_XMM14,
+TCG_REG_XMM15,
+#endif
+#endif
 };
 
 static const int tcg_target_call_iarg_regs[] = {
@@ -94,7 +121,7 @@ static const int tcg_target_call_oarg_regs[] = {
 #define TCG_CT_CONST_I32 0x400
 #define TCG_CT_CONST_WSZ 0x800
 
-/* Registers used with L constraint, which are the first argument 
+/* Registers used with L constraint, which are the first argument
registers on x86_64, and two random call clobbered registers on
i386. */
 #if TCG_TARGET_REG_BITS == 64
@@ -125,6 +152,8 @@ static bool have_cmov;
it there.  Therefore we always define the variable.  */
 bool have_bmi1;
 bool have_popcnt;
+bool have_avx1;
+bool have_avx2;
 
 #ifdef CONFIG_CPUID_H
 static bool have_movbe;
@@ -148,6 +177,8 @@ static void patch_reloc(tcg_insn_unit *code_ptr, int type,
 if (value != (int32_t)value) {
 tcg_abort();
 }
+/* FALLTHRU */
+case R_386_32:
 tcg_patch32(code_ptr, value);
 break;
 case R_386_PC8:
@@ -162,6

[Qemu-devel] [PATCH v6 24/26] target/arm: Use vector infrastructure for aa64 widening shifts

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 29 -
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index c47d9caa49..1f7e9c4e19 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -8705,12 +8705,7 @@ static void handle_vec_simd_wshli(DisasContext *s, bool 
is_q, bool is_u,
 int size = 32 - clz32(immh) - 1;
 int immhb = immh << 3 | immb;
 int shift = immhb - (8 << size);
-int dsize = 64;
-int esize = 8 << size;
-int elements = dsize/esize;
-TCGv_i64 tcg_rn = new_tmp_a64(s);
-TCGv_i64 tcg_rd = new_tmp_a64(s);
-int i;
+GVecGen2Fn *gvec_fn;
 
 if (size >= 3) {
 unallocated_encoding(s);
@@ -8721,18 +8716,18 @@ static void handle_vec_simd_wshli(DisasContext *s, bool 
is_q, bool is_u,
 return;
 }
 
-/* For the LL variants the store is larger than the load,
- * so if rd == rn we would overwrite parts of our input.
- * So load everything right now and use shifts in the main loop.
- */
-read_vec_element(s, tcg_rn, rn, is_q ? 1 : 0, MO_64);
-
-for (i = 0; i < elements; i++) {
-tcg_gen_shri_i64(tcg_rd, tcg_rn, i * esize);
-ext_and_shift_reg(tcg_rd, tcg_rd, size | (!is_u << 2), 0);
-tcg_gen_shli_i64(tcg_rd, tcg_rd, shift);
-write_vec_element(s, tcg_rd, rd, i, size + 1);
+if (is_u) {
+gvec_fn = is_q ? tcg_gen_gvec_extuh : tcg_gen_gvec_extul;
+} else {
+gvec_fn = is_q ? tcg_gen_gvec_extsh : tcg_gen_gvec_extsl;
 }
+gvec_fn(size, vec_full_reg_offset(s, rd),
+vec_full_reg_offset(s, rn), 16, 16);
+
+/* Perform the shift in the wider format.  */
+tcg_gen_gvec_shli(size + 1, vec_full_reg_offset(s, rd),
+  vec_full_reg_offset(s, rd),
+  16, vec_full_reg_size(s), shift);
 }
 
 /* SHRN/RSHRN - Shift right with narrowing (and potential rounding) */
-- 
2.13.6

[Qemu-devel] [PATCH v6 14/26] tcg: Add generic vector ops for interleave

2017-11-21 Thread Richard Henderson 
Includes zip, unzip, and transform.

Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime.h  |  15 ++
 tcg/i386/tcg-target.h|   3 +
 tcg/tcg-op-gvec.h|  17 +++
 tcg/tcg-op.h |   6 +
 tcg/tcg-opc.h|   7 +
 tcg/tcg.h|   3 +
 accel/tcg/tcg-runtime-gvec.c |  78 ++
 tcg/tcg-op-gvec.c| 337 ++-
 tcg/tcg-op-vec.c |  55 +++
 tcg/tcg.c|   9 ++
 tcg/README   |  40 +
 11 files changed, 562 insertions(+), 8 deletions(-)

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index 76ee41ce58..c6de749134 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -163,3 +163,18 @@ DEF_HELPER_FLAGS_4(gvec_or, TCG_CALL_NO_RWG, void, ptr, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_xor, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_andc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_orc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_zip8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_zip16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_zip32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_zip64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_uzp8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_uzp16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_uzp32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_uzp64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_trn8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_trn16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_trn32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_trn64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index f9d3fc4a93..ff0ad7dcdb 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -177,6 +177,9 @@ extern bool have_avx2;
 #define TCG_TARGET_HAS_orc_vec  0
 #define TCG_TARGET_HAS_not_vec  0
 #define TCG_TARGET_HAS_neg_vec  0
+#define TCG_TARGET_HAS_zip_vec  0
+#define TCG_TARGET_HAS_uzp_vec  0
+#define TCG_TARGET_HAS_trn_vec  0
 
 #define TCG_TARGET_deposit_i32_valid(ofs, len) \
 (((ofs) == 0 && (len) == 8) || ((ofs) == 8 && (len) == 8) || \
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
index 95739946ff..64270a3c74 100644
--- a/tcg/tcg-op-gvec.h
+++ b/tcg/tcg-op-gvec.h
@@ -66,6 +66,8 @@ typedef struct {
 gen_helper_gvec_2 *fno;
 /* The opcode, if any, to which this corresponds.  */
 TCGOpcode opc;
+/* The data argument to the out-of-line helper.  */
+uint32_t data;
 /* The vector element size, if applicable.  */
 uint8_t vece;
 /* Prefer i64 to v64.  */
@@ -83,6 +85,8 @@ typedef struct {
 gen_helper_gvec_3 *fno;
 /* The opcode, if any, to which this corresponds.  */
 TCGOpcode opc;
+/* The data argument to the out-of-line helper.  */
+uint32_t data;
 /* The vector element size, if applicable.  */
 uint8_t vece;
 /* Prefer i64 to v64.  */
@@ -133,6 +137,19 @@ void tcg_gen_gvec_dup16i(uint32_t dofs, uint32_t s, 
uint32_t m, uint16_t x);
 void tcg_gen_gvec_dup32i(uint32_t dofs, uint32_t s, uint32_t m, uint32_t x);
 void tcg_gen_gvec_dup64i(uint32_t dofs, uint32_t s, uint32_t m, uint64_t x);
 
+void tcg_gen_gvec_zipl(unsigned vece, uint32_t dofs, uint32_t aofs,
+   uint32_t bofs, uint32_t opsz, uint32_t clsz);
+void tcg_gen_gvec_ziph(unsigned vece, uint32_t dofs, uint32_t aofs,
+   uint32_t bofs, uint32_t opsz, uint32_t clsz);
+void tcg_gen_gvec_uzpe(unsigned vece, uint32_t dofs, uint32_t aofs,
+   uint32_t bofs, uint32_t opsz, uint32_t clsz);
+void tcg_gen_gvec_uzpo(unsigned vece, uint32_t dofs, uint32_t aofs,
+   uint32_t bofs, uint32_t opsz, uint32_t clsz);
+void tcg_gen_gvec_trne(unsigned vece, uint32_t dofs, uint32_t aofs,
+   uint32_t bofs, uint32_t opsz, uint32_t clsz);
+void tcg_gen_gvec_trno(unsigned vece, uint32_t dofs, uint32_t aofs,
+   uint32_t bofs, uint32_t opsz, uint32_t clsz);
+
 /*
  * 64-bit vector operations.  Use these when the register has been allocated
  * with tcg_global_mem_new_i64, and so we cannot also address it via pointer.
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 5f49785cb3..733e29b5f8 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -927,6 +927,12 @@ void tcg_gen_andc_vec(unsigned vece, TCGv_vec r, TCGv_vec 
a, TCGv_vec b);
 void tcg_gen_orc_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 void tcg_gen_not_vec(unsigned vece, TCGv_vec r, TCGv_vec a);
 void

[Qemu-devel] [PATCH v6 09/26] target/arm: Use vector infrastructure for aa64 add/sub/logic

2017-11-21 Thread Richard Henderson 
Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 207 +
 1 file changed, 134 insertions(+), 73 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index ba94f7d045..572af456d1 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -21,6 +21,7 @@
 #include "cpu.h"
 #include "exec/exec-all.h"
 #include "tcg-op.h"
+#include "tcg-op-gvec.h"
 #include "qemu/log.h"
 #include "arm_ldst.h"
 #include "translate.h"
@@ -83,6 +84,10 @@ typedef void NeonGenOneOpFn(TCGv_i64, TCGv_i64);
 typedef void CryptoTwoOpEnvFn(TCGv_ptr, TCGv_i32, TCGv_i32);
 typedef void CryptoThreeOpEnvFn(TCGv_ptr, TCGv_i32, TCGv_i32, TCGv_i32);
 
+/* Note that the gvec expanders operate on offsets + sizes.  */
+typedef void GVecGen3Fn(unsigned, uint32_t, uint32_t,
+uint32_t, uint32_t, uint32_t);
+
 /* initialize TCG globals.  */
 void a64_translate_init(void)
 {
@@ -535,6 +540,21 @@ static inline int vec_reg_offset(DisasContext *s, int 
regno,
 return offs;
 }
 
+/* Return the offset info CPUARMState of the "whole" vector register Qn.  */
+static inline int vec_full_reg_offset(DisasContext *s, int regno)
+{
+assert_fp_access_checked(s);
+return offsetof(CPUARMState, vfp.regs[regno * 2]);
+}
+
+/* Return the byte size of the "whole" vector register, VL / 8.  */
+static inline int vec_full_reg_size(DisasContext *s)
+{
+/* FIXME SVE: We should put the composite ZCR_EL* value into tb->flags.
+   In the meantime this is just the AdvSIMD length of 128.  */
+return 128 / 8;
+}
+
 /* Return the offset into CPUARMState of a slice (from
  * the least significant end) of FP register Qn (ie
  * Dn, Sn, Hn or Bn).
@@ -9048,85 +9068,125 @@ static void disas_simd_three_reg_diff(DisasContext *s, 
uint32_t insn)
 }
 }
 
+static void gen_bsl_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
+{
+tcg_gen_xor_i64(rn, rn, rm);
+tcg_gen_and_i64(rn, rn, rd);
+tcg_gen_xor_i64(rd, rm, rn);
+}
+
+static void gen_bit_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
+{
+tcg_gen_xor_i64(rn, rn, rd);
+tcg_gen_and_i64(rn, rn, rm);
+tcg_gen_xor_i64(rd, rd, rn);
+}
+
+static void gen_bif_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
+{
+tcg_gen_xor_i64(rn, rn, rd);
+tcg_gen_andc_i64(rn, rn, rm);
+tcg_gen_xor_i64(rd, rd, rn);
+}
+
+static void gen_bsl_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
+{
+tcg_gen_xor_vec(vece, rn, rn, rm);
+tcg_gen_and_vec(vece, rn, rn, rd);
+tcg_gen_xor_vec(vece, rd, rm, rn);
+}
+
+static void gen_bit_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
+{
+tcg_gen_xor_vec(vece, rn, rn, rd);
+tcg_gen_and_vec(vece, rn, rn, rm);
+tcg_gen_xor_vec(vece, rd, rd, rn);
+}
+
+static void gen_bif_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
+{
+tcg_gen_xor_vec(vece, rn, rn, rd);
+tcg_gen_andc_vec(vece, rn, rn, rm);
+tcg_gen_xor_vec(vece, rd, rd, rn);
+}
+
 /* Logic op (opcode == 3) subgroup of C3.6.16. */
 static void disas_simd_3same_logic(DisasContext *s, uint32_t insn)
 {
+static const GVecGen3 bsl_op = {
+.fni8 = gen_bsl_i64,
+.fniv = gen_bsl_vec,
+.prefer_i64 = TCG_TARGET_REG_BITS == 64,
+.load_dest = true
+};
+static const GVecGen3 bit_op = {
+.fni8 = gen_bit_i64,
+.fniv = gen_bit_vec,
+.prefer_i64 = TCG_TARGET_REG_BITS == 64,
+.load_dest = true
+};
+static const GVecGen3 bif_op = {
+.fni8 = gen_bif_i64,
+.fniv = gen_bif_vec,
+.prefer_i64 = TCG_TARGET_REG_BITS == 64,
+.load_dest = true
+};
+
 int rd = extract32(insn, 0, 5);
 int rn = extract32(insn, 5, 5);
 int rm = extract32(insn, 16, 5);
 int size = extract32(insn, 22, 2);
 bool is_u = extract32(insn, 29, 1);
 bool is_q = extract32(insn, 30, 1);
-TCGv_i64 tcg_op1, tcg_op2, tcg_res[2];
-int pass;
+GVecGen3Fn *gvec_fn;
+const GVecGen3 *gvec_op;
 
 if (!fp_access_check(s)) {
 return;
 }
 
-tcg_op1 = tcg_temp_new_i64();
-tcg_op2 = tcg_temp_new_i64();
-tcg_res[0] = tcg_temp_new_i64();
-tcg_res[1] = tcg_temp_new_i64();
-
-for (pass = 0; pass < (is_q ? 2 : 1); pass++) {
-read_vec_element(s, tcg_op1, rn, pass, MO_64);
-read_vec_element(s, tcg_op2, rm, pass, MO_64);
-
-if (!is_u) {
-switch (size) {
-case 0: /* AND */
-tcg_gen_and_i64(tcg_res[pass], tcg_op1, tcg_op2);
-break;
-case 1: /* BIC */
-tcg_gen_andc_i64(tcg_res[pass], tcg_op1, tcg_op2);
-break;
-case 2: /* ORR */
-tcg_gen_or_i64(tcg_res[pass], tcg_op1, tcg_op2);
-break;
-case 3: /* ORN */
-tcg_gen_orc_i64(tcg_res[pass], tcg_op1, tcg_op2);
-

[Qemu-devel] [PATCH v6 20/26] tcg/i386: Add vector operations/expansions for shift/cmp/interleave

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.h |   6 +-
 tcg/i386/tcg-target.opc.h |   7 +
 tcg/i386/tcg-target.inc.c | 595 +-
 3 files changed, 598 insertions(+), 10 deletions(-)

diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index 46c4dca7be..60d3684750 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -177,13 +177,13 @@ extern bool have_avx2;
 #define TCG_TARGET_HAS_orc_vec  0
 #define TCG_TARGET_HAS_not_vec  0
 #define TCG_TARGET_HAS_neg_vec  0
-#define TCG_TARGET_HAS_shi_vec  0
+#define TCG_TARGET_HAS_shi_vec  1
 #define TCG_TARGET_HAS_shs_vec  0
 #define TCG_TARGET_HAS_shv_vec  0
-#define TCG_TARGET_HAS_zip_vec  0
+#define TCG_TARGET_HAS_zip_vec  1
 #define TCG_TARGET_HAS_uzp_vec  0
 #define TCG_TARGET_HAS_trn_vec  0
-#define TCG_TARGET_HAS_cmp_vec  0
+#define TCG_TARGET_HAS_cmp_vec  1
 
 #define TCG_TARGET_deposit_i32_valid(ofs, len) \
 (((ofs) == 0 && (len) == 8) || ((ofs) == 8 && (len) == 8) || \
diff --git a/tcg/i386/tcg-target.opc.h b/tcg/i386/tcg-target.opc.h
index 4816a6c3d4..77125ef818 100644
--- a/tcg/i386/tcg-target.opc.h
+++ b/tcg/i386/tcg-target.opc.h
@@ -1,3 +1,10 @@
 /* Target-specific opcodes for host vector expansion.  These will be
emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
consider these to be UNSPEC with names.  */
+
+DEF(x86_shufps_vec, 1, 2, 1, IMPLVEC)
+DEF(x86_vpblendvb_vec, 1, 3, 0, IMPLVEC)
+DEF(x86_blend_vec, 1, 2, 1, IMPLVEC)
+DEF(x86_packss_vec, 1, 2, 0, IMPLVEC)
+DEF(x86_packus_vec, 1, 2, 0, IMPLVEC)
+DEF(x86_psrldq_vec, 1, 1, 1, IMPLVEC)
diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
index 062cf16607..694d9e5cb5 100644
--- a/tcg/i386/tcg-target.inc.c
+++ b/tcg/i386/tcg-target.inc.c
@@ -324,6 +324,7 @@ static inline int tcg_target_const_match(tcg_target_long 
val, TCGType type,
 # define P_REXB_RM 0
 # define P_GS   0
 #endif
+#define P_EXT3A 0x1 /* 0x0f 0x3a opcode prefix */
 #define P_SIMDF30x2 /* 0xf3 opcode prefix */
 #define P_SIMDF20x4 /* 0xf2 opcode prefix */
 #define P_VEXL  0x8 /* Set VEX.L = 1 */
@@ -333,6 +334,7 @@ static inline int tcg_target_const_match(tcg_target_long 
val, TCGType type,
 #define OPC_ARITH_GvEv (0x03)  /* ... plus (ARITH_FOO << 3) */
 #define OPC_ANDN(0xf2 | P_EXT38)
 #define OPC_ADD_GvEv   (OPC_ARITH_GvEv | (ARITH_ADD << 3))
+#define OPC_BLENDPS (0x0c | P_EXT3A | P_DATA16)
 #define OPC_BSF (0xbc | P_EXT)
 #define OPC_BSR (0xbd | P_EXT)
 #define OPC_BSWAP  (0xc8 | P_EXT)
@@ -372,15 +374,33 @@ static inline int tcg_target_const_match(tcg_target_long 
val, TCGType type,
 #define OPC_MOVSLQ (0x63 | P_REXW)
 #define OPC_MOVZBL (0xb6 | P_EXT)
 #define OPC_MOVZWL (0xb7 | P_EXT)
+#define OPC_PACKSSDW(0x6b | P_EXT | P_DATA16)
+#define OPC_PACKSSWB(0x63 | P_EXT | P_DATA16)
+#define OPC_PACKUSDW(0x2b | P_EXT38 | P_DATA16)
+#define OPC_PACKUSWB(0x67 | P_EXT | P_DATA16)
 #define OPC_PADDB   (0xfc | P_EXT | P_DATA16)
 #define OPC_PADDW   (0xfd | P_EXT | P_DATA16)
 #define OPC_PADDD   (0xfe | P_EXT | P_DATA16)
 #define OPC_PADDQ   (0xd4 | P_EXT | P_DATA16)
 #define OPC_PAND(0xdb | P_EXT | P_DATA16)
 #define OPC_PANDN   (0xdf | P_EXT | P_DATA16)
+#define OPC_PBLENDW (0x0e | P_EXT3A | P_DATA16)
 #define OPC_PCMPEQB (0x74 | P_EXT | P_DATA16)
+#define OPC_PCMPEQW (0x75 | P_EXT | P_DATA16)
+#define OPC_PCMPEQD (0x76 | P_EXT | P_DATA16)
+#define OPC_PCMPEQQ (0x29 | P_EXT38 | P_DATA16)
+#define OPC_PCMPGTB (0x64 | P_EXT | P_DATA16)
+#define OPC_PCMPGTW (0x65 | P_EXT | P_DATA16)
+#define OPC_PCMPGTD (0x66 | P_EXT | P_DATA16)
+#define OPC_PCMPGTQ (0x37 | P_EXT38 | P_DATA16)
 #define OPC_POR (0xeb | P_EXT | P_DATA16)
+#define OPC_PSHUFB  (0x00 | P_EXT38 | P_DATA16)
 #define OPC_PSHUFD  (0x70 | P_EXT | P_DATA16)
+#define OPC_PSHUFLW (0x70 | P_EXT | P_SIMDF2)
+#define OPC_PSHUFHW (0x70 | P_EXT | P_SIMDF3)
+#define OPC_PSHIFTW_Ib  (0x71 | P_EXT | P_DATA16) /* /2 /6 /4 */
+#define OPC_PSHIFTD_Ib  (0x72 | P_EXT | P_DATA16) /* /2 /6 /4 */
+#define OPC_PSHIFTQ_Ib  (0x73 | P_EXT | P_DATA16) /* /2 /6 /4 */
 #define OPC_PSUBB   (0xf8 | P_EXT | P_DATA16)
 #define OPC_PSUBW   (0xf9 | P_EXT | P_DATA16)
 #define OPC_PSUBD   (0xfa | P_EXT | P_DATA16)
@@ -389,6 +409,10 @@ static inline int tcg_target_const_match(tcg_target_long 
val, TCGType type,
 #define OPC_PUNPCKLWD   (0x61 | P_EXT | P_DATA16)
 #define OPC_PUNPCKLDQ   (0x62 | P_EXT | P_DATA16)
 #define OPC_PUNPCKLQDQ  (0x6c | P_EXT | P_DATA16)
+#define OPC_PUNPCKHBW   (0x68 | P_EXT | P_DATA16)
+#define OPC_PUNPCKHWD   (0x69 | P_EXT | P_DATA16)
+#define OPC_PUNPCKHDQ   (0x6a | P_EXT |

[Qemu-devel] [PATCH v6 26/26] tcg/aarch64: Add vector operations

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 tcg/aarch64/tcg-target.h |  30 +-
 tcg/aarch64/tcg-target.opc.h |   3 +
 tcg/aarch64/tcg-target.inc.c | 674 ---
 3 files changed, 660 insertions(+), 47 deletions(-)
 create mode 100644 tcg/aarch64/tcg-target.opc.h

diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
index c2525066ab..46434ecca4 100644
--- a/tcg/aarch64/tcg-target.h
+++ b/tcg/aarch64/tcg-target.h
@@ -31,13 +31,22 @@ typedef enum {
 TCG_REG_SP = 31,
 TCG_REG_XZR = 31,
 
+TCG_REG_V0 = 32, TCG_REG_V1, TCG_REG_V2, TCG_REG_V3,
+TCG_REG_V4, TCG_REG_V5, TCG_REG_V6, TCG_REG_V7,
+TCG_REG_V8, TCG_REG_V9, TCG_REG_V10, TCG_REG_V11,
+TCG_REG_V12, TCG_REG_V13, TCG_REG_V14, TCG_REG_V15,
+TCG_REG_V16, TCG_REG_V17, TCG_REG_V18, TCG_REG_V19,
+TCG_REG_V20, TCG_REG_V21, TCG_REG_V22, TCG_REG_V23,
+TCG_REG_V24, TCG_REG_V25, TCG_REG_V26, TCG_REG_V27,
+TCG_REG_V28, TCG_REG_V29, TCG_REG_V30, TCG_REG_V31,
+
 /* Aliases.  */
 TCG_REG_FP = TCG_REG_X29,
 TCG_REG_LR = TCG_REG_X30,
 TCG_AREG0  = TCG_REG_X19,
 } TCGReg;
 
-#define TCG_TARGET_NB_REGS 32
+#define TCG_TARGET_NB_REGS 64
 
 /* used for function call generation */
 #define TCG_REG_CALL_STACK  TCG_REG_SP
@@ -113,6 +122,25 @@ typedef enum {
 #define TCG_TARGET_HAS_mulsh_i641
 #define TCG_TARGET_HAS_direct_jump  1
 
+#define TCG_TARGET_HAS_v64  1
+#define TCG_TARGET_HAS_v128 1
+#define TCG_TARGET_HAS_v256 0
+
+#define TCG_TARGET_HAS_andc_vec 1
+#define TCG_TARGET_HAS_orc_vec  1
+#define TCG_TARGET_HAS_not_vec  1
+#define TCG_TARGET_HAS_neg_vec  1
+#define TCG_TARGET_HAS_shi_vec  1
+#define TCG_TARGET_HAS_shs_vec  0
+#define TCG_TARGET_HAS_shv_vec  0
+#define TCG_TARGET_HAS_zip_vec  1
+#define TCG_TARGET_HAS_uzp_vec  1
+#define TCG_TARGET_HAS_trn_vec  1
+#define TCG_TARGET_HAS_cmp_vec  1
+#define TCG_TARGET_HAS_mul_vec  1
+#define TCG_TARGET_HAS_extl_vec 1
+#define TCG_TARGET_HAS_exth_vec 1
+
 #define TCG_TARGET_DEFAULT_MO (0)
 
 static inline void flush_icache_range(uintptr_t start, uintptr_t stop)
diff --git a/tcg/aarch64/tcg-target.opc.h b/tcg/aarch64/tcg-target.opc.h
new file mode 100644
index 00..4816a6c3d4
--- /dev/null
+++ b/tcg/aarch64/tcg-target.opc.h
@@ -0,0 +1,3 @@
+/* Target-specific opcodes for host vector expansion.  These will be
+   emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
+   consider these to be UNSPEC with names.  */
diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index 150530f30e..b2ce818d7c 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -20,10 +20,15 @@ QEMU_BUILD_BUG_ON(TCG_TYPE_I32 != 0 || TCG_TYPE_I64 != 1);
 
 #ifdef CONFIG_DEBUG_TCG
 static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
-"%x0", "%x1", "%x2", "%x3", "%x4", "%x5", "%x6", "%x7",
-"%x8", "%x9", "%x10", "%x11", "%x12", "%x13", "%x14", "%x15",
-"%x16", "%x17", "%x18", "%x19", "%x20", "%x21", "%x22", "%x23",
-"%x24", "%x25", "%x26", "%x27", "%x28", "%fp", "%x30", "%sp",
+"x0", "x1", "x2", "x3", "x4", "x5", "x6", "x7",
+"x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15",
+"x16", "x17", "x18", "x19", "x20", "x21", "x22", "x23",
+"x24", "x25", "x26", "x27", "x28", "fp", "x30", "sp",
+
+"v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+"v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+"v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+"v24", "v25", "v26", "v27", "v28", "fp", "v30", "v31",
 };
 #endif /* CONFIG_DEBUG_TCG */
 
@@ -43,6 +48,14 @@ static const int tcg_target_reg_alloc_order[] = {
 /* X19 reserved for AREG0 */
 /* X29 reserved as fp */
 /* X30 reserved as temporary */
+
+TCG_REG_V0, TCG_REG_V1, TCG_REG_V2, TCG_REG_V3,
+TCG_REG_V4, TCG_REG_V5, TCG_REG_V6, TCG_REG_V7,
+/* V8 - V15 are call-saved, and skipped.  */
+TCG_REG_V16, TCG_REG_V17, TCG_REG_V18, TCG_REG_V19,
+TCG_REG_V20, TCG_REG_V21, TCG_REG_V22, TCG_REG_V23,
+TCG_REG_V24, TCG_REG_V25, TCG_REG_V26, TCG_REG_V27,
+TCG_REG_V28, TCG_REG_V29, TCG_REG_V30, TCG_REG_V31,
 };
 
 static const int tcg_target_call_iarg_regs[8] = {
@@ -54,6 +67,7 @@ static const int tcg_target_call_oarg_regs[1] = {
 };
 
 #define TCG_REG_TMP TCG_REG_X30
+#define TCG_VEC_TMP TCG_REG_V31
 
 #ifndef CONFIG_SOFTMMU
 /* Note that XZR cannot be encoded in the address base register slot,
@@ -119,9 +133,13 @@ static const char 
*target_parse_constraint(TCGArgConstraint *ct,
const char *ct_str, TCGType type)
 {
 switch (*ct_str++) {
-case 'r':
+case 'r': /* general registers */
 ct->ct |= TCG_CT_REG;
-ct->u.regs = 0xu;
+ct->u.regs |= 0xu;
+break;

[Qemu-devel] [PATCH v6 04/26] tcg: Add types and basic operations for host vectors

2017-11-21 Thread Richard Henderson 
Nothing uses or enables them yet.

Signed-off-by: Richard Henderson 
---
 Makefile.target  |   4 +-
 tcg/tcg-op.h |  30 +
 tcg/tcg-opc.h|  26 
 tcg/tcg.h|  56 +
 tcg/tcg-op-vec.c | 362 +++
 tcg/tcg.c| 100 ++-
 tcg/README   |  58 +
 7 files changed, 630 insertions(+), 6 deletions(-)
 create mode 100644 tcg/tcg-op-vec.c

diff --git a/Makefile.target b/Makefile.target
index e4244c188a..5ca758f13c 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -93,8 +93,8 @@ all: $(PROGS) stap
 # cpu emulator library
 obj-y += exec.o
 obj-y += accel/
-obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/optimize.o
-obj-$(CONFIG_TCG) += tcg/tcg-common.o
+obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/tcg-op-vec.o
+obj-$(CONFIG_TCG) += tcg/tcg-common.o tcg/optimize.o
 obj-$(CONFIG_TCG_INTERPRETER) += tcg/tci.o
 obj-$(CONFIG_TCG_INTERPRETER) += disas/tci.o
 obj-y += fpu/softfloat.o
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index ca07b32b65..9b0560e4d3 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -35,6 +35,10 @@ void tcg_gen_op4(TCGOpcode, TCGArg, TCGArg, TCGArg, TCGArg);
 void tcg_gen_op5(TCGOpcode, TCGArg, TCGArg, TCGArg, TCGArg, TCGArg);
 void tcg_gen_op6(TCGOpcode, TCGArg, TCGArg, TCGArg, TCGArg, TCGArg, TCGArg);
 
+void vec_gen_2(TCGOpcode, TCGType, unsigned, TCGArg, TCGArg);
+void vec_gen_3(TCGOpcode, TCGType, unsigned, TCGArg, TCGArg, TCGArg);
+void vec_gen_4(TCGOpcode, TCGType, unsigned, TCGArg, TCGArg, TCGArg, TCGArg);
+
 static inline void tcg_gen_op1_i32(TCGOpcode opc, TCGv_i32 a1)
 {
 tcg_gen_op1(opc, tcgv_i32_arg(a1));
@@ -903,6 +907,30 @@ void tcg_gen_atomic_or_fetch_i64(TCGv_i64, TCGv, TCGv_i64, 
TCGArg, TCGMemOp);
 void tcg_gen_atomic_xor_fetch_i32(TCGv_i32, TCGv, TCGv_i32, TCGArg, TCGMemOp);
 void tcg_gen_atomic_xor_fetch_i64(TCGv_i64, TCGv, TCGv_i64, TCGArg, TCGMemOp);
 
+void tcg_gen_mov_vec(TCGv_vec, TCGv_vec);
+void tcg_gen_dup_i32_vec(unsigned vece, TCGv_vec, TCGv_i32);
+void tcg_gen_dup_i64_vec(unsigned vece, TCGv_vec, TCGv_i64);
+void tcg_gen_dup8i_vec(TCGv_vec, uint32_t);
+void tcg_gen_dup16i_vec(TCGv_vec, uint32_t);
+void tcg_gen_dup32i_vec(TCGv_vec, uint32_t);
+void tcg_gen_dup64i_vec(TCGv_vec, uint64_t);
+void tcg_gen_movi_v64(TCGv_vec, uint64_t);
+void tcg_gen_movi_v128(TCGv_vec, uint64_t, uint64_t);
+void tcg_gen_movi_v256(TCGv_vec, uint64_t, uint64_t, uint64_t, uint64_t);
+void tcg_gen_add_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_sub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_and_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_or_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_xor_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_andc_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_orc_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_not_vec(unsigned vece, TCGv_vec r, TCGv_vec a);
+void tcg_gen_neg_vec(unsigned vece, TCGv_vec r, TCGv_vec a);
+
+void tcg_gen_ld_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset);
+void tcg_gen_st_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset);
+void tcg_gen_stl_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset, TCGType t);
+
 #if TARGET_LONG_BITS == 64
 #define tcg_gen_movi_tl tcg_gen_movi_i64
 #define tcg_gen_mov_tl tcg_gen_mov_i64
@@ -1001,6 +1029,7 @@ void tcg_gen_atomic_xor_fetch_i64(TCGv_i64, TCGv, 
TCGv_i64, TCGArg, TCGMemOp);
 #define tcg_gen_atomic_and_fetch_tl tcg_gen_atomic_and_fetch_i64
 #define tcg_gen_atomic_or_fetch_tl tcg_gen_atomic_or_fetch_i64
 #define tcg_gen_atomic_xor_fetch_tl tcg_gen_atomic_xor_fetch_i64
+#define tcg_gen_dup_tl_vec  tcg_gen_dup_i64_vec
 #else
 #define tcg_gen_movi_tl tcg_gen_movi_i32
 #define tcg_gen_mov_tl tcg_gen_mov_i32
@@ -1098,6 +1127,7 @@ void tcg_gen_atomic_xor_fetch_i64(TCGv_i64, TCGv, 
TCGv_i64, TCGArg, TCGMemOp);
 #define tcg_gen_atomic_and_fetch_tl tcg_gen_atomic_and_fetch_i32
 #define tcg_gen_atomic_or_fetch_tl tcg_gen_atomic_or_fetch_i32
 #define tcg_gen_atomic_xor_fetch_tl tcg_gen_atomic_xor_fetch_i32
+#define tcg_gen_dup_tl_vec  tcg_gen_dup_i32_vec
 #endif
 
 #if UINTPTR_MAX == UINT32_MAX
diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index 956fb1e9f3..4e62eda14b 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -204,8 +204,34 @@ DEF(qemu_ld_i64, DATA64_ARGS, TLADDR_ARGS, 1,
 DEF(qemu_st_i64, 0, TLADDR_ARGS + DATA64_ARGS, 1,
 TCG_OPF_CALL_CLOBBER | TCG_OPF_SIDE_EFFECTS | TCG_OPF_64BIT)
 
+/* Host vector support.  */
+
+#define IMPLVEC  TCG_OPF_VECTOR | IMPL(TCG_TARGET_MAYBE_vec)
+
+DEF(mov_vec, 1, 1, 0, TCG_OPF_VECTOR | TCG_OPF_NOT_PRESENT)
+DEF(movi_vec, 1, 0, 0, TCG_OPF_VECTOR | TCG_OPF_NOT_PRESENT) /* vecl defines 
const args */
+DEF(dupi_vec, 1, 0, 1, TCG_OPF_VECTOR | TCG_OPF_NOT_PRESENT)
+
+DEF(dup_vec, 1, 1, 0, IMPLVEC)
+DEF(dup2_vec, 1, 2, 0, IMPLVEC | IMPL(TCG_TARGET_REG_BITS == 32))
+
+DEF(ld_vec, 1, 1, 1,

[Qemu-devel] [PATCH v6 05/26] tcg: Add generic vector expanders

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 Makefile.target  |2 +-
 accel/tcg/tcg-runtime.h  |   29 ++
 tcg/tcg-gvec-desc.h  |   49 ++
 tcg/tcg-op-gvec.h|  152 +++
 tcg/tcg-op.h |1 +
 accel/tcg/tcg-runtime-gvec.c |  295 
 tcg/tcg-op-gvec.c| 1017 ++
 tcg/tcg-op-vec.c |   36 +-
 accel/tcg/Makefile.objs  |2 +-
 9 files changed, 1573 insertions(+), 10 deletions(-)
 create mode 100644 tcg/tcg-gvec-desc.h
 create mode 100644 tcg/tcg-op-gvec.h
 create mode 100644 accel/tcg/tcg-runtime-gvec.c
 create mode 100644 tcg/tcg-op-gvec.c

diff --git a/Makefile.target b/Makefile.target
index 5ca758f13c..d828cec433 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -93,7 +93,7 @@ all: $(PROGS) stap
 # cpu emulator library
 obj-y += exec.o
 obj-y += accel/
-obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/tcg-op-vec.o
+obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/tcg-op-vec.o tcg/tcg-op-gvec.o
 obj-$(CONFIG_TCG) += tcg/tcg-common.o tcg/optimize.o
 obj-$(CONFIG_TCG_INTERPRETER) += tcg/tci.o
 obj-$(CONFIG_TCG_INTERPRETER) += disas/tci.o
diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index 1df17d0ba9..76ee41ce58 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -134,3 +134,32 @@ GEN_ATOMIC_HELPERS(xor_fetch)
 GEN_ATOMIC_HELPERS(xchg)
 
 #undef GEN_ATOMIC_HELPERS
+
+DEF_HELPER_FLAGS_3(gvec_mov, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_dup8, TCG_CALL_NO_RWG, void, ptr, i32, i32)
+DEF_HELPER_FLAGS_3(gvec_dup16, TCG_CALL_NO_RWG, void, ptr, i32, i32)
+DEF_HELPER_FLAGS_3(gvec_dup32, TCG_CALL_NO_RWG, void, ptr, i32, i32)
+DEF_HELPER_FLAGS_3(gvec_dup64, TCG_CALL_NO_RWG, void, ptr, i32, i64)
+
+DEF_HELPER_FLAGS_4(gvec_add8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_add16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_add32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_add64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_sub8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sub16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sub32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sub64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_neg8, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_neg16, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_neg32, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_neg64, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_not, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_and, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_or, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_xor, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_andc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_orc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
diff --git a/tcg/tcg-gvec-desc.h b/tcg/tcg-gvec-desc.h
new file mode 100644
index 00..8ba9a8168d
--- /dev/null
+++ b/tcg/tcg-gvec-desc.h
@@ -0,0 +1,49 @@
+/*
+ *  Generic vector operation descriptor
+ *
+ *  Copyright (c) 2017 Linaro
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+/* ??? These bit widths are set for ARM SVE, maxing out at 256 byte vectors. */
+#define SIMD_OPRSZ_SHIFT   0
+#define SIMD_OPRSZ_BITS5
+
+#define SIMD_MAXSZ_SHIFT   (SIMD_OPRSZ_SHIFT + SIMD_OPRSZ_BITS)
+#define SIMD_MAXSZ_BITS5
+
+#define SIMD_DATA_SHIFT(SIMD_MAXSZ_SHIFT + SIMD_MAXSZ_BITS)
+#define SIMD_DATA_BITS (32 - SIMD_DATA_SHIFT)
+
+/* Create a descriptor from components.  */
+uint32_t simd_desc(uint32_t oprsz, uint32_t maxsz, int32_t data);
+
+/* Extract the operation size from a descriptor.  */
+static inline intptr_t simd_oprsz(uint32_t desc)
+{
+return (extract32(desc, SIMD_OPRSZ_SHIFT, SIMD_OPRSZ_BITS) + 1) * 8;
+}
+
+/* Extract the max vector size from a descriptor.  */
+static inline intptr_t simd_maxsz(uint32_t desc)
+{
+return (extract32(desc, SIMD_MAXSZ_SHIFT, SIMD_MAXSZ_BITS) + 1) * 8;
+}
+
+/* Extract the operation-specific data from a descriptor.  */
+static inline

[Qemu-devel] [PATCH v6 22/26] target/arm: Use vector infrastructure for aa64 multiplies

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 171 -
 1 file changed, 138 insertions(+), 33 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 1ea7e37b03..c47d9caa49 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -9691,6 +9691,66 @@ static void disas_simd_3same_float(DisasContext *s, 
uint32_t insn)
 }
 }
 
+static void gen_mla8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+gen_helper_neon_mul_u8(a, a, b);
+gen_helper_neon_add_u8(d, d, a);
+}
+
+static void gen_mla16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+gen_helper_neon_mul_u16(a, a, b);
+gen_helper_neon_add_u16(d, d, a);
+}
+
+static void gen_mla32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+tcg_gen_mul_i32(a, a, b);
+tcg_gen_add_i32(d, d, a);
+}
+
+static void gen_mla64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
+{
+tcg_gen_mul_i64(a, a, b);
+tcg_gen_add_i64(d, d, a);
+}
+
+static void gen_mla_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
+{
+tcg_gen_mul_vec(vece, a, a, b);
+tcg_gen_add_vec(vece, d, d, a);
+}
+
+static void gen_mls8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+gen_helper_neon_mul_u8(a, a, b);
+gen_helper_neon_sub_u8(d, d, a);
+}
+
+static void gen_mls16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+gen_helper_neon_mul_u16(a, a, b);
+gen_helper_neon_sub_u16(d, d, a);
+}
+
+static void gen_mls32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+tcg_gen_mul_i32(a, a, b);
+tcg_gen_sub_i32(d, d, a);
+}
+
+static void gen_mls64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
+{
+tcg_gen_mul_i64(a, a, b);
+tcg_gen_sub_i64(d, d, a);
+}
+
+static void gen_mls_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
+{
+tcg_gen_mul_vec(vece, a, a, b);
+tcg_gen_sub_vec(vece, d, d, a);
+}
+
 /* Integer op subgroup of C3.6.16. */
 static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
 {
@@ -9702,7 +9762,8 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 int rn = extract32(insn, 5, 5);
 int rd = extract32(insn, 0, 5);
 int pass;
-GVecGen3Fn *gvec_op;
+GVecGen3Fn *gvec_fn;
+const GVecGen3 *gvec_op;
 TCGCond cond;
 
 switch (opcode) {
@@ -9745,12 +9806,70 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 
 switch (opcode) {
 case 0x10: /* ADD, SUB */
-gvec_op = u ? tcg_gen_gvec_sub : tcg_gen_gvec_add;
-gvec_op(size, vec_full_reg_offset(s, rd),
+gvec_fn = u ? tcg_gen_gvec_sub : tcg_gen_gvec_add;
+do_gvec:
+gvec_fn(size, vec_full_reg_offset(s, rd),
 vec_full_reg_offset(s, rn),
 vec_full_reg_offset(s, rm),
 is_q ? 16 : 8, vec_full_reg_size(s));
 return;
+case 0x13: /* MUL, PMUL */
+if (!u) { /* MUL */
+gvec_fn = tcg_gen_gvec_mul;
+goto do_gvec;
+}
+break;
+case 0x12: /* MLA, MLS */
+{
+static const GVecGen3 mla_op[4] = {
+{ .fni4 = gen_mla8_i32,
+  .fniv = gen_mla_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_8 },
+{ .fni4 = gen_mla16_i32,
+  .fniv = gen_mla_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_16 },
+{ .fni4 = gen_mla32_i32,
+  .fniv = gen_mla_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_32 },
+{ .fni8 = gen_mla64_i64,
+  .fniv = gen_mla_vec,
+  .opc = INDEX_op_mul_vec,
+  .prefer_i64 = TCG_TARGET_REG_BITS == 64,
+  .load_dest = true,
+  .vece = MO_64 },
+};
+static const GVecGen3 mls_op[4] = {
+{ .fni4 = gen_mls8_i32,
+  .fniv = gen_mls_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_8 },
+{ .fni4 = gen_mls16_i32,
+  .fniv = gen_mls_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_16 },
+{ .fni4 = gen_mls32_i32,
+  .fniv = gen_mls_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_32 },
+{ .fni8 = gen_mls64_i64,
+  .fniv = gen_mls_vec,
+  .opc = INDEX_op_mul_vec,
+  .prefer_i64 = TCG_TARGET_REG_BITS == 64,
+  .load_dest = true,
+  .vece = MO_64 },
+};
+gvec_op = (u ? _op[size] : _op[size]);
+}
+goto

[Qemu-devel] [PATCH v6 16/26] tcg: Add generic vector ops for constant shifts

2017-11-21 Thread Richard Henderson 
Opcodes are added for scalar and vector shifts, but considering the
varied semantics of these do not expose them to the front ends.  Do
go ahead and provide them in case they are needed for backend expansion.

Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime.h  |  15 +++
 tcg/i386/tcg-target.h|   3 +
 tcg/tcg-op-gvec.h|  35 ++
 tcg/tcg-op.h |   5 +
 tcg/tcg-opc.h|  12 ++
 tcg/tcg.h|   3 +
 accel/tcg/tcg-runtime-gvec.c | 149 ++
 tcg/tcg-op-gvec.c| 291 +++
 tcg/tcg-op-vec.c |  40 ++
 tcg/tcg.c|  12 ++
 tcg/README   |  29 +
 11 files changed, 594 insertions(+)

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index c6de749134..cb05a755b8 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -164,6 +164,21 @@ DEF_HELPER_FLAGS_4(gvec_xor, TCG_CALL_NO_RWG, void, ptr, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_andc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_orc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_3(gvec_shl8i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shl16i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shl32i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shl64i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_shr8i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shr16i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shr32i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shr64i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_sar8i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_sar16i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_sar32i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_sar64i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_4(gvec_zip8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_zip16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_zip32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index ff0ad7dcdb..92d533eb92 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -177,6 +177,9 @@ extern bool have_avx2;
 #define TCG_TARGET_HAS_orc_vec  0
 #define TCG_TARGET_HAS_not_vec  0
 #define TCG_TARGET_HAS_neg_vec  0
+#define TCG_TARGET_HAS_shi_vec  0
+#define TCG_TARGET_HAS_shs_vec  0
+#define TCG_TARGET_HAS_shv_vec  0
 #define TCG_TARGET_HAS_zip_vec  0
 #define TCG_TARGET_HAS_uzp_vec  0
 #define TCG_TARGET_HAS_trn_vec  0
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
index 64270a3c74..de2c0e669a 100644
--- a/tcg/tcg-op-gvec.h
+++ b/tcg/tcg-op-gvec.h
@@ -77,6 +77,25 @@ typedef struct {
 typedef struct {
 /* Expand inline as a 64-bit or 32-bit integer.
Only one of these will be non-NULL.  */
+void (*fni8)(TCGv_i64, TCGv_i64, unsigned);
+void (*fni4)(TCGv_i32, TCGv_i32, unsigned);
+/* Expand inline with a host vector type.  */
+void (*fniv)(unsigned, TCGv_vec, TCGv_vec, unsigned);
+/* Expand out-of-line helper w/descriptor.  */
+gen_helper_gvec_2 *fno;
+/* The opcode, if any, to which this corresponds.  */
+TCGOpcode opc;
+/* The vector element size, if applicable.  */
+uint8_t vece;
+/* Prefer i64 to v64.  */
+bool prefer_i64;
+/* Load dest as a 3rd source operand.  */
+bool load_dest;
+} GVecGen2i;
+
+typedef struct {
+/* Expand inline as a 64-bit or 32-bit integer.
+   Only one of these will be non-NULL.  */
 void (*fni8)(TCGv_i64, TCGv_i64, TCGv_i64);
 void (*fni4)(TCGv_i32, TCGv_i32, TCGv_i32);
 /* Expand inline with a host vector type.  */
@@ -97,6 +116,8 @@ typedef struct {
 
 void tcg_gen_gvec_2(uint32_t dofs, uint32_t aofs,
 uint32_t opsz, uint32_t clsz, const GVecGen2 *);
+void tcg_gen_gvec_2i(uint32_t dofs, uint32_t aofs, uint32_t opsz,
+ uint32_t clsz, unsigned c, const GVecGen2i *);
 void tcg_gen_gvec_3(uint32_t dofs, uint32_t aofs, uint32_t bofs,
 uint32_t opsz, uint32_t clsz, const GVecGen3 *);
 
@@ -137,6 +158,13 @@ void tcg_gen_gvec_dup16i(uint32_t dofs, uint32_t s, 
uint32_t m, uint16_t x);
 void tcg_gen_gvec_dup32i(uint32_t dofs, uint32_t s, uint32_t m, uint32_t x);
 void tcg_gen_gvec_dup64i(uint32_t dofs, uint32_t s, uint32_t m, uint64_t x);
 
+void tcg_gen_gvec_shli(unsigned vece, uint32_t dofs, uint32_t aofs,
+   uint32_t opsz, uint32_t clsz, unsigned shift);
+void tcg_gen_gvec_shri(unsigned vece, uint32_t dofs, uint32_t aofs,
+   uint32_t opsz, uint32_t clsz, unsigned shift);
+void

[Qemu-devel] [PATCH v6 08/26] target/arm: Align vector registers

2017-11-21 Thread Richard Henderson 
Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 89d49cdcb2..8238edaba9 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -492,7 +492,7 @@ typedef struct CPUARMState {
  * the two execution states, and means we do not need to explicitly
  * map these registers when changing states.
  */
-float64 regs[64];
+float64 regs[64] QEMU_ALIGNED(16);
 
 uint32_t xregs[16];
 /* We store these fpcsr fields separately for convenience.  */
-- 
2.13.6

[Qemu-devel] [PATCH v6 06/26] tcg: Allow multiple word entries into the constant pool

2017-11-21 Thread Richard Henderson 
This will be required for storing vector constants.

Signed-off-by: Richard Henderson 
---
 tcg/tcg-pool.inc.c | 115 +++--
 1 file changed, 93 insertions(+), 22 deletions(-)

diff --git a/tcg/tcg-pool.inc.c b/tcg/tcg-pool.inc.c
index 8a85131405..0f76e7bee3 100644
--- a/tcg/tcg-pool.inc.c
+++ b/tcg/tcg-pool.inc.c
@@ -22,39 +22,110 @@
 
 typedef struct TCGLabelPoolData {
 struct TCGLabelPoolData *next;
-tcg_target_ulong data;
 tcg_insn_unit *label;
-intptr_t addend;
-int type;
+int addend  : 32;
+int rtype   : 16;
+int nlong   : 16;
+tcg_target_ulong data[];
 } TCGLabelPoolData;
 
 
-static void new_pool_label(TCGContext *s, tcg_target_ulong data, int type,
-   tcg_insn_unit *label, intptr_t addend)
+static TCGLabelPoolData *new_pool_alloc(TCGContext *s, int nlong, int rtype,
+tcg_insn_unit *label, int addend)
 {
-TCGLabelPoolData *n = tcg_malloc(sizeof(*n));
-TCGLabelPoolData *i, **pp;
+TCGLabelPoolData *n = tcg_malloc(sizeof(TCGLabelPoolData)
+ + sizeof(tcg_target_ulong) * nlong);
 
-n->data = data;
 n->label = label;
-n->type = type;
 n->addend = addend;
+n->rtype = rtype;
+n->nlong = nlong;
+return n;
+}
+
+static void new_pool_insert(TCGContext *s, TCGLabelPoolData *n)
+{
+TCGLabelPoolData *i, **pp;
+int nlong = n->nlong;
 
 /* Insertion sort on the pool.  */
-for (pp = >pool_labels; (i = *pp) && i->data < data; pp = >next) {
-continue;
+for (pp = >pool_labels; (i = *pp) != NULL; pp = >next) {
+if (nlong > i->nlong) {
+break;
+}
+if (nlong < i->nlong) {
+continue;
+}
+if (memcmp(n->data, i->data, sizeof(tcg_target_ulong) * nlong) >= 0) {
+break;
+}
 }
 n->next = *pp;
 *pp = n;
 }
 
+/* The "usual" for generic integer code.  */
+static inline void new_pool_label(TCGContext *s, tcg_target_ulong d, int rtype,
+  tcg_insn_unit *label, int addend)
+{
+TCGLabelPoolData *n = new_pool_alloc(s, 1, rtype, label, addend);
+n->data[0] = d;
+new_pool_insert(s, n);
+}
+
+/* For v64 or v128, depending on the host.  */
+static inline void new_pool_l2(TCGContext *s, int rtype, tcg_insn_unit *label,
+   int addend, tcg_target_ulong d0,
+   tcg_target_ulong d1)
+{
+TCGLabelPoolData *n = new_pool_alloc(s, 2, rtype, label, addend);
+n->data[0] = d0;
+n->data[1] = d1;
+new_pool_insert(s, n);
+}
+
+/* For v128 or v256, depending on the host.  */
+static inline void new_pool_l4(TCGContext *s, int rtype, tcg_insn_unit *label,
+   int addend, tcg_target_ulong d0,
+   tcg_target_ulong d1, tcg_target_ulong d2,
+   tcg_target_ulong d3)
+{
+TCGLabelPoolData *n = new_pool_alloc(s, 4, rtype, label, addend);
+n->data[0] = d0;
+n->data[1] = d1;
+n->data[2] = d2;
+n->data[3] = d3;
+new_pool_insert(s, n);
+}
+
+/* For v256, for 32-bit host.  */
+static inline void new_pool_l8(TCGContext *s, int rtype, tcg_insn_unit *label,
+   int addend, tcg_target_ulong d0,
+   tcg_target_ulong d1, tcg_target_ulong d2,
+   tcg_target_ulong d3, tcg_target_ulong d4,
+   tcg_target_ulong d5, tcg_target_ulong d6,
+   tcg_target_ulong d7)
+{
+TCGLabelPoolData *n = new_pool_alloc(s, 8, rtype, label, addend);
+n->data[0] = d0;
+n->data[1] = d1;
+n->data[2] = d2;
+n->data[3] = d3;
+n->data[4] = d4;
+n->data[5] = d5;
+n->data[6] = d6;
+n->data[7] = d7;
+new_pool_insert(s, n);
+}
+
 /* To be provided by cpu/tcg-target.inc.c.  */
 static void tcg_out_nop_fill(tcg_insn_unit *p, int count);
 
 static bool tcg_out_pool_finalize(TCGContext *s)
 {
 TCGLabelPoolData *p = s->pool_labels;
-tcg_target_ulong d, *a;
+TCGLabelPoolData *l = NULL;
+void *a;
 
 if (p == NULL) {
 return true;
@@ -62,24 +133,24 @@ static bool tcg_out_pool_finalize(TCGContext *s)
 
 /* ??? Round up to qemu_icache_linesize, but then do not round
again when allocating the next TranslationBlock structure.  */
-a = (void *)ROUND_UP((uintptr_t)s->code_ptr, sizeof(tcg_target_ulong));
+a = (void *)ROUND_UP((uintptr_t)s->code_ptr,
+ sizeof(tcg_target_ulong) * p->nlong);
 tcg_out_nop_fill(s->code_ptr, (tcg_insn_unit *)a - s->code_ptr);
 s->data_gen_ptr = a;
 
-/* Ensure the first comparison fails.  */
-d = p->data + 1;
-
 for (; p != NULL; p = p->next) {
-if (p->data != d) {
-d = p->data;
-if (unlikely((void *)a >

[Qemu-devel] [PATCH v6 13/26] tcg: Add tcg_expand_vec_op and tcg-target.opc.h

2017-11-21 Thread Richard Henderson 
These will be useful in the next few patches adding shifts,
permutes, and multiplication.

Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.opc.h |  3 +++
 tcg/tcg-opc.h |  6 ++
 tcg/tcg.h | 11 +++
 tcg/i386/tcg-target.inc.c | 21 +
 tcg/tcg.c |  6 +++---
 5 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 tcg/i386/tcg-target.opc.h

diff --git a/tcg/i386/tcg-target.opc.h b/tcg/i386/tcg-target.opc.h
new file mode 100644
index 00..4816a6c3d4
--- /dev/null
+++ b/tcg/i386/tcg-target.opc.h
@@ -0,0 +1,3 @@
+/* Target-specific opcodes for host vector expansion.  These will be
+   emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
+   consider these to be UNSPEC with names.  */
diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index 4e62eda14b..b4e16cfbc3 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -229,6 +229,12 @@ DEF(andc_vec, 1, 2, 0, IMPLVEC | 
IMPL(TCG_TARGET_HAS_andc_vec))
 DEF(orc_vec, 1, 2, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_orc_vec))
 DEF(not_vec, 1, 1, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_not_vec))
 
+DEF(last_generic, 0, 0, 0, TCG_OPF_NOT_PRESENT)
+
+#if TCG_TARGET_MAYBE_vec
+#include "tcg-target.opc.h"
+#endif
+
 #undef TLADDR_ARGS
 #undef DATA64_ARGS
 #undef IMPL
diff --git a/tcg/tcg.h b/tcg/tcg.h
index 49d4c5fe05..2cba208b4c 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -1207,6 +1207,17 @@ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t 
*tb_ptr);
 
 void tcg_register_jit(void *buf, size_t buf_size);
 
+#if TCG_TARGET_MAYBE_vec
+/* Return zero if the tuple (opc, type, vece) is unsupportable;
+   return > 0 if it is directly supportable;
+   return < 0 if we must call tcg_expand_vec_op.  */
+int tcg_can_emit_vec_op(TCGOpcode, TCGType, unsigned);
+
+/* Expand the tuple (opc, type, vece) on the given arguments.  */
+void tcg_expand_vec_op(TCGOpcode, TCGType, unsigned, TCGArg, ...);
+#endif
+
+
 /*
  * Memory helpers that will be used by TCG generated code.
  */
diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
index e9a4d92598..062cf16607 100644
--- a/tcg/i386/tcg-target.inc.c
+++ b/tcg/i386/tcg-target.inc.c
@@ -2942,6 +2942,27 @@ static const TCGTargetOpDef *tcg_target_op_def(TCGOpcode 
op)
 return NULL;
 }
 
+int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, unsigned vece)
+{
+switch (opc) {
+case INDEX_op_add_vec:
+case INDEX_op_sub_vec:
+case INDEX_op_and_vec:
+case INDEX_op_or_vec:
+case INDEX_op_xor_vec:
+case INDEX_op_andc_vec:
+return true;
+
+default:
+return false;
+}
+}
+
+void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
+   TCGArg a0, ...)
+{
+}
+
 static const int tcg_target_callee_save_regs[] = {
 #if TCG_TARGET_REG_BITS == 64
 TCG_REG_RBP,
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 16b8faf66f..e725b1818f 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -1404,10 +1404,10 @@ bool tcg_op_supported(TCGOpcode op)
 case INDEX_op_orc_vec:
 return have_vec && TCG_TARGET_HAS_orc_vec;
 
-case NB_OPS:
-break;
+default:
+tcg_debug_assert(op > INDEX_op_last_generic && op < NB_OPS);
+return true;
 }
-g_assert_not_reached();
 }
 
 /* Note: we convert the 64 bit args to 32 bit and do some alignment
-- 
2.13.6

[Qemu-devel] [PATCH v6 10/26] target/arm: Use vector infrastructure for aa64 mov/not/neg

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 43 ++-
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 572af456d1..bc14c28e71 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -85,6 +85,7 @@ typedef void CryptoTwoOpEnvFn(TCGv_ptr, TCGv_i32, TCGv_i32);
 typedef void CryptoThreeOpEnvFn(TCGv_ptr, TCGv_i32, TCGv_i32, TCGv_i32);
 
 /* Note that the gvec expanders operate on offsets + sizes.  */
+typedef void GVecGen2Fn(unsigned, uint32_t, uint32_t, uint32_t, uint32_t);
 typedef void GVecGen3Fn(unsigned, uint32_t, uint32_t,
 uint32_t, uint32_t, uint32_t);
 
@@ -4579,14 +4580,19 @@ static void handle_fp_1src_double(DisasContext *s, int 
opcode, int rd, int rn)
 TCGv_i64 tcg_op;
 TCGv_i64 tcg_res;
 
+switch (opcode) {
+case 0x0: /* FMOV */
+tcg_gen_gvec_mov(0, vec_full_reg_offset(s, rd),
+ vec_full_reg_offset(s, rn),
+ 8, vec_full_reg_size(s));
+return;
+}
+
 fpst = get_fpstatus_ptr();
 tcg_op = read_fp_dreg(s, rn);
 tcg_res = tcg_temp_new_i64();
 
 switch (opcode) {
-case 0x0: /* FMOV */
-tcg_gen_mov_i64(tcg_res, tcg_op);
-break;
 case 0x1: /* FABS */
 gen_helper_vfp_absd(tcg_res, tcg_op);
 break;
@@ -9153,6 +9159,12 @@ static void disas_simd_3same_logic(DisasContext *s, 
uint32_t insn)
 gvec_fn = tcg_gen_gvec_andc;
 goto do_fn;
 case 2: /* ORR */
+if (rn == rm) { /* MOV */
+tcg_gen_gvec_mov(0, vec_full_reg_offset(s, rd),
+ vec_full_reg_offset(s, rn),
+ is_q ? 16 : 8, vec_full_reg_size(s));
+return;
+}
 gvec_fn = tcg_gen_gvec_or;
 goto do_fn;
 case 3: /* ORN */
@@ -10032,6 +10044,7 @@ static void disas_simd_two_reg_misc(DisasContext *s, 
uint32_t insn)
 int rmode = -1;
 TCGv_i32 tcg_rmode;
 TCGv_ptr tcg_fpstatus;
+GVecGen2Fn *gvec_fn;
 
 switch (opcode) {
 case 0x0: /* REV64, REV32 */
@@ -10040,8 +10053,7 @@ static void disas_simd_two_reg_misc(DisasContext *s, 
uint32_t insn)
 return;
 case 0x5: /* CNT, NOT, RBIT */
 if (u && size == 0) {
-/* NOT: adjust size so we can use the 64-bits-at-a-time loop. */
-size = 3;
+/* NOT */
 break;
 } else if (u && size == 1) {
 /* RBIT */
@@ -10293,6 +10305,27 @@ static void disas_simd_two_reg_misc(DisasContext *s, 
uint32_t insn)
 tcg_rmode = NULL;
 }
 
+switch (opcode) {
+case 0x5:
+if (u && size == 0) { /* NOT */
+gvec_fn = tcg_gen_gvec_not;
+goto do_fn;
+}
+break;
+case 0xb:
+if (u) { /* NEG */
+gvec_fn = tcg_gen_gvec_neg;
+goto do_fn;
+}
+break;
+
+do_fn:
+gvec_fn(size, vec_full_reg_offset(s, rd),
+vec_full_reg_offset(s, rn),
+is_q ? 16 : 8, vec_full_reg_size(s));
+return;
+}
+
 if (size == 3) {
 /* All 64-bit element operations can be shared with scalar 2misc */
 int pass;
-- 
2.13.6

[Qemu-devel] [PATCH v6 01/26] tcg: Remove TCGV_UNUSED* and TCGV_IS_UNUSED*

2017-11-21 Thread Richard Henderson 
These are now trivial sets and tests against NULL.  Unwrap.

Signed-off-by: Richard Henderson 
---
 tcg/tcg-op.h |  4 ---
 tcg/tcg.h|  9 ---
 target/alpha/translate.c | 22 
 target/arm/translate-a64.c   | 35 +++-
 target/arm/translate.c   | 29 ++--
 target/cris/translate.c  |  2 +-
 target/hppa/translate.c  | 63 ++--
 target/i386/translate.c  | 13 +
 target/m68k/translate.c  | 14 +-
 target/mips/translate.c  |  2 +-
 target/nios2/translate.c |  6 ++---
 target/ppc/translate.c   |  2 +-
 target/s390x/translate.c | 42 ++---
 target/sh4/translate.c   |  2 +-
 target/sparc/translate.c |  2 +-
 target/tilegx/translate.c| 10 +++
 target/unicore32/translate.c |  4 +--
 tcg/tcg.c|  4 +--
 18 files changed, 122 insertions(+), 143 deletions(-)

diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 3129159907..ca07b32b65 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -807,8 +807,6 @@ void tcg_gen_lookup_and_goto_ptr(void);
 #define tcg_global_mem_new tcg_global_mem_new_i32
 #define tcg_temp_local_new() tcg_temp_local_new_i32()
 #define tcg_temp_free tcg_temp_free_i32
-#define TCGV_UNUSED(x) TCGV_UNUSED_I32(x)
-#define TCGV_IS_UNUSED(x) TCGV_IS_UNUSED_I32(x)
 #define tcg_gen_qemu_ld_tl tcg_gen_qemu_ld_i32
 #define tcg_gen_qemu_st_tl tcg_gen_qemu_st_i32
 #else
@@ -817,8 +815,6 @@ void tcg_gen_lookup_and_goto_ptr(void);
 #define tcg_global_mem_new tcg_global_mem_new_i64
 #define tcg_temp_local_new() tcg_temp_local_new_i64()
 #define tcg_temp_free tcg_temp_free_i64
-#define TCGV_UNUSED(x) TCGV_UNUSED_I64(x)
-#define TCGV_IS_UNUSED(x) TCGV_IS_UNUSED_I64(x)
 #define tcg_gen_qemu_ld_tl tcg_gen_qemu_ld_i64
 #define tcg_gen_qemu_st_tl tcg_gen_qemu_st_i64
 #endif
diff --git a/tcg/tcg.h b/tcg/tcg.h
index cb7b329876..c21194c858 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -428,15 +428,6 @@ typedef TCGv_ptr TCGv_env;
 #error Unhandled TARGET_LONG_BITS value
 #endif
 
-/* See the comment before tcgv_i32_temp.  */
-#define TCGV_UNUSED_I32(x) (x = (TCGv_i32)NULL)
-#define TCGV_UNUSED_I64(x) (x = (TCGv_i64)NULL)
-#define TCGV_UNUSED_PTR(x) (x = (TCGv_ptr)NULL)
-
-#define TCGV_IS_UNUSED_I32(x) ((x) == (TCGv_i32)NULL)
-#define TCGV_IS_UNUSED_I64(x) ((x) == (TCGv_i64)NULL)
-#define TCGV_IS_UNUSED_PTR(x) ((x) == (TCGv_ptr)NULL)
-
 /* call flags */
 /* Helper does not read globals (either directly or through an exception). It
implies TCG_CALL_NO_WRITE_GLOBALS. */
diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index 629f35ec8e..73a1b5e63e 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -156,7 +156,7 @@ void alpha_translate_init(void)
 
 static TCGv load_zero(DisasContext *ctx)
 {
-if (TCGV_IS_UNUSED_I64(ctx->zero)) {
+if (!ctx->zero) {
 ctx->zero = tcg_const_i64(0);
 }
 return ctx->zero;
@@ -164,7 +164,7 @@ static TCGv load_zero(DisasContext *ctx)
 
 static TCGv dest_sink(DisasContext *ctx)
 {
-if (TCGV_IS_UNUSED_I64(ctx->sink)) {
+if (!ctx->sink) {
 ctx->sink = tcg_temp_new();
 }
 return ctx->sink;
@@ -172,18 +172,18 @@ static TCGv dest_sink(DisasContext *ctx)
 
 static void free_context_temps(DisasContext *ctx)
 {
-if (!TCGV_IS_UNUSED_I64(ctx->sink)) {
+if (ctx->sink) {
 tcg_gen_discard_i64(ctx->sink);
 tcg_temp_free(ctx->sink);
-TCGV_UNUSED_I64(ctx->sink);
+ctx->sink = NULL;
 }
-if (!TCGV_IS_UNUSED_I64(ctx->zero)) {
+if (ctx->zero) {
 tcg_temp_free(ctx->zero);
-TCGV_UNUSED_I64(ctx->zero);
+ctx->zero = NULL;
 }
-if (!TCGV_IS_UNUSED_I64(ctx->lit)) {
+if (ctx->lit) {
 tcg_temp_free(ctx->lit);
-TCGV_UNUSED_I64(ctx->lit);
+ctx->lit = NULL;
 }
 }
 
@@ -2948,9 +2948,9 @@ static int alpha_tr_init_disas_context(DisasContextBase 
*dcbase,
 /* Similarly for flush-to-zero.  */
 ctx->tb_ftz = -1;
 
-TCGV_UNUSED_I64(ctx->zero);
-TCGV_UNUSED_I64(ctx->sink);
-TCGV_UNUSED_I64(ctx->lit);
+ctx->zero = NULL;
+ctx->sink = NULL;
+ctx->lit = NULL;
 
 /* Bound the number of insns to execute to those left on the page.  */
 if (in_superpage(ctx, ctx->base.pc_first)) {
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 625ef2dfd2..460bab5987 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -405,10 +405,7 @@ static void unallocated_encoding(DisasContext *s)
 static void init_tmp_a64_array(DisasContext *s)
 {
 #ifdef CONFIG_DEBUG_TCG
-int i;
-for (i = 0; i < ARRAY_SIZE(s->tmp_a64); i++) {
-TCGV_UNUSED_I64(s->tmp_a64[i]);
-}
+memset(s->tmp_a64, 0, sizeof(s->tmp_a64));
 #endif
 s->tmp_a64_count = 0;
 }
@@ -6276,7 +6273,7 @@ static void disas_simd_scalar_pairwise(DisasContext *s,

[Qemu-devel] [PATCH v6 02/26] tcg: Dynamically allocate TCGOps

2017-11-21 Thread Richard Henderson 
With no fixed array allocation, we can't overflow a buffer.
This will be important as optimizations related to host vectors
may expand the number of ops used.

Use QTAILQ to link the ops together.

Signed-off-by: Richard Henderson 
---
 include/exec/gen-icount.h |   9 ++--
 include/qemu/queue.h  |   5 ++
 target/arm/translate.h|  10 ++--
 tcg/tcg.h |  35 +---
 target/arm/translate-a64.c|   2 +-
 target/arm/translate.c|   2 +-
 target/cris/translate.c   |   2 -
 target/lm32/translate.c   |   2 -
 target/microblaze/translate.c |   4 --
 tcg/optimize.c|  16 ++
 tcg/tcg-op.c  |  24 -
 tcg/tcg.c | 123 --
 12 files changed, 77 insertions(+), 157 deletions(-)

diff --git a/include/exec/gen-icount.h b/include/exec/gen-icount.h
index 049bba86e9..54aaa61d65 100644
--- a/include/exec/gen-icount.h
+++ b/include/exec/gen-icount.h
@@ -5,7 +5,7 @@
 
 /* Helpers for instruction counting code generation.  */
 
-static int icount_start_insn_idx;
+static TCGOp *icount_start_insn;
 
 static inline void gen_tb_start(TranslationBlock *tb)
 {
@@ -26,8 +26,8 @@ static inline void gen_tb_start(TranslationBlock *tb)
 /* We emit a movi with a dummy immediate argument. Keep the insn index
  * of the movi so that we later (when we know the actual insn count)
  * can update the immediate argument with the actual insn count.  */
-icount_start_insn_idx = tcg_op_buf_count();
 tcg_gen_movi_i32(imm, 0xdeadbeef);
+icount_start_insn = tcg_last_op();
 
 tcg_gen_sub_i32(count, count, imm);
 tcg_temp_free_i32(imm);
@@ -48,14 +48,11 @@ static inline void gen_tb_end(TranslationBlock *tb, int 
num_insns)
 if (tb_cflags(tb) & CF_USE_ICOUNT) {
 /* Update the num_insn immediate parameter now that we know
  * the actual insn count.  */
-tcg_set_insn_param(icount_start_insn_idx, 1, num_insns);
+tcg_set_insn_param(icount_start_insn, 1, num_insns);
 }
 
 gen_set_label(tcg_ctx->exitreq_label);
 tcg_gen_exit_tb((uintptr_t)tb + TB_EXIT_REQUESTED);
-
-/* Terminate the linked list.  */
-tcg_ctx->gen_op_buf[tcg_ctx->gen_op_buf[0].prev].next = 0;
 }
 
 static inline void gen_io_start(void)
diff --git a/include/qemu/queue.h b/include/qemu/queue.h
index 35292c3155..aa270d2b38 100644
--- a/include/qemu/queue.h
+++ b/include/qemu/queue.h
@@ -425,6 +425,11 @@ struct {   
 \
 (var);  \
 (var) = (*(((struct headname 
*)((var)->field.tqe_prev))->tqh_last)))
 
+#define QTAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, prev_var) \
+for ((var) = (*(((struct headname *)((head)->tqh_last))->tqh_last)); \
+ (var) && ((prev_var) = (*(((struct headname 
*)((var)->field.tqe_prev))->tqh_last)), 1); \
+ (var) = (prev_var))
+
 /*
  * Tail queue access methods.
  */
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 410ba79c0d..cd7313ace7 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -66,8 +66,8 @@ typedef struct DisasContext {
 bool ss_same_el;
 /* Bottom two bits of XScale c15_cpar coprocessor access control reg */
 int c15_cpar;
-/* TCG op index of the current insn_start.  */
-int insn_start_idx;
+/* TCG op of the current insn_start.  */
+TCGOp *insn_start;
 #define TMP_A64_MAX 16
 int tmp_a64_count;
 TCGv_i64 tmp_a64[TMP_A64_MAX];
@@ -117,9 +117,9 @@ static void disas_set_insn_syndrome(DisasContext *s, 
uint32_t syn)
 syn >>= ARM_INSN_START_WORD2_SHIFT;
 
 /* We check and clear insn_start_idx to catch multiple updates.  */
-assert(s->insn_start_idx != 0);
-tcg_set_insn_param(s->insn_start_idx, 2, syn);
-s->insn_start_idx = 0;
+assert(s->insn_start != NULL);
+tcg_set_insn_param(s->insn_start, 2, syn);
+s->insn_start = NULL;
 }
 
 /* is_jmp field values */
diff --git a/tcg/tcg.h b/tcg/tcg.h
index c21194c858..a577447846 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -29,6 +29,7 @@
 #include "cpu.h"
 #include "exec/tb-context.h"
 #include "qemu/bitops.h"
+#include "qemu/queue.h"
 #include "tcg-mo.h"
 #include "tcg-target.h"
 
@@ -48,8 +49,6 @@
  * and up to 4 + N parameters on 64-bit archs
  * (N = number of input arguments + output arguments).  */
 #define MAX_OPC_PARAM (4 + (MAX_OPC_PARAM_PER_ARG * MAX_OPC_PARAM_ARGS))
-#define OPC_BUF_SIZE 640
-#define OPC_MAX_SIZE (OPC_BUF_SIZE - MAX_OP_PER_INSTR)
 
 #define CPU_TEMP_BUF_NLONGS 128
 
@@ -572,23 +571,18 @@ typedef struct TCGOp {
 unsigned callo  : 2;/* 14 */
 unsigned: 2;/* 16 */
 
-/* Index of the prev/next op, or 0 for the end of the list.  */
-unsigned prev   : 16;   /* 32 */
-unsigned

[Qemu-devel] [PATCH v6 11/26] target/arm: Use vector infrastructure for aa64 dup/movi

2017-11-21 Thread Richard Henderson 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 83 +++---
 1 file changed, 34 insertions(+), 49 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index bc14c28e71..55a4902fc2 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -5846,38 +5846,24 @@ static void disas_simd_across_lanes(DisasContext *s, 
uint32_t insn)
  *
  * size: encoded in imm5 (see ARM ARM LowestSetBit())
  */
+
 static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn,
  int imm5)
 {
 int size = ctz32(imm5);
-int esize = 8 << size;
-int elements = (is_q ? 128 : 64) / esize;
-int index, i;
-TCGv_i64 tmp;
+int index = imm5 >> (size + 1);
 
 if (size > 3 || (size == 3 && !is_q)) {
 unallocated_encoding(s);
 return;
 }
-
 if (!fp_access_check(s)) {
 return;
 }
 
-index = imm5 >> (size + 1);
-
-tmp = tcg_temp_new_i64();
-read_vec_element(s, tmp, rn, index, size);
-
-for (i = 0; i < elements; i++) {
-write_vec_element(s, tmp, rd, i, size);
-}
-
-if (!is_q) {
-clear_vec_high(s, rd);
-}
-
-tcg_temp_free_i64(tmp);
+tcg_gen_gvec_dup_mem(size, vec_full_reg_offset(s, rd),
+ vec_reg_offset(s, rn, index, size),
+ is_q ? 16 : 8, vec_full_reg_size(s));
 }
 
 /* DUP (element, scalar)
@@ -5926,9 +5912,7 @@ static void handle_simd_dupg(DisasContext *s, int is_q, 
int rd, int rn,
  int imm5)
 {
 int size = ctz32(imm5);
-int esize = 8 << size;
-int elements = (is_q ? 128 : 64)/esize;
-int i = 0;
+uint32_t dofs, oprsz, maxsz;
 
 if (size > 3 || ((size == 3) && !is_q)) {
 unallocated_encoding(s);
@@ -5939,12 +5923,11 @@ static void handle_simd_dupg(DisasContext *s, int is_q, 
int rd, int rn,
 return;
 }
 
-for (i = 0; i < elements; i++) {
-write_vec_element(s, cpu_reg(s, rn), rd, i, size);
-}
-if (!is_q) {
-clear_vec_high(s, rd);
-}
+dofs = vec_full_reg_offset(s, rd);
+oprsz = is_q ? 16 : 8;
+maxsz = vec_full_reg_size(s);
+
+tcg_gen_gvec_dup_i64(size, dofs, oprsz, maxsz, cpu_reg(s, rn));
 }
 
 /* INS (Element)
@@ -6135,7 +6118,6 @@ static void disas_simd_mod_imm(DisasContext *s, uint32_t 
insn)
 bool is_neg = extract32(insn, 29, 1);
 bool is_q = extract32(insn, 30, 1);
 uint64_t imm = 0;
-TCGv_i64 tcg_rd, tcg_imm;
 int i;
 
 if (o2 != 0 || ((cmode == 0xf) && is_neg && !is_q)) {
@@ -6217,32 +6199,35 @@ static void disas_simd_mod_imm(DisasContext *s, 
uint32_t insn)
 imm = ~imm;
 }
 
-tcg_imm = tcg_const_i64(imm);
-tcg_rd = new_tmp_a64(s);
+if (!((cmode & 0x9) == 0x1 || (cmode & 0xd) == 0x9)) {
+/* MOVI or MVNI, with MVNI negation handled above.  */
+tcg_gen_gvec_dup64i(vec_full_reg_offset(s, rd), is_q ? 16 : 8,
+vec_full_reg_size(s), imm);
+} else {
+TCGv_i64 tcg_imm = tcg_const_i64(imm);
+TCGv_i64 tcg_rd = new_tmp_a64(s);
 
-for (i = 0; i < 2; i++) {
-int foffs = i ? fp_reg_hi_offset(s, rd) : fp_reg_offset(s, rd, MO_64);
+for (i = 0; i < 2; i++) {
+int foffs = vec_reg_offset(s, rd, i, MO_64);
 
-if (i == 1 && !is_q) {
-/* non-quad ops clear high half of vector */
-tcg_gen_movi_i64(tcg_rd, 0);
-} else if ((cmode & 0x9) == 0x1 || (cmode & 0xd) == 0x9) {
-tcg_gen_ld_i64(tcg_rd, cpu_env, foffs);
-if (is_neg) {
-/* AND (BIC) */
-tcg_gen_and_i64(tcg_rd, tcg_rd, tcg_imm);
+if (i == 1 && !is_q) {
+/* non-quad ops clear high half of vector */
+tcg_gen_movi_i64(tcg_rd, 0);
 } else {
-/* ORR */
-tcg_gen_or_i64(tcg_rd, tcg_rd, tcg_imm);
+tcg_gen_ld_i64(tcg_rd, cpu_env, foffs);
+if (is_neg) {
+/* AND (BIC) */
+tcg_gen_and_i64(tcg_rd, tcg_rd, tcg_imm);
+} else {
+/* ORR */
+tcg_gen_or_i64(tcg_rd, tcg_rd, tcg_imm);
+}
 }
-} else {
-/* MOVI */
-tcg_gen_mov_i64(tcg_rd, tcg_imm);
+tcg_gen_st_i64(tcg_rd, cpu_env, foffs);
 }
-tcg_gen_st_i64(tcg_rd, cpu_env, foffs);
-}
 
-tcg_temp_free_i64(tcg_imm);
+tcg_temp_free_i64(tcg_imm);
+}
 }
 
 /* AdvSIMD scalar copy
-- 
2.13.6

[Qemu-devel] [PATCH v6 00/26] tcg: generic vector operations

2017-11-21 Thread Richard Henderson 
Quite a lot has changed since last time.

The representation has changed such that the vector length and element
size is stored in the TCGOp structure.  The functions have changed such
that the element size is passed explicitly rather than being encoded in
the function name.

I've added additional operations for multiply, immediate shifts, compares,
element interleaves, and widening.  I believe this is all we'll need for
implementing ARM SVE, so I'll leave off for now.

This has been tested vs aa64 risu on both x86_64 and aa64 hosts.


r~


Richard Henderson (26):
  tcg: Remove TCGV_UNUSED* and TCGV_IS_UNUSED*
  tcg: Dynamically allocate TCGOps
  tcg: Generalize TCGOp parameters
  tcg: Add types and basic operations for host vectors
  tcg: Add generic vector expanders
  tcg: Allow multiple word entries into the constant pool
  tcg: Add tcg_signed_cond
  target/arm: Align vector registers
  target/arm: Use vector infrastructure for aa64 add/sub/logic
  target/arm: Use vector infrastructure for aa64 mov/not/neg
  target/arm: Use vector infrastructure for aa64 dup/movi
  tcg/i386: Add vector operations
  tcg: Add tcg_expand_vec_op and tcg-target.opc.h
  tcg: Add generic vector ops for interleave
  target/arm: Use vector infrastructure for aa64 zip/uzp/trn/xtn
  tcg: Add generic vector ops for constant shifts
  target/arm: Use vector infrastructure for aa64 constant shifts
  tcg: Add generic vector ops for comparisons
  target/arm: Use vector infrastructure for aa64 compares
  tcg/i386: Add vector operations/expansions for shift/cmp/interleave
  tcg: Add generic vector ops for multiplication
  target/arm: Use vector infrastructure for aa64 multiplies
  tcg: Add generic vector ops for extension
  target/arm: Use vector infrastructure for aa64 widening shifts
  tcg/i386: Add vector operations/expansions for mul/extend
  tcg/aarch64: Add vector operations

 Makefile.target   |4 +-
 accel/tcg/tcg-runtime.h   |  102 +++
 include/exec/gen-icount.h |9 +-
 include/qemu/queue.h  |5 +
 target/arm/cpu.h  |2 +-
 target/arm/translate.h|   10 +-
 tcg/aarch64/tcg-target.h  |   30 +-
 tcg/aarch64/tcg-target.opc.h  |3 +
 tcg/i386/tcg-target.h |   46 +-
 tcg/i386/tcg-target.opc.h |   11 +
 tcg/tcg-gvec-desc.h   |   49 +
 tcg/tcg-op-gvec.h |  219 +
 tcg/tcg-op.h  |   55 +-
 tcg/tcg-opc.h |   59 ++
 tcg/tcg.h |  135 ++-
 accel/tcg/tcg-runtime-gvec.c  |  616 +
 target/alpha/translate.c  |   22 +-
 target/arm/translate-a64.c| 1135 ---
 target/arm/translate.c|   31 +-
 target/cris/translate.c   |4 +-
 target/hppa/translate.c   |   63 +-
 target/i386/translate.c   |   13 +-
 target/lm32/translate.c   |2 -
 target/m68k/translate.c   |   14 +-
 target/microblaze/translate.c |4 -
 target/mips/translate.c   |2 +-
 target/nios2/translate.c  |6 +-
 target/ppc/translate.c|2 +-
 target/s390x/translate.c  |   42 +-
 target/sh4/translate.c|2 +-
 target/sparc/translate.c  |2 +-
 target/tilegx/translate.c |   10 +-
 target/unicore32/translate.c  |4 +-
 tcg/aarch64/tcg-target.inc.c  |  674 +-
 tcg/i386/tcg-target.inc.c | 1325 +--
 tcg/optimize.c|   20 +-
 tcg/tcg-op-gvec.c | 2010 +
 tcg/tcg-op-vec.c  |  566 
 tcg/tcg-op.c  |   24 -
 tcg/tcg-pool.inc.c|  115 ++-
 tcg/tcg.c |  286 --
 accel/tcg/Makefile.objs   |2 +-
 tcg/README|  148 +++
 43 files changed, 7107 insertions(+), 776 deletions(-)
 create mode 100644 tcg/aarch64/tcg-target.opc.h
 create mode 100644 tcg/i386/tcg-target.opc.h
 create mode 100644 tcg/tcg-gvec-desc.h
 create mode 100644 tcg/tcg-op-gvec.h
 create mode 100644 accel/tcg/tcg-runtime-gvec.c
 create mode 100644 tcg/tcg-op-gvec.c
 create mode 100644 tcg/tcg-op-vec.c

-- 
2.13.6

[Qemu-devel] [PATCH v6 03/26] tcg: Generalize TCGOp parameters

2017-11-21 Thread Richard Henderson 
We had two fields specific to INDEX_op_call.  Rename these and
add some macros so that the fields may be reused for other opcodes.

Signed-off-by: Richard Henderson 
---
 tcg/tcg.h  | 10 ++
 tcg/optimize.c |  4 ++--
 tcg/tcg.c  | 22 +++---
 3 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index a577447846..f25efa9795 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -566,10 +566,9 @@ typedef uint16_t TCGLifeData;
 typedef struct TCGOp {
 TCGOpcode opc   : 8;/*  8 */
 
-/* The number of out and in parameter for a call.  */
-unsigned calli  : 4;/* 12 */
-unsigned callo  : 2;/* 14 */
-unsigned: 2;/* 16 */
+/* Parameters for this opcode.  See below.  */
+unsigned param1 : 4;/* 12 */
+unsigned param2 : 4;/* 16 */
 
 /* Lifetime data of the operands.  */
 unsigned life   : 16;   /* 32 */
@@ -581,6 +580,9 @@ typedef struct TCGOp {
 TCGArg args[MAX_OPC_PARAM];
 } TCGOp;
 
+#define TCGOP_CALLI(X)(X)->param1
+#define TCGOP_CALLO(X)(X)->param2
+
 /* Make sure operands fit in the bitfields above.  */
 QEMU_BUILD_BUG_ON(NB_OPS > (1 << 8));
 
diff --git a/tcg/optimize.c b/tcg/optimize.c
index e495680e95..2cbbeefd53 100644
--- a/tcg/optimize.c
+++ b/tcg/optimize.c
@@ -627,8 +627,8 @@ void tcg_optimize(TCGContext *s)
 /* Count the arguments, and initialize the temps that are
going to be used */
 if (opc == INDEX_op_call) {
-nb_oargs = op->callo;
-nb_iargs = op->calli;
+nb_oargs = TCGOP_CALLO(op);
+nb_iargs = TCGOP_CALLI(op);
 for (i = 0; i < nb_oargs + nb_iargs; i++) {
 TCGTemp *ts = arg_temp(op->args[i]);
 if (ts) {
diff --git a/tcg/tcg.c b/tcg/tcg.c
index f26949a900..93caa0be93 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -1430,7 +1430,7 @@ void tcg_gen_callN(void *func, TCGTemp *ret, int nargs, 
TCGTemp **args)
 } else {
 nb_rets = 0;
 }
-op->callo = nb_rets;
+TCGOP_CALLO(op) = nb_rets;
 
 real_args = 0;
 for (i = 0; i < nargs; i++) {
@@ -1469,10 +1469,10 @@ void tcg_gen_callN(void *func, TCGTemp *ret, int nargs, 
TCGTemp **args)
 }
 op->args[pi++] = (uintptr_t)func;
 op->args[pi++] = flags;
-op->calli = real_args;
+TCGOP_CALLI(op) = real_args;
 
 /* Make sure the fields didn't overflow.  */
-tcg_debug_assert(op->calli == real_args);
+tcg_debug_assert(TCGOP_CALLI(op) == real_args);
 tcg_debug_assert(pi <= ARRAY_SIZE(op->args));
 
 #if defined(__sparc__) && !defined(__arch64__) \
@@ -1634,8 +1634,8 @@ void tcg_dump_ops(TCGContext *s)
 }
 } else if (c == INDEX_op_call) {
 /* variable number of arguments */
-nb_oargs = op->callo;
-nb_iargs = op->calli;
+nb_oargs = TCGOP_CALLO(op);
+nb_iargs = TCGOP_CALLI(op);
 nb_cargs = def->nb_cargs;
 
 /* function name, flags, out args */
@@ -1996,8 +1996,8 @@ static void liveness_pass_1(TCGContext *s)
 {
 int call_flags;
 
-nb_oargs = op->callo;
-nb_iargs = op->calli;
+nb_oargs = TCGOP_CALLO(op);
+nb_iargs = TCGOP_CALLI(op);
 call_flags = op->args[nb_oargs + nb_iargs + 1];
 
 /* pure functions can be removed if their result is unused */
@@ -2233,8 +2233,8 @@ static bool liveness_pass_2(TCGContext *s)
 TCGTemp *arg_ts, *dir_ts;
 
 if (opc == INDEX_op_call) {
-nb_oargs = op->callo;
-nb_iargs = op->calli;
+nb_oargs = TCGOP_CALLO(op);
+nb_iargs = TCGOP_CALLI(op);
 call_flags = op->args[nb_oargs + nb_iargs + 1];
 } else {
 nb_iargs = def->nb_iargs;
@@ -2915,8 +2915,8 @@ static void tcg_reg_alloc_op(TCGContext *s, const TCGOp 
*op)
 
 static void tcg_reg_alloc_call(TCGContext *s, TCGOp *op)
 {
-const int nb_oargs = op->callo;
-const int nb_iargs = op->calli;
+const int nb_oargs = TCGOP_CALLO(op);
+const int nb_iargs = TCGOP_CALLI(op);
 const TCGLifeData arg_life = op->life;
 int flags, nb_regs, i;
 TCGReg reg;
-- 
2.13.6

[Qemu-devel] [PATCH v6 07/26] tcg: Add tcg_signed_cond

2017-11-21 Thread Richard Henderson 
Complimenting the existing tcg_unsigned_cond.

Signed-off-by: Richard Henderson 
---
 tcg/tcg.h | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 2acebd387a..49d4c5fe05 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -517,6 +517,12 @@ static inline TCGCond tcg_unsigned_cond(TCGCond c)
 return c & 2 ? (TCGCond)(c ^ 6) : c;
 }
 
+/* Create a "signed" version of an "unsigned" comparison.  */
+static inline TCGCond tcg_signed_cond(TCGCond c)
+{
+return c & 4 ? (TCGCond)(c ^ 6) : c;
+}
+
 /* Must a comparison be considered unsigned?  */
 static inline bool is_unsigned_cond(TCGCond c)
 {
-- 
2.13.6

[Qemu-devel] [Bug 1728256] Re: Memory corruption in Windows 10 guest / amd64

2017-11-21 Thread Jimi 
I have yet to try disabling swap, but in the 5 days since I downgraded
the kernel to 4.12.12 from 4.12.13, I have not had a single BSOD. I
think 4.12.13 is the culprit.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1728256

Title:
  Memory corruption in Windows 10 guest / amd64

Status in QEMU:
  New

Bug description:
  I have a Win 10 Pro x64 guest inside a qemu/kvm running on an Arch x86_64 
host. The VM has a physical GPU passed through, as well as the physical USB 
controllers, as well as a dedicated SSD attached via SATA; you can find the 
complete libvirt xml here: https://pastebin.com/U1ZAXBNg
  I built qemu from source using the qemu-minimal-git AUR package; you can find 
the build script here: 
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=qemu-minimal-git (if you 
aren't familiar with Arch, this is essentially a bash script where build() and 
package() are run to build the files, and then install them into the $pkgdir to 
later tar them up.)

  Starting with qemu v2.10.0, Windows crashes randomly with a bluescreen
  about CRITICAL_STRUCTURE_CORRUPTION. I also tested the git heads
  f90ea7ba7c, 861cd431c9 and e822e81e35, before I went back to v2.9.0,
  which is running stable for over 50 hours right now.

  During my tests I found that locking the memory pages alleviates the
  problem somewhat, but never completely avoids it. However, with the
  crashes occuring randomly, that could as well be false conclusions; I
  had crashes within minutes after boot with that too.

  I will now start `git bisect`ing; if you have any other suggestions on
  what I could try or possible patches feel free to leave them with me.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1728256/+subscriptions

Re: [Qemu-devel] [PATCH for-2.11] Fix build of console and GUI executables for Windows

2017-11-21 Thread Stefan Weil 
Am 16.11.2017 um 17:37 schrieb Stefan Weil:
> It was broken by commit 8ecc89f6e792152496eccb684d6c8c48aba8027d which
> moved the SDL linker flags from macro libs_softmmu to macro SDL_LIBS.
> 
> Signed-off-by: Stefan Weil 
> ---
> 
> Peter, can you apply this fix directly, or do you need a pull request?
> 
> Regards
> Stefan
> 
>  Makefile.target | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/Makefile.target b/Makefile.target
> index e4244c188a..f9a9da7e7c 100644
> --- a/Makefile.target
> +++ b/Makefile.target
> @@ -22,7 +22,7 @@ QEMU_PROG_BUILD = $(QEMU_PROG)
>  else
>  # system emulator name
>  QEMU_PROG=qemu-system-$(TARGET_NAME)$(EXESUF)
> -ifneq (,$(findstring -mwindows,$(libs_softmmu)))
> +ifneq (,$(findstring -mwindows,$(SDL_LIBS)))
>  # Terminate program name with a 'w' because the linker builds a windows 
> executable.
>  QEMU_PROGW=qemu-system-$(TARGET_NAME)w$(EXESUF)
>  $(QEMU_PROG): $(QEMU_PROGW)


The fix missed v2.11.0-rc2. Can it be applied before v2.11.0-rc3?

Thanks, Stefan

[Qemu-devel] [Bug 1728256] Re: Memory corruption in Windows 10 guest / amd64

2017-11-21 Thread Tyler Doherty 
I am on Arch as well, using a customized kernel using the vfio patchset
(in this case 4.13.11). I was having the same issue as you guys, where
my Windows 10 VM with an NVIDIA card passed in was getting the
CRITICAL_STRUCTURE_CORRUPTION blue screen error message after running
for a while. Usually I saw this when hitting some form of memory (GPU or
system RAM), and it was quick (~3 hours) to crash while mining on the
GPU (as that hits the GPU memory hard).

It looks like what Jimi said above about swap seeming to be a
contributing factor seems to be correct. I have disabled swap on my host
and have seen no instability thus far.

Windows 7 also may be seeing similar issues, though it was just crashing
though without displaying an error as far as I could see. This VM has an
AMD card in it. Same goes for it, where it also has not crashed after
more than a day after disabling swap.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1728256

Title:
  Memory corruption in Windows 10 guest / amd64

Status in QEMU:
  New

Bug description:
  I have a Win 10 Pro x64 guest inside a qemu/kvm running on an Arch x86_64 
host. The VM has a physical GPU passed through, as well as the physical USB 
controllers, as well as a dedicated SSD attached via SATA; you can find the 
complete libvirt xml here: https://pastebin.com/U1ZAXBNg
  I built qemu from source using the qemu-minimal-git AUR package; you can find 
the build script here: 
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=qemu-minimal-git (if you 
aren't familiar with Arch, this is essentially a bash script where build() and 
package() are run to build the files, and then install them into the $pkgdir to 
later tar them up.)

  Starting with qemu v2.10.0, Windows crashes randomly with a bluescreen
  about CRITICAL_STRUCTURE_CORRUPTION. I also tested the git heads
  f90ea7ba7c, 861cd431c9 and e822e81e35, before I went back to v2.9.0,
  which is running stable for over 50 hours right now.

  During my tests I found that locking the memory pages alleviates the
  problem somewhat, but never completely avoids it. However, with the
  crashes occuring randomly, that could as well be false conclusions; I
  had crashes within minutes after boot with that too.

  I will now start `git bisect`ing; if you have any other suggestions on
  what I could try or possible patches feel free to leave them with me.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1728256/+subscriptions

[Qemu-devel] [PATCH] ppc: fix VTB migration

2017-11-21 Thread Laurent Vivier 
Migration of a system under stress (for example, with
"stress-ng --numa 2") triggers on the destination
some kernel watchdog messages like:

NMI watchdog: BUG: soft lockup - CPU#0 stuck for 3489660870s!
NMI watchdog: BUG: soft lockup - CPU#1 stuck for 3489660884s!

This problem appears with the changes introduced by
42043e4 spapr: clock should count only if vm is running

I think this commit only triggers the problem.

Kernel computes the soft lockup duration using the
Virtual Timebase register (VTB), not using the Timebase
Register (TBR, the one 42043e4 stops).

It appears VTB is not migrated, so this patch adds it in
the list of the SPRs to migrate, and fixes the problem.

For the migration, I've tested a migration from qemu-2.8.0 and
pseries-2.8.0 to a patched master (qemu-2.11.0-rc1). The received
VTB is 0 (as is it not initialized by qemu-2.8.0), but the value
seems to be ignored by KVM and a non zero VTB is used by the kernel.
I have no explanation for that, but as the original problem appears
only with SMP system under stress I suspect some problems in KVM
(I think because VTB is shared by all threads of a core).

Signed-off-by: Laurent Vivier 
---
 target/ppc/translate_init.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index b9c49c22f2..4e11e6f489 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -8081,10 +8081,10 @@ static void gen_spr_power8_ebb(CPUPPCState *env)
 /* Virtual Time Base */
 static void gen_spr_vtb(CPUPPCState *env)
 {
-spr_register(env, SPR_VTB, "VTB",
+spr_register_kvm(env, SPR_VTB, "VTB",
  SPR_NOACCESS, SPR_NOACCESS,
  _read_tbl, SPR_NOACCESS,
- 0x);
+ KVM_REG_PPC_VTB, 0x);
 }
 
 static void gen_spr_power8_fscr(CPUPPCState *env)
-- 
2.13.6

Re: [Qemu-devel] [PATCH] accel/tcg/cpu-exec-common.c: Remove unnecessary include of memory-internal.h

2017-11-21 Thread Richard Henderson 
On 11/21/2017 04:07 PM, Peter Maydell wrote:
> The cpu-exec-common.c file includes memory-internal.h, but it doesn't
> actually use anything from that header. Remove the unnecessary include.
> 
> Signed-off-by: Peter Maydell 
> ---
>  accel/tcg/cpu-exec-common.c | 1 -
>  1 file changed, 1 deletion(-)

Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [ANNOUNCE] QEMU 2.11.0-rc2 is now available

2017-11-21 Thread Michael Roth 
Hello,

On behalf of the QEMU Team, I'd like to announce the availability of the
third release candidate for the QEMU 2.11 release.  This release is meant
for testing purposes and should not be used in a production environment.

  http://download.qemu-project.org/qemu-2.11.0-rc2.tar.xz
  http://download.qemu-project.org/qemu-2.11.0-rc2.tar.xz.sig

You can help improve the quality of the QEMU 2.11 release by testing this
release and reporting bugs on Launchpad:

  https://bugs.launchpad.net/qemu/

The release plan, as well a documented known issues for release
candidates, are available at:

  http://wiki.qemu.org/Planning/2.11

Please add entries to the ChangeLog for the 2.11 release below:

  http://wiki.qemu.org/ChangeLog/2.11

Changes since rc1:

a15d835f00: Update version for v2.11.0-rc2 release (Peter Maydell)
d975301dc8: qemu-iotest: add test for blockjob coroutine race condition (Jeff 
Cody)
a2339699c3: qemu-iotests: add option in common.qemu for mismatch only (Jeff 
Cody)
6133b39f3c: coroutine: abort if we try to schedule or enter a pending coroutine 
(Jeff Cody)
4afeffc857: blockjob: do not allow coroutine double entry or 
entry-after-completion (Jeff Cody)
7c3d1917fd: build: disarm the TCG unit test trap (Daniel P. Berrange)
2807746ff1: iotests: Fix 176 on 32-bit host (Eric Blake)
50a3efb0f0: block: Close a BlockDriverState completely even when bs->drv is 
NULL (Alberto Garcia)
70a5afedd6: block: Error out on load_vm with active dirty bitmaps (Kevin Wolf)
2b624fe079: block: Add errp to bdrv_all_goto_snapshot() (Kevin Wolf)
0b62bcbc61: block: Add errp to bdrv_snapshot_goto() (Kevin Wolf)
1f4ad7d3b8: block: Don't request I/O permission with BDRV_O_NO_IO (Kevin Wolf)
dacaa16238: block: Don't use BLK_PERM_CONSISTENT_READ for format probing (Kevin 
Wolf)
70b7fba987: Use HTTPS for qemu.org and other domains (Stefan Hajnoczi)
1b3bbc6887: Use qemu.org domain name (Stefan Hajnoczi)
d0dead3b6d: scripts/make-release: ship u-boot source as a tarball (Michael Roth)
34d49937e4: accel/tcg: Handle atomic accesses to notdirty memory correctly 
(Peter Maydell)
2726627197: exec.c: Factor out before/after actions for notdirty memory writes 
(Peter Maydell)
df83eabd52: qga: replace GetIfEntry with GetIfEntry2 for interface stats 
(ZhiPeng Lu)
6cbf1ec85c: pc-bios/s390-ccw.img: update image (Cornelia Huck)
f516511ea8: linux-user: Fix calculation of auxv length (Peter Maydell)
b350ae138f: hw/arm: Silence xlnx-ep108 deprecation warning during tests (Thomas 
Huth)
b6e70d1d7f: hw/arm/aspeed: Unlock SCU when running kernel (Joel Stanley)
50cd71b0d3: arm: check regime, not current state, for ATS write PAR format 
(Peter Maydell)
2b75ef01ca: nvic: Fix ARMv7M MPU_RBAR reads (Peter Maydell)
96a8b92ed8: target/arm: Report GICv3 sysregs present in ID registers if needed 
(Peter Maydell)
b11ce33fe0: Revert "cpu-exec: don't overwrite exception_index" (Peter Maydell)
8775d91a0f: pc-bios/s390-ccw: Fix problem with invalid virtio-scsi LUN when 
rebooting (Thomas Huth)
7337c6eb98: s390x/tcg: fix DIAG 308 with > 1 VCPU (MTTCG) (David Hildenbrand)
dc0bbef5e6: s390x: fix storing CPU status (again) (David Hildenbrand)
c527e0afcd: hw/net/vmxnet3: Fix code to work on big endian hosts, too (Thomas 
Huth)
0dacea92d2: net: Transmit zero UDP checksum as 0x (Ed Swierk)
ebc2327f07: MAINTAINERS: Add missing entry for eepro100 emulation (Stefan Weil)
8f8e8053d9: hw/net/eepro100: Fix endianness problem on big endian hosts (Thomas 
Huth)
2ec405524e: Revert "Add new PCI ID for i82559a" (Jason Wang)
4d36623520: colo-compare: fix the dangerous assignment (Mao Zhongyi)
8251248394: spapr: reset DRCs after devices (Greg Kurz)
7abd43baec: target/ppc: Update setting of cpu features to account for compat 
modes (Suraj Jitindar Singh)
c0012e9a22: iotests: Make 087 pass without AIO enabled (Max Reitz)
5e003f17ec: block: Make bdrv_next() keep strong references (Max Reitz)
08546bcfb2: qcow2: Fix overly broad madvise() (Max Reitz)
4efb1f7c61: qcow2: Refuse to get unaligned offsets from cache (Max Reitz)
23482f8a60: qcow2: Add bounds check to get_refblock_offset() (Max Reitz)
d470ad42ac: block: Guard against NULL bs->drv (Max Reitz)
93bbaf03ff: qcow2: Unaligned zero cluster in handle_alloc() (Max Reitz)
791fff504c: qcow2: check_errors are fatal (Max Reitz)
3e3b838ffe: qcow2: reject unaligned offsets in write compressed (Anton Nefedov)
2b7731938d: iotests: Add test for failing qemu-img commit (Max Reitz)
1b76e8389b: tests: Add check-qobject for equality tests (Max Reitz)
791cbccc94: iotests: Add test for non-string option reopening (Max Reitz)
54fd1b0d26: block: qobject_is_equal() in bdrv_reopen_prepare() (Max Reitz)
b38dd678a2: qapi: Add qobject_is_equal() (Max Reitz)
254bf807e5: qapi/qlist: Add qlist_append_null() macro (Max Reitz)
84be629d55: qapi/qnull: Add own header (Max Reitz)
4096974e18: qcow2: fix image corruption on commit with persistent bitmap (Eric 
Blake)
3590cd0f04: iotests: test clearing unknown autoclear_features by qcow2 
(Vladimir

Re: [Qemu-devel] [PATCH v1] migration/ram.c: do not set 'postcopy_running' in POSTCOPY_INCOMING_END

2017-11-21 Thread Dr. David Alan Gilbert 
* Juan Quintela (quint...@redhat.com) wrote:
> Daniel Henrique Barboza  wrote:
> > When migrating a VM with 'migrate_set_capability postcopy-ram on'
> > a postcopy_state is set during the process, ending up with the
> > state POSTCOPY_INCOMING_END when the migration is over. This
> > postcopy_state is taken into account inside ram_load to check
> > how it will load the memory pages. This same ram_load is called when
> > in a loadvm command.
> >
> > Inside ram_load, the logic to see if we're at postcopy_running state
> > is:
> >
> > postcopy_running = postcopy_state_get() >= POSTCOPY_INCOMING_LISTENING
> >
> > postcopy_state_get() returns this enum type:
> >
> > typedef enum {
> > POSTCOPY_INCOMING_NONE = 0,
> > POSTCOPY_INCOMING_ADVISE,
> > POSTCOPY_INCOMING_DISCARD,
> > POSTCOPY_INCOMING_LISTENING,
> > POSTCOPY_INCOMING_RUNNING,
> > POSTCOPY_INCOMING_END
> > } PostcopyState;
> >
> > In the case where ram_load is executed and postcopy_state is
> > POSTCOPY_INCOMING_END, postcopy_running will be set to 'true' and
> > ram_load will behave like a postcopy is in progress. This scenario isn't
> > achievable in a migration but it is reproducible when executing
> > savevm/loadvm after migrating with 'postcopy-ram on', causing loadvm
> > to fail with Error -22:
> >
> > Source:
> >
> > (qemu) migrate_set_capability postcopy-ram on
> > (qemu) migrate tcp:127.0.0.1:
> >
> > Dest:
> >
> > (qemu) migrate_set_capability postcopy-ram on
> > (qemu)
> > ubuntu1704-intel login:
> > Ubuntu 17.04 ubuntu1704-intel ttyS0
> >
> > ubuntu1704-intel login: (qemu)
> > (qemu) savevm test1
> > (qemu) loadvm test1
> > Unknown combination of migration flags: 0x4 (postcopy mode)
> > error while loading state for instance 0x0 of device 'ram'
> > Error -22 while loading VM state
> > (qemu)
> >
> > This patch fixes this problem by changing a bit the semantics
> > of postcopy_running inside ram_load, verifying first if
> > we're not in the POSTCOPY_INCOMING_END state. In this case,
> > postcopy_running is set to 'false'.
> >
> > Signed-off-by: Daniel Henrique Barboza 
> 
> Reviewed-by: Juan Quintela 
> 
> queued

Wrong version; v3 is:

http://lists.nongnu.org/archive/html/qemu-devel/2017-11/msg03188.html

Dave

> > ---
> >  migration/ram.c | 22 +++---
> >  1 file changed, 15 insertions(+), 7 deletions(-)
> >
> > diff --git a/migration/ram.c b/migration/ram.c
> > index 8620aa400a..43ed719668 100644
> > --- a/migration/ram.c
> > +++ b/migration/ram.c
> > @@ -2803,13 +2803,21 @@ static int ram_load(QEMUFile *f, void *opaque, int 
> > version_id)
> >  int flags = 0, ret = 0, invalid_flags = 0;
> >  static uint64_t seq_iter;
> >  int len = 0;
> > -/*
> > - * If system is running in postcopy mode, page inserts to host memory 
> > must
> > - * be atomic
> > - */
> > -bool postcopy_running = postcopy_state_get() >= 
> > POSTCOPY_INCOMING_LISTENING;
> > -/* ADVISE is earlier, it shows the source has the postcopy capability 
> > on */
> > -bool postcopy_advised = postcopy_state_get() >= 
> > POSTCOPY_INCOMING_ADVISE;
> > +bool postcopy_advised = false, postcopy_running = false;
> > +uint8_t postcopy_state = postcopy_state_get();
> > +
> > +if (postcopy_state != POSTCOPY_INCOMING_END) {
> > +/*
> > + * If system is running in postcopy mode, page inserts to host 
> > memory
> > + * must be atomic
> > + */
> > +postcopy_running = postcopy_state >= POSTCOPY_INCOMING_LISTENING;
> > +
> > +/* ADVISE is earlier, it shows the source has the postcopy
> > + * capability on
> > + */
> > +postcopy_advised = postcopy_state >= POSTCOPY_INCOMING_ADVISE;
> > +}
> >  
> >  seq_iter++;
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PULL 0/2] Migration pull request

2017-11-21 Thread Peter Maydell 
On 21 November 2017 at 18:47, Juan Quintela <quint...@redhat.com> wrote:
> Hi
>
> THis has two fixes for migration, please apply.
>
> Later, Juan.
>
> The following changes since commit a15d835f00dce270fd3194e83d9910f4b5b44ac0:
>
>   Update version for v2.11.0-rc2 release (2017-11-21 17:50:36 +)
>
> are available in the git repository at:
>
>   git://github.com/juanquintela/qemu.git tags/migration/20171121
>
> for you to fetch changes up to 383d8a77222c016610d626887de80e770cdd9936:
>
>   migration/ram.c: do not set 'postcopy_running' in POSTCOPY_INCOMING_END 
> (2017-11-21 19:42:26 +0100)
>
> 
> migration/next for 20171121
>
> 
> Anthony PERARD (1):
>   migration, xen: Fix block image lock issue on live migration
>
> Daniel Henrique Barboza (1):
>   migration/ram.c: do not set 'postcopy_running' in POSTCOPY_INCOMING_END

Missed rc2 by about half an hour :-(

thanks
-- PMM

Re: [Qemu-devel] [PATCH v3 00/45] Windbg supporting

2017-11-21 Thread no-reply 
Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v3 00/45] Windbg supporting
Type: series
Message-id: 151127322955.6888.16198535123422076171.st...@misha-pc.lan02.inno

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/151127322955.6888.16198535123422076171.st...@misha-pc.lan02.inno -> 
patchew/151127322955.6888.16198535123422076171.st...@misha-pc.lan02.inno
 * [new tag]   patchew/20171121142538.22072-1-berra...@redhat.com 
-> patchew/20171121142538.22072-1-berra...@redhat.com
Switched to a new branch 'test'
d362b89cac windbg: implemented kd_api_get_context_ex and kd_api_set_context_ex
18aff3dc37 windbg: added new api functions
2bcb5c3e4a windbg: implemented kd_api_query_memory
5ec1f614fe windbg: implemented kd_api_fill_memory
62f31d70ce windbg: implemented kd_api_search_memory
271fa73151 windbg: implemented kd_api_read_msr and kd_api_write_msr
3acac8e660 windbg: implemented kd_api_get_version
9de41ff4f4 windbg: implemented kd_api_read_physical_memory and 
kd_api_write_physical_memory
6b29ad10e5 windbg: implemented kd_api_read_io_space and kd_api_write_io_space
c5b8c6d44a windbg: implemented kd_api_continue
dd48382a4d windbg: debug exception subscribing
f39bcbc62e windbg: implemented kd_api_write_breakpoint and 
kd_api_restore_breakpoint
09dca429d2 windbg: implemented windbg_hw_breakpoint_insert and 
windbg_hw_breakpoint_remove
623796d1f2 windbg: implemented windbg_set_dr7
736fc3dd85 windbg: implemented windbg_set_dr
7fdef2c475 windbg: implemented windbg_set_sr
1a4d2aecdb windbg: implemented windbg_write_ks_regs
811bd2ada7 windbg: implemented windbg_read_ks_regs
65fbd065d8 windbg: implemented windbg_write_context
58e16be427 windbg: implemented windbg_read_context
d537b5a79b windbg: implemented kd_api_read_control_space and 
kd_api_write_control_space
e97babd70b windbg: implemented kd_api_get_context and kd_api_set_context
9dbe11adbd windbg: kernel's structures
77b3eba622 windbg: implemented kd_api_read_virtual_memory and 
kd_api_write_virtual_memory
7aecc04a58 windbg: implemented windbg_process_manipulate_packet
2aa0acc7d1 windbg: implemented windbg_process_data_packet
2bf0bd91ec windbg: implemented windbg_process_control_packet
75c0091cb6 windbg: windbg_vm_stop
a8181bff22 windbg: generate LoadSymbolsStateChange
05f4ef3358 windbg: generate ExceptionStateChange
bd46bf1699 windbg: sized data buffer
2032fcb9f0 windbg: init DBGKD_ANY_WAIT_STATE_CHANGE
eee56f5887 windbg: handler of parsing context
a906b8b0d9 windbg: send data and control packets
7ba62b6241 windbg: parsing data stream
dfc08cb26c windbg: structures for parsing data stream
7d750760fb windbg: handler of fs/gs register
4ccf74e383 windbg: hook to wrmsr operation
696a5b890e windbg: added chardev
3dd2e38059 windbg: added WindbgState
71cde42e04 windbg: added helper features
8802776fb8 windbg: added '-windbg' option
65edc4e965 windbg: modified windbgkd.h
d2114acd58 windbg: added windbg's KD header file
8b0599de68 windbg: added empty windbgstub files

=== OUTPUT BEGIN ===
Checking PATCH 1/45: windbg: added empty windbgstub files...
ERROR: do not set execute permissions for source files
#30: FILE: include/exec/windbgstub-utils.h

ERROR: do not set execute permissions for source files
#54: FILE: include/exec/windbgstub.h

ERROR: do not set execute permissions for source files
#89: FILE: stubs/windbgstub.c

ERROR: do not set execute permissions for source files
#123: FILE: target/i386/windbgstub.c

ERROR: do not set execute permissions for source files
#141: FILE: windbgstub-utils.c

ERROR: do not set execute permissions for source files
#159: FILE: windbgstub.c

total: 6 errors, 0 warnings, 121 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 2/45: windbg: added windbg's KD header file...
ERROR: do not set execute permissions for source files
#14: FILE: include/exec/windbgkd.h

total: 1 errors, 0 warnings, 879 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 3/45: windbg: modified windbgkd.h...
Checking PATCH 4/45: windbg: added '-windbg' option...
Checking PATCH 5/45: windbg: added helper features...
Checking PATCH 6/45: windbg:

[Qemu-devel] [PULL 1/2] migration, xen: Fix block image lock issue on live migration

2017-11-21 Thread Juan Quintela 
From: Anthony PERARD 

When doing a live migration of a Xen guest with libxl, the images for
block devices are locked by the original QEMU process, and this prevent
the QEMU at the destination to take the lock and the migration fail.

>From QEMU point of view, once the RAM of a domain is migrated, there is
two QMP commands, "stop" then "xen-save-devices-state", at which point a
new QEMU is spawned at the destination.

Release locks in "xen-save-devices-state" so the destination can takes
them, if it's a live migration.

This patch add the "live" parameter to "xen-save-devices-state" which
default to true so older version of libxenlight can work with newer
version of QEMU.

Signed-off-by: Anthony PERARD 
Reviewed-by: Dr. David Alan Gilbert 
Reviewed-by: Juan Quintela 
Signed-off-by: Juan Quintela 
---
 migration/savevm.c  | 23 ++-
 qapi/migration.json |  6 +-
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/migration/savevm.c b/migration/savevm.c
index 192f2d82cd..b7908f62be 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -2242,13 +2242,20 @@ int save_snapshot(const char *name, Error **errp)
 return ret;
 }
 
-void qmp_xen_save_devices_state(const char *filename, Error **errp)
+void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live,
+Error **errp)
 {
 QEMUFile *f;
 QIOChannelFile *ioc;
 int saved_vm_running;
 int ret;
 
+if (!has_live) {
+/* live default to true so old version of Xen tool stack can have a
+ * successfull live migration */
+live = true;
+}
+
 saved_vm_running = runstate_is_running();
 vm_stop(RUN_STATE_SAVE_VM);
 global_state_store_running();
@@ -2263,6 +2270,20 @@ void qmp_xen_save_devices_state(const char *filename, 
Error **errp)
 qemu_fclose(f);
 if (ret < 0) {
 error_setg(errp, QERR_IO_ERROR);
+} else {
+/* libxl calls the QMP command "stop" before calling
+ * "xen-save-devices-state" and in case of migration failure, libxl
+ * would call "cont".
+ * So call bdrv_inactivate_all (release locks) here to let the other
+ * side of the migration take controle of the images.
+ */
+if (live && !saved_vm_running) {
+ret = bdrv_inactivate_all();
+if (ret) {
+error_setg(errp, "%s: bdrv_inactivate_all() failed (%d)",
+   __func__, ret);
+}
+}
 }
 
  the_end:
diff --git a/qapi/migration.json b/qapi/migration.json
index bbc4671ded..03f57c9616 100644
--- a/qapi/migration.json
+++ b/qapi/migration.json
@@ -1075,6 +1075,9 @@
 # data. See xen-save-devices-state.txt for a description of the binary
 # format.
 #
+# @live: Optional argument to ask QEMU to treat this command as part of a live
+# migration. Default to true. (since 2.11)
+#
 # Returns: Nothing on success
 #
 # Since: 1.1
@@ -1086,7 +1089,8 @@
 # <- { "return": {} }
 #
 ##
-{ 'command': 'xen-save-devices-state', 'data': {'filename': 'str'} }
+{ 'command': 'xen-save-devices-state',
+  'data': {'filename': 'str', '*live':'bool' } }
 
 ##
 # @xen-set-replication:
-- 
2.13.6

[Qemu-devel] [PULL 2/2] migration/ram.c: do not set 'postcopy_running' in POSTCOPY_INCOMING_END

2017-11-21 Thread Juan Quintela 
From: Daniel Henrique Barboza 

When migrating a VM with 'migrate_set_capability postcopy-ram on'
a postcopy_state is set during the process, ending up with the
state POSTCOPY_INCOMING_END when the migration is over. This
postcopy_state is taken into account inside ram_load to check
how it will load the memory pages. This same ram_load is called when
in a loadvm command.

Inside ram_load, the logic to see if we're at postcopy_running state
is:

postcopy_running = postcopy_state_get() >= POSTCOPY_INCOMING_LISTENING

postcopy_state_get() returns this enum type:

typedef enum {
POSTCOPY_INCOMING_NONE = 0,
POSTCOPY_INCOMING_ADVISE,
POSTCOPY_INCOMING_DISCARD,
POSTCOPY_INCOMING_LISTENING,
POSTCOPY_INCOMING_RUNNING,
POSTCOPY_INCOMING_END
} PostcopyState;

In the case where ram_load is executed and postcopy_state is
POSTCOPY_INCOMING_END, postcopy_running will be set to 'true' and
ram_load will behave like a postcopy is in progress. This scenario isn't
achievable in a migration but it is reproducible when executing
savevm/loadvm after migrating with 'postcopy-ram on', causing loadvm
to fail with Error -22:

Source:

(qemu) migrate_set_capability postcopy-ram on
(qemu) migrate tcp:127.0.0.1:

Dest:

(qemu) migrate_set_capability postcopy-ram on
(qemu)
ubuntu1704-intel login:
Ubuntu 17.04 ubuntu1704-intel ttyS0

ubuntu1704-intel login: (qemu)
(qemu) savevm test1
(qemu) loadvm test1
Unknown combination of migration flags: 0x4 (postcopy mode)
error while loading state for instance 0x0 of device 'ram'
Error -22 while loading VM state
(qemu)

This patch fixes this problem by changing a bit the semantics
of postcopy_running inside ram_load, verifying first if
we're not in the POSTCOPY_INCOMING_END state. In this case,
postcopy_running is set to 'false'.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Juan Quintela 
Signed-off-by: Juan Quintela 
---
 migration/ram.c | 22 +++---
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index 8620aa400a..43ed719668 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2803,13 +2803,21 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
 int flags = 0, ret = 0, invalid_flags = 0;
 static uint64_t seq_iter;
 int len = 0;
-/*
- * If system is running in postcopy mode, page inserts to host memory must
- * be atomic
- */
-bool postcopy_running = postcopy_state_get() >= 
POSTCOPY_INCOMING_LISTENING;
-/* ADVISE is earlier, it shows the source has the postcopy capability on */
-bool postcopy_advised = postcopy_state_get() >= POSTCOPY_INCOMING_ADVISE;
+bool postcopy_advised = false, postcopy_running = false;
+uint8_t postcopy_state = postcopy_state_get();
+
+if (postcopy_state != POSTCOPY_INCOMING_END) {
+/*
+ * If system is running in postcopy mode, page inserts to host memory
+ * must be atomic
+ */
+postcopy_running = postcopy_state >= POSTCOPY_INCOMING_LISTENING;
+
+/* ADVISE is earlier, it shows the source has the postcopy
+ * capability on
+ */
+postcopy_advised = postcopy_state >= POSTCOPY_INCOMING_ADVISE;
+}
 
 seq_iter++;
 
-- 
2.13.6

[Qemu-devel] [PULL 0/2] Migration pull request

2017-11-21 Thread Juan Quintela 
Hi

THis has two fixes for migration, please apply.

Later, Juan.

The following changes since commit a15d835f00dce270fd3194e83d9910f4b5b44ac0:

  Update version for v2.11.0-rc2 release (2017-11-21 17:50:36 +)

are available in the git repository at:

  git://github.com/juanquintela/qemu.git tags/migration/20171121

for you to fetch changes up to 383d8a77222c016610d626887de80e770cdd9936:

  migration/ram.c: do not set 'postcopy_running' in POSTCOPY_INCOMING_END 
(2017-11-21 19:42:26 +0100)


migration/next for 20171121


Anthony PERARD (1):
  migration, xen: Fix block image lock issue on live migration

Daniel Henrique Barboza (1):
  migration/ram.c: do not set 'postcopy_running' in POSTCOPY_INCOMING_END

 migration/ram.c | 22 +++---
 migration/savevm.c  | 23 ++-
 qapi/migration.json |  6 +-
 3 files changed, 42 insertions(+), 9 deletions(-)

Re: [Qemu-devel] [PATCH for-2.12 1/2] cadence_ttc: extract CadenceTTCState to a new header file

2017-11-21 Thread Peter Maydell 
On 8 November 2017 at 11:32, KONRAD Frederic
 wrote:
> We want to add this model to the xlnx-zynqmp board so let's make
> CadenceTTCState available in an header file.
>
> Signed-off-by: KONRAD Frederic 
> ---
>  hw/timer/cadence_ttc.c | 35 +---
>  include/hw/timer/cadence_ttc.h | 61 
> ++
>  2 files changed, 62 insertions(+), 34 deletions(-)
>  create mode 100644 include/hw/timer/cadence_ttc.h
>
> diff --git a/hw/timer/cadence_ttc.c b/hw/timer/cadence_ttc.c
> index 03f5b9c..bb4a5ef 100644
> --- a/hw/timer/cadence_ttc.c
> +++ b/hw/timer/cadence_ttc.c
> @@ -16,9 +16,7 @@
>   * with this program; if not, see .
>   */
>
> -#include "qemu/osdep.h"
> -#include "hw/sysbus.h"
> -#include "qemu/timer.h"
> +#include "hw/timer/cadence_ttc.h"

Something's gone wrong here. osdep.h should always be the first
header in any .c file, and it should never be included by any
other .h file.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 for-2.11] migration, xen: Fix block image lock issue on live migration

2017-11-21 Thread Juan Quintela 
Anthony PERARD  wrote:
> When doing a live migration of a Xen guest with libxl, the images for
> block devices are locked by the original QEMU process, and this prevent
> the QEMU at the destination to take the lock and the migration fail.
>
> From QEMU point of view, once the RAM of a domain is migrated, there is
> two QMP commands, "stop" then "xen-save-devices-state", at which point a
> new QEMU is spawned at the destination.
>
> Release locks in "xen-save-devices-state" so the destination can takes
> them, if it's a live migration.
>
> This patch add the "live" parameter to "xen-save-devices-state" which
> default to true so older version of libxenlight can work with newer
> version of QEMU.
>
> Signed-off-by: Anthony PERARD 
> ---
> Changes in V2:
> - add the live parameter
>
> CC: Kevin Wolf 
>
> also CCing libxl maintainers:
> CC: Ian Jackson 
> CC: Wei Liu 

Reviewed-by: Juan Quintela 
queued

Re: [Qemu-devel] [PATCH v1] migration/ram.c: do not set 'postcopy_running' in POSTCOPY_INCOMING_END

2017-11-21 Thread Juan Quintela 
Daniel Henrique Barboza  wrote:
> When migrating a VM with 'migrate_set_capability postcopy-ram on'
> a postcopy_state is set during the process, ending up with the
> state POSTCOPY_INCOMING_END when the migration is over. This
> postcopy_state is taken into account inside ram_load to check
> how it will load the memory pages. This same ram_load is called when
> in a loadvm command.
>
> Inside ram_load, the logic to see if we're at postcopy_running state
> is:
>
> postcopy_running = postcopy_state_get() >= POSTCOPY_INCOMING_LISTENING
>
> postcopy_state_get() returns this enum type:
>
> typedef enum {
> POSTCOPY_INCOMING_NONE = 0,
> POSTCOPY_INCOMING_ADVISE,
> POSTCOPY_INCOMING_DISCARD,
> POSTCOPY_INCOMING_LISTENING,
> POSTCOPY_INCOMING_RUNNING,
> POSTCOPY_INCOMING_END
> } PostcopyState;
>
> In the case where ram_load is executed and postcopy_state is
> POSTCOPY_INCOMING_END, postcopy_running will be set to 'true' and
> ram_load will behave like a postcopy is in progress. This scenario isn't
> achievable in a migration but it is reproducible when executing
> savevm/loadvm after migrating with 'postcopy-ram on', causing loadvm
> to fail with Error -22:
>
> Source:
>
> (qemu) migrate_set_capability postcopy-ram on
> (qemu) migrate tcp:127.0.0.1:
>
> Dest:
>
> (qemu) migrate_set_capability postcopy-ram on
> (qemu)
> ubuntu1704-intel login:
> Ubuntu 17.04 ubuntu1704-intel ttyS0
>
> ubuntu1704-intel login: (qemu)
> (qemu) savevm test1
> (qemu) loadvm test1
> Unknown combination of migration flags: 0x4 (postcopy mode)
> error while loading state for instance 0x0 of device 'ram'
> Error -22 while loading VM state
> (qemu)
>
> This patch fixes this problem by changing a bit the semantics
> of postcopy_running inside ram_load, verifying first if
> we're not in the POSTCOPY_INCOMING_END state. In this case,
> postcopy_running is set to 'false'.
>
> Signed-off-by: Daniel Henrique Barboza 

Reviewed-by: Juan Quintela 

queued

> ---
>  migration/ram.c | 22 +++---
>  1 file changed, 15 insertions(+), 7 deletions(-)
>
> diff --git a/migration/ram.c b/migration/ram.c
> index 8620aa400a..43ed719668 100644
> --- a/migration/ram.c
> +++ b/migration/ram.c
> @@ -2803,13 +2803,21 @@ static int ram_load(QEMUFile *f, void *opaque, int 
> version_id)
>  int flags = 0, ret = 0, invalid_flags = 0;
>  static uint64_t seq_iter;
>  int len = 0;
> -/*
> - * If system is running in postcopy mode, page inserts to host memory 
> must
> - * be atomic
> - */
> -bool postcopy_running = postcopy_state_get() >= 
> POSTCOPY_INCOMING_LISTENING;
> -/* ADVISE is earlier, it shows the source has the postcopy capability on 
> */
> -bool postcopy_advised = postcopy_state_get() >= POSTCOPY_INCOMING_ADVISE;
> +bool postcopy_advised = false, postcopy_running = false;
> +uint8_t postcopy_state = postcopy_state_get();
> +
> +if (postcopy_state != POSTCOPY_INCOMING_END) {
> +/*
> + * If system is running in postcopy mode, page inserts to host memory
> + * must be atomic
> + */
> +postcopy_running = postcopy_state >= POSTCOPY_INCOMING_LISTENING;
> +
> +/* ADVISE is earlier, it shows the source has the postcopy
> + * capability on
> + */
> +postcopy_advised = postcopy_state >= POSTCOPY_INCOMING_ADVISE;
> +}
>  
>  seq_iter++;

Re: [Qemu-devel] [PATCH v7 00/13] Add support for the ZynqMP Generic QSPI

2017-11-21 Thread Peter Maydell 
On 3 November 2017 at 00:00, Francisco Iglesias
 wrote:
> Hi,
>
> This patch series is an attempt to add support for the ZynqMP QSPI (consisting
> of the Generic QSPI and the legacy QSPI) to the xlnx-zcu102 board and connect
> Numonyx n25q512a11 flashes to the QSPI. Also some functionality is added to
> m25p80.
>
> The series starts by adding support in m25p80 for continous read out of status
> registers, SST flash READ ID commands, bank address register accesses, bulk
> erase (0x60) and two Numonyx flashes (n25q512a11 and n25q512a13). Thereafter 
> it
> updates the striping behaviour to be bit big endiann in the Xilinx QSPI model
> and adds support for RX discard, zero pumping according transfer register and 
> 4
> byte LQSPI addresses. Finally it adds support for the ZynqMP Generic QSPI and
> adds the ZynqMP QSPI to the xlnx-zcu102 board.
>
> Best regards,
> Francisco Iglesias

Hi; just a note to say that I'm assuming the Xilinx folk are going
to review the xilinx_spips patches in this set...

thanks
-- PMM

Re: [Qemu-devel] KVM "fake DAX" flushing interface - discussion

2017-11-21 Thread Rik van Riel 
On Tue, 2017-11-21 at 10:26 -0800, Dan Williams wrote:
> On Tue, Nov 21, 2017 at 10:19 AM, Rik van Riel 
> wrote:
> > On Fri, 2017-11-03 at 14:21 +0800, Xiao Guangrong wrote:
> > > On 11/03/2017 12:30 AM, Dan Williams wrote:
> > > > 
> > > > Good point, I was assuming that the mmio flush interface would
> > > > be
> > > > discovered separately from the NFIT-defined memory range.
> > > > Perhaps
> > > > via
> > > > PCI in the guest? This piece of the proposal  needs a bit more
> > > > thought...
> > > > 
> > > 
> > > Consider the case that the vNVDIMM device on normal storage and
> > > vNVDIMM device on real nvdimm hardware can both exist in VM, the
> > > flush interface should be able to associate with the SPA region
> > > respectively. That's why I'd like to integrate the flush
> > > interface
> > > into NFIT/ACPI by using a separate table. Is it possible to be a
> > > part of ACPI specification? :)
> > 
> > It would also be perfectly fine to have the
> > virtio PCI device indicate which vNVDIMM
> > range it flushes.
> > 
> > Since the guest OS needs to support that kind
> > of device anyway, does it really matter which
> > direction the device association points?
> > 
> > We can go with the "best" interface for what
> > could be a relatively slow flush (fsync on a
> > file on ssd/disk on the host), which requires
> > that the flushing task wait on completion
> > asynchronously.
> > 
> > If that kind of interface cannot be advertised
> > through NFIT/ACPI, wouldn't it be perfectly fine
> > to have only the virtio PCI device indicate which
> > vNVDIMM range it flushes?
> > 
> 
> Yes, we could do this with a custom PCI device, however the NFIT is
> frustratingly close to being able to define something like this. At
> the very least we can start with a "SPA Range GUID" that is Linux
> specific to indicate "call this virtio flush interface on FUA / flush
> cache requests" as a stop gap until a standardized flush interface
> can
> be defined.

Ahh, is that a "look for a device with this GUID"
NFIT hint?

That would be enough to tip off OSes that do not
support that device that they found a vNVDIMM
device that they cannot safely flush, which could
help them report such errors to userspace...

-- 
All rights reversed

signature.asc
Description: This is a digitally signed message part

Re: [Qemu-devel] [PATCH v3 00/30] Initial i.MX7 support

2017-11-21 Thread Peter Maydell 
On 6 November 2017 at 15:47, Andrey Smirnov  wrote:
> Hi everyone,
> - Added proper USB emulation code, so now it should be possible to
>   emulated guest's USB bus

The patchset is huge as it is, if you add more stuff to it
it makes it even more likely to sink to the bottom of my
to-review queue...

> Peter, I didn't hear anything from you about the code of
> mcimx7d_add_psci_node(), as discussed here:
>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg486874.html
>
> so I kept the original code intact. As I mentioned before, my goal was
> to be able to boot into vanilla Linux kerenel and have working SMP
> without needing to use a PSCI implementing bootloader. If that is
> something that new board code shouldn't do, please let me know.

Broadly, board code should work the same way the real hardware
does, unless there's a clear reason why not. "virt" is special
because it writes its own dtb entirely.

Maybe PSCI does need to be a different special case, since we're
emulating part of a bootloader here. But if so I think that code
belongs more in hw/arm/boot.c, so that we automatically fix up the
dtb to say "we have psci" if we are (a) booting a kernel directly
and (b) the CPU has the psci-conduit property set to enable QEMU's
PSCI implementation.

(Also the code in virt.c for adding a PSCI node is considerably
fuller-featured than yours is.)

> Thanks,
> Andrey Smirnov
>
> [v2] https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg05516.html
> [v1] https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg04770.html
>
>
> Andrey Smirnov (30):
>   imx_fec: Do not link to netdev
>   imx_fec: Refactor imx_eth_enable_rx()
>   imx_fec: Change queue flushing heuristics
>   imx_fec: Use ENET_FTRL to determine truncation length
>   imx_fec: Use MIN instead of explicit ternary operator
>   imx_fec: Emulate SHIFT16 in ENETx_RACC
>   imx_fec: Add support for multiple Tx DMA rings
>   imx_fec: Use correct length for packet size
>   imx_fec: Fix a typo in imx_enet_receive()
>   imx_fec: Reserve full 4K page for the register file
>   sdhci: Add i.MX specific subtype of SDHCI
>   sdhci: Implement write method of ACMD12ERRSTS register

Everything above here is pretty nearly ready to go in;
if you send that as a patchseries then it should be easy
to review and queue ready for 2.12 (which will open up
for new commits in mid-december).

>   i.MX: Add code to emulate i.MX7 CCM, PMU and ANALOG IP blocks
>   i.MX: Add code to emulate i.MX2 watchdog IP block
>   i.MX: Add code to emulate i.MX7 SNVS IP-block
>   i.MX: Add code to emulate GPCv2 IP block
>   i.MX: Add code to emulate i.MX7 IOMUXC IP block
>   i.MX: Add i.MX7 GPT variant
>   i.MX: Add code to emulate SDMA IP block
>   i.MX: Add code to emulate FlexCAN IP block
>   i.MX: Add implementation of i.MX7 GPR IP block
>   pci: Add support for Designware IP block
>   i.MX: Add code to emulate i.MX7 USBMISC IP block
>   i.MX: Add code to emulate i.MX7 ADC IP block
>   i.MX: Add code to emulate i.MX7 SRC IP-block
>   usb: Add basic code to emulate Chipidea USB IP
>   ARM: Add basic code to emulate A7MPCore DAP block
>   i.MX: Add code to emulate i.MX LCD block
>   i.MX: Add i.MX7 SOC implementation.
>   Implement support for i.MX7 Sabre board

My review in this part of the patchset is more sketchy,
but you can probably adjust the later patches as per
remarks on the earlier ones.

thanks
-- PMM

Re: [Qemu-devel] KVM "fake DAX" flushing interface - discussion

2017-11-21 Thread Dan Williams 
On Tue, Nov 21, 2017 at 10:19 AM, Rik van Riel  wrote:
> On Fri, 2017-11-03 at 14:21 +0800, Xiao Guangrong wrote:
>> On 11/03/2017 12:30 AM, Dan Williams wrote:
>> >
>> > Good point, I was assuming that the mmio flush interface would be
>> > discovered separately from the NFIT-defined memory range. Perhaps
>> > via
>> > PCI in the guest? This piece of the proposal  needs a bit more
>> > thought...
>> >
>>
>> Consider the case that the vNVDIMM device on normal storage and
>> vNVDIMM device on real nvdimm hardware can both exist in VM, the
>> flush interface should be able to associate with the SPA region
>> respectively. That's why I'd like to integrate the flush interface
>> into NFIT/ACPI by using a separate table. Is it possible to be a
>> part of ACPI specification? :)
>
> It would also be perfectly fine to have the
> virtio PCI device indicate which vNVDIMM
> range it flushes.
>
> Since the guest OS needs to support that kind
> of device anyway, does it really matter which
> direction the device association points?
>
> We can go with the "best" interface for what
> could be a relatively slow flush (fsync on a
> file on ssd/disk on the host), which requires
> that the flushing task wait on completion
> asynchronously.
>
> If that kind of interface cannot be advertised
> through NFIT/ACPI, wouldn't it be perfectly fine
> to have only the virtio PCI device indicate which
> vNVDIMM range it flushes?
>

Yes, we could do this with a custom PCI device, however the NFIT is
frustratingly close to being able to define something like this. At
the very least we can start with a "SPA Range GUID" that is Linux
specific to indicate "call this virtio flush interface on FUA / flush
cache requests" as a stop gap until a standardized flush interface can
be defined.

Re: [Qemu-devel] [PATCH v3 30/30] Implement support for i.MX7 Sabre board

2017-11-21 Thread Peter Maydell 
On 6 November 2017 at 15:48, Andrey Smirnov  wrote:
> Implement code needed to set up emulation of MCIMX7SABRE board from
> NXP. For more info about the HW see:
>
> https://www.nxp.com/support/developer-resources/hardware-development-tools/sabre-development-system/sabre-board-for-smart-devices-based-on-the-i.mx-7dual-applications-processors:MCIMX7SABRE

You could put this URL in a comment in the code as well.

> Cc: Peter Maydell 
> Cc: Jason Wang 
> Cc: Philippe Mathieu-Daudé 
> Cc: qemu-devel@nongnu.org
> Cc: qemu-...@nongnu.org
> Cc: yurov...@gmail.com
> Signed-off-by: Andrey Smirnov 
> ---
>  hw/arm/Makefile.objs   |   2 +-
>  hw/arm/mcimx7d-sabre.c | 101 
> +
>  2 files changed, 102 insertions(+), 1 deletion(-)
>  create mode 100644 hw/arm/mcimx7d-sabre.c
>
> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
> index f379ddc74b..eb6f6c5997 100644
> --- a/hw/arm/Makefile.objs
> +++ b/hw/arm/Makefile.objs
> @@ -19,5 +19,5 @@ obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
>  obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
>  obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o aspeed.o
>  obj-$(CONFIG_MPS2) += mps2.o
> -obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o
> +obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o mcimx7d-sabre.o
>
> diff --git a/hw/arm/mcimx7d-sabre.c b/hw/arm/mcimx7d-sabre.c
> new file mode 100644
> index 00..7ca8e668e8
> --- /dev/null
> +++ b/hw/arm/mcimx7d-sabre.c
> @@ -0,0 +1,101 @@
> +/*
> + * Copyright (c) 2017, Impinj, Inc.
> + *
> + * MCIMX7D_SABRE Board System emulation.
> + *
> + * Author: Andrey Smirnov 
> + *
> + * This code is licensed under the GPL, version 2 or later.
> + * See the file `COPYING' in the top level directory.
> + *
> + * It (partially) emulates a mcimx7d_sabre board, with a Freescale
> + * i.MX7 SoC
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qapi/error.h"
> +#include "qemu-common.h"
> +#include "hw/arm/fsl-imx7.h"
> +#include "hw/boards.h"
> +#include "sysemu/sysemu.h"
> +#include "sysemu/device_tree.h"
> +#include "qemu/error-report.h"
> +#include "sysemu/qtest.h"
> +#include "net/net.h"
> +
> +typedef struct {
> +FslIMX7State soc;
> +MemoryRegion ram;
> +} MCIMX7Sabre;
> +
> +static void mcimx7d_add_psci_node(const struct arm_boot_info *boot_info,
> +  void *fdt)
> +{
> +const char comp[] = "arm,psci-0.2\0arm,psci";
> +
> +qemu_fdt_add_subnode(fdt, "/psci");
> +qemu_fdt_setprop(fdt, "/psci", "compatible", comp, sizeof(comp));
> +qemu_fdt_setprop_string(fdt, "/psci", "method", "smc");
> +}

I'm still unconvinced by this (none of the other i.mx boards we have
have anything like it). How does the real hardware boot SMP ?

thanks
-- PMM

  1   2   3   >