Re: [Qemu-devel] Qemu SDL2 bug

[Howard Spoelstra]

On Mon, Feb 19, 2018 at 8:09 AM, Thomas Huth  wrote:
> On 18.02.2018 11:11, Howard Spoelstra wrote:
>> Hi,
>>
>> I'd like to report a bug when using the SDL2 GUI in both Linux and
>> Windows, which can be observed with in my case latest qemu-system-ppc
>> running parallel instances of OSX 10.4 and 10.3.
>>
>> After switching back and forth between GUIs, dragging becomes copying,
>> keyboard starts using a strange character set.
>> An additional "Alt" key press is needed to restore normal behaviour.
>
>  Hi,
>
> how do you switch back and forth between GUIs? Using the mouse or a
> keystroke? I guess the latter ... sounds like the Alt key could be
> "stuck" in the guest?
>
>  Thomas

Hi,

With SDL, unlike GTK, the mouse does not move outside the window. So I
have to use Ctrl-Alt-G to release focus and then click in the other
window. After two switches the reported issue occurs. Indeed, the Alt
key seems to go into a state in which it is stuck. When trying to
exclude my own keyboard being at fault, I've also noticed the right
Alt key on my keyboard cannot be used for the release.

Best,
Howard

Re: [Qemu-devel] e1000e: MSI-X problem with recent Linux drivers

[Jan Kiszka]

On 2018-02-18 21:54, Jan Kiszka wrote:
> Hi,
> 
> I've just noticed that the e1000e model does not work with its recent
> Linux kernel driver. This is my test matrix:
> 
> KernelINTx (IntMode=0)MSI-X
> 4.4   OK  OK
> 4.14  OK  no link
> masterOK  no link

FWIW: 4.9 (Debian kernel) is fine as well.

> 
> In MSI-X mode, there are few interrupts arriving:
> [...]
>  25:  0  0  0  0  IR-PCI-MSI 32768-edge  
> enp0s2-rx-0
>  26:  0  0  0  0  IR-PCI-MSI 32769-edge  
> enp0s2-tx-0
>  27:  0  2  0  0  IR-PCI-MSI 32770-edge  
> enp0s2
> 
> QEMU versions tested without differences: v2.8, v2.9, master.
> 
> Any ideas what could go wrong, and where?
> 
> Jan
> 




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2/5] tests: more thorough test of ds1338

[Thomas Huth]

On 19.02.2018 05:03, Michael Davidsaver wrote:
> Test current time and set+get round trip.
> 
> The set+get test is repeated 4 times.  These cases are
> spread across a single day in an attempt to trigger some potential
> issues regardless of the timezone of the machine running the tests.
> 
> Signed-off-by: Michael Davidsaver 
> ---
>  tests/Makefile.include  |   2 +
>  tests/ds-rtc-i2c-test.c | 193 
> 
>  2 files changed, 195 insertions(+)
>  create mode 100644 tests/ds-rtc-i2c-test.c
[...]
>  tests/q35-test$(EXESUF): tests/q35-test.o $(libqos-pc-obj-y)
> diff --git a/tests/ds-rtc-i2c-test.c b/tests/ds-rtc-i2c-test.c
> new file mode 100644
> index 00..464eb08558
> --- /dev/null
> +++ b/tests/ds-rtc-i2c-test.c
> @@ -0,0 +1,193 @@
> +/* Testing of Dallas/Maxim I2C bus RTC devices
> + *
> + * Copyright (c) 2017 Michael Davidsaver
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2.  See
> + * the LICENSE file in the top-level directory.
> + */
> +#include 
> +
> +#include "qemu/osdep.h"
> +#include "qemu/bcd.h"
> +#include "qemu/cutils.h"
> +#include "qemu/timer.h"
> +#include "libqtest.h"
> +#include "libqos/libqos.h"
> +#include "libqos/i2c.h"
> +
> +#define IMX25_I2C_0_BASE 0x43F8
> +#define DS1338_ADDR 0x68
> +
> +static I2CAdapter *i2c;
> +static uint8_t addr;
> +static bool use_century;
> +
> +static
> +time_t rtc_gettime(void)
> +{
> +struct tm parts;
> +uint8_t buf[7];
> +
> +buf[0] = 0;
> +i2c_send(i2c, addr, buf, 1);
> +i2c_recv(i2c, addr, buf, 7);
> +
> +parts.tm_sec = from_bcd(buf[0]);
> +parts.tm_min = from_bcd(buf[1]);
> +if (buf[2] & 0x40) {
> +/* 12 hour */
> +/* HOUR register is 1-12. */
> +parts.tm_hour = from_bcd(buf[2] & 0x1f);
> +g_assert_cmpuint(parts.tm_hour, >=, 1);
> +g_assert_cmpuint(parts.tm_hour, <=, 12);
> +parts.tm_hour %= 12u; /* wrap 12 -> 0 */
> +if (buf[2] & 0x20) {
> +parts.tm_hour += 12u;
> +}
> +} else {
> +/* 24 hour */
> +parts.tm_hour = from_bcd(buf[2] & 0x3f);
> +}
> +parts.tm_wday = from_bcd(buf[3]);
> +parts.tm_mday = from_bcd(buf[4]);
> +parts.tm_mon =  from_bcd((buf[5] & 0x1f) - 1u);
> +parts.tm_year = from_bcd(buf[6]);
> +if (!use_century || (buf[5] & 0x80)) {
> +parts.tm_year += 100u;
> +}
> +
> +return mktimegm(&parts);
> +}
> +
> +/* read back and compare with current system time */
> +static
> +void test_rtc_current(void)
> +{
> +uint8_t buf;
> +time_t expected, actual;
> +
> +/* magic address to zero RTC time offset
> + * as tests may be run in any order
> + */
> +buf = 0xff;
> +i2c_send(i2c, addr, &buf, 1);

That magic (together with patch 1/5) is IMHO a little bit ugly. I've hit
the same problem with the m48t59 test recently, and I solved it by
moving the qtest_start() and qtest_end() calls from the main() function
into the single tests instead, so that each test starts with a clean state:

https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c29830c90d82f27f

Could you maybe try whether that approach works for your test cases
here, too? Then you could do this without the "0xff" hack here...

> +
> +actual = time(NULL);
> +/* new second may start here */
> +expected = rtc_gettime();
> +g_assert_cmpuint(expected, <=, actual + 1);
> +g_assert_cmpuint(expected, >=, actual);
> +}
> +
> +
> +static uint8_t test_time_24_12am[8] = {
> +0, /* address */
> +/* Wed, 22 Nov 2017 00:30:53 + */
> +0x53,
> +0x30,
> +0x00, /* 12 AM in 24 hour mode */
> +0x03, /* monday is our day 1 */
> +0x22,
> +0x11 | 0x80,
> +0x17,
> +};
> +
> +static uint8_t test_time_24_6am[8] = {
> +0, /* address */
> +/* Wed, 22 Nov 2017 06:30:53 + */
> +0x53,
> +0x30,
> +0x06, /* 6 AM in 24 hour mode */
> +0x03, /* monday is our day 1 */
> +0x22,
> +0x11 | 0x80,
> +0x17,
> +};
> +
> +static uint8_t test_time_24_12pm[8] = {
> +0, /* address */
> +/* Wed, 22 Nov 2017 12:30:53 + */
> +0x53,
> +0x30,
> +0x12, /* 12 PM in 24 hour mode */
> +0x03, /* monday is our day 1 */
> +0x22,
> +0x11 | 0x80,
> +0x17,
> +};
> +
> +static uint8_t test_time_24_6pm[8] = {
> +0, /* address */
> +/* Wed, 22 Nov 2017 18:30:53 + */
> +0x53,
> +0x30,
> +0x18, /* 6 PM in 24 hour mode */
> +0x03, /* monday is our day 1 */
> +0x22,
> +0x11 | 0x80,
> +0x17,
> +};
> +
> +/* write in and read back known time */
> +static
> +void test_rtc_set(const void *raw)
> +{
> +const uint8_t *testtime = raw;
> +uint8_t buf[7];
> +unsigned retry = 2;
> +
> +for (; retry; retry--) {
> +i2c_send(i2c, addr, testtime, 8);
> +/* new second may start here */
> +i2c_send(i2c, addr, testtime, 1);
> +i2c_recv(i2c, addr, buf, 7);
> +
> +if (testti

Re: [Qemu-devel] Qemu SDL2 bug

[Thomas Huth]

On 18.02.2018 11:11, Howard Spoelstra wrote:
> Hi,
> 
> I'd like to report a bug when using the SDL2 GUI in both Linux and
> Windows, which can be observed with in my case latest qemu-system-ppc
> running parallel instances of OSX 10.4 and 10.3.
> 
> After switching back and forth between GUIs, dragging becomes copying,
> keyboard starts using a strange character set.
> An additional "Alt" key press is needed to restore normal behaviour.

 Hi,

how do you switch back and forth between GUIs? Using the mouse or a
keystroke? I guess the latter ... sounds like the Alt key could be
"stuck" in the guest?

 Thomas

[Qemu-devel] [RFC PATCH v0 1/2] pc-dimm: Make pc_dimm_built_list() global

[Bharata B Rao]

Making pc_dimm_built_list() global allows other parts of QEMU code
to build and walk through the DIMM list in address-sorted order.

This is needed in the next patch for sPAPR code to create
ibm,dynamic-memory-v2 device tree property that will have entries
for populated DIMMs as well as available hotpluggable areas.

CHECK: List of DIMMs is already available via qmp_pc_dimm_device_list(),
but that doesn't provide a sorted list.

Signed-off-by: Bharata B Rao 
---
 hw/mem/pc-dimm.c | 2 +-
 include/hw/mem/pc-dimm.h | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
index 6e74b61..9bd61ca 100644
--- a/hw/mem/pc-dimm.c
+++ b/hw/mem/pc-dimm.c
@@ -261,7 +261,7 @@ static gint pc_dimm_addr_sort(gconstpointer a, 
gconstpointer b)
 return 0;
 }
 
-static int pc_dimm_built_list(Object *obj, void *opaque)
+int pc_dimm_built_list(Object *obj, void *opaque)
 {
 GSList **list = opaque;
 
diff --git a/include/hw/mem/pc-dimm.h b/include/hw/mem/pc-dimm.h
index d83b957..d880f5e 100644
--- a/include/hw/mem/pc-dimm.h
+++ b/include/hw/mem/pc-dimm.h
@@ -100,4 +100,5 @@ void pc_dimm_memory_plug(DeviceState *dev, 
MemoryHotplugState *hpms,
  MemoryRegion *mr, uint64_t align, Error **errp);
 void pc_dimm_memory_unplug(DeviceState *dev, MemoryHotplugState *hpms,
MemoryRegion *mr);
+int pc_dimm_built_list(Object *obj, void *opaque);
 #endif
-- 
2.7.4

[Qemu-devel] [RFC PATCH v0 2/2] spapr: Support ibm, dynamic-memory-v2 property

[Bharata B Rao]

The new property ibm,dynamic-memory-v2 allows memory to be represented
in a more compact manner in device tree.

Signed-off-by: Bharata B Rao 
---
 docs/specs/ppc-spapr-hotplug.txt |  19 +++
 hw/ppc/spapr.c   | 254 +--
 include/hw/ppc/spapr.h   |   1 +
 include/hw/ppc/spapr_ovec.h  |   1 +
 4 files changed, 235 insertions(+), 40 deletions(-)

diff --git a/docs/specs/ppc-spapr-hotplug.txt b/docs/specs/ppc-spapr-hotplug.txt
index f57e2a0..cc78331 100644
--- a/docs/specs/ppc-spapr-hotplug.txt
+++ b/docs/specs/ppc-spapr-hotplug.txt
@@ -387,4 +387,23 @@ Each LMB list entry consists of the following elements:
 - A 32bit flags word. The bit at bit position 0x0008 defines whether
   the LMB is assigned to the the partition as of boot time.
 
+ibm,dynamic-memory-v2
+
+This property describes the dynamically reconfigurable memory. This is
+an alternate and newer way to describe dyanamically reconfigurable memory.
+It is a property encoded array that has an integer N (the number of
+LMB set entries) followed by N LMB set entries. There is an LMB set entry
+for each sequential group of LMBs that share common attributes.
+
+Each LMB set entry consists of the following elements:
+
+- Number of sequential LMBs in the entry represented by a 32bit integer.
+- Logical address of the first LMB in the set encoded as a 64bit integer.
+- DRC index of the first LMB in the set.
+- Associativity list index that is used as an index into
+  ibm,associativity-lookup-arrays property described earlier. This
+  is used to retrieve the right associativity list to be used for all
+  the LMBs in this set.
+- A 32bit flags word that applies to all the LMBs in the set.
+
 [1] http://thread.gmane.org/gmane.linux.ports.ppc.embedded/75350/focus=106867
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 83c9d66..e45d127 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -678,64 +678,148 @@ static uint32_t spapr_pc_dimm_node(MemoryDeviceInfoList 
*list, ram_addr_t addr)
 return -1;
 }
 
-/*
- * Adds ibm,dynamic-reconfiguration-memory node.
- * Refer to docs/specs/ppc-spapr-hotplug.txt for the documentation
- * of this device tree node.
- */
-static int spapr_populate_drconf_memory(sPAPRMachineState *spapr, void *fdt)
+struct of_drconf_cell_v2 {
+ uint32_t seq_lmbs;
+ uint64_t base_addr;
+ uint32_t drc_index;
+ uint32_t aa_index;
+ uint32_t flags;
+} __attribute__((packed));
+
+#define SPAPR_DRCONF_CELL_SIZE 6
+
+/* ibm,dynamic-memory-v2 */
+static int spapr_populate_drmem_v2(sPAPRMachineState *spapr, void *fdt,
+   int offset)
 {
-MachineState *machine = MACHINE(spapr);
-int ret, i, offset;
-uint64_t lmb_size = SPAPR_MEMORY_BLOCK_SIZE;
-uint32_t prop_lmb_size[] = {0, cpu_to_be32(lmb_size)};
-uint32_t hotplug_lmb_start = spapr->hotplug_memory.base / lmb_size;
-uint32_t nr_lmbs = (spapr->hotplug_memory.base +
-   memory_region_size(&spapr->hotplug_memory.mr)) /
-   lmb_size;
 uint32_t *int_buf, *cur_index, buf_len;
-int nr_nodes = nb_numa_nodes ? nb_numa_nodes : 1;
-MemoryDeviceInfoList *dimms = NULL;
+int ret;
+uint64_t lmb_size = SPAPR_MEMORY_BLOCK_SIZE;
+uint64_t addr, cur_addr, size;
+uint32_t nr_boot_lmbs = (spapr->hotplug_memory.base / lmb_size);
+uint64_t mem_end = spapr->hotplug_memory.base +
+   memory_region_size(&spapr->hotplug_memory.mr);
+uint32_t node, nr_entries = 0;
+sPAPRDRConnector *drc;
+GSList *list = NULL, *item;
+typedef struct drconf_cell_queue {
+struct of_drconf_cell_v2 cell;
+QSIMPLEQ_ENTRY(drconf_cell_queue) entry;
+} drconf_cell_queue;
+QSIMPLEQ_HEAD(, drconf_cell_queue) drconf_queue
+= QSIMPLEQ_HEAD_INITIALIZER(drconf_queue);
+drconf_cell_queue *elem, *next;
+
+/* Entry to cover RAM and the gap area */
+elem = g_malloc0(sizeof(drconf_cell_queue));
+elem->cell.seq_lmbs = cpu_to_be32(nr_boot_lmbs);
+elem->cell.base_addr = cpu_to_be64(0);
+elem->cell.drc_index = cpu_to_be32(0);
+elem->cell.aa_index = cpu_to_be32(-1);
+elem->cell.flags = cpu_to_be32(SPAPR_LMB_FLAGS_RESERVED |
+   SPAPR_LMB_FLAGS_DRC_INVALID);
+QSIMPLEQ_INSERT_TAIL(&drconf_queue, elem, entry);
+nr_entries++;
+
+object_child_foreach(qdev_get_machine(), pc_dimm_built_list, &list);
+cur_addr = spapr->hotplug_memory.base;
+for (item = list; item; item = g_slist_next(item)) {
+PCDIMMDevice *dimm = item->data;
+
+addr = object_property_get_uint(OBJECT(dimm), PC_DIMM_ADDR_PROP,
+&error_abort);
+size = object_property_get_uint(OBJECT(dimm), PC_DIMM_SIZE_PROP,
+&error_abort);
+node = object_property_get_uint(OBJECT(dimm), PC_DIMM_NODE_PROP,
+&error_abor

[Qemu-devel] [RFC PATCH v0 0/2] Support for ibm,dynamic-memory-v2

[Bharata B Rao]

This is an RFC version of patchset to support the new ibm,dynamic-memory-v2
property which allows the LMB information to be represented in a more
compact form by grouping LMBs into sets.

I have tested it very lightly and observe guest crashes (during reboot)
in a few scenarios. I am still trying to figure out the reason.

Bharata B Rao (2):
  pc-dimm: Make pc_dimm_built_list() global
  spapr: Support ibm,dynamic-memory-v2 property

 docs/specs/ppc-spapr-hotplug.txt |  19 +++
 hw/mem/pc-dimm.c |   2 +-
 hw/ppc/spapr.c   | 254 +--
 include/hw/mem/pc-dimm.h |   1 +
 include/hw/ppc/spapr.h   |   1 +
 include/hw/ppc/spapr_ovec.h  |   1 +
 6 files changed, 237 insertions(+), 41 deletions(-)

-- 
2.7.4

Re: [Qemu-devel] [PATCH v2 3/3] target/ppc: generalize check on radix when in HV mode

[David Gibson]

On Fri, Feb 16, 2018 at 09:45:04AM +0100, Cédric Le Goater wrote:
> On a POWER9 processor, the first doubleword of the partition table
> entry (as pointed to by the PTCR) indicates whether the host uses HPT
> or Radix Tree translation for that partition. Use that bit to check
> for radix mode on pseries and powernv QEMU machines.
> 
> Signed-off-by: Cédric Le Goater 
> ---
>  Changes since v1:
> 
>  - fixed commit log
>  - introduced ppc64_v3_get_patbe0()
>  - renamed ppc64_radix() in ppc64_v3_radix()
>  
>  target/ppc/mmu-book3s-v3.c  | 16 +++-
>  target/ppc/mmu-book3s-v3.h  | 11 +++
>  target/ppc/mmu_helper.c |  4 ++--
>  target/ppc/translate_init.c |  2 +-
>  4 files changed, 21 insertions(+), 12 deletions(-)
> 
> diff --git a/target/ppc/mmu-book3s-v3.c b/target/ppc/mmu-book3s-v3.c
> index b60df4408f3b..9d05e07ef6bd 100644
> --- a/target/ppc/mmu-book3s-v3.c
> +++ b/target/ppc/mmu-book3s-v3.c
> @@ -23,10 +23,24 @@
>  #include "mmu-book3s-v3.h"
>  #include "mmu-radix64.h"
>  
> +bool ppc64_v3_radix(PowerPCCPU *cpu)
> +{
> +CPUPPCState *env = &cpu->env;
> +
> +if (msr_hv) {
> +return ppc64_v3_get_patbe0(cpu) & PATBE0_HR;
> +} else  {
> +PPCVirtualHypervisorClass *vhc =
> +PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
> +
> +return !!(vhc->get_patbe(cpu->vhyp) & PATBE1_GR);
> +}

I think this is backwards.  If cpu->vhyp is set, you should always the
get_patbe() hook, before you go looking at anything else.

This is also wrong if you have a powernv platform but msr_hv is not
set - which is what you'll have once you get to the point of trying to
run guests within an emulated powernv machine.

> +}
> +
>  int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
>int mmu_idx)
>  {
> -if (ppc64_radix_guest(cpu)) { /* Guest uses radix */
> +if (ppc64_v3_radix(cpu)) { /* radix mode */
>  return ppc_radix64_handle_mmu_fault(cpu, eaddr, rwx, mmu_idx);
>  } else { /* Guest uses hash */
>  return ppc_hash64_handle_mmu_fault(cpu, eaddr, rwx, mmu_idx);
> diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> index a7ab580c3140..a12bb1e28b45 100644
> --- a/target/ppc/mmu-book3s-v3.h
> +++ b/target/ppc/mmu-book3s-v3.h
> @@ -29,7 +29,8 @@
>  #define PTCR_PATS   0x001FULL /* Partition Table 
> Size */
>  
>  /* Partition Table Entry Fields */
> -#define PATBE1_GR 0x8000
> +#define PATBE0_HR   PPC_BIT(0)/* 1:Host Radix 0:HPT  
>  */
> +#define PATBE1_GR   PPC_BIT(0)/* 1:Guest Radix 0:HPT 
>  */
>  
>  /* Process Table Entry */
>  struct prtb_entry {
> @@ -43,13 +44,7 @@ static inline bool ppc64_use_proc_tbl(PowerPCCPU *cpu)
>  return !!(cpu->env.spr[SPR_LPCR] & LPCR_UPRT);
>  }
>  
> -static inline bool ppc64_radix_guest(PowerPCCPU *cpu)
> -{
> -PPCVirtualHypervisorClass *vhc =
> -PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
> -
> -return !!(vhc->get_patbe(cpu->vhyp) & PATBE1_GR);
> -}
> +bool ppc64_v3_radix(PowerPCCPU *cpu);
>  
>  int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
>int mmu_idx);
> diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
> index 82e63552f617..81a43982e421 100644
> --- a/target/ppc/mmu_helper.c
> +++ b/target/ppc/mmu_helper.c
> @@ -1285,7 +1285,7 @@ void dump_mmu(FILE *f, fprintf_function cpu_fprintf, 
> CPUPPCState *env)
>  dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
>  break;
>  case POWERPC_MMU_VER_3_00:
> -if (ppc64_radix_guest(ppc_env_get_cpu(env))) {
> +if (ppc64_v3_radix(ppc_env_get_cpu(env))) {
>  /* TODO - Unsupported */
>  } else {
>  dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
> @@ -1431,7 +1431,7 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr 
> addr)
>  case POWERPC_MMU_VER_2_07:
>  return ppc_hash64_get_phys_page_debug(cpu, addr);
>  case POWERPC_MMU_VER_3_00:
> -if (ppc64_radix_guest(ppc_env_get_cpu(env))) {
> +if (ppc64_v3_radix(ppc_env_get_cpu(env))) {
>  return ppc_radix64_get_phys_page_debug(cpu, addr);
>  } else {
>  return ppc_hash64_get_phys_page_debug(cpu, addr);
> diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
> index c998ac2ee405..21d5dcd15386 100644
> --- a/target/ppc/translate_init.c
> +++ b/target/ppc/translate_init.c
> @@ -8967,7 +8967,7 @@ void cpu_ppc_set_papr(PowerPCCPU *cpu, 
> PPCVirtualHypervisor *vhyp)
>   * KVM but not under TCG. Update the default LPCR to keep new
>   * CPUs in sync when radix is enabled.
>   */
> -if (ppc64_radix_guest(cpu)) {
> +if (ppc64_v3_radix(cpu)) {
>  lpcr->default_value |= LPCR_UPRT | LPCR_GTSE;
>  } else {
>  lpcr->default_value &= ~(LPCR_UPRT | LPCR_GTSE);

-- 
David

[Qemu-devel] [PATCH 3/5] timer: generalize Dallas/Maxim RTC i2c devices

[Michael Davidsaver]

Support for: ds1307, ds1337, ds1338, ds1339,
ds1340, ds1375, ds1388, and ds3231.

Tested with ds1338 and ds1375.

The existing ds1338 model has two bugs
with almost no practical impact.

1. Trying to set time in 12-hour mode works,
but the 12 hour mode bit isn't stored.
So time always reads in 24 hour mode.

2. wday_offset is always stored for the
local time zone.  When the RTC is set
and rtc_utc=1 and the local timezone
has a different day than UTC, then
wday_offset will be off by one.

Signed-off-by: Michael Davidsaver 
---
 default-configs/arm-softmmu.mak |   2 +-
 hw/timer/Makefile.objs  |   2 +-
 hw/timer/ds-rtc-i2c.c   | 466 
 hw/timer/ds1338.c   | 248 -
 4 files changed, 468 insertions(+), 250 deletions(-)
 create mode 100644 hw/timer/ds-rtc-i2c.c
 delete mode 100644 hw/timer/ds1338.c

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index ca34cf4462..510a92c9a8 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -31,7 +31,7 @@ CONFIG_SMC91C111=y
 CONFIG_ALLWINNER_EMAC=y
 CONFIG_IMX_FEC=y
 CONFIG_FTGMAC100=y
-CONFIG_DS1338=y
+CONFIG_DSRTCI2C=y
 CONFIG_PFLASH_CFI01=y
 CONFIG_PFLASH_CFI02=y
 CONFIG_MICRODRIVE=y
diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
index 8c19eac3b6..290015ebec 100644
--- a/hw/timer/Makefile.objs
+++ b/hw/timer/Makefile.objs
@@ -3,7 +3,7 @@ common-obj-$(CONFIG_ARM_MPTIMER) += arm_mptimer.o
 common-obj-$(CONFIG_ARM_V7M) += armv7m_systick.o
 common-obj-$(CONFIG_A9_GTIMER) += a9gtimer.o
 common-obj-$(CONFIG_CADENCE) += cadence_ttc.o
-common-obj-$(CONFIG_DS1338) += ds1338.o
+common-obj-$(CONFIG_DSRTCI2C) += ds-rtc-i2c.o
 common-obj-$(CONFIG_HPET) += hpet.o
 common-obj-$(CONFIG_I8254) += i8254_common.o i8254.o
 common-obj-$(CONFIG_M48T59) += m48t59.o
diff --git a/hw/timer/ds-rtc-i2c.c b/hw/timer/ds-rtc-i2c.c
new file mode 100644
index 00..ebe53bbec7
--- /dev/null
+++ b/hw/timer/ds-rtc-i2c.c
@@ -0,0 +1,466 @@
+/* Emulation of various Dallas/Maxim RTCs accessed via I2C bus
+ *
+ * Copyright (c) 2017 Michael Davidsaver
+ * Copyright (c) 2009 CodeSourcery
+ *
+ * Authors: Michael Davidsaver
+ *  Paul Brook
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the LICENSE file in the top-level directory.
+ *
+ * Models real time read/set and NVRAM.
+ * Does not model alarms, or control/status registers.
+ *
+ * Generalized register map is:
+ *   [Current time]
+ *   [Alarm settings] (optional)
+ *   [Control/Status] (optional)
+ *   [Non-volatile memory] (optional)
+ *
+ * The current time registers are almost always the same,
+ * with the exception being that some have a CENTURY bit
+ * in the month register.
+ */
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qemu/timer.h"
+#include "qemu/bcd.h"
+#include "hw/hw.h"
+#include "hw/registerfields.h"
+#include "hw/i2c/i2c.h"
+#include "sysemu/qtest.h"
+#include "qemu/error-report.h"
+
+/* #define DEBUG_DSRTC */
+
+#ifdef DEBUG_DSRTC
+#define DPRINTK(FMT, ...) info_report(TYPE_DSRTC " : " FMT, ## __VA_ARGS__)
+#else
+#define DPRINTK(FMT, ...) do {} while (0)
+#endif
+
+#define LOG(MSK, FMT, ...) qemu_log_mask(MSK, TYPE_DSRTC " : " FMT "\n", \
+## __VA_ARGS__)
+
+#define DSRTC_REGSIZE (0x40)
+
+/* values stored in BCD */
+/* 00-59 */
+#define R_SEC   (0x0)
+/* 00-59 */
+#define R_MIN   (0x1)
+#define R_HOUR  (0x2)
+/* 1-7 */
+#define R_WDAY  (0x3)
+/* 0-31 */
+#define R_DATE  (0x4)
+#define R_MONTH (0x5)
+/* 0-99 */
+#define R_YEAR  (0x6)
+
+/* use 12 hour mode when set */
+FIELD(HOUR, SET12, 6, 1)
+/* 00-23 */
+FIELD(HOUR, HOUR24, 0, 6)
+FIELD(HOUR, AMPM, 5, 1)
+/* 1-12 (not 0-11!) */
+FIELD(HOUR, HOUR12, 0, 5)
+
+/* 1-12 */
+FIELD(MONTH, MONTH, 0, 5)
+FIELD(MONTH, CENTURY, 7, 1)
+
+typedef struct DSRTCInfo {
+/* if bit 7 of the Month register is set after Y2K */
+bool has_century;
+/* address of first non-volatile memory cell.
+ * nv_start >= reg_end means no NV memory.
+ */
+uint8_t nv_start;
+/* total size of register range.  When address counter rolls over. */
+uint8_t reg_size;
+} DSRTCInfo;
+
+typedef struct DSRTCState {
+I2CSlave parent_obj;
+
+const DSRTCInfo *info;
+
+qemu_irq alarm_irq;
+
+/* register address counter */
+uint8_t addr;
+/* when writing, whether the address has been sent */
+bool addrd;
+
+int64_t time_offset;
+int8_t wday_offset;
+
+uint8_t regs[DSRTC_REGSIZE];
+} DSRTCState;
+
+typedef struct DSRTCClass {
+I2CSlaveClass parent_class;
+
+const DSRTCInfo *info;
+} DSRTCClass;
+
+#define TYPE_DSRTC "ds-rtc-i2c"
+#define DSRTC(obj) OBJECT_CHECK(DSRTCState, (obj), TYPE_DSRTC)
+#define DSRTC_GET_CLASS(obj) \
+OBJECT_GET_CLASS(DSRTCClass, obj, TYPE_DSRTC)
+#define DSRTC_CLASS(klass) \
+OBJECT_CLASS_CHECK(DSRTCClass, klass, TYPE_DSRTC)
+
+static const VMStateDescription vmstate_dsrtc = {
+

[Qemu-devel] [PATCH 5/5] tests: drop ds1338-test

[Michael Davidsaver]

Now redundant to ds-rtc-i2c-test.

Signed-off-by: Michael Davidsaver 
---
 tests/Makefile.include |  2 --
 tests/ds1338-test.c| 75 --
 2 files changed, 77 deletions(-)
 delete mode 100644 tests/ds1338-test.c

diff --git a/tests/Makefile.include b/tests/Makefile.include
index f5dcd274e0..8b1e486e32 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -359,7 +359,6 @@ check-qtest-sparc64-y += tests/prom-env-test$(EXESUF)
 check-qtest-sparc64-y += tests/boot-serial-test$(EXESUF)
 
 check-qtest-arm-y = tests/tmp105-test$(EXESUF)
-check-qtest-arm-y += tests/ds1338-test$(EXESUF)
 check-qtest-arm-y += tests/ds-rtc-i2c-test$(EXESUF)
 check-qtest-arm-y += tests/m25p80-test$(EXESUF)
 gcov-files-arm-y += hw/misc/tmp105.c
@@ -764,7 +763,6 @@ tests/bios-tables-test$(EXESUF): tests/bios-tables-test.o \
tests/boot-sector.o tests/acpi-utils.o $(libqos-obj-y)
 tests/pxe-test$(EXESUF): tests/pxe-test.o tests/boot-sector.o $(libqos-obj-y)
 tests/tmp105-test$(EXESUF): tests/tmp105-test.o $(libqos-omap-obj-y)
-tests/ds1338-test$(EXESUF): tests/ds1338-test.o $(libqos-imx-obj-y)
 tests/ds-rtc-i2c-test$(EXESUF): tests/ds-rtc-i2c-test.o $(libqos-imx-obj-y)
 tests/m25p80-test$(EXESUF): tests/m25p80-test.o
 tests/i440fx-test$(EXESUF): tests/i440fx-test.o $(libqos-pc-obj-y)
diff --git a/tests/ds1338-test.c b/tests/ds1338-test.c
deleted file mode 100644
index 742dad9113..00
--- a/tests/ds1338-test.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * QTest testcase for the DS1338 RTC
- *
- * Copyright (c) 2013 Jean-Christophe Dubois
- *
- *  This program is free software; you can redistribute it and/or modify it
- *  under the terms of the GNU General Public License as published by the
- *  Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful, but WITHOUT
- *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- *  for more details.
- *
- *  You should have received a copy of the GNU General Public License along
- *  with this program; if not, see .
- */
-
-#include "qemu/osdep.h"
-#include "libqtest.h"
-#include "libqos/i2c.h"
-
-#define IMX25_I2C_0_BASE 0x43F8
-
-#define DS1338_ADDR 0x68
-
-static I2CAdapter *i2c;
-static uint8_t addr;
-
-static inline uint8_t bcd2bin(uint8_t x)
-{
-return ((x) & 0x0f) + ((x) >> 4) * 10;
-}
-
-static void send_and_receive(void)
-{
-uint8_t cmd[1];
-uint8_t resp[7];
-time_t now = time(NULL);
-struct tm *tm_ptr = gmtime(&now);
-
-/* reset the index in the RTC memory */
-cmd[0] = 0;
-i2c_send(i2c, addr, cmd, 1);
-
-/* retrieve the date */
-i2c_recv(i2c, addr, resp, 7);
-
-/* check retrieved time againt local time */
-g_assert_cmpuint(bcd2bin(resp[4]), == , tm_ptr->tm_mday);
-g_assert_cmpuint(bcd2bin(resp[5]), == , 1 + tm_ptr->tm_mon);
-g_assert_cmpuint(2000 + bcd2bin(resp[6]), == , 1900 + tm_ptr->tm_year);
-}
-
-int main(int argc, char **argv)
-{
-QTestState *s = NULL;
-int ret;
-
-g_test_init(&argc, &argv, NULL);
-
-s = qtest_start("-display none -machine imx25-pdk");
-i2c = imx_i2c_create(s, IMX25_I2C_0_BASE);
-addr = DS1338_ADDR;
-
-qtest_add_func("/ds1338/tx-rx", send_and_receive);
-
-ret = g_test_run();
-
-qtest_quit(s);
-g_free(i2c);
-
-return ret;
-}
-- 
2.11.0

[Qemu-devel] [PATCH 1/5] timer: ds1338 add magic reset for test code

[Michael Davidsaver]

When running w/ QTest, allow the tester
to reliably zero time offsets.
Allows tests to read the current time,
and set time, independent of test order.

Signed-off-by: Michael Davidsaver 
---
 hw/timer/ds1338.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/hw/timer/ds1338.c b/hw/timer/ds1338.c
index 3849b74a68..41c2d7dac6 100644
--- a/hw/timer/ds1338.c
+++ b/hw/timer/ds1338.c
@@ -14,6 +14,7 @@
 #include "qemu-common.h"
 #include "hw/i2c/i2c.h"
 #include "qemu/bcd.h"
+#include "sysemu/qtest.h"
 
 /* Size of NVRAM including both the user-accessible area and the
  * secondary register area.
@@ -132,6 +133,14 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data)
 DS1338State *s = DS1338(i2c);
 
 if (s->addr_byte) {
+if (data == 0xff && qtest_enabled()) {
+/* magic, out of bounds, address to allow test code
+ * to reset offset
+ */
+s->offset = 0;
+s->wday_offset = 0;
+return 0;
+}
 s->ptr = data & (NVRAM_SIZE - 1);
 s->addr_byte = false;
 return 0;
-- 
2.11.0

[Qemu-devel] [PATCH 2/5] tests: more thorough test of ds1338

[Michael Davidsaver]

Test current time and set+get round trip.

The set+get test is repeated 4 times.  These cases are
spread across a single day in an attempt to trigger some potential
issues regardless of the timezone of the machine running the tests.

Signed-off-by: Michael Davidsaver 
---
 tests/Makefile.include  |   2 +
 tests/ds-rtc-i2c-test.c | 193 
 2 files changed, 195 insertions(+)
 create mode 100644 tests/ds-rtc-i2c-test.c

diff --git a/tests/Makefile.include b/tests/Makefile.include
index a1bcbffe12..f5dcd274e0 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -360,6 +360,7 @@ check-qtest-sparc64-y += tests/boot-serial-test$(EXESUF)
 
 check-qtest-arm-y = tests/tmp105-test$(EXESUF)
 check-qtest-arm-y += tests/ds1338-test$(EXESUF)
+check-qtest-arm-y += tests/ds-rtc-i2c-test$(EXESUF)
 check-qtest-arm-y += tests/m25p80-test$(EXESUF)
 gcov-files-arm-y += hw/misc/tmp105.c
 check-qtest-arm-y += tests/virtio-blk-test$(EXESUF)
@@ -764,6 +765,7 @@ tests/bios-tables-test$(EXESUF): tests/bios-tables-test.o \
 tests/pxe-test$(EXESUF): tests/pxe-test.o tests/boot-sector.o $(libqos-obj-y)
 tests/tmp105-test$(EXESUF): tests/tmp105-test.o $(libqos-omap-obj-y)
 tests/ds1338-test$(EXESUF): tests/ds1338-test.o $(libqos-imx-obj-y)
+tests/ds-rtc-i2c-test$(EXESUF): tests/ds-rtc-i2c-test.o $(libqos-imx-obj-y)
 tests/m25p80-test$(EXESUF): tests/m25p80-test.o
 tests/i440fx-test$(EXESUF): tests/i440fx-test.o $(libqos-pc-obj-y)
 tests/q35-test$(EXESUF): tests/q35-test.o $(libqos-pc-obj-y)
diff --git a/tests/ds-rtc-i2c-test.c b/tests/ds-rtc-i2c-test.c
new file mode 100644
index 00..464eb08558
--- /dev/null
+++ b/tests/ds-rtc-i2c-test.c
@@ -0,0 +1,193 @@
+/* Testing of Dallas/Maxim I2C bus RTC devices
+ *
+ * Copyright (c) 2017 Michael Davidsaver
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the LICENSE file in the top-level directory.
+ */
+#include 
+
+#include "qemu/osdep.h"
+#include "qemu/bcd.h"
+#include "qemu/cutils.h"
+#include "qemu/timer.h"
+#include "libqtest.h"
+#include "libqos/libqos.h"
+#include "libqos/i2c.h"
+
+#define IMX25_I2C_0_BASE 0x43F8
+#define DS1338_ADDR 0x68
+
+static I2CAdapter *i2c;
+static uint8_t addr;
+static bool use_century;
+
+static
+time_t rtc_gettime(void)
+{
+struct tm parts;
+uint8_t buf[7];
+
+buf[0] = 0;
+i2c_send(i2c, addr, buf, 1);
+i2c_recv(i2c, addr, buf, 7);
+
+parts.tm_sec = from_bcd(buf[0]);
+parts.tm_min = from_bcd(buf[1]);
+if (buf[2] & 0x40) {
+/* 12 hour */
+/* HOUR register is 1-12. */
+parts.tm_hour = from_bcd(buf[2] & 0x1f);
+g_assert_cmpuint(parts.tm_hour, >=, 1);
+g_assert_cmpuint(parts.tm_hour, <=, 12);
+parts.tm_hour %= 12u; /* wrap 12 -> 0 */
+if (buf[2] & 0x20) {
+parts.tm_hour += 12u;
+}
+} else {
+/* 24 hour */
+parts.tm_hour = from_bcd(buf[2] & 0x3f);
+}
+parts.tm_wday = from_bcd(buf[3]);
+parts.tm_mday = from_bcd(buf[4]);
+parts.tm_mon =  from_bcd((buf[5] & 0x1f) - 1u);
+parts.tm_year = from_bcd(buf[6]);
+if (!use_century || (buf[5] & 0x80)) {
+parts.tm_year += 100u;
+}
+
+return mktimegm(&parts);
+}
+
+/* read back and compare with current system time */
+static
+void test_rtc_current(void)
+{
+uint8_t buf;
+time_t expected, actual;
+
+/* magic address to zero RTC time offset
+ * as tests may be run in any order
+ */
+buf = 0xff;
+i2c_send(i2c, addr, &buf, 1);
+
+actual = time(NULL);
+/* new second may start here */
+expected = rtc_gettime();
+g_assert_cmpuint(expected, <=, actual + 1);
+g_assert_cmpuint(expected, >=, actual);
+}
+
+
+static uint8_t test_time_24_12am[8] = {
+0, /* address */
+/* Wed, 22 Nov 2017 00:30:53 + */
+0x53,
+0x30,
+0x00, /* 12 AM in 24 hour mode */
+0x03, /* monday is our day 1 */
+0x22,
+0x11 | 0x80,
+0x17,
+};
+
+static uint8_t test_time_24_6am[8] = {
+0, /* address */
+/* Wed, 22 Nov 2017 06:30:53 + */
+0x53,
+0x30,
+0x06, /* 6 AM in 24 hour mode */
+0x03, /* monday is our day 1 */
+0x22,
+0x11 | 0x80,
+0x17,
+};
+
+static uint8_t test_time_24_12pm[8] = {
+0, /* address */
+/* Wed, 22 Nov 2017 12:30:53 + */
+0x53,
+0x30,
+0x12, /* 12 PM in 24 hour mode */
+0x03, /* monday is our day 1 */
+0x22,
+0x11 | 0x80,
+0x17,
+};
+
+static uint8_t test_time_24_6pm[8] = {
+0, /* address */
+/* Wed, 22 Nov 2017 18:30:53 + */
+0x53,
+0x30,
+0x18, /* 6 PM in 24 hour mode */
+0x03, /* monday is our day 1 */
+0x22,
+0x11 | 0x80,
+0x17,
+};
+
+/* write in and read back known time */
+static
+void test_rtc_set(const void *raw)
+{
+const uint8_t *testtime = raw;
+uint8_t buf[7];
+unsigned retry = 2;
+
+for (; retry; retry--) {
+i2c_send(i2c, addr, testtime, 8);
+ 

[Qemu-devel] [PATCH 0/5] Generalize Dallas/Maxim I2C RTC devices

[Michael Davidsaver]

These changes previously appeared as part of a series "Add MVME3100 PPC SBC v2"
back in November.  David Gibson, who looked that that series, suggested getting
this reviewed separately.  There doesn't appear to be a listed maintainer
for this code, so I'm addressing this to the 3 people who have made more than
cosmetic changes to it.  The most recent of these was in 2012.

This series replaces the ds1338 RTC with a model covering a number of these
similar chips: ds1307, ds1337, ds1338, ds1339, ds1340, ds1375, ds1388,
and ds3231.

The limits of the new model are the same as the old.  Only the time of day
registers, and NVRAM are modeled.  The alarm and control registers are not.

I've added a more thorough test of the time of day function, covering
reading and setting in both 12 and 24 hour mode.  In the process
I found two minor issues with the ds1338 model.  These are described in the
commit message for #3.  So this series first adds those tests which pass with
both old and new model.  Then later adds some additional tests which only
pass with the new model.


Michael Davidsaver (5):
  timer: ds1338 add magic reset for test code
  tests: more thorough test of ds1338
  timer: generalize Dallas/Maxim RTC i2c devices
  tests: ds-rtc-i2c-test test 12 hour mode and DoW
  tests: drop ds1338-test

 default-configs/arm-softmmu.mak |   2 +-
 hw/timer/Makefile.objs  |   2 +-
 hw/timer/ds-rtc-i2c.c   | 466 
 hw/timer/ds1338.c   | 239 -
 tests/Makefile.include  |   4 +-
 tests/ds-rtc-i2c-test.c | 245 +
 tests/ds1338-test.c |  75 ---
 7 files changed, 715 insertions(+), 318 deletions(-)
 create mode 100644 hw/timer/ds-rtc-i2c.c
 delete mode 100644 hw/timer/ds1338.c
 create mode 100644 tests/ds-rtc-i2c-test.c
 delete mode 100644 tests/ds1338-test.c

-- 
2.11.0

[Qemu-devel] [PATCH 4/5] tests: ds-rtc-i2c-test test 12 hour mode and DoW

[Michael Davidsaver]

Test time set+get in 12 hour mode.
Also test handling of day of week
offset.

Signed-off-by: Michael Davidsaver 
---
 tests/ds-rtc-i2c-test.c | 54 -
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/tests/ds-rtc-i2c-test.c b/tests/ds-rtc-i2c-test.c
index 464eb08558..226ac1399e 100644
--- a/tests/ds-rtc-i2c-test.c
+++ b/tests/ds-rtc-i2c-test.c
@@ -92,6 +92,18 @@ static uint8_t test_time_24_12am[8] = {
 0x17,
 };
 
+static uint8_t test_time_12_12am[8] = {
+0, /* address */
+/* Wed, 22 Nov 2017 00:30:53 + */
+0x53,
+0x30,
+0x52, /* 12 AM in 12 hour mode */
+0x03, /* monday is our day 1 */
+0x22,
+0x11 | 0x80,
+0x17,
+};
+
 static uint8_t test_time_24_6am[8] = {
 0, /* address */
 /* Wed, 22 Nov 2017 06:30:53 + */
@@ -104,6 +116,18 @@ static uint8_t test_time_24_6am[8] = {
 0x17,
 };
 
+static uint8_t test_time_12_6am[8] = {
+0, /* address */
+/* Wed, 22 Nov 2017 06:30:53 + */
+0x53,
+0x30,
+0x46, /* 6 AM in 12 hour mode */
+0x03, /* monday is our day 1 */
+0x22,
+0x11 | 0x80,
+0x17,
+};
+
 static uint8_t test_time_24_12pm[8] = {
 0, /* address */
 /* Wed, 22 Nov 2017 12:30:53 + */
@@ -116,6 +140,18 @@ static uint8_t test_time_24_12pm[8] = {
 0x17,
 };
 
+static uint8_t test_time_12_12pm[8] = {
+0, /* address */
+/* Wed, 22 Nov 2017 12:30:53 + */
+0x53,
+0x30,
+0x72, /* 12 PM in 24 hour mode */
+0x03, /* monday is our day 1 */
+0x22,
+0x11 | 0x80,
+0x17,
+};
+
 static uint8_t test_time_24_6pm[8] = {
 0, /* address */
 /* Wed, 22 Nov 2017 18:30:53 + */
@@ -128,6 +164,18 @@ static uint8_t test_time_24_6pm[8] = {
 0x17,
 };
 
+static uint8_t test_time_12_6pm[8] = {
+0, /* address */
+/* Wed, 22 Nov 2017 18:30:53 + */
+0x53,
+0x30,
+0x66, /* 6 PM in 12 hour mode */
+0x03, /* monday is our day 1 */
+0x22,
+0x11 | 0x80,
+0x17,
+};
+
 /* write in and read back known time */
 static
 void test_rtc_set(const void *raw)
@@ -151,7 +199,7 @@ void test_rtc_set(const void *raw)
 g_assert_cmpuint(testtime[1], ==, buf[0]); /* SEC */
 g_assert_cmpuint(testtime[2], ==, buf[1]); /* MIN */
 g_assert_cmpuint(testtime[3], ==, buf[2]); /* HOUR */
-/* skip comparing Day of Week.  Not handled correctly */
+g_assert_cmpuint(testtime[4], ==, buf[3]); /* DoW */
 g_assert_cmpuint(testtime[5], ==, buf[4]); /* DoM */
 if (use_century) {
 g_assert_cmpuint(testtime[6], ==, buf[5]); /* MON+century */
@@ -183,6 +231,10 @@ int main(int argc, char *argv[])
 qtest_add_data_func("/ds-rtc-i2c/set24_6am", test_time_24_6am, 
test_rtc_set);
 qtest_add_data_func("/ds-rtc-i2c/set24_12pm", test_time_24_12pm, 
test_rtc_set);
 qtest_add_data_func("/ds-rtc-i2c/set24_6pm", test_time_24_6pm, 
test_rtc_set);
+qtest_add_data_func("/ds-rtc-i2c/set12_12am", test_time_12_12am, 
test_rtc_set);
+qtest_add_data_func("/ds-rtc-i2c/set12_6am", test_time_12_6am, 
test_rtc_set);
+qtest_add_data_func("/ds-rtc-i2c/set12_12pm", test_time_12_12pm, 
test_rtc_set);
+qtest_add_data_func("/ds-rtc-i2c/set12_6pm", test_time_12_6pm, 
test_rtc_set);
 qtest_add_func("/ds-rtc-i2c/current", test_rtc_current);
 
 ret = g_test_run();
-- 
2.11.0

Re: [Qemu-devel] [PATCH qemu v7 2/4] vfio/pci: Relax DMA map errors for MMIO regions

[Alexey Kardashevskiy]

On 16/02/18 16:28, David Gibson wrote:
> On Wed, Feb 14, 2018 at 08:55:41AM -0700, Alex Williamson wrote:
>> On Wed, 14 Feb 2018 19:09:16 +1100
>> Alexey Kardashevskiy  wrote:
>>
>>> On 14/02/18 12:33, David Gibson wrote:
 On Tue, Feb 13, 2018 at 07:20:56PM +1100, Alexey Kardashevskiy wrote:  
> On 13/02/18 16:41, David Gibson wrote:  
>> On Tue, Feb 13, 2018 at 04:36:30PM +1100, David Gibson wrote:  
>>> On Tue, Feb 13, 2018 at 12:15:52PM +1100, Alexey Kardashevskiy wrote:  
 On 13/02/18 03:06, Alex Williamson wrote:  
> On Mon, 12 Feb 2018 18:05:54 +1100
> Alexey Kardashevskiy  wrote:
>  
>> On 12/02/18 16:19, David Gibson wrote:  
>>> On Fri, Feb 09, 2018 at 06:55:01PM +1100, Alexey Kardashevskiy 
>>> wrote:
 At the moment if vfio_memory_listener is registered in the system 
 memory
 address space, it maps/unmaps every RAM memory region for DMA.
 It expects system page size aligned memory sections so vfio_dma_map
 would not fail and so far this has been the case. A mapping failure
 would be fatal. A side effect of such behavior is that some MMIO 
 pages
 would not be mapped silently.

 However we are going to change MSIX BAR handling so we will end 
 having
 non-aligned sections in vfio_memory_listener (more details is in
 the next patch) and vfio_dma_map will exit QEMU.

 In order to avoid fatal failures on what previously was not a 
 failure and
 was just silently ignored, this checks the section alignment to
 the smallest supported IOMMU page size and prints an error if not 
 aligned;
 it also prints an error if vfio_dma_map failed despite the page 
 size check.
 Both errors are not fatal; only MMIO RAM regions are checked
 (aka "RAM device" regions).

 If the amount of errors printed is overwhelming, the MSIX 
 relocation
 could be used to avoid excessive error output.

 This is unlikely to cause any behavioral change.

 Signed-off-by: Alexey Kardashevskiy 
>>>
>>> There are some relatively superficial problems noted below.
>>>
>>> But more fundamentally, this feels like it's extending an existing
>>> hack past the point of usefulness.
>>>
>>> The explicit check for is_ram_device() here has always bothered me -
>>> it's not like a real bus bridge magically knows whether a target
>>> address maps to RAM or not.
>>>
>>> What I think is really going on is that even for systems without an
>>> IOMMU, it's not really true to say that the PCI address space maps
>>> directly onto address_space_memory.  Instead, there's a large, but
>>> much less than 2^64 sized, "upstream window" at address 0 on the PCI
>>> bus, which is identity mapped to the system bus.  Details will vary
>>> with the system, but in practice we expect nothing but RAM to be in
>>> that window.  Addresses not within that window won't be mapped to 
>>> the
>>> system bus but will just be broadcast on the PCI bus and might be
>>> picked up as a p2p transaction.
>>
>> Currently this p2p works only via the IOMMU, direct p2p is not 
>> possible as
>> the guest needs to know physical MMIO addresses to make p2p work and 
>> it
>> does not.  
>
> /me points to the Direct Translated P2P section of the ACS spec, 
> though
> it's as prone to spoofing by the device as ATS.  In any case, p2p
> reflected from the IOMMU is still p2p and offloads the CPU even if
> bandwidth suffers vs bare metal depending on if the data doubles back
> over any links.  Thanks,  

 Sure, I was just saying that p2p via IOMMU won't be as simple as 
 broadcast
 on the PCI bus, IOMMU needs to be programmed in advance to make this 
 work,
 and current that broadcast won't work for the passed through devices.  
>>>
>>> Well, sure, p2p in a guest with passthrough devices clearly needs to
>>> be translated through the IOMMU (and p2p from a passthrough to an
>>> emulated device is essentially impossible).
>>>
>>> But.. what does that have to do with this code.  This is the memory
>>> area watcher, looking for memory regions being mapped directly into
>>> the PCI space.  NOT IOMMU regions, since those are handled separately
>>> by wiring up the IOMMU notifier.  This will only trigger if RAM-like,
>>> non-RAM regions are put into PCI space *not* behind an IOMMMU.  
>>
>> Duh, sorry, re

[Qemu-devel] [PATCH v2] linux-user: Support f_flags in statfs when available.

[Shea Levy]

Signed-off-by: Shea Levy 
---
 configure | 20 ++
 linux-user/syscall.c  |  3 +++
 linux-user/syscall_defs.h | 53 +++
 3 files changed, 76 insertions(+)

diff --git a/configure b/configure
index 913e14839d..52fe2bf941 100755
--- a/configure
+++ b/configure
@@ -5303,6 +5303,22 @@ if compile_prog "" "" ; then
 have_utmpx=yes
 fi
 
+##
+# Check for newer fields of struct statfs on Linux
+
+if test "$linux_user" = "yes"; then
+  cat > $TMPC <
+
+int main(void) {
+  struct statfs fs;
+  fs.f_flags = 0;
+}
+EOF
+  if compile_object ; then
+  have_statfs_flags=yes
+  fi
+fi
 ##
 # checks for sanitizers
 
@@ -6518,6 +6534,10 @@ if test "$have_utmpx" = "yes" ; then
   echo "HAVE_UTMPX=y" >> $config_host_mak
 fi
 
+if test "$have_statfs_flags" = "yes" ; then
+  echo "HAVE_STATFS_FLAGS=y" >> $config_host_mak
+fi
+
 if test "$ivshmem" = "yes" ; then
   echo "CONFIG_IVSHMEM=y" >> $config_host_mak
 fi
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 82b35a6bdf..77481eca2c 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9534,6 +9534,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
 __put_user(stfs.f_namelen, &target_stfs->f_namelen);
 __put_user(stfs.f_frsize, &target_stfs->f_frsize);
+#ifdef HAVE_STATFS_FLAGS
+__put_user(stfs.f_flags, &target_stfs->f_flags);
+#endif
 memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
 unlock_user_struct(target_stfs, arg2, 1);
 }
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index a35c52a60a..64aa49d3c5 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -362,7 +362,14 @@ struct kernel_statfs {
int f_ffree;
 kernel_fsid_t f_fsid;
int f_namelen;
+#ifdef HAVE_STATFS_FLAGS
+   int f_frsize;
+   int f_flags;
+   int f_spare[4];
+#else
int f_spare[6];
+#endif
+
 };
 
 struct target_dirent {
@@ -2223,7 +2230,12 @@ struct target_statfs {
/* Linux specials */
target_fsid_t   f_fsid;
int32_t f_namelen;
+#ifdef HAVE_STATFS_FLAGS
+   int32_t f_flags;
+   int32_t f_spare[5];
+#else
int32_t f_spare[6];
+#endif
 };
 #else
 struct target_statfs {
@@ -2239,7 +2251,12 @@ struct target_statfs {
/* Linux specials */
target_fsid_t   f_fsid;
abi_longf_namelen;
+#ifdef HAVE_STATFS_FLAGS
+   abi_longf_flags;
+   abi_longf_spare[5];
+#else
abi_longf_spare[6];
+#endif
 };
 #endif
 
@@ -2255,7 +2272,12 @@ struct target_statfs64 {
uint64_tf_bavail;
target_fsid_t   f_fsid;
uint32_tf_namelen;
+#ifdef HAVE_STATFS_FLAGS
+   uint32_tf_flags;
+   uint32_tf_spare[5];
+#else
uint32_tf_spare[6];
+#endif
 };
 #elif (defined(TARGET_PPC64) || defined(TARGET_X86_64) || \
defined(TARGET_SPARC64) || defined(TARGET_AARCH64)) && \
@@ -2271,7 +2293,12 @@ struct target_statfs {
target_fsid_t f_fsid;
abi_long f_namelen;
abi_long f_frsize;
+#ifdef HAVE_STATFS_FLAGS
+   abi_long f_flags;
+   abi_long f_spare[4];
+#else
abi_long f_spare[5];
+#endif
 };
 
 struct target_statfs64 {
@@ -2285,7 +2312,12 @@ struct target_statfs64 {
target_fsid_t f_fsid;
abi_long f_namelen;
abi_long f_frsize;
+#ifdef HAVE_STATFS_FLAGS
+   abi_long f_flags;
+   abi_long f_spare[4];
+#else
abi_long f_spare[5];
+#endif
 };
 #elif defined(TARGET_S390X)
 struct target_statfs {
@@ -2299,7 +2331,13 @@ struct target_statfs {
 kernel_fsid_t f_fsid;
 int32_t  f_namelen;
 int32_t  f_frsize;
+#ifdef HAVE_STATFS_FLAGS
+int32_t  f_flags;
+int32_t  f_spare[4];
+#else
 int32_t  f_spare[5];
+#endif
+
 };
 
 struct target_statfs64 {
@@ -2313,7 +2351,12 @@ struct target_statfs64 {
 kernel_fsid_t f_fsid;
 int32_t  f_namelen;
 int32_t  f_frsize;
+#ifdef HAVE_STATFS_FLAGS
+int32_t  f_flags;
+int32_t  f_spare[4];
+#else
 int32_t  f_spare[5];
+#endif
 };
 #else
 struct target_statfs {
@@ -2327,7 +2370,12 @@ struct target_statfs {
target_fsid_t f_fsid;
uint32_t f_namelen;
uint32_t f_frsize;
+#ifdef HAVE_STATFS_FLAGS
+   uint32_t f_flags;
+   uint32_t f_spare[4];
+#else
uint32_t f_spare[5];
+#endif
 };
 
 struct target_statfs64 {
@@ -2341,7 +2389,12 @@ struct target_statfs64 {
target_fsid_t f_fsid;
 uint32_t f_namelen;
uint32_t f_frsize;
+#ifdef HAVE_STATFS_FLAGS
+   uint32_t f_flags;
+   uint32_t f_spare[4];
+#else
uint32_t f_

Re: [Qemu-devel] [Qemu-ppc] [PATCH v2 0/3] Sam460ex emulation

[David Gibson]

On Sat, Feb 17, 2018 at 12:07:34AM +0100, Thomas Huth wrote:
> On 16.02.2018 11:55, BALATON Zoltan wrote:
> > On Fri, 16 Feb 2018, Thomas Huth wrote:
> >> On 15.02.2018 22:27, BALATON Zoltan wrote:
> >>> Remaining patches for Sam460ex emulation. The original cover letter
> >>> with more details is here:
> >>>
> >>> http://lists.nongnu.org/archive/html/qemu-ppc/2017-08/msg00112.html
> >>>
> >>> We'll need to also add binaries for firmware (customised u-boot
> >>> version) and dtb but I'm not sure how to submit those.
> >>
> >> For the dtb, I think you could simply provide a patch that adds the dts
> >> file to the pc-bios directory and another one that adds the dtb. Just
> >> like it is already done with pc-bios/bamboo.dts / pc-bios/bamboo.dtb.
> > 
> > OK thanks, I'll do that. Does it have to be two separate patches?
> 
> I don't think so, I just thought that would be cleaner ... but one patch
> should be fine, too, I guess. David?

I'd actually prefer them both in one patch.

> 
> >> For u-boot, can you use the same upstream level as e500 ? I.e. check
> >> whether "git submodule status roms/u-boot" is fine for you? If that's
> >> ok, just do a "git submodule update roms/u-boot" and build uboot from
> >> that directory - you then can submit a binary patch with that file for
> >> pc-bios, too.
> >>
> >> In case you need another u-boot version, I think you've got to update
> >> the submodule to the newer upstream version first, and then also rebuild
> >> the e500 binary... Cumbersome, but that's necessary since we've got to
> >> ship the u-boot sources in the QEMU release tarballs, too, to be
> >> compliant with the GPL.
> > 
> > Unfortunately we can't use the same u-boot as e500 because this board
> > uses a forked and patched version which is not in upstream u-boot and
> > upstream u-boot has even dropped support for this CPU in latest version
> > so we actually need an older version (with patches) and not a newer one.
> 
> That's very unfortunate ... any chance that you could try to get that
> CPU activated in upstream u-boot again and get the patches included there?
> 
> > Therefore, it needs to be a binary built from a separate source so I
> > think a new submodule will need to be added for this. How to do that?
> > Where to host this git repo? Should I put it on github and refer to that
> > as an external repo or should it be hosted in qemu repo somehow?
> 
> No clue ... adding Stefan and Jeff to CC:, maybe they can recommend
> something here.
> 
>  Thomas
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-ppc] [PATCH v2 3/3] ppc: Add aCube Sam460ex board

[David Gibson]

On Sun, Feb 18, 2018 at 12:48:27AM +0100, BALATON Zoltan wrote:
> On Fri, 16 Feb 2018, BALATON Zoltan wrote:
> > On Fri, 16 Feb 2018, David Gibson wrote:
> > > On Thu, Feb 15, 2018 at 10:27:06PM +0100, BALATON Zoltan wrote:
> > > > Add emulation of aCube Sam460ex board based on AMCC 460EX embedded SoC.
> > > > This is not a complete implementation yet with a lot of components
> > > > still missing but enough for the U-Boot firmware to start and to boot
> > > > a Linux kernel or AROS.
> > > > 
> > > > Signed-off-by: François Revol 
> > > > Signed-off-by: BALATON Zoltan 
> > > > ---
> > > > 
> > > > v2:
> > > > - Rebased to latest changes on master
> > > > - Replaced printfs with error_report
> > > 
> > > This has a conflict in hw/ppc/Makefile.objs.  Looks like it was based
> > > on some other patch that added ppc440_pcix.o.  That's not there
> > > upstream.
> > 
> > That's patch 2/3 of this series. Have you missed that?
> 
> I've sent a v3 for this patch (3/3) now:
> 
> http://lists.nongnu.org/archive/html/qemu-devel/2018-02/msg04774.html
> 
> which includes the dts and dtb as well (I'll send a separate patch for the
> firmware after we agree on how to best do that). The missing 2/3 of the v2
> series is still valid and needed before this new patch:
> 
> http://lists.nongnu.org/archive/html/qemu-devel/2018-02/msg04259.html
> 
> The v3 is only replacing 3/3 of the previous series. Hope this is not too
> confusing.

Uh.. it's a bit awkward.  Especially since I do seem to have someone
mislaid the earlier 2/3.  Can you please resend with whatever's needed
on top of the current ppc-for-2.12.

> 
> Regards,
> BALATON Zoltan


-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 2/3] target/ppc: add hash MMU support on POWER9 for PowerNV only

[David Gibson]

On Fri, Feb 16, 2018 at 09:45:03AM +0100, Cédric Le Goater wrote:
> The HPTE bits definitions are slightly modified in ISA v3.0. Let's add
> some helpers to hide the differences in the hash MMU code.
> 
> On a POWER9 processor, the Partition Table is composed of a pair of
> doublewords per partition. The first doubleword indicates whether the
> partition uses HPT or Radix Trees translation and contains the address
> of the host's translation table structure and size.
> 
> The first doubleword of the PTCR holds the Hash Page Table base
> address for the host when the hash MMU is in use. Also add an helper
> to retrieve the HPT base address depending on the MMU revision.
> 
> Signed-off-by: Cédric Le Goater 
> ---
> 
>  Changes since v1:
> 
>  - introduced ppc64_v3_get_patbe0()
>  
>  hw/ppc/spapr_hcall.c   |  5 +++--
>  target/ppc/mmu-book3s-v3.h |  5 +
>  target/ppc/mmu-hash64.c| 48 
> +-
>  target/ppc/mmu-hash64.h| 34 ++--
>  4 files changed, 79 insertions(+), 13 deletions(-)
> 
> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> index 198656048063..738bf7cf5ed1 100644
> --- a/hw/ppc/spapr_hcall.c
> +++ b/hw/ppc/spapr_hcall.c
> @@ -94,7 +94,7 @@ static target_ulong h_enter(PowerPCCPU *cpu, 
> sPAPRMachineState *spapr,
>  return H_PARAMETER;
>  }
>  
> -raddr = (ptel & HPTE64_R_RPN) & ~((1ULL << apshift) - 1);
> +raddr = (ptel & ppc_hash64_hpte_r_rpn(cpu)) & ~((1ULL << apshift) - 1);
>  
>  if (is_ram_address(spapr, raddr)) {
>  /* Regular RAM - should have WIMG=0010 */
> @@ -586,7 +586,8 @@ static int rehash_hpte(PowerPCCPU *cpu,
>  
>  base_pg_shift = ppc_hash64_hpte_page_shift_noslb(cpu, pte0, pte1);
>  assert(base_pg_shift); /* H_ENTER shouldn't allow a bad encoding */
> -avpn = HPTE64_V_AVPN_VAL(pte0) & ~(((1ULL << base_pg_shift) - 1) >> 23);
> +avpn = ppc_hash64_hpte_v_avpn_val(cpu, pte0) &
> +~(((1ULL << base_pg_shift) - 1) >> 23);
>  
>  if (pte0 & HPTE64_V_SECONDARY) {
>  pteg = ~pteg;
> diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> index fdf80987d7b2..a7ab580c3140 100644
> --- a/target/ppc/mmu-book3s-v3.h
> +++ b/target/ppc/mmu-book3s-v3.h
> @@ -54,6 +54,11 @@ static inline bool ppc64_radix_guest(PowerPCCPU *cpu)
>  int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
>int mmu_idx);
>  
> +static inline hwaddr ppc64_v3_get_patbe0(PowerPCCPU *cpu)
> +{
> +return ldq_phys(CPU(cpu)->as, cpu->env.spr[SPR_PTCR] & PTCR_PATB);
> +}
> +
>  #endif /* TARGET_PPC64 */
>  
>  #endif /* CONFIG_USER_ONLY */
> diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
> index c9b72b742956..acaeaf82d59c 100644
> --- a/target/ppc/mmu-hash64.c
> +++ b/target/ppc/mmu-hash64.c
> @@ -289,6 +289,22 @@ target_ulong helper_load_slb_vsid(CPUPPCState *env, 
> target_ulong rb)
>  return rt;
>  }
>  
> +hwaddr ppc_hash64_hpt_reg(PowerPCCPU *cpu)
> +{
> +CPUPPCState *env = &cpu->env;
> +
> +if (env->mmu_model & POWERPC_MMU_V3) {
> +if (msr_hv) {
> +return ppc64_v3_get_patbe0(cpu);

This is the only caller, I think you might as well just open-code the
load here.

> +} else {
> +error_report("HPT Support Unimplemented");
> +exit(1);
> +}
> +} else {
> +return cpu->env.spr[SPR_SDR1];
> +}
> +}
> +
>  /* Check No-Execute or Guarded Storage */
>  static inline int ppc_hash64_pte_noexec_guard(PowerPCCPU *cpu,
>ppc_hash_pte64_t pte)
> @@ -451,8 +467,9 @@ void ppc_hash64_unmap_hptes(PowerPCCPU *cpu, const 
> ppc_hash_pte64_t *hptes,
>  false, n * HASH_PTE_SIZE_64);
>  }
>  
> -static unsigned hpte_page_shift(const struct ppc_one_seg_page_size *sps,
> -uint64_t pte0, uint64_t pte1)
> +static unsigned hpte_page_shift(PowerPCCPU *cpu,
> +const struct ppc_one_seg_page_size *sps,
> +uint64_t pte0, uint64_t pte1)
>  {
>  int i;
>  
> @@ -478,7 +495,7 @@ static unsigned hpte_page_shift(const struct 
> ppc_one_seg_page_size *sps,
>  continue;
>  }
>  
> -mask = ((1ULL << ps->page_shift) - 1) & HPTE64_R_RPN;
> +mask = ((1ULL << ps->page_shift) - 1) & ppc_hash64_hpte_r_rpn(cpu);
>  
>  if ((pte1 & mask) == ((uint64_t)ps->pte_enc << HPTE64_R_RPN_SHIFT)) {
>  return ps->page_shift;
> @@ -488,6 +505,18 @@ static unsigned hpte_page_shift(const struct 
> ppc_one_seg_page_size *sps,
>  return 0; /* Bad page size encoding */
>  }
>  
> +static bool ppc_hash64_hpte_v_compare(PowerPCCPU *cpu, target_ulong pte0,
> +  target_ulong ptem)
> +{
> +CPUPPCState *env = &cpu->env;
> +
> +if (env->mmu_model & POWERPC_MMU_V3) {
> +return HPTE64_V_COMPARE_3_0(pte0, ptem);
> +} els

Re: [Qemu-devel] [PATCH v2 1/3] target/ppc: add basic support for PTCR on POWER9

[David Gibson]

On Fri, Feb 16, 2018 at 09:45:02AM +0100, Cédric Le Goater wrote:
> The Partition Table Control Register (PTCR) is a hypervisor privileged
> SPR. It contains the host real address of the Partition Table and its
> size.
> 
> Signed-off-by: Cédric Le Goater 
> ---
> 
>  Changes since v1:
> 
>  - renamed partition table definitions to match ISA
>  - moved definitions under mmu-book3s-v3.h
>  
>  target/ppc/cpu.h|  2 ++
>  target/ppc/helper.h |  1 +
>  target/ppc/misc_helper.c| 12 
>  target/ppc/mmu-book3s-v3.h  |  6 ++
>  target/ppc/mmu_helper.c | 28 
>  target/ppc/translate.c  |  3 +++
>  target/ppc/translate_init.c | 18 ++
>  7 files changed, 70 insertions(+)
> 
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index 9f8cbbe7aa4d..53061229a0a8 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -1314,6 +1314,7 @@ int ppc_cpu_handle_mmu_fault(CPUState *cpu, vaddr 
> address, int size, int rw,
>  
>  #if !defined(CONFIG_USER_ONLY)
>  void ppc_store_sdr1 (CPUPPCState *env, target_ulong value);
> +void ppc_store_ptcr(CPUPPCState *env, target_ulong value);
>  #endif /* !defined(CONFIG_USER_ONLY) */
>  void ppc_store_msr (CPUPPCState *env, target_ulong value);
>  
> @@ -1605,6 +1606,7 @@ void ppc_compat_add_property(Object *obj, const char 
> *name,
>  #define SPR_BOOKE_GIVOR13 (0x1BC)
>  #define SPR_BOOKE_GIVOR14 (0x1BD)
>  #define SPR_TIR   (0x1BE)
> +#define SPR_PTCR  (0x1D0)
>  #define SPR_BOOKE_SPEFSCR (0x200)
>  #define SPR_Exxx_BBEAR(0x201)
>  #define SPR_Exxx_BBTAR(0x202)
> diff --git a/target/ppc/helper.h b/target/ppc/helper.h
> index 5b739179b8b5..19453c68138a 100644
> --- a/target/ppc/helper.h
> +++ b/target/ppc/helper.h
> @@ -709,6 +709,7 @@ DEF_HELPER_FLAGS_1(load_601_rtcu, TCG_CALL_NO_RWG, tl, 
> env)
>  #if !defined(CONFIG_USER_ONLY)
>  #if defined(TARGET_PPC64)
>  DEF_HELPER_FLAGS_1(load_purr, TCG_CALL_NO_RWG, tl, env)
> +DEF_HELPER_2(store_ptcr, void, env, tl)
>  #endif
>  DEF_HELPER_2(store_sdr1, void, env, tl)
>  DEF_HELPER_2(store_pidr, void, env, tl)
> diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
> index 0e4217821b8e..8c8cba5cc6f1 100644
> --- a/target/ppc/misc_helper.c
> +++ b/target/ppc/misc_helper.c
> @@ -88,6 +88,18 @@ void helper_store_sdr1(CPUPPCState *env, target_ulong val)
>  }
>  }
>  
> +#if defined(TARGET_PPC64)
> +void helper_store_ptcr(CPUPPCState *env, target_ulong val)
> +{
> +PowerPCCPU *cpu = ppc_env_get_cpu(env);
> +
> +if (env->spr[SPR_PTCR] != val) {
> +ppc_store_ptcr(env, val);
> +tlb_flush(CPU(cpu));
> +}
> +}
> +#endif /* defined(TARGET_PPC64) */
> +
>  void helper_store_pidr(CPUPPCState *env, target_ulong val)
>  {
>  PowerPCCPU *cpu = ppc_env_get_cpu(env);
> diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> index 56095dab522c..fdf80987d7b2 100644
> --- a/target/ppc/mmu-book3s-v3.h
> +++ b/target/ppc/mmu-book3s-v3.h
> @@ -22,6 +22,12 @@
>  
>  #ifndef CONFIG_USER_ONLY
>  
> +/*
> + * Partition table definitions
> + */
> +#define PTCR_PATB   0x0000ULL /* Partition Table 
> Base */
> +#define PTCR_PATS   0x001FULL /* Partition Table 
> Size */
> +
>  /* Partition Table Entry Fields */
>  #define PATBE1_GR 0x8000
>  
> diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
> index 5568d1642b34..82e63552f617 100644
> --- a/target/ppc/mmu_helper.c
> +++ b/target/ppc/mmu_helper.c
> @@ -2028,6 +2028,34 @@ void ppc_store_sdr1(CPUPPCState *env, target_ulong 
> value)
>  env->spr[SPR_SDR1] = value;
>  }
>  
> +#if defined(TARGET_PPC64)
> +void ppc_store_ptcr(CPUPPCState *env, target_ulong value)
> +{
> +PowerPCCPU *cpu = ppc_env_get_cpu(env);
> +qemu_log_mask(CPU_LOG_MMU, "%s: " TARGET_FMT_lx "\n", __func__, value);
> +
> +assert(!cpu->vhyp);
> +
> +if (env->mmu_model & POWERPC_MMU_V3) {

If it's not MMUv3, the PTCR shouldn't exist, right?  So couldn't this
just be an assert?

> +target_ulong ptcr_mask = PTCR_PATB | PTCR_PATS;
> +target_ulong ptas = value & PTCR_PATS;

Any reason it's "ptas" on the left and "PATS" on the right?

> +
> +if (value & ~ptcr_mask) {
> +error_report("Invalid bits 0x"TARGET_FMT_lx" set in PTCR",
> + value & ~ptcr_mask);
> +value &= ptcr_mask;
> +}
> +if (ptas > 28) {
> +error_report("Invalid PTAS 0x" TARGET_FMT_lx" stored in PTCR",
> + ptas);
> +return;
> +}

Is masking / ignoring incorrect values correct, or should it generate
a 0x700?

> +}
> +env->spr[SPR_PTCR] = value;
> +}
> +
> +#endif /* defined(TARGET_PPC64) */
> +
>  /* Segment registers load and store */
>  target_ulong helper_load_sr(CPUPPCState *env, target_ulong sr_num)
>  {
> diff --git a/target/ppc/translate.c b/target/ppc

Re: [Qemu-devel] [PATCH] spapr: fix missing CPU core nodes in DT when running with TCG

[David Gibson]

On Fri, Feb 16, 2018 at 07:58:06PM +0100, Greg Kurz wrote:
> Commit 5d0fb1508e2d "spapr: consolidate the VCPU id numbering logic
> in a single place" introduced a helper to detect thread0 of a virtual
> core based on its VCPU id. This is used to create CPU core nodes in
> the DT, but it is broken in TCG.
> 
> $ qemu-system-ppc64 -nographic -accel tcg -machine dumpdtb=dtb.bin \
> -smp cores=16,maxcpus=16,threads=1
> $ dtc -f -O dts dtb.bin | grep POWER8
> PowerPC,POWER8@0 {
> PowerPC,POWER8@8 {
> 
> instead of the expected 16 cores that we get with KVM:
> 
> $ dtc -f -O dts dtb.bin | grep POWER8
> PowerPC,POWER8@0 {
> PowerPC,POWER8@8 {
> PowerPC,POWER8@10 {
> PowerPC,POWER8@18 {
> PowerPC,POWER8@20 {
> PowerPC,POWER8@28 {
> PowerPC,POWER8@30 {
> PowerPC,POWER8@38 {
> PowerPC,POWER8@40 {
> PowerPC,POWER8@48 {
> PowerPC,POWER8@50 {
> PowerPC,POWER8@58 {
> PowerPC,POWER8@60 {
> PowerPC,POWER8@68 {
> PowerPC,POWER8@70 {
> PowerPC,POWER8@78 {
> 
> This happens because spapr_get_vcpu_id() maps VCPU ids to
> cs->cpu_index in TCG mode. This confuses the code in
> spapr_is_thread0_in_vcore(), since it assumes thread0 VCPU
> ids to have a spapr->vsmt spacing.
> 
> spapr_get_vcpu_id(cpu) % spapr->vsmt == 0
> 
> Actually, there's no real reason to expose cs->cpu_index instead
> of the VCPU id, since we also generate it with TCG. Also we already
> set it explicitly in spapr_set_vcpu_id(), so there's no real reason
> either to call kvm_arch_vcpu_id() with KVM.
> 
> This patch unifies spapr_get_vcpu_id() to always return the computed
> VCPU id both in TCG and KVM. This is one step forward towards KVM<->TCG
> migration.
> 
> Fixes: 5d0fb1508e2d
> Reported-by: Cédric Le Goater 
> Signed-off-by: Greg Kurz 

Applied, thanks.

> ---
>  hw/ppc/spapr.c |8 +---
>  1 file changed, 1 insertion(+), 7 deletions(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 83c9d66dd56f..d6fd0e666e74 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -3810,13 +3810,7 @@ static void 
> spapr_pic_print_info(InterruptStatsProvider *obj,
>  
>  int spapr_get_vcpu_id(PowerPCCPU *cpu)
>  {
> -CPUState *cs = CPU(cpu);
> -
> -if (kvm_enabled()) {
> -return kvm_arch_vcpu_id(cs);
> -} else {
> -return cs->cpu_index;
> -}
> +return cpu->vcpu_id;
>  }
>  
>  void spapr_set_vcpu_id(PowerPCCPU *cpu, int cpu_index, Error **errp)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] e1000e: MSI-X problem with recent Linux drivers

[Jan Kiszka]

Hi,

I've just noticed that the e1000e model does not work with its recent
Linux kernel driver. This is my test matrix:

Kernel  INTx (IntMode=0)MSI-X
4.4 OK  OK
4.14OK  no link
master  OK  no link

In MSI-X mode, there are few interrupts arriving:
[...]
 25:  0  0  0  0  IR-PCI-MSI 32768-edge  
enp0s2-rx-0
 26:  0  0  0  0  IR-PCI-MSI 32769-edge  
enp0s2-tx-0
 27:  0  2  0  0  IR-PCI-MSI 32770-edge  
enp0s2

QEMU versions tested without differences: v2.8, v2.9, master.

Any ideas what could go wrong, and where?

Jan



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] linux-user: Support f_flags in statfs when available.

[Shea Levy]

Signed-off-by: Shea Levy 
---
 configure | 20 +
 linux-user/syscall.c  |  3 +++
 linux-user/syscall_defs.h | 56 +++
 3 files changed, 79 insertions(+)

diff --git a/configure b/configure
index 913e14839d..52fe2bf941 100755
--- a/configure
+++ b/configure
@@ -5303,6 +5303,22 @@ if compile_prog "" "" ; then
 have_utmpx=yes
 fi
 
+##
+# Check for newer fields of struct statfs on Linux
+
+if test "$linux_user" = "yes"; then
+  cat > $TMPC <
+
+int main(void) {
+  struct statfs fs;
+  fs.f_flags = 0;
+}
+EOF
+  if compile_object ; then
+  have_statfs_flags=yes
+  fi
+fi
 ##
 # checks for sanitizers
 
@@ -6518,6 +6534,10 @@ if test "$have_utmpx" = "yes" ; then
   echo "HAVE_UTMPX=y" >> $config_host_mak
 fi
 
+if test "$have_statfs_flags" = "yes" ; then
+  echo "HAVE_STATFS_FLAGS=y" >> $config_host_mak
+fi
+
 if test "$ivshmem" = "yes" ; then
   echo "CONFIG_IVSHMEM=y" >> $config_host_mak
 fi
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 82b35a6bdf..77481eca2c 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9534,6 +9534,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
 __put_user(stfs.f_namelen, &target_stfs->f_namelen);
 __put_user(stfs.f_frsize, &target_stfs->f_frsize);
+#ifdef HAVE_STATFS_FLAGS
+__put_user(stfs.f_flags, &target_stfs->f_flags);
+#endif
 memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
 unlock_user_struct(target_stfs, arg2, 1);
 }
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index a35c52a60a..9f90451caf 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -362,7 +362,14 @@ struct kernel_statfs {
int f_ffree;
 kernel_fsid_t f_fsid;
int f_namelen;
+#ifdef HAVE_STATFS_FLAGS
+   int f_frsize;
+   int f_flags;
+   int f_spare[4];
+#else
int f_spare[6];
+#endif
+
 };
 
 struct target_dirent {
@@ -2223,7 +2230,13 @@ struct target_statfs {
/* Linux specials */
target_fsid_t   f_fsid;
int32_t f_namelen;
+#ifdef HAVE_STATFS_FLAGS
+   int32_t f_frsize;
+   int32_t f_flags;
+   int32_t f_spare[4];
+#else
int32_t f_spare[6];
+#endif
 };
 #else
 struct target_statfs {
@@ -2239,7 +2252,13 @@ struct target_statfs {
/* Linux specials */
target_fsid_t   f_fsid;
abi_longf_namelen;
+#ifdef HAVE_STATFS_FLAGS
+   abi_longf_frsize;
+   abi_longf_flags;
+   abi_longf_spare[4];
+#else
abi_longf_spare[6];
+#endif
 };
 #endif
 
@@ -2255,7 +2274,13 @@ struct target_statfs64 {
uint64_tf_bavail;
target_fsid_t   f_fsid;
uint32_tf_namelen;
+#ifdef HAVE_STATFS_FLAGS
+   uint32_tf_frsize;
+   uint32_tf_flags;
+   uint32_tf_spare[4];
+#else
uint32_tf_spare[6];
+#endif
 };
 #elif (defined(TARGET_PPC64) || defined(TARGET_X86_64) || \
defined(TARGET_SPARC64) || defined(TARGET_AARCH64)) && \
@@ -2271,7 +2296,12 @@ struct target_statfs {
target_fsid_t f_fsid;
abi_long f_namelen;
abi_long f_frsize;
+#ifdef HAVE_STATFS_FLAGS
+   abi_long f_flags;
+   abi_long f_spare[4];
+#else
abi_long f_spare[5];
+#endif
 };
 
 struct target_statfs64 {
@@ -2285,7 +2315,12 @@ struct target_statfs64 {
target_fsid_t f_fsid;
abi_long f_namelen;
abi_long f_frsize;
+#ifdef HAVE_STATFS_FLAGS
+   abi_long f_flags;
+   abi_long f_spare[4];
+#else
abi_long f_spare[5];
+#endif
 };
 #elif defined(TARGET_S390X)
 struct target_statfs {
@@ -2299,7 +2334,13 @@ struct target_statfs {
 kernel_fsid_t f_fsid;
 int32_t  f_namelen;
 int32_t  f_frsize;
+#ifdef HAVE_STATFS_FLAGS
+int32_t  f_flags;
+int32_t  f_spare[4];
+#else
 int32_t  f_spare[5];
+#endif
+
 };
 
 struct target_statfs64 {
@@ -2313,7 +2354,12 @@ struct target_statfs64 {
 kernel_fsid_t f_fsid;
 int32_t  f_namelen;
 int32_t  f_frsize;
+#ifdef HAVE_STATFS_FLAGS
+int32_t  f_flags;
+int32_t  f_spare[4];
+#else
 int32_t  f_spare[5];
+#endif
 };
 #else
 struct target_statfs {
@@ -2327,7 +2373,12 @@ struct target_statfs {
target_fsid_t f_fsid;
uint32_t f_namelen;
uint32_t f_frsize;
+#ifdef HAVE_STATFS_FLAGS
+   uint32_t f_flags;
+   uint32_t f_spare[4];
+#else
uint32_t f_spare[5];
+#endif
 };
 
 struct target_statfs64 {
@@ -2341,7 +2392,12 @@ struct target_statfs64 {
target_fsid_t f_fsid;
 uint32_t f_namelen;
uint32_t 

Re: [Qemu-devel] [PATCH 3/3] target/sparc: convert to TranslatorOps

[Richard Henderson]

On 02/15/2018 03:17 PM, Emilio G. Cota wrote:
> +(dc->pc - dc->base.pc_first) >= (TARGET_PAGE_SIZE - 32)) {

What is this, and why is it not a bug to be fixed via elimination?
Surely this condition is covered by the normal max_insns test.


r~

Re: [Qemu-devel] [PATCH 1/3] target/sparc: convert to DisasJumpType

[Richard Henderson]

On 02/15/2018 03:17 PM, Emilio G. Cota wrote:
> Signed-off-by: Emilio G. Cota 
> ---
>  target/sparc/translate.c | 27 +++
>  1 file changed, 15 insertions(+), 12 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH 2/3] target/sparc: convert to DisasContextBase

[Richard Henderson]

On 02/15/2018 03:17 PM, Emilio G. Cota wrote:
> - The original meaning of ctx.singlestep is
> cs->singlestep_enabled || singlestep
>   , which required a little extra work since base.singlestep_enabled
>   only gets its value from cs->singlestep_enabled.

These sort of inconsistencies should be fixed, not preserved.


r~

[Qemu-devel] Multiqueue block layer

[Stefan Hajnoczi]

Paolo's patches have been getting us closer to multiqueue block layer
support but there is a final set of changes required that has become
clearer to me just recently.  I'm curious if this matches Paolo's
vision and whether anyone else has comments.

Multiqueue block layer means that I/O requests for a single disk image
can be processed by multiple threads safely.  Requests will be
processed simultaneously where possible, but in some cases
synchronization is necessary to protect shared metadata.

Imagine a virtio-blk device with multiple virtqueues, each with an
ioeventfd that is handled by a different IOThread.  Each IOThread
should be able to process I/O requests and invoke completion functions
in the AioContext that submitted the request.

Paolo has made key parts of AioContext and coroutine locks (e.g.
CoQueue) thread-safe.  Coroutine code can therefore safely execute in
multiple IOThreads and locking works correctly.

That's not to say that block layer code and block drivers are
thread-safe today.  They are not because some code still relies on the
fact that coroutines only execute in one AioContext.  They rely on the
AioContext acquire/release lock for thread safety.

We need to push the AioContext lock down into BlockDriverState so that
thread-safety is not tied to a single AioContext but to the
BlockDriverState itself.  We also need to audit block layer code to
identify places that assume everything is run from a single
AioContext.

After this is done the final piece is to eliminate
bdrv_set_aio_context().  BlockDriverStates should not be associated
with an AioContext.  Instead they should use whichever AioContext they
are invoked under.  The current thread's AioContext can be fetched
using qemu_get_current_aio_context().  This is either the main loop
AioContext or an IOThread AioContext.

The .bdrv_attach/detach_aio_context() callbacks will no longer be
necessary in a world where block driver code is thread-safe and any
AioContext can be used.

bdrv_drain_all() and friends do not require extensive modifications
because the bdrv_wakeup() mechanism already works properly when there
are multiple IOThreads involved.

Block jobs no longer need to be in the same AioContext as the
BlockDriverState.  For simplicity we may choose to always run them in
the main loop AioContext by default.  This may have a performance
impact on tight loops like bdrv_is_allocated() and the initial
mirroring phase, but maybe not.

The upshot of all this is that bdrv_set_aio_context() goes away while
all block driver code needs to be more aware of thread-safety.  It can
no longer assume that everything is called from one AioContext.

We should optimize file-posix.c and qcow2.c for maximum parallelism
using fine-grained locks and other techniques.  The remaining block
drivers can use one CoMutex per BlockDriverState.

I'm excited that we're relatively close to multiqueue now.  I don't
want to jinx it by saying 2018 is the year of the multiqueue block
layer, but I'll say it anyway :).

Thoughts?

Stefan

[Qemu-devel] [RFC, PATCH, v1] hw/audio/opl2lpt: add support for OPL2LPT

[Vincent Bernat]

OPL2LPT is an OPL2 chip on the parallel port. It can be programmed
mostly like an OPL2 chip, except it is write-only. Timers are
therefore not usable and we emulate a simplified version of them: they
expire immediately (in the future, this could be updated to properly
emulate them). Timers are usually only used to detect the card.

The driver needs a parallel port to be usable:

-chardev parport,id=parport0,path=/dev/parport0
-device opl2lpt,chardev=parport0

>From a timing perspective, usleep() is used to ensure to give enough
time to OPL2 to react properly. Ideally, the timing should be handled
by the game, but testing with Indy3, this didn't work. I have also
tried to be smarter by sleeping less depending on the current clock
but a few glitches were still present. With the current approach,
Indy3 is able to use the sound card without a glitch. The DOS driver
doesn't add delays (but it doesn't work on QEMU either due to similar
issues, so it may be a clue).

On shutdown, the OPL2 chip should be reset to not continue sustaining
a note. I was unable to find the appropriate function to
register (unrealize callback is not called on shutdown and
qemu_register() isn't always called on shutdown either). The user has
to reset the VM, then stop it if they don't want to reset the OPL2LPT
manually.

Signed-off-by: Vincent Bernat 
---
 default-configs/sound.mak |   1 +
 hw/audio/Makefile.objs|   1 +
 hw/audio/opl2lpt.c| 211 ++
 hw/audio/soundhw.c|   2 +-
 4 files changed, 214 insertions(+), 1 deletion(-)
 create mode 100644 hw/audio/opl2lpt.c

diff --git a/default-configs/sound.mak b/default-configs/sound.mak
index 4f22c34b5dac..d18725a1ea30 100644
--- a/default-configs/sound.mak
+++ b/default-configs/sound.mak
@@ -1,4 +1,5 @@
 CONFIG_SB16=y
 CONFIG_ADLIB=y
+CONFIG_OPL2LPT=y
 CONFIG_GUS=y
 CONFIG_CS4231A=y
diff --git a/hw/audio/Makefile.objs b/hw/audio/Makefile.objs
index 63db383709a1..274d5faa504a 100644
--- a/hw/audio/Makefile.objs
+++ b/hw/audio/Makefile.objs
@@ -3,6 +3,7 @@ common-obj-$(CONFIG_SB16) += sb16.o
 common-obj-$(CONFIG_ES1370) += es1370.o
 common-obj-$(CONFIG_AC97) += ac97.o
 common-obj-$(CONFIG_ADLIB) += fmopl.o adlib.o
+common-obj-$(CONFIG_OPL2LPT) += opl2lpt.o
 common-obj-$(CONFIG_GUS) += gus.o gusemu_hal.o gusemu_mixer.o
 common-obj-$(CONFIG_CS4231A) += cs4231a.o
 common-obj-$(CONFIG_HDA) += intel-hda.o hda-codec.o
diff --git a/hw/audio/opl2lpt.c b/hw/audio/opl2lpt.c
new file mode 100644
index ..53286504c8cd
--- /dev/null
+++ b/hw/audio/opl2lpt.c
@@ -0,0 +1,211 @@
+/*
+ * QEMU Proxy for OPL2LPT
+ *
+ * Copyright (c) 2018 Vincent Bernat
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/* TODO: emulate timers */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/hw.h"
+#include "hw/audio/soundhw.h"
+#include "audio/audio.h"
+#include "hw/isa/isa.h"
+#include "chardev/char-parallel.h"
+#include "chardev/char-fe.h"
+
+#define DEBUG
+
+#define OPL2LPT_DESC "OPL2LPT (Yamaha YM3812 over parallel port)"
+
+#define dolog(...) AUD_log("opl2lpt", __VA_ARGS__)
+#ifdef DEBUG
+#define ldebug(...) dolog(__VA_ARGS__)
+#else
+#define ldebug(...)
+#endif
+
+#define TYPE_OPL2LPT "opl2lpt"
+#define OPL2LPT(obj) OBJECT_CHECK(Opl2lptState, (obj), TYPE_OPL2LPT)
+
+#define PP_NOT_STROBE  0x1
+#define PP_NOT_AUTOFD  0x2
+#define PP_INIT0x4
+#define PP_NOT_SELECT  0x8
+
+typedef struct {
+ISADevice parent_obj;
+
+uint8_t address;
+uint8_t timer_reg;
+int64_t last_clock;
+PortioList port_list;
+CharBackend chr;
+} Opl2lptState;
+
+static void opl2lpt_lpt_write(Opl2lptState *s, uint8_t d, uint8_t c)
+{
+qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_PP_WRITE_DATA, &d);
+qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_PP_WRITE_CONTROL, &c);
+c ^= PP_INIT;
+qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_PP_WRITE_CONTROL, &c);
+c ^= PP_INIT;
+qemu_chr_fe_ioctl(&s->chr, CHR

[Qemu-devel] [Bug 1750229] Re: virtio-blk-pci regression: softlock in guest kernel at module loading

[Matwey V. Kornilov]

** Attachment added: ".build.initrd.kvm"
   
https://bugs.launchpad.net/qemu/+bug/1750229/+attachment/5057654/+files/.build.initrd.kvm

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1750229

Title:
  virtio-blk-pci regression: softlock in guest kernel at module loading

Status in QEMU:
  New

Bug description:
  Hello,

  I am running qemu from master git branch on x86_64 host with kernel is
  4.4.114. I've found that commit

  9a4c0e220d8a "hw/virtio-pci: fix virtio behaviour"

  introduces an regression with the following command:

  qemu-system-x86_64 -enable-kvm -nodefaults -no-reboot -nographic
  -vga none -runas qemu -kernel .build.kernel.kvm -initrd
  .build.initrd.kvm -append 'panic=1 softlockup_panic=1 no-kvmclock
  nmi_watchdog=0 console=ttyS0 root=/dev/disk/by-id/virtio-0' -m 2048
  -drive file=./root,format=raw,if=none,id=disk,serial=0,cache=unsafe
  -device virtio-blk-pci,drive=disk -serial stdio -smp 2

  Starting from this commit to master the following happens with a wide
  variety of guest kernels (4.4 to 4.15):

  [   62.428107] BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=-20 
stuck for 59s!
  [   62.437426] Showing busy workqueues and worker pools:
  [   62.443117] workqueue events: flags=0x0
  [   62.447512]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256
  [   62.448161] pending: check_corruption
  [   62.458570] workqueue kblockd: flags=0x18
  [   62.463082]   pwq 1: cpus=0 node=0 flags=0x0 nice=-20 active=3/256
  [   62.463082] in-flight: 4:blk_mq_run_work_fn
  [   62.463082] pending: blk_mq_run_work_fn, blk_mq_timeout_work
  [   62.474831] pool 1: cpus=0 node=0 flags=0x0 nice=-20 hung=59s workers=2 
idle: 214
  [   62.492121] INFO: rcu_preempt detected stalls on CPUs/tasks:
  [   62.492121]  Tasks blocked on level-0 rcu_node (CPUs 0-1): P4
  [   62.492121]  (detected by 0, t=15002 jiffies, g=-130, c=-131, q=32)
  [   62.492121] kworker/0:0HR  running task0 4  2 
0x8000
  [   62.492121] Workqueue: kblockd blk_mq_run_work_fn
  [   62.492121] Call Trace:
  [   62.492121]  
  [   62.492121]  sched_show_task+0xdf/0x100
  [   62.492121]  rcu_print_detail_task_stall_rnp+0x48/0x69
  [   62.492121]  rcu_check_callbacks+0x93d/0x9d0
  [   62.492121]  ? tick_sched_do_timer+0x40/0x40
  [   62.492121]  update_process_times+0x28/0x50
  [   62.492121]  tick_sched_handle+0x22/0x70
  [   62.492121]  tick_sched_timer+0x34/0x70
  [   62.492121]  __hrtimer_run_queues+0xcc/0x250
  [   62.492121]  hrtimer_interrupt+0xab/0x1f0
  [   62.492121]  smp_apic_timer_interrupt+0x62/0x150
  [   62.492121]  apic_timer_interrupt+0xa2/0xb0
  [   62.492121]  
  [   62.492121] RIP: 0010:iowrite16+0x1d/0x30
  [   62.492121] RSP: 0018:a477c034fcc8 EFLAGS: 00010292 ORIG_RAX: 
ff11
  [   62.492121] RAX: a24fbdb0 RBX: 92a1f8f82000 RCX: 
0001
  [   62.492121] RDX: a477c0371000 RSI: a477c0371000 RDI: 

  [   62.492121] RBP: 0001 R08:  R09: 
01080020
  [   62.492121] R10: dc7cc1e4fc00 R11:  R12: 

  [   62.492121] R13:  R14: 92a1f93f R15: 
92a1f8e1aa80
  [   62.492121]  ? vp_synchronize_vectors+0x60/0x60
  [   62.492121]  vp_notify+0x12/0x20
  [   62.492121]  virtqueue_notify+0x18/0x30
  [   62.492121]  virtio_queue_rq+0x2f5/0x300 [virtio_blk]
  [   62.492121]  blk_mq_dispatch_rq_list+0x7e/0x4a0
  [   62.492121]  blk_mq_do_dispatch_sched+0x4a/0xd0
  [   62.492121]  blk_mq_sched_dispatch_requests+0x106/0x170
  [   62.492121]  __blk_mq_run_hw_queue+0x80/0x90
  [   62.492121]  process_one_work+0x1e3/0x420
  [   62.492121]  worker_thread+0x2b/0x3d0
  [   62.492121]  ? process_one_work+0x420/0x420
  [   62.492121]  kthread+0x113/0x130
  [   62.492121]  ? kthread_create_worker_on_cpu+0x50/0x50
  [   62.492121]  ret_from_fork+0x3a/0x50
  [   62.492121] kworker/0:0HR  running task0 4  2 
0x8000
  [   62.492121] Workqueue: kblockd blk_mq_run_work_fn
  [   62.492121] Call Trace:
  [   62.492121]  
  [   62.492121]  sched_show_task+0xdf/0x100
  [   62.492121]  rcu_print_detail_task_stall_rnp+0x48/0x69
  [   62.492121]  rcu_check_callbacks+0x972/0x9d0
  [   62.492121]  ? tick_sched_do_timer+0x40/0x40
  [   62.492121]  update_process_times+0x28/0x50
  [   62.492121]  tick_sched_handle+0x22/0x70
  [   62.492121]  tick_sched_timer+0x34/0x70
  [   62.492121]  __hrtimer_run_queues+0xcc/0x250
  [   62.492121]  hrtimer_interrupt+0xab/0x1f0
  [   62.492121]  smp_apic_timer_interrupt+0x62/0x150
  [   62.492121]  apic_timer_interrupt+0xa2/0xb0
  [   62.492121]  
  [   62.492121] RIP: 0010:iowrite16+0x1d/0x30
  [   62.492121] RSP: 0018:a477c034fcc8 EFLAGS: 00010292 ORIG_RAX: 
ff11
  [   62.492121] RAX: a24fbdb0 RBX: 92a1f8f82000 RCX: 
0001
  [   62.492121] RDX: a477

[Qemu-devel] [Bug 1750229] Re: virtio-blk-pci regression: softlock in guest kernel at module loading

[Matwey V. Kornilov]

** Attachment added: ".build.kernel.kvm"
   
https://bugs.launchpad.net/qemu/+bug/1750229/+attachment/5057653/+files/.build.kernel.kvm

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1750229

Title:
  virtio-blk-pci regression: softlock in guest kernel at module loading

Status in QEMU:
  New

Bug description:
  Hello,

  I am running qemu from master git branch on x86_64 host with kernel is
  4.4.114. I've found that commit

  9a4c0e220d8a "hw/virtio-pci: fix virtio behaviour"

  introduces an regression with the following command:

  qemu-system-x86_64 -enable-kvm -nodefaults -no-reboot -nographic
  -vga none -runas qemu -kernel .build.kernel.kvm -initrd
  .build.initrd.kvm -append 'panic=1 softlockup_panic=1 no-kvmclock
  nmi_watchdog=0 console=ttyS0 root=/dev/disk/by-id/virtio-0' -m 2048
  -drive file=./root,format=raw,if=none,id=disk,serial=0,cache=unsafe
  -device virtio-blk-pci,drive=disk -serial stdio -smp 2

  Starting from this commit to master the following happens with a wide
  variety of guest kernels (4.4 to 4.15):

  [   62.428107] BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=-20 
stuck for 59s!
  [   62.437426] Showing busy workqueues and worker pools:
  [   62.443117] workqueue events: flags=0x0
  [   62.447512]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256
  [   62.448161] pending: check_corruption
  [   62.458570] workqueue kblockd: flags=0x18
  [   62.463082]   pwq 1: cpus=0 node=0 flags=0x0 nice=-20 active=3/256
  [   62.463082] in-flight: 4:blk_mq_run_work_fn
  [   62.463082] pending: blk_mq_run_work_fn, blk_mq_timeout_work
  [   62.474831] pool 1: cpus=0 node=0 flags=0x0 nice=-20 hung=59s workers=2 
idle: 214
  [   62.492121] INFO: rcu_preempt detected stalls on CPUs/tasks:
  [   62.492121]  Tasks blocked on level-0 rcu_node (CPUs 0-1): P4
  [   62.492121]  (detected by 0, t=15002 jiffies, g=-130, c=-131, q=32)
  [   62.492121] kworker/0:0HR  running task0 4  2 
0x8000
  [   62.492121] Workqueue: kblockd blk_mq_run_work_fn
  [   62.492121] Call Trace:
  [   62.492121]  
  [   62.492121]  sched_show_task+0xdf/0x100
  [   62.492121]  rcu_print_detail_task_stall_rnp+0x48/0x69
  [   62.492121]  rcu_check_callbacks+0x93d/0x9d0
  [   62.492121]  ? tick_sched_do_timer+0x40/0x40
  [   62.492121]  update_process_times+0x28/0x50
  [   62.492121]  tick_sched_handle+0x22/0x70
  [   62.492121]  tick_sched_timer+0x34/0x70
  [   62.492121]  __hrtimer_run_queues+0xcc/0x250
  [   62.492121]  hrtimer_interrupt+0xab/0x1f0
  [   62.492121]  smp_apic_timer_interrupt+0x62/0x150
  [   62.492121]  apic_timer_interrupt+0xa2/0xb0
  [   62.492121]  
  [   62.492121] RIP: 0010:iowrite16+0x1d/0x30
  [   62.492121] RSP: 0018:a477c034fcc8 EFLAGS: 00010292 ORIG_RAX: 
ff11
  [   62.492121] RAX: a24fbdb0 RBX: 92a1f8f82000 RCX: 
0001
  [   62.492121] RDX: a477c0371000 RSI: a477c0371000 RDI: 

  [   62.492121] RBP: 0001 R08:  R09: 
01080020
  [   62.492121] R10: dc7cc1e4fc00 R11:  R12: 

  [   62.492121] R13:  R14: 92a1f93f R15: 
92a1f8e1aa80
  [   62.492121]  ? vp_synchronize_vectors+0x60/0x60
  [   62.492121]  vp_notify+0x12/0x20
  [   62.492121]  virtqueue_notify+0x18/0x30
  [   62.492121]  virtio_queue_rq+0x2f5/0x300 [virtio_blk]
  [   62.492121]  blk_mq_dispatch_rq_list+0x7e/0x4a0
  [   62.492121]  blk_mq_do_dispatch_sched+0x4a/0xd0
  [   62.492121]  blk_mq_sched_dispatch_requests+0x106/0x170
  [   62.492121]  __blk_mq_run_hw_queue+0x80/0x90
  [   62.492121]  process_one_work+0x1e3/0x420
  [   62.492121]  worker_thread+0x2b/0x3d0
  [   62.492121]  ? process_one_work+0x420/0x420
  [   62.492121]  kthread+0x113/0x130
  [   62.492121]  ? kthread_create_worker_on_cpu+0x50/0x50
  [   62.492121]  ret_from_fork+0x3a/0x50
  [   62.492121] kworker/0:0HR  running task0 4  2 
0x8000
  [   62.492121] Workqueue: kblockd blk_mq_run_work_fn
  [   62.492121] Call Trace:
  [   62.492121]  
  [   62.492121]  sched_show_task+0xdf/0x100
  [   62.492121]  rcu_print_detail_task_stall_rnp+0x48/0x69
  [   62.492121]  rcu_check_callbacks+0x972/0x9d0
  [   62.492121]  ? tick_sched_do_timer+0x40/0x40
  [   62.492121]  update_process_times+0x28/0x50
  [   62.492121]  tick_sched_handle+0x22/0x70
  [   62.492121]  tick_sched_timer+0x34/0x70
  [   62.492121]  __hrtimer_run_queues+0xcc/0x250
  [   62.492121]  hrtimer_interrupt+0xab/0x1f0
  [   62.492121]  smp_apic_timer_interrupt+0x62/0x150
  [   62.492121]  apic_timer_interrupt+0xa2/0xb0
  [   62.492121]  
  [   62.492121] RIP: 0010:iowrite16+0x1d/0x30
  [   62.492121] RSP: 0018:a477c034fcc8 EFLAGS: 00010292 ORIG_RAX: 
ff11
  [   62.492121] RAX: a24fbdb0 RBX: 92a1f8f82000 RCX: 
0001
  [   62.492121] RDX: a477

[Qemu-devel] [Bug 1750229] [NEW] virtio-blk-pci regression: softlock in guest kernel at module loading

[Matwey V. Kornilov]

Public bug reported:

Hello,

I am running qemu from master git branch on x86_64 host with kernel is
4.4.114. I've found that commit

9a4c0e220d8a "hw/virtio-pci: fix virtio behaviour"

introduces an regression with the following command:

qemu-system-x86_64 -enable-kvm -nodefaults -no-reboot -nographic
-vga none -runas qemu -kernel .build.kernel.kvm -initrd
.build.initrd.kvm -append 'panic=1 softlockup_panic=1 no-kvmclock
nmi_watchdog=0 console=ttyS0 root=/dev/disk/by-id/virtio-0' -m 2048
-drive file=./root,format=raw,if=none,id=disk,serial=0,cache=unsafe
-device virtio-blk-pci,drive=disk -serial stdio -smp 2

Starting from this commit to master the following happens with a wide
variety of guest kernels (4.4 to 4.15):

[   62.428107] BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=-20 
stuck for 59s!
[   62.437426] Showing busy workqueues and worker pools:
[   62.443117] workqueue events: flags=0x0
[   62.447512]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256
[   62.448161] pending: check_corruption
[   62.458570] workqueue kblockd: flags=0x18
[   62.463082]   pwq 1: cpus=0 node=0 flags=0x0 nice=-20 active=3/256
[   62.463082] in-flight: 4:blk_mq_run_work_fn
[   62.463082] pending: blk_mq_run_work_fn, blk_mq_timeout_work
[   62.474831] pool 1: cpus=0 node=0 flags=0x0 nice=-20 hung=59s workers=2 
idle: 214
[   62.492121] INFO: rcu_preempt detected stalls on CPUs/tasks:
[   62.492121]  Tasks blocked on level-0 rcu_node (CPUs 0-1): P4
[   62.492121]  (detected by 0, t=15002 jiffies, g=-130, c=-131, q=32)
[   62.492121] kworker/0:0HR  running task0 4  2 0x8000
[   62.492121] Workqueue: kblockd blk_mq_run_work_fn
[   62.492121] Call Trace:
[   62.492121]  
[   62.492121]  sched_show_task+0xdf/0x100
[   62.492121]  rcu_print_detail_task_stall_rnp+0x48/0x69
[   62.492121]  rcu_check_callbacks+0x93d/0x9d0
[   62.492121]  ? tick_sched_do_timer+0x40/0x40
[   62.492121]  update_process_times+0x28/0x50
[   62.492121]  tick_sched_handle+0x22/0x70
[   62.492121]  tick_sched_timer+0x34/0x70
[   62.492121]  __hrtimer_run_queues+0xcc/0x250
[   62.492121]  hrtimer_interrupt+0xab/0x1f0
[   62.492121]  smp_apic_timer_interrupt+0x62/0x150
[   62.492121]  apic_timer_interrupt+0xa2/0xb0
[   62.492121]  
[   62.492121] RIP: 0010:iowrite16+0x1d/0x30
[   62.492121] RSP: 0018:a477c034fcc8 EFLAGS: 00010292 ORIG_RAX: 
ff11
[   62.492121] RAX: a24fbdb0 RBX: 92a1f8f82000 RCX: 0001
[   62.492121] RDX: a477c0371000 RSI: a477c0371000 RDI: 
[   62.492121] RBP: 0001 R08:  R09: 01080020
[   62.492121] R10: dc7cc1e4fc00 R11:  R12: 
[   62.492121] R13:  R14: 92a1f93f R15: 92a1f8e1aa80
[   62.492121]  ? vp_synchronize_vectors+0x60/0x60
[   62.492121]  vp_notify+0x12/0x20
[   62.492121]  virtqueue_notify+0x18/0x30
[   62.492121]  virtio_queue_rq+0x2f5/0x300 [virtio_blk]
[   62.492121]  blk_mq_dispatch_rq_list+0x7e/0x4a0
[   62.492121]  blk_mq_do_dispatch_sched+0x4a/0xd0
[   62.492121]  blk_mq_sched_dispatch_requests+0x106/0x170
[   62.492121]  __blk_mq_run_hw_queue+0x80/0x90
[   62.492121]  process_one_work+0x1e3/0x420
[   62.492121]  worker_thread+0x2b/0x3d0
[   62.492121]  ? process_one_work+0x420/0x420
[   62.492121]  kthread+0x113/0x130
[   62.492121]  ? kthread_create_worker_on_cpu+0x50/0x50
[   62.492121]  ret_from_fork+0x3a/0x50
[   62.492121] kworker/0:0HR  running task0 4  2 0x8000
[   62.492121] Workqueue: kblockd blk_mq_run_work_fn
[   62.492121] Call Trace:
[   62.492121]  
[   62.492121]  sched_show_task+0xdf/0x100
[   62.492121]  rcu_print_detail_task_stall_rnp+0x48/0x69
[   62.492121]  rcu_check_callbacks+0x972/0x9d0
[   62.492121]  ? tick_sched_do_timer+0x40/0x40
[   62.492121]  update_process_times+0x28/0x50
[   62.492121]  tick_sched_handle+0x22/0x70
[   62.492121]  tick_sched_timer+0x34/0x70
[   62.492121]  __hrtimer_run_queues+0xcc/0x250
[   62.492121]  hrtimer_interrupt+0xab/0x1f0
[   62.492121]  smp_apic_timer_interrupt+0x62/0x150
[   62.492121]  apic_timer_interrupt+0xa2/0xb0
[   62.492121]  
[   62.492121] RIP: 0010:iowrite16+0x1d/0x30
[   62.492121] RSP: 0018:a477c034fcc8 EFLAGS: 00010292 ORIG_RAX: 
ff11
[   62.492121] RAX: a24fbdb0 RBX: 92a1f8f82000 RCX: 0001
[   62.492121] RDX: a477c0371000 RSI: a477c0371000 RDI: 
[   62.492121] RBP: 0001 R08:  R09: 01080020
[   62.492121] R10: dc7cc1e4fc00 R11:  R12: 
[   62.492121] R13:  R14: 92a1f93f R15: 92a1f8e1aa80
[   62.492121]  ? vp_synchronize_vectors+0x60/0x60
[   62.492121]  vp_notify+0x12/0x20
[   62.492121]  virtqueue_notify+0x18/0x30
[   62.492121]  virtio_queue_rq+0x2f5/0x300 [virtio_blk]
[   62.492121]  blk_mq_dispatch_rq_list+0x7e/0x4a0
[   62.492121]  blk_mq_do_d

[Qemu-devel] Qemu SDL2 bug

[Howard Spoelstra]

Hi,

I'd like to report a bug when using the SDL2 GUI in both Linux and
Windows, which can be observed with in my case latest qemu-system-ppc
running parallel instances of OSX 10.4 and 10.3.

After switching back and forth between GUIs, dragging becomes copying,
keyboard starts using a strange character set.
An additional "Alt" key press is needed to restore normal behaviour.

Best regards,
Howard