Re: [Qemu-devel] [Qemu-ppc] [PPC64] P5020DS: Booting from img possible (-drive)?

[Thomas Huth]

On 19.05.2018 06:58, Christian Zigotzky wrote:
> Thomas wrote:
> 
> > No clue, so just a blind guess: Is "CoreNet Generic" the right machine?
> > What happens if you set "CONFIG_CORENET_GENERIC=n" in your kernel config?
> 
> I think it‘s the right machine.

It's likely the right selection for the real hardware, but it's maybe
the wrong machine type for the QEMU ppce500 machine.

 Thomas

Re: [Qemu-devel] [RFC PATCH 2/2] tests/Makefile: comment out flakey tests

[Thomas Huth]

On 18.05.2018 20:31, Peter Maydell wrote:
> On 18 May 2018 at 10:14, Alex Bennée  wrote:
>> The following tests keep showing up in failed Travis runs:
>>
>>   - test-aio
>>   - rcutorture
>>   - tpm-crb-test
>>   - tpm-tis-test
>>
>> I suspect it is load that causes the problems but they really need to
>> be fixed properly.
>>
>> Signed-off-by: Alex Bennée 
> 
> Another flaky test for the collection:
> 
> TEST: tests/boot-serial-test... (pid=25144)
>   /sparc64/boot-serial/sun4u:  **
> ERROR:/home/petmay01/linaro/qemu-for-merges/tests/boot-serial-test.c:140:check_guest_output:
> assertion failed: (output_ok)
> FAIL
> 
> Probably another "overly optimistic timeout" setting. (Failed
> for me on x86-64 host just now.)

That test normally finishes within 3 seconds on my machine. The test
timeout is 60 seconds. How much load did you have on that machine to go
from 3s to 60s ?

And even if we increase the timeout, how to find a good value here? I
think we rather need a "no-timeout" switch where we can tell the tests
to not use timeouts and rather run forever instead, until they really
finished? So in normal interactive mode, we'd run with timeouts, but
when running on a loaded builder machine, you'd enable that "no-timeout"
switch to make sure to not run in such "early" timeouts.

 Thomas

Re: [Qemu-devel] storing machine data in qcow images?

[Markus Armbruster]

Eduardo Habkost  writes:

[...]
> About being more expressive than just a single list of key,value
> pairs, I don't see any evidence of that being necessary for the
> problems we're trying to address.

Short history of a configuration format you might have encountered:

1. A couple of (key, value) is all we ne need for the problems we're
trying to address.  (v0.4, 2003)

2.1. I got this one special snowflake problem where I actually need a few
related values.  Fortunately, this little ad hoc parser can take apart
the key's single value easily.  (ca. v0.8, 2005)

...

2.n. Snowflakes are surprisingly common, but fortunately one more little
ad hoc parser can't hurt.

3. Umm, this is getting messy.  Let's have proper infrastructure for
two-level keys.  Surely two levels are all we ne need for the problems
we're trying to address.  Fortunately, we can bolt them on without too
much trouble.  (v0.12, 2009)

4. Err, trees, I'm afraid we actually need trees.  Fortunately, we can
hack them into the existing two-level infrastructure without too much
trouble.  (v1.3, 2013)

5. You are in a maze of twisting little passages, all different.
(today)


How confident are we a single list of (key, value) is really all we're
going to need?

Even if we think it is, would it be possible to provide for a future
extension to trees at next to no cost?

[Qemu-devel] [Bug 1772086] Re: malformed serial data being sent from guest

[Thomas Huth]

It's even older than 6 years, see:
https://lists.nongnu.org/archive/html/qemu-devel/2006-06/msg00196.html
and:
https://bugs.launchpad.net/qemu/+bug/1407813
https://bugs.launchpad.net/qemu/+bug/1715296

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772086

Title:
  malformed serial data being sent from guest

Status in QEMU:
  New

Bug description:
  When sending data through serial from guest each time 0x0A byte is
  sent 0x0D is sent before it. For example, when sending {0x29, 0x0A} on
  the other end I receive {0x29, 0x0D, 0x0A}.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772086/+subscriptions

[Qemu-devel] [PPC64] P5020DS: Booting from img possible (-drive)?

[Christian Zigotzky]

Thomas wrote:

No clue, so just a blind guess: Is "CoreNet Generic" the right machine?
What happens if you set "CONFIG_CORENET_GENERIC=n" in your kernel config?

Thomas

——

I think it‘s the right machine.

CONFIG_CORENET_GENERIC:

This option enables support for the FSL CoreNet based boards. For 32bit kernel, 
the following boards are supported: P2041 RDB, P3041 DS, P4080 DS, kmcoge4, and 
OCA4080 For 64bit kernel, the following boards are supported: T208x QDS/RDB, 
T4240 QDS/RDB and B4 QDS The following boards are supported for both 32bit and 
64bit kernel: P5020 DS, P5040 DS, T102x QDS/RDB, T104x QDS/RDB

Any other ideas?

— Christian

[Qemu-devel] [Bug 1772075] [NEW] Segmentation fault on aarch64 vm at powerdown

[M0Rf30]

Public bug reported:

OS Arch Linux
x86_64
qemu version: 2.12

cmdline:
qemu-system-aarch64 -nographic -cpu cortex-a57 -m 2048 -M virt,gic_version=3 
-machine virtualization=true -bios /usr/share/ovmf/AARCH64/QEMU_EFI.fd -drive 
file=fat:rw:/opt/simonpiemu/kernels/rpi-3,if=none,format=raw,cache=none,id=hd0 
-device virtio-blk-device,drive=hd0 -drive 
file=/home/morfeo/.simonpi/sd-arch-rpi-3-qemu.img,if=none,format=raw,cache=none,id=hd1
 -device virtio-blk-device,drive=hd1 -kernel 
/opt/simonpiemu/kernels/rpi-3/Image -append "root=/dev/vda2 fstab=no 
rootfstype=ext4 rw console=ttyAMA0" -initrd 
/home/morfeo/.simonpi/rpi-3/boot/initramfs-linux.img -device 
virtio-net-device,mac=52:54:26:11:72:9b,netdev=net0 -netdev 
tap,id=net0,ifname=rasp-tap0,script=no,downscript=no

error:

qemu-system-aarch64: /build/qemu/src/qemu-2.12.0/block.c:3375:
bdrv_close_all: Assertion `QTAILQ_EMPTY(&all_bdrv_states)' failed.

** Affects: qemu
 Importance: Undecided
 Status: New

** Attachment added: "log"
   https://bugs.launchpad.net/bugs/1772075/+attachment/5141371/+files/log

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772075

Title:
  Segmentation fault on aarch64 vm at powerdown

Status in QEMU:
  New

Bug description:
  OS Arch Linux
  x86_64
  qemu version: 2.12

  cmdline:
  qemu-system-aarch64 -nographic -cpu cortex-a57 -m 2048 -M virt,gic_version=3 
-machine virtualization=true -bios /usr/share/ovmf/AARCH64/QEMU_EFI.fd -drive 
file=fat:rw:/opt/simonpiemu/kernels/rpi-3,if=none,format=raw,cache=none,id=hd0 
-device virtio-blk-device,drive=hd0 -drive 
file=/home/morfeo/.simonpi/sd-arch-rpi-3-qemu.img,if=none,format=raw,cache=none,id=hd1
 -device virtio-blk-device,drive=hd1 -kernel 
/opt/simonpiemu/kernels/rpi-3/Image -append "root=/dev/vda2 fstab=no 
rootfstype=ext4 rw console=ttyAMA0" -initrd 
/home/morfeo/.simonpi/rpi-3/boot/initramfs-linux.img -device 
virtio-net-device,mac=52:54:26:11:72:9b,netdev=net0 -netdev 
tap,id=net0,ifname=rasp-tap0,script=no,downscript=no

  error:

  qemu-system-aarch64: /build/qemu/src/qemu-2.12.0/block.c:3375:
  bdrv_close_all: Assertion `QTAILQ_EMPTY(&all_bdrv_states)' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772075/+subscriptions

[Qemu-devel] [PATCH] contrib/vhost-user-blk: enable protocol feature for vhost-user-blk

[Changpeng Liu]

This patch reports the protocol feature that is only advertised by
QEMU if the device implements the config ops.

Signed-off-by: Changpeng Liu 
---
 contrib/vhost-user-blk/vhost-user-blk.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/contrib/vhost-user-blk/vhost-user-blk.c 
b/contrib/vhost-user-blk/vhost-user-blk.c
index 67dac81..a6a132a 100644
--- a/contrib/vhost-user-blk/vhost-user-blk.c
+++ b/contrib/vhost-user-blk/vhost-user-blk.c
@@ -311,6 +311,12 @@ vub_get_features(VuDev *dev)
1ull << VHOST_USER_F_PROTOCOL_FEATURES;
 }
 
+static uint64_t
+vub_get_protocol_features(VuDev *dev)
+{
+return 1ull << VHOST_USER_PROTOCOL_F_CONFIG;
+}
+
 static int
 vub_get_config(VuDev *vu_dev, uint8_t *config, uint32_t len)
 {
@@ -373,6 +379,7 @@ vub_set_config(VuDev *vu_dev, const uint8_t *data,
 static const VuDevIface vub_iface = {
 .get_features = vub_get_features,
 .queue_set_started = vub_queue_set_started,
+.get_protocol_features = vub_get_protocol_features,
 .get_config = vub_get_config,
 .set_config = vub_set_config,
 };
-- 
1.9.3

[Qemu-devel] [PATCH] vhost-blk: turn on pre-defined RO feature bit

[Changpeng Liu]

Read only feature shouldn't be negotiable, because if the
backend device reported Read only feature supported, QEMU
host driver shouldn't change backend's RO attribute.

Signed-off-by: Changpeng Liu 
---
 hw/block/vhost-user-blk.c  | 5 +
 include/hw/virtio/vhost-user-blk.h | 1 -
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 262baca..cdc54dd 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -204,13 +204,11 @@ static uint64_t vhost_user_blk_get_features(VirtIODevice 
*vdev,
 virtio_add_feature(&features, VIRTIO_BLK_F_TOPOLOGY);
 virtio_add_feature(&features, VIRTIO_BLK_F_BLK_SIZE);
 virtio_add_feature(&features, VIRTIO_BLK_F_FLUSH);
+virtio_add_feature(&features, VIRTIO_BLK_F_RO);
 
 if (s->config_wce) {
 virtio_add_feature(&features, VIRTIO_BLK_F_CONFIG_WCE);
 }
-if (s->config_ro) {
-virtio_add_feature(&features, VIRTIO_BLK_F_RO);
-}
 if (s->num_queues > 1) {
 virtio_add_feature(&features, VIRTIO_BLK_F_MQ);
 }
@@ -322,7 +320,6 @@ static Property vhost_user_blk_properties[] = {
 DEFINE_PROP_UINT16("num-queues", VHostUserBlk, num_queues, 1),
 DEFINE_PROP_UINT32("queue-size", VHostUserBlk, queue_size, 128),
 DEFINE_PROP_BIT("config-wce", VHostUserBlk, config_wce, 0, true),
-DEFINE_PROP_BIT("config-ro", VHostUserBlk, config_ro, 0, false),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/include/hw/virtio/vhost-user-blk.h 
b/include/hw/virtio/vhost-user-blk.h
index 5804cc9..8c7c79b 100644
--- a/include/hw/virtio/vhost-user-blk.h
+++ b/include/hw/virtio/vhost-user-blk.h
@@ -34,7 +34,6 @@ typedef struct VHostUserBlk {
 uint16_t num_queues;
 uint32_t queue_size;
 uint32_t config_wce;
-uint32_t config_ro;
 struct vhost_dev dev;
 } VHostUserBlk;
 
-- 
1.9.3

[Qemu-devel] [PULL 5/8] target/s390x: Honor CPU_DUMP_FPU

[Richard Henderson]

Also do not dump both "fpu" and "vector" registers
as the former overlaps the latter.

Cc: Alexander Graf 
Reviewed-by: David Hildenbrand 
Signed-off-by: Richard Henderson 
---
 target/s390x/helper.c | 23 ---
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/target/s390x/helper.c b/target/s390x/helper.c
index e8548f340a..fd5791f134 100644
--- a/target/s390x/helper.c
+++ b/target/s390x/helper.c
@@ -327,21 +327,22 @@ void s390_cpu_dump_state(CPUState *cs, FILE *f, 
fprintf_function cpu_fprintf,
 }
 }
 
-for (i = 0; i < 16; i++) {
-cpu_fprintf(f, "F%02d=%016" PRIx64, i, get_freg(env, i)->ll);
-if ((i % 4) == 3) {
-cpu_fprintf(f, "\n");
+if (flags & CPU_DUMP_FPU) {
+if (s390_has_feat(S390_FEAT_VECTOR)) {
+for (i = 0; i < 32; i++) {
+cpu_fprintf(f, "V%02d=%016" PRIx64 "%016" PRIx64 "%c",
+i, env->vregs[i][0].ll, env->vregs[i][1].ll,
+i % 2 ? '\n' : ' ');
+}
 } else {
-cpu_fprintf(f, " ");
+for (i = 0; i < 16; i++) {
+cpu_fprintf(f, "F%02d=%016" PRIx64 "%c",
+i, get_freg(env, i)->ll,
+(i % 4) == 3 ? '\n' : ' ');
+}
 }
 }
 
-for (i = 0; i < 32; i++) {
-cpu_fprintf(f, "V%02d=%016" PRIx64 "%016" PRIx64, i,
-env->vregs[i][0].ll, env->vregs[i][1].ll);
-cpu_fprintf(f, (i % 2) ? "\n" : " ");
-}
-
 #ifndef CONFIG_USER_ONLY
 for (i = 0; i < 16; i++) {
 cpu_fprintf(f, "C%02d=%016" PRIx64, i, env->cregs[i]);
-- 
2.17.0

[Qemu-devel] [PULL 8/8] target/xtensa: Honor CPU_DUMP_FPU

[Richard Henderson]

Acked-by: Max Filippov 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/xtensa/translate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index ae0feb0254..53f6f5db8f 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -1243,7 +1243,8 @@ void xtensa_cpu_dump_state(CPUState *cs, FILE *f,
 }
 }
 
-if (xtensa_option_enabled(env->config, XTENSA_OPTION_FP_COPROCESSOR)) {
+if ((flags & CPU_DUMP_FPU) &&
+xtensa_option_enabled(env->config, XTENSA_OPTION_FP_COPROCESSOR)) {
 cpu_fprintf(f, "\n");
 
 for (i = 0; i < 16; ++i) {
-- 
2.17.0

[Qemu-devel] [PULL 2/8] target/mips: Honor CPU_DUMP_FPU

[Richard Henderson]

Cc: Aurelien Jarno 
Cc: Yongbok Kim 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/mips/translate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index f1c1fdd35c..e88f983ae7 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -20446,8 +20446,9 @@ void mips_cpu_dump_state(CPUState *cs, FILE *f, 
fprintf_function cpu_fprintf,
 env->CP0_Config2, env->CP0_Config3);
 cpu_fprintf(f, "Config4 0x%08x Config5 0x%08x\n",
 env->CP0_Config4, env->CP0_Config5);
-if (env->hflags & MIPS_HFLAG_FPU)
+if ((flags & CPU_DUMP_FPU) && (env->hflags & MIPS_HFLAG_FPU)) {
 fpu_dump_state(env, f, cpu_fprintf, flags);
+}
 }
 
 void mips_tcg_init(void)
-- 
2.17.0

[Qemu-devel] [PULL 7/8] target/unicore32: Honor CPU_DUMP_FPU

[Richard Henderson]

Cc: Guan Xuetao 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/unicore32/translate.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/unicore32/translate.c b/target/unicore32/translate.c
index abe2ea8592..3cae111955 100644
--- a/target/unicore32/translate.c
+++ b/target/unicore32/translate.c
@@ -2101,7 +2101,9 @@ void uc32_cpu_dump_state(CPUState *cs, FILE *f,
 psr & (1 << 28) ? 'V' : '-',
 cpu_mode_names[psr & 0xf]);
 
-cpu_dump_state_ucf64(env, f, cpu_fprintf, flags);
+if (flags & CPU_DUMP_FPU) {
+cpu_dump_state_ucf64(env, f, cpu_fprintf, flags);
+}
 }
 
 void restore_state_to_opc(CPUUniCore32State *env, TranslationBlock *tb,
-- 
2.17.0

[Qemu-devel] [PULL 6/8] target/sparc: Honor CPU_DUMP_FPU

[Richard Henderson]

Cc: Mark Cave-Ayland 
Cc: Artyom Tarasenko 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.c | 17 ++---
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index ff6ed91f9a..0f090ece54 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -647,15 +647,18 @@ void sparc_cpu_dump_state(CPUState *cs, FILE *f, 
fprintf_function cpu_fprintf,
 }
 }
 
-for (i = 0; i < TARGET_DPREGS; i++) {
-if ((i & 3) == 0) {
-cpu_fprintf(f, "%%f%02d: ", i * 2);
-}
-cpu_fprintf(f, " %016" PRIx64, env->fpr[i].ll);
-if ((i & 3) == 3) {
-cpu_fprintf(f, "\n");
+if (flags & CPU_DUMP_FPU) {
+for (i = 0; i < TARGET_DPREGS; i++) {
+if ((i & 3) == 0) {
+cpu_fprintf(f, "%%f%02d: ", i * 2);
+}
+cpu_fprintf(f, " %016" PRIx64, env->fpr[i].ll);
+if ((i & 3) == 3) {
+cpu_fprintf(f, "\n");
+}
 }
 }
+
 #ifdef TARGET_SPARC64
 cpu_fprintf(f, "pstate: %08x ccr: %02x (icc: ", env->pstate,
 (unsigned)cpu_get_ccr(env));
-- 
2.17.0

[Qemu-devel] [PULL 4/8] target/riscv: Honor CPU_DUMP_FPU

[Richard Henderson]

Cc: Palmer Dabbelt 
Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Reviewed-by: Michael Clark 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/riscv/cpu.c | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 4e5a56d4e3..d630e8fd6c 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -219,11 +219,13 @@ static void riscv_cpu_dump_state(CPUState *cs, FILE *f,
 cpu_fprintf(f, "\n");
 }
 }
-for (i = 0; i < 32; i++) {
-cpu_fprintf(f, " %s %016" PRIx64,
-riscv_fpr_regnames[i], env->fpr[i]);
-if ((i & 3) == 3) {
-cpu_fprintf(f, "\n");
+if (flags & CPU_DUMP_FPU) {
+for (i = 0; i < 32; i++) {
+cpu_fprintf(f, " %s %016" PRIx64,
+riscv_fpr_regnames[i], env->fpr[i]);
+if ((i & 3) == 3) {
+cpu_fprintf(f, "\n");
+}
 }
 }
 }
-- 
2.17.0

[Qemu-devel] [PULL 1/8] target/alpha: Honor CPU_DUMP_FPU

[Richard Henderson]

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/alpha/helper.c | 17 -
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/target/alpha/helper.c b/target/alpha/helper.c
index 8a6a948572..57e2c212b3 100644
--- a/target/alpha/helper.c
+++ b/target/alpha/helper.c
@@ -442,20 +442,19 @@ void alpha_cpu_dump_state(CPUState *cs, FILE *f, 
fprintf_function cpu_fprintf,
 cpu_fprintf(f, " PC  " TARGET_FMT_lx "  PS  %02x\n",
 env->pc, extract32(env->flags, ENV_FLAG_PS_SHIFT, 8));
 for (i = 0; i < 31; i++) {
-cpu_fprintf(f, "IR%02d %s " TARGET_FMT_lx " ", i,
-linux_reg_names[i], cpu_alpha_load_gr(env, i));
-if ((i % 3) == 2)
-cpu_fprintf(f, "\n");
+cpu_fprintf(f, "IR%02d %s " TARGET_FMT_lx "%c", i,
+linux_reg_names[i], cpu_alpha_load_gr(env, i),
+(i % 3) == 2 ? '\n' : ' ');
 }
 
 cpu_fprintf(f, "lock_a   " TARGET_FMT_lx " lock_v   " TARGET_FMT_lx "\n",
 env->lock_addr, env->lock_value);
 
-for (i = 0; i < 31; i++) {
-cpu_fprintf(f, "FIR%02d" TARGET_FMT_lx " ", i,
-*((uint64_t *)(&env->fir[i])));
-if ((i % 3) == 2)
-cpu_fprintf(f, "\n");
+if (flags & CPU_DUMP_FPU) {
+for (i = 0; i < 31; i++) {
+cpu_fprintf(f, "FIR%02d%016" PRIx64 "%c", i, env->fir[i],
+(i % 3) == 2 ? '\n' : ' ');
+}
 }
 cpu_fprintf(f, "\n");
 }
-- 
2.17.0

[Qemu-devel] [PULL 3/8] target/ppc: Honor CPU_DUMP_FPU

[Richard Henderson]

Cc: Alexander Graf 
Cc: David Gibson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/ppc/translate.c | 20 +---
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index d5e5f953da..e30d99fcbc 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7048,14 +7048,20 @@ void ppc_cpu_dump_state(CPUState *cs, FILE *f, 
fprintf_function cpu_fprintf,
 }
 cpu_fprintf(f, " ] RES " TARGET_FMT_lx "\n",
 env->reserve_addr);
-for (i = 0; i < 32; i++) {
-if ((i & (RFPL - 1)) == 0)
-cpu_fprintf(f, "FPR%02d", i);
-cpu_fprintf(f, " %016" PRIx64, *((uint64_t *)&env->fpr[i]));
-if ((i & (RFPL - 1)) == (RFPL - 1))
-cpu_fprintf(f, "\n");
+
+if (flags & CPU_DUMP_FPU) {
+for (i = 0; i < 32; i++) {
+if ((i & (RFPL - 1)) == 0) {
+cpu_fprintf(f, "FPR%02d", i);
+}
+cpu_fprintf(f, " %016" PRIx64, *((uint64_t *)&env->fpr[i]));
+if ((i & (RFPL - 1)) == (RFPL - 1)) {
+cpu_fprintf(f, "\n");
+}
+}
+cpu_fprintf(f, "FPSCR " TARGET_FMT_lx "\n", env->fpscr);
 }
-cpu_fprintf(f, "FPSCR " TARGET_FMT_lx "\n", env->fpscr);
+
 #if !defined(CONFIG_USER_ONLY)
 cpu_fprintf(f, " SRR0 " TARGET_FMT_lx "  SRR1 " TARGET_FMT_lx
"PVR " TARGET_FMT_lx " VRSAVE " TARGET_FMT_lx "\n",
-- 
2.17.0

[Qemu-devel] [PULL 0/8] Honor CPU_DUMP_FPU

[Richard Henderson]

With Peter's new patch for "-d fpu", it makes sense to honor
this setting in as many targets as currently dump the fpu.


r~


The following changes since commit 5bcf917ee37a5efbef99f091a96db54a5276becb:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180518' 
into staging (2018-05-18 18:25:29 +0100)

are available in the Git repository at:

  https://github.com/rth7680/qemu.git tags/pull-fpu-20180518

for you to fetch changes up to f29c0b170fa9e0568f2d02e764e18b00cad3a27f:

  target/xtensa: Honor CPU_DUMP_FPU (2018-05-18 14:52:38 -0700)


Honor CPU_DUMP_FPU


Richard Henderson (8):
  target/alpha: Honor CPU_DUMP_FPU
  target/mips: Honor CPU_DUMP_FPU
  target/ppc: Honor CPU_DUMP_FPU
  target/riscv: Honor CPU_DUMP_FPU
  target/s390x: Honor CPU_DUMP_FPU
  target/sparc: Honor CPU_DUMP_FPU
  target/unicore32: Honor CPU_DUMP_FPU
  target/xtensa: Honor CPU_DUMP_FPU

 target/alpha/helper.c| 17 -
 target/mips/translate.c  |  3 ++-
 target/ppc/translate.c   | 20 +---
 target/riscv/cpu.c   | 12 +++-
 target/s390x/helper.c| 23 ---
 target/sparc/cpu.c   | 17 ++---
 target/unicore32/translate.c |  4 +++-
 target/xtensa/translate.c|  3 ++-
 8 files changed, 57 insertions(+), 42 deletions(-)

[Qemu-devel] [Bug 1772086] Re: malformed serial data being sent from guest

[Patto]

Seems like the problems isn't really new and might be at least 6 years
old if not more. https://robert.penz.name/550/mapping-a-serial-device-
to-a-kvm-guest-may-lead-to-communication-problems/

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772086

Title:
  malformed serial data being sent from guest

Status in QEMU:
  New

Bug description:
  When sending data through serial from guest each time 0x0A byte is
  sent 0x0D is sent before it. For example, when sending {0x29, 0x0A} on
  the other end I receive {0x29, 0x0D, 0x0A}.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772086/+subscriptions

[Qemu-devel] [Bug 1772086] Re: malformed serial data being sent from guest

[Patto]

After doing a bit of research I think line 142 in file chardev/char-
serial.c is problematic.
https://github.com/qemu/qemu/blob/master/chardev/char-serial.c#L142

It enables output processing, which is something unwanted here. With a
simple test program I found out that by default, besides OPOST, ONLCR
flag is set in c_oflag. I guess fix would be removing OPOST flag, which
would disable any output processing, or setting c_oflag to 0 just to be
sure.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772086

Title:
  malformed serial data being sent from guest

Status in QEMU:
  New

Bug description:
  When sending data through serial from guest each time 0x0A byte is
  sent 0x0D is sent before it. For example, when sending {0x29, 0x0A} on
  the other end I receive {0x29, 0x0D, 0x0A}.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772086/+subscriptions

Re: [Qemu-devel] [PATCH v3 2/2] Add Nios II semihosting support.

[Sandra Loosemore]

On 05/18/2018 02:19 PM, Julian Brown wrote:

On Fri, 18 May 2018 21:52:04 +0200
Marek Vasut  wrote:


On 05/18/2018 09:23 PM, Julian Brown wrote:

This patch (by Sandra Loosemore, mildly rebased) adds support for
semihosting for Nios II bare-metal emulation.

Signed-off-by: Julian Brown 
Signed-off-by: Sandra Loosemore 


Is there some documentation for this stuff ? It looks interesting, but
how can I try it here ?


There's no documentation AFAIK apart from that the entry points are
the same as m68k, semihosting is invoked with "break 1", and r4/r5 are
used for passing arguments. I'm not actually sure how you can try this
stuff without our startup code or other infrastructure (that I'm pretty
sure we can't divulge). Sandra, any ideas?


I don't see any reason why we couldn't contribute libgloss support, 
except that I don't have time to write such a BSP right now.  :-(  I 
recently did this for C-SKY, though, and the semihosting parts were just 
a straightforward copy from the m68k port.


FWIW, CodeSourcery's Nios II ELF toolchains have been using this 
semihosting protocol with a different BSP library all along, and Altera 
also supports it in the proprietary simulators they've provided to us 
for testing.


-Sandra

[Qemu-devel] [Bug 1772086] Re: malformed serial data being sent from guest

[Patto]

I am unable to provide complete QEMU command line as I'm using virt-manager to 
deal with configuration. I can say that two serial ports are linked with 
physical ones through the /dev/ttyS* files.
The guests I tested it with are Windows 98 and Windows XP. For the testing I 
connected one port to another. I could confirm through a kernel level serial 
monitor that I was indeed sending just \n but on the second port I received 
\r\n. I also received \r\n when the port was read by the host.
Host is Ubuntu Xenial.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772086

Title:
  malformed serial data being sent from guest

Status in QEMU:
  New

Bug description:
  When sending data through serial from guest each time 0x0A byte is
  sent 0x0D is sent before it. For example, when sending {0x29, 0x0A} on
  the other end I receive {0x29, 0x0D, 0x0A}.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772086/+subscriptions

Re: [Qemu-devel] [PATCH v3 2/2] Add Nios II semihosting support.

[Marek Vasut]

On 05/18/2018 10:19 PM, Julian Brown wrote:
> On Fri, 18 May 2018 21:52:04 +0200
> Marek Vasut  wrote:
> 
>> On 05/18/2018 09:23 PM, Julian Brown wrote:
>>> This patch (by Sandra Loosemore, mildly rebased) adds support for
>>> semihosting for Nios II bare-metal emulation.
>>>
>>> Signed-off-by: Julian Brown 
>>> Signed-off-by: Sandra Loosemore   
>>
>> Is there some documentation for this stuff ? It looks interesting, but
>> how can I try it here ?
> 
> There's no documentation AFAIK apart from that the entry points are
> the same as m68k, semihosting is invoked with "break 1", and r4/r5 are
> used for passing arguments.

So, how is anyone supposed to test this if it's shrouded in mystery ?

> I'm not actually sure how you can try this
> stuff without our startup code or other infrastructure (that I'm pretty
> sure we can't divulge). Sandra, any ideas?

So what use is this code in mainline QEMU then ?

-- 
Best regards,
Marek Vasut

Re: [Qemu-devel] [PATCH v3 2/2] Add Nios II semihosting support.

[Julian Brown]

On Fri, 18 May 2018 21:52:04 +0200
Marek Vasut  wrote:

> On 05/18/2018 09:23 PM, Julian Brown wrote:
> > This patch (by Sandra Loosemore, mildly rebased) adds support for
> > semihosting for Nios II bare-metal emulation.
> > 
> > Signed-off-by: Julian Brown 
> > Signed-off-by: Sandra Loosemore   
> 
> Is there some documentation for this stuff ? It looks interesting, but
> how can I try it here ?

There's no documentation AFAIK apart from that the entry points are
the same as m68k, semihosting is invoked with "break 1", and r4/r5 are
used for passing arguments. I'm not actually sure how you can try this
stuff without our startup code or other infrastructure (that I'm pretty
sure we can't divulge). Sandra, any ideas?

Thanks,

Julian

Re: [Qemu-devel] [PATCH v3 1/2] Add generic Nios II board.

[Julian Brown]

On Fri, 18 May 2018 21:50:55 +0200
Marek Vasut  wrote:

> On 05/18/2018 09:23 PM, Julian Brown wrote:
> > This patch adds support for a generic MMU-less Nios II board that
> > can be used e.g. for bare-metal compiler testing.  Nios II booting
> > is also tweaked so that bare-metal binaries start executing in RAM
> > starting at 0x, rather than an alias at 0xc000, which
> > allows features such as unwinding to work when binaries are linked
> > to start at the beginning of the address space.
> >   
> So why dont you just use the 10m50 GHRD for this , why do you need
> custom board ?

I think because we wanted a board with no MMU, since our startup code
doesn't support that. Maybe Andrew can confirm/deny?

Thanks,

Julian

Re: [Qemu-devel] [PATCH v3 2/2] Add Nios II semihosting support.

[Marek Vasut]

On 05/18/2018 09:23 PM, Julian Brown wrote:
> This patch (by Sandra Loosemore, mildly rebased) adds support for
> semihosting for Nios II bare-metal emulation.
> 
> Signed-off-by: Julian Brown 
> Signed-off-by: Sandra Loosemore 

Is there some documentation for this stuff ? It looks interesting, but
how can I try it here ?

[...]

-- 
Best regards,
Marek Vasut

Re: [Qemu-devel] [PATCH v3 1/2] Add generic Nios II board.

[Marek Vasut]

On 05/18/2018 09:23 PM, Julian Brown wrote:
> This patch adds support for a generic MMU-less Nios II board that can
> be used e.g. for bare-metal compiler testing.  Nios II booting is also
> tweaked so that bare-metal binaries start executing in RAM starting at
> 0x, rather than an alias at 0xc000, which allows features
> such as unwinding to work when binaries are linked to start at the
> beginning of the address space.
> 
So why dont you just use the 10m50 GHRD for this , why do you need
custom board ?

[...]

> +/* Configure new exception vectors and reset CPU for it to take effect. 
> */
> +cpu->reset_addr = 0xd000; //0xd400;
> +cpu->exception_addr = 0xc8000120;
> +cpu->fast_tlb_miss_addr = 0x7fff400; //0xc100;

This //0xfoo should probably go away

-- 
Best regards,
Marek Vasut

Re: [Qemu-devel] [PATCH v3 0/2] Nios II generic board config and semihosting support

[Marek Vasut]

On 05/18/2018 09:23 PM, Julian Brown wrote:
> This is a third attempt at sending the patch series:
> 
> http://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04259.html
> 
> Turns out the git format-patch "--inline" option didn't do what I thought
> it did. Apologies for the noise!

Success !

-- 
Best regards,
Marek Vasut

Re: [Qemu-devel] [qemu PATCH v2 3/4] nvdimm, acpi: support NFIT platform capabilities

[Ross Zwisler]

On Fri, May 18, 2018 at 04:37:10PM +, Elliott, Robert (Persistent Memory) 
wrote:
> 
> 
> ...
> > Would it help to show them in hex?
> > 
> >   As of ACPI 6.2 Errata A, the following values are valid for the bottom
> >   two bits:
> > 
> >   0x2 - Memory Controller Flush to NVDIMM Durability on Power Loss Capable.
> >   0x3 - CPU Cache Flush to NVDIMM Durability on Power Loss Capable.
> 
> Yes, that helps (unless the parser for that command-line does not 
> accept hex values).
> 
> It would also help to make the text be:
>   "CPU Cache and Memory Controller Flush"

Yea, let me check on that.  I'll update the wording regardless to try and make
it more clear.

> ...
> > > So, there should be a way to specify a highest_cap value to convey that
> > > some of the upper capabilities bits are valid and contain 0.
> > 
> > Right, I'll make this dynamic based on the capabilities value passed in by
> > the user.  That's a much better solution, thanks.  This should cover all the
> > same cases as you have outlined above, without burdening the user with yet
> > another input value.
> 
> Automatically determining the highest bit that the user wants to set to 1
> should be easy, and will probably be the most common case.
> 
> It's harder to let the user set some upper bits to 0 but also have them
> within the highest_cap range.  Since this will be less common, the syntax
> could be more convoluted, like an optional highest_cap argument
> to override the automatically generated value.
> 
> For example, to report bits 7, 1 and 0 are all set to 1:
>   -machine pc,accel=kvm,nvdimm,nvdimm-cap=0x83
> would automatically set highest_cap to 7.
> 
> To report bit 7 set to 0 while bits 1 and 0 are set to 1:
>   -machine pc,accel=kvm,nvdimm,nvdimm-cap=0x3,nvdimm-highest-cap=7

Yea, I agree that this is how we could do it, but I don't think this is
necessary right now.  We currently only have 3 bits in the Capabilities field,
and right now there is never a case where there is a difference between "I
don't know about this bit" and "I know about this bit, and it's value is 0".

So, really for now we could essentially just say the highest_cap = 31 and be
fine.

Let's put off the nvdimm-highest-cap argument complexity until we actually
have a use case where it adds value.

[Qemu-devel] [PATCH v3 2/2] Add Nios II semihosting support.

[Julian Brown]

This patch (by Sandra Loosemore, mildly rebased) adds support for
semihosting for Nios II bare-metal emulation.

Signed-off-by: Julian Brown 
Signed-off-by: Sandra Loosemore 
---
 qemu-options.hx|   8 +-
 target/nios2/Makefile.objs |   2 +-
 target/nios2/cpu.h |   4 +-
 target/nios2/helper.c  |  11 ++
 target/nios2/nios2-semi.c  | 429 +
 5 files changed, 448 insertions(+), 6 deletions(-)
 create mode 100644 target/nios2/nios2-semi.c

diff --git a/qemu-options.hx b/qemu-options.hx
index abbfa6a..626a99e 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3780,21 +3780,21 @@ ETEXI
 DEF("semihosting", 0, QEMU_OPTION_semihosting,
 "-semihostingsemihosting mode\n",
 QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | QEMU_ARCH_LM32 |
-QEMU_ARCH_MIPS)
+QEMU_ARCH_MIPS | QEMU_ARCH_NIOS2)
 STEXI
 @item -semihosting
 @findex -semihosting
-Enable semihosting mode (ARM, M68K, Xtensa, MIPS only).
+Enable semihosting mode (ARM, M68K, Xtensa, MIPS, Nios II only).
 ETEXI
 DEF("semihosting-config", HAS_ARG, QEMU_OPTION_semihosting_config,
 "-semihosting-config 
[enable=on|off][,target=native|gdb|auto][,arg=str[,...]]\n" \
 "semihosting configuration\n",
 QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | QEMU_ARCH_LM32 |
-QEMU_ARCH_MIPS)
+QEMU_ARCH_MIPS | QEMU_ARCH_NIOS2)
 STEXI
 @item -semihosting-config 
[enable=on|off][,target=native|gdb|auto][,arg=str[,...]]
 @findex -semihosting-config
-Enable and configure semihosting (ARM, M68K, Xtensa, MIPS only).
+Enable and configure semihosting (ARM, M68K, Xtensa, MIPS, Nios II only).
 @table @option
 @item target=@code{native|gdb|auto}
 Defines where the semihosting calls will be addressed, to QEMU (@code{native})
diff --git a/target/nios2/Makefile.objs b/target/nios2/Makefile.objs
index 2a11c5c..010de0e 100644
--- a/target/nios2/Makefile.objs
+++ b/target/nios2/Makefile.objs
@@ -1,4 +1,4 @@
-obj-y += translate.o op_helper.o helper.o cpu.o mmu.o
+obj-y += translate.o op_helper.o helper.o cpu.o mmu.o nios2-semi.o
 obj-$(CONFIG_SOFTMMU) += monitor.o
 
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h
index 145796e..a7efb8a 100644
--- a/target/nios2/cpu.h
+++ b/target/nios2/cpu.h
@@ -141,7 +141,7 @@ typedef struct Nios2CPUClass {
 #define R_PC 64
 
 /* Exceptions */
-#define EXCP_BREAK-1
+#define EXCP_BREAK0x1000
 #define EXCP_RESET0
 #define EXCP_PRESET   1
 #define EXCP_IRQ  2
@@ -223,6 +223,8 @@ void nios2_cpu_do_unaligned_access(CPUState *cpu, vaddr 
addr,
 qemu_irq *nios2_cpu_pic_init(Nios2CPU *cpu);
 void nios2_check_interrupts(CPUNios2State *env);
 
+void do_nios2_semihosting(CPUNios2State *env);
+
 #define TARGET_PHYS_ADDR_SPACE_BITS 32
 #ifdef CONFIG_USER_ONLY
 # define TARGET_VIRT_ADDR_SPACE_BITS 31
diff --git a/target/nios2/helper.c b/target/nios2/helper.c
index a8b8ec6..ca3b087 100644
--- a/target/nios2/helper.c
+++ b/target/nios2/helper.c
@@ -25,6 +25,7 @@
 #include "exec/exec-all.h"
 #include "exec/log.h"
 #include "exec/helper-proto.h"
+#include "exec/semihost.h"
 
 #if defined(CONFIG_USER_ONLY)
 
@@ -169,6 +170,16 @@ void nios2_cpu_do_interrupt(CPUState *cs)
 break;
 
 case EXCP_BREAK:
+qemu_log_mask(CPU_LOG_INT, "BREAK exception at pc=%x\n",
+  env->regs[R_PC]);
+
+if (semihosting_enabled()) {
+qemu_log_mask(CPU_LOG_INT, "Entering semihosting\n");
+env->regs[R_PC] += 4;
+do_nios2_semihosting(env);
+break;
+}
+
 if ((env->regs[CR_STATUS] & CR_STATUS_EH) == 0) {
 env->regs[CR_BSTATUS] = env->regs[CR_STATUS];
 env->regs[R_BA] = env->regs[R_PC] + 4;
diff --git a/target/nios2/nios2-semi.c b/target/nios2/nios2-semi.c
new file mode 100644
index 000..e0d4f3f
--- /dev/null
+++ b/target/nios2/nios2-semi.c
@@ -0,0 +1,429 @@
+/*
+ *  Nios II Semihosting syscall interface.
+ *  This code is derived from m68k-semi.c.
+ *
+ *  Copyright (c) 2017 Mentor Graphics
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+
+#include "cpu.h"
+#if defined(CONFIG_USER_ONLY)
+#include "qemu.h"
+#else
+#include "qemu-common.h"
+#include "exec/gdbstub.h"
+#include "exec/softmmu-semi.h"
+#endif
+#include "qemu/log.h"
+#include

[Qemu-devel] [PATCH v3 0/2] Nios II generic board config and semihosting support

[Julian Brown]

This is a third attempt at sending the patch series:

http://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04259.html

Turns out the git format-patch "--inline" option didn't do what I thought
it did. Apologies for the noise!

Thanks,

Julian

Julian Brown (2):
  Add generic Nios II board.
  Add Nios II semihosting support.

 hw/nios2/Makefile.objs |   2 +-
 hw/nios2/boot.c|   5 +-
 hw/nios2/generic_nommu.c   | 128 ++
 qemu-options.hx|   8 +-
 target/nios2/Makefile.objs |   2 +-
 target/nios2/cpu.h |   4 +-
 target/nios2/helper.c  |  11 ++
 target/nios2/nios2-semi.c  | 429 +
 8 files changed, 581 insertions(+), 8 deletions(-)
 create mode 100644 hw/nios2/generic_nommu.c
 create mode 100644 target/nios2/nios2-semi.c

-- 
1.9.1

[Qemu-devel] [PATCH v3 1/2] Add generic Nios II board.

[Julian Brown]

This patch adds support for a generic MMU-less Nios II board that can
be used e.g. for bare-metal compiler testing.  Nios II booting is also
tweaked so that bare-metal binaries start executing in RAM starting at
0x, rather than an alias at 0xc000, which allows features
such as unwinding to work when binaries are linked to start at the
beginning of the address space.

The generic_nommu.c parts are by Andrew Jenner, based on code by Marek
Vasut.

Originally by Marek Vasut and Andrew Jenner.

Signed-off-by: Julian Brown 
Signed-off-by: Andrew Jenner 
Signed-off-by: Marek Vasut 
---
 hw/nios2/Makefile.objs   |   2 +-
 hw/nios2/boot.c  |   5 +-
 hw/nios2/generic_nommu.c | 128 +++
 3 files changed, 133 insertions(+), 2 deletions(-)
 create mode 100644 hw/nios2/generic_nommu.c

diff --git a/hw/nios2/Makefile.objs b/hw/nios2/Makefile.objs
index 6b5c421..680caaa 100644
--- a/hw/nios2/Makefile.objs
+++ b/hw/nios2/Makefile.objs
@@ -1 +1 @@
-obj-y = boot.o cpu_pic.o 10m50_devboard.o
+obj-y = boot.o cpu_pic.o 10m50_devboard.o generic_nommu.o
diff --git a/hw/nios2/boot.c b/hw/nios2/boot.c
index 94f436e..8f2887a 100644
--- a/hw/nios2/boot.c
+++ b/hw/nios2/boot.c
@@ -140,6 +140,7 @@ void nios2_load_kernel(Nios2CPU *cpu, hwaddr ddr_base,
 uint64_t entry, low, high;
 uint32_t base32;
 int big_endian = 0;
+   int kernel_space = 0;
 
 #ifdef TARGET_WORDS_BIGENDIAN
 big_endian = 1;
@@ -154,10 +155,12 @@ void nios2_load_kernel(Nios2CPU *cpu, hwaddr ddr_base,
 kernel_size = load_elf(kernel_filename, translate_kernel_address,
NULL, &entry, NULL, NULL,
big_endian, EM_ALTERA_NIOS2, 0, 0);
+   kernel_space = 1;
 }
 
 /* Always boot into physical ram. */
-boot_info.bootstrap_pc = ddr_base + 0xc000 + (entry & 0x07ff);
+boot_info.bootstrap_pc = ddr_base + (kernel_space ? 0xc000 : 0)
+   + (entry & 0x07ff);
 
 /* If it wasn't an ELF image, try an u-boot image. */
 if (kernel_size < 0) {
diff --git a/hw/nios2/generic_nommu.c b/hw/nios2/generic_nommu.c
new file mode 100644
index 000..734dad7
--- /dev/null
+++ b/hw/nios2/generic_nommu.c
@@ -0,0 +1,128 @@
+/*
+ * Generic simulator target with no MMU
+ *
+ * Copyright (c) 2016 Marek Vasut 
+ *
+ * Based on LabX device code
+ *
+ * Copyright (c) 2012 Chris Wulff 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/char/serial.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+#include "qemu/config-file.h"
+
+#include "boot.h"
+
+#define BINARY_DEVICE_TREE_FILE"generic-nommu.dtb"
+
+static void nios2_generic_nommu_init(MachineState *machine)
+{
+Nios2CPU *cpu;
+DeviceState *dev;
+MemoryRegion *address_space_mem = get_system_memory();
+MemoryRegion *phys_tcm = g_new(MemoryRegion, 1);
+MemoryRegion *phys_tcm_alias = g_new(MemoryRegion, 1);
+MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
+MemoryRegion *phys_ram_alias = g_new(MemoryRegion, 1);
+ram_addr_t tcm_base = 0x0;
+ram_addr_t tcm_size = 0x1000;/* 1 kiB, but QEMU limit is 4 kiB */
+ram_addr_t ram_base = 0x1000;
+ram_addr_t ram_size = 0x0800;
+qemu_irq *cpu_irq, irq[32];
+int i;
+
+/* Physical TCM (tb_ram_1k) with alias at 0xc000 */
+memory_region_init_ram(phys_tcm, NULL, "nios2.tcm", tcm_size,
+   &error_abort);
+memory_region_init_alias(phys_tcm_alias, NULL, "nios2.tcm.alias",
+ phys_tcm, 0, tcm_size);
+memory_region_add_subregion(address_space_mem, tcm_base, phys_tcm);
+memory_region_add_subregion(address_space_mem, 0xc000 + tcm_base,
+phys_tcm_alias);
+
+/* Physical DRAM with alias at 0xc000 */
+memory_region_init_ram(phys_ram, NULL, "nios2.ram", ram_size,
+   &error_abort);
+memory_region_init_alias(phys_ram_alias, NULL, "nios2.ram.alias",
+ phys_ram, 0, ram_size);
+me

Re: [Qemu-devel] [PATCH v2 0/2] Nios II generic board config and semihosting support

[Marek Vasut]

On 05/18/2018 08:57 PM, Julian Brown wrote:
> 
> This is a second attempt at sending this patch series:
> 
> http://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04259.html
> 
> with some git format-patch/send-email hiccups ironed out
> (hopefully). The patch contents are unchanged.
> 
> OK, or any comments?

Same problem as with v1, git format-patch + git send-email please.

-- 
Best regards,
Marek Vasut

Re: [Qemu-devel] [PATCH v2 0/2] Nios II generic board config and semihosting support

[Marek Vasut]

On 05/18/2018 08:57 PM, Julian Brown wrote:
> 
> This is a second attempt at sending this patch series:
> 
> http://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04259.html
> 
> with some git format-patch/send-email hiccups ironed out
> (hopefully). The patch contents are unchanged.
> 
> OK, or any comments?

Same problem as with v2, git format-patch + git send-email please.

-- 
Best regards,
Marek Vasut

Re: [Qemu-devel] [PATCH] usb-mtp: Assert on suspicious TYPE_DATA packet from initiator

[Bandan Das]

Peter Maydell  writes:

> On 18 May 2018 at 19:38, Bandan Das  wrote:
>> Peter Maydell  writes:
>>
>>> On 18 May 2018 at 19:22, Bandan Das  wrote:

 CID 1390604
 If the initiator sends a packet with TYPE_DATA set without
 initiating a CMD_GET_OBJECT_INFO first, then usb_mtp_get_data
 can trip on a null s->data_out.

 Signed-off-by: Bandan Das 
>>>
>>> I think you said this can be provoked by the guest?
>>
>> Yes, this can only be initated by the guest as far as I
>> understand.
>>
>>> Misbehaving or malicious guests should never be able
>>> to provoke assertions.
>>
>> I am not sure, I thought it's better to kill a misbehaving guest rather
>> than silently letting it run. Anyway, it's possible to send a
>> No_Valid_ObjectInfo as well and we wouldn't have to mark it as a
>> false positive either.
>
> Broadly speaking, where we're emulating hardware we should do
> what the hardware does when the guest does wrong things to it.
> A real server doesn't suddenly vanish leaving behind a
> message saying "assertion failed" :-)

Posted v2 and agree with you! Especially, since the protocol does specify
the case where something like this can happen.

Thanks for reviewing,
Bandan

> thanks
> -- PMM

[Qemu-devel] [Bug 1772086] Re: malformed serial data being sent from guest

[Peter Maydell]

Something somewhere in the stack is converting LF to CRLF. This could be
something inside your guest, or in QEMU, or in the host; to find out
where we need more detail.

Can you describe your setup, including:
 * complete QEMU command line
 * how you're sending data inside the guest
 * how you're reading it on the host end
please?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772086

Title:
  malformed serial data being sent from guest

Status in QEMU:
  New

Bug description:
  When sending data through serial from guest each time 0x0A byte is
  sent 0x0D is sent before it. For example, when sending {0x29, 0x0A} on
  the other end I receive {0x29, 0x0D, 0x0A}.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772086/+subscriptions

[Qemu-devel] [PATCH v2 1/2] Add generic Nios II board.

[Julian Brown]

This patch adds support for a generic MMU-less Nios II board that can
be used e.g. for bare-metal compiler testing.  Nios II booting is also
tweaked so that bare-metal binaries start executing in RAM starting at
0x, rather than an alias at 0xc000, which allows features
such as unwinding to work when binaries are linked to start at the
beginning of the address space.

The generic_nommu.c parts are by Andrew Jenner, based on code by Marek
Vasut.

Originally by Marek Vasut and Andrew Jenner.

Signed-off-by: Julian Brown 
Signed-off-by: Andrew Jenner 
Signed-off-by: Marek Vasut 
---
 hw/nios2/Makefile.objs   |   2 +-
 hw/nios2/boot.c  |   5 +-
 hw/nios2/generic_nommu.c | 128 +++
 3 files changed, 133 insertions(+), 2 deletions(-)
 create mode 100644 hw/nios2/generic_nommu.c

diff --git a/hw/nios2/Makefile.objs b/hw/nios2/Makefile.objs
index 6b5c421..680caaa 100644
--- a/hw/nios2/Makefile.objs
+++ b/hw/nios2/Makefile.objs
@@ -1 +1 @@
-obj-y = boot.o cpu_pic.o 10m50_devboard.o
+obj-y = boot.o cpu_pic.o 10m50_devboard.o generic_nommu.o
diff --git a/hw/nios2/boot.c b/hw/nios2/boot.c
index 94f436e..8f2887a 100644
--- a/hw/nios2/boot.c
+++ b/hw/nios2/boot.c
@@ -140,6 +140,7 @@ void nios2_load_kernel(Nios2CPU *cpu, hwaddr ddr_base,
 uint64_t entry, low, high;
 uint32_t base32;
 int big_endian = 0;
+	int kernel_space = 0;
 
 #ifdef TARGET_WORDS_BIGENDIAN
 big_endian = 1;
@@ -154,10 +155,12 @@ void nios2_load_kernel(Nios2CPU *cpu, hwaddr ddr_base,
 kernel_size = load_elf(kernel_filename, translate_kernel_address,
NULL, &entry, NULL, NULL,
big_endian, EM_ALTERA_NIOS2, 0, 0);
+	kernel_space = 1;
 }
 
 /* Always boot into physical ram. */
-boot_info.bootstrap_pc = ddr_base + 0xc000 + (entry & 0x07ff);
+boot_info.bootstrap_pc = ddr_base + (kernel_space ? 0xc000 : 0)
+	+ (entry & 0x07ff);
 
 /* If it wasn't an ELF image, try an u-boot image. */
 if (kernel_size < 0) {
diff --git a/hw/nios2/generic_nommu.c b/hw/nios2/generic_nommu.c
new file mode 100644
index 000..734dad7
--- /dev/null
+++ b/hw/nios2/generic_nommu.c
@@ -0,0 +1,128 @@
+/*
+ * Generic simulator target with no MMU
+ *
+ * Copyright (c) 2016 Marek Vasut 
+ *
+ * Based on LabX device code
+ *
+ * Copyright (c) 2012 Chris Wulff 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/char/serial.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+#include "qemu/config-file.h"
+
+#include "boot.h"
+
+#define BINARY_DEVICE_TREE_FILE"generic-nommu.dtb"
+
+static void nios2_generic_nommu_init(MachineState *machine)
+{
+Nios2CPU *cpu;
+DeviceState *dev;
+MemoryRegion *address_space_mem = get_system_memory();
+MemoryRegion *phys_tcm = g_new(MemoryRegion, 1);
+MemoryRegion *phys_tcm_alias = g_new(MemoryRegion, 1);
+MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
+MemoryRegion *phys_ram_alias = g_new(MemoryRegion, 1);
+ram_addr_t tcm_base = 0x0;
+ram_addr_t tcm_size = 0x1000;/* 1 kiB, but QEMU limit is 4 kiB */
+ram_addr_t ram_base = 0x1000;
+ram_addr_t ram_size = 0x0800;
+qemu_irq *cpu_irq, irq[32];
+int i;
+
+/* Physical TCM (tb_ram_1k) with alias at 0xc000 */
+memory_region_init_ram(phys_tcm, NULL, "nios2.tcm", tcm_size,
+   &error_abort);
+memory_region_init_alias(phys_tcm_alias, NULL, "nios2.tcm.alias",
+ phys_tcm, 0, tcm_size);
+memory_region_add_subregion(address_space_mem, tcm_base, phys_tcm);
+memory_region_add_subregion(address_space_mem, 0xc000 + tcm_base,
+phys_tcm_alias);
+
+/* Physical DRAM with alias at 0xc000 */
+memory_region_init_ram(phys_ram, NULL, "nios2.ram", ram_size,
+   &error_abort);
+memory_region_init_alias(phys_ram_alias, NULL, "nios2.ram.alias",
+ phys_ram, 0, ram_size);
+memory_region_add_s

[Qemu-devel] [PATCH v2 2/2] Add Nios II semihosting support.

[Julian Brown]

This patch (by Sandra Loosemore, mildly rebased) adds support for
semihosting for Nios II bare-metal emulation.

Signed-off-by: Julian Brown 
Signed-off-by: Sandra Loosemore 
---
 qemu-options.hx|   8 +-
 target/nios2/Makefile.objs |   2 +-
 target/nios2/cpu.h |   4 +-
 target/nios2/helper.c  |  11 ++
 target/nios2/nios2-semi.c  | 429 +
 5 files changed, 448 insertions(+), 6 deletions(-)
 create mode 100644 target/nios2/nios2-semi.c

diff --git a/qemu-options.hx b/qemu-options.hx
index abbfa6a..626a99e 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3780,21 +3780,21 @@ ETEXI
 DEF("semihosting", 0, QEMU_OPTION_semihosting,
 "-semihostingsemihosting mode\n",
 QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | QEMU_ARCH_LM32 |
-QEMU_ARCH_MIPS)
+QEMU_ARCH_MIPS | QEMU_ARCH_NIOS2)
 STEXI
 @item -semihosting
 @findex -semihosting
-Enable semihosting mode (ARM, M68K, Xtensa, MIPS only).
+Enable semihosting mode (ARM, M68K, Xtensa, MIPS, Nios II only).
 ETEXI
 DEF("semihosting-config", HAS_ARG, QEMU_OPTION_semihosting_config,
 "-semihosting-config [enable=on|off][,target=native|gdb|auto][,arg=str[,...]]\n" \
 "semihosting configuration\n",
 QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | QEMU_ARCH_LM32 |
-QEMU_ARCH_MIPS)
+QEMU_ARCH_MIPS | QEMU_ARCH_NIOS2)
 STEXI
 @item -semihosting-config [enable=on|off][,target=native|gdb|auto][,arg=str[,...]]
 @findex -semihosting-config
-Enable and configure semihosting (ARM, M68K, Xtensa, MIPS only).
+Enable and configure semihosting (ARM, M68K, Xtensa, MIPS, Nios II only).
 @table @option
 @item target=@code{native|gdb|auto}
 Defines where the semihosting calls will be addressed, to QEMU (@code{native})
diff --git a/target/nios2/Makefile.objs b/target/nios2/Makefile.objs
index 2a11c5c..010de0e 100644
--- a/target/nios2/Makefile.objs
+++ b/target/nios2/Makefile.objs
@@ -1,4 +1,4 @@
-obj-y += translate.o op_helper.o helper.o cpu.o mmu.o
+obj-y += translate.o op_helper.o helper.o cpu.o mmu.o nios2-semi.o
 obj-$(CONFIG_SOFTMMU) += monitor.o
 
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h
index 145796e..a7efb8a 100644
--- a/target/nios2/cpu.h
+++ b/target/nios2/cpu.h
@@ -141,7 +141,7 @@ typedef struct Nios2CPUClass {
 #define R_PC 64
 
 /* Exceptions */
-#define EXCP_BREAK-1
+#define EXCP_BREAK0x1000
 #define EXCP_RESET0
 #define EXCP_PRESET   1
 #define EXCP_IRQ  2
@@ -223,6 +223,8 @@ void nios2_cpu_do_unaligned_access(CPUState *cpu, vaddr addr,
 qemu_irq *nios2_cpu_pic_init(Nios2CPU *cpu);
 void nios2_check_interrupts(CPUNios2State *env);
 
+void do_nios2_semihosting(CPUNios2State *env);
+
 #define TARGET_PHYS_ADDR_SPACE_BITS 32
 #ifdef CONFIG_USER_ONLY
 # define TARGET_VIRT_ADDR_SPACE_BITS 31
diff --git a/target/nios2/helper.c b/target/nios2/helper.c
index a8b8ec6..ca3b087 100644
--- a/target/nios2/helper.c
+++ b/target/nios2/helper.c
@@ -25,6 +25,7 @@
 #include "exec/exec-all.h"
 #include "exec/log.h"
 #include "exec/helper-proto.h"
+#include "exec/semihost.h"
 
 #if defined(CONFIG_USER_ONLY)
 
@@ -169,6 +170,16 @@ void nios2_cpu_do_interrupt(CPUState *cs)
 break;
 
 case EXCP_BREAK:
+qemu_log_mask(CPU_LOG_INT, "BREAK exception at pc=%x\n",
+  env->regs[R_PC]);
+
+if (semihosting_enabled()) {
+qemu_log_mask(CPU_LOG_INT, "Entering semihosting\n");
+env->regs[R_PC] += 4;
+do_nios2_semihosting(env);
+break;
+}
+
 if ((env->regs[CR_STATUS] & CR_STATUS_EH) == 0) {
 env->regs[CR_BSTATUS] = env->regs[CR_STATUS];
 env->regs[R_BA] = env->regs[R_PC] + 4;
diff --git a/target/nios2/nios2-semi.c b/target/nios2/nios2-semi.c
new file mode 100644
index 000..e0d4f3f
--- /dev/null
+++ b/target/nios2/nios2-semi.c
@@ -0,0 +1,429 @@
+/*
+ *  Nios II Semihosting syscall interface.
+ *  This code is derived from m68k-semi.c.
+ *
+ *  Copyright (c) 2017 Mentor Graphics
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+
+#include "cpu.h"
+#if defined(CONFIG_USER_ONLY)
+#include "qemu.h"
+#else
+#include "qemu-common.h"
+#include "exec/gdbstub.h"
+#include "exec/softmmu-semi.h"
+#endif
+#include "qemu/log.h"
+#include "

[Qemu-devel] [PATCH v2 0/2] Nios II generic board config and semihosting support

[Julian Brown]

This is a second attempt at sending this patch series:

http://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04259.html

with some git format-patch/send-email hiccups ironed out
(hopefully). The patch contents are unchanged.

OK, or any comments?

Thanks,

Julian

Julian Brown (2):
  Add generic Nios II board.
  Add Nios II semihosting support.

 hw/nios2/Makefile.objs |   2 +-
 hw/nios2/boot.c|   5 +-
 hw/nios2/generic_nommu.c   | 128 ++
 qemu-options.hx|   8 +-
 target/nios2/Makefile.objs |   2 +-
 target/nios2/cpu.h |   4 +-
 target/nios2/helper.c  |  11 ++
 target/nios2/nios2-semi.c  | 429 +
 8 files changed, 581 insertions(+), 8 deletions(-)
 create mode 100644 hw/nios2/generic_nommu.c
 create mode 100644 target/nios2/nios2-semi.c

-- 
1.9.1

Re: [Qemu-devel] [PATCH] usb-mtp: Assert on suspicious TYPE_DATA packet from initiator

[Peter Maydell]

On 18 May 2018 at 19:38, Bandan Das  wrote:
> Peter Maydell  writes:
>
>> On 18 May 2018 at 19:22, Bandan Das  wrote:
>>>
>>> CID 1390604
>>> If the initiator sends a packet with TYPE_DATA set without
>>> initiating a CMD_GET_OBJECT_INFO first, then usb_mtp_get_data
>>> can trip on a null s->data_out.
>>>
>>> Signed-off-by: Bandan Das 
>>
>> I think you said this can be provoked by the guest?
>
> Yes, this can only be initated by the guest as far as I
> understand.
>
>> Misbehaving or malicious guests should never be able
>> to provoke assertions.
>
> I am not sure, I thought it's better to kill a misbehaving guest rather
> than silently letting it run. Anyway, it's possible to send a
> No_Valid_ObjectInfo as well and we wouldn't have to mark it as a
> false positive either.

Broadly speaking, where we're emulating hardware we should do
what the hardware does when the guest does wrong things to it.
A real server doesn't suddenly vanish leaving behind a
message saying "assertion failed" :-)

thanks
-- PMM

Re: [Qemu-devel] [PATCH] linux-user: Fix payload size logic in host_to_target_cmsg()

[Laurent Vivier]

Le 18/05/2018 à 20:47, Peter Maydell a écrit :
> Coverity points out that there's a missing break in the switch in
> host_to_target_cmsg() where we update tgt_len for
> cmsg_level/cmsg_type combinations which require a different length
> for host and target (CID 1385425).  To avoid duplicating the default
> case (target length same as host) in both switches, set that before
> the switch so that only the cases which want to override it need any
> code.
> 
> This fixes a bug where we would have used the wrong length
> for SOL_SOCKET/SO_TIMESTAMP messages where the target and
> host have differently sized 'struct timeval' (ie one is 32
> bit and the other is 64 bit).
> 
> Signed-off-by: Peter Maydell 
> ---
>  linux-user/syscall.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index af8603f1b7..88d166cdff 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -1825,6 +1825,7 @@ static inline abi_long host_to_target_cmsg(struct 
> target_msghdr *target_msgh,
>  /* Payload types which need a different size of payload on
>   * the target must adjust tgt_len here.
>   */
> +tgt_len = len;
>  switch (cmsg->cmsg_level) {
>  case SOL_SOCKET:
>  switch (cmsg->cmsg_type) {
> @@ -1834,8 +1835,8 @@ static inline abi_long host_to_target_cmsg(struct 
> target_msghdr *target_msgh,
>  default:
>  break;
>  }
> +break;
>  default:
> -tgt_len = len;
>  break;
>  }
>  
> 

Reviewed-by: Laurent Vivier 

[Qemu-devel] [PATCH v2] usb-mtp: Return error on suspicious TYPE_DATA packet from initiator

[Bandan Das]

CID 1390604
If the initiator sends a packet with TYPE_DATA set without
initiating a CMD_GET_OBJECT_INFO first, then usb_mtp_get_data
can trip on a null s->data_out.

Signed-off-by: Bandan Das 
---
 hw/usb/dev-mtp.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 3d59fe4944..28384ea3b0 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -1696,6 +1696,11 @@ static void usb_mtp_get_data(MTPState *s, mtp_container 
*container,
 uint64_t dlen;
 uint32_t data_len = p->iov.size;
 
+if (!d) {
+usb_mtp_queue_result(s, RES_INVALID_OBJECTINFO, 0,
+ 0, 0, 0, 0);
+return;
+}
 if (d->first) {
 /* Total length of incoming data */
 d->length = cpu_to_le32(container->length) - sizeof(mtp_container);
-- 
2.14.3

Re: [Qemu-devel] [PULL 00/32] target-arm queue

[Peter Maydell]

On 18 May 2018 at 18:19, Peter Maydell  wrote:
> Another target-arm queue, since we're over 30 patches
> already. Most of this is RTH's SVE-patches-part-1.
>
> thanks
> -- PMM
>
>
> The following changes since commit d32e41a1188e929cc0fb16829ce3736046951e39:
>
>   Merge remote-tracking branch 
> 'remotes/famz/tags/docker-and-block-pull-request' into staging (2018-05-18 
> 14:11:52 +0100)
>
> are available in the Git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git 
> tags/pull-target-arm-20180518
>
> for you to fetch changes up to b94f8f60bd841c5b737185cd38263e26822f77ab:
>
>   target/arm: Implement SVE Permute - Extract Group (2018-05-18 17:48:09 
> +0100)
>
> 
> target-arm queue:
>  * Initial part of SVE implementation (currently disabled)
>  * smmuv3: fix some minor Coverity issues
>  * add model of Xilinx ZynqMP generic DMA controller
>  * expose (most) Arm coprocessor/system registers to
>gdb via QEMU's gdbstub, for reads only
>

Applied, thanks.

-- PMM

[Qemu-devel] [PATCH] linux-user: Fix payload size logic in host_to_target_cmsg()

[Peter Maydell]

Coverity points out that there's a missing break in the switch in
host_to_target_cmsg() where we update tgt_len for
cmsg_level/cmsg_type combinations which require a different length
for host and target (CID 1385425).  To avoid duplicating the default
case (target length same as host) in both switches, set that before
the switch so that only the cases which want to override it need any
code.

This fixes a bug where we would have used the wrong length
for SOL_SOCKET/SO_TIMESTAMP messages where the target and
host have differently sized 'struct timeval' (ie one is 32
bit and the other is 64 bit).

Signed-off-by: Peter Maydell 
---
 linux-user/syscall.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index af8603f1b7..88d166cdff 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1825,6 +1825,7 @@ static inline abi_long host_to_target_cmsg(struct 
target_msghdr *target_msgh,
 /* Payload types which need a different size of payload on
  * the target must adjust tgt_len here.
  */
+tgt_len = len;
 switch (cmsg->cmsg_level) {
 case SOL_SOCKET:
 switch (cmsg->cmsg_type) {
@@ -1834,8 +1835,8 @@ static inline abi_long host_to_target_cmsg(struct 
target_msghdr *target_msgh,
 default:
 break;
 }
+break;
 default:
-tgt_len = len;
 break;
 }
 
-- 
2.17.0

Re: [Qemu-devel] [PATCH v2 13/40] job: Move coroutine and related code to Job

[John Snow]

On 05/18/2018 09:20 AM, Kevin Wolf wrote:
> This commit moves some core functions for dealing with the job coroutine
> from BlockJob to Job. This includes primarily entering the coroutine
> (both for the first and reentering) and yielding explicitly and at pause
> points.
> 
> Signed-off-by: Kevin Wolf 

The _cond functions get shuffled around a bit, you address Max's
comments and otherwise it's the same as in V1.

Reviewed-by: John Snow 

Re: [Qemu-devel] [PATCH v2 00/40] Generic background jobs

[Dr. David Alan Gilbert]

* Kevin Wolf (kw...@redhat.com) wrote:
> Before we can make x-blockdev-create a background job, we need to
> generalise the job infrastructure so that it can be used without any
> associated block node.

Is there any relationship between what this does, and what
Marc-André's 'monitor: add asynchronous command type' tries to do?
(See 20180326150916.9602-1-marcandre.lur...@redhat.com 26th March)

Dave

--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [Bug 1772086] [NEW] malformed serial data being sent from guest

[Patto]

Public bug reported:

When sending data through serial from guest each time 0x0A byte is sent
0x0D is sent before it. For example, when sending {0x29, 0x0A} on the
other end I receive {0x29, 0x0D, 0x0A}.

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: com serial

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772086

Title:
  malformed serial data being sent from guest

Status in QEMU:
  New

Bug description:
  When sending data through serial from guest each time 0x0A byte is
  sent 0x0D is sent before it. For example, when sending {0x29, 0x0A} on
  the other end I receive {0x29, 0x0D, 0x0A}.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772086/+subscriptions

Re: [Qemu-devel] [PATCH] usb-mtp: Assert on suspicious TYPE_DATA packet from initiator

[Bandan Das]

Peter Maydell  writes:

> On 18 May 2018 at 19:22, Bandan Das  wrote:
>>
>> CID 1390604
>> If the initiator sends a packet with TYPE_DATA set without
>> initiating a CMD_GET_OBJECT_INFO first, then usb_mtp_get_data
>> can trip on a null s->data_out.
>>
>> Signed-off-by: Bandan Das 
>
> I think you said this can be provoked by the guest?

Yes, this can only be initated by the guest as far as I
understand.

> Misbehaving or malicious guests should never be able
> to provoke assertions.

I am not sure, I thought it's better to kill a misbehaving guest rather
than silently letting it run. Anyway, it's possible to send a
No_Valid_ObjectInfo as well and we wouldn't have to mark it as a
false positive either.

Bandan

>> ---
>>  hw/usb/dev-mtp.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
>> index 3d59fe4944..905e025d7f 100644
>> --- a/hw/usb/dev-mtp.c
>> +++ b/hw/usb/dev-mtp.c
>> @@ -1696,6 +1696,7 @@ static void usb_mtp_get_data(MTPState *s, 
>> mtp_container *container,
>>  uint64_t dlen;
>>  uint32_t data_len = p->iov.size;
>>
>> +assert(d != NULL);
>>  if (d->first) {
>>  /* Total length of incoming data */
>>  d->length = cpu_to_le32(container->length) - sizeof(mtp_container);
>> --
>> 2.14.3
>
> thanks
> -- PMM

[Qemu-devel] [PATCH v2 1/1] tests/docker: Add a Avocado Docker test

[Alistair Francis]

Avocado is not trivial to setup on non-Fedora systems. To simplfying
future testing add a docker test image that runs Avocado tests.

Signed-off-by: Alistair Francis 
---
v2:
 - Add a seperate fedora-avocado Docker image
 - Move the avocado vt-bootstrap into the Docker file

 tests/docker/Makefile.include |  1 +
 .../docker/dockerfiles/fedora-avocado.docker  | 25 +
 tests/docker/test-avocado | 28 +++
 3 files changed, 54 insertions(+)
 create mode 100644 tests/docker/dockerfiles/fedora-avocado.docker
 create mode 100755 tests/docker/test-avocado

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index ef1a3e62eb..0e3d108dde 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -60,6 +60,7 @@ docker-image-debian-ppc64el-cross: docker-image-debian9
 docker-image-debian-s390x-cross: docker-image-debian9
 docker-image-debian-win32-cross: docker-image-debian8-mxe
 docker-image-debian-win64-cross: docker-image-debian8-mxe
+docker-image-fedora-avocado: docker-image-fedora
 docker-image-travis: NOUSER=1
 
 # Expand all the pre-requistes for each docker image and test combination
diff --git a/tests/docker/dockerfiles/fedora-avocado.docker 
b/tests/docker/dockerfiles/fedora-avocado.docker
new file mode 100644
index 00..55b19eebbf
--- /dev/null
+++ b/tests/docker/dockerfiles/fedora-avocado.docker
@@ -0,0 +1,25 @@
+FROM qemu:fedora
+
+ENV PACKAGES \
+libvirt-devel \
+nc \
+python-avocado \
+python2-devel python3-devel \
+qemu-kvm \
+tcpdump \
+xz
+ENV PIP_PACKAGES \
+avocado-qemu \
+avocado-framework-plugin-runner-remote \
+avocado-framework-plugin-runner-vm \
+avocado-framework-plugin-vt
+
+ENV QEMU_CONFIGURE_OPTS --python=/usr/bin/python3
+
+RUN dnf install -y $PACKAGES
+RUN pip install $PIP_PACKAGES
+RUN avocado vt-bootstrap --yes-to-all --vt-type qemu
+
+RUN rpm -q $PACKAGES | sort > /packages.txt
+
+ENV FEATURES mingw clang pyyaml asan avocado
diff --git a/tests/docker/test-avocado b/tests/docker/test-avocado
new file mode 100755
index 00..40474db2ce
--- /dev/null
+++ b/tests/docker/test-avocado
@@ -0,0 +1,28 @@
+#!/bin/bash -e
+#
+# Avocado tests on Fedora, as these are a real pain on Debian systems
+#
+# Copyright (c) 2018 Western Digital.
+#
+# Authors:
+#  Alistair Francis 
+#
+# This work is licensed under the terms of the GNU GPL, version 2
+# or (at your option) any later version. See the COPYING file in
+# the top-level directory.
+#
+# Run this test: NOUSER=1 make docker-test-avocado@fedora-avocado
+
+. common.rc
+
+requires avocado
+
+cd "$BUILD_DIR"
+
+DEF_TARGET_LIST="x86_64-softmmu"
+TARGET_LIST=${TARGET_LIST:-$DEF_TARGET_LIST} \
+build_qemu
+install_qemu
+
+export PATH="${PATH}:$(pwd)"
+avocado run boot --vt-qemu-bin ./x86_64-softmmu/qemu-system-x86_64
-- 
2.17.0

Re: [Qemu-devel] [RFC PATCH 2/2] tests/Makefile: comment out flakey tests

[Peter Maydell]

On 18 May 2018 at 10:14, Alex Bennée  wrote:
> The following tests keep showing up in failed Travis runs:
>
>   - test-aio
>   - rcutorture
>   - tpm-crb-test
>   - tpm-tis-test
>
> I suspect it is load that causes the problems but they really need to
> be fixed properly.
>
> Signed-off-by: Alex Bennée 

Another flaky test for the collection:

TEST: tests/boot-serial-test... (pid=25144)
  /sparc64/boot-serial/sun4u:  **
ERROR:/home/petmay01/linaro/qemu-for-merges/tests/boot-serial-test.c:140:check_guest_output:
assertion failed: (output_ok)
FAIL

Probably another "overly optimistic timeout" setting. (Failed
for me on x86-64 host just now.)

thanks
-- PMM

Re: [Qemu-devel] [PATCH] usb-mtp: Assert on suspicious TYPE_DATA packet from initiator

[Peter Maydell]

On 18 May 2018 at 19:22, Bandan Das  wrote:
>
> CID 1390604
> If the initiator sends a packet with TYPE_DATA set without
> initiating a CMD_GET_OBJECT_INFO first, then usb_mtp_get_data
> can trip on a null s->data_out.
>
> Signed-off-by: Bandan Das 

I think you said this can be provoked by the guest?
Misbehaving or malicious guests should never be able
to provoke assertions.

> ---
>  hw/usb/dev-mtp.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
> index 3d59fe4944..905e025d7f 100644
> --- a/hw/usb/dev-mtp.c
> +++ b/hw/usb/dev-mtp.c
> @@ -1696,6 +1696,7 @@ static void usb_mtp_get_data(MTPState *s, mtp_container 
> *container,
>  uint64_t dlen;
>  uint32_t data_len = p->iov.size;
>
> +assert(d != NULL);
>  if (d->first) {
>  /* Total length of incoming data */
>  d->length = cpu_to_le32(container->length) - sizeof(mtp_container);
> --
> 2.14.3

thanks
-- PMM

Re: [Qemu-devel] [PULL 1/3] usb-mtp: Add some NULL checks for issues pointed out by coverity

[Bandan Das]

Bandan Das  writes:

>> If this is a "can't happen" situation we can mark it as a false
>> positive in coverity.

I posted a patch with an assert added in usb_mtp_get_data. I believe CID 
1390604 can be
marked as a false positive.

Thanks,
Bandan

> The protocol ofcourse won't let this happen but the guest can't be
> trusted. It can easily send a packet with TYPE_DATA without sending
> OBJECT_INFO first that allocates memory for data_out. I will submit a
> fix.
>
> Thanks for clearing out the confusion.
>
> Bandan
>
>> thanks
>> -- PMM

[Qemu-devel] [PATCH] usb-mtp: Assert on suspicious TYPE_DATA packet from initiator

[Bandan Das]

CID 1390604
If the initiator sends a packet with TYPE_DATA set without
initiating a CMD_GET_OBJECT_INFO first, then usb_mtp_get_data
can trip on a null s->data_out.

Signed-off-by: Bandan Das 
---
 hw/usb/dev-mtp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 3d59fe4944..905e025d7f 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -1696,6 +1696,7 @@ static void usb_mtp_get_data(MTPState *s, mtp_container 
*container,
 uint64_t dlen;
 uint32_t data_len = p->iov.size;
 
+assert(d != NULL);
 if (d->first) {
 /* Total length of incoming data */
 d->length = cpu_to_le32(container->length) - sizeof(mtp_container);
-- 
2.14.3

Re: [Qemu-devel] [PATCH v2 37/40] job: Add query-jobs QMP command

[Eric Blake]

On 05/18/2018 08:21 AM, Kevin Wolf wrote:

This adds a minimal query-jobs implementation that shouldn't pose many
design questions. It can later be extended to expose more information,
and especially job-specific information.

Signed-off-by: Kevin Wolf 
---
  qapi/job.json  | 45 +
  include/qemu/job.h |  3 +++
  job-qmp.c  | 54 ++
  job.c  |  2 +-
  4 files changed, 103 insertions(+), 1 deletion(-)




+##
+# @JobInfo:
+#
+# Information about a job.
+#
+# @id:  The job identifier



+##
+{ 'struct': 'JobInfo',
+  'data': { 'id': 'str', 'type': 'JobType', 'status': 'JobStatus',
+'current-progress': 'int', 'total-progress': 'int',
+'*error': 'str' } }


Is it worth exposing whether a job is auto-finalize and auto-complete? 
Goes back to the issue of whether clients of the new job API would ever 
want/need to rely on the auto- features; while clients of the old 
blockjob API that get the auto- features by default will never be 
calling the new query-jobs command.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [Bug 1771570] Re: qemu-aarch64 $program > $file doesn't pipe output to file in 2.12.0

[Peter Maydell]

No, this should work on qemu-aarch64 the same way as for x86. I just
tried redirection to a file with a sample program, and it worked fine
for me. Can you provide a test case binary that fails like this, please?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1771570

Title:
  qemu-aarch64 $program  > $file doesn't pipe output to file in 2.12.0

Status in QEMU:
  New

Bug description:
  Running qemu-aarch64 $program > $file doesn't pipe anything to $file.
  The file is created but empty.

  qemu-aarch64 --help > $file works, so piping output in my system seems to 
work.
  qemu-x86_64 $program > $file works, too.

  I'm running version 2.12.0 build from source with ./configure && make

  Output of uname -a:
  Linux zhostname>  4.4.0-101-generic #124-Ubuntu SMP Fri Nov 10 18:29:59 UTC 
2017 x86_64 x86_64 x86_64 GNU/Linux

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1771570/+subscriptions

[Qemu-devel] [PATCH] sheepdog: Remove unnecessary NULL check in sd_prealloc()

[Peter Maydell]

In commit 8b9ad56e9cbfd852a, we removed the code that could result
in our getting to sd_prealloc()'s out_with_err_set label with a
NULL blk pointer. That makes the NULL check in the error-handling
path unnecessary, and Coverity gripes about it (CID 1390636).
Delete the redundant check.

Signed-off-by: Peter Maydell 
---
 block/sheepdog.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/block/sheepdog.c b/block/sheepdog.c
index 4237132419..2a5bc0a59a 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -1859,9 +1859,7 @@ out:
 error_setg_errno(errp, -ret, "Can't pre-allocate");
 }
 out_with_err_set:
-if (blk) {
-blk_unref(blk);
-}
+blk_unref(blk);
 g_free(buf);
 
 return ret;
-- 
2.17.0

Re: [Qemu-devel] Publishing binary images for testing (was Re: [RFC PATCH 0/6] generic way to deprecate machines)

[Alistair Francis]

On Fri, May 11, 2018 at 7:27 AM, Cleber Rosa  wrote:
>
>
> On 05/11/2018 09:55 AM, Eduardo Habkost wrote:
>> (CCing Cleber and avocado-devel in case they have suggestions)
>>
>> On Tue, May 08, 2018 at 12:47:52PM -0300, Philippe Mathieu-Daudé wrote:
>> [...]
>>> Ironically I have been using the Gumstix machines quite a lot for the SD
>>> 'subsystem' refactor, using the MMC commands in U-Boot (I am unable to
>>> reach the Linux userland since the kernel crashes), and plan to add SD
>>> integration tests via Avocado.
>>>
>>> This raises:
>>>
>>> - What will happens if I add tests downloading running on their compiled
>>> u-boot
>>> (https://downloads.gumstix.com/images/angstrom/developer/2012-01-22-1750/u-boot.bin)
>>> and the company decides to remove this old directory?
>>> Since sometimes old open-source software are hard to rebuild with recent
>>> compilers, should we consider to use a public storage to keep
>>> open-source (signed) blobs we can use for integration testing?
>>
>> I think a maintained repository of images for testing would be
>> nice to have.  We need to be careful to comply with the license
>> of the software being distributed, though.
>>
>> If the images are very small (like u-boot.bin above), it might be
>> OK to carry them in qemu.git, just like the images in pc-bios.
>>
>>>
>>> Avocado has a 'vmimage library' which could be extended, adding support
>>> for binary url + detached gpg signatures from some QEMU maintainers?
>>
>> Requiring a signature makes the binaries hard to replace.  Any
>> specific reason to suggest gpg signatures instead of just a
>> (e.g.) sha256 hash?
>>
>>>
>>> (I am also using old Gentoo/Debian packaged HPPA/Alpha Linux kernel for
>>> Avocado SuperIO tests, which aren't guaranteed to stay downloadable
>>> forever).
>>
>> Question for the Avocado folks: how this is normally handled in
>> avocado/avocado-vt?  Do you maintain a repository for guest
>> images, or you always point to their original sources?
>>
>
> For pure Avocado, the vmimage library attempts to fetch, by default, the
> latest version of a guest image directly from the original sources.
> Say, a Fedora image will be downloaded by default from the Fedora
> servers.  Because of that, we don't pay too much attention to the
> availability of specific (old?) versions of guest images.
>
> For Avocado-VT, there are the JeOS images[1], which we keep on a test
> "assets" directory.  We have a lot of storage/bandwidth availability, so
> it can be used for other assets proven to be necessary for tests.
>
> As long as distribution rights and licensing are not issues, we can
> definitely use the same server for kernels, u-boot images and what not.
>
> [1] - https://avocado-project.org/data/assets/

Is it possible to add something to the landing page at
https://avocado-project.org ?

The Palo Alto Network routers block the avocado-project.org page as
they classify it as blank. Something on the root URL would help fix
this.

Alistair

>
> --
> Cleber Rosa
> [ Sr Software Engineer - Virtualization Team - Red Hat ]
> [ Avocado Test Framework - avocado-framework.github.io ]
> [  7ABB 96EB 8B46 B94D 5E0F  E9BB 657E 8D33 A5F2 09F3  ]
>

Re: [Qemu-devel] [PATCH v2 37/40] job: Add query-jobs QMP command

[Eric Blake]

On 05/18/2018 08:21 AM, Kevin Wolf wrote:

This adds a minimal query-jobs implementation that shouldn't pose many
design questions. It can later be extended to expose more information,
and especially job-specific information.

Signed-off-by: Kevin Wolf 
---
  qapi/job.json  | 45 +
  include/qemu/job.h |  3 +++
  job-qmp.c  | 54 ++
  job.c  |  2 +-
  4 files changed, 103 insertions(+), 1 deletion(-)



+#
+# @current-progress:Progress made until now. The unit is arbitrary and the
+#   value can only meaningfully be used for the ratio of
+#   @offset to @len. The value is monotonically increasing.


s/@offset to @len/@current-progress to @total-progress/


+#
+# @total-progress:  Estimated @offset value at the completion of the job.


s/@offset/@current-progress/


+#   This value can arbitrarily change while the job is
+#   running, in both directions.
+#
+# @error:   If this field is present, the job failed; if it is
+#   still missing in the CONCLUDED state, this indicates
+#   successful completion.
+#
+#   The value is a human-readable error message to describe
+#   the reason for the job failure. It should not be parsed
+#   by applications.
+#
+# Since: 2.13
+##
+{ 'struct': 'JobInfo',
+  'data': { 'id': 'str', 'type': 'JobType', 'status': 'JobStatus',
+'current-progress': 'int', 'total-progress': 'int',
+'*error': 'str' } }
+

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH v2 36/40] job: Add lifecycle QMP commands

[Eric Blake]

On 05/18/2018 08:21 AM, Kevin Wolf wrote:

This adds QMP commands that control the transition between states of the
job lifecycle.

Signed-off-by: Kevin Wolf 
---
  qapi/job.json |  99 +++
  job-qmp.c | 134 ++
  MAINTAINERS   |   1 +
  Makefile.objs |   1 +
  trace-events  |   9 
  5 files changed, 244 insertions(+)
  create mode 100644 job-qmp.c

+##
+# @job-dismiss:
+#
+# Deletes a job that is in the CONCLUDED state. This command only needs to be
+# run explicitly for jobs that don't have automatic dismiss enabled.


Did we decide whether it is valid to expect a job with automatic dismiss 
enabled (old-style block jobs) to use the new job control commands?  Or 
would it be reasonable to require that 'job-dismiss' is an error on jobs 
with auto-dismiss enabled (as in, if you're going to use new style jobs, 
you are guaranteed to also have auto-dismiss false, because we don't 
expose a way to change that flag in new-style jobs; and if you use old 
style jobs, all management of the job should be done through the old 
interfaces).



+# This command will refuse to operate on any job that has not yet reached its
+# terminal state, JOB_STATUS_CONCLUDED. For jobs that make use of JOB_READY
+# event, job-cancel or job-complete will still need to be used as appropriate.
+#
+# @id: The job identifier.
+#
+# Since: 2.13
+##
+{ 'command': 'job-dismiss', 'data': { 'id': 'str' } }
+



--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PULL 1/1] block/nvme: fix Coverity reports

[Peter Maydell]

On 1 March 2018 at 07:54, Fam Zheng  wrote:
> From: Paolo Bonzini 
>
> 1) string not null terminated in sysfs_find_group_file
>
> 2) NULL pointer dereference and dead local variable in nvme_init.
>
> Signed-off-by: Paolo Bonzini 
> Signed-off-by: Fam Zheng 
>
> Message-Id: <20180213015240.9352-1-f...@redhat.com>
> Signed-off-by: Fam Zheng 

Hi. It looks like Coverity still doesn't like the error-exit
handling in nvme_init() (CID 1385847):

> ---
>  block/nvme.c| 10 +++---
>  util/vfio-helpers.c |  2 +-
>  2 files changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/block/nvme.c b/block/nvme.c
> index 10bffbbf2f..75078022f6 100644
> --- a/block/nvme.c
> +++ b/block/nvme.c
> @@ -645,7 +645,7 @@ static int nvme_init(BlockDriverState *bs, const char 
> *device, int namespace,
>  aio_set_event_notifier(bdrv_get_aio_context(bs), &s->irq_notifier,
> false, nvme_handle_event, nvme_poll_cb);
>
> -nvme_identify(bs, namespace, errp);
> +nvme_identify(bs, namespace, &local_err);
>  if (local_err) {
>  error_propagate(errp, local_err);
>  ret = -EIO;
> @@ -666,8 +666,12 @@ fail_queue:
>  nvme_free_queue_pair(bs, s->queues[0]);
>  fail:
>  g_free(s->queues);
> -qemu_vfio_pci_unmap_bar(s->vfio, 0, (void *)s->regs, 0, NVME_BAR_SIZE);
> -qemu_vfio_close(s->vfio);
> +if (s->regs) {
> +qemu_vfio_pci_unmap_bar(s->vfio, 0, (void *)s->regs, 0, 
> NVME_BAR_SIZE);

We can get here with s->vfio being NULL and s->regs being
uninitialized, but qemu_vfio_pci_unmap_bar() will unconditionally
dereference s->vfio.

If you want to write the error path like this I think you need
to initialize s->regs = NULL before we do the qemu_vfio_open_pci()
call and error-check.

> +}
> +if (s->vfio) {
> +qemu_vfio_close(s->vfio);
> +}
>  event_notifier_cleanup(&s->irq_notifier);
>  return ret;
>  }

thanks
-- PMM

[Qemu-devel] [Bug 1771570] Re: qemu-aarch64 $program > $file doesn't pipe output to file in 2.12.0

[Juho Hiltunen]

Running "unbuffer qemu-aarch64 $program > $file" allows to pipe the
output.

Is it intentional that I need to disable buffering to allow piping to
other processes? If yes, this issue can be closed.

further reading about unbuffer:
https://unix.stackexchange.com/questions/25372/turn-off-buffering-in-
pipe#25378

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1771570

Title:
  qemu-aarch64 $program  > $file doesn't pipe output to file in 2.12.0

Status in QEMU:
  New

Bug description:
  Running qemu-aarch64 $program > $file doesn't pipe anything to $file.
  The file is created but empty.

  qemu-aarch64 --help > $file works, so piping output in my system seems to 
work.
  qemu-x86_64 $program > $file works, too.

  I'm running version 2.12.0 build from source with ./configure && make

  Output of uname -a:
  Linux zhostname>  4.4.0-101-generic #124-Ubuntu SMP Fri Nov 10 18:29:59 UTC 
2017 x86_64 x86_64 x86_64 GNU/Linux

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1771570/+subscriptions

Re: [Qemu-devel] [PATCH v2 20/40] job: Move single job finalisation to Job

[Eric Blake]

On 05/18/2018 08:20 AM, Kevin Wolf wrote:

This moves the finalisation of a single job from BlockJob to Job.

Some part of this code depends on job transactions, and job transactions
call this code, we introduce some temporary calls from Job functions to
BlockJob ones. This will be fixed once transactions move to Job, too.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---



+++ b/job.c



@@ -449,6 +451,100 @@ void job_user_resume(Job *job, Error **errp)
  job_resume(job);
  }
  
+void job_do_dismiss(Job *job)

+{
+assert(job);
+job->busy = false;
+job->paused = false;
+job->deferred_to_main_loop = true;
+
+/* TODO Don't assume it's a BlockJob */
+block_job_txn_del_job((BlockJob*) job);


checkpatch flagged this for style, but it goes away later in the series. 
But more than just style, this hard-codes the assumption that BlockJob 
has a Job member at offset 0.  So would it be better to use 
container_of() instead of a bare cast, even though it is transient?


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH v2 12/40] job: Move defer_to_main_loop to Job

[John Snow]

On 05/18/2018 09:20 AM, Kevin Wolf wrote:
> Move the defer_to_main_loop functionality from BlockJob to Job.
> 
> The code can be simplified because we can use job->aio_context in
> job_defer_to_main_loop_bh() now, instead of having to access the
> BlockDriverState.
> 
> Probably taking the data->aio_context lock in addition was already
> unnecessary in the old code because we didn't actually make use of
> anything protected by the old AioContext except getting the new
> AioContext, in case it changed between scheduling the BH and running it.
> But it's certainly unnecessary now that the BDS isn't accessed at all
> any more.
> 
> Signed-off-by: Kevin Wolf 
> Reviewed-by: Max Reitz 

Reviewed-by: John Snow 

Re: [Qemu-devel] [PATCH v2 35/40] job: Add JOB_STATUS_CHANGE QMP event

[Eric Blake]

On 05/18/2018 08:21 AM, Kevin Wolf wrote:

This adds a QMP event that is emitted whenever a job transitions from
one status to another.

Signed-off-by: Kevin Wolf 
---
  qapi/job.json |  14 
  job.c |  10 +++



@@ -157,6 +158,11 @@ static int job_txn_apply(JobTxn *txn, int fn(Job *), bool 
lock)
  return rc;
  }
  
+static bool job_is_internal(Job *job)

+{
+return (job->id == NULL);


The () are not necessary.  In fact, you could use !!job->id for less 
typing, or even rely on the compiler to auto-convert a pointer into bool 
by just 'return job->id' (although the latter feels a bit too terse to me).


Style is minor, so
Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH 1/3] i386: fix regression parsing multiboot initrd modules

[Peter Maydell]

On 14 May 2018 at 18:19, Daniel P. Berrangé  wrote:
> The logic for parsing the multiboot initrd modules was messed up in
>
>   commit 950c4e6c94b15cd0d8b638917a8dbf458e6a
>   Author: Daniel P. Berrangé 
>   Date:   Mon Apr 16 12:17:43 2018 +0100
>
> opts: don't silently truncate long option values
>
> Causing the length to be undercounter, and the number of modules over
> counted. It also passes NULL to get_opt_value() which was not robust
> at accepting a NULL value.
>
> Signed-off-by: Daniel P. Berrangé 
> ---
>  hw/i386/multiboot.c | 3 +--
>  util/qemu-option.c  | 4 +++-
>  2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
> index 7a2953e26f..8e26545814 100644
> --- a/hw/i386/multiboot.c
> +++ b/hw/i386/multiboot.c
> @@ -292,8 +292,7 @@ int load_multiboot(FWCfgState *fw_cfg,
>  cmdline_len += strlen(kernel_cmdline) + 1;
>  if (initrd_filename) {
>  const char *r = get_opt_value(initrd_filename, NULL);
> -cmdline_len += strlen(r) + 1;
> -mbs.mb_mods_avail = 1;
> +cmdline_len += strlen(initrd_filename) + 1;
>  while (1) {
>  mbs.mb_mods_avail++;
>  r = get_opt_value(r, NULL);
> diff --git a/util/qemu-option.c b/util/qemu-option.c
> index 58d1c23893..8a68bc2314 100644
> --- a/util/qemu-option.c
> +++ b/util/qemu-option.c
> @@ -75,7 +75,9 @@ const char *get_opt_value(const char *p, char **value)
>  size_t capacity = 0, length;
>  const char *offset;
>
> -*value = NULL;
> +if (value) {
> +*value = NULL;
> +}
>  while (1) {
>  offset = strchr(p, ',');
>  if (!offset) {

Don't we delete this check again in patch 3? If we're
going to fix this by making multiboot.c not pass in NULL pointers,
is there a reason not to simply do that?

thanks
-- PMM

Re: [Qemu-devel] [PATCH] kvm: rename HINTS_DEDICATED to KVM_HINTS_REALTIME

[Eduardo Habkost]

On Fri, May 18, 2018 at 07:18:57PM +0200, Paolo Bonzini wrote:
> On 18/05/2018 19:13, Eduardo Habkost wrote:
> >> As much as we'd like to be helpful and validate input, you need a real
> >> time host too. I'm not sure how we'd find out - I suggest we do not
> >> bother for now.
> > I'm worried that people will start enabling the flag in all kinds
> > of scenarios where the guarantees can't be kept, and make the
> > meaning of the flag in practice completely different from its
> > documented meaning.
> 
> I don't think we should try to detect anything.  As far as QEMU is
> concerned, it's mostly garbage in, garbage out when it comes to invalid
> configurations.  It's just a bit, and using it in invalid configurations
> is okay if you're doing it (for example) for debugging.

In this case, I'd like the requirements and recommendations to be
included in QEMU documentation.  Especially to point out the most
obvious and more likely mistakes (like not ensuring memory is
pinned at all, or letting the vCPU threads be interrupted).

So, is there a known list of steps required to configure a host
to enable kvm-hints-realtime safely, already?  I'd like the
documentation to be better than "you should fiddle with the CPU
affinity on your system and also ensure memory will be pinned;
good luck".

-- 
Eduardo

Re: [Qemu-devel] [PATCH v2 02/40] blockjob: Improve BlockJobInfo.offset/len documentation

[John Snow]

On 05/18/2018 09:20 AM, Kevin Wolf wrote:
> Clarify that len is just an estimation of the end value of offset, and
> that offset increases monotonically while len can change arbitrarily.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  qapi/block-core.json | 9 ++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/qapi/block-core.json b/qapi/block-core.json
> index d32ec95666..0e29abf099 100644
> --- a/qapi/block-core.json
> +++ b/qapi/block-core.json
> @@ -1148,7 +1148,12 @@
>  # @device: The job identifier. Originally the device name but other
>  #  values are allowed since QEMU 2.7
>  #
> -# @len: the maximum progress value
> +# @len: Estimated @offset value at the completion of the job. This value can
> +#   arbitrarily change while the job is running, in both directions.
> +#
> +# @offset: Progress made until now. The unit is arbitrary and the value can
> +#  only meaningfully be used for the ratio of @offset to @len. The
> +#  value is monotonically increasing.
>  #
>  # @busy: false if the job is known to be in a quiescent state, with
>  #no pending I/O.  Since 1.3.
> @@ -1156,8 +1161,6 @@
>  # @paused: whether the job is paused or, if @busy is true, will
>  #  pause itself as soon as possible.  Since 1.3.
>  #
> -# @offset: the current progress value
> -#
>  # @speed: the rate limit, bytes per second
>  #
>  # @io-status: the status of the job (since 1.3)
> 

It matches current actual behavior, so it's probably a good update. It
feels like a change in behavior, but it's rather just codifying the
existing reality.

OK.

Reviewed-by: John Snow 

Re: [Qemu-devel] storing machine data in qcow images?

[Eduardo Habkost]

On Fri, May 18, 2018 at 06:09:56PM +0100, Daniel P. Berrangé wrote:
> On Fri, May 18, 2018 at 06:30:38PM +0300, Michael S. Tsirkin wrote:
> > Hi!
> > Right now, QEMU supports multiple machine types within
> > a given architecture. This was the case for many architectures
> > (like ARM) for a while, somewhat more recently this is the case
> > for x86 with I440FX and Q35 options.
> > 
> > Unfortunately this means that it's no longer possible
> > to more or less reliably boot a VM just given a disk image,
> > even if you select the correct QEMU binary:
> > you must supply the correct machine type.
> 
> You must /sometimes/ supply the correct machine type.
> 
> It is quite dependent on the guest OS you have installed, and even
> just how the guest OS is configured.  In general Linux is very
> flexible and can adapt to a wide range of hardware, automatically
> detecting things as needed. It is possible for a sysadmin to build
> a Linux image in a way that would only work with I440FX, but I
> don't think it would be common to see that. Many distros build
> and distribute disk images that can work across VMWare, KVM,
> and VirtualBox which all have very quite different hardware.
> Non-x86 archs may be more fussy but I don't have personal
> experiance with them
> 
> Windows is probably where things get more tricky, as it is not
> happy with disks moving between different controller types
> for example, and you might trigger license activation again.

All I'm suggesting here is just adding extra hints that OpenStack
can use.

I have very specific goal here: the goal is to make it less
painful to users when OpenStack+libvirt+QEMU switch to using a
different machine-type by default (q35), and/or when guest OSes
stop supporting pc-i440fx.  I assume this is a goal for OpenStack
as well.

We can make the solution to be more extensible and solve other
problems as well, but my original goal is the one above.

> 
> 
> > Some guests go even further and require specific devices to be present.
> > 
> > Would it be reasonable to support storing this information in the qcow
> > image itself?  For example, I can see it following immediately the
> > backing file path within the image.
> 
> The backing file string needs to go in space between the end of headers
> and start of first cluster, and the spec explicitly says nothing else
> must be stored there. Also we can already hit the length limit on the
> backing file.
> 
> There would need to be an explicit header extension defined with its
> own clusters allocated instead.

This sounds correct.


> 
> That said I'm not really convinced that using the qcow2 headers is
> a good plan. We have many disk image formats in common use, qcow2
> is just one. Even if the user provides the image in qcow2 format,
> that doesn't mean that mgmt apps actually store the qcow2 file.
> 

Why this OpenStack implementation detail matters?  Once the hints
are included in the input, it's up to OpenStack to choose how to
deal with it.


> For example in some deployments OpenStack will immediately
> convert the image to raw for storage in an RBD volume as it is
> uploaded to Glance. So the glance image store would need to
> have a way to extract & save the info at time of upload. OpenStack
> targets multiple hypervisors though, so I'm not sure they would
> welcome something that is specific to just qcow2 in this area.
> 

I don't get the "something that is specific to just qcow2" part.
Adding extra info to qcow2 doesn't prevent other file formats
from carrying the same information as well.


> The closest to a cross-hypervisor standard is OVF which can store
> metadata about required hardware for a VM. I'm pretty sure it does
> not have the concept of machine types, but maybe it has a way for
> people to define metadata extensions. Since it is just XML at the
> end of the day, even if there was nothing official in OVF, it would
> be possible to just define a custom XML namespace and declare a
> schema for that to follow.

There's nothing preventing OVF from supporting the same kind of
hints.

I just don't think we should require people to migrate to OVF if
all they need is to tell OpenStack what's the recommended
machine-type for a guest image.

Requiring a different image format seems very likely to not
fulfill the goal I stated above: it will require using different
tools to create the guest images, and we can't force everybody
publishing guest images to stop using qcow2.

> 
> 
> > As Eduardo pointed out off-list, the format could be a set of key-value
> > pairs. Initially qemu-img could gain ability to retrieve and manipulate
> > these. Down the road we could teach qemu to use them automatically.
> > We could also thinkably warn the user, or drop the image from the boot
> > order.
> > 
> > Reasonable (IMO) things we could store in such a section:
> > - qemu architecture to use with the image
> > - machine type
> 
> A concern is about what you actually put here. We could easily create a
> situation wh

[Qemu-devel] [PULL 27/32] target/arm: Implement SVE floating-point exponential accelerator

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-21-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h|  4 ++
 target/arm/sve_helper.c| 90 ++
 target/arm/translate-sve.c | 24 ++
 target/arm/sve.decode  |  7 +++
 4 files changed, 125 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 5280d375f9..e2925ff8ec 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -385,6 +385,10 @@ DEF_HELPER_FLAGS_4(sve_adr_p64, TCG_CALL_NO_RWG, void, 
ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve_adr_s32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve_adr_u32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_3(sve_fexpa_h, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_fexpa_s, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_fexpa_d, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 7fa8394aec..6ffb126821 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -1102,3 +1102,93 @@ void HELPER(sve_adr_u32)(void *vd, void *vn, void *vm, 
uint32_t desc)
 d[i] = n[i] + ((uint64_t)(uint32_t)m[i] << sh);
 }
 }
+
+void HELPER(sve_fexpa_h)(void *vd, void *vn, uint32_t desc)
+{
+/* These constants are cut-and-paste directly from the ARM pseudocode.  */
+static const uint16_t coeff[] = {
+0x, 0x0016, 0x002d, 0x0045, 0x005d, 0x0075, 0x008e, 0x00a8,
+0x00c2, 0x00dc, 0x00f8, 0x0114, 0x0130, 0x014d, 0x016b, 0x0189,
+0x01a8, 0x01c8, 0x01e8, 0x0209, 0x022b, 0x024e, 0x0271, 0x0295,
+0x02ba, 0x02e0, 0x0306, 0x032e, 0x0356, 0x037f, 0x03a9, 0x03d4,
+};
+intptr_t i, opr_sz = simd_oprsz(desc) / 2;
+uint16_t *d = vd, *n = vn;
+
+for (i = 0; i < opr_sz; i++) {
+uint16_t nn = n[i];
+intptr_t idx = extract32(nn, 0, 5);
+uint16_t exp = extract32(nn, 5, 5);
+d[i] = coeff[idx] | (exp << 10);
+}
+}
+
+void HELPER(sve_fexpa_s)(void *vd, void *vn, uint32_t desc)
+{
+/* These constants are cut-and-paste directly from the ARM pseudocode.  */
+static const uint32_t coeff[] = {
+0x00, 0x0164d2, 0x02cd87, 0x043a29,
+0x05aac3, 0x071f62, 0x08980f, 0x0a14d5,
+0x0b95c2, 0x0d1adf, 0x0ea43a, 0x1031dc,
+0x11c3d3, 0x135a2b, 0x14f4f0, 0x16942d,
+0x1837f0, 0x19e046, 0x1b8d3a, 0x1d3eda,
+0x1ef532, 0x20b051, 0x227043, 0x243516,
+0x25fed7, 0x27cd94, 0x29a15b, 0x2b7a3a,
+0x2d583f, 0x2f3b79, 0x3123f6, 0x3311c4,
+0x3504f3, 0x36fd92, 0x38fbaf, 0x3aff5b,
+0x3d08a4, 0x3f179a, 0x412c4d, 0x4346cd,
+0x45672a, 0x478d75, 0x49b9be, 0x4bec15,
+0x4e248c, 0x506334, 0x52a81e, 0x54f35b,
+0x5744fd, 0x599d16, 0x5bfbb8, 0x5e60f5,
+0x60ccdf, 0x633f89, 0x65b907, 0x68396a,
+0x6ac0c7, 0x6d4f30, 0x6fe4ba, 0x728177,
+0x75257d, 0x77d0df, 0x7a83b3, 0x7d3e0c,
+};
+intptr_t i, opr_sz = simd_oprsz(desc) / 4;
+uint32_t *d = vd, *n = vn;
+
+for (i = 0; i < opr_sz; i++) {
+uint32_t nn = n[i];
+intptr_t idx = extract32(nn, 0, 6);
+uint32_t exp = extract32(nn, 6, 8);
+d[i] = coeff[idx] | (exp << 23);
+}
+}
+
+void HELPER(sve_fexpa_d)(void *vd, void *vn, uint32_t desc)
+{
+/* These constants are cut-and-paste directly from the ARM pseudocode.  */
+static const uint64_t coeff[] = {
+0x0ull, 0x02C9A3E778061ull, 0x059B0D3158574ull,
+0x0874518759BC8ull, 0x0B5586CF9890Full, 0x0E3EC32D3D1A2ull,
+0x11301D0125B51ull, 0x1429AAEA92DE0ull, 0x172B83C7D517Bull,
+0x1A35BEB6FCB75ull, 0x1D4873168B9AAull, 0x2063B88628CD6ull,
+0x2387A6E756238ull, 0x26B4565E27CDDull, 0x29E9DF51FDEE1ull,
+0x2D285A6E4030Bull, 0x306FE0A31B715ull, 0x33C08B26416FFull,
+0x371A7373AA9CBull, 0x3A7DB34E59FF7ull, 0x3DEA64C123422ull,
+0x4160A21F72E2Aull, 0x44E086061892Dull, 0x486A2B5C13CD0ull,
+0x4BFDAD5362A27ull, 0x4F9B2769D2CA7ull, 0x5342B569D4F82ull,
+0x56F4736B527DAull, 0x5AB07DD485429ull, 0x5E76F15AD2148ull,
+0x6247EB03A5585ull, 0x6623882552225ull, 0x6A09E667F3BCDull,
+0x6DFB23C651A2Full, 0x71F75E8EC5F74ull, 0x75FEB564267C9ull,
+0x7A11473EB0187ull, 0x7E2F336CF4E62ull, 0x82589994CCE13ull,
+0x868D99B4492EDull, 0x8ACE5422AA0DBull, 0x8F1AE99157736ull,
+0x93737B0CDC5E5ull, 0x97D829FDE4E50ull, 0x9C49182A3F090ull,
+0xA0C667B5DE565ull, 0xA5503B23E255Dull, 0xA9E6B5579FDBFull,
+0xAE89F995AD3ADull, 0xB33A2B84F15FBull, 0xB7F76F2FB5E4

[Qemu-devel] [PULL 32/32] target/arm: Implement SVE Permute - Extract Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-26-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h|  2 +
 target/arm/sve_helper.c| 81 ++
 target/arm/translate-sve.c | 34 
 target/arm/sve.decode  |  7 
 4 files changed, 124 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 79493ab647..94f4356ce9 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -414,6 +414,8 @@ DEF_HELPER_FLAGS_4(sve_cpy_z_h, TCG_CALL_NO_RWG, void, ptr, 
ptr, i64, i32)
 DEF_HELPER_FLAGS_4(sve_cpy_z_s, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
 DEF_HELPER_FLAGS_4(sve_cpy_z_d, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
 
+DEF_HELPER_FLAGS_4(sve_ext, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 8c7ea989b1..b825e44cb5 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -1479,3 +1479,84 @@ void HELPER(sve_cpy_z_d)(void *vd, void *vg, uint64_t 
val, uint32_t desc)
 d[i] = (pg[H1(i)] & 1 ? val : 0);
 }
 }
+
+/* Big-endian hosts need to frob the byte indicies.  If the copy
+ * happens to be 8-byte aligned, then no frobbing necessary.
+ */
+static void swap_memmove(void *vd, void *vs, size_t n)
+{
+uintptr_t d = (uintptr_t)vd;
+uintptr_t s = (uintptr_t)vs;
+uintptr_t o = (d | s | n) & 7;
+size_t i;
+
+#ifndef HOST_WORDS_BIGENDIAN
+o = 0;
+#endif
+switch (o) {
+case 0:
+memmove(vd, vs, n);
+break;
+
+case 4:
+if (d < s || d >= s + n) {
+for (i = 0; i < n; i += 4) {
+*(uint32_t *)H1_4(d + i) = *(uint32_t *)H1_4(s + i);
+}
+} else {
+for (i = n; i > 0; ) {
+i -= 4;
+*(uint32_t *)H1_4(d + i) = *(uint32_t *)H1_4(s + i);
+}
+}
+break;
+
+case 2:
+case 6:
+if (d < s || d >= s + n) {
+for (i = 0; i < n; i += 2) {
+*(uint16_t *)H1_2(d + i) = *(uint16_t *)H1_2(s + i);
+}
+} else {
+for (i = n; i > 0; ) {
+i -= 2;
+*(uint16_t *)H1_2(d + i) = *(uint16_t *)H1_2(s + i);
+}
+}
+break;
+
+default:
+if (d < s || d >= s + n) {
+for (i = 0; i < n; i++) {
+*(uint8_t *)H1(d + i) = *(uint8_t *)H1(s + i);
+}
+} else {
+for (i = n; i > 0; ) {
+i -= 1;
+*(uint8_t *)H1(d + i) = *(uint8_t *)H1(s + i);
+}
+}
+break;
+}
+}
+
+void HELPER(sve_ext)(void *vd, void *vn, void *vm, uint32_t desc)
+{
+intptr_t opr_sz = simd_oprsz(desc);
+size_t n_ofs = simd_data(desc);
+size_t n_siz = opr_sz - n_ofs;
+
+if (vd != vm) {
+swap_memmove(vd, vn + n_ofs, n_siz);
+swap_memmove(vd + n_siz, vm, n_ofs);
+} else if (vd != vn) {
+swap_memmove(vd + n_siz, vd, n_ofs);
+swap_memmove(vd, vn + n_ofs, n_siz);
+} else {
+/* vd == vn == vm.  Need temp space.  */
+ARMVectorReg tmp;
+swap_memmove(&tmp, vm, n_ofs);
+swap_memmove(vd, vd + n_ofs, n_siz);
+memcpy(vd + n_siz, &tmp, n_ofs);
+}
+}
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 9bdd61ff84..c48d4b530a 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -1922,6 +1922,40 @@ static bool trans_CPY_z_i(DisasContext *s, arg_CPY_z_i 
*a, uint32_t insn)
 return true;
 }
 
+/*
+ *** SVE Permute Extract Group
+ */
+
+static bool trans_EXT(DisasContext *s, arg_EXT *a, uint32_t insn)
+{
+if (!sve_access_check(s)) {
+return true;
+}
+
+unsigned vsz = vec_full_reg_size(s);
+unsigned n_ofs = a->imm >= vsz ? 0 : a->imm;
+unsigned n_siz = vsz - n_ofs;
+unsigned d = vec_full_reg_offset(s, a->rd);
+unsigned n = vec_full_reg_offset(s, a->rn);
+unsigned m = vec_full_reg_offset(s, a->rm);
+
+/* Use host vector move insns if we have appropriate sizes
+ * and no unfortunate overlap.
+ */
+if (m != d
+&& n_ofs == size_for_gvec(n_ofs)
+&& n_siz == size_for_gvec(n_siz)
+&& (d != n || n_siz <= n_ofs)) {
+tcg_gen_gvec_mov(0, d, n + n_ofs, n_siz, n_siz);
+if (n_ofs != 0) {
+tcg_gen_gvec_mov(0, d + n_siz, m, n_ofs, n_ofs);
+}
+} else {
+tcg_gen_gvec_3_ool(d, n, m, vsz, vsz, n_ofs, gen_helper_sve_ext);
+}
+return true;
+}
+
 /*
  *** SVE Memory - 32-bit Gather and Unsized Contiguou

[Qemu-devel] [PULL 20/32] target/arm: Implement SVE Integer Arithmetic - Unary Predicated Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-14-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h|  60 ++
 target/arm/sve_helper.c| 127 +
 target/arm/translate-sve.c | 113 +
 target/arm/sve.decode  |  23 +++
 4 files changed, 323 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index d516580134..11644125d1 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -285,6 +285,66 @@ DEF_HELPER_FLAGS_4(sve_asrd_h, TCG_CALL_NO_RWG, void, ptr, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve_asrd_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve_asrd_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(sve_cls_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_cls_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_cls_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_cls_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_clz_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_clz_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_clz_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_clz_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_cnt_zpz_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_cnt_zpz_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_cnt_zpz_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_cnt_zpz_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_cnot_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_cnot_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_cnot_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_cnot_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_fabs_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_fabs_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_fabs_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_fneg_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_fneg_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_fneg_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_not_zpz_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_not_zpz_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_not_zpz_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_not_zpz_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_sxtb_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_sxtb_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_sxtb_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_uxtb_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_uxtb_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_uxtb_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_sxth_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_sxth_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_uxth_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_uxth_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_sxtw_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_uxtw_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_abs_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_abs_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_abs_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_abs_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_neg_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_neg_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_neg_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_neg_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index a5d12603e5..236d21e771 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -500,6 +500,133 @@ DO_ZPZW(sve_lsl_zpzw_s, uint32_t, uint64_t, H1_4, DO_LSL)
 
 #undef DO_ZPZW
 
+/* Fully general two-operand expander, controlled by a predicate.
+ */
+#define DO_ZPZ(NAME, TYPE, H, OP)   \

[Qemu-devel] [PULL 31/32] target/arm: Implement SVE Integer Wide Immediate - Predicated Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-25-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h|  10 
 target/arm/sve_helper.c| 108 +
 target/arm/translate-sve.c |  88 ++
 target/arm/sve.decode  |  19 ++-
 4 files changed, 224 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 2831e1643b..79493ab647 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -404,6 +404,16 @@ DEF_HELPER_FLAGS_4(sve_uqaddi_s, TCG_CALL_NO_RWG, void, 
ptr, ptr, s64, i32)
 DEF_HELPER_FLAGS_4(sve_uqaddi_d, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
 DEF_HELPER_FLAGS_4(sve_uqsubi_d, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
 
+DEF_HELPER_FLAGS_5(sve_cpy_m_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_5(sve_cpy_m_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_5(sve_cpy_m_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_5(sve_cpy_m_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i64, i32)
+
+DEF_HELPER_FLAGS_4(sve_cpy_z_b, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(sve_cpy_z_h, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(sve_cpy_z_s, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(sve_cpy_z_d, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 979aa5c409..8c7ea989b1 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -1371,3 +1371,111 @@ void HELPER(sve_uqsubi_d)(void *d, void *a, uint64_t b, 
uint32_t desc)
 *(uint64_t *)(d + i) = (ai < b ? 0 : ai - b);
 }
 }
+
+/* Two operand predicated copy immediate with merge.  All valid immediates
+ * can fit within 17 signed bits in the simd_data field.
+ */
+void HELPER(sve_cpy_m_b)(void *vd, void *vn, void *vg,
+ uint64_t mm, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t *d = vd, *n = vn;
+uint8_t *pg = vg;
+
+mm = dup_const(MO_8, mm);
+for (i = 0; i < opr_sz; i += 1) {
+uint64_t nn = n[i];
+uint64_t pp = expand_pred_b(pg[H1(i)]);
+d[i] = (mm & pp) | (nn & ~pp);
+}
+}
+
+void HELPER(sve_cpy_m_h)(void *vd, void *vn, void *vg,
+ uint64_t mm, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t *d = vd, *n = vn;
+uint8_t *pg = vg;
+
+mm = dup_const(MO_16, mm);
+for (i = 0; i < opr_sz; i += 1) {
+uint64_t nn = n[i];
+uint64_t pp = expand_pred_h(pg[H1(i)]);
+d[i] = (mm & pp) | (nn & ~pp);
+}
+}
+
+void HELPER(sve_cpy_m_s)(void *vd, void *vn, void *vg,
+ uint64_t mm, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t *d = vd, *n = vn;
+uint8_t *pg = vg;
+
+mm = dup_const(MO_32, mm);
+for (i = 0; i < opr_sz; i += 1) {
+uint64_t nn = n[i];
+uint64_t pp = expand_pred_s(pg[H1(i)]);
+d[i] = (mm & pp) | (nn & ~pp);
+}
+}
+
+void HELPER(sve_cpy_m_d)(void *vd, void *vn, void *vg,
+ uint64_t mm, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t *d = vd, *n = vn;
+uint8_t *pg = vg;
+
+for (i = 0; i < opr_sz; i += 1) {
+uint64_t nn = n[i];
+d[i] = (pg[H1(i)] & 1 ? mm : nn);
+}
+}
+
+void HELPER(sve_cpy_z_b)(void *vd, void *vg, uint64_t val, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t *d = vd;
+uint8_t *pg = vg;
+
+val = dup_const(MO_8, val);
+for (i = 0; i < opr_sz; i += 1) {
+d[i] = val & expand_pred_b(pg[H1(i)]);
+}
+}
+
+void HELPER(sve_cpy_z_h)(void *vd, void *vg, uint64_t val, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t *d = vd;
+uint8_t *pg = vg;
+
+val = dup_const(MO_16, val);
+for (i = 0; i < opr_sz; i += 1) {
+d[i] = val & expand_pred_h(pg[H1(i)]);
+}
+}
+
+void HELPER(sve_cpy_z_s)(void *vd, void *vg, uint64_t val, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t *d = vd;
+uint8_t *pg = vg;
+
+val = dup_const(MO_32, val);
+for (i = 0; i < opr_sz; i += 1) {
+d[i] = val & expand_pred_s(pg[H1(i)]);
+}
+}
+
+void HELPER(sve_cpy_z_d)(void *vd, void *vg, uint64_t val, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t *d = vd;
+uint8_t *pg = vg;
+
+for (i = 0; i < opr_sz; i += 1) {
+d[i] = (pg[H1(i)] & 1 ? val : 0);
+}
+}
diff

[Qemu-devel] [PULL 29/32] target/arm: Implement SVE Element Count Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-23-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h|  11 ++
 target/arm/sve_helper.c| 136 ++
 target/arm/translate-sve.c | 288 +
 target/arm/sve.decode  |  31 +++-
 4 files changed, 465 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 4f1bd5a62f..2831e1643b 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -393,6 +393,17 @@ DEF_HELPER_FLAGS_4(sve_ftssel_h, TCG_CALL_NO_RWG, void, 
ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve_ftssel_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve_ftssel_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(sve_sqaddi_b, TCG_CALL_NO_RWG, void, ptr, ptr, s32, i32)
+DEF_HELPER_FLAGS_4(sve_sqaddi_h, TCG_CALL_NO_RWG, void, ptr, ptr, s32, i32)
+DEF_HELPER_FLAGS_4(sve_sqaddi_s, TCG_CALL_NO_RWG, void, ptr, ptr, s64, i32)
+DEF_HELPER_FLAGS_4(sve_sqaddi_d, TCG_CALL_NO_RWG, void, ptr, ptr, s64, i32)
+
+DEF_HELPER_FLAGS_4(sve_uqaddi_b, TCG_CALL_NO_RWG, void, ptr, ptr, s32, i32)
+DEF_HELPER_FLAGS_4(sve_uqaddi_h, TCG_CALL_NO_RWG, void, ptr, ptr, s32, i32)
+DEF_HELPER_FLAGS_4(sve_uqaddi_s, TCG_CALL_NO_RWG, void, ptr, ptr, s64, i32)
+DEF_HELPER_FLAGS_4(sve_uqaddi_d, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(sve_uqsubi_d, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 85a0639e3a..979aa5c409 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -1235,3 +1235,139 @@ void HELPER(sve_ftssel_d)(void *vd, void *vn, void *vm, 
uint32_t desc)
 d[i] = nn ^ (mm & 2) << 62;
 }
 }
+
+/*
+ * Signed saturating addition with scalar operand.
+ */
+
+void HELPER(sve_sqaddi_b)(void *d, void *a, int32_t b, uint32_t desc)
+{
+intptr_t i, oprsz = simd_oprsz(desc);
+
+for (i = 0; i < oprsz; i += sizeof(int8_t)) {
+int r = *(int8_t *)(a + i) + b;
+if (r > INT8_MAX) {
+r = INT8_MAX;
+} else if (r < INT8_MIN) {
+r = INT8_MIN;
+}
+*(int8_t *)(d + i) = r;
+}
+}
+
+void HELPER(sve_sqaddi_h)(void *d, void *a, int32_t b, uint32_t desc)
+{
+intptr_t i, oprsz = simd_oprsz(desc);
+
+for (i = 0; i < oprsz; i += sizeof(int16_t)) {
+int r = *(int16_t *)(a + i) + b;
+if (r > INT16_MAX) {
+r = INT16_MAX;
+} else if (r < INT16_MIN) {
+r = INT16_MIN;
+}
+*(int16_t *)(d + i) = r;
+}
+}
+
+void HELPER(sve_sqaddi_s)(void *d, void *a, int64_t b, uint32_t desc)
+{
+intptr_t i, oprsz = simd_oprsz(desc);
+
+for (i = 0; i < oprsz; i += sizeof(int32_t)) {
+int64_t r = *(int32_t *)(a + i) + b;
+if (r > INT32_MAX) {
+r = INT32_MAX;
+} else if (r < INT32_MIN) {
+r = INT32_MIN;
+}
+*(int32_t *)(d + i) = r;
+}
+}
+
+void HELPER(sve_sqaddi_d)(void *d, void *a, int64_t b, uint32_t desc)
+{
+intptr_t i, oprsz = simd_oprsz(desc);
+
+for (i = 0; i < oprsz; i += sizeof(int64_t)) {
+int64_t ai = *(int64_t *)(a + i);
+int64_t r = ai + b;
+if (((r ^ ai) & ~(ai ^ b)) < 0) {
+/* Signed overflow.  */
+r = (r < 0 ? INT64_MAX : INT64_MIN);
+}
+*(int64_t *)(d + i) = r;
+}
+}
+
+/*
+ * Unsigned saturating addition with scalar operand.
+ */
+
+void HELPER(sve_uqaddi_b)(void *d, void *a, int32_t b, uint32_t desc)
+{
+intptr_t i, oprsz = simd_oprsz(desc);
+
+for (i = 0; i < oprsz; i += sizeof(uint8_t)) {
+int r = *(uint8_t *)(a + i) + b;
+if (r > UINT8_MAX) {
+r = UINT8_MAX;
+} else if (r < 0) {
+r = 0;
+}
+*(uint8_t *)(d + i) = r;
+}
+}
+
+void HELPER(sve_uqaddi_h)(void *d, void *a, int32_t b, uint32_t desc)
+{
+intptr_t i, oprsz = simd_oprsz(desc);
+
+for (i = 0; i < oprsz; i += sizeof(uint16_t)) {
+int r = *(uint16_t *)(a + i) + b;
+if (r > UINT16_MAX) {
+r = UINT16_MAX;
+} else if (r < 0) {
+r = 0;
+}
+*(uint16_t *)(d + i) = r;
+}
+}
+
+void HELPER(sve_uqaddi_s)(void *d, void *a, int64_t b, uint32_t desc)
+{
+intptr_t i, oprsz = simd_oprsz(desc);
+
+for (i = 0; i < oprsz; i += sizeof(uint32_t)) {
+int64_t r = *(uint32_t *)(a + i) + b;
+if (r > UINT32_MAX) {
+r = UINT32_MAX;
+} else if (r < 0) {
+r = 0;
+}
+*(uint32_t *)(d + i) = r;
+}
+}
+
+void HELPER(sve_

[Qemu-devel] [PULL 19/32] target/arm: Implement SVE bitwise shift by wide elements (predicated)

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-13-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h| 21 +
 target/arm/sve_helper.c| 35 +++
 target/arm/translate-sve.c | 24 
 target/arm/sve.decode  |  6 ++
 4 files changed, 86 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 0cc02ee59e..d516580134 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -195,6 +195,27 @@ DEF_HELPER_FLAGS_5(sve_lsl_zpzz_s, TCG_CALL_NO_RWG,
 DEF_HELPER_FLAGS_5(sve_lsl_zpzz_d, TCG_CALL_NO_RWG,
void, ptr, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_5(sve_asr_zpzw_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_asr_zpzw_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_asr_zpzw_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_lsr_zpzw_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_lsr_zpzw_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_lsr_zpzw_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_lsl_zpzw_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_lsl_zpzw_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_lsl_zpzw_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_3(sve_orv_b, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(sve_orv_h, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(sve_orv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index ece3a81ad3..a5d12603e5 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -465,6 +465,41 @@ DO_ZPZZ_D(sve_lsl_zpzz_d, uint64_t, DO_LSL)
 #undef DO_ZPZZ
 #undef DO_ZPZZ_D
 
+/* Three-operand expander, controlled by a predicate, in which the
+ * third operand is "wide".  That is, for D = N op M, the same 64-bit
+ * value of M is used with all of the narrower values of N.
+ */
+#define DO_ZPZW(NAME, TYPE, TYPEW, H, OP)   \
+void HELPER(NAME)(void *vd, void *vn, void *vm, void *vg, uint32_t desc) \
+{   \
+intptr_t i, opr_sz = simd_oprsz(desc);  \
+for (i = 0; i < opr_sz; ) { \
+uint8_t pg = *(uint8_t *)(vg + H1(i >> 3)); \
+TYPEW mm = *(TYPEW *)(vm + i);  \
+do {\
+if (pg & 1) {   \
+TYPE nn = *(TYPE *)(vn + H(i)); \
+*(TYPE *)(vd + H(i)) = OP(nn, mm);  \
+}   \
+i += sizeof(TYPE), pg >>= sizeof(TYPE); \
+} while (i & 7);\
+}   \
+}
+
+DO_ZPZW(sve_asr_zpzw_b, int8_t, uint64_t, H1, DO_ASR)
+DO_ZPZW(sve_lsr_zpzw_b, uint8_t, uint64_t, H1, DO_LSR)
+DO_ZPZW(sve_lsl_zpzw_b, uint8_t, uint64_t, H1, DO_LSL)
+
+DO_ZPZW(sve_asr_zpzw_h, int16_t, uint64_t, H1_2, DO_ASR)
+DO_ZPZW(sve_lsr_zpzw_h, uint16_t, uint64_t, H1_2, DO_LSR)
+DO_ZPZW(sve_lsl_zpzw_h, uint16_t, uint64_t, H1_2, DO_LSL)
+
+DO_ZPZW(sve_asr_zpzw_s, int32_t, uint64_t, H1_4, DO_ASR)
+DO_ZPZW(sve_lsr_zpzw_s, uint32_t, uint64_t, H1_4, DO_LSR)
+DO_ZPZW(sve_lsl_zpzw_s, uint32_t, uint64_t, H1_4, DO_LSL)
+
+#undef DO_ZPZW
+
 /* Two-operand reduction expander, controlled by a predicate.
  * The difference between TYPERED and TYPERET has to do with
  * sign-extension.  E.g. for SMAX, TYPERED must be signed,
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index f0400e35d9..438df6359e 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -497,6 +497,30 @@ static bool trans_ASRD(DisasContext *s, arg_rpri_esz *a, 
uint32_t insn)
 }
 }
 
+/*
+ *** SVE Bitwise Shift - Predicated Group
+ */
+
+#define DO_ZPZW(NAME, name) \
+static bool trans_##NAME##_zpzw(DisasContext *s, arg_rprr_esz *a, \
+uint32_t insn)\
+{ \
+static gen_helper_gvec_4 * const fns[3] = {   \
+gen_helper_sve_##name##_zpzw_b, gen_helper_sve_##name##_zpzw_h,   \

[Qemu-devel] [PULL 23/32] target/arm: Implement SVE Index Generation Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-17-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h|  5 +++
 target/arm/sve_helper.c| 40 +++
 target/arm/translate-sve.c | 79 ++
 target/arm/sve.decode  | 14 +++
 4 files changed, 138 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index b31d497f31..2a2dbe98dd 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -363,6 +363,11 @@ DEF_HELPER_FLAGS_6(sve_mls_s, TCG_CALL_NO_RWG,
 DEF_HELPER_FLAGS_6(sve_mls_d, TCG_CALL_NO_RWG,
void, ptr, ptr, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(sve_index_b, TCG_CALL_NO_RWG, void, ptr, i32, i32, i32)
+DEF_HELPER_FLAGS_4(sve_index_h, TCG_CALL_NO_RWG, void, ptr, i32, i32, i32)
+DEF_HELPER_FLAGS_4(sve_index_s, TCG_CALL_NO_RWG, void, ptr, i32, i32, i32)
+DEF_HELPER_FLAGS_4(sve_index_d, TCG_CALL_NO_RWG, void, ptr, i64, i64, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 56a4eb71d5..385bb8b314 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -992,3 +992,43 @@ DO_ZPZZZ_D(sve_mls_d, uint64_t, DO_MLS)
 #undef DO_MLS
 #undef DO_ZPZZZ
 #undef DO_ZPZZZ_D
+
+void HELPER(sve_index_b)(void *vd, uint32_t start,
+ uint32_t incr, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc);
+uint8_t *d = vd;
+for (i = 0; i < opr_sz; i += 1) {
+d[H1(i)] = start + i * incr;
+}
+}
+
+void HELPER(sve_index_h)(void *vd, uint32_t start,
+ uint32_t incr, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 2;
+uint16_t *d = vd;
+for (i = 0; i < opr_sz; i += 1) {
+d[H2(i)] = start + i * incr;
+}
+}
+
+void HELPER(sve_index_s)(void *vd, uint32_t start,
+ uint32_t incr, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 4;
+uint32_t *d = vd;
+for (i = 0; i < opr_sz; i += 1) {
+d[H4(i)] = start + i * incr;
+}
+}
+
+void HELPER(sve_index_d)(void *vd, uint64_t start,
+ uint64_t incr, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t *d = vd;
+for (i = 0; i < opr_sz; i += 1) {
+d[i] = start + i * incr;
+}
+}
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index d9c4118d46..e3a8e9506e 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -702,6 +702,85 @@ DO_ZPZZZ(MLS, mls)
 
 #undef DO_ZPZZZ
 
+/*
+ *** SVE Index Generation Group
+ */
+
+static void do_index(DisasContext *s, int esz, int rd,
+ TCGv_i64 start, TCGv_i64 incr)
+{
+unsigned vsz = vec_full_reg_size(s);
+TCGv_i32 desc = tcg_const_i32(simd_desc(vsz, vsz, 0));
+TCGv_ptr t_zd = tcg_temp_new_ptr();
+
+tcg_gen_addi_ptr(t_zd, cpu_env, vec_full_reg_offset(s, rd));
+if (esz == 3) {
+gen_helper_sve_index_d(t_zd, start, incr, desc);
+} else {
+typedef void index_fn(TCGv_ptr, TCGv_i32, TCGv_i32, TCGv_i32);
+static index_fn * const fns[3] = {
+gen_helper_sve_index_b,
+gen_helper_sve_index_h,
+gen_helper_sve_index_s,
+};
+TCGv_i32 s32 = tcg_temp_new_i32();
+TCGv_i32 i32 = tcg_temp_new_i32();
+
+tcg_gen_extrl_i64_i32(s32, start);
+tcg_gen_extrl_i64_i32(i32, incr);
+fns[esz](t_zd, s32, i32, desc);
+
+tcg_temp_free_i32(s32);
+tcg_temp_free_i32(i32);
+}
+tcg_temp_free_ptr(t_zd);
+tcg_temp_free_i32(desc);
+}
+
+static bool trans_INDEX_ii(DisasContext *s, arg_INDEX_ii *a, uint32_t insn)
+{
+if (sve_access_check(s)) {
+TCGv_i64 start = tcg_const_i64(a->imm1);
+TCGv_i64 incr = tcg_const_i64(a->imm2);
+do_index(s, a->esz, a->rd, start, incr);
+tcg_temp_free_i64(start);
+tcg_temp_free_i64(incr);
+}
+return true;
+}
+
+static bool trans_INDEX_ir(DisasContext *s, arg_INDEX_ir *a, uint32_t insn)
+{
+if (sve_access_check(s)) {
+TCGv_i64 start = tcg_const_i64(a->imm);
+TCGv_i64 incr = cpu_reg(s, a->rm);
+do_index(s, a->esz, a->rd, start, incr);
+tcg_temp_free_i64(start);
+}
+return true;
+}
+
+static bool trans_INDEX_ri(DisasContext *s, arg_INDEX_ri *a, uint32_t insn)
+{
+if (sve_access_check(s)) {
+TCGv_i64 start = cpu_reg(s, a->rn);
+TCGv_i64 incr = tcg_const_i64(a->imm);
+do_index(s, a->esz, a->rd, start, incr);
+tcg_temp_free_i64(incr);
+}
+return true;
+}
+
+static bool trans_INDEX_rr(DisasContext *s, arg_I

[Qemu-devel] [PULL 22/32] target/arm: Implement SVE Integer Arithmetic - Unpredicated Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-16-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/translate-sve.c | 34 ++
 target/arm/sve.decode  | 13 +
 2 files changed, 47 insertions(+)

diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index f14bb2196a..d9c4118d46 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -251,6 +251,40 @@ static bool trans_BIC_zzz(DisasContext *s, arg_rrr_esz *a, 
uint32_t insn)
 return do_vector3_z(s, tcg_gen_gvec_andc, 0, a->rd, a->rn, a->rm);
 }
 
+/*
+ *** SVE Integer Arithmetic - Unpredicated Group
+ */
+
+static bool trans_ADD_zzz(DisasContext *s, arg_rrr_esz *a, uint32_t insn)
+{
+return do_vector3_z(s, tcg_gen_gvec_add, a->esz, a->rd, a->rn, a->rm);
+}
+
+static bool trans_SUB_zzz(DisasContext *s, arg_rrr_esz *a, uint32_t insn)
+{
+return do_vector3_z(s, tcg_gen_gvec_sub, a->esz, a->rd, a->rn, a->rm);
+}
+
+static bool trans_SQADD_zzz(DisasContext *s, arg_rrr_esz *a, uint32_t insn)
+{
+return do_vector3_z(s, tcg_gen_gvec_ssadd, a->esz, a->rd, a->rn, a->rm);
+}
+
+static bool trans_SQSUB_zzz(DisasContext *s, arg_rrr_esz *a, uint32_t insn)
+{
+return do_vector3_z(s, tcg_gen_gvec_sssub, a->esz, a->rd, a->rn, a->rm);
+}
+
+static bool trans_UQADD_zzz(DisasContext *s, arg_rrr_esz *a, uint32_t insn)
+{
+return do_vector3_z(s, tcg_gen_gvec_usadd, a->esz, a->rd, a->rn, a->rm);
+}
+
+static bool trans_UQSUB_zzz(DisasContext *s, arg_rrr_esz *a, uint32_t insn)
+{
+return do_vector3_z(s, tcg_gen_gvec_ussub, a->esz, a->rd, a->rn, a->rm);
+}
+
 /*
  *** SVE Integer Arithmetic - Binary Predicated Group
  */
diff --git a/target/arm/sve.decode b/target/arm/sve.decode
index 5e4335b2ae..58d59c7b77 100644
--- a/target/arm/sve.decode
+++ b/target/arm/sve.decode
@@ -66,6 +66,9 @@
 # Three predicate operand, with governing predicate, flag setting
 @pd_pg_pn_pm_s   . s:1 .. rm:4 .. pg:4 . rn:4 . rd:4&rprr_s
 
+# Three operand, vector element size
+@rd_rn_rm    esz:2 . rm:5 ... ... rn:5 rd:5 &rrr_esz
+
 # Two register operand, with governing predicate, vector element size
 @rdn_pg_rm   esz:2 ... ... ... pg:3 rm:5 rd:5 \
 &rprr_esz rn=%reg_movprfx
@@ -203,6 +206,16 @@ MLS 0100 .. 0 . 011 ... . .   
@rda_pg_rn_rm
 MLA 0100 .. 0 . 110 ... . .   @rdn_pg_ra_rm # MAD
 MLS 0100 .. 0 . 111 ... . .   @rdn_pg_ra_rm # MSB
 
+### SVE Integer Arithmetic - Unpredicated Group
+
+# SVE integer add/subtract vectors (unpredicated)
+ADD_zzz 0100 .. 1 . 000 000 . . @rd_rn_rm
+SUB_zzz 0100 .. 1 . 000 001 . . @rd_rn_rm
+SQADD_zzz   0100 .. 1 . 000 100 . . @rd_rn_rm
+UQADD_zzz   0100 .. 1 . 000 101 . . @rd_rn_rm
+SQSUB_zzz   0100 .. 1 . 000 110 . . @rd_rn_rm
+UQSUB_zzz   0100 .. 1 . 000 111 . . @rd_rn_rm
+
 ### SVE Logical - Unpredicated Group
 
 # SVE bitwise logical operations (unpredicated)
-- 
2.17.0

[Qemu-devel] [PULL 30/32] target/arm: Implement SVE Bitwise Immediate Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-24-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/translate-sve.c | 49 ++
 target/arm/sve.decode  | 17 +
 2 files changed, 66 insertions(+)

diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 2a0bf6b47c..9d7c18c48d 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -1785,6 +1785,55 @@ static bool trans_SINCDEC_v(DisasContext *s, 
arg_incdec2_cnt *a,
 return true;
 }
 
+/*
+ *** SVE Bitwise Immediate Group
+ */
+
+static bool do_zz_dbm(DisasContext *s, arg_rr_dbm *a, GVecGen2iFn *gvec_fn)
+{
+uint64_t imm;
+if (!logic_imm_decode_wmask(&imm, extract32(a->dbm, 12, 1),
+extract32(a->dbm, 0, 6),
+extract32(a->dbm, 6, 6))) {
+return false;
+}
+if (sve_access_check(s)) {
+unsigned vsz = vec_full_reg_size(s);
+gvec_fn(MO_64, vec_full_reg_offset(s, a->rd),
+vec_full_reg_offset(s, a->rn), imm, vsz, vsz);
+}
+return true;
+}
+
+static bool trans_AND_zzi(DisasContext *s, arg_rr_dbm *a, uint32_t insn)
+{
+return do_zz_dbm(s, a, tcg_gen_gvec_andi);
+}
+
+static bool trans_ORR_zzi(DisasContext *s, arg_rr_dbm *a, uint32_t insn)
+{
+return do_zz_dbm(s, a, tcg_gen_gvec_ori);
+}
+
+static bool trans_EOR_zzi(DisasContext *s, arg_rr_dbm *a, uint32_t insn)
+{
+return do_zz_dbm(s, a, tcg_gen_gvec_xori);
+}
+
+static bool trans_DUPM(DisasContext *s, arg_DUPM *a, uint32_t insn)
+{
+uint64_t imm;
+if (!logic_imm_decode_wmask(&imm, extract32(a->dbm, 12, 1),
+extract32(a->dbm, 0, 6),
+extract32(a->dbm, 6, 6))) {
+return false;
+}
+if (sve_access_check(s)) {
+do_dupi_z(s, a->rd, imm);
+}
+return true;
+}
+
 /*
  *** SVE Memory - 32-bit Gather and Unsized Contiguous Group
  */
diff --git a/target/arm/sve.decode b/target/arm/sve.decode
index b6890d0410..a3277a0d21 100644
--- a/target/arm/sve.decode
+++ b/target/arm/sve.decode
@@ -49,6 +49,7 @@
 
 &rr_esz rd rn esz
 &rrird rn imm
+&rr_dbm rd rn dbm
 &rrri   rd rn rm imm
 &rri_eszrd rn imm esz
 &rrr_eszrd rn rm esz
@@ -111,6 +112,10 @@
 @rd_rn_tszimm    .. ... ... .. rn:5 rd:5 \
 &rri_esz esz=%tszimm16_esz
 
+# Two register operand, one encoded bitmask.
+@rdn_dbm ..  dbm:13 rd:5 \
+&rr_dbm rn=%reg_movprfx
+
 # Basic Load/Store with 9-bit immediate offset
 @pd_rn_i9     .. rn:5 . rd:4\
 &rri imm=%imm9_16_10
@@ -330,6 +335,18 @@ INCDEC_v0100 .. 1 1  1100 0 d:1 . 
.@incdec2_cnt u=1
 # Note these require esz != 0.
 SINCDEC_v   0100 .. 1 0  1100 d:1 u:1 . .   @incdec2_cnt
 
+### SVE Bitwise Immediate Group
+
+# SVE bitwise logical with immediate (unpredicated)
+ORR_zzi 0101 00  . .@rdn_dbm
+EOR_zzi 0101 01  . .@rdn_dbm
+AND_zzi 0101 10  . .@rdn_dbm
+
+# SVE broadcast bitmask immediate
+DUPM0101 11  dbm:13 rd:5
+
+### SVE Predicate Logical Operations Group
+
 # SVE predicate logical operations
 AND_00100101 0. 00  01  0  0    @pd_pg_pn_pm_s
 BIC_00100101 0. 00  01  0  1    @pd_pg_pn_pm_s
-- 
2.17.0

[Qemu-devel] [PULL 24/32] target/arm: Implement SVE Stack Allocation Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-18-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/translate-sve.c | 27 +++
 target/arm/sve.decode  | 12 
 2 files changed, 39 insertions(+)

diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index e3a8e9506e..f95efa3c72 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -781,6 +781,33 @@ static bool trans_INDEX_rr(DisasContext *s, arg_INDEX_rr 
*a, uint32_t insn)
 return true;
 }
 
+/*
+ *** SVE Stack Allocation Group
+ */
+
+static bool trans_ADDVL(DisasContext *s, arg_ADDVL *a, uint32_t insn)
+{
+TCGv_i64 rd = cpu_reg_sp(s, a->rd);
+TCGv_i64 rn = cpu_reg_sp(s, a->rn);
+tcg_gen_addi_i64(rd, rn, a->imm * vec_full_reg_size(s));
+return true;
+}
+
+static bool trans_ADDPL(DisasContext *s, arg_ADDPL *a, uint32_t insn)
+{
+TCGv_i64 rd = cpu_reg_sp(s, a->rd);
+TCGv_i64 rn = cpu_reg_sp(s, a->rn);
+tcg_gen_addi_i64(rd, rn, a->imm * pred_full_reg_size(s));
+return true;
+}
+
+static bool trans_RDVL(DisasContext *s, arg_RDVL *a, uint32_t insn)
+{
+TCGv_i64 reg = cpu_reg(s, a->rd);
+tcg_gen_movi_i64(reg, a->imm * vec_full_reg_size(s));
+return true;
+}
+
 /*
  *** SVE Predicate Logical Operations Group
  */
diff --git a/target/arm/sve.decode b/target/arm/sve.decode
index 4f9f64f5ab..9d5c061165 100644
--- a/target/arm/sve.decode
+++ b/target/arm/sve.decode
@@ -84,6 +84,9 @@
 # One register operand, with governing predicate, vector element size
 @rd_pg_rn    esz:2 ... ... ... pg:3 rn:5 rd:5   &rpr_esz
 
+# Two register operands with a 6-bit signed immediate.
+@rd_rn_i6    ... rn:5 . imm:s6 rd:5 &rri
+
 # Two register operand, one immediate operand, with predicate,
 # element size encoded as TSZHL.  User must fill in imm.
 @rdn_pg_tszimm   .. ... ... ... pg:3 . rd:5 \
@@ -238,6 +241,15 @@ INDEX_ri0100 esz:2 1 imm:s5 010001 rn:5 rd:5
 # SVE index generation (register start, register increment)
 INDEX_rr0100 .. 1 . 010011 . .  @rd_rn_rm
 
+### SVE Stack Allocation Group
+
+# SVE stack frame adjustment
+ADDVL   0100 001 . 01010 .. .   @rd_rn_i6
+ADDPL   0100 011 . 01010 .. .   @rd_rn_i6
+
+# SVE stack frame size
+RDVL0100 101 1 01010 imm:s6 rd:5
+
 ### SVE Predicate Logical Operations Group
 
 # SVE predicate logical operations
-- 
2.17.0

[Qemu-devel] [PULL 17/32] target/arm: Implement SVE bitwise shift by immediate (predicated)

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-11-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h|  25 
 target/arm/sve_helper.c| 264 +
 target/arm/translate-sve.c | 130 ++
 target/arm/sve.decode  |  26 
 4 files changed, 445 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 6b6bbeb272..b3c89579af 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -212,6 +212,31 @@ DEF_HELPER_FLAGS_3(sve_uminv_h, TCG_CALL_NO_RWG, i64, ptr, 
ptr, i32)
 DEF_HELPER_FLAGS_3(sve_uminv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(sve_uminv_d, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_3(sve_clr_b, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_clr_h, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_clr_s, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_clr_d, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_asr_zpzi_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_asr_zpzi_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_asr_zpzi_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_asr_zpzi_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_lsr_zpzi_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_lsr_zpzi_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_lsr_zpzi_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_lsr_zpzi_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_lsl_zpzi_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_lsl_zpzi_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_lsl_zpzi_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_lsl_zpzi_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_asrd_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_asrd_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_asrd_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_asrd_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index c1719e407a..b6b9a08965 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -93,6 +93,150 @@ uint32_t HELPER(sve_predtest)(void *vd, void *vg, uint32_t 
words)
 return flags;
 }
 
+/* Expand active predicate bits to bytes, for byte elements.
+ *  for (i = 0; i < 256; ++i) {
+ *  unsigned long m = 0;
+ *  for (j = 0; j < 8; j++) {
+ *  if ((i >> j) & 1) {
+ *  m |= 0xfful << (j << 3);
+ *  }
+ *  }
+ *  printf("0x%016lx,\n", m);
+ *  }
+ */
+static inline uint64_t expand_pred_b(uint8_t byte)
+{
+static const uint64_t word[256] = {
+0x, 0x00ff, 0xff00,
+0x, 0x00ff, 0x00ff00ff,
+0x0000, 0x00ff, 0xff00,
+0xffff, 0xff00ff00, 0xff00,
+0x, 0x00ff, 0xff00,
+0x, 0x00ff, 0x00ff00ff,
+0x00ffff00, 0x00ff, 0x00ff00ff,
+0x00ff00ff00ff, 0x00ff0000, 0x00ff00ff,
+0x0000, 0x00ff, 0x0000ff00,
+0x0000, 0x00ff, 0x00ff00ff,
+0x0000, 0x00ff, 0xff00,
+0xffff, 0xff00ff00, 0xff00,
+0xffff, 0xffff00ff, 0xff00,
+0xffff, 0xff00ff00, 0xff00ffff,
+0xff00ff00ff00, 0xff00ff00, 0xff00,
+0xff0000ff, 0xff00ff00, 0xff00,
+0x, 0x00ff, 0xff00,
+0x, 0x00ff, 0x00ff00ff,
+0x0000, 0x00ff, 0xff00,
+0xffff, 0xff00ff00, 0xff00,
+0x, 0x00ff, 0xff00,
+0x, 0x00ff, 0x00ff00ff,
+0x00ffff00, 0x00ff, 0x00ff00ff,
+0x00ff00ff00ff, 0x00ff0000, 0x00ff00ff,
+0x00ffff00, 0x00ffffff, 0x00ffff00ff00

[Qemu-devel] [PULL 12/32] target/arm: Implement SVE predicate test

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-6-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/Makefile.objs   |  2 +-
 target/arm/helper-sve.h| 21 ++
 target/arm/helper.h|  1 +
 target/arm/sve_helper.c| 78 ++
 target/arm/translate-sve.c | 65 +++
 target/arm/sve.decode  |  5 +++
 6 files changed, 171 insertions(+), 1 deletion(-)
 create mode 100644 target/arm/helper-sve.h
 create mode 100644 target/arm/sve_helper.c

diff --git a/target/arm/Makefile.objs b/target/arm/Makefile.objs
index a6f733eaa8..11c7baf8a3 100644
--- a/target/arm/Makefile.objs
+++ b/target/arm/Makefile.objs
@@ -19,4 +19,4 @@ target/arm/decode-sve.inc.c: 
$(SRC_PATH)/target/arm/sve.decode $(DECODETREE)
  "GEN", $(TARGET_DIR)$@)
 
 target/arm/translate-sve.o: target/arm/decode-sve.inc.c
-obj-$(TARGET_AARCH64) += translate-sve.o
+obj-$(TARGET_AARCH64) += translate-sve.o sve_helper.o
diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
new file mode 100644
index 00..b6e91539ae
--- /dev/null
+++ b/target/arm/helper-sve.h
@@ -0,0 +1,21 @@
+/*
+ *  AArch64 SVE specific helper definitions
+ *
+ *  Copyright (c) 2018 Linaro, Ltd
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+DEF_HELPER_FLAGS_2(sve_predtest1, TCG_CALL_NO_WG, i32, i64, i64)
+DEF_HELPER_FLAGS_3(sve_predtest, TCG_CALL_NO_WG, i32, ptr, ptr, i32)
diff --git a/target/arm/helper.h b/target/arm/helper.h
index 047f3bc1ca..0c6a144458 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -603,4 +603,5 @@ DEF_HELPER_FLAGS_5(gvec_fcmlad, TCG_CALL_NO_RWG,
 
 #ifdef TARGET_AARCH64
 #include "helper-a64.h"
+#include "helper-sve.h"
 #endif
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
new file mode 100644
index 00..1ebb67e1df
--- /dev/null
+++ b/target/arm/sve_helper.c
@@ -0,0 +1,78 @@
+/*
+ * ARM SVE Operations
+ *
+ * Copyright (c) 2018 Linaro, Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "exec/cpu_ldst.h"
+#include "exec/helper-proto.h"
+#include "tcg/tcg-gvec-desc.h"
+
+
+/* Return a value for NZCV as per the ARM PredTest pseudofunction.
+ *
+ * The return value has bit 31 set if N is set, bit 1 set if Z is clear,
+ * and bit 0 set if C is set.  Compare the definitions of these variables
+ * within CPUARMState.
+ */
+
+/* For no G bits set, NZCV = C.  */
+#define PREDTEST_INIT  1
+
+/* This is an iterative function, called for each Pd and Pg word
+ * moving forward.
+ */
+static uint32_t iter_predtest_fwd(uint64_t d, uint64_t g, uint32_t flags)
+{
+if (likely(g)) {
+/* Compute N from first D & G.
+   Use bit 2 to signal first G bit seen.  */
+if (!(flags & 4)) {
+flags |= ((d & (g & -g)) != 0) << 31;
+flags |= 4;
+}
+
+/* Accumulate Z from each D & G.  */
+flags |= ((d & g) != 0) << 1;
+
+/* Compute C from last !(D & G).  Replace previous.  */
+flags = deposit32(flags, 0, 1, (d & pow2floor(g)) == 0);
+}
+return flags;
+}
+
+/* The same for a single word predicate.  */
+uint32_t HELPER(sve_predtest1)(uint64_t d, uint64_t g)
+{
+return iter_predtest_fwd(d, g, PREDTEST_INIT);
+}
+
+/* The same for a multi-word predicate.  */
+uint32_t HELPER(sve_predtest)(void *vd, void *vg, uint32_t words)
+{
+uint32_t flags = PREDTEST_INIT;
+uint64_t *d = vd, *g = vg;
+uintptr_t i = 0;
+
+do {
+flags = iter_predtest_fwd(d[i], g[i], flags);
+} while (++i < words);
+
+return flags;
+}

[Qemu-devel] [PULL 28/32] target/arm: Implement SVE floating-point trig select coefficient

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-22-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h|  4 
 target/arm/sve_helper.c| 43 ++
 target/arm/translate-sve.c | 21 +++
 target/arm/sve.decode  |  4 
 4 files changed, 72 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index e2925ff8ec..4f1bd5a62f 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -389,6 +389,10 @@ DEF_HELPER_FLAGS_3(sve_fexpa_h, TCG_CALL_NO_RWG, void, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(sve_fexpa_s, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(sve_fexpa_d, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(sve_ftssel_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_ftssel_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_ftssel_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 6ffb126821..85a0639e3a 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -23,6 +23,7 @@
 #include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 #include "tcg/tcg-gvec-desc.h"
+#include "fpu/softfloat.h"
 
 
 /* Note that vector data is stored in host-endian 64-bit chunks,
@@ -1192,3 +1193,45 @@ void HELPER(sve_fexpa_d)(void *vd, void *vn, uint32_t 
desc)
 d[i] = coeff[idx] | (exp << 52);
 }
 }
+
+void HELPER(sve_ftssel_h)(void *vd, void *vn, void *vm, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 2;
+uint16_t *d = vd, *n = vn, *m = vm;
+for (i = 0; i < opr_sz; i += 1) {
+uint16_t nn = n[i];
+uint16_t mm = m[i];
+if (mm & 1) {
+nn = float16_one;
+}
+d[i] = nn ^ (mm & 2) << 14;
+}
+}
+
+void HELPER(sve_ftssel_s)(void *vd, void *vn, void *vm, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 4;
+uint32_t *d = vd, *n = vn, *m = vm;
+for (i = 0; i < opr_sz; i += 1) {
+uint32_t nn = n[i];
+uint32_t mm = m[i];
+if (mm & 1) {
+nn = float32_one;
+}
+d[i] = nn ^ (mm & 2) << 30;
+}
+}
+
+void HELPER(sve_ftssel_d)(void *vd, void *vn, void *vm, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t *d = vd, *n = vn, *m = vm;
+for (i = 0; i < opr_sz; i += 1) {
+uint64_t nn = n[i];
+uint64_t mm = m[i];
+if (mm & 1) {
+nn = float64_one;
+}
+d[i] = nn ^ (mm & 2) << 62;
+}
+}
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 54d774b5e0..ea8d2c4112 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -953,6 +953,27 @@ static bool trans_FEXPA(DisasContext *s, arg_rr_esz *a, 
uint32_t insn)
 return true;
 }
 
+static bool trans_FTSSEL(DisasContext *s, arg_rrr_esz *a, uint32_t insn)
+{
+static gen_helper_gvec_3 * const fns[4] = {
+NULL,
+gen_helper_sve_ftssel_h,
+gen_helper_sve_ftssel_s,
+gen_helper_sve_ftssel_d,
+};
+if (a->esz == 0) {
+return false;
+}
+if (sve_access_check(s)) {
+unsigned vsz = vec_full_reg_size(s);
+tcg_gen_gvec_3_ool(vec_full_reg_offset(s, a->rd),
+   vec_full_reg_offset(s, a->rn),
+   vec_full_reg_offset(s, a->rm),
+   vsz, vsz, 0, fns[a->esz]);
+}
+return true;
+}
+
 /*
  *** SVE Predicate Logical Operations Group
  */
diff --git a/target/arm/sve.decode b/target/arm/sve.decode
index cd53b95831..224dfdd1e9 100644
--- a/target/arm/sve.decode
+++ b/target/arm/sve.decode
@@ -295,6 +295,10 @@ ADR_p64 0100 11 1 . 1010 .. . .
 @rd_rn_msz_rm
 # Note esz != 0
 FEXPA   0100 .. 1 0 101110 . .  @rd_rn
 
+# SVE floating-point trig select coefficient
+# Note esz != 0
+FTSSEL  0100 .. 1 . 101100 . .  @rd_rn_rm
+
 ### SVE Predicate Logical Operations Group
 
 # SVE predicate logical operations
-- 
2.17.0

[Qemu-devel] [PULL 21/32] target/arm: Implement SVE Integer Multiply-Add Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-15-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h| 18 
 target/arm/sve_helper.c| 57 ++
 target/arm/translate-sve.c | 34 +++
 target/arm/sve.decode  | 17 
 4 files changed, 126 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 11644125d1..b31d497f31 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -345,6 +345,24 @@ DEF_HELPER_FLAGS_4(sve_neg_h, TCG_CALL_NO_RWG, void, ptr, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve_neg_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve_neg_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_6(sve_mla_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_6(sve_mla_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_6(sve_mla_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_6(sve_mla_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_6(sve_mls_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_6(sve_mls_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_6(sve_mls_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_6(sve_mls_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 236d21e771..56a4eb71d5 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -935,3 +935,60 @@ DO_ZPZI_D(sve_asrd_d, int64_t, DO_ASRD)
 #undef DO_ASRD
 #undef DO_ZPZI
 #undef DO_ZPZI_D
+
+/* Fully general four-operand expander, controlled by a predicate.
+ */
+#define DO_ZPZZZ(NAME, TYPE, H, OP)   \
+void HELPER(NAME)(void *vd, void *va, void *vn, void *vm, \
+  void *vg, uint32_t desc)\
+{ \
+intptr_t i, opr_sz = simd_oprsz(desc);\
+for (i = 0; i < opr_sz; ) {   \
+uint16_t pg = *(uint16_t *)(vg + H1_2(i >> 3));   \
+do {  \
+if (pg & 1) { \
+TYPE nn = *(TYPE *)(vn + H(i));   \
+TYPE mm = *(TYPE *)(vm + H(i));   \
+TYPE aa = *(TYPE *)(va + H(i));   \
+*(TYPE *)(vd + H(i)) = OP(aa, nn, mm);\
+} \
+i += sizeof(TYPE), pg >>= sizeof(TYPE);   \
+} while (i & 15); \
+} \
+}
+
+/* Similarly, specialized for 64-bit operands.  */
+#define DO_ZPZZZ_D(NAME, TYPE, OP)\
+void HELPER(NAME)(void *vd, void *va, void *vn, void *vm, \
+  void *vg, uint32_t desc)\
+{ \
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;\
+TYPE *d = vd, *a = va, *n = vn, *m = vm;  \
+uint8_t *pg = vg; \
+for (i = 0; i < opr_sz; i += 1) { \
+if (pg[H1(i)] & 1) {  \
+TYPE aa = a[i], nn = n[i], mm = m[i]; \
+d[i] = OP(aa, nn, mm);\
+} \
+} \
+}
+
+#define DO_MLA(A, N, M)  (A + N * M)
+#define DO_MLS(A, N, M)  (A - N * M)
+
+DO_ZPZZZ(sve_mla_b, uint8_t, H1, DO_MLA)
+DO_ZPZZZ(sve_mls_b, uint8_t, H1, DO_MLS)
+
+DO_ZPZZZ(sve_mla_h, uint16_t, H1_2, DO_MLA)
+DO_ZPZZZ(sve_mls_h, uint16_t, H1_2, DO_MLS)
+
+DO_ZPZZZ(sve_mla_s, uint32_t, H1_4, DO_MLA)
+DO_ZPZZZ(sve_mls_s, uint32_t, H1_4, DO_MLS)
+
+DO_ZPZZZ_D(sve_mla_d, uint64_t, DO_MLA)
+DO_ZPZZZ_D(sve_mls_d, uint64_t, DO_MLS)
+
+#undef DO_MLA
+#undef DO_MLS
+#undef DO_ZPZZZ
+#undef DO_ZPZZZ_D
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 52f1b4dbf5..f14bb2196a 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -634,6 +634,40 @@ DO_ZPZW(LSL, lsl)

[Qemu-devel] [PULL 26/32] target/arm: Implement SVE Compute Vector Address Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-20-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h|  5 +
 target/arm/sve_helper.c| 40 ++
 target/arm/translate-sve.c | 36 ++
 target/arm/sve.decode  | 12 
 4 files changed, 93 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 00e3cd48bb..5280d375f9 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -380,6 +380,11 @@ DEF_HELPER_FLAGS_4(sve_lsl_zzw_b, TCG_CALL_NO_RWG, void, 
ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve_lsl_zzw_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(sve_lsl_zzw_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(sve_adr_p32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_adr_p64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_adr_s32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_adr_u32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index f43640c1eb..7fa8394aec 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -1062,3 +1062,43 @@ void HELPER(sve_index_d)(void *vd, uint64_t start,
 d[i] = start + i * incr;
 }
 }
+
+void HELPER(sve_adr_p32)(void *vd, void *vn, void *vm, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 4;
+uint32_t sh = simd_data(desc);
+uint32_t *d = vd, *n = vn, *m = vm;
+for (i = 0; i < opr_sz; i += 1) {
+d[i] = n[i] + (m[i] << sh);
+}
+}
+
+void HELPER(sve_adr_p64)(void *vd, void *vn, void *vm, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t sh = simd_data(desc);
+uint64_t *d = vd, *n = vn, *m = vm;
+for (i = 0; i < opr_sz; i += 1) {
+d[i] = n[i] + (m[i] << sh);
+}
+}
+
+void HELPER(sve_adr_s32)(void *vd, void *vn, void *vm, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t sh = simd_data(desc);
+uint64_t *d = vd, *n = vn, *m = vm;
+for (i = 0; i < opr_sz; i += 1) {
+d[i] = n[i] + ((uint64_t)(int32_t)m[i] << sh);
+}
+}
+
+void HELPER(sve_adr_u32)(void *vd, void *vn, void *vm, uint32_t desc)
+{
+intptr_t i, opr_sz = simd_oprsz(desc) / 8;
+uint64_t sh = simd_data(desc);
+uint64_t *d = vd, *n = vn, *m = vm;
+for (i = 0; i < opr_sz; i += 1) {
+d[i] = n[i] + ((uint64_t)(uint32_t)m[i] << sh);
+}
+}
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 2c2218bc31..8924848463 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -893,6 +893,42 @@ static bool trans_RDVL(DisasContext *s, arg_RDVL *a, 
uint32_t insn)
 return true;
 }
 
+/*
+ *** SVE Compute Vector Address Group
+ */
+
+static bool do_adr(DisasContext *s, arg_rrri *a, gen_helper_gvec_3 *fn)
+{
+if (sve_access_check(s)) {
+unsigned vsz = vec_full_reg_size(s);
+tcg_gen_gvec_3_ool(vec_full_reg_offset(s, a->rd),
+   vec_full_reg_offset(s, a->rn),
+   vec_full_reg_offset(s, a->rm),
+   vsz, vsz, a->imm, fn);
+}
+return true;
+}
+
+static bool trans_ADR_p32(DisasContext *s, arg_rrri *a, uint32_t insn)
+{
+return do_adr(s, a, gen_helper_sve_adr_p32);
+}
+
+static bool trans_ADR_p64(DisasContext *s, arg_rrri *a, uint32_t insn)
+{
+return do_adr(s, a, gen_helper_sve_adr_p64);
+}
+
+static bool trans_ADR_s32(DisasContext *s, arg_rrri *a, uint32_t insn)
+{
+return do_adr(s, a, gen_helper_sve_adr_s32);
+}
+
+static bool trans_ADR_u32(DisasContext *s, arg_rrri *a, uint32_t insn)
+{
+return do_adr(s, a, gen_helper_sve_adr_u32);
+}
+
 /*
  *** SVE Predicate Logical Operations Group
  */
diff --git a/target/arm/sve.decode b/target/arm/sve.decode
index b24f6b2f1b..691876de4e 100644
--- a/target/arm/sve.decode
+++ b/target/arm/sve.decode
@@ -48,6 +48,7 @@
 
 &rr_esz rd rn esz
 &rrird rn imm
+&rrri   rd rn rm imm
 &rri_eszrd rn imm esz
 &rrr_eszrd rn rm esz
 &rpr_eszrd pg rn esz
@@ -75,6 +76,9 @@
 # Three operand, vector element size
 @rd_rn_rm    esz:2 . rm:5 ... ... rn:5 rd:5 &rrr_esz
 
+# Three operand with "memory" size, aka immediate left shift
+@rd_rn_msz_rm    ... rm:5  imm:2 rn:5 rd:5  &rrri
+
 # Two register operand, with governing predicate, vector element size
 @rdn_pg_rm   esz:2 ... ... ... pg:3 rm:5 rd:5 \
 &rprr_esz rn=%reg_movprfx
@@ -276,

[Qemu-devel] [PULL 18/32] target/arm: Implement SVE bitwise shift by vector (predicated)

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-12-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h| 27 +++
 target/arm/sve_helper.c| 25 +
 target/arm/translate-sve.c |  4 
 target/arm/sve.decode  |  8 
 4 files changed, 64 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index b3c89579af..0cc02ee59e 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -168,6 +168,33 @@ DEF_HELPER_FLAGS_5(sve_udiv_zpzz_s, TCG_CALL_NO_RWG,
 DEF_HELPER_FLAGS_5(sve_udiv_zpzz_d, TCG_CALL_NO_RWG,
void, ptr, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_5(sve_asr_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_asr_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_asr_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_asr_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_lsr_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_lsr_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_lsr_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_lsr_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_lsl_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_lsl_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_lsl_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_lsl_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_3(sve_orv_b, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(sve_orv_h, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(sve_orv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index b6b9a08965..ece3a81ad3 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -440,6 +440,28 @@ DO_ZPZZ_D(sve_sdiv_zpzz_d, int64_t, DO_DIV)
 DO_ZPZZ(sve_udiv_zpzz_s, uint32_t, H1_4, DO_DIV)
 DO_ZPZZ_D(sve_udiv_zpzz_d, uint64_t, DO_DIV)
 
+/* Note that all bits of the shift are significant
+   and not modulo the element size.  */
+#define DO_ASR(N, M)  (N >> MIN(M, sizeof(N) * 8 - 1))
+#define DO_LSR(N, M)  (M < sizeof(N) * 8 ? N >> M : 0)
+#define DO_LSL(N, M)  (M < sizeof(N) * 8 ? N << M : 0)
+
+DO_ZPZZ(sve_asr_zpzz_b, int8_t, H1, DO_ASR)
+DO_ZPZZ(sve_lsr_zpzz_b, uint8_t, H1_2, DO_LSR)
+DO_ZPZZ(sve_lsl_zpzz_b, uint8_t, H1_4, DO_LSL)
+
+DO_ZPZZ(sve_asr_zpzz_h, int16_t, H1, DO_ASR)
+DO_ZPZZ(sve_lsr_zpzz_h, uint16_t, H1_2, DO_LSR)
+DO_ZPZZ(sve_lsl_zpzz_h, uint16_t, H1_4, DO_LSL)
+
+DO_ZPZZ(sve_asr_zpzz_s, int32_t, H1, DO_ASR)
+DO_ZPZZ(sve_lsr_zpzz_s, uint32_t, H1_2, DO_LSR)
+DO_ZPZZ(sve_lsl_zpzz_s, uint32_t, H1_4, DO_LSL)
+
+DO_ZPZZ_D(sve_asr_zpzz_d, int64_t, DO_ASR)
+DO_ZPZZ_D(sve_lsr_zpzz_d, uint64_t, DO_LSR)
+DO_ZPZZ_D(sve_lsl_zpzz_d, uint64_t, DO_LSL)
+
 #undef DO_ZPZZ
 #undef DO_ZPZZ_D
 
@@ -544,6 +566,9 @@ DO_VPZ_D(sve_uminv_d, uint64_t, uint64_t, -1, DO_MIN)
 #undef DO_ABD
 #undef DO_MUL
 #undef DO_DIV
+#undef DO_ASR
+#undef DO_LSR
+#undef DO_LSL
 
 /* Similar to the ARM LastActiveElement pseudocode function, except the
result is multiplied by the element size.  This includes the not found
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 7607a90a4a..f0400e35d9 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -301,6 +301,10 @@ DO_ZPZZ(MUL, mul)
 DO_ZPZZ(SMULH, smulh)
 DO_ZPZZ(UMULH, umulh)
 
+DO_ZPZZ(ASR, asr)
+DO_ZPZZ(LSR, lsr)
+DO_ZPZZ(LSL, lsl)
+
 static bool trans_SDIV_zpzz(DisasContext *s, arg_rprr_esz *a, uint32_t insn)
 {
 static gen_helper_gvec_4 * const fns[4] = {
diff --git a/target/arm/sve.decode b/target/arm/sve.decode
index a1791c1d7b..8267963b6b 100644
--- a/target/arm/sve.decode
+++ b/target/arm/sve.decode
@@ -149,6 +149,14 @@ LSL_zpzi0100 .. 000 011 100 ... .. ... . \
 ASRD0100 .. 000 100 100 ... .. ... . \
 @rdn_pg_tszimm imm=%tszimm_shr
 
+# SVE bitwise shift by vector (predicated)
+ASR_zpzz0100 .. 010 000 100 ... . .   @rdn_pg_rm
+LSR_zpzz0100 .. 010 001 100 ... . .   @rdn_pg_rm
+LSL_zpzz0100 .. 010 011 100 ... . .   @rdn_pg_rm
+ASR_zpzz0100 .. 010 100 100 ... . .   @rdm_pg_rn # ASRR
+LSR_zpzz0100 .. 010 101 100 ... . .   @rdm_pg_rn # LSRR
+LSL_zpzz0100 .. 010 111 100 ... . .   @rdm_pg_rn # LSLR

[Qemu-devel] [PULL 08/32] target/arm: Introduce translate-a64.h

[Peter Maydell]

From: Richard Henderson 

Move some stuff that will be common to both translate-a64.c
and translate-sve.c.

Reviewed-by: Alex Bennée 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-2-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/translate-a64.h | 118 +
 target/arm/translate-a64.c | 112 +--
 2 files changed, 133 insertions(+), 97 deletions(-)
 create mode 100644 target/arm/translate-a64.h

diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h
new file mode 100644
index 00..dd9c09f89b
--- /dev/null
+++ b/target/arm/translate-a64.h
@@ -0,0 +1,118 @@
+/*
+ *  AArch64 translation, common definitions.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#ifndef TARGET_ARM_TRANSLATE_A64_H
+#define TARGET_ARM_TRANSLATE_A64_H
+
+void unallocated_encoding(DisasContext *s);
+
+#define unsupported_encoding(s, insn)\
+do { \
+qemu_log_mask(LOG_UNIMP, \
+  "%s:%d: unsupported instruction encoding 0x%08x "  \
+  "at pc=%016" PRIx64 "\n",  \
+  __FILE__, __LINE__, insn, s->pc - 4);  \
+unallocated_encoding(s); \
+} while (0)
+
+TCGv_i64 new_tmp_a64(DisasContext *s);
+TCGv_i64 new_tmp_a64_zero(DisasContext *s);
+TCGv_i64 cpu_reg(DisasContext *s, int reg);
+TCGv_i64 cpu_reg_sp(DisasContext *s, int reg);
+TCGv_i64 read_cpu_reg(DisasContext *s, int reg, int sf);
+TCGv_i64 read_cpu_reg_sp(DisasContext *s, int reg, int sf);
+void write_fp_dreg(DisasContext *s, int reg, TCGv_i64 v);
+TCGv_ptr get_fpstatus_ptr(bool);
+bool logic_imm_decode_wmask(uint64_t *result, unsigned int immn,
+unsigned int imms, unsigned int immr);
+uint64_t vfp_expand_imm(int size, uint8_t imm8);
+bool sve_access_check(DisasContext *s);
+
+/* We should have at some point before trying to access an FP register
+ * done the necessary access check, so assert that
+ * (a) we did the check and
+ * (b) we didn't then just plough ahead anyway if it failed.
+ * Print the instruction pattern in the abort message so we can figure
+ * out what we need to fix if a user encounters this problem in the wild.
+ */
+static inline void assert_fp_access_checked(DisasContext *s)
+{
+#ifdef CONFIG_DEBUG_TCG
+if (unlikely(!s->fp_access_checked || s->fp_excp_el)) {
+fprintf(stderr, "target-arm: FP access check missing for "
+"instruction 0x%08x\n", s->insn);
+abort();
+}
+#endif
+}
+
+/* Return the offset into CPUARMState of an element of specified
+ * size, 'element' places in from the least significant end of
+ * the FP/vector register Qn.
+ */
+static inline int vec_reg_offset(DisasContext *s, int regno,
+ int element, TCGMemOp size)
+{
+int offs = 0;
+#ifdef HOST_WORDS_BIGENDIAN
+/* This is complicated slightly because vfp.zregs[n].d[0] is
+ * still the low half and vfp.zregs[n].d[1] the high half
+ * of the 128 bit vector, even on big endian systems.
+ * Calculate the offset assuming a fully bigendian 128 bits,
+ * then XOR to account for the order of the two 64 bit halves.
+ */
+offs += (16 - ((element + 1) * (1 << size)));
+offs ^= 8;
+#else
+offs += element * (1 << size);
+#endif
+offs += offsetof(CPUARMState, vfp.zregs[regno]);
+assert_fp_access_checked(s);
+return offs;
+}
+
+/* Return the offset info CPUARMState of the "whole" vector register Qn.  */
+static inline int vec_full_reg_offset(DisasContext *s, int regno)
+{
+assert_fp_access_checked(s);
+return offsetof(CPUARMState, vfp.zregs[regno]);
+}
+
+/* Return a newly allocated pointer to the vector register.  */
+static inline TCGv_ptr vec_full_reg_ptr(DisasContext *s, int regno)
+{
+TCGv_ptr ret = tcg_temp_new_ptr();
+tcg_gen_addi_ptr(ret, cpu_env, vec_full_reg_offset(s, regno));
+return ret;
+}
+
+/* Return the byte size of the "whole" vector register, VL / 8.  */
+static inline int vec_full_reg_size(DisasContext *s)
+{
+return s->sve_len;
+}
+
+bool disas_

[Qemu-devel] [PULL 15/32] target/arm: Implement SVE Integer Binary Arithmetic - Predicated Group

[Peter Maydell]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-9-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h| 145 +++
 target/arm/sve_helper.c| 194 +
 target/arm/translate-sve.c |  68 +
 target/arm/sve.decode  |  42 
 4 files changed, 449 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 0c04afff8c..5b82ba1501 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -23,6 +23,151 @@ DEF_HELPER_FLAGS_3(sve_predtest, TCG_CALL_NO_WG, i32, ptr, 
ptr, i32)
 DEF_HELPER_FLAGS_3(sve_pfirst, TCG_CALL_NO_WG, i32, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(sve_pnext, TCG_CALL_NO_WG, i32, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_5(sve_and_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_and_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_and_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_and_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_eor_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_eor_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_eor_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_eor_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_orr_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_orr_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_orr_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_orr_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_bic_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_bic_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_bic_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_bic_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_add_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_add_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_add_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_add_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_sub_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_sub_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_sub_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_sub_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_smax_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_smax_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_smax_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_smax_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_umax_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_umax_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_umax_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_umax_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_smin_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_smin_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_smin_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_smin_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_umin_zpzz_b, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_umin_zpzz_h, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_umin_zpzz_s, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(sve_umin_zpzz_d, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)

[Qemu-devel] [PULL 25/32] target/arm: Implement SVE Bitwise Shift - Unpredicated Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-19-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h| 12 ++
 target/arm/sve_helper.c| 30 ++
 target/arm/translate-sve.c | 85 ++
 target/arm/sve.decode  | 26 
 4 files changed, 153 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 2a2dbe98dd..00e3cd48bb 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -368,6 +368,18 @@ DEF_HELPER_FLAGS_4(sve_index_h, TCG_CALL_NO_RWG, void, 
ptr, i32, i32, i32)
 DEF_HELPER_FLAGS_4(sve_index_s, TCG_CALL_NO_RWG, void, ptr, i32, i32, i32)
 DEF_HELPER_FLAGS_4(sve_index_d, TCG_CALL_NO_RWG, void, ptr, i64, i64, i32)
 
+DEF_HELPER_FLAGS_4(sve_asr_zzw_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_asr_zzw_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_asr_zzw_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_lsr_zzw_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_lsr_zzw_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_lsr_zzw_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(sve_lsl_zzw_b, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_lsl_zzw_h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(sve_lsl_zzw_s, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 385bb8b314..f43640c1eb 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -615,6 +615,36 @@ DO_ZPZ(sve_neg_h, uint16_t, H1_2, DO_NEG)
 DO_ZPZ(sve_neg_s, uint32_t, H1_4, DO_NEG)
 DO_ZPZ_D(sve_neg_d, uint64_t, DO_NEG)
 
+/* Three-operand expander, unpredicated, in which the third operand is "wide".
+ */
+#define DO_ZZW(NAME, TYPE, TYPEW, H, OP)   \
+void HELPER(NAME)(void *vd, void *vn, void *vm, uint32_t desc) \
+{  \
+intptr_t i, opr_sz = simd_oprsz(desc); \
+for (i = 0; i < opr_sz; ) {\
+TYPEW mm = *(TYPEW *)(vm + i); \
+do {   \
+TYPE nn = *(TYPE *)(vn + H(i));\
+*(TYPE *)(vd + H(i)) = OP(nn, mm); \
+i += sizeof(TYPE); \
+} while (i & 7);   \
+}  \
+}
+
+DO_ZZW(sve_asr_zzw_b, int8_t, uint64_t, H1, DO_ASR)
+DO_ZZW(sve_lsr_zzw_b, uint8_t, uint64_t, H1, DO_LSR)
+DO_ZZW(sve_lsl_zzw_b, uint8_t, uint64_t, H1, DO_LSL)
+
+DO_ZZW(sve_asr_zzw_h, int16_t, uint64_t, H1_2, DO_ASR)
+DO_ZZW(sve_lsr_zzw_h, uint16_t, uint64_t, H1_2, DO_LSR)
+DO_ZZW(sve_lsl_zzw_h, uint16_t, uint64_t, H1_2, DO_LSL)
+
+DO_ZZW(sve_asr_zzw_s, int32_t, uint64_t, H1_4, DO_ASR)
+DO_ZZW(sve_lsr_zzw_s, uint32_t, uint64_t, H1_4, DO_LSR)
+DO_ZZW(sve_lsl_zzw_s, uint32_t, uint64_t, H1_4, DO_LSL)
+
+#undef DO_ZZW
+
 #undef DO_CLS_B
 #undef DO_CLS_H
 #undef DO_CLZ_B
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index f95efa3c72..2c2218bc31 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -134,6 +134,13 @@ static bool do_mov_z(DisasContext *s, int rd, int rn)
 return do_vector2_z(s, tcg_gen_gvec_mov, 0, rd, rn);
 }
 
+/* Initialize a Zreg with replications of a 64-bit immediate.  */
+static void do_dupi_z(DisasContext *s, int rd, uint64_t word)
+{
+unsigned vsz = vec_full_reg_size(s);
+tcg_gen_gvec_dup64i(vec_full_reg_offset(s, rd), vsz, vsz, word);
+}
+
 /* Invoke a vector expander on two Pregs.  */
 static bool do_vector2_p(DisasContext *s, GVecGen2Fn *gvec_fn,
  int esz, int rd, int rn)
@@ -668,6 +675,84 @@ DO_ZPZW(LSL, lsl)
 
 #undef DO_ZPZW
 
+/*
+ *** SVE Bitwise Shift - Unpredicated Group
+ */
+
+static bool do_shift_imm(DisasContext *s, arg_rri_esz *a, bool asr,
+ void (*gvec_fn)(unsigned, uint32_t, uint32_t,
+ int64_t, uint32_t, uint32_t))
+{
+if (a->esz < 0) {
+/* Invalid tsz encoding -- see tszimm_esz. */
+return false;
+}
+if (sve_access_check(s)) {
+unsigned vsz = vec_full_reg_size(s);
+/* Shift by element size is architecturally valid.  For
+   arithmetic right-shift, it's the same as by one less.
+   Otherwise it is a zeroing operation.  */
+if (a->i

[Qemu-devel] [PULL 04/32] xlnx-zdma: Add a model of the Xilinx ZynqMP generic DMA

[Peter Maydell]

From: Francisco Iglesias 

Add a model of the generic DMA found on Xilinx ZynqMP.

Signed-off-by: Francisco Iglesias 
Signed-off-by: Edgar E. Iglesias 
Reviewed-by: Edgar E. Iglesias 
Message-id: 20180503214201.29082-2-frasse.igles...@gmail.com
Signed-off-by: Peter Maydell 
---
 hw/dma/Makefile.objs   |   1 +
 include/hw/dma/xlnx-zdma.h |  84 
 hw/dma/xlnx-zdma.c | 832 +
 3 files changed, 917 insertions(+)
 create mode 100644 include/hw/dma/xlnx-zdma.h
 create mode 100644 hw/dma/xlnx-zdma.c

diff --git a/hw/dma/Makefile.objs b/hw/dma/Makefile.objs
index c2afecbf73..79affecc39 100644
--- a/hw/dma/Makefile.objs
+++ b/hw/dma/Makefile.objs
@@ -10,6 +10,7 @@ common-obj-$(CONFIG_ETRAXFS) += etraxfs_dma.o
 common-obj-$(CONFIG_STP2000) += sparc32_dma.o
 obj-$(CONFIG_XLNX_ZYNQMP) += xlnx_dpdma.o
 obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx_dpdma.o
+common-obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zdma.o
 
 obj-$(CONFIG_OMAP) += omap_dma.o soc_dma.o
 obj-$(CONFIG_PXA2XX) += pxa2xx_dma.o
diff --git a/include/hw/dma/xlnx-zdma.h b/include/hw/dma/xlnx-zdma.h
new file mode 100644
index 00..0b240b4c3c
--- /dev/null
+++ b/include/hw/dma/xlnx-zdma.h
@@ -0,0 +1,84 @@
+/*
+ * QEMU model of the ZynqMP generic DMA
+ *
+ * Copyright (c) 2014 Xilinx Inc.
+ * Copyright (c) 2018 FEIMTECH AB
+ *
+ * Written by Edgar E. Iglesias ,
+ *Francisco Iglesias 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef XLNX_ZDMA_H
+#define XLNX_ZDMA_H
+
+#include "hw/sysbus.h"
+#include "hw/register.h"
+#include "sysemu/dma.h"
+
+#define ZDMA_R_MAX (0x204 / 4)
+
+typedef enum {
+DISABLED = 0,
+ENABLED = 1,
+PAUSED = 2,
+} XlnxZDMAState;
+
+typedef union {
+struct {
+uint64_t addr;
+uint32_t size;
+uint32_t attr;
+};
+uint32_t words[4];
+} XlnxZDMADescr;
+
+typedef struct XlnxZDMA {
+SysBusDevice parent_obj;
+MemoryRegion iomem;
+MemTxAttrs attr;
+MemoryRegion *dma_mr;
+AddressSpace *dma_as;
+qemu_irq irq_zdma_ch_imr;
+
+struct {
+uint32_t bus_width;
+} cfg;
+
+XlnxZDMAState state;
+bool error;
+
+XlnxZDMADescr dsc_src;
+XlnxZDMADescr dsc_dst;
+
+uint32_t regs[ZDMA_R_MAX];
+RegisterInfo regs_info[ZDMA_R_MAX];
+
+/* We don't model the common bufs. Must be at least 16 bytes
+   to model write only mode.  */
+uint8_t buf[2048];
+} XlnxZDMA;
+
+#define TYPE_XLNX_ZDMA "xlnx.zdma"
+
+#define XLNX_ZDMA(obj) \
+ OBJECT_CHECK(XlnxZDMA, (obj), TYPE_XLNX_ZDMA)
+
+#endif /* XLNX_ZDMA_H */
diff --git a/hw/dma/xlnx-zdma.c b/hw/dma/xlnx-zdma.c
new file mode 100644
index 00..14d86c254b
--- /dev/null
+++ b/hw/dma/xlnx-zdma.c
@@ -0,0 +1,832 @@
+/*
+ * QEMU model of the ZynqMP generic DMA
+ *
+ * Copyright (c) 2014 Xilinx Inc.
+ * Copyright (c) 2018 FEIMTECH AB
+ *
+ * Written by Edgar E. Iglesias ,
+ *Francisco Iglesias 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNE

[Qemu-devel] [PULL 09/32] target/arm: Add SVE decode skeleton

[Peter Maydell]

From: Richard Henderson 

Including only 4, as-yet unimplemented, instruction patterns
so that the whole thing compiles.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-3-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/Makefile.objs   | 10 ++
 target/arm/translate-a64.c |  7 -
 target/arm/translate-sve.c | 63 ++
 .gitignore |  1 +
 target/arm/sve.decode  | 45 +++
 5 files changed, 125 insertions(+), 1 deletion(-)
 create mode 100644 target/arm/translate-sve.c
 create mode 100644 target/arm/sve.decode

diff --git a/target/arm/Makefile.objs b/target/arm/Makefile.objs
index 1297bead5f..a6f733eaa8 100644
--- a/target/arm/Makefile.objs
+++ b/target/arm/Makefile.objs
@@ -10,3 +10,13 @@ obj-y += gdbstub.o
 obj-$(TARGET_AARCH64) += cpu64.o translate-a64.o helper-a64.o gdbstub64.o
 obj-y += crypto_helper.o
 obj-$(CONFIG_SOFTMMU) += arm-powerctl.o
+
+DECODETREE = $(SRC_PATH)/scripts/decodetree.py
+
+target/arm/decode-sve.inc.c: $(SRC_PATH)/target/arm/sve.decode $(DECODETREE)
+   $(call quiet-command,\
+ $(PYTHON) $(DECODETREE) --decode disas_sve -o $@ $<,\
+ "GEN", $(TARGET_DIR)$@)
+
+target/arm/translate-sve.o: target/arm/decode-sve.inc.c
+obj-$(TARGET_AARCH64) += translate-sve.o
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 74ef756ad5..b32332ce2c 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -13676,9 +13676,14 @@ static void disas_a64_insn(CPUARMState *env, 
DisasContext *s)
 s->fp_access_checked = false;
 
 switch (extract32(insn, 25, 4)) {
-case 0x0: case 0x1: case 0x2: case 0x3: /* UNALLOCATED */
+case 0x0: case 0x1: case 0x3: /* UNALLOCATED */
 unallocated_encoding(s);
 break;
+case 0x2:
+if (!arm_dc_feature(s, ARM_FEATURE_SVE) || !disas_sve(s, insn)) {
+unallocated_encoding(s);
+}
+break;
 case 0x8: case 0x9: /* Data processing - immediate */
 disas_data_proc_imm(s, insn);
 break;
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
new file mode 100644
index 00..d323bd0b67
--- /dev/null
+++ b/target/arm/translate-sve.c
@@ -0,0 +1,63 @@
+/*
+ * AArch64 SVE translation
+ *
+ * Copyright (c) 2018 Linaro, Ltd
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "tcg-op.h"
+#include "tcg-op-gvec.h"
+#include "qemu/log.h"
+#include "arm_ldst.h"
+#include "translate.h"
+#include "internals.h"
+#include "exec/helper-proto.h"
+#include "exec/helper-gen.h"
+#include "exec/log.h"
+#include "trace-tcg.h"
+#include "translate-a64.h"
+
+/*
+ * Include the generated decoder.
+ */
+
+#include "decode-sve.inc.c"
+
+/*
+ * Implement all of the translator functions referenced by the decoder.
+ */
+
+static bool trans_AND_zzz(DisasContext *s, arg_AND_zzz *a, uint32_t insn)
+{
+return false;
+}
+
+static bool trans_ORR_zzz(DisasContext *s, arg_ORR_zzz *a, uint32_t insn)
+{
+return false;
+}
+
+static bool trans_EOR_zzz(DisasContext *s, arg_EOR_zzz *a, uint32_t insn)
+{
+return false;
+}
+
+static bool trans_BIC_zzz(DisasContext *s, arg_BIC_zzz *a, uint32_t insn)
+{
+return false;
+}
diff --git a/.gitignore b/.gitignore
index 4055e12ee8..81e1f2fb0f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -206,3 +206,4 @@ trace-dtrace-root.h
 trace-dtrace-root.dtrace
 trace-ust-all.h
 trace-ust-all.c
+/target/arm/decode-sve.inc.c
diff --git a/target/arm/sve.decode b/target/arm/sve.decode
new file mode 100644
index 00..48dac9f71f
--- /dev/null
+++ b/target/arm/sve.decode
@@ -0,0 +1,45 @@
+# AArch64 SVE instruction descriptions
+#
+#  Copyright (c) 2017 Linaro, Ltd
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more det

[Qemu-devel] [PULL 11/32] target/arm: Implement SVE load vector/predicate

[Peter Maydell]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-5-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/translate-sve.c | 127 +
 target/arm/sve.decode  |  20 ++
 2 files changed, 147 insertions(+)

diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 67d6db313e..5ec18a6aac 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -42,6 +42,20 @@
  * Implement all of the translator functions referenced by the decoder.
  */
 
+/* Return the offset info CPUARMState of the predicate vector register Pn.
+ * Note for this purpose, FFR is P16.
+ */
+static inline int pred_full_reg_offset(DisasContext *s, int regno)
+{
+return offsetof(CPUARMState, vfp.pregs[regno]);
+}
+
+/* Return the byte size of the whole predicate register, VL / 64.  */
+static inline int pred_full_reg_size(DisasContext *s)
+{
+return s->sve_len >> 3;
+}
+
 /* Invoke a vector expander on two Zregs.  */
 static bool do_vector2_z(DisasContext *s, GVecGen2Fn *gvec_fn,
  int esz, int rd, int rn)
@@ -100,3 +114,116 @@ static bool trans_BIC_zzz(DisasContext *s, arg_rrr_esz 
*a, uint32_t insn)
 {
 return do_vector3_z(s, tcg_gen_gvec_andc, 0, a->rd, a->rn, a->rm);
 }
+
+/*
+ *** SVE Memory - 32-bit Gather and Unsized Contiguous Group
+ */
+
+/* Subroutine loading a vector register at VOFS of LEN bytes.
+ * The load should begin at the address Rn + IMM.
+ */
+
+static void do_ldr(DisasContext *s, uint32_t vofs, uint32_t len,
+   int rn, int imm)
+{
+uint32_t len_align = QEMU_ALIGN_DOWN(len, 8);
+uint32_t len_remain = len % 8;
+uint32_t nparts = len / 8 + ctpop8(len_remain);
+int midx = get_mem_index(s);
+TCGv_i64 addr, t0, t1;
+
+addr = tcg_temp_new_i64();
+t0 = tcg_temp_new_i64();
+
+/* Note that unpredicated load/store of vector/predicate registers
+ * are defined as a stream of bytes, which equates to little-endian
+ * operations on larger quantities.  There is no nice way to force
+ * a little-endian load for aarch64_be-linux-user out of line.
+ *
+ * Attempt to keep code expansion to a minimum by limiting the
+ * amount of unrolling done.
+ */
+if (nparts <= 4) {
+int i;
+
+for (i = 0; i < len_align; i += 8) {
+tcg_gen_addi_i64(addr, cpu_reg_sp(s, rn), imm + i);
+tcg_gen_qemu_ld_i64(t0, addr, midx, MO_LEQ);
+tcg_gen_st_i64(t0, cpu_env, vofs + i);
+}
+} else {
+TCGLabel *loop = gen_new_label();
+TCGv_ptr tp, i = tcg_const_local_ptr(0);
+
+gen_set_label(loop);
+
+/* Minimize the number of local temps that must be re-read from
+ * the stack each iteration.  Instead, re-compute values other
+ * than the loop counter.
+ */
+tp = tcg_temp_new_ptr();
+tcg_gen_addi_ptr(tp, i, imm);
+tcg_gen_extu_ptr_i64(addr, tp);
+tcg_gen_add_i64(addr, addr, cpu_reg_sp(s, rn));
+
+tcg_gen_qemu_ld_i64(t0, addr, midx, MO_LEQ);
+
+tcg_gen_add_ptr(tp, cpu_env, i);
+tcg_gen_addi_ptr(i, i, 8);
+tcg_gen_st_i64(t0, tp, vofs);
+tcg_temp_free_ptr(tp);
+
+tcg_gen_brcondi_ptr(TCG_COND_LTU, i, len_align, loop);
+tcg_temp_free_ptr(i);
+}
+
+/* Predicate register loads can be any multiple of 2.
+ * Note that we still store the entire 64-bit unit into cpu_env.
+ */
+if (len_remain) {
+tcg_gen_addi_i64(addr, cpu_reg_sp(s, rn), imm + len_align);
+
+switch (len_remain) {
+case 2:
+case 4:
+case 8:
+tcg_gen_qemu_ld_i64(t0, addr, midx, MO_LE | ctz32(len_remain));
+break;
+
+case 6:
+t1 = tcg_temp_new_i64();
+tcg_gen_qemu_ld_i64(t0, addr, midx, MO_LEUL);
+tcg_gen_addi_i64(addr, addr, 4);
+tcg_gen_qemu_ld_i64(t1, addr, midx, MO_LEUW);
+tcg_gen_deposit_i64(t0, t0, t1, 32, 32);
+tcg_temp_free_i64(t1);
+break;
+
+default:
+g_assert_not_reached();
+}
+tcg_gen_st_i64(t0, cpu_env, vofs + len_align);
+}
+tcg_temp_free_i64(addr);
+tcg_temp_free_i64(t0);
+}
+
+static bool trans_LDR_zri(DisasContext *s, arg_rri *a, uint32_t insn)
+{
+if (sve_access_check(s)) {
+int size = vec_full_reg_size(s);
+int off = vec_full_reg_offset(s, a->rd);
+do_ldr(s, off, size, a->rn, a->imm * size);
+}
+return true;
+}
+
+static bool trans_LDR_pri(DisasContext *s, arg_rri *a, uint32_t insn)
+{
+if (sve_access_check(s)) {
+int size = pred_full_reg_size(s);
+int off = pred_full_reg_offset(s, a->rd);
+do_ldr(s, off, size, a->rn, a->imm * size);
+}
+return true;
+}
diff --git a/target/arm/sve.decode b/target/arm/sve.decode
index 48dac9f71f..a2c4450e7c 100644
--- a/target/

[Qemu-devel] [PULL 16/32] target/arm: Implement SVE Integer Reduction Group

[Peter Maydell]

From: Richard Henderson 

Excepting MOVPRFX, which isn't a reduction.  Presumably it is
placed within the group because of its encoding.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-10-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper-sve.h| 44 ++
 target/arm/sve_helper.c| 91 ++
 target/arm/translate-sve.c | 68 
 target/arm/sve.decode  | 22 +
 4 files changed, 225 insertions(+)

diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 5b82ba1501..6b6bbeb272 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -168,6 +168,50 @@ DEF_HELPER_FLAGS_5(sve_udiv_zpzz_s, TCG_CALL_NO_RWG,
 DEF_HELPER_FLAGS_5(sve_udiv_zpzz_d, TCG_CALL_NO_RWG,
void, ptr, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_3(sve_orv_b, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_orv_h, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_orv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_orv_d, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(sve_eorv_b, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_eorv_h, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_eorv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_eorv_d, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(sve_andv_b, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_andv_h, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_andv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_andv_d, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(sve_saddv_b, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_saddv_h, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_saddv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(sve_uaddv_b, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_uaddv_h, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_uaddv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_uaddv_d, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(sve_smaxv_b, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_smaxv_h, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_smaxv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_smaxv_d, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(sve_umaxv_b, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_umaxv_h, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_umaxv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_umaxv_d, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(sve_sminv_b, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_sminv_h, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_sminv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_sminv_d, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(sve_uminv_b, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_uminv_h, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_uminv_s, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_uminv_d, TCG_CALL_NO_RWG, i64, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index b8c8a06122..c1719e407a 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -298,6 +298,97 @@ DO_ZPZZ_D(sve_udiv_zpzz_d, uint64_t, DO_DIV)
 
 #undef DO_ZPZZ
 #undef DO_ZPZZ_D
+
+/* Two-operand reduction expander, controlled by a predicate.
+ * The difference between TYPERED and TYPERET has to do with
+ * sign-extension.  E.g. for SMAX, TYPERED must be signed,
+ * but TYPERET must be unsigned so that e.g. a 32-bit value
+ * is not sign-extended to the ABI uint64_t return type.
+ */
+/* ??? If we were to vectorize this by hand the reduction ordering
+ * would change.  For integer operands, this is perfectly fine.
+ */
+#define DO_VPZ(NAME, TYPEELT, TYPERED, TYPERET, H, INIT, OP) \
+uint64_t HELPER(NAME)(void *vn, void *vg, uint32_t desc)   \
+{  \
+intptr_t i, opr_sz = simd_oprsz(desc); \
+TYPERED ret = INIT;\
+for (i = 0; i < opr_sz; ) {\
+uint16_t pg = *(uint16_t *)(vg + H1_2(i >> 3));\
+do {   \
+if (pg & 1) {  \
+TYPEELT nn = *(TYPEELT *)(vn + H(i));  \
+ret = OP(ret, nn); \

[Qemu-devel] [PULL 10/32] target/arm: Implement SVE Bitwise Logical - Unpredicated Group

[Peter Maydell]

From: Richard Henderson 

These were the instructions that were stubbed out when
introducing the decode skeleton.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-4-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/translate-sve.c | 55 --
 1 file changed, 47 insertions(+), 8 deletions(-)

diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index d323bd0b67..67d6db313e 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -42,22 +42,61 @@
  * Implement all of the translator functions referenced by the decoder.
  */
 
-static bool trans_AND_zzz(DisasContext *s, arg_AND_zzz *a, uint32_t insn)
+/* Invoke a vector expander on two Zregs.  */
+static bool do_vector2_z(DisasContext *s, GVecGen2Fn *gvec_fn,
+ int esz, int rd, int rn)
 {
-return false;
+if (sve_access_check(s)) {
+unsigned vsz = vec_full_reg_size(s);
+gvec_fn(esz, vec_full_reg_offset(s, rd),
+vec_full_reg_offset(s, rn), vsz, vsz);
+}
+return true;
 }
 
-static bool trans_ORR_zzz(DisasContext *s, arg_ORR_zzz *a, uint32_t insn)
+/* Invoke a vector expander on three Zregs.  */
+static bool do_vector3_z(DisasContext *s, GVecGen3Fn *gvec_fn,
+ int esz, int rd, int rn, int rm)
 {
-return false;
+if (sve_access_check(s)) {
+unsigned vsz = vec_full_reg_size(s);
+gvec_fn(esz, vec_full_reg_offset(s, rd),
+vec_full_reg_offset(s, rn),
+vec_full_reg_offset(s, rm), vsz, vsz);
+}
+return true;
 }
 
-static bool trans_EOR_zzz(DisasContext *s, arg_EOR_zzz *a, uint32_t insn)
+/* Invoke a vector move on two Zregs.  */
+static bool do_mov_z(DisasContext *s, int rd, int rn)
 {
-return false;
+return do_vector2_z(s, tcg_gen_gvec_mov, 0, rd, rn);
 }
 
-static bool trans_BIC_zzz(DisasContext *s, arg_BIC_zzz *a, uint32_t insn)
+/*
+ *** SVE Logical - Unpredicated Group
+ */
+
+static bool trans_AND_zzz(DisasContext *s, arg_rrr_esz *a, uint32_t insn)
 {
-return false;
+return do_vector3_z(s, tcg_gen_gvec_and, 0, a->rd, a->rn, a->rm);
+}
+
+static bool trans_ORR_zzz(DisasContext *s, arg_rrr_esz *a, uint32_t insn)
+{
+if (a->rn == a->rm) { /* MOV */
+return do_mov_z(s, a->rd, a->rn);
+} else {
+return do_vector3_z(s, tcg_gen_gvec_or, 0, a->rd, a->rn, a->rm);
+}
+}
+
+static bool trans_EOR_zzz(DisasContext *s, arg_rrr_esz *a, uint32_t insn)
+{
+return do_vector3_z(s, tcg_gen_gvec_xor, 0, a->rd, a->rn, a->rm);
+}
+
+static bool trans_BIC_zzz(DisasContext *s, arg_rrr_esz *a, uint32_t insn)
+{
+return do_vector3_z(s, tcg_gen_gvec_andc, 0, a->rd, a->rn, a->rm);
 }
-- 
2.17.0

[Qemu-devel] [PULL 13/32] target/arm: Implement SVE Predicate Logical Operations Group

[Peter Maydell]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-7-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h   |   4 +-
 target/arm/helper-sve.h|  10 +
 target/arm/sve_helper.c|  39 
 target/arm/translate-sve.c | 361 +
 target/arm/sve.decode  |  16 ++
 5 files changed, 429 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 01281f5c56..df21e143cc 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -541,6 +541,8 @@ typedef struct CPUARMState {
 #ifdef TARGET_AARCH64
 /* Store FFR as pregs[16] to make it easier to treat as any other.  */
 ARMPredicateReg pregs[17];
+/* Scratch space for aa64 sve predicate temporary.  */
+ARMPredicateReg preg_tmp;
 #endif
 
 uint32_t xregs[16];
@@ -548,7 +550,7 @@ typedef struct CPUARMState {
 int vec_len;
 int vec_stride;
 
-/* scratch space when Tn are not sufficient.  */
+/* Scratch space for aa32 neon expansion.  */
 uint32_t scratch[8];
 
 /* There are a number of distinct float control structures:
diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index b6e91539ae..57adc4d912 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -19,3 +19,13 @@
 
 DEF_HELPER_FLAGS_2(sve_predtest1, TCG_CALL_NO_WG, i32, i64, i64)
 DEF_HELPER_FLAGS_3(sve_predtest, TCG_CALL_NO_WG, i32, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
+DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
+DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
+DEF_HELPER_FLAGS_5(sve_sel_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
+DEF_HELPER_FLAGS_5(sve_orr_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
+DEF_HELPER_FLAGS_5(sve_orn_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
+DEF_HELPER_FLAGS_5(sve_nor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
+DEF_HELPER_FLAGS_5(sve_nand_, TCG_CALL_NO_RWG,
+   void, ptr, ptr, ptr, ptr, i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 1ebb67e1df..2eda6f2ef1 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -76,3 +76,42 @@ uint32_t HELPER(sve_predtest)(void *vd, void *vg, uint32_t 
words)
 
 return flags;
 }
+
+#define LOGICAL_(NAME, FUNC) \
+void HELPER(NAME)(void *vd, void *vn, void *vm, void *vg, uint32_t desc)  \
+{ \
+uintptr_t opr_sz = simd_oprsz(desc);  \
+uint64_t *d = vd, *n = vn, *m = vm, *g = vg;  \
+uintptr_t i;  \
+for (i = 0; i < opr_sz / 8; ++i) {\
+d[i] = FUNC(n[i], m[i], g[i]);\
+} \
+}
+
+#define DO_AND(N, M, G)  (((N) & (M)) & (G))
+#define DO_BIC(N, M, G)  (((N) & ~(M)) & (G))
+#define DO_EOR(N, M, G)  (((N) ^ (M)) & (G))
+#define DO_ORR(N, M, G)  (((N) | (M)) & (G))
+#define DO_ORN(N, M, G)  (((N) | ~(M)) & (G))
+#define DO_NOR(N, M, G)  (~((N) | (M)) & (G))
+#define DO_NAND(N, M, G) (~((N) & (M)) & (G))
+#define DO_SEL(N, M, G)  (((N) & (G)) | ((M) & ~(G)))
+
+LOGICAL_(sve_and_, DO_AND)
+LOGICAL_(sve_bic_, DO_BIC)
+LOGICAL_(sve_eor_, DO_EOR)
+LOGICAL_(sve_sel_, DO_SEL)
+LOGICAL_(sve_orr_, DO_ORR)
+LOGICAL_(sve_orn_, DO_ORN)
+LOGICAL_(sve_nor_, DO_NOR)
+LOGICAL_(sve_nand_, DO_NAND)
+
+#undef DO_AND
+#undef DO_BIC
+#undef DO_EOR
+#undef DO_ORR
+#undef DO_ORN
+#undef DO_NOR
+#undef DO_NAND
+#undef DO_SEL
+#undef LOGICAL_
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index c3f1b0bfa6..67fb3091ac 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -56,6 +56,28 @@ static inline int pred_full_reg_size(DisasContext *s)
 return s->sve_len >> 3;
 }
 
+/* Round up the size of a register to a size allowed by
+ * the tcg vector infrastructure.  Any operation which uses this
+ * size may assume that the bits above pred_full_reg_size are zero,
+ * and must leave them the same way.
+ *
+ * Note that this is not needed for the vector registers as they
+ * are always properly sized for tcg vectors.
+ */
+static int size_for_gvec(int size)
+{
+if (size <= 8) {
+return 8;
+} else {
+return QEMU_ALIGN_UP(size, 16);
+}
+}
+
+static int pred_gvec_reg_size(DisasContext *s)
+{
+return size_for_gvec(pred_full_reg_size(s));
+}
+
 /* Invoke a vector expander on two Zregs.  */
 static bool do_vector2_z(DisasContext *s, GVecGen2Fn *gvec_fn,
  int 

[Qemu-devel] [PULL 14/32] target/arm: Implement SVE Predicate Misc Group

[Peter Maydell]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Message-id: 20180516223007.10256-8-richard.hender...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h   |   4 +
 target/arm/helper-sve.h|   3 +
 target/arm/sve_helper.c|  84 +++
 target/arm/translate-sve.c | 209 +
 target/arm/sve.decode  |  31 ++
 5 files changed, 331 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index df21e143cc..8488273c5b 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -540,6 +540,7 @@ typedef struct CPUARMState {
 
 #ifdef TARGET_AARCH64
 /* Store FFR as pregs[16] to make it easier to treat as any other.  */
+#define FFR_PRED_NUM 16
 ARMPredicateReg pregs[17];
 /* Scratch space for aa64 sve predicate temporary.  */
 ARMPredicateReg preg_tmp;
@@ -2975,4 +2976,7 @@ static inline uint64_t *aa64_vfp_qreg(CPUARMState *env, 
unsigned regno)
 return &env->vfp.zregs[regno].d[0];
 }
 
+/* Shared between translate-sve.c and sve_helper.c.  */
+extern const uint64_t pred_esz_masks[4];
+
 #endif
diff --git a/target/arm/helper-sve.h b/target/arm/helper-sve.h
index 57adc4d912..0c04afff8c 100644
--- a/target/arm/helper-sve.h
+++ b/target/arm/helper-sve.h
@@ -20,6 +20,9 @@
 DEF_HELPER_FLAGS_2(sve_predtest1, TCG_CALL_NO_WG, i32, i64, i64)
 DEF_HELPER_FLAGS_3(sve_predtest, TCG_CALL_NO_WG, i32, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_3(sve_pfirst, TCG_CALL_NO_WG, i32, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(sve_pnext, TCG_CALL_NO_WG, i32, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_5(sve_and_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_bic_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
 DEF_HELPER_FLAGS_5(sve_eor_, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, 
i32)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 2eda6f2ef1..cc164edfe8 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -115,3 +115,87 @@ LOGICAL_(sve_nand_, DO_NAND)
 #undef DO_NAND
 #undef DO_SEL
 #undef LOGICAL_
+
+/* Similar to the ARM LastActiveElement pseudocode function, except the
+   result is multiplied by the element size.  This includes the not found
+   indication; e.g. not found for esz=3 is -8.  */
+static intptr_t last_active_element(uint64_t *g, intptr_t words, intptr_t esz)
+{
+uint64_t mask = pred_esz_masks[esz];
+intptr_t i = words;
+
+do {
+uint64_t this_g = g[--i] & mask;
+if (this_g) {
+return i * 64 + (63 - clz64(this_g));
+}
+} while (i > 0);
+return (intptr_t)-1 << esz;
+}
+
+uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t words)
+{
+uint32_t flags = PREDTEST_INIT;
+uint64_t *d = vd, *g = vg;
+intptr_t i = 0;
+
+do {
+uint64_t this_d = d[i];
+uint64_t this_g = g[i];
+
+if (this_g) {
+if (!(flags & 4)) {
+/* Set in D the first bit of G.  */
+this_d |= this_g & -this_g;
+d[i] = this_d;
+}
+flags = iter_predtest_fwd(this_d, this_g, flags);
+}
+} while (++i < words);
+
+return flags;
+}
+
+uint32_t HELPER(sve_pnext)(void *vd, void *vg, uint32_t pred_desc)
+{
+intptr_t words = extract32(pred_desc, 0, SIMD_OPRSZ_BITS);
+intptr_t esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2);
+uint32_t flags = PREDTEST_INIT;
+uint64_t *d = vd, *g = vg, esz_mask;
+intptr_t i, next;
+
+next = last_active_element(vd, words, esz) + (1 << esz);
+esz_mask = pred_esz_masks[esz];
+
+/* Similar to the pseudocode for pnext, but scaled by ESZ
+   so that we find the correct bit.  */
+if (next < words * 64) {
+uint64_t mask = -1;
+
+if (next & 63) {
+mask = ~((1ull << (next & 63)) - 1);
+next &= -64;
+}
+do {
+uint64_t this_g = g[next / 64] & esz_mask & mask;
+if (this_g != 0) {
+next = (next & -64) + ctz64(this_g);
+break;
+}
+next += 64;
+mask = -1;
+} while (next < words * 64);
+}
+
+i = 0;
+do {
+uint64_t this_d = 0;
+if (i == next / 64) {
+this_d = 1ull << (next & 63);
+}
+d[i] = this_d;
+flags = iter_predtest_fwd(this_d, g[i] & esz_mask, flags);
+} while (++i < words);
+
+return flags;
+}
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 67fb3091ac..4bb40da119 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -22,6 +22,7 @@
 #include "exec/exec-all.h"
 #include "tcg-op.h"
 #include "tcg-op-gvec.h"
+#include "tcg-gvec-desc.h"
 #include "qemu/log.h"
 #include "arm_ldst.h"
 #include "translate.h"
@@ -192,6 +193,12 @@ static void do_predtest(DisasContext *s, int dofs, int 
gofs, int words)
 tcg_temp_free_i32(t);
 }
 
+/* For each element size, the bits

[Qemu-devel] [PULL 06/32] hw/arm/smmuv3: Fix Coverity issue in smmuv3_record_event

[Peter Maydell]

From: Eric Auger 

Coverity complains about use of uninitialized Evt struct.
The EVT_SET_TYPE and similar setters use deposit32() on fields
in the struct, so they read the uninitialized existing values.
In cases where we don't set all the fields in the event struct
we'll end up leaking random uninitialized data from QEMU's
stack into the guest.

Initializing the struct with "Evt evt = {};" ought to satisfy
Coverity and fix the data leak.

Signed-off-by: Eric Auger 
Reported-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 1526493784-25328-2-git-send-email-eric.au...@redhat.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/arm/smmuv3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index b3026dea20..42dc521c13 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -143,7 +143,7 @@ static MemTxResult smmuv3_write_eventq(SMMUv3State *s, Evt 
*evt)
 
 void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
 {
-Evt evt;
+Evt evt = {};
 MemTxResult r;
 
 if (!smmuv3_eventq_enabled(s)) {
-- 
2.17.0

[Qemu-devel] [PULL 07/32] hw/arm/smmu-common: Fix coverity issue in get_block_pte_address

[Peter Maydell]

From: Eric Auger 

Coverity points out that this can overflow if n > 31,
because it's only doing 32-bit arithmetic. Let's use 1ULL instead
of 1. Also the formulae used to compute n can be replaced by
the level_shift() macro.

Reported-by: Peter Maydell 
Signed-off-by: Eric Auger 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 1526493784-25328-3-git-send-email-eric.au...@redhat.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/arm/smmu-common.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
index 01c7be82b6..3c5f7245b5 100644
--- a/hw/arm/smmu-common.c
+++ b/hw/arm/smmu-common.c
@@ -83,9 +83,9 @@ static inline hwaddr get_table_pte_address(uint64_t pte, int 
granule_sz)
 static inline hwaddr get_block_pte_address(uint64_t pte, int level,
int granule_sz, uint64_t *bsz)
 {
-int n = (granule_sz - 3) * (4 - level) + 3;
+int n = level_shift(level, granule_sz);
 
-*bsz = 1 << n;
+*bsz = 1ULL << n;
 return PTE_ADDRESS(pte, n);
 }
 
-- 
2.17.0

[Qemu-devel] [PULL 01/32] target/arm: Add "ARM_CP_NO_GDB" as a new bit field for ARMCPRegInfo type

[Peter Maydell]

From: Abdallah Bouassida 

This is a preparation for the coming feature of creating dynamically an XML
description for the ARM sysregs.
A register has ARM_CP_NO_GDB enabled will not be shown in the dynamic XML.
This bit is enabled automatically when creating CP_ANY wildcard aliases.
This bit could be enabled manually for any register we want to remove from the
dynamic XML description.

Signed-off-by: Abdallah Bouassida 
Reviewed-by: Peter Maydell 
Reviewed-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-id: 1524153386-3550-2-git-send-email-abdallah.bouass...@lauterbach.com
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h| 3 ++-
 target/arm/helper.c | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 3b086be570..c78ccabded 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1821,10 +1821,11 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
 #define ARM_LAST_SPECIAL ARM_CP_DC_ZVA
 #define ARM_CP_FPU   0x1000
 #define ARM_CP_SVE   0x2000
+#define ARM_CP_NO_GDB0x4000
 /* Used only as a terminator for ARMCPRegInfo lists */
 #define ARM_CP_SENTINEL  0x
 /* Mask of only the flag bits in a type field */
-#define ARM_CP_FLAG_MASK 0x30ff
+#define ARM_CP_FLAG_MASK 0x70ff
 
 /* Valid values for ARMCPRegInfo state field, indicating which of
  * the AArch32 and AArch64 execution states this register is visible in.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index db8bbe52a6..118422b92c 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5678,7 +5678,7 @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const 
ARMCPRegInfo *r,
 if (((r->crm == CP_ANY) && crm != 0) ||
 ((r->opc1 == CP_ANY) && opc1 != 0) ||
 ((r->opc2 == CP_ANY) && opc2 != 0)) {
-r2->type |= ARM_CP_ALIAS;
+r2->type |= ARM_CP_ALIAS | ARM_CP_NO_GDB;
 }
 
 /* Check that raw accesses are either forbidden or handled. Note that
-- 
2.17.0

[Qemu-devel] [PULL 05/32] xlnx-zynqmp: Connect the ZynqMP GDMA and ADMA

[Peter Maydell]

From: Francisco Iglesias 

The ZynqMP contains two instances of a generic DMA, the GDMA, located in the
FPD (full power domain), and the ADMA, located in LPD (low power domain).  This
patch adds these two DMAs to the ZynqMP board.

Signed-off-by: Francisco Iglesias 
Reviewed-by: Alistair Francis 
Reviewed-by: Edgar E. Iglesias 
Message-id: 20180503214201.29082-3-frasse.igles...@gmail.com
Signed-off-by: Peter Maydell 
---
 include/hw/arm/xlnx-zynqmp.h |  5 
 hw/arm/xlnx-zynqmp.c | 53 
 2 files changed, 58 insertions(+)

diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
index 3b613e364d..82b6ec2486 100644
--- a/include/hw/arm/xlnx-zynqmp.h
+++ b/include/hw/arm/xlnx-zynqmp.h
@@ -27,6 +27,7 @@
 #include "hw/sd/sdhci.h"
 #include "hw/ssi/xilinx_spips.h"
 #include "hw/dma/xlnx_dpdma.h"
+#include "hw/dma/xlnx-zdma.h"
 #include "hw/display/xlnx_dp.h"
 #include "hw/intc/xlnx-zynqmp-ipi.h"
 #include "hw/timer/xlnx-zynqmp-rtc.h"
@@ -41,6 +42,8 @@
 #define XLNX_ZYNQMP_NUM_UARTS 2
 #define XLNX_ZYNQMP_NUM_SDHCI 2
 #define XLNX_ZYNQMP_NUM_SPIS 2
+#define XLNX_ZYNQMP_NUM_GDMA_CH 8
+#define XLNX_ZYNQMP_NUM_ADMA_CH 8
 
 #define XLNX_ZYNQMP_NUM_QSPI_BUS 2
 #define XLNX_ZYNQMP_NUM_QSPI_BUS_CS 2
@@ -94,6 +97,8 @@ typedef struct XlnxZynqMPState {
 XlnxDPDMAState dpdma;
 XlnxZynqMPIPI ipi;
 XlnxZynqMPRTC rtc;
+XlnxZDMA gdma[XLNX_ZYNQMP_NUM_GDMA_CH];
+XlnxZDMA adma[XLNX_ZYNQMP_NUM_ADMA_CH];
 
 char *boot_cpu;
 ARMCPU *boot_cpu_ptr;
diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index 505253e0d2..2045b9d71e 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -90,6 +90,24 @@ static const int spi_intr[XLNX_ZYNQMP_NUM_SPIS] = {
 19, 20,
 };
 
+static const uint64_t gdma_ch_addr[XLNX_ZYNQMP_NUM_GDMA_CH] = {
+0xFD50, 0xFD51, 0xFD52, 0xFD53,
+0xFD54, 0xFD55, 0xFD56, 0xFD57
+};
+
+static const int gdma_ch_intr[XLNX_ZYNQMP_NUM_GDMA_CH] = {
+124, 125, 126, 127, 128, 129, 130, 131
+};
+
+static const uint64_t adma_ch_addr[XLNX_ZYNQMP_NUM_ADMA_CH] = {
+0xFFA8, 0xFFA9, 0xFFAA, 0xFFAB,
+0xFFAC, 0xFFAD, 0xFFAE, 0xFFAF
+};
+
+static const int adma_ch_intr[XLNX_ZYNQMP_NUM_ADMA_CH] = {
+77, 78, 79, 80, 81, 82, 83, 84
+};
+
 typedef struct XlnxZynqMPGICRegion {
 int region_index;
 uint32_t address;
@@ -197,6 +215,16 @@ static void xlnx_zynqmp_init(Object *obj)
 
 object_initialize(&s->rtc, sizeof(s->rtc), TYPE_XLNX_ZYNQMP_RTC);
 qdev_set_parent_bus(DEVICE(&s->rtc), sysbus_get_default());
+
+for (i = 0; i < XLNX_ZYNQMP_NUM_GDMA_CH; i++) {
+object_initialize(&s->gdma[i], sizeof(s->gdma[i]), TYPE_XLNX_ZDMA);
+qdev_set_parent_bus(DEVICE(&s->gdma[i]), sysbus_get_default());
+}
+
+for (i = 0; i < XLNX_ZYNQMP_NUM_ADMA_CH; i++) {
+object_initialize(&s->adma[i], sizeof(s->adma[i]), TYPE_XLNX_ZDMA);
+qdev_set_parent_bus(DEVICE(&s->adma[i]), sysbus_get_default());
+}
 }
 
 static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)
@@ -492,6 +520,31 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
**errp)
 }
 sysbus_mmio_map(SYS_BUS_DEVICE(&s->rtc), 0, RTC_ADDR);
 sysbus_connect_irq(SYS_BUS_DEVICE(&s->rtc), 0, gic_spi[RTC_IRQ]);
+
+for (i = 0; i < XLNX_ZYNQMP_NUM_GDMA_CH; i++) {
+object_property_set_uint(OBJECT(&s->gdma[i]), 128, "bus-width", &err);
+object_property_set_bool(OBJECT(&s->gdma[i]), true, "realized", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->gdma[i]), 0, gdma_ch_addr[i]);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->gdma[i]), 0,
+   gic_spi[gdma_ch_intr[i]]);
+}
+
+for (i = 0; i < XLNX_ZYNQMP_NUM_ADMA_CH; i++) {
+object_property_set_bool(OBJECT(&s->adma[i]), true, "realized", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->adma[i]), 0, adma_ch_addr[i]);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->adma[i]), 0,
+   gic_spi[adma_ch_intr[i]]);
+}
 }
 
 static Property xlnx_zynqmp_props[] = {
-- 
2.17.0

[Qemu-devel] [PULL 03/32] target/arm: Add the XML dynamic generation

[Peter Maydell]

From: Abdallah Bouassida 

Generate an XML description for the cp-regs.
Register these regs with the gdb_register_coprocessor().
Add arm_gdb_get_sysreg() to use it as a callback to read those regs.
Add a dummy arm_gdb_set_sysreg().

Signed-off-by: Abdallah Bouassida 
Tested-by: Alex Bennée 
Message-id: 1524153386-3550-4-git-send-email-abdallah.bouass...@lauterbach.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 include/qom/cpu.h|  5 ++-
 target/arm/cpu.h | 26 +++
 gdbstub.c| 10 ++
 target/arm/cpu.c |  1 +
 target/arm/gdbstub.c | 76 
 target/arm/helper.c  | 26 +++
 6 files changed, 143 insertions(+), 1 deletion(-)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 14e45c4282..9d3afc6c75 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -132,6 +132,9 @@ struct TranslationBlock;
  *   before the insn which triggers a watchpoint rather than after it.
  * @gdb_arch_name: Optional callback that returns the architecture name known
  * to GDB. The caller must free the returned string with g_free.
+ * @gdb_get_dynamic_xml: Callback to return dynamically generated XML for the
+ *   gdb stub. Returns a pointer to the XML contents for the specified XML file
+ *   or NULL if the CPU doesn't have a dynamically generated content for it.
  * @cpu_exec_enter: Callback for cpu_exec preparation.
  * @cpu_exec_exit: Callback for cpu_exec cleanup.
  * @cpu_exec_interrupt: Callback for processing interrupts in cpu_exec.
@@ -198,7 +201,7 @@ typedef struct CPUClass {
 const struct VMStateDescription *vmsd;
 const char *gdb_core_xml_file;
 gchar * (*gdb_arch_name)(CPUState *cpu);
-
+const char * (*gdb_get_dynamic_xml)(CPUState *cpu, const char *xmlname);
 void (*cpu_exec_enter)(CPUState *cpu);
 void (*cpu_exec_exit)(CPUState *cpu);
 bool (*cpu_exec_interrupt)(CPUState *cpu, int interrupt_request);
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c78ccabded..01281f5c56 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -133,6 +133,19 @@ enum {
s<2n+1> maps to the most significant half of d
  */
 
+/**
+ * DynamicGDBXMLInfo:
+ * @desc: Contains the XML descriptions.
+ * @num_cpregs: Number of the Coprocessor registers seen by GDB.
+ * @cpregs_keys: Array that contains the corresponding Key of
+ * a given cpreg with the same order of the cpreg in the XML description.
+ */
+typedef struct DynamicGDBXMLInfo {
+char *desc;
+int num_cpregs;
+uint32_t *cpregs_keys;
+} DynamicGDBXMLInfo;
+
 /* CPU state for each instance of a generic timer (in cp15 c14) */
 typedef struct ARMGenericTimer {
 uint64_t cval; /* Timer CompareValue register */
@@ -687,6 +700,8 @@ struct ARMCPU {
 uint64_t *cpreg_vmstate_values;
 int32_t cpreg_vmstate_array_len;
 
+DynamicGDBXMLInfo dyn_xml;
+
 /* Timers used by the generic (architected) timer */
 QEMUTimer *gt_timer[NUM_GTIMERS];
 /* GPIO outputs for generic timer */
@@ -868,6 +883,17 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cpu, 
vaddr addr,
 int arm_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
 int arm_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 
+/* Dynamically generates for gdb stub an XML description of the sysregs from
+ * the cp_regs hashtable. Returns the registered sysregs number.
+ */
+int arm_gen_dynamic_xml(CPUState *cpu);
+
+/* Returns the dynamically generated XML for the gdb stub.
+ * Returns a pointer to the XML contents for the specified XML file or NULL
+ * if the XML name doesn't match the predefined one.
+ */
+const char *arm_gdb_get_dynamic_xml(CPUState *cpu, const char *xmlname);
+
 int arm_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
  int cpuid, void *opaque);
 int arm_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cs,
diff --git a/gdbstub.c b/gdbstub.c
index 3c3807358c..9682e16ef7 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -675,6 +675,16 @@ static const char *get_feature_xml(const char *p, const 
char **newp,
 }
 return target_xml;
 }
+if (cc->gdb_get_dynamic_xml) {
+CPUState *cpu = first_cpu;
+char *xmlname = g_strndup(p, len);
+const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
+
+g_free(xmlname);
+if (xml) {
+return xml;
+}
+}
 for (i = 0; ; i++) {
 name = xml_builtin[i][0];
 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 7939c6b8ae..5d60893a07 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1908,6 +1908,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->gdb_num_core_regs = 26;
 cc->gdb_core_xml_file = "arm-core.xml";
 cc->gdb_arch_name = arm_gdb_arch_name;
+cc->gdb_get_dynamic_xml = arm_gdb_get_dynamic_xml;
 cc->gdb_stop_before_watchpoi

[Qemu-devel] [PULL 02/32] target/arm: Add "_S" suffix to the secure version of a sysreg

[Peter Maydell]

From: Abdallah Bouassida 

This is a preparation for the coming feature of creating dynamically an XML
description for the ARM sysregs.
Add "_S" suffix to the secure version of sysregs that have both S and NS views
Replace (S) and (NS) by _S and _NS for the register that are manually defined,
so all the registers follow the same convention.

Signed-off-by: Abdallah Bouassida 
Reviewed-by: Peter Maydell 
Reviewed-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-id: 1524153386-3550-3-git-send-email-abdallah.bouass...@lauterbach.com
Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 29 ++---
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 118422b92c..369292c8b0 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -690,12 +690,12 @@ static const ARMCPRegInfo cp_reginfo[] = {
  * the secure register to be properly reset and migrated. There is also no
  * v8 EL1 version of the register so the non-secure instance stands alone.
  */
-{ .name = "FCSEIDR(NS)",
+{ .name = "FCSEIDR",
   .cp = 15, .opc1 = 0, .crn = 13, .crm = 0, .opc2 = 0,
   .access = PL1_RW, .secure = ARM_CP_SECSTATE_NS,
   .fieldoffset = offsetof(CPUARMState, cp15.fcseidr_ns),
   .resetvalue = 0, .writefn = fcse_write, .raw_writefn = raw_write, },
-{ .name = "FCSEIDR(S)",
+{ .name = "FCSEIDR_S",
   .cp = 15, .opc1 = 0, .crn = 13, .crm = 0, .opc2 = 0,
   .access = PL1_RW, .secure = ARM_CP_SECSTATE_S,
   .fieldoffset = offsetof(CPUARMState, cp15.fcseidr_s),
@@ -711,7 +711,7 @@ static const ARMCPRegInfo cp_reginfo[] = {
   .access = PL1_RW, .secure = ARM_CP_SECSTATE_NS,
   .fieldoffset = offsetof(CPUARMState, cp15.contextidr_el[1]),
   .resetvalue = 0, .writefn = contextidr_write, .raw_writefn = raw_write, 
},
-{ .name = "CONTEXTIDR(S)", .state = ARM_CP_STATE_AA32,
+{ .name = "CONTEXTIDR_S", .state = ARM_CP_STATE_AA32,
   .cp = 15, .opc1 = 0, .crn = 13, .crm = 0, .opc2 = 1,
   .access = PL1_RW, .secure = ARM_CP_SECSTATE_S,
   .fieldoffset = offsetof(CPUARMState, cp15.contextidr_s),
@@ -1981,7 +1981,7 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
cp15.c14_timer[GTIMER_PHYS].ctl),
   .writefn = gt_phys_ctl_write, .raw_writefn = raw_write,
 },
-{ .name = "CNTP_CTL(S)",
+{ .name = "CNTP_CTL_S",
   .cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 1,
   .secure = ARM_CP_SECSTATE_S,
   .type = ARM_CP_IO | ARM_CP_ALIAS, .access = PL1_RW | PL0_R,
@@ -2020,7 +2020,7 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
   .accessfn = gt_ptimer_access,
   .readfn = gt_phys_tval_read, .writefn = gt_phys_tval_write,
 },
-{ .name = "CNTP_TVAL(S)",
+{ .name = "CNTP_TVAL_S",
   .cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 0,
   .secure = ARM_CP_SECSTATE_S,
   .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL1_RW | PL0_R,
@@ -2074,7 +2074,7 @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
   .accessfn = gt_ptimer_access,
   .writefn = gt_phys_cval_write, .raw_writefn = raw_write,
 },
-{ .name = "CNTP_CVAL(S)", .cp = 15, .crm = 14, .opc1 = 2,
+{ .name = "CNTP_CVAL_S", .cp = 15, .crm = 14, .opc1 = 2,
   .secure = ARM_CP_SECSTATE_S,
   .access = PL1_RW | PL0_R,
   .type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_ALIAS,
@@ -5577,7 +5577,8 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error 
**errp)
 
 static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
void *opaque, int state, int secstate,
-   int crm, int opc1, int opc2)
+   int crm, int opc1, int opc2,
+   const char *name)
 {
 /* Private utility function for define_one_arm_cp_reg_with_opaque():
  * add a single reginfo struct to the hash table.
@@ -5587,6 +5588,7 @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const 
ARMCPRegInfo *r,
 int is64 = (r->type & ARM_CP_64BIT) ? 1 : 0;
 int ns = (secstate & ARM_CP_SECSTATE_NS) ? 1 : 0;
 
+r2->name = g_strdup(name);
 /* Reset the secure state to the specific incoming state.  This is
  * necessary as the register may have been defined with both states.
  */
@@ -5818,19 +5820,24 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
 /* Under AArch32 CP registers can be common
  * (same for secure and non-secure world) or banked.
  */
+char *name;
+
 switch (r->secure) {
 case ARM_CP_SECSTATE_S:
 case ARM_CP_SECSTATE_NS:
 add_cpreg_to_hashtable(cpu, r, opaque, state,
-   r->secure, crm, opc1, opc2);
+

[Qemu-devel] [PULL 00/32] target-arm queue

[Peter Maydell]

Another target-arm queue, since we're over 30 patches
already. Most of this is RTH's SVE-patches-part-1.

thanks
-- PMM


The following changes since commit d32e41a1188e929cc0fb16829ce3736046951e39:

  Merge remote-tracking branch 
'remotes/famz/tags/docker-and-block-pull-request' into staging (2018-05-18 
14:11:52 +0100)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20180518

for you to fetch changes up to b94f8f60bd841c5b737185cd38263e26822f77ab:

  target/arm: Implement SVE Permute - Extract Group (2018-05-18 17:48:09 +0100)


target-arm queue:
 * Initial part of SVE implementation (currently disabled)
 * smmuv3: fix some minor Coverity issues
 * add model of Xilinx ZynqMP generic DMA controller
 * expose (most) Arm coprocessor/system registers to
   gdb via QEMU's gdbstub, for reads only


Abdallah Bouassida (3):
  target/arm: Add "ARM_CP_NO_GDB" as a new bit field for ARMCPRegInfo type
  target/arm: Add "_S" suffix to the secure version of a sysreg
  target/arm: Add the XML dynamic generation

Eric Auger (2):
  hw/arm/smmuv3: Fix Coverity issue in smmuv3_record_event
  hw/arm/smmu-common: Fix coverity issue in get_block_pte_address

Francisco Iglesias (2):
  xlnx-zdma: Add a model of the Xilinx ZynqMP generic DMA
  xlnx-zynqmp: Connect the ZynqMP GDMA and ADMA

Richard Henderson (25):
  target/arm: Introduce translate-a64.h
  target/arm: Add SVE decode skeleton
  target/arm: Implement SVE Bitwise Logical - Unpredicated Group
  target/arm: Implement SVE load vector/predicate
  target/arm: Implement SVE predicate test
  target/arm: Implement SVE Predicate Logical Operations Group
  target/arm: Implement SVE Predicate Misc Group
  target/arm: Implement SVE Integer Binary Arithmetic - Predicated Group
  target/arm: Implement SVE Integer Reduction Group
  target/arm: Implement SVE bitwise shift by immediate (predicated)
  target/arm: Implement SVE bitwise shift by vector (predicated)
  target/arm: Implement SVE bitwise shift by wide elements (predicated)
  target/arm: Implement SVE Integer Arithmetic - Unary Predicated Group
  target/arm: Implement SVE Integer Multiply-Add Group
  target/arm: Implement SVE Integer Arithmetic - Unpredicated Group
  target/arm: Implement SVE Index Generation Group
  target/arm: Implement SVE Stack Allocation Group
  target/arm: Implement SVE Bitwise Shift - Unpredicated Group
  target/arm: Implement SVE Compute Vector Address Group
  target/arm: Implement SVE floating-point exponential accelerator
  target/arm: Implement SVE floating-point trig select coefficient
  target/arm: Implement SVE Element Count Group
  target/arm: Implement SVE Bitwise Immediate Group
  target/arm: Implement SVE Integer Wide Immediate - Predicated Group
  target/arm: Implement SVE Permute - Extract Group

 hw/dma/Makefile.objs |1 +
 target/arm/Makefile.objs |   10 +
 include/hw/arm/xlnx-zynqmp.h |5 +
 include/hw/dma/xlnx-zdma.h   |   84 ++
 include/qom/cpu.h|5 +-
 target/arm/cpu.h |   37 +-
 target/arm/helper-sve.h  |  427 +
 target/arm/helper.h  |1 +
 target/arm/translate-a64.h   |  118 +++
 gdbstub.c|   10 +
 hw/arm/smmu-common.c |4 +-
 hw/arm/smmuv3.c  |2 +-
 hw/arm/xlnx-zynqmp.c |   53 ++
 hw/dma/xlnx-zdma.c   |  832 +
 target/arm/cpu.c |1 +
 target/arm/gdbstub.c |   76 ++
 target/arm/helper.c  |   57 +-
 target/arm/sve_helper.c  | 1562 +++
 target/arm/translate-a64.c   |  119 +--
 target/arm/translate-sve.c   | 2070 ++
 .gitignore   |1 +
 target/arm/sve.decode|  419 +
 22 files changed, 5778 insertions(+), 116 deletions(-)
 create mode 100644 include/hw/dma/xlnx-zdma.h
 create mode 100644 target/arm/helper-sve.h
 create mode 100644 target/arm/translate-a64.h
 create mode 100644 hw/dma/xlnx-zdma.c
 create mode 100644 target/arm/sve_helper.c
 create mode 100644 target/arm/translate-sve.c
 create mode 100644 target/arm/sve.decode