Re: [Qemu-devel] [RFC 00/13] hw/m68k: add Apple Machintosh Quadra 800 machine

[Philippe Mathieu-Daudé]

On 06/08/2018 05:05 PM, Laurent Vivier wrote:
> I'm rebasing some of these patches for seven years now,
> too many years...
> 
> It's an RFC because things have changed in QEMU in seven years,
> for instance the VIA has a new implementation (mos6522) introduced
> by Mark Cave-Ayland and I didn't rework my implementation to
> fit into this new one (any volunteers?), display has some glitches,
> ADB devices are not identified correctly.
> 
> if you want to test the machine, I'm sorry, it doesn't boot
> a MacROM, but you can boot a linux kernel from the command line.
> 
> You can install your own disk using debian-installer, with:
> 
> ...
> -M q800 \
> -serial none -serial mon:stdio \
> -m 1000M -drive file=m68k.qcow2,format=qcow2 \
> -net nic,model=dp83932,addr=09:00:07:12:34:57 \
> -append "console=ttyS0 vga=off" \
> -kernel vmlinux-4.15.0-2-m68k \
> -initrd initrd.gz \
> -drive file=debian-9.0-m68k-NETINST-1.iso \
> -drive file=m68k.qcow2,format=qcow2 \
> -nographic

qemu-system-m68k: -drive file=m68k.qcow2,format=qcow2: Failed to get
"write" lock
Is another process using the image?

(two times same file provided in cmdline arguments)

@block-team I found it funny because this is the very same process which
already locked. The error message is enough as it imo.

Re: [Qemu-devel] [PATCH v2 0/6] spapr: machine hotplug handler cleanups

[David Gibson]

On Fri, Jun 08, 2018 at 02:48:10PM +0200, David Hildenbrand wrote:
> I'll be messing with machine hotplug handlers of pc/spapr/s390x in the
> context of
> [PATCH v4 00/14] MemoryDevice: use multi stage hotplug handlers
> 
> So this is a spin-off of the cleanup patches in the context of hotplug
> handlers.

Applied to ppc-for-3.0, thanks.

> 
> v1 -> v2:
> - dropped the three "local_err" patches
> - tweaked some patch descriptions
> - Split "spapr: move all DIMM checks into spapr_memory_plug" up
> -- Move the memory hotplug check into the pre_plug handler
> - Use _abort instead of NULL
> 
> David Hildenbrand (6):
>   spapr: no need to verify the node
>   spapr: move lookup of the node into spapr_memory_plug()
>   spapr: move memory hotplug support check into spapr_memory_pre_plug()
>   spapr: introduce machine unplug handler
>   spapr: handle pc-dimm unplug via hotplug handler chain
>   spapr: handle cpu core unplug via hotplug handler chain
> 
>  hw/ppc/spapr.c | 67 --
>  1 file changed, 43 insertions(+), 24 deletions(-)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH V6 RESEND 7/7] migration/ram: ensure write persistence on loading all data to PMEM.

[Junyan He]

Sorry missed dgilbert's comment about RAMBLOCK_FOREACH_MIGRATABLE in previous 
revision.


From: Qemu-devel  on behalf of 
junyan...@gmx.com 
Sent: Saturday, June 9, 2018 1:12:31 AM
To: qemu-devel@nongnu.org
Cc: xiaoguangrong.e...@gmail.com; crosthwaite.pe...@gmail.com; m...@redhat.com; 
dgilb...@redhat.com; ehabk...@redhat.com; quint...@redhat.com; Junyan He; 
stefa...@redhat.com; pbonz...@redhat.com; imamm...@redhat.com; r...@twiddle.net
Subject: [Qemu-devel] [PATCH V6 RESEND 7/7] migration/ram: ensure write 
persistence on loading all data to PMEM.

From: Junyan He 

Because we need to make sure the pmem kind memory data is synced
after migration, we choose to call pmem_persist() when the migration
finish. This will make sure the data of pmem is safe and will not
lose if power is off.

Signed-off-by: Junyan He 
---
 include/qemu/pmem.h | 1 +
 migration/ram.c | 8 
 stubs/pmem.c| 4 
 3 files changed, 13 insertions(+)

diff --git a/include/qemu/pmem.h b/include/qemu/pmem.h
index 00d6680..8f52b08 100644
--- a/include/qemu/pmem.h
+++ b/include/qemu/pmem.h
@@ -17,6 +17,7 @@
 #else  /* !CONFIG_LIBPMEM */

 void *pmem_memcpy_persist(void *pmemdest, const void *src, size_t len);
+void pmem_persist(const void *addr, size_t len);

 #endif /* CONFIG_LIBPMEM */

diff --git a/migration/ram.c b/migration/ram.c
index aa0c6f0..15418c2 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -33,6 +33,7 @@
 #include "qemu/bitops.h"
 #include "qemu/bitmap.h"
 #include "qemu/main-loop.h"
+#include "qemu/pmem.h"
 #include "xbzrle.h"
 #include "ram.h"
 #include "migration.h"
@@ -3046,6 +3047,13 @@ static int ram_load_setup(QEMUFile *f, void *opaque)
 static int ram_load_cleanup(void *opaque)
 {
 RAMBlock *rb;
+
+RAMBLOCK_FOREACH_MIGRATABLE(rb) {
+if (ramblock_is_pmem(rb)) {
+pmem_persist(rb->host, rb->used_length);
+}
+}
+
 xbzrle_load_cleanup();
 compress_threads_load_cleanup();

diff --git a/stubs/pmem.c b/stubs/pmem.c
index b4ec72d..f794262 100644
--- a/stubs/pmem.c
+++ b/stubs/pmem.c
@@ -17,3 +17,7 @@ void *pmem_memcpy_persist(void *pmemdest, const void *src, 
size_t len)
 {
 return memcpy(pmemdest, src, len);
 }
+
+void pmem_persist(const void *addr, size_t len)
+{
+}
--
2.7.4

[Qemu-devel] [PATCH V6 RESEND 7/7] migration/ram: ensure write persistence on loading all data to PMEM.

[junyan . he]

From: Junyan He 

Because we need to make sure the pmem kind memory data is synced
after migration, we choose to call pmem_persist() when the migration
finish. This will make sure the data of pmem is safe and will not
lose if power is off.

Signed-off-by: Junyan He 
---
 include/qemu/pmem.h | 1 +
 migration/ram.c | 8 
 stubs/pmem.c| 4 
 3 files changed, 13 insertions(+)

diff --git a/include/qemu/pmem.h b/include/qemu/pmem.h
index 00d6680..8f52b08 100644
--- a/include/qemu/pmem.h
+++ b/include/qemu/pmem.h
@@ -17,6 +17,7 @@
 #else  /* !CONFIG_LIBPMEM */
 
 void *pmem_memcpy_persist(void *pmemdest, const void *src, size_t len);
+void pmem_persist(const void *addr, size_t len);
 
 #endif /* CONFIG_LIBPMEM */
 
diff --git a/migration/ram.c b/migration/ram.c
index aa0c6f0..15418c2 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -33,6 +33,7 @@
 #include "qemu/bitops.h"
 #include "qemu/bitmap.h"
 #include "qemu/main-loop.h"
+#include "qemu/pmem.h"
 #include "xbzrle.h"
 #include "ram.h"
 #include "migration.h"
@@ -3046,6 +3047,13 @@ static int ram_load_setup(QEMUFile *f, void *opaque)
 static int ram_load_cleanup(void *opaque)
 {
 RAMBlock *rb;
+
+RAMBLOCK_FOREACH_MIGRATABLE(rb) {
+if (ramblock_is_pmem(rb)) {
+pmem_persist(rb->host, rb->used_length);
+}
+}
+
 xbzrle_load_cleanup();
 compress_threads_load_cleanup();
 
diff --git a/stubs/pmem.c b/stubs/pmem.c
index b4ec72d..f794262 100644
--- a/stubs/pmem.c
+++ b/stubs/pmem.c
@@ -17,3 +17,7 @@ void *pmem_memcpy_persist(void *pmemdest, const void *src, 
size_t len)
 {
 return memcpy(pmemdest, src, len);
 }
+
+void pmem_persist(const void *addr, size_t len)
+{
+}
-- 
2.7.4

Re: [Qemu-devel] [RFC v2 11/12] Add virtio-gpu vhost-user backend

[Marc-André Lureau]

On Fri, Jun 8, 2018 at 7:25 PM, Marc-André Lureau
 wrote:
> Hi
>
> On Mon, Jun 4, 2018 at 11:37 AM, Gerd Hoffmann  wrote:
>> On Fri, Jun 01, 2018 at 06:27:48PM +0200, Marc-André Lureau wrote:
>>> Add to virtio-gpu devices a "vhost-user" property. When set, the
>>> associated vhost-user backend is used to handle the virtio rings.
>>>
>>> For now, a socketpair is created for the backend to share the rendering
>>> results with qemu via a simple VHOST_GPU protocol.
>>
>> Why this isn't a separate device, like vhost-user-input-pci?
>
> Ok, let's have vhost-user-gpu-pci and vhost-user-vga, inheriting from
> existing devices.
>
>>> +typedef struct VhostGpuUpdate {
>>> +uint32_t scanout_id;
>>> +uint32_t x;
>>> +uint32_t y;
>>> +uint32_t width;
>>> +uint32_t height;
>>> +uint8_t data[];
>>> +} QEMU_PACKED VhostGpuUpdate;
>>
>> Hmm, when designing a new protocol I think we can do better than just
>> squeering the pixels into a tcp stream.  Use shared memory instead?  Due
>> to vhost we are limited to linux anyway, so we might even consider stuff
>> like dmabufs here.
>
> Well, my goal is not to invent a new spice or wayland protocol :) I
> don't care much about 2d performance at this point, more about 3d. Can
> we leave 2d improvements for another day? Beside, what would dmabuf
> bring us for 2d compared to shmem?
>
> There seems to be a lot of overhead with the roundtrip vhost-user ->
> qemu -> spice worker -> spice client -> wayland/x11 -> gpu already
> (but this isn't necessarily so bad at 60fps or less).
> Ideally, I would like to bypass qemu & spice for local rendering, but
> I don't think wayland support that kind of nested window composition
> (at least tracking messages weston --nested doesn't show that kind of
> optimization).
>
> FWIW, here are some Unigine Heaven 4.0 benchmarks (probably within +-10%):
>
> qemu-gtk/egl+virtio-gpu: fps:2.6/ score: 64
> qemu-gtk/egl+vhost-user-gpu: fps:12.9 / score: 329
>
> spice+virtio-gpu: fps:2.8 / score: 70
> spice+vhost-user-gpu: fps:12.1 / score: 304
>
> That should give an extra motivation :)
>

(host is fps:31.1 / score:784



-- 
Marc-André Lureau

Re: [Qemu-devel] [Bug 1463812] Re: qemu-system-ppc64 V2.30 cause RHEL5.9 disk corruption

[wzis]

It seems to me that no one has really looked into the matter, I can't
find any comments,that this issue has been worked on.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1463812

Title:
  qemu-system-ppc64 V2.30 cause RHEL5.9 disk corruption

Status in QEMU:
  Incomplete

Bug description:
  copied the RHEL5.9 power disk image from qemu 1.5.3, run it under qemu 2.3.0, 
corrupted; copied again, run, corrupted again.
  Run the image on qemu 1.5.3, no problem.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1463812/+subscriptions

Re: [Qemu-devel] [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC CPU

[Moger, Babu]

> -Original Message-
> From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> Sent: Friday, June 8, 2018 2:50 PM
> To: Moger, Babu 
> Cc: ge...@hostfission.com; k...@vger.kernel.org; m...@redhat.com;
> k...@tripleback.net; mtosa...@redhat.com; xiaoguangr...@tencent.com;
> qemu-devel@nongnu.org; Juan Quintela ;
> pbonz...@redhat.com; r...@twiddle.net
> Subject: Re: [Qemu-devel] [PATCH v12 3/4] i386: Enable TOPOEXT feature on
> AMD EPYC CPU
> 
> On Fri, Jun 08, 2018 at 07:36:05PM +, Moger, Babu wrote:
> >
> > > -Original Message-
> > > From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> > > Sent: Friday, June 8, 2018 2:23 PM
> > > To: Moger, Babu 
> > > Cc: m...@redhat.com; marcel.apfelb...@gmail.com;
> pbonz...@redhat.com;
> > > r...@twiddle.net; mtosa...@redhat.com; qemu-devel@nongnu.org;
> > > k...@vger.kernel.org; k...@tripleback.net; ge...@hostfission.com;
> Juan
> > > Quintela ; xiaoguangr...@tencent.com
> > > Subject: Re: [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC
> > > CPU
> > >
> > > On Fri, Jun 08, 2018 at 06:40:16PM +, Moger, Babu wrote:
> > > > Hi Eduardo,
> > > > Sorry for the late response. Got pulled into something else.
> > > >
> > > > > -Original Message-
> > > > > From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> > > > > Sent: Wednesday, June 6, 2018 5:40 PM
> > > > > To: Moger, Babu 
> > > > > Cc: m...@redhat.com; marcel.apfelb...@gmail.com;
> > > pbonz...@redhat.com;
> > > > > r...@twiddle.net; mtosa...@redhat.com; qemu-devel@nongnu.org;
> > > > > k...@vger.kernel.org; k...@tripleback.net; ge...@hostfission.com
> > > > > Subject: Re: [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD
> EPYC
> > > > > CPU
> > > > >
> > > > > On Wed, Jun 06, 2018 at 10:36:45AM -0400, Babu Moger wrote:
> > > > > > Enable TOPOEXT feature on EPYC CPU. This is required to support
> > > > > > hyperthreading on VM guests. Also extend xlevel to 0x801E.
> > > > > >
> > > > > > Disable TOPOEXT feature for legacy machines.
> > > > > >
> > > > > > Signed-off-by: Babu Moger 
> > > > >
> > > > > Now, I just noticed we have a problem here:
> > > > >
> > > > > "-machine pc -cpu EPYC -smp 64" works today
> > > > >
> > > > > This patch makes it stop working, but it shouldn't.
> > > >
> > > > No. It works fine. I have tested it.
> > >
> > > This doesn't sound right.  The code in this series will error out
> > > of TOPOEXT is enabled and you have more than 64 VCPUs.
> > >
> > > But I just noticed we have a bug introduced by:
> >
> > Oh.. Ok..  Let me retry again with the new patch.
> >
> > >
> > > commit f548222c24342ca74689de7794f9006b43f86a54
> > > Author: Xiao Guangrong 
> > > Date:   Thu May 3 16:06:11 2018 +0800
> > >
> > > migration: introduce decompress-error-check
> > >
> > > QEMU 3.0 enables strict check for compression & decompression to
> > > make the migration more robust, that depends on the source to fix
> > > the internal design which triggers the unexpected error conditions
> > >
> > > To make it work for migrating old version QEMU to 2.13 QEMU, we
> > > introduce this parameter to disable the error check on the
> > > destination which is the default behavior of the machine type
> > > which is older than 2.13, alternately, the strict check can be
> > > enabled explicitly as followings:
> > >   -M pc-q35-2.11 -global migration.decompress-error-check=true
> > >
> > > Signed-off-by: Xiao Guangrong 
> > > Reviewed-by: Juan Quintela 
> > > Signed-off-by: Juan Quintela 
> > >
> > > This commits added PC_COMPAT_2_12 to the 3.0 machine-types.
> > > Because of this bug, TOPOEXT is being unconditionally disabled on
> > > all machine-types, unless I apply the fix below:
> > >
> > >
> > > diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> > > index 3d81136065..b4c5b03274 100644
> > > --- a/hw/i386/pc_piix.c
> > > +++ b/hw/i386/pc_piix.c
> > > @@ -430,7 +430,6 @@ static void
> > > pc_i440fx_3_0_machine_options(MachineClass *m)
> > >  pc_i440fx_machine_options(m);
> > >  m->alias = "pc";
> > >  m->is_default = 1;
> > > -SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
> > >  }
> > >
> > >  DEFINE_I440FX_MACHINE(v3_0, "pc-i440fx-3.0", NULL,
> > > diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> > > index b60cbb9266..83d6d75efa 100644
> > > --- a/hw/i386/pc_q35.c
> > > +++ b/hw/i386/pc_q35.c
> > > @@ -312,7 +312,6 @@ static void
> > > pc_q35_3_0_machine_options(MachineClass *m)
> > >  {
> > >  pc_q35_machine_options(m);
> > >  m->alias = "q35";
> > > -SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
> > >  }
> > >
> > >  DEFINE_Q35_MACHINE(v3_0, "pc-q35-3.0", NULL,
> > >
> > > >
> > > > >
> > > > > On the other hand, I believe you expect:
> > > > > * "-machine pc -cpu EPYC -smp 8" to automatically enable topoext.
> > > > Yes. Only on new machines-types
> > > > > * "-machine pc -cpu Opteron_G1 -smp 8" to not enable topoext.
> > > > Yes.
> > > > > * What about "-machine -cpu Opteron_G1 -smp 8,threads=2"?

[Qemu-devel] [PATCH v13 4/5] i386: Verify and enable topoext feature if supported

[Babu Moger]

If the CPU model supports topoext feature, enabled the
feature automatically if it can be supported.

Signed-off-by: Babu Moger 
---
 target/i386/cpu.c | 40 
 1 file changed, 40 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 4dd9a82..88bc73d 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4763,6 +4763,33 @@ static int x86_cpu_filter_features(X86CPU *cpu)
 #define IS_AMD_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_AMD_1 && \
  (env)->cpuid_vendor2 == CPUID_VENDOR_AMD_2 && \
  (env)->cpuid_vendor3 == CPUID_VENDOR_AMD_3)
+/*
+ * Check if we can support this topology
+ * Fail if number of cores are beyond the supported config
+ * or nr_threads is more than 2
+ */
+static int topology_supports_topoext(int nr_cores, int nr_threads,
+Error **errp)
+{
+if (nr_cores > (MAX_CORES_IN_NODE * MAX_NODES_PER_SOCKET)) {
+error_setg(errp, "TOPOEXT unsupported with %d cores per socket",
+   nr_cores);
+error_append_hint(errp, "TOPOEXT supports only up to %d cores per"
+  " socket\n",
+  (MAX_CORES_IN_NODE * MAX_NODES_PER_SOCKET));
+return false;
+}
+
+if (nr_threads > 2) {
+error_setg(errp, "TOPOEXT unsupported with %d threads per core",
+   nr_threads);
+error_append_hint(errp, "TOPOEXT supports only up to 2 threads"
+  " per core\n");
+return false;
+}
+return true;
+}
+
 static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
@@ -4953,6 +4980,19 @@ static void x86_cpu_realizefn(DeviceState *dev, Error 
**errp)
 
 qemu_init_vcpu(cs);
 
+if (cpu->auto_topoext &&
+!(env->user_features[FEAT_8000_0001_ECX] & CPUID_EXT3_TOPOEXT)) {
+if (cs->nr_cores <= (MAX_CORES_IN_NODE * MAX_NODES_PER_SOCKET) &&
+(cs->nr_threads <= 2)) {
+env->features[FEAT_8000_0001_ECX] |= CPUID_EXT3_TOPOEXT;
+}
+}
+
+if ((env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_TOPOEXT) &&
+!topology_supports_topoext(cs->nr_cores, cs->nr_threads, errp)) {
+return;
+}
+
 /* Only Intel CPUs support hyperthreading. Even though QEMU fixes this
  * issue by adjusting CPUID__0001_EBX and CPUID_8000_0008_ECX
  * based on inputs (sockets,cores,threads), it is still better to gives
-- 
1.8.3.1

[Qemu-devel] [PATCH v13 1/5] i386: Add support for CPUID_8000_001E for AMD

[Babu Moger]

Add support for cpuid leaf CPUID_8000_001E. Build the config that closely
match the underlying hardware. Please refer to the Processor Programming
Reference (PPR) for AMD Family 17h Model for more details.

Signed-off-by: Babu Moger 
---
 target/i386/cpu.c | 86 +++
 1 file changed, 86 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 1e69e68..86fb1a4 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -427,6 +427,87 @@ static void encode_cache_cpuid801d(CPUCacheInfo 
*cache, CPUState *cs,
(cache->complex_indexing ? CACHE_COMPLEX_IDX : 0);
 }
 
+/* Data structure to hold the configuration info for a given core index */
+struct core_topology {
+/* core complex id of the current core index */
+int ccx_id;
+/*
+ * Adjusted core index for this core in the topology
+ * This can be 0,1,2,3 with max 4 cores in a core complex
+ */
+int core_id;
+/* Node id for this core index */
+int node_id;
+/* Number of nodes in this config */
+int num_nodes;
+};
+
+/*
+ * Build the configuration closely match the EPYC hardware. Using the EPYC
+ * hardware configuration values (MAX_CCX, MAX_CORES_IN_CCX, MAX_CORES_IN_NODE)
+ * right now. This could change in future.
+ * nr_cores : Total number of cores in the config
+ * core_id  : Core index of the current CPU
+ * topo : Data structure to hold all the config info for this core index
+ */
+static void build_core_topology(int nr_cores, int core_id,
+struct core_topology *topo)
+{
+int nodes, cores_in_ccx;
+
+/* First get the number of nodes required */
+nodes = nodes_in_socket(nr_cores);
+
+cores_in_ccx = cores_in_core_complex(nr_cores);
+
+topo->node_id = core_id / (cores_in_ccx * MAX_CCX);
+topo->ccx_id = (core_id % (cores_in_ccx * MAX_CCX)) / cores_in_ccx;
+topo->core_id = core_id % cores_in_ccx;
+topo->num_nodes = nodes;
+}
+
+/* Encode cache info for CPUID[801E] */
+static void encode_topo_cpuid801e(CPUState *cs, X86CPU *cpu,
+   uint32_t *eax, uint32_t *ebx,
+   uint32_t *ecx, uint32_t *edx)
+{
+struct core_topology topo = {0};
+
+build_core_topology(cs->nr_cores, cpu->core_id, );
+*eax = cpu->apic_id;
+/*
+ * CPUID_Fn801E_EBX
+ * 31:16 Reserved
+ * 15:8  Threads per core (The number of threads per core is
+ *   Threads per core + 1)
+ *  7:0  Core id (see bit decoding below)
+ *   SMT:
+ *   4:3 node id
+ * 2 Core complex id
+ *   1:0 Core id
+ *   Non SMT:
+ *   5:4 node id
+ * 3 Core complex id
+ *   1:0 Core id
+ */
+if (cs->nr_threads - 1) {
+*ebx = ((cs->nr_threads - 1) << 8) | (topo.node_id << 3) |
+(topo.ccx_id << 2) | topo.core_id;
+} else {
+*ebx = (topo.node_id << 4) | (topo.ccx_id << 3) | topo.core_id;
+}
+/*
+ * CPUID_Fn801E_ECX
+ * 31:11 Reserved
+ * 10:8  Nodes per processor (Nodes per processor is number of nodes + 1)
+ *  7:0  Node id (see bit decoding below)
+ * 2  Socket id
+ *   1:0  Node id
+ */
+*ecx = ((topo.num_nodes - 1) << 8) | (cpu->socket_id << 2) | topo.node_id;
+*edx = 0;
+}
+
 /*
  * Definitions of the hardcoded cache entries we expose:
  * These are legacy cache values. If there is a need to change any
@@ -4120,6 +4201,11 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 break;
 }
 break;
+case 0x801E:
+assert(cpu->core_id <= 255);
+encode_topo_cpuid801e(cs, cpu,
+  eax, ebx, ecx, edx);
+break;
 case 0xC000:
 *eax = env->cpuid_xlevel2;
 *ebx = 0;
-- 
1.8.3.1

[Qemu-devel] [PATCH v13 5/5] i386: Remove generic SMT thread check

[Babu Moger]

Remove generic non-intel check while validating hyperthreading support.
Certain AMD CPUs can support hyperthreading now.

CPU family with TOPOEXT feature can support hyperthreading now.

Signed-off-by: Babu Moger 
Tested-by: Geoffrey McRae 
Reviewed-by: Eduardo Habkost 
---
 target/i386/cpu.c | 17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 88bc73d..a55e501 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4993,17 +4993,22 @@ static void x86_cpu_realizefn(DeviceState *dev, Error 
**errp)
 return;
 }
 
-/* Only Intel CPUs support hyperthreading. Even though QEMU fixes this
- * issue by adjusting CPUID__0001_EBX and CPUID_8000_0008_ECX
- * based on inputs (sockets,cores,threads), it is still better to gives
+/*
+ * Most Intel and certain AMD CPUs support hyperthreading. Even though QEMU
+ * fixes this issue by adjusting CPUID__0001_EBX and 
CPUID_8000_0008_ECX
+ * based on inputs (sockets,cores,threads), it is still better to give
  * users a warning.
  *
  * NOTE: the following code has to follow qemu_init_vcpu(). Otherwise
  * cs->nr_threads hasn't be populated yet and the checking is incorrect.
  */
-if (!IS_INTEL_CPU(env) && cs->nr_threads > 1 && !ht_warned) {
-error_report("AMD CPU doesn't support hyperthreading. Please configure"
- " -smp options properly.");
+ if (IS_AMD_CPU(env) &&
+ !(env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_TOPOEXT) &&
+ cs->nr_threads > 1 && !ht_warned) {
+error_report("This family of AMD CPU doesn't support "
+ "hyperthreading(%d). Please configure -smp "
+ "options properly or try enabling topoext feature.",
+ cs->nr_threads);
 ht_warned = true;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PATCH v13 0/5] i386: Enable TOPOEXT to support hyperthreading on AMD CPU

[Babu Moger]

This series enables the TOPOEXT feature for AMD CPUs. This is required to
support hyperthreading on kvm guests.

This addresses the issues reported in these bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1481253
https://bugs.launchpad.net/qemu/+bug/1703506 

v13:
 Patches are based off of Eduardo's git://github.com/ehabkost/qemu.git x86-next.
 Some of the patches are queued already. Submitting remaining series.
 Summary of changes.
 1.Fixed the error format if the topology cannot be supported.
 2.Fixed the compatibility issues with old cpu models and new machine types.
   Here is the discussion thread.
   Here is the discussion thread. 
https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01239.html
 3.I am still testing it. But sending it to get review feedback.

v12:
 Patches are based off of Eduardo's git://github.com/ehabkost/qemu.git x86-next.
 Some of the patches are queued already. Submitting remaining series.

 Summary of changes.
 1.Added more comments explaining CPUID_Fn801E bit definitions.
 2.Split the patch into separate patch to check the topology. Moved the code to
   x86_cpu_realizefn. Display the error if topoext feature cannot be enabled.
 3.Few more text corrections.

v11:
 Patches are based off of Eduardo's git://github.com/ehabkost/qemu.git x86-next.
 Summary of changes.
 1.Added more comments explaining different constants and variables.
 2.Removed NUM_SHARING_CACHE macro and made the code simpler.
 3.Changed the function name num_sharing_l3_cache to cores_in_core_complex.
   This function is actually finding the number of cores in a core complex.
   Purpose here is to re-use the code in couple more places.
 4.Added new function nodes_in_socket to find number of nodes in the config.
   Purpose here is to re-use the code.
 5.Used DIV_ROUND_UP wherever applicable.
 6.Renamed few constants and functions to generic names.
 7.Few more text corrections.
 
v10:
 Based the patches on Eduardo's git://github.com/ehabkost/qemu.git x86-next
 Some of the earlier patches are already queued. So, submitting the rest of
 the series here. This series adds complete redesign of the cpu topology.
 Based on user given parameter, we try to build topology very close to the
 hardware. Maintains symmetry as much as possible. Added new function
 epyc_build_topology to build the topology based on user given nr_cores,
 nr_threads.
 Summary of changes.
 1. Build the topology dinamically based on nr_cores and nr_threads
 2. Added new epyc_build_topology to build the new topology.
 3. Added new function num_sharing_l3_cache to calculate the L3 sharing
 4. Added a check to verify the topology. Disabled the TOPOEXT if the
topology cannot be built.

v9:
 Based the patches on Eduardo's git://github.com/ehabkost/qemu.git x86-next
 tree. Following 3 patches from v8 are already queued.
  i386: Add cache information in X86CPUDefinition
  i386: Initialize cache information for EPYC family processors
  i386: Helpers to encode cache information consistently
 So, submitting the rest of the series here.

 Changes:
 1. Included Eduardo's clean up patch
 2. Added 2.13 machine types
 3. Disabled topoext for 2.12 and below versions.
 4. Added the assert to core_id as discussed.

v8:
 Addressed feedback from Eduardo. Thanks Eduardo for being patient with me.
 Tested on AMD EPYC server and also did some basic testing on intel box.
 Summary of changes.
 1. Reverted back l2 cache associativity. Kept it same as legacy.
 2. Changed cache_info structure in X86CPUDefinition and CPUX86State to 
pointers.
 3. Added legacy_cache property in PC_COMPAT_2_12 and initialized legacy_cache
based on static cache_info availability.
 4. Squashed patch 4 and 5 and applied it before patch 3.
 5. Added legacy cache check for cpuid[2] and cpuid[4] for consistancy.
 6. Simplified NUM_SHARING_CACHE definition for readability,
 7. Removed assert for core_id as it appeared redundant.
 8. Simplified encode_cache_cpuid801d little bit.
 9. Few more minor changes

v7:
 Rebased on top of latest tree after 2.12 release and done few basic tests. 
There are
 no changes except for few minor hunks. Hopefully this gets pulled into 2.13 
release.
 Please review, let me know of any feedback.

v6:
1.Fixed problem with patch#4(Add new property to control cache info). The 
parameter
 legacy_cache should be "on" by default on machine type "pc-q35-2.10". This was
 found by Alexandr Iarygin.
2.Fixed the l3 cache size for EPYC based machines(patch#3). Also, fixed the 
number of
 logical processors sharing the cache(patch#6). Only L3 cache is shared by 
multiple
 cores but not L1 or L2. This was a bug while decoding. This was found by 
Geoffrey McRae
 and he verified the fix. 

v5:
 In this series I tried to address the feedback from Eduardo Habkost.
 The discussion thread is here.
 https://patchwork.kernel.org/patch/10299745/
 The previous thread is here.
 http://patchwork.ozlabs.org/cover/884885/

Reason for these changes.
 The cache properties for AMD 

[Qemu-devel] [PATCH v13 2/5] i386: Introduce auto_topoext bit to manage topoext

[Babu Moger]

Introduce the auto_topoext bit to to control topoext feature.

Also add new field auto_topoext(in X86CPUDefinition). This will
be used to enable topoext on newer CPU models where topoext can
be supported.

Signed-off-by: Babu Moger 
---
 include/hw/i386/pc.h |  4 
 target/i386/cpu.c| 12 
 target/i386/cpu.h|  5 +
 3 files changed, 21 insertions(+)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 04d1f8c..cc30ec3 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -303,6 +303,10 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 .driver   = TYPE_X86_CPU,\
 .property = "legacy-cache",\
 .value= "on",\
+},{\
+.driver   = TYPE_X86_CPU,\
+.property = "auto-topoext",\
+.value= "off",\
 },
 
 #define PC_COMPAT_2_11 \
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 86fb1a4..d3411ed 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1283,6 +1283,8 @@ struct X86CPUDefinition {
 FeatureWordArray features;
 const char *model_id;
 CPUCaches *cache_info;
+/* Set it if topoext can be enabled in CPU models */
+int auto_topoext;
 };
 
 static CPUCaches epyc_cache_info = {
@@ -3517,6 +3519,9 @@ static void x86_cpu_load_def(X86CPU *cpu, 
X86CPUDefinition *def, Error **errp)
 /* legacy-cache defaults to 'off' if CPU model provides cache info */
 cpu->legacy_cache = !def->cache_info;
 
+/* Set auto_topoext if both machine property and CPU model supports it */
+cpu->auto_topoext =  cpu->auto_topoext & def->auto_topoext;
+
 /* Special cases not set in the X86CPUDefinition structs: */
 /* TODO: in-kernel irqchip for hvf */
 if (kvm_enabled()) {
@@ -5382,6 +5387,13 @@ static Property x86_cpu_properties[] = {
 DEFINE_PROP_BOOL("legacy-cache", X86CPU, legacy_cache, true),
 
 /*
+ * auto-topoext property will be used to enable topoext feature.
+ * This will be disabled on all the older CPU models. Will be
+ * enabled on newer CPU modeles which can support topology extention.
+ */
+ DEFINE_PROP_BOOL("auto-topoext", X86CPU, auto_topoext, false),
+
+/*
  * From "Requirements for Implementing the Microsoft
  * Hypervisor Interface":
  * 
https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 89c82be..8783d36 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1409,6 +1409,11 @@ struct X86CPU {
  */
 bool legacy_cache;
 
+/* Compatibility bits to enable topoext feature on all newer machines
+ * Disabled on older machines. Enabled on newer CPU models
+ */
+bool auto_topoext;
+
 /* Compatibility bits for old machine types: */
 bool enable_cpuid_0xb;
 
-- 
1.8.3.1

[Qemu-devel] [PATCH v13 3/5] i386: Enable TOPOEXT feature on AMD EPYC CPU

[Babu Moger]

Enable TOPOEXT feature on EPYC CPU. This is required to support
hyperthreading on VM guests. Also extend xlevel to 0x801E.

TOPOEXT feature is disabled for legacy machines.

Signed-off-by: Babu Moger 
---
 target/i386/cpu.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index d3411ed..4dd9a82 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2574,6 +2574,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
 .xlevel = 0x800A,
 .model_id = "AMD EPYC Processor",
 .cache_info = _cache_info,
+.auto_topoext = 1,
 },
 {
 .name = "EPYC-IBPB",
@@ -2621,6 +2622,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
 .xlevel = 0x800A,
 .model_id = "AMD EPYC Processor (with IBPB)",
 .cache_info = _cache_info,
+.auto_topoext = 1,
 },
 };
 
@@ -4672,6 +4674,11 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error 
**errp)
 x86_cpu_adjust_level(cpu, >cpuid_min_xlevel, 0x800A);
 }
 
+/* TOPOEXT feature requires 0x801E */
+if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_TOPOEXT) {
+x86_cpu_adjust_level(cpu, >cpuid_min_xlevel, 0x801E);
+}
+
 /* SEV requires CPUID[0x801F] */
 if (sev_enabled()) {
 x86_cpu_adjust_level(cpu, >cpuid_min_xlevel, 0x801F);
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v6 00/49] fix building of tests/tcg

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180608123307.24773-1-alex.ben...@linaro.org
Subject: [Qemu-devel] [PATCH v6 00/49] fix building of tests/tcg

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/20180608123307.24773-1-alex.ben...@linaro.org -> 
patchew/20180608123307.24773-1-alex.ben...@linaro.org
Switched to a new branch 'test'
a3b42cec1c .travis.yml: add check-tcg test
9311c8f413 tests/docker: prevent sub-makes re-building debian-sid
09ca6d8e3b tests: add top-level make dependency for docker builds
2e879d658a target/sh4: Fix translator.c assertion failure for gUSA
0af702f272 tests/tcg: override runners for broken tests
7aaea5aa91 tests/tcg: add run, diff, and skip helper macros
e0eaf5b9a7 tests/Makefile.include: add [build|clean|check]-tcg targets
14fd002c16 Makefile.target: add (clean-/build-)guest-tests targets
3d0926618b tests/tcg/Makefile: update to be called from Makefile.target
c88f115914 tests/tcg: enable building for PowerPC
b563a10aac docker: move debian-powerpc-cross to sid based build
734d1f7ede tests/tcg: enable building for RISCV64
22bf732b43 tests/tcg: enable building for mips64
9b84cd6979 tests/tcg: enable building for sparc64
fefb20a640 tests/tcg: enable building for sh4
54483dadbf tests/tcg: enable building for m68k
605c4d05e0 tests/tcg: enable building for HPPA
39c366d478 tests/tcg/alpha: add Alpha specific tests
d007a1df09 tests/tcg: enable building for Alpha
da85acf3b9 tests/tcg: enable building for ppc64
275041e496 tests/tcg: enable building for s390x
76b1b57115 tests/tcg/mips: include common mips hello-mips
3001eff269 tests/tcg: enable building for MIPS
fc2f8e7d15 tests/tcg: move MIPS specific tests into subdir
68015cff55 tests/tcg/arm: add fcvt test cases for AArch32/64
6cf0b6d54f tests/tcg: enable building for AArch64
82a59304e2 tests/tcg/arm: fix up test-arm-iwmmxt test
2d3d6eb162 tests/tcg: enable building for ARM
1010d901f6 tests/tcg: move ARM specific tests into subdir
03414050fb tests/tcg/i386/test-i386: fix printf format
18dc0dd9c2 tests/tcg/i386/test-i386: use modern vector_size attributes
b1060c7415 tests/tcg/x86_64: add Makefile.target
f23ed58cdd tests/tcg/i386: add runner for test-i386-fprem
0d5ea512bb tests/tcg/i386: fix test-i386
6e69457c08 tests/tcg/i386: Build fix for hello-i386
c50f3d900e tests/tcg: enable building for i386
aab757d75e tests/tcg: move i386 specific tests into subdir
d76905d84c tests/tcg/multiarch: move most output to stdout
9138f45c68 tests/tcg/multiarch: enable additional linux-test tests
ced507e550 tests/tcg/multiarch: Build fix for linux-test
02861f0e01 tests/tcg: move architecture independent tests into subdir
2e91417605 docker: Makefile.include introduce DOCKER_SCRIPT
95e4639b49 docker: allow "cc" command to run in user context
638a3973fc docker: extend "cc" command to accept compiler
814faf606c docker: Add "cc" subcommand
cb7522263d configure: set cross_cc_FOO for host compiler
750b722573 configure: allow user to specify --cross-cc-cflags-foo=
00ce60af25 configure: move i386_cc to cross_cc_i386
badb0ec98b configure: add support for --cross-cc-FOO

=== OUTPUT BEGIN ===
Checking PATCH 1/49: configure: add support for --cross-cc-FOO...
Checking PATCH 2/49: configure: move i386_cc to cross_cc_i386...
Checking PATCH 3/49: configure: allow user to specify --cross-cc-cflags-foo=...
Checking PATCH 4/49: configure: set cross_cc_FOO for host compiler...
Checking PATCH 5/49: docker: Add "cc" subcommand...
Checking PATCH 6/49: docker: extend "cc" command to accept compiler...
Checking PATCH 7/49: docker: allow "cc" command to run in user context...
Checking PATCH 8/49: docker: Makefile.include introduce DOCKER_SCRIPT...
Checking PATCH 9/49: tests/tcg: move architecture independent tests into 
subdir...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#138: 
new file mode 100644

total: 0 errors, 1 warnings, 136 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 10/49: tests/tcg/multiarch: Build fix for linux-test...
ERROR: if this code is redundant consider removing it
#156: FILE: tests/tcg/multiarch/linux-test.c:323:
+#if 0

total: 1 errors, 0 warnings, 185 lines checked

Your patch has style 

Re: [Qemu-devel] [RFC untested PATCH] i386/cpu: make -cpu host support monitor/mwait

[no-reply]

Hi,

This series failed docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20180608205830.308627-1-...@redhat.com
Subject: [Qemu-devel] [RFC untested PATCH] i386/cpu: make -cpu host support 
monitor/mwait

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
3b1c49308c i386/cpu: make -cpu host support monitor/mwait

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-b0ch0y2u/src/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
  BUILD   fedora
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-b0ch0y2u/src'
  GEN 
/var/tmp/patchew-tester-tmp-b0ch0y2u/src/docker-src.2018-06-08-17.19.44.2407/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-b0ch0y2u/src/docker-src.2018-06-08-17.19.44.2407/qemu.tar.vroot'...
done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-b0ch0y2u/src/docker-src.2018-06-08-17.19.44.2407/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-b0ch0y2u/src/docker-src.2018-06-08-17.19.44.2407/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-mingw in qemu:fedora 
Packages installed:
SDL2-devel-2.0.8-5.fc28.x86_64
bc-1.07.1-5.fc28.x86_64
bison-3.0.4-9.fc28.x86_64
bluez-libs-devel-5.49-3.fc28.x86_64
brlapi-devel-0.6.7-12.fc28.x86_64
bzip2-1.0.6-26.fc28.x86_64
bzip2-devel-1.0.6-26.fc28.x86_64
ccache-3.4.2-2.fc28.x86_64
clang-6.0.0-5.fc28.x86_64
device-mapper-multipath-devel-0.7.4-2.git07e7bd5.fc28.x86_64
findutils-4.6.0-19.fc28.x86_64
flex-2.6.1-7.fc28.x86_64
gcc-8.1.1-1.fc28.x86_64
gcc-c++-8.1.1-1.fc28.x86_64
gettext-0.19.8.1-14.fc28.x86_64
git-2.17.1-2.fc28.x86_64
glib2-devel-2.56.1-3.fc28.x86_64
glusterfs-api-devel-4.0.2-1.fc28.x86_64
gnutls-devel-3.6.2-1.fc28.x86_64
gtk3-devel-3.22.30-1.fc28.x86_64
hostname-3.20-3.fc28.x86_64
libaio-devel-0.3.110-11.fc28.x86_64
libasan-8.1.1-1.fc28.x86_64
libattr-devel-2.4.47-23.fc28.x86_64
libcap-devel-2.25-9.fc28.x86_64
libcap-ng-devel-0.7.9-1.fc28.x86_64
libcurl-devel-7.59.0-3.fc28.x86_64
libfdt-devel-1.4.6-4.fc28.x86_64
libpng-devel-1.6.34-3.fc28.x86_64
librbd-devel-12.2.5-1.fc28.x86_64
libssh2-devel-1.8.0-7.fc28.x86_64
libubsan-8.1.1-1.fc28.x86_64
libusbx-devel-1.0.21-6.fc28.x86_64
libxml2-devel-2.9.7-4.fc28.x86_64
llvm-6.0.0-11.fc28.x86_64
lzo-devel-2.08-12.fc28.x86_64
make-4.2.1-6.fc28.x86_64
mingw32-SDL2-2.0.5-3.fc27.noarch
mingw32-bzip2-1.0.6-9.fc27.noarch
mingw32-curl-7.57.0-1.fc28.noarch
mingw32-glib2-2.54.1-1.fc28.noarch
mingw32-gmp-6.1.2-2.fc27.noarch
mingw32-gnutls-3.5.13-2.fc27.noarch
mingw32-gtk3-3.22.16-1.fc27.noarch
mingw32-libjpeg-turbo-1.5.1-3.fc27.noarch
mingw32-libpng-1.6.29-2.fc27.noarch
mingw32-libssh2-1.8.0-3.fc27.noarch
mingw32-libtasn1-4.13-1.fc28.noarch
mingw32-nettle-3.3-3.fc27.noarch
mingw32-pixman-0.34.0-3.fc27.noarch
mingw32-pkg-config-0.28-9.fc27.x86_64
mingw64-SDL2-2.0.5-3.fc27.noarch
mingw64-bzip2-1.0.6-9.fc27.noarch
mingw64-curl-7.57.0-1.fc28.noarch
mingw64-glib2-2.54.1-1.fc28.noarch
mingw64-gmp-6.1.2-2.fc27.noarch
mingw64-gnutls-3.5.13-2.fc27.noarch
mingw64-gtk3-3.22.16-1.fc27.noarch
mingw64-libjpeg-turbo-1.5.1-3.fc27.noarch
mingw64-libpng-1.6.29-2.fc27.noarch
mingw64-libssh2-1.8.0-3.fc27.noarch
mingw64-libtasn1-4.13-1.fc28.noarch
mingw64-nettle-3.3-3.fc27.noarch
mingw64-pixman-0.34.0-3.fc27.noarch
mingw64-pkg-config-0.28-9.fc27.x86_64
ncurses-devel-6.1-5.20180224.fc28.x86_64
nettle-devel-3.4-2.fc28.x86_64
nss-devel-3.36.1-1.1.fc28.x86_64
numactl-devel-2.0.11-8.fc28.x86_64
package PyYAML is not installed
package libjpeg-devel is not installed
perl-5.26.2-411.fc28.x86_64
pixman-devel-0.34.0-8.fc28.x86_64
python3-3.6.5-1.fc28.x86_64
snappy-devel-1.1.7-5.fc28.x86_64
sparse-0.5.2-1.fc28.x86_64
spice-server-devel-0.14.0-4.fc28.x86_64
systemtap-sdt-devel-3.2-11.fc28.x86_64
tar-1.30-3.fc28.x86_64
usbredir-devel-0.7.1-7.fc28.x86_64
virglrenderer-devel-0.6.0-4.20170210git76b3da97b.fc28.x86_64
vte3-devel-0.36.5-6.fc28.x86_64
which-2.21-8.fc28.x86_64
xen-devel-4.10.1-3.fc28.x86_64
zlib-devel-1.2.11-8.fc28.x86_64

Environment variables:
TARGET_LIST=
PACKAGES=ccache gettext git tar PyYAML sparse flex bison python3 bzip2 hostname 
gcc gcc-c++ llvm clang make perl which bc findutils glib2-devel 
libaio-devel 

Re: [Qemu-devel] [PATCH 1/2] i386: define the AMD 'amd-ssbd' CPUID feature bit

[Tom Lendacky]

On 6/6/2018 9:20 AM, Daniel P. Berrangé wrote:
> On Tue, Jun 05, 2018 at 08:31:41AM -0500, Tom Lendacky wrote:
>> On 6/4/2018 3:07 PM, Eduardo Habkost wrote:
>>> On Fri, Jun 01, 2018 at 11:38:08AM -0400, Konrad Rzeszutek Wilk wrote:
 AMD future CPUs expose _two_ ways to utilize the Intel equivalant
 of the Speculative Store Bypass Disable. The first is via
 the virtualized VIRT_SPEC CTRL MSR (0xC001_011f) and the second
 is via the SPEC_CTRL MSR (0x48). The document titled:
 124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf

 gives priority of SPEC CTRL MSR over the VIRT SPEC CTRL MSR.

 A copy of this document is available at
   https://bugzilla.kernel.org/show_bug.cgi?id=199889

 Anyhow, this means that on future AMD CPUs there will be  _two_ ways to
 deal with SSBD.
>>>
>>> Does anybody know if there are AMD CPUs where virt-ssbd won't
>>> work and would require amd-ssbd to mitigate vulnerabilities?
>>
>> The idea behind virt-ssbd was to provide an architectural method for
>> a guest to do SSBD when amd-ssbd isn't present.  The amd-ssbd feature
>> will use SPEC_CTRL which is intended to not be intercepted and
>> will be fast.  The use of virt-ssbd will always be intercepted and
>> therefore will not be as fast.  So a guest should be presented with
>> amd-ssbd, if available, in preference to virt-ssbd.
> 
> Can you clarify whether 'amd-ssbd' is also an architectural method

Yes, amd-ssbd is architectural - it is a defined CPUID bit.

Thanks,
Tom

> or not ?  ie is it safe to use 'amd-ssbd' in a guest which can be
> live migrated between different generations/families of AMD CPU,
> or must be use virt-ssbd in that case ?
> 
> 
> Regards,
> Daniel
> 

Re: [Qemu-devel] [PATCH RFC 2/2] vfio-ccw: support for halt/clear subchannel

[Halil Pasic]

On 06/08/2018 04:45 PM, Cornelia Huck wrote:

On Fri, 8 Jun 2018 15:13:28 +0200
Halil Pasic  wrote:


On 06/08/2018 02:20 PM, Cornelia Huck wrote:

My proposal is to do the same
copying to scsw(r) again, which would mean we get a request with both
the halt and the start bit set. The vfio code now needs to do a hsch
(instead of a ssch). The real channel subsystem should figure this out,
as we can't reliably check whether the start function has concluded
already (there's always a race window).

This I do not agree scsw(r) is part of the driver.
The interface here is not a device interface anymore but a driver
interface.
SCSW is a status, it is at its place in QEMU device interface with the
guest
but here pwrite() sends a command.

Hm, I rather consider that "we write a status, and the backend figures
out what to do based on that status".
   


The status of what? Kind of a target status?

I think this approach is the source of lots of complications. For instance
take xsch. How are we supposed to react to a guest xsch (in QEMU and
in the kernel module)? My guess is that the right thing to do is to issue
an xsch in the vfio-ccw kernel module on the passed through subchannel.
But there is no bit in fctl for cancel.

Bottom line is: I'm not happy with the current design but I'm not sure
if it's practical to do something about it (i.e. change it radically).


It might make sense to keep this for ssch, maybe reuse it for hsch/csch,
and think about something else for other things we want to handle
(xsch, channel monitoring, the path handling stuff for which we already
had a prototype etc.) It's probably not practical to do radical surgery
on the existing code.




I'm reluctant to have a strong opinion. As far as i can tell ssch is
functionally quite good (see in the other sub-thread the part about host
ssch cc being reflected in the guest cc). I have the feeling the
implementation is at places unnecessarily complicated and at places
confusing and misleading (e.g.  the stale comment you have mentioned).
That feeling obviously has an impact on my confidence, e.g. the
confidence of my  'quite good' above.

I definitely don't have the time for even evaluating the prospects of a
radical surgery, let alone for making it happen. IMHO the key is not
making things worse as we proceed.

But I try to keep in touch and at least voice concern when I disagree. I
have been neglecting this series of yours and I feel bad about it. I even
lost track of the discussion and the conclusions (mainly between You and
Pierre). Your scsw write-up gave me the opportunity to connect.

I will try to do more for the next version, but it really depends on what
else do I have to do in parallel.


[Speaking of which: Is there any current effort on the path handling
things?]



Dong Jia is the person with the best answers for this question. I hope
he will give us a piece of his mind about the design questions discussed
here too -- as the author he should have the best understanding of the
design decisions made.

Regards,
Halil

[Qemu-devel] [RFC untested PATCH] i386/cpu: make -cpu host support monitor/mwait

[Michael S. Tsirkin]

When guest CPU PM is enabled, and with -cpu host, expose the host CPU
MWAIT leaf to guest so guest can make good PM decisions.

Signed-off-by: Michael S. Tsirkin 
---

This builds but is untested. Is this a reasonable way to go about it?

 target/i386/cpu.h |  9 +
 target/i386/cpu.c | 18 +-
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 664504610e..309f804573 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1378,6 +1378,15 @@ struct X86CPU {
 /* if true the CPUID code directly forward host cache leaves to the guest 
*/
 bool cache_info_passthrough;
 
+/* if true the CPUID code directly forwards
+ * host monitor/mwait leaves to the guest */
+struct {
+uint32_t eax;
+uint32_t ebx;
+uint32_t ecx;
+uint32_t edx;
+} mwait;
+
 /* Features that were filtered out because of missing host capabilities */
 uint32_t filtered_features[FEATURE_WORDS];
 
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 94260412e2..a49443de56 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3760,11 +3760,11 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 }
 break;
 case 5:
-/* mwait info: needed for Core compatibility */
-*eax = 0; /* Smallest monitor-line size in bytes */
-*ebx = 0; /* Largest monitor-line size in bytes */
-*ecx = CPUID_MWAIT_EMX | CPUID_MWAIT_IBE;
-*edx = 0;
+/* MONITOR/MWAIT Leaf */
+*eax = cpu->mwait.eax; /* Smallest monitor-line size in bytes */
+*ebx = cpu->mwait.ebx; /* Largest monitor-line size in bytes */
+*ecx = cpu->mwait.ecx; /* flags */
+*edx = cpu->mwait.edx; /* mwait substates */
 break;
 case 6:
 /* Thermal and Power Leaf */
@@ -4595,6 +4595,14 @@ static void x86_cpu_realizefn(DeviceState *dev, Error 
**errp)
 goto out;
 }
 
+if (xcc->host_cpuid_required && enable_cpu_pm) {
+host_cpuid(5, 0, >mwait.eax, >mwait.ebx,
+   >mwait.ecx, >mwait.edx);
+}
+/* We always wake on interrupt even if host does not have the capability */
+/* mwait extended info: needed for Core compatibility */
+cpu->mwait.ecx |= CPUID_MWAIT_EMX | CPUID_MWAIT_IBE;
+
 if (cpu->apic_id == UNASSIGNED_APIC_ID) {
 error_setg(errp, "apic-id property was not initialized properly");
 return;
-- 
MST

Re: [Qemu-devel] [PATCH 4/4] hw/sd/omap_mmc: Reset SD card on controller reset

[Philippe Mathieu-Daudé]

On 06/08/2018 12:44 AM, Philippe Mathieu-Daudé wrote:
> On 01/09/2018 11:01 AM, Peter Maydell wrote:
>> Since omap_mmc is still using the legacy SD card API, the SD
>> card created by sd_init() is not plugged into any bus. This
>> means that the controller has to reset it manually.
>>
>> Failing to do this mostly didn't affect the guest since the
>> guest typically does a programmed SD card reset as part of
>> its SD controller driver initialization, but would mean that
>> migration fails because it's only in sd_reset() that we
>> set up the wpgrps_size field.
>>
>> Signed-off-by: Peter Maydell 
>> ---
>> This one isn't cc-stable because the OMAP boards don't
>> support migration at all anyway, being un-QOMified.
>> ---
>>  hw/sd/omap_mmc.c | 14 ++
>>  1 file changed, 10 insertions(+), 4 deletions(-)
>>
>> diff --git a/hw/sd/omap_mmc.c b/hw/sd/omap_mmc.c
>> index e934cd3..5b47cad 100644
>> --- a/hw/sd/omap_mmc.c
>> +++ b/hw/sd/omap_mmc.c
>> @@ -305,6 +305,12 @@ void omap_mmc_reset(struct omap_mmc_s *host)
>>  host->cdet_enable = 0;
>>  qemu_set_irq(host->coverswitch, host->cdet_state);
>>  host->clkdiv = 0;
>> +
>> +/* Since we're still using the legacy SD API the card is not plugged
>> + * into any bus, and we must reset it manually. When omap_mmc is
>> + * QOMified this must move into the QOM reset function.
>> + */
>> +device_reset(DEVICE(host->card));
>>  }
>>  
>>  static uint64_t omap_mmc_read(void *opaque, hwaddr offset,
>> @@ -587,8 +593,6 @@ struct omap_mmc_s *omap_mmc_init(hwaddr base,
>>  s->lines = 1;   /* TODO: needs to be settable per-board */
>>  s->rev = 1;
>>  
>> -omap_mmc_reset(s);
>> -
>>  memory_region_init_io(>iomem, NULL, _mmc_ops, s, "omap.mmc", 
>> 0x800);
>>  memory_region_add_subregion(sysmem, base, >iomem);
>>  
>> @@ -598,6 +602,8 @@ struct omap_mmc_s *omap_mmc_init(hwaddr base,
>>  exit(1);
>>  }
>>  
>> +omap_mmc_reset(s);
>> +
>>  return s;
>>  }
>>  
>> @@ -613,8 +619,6 @@ struct omap_mmc_s *omap2_mmc_init(struct 
>> omap_target_agent_s *ta,
>>  s->lines = 4;
>>  s->rev = 2;
>>  
>> -omap_mmc_reset(s);
>> -
>>  memory_region_init_io(>iomem, NULL, _mmc_ops, s, "omap.mmc",
>>omap_l4_region_size(ta, 0));
>>  omap_l4_attach(ta, 0, >iomem);
>> @@ -628,6 +632,8 @@ struct omap_mmc_s *omap2_mmc_init(struct 
>> omap_target_agent_s *ta,
>>  s->cdet = qemu_allocate_irq(omap_mmc_cover_cb, s, 0);
>>  sd_set_cb(s->card, NULL, s->cdet);
>>  
>> +omap_mmc_reset(s);
>> +
>>  return s;
>>  }
> 
> This patch broke something in the Nokia N810 tablet.

Correction, this patch is correct :)

It triggered a latent bug in omap_mmc_write(MMC_CON).

I'll submit a fix.

> 
> I used your image:
> 
> http://people.linaro.org/~peter.maydell/n8x0-images.tgz
> 
> ecd219f7abbc17b9d9170206410355bba287831f is the first bad commit
> commit ecd219f7abbc17b9d9170206410355bba287831f
> Author: Peter Maydell 
> Date:   Tue Jan 16 13:28:13 2018 +
> 
> hw/sd/omap_mmc: Reset SD card on controller reset
> 
> Signed-off-by: Peter Maydell 
> Reviewed-by: Philippe Mathieu-Daudé 
> Tested-by: Philippe Mathieu-Daudé 
> 
> Using: -append "console=ttyS1"
> 
> Before:
> 
> [1.239471] mmci-omap mmci-omap.0: command timeout (CMD52)
> [1.240356] mmci-omap mmci-omap.0: command timeout (CMD52)
> [1.253967] mmci-omap mmci-omap.0: command timeout (CMD5)
> [1.254364] mmci-omap mmci-omap.0: command timeout (CMD5)
> [1.254730] mmci-omap mmci-omap.0: command timeout (CMD5)
> [1.255096] mmci-omap mmci-omap.0: command timeout (CMD5)
> omap_dma4_write: Read-only register 0x34
> omap_dma4_write: Read-only register 0x38
> omap_dma4_write: Read-only register 0x3c
> omap_dma4_write: Read-only register 0x40
> omap_dma4_write: Read-only register 0x38
> [1.263275] mmc0: host does not support reading read-only switch.
> assuming write-enable.
> [1.264038] mmc0: new SDHC card at address 4567
> omap_uart_read: Bad register 0x34
> omap_uart_write: Bad register 0x34
> omap_uart_read: Bad register 0x34
> omap_uart_write: Bad register 0x34
> [1.327514] Waiting for root device /dev/mmcblk0p1...
> [1.329925] mmcblk0: mmc0:4567 QEMU! 1.81 GiB
> [1.333831]  mmcblk0:omap_dma4_write: Read-only register 0x38
>  p1 p2
> [1.425537] mmci-omap mmci-omap.0: command timeout (CMD52)
> [1.426727] mmci-omap mmci-omap.0: command timeout (CMD52)
> omap_dma4_write: Read-only register 0x38
> [1.478668] mmci-omap mmci-omap.0: command timeout (CMD8)
> omap_dma4_write: Read-only register 0x38
> omap_dma4_write: Read-only register 0x38
> [1.484436] mmci-omap mmci-omap.0: command timeout (CMD5)
> [1.485015] mmci-omap mmci-omap.0: command timeout (CMD5)
> [1.485595] mmci-omap mmci-omap.0: command timeout (CMD5)
> [1.486022] mmci-omap mmci-omap.0: command 

Re: [Qemu-devel] [qemu-s390x] [PATCH RFC 2/2] vfio-ccw: support for halt/clear subchannel

[Halil Pasic]

On 06/07/2018 06:34 PM, Cornelia Huck wrote:

On Thu, 7 Jun 2018 18:17:57 +0200
Halil Pasic  wrote:


On 06/07/2018 11:54 AM, Cornelia Huck wrote:

Hm, I think we need to be more precise as to what scsw we're talking
about. Bad ascii art time:

--
|   scsw(g)  |  ssch
--   |
   |   guest

[..]


(5) AFAIK this is how the current implementation works. We don't wait
for the I/O interrupt on the host to present a cc to the guest for it's
ssch.


But the vfio code does wait, no? We just signal the interrupt via
eventfd as well.



We have sorted this out in the other thread.





If the guest now does a hsch, it would trap in the same way as the ssch
before. When qemu gets control, it adds the halt bit in scsw(q) (which
is in accordance with the architecture).


(7) Again it's when is fctl set according to the architecture...


Same comment as above. If we do a hsch for a subchannel with the start
function set, we'll set cc 0.




My proposal is to do the same
copying to scsw(r) again, which would mean we get a request with both
the halt and the start bit set.


(8) IMHO when receiving the 'request' we are and should be in instruction
context -- opposed to basic io function context. So we should not set fctl
before we know what will our guest cc be. But since scsw(r) is not a real
scsw it is just strange.


I think what we are doing is really 'performing the start function' -
it's just not asynchronous in the current implementation. 


The code is written as if, especially in QEMU. But this was in my current
understanding a bad decision. The why is the following. It makes reasoning
both about architectural correctness and the code a lot trickier compared
to the interpretation of the guest instruction finishes after the host
instruction finishes (unless we can prove we don't need any) approach.



So we already know that ssch will return with cc 0.



I will use your example, and another example to explain what I mean
by tricky.

One can probably argue that setting cc 0 even if the host device
responds to the host ssch with cc 3 because the device is not any more
on the given subchannel or simply just disabled. It is probably true
that the guest would not have any means to prove that we were 'lying'
to it.

But AFAIR this is not how the current implementation works. The pwrite
in qemu basically depends on the cc of the host ssch. So if the host
ssch completes with cc 3 the vfio-ccw kernel module map ist to pwrite
reporting -ENODEV and vfio_ccw_handle_request makes sure that the
guest instruction completes with cc 3 by mapping it to return code
IOINST_CC_NOT_OPERATIONAL.

I mentioned xsch in the other thread. I don't think we can tell if
cc 0 or cc 2. In my reading xsch in simple words xsch completes with
cc 2 and does nothing else if the channel subsystem already started talking
to the cu/device. If in time it makes sure we don't start talking to the
device, and clear away stuff. So if we don't consider cc of the xsch
to be issued by the host the only safe bet seems to be cc 2. But that's
effectively getting around implementing the desired functionality of
xsch and still staying architecturally correct. Which however might
be good enough for vfio-ccw. But I think I demonstrated it's kinda
tricky business.

I prefer to avoid tricky if there is no good reason not to.

[..]



Thanks for reading!



Your welcome. The discussion is kind of taking place all over the
place. I'm actively trying to find the best place to answer, and avoid
overtalking topics -- but it does not seem to work. Please bear with me.

Regards,
Halil
 
[..]

Re: [Qemu-devel] [RFC 00/13] hw/m68k: add Apple Machintosh Quadra 800 machine

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180608200558.386-1-laur...@vivier.eu
Subject: [Qemu-devel] [RFC 00/13] hw/m68k: add Apple Machintosh Quadra 800 
machine

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
30b6069da2 dp8393x: fix receiving buffer exhaustion
a9294684d2 dp8393x: put DMA temp buffer in the state, not in the stack
8f1c639ffd dp8393x: manage big endian bus
7b43df7a43 dp8393x: fix dp8393x_receive
c87eb03bf7 hw/m68k: define Macintosh Quadra 800
742c9c5459 hw/m68k: add a dummy SWIM floppy controller
2d712f9df2 hw/m68k: add Nubus support
6fc4d6d265 ESP: add pseudo-DMA as used by Macintosh
105bc32850 hw/m68k: Apple Sound Chip (ASC) emulation
030037ad0b hw/m68k: add video card
8a99fff7de escc: introduce a selector for the register bit
20944305a6 ADB: VIA probes ADB bus when it is idle
60cce9bbe9 hw/m68k: add via support

=== OUTPUT BEGIN ===
Checking PATCH 1/13: hw/m68k: add via support...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#145: 
new file mode 100644

ERROR: space prohibited after that '&&' (ctx:WxW)
#622: FILE: hw/misc/mac_via.c:473:
+if (!(s->last_b & VIA1B_vRTCClk) && (s->b & VIA1B_vRTCClk)) {
  ^

total: 1 errors, 1 warnings, 1126 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 2/13: ADB: VIA probes ADB bus when it is idle...
Checking PATCH 3/13: escc: introduce a selector for the register bit...
Checking PATCH 4/13: hw/m68k: add video card...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#37: 
new file mode 100644

total: 0 errors, 1 warnings, 475 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 5/13: hw/m68k: Apple Sound Chip (ASC) emulation...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#21: 
new file mode 100644

total: 0 errors, 1 warnings, 517 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 6/13: ESP: add pseudo-DMA as used by Macintosh...
Checking PATCH 7/13: hw/m68k: add Nubus support...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#158: 
new file mode 100644

total: 0 errors, 1 warnings, 739 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 8/13: hw/m68k: add a dummy SWIM floppy controller...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#22: 
new file mode 100644

total: 0 errors, 1 warnings, 332 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 9/13: hw/m68k: define Macintosh Quadra 800...
Argument "m" isn't numeric in numeric eq (==) at ./scripts/checkpatch.pl line 
2665.
Argument "m" isn't numeric in numeric eq (==) at ./scripts/checkpatch.pl line 
2665.
Use of uninitialized value $1 in concatenation (.) or string at 
./scripts/checkpatch.pl line 2666.
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#110: 
new file mode 100644

WARNING: line over 80 characters
#206: FILE: hw/m68k/bootinfo.h:92:
+stw_phys(as, base, (sizeof(struct bi_record) + strlen(string) + 2) & 
~1); \

ERROR: unnecessary cast may hide bugs, use g_new0 instead
#387: FILE: hw/m68k/mac.c:168:
+s = (q800_glue_state_t *)g_malloc0(sizeof(q800_glue_state_t));

total: 1 errors, 2 warnings, 614 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 10/13: dp8393x: fix dp8393x_receive...
Checking PATCH 11/13: dp8393x: manage big endian bus...
ERROR: do not initialise statics to 0 or NULL
#31: FILE: hw/net/dp8393x.c:181:
+static const bool host_big_endian = false;

total: 1 errors, 0 warnings, 190 lines checked

Your patch has style problems, please 

Re: [Qemu-devel] [PATCH v4 0/6] NBD export

[no-reply]

Hi,

This series failed docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20180608152353.98712-1-vsement...@virtuozzo.com
Subject: [Qemu-devel] [PATCH v4 0/6] NBD export

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
9f22d89e98 docs/interop: add nbd.txt
0a7486a3ae qapi: new qmp command nbd-server-add-bitmap
b0ac84b12c nbd/server: implement dirty bitmap export
13b0fec9fa nbd/server: add nbd_meta_empty_or_pattern helper
f40478968c nbd/server: refactor NBDExportMetaContexts
988893b74c nbd/server: fix trace

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-8ho72nk4/src/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
  BUILD   fedora
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-8ho72nk4/src'
  GEN 
/var/tmp/patchew-tester-tmp-8ho72nk4/src/docker-src.2018-06-08-12.41.53.5715/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-8ho72nk4/src/docker-src.2018-06-08-12.41.53.5715/qemu.tar.vroot'...
done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-8ho72nk4/src/docker-src.2018-06-08-12.41.53.5715/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-8ho72nk4/src/docker-src.2018-06-08-12.41.53.5715/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-mingw in qemu:fedora 
Packages installed:
SDL2-devel-2.0.8-5.fc28.x86_64
bc-1.07.1-5.fc28.x86_64
bison-3.0.4-9.fc28.x86_64
bluez-libs-devel-5.49-3.fc28.x86_64
brlapi-devel-0.6.7-12.fc28.x86_64
bzip2-1.0.6-26.fc28.x86_64
bzip2-devel-1.0.6-26.fc28.x86_64
ccache-3.4.2-2.fc28.x86_64
clang-6.0.0-5.fc28.x86_64
device-mapper-multipath-devel-0.7.4-2.git07e7bd5.fc28.x86_64
findutils-4.6.0-19.fc28.x86_64
flex-2.6.1-7.fc28.x86_64
gcc-8.1.1-1.fc28.x86_64
gcc-c++-8.1.1-1.fc28.x86_64
gettext-0.19.8.1-14.fc28.x86_64
git-2.17.1-2.fc28.x86_64
glib2-devel-2.56.1-3.fc28.x86_64
glusterfs-api-devel-4.0.2-1.fc28.x86_64
gnutls-devel-3.6.2-1.fc28.x86_64
gtk3-devel-3.22.30-1.fc28.x86_64
hostname-3.20-3.fc28.x86_64
libaio-devel-0.3.110-11.fc28.x86_64
libasan-8.1.1-1.fc28.x86_64
libattr-devel-2.4.47-23.fc28.x86_64
libcap-devel-2.25-9.fc28.x86_64
libcap-ng-devel-0.7.9-1.fc28.x86_64
libcurl-devel-7.59.0-3.fc28.x86_64
libfdt-devel-1.4.6-4.fc28.x86_64
libpng-devel-1.6.34-3.fc28.x86_64
librbd-devel-12.2.5-1.fc28.x86_64
libssh2-devel-1.8.0-7.fc28.x86_64
libubsan-8.1.1-1.fc28.x86_64
libusbx-devel-1.0.21-6.fc28.x86_64
libxml2-devel-2.9.7-4.fc28.x86_64
llvm-6.0.0-11.fc28.x86_64
lzo-devel-2.08-12.fc28.x86_64
make-4.2.1-6.fc28.x86_64
mingw32-SDL2-2.0.5-3.fc27.noarch
mingw32-bzip2-1.0.6-9.fc27.noarch
mingw32-curl-7.57.0-1.fc28.noarch
mingw32-glib2-2.54.1-1.fc28.noarch
mingw32-gmp-6.1.2-2.fc27.noarch
mingw32-gnutls-3.5.13-2.fc27.noarch
mingw32-gtk3-3.22.16-1.fc27.noarch
mingw32-libjpeg-turbo-1.5.1-3.fc27.noarch
mingw32-libpng-1.6.29-2.fc27.noarch
mingw32-libssh2-1.8.0-3.fc27.noarch
mingw32-libtasn1-4.13-1.fc28.noarch
mingw32-nettle-3.3-3.fc27.noarch
mingw32-pixman-0.34.0-3.fc27.noarch
mingw32-pkg-config-0.28-9.fc27.x86_64
mingw64-SDL2-2.0.5-3.fc27.noarch
mingw64-bzip2-1.0.6-9.fc27.noarch
mingw64-curl-7.57.0-1.fc28.noarch
mingw64-glib2-2.54.1-1.fc28.noarch
mingw64-gmp-6.1.2-2.fc27.noarch
mingw64-gnutls-3.5.13-2.fc27.noarch
mingw64-gtk3-3.22.16-1.fc27.noarch
mingw64-libjpeg-turbo-1.5.1-3.fc27.noarch
mingw64-libpng-1.6.29-2.fc27.noarch
mingw64-libssh2-1.8.0-3.fc27.noarch
mingw64-libtasn1-4.13-1.fc28.noarch
mingw64-nettle-3.3-3.fc27.noarch
mingw64-pixman-0.34.0-3.fc27.noarch
mingw64-pkg-config-0.28-9.fc27.x86_64
ncurses-devel-6.1-5.20180224.fc28.x86_64
nettle-devel-3.4-2.fc28.x86_64
nss-devel-3.36.1-1.1.fc28.x86_64
numactl-devel-2.0.11-8.fc28.x86_64
package PyYAML is not installed
package libjpeg-devel is not installed
perl-5.26.2-411.fc28.x86_64
pixman-devel-0.34.0-8.fc28.x86_64
python3-3.6.5-1.fc28.x86_64
snappy-devel-1.1.7-5.fc28.x86_64
sparse-0.5.2-1.fc28.x86_64
spice-server-devel-0.14.0-4.fc28.x86_64
systemtap-sdt-devel-3.2-11.fc28.x86_64
tar-1.30-3.fc28.x86_64
usbredir-devel-0.7.1-7.fc28.x86_64
virglrenderer-devel-0.6.0-4.20170210git76b3da97b.fc28.x86_64
vte3-devel-0.36.5-6.fc28.x86_64
which-2.21-8.fc28.x86_64
xen-devel-4.10.1-3.fc28.x86_64
zlib-devel-1.2.11-8.fc28.x86_64

Environment 

[Qemu-devel] [PATCH v1 0/3] scsi-block: VPD Block Limits emulation implementation

[Daniel Henrique Barboza]

When using SCSI passthrough and running in Linux, QEMU edits the
reply of the SCSI Inquiry VPD Block Limits message with the value
of the /sys/bus//queue/max_sectors_kb parameter the device
has in the host. Doing so allows the Linux guest to proper setup
the device.

But the Block Limits message is optional, and its absence can cause
the device to be unusable by the guest. An example can be seen
at https://bugzilla.redhat.com/show_bug.cgi?id=1566195.

This series implements an approach to solve it. First patch has more
details on the problem and why the existing workarounds are not enough,
including the first step towards the solution. Patch 2 wraps it up
and solves it. Patch 3 is a sort of 'cleanup' patch to isolate the
logic, avoiding tampering with the communication of SCSI hardware
that does implement the Block Limits message.


Daniel Henrique Barboza (3):
  scsi-block: emulate missing Block Limits response
  scsi-block: add VPD Block Limits in INQUIRY Supported Pages reply
  scsi-block: adding flag at realize to enable Block Limits emulation

 hw/scsi/scsi-disk.c|  51 +++-
 hw/scsi/scsi-generic.c | 157 ++---
 include/hw/scsi/scsi.h |   4 ++
 3 files changed, 201 insertions(+), 11 deletions(-)

-- 
2.14.3

[Qemu-devel] [PATCH v1 3/3] scsi-block: adding flag at realize to enable Block Limits emulation

[Daniel Henrique Barboza]

The previous patches implemented a way to deliver an emulated
Block Limits (BL) response for the guest in case the underlying
hardware does not support this page.

However, the approach used is crude. We're executing the logic for
all SCSI devices, regardless of whether they need it or not. There's
also a possibility that we'll end up masking a legitimate SCSI error
of a device that does implement the BL page (thus not needing any
BL emulation).

This patch refines the solution used in the previous patches by
adding a new SCSIDevice attribute called 'needs_vpl_bl_emulation'.
This flag is set at scsi_block_realize using a new function called
'scsi_block_set_vpd_bl_emulation'. This new function queries the
Inquiry Supported Pages of the device and checks if it supports
the BL message. If it doesn't, the emulation flag is set to 'true'.

This flag is then used at scsi_read_complete to isolate the emulation
logic from the devices that does not require it.

Signed-off-by: Daniel Henrique Barboza 
---
 hw/scsi/scsi-disk.c| 49 +
 hw/scsi/scsi-generic.c | 32 +++-
 include/hw/scsi/scsi.h |  1 +
 3 files changed, 65 insertions(+), 17 deletions(-)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 4461a592e5..cb53d0fdab 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -2599,6 +2599,54 @@ static int get_device_type(SCSIDiskState *s)
 return 0;
 }
 
+static void scsi_block_set_vpd_bl_emulation(SCSIDevice *s)
+{
+uint8_t cmd[6];
+uint8_t buf[250];
+uint8_t sensebuf[8];
+uint8_t page_len;
+sg_io_hdr_t io_header;
+int ret, i;
+
+memset(cmd, 0, sizeof(cmd));
+memset(buf, 0, sizeof(buf));
+cmd[0] = INQUIRY;
+cmd[1] = 1;
+cmd[2] = 0x00;
+cmd[4] = sizeof(buf);
+
+memset(_header, 0, sizeof(io_header));
+io_header.interface_id = 'S';
+io_header.dxfer_direction = SG_DXFER_FROM_DEV;
+io_header.dxfer_len = sizeof(buf);
+io_header.dxferp = buf;
+io_header.cmdp = cmd;
+io_header.cmd_len = sizeof(cmd);
+io_header.mx_sb_len = sizeof(sensebuf);
+io_header.sbp = sensebuf;
+io_header.timeout = 6000; /* XXX */
+
+ret = blk_ioctl(s->conf.blk, SG_IO, _header);
+if (ret < 0 || io_header.driver_status || io_header.host_status) {
+/*
+ * Do not assume anything if we can't retrieve the
+ * INQUIRY response to assert the VPD Block Limits
+ * support.
+ */
+s->needs_vpd_bl_emulation = false;
+return;
+}
+
+page_len = buf[3];
+for (i = 4; i < page_len + 4; i++) {
+if (buf[i] == 0xb0) {
+s->needs_vpd_bl_emulation = false;
+return;
+}
+}
+s->needs_vpd_bl_emulation = true;
+}
+
 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
 {
 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
@@ -2648,6 +2696,7 @@ static void scsi_block_realize(SCSIDevice *dev, Error 
**errp)
 
 scsi_realize(>qdev, errp);
 scsi_generic_read_device_identification(>qdev);
+scsi_block_set_vpd_bl_emulation(dev);
 }
 
 typedef struct SCSIBlockReq {
diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
index 64d3b79518..e08ffaa38c 100644
--- a/hw/scsi/scsi-generic.c
+++ b/hw/scsi/scsi-generic.c
@@ -243,9 +243,8 @@ static void scsi_read_complete(void * opaque, int ret)
 {
 SCSIGenericReq *r = (SCSIGenericReq *)opaque;
 SCSIDevice *s = r->req.dev;
-SCSISense sense;
 uint8_t page, page_len;
-int len, i;
+int len;
 
 assert(r->req.aiocb != NULL);
 r->req.aiocb = NULL;
@@ -328,11 +327,17 @@ static void scsi_read_complete(void * opaque, int ret)
  * the buffer, clean up the io_header to avoid firing up
  * the sense error.
  */
-if (sg_io_sense_from_errno(-ret, >io_header, )) {
+if (s->needs_vpd_bl_emulation) {
+
 r->buflen = scsi_emulate_vpd_bl_page(s, r->buf);
 r->io_header.sb_len_wr = 0;
 
-/* Clean sg_io_sense */
+/*
+ * We have valid contents in the reply buffer but the
+ * io_header will report a sense error coming from
+ * the hardware in scsi_command_complete_noio. Clean it
+ * up the io_header to avoid reporting it.
+ */
 r->io_header.driver_status = 0;
 r->io_header.status = 0;
 
@@ -346,26 +351,19 @@ static void scsi_read_complete(void * opaque, int ret)
 stl_be_p(>buf[12],
  MIN_NON_ZERO(max_transfer, 
ldl_be_p(>buf[12])));
 }
-} else if (page == 0x00) {
+} else if (page == 0x00 && s->needs_vpd_bl_emulation) {
 /*
  * Now we're capable of supplying the VPD Block Limits
-   

[Qemu-devel] [RFC 11/13] dp8393x: manage big endian bus

[Laurent Vivier]

This is needed by Quadra 800, this card can run on little-endian
or big-endian bus.

Signed-off-by: Laurent Vivier 
---
 hw/net/dp8393x.c | 101 ++-
 1 file changed, 70 insertions(+), 31 deletions(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index ef5f1eb94f..5061474e6b 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -150,6 +150,7 @@ typedef struct dp8393xState {
 
 /* Hardware */
 uint8_t it_shift;
+bool big_endian;
 qemu_irq irq;
 #ifdef DEBUG_SONIC
 int irq_level;
@@ -174,6 +175,12 @@ typedef struct dp8393xState {
 AddressSpace as;
 } dp8393xState;
 
+#ifdef HOST_WORDS_BIGENDIAN
+static const bool host_big_endian = true;
+#else
+static const bool host_big_endian = false;
+#endif
+
 /* Accessor functions for values which are formed by
  * concatenating two 16 bit device registers. By putting these
  * in their own functions with a uint32_t return type we avoid the
@@ -220,6 +227,36 @@ static uint32_t dp8393x_wt(dp8393xState *s)
 return s->regs[SONIC_WT1] << 16 | s->regs[SONIC_WT0];
 }
 
+static uint16_t dp8393x_get(dp8393xState *s, int width, uint16_t *base,
+int offset)
+{
+uint16_t val;
+
+if (s->big_endian) {
+val = base[offset * width + width - 1];
+} else {
+val = base[offset * width];
+}
+if (s->big_endian != host_big_endian) {
+val = bswap16(val);
+}
+return val;
+}
+
+static void dp8393x_put(dp8393xState *s, int width, uint16_t *base, int offset,
+uint16_t val)
+{
+if (s->big_endian != host_big_endian) {
+val = bswap16(val);
+}
+
+if (s->big_endian) {
+base[offset * width + width - 1] = val;
+} else {
+base[offset * width] = val;
+}
+}
+
 static void dp8393x_update_irq(dp8393xState *s)
 {
 int level = (s->regs[SONIC_IMR] & s->regs[SONIC_ISR]) ? 1 : 0;
@@ -251,12 +288,12 @@ static void dp8393x_do_load_cam(dp8393xState *s)
 /* Fill current entry */
 address_space_rw(>as, dp8393x_cdp(s),
 MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
-s->cam[index][0] = data[1 * width] & 0xff;
-s->cam[index][1] = data[1 * width] >> 8;
-s->cam[index][2] = data[2 * width] & 0xff;
-s->cam[index][3] = data[2 * width] >> 8;
-s->cam[index][4] = data[3 * width] & 0xff;
-s->cam[index][5] = data[3 * width] >> 8;
+s->cam[index][0] = dp8393x_get(s, width, data, 1) & 0xff;
+s->cam[index][1] = dp8393x_get(s, width, data, 1) >> 8;
+s->cam[index][2] = dp8393x_get(s, width, data, 2) & 0xff;
+s->cam[index][3] = dp8393x_get(s, width, data, 2) >> 8;
+s->cam[index][4] = dp8393x_get(s, width, data, 3) & 0xff;
+s->cam[index][5] = dp8393x_get(s, width, data, 3) >> 8;
 DPRINTF("load cam[%d] with %02x%02x%02x%02x%02x%02x\n", index,
 s->cam[index][0], s->cam[index][1], s->cam[index][2],
 s->cam[index][3], s->cam[index][4], s->cam[index][5]);
@@ -269,7 +306,7 @@ static void dp8393x_do_load_cam(dp8393xState *s)
 /* Read CAM enable */
 address_space_rw(>as, dp8393x_cdp(s),
 MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
-s->regs[SONIC_CE] = data[0 * width];
+s->regs[SONIC_CE] = dp8393x_get(s, width, data, 0);
 DPRINTF("load cam done. cam enable mask 0x%04x\n", s->regs[SONIC_CE]);
 
 /* Done */
@@ -290,10 +327,10 @@ static void dp8393x_do_read_rra(dp8393xState *s)
 MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
 
 /* Update SONIC registers */
-s->regs[SONIC_CRBA0] = data[0 * width];
-s->regs[SONIC_CRBA1] = data[1 * width];
-s->regs[SONIC_RBWC0] = data[2 * width];
-s->regs[SONIC_RBWC1] = data[3 * width];
+s->regs[SONIC_CRBA0] = dp8393x_get(s, width, data, 0);
+s->regs[SONIC_CRBA1] = dp8393x_get(s, width, data, 1);
+s->regs[SONIC_RBWC0] = dp8393x_get(s, width, data, 2);
+s->regs[SONIC_RBWC1] = dp8393x_get(s, width, data, 3);
 DPRINTF("CRBA0/1: 0x%04x/0x%04x, RBWC0/1: 0x%04x/0x%04x\n",
 s->regs[SONIC_CRBA0], s->regs[SONIC_CRBA1],
 s->regs[SONIC_RBWC0], s->regs[SONIC_RBWC1]);
@@ -408,12 +445,12 @@ static void dp8393x_do_transmit_packets(dp8393xState *s)
 tx_len = 0;
 
 /* Update registers */
-s->regs[SONIC_TCR] = data[0 * width] & 0xf000;
-s->regs[SONIC_TPS] = data[1 * width];
-s->regs[SONIC_TFC] = data[2 * width];
-s->regs[SONIC_TSA0] = data[3 * width];
-s->regs[SONIC_TSA1] = data[4 * width];
-s->regs[SONIC_TFS] = data[5 * width];
+s->regs[SONIC_TCR] = dp8393x_get(s, width, data, 0) & 0xf000;
+s->regs[SONIC_TPS] = dp8393x_get(s, width, data, 1);
+s->regs[SONIC_TFC] = dp8393x_get(s, width, data, 2);
+s->regs[SONIC_TSA0] = dp8393x_get(s, width, data, 3);
+s->regs[SONIC_TSA1] = dp8393x_get(s, width, data, 4);
+s->regs[SONIC_TFS] = 

[Qemu-devel] [PATCH v1 2/3] scsi-block: add VPD Block Limits in INQUIRY Supported Pages reply

[Daniel Henrique Barboza]

The previous commit added Block Limits emulation for scsi-block devices
if the underlying hardware does not implement it. But this is not
enough to fix the issue of max_io_sectors mismatch between the
guest and the host - the guest is not aware of the Block
Limits support we're now providing.

This patch changes the INQUIRY Supported Pages reply to add Block
Limits support. If the host device already supports it, nothing changes.
If it doesn't, add it manually in the reply.

With this patch, the guest now queries the Block Limits page during the
device configuration because it is being advertised in the Supported
Pages response. It will either receive the Block Limits page from the
hardware, if it supports it, or will receive an emulated response
from QEMU. At any rate, the guest now has the information to set the
max_sectors_kb parameter accordingly, sparing the user of SCSI sense
errors that would happen without the emulated response and in the absence
of Block Limits support from the hardware.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1566195
Reported-by: Dac Nguyen 
Signed-off-by: Daniel Henrique Barboza 
---
 hw/scsi/scsi-generic.c | 80 --
 1 file changed, 52 insertions(+), 28 deletions(-)

diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
index 579872908c..64d3b79518 100644
--- a/hw/scsi/scsi-generic.c
+++ b/hw/scsi/scsi-generic.c
@@ -244,7 +244,8 @@ static void scsi_read_complete(void * opaque, int ret)
 SCSIGenericReq *r = (SCSIGenericReq *)opaque;
 SCSIDevice *s = r->req.dev;
 SCSISense sense;
-int len;
+uint8_t page, page_len;
+int len, i;
 
 assert(r->req.aiocb != NULL);
 r->req.aiocb = NULL;
@@ -315,33 +316,56 @@ static void scsi_read_complete(void * opaque, int ret)
 s->scsi_version = r->buf[2];
 }
 }
-if (s->type == TYPE_DISK && r->req.cmd.buf[2] == 0xb0) {
-/*
- * Take a look to see if this VPD Block Limits request will
- * result in a sense error in scsi_command_complete_noio.
- * In this case, emulate a valid VPD response.
- *
- * After that, given that now there are valid contents in the
- * buffer, clean up the io_header to avoid firing up the
- * sense error.
- */
-if (sg_io_sense_from_errno(-ret, >io_header, )) {
-r->buflen = scsi_emulate_vpd_bl_page(s, r->buf);
-r->io_header.sb_len_wr = 0;
-
-/* Clean sg_io_sense */
-r->io_header.driver_status = 0;
-r->io_header.status = 0;
-
-}  else {
-uint32_t max_transfer =
-blk_get_max_transfer(s->conf.blk) / s->blocksize;
-
-assert(max_transfer);
-stl_be_p(>buf[8], max_transfer);
-/* Also take care of the opt xfer len. */
-stl_be_p(>buf[12],
- MIN_NON_ZERO(max_transfer, ldl_be_p(>buf[12])));
+if (s->type == TYPE_DISK && (r->req.cmd.buf[1] & 0x01)) {
+page = r->req.cmd.buf[2];
+if (page == 0xb0) {
+/*
+ * Take a look to see if this VPD Block Limits request will
+ * result in a sense error in scsi_command_complete_noio.
+ * In this case, emulate a valid VPD response.
+ *
+ * After that, given that now there are valid contents in
+ * the buffer, clean up the io_header to avoid firing up
+ * the sense error.
+ */
+if (sg_io_sense_from_errno(-ret, >io_header, )) {
+r->buflen = scsi_emulate_vpd_bl_page(s, r->buf);
+r->io_header.sb_len_wr = 0;
+
+/* Clean sg_io_sense */
+r->io_header.driver_status = 0;
+r->io_header.status = 0;
+
+}  else {
+uint32_t max_transfer =
+blk_get_max_transfer(s->conf.blk) / s->blocksize;
+
+assert(max_transfer);
+stl_be_p(>buf[8], max_transfer);
+/* Also take care of the opt xfer len. */
+stl_be_p(>buf[12],
+ MIN_NON_ZERO(max_transfer, 
ldl_be_p(>buf[12])));
+}
+} else if (page == 0x00) {
+/*
+ * Now we're capable of supplying the VPD Block Limits
+ * response if the hardware can't. Inspect if the INQUIRY
+ * response contains support for the VPD Block Limits page.
+ * Add it if it doesn't.
+ *
+ * This way, the guest kernel will be aware of the support
+ * and will use it to proper setup the SCSI device.
+ */
+

[Qemu-devel] [RFC 01/13] hw/m68k: add via support

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
---
 hw/input/adb.c|  99 -
 hw/misc/Makefile.objs |   1 +
 hw/misc/mac_via.c | 940 ++
 include/hw/input/adb.h|   8 +
 include/hw/misc/mac_via.h |  45 +++
 5 files changed, 1092 insertions(+), 1 deletion(-)
 create mode 100644 hw/misc/mac_via.c
 create mode 100644 include/hw/misc/mac_via.h

diff --git a/hw/input/adb.c b/hw/input/adb.c
index 23ae6f0d75..2e5460730c 100644
--- a/hw/input/adb.c
+++ b/hw/input/adb.c
@@ -25,6 +25,17 @@
 #include "hw/input/adb.h"
 #include "adb-internal.h"
 
+#define ADB_POLL_FREQ 50
+
+/* Apple Macintosh Family Hardware Refenece
+ * Table 19-10 ADB transaction states
+ */
+
+#define STATE_NEW   0
+#define STATE_EVEN  1
+#define STATE_ODD   2
+#define STATE_IDLE  3
+
 /* error codes */
 #define ADB_RET_NOTPRESENT (-2)
 
@@ -57,7 +68,6 @@ int adb_request(ADBBusState *s, uint8_t *obuf, const uint8_t 
*buf, int len)
 return ADB_RET_NOTPRESENT;
 }
 
-/* XXX: move that to cuda ? */
 int adb_poll(ADBBusState *s, uint8_t *obuf, uint16_t poll_mask)
 {
 ADBDevice *d;
@@ -84,6 +94,93 @@ int adb_poll(ADBBusState *s, uint8_t *obuf, uint16_t 
poll_mask)
 return olen;
 }
 
+int adb_send(ADBBusState *adb, int state, uint8_t data)
+{
+switch (state) {
+case STATE_NEW:
+adb->data_out[0] = data;
+adb->data_out_index = 1;
+break;
+case STATE_EVEN:
+if ((adb->data_out_index & 1) == 0) {
+return 0;
+}
+adb->data_out[adb->data_out_index++] = data;
+break;
+case STATE_ODD:
+if (adb->data_out_index & 1) {
+return 0;
+}
+adb->data_out[adb->data_out_index++] = data;
+break;
+case STATE_IDLE:
+return 0;
+}
+qemu_irq_raise(adb->data_ready);
+return 1;
+}
+
+int adb_receive(ADBBusState *adb, int state, uint8_t *data)
+{
+switch (state) {
+case STATE_NEW:
+return 0;
+case STATE_EVEN:
+if (adb->data_in_size <= 0) {
+qemu_irq_raise(adb->data_ready);
+return 0;
+}
+if (adb->data_in_index >= adb->data_in_size) {
+*data = 0;
+qemu_irq_raise(adb->data_ready);
+return 1;
+}
+if ((adb->data_in_index & 1) == 0) {
+return 0;
+}
+*data = adb->data_in[adb->data_in_index++];
+break;
+case STATE_ODD:
+if (adb->data_in_size <= 0) {
+qemu_irq_raise(adb->data_ready);
+return 0;
+}
+if (adb->data_in_index >= adb->data_in_size) {
+*data = 0;
+qemu_irq_raise(adb->data_ready);
+return 1;
+}
+if (adb->data_in_index & 1) {
+return 0;
+}
+*data = adb->data_in[adb->data_in_index++];
+break;
+case STATE_IDLE:
+if (adb->data_out_index == 0) {
+return 0;
+}
+adb->data_in_size = adb_request(adb, adb->data_in,
+adb->data_out, adb->data_out_index);
+adb->data_out_index = 0;
+if (adb->data_in_size < 0) {
+*data = 0xff;
+qemu_irq_raise(adb->data_ready);
+return -1;
+}
+if (adb->data_in_size == 0) {
+return 0;
+}
+*data = adb->data_in[0];
+adb->data_in_index = 1;
+break;
+}
+qemu_irq_raise(adb->data_ready);
+if (*data == 0xff || *data == 0) {
+return 0;
+}
+return 1;
+}
+
 static const TypeInfo adb_bus_type_info = {
 .name = TYPE_ADB_BUS,
 .parent = TYPE_BUS,
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 00e834d0f0..2cd8941faa 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -68,5 +68,6 @@ obj-$(CONFIG_PVPANIC) += pvpanic.o
 obj-$(CONFIG_HYPERV_TESTDEV) += hyperv_testdev.o
 obj-$(CONFIG_AUX) += auxbus.o
 obj-$(CONFIG_ASPEED_SOC) += aspeed_scu.o aspeed_sdmc.o
+obj-$(CONFIG_MAC_VIA) += mac_via.o
 obj-y += mmio_interface.o
 obj-$(CONFIG_MSF2) += msf2-sysreg.o
diff --git a/hw/misc/mac_via.c b/hw/misc/mac_via.c
new file mode 100644
index 00..a6a11c5b3d
--- /dev/null
+++ b/hw/misc/mac_via.c
@@ -0,0 +1,940 @@
+/*
+ * QEMU m68k Macintosh VIA device support
+ *
+ * Copyright (c) 2011-2018 Laurent Vivier
+ *
+ * Some parts from hw/cuda.c
+ *
+ * Copyright (c) 2004-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * some parts from linux-2.6.29, arch/m68k/include/asm/mac_via.h
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "hw/misc/mac_via.h"
+#include "hw/input/adb.h"
+#include "sysemu/sysemu.h"
+#include "qemu/cutils.h"
+
+/* debug VIA */
+#undef DEBUG_VIA
+
+#ifdef DEBUG_VIA
+#define VIA_DPRINTF(fmt, ...)   

Re: [Qemu-devel] [PATCH] chardev: Restore CR,LF on stdio

[Thomas Huth]

On 08.06.2018 17:58, Patryk Olszewski wrote:
> W dniu 08.06.2018 o 17:25, Peter Maydell pisze:
>> On 8 June 2018 at 06:47, Thomas Huth  wrote:
>>> On 07.06.2018 23:08, Philippe Mathieu-Daudé wrote:
 Remove the 'stair-step output' on stdio.

 This partially reverts commit 12fb0ac05, which was correct
 on the mailing list but got corrupted by the maintainer :p

 Introduced-by: 3b876140-c035-dd39-75d0-d54c48128...@redhat.com
 Reported-by: BALATON Zoltan 
 Suggested-by: Thomas Huth 
 Tested-by: Laurent Desnogues 
 Signed-off-by: Philippe Mathieu-Daudé 
 ---
 See:
 http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg06202.html (bug)
 http://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg01309.html 
 (report)

 Peter, Can this enters directly as bug-fix?

  chardev/char-stdio.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/chardev/char-stdio.c b/chardev/char-stdio.c
 index d83e60e787..96375f2ab8 100644
 --- a/chardev/char-stdio.c
 +++ b/chardev/char-stdio.c
 @@ -59,7 +59,7 @@ static void qemu_chr_set_echo_stdio(Chardev *chr, bool 
 echo)
  if (!echo) {
  tty.c_iflag &= ~(IGNBRK | BRKINT | PARMRK | ISTRIP
   | INLCR | IGNCR | ICRNL | IXON);
 -tty.c_oflag &= ~OPOST;
 +tty.c_oflag |= OPOST;
  tty.c_lflag &= ~(ECHO | ECHONL | ICANON | IEXTEN);
  tty.c_cflag &= ~(CSIZE | PARENB);
  tty.c_cflag |= CS8;

>>> I think this is the right way to go.
>>>
>>> Reviewed-by: Thomas Huth 
>> Applied to master, thanks.
>>
>> -- PMM
>>
> I actually think it would be better to set c_oflag to (OPOST | ONLCR) to
> avoid any problems in the future. At this point it is assumed that ONLCR
> is set.

stdio output worked fine without explicitly setting ONLCR in the past,
so unless we hit a situation where it is really required, I'd rather
keep it that way now to avoid yet another unexpected regression.

 Thomas

[Qemu-devel] [PATCH v1 1/3] scsi-block: emulate missing Block Limits response

[Daniel Henrique Barboza]

The VPD Block Limits Inquiry page is optional, allowing SCSI devices
to not implement it. This is the case for devices like the MegaRAID
SAS 9361-8i and Microsemi PM8069.

In case of SCSI passthrough, the response of this request is used by
the QEMU SCSI layer to set the max_io_sectors that the guest
device will support, based on the value of the max_sectors_kb that
the device has set in the host at that time. Without this response,
the guest kernel is free to assume any value of max_io_sectors
for the SCSI device. If this value is greater than the value from
the host, SCSI Sense errors will occur because the guest will send
read/write requests that are larger than the underlying host device
is configured to support. An example of this behavior can be seen
in [1].

A workaround is to set the max_sectors_kb host value back in the guest
kernel (a process that can be automated using rc.local startup scripts
and the like), but this has several drawbacks:

- it can be troublesome if the guest has many passthrough devices that
needs this tuning;

- if a change in max_sectors_kb is made in the host side, manual change
in the guests will also be required;

- during an OS install it is difficult, and sometimes not possible, to go
to a terminal and change the max_sectors_kb prior to the installation.
This means that the disk can't be used during the install process. The
easiest alternative here is to roll back to scsi-hd, install the guest
and then go back to SCSI passthrough when the installation is done and
max_sectors_kb can be set.

An easier way would be to QEMU handle the absence of the VPD Block Limits
device response, setting max_io_sectors accordingly and allowing the guest
to use the device without the hassle.

This patch is the first step to tackle this. Inside scsi_read_complete,
snoop into the io_header and see if there is a SENSE error from a VPD
Block Limits request. If that's the case, return an emulated response
based on what we already do in scsi-disk. Clean up the io_header
fields what would trigger a SCSI sense error later on now that
we have a valid response to give.

Note that this patch alone does not fix [1] - the guest is still unaware
of the VPD Block Limits page support if the hardware does not implement
it. This will be taken care of in the next patch. For now, we can see the
emulated Block Limits response by using sg3_utils:

[root@boston-ess054p2 ~]# sg_vpd --page=bl  /dev/sdb --verbose
inquiry cdb: 12 01 b0 00 fc 00
Block limits VPD page (SBC):
   [PQual=0  Peripheral device type: disk]
  Write same no zero (WSNZ): 1
  Maximum compare and write length: 0 blocks
  Optimal transfer length granularity: 0 blocks
  Maximum transfer length: 512 blocks
  Optimal transfer length: 0 blocks
  Maximum prefetch length: 0 blocks
  Maximum unmap LBA count: 2097152
  Maximum unmap block descriptor count: 255
  Optimal unmap granularity: 0
  Unmap granularity alignment valid: 0
  Unmap granularity alignment: 0
  Maximum write same length: 0x200 blocks
[root@boston-ess054p2 ~]#

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1566195

Reported-by: Dac Nguyen 
Signed-off-by: Daniel Henrique Barboza 
---
 hw/scsi/scsi-disk.c|   2 -
 hw/scsi/scsi-generic.c | 133 ++---
 include/hw/scsi/scsi.h |   3 ++
 3 files changed, 128 insertions(+), 10 deletions(-)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index ded23d36ca..4461a592e5 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -50,8 +50,6 @@ do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
 #define SCSI_MAX_MODE_LEN   256
 
 #define DEFAULT_DISCARD_GRANULARITY 4096
-#define DEFAULT_MAX_UNMAP_SIZE  (1 << 30)   /* 1 GB */
-#define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
 
 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
 
diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
index 03bce8ff39..579872908c 100644
--- a/hw/scsi/scsi-generic.c
+++ b/hw/scsi/scsi-generic.c
@@ -76,6 +76,103 @@ static void scsi_free_request(SCSIRequest *req)
 g_free(r->buf);
 }
 
+/*
+ * Takes a buffer and fill it with contents of a SCSI Inquiry VPD
+ * Block Limits response, based on the attributes of the SCSIDevice
+ * and other default values, returning the size written in the
+ * buffer.
+ *
+ * This function is a modified version of 'scsi_disk_emulate_inquiry'
+ * from scsi-disk.c.
+ */
+static int scsi_emulate_vpd_bl_page(SCSIDevice *s, uint8_t *outbuf)
+{
+int buflen = 0;
+int start;
+
+outbuf[buflen++] = TYPE_DISK & 0x1f;
+outbuf[buflen++] = 0xb0;
+outbuf[buflen++] = 0x00;
+outbuf[buflen++] = 0x00;
+start = buflen;
+
+unsigned int unmap_sectors = s->conf.discard_granularity / s->blocksize;
+unsigned int min_io_size = s->conf.min_io_size / s->blocksize;
+unsigned int opt_io_size = s->conf.opt_io_size / s->blocksize;
+unsigned int max_unmap_sectors = DEFAULT_MAX_UNMAP_SIZE / s->blocksize;
+

[Qemu-devel] [RFC 04/13] hw/m68k: add video card

[Laurent Vivier]

From: Laurent Vivier 

Signed-off-by: Laurent Vivier 
---
 arch_init.c |   4 +
 hw/display/Makefile.objs|   1 +
 hw/display/macfb-template.h | 158 +
 hw/display/macfb.c  | 283 
 qemu-options.hx |   2 +-
 vl.c|   3 +-
 6 files changed, 449 insertions(+), 2 deletions(-)
 create mode 100644 hw/display/macfb-template.h
 create mode 100644 hw/display/macfb.c

diff --git a/arch_init.c b/arch_init.c
index f4f3f610c8..5a71b48dc5 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -39,6 +39,10 @@
 int graphic_width = 1024;
 int graphic_height = 768;
 int graphic_depth = 8;
+#elif defined(TARGET_M68K)
+int graphic_width = 800;
+int graphic_height = 600;
+int graphic_depth = 8;
 #else
 int graphic_width = 800;
 int graphic_height = 600;
diff --git a/hw/display/Makefile.objs b/hw/display/Makefile.objs
index b5d97ab26d..925d5b848f 100644
--- a/hw/display/Makefile.objs
+++ b/hw/display/Makefile.objs
@@ -19,6 +19,7 @@ common-obj-$(CONFIG_EXYNOS4) += exynos4210_fimd.o
 common-obj-$(CONFIG_FRAMEBUFFER) += framebuffer.o
 common-obj-$(CONFIG_MILKYMIST) += milkymist-vgafb.o
 common-obj-$(CONFIG_ZAURUS) += tc6393xb.o
+common-obj-$(CONFIG_MACFB) += macfb.o
 
 common-obj-$(CONFIG_MILKYMIST_TMU2) += milkymist-tmu2.o
 milkymist-tmu2.o-cflags := $(X11_CFLAGS)
diff --git a/hw/display/macfb-template.h b/hw/display/macfb-template.h
new file mode 100644
index 00..b6ae5d728f
--- /dev/null
+++ b/hw/display/macfb-template.h
@@ -0,0 +1,158 @@
+#if defined(READ_BITS)
+#define PALETTE(i, r, g, b)\
+do {   \
+r =  s->color_palette[i * 3];  \
+g =  s->color_palette[i * 3 + 1];  \
+b =  s->color_palette[i * 3 + 2];  \
+} while (0)
+
+#if READ_BITS == 1
+#define READ_PIXEL(from, x, r, g, b)   \
+do {   \
+int bit = x & 7;   \
+int idx = (*from >> (7 - bit)) & 1;\
+r = g = b  = ((1 - idx) << 7); \
+from += (bit == 7);\
+} while (0)
+#elif READ_BITS == 2
+#define READ_PIXEL(from, x, r, g, b)   \
+do {   \
+int bit = (x & 3); \
+int idx = (*from >> ((3 - bit) << 1)) & 3; \
+PALETTE(idx, r, g, b); \
+from += (bit == 3);\
+} while (0)
+#elif READ_BITS == 4
+#define READ_PIXEL(from, x, r, g, b)   \
+do {   \
+int bit = x & 1;   \
+int idx = (*from >> ((1 - bit) << 2)) & 15; \
+PALETTE(idx, r, g, b); \
+from += (bit == 1);\
+} while (0)
+#elif READ_BITS == 8
+#define READ_PIXEL(from, x, r, g, b)   \
+do {   \
+PALETTE(*from, r, g, b);   \
+from++;\
+} while (0)
+#elif READ_BITS == 16
+#define READ_PIXEL(from, x, r, g, b)   \
+do {   \
+uint16_t pixel;\
+pixel = (from[0] << 8) | from[1];  \
+r = ((pixel >> 10) & 0x1f) << 3;   \
+g = ((pixel >> 5) & 0x1f) << 3;\
+b = (pixel & 0x1f) << 3;   \
+from += 2; \
+} while (0)
+#elif READ_BITS == 24
+#define READ_PIXEL(from, x, r, g, b)   \
+do {   \
+r = *from++;   \
+g = *from++;   \
+b = *from++;   \
+} while (0)
+#else
+#error unknown bit depth
+#endif
+
+#if WRITE_BITS == 8
+#define WRITE_PIXEL(to, r, g, b)   \
+do {   \
+*to = rgb_to_pixel8(r, g, b);  \
+to += 1;   \
+} while (0)
+#elif WRITE_BITS == 15
+#define WRITE_PIXEL(to, r, g, b)   \
+do {   \
+*(uint16_t *)to = rgb_to_pixel15(r, g, b); \
+to += 2;   \
+} while (0)
+#elif WRITE_BITS == 16
+#define WRITE_PIXEL(to, r, g, b)   \
+do {   \
+*(uint16_t *)to = rgb_to_pixel16(r, g, b); \
+to += 2;   \
+} while (0)
+#elif WRITE_BITS == 24
+#define WRITE_PIXEL(to, r, g, b)   \
+do {   \
+uint32_t tmp = rgb_to_pixel24(r, g, b);   

[Qemu-devel] [RFC 07/13] hw/m68k: add Nubus support

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
---
 hw/Makefile.objs |   1 +
 hw/display/macfb.c   |  67 +++-
 hw/nubus/Makefile.objs   |   4 +
 hw/nubus/mac.c   | 112 +++
 hw/nubus/nubus-bridge.c  |  34 ++
 hw/nubus/nubus-bus.c |  60 +++
 hw/nubus/nubus-device.c  | 275 +++
 include/hw/nubus/mac.h   |  24 +
 include/hw/nubus/nubus.h |  89 +++
 include/qemu/typedefs.h  |   2 +
 10 files changed, 663 insertions(+), 5 deletions(-)
 create mode 100644 hw/nubus/Makefile.objs
 create mode 100644 hw/nubus/mac.c
 create mode 100644 hw/nubus/nubus-bridge.c
 create mode 100644 hw/nubus/nubus-bus.c
 create mode 100644 hw/nubus/nubus-device.c
 create mode 100644 include/hw/nubus/mac.h
 create mode 100644 include/hw/nubus/nubus.h

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index a19c1417ed..8c97b4b97b 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -35,6 +35,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += watchdog/
 devices-dirs-$(CONFIG_SOFTMMU) += xen/
 devices-dirs-$(CONFIG_MEM_HOTPLUG) += mem/
 devices-dirs-$(CONFIG_SOFTMMU) += smbios/
+devices-dirs-$(CONFIG_NUBUS) += nubus/
 devices-dirs-y += core/
 common-obj-y += $(devices-dirs-y)
 obj-y += $(devices-dirs-y)
diff --git a/hw/display/macfb.c b/hw/display/macfb.c
index b2dd300a80..295fd0fc8a 100644
--- a/hw/display/macfb.c
+++ b/hw/display/macfb.c
@@ -14,9 +14,12 @@
 #include "hw/sysbus.h"
 #include "ui/console.h"
 #include "ui/pixel_ops.h"
+#include "hw/nubus/nubus.h"
+
+#define VIDEO_BASE 0x1000
+#define DAFB_BASE  0x0080
 
 struct MacfbState {
-SysBusDevice busdev;
 MemoryRegion mem_vram;
 MemoryRegion mem_ctrl;
 QemuConsole *con;
@@ -219,10 +222,10 @@ static void macfb_init(DeviceState *dev, MacfbState *s)
 
 s->con = graphic_console_init(dev, 0, _ops, s);
 
-memory_region_init_io(>mem_ctrl, NULL, _ctrl_ops, s, "ctrl",
+memory_region_init_io(>mem_ctrl, NULL, _ctrl_ops, s, "macfb-ctrl",
   0x1000);
-memory_region_init_ram_ptr(>mem_vram, NULL, "vram", MACFB_VRAM_SIZE,
-   s->vram);
+memory_region_init_ram_ptr(>mem_vram, NULL, "macfb-vram",
+   MACFB_VRAM_SIZE, s->vram);
 vmstate_register_ram(>mem_vram, dev);
 memory_region_set_coalescing(>mem_vram);
 }
@@ -232,6 +235,11 @@ typedef struct {
 MacfbState macfb;
 } MacfbSysBusState;
 
+typedef struct {
+NubusDevice busdev;
+MacfbState macfb;
+} MacfbNubusState;
+
 static int macfb_sysbus_init(SysBusDevice *dev)
 {
 MacfbState *s =  (dev)->macfb;
@@ -243,12 +251,34 @@ static int macfb_sysbus_init(SysBusDevice *dev)
 return 0;
 }
 
+const uint8_t macfb_rom[] = {
+255, 0, 0, 0,
+};
+
+static int macfb_nubus_init(NubusDevice *dev)
+{
+MacfbState *s = _UPCAST(MacfbNubusState, busdev, dev)->macfb;
+
+macfb_init(DEVICE(dev), s);
+nubus_add_slot_mmio(dev, DAFB_BASE, >mem_ctrl);
+nubus_add_slot_mmio(dev, VIDEO_BASE, >mem_vram);
+nubus_register_rom(dev, macfb_rom, sizeof(macfb_rom), 1, 9, 0xf);
+
+return 0;
+}
+
 static void macfb_sysbus_reset(DeviceState *d)
 {
 MacfbSysBusState *s = MACFB(d);
 macfb_reset(>macfb);
 }
 
+static void macfb_nubus_reset(DeviceState *d)
+{
+MacfbNubusState *s = DO_UPCAST(MacfbNubusState, busdev.qdev, d);
+macfb_reset(>macfb);
+}
+
 static Property macfb_sysbus_properties[] = {
 DEFINE_PROP_UINT32("width", MacfbSysBusState, macfb.width, 640),
 DEFINE_PROP_UINT32("height", MacfbSysBusState, macfb.height, 480),
@@ -256,18 +286,37 @@ static Property macfb_sysbus_properties[] = {
 DEFINE_PROP_END_OF_LIST(),
 };
 
+static Property macfb_nubus_properties[] = {
+DEFINE_PROP_UINT32("width", MacfbNubusState, macfb.width, 640),
+DEFINE_PROP_UINT32("height", MacfbNubusState, macfb.height, 480),
+DEFINE_PROP_UINT8("depth", MacfbNubusState, macfb.depth, 8),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void macfb_sysbus_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
 
 k->init = macfb_sysbus_init;
-dc->desc = "Macintosh framebuffer";
+dc->desc = "SysBus Macintosh framebuffer";
 dc->reset = macfb_sysbus_reset;
 dc->vmsd = _macfb;
 dc->props = macfb_sysbus_properties;
 }
 
+static void macfb_nubus_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+NubusDeviceClass *k = NUBUS_DEVICE_CLASS(klass);
+
+k->init = macfb_nubus_init;
+dc->desc = "Nubus Macintosh framebuffer";
+dc->reset = macfb_nubus_reset;
+dc->vmsd = _macfb;
+dc->props = macfb_nubus_properties;
+}
+
 static TypeInfo macfb_sysbus_info = {
 .name  = TYPE_MACFB,
 .parent= TYPE_SYS_BUS_DEVICE,
@@ -275,9 +324,17 @@ static TypeInfo macfb_sysbus_info = {
 .class_init= macfb_sysbus_class_init,
 };
 
+static TypeInfo 

[Qemu-devel] [RFC 12/13] dp8393x: put DMA temp buffer in the state, not in the stack

[Laurent Vivier]

It's only 32 bytes, and this simplifies the dp8393x_get()/
dp8393x_put() interface.

Signed-off-by: Laurent Vivier 
---
 hw/net/dp8393x.c | 107 ++-
 1 file changed, 51 insertions(+), 56 deletions(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 5061474e6b..40e5f8257b 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -168,6 +168,7 @@ typedef struct dp8393xState {
 
 /* Temporaries */
 uint8_t tx_buffer[0x1];
+uint16_t data[16];
 int loopback_packet;
 
 /* Memory access */
@@ -227,15 +228,14 @@ static uint32_t dp8393x_wt(dp8393xState *s)
 return s->regs[SONIC_WT1] << 16 | s->regs[SONIC_WT0];
 }
 
-static uint16_t dp8393x_get(dp8393xState *s, int width, uint16_t *base,
-int offset)
+static uint16_t dp8393x_get(dp8393xState *s, int width, int offset)
 {
 uint16_t val;
 
 if (s->big_endian) {
-val = base[offset * width + width - 1];
+val = s->data[offset * width + width - 1];
 } else {
-val = base[offset * width];
+val = s->data[offset * width];
 }
 if (s->big_endian != host_big_endian) {
 val = bswap16(val);
@@ -243,7 +243,7 @@ static uint16_t dp8393x_get(dp8393xState *s, int width, 
uint16_t *base,
 return val;
 }
 
-static void dp8393x_put(dp8393xState *s, int width, uint16_t *base, int offset,
+static void dp8393x_put(dp8393xState *s, int width, int offset,
 uint16_t val)
 {
 if (s->big_endian != host_big_endian) {
@@ -251,9 +251,9 @@ static void dp8393x_put(dp8393xState *s, int width, 
uint16_t *base, int offset,
 }
 
 if (s->big_endian) {
-base[offset * width + width - 1] = val;
+s->data[offset * width + width - 1] = val;
 } else {
-base[offset * width] = val;
+s->data[offset * width] = val;
 }
 }
 
@@ -277,7 +277,6 @@ static void dp8393x_update_irq(dp8393xState *s)
 
 static void dp8393x_do_load_cam(dp8393xState *s)
 {
-uint16_t data[8];
 int width, size;
 uint16_t index = 0;
 
@@ -287,13 +286,13 @@ static void dp8393x_do_load_cam(dp8393xState *s)
 while (s->regs[SONIC_CDC] & 0x1f) {
 /* Fill current entry */
 address_space_rw(>as, dp8393x_cdp(s),
-MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
-s->cam[index][0] = dp8393x_get(s, width, data, 1) & 0xff;
-s->cam[index][1] = dp8393x_get(s, width, data, 1) >> 8;
-s->cam[index][2] = dp8393x_get(s, width, data, 2) & 0xff;
-s->cam[index][3] = dp8393x_get(s, width, data, 2) >> 8;
-s->cam[index][4] = dp8393x_get(s, width, data, 3) & 0xff;
-s->cam[index][5] = dp8393x_get(s, width, data, 3) >> 8;
+MEMTXATTRS_UNSPECIFIED, (uint8_t *)s->data, size, 0);
+s->cam[index][0] = dp8393x_get(s, width, 1) & 0xff;
+s->cam[index][1] = dp8393x_get(s, width, 1) >> 8;
+s->cam[index][2] = dp8393x_get(s, width, 2) & 0xff;
+s->cam[index][3] = dp8393x_get(s, width, 2) >> 8;
+s->cam[index][4] = dp8393x_get(s, width, 3) & 0xff;
+s->cam[index][5] = dp8393x_get(s, width, 3) >> 8;
 DPRINTF("load cam[%d] with %02x%02x%02x%02x%02x%02x\n", index,
 s->cam[index][0], s->cam[index][1], s->cam[index][2],
 s->cam[index][3], s->cam[index][4], s->cam[index][5]);
@@ -305,8 +304,8 @@ static void dp8393x_do_load_cam(dp8393xState *s)
 
 /* Read CAM enable */
 address_space_rw(>as, dp8393x_cdp(s),
-MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
-s->regs[SONIC_CE] = dp8393x_get(s, width, data, 0);
+MEMTXATTRS_UNSPECIFIED, (uint8_t *)s->data, size, 0);
+s->regs[SONIC_CE] = dp8393x_get(s, width, 0);
 DPRINTF("load cam done. cam enable mask 0x%04x\n", s->regs[SONIC_CE]);
 
 /* Done */
@@ -317,20 +316,19 @@ static void dp8393x_do_load_cam(dp8393xState *s)
 
 static void dp8393x_do_read_rra(dp8393xState *s)
 {
-uint16_t data[8];
 int width, size;
 
 /* Read memory */
 width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
 size = sizeof(uint16_t) * 4 * width;
 address_space_rw(>as, dp8393x_rrp(s),
-MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
+MEMTXATTRS_UNSPECIFIED, (uint8_t *)s->data, size, 0);
 
 /* Update SONIC registers */
-s->regs[SONIC_CRBA0] = dp8393x_get(s, width, data, 0);
-s->regs[SONIC_CRBA1] = dp8393x_get(s, width, data, 1);
-s->regs[SONIC_RBWC0] = dp8393x_get(s, width, data, 2);
-s->regs[SONIC_RBWC1] = dp8393x_get(s, width, data, 3);
+s->regs[SONIC_CRBA0] = dp8393x_get(s, width, 0);
+s->regs[SONIC_CRBA1] = dp8393x_get(s, width, 1);
+s->regs[SONIC_RBWC0] = dp8393x_get(s, width, 2);
+s->regs[SONIC_RBWC1] = dp8393x_get(s, width, 3);
 DPRINTF("CRBA0/1: 0x%04x/0x%04x, RBWC0/1: 0x%04x/0x%04x\n",
 s->regs[SONIC_CRBA0], s->regs[SONIC_CRBA1],
 s->regs[SONIC_RBWC0], s->regs[SONIC_RBWC1]);
@@ -427,7 +425,6 @@ static void 

[Qemu-devel] [RFC 09/13] hw/m68k: define Macintosh Quadra 800

[Laurent Vivier]

From: Laurent Vivier 

Signed-off-by: Laurent Vivier 
---
 default-configs/m68k-softmmu.mak |  12 ++
 hw/display/macfb.c   |  31 ++--
 hw/m68k/Makefile.objs|   6 +-
 hw/m68k/bootinfo.h   |  99 ++
 hw/m68k/mac.c| 384 +++
 hw/nubus/nubus-device.c  |  13 --
 tests/qom-test.c |   5 +
 tests/test-hmp.c |   3 +-
 8 files changed, 519 insertions(+), 34 deletions(-)
 create mode 100644 hw/m68k/bootinfo.h
 create mode 100644 hw/m68k/mac.c

diff --git a/default-configs/m68k-softmmu.mak b/default-configs/m68k-softmmu.mak
index 60f7cdfbf2..1b568be166 100644
--- a/default-configs/m68k-softmmu.mak
+++ b/default-configs/m68k-softmmu.mak
@@ -2,3 +2,15 @@
 
 CONFIG_COLDFIRE=y
 CONFIG_PTIMER=y
+CONFIG_ESCC=y
+CONFIG_FRAMEBUFFER=y
+CONFIG_ADB=y
+CONFIG_MAC_VIA=y
+CONFIG_MAC=y
+CONFIG_SCSI=y
+CONFIG_ESP=y
+CONFIG_ASC=y
+CONFIG_MACFB=y
+CONFIG_NUBUS=y
+CONFIG_DP8393X=y
+CONFIG_SWIM=y
diff --git a/hw/display/macfb.c b/hw/display/macfb.c
index 295fd0fc8a..a3204ab150 100644
--- a/hw/display/macfb.c
+++ b/hw/display/macfb.c
@@ -240,31 +240,28 @@ typedef struct {
 MacfbState macfb;
 } MacfbNubusState;
 
-static int macfb_sysbus_init(SysBusDevice *dev)
+static void macfb_sysbus_realize(DeviceState *dev, Error **errp)
 {
 MacfbState *s =  (dev)->macfb;
 
-macfb_init(DEVICE(dev), s);
-sysbus_init_mmio(dev, >mem_ctrl);
-sysbus_init_mmio(dev, >mem_vram);
-
-return 0;
+macfb_init(dev, s);
+sysbus_init_mmio(SYS_BUS_DEVICE(s), >mem_ctrl);
+sysbus_init_mmio(SYS_BUS_DEVICE(s), >mem_vram);
 }
 
 const uint8_t macfb_rom[] = {
 255, 0, 0, 0,
 };
 
-static int macfb_nubus_init(NubusDevice *dev)
+static void macfb_nubus_realize(DeviceState *dev, Error **errp)
 {
-MacfbState *s = _UPCAST(MacfbNubusState, busdev, dev)->macfb;
+NubusDevice *nubus = NUBUS_DEVICE(dev);
+MacfbState *s = _UPCAST(MacfbNubusState, busdev, nubus)->macfb;
 
-macfb_init(DEVICE(dev), s);
-nubus_add_slot_mmio(dev, DAFB_BASE, >mem_ctrl);
-nubus_add_slot_mmio(dev, VIDEO_BASE, >mem_vram);
-nubus_register_rom(dev, macfb_rom, sizeof(macfb_rom), 1, 9, 0xf);
-
-return 0;
+macfb_init(dev, s);
+nubus_add_slot_mmio(nubus, DAFB_BASE, >mem_ctrl);
+nubus_add_slot_mmio(nubus, VIDEO_BASE, >mem_vram);
+nubus_register_rom(nubus, macfb_rom, sizeof(macfb_rom), 1, 9, 0xf);
 }
 
 static void macfb_sysbus_reset(DeviceState *d)
@@ -296,9 +293,8 @@ static Property macfb_nubus_properties[] = {
 static void macfb_sysbus_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
 
-k->init = macfb_sysbus_init;
+dc->realize = macfb_sysbus_realize;
 dc->desc = "SysBus Macintosh framebuffer";
 dc->reset = macfb_sysbus_reset;
 dc->vmsd = _macfb;
@@ -308,9 +304,8 @@ static void macfb_sysbus_class_init(ObjectClass *klass, 
void *data)
 static void macfb_nubus_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-NubusDeviceClass *k = NUBUS_DEVICE_CLASS(klass);
 
-k->init = macfb_nubus_init;
+dc->realize = macfb_nubus_realize;
 dc->desc = "Nubus Macintosh framebuffer";
 dc->reset = macfb_nubus_reset;
 dc->vmsd = _macfb;
diff --git a/hw/m68k/Makefile.objs b/hw/m68k/Makefile.objs
index d1f089c08a..ff739617b2 100644
--- a/hw/m68k/Makefile.objs
+++ b/hw/m68k/Makefile.objs
@@ -1,2 +1,4 @@
-obj-y += an5206.o mcf5208.o
-obj-y += mcf5206.o mcf_intc.o
+obj-$(CONFIG_COLDFIRE) += an5206.o mcf5208.o
+obj-$(CONFIG_MAC) += mac.o
+
+obj-$(CONFIG_COLDFIRE) += mcf5206.o mcf_intc.o
diff --git a/hw/m68k/bootinfo.h b/hw/m68k/bootinfo.h
new file mode 100644
index 00..b04153ce1e
--- /dev/null
+++ b/hw/m68k/bootinfo.h
@@ -0,0 +1,99 @@
+struct bi_record {
+uint16_t tag;/* tag ID */
+uint16_t size;   /* size of record */
+uint32_t data[0];/* data */
+};
+
+/* machine independent tags */
+
+#define BI_LAST 0x /* last record */
+#define BI_MACHTYPE 0x0001 /* machine type (u_long) */
+#define BI_CPUTYPE  0x0002 /* cpu type (u_long) */
+#define BI_FPUTYPE  0x0003 /* fpu type (u_long) */
+#define BI_MMUTYPE  0x0004 /* mmu type (u_long) */
+#define BI_MEMCHUNK 0x0005 /* memory chunk address and size */
+   /* (struct mem_info) */
+#define BI_RAMDISK  0x0006 /* ramdisk address and size */
+   /* (struct mem_info) */
+#define BI_COMMAND_LINE 0x0007 /* kernel command line parameters */
+   /* (string) */
+
+/*  Macintosh-specific tags (all u_long) */
+
+#define BI_MAC_MODEL0x8000  /* Mac Gestalt ID (model type) */
+#define BI_MAC_VADDR0x8001  /* Mac video base address */
+#define BI_MAC_VDEPTH   0x8002  /* Mac video depth */
+#define BI_MAC_VROW 0x8003  /* Mac video rowbytes */
+#define 

[Qemu-devel] [RFC 08/13] hw/m68k: add a dummy SWIM floppy controller

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
---
 hw/block/Makefile.objs |   1 +
 hw/block/swim.c| 325 +
 2 files changed, 326 insertions(+)
 create mode 100644 hw/block/swim.c

diff --git a/hw/block/Makefile.objs b/hw/block/Makefile.objs
index 53ce5751ae..068de3f0c9 100644
--- a/hw/block/Makefile.objs
+++ b/hw/block/Makefile.objs
@@ -8,6 +8,7 @@ common-obj-$(CONFIG_XEN) += xen_disk.o
 common-obj-$(CONFIG_ECC) += ecc.o
 common-obj-$(CONFIG_ONENAND) += onenand.o
 common-obj-$(CONFIG_NVME_PCI) += nvme.o
+common-obj-$(CONFIG_SWIM) += swim.o
 
 obj-$(CONFIG_SH4) += tc58128.o
 
diff --git a/hw/block/swim.c b/hw/block/swim.c
new file mode 100644
index 00..33424ca76f
--- /dev/null
+++ b/hw/block/swim.c
@@ -0,0 +1,325 @@
+/*
+ * QEMU Macintosh floppy disk controller emulator (SWIM)
+ *
+ * Copyright (c) 2014-2018 Laurent Vivier 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+
+/* IWM registers */
+
+#define IWM_PH0L0
+#define IWM_PH0H1
+#define IWM_PH1L2
+#define IWM_PH1H3
+#define IWM_PH2L4
+#define IWM_PH2H5
+#define IWM_PH3L6
+#define IWM_PH3H7
+#define IWM_MTROFF  8
+#define IWM_MTRON   9
+#define IWM_INTDRIVE10
+#define IWM_EXTDRIVE11
+#define IWM_Q6L 12
+#define IWM_Q6H 13
+#define IWM_Q7L 14
+#define IWM_Q7H 15
+
+/* SWIM registers */
+
+#define SWIM_WRITE_DATA 0
+#define SWIM_WRITE_MARK 1
+#define SWIM_WRITE_CRC  2
+#define SWIM_WRITE_PARAMETER3
+#define SWIM_WRITE_PHASE4
+#define SWIM_WRITE_SETUP5
+#define SWIM_WRITE_MODE06
+#define SWIM_WRITE_MODE17
+
+#define SWIM_READ_DATA  8
+#define SWIM_READ_MARK  9
+#define SWIM_READ_ERROR 10
+#define SWIM_READ_PARAMETER 11
+#define SWIM_READ_PHASE 12
+#define SWIM_READ_SETUP 13
+#define SWIM_READ_STATUS14
+#define SWIM_READ_HANDSHAKE 15
+
+#define REG_SHIFT   9
+
+#define MAX_FD  2
+
+typedef struct SWIMCtrl SWIMCtrl;
+
+typedef struct FDrive {
+SWIMCtrl *swimctrl;
+BlockBackend *blk;
+} FDrive;
+
+#define SWIM_MODE_IWM  0
+#define SWIM_MODE_SWIM 1
+
+/* bits in phase register */
+
+#define SWIM_SEEK_NEGATIVE   0x074
+#define SWIM_STEP0x071
+#define SWIM_MOTOR_ON0x072
+#define SWIM_MOTOR_OFF   0x076
+#define SWIM_INDEX   0x073
+#define SWIM_EJECT   0x077
+#define SWIM_SETMFM  0x171
+#define SWIM_SETGCR  0x175
+#define SWIM_RELAX   0x033
+#define SWIM_LSTRB   0x008
+#define SWIM_CA_MASK 0x077
+
+/* Select values for swim_select and swim_readbit */
+
+#define SWIM_READ_DATA_0 0x074
+#define SWIM_TWOMEG_DRIVE0x075
+#define SWIM_SINGLE_SIDED0x076
+#define SWIM_DRIVE_PRESENT   0x077
+#define SWIM_DISK_IN 0x170
+#define SWIM_WRITE_PROT  0x171
+#define SWIM_TRACK_ZERO  0x172
+#define SWIM_TACHO   0x173
+#define SWIM_READ_DATA_1 0x174
+#define SWIM_MFM_MODE0x175
+#define SWIM_SEEK_COMPLETE   0x176
+#define SWIM_ONEMEG_MEDIA0x177
+
+/* Bits in handshake register */
+
+#define SWIM_MARK_BYTE   0x01
+#define SWIM_CRC_ZERO0x02
+#define SWIM_RDDATA  0x04
+#define SWIM_SENSE   0x08
+#define SWIM_MOTEN   0x10
+#define SWIM_ERROR   0x20
+#define SWIM_DAT2BYTE0x40
+#define SWIM_DAT1BYTE0x80
+
+/* bits in setup register */
+
+#define SWIM_S_INV_WDATA 0x01
+#define SWIM_S_3_5_SELECT0x02
+#define SWIM_S_GCR   0x04
+#define SWIM_S_FCLK_DIV2 0x08
+#define SWIM_S_ERROR_CORR0x10
+#define SWIM_S_IBM_DRIVE 0x20
+#define SWIM_S_GCR_WRITE 0x40
+#define SWIM_S_TIMEOUT   0x80
+
+/* bits in mode register */
+
+#define SWIM_CLFIFO  0x01
+#define SWIM_ENBL1   0x02
+#define SWIM_ENBL2   0x04
+#define SWIM_ACTION  0x08
+#define SWIM_WRITE_MODE  0x10
+#define SWIM_HEDSEL  0x20
+#define SWIM_MOTON   0x80
+
+struct SWIMCtrl {
+MemoryRegion iomem;
+FDrive drives[MAX_FD];
+int mode;
+/* IWM mode */
+int iwm_switch;
+int regs[8];
+#define IWM_PH0   0
+#define IWM_PH1   1
+#define IWM_PH2   2
+#define IWM_PH3   3
+#define IWM_MTR   4
+#define IWM_DRIVE 5
+#define IWM_Q66
+#define IWM_Q77
+uint8_t iwm_data;
+uint8_t iwm_mode;
+/* SWIM mode */
+uint8_t swim_phase;
+uint8_t swim_mode;
+};
+
+#define TYPE_SYSBUS_SWIM "sysbus-swim"
+#define SYSBUS_SWIM(obj) OBJECT_CHECK(SWIMCtrlSysBus, (obj), TYPE_SYSBUS_SWIM)
+
+typedef struct SWIMCtrlSysBus {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public 

[Qemu-devel] [RFC 13/13] dp8393x: fix receiving buffer exhaustion

[Laurent Vivier]

The card is not able to exit from exhaustion state, because
while the drive consumes the buffers, the RRP is incremented
(when the driver clears the ISR RBE bit), so it stays equal
to RWP, and while RRP == RWP, the card thinks it is always
in exhaustion state. So the driver consumes all the buffers,
but the card cannot receive new ones.

This patch fixes the problem by not incrementing RRP when
the driver clears the ISR RBE bit.

Signed-off-by: Laurent Vivier 
---
 hw/net/dp8393x.c | 31 ---
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 40e5f8257b..fd0f6cf2a0 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -314,7 +314,7 @@ static void dp8393x_do_load_cam(dp8393xState *s)
 dp8393x_update_irq(s);
 }
 
-static void dp8393x_do_read_rra(dp8393xState *s)
+static void dp8393x_do_read_rra(dp8393xState *s, int next)
 {
 int width, size;
 
@@ -333,19 +333,20 @@ static void dp8393x_do_read_rra(dp8393xState *s)
 s->regs[SONIC_CRBA0], s->regs[SONIC_CRBA1],
 s->regs[SONIC_RBWC0], s->regs[SONIC_RBWC1]);
 
-/* Go to next entry */
-s->regs[SONIC_RRP] += size;
+if (next) {
+/* Go to next entry */
+s->regs[SONIC_RRP] += size;
 
-/* Handle wrap */
-if (s->regs[SONIC_RRP] == s->regs[SONIC_REA]) {
-s->regs[SONIC_RRP] = s->regs[SONIC_RSA];
-}
+/* Handle wrap */
+if (s->regs[SONIC_RRP] == s->regs[SONIC_REA]) {
+s->regs[SONIC_RRP] = s->regs[SONIC_RSA];
+}
 
-/* Check resource exhaustion */
-if (s->regs[SONIC_RRP] == s->regs[SONIC_RWP])
-{
-s->regs[SONIC_ISR] |= SONIC_ISR_RBE;
-dp8393x_update_irq(s);
+/* Check resource exhaustion */
+if (s->regs[SONIC_RRP] == s->regs[SONIC_RWP]) {
+s->regs[SONIC_ISR] |= SONIC_ISR_RBE;
+dp8393x_update_irq(s);
+}
 }
 
 /* Done */
@@ -559,7 +560,7 @@ static void dp8393x_do_command(dp8393xState *s, uint16_t 
command)
 if (command & SONIC_CR_RST)
 dp8393x_do_software_reset(s);
 if (command & SONIC_CR_RRRA)
-dp8393x_do_read_rra(s);
+dp8393x_do_read_rra(s, 1);
 if (command & SONIC_CR_LCAM)
 dp8393x_do_load_cam(s);
 }
@@ -650,7 +651,7 @@ static void dp8393x_write(void *opaque, hwaddr addr, 
uint64_t data,
 data &= s->regs[reg];
 s->regs[reg] &= ~data;
 if (data & SONIC_ISR_RBE) {
-dp8393x_do_read_rra(s);
+dp8393x_do_read_rra(s, 0);
 }
 dp8393x_update_irq(s);
 if (dp8393x_can_receive(s->nic->ncs)) {
@@ -852,7 +853,7 @@ static ssize_t dp8393x_receive(NetClientState *nc, const 
uint8_t * buf,
 
 if (s->regs[SONIC_RCR] & SONIC_RCR_LPKT) {
 /* Read next RRA */
-dp8393x_do_read_rra(s);
+dp8393x_do_read_rra(s, 1);
 }
 }
 
-- 
2.14.4

[Qemu-devel] [RFC 05/13] hw/m68k: Apple Sound Chip (ASC) emulation

[Laurent Vivier]

From: Laurent Vivier 

This is broken as the linux driver seems broken too...

Signed-off-by: Laurent Vivier 
---
 hw/audio/Makefile.objs |   1 +
 hw/audio/asc.c | 492 +
 include/hw/audio/asc.h |  21 +++
 3 files changed, 514 insertions(+)
 create mode 100644 hw/audio/asc.c
 create mode 100644 include/hw/audio/asc.h

diff --git a/hw/audio/Makefile.objs b/hw/audio/Makefile.objs
index 63db383709..44d1ada7b0 100644
--- a/hw/audio/Makefile.objs
+++ b/hw/audio/Makefile.objs
@@ -16,3 +16,4 @@ common-obj-$(CONFIG_MARVELL_88W8618) += marvell_88w8618.o
 common-obj-$(CONFIG_MILKYMIST) += milkymist-ac97.o
 
 common-obj-y += soundhw.o
+common-obj-$(CONFIG_ASC) += asc.o
diff --git a/hw/audio/asc.c b/hw/audio/asc.c
new file mode 100644
index 00..3c07d4fa91
--- /dev/null
+++ b/hw/audio/asc.c
@@ -0,0 +1,492 @@
+/*
+ *  QEMU Apple Sound Chip emulation
+ *
+ *  Apple Sound Chip (ASC) 344S0063
+ *  Enhanced Apple Sound Chip (EASC) 343S1063
+ *
+ *  Copyright (c) 2012-2018 Laurent Vivier 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "audio/audio.h"
+#include "hw/audio/asc.h"
+
+/*
+ * Linux doesn't provide information about ASC, see arch/m68k/mac/macboing.c
+ * and arch/m68k/include/asm/mac_asc.h
+ *
+ * best information is coming from MAME:
+ *   http://mamedev.org/source/src/emu/sound/asc.h.html
+ *   http://mamedev.org/source/src/emu/sound/asc.c.html
+ *   Emulation by R. Belmont
+ *
+ * 0x800: VERSION
+ * 0x801: MODE
+ *1=FIFO mode,
+ *2=wavetable mode
+ * 0x802: CONTROL
+ *bit 0=analog or PWM output,
+ *1=stereo/mono,
+ *7=processing time exceeded
+ * 0x803: FIFO MODE
+ *bit 7=clear FIFO,
+ *bit 1="non-ROM companding",
+ *bit 0="ROM companding")
+ * 0x804: FIFO IRQ STATUS
+ *bit 0=ch A 1/2 full,
+ *1=ch A full,
+ *2=ch B 1/2 full,
+ *3=ch B full)
+ * 0x805: WAVETABLE CONTROL
+ *bits 0-3 wavetables 0-3 start
+ * 0x806: VOLUME
+ *bits 2-4 = 3 bit internal ASC volume,
+ *bits 5-7 = volume control sent to Sony sound chip
+ * 0x807: CLOCK RATE
+ *0 = Mac 22257 Hz,
+ *1 = undefined,
+ *2 = 22050 Hz,
+ *3 = 44100 Hz
+ * 0x80a: PLAY REC A
+ * 0x80f: TEST
+ *bits 6-7 = digital test,
+ *bits 4-5 = analog test
+ * 0x810: WAVETABLE 0 PHASE
+ *big-endian 9.15 fixed-point, only 24 bits valid
+ * 0x814: WAVETABLE 0 INCREMENT
+ *big-endian 9.15 fixed-point, only 24 bits valid
+ * 0x818: WAVETABLE 1 PHASE
+ * 0x81C: WAVETABLE 1 INCREMENT
+ * 0x820: WAVETABLE 2 PHASE
+ * 0x824: WAVETABLE 2 INCREMENT
+ * 0x828: WAVETABLE 3 PHASE
+ * 0x82C: WAVETABLE 3 INCREMENT
+ */
+
+#define ASC_LENGTH   0x2000
+#define ASC_BUF_SIZE 0x0800
+
+#define ASC_REG_BASE 0x0800
+enum {
+ASC_VERSION = 0x00,
+ASC_MODE= 0x01,
+ASC_CONTROL = 0x02,
+ASC_FIFOMODE= 0x03,
+ASC_FIFOIRQ = 0x04,
+ASC_WAVECTRL= 0x05,
+ASC_VOLUME  = 0x06,
+ASC_CLOCK   = 0x07,
+ASC_PLAYRECA= 0x0a,
+ASC_TEST= 0x0f,
+ASC_WAVETABLE   = 0x10
+};
+
+struct ASCState {
+SysBusDevice busdev;
+MemoryRegion mem_regs;
+
+QEMUSoundCard card;
+SWVoiceOut *channel;
+
+qemu_irq irq;
+
+uint8_t type;
+int a_wptr, a_rptr, a_cnt;
+int b_wptr, b_rptr, b_cnt;
+
+uint8_t *fifo;
+
+uint8_t regs[48];
+};
+typedef struct ASCState ASCState;
+
+#define TYPE_ASC  "apple-sound-chip"
+#define ASC(obj) OBJECT_CHECK(ASCSysBusState, (obj), TYPE_ASC)
+
+static inline uint32_t get_phase(ASCState *s, int channel)
+{
+return be32_to_cpu(*(uint32_t *)(s->regs + ASC_WAVETABLE + channel * 8));
+}
+
+static inline void set_phase(ASCState *s, int channel, uint32_t phase)
+{
+*(uint32_t *)(s->regs + ASC_WAVETABLE + channel * 8) = cpu_to_be32(phase);
+}
+
+static inline uint32_t get_incr(ASCState *s, int channel)
+{
+return be32_to_cpu(*(uint32_t *)(s->regs + ASC_WAVETABLE + 4 +
+ channel * 8));
+}
+
+static inline uint32_t incr_phase(ASCState *s, int channel)
+{
+uint32_t incr = get_incr(s, channel);
+uint32_t phase = get_phase(s, channel);
+
+set_phase(s, channel, phase + incr);
+
+return get_phase(s, channel);
+}
+
+static void generate_fifo(ASCState *s, int free_b)
+{
+int8_t buf[2048];
+int i;
+int to_copy;
+
+do {
+to_copy = audio_MIN(sizeof(buf), free_b);
+for (i = 0; i < (to_copy >> 1); to_copy++) {
+int8_t left, right;
+
+left = s->fifo[s->a_rptr] ^ 0x80;
+right = s->fifo[s->b_rptr + 

[Qemu-devel] [RFC 02/13] ADB: VIA probes ADB bus when it is idle

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
---
 hw/input/adb-kbd.c |  4 
 hw/input/adb-mouse.c   |  4 
 hw/input/adb.c | 33 +
 hw/misc/mac_via.c  | 27 ++-
 include/hw/input/adb.h |  1 +
 5 files changed, 60 insertions(+), 9 deletions(-)

diff --git a/hw/input/adb-kbd.c b/hw/input/adb-kbd.c
index 50b62712c8..7de92935b8 100644
--- a/hw/input/adb-kbd.c
+++ b/hw/input/adb-kbd.c
@@ -195,6 +195,10 @@ static int adb_kbd_poll(ADBDevice *d, uint8_t *obuf)
 int keycode;
 int olen;
 
+if (obuf == NULL) {
+return s->count;
+}
+
 olen = 0;
 if (s->count == 0) {
 return 0;
diff --git a/hw/input/adb-mouse.c b/hw/input/adb-mouse.c
index 3ba6027d33..a3f0b74dd1 100644
--- a/hw/input/adb-mouse.c
+++ b/hw/input/adb-mouse.c
@@ -73,6 +73,10 @@ static int adb_mouse_poll(ADBDevice *d, uint8_t *obuf)
 return 0;
 }
 
+if (obuf == NULL) {
+return 2;
+}
+
 dx = s->dx;
 if (dx < -63) {
 dx = -63;
diff --git a/hw/input/adb.c b/hw/input/adb.c
index 2e5460730c..756122ac09 100644
--- a/hw/input/adb.c
+++ b/hw/input/adb.c
@@ -94,28 +94,47 @@ int adb_poll(ADBBusState *s, uint8_t *obuf, uint16_t 
poll_mask)
 return olen;
 }
 
+int adb_via_poll(ADBBusState *adb, int state, uint8_t *data)
+{
+if (state != STATE_IDLE) {
+return 0;
+}
+if (adb->data_in_size < adb->data_in_index) {
+return 0;
+}
+if (adb->data_out_index != 0) {
+return 0;
+}
+adb->data_in_index = 0;
+adb->data_out_index = 0;
+adb->data_in_size = adb_poll(adb, adb->data_in, 0x);
+if (adb->data_in_size) {
+*data = adb->data_in[adb->data_in_index++];
+qemu_irq_raise(adb->data_ready);
+}
+return adb->data_in_size;
+}
+
 int adb_send(ADBBusState *adb, int state, uint8_t data)
 {
 switch (state) {
 case STATE_NEW:
-adb->data_out[0] = data;
-adb->data_out_index = 1;
+adb->data_out_index = 0;
 break;
 case STATE_EVEN:
 if ((adb->data_out_index & 1) == 0) {
 return 0;
 }
-adb->data_out[adb->data_out_index++] = data;
 break;
 case STATE_ODD:
 if (adb->data_out_index & 1) {
 return 0;
 }
-adb->data_out[adb->data_out_index++] = data;
 break;
 case STATE_IDLE:
 return 0;
 }
+adb->data_out[adb->data_out_index++] = data;
 qemu_irq_raise(adb->data_ready);
 return 1;
 }
@@ -138,7 +157,6 @@ int adb_receive(ADBBusState *adb, int state, uint8_t *data)
 if ((adb->data_in_index & 1) == 0) {
 return 0;
 }
-*data = adb->data_in[adb->data_in_index++];
 break;
 case STATE_ODD:
 if (adb->data_in_size <= 0) {
@@ -153,7 +171,6 @@ int adb_receive(ADBBusState *adb, int state, uint8_t *data)
 if (adb->data_in_index & 1) {
 return 0;
 }
-*data = adb->data_in[adb->data_in_index++];
 break;
 case STATE_IDLE:
 if (adb->data_out_index == 0) {
@@ -162,6 +179,7 @@ int adb_receive(ADBBusState *adb, int state, uint8_t *data)
 adb->data_in_size = adb_request(adb, adb->data_in,
 adb->data_out, adb->data_out_index);
 adb->data_out_index = 0;
+adb->data_in_index = 0;
 if (adb->data_in_size < 0) {
 *data = 0xff;
 qemu_irq_raise(adb->data_ready);
@@ -170,10 +188,9 @@ int adb_receive(ADBBusState *adb, int state, uint8_t *data)
 if (adb->data_in_size == 0) {
 return 0;
 }
-*data = adb->data_in[0];
-adb->data_in_index = 1;
 break;
 }
+*data = adb->data_in[adb->data_in_index++];
 qemu_irq_raise(adb->data_ready);
 if (*data == 0xff || *data == 0) {
 return 0;
diff --git a/hw/misc/mac_via.c b/hw/misc/mac_via.c
index a6a11c5b3d..055091535f 100644
--- a/hw/misc/mac_via.c
+++ b/hw/misc/mac_via.c
@@ -247,6 +247,8 @@
 #define VIA1B_vADB_StateMask(VIA1B_vADBS1 | VIA1B_vADBS2)
 #define VIA1B_vADB_StateShift   4
 
+#define VIA_ADB_POLL_FREQ 50 /* XXX: not real */
+
 typedef struct VIATimer {
 int index;
 uint16_t counter; /* Timer counter */
@@ -305,6 +307,7 @@ typedef struct MacVIAState {
 /* ADB */
 
 ADBBusState adb_bus;
+QEMUTimer *adb_poll_timer;
 
 /* external timers */
 
@@ -596,7 +599,7 @@ static void via1_adb_update(MacVIAState *m)
 } else {
 /* input mode */
 ret = adb_receive(>adb_bus, state, >sr);
-if (ret > 0) {
+if (ret > 0 && s->sr != 0xff) {
 s->b &= ~VIA1B_vADBInt;
 } else {
 s->b |= VIA1B_vADBInt;
@@ -604,6 +607,23 @@ static void via1_adb_update(MacVIAState *m)
 }
 }
 
+static void via_adb_poll(void *opaque)
+{
+MacVIAState *m = opaque;
+VIAState *s = >via[0];
+int state;
+
+if (s->b & VIA1B_vADBInt) {
+state = (s->b 

[Qemu-devel] [RFC 06/13] ESP: add pseudo-DMA as used by Macintosh

[Laurent Vivier]

From: Laurent Vivier 

Signed-off-by: Laurent Vivier 
---
 hw/mips/mips_jazz.c   |   2 +-
 hw/scsi/esp.c | 330 +-
 include/hw/scsi/esp.h |  15 ++-
 3 files changed, 313 insertions(+), 34 deletions(-)

diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index 90cb306f53..87118f2d03 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -282,7 +282,7 @@ static void mips_jazz_init(MachineState *machine,
 
 /* SCSI adapter */
 esp = esp_init(0x80002000, 0, rc4030_dma_read, rc4030_dma_write, dmas[0],
-   qdev_get_gpio_in(rc4030, 5), _reset, _enable);
+   qdev_get_gpio_in(rc4030, 5), NULL, _reset, _enable);
 scsi_bus_legacy_handle_cmdline(>bus);
 
 /* Floppy */
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 9ed9727744..4d7fa71309 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -37,6 +37,8 @@
  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
  */
 
+/* on Macintosh Quadra it is a NCR53C96 */
+
 static void esp_raise_irq(ESPState *s)
 {
 if (!(s->rregs[ESP_RSTAT] & STAT_INT)) {
@@ -55,6 +57,16 @@ static void esp_lower_irq(ESPState *s)
 }
 }
 
+static void esp_raise_drq(ESPState *s)
+{
+qemu_irq_raise(s->irq_data);
+}
+
+static void esp_lower_drq(ESPState *s)
+{
+qemu_irq_lower(s->irq_data);
+}
+
 void esp_dma_enable(ESPState *s, int irq, int level)
 {
 if (level) {
@@ -81,29 +93,11 @@ void esp_request_cancelled(SCSIRequest *req)
 }
 }
 
-static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
+static int get_cmd_cb(ESPState *s)
 {
-uint32_t dmalen;
 int target;
 
 target = s->wregs[ESP_WBUSID] & BUSID_DID;
-if (s->dma) {
-dmalen = s->rregs[ESP_TCLO];
-dmalen |= s->rregs[ESP_TCMID] << 8;
-dmalen |= s->rregs[ESP_TCHI] << 16;
-if (dmalen > buflen) {
-return 0;
-}
-s->dma_memory_read(s->dma_opaque, buf, dmalen);
-} else {
-dmalen = s->ti_size;
-if (dmalen > TI_BUFSZ) {
-return 0;
-}
-memcpy(buf, s->ti_buf, dmalen);
-buf[0] = buf[2] >> 5;
-}
-trace_esp_get_cmd(dmalen, target);
 
 s->ti_size = 0;
 s->ti_rptr = 0;
@@ -122,8 +116,48 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t 
buflen)
 s->rregs[ESP_RINTR] = INTR_DC;
 s->rregs[ESP_RSEQ] = SEQ_0;
 esp_raise_irq(s);
+return -1;
+}
+return 0;
+}
+
+static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
+{
+int target;
+uint32_t dmalen;
+
+target = s->wregs[ESP_WBUSID] & BUSID_DID;
+if (s->dma) {
+dmalen = s->rregs[ESP_TCLO];
+dmalen |= s->rregs[ESP_TCMID] << 8;
+dmalen |= s->rregs[ESP_TCHI] << 16;
+if (dmalen > buflen) {
+return 0;
+}
+if (s->dma_memory_read) {
+s->dma_memory_read(s->dma_opaque, buf, dmalen);
+} else {
+memcpy(s->pdma_buf, buf, dmalen);
+s->pdma_len = dmalen;
+s->pdma_start = s->pdma_buf;
+s->pdma_cur = s->pdma_buf;
+esp_raise_drq(s);
+return 0;
+}
+} else {
+dmalen = s->ti_size;
+if (dmalen > TI_BUFSZ) {
+return 0;
+}
+memcpy(buf, s->ti_buf, dmalen);
+buf[0] = buf[2] >> 5;
+}
+trace_esp_get_cmd(dmalen, target);
+
+if (get_cmd_cb(s) < 0) {
 return 0;
 }
+
 return dmalen;
 }
 
@@ -162,6 +196,15 @@ static void do_cmd(ESPState *s, uint8_t *buf)
 do_busid_cmd(s, [1], busid);
 }
 
+static void satn_pdma_cb(ESPState *s)
+{
+if (get_cmd_cb(s) < 0) {
+return;
+}
+if (s->pdma_cur != s->pdma_start)
+do_cmd(s, s->pdma_start);
+}
+
 static void handle_satn(ESPState *s)
 {
 uint8_t buf[32];
@@ -171,11 +214,21 @@ static void handle_satn(ESPState *s)
 s->dma_cb = handle_satn;
 return;
 }
+s->pdma_cb = satn_pdma_cb;
 len = get_cmd(s, buf, sizeof(buf));
 if (len)
 do_cmd(s, buf);
 }
 
+static void s_without_satn_pdma_cb(ESPState *s)
+{
+if (get_cmd_cb(s) < 0) {
+return;
+}
+if (s->pdma_cur != s->pdma_start)
+do_busid_cmd(s, s->pdma_start, 0);
+}
+
 static void handle_s_without_atn(ESPState *s)
 {
 uint8_t buf[32];
@@ -185,18 +238,36 @@ static void handle_s_without_atn(ESPState *s)
 s->dma_cb = handle_s_without_atn;
 return;
 }
+s->pdma_cb = s_without_satn_pdma_cb;
 len = get_cmd(s, buf, sizeof(buf));
 if (len) {
 do_busid_cmd(s, buf, 0);
 }
 }
 
+static void satn_stop_pdma_cb(ESPState *s)
+{
+if (get_cmd_cb(s) < 0) {
+return;
+}
+s->cmdlen = s->pdma_cur - s->pdma_start;
+if (s->cmdlen) {
+trace_esp_handle_satn_stop(s->cmdlen);
+s->do_cmd = 1;
+s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD;
+s->rregs[ESP_RINTR] = INTR_BS | 

[Qemu-devel] [RFC 10/13] dp8393x: fix dp8393x_receive

[Laurent Vivier]

address_space_rw() access size must be multiplied by width.
dp8393x_receive() must return the number of bytes read, not the length
of the last memory access.

Signed-off-by: Laurent Vivier 
---
 hw/net/dp8393x.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index f2d2ce344c..ef5f1eb94f 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -808,9 +808,11 @@ static ssize_t dp8393x_receive(NetClientState *nc, const 
uint8_t * buf,
 /* EOL detected */
 s->regs[SONIC_ISR] |= SONIC_ISR_RDE;
 } else {
+size = sizeof(uint16_t) * width;
 data[0 * width] = 0; /* in_use */
-address_space_rw(>as, dp8393x_crda(s) + sizeof(uint16_t) * 6 * 
width,
-MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, sizeof(uint16_t), 1);
+address_space_rw(>as,
+dp8393x_crda(s) + sizeof(uint16_t) * 6 * width,
+MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 1);
 s->regs[SONIC_CRDA] = s->regs[SONIC_LLFA];
 s->regs[SONIC_ISR] |= SONIC_ISR_PKTRX;
 s->regs[SONIC_RSC] = (s->regs[SONIC_RSC] & 0xff00) | 
(((s->regs[SONIC_RSC] & 0x00ff) + 1) & 0x00ff);
@@ -824,7 +826,7 @@ static ssize_t dp8393x_receive(NetClientState *nc, const 
uint8_t * buf,
 /* Done */
 dp8393x_update_irq(s);
 
-return size;
+return rx_len;
 }
 
 static void dp8393x_reset(DeviceState *dev)
-- 
2.14.4

[Qemu-devel] [RFC 00/13] hw/m68k: add Apple Machintosh Quadra 800 machine

[Laurent Vivier]

I'm rebasing some of these patches for seven years now,
too many years...

It's an RFC because things have changed in QEMU in seven years,
for instance the VIA has a new implementation (mos6522) introduced
by Mark Cave-Ayland and I didn't rework my implementation to
fit into this new one (any volunteers?), display has some glitches,
ADB devices are not identified correctly.

if you want to test the machine, I'm sorry, it doesn't boot
a MacROM, but you can boot a linux kernel from the command line.

You can install your own disk using debian-installer, with:

...
-M q800 \
-serial none -serial mon:stdio \
-m 1000M -drive file=m68k.qcow2,format=qcow2 \
-net nic,model=dp83932,addr=09:00:07:12:34:57 \
-append "console=ttyS0 vga=off" \
-kernel vmlinux-4.15.0-2-m68k \
-initrd initrd.gz \
-drive file=debian-9.0-m68k-NETINST-1.iso \
-drive file=m68k.qcow2,format=qcow2 \
-nographic

If you use a graphic adapter instead of "-nographic", you can use "-g" to set 
the
size of the display (I use "-g 1600x800x24").

You can get the ISO from:

https://cdimage.debian.org/mirror/cdimage/ports/9.0/m68k/iso-cd/debian-9.0-m68k-NETINST-1.iso

and extract the kernel and initrd.gz:

guestfish --add debian-9.0-m68k-NETINST-1.iso --ro \
  --mount /dev/sda:/ <<_EOF_
copy-out /install/cdrom/initrd.gz .
copy-out /install/kernels/vmlinux-4.15.0-2-m68k .
_EOF_

The mirror to use is: http://ftp.ports.debian.org/debian-ports/
when it fails, continue without boot loader.

In the same way, you can extract the kernel and the initramfs from the qcow2
image to use it with "-kernel" and "-initrd":

guestfish --add m68k.qcow2 --mount /dev/sda2:/ <<_EOF_
copy-out /boot/vmlinux-4.15.0-2-m68k .
copy-out /boot/initrd.img-4.15.0-2-m68k .
_EOF_

and boot with:

   ...
   -append "root=/dev/sda2 rw console=ttyS0 console=tty \
   -kernel vmlinux-4.15.0-2-m68k \
   -initrd initrd.img-4.15.0-2-m68k

Laurent Vivier (13):
  hw/m68k: add via support
  ADB: VIA probes ADB bus when it is idle
  escc: introduce a selector for the register bit
  hw/m68k: add video card
  hw/m68k: Apple Sound Chip (ASC) emulation
  ESP: add pseudo-DMA as used by Macintosh
  hw/m68k: add Nubus support
  hw/m68k: add a dummy SWIM floppy controller
  hw/m68k: define Macintosh Quadra 800
  dp8393x: fix dp8393x_receive
  dp8393x: manage big endian bus
  dp8393x: put DMA temp buffer in the state, not in the stack
  dp8393x: fix receiving buffer exhaustion

 arch_init.c  |   4 +
 default-configs/m68k-softmmu.mak |  12 +
 hw/Makefile.objs |   1 +
 hw/audio/Makefile.objs   |   1 +
 hw/audio/asc.c   | 492 
 hw/block/Makefile.objs   |   1 +
 hw/block/swim.c  | 325 +
 hw/char/escc.c   |  30 +-
 hw/display/Makefile.objs |   1 +
 hw/display/macfb-template.h  | 158 +++
 hw/display/macfb.c   | 335 ++
 hw/input/adb-kbd.c   |   4 +
 hw/input/adb-mouse.c |   4 +
 hw/input/adb.c   | 116 -
 hw/m68k/Makefile.objs|   6 +-
 hw/m68k/bootinfo.h   |  99 
 hw/m68k/mac.c| 384 
 hw/mips/mips_jazz.c  |   2 +-
 hw/misc/Makefile.objs|   1 +
 hw/misc/mac_via.c| 965 +++
 hw/net/dp8393x.c | 169 ---
 hw/nubus/Makefile.objs   |   4 +
 hw/nubus/mac.c   | 112 +
 hw/nubus/nubus-bridge.c  |  34 ++
 hw/nubus/nubus-bus.c |  60 +++
 hw/nubus/nubus-device.c  | 262 +++
 hw/scsi/esp.c| 330 +++--
 include/hw/audio/asc.h   |  21 +
 include/hw/char/escc.h   |   1 +
 include/hw/input/adb.h   |   9 +
 include/hw/misc/mac_via.h|  45 ++
 include/hw/nubus/mac.h   |  24 +
 include/hw/nubus/nubus.h |  89 
 include/hw/scsi/esp.h|  15 +-
 include/qemu/typedefs.h  |   2 +
 qemu-options.hx  |   2 +-
 tests/qom-test.c |   5 +
 tests/test-hmp.c |   3 +-
 vl.c |   3 +-
 39 files changed, 4019 insertions(+), 112 deletions(-)
 create mode 100644 hw/audio/asc.c
 create mode 100644 hw/block/swim.c
 create mode 100644 hw/display/macfb-template.h
 create mode 100644 hw/display/macfb.c
 create mode 100644 hw/m68k/bootinfo.h
 create mode 100644 hw/m68k/mac.c
 create mode 100644 hw/misc/mac_via.c
 create mode 100644 hw/nubus/Makefile.objs
 create mode 100644 hw/nubus/mac.c
 create mode 100644 hw/nubus/nubus-bridge.c
 create mode 100644 hw/nubus/nubus-bus.c
 create mode 100644 hw/nubus/nubus-device.c
 create mode 100644 include/hw/audio/asc.h
 create mode 100644 include/hw/misc/mac_via.h
 create mode 100644 include/hw/nubus/mac.h
 create mode 100644 include/hw/nubus/nubus.h

-- 
2.14.4

[Qemu-devel] [RFC 03/13] escc: introduce a selector for the register bit

[Laurent Vivier]

From: Laurent Vivier 

On Sparc and PowerMac, the bit 0 of the address
selects the register type (control or data) and
bit 1 selects the channel (B or A).

On m68k Macintosh, the bit 0 selects the channel and
bit 1 the register type.

This patch introduces a new parameter (bit_swap) to
the device interface to indicate bits usage must
be swapped between registers and channels.

For the moment all the machines use the bit 0,
but this change will be needed to emulate Quadra 800.

Signed-off-by: Laurent Vivier 
---
 hw/char/escc.c | 30 --
 include/hw/char/escc.h |  1 +
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/hw/char/escc.c b/hw/char/escc.c
index 628f5f81f7..cec75b06f9 100644
--- a/hw/char/escc.c
+++ b/hw/char/escc.c
@@ -42,14 +42,21 @@
  * mouse and keyboard ports don't implement all functions and they are
  * only asynchronous. There is no DMA.
  *
- * Z85C30 is also used on PowerMacs. There are some small differences
- * between Sparc version (sunzilog) and PowerMac (pmac):
+ * Z85C30 is also used on PowerMacs and m68k Macs.
+ *
+ * There are some small differences between Sparc version (sunzilog)
+ * and PowerMac (pmac):
  *  Offset between control and data registers
  *  There is some kind of lockup bug, but we can ignore it
  *  CTS is inverted
  *  DMA on pmac using DBDMA chip
  *  pmac can do IRDA and faster rates, sunzilog can only do 38400
  *  pmac baud rate generator clock is 3.6864 MHz, sunzilog 4.9152 MHz
+ *
+ * Linux driver for m68k Macs is the same as for PowerMac (pmac_zilog),
+ * but registers are grouped by type and not by channel:
+ * channel is selected by bit 0 of the address (instead of bit 1)
+ * and register is selected by bit 1 of the address (instead of bit 0).
  */
 
 /*
@@ -169,6 +176,16 @@ static void handle_kbd_command(ESCCChannelState *s, int 
val);
 static int serial_can_receive(void *opaque);
 static void serial_receive_byte(ESCCChannelState *s, int ch);
 
+static int reg_shift(ESCCState *s)
+{
+return s->bit_swap ? s->it_shift + 1 : s->it_shift;
+}
+
+static int chn_shift(ESCCState *s)
+{
+return s->bit_swap ? s->it_shift : s->it_shift + 1;
+}
+
 static void clear_queue(void *opaque)
 {
 ESCCChannelState *s = opaque;
@@ -433,8 +450,8 @@ static void escc_mem_write(void *opaque, hwaddr addr,
 int newreg, channel;
 
 val &= 0xff;
-saddr = (addr >> serial->it_shift) & 1;
-channel = (addr >> (serial->it_shift + 1)) & 1;
+saddr = (addr >> reg_shift(serial)) & 1;
+channel = (addr >> chn_shift(serial)) & 1;
 s = >chn[channel];
 switch (saddr) {
 case SERIAL_CTRL:
@@ -537,8 +554,8 @@ static uint64_t escc_mem_read(void *opaque, hwaddr addr,
 uint32_t ret;
 int channel;
 
-saddr = (addr >> serial->it_shift) & 1;
-channel = (addr >> (serial->it_shift + 1)) & 1;
+saddr = (addr >> reg_shift(serial)) & 1;
+channel = (addr >> chn_shift(serial)) & 1;
 s = >chn[channel];
 switch (saddr) {
 case SERIAL_CTRL:
@@ -822,6 +839,7 @@ static void escc_realize(DeviceState *dev, Error **errp)
 static Property escc_properties[] = {
 DEFINE_PROP_UINT32("frequency", ESCCState, frequency,   0),
 DEFINE_PROP_UINT32("it_shift",  ESCCState, it_shift,0),
+DEFINE_PROP_BOOL("bit_swap",ESCCState, bit_swap,false),
 DEFINE_PROP_UINT32("disabled",  ESCCState, disabled,0),
 DEFINE_PROP_UINT32("chnBtype",  ESCCState, chn[0].type, 0),
 DEFINE_PROP_UINT32("chnAtype",  ESCCState, chn[1].type, 0),
diff --git a/include/hw/char/escc.h b/include/hw/char/escc.h
index 42aca83611..8762f61c14 100644
--- a/include/hw/char/escc.h
+++ b/include/hw/char/escc.h
@@ -50,6 +50,7 @@ typedef struct ESCCState {
 
 struct ESCCChannelState chn[2];
 uint32_t it_shift;
+bool bit_swap;
 MemoryRegion mmio;
 uint32_t disabled;
 uint32_t frequency;
-- 
2.14.4

[Qemu-devel] [PATCH] ui/cocoa.m: fix absolute mode

[John Arbuckle]

Fix the cocoa front-end to correctly be able to use absolute mode.

Signed-off-by: John Arbuckle 
---
 ui/cocoa.m | 32 
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/ui/cocoa.m b/ui/cocoa.m
index 2991ed4f19..dda99ad638 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -350,9 +350,20 @@ - (BOOL) isOpaque
 return YES;
 }
 
-- (BOOL) screenContainsPoint:(NSPoint) p
+/* Returns YES if the host mouse cursor is in the QEMU window, NO otherwise */
+- (BOOL) mouseInWindow
 {
-return (p.x > -1 && p.x < screen.width && p.y > -1 && p.y < screen.height);
+NSPoint p = [NSEvent mouseLocation];
+BOOL return_value = NO;
+float x, y, width, height;
+x = [normalWindow frame].origin.x;
+y = [normalWindow frame].origin.y;
+width = [[normalWindow contentView] frame].size.width;
+height = [[normalWindow contentView] frame].size.height;
+if (p.x >= x && p.y >= y && p.x <= (x + width) && p.y <= (y + height)) {
+return_value = YES;
+}
+return return_value;
 }
 
 - (void) hideCursor
@@ -637,7 +648,6 @@ - (void) handleEvent:(NSEvent *)event
 int buttons = 0;
 int keycode = 0;
 bool mouse_event = false;
-NSPoint p = [event locationInWindow];
 
 switch ([event type]) {
 case NSEventTypeFlagsChanged:
@@ -738,17 +748,22 @@ - (void) handleEvent:(NSEvent *)event
 break;
 case NSEventTypeMouseMoved:
 if (isAbsoluteEnabled) {
-if (![self screenContainsPoint:p] || ![[self window] 
isKeyWindow]) {
+if ([self mouseInWindow]) {
+mouse_event = true;
+}
+
+if (![self mouseInWindow] || ![[self window] isKeyWindow]) {
 if (isMouseGrabbed) {
 [self ungrabMouse];
 }
 } else {
-if (!isMouseGrabbed) {
+if (!isMouseGrabbed && [self mouseInWindow]) {
 [self grabMouse];
 }
 }
+} else {
+mouse_event = true;
 }
-mouse_event = true;
 break;
 case NSEventTypeLeftMouseDown:
 if ([event modifierFlags] & NSEventModifierFlagCommand) {
@@ -784,7 +799,7 @@ - (void) handleEvent:(NSEvent *)event
 break;
 case NSEventTypeLeftMouseUp:
 mouse_event = true;
-if (!isMouseGrabbed && [self screenContainsPoint:p]) {
+if (!isMouseGrabbed && [self mouseInWindow]) {
 if([[self window] isKeyWindow]) {
 [self grabMouse];
 }
@@ -844,7 +859,8 @@ - (void) handleEvent:(NSEvent *)event
  * The check on screenContainsPoint is to avoid sending out of 
range values for
  * clicks in the titlebar.
  */
-if ([self screenContainsPoint:p]) {
+if ([self mouseInWindow]) {
+NSPoint p = [event locationInWindow];
 qemu_input_queue_abs(dcl->con, INPUT_AXIS_X, p.x, 0, 
screen.width);
 qemu_input_queue_abs(dcl->con, INPUT_AXIS_Y, screen.height 
- p.y, 0, screen.height);
 }
-- 
2.14.3 (Apple Git-98)

Re: [Qemu-devel] [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC CPU

[Moger, Babu]

> -Original Message-
> From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> Sent: Friday, June 8, 2018 2:50 PM
> To: Moger, Babu 
> Cc: ge...@hostfission.com; k...@vger.kernel.org; m...@redhat.com;
> k...@tripleback.net; mtosa...@redhat.com; xiaoguangr...@tencent.com;
> qemu-devel@nongnu.org; Juan Quintela ;
> pbonz...@redhat.com; r...@twiddle.net
> Subject: Re: [Qemu-devel] [PATCH v12 3/4] i386: Enable TOPOEXT feature on
> AMD EPYC CPU
> 
> On Fri, Jun 08, 2018 at 07:36:05PM +, Moger, Babu wrote:
> >
> > > -Original Message-
> > > From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> > > Sent: Friday, June 8, 2018 2:23 PM
> > > To: Moger, Babu 
> > > Cc: m...@redhat.com; marcel.apfelb...@gmail.com;
> pbonz...@redhat.com;
> > > r...@twiddle.net; mtosa...@redhat.com; qemu-devel@nongnu.org;
> > > k...@vger.kernel.org; k...@tripleback.net; ge...@hostfission.com;
> Juan
> > > Quintela ; xiaoguangr...@tencent.com
> > > Subject: Re: [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC
> > > CPU
> > >
> > > On Fri, Jun 08, 2018 at 06:40:16PM +, Moger, Babu wrote:
> > > > Hi Eduardo,
> > > > Sorry for the late response. Got pulled into something else.
> > > >
> > > > > -Original Message-
> > > > > From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> > > > > Sent: Wednesday, June 6, 2018 5:40 PM
> > > > > To: Moger, Babu 
> > > > > Cc: m...@redhat.com; marcel.apfelb...@gmail.com;
> > > pbonz...@redhat.com;
> > > > > r...@twiddle.net; mtosa...@redhat.com; qemu-devel@nongnu.org;
> > > > > k...@vger.kernel.org; k...@tripleback.net; ge...@hostfission.com
> > > > > Subject: Re: [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD
> EPYC
> > > > > CPU
> > > > >
> > > > > On Wed, Jun 06, 2018 at 10:36:45AM -0400, Babu Moger wrote:
> > > > > > Enable TOPOEXT feature on EPYC CPU. This is required to support
> > > > > > hyperthreading on VM guests. Also extend xlevel to 0x801E.
> > > > > >
> > > > > > Disable TOPOEXT feature for legacy machines.
> > > > > >
> > > > > > Signed-off-by: Babu Moger 
> > > > >
> > > > > Now, I just noticed we have a problem here:
> > > > >
> > > > > "-machine pc -cpu EPYC -smp 64" works today
> > > > >
> > > > > This patch makes it stop working, but it shouldn't.
> > > >
> > > > No. It works fine. I have tested it.
> > >
> > > This doesn't sound right.  The code in this series will error out
> > > of TOPOEXT is enabled and you have more than 64 VCPUs.
> > >
> > > But I just noticed we have a bug introduced by:
> >
> > Oh.. Ok..  Let me retry again with the new patch.
> >
> > >
> > > commit f548222c24342ca74689de7794f9006b43f86a54
> > > Author: Xiao Guangrong 
> > > Date:   Thu May 3 16:06:11 2018 +0800
> > >
> > > migration: introduce decompress-error-check
> > >
> > > QEMU 3.0 enables strict check for compression & decompression to
> > > make the migration more robust, that depends on the source to fix
> > > the internal design which triggers the unexpected error conditions
> > >
> > > To make it work for migrating old version QEMU to 2.13 QEMU, we
> > > introduce this parameter to disable the error check on the
> > > destination which is the default behavior of the machine type
> > > which is older than 2.13, alternately, the strict check can be
> > > enabled explicitly as followings:
> > >   -M pc-q35-2.11 -global migration.decompress-error-check=true
> > >
> > > Signed-off-by: Xiao Guangrong 
> > > Reviewed-by: Juan Quintela 
> > > Signed-off-by: Juan Quintela 
> > >
> > > This commits added PC_COMPAT_2_12 to the 3.0 machine-types.
> > > Because of this bug, TOPOEXT is being unconditionally disabled on
> > > all machine-types, unless I apply the fix below:
> > >
> > >
> > > diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> > > index 3d81136065..b4c5b03274 100644
> > > --- a/hw/i386/pc_piix.c
> > > +++ b/hw/i386/pc_piix.c
> > > @@ -430,7 +430,6 @@ static void
> > > pc_i440fx_3_0_machine_options(MachineClass *m)
> > >  pc_i440fx_machine_options(m);
> > >  m->alias = "pc";
> > >  m->is_default = 1;
> > > -SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
> > >  }
> > >
> > >  DEFINE_I440FX_MACHINE(v3_0, "pc-i440fx-3.0", NULL,
> > > diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> > > index b60cbb9266..83d6d75efa 100644
> > > --- a/hw/i386/pc_q35.c
> > > +++ b/hw/i386/pc_q35.c
> > > @@ -312,7 +312,6 @@ static void
> > > pc_q35_3_0_machine_options(MachineClass *m)
> > >  {
> > >  pc_q35_machine_options(m);
> > >  m->alias = "q35";
> > > -SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
> > >  }
> > >
> > >  DEFINE_Q35_MACHINE(v3_0, "pc-q35-3.0", NULL,
> > >
> > > >
> > > > >
> > > > > On the other hand, I believe you expect:
> > > > > * "-machine pc -cpu EPYC -smp 8" to automatically enable topoext.
> > > > Yes. Only on new machines-types
> > > > > * "-machine pc -cpu Opteron_G1 -smp 8" to not enable topoext.
> > > > Yes.
> > > > > * What about "-machine -cpu Opteron_G1 -smp 8,threads=2"?

Re: [Qemu-devel] [qemu PATCH 2/5] acpi: "make check" should fail on asl mismatch

[Thomas Huth]

On 08.06.2018 20:41, Michael S. Tsirkin wrote:
> On Fri, Jun 08, 2018 at 07:23:06PM +0200, Thomas Huth wrote:
>> On 08.06.2018 18:24, Michael S. Tsirkin wrote:
>>> On Fri, Jun 08, 2018 at 05:16:30PM +0100, Peter Maydell wrote:
[...]
 If there's a situation that shouldn't exist in the tree (ie
 a bug), then make check should catch it, and result in a
 failure, not just printing random stuff to stderr. Otherwise
 I'm not going to notice it, whether I'm applying a pull request
 or an individual patch.

>>> It's ok if it happens, but it just makes debugging and reviewing
>>> ACPI patches a little bit harder until it's fixed.
>>
>> It's maybe ok for *you*, but this certainly confuses everybody else. If
>> I want to check my patches and suddenly some strange warnings are
>> popping up, I first assume that there is something wrong in my patches
>> (since I assume that the git repository is clean by default). So I've
>> got to waste my time debugging issues that are not my own. Thanks for
>> that :-/
> 
> Right so normally these do not pop out at all as I fix expected
> with a patch on top.

Apparently other people can also introduce changes that cause these
warnings. Anyway, I now "fixed" it here by uninstalling iasl, so never mind.

 Thomas

Re: [Qemu-devel] [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC CPU

[Eduardo Habkost]

On Fri, Jun 08, 2018 at 07:36:05PM +, Moger, Babu wrote:
> 
> > -Original Message-
> > From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> > Sent: Friday, June 8, 2018 2:23 PM
> > To: Moger, Babu 
> > Cc: m...@redhat.com; marcel.apfelb...@gmail.com; pbonz...@redhat.com;
> > r...@twiddle.net; mtosa...@redhat.com; qemu-devel@nongnu.org;
> > k...@vger.kernel.org; k...@tripleback.net; ge...@hostfission.com; Juan
> > Quintela ; xiaoguangr...@tencent.com
> > Subject: Re: [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC
> > CPU
> > 
> > On Fri, Jun 08, 2018 at 06:40:16PM +, Moger, Babu wrote:
> > > Hi Eduardo,
> > > Sorry for the late response. Got pulled into something else.
> > >
> > > > -Original Message-
> > > > From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> > > > Sent: Wednesday, June 6, 2018 5:40 PM
> > > > To: Moger, Babu 
> > > > Cc: m...@redhat.com; marcel.apfelb...@gmail.com;
> > pbonz...@redhat.com;
> > > > r...@twiddle.net; mtosa...@redhat.com; qemu-devel@nongnu.org;
> > > > k...@vger.kernel.org; k...@tripleback.net; ge...@hostfission.com
> > > > Subject: Re: [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC
> > > > CPU
> > > >
> > > > On Wed, Jun 06, 2018 at 10:36:45AM -0400, Babu Moger wrote:
> > > > > Enable TOPOEXT feature on EPYC CPU. This is required to support
> > > > > hyperthreading on VM guests. Also extend xlevel to 0x801E.
> > > > >
> > > > > Disable TOPOEXT feature for legacy machines.
> > > > >
> > > > > Signed-off-by: Babu Moger 
> > > >
> > > > Now, I just noticed we have a problem here:
> > > >
> > > > "-machine pc -cpu EPYC -smp 64" works today
> > > >
> > > > This patch makes it stop working, but it shouldn't.
> > >
> > > No. It works fine. I have tested it.
> > 
> > This doesn't sound right.  The code in this series will error out
> > of TOPOEXT is enabled and you have more than 64 VCPUs.
> > 
> > But I just noticed we have a bug introduced by:
> 
> Oh.. Ok..  Let me retry again with the new patch.
> 
> > 
> > commit f548222c24342ca74689de7794f9006b43f86a54
> > Author: Xiao Guangrong 
> > Date:   Thu May 3 16:06:11 2018 +0800
> > 
> > migration: introduce decompress-error-check
> > 
> > QEMU 3.0 enables strict check for compression & decompression to
> > make the migration more robust, that depends on the source to fix
> > the internal design which triggers the unexpected error conditions
> > 
> > To make it work for migrating old version QEMU to 2.13 QEMU, we
> > introduce this parameter to disable the error check on the
> > destination which is the default behavior of the machine type
> > which is older than 2.13, alternately, the strict check can be
> > enabled explicitly as followings:
> >   -M pc-q35-2.11 -global migration.decompress-error-check=true
> > 
> > Signed-off-by: Xiao Guangrong 
> > Reviewed-by: Juan Quintela 
> > Signed-off-by: Juan Quintela 
> > 
> > This commits added PC_COMPAT_2_12 to the 3.0 machine-types.
> > Because of this bug, TOPOEXT is being unconditionally disabled on
> > all machine-types, unless I apply the fix below:
> > 
> > 
> > diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> > index 3d81136065..b4c5b03274 100644
> > --- a/hw/i386/pc_piix.c
> > +++ b/hw/i386/pc_piix.c
> > @@ -430,7 +430,6 @@ static void
> > pc_i440fx_3_0_machine_options(MachineClass *m)
> >  pc_i440fx_machine_options(m);
> >  m->alias = "pc";
> >  m->is_default = 1;
> > -SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
> >  }
> > 
> >  DEFINE_I440FX_MACHINE(v3_0, "pc-i440fx-3.0", NULL,
> > diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> > index b60cbb9266..83d6d75efa 100644
> > --- a/hw/i386/pc_q35.c
> > +++ b/hw/i386/pc_q35.c
> > @@ -312,7 +312,6 @@ static void
> > pc_q35_3_0_machine_options(MachineClass *m)
> >  {
> >  pc_q35_machine_options(m);
> >  m->alias = "q35";
> > -SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
> >  }
> > 
> >  DEFINE_Q35_MACHINE(v3_0, "pc-q35-3.0", NULL,
> > 
> > >
> > > >
> > > > On the other hand, I believe you expect:
> > > > * "-machine pc -cpu EPYC -smp 8" to automatically enable topoext.
> > > Yes. Only on new machines-types
> > > > * "-machine pc -cpu Opteron_G1 -smp 8" to not enable topoext.
> > > Yes.
> > > > * What about "-machine -cpu Opteron_G1 -smp 8,threads=2"?
> > > No. This should not enable topoext.  Topoext is not supported by
> > Opteron_G1.
> > > This should warn about hyperthreading and continue.
> > 
> > OK, makes sense to me.
> > 
> > > >
> > > >
> > > > We also have other requirements, I will try to enumerate all of
> > > > them below:
> > > >
> > > > 0) "-topoext" explicitly configured (any machine-type):
> > > > * Must never enable topoext.
> > > Yes.
> > > >
> > > > 1) "+topoext" explicitly configured (any machine-type):
> > > > * Must validate topology and refuse to start if unsupported.
> > >
> > > Yes.
> > >
> > > >
> > > > 2) Older machine-types:
> > > > * Must never enable topoext automatically, even 

Re: [Qemu-devel] [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC CPU

[Moger, Babu]

> -Original Message-
> From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> Sent: Friday, June 8, 2018 2:23 PM
> To: Moger, Babu 
> Cc: m...@redhat.com; marcel.apfelb...@gmail.com; pbonz...@redhat.com;
> r...@twiddle.net; mtosa...@redhat.com; qemu-devel@nongnu.org;
> k...@vger.kernel.org; k...@tripleback.net; ge...@hostfission.com; Juan
> Quintela ; xiaoguangr...@tencent.com
> Subject: Re: [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC
> CPU
> 
> On Fri, Jun 08, 2018 at 06:40:16PM +, Moger, Babu wrote:
> > Hi Eduardo,
> > Sorry for the late response. Got pulled into something else.
> >
> > > -Original Message-
> > > From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> > > Sent: Wednesday, June 6, 2018 5:40 PM
> > > To: Moger, Babu 
> > > Cc: m...@redhat.com; marcel.apfelb...@gmail.com;
> pbonz...@redhat.com;
> > > r...@twiddle.net; mtosa...@redhat.com; qemu-devel@nongnu.org;
> > > k...@vger.kernel.org; k...@tripleback.net; ge...@hostfission.com
> > > Subject: Re: [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC
> > > CPU
> > >
> > > On Wed, Jun 06, 2018 at 10:36:45AM -0400, Babu Moger wrote:
> > > > Enable TOPOEXT feature on EPYC CPU. This is required to support
> > > > hyperthreading on VM guests. Also extend xlevel to 0x801E.
> > > >
> > > > Disable TOPOEXT feature for legacy machines.
> > > >
> > > > Signed-off-by: Babu Moger 
> > >
> > > Now, I just noticed we have a problem here:
> > >
> > > "-machine pc -cpu EPYC -smp 64" works today
> > >
> > > This patch makes it stop working, but it shouldn't.
> >
> > No. It works fine. I have tested it.
> 
> This doesn't sound right.  The code in this series will error out
> of TOPOEXT is enabled and you have more than 64 VCPUs.
> 
> But I just noticed we have a bug introduced by:

Oh.. Ok..  Let me retry again with the new patch.

> 
> commit f548222c24342ca74689de7794f9006b43f86a54
> Author: Xiao Guangrong 
> Date:   Thu May 3 16:06:11 2018 +0800
> 
> migration: introduce decompress-error-check
> 
> QEMU 3.0 enables strict check for compression & decompression to
> make the migration more robust, that depends on the source to fix
> the internal design which triggers the unexpected error conditions
> 
> To make it work for migrating old version QEMU to 2.13 QEMU, we
> introduce this parameter to disable the error check on the
> destination which is the default behavior of the machine type
> which is older than 2.13, alternately, the strict check can be
> enabled explicitly as followings:
>   -M pc-q35-2.11 -global migration.decompress-error-check=true
> 
> Signed-off-by: Xiao Guangrong 
> Reviewed-by: Juan Quintela 
> Signed-off-by: Juan Quintela 
> 
> This commits added PC_COMPAT_2_12 to the 3.0 machine-types.
> Because of this bug, TOPOEXT is being unconditionally disabled on
> all machine-types, unless I apply the fix below:
> 
> 
> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> index 3d81136065..b4c5b03274 100644
> --- a/hw/i386/pc_piix.c
> +++ b/hw/i386/pc_piix.c
> @@ -430,7 +430,6 @@ static void
> pc_i440fx_3_0_machine_options(MachineClass *m)
>  pc_i440fx_machine_options(m);
>  m->alias = "pc";
>  m->is_default = 1;
> -SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
>  }
> 
>  DEFINE_I440FX_MACHINE(v3_0, "pc-i440fx-3.0", NULL,
> diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> index b60cbb9266..83d6d75efa 100644
> --- a/hw/i386/pc_q35.c
> +++ b/hw/i386/pc_q35.c
> @@ -312,7 +312,6 @@ static void
> pc_q35_3_0_machine_options(MachineClass *m)
>  {
>  pc_q35_machine_options(m);
>  m->alias = "q35";
> -SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
>  }
> 
>  DEFINE_Q35_MACHINE(v3_0, "pc-q35-3.0", NULL,
> 
> >
> > >
> > > On the other hand, I believe you expect:
> > > * "-machine pc -cpu EPYC -smp 8" to automatically enable topoext.
> > Yes. Only on new machines-types
> > > * "-machine pc -cpu Opteron_G1 -smp 8" to not enable topoext.
> > Yes.
> > > * What about "-machine -cpu Opteron_G1 -smp 8,threads=2"?
> > No. This should not enable topoext.  Topoext is not supported by
> Opteron_G1.
> > This should warn about hyperthreading and continue.
> 
> OK, makes sense to me.
> 
> > >
> > >
> > > We also have other requirements, I will try to enumerate all of
> > > them below:
> > >
> > > 0) "-topoext" explicitly configured (any machine-type):
> > > * Must never enable topoext.
> > Yes.
> > >
> > > 1) "+topoext" explicitly configured (any machine-type):
> > > * Must validate topology and refuse to start if unsupported.
> >
> > Yes.
> >
> > >
> > > 2) Older machine-types:
> > > * Must never enable topoext automatically, even if using "EPYC"
> > >   or "threads=2"
> > >
> > Yes.
> >
> > > 3) "EPYC" CPU model (on new machine-types):
> > > * Should enable topoext automatically, but only if topology is
> > >   supported.
> > > * Must not error out if topology is not supported.
> > In new machine types we will enable topoext for "EPYC" CPU model.
> > 

Re: [Qemu-devel] [qemu PATCH 5/5] nvdimm: make persistence option symbolic

[Michael S. Tsirkin]

On Thu, Jun 07, 2018 at 04:31:11PM -0600, Ross Zwisler wrote:
> Replace the "nvdimm-cap" option which took numeric arguments such as "2"
> with a more user friendly "nvdimm-persistence" option which takes symbolic
> arguments "cpu" or "mem-ctrl".
> 
> Signed-off-by: Ross Zwisler 
> Suggested-by: Michael S. Tsirkin 
> Suggested-by: Dan Williams 

Acked-by: Michael S. Tsirkin 

> ---
>  docs/nvdimm.txt  | 31 ---
>  hw/acpi/nvdimm.c |  4 ++--
>  hw/i386/pc.c | 35 +--
>  include/hw/i386/pc.h |  2 +-
>  include/hw/mem/nvdimm.h  |  3 ++-
>  tests/bios-tables-test.c |  2 +-
>  6 files changed, 35 insertions(+), 42 deletions(-)
> 
> diff --git a/docs/nvdimm.txt b/docs/nvdimm.txt
> index 8b48fb4633..24b443b655 100644
> --- a/docs/nvdimm.txt
> +++ b/docs/nvdimm.txt
> @@ -154,29 +154,22 @@ guest software that this vNVDIMM device contains a 
> region that cannot
>  accept persistent writes. In result, for example, the guest Linux
>  NVDIMM driver, marks such vNVDIMM device as read-only.
>  
> -Platform Capabilities
> --
> +NVDIMM Persistence
> +--
>  
>  ACPI 6.2 Errata A added support for a new Platform Capabilities Structure
>  which allows the platform to communicate what features it supports related to
> -NVDIMM data durability.  Users can provide a capabilities value to a guest 
> via
> -the optional "nvdimm-cap" machine command line option:
> +NVDIMM data persistence.  Users can provide a persistence value to a guest 
> via
> +the optional "nvdimm-persistence" machine command line option:
>  
> --machine pc,accel=kvm,nvdimm,nvdimm-cap=2
> +-machine pc,accel=kvm,nvdimm,nvdimm-persistence=cpu
>  
> -This "nvdimm-cap" field is an integer, and is the combined value of the
> -various capability bits defined in table 5-137 of the ACPI 6.2 Errata A spec.
> +There are currently two valid values for this option:
>  
> -Here is a quick summary of the three bits that are defined as of that spec:
> +"mem-ctrl" - The platform supports flushing dirty data from the memory
> + controller to the NVDIMMs in the event of power loss.
>  
> -Bit[0] - CPU Cache Flush to NVDIMM Durability on Power Loss Capable.
> -Bit[1] - Memory Controller Flush to NVDIMM Durability on Power Loss Capable.
> - Note: If bit 0 is set to 1 then this bit shall be set to 1 as well.
> -Bit[2] - Byte Addressable Persistent Memory Hardware Mirroring Capable.
> -
> -So, a "nvdimm-cap" value of 2 would mean that the platform supports Memory
> -Controller Flush on Power Loss, a value of 3 would mean that the platform
> -supports CPU Cache Flush and Memory Controller Flush on Power Loss, etc.
> -
> -For a complete list of the flags available and for more detailed 
> descriptions,
> -please consult the ACPI spec.
> +"cpu"  - The platform supports flushing dirty data from the CPU cache to
> + the NVDIMMs in the event of power loss.  This implies that the
> + platform also supports flushing dirty data through the memory
> + controller on power loss.
> diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
> index 87e4280c71..27eeb6609f 100644
> --- a/hw/acpi/nvdimm.c
> +++ b/hw/acpi/nvdimm.c
> @@ -404,8 +404,8 @@ static GArray 
> *nvdimm_build_device_structure(AcpiNVDIMMState *state)
>  }
>  g_slist_free(device_list);
>  
> -if (state->capabilities) {
> -nvdimm_build_structure_caps(structures, state->capabilities);
> +if (state->persistence) {
> +nvdimm_build_structure_caps(structures, state->persistence);
>  }
>  
>  return structures;
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index f3befe6721..5bba9dcf5a 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -2181,31 +2181,30 @@ static void pc_machine_set_nvdimm(Object *obj, bool 
> value, Error **errp)
>  pcms->acpi_nvdimm_state.is_enabled = value;
>  }
>  
> -static void pc_machine_get_nvdimm_capabilities(Object *obj, Visitor *v,
> -   const char *name, void 
> *opaque,
> -   Error **errp)
> +static char *pc_machine_get_nvdimm_persistence(Object *obj, Error **errp)
>  {
>  PCMachineState *pcms = PC_MACHINE(obj);
> -uint32_t value = pcms->acpi_nvdimm_state.capabilities;
>  
> -visit_type_uint32(v, name, , errp);
> +return g_strdup(pcms->acpi_nvdimm_state.persistence_string);
>  }
>  
> -static void pc_machine_set_nvdimm_capabilities(Object *obj, Visitor *v,
> -   const char *name, void 
> *opaque,
> +static void pc_machine_set_nvdimm_persistence(Object *obj, const char *value,
> Error **errp)
>  {
>  PCMachineState *pcms = PC_MACHINE(obj);
> -Error *error = NULL;
> -uint32_t value;
> -
> -visit_type_uint32(v, name, , );
> -if (error) {
> -error_propagate(errp, 

Re: [Qemu-devel] [PATCH v2 0/5] block dirty bitmaps: support libvirt API

[John Snow]

On 06/06/2018 02:24 PM, John Snow wrote:
> This is largely the same series that Vladimir sent in January, but at
> the time I was unsure of if we'd want these commands or not in QEMU.
> 
> After discussing with Virtuozzo their plans for a checkpoint-like API
> implemented primarily in libvirt, I agree that these commands are at
> least tentatively useful.
> 
> Eric Blake is currently writing a counter-proposal and demo API to show
> to Virtuozzo on libvirt's development list. Check in these QMP commands
> with the experimental prefix 'x-' for now so that it can be used for
> prototyping.
> 
> Once the design for the libvirt API looks reasonably final I will
> remove the 'x-' prefixes, or, if we wind up not using these particular
> commands I will delete them entirely.
> 
> v4:
>  - Reinstated Vladimir's authorship credit on all patches
>  - Switched 2.12 to 3.0
>  - Edited doc to clarify failure mode for merge (Jeff)
>  - Removed !bs check where applicable (Jeff)
> 
> v3:
>  - Drop patch one (already merged)
>  - Minor phrasing adjustments to documentation
>  - Removed >bs argument to bitmap lookup for enable/disable
>  - Added x- prefix to all three commands and to add's new argument.
> 
> Vladimir's original cover letter is below:
> 
> There are three qmp commands, needed to implement external backup API.
> 
> Using these three commands, client may do all needed bitmap management by
> hand:
> 
> on backup start we need to do a transaction:
>  {disable old bitmap, create new bitmap}
> 
> on backup success:
>  drop old bitmap
> 
> on backup fail:
>  enable old bitmap
>  merge new bitmap to old bitmap
>  drop new bitmap
> 
> Vladimir Sementsov-Ogievskiy (5):
>   block/dirty-bitmap: add lock to bdrv_enable/disable_dirty_bitmap
>   qapi: add x-block-dirty-bitmap-enable/disable
>   qmp: transaction support for x-block-dirty-bitmap-enable/disable
>   qapi: add x-block-dirty-bitmap-merge
>   qapi: add disabled parameter to block-dirty-bitmap-add
> 
>  block/dirty-bitmap.c |  24 ++-
>  blockdev.c   | 163 
> ++-
>  include/block/dirty-bitmap.h |   3 +-
>  qapi/block-core.json |  86 ++-
>  qapi/transaction.json|   4 ++
>  5 files changed, 275 insertions(+), 5 deletions(-)
> 

Hmm, I sorta-maybe have jurisdiction on this, but it touches more
blockdev.c and qapi/block-core.json than it does block/dirty-bitmap.c.

I'm gonna send a PR for this and if I was wrong about that, Kevin, just
veto the PR thread.

--js

[Qemu-devel] [PATCH] pc: Remove PC_COMPAT_2_12 from 3.0 machine-types

[Eduardo Habkost]

commit f548222c added PC_COMPAT_2_12 to the 3.0 PC machine-types.
I believe this happened during manual conflict resolution when
applying the patch.

Cc: Xiao Guangrong 
Cc: Juan Quintela 
Fixes: f548222c24342ca74689de7794f9006b43f86a54
Signed-off-by: Eduardo Habkost 
---
 hw/i386/pc_piix.c | 1 -
 hw/i386/pc_q35.c  | 1 -
 2 files changed, 2 deletions(-)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 3d81136065..b4c5b03274 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -430,7 +430,6 @@ static void pc_i440fx_3_0_machine_options(MachineClass *m)
 pc_i440fx_machine_options(m);
 m->alias = "pc";
 m->is_default = 1;
-SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
 }
 
 DEFINE_I440FX_MACHINE(v3_0, "pc-i440fx-3.0", NULL,
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index b60cbb9266..83d6d75efa 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -312,7 +312,6 @@ static void pc_q35_3_0_machine_options(MachineClass *m)
 {
 pc_q35_machine_options(m);
 m->alias = "q35";
-SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
 }
 
 DEFINE_Q35_MACHINE(v3_0, "pc-q35-3.0", NULL,
-- 
2.18.0.rc1.1.g3f1ff2140

Re: [Qemu-devel] [PATCH RESEND] Makefile: Remove qemu-version.h and qemu-options.def during 'make distclean'

[Eric Blake]

On 06/08/2018 02:01 PM, Philippe Mathieu-Daudé wrote:

qemu-version.h and qemu-options.def are generated files
that should be deleted during 'make distclean'.

This solves building issues with out-of-tree builds from
a source tree that has been built in (see d1bd2423a90):


Well, it prevents future repeats of the problem. It does not "fix" 
existing incremental builds that already have the problem.  But I'm 
still in favor of this change.




Signed-off-by: Philippe Mathieu-Daudé 
---
resend: Cc Peter, removed dup line in comment

  Makefile | 1 +
  1 file changed, 1 insertion(+)



Reviewed-by: Eric Blake 


diff --git a/Makefile b/Makefile
index 023b3437ec..7ae453ffa2 100644
--- a/Makefile
+++ b/Makefile
@@ -757,6 +757,7 @@ qemu-%.tar.bz2:
  distclean: clean
rm -f config-host.mak config-host.h* config-host.ld $(DOCS) 
qemu-options.texi qemu-img-cmds.texi qemu-monitor.texi qemu-monitor-info.texi
rm -f config-all-devices.mak config-all-disas.mak config.status
+   rm -f qemu-version.h qemu-options.def
rm -f po/*.mo tests/qemu-iotests/common.env
rm -f roms/seabios/config.mak roms/vgabios/config.mak
rm -f qemu-doc.info qemu-doc.aux qemu-doc.cp qemu-doc.cps



--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC CPU

[Eduardo Habkost]

On Fri, Jun 08, 2018 at 06:40:16PM +, Moger, Babu wrote:
> Hi Eduardo, 
> Sorry for the late response. Got pulled into something else.
> 
> > -Original Message-
> > From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> > Sent: Wednesday, June 6, 2018 5:40 PM
> > To: Moger, Babu 
> > Cc: m...@redhat.com; marcel.apfelb...@gmail.com; pbonz...@redhat.com;
> > r...@twiddle.net; mtosa...@redhat.com; qemu-devel@nongnu.org;
> > k...@vger.kernel.org; k...@tripleback.net; ge...@hostfission.com
> > Subject: Re: [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC
> > CPU
> > 
> > On Wed, Jun 06, 2018 at 10:36:45AM -0400, Babu Moger wrote:
> > > Enable TOPOEXT feature on EPYC CPU. This is required to support
> > > hyperthreading on VM guests. Also extend xlevel to 0x801E.
> > >
> > > Disable TOPOEXT feature for legacy machines.
> > >
> > > Signed-off-by: Babu Moger 
> > 
> > Now, I just noticed we have a problem here:
> > 
> > "-machine pc -cpu EPYC -smp 64" works today
> > 
> > This patch makes it stop working, but it shouldn't.
> 
> No. It works fine. I have tested it.

This doesn't sound right.  The code in this series will error out
of TOPOEXT is enabled and you have more than 64 VCPUs.

But I just noticed we have a bug introduced by:

commit f548222c24342ca74689de7794f9006b43f86a54
Author: Xiao Guangrong 
Date:   Thu May 3 16:06:11 2018 +0800

migration: introduce decompress-error-check

QEMU 3.0 enables strict check for compression & decompression to
make the migration more robust, that depends on the source to fix
the internal design which triggers the unexpected error conditions

To make it work for migrating old version QEMU to 2.13 QEMU, we
introduce this parameter to disable the error check on the
destination which is the default behavior of the machine type
which is older than 2.13, alternately, the strict check can be
enabled explicitly as followings:
  -M pc-q35-2.11 -global migration.decompress-error-check=true

Signed-off-by: Xiao Guangrong 
Reviewed-by: Juan Quintela 
Signed-off-by: Juan Quintela 

This commits added PC_COMPAT_2_12 to the 3.0 machine-types.
Because of this bug, TOPOEXT is being unconditionally disabled on
all machine-types, unless I apply the fix below:


diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 3d81136065..b4c5b03274 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -430,7 +430,6 @@ static void pc_i440fx_3_0_machine_options(MachineClass *m)
 pc_i440fx_machine_options(m);
 m->alias = "pc";
 m->is_default = 1;
-SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
 }
 
 DEFINE_I440FX_MACHINE(v3_0, "pc-i440fx-3.0", NULL,
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index b60cbb9266..83d6d75efa 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -312,7 +312,6 @@ static void pc_q35_3_0_machine_options(MachineClass *m)
 {
 pc_q35_machine_options(m);
 m->alias = "q35";
-SET_MACHINE_COMPAT(m, PC_COMPAT_2_12);
 }
 
 DEFINE_Q35_MACHINE(v3_0, "pc-q35-3.0", NULL,

> 
> > 
> > On the other hand, I believe you expect:
> > * "-machine pc -cpu EPYC -smp 8" to automatically enable topoext.
> Yes. Only on new machines-types
> > * "-machine pc -cpu Opteron_G1 -smp 8" to not enable topoext.
> Yes.
> > * What about "-machine -cpu Opteron_G1 -smp 8,threads=2"?
> No. This should not enable topoext.  Topoext is not supported by Opteron_G1.
> This should warn about hyperthreading and continue.

OK, makes sense to me.

> > 
> > 
> > We also have other requirements, I will try to enumerate all of
> > them below:
> > 
> > 0) "-topoext" explicitly configured (any machine-type):
> > * Must never enable topoext.
> Yes.
> > 
> > 1) "+topoext" explicitly configured (any machine-type):
> > * Must validate topology and refuse to start if unsupported.
> 
> Yes.
> 
> > 
> > 2) Older machine-types:
> > * Must never enable topoext automatically, even if using "EPYC"
> >   or "threads=2"
> > 
> Yes.
> 
> > 3) "EPYC" CPU model (on new machine-types):
> > * Should enable topoext automatically, but only if topology is
> >   supported.
> > * Must not error out if topology is not supported.
> In new machine types we will enable topoext for "EPYC" CPU model.
> Right now(old machine type) we can disable for all the CPU models. 
> So, we don't need two bits(topoext and auto-topoext)

Right, so you agree that in this case we must _not_ error out if
topology is unsupported, correct?  Otherwise we will break this
existing use case:
  "-machine pc -cpu EPYC -smp 64".

> 
> I thought we should error out if topology cannot be supported. But we can 
> warn(disable topoext) and continue that is another option.
> 
> > * Should this enable topoext automatically even if threads=1?
> 
> Yes. We should enable even with threads=1.
> 
> > 
> > 4) Other AMD CPU models with "threads=2" (on new machine-types):
> > * We might want to make this enable topoext automatically, too.
> >   What do you think?
> 
>   No. We should not 

Re: [Qemu-devel] [PATCH] Purge uses of banned g_assert_FOO()

[John Snow]

On 06/08/2018 01:02 PM, Markus Armbruster wrote:
> We banned use of certain g_assert_FOO() functions outside tests, and
> made checkpatch.pl flag them (commit 6e9389563e5).  We neglected to
> purge existing uses.  Do that now.
> 
> Signed-off-by: Markus Armbruster 

I've apparently got a real knack for using APIs that I ought not to.

The commit message for 6e93... makes sense, though, so this does too.

Reviewed-by: John Snow 


> ---
>  hw/ide/ahci.c |  2 +-
>  hw/ppc/spapr_ovec.c   | 12 ++--
>  hw/usb/dev-smartcard-reader.c |  2 +-
>  qom/object.c  | 10 +-
>  util/qht.c|  2 +-
>  5 files changed, 14 insertions(+), 14 deletions(-)
> 
> diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
> index 24dbad5125..75cccbea47 100644
> --- a/hw/ide/ahci.c
> +++ b/hw/ide/ahci.c
> @@ -387,7 +387,7 @@ static uint64_t ahci_mem_read(void *opaque, hwaddr addr, 
> unsigned size)
>  if (ofst + size <= 4) {
>  val = lo >> (ofst * 8);
>  } else {
> -g_assert_cmpint(size, >, 1);
> +g_assert(size > 1);
>  
>  /* If the 64bit read is unaligned, we will produce undefined
>   * results. AHCI does not support unaligned 64bit reads. */
> diff --git a/hw/ppc/spapr_ovec.c b/hw/ppc/spapr_ovec.c
> index 41df4c35ba..318bf33de4 100644
> --- a/hw/ppc/spapr_ovec.c
> +++ b/hw/ppc/spapr_ovec.c
> @@ -113,7 +113,7 @@ void spapr_ovec_cleanup(sPAPROptionVector *ov)
>  void spapr_ovec_set(sPAPROptionVector *ov, long bitnr)
>  {
>  g_assert(ov);
> -g_assert_cmpint(bitnr, <, OV_MAXBITS);
> +g_assert(bitnr < OV_MAXBITS);
>  
>  set_bit(bitnr, ov->bitmap);
>  }
> @@ -121,7 +121,7 @@ void spapr_ovec_set(sPAPROptionVector *ov, long bitnr)
>  void spapr_ovec_clear(sPAPROptionVector *ov, long bitnr)
>  {
>  g_assert(ov);
> -g_assert_cmpint(bitnr, <, OV_MAXBITS);
> +g_assert(bitnr < OV_MAXBITS);
>  
>  clear_bit(bitnr, ov->bitmap);
>  }
> @@ -129,7 +129,7 @@ void spapr_ovec_clear(sPAPROptionVector *ov, long bitnr)
>  bool spapr_ovec_test(sPAPROptionVector *ov, long bitnr)
>  {
>  g_assert(ov);
> -g_assert_cmpint(bitnr, <, OV_MAXBITS);
> +g_assert(bitnr < OV_MAXBITS);
>  
>  return test_bit(bitnr, ov->bitmap) ? true : false;
>  }
> @@ -186,7 +186,7 @@ sPAPROptionVector *spapr_ovec_parse_vector(target_ulong 
> table_addr, int vector)
>  int i;
>  
>  g_assert(table_addr);
> -g_assert_cmpint(vector, >=, 1); /* vector numbering starts at 1 */
> +g_assert(vector >= 1);  /* vector numbering starts at 1 */
>  
>  addr = vector_addr(table_addr, vector);
>  if (!addr) {
> @@ -195,7 +195,7 @@ sPAPROptionVector *spapr_ovec_parse_vector(target_ulong 
> table_addr, int vector)
>  }
>  
>  vector_len = ldub_phys(_space_memory, addr++) + 1;
> -g_assert_cmpint(vector_len, <=, OV_MAXBYTES);
> +g_assert(vector_len <= OV_MAXBYTES);
>  ov = spapr_ovec_new();
>  
>  for (i = 0; i < vector_len; i++) {
> @@ -225,7 +225,7 @@ int spapr_ovec_populate_dt(void *fdt, int fdt_offset,
>   * encoding/sizing expected in ibm,client-architecture-support
>   */
>  vec_len = (lastbit == OV_MAXBITS) ? 1 : lastbit / BITS_PER_BYTE + 1;
> -g_assert_cmpint(vec_len, <=, OV_MAXBYTES);
> +g_assert(vec_len <= OV_MAXBYTES);
>  /* guest expects vector len encoded as vec_len - 1, since the length byte
>   * is assumed and not included, and the first byte of the vector
>   * is assumed as well
> diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
> index 2131e33d27..13d0befd9c 100644
> --- a/hw/usb/dev-smartcard-reader.c
> +++ b/hw/usb/dev-smartcard-reader.c
> @@ -786,7 +786,7 @@ static void ccid_write_data_block(USBCCIDState *s, 
> uint8_t slot, uint8_t seq,
>  DPRINTF(s, D_VERBOSE, "error %d\n", p->b.bError);
>  }
>  if (len) {
> -g_assert_nonnull(data);
> +assert(data);
>  memcpy(p->abData, data, len);
>  }
>  ccid_reset_error_status(s);
> diff --git a/qom/object.c b/qom/object.c
> index cb7a8cd589..794bd9a3f5 100644
> --- a/qom/object.c
> +++ b/qom/object.c
> @@ -295,7 +295,7 @@ static void type_initialize(TypeImpl *ti)
>  GSList *e;
>  int i;
>  
> -g_assert_cmpint(parent->class_size, <=, ti->class_size);
> +g_assert(parent->class_size <= ti->class_size);
>  memcpy(ti->class, parent->class, parent->class_size);
>  ti->class->interfaces = NULL;
>  ti->class->properties = g_hash_table_new_full(
> @@ -372,9 +372,9 @@ static void object_initialize_with_type(void *data, 
> size_t size, TypeImpl *type)
>  g_assert(type != NULL);
>  type_initialize(type);
>  
> -g_assert_cmpint(type->instance_size, >=, sizeof(Object));
> +g_assert(type->instance_size >= sizeof(Object));
>  g_assert(type->abstract == false);
> -g_assert_cmpint(size, >=, type->instance_size);
> +g_assert(size >= type->instance_size);
>  
>

[Qemu-devel] [PATCH 2/3] qcow2: refactor data compression

[Vladimir Sementsov-Ogievskiy]

Make a separate function for compression to be parallelized later.
 - use .avail_aut field instead of .next_out to calculate size of
   compressed data. It looks more natural and it allows to keep dest to
   be void pointer
 - set avail_out to be at least one byte less than input, to be sure
   avoid inefficient compression earlier

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/qcow2.c | 74 +--
 1 file changed, 47 insertions(+), 27 deletions(-)

diff --git a/block/qcow2.c b/block/qcow2.c
index 549fee9b69..d4dbe329ab 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -22,11 +22,13 @@
  * THE SOFTWARE.
  */
 
+#define ZLIB_CONST
+#include 
+
 #include "qemu/osdep.h"
 #include "block/block_int.h"
 #include "sysemu/block-backend.h"
 #include "qemu/module.h"
-#include 
 #include "qcow2.h"
 #include "qemu/error-report.h"
 #include "qapi/error.h"
@@ -3674,6 +3676,45 @@ static int qcow2_truncate(BlockDriverState *bs, int64_t 
offset,
 return 0;
 }
 
+/* qcow2_compress()
+ *
+ * @dest - destination buffer, at least of @size-1 bytes
+ * @src - source buffer, @size bytes
+ *
+ * Returns: compressed size on success
+ *  -1 if compression is inefficient
+ *  -2 on any other error
+ */
+static ssize_t qcow2_compress(void *dest, const void *src, size_t size)
+{
+ssize_t ret;
+z_stream strm;
+
+/* best compression, small window, no zlib header */
+memset(, 0, sizeof(strm));
+ret = deflateInit2(, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
+   -12, 9, Z_DEFAULT_STRATEGY);
+if (ret != 0) {
+return -2;
+}
+
+strm.avail_in = size;
+strm.next_in = src;
+strm.avail_out = size - 1;
+strm.next_out = dest;
+
+ret = deflate(, Z_FINISH);
+if (ret == Z_STREAM_END) {
+ret = size - 1 - strm.avail_out;
+} else {
+ret = (ret == Z_OK ? -1 : -2);
+}
+
+deflateEnd();
+
+return ret;
+}
+
 /* XXX: put compressed sectors first, then all the cluster aligned
tables to avoid losing bytes in alignment */
 static coroutine_fn int
@@ -3683,8 +3724,8 @@ qcow2_co_pwritev_compressed(BlockDriverState *bs, 
uint64_t offset,
 BDRVQcow2State *s = bs->opaque;
 QEMUIOVector hd_qiov;
 struct iovec iov;
-z_stream strm;
-int ret, out_len;
+int ret;
+size_t out_len;
 uint8_t *buf, *out_buf;
 int64_t cluster_offset;
 
@@ -3717,32 +3758,11 @@ qcow2_co_pwritev_compressed(BlockDriverState *bs, 
uint64_t offset,
 
 out_buf = g_malloc(s->cluster_size);
 
-/* best compression, small window, no zlib header */
-memset(, 0, sizeof(strm));
-ret = deflateInit2(, Z_DEFAULT_COMPRESSION,
-   Z_DEFLATED, -12,
-   9, Z_DEFAULT_STRATEGY);
-if (ret != 0) {
-ret = -EINVAL;
-goto fail;
-}
-
-strm.avail_in = s->cluster_size;
-strm.next_in = (uint8_t *)buf;
-strm.avail_out = s->cluster_size;
-strm.next_out = out_buf;
-
-ret = deflate(, Z_FINISH);
-if (ret != Z_STREAM_END && ret != Z_OK) {
-deflateEnd();
+out_len = qcow2_compress(out_buf, buf, s->cluster_size);
+if (out_len == -2) {
 ret = -EINVAL;
 goto fail;
-}
-out_len = strm.next_out - out_buf;
-
-deflateEnd();
-
-if (ret != Z_STREAM_END || out_len >= s->cluster_size) {
+} else if (out_len == -1) {
 /* could not compress: write normal cluster */
 ret = qcow2_co_pwritev(bs, offset, bytes, qiov, 0);
 if (ret < 0) {
-- 
2.11.1

[Qemu-devel] [PATCH 3/3] qcow2: add compress threads

[Vladimir Sementsov-Ogievskiy]

Do data compression in separate threads. This significantly improve
performance for qemu-img convert with -W (allow async writes) and -c
(compressed) options.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/qcow2.h |  3 +++
 block/qcow2.c | 62 ++-
 2 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/block/qcow2.h b/block/qcow2.h
index 01b5250415..0bd21623c2 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -326,6 +326,9 @@ typedef struct BDRVQcow2State {
  * override) */
 char *image_backing_file;
 char *image_backing_format;
+
+CoQueue compress_wait_queue;
+int nb_compress_threads;
 } BDRVQcow2State;
 
 typedef struct Qcow2COWRegion {
diff --git a/block/qcow2.c b/block/qcow2.c
index d4dbe329ab..91465893e2 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -42,6 +42,7 @@
 #include "qapi/qobject-input-visitor.h"
 #include "qapi/qapi-visit-block-core.h"
 #include "crypto.h"
+#include "block/thread-pool.h"
 
 /*
   Differences with QCOW:
@@ -1544,6 +1545,9 @@ static int coroutine_fn qcow2_do_open(BlockDriverState 
*bs, QDict *options,
 qcow2_check_refcounts(bs, , 0);
 }
 #endif
+
+qemu_co_queue_init(>compress_wait_queue);
+
 return ret;
 
  fail:
@@ -3715,6 +3719,62 @@ static ssize_t qcow2_compress(void *dest, const void 
*src, size_t size)
 return ret;
 }
 
+#define MAX_COMPRESS_THREADS 4
+
+typedef struct Qcow2CompressData {
+void *dest;
+const void *src;
+size_t size;
+ssize_t ret;
+} Qcow2CompressData;
+
+static int qcow2_compress_pool_func(void *opaque)
+{
+Qcow2CompressData *data = opaque;
+
+data->ret = qcow2_compress(data->dest, data->src, data->size);
+
+return 0;
+}
+
+static void qcow2_compress_complete(void *opaque, int ret)
+{
+qemu_coroutine_enter(opaque);
+}
+
+/* See qcow2_compress definition for parameters description */
+static ssize_t qcow2_co_compress(BlockDriverState *bs,
+ void *dest, const void *src, size_t size)
+{
+BDRVQcow2State *s = bs->opaque;
+BlockAIOCB *acb;
+ThreadPool *pool = aio_get_thread_pool(bdrv_get_aio_context(bs));
+Qcow2CompressData arg = {
+.dest = dest,
+.src = src,
+.size = size,
+};
+
+while (s->nb_compress_threads >= MAX_COMPRESS_THREADS) {
+qemu_co_queue_wait(>compress_wait_queue, NULL);
+}
+
+s->nb_compress_threads++;
+acb = thread_pool_submit_aio(pool, qcow2_compress_pool_func, ,
+ qcow2_compress_complete,
+ qemu_coroutine_self());
+
+if (!acb) {
+s->nb_compress_threads--;
+return -EINVAL;
+}
+qemu_coroutine_yield();
+s->nb_compress_threads--;
+qemu_co_queue_next(>compress_wait_queue);
+
+return arg.ret;
+}
+
 /* XXX: put compressed sectors first, then all the cluster aligned
tables to avoid losing bytes in alignment */
 static coroutine_fn int
@@ -3758,7 +3818,7 @@ qcow2_co_pwritev_compressed(BlockDriverState *bs, 
uint64_t offset,
 
 out_buf = g_malloc(s->cluster_size);
 
-out_len = qcow2_compress(out_buf, buf, s->cluster_size);
+out_len = qcow2_co_compress(bs, out_buf, buf, s->cluster_size);
 if (out_len == -2) {
 ret = -EINVAL;
 goto fail;
-- 
2.11.1

[Qemu-devel] [PATCH 0/3] qcow2 compress threads

[Vladimir Sementsov-Ogievskiy]

Hi all!

Here are compress threads for qcow2, to increase performance of
compressed writes.

I've created the following test:

[]# cat ../gen.sh 
#!/bin/bash

echo 'create pattern-file t_pat'

./qemu-img create -f raw t_pat 1000m
./qemu-io -c 'write -P 0xab 0 1000m' t_pat

echo 'create randod t_rand'

dd if=/dev/urandom of=t_rand bs=1M count=1000

[]# cat ../test.sh 
#!/bin/bash

rm -f t_out

echo 'test pattern-file compression'

time ./qemu-img convert -W -f raw -O qcow2 -c t_pat t_out

rm -f t_out

echo 'test random-file compression'

time ./qemu-img convert -W -f raw -O qcow2 -c t_rand t_out

rm -f t_out


and results before the series (and without -W flag):

test pattern-file compression

real0m16.658s
user0m16.450s
sys 0m0.628s
test random-file compression

real0m24.194s
user0m24.361s
sys 0m0.395s

results with -W flag, after first patch:

test pattern-file compression

real0m16.242s
user0m16.895s
sys 0m0.080s
test random-file compression

real0m23.450s
user0m23.767s
sys 0m1.085s

results with -W flag, after third patch:

test pattern-file compression

real0m5.747s
user0m22.637s
sys 0m0.393s
test random-file compression

real0m8.402s
user0m33.315s
sys 0m0.926s

So, we see significant performance gain. But this of course don't work
without -W flag.

results without -W flag, after third patch:

test pattern-file compression

real0m16.908s
user0m16.775s
sys 0m0.589s
test random-file compression

real0m24.913s
user0m24.586s
sys 0m0.898s

Note: my cpu is 4-cores 8-threads i7-4790

Vladimir Sementsov-Ogievskiy (3):
  qemu-img: allow compressed not-in-order writes
  qcow2: refactor data compression
  qcow2: add compress threads

 block/qcow2.h |   3 ++
 block/qcow2.c | 134 ++
 qemu-img.c|   5 ---
 3 files changed, 110 insertions(+), 32 deletions(-)

-- 
2.11.1

[Qemu-devel] [PATCH 1/3] qemu-img: allow compressed not-in-order writes

[Vladimir Sementsov-Ogievskiy]

No reason to forbid them, and they are needed to improve performance
with compress-threads in further patches.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 qemu-img.c | 5 -
 1 file changed, 5 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 75f1610aa0..df2657b9cb 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -2122,11 +2122,6 @@ static int img_convert(int argc, char **argv)
 goto fail_getopt;
 }
 
-if (!s.wr_in_order && s.compressed) {
-error_report("Out of order write and compress are mutually exclusive");
-goto fail_getopt;
-}
-
 if (tgt_image_opts && !skip_create) {
 error_report("--target-image-opts requires use of -n flag");
 goto fail_getopt;
-- 
2.11.1

Re: [Qemu-devel] [PATCH] configure: Require Python 2.7 or newer

[John Snow]

On 06/08/2018 10:30 AM, Eduardo Habkost wrote:
> All of the supported build platforms documented in qemu-doc.texi
> should already support Python 2.7.
> 
> Removing support for Python 2.6 will allow us to remove some
> compatibility modules we carry in the QEMU tree:
> 
> * scripts/argparse.py
> * scripts/ordereddict.py
> 
> Python 2.6 is also not receiving bug fixes upstream and is not
> supported by pylint, which makes it harder to keep the code
> compatible with both Python 2 and Python 3.
> 
> Signed-off-by: Eduardo Habkost 
> ---
>  configure | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/configure b/configure
> index 14b11130a7..a8c4094c87 100755
> --- a/configure
> +++ b/configure
> @@ -1651,8 +1651,8 @@ fi
>  
>  # Note that if the Python conditional here evaluates True we will exit
>  # with status 1 which is a shell 'false' value.
> -if ! $python -c 'import sys; sys.exit(sys.version_info < (2,6))'; then
> -  error_exit "Cannot use '$python', Python 2 >= 2.6 or Python 3 is 
> required." \
> +if ! $python -c 'import sys; sys.exit(sys.version_info < (2,7))'; then
> +  error_exit "Cannot use '$python', Python 2 >= 2.7 or Python 3 is 
> required." \
>"Use --python=/path/to/python to specify a supported Python."
>  fi
>  
> 

CHEERS.

Reviewed-by: John Snow 

[Qemu-devel] [RFC v1 2/2] crypto/virtio-crypto: Register an algo only if it's supported

[Farhan Ali]

From: Farhan Ali 

Register a crypto algo with the Linux crypto layer only if
the algorithm is supported by the backend virtio-crypto
device.

Also route crypto requests to a virtio-crypto
device, only if it can support the requested service and
algorithm.

Signed-off-by: Farhan Ali 
---
 drivers/crypto/virtio/virtio_crypto_algs.c   | 110 ++-
 drivers/crypto/virtio/virtio_crypto_common.h |  11 ++-
 drivers/crypto/virtio/virtio_crypto_mgr.c|  81 ++--
 3 files changed, 158 insertions(+), 44 deletions(-)

diff --git a/drivers/crypto/virtio/virtio_crypto_algs.c 
b/drivers/crypto/virtio/virtio_crypto_algs.c
index ba190cf..fef112a 100644
--- a/drivers/crypto/virtio/virtio_crypto_algs.c
+++ b/drivers/crypto/virtio/virtio_crypto_algs.c
@@ -49,12 +49,18 @@ struct virtio_crypto_sym_request {
bool encrypt;
 };
 
+struct virtio_crypto_algo {
+   uint32_t algonum;
+   uint32_t service;
+   unsigned int active_devs;
+   struct crypto_alg algo;
+};
+
 /*
  * The algs_lock protects the below global virtio_crypto_active_devs
  * and crypto algorithms registion.
  */
 static DEFINE_MUTEX(algs_lock);
-static unsigned int virtio_crypto_active_devs;
 static void virtio_crypto_ablkcipher_finalize_req(
struct virtio_crypto_sym_request *vc_sym_req,
struct ablkcipher_request *req,
@@ -312,13 +318,19 @@ static int virtio_crypto_ablkcipher_setkey(struct 
crypto_ablkcipher *tfm,
 unsigned int keylen)
 {
struct virtio_crypto_ablkcipher_ctx *ctx = crypto_ablkcipher_ctx(tfm);
+   uint32_t alg;
int ret;
 
+   ret = virtio_crypto_alg_validate_key(keylen, );
+   if (ret)
+   return ret;
+
if (!ctx->vcrypto) {
/* New key */
int node = virtio_crypto_get_current_node();
struct virtio_crypto *vcrypto =
- virtcrypto_get_dev_node(node);
+ virtcrypto_get_dev_node(node,
+ VIRTIO_CRYPTO_SERVICE_CIPHER, alg);
if (!vcrypto) {
pr_err("virtio_crypto: Could not find a virtio device 
in the system\n");
return -ENODEV;
@@ -571,57 +583,85 @@ static void virtio_crypto_ablkcipher_finalize_req(
virtcrypto_clear_request(_sym_req->base);
 }
 
-static struct crypto_alg virtio_crypto_algs[] = { {
-   .cra_name = "cbc(aes)",
-   .cra_driver_name = "virtio_crypto_aes_cbc",
-   .cra_priority = 150,
-   .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
-   .cra_blocksize = AES_BLOCK_SIZE,
-   .cra_ctxsize  = sizeof(struct virtio_crypto_ablkcipher_ctx),
-   .cra_alignmask = 0,
-   .cra_module = THIS_MODULE,
-   .cra_type = _ablkcipher_type,
-   .cra_init = virtio_crypto_ablkcipher_init,
-   .cra_exit = virtio_crypto_ablkcipher_exit,
-   .cra_u = {
-  .ablkcipher = {
-   .setkey = virtio_crypto_ablkcipher_setkey,
-   .decrypt = virtio_crypto_ablkcipher_decrypt,
-   .encrypt = virtio_crypto_ablkcipher_encrypt,
-   .min_keysize = AES_MIN_KEY_SIZE,
-   .max_keysize = AES_MAX_KEY_SIZE,
-   .ivsize = AES_BLOCK_SIZE,
+static struct virtio_crypto_algo virtio_crypto_algs[] = { {
+   .algonum = VIRTIO_CRYPTO_CIPHER_AES_CBC,
+   .service = VIRTIO_CRYPTO_SERVICE_CIPHER,
+   .algo = {
+   .cra_name = "cbc(aes)",
+   .cra_driver_name = "virtio_crypto_aes_cbc",
+   .cra_priority = 150,
+   .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
+   .cra_blocksize = AES_BLOCK_SIZE,
+   .cra_ctxsize  = sizeof(struct virtio_crypto_ablkcipher_ctx),
+   .cra_alignmask = 0,
+   .cra_module = THIS_MODULE,
+   .cra_type = _ablkcipher_type,
+   .cra_init = virtio_crypto_ablkcipher_init,
+   .cra_exit = virtio_crypto_ablkcipher_exit,
+   .cra_u = {
+   .ablkcipher = {
+   .setkey = virtio_crypto_ablkcipher_setkey,
+   .decrypt = virtio_crypto_ablkcipher_decrypt,
+   .encrypt = virtio_crypto_ablkcipher_encrypt,
+   .min_keysize = AES_MIN_KEY_SIZE,
+   .max_keysize = AES_MAX_KEY_SIZE,
+   .ivsize = AES_BLOCK_SIZE,
+   },
},
},
 } };
 
-int virtio_crypto_algs_register(void)
+int virtio_crypto_algs_register(struct virtio_crypto *vcrypto)
 {
int ret = 0;
+   int i = 0;
 
mutex_lock(_lock);
-   if (++virtio_crypto_active_devs != 1)
-   goto unlock;
 
-   ret = 

[Qemu-devel] [RFC v1 1/2] crypto/virtio-crypto: Read crypto services and algorithm masks

[Farhan Ali]

Read the crypto services and algorithm masks which provides
information about the services and algorithms supported by
virtio-crypto backend.

Signed-off-by: Farhan Ali 
---
 drivers/crypto/virtio/virtio_crypto_common.h | 14 ++
 drivers/crypto/virtio/virtio_crypto_core.c   | 29 
 2 files changed, 43 insertions(+)

diff --git a/drivers/crypto/virtio/virtio_crypto_common.h 
b/drivers/crypto/virtio/virtio_crypto_common.h
index 66501a5..05eca12e 100644
--- a/drivers/crypto/virtio/virtio_crypto_common.h
+++ b/drivers/crypto/virtio/virtio_crypto_common.h
@@ -55,6 +55,20 @@ struct virtio_crypto {
/* Number of queue currently used by the driver */
u32 curr_queue;
 
+   /*
+* Specifies the services mask which the device support,
+* see VIRTIO_CRYPTO_SERVICE_* above
+*/
+   u32 crypto_services;
+
+   /* Detailed algorithms mask */
+   u32 cipher_algo_l;
+   u32 cipher_algo_h;
+   u32 hash_algo;
+   u32 mac_algo_l;
+   u32 mac_algo_h;
+   u32 aead_algo;
+
/* Maximum length of cipher key */
u32 max_cipher_key_len;
/* Maximum length of authenticated key */
diff --git a/drivers/crypto/virtio/virtio_crypto_core.c 
b/drivers/crypto/virtio/virtio_crypto_core.c
index 8332698..8f745f2 100644
--- a/drivers/crypto/virtio/virtio_crypto_core.c
+++ b/drivers/crypto/virtio/virtio_crypto_core.c
@@ -303,6 +303,13 @@ static int virtcrypto_probe(struct virtio_device *vdev)
u32 max_data_queues = 0, max_cipher_key_len = 0;
u32 max_auth_key_len = 0;
u64 max_size = 0;
+   u32 cipher_algo_l = 0;
+   u32 cipher_algo_h = 0;
+   u32 hash_algo = 0;
+   u32 mac_algo_l = 0;
+   u32 mac_algo_h = 0;
+   u32 aead_algo = 0;
+   u32 crypto_services = 0;
 
if (!virtio_has_feature(vdev, VIRTIO_F_VERSION_1))
return -ENODEV;
@@ -339,6 +346,20 @@ static int virtcrypto_probe(struct virtio_device *vdev)
max_auth_key_len, _auth_key_len);
virtio_cread(vdev, struct virtio_crypto_config,
max_size, _size);
+   virtio_cread(vdev, struct virtio_crypto_config,
+   crypto_services, _services);
+   virtio_cread(vdev, struct virtio_crypto_config,
+   cipher_algo_l, _algo_l);
+   virtio_cread(vdev, struct virtio_crypto_config,
+   cipher_algo_h, _algo_h);
+   virtio_cread(vdev, struct virtio_crypto_config,
+   hash_algo, _algo);
+   virtio_cread(vdev, struct virtio_crypto_config,
+   mac_algo_l, _algo_l);
+   virtio_cread(vdev, struct virtio_crypto_config,
+   mac_algo_h, _algo_h);
+   virtio_cread(vdev, struct virtio_crypto_config,
+   aead_algo, _algo);
 
/* Add virtio crypto device to global table */
err = virtcrypto_devmgr_add_dev(vcrypto);
@@ -358,6 +379,14 @@ static int virtcrypto_probe(struct virtio_device *vdev)
vcrypto->max_cipher_key_len = max_cipher_key_len;
vcrypto->max_auth_key_len = max_auth_key_len;
vcrypto->max_size = max_size;
+   vcrypto->crypto_services = crypto_services;
+   vcrypto->cipher_algo_l = cipher_algo_l;
+   vcrypto->cipher_algo_h = cipher_algo_h;
+   vcrypto->mac_algo_l = mac_algo_l;
+   vcrypto->mac_algo_h = mac_algo_h;
+   vcrypto->hash_algo = hash_algo;
+   vcrypto->aead_algo = aead_algo;
+
 
dev_info(>dev,
"max_queues: %u, max_cipher_key_len: %u, max_auth_key_len: %u, 
max_size 0x%llx\n",
-- 
2.7.4

[Qemu-devel] [RFC v1 0/2] Detect & register virtio-crypto algos only if it can be supported by backend

[Farhan Ali]

Hi,

Currently the Linux virtio-crypto driver registers the crypto
algorithm without verifying if the backend actually supports the
algorithm.

This kernel patch series adds support for registering algorithm
with Linux crypto layer, only if the algorithm is supported by
the backend device. This also makes the driver more compliant with
the virtio-crypto spec [1].

I would appreciate any feedback or comments on this.

Thank you
Farhan

Reference
-
[1] Virtio crypto spec proposal 
https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00816.html

Farhan Ali (2):
  crypto/virtio-crypto: Read crypto services and algorithm masks
  crypto/virtio-crypto: Register an algo only if it's supported

 drivers/crypto/virtio/virtio_crypto_algs.c   | 110 ++-
 drivers/crypto/virtio/virtio_crypto_common.h |  25 +-
 drivers/crypto/virtio/virtio_crypto_core.c   |  29 +++
 drivers/crypto/virtio/virtio_crypto_mgr.c|  81 ++--
 4 files changed, 201 insertions(+), 44 deletions(-)

-- 
2.7.4

Re: [Qemu-devel] [PATCH v2 0/2] python: Remove unused compatibility modules

[Philippe Mathieu-Daudé]

On 06/08/2018 02:52 PM, Eduardo Habkost wrote:
> Changes v1 -> v2:
> * Remove references to ordereddict.py from Makefiles
>   (oops)
> 
> Now that we require Python >= 2.7, we don't need
> scripts/argparse.py and scripts/ordereddict.py anymore.
> 
> Eduardo Habkost (2):
>   python: Remove scripts/argparse.py
>   python: Remove scripts/ordereddict.py
> 
>  Makefile   |1 -
>  scripts/argparse.py| 2406 
>  scripts/ordereddict.py |  128 ---
>  scripts/qapi/common.py |5 +-
>  tests/Makefile.include |1 -
>  5 files changed, 1 insertion(+), 2540 deletions(-)
>  delete mode 100644 scripts/argparse.py
>  delete mode 100644 scripts/ordereddict.py
> 
> 
> base-commit: 0d2fa03dae4fbe185a082f361342b1e30aed4582
> prerequisite-patch-id: 85850a32e1cc81a0da74ab17f5529422dad95b84
> prerequisite-patch-id: 7170cef9d18c1a7685e2fee388f91dc41f4904b6
> prerequisite-patch-id: 7c129d8fffe290a3212658590b2d992b0cec41c7
> prerequisite-patch-id: d7a2da6245ab7e7d3425d095ea910ff36564d852
> prerequisite-patch-id: 0873603d721465a489159d648f31d1a067b056fa
> prerequisite-patch-id: 076695a7cdd63726e02855227ce5488c76c11aa9
> prerequisite-patch-id: 7df7c61e87116dd3ac9ad8a74735715e09030c62
> prerequisite-patch-id: 4f454e504a80785079216d79289e737ba092a75c
> prerequisite-patch-id: 5a6b8b611de8324d8a5083e855d5512a66c3680f
> prerequisite-patch-id: 3e5e0849ce3a5149c75e088fd01974d1d5c9c6d5
> prerequisite-patch-id: 6aa4739baafd181e2ae0027903b77a5267e983f7

Series:
Reviewed-by: Philippe Mathieu-Daudé 

[Qemu-devel] [PATCH RESEND] Makefile: Remove qemu-version.h and qemu-options.def during 'make distclean'

[Philippe Mathieu-Daudé]

qemu-version.h and qemu-options.def are generated files
that should be deleted during 'make distclean'.

This solves building issues with out-of-tree builds from
a source tree that has been built in (see d1bd2423a90):

- /qemu-version.h existing in source tree:

/source/qemu/qemu-nbd.c: In function ‘version’:
/source/qemu/qemu-nbd.c:133:6: error: expected ‘)’ before
‘QEMU_FULL_VERSION’
 "%s " QEMU_FULL_VERSION "\n"
  ^~
  )
/source/qemu/qemu-nbd.c:133:3: error: format ‘%s’ expects a matching
‘char *’ argument [-Werror=format=]
 "%s " QEMU_FULL_VERSION "\n"
  ~^
cc1: all warnings being treated as errors

- /qemu-options.def existing in source tree:

/source/qemu/vl.c: In function ‘main’:
/source/qemu/vl.c:3052:18: error: ‘QEMU_OPTION_blockdev’ undeclared
(first use in this function); did you mean ‘QEMU_OPTION_clock’?
 case QEMU_OPTION_blockdev:
  ^~~~
  QEMU_OPTION_clock
/source/qemu/vl.c:3052:18: note: each undeclared identifier is reported
only once for each function it appears in

Signed-off-by: Philippe Mathieu-Daudé 
---
resend: Cc Peter, removed dup line in comment

 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index 023b3437ec..7ae453ffa2 100644
--- a/Makefile
+++ b/Makefile
@@ -757,6 +757,7 @@ qemu-%.tar.bz2:
 distclean: clean
rm -f config-host.mak config-host.h* config-host.ld $(DOCS) 
qemu-options.texi qemu-img-cmds.texi qemu-monitor.texi qemu-monitor-info.texi
rm -f config-all-devices.mak config-all-disas.mak config.status
+   rm -f qemu-version.h qemu-options.def
rm -f po/*.mo tests/qemu-iotests/common.env
rm -f roms/seabios/config.mak roms/vgabios/config.mak
rm -f qemu-doc.info qemu-doc.aux qemu-doc.cp qemu-doc.cps
-- 
2.17.1

[Qemu-devel] [PATCH] Makefile: Remove qemu-version.h and qemu-options.def during 'make distclean'

[Philippe Mathieu-Daudé]

qemu-version.h and qemu-options.def are generated files
that should be deleted during 'make distclean'.

This solves building issues with out-of-tree builds from
a source tree that has been built in (see d1bd2423a90).

This solves:

- /qemu-version.h existing in source tree:

/source/qemu/qemu-nbd.c: In function ‘version’:
/source/qemu/qemu-nbd.c:133:6: error: expected ‘)’ before
‘QEMU_FULL_VERSION’
 "%s " QEMU_FULL_VERSION "\n"
  ^~
  )
/source/qemu/qemu-nbd.c:133:3: error: format ‘%s’ expects a matching
‘char *’ argument [-Werror=format=]
 "%s " QEMU_FULL_VERSION "\n"
  ~^
cc1: all warnings being treated as errors

- /qemu-options.def existing in source tree:

/source/qemu/vl.c: In function ‘main’:
/source/qemu/vl.c:3052:18: error: ‘QEMU_OPTION_blockdev’ undeclared
(first use in this function); did you mean ‘QEMU_OPTION_clock’?
 case QEMU_OPTION_blockdev:
  ^~~~
  QEMU_OPTION_clock
/source/qemu/vl.c:3052:18: note: each undeclared identifier is reported
only once for each function it appears in

Signed-off-by: Philippe Mathieu-Daudé 
---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index 023b3437ec..7ae453ffa2 100644
--- a/Makefile
+++ b/Makefile
@@ -757,6 +757,7 @@ qemu-%.tar.bz2:
 distclean: clean
rm -f config-host.mak config-host.h* config-host.ld $(DOCS) 
qemu-options.texi qemu-img-cmds.texi qemu-monitor.texi qemu-monitor-info.texi
rm -f config-all-devices.mak config-all-disas.mak config.status
+   rm -f qemu-version.h qemu-options.def
rm -f po/*.mo tests/qemu-iotests/common.env
rm -f roms/seabios/config.mak roms/vgabios/config.mak
rm -f qemu-doc.info qemu-doc.aux qemu-doc.cp qemu-doc.cps
-- 
2.17.1

Re: [Qemu-devel] [PULL 00/31] acpi, vhost, misc: fixes, features

[Philippe Mathieu-Daudé]

On 06/08/2018 02:52 PM, Philippe Mathieu-Daudé wrote:
> On 06/04/2018 07:28 AM, Peter Maydell wrote:
>> On 1 June 2018 at 17:26, Michael S. Tsirkin  wrote:
>>> The following changes since commit 63b88968f139b6a77f2f81e6f1eedf70c0170a85:
>>>
>>>   intel-iommu: rework the page walk logic (2018-05-23 17:34:05 +0300)
>>>
>>> are available in the Git repository at:
>>>
>>>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>>>
>>> for you to fetch changes up to 25b1d45a1975fd8624c37b5bf42e8502ccf53460:
>>>
>>>   vhost-blk: turn on pre-defined RO feature bit (2018-06-01 19:20:38 +0300)
>>>
>>> 
>>> acpi, vhost, misc: fixes, features
>>>
>>> vDPA support, fix to vhost blk RO bit handling, some include path
>>> cleanups, NFIT ACPI table.
>>>
>>> Signed-off-by: Michael S. Tsirkin 
>>>
>>> 
>>
>> Applied, thanks.
> 
> Not sure this is a problem, but something experienced after rebasing:
> 
> 
> #1
> 
> /source/qemu/qemu-nbd.c: In function ‘version’:
> /source/qemu/qemu-nbd.c:133:6: error: expected ‘)’ before
> ‘QEMU_FULL_VERSION’
>  "%s " QEMU_FULL_VERSION "\n"
>   ^~
>   )
> /source/qemu/qemu-nbd.c:133:3: error: format ‘%s’ expects a matching
> ‘char *’ argument [-Werror=format=]
>  "%s " QEMU_FULL_VERSION "\n"
>   ~^
> cc1: all warnings being treated as errors
> 
> It took me a while to figure this out, probably because today is Friday.
> 
> $ git status --ignored show me I had a "qemu-version.h" generated long
> time ago in the source directory.
> 
> - I only do out-of-tree builds.
> 
> - sometimes I run "make help/docker/vm-test" and friends in the source
> directory, and my 'make' is aliased as 'make -jN'.
> I doubt those make calls generate this file, as ./configure generates
> it, so I probably messed with a ./configure in source dir.
> 
> Now, building out-of-tree dirs was finding the old /qemu-version.h
> before the generated one in current dir.
> 
> I was not noticing it due to the /qemu-version.h entry in /.gitignore .
> 
> 
> #2
> 
>   CC  vl.o
> /source/qemu/vl.c: In function ‘main’:
> /source/qemu/vl.c:3052:18: error: ‘QEMU_OPTION_blockdev’ undeclared
> (first use in this function); did you mean ‘QEMU_OPTION_clock’?
>  case QEMU_OPTION_blockdev:
>   ^~~~
>   QEMU_OPTION_clock
> /source/qemu/vl.c:3052:18: note: each undeclared identifier is reported
> only once for each function it appears in
> /source/qemu/vl.c:3171:18: error: ‘QEMU_OPTION_nic’ undeclared (first
> use in this function); did you mean ‘QEMU_OPTION_rtc’?
>  case QEMU_OPTION_nic:
>   ^~~
>   QEMU_OPTION_rtc
> /source/qemu/vl.c:3574:18: error: ‘QEMU_OPTION_preconfig’ undeclared
> (first use in this function); did you mean ‘QEMU_OPTION_writeconfig’?
>  case QEMU_OPTION_preconfig:
>   ^
>   QEMU_OPTION_writeconfig
> 
> This is the same story, but with /qemu-options.def (also in .gitignore).
> 
> 
> So 'rm ${srcdir}/qemu-version.h ${srcdir}/qemu-options.def' fixed my
> problems.
> 
> Should we add a check for this kind of mistakes when running out-of-tree
> builds? I'll try something.

Oops, doesn't seem related to this merge...

Re: [Qemu-devel] [qemu PATCH 2/5] acpi: "make check" should fail on asl mismatch

[Michael S. Tsirkin]

On Fri, Jun 08, 2018 at 07:23:06PM +0200, Thomas Huth wrote:
> On 08.06.2018 18:24, Michael S. Tsirkin wrote:
> > On Fri, Jun 08, 2018 at 05:16:30PM +0100, Peter Maydell wrote:
> >> On 8 June 2018 at 17:03, Michael S. Tsirkin  wrote:
> >>> Pull requests are somewhat different, they are usually tested for lack
> >>> of warnings. This change didn't arrive as a result of a pull request
> >>> maybe that's why it slipped through the cracks. Peter?
> >>>
> >>> Maybe we need a "pedantic" flag to fail on any warnings, or just catch
> >>> output to stderr.
> >>
> >> If there's a situation that shouldn't exist in the tree (ie
> >> a bug), then make check should catch it, and result in a
> >> failure, not just printing random stuff to stderr. Otherwise
> >> I'm not going to notice it, whether I'm applying a pull request
> >> or an individual patch.
> >>
> >> thanks
> >> -- PMM
> > 
> > It's ok if it happens, but it just makes debugging and reviewing
> > ACPI patches a little bit harder until it's fixed.
> 
> It's maybe ok for *you*, but this certainly confuses everybody else. If
> I want to check my patches and suddenly some strange warnings are
> popping up, I first assume that there is something wrong in my patches
> (since I assume that the git repository is clean by default). So I've
> got to waste my time debugging issues that are not my own. Thanks for
> that :-/
> 
>  Thomas

Right so normally these do not pop out at all as I fix expected
with a patch on top.

-- 
MST

Re: [Qemu-devel] [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC CPU

[Moger, Babu]

Hi Eduardo, 
Sorry for the late response. Got pulled into something else.

> -Original Message-
> From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> Sent: Wednesday, June 6, 2018 5:40 PM
> To: Moger, Babu 
> Cc: m...@redhat.com; marcel.apfelb...@gmail.com; pbonz...@redhat.com;
> r...@twiddle.net; mtosa...@redhat.com; qemu-devel@nongnu.org;
> k...@vger.kernel.org; k...@tripleback.net; ge...@hostfission.com
> Subject: Re: [PATCH v12 3/4] i386: Enable TOPOEXT feature on AMD EPYC
> CPU
> 
> On Wed, Jun 06, 2018 at 10:36:45AM -0400, Babu Moger wrote:
> > Enable TOPOEXT feature on EPYC CPU. This is required to support
> > hyperthreading on VM guests. Also extend xlevel to 0x801E.
> >
> > Disable TOPOEXT feature for legacy machines.
> >
> > Signed-off-by: Babu Moger 
> 
> Now, I just noticed we have a problem here:
> 
> "-machine pc -cpu EPYC -smp 64" works today
> 
> This patch makes it stop working, but it shouldn't.

No. It works fine. I have tested it.

> 
> On the other hand, I believe you expect:
> * "-machine pc -cpu EPYC -smp 8" to automatically enable topoext.
Yes. Only on new machines-types
> * "-machine pc -cpu Opteron_G1 -smp 8" to not enable topoext.
Yes.
> * What about "-machine -cpu Opteron_G1 -smp 8,threads=2"?
No. This should not enable topoext.  Topoext is not supported by Opteron_G1.
This should warn about hyperthreading and continue.
> 
> 
> We also have other requirements, I will try to enumerate all of
> them below:
> 
> 0) "-topoext" explicitly configured (any machine-type):
> * Must never enable topoext.
Yes.
> 
> 1) "+topoext" explicitly configured (any machine-type):
> * Must validate topology and refuse to start if unsupported.

Yes.

> 
> 2) Older machine-types:
> * Must never enable topoext automatically, even if using "EPYC"
>   or "threads=2"
> 
Yes.

> 3) "EPYC" CPU model (on new machine-types):
> * Should enable topoext automatically, but only if topology is
>   supported.
> * Must not error out if topology is not supported.
In new machine types we will enable topoext for "EPYC" CPU model.
Right now(old machine type) we can disable for all the CPU models. 
So, we don't need two bits(topoext and auto-topoext)

I thought we should error out if topology cannot be supported. But we can 
warn(disable topoext) and continue that is another option.

> * Should this enable topoext automatically even if threads=1?

Yes. We should enable even with threads=1.

> 
> 4) Other AMD CPU models with "threads=2" (on new machine-types):
> * We might want to make this enable topoext automatically, too.
>   What do you think?

  No. We should not enable topoext here. We should depend on CPU model table 
here.

> 
> Is the above description accurate?  Do you agree with these
> requirements?

With these requirements in mind, I will send that patches. We can start our 
discussion.
We don't need one more bits. That is my opinion. 


> 
> We're trying to use the "topoext" property to cover all cases
> above, but it looks like we need at least 2 bits to represent all
> possible cases.
> 
> 
> Maybe we can represent the cases above with two properties:
> "topoext" and "auto-topoext".  Then each case would be
> represented by:
> 
> 0) "-topoext" explicitly configured (any machine-type):
> * Will clear TOPOEXT on env->features and set TOPOEXT on
>   env->user_features
>   (already done today)
> 
> 1) "+topoext" explicitly configured (any machine-type):
> * Will set TOPOEXT on both env->user_features and env->features
>   (already done today)
> 
> 2) Older machine-types:
> * Will set auto-topoext=off (can be done on compat_props)
> * Will set topoext=off on EPYC CPU model (so TOPOEXT won't be set
>   by default on env->features) (can be done on compat_props)
> 
> 3) "EPYC" CPU model (on new machine-types):
> * Will set auto-topoext=on (can be the default for all CPU
>   models)
> * Will set TOPOEXT on env->features) (can be done on CPU model table)
> 
> 4) Other AMD CPU models with "threads=2" (on new machine-types):
> * Will set auto-topoext=on (can be the default on all CPU models)
> * Will keep TOPOEXT disabled on env->features (done on the CPU
>   model table)
> 
> 
> Then the rules would be:
> 
>   if {auto_topoext && TOPOEXT not in env->user_features) {
>   if (supported_topology) {
>   if (threads > 1)
>   set TOPOEXT in env->features
>   } else
>   unset TOPOEXT in env->features
>   }
> 
>   if (TOPOEXT in env->features && !supported_topology)
>   error;
>   }
> 
> I think this would fulfill all the requirements above.  Please
> help me confirm that.
> 
> --
> Eduardo

Re: [Qemu-devel] [PATCH v3 1/1] migration: calculate expected_downtime with ram_bytes_remaining()

[Laurent Vivier]

Hi,

I had time to investigate more on this problem.

On 16/05/2018 15:43, Laurent Vivier wrote:
> Hi Bala,
> 
> I've tested you patch migrating a pseries between a P9 host and a P8
> host with 1G huge page size on the P9 side and 16MB on P8 side and the
> information are strange now.
> 
> "remaining ram" doesn't change, and after a while it can be set to "0"
> and estimated downtime is 0 too, but the migration is not completed and
> "transferred ram" continues to increase.
> 
> so think there is a problem somewhere...
> 
> thanks,
> Laurent
> 
> On 01/05/2018 16:37, Balamuruhan S wrote:
>> Hi,
>>
>> Dave, David and Juan if you guys are okay with the patch, please
>> help to merge it.
>>
>> Thanks,
>> Bala
>>
>> On Wed, Apr 25, 2018 at 12:40:40PM +0530, Balamuruhan S wrote:
>>> expected_downtime value is not accurate with dirty_pages_rate * page_size,
>>> using ram_bytes_remaining would yeild it correct. It will initially be a
>>> gross over-estimate, but for for non-converging migrations it should
>>> approach a reasonable estimate later on.
>>>
>>> currently bandwidth and expected_downtime value are calculated in
>>> migration_update_counters() during each iteration from
>>> migration_thread(), where as remaining ram is calculated in
>>> qmp_query_migrate() when we actually call "info migrate". Due to this
>>> there is some difference in expected_downtime value being calculated.
>>>
>>> with this patch bandwidth, expected_downtime and remaining ram are
>>> calculated in migration_update_counters(), retrieve the same value during
>>> "info migrate". By this approach we get almost close enough value.
>>>
>>> Reported-by: Michael Roth 
>>> Signed-off-by: Balamuruhan S 
>>> ---
>>>  migration/migration.c | 11 ---
>>>  migration/migration.h |  1 +
>>>  2 files changed, 9 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/migration/migration.c b/migration/migration.c
>>> index 52a5092add..5d721ee481 100644
>>> --- a/migration/migration.c
>>> +++ b/migration/migration.c
>>> @@ -614,7 +614,7 @@ static void populate_ram_info(MigrationInfo *info, 
>>> MigrationState *s)
>>>  }
>>>
>>>  if (s->state != MIGRATION_STATUS_COMPLETED) {
>>> -info->ram->remaining = ram_bytes_remaining();
>>> +info->ram->remaining = s->ram_bytes_remaining;

Don't remove the ram_byte_remaining(), it is updated more often, and
give a better information about the state of memory.
(this why in my test case I have a "remaining" ram" freezed)

>>>  info->ram->dirty_pages_rate = ram_counters.dirty_pages_rate;
>>>  }
>>>  }
>>> @@ -2227,6 +2227,7 @@ static void migration_update_counters(MigrationState 
>>> *s,
>>>  transferred = qemu_ftell(s->to_dst_file) - s->iteration_initial_bytes;
>>>  time_spent = current_time - s->iteration_start_time;
>>>  bandwidth = (double)transferred / time_spent;
>>> +s->ram_bytes_remaining = ram_bytes_remaining();
>>>  s->threshold_size = bandwidth * s->parameters.downtime_limit;

To have an accurate value, we must read the remaining ram just after
having updated the dirty pages count, so I think after
migration_bitmap_sync_range() in migration_bitmap_sync()

>>>
>>>  s->mbps = (((double) transferred * 8.0) /
>>> @@ -2237,8 +2238,12 @@ static void migration_update_counters(MigrationState 
>>> *s,
>>>   * recalculate. 1 is a small enough number for our purposes
>>>   */
>>>  if (ram_counters.dirty_pages_rate && transferred > 1) {
>>> -s->expected_downtime = ram_counters.dirty_pages_rate *
>>> -qemu_target_page_size() / bandwidth;
>>> +/*
>>> + * It will initially be a gross over-estimate, but for for
>>> + * non-converging migrations it should approach a reasonable 
>>> estimate
>>> + * later on
>>> + */
>>> +s->expected_downtime = s->ram_bytes_remaining / bandwidth;
>>>  }
>>>
>>>  qemu_file_reset_rate_limit(s->to_dst_file);
>>> diff --git a/migration/migration.h b/migration/migration.h
>>> index 8d2f320c48..8584f8e22e 100644
>>> --- a/migration/migration.h
>>> +++ b/migration/migration.h
>>> @@ -128,6 +128,7 @@ struct MigrationState
>>>  int64_t downtime_start;
>>>  int64_t downtime;
>>>  int64_t expected_downtime;
>>> +int64_t ram_bytes_remaining;
>>>  bool enabled_capabilities[MIGRATION_CAPABILITY__MAX];
>>>  int64_t setup_time;
>>>  /*
>>> -- 
I think you don't need to add ram_byte_remaining, there is in
ram_counters a "remaining" field that seems unused.

I think this fix can be as simple as:

diff --git a/migration/migration.c b/migration/migration.c
index 1e99ec9..25b26f3 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -2712,14 +2712,7 @@ static void
migration_update_counters(MigrationState *s,
 s->mbps = (((double) transferred * 8.0) /
((double) time_spent / 1000.0)) / 1000.0 / 1000.0;

-/*
- * if we haven't sent anything, we don't want to
- * recalculate. 1 is a 

Re: [Qemu-devel] [PATCH v12 1/4] i386: Add support for CPUID_8000_001E for AMD

[Moger, Babu]

> -Original Message-
> From: Eduardo Habkost [mailto:ehabk...@redhat.com]
> Sent: Wednesday, June 6, 2018 4:26 PM
> To: Moger, Babu 
> Cc: m...@redhat.com; marcel.apfelb...@gmail.com; pbonz...@redhat.com;
> r...@twiddle.net; mtosa...@redhat.com; qemu-devel@nongnu.org;
> k...@vger.kernel.org; k...@tripleback.net; ge...@hostfission.com
> Subject: Re: [PATCH v12 1/4] i386: Add support for CPUID_8000_001E for
> AMD
> 
> On Wed, Jun 06, 2018 at 10:36:43AM -0400, Babu Moger wrote:
> [...]
> > +/*
> > + * CPUID_Fn801E_EBX
> > + * 31:16 Reserved
> > + * 15:8  Threads per core (The number of threads per core is
> > + *   Threads per core + 1)
> > + *  7:0  Core id (see bit decoding below)
> > + *   SMT:
> > + *   4:3 node id
> > + * 2 Core complex id
> > + *   1:0 Core id
> > + *   Non SMT:
> > + *   5:4 node id
> > + * 3 Core complex id
> > + *   1:0 Core id
> > + */
> 
> Where are those bit offsets documented?  AMD Family 17h PPR just
> says "7:0 Core ID".

Yes. That is right. AMD Family 17h PPR does not list all the details for 
core_id.
We are working with our document writer's to make those details public.
Thanks for pointing that out.
> 
> --
> Eduardo

Re: [Qemu-devel] [RFC PATCH v2] qmp.py: Fix exception parsing partial JSON

[Eduardo Habkost]

On Fri, Jun 08, 2018 at 07:57:55PM +0200, Lukáš Doktor wrote:
> Hello guys,
> 
> Dne 7.6.2018 v 01:06 Philippe Mathieu-Daudé napsal(a):
> > On 06/06/2018 05:05 PM, Eduardo Habkost wrote:
> >> On Wed, Jun 06, 2018 at 04:27:31PM -0300, Philippe Mathieu-Daudé wrote:
> >>> The readline() call returns partial data.
> >>
> >> How can this be reproduced?  Despite not being forbidden by the
> >> QMP specification, QEMU normally doesn't break QMP replies in
> >> multiple lines, and readline() is not supposed to return a
> >> partial line unless it encounters EOF.
> > 
> > $ git rev-parse HEAD
> > c1c2a435905ae76b159c573b0c0d6f095b45ebc6
> > 
> > config copy/pasted from:
> > https://wiki.qemu.org/index.php/Documentation/QMP#Trying_it
> > (now looking at it, it seems I'm mixing configs...)
> > 
> > $ cat qmp.conf
> > [chardev "qmp"]
> >   backend = "socket"
> >   path = "/tmp/qmp.sock"
> >   server = "on"
> >   wait = "off"
> > [mon "qmp"]
> >   mode = "control"
> >   chardev = "qmp"
> >   pretty = "on"
> > 
> 
> nice, pretty printing..., didn't expected that.

Oh, so *that*'s the root cause.  Thanks, I stared at this
configuration for a while and I couldn't see what could cause
extra newlines to appear in the output.  :)

[...]
> >>> I'm sure there is a nicer/more pythonic way to do this, but this works 
> >>> for me,
> >>> sorry :)
> >>
> >> It looks like there's no elegant solution for this:
> >> https://stackoverflow.com/a/21709058
> >>
> 
> Yep, that looks nicer, but even the original solution should
> not be that bad as it should be rarely used. What troubles me
> more is the possible infinite loop. Would you mind adding a
> timeout?

We already have a socket timeout, so I assume this is alrady
covered?

-- 
Eduardo

Re: [Qemu-devel] [PULL 52/53] char: Remove unwanted crlf conversion

[Philippe Mathieu-Daudé]

On 06/08/2018 02:39 PM, Greg Kurz wrote:
> On Thu, 31 May 2018 19:16:05 +0200
> Paolo Bonzini  wrote:
> 
>> From: Patryk Olszewski 
>>
>> This patch fixes a bug in serial that made it almost impossible for guest
>> to communicate with devices through host's serial.
>>
>> OPOST flag in c_oflag enables output processing letting other flags in
>> c_oflag take effect. Usually in c_oflag ONLCR flag is also set, which
>> causes crlf to be sent in place of lf. This breaks binary transmissions.
>> Unsetting OPOST flag turns off any output processing which fixes the bug.
>>
> 
> But it damages error reporting...
> 
> Without this patch:
> 
> $ qemu-system-ppc64 -serial stdio -kernel foo
> foo: No such file or directory
> qemu-system-ppc64: error loading foo: Failed to load ELF
> $
> 
> With this patch:
> 
> $ .mbuild-ppc-for-3.0/obj/ppc64-softmmu/qemu-system-ppc64 -serial stdio 
> -kernel foo
> foo: No such file or directory
>   qemu-system-ppc64: error loading foo: Failed to 
> load ELF
>   
> $
> 
> It is possible to patch vreport() to append an explicit CR:
> 
>  error_vprintf(fmt, ap);
> -error_printf("\n");
> +error_printf("\n\r");
>  }
> 
> but it only fixes the trailing newline of error_report(). Any other newline,
> eg when using error_append_hint(), will lack the CR... Not sure how to fix
> this :-\

Peter just pushed the fix (ed6b018ef7):

http://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg02152.html

> 
>> Bug reports related:
>> https://bugs.launchpad.net/qemu/+bug/1772086
>> https://bugs.launchpad.net/qemu/+bug/1407813
>> https://bugs.launchpad.net/qemu/+bug/1715296
>> also
>> https://lists.nongnu.org/archive/html/qemu-devel/2006-06/msg00196.html
>>
>> Signed-off-by: Patryk Olszewski 
>> Message-Id: <1527105041-21013-1-git-send-email-pat...@fala.ehost.pl>
>> Reviewed-by: Markus Armbruster 
>> Reviewed-by: Thomas Huth 
>> Signed-off-by: Paolo Bonzini 
>> ---
>>  chardev/char-serial.c | 2 +-
>>  chardev/char-stdio.c  | 2 +-
>>  2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/chardev/char-serial.c b/chardev/char-serial.c
>> index feb52e559d..ae548d28da 100644
>> --- a/chardev/char-serial.c
>> +++ b/chardev/char-serial.c
>> @@ -139,7 +139,7 @@ static void tty_serial_init(int fd, int speed,
>>  
>>  tty.c_iflag &= ~(IGNBRK | BRKINT | PARMRK | ISTRIP
>>   | INLCR | IGNCR | ICRNL | IXON);
>> -tty.c_oflag |= OPOST;
>> +tty.c_oflag &= ~OPOST;
>>  tty.c_lflag &= ~(ECHO | ECHONL | ICANON | IEXTEN | ISIG);
>>  tty.c_cflag &= ~(CSIZE | PARENB | PARODD | CRTSCTS | CSTOPB);
>>  switch (data_bits) {
>> diff --git a/chardev/char-stdio.c b/chardev/char-stdio.c
>> index 96375f2ab8..d83e60e787 100644
>> --- a/chardev/char-stdio.c
>> +++ b/chardev/char-stdio.c
>> @@ -59,7 +59,7 @@ static void qemu_chr_set_echo_stdio(Chardev *chr, bool 
>> echo)
>>  if (!echo) {
>>  tty.c_iflag &= ~(IGNBRK | BRKINT | PARMRK | ISTRIP
>>   | INLCR | IGNCR | ICRNL | IXON);
>> -tty.c_oflag |= OPOST;
>> +tty.c_oflag &= ~OPOST;
>>  tty.c_lflag &= ~(ECHO | ECHONL | ICANON | IEXTEN);
>>  tty.c_cflag &= ~(CSIZE | PARENB);
>>  tty.c_cflag |= CS8;
> 

Re: [Qemu-devel] [qemu PATCH 4/5] machine: fix some misspelled words

[Eric Blake]

On 06/08/2018 12:41 PM, Ross Zwisler wrote:


-"Set on/off to enable/disable igd passthrou", _abort);
+"Set on/off to enable/disable igd passthru", _abort);


Shouldn't that rather be "passthrough" instead?


Either works, I think.  "thru" and "passthru" are short informal versions of
"through" and "passthrough", but both the long and short versions of both
words are used all over the QEMU source.  "passthrou" is clearly wrong.  If
the longer version is preferred in this case please feel free to fix up when
you apply.


"passthru" is fine as an abbreviation in source code (and gcc 
understands it).  But in English text presented to the end user, as is 
the case here, you should use the correct spelling "passthrough", and 
not an abbreviation.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [PATCH v2 0/2] python: Remove unused compatibility modules

[Eduardo Habkost]

Changes v1 -> v2:
* Remove references to ordereddict.py from Makefiles
  (oops)

Now that we require Python >= 2.7, we don't need
scripts/argparse.py and scripts/ordereddict.py anymore.

Eduardo Habkost (2):
  python: Remove scripts/argparse.py
  python: Remove scripts/ordereddict.py

 Makefile   |1 -
 scripts/argparse.py| 2406 
 scripts/ordereddict.py |  128 ---
 scripts/qapi/common.py |5 +-
 tests/Makefile.include |1 -
 5 files changed, 1 insertion(+), 2540 deletions(-)
 delete mode 100644 scripts/argparse.py
 delete mode 100644 scripts/ordereddict.py


base-commit: 0d2fa03dae4fbe185a082f361342b1e30aed4582
prerequisite-patch-id: 85850a32e1cc81a0da74ab17f5529422dad95b84
prerequisite-patch-id: 7170cef9d18c1a7685e2fee388f91dc41f4904b6
prerequisite-patch-id: 7c129d8fffe290a3212658590b2d992b0cec41c7
prerequisite-patch-id: d7a2da6245ab7e7d3425d095ea910ff36564d852
prerequisite-patch-id: 0873603d721465a489159d648f31d1a067b056fa
prerequisite-patch-id: 076695a7cdd63726e02855227ce5488c76c11aa9
prerequisite-patch-id: 7df7c61e87116dd3ac9ad8a74735715e09030c62
prerequisite-patch-id: 4f454e504a80785079216d79289e737ba092a75c
prerequisite-patch-id: 5a6b8b611de8324d8a5083e855d5512a66c3680f
prerequisite-patch-id: 3e5e0849ce3a5149c75e088fd01974d1d5c9c6d5
prerequisite-patch-id: 6aa4739baafd181e2ae0027903b77a5267e983f7
-- 
2.18.0.rc1.1.g3f1ff2140

Re: [Qemu-devel] [RFC PATCH v2] qmp.py: Fix exception parsing partial JSON

[Lukáš Doktor]

Hello guys,

Dne 7.6.2018 v 01:06 Philippe Mathieu-Daudé napsal(a):
> On 06/06/2018 05:05 PM, Eduardo Habkost wrote:
>> On Wed, Jun 06, 2018 at 04:27:31PM -0300, Philippe Mathieu-Daudé wrote:
>>> The readline() call returns partial data.
>>
>> How can this be reproduced?  Despite not being forbidden by the
>> QMP specification, QEMU normally doesn't break QMP replies in
>> multiple lines, and readline() is not supposed to return a
>> partial line unless it encounters EOF.
> 
> $ git rev-parse HEAD
> c1c2a435905ae76b159c573b0c0d6f095b45ebc6
> 
> config copy/pasted from:
> https://wiki.qemu.org/index.php/Documentation/QMP#Trying_it
> (now looking at it, it seems I'm mixing configs...)
> 
> $ cat qmp.conf
> [chardev "qmp"]
>   backend = "socket"
>   path = "/tmp/qmp.sock"
>   server = "on"
>   wait = "off"
> [mon "qmp"]
>   mode = "control"
>   chardev = "qmp"
>   pretty = "on"
> 

nice, pretty printing..., didn't expected that.

> $ arm-softmmu/qemu-system-arm -M lm3s6965evb -kernel /dev/zero \
>  -readconfig qmp.conf -S
> 
>>
>>
>>> Keep appending until the JSON buffer is complete.
>>>
>>> This fixes:
>>>
>>> $ scripts/qmp/qmp-shell -v -p /tmp/qmp.sock
>>> Traceback (most recent call last):
>>>   File "scripts/qmp/qmp-shell", line 456, in 
>>> main()
>>>   File "scripts/qmp/qmp-shell", line 441, in main
>>> qemu.connect(negotiate)
>>>   File "scripts/qmp/qmp-shell", line 284, in connect
>>> self._greeting = super(QMPShell, self).connect(negotiate)
>>>   File "scripts/qmp/qmp.py", line 143, in connect
>>> return self.__negotiate_capabilities()
>>>   File "scripts/qmp/qmp.py", line 71, in __negotiate_capabilities
>>> greeting = self.__json_read()
>>>   File "scripts/qmp/qmp.py", line 85, in __json_read
>>> resp = json.loads(data)
>>>   File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
>>> return _default_decoder.decode(s)
>>>   File "/usr/lib/python2.7/json/decoder.py", line 364, in decode
>>> obj, end = self.raw_decode(s, idx=_w(s, 0).end())
>>>   File "/usr/lib/python2.7/json/decoder.py", line 380, in raw_decode
>>> obj, end = self.scan_once(s, idx)
>>> ValueError: Expecting object: line 1 column 3 (char 2)
>>>
>>> Signed-off-by: Philippe Mathieu-Daudé 
>>> ---
>>> Since v1:
>>> - addressed Daniel review: clean data after json.loads() succeeds
>>> - add a XXX comment
>>>
>>> Daniel suggested this is due to blocking i/o.
>>>
>>> I'm sure there is a nicer/more pythonic way to do this, but this works for 
>>> me,
>>> sorry :)
>>
>> It looks like there's no elegant solution for this:
>> https://stackoverflow.com/a/21709058
>>

Yep, that looks nicer, but even the original solution should not be that bad as 
it should be rarely used. What troubles me more is the possible infinite loop. 
Would you mind adding a timeout?

Lukáš

>>>
>>>  scripts/qmp/qmp.py | 13 ++---
>>>  1 file changed, 10 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/scripts/qmp/qmp.py b/scripts/qmp/qmp.py
>>> index 5c8cf6a056..14f0b48936 100644
>>> --- a/scripts/qmp/qmp.py
>>> +++ b/scripts/qmp/qmp.py
>>> @@ -78,11 +78,18 @@ class QEMUMonitorProtocol(object):
>>>  raise QMPCapabilitiesError
>>>  
>>>  def __json_read(self, only_event=False):
>>> +data = ""
>>>  while True:
>>> -data = self.__sockfile.readline()
>>> -if not data:
>>> +tmp = self.__sockfile.readline()
>>> +if not tmp:
>>>  return
>>> -resp = json.loads(data)
>>> +data += tmp
>>> +try:
>>> +resp = json.loads(data)
>>> +except ValueError:
>>> +# XXX: blindly loop, even if QEMU ever sends malformed data
>>> +continue
 I was going to suggest using json.JSONDecoder.raw_decode() and
>> saving the remaining data in case we already read partial data
>> for a second JSON message.
>>
>> But the QMP specification says all messages are terminated with
>> CRLF, so we we should never see the data for two different
>> messages in a single readline() call.  Noting this in a comment
>> wouldn't hurt, though.
>>
>> The patch seems reasonable, but first I would like to understand
>> how this bug can be triggered.
>>
>>> +data = ""
>>>  if 'event' in resp:
>>>  self.logger.debug("<<< %s", resp)
>>>  self.__events.append(resp)
>>> -- 
>>> 2.17.1
>>>
>>




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v1.1 0/9] target/m68k: Convert to TranslatorOps

[Laurent Vivier]

Le 08/06/2018 à 19:48, Richard Henderson a écrit :
> On 06/07/2018 10:25 AM, Laurent Vivier wrote:
>> do you want I take this through my m68k tree or do you take this in a
>> TCG pull requests?
> 
> Would you take it through your m68k tree please?

OK, I take.

Thanks,
Laurent

[Qemu-devel] [PATCH v2 1/2] python: Remove scripts/argparse.py

[Eduardo Habkost]

Python 2.7 (the minimum Python version we require) already
provides the argparse module on the standard library.

Signed-off-by: Eduardo Habkost 
---
 scripts/argparse.py | 2406 ---
 1 file changed, 2406 deletions(-)
 delete mode 100644 scripts/argparse.py

diff --git a/scripts/argparse.py b/scripts/argparse.py
deleted file mode 100644
index 27d1f28935..00
--- a/scripts/argparse.py
+++ /dev/null
@@ -1,2406 +0,0 @@
-# This is a local copy of the standard library argparse module taken from PyPI.
-# It is licensed under the Python Software Foundation License.  This is a
-# fallback for Python 2.6 which does not include this module.  Python 2.7+ and
-# 3+ will never load this module because built-in modules are loaded before
-# anything in sys.path.
-#
-# If your script is not located in the same directory as this file, import it
-# like this:
-#
-#   import os
-#   import sys
-#   sys.path.append(os.path.join(os.path.dirname(__file__), ..., 'scripts'))
-#   import argparse
-
-# Author: Steven J. Bethard .
-# Maintainer: Thomas Waldmann 
-
-"""Command-line parsing library
-
-This module is an optparse-inspired command-line parsing library that:
-
-- handles both optional and positional arguments
-- produces highly informative usage messages
-- supports parsers that dispatch to sub-parsers
-
-The following is a simple usage example that sums integers from the
-command-line and writes the result to a file::
-
-parser = argparse.ArgumentParser(
-description='sum the integers at the command line')
-parser.add_argument(
-'integers', metavar='int', nargs='+', type=int,
-help='an integer to be summed')
-parser.add_argument(
-'--log', default=sys.stdout, type=argparse.FileType('w'),
-help='the file where the sum should be written')
-args = parser.parse_args()
-args.log.write('%s' % sum(args.integers))
-args.log.close()
-
-The module contains the following public classes:
-
-- ArgumentParser -- The main entry point for command-line parsing. As the
-example above shows, the add_argument() method is used to populate
-the parser with actions for optional and positional arguments. Then
-the parse_args() method is invoked to convert the args at the
-command-line into an object with attributes.
-
-- ArgumentError -- The exception raised by ArgumentParser objects when
-there are errors with the parser's actions. Errors raised while
-parsing the command-line are caught by ArgumentParser and emitted
-as command-line messages.
-
-- FileType -- A factory for defining types of files to be created. As the
-example above shows, instances of FileType are typically passed as
-the type= argument of add_argument() calls.
-
-- Action -- The base class for parser actions. Typically actions are
-selected by passing strings like 'store_true' or 'append_const' to
-the action= argument of add_argument(). However, for greater
-customization of ArgumentParser actions, subclasses of Action may
-be defined and passed as the action= argument.
-
-- HelpFormatter, RawDescriptionHelpFormatter, RawTextHelpFormatter,
-ArgumentDefaultsHelpFormatter -- Formatter classes which
-may be passed as the formatter_class= argument to the
-ArgumentParser constructor. HelpFormatter is the default,
-RawDescriptionHelpFormatter and RawTextHelpFormatter tell the parser
-not to change the formatting for help text, and
-ArgumentDefaultsHelpFormatter adds information about argument defaults
-to the help.
-
-All other classes in this module are considered implementation details.
-(Also note that HelpFormatter and RawDescriptionHelpFormatter are only
-considered public as object names -- the API of the formatter objects is
-still considered an implementation detail.)
-"""
-
-__version__ = '1.4.0'  # we use our own version number independent of the
-   # one in stdlib and we release this on pypi.
-
-__external_lib__ = True  # to make sure the tests really test THIS lib,
- # not the builtin one in Python stdlib
-
-__all__ = [
-'ArgumentParser',
-'ArgumentError',
-'ArgumentTypeError',
-'FileType',
-'HelpFormatter',
-'ArgumentDefaultsHelpFormatter',
-'RawDescriptionHelpFormatter',
-'RawTextHelpFormatter',
-'Namespace',
-'Action',
-'ONE_OR_MORE',
-'OPTIONAL',
-'PARSER',
-'REMAINDER',
-'SUPPRESS',
-'ZERO_OR_MORE',
-]
-
-
-import copy as _copy
-import os as _os
-import re as _re
-import sys as _sys
-import textwrap as _textwrap
-
-from gettext import gettext as _
-
-try:
-set
-except NameError:
-# for python < 2.4 compatibility (sets module is there since 2.3):
-from sets import Set as set
-
-try:
-basestring
-except NameError:
-basestring = str
-
-try:

Re: [Qemu-devel] [PATCH] Purge uses of banned g_assert_FOO()

[Philippe Mathieu-Daudé]

On 06/08/2018 02:12 PM, Daniel P. Berrangé wrote:
> On Fri, Jun 08, 2018 at 07:02:31PM +0200, Markus Armbruster wrote:
>> We banned use of certain g_assert_FOO() functions outside tests, and
>> made checkpatch.pl flag them (commit 6e9389563e5).  We neglected to
>> purge existing uses.  Do that now.
>>
>> Signed-off-by: Markus Armbruster 
>> ---
>>  hw/ide/ahci.c |  2 +-
>>  hw/ppc/spapr_ovec.c   | 12 ++--
>>  hw/usb/dev-smartcard-reader.c |  2 +-
>>  qom/object.c  | 10 +-
>>  util/qht.c|  2 +-
>>  5 files changed, 14 insertions(+), 14 deletions(-)
>>
>> diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
> 
>> diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
>> index 2131e33d27..13d0befd9c 100644
>> --- a/hw/usb/dev-smartcard-reader.c
>> +++ b/hw/usb/dev-smartcard-reader.c
>> @@ -786,7 +786,7 @@ static void ccid_write_data_block(USBCCIDState *s, 
>> uint8_t slot, uint8_t seq,
>>  DPRINTF(s, D_VERBOSE, "error %d\n", p->b.bError);
>>  }
>>  if (len) {
>> -g_assert_nonnull(data);
>> +assert(data);
> 
> nitpick - all the other conversions used  g_assert()

I'd rather use assert() in the whole codebase...

I understand the rational here as "there is no other call to the
glib-Testing API, so keep it simple and directly use assert()"

Reviewed-by: Philippe Mathieu-Daudé 

> 
> 
> Regards,
> Daniel
> 

Re: [Qemu-devel] [Qemu-ppc] [PATCH v2 5/8] hw/timer: Add basic M41T80 emulation

[Cédric Le Goater]

On 06/08/2018 06:16 PM, BALATON Zoltan wrote:
> On Fri, 8 Jun 2018, Cédric Le Goater wrote:
>> On 06/06/2018 03:31 PM, BALATON Zoltan wrote:
>>> Basic emulation of the M41T80 serial (I2C) RTC chip. Only getting time
>>> of day is implemented. Setting time and RTC alarm are not supported.
>>>
>>> Signed-off-by: BALATON Zoltan 
>>> ---
>>>  MAINTAINERS |   1 +
>>>  default-configs/ppc-softmmu.mak |   1 +
>>>  hw/timer/Makefile.objs  |   1 +
>>>  hw/timer/m41t80.c   | 117 
>>> 
>>>  4 files changed, 120 insertions(+)
>>>  create mode 100644 hw/timer/m41t80.c
>>>
>>> diff --git a/MAINTAINERS b/MAINTAINERS
>>> index 41cd373..9e13bc1 100644
>>> --- a/MAINTAINERS
>>> +++ b/MAINTAINERS
>>> @@ -826,6 +826,7 @@ M: BALATON Zoltan 
>>>  L: qemu-...@nongnu.org
>>>  S: Maintained
>>>  F: hw/ide/sii3112.c
>>> +F: hw/timer/m41t80.c
>>>
>>>  SH4 Machines
>>>  
>>> diff --git a/default-configs/ppc-softmmu.mak 
>>> b/default-configs/ppc-softmmu.mak
>>> index 7d0dc2f..9fbaadc 100644
>>> --- a/default-configs/ppc-softmmu.mak
>>> +++ b/default-configs/ppc-softmmu.mak
>>> @@ -27,6 +27,7 @@ CONFIG_SM501=y
>>>  CONFIG_IDE_SII3112=y
>>>  CONFIG_I2C=y
>>>  CONFIG_BITBANG_I2C=y
>>> +CONFIG_M41T80=y
>>>
>>>  # For Macs
>>>  CONFIG_MAC=y
>>> diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
>>> index 8b27a4b..e16b2b9 100644
>>> --- a/hw/timer/Makefile.objs
>>> +++ b/hw/timer/Makefile.objs
>>> @@ -6,6 +6,7 @@ common-obj-$(CONFIG_CADENCE) += cadence_ttc.o
>>>  common-obj-$(CONFIG_DS1338) += ds1338.o
>>>  common-obj-$(CONFIG_HPET) += hpet.o
>>>  common-obj-$(CONFIG_I8254) += i8254_common.o i8254.o
>>> +common-obj-$(CONFIG_M41T80) += m41t80.o
>>>  common-obj-$(CONFIG_M48T59) += m48t59.o
>>>  ifeq ($(CONFIG_ISA_BUS),y)
>>>  common-obj-$(CONFIG_M48T59) += m48t59-isa.o
>>> diff --git a/hw/timer/m41t80.c b/hw/timer/m41t80.c
>>> new file mode 100644
>>> index 000..9dbdb1b
>>> --- /dev/null
>>> +++ b/hw/timer/m41t80.c
>>> @@ -0,0 +1,117 @@
>>> +/*
>>> + * M41T80 serial rtc emulation
>>> + *
>>> + * Copyright (c) 2018 BALATON Zoltan
>>> + *
>>> + * This work is licensed under the GNU GPL license version 2 or later.
>>> + *
>>> + */
>>> +
>>> +#include "qemu/osdep.h"
>>> +#include "qemu/log.h"
>>> +#include "qemu/timer.h"
>>> +#include "qemu/bcd.h"
>>> +#include "hw/i2c/i2c.h"
>>> +
>>> +#define TYPE_M41T80 "m41t80"
>>> +#define M41T80(obj) OBJECT_CHECK(M41t80State, (obj), TYPE_M41T80)
>>> +
>>> +typedef struct M41t80State {
>>> +    I2CSlave parent_obj;
>>> +    int8_t addr;
>>> +} M41t80State;
>>> +
>>> +static void m41t80_realize(DeviceState *dev, Error **errp)
>>> +{
>>> +    M41t80State *s = M41T80(dev);
>>> +
>>> +    s->addr = -1;
>>> +}
>>> +
>>> +static int m41t80_send(I2CSlave *i2c, uint8_t data)
>>> +{
>>> +    M41t80State *s = M41T80(i2c);
>>> +
>>> +    if (s->addr < 0) {
>>> +    s->addr = data;
>>> +    } else {
>>> +    s->addr++;
>>> +    }
>>> +    return 0;
>>> +}
>>> +
>>> +static int m41t80_recv(I2CSlave *i2c)
>>> +{
>>> +    M41t80State *s = M41T80(i2c);
>>> +    struct tm now;
>>> +    qemu_timeval tv;
>>> +
>>> +    if (s->addr < 0) {
>>> +    s->addr = 0;
>>> +    }
>>> +    if (s->addr >= 1 && s->addr <= 7) {
>>> +    qemu_get_timedate(, -1);
>>> +    }
>>> +    switch (s->addr++) {
>>
>> you could use some define to name the registers :
> 
> This was also suggested by Philippe Mathieu-Daudé and my answer to that was 
> that I don't feel like I want to come up with names the datasheet does not 
> have either. I think this device is simple enough with just 20 consecutively 
> numbered registers that appear only in these switch cases by number as in the 
> datasheet table so that I don't want to make it more difficult to read by 
> encrypting these numbers behind some arbitrary defines without a good reason. 
> They are also so simple that it's clear from the usually one line 
> implementation what they do so that's also not a good reason to name them.

OK. It's fine with me but you might get some inspiration from Linux 
for the names :)

>>> +    case 0:
>>> +    qemu_gettimeofday();
>>> +    return to_bcd(tv.tv_usec / 1);> +    case 1:
>>> +    return to_bcd(now.tm_sec);
>>> +    case 2:
>>> +    return to_bcd(now.tm_min);
>>> +    case 3:
>>> +    return to_bcd(now.tm_hour);
>>
>> There is an interesting century bit in specs.
> 
> Which I could not figure out how should work and guests seem to be happy 
> without it so I did not try to implement it.

yes. It seems that Linux simply ignores it. Let's forget it.

Thanks,
C.

>>> +    case 4:
>>> +    return to_bcd(now.tm_wday);
>>> +    case 5:
>>> +    return to_bcd(now.tm_mday);
>>> +    case 6:
>>> +    return to_bcd(now.tm_mon + 1);
>>> +    case 7:
>>> +    return to_bcd(now.tm_year % 100);
>>> +    case 8 ... 19:
>>> +    qemu_log_mask(LOG_UNIMP, "\n%s: unimplemented register: %d\n",
>>
>> is the 

[Qemu-devel] [PATCH v2 2/2] python: Remove scripts/ordereddict.py

[Eduardo Habkost]

Python 2.7 (the minimum Python version we require) provides
collections.OrderedDict on the standard library, so we don't need
to carry our own implementation.

Signed-off-by: Eduardo Habkost 
---
Changes v1 -> v2:
* Remove ordereddict.py reference from Makefiles
---
 Makefile   |   1 -
 scripts/ordereddict.py | 128 -
 scripts/qapi/common.py |   5 +-
 tests/Makefile.include |   1 -
 4 files changed, 1 insertion(+), 134 deletions(-)
 delete mode 100644 scripts/ordereddict.py

diff --git a/Makefile b/Makefile
index 023b3437ec..6c6664d9a3 100644
--- a/Makefile
+++ b/Makefile
@@ -567,7 +567,6 @@ $(SRC_PATH)/scripts/qapi/types.py \
 $(SRC_PATH)/scripts/qapi/visit.py \
 $(SRC_PATH)/scripts/qapi/common.py \
 $(SRC_PATH)/scripts/qapi/doc.py \
-$(SRC_PATH)/scripts/ordereddict.py \
 $(SRC_PATH)/scripts/qapi-gen.py
 
 qga/qapi-generated/qga-qapi-types.c qga/qapi-generated/qga-qapi-types.h \
diff --git a/scripts/ordereddict.py b/scripts/ordereddict.py
deleted file mode 100644
index 68ed340b33..00
--- a/scripts/ordereddict.py
+++ /dev/null
@@ -1,128 +0,0 @@
-# Copyright (c) 2009 Raymond Hettinger
-#
-# Permission is hereby granted, free of charge, to any person
-# obtaining a copy of this software and associated documentation files
-# (the "Software"), to deal in the Software without restriction,
-# including without limitation the rights to use, copy, modify, merge,
-# publish, distribute, sublicense, and/or sell copies of the Software,
-# and to permit persons to whom the Software is furnished to do so,
-# subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
-# OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-# OTHER DEALINGS IN THE SOFTWARE.
-
-from UserDict import DictMixin
-
-
-class OrderedDict(dict, DictMixin):
-
-def __init__(self, *args, **kwds):
-if len(args) > 1:
-raise TypeError('expected at most 1 arguments, got %d' % len(args))
-try:
-self.__end
-except AttributeError:
-self.clear()
-self.update(*args, **kwds)
-
-def clear(self):
-self.__end = end = []
-end += [None, end, end] # sentinel node for doubly linked list
-self.__map = {} # key --> [key, prev, next]
-dict.clear(self)
-
-def __setitem__(self, key, value):
-if key not in self:
-end = self.__end
-curr = end[1]
-curr[2] = end[1] = self.__map[key] = [key, curr, end]
-dict.__setitem__(self, key, value)
-
-def __delitem__(self, key):
-dict.__delitem__(self, key)
-key, prev, next = self.__map.pop(key)
-prev[2] = next
-next[1] = prev
-
-def __iter__(self):
-end = self.__end
-curr = end[2]
-while curr is not end:
-yield curr[0]
-curr = curr[2]
-
-def __reversed__(self):
-end = self.__end
-curr = end[1]
-while curr is not end:
-yield curr[0]
-curr = curr[1]
-
-def popitem(self, last=True):
-if not self:
-raise KeyError('dictionary is empty')
-if last:
-key = next(reversed(self))
-else:
-key = next(iter(self))
-value = self.pop(key)
-return key, value
-
-def __reduce__(self):
-items = [[k, self[k]] for k in self]
-tmp = self.__map, self.__end
-del self.__map, self.__end
-inst_dict = vars(self).copy()
-self.__map, self.__end = tmp
-if inst_dict:
-return (self.__class__, (items,), inst_dict)
-return self.__class__, (items,)
-
-def keys(self):
-return list(self)
-
-setdefault = DictMixin.setdefault
-update = DictMixin.update
-pop = DictMixin.pop
-values = DictMixin.values
-items = DictMixin.items
-iterkeys = DictMixin.iterkeys
-itervalues = DictMixin.itervalues
-iteritems = DictMixin.iteritems
-
-def __repr__(self):
-if not self:
-return '%s()' % (self.__class__.__name__,)
-return '%s(%r)' % (self.__class__.__name__, self.items())
-
-def copy(self):
-return self.__class__(self)
-
-@classmethod
-def fromkeys(cls, iterable, value=None):
-d = cls()
-for key in iterable:
-d[key] = value
-return d
-
-def __eq__(self, other):
-if 

Re: [Qemu-devel] [PULL 00/31] acpi, vhost, misc: fixes, features

[Philippe Mathieu-Daudé]

On 06/04/2018 07:28 AM, Peter Maydell wrote:
> On 1 June 2018 at 17:26, Michael S. Tsirkin  wrote:
>> The following changes since commit 63b88968f139b6a77f2f81e6f1eedf70c0170a85:
>>
>>   intel-iommu: rework the page walk logic (2018-05-23 17:34:05 +0300)
>>
>> are available in the Git repository at:
>>
>>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>>
>> for you to fetch changes up to 25b1d45a1975fd8624c37b5bf42e8502ccf53460:
>>
>>   vhost-blk: turn on pre-defined RO feature bit (2018-06-01 19:20:38 +0300)
>>
>> 
>> acpi, vhost, misc: fixes, features
>>
>> vDPA support, fix to vhost blk RO bit handling, some include path
>> cleanups, NFIT ACPI table.
>>
>> Signed-off-by: Michael S. Tsirkin 
>>
>> 
> 
> Applied, thanks.

Not sure this is a problem, but something experienced after rebasing:


#1

/source/qemu/qemu-nbd.c: In function ‘version’:
/source/qemu/qemu-nbd.c:133:6: error: expected ‘)’ before
‘QEMU_FULL_VERSION’
 "%s " QEMU_FULL_VERSION "\n"
  ^~
  )
/source/qemu/qemu-nbd.c:133:3: error: format ‘%s’ expects a matching
‘char *’ argument [-Werror=format=]
 "%s " QEMU_FULL_VERSION "\n"
  ~^
cc1: all warnings being treated as errors

It took me a while to figure this out, probably because today is Friday.

$ git status --ignored show me I had a "qemu-version.h" generated long
time ago in the source directory.

- I only do out-of-tree builds.

- sometimes I run "make help/docker/vm-test" and friends in the source
directory, and my 'make' is aliased as 'make -jN'.
I doubt those make calls generate this file, as ./configure generates
it, so I probably messed with a ./configure in source dir.

Now, building out-of-tree dirs was finding the old /qemu-version.h
before the generated one in current dir.

I was not noticing it due to the /qemu-version.h entry in /.gitignore .


#2

  CC  vl.o
/source/qemu/vl.c: In function ‘main’:
/source/qemu/vl.c:3052:18: error: ‘QEMU_OPTION_blockdev’ undeclared
(first use in this function); did you mean ‘QEMU_OPTION_clock’?
 case QEMU_OPTION_blockdev:
  ^~~~
  QEMU_OPTION_clock
/source/qemu/vl.c:3052:18: note: each undeclared identifier is reported
only once for each function it appears in
/source/qemu/vl.c:3171:18: error: ‘QEMU_OPTION_nic’ undeclared (first
use in this function); did you mean ‘QEMU_OPTION_rtc’?
 case QEMU_OPTION_nic:
  ^~~
  QEMU_OPTION_rtc
/source/qemu/vl.c:3574:18: error: ‘QEMU_OPTION_preconfig’ undeclared
(first use in this function); did you mean ‘QEMU_OPTION_writeconfig’?
 case QEMU_OPTION_preconfig:
  ^
  QEMU_OPTION_writeconfig

This is the same story, but with /qemu-options.def (also in .gitignore).


So 'rm ${srcdir}/qemu-version.h ${srcdir}/qemu-options.def' fixed my
problems.

Should we add a check for this kind of mistakes when running out-of-tree
builds? I'll try something.

Regards,

Phil.

Re: [Qemu-devel] [PULL 52/53] char: Remove unwanted crlf conversion

[Patryk Olszewski]

W dniu 08.06.2018 o 19:39, Greg Kurz pisze:
> On Thu, 31 May 2018 19:16:05 +0200
> Paolo Bonzini  wrote:
>
>> From: Patryk Olszewski 
>>
>> This patch fixes a bug in serial that made it almost impossible for guest
>> to communicate with devices through host's serial.
>>
>> OPOST flag in c_oflag enables output processing letting other flags in
>> c_oflag take effect. Usually in c_oflag ONLCR flag is also set, which
>> causes crlf to be sent in place of lf. This breaks binary transmissions.
>> Unsetting OPOST flag turns off any output processing which fixes the bug.
>>
> But it damages error reporting...
>
> Without this patch:
>
> $ qemu-system-ppc64 -serial stdio -kernel foo
> foo: No such file or directory
> qemu-system-ppc64: error loading foo: Failed to load ELF
> $
>
> With this patch:
>
> $ .mbuild-ppc-for-3.0/obj/ppc64-softmmu/qemu-system-ppc64 -serial stdio 
> -kernel foo
> foo: No such file or directory
>   qemu-system-ppc64: error loading foo: Failed to 
> load ELF
>   
> $
>
> It is possible to patch vreport() to append an explicit CR:
>
>  error_vprintf(fmt, ap);
> -error_printf("\n");
> +error_printf("\n\r");
>  }
>
> but it only fixes the trailing newline of error_report(). Any other newline,
> eg when using error_append_hint(), will lack the CR... Not sure how to fix
> this :-\
>
>> Bug reports related:
>> https://bugs.launchpad.net/qemu/+bug/1772086
>> https://bugs.launchpad.net/qemu/+bug/1407813
>> https://bugs.launchpad.net/qemu/+bug/1715296
>> also
>> https://lists.nongnu.org/archive/html/qemu-devel/2006-06/msg00196.html
>>
>> Signed-off-by: Patryk Olszewski 
>> Message-Id: <1527105041-21013-1-git-send-email-pat...@fala.ehost.pl>
>> Reviewed-by: Markus Armbruster 
>> Reviewed-by: Thomas Huth 
>> Signed-off-by: Paolo Bonzini 
>> ---
>>  chardev/char-serial.c | 2 +-
>>  chardev/char-stdio.c  | 2 +-
>>  2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/chardev/char-serial.c b/chardev/char-serial.c
>> index feb52e559d..ae548d28da 100644
>> --- a/chardev/char-serial.c
>> +++ b/chardev/char-serial.c
>> @@ -139,7 +139,7 @@ static void tty_serial_init(int fd, int speed,
>>  
>>  tty.c_iflag &= ~(IGNBRK | BRKINT | PARMRK | ISTRIP
>>   | INLCR | IGNCR | ICRNL | IXON);
>> -tty.c_oflag |= OPOST;
>> +tty.c_oflag &= ~OPOST;
>>  tty.c_lflag &= ~(ECHO | ECHONL | ICANON | IEXTEN | ISIG);
>>  tty.c_cflag &= ~(CSIZE | PARENB | PARODD | CRTSCTS | CSTOPB);
>>  switch (data_bits) {
>> diff --git a/chardev/char-stdio.c b/chardev/char-stdio.c
>> index 96375f2ab8..d83e60e787 100644
>> --- a/chardev/char-stdio.c
>> +++ b/chardev/char-stdio.c
>> @@ -59,7 +59,7 @@ static void qemu_chr_set_echo_stdio(Chardev *chr, bool 
>> echo)
>>  if (!echo) {
>>  tty.c_iflag &= ~(IGNBRK | BRKINT | PARMRK | ISTRIP
>>   | INLCR | IGNCR | ICRNL | IXON);
>> -tty.c_oflag |= OPOST;
>> +tty.c_oflag &= ~OPOST;
>>  tty.c_lflag &= ~(ECHO | ECHONL | ICANON | IEXTEN);
>>  tty.c_cflag &= ~(CSIZE | PARENB);
>>  tty.c_cflag |= CS8;

The change to char-stdio.c wasn't actually introduced by me.
(https://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg05416.html).
Anyway, I haven't yet investigated it thoroughly but right now I think the 
problem is with that error reporting system. After all serial device shouldn't 
alter data coming from the guest. You never know when somebody will come up 
with crazy idea of pushing binary data through stdout.

[Qemu-devel] [PULL 30/30] ide: introduce ide_transfer_start_norecurse

[John Snow]

From: Paolo Bonzini 

For the case where the end_transfer_func is also the caller of
ide_transfer_start, the mutual recursion can lead to unlimited
stack usage.  Introduce a new version that can be used to change
tail recursion into a loop, and use it in trace_ide_atapi_cmd_reply_end.

Signed-off-by: Paolo Bonzini 
Signed-off-by: John Snow 
Reviewed-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180606190955.20845-8-js...@redhat.com
Signed-off-by: John Snow 
---
 hw/ide/atapi.c| 42 +++---
 hw/ide/core.c | 16 
 include/hw/ide/internal.h |  2 ++
 3 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 7168ff55a7..39e473f9c2 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -245,15 +245,11 @@ static uint16_t atapi_byte_count_limit(IDEState *s)
 void ide_atapi_cmd_reply_end(IDEState *s)
 {
 int byte_count_limit, size, ret;
-trace_ide_atapi_cmd_reply_end(s, s->packet_transfer_size,
-  s->elementary_transfer_size,
-  s->io_buffer_index);
-if (s->packet_transfer_size <= 0) {
-/* end of transfer */
-ide_atapi_cmd_ok(s);
-ide_set_irq(s->bus);
-trace_ide_atapi_cmd_reply_end_eot(s, s->status);
-} else {
+while (s->packet_transfer_size > 0) {
+trace_ide_atapi_cmd_reply_end(s, s->packet_transfer_size,
+  s->elementary_transfer_size,
+  s->io_buffer_index);
+
 /* see if a new sector must be read */
 if (s->lba != -1 && s->io_buffer_index >= s->cd_sector_size) {
 if (!s->elementary_transfer_size) {
@@ -279,11 +275,6 @@ void ide_atapi_cmd_reply_end(IDEState *s)
 size = s->cd_sector_size - s->io_buffer_index;
 if (size > s->elementary_transfer_size)
 size = s->elementary_transfer_size;
-s->packet_transfer_size -= size;
-s->elementary_transfer_size -= size;
-s->io_buffer_index += size;
-ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
-   size, ide_atapi_cmd_reply_end);
 } else {
 /* a new transfer is needed */
 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
@@ -306,13 +297,26 @@ void ide_atapi_cmd_reply_end(IDEState *s)
 size = (s->cd_sector_size - s->io_buffer_index);
 }
 trace_ide_atapi_cmd_reply_end_new(s, s->status);
-s->packet_transfer_size -= size;
-s->elementary_transfer_size -= size;
-s->io_buffer_index += size;
-ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
-   size, ide_atapi_cmd_reply_end);
+}
+s->packet_transfer_size -= size;
+s->elementary_transfer_size -= size;
+s->io_buffer_index += size;
+
+/* Some adapters process PIO data right away.  In that case, we need
+ * to avoid mutual recursion between ide_transfer_start
+ * and ide_atapi_cmd_reply_end.
+ */
+if (!ide_transfer_start_norecurse(s,
+  s->io_buffer + s->io_buffer_index - 
size,
+  size, ide_atapi_cmd_reply_end)) {
+return;
 }
 }
+
+/* end of transfer */
+trace_ide_atapi_cmd_reply_end_eot(s, s->status);
+ide_atapi_cmd_ok(s);
+ide_set_irq(s->bus);
 }
 
 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 9c4864ae54..2c62efc536 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -523,8 +523,8 @@ static void ide_clear_retry(IDEState *s)
 }
 
 /* prepare data transfer and tell what to do after */
-void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
-EndTransferFunc *end_transfer_func)
+bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size,
+  EndTransferFunc *end_transfer_func)
 {
 s->data_ptr = buf;
 s->data_end = buf + size;
@@ -534,10 +534,18 @@ void ide_transfer_start(IDEState *s, uint8_t *buf, int 
size,
 }
 if (!s->bus->dma->ops->pio_transfer) {
 s->end_transfer_func = end_transfer_func;
-return;
+return false;
 }
 s->bus->dma->ops->pio_transfer(s->bus->dma);
-end_transfer_func(s);
+return true;
+}
+
+void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
+EndTransferFunc *end_transfer_func)
+{
+if (ide_transfer_start_norecurse(s, buf, size, end_transfer_func)) {
+end_transfer_func(s);
+}
 }
 
 static void ide_cmd_done(IDEState *s)
diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h
index f3de6f9b73..594081e57f 100644
--- 

Re: [Qemu-devel] [PATCH v1.1 0/9] target/m68k: Convert to TranslatorOps

[Richard Henderson]

On 06/07/2018 10:25 AM, Laurent Vivier wrote:
> do you want I take this through my m68k tree or do you take this in a
> TCG pull requests?

Would you take it through your m68k tree please?


r~

[Qemu-devel] [PULL 25/30] ahci: move PIO Setup FIS before transfer, fix it for ATAPI commands

[John Snow]

The PIO Setup FIS is written in the PIO:Entry state, which comes before
the ATA and ATAPI data transfer states.  As a result, the PIO Setup FIS
interrupt is now raised before DMA ends for ATAPI commands, and tests have
to be adjusted.

This is also hinted by the description of the command header in the AHCI
specification, where the "A" bit is described as

When ‘1’, indicates that a PIO setup FIS shall be sent by the device
indicating a transfer for the ATAPI command.

and also by the description of the ACMD (ATAPI command region):

The ATAPI command must be either 12 or 16 bytes in length. The length
transmitted by the HBA is determined by the PIO setup FIS that is sent
by the device requesting the ATAPI command.

QEMU, which conflates the "generator" and the "receiver" of the FIS into
one device, always uses ATAPI_PACKET_SIZE, aka 12, for the length.

Signed-off-by: Paolo Bonzini 
Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180606190955.20845-3-js...@redhat.com
Signed-off-by: John Snow 
---
 hw/ide/ahci.c   | 18 ++
 tests/libqos/ahci.c | 35 +--
 tests/libqos/ahci.h |  3 +--
 3 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 571e32dd66..f25bef501d 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -1259,7 +1259,6 @@ static void handle_reg_h2d_fis(AHCIState *s, int port,
 g_free(pretty_fis);
 }
 s->dev[port].done_atapi_packet = false;
-/* XXX send PIO setup FIS */
 }
 
 ide_state->error = 0;
@@ -1353,10 +1352,12 @@ static void ahci_start_transfer(IDEDMA *dma)
 int is_atapi = opts & AHCI_CMD_ATAPI;
 int has_sglist = 0;
 
+/* PIO FIS gets written prior to transfer */
+ahci_write_fis_pio(ad, size);
+
 if (is_atapi && !ad->done_atapi_packet) {
 /* already prepopulated iobuffer */
 ad->done_atapi_packet = true;
-size = 0;
 goto out;
 }
 
@@ -1376,19 +1377,12 @@ static void ahci_start_transfer(IDEDMA *dma)
 }
 }
 
-out:
-/* declare that we processed everything */
-s->data_ptr = s->data_end;
-
 /* Update number of transferred bytes, destroy sglist */
 dma_buf_commit(s, size);
-
+out:
+/* declare that we processed everything */
+s->data_ptr = s->data_end;
 s->end_transfer_func(s);
-
-if (!(s->status & DRQ_STAT)) {
-/* done with PIO send/receive */
-ahci_write_fis_pio(ad, le32_to_cpu(ad->cur_cmd->status));
-}
 }
 
 static void ahci_start_dma(IDEDMA *dma, IDEState *s,
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index 63e1f9b92d..7264e085d0 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -478,10 +478,10 @@ void ahci_port_check_d2h_sanity(AHCIQState *ahci, uint8_t 
port, uint8_t slot)
 g_free(d2h);
 }
 
-void ahci_port_check_pio_sanity(AHCIQState *ahci, uint8_t port,
-uint8_t slot, size_t buffsize)
+void ahci_port_check_pio_sanity(AHCIQState *ahci, AHCICommand *cmd)
 {
 PIOSetupFIS *pio = g_malloc0(0x20);
+uint8_t port = cmd->port;
 
 /* We cannot check the Status or E_Status registers, because
  * the status may have again changed between the PIO Setup FIS
@@ -489,15 +489,22 @@ void ahci_port_check_pio_sanity(AHCIQState *ahci, uint8_t 
port,
 qtest_memread(ahci->parent->qts, ahci->port[port].fb + 0x20, pio, 0x20);
 g_assert_cmphex(pio->fis_type, ==, 0x5f);
 
-/* BUG: PIO Setup FIS as utilized by QEMU tries to fit the entire
- * transfer size in a uint16_t field. The maximum transfer size can
- * eclipse this; the field is meant to convey the size of data per
- * each Data FIS, not the entire operation as a whole. For now,
- * we will sanity check the broken case where applicable. */
-if (buffsize <= UINT16_MAX) {
-g_assert_cmphex(le16_to_cpu(pio->tx_count), ==, buffsize);
+/* Data transferred by PIO will either be:
+ * (1) 12 or 16 bytes for an ATAPI command packet (QEMU always uses 12), or
+ * (2) Actual data from the drive.
+ * If we do both, (2) winds up erasing any evidence of (1).
+ */
+if (cmd->props->atapi && (cmd->xbytes == 0 || cmd->props->dma)) {
+g_assert(le16_to_cpu(pio->tx_count) == 12 ||
+ le16_to_cpu(pio->tx_count) == 16);
+} else {
+/* The AHCI test suite here does not test any PIO command that 
specifies
+ * a DRQ block larger than one sector (like 0xC4), so this should 
always
+ * be one sector or less. */
+size_t pio_len = ((cmd->xbytes % cmd->sector_size) ?
+  (cmd->xbytes % cmd->sector_size) : cmd->sector_size);
+g_assert_cmphex(le16_to_cpu(pio->tx_count), ==, pio_len);
 }
-
 g_free(pio);
 }
 
@@ -832,9 +839,9 @@ void ahci_command_enable_atapi_dma(AHCICommand *cmd)
 RegH2DFIS *fis = &(cmd->fis);
 g_assert(cmd->props->atapi);
 

[Qemu-devel] [PULL 27/30] ide: call ide_cmd_done from ide_transfer_stop

[John Snow]

From: Paolo Bonzini 

The code can simply be moved to the sole caller that has notify == true.

Signed-off-by: Paolo Bonzini 
Signed-off-by: John Snow 
Reviewed-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180606190955.20845-5-js...@redhat.com
Signed-off-by: John Snow 
---
 hw/ide/core.c | 11 ---
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 1a6cb337bf..54799ea6fb 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -548,26 +548,23 @@ static void ide_cmd_done(IDEState *s)
 }
 
 static void ide_transfer_halt(IDEState *s,
-  void(*end_transfer_func)(IDEState *),
-  bool notify)
+  void(*end_transfer_func)(IDEState *))
 {
 s->end_transfer_func = end_transfer_func;
 s->data_ptr = s->io_buffer;
 s->data_end = s->io_buffer;
 s->status &= ~DRQ_STAT;
-if (notify) {
-ide_cmd_done(s);
-}
 }
 
 void ide_transfer_stop(IDEState *s)
 {
-ide_transfer_halt(s, ide_transfer_stop, true);
+ide_transfer_halt(s, ide_transfer_stop);
+ide_cmd_done(s);
 }
 
 static void ide_transfer_cancel(IDEState *s)
 {
-ide_transfer_halt(s, ide_transfer_cancel, false);
+ide_transfer_halt(s, ide_transfer_cancel);
 }
 
 int64_t ide_get_sector(IDEState *s)
-- 
2.14.3

Re: [Qemu-devel] [PATCH 0/4] linux-user: syscall number fixes

[Richard Henderson]

On 06/07/2018 10:17 AM, Laurent Vivier wrote:
> If you agree, I will remove tabs when I'll commit the patches for the
> pull-request.

Yes please.  I should have noticed them there when making my change.


r~

[Qemu-devel] [PULL 29/30] atapi: call ide_set_irq before ide_transfer_start

[John Snow]

From: Paolo Bonzini 

The ATAPI_INT_REASON_IO interrupt is raised when I/O starts, but in the
AHCI case ide_set_irq was actually called at the end of a mutual recursion.
Move it early, with the side effect that ide_transfer_start becomes a tail
call in ide_atapi_cmd_reply_end.

Signed-off-by: Paolo Bonzini 
Signed-off-by: John Snow 
Reviewed-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180606190955.20845-7-js...@redhat.com
Signed-off-by: John Snow 
---
 hw/ide/atapi.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index c0509c8bf5..7168ff55a7 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -287,6 +287,7 @@ void ide_atapi_cmd_reply_end(IDEState *s)
 } else {
 /* a new transfer is needed */
 s->nsector = (s->nsector & ~7) | ATAPI_INT_REASON_IO;
+ide_set_irq(s->bus);
 byte_count_limit = atapi_byte_count_limit(s);
 trace_ide_atapi_cmd_reply_end_bcl(s, byte_count_limit);
 size = s->packet_transfer_size;
@@ -304,13 +305,12 @@ void ide_atapi_cmd_reply_end(IDEState *s)
 if (size > (s->cd_sector_size - s->io_buffer_index))
 size = (s->cd_sector_size - s->io_buffer_index);
 }
-s->packet_transfer_size -= size;
-s->elementary_transfer_size -= size;
-s->io_buffer_index += size;
-ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
-   size, ide_atapi_cmd_reply_end);
-ide_set_irq(s->bus);
 trace_ide_atapi_cmd_reply_end_new(s, s->status);
+s->packet_transfer_size -= size;
+s->elementary_transfer_size -= size;
+s->io_buffer_index += size;
+ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size,
+   size, ide_atapi_cmd_reply_end);
 }
 }
 }
-- 
2.14.3

[Qemu-devel] [PULL 28/30] ide: make ide_transfer_stop idempotent

[John Snow]

From: Paolo Bonzini 

There is code checking s->end_transfer_func and it was not taught about
ide_transfer_cancel.  We can just use ide_transfer_stop because
s->end_transfer_func is only ever called in the DRQ phase.

ide_transfer_cancel can then be removed, since it would just be
calling ide_transfer_halt.

Signed-off-by: Paolo Bonzini 
Signed-off-by: John Snow 
Reviewed-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180606190955.20845-6-js...@redhat.com
Signed-off-by: John Snow 
---
 hw/ide/core.c | 14 --
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 54799ea6fb..9c4864ae54 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -547,10 +547,9 @@ static void ide_cmd_done(IDEState *s)
 }
 }
 
-static void ide_transfer_halt(IDEState *s,
-  void(*end_transfer_func)(IDEState *))
+static void ide_transfer_halt(IDEState *s)
 {
-s->end_transfer_func = end_transfer_func;
+s->end_transfer_func = ide_transfer_stop;
 s->data_ptr = s->io_buffer;
 s->data_end = s->io_buffer;
 s->status &= ~DRQ_STAT;
@@ -558,15 +557,10 @@ static void ide_transfer_halt(IDEState *s,
 
 void ide_transfer_stop(IDEState *s)
 {
-ide_transfer_halt(s, ide_transfer_stop);
+ide_transfer_halt(s);
 ide_cmd_done(s);
 }
 
-static void ide_transfer_cancel(IDEState *s)
-{
-ide_transfer_halt(s, ide_transfer_cancel);
-}
-
 int64_t ide_get_sector(IDEState *s)
 {
 int64_t sector_num;
@@ -1361,7 +1355,7 @@ static bool cmd_nop(IDEState *s, uint8_t cmd)
 static bool cmd_device_reset(IDEState *s, uint8_t cmd)
 {
 /* Halt PIO (in the DRQ phase), then DMA */
-ide_transfer_cancel(s);
+ide_transfer_halt(s);
 ide_cancel_dma_sync(s);
 
 /* Reset any PIO commands, reset signature, etc */
-- 
2.14.3

[Qemu-devel] [PULL 26/30] ide: push end_transfer_func out of start_transfer callback, rename callback

[John Snow]

From: Paolo Bonzini 

Now that end_transfer_func is a tail call in ahci_start_transfer,
formalize the fact that the callback (of which ahci_start_transfer is
the sole implementation) takes care of the transfer too: rename it to
pio_transfer and, if it is present, call the end_transfer_func as soon
as it returns.

Signed-off-by: Paolo Bonzini 
Signed-off-by: John Snow 
Reviewed-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180606190955.20845-4-js...@redhat.com
Signed-off-by: John Snow 
---
 hw/ide/ahci.c | 13 ++---
 hw/ide/core.c |  8 +---
 hw/ide/trace-events   |  2 +-
 include/hw/ide/internal.h |  2 +-
 4 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index f25bef501d..f7852be842 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -1340,8 +1340,8 @@ out:
 return 0;
 }
 
-/* DMA dev <-> ram */
-static void ahci_start_transfer(IDEDMA *dma)
+/* Transfer PIO data between RAM and device */
+static void ahci_pio_transfer(IDEDMA *dma)
 {
 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
 IDEState *s = >port.ifs[0];
@@ -1365,9 +1365,9 @@ static void ahci_start_transfer(IDEDMA *dma)
 has_sglist = 1;
 }
 
-trace_ahci_start_transfer(ad->hba, ad->port_no, is_write ? "writ" : "read",
-  size, is_atapi ? "atapi" : "ata",
-  has_sglist ? "" : "o");
+trace_ahci_pio_transfer(ad->hba, ad->port_no, is_write ? "writ" : "read",
+size, is_atapi ? "atapi" : "ata",
+has_sglist ? "" : "o");
 
 if (has_sglist && size) {
 if (is_write) {
@@ -1382,7 +1382,6 @@ static void ahci_start_transfer(IDEDMA *dma)
 out:
 /* declare that we processed everything */
 s->data_ptr = s->data_end;
-s->end_transfer_func(s);
 }
 
 static void ahci_start_dma(IDEDMA *dma, IDEState *s,
@@ -1503,7 +1502,7 @@ static const IDEDMAOps ahci_dma_ops = {
 .start_dma = ahci_start_dma,
 .restart = ahci_restart,
 .restart_dma = ahci_restart_dma,
-.start_transfer = ahci_start_transfer,
+.pio_transfer = ahci_pio_transfer,
 .prepare_buf = ahci_dma_prepare_buf,
 .commit_buf = ahci_commit_buf,
 .rw_buf = ahci_dma_rw_buf,
diff --git a/hw/ide/core.c b/hw/ide/core.c
index cc9ca28c33..1a6cb337bf 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -526,16 +526,18 @@ static void ide_clear_retry(IDEState *s)
 void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
 EndTransferFunc *end_transfer_func)
 {
-s->end_transfer_func = end_transfer_func;
 s->data_ptr = buf;
 s->data_end = buf + size;
 ide_set_retry(s);
 if (!(s->status & ERR_STAT)) {
 s->status |= DRQ_STAT;
 }
-if (s->bus->dma->ops->start_transfer) {
-s->bus->dma->ops->start_transfer(s->bus->dma);
+if (!s->bus->dma->ops->pio_transfer) {
+s->end_transfer_func = end_transfer_func;
+return;
 }
+s->bus->dma->ops->pio_transfer(s->bus->dma);
+end_transfer_func(s);
 }
 
 static void ide_cmd_done(IDEState *s)
diff --git a/hw/ide/trace-events b/hw/ide/trace-events
index e6bd95f52f..65d6f9034d 100644
--- a/hw/ide/trace-events
+++ b/hw/ide/trace-events
@@ -108,7 +108,7 @@ handle_cmd_badport(void *s, int port) "ahci(%p)[%d]: guest 
accessed unused port"
 handle_cmd_badfis(void *s, int port) "ahci(%p)[%d]: guest provided an invalid 
cmd FIS"
 handle_cmd_badmap(void *s, int port, uint64_t len) "ahci(%p)[%d]: 
dma_memory_map failed, 0x%02"PRIx64" != 0x80"
 handle_cmd_unhandled_fis(void *s, int port, uint8_t b0, uint8_t b1, uint8_t 
b2) "ahci(%p)[%d]: unhandled FIS type. cmd_fis: 0x%02x-%02x-%02x"
-ahci_start_transfer(void *s, int port, const char *rw, uint32_t size, const 
char *tgt, const char *sgl) "ahci(%p)[%d]: %sing %d bytes on %s w/%s sglist"
+ahci_pio_transfer(void *s, int port, const char *rw, uint32_t size, const char 
*tgt, const char *sgl) "ahci(%p)[%d]: %sing %d bytes on %s w/%s sglist"
 ahci_start_dma(void *s, int port) "ahci(%p)[%d]: start dma"
 ahci_dma_prepare_buf(void *s, int port, int32_t io_buffer_size, int32_t limit) 
"ahci(%p)[%d]: prepare buf limit=%"PRId32" prepared=%"PRId32
 ahci_dma_prepare_buf_fail(void *s, int port) "ahci(%p)[%d]: sglist population 
failed"
diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h
index 88212f59df..f3de6f9b73 100644
--- a/include/hw/ide/internal.h
+++ b/include/hw/ide/internal.h
@@ -444,7 +444,7 @@ struct IDEState {
 
 struct IDEDMAOps {
 DMAStartFunc *start_dma;
-DMAVoidFunc *start_transfer;
+DMAVoidFunc *pio_transfer;
 DMAInt32Func *prepare_buf;
 DMAu32Func *commit_buf;
 DMAIntFunc *rw_buf;
-- 
2.14.3

[Qemu-devel] [PULL 22/30] tests/cdrom-test: Test that -cdrom parameter is working

[John Snow]

From: Thomas Huth 

Commit 1454509726719e0933c800 recently broke the "-cdrom" parameter
on a couple of boards without us noticing it immediately. Thus let's
add a test which checks that "-cdrom" can at least be used to start
QEMU with certain machine types.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael S. Tsirkin 
Reviewed-by: Hervé Poussineau 
Acked-By: Mark Cave-Ayland 
Signed-off-by: Thomas Huth 
Signed-off-by: John Snow 
---
 tests/cdrom-test.c | 58 ++
 1 file changed, 58 insertions(+)

diff --git a/tests/cdrom-test.c b/tests/cdrom-test.c
index 5bbf322789..7a1fce5dfb 100644
--- a/tests/cdrom-test.c
+++ b/tests/cdrom-test.c
@@ -13,6 +13,7 @@
 #include "qemu/osdep.h"
 #include "libqtest.h"
 #include "boot-sector.h"
+#include "qapi/qmp/qdict.h"
 
 static char isoimage[] = "cdrom-boot-iso-XX";
 
@@ -89,6 +90,32 @@ cleanup:
 return ret;
 }
 
+/**
+ * Check that at least the -cdrom parameter is basically working, i.e. we can
+ * see the filename of the ISO image in the output of "info block" afterwards
+ */
+static void test_cdrom_param(gconstpointer data)
+{
+QTestState *qts;
+char *resp;
+
+qts = qtest_startf("-M %s -cdrom %s", (const char *)data, isoimage);
+resp = qtest_hmp(qts, "info block");
+g_assert(strstr(resp, isoimage) != 0);
+g_free(resp);
+qtest_quit(qts);
+}
+
+static void add_cdrom_param_tests(const char **machines)
+{
+while (*machines) {
+char *testname = g_strdup_printf("cdrom/param/%s", *machines);
+qtest_add_data_func(testname, *machines, test_cdrom_param);
+g_free(testname);
+machines++;
+}
+}
+
 static void test_cdboot(gconstpointer data)
 {
 QTestState *qts;
@@ -154,6 +181,37 @@ int main(int argc, char **argv)
 add_x86_tests();
 } else if (g_str_equal(arch, "s390x")) {
 add_s390x_tests();
+} else if (g_str_equal(arch, "ppc64")) {
+const char *ppcmachines[] = {
+"pseries", "mac99", "g3beige", "40p", "prep", NULL
+};
+add_cdrom_param_tests(ppcmachines);
+} else if (g_str_equal(arch, "sparc")) {
+const char *sparcmachines[] = {
+"LX", "SPARCClassic", "SPARCbook", "SS-10", "SS-20", "SS-4",
+"SS-5", "SS-600MP", "Voyager", "leon3_generic", NULL
+};
+add_cdrom_param_tests(sparcmachines);
+} else if (g_str_equal(arch, "sparc64")) {
+const char *sparc64machines[] = {
+"niagara", "sun4u", "sun4v", NULL
+};
+add_cdrom_param_tests(sparc64machines);
+} else if (!strncmp(arch, "mips64", 6)) {
+const char *mips64machines[] = {
+"magnum", "malta", "mips", "pica61", NULL
+};
+add_cdrom_param_tests(mips64machines);
+} else if (g_str_equal(arch, "arm") || g_str_equal(arch, "aarch64")) {
+const char *armmachines[] = {
+"realview-eb", "realview-eb-mpcore", "realview-pb-a8",
+"realview-pbx-a9", "versatileab", "versatilepb", "vexpress-a15",
+"vexpress-a9", "virt", NULL
+};
+add_cdrom_param_tests(armmachines);
+} else {
+const char *nonemachine[] = { "none", NULL };
+add_cdrom_param_tests(nonemachine);
 }
 
 ret = g_test_run();
-- 
2.14.3

[Qemu-devel] [PULL 24/30] libqos/ahci: track sector size

[John Snow]

It's not always 512, and it does wind up mattering for PIO tranfers,
because this means DRQ blocks are four times as big for ATAPI.
Replace an instance of 2048 with the correct define, too.

This patch by itself winds changing no behavior. fis->count is ignored
for CMD_PACKET, and sect_count only gets used in non-ATAPI cases.

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180606190955.20845-2-js...@redhat.com
Signed-off-by: John Snow 
---
 tests/libqos/ahci.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index bc201d762b..63e1f9b92d 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -90,6 +90,7 @@ struct AHCICommand {
 uint32_t interrupts;
 uint64_t xbytes;
 uint32_t prd_size;
+uint32_t sector_size;
 uint64_t buffer;
 AHCICommandProp *props;
 /* Data to be transferred to the guest */
@@ -796,7 +797,7 @@ static void command_header_init(AHCICommand *cmd)
 static void command_table_init(AHCICommand *cmd)
 {
 RegH2DFIS *fis = &(cmd->fis);
-uint16_t sect_count = (cmd->xbytes / AHCI_SECTOR_SIZE);
+uint16_t sect_count = (cmd->xbytes / cmd->sector_size);
 
 fis->fis_type = REG_H2D_FIS;
 fis->flags = REG_H2D_FIS_CMD; /* "Command" bit */
@@ -819,7 +820,7 @@ static void command_table_init(AHCICommand *cmd)
 if (cmd->props->lba28 || cmd->props->lba48) {
 fis->device = ATA_DEVICE_LBA;
 }
-fis->count = (cmd->xbytes / AHCI_SECTOR_SIZE);
+fis->count = (cmd->xbytes / cmd->sector_size);
 }
 fis->icc = 0x00;
 fis->control = 0x00;
@@ -857,6 +858,7 @@ AHCICommand *ahci_command_create(uint8_t command_name)
 cmd->xbytes = props->size;
 cmd->prd_size = 4096;
 cmd->buffer = 0xabad1dea;
+cmd->sector_size = props->atapi ? ATAPI_SECTOR_SIZE : AHCI_SECTOR_SIZE;
 
 if (!cmd->props->ncq) {
 cmd->interrupts = AHCI_PX_IS_DHRS;
@@ -1033,7 +1035,7 @@ void ahci_command_set_buffer(AHCICommand *cmd, uint64_t 
buffer)
 static void ahci_atapi_set_size(AHCICommand *cmd, uint64_t xbytes)
 {
 unsigned char *cbd = cmd->atapi_cmd;
-uint64_t nsectors = xbytes / 2048;
+uint64_t nsectors = xbytes / ATAPI_SECTOR_SIZE;
 uint32_t tmp;
 g_assert(cbd);
 
@@ -1080,7 +1082,7 @@ void ahci_command_set_sizes(AHCICommand *cmd, uint64_t 
xbytes,
 cmd->prd_size = prd_size;
 }
 cmd->xbytes = xbytes;
-sect_count = (cmd->xbytes / AHCI_SECTOR_SIZE);
+sect_count = (cmd->xbytes / cmd->sector_size);
 
 if (cmd->props->ncq) {
 NCQFIS *nfis = (NCQFIS *)&(cmd->fis);
-- 
2.14.3

[Qemu-devel] [PULL 23/30] MAINTAINERS: Add the cdrom-test to John's section

[John Snow]

From: Thomas Huth 

The cdrom-test checks various block types - IDE, SCSI and
virtio, so it's a little bit hard to decide where this should
belong to in the MAINTAINERS file. But John volunteered to take
it, so let's put it into the IDE section for now.

Signed-off-by: Thomas Huth 
Acked-by: John Snow 
Signed-off-by: John Snow 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 4c73c16fee..a40f558694 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1003,6 +1003,7 @@ F: hw/block/cdrom.c
 F: hw/block/hd-geometry.c
 F: tests/ide-test.c
 F: tests/ahci-test.c
+F: tests/cdrom-test.c
 F: tests/libqos/ahci*
 T: git git://github.com/jnsnow/qemu.git ide
 
-- 
2.14.3

[Qemu-devel] [PULL 17/30] ahci: adjust ahci_mem_write to work on registers

[John Snow]

Actually, this function looks pretty broken, but for now, let's finish
up what this series of commits came here to do.

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180531222835.16558-15-js...@redhat.com
Signed-off-by: John Snow 
---
 hw/ide/ahci.c | 15 +--
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 51c3e96c80..e4e87351c9 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -468,11 +468,14 @@ static void ahci_mem_write(void *opaque, hwaddr addr,
 }
 
 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) {
-switch (addr) {
-case HOST_CAP: /* R/WO, RO */
+enum AHCIHostReg regnum = addr / 4;
+assert(regnum < AHCI_HOST_REG__COUNT);
+
+switch (regnum) {
+case AHCI_HOST_REG_CAP: /* R/WO, RO */
 /* FIXME handle R/WO */
 break;
-case HOST_CTL: /* R/W */
+case AHCI_HOST_REG_CTL: /* R/W */
 if (val & HOST_CTL_RESET) {
 ahci_reset(s);
 } else {
@@ -480,14 +483,14 @@ static void ahci_mem_write(void *opaque, hwaddr addr,
 ahci_check_irq(s);
 }
 break;
-case HOST_IRQ_STAT: /* R/WC, RO */
+case AHCI_HOST_REG_IRQ_STAT: /* R/WC, RO */
 s->control_regs.irqstatus &= ~val;
 ahci_check_irq(s);
 break;
-case HOST_PORTS_IMPL: /* R/WO, RO */
+case AHCI_HOST_REG_PORTS_IMPL: /* R/WO, RO */
 /* FIXME handle R/WO */
 break;
-case HOST_VERSION: /* RO */
+case AHCI_HOST_REG_VERSION: /* RO */
 /* FIXME report write? */
 break;
 default:
-- 
2.14.3

[Qemu-devel] [PULL 21/30] tests/cdrom-test: Test booting from CD-ROM ISO image file

[John Snow]

From: Thomas Huth 

We already have the code for a boot file in tests/boot-sector.c,
so if the genisoimage program is available, we can easily create
a bootable CD ISO image that we can use for testing whether our
CD-ROM emulation and the BIOS CD-ROM boot works correctly.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael S. Tsirkin 
Reviewed-by: Hervé Poussineau 
Acked-By: Mark Cave-Ayland 
Signed-off-by: Thomas Huth 
Signed-off-by: John Snow 
---
 tests/Makefile.include |   2 +
 tests/cdrom-test.c | 164 +
 2 files changed, 166 insertions(+)
 create mode 100644 tests/cdrom-test.c

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 400d8890e7..d098a104bb 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -179,6 +179,7 @@ check-qtest-generic-y = tests/qmp-test$(EXESUF)
 gcov-files-generic-y = monitor.c qapi/qmp-dispatch.c
 check-qtest-generic-y += tests/device-introspect-test$(EXESUF)
 gcov-files-generic-y = qdev-monitor.c qmp.c
+check-qtest-generic-y += tests/cdrom-test$(EXESUF)
 
 gcov-files-ipack-y += hw/ipack/ipack.c
 check-qtest-ipack-y += tests/ipoctal232-test$(EXESUF)
@@ -844,6 +845,7 @@ tests/test-qapi-util$(EXESUF): tests/test-qapi-util.o 
$(test-util-obj-y)
 tests/numa-test$(EXESUF): tests/numa-test.o
 tests/vmgenid-test$(EXESUF): tests/vmgenid-test.o tests/boot-sector.o 
tests/acpi-utils.o
 tests/sdhci-test$(EXESUF): tests/sdhci-test.o $(libqos-pc-obj-y)
+tests/cdrom-test$(EXESUF): tests/cdrom-test.o tests/boot-sector.o 
$(libqos-obj-y)
 
 tests/migration/stress$(EXESUF): tests/migration/stress.o
$(call quiet-command, $(LINKPROG) -static -O3 $(PTHREAD_LIB) -o $@ $< 
,"LINK","$(TARGET_DIR)$@")
diff --git a/tests/cdrom-test.c b/tests/cdrom-test.c
new file mode 100644
index 00..5bbf322789
--- /dev/null
+++ b/tests/cdrom-test.c
@@ -0,0 +1,164 @@
+/*
+ * Various tests for emulated CD-ROM drives.
+ *
+ * Copyright (c) 2018 Red Hat Inc.
+ *
+ * Author:
+ *Thomas Huth 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2
+ * or later. See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "libqtest.h"
+#include "boot-sector.h"
+
+static char isoimage[] = "cdrom-boot-iso-XX";
+
+static int exec_genisoimg(const char **args)
+{
+gchar *out_err = NULL;
+gint exit_status = -1;
+bool success;
+
+success = g_spawn_sync(NULL, (gchar **)args, NULL,
+   G_SPAWN_SEARCH_PATH | G_SPAWN_STDOUT_TO_DEV_NULL,
+   NULL, NULL, NULL, _err, _status, NULL);
+if (!success) {
+return -ENOENT;
+}
+if (out_err) {
+fputs(out_err, stderr);
+g_free(out_err);
+}
+
+return exit_status;
+}
+
+static int prepare_image(const char *arch, char *isoimage)
+{
+char srcdir[] = "cdrom-test-dir-XX";
+char *codefile = NULL;
+int ifh, ret = -1;
+const char *args[] = {
+"genisoimage", "-quiet", "-l", "-no-emul-boot",
+"-b", NULL, "-o", isoimage, srcdir, NULL
+};
+
+ifh = mkstemp(isoimage);
+if (ifh < 0) {
+perror("Error creating temporary iso image file");
+return -1;
+}
+if (!mkdtemp(srcdir)) {
+perror("Error creating temporary directory");
+goto cleanup;
+}
+
+if (g_str_equal(arch, "i386") || g_str_equal(arch, "x86_64") ||
+g_str_equal(arch, "s390x")) {
+codefile = g_strdup_printf("%s/bootcode-XX", srcdir);
+ret = boot_sector_init(codefile);
+if (ret) {
+goto cleanup;
+}
+} else {
+/* Just create a dummy file */
+char txt[] = "empty disc";
+codefile = g_strdup_printf("%s/readme.txt", srcdir);
+if (!g_file_set_contents(codefile, txt, sizeof(txt) - 1, NULL)) {
+fprintf(stderr, "Failed to create '%s'\n", codefile);
+goto cleanup;
+}
+}
+
+args[5] = strchr(codefile, '/') + 1;
+ret = exec_genisoimg(args);
+if (ret) {
+fprintf(stderr, "genisoimage failed: %i\n", ret);
+}
+
+unlink(codefile);
+
+cleanup:
+g_free(codefile);
+rmdir(srcdir);
+close(ifh);
+
+return ret;
+}
+
+static void test_cdboot(gconstpointer data)
+{
+QTestState *qts;
+
+qts = qtest_startf("-accel kvm:tcg -no-shutdown %s%s", (const char *)data,
+   isoimage);
+boot_sector_test(qts);
+qtest_quit(qts);
+}
+
+static void add_x86_tests(void)
+{
+qtest_add_data_func("cdrom/boot/default", "-cdrom ", test_cdboot);
+qtest_add_data_func("cdrom/boot/virtio-scsi",
+"-device virtio-scsi -device scsi-cd,drive=cdr "
+"-blockdev file,node-name=cdr,filename=", test_cdboot);
+qtest_add_data_func("cdrom/boot/isapc", "-M isapc "
+"-drive if=ide,media=cdrom,file=", test_cdboot);
+qtest_add_data_func("cdrom/boot/am53c974",
+  

[Qemu-devel] [PULL 10/30] ahci: make port write traces more descriptive

[John Snow]

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180531222835.16558-8-js...@redhat.com
[Changed format specifier. --js]
Signed-off-by: John Snow 
---
 hw/ide/ahci.c   | 8 +++-
 hw/ide/trace-events | 3 ++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 4e6f3f1514..a85847b165 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -27,6 +27,7 @@
 #include "hw/pci/pci.h"
 
 #include "qemu/error-report.h"
+#include "qemu/log.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/dma.h"
 #include "hw/ide/internal.h"
@@ -284,8 +285,8 @@ static void ahci_port_write(AHCIState *s, int port, int 
offset, uint32_t val)
 AHCIPortRegs *pr = >dev[port].port_regs;
 enum AHCIPortReg regnum = offset / sizeof(uint32_t);
 assert(regnum < (AHCI_PORT_ADDR_OFFSET_LEN / sizeof(uint32_t)));
+trace_ahci_port_write(s, port, AHCIPortReg_lookup[regnum], offset, val);
 
-trace_ahci_port_write(s, port, offset, val);
 switch (regnum) {
 case AHCI_PORT_REG_LST_ADDR:
 pr->lst_addr = val;
@@ -355,6 +356,11 @@ static void ahci_port_write(AHCIState *s, int port, int 
offset, uint32_t val)
 check_cmd(s, port);
 break;
 default:
+trace_ahci_port_write_unimpl(s, port, AHCIPortReg_lookup[regnum],
+ offset, val);
+qemu_log_mask(LOG_UNIMP, "Attempted write to unimplemented register: "
+  "AHCI port %d register %s, offset 0x%x: 0x%"PRIx32,
+  port, AHCIPortReg_lookup[regnum], offset, val);
 break;
 }
 }
diff --git a/hw/ide/trace-events b/hw/ide/trace-events
index 0db18d8271..1efbbb8114 100644
--- a/hw/ide/trace-events
+++ b/hw/ide/trace-events
@@ -69,7 +69,8 @@ ahci_irq_raise(void *s) "ahci(%p): raise irq"
 ahci_irq_lower(void *s) "ahci(%p): lower irq"
 ahci_check_irq(void *s, uint32_t old, uint32_t new) "ahci(%p): check irq 
0x%08x --> 0x%08x"
 ahci_trigger_irq(void *s, int port, const char *name, uint32_t val, uint32_t 
old, uint32_t new, uint32_t effective) "ahci(%p)[%d]: trigger irq +%s (0x%08x); 
irqstat: 0x%08x --> 0x%08x; effective: 0x%08x"
-ahci_port_write(void *s, int port, int offset, uint32_t val) "ahci(%p)[%d]: 
port write @ 0x%x: 0x%08x"
+ahci_port_write(void *s, int port, const char *reg, int offset, uint32_t val) 
"ahci(%p)[%d]: port write [reg:%s] @ 0x%x: 0x%08x"
+ahci_port_write_unimpl(void *s, int port, const char *reg, int offset, 
uint32_t val) "ahci(%p)[%d]: unimplemented port write [reg:%s] @ 0x%x: 0x%08x"
 ahci_mem_read_32(void *s, uint64_t addr, uint32_t val) "ahci(%p): mem read @ 
0x%"PRIx64": 0x%08x"
 ahci_mem_read(void *s, unsigned size, uint64_t addr, uint64_t val) "ahci(%p): 
read%u @ 0x%"PRIx64": 0x%016"PRIx64
 ahci_mem_write(void *s, unsigned size, uint64_t addr, uint64_t val) "ahci(%p): 
write%u @ 0x%"PRIx64": 0x%016"PRIx64
-- 
2.14.3

[Qemu-devel] [PULL 16/30] ahci: fix spacing damage on ahci_mem_write

[John Snow]

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180531222835.16558-14-js...@redhat.com
Signed-off-by: John Snow 
---
 hw/ide/ahci.c | 47 +++
 1 file changed, 23 insertions(+), 24 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index b31eb84aaa..51c3e96c80 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -469,37 +469,36 @@ static void ahci_mem_write(void *opaque, hwaddr addr,
 
 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) {
 switch (addr) {
-case HOST_CAP: /* R/WO, RO */
-/* FIXME handle R/WO */
-break;
-case HOST_CTL: /* R/W */
-if (val & HOST_CTL_RESET) {
-ahci_reset(s);
-} else {
-s->control_regs.ghc = (val & 0x3) | HOST_CTL_AHCI_EN;
-ahci_check_irq(s);
-}
-break;
-case HOST_IRQ_STAT: /* R/WC, RO */
-s->control_regs.irqstatus &= ~val;
+case HOST_CAP: /* R/WO, RO */
+/* FIXME handle R/WO */
+break;
+case HOST_CTL: /* R/W */
+if (val & HOST_CTL_RESET) {
+ahci_reset(s);
+} else {
+s->control_regs.ghc = (val & 0x3) | HOST_CTL_AHCI_EN;
 ahci_check_irq(s);
-break;
-case HOST_PORTS_IMPL: /* R/WO, RO */
-/* FIXME handle R/WO */
-break;
-case HOST_VERSION: /* RO */
-/* FIXME report write? */
-break;
-default:
-trace_ahci_mem_write_unknown(s, size, addr, val);
+}
+break;
+case HOST_IRQ_STAT: /* R/WC, RO */
+s->control_regs.irqstatus &= ~val;
+ahci_check_irq(s);
+break;
+case HOST_PORTS_IMPL: /* R/WO, RO */
+/* FIXME handle R/WO */
+break;
+case HOST_VERSION: /* RO */
+/* FIXME report write? */
+break;
+default:
+trace_ahci_mem_write_unknown(s, size, addr, val);
 }
 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) &&
(addr < (AHCI_PORT_REGS_START_ADDR +
-(s->ports * AHCI_PORT_ADDR_OFFSET_LEN {
+(s->ports * AHCI_PORT_ADDR_OFFSET_LEN {
 ahci_port_write(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7,
 addr & AHCI_PORT_ADDR_OFFSET_MASK, val);
 }
-
 }
 
 static const MemoryRegionOps ahci_mem_ops = {
-- 
2.14.3

[Qemu-devel] [PULL 18/30] ahci: delete old host register address definitions

[John Snow]

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180531222835.16558-16-js...@redhat.com
Signed-off-by: John Snow 
---
 hw/ide/ahci_internal.h | 6 --
 1 file changed, 6 deletions(-)

diff --git a/hw/ide/ahci_internal.h b/hw/ide/ahci_internal.h
index f9dcf8b6e6..2953243929 100644
--- a/hw/ide/ahci_internal.h
+++ b/hw/ide/ahci_internal.h
@@ -55,12 +55,6 @@
 #define RX_FIS_UNK0x60 /* offset of Unknown FIS data */
 
 /* global controller registers */
-#define HOST_CAP  0x00 /* host capabilities */
-#define HOST_CTL  0x04 /* global host control */
-#define HOST_IRQ_STAT 0x08 /* interrupt status */
-#define HOST_PORTS_IMPL   0x0c /* bitmap of implemented ports */
-#define HOST_VERSION  0x10 /* AHCI spec. version compliancy */
-
 enum AHCIHostReg {
 AHCI_HOST_REG_CAP= 0,  /* CAP: host capabilities */
 AHCI_HOST_REG_CTL= 1,  /* GHC: global host control */
-- 
2.14.3

[Qemu-devel] [PULL 20/30] tests/boot-sector: Add magic bytes to s390x boot code header

[John Snow]

From: Thomas Huth 

We're going to use the s390x boot code for testing CD-ROM booting.
But the ISO loader of the s390-ccw bios is a little bit more picky
than the network loader and expects some magic bytes in the header
of the file (see linux_s390_magic in pc-bios/s390-ccw/bootmap.c), so
we've got to add them in our boot code here, too.

Reviewed-by: Christian Borntraeger 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael S. Tsirkin 
Reviewed-by: Hervé Poussineau 
Acked-By: Mark Cave-Ayland 
Signed-off-by: Thomas Huth 
Signed-off-by: John Snow 
---
 tests/boot-sector.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tests/boot-sector.c b/tests/boot-sector.c
index c373f0e715..7824286b9a 100644
--- a/tests/boot-sector.c
+++ b/tests/boot-sector.c
@@ -68,8 +68,11 @@ static uint8_t x86_boot_sector[512] = {
 };
 
 /* For s390x, use a mini "kernel" with the appropriate signature */
-static const uint8_t s390x_psw[] = {
-0x00, 0x08, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00
+static const uint8_t s390x_psw_and_magic[] = {
+0x00, 0x08, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00,  /* Program status word  */
+0x02, 0x00, 0x00, 0x18, 0x60, 0x00, 0x00, 0x50,  /* Magic:   */
+0x02, 0x00, 0x00, 0x68, 0x60, 0x00, 0x00, 0x50,  /* see linux_s390_magic */
+0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40   /* in the s390-ccw bios */
 };
 static const uint8_t s390x_code[] = {
 0xa7, 0xf4, 0x00, 0x0a,/* j 0x10010 */
@@ -110,7 +113,7 @@ int boot_sector_init(char *fname)
 } else if (g_str_equal(arch, "s390x")) {
 len = 0x1 + sizeof(s390x_code);
 boot_code = g_malloc0(len);
-memcpy(boot_code, s390x_psw, sizeof(s390x_psw));
+memcpy(boot_code, s390x_psw_and_magic, sizeof(s390x_psw_and_magic));
 memcpy(_code[0x1], s390x_code, sizeof(s390x_code));
 } else {
 g_assert_not_reached();
-- 
2.14.3

[Qemu-devel] [PULL 07/30] ahci: fix spacing damage on ahci_port_write

[John Snow]

Churn.

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180531222835.16558-5-js...@redhat.com
[Fix patchew/checkpatch nit. --js]
Signed-off-by: John Snow 
---
 hw/ide/ahci.c | 142 +-
 1 file changed, 71 insertions(+), 71 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 1107a9b118..a19f46c301 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -279,85 +279,85 @@ static int ahci_cond_start_engines(AHCIDevice *ad)
 return 0;
 }
 
-static void  ahci_port_write(AHCIState *s, int port, int offset, uint32_t val)
+static void ahci_port_write(AHCIState *s, int port, int offset, uint32_t val)
 {
 AHCIPortRegs *pr = >dev[port].port_regs;
 
 trace_ahci_port_write(s, port, offset, val);
 switch (offset) {
-case PORT_LST_ADDR:
-pr->lst_addr = val;
-break;
-case PORT_LST_ADDR_HI:
-pr->lst_addr_hi = val;
-break;
-case PORT_FIS_ADDR:
-pr->fis_addr = val;
-break;
-case PORT_FIS_ADDR_HI:
-pr->fis_addr_hi = val;
-break;
-case PORT_IRQ_STAT:
-pr->irq_stat &= ~val;
-ahci_check_irq(s);
-break;
-case PORT_IRQ_MASK:
-pr->irq_mask = val & 0xfdc000ff;
-ahci_check_irq(s);
-break;
-case PORT_CMD:
-/* Block any Read-only fields from being set;
- * including LIST_ON and FIS_ON.
- * The spec requires to set ICC bits to zero after the ICC change
- * is done. We don't support ICC state changes, therefore always
- * force the ICC bits to zero.
- */
-pr->cmd = (pr->cmd & PORT_CMD_RO_MASK) |
-  (val & ~(PORT_CMD_RO_MASK|PORT_CMD_ICC_MASK));
+case PORT_LST_ADDR:
+pr->lst_addr = val;
+break;
+case PORT_LST_ADDR_HI:
+pr->lst_addr_hi = val;
+break;
+case PORT_FIS_ADDR:
+pr->fis_addr = val;
+break;
+case PORT_FIS_ADDR_HI:
+pr->fis_addr_hi = val;
+break;
+case PORT_IRQ_STAT:
+pr->irq_stat &= ~val;
+ahci_check_irq(s);
+break;
+case PORT_IRQ_MASK:
+pr->irq_mask = val & 0xfdc000ff;
+ahci_check_irq(s);
+break;
+case PORT_CMD:
+/* Block any Read-only fields from being set;
+ * including LIST_ON and FIS_ON.
+ * The spec requires to set ICC bits to zero after the ICC change
+ * is done. We don't support ICC state changes, therefore always
+ * force the ICC bits to zero.
+ */
+pr->cmd = (pr->cmd & PORT_CMD_RO_MASK) |
+(val & ~(PORT_CMD_RO_MASK | PORT_CMD_ICC_MASK));
 
-/* Check FIS RX and CLB engines */
-ahci_cond_start_engines(>dev[port]);
+/* Check FIS RX and CLB engines */
+ahci_cond_start_engines(>dev[port]);
 
-/* XXX usually the FIS would be pending on the bus here and
-   issuing deferred until the OS enables FIS receival.
-   Instead, we only submit it once - which works in most
-   cases, but is a hack. */
-if ((pr->cmd & PORT_CMD_FIS_ON) &&
-!s->dev[port].init_d2h_sent) {
-ahci_init_d2h(>dev[port]);
-}
+/* XXX usually the FIS would be pending on the bus here and
+   issuing deferred until the OS enables FIS receival.
+   Instead, we only submit it once - which works in most
+   cases, but is a hack. */
+if ((pr->cmd & PORT_CMD_FIS_ON) &&
+!s->dev[port].init_d2h_sent) {
+ahci_init_d2h(>dev[port]);
+}
 
-check_cmd(s, port);
-break;
-case PORT_TFDATA:
-/* Read Only. */
-break;
-case PORT_SIG:
-/* Read Only */
-break;
-case PORT_SCR_STAT:
-/* Read Only */
-break;
-case PORT_SCR_CTL:
-if (((pr->scr_ctl & AHCI_SCR_SCTL_DET) == 1) &&
-((val & AHCI_SCR_SCTL_DET) == 0)) {
-ahci_reset_port(s, port);
-}
-pr->scr_ctl = val;
-break;
-case PORT_SCR_ERR:
-pr->scr_err &= ~val;
-break;
-case PORT_SCR_ACT:
-/* RW1 */
-pr->scr_act |= val;
-break;
-case PORT_CMD_ISSUE:
-pr->cmd_issue |= val;
-check_cmd(s, port);
-break;
-default:
-break;
+check_cmd(s, port);
+break;
+case PORT_TFDATA:
+/* Read Only. */
+break;
+case PORT_SIG:
+/* Read Only */
+break;
+case PORT_SCR_STAT:
+/* Read Only */
+break;
+case PORT_SCR_CTL:
+if (((pr->scr_ctl & AHCI_SCR_SCTL_DET) == 1) &&
+

[Qemu-devel] [PULL 04/30] ahci: add port register enumeration

[John Snow]

Instead of tracking offsets, lets count the registers.

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180531222835.16558-2-js...@redhat.com
Signed-off-by: John Snow 
---
 hw/ide/ahci.c  | 25 +
 hw/ide/ahci_internal.h | 29 +
 2 files changed, 54 insertions(+)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index ac4bc1738b..9815a64b5a 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -46,6 +46,31 @@ static bool ahci_map_fis_address(AHCIDevice *ad);
 static void ahci_unmap_clb_address(AHCIDevice *ad);
 static void ahci_unmap_fis_address(AHCIDevice *ad);
 
+__attribute__((__unused__)) /* TODO */
+static const char *AHCIPortReg_lookup[AHCI_PORT_REG__COUNT] = {
+[AHCI_PORT_REG_LST_ADDR]= "PxCLB",
+[AHCI_PORT_REG_LST_ADDR_HI] = "PxCLBU",
+[AHCI_PORT_REG_FIS_ADDR]= "PxFB",
+[AHCI_PORT_REG_FIS_ADDR_HI] = "PxFBU",
+[AHCI_PORT_REG_IRQ_STAT]= "PxIS",
+[AHCI_PORT_REG_IRQ_MASK]= "PXIE",
+[AHCI_PORT_REG_CMD] = "PxCMD",
+[7] = "Reserved",
+[AHCI_PORT_REG_TFDATA]  = "PxTFD",
+[AHCI_PORT_REG_SIG] = "PxSIG",
+[AHCI_PORT_REG_SCR_STAT]= "PxSSTS",
+[AHCI_PORT_REG_SCR_CTL] = "PxSCTL",
+[AHCI_PORT_REG_SCR_ERR] = "PxSERR",
+[AHCI_PORT_REG_SCR_ACT] = "PxSACT",
+[AHCI_PORT_REG_CMD_ISSUE]   = "PxCI",
+[AHCI_PORT_REG_SCR_NOTIF]   = "PxSNTF",
+[AHCI_PORT_REG_FIS_CTL] = "PxFBS",
+[AHCI_PORT_REG_DEV_SLEEP]   = "PxDEVSLP",
+[18 ... 27] = "Reserved",
+[AHCI_PORT_REG_VENDOR_1 ...
+ AHCI_PORT_REG_VENDOR_4]= "PxVS",
+};
+
 static const char *AHCIPortIRQ_lookup[AHCI_PORT_IRQ__COUNT] = {
 [AHCI_PORT_IRQ_BIT_DHRS] = "DHRS",
 [AHCI_PORT_IRQ_BIT_PSS]  = "PSS",
diff --git a/hw/ide/ahci_internal.h b/hw/ide/ahci_internal.h
index 1a25d6c039..eb7e1eefc0 100644
--- a/hw/ide/ahci_internal.h
+++ b/hw/ide/ahci_internal.h
@@ -74,6 +74,34 @@
 #define HOST_CAP_NCQ  (1 << 30) /* Native Command Queueing */
 #define HOST_CAP_64   (1U << 31) /* PCI DAC (64-bit DMA) support */
 
+/* registers for each SATA port */
+enum AHCIPortReg {
+AHCI_PORT_REG_LST_ADDR= 0, /* PxCLB: command list DMA addr */
+AHCI_PORT_REG_LST_ADDR_HI = 1, /* PxCLBU: command list DMA addr hi */
+AHCI_PORT_REG_FIS_ADDR= 2, /* PxFB: FIS rx buf addr */
+AHCI_PORT_REG_FIS_ADDR_HI = 3, /* PxFBU: FIX rx buf addr hi */
+AHCI_PORT_REG_IRQ_STAT= 4, /* PxIS: interrupt status */
+AHCI_PORT_REG_IRQ_MASK= 5, /* PxIE: interrupt enable/disable mask */
+AHCI_PORT_REG_CMD = 6, /* PxCMD: port command */
+/* RESERVED */
+AHCI_PORT_REG_TFDATA  = 8, /* PxTFD: taskfile data */
+AHCI_PORT_REG_SIG = 9, /* PxSIG: device TF signature */
+AHCI_PORT_REG_SCR_STAT= 10, /* PxSSTS: SATA phy register: SStatus */
+AHCI_PORT_REG_SCR_CTL = 11, /* PxSCTL: SATA phy register: SControl */
+AHCI_PORT_REG_SCR_ERR = 12, /* PxSERR: SATA phy register: SError */
+AHCI_PORT_REG_SCR_ACT = 13, /* PxSACT: SATA phy register: SActive */
+AHCI_PORT_REG_CMD_ISSUE   = 14, /* PxCI: command issue */
+AHCI_PORT_REG_SCR_NOTIF   = 15, /* PxSNTF: SATA phy register: 
SNotification */
+AHCI_PORT_REG_FIS_CTL = 16, /* PxFBS: Port multiplier switching ctl */
+AHCI_PORT_REG_DEV_SLEEP   = 17, /* PxDEVSLP: device sleep control */
+/* RESERVED */
+AHCI_PORT_REG_VENDOR_1= 28, /* PxVS: Vendor Specific */
+AHCI_PORT_REG_VENDOR_2= 29,
+AHCI_PORT_REG_VENDOR_3= 30,
+AHCI_PORT_REG_VENDOR_4= 31,
+AHCI_PORT_REG__COUNT  = 32
+};
+
 /* registers for each SATA port */
 #define PORT_LST_ADDR 0x00 /* command list DMA addr */
 #define PORT_LST_ADDR_HI  0x04 /* command list DMA addr hi */
@@ -82,6 +110,7 @@
 #define PORT_IRQ_STAT 0x10 /* interrupt status */
 #define PORT_IRQ_MASK 0x14 /* interrupt enable/disable mask */
 #define PORT_CMD  0x18 /* port command */
+
 #define PORT_TFDATA   0x20 /* taskfile data */
 #define PORT_SIG  0x24 /* device TF signature */
 #define PORT_SCR_STAT 0x28 /* SATA phy register: SStatus */
-- 
2.14.3

[Qemu-devel] [PULL 15/30] ahci: make mem_read_32 traces more descriptive

[John Snow]

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 20180531222835.16558-13-js...@redhat.com
Signed-off-by: John Snow 
---
 hw/ide/ahci.c   | 7 +--
 hw/ide/trace-events | 3 +++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 99cbfe6447..b31eb84aaa 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -47,7 +47,6 @@ static bool ahci_map_fis_address(AHCIDevice *ad);
 static void ahci_unmap_clb_address(AHCIDevice *ad);
 static void ahci_unmap_fis_address(AHCIDevice *ad);
 
-__attribute__((__unused__)) /* TODO */
 static const char *AHCIHostReg_lookup[AHCI_HOST_REG__COUNT] = {
 [AHCI_HOST_REG_CAP]= "CAP",
 [AHCI_HOST_REG_CTL]= "GHC",
@@ -406,13 +405,17 @@ static uint64_t ahci_mem_read_32(void *opaque, hwaddr 
addr)
 val = s->control_regs.version;
 break;
 default:
-break;
+trace_ahci_mem_read_32_host_default(s, AHCIHostReg_lookup[regnum],
+addr);
 }
+trace_ahci_mem_read_32_host(s, AHCIHostReg_lookup[regnum], addr, val);
 } else if ((addr >= AHCI_PORT_REGS_START_ADDR) &&
(addr < (AHCI_PORT_REGS_START_ADDR +
 (s->ports * AHCI_PORT_ADDR_OFFSET_LEN {
 val = ahci_port_read(s, (addr - AHCI_PORT_REGS_START_ADDR) >> 7,
  addr & AHCI_PORT_ADDR_OFFSET_MASK);
+} else {
+trace_ahci_mem_read_32_default(s, addr, val);
 }
 
 trace_ahci_mem_read_32(s, addr, val);
diff --git a/hw/ide/trace-events b/hw/ide/trace-events
index 1efbbb8114..8149a54db8 100644
--- a/hw/ide/trace-events
+++ b/hw/ide/trace-events
@@ -72,6 +72,9 @@ ahci_trigger_irq(void *s, int port, const char *name, 
uint32_t val, uint32_t old
 ahci_port_write(void *s, int port, const char *reg, int offset, uint32_t val) 
"ahci(%p)[%d]: port write [reg:%s] @ 0x%x: 0x%08x"
 ahci_port_write_unimpl(void *s, int port, const char *reg, int offset, 
uint32_t val) "ahci(%p)[%d]: unimplemented port write [reg:%s] @ 0x%x: 0x%08x"
 ahci_mem_read_32(void *s, uint64_t addr, uint32_t val) "ahci(%p): mem read @ 
0x%"PRIx64": 0x%08x"
+ahci_mem_read_32_default(void *s, uint64_t addr, uint32_t val) "ahci(%p): mem 
read @ 0x%"PRIx64": 0x%08x"
+ahci_mem_read_32_host(void *s, const char *reg, uint64_t addr, uint32_t val) 
"ahci(%p): mem read [reg:%s] @ 0x%"PRIx64": 0x%08x"
+ahci_mem_read_32_host_default(void *s, const char *reg, uint64_t addr) 
"ahci(%p): unimplemented mem read [reg:%s] @ 0x%"PRIx64
 ahci_mem_read(void *s, unsigned size, uint64_t addr, uint64_t val) "ahci(%p): 
read%u @ 0x%"PRIx64": 0x%016"PRIx64
 ahci_mem_write(void *s, unsigned size, uint64_t addr, uint64_t val) "ahci(%p): 
write%u @ 0x%"PRIx64": 0x%016"PRIx64
 ahci_mem_write_unknown(void *s, unsigned size, uint64_t addr, uint64_t val) 
"ahci(%p): write%u to unknown register 0x%"PRIx64": 0x%016"PRIx64
-- 
2.14.3