Re: [Qemu-devel] [qemu-s390x] [PATCH v5] s390x: Enable KVM huge page backing support

[Thomas Huth]

On 08/02/2018 09:02 AM, Janosch Frank wrote:
> QEMU has had huge page support for a longer time already, but KVM
> memory management under s390x needed some changes to work with huge
> backings.
> 
> Now that we have support, let's enable it if requested and
> available. Otherwise we now properly tell the user if there is no
> support and back out instead of failing to run the VM later on.
> 
> Signed-off-by: Janosch Frank 
> Reviewed-by: David Hildenbrand 
> ---
> 
> Now featuring all of the required braces.
> 
> ---
>  target/s390x/kvm.c | 35 +--
>  1 file changed, 33 insertions(+), 2 deletions(-)
> 
> diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
> index d923cf4240..8ba948c324 100644
> --- a/target/s390x/kvm.c
> +++ b/target/s390x/kvm.c
> @@ -34,6 +34,8 @@
>  #include "qapi/error.h"
>  #include "qemu/error-report.h"
>  #include "qemu/timer.h"
> +#include "qemu/units.h"
> +#include "qemu/mmap-alloc.h"
>  #include "sysemu/sysemu.h"
>  #include "sysemu/hw_accel.h"
>  #include "hw/hw.h"
> @@ -139,6 +141,7 @@ static int cap_mem_op;
>  static int cap_s390_irq;
>  static int cap_ri;
>  static int cap_gs;
> +static int cap_hpage_1m;
>  
>  static int active_cmma;
>  
> @@ -220,9 +223,9 @@ static void kvm_s390_enable_cmma(void)
>  .attr = KVM_S390_VM_MEM_ENABLE_CMMA,
>  };
>  
> -if (mem_path) {
> +if (cap_hpage_1m) {
>  warn_report("CMM will not be enabled because it is not "
> -"compatible with hugetlbfs.");
> +"compatible with huge memory backings.");
>  return;
>  }
>  rc = kvm_vm_ioctl(kvm_state, KVM_SET_DEVICE_ATTR, );
> @@ -281,10 +284,38 @@ void kvm_s390_crypto_reset(void)
>  }
>  }
>  
> +static int kvm_s390_configure_mempath_backing(KVMState *s)
> +{
> +size_t path_psize = qemu_mempath_getpagesize(mem_path);
> +
> +if (path_psize == 4 * KiB) {
> +return 0;
> +}
> +
> +if (path_psize != 1 * MiB) {
> +error_report("Memory backing with 2G pages was specified, "
> + "but KVM does not support this memory backing");
> +return -EINVAL;
> +}
> +
> +if (kvm_vm_enable_cap(s, KVM_CAP_S390_HPAGE_1M, 0)) {
> +error_report("Memory backing with 1M pages was specified, "
> + "but KVM does not support this memory backing");
> +return -EINVAL;
> +}
> +
> +cap_hpage_1m = 1;
> +return 0;
> +}
> +
>  int kvm_arch_init(MachineState *ms, KVMState *s)
>  {
>  MachineClass *mc = MACHINE_GET_CLASS(ms);
>  
> +if (mem_path && kvm_s390_configure_mempath_backing(s)) {
> +return -EINVAL;
> +}
> +
>  mc->default_cpu_type = S390_CPU_TYPE_NAME("host");
>  cap_sync_regs = kvm_check_extension(s, KVM_CAP_SYNC_REGS);
>  cap_async_pf = kvm_check_extension(s, KVM_CAP_ASYNC_PF);

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [Qemu-ppc] [PULL 0/2] ppc-for-3.0 queue 20180801

[Thomas Huth]

On 08/02/2018 04:07 PM, David Gibson wrote:
> On Thu, Aug 02, 2018 at 10:16:32AM +0100, Peter Maydell wrote:
>> On 2 August 2018 at 08:08, David Gibson  wrote:
>>> The macio fix, however, *is* a regression from 2.12.  Whether it's
>>> severe enough to warrant another -rc, I'm not sure.  It is a bad
>>> pointer access which is, well, bad.  It doesn't seem to bite
>>> obviously, needing valgrind to pick it up, but possibly that's just
>>> luck.
>>
>> I thought those introspection-bugs like the macio ones weren't
>> regressions ?
> 
> Well, I ran Thomas's testcase on master and it generates several
> valgrind warnings, which don't appear on either 2.12 or master+the
> patch.

Maybe the macio bug is something new, but we had plenty of these
introspetion bugs in the other code (mainly the ARM code) which were
clearly there since a looong time already and nobody ever complained. So
it seems quite unusual that upper layer tools / the users are using the
introspection feature of QEMU. Thus I'd say this bug is not important
enough to block the release. We could fix it in the stable branch instead.

 Thomas



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 0/3] hw/ppc: Convert various devices away from old_mmio

[David Gibson]

On Thu, Aug 02, 2018 at 03:44:27PM +0100, Peter Maydell wrote:
> This patchset removes various uses of old_mmio from minor PPC
> devices:
>  * hw/ppc/prep had an entirely ifdeffed-out stub of an XCSR device,
>which we remove
>  * hw/ppc/ppc_boards had ref405ep_fpga
>  * hw/ppc/ppc405_uc had three minor devices
> 
> As you can see from the diffstat, the new API provides much
> cleaner ways to handle the various different access sizes.
> 
> This knocks another five old_mmio uses out of the codebase,
> leaving us with just five to go.
> 
> NB: Tested only with 'make check'.

Applied to ppc-for-3.1, thanks.

> 
> thanks
> -- PMM
> 
> Peter Maydell (3):
>   hw/ppc/prep: Remove ifdeffed-out stub of XCSR code
>   hw/ppc/ppc_boards: Don't use old_mmio for ref405ep_fpga
>   hw/ppc/ppc405_uc: Convert away from old_mmio
> 
>  hw/ppc/ppc405_boards.c |  60 +++---
>  hw/ppc/ppc405_uc.c | 173 ++---
>  hw/ppc/prep.c  |  97 +--
>  3 files changed, 39 insertions(+), 291 deletions(-)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH v4 3/3] arm: Add BBC micro:bit machine

[Joel Stanley]

This adds the base for a machine model of the BBC micro:bit:

  https://en.wikipedia.org/wiki/Micro_Bit

This is a system with a nRF51 SoC containing the main processor, with
various peripherals on board.

Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Joel Stanley 
---
v2:
 - Instead of setting kernel filename property, load the image directly
 - Add link to hardware overview website
v3:
 - Rebase microbit on m0 changes
 - Remove hard-coded flash size and retrieve from the soc
 - Add Stefan's reviewed-by
---
 hw/arm/Makefile.objs |  2 +-
 hw/arm/microbit.c| 54 
 2 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/microbit.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index e31875ec69bc..2798a257921d 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -36,4 +36,4 @@ obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o
 obj-$(CONFIG_IOTKIT) += iotkit.o
 obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o mcimx7d-sabre.o
 obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o smmuv3.o
-obj-$(CONFIG_NRF51_SOC) += nrf51_soc.o
+obj-$(CONFIG_NRF51_SOC) += nrf51_soc.o microbit.o
diff --git a/hw/arm/microbit.c b/hw/arm/microbit.c
new file mode 100644
index ..ecf64e883f4f
--- /dev/null
+++ b/hw/arm/microbit.c
@@ -0,0 +1,54 @@
+/*
+ * BBC micro:bit machine
+ * http://tech.microbit.org/hardware/
+ *
+ * Copyright 2018 Joel Stanley 
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/boards.h"
+#include "hw/arm/arm.h"
+#include "exec/address-spaces.h"
+
+#include "hw/arm/nrf51_soc.h"
+
+typedef struct {
+MachineState parent;
+
+NRF51State nrf51;
+} MICROBITMachineState;
+
+#define TYPE_MICROBIT_MACHINE "microbit"
+
+#define MICROBIT_MACHINE(obj) \
+OBJECT_CHECK(MICROBITMachineState, obj, TYPE_MICROBIT_MACHINE)
+
+static void microbit_init(MachineState *machine)
+{
+MICROBITMachineState *s = g_new(MICROBITMachineState, 1);
+MemoryRegion *system_memory = get_system_memory();
+Object *soc;
+
+object_initialize(>nrf51, sizeof(s->nrf51), TYPE_NRF51_SOC);
+soc = OBJECT(>nrf51);
+object_property_add_child(OBJECT(machine), "nrf51", soc, _fatal);
+object_property_set_link(soc, OBJECT(system_memory),
+ "memory", _abort);
+
+object_property_set_bool(soc, true, "realized", _abort);
+
+arm_m_profile_load_kernel(ARM_CPU(first_cpu), machine->kernel_filename,
+NRF51_SOC(soc)->flash_size);
+}
+
+static void microbit_machine_init(MachineClass *mc)
+{
+mc->desc = "BBC micro:bit";
+mc->init = microbit_init;
+mc->max_cpus = 1;
+}
+DEFINE_MACHINE("microbit", microbit_machine_init);
-- 
2.17.1

[Qemu-devel] [PATCH v4 2/3] arm: Add Nordic Semiconductor nRF51 SoC

[Joel Stanley]

The nRF51 is a Cortex-M0 microcontroller with an on-board radio module,
plus other common ARM SoC peripherals.

 http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf

This defines a basic model of the CPU and memory, with no peripherals
implemented at this stage.

Signed-off-by: Joel Stanley 
---
v2:
  put memory as struct fileds in state structure
  pass OBJECT(s) as owner, not NULL
  Add missing addresses for ficr
  Fix flash and sram sizes for microbit
  Embed cpu object in state object an initalise it without use of armv7m_init
  Link to datasheet
v3:
  rebase nrf51 on m0 changes
  remove unused kernel_filename
  clarify flash and sram size
  make flash and sram size properties of the soc state
v4:
  set the number of interrupts to 32
---
 default-configs/arm-softmmu.mak |   1 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/nrf51_soc.c  | 119 
 include/hw/arm/nrf51_soc.h  |  42 +++
 4 files changed, 163 insertions(+)
 create mode 100644 hw/arm/nrf51_soc.c
 create mode 100644 include/hw/arm/nrf51_soc.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index e704cb6e34d7..3432721d7d08 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -102,6 +102,7 @@ CONFIG_STM32F2XX_SYSCFG=y
 CONFIG_STM32F2XX_ADC=y
 CONFIG_STM32F2XX_SPI=y
 CONFIG_STM32F205_SOC=y
+CONFIG_NRF51_SOC=y
 
 CONFIG_CMSDK_APB_TIMER=y
 CONFIG_CMSDK_APB_UART=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index b1e4f8f006aa..e31875ec69bc 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -36,3 +36,4 @@ obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o
 obj-$(CONFIG_IOTKIT) += iotkit.o
 obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o mcimx7d-sabre.o
 obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o smmuv3.o
+obj-$(CONFIG_NRF51_SOC) += nrf51_soc.o
diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c
new file mode 100644
index ..27b57e64735c
--- /dev/null
+++ b/hw/arm/nrf51_soc.c
@@ -0,0 +1,119 @@
+/*
+ * Nordic Semiconductor nRF51 SoC
+ * http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.1.pdf
+ *
+ * Copyright 2018 Joel Stanley 
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "hw/arm/arm.h"
+#include "hw/sysbus.h"
+#include "hw/boards.h"
+#include "hw/devices.h"
+#include "hw/misc/unimp.h"
+#include "exec/address-spaces.h"
+#include "sysemu/sysemu.h"
+#include "qemu/log.h"
+#include "cpu.h"
+
+#include "hw/arm/nrf51_soc.h"
+
+#define IOMEM_BASE  0x4000
+#define IOMEM_SIZE  0x2000
+
+#define FICR_BASE   0x1000
+#define FICR_SIZE   0x00fc
+
+#define FLASH_BASE  0x
+#define SRAM_BASE   0x2000
+
+/* The size and base is for the NRF51822 part. If other parts
+ * are supported in the future, add a sub-class of NRF51SoC for
+ * the specific variants */
+#define NRF51822_FLASH_SIZE (256 * 1024)
+#define NRF51822_SRAM_SIZE  (16 * 1024)
+
+static void nrf51_soc_realize(DeviceState *dev_soc, Error **errp)
+{
+NRF51State *s = NRF51_SOC(dev_soc);
+Error *err = NULL;
+
+if (!s->board_memory) {
+error_setg(errp, "memory property was not set");
+return;
+}
+
+object_property_set_link(OBJECT(>cpu), OBJECT(>container), "memory",
+);
+object_property_set_bool(OBJECT(>cpu), true, "realized", );
+
+memory_region_add_subregion_overlap(>container, 0, s->board_memory, -1);
+
+memory_region_init_ram(>flash, OBJECT(s), "nrf51.flash", s->flash_size,
+);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+memory_region_set_readonly(>flash, true);
+memory_region_add_subregion(>container, FLASH_BASE, >flash);
+
+memory_region_init_ram(>sram, NULL, "nrf51.sram", s->sram_size, );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+memory_region_add_subregion(>container, SRAM_BASE, >sram);
+
+create_unimplemented_device("nrf51_soc.io", IOMEM_BASE, IOMEM_SIZE);
+create_unimplemented_device("nrf51_soc.ficr", FICR_BASE, FICR_SIZE);
+create_unimplemented_device("nrf51_soc.private", 0xF000, 0x1000);
+}
+
+static void nrf51_soc_init(Object *obj)
+{
+NRF51State *s = NRF51_SOC(obj);
+
+memory_region_init(>container, obj, "nrf51-container", UINT64_MAX);
+
+object_initialize(>cpu, sizeof(s->cpu), TYPE_ARM_M_PROFILE);
+object_property_add_child(OBJECT(s), "armv6m", OBJECT(>cpu), 
_abort);
+qdev_set_parent_bus(DEVICE(>cpu), sysbus_get_default());
+qdev_prop_set_string(DEVICE(>cpu), "cpu-type", 
ARM_CPU_TYPE_NAME("cortex-m0"));
+qdev_prop_set_uint32(DEVICE(>cpu), "num-irq", 32);
+}
+
+static Property nrf51_soc_properties[] = {
+DEFINE_PROP_LINK("memory", NRF51State, board_memory, TYPE_MEMORY_REGION,
+ MemoryRegion *),
+

[Qemu-devel] [PATCH v4 0/3] arm: Add nRF51 SoC and micro:bit machine

[Joel Stanley]

v4: Fix number of IRQs
Based-on: 20180725085944.11856-1-stefa...@redhat.com

This short series implements a minimal definition of the Nordic
Semiconductor nRF51, a Cortex-M0 ARM SoC, and the BBC micro:bit, a
machine that will use this SoC.

This work will serve as the base for our Google Summer of Code and
Outreachy interns who will work on implementing a number of features on
top of this base.

I've tested this with a microbit micropython firmware, and checked that
it starts running by looking at it with gdb.

I chose to keep the nrf51 and the microbit seperate, to not confuse the
peripherals that are on the microbit but are not part of the nrf51, and
vice versa.

Joel Stanley (3):
  MAINTAINERS: Add NRF51 entry
  arm: Add Nordic Semiconductor nRF51 SoC
  arm: Add BBC micro:bit machine

 MAINTAINERS |   8 +++
 default-configs/arm-softmmu.mak |   1 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/microbit.c   |  54 +++
 hw/arm/nrf51_soc.c  | 119 
 include/hw/arm/nrf51_soc.h  |  42 +++
 6 files changed, 225 insertions(+)
 create mode 100644 hw/arm/microbit.c
 create mode 100644 hw/arm/nrf51_soc.c
 create mode 100644 include/hw/arm/nrf51_soc.h

-- 
2.17.1

[Qemu-devel] [PATCH v4 1/3] MAINTAINERS: Add NRF51 entry

[Joel Stanley]

This contains the NRF51, and the machine that uses it, the BBC
micro:bit.

Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Joel Stanley 
---
v3:
  fix spelling of mailing list
  add stefan's reviewed-by
---
 MAINTAINERS | 8 
 1 file changed, 8 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index c48d9271cf15..5a0d2e327d4a 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -656,6 +656,14 @@ F: include/hw/*/*aspeed*
 F: hw/net/ftgmac100.c
 F: include/hw/net/ftgmac100.h
 
+NRF51
+M: Joel Stanley 
+L: qemu-...@nongnu.org
+S: Maintained
+F: hw/arm/nrf51_soc.c
+F: hw/arm/microbit.c
+F: include/hw/arm/nrf51_soc.h
+
 CRIS Machines
 -
 Axis Dev88
-- 
2.17.1

[Qemu-devel] Can I create img more thant 16TB?

[lampahome]

There's file size maximum in ext4 and it's 16TB

Can I create qcow2 ex:32TB and write more than 16TB?

thx

[Qemu-devel] Efficacy of jitterentropy RNG on qemu-kvm Guests

[procmem]

Hello. I'm a distro maintainer and was wondering about the efficacy of
entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the
authors of haveged [0] pointed out if the hardware cycles counter is
emulated and deterministic, and thus predictible. He therefore does not
recommend using HAVEGE on those systems. Is this the case with KVM's
counters?

PS. I will be setting VM CPU settings to host-passthrough.

Bonus: Also if anyone knows the answer to this question about Xen please
let me know because its the other main platform we support and they
don't have the luxury of virtio-rng in PVH mode.

Thanks.

[0]
https://github.com/BetterCrypto/Applied-Crypto-Hardening/commit/cf7cef7a870c1b77089b1bd6209ded6525b5a4e0#commitcomment-23006392

Re: [Qemu-devel] [PATCH] migrate/cpu-throttle: Add max-cpu-throttle migration parameter

[Li Qiang]

2018-08-02 18:47 GMT+08:00 Dr. David Alan Gilbert :

> * Li Qiang (liq...@gmail.com) wrote:
> > Currently, the default maximum CPU throttle for migration is
> > 99(CPU_THROTTLE_PCT_MAX). This is too big and can make a remarkable
> > performance effect for the guest. We see a lot of packets latency
> > exceed 500ms when the CPU_THROTTLE_PCT_MAX reached. This patch set
> > adds a new max-cpu-throttle parameter to limit the CPU throttle.
>
> I think this is OK, so
>
> Reviewed-by: Dr. David Alan Gilbert 
>
> but I do have one comment below which made me think
>
> > Signed-off-by: Li Qiang 
> > ---
> >  hmp.c |  8 
> >  migration/migration.c | 23 ++-
> >  migration/migration.h |  1 +
> >  migration/ram.c   |  4 +++-
> >  qapi/migration.json   | 21 ++---
> >  5 files changed, 52 insertions(+), 5 deletions(-)
> >
> > diff --git a/hmp.c b/hmp.c
> > index 2aafb50e8e..c38e8b1f78 100644
> > --- a/hmp.c
> > +++ b/hmp.c
> > @@ -339,6 +339,10 @@ void hmp_info_migrate_parameters(Monitor *mon,
> const QDict *qdict)
> >  monitor_printf(mon, "%s: %u\n",
> >  MigrationParameter_str(MIGRATION_PARAMETER_CPU_
> THROTTLE_INCREMENT),
> >  params->cpu_throttle_increment);
> > +assert(params->has_max_cpu_throttle);
> > +monitor_printf(mon, "%s: %u\n",
> > +MigrationParameter_str(MIGRATION_PARAMETER_MAX_CPU_
> THROTTLE),
> > +params->max_cpu_throttle);
> >  assert(params->has_tls_creds);
> >  monitor_printf(mon, "%s: '%s'\n",
> >  MigrationParameter_str(MIGRATION_PARAMETER_TLS_CREDS),
> > @@ -1635,6 +1639,10 @@ void hmp_migrate_set_parameter(Monitor *mon,
> const QDict *qdict)
> >  p->has_cpu_throttle_increment = true;
> >  visit_type_int(v, param, >cpu_throttle_increment, );
> >  break;
> > +case MIGRATION_PARAMETER_MAX_CPU_THROTTLE:
> > +p->has_max_cpu_throttle = true;
> > +visit_type_int(v, param, >max_cpu_throttle, );
> > +break;
> >  case MIGRATION_PARAMETER_TLS_CREDS:
> >  p->has_tls_creds = true;
> >  p->tls_creds = g_new0(StrOrNull, 1);
> > diff --git a/migration/migration.c b/migration/migration.c
> > index b7d9854bda..570da6c0e7 100644
> > --- a/migration/migration.c
> > +++ b/migration/migration.c
> > @@ -71,6 +71,7 @@
> >  /* Define default autoconverge cpu throttle migration parameters */
> >  #define DEFAULT_MIGRATE_CPU_THROTTLE_INITIAL 20
> >  #define DEFAULT_MIGRATE_CPU_THROTTLE_INCREMENT 10
> > +#define DEFAULT_MIGRATE_MAX_CPU_THROTTLE 99
> >
> >  /* Migration XBZRLE default cache size */
> >  #define DEFAULT_MIGRATE_XBZRLE_CACHE_SIZE (64 * 1024 * 1024)
> > @@ -697,6 +698,8 @@ MigrationParameters *qmp_query_migrate_parameters(Error
> **errp)
> >  params->xbzrle_cache_size = s->parameters.xbzrle_cache_size;
> >  params->has_max_postcopy_bandwidth = true;
> >  params->max_postcopy_bandwidth = s->parameters.max_postcopy_
> bandwidth;
> > +params->has_max_cpu_throttle = true;
> > +params->max_cpu_throttle = s->parameters.max_cpu_throttle;
> >
> >  return params;
> >  }
> > @@ -1043,6 +1046,15 @@ static bool migrate_params_check(MigrationParameters
> *params, Error **errp)
> >  return false;
> >  }
> >
> > +if (params->has_max_cpu_throttle &&
> > +(params->max_cpu_throttle < params->cpu_throttle_initial ||
> > + params->max_cpu_throttle > 99)) {
> > +error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
> > +   "max_cpu_throttle",
> > +   "an integer in the range of cpu_throttle_initial to
> 99");
> > +return false;
> > +}
> > +
> >  return true;
> >  }
> >
> > @@ -1110,6 +1122,9 @@ static void 
> > migrate_params_test_apply(MigrateSetParameters
> *params,
> >  if (params->has_max_postcopy_bandwidth) {
> >  dest->max_postcopy_bandwidth = params->max_postcopy_bandwidth;
> >  }
> > +if (params->has_max_cpu_throttle) {
> > +dest->max_cpu_throttle = params->max_cpu_throttle;
> > +}
> >  }
> >
> >  static void migrate_params_apply(MigrateSetParameters *params, Error
> **errp)
> > @@ -1185,6 +1200,9 @@ static void migrate_params_apply(MigrateSetParameters
> *params, Error **errp)
> >  if (params->has_max_postcopy_bandwidth) {
> >  s->parameters.max_postcopy_bandwidth = params->max_postcopy_
> bandwidth;
> >  }
> > +if (params->has_max_cpu_throttle) {
> > +s->parameters.max_cpu_throttle = params->max_cpu_throttle;
> > +}
> >  }
> >
> >  void qmp_migrate_set_parameters(MigrateSetParameters *params, Error
> **errp)
> > @@ -1962,7 +1980,6 @@ static int64_t migrate_max_postcopy_
> bandwidth(void)
> >  return s->parameters.max_postcopy_bandwidth;
> >  }
> >
> > -
> >  bool migrate_use_block(void)
> >  {
> >  MigrationState *s;
> > @@ -3160,6 +3177,9 @@ static Property migration_properties[] = {
> >  

[Qemu-devel] Node deletion in aio_set_fd_handler

[Fam Zheng]

Paolo, is this else branch dead code (or bug?):

/* If the lock is held, just mark the node as deleted */
if (qemu_lockcnt_count(>list_lock)) {
node->deleted = 1;
node->pfd.revents = 0;
} else {
/* Otherwise, delete it for real.  We can't just mark it as
 * deleted because deleted nodes are only cleaned up while
 * no one is walking the handlers list.
 */
QLIST_REMOVE(node, node);
deleted = true;
}

Since we are in a qemu_lockcnt_lock/unlock section?

Fam

Re: [Qemu-devel] [PATCH] qemu-img.c: Add examples section

[Programmingkid]

> On Aug 2, 2018, at 10:10 PM, Fam Zheng  wrote:
> 
> On Thu, 08/02 20:50, John Arbuckle wrote:
>> Add an examples section to the help output.
>> 
>> Signed-off-by: John Arbuckle 
>> ---
>> qemu-img.c | 11 +++
>> 1 file changed, 11 insertions(+)
>> 
>> diff --git a/qemu-img.c b/qemu-img.c
>> index 1acddf693c..f77c82695d 100644
>> --- a/qemu-img.c
>> +++ b/qemu-img.c
>> @@ -199,6 +199,17 @@ static void QEMU_NORETURN help(void)
>> 
>> printf("%s\nSupported formats:", help_msg);
>> bdrv_iterate_format(format_print, NULL);
>> +
>> +printf("\n\nExamples:\n\n"
>> +   "Create: qemu-img create -f qcow2 image.qcow2 10G\n\n"
>> +   "Info: qemu-img info image.qcow2\n\n"
>> +   "Resize: qemu-img resize image.qcow2 20G\n\n"
>> +   "Convert: qemu-img convert -f raw -O qcow2 image.img 
>> image.qcow2\n\n"
>> +   "Check: qemu-img check image.qcow2\n\n"
>> +   "Map: qemu-img map -f qcow2 --output=human image.qcow2\n\n"
>> +   "Rebase: qemu-img rebase -b new_backing_file.qcow2 image.qcow2"
>> +   );
> 
> The text looks good but maybe it's better to condense the section by using 
> only
> one \n between command lines instead of two?
> 
> Fam

It would be harder on the user's eyes if I did that.

Thank you for reviewing my patch.

Re: [Qemu-devel] [PATCH] qemu-img.c: Add examples section

[Fam Zheng]

On Thu, 08/02 20:50, John Arbuckle wrote:
> Add an examples section to the help output.
> 
> Signed-off-by: John Arbuckle 
> ---
>  qemu-img.c | 11 +++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/qemu-img.c b/qemu-img.c
> index 1acddf693c..f77c82695d 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c
> @@ -199,6 +199,17 @@ static void QEMU_NORETURN help(void)
>  
>  printf("%s\nSupported formats:", help_msg);
>  bdrv_iterate_format(format_print, NULL);
> +
> +printf("\n\nExamples:\n\n"
> +   "Create: qemu-img create -f qcow2 image.qcow2 10G\n\n"
> +   "Info: qemu-img info image.qcow2\n\n"
> +   "Resize: qemu-img resize image.qcow2 20G\n\n"
> +   "Convert: qemu-img convert -f raw -O qcow2 image.img 
> image.qcow2\n\n"
> +   "Check: qemu-img check image.qcow2\n\n"
> +   "Map: qemu-img map -f qcow2 --output=human image.qcow2\n\n"
> +   "Rebase: qemu-img rebase -b new_backing_file.qcow2 image.qcow2"
> +   );

The text looks good but maybe it's better to condense the section by using only
one \n between command lines instead of two?

Fam

> +
>  printf("\n\n" QEMU_HELP_BOTTOM "\n");
>  exit(EXIT_SUCCESS);
>  }
> -- 
> 2.14.3 (Apple Git-98)
> 
> 

Re: [Qemu-devel] [PULL v4 0/7] riscv-pull queue

[Palmer Dabbelt]

On Mon, 09 Jul 2018 16:04:48 PDT (-0700), Michael Clark wrote:

On Tue, Jul 10, 2018 at 9:52 AM, Alistair Francis 
wrote:


On Mon, Jul 9, 2018 at 3:00 AM, Andreas Schwab  wrote:
> What is the state of the sifive_u emulation?  When I tried to boot a bbl
> with an included kernel I get these errors:
>
> qemu-system-riscv64: plic: invalid register write: 2090
> qemu-system-riscv64: plic: invalid register write: 2094
> qemu-system-riscv64: plic: invalid register write: 2098
> qemu-system-riscv64: plic: invalid register write: 209c
> qemu-system-riscv64: plic: invalid register write: 20a0
> qemu-system-riscv64: plic: invalid register write: 20a4
> qemu-system-riscv64: plic: invalid register write: 20a8
> qemu-system-riscv64: plic: invalid register write: 20ac
> qemu-system-riscv64: plic: invalid register write: 20b0
> qemu-system-riscv64: plic: invalid register write: 20b4

I see those as well. I haven't investigated but I assume we are just
not completely modelling the PLIC. In saying that it should still
boot. Do you not see the kernel booting?


FWIW, I see similar looking messages on QEMU master but get a booting kernel.  
Thanks to some of the WD guys our Linux port is rapidly approaching "bootable 
on master", so we should start pushing on the QEMU patch queue a bit as well.


Is there anything in particular I can do to help get patches reviewed?  Michael 
has taken most of the burden here, but I'm trying to schedule much more time 
for code review on my end (which I say while replying to a thread that's been 
dead for a month... :)).

[Qemu-devel] [PATCH] qemu-img.c: Add examples section

[John Arbuckle]

Add an examples section to the help output.

Signed-off-by: John Arbuckle 
---
 qemu-img.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/qemu-img.c b/qemu-img.c
index 1acddf693c..f77c82695d 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -199,6 +199,17 @@ static void QEMU_NORETURN help(void)
 
 printf("%s\nSupported formats:", help_msg);
 bdrv_iterate_format(format_print, NULL);
+
+printf("\n\nExamples:\n\n"
+   "Create: qemu-img create -f qcow2 image.qcow2 10G\n\n"
+   "Info: qemu-img info image.qcow2\n\n"
+   "Resize: qemu-img resize image.qcow2 20G\n\n"
+   "Convert: qemu-img convert -f raw -O qcow2 image.img 
image.qcow2\n\n"
+   "Check: qemu-img check image.qcow2\n\n"
+   "Map: qemu-img map -f qcow2 --output=human image.qcow2\n\n"
+   "Rebase: qemu-img rebase -b new_backing_file.qcow2 image.qcow2"
+   );
+
 printf("\n\n" QEMU_HELP_BOTTOM "\n");
 exit(EXIT_SUCCESS);
 }
-- 
2.14.3 (Apple Git-98)

Re: [Qemu-devel] RISC-V platform

[Programmingkid]

> On Aug 2, 2018, at 5:07 PM, Palmer Dabbelt  wrote:
> 
> On Fri, 29 Jun 2018 14:20:34 PDT (-0700), alistai...@gmail.com wrote:
>> On Fri, Jun 29, 2018 at 2:05 PM, G 3  wrote:
>>> Hi, I noticed your RISC-V patches on the mailing list and had a question
>>> that I think you may be able to answer. Has anyone defined a RISC-V platform
>>> yet? What I mean is defining what devices would be found on a RISC-V
>>> motherboard. I do hope to see RISC-V based desktop systems one day. But
>>> before that day can come the platform for this chip would have to be
>>> established. Could the SiFive board be the basis for such a standard?
>> 
>> It really depends what you mean by a standard platform. At the moment
>> the SiFive HiFive Unleased board is the only ASIC that can boot Linux.
>> So that really is the "standard" RISC-V board. It is a pretty basic
>> embedded board though, so it can't be considered a "standard" RISC-V
>> desktop. There is a virt board in QEMU (which is similar to the HiFive
>> Unleashed) that is a good go to for QEMU work.
> 
> The HiFive Unleashed is the defacto standard RISC-V embedded Linux platform 
> right now, but there will be a RISC-V platform specification that defines 
> proper standard platforms of various types.  This effort hasn't been started 
> yet, but it should be done sooner rather than later.

I definitely agree it should come soon. I realize the QEMU community could 
start this effort rather easily by developing a machine and then porting 
software to it. I'm thinking something easy we could do is take the IBM PC 
standard and apply it with a RISC-V CPU. Hardware vendors could then take that 
emulated machine and turn it into a real machine. Linux distros could then be 
made to run on this platform. The future looks exciting for this CPU.

[Qemu-devel] [ANNOUNCE] QEMU 2.12.1 Stable released

[Michael Roth]

Hi everyone,

I am pleased to announce that the QEMU v2.12.1 stable release is now
available:

You can grab the tarball from our download page here:

  https://www.qemu.org/download/#source

v2.12.1 is now tagged in the official qemu.git repository,
and the stable-2.12 branch has been updated accordingly:

  https://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.12

This update contains new mitigation functionality for CVE-2018-3639
(Speculative Store Bypass) in x86. There are also bug fixes for
migration, Intel IOMMU emulation, block layer/image handling, ARM
emulation, and various other areas.

Please see the changelog for additional details and update accordingly.

Thank you to everyone involved!

CHANGELOG:

e22f675bdd: Update version for 2.12.1 release (Michael Roth)
aae299a68d: file-posix: Handle EINTR in preallocation=full write (Fam Zheng)
b102aea574: qcow: fix a reference leak (KONRAD Frederic)
336cd382dc: s390x/sclp: fix maxram calculation (Christian Borntraeger)
bf1cb819e9: qga: process_event() simplification and leak fix (Marc-André Lureau)
08c4a51c65: qmp: De-duplicate error response building (Markus Armbruster)
441784598e: qobject: New qdict_from_jsonf_nofail() (Markus Armbruster)
90b2d94123: ccid-card-passthru: fix regression in realize() (Marc-André Lureau)
c16427177a: pc-bios/s390-ccw.img: update image for stable (Cornelia Huck)
e8488edcb3: tcg/i386: Mark xmm registers call-clobbered (Richard Henderson)
3afe55ff38: qemu-img: avoid overflow of min_sparse parameter (Peter Lieven)
1b817abcd4: tap: fix memory leak on success to create a tap device (Yunjian 
Wang)
0935356e43: target/ppc: set is_jmp on ppc_tr_breakpoint_check (Emilio G. Cota)
d109f8eb7e: virtio-rng: process pending requests on DRIVER_OK (Pankaj Gupta)
2379ac134a: iscsi: Avoid potential for get_status overflow (Eric Blake)
f8b3b02933: nbd/server: Reject 0-length block status request (Eric Blake)
78747264b9: tcg: Reduce max TB opcode count (Richard Henderson)
d8a7ec1deb: migration/block-dirty-bitmap: fix dirty_bitmap_load (Vladimir 
Sementsov-Ogievskiy)
2cb041a82d: vfio/pci: Default display option to "off" (Alex Williamson)
6d3ed3798b: replace functions which are only available in glib-2.24 (Olaf 
Hering)
58119514f5: nfs: Remove processed options from QDict (Kevin Wolf)
008ffc7a2f: mux: fix ctrl-a b again (Marc-André Lureau)
5e10c00f61: hw/isa/superio: Fix inconsistent use of Chardev->be (Philippe 
Mathieu-Daudé)
ca11f0ab77: target/arm: Fix sqrt_f16 exception raising (Alex Bennée)
ffc3a15018: target/arm: Implement FMOV (immediate) for fp16 (Alex Bennée)
f3816879f9: target/arm: Implement FCSEL for fp16 (Alex Bennée)
246dad2f3c: target/arm: Implement FCMP for fp16 (Alex Bennée)
0819a17250: target/arm: Implement FP data-processing (3 source) for fp16 
(Richard Henderson)
7133cd4cfe: target/arm: Implement FP data-processing (2 source) for fp16 
(Richard Henderson)
d1ed4a60ba: target/arm: Introduce and use read_fp_hreg (Richard Henderson)
7c38f3703d: target/arm: Implement FCVT (scalar, fixed-point) for fp16 (Richard 
Henderson)
baa552e54f: target/arm: Implement FCVT (scalar, integer) for fp16 (Richard 
Henderson)
4ec6a17a04: target/arm: Implement FMOV (general) for fp16 (Richard Henderson)
781cde6d94: fpu/softfloat: Fix conversion from uint64 to float128 (Petr Tesarik)
e5af958dd2: target/arm: Clear SVE high bits for FMOV (Richard Henderson)
c708ce7d6e: target/arm: Fix float16 to/from int16 (Richard Henderson)
0aaf1cca02: target/arm: Implement vector shifted FCVT for fp16 (Richard 
Henderson)
994b0cf997: target/arm: Implement vector shifted SCVF/UCVF for fp16 (Richard 
Henderson)
e653eee8d8: fpu/softfloat: Don't set Invalid for float-to-int(MAXINT) (Peter 
Maydell)
fbaeb1068c: target/arm: Fix fp_status_f16 tininess before rounding (Peter 
Maydell)
0779afdc89: blockjob: expose error string via query (John Snow)
4a67f4a953: RISC-V: Minimal QEMU 2.12 fix for sifive_u machine (Michael Clark)
9363c34825: tcg: Limit the number of ops in a TB (Richard Henderson)
51d5decb32: softfloat: Handle default NaN mode after pickNaNMulAdd, not before 
(Peter Maydell)
0e4b4b4fd3: tcg/i386: Fix dup_vec in non-AVX2 codepath (Peter Maydell)
6951158023: nbd/client: Relax handling of large NBD_CMD_BLOCK_STATUS reply 
(Eric Blake)
b129914a8d: riscv: requires libfdt (KONRAD Frederic)
db6f66eff7: riscv: htif: increase the priority of the htif subregion (KONRAD 
Frederic)
26cf05c1a1: riscv: spike: allow base == 0 (KONRAD Frederic)
7bc615f88f: iotests: Add test for cancelling a mirror job (Max Reitz)
1eddfab31c: block/mirror: Make cancel always cancel pre-READY (Max Reitz)
3882183fda: qapi: fill in CpuInfoFast.arch in query-cpus-fast (Laszlo Ersek)
3b52d47418: migration/block-dirty-bitmap: fix memory leak in 
dirty_bitmap_load_bits (Vladimir Sementsov-Ogievskiy)
f155487bef: nbd/client: fix nbd_negotiate_simple_meta_context (Vladimir 
Sementsov-Ogievskiy)
54eb6cc6d7: cpus: tcg: fix never exiting loop on unplug (Cédric Le Goater)
9eb3e5a8a8: block/mirror: 

Re: [Qemu-devel] [PATCH v3 6/7] loader: Implement .hex file loader

[Peter Maydell]

On 2 August 2018 at 13:43, Stefan Hajnoczi  wrote:
> On Mon, Jul 30, 2018 at 07:01:53PM +0100, Peter Maydell wrote:
>> I'm still not convinced we want to add another random
>> special case only-works-on-one-architecture-and-some-boards
>> feature to the -kernel command line option.
>>
>> Adding it to the "generic loader" device might be more plausible?
>
> I'm not sure I understand the purpose of the generic loader.
>
> As a user -kernel  is easier than -device
> loader,file=,cpu-num=1.
>
> Can you explain the advantage to moving hex file loading to the generic
> loader?

It means we have a command line option for loading hex files
that works for every board and every CPU architecture.
(Similarly, if you want a way to load an ELF file that
works the same way for all boards and CPUs, the generic
loader is it -- -kernel will not reliably do the job.
You can also use it to load more than one ELF file or
to load different ELF files for different CPUs, neither
of which you can do with -kernel.)

-kernel, like all our legacy short options, is, yes,
easier to use; it's also a twisted mess of different
"do what I mean" functionality that varies depending
on the guest CPU architecture and subtype, the machine
being emulated, and other random things like "did the
user also tell us to start a BIOS image". It mostly means
"run a Linux kernel", with some extras wedged in on the
side where we thought we could do it without breaking the
kernel case. Oh, and we don't document anywhere what
it actually does. I'm reluctant to add yet another layer of
"do what I mean" to it that only has an effect on a subset
of Arm boards.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v3 2/2] Add Nios II semihosting support.

[Sandra Loosemore]

On 05/18/2018 03:35 PM, Sandra Loosemore wrote:

On 05/18/2018 02:19 PM, Julian Brown wrote:

On Fri, 18 May 2018 21:52:04 +0200
Marek Vasut  wrote:


On 05/18/2018 09:23 PM, Julian Brown wrote:

This patch (by Sandra Loosemore, mildly rebased) adds support for
semihosting for Nios II bare-metal emulation.

Signed-off-by: Julian Brown 
Signed-off-by: Sandra Loosemore 


Is there some documentation for this stuff ? It looks interesting, but
how can I try it here ?


There's no documentation AFAIK apart from that the entry points are
the same as m68k, semihosting is invoked with "break 1", and r4/r5 are
used for passing arguments. I'm not actually sure how you can try this
stuff without our startup code or other infrastructure (that I'm pretty
sure we can't divulge). Sandra, any ideas?


I don't see any reason why we couldn't contribute libgloss support, 
except that I don't have time to write such a BSP right now.  :-(  I 
recently did this for C-SKY, though, and the semihosting parts were just 
a straightforward copy from the m68k port.


I've posted a patch with libgloss semihosting support for nios2 here:

https://sourceware.org/ml/newlib/2018/msg00610.html

I hope this is enough to unblock consideration of the corresponding QEMU 
patch set now.  Here's a link to the original patch posting:


http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg04571.html

-Sandra

Re: [Qemu-devel] [PATCH v6 00/77] Add nanoMIPS support to QEMU

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 1533219424-7627-1-git-send-email-stefan.marko...@rt-rk.com
Subject: [Qemu-devel] [PATCH v6 00/77] Add nanoMIPS support to QEMU

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
64eda72870 linux-user: Add nanoMIPS support in scripts/qemu-binfmt-conf.sh
e1a8cee4e5 linux-user: Add nanoMIPS linux user mode configuration support
df0e845f6e linux-user: Add support for statx() syscall for all platforms
32fec98ab2 linux-user: Amend support for sigaction() syscall for nanoMIPS
d4bfe737f2 linux-user: Add cpu_loop.c for nanoMIPS
4e1a987087 linux-user: Add support for nanoMIPS signal trampoline
aab0010a40 linux-user: Add signal.c for nanoMIPS
532eab67e7 linux-user: Add target_elf.h header for nanoMIPS
ddf77d7ac3 linux-user: Add target_structs.h header for nanoMIPS
84769d57a3 linux-user: Add target_cpu.h header for nanoMIPS
1fb20c1a72 linux-user: Add target_syscall.h header for nanoMIPS
d953da1580 linux-user: Add sockbits.h header for nanoMIPS
b0efc906fd linux-user: Add target_fcntl.h header for nanoMIPS
9d02c1e8eb linux-user: Update syscall_defs.h header for nanoMIPS
08fa324773 linux-user: Add termbits.h header for nanoMIPS
4821ebaae2 linux-user: Add target_signal.h header for nanoMIPS
06a0c46995 linux-user: Add syscall numbers for nanoMIPS
73be124213 target/mips: Add definition of nanoMIPS I7200 CPU
dbb82d28a4 gdbstub: Add XML support for GDB for nanoMIPS
186274afc1 gdbstub: Disable handling of nanoMIPS ISA bit in the MIPS gdbstub
7c8e071621 mips_malta: Fix semihosting argument passing for nanoMIPS bare metal
12091e1b6a mips_malta: Setup GT64120 BARs in nanoMIPS bootloader
c6323a3d69 mips_malta: Add basic nanoMIPS boot code for MIPS' Malta
0b61ee6473 elf: Don't check FCR31_NAN2008 bit for nanoMIPS
e8981250f1 elf: Relax MIPS' elf_check_arch() to accept EM_NANOMIPS too
d420a2f219 elf: Add nanoMIPS specific variations in ELF header fields
ed34b57a9c target/mips: Fix ERET/ERETNC behavior related to ADEL exception
b87394bad8 target/mips: Adjust set_pc() for nanoMIPS
e4f7784168 target/mips: Adjust set_hflags_for_handler() for nanoMIPS
2092c88d8f target/mips: Adjust exception_resume_pc() for nanoMIPS
9e4037a9d7 target/mips: Implement CP0 Config1.WR bit functionality
d5283f3176 target/mips: Add updating BadInstr, BadInstrP, BadInstrX for nanoMIPS
42416dd9c3 target/mips: Implement emulation of nanoMIPS LLWP/SCWP pair
69c9bcbca8 target/mips: Add handling of branch delay slots for nanoMIPS
e3054474bc target/mips: Add emulation of DSP ASE for nanoMIPS - part 6
a59cf3890e target/mips: Add emulation of DSP ASE for nanoMIPS - part 5
fb3e985dcd target/mips: Add emulation of DSP ASE for nanoMIPS - part 4
6ab266466c target/mips: Add emulation of DSP ASE for nanoMIPS - part 3
04a64ebd5f target/mips: Add emulation of DSP ASE for nanoMIPS - part 2
9a77858051 target/mips: Add emulation of DSP ASE for nanoMIPS - part 1
faaa015779 target/mips: Implement MT ASE support for nanoMIPS
2b4090fbff target/mips: Add emulation of nanoMIPS 32-bit branch instructions
4d8ddca2e1 target/mips: Add emulation of nanoMIPS 32-bit load and store 
instructions
c0fd0eea21 target/mips: Implement emulation of nanoMIPS EXTW instruction
f06df895ec target/mips: Implement emulation of nanoMIPS ROTX instruction
4bd3210913 target/mips: Add emulation of misc nanoMIPS instructions (p_lsx)
8860af1984 target/mips: Add emulation of misc nanoMIPS instructions (pool32axf)
7600a72911 target/mips: Add emulation of misc nanoMIPS instructions (pool32a0)
3a16a5a7c1 target/mips: Add emulation of nanoMIPS FP instructions
5752ef6f96 target/mips: Add emulation of nanoMIPS 48-bit instructions
8416c94b0b target/mips: Add emulation of nanoMIPS instructions MOVE.P and 
MOVE.PREV
5e5735abfd target/mips: Add emulation of some common nanoMIPS 32-bit 
instructions
111050a1a4 target/mips: Add emulation of nanoMIPS 16-bit save and restore 
instructions
43c3921546 target/mips: Add emulation of nanoMIPS 16-bit logic instructions
701b37e40e target/mips: Add emulation of nanoMIPS 16-bit load and store 
instructions
9a3ed3ef5b target/mips: Add emulation of nanoMIPS 16-bit misc instructions
46fbf41e0b target/mips: Add emulation of nanoMIPS 16-bit shift instructions
4e4bb7d89e target/mips: Add emulation of nanoMIPS 16-bit branch instructions
d025bf6095 target/mips: Add emulation of nanoMIPS 16-bit arithmetic 

Re: [Qemu-devel] [PATCH v3 6/7] loader: Implement .hex file loader

[Stefan Hajnoczi]

On Mon, Jul 30, 2018 at 07:01:53PM +0100, Peter Maydell wrote:
> On 25 July 2018 at 09:59, Stefan Hajnoczi  wrote:
> > From: Su Hang 
> >
> > This patch adds Intel Hexadecimal Object File format support to the
> > loader.  The file format specification is available here:
> > http://www.piclist.com/techref/fileext/hex/intel.htm
> >
> > This file format is often used with microcontrollers such as the
> > micro:bit, Arduino, STM32, etc.  Users expect to be able to run them
> > directly with qemu -kernel program.hex instead of converting to ELF or
> > binary.
> 
> I'm still not convinced we want to add another random
> special case only-works-on-one-architecture-and-some-boards
> feature to the -kernel command line option.
> 
> Adding it to the "generic loader" device might be more plausible?

I'm not sure I understand the purpose of the generic loader.

As a user -kernel  is easier than -device
loader,file=,cpu-num=1.

Can you explain the advantage to moving hex file loading to the generic
loader?

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] RISC-V platform

[Palmer Dabbelt]

On Fri, 29 Jun 2018 14:20:34 PDT (-0700), alistai...@gmail.com wrote:

On Fri, Jun 29, 2018 at 2:05 PM, G 3  wrote:

Hi, I noticed your RISC-V patches on the mailing list and had a question
that I think you may be able to answer. Has anyone defined a RISC-V platform
yet? What I mean is defining what devices would be found on a RISC-V
motherboard. I do hope to see RISC-V based desktop systems one day. But
before that day can come the platform for this chip would have to be
established. Could the SiFive board be the basis for such a standard?


It really depends what you mean by a standard platform. At the moment
the SiFive HiFive Unleased board is the only ASIC that can boot Linux.
So that really is the "standard" RISC-V board. It is a pretty basic
embedded board though, so it can't be considered a "standard" RISC-V
desktop. There is a virt board in QEMU (which is similar to the HiFive
Unleashed) that is a good go to for QEMU work.


The HiFive Unleashed is the defacto standard RISC-V embedded Linux platform 
right now, but there will be a RISC-V platform specification that defines 
proper standard platforms of various types.  This effort hasn't been started 
yet, but it should be done sooner rather than later.

Re: [Qemu-devel] 'make vm-build-freebsd' don't work if KVM isn't enabled

[Peter Maydell]

On 2 August 2018 at 20:13, Philippe Mathieu-Daudé  wrote:
> Hi Peter,
>
> On 07/30/2018 10:23 AM, Peter Maydell wrote:
>> The tests in tests/vm/ seem to make some attempt to cope with the
>> host system not allowing the user to use KVM, but it doesn't quite
>> work. The problem is that tests/vm/basevm.py always uses "-cpu host"
>> in the QEMU options it uses to run the VM, and that only works if
>> KVM is enabled. If the user can't run KVM then we correctly avoid
>> passing it "-enable-kvm" but then QEMU doesn't run because "-cpu host"
>> isn't supported...
>>
>> I guess the right fix here is to use "-cpu max" ?
>
> I think this is the issue I intended to address in this series:
>
> http://lists.nongnu.org/archive/html/qemu-devel/2018-07/msg03411.html
> "tests/vm: Improvements when KVM is not available"
> ->
> "tests/vm: Use 'host' cpu when KVM is available, else default to 'max'"

Just using "max" seems more straightforward, since the point
is that it works everywhere.

I thought I'd sent my tests/vm series out earlier this week,
but I must have managed to only do the dry-run or something --
I'll send them tomorrow.

thanks
-- PMM

[Qemu-devel] [Bug 1784919] Re: native libgfapi glusterfs support for virtio 9p filesystem passthrough

[Hans]

** Tags added: whishlist

** Tags removed: whishlist
** Tags added: wishlist

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1784919

Title:
  native libgfapi  glusterfs support for virtio 9p filesystem
  passthrough

Status in QEMU:
  New

Bug description:
  I can add block devices on glusterfs natively to my virtual machines since 
qemu 1.3 
  I would like to see the same feature for virtio 9p filesystems added on my 
VM. 

  Accessing a filesystem mounted on the Metal is my favorite solution
  for storage that is to be shared between more than one VM. But because
  my VMs are not running as root, they are not able to passthrough
  userids and gids to gluster-fuse. uid mapping is also not possible
  because no xattr support.

  So all I can do is either setting up seperate NFS Servers to bring the
  Filesystem in via Network, or to start qemu as root or to add
  fuse_xattr on top of glusterfs_fuse. I do expect however that the
  fastest and most relieable solution is to make something like this
  possible:

  -fsdev
  
local,id=test_dev,path=gluster://this.node/test_mount,security_model=passthrough
  -device virtio-9p-pci,fsdev=test_dev,mount_tag=test_mount

  regards

  Hans

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1784919/+subscriptions

Re: [Qemu-devel] [Bug 1784900] Re: QEMU (frontend) crashes upon warm reboot with virtio-gpu device and vga=775 on Linux cmdline

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 
153321150379.28572.4771679861864409417.mal...@chaenomeles.canonical.com
Subject: [Qemu-devel] [Bug 1784900] Re: QEMU (frontend) crashes upon warm 
reboot with virtio-gpu device and vga=775 on Linux cmdline

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/153321150379.28572.4771679861864409417.mal...@chaenomeles.canonical.com 
-> 
patchew/153321150379.28572.4771679861864409417.mal...@chaenomeles.canonical.com
Switched to a new branch 'test'
1a366fd405 QEMU (frontend) crashes upon warm reboot with virtio-gpu device and 
vga=775 on Linux cmdline

=== OUTPUT BEGIN ===
Checking PATCH 1/1: QEMU (frontend) crashes upon warm reboot with virtio-gpu 
device and vga=775 on Linux cmdline...
ERROR: line over 90 characters
#32: FILE: hw/display/vga.c:1571:
+fprintf(stderr, "%p vs %p   share_surface: %d   surface: %p\n", 
surface_data(surface), s->vram_ptr + (s->start_addr * 4), share_surface, 
surface);

ERROR: Missing Signed-off-by: line(s)

total: 2 errors, 0 warnings, 26 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [Qemu-devel] [PATCH v6 77/77] linux-user: Add nanoMIPS support in scripts/qemu-binfmt-conf.sh

[Laurent Vivier]

Le 02/08/2018 à 16:17, Stefan Markovic a écrit :
> From: Aleksandar Rikalo 
> 
> Add support for nanomips[eb] variant in scripts/qemu-binfmt-conf.sh.
> 
> Signed-off-by: Aleksandar Markovic 
> Signed-off-by: Stefan Markovic 
> ---
>  scripts/qemu-binfmt-conf.sh | 12 ++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
> index b0dc8a7..ecde0c2 100755
> --- a/scripts/qemu-binfmt-conf.sh
> +++ b/scripts/qemu-binfmt-conf.sh
> @@ -2,7 +2,7 @@
>  # Enable automatic program execution by the kernel.
>  
>  qemu_target_list="i386 i486 alpha arm armeb sparc32plus ppc ppc64 ppc64le 
> m68k \
> -mips mipsel mipsn32 mipsn32el mips64 mips64el \
> +mips mipsel mipsn32 mipsn32el mips64 mips64el nanomips nanomipseb \
>  sh4 sh4eb s390x aarch64 aarch64_be hppa riscv32 riscv64 xtensa xtensaeb \
>  microblaze microblazeel or1k"
>  
> @@ -76,6 +76,14 @@ 
> mips64el_magic='\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\
>  
> mips64el_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
>  mips64el_family=mips
>  
> +nanomips_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf9\x00'
> +nanomips_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'
> +nanomips_family=mips
> +
> +nanomipseb_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf9'
> +nanomipseb_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'
> +nanomipseb_family=mips

The goal of the family value is not to register the interpreter if the
kernel can execute the executable directly (without qemu).
For instance a ppc64 kernel can execute a ppc executable, an x86_64
kernel can execute a i386 binary.

If you put nanomips in the mips family it means a mips kernel can
execute directly a nanomips executable: Is that the case?
If not, I think you can use "nanomips_family=nanomips", and if a
nanomips kernel cannot execute a nanomipseb executable, you need also a
nanomipseb family.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH v1 0/5] Connect a PCIe host and graphics support toRISC-V

[Alistair]

Hey,

Sorry for the top post. I’m on holidays at the moment and will be back next 
week.

I have sent a V2 to the list, I don’t think I CCed you as I know your busy. 
Once the 3.1 merge window opens I’ll send a new version with all the comments I 
have received.

Alistair

From: Palmer Dabbelt
Sent: Thursday, 2 August 2018 10:44 AM
To: alistair.fran...@wdc.com
Cc: qemu-devel@nongnu.org; alistair.fran...@wdc.com; alistai...@gmail.com; 
Michael Clark
Subject: Re: [PATCH v1 0/5] Connect a PCIe host and graphics support toRISC-V

On Fri, 22 Jun 2018 12:28:14 PDT (-0700), alistair.fran...@wdc.com wrote:
> Alistair Francis (5):
>   hw/riscv/virtio: Set the soc device tree node as a simple-bus
>   hw/riscv/virt: Increase the number of interrupts
>   hw/riscv/virt: Connect the Xilinx PCIe
>   hw/riscv/virt: Connect a VGA PCIe device
>   riscv64-softmmu.mak: Build Virtio Block support
>
>  default-configs/riscv32-softmmu.mak |  6 +++
>  default-configs/riscv64-softmmu.mak |  8 
>  hw/riscv/virt.c | 73 -
>  include/hw/riscv/virt.h |  6 ++-
>  4 files changed, 90 insertions(+), 3 deletions(-)

Sorry I'm so slow here, I'm still chewing through my patch backlog.  It looks 
like this hasn't made it upstream yet.  I rebased it on top of master but have 
yet to figure out how to make it work, though I think that's on the Linux side.

I haven't yet looked at the code, but I like the functionality so I don't want 
to lose this.  Can you submit a v2 that applies cleanly to master, or do you 
want me to deal with it?

Re: [Qemu-devel] 'make vm-build-freebsd' don't work if KVM isn't enabled

[Philippe Mathieu-Daudé]

Hi Peter,

On 07/30/2018 10:23 AM, Peter Maydell wrote:
> The tests in tests/vm/ seem to make some attempt to cope with the
> host system not allowing the user to use KVM, but it doesn't quite
> work. The problem is that tests/vm/basevm.py always uses "-cpu host"
> in the QEMU options it uses to run the VM, and that only works if
> KVM is enabled. If the user can't run KVM then we correctly avoid
> passing it "-enable-kvm" but then QEMU doesn't run because "-cpu host"
> isn't supported...
> 
> I guess the right fix here is to use "-cpu max" ?

I think this is the issue I intended to address in this series:

http://lists.nongnu.org/archive/html/qemu-devel/2018-07/msg03411.html
"tests/vm: Improvements when KVM is not available"
->
"tests/vm: Use 'host' cpu when KVM is available, else default to 'max'"

Re: [Qemu-devel] [PATCH 4/6] dirty-bitmaps: clean-up bitmaps loading and migration logic

[John Snow]

On 08/02/2018 03:05 PM, Denis V. Lunev wrote:
> On 08/02/2018 12:50 PM, Dr. David Alan Gilbert wrote:
>> * Denis V. Lunev (d...@openvz.org) wrote:
>>
>>
 I don't quite understand the last two paragraphs.
>>> we are thinking right now to eliminate delay on regular IO
>>> for migration. There is some thoughts and internal work in
>>> progress. That is why I am worrying.
>> What downtime are you typicaly seeing and what are you aiming for?
>>
>> It would be good if you could explain what you're planning to
>> fix there so we can get a feel for it nearer the start of it
>> rather than at the end of the reviewing!
>>
>> Dave
> The ultimate goal is to reliable reach 100 ms with ongoing IO and
> you are perfectly correct about reviewing :)
> 
> Though the problem is that right now we are just trying to
> invent something suitable :(
> 
> Den
> 

Yeah, I gotcha -- please give me just a little time. I'm not against
using Vlad's series, it just surprised me. David and I have talked about
what you're trying to do and we are in agreement that it is the right
thing to do for now.

I have some more questions about Vlad's series, but I want to test it a
bit myself before I waste time asking them. I'll stage a working version
as soon as I can.

--js

Re: [Qemu-devel] [PATCH 4/6] dirty-bitmaps: clean-up bitmaps loading and migration logic

[Denis V. Lunev]

On 08/02/2018 12:50 PM, Dr. David Alan Gilbert wrote:
> * Denis V. Lunev (d...@openvz.org) wrote:
>
>
>>> I don't quite understand the last two paragraphs.
>> we are thinking right now to eliminate delay on regular IO
>> for migration. There is some thoughts and internal work in
>> progress. That is why I am worrying.
> What downtime are you typicaly seeing and what are you aiming for?
>
> It would be good if you could explain what you're planning to
> fix there so we can get a feel for it nearer the start of it
> rather than at the end of the reviewing!
>
> Dave
The ultimate goal is to reliable reach 100 ms with ongoing IO and
you are perfectly correct about reviewing :)

Though the problem is that right now we are just trying to
invent something suitable :(

Den

>>> However, coming back to my question; it was really saying that
>>> normal guest IO during the end of the migration will cause
>>> a delay; I'm expecting that to be fairly unrelated to the size
>>> of the disk; more to do with workload; so I guess in your case
>>> the worry is the case of big large disks giving big large
>>> bitmaps.
>> exactly!
>>
>> Den
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH] hw/timer/m48t59: Move away from old_mmio accessors

[Philippe Mathieu-Daudé]

On 08/02/2018 03:06 PM, Peter Maydell wrote:
> Move the m48t59 device away from using old_mmio MemoryRegionOps
> accessors.
> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
> Tested with 'make check' and by booting a sparc guest.
> 
>  hw/timer/m48t59.c | 59 +--
>  1 file changed, 11 insertions(+), 48 deletions(-)
> 
> diff --git a/hw/timer/m48t59.c b/hw/timer/m48t59.c
> index f2991762ab0..ca3ed445de7 100644
> --- a/hw/timer/m48t59.c
> +++ b/hw/timer/m48t59.c
> @@ -493,66 +493,29 @@ static uint64_t NVRAM_readb(void *opaque, hwaddr addr, 
> unsigned size)
>  return retval;
>  }
>  
> -static void nvram_writeb (void *opaque, hwaddr addr, uint32_t value)
> -{
> -M48t59State *NVRAM = opaque;
> -
> -m48t59_write(NVRAM, addr, value & 0xff);
> -}
> -
> -static void nvram_writew (void *opaque, hwaddr addr, uint32_t value)
> -{
> -M48t59State *NVRAM = opaque;
> -
> -m48t59_write(NVRAM, addr, (value >> 8) & 0xff);
> -m48t59_write(NVRAM, addr + 1, value & 0xff);
> -}
> -
> -static void nvram_writel (void *opaque, hwaddr addr, uint32_t value)
> -{
> -M48t59State *NVRAM = opaque;
> -
> -m48t59_write(NVRAM, addr, (value >> 24) & 0xff);
> -m48t59_write(NVRAM, addr + 1, (value >> 16) & 0xff);
> -m48t59_write(NVRAM, addr + 2, (value >> 8) & 0xff);
> -m48t59_write(NVRAM, addr + 3, value & 0xff);
> -}
> -
> -static uint32_t nvram_readb (void *opaque, hwaddr addr)
> +static uint64_t nvram_read(void *opaque, hwaddr addr, unsigned size)
>  {
>  M48t59State *NVRAM = opaque;
>  
>  return m48t59_read(NVRAM, addr);
>  }
>  
> -static uint32_t nvram_readw (void *opaque, hwaddr addr)
> +static void nvram_write(void *opaque, hwaddr addr, uint64_t value,
> +unsigned size)
>  {
>  M48t59State *NVRAM = opaque;
> -uint32_t retval;
>  
> -retval = m48t59_read(NVRAM, addr) << 8;
> -retval |= m48t59_read(NVRAM, addr + 1);
> -return retval;
> -}
> -
> -static uint32_t nvram_readl (void *opaque, hwaddr addr)
> -{
> -M48t59State *NVRAM = opaque;
> -uint32_t retval;
> -
> -retval = m48t59_read(NVRAM, addr) << 24;
> -retval |= m48t59_read(NVRAM, addr + 1) << 16;
> -retval |= m48t59_read(NVRAM, addr + 2) << 8;
> -retval |= m48t59_read(NVRAM, addr + 3);
> -return retval;
> +return m48t59_write(NVRAM, addr, value);
>  }
>  
>  static const MemoryRegionOps nvram_ops = {
> -.old_mmio = {
> -.read = { nvram_readb, nvram_readw, nvram_readl, },
> -.write = { nvram_writeb, nvram_writew, nvram_writel, },
> -},
> -.endianness = DEVICE_NATIVE_ENDIAN,
> +.read = nvram_read,
> +.write = nvram_write,
> +.impl.min_access_size = 1,
> +.impl.max_access_size = 1,
> +.valid.min_access_size = 1,
> +.valid.max_access_size = 4,
> +.endianness = DEVICE_BIG_ENDIAN,
>  };
>  
>  static const VMStateDescription vmstate_m48t59 = {
> 

Re: [Qemu-devel] [PATCH 1/2] hw/display/vga-isa-mm: Convert away from old_mmio

[Hervé Poussineau]

Le 02/08/2018 à 17:51, Peter Maydell a écrit :

Convert the vga-isa-mm device away from the old_mmio
MemoryRegion accessors.

This device is only used by the MIPS 'jazz' boards
"magnum" and "pica61".

Signed-off-by: Peter Maydell 
---
  hw/display/vga-isa-mm.c | 60 +
  1 file changed, 13 insertions(+), 47 deletions(-)



Note: this device is only used by the MIPS "pica61" board, not the "magnum" one.
The commit message may be changed accordingly.

Reviewed-by: Hervé Poussineau 
Tested-by: Hervé Poussineau 

Re: [Qemu-devel] [PATCH v2 21/23] libqtest: Remove qtest_qmp_discard_response() & friends

[Markus Armbruster]

Thomas Huth  writes:

> On 08/02/2018 06:53 AM, Markus Armbruster wrote:
>> Thomas Huth  writes:
>> 
>>> On 07/30/2018 08:32 AM, Markus Armbruster wrote:
 Eric Blake  writes:

> On 07/27/2018 11:46 AM, Thomas Huth wrote:
>> On 07/27/2018 05:13 PM, Markus Armbruster wrote:
>>> qtest_qmp_discard_response(...) is shorthand for
>>> qobject_unref(qtest_qmp(...), except it's not actually shorter.
>>
>> But the latter is IMHO harder to read.

 Doing things sloppily looks a bit uglier now.  That's a feature.

> Maybe, but then it lends itself well to:
>
> QObject *rsp = qtest_qmp(...);
> qobject_unref(rsp);
>
> which is where you do insert tests for valid responses.
>
>> And it might be shorter in the compiled binary (one function call vs. 
>> two).

 I'd be quite sympathetic to this argument...

> The size of the test binaries is not our biggest concern.

 ... outside tests/.

>>> Moreover, the presence of these functions encourage sloppy testing.
>>
>> Shouldn't we then rather fix the tests to check for valid responses
>> instead of replacing this function with harder-to-read code?

 I'd welcome such patches, but this series is already pretty long.
>>>
>>> Then maybe rather drop this patch from this series, and fix the issues
>>> in a separate series instead?
>> 
>> Do you insist?
>
> No. But I'd still like to convince you that this patch is unnecessary
> right now.
>
>> I fail to see how changing
>> 
>> qmp_discard_response("{ 'execute': 'system_reset' }");
>> 
>> to
>> 
>> qobject_unref(qmp("{ 'execute': 'system_reset' }"));
>> 
>> is so awful it would justify demanding I pause my work on libqtest to
>> first figure out which parts of ignored responses are worth checking,
>> then code up the checks.
>
> First, you don't have to pause this series just because of this, since
> the remaining two patches do not depend on this one.

I intend to swap with the previous patch in v3 to reduce churn.

> Then, I still fail to see the real benefit here. You've found something
> that needs proper clean up later (by adding checks for valid responses).
> So IMHO simply add a big fat warning comment to the description of
> qmp_discard_response would be sufficient.

Warnings in function comments are ineffective at counterproliferation.
People copy code without examining the called functions' comments.

>   Then you can easily grep for
> "qmp_discard_response" later to find the spots that need fixing. If you
> replace it with that ugly nested construct instead, we still should fix
> it later, but it's a little bit harder to grep, and since we need to
> change it later again anyway, it just sounds like unnecessary code churn
> to me. So do you really need this so badly (for your later work?), or
> could you simply skip this patch?
>
>> Would you accept
>> 
>> rsp = qmp("{ 'execute': 'system_reset' }"));
>> qobject_unref(rsp);
>> 
>> ?
>
> While this is easier to read, I think we lose the easy way to grep for
> the spots that need fixing later here, so let's better not do this.
>
>> If none of the above is acceptable to you, then I'll push the crap that
>> needs to go from libqtest into the crap-using tests, like this:
>> 
>> /* TODO actually test the results and get rid of this */
>> #define qmp_discard_response(...) qobject_unref(qmp(__VA_ARGS__));
>
> Fine for me.

Sold.

[Qemu-devel] [PATCH] hw/timer/m48t59: Move away from old_mmio accessors

[Peter Maydell]

Move the m48t59 device away from using old_mmio MemoryRegionOps
accessors.

Signed-off-by: Peter Maydell 
---
Tested with 'make check' and by booting a sparc guest.

 hw/timer/m48t59.c | 59 +--
 1 file changed, 11 insertions(+), 48 deletions(-)

diff --git a/hw/timer/m48t59.c b/hw/timer/m48t59.c
index f2991762ab0..ca3ed445de7 100644
--- a/hw/timer/m48t59.c
+++ b/hw/timer/m48t59.c
@@ -493,66 +493,29 @@ static uint64_t NVRAM_readb(void *opaque, hwaddr addr, 
unsigned size)
 return retval;
 }
 
-static void nvram_writeb (void *opaque, hwaddr addr, uint32_t value)
-{
-M48t59State *NVRAM = opaque;
-
-m48t59_write(NVRAM, addr, value & 0xff);
-}
-
-static void nvram_writew (void *opaque, hwaddr addr, uint32_t value)
-{
-M48t59State *NVRAM = opaque;
-
-m48t59_write(NVRAM, addr, (value >> 8) & 0xff);
-m48t59_write(NVRAM, addr + 1, value & 0xff);
-}
-
-static void nvram_writel (void *opaque, hwaddr addr, uint32_t value)
-{
-M48t59State *NVRAM = opaque;
-
-m48t59_write(NVRAM, addr, (value >> 24) & 0xff);
-m48t59_write(NVRAM, addr + 1, (value >> 16) & 0xff);
-m48t59_write(NVRAM, addr + 2, (value >> 8) & 0xff);
-m48t59_write(NVRAM, addr + 3, value & 0xff);
-}
-
-static uint32_t nvram_readb (void *opaque, hwaddr addr)
+static uint64_t nvram_read(void *opaque, hwaddr addr, unsigned size)
 {
 M48t59State *NVRAM = opaque;
 
 return m48t59_read(NVRAM, addr);
 }
 
-static uint32_t nvram_readw (void *opaque, hwaddr addr)
+static void nvram_write(void *opaque, hwaddr addr, uint64_t value,
+unsigned size)
 {
 M48t59State *NVRAM = opaque;
-uint32_t retval;
 
-retval = m48t59_read(NVRAM, addr) << 8;
-retval |= m48t59_read(NVRAM, addr + 1);
-return retval;
-}
-
-static uint32_t nvram_readl (void *opaque, hwaddr addr)
-{
-M48t59State *NVRAM = opaque;
-uint32_t retval;
-
-retval = m48t59_read(NVRAM, addr) << 24;
-retval |= m48t59_read(NVRAM, addr + 1) << 16;
-retval |= m48t59_read(NVRAM, addr + 2) << 8;
-retval |= m48t59_read(NVRAM, addr + 3);
-return retval;
+return m48t59_write(NVRAM, addr, value);
 }
 
 static const MemoryRegionOps nvram_ops = {
-.old_mmio = {
-.read = { nvram_readb, nvram_readw, nvram_readl, },
-.write = { nvram_writeb, nvram_writew, nvram_writel, },
-},
-.endianness = DEVICE_NATIVE_ENDIAN,
+.read = nvram_read,
+.write = nvram_write,
+.impl.min_access_size = 1,
+.impl.max_access_size = 1,
+.valid.min_access_size = 1,
+.valid.max_access_size = 4,
+.endianness = DEVICE_BIG_ENDIAN,
 };
 
 static const VMStateDescription vmstate_m48t59 = {
-- 
2.17.1

Re: [Qemu-devel] [PATCH v5 45/76] target/mips: Implement emulation of nanoMIPS LLWP/SCWP pair

[Aleksandar Markovic]

> From: Richard Henderson 
> Sent: Thursday, August 2, 2018 7:28 PM
> 
> On 08/02/2018 08:29 AM, Aleksandar Markovic wrote:
> > Hi, Richard,
> >
> > We are going to remove obsoleted helpers, that was just an honest mistake 
> > made in a rush.
> >
> > For unprotected access to gpr, we are going to insert if(reg1 != 0) in two 
> > places.
> 
> Be careful that you do not eliminate side effects in the process.  This
> includes things like check_dspr2, and any helper that sets overflow_flag or
> carry_flag.
> 
> I cannot see how you will avoid that when adding only two if statements.
> 

I was referring just to SCWP handler function. For DSP patches, for v6, we 
worked assiduously to eliminate all unprotected accesses to gpr.

> 
> > However, it looks there is a bigger problem now in SCWP. QEMU crashes with 
> > this message:
> >
> > /qemu/tcg/tcg.c:2862: tcg fatal error
> >
> > This happens in user mode only, system mode case runs fine.
> >
> > the problem seems to appear as a consequence of using tcg_gen_brcond_*(().
> >
> > Do you have any idea what are we doing wrong here?
> 
> If you send me a binary that triggers this error, I'll look at it.

Will do it tomorrow morning.

Aleksandar

Re: [Qemu-devel] [PATCH v1 0/5] Connect a PCIe host and graphics support to RISC-V

[Palmer Dabbelt]

On Fri, 22 Jun 2018 12:28:14 PDT (-0700), alistair.fran...@wdc.com wrote:

Alistair Francis (5):
  hw/riscv/virtio: Set the soc device tree node as a simple-bus
  hw/riscv/virt: Increase the number of interrupts
  hw/riscv/virt: Connect the Xilinx PCIe
  hw/riscv/virt: Connect a VGA PCIe device
  riscv64-softmmu.mak: Build Virtio Block support

 default-configs/riscv32-softmmu.mak |  6 +++
 default-configs/riscv64-softmmu.mak |  8 
 hw/riscv/virt.c | 73 -
 include/hw/riscv/virt.h |  6 ++-
 4 files changed, 90 insertions(+), 3 deletions(-)


Sorry I'm so slow here, I'm still chewing through my patch backlog.  It looks 
like this hasn't made it upstream yet.  I rebased it on top of master but have 
yet to figure out how to make it work, though I think that's on the Linux side.


I haven't yet looked at the code, but I like the functionality so I don't want 
to lose this.  Can you submit a v2 that applies cleanly to master, or do you 
want me to deal with it?

[Qemu-devel] [PATCH 2/2] hw/net/pcnet-pci: Unify pcnet_ioport_read/write and pcnet_mmio_read/write

[Peter Maydell]

The only difference between our implementation of the pcnet ioport
accessors and the mmio accessors is that the former check BCR_DWIO to
see what access widths are permitted for addresses in the aprom range
(0x0..0xf). In fact our failure to do this in the mmio accessors
is a bug (one which was fixed for the ioport accessors in
commit 7ba79741970 in 2011).

The data sheet for the Am79C970A does not describe the DWIO
bit as only applying for I/O space mapped I/O resources and
not memory mapped I/O resources, and our MMIO accessors already
honour DWIO for accesses in the 0x10..0x1f range (since the
pcnet_ioport_{read,write}{w,l} functions check it).

The data sheet for the later but compatible Am79C976 is clearer:
it states specifically "DWIO mode applies to both I/O- and
memory-mapped acceses." This seems to be reasonable evidence
in favour of interpretating the Am79C970A spec as being the same.

(NB: Linux's pcnet driver only supports I/O accesses, so the
MMIO access part of this device is probably untested anyway.)

Signed-off-by: Peter Maydell 
---
 hw/net/pcnet-pci.c  | 67 ++---
 hw/net/trace-events |  2 --
 2 files changed, 2 insertions(+), 67 deletions(-)

diff --git a/hw/net/pcnet-pci.c b/hw/net/pcnet-pci.c
index 248fb3ba299..7c738557830 100644
--- a/hw/net/pcnet-pci.c
+++ b/hw/net/pcnet-pci.c
@@ -139,69 +139,6 @@ static const MemoryRegionOps pcnet_io_ops = {
 .endianness = DEVICE_LITTLE_ENDIAN,
 };
 
-/*
- * TODO: should MMIO accesses to the addresses corresponding to the
- * APROM also honour the BCR_DWIO() setting? If so, then these functions
- * and pcnet_ioport_write/pcnet_ioport_read could be merged.
- * If not, then should pcnet_ioport_{read,write}{w,l} really check
- * BCR_DWIO() for MMIO writes ?
- */
-static void pcnet_mmio_write(void *opaque, hwaddr addr, uint64_t value,
- unsigned size)
-{
-PCNetState *d = opaque;
-
-trace_pcnet_mmio_write(opaque, addr, size, val);
-
-if (addr < 0x10) {
-if (size == 1) {
-pcnet_aprom_writeb(d, addr, data);
-} else if ((addr & 1) == 0 && size == 2) {
-pcnet_aprom_writeb(d, addr, data & 0xff);
-pcnet_aprom_writeb(d, addr + 1, data >> 8);
-} else if ((addr & 3) == 0 && size == 4) {
-pcnet_aprom_writeb(d, addr, data & 0xff);
-pcnet_aprom_writeb(d, addr + 1, (data >> 8) & 0xff);
-pcnet_aprom_writeb(d, addr + 2, (data >> 16) & 0xff);
-pcnet_aprom_writeb(d, addr + 3, data >> 24);
-}
-} else {
-if (size == 2) {
-pcnet_ioport_writew(d, addr, data);
-} else if (size == 4) {
-pcnet_ioport_writel(d, addr, data);
-}
-}
-}
-
-static uint64_t pcnet_mmio_read(void *opque, hwaddr addr, unsigned size)
-{
-PCNetState *d = opaque;
-
-trace_pcnet_ioport_read(opaque, addr, size);
-
-if (addr < 0x10) {
-if (size == 1) {
-return pcnet_aprom_readb(d, addr);
-} else if ((addr & 1) == 0 && size == 2) {
-return pcnet_aprom_readb(d, addr) |
-   (pcnet_aprom_readb(d, addr + 1) << 8);
-} else if ((addr & 3) == 0 && size == 4) {
-return pcnet_aprom_readb(d, addr) |
-   (pcnet_aprom_readb(d, addr + 1) << 8) |
-   (pcnet_aprom_readb(d, addr + 2) << 16) |
-   (pcnet_aprom_readb(d, addr + 3) << 24);
-}
-} else {
-if (size == 2) {
-return pcnet_ioport_readw(d, addr);
-} else if (size == 4) {
-return pcnet_ioport_readl(d, addr);
-}
-}
-return ((uint64_t)1 << (size * 8)) - 1;
-}
-
 static const VMStateDescription vmstate_pci_pcnet = {
 .name = "pcnet",
 .version_id = 3,
@@ -216,8 +153,8 @@ static const VMStateDescription vmstate_pci_pcnet = {
 /* PCI interface */
 
 static const MemoryRegionOps pcnet_mmio_ops = {
-.read = pcnet_mmio_read,
-.write = pcnet_mmio_write,
+.read = pcnet_ioport_read,
+.write = pcnet_ioport_write,
 .valid.min_access_size = 1,
 .valid.max_access_size = 4,
 .impl.min_access_size = 1,
diff --git a/hw/net/trace-events b/hw/net/trace-events
index 5cd0ad50ce2..c1dea4b1562 100644
--- a/hw/net/trace-events
+++ b/hw/net/trace-events
@@ -61,8 +61,6 @@ pcnet_aprom_writeb(void *opaque, uint32_t addr, uint32_t val) 
"opaque=%p addr=0x
 pcnet_aprom_readb(void *opaque, uint32_t addr, uint32_t val) "opaque=%p 
addr=0x%08x val=0x%02x"
 pcnet_ioport_read(void *opaque, uint64_t addr, unsigned size) "opaque=%p 
addr=0x%"PRIx64" size=%d"
 pcnet_ioport_write(void *opaque, uint64_t addr, uint64_t data, unsigned size) 
"opaque=%p addr=0x%"PRIx64" data=0x%"PRIx64" size=%d"
-pcnet_mmio_write(void *opaque, uint64_t addr, uint32_t val, unsigned size) 
"opaque=%p addr=0x%"PRIx64" val=0x%x size=%d"
-pcnet_mmio_read(void *opaque, uint64_t addr, unsigned size) "opaque=%p 
addr=0x%"PRIx64" size=%d"
 
 # 

[Qemu-devel] [PATCH 1/2] hw/net/pcnet-pci: Convert away from old_mmio accessors

[Peter Maydell]

Convert the pcnet-pci device away from using the old_mmio
MemoryRegionOps accessor functions.

This commit is a no-behaviour-change API conversion.
(Since PCNET_PNPMMIO_SIZE is 0x20, the old "addr & 0x10"
check and the new "addr < 0x10" check are exact opposites;
the new code is phrased to be parallel with the
pcnet_io_read/write functions.)

I have left a TODO comment marker because the similarity
between the MMIO and IO accessor behaviour is suspicious
and they could be combined, but this will be left to a
different patch.

Signed-off-by: Peter Maydell 
---
 hw/net/pcnet-pci.c  | 133 ++--
 hw/net/trace-events |   8 +--
 2 files changed, 57 insertions(+), 84 deletions(-)

diff --git a/hw/net/pcnet-pci.c b/hw/net/pcnet-pci.c
index 70dc8b3f0cd..248fb3ba299 100644
--- a/hw/net/pcnet-pci.c
+++ b/hw/net/pcnet-pci.c
@@ -139,92 +139,67 @@ static const MemoryRegionOps pcnet_io_ops = {
 .endianness = DEVICE_LITTLE_ENDIAN,
 };
 
-static void pcnet_mmio_writeb(void *opaque, hwaddr addr, uint32_t val)
+/*
+ * TODO: should MMIO accesses to the addresses corresponding to the
+ * APROM also honour the BCR_DWIO() setting? If so, then these functions
+ * and pcnet_ioport_write/pcnet_ioport_read could be merged.
+ * If not, then should pcnet_ioport_{read,write}{w,l} really check
+ * BCR_DWIO() for MMIO writes ?
+ */
+static void pcnet_mmio_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
 {
 PCNetState *d = opaque;
 
-trace_pcnet_mmio_writeb(opaque, addr, val);
-if (!(addr & 0x10))
-pcnet_aprom_writeb(d, addr & 0x0f, val);
-}
+trace_pcnet_mmio_write(opaque, addr, size, val);
 
-static uint32_t pcnet_mmio_readb(void *opaque, hwaddr addr)
-{
-PCNetState *d = opaque;
-uint32_t val = -1;
-
-if (!(addr & 0x10))
-val = pcnet_aprom_readb(d, addr & 0x0f);
-trace_pcnet_mmio_readb(opaque, addr, val);
-return val;
-}
-
-static void pcnet_mmio_writew(void *opaque, hwaddr addr, uint32_t val)
-{
-PCNetState *d = opaque;
-
-trace_pcnet_mmio_writew(opaque, addr, val);
-if (addr & 0x10)
-pcnet_ioport_writew(d, addr & 0x0f, val);
-else {
-addr &= 0x0f;
-pcnet_aprom_writeb(d, addr, val & 0xff);
-pcnet_aprom_writeb(d, addr+1, (val & 0xff00) >> 8);
+if (addr < 0x10) {
+if (size == 1) {
+pcnet_aprom_writeb(d, addr, data);
+} else if ((addr & 1) == 0 && size == 2) {
+pcnet_aprom_writeb(d, addr, data & 0xff);
+pcnet_aprom_writeb(d, addr + 1, data >> 8);
+} else if ((addr & 3) == 0 && size == 4) {
+pcnet_aprom_writeb(d, addr, data & 0xff);
+pcnet_aprom_writeb(d, addr + 1, (data >> 8) & 0xff);
+pcnet_aprom_writeb(d, addr + 2, (data >> 16) & 0xff);
+pcnet_aprom_writeb(d, addr + 3, data >> 24);
+}
+} else {
+if (size == 2) {
+pcnet_ioport_writew(d, addr, data);
+} else if (size == 4) {
+pcnet_ioport_writel(d, addr, data);
+}
 }
 }
 
-static uint32_t pcnet_mmio_readw(void *opaque, hwaddr addr)
-{
-PCNetState *d = opaque;
-uint32_t val = -1;
-
-if (addr & 0x10)
-val = pcnet_ioport_readw(d, addr & 0x0f);
-else {
-addr &= 0x0f;
-val = pcnet_aprom_readb(d, addr+1);
-val <<= 8;
-val |= pcnet_aprom_readb(d, addr);
-}
-trace_pcnet_mmio_readw(opaque, addr, val);
-return val;
-}
-
-static void pcnet_mmio_writel(void *opaque, hwaddr addr, uint32_t val)
+static uint64_t pcnet_mmio_read(void *opque, hwaddr addr, unsigned size)
 {
 PCNetState *d = opaque;
 
-trace_pcnet_mmio_writel(opaque, addr, val);
-if (addr & 0x10)
-pcnet_ioport_writel(d, addr & 0x0f, val);
-else {
-addr &= 0x0f;
-pcnet_aprom_writeb(d, addr, val & 0xff);
-pcnet_aprom_writeb(d, addr+1, (val & 0xff00) >> 8);
-pcnet_aprom_writeb(d, addr+2, (val & 0xff) >> 16);
-pcnet_aprom_writeb(d, addr+3, (val & 0xff00) >> 24);
-}
-}
+trace_pcnet_ioport_read(opaque, addr, size);
 
-static uint32_t pcnet_mmio_readl(void *opaque, hwaddr addr)
-{
-PCNetState *d = opaque;
-uint32_t val;
-
-if (addr & 0x10)
-val = pcnet_ioport_readl(d, addr & 0x0f);
-else {
-addr &= 0x0f;
-val = pcnet_aprom_readb(d, addr+3);
-val <<= 8;
-val |= pcnet_aprom_readb(d, addr+2);
-val <<= 8;
-val |= pcnet_aprom_readb(d, addr+1);
-val <<= 8;
-val |= pcnet_aprom_readb(d, addr);
+if (addr < 0x10) {
+if (size == 1) {
+return pcnet_aprom_readb(d, addr);
+} else if ((addr & 1) == 0 && size == 2) {
+return pcnet_aprom_readb(d, addr) |
+   (pcnet_aprom_readb(d, addr + 1) << 8);
+} else if ((addr & 3) == 0 && size == 4) {
+return pcnet_aprom_readb(d, addr) |
+   

[Qemu-devel] [PATCH 0/2] hw/net/pcnet-pci: Convert away from old_mmio accessors

[Peter Maydell]

This patchset converts the pcnet-pci's MMIO BAR MemoryRegionOps
away from the old_mmio accessors.

It does it in two stages:
 * patch 1 is a no-behaviour-change patch which replaces the old
   split byte/word/long accessor functions with single read and
   write functions which take the size, and look suspiciously
   similar but not identical to the existing pcnet_ioport_read/write
   functions
 * patch 2 then drops the new read and write functions and just
   uses the ioport read/write functions

My reason for structuring it like this is that I'm pretty sure
that the discrepancy between the MMIO BAR accessors and the
IO BAR accessors is just a bug (one which we fixed for the
IO BAR accessors in commit 7ba79741970 in 2011). But if I'm
wrong I want us to be able to revert the behaviour change
easily without that bringing back a use of the old_mmio accessors
(which might not even compile if we need to revert after we've
finally managed to drop those entirely).

The bug as fixed in patch 2 is that for the MMIO BAR we were
not honouring the DWIO bit (which indicates whether the device
is in 16-bit or 32-bit IO mode) when doing accesses to the
aprom range 0x0..0xf. We were already honouring DWIO for accesses
to the 0x10..0x1f range, and my trawling through datasheets
indicates that DWIO applies identically to MMIO and IO BARs
(see patch 2's commit message for details and references).

This is awkwardly hard to test, though, because Linux's
pcnet driver only uses port IO as far as I can tell. (Likely
this is why the bug has remained unnoticed for so long.)

thanks
-- PMM

Peter Maydell (2):
  hw/net/pcnet-pci: Convert away from old_mmio accessors
  hw/net/pcnet-pci: Unify pcnet_ioport_read/write and
pcnet_mmio_read/write

 hw/net/pcnet-pci.c  | 98 +++--
 hw/net/trace-events |  6 ---
 2 files changed, 6 insertions(+), 98 deletions(-)

-- 
2.17.1

Re: [Qemu-devel] [PATCH v6 23/77] target/mips: Add emulation of nanoMIPS 16-bit load and store instructions

[Richard Henderson]

On 08/02/2018 10:16 AM, Stefan Markovic wrote:
>  case NM_P16_LB:
> +switch (extract32(ctx->opcode, 2, 2)) {
> +case NM_LB16:
> +offset = extract32(ctx->opcode, 0, 2);
> +gen_ld(ctx, OPC_LB, rt, rs, offset);
> +break;
> +case NM_SB16:
> +offset = decode_gpr_gpr3_src_store(
> + NANOMIPS_EXTRACT_RD(ctx->opcode));
> +gen_st(ctx, OPC_SB, rt, rs, offset);

That looks wrong.  I think you want

rt = decode_gpr_gpr3_src_store(...);
offset = extract32(ctx->opcode, 0, 2);

here.

>  case NM_P16_LH:
> +switch ((extract32(ctx->opcode, 3, 1) << 1) | (ctx->opcode & 1)) {
> +case NM_LH16:
> +offset = extract32(ctx->opcode, 1, 2) << 1;
> +gen_ld(ctx, OPC_LH, rt, rs, offset);
> +break;
> +case NM_SH16:
> +offset = decode_gpr_gpr3_src_store(
> + NANOMIPS_EXTRACT_RD(ctx->opcode));
> +gen_st(ctx, OPC_SH, rt, rs, offset);

Similarly.


r~

Re: [Qemu-devel] [PATCH 1/3] hw/ppc/prep: Remove ifdeffed-out stub of XCSR code

[Hervé Poussineau]

Le 02/08/2018 à 16:44, Peter Maydell a écrit :

The prep machine has some code which is stubs of accessors
for XCSR registers. This has been disabled via #if 0
since commit b6b8bd1819ff in 2004, and doesn't have any
actual interesting content. It also uses the deprecated
old_mmio accessor functions. Remove it entirely.

Signed-off-by: Peter Maydell 
---
  hw/ppc/prep.c | 97 +++
  1 file changed, 4 insertions(+), 93 deletions(-)



Reviewed-by: Hervé Poussineau 

Re: [Qemu-devel] [PATCH v6 19/77] target/mips: Add emulation of nanoMIPS 16-bit arithmetic instructions

[Richard Henderson]

On 08/02/2018 10:16 AM, Stefan Markovic wrote:
> From: Yongbok Kim 
> 
> Add emulation of nanoMIPS 16-bit arithmetic instructions.
> 
> Signed-off-by: Yongbok Kim 
> Signed-off-by: Aleksandar Markovic 
> Signed-off-by: Stefan Markovic 
> ---
>  target/mips/translate.c | 125 
> 
>  1 file changed, 125 insertions(+)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v5 45/76] target/mips: Implement emulation of nanoMIPS LLWP/SCWP pair

[Richard Henderson]

On 08/02/2018 08:29 AM, Aleksandar Markovic wrote:
> Hi, Richard,
> 
> We are going to remove obsoleted helpers, that was just an honest mistake 
> made in a rush.
> 
> For unprotected access to gpr, we are going to insert if(reg1 != 0) in two 
> places.

Be careful that you do not eliminate side effects in the process.  This
includes things like check_dspr2, and any helper that sets overflow_flag or
carry_flag.

I cannot see how you will avoid that when adding only two if statements.


> However, it looks there is a bigger problem now in SCWP. QEMU crashes with 
> this message:
> 
> /qemu/tcg/tcg.c:2862: tcg fatal error
> 
> This happens in user mode only, system mode case runs fine.
> 
> the problem seems to appear as a consequence of using tcg_gen_brcond_*(().
> 
> Do you have any idea what are we doing wrong here?

If you send me a binary that triggers this error, I'll look at it.


r~

Re: [Qemu-devel] [PATCH 2/3] hw/ppc/ppc_boards: Don't use old_mmio for ref405ep_fpga

[Philippe Mathieu-Daudé]

On 08/02/2018 01:40 PM, Peter Maydell wrote:
> On 2 August 2018 at 16:58, Philippe Mathieu-Daudé  wrote:
>> Hopefully this is a good case to show the bug I'm having with
>> access_with_adjusted_size().
>>
>> I agree with your change, so:
>> Reviewed-by: Philippe Mathieu-Daudé 
>>
>> However IMO little endian guest access is likely to fail.
>>
>> The bug I'm having looks like, we have BE data is 'aabbccdd', I expect
>> 16-bit access @2 return 'ccdd' but returns 'bbaa' (IIRC).
> 
> Behaviour here is going to depend on (a) what the TARGET_ENDIANNESS
> setting is for the system (b) whether the device is DEVICE_NATIVE_ENDIAN,
> DEVICE_BIG_ENDIAN or DEVICE_LITTLE_ENDIAN (c) whether the guest
> CPU is in "little endian" or "big endian" mode (if the guest CPU
> architecture is bi-endian). I would not be surprised if device
> models which were only ever expected to work with (say) big endian
> MIPS didn't behave correctly when run with a little endian
> MIPS OS, but that's usually an error in the device model and/or
> its choice of .endianness in the memory region ops struct.
> 
> If there's something wrong with access_with_adjusted_size(),
> I would suggest starting a different thread for that. I don't
> think these changes should alter the behaviour of this device.

Sure, I'll do when I continue to work on this.

I started my mail with "Hi Peter" but the access_with_adjusted_size()
comments were directed to the PPC reviewers, I'll reword to be more
explicit.

PPC reviewers: watch out I'm hitting an issue on MIPS boards when using
bi-endian cpu in little-endian configuration, and accessing big-endian
ordered devices (usually when .valid access size is bigger than device
.impl). I don't know how to test this with PPC images.
This patch as it looks correct to me, but since now
access_with_adjusted_size() is involved, it might trigger the previous
described issue.

Regards,

Phil.

Re: [Qemu-devel] [PATCH 2/3] hw/ppc/ppc_boards: Don't use old_mmio for ref405ep_fpga

[Peter Maydell]

On 2 August 2018 at 16:58, Philippe Mathieu-Daudé  wrote:
> Hopefully this is a good case to show the bug I'm having with
> access_with_adjusted_size().
>
> I agree with your change, so:
> Reviewed-by: Philippe Mathieu-Daudé 
>
> However IMO little endian guest access is likely to fail.
>
> The bug I'm having looks like, we have BE data is 'aabbccdd', I expect
> 16-bit access @2 return 'ccdd' but returns 'bbaa' (IIRC).

Behaviour here is going to depend on (a) what the TARGET_ENDIANNESS
setting is for the system (b) whether the device is DEVICE_NATIVE_ENDIAN,
DEVICE_BIG_ENDIAN or DEVICE_LITTLE_ENDIAN (c) whether the guest
CPU is in "little endian" or "big endian" mode (if the guest CPU
architecture is bi-endian). I would not be surprised if device
models which were only ever expected to work with (say) big endian
MIPS didn't behave correctly when run with a little endian
MIPS OS, but that's usually an error in the device model and/or
its choice of .endianness in the memory region ops struct.

If there's something wrong with access_with_adjusted_size(),
I would suggest starting a different thread for that. I don't
think these changes should alter the behaviour of this device.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 0/4] target/arm sve fixes

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180801123111.3595-1-richard.hender...@linaro.org
Subject: [Qemu-devel] [PATCH 0/4] target/arm sve fixes

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
e4c5ee9260 target/arm: Fix typo in helper_sve_movz_d
9a37ac5908 target/arm: Reorganize SVE WHILE
c529b75fec target/arm: Fix typo in do_sat_addsub_64
fb72755faa target/arm: Fix sign of sve_cmpeq_ppzw/sve_cmpne_ppzw

=== OUTPUT BEGIN ===
Checking PATCH 1/4: target/arm: Fix sign of sve_cmpeq_ppzw/sve_cmpne_ppzw...
ERROR: spaces required around that '==' (ctx:WxB)
#31: FILE: target/arm/sve_helper.c:2439:
+DO_CMP_PPZW_B(sve_cmpeq_ppzw_b, int8_t,  uint64_t, ==)
^

ERROR: spaces required around that '==' (ctx:WxB)
#32: FILE: target/arm/sve_helper.c:2440:
+DO_CMP_PPZW_H(sve_cmpeq_ppzw_h, int16_t, uint64_t, ==)
^

ERROR: spaces required around that '==' (ctx:WxB)
#33: FILE: target/arm/sve_helper.c:2441:
+DO_CMP_PPZW_S(sve_cmpeq_ppzw_s, int32_t, uint64_t, ==)
^

ERROR: spaces required around that '!=' (ctx:WxB)
#38: FILE: target/arm/sve_helper.c:2443:
+DO_CMP_PPZW_B(sve_cmpne_ppzw_b, int8_t,  uint64_t, !=)
^

ERROR: spaces required around that '!=' (ctx:WxB)
#39: FILE: target/arm/sve_helper.c:2444:
+DO_CMP_PPZW_H(sve_cmpne_ppzw_h, int16_t, uint64_t, !=)
^

ERROR: spaces required around that '!=' (ctx:WxB)
#40: FILE: target/arm/sve_helper.c:2445:
+DO_CMP_PPZW_S(sve_cmpne_ppzw_s, int32_t, uint64_t, !=)
^

total: 6 errors, 0 warnings, 19 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 2/4: target/arm: Fix typo in do_sat_addsub_64...
Checking PATCH 3/4: target/arm: Reorganize SVE WHILE...
Checking PATCH 4/4: target/arm: Fix typo in helper_sve_movz_d...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[Qemu-devel] [Bug 1784900] Re: QEMU (frontend) crashes upon warm reboot with virtio-gpu device and vga=775 on Linux cmdline

[Stefan Berger]

On my system vga_draw_graphic is called with a surface_width(surface) =
1280, the next time surface_width(surface) = 1024, and then the next
time again with surface_width(surface) = 1280. So it's a quick
resolution change. Each time the surface pointer changes as well as
surface_width(surface) and surface_data(surface). Do NOT try to access
the s->last_surface with surface_data(s->last_surface) -- it likely has
been freed already.

So my guess is we could add (a subset of) checks like this one here:

if (s->last_surface != surface ||
s->last_surface_width != surface_width(surface) ||
s->last_surface_height != surface_height(surface) ||
s->last_surface_data != surface_data(surface)) {

s->last_surface = surface;
s->last_surface_width = surface_width(surface);
...
full_update = 1;
}

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1784900

Title:
  QEMU (frontend) crashes upon warm reboot with virtio-gpu device and
  vga=775 on Linux cmdline

Status in QEMU:
  New

Bug description:
  With vga=775 on the Linux command line a first boot of the VM running
  Linux works fine. After a warm reboot it crashes during Linux boot.
  The VM was used remotely via virt-manager and VNC.

  Bisecting the code lead to the following patch that introduced the
  bug:

  commit 1fccd7c5a9a722a9cbf1bc91693f4618034f01ac (HEAD, refs/bisect/bad)
  Author: Gerd Hoffmann 
  Date:   Mon Jul 2 18:24:43 2018 +0200

  virtio-gpu: disable scanout when backing resource is destroyed

  Signed-off-by: Gerd Hoffmann 
  Reviewed-by: Marc-André Lureau 
  Message-id: 20180702162443.16796-4-kra...@redhat.com

  diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
  index 336dc59007..08cd567218 100644
  --- a/hw/display/virtio-gpu.c
  +++ b/hw/display/virtio-gpu.c
  @@ -430,6 +430,16 @@ static void virtio_gpu_disable_scanout(VirtIOGPU *g, int 
scanout_id)
   static void virtio_gpu_resource_destroy(VirtIOGPU *g,
   struct virtio_gpu_simple_resource 
*res)
   {
  +int i;
  +
  +if (res->scanout_bitmask) {
  +for (i = 0; i < g->conf.max_outputs; i++) {
  +if (res->scanout_bitmask & (1 << i)) {
  +virtio_gpu_disable_scanout(g, i);
  +}
  +}
  +}
  +
   pixman_image_unref(res->image);
   virtio_gpu_cleanup_mapping(res);
   QTAILQ_REMOVE(>reslist, res, next);

  
  Reported backtraces can be found here:  
https://paste.fedoraproject.org/paste/OUDEfCk1IY7xiy0I0PDlkw

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1784900/+subscriptions

Re: [Qemu-devel] [PATCH 1/2] hw/display/vga-isa-mm: Convert away from old_mmio

[Philippe Mathieu-Daudé]

On 08/02/2018 12:51 PM, Peter Maydell wrote:
> Convert the vga-isa-mm device away from the old_mmio
> MemoryRegion accessors.
> 
> This device is only used by the MIPS 'jazz' boards
> "magnum" and "pica61".
> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  hw/display/vga-isa-mm.c | 60 +
>  1 file changed, 13 insertions(+), 47 deletions(-)
> 
> diff --git a/hw/display/vga-isa-mm.c b/hw/display/vga-isa-mm.c
> index 232216cad0a..215e6497190 100644
> --- a/hw/display/vga-isa-mm.c
> +++ b/hw/display/vga-isa-mm.c
> @@ -36,64 +36,30 @@ typedef struct ISAVGAMMState {
>  } ISAVGAMMState;
>  
>  /* Memory mapped interface */
> -static uint32_t vga_mm_readb (void *opaque, hwaddr addr)
> +static uint64_t vga_mm_read(void *opaque, hwaddr addr, unsigned size)
>  {
>  ISAVGAMMState *s = opaque;
>  
> -return vga_ioport_read(>vga, addr >> s->it_shift) & 0xff;
> +return vga_ioport_read(>vga, addr >> s->it_shift) &
> +MAKE_64BIT_MASK(0, size * 8);
>  }
>  
> -static void vga_mm_writeb (void *opaque,
> -   hwaddr addr, uint32_t value)
> +static void vga_mm_write(void *opaque, hwaddr addr, uint64_t value,
> + unsigned size)
>  {
>  ISAVGAMMState *s = opaque;
>  
> -vga_ioport_write(>vga, addr >> s->it_shift, value & 0xff);
> -}
> -
> -static uint32_t vga_mm_readw (void *opaque, hwaddr addr)
> -{
> -ISAVGAMMState *s = opaque;
> -
> -return vga_ioport_read(>vga, addr >> s->it_shift) & 0x;
> -}
> -
> -static void vga_mm_writew (void *opaque,
> -   hwaddr addr, uint32_t value)
> -{
> -ISAVGAMMState *s = opaque;
> -
> -vga_ioport_write(>vga, addr >> s->it_shift, value & 0x);
> -}
> -
> -static uint32_t vga_mm_readl (void *opaque, hwaddr addr)
> -{
> -ISAVGAMMState *s = opaque;
> -
> -return vga_ioport_read(>vga, addr >> s->it_shift);
> -}
> -
> -static void vga_mm_writel (void *opaque,
> -   hwaddr addr, uint32_t value)
> -{
> -ISAVGAMMState *s = opaque;
> -
> -vga_ioport_write(>vga, addr >> s->it_shift, value);
> +vga_ioport_write(>vga, addr >> s->it_shift,
> + value & MAKE_64BIT_MASK(0, size * 8));
>  }
>  
>  static const MemoryRegionOps vga_mm_ctrl_ops = {
> -.old_mmio = {
> -.read = {
> -vga_mm_readb,
> -vga_mm_readw,
> -vga_mm_readl,
> -},
> -.write = {
> -vga_mm_writeb,
> -vga_mm_writew,
> -vga_mm_writel,
> -},
> -},
> +.read = vga_mm_read,
> +.write = vga_mm_write,
> +.valid.min_access_size = 1,
> +.valid.max_access_size = 4,
> +.impl.min_access_size = 1,
> +.impl.max_access_size = 4,
>  .endianness = DEVICE_NATIVE_ENDIAN,
>  };
>  
> 

Re: [Qemu-devel] [PATCH 1/3] hw/ppc/prep: Remove ifdeffed-out stub of XCSR code

[Philippe Mathieu-Daudé]

On 08/02/2018 12:54 PM, Peter Maydell wrote:
> On 2 August 2018 at 16:45, Philippe Mathieu-Daudé  wrote:
>> While not directly use the harmless UnimplementedDevice?
>>
>>create_unimplemented_device("ppc-xcsr", 0xfeff, 0x1000);
> 
> I preferred not to change the current behaviour for this
> API conversion. If the PPC/prep maintainers would like to
> use unimplemented-device they can easily do so as a a
> different patch...

Now I remember there is a behaviour change in using this device:
currently an access to this address space triggers
cpu::do_transaction_failed();
using UnimplementedDevice doesn't.

So better to do this change in a different patch indeed :)

Re: [Qemu-devel] [PATCH 3/3] hw/ppc/ppc405_uc: Convert away from old_mmio

[Philippe Mathieu-Daudé]

On 08/02/2018 11:44 AM, Peter Maydell wrote:
> Convert the devices in ppc405_uc away from using the old_mmio
> MemoryRegion accessors:
> 
>  * opba's 32-bit and 16-bit accessors were just calling the
>8-bit accessors and assembling a big-endian order number,
>which we can do by setting the .impl.max_access_size to 1
>and the endianness to DEVICE_BIG_ENDIAN, and letting the
>core memory code do the assembly
>  * ppc405_gpio's accessors were all just stubs
>  * ppc4xx_gpt's 8-bit and 16-bit accessors were treating the
>access as invalid, which we can do by setting the
>.valid.min_access_size and .valid.max_access_size fields
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/ppc/ppc405_uc.c | 173 +++--
>  1 file changed, 25 insertions(+), 148 deletions(-)
> 
> diff --git a/hw/ppc/ppc405_uc.c b/hw/ppc/ppc405_uc.c
> index 4bd9fbcc1ef..5c58415cf1f 100644
> --- a/hw/ppc/ppc405_uc.c
> +++ b/hw/ppc/ppc405_uc.c
> @@ -283,7 +283,7 @@ struct ppc4xx_opba_t {
>  uint8_t pr;
>  };
>  
> -static uint32_t opba_readb (void *opaque, hwaddr addr)
> +static uint64_t opba_readb(void *opaque, hwaddr addr, unsigned size)
>  {
>  ppc4xx_opba_t *opba;
>  uint32_t ret;
> @@ -307,8 +307,8 @@ static uint32_t opba_readb (void *opaque, hwaddr addr)
>  return ret;
>  }
>  
> -static void opba_writeb (void *opaque,
> - hwaddr addr, uint32_t value)
> +static void opba_writeb(void *opaque, hwaddr addr, uint64_t value,
> +unsigned size)
>  {
>  ppc4xx_opba_t *opba;
>  
> @@ -328,61 +328,14 @@ static void opba_writeb (void *opaque,
>  break;
>  }
>  }
> -
> -static uint32_t opba_readw (void *opaque, hwaddr addr)
> -{
> -uint32_t ret;
> -
> -#ifdef DEBUG_OPBA
> -printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
> -#endif
> -ret = opba_readb(opaque, addr) << 8;
> -ret |= opba_readb(opaque, addr + 1);
> -
> -return ret;
> -}
> -
> -static void opba_writew (void *opaque,
> - hwaddr addr, uint32_t value)
> -{
> -#ifdef DEBUG_OPBA
> -printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
> -   value);
> -#endif
> -opba_writeb(opaque, addr, value >> 8);
> -opba_writeb(opaque, addr + 1, value);
> -}
> -
> -static uint32_t opba_readl (void *opaque, hwaddr addr)
> -{
> -uint32_t ret;
> -
> -#ifdef DEBUG_OPBA
> -printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
> -#endif
> -ret = opba_readb(opaque, addr) << 24;
> -ret |= opba_readb(opaque, addr + 1) << 16;
> -
> -return ret;
> -}
> -
> -static void opba_writel (void *opaque,
> - hwaddr addr, uint32_t value)
> -{
> -#ifdef DEBUG_OPBA
> -printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
> -   value);
> -#endif
> -opba_writeb(opaque, addr, value >> 24);
> -opba_writeb(opaque, addr + 1, value >> 16);
> -}
> -
>  static const MemoryRegionOps opba_ops = {
> -.old_mmio = {
> -.read = { opba_readb, opba_readw, opba_readl, },
> -.write = { opba_writeb, opba_writew, opba_writel, },
> -},
> -.endianness = DEVICE_NATIVE_ENDIAN,
> +.read = opba_readb,
> +.write = opba_writeb,
> +.impl.min_access_size = 1,
> +.impl.max_access_size = 1,
> +.valid.min_access_size = 1,
> +.valid.max_access_size = 4,
> +.endianness = DEVICE_BIG_ENDIAN,

Except the eventual issue commented in the previous patch,
Reviewed-by: Philippe Mathieu-Daudé 

>  };
>  
>  static void ppc4xx_opba_reset (void *opaque)
> @@ -750,65 +703,27 @@ struct ppc405_gpio_t {
>  uint32_t isr1l;
>  };
>  
> -static uint32_t ppc405_gpio_readb (void *opaque, hwaddr addr)
> +static uint64_t ppc405_gpio_read(void *opaque, hwaddr addr, unsigned size)
>  {
>  #ifdef DEBUG_GPIO
> -printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
> +printf("%s: addr " TARGET_FMT_plx " size %d\n", __func__, addr, size);
>  #endif
>  
>  return 0;
>  }
>  
> -static void ppc405_gpio_writeb (void *opaque,
> -hwaddr addr, uint32_t value)
> +static void ppc405_gpio_write(void *opaque, hwaddr addr, uint64_t value,
> +  unsigned size)
>  {
>  #ifdef DEBUG_GPIO
> -printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
> -   value);
> -#endif
> -}
> -
> -static uint32_t ppc405_gpio_readw (void *opaque, hwaddr addr)
> -{
> -#ifdef DEBUG_GPIO
> -printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
> -#endif
> -
> -return 0;
> -}
> -
> -static void ppc405_gpio_writew (void *opaque,
> -hwaddr addr, uint32_t value)
> -{
> -#ifdef DEBUG_GPIO
> -printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
> -   value);
> -#endif
> -}
> -
> -static uint32_t ppc405_gpio_readl (void *opaque, hwaddr addr)
> -{
> -#ifdef DEBUG_GPIO
> -printf("%s: 

Re: [Qemu-devel] [PATCH v6 4/4] spapr: increase the size of the IRQ number space

[Cédric Le Goater]

On 08/02/2018 04:47 PM, Greg Kurz wrote:
> On Mon, 30 Jul 2018 16:11:34 +0200
> Cédric Le Goater  wrote:
> 
>> The new layout using static IRQ number does not leave much space to
>> the dynamic MSI range, only 0x100 IRQ numbers. Increase the total
>> number of IRQS for newer machines and introduce a legacy XICS backend
>> for pre-3.1 machines to maintain compatibility.
>>
>> Signed-off-by: Cédric Le Goater 
>> ---
>>  include/hw/ppc/spapr_irq.h |  1 +
>>  hw/ppc/spapr.c |  1 +
>>  hw/ppc/spapr_irq.c | 12 +++-
>>  3 files changed, 13 insertions(+), 1 deletion(-)
>>
>> diff --git a/include/hw/ppc/spapr_irq.h b/include/hw/ppc/spapr_irq.h
>> index 0e98c4474bb2..626160ba475e 100644
>> --- a/include/hw/ppc/spapr_irq.h
>> +++ b/include/hw/ppc/spapr_irq.h
>> @@ -40,6 +40,7 @@ typedef struct sPAPRIrq {
>>  } sPAPRIrq;
>>  
>>  extern sPAPRIrq spapr_irq_xics;
>> +extern sPAPRIrq spapr_irq_xics_legacy;
>>  
>>  int spapr_irq_claim(sPAPRMachineState *spapr, int irq, bool lsi, Error 
>> **errp);
>>  void spapr_irq_free(sPAPRMachineState *spapr, int irq, int num);
>> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
>> index d9f8cca49208..5ae62b0682d2 100644
>> --- a/hw/ppc/spapr.c
>> +++ b/hw/ppc/spapr.c
>> @@ -3947,6 +3947,7 @@ static void 
>> spapr_machine_3_0_class_options(MachineClass *mc)
>>  SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_3_0);
>>  
>>  smc->legacy_irq_allocation = true;
>> +smc->irq = _irq_xics_legacy;
>>  }
>>  
>>  DEFINE_SPAPR_MACHINE(3_0, "3.0", false);
>> diff --git a/hw/ppc/spapr_irq.c b/hw/ppc/spapr_irq.c
>> index 0cbb5dd39368..620c49b38455 100644
>> --- a/hw/ppc/spapr_irq.c
>> +++ b/hw/ppc/spapr_irq.c
>> @@ -196,7 +196,7 @@ static void spapr_irq_print_info_xics(sPAPRMachineState 
>> *spapr, Monitor *mon)
>>  }
>>  
>>  sPAPRIrq spapr_irq_xics = {
>> -.nr_irqs = XICS_IRQS_SPAPR,
>> +.nr_irqs = 0x1000,
> 
> IMHO using XICS_IRQS_SPAPR as the total number of MSIs for the whole
> machine was bogus, since the DT also advertises this same number of
> available MSIs per PHB:
> 
> *** hw/ppc/spapr_pci.c:
> spapr_populate_pci_dt[2126]
> 
> _FDT(fdt_setprop_cell(fdt, bus_off, "ibm,pe-total-#msi", 
> XICS_IRQS_SPAPR));
> 
> Even if you bump the limit from 1024 to 4096, we still have a discrepancy
> between what we tell the guest and what the machine can actually do.

Yes. But that is another unrelated problem that this patch is not 
trying to solve. The patch is just about increasing the total 
number of IRQs to have some more MSIs to allocate at a machine 
level.

> I'm wondering if we should take into account the number of possible
> PHBs when initializing the bitmap allocator, ie, .nr_irqs should
> rather be SPAPR_MAX_PHBS * XICS_IRQS_SPAPR ?

XICS_IRQS_SPAPR is a machine level number and it is a little more 
complex than that. Something like  : 

SPAPR_IRQ_MSI - XICS_IRQ_BASE + (max_phbs * max_msis_per_phb). 


C.

>>  
>>  .init= spapr_irq_init_xics,
>>  .claim   = spapr_irq_claim_xics,
>> @@ -284,3 +284,13 @@ int spapr_irq_find(sPAPRMachineState *spapr, int num, 
>> bool align, Error **errp)
>>  
>>  return first + ics->offset;
>>  }
>> +
>> +sPAPRIrq spapr_irq_xics_legacy = {
>> +.nr_irqs = XICS_IRQS_SPAPR,
>> +
>> +.init= spapr_irq_init_xics,
>> +.claim   = spapr_irq_claim_xics,
>> +.free= spapr_irq_free_xics,
>> +.qirq= spapr_qirq_xics,
>> +.print_info  = spapr_irq_print_info_xics,
>> +};
> 

Re: [Qemu-devel] [PATCH 2/3] hw/ppc/ppc_boards: Don't use old_mmio for ref405ep_fpga

[Philippe Mathieu-Daudé]

Hi Peter,

On 08/02/2018 11:44 AM, Peter Maydell wrote:
> Switch the ref405ep_fpga device away from using the old_mmio
> MemoryRegion accessors.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/ppc/ppc405_boards.c | 60 +++---
>  1 file changed, 10 insertions(+), 50 deletions(-)
> 
> diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
> index 70111075b33..f5a9c24b6ce 100644
> --- a/hw/ppc/ppc405_boards.c
> +++ b/hw/ppc/ppc405_boards.c
> @@ -66,7 +66,7 @@ struct ref405ep_fpga_t {
>  uint8_t reg1;
>  };
>  
> -static uint32_t ref405ep_fpga_readb (void *opaque, hwaddr addr)
> +static uint64_t ref405ep_fpga_readb(void *opaque, hwaddr addr, unsigned size)
>  {
>  ref405ep_fpga_t *fpga;
>  uint32_t ret;
> @@ -87,8 +87,8 @@ static uint32_t ref405ep_fpga_readb (void *opaque, hwaddr 
> addr)
>  return ret;
>  }
>  
> -static void ref405ep_fpga_writeb (void *opaque,
> -  hwaddr addr, uint32_t value)
> +static void ref405ep_fpga_writeb(void *opaque, hwaddr addr, uint64_t value,
> + unsigned size)
>  {
>  ref405ep_fpga_t *fpga;
>  
> @@ -105,54 +105,14 @@ static void ref405ep_fpga_writeb (void *opaque,
>  }
>  }
>  
> -static uint32_t ref405ep_fpga_readw (void *opaque, hwaddr addr)
> -{
> -uint32_t ret;
> -
> -ret = ref405ep_fpga_readb(opaque, addr) << 8;
> -ret |= ref405ep_fpga_readb(opaque, addr + 1);
> -
> -return ret;
> -}
> -
> -static void ref405ep_fpga_writew (void *opaque,
> -  hwaddr addr, uint32_t value)
> -{
> -ref405ep_fpga_writeb(opaque, addr, (value >> 8) & 0xFF);
> -ref405ep_fpga_writeb(opaque, addr + 1, value & 0xFF);
> -}
> -
> -static uint32_t ref405ep_fpga_readl (void *opaque, hwaddr addr)
> -{
> -uint32_t ret;
> -
> -ret = ref405ep_fpga_readb(opaque, addr) << 24;
> -ret |= ref405ep_fpga_readb(opaque, addr + 1) << 16;
> -ret |= ref405ep_fpga_readb(opaque, addr + 2) << 8;
> -ret |= ref405ep_fpga_readb(opaque, addr + 3);
> -
> -return ret;
> -}
> -
> -static void ref405ep_fpga_writel (void *opaque,
> -  hwaddr addr, uint32_t value)
> -{
> -ref405ep_fpga_writeb(opaque, addr, (value >> 24) & 0xFF);
> -ref405ep_fpga_writeb(opaque, addr + 1, (value >> 16) & 0xFF);
> -ref405ep_fpga_writeb(opaque, addr + 2, (value >> 8) & 0xFF);
> -ref405ep_fpga_writeb(opaque, addr + 3, value & 0xFF);
> -}
> -
>  static const MemoryRegionOps ref405ep_fpga_ops = {
> -.old_mmio = {
> -.read = {
> -ref405ep_fpga_readb, ref405ep_fpga_readw, ref405ep_fpga_readl,
> -},
> -.write = {
> -ref405ep_fpga_writeb, ref405ep_fpga_writew, ref405ep_fpga_writel,
> -},
> -},
> -.endianness = DEVICE_NATIVE_ENDIAN,
> +.read = ref405ep_fpga_readb,
> +.write = ref405ep_fpga_writeb,
> +.impl.min_access_size = 1,
> +.impl.max_access_size = 1,
> +.valid.min_access_size = 1,
> +.valid.max_access_size = 4,
> +.endianness = DEVICE_BIG_ENDIAN,

Hopefully this is a good case to show the bug I'm having with
access_with_adjusted_size().

I agree with your change, so:
Reviewed-by: Philippe Mathieu-Daudé 

However IMO little endian guest access is likely to fail.

The bug I'm having looks like, we have BE data is 'aabbccdd', I expect
16-bit access @2 return 'ccdd' but returns 'bbaa' (IIRC).

I used those cripple tests:
https://github.com/philmd/qemu/commit/671ce501a5301849a91384e6ba6f2f3affabcd0d#diff-da1e7a2e0582a05aa232a4baf37f4572

I'll try go get some free time to resurrect/rebase this branch.

Regards,

Phil.

>  };
>  
>  static void ref405ep_fpga_reset (void *opaque)
> 

Re: [Qemu-devel] [PATCH 1/3] hw/ppc/prep: Remove ifdeffed-out stub of XCSR code

[Peter Maydell]

On 2 August 2018 at 16:45, Philippe Mathieu-Daudé  wrote:
> While not directly use the harmless UnimplementedDevice?
>
>create_unimplemented_device("ppc-xcsr", 0xfeff, 0x1000);

I preferred not to change the current behaviour for this
API conversion. If the PPC/prep maintainers would like to
use unimplemented-device they can easily do so as a a
different patch...

thanks
-- PMM

[Qemu-devel] [PATCH 0/2] mips: convert devices away from old_mmio

[Peter Maydell]

These patches convert a couple of devices used only by MIPS
boards from using the old_mmio MemoryRegionOps accessor functions.

 * vga-isa-mm: used by the MIPS 'jazz' boards "magnum" and "pica61"
 * bonito pci controller: used by the MIPS "fulong2e" board

Tested only with "make check".

thanks
-- PMM

Peter Maydell (2):
  hw/display/vga-isa-mm: Convert away from old_mmio
  hw/pci-host/bonito: Move away from old_mmio accessors

 hw/display/vga-isa-mm.c |  60 -
 hw/pci-host/bonito.c| 145 +---
 2 files changed, 28 insertions(+), 177 deletions(-)

-- 
2.17.1

[Qemu-devel] [PATCH 2/2] hw/pci-host/bonito: Move away from old_mmio accessors

[Peter Maydell]

Move away from the old_mmio MemoryRegion accessors in the
bonito pci controller.

This device is used only in the MIPS "fulong2e" machine.

Signed-off-by: Peter Maydell 
---
 hw/pci-host/bonito.c | 145 +--
 1 file changed, 15 insertions(+), 130 deletions(-)

diff --git a/hw/pci-host/bonito.c b/hw/pci-host/bonito.c
index 2d25e9bf7ca..9868e2eccc6 100644
--- a/hw/pci-host/bonito.c
+++ b/hw/pci-host/bonito.c
@@ -460,8 +460,8 @@ static uint32_t bonito_sbridge_pciaddr(void *opaque, hwaddr 
addr)
 return pciaddr;
 }
 
-static void bonito_spciconf_writeb(void *opaque, hwaddr addr,
-   uint32_t val)
+static void bonito_spciconf_write(void *opaque, hwaddr addr, uint64_t val,
+  unsigned size)
 {
 PCIBonitoState *s = opaque;
 PCIDevice *d = PCI_DEVICE(s);
@@ -469,34 +469,8 @@ static void bonito_spciconf_writeb(void *opaque, hwaddr 
addr,
 uint32_t pciaddr;
 uint16_t status;
 
-DPRINTF("bonito_spciconf_writeb "TARGET_FMT_plx" val %x\n", addr, val);
-pciaddr = bonito_sbridge_pciaddr(s, addr);
-
-if (pciaddr == 0x) {
-return;
-}
-
-/* set the pci address in s->config_reg */
-phb->config_reg = (pciaddr) | (1u << 31);
-pci_data_write(phb->bus, phb->config_reg, val & 0xff, 1);
-
-/* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
-status = pci_get_word(d->config + PCI_STATUS);
-status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
-pci_set_word(d->config + PCI_STATUS, status);
-}
-
-static void bonito_spciconf_writew(void *opaque, hwaddr addr,
-   uint32_t val)
-{
-PCIBonitoState *s = opaque;
-PCIDevice *d = PCI_DEVICE(s);
-PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
-uint32_t pciaddr;
-uint16_t status;
-
-DPRINTF("bonito_spciconf_writew "TARGET_FMT_plx" val %x\n", addr, val);
-assert((addr & 0x1) == 0);
+DPRINTF("bonito_spciconf_write "TARGET_FMT_plx" size %d val %x\n",
+addr, size, val);
 
 pciaddr = bonito_sbridge_pciaddr(s, addr);
 
@@ -506,7 +480,7 @@ static void bonito_spciconf_writew(void *opaque, hwaddr 
addr,
 
 /* set the pci address in s->config_reg */
 phb->config_reg = (pciaddr) | (1u << 31);
-pci_data_write(phb->bus, phb->config_reg, val, 2);
+pci_data_write(phb->bus, phb->config_reg, val, size);
 
 /* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
 status = pci_get_word(d->config + PCI_STATUS);
@@ -514,8 +488,7 @@ static void bonito_spciconf_writew(void *opaque, hwaddr 
addr,
 pci_set_word(d->config + PCI_STATUS, status);
 }
 
-static void bonito_spciconf_writel(void *opaque, hwaddr addr,
-   uint32_t val)
+static uint64_t bonito_spciconf_read(void *opaque, hwaddr addr, unsigned size)
 {
 PCIBonitoState *s = opaque;
 PCIDevice *d = PCI_DEVICE(s);
@@ -523,38 +496,12 @@ static void bonito_spciconf_writel(void *opaque, hwaddr 
addr,
 uint32_t pciaddr;
 uint16_t status;
 
-DPRINTF("bonito_spciconf_writel "TARGET_FMT_plx" val %x\n", addr, val);
-assert((addr & 0x3) == 0);
+DPRINTF("bonito_spciconf_read "TARGET_FMT_plx" size %d\n", addr, size);
 
 pciaddr = bonito_sbridge_pciaddr(s, addr);
 
 if (pciaddr == 0x) {
-return;
-}
-
-/* set the pci address in s->config_reg */
-phb->config_reg = (pciaddr) | (1u << 31);
-pci_data_write(phb->bus, phb->config_reg, val, 4);
-
-/* clear PCI_STATUS_REC_MASTER_ABORT and PCI_STATUS_REC_TARGET_ABORT */
-status = pci_get_word(d->config + PCI_STATUS);
-status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
-pci_set_word(d->config + PCI_STATUS, status);
-}
-
-static uint32_t bonito_spciconf_readb(void *opaque, hwaddr addr)
-{
-PCIBonitoState *s = opaque;
-PCIDevice *d = PCI_DEVICE(s);
-PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
-uint32_t pciaddr;
-uint16_t status;
-
-DPRINTF("bonito_spciconf_readb "TARGET_FMT_plx"\n", addr);
-pciaddr = bonito_sbridge_pciaddr(s, addr);
-
-if (pciaddr == 0x) {
-return 0xff;
+return MAKE_64BIT_MASK(0, size * 8);
 }
 
 /* set the pci address in s->config_reg */
@@ -565,79 +512,17 @@ static uint32_t bonito_spciconf_readb(void *opaque, 
hwaddr addr)
 status &= ~(PCI_STATUS_REC_MASTER_ABORT | PCI_STATUS_REC_TARGET_ABORT);
 pci_set_word(d->config + PCI_STATUS, status);
 
-return pci_data_read(phb->bus, phb->config_reg, 1);
-}
-
-static uint32_t bonito_spciconf_readw(void *opaque, hwaddr addr)
-{
-PCIBonitoState *s = opaque;
-PCIDevice *d = PCI_DEVICE(s);
-PCIHostState *phb = PCI_HOST_BRIDGE(s->pcihost);
-uint32_t pciaddr;
-uint16_t status;
-
-DPRINTF("bonito_spciconf_readw "TARGET_FMT_plx"\n", addr);
-assert((addr & 0x1) == 0);
-
-pciaddr = 

[Qemu-devel] [PATCH 1/2] hw/display/vga-isa-mm: Convert away from old_mmio

[Peter Maydell]

Convert the vga-isa-mm device away from the old_mmio
MemoryRegion accessors.

This device is only used by the MIPS 'jazz' boards
"magnum" and "pica61".

Signed-off-by: Peter Maydell 
---
 hw/display/vga-isa-mm.c | 60 +
 1 file changed, 13 insertions(+), 47 deletions(-)

diff --git a/hw/display/vga-isa-mm.c b/hw/display/vga-isa-mm.c
index 232216cad0a..215e6497190 100644
--- a/hw/display/vga-isa-mm.c
+++ b/hw/display/vga-isa-mm.c
@@ -36,64 +36,30 @@ typedef struct ISAVGAMMState {
 } ISAVGAMMState;
 
 /* Memory mapped interface */
-static uint32_t vga_mm_readb (void *opaque, hwaddr addr)
+static uint64_t vga_mm_read(void *opaque, hwaddr addr, unsigned size)
 {
 ISAVGAMMState *s = opaque;
 
-return vga_ioport_read(>vga, addr >> s->it_shift) & 0xff;
+return vga_ioport_read(>vga, addr >> s->it_shift) &
+MAKE_64BIT_MASK(0, size * 8);
 }
 
-static void vga_mm_writeb (void *opaque,
-   hwaddr addr, uint32_t value)
+static void vga_mm_write(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
 {
 ISAVGAMMState *s = opaque;
 
-vga_ioport_write(>vga, addr >> s->it_shift, value & 0xff);
-}
-
-static uint32_t vga_mm_readw (void *opaque, hwaddr addr)
-{
-ISAVGAMMState *s = opaque;
-
-return vga_ioport_read(>vga, addr >> s->it_shift) & 0x;
-}
-
-static void vga_mm_writew (void *opaque,
-   hwaddr addr, uint32_t value)
-{
-ISAVGAMMState *s = opaque;
-
-vga_ioport_write(>vga, addr >> s->it_shift, value & 0x);
-}
-
-static uint32_t vga_mm_readl (void *opaque, hwaddr addr)
-{
-ISAVGAMMState *s = opaque;
-
-return vga_ioport_read(>vga, addr >> s->it_shift);
-}
-
-static void vga_mm_writel (void *opaque,
-   hwaddr addr, uint32_t value)
-{
-ISAVGAMMState *s = opaque;
-
-vga_ioport_write(>vga, addr >> s->it_shift, value);
+vga_ioport_write(>vga, addr >> s->it_shift,
+ value & MAKE_64BIT_MASK(0, size * 8));
 }
 
 static const MemoryRegionOps vga_mm_ctrl_ops = {
-.old_mmio = {
-.read = {
-vga_mm_readb,
-vga_mm_readw,
-vga_mm_readl,
-},
-.write = {
-vga_mm_writeb,
-vga_mm_writew,
-vga_mm_writel,
-},
-},
+.read = vga_mm_read,
+.write = vga_mm_write,
+.valid.min_access_size = 1,
+.valid.max_access_size = 4,
+.impl.min_access_size = 1,
+.impl.max_access_size = 4,
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-- 
2.17.1

Re: [Qemu-devel] [PATCH v5] s390x: Enable KVM huge page backing support

[David Hildenbrand]

On 02.08.2018 09:02, Janosch Frank wrote:
> QEMU has had huge page support for a longer time already, but KVM
> memory management under s390x needed some changes to work with huge
> backings.
> 
> Now that we have support, let's enable it if requested and
> available. Otherwise we now properly tell the user if there is no
> support and back out instead of failing to run the VM later on.
> 
> Signed-off-by: Janosch Frank 
> Reviewed-by: David Hildenbrand 
> ---
> 
> Now featuring all of the required braces.
> 
> ---
>  target/s390x/kvm.c | 35 +--
>  1 file changed, 33 insertions(+), 2 deletions(-)
> 
> diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
> index d923cf4240..8ba948c324 100644
> --- a/target/s390x/kvm.c
> +++ b/target/s390x/kvm.c
> @@ -34,6 +34,8 @@
>  #include "qapi/error.h"
>  #include "qemu/error-report.h"
>  #include "qemu/timer.h"
> +#include "qemu/units.h"
> +#include "qemu/mmap-alloc.h"
>  #include "sysemu/sysemu.h"
>  #include "sysemu/hw_accel.h"
>  #include "hw/hw.h"
> @@ -139,6 +141,7 @@ static int cap_mem_op;
>  static int cap_s390_irq;
>  static int cap_ri;
>  static int cap_gs;
> +static int cap_hpage_1m;
>  
>  static int active_cmma;
>  
> @@ -220,9 +223,9 @@ static void kvm_s390_enable_cmma(void)
>  .attr = KVM_S390_VM_MEM_ENABLE_CMMA,
>  };
>  
> -if (mem_path) {
> +if (cap_hpage_1m) {
>  warn_report("CMM will not be enabled because it is not "
> -"compatible with hugetlbfs.");
> +"compatible with huge memory backings.");
>  return;
>  }
>  rc = kvm_vm_ioctl(kvm_state, KVM_SET_DEVICE_ATTR, );
> @@ -281,10 +284,38 @@ void kvm_s390_crypto_reset(void)
>  }
>  }
>  
> +static int kvm_s390_configure_mempath_backing(KVMState *s)
> +{
> +size_t path_psize = qemu_mempath_getpagesize(mem_path);
> +
> +if (path_psize == 4 * KiB) {
> +return 0;
> +}
> +
> +if (path_psize != 1 * MiB) {
> +error_report("Memory backing with 2G pages was specified, "
> + "but KVM does not support this memory backing");
> +return -EINVAL;
> +}
> +
> +if (kvm_vm_enable_cap(s, KVM_CAP_S390_HPAGE_1M, 0)) {
> +error_report("Memory backing with 1M pages was specified, "
> + "but KVM does not support this memory backing");
> +return -EINVAL;
> +}
> +
> +cap_hpage_1m = 1;
> +return 0;
> +}
> +
>  int kvm_arch_init(MachineState *ms, KVMState *s)
>  {
>  MachineClass *mc = MACHINE_GET_CLASS(ms);
>  
> +if (mem_path && kvm_s390_configure_mempath_backing(s)) {
> +return -EINVAL;
> +}
> +
>  mc->default_cpu_type = S390_CPU_TYPE_NAME("host");
>  cap_sync_regs = kvm_check_extension(s, KVM_CAP_SYNC_REGS);
>  cap_async_pf = kvm_check_extension(s, KVM_CAP_ASYNC_PF);
> 

Looks good to me.

-- 

Thanks,

David / dhildenb

Re: [Qemu-devel] [PATCH 1/3] hw/ppc/prep: Remove ifdeffed-out stub of XCSR code

[Philippe Mathieu-Daudé]

On 08/02/2018 11:44 AM, Peter Maydell wrote:
> The prep machine has some code which is stubs of accessors
> for XCSR registers. This has been disabled via #if 0
> since commit b6b8bd1819ff in 2004, and doesn't have any
> actual interesting content. It also uses the deprecated
> old_mmio accessor functions. Remove it entirely.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/ppc/prep.c | 97 +++
>  1 file changed, 4 insertions(+), 93 deletions(-)
> 
> diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
> index 3401570d981..b26138e5c47 100644
> --- a/hw/ppc/prep.c
> +++ b/hw/ppc/prep.c
> @@ -78,94 +78,6 @@ static int ne2000_irq[NE2000_NB_MAX] = { 9, 10, 11, 3, 4, 
> 5 };
>  /* ISA IO ports bridge */
>  #define PPC_IO_BASE 0x8000
>  
> -/* PowerPC control and status registers */
> -#if 0 // Not used
> -static struct {
> -/* IDs */
> -uint32_t veni_devi;
> -uint32_t revi;
> -/* Control and status */
> -uint32_t gcsr;
> -uint32_t xcfr;
> -uint32_t ct32;
> -uint32_t mcsr;
> -/* General purpose registers */
> -uint32_t gprg[6];
> -/* Exceptions */
> -uint32_t feen;
> -uint32_t fest;
> -uint32_t fema;
> -uint32_t fecl;
> -uint32_t eeen;
> -uint32_t eest;
> -uint32_t eecl;
> -uint32_t eeint;
> -uint32_t eemck0;
> -uint32_t eemck1;
> -/* Error diagnostic */
> -} XCSR;
> -
> -static void PPC_XCSR_writeb (void *opaque,
> - hwaddr addr, uint32_t value)
> -{
> -printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
> -   value);
> -}
> -
> -static void PPC_XCSR_writew (void *opaque,
> - hwaddr addr, uint32_t value)
> -{
> -printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
> -   value);
> -}
> -
> -static void PPC_XCSR_writel (void *opaque,
> - hwaddr addr, uint32_t value)
> -{
> -printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
> -   value);
> -}
> -
> -static uint32_t PPC_XCSR_readb (void *opaque, hwaddr addr)
> -{
> -uint32_t retval = 0;
> -
> -printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
> -   retval);
> -
> -return retval;
> -}
> -
> -static uint32_t PPC_XCSR_readw (void *opaque, hwaddr addr)
> -{
> -uint32_t retval = 0;
> -
> -printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
> -   retval);
> -
> -return retval;
> -}
> -
> -static uint32_t PPC_XCSR_readl (void *opaque, hwaddr addr)
> -{
> -uint32_t retval = 0;
> -
> -printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
> -   retval);
> -
> -return retval;
> -}
> -
> -static const MemoryRegionOps PPC_XCSR_ops = {
> -.old_mmio = {
> -.read = { PPC_XCSR_readb, PPC_XCSR_readw, PPC_XCSR_readl, },
> -.write = { PPC_XCSR_writeb, PPC_XCSR_writew, PPC_XCSR_writel, },
> -},
> -.endianness = DEVICE_LITTLE_ENDIAN,
> -};
> -
> -#endif
> -
>  /* Fake super-io ports for PREP platform (Intel 82378ZB) */
>  typedef struct sysctrl_t {
>  qemu_irq reset_irq;
> @@ -648,11 +560,10 @@ static void ppc_prep_init(MachineState *machine)
>  portio_list_init(_port_list, NULL, prep_portio_list, sysctrl, 
> "prep");
>  portio_list_add(_port_list, isa_address_space_io(isa), 0x0);
>  
> -/* PowerPC control and status register group */
> -#if 0
> -memory_region_init_io(xcsr, NULL, _XCSR_ops, NULL, "ppc-xcsr", 
> 0x1000);
> -memory_region_add_subregion(sysmem, 0xFEFF, xcsr);
> -#endif
> +/*
> + * PowerPC control and status register group: unimplemented,
> + * would be at address 0xFEFF.
> + */

While not directly use the harmless UnimplementedDevice?

   create_unimplemented_device("ppc-xcsr", 0xfeff, 0x1000);

Anyway,
Reviewed-by: Philippe Mathieu-Daudé 

>  
>  if (machine_usb(machine)) {
>  pci_create_simple(pci_bus, -1, "pci-ohci");
> 

Re: [Qemu-devel] [Qemu-arm] [PATCH 4/4] target/arm: Fix typo in helper_sve_movz_d

[Philippe Mathieu-Daudé]

On 08/01/2018 09:31 AM, Richard Henderson wrote:
> Reported-by: Laurent Desnogues 
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/sve_helper.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
> index 87594a8adb..c3cbec9cf5 100644
> --- a/target/arm/sve_helper.c
> +++ b/target/arm/sve_helper.c
> @@ -1042,7 +1042,7 @@ void HELPER(sve_movz_d)(void *vd, void *vn, void *vg, 
> uint32_t desc)
>  uint64_t *d = vd, *n = vn;
>  uint8_t *pg = vg;
>  for (i = 0; i < opr_sz; i += 1) {
> -d[i] = n[1] & -(uint64_t)(pg[H1(i)] & 1);
> +d[i] = n[i] & -(uint64_t)(pg[H1(i)] & 1);

:)))

Reviewed-by: Philippe Mathieu-Daudé 

>  }
>  }
>  
> 

[Qemu-devel] [PATCH 1/4] qemu-iotests: Test removing a throttle group member with a pending timer

[Alberto Garcia]

A throttle group can have several members, and each one of them can
have several pending requests in the queue.

The requests are processed in a round-robin fashion, so the algorithm
decides the drive that is going to run the next request and sets a
timer in it. Once the timer fires and the throttled request is run
then the next drive from the group is selected and a new timer is set.

If the user tried to remove a drive from a group and that drive had a
timer set then the code was not taking care of setting up a new timer
in one of the remaining members of the group, freezing their I/O.

This problem was fixed in 6fccbb475bc6effc313ee9481726a1748b6dae57,
and this patch adds a new test case that reproduces this exact
scenario.

Signed-off-by: Alberto Garcia 
---
 tests/qemu-iotests/093 | 52 ++
 tests/qemu-iotests/093.out |  4 ++--
 2 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/093 b/tests/qemu-iotests/093
index 68e344f8c1..b26cd34e32 100755
--- a/tests/qemu-iotests/093
+++ b/tests/qemu-iotests/093
@@ -208,6 +208,58 @@ class ThrottleTestCase(iotests.QMPTestCase):
 limits[tk] = rate
 self.do_test_throttle(ndrives, 5, limits)
 
+# Test that removing a drive from a throttle group should not
+# affect the remaining members of the group.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1535914
+def test_remove_group_member(self):
+# Create a throttle group with two drives
+# and set a 4 KB/s read limit.
+params = {"bps": 0,
+  "bps_rd": 4096,
+  "bps_wr": 0,
+  "iops": 0,
+  "iops_rd": 0,
+  "iops_wr": 0 }
+self.configure_throttle(2, params)
+
+# Read 4KB from drive0. This is performed immediately.
+self.vm.hmp_qemu_io("drive0", "aio_read 0 4096")
+
+# Read 4KB again. The I/O limit has been exceeded so this
+# request is throttled and a timer is set to wake it up.
+self.vm.hmp_qemu_io("drive0", "aio_read 0 4096")
+
+# Read from drive1. We're still over the I/O limit so this
+# request is also throttled. There's no timer set in drive1
+# because there's already one in drive0. Once the timer in
+# drive0 fires and its throttled request is processed then the
+# next request in the queue will be scheduled: this one.
+self.vm.hmp_qemu_io("drive1", "aio_read 0 4096")
+
+# At this point only the first 4KB have been read from drive0.
+# The other requests are throttled.
+self.assertEqual(self.blockstats('drive0')[0], 4096)
+self.assertEqual(self.blockstats('drive1')[0], 0)
+
+# Remove drive0 from the throttle group and disable its I/O limits.
+# drive1 remains in the group with a throttled request.
+params['bps_rd'] = 0
+params['device'] = 'drive0'
+result = self.vm.qmp("block_set_io_throttle", conv_keys=False, 
**params)
+self.assert_qmp(result, 'return', {})
+
+# Removing the I/O limits from drive0 drains its pending request.
+# The read request in drive1 is still throttled.
+self.assertEqual(self.blockstats('drive0')[0], 8192)
+self.assertEqual(self.blockstats('drive1')[0], 0)
+
+# Advance the clock 5 seconds. This completes the request in drive1
+self.vm.qtest("clock_step %d" % (5 * nsec_per_sec))
+
+# Now all requests have been processed.
+self.assertEqual(self.blockstats('drive0')[0], 8192)
+self.assertEqual(self.blockstats('drive1')[0], 4096)
+
 class ThrottleTestCoroutine(ThrottleTestCase):
 test_img = "null-co://"
 
diff --git a/tests/qemu-iotests/093.out b/tests/qemu-iotests/093.out
index 594c16f49f..36376bed87 100644
--- a/tests/qemu-iotests/093.out
+++ b/tests/qemu-iotests/093.out
@@ -1,5 +1,5 @@
-
+..
 --
-Ran 8 tests
+Ran 10 tests
 
 OK
-- 
2.11.0

[Qemu-devel] [PATCH 2/4] throttle-groups: Skip the round-robin if a member is being drained

[Alberto Garcia]

In the throttling code after an I/O request has been completed the
next one is selected from a different member using a round-robin
algorithm. This ensures that all members get a chance to finish their
pending I/O requests.

However, if a group member has its I/O limits disabled (because it's
being drained) then we should always give it priority in order to have
all its pending requests finished as soon as possible.

If we don't do this we could have a member in the process of being
drained waiting for the throttled requests of other members, for which
the I/O limits still apply.

This can have additional consequences: if we're running in qtest mode
(with QEMU_CLOCK_VIRTUAL) then timers can only fire if we advance the
clock manually, so attempting to drain a block device can hang QEMU in
the BDRV_POLL_WHILE() loop at the end of bdrv_do_drained_begin().

Signed-off-by: Alberto Garcia 
---
 block/throttle-groups.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/block/throttle-groups.c b/block/throttle-groups.c
index e297b04e17..d46c56b31e 100644
--- a/block/throttle-groups.c
+++ b/block/throttle-groups.c
@@ -221,6 +221,15 @@ static ThrottleGroupMember 
*next_throttle_token(ThrottleGroupMember *tgm,
 ThrottleGroup *tg = container_of(ts, ThrottleGroup, ts);
 ThrottleGroupMember *token, *start;
 
+/* If this member has its I/O limits disabled then it means that
+ * it's being drained. Skip the round-robin search and return tgm
+ * immediately if it has pending requests. Otherwise we could be
+ * forcing it to wait for other member's throttled requests. */
+if (tgm_has_pending_reqs(tgm, is_write) &&
+atomic_read(>io_limits_disabled)) {
+return tgm;
+}
+
 start = token = tg->tokens[is_write];
 
 /* get next bs round in round robin style */
-- 
2.11.0

Re: [Qemu-devel] [PATCH v1] s390x/cpu_models: Add "-cpu max" support

[Cornelia Huck]

On Wed, 25 Jul 2018 11:12:33 +0200
David Hildenbrand  wrote:

> The "max" CPU model behaves like "-cpu host" when KVM is enabled, and like
> a CPU with the maximum possible feature set when TCG is enabled.
> 
> While the "host" model can not be used under TCG ("kvm_required"), the
> "max" model can and "Enables all features supported by the accelerator in
> the current host".
> 
> So we can treat "host" just as a special case of "max" (like x86 does).
> It differs to the "qemu" CPU model under TCG such that compatibility
> handling will not be performed and that some experimental CPU features
> not yet part of the "qemu" model might be indicated.
> 
> These are right now under TCG (see "qemu_MAX"):
> - stfle53
> - msa5-base
> - zpci
> 
> This will result right now in the following warning when starting QEMU TCG
> with the "max" model:
> "qemu-system-s390x: warning: 'msa5-base' requires 'kimd-sha-512'."
> 
> The "qemu" model (used as default in QEMU under TCG) will continue to
> work without such warnings. The "max" mdel in the current form
> might be interesting for kvm-unit-tests (where we would e.g. now also
> test "msa5-base").
> 
> The "max" model is neither static nor migration safe (like the "host"
> model). It is independent of the machine but dependends on the accelerator.
> It can be used to detect the maximum CPU model also under TCG from upper
> layers without having to care about CPU model names for CPU model
> expansion.
> 
> Signed-off-by: David Hildenbrand 
> ---
>  target/s390x/cpu_models.c | 81 +++
>  1 file changed, 56 insertions(+), 25 deletions(-)

Thanks, applied.

[Qemu-devel] [PATCH 3/4] qemu-iotests: Update 093 to improve the draining test

[Alberto Garcia]

The previous patch fixes a problem in which draining a block device
with more than one throttled request can make it wait first for the
completion of requests in other members of the same group.

This patch updates test_remove_group_member() in iotest 093 to
reproduce that scenario. This updated test would hang QEMU without the
fix from the previous patch.

Signed-off-by: Alberto Garcia 
---
 tests/qemu-iotests/093 | 19 +++
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/tests/qemu-iotests/093 b/tests/qemu-iotests/093
index b26cd34e32..9d1971a56c 100755
--- a/tests/qemu-iotests/093
+++ b/tests/qemu-iotests/093
@@ -225,15 +225,18 @@ class ThrottleTestCase(iotests.QMPTestCase):
 # Read 4KB from drive0. This is performed immediately.
 self.vm.hmp_qemu_io("drive0", "aio_read 0 4096")
 
-# Read 4KB again. The I/O limit has been exceeded so this
+# Read 2KB. The I/O limit has been exceeded so this
 # request is throttled and a timer is set to wake it up.
-self.vm.hmp_qemu_io("drive0", "aio_read 0 4096")
+self.vm.hmp_qemu_io("drive0", "aio_read 0 2048")
 
-# Read from drive1. We're still over the I/O limit so this
-# request is also throttled. There's no timer set in drive1
-# because there's already one in drive0. Once the timer in
-# drive0 fires and its throttled request is processed then the
-# next request in the queue will be scheduled: this one.
+# Read 2KB again. We're still over the I/O limit so this is
+# request is also throttled, but no new timer is set since
+# there's already one.
+self.vm.hmp_qemu_io("drive0", "aio_read 0 2048")
+
+# Read from drive1. This request is also throttled, and no
+# timer is set in drive1 because there's already one in
+# drive0.
 self.vm.hmp_qemu_io("drive1", "aio_read 0 4096")
 
 # At this point only the first 4KB have been read from drive0.
@@ -248,7 +251,7 @@ class ThrottleTestCase(iotests.QMPTestCase):
 result = self.vm.qmp("block_set_io_throttle", conv_keys=False, 
**params)
 self.assert_qmp(result, 'return', {})
 
-# Removing the I/O limits from drive0 drains its pending request.
+# Removing the I/O limits from drive0 drains its two pending requests.
 # The read request in drive1 is still throttled.
 self.assertEqual(self.blockstats('drive0')[0], 8192)
 self.assertEqual(self.blockstats('drive1')[0], 0)
-- 
2.11.0

[Qemu-devel] [PATCH 2/3] hw/ppc/ppc_boards: Don't use old_mmio for ref405ep_fpga

[Peter Maydell]

Switch the ref405ep_fpga device away from using the old_mmio
MemoryRegion accessors.

Signed-off-by: Peter Maydell 
---
 hw/ppc/ppc405_boards.c | 60 +++---
 1 file changed, 10 insertions(+), 50 deletions(-)

diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
index 70111075b33..f5a9c24b6ce 100644
--- a/hw/ppc/ppc405_boards.c
+++ b/hw/ppc/ppc405_boards.c
@@ -66,7 +66,7 @@ struct ref405ep_fpga_t {
 uint8_t reg1;
 };
 
-static uint32_t ref405ep_fpga_readb (void *opaque, hwaddr addr)
+static uint64_t ref405ep_fpga_readb(void *opaque, hwaddr addr, unsigned size)
 {
 ref405ep_fpga_t *fpga;
 uint32_t ret;
@@ -87,8 +87,8 @@ static uint32_t ref405ep_fpga_readb (void *opaque, hwaddr 
addr)
 return ret;
 }
 
-static void ref405ep_fpga_writeb (void *opaque,
-  hwaddr addr, uint32_t value)
+static void ref405ep_fpga_writeb(void *opaque, hwaddr addr, uint64_t value,
+ unsigned size)
 {
 ref405ep_fpga_t *fpga;
 
@@ -105,54 +105,14 @@ static void ref405ep_fpga_writeb (void *opaque,
 }
 }
 
-static uint32_t ref405ep_fpga_readw (void *opaque, hwaddr addr)
-{
-uint32_t ret;
-
-ret = ref405ep_fpga_readb(opaque, addr) << 8;
-ret |= ref405ep_fpga_readb(opaque, addr + 1);
-
-return ret;
-}
-
-static void ref405ep_fpga_writew (void *opaque,
-  hwaddr addr, uint32_t value)
-{
-ref405ep_fpga_writeb(opaque, addr, (value >> 8) & 0xFF);
-ref405ep_fpga_writeb(opaque, addr + 1, value & 0xFF);
-}
-
-static uint32_t ref405ep_fpga_readl (void *opaque, hwaddr addr)
-{
-uint32_t ret;
-
-ret = ref405ep_fpga_readb(opaque, addr) << 24;
-ret |= ref405ep_fpga_readb(opaque, addr + 1) << 16;
-ret |= ref405ep_fpga_readb(opaque, addr + 2) << 8;
-ret |= ref405ep_fpga_readb(opaque, addr + 3);
-
-return ret;
-}
-
-static void ref405ep_fpga_writel (void *opaque,
-  hwaddr addr, uint32_t value)
-{
-ref405ep_fpga_writeb(opaque, addr, (value >> 24) & 0xFF);
-ref405ep_fpga_writeb(opaque, addr + 1, (value >> 16) & 0xFF);
-ref405ep_fpga_writeb(opaque, addr + 2, (value >> 8) & 0xFF);
-ref405ep_fpga_writeb(opaque, addr + 3, value & 0xFF);
-}
-
 static const MemoryRegionOps ref405ep_fpga_ops = {
-.old_mmio = {
-.read = {
-ref405ep_fpga_readb, ref405ep_fpga_readw, ref405ep_fpga_readl,
-},
-.write = {
-ref405ep_fpga_writeb, ref405ep_fpga_writew, ref405ep_fpga_writel,
-},
-},
-.endianness = DEVICE_NATIVE_ENDIAN,
+.read = ref405ep_fpga_readb,
+.write = ref405ep_fpga_writeb,
+.impl.min_access_size = 1,
+.impl.max_access_size = 1,
+.valid.min_access_size = 1,
+.valid.max_access_size = 4,
+.endianness = DEVICE_BIG_ENDIAN,
 };
 
 static void ref405ep_fpga_reset (void *opaque)
-- 
2.17.1

[Qemu-devel] [PATCH 1/3] hw/ppc/prep: Remove ifdeffed-out stub of XCSR code

[Peter Maydell]

The prep machine has some code which is stubs of accessors
for XCSR registers. This has been disabled via #if 0
since commit b6b8bd1819ff in 2004, and doesn't have any
actual interesting content. It also uses the deprecated
old_mmio accessor functions. Remove it entirely.

Signed-off-by: Peter Maydell 
---
 hw/ppc/prep.c | 97 +++
 1 file changed, 4 insertions(+), 93 deletions(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 3401570d981..b26138e5c47 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -78,94 +78,6 @@ static int ne2000_irq[NE2000_NB_MAX] = { 9, 10, 11, 3, 4, 5 
};
 /* ISA IO ports bridge */
 #define PPC_IO_BASE 0x8000
 
-/* PowerPC control and status registers */
-#if 0 // Not used
-static struct {
-/* IDs */
-uint32_t veni_devi;
-uint32_t revi;
-/* Control and status */
-uint32_t gcsr;
-uint32_t xcfr;
-uint32_t ct32;
-uint32_t mcsr;
-/* General purpose registers */
-uint32_t gprg[6];
-/* Exceptions */
-uint32_t feen;
-uint32_t fest;
-uint32_t fema;
-uint32_t fecl;
-uint32_t eeen;
-uint32_t eest;
-uint32_t eecl;
-uint32_t eeint;
-uint32_t eemck0;
-uint32_t eemck1;
-/* Error diagnostic */
-} XCSR;
-
-static void PPC_XCSR_writeb (void *opaque,
- hwaddr addr, uint32_t value)
-{
-printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
-   value);
-}
-
-static void PPC_XCSR_writew (void *opaque,
- hwaddr addr, uint32_t value)
-{
-printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
-   value);
-}
-
-static void PPC_XCSR_writel (void *opaque,
- hwaddr addr, uint32_t value)
-{
-printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
-   value);
-}
-
-static uint32_t PPC_XCSR_readb (void *opaque, hwaddr addr)
-{
-uint32_t retval = 0;
-
-printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
-   retval);
-
-return retval;
-}
-
-static uint32_t PPC_XCSR_readw (void *opaque, hwaddr addr)
-{
-uint32_t retval = 0;
-
-printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
-   retval);
-
-return retval;
-}
-
-static uint32_t PPC_XCSR_readl (void *opaque, hwaddr addr)
-{
-uint32_t retval = 0;
-
-printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
-   retval);
-
-return retval;
-}
-
-static const MemoryRegionOps PPC_XCSR_ops = {
-.old_mmio = {
-.read = { PPC_XCSR_readb, PPC_XCSR_readw, PPC_XCSR_readl, },
-.write = { PPC_XCSR_writeb, PPC_XCSR_writew, PPC_XCSR_writel, },
-},
-.endianness = DEVICE_LITTLE_ENDIAN,
-};
-
-#endif
-
 /* Fake super-io ports for PREP platform (Intel 82378ZB) */
 typedef struct sysctrl_t {
 qemu_irq reset_irq;
@@ -648,11 +560,10 @@ static void ppc_prep_init(MachineState *machine)
 portio_list_init(_port_list, NULL, prep_portio_list, sysctrl, "prep");
 portio_list_add(_port_list, isa_address_space_io(isa), 0x0);
 
-/* PowerPC control and status register group */
-#if 0
-memory_region_init_io(xcsr, NULL, _XCSR_ops, NULL, "ppc-xcsr", 0x1000);
-memory_region_add_subregion(sysmem, 0xFEFF, xcsr);
-#endif
+/*
+ * PowerPC control and status register group: unimplemented,
+ * would be at address 0xFEFF.
+ */
 
 if (machine_usb(machine)) {
 pci_create_simple(pci_bus, -1, "pci-ohci");
-- 
2.17.1

[Qemu-devel] [PATCH 0/4] throttle: Race condition fixes and test cases

[Alberto Garcia]

Hi all,

here are the patches that I promised yesterday.

I was originally thinking to propose this for the v3.0 release, but
after debugging and fixing the problem I think that it's not
essential (details below).

The important patch is the second one. The first and the third are
just test cases and the last is an alternative solution for the bug
that Stefan fixed in 6fccbb475bc6effc313ee9481726a1748b6dae57.

There are details in the patches themselves, but here's an explanation
of the problem: consider a scenario with two drives A and B that are
part of the same throttle group. Both of them have throttled requests
and they're waiting for a timer that is set on drive A.

(timer here) -->  [A]  ---  req1, req2
  [B]  ---  req3

If we drain drive [A] (e.g. by disabling its I/O limits) then its
queue is restarted. req1 is processed immediately, and before
finishing it calls schedule_next_request(). This follows the
round-robin algorithm, selects req3 and puts a timer in [B].

But we're still not done with draining [A], and now we have a
BDRV_POLL_WHILE() loop at the end of bdrv_do_drained_begin() waiting
for req2 to finish. That won't happen until the timer in [B] fires and
req3 is done. If there are more drives in the group and more requests
in the queue this can take a while. That's why disabling a drive's I/O
limits can be noticeably slow: we disabled the I/O limits but they're
still being enforced in practice.

The QEMU I/O tests run in qtest mode (with QEMU_CLOCK_VIRTUAL). The
clock must be advanced manually, which means that the scenario that I
just described hangs QEMU because BDRV_POLL_WHILE() loops forever (you
can reproduce this with patch 3). In a real world scenario this only
results in the aforementioned slowdown (probably negligible in
practice), which is not a critical thing, and that's why I think it's
safe to keep the current code for QEMU 3.

I think that's all. Questions and commend are welcome.

Berto

Alberto Garcia (4):
  qemu-iotests: Test removing a throttle group member with a pending
timer
  throttle-groups: Skip the round-robin if a member is being drained
  qemu-iotests: Update 093 to improve the draining test
  throttle-groups: Don't allow timers without throttled requests

 block/throttle-groups.c| 41 +-
 tests/qemu-iotests/093 | 55 ++
 tests/qemu-iotests/093.out |  4 ++--
 3 files changed, 88 insertions(+), 12 deletions(-)

-- 
2.11.0

[Qemu-devel] [PATCH 2/4] nbd/server: Advertise actual minimum block size

[Eric Blake]

Both NBD_CMD_BLOCK_STATUS and structured NBD_CMD_READ will split
their reply according to bdrv_block_status() boundaries. If the
block device has a request_alignment smaller than 512, but we
advertise a block alignment of 512 to the client, then this can
result in the server reply violating client expectations by
reporting a smaller region of the export than what the client
is permitted to address.  Thus, it is imperative that we
advertise the actual minimum block limit, rather than blindly
rounding it up to 512 (bdrv_block_status() cannot return status
aligned any smaller than request_alignment).

Signed-off-by: Eric Blake 
---
 nbd/server.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index ea5fe0eb336..cd3c41f895b 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -608,10 +608,12 @@ static int nbd_negotiate_handle_info(NBDClient *client, 
uint16_t myflags,
 /* Send NBD_INFO_BLOCK_SIZE always, but tweak the minimum size
  * according to whether the client requested it, and according to
  * whether this is OPT_INFO or OPT_GO. */
-/* minimum - 1 for back-compat, or 512 if client is new enough.
- * TODO: consult blk_bs(blk)->bl.request_alignment? */
-sizes[0] =
-(client->opt == NBD_OPT_INFO || blocksize) ? BDRV_SECTOR_SIZE : 1;
+/* minimum - 1 for back-compat, or actual if client will obey it. */
+if (client->opt == NBD_OPT_INFO || blocksize) {
+sizes[0] = blk_get_request_alignment(exp->blk);
+} else {
+sizes[0] = 1;
+}
 /* preferred - Hard-code to 4096 for now.
  * TODO: is blk_bs(blk)->bl.opt_transfer appropriate? */
 sizes[1] = 4096;
-- 
2.14.4

[Qemu-devel] [PATCH 3/4] iotests: Add 228 to test NBD on unaligned images

[Eric Blake]

Add a test for the NBD server fix in the previous patch.  In
short, when serving a raw POSIX file that is not aligned to
sector boundaries, qemu must not split a structured read or
block status result any smaller than the block size that it
advertised to the client; since qemu as client rejects servers
that split up a block status.

Not tested yet, but worth adding to this test: an NBD server
that can advertise a non-sector-aligned size (such as nbdkit)
causes qemu as the NBD client to misbehave when it rounds the
size up and accesses beyond the advertised size. Qemu as NBD
server never advertises a non-sector-aligned size (since
bdrv_getlength() currently rounds up to sector boundaries);
until qemu can act as such a server, testing this flaw will
have to rely on external binaries.

Signed-off-by: Eric Blake 
---
 tests/qemu-iotests/228 | 96 ++
 tests/qemu-iotests/228.out |  8 
 tests/qemu-iotests/group   |  1 +
 3 files changed, 105 insertions(+)
 create mode 100755 tests/qemu-iotests/228
 create mode 100644 tests/qemu-iotests/228.out

diff --git a/tests/qemu-iotests/228 b/tests/qemu-iotests/228
new file mode 100755
index 000..390fe5f6512
--- /dev/null
+++ b/tests/qemu-iotests/228
@@ -0,0 +1,96 @@
+#!/bin/bash
+#
+# Test qemu-nbd vs. unaligned images
+#
+# Copyright (C) 2018 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+status=1 # failure is the default!
+
+nbd_unix_socket=$TEST_DIR/test_qemu_nbd_socket
+rm -f "${TEST_DIR}/qemu-nbd.pid"
+
+_cleanup_nbd()
+{
+local NBD_PID
+if [ -f "${TEST_DIR}/qemu-nbd.pid" ]; then
+read NBD_PID < "${TEST_DIR}/qemu-nbd.pid"
+rm -f "${TEST_DIR}/qemu-nbd.pid"
+if [ -n "$NBD_PID" ]; then
+kill "$NBD_PID"
+fi
+fi
+rm -f "$nbd_unix_socket"
+}
+
+_wait_for_nbd()
+{
+for ((i = 0; i < 300; i++))
+do
+if [ -r "$nbd_unix_socket" ]; then
+return
+fi
+sleep 0.1
+done
+echo "Failed in check of unix socket created by qemu-nbd"
+exit 1
+}
+
+_cleanup()
+{
+_cleanup_test_img
+_cleanup_nbd
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt raw
+_supported_proto nbd
+_supported_os Linux
+_require_command QEMU_NBD
+
+echo
+echo "=== Exporting unaligned raw image ==="
+echo
+
+# can't use _make_test_img, because qemu-img rounds image size up,
+# and because we want to use Unix socket rather than TCP port. Likewise,
+# we have to redirect TEST_IMG to our server.
+printf %01000d 0 > "$TEST_IMG_FILE"
+_cleanup_nbd
+$QEMU_NBD -f $IMGFMT -v -t -k "$nbd_unix_socket" -e 42 -x '' "$TEST_IMG_FILE" &
+_wait_for_nbd
+TEST_IMG="nbd:unix:$nbd_unix_socket"
+
+$QEMU_IMG map --output=json "$TEST_IMG" | _filter_qemu_img_map
+$QEMU_IO -c map "$TEST_IMG"
+
+# Not tested yet: we also want to ensure that qemu as NBD client does
+# not access beyond the end of a server's advertised unaligned size.
+# However, since qemu as server always rounds up to a sector alignment,
+# we would have to use nbdkit to provoke the current client failures.
+
+# success, all done
+echo '*** done'
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/228.out b/tests/qemu-iotests/228.out
new file mode 100644
index 000..057e3732f8c
--- /dev/null
+++ b/tests/qemu-iotests/228.out
@@ -0,0 +1,8 @@
+QA output created by 228
+
+=== Exporting unaligned raw image ===
+
+[{ "start": 0, "length": 1000, "depth": 0, "zero": false, "data": true},
+{ "start": 1000, "length": 24, "depth": 0, "zero": true, "data": true}]
+1 KiB (0x400) bytes allocated at offset 0 bytes (0x0)
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index b973dc842d9..5bfe2e246d5 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -225,3 +225,4 @@
 225 rw auto quick
 226 auto quick
 227 auto quick
+228 rw auto quick
-- 
2.14.4

[Qemu-devel] [PATCH 4/4] throttle-groups: Don't allow timers without throttled requests

[Alberto Garcia]

Commit 6fccbb475bc6effc313ee9481726a1748b6dae57 fixed a bug caused by
QEMU attempting to remove a throttle group member with no pending
requests but an active timer set. This was the result of a previous
bdrv_drained_begin() call processing the throttled requests but
leaving the timer untouched.

Although the commit does solve the problem, the situation shouldn't
happen in the first place. If we try to drain a throttle group member
which has a timer set, we should cancel the timer instead of ignoring
it.

Signed-off-by: Alberto Garcia 
---
 block/throttle-groups.c | 32 ++--
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/block/throttle-groups.c b/block/throttle-groups.c
index d46c56b31e..5d8213a443 100644
--- a/block/throttle-groups.c
+++ b/block/throttle-groups.c
@@ -36,6 +36,7 @@
 
 static void throttle_group_obj_init(Object *obj);
 static void throttle_group_obj_complete(UserCreatable *obj, Error **errp);
+static void timer_cb(ThrottleGroupMember *tgm, bool is_write);
 
 /* The ThrottleGroup structure (with its ThrottleState) is shared
  * among different ThrottleGroupMembers and it's independent from
@@ -424,15 +425,31 @@ static void 
throttle_group_restart_queue(ThrottleGroupMember *tgm, bool is_write
 rd->tgm = tgm;
 rd->is_write = is_write;
 
+/* This function is called when a timer is fired or when
+ * throttle_group_restart_tgm() is called. Either way, there can
+ * be no timer pending on this tgm at this point */
+assert(!timer_pending(tgm->throttle_timers.timers[is_write]));
+
 co = qemu_coroutine_create(throttle_group_restart_queue_entry, rd);
 aio_co_enter(tgm->aio_context, co);
 }
 
 void throttle_group_restart_tgm(ThrottleGroupMember *tgm)
 {
+int i;
+
 if (tgm->throttle_state) {
-throttle_group_restart_queue(tgm, 0);
-throttle_group_restart_queue(tgm, 1);
+for (i = 0; i < 2; i++) {
+QEMUTimer *t = tgm->throttle_timers.timers[i];
+if (timer_pending(t)) {
+/* If there's a pending timer on this tgm, fire it now */
+timer_del(t);
+timer_cb(tgm, i);
+} else {
+/* Else run the next request from the queue manually */
+throttle_group_restart_queue(tgm, i);
+}
+}
 }
 }
 
@@ -567,16 +584,11 @@ void throttle_group_unregister_tgm(ThrottleGroupMember 
*tgm)
 return;
 }
 
-assert(tgm->pending_reqs[0] == 0 && tgm->pending_reqs[1] == 0);
-assert(qemu_co_queue_empty(>throttled_reqs[0]));
-assert(qemu_co_queue_empty(>throttled_reqs[1]));
-
 qemu_mutex_lock(>lock);
 for (i = 0; i < 2; i++) {
-if (timer_pending(tgm->throttle_timers.timers[i])) {
-tg->any_timer_armed[i] = false;
-schedule_next_request(tgm, i);
-}
+assert(tgm->pending_reqs[i] == 0);
+assert(qemu_co_queue_empty(>throttled_reqs[i]));
+assert(!timer_pending(tgm->throttle_timers.timers[i]));
 if (tg->tokens[i] == tgm) {
 token = throttle_group_next_tgm(tgm);
 /* Take care of the case where this is the last tgm in the group */
-- 
2.11.0

[Qemu-devel] [PATCH 0/4 for-3.0?] NBD fixes for unaligned images

[Eric Blake]

Rich reported a bug when using qemu as client to nbdkit serving
a non-sector-aligned image; in turn, I found a second bug with
qemu as server of such an image.

Both bugs were present in 2.12, and thus are not new regressions
in 3.0. If there is a reason to spin -rc4, then these could be
included; but this series alone is not a driving reason to cause
-rc4.

Eric Blake (4):
  block: Add bdrv_get_request_alignment()
  nbd/server: Advertise actual minimum block size
  iotests: Add 228 to test NBD on unaligned images
  nbd/client: Deal with unaligned size from server

 include/sysemu/block-backend.h |  1 +
 block/block-backend.c  |  7 +++
 block/nbd.c| 11 -
 nbd/server.c   | 10 +++--
 tests/qemu-iotests/228 | 96 ++
 tests/qemu-iotests/228.out |  8 
 tests/qemu-iotests/group   |  1 +
 7 files changed, 129 insertions(+), 5 deletions(-)
 create mode 100755 tests/qemu-iotests/228
 create mode 100644 tests/qemu-iotests/228.out

-- 
2.14.4

[Qemu-devel] [PATCH 1/4] block: Add bdrv_get_request_alignment()

[Eric Blake]

The next patch needs access to a device's minimum permitted
alignment, since NBD wants to advertise this to clients. Add
an accessor function, borrowing from blk_get_max_transfer()
for accessing a backend's block limits.

Signed-off-by: Eric Blake 
---
 include/sysemu/block-backend.h | 1 +
 block/block-backend.c  | 7 +++
 2 files changed, 8 insertions(+)

diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 830d873f24f..20f8bbbce37 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -176,6 +176,7 @@ bool blk_is_available(BlockBackend *blk);
 void blk_lock_medium(BlockBackend *blk, bool locked);
 void blk_eject(BlockBackend *blk, bool eject_flag);
 int blk_get_flags(BlockBackend *blk);
+uint32_t blk_get_request_alignment(BlockBackend *blk);
 uint32_t blk_get_max_transfer(BlockBackend *blk);
 int blk_get_max_iov(BlockBackend *blk);
 void blk_set_guest_block_size(BlockBackend *blk, int align);
diff --git a/block/block-backend.c b/block/block-backend.c
index f2f75a977d7..fb8c827d117 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -1798,6 +1798,13 @@ int blk_get_flags(BlockBackend *blk)
 }
 }

+/* Returns the minimum request alignment, in bytes; guaranteed nonzero */
+uint32_t blk_get_request_alignment(BlockBackend *blk)
+{
+BlockDriverState *bs = blk_bs(blk);
+return bs ? bs->bl.request_alignment : BDRV_SECTOR_SIZE;
+}
+
 /* Returns the maximum transfer length, in bytes; guaranteed nonzero */
 uint32_t blk_get_max_transfer(BlockBackend *blk)
 {
-- 
2.14.4

[Qemu-devel] [PATCH 4/4] nbd/client: Deal with unaligned size from server

[Eric Blake]

When a server advertises an unaligned size but no block sizes,
the code was rounding up to a sector-aligned size (a known
limitation of bdrv_getlength()), then assuming a request_alignment
of 512 (the recommendation of the NBD spec for maximum portability).
However, this means that qemu will actually attempt to access the
padding bytes of the trailing partial sector.

An easy demonstration, using nbdkit as the server:
$ nbdkit -fv random size=1023
$ qemu-io -r -f raw -c 'r -v 0 1023' nbd://localhost:10809
read failed: Invalid argument

because the client rounded the request up to 1024 bytes, which
nbdkit then rejected as beyond the advertised size of 1023.

Note that qemu as the server refuses to send an unaligned size, as
it has already rounded the unaligned image up to sector size, and
then happily resizes the image on access (at least when serving a
POSIX file over NBD).

Reported-by: Richard W.M. Jones 
Signed-off-by: Eric Blake 
---
 block/nbd.c | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/block/nbd.c b/block/nbd.c
index e87699fb73b..a3e6889c57f 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -473,7 +473,16 @@ static void nbd_refresh_limits(BlockDriverState *bs, Error 
**errp)
 uint32_t min = s->info.min_block;
 uint32_t max = MIN_NON_ZERO(NBD_MAX_BUFFER_SIZE, s->info.max_block);

-bs->bl.request_alignment = min ? min : BDRV_SECTOR_SIZE;
+/*
+ * If the server did not advertise an alignment, then pick the
+ * largest power of 2 that evenly divides the advertised size, but
+ * does not exceed a sector.
+ */
+if (!min) {
+min = 1 << ctz32(BDRV_SECTOR_SIZE | s->info.size);
+}
+
+bs->bl.request_alignment = min;
 bs->bl.max_pdiscard = max;
 bs->bl.max_pwrite_zeroes = max;
 bs->bl.max_transfer = max;
-- 
2.14.4

[Qemu-devel] [PATCH v6 77/77] linux-user: Add nanoMIPS support in scripts/qemu-binfmt-conf.sh

[Stefan Markovic]

From: Aleksandar Rikalo 

Add support for nanomips[eb] variant in scripts/qemu-binfmt-conf.sh.

Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 scripts/qemu-binfmt-conf.sh | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
index b0dc8a7..ecde0c2 100755
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -2,7 +2,7 @@
 # Enable automatic program execution by the kernel.
 
 qemu_target_list="i386 i486 alpha arm armeb sparc32plus ppc ppc64 ppc64le m68k 
\
-mips mipsel mipsn32 mipsn32el mips64 mips64el \
+mips mipsel mipsn32 mipsn32el mips64 mips64el nanomips nanomipseb \
 sh4 sh4eb s390x aarch64 aarch64_be hppa riscv32 riscv64 xtensa xtensaeb \
 microblaze microblazeel or1k"
 
@@ -76,6 +76,14 @@ 
mips64el_magic='\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\
 
mips64el_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
 mips64el_family=mips
 
+nanomips_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf9\x00'
+nanomips_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'
+nanomips_family=mips
+
+nanomipseb_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf9'
+nanomipseb_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'
+nanomipseb_family=mips
+
 
sh4_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00'
 
sh4_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
 sh4_family=sh4
@@ -134,7 +142,7 @@ qemu_get_family() {
 amd64|i386|i486|i586|i686|i86pc|BePC|x86_64)
 echo "i386"
 ;;
-mips*)
+mips*|nanomips*)
 echo "mips"
 ;;
 "Power Macintosh"|ppc64|powerpc|ppc)
-- 
1.9.1

Re: [Qemu-devel] [PATCH v6 4/4] spapr: increase the size of the IRQ number space

[Greg Kurz]

On Mon, 30 Jul 2018 16:11:34 +0200
Cédric Le Goater  wrote:

> The new layout using static IRQ number does not leave much space to
> the dynamic MSI range, only 0x100 IRQ numbers. Increase the total
> number of IRQS for newer machines and introduce a legacy XICS backend
> for pre-3.1 machines to maintain compatibility.
> 
> Signed-off-by: Cédric Le Goater 
> ---
>  include/hw/ppc/spapr_irq.h |  1 +
>  hw/ppc/spapr.c |  1 +
>  hw/ppc/spapr_irq.c | 12 +++-
>  3 files changed, 13 insertions(+), 1 deletion(-)
> 
> diff --git a/include/hw/ppc/spapr_irq.h b/include/hw/ppc/spapr_irq.h
> index 0e98c4474bb2..626160ba475e 100644
> --- a/include/hw/ppc/spapr_irq.h
> +++ b/include/hw/ppc/spapr_irq.h
> @@ -40,6 +40,7 @@ typedef struct sPAPRIrq {
>  } sPAPRIrq;
>  
>  extern sPAPRIrq spapr_irq_xics;
> +extern sPAPRIrq spapr_irq_xics_legacy;
>  
>  int spapr_irq_claim(sPAPRMachineState *spapr, int irq, bool lsi, Error 
> **errp);
>  void spapr_irq_free(sPAPRMachineState *spapr, int irq, int num);
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index d9f8cca49208..5ae62b0682d2 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -3947,6 +3947,7 @@ static void 
> spapr_machine_3_0_class_options(MachineClass *mc)
>  SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_3_0);
>  
>  smc->legacy_irq_allocation = true;
> +smc->irq = _irq_xics_legacy;
>  }
>  
>  DEFINE_SPAPR_MACHINE(3_0, "3.0", false);
> diff --git a/hw/ppc/spapr_irq.c b/hw/ppc/spapr_irq.c
> index 0cbb5dd39368..620c49b38455 100644
> --- a/hw/ppc/spapr_irq.c
> +++ b/hw/ppc/spapr_irq.c
> @@ -196,7 +196,7 @@ static void spapr_irq_print_info_xics(sPAPRMachineState 
> *spapr, Monitor *mon)
>  }
>  
>  sPAPRIrq spapr_irq_xics = {
> -.nr_irqs = XICS_IRQS_SPAPR,
> +.nr_irqs = 0x1000,

IMHO using XICS_IRQS_SPAPR as the total number of MSIs for the whole
machine was bogus, since the DT also advertises this same number of
available MSIs per PHB:

*** hw/ppc/spapr_pci.c:
spapr_populate_pci_dt[2126]

_FDT(fdt_setprop_cell(fdt, bus_off, "ibm,pe-total-#msi", XICS_IRQS_SPAPR));

Even if you bump the limit from 1024 to 4096, we still have a discrepancy
between what we tell the guest and what the machine can actually do.

I'm wondering if we should take into account the number of possible
PHBs when initializing the bitmap allocator, ie, .nr_irqs should
rather be SPAPR_MAX_PHBS * XICS_IRQS_SPAPR ?

>  
>  .init= spapr_irq_init_xics,
>  .claim   = spapr_irq_claim_xics,
> @@ -284,3 +284,13 @@ int spapr_irq_find(sPAPRMachineState *spapr, int num, 
> bool align, Error **errp)
>  
>  return first + ics->offset;
>  }
> +
> +sPAPRIrq spapr_irq_xics_legacy = {
> +.nr_irqs = XICS_IRQS_SPAPR,
> +
> +.init= spapr_irq_init_xics,
> +.claim   = spapr_irq_claim_xics,
> +.free= spapr_irq_free_xics,
> +.qirq= spapr_qirq_xics,
> +.print_info  = spapr_irq_print_info_xics,
> +};

[Qemu-devel] [PATCH v6 75/77] linux-user: Add support for statx() syscall for all platforms

[Stefan Markovic]

From: Aleksandar Rikalo 

Implement support for syscall statx(). The implementation is based on
invoking other (more mature) syscalls (from the same 'stat' family)
on the host side. This way, problems of availability of statx() on the
host are avoided.

Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/syscall.c  | 100 +-
 linux-user/syscall_defs.h |  38 ++
 2 files changed, 137 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index bced9b8..8be3d45 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8002,7 +8002,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 abi_long ret;
 #if defined(TARGET_NR_stat) || defined(TARGET_NR_stat64) \
 || defined(TARGET_NR_lstat) || defined(TARGET_NR_lstat64) \
-|| defined(TARGET_NR_fstat) || defined(TARGET_NR_fstat64)
+|| defined(TARGET_NR_fstat) || defined(TARGET_NR_fstat64) \
+|| defined(TARGET_NR_statx)
 struct stat st;
 #endif
 #if defined(TARGET_NR_statfs) || defined(TARGET_NR_statfs64) \
@@ -10025,6 +10026,103 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 }
 break;
 #endif
+#if defined(TARGET_NR_statx)
+case TARGET_NR_statx:
+{
+#if defined(__NR_statx)
+/* We assume that struct statx is arhitecture independed */
+struct target_statx host_stx;
+int mask = tswap32(arg4);
+#endif
+struct target_statx *target_stx;
+int dirfd = tswap32(arg1);
+int flags = tswap32(arg3);
+
+p = lock_user_string(arg2);
+if (p == NULL) {
+goto efault;
+}
+#if defined(__NR_statx)
+ret = get_errno(syscall(__NR_statx, dirfd, p, flags, mask,
+_stx));
+if (!is_error(ret)) {
+unlock_user(p, arg2, 0);
+if (!lock_user_struct(VERIFY_WRITE, target_stx, arg5, 0)) {
+goto efault;
+}
+memset(target_stx, 0, sizeof(*target_stx));
+__put_user(host_stx.stx_dev_major, _stx->stx_dev_major);
+__put_user(host_stx.stx_dev_minor, _stx->stx_dev_minor);
+__put_user(host_stx.stx_ino, _stx->stx_ino);
+__put_user(host_stx.stx_mode, _stx->stx_mode);
+__put_user(host_stx.stx_uid, _stx->stx_uid);
+__put_user(host_stx.stx_gid, _stx->stx_gid);
+__put_user(host_stx.stx_nlink, _stx->stx_nlink);
+__put_user(host_stx.stx_rdev_major,
+   _stx->stx_rdev_major);
+__put_user(host_stx.stx_rdev_minor,
+   _stx->stx_rdev_minor);
+__put_user(host_stx.stx_size, _stx->stx_size);
+__put_user(host_stx.stx_blksize, _stx->stx_blksize);
+__put_user(host_stx.stx_blocks, _stx->stx_blocks);
+__put_user(host_stx.stx_atime.tv_sec,
+   _stx->stx_atime.tv_sec);
+__put_user(host_stx.stx_mtime.tv_sec,
+   _stx->stx_mtime.tv_sec);
+__put_user(host_stx.stx_ctime.tv_sec,
+   _stx->stx_ctime.tv_sec);
+unlock_user_struct(target_stx, arg5, 1);
+}
+
+if (ret != TARGET_ENOSYS) {
+break;
+}
+#endif
+if ((p == NULL) || (*((char *)p) == 0)) {
+/* By file descriptor */
+ret = get_errno(fstat(dirfd, ));
+unlock_user(p, arg2, 0);
+} else if (*((char *)p) == '/') {
+/* An absolute pathname */
+ret = get_errno(stat(path(p), ));
+unlock_user(p, arg2, 0);
+} else {
+if (dirfd == AT_FDCWD) {
+/* A relative pathname */
+ret = get_errno(stat(path(p), ));
+unlock_user(p, arg2, 0);
+} else {
+/* A directory-relative pathname */
+ret = get_errno(fstatat(dirfd, path(p), , flags));
+unlock_user(p, arg2, 0);
+}
+}
+
+if (!is_error(ret)) {
+if (!lock_user_struct(VERIFY_WRITE, target_stx, arg5, 0)) {
+goto efault;
+}
+memset(target_stx, 0, sizeof(*target_stx));
+__put_user(major(st.st_dev), _stx->stx_dev_major);
+__put_user(minor(st.st_dev), _stx->stx_dev_minor);
+__put_user(st.st_ino, _stx->stx_ino);
+__put_user(st.st_mode, _stx->stx_mode);
+__put_user(st.st_uid, _stx->stx_uid);
+__put_user(st.st_gid, _stx->stx_gid);
+__put_user(st.st_nlink, _stx->stx_nlink);
+   

[Qemu-devel] [PATCH 0/3] hw/ppc: Convert various devices away from old_mmio

[Peter Maydell]

This patchset removes various uses of old_mmio from minor PPC
devices:
 * hw/ppc/prep had an entirely ifdeffed-out stub of an XCSR device,
   which we remove
 * hw/ppc/ppc_boards had ref405ep_fpga
 * hw/ppc/ppc405_uc had three minor devices

As you can see from the diffstat, the new API provides much
cleaner ways to handle the various different access sizes.

This knocks another five old_mmio uses out of the codebase,
leaving us with just five to go.

NB: Tested only with 'make check'.

thanks
-- PMM

Peter Maydell (3):
  hw/ppc/prep: Remove ifdeffed-out stub of XCSR code
  hw/ppc/ppc_boards: Don't use old_mmio for ref405ep_fpga
  hw/ppc/ppc405_uc: Convert away from old_mmio

 hw/ppc/ppc405_boards.c |  60 +++---
 hw/ppc/ppc405_uc.c | 173 ++---
 hw/ppc/prep.c  |  97 +--
 3 files changed, 39 insertions(+), 291 deletions(-)

-- 
2.17.1

[Qemu-devel] [PATCH v6 76/77] linux-user: Add nanoMIPS linux user mode configuration support

[Stefan Markovic]

From: Stefan Markovic 

Add new linux user mode configuration for nanoMIPS.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 configure   | 13 -
 default-configs/nanomips-linux-user.mak |  1 +
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 default-configs/nanomips-linux-user.mak

diff --git a/configure b/configure
index 2a7796e..86c8b28 100755
--- a/configure
+++ b/configure
@@ -742,6 +742,9 @@ case "$cpu" in
 supported_cpu="yes"
 cross_cc_mips=$host_cc
   ;;
+  nanomips*)
+cpu="mips"
+  ;;
   sparc|sun4[cdmuv])
 cpu="sparc"
 supported_cpu="yes"
@@ -6883,7 +6886,7 @@ target_name=$(echo $target | cut -d '-' -f 1)
 target_bigendian="no"
 
 case "$target_name" in
-  
armeb|aarch64_be|hppa|lm32|m68k|microblaze|mips|mipsn32|mips64|moxie|or1k|ppc|ppcemb|ppc64|ppc64abi32|s390x|sh4eb|sparc|sparc64|sparc32plus|xtensaeb)
+  
armeb|aarch64_be|hppa|lm32|m68k|microblaze|mips|mipsn32|mips64|moxie|nanomipseb|or1k|ppc|ppcemb|ppc64|ppc64abi32|s390x|sh4eb|sparc|sparc64|sparc32plus|xtensaeb)
   target_bigendian=yes
   ;;
 esac
@@ -6999,6 +7002,11 @@ case "$target_name" in
   moxie)
 target_compiler=$cross_cc_moxie
   ;;
+  nanomips|nanomipseb)
+TARGET_ARCH=nanomips
+TARGET_BASE_ARCH=mips
+echo "TARGET_ABI_MIPSP32=y" >> $config_target_mak
+  ;;
   nios2)
 target_compiler=$cross_cc_nios2
   ;;
@@ -7256,6 +7264,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
   moxie*)
 disas_config "MOXIE"
   ;;
+  nanomips*)
+disas_config "MIPS"
+  ;;
   nios2)
 disas_config "NIOS2"
   ;;
diff --git a/default-configs/nanomips-linux-user.mak 
b/default-configs/nanomips-linux-user.mak
new file mode 100644
index 000..68fc1f7
--- /dev/null
+++ b/default-configs/nanomips-linux-user.mak
@@ -0,0 +1 @@
+# Default configuration for nanomips-linux-user
-- 
1.9.1

[Qemu-devel] [PATCH v6 73/77] linux-user: Add cpu_loop.c for nanoMIPS

[Stefan Markovic]

From: Dimitrije Nikolic 

Amend regular MIPS' cpu_loop.c to include nanoMIPS support.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/mips/cpu_loop.c | 8 +++-
 linux-user/nanomips/cpu_loop.c | 1 +
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 linux-user/nanomips/cpu_loop.c

diff --git a/linux-user/mips/cpu_loop.c b/linux-user/mips/cpu_loop.c
index c9c20cf..ada5a79 100644
--- a/linux-user/mips/cpu_loop.c
+++ b/linux-user/mips/cpu_loop.c
@@ -546,7 +546,7 @@ void cpu_loop(CPUMIPSState *env)
  arg5, arg6, arg7, arg8);
 }
 done_syscall:
-# else
+# else /* N32/N64 and P32 */
 ret = do_syscall(env, env->active_tc.gpr[2],
  env->active_tc.gpr[4], env->active_tc.gpr[5],
  env->active_tc.gpr[6], env->active_tc.gpr[7],
@@ -562,6 +562,7 @@ done_syscall:
Avoid clobbering register state.  */
 break;
 }
+#if !defined(TARGET_ABI_MIPSP32)
 if ((abi_ulong)ret >= (abi_ulong)-1133) {
 env->active_tc.gpr[7] = 1; /* error flag */
 ret = -ret;
@@ -569,6 +570,9 @@ done_syscall:
 env->active_tc.gpr[7] = 0; /* error flag */
 }
 env->active_tc.gpr[2] = ret;
+#else
+env->active_tc.gpr[4] = ret;
+#endif
 break;
 case EXCP_TLBL:
 case EXCP_TLBS:
@@ -714,6 +718,8 @@ done_syscall:
 } else {
 code = ((trap_instr >> 6) & ((1 << 10) - 1));
 }
+} else if (env->insn_flags & ISA_NANOMIPS32) {
+code = ((trap_instr >> 11) & ((1 << 5) - 1));
 }
 
 if (do_break(env, , code) != 0) {
diff --git a/linux-user/nanomips/cpu_loop.c b/linux-user/nanomips/cpu_loop.c
new file mode 100644
index 000..da4949a
--- /dev/null
+++ b/linux-user/nanomips/cpu_loop.c
@@ -0,0 +1 @@
+#include "../mips/cpu_loop.c"
-- 
1.9.1

[Qemu-devel] [PATCH v6 72/77] linux-user: Add support for nanoMIPS signal trampoline

[Stefan Markovic]

From: Aleksandar Rikalo 

Add signal trampoline support for nanoMIPS.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/mips/signal.c | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/linux-user/mips/signal.c b/linux-user/mips/signal.c
index ab66429..c6f5504 100644
--- a/linux-user/mips/signal.c
+++ b/linux-user/mips/signal.c
@@ -101,6 +101,17 @@ static inline int install_sigtramp(unsigned int *tramp,   
unsigned int syscall)
 {
 int err = 0;
 
+#if defined(TARGET_ABI_MIPSP32)
+uint16_t *tramp16 = (uint16_t *)tramp;
+/*
+ * li  $2, __NR__foo_sigreturn
+ * syscall 0
+ */
+ __put_user(0x6040 , tramp16 + 0);
+ __put_user(syscall, tramp16 + 1);
+ __put_user(0  , tramp16 + 2);
+ __put_user(0x1008 , tramp16 + 3);
+#else
 /*
  * Set up the return code ...
  *
@@ -110,7 +121,7 @@ static inline int install_sigtramp(unsigned int *tramp,   
unsigned int syscall)
 
 __put_user(0x2402 + syscall, tramp + 0);
 __put_user(0x000c  , tramp + 1);
-
+#endif
 return err;
 }
 
-- 
1.9.1

[Qemu-devel] [PATCH 3/3] hw/ppc/ppc405_uc: Convert away from old_mmio

[Peter Maydell]

Convert the devices in ppc405_uc away from using the old_mmio
MemoryRegion accessors:

 * opba's 32-bit and 16-bit accessors were just calling the
   8-bit accessors and assembling a big-endian order number,
   which we can do by setting the .impl.max_access_size to 1
   and the endianness to DEVICE_BIG_ENDIAN, and letting the
   core memory code do the assembly
 * ppc405_gpio's accessors were all just stubs
 * ppc4xx_gpt's 8-bit and 16-bit accessors were treating the
   access as invalid, which we can do by setting the
   .valid.min_access_size and .valid.max_access_size fields

Signed-off-by: Peter Maydell 
---
 hw/ppc/ppc405_uc.c | 173 +++--
 1 file changed, 25 insertions(+), 148 deletions(-)

diff --git a/hw/ppc/ppc405_uc.c b/hw/ppc/ppc405_uc.c
index 4bd9fbcc1ef..5c58415cf1f 100644
--- a/hw/ppc/ppc405_uc.c
+++ b/hw/ppc/ppc405_uc.c
@@ -283,7 +283,7 @@ struct ppc4xx_opba_t {
 uint8_t pr;
 };
 
-static uint32_t opba_readb (void *opaque, hwaddr addr)
+static uint64_t opba_readb(void *opaque, hwaddr addr, unsigned size)
 {
 ppc4xx_opba_t *opba;
 uint32_t ret;
@@ -307,8 +307,8 @@ static uint32_t opba_readb (void *opaque, hwaddr addr)
 return ret;
 }
 
-static void opba_writeb (void *opaque,
- hwaddr addr, uint32_t value)
+static void opba_writeb(void *opaque, hwaddr addr, uint64_t value,
+unsigned size)
 {
 ppc4xx_opba_t *opba;
 
@@ -328,61 +328,14 @@ static void opba_writeb (void *opaque,
 break;
 }
 }
-
-static uint32_t opba_readw (void *opaque, hwaddr addr)
-{
-uint32_t ret;
-
-#ifdef DEBUG_OPBA
-printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
-ret = opba_readb(opaque, addr) << 8;
-ret |= opba_readb(opaque, addr + 1);
-
-return ret;
-}
-
-static void opba_writew (void *opaque,
- hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_OPBA
-printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
-   value);
-#endif
-opba_writeb(opaque, addr, value >> 8);
-opba_writeb(opaque, addr + 1, value);
-}
-
-static uint32_t opba_readl (void *opaque, hwaddr addr)
-{
-uint32_t ret;
-
-#ifdef DEBUG_OPBA
-printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
-ret = opba_readb(opaque, addr) << 24;
-ret |= opba_readb(opaque, addr + 1) << 16;
-
-return ret;
-}
-
-static void opba_writel (void *opaque,
- hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_OPBA
-printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
-   value);
-#endif
-opba_writeb(opaque, addr, value >> 24);
-opba_writeb(opaque, addr + 1, value >> 16);
-}
-
 static const MemoryRegionOps opba_ops = {
-.old_mmio = {
-.read = { opba_readb, opba_readw, opba_readl, },
-.write = { opba_writeb, opba_writew, opba_writel, },
-},
-.endianness = DEVICE_NATIVE_ENDIAN,
+.read = opba_readb,
+.write = opba_writeb,
+.impl.min_access_size = 1,
+.impl.max_access_size = 1,
+.valid.min_access_size = 1,
+.valid.max_access_size = 4,
+.endianness = DEVICE_BIG_ENDIAN,
 };
 
 static void ppc4xx_opba_reset (void *opaque)
@@ -750,65 +703,27 @@ struct ppc405_gpio_t {
 uint32_t isr1l;
 };
 
-static uint32_t ppc405_gpio_readb (void *opaque, hwaddr addr)
+static uint64_t ppc405_gpio_read(void *opaque, hwaddr addr, unsigned size)
 {
 #ifdef DEBUG_GPIO
-printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
+printf("%s: addr " TARGET_FMT_plx " size %d\n", __func__, addr, size);
 #endif
 
 return 0;
 }
 
-static void ppc405_gpio_writeb (void *opaque,
-hwaddr addr, uint32_t value)
+static void ppc405_gpio_write(void *opaque, hwaddr addr, uint64_t value,
+  unsigned size)
 {
 #ifdef DEBUG_GPIO
-printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
-   value);
-#endif
-}
-
-static uint32_t ppc405_gpio_readw (void *opaque, hwaddr addr)
-{
-#ifdef DEBUG_GPIO
-printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
-
-return 0;
-}
-
-static void ppc405_gpio_writew (void *opaque,
-hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_GPIO
-printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
-   value);
-#endif
-}
-
-static uint32_t ppc405_gpio_readl (void *opaque, hwaddr addr)
-{
-#ifdef DEBUG_GPIO
-printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
-#endif
-
-return 0;
-}
-
-static void ppc405_gpio_writel (void *opaque,
-hwaddr addr, uint32_t value)
-{
-#ifdef DEBUG_GPIO
-printf("%s: addr " TARGET_FMT_plx " val %08" PRIx32 "\n", __func__, addr,
-   value);
+printf("%s: addr " TARGET_FMT_plx " size %d val %08" PRIx32 "\n",
+   __func__, addr, size, value);
 #endif
 }
 
 static const MemoryRegionOps 

[Qemu-devel] [PATCH v6 74/77] linux-user: Amend support for sigaction() syscall for nanoMIPS

[Stefan Markovic]

From: Aleksandar Rikalo 

Amend sigaction syscall support for nanoMIPS. This must be done
since nanoMIPS' signal handling is different than MIPS' signal
handling.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/syscall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 3d57966..bced9b8 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8825,7 +8825,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 old_act->sa_flags = oact.sa_flags;
 unlock_user_struct(old_act, arg3, 1);
 }
-#elif defined(TARGET_MIPS)
+#elif defined(TARGET_MIPS) && !defined(TARGET_NANOMIPS)
struct target_sigaction act, oact, *pact, *old_act;
 
if (arg2) {
-- 
1.9.1

[Qemu-devel] [PATCH v6 67/77] linux-user: Add target_syscall.h header for nanoMIPS

[Stefan Markovic]

From: Aleksandar Rikalo 

Add target_syscall.h header for nanoMIPS.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/nanomips/target_syscall.h | 30 ++
 1 file changed, 30 insertions(+)
 create mode 100644 linux-user/nanomips/target_syscall.h

diff --git a/linux-user/nanomips/target_syscall.h 
b/linux-user/nanomips/target_syscall.h
new file mode 100644
index 000..b40e36b
--- /dev/null
+++ b/linux-user/nanomips/target_syscall.h
@@ -0,0 +1,30 @@
+/* this struct defines the way the registers are stored on the
+   stack during a system call. */
+
+struct target_pt_regs {
+/* Pad bytes for argument save space on the stack. */
+abi_ulong pad0[6];
+
+/* Saved main processor registers. */
+abi_ulong regs[32];
+
+/* Saved special registers. */
+abi_ulong cp0_status;
+abi_ulong lo;
+abi_ulong hi;
+abi_ulong cp0_badvaddr;
+abi_ulong cp0_cause;
+abi_ulong cp0_epc;
+};
+
+/* Nasty hack: define a fake errno value for use by sigreturn.  */
+#undef TARGET_QEMU_ESIGRETURN
+#define TARGET_QEMU_ESIGRETURN 255
+
+#define UNAME_MACHINE "nanomips"
+#define UNAME_MINIMUM_RELEASE "2.6.32"
+
+#define TARGET_CLONE_BACKWARDS
+#define TARGET_MINSIGSTKSZ 6144
+#define TARGET_MLOCKALL_MCL_CURRENT 1
+#define TARGET_MLOCKALL_MCL_FUTURE  2
-- 
1.9.1

[Qemu-devel] [PATCH v6 69/77] linux-user: Add target_structs.h header for nanoMIPS

[Stefan Markovic]

From: Dimitrije Nikolic 

Add target_structs.h header for nanoMIPS, that in fact only redirects
to the corresponding MIPS header.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/nanomips/target_structs.h | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 linux-user/nanomips/target_structs.h

diff --git a/linux-user/nanomips/target_structs.h 
b/linux-user/nanomips/target_structs.h
new file mode 100644
index 000..cc6c6ea
--- /dev/null
+++ b/linux-user/nanomips/target_structs.h
@@ -0,0 +1 @@
+#include "../mips/target_structs.h"
-- 
1.9.1

[Qemu-devel] [PATCH v6 70/77] linux-user: Add target_elf.h header for nanoMIPS

[Stefan Markovic]

From: Dimitrije Nikolic 

This header includes common elf header, and adds cpu_get_model()
function.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/nanomips/target_elf.h | 14 ++
 1 file changed, 14 insertions(+)
 create mode 100644 linux-user/nanomips/target_elf.h

diff --git a/linux-user/nanomips/target_elf.h b/linux-user/nanomips/target_elf.h
new file mode 100644
index 000..ca68dab
--- /dev/null
+++ b/linux-user/nanomips/target_elf.h
@@ -0,0 +1,14 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or (at your option) any
+ * later version. See the COPYING file in the top-level directory.
+ */
+
+#ifndef NANOMIPS_TARGET_ELF_H
+#define NANOMIPS_TARGET_ELF_H
+static inline const char *cpu_get_model(uint32_t eflags)
+{
+return "I7200";
+}
+#endif
-- 
1.9.1

[Qemu-devel] [PATCH v6 71/77] linux-user: Add signal.c for nanoMIPS

[Stefan Markovic]

From: Dimitrije Nikolic 

Add signal.c as a redirection to regular mips' signal.c, but at the
same time amend regular mips' signal.c with bits and pieces specific
for nanoMIPS. This was done this way to avoid duplication of large
pieces of code.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/mips/signal.c | 25 -
 linux-user/nanomips/signal.c |  1 +
 2 files changed, 21 insertions(+), 5 deletions(-)
 create mode 100644 linux-user/nanomips/signal.c

diff --git a/linux-user/mips/signal.c b/linux-user/mips/signal.c
index 6aa303e..ab66429 100644
--- a/linux-user/mips/signal.c
+++ b/linux-user/mips/signal.c
@@ -21,7 +21,15 @@
 #include "signal-common.h"
 #include "linux-user/trace.h"
 
-# if defined(TARGET_ABI_MIPSO32)
+#if defined(TARGET_ABI_MIPSP32)
+struct target_sigcontext {
+uint64_t sc_regs[32];
+uint64_t sc_pc;
+uint32_t sc_used_math;
+uint32_t sc_reserved;
+};
+#define TARGET_ALMASK  (~15)
+#elif defined(TARGET_ABI_MIPSO32)
 struct target_sigcontext {
 uint32_t   sc_regmask; /* Unused */
 uint32_t   sc_status;
@@ -43,6 +51,7 @@ struct target_sigcontext {
 target_ulong   sc_hi3;
 target_ulong   sc_lo3;
 };
+#define TARGET_ALMASK  (~7)
 # else /* N32 || N64 */
 struct target_sigcontext {
 uint64_t sc_regs[32];
@@ -61,6 +70,7 @@ struct target_sigcontext {
 uint32_t sc_dsp;
 uint32_t sc_reserved;
 };
+#define TARGET_ALMASK  (~15)
 # endif /* O32 */
 
 struct sigframe {
@@ -100,6 +110,7 @@ static inline int install_sigtramp(unsigned int *tramp,   
unsigned int syscall)
 
 __put_user(0x2402 + syscall, tramp + 0);
 __put_user(0x000c  , tramp + 1);
+
 return err;
 }
 
@@ -116,6 +127,7 @@ static inline void setup_sigcontext(CPUMIPSState *regs,
 __put_user(regs->active_tc.gpr[i], >sc_regs[i]);
 }
 
+#if !defined(TARGET_ABI_MIPSP32)
 __put_user(regs->active_tc.HI[0], >sc_mdhi);
 __put_user(regs->active_tc.LO[0], >sc_mdlo);
 
@@ -137,6 +149,7 @@ static inline void setup_sigcontext(CPUMIPSState *regs,
 for (i = 0; i < 32; ++i) {
 __put_user(regs->active_fpu.fpr[i].d, >sc_fpregs[i]);
 }
+#endif
 }
 
 static inline void
@@ -146,13 +159,14 @@ restore_sigcontext(CPUMIPSState *regs, struct 
target_sigcontext *sc)
 
 __get_user(regs->CP0_EPC, >sc_pc);
 
-__get_user(regs->active_tc.HI[0], >sc_mdhi);
-__get_user(regs->active_tc.LO[0], >sc_mdlo);
-
 for (i = 1; i < 32; ++i) {
 __get_user(regs->active_tc.gpr[i], >sc_regs[i]);
 }
 
+#if !defined(TARGET_ABI_MIPSP32)
+__get_user(regs->active_tc.HI[0], >sc_mdhi);
+__get_user(regs->active_tc.LO[0], >sc_mdlo);
+
 __get_user(regs->active_tc.HI[1], >sc_hi1);
 __get_user(regs->active_tc.HI[2], >sc_hi2);
 __get_user(regs->active_tc.HI[3], >sc_hi3);
@@ -168,6 +182,7 @@ restore_sigcontext(CPUMIPSState *regs, struct 
target_sigcontext *sc)
 for (i = 0; i < 32; ++i) {
 __get_user(regs->active_fpu.fpr[i].d, >sc_fpregs[i]);
 }
+#endif
 }
 
 /*
@@ -185,7 +200,7 @@ get_sigframe(struct target_sigaction *ka, CPUMIPSState 
*regs, size_t frame_size)
  */
 sp = target_sigsp(get_sp_from_cpustate(regs) - 32, ka);
 
-return (sp - frame_size) & ~7;
+return (sp - frame_size) & TARGET_ALMASK;
 }
 
 static void mips_set_hflags_isa_mode_from_pc(CPUMIPSState *env)
diff --git a/linux-user/nanomips/signal.c b/linux-user/nanomips/signal.c
new file mode 100644
index 000..86efc21
--- /dev/null
+++ b/linux-user/nanomips/signal.c
@@ -0,0 +1 @@
+#include "../mips/signal.c"
-- 
1.9.1

[Qemu-devel] [PATCH v6 66/77] linux-user: Add sockbits.h header for nanoMIPS

[Stefan Markovic]

From: Aleksandar Rikalo 

Add sockbits.h header for nanoMIPS.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/nanomips/sockbits.h | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 linux-user/nanomips/sockbits.h

diff --git a/linux-user/nanomips/sockbits.h b/linux-user/nanomips/sockbits.h
new file mode 100644
index 000..e6b6d31
--- /dev/null
+++ b/linux-user/nanomips/sockbits.h
@@ -0,0 +1 @@
+#include "../mips/sockbits.h"
-- 
1.9.1

[Qemu-devel] [PATCH v6 64/77] linux-user: Update syscall_defs.h header for nanoMIPS

[Stefan Markovic]

From: Aleksandar Markovic 

Update constants and structures related to linux user syscall support
in nanoMIPS.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/syscall_defs.h | 57 ++-
 1 file changed, 52 insertions(+), 5 deletions(-)

diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 40bb60e..abf94b8 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -374,7 +374,7 @@ struct target_dirent64 {
 #define TARGET_SIG_IGN ((abi_long)1)   /* ignore signal */
 #define TARGET_SIG_ERR ((abi_long)-1)  /* error return from signal */
 
-#ifdef TARGET_MIPS
+#if defined(TARGET_MIPS) && !defined(TARGET_NANOMIPS)
 #define TARGET_NSIG   128
 #else
 #define TARGET_NSIG   64
@@ -445,7 +445,7 @@ struct target_sigaction {
 target_sigset_t sa_mask;
 abi_ulong sa_restorer;
 };
-#elif defined(TARGET_MIPS)
+#elif defined(TARGET_MIPS) && !defined(TARGET_NANOMIPS)
 struct target_sigaction {
uint32_tsa_flags;
 #if defined(TARGET_ABI_MIPSN32)
@@ -459,6 +459,14 @@ struct target_sigaction {
 abi_ulong sa_restorer;
 #endif
 };
+#elif defined(TARGET_NANOMIPS)
+struct target_sigaction {
+abi_ulong _sa_handler;
+abi_uint sa_flags;
+target_sigset_t sa_mask;
+abi_ulong sa_restorer;
+};
+
 #else
 struct target_old_sigaction {
 abi_ulong _sa_handler;
@@ -537,7 +545,7 @@ typedef struct {
 #define QEMU_SI_RT 5
 
 typedef struct target_siginfo {
-#ifdef TARGET_MIPS
+#if defined(TARGET_MIPS) && !defined(TARGET_NANOMIPS)
int si_signo;
int si_code;
int si_errno;
@@ -665,13 +673,16 @@ struct target_rlimit {
 
 #if defined(TARGET_ALPHA)
 #define TARGET_RLIM_INFINITY   0x7fffull
-#elif defined(TARGET_MIPS) || (defined(TARGET_SPARC) && TARGET_ABI_BITS == 32)
+#elif (defined(TARGET_MIPS) && !defined(TARGET_NANOMIPS)) \
+  || (defined(TARGET_SPARC) && TARGET_ABI_BITS == 32)
 #define TARGET_RLIM_INFINITY   0x7fffUL
+#elif defined(TARGET_NANOMIPS)
+#define TARGET_RLIM_INFINITY0x76ffeec4UL
 #else
 #define TARGET_RLIM_INFINITY   ((abi_ulong)-1)
 #endif
 
-#if defined(TARGET_MIPS)
+#if defined(TARGET_MIPS) && !defined(TARGET_NANOMIPS)
 #define TARGET_RLIMIT_CPU  0
 #define TARGET_RLIMIT_FSIZE1
 #define TARGET_RLIMIT_DATA 2
@@ -687,6 +698,22 @@ struct target_rlimit {
 #define TARGET_RLIMIT_MSGQUEUE 12
 #define TARGET_RLIMIT_NICE 13
 #define TARGET_RLIMIT_RTPRIO   14
+#elif defined(TARGET_NANOMIPS)
+#define TARGET_RLIMIT_CPU   0
+#define TARGET_RLIMIT_FSIZE 1
+#define TARGET_RLIMIT_DATA  2
+#define TARGET_RLIMIT_STACK 3
+#define TARGET_RLIMIT_CORE  4
+#define TARGET_RLIMIT_RSS   5
+#define TARGET_RLIMIT_NPROC 6
+#define TARGET_RLIMIT_NOFILE7
+#define TARGET_RLIMIT_MEMLOCK   8
+#define TARGET_RLIMIT_AS9
+#define TARGET_RLIMIT_LOCKS 10
+#define TARGET_RLIMIT_SIGPENDING11
+#define TARGET_RLIMIT_MSGQUEUE  12
+#define TARGET_RLIMIT_NICE  13
+#define TARGET_RLIMIT_RTPRIO14
 #else
 #define TARGET_RLIMIT_CPU  0
 #define TARGET_RLIMIT_FSIZE1
@@ -1657,6 +1684,10 @@ struct target_stat64 {
int64_t st_blocks;
 };
 
+#elif defined(TARGET_ABI_MIPSP32)
+
+/* No struct stat and struct stat64 structures */
+
 #elif defined(TARGET_ALPHA)
 
 struct target_stat {
@@ -2009,6 +2040,22 @@ struct target_statfs {
int32_t f_flags;
int32_t f_spare[5];
 };
+#elif defined(TARGET_ABI_MIPSP32)
+struct target_statfs {
+abi_longf_type;
+abi_longf_bsize;
+abi_longf_blocks;
+abi_longf_bfree;
+abi_longf_bavail;
+abi_longf_files;
+abi_longf_ffree;
+
+/* Linux specials */
+target_fsid_t f_fsid;
+abi_longf_namelen;
+abi_llong   f_frsize;   /* Fragment size - unsupported */
+abi_longf_spare[6];
+};
 #else
 struct target_statfs {
abi_longf_type;
-- 
1.9.1

[Qemu-devel] [PATCH v6 68/77] linux-user: Add target_cpu.h header for nanoMIPS

[Stefan Markovic]

From: Dimitrije Nikolic 

Add target_cpu.h header for nanoMIPS.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/nanomips/target_cpu.h | 21 +
 1 file changed, 21 insertions(+)
 create mode 100644 linux-user/nanomips/target_cpu.h

diff --git a/linux-user/nanomips/target_cpu.h b/linux-user/nanomips/target_cpu.h
new file mode 100644
index 000..bbb51de
--- /dev/null
+++ b/linux-user/nanomips/target_cpu.h
@@ -0,0 +1,21 @@
+#ifndef NANOMIPS_TARGET_CPU_H
+#define NANOMIPS_TARGET_CPU_H
+
+static inline void cpu_clone_regs(CPUMIPSState *env, target_ulong newsp)
+{
+if (newsp) {
+env->active_tc.gpr[29] = newsp;
+}
+env->active_tc.gpr[4] = 0;
+}
+
+static inline void cpu_set_tls(CPUMIPSState *env, target_ulong newtls)
+{
+env->active_tc.CP0_UserLocal = newtls;
+}
+
+static inline abi_ulong get_sp_from_cpustate(CPUMIPSState *state)
+{
+return state->active_tc.gpr[29];
+}
+#endif
-- 
1.9.1

[Qemu-devel] [PATCH v6 63/77] linux-user: Add termbits.h header for nanoMIPS

[Stefan Markovic]

From: Aleksandar Rikalo 

Add termbits.h header for nanoMIPS. Reuse MIPS' termbits.h as
the functionalities are almost identical.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/mips/termbits.h | 4 
 linux-user/nanomips/termbits.h | 1 +
 2 files changed, 5 insertions(+)
 create mode 100644 linux-user/nanomips/termbits.h

diff --git a/linux-user/mips/termbits.h b/linux-user/mips/termbits.h
index 49a72c5..c7254f4 100644
--- a/linux-user/mips/termbits.h
+++ b/linux-user/mips/termbits.h
@@ -1,6 +1,10 @@
 /* from asm/termbits.h */
 
+#ifdef TARGET_NANOMIPS
+#define TARGET_NCCS 32
+#else
 #define TARGET_NCCS 23
+#endif
 
 struct target_termios {
 unsigned int c_iflag;   /* input mode flags */
diff --git a/linux-user/nanomips/termbits.h b/linux-user/nanomips/termbits.h
new file mode 100644
index 000..ea4e962
--- /dev/null
+++ b/linux-user/nanomips/termbits.h
@@ -0,0 +1 @@
+#include "../mips/termbits.h"
-- 
1.9.1

[Qemu-devel] [PATCH v6 65/77] linux-user: Add target_fcntl.h header for nanoMIPS

[Stefan Markovic]

From: Aleksandar Rikalo 

Add fcntl-related constants and structures for nanoMIPS.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/nanomips/target_fcntl.h | 38 ++
 1 file changed, 38 insertions(+)
 create mode 100644 linux-user/nanomips/target_fcntl.h

diff --git a/linux-user/nanomips/target_fcntl.h 
b/linux-user/nanomips/target_fcntl.h
new file mode 100644
index 000..4203825
--- /dev/null
+++ b/linux-user/nanomips/target_fcntl.h
@@ -0,0 +1,38 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or (at your option) any
+ * later version. See the COPYING file in the top-level directory.
+ */
+
+#ifndef NANOMIPS_TARGET_FCNTL_H
+#define NANOMIPS_TARGET_FCNTL_H
+
+#define TARGET_O_APPEND 0x000400
+#define TARGET_O_DSYNC  0x001000
+#define TARGET_O_NONBLOCK   0x000800
+#define TARGET_O_CREAT  0x40
+#define TARGET_O_TRUNC  0x000200
+#define TARGET_O_EXCL   0x80
+#define TARGET_O_NOCTTY 0x000100
+#define TARGET_FASYNC   0x002000
+#define TARGET_O_LARGEFILE  0x008000
+#define TARGET___O_SYNC 0x101000
+#define TARGET_O_DIRECT 0x004000
+#define TARGET_O_CLOEXEC0x08
+
+#define TARGET_F_GETLK 5
+#define TARGET_F_SETLK 6
+#define TARGET_F_SETLKW7
+#define TARGET_F_SETOWN8   /*  for sockets. */
+#define TARGET_F_GETOWN9   /*  for sockets. */
+
+#define TARGET_ARCH_FLOCK_PAD abi_long pad[4];
+#define TARGET_ARCH_FLOCK64_PAD
+
+#define TARGET_F_GETLK64   12  /*  using 'struct flock64' */
+#define TARGET_F_SETLK64   13
+#define TARGET_F_SETLKW64  14
+
+#include "../generic/fcntl.h"
+#endif
-- 
1.9.1

[Qemu-devel] [PATCH v6 61/77] linux-user: Add syscall numbers for nanoMIPS

[Stefan Markovic]

From: Aleksandar Rikalo 

Add syscall numbers for nanoMIPS. nanoMIPS redefines its ABI
compared to preceding MIPS architectures, and its set of
supported system calls is significantly different.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/nanomips/syscall_nr.h | 275 +++
 1 file changed, 275 insertions(+)
 create mode 100644 linux-user/nanomips/syscall_nr.h

diff --git a/linux-user/nanomips/syscall_nr.h b/linux-user/nanomips/syscall_nr.h
new file mode 100644
index 000..b826e5c
--- /dev/null
+++ b/linux-user/nanomips/syscall_nr.h
@@ -0,0 +1,275 @@
+/*
+ * Linux mipsp32 style syscalls.
+ */
+#define TARGET_NR_io_setup   0
+#define TARGET_NR_io_destroy 1
+#define TARGET_NR_io_submit  2
+#define TARGET_NR_io_cancel  3
+#define TARGET_NR_io_getevents   4
+#define TARGET_NR_setxattr   5
+#define TARGET_NR_lsetxattr  6
+#define TARGET_NR_fsetxattr  7
+#define TARGET_NR_getxattr   8
+#define TARGET_NR_lgetxattr  9
+#define TARGET_NR_fgetxattr  10
+#define TARGET_NR_listxattr  11
+#define TARGET_NR_llistxattr 12
+#define TARGET_NR_flistxattr 13
+#define TARGET_NR_removexattr14
+#define TARGET_NR_lremovexattr   15
+#define TARGET_NR_fremovexattr   16
+#define TARGET_NR_getcwd 17
+#define TARGET_NR_lookup_dcookie 18
+#define TARGET_NR_eventfd2   19
+#define TARGET_NR_epoll_create1  20
+#define TARGET_NR_epoll_ctl  21
+#define TARGET_NR_epoll_pwait22
+#define TARGET_NR_dup23
+#define TARGET_NR_dup3   24
+#define TARGET_NR_fcntl6425
+#define TARGET_NR_inotify_init1  26
+#define TARGET_NR_inotify_add_watch  27
+#define TARGET_NR_inotify_rm_watch   28
+#define TARGET_NR_ioctl  29
+#define TARGET_NR_ioprio_set 30
+#define TARGET_NR_ioprio_get 31
+#define TARGET_NR_flock  32
+#define TARGET_NR_mknodat33
+#define TARGET_NR_mkdirat34
+#define TARGET_NR_unlinkat   35
+#define TARGET_NR_symlinkat  36
+#define TARGET_NR_linkat 37
+#define TARGET_NR_umount239
+#define TARGET_NR_mount  40
+#define TARGET_NR_pivot_root 41
+#define TARGET_NR_nfsservctl 42
+#define TARGET_NR_statfs64   43
+#define TARGET_NR_fstatfs64  44
+#define TARGET_NR_truncate64 45
+#define TARGET_NR_ftruncate6446
+#define TARGET_NR_fallocate  47
+#define TARGET_NR_faccessat  48
+#define TARGET_NR_chdir  49
+#define TARGET_NR_fchdir 50
+#define TARGET_NR_chroot 51
+#define TARGET_NR_fchmod 52
+#define TARGET_NR_fchmodat   53
+#define TARGET_NR_fchownat   54
+#define TARGET_NR_fchown 55
+#define TARGET_NR_openat 56
+#define TARGET_NR_close  57
+#define TARGET_NR_vhangup58
+#define TARGET_NR_pipe2  59
+#define TARGET_NR_quotactl   60
+#define TARGET_NR_getdents64 61
+#define TARGET_NR__llseek62
+#define TARGET_NR_read   63
+#define TARGET_NR_write  64
+#define TARGET_NR_readv  65
+#define TARGET_NR_writev 66
+#define TARGET_NR_pread6467
+#define TARGET_NR_pwrite64   68
+#define TARGET_NR_preadv 69
+#define TARGET_NR_pwritev70
+#define TARGET_NR_sendfile64 71
+#define TARGET_NR_pselect6   72
+#define TARGET_NR_ppoll  73
+#define TARGET_NR_signalfd4  74
+#define TARGET_NR_vmsplice   75
+#define TARGET_NR_splice 76
+#define TARGET_NR_tee77
+#define TARGET_NR_readlinkat 78
+#define TARGET_NR_sync   81
+#define TARGET_NR_fsync  82
+#define TARGET_NR_fdatasync  83
+#define TARGET_NR_sync_file_range2   84
+#define TARGET_NR_timerfd_create 85
+#define TARGET_NR_timerfd_settime86
+#define TARGET_NR_timerfd_gettime87
+#define TARGET_NR_utimensat  88
+#define TARGET_NR_acct   89
+#define TARGET_NR_capget   

[Qemu-devel] [PATCH v6 62/77] linux-user: Add target_signal.h header for nanoMIPS

[Stefan Markovic]

From: Aleksandar Rikalo 

nanoMIPS signal handling is much closer to the signal handling in
other mainstream platforms than to the signal handling in preceding
MIPS platforms.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 linux-user/nanomips/target_signal.h | 22 ++
 1 file changed, 22 insertions(+)
 create mode 100644 linux-user/nanomips/target_signal.h

diff --git a/linux-user/nanomips/target_signal.h 
b/linux-user/nanomips/target_signal.h
new file mode 100644
index 000..604e853
--- /dev/null
+++ b/linux-user/nanomips/target_signal.h
@@ -0,0 +1,22 @@
+#ifndef NANOMIPS_TARGET_SIGNAL_H
+#define NANOMIPS_TARGET_SIGNAL_H
+
+#include "../generic/signal.h"
+#undef TARGET_SIGRTMIN
+#define TARGET_SIGRTMIN   35
+
+/* this struct defines a stack used during syscall handling */
+typedef struct target_sigaltstack {
+abi_long ss_sp;
+abi_ulong ss_size;
+abi_long ss_flags;
+} target_stack_t;
+
+/* sigaltstack controls */
+#define TARGET_SS_ONSTACK 1
+#define TARGET_SS_DISABLE 2
+
+#define TARGET_MINSIGSTKSZ6144
+#define TARGET_SIGSTKSZ   12288
+
+#endif
-- 
1.9.1

[Qemu-devel] [PATCH v6 59/77] gdbstub: Add XML support for GDB for nanoMIPS

[Stefan Markovic]

From: Stefan Markovic 

Add XML support files for GDB for nanoMIPS.

Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 MAINTAINERS|  3 ++-
 gdb-xml/nanomips-cp0.xml   | 13 +
 gdb-xml/nanomips-cpu.xml   | 44 
 gdb-xml/nanomips-dsp.xml   | 20 
 gdb-xml/nanomips-fpu.xml   | 45 +
 gdb-xml/nanomips-linux.xml | 20 
 6 files changed, 144 insertions(+), 1 deletion(-)
 create mode 100644 gdb-xml/nanomips-cp0.xml
 create mode 100644 gdb-xml/nanomips-cpu.xml
 create mode 100644 gdb-xml/nanomips-dsp.xml
 create mode 100644 gdb-xml/nanomips-fpu.xml
 create mode 100644 gdb-xml/nanomips-linux.xml

diff --git a/MAINTAINERS b/MAINTAINERS
index 7130807..a4907d0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -190,6 +190,8 @@ M: Aurelien Jarno 
 M: Aleksandar Markovic 
 S: Maintained
 F: target/mips/
+F: disas/mips.c
+F: gdb-xml/*ips*.xml
 F: hw/mips/
 F: hw/misc/mips_*
 F: hw/intc/mips_gic.c
@@ -199,7 +201,6 @@ F: include/hw/misc/mips_*
 F: include/hw/intc/mips_gic.h
 F: include/hw/timer/mips_gictimer.h
 F: tests/tcg/mips/
-F: disas/mips.c
 
 Moxie
 M: Anthony Green 
diff --git a/gdb-xml/nanomips-cp0.xml b/gdb-xml/nanomips-cp0.xml
new file mode 100644
index 000..8095dc6
--- /dev/null
+++ b/gdb-xml/nanomips-cp0.xml
@@ -0,0 +1,13 @@
+
+
+
+
+
+  
+  
+  
+
diff --git a/gdb-xml/nanomips-cpu.xml b/gdb-xml/nanomips-cpu.xml
new file mode 100644
index 000..6bba224
--- /dev/null
+++ b/gdb-xml/nanomips-cpu.xml
@@ -0,0 +1,44 @@
+
+
+
+
+
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+
+  
+
diff --git a/gdb-xml/nanomips-dsp.xml b/gdb-xml/nanomips-dsp.xml
new file mode 100644
index 000..950910f
--- /dev/null
+++ b/gdb-xml/nanomips-dsp.xml
@@ -0,0 +1,20 @@
+
+
+
+
+
+  
+  
+  
+  
+  
+  
+  
+  
+
+  
+
diff --git a/gdb-xml/nanomips-fpu.xml b/gdb-xml/nanomips-fpu.xml
new file mode 100644
index 000..fd225a5
--- /dev/null
+++ b/gdb-xml/nanomips-fpu.xml
@@ -0,0 +1,45 @@
+
+
+
+
+
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+  
+
+  
+  
+
diff --git a/gdb-xml/nanomips-linux.xml b/gdb-xml/nanomips-linux.xml
new file mode 100644
index 000..8a04634
--- /dev/null
+++ b/gdb-xml/nanomips-linux.xml
@@ -0,0 +1,20 @@
+
+
+
+
+
+  nanomips
+  GNU/Linux
+  
+  
+  
+  
+
+  
+
+  
+
-- 
1.9.1

[Qemu-devel] [PATCH v6 58/77] gdbstub: Disable handling of nanoMIPS ISA bit in the MIPS gdbstub

[Stefan Markovic]

From: James Hogan 

nanoMIPS has no ISA bit in the PC, so remove the handling of the low bit
of the PC in the MIPS gdbstub for nanoMIPS. This prevents the PC being
read as e.g. 0xbfc1, and prevents writing to the PC clearing
MIPS_HFLAG_M16.

Signed-off-by: James Hogan 
Signed-off-by: Yongbok Kim 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 target/mips/gdbstub.c | 13 -
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/target/mips/gdbstub.c b/target/mips/gdbstub.c
index 18e0e6d..559b69f 100644
--- a/target/mips/gdbstub.c
+++ b/target/mips/gdbstub.c
@@ -60,7 +60,8 @@ int mips_cpu_gdb_read_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 return gdb_get_regl(mem_buf, (int32_t)env->CP0_Cause);
 case 37:
 return gdb_get_regl(mem_buf, env->active_tc.PC |
- !!(env->hflags & MIPS_HFLAG_M16));
+ (!(env->insn_flags & ISA_NANOMIPS32) &&
+  env->hflags & MIPS_HFLAG_M16));
 case 72:
 return gdb_get_regl(mem_buf, 0); /* fp */
 case 89:
@@ -131,10 +132,12 @@ int mips_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 break;
 case 37:
 env->active_tc.PC = tmp & ~(target_ulong)1;
-if (tmp & 1) {
-env->hflags |= MIPS_HFLAG_M16;
-} else {
-env->hflags &= ~(MIPS_HFLAG_M16);
+if (!(env->insn_flags & ISA_NANOMIPS32)) {
+if (tmp & 1) {
+env->hflags |= MIPS_HFLAG_M16;
+} else {
+env->hflags &= ~(MIPS_HFLAG_M16);
+}
 }
 break;
 case 72: /* fp, ignored */
-- 
1.9.1

[Qemu-devel] [PATCH v6 60/77] target/mips: Add definition of nanoMIPS I7200 CPU

[Stefan Markovic]

From: Stefan Markovic 

Add definition of the first nanoMIPS processor in QEMU.

Signed-off-by: Yongbok Kim 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 target/mips/translate_init.inc.c | 39 +++
 1 file changed, 39 insertions(+)

diff --git a/target/mips/translate_init.inc.c b/target/mips/translate_init.inc.c
index c7ba6ee..b3320b9 100644
--- a/target/mips/translate_init.inc.c
+++ b/target/mips/translate_init.inc.c
@@ -449,6 +449,45 @@ const mips_def_t mips_defs[] =
 .insn_flags = CPU_MIPS32R6 | ASE_MICROMIPS,
 .mmu_type = MMU_TYPE_R4000,
 },
+{
+.name = "I7200",
+.CP0_PRid = 0x0001,
+.CP0_Config0 = MIPS_CONFIG0 | (1 << CP0C0_MM) | (0x2 << CP0C0_AR) |
+(MMU_TYPE_R4000 << CP0C0_MT),
+.CP0_Config1 = (1U << CP0C1_M) | (15 << CP0C1_MMU) | (2 << CP0C1_IS) |
+   (4 << CP0C1_IL) | (3 << CP0C1_IA) | (2 << CP0C1_DS) |
+   (4 << CP0C1_DL) | (3 << CP0C1_DA) | (1 << CP0C1_PC) |
+   (1 << CP0C1_EP),
+.CP0_Config2 = MIPS_CONFIG2,
+.CP0_Config3 = MIPS_CONFIG3 | (1U << CP0C3_M) | (1 << CP0C3_CMGCR) |
+   (1 << CP0C3_BI) | (1 << CP0C3_SC) | (3 << CP0C3_MMAR) |
+   (1 << CP0C3_ISA_ON_EXC) | (1 << CP0C3_ISA) |
+   (1 << CP0C3_ULRI) | (1 << CP0C3_RXI) |
+   (1 << CP0C3_DSP2P) | (1 << CP0C3_DSPP) |
+   (1 << CP0C3_CTXTC) | (1 << CP0C3_VInt) |
+   (1 << CP0C3_CDMM) | (1 << CP0C3_MT) | (1 << CP0C3_TL),
+.CP0_Config4 = MIPS_CONFIG4 | (0xfc << CP0C4_KScrExist) |
+   (2 << CP0C4_IE) | (1U << CP0C4_M),
+.CP0_Config5 = MIPS_CONFIG5 | (1 << CP0C5_MVH) | (1 << CP0C5_LLB),
+.CP0_Config5_rw_bitmask = (1 << CP0C5_SBRI) | (1 << CP0C5_FRE) |
+  (1 << CP0C5_UFE),
+.CP0_LLAddr_rw_bitmask = 0,
+.CP0_LLAddr_shift = 0,
+.SYNCI_Step = 32,
+.CCRes = 2,
+.CP0_Status_rw_bitmask = 0x3158FF1F,
+.CP0_PageGrain = (1 << CP0PG_IEC) | (1 << CP0PG_XIE) |
+ (1U << CP0PG_RIE),
+.CP0_PageGrain_rw_bitmask = 0,
+.CP1_fcr0 = (1 << FCR0_FREP) | (1 << FCR0_HAS2008) | (1 << FCR0_F64) |
+(1 << FCR0_L) | (1 << FCR0_W) | (1 << FCR0_D) |
+(1 << FCR0_S) | (0x02 << FCR0_PRID) | (0x0 << FCR0_REV),
+.CP1_fcr31 = (1 << FCR31_ABS2008) | (1 << FCR31_NAN2008),
+.SEGBITS = 32,
+.PABITS = 32,
+.insn_flags = CPU_NANOMIPS32 | ASE_DSP | ASE_DSPR2 | ASE_MT,
+.mmu_type = MMU_TYPE_R4000,
+},
 #if defined(TARGET_MIPS64)
 {
 .name = "R4000",
-- 
1.9.1

[Qemu-devel] [PATCH v6 43/77] target/mips: Add emulation of DSP ASE for nanoMIPS - part 6

[Stefan Markovic]

From: Stefan Markovic 

Add emulation of DSP ASE instructions for nanoMIPS - part 6.

Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 target/mips/translate.c | 64 +
 1 file changed, 64 insertions(+)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index 2a45302..7e495d2 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -17558,6 +17558,66 @@ static void gen_pool32axf_4_nanomips_insn(DisasContext 
*ctx, uint32_t opc,
 tcg_temp_free(v0_t);
 }
 
+static void gen_pool32axf_7_nanomips_insn(DisasContext *ctx, uint32_t opc,
+  int ret, int v1, int v2)
+{
+if (ret == 0) {
+/* Treat as NOP. */
+return;
+}
+
+int16_t imm;
+
+TCGv t0;
+TCGv v1_t;
+
+t0 = tcg_temp_new();
+v1_t = tcg_temp_new();
+
+gen_load_gpr(v1_t, v1);
+
+switch (opc) {
+case NM_SHRA_R_QB:
+tcg_gen_movi_tl(t0, v2 >> 2);
+switch (extract32(ctx->opcode, 12, 1)) {
+case 0:
+/* NM_SHRA_QB */
+check_dspr2(ctx);
+gen_helper_shra_qb(cpu_gpr[ret], t0, v1_t);
+break;
+case 1:
+/* NM_SHRA_R_QB */
+check_dspr2(ctx);
+gen_helper_shra_r_qb(cpu_gpr[ret], t0, v1_t);
+break;
+}
+break;
+case NM_SHRL_PH:
+check_dspr2(ctx);
+tcg_gen_movi_tl(t0, v2 >> 1);
+gen_helper_shrl_ph(cpu_gpr[ret], t0, v1_t);
+break;
+case NM_REPL_QB:
+{
+check_dsp(ctx);
+target_long result;
+imm = extract32(ctx->opcode, 13, 8);
+result = (uint32_t)imm << 24 |
+ (uint32_t)imm << 16 |
+(uint32_t)imm << 8  |
+ (uint32_t)imm;
+result = (int32_t)result;
+tcg_gen_movi_tl(cpu_gpr[ret], result);
+}
+break;
+default:
+generate_exception_end(ctx, EXCP_RI);
+break;
+}
+tcg_temp_free(t0);
+tcg_temp_free(v1_t);
+}
+
 
 static void gen_pool32axf_nanomips_insn(CPUMIPSState *env, DisasContext *ctx)
 {
@@ -17653,6 +17713,10 @@ static void gen_pool32axf_nanomips_insn(CPUMIPSState 
*env, DisasContext *ctx)
 }
 break;
 case NM_POOL32AXF_7:
+{
+int32_t op1 = extract32(ctx->opcode, 9, 3);
+gen_pool32axf_7_nanomips_insn(ctx, op1, rt, rs, rd);
+}
 break;
 default:
 generate_exception_end(ctx, EXCP_RI);
-- 
1.9.1

[Qemu-devel] [PATCH v6 47/77] target/mips: Implement CP0 Config1.WR bit functionality

[Stefan Markovic]

From: Stefan Markovic 

Add testing Config1.WR bit into watch exception handling logic.

Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 target/mips/helper.c| 1 +
 target/mips/translate.c | 8 
 2 files changed, 9 insertions(+)

diff --git a/target/mips/helper.c b/target/mips/helper.c
index b25e000..f06ffe6 100644
--- a/target/mips/helper.c
+++ b/target/mips/helper.c
@@ -747,6 +747,7 @@ void mips_cpu_do_interrupt(CPUState *cs)
 (env->hflags & MIPS_HFLAG_DM)) {
 cs->exception_index = EXCP_DINT;
 }
+
 offset = 0x180;
 switch (cs->exception_index) {
 case EXCP_DSS:
diff --git a/target/mips/translate.c b/target/mips/translate.c
index 88d28c8..8306986 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -5609,6 +5609,7 @@ static void gen_mfc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 case 5:
 case 6:
 case 7:
+CP0_CHECK(ctx->CP0_Config1 & (1 << CP0C1_WR));
 gen_helper_1e0i(mfc0_watchlo, arg, sel);
 rn = "WatchLo";
 break;
@@ -5626,6 +5627,7 @@ static void gen_mfc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 case 5:
 case 6:
 case 7:
+CP0_CHECK(ctx->CP0_Config1 & (1 << CP0C1_WR));
 gen_helper_1e0i(mfc0_watchhi, arg, sel);
 rn = "WatchHi";
 break;
@@ -6308,6 +6310,7 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 case 5:
 case 6:
 case 7:
+CP0_CHECK(ctx->CP0_Config1 & (1 << CP0C1_WR));
 gen_helper_0e1i(mtc0_watchlo, arg, sel);
 rn = "WatchLo";
 break;
@@ -6325,6 +6328,7 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 case 5:
 case 6:
 case 7:
+CP0_CHECK(ctx->CP0_Config1 & (1 << CP0C1_WR));
 gen_helper_0e1i(mtc0_watchhi, arg, sel);
 rn = "WatchHi";
 break;
@@ -7011,6 +7015,7 @@ static void gen_dmfc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 case 5:
 case 6:
 case 7:
+CP0_CHECK(ctx->CP0_Config1 & (1 << CP0C1_WR));
 gen_helper_1e0i(dmfc0_watchlo, arg, sel);
 rn = "WatchLo";
 break;
@@ -7028,6 +7033,7 @@ static void gen_dmfc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 case 5:
 case 6:
 case 7:
+CP0_CHECK(ctx->CP0_Config1 & (1 << CP0C1_WR));
 gen_helper_1e0i(mfc0_watchhi, arg, sel);
 rn = "WatchHi";
 break;
@@ -7692,6 +7698,7 @@ static void gen_dmtc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 case 5:
 case 6:
 case 7:
+CP0_CHECK(ctx->CP0_Config1 & (1 << CP0C1_WR));
 gen_helper_0e1i(mtc0_watchlo, arg, sel);
 rn = "WatchLo";
 break;
@@ -7709,6 +7716,7 @@ static void gen_dmtc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 case 5:
 case 6:
 case 7:
+CP0_CHECK(ctx->CP0_Config1 & (1 << CP0C1_WR));
 gen_helper_0e1i(mtc0_watchhi, arg, sel);
 rn = "WatchHi";
 break;
-- 
1.9.1

[Qemu-devel] [PATCH v6 57/77] mips_malta: Fix semihosting argument passing for nanoMIPS bare metal

[Stefan Markovic]

From: Stefan Markovic 

Signed-off-by: Yongbok Kim 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 hw/mips/mips_malta.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index d1a7c1f..8bb1686 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -643,7 +643,12 @@ static void write_bootloader_nanomips(uint8_t *base, 
int64_t run_addr,
 stw_p(p++, 0x8000); stw_p(p++, 0xc000); /* nop */
 
 /* to_here: */
-stw_p(p++, 0x0080); stw_p(p++, 0x0002); /* li a0,2 */
+if (semihosting_get_argc()) {
+/* Preserve a0 content as arguments have been passed */
+stw_p(p++, 0x8000); stw_p(p++, 0xc000); /* nop */
+} else {
+stw_p(p++, 0x0080); stw_p(p++, 0x0002); /* li a0,2 */
+}
 stw_p(p++, 0xe3a0 | NM_HI1(ENVP_ADDR - 64));
 stw_p(p++, NM_HI2(ENVP_ADDR - 64));
 /* lui sp,%hi(ENVP_ADDR - 64) */
-- 
1.9.1

[Qemu-devel] [PATCH v6 56/77] mips_malta: Setup GT64120 BARs in nanoMIPS bootloader

[Stefan Markovic]

From: Paul Burton 

Setup the GT64120 BARs in the nanoMIPS bootloader, in the same way that
they are setup in the MIPS32 bootloader. This is necessary for Linux to
be able to access peripherals, including the UART.

Signed-off-by: Paul Burton 
Signed-off-by: Yongbok Kim 
Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
Reviewed-by: Aleksandar Markovic 
---
 hw/mips/mips_malta.c | 73 
 1 file changed, 73 insertions(+)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 4bc9036..d1a7c1f 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -664,6 +664,79 @@ static void write_bootloader_nanomips(uint8_t *base, 
int64_t run_addr,
 /* lui a3,%hi(loaderparams.ram_low_size) */
 stw_p(p++, 0x80e7); stw_p(p++, NM_LO(loaderparams.ram_low_size));
 /* ori a3,a3,%lo(loaderparams.ram_low_size) */
+
+/* Load BAR registers as done by YAMON */
+stw_p(p++, 0xe040); stw_p(p++, 0x0681);
+/* lui t1, %hi(0xb400) */
+#ifdef TARGET_WORDS_BIGENDIAN
+stw_p(p++, 0xe020); stw_p(p++, 0x0be1);
+/* lui t0, %hi(0xdf00) */
+#else
+stw_p(p++, 0x0020); stw_p(p++, 0x00df);
+/* addiu[32] t0, $0, 0xdf */
+#endif
+stw_p(p++, 0x8422); stw_p(p++, 0x9068);
+/* sw t0, 0x68(t1) */
+
+stw_p(p++, 0xe040); stw_p(p++, 0x077d);
+/* lui t1, %hi(0xbbe0) */
+#ifdef TARGET_WORDS_BIGENDIAN
+stw_p(p++, 0xe020); stw_p(p++, 0x0801);
+/* lui t0, %hi(0xc000) */
+#else
+stw_p(p++, 0x0020); stw_p(p++, 0x00c0);
+/* addiu[32] t0, $0, 0xc0 */
+#endif
+stw_p(p++, 0x8422); stw_p(p++, 0x9048);
+/* sw t0, 0x48(t1) */
+#ifdef TARGET_WORDS_BIGENDIAN
+stw_p(p++, 0xe020); stw_p(p++, 0x0800);
+/* lui t0, %hi(0x4000) */
+#else
+stw_p(p++, 0x0020); stw_p(p++, 0x0040);
+/* addiu[32] t0, $0, 0x40 */
+#endif
+stw_p(p++, 0x8422); stw_p(p++, 0x9050);
+/* sw t0, 0x50(t1) */
+
+#ifdef TARGET_WORDS_BIGENDIAN
+stw_p(p++, 0xe020); stw_p(p++, 0x0001);
+/* lui t0, %hi(0x8000) */
+#else
+stw_p(p++, 0x0020); stw_p(p++, 0x0080);
+/* addiu[32] t0, $0, 0x80 */
+#endif
+stw_p(p++, 0x8422); stw_p(p++, 0x9058);
+/* sw t0, 0x58(t1) */
+#ifdef TARGET_WORDS_BIGENDIAN
+stw_p(p++, 0xe020); stw_p(p++, 0x07e0);
+/* lui t0, %hi(0x3f00) */
+#else
+stw_p(p++, 0x0020); stw_p(p++, 0x003f);
+/* addiu[32] t0, $0, 0x3f */
+#endif
+stw_p(p++, 0x8422); stw_p(p++, 0x9060);
+/* sw t0, 0x60(t1) */
+
+#ifdef TARGET_WORDS_BIGENDIAN
+stw_p(p++, 0xe020); stw_p(p++, 0x0821);
+/* lui t0, %hi(0xc100) */
+#else
+stw_p(p++, 0x0020); stw_p(p++, 0x00c1);
+/* addiu[32] t0, $0, 0xc1 */
+#endif
+stw_p(p++, 0x8422); stw_p(p++, 0x9080);
+/* sw t0, 0x80(t1) */
+#ifdef TARGET_WORDS_BIGENDIAN
+stw_p(p++, 0xe020); stw_p(p++, 0x0bc0);
+/* lui t0, %hi(0x5e00) */
+#else
+stw_p(p++, 0x0020); stw_p(p++, 0x005e);
+/* addiu[32] t0, $0, 0x5e */
+#endif
+stw_p(p++, 0x8422); stw_p(p++, 0x9088);
+/* sw t0, 0x88(t1) */
+
 stw_p(p++, 0xe320 | NM_HI1(kernel_entry));
 stw_p(p++, NM_HI2(kernel_entry));
 /* lui t9,%hi(kernel_entry) */
-- 
1.9.1

[Qemu-devel] [PATCH v6 42/77] target/mips: Add emulation of DSP ASE for nanoMIPS - part 5

[Stefan Markovic]

From: Stefan Markovic 

Add emulation of DSP ASE instructions for nanoMIPS - part 5.

Signed-off-by: Aleksandar Markovic 
Signed-off-by: Stefan Markovic 
---
 target/mips/translate.c | 159 
 1 file changed, 159 insertions(+)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index aa1dff5..2a45302 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -17403,6 +17403,161 @@ static void 
gen_pool32axf_2_nanomips_insn(DisasContext *ctx, uint32_t opc,
 tcg_temp_free(v1_t);
 }
 
+static void gen_pool32axf_4_nanomips_insn(DisasContext *ctx, uint32_t opc,
+  int rt, int rs)
+{
+int ret = rt;
+
+TCGv t0;
+TCGv v0_t;
+
+t0 = tcg_temp_new();
+
+v0_t = tcg_temp_new();
+
+gen_load_gpr(v0_t, rs);
+
+switch (opc) {
+case NM_ABSQ_S_QB:
+check_dspr2(ctx);
+gen_helper_absq_s_qb(v0_t, v0_t, cpu_env);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_ABSQ_S_PH:
+check_dsp(ctx);
+gen_helper_absq_s_ph(v0_t, v0_t, cpu_env);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_ABSQ_S_W:
+check_dsp(ctx);
+gen_helper_absq_s_w(v0_t, v0_t, cpu_env);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_PRECEQ_W_PHL:
+check_dsp(ctx);
+tcg_gen_andi_tl(v0_t, v0_t, 0x);
+tcg_gen_ext32s_tl(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_PRECEQ_W_PHR:
+check_dsp(ctx);
+tcg_gen_andi_tl(v0_t, v0_t, 0x);
+tcg_gen_shli_tl(v0_t, v0_t, 16);
+tcg_gen_ext32s_tl(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_PRECEQU_PH_QBL:
+check_dsp(ctx);
+gen_helper_precequ_ph_qbl(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_PRECEQU_PH_QBR:
+check_dsp(ctx);
+gen_helper_precequ_ph_qbr(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_PRECEQU_PH_QBLA:
+check_dsp(ctx);
+gen_helper_precequ_ph_qbla(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_PRECEQU_PH_QBRA:
+check_dsp(ctx);
+gen_helper_precequ_ph_qbra(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_PRECEU_PH_QBL:
+check_dsp(ctx);
+gen_helper_preceu_ph_qbl(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_PRECEU_PH_QBR:
+check_dsp(ctx);
+gen_helper_preceu_ph_qbr(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_PRECEU_PH_QBLA:
+check_dsp(ctx);
+gen_helper_preceu_ph_qbla(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_PRECEU_PH_QBRA:
+check_dsp(ctx);
+gen_helper_preceu_ph_qbra(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_REPLV_PH:
+check_dsp(ctx);
+tcg_gen_ext16u_tl(v0_t, v0_t);
+tcg_gen_shli_tl(t0, v0_t, 16);
+tcg_gen_or_tl(v0_t, v0_t, t0);
+tcg_gen_ext32s_tl(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_REPLV_QB:
+check_dsp(ctx);
+{
+TCGv val_t;
+
+val_t = tcg_temp_new();
+gen_load_gpr(val_t, rs);
+
+tcg_gen_ext8u_tl(val_t, val_t);
+tcg_gen_shli_tl(t0, val_t, 8);
+tcg_gen_or_tl(val_t, val_t, t0);
+tcg_gen_shli_tl(t0, val_t, 16);
+tcg_gen_or_tl(val_t, val_t, t0);
+tcg_gen_ext32s_tl(val_t, val_t);
+gen_store_gpr(val_t, ret);
+}
+break;
+case NM_BITREV:
+check_dsp(ctx);
+gen_helper_bitrev(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_INSV:
+check_dsp(ctx);
+{
+TCGv tv0;
+
+tv0 = tcg_temp_new();
+
+gen_load_gpr(tv0, rt);
+
+gen_helper_insv(v0_t, cpu_env, v0_t, tv0);
+gen_store_gpr(v0_t, ret);
+
+tcg_temp_free(tv0);
+}
+break;
+case NM_RADDU_W_QB:
+check_dsp(ctx);
+gen_helper_raddu_w_qb(v0_t, v0_t);
+gen_store_gpr(v0_t, ret);
+break;
+case NM_BITSWAP:
+gen_bitswap(ctx, OPC_BITSWAP, ret, rs);
+break;
+case NM_CLO:
+gen_cl(ctx, OPC_CLO, ret, rs);
+break;
+case NM_CLZ:
+gen_cl(ctx, OPC_CLZ, ret, rs);
+break;
+case NM_WSBH:
+gen_bshfl(ctx, OPC_WSBH, ret, rs);
+break;
+default:
+generate_exception_end(ctx, EXCP_RI);
+break;
+}
+
+tcg_temp_free(t0);
+
+tcg_temp_free(v0_t);
+}
+
 
 static void gen_pool32axf_nanomips_insn(CPUMIPSState *env, DisasContext *ctx)
 {
@@ -17424,6 +17579,10 @@ static void gen_pool32axf_nanomips_insn(CPUMIPSState 
*env, DisasContext *ctx)
 }
 break;