Re: [Qemu-devel] [PATCH v4 02/11] hw/m68k: implement ADB bus support for via

[Thomas Huth]

On 2018-10-18 19:28, Mark Cave-Ayland wrote:
> From: Laurent Vivier 
> 
> Co-developed-by: Mark Cave-Ayland 
> Signed-off-by: Mark Cave-Ayland 
> Signed-off-by: Laurent Vivier 
> ---
>  hw/input/adb.c|   2 +
>  hw/misc/mac_via.c | 166 
> ++
>  include/hw/misc/mac_via.h |   7 ++
>  3 files changed, 175 insertions(+)
> 
> diff --git a/hw/input/adb.c b/hw/input/adb.c
> index bbb40aeef1..d69ca74364 100644
> --- a/hw/input/adb.c
> +++ b/hw/input/adb.c
> @@ -25,6 +25,8 @@
>  #include "hw/input/adb.h"
>  #include "adb-internal.h"
>  
> +#define ADB_POLL_FREQ 50

A single define without a user in a .c file? Looks suspicious...

As far as I can see, this has been replace by VIA_ADB_POLL_FREQ which
has been introduced in the previous patch already, so you can remove
this define here.

>  /* error codes */
>  #define ADB_RET_NOTPRESENT (-2)
>  
> diff --git a/hw/misc/mac_via.c b/hw/misc/mac_via.c
> index 084974a24d..1ec563a707 100644
> --- a/hw/misc/mac_via.c
> +++ b/hw/misc/mac_via.c
[...]
> +static int adb_via_send(MacVIAState *s, int state, uint8_t data)
> +{
> +switch (state) {
> +case ADB_STATE_NEW:
> +s->adb_data_out_index = 0;
> +break;
> +case ADB_STATE_EVEN:
> +if ((s->adb_data_out_index & 1) == 0) {
> +return 0;
> +}
> +break;
> +case ADB_STATE_ODD:
> +if (s->adb_data_out_index & 1) {
> +return 0;
> +}
> +break;
> +case ADB_STATE_IDLE:
> +return 0;
> +}

Could you please add a

 assert(s->adb_data_out_index < sizeof(s->adb_data_out) -1);

here, just in case?

> +s->adb_data_out[s->adb_data_out_index++] = data;
> +qemu_irq_raise(s->adb_data_ready);
> +return 1;
> +}
> +
> +static int adb_via_receive(MacVIAState *s, int state, uint8_t *data)
> +{
> +switch (state) {
> +case ADB_STATE_NEW:
> +return 0;
> +case ADB_STATE_EVEN:
> +if (s->adb_data_in_size <= 0) {
> +qemu_irq_raise(s->adb_data_ready);
> +return 0;
> +}
> +if (s->adb_data_in_index >= s->adb_data_in_size) {
> +*data = 0;
> +qemu_irq_raise(s->adb_data_ready);
> +return 1;
> +}
> +if ((s->adb_data_in_index & 1) == 0) {
> +return 0;
> +}
> +break;
> +case ADB_STATE_ODD:
> +if (s->adb_data_in_size <= 0) {
> +qemu_irq_raise(s->adb_data_ready);
> +return 0;
> +}
> +if (s->adb_data_in_index >= s->adb_data_in_size) {
> +*data = 0;
> +qemu_irq_raise(s->adb_data_ready);
> +return 1;
> +}
> +if (s->adb_data_in_index & 1) {
> +return 0;
> +}
> +break;
> +case ADB_STATE_IDLE:
> +if (s->adb_data_out_index == 0) {
> +return 0;
> +}
> +s->adb_data_in_size = adb_request(&s->adb_bus, s->adb_data_in,
> +  s->adb_data_out,
> +  s->adb_data_out_index);
> +s->adb_data_out_index = 0;
> +s->adb_data_in_index = 0;
> +if (s->adb_data_in_size < 0) {
> +*data = 0xff;
> +qemu_irq_raise(s->adb_data_ready);
> +return -1;
> +}
> +if (s->adb_data_in_size == 0) {
> +return 0;
> +}
> +break;
> +}

Please also add an assert before the next line here - just in case...

> +*data = s->adb_data_in[s->adb_data_in_index++];
> +qemu_irq_raise(s->adb_data_ready);
> +if (*data == 0xff || *data == 0) {
> +return 0;
> +}
> +return 1;
> +}

 Thomas

Re: [Qemu-devel] [PATCH v4 01/11] hw/m68k: add via support

[Thomas Huth]

On 2018-10-18 19:28, Mark Cave-Ayland wrote:
> From: Laurent Vivier 
> 
> Co-developed-by: Mark Cave-Ayland 
> Signed-off-by: Mark Cave-Ayland 
> Signed-off-by: Laurent Vivier 
> ---
[...]
> diff --git a/hw/misc/mac_via.c b/hw/misc/mac_via.c
> new file mode 100644
> index 00..084974a24d
> --- /dev/null
> +++ b/hw/misc/mac_via.c
> @@ -0,0 +1,668 @@
> +/*
> + * QEMU m68k Macintosh VIA device support
> + *
> + * Copyright (c) 2011-2018 Laurent Vivier

Should Mark be listed here, too? (since it has been co-developed?)

> + *
> + * Some parts from hw/cuda.c

That's hw/misc/macio/cuda.c now.

> + *
> + * Copyright (c) 2004-2007 Fabrice Bellard
> + * Copyright (c) 2007 Jocelyn Mayer
> + *
> + * some parts from linux-2.6.29, arch/m68k/include/asm/mac_via.h
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + *

Maybe remove the empty line?

> + */
> +
> +#include "qemu/osdep.h"
> +#include "hw/sysbus.h"
> +#include "qemu/timer.h"
> +#include "hw/misc/mac_via.h"
> +#include "hw/misc/mos6522.h"
> +#include "hw/input/adb.h"
> +#include "sysemu/sysemu.h"
> +#include "qapi/error.h"
> +#include "qemu/cutils.h"
> +
> +
> +/*
> + * VIAs: There are two in every machine,

Remove the comma at the end. And maybe add a very short description what
a "VIA" is (for those who don't know this chip)

> + */
> +
> +#define VIA_SIZE (0x2000)
> +
> +/*
> + * Not all of these are true post MacII I think.
> + * CSA: probably the ones CHRP marks as 'unused' change purposes

What is CSA?

> + * when the IWM becomes the SWIM.
> + * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
> + * 
> ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
> + *
> + * also, http://developer.apple.com/technotes/hw/hw_09.html claims the

All three URLs seem to be dead. Use archive.org?

> + * following changes for IIfx:
> + * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
> + * Also, "All of the functionality of VIA2 has been moved to other chips".
> + */
> +
> +#define VIA1A_vSccWrReq 0x80   /* SCC write. (input)
> +* [CHRP] SCC WREQ: Reflects the state of the
> +* Wait/Request pins from the SCC.
> +* [Macintosh Family Hardware]
> +* as CHRP on SE/30,II,IIx,IIcx,IIci.
> +* on IIfx, "0 means an active request"
> +*/
> +#define VIA1A_vRev8 0x40   /* Revision 8 board ???
> +* [CHRP] En WaitReqB: Lets the WaitReq_L
> +* signal from port B of the SCC appear on
> +* the PA7 input pin. Output.
> +* [Macintosh Family] On the SE/30, this
> +* is the bit to flip screen buffers.
> +* 0=alternate, 1=main.
> +* on II,IIx,IIcx,IIci,IIfx this is a bit
> +* for Rev ID. 0=II,IIx, 1=IIcx,IIci,IIfx
> +*/
> +#define VIA1A_vHeadSel  0x20   /* Head select for IWM.
> +* [CHRP] unused.
> +* [Macintosh Family] "Floppy disk
> +* state-control line SEL" on all but IIfx
> +*/
> +#define VIA1A_vOverlay  0x10   /* [Macintosh Family] On SE/30,II,IIx,IIcx
> +* this bit enables the "Overlay" address
> +* map in the address decoders as it is on
> +* reset for mapping the ROM over the reset
> +* vector. 1=use overlay map.
> +* On the IIci,IIfx it is another bit of the
> +* CPU ID: 0=normal IIci, 1=IIci with parity
> +* feature or IIfx.
> +* [CHRP] En WaitReqA: Lets the WaitReq_L
> +* signal from port A of the SCC appear
> +* on the PA7 input pin (CHRP). Output.
> +* [MkLinux] "Drive Select"
> +*  (with 0x20 being 'disk head select')
> +*/
> +#define VIA1A_vSync 0x08   /* [CHRP] Sync Modem: modem clock select:
> +* 1: select the external serial clock to
> +*drive the SCC's /RTxCA pin.
> +* 0: Select the 3.6864MHz clock to drive
> +*the SCC cell.
> +* [Macintosh Family] Correct on all but IIfx
> +*/
> +
> +/* Macintosh Fam

[Qemu-devel] [Bug 1364501] Re: Gdb hangs when trying to single-step after an invalid instruction

[Thomas Huth]

** Changed in: qemu
   Status: Expired => Triaged

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1364501

Title:
  Gdb hangs when trying to single-step after an invalid instruction

Status in QEMU:
  Triaged

Bug description:
  When using Gdb to remote-debug a program and manually setting its PC
  to point to an address containing an invalid instruction and then
  doing a single step, Qemu will never return control to the remote Gdb.

  For instance, let's say address 0x114 contains an invalid instruction.
  On the remote Gdb, we'd do:

  (gdb) set $pc = 0x114
  (gdb) stepi

  After doing that we won't get the (gdb) prompt unless we do a Ctrl-C.
  If we do so we'll be left at 0x114 instead of going towards the
  exception handler as we should. This happens with stepi, step and
  next. If instead of single-stepping we used continue, the program will
  proceed into the exception handler as it should.

  The reason this is happening is that when Qemu realizes it's about to
  translate an instruction it doesn't recognize it'll generate a call to
  helper_exception_with_syndrome(), which will register the exception
  and then call cpu_loop_exit(). At the same time, because we're doing a
  single-step, Qemu will also generate a call to
  helper_exception_internal() passing it an EXCP_DEBUG, which lets the
  system know it'll give control back to the remote debugger, and it
  also ends with a call to cpu_loop_exit(). However, because the
  syndrome exception calls cpu_loop_exit() first, the call to the
  internal exception won't be reached and Qemu will be stuck in a loop
  without returning control to the remote debugger.

  What makes this a bit tricky to fix is that we must call
  cpu_loop_exit() at the end of helper_exception_with_syndrome(),
  otherwise the target exception will go undetected and its handler
  won't be excecuted.

  Tested on latest head by emulating a Stellaris lm3s6965 board and
  running RTEMS 4.11:

  $ qemu-system-arm -nographic -s -S -M lm3s6965evb -kernel my_rtems_app

  Commit hash in qemu.git: 30eaca3acdf17d7bcbd1213eb149c02037edfb0b

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1364501/+subscriptions

Re: [Qemu-devel] [PATCH] file-posix: Use error API properly

[Markus Armbruster]

Fam Zheng  writes:

> Use error_report for situations that affect user operation (i.e.  we're
> actually returning error), and warn_report/warn_report_err when some
> less critical error happened but the user operation can still carry on.
>
> Suggested-by: Markus Armbruster 
> Signed-off-by: Fam Zheng 
> ---
>  block/file-posix.c | 20 +---
>  1 file changed, 9 insertions(+), 11 deletions(-)
>
> diff --git a/block/file-posix.c b/block/file-posix.c
> index 2da3a76355..2a46899313 100644
> --- a/block/file-posix.c
> +++ b/block/file-posix.c
> @@ -214,8 +214,7 @@ static int raw_normalize_devicepath(const char **filename)
>  fname = *filename;
>  dp = strrchr(fname, '/');
>  if (lstat(fname, &sb) < 0) {
> -fprintf(stderr, "%s: stat failed: %s\n",
> -fname, strerror(errno));
> +error_report("%s: stat failed: %s", fname, strerror(errno));
>  return -errno;
>  }

raw_normalize_devicepath() is called from functions taking an Error
** argument, like this:

ret = raw_normalize_devicepath(&filename);
if (ret != 0) {
error_setg_errno(errp, -ret, "Could not normalize device path");
goto fail;
}

If it fails, we get two error messages, first a specific one from
raw_normalize_devicepath(), then a generic one from whatever reports the
Error created by its caller.

The first message goes to stderr or the current HMP monitor.

The second could go to QMP instead, or be suppressed entirely.

You should convert raw_normalize_devicepath() to Error so you can create
just an Error.  This patch is an improvement even without that, of
course, and I'm therefore not withholding my r-by just for that.

Please also check the other functions that use error_report().

>  
> @@ -229,9 +228,8 @@ static int raw_normalize_devicepath(const char **filename)
>  snprintf(namebuf, PATH_MAX, "%.*s/r%s",
>  (int)(dp - fname), fname, dp + 1);
>  }
> -fprintf(stderr, "%s is a block device", fname);
>  *filename = namebuf;
> -fprintf(stderr, ", using %s\n", *filename);
> +warn_report("%s is a block device, using %s", fname, *filename);
>  
>  return 0;
>  }
> @@ -492,11 +490,11 @@ static int raw_open_common(BlockDriverState *bs, QDict 
> *options,
>  case ON_OFF_AUTO_ON:
>  s->use_lock = true;
>  if (!qemu_has_ofd_lock()) {
> -fprintf(stderr,
> +warn_report(
>  "File lock requested but OFD locking syscall is "
> -"unavailable, falling back to POSIX file locks.\n"
> +"unavailable, falling back to POSIX file locks. "
>  "Due to the implementation, locks can be lost "
> -"unexpectedly.\n");
> +"unexpectedly.");

warn_report()'s contract stipulates "The resulting message should be a
single phrase, with no newline or trailing punctuation."  The message
should be split into a warning that complies with the contract and
additional hints.  For an example see my "[PATCH v4 04/38] cpus hw
target: Use warn_report() & friends to report warnings".

>  }
>  break;
>  case ON_OFF_AUTO_OFF:
> @@ -805,7 +803,7 @@ static int raw_handle_perm_lock(BlockDriverState *bs,
>  /* Theoretically the above call only unlocks bytes and it cannot
>   * fail. Something weird happened, report it.
>   */
> -error_report_err(local_err);
> +warn_report_err(local_err);
>  }
>  break;
>  case RAW_PL_COMMIT:
> @@ -815,7 +813,7 @@ static int raw_handle_perm_lock(BlockDriverState *bs,
>  /* Theoretically the above call only unlocks bytes and it cannot
>   * fail. Something weird happened, report it.
>   */
> -error_report_err(local_err);
> +warn_report_err(local_err);
>  }
>  break;
>  }
> @@ -1775,7 +1773,7 @@ static int aio_worker(void *arg)
>  ret = handle_aiocb_truncate(aiocb);
>  break;
>  default:
> -fprintf(stderr, "invalid aio request (0x%x)\n", aiocb->aio_type);
> +error_report("invalid aio request (0x%x)", aiocb->aio_type);
>  ret = -EINVAL;
>  break;
>  }
> @@ -2263,7 +2261,7 @@ out_unlock:
>   * not mean the whole creation operation has failed.  So
>   * report it the user for their convenience, but do not report
>   * it to the caller. */
> -error_report_err(local_err);
> +warn_report_err(local_err);
>  }
>  
>  out_close:

Re: [Qemu-devel] [PATCH v1] arm: check bit index before usage

[P J P]

+-- On Tue, 23 Oct 2018, Philippe Mathieu-Daudé wrote --+
| > From: Prasad J Pandit 
| > 
| > Update v1: use ARRAY_SIZE macro
| >-> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg04826.html
| > 
| > -qemu_set_irq(s->handler[bit], (level >> bit) & 1);
| > +if (bit < ARRAY_SIZE(s->handler)) {
| > +qemu_set_irq(s->handler[bit], (level >> bit) & 1);
| 
|} else {
|   qemu_log_mask(LOG_GUEST_ERROR, ...
| 
| With that:
| Reviewed-by: Philippe Mathieu-Daudé 

Thank you Philippe and Li.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

[Qemu-devel] [Bug 1799200] Re: null pointer dereference in tcg_emit_op

[wwb1234]

Hi Emilio G. Cota (cota),
  thank you,
  after I free the "ptr",there is no crash occur :)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1799200

Title:
  null pointer dereference in tcg_emit_op

Status in QEMU:
  Invalid

Bug description:
  I am insert a custom  tcg helper function in i386_tr_insn_start for
  trace the instructions.

  most of time the qemu runed ok ,but when execute some special software
  will lead to crash.

  
  the below is the insert code:
  
===

   8514 static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
   8515 {
   8516 DisasContext *dc = container_of(dcbase, DisasContext, base);
   8517 TCGv_ptr ptr= tcg_const_ptr((void*)cpu); // inserted hepler code
   8518 gen_helper_mad_exec(ptr);// insert helper code
   8519 tcg_gen_insn_start(dc->base.pc_next, dc->cc_op);
   8520 }
  
==

  below is the callstack

  #0  0x5581df5e in tcg_emit_op (opc=opc@entry=INDEX_op_movi_i64) at 
/root/qemu/tcg/tcg.c:2205
  #1  0x55825911 in tcg_gen_op2 (opc=opc@entry=INDEX_op_movi_i64, 
a1=140734736923704, a2=a2@entry=792) at /root/qemu/tcg/tcg-op.c:53
  #2  0x5581d713 in tcg_const_i64 (opc=INDEX_op_movi_i64, a2=792, 
a1=0x7378) at /root/qemu/tcg/tcg-op.h:109
  #3  0x5581d713 in tcg_const_i64 (arg=792, ret=) at 
/root/qemu/tcg/tcg-op.h:579
  #4  0x5581d713 in tcg_const_i64 (val=val@entry=792) at 
/root/qemu/tcg/tcg.c:1314
  #5  0x5582732d in tcg_gen_addi_i64 (ret=0xd18, arg1=0x378, 
arg2=arg2@entry=792) at /root/qemu/tcg/tcg-op.c:1200
  #6  0x5590ffaf in gen_sse (b=792, a=, r=) at /root/qemu/tcg/tcg-op.h:1258
  #7  0x5590ffaf in gen_sse (env=env@entry=0x567424d0, 
s=s@entry=0x7fffea99a610, b=b@entry=366, pc_start=pc_start@entry=4513509698, 
rex_r=rex_r@entry=0) at /root/qemu/target/i386/translate.c:3150
  #8  0x55911d7f in disas_insn (s=s@entry=0x7fffea99a610, 
cpu=) at /root/qemu/target/i386/translate.c:8336
  #9  0x559207a0 in i386_tr_translate_insn (dcbase=0x7fffea99a610, 
cpu=) at /root/qemu/target/i386/translate.c:8543
  #10 0x55892649 in translator_loop (ops=0x5622dee0 , 
db=0x7fffea99a610, cpu=0x5673a220, tb=) at 
/root/qemu/accel/tcg/translator.c:110
  #11 0x559209ef in gen_intermediate_code 
(cpu=cpu@entry=0x5673a220, tb=tb@entry=0x7fff70682040 
) at /root/qemu/target/i386/translate.c:8605
  #12 0x55891437 in tb_gen_code (cpu=cpu@entry=0x5673a220, 
pc=pc@entry=4513506448, cs_base=cs_base@entry=0, flags=flags@entry=4244147, 
cflags=cflags@entry=0) at /root/qemu/accel/tcg/translate-all.c:1728
  #13 0x5588f97b in cpu_exec (cf_mask=0, tb_exit=0, last_tb=0x0, 
cpu=0x0) at /root/qemu/accel/tcg/cpu-exec.c:410
  #14 0x5588f97b in cpu_exec (cpu=cpu@entry=0x5673a220) at 
/root/qemu/accel/tcg/cpu-exec.c:734
  #15 0x5584b152 in tcg_cpu_exec (cpu=0x5673a220) at 
/root/qemu/cpus.c:1405
  #16 0x5584d1b8 in qemu_tcg_rr_cpu_thread_fn (arg=) at 
/root/qemu/cpus.c:1505
  #17 0x72585e25 in start_thread () at /lib64/libpthread.so.0
  #18 0x722afbad in clone () at /lib64/libc.so.6

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1799200/+subscriptions

[Qemu-devel] [Bug 1799200] Re: null pointer dereference in tcg_emit_op

[wwb1234]

Hi Emilio G. Cota (cota),
 for point 1, I don't know what you mean about leaking the ptr TCG temp
 for point 2. what I want to do is call callback function when execute  every 
guest instructions
 so I think it's not should inset code in .translate_insn. what do you think 
about it?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1799200

Title:
  null pointer dereference in tcg_emit_op

Status in QEMU:
  Invalid

Bug description:
  I am insert a custom  tcg helper function in i386_tr_insn_start for
  trace the instructions.

  most of time the qemu runed ok ,but when execute some special software
  will lead to crash.

  
  the below is the insert code:
  
===

   8514 static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
   8515 {
   8516 DisasContext *dc = container_of(dcbase, DisasContext, base);
   8517 TCGv_ptr ptr= tcg_const_ptr((void*)cpu); // inserted hepler code
   8518 gen_helper_mad_exec(ptr);// insert helper code
   8519 tcg_gen_insn_start(dc->base.pc_next, dc->cc_op);
   8520 }
  
==

  below is the callstack

  #0  0x5581df5e in tcg_emit_op (opc=opc@entry=INDEX_op_movi_i64) at 
/root/qemu/tcg/tcg.c:2205
  #1  0x55825911 in tcg_gen_op2 (opc=opc@entry=INDEX_op_movi_i64, 
a1=140734736923704, a2=a2@entry=792) at /root/qemu/tcg/tcg-op.c:53
  #2  0x5581d713 in tcg_const_i64 (opc=INDEX_op_movi_i64, a2=792, 
a1=0x7378) at /root/qemu/tcg/tcg-op.h:109
  #3  0x5581d713 in tcg_const_i64 (arg=792, ret=) at 
/root/qemu/tcg/tcg-op.h:579
  #4  0x5581d713 in tcg_const_i64 (val=val@entry=792) at 
/root/qemu/tcg/tcg.c:1314
  #5  0x5582732d in tcg_gen_addi_i64 (ret=0xd18, arg1=0x378, 
arg2=arg2@entry=792) at /root/qemu/tcg/tcg-op.c:1200
  #6  0x5590ffaf in gen_sse (b=792, a=, r=) at /root/qemu/tcg/tcg-op.h:1258
  #7  0x5590ffaf in gen_sse (env=env@entry=0x567424d0, 
s=s@entry=0x7fffea99a610, b=b@entry=366, pc_start=pc_start@entry=4513509698, 
rex_r=rex_r@entry=0) at /root/qemu/target/i386/translate.c:3150
  #8  0x55911d7f in disas_insn (s=s@entry=0x7fffea99a610, 
cpu=) at /root/qemu/target/i386/translate.c:8336
  #9  0x559207a0 in i386_tr_translate_insn (dcbase=0x7fffea99a610, 
cpu=) at /root/qemu/target/i386/translate.c:8543
  #10 0x55892649 in translator_loop (ops=0x5622dee0 , 
db=0x7fffea99a610, cpu=0x5673a220, tb=) at 
/root/qemu/accel/tcg/translator.c:110
  #11 0x559209ef in gen_intermediate_code 
(cpu=cpu@entry=0x5673a220, tb=tb@entry=0x7fff70682040 
) at /root/qemu/target/i386/translate.c:8605
  #12 0x55891437 in tb_gen_code (cpu=cpu@entry=0x5673a220, 
pc=pc@entry=4513506448, cs_base=cs_base@entry=0, flags=flags@entry=4244147, 
cflags=cflags@entry=0) at /root/qemu/accel/tcg/translate-all.c:1728
  #13 0x5588f97b in cpu_exec (cf_mask=0, tb_exit=0, last_tb=0x0, 
cpu=0x0) at /root/qemu/accel/tcg/cpu-exec.c:410
  #14 0x5588f97b in cpu_exec (cpu=cpu@entry=0x5673a220) at 
/root/qemu/accel/tcg/cpu-exec.c:734
  #15 0x5584b152 in tcg_cpu_exec (cpu=0x5673a220) at 
/root/qemu/cpus.c:1405
  #16 0x5584d1b8 in qemu_tcg_rr_cpu_thread_fn (arg=) at 
/root/qemu/cpus.c:1505
  #17 0x72585e25 in start_thread () at /lib64/libpthread.so.0
  #18 0x722afbad in clone () at /lib64/libc.so.6

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1799200/+subscriptions

[Qemu-devel] [PATCH] usb: ohci: make num_ports to an unsinged integer

[Li Qiang]

This can avoid setting OCHIState.num_ports to a negative num.

Signed-off-by: Li Qiang 
---
 hw/usb/hcd-ohci.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
index 66656a1..c34cf5b 100644
--- a/hw/usb/hcd-ohci.c
+++ b/hw/usb/hcd-ohci.c
@@ -57,7 +57,7 @@ typedef struct {
 qemu_irq irq;
 MemoryRegion mem;
 AddressSpace *as;
-int num_ports;
+uint32_t num_ports;
 const char *name;
 
 QEMUTimer *eof_timer;
@@ -1850,7 +1850,7 @@ static USBBusOps ohci_bus_ops = {
 };
 
 static void usb_ohci_init(OHCIState *ohci, DeviceState *dev,
-  int num_ports, dma_addr_t localmem_base,
+  uint32_t num_ports, dma_addr_t localmem_base,
   char *masterbus, uint32_t firstport,
   AddressSpace *as, Error **errp)
 {
@@ -1860,7 +1860,7 @@ static void usb_ohci_init(OHCIState *ohci, DeviceState 
*dev,
 ohci->as = as;
 
 if (num_ports > OHCI_MAX_PORTS) {
-error_setg(errp, "OHCI num-ports=%d is too big (limit is %d ports)",
+error_setg(errp, "OHCI num-ports=%u is too big (limit is %u ports)",
num_ports, OHCI_MAX_PORTS);
 return;
 }
-- 
1.8.3.1

Re: [Qemu-devel] [RFC v3 46/56] accel/tcg: convert to cpu_interrupt_request

[Richard Henderson]

On 10/23/18 12:50 AM, Emilio G. Cota wrote:
> On Sun, Oct 21, 2018 at 14:34:25 +0100, Richard Henderson wrote:
>> On 10/19/18 2:06 AM, Emilio G. Cota wrote:
>>> @@ -540,16 +540,16 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
>>>   */
>>>  atomic_mb_set(&cpu->icount_decr.u16.high, 0);
>>>  
>>> -if (unlikely(atomic_read(&cpu->interrupt_request))) {
>>> +if (unlikely(cpu_interrupt_request(cpu))) {
>>>  int interrupt_request;
>>>  qemu_mutex_lock_iothread();
>>> -interrupt_request = cpu->interrupt_request;
>>> +interrupt_request = cpu_interrupt_request(cpu);
>>>  if (unlikely(cpu->singlestep_enabled & SSTEP_NOIRQ)) {
>>>  /* Mask out external interrupts for this step. */
>>>  interrupt_request &= ~CPU_INTERRUPT_SSTEP_MASK;
>>>  }
>>>  if (interrupt_request & CPU_INTERRUPT_DEBUG) {
>>> -cpu->interrupt_request &= ~CPU_INTERRUPT_DEBUG;
>>> +cpu_reset_interrupt(cpu, CPU_INTERRUPT_DEBUG);
>>>  cpu->exception_index = EXCP_DEBUG;
>>>  qemu_mutex_unlock_iothread();
>>>  return true;
>>
>> Multiple calls.
> 
> I'd rather keep it as is.
> 
> The first read takes the lock, and that has to stay unless
> we want to use atomic_set on interrupt_request everywhere.

Why not?  That's even cheaper.

> Given that the CPU lock is uncontended (so it's cheap to
> acquire) ...

It still requires at minimum a "lock xchg" (or equivalent on non-x86), which
isn't free -- think 50-ish cycles minimum just for that one insn, plus call
overhead.


r~

[Qemu-devel] [Bug 1799200] Re: null pointer dereference in tcg_emit_op

[Emilio G. Cota]

1. You're leaking the "ptr" TCG temp. Fix it, and also test your code with the 
--enable-debug-tcg configure flag.
2. Don't insert your helper in .insn_start; you'll have better luck in 
.translate_insn.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1799200

Title:
  null pointer dereference in tcg_emit_op

Status in QEMU:
  Invalid

Bug description:
  I am insert a custom  tcg helper function in i386_tr_insn_start for
  trace the instructions.

  most of time the qemu runed ok ,but when execute some special software
  will lead to crash.

  
  the below is the insert code:
  
===

   8514 static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
   8515 {
   8516 DisasContext *dc = container_of(dcbase, DisasContext, base);
   8517 TCGv_ptr ptr= tcg_const_ptr((void*)cpu); // inserted hepler code
   8518 gen_helper_mad_exec(ptr);// insert helper code
   8519 tcg_gen_insn_start(dc->base.pc_next, dc->cc_op);
   8520 }
  
==

  below is the callstack

  #0  0x5581df5e in tcg_emit_op (opc=opc@entry=INDEX_op_movi_i64) at 
/root/qemu/tcg/tcg.c:2205
  #1  0x55825911 in tcg_gen_op2 (opc=opc@entry=INDEX_op_movi_i64, 
a1=140734736923704, a2=a2@entry=792) at /root/qemu/tcg/tcg-op.c:53
  #2  0x5581d713 in tcg_const_i64 (opc=INDEX_op_movi_i64, a2=792, 
a1=0x7378) at /root/qemu/tcg/tcg-op.h:109
  #3  0x5581d713 in tcg_const_i64 (arg=792, ret=) at 
/root/qemu/tcg/tcg-op.h:579
  #4  0x5581d713 in tcg_const_i64 (val=val@entry=792) at 
/root/qemu/tcg/tcg.c:1314
  #5  0x5582732d in tcg_gen_addi_i64 (ret=0xd18, arg1=0x378, 
arg2=arg2@entry=792) at /root/qemu/tcg/tcg-op.c:1200
  #6  0x5590ffaf in gen_sse (b=792, a=, r=) at /root/qemu/tcg/tcg-op.h:1258
  #7  0x5590ffaf in gen_sse (env=env@entry=0x567424d0, 
s=s@entry=0x7fffea99a610, b=b@entry=366, pc_start=pc_start@entry=4513509698, 
rex_r=rex_r@entry=0) at /root/qemu/target/i386/translate.c:3150
  #8  0x55911d7f in disas_insn (s=s@entry=0x7fffea99a610, 
cpu=) at /root/qemu/target/i386/translate.c:8336
  #9  0x559207a0 in i386_tr_translate_insn (dcbase=0x7fffea99a610, 
cpu=) at /root/qemu/target/i386/translate.c:8543
  #10 0x55892649 in translator_loop (ops=0x5622dee0 , 
db=0x7fffea99a610, cpu=0x5673a220, tb=) at 
/root/qemu/accel/tcg/translator.c:110
  #11 0x559209ef in gen_intermediate_code 
(cpu=cpu@entry=0x5673a220, tb=tb@entry=0x7fff70682040 
) at /root/qemu/target/i386/translate.c:8605
  #12 0x55891437 in tb_gen_code (cpu=cpu@entry=0x5673a220, 
pc=pc@entry=4513506448, cs_base=cs_base@entry=0, flags=flags@entry=4244147, 
cflags=cflags@entry=0) at /root/qemu/accel/tcg/translate-all.c:1728
  #13 0x5588f97b in cpu_exec (cf_mask=0, tb_exit=0, last_tb=0x0, 
cpu=0x0) at /root/qemu/accel/tcg/cpu-exec.c:410
  #14 0x5588f97b in cpu_exec (cpu=cpu@entry=0x5673a220) at 
/root/qemu/accel/tcg/cpu-exec.c:734
  #15 0x5584b152 in tcg_cpu_exec (cpu=0x5673a220) at 
/root/qemu/cpus.c:1405
  #16 0x5584d1b8 in qemu_tcg_rr_cpu_thread_fn (arg=) at 
/root/qemu/cpus.c:1505
  #17 0x72585e25 in start_thread () at /lib64/libpthread.so.0
  #18 0x722afbad in clone () at /lib64/libc.so.6

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1799200/+subscriptions

Re: [Qemu-devel] [PATCH v7 2/3] Acceptance tests: add make rule for running them

[Philippe Mathieu-Daudé]

On 18/10/18 17:31, Cleber Rosa wrote:

The acceptance (aka functional, aka Avocado-based) tests are
Python files located in "tests/acceptance" that need to be run
with the Avocado libs and test runner.

Let's provide a convenient way for QEMU developers to run them,
by making use of the tests-venv with the required setup.

Also, while the Avocado test runner will take care of creating a
location to save test results to, it was understood that it's better
if the results are kept within the build tree.

Signed-off-by: Cleber Rosa 
Acked-by: Stefan Hajnoczi 
Acked-by: Wainer dos Santos Moschetta 
Reviewed-by: Caio Carrara 


Reviewed-by: Philippe Mathieu-Daudé 


---
  docs/devel/testing.rst | 43 +-
  tests/Makefile.include | 21 +++--
  tests/requirements.txt |  1 +
  3 files changed, 58 insertions(+), 7 deletions(-)

diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst
index fcfad87614..da20be4d27 100644
--- a/docs/devel/testing.rst
+++ b/docs/devel/testing.rst
@@ -543,10 +543,39 @@ Tests based on ``avocado_qemu.Test`` can easily:
 - 
http://avocado-framework.readthedocs.io/en/latest/api/test/avocado.html#avocado.Test
 - 
http://avocado-framework.readthedocs.io/en/latest/api/utils/avocado.utils.html
  
-Installation

-
+Running tests
+-
  
-To install Avocado and its dependencies, run:

+You can run the acceptance tests simply by executing:
+
+.. code::
+
+  make check-acceptance
+
+This involves the automatic creation of Python virtual environment
+within the build tree (at ``tests/venv``) which will have all the
+right dependencies, and will save tests results also within the
+build tree (at ``tests/results``).
+
+Note: the build environment must be using a Python 3 stack, and have
+the ``venv`` and ``pip`` packages installed.  If necessary, make sure
+``configure`` is called with ``--python=`` and that those modules are
+available.  On Debian and Ubuntu based systems, depending on the
+specific version, they may be on packages named ``python3-venv`` and
+``python3-pip``.
+
+The scripts installed inside the virtual environment may be used
+without an "activation".  For instance, the Avocado test runner
+may be invoked by running:
+
+ .. code::
+
+  tests/venv/bin/avocado run $OPTION1 $OPTION2 tests/acceptance/
+
+Manual Installation
+---
+
+To manually install Avocado and its dependencies, run:
  
  .. code::
  
@@ -687,11 +716,15 @@ The exact QEMU binary to be used on QEMUMachine.

  Uninstalling Avocado
  
  
-If you've followed the installation instructions above, you can easily

-uninstall Avocado.  Start by listing the packages you have installed::
+If you've followed the manual installation instructions above, you can
+easily uninstall Avocado.  Start by listing the packages you have
+installed::
  
pip list --user
  
  And remove any package you want with::
  
pip uninstall 

+
+If you've used ``make check-acceptance``, the Python virtual environment where
+Avocado is installed will be cleaned up as part of ``make check-clean``.
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 004a86f274..3e4dac2817 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -11,6 +11,7 @@ check-help:
@echo " $(MAKE) check-qapi-schemaRun QAPI schema tests"
@echo " $(MAKE) check-block  Run block tests"
@echo " $(MAKE) check-tcgRun TCG tests"
+   @echo " $(MAKE) check-acceptance Run all acceptance (functional) 
tests"
@echo " $(MAKE) check-report.htmlGenerates an HTML test report"
@echo " $(MAKE) check-venv   Creates a Python venv for tests"
@echo " $(MAKE) check-clean  Clean the tests"
@@ -902,10 +903,15 @@ check-decodetree:
  
  # Python venv for running tests
  
-.PHONY: check-venv

+.PHONY: check-venv check-acceptance
  
  TESTS_VENV_DIR=$(BUILD_DIR)/tests/venv

  TESTS_VENV_REQ=$(SRC_PATH)/tests/requirements.txt
+TESTS_RESULTS_DIR=$(BUILD_DIR)/tests/results
+# Controls the output generated by Avocado when running tests.
+# Any number of command separated loggers are accepted.  For more
+# information please refer to "avocado --help".
+AVOCADO_SHOW=none
  
  $(shell $(PYTHON) -c 'import sys; assert sys.version_info >= (3,0)' >/dev/null 2>&1)

  ifeq ($(.SHELLSTATUS),0)
@@ -922,8 +928,19 @@ $(TESTS_VENV_DIR):
$(error "venv directory for tests requires Python 3")
  endif
  
+$(TESTS_RESULTS_DIR):

+   $(call quiet-command, mkdir -p $@, \
+MKDIR, $@)
+
  check-venv: $(TESTS_VENV_DIR)
  
+check-acceptance: check-venv $(TESTS_RESULTS_DIR)

+   $(call quiet-command, \
+$(TESTS_VENV_DIR)/bin/python -m avocado \
+--show=$(AVOCADO_SHOW) run --job-results-dir=$(TESTS_RESULTS_DIR) \
+--failfast=on $(SRC_PATH)/tests/acceptance, \
+"AVOCADO", "tests/acceptance")
+
  # Consolidated targets
 

Re: [Qemu-devel] [PATCH v4 10/11] dp8393x: manage big endian bus

[Philippe Mathieu-Daudé]

On Thu, Oct 18, 2018 at 8:43 PM Mark Cave-Ayland
 wrote:
>
> From: Laurent Vivier 
>
> This is needed by Quadra 800, this card can run on little-endian
> or big-endian bus.
>
> Signed-off-by: Laurent Vivier 
> Tested-by: Hervé Poussineau 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  hw/net/dp8393x.c | 88 
> 
>  1 file changed, 57 insertions(+), 31 deletions(-)
>
> diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
> index b53fcaa8bc..1cf348aea1 100644
> --- a/hw/net/dp8393x.c
> +++ b/hw/net/dp8393x.c
> @@ -150,6 +150,7 @@ typedef struct dp8393xState {
>
>  /* Hardware */
>  uint8_t it_shift;
> +bool big_endian;
>  qemu_irq irq;
>  #ifdef DEBUG_SONIC
>  int irq_level;
> @@ -220,6 +221,29 @@ static uint32_t dp8393x_wt(dp8393xState *s)
>  return s->regs[SONIC_WT1] << 16 | s->regs[SONIC_WT0];
>  }
>
> +static uint16_t dp8393x_get(dp8393xState *s, int width, uint16_t *base,
> +int offset)
> +{
> +uint16_t val;
> +
> +if (s->big_endian) {
> +val = be16_to_cpu(base[offset * width + width - 1]);
> +} else {
> +val = le16_to_cpu(base[offset * width]);
> +}
> +return val;
> +}
> +
> +static void dp8393x_put(dp8393xState *s, int width, uint16_t *base, int 
> offset,
> +uint16_t val)
> +{
> +if (s->big_endian) {
> +base[offset * width + width - 1] = cpu_to_be16(val);
> +} else {
> +base[offset * width] = cpu_to_le16(val);
> +}
> +}
> +
>  static void dp8393x_update_irq(dp8393xState *s)
>  {
>  int level = (s->regs[SONIC_IMR] & s->regs[SONIC_ISR]) ? 1 : 0;
> @@ -251,12 +275,12 @@ static void dp8393x_do_load_cam(dp8393xState *s)
>  /* Fill current entry */
>  address_space_rw(&s->as, dp8393x_cdp(s),
>  MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
> -s->cam[index][0] = data[1 * width] & 0xff;
> -s->cam[index][1] = data[1 * width] >> 8;
> -s->cam[index][2] = data[2 * width] & 0xff;
> -s->cam[index][3] = data[2 * width] >> 8;
> -s->cam[index][4] = data[3 * width] & 0xff;
> -s->cam[index][5] = data[3 * width] >> 8;
> +s->cam[index][0] = dp8393x_get(s, width, data, 1) & 0xff;
> +s->cam[index][1] = dp8393x_get(s, width, data, 1) >> 8;
> +s->cam[index][2] = dp8393x_get(s, width, data, 2) & 0xff;
> +s->cam[index][3] = dp8393x_get(s, width, data, 2) >> 8;
> +s->cam[index][4] = dp8393x_get(s, width, data, 3) & 0xff;
> +s->cam[index][5] = dp8393x_get(s, width, data, 3) >> 8;
>  DPRINTF("load cam[%d] with %02x%02x%02x%02x%02x%02x\n", index,
>  s->cam[index][0], s->cam[index][1], s->cam[index][2],
>  s->cam[index][3], s->cam[index][4], s->cam[index][5]);
> @@ -269,7 +293,7 @@ static void dp8393x_do_load_cam(dp8393xState *s)
>  /* Read CAM enable */
>  address_space_rw(&s->as, dp8393x_cdp(s),
>  MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
> -s->regs[SONIC_CE] = data[0 * width];
> +s->regs[SONIC_CE] = dp8393x_get(s, width, data, 0);
>  DPRINTF("load cam done. cam enable mask 0x%04x\n", s->regs[SONIC_CE]);
>
>  /* Done */
> @@ -290,10 +314,10 @@ static void dp8393x_do_read_rra(dp8393xState *s)
>  MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
>
>  /* Update SONIC registers */
> -s->regs[SONIC_CRBA0] = data[0 * width];
> -s->regs[SONIC_CRBA1] = data[1 * width];
> -s->regs[SONIC_RBWC0] = data[2 * width];
> -s->regs[SONIC_RBWC1] = data[3 * width];
> +s->regs[SONIC_CRBA0] = dp8393x_get(s, width, data, 0);
> +s->regs[SONIC_CRBA1] = dp8393x_get(s, width, data, 1);
> +s->regs[SONIC_RBWC0] = dp8393x_get(s, width, data, 2);
> +s->regs[SONIC_RBWC1] = dp8393x_get(s, width, data, 3);
>  DPRINTF("CRBA0/1: 0x%04x/0x%04x, RBWC0/1: 0x%04x/0x%04x\n",
>  s->regs[SONIC_CRBA0], s->regs[SONIC_CRBA1],
>  s->regs[SONIC_RBWC0], s->regs[SONIC_RBWC1]);
> @@ -408,12 +432,12 @@ static void dp8393x_do_transmit_packets(dp8393xState *s)
>  tx_len = 0;
>
>  /* Update registers */
> -s->regs[SONIC_TCR] = data[0 * width] & 0xf000;
> -s->regs[SONIC_TPS] = data[1 * width];
> -s->regs[SONIC_TFC] = data[2 * width];
> -s->regs[SONIC_TSA0] = data[3 * width];
> -s->regs[SONIC_TSA1] = data[4 * width];
> -s->regs[SONIC_TFS] = data[5 * width];
> +s->regs[SONIC_TCR] = dp8393x_get(s, width, data, 0) & 0xf000;
> +s->regs[SONIC_TPS] = dp8393x_get(s, width, data, 1);
> +s->regs[SONIC_TFC] = dp8393x_get(s, width, data, 2);
> +s->regs[SONIC_TSA0] = dp8393x_get(s, width, data, 3);
> +s->regs[SONIC_TSA1] = dp8393x_get(s, width, data, 4);
> +s->regs[SONIC_TFS] = dp8393x_get(s, width, data, 5);
>
>  /* Handle programmable interrupt */
>  if (s->regs[SONIC_TCR] & SONIC_TCR_PINT) {
> @@ -439,9 +463,9 @@ s

Re: [Qemu-devel] [PATCH v6 09/11] authz: add QAuthZListFile object type for a file access control list

[Philippe Mathieu-Daudé]

On 19/10/18 15:38, Daniel P. Berrangé wrote:

Add a QAuthZListFile object type that implements the QAuthZ interface. This
built-in implementation is a proxy around the QAtuhZList object type,
initializing it from an external file, and optionally, automatically
reloading it whenever it changes.

To create an instance of this object via the QMP monitor, the syntax
used would be:

   {
 "execute": "object-add",
 "arguments": {
   "qom-type": "authz-list-file",
   "id": "authz0",
   "parameters": {
 "filename": "/etc/qemu/vnc.acl",
"refresh": "yes"
   }
 }
   }

If "refresh" is "yes", inotify is used to monitor the file,
automatically reloading changes. If an error occurs during reloading,
all authorizations will fail until the file is next successfully
loaded.

The /etc/qemu/vnc.acl file would contain a JSON representation of a
QAuthZList object

 {
   "rules": [
  { "match": "fred", "policy": "allow", "format": "exact" },
  { "match": "bob", "policy": "allow", "format": "exact" },
  { "match": "danb", "policy": "deny", "format": "glob" },
  { "match": "dan*", "policy": "allow", "format": "exact" },
   ],
   "policy": "deny"
 }

This sets up an authorization rule that allows 'fred', 'bob' and anyone
whose name starts with 'dan', except for 'danb'. Everyone unmatched is
denied.

The object can be loaded on the comand line using

-object authz-list-file,id=authz0,filename=/etc/qemu/vnc.acl,refresh=yes

Signed-off-by: Daniel P. Berrangé 
---
  include/authz/listfile.h | 110 +++
  authz/listfile.c | 286 +++
  authz/Makefile.objs  |   1 +
  authz/trace-events   |   4 +
  qemu-options.hx  |  46 +++
  5 files changed, 447 insertions(+)
  create mode 100644 include/authz/listfile.h
  create mode 100644 authz/listfile.c

diff --git a/include/authz/listfile.h b/include/authz/listfile.h
new file mode 100644
index 00..244aadc064
--- /dev/null
+++ b/include/authz/listfile.h
@@ -0,0 +1,110 @@
+/*
+ * QEMU list file authorization driver
+ *
+ * Copyright (c) 2018 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#ifndef QAUTHZ_LIST_FILE_H__
+#define QAUTHZ_LIST_FILE_H__
+
+#include "authz/list.h"
+#include "qapi/qapi-types-authz.h"
+#include "qemu/filemonitor.h"
+
+#define TYPE_QAUTHZ_LIST_FILE "authz-list-file"
+
+#define QAUTHZ_LIST_FILE_CLASS(klass)\
+OBJECT_CLASS_CHECK(QAuthZListFileClass, (klass),\
+   TYPE_QAUTHZ_LIST_FILE)
+#define QAUTHZ_LIST_FILE_GET_CLASS(obj)  \
+OBJECT_GET_CLASS(QAuthZListFileClass, (obj),\
+  TYPE_QAUTHZ_LIST_FILE)
+#define QAUTHZ_LIST_FILE(obj) \
+INTERFACE_CHECK(QAuthZListFile, (obj),  \
+TYPE_QAUTHZ_LIST_FILE)
+
+typedef struct QAuthZListFile QAuthZListFile;
+typedef struct QAuthZListFileClass QAuthZListFileClass;
+
+
+/**
+ * QAuthZListFile:
+ *
+ * This authorization driver provides a file mechanism
+ * for granting access by matching user names against a
+ * file of globs. Each match rule has an associated policy
+ * and a catch all policy applies if no rule matches
+ *
+ * To create an instance of this class via QMP:
+ *
+ *  {
+ *"execute": "object-add",
+ *"arguments": {
+ *  "qom-type": "authz-list-file",
+ *  "id": "authz0",
+ *  "parameters": {
+ *"filename": "/etc/qemu/myvm-vnc.acl",
+ *"refresh": "yes"
+ *  }
+ *}
+ *  }
+ *
+ * If 'refresh' is 'yes', inotify is used to monitor for changes
+ * to the file and auto-reload the rules.
+ *
+ * The myvm-vnc.acl file should contain the parameters for
+ * the QAuthZList object in JSON format:
+ *
+ *  {
+ *"rules": [
+ *   { "match": "fred", "policy": "allow", "format": "exact" },
+ *   { "match": "bob", "policy": "allow", "format": "exact" },
+ *   { "match": "danb", "policy": "deny", "format": "exact" },
+ *   { "match": "dan*", "policy": "allow", "format": "glob" }
+ *],
+ *"policy": "deny"
+ *  }
+ *
+ * The object can be created on the command line using
+ *
+ *   -object authz-list-file,id=authz0,\
+ *   filename=/etc/qemu

Re: [Qemu-devel] [RFC v3 46/56] accel/tcg: convert to cpu_interrupt_request

[Emilio G. Cota]

On Sun, Oct 21, 2018 at 14:34:25 +0100, Richard Henderson wrote:
> On 10/19/18 2:06 AM, Emilio G. Cota wrote:
> > @@ -540,16 +540,16 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
> >   */
> >  atomic_mb_set(&cpu->icount_decr.u16.high, 0);
> >  
> > -if (unlikely(atomic_read(&cpu->interrupt_request))) {
> > +if (unlikely(cpu_interrupt_request(cpu))) {
> >  int interrupt_request;
> >  qemu_mutex_lock_iothread();
> > -interrupt_request = cpu->interrupt_request;
> > +interrupt_request = cpu_interrupt_request(cpu);
> >  if (unlikely(cpu->singlestep_enabled & SSTEP_NOIRQ)) {
> >  /* Mask out external interrupts for this step. */
> >  interrupt_request &= ~CPU_INTERRUPT_SSTEP_MASK;
> >  }
> >  if (interrupt_request & CPU_INTERRUPT_DEBUG) {
> > -cpu->interrupt_request &= ~CPU_INTERRUPT_DEBUG;
> > +cpu_reset_interrupt(cpu, CPU_INTERRUPT_DEBUG);
> >  cpu->exception_index = EXCP_DEBUG;
> >  qemu_mutex_unlock_iothread();
> >  return true;
> 
> Multiple calls.

I'd rather keep it as is.

The first read takes the lock, and that has to stay unless
we want to use atomic_set on interrupt_request everywhere.

The second read happens after the BQL has been acquired;
note that to avoid deadlock we never acquire the BQL after
a CPU lock; the second (locked) read thus has to stay.

Subsequent accesses are all via cpu_reset_interrupt.
If we wanted to avoid reacquiring the lock, we'd have
to explicitly acquire the lock before the 2nd read,
and add unlocks everywhere (like the many qemu_mutex_unlock_iothread
calls), which would be ugly. But we'd also have to be careful
not to longjmp with the CPU mutex held, so we'd have to
unlock/lock around cc->cpu_exec_interrupt.

Given that the CPU lock is uncontended (so it's cheap to
acquire) and that the cases where we call cpu_reset_interrupt
are not that frequent (CPU_INTERRUPT_{DEBUG,HALT,EXITTB}),
I'd rather just keep the patch as is.

Thanks,

Emilio

Re: [Qemu-devel] [PATCH v6 07/11] authz: add QAuthZSimple object type for easy whitelist auth checks

[Philippe Mathieu-Daudé]

On 19/10/18 15:38, Daniel P. Berrangé wrote:

In many cases a single VM will just need to whilelist a single identity
as the allowed user of network services. This is especially the case for
TLS live migration (optionally with NBD storage) where we just need to
whitelist the x509 certificate distinguished name of the source QEMU
host.

Via QMP this can be configured with:

   {
 "execute": "object-add",
 "arguments": {
   "qom-type": "authz-simple",
   "id": "authz0",
   "parameters": {
 "identity": "fred"
   }
 }
   }

Or via the command line

   -object authz-simple,id=authz0,identity=fred

Signed-off-by: Daniel P. Berrange 


Reviewed-by: Philippe Mathieu-Daudé 


---
  include/authz/simple.h |  84 ++
  authz/simple.c | 115 +
  authz/Makefile.objs|   1 +
  authz/trace-events |   3 ++
  qemu-options.hx|  24 +
  5 files changed, 227 insertions(+)
  create mode 100644 include/authz/simple.h
  create mode 100644 authz/simple.c

diff --git a/include/authz/simple.h b/include/authz/simple.h
new file mode 100644
index 00..4686e7676d
--- /dev/null
+++ b/include/authz/simple.h
@@ -0,0 +1,84 @@
+/*
+ * QEMU simple authorization driver
+ *
+ * Copyright (c) 2018 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#ifndef QAUTHZ_SIMPLE_H__
+#define QAUTHZ_SIMPLE_H__
+
+#include "authz/base.h"
+
+#define TYPE_QAUTHZ_SIMPLE "authz-simple"
+
+#define QAUTHZ_SIMPLE_CLASS(klass)\
+OBJECT_CLASS_CHECK(QAuthZSimpleClass, (klass),\
+   TYPE_QAUTHZ_SIMPLE)
+#define QAUTHZ_SIMPLE_GET_CLASS(obj)  \
+OBJECT_GET_CLASS(QAuthZSimpleClass, (obj),\
+  TYPE_QAUTHZ_SIMPLE)
+#define QAUTHZ_SIMPLE(obj) \
+INTERFACE_CHECK(QAuthZSimple, (obj),  \
+TYPE_QAUTHZ_SIMPLE)
+
+typedef struct QAuthZSimple QAuthZSimple;
+typedef struct QAuthZSimpleClass QAuthZSimpleClass;
+
+
+/**
+ * QAuthZSimple:
+ *
+ * This authorization driver provides a simple mechanism
+ * for granting access based on an exact matched username.
+ *
+ * To create an instance of this class via QMP:
+ *
+ *  {
+ *"execute": "object-add",
+ *"arguments": {
+ *  "qom-type": "authz-simple",
+ *  "id": "authz0",
+ *  "parameters": {
+ *"identity": "fred"
+ *  }
+ *}
+ *  }
+ *
+ * Or via the command line
+ *
+ *   -object authz-simple,id=authz0,identity=fred
+ *
+ */
+struct QAuthZSimple {
+QAuthZ parent_obj;
+
+char *identity;
+};
+
+
+struct QAuthZSimpleClass {
+QAuthZClass parent_class;
+};
+
+
+QAuthZSimple *qauthz_simple_new(const char *id,
+const char *identity,
+Error **errp);
+
+
+#endif /* QAUTHZ_SIMPLE_H__ */
+
diff --git a/authz/simple.c b/authz/simple.c
new file mode 100644
index 00..8ab718803e
--- /dev/null
+++ b/authz/simple.c
@@ -0,0 +1,115 @@
+/*
+ * QEMU simple authorization driver
+ *
+ * Copyright (c) 2018 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "authz/simple.h"
+#include "authz/trace.h"
+#include "qom/object_interfaces.h"
+
+static bool qauthz_simple_is_allowed(QAuthZ *authz,
+ const char *identity,
+ Error **errp)
+{
+QAuthZSimple *sauthz = QAUTHZ_SIMPLE(authz);
+
+trace_qauthz_simple_is_allowed(authz, sauthz->identity, identity);
+return g_str_equal(identity, sauthz->identity);
+}
+
+static void
+qauthz_simple_prop_set_identity(Object *obj,
+   

Re: [Qemu-devel] [PATCH] vhost-scsi: prevent using uninitialized vqs

[Philippe Mathieu-Daudé]

On 22/10/18 4:17, yuchenlin via Qemu-devel wrote:

Ping?

On 2018-10-12 17:07, yuchen...@synology.com wrote:

From: yuchenlin 

There are 3 virtqueues (ctrl, event and cmd) for virtio scsi device,
but seabios will only set the physical address for the 3rd one (cmd).
Then in vhost_virtqueue_start(), virtio_queue_get_desc_addr()
will be 0 for ctrl and event vq.

In this case, ctrl and event vq are not initialized.
vhost_verify_ring_mappings may use uninitialized vhost_virtqueue
such that vhost_verify_ring_part_mapping returns ENOMEM.

When encountered this problem, we got the following logs:

    qemu-system-x86_64: Unable to map available ring for ring 0
    qemu-system-x86_64: Verify ring failure on region 0

Signed-off-by: Forrest Liu 
Signed-off-by: yuchenlin 


Reviewed-by: Philippe Mathieu-Daudé 


---
 hw/scsi/vhost-scsi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
index becf550085..7f21b4f9d6 100644
--- a/hw/scsi/vhost-scsi.c
+++ b/hw/scsi/vhost-scsi.c
@@ -183,7 +183,7 @@ static void vhost_scsi_realize(DeviceState *dev,
Error **errp)
 }

 vsc->dev.nvqs = VHOST_SCSI_VQ_NUM_FIXED + vs->conf.num_queues;
-    vsc->dev.vqs = g_new(struct vhost_virtqueue, vsc->dev.nvqs);
+    vsc->dev.vqs = g_new0(struct vhost_virtqueue, vsc->dev.nvqs);
 vsc->dev.vq_index = 0;
 vsc->dev.backend_features = 0;

Re: [Qemu-devel] [RFC v3 37/56] mips: convert to cpu_interrupt_request

[Emilio G. Cota]

On Sun, Oct 21, 2018 at 14:30:20 +0100, Richard Henderson wrote:
> On 10/19/18 2:06 AM, Emilio G. Cota wrote:
> > @@ -60,7 +60,7 @@ static bool mips_cpu_has_work(CPUState *cs)
> >  /* Prior to MIPS Release 6 it is implementation dependent if 
> > non-enabled
> > interrupts wake-up the CPU, however most of the implementations only
> > check for interrupts that can be taken. */
> > -if ((cs->interrupt_request & CPU_INTERRUPT_HARD) &&
> > +if ((cpu_interrupt_request(cs) & CPU_INTERRUPT_HARD) &&
> >  cpu_mips_hw_interrupts_pending(env)) {
> >  if (cpu_mips_hw_interrupts_enabled(env) ||
> >  (env->insn_flags & ISA_MIPS32R6)) {
> > @@ -72,7 +72,7 @@ static bool mips_cpu_has_work(CPUState *cs)
> >  if (env->CP0_Config3 & (1 << CP0C3_MT)) {
> >  /* The QEMU model will issue an _WAKE request whenever the CPUs
> > should be woken up.  */
> > -if (cs->interrupt_request & CPU_INTERRUPT_WAKE) {
> > +if (cpu_interrupt_request(cs) & CPU_INTERRUPT_WAKE) {
> >  has_work = true;
> >  }
> >  
> > @@ -82,7 +82,7 @@ static bool mips_cpu_has_work(CPUState *cs)
> >  }
> >  /* MIPS Release 6 has the ability to halt the CPU.  */
> >  if (env->CP0_Config5 & (1 << CP0C5_VP)) {
> > -if (cs->interrupt_request & CPU_INTERRUPT_WAKE) {
> > +if (cpu_interrupt_request(cs) & CPU_INTERRUPT_WAKE) {
> >  has_work = true;
> >  }
> >  if (!mips_vp_active(env)) {
> 
> Multiple calls.

Fixed, even though cpu_has_work ends up being called with
the lock held later in the series.

Thanks,

E.

Re: [Qemu-devel] [PATCH 0/2] target/mips: Two corrections

[Philippe Mathieu-Daudé]

On Mon, Oct 22, 2018 at 1:59 PM Aleksandar Markovic
 wrote:
>
> From: Aleksandar Markovic 
>
> This small series adds two corrections for issues reported recently.
>
> Aleksandar Markovic (2):
>   target/mips: Fix the title of translate.c
>   target/mips: Fix decoding of ALIGN and DALIGN instructions

Reviewed-by: Philippe Mathieu-Daudé 

Re: [Qemu-devel] [PATCH v8 00/38] target/mips: Limited support for the R5900

[Philippe Mathieu-Daudé]

On Mon, Oct 22, 2018 at 3:34 PM Aleksandar Markovic
 wrote:
> > From: Fredrik Noring 
> > Subject: [PATCH v8 00/38] target/mips: Limited support for the R5900
> >
> I experienced some build errors (see the end of this mail), so I had to 
> exclude some patches, but all others are fine, and had my "Reviewed-by". 32 
> patches will be included in the next MIPS queue.

Thank you a lot Aleksandar for taking this series!
I appreciate a lot, being backed by a company, you also care about
hobbyist contributions.
This is not always an easy task for maintainers, and from the hobbyist
point of view, this means a lot to me.
Regards,
Phil.

Re: [Qemu-devel] [PATCH v4 2/3] audio: use object link instead of qdev property to pass wm8750 reference

[Philippe Mathieu-Daudé]

On 22/10/18 9:40, Mao Zhongyi wrote:

According to qdev-properties.h, properties of pointer type should
be avoided, it seems a link type property is a good substitution.

Cc: Jan Kiszka 
Cc: Peter Maydell 
Cc: Gerd Hoffmann 

Signed-off-by: Mao Zhongyi 


Reviewed-by: Philippe Mathieu-Daudé 


---
  hw/arm/musicpal.c  |  3 ++-
  hw/audio/marvell_88w8618.c | 13 ++---
  2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
index 3dafb41b0b..ac266f9253 100644
--- a/hw/arm/musicpal.c
+++ b/hw/arm/musicpal.c
@@ -1695,7 +1695,8 @@ static void musicpal_init(MachineState *machine)
  wm8750_dev = i2c_create_slave(i2c, TYPE_WM8750, MP_WM_ADDR);
  dev = qdev_create(NULL, "mv88w8618_audio");
  s = SYS_BUS_DEVICE(dev);
-qdev_prop_set_ptr(dev, TYPE_WM8750, wm8750_dev);
+object_property_set_link(OBJECT(dev), OBJECT(wm8750_dev),
+ TYPE_WM8750, NULL);
  qdev_init_nofail(dev);
  sysbus_mmio_map(s, 0, MP_AUDIO_BASE);
  sysbus_connect_irq(s, 0, pic[MP_AUDIO_IRQ]);
diff --git a/hw/audio/marvell_88w8618.c b/hw/audio/marvell_88w8618.c
index cf6ce6979b..1c7080e844 100644
--- a/hw/audio/marvell_88w8618.c
+++ b/hw/audio/marvell_88w8618.c
@@ -15,6 +15,7 @@
  #include "hw/i2c/i2c.h"
  #include "hw/audio/wm8750.h"
  #include "audio/audio.h"
+#include "qapi/error.h"
  
  #define MP_AUDIO_SIZE   0x1000
  
@@ -252,6 +253,11 @@ static void mv88w8618_audio_init(Object *obj)

  memory_region_init_io(&s->iomem, obj, &mv88w8618_audio_ops, s,
"audio", MP_AUDIO_SIZE);
  sysbus_init_mmio(dev, &s->iomem);
+
+object_property_add_link(OBJECT(dev), "wm8750", TYPE_WM8750,
+ (Object **) &s->wm,
+ qdev_prop_allow_set_link_before_realize,
+ 0, &error_abort);
  }
  
  static void mv88w8618_audio_realize(DeviceState *dev, Error **errp)

@@ -279,11 +285,6 @@ static const VMStateDescription mv88w8618_audio_vmsd = {
  }
  };
  
-static Property mv88w8618_audio_properties[] = {

-DEFINE_PROP_PTR(TYPE_WM8750, mv88w8618_audio_state, wm),
-{/* end of list */},
-};
-
  static void mv88w8618_audio_class_init(ObjectClass *klass, void *data)
  {
  DeviceClass *dc = DEVICE_CLASS(klass);
@@ -291,8 +292,6 @@ static void mv88w8618_audio_class_init(ObjectClass *klass, 
void *data)
  dc->realize = mv88w8618_audio_realize;
  dc->reset = mv88w8618_audio_reset;
  dc->vmsd = &mv88w8618_audio_vmsd;
-dc->props = mv88w8618_audio_properties;
-/* Reason: pointer property "wm8750" */
  dc->user_creatable = false;
  }
  

Re: [Qemu-devel] [PATCH] vga_int: remove unused function protype

[Philippe Mathieu-Daudé]

On 22/10/18 10:00, yuchenlin--- via Qemu-devel wrote:

From: yuchenlin 

Signed-off-by: yuchenlin 


Reviewed-by: Philippe Mathieu-Daudé 


---
  hw/display/vga_int.h | 1 -
  1 file changed, 1 deletion(-)

diff --git a/hw/display/vga_int.h b/hw/display/vga_int.h
index 6e4fa48a79..55c418eab5 100644
--- a/hw/display/vga_int.h
+++ b/hw/display/vga_int.h
@@ -166,7 +166,6 @@ MemoryRegion *vga_init_io(VGACommonState *s, Object *obj,
const MemoryRegionPortio **vbe_ports);
  void vga_common_reset(VGACommonState *s);
  
-void vga_sync_dirty_bitmap(VGACommonState *s);

  void vga_dirty_log_start(VGACommonState *s);
  void vga_dirty_log_stop(VGACommonState *s);
  

Re: [Qemu-devel] [RFC v3 25/56] exec: use cpu_reset_interrupt

[Emilio G. Cota]

On Sun, Oct 21, 2018 at 14:17:01 +0100, Richard Henderson wrote:
> On 10/19/18 2:05 AM, Emilio G. Cota wrote:
> > -cpu->interrupt_request &= ~0x01;
> > +cpu_reset_interrupt(cpu, ~0x01);
> 
> cpu_reset_interrupt(cpu, 1);

Ouch. Fixed.

> Although this is during vmload, and I'm not sure what locks you really want to
> play with here.  Perhaps it's ok...

I checked with check-qtest that it's OK -- note that the lock
is initialized right after the CPU thread is created.

I'd like to keep the locked version, so that race checkers don't
get confused.

Thanks,

Emilio

Re: [Qemu-devel] [PATCH v1] arm: check bit index before usage

[Philippe Mathieu-Daudé]

Hi Prasad,

On 22/10/18 20:10, P J P wrote:

From: Prasad J Pandit 

While performing gpio write via strongarm_gpio_handler_update
routine, the 'bit' index could access beyond s->handler[28] array.
Add check to avoid OOB access.

Reported-by: Moguofang 
Signed-off-by: Prasad J Pandit 
---
  hw/arm/strongarm.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

Update v1: use ARRAY_SIZE macro
   -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg04826.html

diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
index ec2627374d..9225b1ba6e 100644
--- a/hw/arm/strongarm.c
+++ b/hw/arm/strongarm.c
@@ -532,7 +532,9 @@ static void strongarm_gpio_handler_update(StrongARMGPIOInfo 
*s)
  
  for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {

  bit = ctz32(diff);
-qemu_set_irq(s->handler[bit], (level >> bit) & 1);
+if (bit < ARRAY_SIZE(s->handler)) {
+qemu_set_irq(s->handler[bit], (level >> bit) & 1);


   } else {
qemu_log_mask(LOG_GUEST_ERROR, ...

With that:
Reviewed-by: Philippe Mathieu-Daudé 


+}
  }
  
  s->prev_level = level;

Re: [Qemu-devel] [PATCH v8 00/38] target/mips: Limited support for the R5900

[Philippe Mathieu-Daudé]

On 22/10/18 20:40, Maciej W. Rozycki wrote:

On Mon, 22 Oct 2018, Maciej W. Rozycki wrote:


Hi Maciej,


  What an odd copy & paste thinko!  I can't believe I addressed myself in
the opening of my e-mail. :)


Haha when I saw your mail I thought "weird, there is another Maciej 
involved in this MIPS specific thread!?"

Re: [Qemu-devel] [RFC v3 07/56] target/m68k: rename cpu_halted to cpu_halt

[Emilio G. Cota]

On Sun, Oct 21, 2018 at 14:38:38 +0100, Richard Henderson wrote:
> On 10/21/18 1:53 PM, Richard Henderson wrote:
> > On 10/19/18 2:05 AM, Emilio G. Cota wrote:
> >> To avoid a name clash with the soon-to-be-defined cpu_halted() helper.
> >>
> >> Cc: Laurent Vivier 
> >> Signed-off-by: Emilio G. Cota 
> >> ---
> >>  target/m68k/translate.c | 6 +++---
> >>  1 file changed, 3 insertions(+), 3 deletions(-)
> > 
> > Although for this usage it's probably better to avoid the
> > tcg_global_mem_new_i32 and just use tcg_gen_st_i32.
> 
> And, as I read further, you need to convert this use to a helper call.
> Otherwise you've still got an unlocked direct modification to cpu->halted
> from within the TCG generated code.
> 
> There are several other targets that do the same thing: alpha, cris, hppa,
> mips, microblaze, ppc.  And typically they will do exactly the same thing: set
> the flag and then raise the halt exception.

Ouch -- I entirely missed these!

For v4, I defined helper_cpu_halted_set in tcg-runtime, and
converted all direct setters to it.

Thanks,

Emilio

[Qemu-devel] [PATCH v2] lsi: Reselection needed to remove pending commands from queue

[George Kennedy]

Under heavy IO (e.g. fio) the queue is not checked frequently enough for
pending commands. As a result some pending commands are timed out by the
linux sym53c8xx driver, which sends SCSI Abort messages for the timed out
commands. The SCSI Abort messages result in linux errors, which show up
in /var/log/messages.

e.g.
sd 0:0:3:0: [sdd] tag#33 ABORT operation started
scsi target0:0:3: control msgout:
80 20 47 d
sd 0:0:3:0: ABORT operation complete.
scsi target0:0:4: message d sent on bad reselection

Add a deadline along with the command when it is added to the queue.
When the current command completes, check the queue for pending commands
that have exceeded the deadline and if so, simulate a Wait Reselect
to handle the pending commands on the queue.

When a Wait Reselect is needed, intercept and save the current DMA Scripts
Ptr (DSP) contents and load it instead with the pointer to the Reselection
Scripts.  When Reselection has completed, restore the original DSP contents.

Signed-off-by: George Kennedy 
---
Thank you for reviewing, Paolo,

As you suggested I moved the loading of "s->resel_dsp" down to the "Wait 
Reselect"
case. The address of the Reselection Scripts, though, is contained in "s->dsp - 
8"
and not in s->dnad.

The reason the timeout is needed is that under heavy IO some pending commands
stay on the pending queue longer than the 30 second command timeout set by the
linux upper layer scsi driver (sym53c8xx). When command timeouts occur, the
upper layer scsi driver sends SCSI Abort messages to remove the timed out
commands. The command timeouts are caused by the fact that under heavy IO,
lsi_reselect() in qemu "hw/scsi/lsi53c895a.c" is not being called before the
upper layer scsi driver 30 second command timeout goes off.

If lsi_reselect() were called more frequently, the command timeout problem would
probably not occur. There are a number of places where lsi_reselect() is 
supposed
to get called (e.g. at the end of lsi_update_irq()), but the only place that I
have observed lsi_reselect() being called is from lsi_execute_script() when
lsi_wait_reselect() is called because of a SCRIPT "Wait Select" IO Instruction.

The proposed patch adds a deadline timeout for each pending command added to the
pending queue. The timeout is an arbitrary value (less than the upper layer
command timeout) that gets checked after each command is completed when the
pending queue is checked. If the deadline is exceeded, a flag is set indicating
that a SCRIPT "Wait Select" IO Instruction is needed, which will result in
lsi_wait_reselect() and lsi_reselect() being called to remove a command from 
the pending queue, reselect the target, continue and complete the command.

 hw/scsi/lsi53c895a.c | 54 +++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index 996b406..8474399 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -198,6 +198,7 @@ typedef struct lsi_request {
 uint32_t dma_len;
 uint8_t *dma_buf;
 uint32_t pending;
+uint64_t deadline;
 int out;
 QTAILQ_ENTRY(lsi_request) next;
 } lsi_request;
@@ -232,6 +233,9 @@ typedef struct {
 int command_complete;
 QTAILQ_HEAD(, lsi_request) queue;
 lsi_request *current;
+int want_resel; /* need resel to handle queued completed cmds */
+uint32_t resel_dsp; /* DMA Scripts Ptr (DSP) of reselection scsi scripts */
+uint32_t next_dsp;  /* if want_resel, will be loaded with above */
 
 uint32_t dsa;
 uint32_t temp;
@@ -311,6 +315,20 @@ static inline int lsi_irq_on_rsl(LSIState *s)
 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
 }
 
+static int pending_past_deadline(LSIState *s)
+{
+lsi_request *p;
+
+QTAILQ_FOREACH(p, &s->queue, next) {
+if (p->pending) {
+if (qemu_clock_get_ns(QEMU_CLOCK_REALTIME) > p->deadline) {
+return 1;
+}
+}
+}
+return 0;
+}
+
 static void lsi_soft_reset(LSIState *s)
 {
 DPRINTF("Reset\n");
@@ -634,15 +652,22 @@ static void lsi_do_dma(LSIState *s, int out)
 }
 }
 
+/* Max time a completed command can be on the queue before Reselection needed 
*/
+#define LSI_DEADLINE1000
 
 /* Add a command to the queue.  */
 static void lsi_queue_command(LSIState *s)
 {
 lsi_request *p = s->current;
+uint64_t timeout_ms = LSI_DEADLINE;
 
 DPRINTF("Queueing tag=0x%x\n", p->tag);
 assert(s->current != NULL);
 assert(s->current->dma_len == 0);
+
+p->deadline = qemu_clock_get_ns(QEMU_CLOCK_REALTIME) +
+timeout_ms * 100ULL;
+
 QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
 s->current = NULL;
 
@@ -775,6 +800,9 @@ static void lsi_command_complete(SCSIRequest *req, uint32_t 
status, size_t resid
 lsi_request_free(s, s->current);
 scsi_req_unref(req);
 }
+if (pending_past_deadline(s)) {
+s->want_resel = 1;
+}
 ls

Re: [Qemu-devel] [PATCH 00/27] ACPI hardware-reduced support

[Michael S. Tsirkin]

On Mon, Oct 22, 2018 at 08:36:30PM +0200, Samuel Ortiz wrote:
> This patch set implements support for the ACPI hardware-reduced
> specification.
> 
> The changes are coming from the NEMU [1] project where we're defining
> a new x86 machine type: i386/virt. This is an EFI only, ACPI
> hardware-reduced platform and as such we had to implement support
> for the latter.
> 
> As a preliminary for adding hardware-reduced support to QEMU, we did
> some ACPI code reorganization with the following goals:
> 
> * Share as much as possible of the current ACPI build APIs between
>   legacy and hardware-reduced ACPI.
> * Share the ACPI build code across machine types and architectures and
>   remove the typical PC machine type dependency.
>   Eventually we hope to see arm/virt also re-use much of that code.
> 
> The rest of the patchset adds the hardware-reduced support on top of
> this code reorganization. Here again, the implementation is machine
> type, platform and architecture independent.
> 
> [1] https://github.com/intel/nemu


Thanks for the patch!
I'm traveling so won't be able to review until next week.

I wonder whether the code can be refactored slightly differently:
instead of common code calling out to platform specific one,
have platform code call out to generic one.
That would avoid indicectiin but I'm not sure at what cost
in complexity.

Still that's a generic question as I have not looked at the
patches in depth.

Hope this helps,
MST

> 
> The following changes since commit b312532fd03413d0e6ae6767ec793a3e30f487b8:
> 
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
> staging (2018-10-19 19:01:07 +0100)
> 
> are available in the Git repository at:
> 
>   g...@github.com:intel/nemu topic/upstream/acpi
> 
> for you to fetch changes up to 4133ebe0d638d0a3d583bd89aa2360ef35ba746b:
> 
>   hw: acpi: reduced: Add PCI hotplug support (2018-10-22 20:32:23 +0200)
> 
> 
> Jing Liu (2):
>   hw: acpi: reduced: Add shutdown support
>   hw: acpi: reduced: Add reboot support
> 
> Samuel Ortiz (10):
>   hw: i386: Decouple the ACPI build from the PC machine type
>   hw: acpi: Export ACPI build alignment API
>   hw: acpi: Export the RSDP build API
>   hw: arm: Switch to the AML build RSDP building routine
>   hw: acpi: Do not create hotplug method when handler is not defined
>   hw: i386: Make the hotpluggable memory size property more generic
>   hw: fw-build: Add firmware build methods and state
>   hw: i386: Convert PC machine type to firmware build methods
>   hw: acpi: Initial hardware-reduced support
>   hw: acpi: reduced: Generic Event Device support
> 
> Sebastien Boeuf (4):
>   hw: acpi: Export the PCI hotplug API
>   hw: acpi: Retrieve the PCI bus from AcpiPciHpState
>   hw: acpi: reduced: Add NFIT support
>   hw: acpi: reduced: Add PCI hotplug support
> 
> Yang Zhong (10):
>   hw: acpi: Generalize AML build routines
>   hw: acpi: Factorize _OSC AML across architectures
>   hw: i386: Refactor PCI host getter
>   hw: acpi: Export and generalize the PCI host AML API
>   hw: acpi: Export the MCFG getter
>   hw: acpi: Export the SRAT AML build API
>   hw: acpi: Fix memory hotplug AML generation error
>   hw: acpi: reduced: Add MCFG support
>   hw: acpi: reduced: Add memory hotplug support
>   hw: acpi: reduced: Add SRAT table
> 
>  default-configs/i386-softmmu.mak |1 +
>  hw/acpi/Makefile.objs|1 +
>  hw/acpi/aml-build.c  | 1139 +++-
>  hw/acpi/cpu.c|8 +-
>  hw/acpi/cpu_hotplug.c|9 +-
>  hw/acpi/memory_hotplug.c |   21 +-
>  hw/acpi/pcihp.c  |   10 +-
>  hw/acpi/reduced.c|  472 +++
>  hw/arm/virt-acpi-build.c |   86 +--
>  hw/i386/acpi-build.c | 1172 
> +++---
>  hw/i386/acpi-build.h |4 +-
>  hw/i386/pc.c |  188 +++---
>  hw/i386/pc_piix.c|   21 +-
>  hw/i386/pc_q35.c |   21 +-
>  hw/pci-host/piix.c   |8 -
>  include/hw/acpi/acpi-defs.h  |   15 +
>  include/hw/acpi/acpi.h   |   47 ++
>  include/hw/acpi/aml-build.h  |   48 ++
>  include/hw/acpi/reduced.h|   46 ++
>  include/hw/boards.h  |5 +
>  include/hw/fw-build.h|   57 ++
>  include/hw/i386/acpi.h   |   27 +
>  include/hw/i386/pc.h |   21 +-
>  include/hw/mem/memory-device.h   |2 +
>  stubs/Makefile.objs  |1 -
>  stubs/pci-host-piix.c|6 -
>  26 files changed, 2107 insertions(+), 1329 deletions(-)
>  create mode 100644 hw/acpi/reduced.c
>  create mode 100644 include/hw/acpi/reduced.h
>  create mode 100644 include/hw/fw-build.h
>  create mode 100644 include/hw/i386/acpi.h
>  delete

Re: [Qemu-devel] [RFC v3 10/56] ppc: convert to cpu_halted

[Emilio G. Cota]

On Sun, Oct 21, 2018 at 13:56:59 +0100, Richard Henderson wrote:
> On 10/19/18 2:05 AM, Emilio G. Cota wrote:
> > @@ -1088,11 +1088,13 @@ static target_ulong h_cede(PowerPCCPU *cpu, 
> > sPAPRMachineState *spapr,
> >  
> >  env->msr |= (1ULL << MSR_EE);
> >  hreg_compute_hflags(env);
> > +cpu_mutex_lock(cs);
> >  if (!cpu_has_work(cs)) {
> > -cs->halted = 1;
> > +cpu_halted_set(cs, 1);
> >  cs->exception_index = EXCP_HLT;
> >  cs->exit_request = 1;
> >  }
> > +cpu_mutex_unlock(cs);
> >  return H_SUCCESS;
> 
> Why does this one get extra locking?

It's taking into account that later in the series we
expand the CPU lock to cpu_has_work. I've added the
following note to this patch's commit log:

> In hw/ppc/spapr_hcall.c, acquire the lock just once to
> update cpu->halted and call cpu_has_work, since later
> in the series we'll acquire the BQL (if not already held)
> from cpu_has_work.

Thanks,

Emilio

[Qemu-devel] [Bug 1737883] Re: Cannot boot FreeBSD on versatilepb machine

[Alex Bennée]

What version did this last work on? What version have you tested that
failed? Have you tried the latest QEMU HEAD build? What was the full
command line of your invocation?

** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1737883

Title:
  Cannot boot FreeBSD on versatilepb machine

Status in QEMU:
  Incomplete

Bug description:
  I know some years ago it was possible to boot FreeBSD in QEMU versatilepb 
machine
  https://kernelnomicon.org/?p=229 (you can download image and kernel using 
web.archive.org)
  Now when I try to do that I get only black screen with no output even in QEMU 
console.
  I also added -global versatile_pci.broken-irq-mapping=1, but this seem to 
have no effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1737883/+subscriptions

[Qemu-devel] [Bug 1743441] Re: OS/2 Warp 4.52 OS2LVM failure

[Alex Bennée]

Is this a regression on previous behaviour or has never worked? What is
the command line you used to launch QEMU? What version have you tested
on?

** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1743441

Title:
  OS/2 Warp 4.52 OS2LVM failure

Status in QEMU:
  Incomplete

Bug description:
  When I try to boot OS/2 Warp 4.51 (Merlin), 4.52 (Aurora) or eCS 1.2.5, etc. 
I always get an exception in OS2LVM (TRAP 000E). Tried both FAT and HPFS. You 
can reproduce the bug using this disk image: 
https://drive.google.com/open?id=1zzjs9hTS0TK-Xb5hnon8SQ-2C1EmlYfy
  P.S. OS/2 Warp 4.0 boots OK (if installed on FAT, not HPFS)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1743441/+subscriptions

Re: [Qemu-devel] [PATCH v3 0/8] tests/vm: Improvements when KVM is not available

[Fam Zheng]

On Sat, 10/13 02:40, Philippe Mathieu-Daudé wrote:
> Hi Fam,
> 
> Few patches I added while testing the VM tests without KVM access.
> I doubt many people want to suffer using TCG for VM testing, but
> it was handy to debug/support aarch64 VM tests.
> 
> Also this could be a useful TCG stress test...?
> 
> Since v2: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg04084.html
> - use default args.jobs (Fam)
> - move kvm_available() to scripts/QEMU so it can be used by Avocado
> - do not use -smp 1
> - add a BaseVM::arch property to help cross vm testing

Looks good! Queued, thanks!

Fam

[Qemu-devel] [Bug 1799200] Re: null pointer dereference in tcg_emit_op

[Alex Bennée]

Does this bug occur with a normal build of QEMU or only with your
changes to it?

** Changed in: qemu
   Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1799200

Title:
  null pointer dereference in tcg_emit_op

Status in QEMU:
  Invalid

Bug description:
  I am insert a custom  tcg helper function in i386_tr_insn_start for
  trace the instructions.

  most of time the qemu runed ok ,but when execute some special software
  will lead to crash.

  
  the below is the insert code:
  
===

   8514 static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
   8515 {
   8516 DisasContext *dc = container_of(dcbase, DisasContext, base);
   8517 TCGv_ptr ptr= tcg_const_ptr((void*)cpu); // inserted hepler code
   8518 gen_helper_mad_exec(ptr);// insert helper code
   8519 tcg_gen_insn_start(dc->base.pc_next, dc->cc_op);
   8520 }
  
==

  below is the callstack

  #0  0x5581df5e in tcg_emit_op (opc=opc@entry=INDEX_op_movi_i64) at 
/root/qemu/tcg/tcg.c:2205
  #1  0x55825911 in tcg_gen_op2 (opc=opc@entry=INDEX_op_movi_i64, 
a1=140734736923704, a2=a2@entry=792) at /root/qemu/tcg/tcg-op.c:53
  #2  0x5581d713 in tcg_const_i64 (opc=INDEX_op_movi_i64, a2=792, 
a1=0x7378) at /root/qemu/tcg/tcg-op.h:109
  #3  0x5581d713 in tcg_const_i64 (arg=792, ret=) at 
/root/qemu/tcg/tcg-op.h:579
  #4  0x5581d713 in tcg_const_i64 (val=val@entry=792) at 
/root/qemu/tcg/tcg.c:1314
  #5  0x5582732d in tcg_gen_addi_i64 (ret=0xd18, arg1=0x378, 
arg2=arg2@entry=792) at /root/qemu/tcg/tcg-op.c:1200
  #6  0x5590ffaf in gen_sse (b=792, a=, r=) at /root/qemu/tcg/tcg-op.h:1258
  #7  0x5590ffaf in gen_sse (env=env@entry=0x567424d0, 
s=s@entry=0x7fffea99a610, b=b@entry=366, pc_start=pc_start@entry=4513509698, 
rex_r=rex_r@entry=0) at /root/qemu/target/i386/translate.c:3150
  #8  0x55911d7f in disas_insn (s=s@entry=0x7fffea99a610, 
cpu=) at /root/qemu/target/i386/translate.c:8336
  #9  0x559207a0 in i386_tr_translate_insn (dcbase=0x7fffea99a610, 
cpu=) at /root/qemu/target/i386/translate.c:8543
  #10 0x55892649 in translator_loop (ops=0x5622dee0 , 
db=0x7fffea99a610, cpu=0x5673a220, tb=) at 
/root/qemu/accel/tcg/translator.c:110
  #11 0x559209ef in gen_intermediate_code 
(cpu=cpu@entry=0x5673a220, tb=tb@entry=0x7fff70682040 
) at /root/qemu/target/i386/translate.c:8605
  #12 0x55891437 in tb_gen_code (cpu=cpu@entry=0x5673a220, 
pc=pc@entry=4513506448, cs_base=cs_base@entry=0, flags=flags@entry=4244147, 
cflags=cflags@entry=0) at /root/qemu/accel/tcg/translate-all.c:1728
  #13 0x5588f97b in cpu_exec (cf_mask=0, tb_exit=0, last_tb=0x0, 
cpu=0x0) at /root/qemu/accel/tcg/cpu-exec.c:410
  #14 0x5588f97b in cpu_exec (cpu=cpu@entry=0x5673a220) at 
/root/qemu/accel/tcg/cpu-exec.c:734
  #15 0x5584b152 in tcg_cpu_exec (cpu=0x5673a220) at 
/root/qemu/cpus.c:1405
  #16 0x5584d1b8 in qemu_tcg_rr_cpu_thread_fn (arg=) at 
/root/qemu/cpus.c:1505
  #17 0x72585e25 in start_thread () at /lib64/libpthread.so.0
  #18 0x722afbad in clone () at /lib64/libc.so.6

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1799200/+subscriptions

Re: [Qemu-devel] [PATCH v8 00/38] target/mips: Limited support for the R5900

[Fredrik Noring]

Hi Aleksandar,

> Pull request with 32 patches from this series is already sent, and I would
> like to avoid sending v2 of that request. Let's wait for some time until
> the pull request is hopefully accepted. There will be most likely another
> one at the beginning of the next week.
> 
> We are appoaching QEMU 3.1 soft freeze (Oct 30), and at this point we
> would like to stabilize the code, and to integrate only crucial patches.
> I suggest that you create a new series "target/mips: Amend R5900 support".
> It should be based on the code submitted in the pull request. Place the
> most crucial patches as the first ones, at the beginning of the series.

The R5900 testsuite in tests/tcg/mips/mipsr5900 fails unless ASE_MMI is
part of insn_flags for the R5900:

--- a/target/mips/translate_init.inc.c
+++ b/target/mips/translate_init.inc.c
@@ -466,7 +466,7 @@ const mips_def_t mips_defs[] =
 #endif /* !CONFIG_USER_ONLY */
 .SEGBITS = 32,
 .PABITS = 32,
-.insn_flags = CPU_R5900,
+.insn_flags = CPU_R5900 | ASE_MMI,
 .mmu_type = MMU_TYPE_R4000,
 },
 {

Perhaps that is the only (somewhat) crucial problem, depending on how the
testsuites are used, of course.

The other ASE_MMI changes and the disassembly of MULT1 and MULTU1 can wait,
as can R5900 support for MADD, MADDU, MADD1 and MADDU1, in my opinion.

> FPU changes are too risky at this stage od 3.1 development cycle, and I
> would leave them for QEMU 3.2+.

Agreed! As Maciej just noted, there are also toolchain issues that need
to be addressed for the R5900 FPU.

Fredrik

[Qemu-devel] [Bug 1798451] Re: HVF linux on OSX hangs 2nd time started after adding socket

[Rob Maskell]

Thanks for helping Roman, so I take it my options at this point are wait
for VMEXIT to be implemented or try to find a linux distro that doesn't
require SSE?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1798451

Title:
  HVF linux on OSX hangs 2nd time started after adding socket

Status in QEMU:
  New

Bug description:
  
  Robs-MacBook-Pro-2:~ robmaskell$ qemu-system-x86_64 --version
  QEMU emulator version 3.0.0

  Host: MacOS - 10.13.6
Model Name: MacBook Pro
Model Identifier:   MacBookPro14,3
Processor Name: Intel Core i7
Processor Speed:2.8 GHz
Number of Processors:   1
Total Number of Cores:  4
L2 Cache (per Core):256 KB
L3 Cache:   6 MB
Memory: 16 GB

  Guest OS: Elementary Linux Loki 0.4.1, patched up to date

  Command used to start QEMU:

  qemu-system-x86_64 \
-name ElementaryLokiDev \
-machine pc,accel=hvf \
-cpu max \
-smp cpus=2,sockets=2,cores=1,threads=1,maxcpus=2 \
-numa node,nodeid=0 \
-numa cpu,node-id=0,socket-id=0 -numa cpu,node-id=0,socket-id=1 \
-m 8G \
-vga vmware \
-hda e4.qcow2

  Symptoms: Started without the -smp / -numa commands to install the OS,
  then added -smp / -numa and the machine boots and lscpu reports extra
  cpu as expected. Restart VM and it hangs on startup. Remove -smp /
  -numa and machine starts again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1798451/+subscriptions

[Qemu-devel] [PATCH 26/26] hw: acpi: reduced: Add PCI hotplug support

[Samuel Ortiz]

From: Sebastien Boeuf 

In order to support PCI hotplug through a hardware-reduced GED, we need
to modify the GED device definition in the DSDT table, so that a PCI hotplug
related interrupt will trigger a new PCI scan.
We also need to modify the DSDT PCI bus definition in order to make sure
a PCI scan of all available slots can be performed when an interrupt
comes in.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Signed-off-by: Sebastien Boeuf 
Signed-off-by: Jing Liu 
---
 hw/acpi/aml-build.c | 8 +++-
 hw/acpi/reduced.c   | 7 +++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 752642a67a..99f04a3e71 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -2510,7 +2510,7 @@ void build_append_pci_bus_devices(Aml *parent_scope, 
PCIBus *bus,
 
 void acpi_dsdt_add_pci_bus(Aml *dsdt, AcpiPciBus *pci_host)
 {
-Aml *dev, *pci_scope;
+Aml *dev, *pci_scope, *hp_scope;
 
 dev = aml_device("\\_SB.PCI0");
 aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A08")));
@@ -2522,6 +2522,12 @@ void acpi_dsdt_add_pci_bus(Aml *dsdt, AcpiPciBus 
*pci_host)
 aml_append(dev, build_osc_method(0x1F));
 aml_append(dsdt, dev);
 
+/* PCIHP */
+hp_scope =  aml_scope("\\_SB.PCI0");
+build_acpi_pci_hotplug(hp_scope);
+build_append_pci_bus_devices(hp_scope, pci_host->pci_bus, false);
+aml_append(dsdt, hp_scope);
+
 pci_scope = build_pci_host_bridge(dsdt, pci_host);
 aml_append(dsdt, pci_scope);
 }
diff --git a/hw/acpi/reduced.c b/hw/acpi/reduced.c
index fac19a978a..7faccdc634 100644
--- a/hw/acpi/reduced.c
+++ b/hw/acpi/reduced.c
@@ -331,6 +331,8 @@ void acpi_reduced_setup(MachineState *machine, 
AcpiConfiguration *conf)
 
 static Aml *ged_event_aml(GedEvent *event)
 {
+Aml *method;
+
 if (!event) {
 return NULL;
 }
@@ -343,6 +345,11 @@ static Aml *ged_event_aml(GedEvent *event)
 /* We run a complete memory SCAN when getting a memory hotplug event */
 return aml_call0("\\_SB.MHPC." MEMORY_SLOT_SCAN_METHOD);
 case GED_PCI_HOTPLUG:
+/* Take the PCI lock and trigger a PCI rescan */
+method = aml_acquire(aml_name("\\_SB.PCI0.BLCK"), 0x);
+aml_append(method, aml_call0("\\_SB.PCI0.PCNT"));
+aml_append(method, aml_release(aml_name("\\_SB.PCI0.BLCK")));
+return method;
 case GED_NVDIMM_HOTPLUG:
 return aml_notify(aml_name("\\_SB.NVDR"), aml_int(0x80));
 default:
-- 
2.17.2

[Qemu-devel] [PATCH 23/26] hw: acpi: reduced: Add reboot support

[Samuel Ortiz]

From: Jing Liu 

We only need to expose it through FADT.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Signed-off-by: Jing Liu 
---
 hw/acpi/reduced.c | 7 ++-
 include/hw/acpi/reduced.h | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/acpi/reduced.c b/hw/acpi/reduced.c
index 329d5112ca..3754258335 100644
--- a/hw/acpi/reduced.c
+++ b/hw/acpi/reduced.c
@@ -128,10 +128,15 @@ static void build_fadt_reduced(GArray *table_data, 
BIOSLinker *linker,
 AcpiFadtData fadt = {
 .rev = 5,
 .minor_ver = 1,
-.flags = 1 << ACPI_FADT_F_HW_REDUCED_ACPI,
+.flags = (1 << ACPI_FADT_F_HW_REDUCED_ACPI) |
+ (1 << ACPI_FADT_F_RESET_REG_SUP),
 .dsdt_tbl_offset = &dsdt_tbl_offset,
 .xdsdt_tbl_offset = &dsdt_tbl_offset,
 .arm_boot_arch = 0,
+.reset_reg = { .space_id = AML_AS_SYSTEM_IO,
+  .bit_width = 8, .bit_offset = 0,
+  .address = ACPI_REDUCED_RESET_IOPORT },
+.reset_val = ACPI_REDUCED_RESET_VALUE,
 .sleep_control_reg = { .space_id = AML_AS_SYSTEM_IO,
   .bit_width = 8, .bit_offset = 0,
   .address = ACPI_REDUCED_SLEEP_CONTROL_IOPORT },
diff --git a/include/hw/acpi/reduced.h b/include/hw/acpi/reduced.h
index 3d3c003353..bcd266afd0 100644
--- a/include/hw/acpi/reduced.h
+++ b/include/hw/acpi/reduced.h
@@ -22,6 +22,8 @@
 #define ACPI_REDUCED_SLEEP_LEVEL  5
 #define ACPI_REDUCED_SLEEP_ENABLE (1 << 5) /* SLP_EN */
 #define ACPI_REDUCED_SLEEP_CONTROL_IOPORT 0x3B0
+#define ACPI_REDUCED_RESET_IOPORT 0x3C0
+#define ACPI_REDUCED_RESET_VALUE  4
 
 typedef struct Aml Aml;
 
-- 
2.17.2

Re: [Qemu-devel] [PATCH v8 00/38] target/mips: Limited support for the R5900

[Maciej W. Rozycki]

On Mon, 22 Oct 2018, Maciej W. Rozycki wrote:

> Hi Maciej,

 What an odd copy & paste thinko!  I can't believe I addressed myself in 
the opening of my e-mail. :)

  Maciej

[Qemu-devel] [PATCH 20/26] hw: acpi: reduced: Generic Event Device support

[Samuel Ortiz]

The ACPI Generic Event Device (GED) is a hardware-reduced specific
device that handles all platform events, including the hotplug ones.
This patch generate the AML code that defines GEDs.
Platforms need to specify their own GedEvent array to describe what kind
of events they want to support through GED. The build_ged_aml routine
takes a GedEvent array that maps a specific GED event to an IRQ number.
Then we use that array to build both the _CRS and the _EVT section
of the GED device.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Signed-off-by: Samuel Ortiz 
---
 hw/acpi/reduced.c | 171 +-
 include/hw/acpi/acpi.h|   4 +
 include/hw/acpi/reduced.h |  16 
 3 files changed, 188 insertions(+), 3 deletions(-)

diff --git a/hw/acpi/reduced.c b/hw/acpi/reduced.c
index 0f6397c740..53b57760eb 100644
--- a/hw/acpi/reduced.c
+++ b/hw/acpi/reduced.c
@@ -30,6 +30,8 @@
 #include "hw/acpi/acpi.h"
 #include "hw/acpi/aml-build.h"
 #include "hw/acpi/bios-linker-loader.h"
+#include "hw/acpi/cpu.h"
+#include "hw/acpi/pc-hotplug.h"
 #include "hw/acpi/reduced.h"
 
 #include "hw/nvram/fw_cfg.h"
@@ -44,9 +46,34 @@
 
 #include "migration/vmstate.h"
 
+#define GED_DEVICE "GED"
+
+static void acpi_dsdt_add_cpus(MachineState *ms, Aml *dsdt, Aml *scope,
+   int smp_cpus, AcpiConfiguration *conf)
+{
+CPUHotplugFeatures opts = {
+.apci_1_compatible = false,
+.has_legacy_cphp = false,
+};
+
+build_cpus_aml(dsdt, ms, opts, conf->cpu_hotplug_io_base,
+   "\\_SB", NULL);
+}
+
+static void acpi_dsdt_add_ged(Aml *scope, AcpiConfiguration *conf)
+{
+if (!conf->ged_events || !conf->ged_events_size) {
+return;
+}
+
+build_ged_aml(scope, "\\_SB."GED_DEVICE,
+  conf->ged_events, conf->ged_events_size);
+}
+
 /* DSDT */
-static void build_dsdt(GArray *table_data, BIOSLinker *linker,
-   AcpiPciBus *pci_host)
+static void build_dsdt(MachineState *ms,
+   GArray *table_data, BIOSLinker *linker,
+   AcpiPciBus *pci_host, AcpiConfiguration *conf)
 {
 Aml *scope, *dsdt;
 
@@ -58,6 +85,8 @@ static void build_dsdt(GArray *table_data, BIOSLinker *linker,
 if (pci_host->pci_bus) {
 acpi_dsdt_add_pci_bus(dsdt, pci_host);
 }
+acpi_dsdt_add_cpus(ms, dsdt, scope, smp_cpus, conf);
+acpi_dsdt_add_ged(dsdt, conf);
 aml_append(dsdt, scope);
 
 /* copy AML table into ACPI tables blob and patch header there */
@@ -118,7 +147,7 @@ static void acpi_reduced_build(MachineState *ms, 
AcpiBuildTables *tables,
 
 /* DSDT is pointed to by FADT */
 dsdt = tables_blob->len;
-build_dsdt(tables_blob, tables->linker, &acpi_pci_host);
+build_dsdt(ms, tables_blob, tables->linker, &acpi_pci_host, conf);
 
 /* FADT pointed to by RSDT */
 acpi_add_table(table_offsets, tables_blob);
@@ -253,3 +282,139 @@ void acpi_reduced_setup(MachineState *machine, 
AcpiConfiguration *conf)
  */
 acpi_build_tables_cleanup(&tables, false);
 }
+
+#define CPU_SCAN_METHOD   "CSCN"
+
+static Aml *ged_event_aml(GedEvent *event)
+{
+if (!event) {
+return NULL;
+}
+
+switch (event->event) {
+case GED_CPU_HOTPLUG:
+/* We run a complete CPU SCAN when getting a CPU hotplug event */
+return aml_call0("\\_SB.CPUS." CPU_SCAN_METHOD);
+case GED_MEMORY_HOTPLUG:
+case GED_PCI_HOTPLUG:
+case GED_NVDIMM_HOTPLUG:
+/* Not supported for now */
+return NULL;
+default:
+break;
+}
+
+return NULL;
+}
+
+void build_ged_aml(Aml *table, const char *name,
+   GedEvent *events, uint8_t events_size)
+{
+Aml *crs = aml_resource_template();
+Aml *evt;
+Aml *zero = aml_int(0);
+Aml *one = aml_int(1);
+Aml *dev = aml_device("%s", name);
+Aml *has_irq = aml_local(0);
+Aml *while_ctx;
+uint8_t i;
+
+/*
+ * For each GED event we:
+ * - Add an interrupt to the CRS section.
+ * - Add a conditional block for each event, inside a while loop.
+ *   This is semantically equivalent to a switch/case implementation.
+ */
+evt = aml_method("_EVT", 1, AML_SERIALIZED);
+{
+Aml *irq = aml_arg(0);
+Aml *ged_aml;
+Aml *if_ctx, *else_ctx;
+
+/* Local0 = One */
+aml_append(evt, aml_store(one, has_irq));
+
+
+/*
+ * Here we want to call a method for each supported GED event type.
+ * The resulting ASL code looks like:
+ *
+ * Local0 = One
+ * While ((Local0 == One))
+ * {
+ *Local0 = Zero
+ *If (Arg0 == irq0)
+ *{
+ *MethodEvent0()
+ *Local0 = Zero
+ *}
+ *ElseIf (Arg0 == irq1)
+ *{
+ *MethodEvent1()
+ *Local0 = Zero
+ *}
+ *ElseIf (Arg0 == irq2)
+ * 

[Qemu-devel] [PATCH 24/26] hw: acpi: reduced: Add SRAT table

[Samuel Ortiz]

From: Yang Zhong 

If the platform is a NUMA enabled, we add the SRAT table to the ACPI
build. It is up to the calling platform to define its own SRAT build
method or use the aml-build.c one.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Signed-off-by: Yang Zhong 
---
 hw/acpi/reduced.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/hw/acpi/reduced.c b/hw/acpi/reduced.c
index 3754258335..9d0c5ba01e 100644
--- a/hw/acpi/reduced.c
+++ b/hw/acpi/reduced.c
@@ -188,6 +188,16 @@ static void acpi_reduced_build(MachineState *ms, 
AcpiBuildTables *tables,
 acpi_add_table(table_offsets, tables_blob);
 mc->firmware_build_methods.acpi.madt(tables_blob, tables->linker, ms, 
conf);
 
+if (conf->numa_nodes) {
+acpi_add_table(table_offsets, tables_blob);
+mc->firmware_build_methods.acpi.srat(tables_blob, tables->linker,
+ ms, conf);
+if (have_numa_distance) {
+acpi_add_table(table_offsets, tables_blob);
+mc->firmware_build_methods.acpi.slit(tables_blob, tables->linker);
+}
+}
+
 if (acpi_get_mcfg(&mcfg)) {
 acpi_add_table(table_offsets, tables_blob);
 mc->firmware_build_methods.acpi.mcfg(tables_blob,
-- 
2.17.2

[Qemu-devel] [PATCH 22/26] hw: acpi: reduced: Add shutdown support

[Samuel Ortiz]

From: Jing Liu 

Hardware-reduced ACPI uses SLEEP_CONTROL_REG to enter S5 sleep state.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Signed-off-by: Jing Liu 
---
 hw/acpi/aml-build.c |  2 +-
 hw/acpi/reduced.c   | 15 +++
 include/hw/acpi/acpi-defs.h |  1 +
 include/hw/acpi/reduced.h   |  4 
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index f462bb8313..752642a67a 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -2922,7 +2922,7 @@ void build_fadt(GArray *tbl, BIOSLinker *linker, const 
AcpiFadtData *f,
 }
 
 /* SLEEP_CONTROL_REG */
-build_append_gas(tbl, AML_AS_SYSTEM_MEMORY, 0 , 0, 0, 0);
+build_append_gas_from_struct(tbl, &f->sleep_control_reg);
 /* SLEEP_STATUS_REG */
 build_append_gas(tbl, AML_AS_SYSTEM_MEMORY, 0 , 0, 0, 0);
 
diff --git a/hw/acpi/reduced.c b/hw/acpi/reduced.c
index 33d413a255..329d5112ca 100644
--- a/hw/acpi/reduced.c
+++ b/hw/acpi/reduced.c
@@ -80,6 +80,17 @@ static void acpi_dsdt_add_ged(Aml *scope, AcpiConfiguration 
*conf)
   conf->ged_events, conf->ged_events_size);
 }
 
+static void acpi_dsdt_add_sleep_state(Aml *scope)
+{
+Aml *pkg = aml_package(4);
+
+aml_append(pkg, aml_int(ACPI_REDUCED_SLEEP_LEVEL));
+aml_append(pkg, aml_int(0));
+aml_append(pkg, aml_int(0));
+aml_append(pkg, aml_int(0));
+aml_append(scope, aml_name_decl("_S5", pkg));
+}
+
 /* DSDT */
 static void build_dsdt(MachineState *ms,
GArray *table_data, BIOSLinker *linker,
@@ -98,6 +109,7 @@ static void build_dsdt(MachineState *ms,
 acpi_dsdt_add_memory_hotplug(ms, dsdt);
 acpi_dsdt_add_cpus(ms, dsdt, scope, smp_cpus, conf);
 acpi_dsdt_add_ged(dsdt, conf);
+acpi_dsdt_add_sleep_state(scope);
 aml_append(dsdt, scope);
 
 /* copy AML table into ACPI tables blob and patch header there */
@@ -120,6 +132,9 @@ static void build_fadt_reduced(GArray *table_data, 
BIOSLinker *linker,
 .dsdt_tbl_offset = &dsdt_tbl_offset,
 .xdsdt_tbl_offset = &dsdt_tbl_offset,
 .arm_boot_arch = 0,
+.sleep_control_reg = { .space_id = AML_AS_SYSTEM_IO,
+  .bit_width = 8, .bit_offset = 0,
+  .address = ACPI_REDUCED_SLEEP_CONTROL_IOPORT },
 };
 
 build_fadt(table_data, linker, &fadt, NULL, NULL);
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index 6e1726e0a2..10b7bf9c98 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -112,6 +112,7 @@ typedef struct AcpiFadtData {
 unsigned *facs_tbl_offset; /* FACS offset in */
 unsigned *dsdt_tbl_offset;
 unsigned *xdsdt_tbl_offset;
+struct AcpiGenericAddress sleep_control_reg;  /* SLEEP_CONTROL_REG */
 } AcpiFadtData;
 
 #define ACPI_FADT_ARM_PSCI_COMPLIANT  (1 << 0)
diff --git a/include/hw/acpi/reduced.h b/include/hw/acpi/reduced.h
index b326af9bad..3d3c003353 100644
--- a/include/hw/acpi/reduced.h
+++ b/include/hw/acpi/reduced.h
@@ -19,6 +19,10 @@
 #ifndef HW_ACPI_REDUCED_H
 #define HW_ACPI_REDUCED_H
 
+#define ACPI_REDUCED_SLEEP_LEVEL  5
+#define ACPI_REDUCED_SLEEP_ENABLE (1 << 5) /* SLP_EN */
+#define ACPI_REDUCED_SLEEP_CONTROL_IOPORT 0x3B0
+
 typedef struct Aml Aml;
 
 typedef enum {
-- 
2.17.2

[Qemu-devel] [PATCH 25/26] hw: acpi: reduced: Add NFIT support

[Samuel Ortiz]

From: Sebastien Boeuf 

If the platform is NVDIMM enabled, we add the NFIT table to the ACPI
build.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Signed-off-by: Sebastien Boeuf 
---
 hw/acpi/reduced.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/hw/acpi/reduced.c b/hw/acpi/reduced.c
index 9d0c5ba01e..fac19a978a 100644
--- a/hw/acpi/reduced.c
+++ b/hw/acpi/reduced.c
@@ -204,6 +204,11 @@ static void acpi_reduced_build(MachineState *ms, 
AcpiBuildTables *tables,
  tables->linker, &mcfg);
 }
 
+if (conf->acpi_nvdimm_state.is_enabled) {
+nvdimm_build_acpi(table_offsets, tables_blob, tables->linker,
+  &conf->acpi_nvdimm_state, ms->ram_slots);
+}
+
 /* RSDT is pointed to by RSDP */
 xsdt = tables_blob->len;
 build_xsdt(tables_blob, tables->linker, table_offsets, NULL, NULL);
@@ -339,8 +344,7 @@ static Aml *ged_event_aml(GedEvent *event)
 return aml_call0("\\_SB.MHPC." MEMORY_SLOT_SCAN_METHOD);
 case GED_PCI_HOTPLUG:
 case GED_NVDIMM_HOTPLUG:
-/* Not supported for now */
-return NULL;
+return aml_notify(aml_name("\\_SB.NVDR"), aml_int(0x80));
 default:
 break;
 }
-- 
2.17.2

[Qemu-devel] [PATCH 15/26] hw: acpi: Retrieve the PCI bus from AcpiPciHpState

[Samuel Ortiz]

From: Sebastien Boeuf 

Instead of using the machine type specific method find_i440fx() to
retrieve the PCI bus, this commit aims to rely on the fact that the
PCI bus is known by the structure AcpiPciHpState.

When the structure is initialized through acpi_pcihp_init() call,
it saves the PCI bus, which means there is no need to invoke a
special function later on.

Based on the fact that find_i440fx() was only used there, this
patch also removes the function find_i440fx() itself from the
entire codebase.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Marcel Apfelbaum 
Cc: Paolo Bonzini 
Signed-off-by: Sebastien Boeuf 
Signed-off-by: Jing Liu 
---
 hw/acpi/pcihp.c   | 10 --
 hw/pci-host/piix.c|  8 
 include/hw/i386/pc.h  |  1 -
 stubs/Makefile.objs   |  1 -
 stubs/pci-host-piix.c |  6 --
 5 files changed, 4 insertions(+), 22 deletions(-)
 delete mode 100644 stubs/pci-host-piix.c

diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index 80d42e12ff..254b2e50ab 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -93,10 +93,9 @@ static void *acpi_set_bsel(PCIBus *bus, void *opaque)
 return bsel_alloc;
 }
 
-static void acpi_set_pci_info(void)
+static void acpi_set_pci_info(AcpiPciHpState *s)
 {
 static bool bsel_is_set;
-PCIBus *bus;
 unsigned bsel_alloc = ACPI_PCIHP_BSEL_DEFAULT;
 
 if (bsel_is_set) {
@@ -104,10 +103,9 @@ static void acpi_set_pci_info(void)
 }
 bsel_is_set = true;
 
-bus = find_i440fx(); /* TODO: Q35 support */
-if (bus) {
+if (s->root) {
 /* Scan all PCI buses. Set property to enable acpi based hotplug. */
-pci_for_each_bus_depth_first(bus, acpi_set_bsel, NULL, &bsel_alloc);
+pci_for_each_bus_depth_first(s->root, acpi_set_bsel, NULL, 
&bsel_alloc);
 }
 }
 
@@ -213,7 +211,7 @@ static void acpi_pcihp_update(AcpiPciHpState *s)
 
 void acpi_pcihp_reset(AcpiPciHpState *s)
 {
-acpi_set_pci_info();
+acpi_set_pci_info(s);
 acpi_pcihp_update(s);
 }
 
diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index da73743fa2..4940f59c9b 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -445,14 +445,6 @@ PCIBus *i440fx_init(const char *host_type, const char 
*pci_type,
 return b;
 }
 
-PCIBus *find_i440fx(void)
-{
-PCIHostState *s = OBJECT_CHECK(PCIHostState,
-   object_resolve_path("/machine/i440fx", 
NULL),
-   TYPE_PCI_HOST_BRIDGE);
-return s ? s->bus : NULL;
-}
-
 /* PIIX3 PCI to ISA bridge */
 static void piix3_set_irq_pic(PIIX3State *piix3, int pic_irq)
 {
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 7d177cd207..f6b2649cf8 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -260,7 +260,6 @@ PCIBus *i440fx_init(const char *host_type, const char 
*pci_type,
 MemoryRegion *pci_memory,
 MemoryRegion *ram_memory);
 
-PCIBus *find_i440fx(void);
 /* piix4.c */
 extern PCIDevice *piix4_dev;
 int piix4_init(PCIBus *bus, ISABus **isa_bus, int devfn);
diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs
index 5dd0aeeec6..725f78bedc 100644
--- a/stubs/Makefile.objs
+++ b/stubs/Makefile.objs
@@ -41,6 +41,5 @@ stub-obj-y += pc_madt_cpu_entry.o
 stub-obj-y += vmgenid.o
 stub-obj-y += xen-common.o
 stub-obj-y += xen-hvm.o
-stub-obj-y += pci-host-piix.o
 stub-obj-y += ram-block.o
 stub-obj-y += ramfb.o
diff --git a/stubs/pci-host-piix.c b/stubs/pci-host-piix.c
deleted file mode 100644
index 6ed81b1f21..00
--- a/stubs/pci-host-piix.c
+++ /dev/null
@@ -1,6 +0,0 @@
-#include "qemu/osdep.h"
-#include "hw/i386/pc.h"
-PCIBus *find_i440fx(void)
-{
-return NULL;
-}
-- 
2.17.2

[Qemu-devel] [PATCH 18/26] hw: acpi: Initial hardware-reduced support

[Samuel Ortiz]

We build a minimal set of ACPI hardware-reduced tables: XSDT,
FADT, MADT and a DSDT pointed by a RSDP.
The DSDT only contains one PCI host bridge for now.

This API will be consumed by new x86 machine type but also potentially
by the ARM virt one.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Signed-off-by: Samuel Ortiz 
---
 default-configs/i386-softmmu.mak |   1 +
 hw/acpi/Makefile.objs|   1 +
 hw/acpi/reduced.c| 248 +++
 include/hw/acpi/reduced.h|  24 +++
 4 files changed, 274 insertions(+)
 create mode 100644 hw/acpi/reduced.c
 create mode 100644 include/hw/acpi/reduced.h

diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index 210cff2781..a80509a111 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -66,3 +66,4 @@ CONFIG_I2C=y
 CONFIG_SEV=$(CONFIG_KVM)
 CONFIG_VTD=y
 CONFIG_AMD_IOMMU=y
+CONFIG_ACPI_HW_REDUCED=y
diff --git a/hw/acpi/Makefile.objs b/hw/acpi/Makefile.objs
index 11c35bcb44..276e0cfbce 100644
--- a/hw/acpi/Makefile.objs
+++ b/hw/acpi/Makefile.objs
@@ -6,6 +6,7 @@ common-obj-$(CONFIG_ACPI_MEMORY_HOTPLUG) += memory_hotplug.o
 common-obj-$(CONFIG_ACPI_CPU_HOTPLUG) += cpu.o
 common-obj-$(CONFIG_ACPI_NVDIMM) += nvdimm.o
 common-obj-$(CONFIG_ACPI_VMGENID) += vmgenid.o
+common-obj-$(CONFIG_ACPI_HW_REDUCED) += reduced.o
 common-obj-$(call lnot,$(CONFIG_ACPI_X86)) += acpi-stub.o
 
 common-obj-y += acpi_interface.o
diff --git a/hw/acpi/reduced.c b/hw/acpi/reduced.c
new file mode 100644
index 00..364b105f58
--- /dev/null
+++ b/hw/acpi/reduced.c
@@ -0,0 +1,248 @@
+/* HW reduced ACPI support
+ *
+ * Copyright (c) 2018 Intel Corportation
+ * Copyright (C) 2013 Red Hat Inc
+ * Copyright (c) 2015 HUAWEI TECHNOLOGIES CO.,LTD.
+ * Copyright (C) 2008-2010  Kevin O'Connor 
+ * Copyright (C) 2006 Fabrice Bellard
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu/error-report.h"
+#include "qemu/range.h"
+#include "qemu-common.h"
+
+#include "hw/acpi/acpi-defs.h"
+#include "hw/acpi/acpi.h"
+#include "hw/acpi/aml-build.h"
+#include "hw/acpi/bios-linker-loader.h"
+#include "hw/acpi/reduced.h"
+
+#include "hw/nvram/fw_cfg.h"
+
+#include "hw/pci/pcie_host.h"
+#include "hw/pci/pci.h"
+
+#include "hw/loader.h"
+#include "hw/hw.h"
+
+#include "sysemu/numa.h"
+
+#include "migration/vmstate.h"
+
+/* DSDT */
+static void build_dsdt(GArray *table_data, BIOSLinker *linker,
+   AcpiPciBus *pci_host)
+{
+Aml *scope, *dsdt;
+
+dsdt = init_aml_allocator();
+/* Reserve space for header */
+acpi_data_push(dsdt->buf, sizeof(AcpiTableHeader));
+
+scope = aml_scope("\\_SB");
+if (pci_host->pci_bus) {
+acpi_dsdt_add_pci_bus(dsdt, pci_host);
+}
+aml_append(dsdt, scope);
+
+/* copy AML table into ACPI tables blob and patch header there */
+g_array_append_vals(table_data, dsdt->buf->data, dsdt->buf->len);
+build_header(linker, table_data,
+(void *)(table_data->data + table_data->len - dsdt->buf->len),
+"DSDT", dsdt->buf->len, 2, NULL, NULL);
+free_aml_allocator();
+}
+
+
+static void build_fadt_reduced(GArray *table_data, BIOSLinker *linker,
+   unsigned dsdt_tbl_offset)
+{
+/* ACPI v5.1 */
+AcpiFadtData fadt = {
+.rev = 5,
+.minor_ver = 1,
+.flags = 1 << ACPI_FADT_F_HW_REDUCED_ACPI,
+.dsdt_tbl_offset = &dsdt_tbl_offset,
+.xdsdt_tbl_offset = &dsdt_tbl_offset,
+.arm_boot_arch = 0,
+};
+
+build_fadt(table_data, linker, &fadt, NULL, NULL);
+}
+
+static void acpi_reduced_build(MachineState *ms, AcpiBuildTables *tables,
+   AcpiConfiguration *conf)
+{
+MachineClass *mc = MACHINE_GET_CLASS(ms);
+GArray *table_offsets;
+unsigned dsdt, xsdt;
+Range pci_hole, pci_hole64;
+Object *pci_host;
+PCIBus *bus = NULL;
+GArray *tables_blob = tables->table_data;
+
+acpi_get_pci_holes(&pci_hole, &pci_hole64);
+table_offsets = g_array_new(false, true /* clear */,
+sizeof(uint32_t));
+
+bios_linker_loader_alloc(tables->linker,
+ ACPI_BUILD_TABLE_FILE, tables_blob,
+ 64, false /* high memory */);
+
+pci_host = acpi_get

[Qemu-devel] [PATCH 21/26] hw: acpi: reduced: Add memory hotplug support

[Samuel Ortiz]

From: Yang Zhong 

We add the memory hotplug AML code to the hardware-reduced DSDT.
The memory hotplug event is handled through the GED device.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Signed-off-by: Yang Zhong 
---
 hw/acpi/reduced.c | 17 ++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/hw/acpi/reduced.c b/hw/acpi/reduced.c
index 53b57760eb..33d413a255 100644
--- a/hw/acpi/reduced.c
+++ b/hw/acpi/reduced.c
@@ -33,6 +33,7 @@
 #include "hw/acpi/cpu.h"
 #include "hw/acpi/pc-hotplug.h"
 #include "hw/acpi/reduced.h"
+#include "hw/acpi/memory_hotplug.h"
 
 #include "hw/nvram/fw_cfg.h"
 
@@ -46,7 +47,16 @@
 
 #include "migration/vmstate.h"
 
-#define GED_DEVICE "GED"
+#define GED_DEVICE   "GED"
+#define CPU_SCAN_METHOD  "CSCN"
+#define MEMORY_SLOT_SCAN_METHOD  "MSCN"
+
+static void acpi_dsdt_add_memory_hotplug(MachineState *ms, Aml *dsdt)
+{
+uint32_t nr_mem = ms->ram_slots;
+
+build_memory_hotplug_aml(dsdt, nr_mem, "\\_SB", NULL);
+}
 
 static void acpi_dsdt_add_cpus(MachineState *ms, Aml *dsdt, Aml *scope,
int smp_cpus, AcpiConfiguration *conf)
@@ -85,6 +95,7 @@ static void build_dsdt(MachineState *ms,
 if (pci_host->pci_bus) {
 acpi_dsdt_add_pci_bus(dsdt, pci_host);
 }
+acpi_dsdt_add_memory_hotplug(ms, dsdt);
 acpi_dsdt_add_cpus(ms, dsdt, scope, smp_cpus, conf);
 acpi_dsdt_add_ged(dsdt, conf);
 aml_append(dsdt, scope);
@@ -283,8 +294,6 @@ void acpi_reduced_setup(MachineState *machine, 
AcpiConfiguration *conf)
 acpi_build_tables_cleanup(&tables, false);
 }
 
-#define CPU_SCAN_METHOD   "CSCN"
-
 static Aml *ged_event_aml(GedEvent *event)
 {
 if (!event) {
@@ -296,6 +305,8 @@ static Aml *ged_event_aml(GedEvent *event)
 /* We run a complete CPU SCAN when getting a CPU hotplug event */
 return aml_call0("\\_SB.CPUS." CPU_SCAN_METHOD);
 case GED_MEMORY_HOTPLUG:
+/* We run a complete memory SCAN when getting a memory hotplug event */
+return aml_call0("\\_SB.MHPC." MEMORY_SLOT_SCAN_METHOD);
 case GED_PCI_HOTPLUG:
 case GED_NVDIMM_HOTPLUG:
 /* Not supported for now */
-- 
2.17.2

[Qemu-devel] [PATCH 16/26] hw: fw-build: Add firmware build methods and state

[Samuel Ortiz]

In order to decouple ACPI APIs from specific machine types, we are
adding granular firmware build methods to the generic MachineClass
structure. This way, a new machine type can re-use the high level ACPI
APIs and define some custom table build methods, without having to
duplicate most of the existing implementation only to add small
variations to it.

Cc: Eduardo Habkost 
Cc: Marcel Apfelbaum 
Signed-off-by: Samuel Ortiz 
---
 include/hw/boards.h   |  5 
 include/hw/fw-build.h | 57 +++
 2 files changed, 62 insertions(+)
 create mode 100644 include/hw/fw-build.h

diff --git a/include/hw/boards.h b/include/hw/boards.h
index f82f28468b..a5c8fe6ed2 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -5,6 +5,7 @@
 
 #include "sysemu/blockdev.h"
 #include "sysemu/accel.h"
+#include "hw/fw-build.h"
 #include "hw/qdev.h"
 #include "qom/object.h"
 #include "qom/cpu.h"
@@ -214,6 +215,8 @@ struct MachineClass {
  unsigned cpu_index);
 const CPUArchIdList *(*possible_cpu_arch_ids)(MachineState *machine);
 int64_t (*get_default_cpu_node_id)(const MachineState *ms, int idx);
+
+FirmwareBuildMethods firmware_build_methods;
 };
 
 /**
@@ -269,6 +272,8 @@ struct MachineState {
 const char *cpu_type;
 AccelState *accelerator;
 CPUArchIdList *possible_cpus;
+
+FirmwareBuildState firmware_build_state;
 };
 
 #define DEFINE_MACHINE(namestr, machine_initfn) \
diff --git a/include/hw/fw-build.h b/include/hw/fw-build.h
new file mode 100644
index 00..c02434d513
--- /dev/null
+++ b/include/hw/fw-build.h
@@ -0,0 +1,57 @@
+/*
+ *
+ * Copyright (c) 2018 Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef FW_BUILD_H
+#define FW_BUILD_H
+
+#include "hw/acpi/bios-linker-loader.h"
+
+typedef struct AcpiConfiguration AcpiConfiguration;
+typedef struct AcpiBuildState AcpiBuildState;
+typedef struct AcpiMcfgInfo AcpiMcfgInfo;
+
+typedef struct FirmwareBuildMethods {
+union {
+/* ACPI methods */
+struct {
+GArray *(*rsdp)(GArray *table_data, BIOSLinker *linker,
+unsigned rsdt_tbl_offset);
+GArray *(*madt)(GArray *table_data, BIOSLinker *linker,
+MachineState *ms, AcpiConfiguration *conf);
+void(*mcfg)(GArray *table_data, BIOSLinker *linker,
+AcpiMcfgInfo *info);
+void(*srat)(GArray *table_data, BIOSLinker *linker,
+MachineState *machine, AcpiConfiguration *conf);
+void(*slit)(GArray *table_data, BIOSLinker *linker);
+
+/* Overall ACPI table setup function */
+void(*setup)(MachineState *ms, AcpiConfiguration *conf);
+} acpi;
+};
+} FirmwareBuildMethods;
+
+typedef struct FirmwareBuildState {
+union {
+/* ACPI state and configuration */
+struct {
+AcpiConfiguration *conf;
+AcpiBuildState *state;
+} acpi;
+};
+} FirmwareBuildState;
+
+#endif
-- 
2.17.2

[Qemu-devel] [PATCH 09/26] hw: acpi: Export the MCFG getter

[Samuel Ortiz]

From: Yang Zhong 

The ACPI MCFG getter is not x86 specific and could be called from
anywhere within generic ACPI API, so let's export it.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: Marcel Apfelbaum 
Signed-off-by: Yang Zhong 
---
 hw/acpi/aml-build.c | 24 
 hw/i386/acpi-build.c| 22 --
 include/hw/acpi/aml-build.h |  1 +
 3 files changed, 25 insertions(+), 22 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 3e0511bd46..0d21c854a6 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -32,6 +32,8 @@
 #include "hw/i386/pc.h"
 #include "sysemu/tpm.h"
 #include "hw/acpi/tpm.h"
+#include "qom/qom-qobject.h"
+#include "qapi/qmp/qnum.h"
 
 #define PCI_HOST_BRIDGE_CONFIG_ADDR0xcf8
 #define PCI_HOST_BRIDGE_IO_0_MIN_ADDR  0x
@@ -1665,6 +1667,28 @@ void acpi_get_pci_holes(Range *hole, Range *hole64)
NULL));
 }
 
+bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
+{
+Object *pci_host;
+QObject *o;
+
+pci_host = acpi_get_pci_host();
+g_assert(pci_host);
+
+o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_BASE, NULL);
+if (!o) {
+return false;
+}
+mcfg->mcfg_base = qnum_get_uint(qobject_to(QNum, o));
+qobject_unref(o);
+
+o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_SIZE, NULL);
+assert(o);
+mcfg->mcfg_size = qnum_get_uint(qobject_to(QNum, o));
+qobject_unref(o);
+return true;
+}
+
 static void crs_range_insert(GPtrArray *ranges, uint64_t base, uint64_t limit)
 {
 CrsRangeEntry *entry;
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 12a8d8210a..414a6c4c4e 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1857,28 +1857,6 @@ build_amd_iommu(GArray *table_data, BIOSLinker *linker)
  "IVRS", table_data->len - iommu_start, 1, NULL, NULL);
 }
 
-static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
-{
-Object *pci_host;
-QObject *o;
-
-pci_host = acpi_get_pci_host();
-g_assert(pci_host);
-
-o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_BASE, NULL);
-if (!o) {
-return false;
-}
-mcfg->mcfg_base = qnum_get_uint(qobject_to(QNum, o));
-qobject_unref(o);
-
-o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_SIZE, NULL);
-assert(o);
-mcfg->mcfg_size = qnum_get_uint(qobject_to(QNum, o));
-qobject_unref(o);
-return true;
-}
-
 static
 void acpi_build(AcpiBuildTables *tables,
 MachineState *machine, AcpiConfiguration *conf)
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 6647fa8791..befe260251 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -409,6 +409,7 @@ void *acpi_data_push(GArray *table_data, unsigned size);
 unsigned acpi_data_len(GArray *table);
 Object *acpi_get_pci_host(void);
 void acpi_get_pci_holes(Range *hole, Range *hole64);
+bool acpi_get_mcfg(AcpiMcfgInfo *mcfg);
 void acpi_align_size(GArray *blob, unsigned align);
 void acpi_add_table(GArray *table_offsets, GArray *table_data);
 void acpi_build_tables_init(AcpiBuildTables *tables);
-- 
2.17.2

[Qemu-devel] [PATCH 19/26] hw: acpi: reduced: Add MCFG support

[Samuel Ortiz]

From: Yang Zhong 

For PCIe based platform, we need to add an MCFG table to the
hardware-reduced DSDT.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Signed-off-by: Yang Zhong 
Signed-off-by: Samuel Ortiz 
---
 hw/acpi/reduced.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/acpi/reduced.c b/hw/acpi/reduced.c
index 364b105f58..0f6397c740 100644
--- a/hw/acpi/reduced.c
+++ b/hw/acpi/reduced.c
@@ -94,6 +94,7 @@ static void acpi_reduced_build(MachineState *ms, 
AcpiBuildTables *tables,
 Range pci_hole, pci_hole64;
 Object *pci_host;
 PCIBus *bus = NULL;
+AcpiMcfgInfo mcfg;
 GArray *tables_blob = tables->table_data;
 
 acpi_get_pci_holes(&pci_hole, &pci_hole64);
@@ -127,6 +128,12 @@ static void acpi_reduced_build(MachineState *ms, 
AcpiBuildTables *tables,
 acpi_add_table(table_offsets, tables_blob);
 mc->firmware_build_methods.acpi.madt(tables_blob, tables->linker, ms, 
conf);
 
+if (acpi_get_mcfg(&mcfg)) {
+acpi_add_table(table_offsets, tables_blob);
+mc->firmware_build_methods.acpi.mcfg(tables_blob,
+ tables->linker, &mcfg);
+}
+
 /* RSDT is pointed to by RSDP */
 xsdt = tables_blob->len;
 build_xsdt(tables_blob, tables->linker, table_offsets, NULL, NULL);
-- 
2.17.2

[Qemu-devel] [PATCH 17/26] hw: i386: Convert PC machine type to firmware build methods

[Samuel Ortiz]

All PC machine type derivatives will use the same ACPI table build
methods. But with that change in place, any new x86 machine type will be
able to re-use the acpi-build API and customize part of it by defining
its own ACPI table build methods.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Marcel Apfelbaum 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Samuel Ortiz 
---
 hw/i386/acpi-build.c   | 22 ++
 hw/i386/pc.c   |  9 +
 include/hw/i386/acpi.h | 27 +++
 3 files changed, 50 insertions(+), 8 deletions(-)
 create mode 100644 include/hw/i386/acpi.h

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 9cb739bf5c..4274349053 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -62,6 +62,7 @@
 #include "qom/qom-qobject.h"
 #include "hw/i386/amd_iommu.h"
 #include "hw/i386/intel_iommu.h"
+#include "hw/i386/acpi.h"
 
 #include "hw/acpi/ipmi.h"
 
@@ -281,9 +282,8 @@ void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid,
 }
 }
 
-static void
-build_madt(GArray *table_data, BIOSLinker *linker,
-   MachineState *ms, AcpiConfiguration *conf)
+GArray *build_madt(GArray *table_data, BIOSLinker *linker,
+   MachineState *ms, AcpiConfiguration *conf)
 {
 MachineClass *mc = MACHINE_GET_CLASS(ms);
 const CPUArchIdList *apic_ids = mc->possible_cpu_arch_ids(ms);
@@ -360,6 +360,8 @@ build_madt(GArray *table_data, BIOSLinker *linker,
 build_header(linker, table_data,
  (void *)(table_data->data + madt_start), "APIC",
  table_data->len - madt_start, 1, NULL, NULL);
+
+return table_data;
 }
 
 static void build_hpet_aml(Aml *table)
@@ -1544,6 +1546,7 @@ static
 void acpi_build(AcpiBuildTables *tables,
 MachineState *machine, AcpiConfiguration *conf)
 {
+MachineClass *mc = MACHINE_GET_CLASS(machine);
 GArray *table_offsets;
 unsigned facs, dsdt, rsdt, fadt;
 AcpiPmInfo pm;
@@ -1604,7 +1607,8 @@ void acpi_build(AcpiBuildTables *tables,
 aml_len += tables_blob->len - fadt;
 
 acpi_add_table(table_offsets, tables_blob);
-build_madt(tables_blob, tables->linker, machine, conf);
+mc->firmware_build_methods.acpi.madt(tables_blob, tables->linker,
+ machine, conf);
 
 vmgenid_dev = find_vmgenid_dev();
 if (vmgenid_dev) {
@@ -1628,15 +1632,17 @@ void acpi_build(AcpiBuildTables *tables,
 }
 if (conf->numa_nodes) {
 acpi_add_table(table_offsets, tables_blob);
-build_srat(tables_blob, tables->linker, machine, conf);
+mc->firmware_build_methods.acpi.srat(tables_blob, tables->linker,
+ machine, conf);
 if (have_numa_distance) {
 acpi_add_table(table_offsets, tables_blob);
-build_slit(tables_blob, tables->linker);
+mc->firmware_build_methods.acpi.slit(tables_blob, tables->linker);
 }
 }
 if (acpi_get_mcfg(&mcfg)) {
 acpi_add_table(table_offsets, tables_blob);
-build_mcfg(tables_blob, tables->linker, &mcfg);
+mc->firmware_build_methods.acpi.mcfg(tables_blob, tables->linker,
+ &mcfg);
 }
 if (x86_iommu_get_default()) {
 IommuType IOMMUType = x86_iommu_get_type();
@@ -1667,7 +1673,7 @@ void acpi_build(AcpiBuildTables *tables,
slic_oem.id, slic_oem.table_id);
 
 /* RSDP is in FSEG memory, so allocate it separately */
-build_rsdp_rsdt(tables->rsdp, tables->linker, rsdt);
+mc->firmware_build_methods.acpi.rsdp(tables->rsdp, tables->linker, rsdt);
 
 /* We'll expose it all to Guest so we want to reduce
  * chance of size changes.
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index fa12583096..db69dbfef7 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -75,6 +75,7 @@
 #include "hw/nmi.h"
 #include "hw/i386/intel_iommu.h"
 #include "hw/net/ne2000-isa.h"
+#include "hw/i386/acpi.h"
 
 /* debug PC/ISA interrupts */
 //#define DEBUG_IRQ
@@ -2443,6 +2444,14 @@ static void pc_machine_class_init(ObjectClass *oc, void 
*data)
 nc->nmi_monitor_handler = x86_nmi;
 mc->default_cpu_type = TARGET_DEFAULT_CPU_TYPE;
 
+/* Firmware building handler */
+mc->firmware_build_methods.acpi.madt = build_madt;
+mc->firmware_build_methods.acpi.rsdp = build_rsdp_rsdt;
+mc->firmware_build_methods.acpi.setup = acpi_setup;
+mc->firmware_build_methods.acpi.mcfg = build_mcfg;
+mc->firmware_build_methods.acpi.srat = build_srat;
+mc->firmware_build_methods.acpi.slit = build_slit;
+
 object_class_property_add(oc, MEMORY_DEVICE_REGION_SIZE, "int",
 pc_machine_get_device_memory_region_size, NULL,
 NULL, NULL, &error_abort);
diff --git a/include/hw/i386/acpi.h b/include/hw/i386/acpi.h
new file mode 100644
index 00..d92c29350b
--- /dev/null
+++ b/include/hw/i386/acpi.h
@@ -0,0 +1,27 @@
+/*
+ *
+ * Copy

[Qemu-devel] [PATCH 14/26] hw: acpi: Export the PCI hotplug API

[Samuel Ortiz]

From: Sebastien Boeuf 

The ACPI hotplug support for PCI devices APIs are not x86 or even
machine type specific. In order for future machine types to be able to
re-use that code, we export it through the architecture agnostic
hw/acpi folder.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: Marcel Apfelbaum 
Signed-off-by: Sebastien Boeuf 
Signed-off-by: Jing Liu 
---
 hw/acpi/aml-build.c | 194 
 hw/i386/acpi-build.c| 192 +--
 include/hw/acpi/aml-build.h |   3 +
 3 files changed, 199 insertions(+), 190 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index cb706ca975..f462bb8313 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -35,6 +35,7 @@
 #include "hw/acpi/tpm.h"
 #include "qom/qom-qobject.h"
 #include "qapi/qmp/qnum.h"
+#include "hw/acpi/pcihp.h"
 
 #define PCI_HOST_BRIDGE_CONFIG_ADDR0xcf8
 #define PCI_HOST_BRIDGE_IO_0_MIN_ADDR  0x
@@ -2314,6 +2315,199 @@ Aml *build_pci_host_bridge(Aml *table, AcpiPciBus 
*pci_host)
 return scope;
 }
 
+void build_acpi_pci_hotplug(Aml *scope)
+{
+Aml *field;
+Aml *method;
+
+aml_append(scope,
+aml_operation_region("PCST", AML_SYSTEM_IO, aml_int(0xae00), 0x08));
+field = aml_field("PCST", AML_DWORD_ACC, AML_NOLOCK, AML_WRITE_AS_ZEROS);
+aml_append(field, aml_named_field("PCIU", 32));
+aml_append(field, aml_named_field("PCID", 32));
+aml_append(scope, field);
+
+aml_append(scope,
+aml_operation_region("SEJ", AML_SYSTEM_IO, aml_int(0xae08), 0x04));
+field = aml_field("SEJ", AML_DWORD_ACC, AML_NOLOCK, AML_WRITE_AS_ZEROS);
+aml_append(field, aml_named_field("B0EJ", 32));
+aml_append(scope, field);
+
+aml_append(scope,
+aml_operation_region("BNMR", AML_SYSTEM_IO, aml_int(0xae10), 0x04));
+field = aml_field("BNMR", AML_DWORD_ACC, AML_NOLOCK, AML_WRITE_AS_ZEROS);
+aml_append(field, aml_named_field("BNUM", 32));
+aml_append(scope, field);
+
+aml_append(scope, aml_mutex("BLCK", 0));
+
+method = aml_method("PCEJ", 2, AML_NOTSERIALIZED);
+aml_append(method, aml_acquire(aml_name("BLCK"), 0x));
+aml_append(method, aml_store(aml_arg(0), aml_name("BNUM")));
+aml_append(method,
+aml_store(aml_shiftleft(aml_int(1), aml_arg(1)), aml_name("B0EJ")));
+aml_append(method, aml_release(aml_name("BLCK")));
+aml_append(method, aml_return(aml_int(0)));
+aml_append(scope, method);
+}
+
+static void build_append_pcihp_notify_entry(Aml *method, int slot)
+{
+Aml *if_ctx;
+int32_t devfn = PCI_DEVFN(slot, 0);
+
+if_ctx = aml_if(aml_and(aml_arg(0), aml_int(0x1U << slot), NULL));
+aml_append(if_ctx, aml_notify(aml_name("S%.02X", devfn), aml_arg(1)));
+aml_append(method, if_ctx);
+}
+
+void build_append_pci_bus_devices(Aml *parent_scope, PCIBus *bus,
+  bool pcihp_bridge_en)
+{
+Aml *dev, *notify_method = NULL, *method;
+QObject *bsel;
+PCIBus *sec;
+int i;
+
+bsel = object_property_get_qobject(OBJECT(bus), ACPI_PCIHP_PROP_BSEL, 
NULL);
+if (bsel) {
+uint64_t bsel_val = qnum_get_uint(qobject_to(QNum, bsel));
+
+aml_append(parent_scope, aml_name_decl("BSEL", aml_int(bsel_val)));
+notify_method = aml_method("DVNT", 2, AML_NOTSERIALIZED);
+}
+
+for (i = 0; i < ARRAY_SIZE(bus->devices); i += PCI_FUNC_MAX) {
+DeviceClass *dc;
+PCIDeviceClass *pc;
+PCIDevice *pdev = bus->devices[i];
+int slot = PCI_SLOT(i);
+bool hotplug_enabled_dev;
+bool bridge_in_acpi;
+
+if (!pdev) {
+if (bsel) { /* add hotplug slots for non present devices */
+dev = aml_device("S%.02X", PCI_DEVFN(slot, 0));
+aml_append(dev, aml_name_decl("_SUN", aml_int(slot)));
+aml_append(dev, aml_name_decl("_ADR", aml_int(slot << 16)));
+method = aml_method("_EJ0", 1, AML_NOTSERIALIZED);
+aml_append(method,
+aml_call2("PCEJ", aml_name("BSEL"), aml_name("_SUN"))
+);
+aml_append(dev, method);
+aml_append(parent_scope, dev);
+
+build_append_pcihp_notify_entry(notify_method, slot);
+}
+continue;
+}
+
+pc = PCI_DEVICE_GET_CLASS(pdev);
+dc = DEVICE_GET_CLASS(pdev);
+
+/* When hotplug for bridges is enabled, bridges are
+ * described in ACPI separately (see build_pci_bus_end).
+ * In this case they aren't themselves hot-pluggable.
+ * Hotplugged bridges *are* hot-pluggable.
+ */
+bridge_in_acpi = pc->is_bridge && pcihp_bridge_en &&
+!DEVICE(pdev)->hotplugged;
+
+hotplug_enabled_dev = bsel && dc->hotpluggable && !bridge_in_acpi;
+
+if (pc->class_id == PCI_CLASS_BRIDGE_ISA) {
+  

[Qemu-devel] [PATCH 13/26] hw: acpi: Fix memory hotplug AML generation error

[Samuel Ortiz]

From: Yang Zhong 

When using the generated memory hotplug AML, the iasl
compiler would give the following error:

dsdt.dsl 266: Return (MOST (_UID, Arg0, Arg1, Arg2))
Error 6080 - Called method returns no value ^

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Signed-off-by: Yang Zhong 
---
 hw/acpi/memory_hotplug.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index db2c4df961..893fc2bd27 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -686,15 +686,15 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 
 method = aml_method("_OST", 3, AML_NOTSERIALIZED);
 s = MEMORY_SLOT_OST_METHOD;
-aml_append(method, aml_return(aml_call4(
-s, aml_name("_UID"), aml_arg(0), aml_arg(1), aml_arg(2)
-)));
+aml_append(method,
+   aml_call4(s, aml_name("_UID"), aml_arg(0),
+ aml_arg(1), aml_arg(2)));
 aml_append(dev, method);
 
 method = aml_method("_EJ0", 1, AML_NOTSERIALIZED);
 s = MEMORY_SLOT_EJECT_METHOD;
-aml_append(method, aml_return(aml_call2(
-   s, aml_name("_UID"), aml_arg(0;
+aml_append(method,
+   aml_call2(s, aml_name("_UID"), aml_arg(0)));
 aml_append(dev, method);
 
 aml_append(dev_container, dev);
-- 
2.17.2

[Qemu-devel] [PATCH 10/26] hw: acpi: Do not create hotplug method when handler is not defined

[Samuel Ortiz]

CPU and memory ACPI hotplug are not necessarily handled through SCI
events. For example, with Hardware-reduced ACPI, the GED device will
manage ACPI hotplug entirely.
As a consequence, we make the CPU and memory specific events AML
generation optional. The code will only be added when the method name is
not NULL.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Signed-off-by: Samuel Ortiz 
---
 hw/acpi/cpu.c|  8 +---
 hw/acpi/memory_hotplug.c | 11 +++
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/hw/acpi/cpu.c b/hw/acpi/cpu.c
index f10b190019..cd41377b5a 100644
--- a/hw/acpi/cpu.c
+++ b/hw/acpi/cpu.c
@@ -569,9 +569,11 @@ void build_cpus_aml(Aml *table, MachineState *machine, 
CPUHotplugFeatures opts,
 aml_append(sb_scope, cpus_dev);
 aml_append(table, sb_scope);
 
-method = aml_method(event_handler_method, 0, AML_NOTSERIALIZED);
-aml_append(method, aml_call0("\\_SB.CPUS." CPU_SCAN_METHOD));
-aml_append(table, method);
+if (event_handler_method) {
+method = aml_method(event_handler_method, 0, AML_NOTSERIALIZED);
+aml_append(method, aml_call0("\\_SB.CPUS." CPU_SCAN_METHOD));
+aml_append(table, method);
+}
 
 g_free(cphp_res_path);
 }
diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index 8c7c1013f3..db2c4df961 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -715,10 +715,13 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 }
 aml_append(table, dev_container);
 
-method = aml_method(event_handler_method, 0, AML_NOTSERIALIZED);
-aml_append(method,
-aml_call0(MEMORY_DEVICES_CONTAINER "." MEMORY_SLOT_SCAN_METHOD));
-aml_append(table, method);
+if (event_handler_method) {
+method = aml_method(event_handler_method, 0, AML_NOTSERIALIZED);
+aml_append(method,
+   aml_call0(MEMORY_DEVICES_CONTAINER "."
+ MEMORY_SLOT_SCAN_METHOD));
+aml_append(table, method);
+}
 
 g_free(mhp_res_path);
 }
-- 
2.17.2

[Qemu-devel] [PATCH 08/26] hw: acpi: Export and generalize the PCI host AML API

[Samuel Ortiz]

From: Yang Zhong 

The AML build routines for the PCI host bridge and the corresponding
DSDT addition are neither x86 nor PC machine type specific.
We can move them to the architecture agnostic hw/acpi folder, and by
carrying all the needed information through a new AcpiPciBus structure,
we can make them PC machine type independent.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Marcel Apfelbaum 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Yang Zhong 
Signed-off-by: Rob Bradford 
---
 hw/acpi/aml-build.c | 208 
 hw/i386/acpi-build.c| 167 ++---
 include/hw/acpi/aml-build.h |  10 ++
 3 files changed, 226 insertions(+), 159 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 1a9948f6a9..3e0511bd46 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -29,6 +29,25 @@
 #include "hw/pci/pci_bus.h"
 #include "qemu/range.h"
 #include "hw/pci/pci_bridge.h"
+#include "hw/i386/pc.h"
+#include "sysemu/tpm.h"
+#include "hw/acpi/tpm.h"
+
+#define PCI_HOST_BRIDGE_CONFIG_ADDR0xcf8
+#define PCI_HOST_BRIDGE_IO_0_MIN_ADDR  0x
+#define PCI_HOST_BRIDGE_IO_0_MAX_ADDR  0x0cf7
+#define PCI_HOST_BRIDGE_IO_1_MIN_ADDR  0x0d00
+#define PCI_HOST_BRIDGE_IO_1_MAX_ADDR  0x
+#define PCI_VGA_MEM_BASE_ADDR  0x000a
+#define PCI_VGA_MEM_MAX_ADDR   0x000b
+#define IO_0_LEN   0xcf8
+#define VGA_MEM_LEN0x2
+
+static const char *pci_hosts[] = {
+   "/machine/i440fx",
+   "/machine/q35",
+   NULL,
+};
 
 static GArray *build_alloc_array(void)
 {
@@ -1601,6 +1620,51 @@ void acpi_build_tables_cleanup(AcpiBuildTables *tables, 
bool mfre)
 g_array_free(tables->vmgenid, mfre);
 }
 
+/*
+ * Because of the PXB hosts we cannot simply query TYPE_PCI_HOST_BRIDGE.
+ */
+Object *acpi_get_pci_host(void)
+{
+PCIHostState *host;
+int i = 0;
+
+while (pci_hosts[i]) {
+host = OBJECT_CHECK(PCIHostState,
+object_resolve_path(pci_hosts[i], NULL),
+TYPE_PCI_HOST_BRIDGE);
+if (host) {
+return OBJECT(host);
+}
+
+i++;
+}
+
+return NULL;
+}
+
+void acpi_get_pci_holes(Range *hole, Range *hole64)
+{
+Object *pci_host;
+
+pci_host = acpi_get_pci_host();
+g_assert(pci_host);
+
+range_set_bounds1(hole,
+  object_property_get_uint(pci_host,
+   PCI_HOST_PROP_PCI_HOLE_START,
+   NULL),
+  object_property_get_uint(pci_host,
+   PCI_HOST_PROP_PCI_HOLE_END,
+   NULL));
+range_set_bounds1(hole64,
+  object_property_get_uint(pci_host,
+   PCI_HOST_PROP_PCI_HOLE64_START,
+   NULL),
+  object_property_get_uint(pci_host,
+   PCI_HOST_PROP_PCI_HOLE64_END,
+   NULL));
+}
+
 static void crs_range_insert(GPtrArray *ranges, uint64_t base, uint64_t limit)
 {
 CrsRangeEntry *entry;
@@ -2099,6 +2163,150 @@ Aml *build_prt(bool is_pci0_prt)
 return method;
 }
 
+Aml *build_pci_host_bridge(Aml *table, AcpiPciBus *pci_host)
+{
+CrsRangeEntry *entry;
+Aml *scope, *dev, *crs;
+CrsRangeSet crs_range_set;
+Range *pci_hole = NULL;
+Range *pci_hole64 = NULL;
+PCIBus *bus = NULL;
+int root_bus_limit = 0xFF;
+int i;
+
+bus = pci_host->pci_bus;
+assert(bus);
+pci_hole = pci_host->pci_hole;
+pci_hole64 = pci_host->pci_hole64;
+
+crs_range_set_init(&crs_range_set);
+QLIST_FOREACH(bus, &bus->child, sibling) {
+uint8_t bus_num = pci_bus_num(bus);
+uint8_t numa_node = pci_bus_numa_node(bus);
+
+/* look only for expander root buses */
+if (!pci_bus_is_root(bus)) {
+continue;
+}
+
+if (bus_num < root_bus_limit) {
+root_bus_limit = bus_num - 1;
+}
+
+scope = aml_scope("\\_SB");
+dev = aml_device("PC%.02X", bus_num);
+aml_append(dev, aml_name_decl("_UID", aml_int(bus_num)));
+aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A03")));
+aml_append(dev, aml_name_decl("_BBN", aml_int(bus_num)));
+if (pci_bus_is_express(bus)) {
+aml_append(dev, aml_name_decl("SUPP", aml_int(0)));
+aml_append(dev, aml_name_decl("CTRL", aml_int(0)));
+aml_append(dev, build_osc_method(0x1F));
+}
+if (numa_node != NUMA_NODE_UNASSIGNED) {
+aml_append(dev, aml_name_decl("_PXM", aml_int(numa_node)));
+}
+
+aml_append(dev, build_prt(false));
+crs

[Qemu-devel] [PATCH 12/26] hw: acpi: Export the SRAT AML build API

[Samuel Ortiz]

From: Yang Zhong 

The SRAT ACPI table is not x86 specific and will be needed for the
Hardware-reduced ACPI implementation. So we should export it through the
architecture independent hw/acpi folder.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: Marcel Apfelbaum 
Signed-off-by: Yang Zhong 
---
 hw/acpi/aml-build.c | 130 
 hw/i386/acpi-build.c| 129 ---
 include/hw/acpi/aml-build.h |   3 +
 3 files changed, 133 insertions(+), 129 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 0d21c854a6..cb706ca975 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -22,6 +22,7 @@
 #include "qemu/osdep.h"
 #include 
 #include "hw/acpi/aml-build.h"
+#include "hw/mem/memory-device.h"
 #include "qemu/bswap.h"
 #include "qemu/bitops.h"
 #include "sysemu/numa.h"
@@ -2461,6 +2462,135 @@ void build_srat_memory(AcpiSratMemoryAffinity *numamem, 
uint64_t base,
 numamem->range_length = cpu_to_le64(len);
 }
 
+#define HOLE_640K_START  (640 * KiB)
+#define HOLE_640K_END   (1 * MiB)
+
+void
+build_srat(GArray *table_data, BIOSLinker *linker,
+   MachineState *machine, AcpiConfiguration *conf)
+{
+AcpiSystemResourceAffinityTable *srat;
+AcpiSratMemoryAffinity *numamem;
+
+int i;
+int srat_start, numa_start, slots;
+uint64_t mem_len, mem_base, next_base;
+MachineClass *mc = MACHINE_GET_CLASS(machine);
+const CPUArchIdList *apic_ids = mc->possible_cpu_arch_ids(machine);
+ram_addr_t hotplugabble_address_space_size =
+object_property_get_int(OBJECT(machine), MEMORY_DEVICE_REGION_SIZE,
+NULL);
+
+srat_start = table_data->len;
+
+srat = acpi_data_push(table_data, sizeof *srat);
+srat->reserved1 = cpu_to_le32(1);
+
+for (i = 0; i < apic_ids->len; i++) {
+int node_id = apic_ids->cpus[i].props.node_id;
+uint32_t apic_id = apic_ids->cpus[i].arch_id;
+
+if (apic_id < 255) {
+AcpiSratProcessorAffinity *core;
+
+core = acpi_data_push(table_data, sizeof *core);
+core->type = ACPI_SRAT_PROCESSOR_APIC;
+core->length = sizeof(*core);
+core->local_apic_id = apic_id;
+core->proximity_lo = node_id;
+memset(core->proximity_hi, 0, 3);
+core->local_sapic_eid = 0;
+core->flags = cpu_to_le32(1);
+} else {
+AcpiSratProcessorX2ApicAffinity *core;
+
+core = acpi_data_push(table_data, sizeof *core);
+core->type = ACPI_SRAT_PROCESSOR_x2APIC;
+core->length = sizeof(*core);
+core->x2apic_id = cpu_to_le32(apic_id);
+core->proximity_domain = cpu_to_le32(node_id);
+core->flags = cpu_to_le32(1);
+}
+}
+
+
+/* the memory map is a bit tricky, it contains at least one hole
+ * from 640k-1M and possibly another one from 3.5G-4G.
+ */
+next_base = 0;
+numa_start = table_data->len;
+
+for (i = 1; i < conf->numa_nodes + 1; ++i) {
+mem_base = next_base;
+mem_len = conf->node_mem[i - 1];
+next_base = mem_base + mem_len;
+
+/* Cut out the 640K hole */
+if (mem_base <= HOLE_640K_START &&
+next_base > HOLE_640K_START) {
+mem_len -= next_base - HOLE_640K_START;
+if (mem_len > 0) {
+numamem = acpi_data_push(table_data, sizeof *numamem);
+build_srat_memory(numamem, mem_base, mem_len, i - 1,
+  MEM_AFFINITY_ENABLED);
+}
+
+/* Check for the rare case: 640K < RAM < 1M */
+if (next_base <= HOLE_640K_END) {
+next_base = HOLE_640K_END;
+continue;
+}
+mem_base = HOLE_640K_END;
+mem_len = next_base - HOLE_640K_END;
+}
+
+/* Cut out the ACPI_PCI hole */
+if (mem_base <= conf->below_4g_mem_size &&
+next_base > conf->below_4g_mem_size) {
+mem_len -= next_base - conf->below_4g_mem_size;
+if (mem_len > 0) {
+numamem = acpi_data_push(table_data, sizeof *numamem);
+build_srat_memory(numamem, mem_base, mem_len, i - 1,
+  MEM_AFFINITY_ENABLED);
+}
+mem_base = 1ULL << 32;
+mem_len = next_base - conf->below_4g_mem_size;
+next_base = mem_base + mem_len;
+}
+
+if (mem_len > 0) {
+numamem = acpi_data_push(table_data, sizeof *numamem);
+build_srat_memory(numamem, mem_base, mem_len, i - 1,
+  MEM_AFFINITY_ENABLED);
+}
+}
+slots = (table_data->len - numa_start) / sizeof *numamem;
+for (; slots < conf->numa_nodes + 2; slots++) {
+numamem = acpi_data_push(table_data, sizeof 

[Qemu-devel] [PATCH 11/26] hw: i386: Make the hotpluggable memory size property more generic

[Samuel Ortiz]

This property is currently defined under i386/pc while it only describes
a region size that's eventually fetched from the AML ACPI code.

We can make it more generic and shareable across machine types by moving
it to memory-device.h instead.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Marcel Apfelbaum 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Samuel Ortiz 
---
 hw/i386/acpi-build.c   | 2 +-
 hw/i386/pc.c   | 3 ++-
 include/hw/i386/pc.h   | 1 -
 include/hw/mem/memory-device.h | 2 ++
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 414a6c4c4e..dfc02a8a85 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1630,7 +1630,7 @@ build_srat(GArray *table_data, BIOSLinker *linker,
 MachineClass *mc = MACHINE_GET_CLASS(machine);
 const CPUArchIdList *apic_ids = mc->possible_cpu_arch_ids(machine);
 ram_addr_t hotplugabble_address_space_size =
-object_property_get_int(OBJECT(machine), PC_MACHINE_DEVMEM_REGION_SIZE,
+object_property_get_int(OBJECT(machine), MEMORY_DEVICE_REGION_SIZE,
 NULL);
 
 srat_start = table_data->len;
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 940485a728..fa12583096 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -67,6 +67,7 @@
 #include "hw/boards.h"
 #include "acpi-build.h"
 #include "hw/mem/pc-dimm.h"
+#include "hw/mem/memory-device.h"
 #include "qapi/error.h"
 #include "qapi/qapi-visit-common.h"
 #include "qapi/visitor.h"
@@ -2442,7 +2443,7 @@ static void pc_machine_class_init(ObjectClass *oc, void 
*data)
 nc->nmi_monitor_handler = x86_nmi;
 mc->default_cpu_type = TARGET_DEFAULT_CPU_TYPE;
 
-object_class_property_add(oc, PC_MACHINE_DEVMEM_REGION_SIZE, "int",
+object_class_property_add(oc, MEMORY_DEVICE_REGION_SIZE, "int",
 pc_machine_get_device_memory_region_size, NULL,
 NULL, NULL, &error_abort);
 
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index da0bd39741..7d177cd207 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -62,7 +62,6 @@ struct PCMachineState {
 };
 
 #define PC_MACHINE_ACPI_DEVICE_PROP "acpi-device"
-#define PC_MACHINE_DEVMEM_REGION_SIZE "device-memory-region-size"
 #define PC_MACHINE_MAX_RAM_BELOW_4G "max-ram-below-4g"
 #define PC_MACHINE_VMPORT   "vmport"
 #define PC_MACHINE_SMM  "smm"
diff --git a/include/hw/mem/memory-device.h b/include/hw/mem/memory-device.h
index 2853b084b5..fc39fbe38f 100644
--- a/include/hw/mem/memory-device.h
+++ b/include/hw/mem/memory-device.h
@@ -39,6 +39,8 @@ typedef struct MemoryDeviceClass {
  MemoryDeviceInfo *info);
 } MemoryDeviceClass;
 
+#define MEMORY_DEVICE_REGION_SIZE "memory-device-region-size"
+
 MemoryDeviceInfoList *qmp_memory_device_list(void);
 uint64_t get_plugged_memory_size(void);
 uint64_t memory_device_get_free_addr(MachineState *ms, const uint64_t *hint,
-- 
2.17.2

[Qemu-devel] [PATCH 05/26] hw: acpi: Generalize AML build routines

[Samuel Ortiz]

From: Yang Zhong 

Most of the AML build routines under acpi-build are not even
architecture specific. They can be moved to the more generic hw/acpi
folder where they could be shared across machine types and
architectures.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: Marcel Apfelbaum 
Signed-off-by: Yang Zhong 
---
 hw/acpi/aml-build.c | 498 ++
 hw/i386/acpi-build.c| 516 +---
 include/hw/acpi/aml-build.h |  25 ++
 3 files changed, 526 insertions(+), 513 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 8f02af0659..6daa0f6df2 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -25,6 +25,10 @@
 #include "qemu/bswap.h"
 #include "qemu/bitops.h"
 #include "sysemu/numa.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_bus.h"
+#include "qemu/range.h"
+#include "hw/pci/pci_bridge.h"
 
 static GArray *build_alloc_array(void)
 {
@@ -1597,6 +1601,500 @@ void acpi_build_tables_cleanup(AcpiBuildTables *tables, 
bool mfre)
 g_array_free(tables->vmgenid, mfre);
 }
 
+static void crs_range_insert(GPtrArray *ranges, uint64_t base, uint64_t limit)
+{
+CrsRangeEntry *entry;
+
+entry = g_malloc(sizeof(*entry));
+entry->base = base;
+entry->limit = limit;
+
+g_ptr_array_add(ranges, entry);
+}
+
+static void crs_range_free(gpointer data)
+{
+CrsRangeEntry *entry = (CrsRangeEntry *)data;
+g_free(entry);
+}
+
+void crs_range_set_init(CrsRangeSet *range_set)
+{
+range_set->io_ranges = g_ptr_array_new_with_free_func(crs_range_free);
+range_set->mem_ranges = g_ptr_array_new_with_free_func(crs_range_free);
+range_set->mem_64bit_ranges =
+g_ptr_array_new_with_free_func(crs_range_free);
+}
+
+void crs_range_set_free(CrsRangeSet *range_set)
+{
+g_ptr_array_free(range_set->io_ranges, true);
+g_ptr_array_free(range_set->mem_ranges, true);
+g_ptr_array_free(range_set->mem_64bit_ranges, true);
+}
+
+static gint crs_range_compare(gconstpointer a, gconstpointer b)
+{
+ CrsRangeEntry *entry_a = *(CrsRangeEntry **)a;
+ CrsRangeEntry *entry_b = *(CrsRangeEntry **)b;
+
+ return (int64_t)entry_a->base - (int64_t)entry_b->base;
+}
+
+/*
+ * crs_replace_with_free_ranges - given the 'used' ranges within [start - end]
+ * interval, computes the 'free' ranges from the same interval.
+ * Example: If the input array is { [a1 - a2],[b1 - b2] }, the function
+ * will return { [base - a1], [a2 - b1], [b2 - limit] }.
+ */
+void crs_replace_with_free_ranges(GPtrArray *ranges,
+ uint64_t start, uint64_t end)
+{
+GPtrArray *free_ranges = g_ptr_array_new();
+uint64_t free_base = start;
+int i;
+
+g_ptr_array_sort(ranges, crs_range_compare);
+for (i = 0; i < ranges->len; i++) {
+CrsRangeEntry *used = g_ptr_array_index(ranges, i);
+
+if (free_base < used->base) {
+crs_range_insert(free_ranges, free_base, used->base - 1);
+}
+
+free_base = used->limit + 1;
+}
+
+if (free_base < end) {
+crs_range_insert(free_ranges, free_base, end);
+}
+
+g_ptr_array_set_size(ranges, 0);
+for (i = 0; i < free_ranges->len; i++) {
+g_ptr_array_add(ranges, g_ptr_array_index(free_ranges, i));
+}
+
+g_ptr_array_free(free_ranges, true);
+}
+
+/*
+ * crs_range_merge - merges adjacent ranges in the given array.
+ * Array elements are deleted and replaced with the merged ranges.
+ */
+static void crs_range_merge(GPtrArray *range)
+{
+GPtrArray *tmp =  g_ptr_array_new_with_free_func(crs_range_free);
+CrsRangeEntry *entry;
+uint64_t range_base, range_limit;
+int i;
+
+if (!range->len) {
+return;
+}
+
+g_ptr_array_sort(range, crs_range_compare);
+
+entry = g_ptr_array_index(range, 0);
+range_base = entry->base;
+range_limit = entry->limit;
+for (i = 1; i < range->len; i++) {
+entry = g_ptr_array_index(range, i);
+if (entry->base - 1 == range_limit) {
+range_limit = entry->limit;
+} else {
+crs_range_insert(tmp, range_base, range_limit);
+range_base = entry->base;
+range_limit = entry->limit;
+}
+}
+crs_range_insert(tmp, range_base, range_limit);
+
+g_ptr_array_set_size(range, 0);
+for (i = 0; i < tmp->len; i++) {
+entry = g_ptr_array_index(tmp, i);
+crs_range_insert(range, entry->base, entry->limit);
+}
+g_ptr_array_free(tmp, true);
+}
+
+Aml *build_crs(PCIHostState *host, CrsRangeSet *range_set)
+{
+Aml *crs = aml_resource_template();
+CrsRangeSet temp_range_set;
+CrsRangeEntry *entry;
+uint8_t max_bus = pci_bus_num(host->bus);
+uint8_t type;
+int devfn;
+int i;
+
+crs_range_set_init(&temp_range_set);
+for (devfn = 0; devfn < ARRAY_SIZE(host->bus->devices); devfn++) {
+uint64_t

[Qemu-devel] [PATCH 07/26] hw: i386: Refactor PCI host getter

[Samuel Ortiz]

From: Yang Zhong 

Make it more flexible by having it parsing a PCI host paths array
instead of open coding those paths deep down into the code logic itself.
This will be needed for PCI machine types that are neither emulatiing the
ich9 nor the i440fx chipsets.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: Marcel Apfelbaum 
Signed-off-by: Yang Zhong 
---
 hw/i386/acpi-build.c | 29 +++--
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index d3cb1b439d..6652880c9b 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -114,6 +114,12 @@ typedef struct AcpiBuildPciBusHotplugState {
 bool pcihp_bridge_en;
 } AcpiBuildPciBusHotplugState;
 
+static const char *pci_hosts[] = {
+   "/machine/i440fx",
+   "/machine/q35",
+   NULL,
+};
+
 static void init_common_fadt_data(Object *o, AcpiFadtData *data)
 {
 uint32_t io = object_property_get_uint(o, ACPI_PM_PROP_PM_IO_BASE, NULL);
@@ -238,27 +244,30 @@ static void acpi_get_misc_info(AcpiMiscInfo *info)
  * Because of the PXB hosts we cannot simply query TYPE_PCI_HOST_BRIDGE.
  * On i386 arch we only have two pci hosts, so we can look only for them.
  */
-static Object *acpi_get_i386_pci_host(void)
+static Object *acpi_get_pci_host(void)
 {
 PCIHostState *host;
+int i = 0;
 
-host = OBJECT_CHECK(PCIHostState,
-object_resolve_path("/machine/i440fx", NULL),
-TYPE_PCI_HOST_BRIDGE);
-if (!host) {
+while (pci_hosts[i]) {
 host = OBJECT_CHECK(PCIHostState,
-object_resolve_path("/machine/q35", NULL),
+object_resolve_path(pci_hosts[i], NULL),
 TYPE_PCI_HOST_BRIDGE);
+if (host) {
+return OBJECT(host);
+}
+
+i++;
 }
 
-return OBJECT(host);
+return NULL;
 }
 
 static void acpi_get_pci_holes(Range *hole, Range *hole64)
 {
 Object *pci_host;
 
-pci_host = acpi_get_i386_pci_host();
+pci_host = acpi_get_pci_host();
 g_assert(pci_host);
 
 range_set_bounds1(hole,
@@ -1636,7 +1645,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
 Object *pci_host;
 PCIBus *bus = NULL;
 
-pci_host = acpi_get_i386_pci_host();
+pci_host = acpi_get_pci_host();
 if (pci_host) {
 bus = PCI_HOST_BRIDGE(pci_host)->bus;
 }
@@ -2009,7 +2018,7 @@ static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
 Object *pci_host;
 QObject *o;
 
-pci_host = acpi_get_i386_pci_host();
+pci_host = acpi_get_pci_host();
 g_assert(pci_host);
 
 o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_BASE, NULL);
-- 
2.17.2

[Qemu-devel] [PATCH 06/26] hw: acpi: Factorize _OSC AML across architectures

[Samuel Ortiz]

From: Yang Zhong 

The _OSC AML table is almost identical between the i386 Q35 and arm virt
machine types. We can make it slightly more generic and share it across
all PCIe architectures.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Shannon Zhao 
Cc: Peter Maydell 
Cc: Marcel Apfelbaum 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Yang Zhong 
---
 hw/acpi/aml-build.c | 84 +++--
 hw/arm/virt-acpi-build.c| 45 ++--
 hw/i386/acpi-build.c|  6 ++-
 include/hw/acpi/acpi-defs.h | 14 +++
 include/hw/acpi/aml-build.h |  2 +-
 5 files changed, 66 insertions(+), 85 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 6daa0f6df2..1a9948f6a9 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1869,51 +1869,55 @@ Aml *build_crs(PCIHostState *host, CrsRangeSet 
*range_set)
 return crs;
 }
 
-Aml *build_osc_method(void)
+/*
+ * ctrl_mask is the _OSC capabilities buffer control field mask.
+ */
+Aml *build_osc_method(uint32_t ctrl_mask)
 {
-Aml *if_ctx;
-Aml *if_ctx2;
-Aml *else_ctx;
-Aml *method;
-Aml *a_cwd1 = aml_name("CDW1");
-Aml *a_ctrl = aml_local(0);
+Aml *ifctx, *ifctx1, *elsectx, *method, *UUID;
 
 method = aml_method("_OSC", 4, AML_NOTSERIALIZED);
-aml_append(method, aml_create_dword_field(aml_arg(3), aml_int(0), "CDW1"));
-
-if_ctx = aml_if(aml_equal(
-aml_arg(0), aml_touuid("33DB4D5B-1FF7-401C-9657-7441C03DD766")));
-aml_append(if_ctx, aml_create_dword_field(aml_arg(3), aml_int(4), "CDW2"));
-aml_append(if_ctx, aml_create_dword_field(aml_arg(3), aml_int(8), "CDW3"));
-
-aml_append(if_ctx, aml_store(aml_name("CDW3"), a_ctrl));
-
-/*
- * Always allow native PME, AER (no dependencies)
- * Allow SHPC (PCI bridges can have SHPC controller)
+aml_append(method,
+aml_create_dword_field(aml_arg(3), aml_int(0), "CDW1"));
+
+/* PCI Firmware Specification 3.0
+ * 4.5.1. _OSC Interface for PCI Host Bridge Devices
+ * The _OSC interface for a PCI/PCI-X/PCI Express hierarchy is
+ * identified by the Universal Unique IDentifier (UUID)
+ * 33DB4D5B-1FF7-401C-9657-7441C03DD766
  */
-aml_append(if_ctx, aml_and(a_ctrl, aml_int(0x1F), a_ctrl));
-
-if_ctx2 = aml_if(aml_lnot(aml_equal(aml_arg(1), aml_int(1;
-/* Unknown revision */
-aml_append(if_ctx2, aml_or(a_cwd1, aml_int(0x08), a_cwd1));
-aml_append(if_ctx, if_ctx2);
-
-if_ctx2 = aml_if(aml_lnot(aml_equal(aml_name("CDW3"), a_ctrl)));
-/* Capabilities bits were masked */
-aml_append(if_ctx2, aml_or(a_cwd1, aml_int(0x10), a_cwd1));
-aml_append(if_ctx, if_ctx2);
-
-/* Update DWORD3 in the buffer */
-aml_append(if_ctx, aml_store(a_ctrl, aml_name("CDW3")));
-aml_append(method, if_ctx);
-
-else_ctx = aml_else();
-/* Unrecognized UUID */
-aml_append(else_ctx, aml_or(a_cwd1, aml_int(4), a_cwd1));
-aml_append(method, else_ctx);
+UUID = aml_touuid("33DB4D5B-1FF7-401C-9657-7441C03DD766");
+ifctx = aml_if(aml_equal(aml_arg(0), UUID));
+aml_append(ifctx,
+aml_create_dword_field(aml_arg(3), aml_int(4), "CDW2"));
+aml_append(ifctx,
+aml_create_dword_field(aml_arg(3), aml_int(8), "CDW3"));
+aml_append(ifctx, aml_store(aml_name("CDW2"), aml_name("SUPP")));
+aml_append(ifctx, aml_store(aml_name("CDW3"), aml_name("CTRL")));
+aml_append(ifctx, aml_store(aml_and(aml_name("CTRL"),
+aml_int(ctrl_mask), NULL),
+aml_name("CTRL")));
+
+ifctx1 = aml_if(aml_lnot(aml_equal(aml_arg(1), aml_int(0x1;
+aml_append(ifctx1, aml_store(aml_or(aml_name("CDW1"), aml_int(0x08), NULL),
+ aml_name("CDW1")));
+aml_append(ifctx, ifctx1);
+
+ifctx1 = aml_if(aml_lnot(aml_equal(aml_name("CDW3"), aml_name("CTRL";
+aml_append(ifctx1, aml_store(aml_or(aml_name("CDW1"), aml_int(0x10), NULL),
+ aml_name("CDW1")));
+aml_append(ifctx, ifctx1);
+
+aml_append(ifctx, aml_store(aml_name("CTRL"), aml_name("CDW3")));
+aml_append(ifctx, aml_return(aml_arg(3)));
+aml_append(method, ifctx);
+
+elsectx = aml_else();
+aml_append(elsectx, aml_store(aml_or(aml_name("CDW1"), aml_int(4), NULL),
+  aml_name("CDW1")));
+aml_append(elsectx, aml_return(aml_arg(3)));
+aml_append(method, elsectx);
 
-aml_append(method, aml_return(aml_arg(3)));
 return method;
 }
 
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 0a6a88380a..e7eb110ed2 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -154,7 +154,7 @@ static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry 
*memmap,
   uint32_t irq, bool use_highmem, bool 
highmem_ecam)
 {
 int ecam_id = VIRT_ECAM_ID(highmem_ecam);
-Aml *method, *cr

[Qemu-devel] [PATCH 03/26] hw: acpi: Export the RSDP build API

[Samuel Ortiz]

The hardware-reduced API will need to build RSDP as well, so we should
export this routine.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: Marcel Apfelbaum 
Signed-off-by: Samuel Ortiz 
---
 hw/acpi/aml-build.c | 65 +
 hw/i386/acpi-build.c| 28 +---
 include/hw/acpi/aml-build.h |  4 +++
 3 files changed, 70 insertions(+), 27 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 51b608432f..8f02af0659 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1651,6 +1651,71 @@ build_xsdt(GArray *table_data, BIOSLinker *linker, 
GArray *table_offsets,
  (void *)xsdt, "XSDT", xsdt_len, 1, oem_id, oem_table_id);
 }
 
+/* Legacy RSDP pointing at an RSDT. This is deprecated */
+GArray *build_rsdp_rsdt(GArray *rsdp_table,
+BIOSLinker *linker, unsigned rsdt_tbl_offset)
+{
+AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
+unsigned rsdt_pa_size = sizeof(rsdp->rsdt_physical_address);
+unsigned rsdt_pa_offset =
+(char *)&rsdp->rsdt_physical_address - rsdp_table->data;
+
+bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, rsdp_table, 16,
+ true /* fseg memory */);
+
+memcpy(&rsdp->signature, "RSD PTR ", 8);
+memcpy(rsdp->oem_id, ACPI_BUILD_APPNAME6, 6);
+/* Address to be filled by Guest linker */
+bios_linker_loader_add_pointer(linker,
+ACPI_BUILD_RSDP_FILE, rsdt_pa_offset, rsdt_pa_size,
+ACPI_BUILD_TABLE_FILE, rsdt_tbl_offset);
+
+/* Checksum to be filled by Guest linker */
+bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
+(char *)rsdp - rsdp_table->data, sizeof *rsdp,
+(char *)&rsdp->checksum - rsdp_table->data);
+
+return rsdp_table;
+}
+
+/* RSDP pointing at an XSDT */
+GArray *build_rsdp(GArray *rsdp_table,
+   BIOSLinker *linker, unsigned xsdt_tbl_offset)
+{
+AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
+unsigned xsdt_pa_size = sizeof(rsdp->xsdt_physical_address);
+unsigned xsdt_pa_offset =
+(char *)&rsdp->xsdt_physical_address - rsdp_table->data;
+unsigned xsdt_offset =
+(char *)&rsdp->length - rsdp_table->data;
+
+bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, rsdp_table, 16,
+ true /* fseg memory */);
+
+memcpy(&rsdp->signature, "RSD PTR ", 8);
+memcpy(rsdp->oem_id, ACPI_BUILD_APPNAME6, 6);
+rsdp->length = cpu_to_le32(sizeof(*rsdp));
+/* version 2, we will use the XSDT pointer */
+rsdp->revision = 0x02;
+
+/* Address to be filled by Guest linker */
+bios_linker_loader_add_pointer(linker,
+ACPI_BUILD_RSDP_FILE, xsdt_pa_offset, xsdt_pa_size,
+ACPI_BUILD_TABLE_FILE, xsdt_tbl_offset);
+
+/* Legacy checksum to be filled by Guest linker */
+bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
+(char *)rsdp - rsdp_table->data, xsdt_offset,
+(char *)&rsdp->checksum - rsdp_table->data);
+
+/* Extended checksum to be filled by Guest linker */
+bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
+(char *)rsdp - rsdp_table->data, sizeof *rsdp,
+(char *)&rsdp->extended_checksum - rsdp_table->data);
+
+return rsdp_table;
+}
+
 void build_srat_memory(AcpiSratMemoryAffinity *numamem, uint64_t base,
uint64_t len, int node, MemoryAffinityFlags flags)
 {
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 1bf02b6a93..eee2eb3ed2 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2512,32 +2512,6 @@ build_amd_iommu(GArray *table_data, BIOSLinker *linker)
  "IVRS", table_data->len - iommu_start, 1, NULL, NULL);
 }
 
-static GArray *
-build_rsdp(GArray *rsdp_table, BIOSLinker *linker, unsigned rsdt_tbl_offset)
-{
-AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
-unsigned rsdt_pa_size = sizeof(rsdp->rsdt_physical_address);
-unsigned rsdt_pa_offset =
-(char *)&rsdp->rsdt_physical_address - rsdp_table->data;
-
-bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, rsdp_table, 16,
- true /* fseg memory */);
-
-memcpy(&rsdp->signature, "RSD PTR ", 8);
-memcpy(rsdp->oem_id, ACPI_BUILD_APPNAME6, 6);
-/* Address to be filled by Guest linker */
-bios_linker_loader_add_pointer(linker,
-ACPI_BUILD_RSDP_FILE, rsdt_pa_offset, rsdt_pa_size,
-ACPI_BUILD_TABLE_FILE, rsdt_tbl_offset);
-
-/* Checksum to be filled by Guest linker */
-bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
-(char *)rsdp - rsdp_table->data, sizeof *rsdp,
-(char *)&rsdp->checksum - rsdp_table->data);
-
-return rsdp_table;
-}
-
 static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
 {
 Object *pci_host;
@@ -2682,7

[Qemu-devel] [PATCH 01/26] hw: i386: Decouple the ACPI build from the PC machine type

[Samuel Ortiz]

ACPI tables are platform and machine type and even architecture
agnostic, and as such we want to provide an internal ACPI API that
only depends on platform agnostic information.

For the x86 architecture, in order to build ACPI tables independently
from the PC or Q35 machine types, we are moving a few MachineState
structure fields into a machine type agnostic structure called
AcpiConfiguration. The structure fields we move are:

   HotplugHandler *acpi_dev
   AcpiNVDIMMState acpi_nvdimm_state;
   FWCfgState *fw_cfg
   ram_addr_t below_4g_mem_size, above_4g_mem_size
   bool apic_xrupt_override
   unsigned apic_id_limit
   uint64_t numa_nodes
   uint64_t numa_mem

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Shannon Zhao 
Cc: Peter Maydell 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: Marcel Apfelbaum 
Signed-off-by: Samuel Ortiz 
---
 hw/acpi/cpu_hotplug.c|   9 +-
 hw/arm/virt-acpi-build.c |  10 ---
 hw/i386/acpi-build.c | 135 +-
 hw/i386/acpi-build.h |   4 +-
 hw/i386/pc.c | 176 ---
 hw/i386/pc_piix.c|  21 ++---
 hw/i386/pc_q35.c |  21 ++---
 include/hw/acpi/acpi.h   |  43 ++
 include/hw/i386/pc.h |  19 ++---
 9 files changed, 245 insertions(+), 193 deletions(-)

diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c
index 5243918125..634dc3b846 100644
--- a/hw/acpi/cpu_hotplug.c
+++ b/hw/acpi/cpu_hotplug.c
@@ -237,9 +237,9 @@ void build_legacy_cpu_hotplug_aml(Aml *ctx, MachineState 
*machine,
 /* The current AML generator can cover the APIC ID range [0..255],
  * inclusive, for VCPU hotplug. */
 QEMU_BUILD_BUG_ON(ACPI_CPU_HOTPLUG_ID_LIMIT > 256);
-if (pcms->apic_id_limit > ACPI_CPU_HOTPLUG_ID_LIMIT) {
+if (pcms->acpi_configuration.apic_id_limit > ACPI_CPU_HOTPLUG_ID_LIMIT) {
 error_report("max_cpus is too large. APIC ID of last CPU is %u",
- pcms->apic_id_limit - 1);
+ pcms->acpi_configuration.apic_id_limit - 1);
 exit(1);
 }
 
@@ -316,8 +316,9 @@ void build_legacy_cpu_hotplug_aml(Aml *ctx, MachineState 
*machine,
  * ith up to 255 elements. Windows guests up to win2k8 fail when
  * VarPackageOp is used.
  */
-pkg = pcms->apic_id_limit <= 255 ? aml_package(pcms->apic_id_limit) :
-   aml_varpackage(pcms->apic_id_limit);
+pkg = pcms->acpi_configuration.apic_id_limit <= 255 ?
+aml_package(pcms->acpi_configuration.apic_id_limit) :
+aml_varpackage(pcms->acpi_configuration.apic_id_limit);
 
 for (i = 0, apic_idx = 0; i < apic_ids->len; i++) {
 int apic_id = apic_ids->cpus[i].arch_id;
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 5785fb697c..f28a2faa53 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -790,16 +790,6 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
 free_aml_allocator();
 }
 
-typedef
-struct AcpiBuildState {
-/* Copy of table in RAM (for patching). */
-MemoryRegion *table_mr;
-MemoryRegion *rsdp_mr;
-MemoryRegion *linker_mr;
-/* Is table patched? */
-bool patched;
-} AcpiBuildState;
-
 static
 void virt_acpi_build(VirtMachineState *vms, AcpiBuildTables *tables)
 {
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 1599caa7c5..c8545238c4 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -338,13 +338,14 @@ void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid,
 }
 
 static void
-build_madt(GArray *table_data, BIOSLinker *linker, PCMachineState *pcms)
+build_madt(GArray *table_data, BIOSLinker *linker,
+   MachineState *ms, AcpiConfiguration *conf)
 {
-MachineClass *mc = MACHINE_GET_CLASS(pcms);
-const CPUArchIdList *apic_ids = mc->possible_cpu_arch_ids(MACHINE(pcms));
+MachineClass *mc = MACHINE_GET_CLASS(ms);
+const CPUArchIdList *apic_ids = mc->possible_cpu_arch_ids(ms);
 int madt_start = table_data->len;
-AcpiDeviceIfClass *adevc = ACPI_DEVICE_IF_GET_CLASS(pcms->acpi_dev);
-AcpiDeviceIf *adev = ACPI_DEVICE_IF(pcms->acpi_dev);
+AcpiDeviceIfClass *adevc = ACPI_DEVICE_IF_GET_CLASS(conf->acpi_dev);
+AcpiDeviceIf *adev = ACPI_DEVICE_IF(conf->acpi_dev);
 bool x2apic_mode = false;
 
 AcpiMultipleApicTable *madt;
@@ -370,7 +371,7 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
PCMachineState *pcms)
 io_apic->address = cpu_to_le32(IO_APIC_DEFAULT_ADDRESS);
 io_apic->interrupt = cpu_to_le32(0);
 
-if (pcms->apic_xrupt_override) {
+if (conf->apic_xrupt_override) {
 intsrcovr = acpi_data_push(table_data, sizeof *intsrcovr);
 intsrcovr->type   = ACPI_APIC_XRUPT_OVERRIDE;
 intsrcovr->length = sizeof(*intsrcovr);
@@ -1786,13 +1787,12 @@ static Aml *build_q35_osc_method(void)
 static void
 build_dsdt(GArray *table_data, BIOSLinker *linker,
AcpiPmInfo *pm, AcpiMiscInfo *mis

[Qemu-devel] [PATCH 02/26] hw: acpi: Export ACPI build alignment API

[Samuel Ortiz]

This is going to be needed by the Hardware-reduced ACPI routines.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Marcel Apfelbaum 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Samuel Ortiz 
---
 hw/acpi/aml-build.c | 8 
 hw/i386/acpi-build.c| 8 
 include/hw/acpi/aml-build.h | 2 ++
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 1e43cd736d..51b608432f 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1565,6 +1565,14 @@ unsigned acpi_data_len(GArray *table)
 return table->len;
 }
 
+void acpi_align_size(GArray *blob, unsigned align)
+{
+/* Align size to multiple of given size. This reduces the chance
+ * we need to change size in the future (breaking cross version migration).
+ */
+g_array_set_size(blob, ROUND_UP(acpi_data_len(blob), align));
+}
+
 void acpi_add_table(GArray *table_offsets, GArray *table_data)
 {
 uint32_t offset = table_data->len;
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index c8545238c4..1bf02b6a93 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -282,14 +282,6 @@ static void acpi_get_pci_holes(Range *hole, Range *hole64)
NULL));
 }
 
-static void acpi_align_size(GArray *blob, unsigned align)
-{
-/* Align size to multiple of given size. This reduces the chance
- * we need to change size in the future (breaking cross version migration).
- */
-g_array_set_size(blob, ROUND_UP(acpi_data_len(blob), align));
-}
-
 /* FACS */
 static void
 build_facs(GArray *table_data, BIOSLinker *linker)
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 6c36903c0a..813f51317c 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -6,6 +6,7 @@
 
 /* Reserve RAM space for tables: add another order of magnitude. */
 #define ACPI_BUILD_TABLE_MAX_SIZE 0x20
+#define ACPI_BUILD_ALIGN_SIZE 0x1000
 
 #define ACPI_BUILD_APPNAME6 "BOCHS "
 #define ACPI_BUILD_APPNAME4 "BXPC"
@@ -384,6 +385,7 @@ build_header(BIOSLinker *linker, GArray *table_data,
  const char *oem_id, const char *oem_table_id);
 void *acpi_data_push(GArray *table_data, unsigned size);
 unsigned acpi_data_len(GArray *table);
+void acpi_align_size(GArray *blob, unsigned align);
 void acpi_add_table(GArray *table_offsets, GArray *table_data);
 void acpi_build_tables_init(AcpiBuildTables *tables);
 void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre);
-- 
2.17.2

[Qemu-devel] [PATCH 04/26] hw: arm: Switch to the AML build RSDP building routine

[Samuel Ortiz]

We make the ARM virt ACPI code use the now shared build_rsdp() API from
aml-build.c. By doing so we fix a bug where the ARM implementation was
missing adding both the legacy and extended checksums, which was
building an invalid RSDP table.

Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Shannon Zhao 
Cc:Peter Maydell 
Signed-off-by: Samuel Ortiz 
---
 hw/arm/virt-acpi-build.c | 31 +--
 1 file changed, 1 insertion(+), 30 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index f28a2faa53..0a6a88380a 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -35,6 +35,7 @@
 #include "target/arm/cpu.h"
 #include "hw/acpi/acpi-defs.h"
 #include "hw/acpi/acpi.h"
+#include "hw/acpi/aml-build.h"
 #include "hw/nvram/fw_cfg.h"
 #include "hw/acpi/bios-linker-loader.h"
 #include "hw/loader.h"
@@ -366,36 +367,6 @@ static void acpi_dsdt_add_power_button(Aml *scope)
 aml_append(scope, dev);
 }
 
-/* RSDP */
-static GArray *
-build_rsdp(GArray *rsdp_table, BIOSLinker *linker, unsigned xsdt_tbl_offset)
-{
-AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
-unsigned xsdt_pa_size = sizeof(rsdp->xsdt_physical_address);
-unsigned xsdt_pa_offset =
-(char *)&rsdp->xsdt_physical_address - rsdp_table->data;
-
-bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, rsdp_table, 16,
- true /* fseg memory */);
-
-memcpy(&rsdp->signature, "RSD PTR ", sizeof(rsdp->signature));
-memcpy(rsdp->oem_id, ACPI_BUILD_APPNAME6, sizeof(rsdp->oem_id));
-rsdp->length = cpu_to_le32(sizeof(*rsdp));
-rsdp->revision = 0x02;
-
-/* Address to be filled by Guest linker */
-bios_linker_loader_add_pointer(linker,
-ACPI_BUILD_RSDP_FILE, xsdt_pa_offset, xsdt_pa_size,
-ACPI_BUILD_TABLE_FILE, xsdt_tbl_offset);
-
-/* Checksum to be filled by Guest linker */
-bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
-(char *)rsdp - rsdp_table->data, sizeof *rsdp,
-(char *)&rsdp->checksum - rsdp_table->data);
-
-return rsdp_table;
-}
-
 static void
 build_iort(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
 {
-- 
2.17.2

[Qemu-devel] [PATCH 00/27] ACPI hardware-reduced support

[Samuel Ortiz]

This patch set implements support for the ACPI hardware-reduced
specification.

The changes are coming from the NEMU [1] project where we're defining
a new x86 machine type: i386/virt. This is an EFI only, ACPI
hardware-reduced platform and as such we had to implement support
for the latter.

As a preliminary for adding hardware-reduced support to QEMU, we did
some ACPI code reorganization with the following goals:

* Share as much as possible of the current ACPI build APIs between
  legacy and hardware-reduced ACPI.
* Share the ACPI build code across machine types and architectures and
  remove the typical PC machine type dependency.
  Eventually we hope to see arm/virt also re-use much of that code.

The rest of the patchset adds the hardware-reduced support on top of
this code reorganization. Here again, the implementation is machine
type, platform and architecture independent.

[1] https://github.com/intel/nemu


The following changes since commit b312532fd03413d0e6ae6767ec793a3e30f487b8:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging 
(2018-10-19 19:01:07 +0100)

are available in the Git repository at:

  g...@github.com:intel/nemu topic/upstream/acpi

for you to fetch changes up to 4133ebe0d638d0a3d583bd89aa2360ef35ba746b:

  hw: acpi: reduced: Add PCI hotplug support (2018-10-22 20:32:23 +0200)


Jing Liu (2):
  hw: acpi: reduced: Add shutdown support
  hw: acpi: reduced: Add reboot support

Samuel Ortiz (10):
  hw: i386: Decouple the ACPI build from the PC machine type
  hw: acpi: Export ACPI build alignment API
  hw: acpi: Export the RSDP build API
  hw: arm: Switch to the AML build RSDP building routine
  hw: acpi: Do not create hotplug method when handler is not defined
  hw: i386: Make the hotpluggable memory size property more generic
  hw: fw-build: Add firmware build methods and state
  hw: i386: Convert PC machine type to firmware build methods
  hw: acpi: Initial hardware-reduced support
  hw: acpi: reduced: Generic Event Device support

Sebastien Boeuf (4):
  hw: acpi: Export the PCI hotplug API
  hw: acpi: Retrieve the PCI bus from AcpiPciHpState
  hw: acpi: reduced: Add NFIT support
  hw: acpi: reduced: Add PCI hotplug support

Yang Zhong (10):
  hw: acpi: Generalize AML build routines
  hw: acpi: Factorize _OSC AML across architectures
  hw: i386: Refactor PCI host getter
  hw: acpi: Export and generalize the PCI host AML API
  hw: acpi: Export the MCFG getter
  hw: acpi: Export the SRAT AML build API
  hw: acpi: Fix memory hotplug AML generation error
  hw: acpi: reduced: Add MCFG support
  hw: acpi: reduced: Add memory hotplug support
  hw: acpi: reduced: Add SRAT table

 default-configs/i386-softmmu.mak |1 +
 hw/acpi/Makefile.objs|1 +
 hw/acpi/aml-build.c  | 1139 +++-
 hw/acpi/cpu.c|8 +-
 hw/acpi/cpu_hotplug.c|9 +-
 hw/acpi/memory_hotplug.c |   21 +-
 hw/acpi/pcihp.c  |   10 +-
 hw/acpi/reduced.c|  472 +++
 hw/arm/virt-acpi-build.c |   86 +--
 hw/i386/acpi-build.c | 1172 +++---
 hw/i386/acpi-build.h |4 +-
 hw/i386/pc.c |  188 +++---
 hw/i386/pc_piix.c|   21 +-
 hw/i386/pc_q35.c |   21 +-
 hw/pci-host/piix.c   |8 -
 include/hw/acpi/acpi-defs.h  |   15 +
 include/hw/acpi/acpi.h   |   47 ++
 include/hw/acpi/aml-build.h  |   48 ++
 include/hw/acpi/reduced.h|   46 ++
 include/hw/boards.h  |5 +
 include/hw/fw-build.h|   57 ++
 include/hw/i386/acpi.h   |   27 +
 include/hw/i386/pc.h |   21 +-
 include/hw/mem/memory-device.h   |2 +
 stubs/Makefile.objs  |1 -
 stubs/pci-host-piix.c|6 -
 26 files changed, 2107 insertions(+), 1329 deletions(-)
 create mode 100644 hw/acpi/reduced.c
 create mode 100644 include/hw/acpi/reduced.h
 create mode 100644 include/hw/fw-build.h
 create mode 100644 include/hw/i386/acpi.h
 delete mode 100644 stubs/pci-host-piix.c

-- 
2.17.2

Re: [Qemu-devel] [PATCH v8 00/38] target/mips: Limited support for the R5900

[Maciej W. Rozycki]

Hi Maciej,

> > I added ASE_MMI flag along with INSN_R5900, I think this fits better in
> > the overall MIPS for QEMU design.
> 
> Maciej -- can we add "MMI" under "ASEs implemented" in the kernel too,
> even if it is a vendor-specific architecture extension that normally
> isn't counted as an ASE? QEMU simply calls these "vendor specific ASEs".

 I have no authority to approve such a change for the kernel, but it looks 
reasonable to me and I will support you with it, with one reservation 
however.  As this is an ISA extension in the vendor-specific space, I 
think it belongs to a vendor-specific namespace, so as to make it clear it 
is not a generic architectural feature and also to avoid name clashes.

 So it has to be called Toshiba MMI or suchlike, similarly to how I 
requested that for the Longsoon MMI feature in a recent binutils review 
(cf  and 
binutils commit 8095d2f70e1a ("MIPS/GAS: Split Loongson MMI Instructions 
from loongson2f/3a")), with all the consequences throughout.

> Aleksandar -- please or ASE_MMI to insn_flags here:
> 
> --- a/target/mips/translate_init.inc.c
> +++ b/target/mips/translate_init.inc.c
> @@ -466,7 +466,7 @@ const mips_def_t mips_defs[] =
>  #endif /* !CONFIG_USER_ONLY */
>  .SEGBITS = 32,
>  .PABITS = 32,
> -.insn_flags = CPU_R5900,
> +.insn_flags = CPU_R5900 | ASE_MMI,
>  .mmu_type = MMU_TYPE_R4000,
>  },
>  {

 So I think it better be called ASE_TOSHIBA_MMI here.

> Strictly speaking, MADD, MADDU, MULT, MULTU, MULT1, MULTU1, DIV1, DIVU1,
> MADD1, MADDU1, MFHI1, MFLO1, MTHI1 and MTLO1 are not part of what the
> Toshiba TX System RISC TX79 Core Architecture manual specifies as
> "Multimedia Instructions", section B.3.2, on page B-3, even though
> their opcodes are covered by TX79_CLASS_MMI and the decode_tx79_mmi
> function. Can we adjust ASE_MMI for QEMU accordingly?

 NB all but pipeline 1 instructions of these are also implemented by other 
members of the TXx9 family.  They seem to be referred to as just "multiply 
and multiply-add instructions" in the TX79 manual (cf Section B.3.1).

> Also, doesn't it make sense to cover LQ and SQ with ASE_MMI as well, as
> those two really are MMIs?

 And they're certainly listed as such in the TX79 manual (cf Section 
B.3.2).

> Regarding the R5900 FPU: It appears reasonable to introduce an ELF ABI
> variant for the nonstandard R5900 FPU.

 Indeed and in particular given that the R5900 does not produce any FPU 
exceptions it should be quite straightforward for the Linux kernel to 
recognise this specific ABI annotation with ELF binaries and switch its FP 
environment between R5900 native float and IEEE 754 emulated float 
accordingly.  We could then make QEMU run in the user emulation mode do 
the same.

 Of course all the pieces of the toolchain as well as the dynamic loader 
in use would have to taught to prevent incompatible pieces of hard float 
code from being used together.

  Maciej

Re: [Qemu-devel] [PATCH, build fix] osdep: Work around MinGW assert

[Philippe Mathieu-Daudé]

On 22/10/18 20:16, Richard Henderson wrote:

In several places we use assert(FEATURE), and assume that if FEATURE
is disabled, all following code is removed as unreachable.  Which allows
us to compile-out functions that are only present with FEATURE, and
have a link-time failure if the functions remain used.

MinGW does not mark its internal function _assert() as noreturn, so the
compiler cannot see when code is unreachable, which leads to link errors
for this host that are not present elsewhere.

The current build-time failure concerns 62823083b8a2, but I remember
having seen this same error before.  Fix it once and for all for MinGW.

Signed-off-by: Richard Henderson 


Reviewed-by: Philippe Mathieu-Daudé 


---
  include/qemu/osdep.h | 12 
  1 file changed, 12 insertions(+)

diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 4f8559e550..0c1e335a43 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -122,6 +122,18 @@ extern int daemon(int, int);
  #include "glib-compat.h"
  #include "qemu/typedefs.h"
  
+/*

+ * For mingw, as of v6.0.0, the function implementing the assert macro is
+ * not marked a noreturn, so the compiler cannot delete code following an
+ * assert(false) as unused.  We rely on this within the code base to delete
+ * code that is unreachable when features are disabled.
+ * All supported versions of Glib's g_assert() satisfy this requirement.
+ */
+#ifdef __MINGW32__
+#undef assert
+#define assert(x)  g_assert(x)
+#endif
+
  /*
   * According to waitpid man page:
   * WCOREDUMP

Re: [Qemu-devel] [PATCH, build fix] osdep: Work around MinGW assert

[Richard Henderson]

On 10/22/18 7:16 PM, Richard Henderson wrote:
> + * not marked a noreturn, so the compiler cannot delete code following an

Bah.  Peter, if you apply this directly, can you please fix the grammar around
"marked a return" (either s/a/as/ or s/a// sound equally plausible for me).


r~

[Qemu-devel] [PATCH, build fix] osdep: Work around MinGW assert

[Richard Henderson]

In several places we use assert(FEATURE), and assume that if FEATURE
is disabled, all following code is removed as unreachable.  Which allows
us to compile-out functions that are only present with FEATURE, and
have a link-time failure if the functions remain used.

MinGW does not mark its internal function _assert() as noreturn, so the
compiler cannot see when code is unreachable, which leads to link errors
for this host that are not present elsewhere.

The current build-time failure concerns 62823083b8a2, but I remember
having seen this same error before.  Fix it once and for all for MinGW.

Signed-off-by: Richard Henderson 
---
 include/qemu/osdep.h | 12 
 1 file changed, 12 insertions(+)

diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 4f8559e550..0c1e335a43 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -122,6 +122,18 @@ extern int daemon(int, int);
 #include "glib-compat.h"
 #include "qemu/typedefs.h"
 
+/*
+ * For mingw, as of v6.0.0, the function implementing the assert macro is
+ * not marked a noreturn, so the compiler cannot delete code following an
+ * assert(false) as unused.  We rely on this within the code base to delete
+ * code that is unreachable when features are disabled.
+ * All supported versions of Glib's g_assert() satisfy this requirement.
+ */
+#ifdef __MINGW32__
+#undef assert
+#define assert(x)  g_assert(x)
+#endif
+
 /*
  * According to waitpid man page:
  * WCOREDUMP
-- 
2.17.2

Re: [Qemu-devel] [PATCH 1/3] arm: check bit index before use

[P J P]

+-- On Mon, 22 Oct 2018, liqsub1 wrote --+
| +if (bit < sizeof(s->handler) / sizeof(s->handler[0])) { 
| 
| Maybe you can use ARRAY_SIZE here.

Yes, sent patch v1.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

[Qemu-devel] [PATCH v1] arm: check bit index before usage

[P J P]

From: Prasad J Pandit 

While performing gpio write via strongarm_gpio_handler_update
routine, the 'bit' index could access beyond s->handler[28] array.
Add check to avoid OOB access.

Reported-by: Moguofang 
Signed-off-by: Prasad J Pandit 
---
 hw/arm/strongarm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Update v1: use ARRAY_SIZE macro
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg04826.html

diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
index ec2627374d..9225b1ba6e 100644
--- a/hw/arm/strongarm.c
+++ b/hw/arm/strongarm.c
@@ -532,7 +532,9 @@ static void strongarm_gpio_handler_update(StrongARMGPIOInfo 
*s)
 
 for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
 bit = ctz32(diff);
-qemu_set_irq(s->handler[bit], (level >> bit) & 1);
+if (bit < ARRAY_SIZE(s->handler)) {
+qemu_set_irq(s->handler[bit], (level >> bit) & 1);
+}
 }
 
 s->prev_level = level;
-- 
2.17.2

Re: [Qemu-devel] [PATCH v8 00/38] target/mips: Limited support for the R5900

[Aleksandar Markovic]

> From: Fredrik Noring 
> 
> Subject: Re: [PATCH v8 00/38] target/mips: Limited support for the R5900
> 
> Many thanks, Aleksandar,
> 
> > I added ASE_MMI flag along with INSN_R5900, I think this fits better in
> > the overall MIPS for QEMU design.
> 
> Maciej -- can we add "MMI" under "ASEs implemented" in the kernel too,
> even if it is a vendor-specific architecture extension that normally
> isn't counted as an ASE? QEMU simply calls these "vendor specific ASEs".
> 
> Aleksandar -- please or ASE_MMI to insn_flags here:
> 
> --- a/target/mips/translate_init.inc.c
> +++ b/target/mips/translate_init.inc.c
> @@ -466,7 +466,7 @@ const mips_def_t mips_defs[] =
>  #endif /* !CONFIG_USER_ONLY */
>  .SEGBITS = 32,
>  .PABITS = 32,
> -.insn_flags = CPU_R5900,
> +.insn_flags = CPU_R5900 | ASE_MMI,
>  .mmu_type = MMU_TYPE_R4000,
>  },
>  {
> 

Hi, Fredrik.

I understood what you said about ASE_MMI and other changes you want to be 
included.

Pull request with 32 patches from this series is already sent, and I would like 
to avoid sending v2 of that request. Let's wait for some time until the pull 
request is hopefully accepted. There will be most likely another one at the 
beginning of the next week.

We are appoaching QEMU 3.1 soft freeze (Oct 30), and at this point we would 
like to stabilize the code, and to integrate only crucial patches. I suggest 
that you create a new series "target/mips: Amend R5900 support". It should be 
based on the code submitted in the pull request. Place the most crucial patches 
as the first ones, at the beginning of the series. Less important at the end. 
FPU changes are too risky at this stage od 3.1 development cycle, and I would 
leave them for QEMU 3.2+.

Regards and thanks again,
Aleksandar


> Strictly speaking, MADD, MADDU, MULT, MULTU, MULT1, MULTU1, DIV1, DIVU1,
> MADD1, MADDU1, MFHI1, MFLO1, MTHI1 and MTLO1 are not part of what the
> Toshiba TX System RISC TX79 Core Architecture manual specifies as
> "Multimedia Instructions", section B.3.2, on page B-3, even though
> their opcodes are covered by TX79_CLASS_MMI and the decode_tx79_mmi
> function. Can we adjust ASE_MMI for QEMU accordingly?
> 
> Also, doesn't it make sense to cover LQ and SQ with ASE_MMI as well, as
> those two really are MMIs?
> 
> Finally, as far as I know, the MMIs cannot be disabled on R5900 hardware.
> 
> --- a/target/mips/translate.c
> +++ b/target/mips/translate.c
> @@ -26099,7 +26099,7 @@ static void decode_opc(CPUMIPSState *env, 
> DisasContext *ctx)
>  }
>  break;
>  case OPC_SPECIAL3:
> -if (ctx->insn_flags & INSN_R5900) {
> +if ((ctx->insn_flags & INSN_R5900) && (ctx->insn_flags & ASE_MMI)) {
>  decode_tx79_sq(env, ctx);/* TX79_SQ */
>  } else {
>  decode_opc_special3(env, ctx);
> @@ -26763,7 +26763,7 @@ static void decode_opc(CPUMIPSState *env, 
> DisasContext *ctx)
>  }
>  break;
>  case OPC_MSA: /* OPC_MDMX */
> -if (ctx->insn_flags & INSN_R5900) {
> +if ((ctx->insn_flags & INSN_R5900) && (ctx->insn_flags & ASE_MMI)) {
>  decode_tx79_lq(env, ctx);/* TX79_LQ */
>  } else {
>  /* MDMX: Not implemented. */
> 
> > I experienced some build errors (see the end of this mail), so I had to
> > exclude some patches, but all others are fine, and had my "Reviewed-by".
> > 32 patches will be included in the next MIPS queue.
> 
> Ah, I didn't test the 64-bit build on the MADD[U][1] instructions. I will
> look into them and post updated patches.
> 
> Regarding the R5900 FPU: It appears reasonable to introduce an ELF ABI
> variant for the nonstandard R5900 FPU. A testsuite covering the anomalies
> seems to be needed as well. Careful verification on hardware is needed.
> I think it's probably best to keep the R5900 FPU disabled in QEMU until
> these things have been sorted out.
> 
> I discovered that I lost the disassembly of MULT1 and MULTU1 in v8, as
> shown in the attached patch below. This small change belongs to commit
> bebf09ef3977 ("target/mips: Support R5900 three-operand MULT1 and MULTU1
> instructions") in your tags/mips-queue-oct-2018-part-2. Please apply:
> 
> --- a/disas/mips.c
> +++ b/disas/mips.c
> @@ -2736,10 +2736,14 @@ const struct mips_opcode mips_builtin_opcodes[] =
>  {"mult","s,t",  0x0018, 0xfc00, RD_s|RD_t|WR_HILO|IS_M, 0,   
>   > I1  },
>  {"mult","7,s,t",   0x0018, 0xfc00e7ff, WR_a|RD_s|RD_t, 0,
>   > D33 },
>  {"mult","d,s,t",0x0018, 0xfc0007ff, RD_s|RD_t|WR_HILO|WR_d|IS_M, 
> > 0,G1  },
> +{"mult1",   "s,t",  0x7018, 0xfc00, RD_s | RD_t | WR_HILO | 
> IS_M, 0, EE },
> +{"mult1",   "d,s,t",0x7018, 0xfc0007ff, WR_d | RD_s | RD_t | WR_HILO 
> | IS_M, 0, > EE },
>  {"multp",   "s,t", 0x0459, 0xfc00, RD_s|RD_t|MOD_HILO, 0,
>   > SMT },
>  {"multu",   "s,t

Re: [Qemu-devel] [PULL 00/21] tcg patch queue

[Richard Henderson]

On 10/21/18 4:21 PM, Peter Maydell wrote:
> On 21 October 2018 at 16:01, Peter Maydell  wrote:
>> Any idea what's going on here? tcg/tcg.h has a comment saying
>>  * The cmpxchg functions are only defined if HAVE_CMPXCHG128
>> so presumably the issue is that the helper-a64 code is
>> trying to refer to them anyway. There certainly doesn't
>> seem to be any kind of #defining around the listed functions
>> in helper-a64.c to stop them being compiled in this situation.
>>
>> NB: I build with --enable-debug in this tree -- are you
>> perhaps accidentally relying on the compiler's optimisation
>> to discard these functions if they're not needed?
> 
> Adding a #if HAVE_CMPXCHG128 around the helper-a64.c
> functions just pushes the link error back a step to the
> references to those helpers:
>   LINKaarch64-softmmu/qemu-system-aarch64w.exe
> tcg/tcg.o:tcg.c:(.rdata+0x9810): undefined reference to
> `helper_paired_cmpxchg64_le_parallel'
> tcg/tcg.o:tcg.c:(.rdata+0x9830): undefined reference to
> `helper_paired_cmpxchg64_be_parallel'
> tcg/tcg.o:tcg.c:(.rdata+0x9840): undefined reference to
> `helper_casp_le_parallel'
> tcg/tcg.o:tcg.c:(.rdata+0x9850): undefined reference to
> `helper_casp_be_parallel'
> 
> which in turn I guess is because they're in the array
> of all helpers in tcg.c, so we need to also #if out the
> prototypes in helper-a64.h, which is awkward because
> there we don't have the HAVE_CMPXCHG128 defined...

I spoke with Peter in person today about this.  For the list, I've reproduced
the problem, and I'm calling it a mingw bug.  A patch against qemu/osdep.h to
fix this once and for all shortly.


r~

[Qemu-devel] [PATCH v4 2/4] net: cadence_gem: Announce 64bit addressing support

[Edgar E. Iglesias]

From: "Edgar E. Iglesias" 

Announce 64bit addressing support.

Reviewed-by: Alistair Francis 
Signed-off-by: Edgar E. Iglesias 
---
 hw/net/cadence_gem.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 16a8455128..d95cc27f58 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -142,6 +142,7 @@
 #define GEM_DESCONF4  (0x028C/4)
 #define GEM_DESCONF5  (0x0290/4)
 #define GEM_DESCONF6  (0x0294/4)
+#define GEM_DESCONF6_64B_MASK (1U << 23)
 #define GEM_DESCONF7  (0x0298/4)
 
 #define GEM_INT_Q1_STATUS   (0x0400 / 4)
@@ -1300,7 +1301,7 @@ static void gem_reset(DeviceState *d)
 s->regs[GEM_DESCONF] = 0x02500111;
 s->regs[GEM_DESCONF2] = 0x2ab13fff;
 s->regs[GEM_DESCONF5] = 0x002f2045;
-s->regs[GEM_DESCONF6] = 0x0;
+s->regs[GEM_DESCONF6] = GEM_DESCONF6_64B_MASK;
 
 if (s->num_priority_queues > 1) {
 queues_mask = MAKE_64BIT_MASK(1, s->num_priority_queues - 1);
-- 
2.17.1

[Qemu-devel] [PATCH v4 0/4] arm: Add first models of Xilinx Versal SoC

[Edgar E. Iglesias]

From: "Edgar E. Iglesias" 

This patch series adds initial support for Xilinx's Versal SoC.
Xilinx is introducing Versal, an adaptive compute acceleration platform
(ACAP), built on 7nm FinFET process technology. Versal ACAPs combine Scalar
Processing Engines, Adaptable Hardware Engines, and Intelligent Engines with
leading-edge memory and interfacing technologies to deliver powerful
heterogeneous acceleration for any application. The Versal AI Core series has
five devices, offering 128 to 400 AI Engines. The series includes dual-core Arm
Cortex-A72 application processors, dual-core Arm Cortex-R5 real-time
processors, 256KB of on-chip memory with ECC, more than 1,900 DSP engines
optimized for high-precision floating point with low latency.

More info can be found here:
https://www.xilinx.com/news/press/2018/xilinx-unveils-versal-the-first-in-a-new-category-of-platforms-delivering-rapid-innovation-with-software-programmability-and-scalable-ai-inference.html


In QEMU we'd like to have a virtual developer board with the Versal SoC
and a selected set of peripherals under the control of QEMU.
We'd like to gradually extend this board as QEMU gains more support
for Versal hardware components. QEMU will generate a device-tree
describing only the components it supports and includes in the virtual
dev board.

Before adding Versal support, this series starts with a few fixes to the
GEM that I ran into when running recent kernels on the Versal and ZynqMP
models.

I also noticed a problem with HVC insns not being enabled when using
QEMU's PSCI implementation on CPU's with EL2 and EL3 enabled. This causes
problems for Linux/KVM guests, also fixed in this series.

Best regards,
Edgar

ChangeLog:

v3 -> v4:
* Improve error handling for CPU and GIC creation
* Remove KVM checks in GIC creation

v2 -> v3:
* Fix DESCONF6 queue mask generation for GEMs with only one queue.

v1 -> v2:
* Spell out OCM as On Chip Memory
* apperture -> aperture
* Remove copy+pasted virt board comment
* Remove VMSD for Versal SoC (with a comment on why it's not needed)
* Embedd AddressSpace dma object in GEM
* Remove debug left-overs in arm-powerctl
* Enable PMU in Cortex-A72
* Rename cortex_a57_a53_cp_reginfo -> cortex_a72_a57_a53_cp_reginfo


Edgar E. Iglesias (4):
  net: cadence_gem: Announce availability of priority queues
  net: cadence_gem: Announce 64bit addressing support
  hw/arm: versal: Add a model of Xilinx Versal SoC
  hw/arm: versal: Add a virtual Xilinx Versal board

 default-configs/aarch64-softmmu.mak |   1 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/xlnx-versal-virt.c   | 494 
 hw/arm/xlnx-versal.c| 323 ++
 hw/net/cadence_gem.c|   9 +-
 include/hw/arm/xlnx-versal.h| 122 +++
 6 files changed, 949 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/xlnx-versal-virt.c
 create mode 100644 hw/arm/xlnx-versal.c
 create mode 100644 include/hw/arm/xlnx-versal.h

-- 
2.17.1

[Qemu-devel] [PATCH v4 3/4] hw/arm: versal: Add a model of Xilinx Versal SoC

[Edgar E. Iglesias]

From: "Edgar E. Iglesias" 

Add a model of Xilinx Versal SoC.

Signed-off-by: Edgar E. Iglesias 
---
 default-configs/aarch64-softmmu.mak |   1 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/xlnx-versal.c| 323 
 include/hw/arm/xlnx-versal.h| 122 +++
 4 files changed, 447 insertions(+)
 create mode 100644 hw/arm/xlnx-versal.c
 create mode 100644 include/hw/arm/xlnx-versal.h

diff --git a/default-configs/aarch64-softmmu.mak 
b/default-configs/aarch64-softmmu.mak
index 6f790f061a..4ea9add003 100644
--- a/default-configs/aarch64-softmmu.mak
+++ b/default-configs/aarch64-softmmu.mak
@@ -8,4 +8,5 @@ CONFIG_DDC=y
 CONFIG_DPCD=y
 CONFIG_XLNX_ZYNQMP=y
 CONFIG_XLNX_ZYNQMP_ARM=y
+CONFIG_XLNX_VERSAL=y
 CONFIG_ARM_SMMUV3=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 5f88062c66..ec21d9bc1f 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -26,6 +26,7 @@ obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zynqmp.o xlnx-zcu102.o
+obj-$(CONFIG_XLNX_VERSAL) += xlnx-versal.o
 obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
 obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
new file mode 100644
index 00..5ee58c09be
--- /dev/null
+++ b/hw/arm/xlnx-versal.c
@@ -0,0 +1,323 @@
+/*
+ * Xilinx Versal SoC model.
+ *
+ * Copyright (c) 2018 Xilinx Inc.
+ * Written by Edgar E. Iglesias
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 or
+ * (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "hw/sysbus.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/kvm.h"
+#include "hw/arm/arm.h"
+#include "kvm_arm.h"
+#include "hw/misc/unimp.h"
+#include "hw/intc/arm_gicv3_common.h"
+#include "hw/arm/xlnx-versal.h"
+
+#define XLNX_VERSAL_ACPU_TYPE ARM_CPU_TYPE_NAME("cortex-a72")
+#define GEM_REVISION0x40070106
+
+static void versal_create_apu_cpus(Versal *s)
+{
+int i;
+
+for (i = 0; i < ARRAY_SIZE(s->fpd.apu.cpu); i++) {
+Object *obj;
+char *name;
+
+obj = object_new(XLNX_VERSAL_ACPU_TYPE);
+if (!obj) {
+/* Secondary CPUs start in PSCI powered-down state */
+error_report("Unable to create apu.cpu[%d] of type %s",
+ i, XLNX_VERSAL_ACPU_TYPE);
+exit(EXIT_FAILURE);
+}
+
+name = g_strdup_printf("apu-cpu[%d]", i);
+object_property_add_child(OBJECT(s), name, obj, &error_fatal);
+g_free(name);
+
+object_property_set_int(obj, s->cfg.psci_conduit,
+"psci-conduit", &error_abort);
+if (i) {
+object_property_set_bool(obj, true,
+ "start-powered-off", &error_abort);
+}
+
+object_property_set_int(obj, ARRAY_SIZE(s->fpd.apu.cpu),
+"core-count", &error_abort);
+object_property_set_link(obj, OBJECT(&s->fpd.apu.mr), "memory",
+ &error_abort);
+object_property_set_bool(obj, true, "realized", &error_fatal);
+s->fpd.apu.cpu[i] = ARM_CPU(obj);
+}
+}
+
+static void versal_create_apu_gic(Versal *s, qemu_irq *pic)
+{
+static const uint64_t addrs[] = {
+MM_GIC_APU_DIST_MAIN,
+MM_GIC_APU_REDIST_0
+};
+SysBusDevice *gicbusdev;
+DeviceState *gicdev;
+int nr_apu_cpus = ARRAY_SIZE(s->fpd.apu.cpu);
+int i;
+
+sysbus_init_child_obj(OBJECT(s), "apu-gic",
+  &s->fpd.apu.gic, sizeof(s->fpd.apu.gic),
+  gicv3_class_name());
+gicbusdev = SYS_BUS_DEVICE(&s->fpd.apu.gic);
+gicdev = DEVICE(&s->fpd.apu.gic);
+qdev_prop_set_uint32(gicdev, "revision", 3);
+qdev_prop_set_uint32(gicdev, "num-cpu", 2);
+qdev_prop_set_uint32(gicdev, "num-irq", XLNX_VERSAL_NR_IRQS + 32);
+qdev_prop_set_uint32(gicdev, "len-redist-region-count", 1);
+qdev_prop_set_uint32(gicdev, "redist-region-count[0]", 2);
+qdev_prop_set_bit(gicdev, "has-security-extensions", true);
+
+object_property_set_bool(OBJECT(&s->fpd.apu.gic), true, "realized",
+&error_fatal);
+
+for (i = 0; i < ARRAY_SIZE(addrs); i++) {
+MemoryRegion *mr;
+
+mr = sysbus_mmio_get_region(gicbusdev, i);
+memory_region_add_subregion(&s->fpd.apu.mr, addrs[i], mr);
+}
+
+for (i = 0; i < nr_apu_cpus; i++) {
+DeviceState *cpudev = DEVICE(s->fpd.apu.cpu[i]);
+int ppibase = XLNX_VERSAL_NR_IRQS + i * GIC_INTERNAL + GIC_NR_SGIS;
+

[Qemu-devel] [PATCH v4 4/4] hw/arm: versal: Add a virtual Xilinx Versal board

[Edgar E. Iglesias]

From: "Edgar E. Iglesias" 

Add a virtual Xilinx Versal board.

This board is based on the Xilinx Versal SoC. The exact
details of what peripherals are attached to this board
will remain in control of QEMU. QEMU will generate an
FDT on the fly for Linux and other software to auto-discover
peripherals.

Signed-off-by: Edgar E. Iglesias 
---
 hw/arm/Makefile.objs  |   2 +-
 hw/arm/xlnx-versal-virt.c | 494 ++
 2 files changed, 495 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/xlnx-versal-virt.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index ec21d9bc1f..50c7b4a927 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -26,7 +26,7 @@ obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zynqmp.o xlnx-zcu102.o
-obj-$(CONFIG_XLNX_VERSAL) += xlnx-versal.o
+obj-$(CONFIG_XLNX_VERSAL) += xlnx-versal.o xlnx-versal-virt.o
 obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
 obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
diff --git a/hw/arm/xlnx-versal-virt.c b/hw/arm/xlnx-versal-virt.c
new file mode 100644
index 00..1ae125b174
--- /dev/null
+++ b/hw/arm/xlnx-versal-virt.c
@@ -0,0 +1,494 @@
+/*
+ * Xilinx Versal Virtual board.
+ *
+ * Copyright (c) 2018 Xilinx Inc.
+ * Written by Edgar E. Iglesias
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 or
+ * (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+#include "sysemu/device_tree.h"
+#include "exec/address-spaces.h"
+#include "hw/boards.h"
+#include "hw/sysbus.h"
+#include "hw/arm/sysbus-fdt.h"
+#include "hw/arm/fdt.h"
+#include "cpu.h"
+#include "hw/arm/xlnx-versal.h"
+
+#define TYPE_XLNX_VERSAL_VIRT_MACHINE MACHINE_TYPE_NAME("xlnx-versal-virt")
+#define XLNX_VERSAL_VIRT_MACHINE(obj) \
+OBJECT_CHECK(VersalVirt, (obj), TYPE_XLNX_VERSAL_VIRT_MACHINE)
+
+typedef struct VersalVirt {
+MachineState parent_obj;
+
+Versal soc;
+MemoryRegion mr_ddr;
+
+void *fdt;
+int fdt_size;
+struct {
+uint32_t gic;
+uint32_t ethernet_phy[2];
+uint32_t clk_125Mhz;
+uint32_t clk_25Mhz;
+} phandle;
+struct arm_boot_info binfo;
+
+struct {
+bool secure;
+} cfg;
+} VersalVirt;
+
+static void fdt_create(VersalVirt *s)
+{
+MachineClass *mc = MACHINE_GET_CLASS(s);
+int i;
+
+s->fdt = create_device_tree(&s->fdt_size);
+if (!s->fdt) {
+error_report("create_device_tree() failed");
+exit(1);
+}
+
+/* Allocate all phandles.  */
+s->phandle.gic = qemu_fdt_alloc_phandle(s->fdt);
+for (i = 0; i < ARRAY_SIZE(s->phandle.ethernet_phy); i++) {
+s->phandle.ethernet_phy[i] = qemu_fdt_alloc_phandle(s->fdt);
+}
+s->phandle.clk_25Mhz = qemu_fdt_alloc_phandle(s->fdt);
+s->phandle.clk_125Mhz = qemu_fdt_alloc_phandle(s->fdt);
+
+/* Create /chosen node for load_dtb.  */
+qemu_fdt_add_subnode(s->fdt, "/chosen");
+
+/* Header */
+qemu_fdt_setprop_cell(s->fdt, "/", "interrupt-parent", s->phandle.gic);
+qemu_fdt_setprop_cell(s->fdt, "/", "#size-cells", 0x2);
+qemu_fdt_setprop_cell(s->fdt, "/", "#address-cells", 0x2);
+qemu_fdt_setprop_string(s->fdt, "/", "model", mc->desc);
+qemu_fdt_setprop_string(s->fdt, "/", "compatible", "xlnx-versal-virt");
+}
+
+static void fdt_add_clk_node(VersalVirt *s, const char *name,
+ unsigned int freq_hz, uint32_t phandle)
+{
+qemu_fdt_add_subnode(s->fdt, name);
+qemu_fdt_setprop_cell(s->fdt, name, "phandle", phandle);
+qemu_fdt_setprop_cell(s->fdt, name, "clock-frequency", freq_hz);
+qemu_fdt_setprop_cell(s->fdt, name, "#clock-cells", 0x0);
+qemu_fdt_setprop_string(s->fdt, name, "compatible", "fixed-clock");
+qemu_fdt_setprop(s->fdt, name, "u-boot,dm-pre-reloc", NULL, 0);
+}
+
+static void fdt_add_cpu_nodes(VersalVirt *s, uint32_t psci_conduit)
+{
+int i;
+
+qemu_fdt_add_subnode(s->fdt, "/cpus");
+qemu_fdt_setprop_cell(s->fdt, "/cpus", "#size-cells", 0x0);
+qemu_fdt_setprop_cell(s->fdt, "/cpus", "#address-cells", 1);
+
+for (i = XLNX_VERSAL_NR_ACPUS - 1; i >= 0; i--) {
+char *name = g_strdup_printf("/cpus/cpu@%d", i);
+ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(i));
+
+qemu_fdt_add_subnode(s->fdt, name);
+qemu_fdt_setprop_cell(s->fdt, name, "reg", armcpu->mp_affinity);
+if (psci_conduit != QEMU_PSCI_CONDUIT_DISABLED) {
+qemu_fdt_setprop_string(s->fdt, name, "enable-method", "psci");
+}
+qemu_fdt_setprop_string(s->fdt, name, "device_type", "cpu");
+qemu_fdt_setprop_string(s->fdt, name, "compatible"

[Qemu-devel] [PATCH v4 1/4] net: cadence_gem: Announce availability of priority queues

[Edgar E. Iglesias]

From: "Edgar E. Iglesias" 

Announce the availability of the various priority queues.
This fixes an issue where guest kernels would miss to
configure secondary queues due to inproper feature bits.

Signed-off-by: Edgar E. Iglesias 
---
 hw/net/cadence_gem.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 1795998928..16a8455128 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -1283,6 +1283,7 @@ static void gem_reset(DeviceState *d)
 int i;
 CadenceGEMState *s = CADENCE_GEM(d);
 const uint8_t *a;
+uint32_t queues_mask = 0;
 
 DB_PRINT("\n");
 
@@ -1299,7 +1300,12 @@ static void gem_reset(DeviceState *d)
 s->regs[GEM_DESCONF] = 0x02500111;
 s->regs[GEM_DESCONF2] = 0x2ab13fff;
 s->regs[GEM_DESCONF5] = 0x002f2045;
-s->regs[GEM_DESCONF6] = 0x0200;
+s->regs[GEM_DESCONF6] = 0x0;
+
+if (s->num_priority_queues > 1) {
+queues_mask = MAKE_64BIT_MASK(1, s->num_priority_queues - 1);
+s->regs[GEM_DESCONF6] |= queues_mask;
+}
 
 /* Set MAC address */
 a = &s->conf.macaddr.a[0];
-- 
2.17.1

Re: [Qemu-devel] [PATCH v8 00/38] target/mips: Limited support for the R5900

[Fredrik Noring]

Many thanks, Aleksandar,

> I added ASE_MMI flag along with INSN_R5900, I think this fits better in
> the overall MIPS for QEMU design.

Maciej -- can we add "MMI" under "ASEs implemented" in the kernel too,
even if it is a vendor-specific architecture extension that normally
isn't counted as an ASE? QEMU simply calls these "vendor specific ASEs".

Aleksandar -- please or ASE_MMI to insn_flags here:

--- a/target/mips/translate_init.inc.c
+++ b/target/mips/translate_init.inc.c
@@ -466,7 +466,7 @@ const mips_def_t mips_defs[] =
 #endif /* !CONFIG_USER_ONLY */
 .SEGBITS = 32,
 .PABITS = 32,
-.insn_flags = CPU_R5900,
+.insn_flags = CPU_R5900 | ASE_MMI,
 .mmu_type = MMU_TYPE_R4000,
 },
 {

Strictly speaking, MADD, MADDU, MULT, MULTU, MULT1, MULTU1, DIV1, DIVU1,
MADD1, MADDU1, MFHI1, MFLO1, MTHI1 and MTLO1 are not part of what the
Toshiba TX System RISC TX79 Core Architecture manual specifies as
"Multimedia Instructions", section B.3.2, on page B-3, even though
their opcodes are covered by TX79_CLASS_MMI and the decode_tx79_mmi
function. Can we adjust ASE_MMI for QEMU accordingly?

Also, doesn't it make sense to cover LQ and SQ with ASE_MMI as well, as
those two really are MMIs?

Finally, as far as I know, the MMIs cannot be disabled on R5900 hardware.

--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -26099,7 +26099,7 @@ static void decode_opc(CPUMIPSState *env, DisasContext 
*ctx)
 }
 break;
 case OPC_SPECIAL3:
-if (ctx->insn_flags & INSN_R5900) {
+if ((ctx->insn_flags & INSN_R5900) && (ctx->insn_flags & ASE_MMI)) {
 decode_tx79_sq(env, ctx);/* TX79_SQ */
 } else {
 decode_opc_special3(env, ctx);
@@ -26763,7 +26763,7 @@ static void decode_opc(CPUMIPSState *env, DisasContext 
*ctx)
 }
 break;
 case OPC_MSA: /* OPC_MDMX */
-if (ctx->insn_flags & INSN_R5900) {
+if ((ctx->insn_flags & INSN_R5900) && (ctx->insn_flags & ASE_MMI)) {
 decode_tx79_lq(env, ctx);/* TX79_LQ */
 } else {
 /* MDMX: Not implemented. */

> I experienced some build errors (see the end of this mail), so I had to
> exclude some patches, but all others are fine, and had my "Reviewed-by".
> 32 patches will be included in the next MIPS queue.

Ah, I didn't test the 64-bit build on the MADD[U][1] instructions. I will
look into them and post updated patches.

Regarding the R5900 FPU: It appears reasonable to introduce an ELF ABI
variant for the nonstandard R5900 FPU. A testsuite covering the anomalies
seems to be needed as well. Careful verification on hardware is needed.
I think it's probably best to keep the R5900 FPU disabled in QEMU until
these things have been sorted out.

I discovered that I lost the disassembly of MULT1 and MULTU1 in v8, as
shown in the attached patch below. This small change belongs to commit
bebf09ef3977 ("target/mips: Support R5900 three-operand MULT1 and MULTU1
instructions") in your tags/mips-queue-oct-2018-part-2. Please apply:

--- a/disas/mips.c
+++ b/disas/mips.c
@@ -2736,10 +2736,14 @@ const struct mips_opcode mips_builtin_opcodes[] =
 {"mult","s,t",  0x0018, 0xfc00, RD_s|RD_t|WR_HILO|IS_M, 0, 
I1  },
 {"mult","7,s,t",   0x0018, 0xfc00e7ff, WR_a|RD_s|RD_t, 0,  
D33 },
 {"mult","d,s,t",0x0018, 0xfc0007ff, RD_s|RD_t|WR_HILO|WR_d|IS_M, 
0,G1  },
+{"mult1",   "s,t",  0x7018, 0xfc00, RD_s | RD_t | WR_HILO | IS_M, 
0, EE },
+{"mult1",   "d,s,t",0x7018, 0xfc0007ff, WR_d | RD_s | RD_t | WR_HILO | 
IS_M, 0, EE },
 {"multp",   "s,t", 0x0459, 0xfc00, RD_s|RD_t|MOD_HILO, 0,  
SMT },
 {"multu",   "s,t",  0x0019, 0xfc00, RD_s|RD_t|WR_HILO|IS_M, 0, 
I1  },
 {"multu",   "7,s,t",   0x0019, 0xfc00e7ff, WR_a|RD_s|RD_t, 0,  
D33 },
 {"multu",   "d,s,t",0x0019, 0xfc0007ff, RD_s|RD_t|WR_HILO|WR_d|IS_M, 
0,G1  },
+{"multu1",  "s,t",  0x7019, 0xfc00, RD_s | RD_t | WR_HILO | IS_M, 
0, EE },
+{"multu1",  "d,s,t",0x7019, 0xfc0007ff, WR_d | RD_s | RD_t | WR_HILO | 
IS_M, 0, EE },
 {"mulu","d,s,t",   0x0059, 0xfc0007ff, RD_s|RD_t|WR_HILO|WR_d, 0,  
N5  },
 {"neg", "d,w", 0x0022, 0xffe007ff, WR_d|RD_t,  0,  
I1  }, /* sub 0 */
 {"negu","d,w", 0x0023, 0xffe007ff, WR_d|RD_t,  0,  
I1  }, /* subu 0 */

Fredrik

[Qemu-devel] [PATCH v2 2/2] x86: hv_evmcs CPU flag support

[Vitaly Kuznetsov]

Adds a new CPU flag to enable the Enlightened VMCS KVM feature.
QEMU enables KVM_CAP_HYPERV_ENLIGHTENED_VMCS and gets back the
version to be advertised in lower 16 bits of CPUID.0x400A:EAX.

Suggested-by: Ladi Prosek 
Signed-off-by: Vitaly Kuznetsov 
---
Changes since v1:
- Throw away HV_CPUID_MIN_NESTED.
- Create zeroed 0x4006-0x4009 CPUID leaves.
---
 target/i386/cpu.c  |  1 +
 target/i386/cpu.h  |  1 +
 target/i386/hyperv-proto.h |  2 ++
 target/i386/kvm.c  | 30 --
 4 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index c88876dfe3..5c0e84fb99 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5564,6 +5564,7 @@ static Property x86_cpu_properties[] = {
 DEFINE_PROP_BOOL("hv-frequencies", X86CPU, hyperv_frequencies, false),
 DEFINE_PROP_BOOL("hv-reenlightenment", X86CPU, hyperv_reenlightenment, 
false),
 DEFINE_PROP_BOOL("hv-tlbflush", X86CPU, hyperv_tlbflush, false),
+DEFINE_PROP_BOOL("hv-evmcs", X86CPU, hyperv_evmcs, false),
 DEFINE_PROP_BOOL("check", X86CPU, check_cpuid, true),
 DEFINE_PROP_BOOL("enforce", X86CPU, enforce_cpuid, false),
 DEFINE_PROP_BOOL("kvm", X86CPU, expose_kvm, true),
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 730c06f80a..013d953b57 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1382,6 +1382,7 @@ struct X86CPU {
 bool hyperv_frequencies;
 bool hyperv_reenlightenment;
 bool hyperv_tlbflush;
+bool hyperv_evmcs;
 bool check_cpuid;
 bool enforce_cpuid;
 bool expose_kvm;
diff --git a/target/i386/hyperv-proto.h b/target/i386/hyperv-proto.h
index d6d5a79293..1e6800ba43 100644
--- a/target/i386/hyperv-proto.h
+++ b/target/i386/hyperv-proto.h
@@ -18,6 +18,7 @@
 #define HV_CPUID_FEATURES 0x4003
 #define HV_CPUID_ENLIGHTMENT_INFO 0x4004
 #define HV_CPUID_IMPLEMENT_LIMITS 0x4005
+#define HV_CPUID_NESTED_FEATURES  0x400A
 #define HV_CPUID_MIN  0x4005
 #define HV_CPUID_MAX  0x4000
 #define HV_HYPERVISOR_PRESENT_BIT 0x8000
@@ -59,6 +60,7 @@
 #define HV_SYSTEM_RESET_RECOMMENDED (1u << 4)
 #define HV_RELAXED_TIMING_RECOMMENDED   (1u << 5)
 #define HV_EX_PROCESSOR_MASKS_RECOMMENDED   (1u << 11)
+#define HV_ENLIGHTENED_VMCS_RECOMMENDED (1u << 14)
 
 /*
  * Basic virtualized MSRs
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index a46ad102d8..6f10abcf6f 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -798,6 +798,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
 uint32_t unused;
 struct kvm_cpuid_entry2 *c;
 uint32_t signature[3];
+uint16_t evmcs_version;
 int kvm_base = KVM_CPUID_SIGNATURE;
 int r;
 Error *local_err = NULL;
@@ -841,7 +842,8 @@ int kvm_arch_init_vcpu(CPUState *cs)
 memset(signature, 0, 12);
 memcpy(signature, cpu->hyperv_vendor_id, len);
 }
-c->eax = HV_CPUID_MIN;
+c->eax = cpu->hyperv_evmcs ?
+HV_CPUID_NESTED_FEATURES : HV_CPUID_IMPLEMENT_LIMITS;
 c->ebx = signature[0];
 c->ecx = signature[1];
 c->edx = signature[2];
@@ -888,7 +890,16 @@ int kvm_arch_init_vcpu(CPUState *cs)
 c->eax |= HV_REMOTE_TLB_FLUSH_RECOMMENDED;
 c->eax |= HV_EX_PROCESSOR_MASKS_RECOMMENDED;
 }
-
+if (cpu->hyperv_evmcs) {
+if (kvm_vcpu_enable_cap(cs, KVM_CAP_HYPERV_ENLIGHTENED_VMCS, 0,
+(uintptr_t)&evmcs_version)) {
+fprintf(stderr, "Hyper-V Enlightened VMCS "
+"(requested by 'hv-evmcs' cpu flag) "
+"is not supported by kernel\n");
+return -ENOSYS;
+}
+c->eax |= HV_ENLIGHTENED_VMCS_RECOMMENDED;
+}
 c->ebx = cpu->hyperv_spinlock_attempts;
 
 c = &cpuid_data.entries[cpuid_i++];
@@ -899,6 +910,21 @@ int kvm_arch_init_vcpu(CPUState *cs)
 
 kvm_base = KVM_CPUID_SIGNATURE_NEXT;
 has_msr_hv_hypercall = true;
+
+if (cpu->hyperv_evmcs) {
+__u32 function;
+
+/* Create zeroed 0x4006..0x4009 leaves */
+for (function = HV_CPUID_IMPLEMENT_LIMITS + 1;
+ function < HV_CPUID_NESTED_FEATURES; function++) {
+c = &cpuid_data.entries[cpuid_i++];
+c->function = function;
+}
+
+c = &cpuid_data.entries[cpuid_i++];
+c->function = HV_CPUID_NESTED_FEATURES;
+c->eax = evmcs_version;
+}
 }
 
 if (cpu->expose_kvm) {
-- 
2.17.2

[Qemu-devel] [PATCH v2 1/2] linux-headers: update

[Vitaly Kuznetsov]

Update to kvm/next commit 1e58e5e59148 ("KVM: VMX: enable nested
 virtualization by default").

kvm_put_vcpu_events() needs to be fixed as 'pad' was renamed to
'pending' in 'struct kvm_vcpu_events'

Signed-off-by: Vitaly Kuznetsov 
---
 linux-headers/asm-powerpc/kvm.h |  1 +
 linux-headers/asm-x86/kvm.h |  8 ++--
 linux-headers/linux/kvm.h   | 16 ++--
 target/i386/kvm.c   |  2 +-
 4 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/linux-headers/asm-powerpc/kvm.h b/linux-headers/asm-powerpc/kvm.h
index 1b32b56a03..8c876c166e 100644
--- a/linux-headers/asm-powerpc/kvm.h
+++ b/linux-headers/asm-powerpc/kvm.h
@@ -634,6 +634,7 @@ struct kvm_ppc_cpu_char {
 
 #define KVM_REG_PPC_DEC_EXPIRY (KVM_REG_PPC | KVM_REG_SIZE_U64 | 0xbe)
 #define KVM_REG_PPC_ONLINE (KVM_REG_PPC | KVM_REG_SIZE_U32 | 0xbf)
+#define KVM_REG_PPC_PTCR   (KVM_REG_PPC | KVM_REG_SIZE_U64 | 0xc0)
 
 /* Transactional Memory checkpointed state:
  * This is all GPRs, all VSX regs and a subset of SPRs
diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
index fd23d5778e..dabfcf7c39 100644
--- a/linux-headers/asm-x86/kvm.h
+++ b/linux-headers/asm-x86/kvm.h
@@ -288,6 +288,7 @@ struct kvm_reinject_control {
 #define KVM_VCPUEVENT_VALID_SIPI_VECTOR0x0002
 #define KVM_VCPUEVENT_VALID_SHADOW 0x0004
 #define KVM_VCPUEVENT_VALID_SMM0x0008
+#define KVM_VCPUEVENT_VALID_PAYLOAD0x0010
 
 /* Interrupt shadow states */
 #define KVM_X86_SHADOW_INT_MOV_SS  0x01
@@ -299,7 +300,7 @@ struct kvm_vcpu_events {
__u8 injected;
__u8 nr;
__u8 has_error_code;
-   __u8 pad;
+   __u8 pending;
__u32 error_code;
} exception;
struct {
@@ -322,7 +323,9 @@ struct kvm_vcpu_events {
__u8 smm_inside_nmi;
__u8 latched_init;
} smi;
-   __u32 reserved[9];
+   __u8 reserved[27];
+   __u8 exception_has_payload;
+   __u64 exception_payload;
 };
 
 /* for KVM_GET/SET_DEBUGREGS */
@@ -381,6 +384,7 @@ struct kvm_sync_regs {
 
 #define KVM_STATE_NESTED_GUEST_MODE0x0001
 #define KVM_STATE_NESTED_RUN_PENDING   0x0002
+#define KVM_STATE_NESTED_EVMCS 0x0004
 
 #define KVM_STATE_NESTED_SMM_GUEST_MODE0x0001
 #define KVM_STATE_NESTED_SMM_VMXON 0x0002
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 83ba4eb571..f11a7eb49c 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -420,13 +420,19 @@ struct kvm_run {
 struct kvm_coalesced_mmio_zone {
__u64 addr;
__u32 size;
-   __u32 pad;
+   union {
+   __u32 pad;
+   __u32 pio;
+   };
 };
 
 struct kvm_coalesced_mmio {
__u64 phys_addr;
__u32 len;
-   __u32 pad;
+   union {
+   __u32 pad;
+   __u32 pio;
+   };
__u8  data[8];
 };
 
@@ -719,6 +725,7 @@ struct kvm_ppc_one_seg_page_size {
 
 #define KVM_PPC_PAGE_SIZES_REAL0x0001
 #define KVM_PPC_1T_SEGMENTS0x0002
+#define KVM_PPC_NO_HASH0x0004
 
 struct kvm_ppc_smmu_info {
__u64 flags;
@@ -953,6 +960,11 @@ struct kvm_ppc_resize_hpt {
 #define KVM_CAP_NESTED_STATE 157
 #define KVM_CAP_ARM_INJECT_SERROR_ESR 158
 #define KVM_CAP_MSR_PLATFORM_INFO 159
+#define KVM_CAP_PPC_NESTED_HV 160
+#define KVM_CAP_HYPERV_SEND_IPI 161
+#define KVM_CAP_COALESCED_PIO 162
+#define KVM_CAP_HYPERV_ENLIGHTENED_VMCS 163
+#define KVM_CAP_EXCEPTION_PAYLOAD 164
 
 #ifdef KVM_CAP_IRQ_ROUTING
 
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index dc4047b02f..a46ad102d8 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -2686,7 +2686,7 @@ static int kvm_put_vcpu_events(X86CPU *cpu, int level)
 events.exception.nr = env->exception_injected;
 events.exception.has_error_code = env->has_error_code;
 events.exception.error_code = env->error_code;
-events.exception.pad = 0;
+events.exception.pending = 0;
 
 events.interrupt.injected = (env->interrupt_injected >= 0);
 events.interrupt.nr = env->interrupt_injected;
-- 
2.17.2

[Qemu-devel] [PATCH v2 0/2] i386/kvm: add support for Hyper-V Enlightened VMCS

[Vitaly Kuznetsov]

Changes since v1 [Roman Kagan]:
- Throw away HV_CPUID_MIN_NESTED.
- Create zeroed 0x4006-0x4009 CPUID leaves.

Hyper-V Enlightened VMCS feature was merged to KVM, enable it in Qemu.

The feature gives us a significant performance boost for Hyper-V on KVM
deployments.

The first patch of the series is posted for completeness only.

Vitaly Kuznetsov (2):
  linux-headers: update
  x86: hv_evmcs CPU flag support

 linux-headers/asm-powerpc/kvm.h |  1 +
 linux-headers/asm-x86/kvm.h |  8 ++--
 linux-headers/linux/kvm.h   | 16 ++--
 target/i386/cpu.c   |  1 +
 target/i386/cpu.h   |  1 +
 target/i386/hyperv-proto.h  |  2 ++
 target/i386/kvm.c   | 32 +---
 7 files changed, 54 insertions(+), 7 deletions(-)

-- 
2.17.2

[Qemu-devel] [PATCH] qapi: Fix COLOStatus and query-colo-status since version

[Zhang Chen]

This structure and command have missed qemu version 3.0, so fix it to since 
version 3.1.

Signed-off-by: Zhang Chen 
---
 qapi/migration.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/qapi/migration.json b/qapi/migration.json
index 0928f4b727..38d4c41d88 100644
--- a/qapi/migration.json
+++ b/qapi/migration.json
@@ -1317,7 +1317,7 @@
 #
 # @reason: describes the reason for the COLO exit.
 #
-# Since: 3.0
+# Since: 3.1
 ##
 { 'struct': 'COLOStatus',
   'data': { 'mode': 'COLOMode', 'reason': 'COLOExitReason' } }
@@ -1334,7 +1334,7 @@
 # -> { "execute": "query-colo-status" }
 # <- { "return": { "mode": "primary", "active": true, "reason": "request" } }
 #
-# Since: 3.0
+# Since: 3.1
 ##
 { 'command': 'query-colo-status',
   'returns': 'COLOStatus' }
-- 
2.17.GIT

[Qemu-devel] [Bug 1798451] Re: HVF linux on OSX hangs 2nd time started after adding socket

[Roman Bolshakov]

I have tried to run the OS and I can confirm that some instructions that
require VMEXIT are not implemented. In your case that's 0F7F or MOVQ
(mem from mmxreg) from MMX. In my case that's 0F11 or MOVUPS(xmmreg1 to
mem) from SSE.

I'd recommend you to run -cpu host,-mmx,-sse for a while, but the kernel
of the OS explicitly complains that it won't run on CPUs without SSE
support.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1798451

Title:
  HVF linux on OSX hangs 2nd time started after adding socket

Status in QEMU:
  New

Bug description:
  
  Robs-MacBook-Pro-2:~ robmaskell$ qemu-system-x86_64 --version
  QEMU emulator version 3.0.0

  Host: MacOS - 10.13.6
Model Name: MacBook Pro
Model Identifier:   MacBookPro14,3
Processor Name: Intel Core i7
Processor Speed:2.8 GHz
Number of Processors:   1
Total Number of Cores:  4
L2 Cache (per Core):256 KB
L3 Cache:   6 MB
Memory: 16 GB

  Guest OS: Elementary Linux Loki 0.4.1, patched up to date

  Command used to start QEMU:

  qemu-system-x86_64 \
-name ElementaryLokiDev \
-machine pc,accel=hvf \
-cpu max \
-smp cpus=2,sockets=2,cores=1,threads=1,maxcpus=2 \
-numa node,nodeid=0 \
-numa cpu,node-id=0,socket-id=0 -numa cpu,node-id=0,socket-id=1 \
-m 8G \
-vga vmware \
-hda e4.qcow2

  Symptoms: Started without the -smp / -numa commands to install the OS,
  then added -smp / -numa and the machine boots and lscpu reports extra
  cpu as expected. Restart VM and it hangs on startup. Remove -smp /
  -numa and machine starts again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1798451/+subscriptions

Re: [Qemu-devel] [PATCH 2/2] x86: hv_evmcs CPU flag support

[Vitaly Kuznetsov]

Roman Kagan  writes:

> On Fri, Oct 19, 2018 at 01:14:32PM +0200, Vitaly Kuznetsov wrote:
>> --- a/target/i386/kvm.c
>> +++ b/target/i386/kvm.c
>> @@ -798,6 +798,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
>>  uint32_t unused;
>>  struct kvm_cpuid_entry2 *c;
>>  uint32_t signature[3];
>> +uint16_t evmcs_version;
>>  int kvm_base = KVM_CPUID_SIGNATURE;
>>  int r;
>>  Error *local_err = NULL;
>> @@ -841,7 +842,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
>>  memset(signature, 0, 12);
>>  memcpy(signature, cpu->hyperv_vendor_id, len);
>>  }
>> -c->eax = HV_CPUID_MIN;
>> +c->eax = cpu->hyperv_evmcs ? HV_CPUID_MIN_NESTED : HV_CPUID_MIN;
>
>
> I think these two aren't meant to be used on the hypervisor side.  My
> understanding is that HV_CPUID_MIN is only there as a reminder that the
> real Hyper-V exposes at least that many hypervisor-specific leaves so
> the guest can rely on that.  So I'd rather use directly
> HV_CPUID_IMPLEMENT_LIMITS : HV_CPUID_NESTED_FEATURES, and not introduce
> HV_CPUID_MIN_NESTED.

Makes sense, will do v2.

>  Maybe better yet is to update this field with the
> maximum value while populating HV_* leaves:
>
> if (hyperv_enabled(cpu)) {
> uint32_t *cpuid_4000_eax;
> c = &cpuid_data.entries[cpuid_i++];
> c->function = HV_CPUID_VENDOR_AND_MAX_FUNCTIONS;
> cpuid_4000_eax = &c->eax;
> *cpuid_4000_eax = c->function;
>
> 
>
> c = &cpuid_data.entries[cpuid_i++];
> c->function = HV_CPUID_...;
> *cpuid_4000_eax = max(*cpuid_4000_eax, c->function);
>
> but I think it can be done later and doesn't need to hold this patch.
>
> Another question related to this: are the guests OK with leaves
> 0x4006..0x4009 missing?

They seem to be, however, after you've asked I'm leaning towards zeroing
them 'just in case'.

-- 
Vitaly

Re: [Qemu-devel] [RFC v3 0/56] per-CPU locks

[Paolo Bonzini]

On 20/10/2018 01:46, Emilio G. Cota wrote:
>> So it is possible that it was my implementation, and not the approach,
>> what was at fault :-)
> I've just observed a similar hang after adding the "BQL
> pushdown" patches on top of this series. So it's likely that the
> hangs come from those patches, and not from the work on
> cpu->interrupt_request. I just confirmed with the prior
> series, and removing the pushdown patches fixes the hangs there
> as well.

Oh well, not a big deal.  You already wrote these patches and I don't
have much time for MTTCG anyway, so I am okay with sticking with them.
Thanks!

Paolo

[Qemu-devel] [Bug 1364501] Re: Gdb hangs when trying to single-step after an invalid instruction

[martin]

This shouldn't be "Expired", since the bug is likely still there.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1364501

Title:
  Gdb hangs when trying to single-step after an invalid instruction

Status in QEMU:
  Expired

Bug description:
  When using Gdb to remote-debug a program and manually setting its PC
  to point to an address containing an invalid instruction and then
  doing a single step, Qemu will never return control to the remote Gdb.

  For instance, let's say address 0x114 contains an invalid instruction.
  On the remote Gdb, we'd do:

  (gdb) set $pc = 0x114
  (gdb) stepi

  After doing that we won't get the (gdb) prompt unless we do a Ctrl-C.
  If we do so we'll be left at 0x114 instead of going towards the
  exception handler as we should. This happens with stepi, step and
  next. If instead of single-stepping we used continue, the program will
  proceed into the exception handler as it should.

  The reason this is happening is that when Qemu realizes it's about to
  translate an instruction it doesn't recognize it'll generate a call to
  helper_exception_with_syndrome(), which will register the exception
  and then call cpu_loop_exit(). At the same time, because we're doing a
  single-step, Qemu will also generate a call to
  helper_exception_internal() passing it an EXCP_DEBUG, which lets the
  system know it'll give control back to the remote debugger, and it
  also ends with a call to cpu_loop_exit(). However, because the
  syndrome exception calls cpu_loop_exit() first, the call to the
  internal exception won't be reached and Qemu will be stuck in a loop
  without returning control to the remote debugger.

  What makes this a bit tricky to fix is that we must call
  cpu_loop_exit() at the end of helper_exception_with_syndrome(),
  otherwise the target exception will go undetected and its handler
  won't be excecuted.

  Tested on latest head by emulating a Stellaris lm3s6965 board and
  running RTEMS 4.11:

  $ qemu-system-arm -nographic -s -S -M lm3s6965evb -kernel my_rtems_app

  Commit hash in qemu.git: 30eaca3acdf17d7bcbd1213eb149c02037edfb0b

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1364501/+subscriptions

Re: [Qemu-devel] [PULL 00/45] Machine queue, 2018-10-18

[Markus Armbruster]

Igor Mammedov  writes:

> On Fri, 19 Oct 2018 17:23:21 -0300
> Eduardo Habkost  wrote:
>
>> On Fri, Oct 19, 2018 at 09:53:45PM +0200, Igor Mammedov wrote:
>> > On Fri, 19 Oct 2018 15:44:08 -0300
>> > Eduardo Habkost  wrote:
>> > 
>> > > On Fri, Oct 19, 2018 at 03:12:31PM +0100, Peter Maydell wrote:
>> > > > On 18 October 2018 at 21:03, Eduardo Habkost  
>> > > > wrote:
>> > > > > The following changes since commit 
>> > > > > 09558375a634e17cea6cfbfec883ac2376d2dc7f:
>> > > > >
>> > > > >   Merge remote-tracking branch 
>> > > > > 'remotes/pmaydell/tags/pull-target-arm-20181016-1' into staging 
>> > > > > (2018-10-16 17:42:56 +0100)
>> > > > >
>> > > > > are available in the Git repository at:
>> > > > >
>> > > > >   git://github.com/ehabkost/qemu.git tags/machine-next-pull-request
>> > > > >
>> > > > > for you to fetch changes up to 
>> > > > > 6d8e1bcc7dd5e819ce81e6a87fffe23e39c700cc:
>> > > > >
>> > > > >   numa: Clean up error reporting in parse_numa() (2018-10-17 
>> > > > > 16:33:40 -0300)
>> > > > >
>> > > > > 
>> > > > > Machine queue, 2018-10-18
>> > > > >
>> > > > > * sysbus init/realize cleanups
>> > > > >   (Cédric Le Goater, Philippe Mathieu-Daudé)
>> > > > > * memory-device refactoring (David Hildenbrand)
>> > > > > * -smp: deprecate incorrect CPUs topology (Igor Mammedov)
>> > > > > * -numa parsing cleanups (Markus Armbruster)
>> > > > > * Fix hostmem-file memory leak (Zhang Yi)
>> > > > > * Typo fix (Li Qiang)
>> > > > >
>> > > > > 
>> > > > >
>> > > > 
>> > > > Hi. This had some problems in merge testing, I'm afraid:
>> > > > 
>> > > > On aarch64 host, warnings running tests/cpu-plug-test for i386 and 
>> > > > s390 targets:
>> > > > 
>> > > > TEST: tests/cpu-plug-test... (pid=12602)
>> > > >   /i386/cpu-plug/pc-i440fx-3.0/cpu-add/1x3x2&maxcpus=12:
>> > > > qemu-system-i386: warning: Invalid CPU topology deprecated: sockets
>> > > > (1) * cores (3) * threads (2) != maxcpus (12)
>> > > [...]
>> > > > 
>> > > > (plus similar ppc64, x86_64 targets)
>> > > 
>> > > Ouch.  Apologies.
>> > > 
>> > > Can we please do something make sure "make check" will fail on
>> > > these cases?  I'd like to be able to trust CI systems like
>> > > travis-ci.
>> > > 
>> > 
>> > we probably don't want make check fail on warning.
>> 
>> I disagree.  If a warning is blocking a pull request from being
>> merged, it must make CI systems fail too.  Otherwise we're
>> defeating the purpose of CI systems.
>
> When we deprecate options we are bound to trigger warning which are not errors
> and are meant to be there until deprecated options are removed/tested by make 
> check.
> So what would you suggest to do wrt tests that use deprecated features,
> drop testing for it?

We commonly suppress the warning when testing.  Search for
'if (qtest_enabled())'.

Re: [Qemu-devel] [PATCH v4 11/11] qemu-iotests: Test auto-read-only with -drive and -blockdev

[Eric Blake]

On 10/20/18 8:31 PM, Kevin Wolf wrote:

Signed-off-by: Kevin Wolf 
---
  tests/qemu-iotests/232 | 147 +
  tests/qemu-iotests/232.out |  59 +++
  tests/qemu-iotests/group   |   1 +
  3 files changed, 207 insertions(+)
  create mode 100755 tests/qemu-iotests/232
  create mode 100644 tests/qemu-iotests/232.out


Reviewed-by: Eric Blake 


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH 3/9] qdev: move qdev_prop_register_global_list() to tests

[Igor Mammedov]

On Wed, 12 Sep 2018 16:55:25 +0400
Marc-André Lureau  wrote:

> The function is only used by a test, move it there.
> 
> Signed-off-by: Marc-André Lureau 
> ---
>  include/hw/qdev-properties.h   |  1 -
>  hw/core/qdev-properties.c  |  9 -
>  tests/test-qdev-global-props.c | 18 ++
>  3 files changed, 14 insertions(+), 14 deletions(-)
> 
> diff --git a/include/hw/qdev-properties.h b/include/hw/qdev-properties.h
> index a95f4a73eb..3ab9cd2eb6 100644
> --- a/include/hw/qdev-properties.h
> +++ b/include/hw/qdev-properties.h
> @@ -249,7 +249,6 @@ void qdev_prop_set_enum(DeviceState *dev, const char 
> *name, int value);
>  void qdev_prop_set_ptr(DeviceState *dev, const char *name, void *value);
>  
>  void qdev_prop_register_global(GlobalProperty *prop);
> -void qdev_prop_register_global_list(GlobalProperty *props);
>  int qdev_prop_check_globals(void);
>  void qdev_prop_set_globals(DeviceState *dev);
>  void error_set_from_qdev_prop_error(Error **errp, int ret, DeviceState *dev,
> diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
> index ab61d502fd..bd84c4ea4c 100644
> --- a/hw/core/qdev-properties.c
> +++ b/hw/core/qdev-properties.c
> @@ -1180,15 +1180,6 @@ void qdev_prop_register_global(GlobalProperty *prop)
>  global_props = g_list_append(global_props, prop);
>  }
>  
> -void qdev_prop_register_global_list(GlobalProperty *props)
> -{
> -int i;
> -
> -for (i = 0; props[i].driver != NULL; i++) {
> -qdev_prop_register_global(props+i);
> -}
> -}
> -
>  int qdev_prop_check_globals(void)
>  {
>  GList *l;
> diff --git a/tests/test-qdev-global-props.c b/tests/test-qdev-global-props.c
> index d81b0862d5..d8596e6637 100644
> --- a/tests/test-qdev-global-props.c
> +++ b/tests/test-qdev-global-props.c
> @@ -89,6 +89,16 @@ static void test_static_prop(void)
>  g_test_trap_assert_stdout("");
>  }
>  
> +static void register_global_list(GlobalProperty *props)
naming looks too ambiguous, I'd keep original name or
maybe use something more specific, like 'register_global_properties'

> +{
> +int i;
> +
> +for (i = 0; props[i].driver != NULL; i++) {
> +qdev_prop_register_global(props + i);
> +}
> +}
> +
> +
>  /* Test setting of static property using global properties */
>  static void test_static_globalprop_subprocess(void)
>  {
> @@ -98,7 +108,7 @@ static void test_static_globalprop_subprocess(void)
>  {}
>  };
>  
> -qdev_prop_register_global_list(props);
> +register_global_list(props);
>  
>  mt = STATIC_TYPE(object_new(TYPE_STATIC_PROPS));
>  qdev_init_nofail(DEVICE(mt));
> @@ -216,7 +226,7 @@ static void test_dynamic_globalprop_subprocess(void)
>  };
>  int all_used;
>  
> -qdev_prop_register_global_list(props);
> +register_global_list(props);
>  
>  mt = DYNAMIC_TYPE(object_new(TYPE_DYNAMIC_PROPS));
>  qdev_init_nofail(DEVICE(mt));
> @@ -261,7 +271,7 @@ static void 
> test_dynamic_globalprop_nouser_subprocess(void)
>  };
>  int all_used;
>  
> -qdev_prop_register_global_list(props);
> +register_global_list(props);
>  
>  mt = DYNAMIC_TYPE(object_new(TYPE_DYNAMIC_PROPS));
>  qdev_init_nofail(DEVICE(mt));
> @@ -299,7 +309,7 @@ static void test_subclass_global_props(void)
>  {}
>  };
>  
> -qdev_prop_register_global_list(props);
> +register_global_list(props);
>  
>  mt = STATIC_TYPE(object_new(TYPE_SUBCLASS));
>  qdev_init_nofail(DEVICE(mt));

Re: [Qemu-devel] [PATCH 2/9] accel: register global_props like machine globals

[Igor Mammedov]

On Wed, 12 Sep 2018 16:55:24 +0400
Marc-André Lureau  wrote:

> global_props is only used for Xen xen_compat_props. It's a static
minor nit:
should be AccelClass::global_props

> array of GlobalProperty, like machine globals in SET_MACHINE_COMPAT().
> Let's register the globals the same way, without extra copy allocation.
> 
> Signed-off-by: Marc-André Lureau 
otherwise looks good to me, CCing xen folks since it concerns them.

Reviewed-by: Igor Mammedov 


> ---
>  include/hw/qdev-properties.h | 29 -
>  accel/accel.c|  9 -
>  hw/core/qdev-properties.c| 21 -
>  3 files changed, 8 insertions(+), 51 deletions(-)
> 
> diff --git a/include/hw/qdev-properties.h b/include/hw/qdev-properties.h
> index 4f60cc88f3..a95f4a73eb 100644
> --- a/include/hw/qdev-properties.h
> +++ b/include/hw/qdev-properties.h
> @@ -255,35 +255,6 @@ void qdev_prop_set_globals(DeviceState *dev);
>  void error_set_from_qdev_prop_error(Error **errp, int ret, DeviceState *dev,
>  Property *prop, const char *value);
>  
> -/**
> - * register_compat_prop:
> - *
> - * Register internal (not user-provided) global property, changing the
> - * default value of a given property in a device type.  This can be used
> - * for enabling machine-type compatibility or for enabling
> - * accelerator-specific defaults in devices.
> - *
> - * The property values set using this function must be always valid and
> - * never report setter errors, as the property will have
> - * GlobalProperty::errp set to &error_abort.
> - *
> - * User-provided global properties should override internal global
> - * properties, so callers of this function should ensure that it is
> - * called before user-provided global properties are registered.
> - *
> - * @driver: Device type to be affected
> - * @property: Property whose default value is going to be changed
> - * @value: New default value for the property
> - */
> -void register_compat_prop(const char *driver, const char *property,
> -  const char *value);
> -/*
> - * register_compat_props_array(): using register_compat_prop(), which
> - * only registers internal global properties (which has lower priority
> - * than user-provided global properties)
> - */
> -void register_compat_props_array(GlobalProperty *prop);
> -
>  /**
>   * qdev_property_add_static:
>   * @dev: Device to add the property to.
> diff --git a/accel/accel.c b/accel/accel.c
> index 966b2d8f53..3da26eb90f 100644
> --- a/accel/accel.c
> +++ b/accel/accel.c
> @@ -34,6 +34,7 @@
>  #include "qom/object.h"
>  #include "qemu/error-report.h"
>  #include "qemu/option.h"
> +#include "qapi/error.h"
>  
>  static const TypeInfo accel_type = {
>  .name = TYPE_ACCEL,
> @@ -121,7 +122,13 @@ void configure_accelerator(MachineState *ms)
>  void accel_register_compat_props(AccelState *accel)
>  {
>  AccelClass *class = ACCEL_GET_CLASS(accel);
> -register_compat_props_array(class->global_props);
> +GlobalProperty *prop = class->global_props;
> +
> +for (; prop && prop->driver; prop++) {
> +/* Any compat_props must never cause error */
> +prop->errp = &error_abort;
> +qdev_prop_register_global(prop);
> +}
>  }
>  
>  void accel_setup_post(MachineState *ms)
> diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
> index 35072dec1e..ab61d502fd 100644
> --- a/hw/core/qdev-properties.c
> +++ b/hw/core/qdev-properties.c
> @@ -1180,27 +1180,6 @@ void qdev_prop_register_global(GlobalProperty *prop)
>  global_props = g_list_append(global_props, prop);
>  }
>  
> -void register_compat_prop(const char *driver,
> -  const char *property,
> -  const char *value)
> -{
> -GlobalProperty *p = g_new0(GlobalProperty, 1);
> -
> -/* Any compat_props must never cause error */
> -p->errp = &error_abort;
> -p->driver = driver;
> -p->property = property;
> -p->value = value;
> -qdev_prop_register_global(p);
> -}
> -
> -void register_compat_props_array(GlobalProperty *prop)
> -{
> -for (; prop && prop->driver; prop++) {
> -register_compat_prop(prop->driver, prop->property, prop->value);
> -}
> -}
> -
>  void qdev_prop_register_global_list(GlobalProperty *props)
>  {
>  int i;

Re: [Qemu-devel] Virtual IOMMU is working for Windows VM?

[Jintack Lim]

On Mon, Oct 22, 2018 at 5:27 AM Peter Xu  wrote:
>
> On Mon, Oct 22, 2018 at 12:22:02AM -0400, Jintack Lim wrote:
> > Hi,
> >
> > I wonder if vIOMMU is working for Windows VM?
> >
> > I tried it with v2.11.0, but it didn't seem to work. I assume that seaBIOS
> > sets IOMMU on by default as is the case when I launched a Linux VM. But I
> > might be missing something. Can somebody shed some light on it?
>
> Hi, Jintack,
>

Thanks Peter,

> I think at least the latest QEMU should work for Windows, but I don't
> really run Windows that frequently.
>
> What is the error you've encountered?  Have you tried the latest QEMU,
> or switching Windows versions to try?

I ran Windows commands in Windows Powershell like below. Well, I guess
this is not the best way to check IOMMU presence, but couldn't find a
better way to do it.

$ (Get-VMHost).IovSupport
false
$ (Get-VMHost).IovSupportReasons
The chipset on the system does not do DMA remapping, ...

I just tried QEMU v3.0.0, but I see the same symptom. I'm using
Windows server 2016.  Unfortunately, trying another Windows version
would be hard for me at this point.

I just wonder if there's way to check if Vt-d is on in SeaBIOS?

>
> What I can remember about Windows is that Ladi had fixed a bug for
> windows-only (8991c460be, "intel_iommu: relax iq tail check on
> VTD_GCMD_QIE enable", 2017-07-03) but it should be even in 2.10 so I
> guess it's not the problem you've encountered.

I'm CCing Ladi, just in case he has some idea :)

Thanks,
Jintack

>
> Regards,
>
> --
> Peter Xu
>

Re: [Qemu-devel] [RFC v2 07/28] hw/vfio/common: Refactor container initialization

[Greg Kurz]

On Fri, 21 Sep 2018 10:17:58 +0200
Eric Auger  wrote:

> To prepare for testing yet another extension, let's
> refactor the code. We introduce vfio_iommu_get_type()
> helper which selects the richest API (v2 first). Then
> vfio_init_container() does the SET_CONTAINER and
> SET_IOMMU ioctl calls. So we end up with a switch/case
> on the iommu_type which should be a little bit more readable
> when introducing the NESTING extension check. Also ioctl's
> get called once per iommu_type.
> 
> Signed-off-by: Eric Auger 
> ---
>  hw/vfio/common.c | 102 ++-
>  1 file changed, 65 insertions(+), 37 deletions(-)
> 
> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> index 7c185e5a2e..53b8f773cc 100644
> --- a/hw/vfio/common.c
> +++ b/hw/vfio/common.c
> @@ -1036,12 +1036,58 @@ static void vfio_put_address_space(VFIOAddressSpace 
> *space)
>  }
>  }
>  
> +/*
> + * vfio_iommu_get_type - selects the richest iommu_type (v2 first)
> + * nested only is selected if requested by @force_nested

It seems the second line belongs to patch 8.

Appart from that, this definitely makes the code more readable.

Reviewed-by: Greg Kurz 

> + */
> +static int vfio_iommu_get_type(VFIOContainer *container,
> +   Error **errp)
> +{
> +int fd = container->fd;
> +
> +if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_TYPE1v2_IOMMU)) {
> +return VFIO_TYPE1v2_IOMMU;
> +} else if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_TYPE1_IOMMU)) {
> +return VFIO_TYPE1_IOMMU;
> +} else if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_SPAPR_TCE_v2_IOMMU)) {
> +return VFIO_SPAPR_TCE_v2_IOMMU;
> +} else if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_SPAPR_TCE_IOMMU)) {
> +return VFIO_SPAPR_TCE_IOMMU;
> +} else {
> +error_setg(errp, "No available IOMMU models");
> +return -EINVAL;
> +}
> +}
> +
> +static int vfio_init_container(VFIOContainer *container, int group_fd,
> +   int iommu_type, Error **errp)
> +{
> +int ret;
> +
> +ret = ioctl(group_fd, VFIO_GROUP_SET_CONTAINER, &container->fd);
> +if (ret) {
> +error_setg_errno(errp, errno, "failed to set group container");
> +return -errno;
> +}
> +
> +ret = ioctl(container->fd, VFIO_SET_IOMMU, iommu_type);
> +if (ret) {
> +error_setg_errno(errp, errno, "failed to set iommu for container");
> +return -errno;
> +}
> +container->iommu_type = iommu_type;
> +return 0;
> +}
> +
>  static int vfio_connect_container(VFIOGroup *group, AddressSpace *as,
>Error **errp)
>  {
>  VFIOContainer *container;
>  int ret, fd;
>  VFIOAddressSpace *space;
> +int iommu_type;
> +bool v2 = false;
> +
>  
>  space = vfio_get_address_space(as);
>  
> @@ -1101,23 +1147,20 @@ static int vfio_connect_container(VFIOGroup *group, 
> AddressSpace *as,
>  container->fd = fd;
>  QLIST_INIT(&container->giommu_list);
>  QLIST_INIT(&container->hostwin_list);
> -if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_TYPE1_IOMMU) ||
> -ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_TYPE1v2_IOMMU)) {
> -bool v2 = !!ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_TYPE1v2_IOMMU);
> +
> +iommu_type = vfio_iommu_get_type(container, errp);
> +if (iommu_type < 0) {
> +goto free_container_exit;
> +}
> +
> +switch (iommu_type) {
> +case VFIO_TYPE1v2_IOMMU:
> +case VFIO_TYPE1_IOMMU:
> +{
>  struct vfio_iommu_type1_info info;
>  
> -ret = ioctl(group->fd, VFIO_GROUP_SET_CONTAINER, &fd);
> +ret = vfio_init_container(container, group->fd, iommu_type, errp);
>  if (ret) {
> -error_setg_errno(errp, errno, "failed to set group container");
> -ret = -errno;
> -goto free_container_exit;
> -}
> -
> -container->iommu_type = v2 ? VFIO_TYPE1v2_IOMMU : VFIO_TYPE1_IOMMU;
> -ret = ioctl(fd, VFIO_SET_IOMMU, container->iommu_type);
> -if (ret) {
> -error_setg_errno(errp, errno, "failed to set iommu for 
> container");
> -ret = -errno;
>  goto free_container_exit;
>  }
>  
> @@ -1137,28 +1180,16 @@ static int vfio_connect_container(VFIOGroup *group, 
> AddressSpace *as,
>  }
>  vfio_host_win_add(container, 0, (hwaddr)-1, info.iova_pgsizes);
>  container->pgsizes = info.iova_pgsizes;
> -} else if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_SPAPR_TCE_IOMMU) ||
> -   ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_SPAPR_TCE_v2_IOMMU)) {
> +break;
> +}
> +case VFIO_SPAPR_TCE_v2_IOMMU:
> +v2 = true;
> +case VFIO_SPAPR_TCE_IOMMU:
> +{
>  struct vfio_iommu_spapr_tce_info info;
> -bool v2 = !!ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_SPAPR_TCE_v2_IOMMU);
>  
> -ret = ioctl(group->fd, VFIO_GROUP_SET_CONTAINER, &fd);
> +ret = vfio_init_container(container,

Re: [Qemu-devel] [PATCH 2/2] x86: hv_evmcs CPU flag support

[Roman Kagan]

On Fri, Oct 19, 2018 at 01:14:32PM +0200, Vitaly Kuznetsov wrote:
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -798,6 +798,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
>  uint32_t unused;
>  struct kvm_cpuid_entry2 *c;
>  uint32_t signature[3];
> +uint16_t evmcs_version;
>  int kvm_base = KVM_CPUID_SIGNATURE;
>  int r;
>  Error *local_err = NULL;
> @@ -841,7 +842,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
>  memset(signature, 0, 12);
>  memcpy(signature, cpu->hyperv_vendor_id, len);
>  }
> -c->eax = HV_CPUID_MIN;
> +c->eax = cpu->hyperv_evmcs ? HV_CPUID_MIN_NESTED : HV_CPUID_MIN;


I think these two aren't meant to be used on the hypervisor side.  My
understanding is that HV_CPUID_MIN is only there as a reminder that the
real Hyper-V exposes at least that many hypervisor-specific leaves so
the guest can rely on that.  So I'd rather use directly
HV_CPUID_IMPLEMENT_LIMITS : HV_CPUID_NESTED_FEATURES, and not introduce
HV_CPUID_MIN_NESTED.  Maybe better yet is to update this field with the
maximum value while populating HV_* leaves:

if (hyperv_enabled(cpu)) {
uint32_t *cpuid_4000_eax;
c = &cpuid_data.entries[cpuid_i++];
c->function = HV_CPUID_VENDOR_AND_MAX_FUNCTIONS;
cpuid_4000_eax = &c->eax;
*cpuid_4000_eax = c->function;



c = &cpuid_data.entries[cpuid_i++];
c->function = HV_CPUID_...;
*cpuid_4000_eax = max(*cpuid_4000_eax, c->function);

but I think it can be done later and doesn't need to hold this patch.

Another question related to this: are the guests OK with leaves
0x4006..0x4009 missing?

Thanks,
Roman.

Re: [Qemu-devel] [PATCH 1/9] qom/user-creatable: add a few helper macros

[Igor Mammedov]

On Wed, 12 Sep 2018 16:55:23 +0400
Marc-André Lureau  wrote:

> Improve a bit code readability.
> 
> Signed-off-by: Marc-André Lureau 
> ---
>  include/qom/object_interfaces.h | 4 
>  qom/object.c| 4 ++--
>  qom/object_interfaces.c | 9 +++--
>  3 files changed, 9 insertions(+), 8 deletions(-)
> 
> diff --git a/include/qom/object_interfaces.h b/include/qom/object_interfaces.h
> index 4d513fb329..46b0861457 100644
> --- a/include/qom/object_interfaces.h
> +++ b/include/qom/object_interfaces.h
> @@ -9,9 +9,13 @@
>  #define USER_CREATABLE_CLASS(klass) \
>   OBJECT_CLASS_CHECK(UserCreatableClass, (klass), \
>  TYPE_USER_CREATABLE)
> +#define IS_USER_CREATABLE_CLASS(klass) \
> +object_class_dynamic_cast(OBJECT_CLASS(oc), TYPE_USER_CREATABLE)
>  #define USER_CREATABLE_GET_CLASS(obj) \
>   OBJECT_GET_CLASS(UserCreatableClass, (obj), \
>TYPE_USER_CREATABLE)
> +#define IS_USER_CREATABLE(obj) \
> +object_dynamic_cast(OBJECT(obj), TYPE_USER_CREATABLE)
>  #define USER_CREATABLE(obj) \
>   INTERFACE_CHECK(UserCreatable, (obj), \
>   TYPE_USER_CREATABLE)
> diff --git a/qom/object.c b/qom/object.c
> index 75d1d48944..0703e8e4ff 100644
> --- a/qom/object.c
> +++ b/qom/object.c
> @@ -424,7 +424,7 @@ void object_initialize_childv(Object *parentobj, const 
> char *propname,
>  goto out;
>  }
>  
> -if (object_dynamic_cast(obj, TYPE_USER_CREATABLE)) {
> +if (IS_USER_CREATABLE(obj)) {
>  user_creatable_complete(obj, &local_err);
>  if (local_err) {
>  object_unparent(obj);
> @@ -605,7 +605,7 @@ Object *object_new_with_propv(const char *typename,
>  goto error;
>  }
>  
> -if (object_dynamic_cast(obj, TYPE_USER_CREATABLE)) {
> +if (IS_USER_CREATABLE(obj)) {
>  user_creatable_complete(obj, &local_err);
>  if (local_err) {
>  object_unparent(obj);
> diff --git a/qom/object_interfaces.c b/qom/object_interfaces.c
> index 72b97a8bed..e3084bc04a 100644
> --- a/qom/object_interfaces.c
> +++ b/qom/object_interfaces.c
> @@ -10,18 +10,15 @@
>  
>  void user_creatable_complete(Object *obj, Error **errp)
>  {
> -
>  UserCreatableClass *ucc;
> -UserCreatable *uc =
> -(UserCreatable *)object_dynamic_cast(obj, TYPE_USER_CREATABLE);
>  
> -if (!uc) {
> +if (!IS_USER_CREATABLE(obj)) {
>  return;
>  }
>  
> -ucc = USER_CREATABLE_GET_CLASS(uc);
> +ucc = USER_CREATABLE_GET_CLASS(obj);
>  if (ucc->complete) {
> -ucc->complete(uc, errp);
> +ucc->complete(USER_CREATABLE(obj), errp);
 ^^^
even though function becomes more concise,
this will call expensive dynamic cast 2nd time (IS_USER_CREATABLE was the 1st 
and discarded)
so I'm not sure is a good idea to regress startup time for readability. 


>  }
>  }
>  

[Qemu-devel] [PATCH] file-posix: Use error API properly

[Fam Zheng]

Use error_report for situations that affect user operation (i.e.  we're
actually returning error), and warn_report/warn_report_err when some
less critical error happened but the user operation can still carry on.

Suggested-by: Markus Armbruster 
Signed-off-by: Fam Zheng 
---
 block/file-posix.c | 20 +---
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/block/file-posix.c b/block/file-posix.c
index 2da3a76355..2a46899313 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -214,8 +214,7 @@ static int raw_normalize_devicepath(const char **filename)
 fname = *filename;
 dp = strrchr(fname, '/');
 if (lstat(fname, &sb) < 0) {
-fprintf(stderr, "%s: stat failed: %s\n",
-fname, strerror(errno));
+error_report("%s: stat failed: %s", fname, strerror(errno));
 return -errno;
 }
 
@@ -229,9 +228,8 @@ static int raw_normalize_devicepath(const char **filename)
 snprintf(namebuf, PATH_MAX, "%.*s/r%s",
 (int)(dp - fname), fname, dp + 1);
 }
-fprintf(stderr, "%s is a block device", fname);
 *filename = namebuf;
-fprintf(stderr, ", using %s\n", *filename);
+warn_report("%s is a block device, using %s", fname, *filename);
 
 return 0;
 }
@@ -492,11 +490,11 @@ static int raw_open_common(BlockDriverState *bs, QDict 
*options,
 case ON_OFF_AUTO_ON:
 s->use_lock = true;
 if (!qemu_has_ofd_lock()) {
-fprintf(stderr,
+warn_report(
 "File lock requested but OFD locking syscall is "
-"unavailable, falling back to POSIX file locks.\n"
+"unavailable, falling back to POSIX file locks. "
 "Due to the implementation, locks can be lost "
-"unexpectedly.\n");
+"unexpectedly.");
 }
 break;
 case ON_OFF_AUTO_OFF:
@@ -805,7 +803,7 @@ static int raw_handle_perm_lock(BlockDriverState *bs,
 /* Theoretically the above call only unlocks bytes and it cannot
  * fail. Something weird happened, report it.
  */
-error_report_err(local_err);
+warn_report_err(local_err);
 }
 break;
 case RAW_PL_COMMIT:
@@ -815,7 +813,7 @@ static int raw_handle_perm_lock(BlockDriverState *bs,
 /* Theoretically the above call only unlocks bytes and it cannot
  * fail. Something weird happened, report it.
  */
-error_report_err(local_err);
+warn_report_err(local_err);
 }
 break;
 }
@@ -1775,7 +1773,7 @@ static int aio_worker(void *arg)
 ret = handle_aiocb_truncate(aiocb);
 break;
 default:
-fprintf(stderr, "invalid aio request (0x%x)\n", aiocb->aio_type);
+error_report("invalid aio request (0x%x)", aiocb->aio_type);
 ret = -EINVAL;
 break;
 }
@@ -2263,7 +2261,7 @@ out_unlock:
  * not mean the whole creation operation has failed.  So
  * report it the user for their convenience, but do not report
  * it to the caller. */
-error_report_err(local_err);
+warn_report_err(local_err);
 }
 
 out_close:
-- 
2.17.1

[Qemu-devel] [PATCH v3 8/9] iotests: Modify imports for Python 3

[Max Reitz]

There are two imports that need to be modified when running the iotests
under Python 3: One is StringIO, which no longer exists; instead, the
StringIO class comes from the io module, so import it from there (and
use the BytesIO class for Python 2).  The other is the ConfigParser,
which has just been renamed to configparser.

Signed-off-by: Max Reitz 
Reviewed-by: Eduardo Habkost 
Reviewed-by: Cleber Rosa 
---
 tests/qemu-iotests/iotests.py| 13 +
 tests/qemu-iotests/nbd-fault-injector.py |  7 +--
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 7ca94e9278..a0f35e4b68 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -29,6 +29,7 @@ import json
 import signal
 import logging
 import atexit
+import io
 
 sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'scripts'))
 import qtest
@@ -681,15 +682,19 @@ def main(supported_fmts=[], supported_oses=['linux'], 
supported_cache_modes=[],
 verify_platform(supported_oses)
 verify_cache_mode(supported_cache_modes)
 
-# We need to filter out the time taken from the output so that qemu-iotest
-# can reliably diff the results against master output.
-import StringIO
 if debug:
 output = sys.stdout
 verbosity = 2
 sys.argv.remove('-d')
 else:
-output = StringIO.StringIO()
+# We need to filter out the time taken from the output so that
+# qemu-iotest can reliably diff the results against master output.
+if sys.version_info.major >= 3:
+output = io.StringIO()
+else:
+# io.StringIO is for unicode strings, which is not what
+# 2.x's test runner emits.
+output = io.BytesIO()
 
 logging.basicConfig(level=(logging.DEBUG if debug else logging.WARN))
 
diff --git a/tests/qemu-iotests/nbd-fault-injector.py 
b/tests/qemu-iotests/nbd-fault-injector.py
index d45e2e0a6a..6b2d659dee 100755
--- a/tests/qemu-iotests/nbd-fault-injector.py
+++ b/tests/qemu-iotests/nbd-fault-injector.py
@@ -48,7 +48,10 @@ import sys
 import socket
 import struct
 import collections
-import ConfigParser
+if sys.version_info.major >= 3:
+import configparser
+else:
+import ConfigParser as configparser
 
 FAKE_DISK_SIZE = 8 * 1024 * 1024 * 1024 # 8 GB
 
@@ -225,7 +228,7 @@ def parse_config(config):
 return rules
 
 def load_rules(filename):
-config = ConfigParser.RawConfigParser()
+config = configparser.RawConfigParser()
 with open(filename, 'rt') as f:
 config.readfp(f, filename)
 return parse_config(config)
-- 
2.17.1

[Qemu-devel] [PATCH v3 7/9] iotests: 'new' module replacement in 169

[Max Reitz]

iotest 169 uses the 'new' module to add methods to a class.  This module
no longer exists in Python 3.  Instead, we can use a lambda.  Best of
all, this works in 2.7 just as well.

Signed-off-by: Max Reitz 
Reviewed-by: Eduardo Habkost 
Reviewed-by: Cleber Rosa 
---
 tests/qemu-iotests/169 | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/169 b/tests/qemu-iotests/169
index f243db9955..e5614b159d 100755
--- a/tests/qemu-iotests/169
+++ b/tests/qemu-iotests/169
@@ -23,7 +23,6 @@ import iotests
 import time
 import itertools
 import operator
-import new
 from iotests import qemu_img
 
 
@@ -144,7 +143,7 @@ class TestDirtyBitmapMigration(iotests.QMPTestCase):
 
 def inject_test_case(klass, name, method, *args, **kwargs):
 mc = operator.methodcaller(method, *args, **kwargs)
-setattr(klass, 'test_' + name, new.instancemethod(mc, None, klass))
+setattr(klass, 'test_' + name, lambda self: mc(self))
 
 for cmb in list(itertools.product((True, False), repeat=4)):
 name = ('_' if cmb[0] else '_not_') + 'persistent_'
-- 
2.17.1

[Qemu-devel] [PATCH v3 6/9] iotests: Explicitly bequeath FDs in Python

[Max Reitz]

Python 3.4 introduced the inheritable attribute for FDs.  At the same
time, it changed the default so that all FDs are not inheritable by
default, that only inheritable FDs are inherited to subprocesses, and
only if close_fds is explicitly set to False.

Adhere to this by setting close_fds to False when working with
subprocesses that may want to inherit FDs, and by trying to
set_inheritable() on FDs that we do want to bequeath to them.

Signed-off-by: Max Reitz 
Reviewed-by: Eduardo Habkost 
Reviewed-by: Cleber Rosa 
---
 scripts/qemu.py| 34 +-
 tests/qemu-iotests/045 |  2 +-
 tests/qemu-iotests/147 |  2 +-
 3 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/scripts/qemu.py b/scripts/qemu.py
index f099ce7278..fb29b73c30 100644
--- a/scripts/qemu.py
+++ b/scripts/qemu.py
@@ -142,11 +142,19 @@ class QEMUMachine(object):
 if opts:
 options.append(opts)
 
+# This did not exist before 3.4, but since then it is
+# mandatory for our purpose
+if hasattr(os, 'set_inheritable'):
+os.set_inheritable(fd, True)
+
 self._args.append('-add-fd')
 self._args.append(','.join(options))
 return self
 
-def send_fd_scm(self, fd_file_path):
+# Exactly one of fd and file_path must be given.
+# (If it is file_path, the helper will open that file and pass its
+# own fd)
+def send_fd_scm(self, fd=None, file_path=None):
 # In iotest.py, the qmp should always use unix socket.
 assert self._qmp.is_scm_available()
 if self._socket_scm_helper is None:
@@ -154,12 +162,27 @@ class QEMUMachine(object):
 if not os.path.exists(self._socket_scm_helper):
 raise QEMUMachineError("%s does not exist" %
self._socket_scm_helper)
+
+# This did not exist before 3.4, but since then it is
+# mandatory for our purpose
+if hasattr(os, 'set_inheritable'):
+os.set_inheritable(self._qmp.get_sock_fd(), True)
+if fd is not None:
+os.set_inheritable(fd, True)
+
 fd_param = ["%s" % self._socket_scm_helper,
-"%d" % self._qmp.get_sock_fd(),
-"%s" % fd_file_path]
+"%d" % self._qmp.get_sock_fd()]
+
+if file_path is not None:
+assert fd is None
+fd_param.append(file_path)
+else:
+assert fd is not None
+fd_param.append(str(fd))
+
 devnull = open(os.path.devnull, 'rb')
 proc = subprocess.Popen(fd_param, stdin=devnull, 
stdout=subprocess.PIPE,
-stderr=subprocess.STDOUT)
+stderr=subprocess.STDOUT, close_fds=False)
 output = proc.communicate()[0]
 if output:
 LOG.debug(output)
@@ -280,7 +303,8 @@ class QEMUMachine(object):
stdin=devnull,
stdout=self._qemu_log_file,
stderr=subprocess.STDOUT,
-   shell=False)
+   shell=False,
+   close_fds=False)
 self._post_launch()
 
 def wait(self):
diff --git a/tests/qemu-iotests/045 b/tests/qemu-iotests/045
index 6be8fc4912..55a5d31ca8 100755
--- a/tests/qemu-iotests/045
+++ b/tests/qemu-iotests/045
@@ -140,7 +140,7 @@ class TestSCMFd(iotests.QMPTestCase):
 os.remove(image0)
 
 def _send_fd_by_SCM(self):
-ret = self.vm.send_fd_scm(image0)
+ret = self.vm.send_fd_scm(file_path=image0)
 self.assertEqual(ret, 0, 'Failed to send fd with UNIX SCM')
 
 def test_add_fd(self):
diff --git a/tests/qemu-iotests/147 b/tests/qemu-iotests/147
index d2081df84b..05b374b7d3 100755
--- a/tests/qemu-iotests/147
+++ b/tests/qemu-iotests/147
@@ -229,7 +229,7 @@ class BuiltinNBD(NBDBlockdevAddBase):
 sockfd = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
 sockfd.connect(unix_socket)
 
-result = self.vm.send_fd_scm(str(sockfd.fileno()))
+result = self.vm.send_fd_scm(fd=sockfd.fileno())
 self.assertEqual(result, 0, 'Failed to send socket FD')
 
 result = self.vm.qmp('getfd', fdname='nbd-fifo')
-- 
2.17.1

[Qemu-devel] [PATCH v3 9/9] iotests: Unify log outputs between Python 2 and 3

[Max Reitz]

When dumping an object into the log, there are differences between
Python 2 and 3.  First, unicode strings are prefixed by 'u' in Python 2
(they are no longer in 3, because unicode strings are the default
there).  Second, the order of keys in dicts may differ.  Third,
especially long numbers are longs in Python 2 and thus get an 'L'
suffix, which does not happen in Python 3.

We can get around all of these differences by dumping objects (lists and
dicts) in a language-independent format, namely JSON.  The JSON
generator even allows emitting dicts with their keys sorted
alphabetically.

This changes the output of all tests that use these logging functions
(dict keys are ordered now, strings in dicts are now enclosed in double
quotes instead of single quotes, the 'L' suffix of large integers is
dropped, and "true" and "false" are now in lower case).
The quote change necessitates a small change to a filter used in test
207.

Suggested-by: Eduardo Habkost 
Signed-off-by: Max Reitz 
Reviewed-by: Cleber Rosa 
---
 tests/qemu-iotests/194.out|  22 +-
 tests/qemu-iotests/202.out|  12 +-
 tests/qemu-iotests/203.out|  14 +-
 tests/qemu-iotests/206.out| 218 +++---
 tests/qemu-iotests/207|   2 +-
 tests/qemu-iotests/207.out|  72 ++---
 tests/qemu-iotests/208.out|   8 +-
 tests/qemu-iotests/210.out|  94 +++---
 tests/qemu-iotests/211.out| 102 +++
 tests/qemu-iotests/212.out| 174 +--
 tests/qemu-iotests/213.out| 182 ++--
 tests/qemu-iotests/216.out|   4 +-
 tests/qemu-iotests/218.out|  20 +-
 tests/qemu-iotests/219.out| 526 +-
 tests/qemu-iotests/222.out|  24 +-
 tests/qemu-iotests/iotests.py |  10 +-
 16 files changed, 744 insertions(+), 740 deletions(-)

diff --git a/tests/qemu-iotests/194.out b/tests/qemu-iotests/194.out
index 50ac50da5e..71857853fb 100644
--- a/tests/qemu-iotests/194.out
+++ b/tests/qemu-iotests/194.out
@@ -1,18 +1,18 @@
 Launching VMs...
 Launching NBD server on destination...
-{u'return': {}}
-{u'return': {}}
+{"return": {}}
+{"return": {}}
 Starting `drive-mirror` on source...
-{u'return': {}}
+{"return": {}}
 Waiting for `drive-mirror` to complete...
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data': 
{u'device': u'mirror-job0', u'type': u'mirror', u'speed': 0, u'len': 
1073741824, u'offset': 1073741824}, u'event': u'BLOCK_JOB_READY'}
+{"data": {"device": "mirror-job0", "len": 1073741824, "offset": 1073741824, 
"speed": 0, "type": "mirror"}, "event": "BLOCK_JOB_READY", "timestamp": 
{"microseconds": "USECS", "seconds": "SECS"}}
 Starting migration...
-{u'return': {}}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data': 
{u'status': u'setup'}, u'event': u'MIGRATION'}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data': 
{u'status': u'active'}, u'event': u'MIGRATION'}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data': 
{u'status': u'completed'}, u'event': u'MIGRATION'}
+{"return": {}}
+{"data": {"status": "setup"}, "event": "MIGRATION", "timestamp": 
{"microseconds": "USECS", "seconds": "SECS"}}
+{"data": {"status": "active"}, "event": "MIGRATION", "timestamp": 
{"microseconds": "USECS", "seconds": "SECS"}}
+{"data": {"status": "completed"}, "event": "MIGRATION", "timestamp": 
{"microseconds": "USECS", "seconds": "SECS"}}
 Gracefully ending the `drive-mirror` job on source...
-{u'return': {}}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data': 
{u'device': u'mirror-job0', u'type': u'mirror', u'speed': 0, u'len': 
1073741824, u'offset': 1073741824}, u'event': u'BLOCK_JOB_COMPLETED'}
+{"return": {}}
+{"data": {"device": "mirror-job0", "len": 1073741824, "offset": 1073741824, 
"speed": 0, "type": "mirror"}, "event": "BLOCK_JOB_COMPLETED", "timestamp": 
{"microseconds": "USECS", "seconds": "SECS"}}
 Stopping the NBD server on destination...
-{u'return': {}}
+{"return": {}}
diff --git a/tests/qemu-iotests/202.out b/tests/qemu-iotests/202.out
index d5ea374e17..9a8619e796 100644
--- a/tests/qemu-iotests/202.out
+++ b/tests/qemu-iotests/202.out
@@ -1,11 +1,11 @@
 Launching VM...
 Adding IOThread...
-{u'return': {}}
+{"return": {}}
 Adding blockdevs...
-{u'return': {}}
-{u'return': {}}
+{"return": {}}
+{"return": {}}
 Setting iothread...
-{u'return': {}}
-{u'return': {}}
+{"return": {}}
+{"return": {}}
 Creating external snapshots...
-{u'return': {}}
+{"return": {}}
diff --git a/tests/qemu-iotests/203.out b/tests/qemu-iotests/203.out
index 1a11f0975c..9d4abba8c5 100644
--- a/tests/qemu-iotests/203.out
+++ b/tests/qemu-iotests/203.out
@@ -1,11 +1,11 @@
 Launching VM...
 Setting IOThreads...
-{u'return': {}}
-{u'return': {}}
+{"return": {}}
+{"return": {}}
 Enabling migration QMP events...
-{u'return': {}}
+{"return": {}}
 Starting migration...
-{u'return': {}}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data': 
{u'status': u'setup'}, u'event': u'MIGRATION'}
-{u'

[Qemu-devel] [PATCH v3 5/9] iotests: Different iterator behavior in Python 3

[Max Reitz]

In Python 3, several functions now return iterators instead of lists.
This includes range(), items(), map(), and filter().  This means that if
we really want a list, we have to wrap those instances with list().  But
then again, the two instances where this is the case for map() and
filter(), there are shorter expressions which work without either
function.

On the other hand, sometimes we do just want an iterator, in which case
we have sometimes used xrange() and iteritems() which no longer exist in
Python 3.  Just change these calls to be range() and items(), works in
both Python 2 and 3, and is really what we want in 3 (which is what
matters).  But because it is so simple to do (and to find and remove
once we completely switch to Python 3), make range() be an alias for
xrange() in the two affected tests (044 and 163).

In one instance, we only wanted the first instance of the result of a
filter() call.  Instead of using next(filter()) which would work only in
Python 3, or list(filter())[0] which would work everywhere but is a bit
weird, this instance is changed to use a generator expression with a
next() wrapped around, which works both in 2.7 and 3.

Signed-off-by: Max Reitz 
Reviewed-by: Eduardo Habkost 
Reviewed-by: Cleber Rosa 
---
 tests/qemu-iotests/044 | 16 ++--
 tests/qemu-iotests/056 |  2 +-
 tests/qemu-iotests/065 |  4 ++--
 tests/qemu-iotests/124 |  4 ++--
 tests/qemu-iotests/139 |  2 +-
 tests/qemu-iotests/163 | 11 +++
 6 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/tests/qemu-iotests/044 b/tests/qemu-iotests/044
index 7ef5e46fe9..9ec3dba734 100755
--- a/tests/qemu-iotests/044
+++ b/tests/qemu-iotests/044
@@ -26,6 +26,10 @@ import iotests
 from iotests import qemu_img, qemu_img_verbose, qemu_io
 import struct
 import subprocess
+import sys
+
+if sys.version_info.major == 2:
+range = xrange
 
 test_img = os.path.join(iotests.test_dir, 'test.img')
 
@@ -52,23 +56,23 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
 # Write a refcount table
 fd.seek(off_reftable)
 
-for i in xrange(0, h.refcount_table_clusters):
+for i in range(0, h.refcount_table_clusters):
 sector = b''.join(struct.pack('>Q',
 off_refblock + i * 64 * 512 + j * 512)
-for j in xrange(0, 64))
+for j in range(0, 64))
 fd.write(sector)
 
 # Write the refcount blocks
 assert(fd.tell() == off_refblock)
 sector = b''.join(struct.pack('>H', 1) for j in range(0, 64 * 256))
-for block in xrange(0, h.refcount_table_clusters):
+for block in range(0, h.refcount_table_clusters):
 fd.write(sector)
 
 # Write the L1 table
 assert(fd.tell() == off_l1)
 assert(off_l2 + 512 * h.l1_size == off_data)
 table = b''.join(struct.pack('>Q', (1 << 63) | off_l2 + 512 * j)
-for j in xrange(0, h.l1_size))
+for j in range(0, h.l1_size))
 fd.write(table)
 
 # Write the L2 tables
@@ -79,14 +83,14 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
 off = off_data
 while remaining > 1024 * 512:
 pytable = list((1 << 63) | off + 512 * j
-for j in xrange(0, 1024))
+for j in range(0, 1024))
 table = struct.pack('>1024Q', *pytable)
 fd.write(table)
 remaining = remaining - 1024 * 512
 off = off + 1024 * 512
 
 table = b''.join(struct.pack('>Q', (1 << 63) | off + 512 * j)
-for j in xrange(0, remaining // 512))
+for j in range(0, remaining // 512))
 fd.write(table)
 
 
diff --git a/tests/qemu-iotests/056 b/tests/qemu-iotests/056
index 223292175a..3df323984d 100755
--- a/tests/qemu-iotests/056
+++ b/tests/qemu-iotests/056
@@ -32,7 +32,7 @@ target_img = os.path.join(iotests.test_dir, 'target.img')
 def img_create(img, fmt=iotests.imgfmt, size='64M', **kwargs):
 fullname = os.path.join(iotests.test_dir, '%s.%s' % (img, fmt))
 optargs = []
-for k,v in kwargs.iteritems():
+for k,v in kwargs.items():
 optargs = optargs + ['-o', '%s=%s' % (k,v)]
 args = ['create', '-f', fmt] + optargs + [fullname, size]
 iotests.qemu_img(*args)
diff --git a/tests/qemu-iotests/065 b/tests/qemu-iotests/065
index 72aa9707c7..8bac383ea7 100755
--- a/tests/qemu-iotests/065
+++ b/tests/qemu-iotests/065
@@ -59,7 +59,7 @@ class TestQemuImgInfo(TestImageInfoSpecific):
 :data.index('')]
 for field in data:
 self.assertTrue(re.match('^ {4}[^ ]', field) is not None)
-data = map(lambda line: line.strip(), data)
+data = [line.strip() for line in data]
 self.assertEqual(data, self.human_compare)
 
 class TestQMP(TestImageInfoSpecific):
@@ -80,7 +80,7 

[Qemu-devel] [PATCH v3 2/9] iotests: Flush in iotests.py's QemuIoInteractive

[Max Reitz]

After issuing a command, flush the pipe.  This does not change anything
in Python 2, but it makes a difference in Python 3.

Signed-off-by: Max Reitz 
Reviewed-by: Eduardo Habkost 
Reviewed-by: Cleber Rosa 
---
 tests/qemu-iotests/iotests.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 4e67fbbe96..10f2d17419 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -178,6 +178,7 @@ class QemuIoInteractive:
 cmd = cmd.strip()
 assert cmd != 'q' and cmd != 'quit'
 self._p.stdin.write(cmd + '\n')
+self._p.stdin.flush()
 return self._read_output()
 
 
-- 
2.17.1

[Qemu-devel] [PATCH v3 4/9] iotests: Use // for Python integer division

[Max Reitz]

In Python 3, / is always a floating-point division.  We usually do not
want this, and as Python 2.7 understands // as well, change all integer
divisions to use that.

Signed-off-by: Max Reitz 
Reviewed-by: Eduardo Habkost 
Reviewed-by: Cleber Rosa 
---
 tests/qemu-iotests/030|  2 +-
 tests/qemu-iotests/040|  4 ++--
 tests/qemu-iotests/041|  4 ++--
 tests/qemu-iotests/044|  2 +-
 tests/qemu-iotests/093| 18 +-
 tests/qemu-iotests/136|  2 +-
 tests/qemu-iotests/149|  6 +++---
 tests/qemu-iotests/151| 12 ++--
 tests/qemu-iotests/163|  2 +-
 tests/qemu-iotests/iotests.py |  2 +-
 tests/qemu-iotests/qed.py |  6 +++---
 11 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/tests/qemu-iotests/030 b/tests/qemu-iotests/030
index 1dbc2ddc49..276e06b5ba 100755
--- a/tests/qemu-iotests/030
+++ b/tests/qemu-iotests/030
@@ -521,7 +521,7 @@ new_state = "2"
 state = "2"
 event = "%s"
 new_state = "1"
-''' % (event, errno, self.STREAM_BUFFER_SIZE / 512, event, event))
+''' % (event, errno, self.STREAM_BUFFER_SIZE // 512, event, event))
 file.close()
 
 class TestEIO(TestErrors):
diff --git a/tests/qemu-iotests/040 b/tests/qemu-iotests/040
index 1cb1ceeb33..b81133a474 100755
--- a/tests/qemu-iotests/040
+++ b/tests/qemu-iotests/040
@@ -195,7 +195,7 @@ class TestSingleDrive(ImageCommitTestCase):
 
 self.assert_no_active_block_jobs()
 result = self.vm.qmp('block-commit', device='drive0', top=mid_img,
- base=backing_img, speed=(self.image_len / 4))
+ base=backing_img, speed=(self.image_len // 4))
 self.assert_qmp(result, 'return', {})
 result = self.vm.qmp('device_del', id='scsi0')
 self.assert_qmp(result, 'return', {})
@@ -225,7 +225,7 @@ class TestSingleDrive(ImageCommitTestCase):
 
 self.assert_no_active_block_jobs()
 result = self.vm.qmp('block-commit', device='drive0', top=mid_img,
- base=backing_img, speed=(self.image_len / 4))
+ base=backing_img, speed=(self.image_len // 4))
 self.assert_qmp(result, 'return', {})
 
 result = self.vm.qmp('query-block')
diff --git a/tests/qemu-iotests/041 b/tests/qemu-iotests/041
index 9336ab6ff5..3615011d98 100755
--- a/tests/qemu-iotests/041
+++ b/tests/qemu-iotests/041
@@ -404,7 +404,7 @@ new_state = "2"
 state = "2"
 event = "%s"
 new_state = "1"
-''' % (event, errno, self.MIRROR_GRANULARITY / 512, event, event))
+''' % (event, errno, self.MIRROR_GRANULARITY // 512, event, event))
 file.close()
 
 def setUp(self):
@@ -569,7 +569,7 @@ new_state = "2"
 state = "2"
 event = "%s"
 new_state = "1"
-''' % (event, errno, self.MIRROR_GRANULARITY / 512, event, event))
+''' % (event, errno, self.MIRROR_GRANULARITY // 512, event, event))
 file.close()
 
 def setUp(self):
diff --git a/tests/qemu-iotests/044 b/tests/qemu-iotests/044
index 69e736f687..7ef5e46fe9 100755
--- a/tests/qemu-iotests/044
+++ b/tests/qemu-iotests/044
@@ -86,7 +86,7 @@ class TestRefcountTableGrowth(iotests.QMPTestCase):
 off = off + 1024 * 512
 
 table = b''.join(struct.pack('>Q', (1 << 63) | off + 512 * j)
-for j in xrange(0, remaining / 512))
+for j in xrange(0, remaining // 512))
 fd.write(table)
 
 
diff --git a/tests/qemu-iotests/093 b/tests/qemu-iotests/093
index 9d1971a56c..d88fbc182e 100755
--- a/tests/qemu-iotests/093
+++ b/tests/qemu-iotests/093
@@ -69,18 +69,18 @@ class ThrottleTestCase(iotests.QMPTestCase):
 # in. The throttled requests won't be executed until we
 # advance the virtual clock.
 rq_size = 512
-rd_nr = max(params['bps'] / rq_size / 2,
-params['bps_rd'] / rq_size,
-params['iops'] / 2,
+rd_nr = max(params['bps'] // rq_size // 2,
+params['bps_rd'] // rq_size,
+params['iops'] // 2,
 params['iops_rd'])
 rd_nr *= seconds * 2
-rd_nr /= ndrives
-wr_nr = max(params['bps'] / rq_size / 2,
-params['bps_wr'] / rq_size,
-params['iops'] / 2,
+rd_nr //= ndrives
+wr_nr = max(params['bps'] // rq_size // 2,
+params['bps_wr'] // rq_size,
+params['iops'] // 2,
 params['iops_wr'])
 wr_nr *= seconds * 2
-wr_nr /= ndrives
+wr_nr //= ndrives
 
 # Send I/O requests to all drives
 for i in range(rd_nr):
@@ -196,7 +196,7 @@ class ThrottleTestCase(iotests.QMPTestCase):
 self.configure_throttle(ndrives, settings)
 
 # Wait for the bucket to empty so we can do bursts
-wait_ns = nsec_per_sec * burst_length * burst_rate / rate
+wait_ns = nsec_per_sec * burst_length * burst_rate