Re: [Qemu-devel] [PATCH] chardev: fix mess in OPENED/CLOSED events when muxed

[no-reply]

Hi,

This series failed docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 
0084f7223c080cdbdfc2c5a2d132f8d6c0eff866.1541083966.git.artem.k.pisare...@gmail.com
Subject: [Qemu-devel] [PATCH] chardev: fix mess in OPENED/CLOSED events when 
muxed

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-quick@centos7 SHOW_ENV=1 J=8
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
b83295ce79 chardev: fix mess in OPENED/CLOSED events when muxed

=== OUTPUT BEGIN ===
  BUILD   centos7
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-di0ykc8m/src'
  GEN 
/var/tmp/patchew-tester-tmp-di0ykc8m/src/docker-src.2018-11-03-00.03.09.24086/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-di0ykc8m/src/docker-src.2018-11-03-00.03.09.24086/qemu.tar.vroot'...
done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-di0ykc8m/src/docker-src.2018-11-03-00.03.09.24086/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-di0ykc8m/src/docker-src.2018-11-03-00.03.09.24086/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-quick in qemu:centos7 
Packages installed:
SDL-devel-1.2.15-14.el7.x86_64
bison-3.0.4-1.el7.x86_64
bzip2-1.0.6-13.el7.x86_64
bzip2-devel-1.0.6-13.el7.x86_64
ccache-3.3.4-1.el7.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el7.x86_64
flex-2.5.37-3.el7.x86_64
gcc-4.8.5-28.el7_5.1.x86_64
gettext-0.19.8.1-2.el7.x86_64
git-1.8.3.1-14.el7_5.x86_64
glib2-devel-2.54.2-2.el7.x86_64
libaio-devel-0.3.109-13.el7.x86_64
libepoxy-devel-1.3.1-2.el7_5.x86_64
libfdt-devel-1.4.6-1.el7.x86_64
lzo-devel-2.06-8.el7.x86_64
make-3.82-23.el7.x86_64
mesa-libEGL-devel-17.2.3-8.20171019.el7.x86_64
mesa-libgbm-devel-17.2.3-8.20171019.el7.x86_64
nettle-devel-2.7.1-8.el7.x86_64
package g++ is not installed
package librdmacm-devel is not installed
pixman-devel-0.34.0-1.el7.x86_64
spice-glib-devel-0.34-3.el7_5.1.x86_64
spice-server-devel-0.14.0-2.el7_5.4.x86_64
tar-1.26-34.el7.x86_64
vte-devel-0.28.2-10.el7.x86_64
xen-devel-4.6.6-12.el7.x86_64
zlib-devel-1.2.7-17.el7.x86_64

Environment variables:
PACKAGES=bison bzip2 bzip2-devel ccache csnappy-devel flex  
   g++ gcc gettext git glib2-devel libaio-devel 
libepoxy-devel libfdt-devel librdmacm-devel lzo-devel make 
mesa-libEGL-devel mesa-libgbm-devel nettle-devel pixman-devel 
SDL-devel spice-glib-devel spice-server-devel tar vte-devel 
xen-devel zlib-devel
HOSTNAME=ca120e664fdb
MAKEFLAGS= -j8
J=8
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
TARGET_LIST=
SHLVL=1
HOME=/home/patchew
TEST_DIR=/tmp/qemu-test
FEATURES= dtc
DEBUG=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/tmp/qemu-test/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/install
BIOS directory/tmp/qemu-test/install/share/qemu
firmware path /tmp/qemu-test/install/share/qemu-firmware
binary directory  /tmp/qemu-test/install/bin
library directory /tmp/qemu-test/install/lib
module directory  /tmp/qemu-test/install/lib/qemu
libexec directory /tmp/qemu-test/install/libexec
include directory /tmp/qemu-test/install/include
config directory  /tmp/qemu-test/install/etc
local state directory   /tmp/qemu-test/install/var
Manual directory  /tmp/qemu-test/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
GIT binarygit
GIT submodules
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g 
QEMU_CFLAGS   -I/usr/include/pixman-1-Werror   -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -fPIE -DPIE -m64 -mcx16 
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels 
-Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security 
-Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration 
-Wold-style-definition -Wtype-limits -fstack-protector-strong 
-Wno-missing-braces   -I/usr/include/libpng15 -pthread 
-I/usr/include/spice-server -

[Qemu-devel] [Bug 588688] Re: Hard disk images are supporting ATAPI commands. They should fail.

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/588688

Title:
  Hard disk images are supporting ATAPI commands. They should fail.

Status in QEMU:
  Expired

Bug description:
  When using a hard disk image (qcow, qcow2, vdi, vmdk, bochs), the
  emulated device can be a CD-ROM and support ATAPI commands.

  These commands fails in real hard disks and these images are not
  prepared to handle optical disk formats, they should fail also.

  Only images able to handle that formats (dmg, raw, host) should work
  with ATAPI commands and CD-ROM devices.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/588688/+subscriptions

[Qemu-devel] [Bug 588693] Re: CD-ROM devices always return a one session, one track TOC

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/588693

Title:
  CD-ROM devices always return a one session, one track TOC

Status in QEMU:
  Expired

Bug description:
  CD-ROM devices always return a one session, one track TOC, no matter
  if it is using ioctl's with the host or DMG images (both able of
  having multi track, multi session discs).

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/588693/+subscriptions

Re: [Qemu-devel] [PATCH v2 00/10] hostmem: use object "id" for memory region name with >= 3.1

[no-reply]

Hi,

This series failed docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20181030150453.9344-1-marcandre.lur...@redhat.com
Subject: [Qemu-devel] [PATCH v2 00/10] hostmem: use object "id" for memory 
region name with >= 3.1

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-quick@centos7 SHOW_ENV=1 J=8
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
720b5d3d3d hostmem: use object id for memory region name with >= 3.1
d1afc352fc hw/i386: add pc-i440fx-3.1 & pc-q35-3.1
6bf54cebd0 tests: add user-creatable test to test-qdev-global-props
5704ef3901 qom/object: add set_globals flags
7ccd9180a0 qom/object: set globals when initializing object
d55e058030 qom/globals: generalize object_property_set_globals()
d649887b6b qom/globals: move qdev globals to qom
747e90e99d qdev: move qdev_prop_register_global_list() to tests
2d0037fecb accel: register global_props like machine globals
56f7f8cd3a qom: make user_creatable_complete() specific to UserCreatable

=== OUTPUT BEGIN ===
  BUILD   centos7
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-lft2ju70/src'
  GEN 
/var/tmp/patchew-tester-tmp-lft2ju70/src/docker-src.2018-11-02-23.37.50.28564/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-lft2ju70/src/docker-src.2018-11-02-23.37.50.28564/qemu.tar.vroot'...
done.
Checking out files:  47% (3081/6448)   
Checking out files:  48% (3096/6448)   
Checking out files:  49% (3160/6448)   
Checking out files:  50% (3224/6448)   
Checking out files:  51% (3289/6448)   
Checking out files:  52% (3353/6448)   
Checking out files:  53% (3418/6448)   
Checking out files:  54% (3482/6448)   
Checking out files:  55% (3547/6448)   
Checking out files:  56% (3611/6448)   
Checking out files:  57% (3676/6448)   
Checking out files:  58% (3740/6448)   
Checking out files:  59% (3805/6448)   
Checking out files:  60% (3869/6448)   
Checking out files:  61% (3934/6448)   
Checking out files:  62% (3998/6448)   
Checking out files:  63% (4063/6448)   
Checking out files:  64% (4127/6448)   
Checking out files:  65% (4192/6448)   
Checking out files:  66% (4256/6448)   
Checking out files:  67% (4321/6448)   
Checking out files:  68% (4385/6448)   
Checking out files:  69% (4450/6448)   
Checking out files:  70% (4514/6448)   
Checking out files:  71% (4579/6448)   
Checking out files:  72% (4643/6448)   
Checking out files:  73% (4708/6448)   
Checking out files:  74% (4772/6448)   
Checking out files:  75% (4836/6448)   
Checking out files:  76% (4901/6448)   
Checking out files:  77% (4965/6448)   
Checking out files:  78% (5030/6448)   
Checking out files:  79% (5094/6448)   
Checking out files:  80% (5159/6448)   
Checking out files:  81% (5223/6448)   
Checking out files:  82% (5288/6448)   
Checking out files:  83% (5352/6448)   
Checking out files:  84% (5417/6448)   
Checking out files:  85% (5481/6448)   
Checking out files:  86% (5546/6448)   
Checking out files:  87% (5610/6448)   
Checking out files:  88% (5675/6448)   
Checking out files:  89% (5739/6448)   
Checking out files:  90% (5804/6448)   
Checking out files:  91% (5868/6448)   
Checking out files:  92% (5933/6448)   
Checking out files:  93% (5997/6448)   
Checking out files:  94% (6062/6448)   
Checking out files:  95% (6126/6448)   
Checking out files:  96% (6191/6448)   
Checking out files:  97% (6255/6448)   
Checking out files:  98% (6320/6448)   
Checking out files:  99% (6384/6448)   
Checking out files: 100% (6448/6448)   
Checking out files: 100% (6448/6448), done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-lft2ju70/src/docker-src.2018-11-02-23.37.50.28564/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-lft2ju70/src/docker-src.2018-11-02-23.37.50.28564/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-quick in qemu:centos7 
Packages installed:
SDL-devel-1.2.15-14.el7.x86_64
bison-3.0.4-1.el7.x86_64
bzip2-1.0.6-13.el7.x86_64
bzip2-devel-1.0.6-13.el7.x86_64
ccache-3.3.4-1.el7.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el7.x86_64
flex-2.5.37-3.el7.x86_64
gcc-4.8.5-28.el7_5.1.x86_64
gettext-0.19.8.1-2.el7.x86_64
git-1.8.3.1-14.el7_5.x86_64
glib2-devel-2.54.2-2.el7.x86_64
libaio-devel-0.3.109-13.el7.x86_64
libepoxy-devel-1.3.1-2.el7_5.x86_64
libfdt-devel-1.4.6-1.el7.x86_64
lzo-devel-2.06-8.el7.x86_64
make-3.82-23.el7.x86_64
mesa-libEGL-devel-17.2.3-8.20171019.el7.x86_64
mesa-libgbm-devel-17.2.3-8.20171019.el7.x86_64
nettle-devel

Re: [Qemu-devel] [PATCH v3 00/13] arm: nRF51 Devices and Microbit Support

[no-reply]

Hi,

This series failed docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20181031002526.14262-1-cont...@steffen-goertz.de
Subject: [Qemu-devel] [PATCH v3 00/13] arm: nRF51 Devices and Microbit Support

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-mingw@fedora SHOW_ENV=1 J=8
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
98963724e9 arm: Add Clock peripheral stub to NRF51 SOC
61cf5e230c arm: Instantiate NRF51 Timers
c1bff0be09 hw/timer/nrf51_timer: Add nRF51 Timer peripheral
0e950d31dc tests/microbit-test: Add Tests for nRF51 GPIO
b89bc10e44 arm: Instantiate NRF51 general purpose I/O
f863cd5dfa hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral
dce16b6e33 tests: Add bbc:microbit / nRF51 test suite
37aeb3721f arm: Instantiate NRF51 special NVM's and NVMC
40ce185096 hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories
16d7b3b713 arm: Instantiate NRF51 random number generator
6103fd035a hw/misc/nrf51_rng: Add NRF51 random number generator peripheral
7db1da8302 arm: Add header to host common definition for nRF51 SOC peripherals
a8b42f1f9a qtest: Add set_irq_in command to set IRQ/GPIO level

=== OUTPUT BEGIN ===
  BUILD   fedora
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-re72b398/src'
  GEN 
/var/tmp/patchew-tester-tmp-re72b398/src/docker-src.2018-11-02-23.23.36.29422/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-re72b398/src/docker-src.2018-11-02-23.23.36.29422/qemu.tar.vroot'...
done.
Checking out files:  47% (3071/6455)   
Checking out files:  48% (3099/6455)   
Checking out files:  49% (3163/6455)   
Checking out files:  50% (3228/6455)   
Checking out files:  51% (3293/6455)   
Checking out files:  52% (3357/6455)   
Checking out files:  53% (3422/6455)   
Checking out files:  54% (3486/6455)   
Checking out files:  55% (3551/6455)   
Checking out files:  56% (3615/6455)   
Checking out files:  57% (3680/6455)   
Checking out files:  58% (3744/6455)   
Checking out files:  59% (3809/6455)   
Checking out files:  60% (3873/6455)   
Checking out files:  61% (3938/6455)   
Checking out files:  62% (4003/6455)   
Checking out files:  63% (4067/6455)   
Checking out files:  64% (4132/6455)   
Checking out files:  65% (4196/6455)   
Checking out files:  66% (4261/6455)   
Checking out files:  67% (4325/6455)   
Checking out files:  68% (4390/6455)   
Checking out files:  69% (4454/6455)   
Checking out files:  70% (4519/6455)   
Checking out files:  71% (4584/6455)   
Checking out files:  72% (4648/6455)   
Checking out files:  73% (4713/6455)   
Checking out files:  74% (4777/6455)   
Checking out files:  75% (4842/6455)   
Checking out files:  76% (4906/6455)   
Checking out files:  77% (4971/6455)   
Checking out files:  78% (5035/6455)   
Checking out files:  79% (5100/6455)   
Checking out files:  80% (5164/6455)   
Checking out files:  81% (5229/6455)   
Checking out files:  82% (5294/6455)   
Checking out files:  83% (5358/6455)   
Checking out files:  84% (5423/6455)   
Checking out files:  85% (5487/6455)   
Checking out files:  86% (5552/6455)   
Checking out files:  87% (5616/6455)   
Checking out files:  88% (5681/6455)   
Checking out files:  89% (5745/6455)   
Checking out files:  90% (5810/6455)   
Checking out files:  91% (5875/6455)   
Checking out files:  92% (5939/6455)   
Checking out files:  93% (6004/6455)   
Checking out files:  94% (6068/6455)   
Checking out files:  95% (6133/6455)   
Checking out files:  96% (6197/6455)   
Checking out files:  97% (6262/6455)   
Checking out files:  98% (6326/6455)   
Checking out files:  99% (6391/6455)   
Checking out files: 100% (6455/6455)   
Checking out files: 100% (6455/6455), done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-re72b398/src/docker-src.2018-11-02-23.23.36.29422/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-re72b398/src/docker-src.2018-11-02-23.23.36.29422/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-mingw in qemu:fedora 
Packages installed:
SDL2-devel-2.0.8-5.fc28.x86_64
bc-1.07.1-5.fc28.x86_64
bison-3.0.4-9.fc28.x86_64
bluez-libs-devel-5.50-1.fc28.x86_64
brlapi-devel-0.6.7-19.fc28.x86_64
bzip2-1.0.6-26.fc28.x86_64
bzip2-devel-1.0.6-26.fc28.x86_64
ccache-3.4.2-2.fc28.x86_64
clang-6.0.1-1.fc28.x86_64
device-mapper-multipath-devel-0.7.4-3.git07e7bd5.fc28.x86_64
findutils-4.6.0-19.fc28.x86_64
flex-2.6.1-7.fc28.x86_64
gcc-8.1.1-5.fc28.x86_64
gcc-c++-8.1.1-5.fc28.x86_64
gettext-0.19.8.1-

Re: [Qemu-devel] [PATCH v2 00/10] hostmem: use object "id" for memory region name with >= 3.1

[no-reply]

Hi,

This series failed docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20181030150453.9344-1-marcandre.lur...@redhat.com
Subject: [Qemu-devel] [PATCH v2 00/10] hostmem: use object "id" for memory 
region name with >= 3.1

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-mingw@fedora SHOW_ENV=1 J=8
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
720b5d3d3d hostmem: use object id for memory region name with >= 3.1
d1afc352fc hw/i386: add pc-i440fx-3.1 & pc-q35-3.1
6bf54cebd0 tests: add user-creatable test to test-qdev-global-props
5704ef3901 qom/object: add set_globals flags
7ccd9180a0 qom/object: set globals when initializing object
d55e058030 qom/globals: generalize object_property_set_globals()
d649887b6b qom/globals: move qdev globals to qom
747e90e99d qdev: move qdev_prop_register_global_list() to tests
2d0037fecb accel: register global_props like machine globals
56f7f8cd3a qom: make user_creatable_complete() specific to UserCreatable

=== OUTPUT BEGIN ===
  BUILD   fedora
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-q9knamo8/src'
  GEN 
/var/tmp/patchew-tester-tmp-q9knamo8/src/docker-src.2018-11-02-23.35.17.23252/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-q9knamo8/src/docker-src.2018-11-02-23.35.17.23252/qemu.tar.vroot'...
done.
Checking out files:  47% (3063/6448)   
Checking out files:  48% (3096/6448)   
Checking out files:  49% (3160/6448)   
Checking out files:  50% (3224/6448)   
Checking out files:  51% (3289/6448)   
Checking out files:  52% (3353/6448)   
Checking out files:  53% (3418/6448)   
Checking out files:  54% (3482/6448)   
Checking out files:  55% (3547/6448)   
Checking out files:  56% (3611/6448)   
Checking out files:  57% (3676/6448)   
Checking out files:  58% (3740/6448)   
Checking out files:  59% (3805/6448)   
Checking out files:  60% (3869/6448)   
Checking out files:  61% (3934/6448)   
Checking out files:  62% (3998/6448)   
Checking out files:  63% (4063/6448)   
Checking out files:  64% (4127/6448)   
Checking out files:  65% (4192/6448)   
Checking out files:  66% (4256/6448)   
Checking out files:  67% (4321/6448)   
Checking out files:  68% (4385/6448)   
Checking out files:  69% (4450/6448)   
Checking out files:  70% (4514/6448)   
Checking out files:  71% (4579/6448)   
Checking out files:  72% (4643/6448)   
Checking out files:  73% (4708/6448)   
Checking out files:  74% (4772/6448)   
Checking out files:  75% (4836/6448)   
Checking out files:  76% (4901/6448)   
Checking out files:  77% (4965/6448)   
Checking out files:  78% (5030/6448)   
Checking out files:  79% (5094/6448)   
Checking out files:  80% (5159/6448)   
Checking out files:  81% (5223/6448)   
Checking out files:  82% (5288/6448)   
Checking out files:  83% (5352/6448)   
Checking out files:  84% (5417/6448)   
Checking out files:  85% (5481/6448)   
Checking out files:  86% (5546/6448)   
Checking out files:  87% (5610/6448)   
Checking out files:  88% (5675/6448)   
Checking out files:  89% (5739/6448)   
Checking out files:  90% (5804/6448)   
Checking out files:  91% (5868/6448)   
Checking out files:  92% (5933/6448)   
Checking out files:  93% (5997/6448)   
Checking out files:  94% (6062/6448)   
Checking out files:  95% (6126/6448)   
Checking out files:  96% (6191/6448)   
Checking out files:  97% (6255/6448)   
Checking out files:  98% (6320/6448)   
Checking out files:  99% (6384/6448)   
Checking out files: 100% (6448/6448)   
Checking out files: 100% (6448/6448), done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-q9knamo8/src/docker-src.2018-11-02-23.35.17.23252/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-q9knamo8/src/docker-src.2018-11-02-23.35.17.23252/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-mingw in qemu:fedora 
Packages installed:
SDL2-devel-2.0.8-5.fc28.x86_64
bc-1.07.1-5.fc28.x86_64
bison-3.0.4-9.fc28.x86_64
bluez-libs-devel-5.50-1.fc28.x86_64
brlapi-devel-0.6.7-19.fc28.x86_64
bzip2-1.0.6-26.fc28.x86_64
bzip2-devel-1.0.6-26.fc28.x86_64
ccache-3.4.2-2.fc28.x86_64
clang-6.0.1-1.fc28.x86_64
device-mapper-multipath-devel-0.7.4-3.git07e7bd5.fc28.x86_64
findutils-4.6.0-19.fc28.x86_64
flex-2.6.1-7.fc28.x86_64
gcc-8.1.1-5.fc28.x86_64
gcc-c++-8.1.1-5.fc28.x86_64
gettext-0.19.8.1-14.fc28.x86_64
git-2.17.1-3.fc28.x86_64
glib2-devel-2.56.1-4.fc28.x86_64
glusterfs-api-devel-4.1.2-2.fc28.x86_64
gnutls-devel-3.6.3-3.fc28.x86_64

Re: [Qemu-devel] [PATCH v3 00/13] arm: nRF51 Devices and Microbit Support

[no-reply]

Hi,

This series failed docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20181031002526.14262-1-cont...@steffen-goertz.de
Subject: [Qemu-devel] [PATCH v3 00/13] arm: nRF51 Devices and Microbit Support

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-quick@centos7 SHOW_ENV=1 J=8
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
98963724e9 arm: Add Clock peripheral stub to NRF51 SOC
61cf5e230c arm: Instantiate NRF51 Timers
c1bff0be09 hw/timer/nrf51_timer: Add nRF51 Timer peripheral
0e950d31dc tests/microbit-test: Add Tests for nRF51 GPIO
b89bc10e44 arm: Instantiate NRF51 general purpose I/O
f863cd5dfa hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral
dce16b6e33 tests: Add bbc:microbit / nRF51 test suite
37aeb3721f arm: Instantiate NRF51 special NVM's and NVMC
40ce185096 hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories
16d7b3b713 arm: Instantiate NRF51 random number generator
6103fd035a hw/misc/nrf51_rng: Add NRF51 random number generator peripheral
7db1da8302 arm: Add header to host common definition for nRF51 SOC peripherals
a8b42f1f9a qtest: Add set_irq_in command to set IRQ/GPIO level

=== OUTPUT BEGIN ===
  BUILD   centos7
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-3kly9cpr/src'
  GEN 
/var/tmp/patchew-tester-tmp-3kly9cpr/src/docker-src.2018-11-02-23.24.35.30066/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-3kly9cpr/src/docker-src.2018-11-02-23.24.35.30066/qemu.tar.vroot'...
done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-3kly9cpr/src/docker-src.2018-11-02-23.24.35.30066/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-3kly9cpr/src/docker-src.2018-11-02-23.24.35.30066/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-quick in qemu:centos7 
Packages installed:
SDL-devel-1.2.15-14.el7.x86_64
bison-3.0.4-1.el7.x86_64
bzip2-1.0.6-13.el7.x86_64
bzip2-devel-1.0.6-13.el7.x86_64
ccache-3.3.4-1.el7.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el7.x86_64
flex-2.5.37-3.el7.x86_64
gcc-4.8.5-28.el7_5.1.x86_64
gettext-0.19.8.1-2.el7.x86_64
git-1.8.3.1-14.el7_5.x86_64
glib2-devel-2.54.2-2.el7.x86_64
libaio-devel-0.3.109-13.el7.x86_64
libepoxy-devel-1.3.1-2.el7_5.x86_64
libfdt-devel-1.4.6-1.el7.x86_64
lzo-devel-2.06-8.el7.x86_64
make-3.82-23.el7.x86_64
mesa-libEGL-devel-17.2.3-8.20171019.el7.x86_64
mesa-libgbm-devel-17.2.3-8.20171019.el7.x86_64
nettle-devel-2.7.1-8.el7.x86_64
package g++ is not installed
package librdmacm-devel is not installed
pixman-devel-0.34.0-1.el7.x86_64
spice-glib-devel-0.34-3.el7_5.1.x86_64
spice-server-devel-0.14.0-2.el7_5.4.x86_64
tar-1.26-34.el7.x86_64
vte-devel-0.28.2-10.el7.x86_64
xen-devel-4.6.6-12.el7.x86_64
zlib-devel-1.2.7-17.el7.x86_64

Environment variables:
PACKAGES=bison bzip2 bzip2-devel ccache csnappy-devel flex  
   g++ gcc gettext git glib2-devel libaio-devel 
libepoxy-devel libfdt-devel librdmacm-devel lzo-devel make 
mesa-libEGL-devel mesa-libgbm-devel nettle-devel pixman-devel 
SDL-devel spice-glib-devel spice-server-devel tar vte-devel 
xen-devel zlib-devel
HOSTNAME=84db45d0970a
MAKEFLAGS= -j8
J=8
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
TARGET_LIST=
SHLVL=1
HOME=/home/patchew
TEST_DIR=/tmp/qemu-test
FEATURES= dtc
DEBUG=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/tmp/qemu-test/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/install
BIOS directory/tmp/qemu-test/install/share/qemu
firmware path /tmp/qemu-test/install/share/qemu-firmware
binary directory  /tmp/qemu-test/install/bin
library directory /tmp/qemu-test/install/lib
module directory  /tmp/qemu-test/install/lib/qemu
libexec directory /tmp/qemu-test/install/libexec
include directory /tmp/qemu-test/install/include
config directory  /tmp/qemu-test/install/etc
local state directory   /tmp/qemu-test/install/var
Manual directory  /tmp/qemu-test/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
GIT binarygit
GIT submodules
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FOR

[Qemu-devel] [PATCH] vdi: Use a literal number of bytes for DEFAULT_CLUSTER_SIZE

[Leonid Bloch]

If an expression is used to define DEFAULT_CLUSTER_SIZE, when compiled,
it will be embedded as a literal expression in the binary (as the
default value) because it is stringified to mark the size of the default
value. Now this is fixed by using a defined number to define this value.

Signed-off-by: Leonid Bloch 
---
 block/vdi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/vdi.c b/block/vdi.c
index 6555cffb88..25320eff47 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -85,7 +85,7 @@
 #define BLOCK_OPT_STATIC "static"
 
 #define SECTOR_SIZE 512
-#define DEFAULT_CLUSTER_SIZE (1 * MiB)
+#define DEFAULT_CLUSTER_SIZE S_1MiB
 
 #if defined(CONFIG_VDI_DEBUG)
 #define VDI_DEBUG 1
-- 
2.17.1

Re: [Qemu-devel] [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state

[Liran Alon]

> On 2 Nov 2018, at 18:39, Jim Mattson  wrote:
> 
> On Thu, Nov 1, 2018 at 8:46 PM, Liran Alon  wrote:
> 
>> Hmm this makes sense.
>> 
>> This means though that the patch I have submitted here isn't good enough.
>> My patch currently assumes that when it attempts to get nested state from 
>> KVM,
>> QEMU should always set nested_state->size to max size supported by KVM as 
>> received
>> from kvm_check_extension(s, KVM_CAP_NESTED_STATE);
>> (See kvm_get_nested_state() introduced on my patch).
>> This indeed won't allow migration from host with new KVM to host with old 
>> KVM if
>> nested_state size was enlarged between these KVM versions.
>> Which is obviously an issue.
>> 
>> Jim, I think that my confusion was created from the fact that there is no 
>> clear documentation
>> on how KVM_{GET,SET}_NESTED_STATE should be changed once we will need to add 
>> more state to
>> nested_state in future KVM versions. I think it's worth adding that to 
>> IOCTLs documentation.
> 
> The nested state IOCTLs aren't unique in this respect. Any changes to
> the state saved by any of this whole family of state-saving ioctls
> require opt-in from userspace.
> 
>> For example, let's assume we have a new KVM_CAP_NESTED_STATE_V2.
>> In this scenario, does kvm_check_extension(s, KVM_CAP_NESTED_STATE) still 
>> returns the
>> size of nested_state v1 and kvm_check_extension(s, KVM_CAP_NESTED_STATE_V2) 
>> returns the
>> size of the nested_state v2?
> 
> Hmm...I don't recall kvm_check_extension(s, KVM_CAP_NESTED_STATE)
> being part of my original design. The way I had envisioned it,
> the set of capabilities enabled by userspace would be sufficient to
> infer the maximum data size.

If the set of capabilities should be sufficient to infer the max size of 
nested_state,
why did we code kvm_vm_ioctl_check_extension() such that on KVM_CAP_NESTED_STATE
it returns the max size of nested_state?

> 
> If, for example, we add a field to stash the time remaining for the
> VMCS12 VMX preemption timer, then presumably, userspace will enable it
> by enabling KVM_CAP_SAVE_VMX_PREEMPTION_TIMER (or something like
> that), and then userspace will know that the maximum nested state data
> is 4 bytes larger.

In that case, why did we defined struct kvm_nested_state to hold a blob of 
data[] instead
of separating the blob into well defined blobs? (e.g. Currently one blob for 
vmcs12 and another one for shadow vmcs12).
Then when we add a new component which is opt-in by a new KVM_CAP, we will add 
another well defined blob
to struct kvm_nested_state.

I think this is important because it allows us to specify in 
nested_state->flags which components are saved
and create multiple VMState subsections with needed() methods for the various 
saved components.

Thus allowing for example to easily still migrate from a new QEMU which does 
stash the time remaining for the VMCS12 VMX preemption timer
to an old QEMU which doesn’t stash it in case nested_state->flags specify that 
this component is not saved (Because L1 don’t use VMX preemption timer for 
example).

This seems to behave more nicely with how QEMU migration mechanism is defined 
and the purpose of VMState subsections.

In addition, if we will define struct kvm_nested_state like this, we will also 
not need the “size” field which needs to be carefully handled to avoid buffer 
overflows.
(We will just define large enough buffers (with padding) for each opaque 
component such as vmcs12 and shadow vmcs12).

> 
>> Also note that the approach suggested by Jim requires mgmt-layer at dest
>> to be able to specify to QEMU which KVM_CAP_NESTED_STATE_V* capabilities it 
>> should enable on kvm_init().
>> When we know we are migrating from a host which supports v1 to a host which 
>> supports v2,
>> we should make sure that dest QEMU doesn't enable KVM_CAP_NESTED_STATE_V2.
>> However, when we are just launching a new machine on the host which supports 
>> v2, we do want
>> QEMU to enable KVM_CAP_NESTED_STATE_V2 enabled for that VM.
> 
> No, no, no. Even when launching a new VM on a host that supports v2,
> you cannot enable v2 until you have passed rollback horizon. Should
> you decide to roll back the kernel with v2 support, you must be able
> to move that new VM to a host with an old kernel.

If we use VMState subsections as I described above, QEMU should be able to know 
which components of nested_state are
actively saved by KVM and therefore are *required* to be restored on dest host 
in order to migrate without guest issues after it is resumed on dest.
Therefore, still allowing migration from new hosts to old hosts in case guest 
didn’t enter a state which makes new saved state required in order
for migration to succeed.

If the mechanism will work like this, nested_state KVM_CAPs enabled on QEMU 
launch are only used to inform KVM which
struct kvm_nested_state is used by userspace. Not what is actually sent as part 
of migration stream.

What are your thoughts on this?

-Liran

> 
>> But on second 

[Qemu-devel] [PATCH] include: Add a comment to explain the origin of sizes' lookup table

[Leonid Bloch]

The lookup table for power-of-two sizes was added in commit 540b8492618eb
for the purpose of having convenient shortcuts for these sizes in cases
when the literal number has to be present at compile time, and
expressions as '(1 * KiB)' can not be used. One such case is the
stringification of sizes. Beyond that, it is convenient to use these
shortcuts for all power-of-two sizes, even if they don't have to be
literal numbers.

Despite its convenience, this table introduced 55 lines of "dumb" code,
the purpose and origin of which are obscure without reading the message
of the commit which introduced it. This patch fixes that by adding a
comment to the code itself with a brief explanation for the reasoning
behind this table. This comment includes the short AWK script that
generated the table, so that anyone who's interested could make sure
that the values in it are correct (otherwise these values look as if
they were typed manually).

Signed-off-by: Leonid Bloch 
---
 include/qemu/units.h | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/include/qemu/units.h b/include/qemu/units.h
index 68a7758650..051c274ca2 100644
--- a/include/qemu/units.h
+++ b/include/qemu/units.h
@@ -17,6 +17,24 @@
 #define PiB (INT64_C(1) << 50)
 #define EiB (INT64_C(1) << 60)
 
+/*
+ * The following lookup table is intended to be used when a literal string of
+ * the number of bytes is required (for example if it needs to be stringified).
+ * It can also be used for generic shortcuts of power-of-two sizes.
+ * This table is generated using the AWK script below:
+ *
+ *  BEGIN {
+ * suffix="KMGTPE";
+ * for(i=10; i<64; i++) {
+ * val=2**i;
+ * s=substr(suffix, int(i/10), 1);
+ * n=2**(i%10);
+ * pad=21-int(log(n)/log(10));
+ * printf("#define S_%d%siB %*d\n", n, s, pad, val);
+ * }
+ *  }
+ */
+
 #define S_1KiB  1024
 #define S_2KiB  2048
 #define S_4KiB  4096
-- 
2.17.1

[Qemu-devel] [PATCH v2] target/xtensa: drop num_[core_]regs from dc232b/dc233c configs

[Max Filippov]

gdb_regmap::num_core_regs field is initialized incorrectly in the dc232b
and dc233c configurations. As a result the following message is
displayed when attaching to an xtensa linux-user process:

  "Register 105 is not available",

and gdb is unable to control the inferior.

Now that xtensa_count_regs does the right thing, remove manual
initialization of these fields from the affected configurations and let
xtensa_finalize_config initialize them. Add XTREG_END to terminate
register lists.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Max Filippov 
---
Changes v1->v2:
- add XTREG_END terminators to the register lists

 target/xtensa/core-dc232b.c| 2 --
 target/xtensa/core-dc232b/gdb-config.inc.c | 1 +
 target/xtensa/core-dc233c.c| 2 --
 target/xtensa/core-dc233c/gdb-config.inc.c | 1 +
 4 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/target/xtensa/core-dc232b.c b/target/xtensa/core-dc232b.c
index 71313378409e..7851bcb63687 100644
--- a/target/xtensa/core-dc232b.c
+++ b/target/xtensa/core-dc232b.c
@@ -40,8 +40,6 @@
 static XtensaConfig dc232b __attribute__((unused)) = {
 .name = "dc232b",
 .gdb_regmap = {
-.num_regs = 120,
-.num_core_regs = 52,
 .reg = {
 #include "core-dc232b/gdb-config.inc.c"
 }
diff --git a/target/xtensa/core-dc232b/gdb-config.inc.c 
b/target/xtensa/core-dc232b/gdb-config.inc.c
index 13aba5edecd6..d87168628be8 100644
--- a/target/xtensa/core-dc232b/gdb-config.inc.c
+++ b/target/xtensa/core-dc232b/gdb-config.inc.c
@@ -259,3 +259,4 @@
   0, 0, 0, 0, 0, 0)
   XTREG(119, 476, 32, 4, 4, 0x000f, 0x0006, -2, 8, 0x0100, a15,
   0, 0, 0, 0, 0, 0)
+  XTREG_END
diff --git a/target/xtensa/core-dc233c.c b/target/xtensa/core-dc233c.c
index d701e3f5de07..8853bfd4d08f 100644
--- a/target/xtensa/core-dc233c.c
+++ b/target/xtensa/core-dc233c.c
@@ -40,8 +40,6 @@
 static XtensaConfig dc233c __attribute__((unused)) = {
 .name = "dc233c",
 .gdb_regmap = {
-.num_regs = 121,
-.num_core_regs = 52,
 .reg = {
 #include "core-dc233c/gdb-config.inc.c"
 }
diff --git a/target/xtensa/core-dc233c/gdb-config.inc.c 
b/target/xtensa/core-dc233c/gdb-config.inc.c
index b632341b28ec..7e8963227fc0 100644
--- a/target/xtensa/core-dc233c/gdb-config.inc.c
+++ b/target/xtensa/core-dc233c/gdb-config.inc.c
@@ -143,3 +143,4 @@ XTREG(117, 468, 32, 4, 4, 0x000c, 0x0006, -2, 8, 0x0100, 
a12, 0, 0, 0, 0
 XTREG(118, 472, 32, 4, 4, 0x000d, 0x0006, -2, 8, 0x0100, a13, 0, 0, 0, 
0, 0, 0)
 XTREG(119, 476, 32, 4, 4, 0x000e, 0x0006, -2, 8, 0x0100, a14, 0, 0, 0, 
0, 0, 0)
 XTREG(120, 480, 32, 4, 4, 0x000f, 0x0006, -2, 8, 0x0100, a15, 0, 0, 0, 
0, 0, 0)
+XTREG_END
-- 
2.11.0

Re: [Qemu-devel] [PATCH] qemu/units: Move out QCow2 specific definitions

[Leonid Bloch]

Hi,

On 11/2/18 5:28 PM, Kevin Wolf wrote:
> Am 02.11.2018 um 15:52 hat Eric Blake geschrieben:
>> On 11/2/18 9:10 AM, Kevin Wolf wrote:
>>> Am 02.11.2018 um 13:37 hat Philippe Mathieu-Daudé geschrieben:
 Hi Kevin,

 On 2/11/18 12:07, Kevin Wolf wrote:
> Am 02.11.2018 um 09:58 hat Philippe Mathieu-Daudé geschrieben:
>> This definitions are QCow2 specific, there is no need to expose them
>> in the global namespace.

These are not QCOW2 specific. I wrote these for convenience in QCOW2, 
but there are many other places where these can be used (many 
pre-defined sizes are powers of two), and there are few places where 
they must replace the current notation, like in block/vdi.c with 
DEFAULT_CLUSTER_SIZE (unless an explicit value in bytes will be defined 
instead).

>>
>> Agreed. I didn't want it in the first place, arguing that if we want
>> stringification of defaults, it would be better to have a runtime function
>> do that, rather than adding a set of near-duplicate macro names.

A runtime function will not help here, as these are used in compile 
time. These result in strings that are actually compiled into the binaries.

>>>
>>> Then there is VDI which uses (1 * MiB), but that is compiled out and if
>>> you enable it, it breaks. So it needs the same fix.

Yeah, I need to fix that as promised. Will do shortly. :)

Leonid.

Re: [Qemu-devel] [PATCH] tests/bios-tables-test: Sanitize test verbose output

[Thomas Huth]

On 2018-10-30 00:18, Philippe Mathieu-Daudé wrote:
> Fix the extraneous extra blank lines in the test output when running with V=1.
> 
> Before:
> 
> TEST: tests/bios-tables-test... (pid=25678)
>   /i386/acpi/piix4:
> Looking for expected file 'tests/acpi-test-data/pc/DSDT'
> 
> Using expected file 'tests/acpi-test-data/pc/DSDT'
> 
> Looking for expected file 'tests/acpi-test-data/pc/FACP'
> 
> Using expected file 'tests/acpi-test-data/pc/FACP'
> 
> Looking for expected file 'tests/acpi-test-data/pc/APIC'
> 
> Using expected file 'tests/acpi-test-data/pc/APIC'
> 
> Looking for expected file 'tests/acpi-test-data/pc/HPET'
> 
> Using expected file 'tests/acpi-test-data/pc/HPET'
> OK
> 
> After:
> 
> TEST: tests/bios-tables-test... (pid=667)
>   /i386/acpi/piix4:
> Looking for expected file 'tests/acpi-test-data/pc/DSDT'
> Using expected file 'tests/acpi-test-data/pc/DSDT'
> Looking for expected file 'tests/acpi-test-data/pc/FACP'
> Using expected file 'tests/acpi-test-data/pc/FACP'
> Looking for expected file 'tests/acpi-test-data/pc/APIC'
> Using expected file 'tests/acpi-test-data/pc/APIC'
> Looking for expected file 'tests/acpi-test-data/pc/HPET'
> Using expected file 'tests/acpi-test-data/pc/HPET'
> OK
> 
> Suggested-by: Peter Maydell 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  tests/bios-tables-test.c | 7 +--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
> index 4e24930c4b..02dd48de0d 100644
> --- a/tests/bios-tables-test.c
> +++ b/tests/bios-tables-test.c
> @@ -371,6 +371,9 @@ static GArray *load_expected_aml(test_data *data)
>  gboolean ret;
>  
>  GArray *exp_tables = g_array_new(false, true, sizeof(AcpiSdtTable));
> +if (getenv("V")) {
> +fputc('\n', stderr);
> +}
>  for (i = 0; i < data->tables->len; ++i) {
>  AcpiSdtTable exp_sdt;
>  gchar *aml_file = NULL;
> @@ -385,7 +388,7 @@ try_again:
>  aml_file = g_strdup_printf("%s/%s/%.4s%s", data_dir, data->machine,
> (gchar *)&sdt->header.signature, ext);
>  if (getenv("V")) {
> -fprintf(stderr, "\nLooking for expected file '%s'\n", aml_file);
> +fprintf(stderr, "Looking for expected file '%s'\n", aml_file);
>  }
>  if (g_file_test(aml_file, G_FILE_TEST_EXISTS)) {
>  exp_sdt.aml_file = aml_file;
> @@ -397,7 +400,7 @@ try_again:
>  }
>  g_assert(exp_sdt.aml_file);
>  if (getenv("V")) {
> -fprintf(stderr, "\nUsing expected file '%s'\n", aml_file);
> +fprintf(stderr, "Using expected file '%s'\n", aml_file);
>  }
>  ret = g_file_get_contents(aml_file, &exp_sdt.aml,
>&exp_sdt.aml_len, &error);
> 

Could we please get rid of the getenv + fprintf here and use
g_test_message() instead, like we already do in most of the other tests
that want to log additional output?

  Thomas

Re: [Qemu-devel] strange situation, guest cpu thread spinning at ~100%, but display not yet initialized

[Chris Friesen]

On 11/2/2018 11:51 AM, Dr. David Alan Gilbert wrote:


This is ringing a bell; if it's actually suck in the BIOS, then please:
   a) Really make sure all your vCPUs are actually pinned/free on real
CPUs
   b) I suspect it is
https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg00470.html


I'm still working on getting the BIOS logs to be emitted to file before 
kernel startup (I can see them later on, but not right at boot).


Will double-check the actual affinity next time I reproduce it (testcase 
has been going all day with no luck so far).



so the fix is Fam's 'aio: Do aio_notify_accept only during blocking
aio_poll'.  I see you're running the qemu-kvm-ev from centos, if I read
the version tea-leaves right, then I think that patch is in the
2.10.0-21.el7_5.7.1 package I can see.


It looks like we do not have this fix in our code, will definitely be 
giving it a try.


Thanks,
Chris

Re: [Qemu-devel] [PATCH v2 0/5] target/arm: KVM vs ARMISARegisters

[Christoffer Dall]

On Fri, Nov 02, 2018 at 04:36:35PM +, Peter Maydell wrote:
> On 2 November 2018 at 14:54, Richard Henderson
>  wrote:
> > My previous patch set for replacing feature bits with id registers
> > failed to consider that these id registers are beginning to control
> > migration, and thus we must fill them in for KVM as well.
> >
> > Thus, we want to initialize these values within CPU from the host.
> >
> > Finally, re-send the T32EE conversion patch, fixing the build
> > failure on an arm32 host in kvm32.c.
> >
> > Changes, v1->v2:
> >   * Remove assert that AArch32 sysreg <= UINT32_MAX.
> >   * Remove unused local variable.
> >   * Add commentary for AArch32 sysregs vs missing AArch32 support.
> 
> As noted on IRC, on my admittedly pretty ancient 4.8.0 kernel some
> of these ID register reads via KVM_GET_ONE_REG fail ENOENT.
> strace says:
> 
> openat(AT_FDCWD, "/dev/kvm", O_RDWR|O_CLOEXEC) = 18
> ioctl(18, KVM_CREATE_VM or LOGGER_GET_LOG_BUF_SIZE, 0) = 19
> ioctl(19, KVM_CREATE_VCPU, 0)   = 20
> ioctl(19, KVM_ARM_PREFERRED_TARGET, 0xcfeb4e88) = 0
> ioctl(20, KVM_ARM_VCPU_INIT, 0xcfeb4e88) = 0
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
> = -1 ENOENT (No such file or directory)
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
> = -1 ENOENT (No such file or directory)
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
> = -1 ENOENT (No such file or directory)
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
> = -1 ENOENT (No such file or directory)
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
> = -1 ENOENT (No such file or directory)
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
> = -1 ENOENT (No such file or directory)
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
> = -1 ENOENT (No such file or directory)
> ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
> = -1 ENOENT (No such file or directory)
> 
> 
> I added a bit of extra tracing, since strace doesn't
> print the ID field for the ioctl:
> 
> peter.maydell@mustang-maydell:~/qemu$
> ~/test-images/virtv8-for-nesting/runme-kvm
> ./build/for-kvm/aarch64-softmmu/qemu-system-aarch64 -enable-kvm -cpu
> max -machine gic-version=max
> read_sys_reg64: reading ID 0x60300013c030...-1
> read_sys_reg64: reading ID 0x60300013c031...-1
> read_sys_reg64: reading ID 0x60300013c020...-1
> read_sys_reg64: reading ID 0x60300013c021...-1
> read_sys_reg32: reading ID 0x60300013c010...0
> read_sys_reg32: reading ID 0x60300013c011...0
> read_sys_reg32: reading ID 0x60300013c012...0
> read_sys_reg32: reading ID 0x60300013c013...0
> read_sys_reg32: reading ID 0x60300013c014...0
> read_sys_reg32: reading ID 0x60300013c015...0
> read_sys_reg32: reading ID 0x60300013c017...-1
> read_sys_reg32: reading ID 0x60300013c018...-1
> read_sys_reg32: reading ID 0x60300013c019...-1
> read_sys_reg32: reading ID 0x60300013c01a...-1
> qemu-system-aarch64: Failed to retrieve host CPU features
> 
> It looks like the kernel can handle reads of ID_ISAR0_EL1
> through ID_ISAR5_EL1, but not ID_ISAR6_EL1, any of the
> MVFR*_EL1 or ID_AA64_ISAR* or ID_AA64PFR*.
> 
> This is probably because the kernel is way too old to be
> interestingly supportable for KVM, but we did previously
> manage to boot on this setup.

I'm a little confused. v4.8 used to work (although it was perhaps not
the most stable at that time).  What changed?  Is this attempting to
restore a VM from a newer kernel, or has QEMU been updated to detect
this?

> 
> We should probably at least figure out which version of
> the kernel fixed this bug and made the ID registers available
> to userspace... if it's sufficiently ancient we could
> likely say "not supported", but if it's more recent we
> need a workaround somehow. I have cc'd a couple of kernel
> folks who might be able to help with the "which version"
> question.
> 

It appears the support for exposing a bunch of ID registers was
introduced with:

93390c0a1b20 (arm64: KVM: Hide unsupported AArch64 CPU features from guests, 
2017-10-31)

Which Dave (cc'ed) wrote and which was introduced in v4.15.

As per my question above, I'm not exactly sure what (if anything) we
need to fix on the kernel side?


Thanks,

Christoffer

[Qemu-devel] [PATCH 1/1] Add vhost-pci-blk driver

[Vitaly Mayatskikh]

This driver uses the kernel-mode acceleration for virtio-blk and
allows to get a near bare metal disk performance inside a VM.

Signed-off-by: Vitaly Mayatskikh 
---
 configure  | 10 +++
 default-configs/virtio.mak |  1 +
 hw/block/Makefile.objs |  1 +
 hw/virtio/virtio-pci.c | 60 ++
 hw/virtio/virtio-pci.h | 19 
 5 files changed, 91 insertions(+)

diff --git a/configure b/configure
index 46ae1e8c76..787bc780da 100755
--- a/configure
+++ b/configure
@@ -371,6 +371,7 @@ vhost_crypto="no"
 vhost_scsi="no"
 vhost_vsock="no"
 vhost_user=""
+vhost_blk=""
 kvm="no"
 hax="no"
 hvf="no"
@@ -869,6 +870,7 @@ Linux)
   vhost_crypto="yes"
   vhost_scsi="yes"
   vhost_vsock="yes"
+  vhost_blk="yes"
   QEMU_INCLUDES="-I\$(SRC_PATH)/linux-headers -I$(pwd)/linux-headers 
$QEMU_INCLUDES"
   supported_os="yes"
   libudev="yes"
@@ -1263,6 +1265,10 @@ for opt do
   ;;
   --enable-vhost-vsock) vhost_vsock="yes"
   ;;
+  --disable-vhost-blk) vhost_blk="no"
+  ;;
+  --enable-vhost-blk) vhost_blk="yes"
+  ;;
   --disable-opengl) opengl="no"
   ;;
   --enable-opengl) opengl="yes"
@@ -6000,6 +6006,7 @@ echo "vhost-crypto support $vhost_crypto"
 echo "vhost-scsi support $vhost_scsi"
 echo "vhost-vsock support $vhost_vsock"
 echo "vhost-user support $vhost_user"
+echo "vhost-blk support $vhost_blk"
 echo "Trace backends$trace_backends"
 if have_backend "simple"; then
 echo "Trace output file $trace_file-"
@@ -6461,6 +6468,9 @@ fi
 if test "$vhost_user" = "yes" ; then
   echo "CONFIG_VHOST_USER=y" >> $config_host_mak
 fi
+if test "$vhost_blk" = "yes" ; then
+  echo "CONFIG_VHOST_BLK=y" >> $config_host_mak
+fi
 if test "$blobs" = "yes" ; then
   echo "INSTALL_BLOBS=yes" >> $config_host_mak
 fi
diff --git a/default-configs/virtio.mak b/default-configs/virtio.mak
index 1304849018..765c0a2a04 100644
--- a/default-configs/virtio.mak
+++ b/default-configs/virtio.mak
@@ -1,5 +1,6 @@
 CONFIG_VHOST_USER_SCSI=$(call land,$(CONFIG_VHOST_USER),$(CONFIG_LINUX))
 CONFIG_VHOST_USER_BLK=$(call land,$(CONFIG_VHOST_USER),$(CONFIG_LINUX))
+CONFIG_VHOST_BLK=$(CONFIG_LINUX)
 CONFIG_VIRTIO=y
 CONFIG_VIRTIO_9P=y
 CONFIG_VIRTIO_BALLOON=y
diff --git a/hw/block/Makefile.objs b/hw/block/Makefile.objs
index 53ce5751ae..857ce823fc 100644
--- a/hw/block/Makefile.objs
+++ b/hw/block/Makefile.objs
@@ -14,3 +14,4 @@ obj-$(CONFIG_SH4) += tc58128.o
 obj-$(CONFIG_VIRTIO_BLK) += virtio-blk.o
 obj-$(CONFIG_VIRTIO_BLK) += dataplane/
 obj-$(CONFIG_VHOST_USER_BLK) += vhost-user-blk.o
+obj-$(CONFIG_VHOST_BLK) += vhost-blk.o
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index a954799267..ec00b54424 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -2060,6 +2060,63 @@ static const TypeInfo vhost_user_blk_pci_info = {
 };
 #endif
 
+#ifdef CONFIG_VHOST_BLK
+/* vhost-blk */
+
+static Property vhost_blk_pci_properties[] = {
+DEFINE_PROP_UINT32("class", VirtIOPCIProxy, class_code, 0),
+DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors,
+   DEV_NVECTORS_UNSPECIFIED),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static void vhost_blk_pci_realize(VirtIOPCIProxy *vpci_dev, Error **errp)
+{
+VHostBlkPCI *dev = VHOST_BLK_PCI(vpci_dev);
+DeviceState *vdev = DEVICE(&dev->vdev);
+
+if (vpci_dev->nvectors == DEV_NVECTORS_UNSPECIFIED) {
+vpci_dev->nvectors = dev->vdev.num_queues + 1;
+}
+
+qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
+object_property_set_bool(OBJECT(vdev), true, "realized", errp);
+}
+
+static void vhost_blk_pci_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
+PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
+
+set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+dc->props = vhost_blk_pci_properties;
+k->realize = vhost_blk_pci_realize;
+pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_BLOCK;
+pcidev_k->revision = VIRTIO_PCI_ABI_VERSION;
+pcidev_k->class_id = PCI_CLASS_STORAGE_SCSI;
+}
+
+static void vhost_blk_pci_instance_init(Object *obj)
+{
+VHostBlkPCI *dev = VHOST_BLK_PCI(obj);
+
+virtio_instance_init_common(obj, &dev->vdev, sizeof(dev->vdev),
+TYPE_VHOST_BLK);
+object_property_add_alias(obj, "bootindex", OBJECT(&dev->vdev),
+  "bootindex", &error_abort);
+}
+
+static const TypeInfo vhost_blk_pci_info = {
+.name   = TYPE_VHOST_BLK_PCI,
+.parent = TYPE_VIRTIO_PCI,
+.instance_size  = sizeof(VHostBlkPCI),
+.instance_init  = vhost_blk_pci_instance_init,
+.class_init = vhost_blk_pci_class_init,
+};
+#endif
+
 /* virtio-scsi-pci */
 
 static Property virtio_scsi_pci_properties[] = {
@@ -2723,6 +2780,9 @@ static void virtio_pci_register_types(void)
 #ifdef CONFIG_VHOST_VSOCK
 type_register_static(&vhost_vsock_pci_info)

[Qemu-devel] [PATCH 0/1] Add vhost-pci-blk driver

[Vitaly Mayatskikh]

This driver moves virtio-blk host-side processing to kernel (via new
vhost_blk kernel driver). It accelerates virtual disk performance
close to bare metal levels, especially for parellel loads.

For example, fio numjobs=16 gets 101k randread IOPS using virtio-blk
and 1202k IOPS using vhost-blk, close to 1480k of raw disk performance.

See the IOPS numbers below.

The kernel part if you want to try:
- vhost_blk: https://lkml.org/lkml/2018/11/2/648
- vhost num-queues scalability fix: https://lkml.org/lkml/2018/11/2/550

# fio num-jobs
# A: bare metal over block
# B: bare metal over file
# C: virtio-blk over block
# D: virtio-blk over file
# E: vhost-blk over block
# F: vhost-blk over file
#
#  A B CDE F

1  171k  151k  148k 151k 187k  175k
2  328k  302k  249k 241k 334k  296k
3  479k  437k  179k 174k 464k  404k
4  622k  568k  143k 183k 580k  492k
5  755k  697k  136k 128k 693k  579k
6  887k  808k  131k 120k 782k  640k
7  1004k 926k  126k 131k 863k  693k
8  1099k 1015k 117k 115k 931k  712k
9  1194k 1119k 115k 111k 991k  711k
10 1278k 1207k 109k 114k 1046k 695k
11 1345k 1280k 110k 108k 1091k 663k
12 1411k 1356k 104k 106k 1142k 629k
13 1466k 1423k 106k 106k 1170k 607k
14 1517k 1486k 103k 106k 1179k 589k
15 1552k 1543k 102k 102k 1191k 571k
16 1480k 1506k 101k 102k 1202k 566k

Vitaly Mayatskikh (1):
  Add vhost-pci-blk driver

 configure  | 10 +++
 default-configs/virtio.mak |  1 +
 hw/block/Makefile.objs |  1 +
 hw/virtio/virtio-pci.c | 60 ++
 hw/virtio/virtio-pci.h | 19 
 5 files changed, 91 insertions(+)

-- 
2.17.1

Re: [Qemu-devel] strange situation, guest cpu thread spinning at ~100%, but display not yet initialized

[Chris Friesen]

On 11/2/2018 1:51 AM, Alex Bennée wrote:


Chris Friesen  writes:


Hi all,

I have an odd situation which occurs very infrequently and I'm hoping
to get some advice on how to debug.  Apologies for the length of this
message, I tried to include as much potentially useful information as
possible.

In the context of an OpenStack compute node I have a qemu guest (with
kvm acceleration) that has started up.  The virtual console shows
"Guest has not initialized the display (yet)."   I'm trying to figure
out what's going on and how we got into this state.  I assume it's
some sort of deadlock/livelock, but I can't figure out what's causing
it.



At this point gdb appears to be stuck, though the task is still
chewing 99.9% of host cpu 43.


That's because the vcpu_ioctl you just trace through is into the
VCPU_RUN, basically when you enter the guest code (assuming the in
kernel KVM code isn't spinning).


That's what I figured, thanks for the confirmation.


If you want to get an idea why your guest is spinning you probably want
to enable the gdb stub and look at what your guest kernel is doing.


Given the "not initialized" message on the console, I wasn't sure 
whether the kernel had even started yet.


Chris

Re: [Qemu-devel] [PULL v3 00/10] target-arm queue

[Peter Maydell]

On 2 November 2018 at 17:16, Peter Maydell  wrote:
> This is a respin of my pull request from earlier this week:
>  * versal board compile failure fixed
>  * a few new patches:
>   - MAINTAINERS file fix
>   - use ARRAY_SIZE macro in xilinx_zynq
>   - avoid an array overrun in strongarm GPIO irq handling
>   - fix an assert running KVM on an aarch64-only host
>
> The following changes since commit 69e2d03843412b9c076515b3aa9a71db161b6a1a:
>
>   Merge remote-tracking branch 'remotes/riscv/tags/riscv-for-master-3.1-sf1' 
> into staging (2018-11-02 13:16:13 +)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git 
> tags/pull-target-arm-20181102
>
> for you to fetch changes up to 6f16da53ffe4567c0353f85055df04860eb4e6fc:
>
>   hw/arm: versal: Add a virtual Xilinx Versal board (2018-11-02 14:11:31 
> +)
>
> 
> target-arm queue:
>  * microbit: Add the UART to our nRF51 SoC model
>  * Add a virtual Xilinx Versal board "xlnx-versal-virt"
>  * hw/arm/virt: Set VIRT_COMPAT_3_0 compat
>  * MAINTAINERS: Remove bouncing email in ARM ACPI
>  * strongarm: mask off high[31:28] bits from dir and state registers
>  * target/arm: Conditionalize some asserts on aarch32 support
>  * hw/arm/xilinx_zynq: Use the ARRAY_SIZE macro
>
> 

Applied, thanks.

-- PMM

[Qemu-devel] [Bug 1800993] Re: How to Migration VM Built on Qemu Souce Code Installation

[John Snow]

Hi, this is the bug tracker and not a support request form, so I'm
closing this issue.

(You've already emailed the mailing list, so you already know where to
find us!)

Thanks,
--John

** Changed in: qemu
   Status: New => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1800993

Title:
  How to Migration VM Built on Qemu Souce Code Installation

Status in QEMU:
  Invalid

Bug description:
  Respected all,

  I followed https://wiki.qemu.org/Hosts/Linux to build qemu from source
  code. Its installed successfully with Ubuntu 16.04 VM created using
  VNC server.

  Now, Could you please suggest me how to migrate VM from one host to
  another?.

  Email: adityaf...@gmail.com

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1800993/+subscriptions

Re: [Qemu-devel] How to emulate block I/O timeout on qemu side?

[John Snow]

On 11/02/2018 01:55 PM, Marc Olson wrote:
> On 11/2/18 10:49 AM, John Snow wrote:
>> On 11/02/2018 04:11 AM, Dongli Zhang wrote:
>>> Hi,
>>>
>>> Is there any way to emulate I/O timeout on qemu side (not fault
>>> injection in VM
>>> kernel) without modifying qemu source code?
>>>
>>> For instance, I would like to observe/study/debug the I/O timeout
>>> handling of
>>> nvme, scsi, virtio-blk (not supported) of VM kernel.
>>>
>>> Is there a way to trigger this on purpose on qemu side?
>>>
>>> Thank you very much!
>>>
>>> Dongli Zhang
>>>
>> I don't think the blkdebug driver supports arbitrary delays right now.
>> Maybe we could augment it to do so?
>>
>> (I thought someone already had, but maybe it wasn't merged?)
>>
>> Aha, here:
>>
>> https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg05297.html
>> V2: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg00394.html
>>
>> Let's work from there.
> 
> I've got updates to that patch series that fell on the floor due to
> other competing things. I'll get some screen time this weekend to work
> on them and submit v3.
> 
> /marc
> 

Great! Please CC the usual maintainers, but also include me.

In the meantime, Dongli Zhang, why don't you try the v2 patch and see if
that helps you out for your use case? Report back if it works for you or
not.

--js

Re: [Qemu-devel] [PATCH 2/2] target/mips: Fix decoding mechanism of R5900 DIV1 and DIVU1

[Philippe Mathieu-Daudé]

On 2/11/18 17:08, Fredrik Noring wrote:

DIV1 and DIVU1 are generated in gen_div1_tx79 instead of the generic
gen_muldiv.



Fixes: be9c42c90d1 (R5900-specific opcodes overlap with generic opcodes)


Signed-off-by: Fredrik Noring 


Reviewed-by: Philippe Mathieu-Daudé 


---
  target/mips/translate.c | 65 +
  1 file changed, 59 insertions(+), 6 deletions(-)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index f3993cf7d7..6e5a8a2565 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -4759,6 +4759,63 @@ static void gen_r6_muldiv(DisasContext *ctx, int opc, 
int rd, int rs, int rt)
  tcg_temp_free(t1);
  }
  
+static void gen_div1_tx79(DisasContext *ctx, uint32_t opc, int rs, int rt)

+{
+TCGv t0, t1;
+
+t0 = tcg_temp_new();
+t1 = tcg_temp_new();
+
+gen_load_gpr(t0, rs);
+gen_load_gpr(t1, rt);
+
+switch (opc) {
+case TX79_MMI_DIV1:
+{
+TCGv t2 = tcg_temp_new();
+TCGv t3 = tcg_temp_new();
+tcg_gen_ext32s_tl(t0, t0);
+tcg_gen_ext32s_tl(t1, t1);
+tcg_gen_setcondi_tl(TCG_COND_EQ, t2, t0, INT_MIN);
+tcg_gen_setcondi_tl(TCG_COND_EQ, t3, t1, -1);
+tcg_gen_and_tl(t2, t2, t3);
+tcg_gen_setcondi_tl(TCG_COND_EQ, t3, t1, 0);
+tcg_gen_or_tl(t2, t2, t3);
+tcg_gen_movi_tl(t3, 0);
+tcg_gen_movcond_tl(TCG_COND_NE, t1, t2, t3, t2, t1);
+tcg_gen_div_tl(cpu_LO[1], t0, t1);
+tcg_gen_rem_tl(cpu_HI[1], t0, t1);
+tcg_gen_ext32s_tl(cpu_LO[1], cpu_LO[1]);
+tcg_gen_ext32s_tl(cpu_HI[1], cpu_HI[1]);
+tcg_temp_free(t3);
+tcg_temp_free(t2);
+}
+break;
+case TX79_MMI_DIVU1:
+{
+TCGv t2 = tcg_const_tl(0);
+TCGv t3 = tcg_const_tl(1);
+tcg_gen_ext32u_tl(t0, t0);
+tcg_gen_ext32u_tl(t1, t1);
+tcg_gen_movcond_tl(TCG_COND_EQ, t1, t1, t2, t3, t1);
+tcg_gen_divu_tl(cpu_LO[1], t0, t1);
+tcg_gen_remu_tl(cpu_HI[1], t0, t1);
+tcg_gen_ext32s_tl(cpu_LO[1], cpu_LO[1]);
+tcg_gen_ext32s_tl(cpu_HI[1], cpu_HI[1]);
+tcg_temp_free(t3);
+tcg_temp_free(t2);
+}
+break;
+default:
+MIPS_INVAL("div1 TX79");
+generate_exception_end(ctx, EXCP_RI);
+goto out;
+}
+ out:
+tcg_temp_free(t0);
+tcg_temp_free(t1);
+}
+
  static void gen_muldiv(DisasContext *ctx, uint32_t opc,
 int acc, int rs, int rt)
  {
@@ -4771,14 +4828,11 @@ static void gen_muldiv(DisasContext *ctx, uint32_t opc,
  gen_load_gpr(t1, rt);
  
  if (acc != 0) {

-if (!(ctx->insn_flags & INSN_R5900)) {
-check_dsp(ctx);
-}
+check_dsp(ctx);
  }
  
  switch (opc) {

  case OPC_DIV:
-case TX79_MMI_DIV1:
  {
  TCGv t2 = tcg_temp_new();
  TCGv t3 = tcg_temp_new();
@@ -4800,7 +4854,6 @@ static void gen_muldiv(DisasContext *ctx, uint32_t opc,
  }
  break;
  case OPC_DIVU:
-case TX79_MMI_DIVU1:
  {
  TCGv t2 = tcg_const_tl(0);
  TCGv t3 = tcg_const_tl(1);
@@ -26541,7 +26594,7 @@ static void decode_tx79_mmi(CPUMIPSState *env, 
DisasContext *ctx)
  break;
  case TX79_MMI_DIV1:
  case TX79_MMI_DIVU1:
-gen_muldiv(ctx, opc, 1, rs, rt);
+gen_div1_tx79(ctx, opc, rs, rt);
  break;
  case TX79_MMI_MTLO1:
  case TX79_MMI_MTHI1:

Re: [Qemu-devel] [PATCH 1/2] target/mips: Fix decoding mechanism of R5900 MFLO1, MFHI1, MTLO1 and MTHI1

[Philippe Mathieu-Daudé]

On 2/11/18 17:08, Fredrik Noring wrote:

MFLO1, MFHI1, MTLO1 and MTHI1 are generated in gen_HILO1_tx79 instead of
the generic gen_HILO.



Aleksandar, if you are OK with this patch, can you add:

Fixes: 8d927f7cb4b


Signed-off-by: Fredrik Noring 


Reviewed-by: Philippe Mathieu-Daudé 


---
  target/mips/translate.c | 67 ++---
  1 file changed, 56 insertions(+), 11 deletions(-)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index 60320cbe69..f3993cf7d7 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -4359,24 +4359,72 @@ static void gen_shift(DisasContext *ctx, uint32_t opc,
  tcg_temp_free(t1);
  }
  
+/* Move to and from TX79 HI1/LO1 registers. */

+static void gen_HILO1_tx79(DisasContext *ctx, uint32_t opc, int reg)
+{
+if (reg == 0 && (opc == TX79_MMI_MFHI1 || opc == TX79_MMI_MFLO1)) {
+/* Treat as NOP. */
+return;
+}
+
+switch (opc) {
+case TX79_MMI_MFHI1:
+#if defined(TARGET_MIPS64)
+tcg_gen_ext32s_tl(cpu_gpr[reg], cpu_HI[1]);
+#else
+tcg_gen_mov_tl(cpu_gpr[reg], cpu_HI[1]);
+#endif
+break;
+case TX79_MMI_MFLO1:
+#if defined(TARGET_MIPS64)
+tcg_gen_ext32s_tl(cpu_gpr[reg], cpu_LO[1]);
+#else
+tcg_gen_mov_tl(cpu_gpr[reg], cpu_LO[1]);
+#endif
+break;
+case TX79_MMI_MTHI1:
+if (reg != 0) {
+#if defined(TARGET_MIPS64)
+tcg_gen_ext32s_tl(cpu_HI[1], cpu_gpr[reg]);
+#else
+tcg_gen_mov_tl(cpu_HI[1], cpu_gpr[reg]);
+#endif
+} else {
+tcg_gen_movi_tl(cpu_HI[1], 0);
+}
+break;
+case TX79_MMI_MTLO1:
+if (reg != 0) {
+#if defined(TARGET_MIPS64)
+tcg_gen_ext32s_tl(cpu_LO[1], cpu_gpr[reg]);
+#else
+tcg_gen_mov_tl(cpu_LO[1], cpu_gpr[reg]);
+#endif
+} else {
+tcg_gen_movi_tl(cpu_LO[1], 0);
+}
+break;
+default:
+MIPS_INVAL("MFTHILO TX79");
+generate_exception_end(ctx, EXCP_RI);
+break;
+}
+}
+
  /* Arithmetic on HI/LO registers */
  static void gen_HILO(DisasContext *ctx, uint32_t opc, int acc, int reg)
  {
-if (reg == 0 && (opc == OPC_MFHI || opc == TX79_MMI_MFHI1 ||
- opc == OPC_MFLO || opc == TX79_MMI_MFLO1)) {
+if (reg == 0 && (opc == OPC_MFHI || opc == OPC_MFLO)) {
  /* Treat as NOP. */
  return;
  }
  
  if (acc != 0) {

-if (!(ctx->insn_flags & INSN_R5900)) {
-check_dsp(ctx);
-}
+check_dsp(ctx);
  }
  
  switch (opc) {

  case OPC_MFHI:
-case TX79_MMI_MFHI1:
  #if defined(TARGET_MIPS64)
  if (acc != 0) {
  tcg_gen_ext32s_tl(cpu_gpr[reg], cpu_HI[acc]);
@@ -4387,7 +4435,6 @@ static void gen_HILO(DisasContext *ctx, uint32_t opc, int 
acc, int reg)
  }
  break;
  case OPC_MFLO:
-case TX79_MMI_MFLO1:
  #if defined(TARGET_MIPS64)
  if (acc != 0) {
  tcg_gen_ext32s_tl(cpu_gpr[reg], cpu_LO[acc]);
@@ -4398,7 +4445,6 @@ static void gen_HILO(DisasContext *ctx, uint32_t opc, int 
acc, int reg)
  }
  break;
  case OPC_MTHI:
-case TX79_MMI_MTHI1:
  if (reg != 0) {
  #if defined(TARGET_MIPS64)
  if (acc != 0) {
@@ -4413,7 +4459,6 @@ static void gen_HILO(DisasContext *ctx, uint32_t opc, int 
acc, int reg)
  }
  break;
  case OPC_MTLO:
-case TX79_MMI_MTLO1:
  if (reg != 0) {
  #if defined(TARGET_MIPS64)
  if (acc != 0) {
@@ -26500,11 +26545,11 @@ static void decode_tx79_mmi(CPUMIPSState *env, 
DisasContext *ctx)
  break;
  case TX79_MMI_MTLO1:
  case TX79_MMI_MTHI1:
-gen_HILO(ctx, opc, 1, rs);
+gen_HILO1_tx79(ctx, opc, rs);
  break;
  case TX79_MMI_MFLO1:
  case TX79_MMI_MFHI1:
-gen_HILO(ctx, opc, 1, rd);
+gen_HILO1_tx79(ctx, opc, rd);
  break;
  case TX79_MMI_MADD:  /* TODO: TX79_MMI_MADD */
  case TX79_MMI_MADDU: /* TODO: TX79_MMI_MADDU */

Re: [Qemu-devel] [PATCH v2 for-3.1 1/4] tests: Move tests/acpi-test-data/ to tests/data/acpi/

[Philippe Mathieu-Daudé]

On 2/11/18 18:42, Peter Maydell wrote:

On 2 November 2018 at 17:38, Philippe Mathieu-Daudé  wrote:

Hi Peter,

On 2/11/18 12:52, Peter Maydell wrote:

We can remove entirely the note in rebuild-expected-aml.sh
about copying any new data files, because now they will
be in the source directory, not the build directory, and
no copying is required.



This doesn't seem true for out-of-tree builds.


In the old setup, running the rebuild-expected-aml.sh
script is done in the build directory, and creates new
data files in ./tests/acpi-test-data/, which must then be
copied to the source directory.
In the new setup, the script is still run in the build
directory, but when new data files are created in
./tests/data/acpi/ they don't need to be copied anywhere,
because the directory symlink means they're already in
tests/data/acpi in the source directory structure.


Oh you are correct...
My other terminal output was not update and was displaying the inodes 
from a previous run. No problem then!


Thanks,

Phil.

Re: [Qemu-devel] [Qemu-arm] [PATCH 0/2] target/arm: fix some ATS* bugs

[Peter Maydell]

Ping for code review, please?

thanks
-- PMM

On 16 October 2018 at 10:37, Peter Maydell  wrote:
> This small patchset fixes a couple of bugs in our ATS insn
> handling:
>  * for faults reported to the 64-bit PAR we were not
>setting the S and PTW bits to indicate stage 2
>fault information
>(NB: stage 2 faults aren't reported with 32-bit
>PAR formats so there's no need to change the 32-bit
>code path)
>  * ATS1Hx were implementing the wrong thing (doing a
>stage 2 lookup rather than an EL2 stage 1 lookup)
>
> The major missing bit of ATS at the moment is that a stage
> 2 fault during execution of an NS-EL1 ATS insn that asks
> for a stage 1 lookup should cause a trap to EL2. I started
> to sketch out some code to do that, but I realised by
> putting an assert() in it that I didn't have any guests
> that actually hit the problem, so put it on the back burner.
> If anybody does hit that missing feature, feel free to send
> me a test case :-)
>
> Based-on: <20181012144235.19646-1-peter.mayd...@linaro.org>
> ("[PATCH 00/10] target/arm: more HCR bits, improve syndrome reporting")
> but only to avoid a textual conflict in the patch context.
>
> thanks
> -- PMM
>
> Peter Maydell (2):
>   target/arm: Set S and PTW in 64-bit PAR format
>   target/arm: Fix ATS1Hx instructions
>
>  target/arm/helper.c | 14 --
>  1 file changed, 8 insertions(+), 6 deletions(-)

Re: [Qemu-devel] How to emulate block I/O timeout on qemu side?

[Marc Olson via Qemu-devel]

On 11/2/18 10:49 AM, John Snow wrote:

On 11/02/2018 04:11 AM, Dongli Zhang wrote:

Hi,

Is there any way to emulate I/O timeout on qemu side (not fault injection in VM
kernel) without modifying qemu source code?

For instance, I would like to observe/study/debug the I/O timeout handling of
nvme, scsi, virtio-blk (not supported) of VM kernel.

Is there a way to trigger this on purpose on qemu side?

Thank you very much!

Dongli Zhang


I don't think the blkdebug driver supports arbitrary delays right now.
Maybe we could augment it to do so?

(I thought someone already had, but maybe it wasn't merged?)

Aha, here:

https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg05297.html
V2: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg00394.html

Let's work from there.


I've got updates to that patch series that fell on the floor due to 
other competing things. I'll get some screen time this weekend to work 
on them and submit v3.


/marc

Re: [Qemu-devel] Correction needed for R5900 instruction decoding

[Philippe Mathieu-Daudé]

Hi Aleksandar,

On 1/11/18 12:06, Aleksandar Markovic wrote:

Hi, Fridrik,

I did some closer code inspection of R5900 in last few days, and I noticed some 
sub-optimal implementation in the area where R5900-specific opcodes overlap 
with the rest-of-MIPS-CPUs opcodes.

The right implementation should be based on the principle that all such cases 
are covered with if statements involving INSN_R5900 flag, like this:

 if (ctx->insn_flags & INSN_R5900) {
 
 } else {
 
 }

You followed that principle for OPC_SPECIAL2 and OPC_SPECIAL3, but for some 
other opcodes not. For example, there are lines:

 if (reg == 0 && (opc == OPC_MFHI || opc == TX79_MMI_MFHI1 ||
  opc == OPC_MFLO || opc == TX79_MMI_MFLO1)) {

or

  switch (opc) {
  case OPC_MFHI:
  case TX79_MMI_MFHI1:

Such implementation makes it difficult to discern R5900 and non-R5900 cases. 
Potentialy allows bugs to sneak in and affect non-R5900 support.

The correction is not that difficult, I gather. Worse comme to worst, you can 
remove R5900 MFLO1 and MFHI1 altogether, they are not that essential at this 
moment, but do try correcting the decoding stuff as I described. Can you please 
make these changes in next few days or so (given that 3.1 release is getting 
closer and closer), and send them to the list?

It is my bad that I didn't spot this during review, but in any case, I think 
this should be fixed in 3.1 to make sure that non-R5900 functionalities are 
intact.


Don't be too bad on yourself, we are human thus not perfect :) This is 
why having more that one (or not always the same) person reviewing is 
helpful.


You can share the blame with all the person subscribed to the list who 
did not look at the patch ;)


Regards,

Phil.



Thanks,
Aleksandar

Re: [Qemu-devel] strange situation, guest cpu thread spinning at ~100%, but display not yet initialized

[Dr. David Alan Gilbert]

* Chris Friesen (chris.frie...@windriver.com) wrote:
> On 11/2/2018 10:55 AM, Alex Bennée wrote:
> > 
> > Chris Friesen  writes:
> > > Given the "not initialized" message on the console, I wasn't sure
> > > whether the kernel had even started yet.
> > 
> > There will be a lot that happens between the kernel decompressing and
> > some sort of video hardware output being started. You didn't say what
> > guest architecture you were booting or what your qemu command line was.
> > You might want to look at enabling the serial console and seeing if you
> > get some clues from that.
> 
> The qemu commandline is in the "ps" output in my original message. Guest
> arch is x86-64.
> 
> The serial console is a good idea, will try that.

This is ringing a bell; if it's actually suck in the BIOS, then please:
  a) Really make sure all your vCPUs are actually pinned/free on real
CPUs
  b) I suspect it is
   https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg00470.html


   so the fix is Fam's 'aio: Do aio_notify_accept only during blocking
aio_poll'.  I see you're running the qemu-kvm-ev from centos, if I read
the version tea-leaves right, then I think that patch is in the
2.10.0-21.el7_5.7.1 package I can see.

Dave


> Chris
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] How to emulate block I/O timeout on qemu side?

[John Snow]

On 11/02/2018 04:11 AM, Dongli Zhang wrote:
> Hi,
> 
> Is there any way to emulate I/O timeout on qemu side (not fault injection in 
> VM
> kernel) without modifying qemu source code?
> 
> For instance, I would like to observe/study/debug the I/O timeout handling of
> nvme, scsi, virtio-blk (not supported) of VM kernel.
> 
> Is there a way to trigger this on purpose on qemu side?
> 
> Thank you very much!
> 
> Dongli Zhang
> 

I don't think the blkdebug driver supports arbitrary delays right now.
Maybe we could augment it to do so?

(I thought someone already had, but maybe it wasn't merged?)

Aha, here:

https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg05297.html
V2: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg00394.html

Let's work from there.

--js

Re: [Qemu-devel] [PATCH v2 for-3.1 1/4] tests: Move tests/acpi-test-data/ to tests/data/acpi/

[Peter Maydell]

On 2 November 2018 at 17:38, Philippe Mathieu-Daudé  wrote:
> Hi Peter,
>
> On 2/11/18 12:52, Peter Maydell wrote:
>> We can remove entirely the note in rebuild-expected-aml.sh
>> about copying any new data files, because now they will
>> be in the source directory, not the build directory, and
>> no copying is required.
>
>
> This doesn't seem true for out-of-tree builds.

In the old setup, running the rebuild-expected-aml.sh
script is done in the build directory, and creates new
data files in ./tests/acpi-test-data/, which must then be
copied to the source directory.
In the new setup, the script is still run in the build
directory, but when new data files are created in
./tests/data/acpi/ they don't need to be copied anywhere,
because the directory symlink means they're already in
tests/data/acpi in the source directory structure.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 for-3.1 0/4] configure: symlink directories, not wildcarded files

[Philippe Mathieu-Daudé]

On 2/11/18 12:52, Peter Maydell wrote:

This patchset fixes a problem with our build infrastructure
that meant that MST's recent 'pci, pc, virtio' pullreq failed
tests.

Currently our configure script has a wildcard loop that creates
symlinks for every data file in tests/acpi-test-data from the
source tree to the build tree. However, if a new data file is
added in git, there is nothing that causes configure to be rerun,
and so it is not available in the build tree, which can cause
test failures.

In v1 of this patchset I addressed this by changing configure
to make tests/acpi-test-data itself a symlink. Unfortunately
this has an awkward consequence that if we did that and
a developer switched git branches from one after that change
to one before it then configure would end up trashing all
the test files by making them symlinks to themselves.
So instead in v2, we move all the data files to the tests/data/
directory. tests/data/ is already symlinked as a directory,
so there is no problem for bisection.

Patch 1 does that for tests/acpi-test-data.
Patch 2 does that for tests/hex-loader-check-data.
Patch 3 is a cleanup, renaming a variable and adding
documentation so that it's clearer that symlinking can
be used for directories and that wildcarding files is bad.
Patch 4 rolls some ad-hoc symlinking into the common loop.

We do still use wildcarding to construct a list of files in
pc-bios to be symlinked; we get away with this because we don't
in practice add new BIOS images often and if we do there's also
usually a change that means configure is rerun anyway. We can't
just symlink all of pc-bios into the build tree because it
contains other things than just generated binaries. There
might be scope for fixing this, but I wanted to get this fix out.

thanks
-- PMM

Peter Maydell (4):
   tests: Move tests/acpi-test-data/ to tests/data/acpi/
   tests: Move tests/hex-loader-check-data/ to tests/data/hex-loader/
   configure: Rename FILES variable to LINKS
   configure: Use LINKS loop for all build tree symlinks


I left one comment about when using rebuild-expected-aml.sh
in out-of-tree builds. Anyway for the series:
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

Re: [Qemu-devel] Regarding: Migration of VM created using qemu source code built

[John Snow]

On 11/01/2018 03:14 AM, aditya bhardwaj wrote:
> Respected Sir,
> 
> I followed https://wiki.qemu.org/Hosts/Linux to build qemu from source
> code. Its installed successfully with Ubuntu 16.04 VM created using VNC
> server.
> 
> *Now, Could you please suggest me how to migrate VM from one host to
> another?.*
> 

Are you trying to migrate and running into problems, or you don't know
how to attempt it?

The simplest version is that you launch QEMU on the destination with the
same arguments, but you add the `-incoming` flag to tell it to listen
for incoming migration data.

Look at https://qemu.weilnetz.de/doc/qemu-doc.html and search for
"-incoming".

On the source, you use either the HMP or QMP protocol to tell QEMU to
migrate to a URI where the destination can pick it up (tcp, unix socket,
pipe, whatever.)

Take a look at http://www.linux-kvm.org/page/Migration for some basics.

If you can't access the hard drive images/devices from both the source
and dest machine, you'll want to do a block storage migration, too. At
this point you really want to be using libvirt to help you accomplish
that because it can get involved.

--js

> I goggled lot but not getting any solution.
> 

Re: [Qemu-devel] [PATCH v2 for-3.1 1/4] tests: Move tests/acpi-test-data/ to tests/data/acpi/

[Philippe Mathieu-Daudé]

Hi Peter,

On 2/11/18 12:52, Peter Maydell wrote:

Currently tests/acpi-test-data contains data files used by the
bios-tables-test, and configure individually symlinks those
data files into the build directory using a wildcard.

Using a wildcard like this is a bad idea, because if a new
data file is added, nothing causes configure to be rerun,
and so no symlink is added for the new file. This can cause
tests to spuriously fail when they can't find their data.
Instead, it's better to symlink an entire directory of
data files. We already have such a directory: tests/data.

Move the data files from tests/acpi-test-data/ to
tests/data/acpi/, and remove the unnecessary symlinking.

We can remove entirely the note in rebuild-expected-aml.sh
about copying any new data files, because now they will
be in the source directory, not the build directory, and
no copying is required.


This doesn't seem true for out-of-tree builds.



(We can't just change the existing tests/acpi-test-data/
to being a symlinked directory, because if we did that and
a developer switched git branches from one after that change
to one before it then configure would end up trashing all
the test files by making them symlinks to themselves.
Changing their path avoids this annoyance.)

Signed-off-by: Peter Maydell 
---
  configure   |   4 
  tests/bios-tables-test.c|   2 +-
  tests/{acpi-test-data => data/acpi}/pc/APIC | Bin
  tests/{acpi-test-data => data/acpi}/pc/APIC.cphp| Bin
  tests/{acpi-test-data => data/acpi}/pc/APIC.dimmpxm | Bin
  tests/{acpi-test-data => data/acpi}/pc/DSDT | Bin
  tests/{acpi-test-data => data/acpi}/pc/DSDT.bridge  | Bin
  tests/{acpi-test-data => data/acpi}/pc/DSDT.cphp| Bin
  tests/{acpi-test-data => data/acpi}/pc/DSDT.dimmpxm | Bin
  tests/{acpi-test-data => data/acpi}/pc/DSDT.ipmikcs | Bin
  tests/{acpi-test-data => data/acpi}/pc/DSDT.memhp   | Bin
  tests/{acpi-test-data => data/acpi}/pc/DSDT.numamem | Bin
  tests/{acpi-test-data => data/acpi}/pc/FACP | Bin
  tests/{acpi-test-data => data/acpi}/pc/FACS | Bin
  tests/{acpi-test-data => data/acpi}/pc/HPET | Bin
  tests/{acpi-test-data => data/acpi}/pc/NFIT.dimmpxm | Bin
  tests/{acpi-test-data => data/acpi}/pc/SLIT.cphp| Bin
  tests/{acpi-test-data => data/acpi}/pc/SLIT.memhp   | Bin
  tests/{acpi-test-data => data/acpi}/pc/SRAT.cphp| Bin
  tests/{acpi-test-data => data/acpi}/pc/SRAT.dimmpxm | Bin
  tests/{acpi-test-data => data/acpi}/pc/SRAT.memhp   | Bin
  tests/{acpi-test-data => data/acpi}/pc/SRAT.numamem | Bin
  tests/{acpi-test-data => data/acpi}/pc/SSDT.dimmpxm | Bin
  tests/{acpi-test-data => data/acpi}/q35/APIC| Bin
  tests/{acpi-test-data => data/acpi}/q35/APIC.cphp   | Bin
  .../{acpi-test-data => data/acpi}/q35/APIC.dimmpxm  | Bin
  tests/{acpi-test-data => data/acpi}/q35/DSDT| Bin
  tests/{acpi-test-data => data/acpi}/q35/DSDT.bridge | Bin
  tests/{acpi-test-data => data/acpi}/q35/DSDT.cphp   | Bin
  .../{acpi-test-data => data/acpi}/q35/DSDT.dimmpxm  | Bin
  tests/{acpi-test-data => data/acpi}/q35/DSDT.ipmibt | Bin
  tests/{acpi-test-data => data/acpi}/q35/DSDT.memhp  | Bin
  .../{acpi-test-data => data/acpi}/q35/DSDT.numamem  | Bin
  tests/{acpi-test-data => data/acpi}/q35/FACP| Bin
  tests/{acpi-test-data => data/acpi}/q35/FACS| Bin
  tests/{acpi-test-data => data/acpi}/q35/HPET| Bin
  tests/{acpi-test-data => data/acpi}/q35/MCFG| Bin
  .../{acpi-test-data => data/acpi}/q35/NFIT.dimmpxm  | Bin
  tests/{acpi-test-data => data/acpi}/q35/SLIT.cphp   | Bin
  tests/{acpi-test-data => data/acpi}/q35/SLIT.memhp  | Bin
  tests/{acpi-test-data => data/acpi}/q35/SRAT.cphp   | Bin
  .../{acpi-test-data => data/acpi}/q35/SRAT.dimmpxm  | Bin
  tests/{acpi-test-data => data/acpi}/q35/SRAT.memhp  | Bin
  .../{acpi-test-data => data/acpi}/q35/SRAT.numamem  | Bin
  .../{acpi-test-data => data/acpi}/q35/SSDT.dimmpxm  | Bin
  .../acpi}/rebuild-expected-aml.sh   |   2 --
  46 files changed, 1 insertion(+), 7 deletions(-)
  rename tests/{acpi-test-data => data/acpi}/pc/APIC (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/APIC.cphp (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/APIC.dimmpxm (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/DSDT (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/DSDT.bridge (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/DSDT.cphp (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/DSDT.dimmpxm (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/DSDT.ipmikcs (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/DSDT.memhp (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/DSDT.numamem (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/FACP (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/FACS (100%)
  rename tests/{acpi-test-data => data/acpi}/pc/HPET (100%)
  rename tests/{acpi-test-data => data/

[Qemu-devel] [PULL 03/10] hw/arm/nrf51_soc: Connect UART to nRF51 SoC

[Peter Maydell]

From: Julia Suvorova 

Wire up nRF51 UART in the corresponding SoC.

Signed-off-by: Julia Suvorova 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Alistair Francis 
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 include/hw/arm/nrf51_soc.h |  3 +++
 hw/arm/microbit.c  |  2 ++
 hw/arm/nrf51_soc.c | 20 
 3 files changed, 25 insertions(+)

diff --git a/include/hw/arm/nrf51_soc.h b/include/hw/arm/nrf51_soc.h
index f4e092b554e..73fc92e9a8d 100644
--- a/include/hw/arm/nrf51_soc.h
+++ b/include/hw/arm/nrf51_soc.h
@@ -12,6 +12,7 @@
 
 #include "hw/sysbus.h"
 #include "hw/arm/armv7m.h"
+#include "hw/char/nrf51_uart.h"
 
 #define TYPE_NRF51_SOC "nrf51-soc"
 #define NRF51_SOC(obj) \
@@ -24,6 +25,8 @@ typedef struct NRF51State {
 /*< public >*/
 ARMv7MState cpu;
 
+NRF51UARTState uart;
+
 MemoryRegion iomem;
 MemoryRegion sram;
 MemoryRegion flash;
diff --git a/hw/arm/microbit.c b/hw/arm/microbit.c
index e7d74116a50..a734e7f650e 100644
--- a/hw/arm/microbit.c
+++ b/hw/arm/microbit.c
@@ -12,6 +12,7 @@
 #include "qapi/error.h"
 #include "hw/boards.h"
 #include "hw/arm/arm.h"
+#include "sysemu/sysemu.h"
 #include "exec/address-spaces.h"
 
 #include "hw/arm/nrf51_soc.h"
@@ -35,6 +36,7 @@ static void microbit_init(MachineState *machine)
 
 sysbus_init_child_obj(OBJECT(machine), "nrf51", soc, sizeof(s->nrf51),
   TYPE_NRF51_SOC);
+qdev_prop_set_chr(DEVICE(&s->nrf51), "serial0", serial_hd(0));
 object_property_set_link(soc, OBJECT(system_memory), "memory",
  &error_fatal);
 object_property_set_bool(soc, true, "realized", &error_fatal);
diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c
index 1a59ef45525..b89c1bdea08 100644
--- a/hw/arm/nrf51_soc.c
+++ b/hw/arm/nrf51_soc.c
@@ -43,9 +43,12 @@
 #define NRF51822_FLASH_SIZE (256 * 1024)
 #define NRF51822_SRAM_SIZE  (16 * 1024)
 
+#define BASE_TO_IRQ(base) ((base >> 12) & 0x1F)
+
 static void nrf51_soc_realize(DeviceState *dev_soc, Error **errp)
 {
 NRF51State *s = NRF51_SOC(dev_soc);
+MemoryRegion *mr;
 Error *err = NULL;
 
 if (!s->board_memory) {
@@ -82,6 +85,18 @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error 
**errp)
 }
 memory_region_add_subregion(&s->container, SRAM_BASE, &s->sram);
 
+/* UART */
+object_property_set_bool(OBJECT(&s->uart), true, "realized", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->uart), 0);
+memory_region_add_subregion_overlap(&s->container, UART_BASE, mr, 0);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->uart), 0,
+   qdev_get_gpio_in(DEVICE(&s->cpu),
+   BASE_TO_IRQ(UART_BASE)));
+
 create_unimplemented_device("nrf51_soc.io", IOMEM_BASE, IOMEM_SIZE);
 create_unimplemented_device("nrf51_soc.ficr", FICR_BASE, FICR_SIZE);
 create_unimplemented_device("nrf51_soc.private",
@@ -99,6 +114,11 @@ static void nrf51_soc_init(Object *obj)
 qdev_prop_set_string(DEVICE(&s->cpu), "cpu-type",
  ARM_CPU_TYPE_NAME("cortex-m0"));
 qdev_prop_set_uint32(DEVICE(&s->cpu), "num-irq", 32);
+
+sysbus_init_child_obj(obj, "uart", &s->uart, sizeof(s->uart),
+   TYPE_NRF51_UART);
+object_property_add_alias(obj, "serial0", OBJECT(&s->uart), "chardev",
+  &error_abort);
 }
 
 static Property nrf51_soc_properties[] = {
-- 
2.19.1

[Qemu-devel] [PULL 04/10] tests/boot-serial-test: Add microbit board testcase

[Peter Maydell]

From: Julia Suvorova 

New mini-kernel test for nRF51 SoC UART.

Signed-off-by: Julia Suvorova 
Acked-by: Thomas Huth 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Peter Maydell 
---
 tests/boot-serial-test.c | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index f865822e32f..8ec6aed35d2 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -62,6 +62,24 @@ static const uint8_t kernel_aarch64[] = {
 0xfd, 0xff, 0xff, 0x17, /* b   -12 (loop) */
 };
 
+static const uint8_t kernel_nrf51[] = {
+0x00, 0x00, 0x00, 0x00, /* Stack top address */
+0x09, 0x00, 0x00, 0x00, /* Reset handler address */
+0x04, 0x4a, /* ldr  r2, [pc, #16] Get ENABLE */
+0x04, 0x21, /* movs r1, #4 */
+0x11, 0x60, /* str  r1, [r2] */
+0x04, 0x4a, /* ldr  r2, [pc, #16] Get STARTTX 
*/
+0x01, 0x21, /* movs r1, #1 */
+0x11, 0x60, /* str  r1, [r2] */
+0x03, 0x4a, /* ldr  r2, [pc, #12] Get TXD */
+0x54, 0x21, /* movs r1, 'T' */
+0x11, 0x60, /* str  r1, [r2] */
+0xfe, 0xe7, /* b. */
+0x00, 0x25, 0x00, 0x40, /* 0x40002500 = UART ENABLE */
+0x08, 0x20, 0x00, 0x40, /* 0x40002008 = UART STARTTX */
+0x1c, 0x25, 0x00, 0x40  /* 0x4000251c = UART TXD */
+};
+
 typedef struct testdef {
 const char *arch;   /* Target architecture */
 const char *machine;/* Name of the machine */
@@ -105,6 +123,7 @@ static testdef_t tests[] = {
 { "hppa", "hppa", "", "SeaBIOS wants SYSTEM HALT" },
 { "aarch64", "virt", "-cpu cortex-a57", "TT", sizeof(kernel_aarch64),
   kernel_aarch64 },
+{ "arm", "microbit", "", "T", sizeof(kernel_nrf51), kernel_nrf51 },
 
 { NULL }
 };
-- 
2.19.1

[Qemu-devel] [PULL 05/10] MAINTAINERS: Remove bouncing email in ARM ACPI

[Peter Maydell]

From: Philippe Mathieu-Daudé 

Shannon Zhao's email at Huawei is bouncing: remove it.

X-Failed-Recipients: zhaoshengl...@huawei.com
** Address not found **
Your message wasn't delivered to zhaoshengl...@huawei.com because the 
address couldn't be found, or is unable to receive mail.

Note that the section still contains his personal email (see e59f13d76bb).

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Shannon Zhao 
Message-id: 20181029195931.8747-1-phi...@redhat.com
Signed-off-by: Peter Maydell 
---
 MAINTAINERS | 1 -
 1 file changed, 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 85f19f569ff..98a1856afc0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -627,7 +627,6 @@ F: hw/*/xlnx*.c
 F: include/hw/*/xlnx*.h
 
 ARM ACPI Subsystem
-M: Shannon Zhao 
 M: Shannon Zhao 
 L: qemu-...@nongnu.org
 S: Maintained
-- 
2.19.1

[Qemu-devel] [PULL 08/10] target/arm: Conditionalize some asserts on aarch32 support

[Peter Maydell]

From: Richard Henderson 

When populating id registers from kvm, on a host that doesn't support
aarch32 mode at all, neither arm_div nor jazelle will be supported either.

Signed-off-by: Richard Henderson 
Reviewed-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-id: 20181102102025.3546-1-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h |  5 +
 target/arm/cpu.c | 15 +--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 8e6779936eb..b5eff79f73b 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3296,6 +3296,11 @@ static inline bool isar_feature_aa64_fp16(const 
ARMISARegisters *id)
 return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, FP) == 1;
 }
 
+static inline bool isar_feature_aa64_aa32(const ARMISARegisters *id)
+{
+return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, EL0) >= 2;
+}
+
 static inline bool isar_feature_aa64_sve(const ARMISARegisters *id)
 {
 return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, SVE) != 0;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 8f16e96b6c8..784a4c2dfcc 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -774,6 +774,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 CPUARMState *env = &cpu->env;
 int pagebits;
 Error *local_err = NULL;
+bool no_aa32 = false;
 
 /* If we needed to query the host kernel for the CPU features
  * then it's possible that might have failed in the initfn, but
@@ -820,6 +821,16 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 set_feature(env, ARM_FEATURE_V7VE);
 }
 }
+
+/*
+ * There exist AArch64 cpus without AArch32 support.  When KVM
+ * queries ID_ISAR0_EL1 on such a host, the value is UNKNOWN.
+ * Similarly, we cannot check ID_AA64PFR0 without AArch64 support.
+ */
+if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
+no_aa32 = !cpu_isar_feature(aa64_aa32, cpu);
+}
+
 if (arm_feature(env, ARM_FEATURE_V7VE)) {
 /* v7 Virtualization Extensions. In real hardware this implies
  * EL2 and also the presence of the Security Extensions.
@@ -829,7 +840,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
  * Presence of EL2 itself is ARM_FEATURE_EL2, and of the
  * Security Extensions is ARM_FEATURE_EL3.
  */
-assert(cpu_isar_feature(arm_div, cpu));
+assert(no_aa32 || cpu_isar_feature(arm_div, cpu));
 set_feature(env, ARM_FEATURE_LPAE);
 set_feature(env, ARM_FEATURE_V7);
 }
@@ -855,7 +866,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 if (arm_feature(env, ARM_FEATURE_V6)) {
 set_feature(env, ARM_FEATURE_V5);
 if (!arm_feature(env, ARM_FEATURE_M)) {
-assert(cpu_isar_feature(jazelle, cpu));
+assert(no_aa32 || cpu_isar_feature(jazelle, cpu));
 set_feature(env, ARM_FEATURE_AUXCR);
 }
 }
-- 
2.19.1

[Qemu-devel] [PULL 07/10] hw/arm/xilinx_zynq: Use the ARRAY_SIZE macro

[Peter Maydell]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Reviewed-by: Richard Henderson 
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/arm/xilinx_zynq.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index f1496d29273..57497b0c4d3 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -294,7 +294,7 @@ static void zynq_init(MachineState *machine)
 busdev = SYS_BUS_DEVICE(dev);
 sysbus_mmio_map(busdev, 0, 0xF8003000);
 sysbus_connect_irq(busdev, 0, pic[45-IRQ_OFFSET]); /* abort irq line */
-for (n = 0; n < 8; ++n) { /* event irqs */
+for (n = 0; n < ARRAY_SIZE(dma_irqs); ++n) { /* event irqs */
 sysbus_connect_irq(busdev, n + 1, pic[dma_irqs[n] - IRQ_OFFSET]);
 }
 
-- 
2.19.1

[Qemu-devel] [PULL v3 00/10] target-arm queue

[Peter Maydell]

This is a respin of my pull request from earlier this week:
 * versal board compile failure fixed
 * a few new patches:
  - MAINTAINERS file fix
  - use ARRAY_SIZE macro in xilinx_zynq
  - avoid an array overrun in strongarm GPIO irq handling
  - fix an assert running KVM on an aarch64-only host

The following changes since commit 69e2d03843412b9c076515b3aa9a71db161b6a1a:

  Merge remote-tracking branch 'remotes/riscv/tags/riscv-for-master-3.1-sf1' 
into staging (2018-11-02 13:16:13 +)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20181102

for you to fetch changes up to 6f16da53ffe4567c0353f85055df04860eb4e6fc:

  hw/arm: versal: Add a virtual Xilinx Versal board (2018-11-02 14:11:31 +)


target-arm queue:
 * microbit: Add the UART to our nRF51 SoC model
 * Add a virtual Xilinx Versal board "xlnx-versal-virt"
 * hw/arm/virt: Set VIRT_COMPAT_3_0 compat
 * MAINTAINERS: Remove bouncing email in ARM ACPI
 * strongarm: mask off high[31:28] bits from dir and state registers
 * target/arm: Conditionalize some asserts on aarch32 support
 * hw/arm/xilinx_zynq: Use the ARRAY_SIZE macro


Edgar E. Iglesias (2):
  hw/arm: versal: Add a model of Xilinx Versal SoC
  hw/arm: versal: Add a virtual Xilinx Versal board

Eric Auger (1):
  hw/arm/virt: Set VIRT_COMPAT_3_0 compat

Julia Suvorova (3):
  hw/char: Implement nRF51 SoC UART
  hw/arm/nrf51_soc: Connect UART to nRF51 SoC
  tests/boot-serial-test: Add microbit board testcase

Philippe Mathieu-Daudé (2):
  MAINTAINERS: Remove bouncing email in ARM ACPI
  hw/arm/xilinx_zynq: Use the ARRAY_SIZE macro

Prasad J Pandit (1):
  strongarm: mask off high[31:28] bits from dir and state registers

Richard Henderson (1):
  target/arm: Conditionalize some asserts on aarch32 support

 hw/arm/Makefile.objs|   1 +
 hw/char/Makefile.objs   |   1 +
 include/hw/arm/nrf51_soc.h  |   3 +
 include/hw/arm/xlnx-versal.h| 122 +
 include/hw/char/nrf51_uart.h|  78 ++
 target/arm/cpu.h|   5 +
 hw/arm/microbit.c   |   2 +
 hw/arm/nrf51_soc.c  |  20 ++
 hw/arm/strongarm.c  |   4 +-
 hw/arm/virt.c   |   4 +
 hw/arm/xilinx_zynq.c|   2 +-
 hw/arm/xlnx-versal-virt.c   | 494 
 hw/arm/xlnx-versal.c| 323 +++
 hw/char/nrf51_uart.c| 330 
 target/arm/cpu.c|  15 +-
 tests/boot-serial-test.c|  19 ++
 MAINTAINERS |   1 -
 default-configs/aarch64-softmmu.mak |   1 +
 hw/char/trace-events|   4 +
 19 files changed, 1423 insertions(+), 6 deletions(-)
 create mode 100644 include/hw/arm/xlnx-versal.h
 create mode 100644 include/hw/char/nrf51_uart.h
 create mode 100644 hw/arm/xlnx-versal-virt.c
 create mode 100644 hw/arm/xlnx-versal.c
 create mode 100644 hw/char/nrf51_uart.c

[Qemu-devel] [PULL 09/10] hw/arm: versal: Add a model of Xilinx Versal SoC

[Peter Maydell]

From: "Edgar E. Iglesias" 

Add a model of Xilinx Versal SoC.

Signed-off-by: Edgar E. Iglesias 
Message-id: 20181102131913.1535-2-edgar.igles...@xilinx.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/arm/Makefile.objs|   1 +
 include/hw/arm/xlnx-versal.h| 122 +++
 hw/arm/xlnx-versal.c| 323 
 default-configs/aarch64-softmmu.mak |   1 +
 4 files changed, 447 insertions(+)
 create mode 100644 include/hw/arm/xlnx-versal.h
 create mode 100644 hw/arm/xlnx-versal.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 5f88062c666..ec21d9bc1f0 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -26,6 +26,7 @@ obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zynqmp.o xlnx-zcu102.o
+obj-$(CONFIG_XLNX_VERSAL) += xlnx-versal.o
 obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
 obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h
new file mode 100644
index 000..9da621e4b68
--- /dev/null
+++ b/include/hw/arm/xlnx-versal.h
@@ -0,0 +1,122 @@
+/*
+ * Model of the Xilinx Versal
+ *
+ * Copyright (c) 2018 Xilinx Inc.
+ * Written by Edgar E. Iglesias
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 or
+ * (at your option) any later version.
+ */
+
+#ifndef XLNX_VERSAL_H
+#define XLNX_VERSAL_H
+
+#include "hw/sysbus.h"
+#include "hw/arm/arm.h"
+#include "hw/intc/arm_gicv3.h"
+
+#define TYPE_XLNX_VERSAL "xlnx-versal"
+#define XLNX_VERSAL(obj) OBJECT_CHECK(Versal, (obj), TYPE_XLNX_VERSAL)
+
+#define XLNX_VERSAL_NR_ACPUS   2
+#define XLNX_VERSAL_NR_UARTS   2
+#define XLNX_VERSAL_NR_GEMS2
+#define XLNX_VERSAL_NR_IRQS256
+
+typedef struct Versal {
+/*< private >*/
+SysBusDevice parent_obj;
+
+/*< public >*/
+struct {
+struct {
+MemoryRegion mr;
+ARMCPU *cpu[XLNX_VERSAL_NR_ACPUS];
+GICv3State gic;
+} apu;
+} fpd;
+
+MemoryRegion mr_ps;
+
+struct {
+/* 4 ranges to access DDR.  */
+MemoryRegion mr_ddr_ranges[4];
+} noc;
+
+struct {
+MemoryRegion mr_ocm;
+
+struct {
+SysBusDevice *uart[XLNX_VERSAL_NR_UARTS];
+SysBusDevice *gem[XLNX_VERSAL_NR_GEMS];
+} iou;
+} lpd;
+
+struct {
+MemoryRegion *mr_ddr;
+uint32_t psci_conduit;
+} cfg;
+} Versal;
+
+/* Memory-map and IRQ definitions. Copied a subset from
+ * auto-generated files.  */
+
+#define VERSAL_GIC_MAINT_IRQ9
+#define VERSAL_TIMER_VIRT_IRQ   11
+#define VERSAL_TIMER_S_EL1_IRQ  13
+#define VERSAL_TIMER_NS_EL1_IRQ 14
+#define VERSAL_TIMER_NS_EL2_IRQ 10
+
+#define VERSAL_UART0_IRQ_0 18
+#define VERSAL_UART1_IRQ_0 19
+#define VERSAL_GEM0_IRQ_0  56
+#define VERSAL_GEM0_WAKE_IRQ_0 57
+#define VERSAL_GEM1_IRQ_0  58
+#define VERSAL_GEM1_WAKE_IRQ_0 59
+
+/* Architecturally eserved IRQs suitable for virtualization.  */
+#define VERSAL_RSVD_HIGH_IRQ_FIRST 160
+#define VERSAL_RSVD_HIGH_IRQ_LAST  255
+
+#define MM_TOP_RSVD 0xa000U
+#define MM_TOP_RSVD_SIZE0x400
+#define MM_GIC_APU_DIST_MAIN0xf900U
+#define MM_GIC_APU_DIST_MAIN_SIZE   0x1
+#define MM_GIC_APU_REDIST_0 0xf908U
+#define MM_GIC_APU_REDIST_0_SIZE0x8
+
+#define MM_UART00xff00U
+#define MM_UART0_SIZE   0x1
+#define MM_UART10xff01U
+#define MM_UART1_SIZE   0x1
+
+#define MM_GEM0 0xff0cU
+#define MM_GEM0_SIZE0x1
+#define MM_GEM1 0xff0dU
+#define MM_GEM1_SIZE0x1
+
+#define MM_OCM  0xfffcU
+#define MM_OCM_SIZE 0x4
+
+#define MM_TOP_DDR  0x0
+#define MM_TOP_DDR_SIZE 0x8000U
+#define MM_TOP_DDR_20x8ULL
+#define MM_TOP_DDR_2_SIZE   0x8ULL
+#define MM_TOP_DDR_30xc0ULL
+#define MM_TOP_DDR_3_SIZE   0x40ULL
+#define MM_TOP_DDR_40x100ULL
+#define MM_TOP_DDR_4_SIZE   0xb78000ULL
+
+#define MM_PSM_START0xffc8U
+#define MM_PSM_END  0xffcfU
+
+#define MM_CRL  0xff5eU
+#define MM_CRL_SIZE 0x30
+#define MM_IOU_SCNTR0xff13U
+#define MM_IOU_SCNTR_SIZE   0x1
+#define MM_IOU_SCNTRS   0xff14U
+#define MM_IOU_SCNTRS_SIZE  0x1
+#define MM_FPD_CRF

[Qemu-devel] [PULL 10/10] hw/arm: versal: Add a virtual Xilinx Versal board

[Peter Maydell]

From: "Edgar E. Iglesias" 

Add a virtual Xilinx Versal board.

This board is based on the Xilinx Versal SoC. The exact
details of what peripherals are attached to this board
will remain in control of QEMU. QEMU will generate an
FDT on the fly for Linux and other software to auto-discover
peripherals.

Signed-off-by: Edgar E. Iglesias 
Message-id: 20181102131913.1535-3-edgar.igles...@xilinx.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/arm/Makefile.objs  |   2 +-
 hw/arm/xlnx-versal-virt.c | 494 ++
 2 files changed, 495 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/xlnx-versal-virt.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index ec21d9bc1f0..50c7b4a927d 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -26,7 +26,7 @@ obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zynqmp.o xlnx-zcu102.o
-obj-$(CONFIG_XLNX_VERSAL) += xlnx-versal.o
+obj-$(CONFIG_XLNX_VERSAL) += xlnx-versal.o xlnx-versal-virt.o
 obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
 obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
diff --git a/hw/arm/xlnx-versal-virt.c b/hw/arm/xlnx-versal-virt.c
new file mode 100644
index 000..1e31a3f4429
--- /dev/null
+++ b/hw/arm/xlnx-versal-virt.c
@@ -0,0 +1,494 @@
+/*
+ * Xilinx Versal Virtual board.
+ *
+ * Copyright (c) 2018 Xilinx Inc.
+ * Written by Edgar E. Iglesias
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 or
+ * (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+#include "sysemu/device_tree.h"
+#include "exec/address-spaces.h"
+#include "hw/boards.h"
+#include "hw/sysbus.h"
+#include "hw/arm/sysbus-fdt.h"
+#include "hw/arm/fdt.h"
+#include "cpu.h"
+#include "hw/arm/xlnx-versal.h"
+
+#define TYPE_XLNX_VERSAL_VIRT_MACHINE MACHINE_TYPE_NAME("xlnx-versal-virt")
+#define XLNX_VERSAL_VIRT_MACHINE(obj) \
+OBJECT_CHECK(VersalVirt, (obj), TYPE_XLNX_VERSAL_VIRT_MACHINE)
+
+typedef struct VersalVirt {
+MachineState parent_obj;
+
+Versal soc;
+MemoryRegion mr_ddr;
+
+void *fdt;
+int fdt_size;
+struct {
+uint32_t gic;
+uint32_t ethernet_phy[2];
+uint32_t clk_125Mhz;
+uint32_t clk_25Mhz;
+} phandle;
+struct arm_boot_info binfo;
+
+struct {
+bool secure;
+} cfg;
+} VersalVirt;
+
+static void fdt_create(VersalVirt *s)
+{
+MachineClass *mc = MACHINE_GET_CLASS(s);
+int i;
+
+s->fdt = create_device_tree(&s->fdt_size);
+if (!s->fdt) {
+error_report("create_device_tree() failed");
+exit(1);
+}
+
+/* Allocate all phandles.  */
+s->phandle.gic = qemu_fdt_alloc_phandle(s->fdt);
+for (i = 0; i < ARRAY_SIZE(s->phandle.ethernet_phy); i++) {
+s->phandle.ethernet_phy[i] = qemu_fdt_alloc_phandle(s->fdt);
+}
+s->phandle.clk_25Mhz = qemu_fdt_alloc_phandle(s->fdt);
+s->phandle.clk_125Mhz = qemu_fdt_alloc_phandle(s->fdt);
+
+/* Create /chosen node for load_dtb.  */
+qemu_fdt_add_subnode(s->fdt, "/chosen");
+
+/* Header */
+qemu_fdt_setprop_cell(s->fdt, "/", "interrupt-parent", s->phandle.gic);
+qemu_fdt_setprop_cell(s->fdt, "/", "#size-cells", 0x2);
+qemu_fdt_setprop_cell(s->fdt, "/", "#address-cells", 0x2);
+qemu_fdt_setprop_string(s->fdt, "/", "model", mc->desc);
+qemu_fdt_setprop_string(s->fdt, "/", "compatible", "xlnx-versal-virt");
+}
+
+static void fdt_add_clk_node(VersalVirt *s, const char *name,
+ unsigned int freq_hz, uint32_t phandle)
+{
+qemu_fdt_add_subnode(s->fdt, name);
+qemu_fdt_setprop_cell(s->fdt, name, "phandle", phandle);
+qemu_fdt_setprop_cell(s->fdt, name, "clock-frequency", freq_hz);
+qemu_fdt_setprop_cell(s->fdt, name, "#clock-cells", 0x0);
+qemu_fdt_setprop_string(s->fdt, name, "compatible", "fixed-clock");
+qemu_fdt_setprop(s->fdt, name, "u-boot,dm-pre-reloc", NULL, 0);
+}
+
+static void fdt_add_cpu_nodes(VersalVirt *s, uint32_t psci_conduit)
+{
+int i;
+
+qemu_fdt_add_subnode(s->fdt, "/cpus");
+qemu_fdt_setprop_cell(s->fdt, "/cpus", "#size-cells", 0x0);
+qemu_fdt_setprop_cell(s->fdt, "/cpus", "#address-cells", 1);
+
+for (i = XLNX_VERSAL_NR_ACPUS - 1; i >= 0; i--) {
+char *name = g_strdup_printf("/cpus/cpu@%d", i);
+ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(i));
+
+qemu_fdt_add_subnode(s->fdt, name);
+qemu_fdt_setprop_cell(s->fdt, name, "reg", armcpu->mp_affinity);
+if (psci_conduit != QEMU_PSCI_CONDUIT_DISABLED) {
+qemu_fdt_setprop_string(s->fdt, name, "enable-method", "psci");
+}
+  

[Qemu-devel] [PATCH v4 12/13] arm: Instantiate NRF51 Timers

[Steffen Görtz]

Instantiates TIMER0 - TIMER2

Signed-off-by: Steffen Görtz 
Reviewed-by: Stefan Hajnoczi 
---
 hw/arm/nrf51_soc.c | 27 +++
 include/hw/arm/nrf51_soc.h |  4 
 2 files changed, 31 insertions(+)

diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c
index 2c4e80892b..36dac03896 100644
--- a/hw/arm/nrf51_soc.c
+++ b/hw/arm/nrf51_soc.c
@@ -40,6 +40,8 @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error 
**errp)
 NRF51State *s = NRF51_SOC(dev_soc);
 MemoryRegion *mr;
 Error *err = NULL;
+uint8_t i = 0;
+hwaddr base_addr = 0;
 
 if (!s->board_memory) {
 error_setg(errp, "memory property was not set");
@@ -141,6 +143,22 @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error 
**errp)
 /* Pass all GPIOs to the SOC layer so they are available to the board */
 qdev_pass_gpios(DEVICE(&s->gpio), dev_soc, NULL);
 
+/* TIMER */
+for (i = 0; i < NRF51_NUM_TIMERS; i++) {
+object_property_set_bool(OBJECT(&s->timer[i]), true, "realized", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+base_addr = NRF51_TIMER_BASE + i * NRF51_TIMER_SIZE;
+
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->timer[i]), 0, base_addr);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->timer[i]), 0,
+   qdev_get_gpio_in(DEVICE(&s->cpu),
+BASE_TO_IRQ(base_addr)));
+}
+
 
 create_unimplemented_device("nrf51_soc.io", NRF51_IOMEM_BASE,
 NRF51_IOMEM_SIZE);
@@ -150,6 +168,8 @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error 
**errp)
 
 static void nrf51_soc_init(Object *obj)
 {
+uint8_t i = 0;
+
 NRF51State *s = NRF51_SOC(obj);
 
 memory_region_init(&s->container, obj, "nrf51-container", UINT64_MAX);
@@ -173,6 +193,13 @@ static void nrf51_soc_init(Object *obj)
 sysbus_init_child_obj(obj, "gpio", &s->gpio, sizeof(s->gpio),
   TYPE_NRF51_GPIO);
 
+for (i = 0; i < NRF51_NUM_TIMERS; i++) {
+sysbus_init_child_obj(obj, "timer[*]", &s->timer[i],
+  sizeof(s->timer[i]), TYPE_NRF51_TIMER);
+
+}
+
+
 }
 
 static Property nrf51_soc_properties[] = {
diff --git a/include/hw/arm/nrf51_soc.h b/include/hw/arm/nrf51_soc.h
index d4a48ccf91..89525dcb39 100644
--- a/include/hw/arm/nrf51_soc.h
+++ b/include/hw/arm/nrf51_soc.h
@@ -16,11 +16,14 @@
 #include "hw/misc/nrf51_rng.h"
 #include "hw/nvram/nrf51_nvm.h"
 #include "hw/gpio/nrf51_gpio.h"
+#include "hw/timer/nrf51_timer.h"
 
 #define TYPE_NRF51_SOC "nrf51-soc"
 #define NRF51_SOC(obj) \
 OBJECT_CHECK(NRF51State, (obj), TYPE_NRF51_SOC)
 
+#define NRF51_NUM_TIMERS 3
+
 typedef struct NRF51State {
 /*< private >*/
 SysBusDevice parent_obj;
@@ -32,6 +35,7 @@ typedef struct NRF51State {
 NRF51RNGState rng;
 NRF51NVMState nvm;
 NRF51GPIOState gpio;
+NRF51TimerState timer[NRF51_NUM_TIMERS];
 
 MemoryRegion iomem;
 MemoryRegion sram;
-- 
2.19.1

[Qemu-devel] [PULL 01/10] hw/arm/virt: Set VIRT_COMPAT_3_0 compat

[Peter Maydell]

From: Eric Auger 

We are missing the VIRT_COMPAT_3_0 definition and setting.
Let's add them.

Signed-off-by: Eric Auger 
Reviewed-by: Andrew Jones 
Message-id: 20181024085602.16611-1-eric.au...@redhat.com
Signed-off-by: Peter Maydell 
---
 hw/arm/virt.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 9f677825f9f..a2b8d8f7c2c 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1871,6 +1871,9 @@ static void virt_machine_3_1_options(MachineClass *mc)
 }
 DEFINE_VIRT_MACHINE_AS_LATEST(3, 1)
 
+#define VIRT_COMPAT_3_0 \
+HW_COMPAT_3_0
+
 static void virt_3_0_instance_init(Object *obj)
 {
 virt_3_1_instance_init(obj);
@@ -1879,6 +1882,7 @@ static void virt_3_0_instance_init(Object *obj)
 static void virt_machine_3_0_options(MachineClass *mc)
 {
 virt_machine_3_1_options(mc);
+SET_MACHINE_COMPAT(mc, VIRT_COMPAT_3_0);
 }
 DEFINE_VIRT_MACHINE(3, 0)
 
-- 
2.19.1

[Qemu-devel] [PULL 02/10] hw/char: Implement nRF51 SoC UART

[Peter Maydell]

From: Julia Suvorova 

Not implemented: CTS/NCTS, PSEL*.

Signed-off-by: Julia Suvorova 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Peter Maydell 
---
 hw/char/Makefile.objs|   1 +
 include/hw/char/nrf51_uart.h |  78 +
 hw/char/nrf51_uart.c | 330 +++
 hw/char/trace-events |   4 +
 4 files changed, 413 insertions(+)
 create mode 100644 include/hw/char/nrf51_uart.h
 create mode 100644 hw/char/nrf51_uart.c

diff --git a/hw/char/Makefile.objs b/hw/char/Makefile.objs
index b5705312910..c4947d7ae7b 100644
--- a/hw/char/Makefile.objs
+++ b/hw/char/Makefile.objs
@@ -1,5 +1,6 @@
 common-obj-$(CONFIG_IPACK) += ipoctal232.o
 common-obj-$(CONFIG_ESCC) += escc.o
+common-obj-$(CONFIG_NRF51_SOC) += nrf51_uart.o
 common-obj-$(CONFIG_PARALLEL) += parallel.o
 common-obj-$(CONFIG_PARALLEL) += parallel-isa.o
 common-obj-$(CONFIG_PL011) += pl011.o
diff --git a/include/hw/char/nrf51_uart.h b/include/hw/char/nrf51_uart.h
new file mode 100644
index 000..e3ecb7c81c2
--- /dev/null
+++ b/include/hw/char/nrf51_uart.h
@@ -0,0 +1,78 @@
+/*
+ * nRF51 SoC UART emulation
+ *
+ * Copyright (c) 2018 Julia Suvorova 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 or
+ * (at your option) any later version.
+ */
+
+#ifndef NRF51_UART_H
+#define NRF51_UART_H
+
+#include "hw/sysbus.h"
+#include "chardev/char-fe.h"
+#include "hw/registerfields.h"
+
+#define UART_FIFO_LENGTH 6
+#define UART_BASE 0x40002000
+#define UART_SIZE 0x1000
+
+#define TYPE_NRF51_UART "nrf51_soc.uart"
+#define NRF51_UART(obj) OBJECT_CHECK(NRF51UARTState, (obj), TYPE_NRF51_UART)
+
+REG32(UART_STARTRX, 0x000)
+REG32(UART_STOPRX, 0x004)
+REG32(UART_STARTTX, 0x008)
+REG32(UART_STOPTX, 0x00C)
+REG32(UART_SUSPEND, 0x01C)
+
+REG32(UART_CTS, 0x100)
+REG32(UART_NCTS, 0x104)
+REG32(UART_RXDRDY, 0x108)
+REG32(UART_TXDRDY, 0x11C)
+REG32(UART_ERROR, 0x124)
+REG32(UART_RXTO, 0x144)
+
+REG32(UART_INTEN, 0x300)
+FIELD(UART_INTEN, CTS, 0, 1)
+FIELD(UART_INTEN, NCTS, 1, 1)
+FIELD(UART_INTEN, RXDRDY, 2, 1)
+FIELD(UART_INTEN, TXDRDY, 7, 1)
+FIELD(UART_INTEN, ERROR, 9, 1)
+FIELD(UART_INTEN, RXTO, 17, 1)
+REG32(UART_INTENSET, 0x304)
+REG32(UART_INTENCLR, 0x308)
+REG32(UART_ERRORSRC, 0x480)
+REG32(UART_ENABLE, 0x500)
+REG32(UART_PSELRTS, 0x508)
+REG32(UART_PSELTXD, 0x50C)
+REG32(UART_PSELCTS, 0x510)
+REG32(UART_PSELRXD, 0x514)
+REG32(UART_RXD, 0x518)
+REG32(UART_TXD, 0x51C)
+REG32(UART_BAUDRATE, 0x524)
+REG32(UART_CONFIG, 0x56C)
+
+typedef struct NRF51UARTState {
+SysBusDevice parent_obj;
+
+MemoryRegion iomem;
+CharBackend chr;
+qemu_irq irq;
+guint watch_tag;
+
+uint8_t rx_fifo[UART_FIFO_LENGTH];
+unsigned int rx_fifo_pos;
+unsigned int rx_fifo_len;
+
+uint32_t reg[0x56C];
+
+bool rx_started;
+bool tx_started;
+bool pending_tx_byte;
+bool enabled;
+} NRF51UARTState;
+
+#endif
diff --git a/hw/char/nrf51_uart.c b/hw/char/nrf51_uart.c
new file mode 100644
index 000..2f5fae61671
--- /dev/null
+++ b/hw/char/nrf51_uart.c
@@ -0,0 +1,330 @@
+/*
+ * nRF51 SoC UART emulation
+ *
+ * See nRF51 Series Reference Manual, "29 Universal Asynchronous
+ * Receiver/Transmitter" for hardware specifications:
+ * http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf
+ *
+ * Copyright (c) 2018 Julia Suvorova 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 or
+ * (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "hw/char/nrf51_uart.h"
+#include "trace.h"
+
+static void nrf51_uart_update_irq(NRF51UARTState *s)
+{
+bool irq = false;
+
+irq |= (s->reg[R_UART_RXDRDY] &&
+(s->reg[R_UART_INTEN] & R_UART_INTEN_RXDRDY_MASK));
+irq |= (s->reg[R_UART_TXDRDY] &&
+(s->reg[R_UART_INTEN] & R_UART_INTEN_TXDRDY_MASK));
+irq |= (s->reg[R_UART_ERROR]  &&
+(s->reg[R_UART_INTEN] & R_UART_INTEN_ERROR_MASK));
+irq |= (s->reg[R_UART_RXTO]   &&
+(s->reg[R_UART_INTEN] & R_UART_INTEN_RXTO_MASK));
+
+qemu_set_irq(s->irq, irq);
+}
+
+static uint64_t uart_read(void *opaque, hwaddr addr, unsigned int size)
+{
+NRF51UARTState *s = NRF51_UART(opaque);
+uint64_t r;
+
+if (!s->enabled) {
+return 0;
+}
+
+switch (addr) {
+case A_UART_RXD:
+r = s->rx_fifo[s->rx_fifo_pos];
+if (s->rx_started && s->rx_fifo_len) {
+s->rx_fifo_pos = (s->rx_fifo_pos + 1) % UART_FIFO_LENGTH;
+s->rx_fifo_len--;
+if (s->rx_fifo_len) {
+s->reg[R_UART_RXDRDY] = 1;
+nrf51_uart_update_irq(s);
+}
+qemu_chr_fe_accept_input(&s->chr);
+}
+break;
+case A_UART_INTENSET:
+case A_UART_INTENCLR:
+case A_UART_INTEN:
+r = s->reg[R_UART_INTEN];
+b

[Qemu-devel] [PATCH v4 11/13] hw/timer/nrf51_timer: Add nRF51 Timer peripheral

[Steffen Görtz]

This patch adds the model for the nRF51 timer peripheral.
Currently, only the TIMER mode is implemented.

Signed-off-by: Steffen Görtz 
---
 hw/timer/Makefile.objs |   1 +
 hw/timer/nrf51_timer.c | 368 +
 hw/timer/trace-events  |   5 +
 include/hw/timer/nrf51_timer.h |  75 +++
 4 files changed, 449 insertions(+)
 create mode 100644 hw/timer/nrf51_timer.c
 create mode 100644 include/hw/timer/nrf51_timer.h

diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
index b32194d153..0e9a4530f8 100644
--- a/hw/timer/Makefile.objs
+++ b/hw/timer/Makefile.objs
@@ -23,6 +23,7 @@ common-obj-$(CONFIG_IMX) += imx_gpt.o
 common-obj-$(CONFIG_LM32) += lm32_timer.o
 common-obj-$(CONFIG_MILKYMIST) += milkymist-sysctl.o
 common-obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp-rtc.o
+common-obj-$(CONFIG_NRF51_SOC) += nrf51_timer.o
 
 obj-$(CONFIG_ALTERA_TIMER) += altera_timer.o
 obj-$(CONFIG_EXYNOS4) += exynos4210_mct.o
diff --git a/hw/timer/nrf51_timer.c b/hw/timer/nrf51_timer.c
new file mode 100644
index 00..623b5dd18e
--- /dev/null
+++ b/hw/timer/nrf51_timer.c
@@ -0,0 +1,368 @@
+/*
+ * nRF51 System-on-Chip Timer peripheral
+ *
+ * Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf
+ * Product Spec: http://infocenter.nordicsemi.com/pdf/nRF51822_PS_v3.1.pdf
+ *
+ * Copyright 2018 Steffen Görtz 
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "hw/arm/nrf51.h"
+#include "hw/timer/nrf51_timer.h"
+#include "trace.h"
+
+#define TIMER_CLK 1600ULL
+
+static uint8_t const bitwidths[] = {16, 8, 24, 32};
+#define BWM(x) ((1UL << bitwidths[x]) - 1)
+
+typedef enum {
+NRF51_TIMER_TIMER = 0,
+NRF51_TIMER_COUNTER = 1
+} Nrf51TimerMode;
+
+
+static inline uint64_t ns_to_ticks(NRF51TimerState *s, uint64_t ns)
+{
+uint64_t t = NANOSECONDS_PER_SECOND * (1 << s->prescaler);
+return muldiv64(ns, TIMER_CLK, t);
+}
+
+static inline uint64_t ticks_to_ns(NRF51TimerState *s, uint64_t ticks)
+{
+ticks *= (1 << s->prescaler);
+return muldiv64(ticks, NANOSECONDS_PER_SECOND, TIMER_CLK);
+}
+
+static void update_irq(NRF51TimerState *s)
+{
+bool flag = false;
+size_t i;
+
+for (i = 0; i < NRF51_TIMER_REG_COUNT; i++) {
+flag |= s->events_compare[i] && extract32(s->inten, 16 + i, 1);
+}
+qemu_set_irq(s->irq, flag);
+}
+
+static void update_events(NRF51TimerState *s, uint64_t now)
+{
+uint64_t strobe;
+uint64_t tick;
+uint64_t cc;
+size_t i;
+bool occured;
+
+strobe = ns_to_ticks(s, now - s->last_visited);
+tick = ns_to_ticks(s, s->last_visited - s->time_offset) & BWM(s->bitmode);
+
+for (i = 0; i < NRF51_TIMER_REG_COUNT; i++) {
+cc = s->cc[i];
+
+if (tick < cc) {
+occured = (cc - tick) <= strobe;
+} else {
+occured = ((cc + (1UL << bitwidths[s->bitmode])) - tick) <= strobe;
+}
+
+s->events_compare[i] |= occured;
+}
+
+s->last_visited = now;
+}
+
+static int cmpfunc(const void *a, const void *b)
+{
+   return *(uint32_t *)a - *(uint32_t *)b;
+}
+
+static uint64_t get_next_timeout(NRF51TimerState *s, uint64_t now)
+{
+uint64_t r;
+size_t idx;
+
+uint64_t tick = (ns_to_ticks(s, now - s->time_offset)) & BWM(s->bitmode);
+int8_t next = -1;
+
+for (idx = 0; idx < NRF51_TIMER_REG_COUNT; idx++) {
+if (s->cc_sorted[idx] > tick) {
+next = idx;
+break;
+}
+}
+
+if (next == -1) {
+r = s->cc_sorted[0] + (1UL << bitwidths[s->bitmode]);
+} else {
+r = s->cc_sorted[next];
+}
+
+return now + ticks_to_ns(s, r - tick);
+}
+
+static void update_internal_state(NRF51TimerState *s, uint64_t now)
+{
+if (s->running) {
+timer_mod(&s->timer, get_next_timeout(s, now));
+} else {
+timer_del(&s->timer);
+}
+
+update_irq(s);
+}
+
+static void timer_expire(void *opaque)
+{
+NRF51TimerState *s = NRF51_TIMER(opaque);
+uint64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+update_events(s, now);
+update_internal_state(s, now);
+}
+
+static uint64_t nrf51_timer_read(void *opaque, hwaddr offset, unsigned int 
size)
+{
+NRF51TimerState *s = NRF51_TIMER(opaque);
+uint64_t r = 0;
+
+switch (offset) {
+case NRF51_TIMER_EVENT_COMPARE_0 ... NRF51_TIMER_EVENT_COMPARE_3:
+r = s->events_compare[(offset - NRF51_TIMER_EVENT_COMPARE_0) / 4];
+break;
+case NRF51_TIMER_REG_SHORTS:
+r = s->shorts;
+break;
+case NRF51_TIMER_REG_INTENSET:
+r = s->inten;
+break;
+case NRF51_TIMER_REG_INTENCLR:
+r = s->inten;
+break;
+case NRF51_TIMER_REG_MODE:
+r = s->mode;
+break;
+case NRF51_TIMER_REG_BITMODE:
+r = s->bitmode;
+break;
+case NRF51_TIMER_REG_PRESCALER:
+  

[Qemu-devel] [PULL 06/10] strongarm: mask off high[31:28] bits from dir and state registers

[Peter Maydell]

From: Prasad J Pandit 

The high[31:28] bits of 'direction' and 'state' registers of
SA-1100/SA-1110 device are reserved. Setting them may lead to
OOB 's->handler[]' array access issue. Mask off [31:28] bits to
avoid it.

Reported-by: Moguofang 
Signed-off-by: Prasad J Pandit 
Message-id: 20181030114635.31232-1-ppan...@redhat.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/arm/strongarm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
index ec2627374d0..644a9c45b4e 100644
--- a/hw/arm/strongarm.c
+++ b/hw/arm/strongarm.c
@@ -587,12 +587,12 @@ static void strongarm_gpio_write(void *opaque, hwaddr 
offset,
 
 switch (offset) {
 case GPDR:/* GPIO Pin-Direction registers */
-s->dir = value;
+s->dir = value & 0x0fff;
 strongarm_gpio_handler_update(s);
 break;
 
 case GPSR:/* GPIO Pin-Output Set registers */
-s->olevel |= value;
+s->olevel |= value & 0x0fff;
 strongarm_gpio_handler_update(s);
 break;
 
-- 
2.19.1

Re: [Qemu-devel] strange situation, guest cpu thread spinning at ~100%, but display not yet initialized

[Chris Friesen]

On 11/2/2018 10:55 AM, Alex Bennée wrote:


Chris Friesen  writes:

Given the "not initialized" message on the console, I wasn't sure
whether the kernel had even started yet.


There will be a lot that happens between the kernel decompressing and
some sort of video hardware output being started. You didn't say what
guest architecture you were booting or what your qemu command line was.
You might want to look at enabling the serial console and seeing if you
get some clues from that.


The qemu commandline is in the "ps" output in my original message. 
Guest arch is x86-64.


The serial console is a good idea, will try that.

Chris

[Qemu-devel] [PATCH v4 02/13] arm: Add header to host common definition for nRF51 SOC peripherals

[Steffen Görtz]

Adds a header that provides definitions that are used
across nRF51 peripherals

Signed-off-by: Steffen Görtz 
Reviewed-by: Stefan Hajnoczi 
---
 hw/arm/nrf51_soc.c   | 33 ++
 include/hw/arm/nrf51.h   | 45 
 include/hw/char/nrf51_uart.h |  1 -
 3 files changed, 57 insertions(+), 22 deletions(-)
 create mode 100644 include/hw/arm/nrf51.h

diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c
index b89c1bdea0..55f8eaafcb 100644
--- a/hw/arm/nrf51_soc.c
+++ b/hw/arm/nrf51_soc.c
@@ -21,27 +21,16 @@
 #include "qemu/log.h"
 #include "cpu.h"
 
+#include "hw/arm/nrf51.h"
 #include "hw/arm/nrf51_soc.h"
 
-#define IOMEM_BASE  0x4000
-#define IOMEM_SIZE  0x2000
-
-#define FICR_BASE   0x1000
-#define FICR_SIZE   0x00fc
-
-#define FLASH_BASE  0x
-#define SRAM_BASE   0x2000
-
-#define PRIVATE_BASE0xF000
-#define PRIVATE_SIZE0x1000
-
 /*
  * The size and base is for the NRF51822 part. If other parts
  * are supported in the future, add a sub-class of NRF51SoC for
  * the specific variants
  */
-#define NRF51822_FLASH_SIZE (256 * 1024)
-#define NRF51822_SRAM_SIZE  (16 * 1024)
+#define NRF51822_FLASH_SIZE (256 * NRF51_PAGE_SIZE)
+#define NRF51822_SRAM_SIZE  (16 * NRF51_PAGE_SIZE)
 
 #define BASE_TO_IRQ(base) ((base >> 12) & 0x1F)
 
@@ -76,14 +65,14 @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error 
**errp)
 error_propagate(errp, err);
 return;
 }
-memory_region_add_subregion(&s->container, FLASH_BASE, &s->flash);
+memory_region_add_subregion(&s->container, NRF51_FLASH_BASE, &s->flash);
 
 memory_region_init_ram(&s->sram, NULL, "nrf51.sram", s->sram_size, &err);
 if (err) {
 error_propagate(errp, err);
 return;
 }
-memory_region_add_subregion(&s->container, SRAM_BASE, &s->sram);
+memory_region_add_subregion(&s->container, NRF51_SRAM_BASE, &s->sram);
 
 /* UART */
 object_property_set_bool(OBJECT(&s->uart), true, "realized", &err);
@@ -92,15 +81,17 @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error 
**errp)
 return;
 }
 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->uart), 0);
-memory_region_add_subregion_overlap(&s->container, UART_BASE, mr, 0);
+memory_region_add_subregion_overlap(&s->container, NRF51_UART_BASE, mr, 0);
 sysbus_connect_irq(SYS_BUS_DEVICE(&s->uart), 0,
qdev_get_gpio_in(DEVICE(&s->cpu),
-   BASE_TO_IRQ(UART_BASE)));
+   BASE_TO_IRQ(NRF51_UART_BASE)));
 
-create_unimplemented_device("nrf51_soc.io", IOMEM_BASE, IOMEM_SIZE);
-create_unimplemented_device("nrf51_soc.ficr", FICR_BASE, FICR_SIZE);
+create_unimplemented_device("nrf51_soc.io", NRF51_IOMEM_BASE,
+NRF51_IOMEM_SIZE);
+create_unimplemented_device("nrf51_soc.ficr", NRF51_FICR_BASE,
+NRF51_FICR_SIZE);
 create_unimplemented_device("nrf51_soc.private",
-PRIVATE_BASE, PRIVATE_SIZE);
+NRF51_PRIVATE_BASE, NRF51_PRIVATE_SIZE);
 }
 
 static void nrf51_soc_init(Object *obj)
diff --git a/include/hw/arm/nrf51.h b/include/hw/arm/nrf51.h
new file mode 100644
index 00..175bb6c301
--- /dev/null
+++ b/include/hw/arm/nrf51.h
@@ -0,0 +1,45 @@
+/*
+ * Nordic Semiconductor nRF51 Series SOC Common Defines
+ *
+ * This file hosts generic defines used in various nRF51 peripheral devices.
+ *
+ * Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf
+ * Product Spec: http://infocenter.nordicsemi.com/pdf/nRF51822_PS_v3.1.pdf
+ *
+ * Copyright 2018 Steffen Görtz 
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#ifndef NRF51_H
+#define NRF51_H
+
+#define NRF51_FLASH_BASE  0x
+#define NRF51_FICR_BASE   0x1000
+#define NRF51_FICR_SIZE   0x0100
+#define NRF51_UICR_BASE   0x10001000
+#define NRF51_SRAM_BASE   0x2000
+
+#define NRF51_IOMEM_BASE  0x4000
+#define NRF51_IOMEM_SIZE  0x2000
+
+#define NRF51_UART_BASE   0x40002000
+#define NRF51_TIMER_BASE  0x40008000
+#define NRF51_TIMER_SIZE  0x1000
+#define NRF51_RNG_BASE0x4000D000
+#define NRF51_NVMC_BASE   0x4001E000
+#define NRF51_GPIO_BASE   0x5000
+
+#define NRF51_PRIVATE_BASE0xF000
+#define NRF51_PRIVATE_SIZE0x1000
+
+#define NRF51_PAGE_SIZE   1024
+
+/* Trigger */
+#define NRF51_TRIGGER_TASK 0x01
+
+/* Events */
+#define NRF51_EVENT_CLEAR  0x00
+
+#endif
diff --git a/include/hw/char/nrf51_uart.h b/include/hw/char/nrf51_uart.h
index e3ecb7c81c..eb1c15b490 100644
--- a/include/hw/char/nrf51_uart.h
+++ b/include/hw/char/nrf51_uart.h
@@ -16,7 +16,6 @@
 #include "hw/registerfields.h"
 
 #define UART_FIFO_LENGTH 6
-#define UART_BASE 0x40002000
 #de

[Qemu-devel] [PATCH v4 09/13] arm: Instantiate NRF51 general purpose I/O

[Steffen Görtz]

Instantiates GPIO peripheral model

Signed-off-by: Steffen Görtz 
Reviewed-by: Stefan Hajnoczi 
---
 hw/arm/nrf51_soc.c | 16 
 include/hw/arm/nrf51_soc.h |  2 ++
 2 files changed, 18 insertions(+)

diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c
index d11bb2b99f..2c4e80892b 100644
--- a/hw/arm/nrf51_soc.c
+++ b/hw/arm/nrf51_soc.c
@@ -128,6 +128,19 @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error 
**errp)
 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->nvm), 2);
 memory_region_add_subregion_overlap(&s->container, NRF51_UICR_BASE, mr, 0);
 
+/* GPIO */
+object_property_set_bool(OBJECT(&s->gpio), true, "realized", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->gpio), 0);
+memory_region_add_subregion_overlap(&s->container, NRF51_GPIO_BASE, mr, 0);
+
+/* Pass all GPIOs to the SOC layer so they are available to the board */
+qdev_pass_gpios(DEVICE(&s->gpio), dev_soc, NULL);
+
 
 create_unimplemented_device("nrf51_soc.io", NRF51_IOMEM_BASE,
 NRF51_IOMEM_SIZE);
@@ -157,6 +170,9 @@ static void nrf51_soc_init(Object *obj)
 
 sysbus_init_child_obj(obj, "nvm", &s->nvm, sizeof(s->nvm), TYPE_NRF51_NVM);
 
+sysbus_init_child_obj(obj, "gpio", &s->gpio, sizeof(s->gpio),
+  TYPE_NRF51_GPIO);
+
 }
 
 static Property nrf51_soc_properties[] = {
diff --git a/include/hw/arm/nrf51_soc.h b/include/hw/arm/nrf51_soc.h
index c3f4d5bcdc..d4a48ccf91 100644
--- a/include/hw/arm/nrf51_soc.h
+++ b/include/hw/arm/nrf51_soc.h
@@ -15,6 +15,7 @@
 #include "hw/char/nrf51_uart.h"
 #include "hw/misc/nrf51_rng.h"
 #include "hw/nvram/nrf51_nvm.h"
+#include "hw/gpio/nrf51_gpio.h"
 
 #define TYPE_NRF51_SOC "nrf51-soc"
 #define NRF51_SOC(obj) \
@@ -30,6 +31,7 @@ typedef struct NRF51State {
 NRF51UARTState uart;
 NRF51RNGState rng;
 NRF51NVMState nvm;
+NRF51GPIOState gpio;
 
 MemoryRegion iomem;
 MemoryRegion sram;
-- 
2.19.1

[Qemu-devel] [PATCH v4 10/13] tests/microbit-test: Add Tests for nRF51 GPIO

[Steffen Görtz]

The test suite for the nRF51 GPIO peripheral for now
only tests initial state. Additionally a set of
tests testing an implementation detail of the model
are included.

Signed-off-by: Steffen Görtz 
Reviewed-by: Stefan Hajnoczi 
---
 tests/microbit-test.c | 137 --
 1 file changed, 131 insertions(+), 6 deletions(-)

diff --git a/tests/microbit-test.c b/tests/microbit-test.c
index 743f831466..acdb9d1c02 100644
--- a/tests/microbit-test.c
+++ b/tests/microbit-test.c
@@ -20,14 +20,17 @@
 
 #include "hw/arm/nrf51.h"
 #include "hw/nvram/nrf51_nvm.h"
+#include "hw/gpio/nrf51_gpio.h"
 
 #define FLASH_SIZE  (256 * NRF51_PAGE_SIZE)
 
 static void fill_and_erase(hwaddr base, hwaddr size, uint32_t address_reg)
 {
+uint64_t i;
+
 /* Fill memory */
 writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x01);
-for (hwaddr i = 0; i < size; i++) {
+for (i = 0; i < size; i++) {
 writeb(base + i, i);
 g_assert_cmpuint(readb(base + i), ==, i & 0xFF);
 }
@@ -39,7 +42,7 @@ static void fill_and_erase(hwaddr base, hwaddr size, uint32_t 
address_reg)
 writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00);
 
 /* Check memory */
-for (hwaddr i = 0; i < size; i++) {
+for (i = 0; i < size; i++) {
 g_assert_cmpuint(readb(base + i), ==, 0xFF);
 }
 }
@@ -47,6 +50,7 @@ static void fill_and_erase(hwaddr base, hwaddr size, uint32_t 
address_reg)
 static void test_nrf51_nvmc(void)
 {
 uint32_t value;
+uint64_t i;
 /* Test always ready */
 value = readl(NRF51_NVMC_BASE + NRF51_NVMC_READY);
 g_assert_cmpuint(value & 0x01, ==, 0x01);
@@ -69,7 +73,7 @@ static void test_nrf51_nvmc(void)
 
 /* Erase all */
 writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x01);
-for (hwaddr i = 0; i < FLASH_SIZE / 4; i++) {
+for (i = 0; i < FLASH_SIZE / 4; i++) {
 writel(NRF51_FLASH_BASE + i * 4, i);
 g_assert_cmpuint(readl(NRF51_FLASH_BASE + i * 4), ==, i);
 }
@@ -79,13 +83,13 @@ static void test_nrf51_nvmc(void)
 writel(NRF51_NVMC_BASE + NRF51_NVMC_ERASEALL, 0x01);
 writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00);
 
-for (hwaddr i = 0; i < FLASH_SIZE / 4; i++) {
+for (i = 0; i < FLASH_SIZE / 4; i++) {
 g_assert_cmpuint(readl(NRF51_FLASH_BASE + i * 4), ==, 0x);
 }
 
 /* Erase UICR */
 writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x01);
-for (hwaddr i = 0; i < NRF51_UICR_SIZE / 4; i++) {
+for (i = 0; i < NRF51_UICR_SIZE / 4; i++) {
 writel(NRF51_UICR_BASE + i * 4, i);
 g_assert_cmpuint(readl(NRF51_UICR_BASE + i * 4), ==, i);
 }
@@ -95,11 +99,131 @@ static void test_nrf51_nvmc(void)
 writel(NRF51_NVMC_BASE + NRF51_NVMC_ERASEUICR, 0x01);
 writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00);
 
-for (hwaddr i = 0; i < NRF51_UICR_SIZE / 4; i++) {
+for (i = 0; i < NRF51_UICR_SIZE / 4; i++) {
 g_assert_cmpuint(readl(NRF51_UICR_BASE + i * 4), ==, 0x);
 }
 }
 
+static void test_nrf51_gpio(void)
+{
+size_t i;
+uint32_t actual, expected;
+
+struct {
+hwaddr addr;
+uint32_t expected;
+} reset_state[] = {
+{NRF51_GPIO_REG_OUT, 0x}, {NRF51_GPIO_REG_OUTSET, 0x},
+{NRF51_GPIO_REG_OUTCLR, 0x}, {NRF51_GPIO_REG_IN, 0x},
+{NRF51_GPIO_REG_DIR, 0x}, {NRF51_GPIO_REG_DIRSET, 0x},
+{NRF51_GPIO_REG_DIRCLR, 0x}
+};
+
+/* Check reset state */
+for (i = 0; i < ARRAY_SIZE(reset_state); i++) {
+expected = reset_state[i].expected;
+actual = readl(NRF51_GPIO_BASE + reset_state[i].addr);
+g_assert_cmpuint(actual, ==, expected);
+}
+
+for (i = 0; i < NRF51_GPIO_PINS; i++) {
+expected = 0x0002;
+actual = readl(NRF51_GPIO_BASE + NRF51_GPIO_REG_CNF_START + i * 4);
+g_assert_cmpuint(actual, ==, expected);
+}
+
+/* Check dir bit consistency between dir and cnf */
+/* Check set via DIRSET */
+expected = 0x8001;
+writel(NRF51_GPIO_BASE + NRF51_GPIO_REG_DIRSET, expected);
+actual = readl(NRF51_GPIO_BASE + NRF51_GPIO_REG_DIR);
+g_assert_cmpuint(actual, ==, expected);
+actual = readl(NRF51_GPIO_BASE + NRF51_GPIO_REG_CNF_START) & 0x01;
+g_assert_cmpuint(actual, ==, 0x01);
+actual = readl(NRF51_GPIO_BASE + NRF51_GPIO_REG_CNF_END) & 0x01;
+g_assert_cmpuint(actual, ==, 0x01);
+
+/* Check clear via DIRCLR */
+writel(NRF51_GPIO_BASE + NRF51_GPIO_REG_DIRCLR, 0x8001);
+actual = readl(NRF51_GPIO_BASE + NRF51_GPIO_REG_DIR);
+g_assert_cmpuint(actual, ==, 0x);
+actual = readl(NRF51_GPIO_BASE + NRF51_GPIO_REG_CNF_START) & 0x01;
+g_assert_cmpuint(actual, ==, 0x00);
+actual = readl(NRF51_GPIO_BASE + NRF51_GPIO_REG_CNF_END) & 0x01;
+g_assert_cmpuint(actual, ==, 0x00);
+
+/* Check set via DIR */
+expected = 0x8001;
+writel(NRF51_GPIO_BASE + NRF51_GPIO_REG_DIR, expected);
+  

[Qemu-devel] [PATCH v4 06/13] arm: Instantiate NRF51 special NVM's and NVMC

[Steffen Görtz]

Instantiates UICR, FICR and NVMC in nRF51 SOC.

Signed-off-by: Steffen Görtz 
Reviewed-by: Stefan Hajnoczi 
---
 hw/arm/nrf51_soc.c | 37 ++---
 include/hw/arm/nrf51_soc.h |  2 ++
 2 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c
index d2a19b8ead..d11bb2b99f 100644
--- a/hw/arm/nrf51_soc.c
+++ b/hw/arm/nrf51_soc.c
@@ -29,7 +29,8 @@
  * are supported in the future, add a sub-class of NRF51SoC for
  * the specific variants
  */
-#define NRF51822_FLASH_SIZE (256 * NRF51_PAGE_SIZE)
+#define NRF51822_FLASH_PAGES256
+#define NRF51822_FLASH_SIZE (NRF51822_FLASH_PAGES * NRF51_PAGE_SIZE)
 #define NRF51822_SRAM_SIZE  (16 * NRF51_PAGE_SIZE)
 
 #define BASE_TO_IRQ(base) ((base >> 12) & 0x1F)
@@ -99,10 +100,37 @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error 
**errp)
qdev_get_gpio_in(DEVICE(&s->cpu),
BASE_TO_IRQ(NRF51_RNG_BASE)));
 
+/* UICR, FICR, NVMC */
+object_property_set_link(OBJECT(&s->nvm), OBJECT(&s->container), "memory",
+ &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+object_property_set_uint(OBJECT(&s->nvm), NRF51822_FLASH_PAGES, 
"code-size",
+ &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+object_property_set_bool(OBJECT(&s->nvm), true, "realized", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->nvm), 0);
+memory_region_add_subregion_overlap(&s->container, NRF51_NVMC_BASE, mr, 0);
+mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->nvm), 1);
+memory_region_add_subregion_overlap(&s->container, NRF51_FICR_BASE, mr, 0);
+mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->nvm), 2);
+memory_region_add_subregion_overlap(&s->container, NRF51_UICR_BASE, mr, 0);
+
+
 create_unimplemented_device("nrf51_soc.io", NRF51_IOMEM_BASE,
 NRF51_IOMEM_SIZE);
-create_unimplemented_device("nrf51_soc.ficr", NRF51_FICR_BASE,
-NRF51_FICR_SIZE);
 create_unimplemented_device("nrf51_soc.private",
 NRF51_PRIVATE_BASE, NRF51_PRIVATE_SIZE);
 }
@@ -126,6 +154,9 @@ static void nrf51_soc_init(Object *obj)
 
 sysbus_init_child_obj(obj, "rng", &s->rng, sizeof(s->rng),
TYPE_NRF51_RNG);
+
+sysbus_init_child_obj(obj, "nvm", &s->nvm, sizeof(s->nvm), TYPE_NRF51_NVM);
+
 }
 
 static Property nrf51_soc_properties[] = {
diff --git a/include/hw/arm/nrf51_soc.h b/include/hw/arm/nrf51_soc.h
index 9e3ba916bd..c3f4d5bcdc 100644
--- a/include/hw/arm/nrf51_soc.h
+++ b/include/hw/arm/nrf51_soc.h
@@ -14,6 +14,7 @@
 #include "hw/arm/armv7m.h"
 #include "hw/char/nrf51_uart.h"
 #include "hw/misc/nrf51_rng.h"
+#include "hw/nvram/nrf51_nvm.h"
 
 #define TYPE_NRF51_SOC "nrf51-soc"
 #define NRF51_SOC(obj) \
@@ -28,6 +29,7 @@ typedef struct NRF51State {
 
 NRF51UARTState uart;
 NRF51RNGState rng;
+NRF51NVMState nvm;
 
 MemoryRegion iomem;
 MemoryRegion sram;
-- 
2.19.1

[Qemu-devel] [PATCH v4 08/13] hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral

[Steffen Görtz]

This adds a model of the nRF51 GPIO peripheral.

Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf

The nRF51 series microcontrollers support up to 32 GPIO pins in various 
configurations.
The pins can be used as input pins with pull-ups or pull-down.
Furthermore, three different output driver modes per level are
available (disconnected, standard, high-current).

The GPIO-Peripheral has a mechanism for detecting level changes which is
not featured in this model.

Signed-off-by: Steffen Görtz 
Reviewed-by: Stefan Hajnoczi 
---
 Makefile.objs|   1 +
 hw/gpio/Makefile.objs|   1 +
 hw/gpio/nrf51_gpio.c | 300 +++
 hw/gpio/trace-events |   7 +
 include/hw/gpio/nrf51_gpio.h |  69 
 5 files changed, 378 insertions(+)
 create mode 100644 hw/gpio/nrf51_gpio.c
 create mode 100644 hw/gpio/trace-events
 create mode 100644 include/hw/gpio/nrf51_gpio.h

diff --git a/Makefile.objs b/Makefile.objs
index 1e1ff387d7..fbc3bad1e1 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -243,6 +243,7 @@ trace-events-subdirs += hw/vfio
 trace-events-subdirs += hw/virtio
 trace-events-subdirs += hw/watchdog
 trace-events-subdirs += hw/xen
+trace-events-subdirs += hw/gpio
 trace-events-subdirs += io
 trace-events-subdirs += linux-user
 trace-events-subdirs += migration
diff --git a/hw/gpio/Makefile.objs b/hw/gpio/Makefile.objs
index fa0a72e6d0..e5da0cb54f 100644
--- a/hw/gpio/Makefile.objs
+++ b/hw/gpio/Makefile.objs
@@ -8,3 +8,4 @@ common-obj-$(CONFIG_GPIO_KEY) += gpio_key.o
 obj-$(CONFIG_OMAP) += omap_gpio.o
 obj-$(CONFIG_IMX) += imx_gpio.o
 obj-$(CONFIG_RASPI) += bcm2835_gpio.o
+obj-$(CONFIG_NRF51_SOC) += nrf51_gpio.o
diff --git a/hw/gpio/nrf51_gpio.c b/hw/gpio/nrf51_gpio.c
new file mode 100644
index 00..0a378e03ab
--- /dev/null
+++ b/hw/gpio/nrf51_gpio.c
@@ -0,0 +1,300 @@
+/*
+ * nRF51 System-on-Chip general purpose input/output register definition
+ *
+ * Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf
+ * Product Spec: http://infocenter.nordicsemi.com/pdf/nRF51822_PS_v3.1.pdf
+ *
+ * Copyright 2018 Steffen Görtz 
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "hw/gpio/nrf51_gpio.h"
+#include "trace.h"
+
+/*
+ * Check if the output driver is connected to the direction switch
+ * given the current configuration and logic level.
+ * It is not differentiated between standard and "high"(-power) drive modes.
+ */
+static bool is_connected(uint32_t config, uint32_t level)
+{
+bool state;
+uint32_t drive_config = extract32(config, 8, 3);
+
+switch (drive_config) {
+case 0 ... 3:
+state = true;
+break;
+case 4 ... 5:
+state = level != 0;
+break;
+case 6 ... 7:
+state = level == 0;
+break;
+default:
+/* Some compilers can not infer the value range of extract32(.., 3) */
+state = false;
+break;
+}
+
+return state;
+}
+
+static void update_output_irq(NRF51GPIOState *s, size_t i,
+  bool connected, bool level)
+{
+int64_t irq_level = connected ? level : -1;
+bool old_connected = extract32(s->old_out_connected, i, 1);
+bool old_level = extract32(s->old_out, i, 1);
+
+if ((old_connected != connected) || (old_level != level)) {
+qemu_set_irq(s->output[i], irq_level);
+trace_nrf51_gpio_update_output_irq(i, irq_level);
+}
+
+s->old_out = deposit32(s->old_out, i, 1, level);
+s->old_out_connected = deposit32(s->old_out_connected, i, 1, connected);
+}
+
+static void update_state(NRF51GPIOState *s)
+{
+uint32_t pull;
+size_t i;
+bool connected_out, dir, connected_in, out, input;
+
+for (i = 0; i < NRF51_GPIO_PINS; i++) {
+pull = extract32(s->cnf[i], 2, 2);
+dir = extract32(s->cnf[i], 0, 1);
+connected_in = extract32(s->in_mask, i, 1);
+out = extract32(s->out, i, 1);
+input = !extract32(s->cnf[i], 1, 1);
+connected_out = is_connected(s->cnf[i], out) && dir;
+
+update_output_irq(s, i, connected_out, out);
+
+/* Pin both driven externally and internally */
+if (connected_out && connected_in) {
+qemu_log_mask(LOG_GUEST_ERROR, "GPIO pin %zu short circuited\n", 
i);
+}
+
+/*
+ * Input buffer disconnected from internal/external drives, so
+ * pull-up/pull-down becomes relevant
+ */
+if (!input || (input && !connected_in && !connected_out)) {
+if (pull == NRF51_GPIO_PULLDOWN) {
+s->in = deposit32(s->in, i, 1, 0);
+} else if (pull == NRF51_GPIO_PULLUP) {
+s->in = deposit32(s->in, i, 1, 1);
+}
+}
+
+/* Self stimulation through internal output driver */
+if (connected_out && !connected

[Qemu-devel] [PATCH v4 07/13] tests: Add bbc:microbit / nRF51 test suite

[Steffen Görtz]

The microbit-test includes tests for the nRF51 NVMC
peripheral and will host future nRF51 peripheral tests
and board-level bbc:microbit tests.

Signed-off-by: Steffen Görtz 
Reviewed-by: Stefan Hajnoczi 
---
 tests/Makefile.include |   2 +
 tests/microbit-test.c  | 117 +
 2 files changed, 119 insertions(+)
 create mode 100644 tests/microbit-test.c

diff --git a/tests/Makefile.include b/tests/Makefile.include
index f77a495109..602346eeed 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -274,6 +274,7 @@ check-qtest-sparc64-y += tests/boot-serial-test$(EXESUF)
 check-qtest-arm-y += tests/tmp105-test$(EXESUF)
 check-qtest-arm-y += tests/pca9552-test$(EXESUF)
 check-qtest-arm-y += tests/ds1338-test$(EXESUF)
+check-qtest-arm-y += tests/microbit-test$(EXESUF)
 check-qtest-arm-y += tests/m25p80-test$(EXESUF)
 check-qtest-arm-y += tests/virtio-blk-test$(EXESUF)
 check-qtest-arm-y += tests/test-arm-mptimer$(EXESUF)
@@ -695,6 +696,7 @@ tests/pxe-test$(EXESUF): tests/pxe-test.o 
tests/boot-sector.o $(libqos-obj-y)
 tests/tmp105-test$(EXESUF): tests/tmp105-test.o $(libqos-omap-obj-y)
 tests/pca9552-test$(EXESUF): tests/pca9552-test.o $(libqos-omap-obj-y)
 tests/ds1338-test$(EXESUF): tests/ds1338-test.o $(libqos-imx-obj-y)
+tests/microbit-test$(EXESUF): tests/microbit-test.o
 tests/m25p80-test$(EXESUF): tests/m25p80-test.o
 tests/i440fx-test$(EXESUF): tests/i440fx-test.o $(libqos-pc-obj-y)
 tests/q35-test$(EXESUF): tests/q35-test.o $(libqos-pc-obj-y)
diff --git a/tests/microbit-test.c b/tests/microbit-test.c
new file mode 100644
index 00..743f831466
--- /dev/null
+++ b/tests/microbit-test.c
@@ -0,0 +1,117 @@
+ /*
+ * QTest testcase for Microbit board using the Nordic Semiconductor nRF51 SoC.
+ *
+ * nRF51:
+ * Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf
+ * Product Spec: http://infocenter.nordicsemi.com/pdf/nRF51822_PS_v3.1.pdf
+ *
+ * Microbit Board: http://microbit.org/
+ *
+ * Copyright 2018 Steffen Görtz 
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+
+#include "qemu/osdep.h"
+#include "exec/hwaddr.h"
+#include "libqtest.h"
+
+#include "hw/arm/nrf51.h"
+#include "hw/nvram/nrf51_nvm.h"
+
+#define FLASH_SIZE  (256 * NRF51_PAGE_SIZE)
+
+static void fill_and_erase(hwaddr base, hwaddr size, uint32_t address_reg)
+{
+/* Fill memory */
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x01);
+for (hwaddr i = 0; i < size; i++) {
+writeb(base + i, i);
+g_assert_cmpuint(readb(base + i), ==, i & 0xFF);
+}
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00);
+
+/* Erase Page */
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x02);
+writel(NRF51_NVMC_BASE + address_reg, base);
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00);
+
+/* Check memory */
+for (hwaddr i = 0; i < size; i++) {
+g_assert_cmpuint(readb(base + i), ==, 0xFF);
+}
+}
+
+static void test_nrf51_nvmc(void)
+{
+uint32_t value;
+/* Test always ready */
+value = readl(NRF51_NVMC_BASE + NRF51_NVMC_READY);
+g_assert_cmpuint(value & 0x01, ==, 0x01);
+
+/* Test write-read config register */
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x03);
+g_assert_cmpuint(readl(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG), ==, 0x03);
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00);
+g_assert_cmpuint(readl(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG), ==, 0x00);
+
+/* Test PCR0 */
+fill_and_erase(NRF51_FLASH_BASE, NRF51_PAGE_SIZE, NRF51_NVMC_ERASEPCR0);
+fill_and_erase(NRF51_FLASH_BASE + NRF51_PAGE_SIZE,
+   NRF51_PAGE_SIZE, NRF51_NVMC_ERASEPCR0);
+
+/* Test PCR1 */
+fill_and_erase(NRF51_FLASH_BASE, NRF51_PAGE_SIZE, NRF51_NVMC_ERASEPCR1);
+fill_and_erase(NRF51_FLASH_BASE + NRF51_PAGE_SIZE,
+   NRF51_PAGE_SIZE, NRF51_NVMC_ERASEPCR1);
+
+/* Erase all */
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x01);
+for (hwaddr i = 0; i < FLASH_SIZE / 4; i++) {
+writel(NRF51_FLASH_BASE + i * 4, i);
+g_assert_cmpuint(readl(NRF51_FLASH_BASE + i * 4), ==, i);
+}
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00);
+
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x02);
+writel(NRF51_NVMC_BASE + NRF51_NVMC_ERASEALL, 0x01);
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00);
+
+for (hwaddr i = 0; i < FLASH_SIZE / 4; i++) {
+g_assert_cmpuint(readl(NRF51_FLASH_BASE + i * 4), ==, 0x);
+}
+
+/* Erase UICR */
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x01);
+for (hwaddr i = 0; i < NRF51_UICR_SIZE / 4; i++) {
+writel(NRF51_UICR_BASE + i * 4, i);
+g_assert_cmpuint(readl(NRF51_UICR_BASE + i * 4), ==, i);
+}
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00);
+
+writel(NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x02);
+writel(NRF51_NVMC_BASE + NRF51_NVMC_ERASEUICR, 0x01);
+wri

[Qemu-devel] [PATCH v4 13/13] arm: Add Clock peripheral stub to NRF51 SOC

[Steffen Görtz]

This stubs enables the microbit-micropython firmware to run
on the microbit machine.

Signed-off-by: Steffen Görtz 
Reviewed-by: Stefan Hajnoczi 
---
 hw/arm/nrf51_soc.c | 27 +++
 include/hw/arm/nrf51_soc.h |  1 +
 2 files changed, 28 insertions(+)

diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c
index 36dac03896..ce8c61ae69 100644
--- a/hw/arm/nrf51_soc.c
+++ b/hw/arm/nrf51_soc.c
@@ -35,6 +35,26 @@
 
 #define BASE_TO_IRQ(base) ((base >> 12) & 0x1F)
 
+static uint64_t clock_read(void *opaque, hwaddr addr, unsigned int size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " [%u]\n",
+  __func__, addr, size);
+return 1;
+}
+
+static void clock_write(void *opaque, hwaddr addr, uint64_t data,
+unsigned int size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " <- 0x%" PRIx64 " [%u]\n",
+  __func__, addr, data, size);
+}
+
+static const MemoryRegionOps clock_ops = {
+.read = clock_read,
+.write = clock_write
+};
+
+
 static void nrf51_soc_realize(DeviceState *dev_soc, Error **errp)
 {
 NRF51State *s = NRF51_SOC(dev_soc);
@@ -159,6 +179,13 @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error 
**errp)
 BASE_TO_IRQ(base_addr)));
 }
 
+/* STUB Peripherals */
+memory_region_init_io(&s->clock, NULL, &clock_ops, NULL,
+  "nrf51_soc.clock", 0x1000);
+memory_region_add_subregion_overlap(&s->container,
+NRF51_IOMEM_BASE, &s->clock, -1);
+
+
 
 create_unimplemented_device("nrf51_soc.io", NRF51_IOMEM_BASE,
 NRF51_IOMEM_SIZE);
diff --git a/include/hw/arm/nrf51_soc.h b/include/hw/arm/nrf51_soc.h
index 89525dcb39..4610d0c7ae 100644
--- a/include/hw/arm/nrf51_soc.h
+++ b/include/hw/arm/nrf51_soc.h
@@ -40,6 +40,7 @@ typedef struct NRF51State {
 MemoryRegion iomem;
 MemoryRegion sram;
 MemoryRegion flash;
+MemoryRegion clock;
 
 uint32_t sram_size;
 uint32_t flash_size;
-- 
2.19.1

[Qemu-devel] [PATCH v4 01/13] qtest: Add set_irq_in command to set IRQ/GPIO level

[Steffen Görtz]

Adds a new qtest command "set_irq_in" which allows
to set qemu gpio lines to a given level.

Based on https://lists.gnu.org/archive/html/qemu-devel/2012-12/msg02363.html
which never got merged.

Signed-off-by: Steffen Görtz 
Originally-by: Matthew Ogilvie 
Reviewed-by: Stefan Hajnoczi 
---
 qtest.c  | 43 +++
 tests/libqtest.c | 10 ++
 tests/libqtest.h | 28 
 3 files changed, 81 insertions(+)

diff --git a/qtest.c b/qtest.c
index 69b9e9962b..451696b5da 100644
--- a/qtest.c
+++ b/qtest.c
@@ -164,6 +164,17 @@ static bool qtest_opened;
  * where NUM is an IRQ number.  For the PC, interrupts can be intercepted
  * simply with "irq_intercept_in ioapic" (note that IRQ0 comes out with
  * NUM=0 even though it is remapped to GSI 2).
+ *
+ * Setting interrupt level:
+ *
+ *  > set_irq_in QOM-PATH NAME NUM LEVEL
+ *  < OK
+ *
+ *  where NAME is the name of the irq/gpio list, NUM is an IRQ number and
+ *  LEVEL is an signed integer IRQ level.
+ *
+ * Forcibly set the given interrupt pin to the given level.
+ *
  */
 
 static int hex2nib(char ch)
@@ -326,7 +337,39 @@ static void qtest_process_command(CharBackend *chr, gchar 
**words)
 irq_intercept_dev = dev;
 qtest_send_prefix(chr);
 qtest_send(chr, "OK\n");
+} else if (strcmp(words[0], "set_irq_in") == 0) {
+DeviceState *dev;
+qemu_irq irq;
+char *name;
+int ret;
+int num;
+int level;
 
+g_assert(words[1] && words[2] && words[3] && words[4]);
+
+dev = DEVICE(object_resolve_path(words[1], NULL));
+if (!dev) {
+qtest_send_prefix(chr);
+qtest_send(chr, "FAIL Unknown device\n");
+return;
+}
+
+if (strcmp(words[2], "unnamed-gpio-in") == 0) {
+name = NULL;
+} else {
+name = words[2];
+}
+
+ret = qemu_strtoi(words[3], NULL, 0, &num);
+g_assert(!ret);
+ret = qemu_strtoi(words[4], NULL, 0, &level);
+g_assert(!ret);
+
+irq = qdev_get_gpio_in_named(dev, name, num);
+
+qemu_set_irq(irq, level);
+qtest_send_prefix(chr);
+qtest_send(chr, "OK\n");
 } else if (strcmp(words[0], "outb") == 0 ||
strcmp(words[0], "outw") == 0 ||
strcmp(words[0], "outl") == 0) {
diff --git a/tests/libqtest.c b/tests/libqtest.c
index 44ce118cfc..1cbde0d91a 100644
--- a/tests/libqtest.c
+++ b/tests/libqtest.c
@@ -732,6 +732,16 @@ void qtest_irq_intercept_in(QTestState *s, const char 
*qom_path)
 qtest_rsp(s, 0);
 }
 
+void qtest_set_irq_in(QTestState *s, const char *qom_path, const char *name,
+  int num, int level)
+{
+if (!name) {
+name = "unnamed-gpio-in";
+}
+qtest_sendf(s, "set_irq_in %s %s %d %d\n", qom_path, name, num, level);
+qtest_rsp(s, 0);
+}
+
 static void qtest_out(QTestState *s, const char *cmd, uint16_t addr, uint32_t 
value)
 {
 qtest_sendf(s, "%s 0x%x 0x%x\n", cmd, addr, value);
diff --git a/tests/libqtest.h b/tests/libqtest.h
index ed88ff99d5..65bffa9ace 100644
--- a/tests/libqtest.h
+++ b/tests/libqtest.h
@@ -232,6 +232,19 @@ void qtest_irq_intercept_in(QTestState *s, const char 
*string);
  */
 void qtest_irq_intercept_out(QTestState *s, const char *string);
 
+/**
+ * qtest_set_irq_in:
+ * @s: QTestState instance to operate on.
+ * @string: QOM path of a device
+ * @name: IRQ name
+ * @irq: IRQ number
+ * @level: IRQ level
+ *
+ * Force given device/irq GPIO-in pin to the given level.
+ */
+void qtest_set_irq_in(QTestState *s, const char *string, const char *name,
+  int irq, int level);
+
 /**
  * qtest_outb:
  * @s: #QTestState instance to operate on.
@@ -678,6 +691,21 @@ static inline void irq_intercept_out(const char *string)
 qtest_irq_intercept_out(global_qtest, string);
 }
 
+/**
+ * qtest_set_irq_in:
+ * @string: QOM path of a device
+ * @name: IRQ name
+ * @irq: IRQ number
+ * @level: IRQ level
+ *
+ * Force given device/IRQ GPIO-in pin to the given level.
+ */
+static inline void set_irq_in(const char *string, const char *name,
+  int irq, int level)
+{
+qtest_set_irq_in(global_qtest, string, name, irq, level);
+}
+
 /**
  * outb:
  * @addr: I/O port to write to.
-- 
2.19.1

[Qemu-devel] [PATCH v4 05/13] hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories

[Steffen Görtz]

The nRF51 contains three regions of non-volatile memory (NVM):
- CODE (R/W): contains code
- FICR (R): Factory information like code size, chip id etc.
- UICR (R/W): Changeable configuration data. Lock bits, Code
  protection configuration, Bootloader address, Nordic SoftRadio
  configuration, Firmware configuration.

Read and write access to the memories is managed by the
Non-volatile memory controller.

Memory schema:
 [ CPU ] -+- [ NVM, either FICR, UICR or CODE ]
  |  |
  \- [ NVMC ]

Signed-off-by: Steffen Görtz 
---
 hw/nvram/Makefile.objs   |   1 +
 hw/nvram/nrf51_nvm.c | 333 +++
 include/hw/nvram/nrf51_nvm.h |  70 
 3 files changed, 404 insertions(+)
 create mode 100644 hw/nvram/nrf51_nvm.c
 create mode 100644 include/hw/nvram/nrf51_nvm.h

diff --git a/hw/nvram/Makefile.objs b/hw/nvram/Makefile.objs
index a912d25391..3f978e6212 100644
--- a/hw/nvram/Makefile.objs
+++ b/hw/nvram/Makefile.objs
@@ -5,3 +5,4 @@ common-obj-y += fw_cfg.o
 common-obj-y += chrp_nvram.o
 common-obj-$(CONFIG_MAC_NVRAM) += mac_nvram.o
 obj-$(CONFIG_PSERIES) += spapr_nvram.o
+obj-$(CONFIG_NRF51_SOC) += nrf51_nvm.o
diff --git a/hw/nvram/nrf51_nvm.c b/hw/nvram/nrf51_nvm.c
new file mode 100644
index 00..094f7c6f7d
--- /dev/null
+++ b/hw/nvram/nrf51_nvm.c
@@ -0,0 +1,333 @@
+/*
+ * Nordic Semiconductor nRF51 non-volatile memory
+ *
+ * It provides an interface to erase regions in flash memory.
+ * Furthermore it provides the user and factory information registers.
+ *
+ * Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf
+ *
+ * See nRF51 reference manual and product sheet sections:
+ * + Non-Volatile Memory Controller (NVMC)
+ * + Factory Information Configuration Registers (FICR)
+ * + User Information Configuration Registers (UICR)
+ *
+ * Copyright 2018 Steffen Görtz 
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu/log.h"
+#include "exec/address-spaces.h"
+#include "hw/arm/nrf51.h"
+#include "hw/nvram/nrf51_nvm.h"
+
+/* FICR Registers Assignments
+ * CODEPAGESIZE  0x010
+ * CODESIZE  0x014
+ * CLENR00x028
+ * PPFC  0x02C
+ * NUMRAMBLOCK   0x034
+ * SIZERAMBLOCKS 0x038
+ * SIZERAMBLOCK[0]   0x038
+ * SIZERAMBLOCK[1]   0x03C
+ * SIZERAMBLOCK[2]   0x040
+ * SIZERAMBLOCK[3]   0x044
+ * CONFIGID  0x05C
+ * DEVICEID[0]   0x060
+ * DEVICEID[1]   0x064
+ * ER[0] 0x080
+ * ER[1] 0x084
+ * ER[2] 0x088
+ * ER[3] 0x08C
+ * IR[0] 0x090
+ * IR[1] 0x094
+ * IR[2] 0x098
+ * IR[3] 0x09C
+ * DEVICEADDRTYPE0x0A0
+ * DEVICEADDR[0] 0x0A4
+ * DEVICEADDR[1] 0x0A8
+ * OVERRIDEEN0x0AC
+ * NRF_1MBIT[0]  0x0B0
+ * NRF_1MBIT[1]  0x0B4
+ * NRF_1MBIT[2]  0x0B8
+ * NRF_1MBIT[3]  0x0BC
+ * NRF_1MBIT[4]  0x0C0
+ * BLE_1MBIT[0]  0x0EC
+ * BLE_1MBIT[1]  0x0F0
+ * BLE_1MBIT[2]  0x0F4
+ * BLE_1MBIT[3]  0x0F8
+ * BLE_1MBIT[4]  0x0FC
+ */
+static const uint32_t ficr_content[64] = {
+0x, 0x, 0x, 0x, 0x0400,
+0x0100, 0x, 0x, 0x0002, 0x2000,
+0x2000, 0x2000, 0x, 0x, 0x,
+0x, 0x, 0x, 0x, 0x,
+0x, 0x, 0x, 0x, 0x0003,
+0x12345678, 0x9ABCDEF1, 0x, 0x, 0x,
+0x, 0x, 0x, 0x, 0x,
+0x, 0x, 0x, 0x, 0x,
+0x, 0x, 0x, 0x, 0x,
+0x, 0x, 0x, 0x, 0x,
+0x, 0x, 0x, 0x, 0x,
+0x, 0x, 0x, 0x, 0x,
+0x, 0x, 0x, 0x
+};
+
+static uint64_t ficr_read(void *opaque, hwaddr offset, unsigned int size)
+{
+assert(offset <= sizeof(ficr_content));
+return ficr_content[offset / 4];
+}
+
+static void ficr_write(void *opaque, hwaddr offset, uint64_t value,
+unsigned int size)
+{
+/* Intentionally do nothing */
+}
+
+static const MemoryRegionOps ficr_ops = {
+.read = ficr_read,
+.write = ficr_write,
+.impl.min_access_size = 4,
+.impl.max_access_size = 4,
+.impl.unaligned = false,
+};
+
+/* UICR Registers Assignments
+ * CLENR0   0x000
+ * RBPCONF  0x004
+ * XTALFREQ 0x008
+ * FWID 0x010
+ * BOOTLOADERADDR   0x014
+ * NRFFW[0] 0x014
+ * NRFFW[1] 0x018
+ * NRFFW[2] 0x01C
+ * NRFFW[3] 0x020
+ * NRFFW[4] 0x024
+ * NRFFW[5] 0x028
+ * NRFFW[6] 0x02C
+ * NRFFW[7]

[Qemu-devel] [PATCH v4 04/13] arm: Instantiate NRF51 random number generator

[Steffen Görtz]

Use RNG in SOC.

Signed-off-by: Steffen Görtz 
Reviewed-by: Stefan Hajnoczi 
---
 hw/arm/nrf51_soc.c | 16 
 include/hw/arm/nrf51_soc.h |  2 ++
 2 files changed, 18 insertions(+)

diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c
index 55f8eaafcb..d2a19b8ead 100644
--- a/hw/arm/nrf51_soc.c
+++ b/hw/arm/nrf51_soc.c
@@ -86,6 +86,19 @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error 
**errp)
qdev_get_gpio_in(DEVICE(&s->cpu),
BASE_TO_IRQ(NRF51_UART_BASE)));
 
+/* RNG */
+object_property_set_bool(OBJECT(&s->rng), true, "realized", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->rng), 0);
+memory_region_add_subregion_overlap(&s->container, NRF51_RNG_BASE, mr, 0);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->rng), 0,
+   qdev_get_gpio_in(DEVICE(&s->cpu),
+   BASE_TO_IRQ(NRF51_RNG_BASE)));
+
 create_unimplemented_device("nrf51_soc.io", NRF51_IOMEM_BASE,
 NRF51_IOMEM_SIZE);
 create_unimplemented_device("nrf51_soc.ficr", NRF51_FICR_BASE,
@@ -110,6 +123,9 @@ static void nrf51_soc_init(Object *obj)
TYPE_NRF51_UART);
 object_property_add_alias(obj, "serial0", OBJECT(&s->uart), "chardev",
   &error_abort);
+
+sysbus_init_child_obj(obj, "rng", &s->rng, sizeof(s->rng),
+   TYPE_NRF51_RNG);
 }
 
 static Property nrf51_soc_properties[] = {
diff --git a/include/hw/arm/nrf51_soc.h b/include/hw/arm/nrf51_soc.h
index 73fc92e9a8..9e3ba916bd 100644
--- a/include/hw/arm/nrf51_soc.h
+++ b/include/hw/arm/nrf51_soc.h
@@ -13,6 +13,7 @@
 #include "hw/sysbus.h"
 #include "hw/arm/armv7m.h"
 #include "hw/char/nrf51_uart.h"
+#include "hw/misc/nrf51_rng.h"
 
 #define TYPE_NRF51_SOC "nrf51-soc"
 #define NRF51_SOC(obj) \
@@ -26,6 +27,7 @@ typedef struct NRF51State {
 ARMv7MState cpu;
 
 NRF51UARTState uart;
+NRF51RNGState rng;
 
 MemoryRegion iomem;
 MemoryRegion sram;
-- 
2.19.1

[Qemu-devel] [PATCH v4 00/13] arm: nRF51 Devices and Microbit Support

[Steffen Görtz]

This series contains additional peripheral devices for the nRF51822
microcontroller. 

Included devices:
- Random Number Generator
- Non-volatile Memories
- General purpose I/O
- Timer 
- Stub for clock peripheral

v4:
* Use int's instead of long's in set_irq_in, allow arbitrary base, fix 
documentation (Laurent)
* Do not clear UICR on reset (Stefan)
* Remove c99 style variable declaration (Peter)
* Default case for is_connected (Stefan)
* Timer retrigger after live migration (Stefan)
* Various small fixes (Stefan)

v3:
* Included device instantiation in this patch
* All devices use the common definitions provided by the header
* Removed obsolete comment from NVM header
* Device Struct names have consistent capitalisation

v2:
* Factored out common definitions to won header (Stefan)
* Add set_irq_in command to support tests for GPIO
* Add tests for GPIO
* Removed LED matrix from this patch set
* Small tidy ups on RNG, NVM, GPIO and Timer


Based-on: 20181025005052.27661-1-jus...@mail.ru

Steffen Görtz (13):
  qtest: Add set_irq_in command to set IRQ/GPIO level
  arm: Add header to host common definition for nRF51 SOC peripherals
  hw/misc/nrf51_rng: Add NRF51 random number generator peripheral
  arm: Instantiate NRF51 random number generator
  hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories
  arm: Instantiate NRF51 special NVM's and NVMC
  tests: Add bbc:microbit / nRF51 test suite
  hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral
  arm: Instantiate NRF51 general purpose I/O
  tests/microbit-test: Add Tests for nRF51 GPIO
  hw/timer/nrf51_timer: Add nRF51 Timer peripheral
  arm: Instantiate NRF51 Timers
  arm: Add Clock peripheral stub to NRF51 SOC

 Makefile.objs  |   1 +
 hw/arm/nrf51_soc.c | 150 --
 hw/gpio/Makefile.objs  |   1 +
 hw/gpio/nrf51_gpio.c   | 300 +++
 hw/gpio/trace-events   |   7 +
 hw/misc/Makefile.objs  |   1 +
 hw/misc/nrf51_rng.c| 262 +++
 hw/nvram/Makefile.objs |   1 +
 hw/nvram/nrf51_nvm.c   | 333 +
 hw/timer/Makefile.objs |   1 +
 hw/timer/nrf51_timer.c | 368 +
 hw/timer/trace-events  |   5 +
 include/hw/arm/nrf51.h |  45 
 include/hw/arm/nrf51_soc.h |  11 +
 include/hw/char/nrf51_uart.h   |   1 -
 include/hw/gpio/nrf51_gpio.h   |  69 +++
 include/hw/misc/nrf51_rng.h|  83 
 include/hw/nvram/nrf51_nvm.h   |  70 +++
 include/hw/timer/nrf51_timer.h |  75 +++
 qtest.c|  43 
 tests/Makefile.include |   2 +
 tests/libqtest.c   |  10 +
 tests/libqtest.h   |  28 +++
 tests/microbit-test.c  | 242 ++
 24 files changed, 2087 insertions(+), 22 deletions(-)
 create mode 100644 hw/gpio/nrf51_gpio.c
 create mode 100644 hw/gpio/trace-events
 create mode 100644 hw/misc/nrf51_rng.c
 create mode 100644 hw/nvram/nrf51_nvm.c
 create mode 100644 hw/timer/nrf51_timer.c
 create mode 100644 include/hw/arm/nrf51.h
 create mode 100644 include/hw/gpio/nrf51_gpio.h
 create mode 100644 include/hw/misc/nrf51_rng.h
 create mode 100644 include/hw/nvram/nrf51_nvm.h
 create mode 100644 include/hw/timer/nrf51_timer.h
 create mode 100644 tests/microbit-test.c

-- 
2.19.1

[Qemu-devel] [PATCH v4 03/13] hw/misc/nrf51_rng: Add NRF51 random number generator peripheral

[Steffen Görtz]

Add a model of the NRF51 random number generator peripheral.
This is a simple random generator that continuously generates
new random values after startup.

Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf

Signed-off-by: Steffen Görtz 
Reviewed-by: Stefan Hajnoczi 
---
 hw/misc/Makefile.objs   |   1 +
 hw/misc/nrf51_rng.c | 262 
 include/hw/misc/nrf51_rng.h |  83 
 3 files changed, 346 insertions(+)
 create mode 100644 hw/misc/nrf51_rng.c
 create mode 100644 include/hw/misc/nrf51_rng.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 680350b3c3..04f3bfa516 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -74,3 +74,4 @@ obj-$(CONFIG_PVPANIC) += pvpanic.o
 obj-$(CONFIG_AUX) += auxbus.o
 obj-$(CONFIG_ASPEED_SOC) += aspeed_scu.o aspeed_sdmc.o
 obj-$(CONFIG_MSF2) += msf2-sysreg.o
+obj-$(CONFIG_NRF51_SOC) += nrf51_rng.o
diff --git a/hw/misc/nrf51_rng.c b/hw/misc/nrf51_rng.c
new file mode 100644
index 00..d188f044f4
--- /dev/null
+++ b/hw/misc/nrf51_rng.c
@@ -0,0 +1,262 @@
+/*
+ * nRF51 Random Number Generator
+ *
+ * Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.1.pdf
+ *
+ * Copyright 2018 Steffen Görtz 
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "hw/arm/nrf51.h"
+#include "hw/misc/nrf51_rng.h"
+#include "crypto/random.h"
+
+static void update_irq(NRF51RNGState *s)
+{
+bool irq = s->interrupt_enabled && s->event_valrdy;
+qemu_set_irq(s->irq, irq);
+}
+
+static uint64_t rng_read(void *opaque, hwaddr offset, unsigned int size)
+{
+NRF51RNGState *s = NRF51_RNG(opaque);
+uint64_t r = 0;
+
+switch (offset) {
+case NRF51_RNG_EVENT_VALRDY:
+r = s->event_valrdy;
+break;
+case NRF51_RNG_REG_SHORTS:
+r = s->shortcut_stop_on_valrdy;
+break;
+case NRF51_RNG_REG_INTEN:
+case NRF51_RNG_REG_INTENSET:
+case NRF51_RNG_REG_INTENCLR:
+r = s->interrupt_enabled;
+break;
+case NRF51_RNG_REG_CONFIG:
+r = s->filter_enabled;
+break;
+case NRF51_RNG_REG_VALUE:
+r = s->value;
+break;
+
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: bad read offset 0x%" HWADDR_PRIx "\n",
+  __func__, offset);
+}
+
+return r;
+}
+
+static int64_t calc_next_timeout(NRF51RNGState *s)
+{
+int64_t timeout = qemu_clock_get_us(QEMU_CLOCK_VIRTUAL);
+if (s->filter_enabled) {
+timeout += s->period_filtered_us;
+} else {
+timeout += s->period_unfiltered_us;
+}
+
+return timeout;
+}
+
+
+static void rng_update_timer(NRF51RNGState *s)
+{
+if (s->active) {
+timer_mod(&s->timer, calc_next_timeout(s));
+} else {
+timer_del(&s->timer);
+}
+}
+
+
+static void rng_write(void *opaque, hwaddr offset,
+   uint64_t value, unsigned int size)
+{
+NRF51RNGState *s = NRF51_RNG(opaque);
+
+switch (offset) {
+case NRF51_RNG_TASK_START:
+if (value == NRF51_TRIGGER_TASK) {
+s->active = 1;
+rng_update_timer(s);
+}
+break;
+case NRF51_RNG_TASK_STOP:
+if (value == NRF51_TRIGGER_TASK) {
+s->active = 0;
+rng_update_timer(s);
+}
+break;
+case NRF51_RNG_EVENT_VALRDY:
+if (value == NRF51_EVENT_CLEAR) {
+s->event_valrdy = 0;
+}
+break;
+case NRF51_RNG_REG_SHORTS:
+s->shortcut_stop_on_valrdy =
+(value & BIT_MASK(NRF51_RNG_REG_SHORTS_VALRDY_STOP)) ? 1 : 0;
+break;
+case NRF51_RNG_REG_INTEN:
+s->interrupt_enabled =
+(value & BIT_MASK(NRF51_RNG_REG_INTEN_VALRDY)) ? 1 : 0;
+break;
+case NRF51_RNG_REG_INTENSET:
+if (value & BIT_MASK(NRF51_RNG_REG_INTEN_VALRDY)) {
+s->interrupt_enabled = 1;
+}
+break;
+case NRF51_RNG_REG_INTENCLR:
+if (value & BIT_MASK(NRF51_RNG_REG_INTEN_VALRDY)) {
+s->interrupt_enabled = 0;
+}
+break;
+case NRF51_RNG_REG_CONFIG:
+s->filter_enabled =
+  (value & BIT_MASK(NRF51_RNG_REG_CONFIG_DECEN)) ? 1 : 0;
+break;
+
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: bad write offset 0x%" HWADDR_PRIx "\n",
+  __func__, offset);
+}
+
+update_irq(s);
+}
+
+static const MemoryRegionOps rng_ops = {
+.read =  rng_read,
+.write = rng_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
+.impl.min_access_size = 4,
+.impl.max_access_size = 4
+};
+
+static void nrf51_rng_timer_expire(void *opaque)
+{
+NRF51RNGState *s = NRF51_RNG(opaque);
+
+qcrypto_random_bytes(&s->value, 1, &error_abort);
+
+s

Re: [Qemu-devel] [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state

[Jim Mattson via Qemu-devel]

On Fri, Nov 2, 2018 at 9:58 AM, Daniel P. Berrangé  wrote:
> On Fri, Nov 02, 2018 at 09:44:54AM -0700, Jim Mattson via Qemu-devel wrote:
>> On Fri, Nov 2, 2018 at 5:59 AM, Liran Alon  wrote:
>> >
>>
>> >>> Therefore, I don't think that we want this versioning to be based on 
>> >>> KVM_CAP at all.
>> >>> It seems that we would want the process to behave as follows:
>> >>> 1) Mgmt-layer at dest queries dest host max supported nested_state size.
>> >>>   (Which should be returned from 
>> >>> kvm_check_extension(KVM_CAP_NESTED_STATE))
>> >>> 2) Mgmt-layer at source initiate migration to dest with requesting QEMU 
>> >>> to send nested_state
>> >>>   matching dest max supported nested_state size.
>> >>>   When saving nested state using KVM_GET_NESTED_STATE IOCTL, QEMU will 
>> >>> specify in nested_state->size
>> >>>   the *requested* size to be saved and KVM should be able to save only 
>> >>> the information which matches
>> >>>   the version that worked with that size.
>> >>> 3) After some sanity checks on received migration stream, dest host use 
>> >>> KVM_SET_NESTED_STATE IOCTL.
>> >>>   This IOCTL should deduce which information it should deploy based on 
>> >>> given nested_state->size.
>>
>> I have to object to any proposal which requires the management later
>> to communicate with the source and the destination to determine what
>> should be done.
>
> Can you elaborate on why you object ?

We don't currently have this requirement, and I don't want to be
encumbered by it.

Re: [Qemu-devel] [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state

[Daniel P . Berrangé]

On Fri, Nov 02, 2018 at 09:44:54AM -0700, Jim Mattson via Qemu-devel wrote:
> On Fri, Nov 2, 2018 at 5:59 AM, Liran Alon  wrote:
> >
> 
> >>> Therefore, I don't think that we want this versioning to be based on 
> >>> KVM_CAP at all.
> >>> It seems that we would want the process to behave as follows:
> >>> 1) Mgmt-layer at dest queries dest host max supported nested_state size.
> >>>   (Which should be returned from 
> >>> kvm_check_extension(KVM_CAP_NESTED_STATE))
> >>> 2) Mgmt-layer at source initiate migration to dest with requesting QEMU 
> >>> to send nested_state
> >>>   matching dest max supported nested_state size.
> >>>   When saving nested state using KVM_GET_NESTED_STATE IOCTL, QEMU will 
> >>> specify in nested_state->size
> >>>   the *requested* size to be saved and KVM should be able to save only 
> >>> the information which matches
> >>>   the version that worked with that size.
> >>> 3) After some sanity checks on received migration stream, dest host use 
> >>> KVM_SET_NESTED_STATE IOCTL.
> >>>   This IOCTL should deduce which information it should deploy based on 
> >>> given nested_state->size.
> 
> I have to object to any proposal which requires the management later
> to communicate with the source and the destination to determine what
> should be done.

Can you elaborate on why you object ?

There are a bunch of features in QEMU's migration code which require
the mgmt layer to look at source + dest to determine what should be
done. Admittedly the cases we have had so far are generic migration
features (compression, multifd, postcopy, TLS, etc), while this is
a host kernel feature. I don't think it is that far outside the
normal practice wrt migration feature usage decision making though.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state

[Dr. David Alan Gilbert]

* Daniel P. Berrangé (berra...@redhat.com) wrote:
> On Fri, Nov 02, 2018 at 10:40:35AM +0100, Paolo Bonzini wrote:
> > On 02/11/2018 04:46, Liran Alon wrote:
> > >> On Thu, Nov1, 2018 at 09:45 AM, Jim Mattson  wrote:
> > > 
> > >>> On Thu, Nov 1, 2018 at 8:56 AM, Dr. David Alan Gilbert 
> > >>>  wrote:
> > > 
> > >>> So if I have matching host kernels it should always work?
> > >>> What happens if I upgrade the source kernel to increase it's maximum
> > >>> nested size, can I force it to keep things small for some VMs?
> > > 
> > >> Any change to the format of the nested state should be gated by a
> > >> KVM_CAP set by userspace. (Unlike, say, how the
> > >> KVM_VCPUEVENT_VALID_SMM flag was added to the saved VCPU events state
> > >> in commit f077825a8758d.) KVM has traditionally been quite bad about
> > >> maintaining backwards compatibility, but I hope the community is more
> > >> cognizant of the issues now.
> > > 
> > >> As a cloud provider, one would only enable the new capability from
> > >> userspace once all hosts in the pool have a kernel that supports it.
> > >> During the transition, the capability would not be enabled on the
> > >> hosts with a new kernel, and these hosts would continue to provide
> > >> nested state that could be consumed by hosts running the older kernel.
> > > 
> > > Hmm this makes sense.
> > > 
> > > This means though that the patch I have submitted here isn't good enough.
> > > My patch currently assumes that when it attempts to get nested state from 
> > > KVM,
> > > QEMU should always set nested_state->size to max size supported by KVM as 
> > > received
> > > from kvm_check_extension(s, KVM_CAP_NESTED_STATE);
> > > (See kvm_get_nested_state() introduced on my patch).
> > > This indeed won't allow migration from host with new KVM to host with old 
> > > KVM if
> > > nested_state size was enlarged between these KVM versions.
> > > Which is obviously an issue.
> > 
> > Actually I think this is okay, because unlike the "new" capability was
> > enabled, KVM would always reduce nested_state->size to a value that is
> > compatible with current kernels.
> > 
> > > But on second thought, I'm not sure that this is the right approach 
> > > as-well.
> > > We don't really want the used version of nested_state to be determined on 
> > > kvm_init().
> > > * On source QEMU, we actually want to determine it when preparing for 
> > > migration based
> > > on to the support given by our destination host. If it's an old host, we 
> > > would like to
> > > save an old version nested_state and if it's a new host, we will like to 
> > > save our newest
> > > supported nested_state.
> > 
> > No, that's wrong because it would lead to losing state.  If the source
> > QEMU supports more state than the destination QEMU, and the current VM
> > state needs to transmit it for migration to be _correct_, then migration
> > to that destination QEMU must fail.
> > 
> > In particular, enabling the new KVM capability needs to be gated by a
> > new machine type and/or -cpu flag, if migration compatibility is needed.
> >  (In particular, this is one reason why I haven't considered this series
> > for 3.1.  Right now, migration of nested hypervisors is completely
> > busted but if we make it "almost" work, pre-3.1 machine types would not
> > ever be able to add support for KVM_CAP_EXCEPTION_PAYLOAD.  Therefore,
> > it's better for users if we wait for one release more, and add support
> > for KVM_CAP_NESTED_STATE and KVM_CAP_EXCEPTION_PAYLOAD at the same time).
> > 
> > Personally, I would like to say that, starting from QEMU 3.2, enabling
> > nested VMX requires a 4.20 kernel.  It's a bit bold, but I think it's a
> > good way to keep some sanity.  Any opinions on that?
> 
> We have usually followed a rule that new machine types must not
> affect runability of a VM on a host. IOW new machine types should
> not introduce dependancies on specific kernels, or hardware features
> such as CPU flags.
> 
> Anything that requires a new kernel feature thus ought to be an
> opt-in config tunable on the CLI, separate from machine type
> choice.  Alternatively in this case, it could potentially be a
> migration parameter settable via QMP. QEMU on each side could
> advertize whether the migration parameter is available, and
> the mgmt app (which can see both sides of the migration) can
> then decide whether to enable it.

This is a little odd though since it relates to the
contents/size/consistency of the guest state directly.

Dave

> Regards,
> Daniel
> -- 
> |: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org -o-https://fstop138.berrange.com :|
> |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] strange situation, guest cpu thread spinning at ~100%, but display not yet initialized

[Alex Bennée]

Chris Friesen  writes:

> On 11/2/2018 1:51 AM, Alex Bennée wrote:
>>
>> Chris Friesen  writes:
>>
>>> Hi all,
>>>
>>> I have an odd situation which occurs very infrequently and I'm hoping
>>> to get some advice on how to debug.  Apologies for the length of this
>>> message, I tried to include as much potentially useful information as
>>> possible.
>>>
>>> In the context of an OpenStack compute node I have a qemu guest (with
>>> kvm acceleration) that has started up.  The virtual console shows
>>> "Guest has not initialized the display (yet)."   I'm trying to figure
>>> out what's going on and how we got into this state.  I assume it's
>>> some sort of deadlock/livelock, but I can't figure out what's causing
>>> it.
>
>>> At this point gdb appears to be stuck, though the task is still
>>> chewing 99.9% of host cpu 43.
>>
>> That's because the vcpu_ioctl you just trace through is into the
>> VCPU_RUN, basically when you enter the guest code (assuming the in
>> kernel KVM code isn't spinning).
>
> That's what I figured, thanks for the confirmation.
>
>> If you want to get an idea why your guest is spinning you probably want
>> to enable the gdb stub and look at what your guest kernel is doing.
>
> Given the "not initialized" message on the console, I wasn't sure
> whether the kernel had even started yet.

There will be a lot that happens between the kernel decompressing and
some sort of video hardware output being started. You didn't say what
guest architecture you were booting or what your qemu command line was.
You might want to look at enabling the serial console and seeing if you
get some clues from that.

--
Alex Bennée

Re: [Qemu-devel] [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state

[Daniel P . Berrangé]

On Fri, Nov 02, 2018 at 10:40:35AM +0100, Paolo Bonzini wrote:
> On 02/11/2018 04:46, Liran Alon wrote:
> >> On Thu, Nov1, 2018 at 09:45 AM, Jim Mattson  wrote:
> > 
> >>> On Thu, Nov 1, 2018 at 8:56 AM, Dr. David Alan Gilbert 
> >>>  wrote:
> > 
> >>> So if I have matching host kernels it should always work?
> >>> What happens if I upgrade the source kernel to increase it's maximum
> >>> nested size, can I force it to keep things small for some VMs?
> > 
> >> Any change to the format of the nested state should be gated by a
> >> KVM_CAP set by userspace. (Unlike, say, how the
> >> KVM_VCPUEVENT_VALID_SMM flag was added to the saved VCPU events state
> >> in commit f077825a8758d.) KVM has traditionally been quite bad about
> >> maintaining backwards compatibility, but I hope the community is more
> >> cognizant of the issues now.
> > 
> >> As a cloud provider, one would only enable the new capability from
> >> userspace once all hosts in the pool have a kernel that supports it.
> >> During the transition, the capability would not be enabled on the
> >> hosts with a new kernel, and these hosts would continue to provide
> >> nested state that could be consumed by hosts running the older kernel.
> > 
> > Hmm this makes sense.
> > 
> > This means though that the patch I have submitted here isn't good enough.
> > My patch currently assumes that when it attempts to get nested state from 
> > KVM,
> > QEMU should always set nested_state->size to max size supported by KVM as 
> > received
> > from kvm_check_extension(s, KVM_CAP_NESTED_STATE);
> > (See kvm_get_nested_state() introduced on my patch).
> > This indeed won't allow migration from host with new KVM to host with old 
> > KVM if
> > nested_state size was enlarged between these KVM versions.
> > Which is obviously an issue.
> 
> Actually I think this is okay, because unlike the "new" capability was
> enabled, KVM would always reduce nested_state->size to a value that is
> compatible with current kernels.
> 
> > But on second thought, I'm not sure that this is the right approach as-well.
> > We don't really want the used version of nested_state to be determined on 
> > kvm_init().
> > * On source QEMU, we actually want to determine it when preparing for 
> > migration based
> > on to the support given by our destination host. If it's an old host, we 
> > would like to
> > save an old version nested_state and if it's a new host, we will like to 
> > save our newest
> > supported nested_state.
> 
> No, that's wrong because it would lead to losing state.  If the source
> QEMU supports more state than the destination QEMU, and the current VM
> state needs to transmit it for migration to be _correct_, then migration
> to that destination QEMU must fail.
> 
> In particular, enabling the new KVM capability needs to be gated by a
> new machine type and/or -cpu flag, if migration compatibility is needed.
>  (In particular, this is one reason why I haven't considered this series
> for 3.1.  Right now, migration of nested hypervisors is completely
> busted but if we make it "almost" work, pre-3.1 machine types would not
> ever be able to add support for KVM_CAP_EXCEPTION_PAYLOAD.  Therefore,
> it's better for users if we wait for one release more, and add support
> for KVM_CAP_NESTED_STATE and KVM_CAP_EXCEPTION_PAYLOAD at the same time).
> 
> Personally, I would like to say that, starting from QEMU 3.2, enabling
> nested VMX requires a 4.20 kernel.  It's a bit bold, but I think it's a
> good way to keep some sanity.  Any opinions on that?

We have usually followed a rule that new machine types must not
affect runability of a VM on a host. IOW new machine types should
not introduce dependancies on specific kernels, or hardware features
such as CPU flags.

Anything that requires a new kernel feature thus ought to be an
opt-in config tunable on the CLI, separate from machine type
choice.  Alternatively in this case, it could potentially be a
migration parameter settable via QMP. QEMU on each side could
advertize whether the migration parameter is available, and
the mgmt app (which can see both sides of the migration) can
then decide whether to enable it.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v3 11/13] hw/timer/nrf51_timer: Add nRF51 Timer peripheral

[Steffen Görtz]

Hi Stefan,
> 
> Does anything rearm a running timer after live migration?

fixed in upcoming version.

Steffen

Re: [Qemu-devel] [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state

[Jim Mattson via Qemu-devel]

On Fri, Nov 2, 2018 at 5:59 AM, Liran Alon  wrote:
>

>>> Therefore, I don't think that we want this versioning to be based on 
>>> KVM_CAP at all.
>>> It seems that we would want the process to behave as follows:
>>> 1) Mgmt-layer at dest queries dest host max supported nested_state size.
>>>   (Which should be returned from kvm_check_extension(KVM_CAP_NESTED_STATE))
>>> 2) Mgmt-layer at source initiate migration to dest with requesting QEMU to 
>>> send nested_state
>>>   matching dest max supported nested_state size.
>>>   When saving nested state using KVM_GET_NESTED_STATE IOCTL, QEMU will 
>>> specify in nested_state->size
>>>   the *requested* size to be saved and KVM should be able to save only the 
>>> information which matches
>>>   the version that worked with that size.
>>> 3) After some sanity checks on received migration stream, dest host use 
>>> KVM_SET_NESTED_STATE IOCTL.
>>>   This IOCTL should deduce which information it should deploy based on 
>>> given nested_state->size.

I have to object to any proposal which requires the management later
to communicate with the source and the destination to determine what
should be done.

[Qemu-devel] ping Re: [PATCH v4 00/11] backup-top filter driver for backup

[Vladimir Sementsov-Ogievskiy]

ping

15.10.2018 19:06, Vladimir Sementsov-Ogievskiy wrote:
> Hi all!
>
> These series introduce backup-top driver. It's a filter-node, which
> do copy-before-write operation. Mirror uses filter-node for handling
> guest writes, let's move to filter-node (from write-notifiers) for
> backup too (patch 16)
>
> v4:
> fixes, rewrite driver to be implicit, drop new interfaces and
> don't move to BdrvDirtyBitmap for now, as it's not obvious will
> it be really needed and don't relate to these series more.
>
> v3 was "[PATCH v3 00/18] fleecing-hook driver for backup"
>
> v2 was "[RFC v2] new, node-graph-based fleecing and backup"
>
> These series are based on
>   [PATCH v4 0/8] dirty-bitmap: rewrite bdrv_dirty_iter_next_area
> and
>   [PATCH 0/2] replication: drop extra sync
>
> Based-on: <20180919124343.28206-1-vsement...@virtuozzo.com>
> Based-on: <20180917145732.48590-1-vsement...@virtuozzo.com>
>
> Vladimir Sementsov-Ogievskiy (11):
>block/backup: simplify backup_incremental_init_copy_bitmap
>block/backup: move to copy_bitmap with granularity
>block: allow serialized reads to intersect
>block: improve should_update_child
>iotests: handle -f argument correctly for qemu_io_silent
>iotests: allow resume_drive by node name
>iotests: prepare 055 to graph changes during backup job
>block: introduce backup-top filter driver
>block: add lock/unlock range functions
>block/backup: tiny refactor backup_job_create
>block/backup: use backup-top instead of write notifiers
>
>   block/backup-top.h|  44 
>   include/block/block_int.h |   3 +
>   block.c   |  32 ++-
>   block/backup-top.c| 298 
>   block/backup.c| 415 +-
>   block/io.c|  38 +++-
>   block/Makefile.objs   |   2 +
>   tests/qemu-iotests/055|  23 +-
>   tests/qemu-iotests/iotests.py |  16 +-
>   9 files changed, 641 insertions(+), 230 deletions(-)
>   create mode 100644 block/backup-top.h
>   create mode 100644 block/backup-top.c
>


-- 
Best regards,
Vladimir

Re: [Qemu-devel] [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state

[Jim Mattson via Qemu-devel]

On Thu, Nov 1, 2018 at 8:46 PM, Liran Alon  wrote:

> Hmm this makes sense.
>
> This means though that the patch I have submitted here isn't good enough.
> My patch currently assumes that when it attempts to get nested state from KVM,
> QEMU should always set nested_state->size to max size supported by KVM as 
> received
> from kvm_check_extension(s, KVM_CAP_NESTED_STATE);
> (See kvm_get_nested_state() introduced on my patch).
> This indeed won't allow migration from host with new KVM to host with old KVM 
> if
> nested_state size was enlarged between these KVM versions.
> Which is obviously an issue.
>
> Jim, I think that my confusion was created from the fact that there is no 
> clear documentation
> on how KVM_{GET,SET}_NESTED_STATE should be changed once we will need to add 
> more state to
> nested_state in future KVM versions. I think it's worth adding that to IOCTLs 
> documentation.

The nested state IOCTLs aren't unique in this respect. Any changes to
the state saved by any of this whole family of state-saving ioctls
require opt-in from userspace.

> For example, let's assume we have a new KVM_CAP_NESTED_STATE_V2.
> In this scenario, does kvm_check_extension(s, KVM_CAP_NESTED_STATE) still 
> returns the
> size of nested_state v1 and kvm_check_extension(s, KVM_CAP_NESTED_STATE_V2) 
> returns the
> size of the nested_state v2?

Hmm...I don't recall kvm_check_extension(s, KVM_CAP_NESTED_STATE)
being part of my original design. The way I had envisioned it,
the set of capabilities enabled by userspace would be sufficient to
infer the maximum data size.

If, for example, we add a field to stash the time remaining for the
VMCS12 VMX preemption timer, then presumably, userspace will enable it
by enabling KVM_CAP_SAVE_VMX_PREEMPTION_TIMER (or something like
that), and then userspace will know that the maximum nested state data
is 4 bytes larger.

> Also note that the approach suggested by Jim requires mgmt-layer at dest
> to be able to specify to QEMU which KVM_CAP_NESTED_STATE_V* capabilities it 
> should enable on kvm_init().
> When we know we are migrating from a host which supports v1 to a host which 
> supports v2,
> we should make sure that dest QEMU doesn't enable KVM_CAP_NESTED_STATE_V2.
> However, when we are just launching a new machine on the host which supports 
> v2, we do want
> QEMU to enable KVM_CAP_NESTED_STATE_V2 enabled for that VM.

No, no, no. Even when launching a new VM on a host that supports v2,
you cannot enable v2 until you have passed rollback horizon. Should
you decide to roll back the kernel with v2 support, you must be able
to move that new VM to a host with an old kernel.

> But on second thought, I'm not sure that this is the right approach as-well.
> We don't really want the used version of nested_state to be determined on 
> kvm_init().
> * On source QEMU, we actually want to determine it when preparing for 
> migration based
> on to the support given by our destination host. If it's an old host, we 
> would like to
> save an old version nested_state and if it's a new host, we will like to save 
> our newest
> supported nested_state.
> * On dest QEMU, we will want to just be able to set received nested_state in 
> KVM.
>
> Therefore, I don't think that we want this versioning to be based on KVM_CAP 
> at all.
> It seems that we would want the process to behave as follows:
> 1) Mgmt-layer at dest queries dest host max supported nested_state size.
>(Which should be returned from kvm_check_extension(KVM_CAP_NESTED_STATE))
> 2) Mgmt-layer at source initiate migration to dest with requesting QEMU to 
> send nested_state
>matching dest max supported nested_state size.
>When saving nested state using KVM_GET_NESTED_STATE IOCTL, QEMU will 
> specify in nested_state->size
>the *requested* size to be saved and KVM should be able to save only the 
> information which matches
>the version that worked with that size.
> 3) After some sanity checks on received migration stream, dest host use 
> KVM_SET_NESTED_STATE IOCTL.
>This IOCTL should deduce which information it should deploy based on given 
> nested_state->size.
>
> This also makes me wonder if it's not just nicer to use nested_state->flags 
> to specify which
> information is actually present on nested_state instead of managing 
> versioning with nested_state->size.

Yes, you can use nested_state->flags to determine what the data
payload is, but you cannot enable new flags unless userspace opts in.
This is just like KVM_CAP_EXCEPTION_PAYLOAD for kvm_vcpu_events. The
flag, KVM_VCPUEVENT_VALID_PAYLOAD, can only be set on the saved vcpu
events if userspace has opted-in with KVM_CAP_EXCEPTION_PAYLOAD. This
is because older kernels will reject kvm_vcpu_events that have the
KVM_VCPUEVENT_VALID_PAYLOAD flag set.

You don't need a new KVM_CAP_NESTED_STATE_V2 ioctl. You just need
buy-in from userspace for any new data payload. Explicitly enumerating
the payload components in the flags field makes perfect sense.

Re: [Qemu-devel] [PATCH v2 0/5] target/arm: KVM vs ARMISARegisters

[Peter Maydell]

On 2 November 2018 at 14:54, Richard Henderson
 wrote:
> My previous patch set for replacing feature bits with id registers
> failed to consider that these id registers are beginning to control
> migration, and thus we must fill them in for KVM as well.
>
> Thus, we want to initialize these values within CPU from the host.
>
> Finally, re-send the T32EE conversion patch, fixing the build
> failure on an arm32 host in kvm32.c.
>
> Changes, v1->v2:
>   * Remove assert that AArch32 sysreg <= UINT32_MAX.
>   * Remove unused local variable.
>   * Add commentary for AArch32 sysregs vs missing AArch32 support.

As noted on IRC, on my admittedly pretty ancient 4.8.0 kernel some
of these ID register reads via KVM_GET_ONE_REG fail ENOENT.
strace says:

openat(AT_FDCWD, "/dev/kvm", O_RDWR|O_CLOEXEC) = 18
ioctl(18, KVM_CREATE_VM or LOGGER_GET_LOG_BUF_SIZE, 0) = 19
ioctl(19, KVM_CREATE_VCPU, 0)   = 20
ioctl(19, KVM_ARM_PREFERRED_TARGET, 0xcfeb4e88) = 0
ioctl(20, KVM_ARM_VCPU_INIT, 0xcfeb4e88) = 0
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
= -1 ENOENT (No such file or directory)
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
= -1 ENOENT (No such file or directory)
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
= -1 ENOENT (No such file or directory)
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
= -1 ENOENT (No such file or directory)
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28) = 0
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
= -1 ENOENT (No such file or directory)
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
= -1 ENOENT (No such file or directory)
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
= -1 ENOENT (No such file or directory)
ioctl(20, KVM_ARM_SET_DEVICE_ADDR or KVM_GET_ONE_REG, 0xcfeb4e28)
= -1 ENOENT (No such file or directory)


I added a bit of extra tracing, since strace doesn't
print the ID field for the ioctl:

peter.maydell@mustang-maydell:~/qemu$
~/test-images/virtv8-for-nesting/runme-kvm
./build/for-kvm/aarch64-softmmu/qemu-system-aarch64 -enable-kvm -cpu
max -machine gic-version=max
read_sys_reg64: reading ID 0x60300013c030...-1
read_sys_reg64: reading ID 0x60300013c031...-1
read_sys_reg64: reading ID 0x60300013c020...-1
read_sys_reg64: reading ID 0x60300013c021...-1
read_sys_reg32: reading ID 0x60300013c010...0
read_sys_reg32: reading ID 0x60300013c011...0
read_sys_reg32: reading ID 0x60300013c012...0
read_sys_reg32: reading ID 0x60300013c013...0
read_sys_reg32: reading ID 0x60300013c014...0
read_sys_reg32: reading ID 0x60300013c015...0
read_sys_reg32: reading ID 0x60300013c017...-1
read_sys_reg32: reading ID 0x60300013c018...-1
read_sys_reg32: reading ID 0x60300013c019...-1
read_sys_reg32: reading ID 0x60300013c01a...-1
qemu-system-aarch64: Failed to retrieve host CPU features

It looks like the kernel can handle reads of ID_ISAR0_EL1
through ID_ISAR5_EL1, but not ID_ISAR6_EL1, any of the
MVFR*_EL1 or ID_AA64_ISAR* or ID_AA64PFR*.

This is probably because the kernel is way too old to be
interestingly supportable for KVM, but we did previously
manage to boot on this setup.

We should probably at least figure out which version of
the kernel fixed this bug and made the ID registers available
to userspace... if it's sufficiently ancient we could
likely say "not supported", but if it's more recent we
need a workaround somehow. I have cc'd a couple of kernel
folks who might be able to help with the "which version"
question.

thanks
-- PMM

Re: [Qemu-devel] [PATCH RFC v7 5/9] migration: fix the multifd code when sending less channels

[Dr. David Alan Gilbert]

* Peter Xu (pet...@redhat.com) wrote:
> On Fri, Nov 02, 2018 at 11:00:24AM +0800, Fei Li wrote:
> > 
> > 
> > On 11/02/2018 10:37 AM, Peter Xu wrote:
> > > On Thu, Nov 01, 2018 at 06:17:11PM +0800, Fei Li wrote:
> > > > Set the migration state to "failed" instead of "setup" when failing
> > > > to send packet via some channel.
> > > Could you please provide more information in the commit message?
> > > E.g., what will happen if without this patch?  Will it crash the
> > > source or stall the source migration or others?  Otherwise it's a bit
> > > hard for me to understand what's this patch for.
> > Sorry for the inadequate description , I was intended to say that when
> > failing
> > to do the live migration using multifd, e.g. sending less channels, the src
> > status displays "setup" when running `info migrate`. I assume we should tell
> > users that the "Migration status" is "failed" now (and along with the
> > failure reason).
> > 
> > The current src status when failed inmultifd_new_send_channel_async()：
> > 
> > 
> > (qemu) migrate_set_capability x-multifd on
> > (qemu) migrate_set_parameter x-multifd-channels 4
> > (qemu) migrate -d tcp:192.168.190.98:
> > (qemu) qemu-system-x86_64: failed in multifd_new_send_channel_async due to
> > ...
> > (qemu) info migrate
> > globals:
> > store-global-state: on
> > only-migratable: off
> > send-configuration: on
> > send-section-footer: on
> > decompress-error-check: on
> > capabilities: xbzrle: off rdma-pin-all: off auto-converge: off zero-blocks:
> > off compress: off events: off postcopy-ram: off x-colo: off release-ram: off
> > block: off return-path: off pause-before-switchover: off x-multifd: on
> > dirty-bitmaps: off postcopy-blocktime: off late-block-activate: off
> > Migration status: setup
> > total time: 0 milliseconds
> 
> Thanks for the information.
> 
> I had a quick look.  For now we do this:
> 
> multifd_save_setup (without waiting for channels to be ready)
> create thread migration_thread
> (in thread)
> ram_save_setup
> multifd_send_sync_main (wait for the channels)
> 
> The thing is that we didn't get the notification when one of the
> multifd channel is failed.  IMHO instead of setting the global
> migration state in a per-channel function, we should just report the
> error upwards, then the main thread should decide how to change the
> state machine of the migration.

Best to wait for Juan on that; I've got vague memories that reporting
errors among the threads was a bit tricky.

Dave

> And we have set it in migrate_set_error() after all so the main thread
> should be able to know somehow (though IMHO I'll even prefer to have a
> per-channel variable to keep the state of the channel, then the
> per-channel functions won't touch any globals which offers better
> isolation).
> 
> I'm not sure how Juan thinks about it, but I'd prefer some work to
> provide such isolation and also some mechanism to allow the main
> thread to detect the per-channel errors not only during setup phase
> but also during the migration (e.g., when network is suddenly down).
> Then we don't touch any globals (e.g., we shouldn't call
> migrate_get_current in any per-channel function like
> multifd_new_send_channel_async).
> 
> > 
> > > 
> > > Normally I would prefer to not touch global states in feature specific
> > > code path, but I'd like to know the problem more first...
> > > 
> > > Thanks,
> > > 
> > > > Cc: Peter Xu 
> > > > Signed-off-by: Fei Li 
> > > > ---
> > > >   migration/ram.c | 2 ++
> > > >   1 file changed, 2 insertions(+)
> > > > 
> > > > diff --git a/migration/ram.c b/migration/ram.c
> > > > index 4db3b3e8f4..c84d164fc8 100644
> > > > --- a/migration/ram.c
> > > > +++ b/migration/ram.c
> > > > @@ -1072,6 +1072,7 @@ out:
> > > >   static void multifd_new_send_channel_async(QIOTask *task, gpointer 
> > > > opaque)
> > > >   {
> > > >   MultiFDSendParams *p = opaque;
> > > > +MigrationState *s = migrate_get_current();
> > > >   QIOChannel *sioc = QIO_CHANNEL(qio_task_get_source(task));
> > > >   Error *local_err = NULL;
> > > > @@ -1083,6 +1084,7 @@ static void 
> > > > multifd_new_send_channel_async(QIOTask *task, gpointer opaque)
> > > >   if (multifd_save_cleanup(&local_err) != 0) {
> > > >   migrate_set_error(migrate_get_current(), local_err);
> > > >   }
> > > > +migrate_set_state(&s->state, s->state, 
> > > > MIGRATION_STATUS_FAILED);
> > > >   } else {
> > > >   p->c = QIO_CHANNEL(sioc);
> > > >   qio_channel_set_delay(p->c, false);
> > > > -- 
> > > > 2.13.7
> > > > 
> > > Regards,
> > > 
> > 
> 
> Regards,
> 
> -- 
> Peter Xu
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PULL 39/45] target/arm: Reorg NEON VLD/VST all elements

[Laurent Vivier]

On 19/10/2018 18:57, Peter Maydell wrote:
> From: Richard Henderson 
> 
> Instead of shifts and masks, use direct loads and stores from the neon
> register file.  Mirror the iteration structure of the ARM pseudocode
> more closely.  Correct the parameters of the VLD2 A2 insn.
> 
> Note that this includes a bugfix for handling of the insn
> "VLD2 (multiple 2-element structures)" -- we were using an
> incorrect stride value.
> 
> Signed-off-by: Richard Henderson 
> Message-id: 20181011205206.3552-19-richard.hender...@linaro.org
> Reviewed-by: Peter Maydell 
> Signed-off-by: Peter Maydell 
> ---
>  target/arm/translate.c | 170 ++---
>  1 file changed, 74 insertions(+), 96 deletions(-)
> 

This commit breaks qemu-arm in a debian/stretch/armhf chroot.

When I try to run the ltp-full-20180515 test suite it hangs at the end
of the configuration phase, in config.status:

...
config.status: creating include/mk/config.mk
config.status: creating include/mk/config-openposix.mk
config.status: creating include/mk/features.mk
config.status: creating lib/ltp.pc
config.status: creating m4/Makefile
config.status: creating execltp

# ps -ef|grep qemu
...
root 21961 21959  2 17:16 pts/000:00:04 //qemu-arm /bin/bash
./config.status
root 22354 21961 97 17:18 pts/000:00:32 //qemu-arm /usr/bin/mawk
-f ./confneVYre/subs.awk

Any idea?

Thanks,
Laurent

Re: [Qemu-devel] [PATCH v3 08/13] hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral

[Steffen Görtz]

Hi Peter,

> 
> 
>> +static void reflect_dir_bit_in_cnf(NRF51GPIOState *s)
>> +{
>> +uint32_t value = s->dir;
>> +for (size_t i = 0; i < NRF51_GPIO_PINS; i++) {
> 
> Similarly here, and I think I saw another use somewhere else
> in this patchset too.

I have removed the c99 style declarations from the gpio device and also from 
the tests in microbit-tests.
Thank you for your review!

Steffen

Re: [Qemu-devel] [PATCH v1 2/7] pcihp: overwrite hotplug handler recursively from the start

[Michael S. Tsirkin]

On Fri, Nov 02, 2018 at 02:00:32PM +0100, Igor Mammedov wrote:
> On Fri, 2 Nov 2018 12:43:10 +0100
> David Hildenbrand  wrote:
> 
> > On 01.11.18 15:10, Igor Mammedov wrote:
> > > On Wed, 24 Oct 2018 12:19:25 +0200
> > > David Hildenbrand  wrote:
> > >   
> > >> For now, the hotplug handler is not called for devices that are
> > >> being cold plugged. The hotplug handler is setup when the machine
> > >> initialization is fully done. Only bridges that were cold plugged are
> > >> considered.
> > >>
> > >> Set the hotplug handler for the root piix bus directly when realizing.
> > >> Overwrite the hotplug handler of bridges when hotplugging/coldplugging
> > >> them.
> > >>
> > >> This will now make sure that the ACPI PCI hotplug handler is also called
> > >> for cold-plugged devices (also on bridges) and for bridges that were
> > >> hotplugged.
> > >>
> > >> When trying to hotplug a device to a hotplugged bridge, we now correctly
> > >> get the error message
> > >>  "Unsupported bus. Bus doesn't have property 'acpi-pcihp-bsel' set"
> > >> Insted of going via the standard PCI hotplug handler.  
> > > Erroring out is probably not ok, since it can break existing setups
> > > where SHPC hotplugging to hotplugged bridge was working just fine before. 
> > >  
> > 
> > The question is if it actually was supposed (and eventually did) work.
> I think it works now, it's QEMU 'ACPI hotplug hack' (which exists for
> the sake of Windows) limitation. We weren't able to dynamically add
> ACPI description for hotplugged bridge, so it was using native hotplug.
> Now theoretically we can load tables dynamically but that, would add
> maintenance nightmare (versioned tables) and would be harder to debug.
> I'd rather not go that direction and keep current limited version,
> suggesting users to use native hotplug if guest is capable.

Well a bunch of tables need to be dynamic, and generating them from ACPI
isn't a significant step up from generating them in the BIOS which did
create huge headaches, for many reasons but in particular because we
need to add custom interfaces for every little thing we are adding.
By comparison dynamic loading is a single interface and we can
ship any AML code we want across it.

So I'm working on a limited form of dynamic loading with versioning and
I don't necessarily agree it has to be a nightmare, but yes it does need
to be limited very carefully. Implementing bridge hotplug there
isn't in scope for me at this point.

> > If this was the expected behavior (mixing hotplug types), then the
> > necessary change to this patch would boil down to checking if the bridge
> > it hot or coldplugged.
> > 
> > > 
> > > Marcel/Michael what's your take on this change in behaviour?
> > > CCing libvirt in case they are doing this stuff
> > >   
> > 
> > Indeed, it would be nice to know if this was actually supposed to work
> > like this (coldplugged bridges using ACPI hotplug and hotplugged bridges
> > using SHPC hotplug).
> > 
> > 

Re: [Qemu-devel] [PATCH v3 08/13] hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral

[Steffen Görtz]

Hi Stefan,

>
> gcc (GCC) 8.2.1 20181011 doesn't know that extract32(..., 3) can only
> result in values [0, 7] so it warns that state can be uninitialized.
>
> It might be simplest to include a default case that returns false (with
> a comment).
>

thank you for your remarks. Will be in the next version.

Steffen

[Qemu-devel] [PATCH 1/2] target/mips: Fix decoding mechanism of R5900 MFLO1, MFHI1, MTLO1 and MTHI1

[Fredrik Noring]

MFLO1, MFHI1, MTLO1 and MTHI1 are generated in gen_HILO1_tx79 instead of
the generic gen_HILO.

Signed-off-by: Fredrik Noring 
---
 target/mips/translate.c | 67 ++---
 1 file changed, 56 insertions(+), 11 deletions(-)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index 60320cbe69..f3993cf7d7 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -4359,24 +4359,72 @@ static void gen_shift(DisasContext *ctx, uint32_t opc,
 tcg_temp_free(t1);
 }
 
+/* Move to and from TX79 HI1/LO1 registers. */
+static void gen_HILO1_tx79(DisasContext *ctx, uint32_t opc, int reg)
+{
+if (reg == 0 && (opc == TX79_MMI_MFHI1 || opc == TX79_MMI_MFLO1)) {
+/* Treat as NOP. */
+return;
+}
+
+switch (opc) {
+case TX79_MMI_MFHI1:
+#if defined(TARGET_MIPS64)
+tcg_gen_ext32s_tl(cpu_gpr[reg], cpu_HI[1]);
+#else
+tcg_gen_mov_tl(cpu_gpr[reg], cpu_HI[1]);
+#endif
+break;
+case TX79_MMI_MFLO1:
+#if defined(TARGET_MIPS64)
+tcg_gen_ext32s_tl(cpu_gpr[reg], cpu_LO[1]);
+#else
+tcg_gen_mov_tl(cpu_gpr[reg], cpu_LO[1]);
+#endif
+break;
+case TX79_MMI_MTHI1:
+if (reg != 0) {
+#if defined(TARGET_MIPS64)
+tcg_gen_ext32s_tl(cpu_HI[1], cpu_gpr[reg]);
+#else
+tcg_gen_mov_tl(cpu_HI[1], cpu_gpr[reg]);
+#endif
+} else {
+tcg_gen_movi_tl(cpu_HI[1], 0);
+}
+break;
+case TX79_MMI_MTLO1:
+if (reg != 0) {
+#if defined(TARGET_MIPS64)
+tcg_gen_ext32s_tl(cpu_LO[1], cpu_gpr[reg]);
+#else
+tcg_gen_mov_tl(cpu_LO[1], cpu_gpr[reg]);
+#endif
+} else {
+tcg_gen_movi_tl(cpu_LO[1], 0);
+}
+break;
+default:
+MIPS_INVAL("MFTHILO TX79");
+generate_exception_end(ctx, EXCP_RI);
+break;
+}
+}
+
 /* Arithmetic on HI/LO registers */
 static void gen_HILO(DisasContext *ctx, uint32_t opc, int acc, int reg)
 {
-if (reg == 0 && (opc == OPC_MFHI || opc == TX79_MMI_MFHI1 ||
- opc == OPC_MFLO || opc == TX79_MMI_MFLO1)) {
+if (reg == 0 && (opc == OPC_MFHI || opc == OPC_MFLO)) {
 /* Treat as NOP. */
 return;
 }
 
 if (acc != 0) {
-if (!(ctx->insn_flags & INSN_R5900)) {
-check_dsp(ctx);
-}
+check_dsp(ctx);
 }
 
 switch (opc) {
 case OPC_MFHI:
-case TX79_MMI_MFHI1:
 #if defined(TARGET_MIPS64)
 if (acc != 0) {
 tcg_gen_ext32s_tl(cpu_gpr[reg], cpu_HI[acc]);
@@ -4387,7 +4435,6 @@ static void gen_HILO(DisasContext *ctx, uint32_t opc, int 
acc, int reg)
 }
 break;
 case OPC_MFLO:
-case TX79_MMI_MFLO1:
 #if defined(TARGET_MIPS64)
 if (acc != 0) {
 tcg_gen_ext32s_tl(cpu_gpr[reg], cpu_LO[acc]);
@@ -4398,7 +4445,6 @@ static void gen_HILO(DisasContext *ctx, uint32_t opc, int 
acc, int reg)
 }
 break;
 case OPC_MTHI:
-case TX79_MMI_MTHI1:
 if (reg != 0) {
 #if defined(TARGET_MIPS64)
 if (acc != 0) {
@@ -4413,7 +4459,6 @@ static void gen_HILO(DisasContext *ctx, uint32_t opc, int 
acc, int reg)
 }
 break;
 case OPC_MTLO:
-case TX79_MMI_MTLO1:
 if (reg != 0) {
 #if defined(TARGET_MIPS64)
 if (acc != 0) {
@@ -26500,11 +26545,11 @@ static void decode_tx79_mmi(CPUMIPSState *env, 
DisasContext *ctx)
 break;
 case TX79_MMI_MTLO1:
 case TX79_MMI_MTHI1:
-gen_HILO(ctx, opc, 1, rs);
+gen_HILO1_tx79(ctx, opc, rs);
 break;
 case TX79_MMI_MFLO1:
 case TX79_MMI_MFHI1:
-gen_HILO(ctx, opc, 1, rd);
+gen_HILO1_tx79(ctx, opc, rd);
 break;
 case TX79_MMI_MADD:  /* TODO: TX79_MMI_MADD */
 case TX79_MMI_MADDU: /* TODO: TX79_MMI_MADDU */
-- 
2.18.1

[Qemu-devel] [PATCH 2/2] target/mips: Fix decoding mechanism of R5900 DIV1 and DIVU1

[Fredrik Noring]

DIV1 and DIVU1 are generated in gen_div1_tx79 instead of the generic
gen_muldiv.

Signed-off-by: Fredrik Noring 
---
 target/mips/translate.c | 65 +
 1 file changed, 59 insertions(+), 6 deletions(-)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index f3993cf7d7..6e5a8a2565 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -4759,6 +4759,63 @@ static void gen_r6_muldiv(DisasContext *ctx, int opc, 
int rd, int rs, int rt)
 tcg_temp_free(t1);
 }
 
+static void gen_div1_tx79(DisasContext *ctx, uint32_t opc, int rs, int rt)
+{
+TCGv t0, t1;
+
+t0 = tcg_temp_new();
+t1 = tcg_temp_new();
+
+gen_load_gpr(t0, rs);
+gen_load_gpr(t1, rt);
+
+switch (opc) {
+case TX79_MMI_DIV1:
+{
+TCGv t2 = tcg_temp_new();
+TCGv t3 = tcg_temp_new();
+tcg_gen_ext32s_tl(t0, t0);
+tcg_gen_ext32s_tl(t1, t1);
+tcg_gen_setcondi_tl(TCG_COND_EQ, t2, t0, INT_MIN);
+tcg_gen_setcondi_tl(TCG_COND_EQ, t3, t1, -1);
+tcg_gen_and_tl(t2, t2, t3);
+tcg_gen_setcondi_tl(TCG_COND_EQ, t3, t1, 0);
+tcg_gen_or_tl(t2, t2, t3);
+tcg_gen_movi_tl(t3, 0);
+tcg_gen_movcond_tl(TCG_COND_NE, t1, t2, t3, t2, t1);
+tcg_gen_div_tl(cpu_LO[1], t0, t1);
+tcg_gen_rem_tl(cpu_HI[1], t0, t1);
+tcg_gen_ext32s_tl(cpu_LO[1], cpu_LO[1]);
+tcg_gen_ext32s_tl(cpu_HI[1], cpu_HI[1]);
+tcg_temp_free(t3);
+tcg_temp_free(t2);
+}
+break;
+case TX79_MMI_DIVU1:
+{
+TCGv t2 = tcg_const_tl(0);
+TCGv t3 = tcg_const_tl(1);
+tcg_gen_ext32u_tl(t0, t0);
+tcg_gen_ext32u_tl(t1, t1);
+tcg_gen_movcond_tl(TCG_COND_EQ, t1, t1, t2, t3, t1);
+tcg_gen_divu_tl(cpu_LO[1], t0, t1);
+tcg_gen_remu_tl(cpu_HI[1], t0, t1);
+tcg_gen_ext32s_tl(cpu_LO[1], cpu_LO[1]);
+tcg_gen_ext32s_tl(cpu_HI[1], cpu_HI[1]);
+tcg_temp_free(t3);
+tcg_temp_free(t2);
+}
+break;
+default:
+MIPS_INVAL("div1 TX79");
+generate_exception_end(ctx, EXCP_RI);
+goto out;
+}
+ out:
+tcg_temp_free(t0);
+tcg_temp_free(t1);
+}
+
 static void gen_muldiv(DisasContext *ctx, uint32_t opc,
int acc, int rs, int rt)
 {
@@ -4771,14 +4828,11 @@ static void gen_muldiv(DisasContext *ctx, uint32_t opc,
 gen_load_gpr(t1, rt);
 
 if (acc != 0) {
-if (!(ctx->insn_flags & INSN_R5900)) {
-check_dsp(ctx);
-}
+check_dsp(ctx);
 }
 
 switch (opc) {
 case OPC_DIV:
-case TX79_MMI_DIV1:
 {
 TCGv t2 = tcg_temp_new();
 TCGv t3 = tcg_temp_new();
@@ -4800,7 +4854,6 @@ static void gen_muldiv(DisasContext *ctx, uint32_t opc,
 }
 break;
 case OPC_DIVU:
-case TX79_MMI_DIVU1:
 {
 TCGv t2 = tcg_const_tl(0);
 TCGv t3 = tcg_const_tl(1);
@@ -26541,7 +26594,7 @@ static void decode_tx79_mmi(CPUMIPSState *env, 
DisasContext *ctx)
 break;
 case TX79_MMI_DIV1:
 case TX79_MMI_DIVU1:
-gen_muldiv(ctx, opc, 1, rs, rt);
+gen_div1_tx79(ctx, opc, rs, rt);
 break;
 case TX79_MMI_MTLO1:
 case TX79_MMI_MTHI1:
-- 
2.18.1

[Qemu-devel] [PATCH 0/2] target/mips: Fix decoding mechanisms of R5900 M{F, T}{HI, LO}1 and DIV[U]1

[Fredrik Noring]

This series amends the R5900 support with the following changes:

- MFLO1, MFHI1, MTLO1 and MTHI1 are generated in gen_HILO1_tx79 instead
  of the generic gen_HILO.

- DIV1 and DIVU1 are generated in gen_div1_tx79 instead of the generic
  gen_muldiv.

Fredrik Noring (2):
  target/mips: Fix decoding mechanism of R5900 MFLO1, MFHI1, MTLO1 and MTHI1
  target/mips: Fix decoding mechanism of R5900 DIV1 and DIVU1

 target/mips/translate.c | 132 ++--
 1 file changed, 115 insertions(+), 17 deletions(-)

-- 
2.18.1

Re: [Qemu-devel] [PATCH v3 05/13] hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories

[Steffen Görtz]

Hi Stefan,
> 
> Indentation is off here.  One way of formatting it:
> 
> address_space_write(&s->as, i * NRF51_PAGE_SIZE,
> MEMTXATTRS_UNSPECIFIED, s->empty_page,
>   NRF51_PAGE_SIZE);

Good catch.

>> +static void nrf51_nvm_reset(DeviceState *dev)
>> +{
>> +NRF51NVMState *s = NRF51_NVM(dev);
>> +
>> +memset(s->uicr_content, '\0', sizeof(s->uicr_content));
>> +}
> 
> We will zero UICR.  Does UICR come zero-initialized on a real micro:bit?
> 
> I remember there was an issue with .hex files that set UICR values.
> Will nrf51_nvm_reset() overwrite values from .hex files when the generic
> loader devices is used (-device loader,file=test.hex)?
> 
UICR comes 0xFF initialized ([1] 8.1) and yes we had a conflict with the 
js-runtime.
I now moved the memset to init just before mapping the region:

memset(s->uicr_content, 0xFF, sizeof(s->uicr_content));
memory_region_init_io(&s->uicr, NULL, &uicr_ops, s, "nrf51_soc.uicr",
  sizeof(s->uicr_content));
sysbus_init_mmio(sbd, &s->uicr);

That should do the trick.
A reset without loading of a new firmware blob will not change the (flash) user 
memory any longer, which should match the real device.

Best,
Steffen


[1] http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf

Re: [Qemu-devel] [PATCH v3 05/13] hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories

[Steffen Görtz]

Hi Stefan,

> I'm a fan of '-' instead of '_' in qdev property names.  There are more
> instances of '-' than '_', but it's up to you.

Agree. Changed.

Best,
Steffen

Re: [Qemu-devel] [PATCH v3 12/13] arm: Instantiate NRF51 Timers

[Steffen Görtz]

Hi Stefan,
> 
> Indentation is off here.  One way of formatting it:
> 
> address_space_write(&s->as, i * NRF51_PAGE_SIZE,
> MEMTXATTRS_UNSPECIFIED, s->empty_page,
>   NRF51_PAGE_SIZE);

Good catch.

>> +static void nrf51_nvm_reset(DeviceState *dev)
>> +{
>> +NRF51NVMState *s = NRF51_NVM(dev);
>> +
>> +memset(s->uicr_content, '\0', sizeof(s->uicr_content));
>> +}
> 
> We will zero UICR.  Does UICR come zero-initialized on a real micro:bit?
> 
> I remember there was an issue with .hex files that set UICR values.
> Will nrf51_nvm_reset() overwrite values from .hex files when the generic
> loader devices is used (-device loader,file=test.hex)?
> 
UICR comes 0xFF initialized ([1] 8.1) and yes we had a conflict with the 
js-runtime.
I now moved the memset to init just before mapping the region:

memset(s->uicr_content, 0xFF, sizeof(s->uicr_content));
memory_region_init_io(&s->uicr, NULL, &uicr_ops, s, "nrf51_soc.uicr",
  sizeof(s->uicr_content));
ysbus_init_mmio(sbd, &s->uicr);

That should do the trick.
A reset without loading of a new firmware blob will not change the (flash) user 
memory any longer, which should match the real device.

Best,
Steffen


[1] http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf

Re: [Qemu-devel] Correction needed for R5900 instruction decoding

[Fredrik Noring]

Hi Peter,

> From the other side of things, as a submaintainer around release
> time there's often a lot of work to do and it's easy to confuse
> different patchsets or forget the status of them, so it's useful
> to have a patch series which is exactly the set of patches that
> the submitter thinks are suitable to go into the release, and it's
> less work to apply those than to fish out a subset of patches
> from a series.

Understood. Aleksandar previously indicated that he wanted an amendment
series with changes ordered by importance, which is why the two patches
were part of that series (as the first ones).

> So overall, I think my suggestion would be that the best move
> from here would be for Fred to send a patchset with the changes
> for 3.1 and only those changes. Could you do that, please?

Yes, I will post a separate series for review immediately.

Fredrik

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

[Keith Busch]

On Thu, Nov 01, 2018 at 06:22:43PM -0700, Li Qiang wrote:
> Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> This can lead an oob access issue. This is triggerable in the guest.
> Add check to avoid this issue.
> 
> Fixes CVE-2018-16847.
> 
> Reported-by: Li Qiang 
> Reviewed-by: Paolo Bonzini 
> Signed-off-by: Li Qiang 

Hey, so why is this memory region access even considered valid if the
request is out of range from what NVMe had registered for its
MemoryRegion? Wouldn't it be better to not call the mr->ops->read/write
if it's out of bounds? Otherwise every MemoryRegion needs to duplicate
the same check, right?

Would something like the following work (minimally tested)?

---
diff --git a/memory.c b/memory.c
index 9b73892768..883fd818e6 100644
--- a/memory.c
+++ b/memory.c
@@ -1369,6 +1369,9 @@ bool memory_region_access_valid(MemoryRegion *mr,
 access_size_max = 4;
 }
 
+if (addr + size > mr->size)
+return false;
+
 access_size = MAX(MIN(size, access_size_max), access_size_min);
 for (i = 0; i < size; i += access_size) {
 if (!mr->ops->valid.accepts(mr->opaque, addr + i, access_size,
--

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

[Kevin Wolf]

Am 02.11.2018 um 16:22 hat Li Qiang geschrieben:
> Hello Kevin,
> 
> Kevin Wolf  于2018年11月2日周五 下午6:54写道：
> 
> > Am 02.11.2018 um 02:22 hat Li Qiang geschrieben:
> > > Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> > > This can lead an oob access issue. This is triggerable in the guest.
> > > Add check to avoid this issue.
> > >
> > > Fixes CVE-2018-16847.
> > >
> > > Reported-by: Li Qiang 
> > > Reviewed-by: Paolo Bonzini 
> > > Signed-off-by: Li Qiang 
> > > ---
> > >  hw/block/nvme.c | 7 +++
> > >  1 file changed, 7 insertions(+)
> > >
> > > diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> > > index fc7dacb..d097add 100644
> > > --- a/hw/block/nvme.c
> > > +++ b/hw/block/nvme.c
> > > @@ -1175,6 +1175,10 @@ static void nvme_cmb_write(void *opaque, hwaddr
> > addr, uint64_t data,
> > >  unsigned size)
> > >  {
> > >  NvmeCtrl *n = (NvmeCtrl *)opaque;
> > > +
> > > +if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
> >
> > What prevents a guest from moving the device to the end of the address
> > space and causing an integer overflow in addr + size?
> >
> >
> This can't happen as the addr can't be any value, it just can be in the
> Memory Region n->ctrl_mem defines.

Yes, but can't the guest map that memory region whereever it wants?

(As Keith confirmed, the integer overflow doesn't seem to have any bad
consequences here, but anyway.)

Kevin

Re: [Qemu-devel] [PATCH v3 02/13] arm: Add header to host common definition for nRF51 SOC peripherals

[Steffen Görtz]

Hi Julia,

> Why do we need an extra file for this? nrf51_soc.h seemed like a good fit.

nrf51_soc.h is not included in the peripheral devices. It would be possible to 
put the definitions into nrf51_soc.h but i just did not want to mix up the 
dependency directions. 

> What's the purpose of renaming?

To avoid name conflicts down the road.

Cheers,
Steffen

Re: [Qemu-devel] [PATCH] qemu/units: Move out QCow2 specific definitions

[Kevin Wolf]

Am 02.11.2018 um 15:52 hat Eric Blake geschrieben:
> On 11/2/18 9:10 AM, Kevin Wolf wrote:
> > Am 02.11.2018 um 13:37 hat Philippe Mathieu-Daudé geschrieben:
> > > Hi Kevin,
> > > 
> > > On 2/11/18 12:07, Kevin Wolf wrote:
> > > > Am 02.11.2018 um 09:58 hat Philippe Mathieu-Daudé geschrieben:
> > > > > This definitions are QCow2 specific, there is no need to expose them
> > > > > in the global namespace.
> > > > > 
> > > > > This partially reverts commit 540b8492618eb.
> > > > > 
> > > > > Signed-off-by: Philippe Mathieu-Daudé 
> > > > 
> > > > If we don't want this globally, I think we also don't want it in qcow2.
> 
> Agreed. I didn't want it in the first place, arguing that if we want
> stringification of defaults, it would be better to have a runtime function
> do that, rather than adding a set of near-duplicate macro names.
> 
> > > 
> > > I only see this definitions used by block/qcow2.h (b6a95c6d1007).
> > > 
> > > Per 540b8492618eb description "This is needed when a size has to be
> > > stringified" but I can't find other code requiring these definitions in 
> > > the
> > > codebase.
> > 
> > I guess the real question is: Is qcow2 the only place that needs
> > stringification of sizes?
> 
> Probably not. It seems like stringifying a default value is a common desire.
> 
> > 
> > The only value where this actually seems to be used in qcow2 is for
> > DEFAULT_CLUSTER_SIZE, as the default value for QemuOpts. Other drivers
> > still use plain numbers, but this is less readable.
> > 
> > Then there is VDI which uses (1 * MiB), but that is compiled out and if
> > you enable it, it breaks. So it needs the same fix.
> > 
> > Are block drivers the only places where we stringify a size? I imagine
> > some device models might use something like it, too?
> 
> Indeed, I would prefer a patch that makes it possible for QemuOpts to
> pretty-print a default value using a generic runtime stringifier, rather
> than keeping these S_ macros around.

The thing is just, QemuOpts is completetly string based. The default
value field is const char*. Either we get rid of QemuOpts and switch
everything to QAPI (nice thought, but a little unrealistic in the short
term), or we add ways to add non-string values to QemuOpts (would
require significant development on a piece of code we want to get rid of
in the long term), or you keep doing stringification at build time
(which I believe is the only reasonable choice at the moment).

Kevin

[Qemu-devel] [PATCH v6 09/10] dp8393x: manage big endian bus

[Mark Cave-Ayland]

From: Laurent Vivier 

This is needed by Quadra 800, this card can run on little-endian
or big-endian bus.

Signed-off-by: Laurent Vivier 
Tested-by: Hervé Poussineau 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Hervé Poussineau 
---
 hw/net/dp8393x.c | 88 
 1 file changed, 57 insertions(+), 31 deletions(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index b53fcaa8bc..1cf348aea1 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -150,6 +150,7 @@ typedef struct dp8393xState {
 
 /* Hardware */
 uint8_t it_shift;
+bool big_endian;
 qemu_irq irq;
 #ifdef DEBUG_SONIC
 int irq_level;
@@ -220,6 +221,29 @@ static uint32_t dp8393x_wt(dp8393xState *s)
 return s->regs[SONIC_WT1] << 16 | s->regs[SONIC_WT0];
 }
 
+static uint16_t dp8393x_get(dp8393xState *s, int width, uint16_t *base,
+int offset)
+{
+uint16_t val;
+
+if (s->big_endian) {
+val = be16_to_cpu(base[offset * width + width - 1]);
+} else {
+val = le16_to_cpu(base[offset * width]);
+}
+return val;
+}
+
+static void dp8393x_put(dp8393xState *s, int width, uint16_t *base, int offset,
+uint16_t val)
+{
+if (s->big_endian) {
+base[offset * width + width - 1] = cpu_to_be16(val);
+} else {
+base[offset * width] = cpu_to_le16(val);
+}
+}
+
 static void dp8393x_update_irq(dp8393xState *s)
 {
 int level = (s->regs[SONIC_IMR] & s->regs[SONIC_ISR]) ? 1 : 0;
@@ -251,12 +275,12 @@ static void dp8393x_do_load_cam(dp8393xState *s)
 /* Fill current entry */
 address_space_rw(&s->as, dp8393x_cdp(s),
 MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
-s->cam[index][0] = data[1 * width] & 0xff;
-s->cam[index][1] = data[1 * width] >> 8;
-s->cam[index][2] = data[2 * width] & 0xff;
-s->cam[index][3] = data[2 * width] >> 8;
-s->cam[index][4] = data[3 * width] & 0xff;
-s->cam[index][5] = data[3 * width] >> 8;
+s->cam[index][0] = dp8393x_get(s, width, data, 1) & 0xff;
+s->cam[index][1] = dp8393x_get(s, width, data, 1) >> 8;
+s->cam[index][2] = dp8393x_get(s, width, data, 2) & 0xff;
+s->cam[index][3] = dp8393x_get(s, width, data, 2) >> 8;
+s->cam[index][4] = dp8393x_get(s, width, data, 3) & 0xff;
+s->cam[index][5] = dp8393x_get(s, width, data, 3) >> 8;
 DPRINTF("load cam[%d] with %02x%02x%02x%02x%02x%02x\n", index,
 s->cam[index][0], s->cam[index][1], s->cam[index][2],
 s->cam[index][3], s->cam[index][4], s->cam[index][5]);
@@ -269,7 +293,7 @@ static void dp8393x_do_load_cam(dp8393xState *s)
 /* Read CAM enable */
 address_space_rw(&s->as, dp8393x_cdp(s),
 MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
-s->regs[SONIC_CE] = data[0 * width];
+s->regs[SONIC_CE] = dp8393x_get(s, width, data, 0);
 DPRINTF("load cam done. cam enable mask 0x%04x\n", s->regs[SONIC_CE]);
 
 /* Done */
@@ -290,10 +314,10 @@ static void dp8393x_do_read_rra(dp8393xState *s)
 MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
 
 /* Update SONIC registers */
-s->regs[SONIC_CRBA0] = data[0 * width];
-s->regs[SONIC_CRBA1] = data[1 * width];
-s->regs[SONIC_RBWC0] = data[2 * width];
-s->regs[SONIC_RBWC1] = data[3 * width];
+s->regs[SONIC_CRBA0] = dp8393x_get(s, width, data, 0);
+s->regs[SONIC_CRBA1] = dp8393x_get(s, width, data, 1);
+s->regs[SONIC_RBWC0] = dp8393x_get(s, width, data, 2);
+s->regs[SONIC_RBWC1] = dp8393x_get(s, width, data, 3);
 DPRINTF("CRBA0/1: 0x%04x/0x%04x, RBWC0/1: 0x%04x/0x%04x\n",
 s->regs[SONIC_CRBA0], s->regs[SONIC_CRBA1],
 s->regs[SONIC_RBWC0], s->regs[SONIC_RBWC1]);
@@ -408,12 +432,12 @@ static void dp8393x_do_transmit_packets(dp8393xState *s)
 tx_len = 0;
 
 /* Update registers */
-s->regs[SONIC_TCR] = data[0 * width] & 0xf000;
-s->regs[SONIC_TPS] = data[1 * width];
-s->regs[SONIC_TFC] = data[2 * width];
-s->regs[SONIC_TSA0] = data[3 * width];
-s->regs[SONIC_TSA1] = data[4 * width];
-s->regs[SONIC_TFS] = data[5 * width];
+s->regs[SONIC_TCR] = dp8393x_get(s, width, data, 0) & 0xf000;
+s->regs[SONIC_TPS] = dp8393x_get(s, width, data, 1);
+s->regs[SONIC_TFC] = dp8393x_get(s, width, data, 2);
+s->regs[SONIC_TSA0] = dp8393x_get(s, width, data, 3);
+s->regs[SONIC_TSA1] = dp8393x_get(s, width, data, 4);
+s->regs[SONIC_TFS] = dp8393x_get(s, width, data, 5);
 
 /* Handle programmable interrupt */
 if (s->regs[SONIC_TCR] & SONIC_TCR_PINT) {
@@ -439,9 +463,9 @@ static void dp8393x_do_transmit_packets(dp8393xState *s)
 address_space_rw(&s->as,
 dp8393x_ttda(s) + sizeof(uint16_t) * (4 + 3 * i) * width,
 MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
-   

[Qemu-devel] [PATCH v6 05/10] esp: add pseudo-DMA as used by Macintosh

[Mark Cave-Ayland]

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
 hw/scsi/esp.c | 291 +-
 include/hw/scsi/esp.h |   7 ++
 2 files changed, 269 insertions(+), 29 deletions(-)

diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 630d923623..8e9e27e479 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -35,6 +35,8 @@
  * 
http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
  * and
  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
+ *
+ * On Macintosh Quadra it is a NCR53C96.
  */
 
 static void esp_raise_irq(ESPState *s)
@@ -55,6 +57,16 @@ static void esp_lower_irq(ESPState *s)
 }
 }
 
+static void esp_raise_drq(ESPState *s)
+{
+qemu_irq_raise(s->irq_data);
+}
+
+static void esp_lower_drq(ESPState *s)
+{
+qemu_irq_lower(s->irq_data);
+}
+
 void esp_dma_enable(ESPState *s, int irq, int level)
 {
 if (level) {
@@ -81,29 +93,11 @@ void esp_request_cancelled(SCSIRequest *req)
 }
 }
 
-static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
+static int get_cmd_cb(ESPState *s)
 {
-uint32_t dmalen;
 int target;
 
 target = s->wregs[ESP_WBUSID] & BUSID_DID;
-if (s->dma) {
-dmalen = s->rregs[ESP_TCLO];
-dmalen |= s->rregs[ESP_TCMID] << 8;
-dmalen |= s->rregs[ESP_TCHI] << 16;
-if (dmalen > buflen) {
-return 0;
-}
-s->dma_memory_read(s->dma_opaque, buf, dmalen);
-} else {
-dmalen = s->ti_size;
-if (dmalen > TI_BUFSZ) {
-return 0;
-}
-memcpy(buf, s->ti_buf, dmalen);
-buf[0] = buf[2] >> 5;
-}
-trace_esp_get_cmd(dmalen, target);
 
 s->ti_size = 0;
 s->ti_rptr = 0;
@@ -122,8 +116,48 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t 
buflen)
 s->rregs[ESP_RINTR] = INTR_DC;
 s->rregs[ESP_RSEQ] = SEQ_0;
 esp_raise_irq(s);
+return -1;
+}
+return 0;
+}
+
+static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
+{
+int target;
+uint32_t dmalen;
+
+target = s->wregs[ESP_WBUSID] & BUSID_DID;
+if (s->dma) {
+dmalen = s->rregs[ESP_TCLO];
+dmalen |= s->rregs[ESP_TCMID] << 8;
+dmalen |= s->rregs[ESP_TCHI] << 16;
+if (dmalen > buflen) {
+return 0;
+}
+if (s->dma_memory_read) {
+s->dma_memory_read(s->dma_opaque, buf, dmalen);
+} else {
+memcpy(s->pdma_buf, buf, dmalen);
+s->pdma_len = dmalen;
+s->pdma_start = s->pdma_buf;
+s->pdma_cur = s->pdma_buf;
+esp_raise_drq(s);
+return 0;
+}
+} else {
+dmalen = s->ti_size;
+if (dmalen > TI_BUFSZ) {
+return 0;
+}
+memcpy(buf, s->ti_buf, dmalen);
+buf[0] = buf[2] >> 5;
+}
+trace_esp_get_cmd(dmalen, target);
+
+if (get_cmd_cb(s) < 0) {
 return 0;
 }
+
 return dmalen;
 }
 
@@ -162,6 +196,15 @@ static void do_cmd(ESPState *s, uint8_t *buf)
 do_busid_cmd(s, &buf[1], busid);
 }
 
+static void satn_pdma_cb(ESPState *s)
+{
+if (get_cmd_cb(s) < 0) {
+return;
+}
+if (s->pdma_cur != s->pdma_start)
+do_cmd(s, s->pdma_start);
+}
+
 static void handle_satn(ESPState *s)
 {
 uint8_t buf[32];
@@ -171,11 +214,21 @@ static void handle_satn(ESPState *s)
 s->dma_cb = handle_satn;
 return;
 }
+s->pdma_cb = satn_pdma_cb;
 len = get_cmd(s, buf, sizeof(buf));
 if (len)
 do_cmd(s, buf);
 }
 
+static void s_without_satn_pdma_cb(ESPState *s)
+{
+if (get_cmd_cb(s) < 0) {
+return;
+}
+if (s->pdma_cur != s->pdma_start)
+do_busid_cmd(s, s->pdma_start, 0);
+}
+
 static void handle_s_without_atn(ESPState *s)
 {
 uint8_t buf[32];
@@ -185,18 +238,36 @@ static void handle_s_without_atn(ESPState *s)
 s->dma_cb = handle_s_without_atn;
 return;
 }
+s->pdma_cb = s_without_satn_pdma_cb;
 len = get_cmd(s, buf, sizeof(buf));
 if (len) {
 do_busid_cmd(s, buf, 0);
 }
 }
 
+static void satn_stop_pdma_cb(ESPState *s)
+{
+if (get_cmd_cb(s) < 0) {
+return;
+}
+s->cmdlen = s->pdma_cur - s->pdma_start;
+if (s->cmdlen) {
+trace_esp_handle_satn_stop(s->cmdlen);
+s->do_cmd = 1;
+s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD;
+s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
+s->rregs[ESP_RSEQ] = SEQ_CD;
+esp_raise_irq(s);
+}
+}
+
 static void handle_satn_stop(ESPState *s)
 {
 if (s->dma && !s->dma_enabled) {
 s->dma_cb = handle_satn_stop;
 return;
 }
+s->pdma_cb = satn_stop_pdma_cb;;
 s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf));
 if (s->cmdlen) {
 trace_esp_handle_satn_stop(s->cmdlen);
@@ -208,16 +279,33 @@ static void handle_satn_

[Qemu-devel] [PATCH v6 08/10] hw/m68k: add a dummy SWIM floppy controller

[Mark Cave-Ayland]

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
Reviewed-by: Hervé Poussineau 
---
 hw/block/Makefile.objs  |   1 +
 hw/block/swim.c | 415 
 include/hw/block/swim.h |  76 +
 3 files changed, 492 insertions(+)
 create mode 100644 hw/block/swim.c
 create mode 100644 include/hw/block/swim.h

diff --git a/hw/block/Makefile.objs b/hw/block/Makefile.objs
index 53ce5751ae..068de3f0c9 100644
--- a/hw/block/Makefile.objs
+++ b/hw/block/Makefile.objs
@@ -8,6 +8,7 @@ common-obj-$(CONFIG_XEN) += xen_disk.o
 common-obj-$(CONFIG_ECC) += ecc.o
 common-obj-$(CONFIG_ONENAND) += onenand.o
 common-obj-$(CONFIG_NVME_PCI) += nvme.o
+common-obj-$(CONFIG_SWIM) += swim.o
 
 obj-$(CONFIG_SH4) += tc58128.o
 
diff --git a/hw/block/swim.c b/hw/block/swim.c
new file mode 100644
index 00..48ce6c7235
--- /dev/null
+++ b/hw/block/swim.c
@@ -0,0 +1,415 @@
+/*
+ * QEMU Macintosh floppy disk controller emulator (SWIM)
+ *
+ * Copyright (c) 2014-2018 Laurent Vivier 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "sysemu/block-backend.h"
+#include "hw/sysbus.h"
+#include "hw/block/block.h"
+#include "hw/block/swim.h"
+
+/* IWM registers */
+
+#define IWM_PH0L0
+#define IWM_PH0H1
+#define IWM_PH1L2
+#define IWM_PH1H3
+#define IWM_PH2L4
+#define IWM_PH2H5
+#define IWM_PH3L6
+#define IWM_PH3H7
+#define IWM_MTROFF  8
+#define IWM_MTRON   9
+#define IWM_INTDRIVE10
+#define IWM_EXTDRIVE11
+#define IWM_Q6L 12
+#define IWM_Q6H 13
+#define IWM_Q7L 14
+#define IWM_Q7H 15
+
+/* SWIM registers */
+
+#define SWIM_WRITE_DATA 0
+#define SWIM_WRITE_MARK 1
+#define SWIM_WRITE_CRC  2
+#define SWIM_WRITE_PARAMETER3
+#define SWIM_WRITE_PHASE4
+#define SWIM_WRITE_SETUP5
+#define SWIM_WRITE_MODE06
+#define SWIM_WRITE_MODE17
+
+#define SWIM_READ_DATA  8
+#define SWIM_READ_MARK  9
+#define SWIM_READ_ERROR 10
+#define SWIM_READ_PARAMETER 11
+#define SWIM_READ_PHASE 12
+#define SWIM_READ_SETUP 13
+#define SWIM_READ_STATUS14
+#define SWIM_READ_HANDSHAKE 15
+
+#define REG_SHIFT   9
+
+#define SWIM_MODE_IWM  0
+#define SWIM_MODE_SWIM 1
+
+/* bits in phase register */
+
+#define SWIM_SEEK_NEGATIVE   0x074
+#define SWIM_STEP0x071
+#define SWIM_MOTOR_ON0x072
+#define SWIM_MOTOR_OFF   0x076
+#define SWIM_INDEX   0x073
+#define SWIM_EJECT   0x077
+#define SWIM_SETMFM  0x171
+#define SWIM_SETGCR  0x175
+#define SWIM_RELAX   0x033
+#define SWIM_LSTRB   0x008
+#define SWIM_CA_MASK 0x077
+
+/* Select values for swim_select and swim_readbit */
+
+#define SWIM_READ_DATA_0 0x074
+#define SWIM_TWOMEG_DRIVE0x075
+#define SWIM_SINGLE_SIDED0x076
+#define SWIM_DRIVE_PRESENT   0x077
+#define SWIM_DISK_IN 0x170
+#define SWIM_WRITE_PROT  0x171
+#define SWIM_TRACK_ZERO  0x172
+#define SWIM_TACHO   0x173
+#define SWIM_READ_DATA_1 0x174
+#define SWIM_MFM_MODE0x175
+#define SWIM_SEEK_COMPLETE   0x176
+#define SWIM_ONEMEG_MEDIA0x177
+
+/* Bits in handshake register */
+
+#define SWIM_MARK_BYTE   0x01
+#define SWIM_CRC_ZERO0x02
+#define SWIM_RDDATA  0x04
+#define SWIM_SENSE   0x08
+#define SWIM_MOTEN   0x10
+#define SWIM_ERROR   0x20
+#define SWIM_DAT2BYTE0x40
+#define SWIM_DAT1BYTE0x80
+
+/* bits in setup register */
+
+#define SWIM_S_INV_WDATA 0x01
+#define SWIM_S_3_5_SELECT0x02
+#define SWIM_S_GCR   0x04
+#define SWIM_S_FCLK_DIV2 0x08
+#define SWIM_S_ERROR_CORR0x10
+#define SWIM_S_IBM_DRIVE 0x20
+#define SWIM_S_GCR_WRITE 0x40
+#define SWIM_S_TIMEOUT   0x80
+
+/* bits in mode register */
+
+#define SWIM_CLFIFO  0x01
+#define SWIM_ENBL1   0x02
+#define SWIM_ENBL2   0x04
+#define SWIM_ACTION  0x08
+#define SWIM_WRITE_MODE  0x10
+#define SWIM_HEDSEL  0x20
+#define SWIM_MOTON   0x80
+
+static void swim_change_cb(void *opaque, bool load, Error **errp)
+{
+FDrive *drive = opaque;
+
+if (!load) {
+blk_set_perm(drive->blk, 0, BLK_PERM_ALL, &error_abort);
+} else {
+if (!blkconf_apply_backend_options(drive->conf,
+   blk_is_read_only(drive->blk), false,
+   errp)) {
+return;
+}
+}
+}
+
+static const BlockDevOps swim_block_ops = {
+.change_medi

[Qemu-devel] [PATCH v6 10/10] hw/m68k: define Macintosh Quadra 800

[Mark Cave-Ayland]

From: Laurent Vivier 

If you want to test the machine, it doesn't yet boot a MacROM, but you can
boot a linux kernel from the command line.

You can install your own disk using debian-installer with:

./qemu-system-m68k \
-M q800 \
-serial none -serial mon:stdio \
-m 1000M -drive file=m68k.qcow2,format=qcow2 \
-net nic,model=dp83932,addr=09:00:07:12:34:57 \
-append "console=ttyS0 vga=off" \
-kernel vmlinux-4.15.0-2-m68k \
-initrd initrd.gz \
-drive file=debian-9.0-m68k-NETINST-1.iso \
-drive file=m68k.qcow2,format=qcow2 \
-nographic

If you use a graphic adapter instead of "-nographic", you can use "-g" to set 
the
size of the display (I use "-g 1600x800x24").

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
 MAINTAINERS  |  16 ++
 default-configs/m68k-softmmu.mak |  14 ++
 hw/intc/Makefile.objs|   1 +
 hw/intc/q800_irq.c   |  73 +
 hw/m68k/Makefile.objs|   5 +-
 hw/m68k/bootinfo.h   | 100 
 hw/m68k/q800.c   | 345 +++
 include/hw/intc/q800_irq.h   |  39 +
 8 files changed, 591 insertions(+), 2 deletions(-)
 create mode 100644 hw/intc/q800_irq.c
 create mode 100644 hw/m68k/bootinfo.h
 create mode 100644 hw/m68k/q800.c
 create mode 100644 include/hw/intc/q800_irq.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 85f19f569f..ca201f1dc1 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -722,6 +722,22 @@ F: hw/char/mcf_uart.c
 F: hw/net/mcf_fec.c
 F: include/hw/m68k/mcf*.h
 
+q800
+M: Laurent Vivier 
+S: Maintained
+F: hw/block/swim.c
+F: hw/m68k/bootinfo.h
+F: hw/display/macfb.c
+F: hw/intc/q800_irq.c
+F: hw/m68k/q800.c
+F: hw/misc/mac_via.c
+F: hw/nubus/*
+F: include/hw/block/swim.h
+F: include/hw/display/macfb.h
+F: include/hw/intc/q800_irq.h
+F: include/hw/misc/mac_via.h
+F: include/hw/nubus/*
+
 MicroBlaze Machines
 ---
 petalogix_s3adsp1800
diff --git a/default-configs/m68k-softmmu.mak b/default-configs/m68k-softmmu.mak
index 60f7cdfbf2..993644aa42 100644
--- a/default-configs/m68k-softmmu.mak
+++ b/default-configs/m68k-softmmu.mak
@@ -2,3 +2,17 @@
 
 CONFIG_COLDFIRE=y
 CONFIG_PTIMER=y
+CONFIG_ESCC=y
+CONFIG_FRAMEBUFFER=y
+CONFIG_ADB=y
+CONFIG_MOS6522=y
+CONFIG_MAC_VIA=y
+CONFIG_Q800_IRQ=y
+CONFIG_MAC=y
+CONFIG_SCSI=y
+CONFIG_ESP=y
+CONFIG_ASC=y
+CONFIG_MACFB=y
+CONFIG_NUBUS=y
+CONFIG_DP8393X=y
+CONFIG_SWIM=y
diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 0e9963f5ee..030967a0b3 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -46,3 +46,4 @@ obj-$(CONFIG_ARM_GIC) += arm_gicv3_cpuif.o
 obj-$(CONFIG_MIPS_CPS) += mips_gic.o
 obj-$(CONFIG_NIOS2) += nios2_iic.o
 obj-$(CONFIG_OMPIC) += ompic.o
+obj-$(CONFIG_Q800_IRQ) += q800_irq.o
diff --git a/hw/intc/q800_irq.c b/hw/intc/q800_irq.c
new file mode 100644
index 00..ec9d542d2e
--- /dev/null
+++ b/hw/intc/q800_irq.c
@@ -0,0 +1,73 @@
+/*
+ * QEMU Motorla 680x0 Macintosh hardware System Emulator
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "hw/intc/q800_irq.h"
+
+
+static void q800_set_irq(void *opaque, int irq, int level)
+{
+Q800IRQControllerState *s = opaque;
+int i;
+
+
+if (level) {
+s->ipr |= 1 << irq;
+} else {
+s->ipr &= ~(1 << irq);
+}
+
+for (i = 7; i >= 0; i--) {
+if ((s->ipr >> i) & 1) {
+m68k_set_irq_level(s->cpu, i + 1, i + 25);
+return;
+}
+}
+m68k_set_irq_level(s->cpu, 0, 0);
+}
+
+static void q800_irq_init(Object *obj)
+{
+Q800IRQControllerState *s = Q800_IRQC(obj);
+
+qdev_init_gpio_in(DEVICE(obj), q800_set_irq, 8);
+
+object_property_add_link(obj, "cpu", TYPE_M68K_CPU,
+ (Object **) &s->cpu,
+ qdev_prop_allow_set

[Qemu-devel] [PATCH v6 02/10] hw/m68k: implement ADB bus support for via

[Mark Cave-Ayland]

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
Reviewed-by: Hervé Poussineau 
---
 hw/misc/mac_via.c | 190 ++
 include/hw/misc/mac_via.h |   7 ++
 2 files changed, 197 insertions(+)

diff --git a/hw/misc/mac_via.c b/hw/misc/mac_via.c
index d6d6b86e1a..0fc8d0a038 100644
--- a/hw/misc/mac_via.c
+++ b/hw/misc/mac_via.c
@@ -237,10 +237,16 @@
  * Table 19-10 ADB transaction states
  */
 
+#define ADB_STATE_NEW   0
+#define ADB_STATE_EVEN  1
+#define ADB_STATE_ODD   2
+#define ADB_STATE_IDLE  3
+
 #define VIA1B_vADB_StateMask(VIA1B_vADBS1 | VIA1B_vADBS2)
 #define VIA1B_vADB_StateShift   4
 
 #define VIA_TIMER_FREQ (783360)
+#define VIA_ADB_POLL_FREQ 50 /* XXX: not real */
 
 /* VIA returns time offset from Jan 1, 1904, not 1970 */
 #define RTC_OFFSET 2082844800
@@ -422,6 +428,181 @@ static void via1_rtc_update(MacVIAState *m)
 }
 }
 
+static int adb_via_poll(MacVIAState *s, int state, uint8_t *data)
+{
+if (state != ADB_STATE_IDLE) {
+return 0;
+}
+
+if (s->adb_data_in_size < s->adb_data_in_index) {
+return 0;
+}
+
+if (s->adb_data_out_index != 0) {
+return 0;
+}
+
+s->adb_data_in_index = 0;
+s->adb_data_out_index = 0;
+s->adb_data_in_size = adb_poll(&s->adb_bus, s->adb_data_in, 0x);
+
+if (s->adb_data_in_size) {
+*data = s->adb_data_in[s->adb_data_in_index++];
+qemu_irq_raise(s->adb_data_ready);
+}
+
+return s->adb_data_in_size;
+}
+
+static int adb_via_send(MacVIAState *s, int state, uint8_t data)
+{
+switch (state) {
+case ADB_STATE_NEW:
+s->adb_data_out_index = 0;
+break;
+case ADB_STATE_EVEN:
+if ((s->adb_data_out_index & 1) == 0) {
+return 0;
+}
+break;
+case ADB_STATE_ODD:
+if (s->adb_data_out_index & 1) {
+return 0;
+}
+break;
+case ADB_STATE_IDLE:
+return 0;
+}
+
+assert(s->adb_data_out_index < sizeof(s->adb_data_out) - 1);
+
+s->adb_data_out[s->adb_data_out_index++] = data;
+qemu_irq_raise(s->adb_data_ready);
+return 1;
+}
+
+static int adb_via_receive(MacVIAState *s, int state, uint8_t *data)
+{
+switch (state) {
+case ADB_STATE_NEW:
+return 0;
+
+case ADB_STATE_EVEN:
+if (s->adb_data_in_size <= 0) {
+qemu_irq_raise(s->adb_data_ready);
+return 0;
+}
+
+if (s->adb_data_in_index >= s->adb_data_in_size) {
+*data = 0;
+qemu_irq_raise(s->adb_data_ready);
+return 1;
+}
+
+if ((s->adb_data_in_index & 1) == 0) {
+return 0;
+}
+
+break;
+
+case ADB_STATE_ODD:
+if (s->adb_data_in_size <= 0) {
+qemu_irq_raise(s->adb_data_ready);
+return 0;
+}
+
+if (s->adb_data_in_index >= s->adb_data_in_size) {
+*data = 0;
+qemu_irq_raise(s->adb_data_ready);
+return 1;
+}
+
+if (s->adb_data_in_index & 1) {
+return 0;
+}
+
+break;
+
+case ADB_STATE_IDLE:
+if (s->adb_data_out_index == 0) {
+return 0;
+}
+
+s->adb_data_in_size = adb_request(&s->adb_bus, s->adb_data_in,
+  s->adb_data_out,
+  s->adb_data_out_index);
+s->adb_data_out_index = 0;
+s->adb_data_in_index = 0;
+if (s->adb_data_in_size < 0) {
+*data = 0xff;
+qemu_irq_raise(s->adb_data_ready);
+return -1;
+}
+
+if (s->adb_data_in_size == 0) {
+return 0;
+}
+
+break;
+}
+
+assert(s->adb_data_in_index < sizeof(s->adb_data_in) - 1);
+
+*data = s->adb_data_in[s->adb_data_in_index++];
+qemu_irq_raise(s->adb_data_ready);
+if (*data == 0xff || *data == 0) {
+return 0;
+}
+return 1;
+}
+
+static void via1_adb_update(MacVIAState *m)
+{
+MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(&m->mos6522_via1);
+MOS6522State *s = MOS6522(v1s);
+int state;
+int ret;
+
+state = (s->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
+
+if (s->acr & VIA1ACR_vShiftOut) {
+/* output mode */
+ret = adb_via_send(m, state, s->sr);
+if (ret > 0) {
+s->b &= ~VIA1B_vADBInt;
+} else {
+s->b |= VIA1B_vADBInt;
+}
+} else {
+/* input mode */
+ret = adb_via_receive(m, state, &s->sr);
+if (ret > 0 && s->sr != 0xff) {
+s->b &= ~VIA1B_vADBInt;
+} else {
+s->b |= VIA1B_vADBInt;
+}
+}
+}
+
+static void via_adb_poll(void *opaque)
+{
+MacVIAState *m = opaque;
+MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(&m->mos6522_via1);
+MOS6522State *s = MOS

[Qemu-devel] [PATCH v6 06/10] hw/m68k: add Nubus support

[Mark Cave-Ayland]

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
---
 hw/Makefile.objs|   1 +
 hw/nubus/Makefile.objs  |   4 +
 hw/nubus/mac-nubus-bridge.c |  45 
 hw/nubus/nubus-bridge.c |  34 ++
 hw/nubus/nubus-bus.c| 111 +++
 hw/nubus/nubus-device.c | 215 
 include/hw/nubus/mac-nubus-bridge.h |  24 
 include/hw/nubus/nubus.h|  69 
 8 files changed, 503 insertions(+)
 create mode 100644 hw/nubus/Makefile.objs
 create mode 100644 hw/nubus/mac-nubus-bridge.c
 create mode 100644 hw/nubus/nubus-bridge.c
 create mode 100644 hw/nubus/nubus-bus.c
 create mode 100644 hw/nubus/nubus-device.c
 create mode 100644 include/hw/nubus/mac-nubus-bridge.h
 create mode 100644 include/hw/nubus/nubus.h

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 39d882af6f..92dc338759 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -36,6 +36,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += watchdog/
 devices-dirs-$(CONFIG_SOFTMMU) += xen/
 devices-dirs-$(CONFIG_MEM_DEVICE) += mem/
 devices-dirs-$(CONFIG_SOFTMMU) += smbios/
+devices-dirs-$(CONFIG_NUBUS) += nubus/
 devices-dirs-y += core/
 common-obj-y += $(devices-dirs-y)
 obj-y += $(devices-dirs-y)
diff --git a/hw/nubus/Makefile.objs b/hw/nubus/Makefile.objs
new file mode 100644
index 00..ebb050a4ad
--- /dev/null
+++ b/hw/nubus/Makefile.objs
@@ -0,0 +1,4 @@
+common-obj-y += nubus-device.o
+common-obj-y += nubus-bus.o
+common-obj-y += nubus-bridge.o
+common-obj-$(CONFIG_MAC) += mac-nubus-bridge.o
diff --git a/hw/nubus/mac-nubus-bridge.c b/hw/nubus/mac-nubus-bridge.c
new file mode 100644
index 00..7c329300b8
--- /dev/null
+++ b/hw/nubus/mac-nubus-bridge.c
@@ -0,0 +1,45 @@
+/*
+ *  Copyright (c) 2013-2018 Laurent Vivier 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/nubus/mac-nubus-bridge.h"
+
+
+static void mac_nubus_bridge_init(Object *obj)
+{
+MacNubusState *s = MAC_NUBUS_BRIDGE(obj);
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+
+s->bus = NUBUS_BUS(qbus_create(TYPE_NUBUS_BUS, DEVICE(s), NULL));
+
+sysbus_init_mmio(sbd, &s->bus->super_slot_io);
+sysbus_init_mmio(sbd, &s->bus->slot_io);
+}
+
+static void mac_nubus_bridge_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->desc = "Nubus bridge";
+}
+
+static const TypeInfo mac_nubus_bridge_info = {
+.name  = TYPE_MAC_NUBUS_BRIDGE,
+.parent= TYPE_NUBUS_BRIDGE,
+.instance_init = mac_nubus_bridge_init,
+.instance_size = sizeof(MacNubusState),
+.class_init= mac_nubus_bridge_class_init,
+};
+
+static void mac_nubus_bridge_register_types(void)
+{
+type_register_static(&mac_nubus_bridge_info);
+}
+
+type_init(mac_nubus_bridge_register_types)
diff --git a/hw/nubus/nubus-bridge.c b/hw/nubus/nubus-bridge.c
new file mode 100644
index 00..cd8c6a91eb
--- /dev/null
+++ b/hw/nubus/nubus-bridge.c
@@ -0,0 +1,34 @@
+/*
+ * QEMU Macintosh Nubus
+ *
+ * Copyright (c) 2013-2018 Laurent Vivier 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/nubus/nubus.h"
+
+static void nubus_bridge_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->fw_name = "nubus";
+}
+
+static const TypeInfo nubus_bridge_info = {
+.name  = TYPE_NUBUS_BRIDGE,
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(SysBusDevice),
+.class_init= nubus_bridge_class_init,
+};
+
+static void nubus_register_types(void)
+{
+type_register_static(&nubus_bridge_info);
+}
+
+type_init(nubus_register_types)
diff --git a/hw/nubus/nubus-bus.c b/hw/nubus/nubus-bus.c
new file mode 100644
index 00..942a6d5342
--- /dev/null
+++ b/hw/nubus/nubus-bus.c
@@ -0,0 +1,111 @@
+/*
+ * QEMU Macintosh Nubus
+ *
+ * Copyright (c) 2013-2018 Laurent Vivier 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/nubus/nubus.h"
+#include "hw/sysbus.h"
+#include "qapi/error.h"
+
+
+static NubusBus *nubus_find(void)
+{
+/* Returns NULL unless there is exactly one nubus device */
+return NUBUS_BUS(object_resolve_path_type("", TYPE_NUBUS_BUS, NULL));
+}
+
+static void nubus_slot_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned int size)
+{
+/* read only */
+}
+
+
+static uint64_t nubus_slot_read(void *opaque, hwaddr addr,
+unsigned int size)
+{

[Qemu-devel] [PATCH v6 04/10] hw/m68k: add macfb video card

[Mark Cave-Ayland]

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
Reviewed-by: Hervé Poussineau 
---
 arch_init.c|   4 +
 hw/display/Makefile.objs   |   1 +
 hw/display/macfb.c | 419 +
 include/hw/display/macfb.h |  43 +
 qemu-options.hx|   2 +-
 vl.c   |   3 +-
 6 files changed, 470 insertions(+), 2 deletions(-)
 create mode 100644 hw/display/macfb.c
 create mode 100644 include/hw/display/macfb.h

diff --git a/arch_init.c b/arch_init.c
index f4f3f610c8..5a71b48dc5 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -39,6 +39,10 @@
 int graphic_width = 1024;
 int graphic_height = 768;
 int graphic_depth = 8;
+#elif defined(TARGET_M68K)
+int graphic_width = 800;
+int graphic_height = 600;
+int graphic_depth = 8;
 #else
 int graphic_width = 800;
 int graphic_height = 600;
diff --git a/hw/display/Makefile.objs b/hw/display/Makefile.objs
index 97acd5b6cb..1685492ea0 100644
--- a/hw/display/Makefile.objs
+++ b/hw/display/Makefile.objs
@@ -27,6 +27,7 @@ common-obj-$(CONFIG_EXYNOS4) += exynos4210_fimd.o
 common-obj-$(CONFIG_FRAMEBUFFER) += framebuffer.o
 common-obj-$(CONFIG_MILKYMIST) += milkymist-vgafb.o
 common-obj-$(CONFIG_ZAURUS) += tc6393xb.o
+common-obj-$(CONFIG_MACFB) += macfb.o
 
 common-obj-$(CONFIG_MILKYMIST_TMU2) += milkymist-tmu2.o
 milkymist-tmu2.o-cflags := $(X11_CFLAGS)
diff --git a/hw/display/macfb.c b/hw/display/macfb.c
new file mode 100644
index 00..61ba2e9e15
--- /dev/null
+++ b/hw/display/macfb.c
@@ -0,0 +1,419 @@
+/*
+ * QEMU Motorola 680x0 Macintosh Video Card Emulation
+ * Copyright (c) 2012-2018 Laurent Vivier
+ *
+ * some parts from QEMU G364 framebuffer Emulator.
+ * Copyright (c) 2007-2011 Herve Poussineau
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/units.h"
+#include "hw/sysbus.h"
+#include "ui/console.h"
+#include "ui/pixel_ops.h"
+#include "hw/display/macfb.h"
+#include "qapi/error.h"
+
+#define VIDEO_BASE 0x1000
+#define DAFB_BASE  0x0080
+
+#define MACFB_PAGE_SIZE 4096
+#define MACFB_VRAM_SIZE (4 * MiB)
+
+#define DAFB_RESET  0x200
+#define DAFB_LUT0x213
+
+
+typedef void macfb_draw_line_func(MacfbState *s, uint8_t *d, uint32_t addr,
+  int width);
+
+static inline uint8_t macfb_read_byte(MacfbState *s, uint32_t addr)
+{
+return s->vram[addr & s->vram_bit_mask];
+}
+
+/* 1-bit color */
+static void macfb_draw_line1(MacfbState *s, uint8_t *d, uint32_t addr,
+ int width)
+{
+uint8_t r, g, b;
+int x;
+
+for (x = 0; x < width; x++) {
+int bit = x & 7;
+int idx = (macfb_read_byte(s, addr) >> (7 - bit)) & 1;
+r = g = b  = ((1 - idx) << 7);
+addr += (bit == 7);
+
+*(uint32_t *)d = rgb_to_pixel32(r, g, b);
+d += 4;
+}
+}
+
+/* 2-bit color */
+static void macfb_draw_line2(MacfbState *s, uint8_t *d, uint32_t addr,
+ int width)
+{
+uint8_t r, g, b;
+int x;
+
+for (x = 0; x < width; x++) {
+int bit = (x & 3);
+int idx = (macfb_read_byte(s, addr) >> ((3 - bit) << 1)) & 3;
+r = s->color_palette[idx * 3];
+g = s->color_palette[idx * 3 + 1];
+b = s->color_palette[idx * 3 + 2];
+addr += (bit == 3);
+
+*(uint32_t *)d = rgb_to_pixel32(r, g, b);
+d += 4;
+}
+}
+
+/* 4-bit color */
+static void macfb_draw_line4(MacfbState *s, uint8_t *d, uint32_t addr,
+ int width)
+{
+uint8_t r, g, b;
+int x;
+
+for (x = 0; x < width; x++) {
+int bit = x & 1;
+int idx = (macfb_read_byte(s, addr) >> ((1 - bit) << 2)) & 15;
+r = s->color_palette[idx * 3];
+g = s->color_palette[idx * 3 + 1];
+b = s->color_palette[idx * 3 + 2];
+addr += (bit == 1);
+
+*(uint32_t *)d = rgb_to_pixel32(r, g, b);
+d += 4;
+}
+}
+
+/* 8-bit color */
+static void macfb_draw_line8(MacfbState *s, uint8_t *d, uint32_t addr,
+ int width)
+{
+uint8_t r, g, b;
+int x;
+
+for (x = 0; x < width; x++) {
+r = s->color_palette[macfb_read_byte(s, addr) * 3];
+g = s->color_palette[macfb_read_byte(s, addr) * 3 + 1];
+b = s->color_palette[macfb_read_byte(s, addr) * 3 + 2];
+addr++;
+
+*(uint32_t *)d = rgb_to_pixel32(r, g, b);
+d += 4;
+}
+}
+
+/* 16-bit color */
+static void macfb_draw_line16(MacfbState *s, uint8_t *d, uint32_t addr,
+  int width)
+{
+uint8_t r, g, b;
+int x;
+
+for (x = 0; x < width; x++) {
+uint16_t pixel;
+pixel = (macfb_read_byte(s, addr) << 8) | macfb_read_byte(s, addr + 1);
+r = ((pixel >> 10) & 

[Qemu-devel] [PATCH v6 07/10] hw/m68k: add Nubus support for macfb video card

[Mark Cave-Ayland]

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
Reviewed-by: Hervé Poussineau 
---
 hw/display/macfb.c | 56 ++
 include/hw/display/macfb.h | 21 +
 2 files changed, 77 insertions(+)

diff --git a/hw/display/macfb.c b/hw/display/macfb.c
index 61ba2e9e15..458e268d86 100644
--- a/hw/display/macfb.c
+++ b/hw/display/macfb.c
@@ -15,6 +15,7 @@
 #include "hw/sysbus.h"
 #include "ui/console.h"
 #include "ui/pixel_ops.h"
+#include "hw/nubus/nubus.h"
 #include "hw/display/macfb.h"
 #include "qapi/error.h"
 
@@ -380,12 +381,38 @@ static void macfb_sysbus_realize(DeviceState *dev, Error 
**errp)
 sysbus_init_mmio(SYS_BUS_DEVICE(s), &ms->mem_vram);
 }
 
+const uint8_t macfb_rom[] = {
+255, 0, 0, 0,
+};
+
+static void macfb_nubus_realize(DeviceState *dev, Error **errp)
+{
+NubusDevice *nd = NUBUS_DEVICE(dev);
+MacfbNubusState *s = NUBUS_MACFB(dev);
+MacfbNubusDeviceClass *ndc = MACFB_NUBUS_GET_CLASS(dev);
+MacfbState *ms = &s->macfb;
+
+ndc->parent_realize(dev, errp);
+
+macfb_common_realize(dev, ms, errp);
+memory_region_add_subregion(&nd->slot_mem, DAFB_BASE, &ms->mem_ctrl);
+memory_region_add_subregion(&nd->slot_mem, VIDEO_BASE, &ms->mem_vram);
+
+nubus_register_rom(nd, macfb_rom, sizeof(macfb_rom), 1, 9, 0xf);
+}
+
 static void macfb_sysbus_reset(DeviceState *d)
 {
 MacfbSysBusState *s = MACFB(d);
 macfb_reset(&s->macfb);
 }
 
+static void macfb_nubus_reset(DeviceState *d)
+{
+MacfbNubusState *s = NUBUS_MACFB(d);
+macfb_reset(&s->macfb);
+}
+
 static Property macfb_sysbus_properties[] = {
 DEFINE_PROP_UINT32("width", MacfbSysBusState, macfb.width, 640),
 DEFINE_PROP_UINT32("height", MacfbSysBusState, macfb.height, 480),
@@ -393,6 +420,13 @@ static Property macfb_sysbus_properties[] = {
 DEFINE_PROP_END_OF_LIST(),
 };
 
+static Property macfb_nubus_properties[] = {
+DEFINE_PROP_UINT32("width", MacfbNubusState, macfb.width, 640),
+DEFINE_PROP_UINT32("height", MacfbNubusState, macfb.height, 480),
+DEFINE_PROP_UINT8("depth", MacfbNubusState, macfb.depth, 8),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void macfb_sysbus_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -404,6 +438,19 @@ static void macfb_sysbus_class_init(ObjectClass *klass, 
void *data)
 dc->props = macfb_sysbus_properties;
 }
 
+static void macfb_nubus_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+MacfbNubusDeviceClass *ndc = MACFB_NUBUS_DEVICE_CLASS(klass);
+
+device_class_set_parent_realize(dc, macfb_nubus_realize,
+&ndc->parent_realize);
+dc->desc = "Nubus Macintosh framebuffer";
+dc->reset = macfb_nubus_reset;
+dc->vmsd = &vmstate_macfb;
+dc->props = macfb_nubus_properties;
+}
+
 static TypeInfo macfb_sysbus_info = {
 .name  = TYPE_MACFB,
 .parent= TYPE_SYS_BUS_DEVICE,
@@ -411,9 +458,18 @@ static TypeInfo macfb_sysbus_info = {
 .class_init= macfb_sysbus_class_init,
 };
 
+static TypeInfo macfb_nubus_info = {
+.name  = TYPE_NUBUS_MACFB,
+.parent= TYPE_NUBUS_DEVICE,
+.instance_size = sizeof(MacfbNubusState),
+.class_init= macfb_nubus_class_init,
+.class_size= sizeof(MacfbNubusDeviceClass),
+};
+
 static void macfb_register_types(void)
 {
 type_register_static(&macfb_sysbus_info);
+type_register_static(&macfb_nubus_info);
 }
 
 type_init(macfb_register_types)
diff --git a/include/hw/display/macfb.h b/include/hw/display/macfb.h
index 3fe2592735..26367ae2c4 100644
--- a/include/hw/display/macfb.h
+++ b/include/hw/display/macfb.h
@@ -40,4 +40,25 @@ typedef struct {
 MacfbState macfb;
 } MacfbSysBusState;
 
+#define MACFB_NUBUS_DEVICE_CLASS(class) \
+OBJECT_CLASS_CHECK(MacfbNubusDeviceClass, (class), TYPE_NUBUS_MACFB)
+#define MACFB_NUBUS_GET_CLASS(obj) \
+OBJECT_GET_CLASS(MacfbNubusDeviceClass, (obj), TYPE_NUBUS_MACFB)
+
+typedef struct MacfbNubusDeviceClass {
+DeviceClass parent_class;
+
+DeviceRealize parent_realize;
+} MacfbNubusDeviceClass;
+
+#define TYPE_NUBUS_MACFB "nubus-macfb"
+#define NUBUS_MACFB(obj) \
+OBJECT_CHECK(MacfbNubusState, (obj), TYPE_NUBUS_MACFB)
+
+typedef struct {
+NubusDevice busdev;
+
+MacfbState macfb;
+} MacfbNubusState;
+
 #endif
-- 
2.11.0

[Qemu-devel] [PATCH v6 01/10] hw/m68k: add via support

[Mark Cave-Ayland]

From: Laurent Vivier 

Co-developed-by: Mark Cave-Ayland 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Laurent Vivier 
Reviewed-by: Hervé Poussineau 
---
 hw/misc/Makefile.objs |   1 +
 hw/misc/mac_via.c | 666 ++
 include/hw/misc/mac_via.h | 107 
 3 files changed, 774 insertions(+)
 create mode 100644 hw/misc/mac_via.c
 create mode 100644 include/hw/misc/mac_via.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 680350b3c3..9417bff296 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -73,4 +73,5 @@ obj-$(CONFIG_IOTKIT_SYSINFO) += iotkit-sysinfo.o
 obj-$(CONFIG_PVPANIC) += pvpanic.o
 obj-$(CONFIG_AUX) += auxbus.o
 obj-$(CONFIG_ASPEED_SOC) += aspeed_scu.o aspeed_sdmc.o
+obj-$(CONFIG_MAC_VIA) += mac_via.o
 obj-$(CONFIG_MSF2) += msf2-sysreg.o
diff --git a/hw/misc/mac_via.c b/hw/misc/mac_via.c
new file mode 100644
index 00..d6d6b86e1a
--- /dev/null
+++ b/hw/misc/mac_via.c
@@ -0,0 +1,666 @@
+/*
+ * QEMU m68k Macintosh VIA device support
+ *
+ * Copyright (c) 2011-2018 Laurent Vivier
+ * Copyright (c) 2018 Mark Cave-Ayland
+ *
+ * Some parts from hw/misc/macio/cuda.c
+ *
+ * Copyright (c) 2004-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * some parts from linux-2.6.29, arch/m68k/include/asm/mac_via.h
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "qemu/timer.h"
+#include "hw/misc/mac_via.h"
+#include "hw/misc/mos6522.h"
+#include "hw/input/adb.h"
+#include "sysemu/sysemu.h"
+#include "qapi/error.h"
+#include "qemu/cutils.h"
+
+
+/*
+ * VIAs: There are two in every machine,
+ */
+
+#define VIA_SIZE (0x2000)
+
+/*
+ * Not all of these are true post MacII I think.
+ * CSA: probably the ones CHRP marks as 'unused' change purposes
+ * when the IWM becomes the SWIM.
+ * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
+ * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
+ *
+ * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
+ * following changes for IIfx:
+ * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
+ * Also, "All of the functionality of VIA2 has been moved to other chips".
+ */
+
+#define VIA1A_vSccWrReq 0x80   /* SCC write. (input)
+* [CHRP] SCC WREQ: Reflects the state of the
+* Wait/Request pins from the SCC.
+* [Macintosh Family Hardware]
+* as CHRP on SE/30,II,IIx,IIcx,IIci.
+* on IIfx, "0 means an active request"
+*/
+#define VIA1A_vRev8 0x40   /* Revision 8 board ???
+* [CHRP] En WaitReqB: Lets the WaitReq_L
+* signal from port B of the SCC appear on
+* the PA7 input pin. Output.
+* [Macintosh Family] On the SE/30, this
+* is the bit to flip screen buffers.
+* 0=alternate, 1=main.
+* on II,IIx,IIcx,IIci,IIfx this is a bit
+* for Rev ID. 0=II,IIx, 1=IIcx,IIci,IIfx
+*/
+#define VIA1A_vHeadSel  0x20   /* Head select for IWM.
+* [CHRP] unused.
+* [Macintosh Family] "Floppy disk
+* state-control line SEL" on all but IIfx
+*/
+#define VIA1A_vOverlay  0x10   /* [Macintosh Family] On SE/30,II,IIx,IIcx
+* this bit enables the "Overlay" address
+* map in the address decoders as it is on
+* reset for mapping the ROM over the reset
+* vector. 1=use overlay map.
+* On the IIci,IIfx it is another bit of the
+* CPU ID: 0=normal IIci, 1=IIci with parity
+* feature or IIfx.
+* [CHRP] En WaitReqA: Lets the WaitReq_L
+* signal from port A of the SCC appear
+* on the PA7 input pin (CHRP). Output.
+* [MkLinux] "Drive Select"
+*  (with 0x20 being 'disk head select')
+*/
+#define VIA1A_vSync 0x08   /* [CHRP] Sync Modem: modem clock select:
+* 1: select the external serial clock to
+*drive the SCC's /RTxCA pin.
+* 0: Select the 3.6864MHz clock to drive
+

[Qemu-devel] [PATCH v6 00/10] hw/m68k: add Apple Machintosh Quadra 800 machine

[Mark Cave-Ayland]

(MCA: here's the latest version of the q800 patchset. I've hope that I've
addressed most of the comments, plus this will now boot into the Debian
installer correctly when applied to git master.

Outstanding comments:

  1) Should the comment blocks copied from the Linux headers be removed
 from patch 1?

  2) Are there meaningful constants that can be defined for Q800 interrupt
 "controller" in patch 10?

Note that I've also pushed the branch to github:
  https://github.com/mcayland/qemu/tree/q800-dev-part1-mca)


I'm rebasing some of these patches for seven years now,
too many years...

if you want to test the machine, I'm sorry, it doesn't boot
a MacROM, but you can boot a linux kernel from the command line.

You can install your own disk using debian-installer, with:

...
-M q800 \
-serial none -serial mon:stdio \
-m 1000M -drive file=m68k.qcow2,format=qcow2 \
-net nic,model=dp83932,addr=09:00:07:12:34:57 \
-append "console=ttyS0 vga=off" \
-kernel vmlinux-4.15.0-2-m68k \
-initrd initrd.gz \
-drive file=debian-9.0-m68k-NETINST-1.iso \
-drive file=m68k.qcow2,format=qcow2 \
-nographic

If you use a graphic adapter instead of "-nographic", you can use "-g" to set 
the
size of the display (I use "-g 1600x800x24").

You can get the ISO from:

https://cdimage.debian.org/mirror/cdimage/ports/9.0/m68k/iso-cd/debian-9.0-m68k-NETINST-1.iso

and extract the kernel and initrd.gz:

guestfish --add debian-9.0-m68k-NETINST-1.iso --ro \
  --mount /dev/sda:/ <<_EOF_
copy-out /install/cdrom/initrd.gz .
copy-out /install/kernels/vmlinux-4.15.0-2-m68k .
_EOF_

The mirror to use is: http://ftp.ports.debian.org/debian-ports/
when it fails, continue without boot loader.

In the same way, you can extract the kernel and the initramfs from the qcow2
image to use it with "-kernel" and "-initrd":

guestfish --add m68k.qcow2 --mount /dev/sda2:/ <<_EOF_
copy-out /boot/vmlinux-4.15.0-2-m68k .
copy-out /boot/initrd.img-4.15.0-2-m68k .
_EOF_

and boot with:

   ...
   -append "root=/dev/sda2 rw console=ttyS0 console=tty \
   -kernel vmlinux-4.15.0-2-m68k \
   -initrd initrd.img-4.15.0-2-m68k


v6: Rebase onto git master (this now includes the m68k EXCP_ILLEGAL fix required
  for this patchset to boot)
Add Hervé's R-B tags
Drop ASC (Apple Sound Chip) device since the Linux driver is broken and
  it is not required for a successful boot
Remove extra esp_raise_irq() from ESP pseudo-DMA patch (Hervé)
Remove "return" from unimplemented write functions and instead add a
  "read only" comment (Hervé)
Rename MAX_FD to SWIM_MAX_FD in SWIM floppy controller patch to prevent
  potential conflicts with other files (Hervé)

v5: Rebase onto git master
Add Philippe's R-B to patch 10
Include the command line to boot a Linux kernel under the q800 machine in 
the
commit message for patch 11 (Philippe)
Fix up comments in hw/misc/mac_via.c (Thomas)
Add asserts to VIA ADB support to prevent potential buffer overflows 
(Thomas)
Move macfb surface/resolution checks to realise and remove hw_error (Thomas)
Move macfb draw_line functions inline and remove macfb-template.h (Mark)
Use guest address rather than source pointer in draw_line functions - this 
brings
  macfb in line with the VGA device and can prevent a potential buffer 
overflow
Use g_strdup_printf() for memory region names in NuBus devices instead of
  hardcoded length char arrays (Thomas)
Move NuBus QOM types from patch 7 to patch 8 (spotted by Thomas)
Move CONFIG_COLDFIRE sections together in hw/m68k/Makefile.objs (Thomas)
Remove obsolete comment from q800.c in patch 11 (Thomas)

v4: Drop RFC from subject prefix as this is getting close to final
Rebased onto master (fixing ESP, rom_ptr() conflicts)
Reworked q800.c based upon Thomas' comments about cpu_init() and
  qemu_check_nic_model()
Address Thomas' comments on using error_report() instead of hw_error()
Change the NuBus memory regions from DEVICE_NATIVE_ENDIAN to
  DEVICE_BIG_ENDIAN
Split macfb Nubus support into separate commit
Change VMSTATE_BUFFER_UNSAFE() to VMSTATE_UINT8_ARRAY() in macfb.c as
  suggested by David
Remove dummy Apple Sound Chip migration state as pointed out by David
Keep VIA ADB state and buffers in the mac_via device rather than adding
  to existing ADBState (this matches the pattern used in the PPC CUDA/PMU
  VIAs)
Remove blacklisting for q800 machine from "make check" as requested by
  Thomas with the following fixes:
- Fix incorrect MemoryRegion owner in ASC device
- Add qtest_enabled() check in q800_init() to allow testing when no
  kernel is specified
- Move some Mac VIA initialisation from init to realize
Remove legacy drive properties from SWIM floppy controller and instead
  expose separate floppy bus and drive devices as requested by Kevin

v3: fix subject pr

[Qemu-devel] [PATCH v6 03/10] escc: introduce a selector for the register bit

[Mark Cave-Ayland]

From: Laurent Vivier 

On Sparc and PowerMac, the bit 0 of the address
selects the register type (control or data) and
bit 1 selects the channel (B or A).

On m68k Macintosh, the bit 0 selects the channel and
bit 1 the register type.

This patch introduces a new parameter (bit_swap) to
the device interface to indicate bits usage must
be swapped between registers and channels.

For the moment all the machines use the bit 0,
but this change will be needed to emulate Quadra 800.

Signed-off-by: Laurent Vivier 
Reviewed-by: Hervé Poussineau 
---
 hw/char/escc.c | 30 --
 include/hw/char/escc.h |  1 +
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/hw/char/escc.c b/hw/char/escc.c
index 628f5f81f7..cec75b06f9 100644
--- a/hw/char/escc.c
+++ b/hw/char/escc.c
@@ -42,14 +42,21 @@
  * mouse and keyboard ports don't implement all functions and they are
  * only asynchronous. There is no DMA.
  *
- * Z85C30 is also used on PowerMacs. There are some small differences
- * between Sparc version (sunzilog) and PowerMac (pmac):
+ * Z85C30 is also used on PowerMacs and m68k Macs.
+ *
+ * There are some small differences between Sparc version (sunzilog)
+ * and PowerMac (pmac):
  *  Offset between control and data registers
  *  There is some kind of lockup bug, but we can ignore it
  *  CTS is inverted
  *  DMA on pmac using DBDMA chip
  *  pmac can do IRDA and faster rates, sunzilog can only do 38400
  *  pmac baud rate generator clock is 3.6864 MHz, sunzilog 4.9152 MHz
+ *
+ * Linux driver for m68k Macs is the same as for PowerMac (pmac_zilog),
+ * but registers are grouped by type and not by channel:
+ * channel is selected by bit 0 of the address (instead of bit 1)
+ * and register is selected by bit 1 of the address (instead of bit 0).
  */
 
 /*
@@ -169,6 +176,16 @@ static void handle_kbd_command(ESCCChannelState *s, int 
val);
 static int serial_can_receive(void *opaque);
 static void serial_receive_byte(ESCCChannelState *s, int ch);
 
+static int reg_shift(ESCCState *s)
+{
+return s->bit_swap ? s->it_shift + 1 : s->it_shift;
+}
+
+static int chn_shift(ESCCState *s)
+{
+return s->bit_swap ? s->it_shift : s->it_shift + 1;
+}
+
 static void clear_queue(void *opaque)
 {
 ESCCChannelState *s = opaque;
@@ -433,8 +450,8 @@ static void escc_mem_write(void *opaque, hwaddr addr,
 int newreg, channel;
 
 val &= 0xff;
-saddr = (addr >> serial->it_shift) & 1;
-channel = (addr >> (serial->it_shift + 1)) & 1;
+saddr = (addr >> reg_shift(serial)) & 1;
+channel = (addr >> chn_shift(serial)) & 1;
 s = &serial->chn[channel];
 switch (saddr) {
 case SERIAL_CTRL:
@@ -537,8 +554,8 @@ static uint64_t escc_mem_read(void *opaque, hwaddr addr,
 uint32_t ret;
 int channel;
 
-saddr = (addr >> serial->it_shift) & 1;
-channel = (addr >> (serial->it_shift + 1)) & 1;
+saddr = (addr >> reg_shift(serial)) & 1;
+channel = (addr >> chn_shift(serial)) & 1;
 s = &serial->chn[channel];
 switch (saddr) {
 case SERIAL_CTRL:
@@ -822,6 +839,7 @@ static void escc_realize(DeviceState *dev, Error **errp)
 static Property escc_properties[] = {
 DEFINE_PROP_UINT32("frequency", ESCCState, frequency,   0),
 DEFINE_PROP_UINT32("it_shift",  ESCCState, it_shift,0),
+DEFINE_PROP_BOOL("bit_swap",ESCCState, bit_swap,false),
 DEFINE_PROP_UINT32("disabled",  ESCCState, disabled,0),
 DEFINE_PROP_UINT32("chnBtype",  ESCCState, chn[0].type, 0),
 DEFINE_PROP_UINT32("chnAtype",  ESCCState, chn[1].type, 0),
diff --git a/include/hw/char/escc.h b/include/hw/char/escc.h
index 42aca83611..8762f61c14 100644
--- a/include/hw/char/escc.h
+++ b/include/hw/char/escc.h
@@ -50,6 +50,7 @@ typedef struct ESCCState {
 
 struct ESCCChannelState chn[2];
 uint32_t it_shift;
+bool bit_swap;
 MemoryRegion mmio;
 uint32_t disabled;
 uint32_t frequency;
-- 
2.11.0

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

[Li Qiang]

Hello Kevin,

Kevin Wolf  于2018年11月2日周五 下午6:54写道：

> Am 02.11.2018 um 02:22 hat Li Qiang geschrieben:
> > Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> > This can lead an oob access issue. This is triggerable in the guest.
> > Add check to avoid this issue.
> >
> > Fixes CVE-2018-16847.
> >
> > Reported-by: Li Qiang 
> > Reviewed-by: Paolo Bonzini 
> > Signed-off-by: Li Qiang 
> > ---
> >  hw/block/nvme.c | 7 +++
> >  1 file changed, 7 insertions(+)
> >
> > diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> > index fc7dacb..d097add 100644
> > --- a/hw/block/nvme.c
> > +++ b/hw/block/nvme.c
> > @@ -1175,6 +1175,10 @@ static void nvme_cmb_write(void *opaque, hwaddr
> addr, uint64_t data,
> >  unsigned size)
> >  {
> >  NvmeCtrl *n = (NvmeCtrl *)opaque;
> > +
> > +if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
>
> What prevents a guest from moving the device to the end of the address
> space and causing an integer overflow in addr + size?
>
>
This can't happen as the addr can't be any value, it just can be in the
Memory Region n->ctrl_mem defines.

Thanks,
Li Qiang



> If this happens, we still have .max_access_size = 8. The next question is
> then, is NVME_CMBSZ_GETSIZE guaranteed to be at least 8? I suppose yes,
> but do we want to rely on this for security?

Kevin
>

Re: [Qemu-devel] Correction needed for R5900 instruction decoding

[Peter Maydell]

On 2 November 2018 at 15:03, Aleksandar Markovic  wrote:
> Hi, Fredrik.
>
>> From: Fredrik Noring 
>> Subject: Re: [Qemu-devel] Correction needed for R5900 instruction decoding
>>
>> Hi Aleksandar,
>>
>> > It is now code freeze before 3.1, the code base is being stabilized, and
>> > only important fixes are allowed to be integrated - so, in that light, a
>> > separate patch, or a small series, that addresses only concerns from the
>> > original mail of this thread is needed. Such series should not contain any
>> > additional features (like your v2 of the series "Amend..." does), and its
>> > patch titles should look like "Fix decoding mechanism of ..." or such.
>> >
>> > Could you please provide those appropriate changes in that format?
>>
>> I certainly could, but why not simply apply patch 1 and 2 in the posted
>> v2 series and leave the rest for later?
>
> How do you know patches 1 and 2 will and should be applied? You jump
> to conclusions. Also, a basic rule while analyzing problems and their
> solutions is to avoid and omit irrelevant parts.

Hey guys, can we try to keep the tone of the conversation friendly here?

I think what Fred is suggesting is that the minimal set of fixing
patches would be just patch 1 and 2 from that set, and so you could
if you wanted apply those two patches to get the desired effect.

>From the other side of things, as a submaintainer around release
time there's often a lot of work to do and it's easy to confuse
different patchsets or forget the status of them, so it's useful
to have a patch series which is exactly the set of patches that
the submitter thinks are suitable to go into the release, and it's
less work to apply those than to fish out a subset of patches
from a series.

So overall, I think my suggestion would be that the best move
from here would be for Fred to send a patchset with the changes
for 3.1 and only those changes. Could you do that, please?

thanks
-- PMM

[Qemu-devel] [PATCH 0/3] nbd-client: drop extra error noise

[Vladimir Sementsov-Ogievskiy]

Hi all.

It was discussed, that error messages, produced by error_reprt_err's,
added in f140e300 are
1. not really needed
2. subject to race conditions

And it was decided to drop them (switch to trace-points), look thread
https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg00833.html

So, I've also dropped error_report_err, added earlier in be41c100c0d
and later in 78a33ab5878.

Hmm, I've tried to run 83 iotest in a loop, and it didn't fail, even
before these patches.

Vladimir Sementsov-Ogievskiy (3):
  error: add error_get_hint
  nbd: publish _lookup functions
  block/nbd-client: use traces instead of noisy error_report_err

 include/block/nbd.h|  5 +
 include/qapi/error.h   |  5 +
 nbd/nbd-internal.h |  5 -
 block/nbd-client.c | 27 +++
 util/error.c   |  5 +
 block/trace-events |  4 
 tests/qemu-iotests/083.out | 28 
 7 files changed, 42 insertions(+), 37 deletions(-)

-- 
2.18.0

[Qemu-devel] [PATCH 3/3] block/nbd-client: use traces instead of noisy error_report_err

[Vladimir Sementsov-Ogievskiy]

Reduce extra noise of nbd-client, change 083 correspondingly.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/nbd-client.c | 27 +++
 block/trace-events |  4 
 tests/qemu-iotests/083.out | 28 
 3 files changed, 27 insertions(+), 32 deletions(-)

diff --git a/block/nbd-client.c b/block/nbd-client.c
index 9686ecbd5e..9b1dab6e5d 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -28,6 +28,8 @@
  */
 
 #include "qemu/osdep.h"
+
+#include "trace.h"
 #include "qapi/error.h"
 #include "nbd-client.h"
 
@@ -79,7 +81,9 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque)
 assert(s->reply.handle == 0);
 ret = nbd_receive_reply(s->ioc, &s->reply, &local_err);
 if (local_err) {
-error_report_err(local_err);
+trace_nbd_read_reply_entry_fail(ret, error_get_pretty(local_err),
+error_get_hint(local_err) ?: "");
+error_free(local_err);
 }
 if (ret <= 0) {
 break;
@@ -771,7 +775,12 @@ static int nbd_co_request(BlockDriverState *bs, NBDRequest 
*request,
 
 ret = nbd_co_receive_return_code(client, request->handle, &local_err);
 if (local_err) {
-error_report_err(local_err);
+trace_nbd_co_request_fail(request->from, request->len, request->handle,
+  request->flags, request->type,
+  nbd_cmd_lookup(request->type),
+  ret, error_get_pretty(local_err),
+  error_get_hint(local_err) ?: "");
+error_free(local_err);
 }
 return ret;
 }
@@ -802,7 +811,12 @@ int nbd_client_co_preadv(BlockDriverState *bs, uint64_t 
offset,
 ret = nbd_co_receive_cmdread_reply(client, request.handle, offset, qiov,
&local_err);
 if (local_err) {
-error_report_err(local_err);
+trace_nbd_co_request_fail(request.from, request.len, request.handle,
+  request.flags, request.type,
+  nbd_cmd_lookup(request.type),
+  ret, error_get_pretty(local_err),
+  error_get_hint(local_err) ?: "");
+error_free(local_err);
 }
 return ret;
 }
@@ -925,7 +939,12 @@ int coroutine_fn 
nbd_client_co_block_status(BlockDriverState *bs,
 ret = nbd_co_receive_blockstatus_reply(client, request.handle, bytes,
&extent, &local_err);
 if (local_err) {
-error_report_err(local_err);
+trace_nbd_co_request_fail(request.from, request.len, request.handle,
+  request.flags, request.type,
+  nbd_cmd_lookup(request.type),
+  ret, error_get_pretty(local_err),
+  error_get_hint(local_err) ?: "");
+error_free(local_err);
 }
 if (ret < 0) {
 return ret;
diff --git a/block/trace-events b/block/trace-events
index 3e8c47bb24..f518432300 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -156,3 +156,7 @@ nvme_cmd_map_qiov_iov(void *s, int i, void *page, int 
pages) "s %p iov[%d] %p pa
 
 # block/iscsi.c
 iscsi_xcopy(void *src_lun, uint64_t src_off, void *dst_lun, uint64_t dst_off, 
uint64_t bytes, int ret) "src_lun %p offset %"PRIu64" dst_lun %p offset 
%"PRIu64" bytes %"PRIu64" ret %d"
+
+# block/nbd-client.c
+nbd_read_reply_entry_fail(int ret, const char *err, const char *hint) "ret = 
%d, err: %s%s"
+nbd_co_request_fail(uint64_t from, uint32_t len, uint64_t handle, uint16_t 
flags, uint16_t type, const char *name, int ret, const char *err, const char 
*hint) "Request failed { .from = %" PRIu64", .len = %" PRIu32 ", .handle = %" 
PRIu64 ", .flags = 0x%" PRIx16 ", .type = %" PRIu16 " (%s) } ret = %d, err: 
%s%s"
diff --git a/tests/qemu-iotests/083.out b/tests/qemu-iotests/083.out
index f9af8bb691..7419722cd7 100644
--- a/tests/qemu-iotests/083.out
+++ b/tests/qemu-iotests/083.out
@@ -41,8 +41,6 @@ can't open device nbd+tcp://127.0.0.1:PORT/foo
 
 === Check disconnect after neg2 ===
 
-Unable to read from socket: Connection reset by peer
-Connection closed
 read failed: Input/output error
 
 === Check disconnect 8 neg2 ===
@@ -55,40 +53,30 @@ can't open device nbd+tcp://127.0.0.1:PORT/foo
 
 === Check disconnect before request ===
 
-Unable to read from socket: Connection reset by peer
-Connection closed
 read failed: Input/output error
 
 === Check disconnect after request ===
 
-Connection closed
 read failed: Input/output error
 
 === Check disconnect before reply ===
 
-Connection closed
 read failed: Input/output error
 
 === Check disconnect after reply ===
 
-Unexpected end-of-file before all bytes were read
 read failed: Input/output error
 
 === Check disconnect 4 reply ===
 
-Un