Re: [Qemu-devel] [PATCH for-4.0 2/3] target/ppc: Enable "decrement and test CTR" version of bcctr

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 07:03:46PM +0100, Greg Kurz wrote:
> Even if all ISAs up to v3 indeed mention:
> 
> If the "decrement and test CTR" option is specified (BO2=0), the
> instruction form is invalid.
> 
> The UMs of all existing 64-bit server class processors say:

I've applied this series because it fixes an immediate problem, but I
have some significant reservations about it, read on..

> If BO[2] = 0, the contents of CTR (before any update) are used as the
> target address and for the test of the contents of CTR to resolve the
> branch. The contents of the CTR are then decremented and written back
> to the CTR.

So, if that's what the hardware does, I guess that's what we need to
do.  That behaviour seems totally bizarre though - how can it make
sense for the same register value to act as both the branch target and
a flag/counter?  Or am I misreading something?

> The linux kernel has spectre v2 mitigation code that relies on a
> BO[2] = 0 variant of bcctr, which is now activated by default on
> spapr, even with TCG. This causes linux guests to panic with
> the default machine type under TCG.
> 
> Since any CPU model can provide its own behaviour for invalid forms,
> we could possibly introduce a new instruction flag to handle this.
> In practice, since the behaviour is shared by all 64-bit server
> processors starting with 970 up to POWER9, let's reuse the
> PPC_SEGMENT_64B flag. Caveat: this may have to be fixed later if
> POWER10 introduces a different behaviour.

Yeah.. this makes me nervous.  It's going to be very non-obvious that
a flag about MMU behaviour is linked to an obscure conditional branch
behaviour, so I suspect the chances of forgetting to fix that later if
necessary are close to 100%.

> The existing behaviour of throwing a program interrupt is kept for
> all other CPU models.
> 
> Signed-off-by: Greg Kurz 
> ---
>  target/ppc/translate.c |   52 
> ++--
>  1 file changed, 37 insertions(+), 15 deletions(-)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index aaafa3a715d8..d3aaa6482c6a 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -3747,22 +3747,44 @@ static void gen_bcond(DisasContext *ctx, int type)
>  if ((bo & 0x4) == 0) {
>  /* Decrement and test CTR */
>  TCGv temp = tcg_temp_new();
> -if (unlikely(type == BCOND_CTR)) {
> -gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
> -tcg_temp_free(temp);
> -tcg_temp_free(target);
> -return;
> -}
> -tcg_gen_subi_tl(cpu_ctr, cpu_ctr, 1);
> -if (NARROW_MODE(ctx)) {
> -tcg_gen_ext32u_tl(temp, cpu_ctr);
> -} else {
> -tcg_gen_mov_tl(temp, cpu_ctr);
> -}
> -if (bo & 0x2) {
> -tcg_gen_brcondi_tl(TCG_COND_NE, temp, 0, l1);
> +
> +if (type == BCOND_CTR) {
> +/*
> + * All ISAs up to v3 describe this form of bcctr as invalid but
> + * some processors, ie. 64-bit server processors compliant with
> + * arch 2.x, do implement a "test and decrement" logic instead,
> + * as described in their respective UMs.
> + */
> +if (unlikely(!(ctx->insns_flags & PPC_SEGMENT_64B))) {
> +gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
> +tcg_temp_free(temp);
> +tcg_temp_free(target);
> +return;
> +}
> +
> +if (NARROW_MODE(ctx)) {
> +tcg_gen_ext32u_tl(temp, cpu_ctr);
> +} else {
> +tcg_gen_mov_tl(temp, cpu_ctr);
> +}
> +if (bo & 0x2) {
> +tcg_gen_brcondi_tl(TCG_COND_NE, temp, 0, l1);
> +} else {
> +tcg_gen_brcondi_tl(TCG_COND_EQ, temp, 0, l1);
> +}
> +tcg_gen_subi_tl(cpu_ctr, cpu_ctr, 1);
>  } else {
> -tcg_gen_brcondi_tl(TCG_COND_EQ, temp, 0, l1);
> +tcg_gen_subi_tl(cpu_ctr, cpu_ctr, 1);
> +if (NARROW_MODE(ctx)) {
> +tcg_gen_ext32u_tl(temp, cpu_ctr);
> +} else {
> +tcg_gen_mov_tl(temp, cpu_ctr);
> +}
> +if (bo & 0x2) {
> +tcg_gen_brcondi_tl(TCG_COND_NE, temp, 0, l1);
> +} else {
> +tcg_gen_brcondi_tl(TCG_COND_EQ, temp, 0, l1);
> +}
>  }
>  tcg_temp_free(temp);
>  }
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [PATCH v7 5/6] ppc: spapr: Enable FWNMI capability

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 12:04:16PM +0530, Aravinda Prasad wrote:
> Enable the KVM capability KVM_CAP_PPC_FWNMI so that
> the KVM causes guest exit with NMI as exit reason
> when it encounters a machine check exception on the
> address belonging to a guest. Without this capability
> enabled, KVM redirects machine check exceptions to
> guest's 0x200 vector.
> 
> Signed-off-by: Aravinda Prasad 
> ---
>  hw/ppc/spapr_rtas.c  |   15 +++
>  target/ppc/kvm.c |   14 ++
>  target/ppc/kvm_ppc.h |6 ++
>  3 files changed, 35 insertions(+)
> 
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index fb594a4..939f428 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -49,6 +49,7 @@
>  #include "hw/ppc/fdt.h"
>  #include "target/ppc/mmu-hash64.h"
>  #include "target/ppc/mmu-book3s-v3.h"
> +#include "kvm_ppc.h"
>  
>  static void rtas_display_character(PowerPCCPU *cpu, SpaprMachineState *spapr,
> uint32_t token, uint32_t nargs,
> @@ -354,6 +355,20 @@ static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
>target_ulong args,
>uint32_t nret, target_ulong rets)
>  {
> +int ret;
> +
> +ret = kvmppc_fwnmi_enable(cpu);
> +
> +if (ret == 1) {
> +rtas_st(rets, 0, RTAS_OUT_NOT_SUPPORTED);

Urgh, we're here making a guest visible different to the environment
depending on a host (KVM) capability.  What happens if you start a
guest and it registers fwnmi support, then migrate it to a host that
lacks the necessary KVM support?

> +return;
> +}
> +
> +if (ret < 0) {
> +rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
> +return;
> +}
> +
>  spapr->mc_reset = 0;
>  spapr->guest_machine_check_addr = rtas_ld(args, 1);
>  rtas_st(rets, 0, RTAS_OUT_SUCCESS);
> diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> index a593448..161b45e 100644
> --- a/target/ppc/kvm.c
> +++ b/target/ppc/kvm.c
> @@ -93,6 +93,7 @@ static int cap_ppc_safe_indirect_branch;
>  static int cap_ppc_count_cache_flush_assist;
>  static int cap_ppc_nested_kvm_hv;
>  static int cap_large_decr;
> +static int cap_ppc_fwnmi;
>  
>  static uint32_t debug_inst_opcode;
>  
> @@ -155,6 +156,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
>  kvmppc_get_cpu_characteristics(s);
>  cap_ppc_nested_kvm_hv = kvm_vm_check_extension(s, KVM_CAP_PPC_NESTED_HV);
>  cap_large_decr = kvmppc_get_dec_bits();
> +cap_ppc_fwnmi = kvm_check_extension(s, KVM_CAP_PPC_FWNMI);
>  /*
>   * Note: setting it to false because there is not such capability
>   * in KVM at this moment.
> @@ -2091,6 +2093,18 @@ void kvmppc_set_mpic_proxy(PowerPCCPU *cpu, int 
> mpic_proxy)
>  }
>  }
>  
> +int kvmppc_fwnmi_enable(PowerPCCPU *cpu)
> +{
> +CPUState *cs = CPU(cpu);
> +
> +if (!cap_ppc_fwnmi) {
> +return 1;
> +}
> +
> +return kvm_vcpu_enable_cap(cs, KVM_CAP_PPC_FWNMI, 0);
> +}
> +
> +
>  int kvmppc_smt_threads(void)
>  {
>  return cap_ppc_smt ? cap_ppc_smt : 1;
> diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
> index df5e85f..cf7b24f 100644
> --- a/target/ppc/kvm_ppc.h
> +++ b/target/ppc/kvm_ppc.h
> @@ -27,6 +27,7 @@ void kvmppc_enable_h_page_init(void);
>  void kvmppc_set_papr(PowerPCCPU *cpu);
>  int kvmppc_set_compat(PowerPCCPU *cpu, uint32_t compat_pvr);
>  void kvmppc_set_mpic_proxy(PowerPCCPU *cpu, int mpic_proxy);
> +int kvmppc_fwnmi_enable(PowerPCCPU *cpu);
>  int kvmppc_smt_threads(void);
>  void kvmppc_hint_smt_possible(Error **errp);
>  int kvmppc_set_smt_threads(int smt);
> @@ -158,6 +159,11 @@ static inline void kvmppc_set_mpic_proxy(PowerPCCPU 
> *cpu, int mpic_proxy)
>  {
>  }
>  
> +int kvmppc_fwnmi_enable(PowerPCCPU *cpu)
> +{
> +return 1;
> +}
> +
>  static inline int kvmppc_smt_threads(void)
>  {
>  return 1;
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [PATCH v7 3/6] target/ppc: Handle NMI guest exit

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 12:03:58PM +0530, Aravinda Prasad wrote:
> Memory error such as bit flips that cannot be corrected
> by hardware are passed on to the kernel for handling.
> If the memory address in error belongs to guest then
> the guest kernel is responsible for taking suitable action.
> Patch [1] enhances KVM to exit guest with exit reason
> set to KVM_EXIT_NMI in such cases. This patch handles
> KVM_EXIT_NMI exit.
> 
> [1] https://www.spinics.net/lists/kvm-ppc/msg12637.html
> (e20bbd3d and related commits)
> 
> Signed-off-by: Aravinda Prasad 
> ---
>  hw/ppc/spapr_events.c  |   22 ++
>  include/hw/ppc/spapr.h |1 +
>  target/ppc/kvm.c   |   16 
>  target/ppc/kvm_ppc.h   |2 ++
>  4 files changed, 41 insertions(+)
> 
> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
> index ae0f093..e7a24ad 100644
> --- a/hw/ppc/spapr_events.c
> +++ b/hw/ppc/spapr_events.c
> @@ -620,6 +620,28 @@ void 
> spapr_hotplug_req_remove_by_count_indexed(SpaprDrcType drc_type,
>  RTAS_LOG_V6_HP_ACTION_REMOVE, drc_type, &drc_id);
>  }
>  
> +void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
> +{
> +SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
> +
> +while (spapr->mc_status != -1) {
> +/*
> + * Check whether the same CPU got machine check error
> + * while still handling the mc error (i.e., before
> + * that CPU called "ibm,nmi-interlock"
> + */
> +if (spapr->mc_status == cpu->vcpu_id) {
> +qemu_system_guest_panicked(NULL);
> +}
> +qemu_cond_wait_iothread(&spapr->mc_delivery_cond);
> +/* If the system is reset meanwhile, then just return */
> +if (spapr->mc_reset) {

I don't really see what this accomplishes.  IIUC mc_reset is true from
reset time until nmi-register is called.  Which means you could just
check for guest_mnachine_check_addre being unset - in which case don't
you need to fallback to the old machine check behaviour anyway?

> +return;
> +}
> +}
> +spapr->mc_status = cpu->vcpu_id;
> +}
> +
>  static void check_exception(PowerPCCPU *cpu, SpaprMachineState *spapr,
>  uint32_t token, uint32_t nargs,
>  target_ulong args,
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index ee5589d..b0d8c18 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -792,6 +792,7 @@ void spapr_reallocate_hpt(SpaprMachineState *spapr, int 
> shift,
>Error **errp);
>  void spapr_clear_pending_events(SpaprMachineState *spapr);
>  int spapr_max_server_number(SpaprMachineState *spapr);
> +void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered);
>  
>  /* DRC callbacks. */
>  void spapr_core_release(DeviceState *dev);
> diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> index 2427c8e..a593448 100644
> --- a/target/ppc/kvm.c
> +++ b/target/ppc/kvm.c
> @@ -1738,6 +1738,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run 
> *run)
>  ret = 0;
>  break;
>  
> +case KVM_EXIT_NMI:
> +DPRINTF("handle NMI exception\n");

tracepoints are generally preferred to new DPRINTFs.

> +ret = kvm_handle_nmi(cpu, run);
> +break;
> +
>  default:
>  fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason);
>  ret = -1;
> @@ -2803,6 +2808,17 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
>  return data & 0x;
>  }
>  
> +int kvm_handle_nmi(PowerPCCPU *cpu, struct kvm_run *run)
> +{
> +bool recovered = run->flags & KVM_RUN_PPC_NMI_DISP_FULLY_RECOV;
> +
> +cpu_synchronize_state(CPU(cpu));
> +
> +spapr_mce_req_event(cpu, recovered);
> +
> +return 0;
> +}
> +
>  int kvmppc_enable_hwrng(void)
>  {
>  if (!kvm_enabled() || !kvm_check_extension(kvm_state, 
> KVM_CAP_PPC_HWRNG)) {
> diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
> index 2c2ea30..df5e85f 100644
> --- a/target/ppc/kvm_ppc.h
> +++ b/target/ppc/kvm_ppc.h
> @@ -80,6 +80,8 @@ bool kvmppc_hpt_needs_host_contiguous_pages(void);
>  void kvm_check_mmu(PowerPCCPU *cpu, Error **errp);
>  void kvmppc_set_reg_ppc_online(PowerPCCPU *cpu, unsigned int online);
>  
> +int kvm_handle_nmi(PowerPCCPU *cpu, struct kvm_run *run);
> +
>  #else
>  
>  static inline uint32_t kvmppc_get_tbfreq(void)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [RFC for-4.1 20/25] target/ppc: Style fixes for translate_init.inc.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 

There is a printf() we could change below. Anyhow,

Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/translate_init.inc.c | 240 +++-
>  1 file changed, 146 insertions(+), 94 deletions(-)
> 
> diff --git a/target/ppc/translate_init.inc.c b/target/ppc/translate_init.inc.c
> index 0bd555eb19..78e4cd3e87 100644
> --- a/target/ppc/translate_init.inc.c
> +++ b/target/ppc/translate_init.inc.c
> @@ -40,12 +40,13 @@
>  #include "fpu/softfloat.h"
>  #include "qapi/qapi-commands-target.h"
>  
> -//#define PPC_DUMP_CPU
> -//#define PPC_DEBUG_SPR
> -//#define PPC_DUMP_SPR_ACCESSES
> +/* #define PPC_DUMP_CPU */
> +/* #define PPC_DEBUG_SPR */
> +/* #define PPC_DUMP_SPR_ACCESSES */
>  /* #define USE_APPLE_GDB */
>  
> -/* Generic callbacks:
> +/*
> + * Generic callbacks:
>   * do nothing but store/retrieve spr value
>   */
>  static void spr_load_dump_spr(int sprn)
> @@ -57,7 +58,7 @@ static void spr_load_dump_spr(int sprn)
>  #endif
>  }
>  
> -static void spr_read_generic (DisasContext *ctx, int gprn, int sprn)
> +static void spr_read_generic(DisasContext *ctx, int gprn, int sprn)
>  {
>  gen_load_spr(cpu_gpr[gprn], sprn);
>  spr_load_dump_spr(sprn);
> @@ -229,13 +230,13 @@ static void spr_read_tbu(DisasContext *ctx, int gprn, 
> int sprn)
>  }
>  }
>  
> -__attribute__ (( unused ))
> +ATTRIBUTE_UNUSED
>  static void spr_read_atbl(DisasContext *ctx, int gprn, int sprn)
>  {
>  gen_helper_load_atbl(cpu_gpr[gprn], cpu_env);
>  }
>  
> -__attribute__ (( unused ))
> +ATTRIBUTE_UNUSED
>  static void spr_read_atbu(DisasContext *ctx, int gprn, int sprn)
>  {
>  gen_helper_load_atbu(cpu_gpr[gprn], cpu_env);
> @@ -266,20 +267,20 @@ static void spr_write_tbu(DisasContext *ctx, int sprn, 
> int gprn)
>  }
>  }
>  
> -__attribute__ (( unused ))
> +ATTRIBUTE_UNUSED
>  static void spr_write_atbl(DisasContext *ctx, int sprn, int gprn)
>  {
>  gen_helper_store_atbl(cpu_env, cpu_gpr[gprn]);
>  }
>  
> -__attribute__ (( unused ))
> +ATTRIBUTE_UNUSED
>  static void spr_write_atbu(DisasContext *ctx, int sprn, int gprn)
>  {
>  gen_helper_store_atbu(cpu_env, cpu_gpr[gprn]);
>  }
>  
>  #if defined(TARGET_PPC64)
> -__attribute__ (( unused ))
> +ATTRIBUTE_UNUSED
>  static void spr_read_purr(DisasContext *ctx, int gprn, int sprn)
>  {
>  gen_helper_load_purr(cpu_gpr[gprn], cpu_env);
> @@ -318,12 +319,16 @@ static void spr_write_hdecr(DisasContext *ctx, int 
> sprn, int gprn)
>  /* IBAT0L...IBAT7L */
>  static void spr_read_ibat(DisasContext *ctx, int gprn, int sprn)
>  {
> -tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env, offsetof(CPUPPCState, IBAT[sprn & 
> 1][(sprn - SPR_IBAT0U) / 2]));
> +tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env,
> +  offsetof(CPUPPCState,
> +   IBAT[sprn & 1][(sprn - SPR_IBAT0U) / 2]));
>  }
>  
>  static void spr_read_ibat_h(DisasContext *ctx, int gprn, int sprn)
>  {
> -tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env, offsetof(CPUPPCState, IBAT[sprn & 
> 1][((sprn - SPR_IBAT4U) / 2) + 4]));
> +tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env,
> +  offsetof(CPUPPCState,
> +   IBAT[sprn & 1][((sprn - SPR_IBAT4U) / 2) + 4]));
>  }
>  
>  static void spr_write_ibatu(DisasContext *ctx, int sprn, int gprn)
> @@ -358,12 +363,16 @@ static void spr_write_ibatl_h(DisasContext *ctx, int 
> sprn, int gprn)
>  /* DBAT0L...DBAT7L */
>  static void spr_read_dbat(DisasContext *ctx, int gprn, int sprn)
>  {
> -tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env, offsetof(CPUPPCState, DBAT[sprn & 
> 1][(sprn - SPR_DBAT0U) / 2]));
> +tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env,
> +  offsetof(CPUPPCState,
> +   DBAT[sprn & 1][(sprn - SPR_DBAT0U) / 2]));
>  }
>  
>  static void spr_read_dbat_h(DisasContext *ctx, int gprn, int sprn)
>  {
> -tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env, offsetof(CPUPPCState, DBAT[sprn & 
> 1][((sprn - SPR_DBAT4U) / 2) + 4]));
> +tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env,
> +  offsetof(CPUPPCState,
> +   DBAT[sprn & 1][((sprn - SPR_DBAT4U) / 2) + 4]));
>  }
>  
>  static void spr_write_dbatu(DisasContext *ctx, int sprn, int gprn)
> @@ -472,7 +481,9 @@ static void spr_write_hid0_601(DisasContext *ctx, int 
> sprn, int gprn)
>  #if !defined(CONFIG_USER_ONLY)
>  static void spr_read_601_ubat(DisasContext *ctx, int gprn, int sprn)
>  {
> -tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env, offsetof(CPUPPCState, IBAT[sprn & 
> 1][(sprn - SPR_IBAT0U) / 2]));
> +tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env,
> +  offsetof(CPUPPCState,
> +   IBAT[sprn & 1][(sprn - SPR_IBAT0U) / 2]));
>  }
>  
>  static void spr_write_601_ubatu(DisasContext *ctx, int sprn, int gprn)
> @@ -531,7 +542,8 @@ static void spr_write_booke_tsr(DisasContext *ctx, int 
> sprn, int gprn)
>  #if !defined(CONFIG_USER_ONLY)
>  static void spr_read_403_pbr(Disa

Re: [Qemu-devel] [RFC for-4.1 21/25] target/ppc: Style fixes for translate.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/translate.c | 507 +
>  1 file changed, 315 insertions(+), 192 deletions(-)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index 98b37cebc2..67aa128ef1 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -42,8 +42,8 @@
>  #define GDBSTUB_SINGLE_STEP 0x4
>  
>  /* Include definitions for instructions classes and implementations flags */
> -//#define PPC_DEBUG_DISAS
> -//#define DO_PPC_STATISTICS
> +/* #define PPC_DEBUG_DISAS */
> +/* #define DO_PPC_STATISTICS */
>  
>  #ifdef PPC_DEBUG_DISAS
>  #  define LOG_DISAS(...) qemu_log_mask(CPU_LOG_TB_IN_ASM, ## __VA_ARGS__)
> @@ -54,9 +54,9 @@
>  /* Code translation helpers  
> */
>  
>  /* global register indexes */
> -static char cpu_reg_names[10*3 + 22*4 /* GPR */
> -+ 10*4 + 22*5 /* SPE GPRh */
> -+ 8*5 /* CRF */];
> +static char cpu_reg_names[10 * 3 + 22 * 4   /* GPR */
> +  + 10 * 4 + 22 * 5 /* SPE GPRh */
> +  + 8 * 5   /* CRF */];
>  static TCGv cpu_gpr[32];
>  static TCGv cpu_gprh[32];
>  static TCGv_i32 cpu_crf[8];
> @@ -78,7 +78,7 @@ static TCGv_i32 cpu_access_type;
>  void ppc_translate_init(void)
>  {
>  int i;
> -char* p;
> +char *p;
>  size_t cpu_reg_names_size;
>  
>  p = cpu_reg_names;
> @@ -146,7 +146,8 @@ void ppc_translate_init(void)
> offsetof(CPUPPCState, fpscr), "fpscr");
>  
>  cpu_access_type = tcg_global_mem_new_i32(cpu_env,
> - offsetof(CPUPPCState, 
> access_type), "access_type");
> + offsetof(CPUPPCState, 
> access_type),
> + "access_type");
>  }
>  
>  /* internal defines */
> @@ -246,8 +247,9 @@ static void gen_exception_err(DisasContext *ctx, uint32_t 
> excp, uint32_t error)
>  {
>  TCGv_i32 t0, t1;
>  
> -/* These are all synchronous exceptions, we set the PC back to
> - * the faulting instruction
> +/*
> + * These are all synchronous exceptions, we set the PC back to the
> + * faulting instruction
>   */
>  if (ctx->exception == POWERPC_EXCP_NONE) {
>  gen_update_nip(ctx, ctx->base.pc_next - 4);
> @@ -264,8 +266,9 @@ static void gen_exception(DisasContext *ctx, uint32_t 
> excp)
>  {
>  TCGv_i32 t0;
>  
> -/* These are all synchronous exceptions, we set the PC back to
> - * the faulting instruction
> +/*
> + * These are all synchronous exceptions, we set the PC back to the
> + * faulting instruction
>   */
>  if (ctx->exception == POWERPC_EXCP_NONE) {
>  gen_update_nip(ctx, ctx->base.pc_next - 4);
> @@ -320,8 +323,9 @@ static void gen_debug_exception(DisasContext *ctx)
>  {
>  TCGv_i32 t0;
>  
> -/* These are all synchronous exceptions, we set the PC back to
> - * the faulting instruction
> +/*
> + * These are all synchronous exceptions, we set the PC back to the
> + * faulting instruction
>   */
>  if ((ctx->exception != POWERPC_EXCP_BRANCH) &&
>  (ctx->exception != POWERPC_EXCP_SYNC)) {
> @@ -602,9 +606,11 @@ static inline void gen_op_cmp(TCGv arg0, TCGv arg1, int 
> s, int crf)
>  
>  tcg_gen_movi_tl(t0, CRF_EQ);
>  tcg_gen_movi_tl(t1, CRF_LT);
> -tcg_gen_movcond_tl((s ? TCG_COND_LT : TCG_COND_LTU), t0, arg0, arg1, t1, 
> t0);
> +tcg_gen_movcond_tl((s ? TCG_COND_LT : TCG_COND_LTU),
> +   t0, arg0, arg1, t1, t0);
>  tcg_gen_movi_tl(t1, CRF_GT);
> -tcg_gen_movcond_tl((s ? TCG_COND_GT : TCG_COND_GTU), t0, arg0, arg1, t1, 
> t0);
> +tcg_gen_movcond_tl((s ? TCG_COND_GT : TCG_COND_GTU),
> +   t0, arg0, arg1, t1, t0);
>  
>  tcg_gen_trunc_tl_i32(t, t0);
>  tcg_gen_trunc_tl_i32(cpu_crf[crf], cpu_so);
> @@ -840,9 +846,11 @@ static inline void gen_op_arith_add(DisasContext *ctx, 
> TCGv ret, TCGv arg1,
>  
>  if (compute_ca) {
>  if (NARROW_MODE(ctx)) {
> -/* Caution: a non-obvious corner case of the spec is that we
> -   must produce the *entire* 64-bit addition, but produce the
> -   carry into bit 32.  */
> +/*
> + * Caution: a non-obvious corner case of the spec is that
> + * we must produce the *entire* 64-bit addition, but
> + * produce the carry into bit 32.
> + */
>  TCGv t1 = tcg_temp_new();
>  tcg_gen_xor_tl(t1, arg1, arg2);/* add without carry */
>  tcg_gen_add_tl(t0, arg1, arg2);
> @@ -1017,12 +1025,13 @@ static inline void gen_op_arith_divw(DisasContext 
> *ctx, TCGv ret, TCGv arg1,
>  tcg_temp_free_i32(t2);
>  tcg_temp_free_i32(t3);
>  
> -if (unlikely(Rc(

Re: [Qemu-devel] [RFC for-4.1 16/25] target/ppc: Style fixes for mmu-hash32.[ch]

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/mmu-hash32.c | 19 ---
>  1 file changed, 12 insertions(+), 7 deletions(-)
> 
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index e8562a7c87..f83944b78c 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -27,7 +27,7 @@
>  #include "mmu-hash32.h"
>  #include "exec/log.h"
>  
> -//#define DEBUG_BAT
> +/* #define DEBUG_BAT */
>  
>  #ifdef DEBUG_BATS
>  #  define LOG_BATS(...) qemu_log_mask(CPU_LOG_MMU, __VA_ARGS__)
> @@ -228,8 +228,10 @@ static int ppc_hash32_direct_store(PowerPCCPU *cpu, 
> target_ulong sr,
>  qemu_log_mask(CPU_LOG_MMU, "direct store...\n");
>  
>  if ((sr & 0x1FF0) >> 20 == 0x07f) {
> -/* Memory-forced I/O controller interface access */
> -/* If T=1 and BUID=x'07F', the 601 performs a memory access
> +/*
> + * Memory-forced I/O controller interface access
> + *
> + * If T=1 and BUID=x'07F', the 601 performs a memory access
>   * to SR[28-31] LA[4-31], bypassing all protection mechanisms.
>   */
>  *raddr = ((sr & 0xF) << 28) | (eaddr & 0x0FFF);
> @@ -266,8 +268,9 @@ static int ppc_hash32_direct_store(PowerPCCPU *cpu, 
> target_ulong sr,
>  return 1;
>  case ACCESS_CACHE:
>  /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
> -/* Should make the instruction do no-op.
> - * As it already do no-op, it's quite easy :-)
> +/*
> + * Should make the instruction do no-op.  As it already do
> + * no-op, it's quite easy :-)
>   */
>  *raddr = eaddr;
>  return 0;
> @@ -519,8 +522,10 @@ int ppc_hash32_handle_mmu_fault(PowerPCCPU *cpu, vaddr 
> eaddr, int rwx,
>  if (rwx == 1) {
>  new_pte1 |= HPTE32_R_C; /* set changed (dirty) bit */
>  } else {
> -/* Treat the page as read-only for now, so that a later write
> - * will pass through this function again to set the C bit */
> +/*
> + * Treat the page as read-only for now, so that a later write
> + * will pass through this function again to set the C bit
> + */
>  prot &= ~PAGE_WRITE;
>  }
>  
> 




Re: [Qemu-devel] [PATCH for-4.0 3/3] target/ppc: Consolidate 64-bit server processor detection in a helper

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 07:03:51PM +0100, Greg Kurz wrote:
> We use PPC_SEGMENT_64B in various places to guard code that is specific
> to 64-bit server processors compliant with arch 2.x. Consolidate the
> logic in a helper macro with an explicit name.
> 
> Signed-off-by: Greg Kurz 

This mitigates my concern about re-using the PPC_SEGMENT_64B bit
discussed in reply to the previous patch, since it leaves only one
place to fix instead of a bunch.

> ---
>  hw/ppc/ppc.c |2 +-
>  target/ppc/cpu.h |6 ++
>  target/ppc/helper_regs.h |2 +-
>  target/ppc/translate.c   |   10 --
>  4 files changed, 12 insertions(+), 8 deletions(-)
> 
> diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
> index 49d57469fb34..ad20584f268d 100644
> --- a/hw/ppc/ppc.c
> +++ b/hw/ppc/ppc.c
> @@ -1101,7 +1101,7 @@ clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, 
> uint32_t freq)
>  tb_env = g_malloc0(sizeof(ppc_tb_t));
>  env->tb_env = tb_env;
>  tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
> -if (env->insns_flags & PPC_SEGMENT_64B) {
> +if (is_book3s_arch2x(env)) {
>  /* All Book3S 64bit CPUs implement level based DEC logic */
>  tb_env->flags |= PPC_DECR_UNDERFLOW_LEVEL;
>  }
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index fc12b4688e8c..070717758452 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -2409,6 +2409,12 @@ enum {
>  target_ulong cpu_read_xer(CPUPPCState *env);
>  void cpu_write_xer(CPUPPCState *env, target_ulong xer);
>  
> +/*
> + * All 64-bit server processors compliant with arch 2.x, ie. 970 and newer,
> + * have PPC_SEGMENT_64B.
> + */
> +#define is_book3s_arch2x(ctx) (!!((ctx)->insns_flags & PPC_SEGMENT_64B))
> +
>  static inline void cpu_get_tb_cpu_state(CPUPPCState *env, target_ulong *pc,
>  target_ulong *cs_base, uint32_t 
> *flags)
>  {
> diff --git a/target/ppc/helper_regs.h b/target/ppc/helper_regs.h
> index a2205e1044c9..c863abc0bfc3 100644
> --- a/target/ppc/helper_regs.h
> +++ b/target/ppc/helper_regs.h
> @@ -152,7 +152,7 @@ static inline int hreg_store_msr(CPUPPCState *env, 
> target_ulong value,
>   * - 64-bit embedded implementations do not need any operation to be
>   *   performed when PR is set.
>   */
> -if ((env->insns_flags & PPC_SEGMENT_64B) && ((value >> MSR_PR) & 1)) {
> +if (is_book3s_arch2x(env) && ((value >> MSR_PR) & 1)) {
>  value |= (1 << MSR_EE) | (1 << MSR_DR) | (1 << MSR_IR);
>  }
>  #endif
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index d3aaa6482c6a..576210d901ad 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -3755,7 +3755,7 @@ static void gen_bcond(DisasContext *ctx, int type)
>   * arch 2.x, do implement a "test and decrement" logic instead,
>   * as described in their respective UMs.
>   */
> -if (unlikely(!(ctx->insns_flags & PPC_SEGMENT_64B))) {
> +if (unlikely(!is_book3s_arch2x(ctx))) {
>  gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
>  tcg_temp_free(temp);
>  tcg_temp_free(target);
> @@ -3913,7 +3913,7 @@ static void gen_rfi(DisasContext *ctx)
>  /* This instruction doesn't exist anymore on 64-bit server
>   * processors compliant with arch 2.x
>   */
> -if (ctx->insns_flags & PPC_SEGMENT_64B) {
> +if (is_book3s_arch2x(ctx)) {
>  gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
>  return;
>  }
> @@ -6535,8 +6535,7 @@ static void gen_msgclr(DisasContext *ctx)
>  GEN_PRIV;
>  #else
>  CHK_HV;
> -/* 64-bit server processors compliant with arch 2.x */
> -if (ctx->insns_flags & PPC_SEGMENT_64B) {
> +if (is_book3s_arch2x(ctx)) {
>  gen_helper_book3s_msgclr(cpu_env, cpu_gpr[rB(ctx->opcode)]);
>  } else {
>  gen_helper_msgclr(cpu_env, cpu_gpr[rB(ctx->opcode)]);
> @@ -6550,8 +6549,7 @@ static void gen_msgsnd(DisasContext *ctx)
>  GEN_PRIV;
>  #else
>  CHK_HV;
> -/* 64-bit server processors compliant with arch 2.x */
> -if (ctx->insns_flags & PPC_SEGMENT_64B) {
> +if (is_book3s_arch2x(ctx)) {
>  gen_helper_book3s_msgsnd(cpu_gpr[rB(ctx->opcode)]);
>  } else {
>  gen_helper_msgsnd(cpu_gpr[rB(ctx->opcode)]);
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [PATCH v7 1/6] ppc: spapr: Handle "ibm, nmi-register" and "ibm, nmi-interlock" RTAS calls

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 12:03:39PM +0530, Aravinda Prasad wrote:
> This patch adds support in QEMU to handle "ibm,nmi-register"
> and "ibm,nmi-interlock" RTAS calls.
> 
> The machine check notification address is saved when the
> OS issues "ibm,nmi-register" RTAS call.
> 
> This patch also handles the case when multiple processors
> experience machine check at or about the same time by
> handling "ibm,nmi-interlock" call. In such cases, as per
> PAPR, subsequent processors serialize waiting for the first
> processor to issue the "ibm,nmi-interlock" call. The second
> processor that also received a machine check error waits
> till the first processor is done reading the error log.
> The first processor issues "ibm,nmi-interlock" call
> when the error log is consumed. This patch implements the
> releasing part of the error-log while subsequent patch
> (which builds error log) handles the locking part.
> 
> Signed-off-by: Aravinda Prasad 
> ---
>  hw/ppc/spapr.c |   25 +
>  hw/ppc/spapr_rtas.c|   36 
>  include/hw/ppc/spapr.h |   15 ++-
>  3 files changed, 75 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index adde36a..744dcad 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1788,6 +1788,16 @@ static void spapr_machine_reset(void)
>  first_ppc_cpu->env.gpr[5] = 0;
>  
>  spapr->cas_reboot = false;
> +
> +spapr->mc_reset = 1;
> +spapr->mc_status = -1;

I don't love adding these fields so early, when they're never actually
tested until later in the series.

> +spapr->guest_machine_check_addr = -1;
> +
> +/* Before destroying, signal vCPUs waiting on this condition */
> +qemu_cond_broadcast(&spapr->mc_delivery_cond);
> +/* It is safe to call destroy as broadcast unblocks all vCPUs */
> +qemu_cond_destroy(&spapr->mc_delivery_cond);
> +qemu_cond_init(&spapr->mc_delivery_cond);

Why do you need to destroy and re-create the condition variable?

>  }
>  
>  static void spapr_create_nvram(SpaprMachineState *spapr)
> @@ -2078,6 +2088,16 @@ static const VMStateDescription vmstate_spapr_dtb = {
>  },
>  };
>  
> +static const VMStateDescription vmstate_spapr_guest_mc_addr = {
> +.name = "spapr_guest_mc_addr",
> +.version_id = 1,
> +.minimum_version_id = 1,
> +.fields = (VMStateField[]) {
> +VMSTATE_UINT64(guest_machine_check_addr, SpaprMachineState),

It looks like mc_reset and mc_status would also need migration, at
least once they actually do something.

> +VMSTATE_END_OF_LIST()
> +},
> +};
> +
>  static const VMStateDescription vmstate_spapr = {
>  .name = "spapr",
>  .version_id = 3,
> @@ -2110,6 +2130,7 @@ static const VMStateDescription vmstate_spapr = {
>  &vmstate_spapr_dtb,
>  &vmstate_spapr_cap_large_decr,
>  &vmstate_spapr_cap_ccf_assist,
> +&vmstate_spapr_guest_mc_addr,
>  NULL
>  }
>  };
> @@ -3057,6 +3078,10 @@ static void spapr_machine_init(MachineState *machine)
>  
>  kvmppc_spapr_enable_inkernel_multitce();
>  }
> +
> +spapr->mc_status = -1;
> +spapr->mc_reset = 0;

Since this is a bool, you should use true/false rather than 0/1.

> +qemu_cond_init(&spapr->mc_delivery_cond);
>  }
>  
>  static int spapr_kvm_type(MachineState *machine, const char *vm_type)
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index 24c45b1..fb594a4 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -348,6 +348,38 @@ static void rtas_get_power_level(PowerPCCPU *cpu, 
> SpaprMachineState *spapr,
>  rtas_st(rets, 1, 100);
>  }
>  
> +static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
> +  SpaprMachineState *spapr,
> +  uint32_t token, uint32_t nargs,
> +  target_ulong args,
> +  uint32_t nret, target_ulong rets)
> +{
> +spapr->mc_reset = 0;
> +spapr->guest_machine_check_addr = rtas_ld(args, 1);
> +rtas_st(rets, 0, RTAS_OUT_SUCCESS);
> +}
> +
> +static void rtas_ibm_nmi_interlock(PowerPCCPU *cpu,
> +   SpaprMachineState *spapr,
> +   uint32_t token, uint32_t nargs,
> +   target_ulong args,
> +   uint32_t nret, target_ulong rets)
> +{
> +if (!spapr->guest_machine_check_addr) {
> +/* NMI register not called */
> +rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
> +} else {
> +/*
> + * VCPU issuing "ibm,nmi-interlock" is done with NMI handling,
> + * hence unset mc_status.
> + */
> +spapr->mc_status = -1;
> +qemu_cond_signal(&spapr->mc_delivery_cond);
> +rtas_st(rets, 0, RTAS_OUT_SUCCESS);
> +}
> +}
> +
> +
>  static struct rtas_call {
>  const char *name;
>  spapr_rtas_fn fn;
>

Re: [Qemu-devel] [RFC for-4.1 12/25] target/ppc: Style fixes for machine.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 



Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/machine.c | 106 +--
>  1 file changed, 63 insertions(+), 43 deletions(-)
> 
> diff --git a/target/ppc/machine.c b/target/ppc/machine.c
> index a92d0ad3a3..25cdb9088b 100644
> --- a/target/ppc/machine.c
> +++ b/target/ppc/machine.c
> @@ -24,22 +24,26 @@ static int cpu_load_old(QEMUFile *f, void *opaque, int 
> version_id)
>  #endif
>  target_ulong xer;
>  
> -for (i = 0; i < 32; i++)
> +for (i = 0; i < 32; i++) {
>  qemu_get_betls(f, &env->gpr[i]);
> +}
>  #if !defined(TARGET_PPC64)
> -for (i = 0; i < 32; i++)
> +for (i = 0; i < 32; i++) {
>  qemu_get_betls(f, &env->gprh[i]);
> +}
>  #endif
>  qemu_get_betls(f, &env->lr);
>  qemu_get_betls(f, &env->ctr);
> -for (i = 0; i < 8; i++)
> +for (i = 0; i < 8; i++) {
>  qemu_get_be32s(f, &env->crf[i]);
> +}
>  qemu_get_betls(f, &xer);
>  cpu_write_xer(env, xer);
>  qemu_get_betls(f, &env->reserve_addr);
>  qemu_get_betls(f, &env->msr);
> -for (i = 0; i < 4; i++)
> +for (i = 0; i < 4; i++) {
>  qemu_get_betls(f, &env->tgpr[i]);
> +}
>  for (i = 0; i < 32; i++) {
>  union {
>  float64 d;
> @@ -56,14 +60,19 @@ static int cpu_load_old(QEMUFile *f, void *opaque, int 
> version_id)
>  qemu_get_sbe32s(f, &slb_nr);
>  #endif
>  qemu_get_betls(f, &sdr1);
> -for (i = 0; i < 32; i++)
> +for (i = 0; i < 32; i++) {
>  qemu_get_betls(f, &env->sr[i]);
> -for (i = 0; i < 2; i++)
> -for (j = 0; j < 8; j++)
> +}
> +for (i = 0; i < 2; i++) {
> +for (j = 0; j < 8; j++) {
>  qemu_get_betls(f, &env->DBAT[i][j]);
> -for (i = 0; i < 2; i++)
> -for (j = 0; j < 8; j++)
> +}
> +}
> +for (i = 0; i < 2; i++) {
> +for (j = 0; j < 8; j++) {
>  qemu_get_betls(f, &env->IBAT[i][j]);
> +}
> +}
>  qemu_get_sbe32s(f, &env->nb_tlb);
>  qemu_get_sbe32s(f, &env->tlb_per_way);
>  qemu_get_sbe32s(f, &env->nb_ways);
> @@ -71,17 +80,19 @@ static int cpu_load_old(QEMUFile *f, void *opaque, int 
> version_id)
>  qemu_get_sbe32s(f, &env->id_tlbs);
>  qemu_get_sbe32s(f, &env->nb_pids);
>  if (env->tlb.tlb6) {
> -// XXX assumes 6xx
> +/* XXX assumes 6xx */
>  for (i = 0; i < env->nb_tlb; i++) {
>  qemu_get_betls(f, &env->tlb.tlb6[i].pte0);
>  qemu_get_betls(f, &env->tlb.tlb6[i].pte1);
>  qemu_get_betls(f, &env->tlb.tlb6[i].EPN);
>  }
>  }
> -for (i = 0; i < 4; i++)
> +for (i = 0; i < 4; i++) {
>  qemu_get_betls(f, &env->pb[i]);
> -for (i = 0; i < 1024; i++)
> +}
> +for (i = 0; i < 1024; i++) {
>  qemu_get_betls(f, &env->spr[i]);
> +}
>  if (!cpu->vhyp) {
>  ppc_store_sdr1(env, sdr1);
>  }
> @@ -94,8 +105,9 @@ static int cpu_load_old(QEMUFile *f, void *opaque, int 
> version_id)
>  qemu_get_sbe32s(f, &env->error_code);
>  qemu_get_be32s(f, &env->pending_interrupts);
>  qemu_get_be32s(f, &env->irq_input_state);
> -for (i = 0; i < POWERPC_EXCP_NB; i++)
> +for (i = 0; i < POWERPC_EXCP_NB; i++) {
>  qemu_get_betls(f, &env->excp_vectors[i]);
> +}
>  qemu_get_betls(f, &env->excp_prefix);
>  qemu_get_betls(f, &env->ivor_mask);
>  qemu_get_betls(f, &env->ivpr_mask);
> @@ -253,22 +265,24 @@ static int cpu_pre_save(void *opaque)
>  env->spr[SPR_BOOKE_SPEFSCR] = env->spe_fscr;
>  
>  for (i = 0; (i < 4) && (i < env->nb_BATs); i++) {
> -env->spr[SPR_DBAT0U + 2*i] = env->DBAT[0][i];
> -env->spr[SPR_DBAT0U + 2*i + 1] = env->DBAT[1][i];
> -env->spr[SPR_IBAT0U + 2*i] = env->IBAT[0][i];
> -env->spr[SPR_IBAT0U + 2*i + 1] = env->IBAT[1][i];
> +env->spr[SPR_DBAT0U + 2 * i] = env->DBAT[0][i];
> +env->spr[SPR_DBAT0U + 2 * i + 1] = env->DBAT[1][i];
> +env->spr[SPR_IBAT0U + 2 * i] = env->IBAT[0][i];
> +env->spr[SPR_IBAT0U + 2 * i + 1] = env->IBAT[1][i];
>  }
> -for (i = 0; (i < 4) && ((i+4) < env->nb_BATs); i++) {
> -env->spr[SPR_DBAT4U + 2*i] = env->DBAT[0][i+4];
> -env->spr[SPR_DBAT4U + 2*i + 1] = env->DBAT[1][i+4];
> -env->spr[SPR_IBAT4U + 2*i] = env->IBAT[0][i+4];
> -env->spr[SPR_IBAT4U + 2*i + 1] = env->IBAT[1][i+4];
> +for (i = 0; (i < 4) && ((i + 4) < env->nb_BATs); i++) {
> +env->spr[SPR_DBAT4U + 2 * i] = env->DBAT[0][i + 4];
> +env->spr[SPR_DBAT4U + 2 * i + 1] = env->DBAT[1][i + 4];
> +env->spr[SPR_IBAT4U + 2 * i] = env->IBAT[0][i + 4];
> +env->spr[SPR_IBAT4U + 2 * i + 1] = env->IBAT[1][i + 4];
>  }
>  
>  /* Hacks for migration compatibility between 2.6, 2.7 & 2.8 */
>  if (cpu->pre_2_8_migration) {
> -/* Mask out bits that got added to msr_mas

Re: [Qemu-devel] [PATCH v7 4/6] target/ppc: Build rtas error log

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 12:04:07PM +0530, Aravinda Prasad wrote:
> This patch builds the rtas error log, copies it to the
> rtas_addr and then invokes the guest registered machine
> check handler.

This commit message needs more context.  When is this occurring, why
do we need this?

[I can answer those questions now, but whether I - or anyone else -
 will be able to looking back at this commit from years in the future
 is a different question]

> 
> Signed-off-by: Aravinda Prasad 
> ---
>  hw/ppc/spapr.c |4 +
>  hw/ppc/spapr_events.c  |  247 
> 
>  include/hw/ppc/spapr.h |4 +
>  3 files changed, 255 insertions(+)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 744dcad..562d405 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2910,6 +2910,10 @@ static void spapr_machine_init(MachineState *machine)
>  error_report("Could not get size of LPAR rtas '%s'", filename);
>  exit(1);
>  }
> +
> +/* Resize blob to accommodate error log. */
> +spapr->rtas_size = spapr_get_rtas_size(spapr->rtas_size);
> +
>  spapr->rtas_blob = g_malloc(spapr->rtas_size);
>  if (load_image_size(filename, spapr->rtas_blob, spapr->rtas_size) < 0) {
>  error_report("Could not load LPAR rtas '%s'", filename);
> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
> index e7a24ad..d7cc0a4 100644
> --- a/hw/ppc/spapr_events.c
> +++ b/hw/ppc/spapr_events.c
> @@ -212,6 +212,106 @@ struct hp_extended_log {
>  struct rtas_event_log_v6_hp hp;
>  } QEMU_PACKED;
>  
> +struct rtas_event_log_v6_mc {
> +#define RTAS_LOG_V6_SECTION_ID_MC   0x4D43 /* MC */
> +struct rtas_event_log_v6_section_header hdr;
> +uint32_t fru_id;
> +uint32_t proc_id;
> +uint8_t error_type;
> +#define RTAS_LOG_V6_MC_TYPE_UE   0
> +#define RTAS_LOG_V6_MC_TYPE_SLB  1
> +#define RTAS_LOG_V6_MC_TYPE_ERAT 2
> +#define RTAS_LOG_V6_MC_TYPE_TLB  4
> +#define RTAS_LOG_V6_MC_TYPE_D_CACHE  5
> +#define RTAS_LOG_V6_MC_TYPE_I_CACHE  7
> +uint8_t sub_err_type;
> +#define RTAS_LOG_V6_MC_UE_INDETERMINATE  0
> +#define RTAS_LOG_V6_MC_UE_IFETCH 1
> +#define RTAS_LOG_V6_MC_UE_PAGE_TABLE_WALK_IFETCH 2
> +#define RTAS_LOG_V6_MC_UE_LOAD_STORE 3
> +#define RTAS_LOG_V6_MC_UE_PAGE_TABLE_WALK_LOAD_STORE 4
> +#define RTAS_LOG_V6_MC_SLB_PARITY0
> +#define RTAS_LOG_V6_MC_SLB_MULTIHIT  1
> +#define RTAS_LOG_V6_MC_SLB_INDETERMINATE 2
> +#define RTAS_LOG_V6_MC_ERAT_PARITY   1
> +#define RTAS_LOG_V6_MC_ERAT_MULTIHIT 2
> +#define RTAS_LOG_V6_MC_ERAT_INDETERMINATE3
> +#define RTAS_LOG_V6_MC_TLB_PARITY1
> +#define RTAS_LOG_V6_MC_TLB_MULTIHIT  2
> +#define RTAS_LOG_V6_MC_TLB_INDETERMINATE 3
> +uint8_t reserved_1[6];
> +uint64_t effective_address;
> +uint64_t logical_address;
> +} QEMU_PACKED;
> +
> +struct mc_extended_log {
> +struct rtas_event_log_v6 v6hdr;
> +struct rtas_event_log_v6_mc mc;
> +} QEMU_PACKED;
> +
> +struct MC_ierror_table {
> +unsigned long srr1_mask;
> +unsigned long srr1_value;
> +bool nip_valid; /* nip is a valid indicator of faulting address */
> +uint8_t error_type;
> +uint8_t error_subtype;
> +unsigned int initiator;
> +unsigned int severity;
> +};
> +
> +static const struct MC_ierror_table mc_ierror_table[] = {
> +{ 0x081c, 0x0004, true,
> +  RTAS_LOG_V6_MC_TYPE_UE, RTAS_LOG_V6_MC_UE_IFETCH,
> +  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
> +{ 0x081c, 0x0008, true,
> +  RTAS_LOG_V6_MC_TYPE_SLB, RTAS_LOG_V6_MC_SLB_PARITY,
> +  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
> +{ 0x081c, 0x000c, true,
> +  RTAS_LOG_V6_MC_TYPE_SLB, RTAS_LOG_V6_MC_SLB_MULTIHIT,
> +  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
> +{ 0x081c, 0x0010, true,
> +  RTAS_LOG_V6_MC_TYPE_ERAT, RTAS_LOG_V6_MC_ERAT_MULTIHIT,
> +  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
> +{ 0x081c, 0x0014, true,
> +  RTAS_LOG_V6_MC_TYPE_TLB, RTAS_LOG_V6_MC_TLB_MULTIHIT,
> +  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
> +{ 0x081c, 0x0018, true,
> +  RTAS_LOG_V6_MC_TYPE_UE, RTAS_LOG_V6_MC_UE_PAGE_TABLE_WALK_IFETCH,
> +  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
> +{ 0, 0, 0, 0, 0, 0 } };
> +
> +struct MC_derror_table {
> +unsigned long dsisr_value;
> +bool dar_valid; /* dar is a valid indicator of faulting address */
> +uint8_t error_type;
> +uint8_t error_subtype;
> +unsigned int initiator;
> +unsign

Re: [Qemu-devel] [PATCH v7 2/6] Wrapper function to wait on condition for the main loop mutex

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 12:03:49PM +0530, Aravinda Prasad wrote:
> Introduce a wrapper function to wait on condition for
> the main loop mutex. This function atomically releases
> the main loop mutex and causes the calling thread to
> block on the condition.
> 
> Signed-off-by: Aravinda Prasad 

I don't see much value to this.  It's not really more expressive, and
is barely shorted than just open coding
qemu_cond_wait(cond, &qemu_global_mutex)
wherever you need it.


> ---
>  cpus.c   |5 +
>  include/qemu/main-loop.h |8 
>  2 files changed, 13 insertions(+)
> 
> diff --git a/cpus.c b/cpus.c
> index e83f72b..d9379e7 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -1858,6 +1858,11 @@ void qemu_mutex_unlock_iothread(void)
>  qemu_mutex_unlock(&qemu_global_mutex);
>  }
>  
> +void qemu_cond_wait_iothread(QemuCond *cond)
> +{
> +qemu_cond_wait(cond, &qemu_global_mutex);
> +}
> +
>  static bool all_vcpus_paused(void)
>  {
>  CPUState *cpu;
> diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
> index f6ba78e..a6d20b0 100644
> --- a/include/qemu/main-loop.h
> +++ b/include/qemu/main-loop.h
> @@ -295,6 +295,14 @@ void qemu_mutex_lock_iothread_impl(const char *file, int 
> line);
>   */
>  void qemu_mutex_unlock_iothread(void);
>  
> +/*
> + * qemu_cond_wait_iothread: Wait on condition for the main loop mutex
> + *
> + * This function atomically releases the main loop mutex and causes
> + * the calling thread to block on the condition.
> + */
> +void qemu_cond_wait_iothread(QemuCond *cond);
> +
>  /* internal interfaces */
>  
>  void qemu_fd_register(int fd);
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [RFC for-4.1 19/25] target/ppc: Style fixes for monitor.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/monitor.c | 13 +++--
>  1 file changed, 7 insertions(+), 6 deletions(-)
> 
> diff --git a/target/ppc/monitor.c b/target/ppc/monitor.c
> index 04deec8030..451ca722b3 100644
> --- a/target/ppc/monitor.c
> +++ b/target/ppc/monitor.c
> @@ -27,32 +27,33 @@
>  #include "monitor/hmp-target.h"
>  #include "hmp.h"
>  
> -static target_long monitor_get_ccr (const struct MonitorDef *md, int val)
> +static target_long monitor_get_ccr(const struct MonitorDef *md, int val)
>  {
>  CPUArchState *env = mon_get_cpu_env();
>  unsigned int u;
>  int i;
>  
>  u = 0;
> -for (i = 0; i < 8; i++)
> +for (i = 0; i < 8; i++) {
>  u |= env->crf[i] << (32 - (4 * (i + 1)));
> +}
>  
>  return u;
>  }
>  
> -static target_long monitor_get_decr (const struct MonitorDef *md, int val)
> +static target_long monitor_get_decr(const struct MonitorDef *md, int val)
>  {
>  CPUArchState *env = mon_get_cpu_env();
>  return cpu_ppc_load_decr(env);
>  }
>  
> -static target_long monitor_get_tbu (const struct MonitorDef *md, int val)
> +static target_long monitor_get_tbu(const struct MonitorDef *md, int val)
>  {
>  CPUArchState *env = mon_get_cpu_env();
>  return cpu_ppc_load_tbu(env);
>  }
>  
> -static target_long monitor_get_tbl (const struct MonitorDef *md, int val)
> +static target_long monitor_get_tbl(const struct MonitorDef *md, int val)
>  {
>  CPUArchState *env = mon_get_cpu_env();
>  return cpu_ppc_load_tbl(env);
> @@ -66,7 +67,7 @@ void hmp_info_tlb(Monitor *mon, const QDict *qdict)
>  monitor_printf(mon, "No CPU available\n");
>  return;
>  }
> -dump_mmu((FILE*)mon, (fprintf_function)monitor_printf, env1);
> +dump_mmu((FILE *)mon, (fprintf_function)monitor_printf, env1);
>  }
>  
>  const MonitorDef monitor_defs[] = {
> 




Re: [Qemu-devel] [RFC for-4.1 10/25] target/ppc: Style fixes for helper_regs.h

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/helper_regs.h | 10 ++
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/target/ppc/helper_regs.h b/target/ppc/helper_regs.h
> index a2205e1044..8397819dee 100644
> --- a/target/ppc/helper_regs.h
> +++ b/target/ppc/helper_regs.h
> @@ -44,10 +44,11 @@ static inline void hreg_swap_gpr_tgpr(CPUPPCState *env)
>  
>  static inline void hreg_compute_mem_idx(CPUPPCState *env)
>  {
> -/* This is our encoding for server processors. The architecture
> +/*
> + * This is our encoding for server processors. The architecture
>   * specifies that there is no such thing as userspace with
> - * translation off, however it appears that MacOS does it and
> - * some 32-bit CPUs support it. Weird...
> + * translation off, however it appears that MacOS does it and some
> + * 32-bit CPUs support it. Weird...
>   *
>   *   0 = Guest User space virtual mode
>   *   1 = Guest Kernel space virtual mode
> @@ -143,7 +144,8 @@ static inline int hreg_store_msr(CPUPPCState *env, 
> target_ulong value,
>  /* Change the exception prefix on PowerPC 601 */
>  env->excp_prefix = ((value >> MSR_EP) & 1) * 0xFFF0;
>  }
> -/* If PR=1 then EE, IR and DR must be 1
> +/*
> + * If PR=1 then EE, IR and DR must be 1
>   *
>   * Note: We only enforce this on 64-bit server processors.
>   * It appears that:
> 




Re: [Qemu-devel] [RFC for-4.1 15/25] target/ppc: Style fixes for misc_helper.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/misc_helper.c | 9 +
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
> index c65d1ade15..0a81e98ee9 100644
> --- a/target/ppc/misc_helper.c
> +++ b/target/ppc/misc_helper.c
> @@ -210,10 +210,11 @@ void ppc_store_msr(CPUPPCState *env, target_ulong value)
>  hreg_store_msr(env, value, 0);
>  }
>  
> -/* This code is lifted from MacOnLinux. It is called whenever
> - * THRM1,2 or 3 is read an fixes up the values in such a way
> - * that will make MacOS not hang. These registers exist on some
> - * 75x and 74xx processors.
> +/*
> + * This code is lifted from MacOnLinux. It is called whenever THRM1,2
> + * or 3 is read an fixes up the values in such a way that will make
> + * MacOS not hang. These registers exist on some 75x and 74xx
> + * processors.
>   */
>  void helper_fixup_thrm(CPUPPCState *env)
>  {
> 




Re: [Qemu-devel] [PATCH v7 6/6] migration: Block migration while handling machine check

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 12:04:25PM +0530, Aravinda Prasad wrote:
> Block VM migration requests until the machine check
> error handling is complete as (i) these errors are
> specific to the source hardware and is irrelevant on
> the target hardware, (ii) these errors cause data
> corruption and should be handled before migration.
> 
> Signed-off-by: Aravinda Prasad 
> ---
>  hw/ppc/spapr_events.c  |   17 +
>  hw/ppc/spapr_rtas.c|4 
>  include/hw/ppc/spapr.h |3 +++
>  3 files changed, 24 insertions(+)
> 
> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
> index d7cc0a4..6356a38 100644
> --- a/hw/ppc/spapr_events.c
> +++ b/hw/ppc/spapr_events.c
> @@ -41,6 +41,7 @@
>  #include "qemu/bcd.h"
>  #include "hw/ppc/spapr_ovec.h"
>  #include 
> +#include "migration/blocker.h"
>  
>  #define RTAS_LOG_VERSION_MASK   0xff00
>  #define   RTAS_LOG_VERSION_60x0600
> @@ -866,6 +867,22 @@ static void spapr_mce_build_elog(PowerPCCPU *cpu, bool 
> recovered)
>  void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
>  {
>  SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
> +int ret;
> +Error *local_err = NULL;
> +
> +error_setg(&spapr->migration_blocker,
> +"Live migration not supported during machine check handling");
> +ret = migrate_add_blocker(spapr->migration_blocker, &local_err);
> +if (ret < 0) {
> +/*
> + * We don't want to abort and let the migration to continue. In a
> + * rare case, the machine check handler will run on the target
> + * hardware. Though this is not preferable, it is better than 
> aborting
> + * the migration or killing the VM.

Can't you just discard the error in that case?

> + */
> +error_free(spapr->migration_blocker);
> +fprintf(stderr, "Warning: Machine check during VM migration\n");
> +}
>  
>  while (spapr->mc_status != -1) {
>  /*
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index 939f428..b0676f1 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -50,6 +50,7 @@
>  #include "target/ppc/mmu-hash64.h"
>  #include "target/ppc/mmu-book3s-v3.h"
>  #include "kvm_ppc.h"
> +#include "migration/blocker.h"
>  
>  static void rtas_display_character(PowerPCCPU *cpu, SpaprMachineState *spapr,
> uint32_t token, uint32_t nargs,
> @@ -391,6 +392,9 @@ static void rtas_ibm_nmi_interlock(PowerPCCPU *cpu,
>  spapr->mc_status = -1;
>  qemu_cond_signal(&spapr->mc_delivery_cond);
>  rtas_st(rets, 0, RTAS_OUT_SUCCESS);
> +migrate_del_blocker(spapr->migration_blocker);
> +error_free(spapr->migration_blocker);
> +spapr->migration_blocker = NULL;
>  }
>  }
>  
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index 0c9dec1..b8eced4 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -10,6 +10,7 @@
>  #include "hw/ppc/spapr_irq.h"
>  #include "hw/ppc/spapr_xive.h"  /* For SpaprXive */
>  #include "hw/ppc/xics.h"/* For ICSState */
> +#include "qapi/error.h"
>  
>  struct SpaprVioBus;
>  struct SpaprPhbState;
> @@ -212,6 +213,8 @@ struct SpaprMachineState {
>  SpaprCapabilities def, eff, mig;
>  
>  unsigned gpu_numa_id;
> +
> +Error *migration_blocker;
>  };
>  
>  #define H_SUCCESS 0
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [RFC for-4.1 18/25] target/ppc: Style fixes for mmu_helper.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/mmu_helper.c | 131 
>  1 file changed, 80 insertions(+), 51 deletions(-)
> 
> diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
> index 4a6be4d63b..a01a12a4af 100644
> --- a/target/ppc/mmu_helper.c
> +++ b/target/ppc/mmu_helper.c
> @@ -32,11 +32,11 @@
>  #include "mmu-book3s-v3.h"
>  #include "mmu-radix64.h"
>  
> -//#define DEBUG_MMU
> -//#define DEBUG_BATS
> -//#define DEBUG_SOFTWARE_TLB
> -//#define DUMP_PAGE_TABLES
> -//#define FLUSH_ALL_TLBS
> +/* #define DEBUG_MMU */
> +/* #define DEBUG_BATS */
> +/* #define DEBUG_SOFTWARE_TLB */
> +/* #define DUMP_PAGE_TABLES */
> +/* #define FLUSH_ALL_TLBS */
>  
>  #ifdef DEBUG_MMU
>  #  define LOG_MMU_STATE(cpu) log_cpu_state_mask(CPU_LOG_MMU, (cpu), 0)
> @@ -151,7 +151,8 @@ static int check_prot(int prot, int rw, int access_type)
>  }
>  
>  static inline int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
> -   target_ulong pte1, int h, int rw, int 
> type)
> +   target_ulong pte1, int h,
> +   int rw, int type)
>  {
>  target_ulong ptem, mmask;
>  int access, ret, pteh, ptev, pp;
> @@ -331,7 +332,8 @@ static inline int ppc6xx_tlb_check(CPUPPCState *env, 
> mmu_ctx_t *ctx,
>pte_is_valid(tlb->pte0) ? "valid" : "inval",
>tlb->EPN, eaddr, tlb->pte1,
>rw ? 'S' : 'L', access_type == ACCESS_CODE ? 'I' : 'D');
> -switch (ppc6xx_tlb_pte_check(ctx, tlb->pte0, tlb->pte1, 0, rw, 
> access_type)) {
> +switch (ppc6xx_tlb_pte_check(ctx, tlb->pte0, tlb->pte1,
> + 0, rw, access_type)) {
>  case -3:
>  /* TLB inconsistency */
>  return -1;
> @@ -346,9 +348,11 @@ static inline int ppc6xx_tlb_check(CPUPPCState *env, 
> mmu_ctx_t *ctx,
>  break;
>  case 0:
>  /* access granted */
> -/* XXX: we should go on looping to check all TLBs consistency
> - *  but we can speed-up the whole thing as the
> - *  result would be undefined if TLBs are not consistent.
> +/*
> + * XXX: we should go on looping to check all TLBs
> + *  consistency but we can speed-up the whole thing as
> + *  the result would be undefined if TLBs are not
> + *  consistent.
>   */
>  ret = 0;
>  best = nr;
> @@ -549,14 +553,17 @@ static inline int get_segment_6xx_tlb(CPUPPCState *env, 
> mmu_ctx_t *ctx,
>  qemu_log_mask(CPU_LOG_MMU, "direct store...\n");
>  /* Direct-store segment : absolutely *BUGGY* for now */
>  
> -/* Direct-store implies a 32-bit MMU.
> +/*
> + * Direct-store implies a 32-bit MMU.
>   * Check the Segment Register's bus unit ID (BUID).
>   */
>  sr = env->sr[eaddr >> 28];
>  if ((sr & 0x1FF0) >> 20 == 0x07f) {
>  /* Memory-forced I/O controller interface access */
> -/* If T=1 and BUID=x'07F', the 601 performs a memory access
> - * to SR[28-31] LA[4-31], bypassing all protection mechanisms.
> +/*
> + * If T=1 and BUID=x'07F', the 601 performs a memory
> + * access to SR[28-31] LA[4-31], bypassing all protection
> + * mechanisms.
>   */
>  ctx->raddr = ((sr & 0xF) << 28) | (eaddr & 0x0FFF);
>  ctx->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
> @@ -578,8 +585,9 @@ static inline int get_segment_6xx_tlb(CPUPPCState *env, 
> mmu_ctx_t *ctx,
>  return -4;
>  case ACCESS_CACHE:
>  /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
> -/* Should make the instruction do no-op.
> - * As it already do no-op, it's quite easy :-)
> +/*
> + * Should make the instruction do no-op.  As it already do
> + * no-op, it's quite easy :-)
>   */
>  ctx->raddr = eaddr;
>  return 0;
> @@ -941,12 +949,14 @@ static uint32_t mmubooke206_esr(int mmu_idx, bool rw)
>  return esr;
>  }
>  
> -/* Get EPID register given the mmu_idx. If this is regular load,
> - * construct the EPID access bits from current processor state  */
> -
> -/* Get the effective AS and PR bits and the PID. The PID is returned only if
> - * EPID load is requested, otherwise the caller must detect the correct EPID.
> - * Return true if valid EPID is returned. */
> +/*
> + * Get EPID register given the mmu_idx. If this is regular load,
> + * construct the EPID access bits from current processor state
> + *
> + * Get the effective AS and PR bits and the PID. The PID is returned
> + * only if EPID

Re: [Qemu-devel] [RFC for-4.1 14/25] target/ppc: Style fixes for mfrom_table.inc.c & mfrom_table_gen.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/mfrom_table.inc.c | 3 +--
>  target/ppc/mfrom_table_gen.c | 8 +---
>  2 files changed, 6 insertions(+), 5 deletions(-)
> 
> diff --git a/target/ppc/mfrom_table.inc.c b/target/ppc/mfrom_table.inc.c
> index 6a1fa375c9..1653b974a4 100644
> --- a/target/ppc/mfrom_table.inc.c
> +++ b/target/ppc/mfrom_table.inc.c
> @@ -1,5 +1,4 @@
> -static const uint8_t mfrom_ROM_table[602] =
> -{
> +static const uint8_t mfrom_ROM_table[602] = {
>   77,  77,  76,  76,  75,  75,  74,  74,
>   73,  73,  72,  72,  71,  71,  70,  70,
>   69,  69,  68,  68,  68,  67,  67,  66,
> diff --git a/target/ppc/mfrom_table_gen.c b/target/ppc/mfrom_table_gen.c
> index 631791808e..f96c4268ba 100644
> --- a/target/ppc/mfrom_table_gen.c
> +++ b/target/ppc/mfrom_table_gen.c
> @@ -2,7 +2,7 @@
>  #include "qemu/osdep.h"
>  #include 
>  
> -int main (void)
> +int main(void)
>  {
>  double d;
>  uint8_t n;
> @@ -10,7 +10,8 @@ int main (void)
>  
>  printf("static const uint8_t mfrom_ROM_table[602] =\n{\n");
>  for (i = 0; i < 602; i++) {
> -/* Extremely decomposed:
> +/*
> + * Extremely decomposed:
>   *-T0 / 256
>   * T0 = 256 * log10(10  + 1.0) + 0.5
>   */
> @@ -23,8 +24,9 @@ int main (void)
>  d += 0.5;
>  n = d;
>  printf("%3d, ", n);
> -if ((i & 7) == 7)
> +if ((i & 7) == 7) {
>  printf("\n");
> +}
>  }
>  printf("\n};\n");
>  
> 




Re: [Qemu-devel] [RFC for-4.1 07/25] target/ppc: Style fixes for dfp_helper.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 



Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/dfp_helper.c | 14 +++---
>  1 file changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/target/ppc/dfp_helper.c b/target/ppc/dfp_helper.c
> index 9164fe701b..ddab65c7ba 100644
> --- a/target/ppc/dfp_helper.c
> +++ b/target/ppc/dfp_helper.c
> @@ -1104,19 +1104,19 @@ void helper_##op(CPUPPCState *env, uint64_t *t, 
> uint64_t *b, uint32_t s) \
>  }
> \
>  }
> \
>   
> \
> -while (offset < (size)/4) {  
> \
> +while (offset < (size) / 4) {
> \
>  n++; 
> \
> -digits[(size)/4-n] = dfp_get_bcd_digit_##size(dfp.b64, offset++);
> \
> -if (digits[(size)/4-n] > 10) {   
> \
> +digits[(size) / 4 - n] = dfp_get_bcd_digit_##size(dfp.b64, 
> offset++); \
> +if (digits[(size) / 4 - n] > 10) {   
> \
>  dfp_set_FPSCR_flag(&dfp, FP_VX | FP_VXCVI, FPSCR_VE);
> \
>  return;  
> \
>  } else { 
> \
> -nonzero |= (digits[(size)/4-n] > 0); 
> \
> +nonzero |= (digits[(size) / 4 - n] > 0); 
> \
>  }
> \
>  }
> \
>   
> \
>  if (nonzero) {   
> \
> -decNumberSetBCD(&dfp.t, digits+((size)/4)-n, n); 
> \
> +decNumberSetBCD(&dfp.t, digits+((size) / 4) - n, n); 
> \
>  }
> \
>   
> \
>  if (s && sgn)  { 
> \
> @@ -1170,13 +1170,13 @@ DFP_HELPER_XEX(dxexq, 128)
>  static void dfp_set_raw_exp_64(uint64_t *t, uint64_t raw)
>  {
>  *t &= 0x8003ULL;
> -*t |= (raw << (63-13));
> +*t |= (raw << (63 - 13));
>  }
>  
>  static void dfp_set_raw_exp_128(uint64_t *t, uint64_t raw)
>  {
>  t[HI_IDX] &= 0x80003fffULL;
> -t[HI_IDX] |= (raw << (63-17));
> +t[HI_IDX] |= (raw << (63 - 17));
>  }
>  
>  #define DFP_HELPER_IEX(op, size)  \
> 




Re: [Qemu-devel] [RFC for-4.1 13/25] target/ppc: Style fixes for mem_helper.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/mem_helper.c | 33 +++--
>  1 file changed, 19 insertions(+), 14 deletions(-)
> 
> diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
> index 9c5a68579e..5b0f9ee50d 100644
> --- a/target/ppc/mem_helper.c
> +++ b/target/ppc/mem_helper.c
> @@ -27,7 +27,7 @@
>  #include "internal.h"
>  #include "qemu/atomic128.h"
>  
> -//#define DEBUG_OP
> +/* #define DEBUG_OP */
>  
>  static inline bool needs_byteswap(const CPUPPCState *env)
>  {
> @@ -103,10 +103,11 @@ void helper_lsw(CPUPPCState *env, target_ulong addr, 
> uint32_t nb, uint32_t reg)
>  do_lsw(env, addr, nb, reg, GETPC());
>  }
>  
> -/* PPC32 specification says we must generate an exception if
> - * rA is in the range of registers to be loaded.
> - * In an other hand, IBM says this is valid, but rA won't be loaded.
> - * For now, I'll follow the spec...
> +/*
> + * PPC32 specification says we must generate an exception if rA is in
> + * the range of registers to be loaded.  In an other hand, IBM says
> + * this is valid, but rA won't be loaded.  For now, I'll follow the
> + * spec...
>   */
>  void helper_lswx(CPUPPCState *env, target_ulong addr, uint32_t reg,
>   uint32_t ra, uint32_t rb)
> @@ -199,7 +200,8 @@ void helper_dcbzep(CPUPPCState *env, target_ulong addr, 
> uint32_t opcode)
>  void helper_icbi(CPUPPCState *env, target_ulong addr)
>  {
>  addr &= ~(env->dcache_line_size - 1);
> -/* Invalidate one cache line :
> +/*
> + * Invalidate one cache line :
>   * PowerPC specification says this is to be treated like a load
>   * (not a fetch) by the MMU. To be sure it will be so,
>   * do the load "by hand".
> @@ -346,17 +348,19 @@ uint32_t helper_stqcx_be_parallel(CPUPPCState *env, 
> target_ulong addr,
>  #define LO_IDX 0
>  #endif
>  
> -/* We use msr_le to determine index ordering in a vector.  However,
> -   byteswapping is not simply controlled by msr_le.  We also need to take
> -   into account endianness of the target.  This is done for the little-endian
> -   PPC64 user-mode target. */
> +/*
> + * We use msr_le to determine index ordering in a vector.  However,
> + * byteswapping is not simply controlled by msr_le.  We also need to
> + * take into account endianness of the target.  This is done for the
> + * little-endian PPC64 user-mode target.
> + */
>  
>  #define LVE(name, access, swap, element)\
>  void helper_##name(CPUPPCState *env, ppc_avr_t *r,  \
> target_ulong addr)   \
>  {   \
>  size_t n_elems = ARRAY_SIZE(r->element);\
> -int adjust = HI_IDX*(n_elems - 1);  \
> +int adjust = HI_IDX * (n_elems - 1);\
>  int sh = sizeof(r->element[0]) >> 1;\
>  int index = (addr & 0xf) >> sh; \
>  if (msr_le) {   \
> @@ -476,12 +480,13 @@ VSX_STXVL(stxvll, 1)
>  
>  void helper_tbegin(CPUPPCState *env)
>  {
> -/* As a degenerate implementation, always fail tbegin.  The reason
> +/*
> + * As a degenerate implementation, always fail tbegin.  The reason
>   * given is "Nesting overflow".  The "persistent" bit is set,
>   * providing a hint to the error handler to not retry.  The TFIAR
>   * captures the address of the failure, which is this tbegin
> - * instruction.  Instruction execution will continue with the
> - * next instruction in memory, which is precisely what we want.
> + * instruction.  Instruction execution will continue with the next
> + * instruction in memory, which is precisely what we want.
>   */
>  
>  env->spr[SPR_TEXASR] =
> 




Re: [Qemu-devel] [RFC for-4.1 17/25] target/ppc: Style fixes for mmu-hash64.[ch]

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/mmu-hash64.c | 62 +
>  1 file changed, 38 insertions(+), 24 deletions(-)
> 
> diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
> index a2b1ec5040..90f4b306b2 100644
> --- a/target/ppc/mmu-hash64.c
> +++ b/target/ppc/mmu-hash64.c
> @@ -29,7 +29,7 @@
>  #include "hw/hw.h"
>  #include "mmu-book3s-v3.h"
>  
> -//#define DEBUG_SLB
> +/* #define DEBUG_SLB */
>  
>  #ifdef DEBUG_SLB
>  #  define LOG_SLB(...) qemu_log_mask(CPU_LOG_MMU, __VA_ARGS__)
> @@ -57,9 +57,11 @@ static ppc_slb_t *slb_lookup(PowerPCCPU *cpu, target_ulong 
> eaddr)
>  
>  LOG_SLB("%s: slot %d %016" PRIx64 " %016"
>  PRIx64 "\n", __func__, n, slb->esid, slb->vsid);
> -/* We check for 1T matches on all MMUs here - if the MMU
> +/*
> + * We check for 1T matches on all MMUs here - if the MMU
>   * doesn't have 1T segment support, we will have prevented 1T
> - * entries from being inserted in the slbmte code. */
> + * entries from being inserted in the slbmte code.
> + */
>  if (((slb->esid == esid_256M) &&
>   ((slb->vsid & SLB_VSID_B) == SLB_VSID_B_256M))
>  || ((slb->esid == esid_1T) &&
> @@ -102,7 +104,8 @@ void helper_slbia(CPUPPCState *env)
>  
>  if (slb->esid & SLB_ESID_V) {
>  slb->esid &= ~SLB_ESID_V;
> -/* XXX: given the fact that segment size is 256 MB or 1TB,
> +/*
> + * XXX: given the fact that segment size is 256 MB or 1TB,
>   *  and we still don't have a tlb_flush_mask(env, n, mask)
>   *  in QEMU, we just invalidate all TLBs
>   */
> @@ -125,7 +128,8 @@ static void __helper_slbie(CPUPPCState *env, target_ulong 
> addr,
>  if (slb->esid & SLB_ESID_V) {
>  slb->esid &= ~SLB_ESID_V;
>  
> -/* XXX: given the fact that segment size is 256 MB or 1TB,
> +/*
> + * XXX: given the fact that segment size is 256 MB or 1TB,
>   *  and we still don't have a tlb_flush_mask(env, n, mask)
>   *  in QEMU, we just invalidate all TLBs
>   */
> @@ -305,8 +309,10 @@ static int ppc_hash64_pte_prot(PowerPCCPU *cpu,
>  {
>  CPUPPCState *env = &cpu->env;
>  unsigned pp, key;
> -/* Some pp bit combinations have undefined behaviour, so default
> - * to no access in those cases */
> +/*
> + * Some pp bit combinations have undefined behaviour, so default
> + * to no access in those cases
> + */
>  int prot = 0;
>  
>  key = !!(msr_pr ? (slb->vsid & SLB_VSID_KP)
> @@ -375,7 +381,7 @@ static int ppc_hash64_amr_prot(PowerPCCPU *cpu, 
> ppc_hash_pte64_t pte)
>  }
>  
>  key = HPTE64_R_KEY(pte.pte1);
> -amrbits = (env->spr[SPR_AMR] >> 2*(31 - key)) & 0x3;
> +amrbits = (env->spr[SPR_AMR] >> 2 * (31 - key)) & 0x3;
>  
>  /* fprintf(stderr, "AMR protection: key=%d AMR=0x%" PRIx64 "\n", key, */
>  /* env->spr[SPR_AMR]); */
> @@ -546,8 +552,9 @@ static hwaddr ppc_hash64_pteg_search(PowerPCCPU *cpu, 
> hwaddr hash,
>  if (*pshift == 0) {
>  continue;
>  }
> -/* We don't do anything with pshift yet as qemu TLB only deals
> - * with 4K pages anyway
> +/*
> + * We don't do anything with pshift yet as qemu TLB only
> + * deals with 4K pages anyway
>   */
>  pte->pte0 = pte0;
>  pte->pte1 = pte1;
> @@ -571,8 +578,10 @@ static hwaddr ppc_hash64_htab_lookup(PowerPCCPU *cpu,
>  uint64_t vsid, epnmask, epn, ptem;
>  const PPCHash64SegmentPageSizes *sps = slb->sps;
>  
> -/* The SLB store path should prevent any bad page size encodings
> - * getting in there, so: */
> +/*
> + * The SLB store path should prevent any bad page size encodings
> + * getting in there, so:
> + */
>  assert(sps);
>  
>  /* If ISL is set in LPCR we need to clamp the page size to 4K */
> @@ -731,11 +740,12 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, vaddr 
> eaddr,
>  
>  assert((rwx == 0) || (rwx == 1) || (rwx == 2));
>  
> -/* Note on LPCR usage: 970 uses HID4, but our special variant
> - * of store_spr copies relevant fields into env->spr[SPR_LPCR].
> - * Similarily we filter unimplemented bits when storing into
> - * LPCR depending on the MMU version. This code can thus just
> - * use the LPCR "as-is".
> +/*
> + * Note on LPCR usage: 970 uses HID4, but our special variant of
> + * store_spr copies relevant fields into env->spr[SPR_LPCR].
> + * Similarily we filter unimplemented bits when storing into LPCR
> + * depending on the MMU version. This code can thus just use the
> + * LPCR "as-is".
>   */
>  
>  /* 1. Handle real mode a

Re: [Qemu-devel] [RFC for-4.1 06/25] target/ppc: Style fixes for fpu_helper.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/fpu_helper.c | 134 +---
>  1 file changed, 83 insertions(+), 51 deletions(-)
> 
> diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
> index 2ed4f42275..0b7308f539 100644
> --- a/target/ppc/fpu_helper.c
> +++ b/target/ppc/fpu_helper.c
> @@ -90,10 +90,12 @@ uint32_t helper_tosingle(uint64_t arg)
>  ret  = extract64(arg, 62, 2) << 30;
>  ret |= extract64(arg, 29, 30);
>  } else {
> -/* Zero or Denormal result.  If the exponent is in bounds for
> - * a single-precision denormal result, extract the proper bits.
> - * If the input is not zero, and the exponent is out of bounds,
> - * then the result is undefined; this underflows to zero.
> +/*
> + * Zero or Denormal result.  If the exponent is in bounds for
> + * a single-precision denormal result, extract the proper
> + * bits.  If the input is not zero, and the exponent is out of
> + * bounds, then the result is undefined; this underflows to
> + * zero.
>   */
>  ret = extract64(arg, 63, 1) << 31;
>  if (unlikely(exp >= 874)) {
> @@ -1090,7 +1092,7 @@ uint32_t helper_ftsqrt(uint64_t frb)
>  fe_flag = 1;
>  } else if (unlikely(float64_is_neg(frb))) {
>  fe_flag = 1;
> -} else if (!float64_is_zero(frb) && (e_b <= (-1022+52))) {
> +} else if (!float64_is_zero(frb) && (e_b <= (-1022 + 52))) {
>  fe_flag = 1;
>  }
>  
> @@ -1789,7 +1791,8 @@ uint32_t helper_efdcmpeq(CPUPPCState *env, uint64_t 
> op1, uint64_t op2)
>  #define float64_to_float64(x, env) x
>  
>  
> -/* VSX_ADD_SUB - VSX floating point add/subract
> +/*
> + * VSX_ADD_SUB - VSX floating point add/subract
>   *   name  - instruction mnemonic
>   *   op- operation (add or sub)
>   *   nels  - number of elements (1, 2 or 4)
> @@ -1872,7 +1875,8 @@ void helper_xsaddqp(CPUPPCState *env, uint32_t opcode)
>  do_float_check_status(env, GETPC());
>  }
>  
> -/* VSX_MUL - VSX floating point multiply
> +/*
> + * VSX_MUL - VSX floating point multiply
>   *   op- instruction mnemonic
>   *   nels  - number of elements (1, 2 or 4)
>   *   tp- type (float32 or float64)
> @@ -1950,7 +1954,8 @@ void helper_xsmulqp(CPUPPCState *env, uint32_t opcode)
>  do_float_check_status(env, GETPC());
>  }
>  
> -/* VSX_DIV - VSX floating point divide
> +/*
> + * VSX_DIV - VSX floating point divide
>   *   op- instruction mnemonic
>   *   nels  - number of elements (1, 2 or 4)
>   *   tp- type (float32 or float64)
> @@ -2034,7 +2039,8 @@ void helper_xsdivqp(CPUPPCState *env, uint32_t opcode)
>  do_float_check_status(env, GETPC());
>  }
>  
> -/* VSX_RE  - VSX floating point reciprocal estimate
> +/*
> + * VSX_RE  - VSX floating point reciprocal estimate
>   *   op- instruction mnemonic
>   *   nels  - number of elements (1, 2 or 4)
>   *   tp- type (float32 or float64)
> @@ -2075,7 +2081,8 @@ VSX_RE(xsresp, 1, float64, VsrD(0), 1, 1)
>  VSX_RE(xvredp, 2, float64, VsrD(i), 0, 0)
>  VSX_RE(xvresp, 4, float32, VsrW(i), 0, 0)
>  
> -/* VSX_SQRT - VSX floating point square root
> +/*
> + * VSX_SQRT - VSX floating point square root
>   *   op- instruction mnemonic
>   *   nels  - number of elements (1, 2 or 4)
>   *   tp- type (float32 or float64)
> @@ -2124,7 +2131,8 @@ VSX_SQRT(xssqrtsp, 1, float64, VsrD(0), 1, 1)
>  VSX_SQRT(xvsqrtdp, 2, float64, VsrD(i), 0, 0)
>  VSX_SQRT(xvsqrtsp, 4, float32, VsrW(i), 0, 0)
>  
> -/* VSX_RSQRTE - VSX floating point reciprocal square root estimate
> +/*
> + *VSX_RSQRTE - VSX floating point reciprocal square root estimate
>   *   op- instruction mnemonic
>   *   nels  - number of elements (1, 2 or 4)
>   *   tp- type (float32 or float64)
> @@ -2174,7 +2182,8 @@ VSX_RSQRTE(xsrsqrtesp, 1, float64, VsrD(0), 1, 1)
>  VSX_RSQRTE(xvrsqrtedp, 2, float64, VsrD(i), 0, 0)
>  VSX_RSQRTE(xvrsqrtesp, 4, float32, VsrW(i), 0, 0)
>  
> -/* VSX_TDIV - VSX floating point test for divide
> +/*
> + * VSX_TDIV - VSX floating point test for divide
>   *   op- instruction mnemonic
>   *   nels  - number of elements (1, 2 or 4)
>   *   tp- type (float32 or float64)
> @@ -2207,18 +2216,20 @@ void helper_##op(CPUPPCState *env, uint32_t opcode)   
>   \
>  if (unlikely(tp##_is_any_nan(xa.fld) || \
>   tp##_is_any_nan(xb.fld))) {\
>  fe_flag = 1;\
> -} else if ((e_b <= emin) || (e_b >= (emax-2))) {\
> +} else if ((e_b <= emin) || (e_b >= (emax - 2))) {  \
>  fe_flag = 1;\
>  } else if (!tp##_is_zero(xa.fld) &&   

Re: [Qemu-devel] [RFC for-4.1 09/25] target/ppc: Style fixes for gdbstub.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/gdbstub.c | 34 +++---
>  1 file changed, 19 insertions(+), 15 deletions(-)
> 
> diff --git a/target/ppc/gdbstub.c b/target/ppc/gdbstub.c
> index fbf3821f4b..ce3625f44e 100644
> --- a/target/ppc/gdbstub.c
> +++ b/target/ppc/gdbstub.c
> @@ -33,14 +33,14 @@ static int ppc_gdb_register_len_apple(int n)
>  return 8;
>  case 64 ... 95:
>  return 16;
> -case 64+32: /* nip */
> -case 65+32: /* msr */
> -case 67+32: /* lr */
> -case 68+32: /* ctr */
> -case 70+32: /* fpscr */
> +case 64 + 32: /* nip */
> +case 65 + 32: /* msr */
> +case 67 + 32: /* lr */
> +case 68 + 32: /* ctr */
> +case 70 + 32: /* fpscr */
>  return 8;
> -case 66+32: /* cr */
> -case 69+32: /* xer */
> +case 66 + 32: /* cr */
> +case 69 + 32: /* xer */
>  return 4;
>  default:
>  return 0;
> @@ -84,11 +84,14 @@ static int ppc_gdb_register_len(int n)
>  }
>  }
>  
> -/* We need to present the registers to gdb in the "current" memory ordering.
> -   For user-only mode we get this for free; TARGET_WORDS_BIGENDIAN is set to
> -   the proper ordering for the binary, and cannot be changed.
> -   For system mode, TARGET_WORDS_BIGENDIAN is always set, and we must check
> -   the current mode of the chip to see if we're running in little-endian.  */
> +/*
> + * We need to present the registers to gdb in the "current" memory
> + * ordering.  For user-only mode we get this for free;
> + * TARGET_WORDS_BIGENDIAN is set to the proper ordering for the
> + * binary, and cannot be changed.  For system mode,
> + * TARGET_WORDS_BIGENDIAN is always set, and we must check the current
> + * mode of the chip to see if we're running in little-endian.
> + */
>  void ppc_maybe_bswap_register(CPUPPCState *env, uint8_t *mem_buf, int len)
>  {
>  #ifndef CONFIG_USER_ONLY
> @@ -104,11 +107,12 @@ void ppc_maybe_bswap_register(CPUPPCState *env, uint8_t 
> *mem_buf, int len)
>  #endif
>  }
>  
> -/* Old gdb always expects FP registers.  Newer (xml-aware) gdb only
> +/*
> + * Old gdb always expects FP registers.  Newer (xml-aware) gdb only
>   * expects whatever the target description contains.  Due to a
>   * historical mishap the FP registers appear in between core integer
> - * regs and PC, MSR, CR, and so forth.  We hack round this by giving the
> - * FP regs zero size when talking to a newer gdb.
> + * regs and PC, MSR, CR, and so forth.  We hack round this by giving
> + * the FP regs zero size when talking to a newer gdb.
>   */
>  
>  int ppc_cpu_gdb_read_register(CPUState *cs, uint8_t *mem_buf, int n)
> 




Re: [Qemu-devel] [RFC for-4.1 11/25] target/ppc: Style fixes for kvm_ppc.h and kvm.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/kvm.c | 178 +++
>  target/ppc/kvm_ppc.h |   3 +-
>  2 files changed, 115 insertions(+), 66 deletions(-)
> 
> diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> index 2427c8ee13..a1c223385d 100644
> --- a/target/ppc/kvm.c
> +++ b/target/ppc/kvm.c
> @@ -49,7 +49,7 @@
>  #include "elf.h"
>  #include "sysemu/kvm_int.h"
>  
> -//#define DEBUG_KVM
> +/* #define DEBUG_KVM */
>  
>  #ifdef DEBUG_KVM
>  #define DPRINTF(fmt, ...) \
> @@ -65,8 +65,8 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
>  KVM_CAP_LAST_INFO
>  };
>  
> -static int cap_interrupt_unset = false;
> -static int cap_interrupt_level = false;
> +static int cap_interrupt_unset;
> +static int cap_interrupt_level;
>  static int cap_segstate;
>  static int cap_booke_sregs;
>  static int cap_ppc_smt;
> @@ -96,7 +96,8 @@ static int cap_large_decr;
>  
>  static uint32_t debug_inst_opcode;
>  
> -/* XXX We have a race condition where we actually have a level triggered
> +/*
> + * XXX We have a race condition where we actually have a level triggered
>   * interrupt, but the infrastructure can't expose that yet, so the guest
>   * takes but ignores it, goes to sleep and never gets notified that 
> there's
>   * still an interrupt pending.
> @@ -114,10 +115,12 @@ static void kvm_kick_cpu(void *opaque)
>  qemu_cpu_kick(CPU(cpu));
>  }
>  
> -/* Check whether we are running with KVM-PR (instead of KVM-HV).  This
> +/*
> + * Check whether we are running with KVM-PR (instead of KVM-HV).  This
>   * should only be used for fallback tests - generally we should use
>   * explicit capabilities for the features we want, rather than
> - * assuming what is/isn't available depending on the KVM variant. */
> + * assuming what is/isn't available depending on the KVM variant.
> + */
>  static bool kvmppc_is_pr(KVMState *ks)
>  {
>  /* Assume KVM-PR if the GET_PVINFO capability is available */
> @@ -143,8 +146,10 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
>  cap_hior = kvm_check_extension(s, KVM_CAP_PPC_HIOR);
>  cap_epr = kvm_check_extension(s, KVM_CAP_PPC_EPR);
>  cap_ppc_watchdog = kvm_check_extension(s, KVM_CAP_PPC_BOOKE_WATCHDOG);
> -/* Note: we don't set cap_papr here, because this capability is
> - * only activated after this by kvmppc_set_papr() */
> +/*
> + * Note: we don't set cap_papr here, because this capability is
> + * only activated after this by kvmppc_set_papr()
> + */
>  cap_htab_fd = kvm_vm_check_extension(s, KVM_CAP_PPC_HTAB_FD);
>  cap_fixup_hcalls = kvm_check_extension(s, KVM_CAP_PPC_FIXUP_HCALL);
>  cap_ppc_smt = kvm_vm_check_extension(s, KVM_CAP_PPC_SMT);
> @@ -160,7 +165,8 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
>   * in KVM at this moment.
>   *
>   * TODO: call kvm_vm_check_extension() with the right capability
> - * after the kernel starts implementing it.*/
> + * after the kernel starts implementing it.
> + */
>  cap_ppc_pvr_compat = false;
>  
>  if (!cap_interrupt_level) {
> @@ -186,10 +192,13 @@ static int kvm_arch_sync_sregs(PowerPCCPU *cpu)
>  int ret;
>  
>  if (cenv->excp_model == POWERPC_EXCP_BOOKE) {
> -/* What we're really trying to say is "if we're on BookE, we use
> -   the native PVR for now". This is the only sane way to check
> -   it though, so we potentially confuse users that they can run
> -   BookE guests on BookS. Let's hope nobody dares enough :) */
> +/*
> + * What we're really trying to say is "if we're on BookE, we
> + * use the native PVR for now". This is the only sane way to
> + * check it though, so we potentially confuse users that they
> + * can run BookE guests on BookS. Let's hope nobody dares
> + * enough :)
> + */
>  return 0;
>  } else {
>  if (!cap_segstate) {
> @@ -421,12 +430,14 @@ void kvm_check_mmu(PowerPCCPU *cpu, Error **errp)
>  }
>  
>  if (ppc_hash64_has(cpu, PPC_HASH64_CI_LARGEPAGE)) {
> -/* Mostly what guest pagesizes we can use are related to the
> +/*
> + * Mostly what guest pagesizes we can use are related to the
>   * host pages used to map guest RAM, which is handled in the
>   * platform code. Cache-Inhibited largepages (64k) however are
>   * used for I/O, so if they're mapped to the host at all it
>   * will be a normal mapping, not a special hugepage one used
> - * for RAM. */
> + * for RAM.
> + */
>  if (getpagesize() < 0x1) {
>  error_setg(errp,
> "KVM can't supply 64kiB CI pages, which guest 
> expects");
> @@ -440,9 +451,9 @@ unsigned long kvm_arch_vcpu_id(CPUState *cpu)
>  return POWERPC_CPU(cpu)->vcpu_id;
>  }
>  

Re: [Qemu-devel] [RFC for-4.1 08/25] target/ppc: Style fixes for excp_helper.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 



Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/excp_helper.c | 87 
>  1 file changed, 53 insertions(+), 34 deletions(-)
> 
> diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
> index beafcf1ebd..ec2c177091 100644
> --- a/target/ppc/excp_helper.c
> +++ b/target/ppc/excp_helper.c
> @@ -25,9 +25,9 @@
>  #include "internal.h"
>  #include "helper_regs.h"
>  
> -//#define DEBUG_OP
> -//#define DEBUG_SOFTWARE_TLB
> -//#define DEBUG_EXCEPTIONS
> +/* #define DEBUG_OP */
> +/* #define DEBUG_SOFTWARE_TLB */
> +/* #define DEBUG_EXCEPTIONS */
>  
>  #ifdef DEBUG_EXCEPTIONS
>  #  define LOG_EXCP(...) qemu_log(__VA_ARGS__)
> @@ -126,8 +126,9 @@ static uint64_t ppc_excp_vector_offset(CPUState *cs, int 
> ail)
>  return offset;
>  }
>  
> -/* Note that this function should be greatly optimized
> - * when called with a constant excp, from ppc_hw_interrupt
> +/*
> + * Note that this function should be greatly optimized when called
> + * with a constant excp, from ppc_hw_interrupt
>   */
>  static inline void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp)
>  {
> @@ -147,7 +148,8 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
> excp_model, int excp)
>  msr = env->msr & ~0x783fULL;
>  }
>  
> -/* new interrupt handler msr preserves existing HV and ME unless
> +/*
> + * new interrupt handler msr preserves existing HV and ME unless
>   * explicitly overriden
>   */
>  new_msr = env->msr & (((target_ulong)1 << MSR_ME) | MSR_HVB);
> @@ -166,7 +168,8 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
> excp_model, int excp)
>  excp = powerpc_reset_wakeup(cs, env, excp, &msr);
>  }
>  
> -/* Exception targetting modifiers
> +/*
> + * Exception targetting modifiers
>   *
>   * LPES0 is supported on POWER7/8/9
>   * LPES1 is not supported (old iSeries mode)
> @@ -194,7 +197,8 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
> excp_model, int excp)
>  ail = 0;
>  }
>  
> -/* Hypervisor emulation assistance interrupt only exists on server
> +/*
> + * Hypervisor emulation assistance interrupt only exists on server
>   * arch 2.05 server or later. We also don't want to generate it if
>   * we don't have HVB in msr_mask (PAPR mode).
>   */
> @@ -229,8 +233,9 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
> excp_model, int excp)
>  break;
>  case POWERPC_EXCP_MCHECK:/* Machine check exception  
> */
>  if (msr_me == 0) {
> -/* Machine check exception is not enabled.
> - * Enter checkstop state.
> +/*
> + * Machine check exception is not enabled.  Enter
> + * checkstop state.
>   */
>  fprintf(stderr, "Machine check while not allowed. "
>  "Entering checkstop state\n");
> @@ -242,8 +247,9 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
> excp_model, int excp)
>  cpu_interrupt_exittb(cs);
>  }
>  if (env->msr_mask & MSR_HVB) {
> -/* ISA specifies HV, but can be delivered to guest with HV clear
> - * (e.g., see FWNMI in PAPR).
> +/*
> + * ISA specifies HV, but can be delivered to guest with HV
> + * clear (e.g., see FWNMI in PAPR).
>   */
>  new_msr |= (target_ulong)MSR_HVB;
>  }
> @@ -294,9 +300,10 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
> excp_model, int excp)
>  break;
>  case POWERPC_EXCP_ALIGN: /* Alignment exception  
> */
>  /* Get rS/rD and rA from faulting opcode */
> -/* Note: the opcode fields will not be set properly for a direct
> - * store load/store, but nobody cares as nobody actually uses
> - * direct store segments.
> +/*
> + * Note: the opcode fields will not be set properly for a
> + * direct store load/store, but nobody cares as nobody
> + * actually uses direct store segments.
>   */
>  env->spr[SPR_DSISR] |= (env->error_code & 0x03FF) >> 16;
>  break;
> @@ -310,7 +317,8 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
> excp_model, int excp)
>  return;
>  }
>  
> -/* FP exceptions always have NIP pointing to the faulting
> +/*
> + * FP exceptions always have NIP pointing to the faulting
>   * instruction, so always use store_next and claim we are
>   * precise in the MSR.
>   */
> @@ -341,7 +349,8 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
> excp_model, int excp)
>  dump_syscall(env);
>  lev = env->error_code;
>  
> -/* We need to correct the NIP which in this case is 

Re: [Qemu-devel] [RFC for-4.1 05/25] target/ppc: Style fixes for int_helper.c

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/int_helper.c | 70 +++--
>  1 file changed, 39 insertions(+), 31 deletions(-)
> 
> diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
> index 162add561e..f6a088ac08 100644
> --- a/target/ppc/int_helper.c
> +++ b/target/ppc/int_helper.c
> @@ -137,7 +137,8 @@ uint64_t helper_divde(CPUPPCState *env, uint64_t rau, 
> uint64_t rbu, uint32_t oe)
>  /* if x = 0xab, returns 0xababababababababa */
>  #define pattern(x) (((x) & 0xff) * (~(target_ulong)0 / 0xff))
>  
> -/* substract 1 from each byte, and with inverse, check if MSB is set at each
> +/*
> + * subtract 1 from each byte, and with inverse, check if MSB is set at each
>   * byte.
>   * i.e. ((0x00 - 0x01) & ~(0x00)) & 0x80
>   *  (0xFF & 0xFF) & 0x80 = 0x80 (zero found)
> @@ -156,7 +157,8 @@ uint32_t helper_cmpeqb(target_ulong ra, target_ulong rb)
>  #undef haszero
>  #undef hasvalue
>  
> -/* Return invalid random number.
> +/*
> + * Return invalid random number.
>   *
>   * FIXME: Add rng backend or other mechanism to get cryptographically 
> suitable
>   * random number
> @@ -181,7 +183,7 @@ uint64_t helper_bpermd(uint64_t rs, uint64_t rb)
>  uint64_t ra = 0;
>  
>  for (i = 0; i < 8; i++) {
> -int index = (rs >> (i*8)) & 0xFF;
> +int index = (rs >> (i * 8)) & 0xFF;
>  if (index < 64) {
>  if (rb & PPC_BIT(index)) {
>  ra |= 1 << i;
> @@ -370,7 +372,8 @@ target_ulong helper_divso(CPUPPCState *env, target_ulong 
> arg1,
>  /* 602 specific instructions */
>  /* mfrom is the most crazy instruction ever seen, imho ! */
>  /* Real implementation uses a ROM table. Do the same */
> -/* Extremely decomposed:
> +/*
> + * Extremely decomposed:
>   *  -arg / 256
>   * return 256 * log10(10   + 1.0) + 0.5
>   */
> @@ -393,7 +396,7 @@ target_ulong helper_602_mfrom(target_ulong arg)
>  for (index = 0; index < ARRAY_SIZE(r->element); index++)
>  #else
>  #define VECTOR_FOR_INORDER_I(index, element)\
> -for (index = ARRAY_SIZE(r->element)-1; index >= 0; index--)
> +for (index = ARRAY_SIZE(r->element) - 1; index >= 0; index--)
>  #endif
>  
>  /* Saturating arithmetic helpers.  */
> @@ -634,7 +637,8 @@ void helper_v##name(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t 
> *b)   \
>  }   \
>  }
>  
> -/* VABSDU - Vector absolute difference unsigned
> +/*
> + * VABSDU - Vector absolute difference unsigned
>   *   name- instruction mnemonic suffix (b: byte, h: halfword, w: word)
>   *   element - element type to access from vector
>   */
> @@ -739,7 +743,8 @@ void helper_vcmpne##suffix(CPUPPCState *env, ppc_avr_t 
> *r,  \
>  }   \
>  }
>  
> -/* VCMPNEZ - Vector compare not equal to zero
> +/*
> + * VCMPNEZ - Vector compare not equal to zero
>   *   suffix  - instruction mnemonic suffix (b: byte, h: halfword, w: word)
>   *   element - element type to access from vector
>   */
> @@ -1138,7 +1143,7 @@ void helper_vpermr(CPUPPCState *env, ppc_avr_t *r, 
> ppc_avr_t *a, ppc_avr_t *b,
>  #define VBPERMQ_DW(index) (((index) & 0x40) != 0)
>  #define EXTRACT_BIT(avr, i, index) (extract64((avr)->u64[i], index, 1))
>  #else
> -#define VBPERMQ_INDEX(avr, i) ((avr)->u8[15-(i)])
> +#define VBPERMQ_INDEX(avr, i) ((avr)->u8[15 - (i)])
>  #define VBPERMD_INDEX(i) (1 - i)
>  #define VBPERMQ_DW(index) (((index) & 0x40) == 0)
>  #define EXTRACT_BIT(avr, i, index) \
> @@ -1169,7 +1174,7 @@ void helper_vbpermq(ppc_avr_t *r, ppc_avr_t *a, 
> ppc_avr_t *b)
>  int index = VBPERMQ_INDEX(b, i);
>  
>  if (index < 128) {
> -uint64_t mask = (1ull << (63-(index & 0x3F)));
> +uint64_t mask = (1ull << (63 - (index & 0x3F)));
>  if (a->u64[VBPERMQ_DW(index)] & mask) {
>  perm |= (0x8000 >> i);
>  }
> @@ -1449,9 +1454,9 @@ void helper_vgbbd(ppc_avr_t *r, ppc_avr_t *b)
>  
>  VECTOR_FOR_INORDER_I(i, u8) {
>  #if defined(HOST_WORDS_BIGENDIAN)
> -t[i>>3] |= VGBBD_MASKS[b->u8[i]] >> (i & 7);
> +t[i >> 3] |= VGBBD_MASKS[b->u8[i]] >> (i & 7);
>  #else
> -t[i>>3] |= VGBBD_MASKS[b->u8[i]] >> (7-(i & 7));
> +t[i >> 3] |= VGBBD_MASKS[b->u8[i]] >> (7 - (i & 7));
>  #endif
>  }
>  
> @@ -1463,19 +1468,19 @@ void helper_vgbbd(ppc_avr_t *r, ppc_avr_t *b)
>  void helper_##name(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)  \
>  { \
>  int i, j; \
> -trgtyp prod[sizeof(ppc_avr_t)/sizeof(a->srcfld[0])];  \
> +trgtyp prod[sizeof(ppc_avr_t) / sizeof(a->srcfld[0])];\
>\

Re: [Qemu-devel] [RFC for-4.1 04/25] target/ppc: Style fixes for cpu.[ch]

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 


Reviewed-by: Cédric Le Goater 

Thanks,

C.


> ---
>  target/ppc/cpu.h | 239 ++-
>  1 file changed, 130 insertions(+), 109 deletions(-)
> 
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index fc12b4688e..5d25b17539 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -23,23 +23,28 @@
>  #include "qemu-common.h"
>  #include "qemu/int128.h"
>  
> -//#define PPC_EMULATE_32BITS_HYPV
> +/* #define PPC_EMULATE_32BITS_HYPV */
>  
> -#if defined (TARGET_PPC64)
> +#if defined(TARGET_PPC64)
>  /* PowerPC 64 definitions */
>  #define TARGET_LONG_BITS 64
>  #define TARGET_PAGE_BITS 12
>  
>  #define TCG_GUEST_DEFAULT_MO 0
>  
> -/* Note that the official physical address space bits is 62-M where M
> -   is implementation dependent.  I've not looked up M for the set of
> -   cpus we emulate at the system level.  */
> +/*
> + * Note that the official physical address space bits is 62-M where M
> + * is implementation dependent.  I've not looked up M for the set of
> + * cpus we emulate at the system level.
> + */
>  #define TARGET_PHYS_ADDR_SPACE_BITS 62
>  
> -/* Note that the PPC environment architecture talks about 80 bit virtual
> -   addresses, with segmentation.  Obviously that's not all visible to a
> -   single process, which is all we're concerned with here.  */
> +/*
> + * Note that the PPC environment architecture talks about 80 bit
> + * virtual addresses, with segmentation.  Obviously that's not all
> + * visible to a single process, which is all we're concerned with
> + * here.
> + */
>  #ifdef TARGET_ABI32
>  # define TARGET_VIRT_ADDR_SPACE_BITS 32
>  #else
> @@ -49,7 +54,7 @@
>  #define TARGET_PAGE_BITS_64K 16
>  #define TARGET_PAGE_BITS_16M 24
>  
> -#else /* defined (TARGET_PPC64) */
> +#else /* defined(TARGET_PPC64) */
>  /* PowerPC 32 definitions */
>  #define TARGET_LONG_BITS 32
>  #define TARGET_PAGE_BITS 12
> @@ -57,14 +62,14 @@
>  #define TARGET_PHYS_ADDR_SPACE_BITS 36
>  #define TARGET_VIRT_ADDR_SPACE_BITS 32
>  
> -#endif /* defined (TARGET_PPC64) */
> +#endif /* defined(TARGET_PPC64) */
>  
>  #define CPUArchState struct CPUPPCState
>  
>  #include "exec/cpu-defs.h"
>  #include "cpu-qom.h"
>  
> -#if defined (TARGET_PPC64)
> +#if defined(TARGET_PPC64)
>  #define PPC_ELF_MACHINE EM_PPC64
>  #else
>  #define PPC_ELF_MACHINE EM_PPC
> @@ -237,9 +242,11 @@ struct ppc_spr_t {
>  const char *name;
>  target_ulong default_value;
>  #ifdef CONFIG_KVM
> -/* We (ab)use the fact that all the SPRs will have ids for the
> +/*
> + * We (ab)use the fact that all the SPRs will have ids for the
>   * ONE_REG interface will have KVM_REG_PPC to use 0 as meaning,
> - * don't sync this */
> + * don't sync this
> + */
>  uint64_t one_reg_id;
>  #endif
>  };
> @@ -656,39 +663,39 @@ enum {
>  #define fpscr_eex (((env->fpscr) >> FPSCR_XX) & ((env->fpscr) >> FPSCR_XE) & 
>  \
> 0x1F)
>  
> -#define FP_FX(1ull << FPSCR_FX)
> -#define FP_FEX   (1ull << FPSCR_FEX)
> -#define FP_VX(1ull << FPSCR_VX)
> -#define FP_OX(1ull << FPSCR_OX)
> -#define FP_UX(1ull << FPSCR_UX)
> -#define FP_ZX(1ull << FPSCR_ZX)
> -#define FP_XX(1ull << FPSCR_XX)
> -#define FP_VXSNAN(1ull << FPSCR_VXSNAN)
> -#define FP_VXISI (1ull << FPSCR_VXISI)
> -#define FP_VXIDI (1ull << FPSCR_VXIDI)
> -#define FP_VXZDZ (1ull << FPSCR_VXZDZ)
> -#define FP_VXIMZ (1ull << FPSCR_VXIMZ)
> -#define FP_VXVC  (1ull << FPSCR_VXVC)
> -#define FP_FR(1ull << FSPCR_FR)
> -#define FP_FI(1ull << FPSCR_FI)
> -#define FP_C (1ull << FPSCR_C)
> -#define FP_FL(1ull << FPSCR_FL)
> -#define FP_FG(1ull << FPSCR_FG)
> -#define FP_FE(1ull << FPSCR_FE)
> -#define FP_FU(1ull << FPSCR_FU)
> -#define FP_FPCC  (FP_FL | FP_FG | FP_FE | FP_FU)
> -#define FP_FPRF  (FP_C  | FP_FL | FP_FG | FP_FE | FP_FU)
> -#define FP_VXSOFT(1ull << FPSCR_VXSOFT)
> -#define FP_VXSQRT(1ull << FPSCR_VXSQRT)
> -#define FP_VXCVI (1ull << FPSCR_VXCVI)
> -#define FP_VE(1ull << FPSCR_VE)
> -#define FP_OE(1ull << FPSCR_OE)
> -#define FP_UE(1ull << FPSCR_UE)
> -#define FP_ZE(1ull << FPSCR_ZE)
> -#define FP_XE(1ull << FPSCR_XE)
> -#define FP_NI(1ull << FPSCR_NI)
> -#define FP_RN1   (1ull << FPSCR_RN1)
> -#define FP_RN(1ull << FPSCR_RN)
> +#define FP_FX   (1ull << FPSCR_FX)
> +#define FP_FEX  (1ull << FPSCR_FEX)
> +#define FP_VX   (1ull << FPSCR_VX)
> +#define FP_OX   (1ull << FPSCR_OX)
> +#define FP_UX   (1ull << FPSCR_UX)
> +#define FP_ZX   (1ull << FPSCR_ZX)
> +#define FP_XX 

Re: [Qemu-devel] [RFC for-4.1 03/25] target/ppc: Style fixes for ppc-models.[ch]

2019-03-24 Thread Cédric Le Goater
On 3/22/19 1:15 AM, David Gibson wrote:
> Signed-off-by: David Gibson 



Reviewed-by: Cédric Le Goater 

Thanks,

C.

> ---
>  target/ppc/cpu-models.c | 2 +-
>  target/ppc/cpu-models.h | 3 ++-
>  2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/target/ppc/cpu-models.c b/target/ppc/cpu-models.c
> index 7c75963e3c..9d7050b5fa 100644
> --- a/target/ppc/cpu-models.c
> +++ b/target/ppc/cpu-models.c
> @@ -740,7 +740,7 @@
>  POWERPC_DEF("7457a_v1.2",CPU_POWERPC_74x7A_v12,  7455,
>  "PowerPC 7457A v1.2 (G4)")
>  /* 64 bits PowerPC   
> */
> -#if defined (TARGET_PPC64)
> +#if defined(TARGET_PPC64)
>  POWERPC_DEF("970_v2.2",  CPU_POWERPC_970_v22,970,
>  "PowerPC 970 v2.2")
>  POWERPC_DEF("970fx_v1.0",CPU_POWERPC_970FX_v10,  970,
> diff --git a/target/ppc/cpu-models.h b/target/ppc/cpu-models.h
> index efdb2fa53c..4fdb73034d 100644
> --- a/target/ppc/cpu-models.h
> +++ b/target/ppc/cpu-models.h
> @@ -393,7 +393,8 @@ enum {
>  CPU_POWERPC_RS64IV = 0x0037,
>  #endif /* defined(TARGET_PPC64) */
>  /* Original POWER */
> -/* XXX: should be POWER (RIOS), RSC3308, RSC4608,
> +/*
> + * XXX: should be POWER (RIOS), RSC3308, RSC4608,
>   * POWER2 (RIOS2) & RSC2 (P2SC) here
>   */
>  /* PA Semi core */
> 




[Qemu-devel] [Bug 1730099] Re: Sometimes, when not touching the SDL window, the guest freezes

2019-03-24 Thread Thomas Huth
Which version of SDL are you using? SDL 1.2 or SDL 2.0? If you were
using 1.2, could you please try 2.0 instead? Support for SDL 1.2 has
been removed now.

** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1730099

Title:
  Sometimes, when not touching the SDL window, the guest freezes

Status in QEMU:
  Incomplete

Bug description:
  I often just run some development guest machine, and leave its SDL
  window on a workspace I don’t touch, and only interact with it via
  TCP.

  And sometimes, the guest just freezes.

  After it gets the focus back, it comes back to life (starts responding
  via network).

  QEMU release version: 2.8.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1730099/+subscriptions



[Qemu-devel] [Bug 1617114] Re: Qemu 2.6.0 freezes with windows guests

2019-03-24 Thread Thomas Huth
Which version of SDL were you using here? SDL 1.2 or SDL 2.0? If you
were using SDL 1.2, could you please try with SDL 2.0 instead? Support
for 1.2 has been removed now...

** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1617114

Title:
  Qemu 2.6.0 freezes with windows guests

Status in QEMU:
  Incomplete

Bug description:
  When launching qemu with the same command line as before 2.6.0, with
  SDL display, with virtio, for a win-10 guest:

  qemu-system-x86_64 -enable-kvm -name win-10 -machine type=pc,accel=kvm
  -cpu host -smp cores=1,threads=2,sockets=1 -m 2.7G -balloon virtio
  -drive
  file=/home//.qemu/imgs/win10-coe.qcow2,index=0,media=disk,if=virtio
  -drive file=/usr/share/virtio/virtio-win.iso,index=1,media=cdrom
  -drive file=/usr/share/spice-guest-tools/spice-guest-
  tools.iso,index=2,media=cdrom -net nic,model=virtio -net
  tap,ifname=tap0,script=no,downscript=no,vhost=on -usbdevice tablet
  -usb -display sdl -vga qxl -soundhw ac97 -rtc base=localtime
  -usbdevice host:0b0e:0032 -usbdevice host:0b0e:0348 -usbdevice
  host:0b0e:0410

  Qemu at some point just freezes with no error message at all with
  newer version 2.6.0-1.

  Reverting to prior version 2.5.1-1, things go back to normal.

  A simple way to accelerate the freeze is to have qemu launch in a
  workspace/desktop, and then move to a different workspace/desktop, and
  then move back to the qemu workspace/desktop, and you'll find out it's
  frozen.

  BTW, there's no way to get into qemu monitor mode terminal at all once
  frozen. The monitor terminal shows up, but does nothing...

  Perhaps it's useful to notice that I have up to date win-10 virtio
  drivers for ethernet, scsi/storage, qxl-dod, balloon, and serial
  interface drivers. The ISO version used is 0.1.118.1 (virtio-win AUR
  package).

  Using the standard (std) qemu video driver, rather than the qxl-dod
  one makes no difference BTW.

  Just in case, running on up to date x86-64 Arch, plain qemu command
  line.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1617114/+subscriptions



[Qemu-devel] [Bug 1730101] Re: The guest is only starting after its SDL window gets focus

2019-03-24 Thread Thomas Huth
Which version of SDL have you been using here? SDL 1.2 or SDL 2.0? If
you were using 1.2, could you please try with 2.0 instead? Support for
1.2 has been removed now.

** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1730101

Title:
  The guest is only starting after its SDL window gets focus

Status in QEMU:
  Incomplete

Bug description:
  I’m using i3wm and have workspace assigning rules that make QEMU’s SDL
  window be assigned to a workspace I don’t really switch to.

  When I run start a guest machine, its SDL window is moved to that
  workspace (I never see it); but the machine freezes after displaying
  that black window. It only starts booting after I switch to the
  workspace and view the window.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1730101/+subscriptions



[Qemu-devel] [Bug 1313816] Re: qemu should close sound device when no more needs.

2019-03-24 Thread Thomas Huth
Looking through old bug tickets... can you still reproduce this issue
with the latest version of QEMU? Or could we close this ticket nowadays?

** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1313816

Title:
  qemu should close sound device when no more needs.

Status in QEMU:
  Incomplete

Bug description:
  I use alsa directly or via pulseaudio on qemu.
  And I use xmms2 as well as qemu.

  When I use alsa, one of xmms2 or qemu can play sound.
  When I use pulseaudio with qemu and pulseaudio -k, and pulseaudio --start,
  qemu can't play sound.

  I think that:
  - qemu should open sound device when needs.
  - qemu should close sound device when no more needs.

  One of xmms2 or qemu can play sound, but both of them rarely play sound
  at the same time.
  qemu occurs error on pulseaudio -k, but once close and open the device,
  the error will be recovered, I hope.

  Host: slackware64 14.1, linux kernel 3.14.2
  Qemu: 2.0.0
  QEMU_AUDIO_DRV=pa /usr/local/bin/qemu-system-x86_64 -enable-kvm -hda 
/dosc/win8_x64.img -soundhw hda -boot c -m 2G -cpu host -usb -usbdevice tablet 
-display sdl -rtc base=localtime
  Guest: Windows 8.1 x64

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1313816/+subscriptions



[Qemu-devel] [Bug 504368] Re: sdl window intermittently scales instead of resizing

2019-03-24 Thread Thomas Huth
Since support for SDL 1.2 has been removed from QEMU now, can you still
reproduce this issue with the latest version of QEMU and SDL2 ?

** Changed in: qemu
   Status: Triaged => Incomplete

** Changed in: qemu-kvm (Ubuntu)
   Status: Triaged => Incomplete

** Bug watch removed: SourceForge.net Tracker #2930756
   http://sourceforge.net/support/tracker.php?aid=2930756

** Bug watch removed: bugzilla.libsdl.org/ #1859
   http://bugzilla.libsdl.org/show_bug.cgi?id=1859

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/504368

Title:
  sdl window intermittently scales instead of resizing

Status in QEMU:
  Incomplete
Status in qemu-kvm package in Ubuntu:
  Incomplete

Bug description:
  Binary package hint: qemu-kvm

  Normally, the SDL output window for a VM resizes to match the VM's
  resolution.  However, intermittently the output is instead scaled
  within the window.  I can't seem to find any pattern to when the
  output is scaled versus when the window is resized.  I would prefer
  that the window be resized as needed to display the VM in a 1:1
  manner.

  ProblemType: Bug
  Architecture: amd64
  Date: Thu Jan  7 10:30:10 2010
  DistroRelease: Ubuntu 9.10
  InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
  KvmCmdLine:
   UIDPID  PPID  CSZ   RSS PSR STIME TTY  TIME CMD
   root 27618 1 38 241752 804668 1 10:05 ?00:09:39 /usr/bin/kvm 
-S -M pc-0.11 -cpu qemu32 -m 768 -smp 1 -name win2k3 -uuid 
da414aa0-f18a-7a02-3d1b-1dbf13137bc9 -monitor 
unix:/var/run/libvirt/qemu/win2k3.monitor,server,nowait -localtime -boot c 
-drive file=/media/qpc-devel/testing/win2k3/testing.ovl,if=ide,index=0,boot=on 
-drive 
file=/media/qpc-devel/testing/win2k3/../../isos/en_win_srv_2003_r2_standard_cd1.iso,if=ide,media=cdrom,index=2
 -net nic,macaddr=00:16:3e:d6:f5:60,vlan=0,model=ne2k_pci,name=ne2k_pci.0 -net 
tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -usbdevice tablet 
-vga cirrus
   root 28306 1 54 177732 545520 1 10:28 ?00:00:49 /usr/bin/kvm 
-S -M pc-0.11 -cpu qemu32 -m 512 -smp 1 -name win2k -uuid 
153d6125-acb5-70bc-c7d2-bcbf87c5be86 -monitor 
unix:/var/run/libvirt/qemu/win2k.monitor,server,nowait -localtime -boot c 
-drive file=/media/qpc-devel/testing/win2k/testing.ovl,if=ide,index=0,boot=on 
-drive 
file=/media/qpc-devel/testing/win2k/../../isos/windows_2000.iso,if=ide,media=cdrom,index=2
 -net nic,macaddr=68:29:6b:13:50:c6,vlan=0,model=ne2k_pci,name=ne2k_pci.0 -net 
tap,fd=19,vlan=0,name=tap.0 -serial pty -parallel none -usb -usbdevice tablet 
-vga cirrus
  NonfreeKernelModules: nvidia
  Package: kvm 1:84+dfsg-0ubuntu16+0.11.0+0ubuntu6.3
  PccardctlIdent:
   Socket 0:
 no product info available
  PccardctlStatus:
   Socket 0:
 no card
  ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.31-16-generic 
root=UUID=30218f9a-6f90-4eab-9ba5-f54897e842cb ro quiet splash
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcVersionSignature: Ubuntu 2.6.31-16.53-generic
  SourcePackage: qemu-kvm
  Uname: Linux 2.6.31-16-generic x86_64
  dmi.bios.date: 02/20/2008
  dmi.bios.vendor: LENOVO
  dmi.bios.version: 7LETB2WW (2.12 )
  dmi.board.vendor: LENOVO
  dmi.board.version: Not Available
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: 
dmi:bvnLENOVO:bvr7LETB2WW(2.12):bd02/20/2008:svnLENOVO:pn:pvrThinkPadT61p:rvnLENOVO:rn:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.version: ThinkPad T61p
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/504368/+subscriptions



[Qemu-devel] [PATCH v5] hw/acpi: extract acpi_add_rom_blob()

2019-03-24 Thread Wei Yang
arm and i386 has almost the same function acpi_add_rom_blob(), except
giving different FWCfgCallback function.

This patch moves acpi_add_rom_blob() to utils.c by passing
FWCfgCallback to it.

Signed-off-by: Wei Yang 

---
v5:
  * remove unnecessary header glib/gprintf.h
  * rearrange include header to make it more suitable
v4:
  * extract -> moves
  * adjust comment in source to make checkpatch happy
v3:
  * put acpi_add_rom_blob() to hw/acpi/utils.c
v2:
  * remove unused header in original source file
---
 hw/acpi/Makefile.objs|  2 +-
 hw/acpi/utils.c  | 36 
 hw/arm/virt-acpi-build.c | 26 ++
 hw/i386/acpi-build.c | 26 ++
 include/hw/acpi/utils.h  |  9 +
 5 files changed, 66 insertions(+), 33 deletions(-)
 create mode 100644 hw/acpi/utils.c
 create mode 100644 include/hw/acpi/utils.h

diff --git a/hw/acpi/Makefile.objs b/hw/acpi/Makefile.objs
index 2d46e3789a..ba93c5b64a 100644
--- a/hw/acpi/Makefile.objs
+++ b/hw/acpi/Makefile.objs
@@ -10,7 +10,7 @@ common-obj-$(call lnot,$(CONFIG_ACPI_X86)) += acpi-stub.o
 
 common-obj-y += acpi_interface.o
 common-obj-y += bios-linker-loader.o
-common-obj-y += aml-build.o
+common-obj-y += aml-build.o utils.o
 common-obj-$(CONFIG_TPM) += tpm.o
 
 common-obj-$(CONFIG_IPMI) += ipmi.o
diff --git a/hw/acpi/utils.c b/hw/acpi/utils.c
new file mode 100644
index 00..7a890cca06
--- /dev/null
+++ b/hw/acpi/utils.c
@@ -0,0 +1,36 @@
+/*
+ * Utilities for generating ACPI tables and passing them to Guests
+ *
+ * Copyright (C) 2019 Intel Corporation
+ * Copyright (C) 2019 Red Hat Inc
+ *
+ * Author: Wei Yang 
+ * Author: Igor Mammedov 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "hw/acpi/aml-build.h"
+#include "hw/acpi/utils.h"
+#include "hw/loader.h"
+
+MemoryRegion *acpi_add_rom_blob(FWCfgCallback update, void *opaque,
+GArray *blob, const char *name,
+uint64_t max_size)
+{
+return rom_add_blob(name, blob->data, acpi_data_len(blob), max_size, -1,
+name, update, opaque, NULL, true);
+}
+
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 57679a89bf..a846f74a14 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -37,9 +37,9 @@
 #include "hw/acpi/acpi.h"
 #include "hw/nvram/fw_cfg.h"
 #include "hw/acpi/bios-linker-loader.h"
-#include "hw/loader.h"
 #include "hw/hw.h"
 #include "hw/acpi/aml-build.h"
+#include "hw/acpi/utils.h"
 #include "hw/pci/pcie_host.h"
 #include "hw/pci/pci.h"
 #include "hw/arm/virt.h"
@@ -881,14 +881,6 @@ static void virt_acpi_build_reset(void *build_opaque)
 build_state->patched = false;
 }
 
-static MemoryRegion *acpi_add_rom_blob(AcpiBuildState *build_state,
-   GArray *blob, const char *name,
-   uint64_t max_size)
-{
-return rom_add_blob(name, blob->data, acpi_data_len(blob), max_size, -1,
-name, virt_acpi_build_update, build_state, NULL, true);
-}
-
 static const VMStateDescription vmstate_virt_acpi_build = {
 .name = "virt_acpi_build",
 .version_id = 1,
@@ -920,20 +912,22 @@ void virt_acpi_setup(VirtMachineState *vms)
 virt_acpi_build(vms, &tables);
 
 /* Now expose it all to Guest */
-build_state->table_mr = acpi_add_rom_blob(build_state, tables.table_data,
-   ACPI_BUILD_TABLE_FILE,
-   ACPI_BUILD_TABLE_MAX_SIZE);
+build_state->table_mr = acpi_add_rom_blob(virt_acpi_build_update,
+  build_state, tables.table_data,
+  ACPI_BUILD_TABLE_FILE,
+  ACPI_BUILD_TABLE_MAX_SIZE);
 assert(build_state->table_mr != NULL);
 
 build_state->linker_mr =
-acpi_add_rom_blob(build_state, tables.linker->cmd_blob,
-  "etc/table-loader", 0);
+acpi_add_rom_blob(virt_acpi_build_update, build_state,
+  tables.linker->cmd_blob, "etc/table-loader", 0);
 
 fw_cfg_add_file(vms->fw_cfg, ACPI_BUILD_TPMLOG_FILE, tables.tcpalog->data,
 acpi_data_len(tables.tcpalog));

Re: [Qemu-devel] [PATCH] e1000: Delay flush queue when receive RCTL

2019-03-24 Thread yuchenlin via Qemu-devel

On 2019-03-25 12:26, Jason Wang wrote:

On 2019/3/21 上午9:35, yuchenlin wrote:

Ping?

On 2019-03-13 14:56, yuchen...@synology.com wrote:

From: yuchenlin 

Due to too early RCT0 interrput, win10x32 may hang on booting.
This problem can be reproduced by doing power cycle on win10x32 
guest.

In our environment, we have 10 win10x32 and stress power cycle.
The problem will happen about 20 rounds.

Below shows some log with comment:

The normal case:

22831@1551928392.984687:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
22831@1551928392.985655:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
22831@1551928392.985801:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
22831@1551928393.056710:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: ICR read: 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
22831@1551928393.077548:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: ICR read: 0
e1000: set_ics 2, ICR 0, IMR 0
e1000: set_ics 2, ICR 2, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
22831@1551928393.102974:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
22831@1551928393.103267:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: RCTL: 255, mac_reg[RCTL] = 0x40002 <- win10x32 says it can 
handle

RX now
e1000: set_ics 0, ICR 2, IMR 9d <- unmask interrupt
e1000: RCTL: 255, mac_reg[RCTL] = 0x48002
e1000: set_ics 80, ICR 2, IMR 9d <- interrupt and work!
...

The bad case:

27744@1551930483.117766:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
27744@1551930483.118398:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
27744@1551930483.198063:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: ICR read: 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
27744@1551930483.218675:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: ICR read: 0
e1000: set_ics 2, ICR 0, IMR 0
e1000: set_ics 2, ICR 2, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
27744@1551930483.241768:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
27744@1551930483.241979:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: RCTL: 255, mac_reg[RCTL] = 0x40002 <- win10x32 says it can 
handle

RX now
e1000: set_ics 80, ICR 2, IMR 0 <- flush queue (caused by setting 
RCTL)
e1000: set_ics 0, ICR 82, IMR 9d <- unmask interrupt and because 
0x82&0x9d

!= 0 generate interrupt, hang on here...



Do you mean the interrupt handler is not ready in guest actually?


From my observation, I think yes.



We used to have similar workarounds like autoneg timer, I wonder if we
can reuse that.


IMO, we can't re-use the autoneg timer. The autoneg seems not always be 
triggered.


Thanks



Thanks




To workaround this problem, simply delay flush queue. Also stop 
receiving

when timer is going to run.

Tested on CentOS, Win7SP1x64 and Win10x32.

Signed-off-by: yuchenlin 
---
 hw/net/e1000.c | 24 ++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/hw/net/e1000.c b/hw/net/e1000.c
index 5e144cb4e4..9b39bccfb2 100644
--- a/hw/net/e1000.c
+++ b/hw/net/e1000.c
@@ -120,6 +120,8 @@ typedef struct E1000State_st {
 bool mit_irq_level;    /* Tracks interrupt pin level. */
 uint32_t mit_ide;  /* Tracks E1000_TXD_CMD_IDE bit. */

+    QEMUTimer *flush_queue_timer;
+
 /* Compatibility flags for migration to/from qemu 1.3.0 and older */
 #define E1000_FLAG_AUTONEG_BIT 0
 #define E1000_FLAG_MIT_BIT 1
@@ -366,6 +368,7 @@ static void e1000_reset(void *opaque)

 timer_del(d->autoneg_timer);
 timer_del(d->mit_timer);
+    timer_del(d->flush_queue_timer);
 d->mit_timer_on = 0;
 d->mit_irq_level = 0;
 d->mit_ide = 0;
@@ -391,6 +394,14 @@ set_ctrl(E1000State *s, int index, uint32_t val)
 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
 }

+static void
+e1000_flush_queue_timer(void *opaque)
+{
+    E1000State *s = opaque;
+
+    qemu_flush_queued_packets(qemu_get_queue(s->nic));
+}
+
 static void
 set_rx_control(E1000State *s, int index, uint32_t val)
 {
@@ -399,7 +410,8 @@ set_rx_control(E1000State *s, int index, uint32_t 
val)

 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL]

Re: [Qemu-devel] [PATCH v2 5/5] hw/sparc/Kconfig: SPARCstation machine requires the TCX display

2019-03-24 Thread Thomas Huth
On 16/03/2019 23.39, Philippe Mathieu-Daudé wrote:
> This is the default display device used in sun4m_hw_init():
> 
> /* If no display specified, default to TCX */
> 
> This fixes when configuring with --without-default-devices:
> 
>   $ sparc-softmmu/qemu-system-sparc --nodefaults
>   qemu-system-sparc: Unknown device 'SUNW,tcx' for default sysbus
>   Aborted (core dumped)
> 
>   (gdb) bt
>   #0  0x7fc78d19353f in __GI_raise (sig=sig@entry=6) at 
> ../sysdeps/unix/sysv/linux/raise.c:50
>   #1  0x7fc78d17d895 in __GI_abort () at abort.c:79
>   #2  0x560beaf637f3 in qdev_create (bus=bus@entry=0x0, 
> name=name@entry=0x560beb1be36b "SUNW,tcx") at hw/core/qdev.c:131
>   #3  0x560beaf1392d in tcx_init (vram_size=1048576, width=1024, 
> height=768, depth=8, irq=0x560bed1a0230, addr=1342177280) at 
> hw/sparc/sun4m.c:477
>   #4  0x560beaf1392d in sun4m_hw_init (hwdef=0x560beb1be780 
> , machine=0x560becf65f00) at hw/sparc/sun4m.c:943
>   #5  0x560beaf6b15b in machine_run_board_init (machine=0x560becf65f00) 
> at hw/core/machine.c:1030
> 
> Fixes: 8c75eec06d4
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  default-configs/sparc-softmmu.mak | 1 -
>  hw/sparc/Kconfig  | 2 +-
>  2 files changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/default-configs/sparc-softmmu.mak 
> b/default-configs/sparc-softmmu.mak
> index ee85218115..56509bf263 100644
> --- a/default-configs/sparc-softmmu.mak
> +++ b/default-configs/sparc-softmmu.mak
> @@ -2,7 +2,6 @@
>  
>  # Uncomment the following lines to disable these optional devices:
>  #
> -#CONFIG_TCX=n
>  #CONFIG_CG3=n
>  
>  # Boards:
> diff --git a/hw/sparc/Kconfig b/hw/sparc/Kconfig
> index 2a83a8010e..5383dbd910 100644
> --- a/hw/sparc/Kconfig
> +++ b/hw/sparc/Kconfig
> @@ -1,6 +1,6 @@
>  config SUN4M
>  bool
> -imply TCX
> +select TCX
>  imply CG3
>  select CS4231
>  select ECCMEMCTL
> 

Reviewed-by: Thomas Huth 



Re: [Qemu-devel] [PATCH v2 4/5] hw/mips/Kconfig: Fulong 2e board requires ati-vga display device

2019-03-24 Thread Thomas Huth
On 16/03/2019 23.39, Philippe Mathieu-Daudé wrote:
> This fixes when configuring with --without-default-devices:
> 
>   $ qemu-system-mips64el -M fulong2e --nodefaults -bios /dev/null
>   qemu-system-mips64el: Unknown device 'ati-vga' for bus 'PCI'
>   Aborted (core dumped)
> 
>   (gdb) bt
>   #1  0x75a11895 in __GI_abort () at abort.c:79
>   #2  0x558768d3 in qdev_create (bus=bus@entry=0x562664b0, 
> name=name@entry=0x55b24efb "ati-vga") at hw/core/qdev.c:131
>   #3  0x558d15e1 in pci_create_multifunction 
> (bus=bus@entry=0x562664b0, devfn=devfn@entry=-1, 
> multifunction=multifunction@entry=false, name=name@entry=0x55b24efb 
> "ati-vga") at hw/pci/pci.c:2104
>   #4  0x558d1a7a in pci_create (bus=bus@entry=0x562664b0, 
> devfn=devfn@entry=-1, name=name@entry=0x55b24efb "ati-vga") at 
> hw/pci/pci.c:2121
>   #5  0x55763081 in mips_fulong2e_init (machine=) at 
> hw/mips/mips_fulong2e.c:352
>   #6  0x5587e23b in machine_run_board_init (machine=0x560b2000) 
> at hw/core/machine.c:1030
> 
> Fixes: 862b4a291dc
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  default-configs/mips64el-softmmu.mak | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/default-configs/mips64el-softmmu.mak 
> b/default-configs/mips64el-softmmu.mak
> index 8b255efc54..a67c9517a2 100644
> --- a/default-configs/mips64el-softmmu.mak
> +++ b/default-configs/mips64el-softmmu.mak
> @@ -6,6 +6,8 @@ CONFIG_RC4030=y
>  CONFIG_DP8393X=y
>  CONFIG_DS1225Y=y
>  CONFIG_FULONG=y
> +CONFIG_ATI_VGA=y
> +CONFIG_RTL8139_PCI=y

You should mention RTL8139_PCI in the patch description, too. Also, does
it make sense to fix this while your other Kconfig-for-mips patches have
not been merged yet? (I don't expect --without-default-devices working
without those patches)

 Thomas



Re: [Qemu-devel] [PATCH v2 3/5] hw/isa/Kconfig: i82378 SuperIO requires PC speaker device

2019-03-24 Thread Thomas Huth
On 16/03/2019 23.39, Philippe Mathieu-Daudé wrote:
> This fixes when configuring with --without-default-devices:
> 
>   $ qemu-system-ppc -M prep --nodefaults
>   qemu-system-ppc: Machine type 'prep' is deprecated: use 40p machine type 
> instead
>   qemu-system-ppc: Unknown device 'isa-pcspk' for bus 'ISA'
>   Aborted (core dumped)
> 
>   (gdb) bt
>   #1  0x75a11895 in __GI_abort () at abort.c:79
>   #2  0x55845db3 in qdev_create (bus=0x5641e360, 
> name=name@entry=0x55b1f338 "isa-pcspk") at hw/core/qdev.c:131
>   #3  0x5586b03e in isa_create (bus=bus@entry=0x5641e360, 
> name=name@entry=0x55b1f338 "isa-pcspk") at hw/isa/isa-bus.c:162
>   #4  0x5586bf7b in pcspk_init (pit=0x561696b0, 
> bus=0x5641e360) at include/hw/audio/pcspk.h:38
>   #5  0x5586bf7b in i82378_realize (pci=, 
> errp=0x7fffc960) at hw/isa/i82378.c:104
>   #6  0x5587e288 in pci_qdev_realize (qdev=0x5641be60, 
> errp=) at hw/pci/pci.c:2076
>   #7  0x55846fb4 in device_set_realized (obj=, 
> value=, errp=0x7fffcaf0) at hw/core/qdev.c:834
>   #8  0x559273f7 in property_set_bool (obj=0x5641be60, 
> v=, name=, opaque=0x563df1c0, 
> errp=0x7fffcaf0) at qom/object.c:2074
>   #9  0x5592ba1f in object_property_set_qobject 
> (obj=obj@entry=0x5641be60, value=value@entry=0x5641d2b0, 
> name=name@entry=0x55b17175 "realized", errp=errp@entry=0x7fffcaf0) at 
> qom/qom-qobject.c:27
>   #10 0x55929355 in object_property_set_bool (obj=0x5641be60, 
> value=, name=0x55b17175 "realized", errp=0x7fffcaf0) 
> at qom/object.c:1332
>   #11 0x55845f42 in qdev_init_nofail (dev=dev@entry=0x5641be60) 
> at hw/core/qdev.c:321
>   #12 0x5587ce06 in pci_create_simple_multifunction 
> (name=name@entry=0x55b1f346 "i82378", multifunction=false, 
> devfn=devfn@entry=8, bus=bus@entry=0x5628cfe8) at hw/pci/pci.c:2115
>   #13 0x5587ce06 in pci_create_simple (bus=bus@entry=0x5628cfe8, 
> devfn=devfn@entry=8, name=name@entry=0x55b1f346 "i82378") at 
> hw/pci/pci.c:2126
>   #14 0x5575e62c in ppc_prep_init (machine=0x5609af00) at 
> hw/ppc/prep.c:516
>   #15 0x5584d57b in machine_run_board_init (machine=0x5609af00) 
> at hw/core/machine.c:1030
> 
> Fixes: dd0ff8191ab
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/isa/Kconfig | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig
> index 1bb5ccdba7..b40075df89 100644
> --- a/hw/isa/Kconfig
> +++ b/hw/isa/Kconfig
> @@ -11,6 +11,7 @@ config I82378
>  select I8254
>  select I82374
>  select MC146818RTC
> +select PCSPK
>  
>  config PC87312
>  bool
> 

i82378_realize() in hw/isa/i82378.c calls pcspk_init(), so this sounds
right.

Reviewed-by: Thomas Huth 



Re: [Qemu-devel] [PATCH for-4.0 0/3] target/ppc: Fix pseries.cap-ibs=workaround with TCG

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 07:03:35PM +0100, Greg Kurz wrote:
> Since recent commit 2782ad4c4102 "target/ppc/spapr: Enable mitigations by
> default for pseries-4.0 machine type", some recent distros, eg. fedora29,
> fail to boot under TCG because of a kernel panic:
> 
> [0.614425] Oops: Exception in kernel mode, sig: 4 [#1]
> [0.618832] LE SMP NR_CPUS=1024 NUMA pSeries
> [0.621868] Modules linked in:
> [0.624958] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 
> 4.20.16-200.fc29.ppc64le #1
> [0.625978] NIP:  c000bf00 LR: c000e268 CTR: 
> 7fff
> [0.626572] REGS: c15a3750 TRAP: 0700   Not tainted  
> (4.20.16-200.fc29.ppc64le)
> [0.626835] MSR:  82089033   CR: 
> 44828222  XER: 
> [0.628497] CFAR: c000bee4 IRQMASK: 1 
> [0.628497] GPR00: c001fbc8 c15a39e0 c15a6200 
> c1533450 
> [0.628497] GPR04: c0003e5819d0 c0003ff15f68  
> 22f63728 
> [0.628497] GPR08:  7fff  
>  
> [0.628497] GPR12: 8000 c18b 3dc5fd20 
> 02e75e90 
> [0.628497] GPR16: 02e75d40 c0003e594d00 3dc5fd20 
> 02e90b50 
> [0.628497] GPR20: 3e45e800 c1531a80 c1532100 
> 44828222 
> [0.628497] GPR24: c1533450 c1533450 c0003e5819d0 
> c10e51e0 
> [0.628497] GPR28: c15d5c18 c1531a80 c0003e58 
> c1531a80 
> [0.631710] NIP [c000bf00] flush_count_cache+0x120/0x2420
> [0.631905] LR [c000e268] _switch+0x68/0x180
> [0.632585] Call Trace:
> [0.633490] [c15a39e0] [c15dbd58] 
> __cpu_online_mask+0x0/0x80 (unreliable)
> [0.634383] [c15a3bc0] [c001fbc8] __switch_to+0x348/0x500
> [0.634614] [c15a3c20] [c0c509dc] __schedule+0x2bc/0xac0
> [0.634731] [c15a3cf0] [c0c51648] 
> preempt_schedule_common+0x38/0x60
> [0.634852] [c15a3d10] [c0c516d4] _cond_resched+0x64/0x80
> [0.635527] [c15a3d40] [c011a190] 
> copy_process.isra.4.part.5+0xc90/0x1d20
> [0.635656] [c15a3e40] [c011b414] _do_fork+0xd4/0x470
> [0.635772] [c15a3eb0] [c011b88c] kernel_thread+0x3c/0x50
> [0.635891] [c15a3ed0] [c0010b08] rest_init+0x98/0xf8
> [0.636025] [c15a3f00] [c0fe4084] start_kernel+0x658/0x67c
> [0.636163] [c15a3f90] [c000b37c] 
> start_here_common+0x1c/0x520
> [0.636763] Instruction dump:
> [0.640925] 4805 4805 4805 4805 4805 481c 6000 
> 6000 
> [0.641448] 6000 6000 6000 6000 <7d2803a6> 39207fff 
> 7d2903a6 4c400420 
> [0.648580] ---[ end trace 1dcd9494acdef8df ]---
> [0.649361] 
> [1.657870] Kernel panic - not syncing: Attempted to kill the idle task!
> 
> The following error is also printed by QEMU:
> 
> Opcode 13 10 10 00 (4c400420) leaked temporaries
> 
> The root cause behind the panic is that the linux kernel uses for spectre v2
> mitigation a form of the bcctr instruction that we don't support. This gets
> triggered when passing cap-ibs=workaround machine option, which is the default
> since 2782ad4c4102.
> 
> The TCG temp leak comes from some missing tcg_temp_free()s on the
> exception path.
> 
> This series fixes the leak and adds support for the invalid form of bcctr.
> Since this adds yet another user of PPC_SEGMENT_64B to discriminate CPU
> models that should expose the _new_ behaviour, the final patch introduces
> a helper for that purpose.

Series applied to ppc-for-4.0, thanks.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [PATCH v2 1/5] hw/isa/Kconfig: PIIX4 southbridge requires USB UHCI

2019-03-24 Thread Thomas Huth
On 25/03/2019 05.49, Thomas Huth wrote:
> On 16/03/2019 23.39, Philippe Mathieu-Daudé wrote:
>> This fixes when configuring with --without-default-devices:
>>
>>   $ qemu-system-mips64 -M malta --nodefaults -bios /dev/null
>>   qemu-system-mips64: Unknown device 'piix4-usb-uhci' for bus 'PCI'
>>   Aborted (core dumped)
>>
>>   (gdb) bt
>>   #0  0x75a4353f in __GI_raise (sig=sig@entry=6) at 
>> ../sysdeps/unix/sysv/linux/raise.c:50
>>   #1  0x75a2d895 in __GI_abort () at abort.c:79
>>   #2  0x558745c3 in qdev_create (bus=bus@entry=0x56336260, 
>> name=name@entry=0x55b13a4d "piix4-usb-uhci") at hw/core/qdev.c:131
>>   #3  0x558cb3e1 in pci_create_multifunction 
>> (bus=bus@entry=0x56336260, devfn=devfn@entry=82, 
>> multifunction=multifunction@entry=false, name=name@entry=0x55b13a4d 
>> "piix4-usb-uhci") at hw/pci/pci.c:2104
>>   #4  0x558cb88b in pci_create_simple_multifunction 
>> (name=name@entry=0x55b13a4d "piix4-usb-uhci", multifunction=false, 
>> devfn=devfn@entry=82, bus=bus@entry=0x56336260) at hw/pci/pci.c:2126
>>   #5  0x558cb88b in pci_create_simple (bus=bus@entry=0x56336260, 
>> devfn=devfn@entry=82, name=name@entry=0x55b13a4d "piix4-usb-uhci") at 
>> hw/pci/pci.c:2126
>>   #6  0x5575ea38 in mips_malta_init (machine=0x55ffe430) at 
>> hw/mips/mips_malta.c:1392
>>   #7  0x5587bf2b in machine_run_board_init (machine=0x55ffe430) 
>> at hw/core/machine.c:1030
>>
>> Fixes: 7c28b925b7e
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  hw/isa/Kconfig | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig
>> index 57e09a0cb8..c942b47d03 100644
>> --- a/hw/isa/Kconfig
>> +++ b/hw/isa/Kconfig
>> @@ -29,6 +29,7 @@ config PIIX4
>>  # For historical reasons, SuperIO devices are created in the board
>>  # for PIIX4.
>>  select ISA_BUS
>> +select USB_UHCI
> 
> The UHCI controller is not instantiated by hw/isa/piix4.c, but by
> hw/mips/mips_malta.c as far as I can see. And you can use the "pc"
> machine also without uhci. So I think this patch is wrong, the select
> should be done by "MALTA" instead.

Ah, never mind, I mixed up piix3-usb-uhci (used by "pc") and
piix4-usb-uhci (used by "malta"). ... So this UHCI is part of the
chipset? Then I think your patch is fine.

 Thomas



Re: [Qemu-devel] [PATCH v2 1/5] hw/isa/Kconfig: PIIX4 southbridge requires USB UHCI

2019-03-24 Thread Thomas Huth
On 16/03/2019 23.39, Philippe Mathieu-Daudé wrote:
> This fixes when configuring with --without-default-devices:
> 
>   $ qemu-system-mips64 -M malta --nodefaults -bios /dev/null
>   qemu-system-mips64: Unknown device 'piix4-usb-uhci' for bus 'PCI'
>   Aborted (core dumped)
> 
>   (gdb) bt
>   #0  0x75a4353f in __GI_raise (sig=sig@entry=6) at 
> ../sysdeps/unix/sysv/linux/raise.c:50
>   #1  0x75a2d895 in __GI_abort () at abort.c:79
>   #2  0x558745c3 in qdev_create (bus=bus@entry=0x56336260, 
> name=name@entry=0x55b13a4d "piix4-usb-uhci") at hw/core/qdev.c:131
>   #3  0x558cb3e1 in pci_create_multifunction 
> (bus=bus@entry=0x56336260, devfn=devfn@entry=82, 
> multifunction=multifunction@entry=false, name=name@entry=0x55b13a4d 
> "piix4-usb-uhci") at hw/pci/pci.c:2104
>   #4  0x558cb88b in pci_create_simple_multifunction 
> (name=name@entry=0x55b13a4d "piix4-usb-uhci", multifunction=false, 
> devfn=devfn@entry=82, bus=bus@entry=0x56336260) at hw/pci/pci.c:2126
>   #5  0x558cb88b in pci_create_simple (bus=bus@entry=0x56336260, 
> devfn=devfn@entry=82, name=name@entry=0x55b13a4d "piix4-usb-uhci") at 
> hw/pci/pci.c:2126
>   #6  0x5575ea38 in mips_malta_init (machine=0x55ffe430) at 
> hw/mips/mips_malta.c:1392
>   #7  0x5587bf2b in machine_run_board_init (machine=0x55ffe430) 
> at hw/core/machine.c:1030
> 
> Fixes: 7c28b925b7e
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/isa/Kconfig | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig
> index 57e09a0cb8..c942b47d03 100644
> --- a/hw/isa/Kconfig
> +++ b/hw/isa/Kconfig
> @@ -29,6 +29,7 @@ config PIIX4
>  # For historical reasons, SuperIO devices are created in the board
>  # for PIIX4.
>  select ISA_BUS
> +select USB_UHCI

The UHCI controller is not instantiated by hw/isa/piix4.c, but by
hw/mips/mips_malta.c as far as I can see. And you can use the "pc"
machine also without uhci. So I think this patch is wrong, the select
should be done by "MALTA" instead.

 Thomas



Re: [Qemu-devel] [PATCH] e1000: Delay flush queue when receive RCTL

2019-03-24 Thread Jason Wang



On 2019/3/21 上午9:35, yuchenlin wrote:

Ping?

On 2019-03-13 14:56, yuchen...@synology.com wrote:

From: yuchenlin 

Due to too early RCT0 interrput, win10x32 may hang on booting.
This problem can be reproduced by doing power cycle on win10x32 guest.
In our environment, we have 10 win10x32 and stress power cycle.
The problem will happen about 20 rounds.

Below shows some log with comment:

The normal case:

22831@1551928392.984687:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
22831@1551928392.985655:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
22831@1551928392.985801:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
22831@1551928393.056710:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: ICR read: 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
22831@1551928393.077548:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: ICR read: 0
e1000: set_ics 2, ICR 0, IMR 0
e1000: set_ics 2, ICR 2, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
22831@1551928393.102974:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
22831@1551928393.103267:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: RCTL: 255, mac_reg[RCTL] = 0x40002 <- win10x32 says it can handle
RX now
e1000: set_ics 0, ICR 2, IMR 9d <- unmask interrupt
e1000: RCTL: 255, mac_reg[RCTL] = 0x48002
e1000: set_ics 80, ICR 2, IMR 9d <- interrupt and work!
...

The bad case:

27744@1551930483.117766:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
27744@1551930483.118398:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
27744@1551930483.198063:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: ICR read: 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
27744@1551930483.218675:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: set_ics 0, ICR 0, IMR 0
e1000: ICR read: 0
e1000: set_ics 2, ICR 0, IMR 0
e1000: set_ics 2, ICR 2, IMR 0
e1000: RCTL: 0, mac_reg[RCTL] = 0x0
27744@1551930483.241768:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
27744@1551930483.241979:e1000x_rx_disabled Received packet dropped
because receive is disabled RCTL = 0
e1000: RCTL: 255, mac_reg[RCTL] = 0x40002 <- win10x32 says it can handle
RX now
e1000: set_ics 80, ICR 2, IMR 0 <- flush queue (caused by setting RCTL)
e1000: set_ics 0, ICR 82, IMR 9d <- unmask interrupt and because 
0x82&0x9d

!= 0 generate interrupt, hang on here...



Do you mean the interrupt handler is not ready in guest actually?

We used to have similar workarounds like autoneg timer, I wonder if we 
can reuse that.


Thanks




To workaround this problem, simply delay flush queue. Also stop 
receiving

when timer is going to run.

Tested on CentOS, Win7SP1x64 and Win10x32.

Signed-off-by: yuchenlin 
---
 hw/net/e1000.c | 24 ++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/hw/net/e1000.c b/hw/net/e1000.c
index 5e144cb4e4..9b39bccfb2 100644
--- a/hw/net/e1000.c
+++ b/hw/net/e1000.c
@@ -120,6 +120,8 @@ typedef struct E1000State_st {
 bool mit_irq_level;    /* Tracks interrupt pin level. */
 uint32_t mit_ide;  /* Tracks E1000_TXD_CMD_IDE bit. */

+    QEMUTimer *flush_queue_timer;
+
 /* Compatibility flags for migration to/from qemu 1.3.0 and older */
 #define E1000_FLAG_AUTONEG_BIT 0
 #define E1000_FLAG_MIT_BIT 1
@@ -366,6 +368,7 @@ static void e1000_reset(void *opaque)

 timer_del(d->autoneg_timer);
 timer_del(d->mit_timer);
+    timer_del(d->flush_queue_timer);
 d->mit_timer_on = 0;
 d->mit_irq_level = 0;
 d->mit_ide = 0;
@@ -391,6 +394,14 @@ set_ctrl(E1000State *s, int index, uint32_t val)
 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
 }

+static void
+e1000_flush_queue_timer(void *opaque)
+{
+    E1000State *s = opaque;
+
+    qemu_flush_queued_packets(qemu_get_queue(s->nic));
+}
+
 static void
 set_rx_control(E1000State *s, int index, uint32_t val)
 {
@@ -399,7 +410,8 @@ set_rx_control(E1000State *s, int index, uint32_t 
val)

 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
    s->mac_reg[RCTL]);
-    qemu_flush_queued_packets(qemu_get_queue(s->nic));
+    timer_mod(s->flush_queue_timer,
+  qemu_clock

Re: [Qemu-devel] [PATCH V2 3/4] tests/libqos: fix usage of bool in pci-spapr.c

2019-03-24 Thread David Gibson
On Sat, Mar 23, 2019 at 05:26:36PM +0300, Jafar Abdi wrote:
> Clean up wrong usage of FALSE and TRUE in places that use "bool" from 
> stdbool.h.
> 
> FALSE and TRUE (with capital letters) are the constants defined by glib for
> being used with the "gboolean" type of glib. But some parts of the code also 
> use
> TRUE and FALSE for variables that are declared as "bool" (the type from 
> ).
> 
> Signed-off-by: Jafar Abdi 
> Reviewed-by: Eric Blake 

I've applied this to my ppc-for-4.1 tree.  If it goes in elsewhere as
well, that's fine, it's a trivial merge.

> ---
>  tests/libqos/pci-spapr.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tests/libqos/pci-spapr.c b/tests/libqos/pci-spapr.c
> index 6925925..58ba27a 100644
> --- a/tests/libqos/pci-spapr.c
> +++ b/tests/libqos/pci-spapr.c
> @@ -156,7 +156,7 @@ void qpci_init_spapr(QPCIBusSPAPR *qpci, QTestState *qts,
>  assert(qts);
>  
>  /* tests cannot use spapr, needs to be fixed first */
> -qpci->bus.has_buggy_msi = TRUE;
> +qpci->bus.has_buggy_msi = true;
>  
>  qpci->alloc = alloc;
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [RFC for-4.1 00/25] Many style fixes for target/ppc

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 07:55:57AM +0100, Markus Armbruster wrote:
> David Gibson  writes:
> 
> > target/ppc has a lot of old code that doesn't stick to the modern
> > style guidelines.  That means we keep getting checkpatch warnings from
> > code motions in there, or from people copying the local style rather
> > than the global style.
> >
> > I'm sick of it, so here's a big series to fix many of the style
> > problems in target/ppc.
> >
> > It doesn't cover every checkpatch warning: outright false positives
> > are ignored of course, but there are also some things that it's not
> > obvious how to fix (often involving hairy nested macros).  Still, it's
> > a good start.
> 
> I reply because you marked this RFC, which indicates some uncertainty.
> I'd like to encourage you.

Well, in this case RFC was more a flag that I don't consider these
patches ready to merge right away.  But sure, I'll take encouragement.

> The more bad examples exist in the code, the more time we'll waste on
> correcting them in patch submission.  You're sick of it.  You're right.
> 
> We've demanded compliance to the QEMU coding style since 2009 (commit
> e68b98dc723).  If we had started to clean up existing code back then,
> we'd be long done by now, and style cleanup's annoying impact on
> git-blame would've long decayed to irrelevant levels.
> 
> I expect the only regrets you'll have about this series is not to have
> done it earlier.

Well.. the potential for conflicts with outstanding patches worries me
a bit, but I definitely want to go ahead with this some time pretty
soon.
> 
> Diffstat without the patches you included by mistake:
> 
>  26 files changed, 1210 insertions(+), 802 deletions(-)
> 
> This is actually a rather small fraction of the PPC code:
> 
> $ git-ls-files hw/ppc/ include/hw/ppc target/ppc/ | xargs wc | tail -n 1
>   90193  284261 3087364 total
> $ git-ls-files hw/ppc/ include/hw/ppc target/ppc/ | wc -l
> 128

Right, I'm only looking at target/ppc in this series, since that's
where I've most encountered the problems.  The spapr code in hw/ppc is
mostly style compliant already.  The other machines are a mixed bag,
but I think they're mostly better than target/ppc at any rate.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [PATCH for-4.0 1/3] target/ppc: Fix TCG temporary leaks in gen_bcond()

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 07:03:40PM +0100, Greg Kurz wrote:
> Signed-off-by: Greg Kurz 

Applied to ppc-for-4.0.

> ---
>  target/ppc/translate.c |2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index 98b37cebc2f5..aaafa3a715d8 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -3749,6 +3749,8 @@ static void gen_bcond(DisasContext *ctx, int type)
>  TCGv temp = tcg_temp_new();
>  if (unlikely(type == BCOND_CTR)) {
>  gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
> +tcg_temp_free(temp);
> +tcg_temp_free(target);
>  return;
>  }
>  tcg_gen_subi_tl(cpu_ctr, cpu_ctr, 1);
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [PULL 02/29] ppc/spapr: Receive and store device tree blob from SLOF

2019-03-24 Thread David Gibson
On Sun, Mar 24, 2019 at 12:03:54AM -0400, Brad Smith wrote:
> Now that I am checking out 4.0.0 rc's I see this diff is broken and
> depends on a function libfdt does not expose. The breakage is
> hidden by the fallback check in the configure script.

Ah, bother.  That keeps happening, unfortunately.  I think it's
because so many people use libfdt embedded, rather than as a shared
library that we tend not to notice.

I guess we should figure out how to force the testsuite to link
against the shared library rather than static to test for this.  I'll
look into it if I have time (which is a big if).

> 
> On 1/8/2019 5:45 PM, David Gibson wrote:
> > From: Alexey Kardashevskiy 
> > 
> > SLOF receives a device tree and updates it with various properties
> > before switching to the guest kernel and QEMU is not aware of any changes
> > made by SLOF. Since there is no real RTAS (QEMU implements it), it makes
> > sense to pass the SLOF final device tree to QEMU to let it implement
> > RTAS related tasks better, such as PCI host bus adapter hotplug.
> > 
> > Specifially, now QEMU can find out the actual XICS phandle (for PHB
> > hotplug) and the RTAS linux,rtas-entry/base properties (for firmware
> > assisted NMI - FWNMI).
> > 
> > This stores the initial DT blob in the sPAPR machine and replaces it
> > in the KVMPPC_H_UPDATE_DT (new private hypercall) handler.
> > 
> > This adds an @update_dt_enabled machine property to allow backward
> > migration.
> > 
> > SLOF already has a hypercall since
> > https://github.com/aik/SLOF/commit/e6fc84652c9c0073f9183
> > 
> > This makes use of the new fdt_check_full() helper. In order to allow
> > the configure script to pick the correct DTC version, this adjusts
> > the DTC presense test.
> > 
> > Signed-off-by: Alexey Kardashevskiy 
> > Reviewed-by: Greg Kurz 
> > Signed-off-by: David Gibson 
> > Signed-off-by: Greg Kurz 
> > Signed-off-by: David Gibson 
> > ---
> >   configure  |  2 +-
> >   hw/ppc/spapr.c | 43 +-
> >   hw/ppc/spapr_hcall.c   | 42 +
> >   hw/ppc/trace-events|  3 +++
> >   include/hw/ppc/spapr.h |  7 ++-
> >   5 files changed, 94 insertions(+), 3 deletions(-)
> > 
> > diff --git a/configure b/configure
> > index b9f34afc9e..8049b71eef 100755
> > --- a/configure
> > +++ b/configure
> > @@ -3939,7 +3939,7 @@ if test "$fdt" != "no" ; then
> > cat > $TMPC << EOF
> >   #include 
> >   #include 
> > -int main(void) { fdt_first_subnode(0, 0); return 0; }
> > +int main(void) { fdt_check_full(NULL, 0); return 0; }
> >   EOF
> > if compile_prog "" "$fdt_libs" ; then
> >   # system DTC is good - use it
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index 5fba04e7b2..7e61f1e5ff 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -1669,7 +1669,10 @@ static void spapr_machine_reset(void)
> >   /* Load the fdt */
> >   qemu_fdt_dumpdtb(fdt, fdt_totalsize(fdt));
> >   cpu_physical_memory_write(fdt_addr, fdt, fdt_totalsize(fdt));
> > -g_free(fdt);
> > +g_free(spapr->fdt_blob);
> > +spapr->fdt_size = fdt_totalsize(fdt);
> > +spapr->fdt_initial_size = spapr->fdt_size;
> > +spapr->fdt_blob = fdt;
> >   /* Set up the entry state */
> >   spapr_cpu_set_entry_state(first_ppc_cpu, SPAPR_ENTRY_POINT, fdt_addr);
> > @@ -1920,6 +1923,39 @@ static const VMStateDescription 
> > vmstate_spapr_irq_map = {
> >   },
> >   };
> > +static bool spapr_dtb_needed(void *opaque)
> > +{
> > +sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(opaque);
> > +
> > +return smc->update_dt_enabled;
> > +}
> > +
> > +static int spapr_dtb_pre_load(void *opaque)
> > +{
> > +sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
> > +
> > +g_free(spapr->fdt_blob);
> > +spapr->fdt_blob = NULL;
> > +spapr->fdt_size = 0;
> > +
> > +return 0;
> > +}
> > +
> > +static const VMStateDescription vmstate_spapr_dtb = {
> > +.name = "spapr_dtb",
> > +.version_id = 1,
> > +.minimum_version_id = 1,
> > +.needed = spapr_dtb_needed,
> > +.pre_load = spapr_dtb_pre_load,
> > +.fields = (VMStateField[]) {
> > +VMSTATE_UINT32(fdt_initial_size, sPAPRMachineState),
> > +VMSTATE_UINT32(fdt_size, sPAPRMachineState),
> > +VMSTATE_VBUFFER_ALLOC_UINT32(fdt_blob, sPAPRMachineState, 0, NULL,
> > + fdt_size),
> > +VMSTATE_END_OF_LIST()
> > +},
> > +};
> > +
> >   static const VMStateDescription vmstate_spapr = {
> >   .name = "spapr",
> >   .version_id = 3,
> > @@ -1949,6 +1985,7 @@ static const VMStateDescription vmstate_spapr = {
> >   &vmstate_spapr_cap_ibs,
> >   &vmstate_spapr_irq_map,
> >   &vmstate_spapr_cap_nested_kvm_hv,
> > +&vmstate_spapr_dtb,
> >   NULL
> >   }
> >   };
> > @@ -3931,6 +3968,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
> > void *data)
> >   hc->

Re: [Qemu-devel] [PATCH v12 for-4.1 02/11] qemu_thread: supplement error handling for qemu_X_start_vcpu

2019-03-24 Thread David Gibson
On Mon, Mar 25, 2019 at 12:51:57AM +0800, Fei Li wrote:
> From: Fei Li 
> 
> The callers of qemu_init_vcpu() already passed the **errp to handle
> errors. In view of this, add a new Error parameter to qemu_init_vcpu()
> and all qemu_X_start_vcpu() functions called by qemu_init_vcpu() to
> propagate the error and let the further callers check it.
> 
> Besides, make qemu_init_vcpu() return a Boolean value to let its
> callers know whether it succeeds.
> 
> Cc: Paolo Bonzini 
> Signed-off-by: Fei Li 
> Reviewed-by: Fam Zheng 
> Reviewed-by: Juan Quintela 
> Reviewed-by: Markus Armbruster 

ppc parts

Acked-by: David Gibson 

> ---
>  accel/tcg/user-exec-stub.c  |  3 +-
>  cpus.c  | 74 
> +++--
>  include/qom/cpu.h   |  2 +-
>  target/alpha/cpu.c  |  4 ++-
>  target/arm/cpu.c|  4 ++-
>  target/cris/cpu.c   |  4 ++-
>  target/hppa/cpu.c   |  4 ++-
>  target/i386/cpu.c   |  4 ++-
>  target/lm32/cpu.c   |  4 ++-
>  target/m68k/cpu.c   |  4 ++-
>  target/microblaze/cpu.c |  4 ++-
>  target/mips/cpu.c   |  4 ++-
>  target/moxie/cpu.c  |  4 ++-
>  target/nios2/cpu.c  |  4 ++-
>  target/openrisc/cpu.c   |  4 ++-
>  target/ppc/translate_init.inc.c |  4 ++-
>  target/riscv/cpu.c  |  4 ++-
>  target/s390x/cpu.c  |  4 ++-
>  target/sh4/cpu.c|  4 ++-
>  target/sparc/cpu.c  |  4 ++-
>  target/tilegx/cpu.c |  4 ++-
>  target/tricore/cpu.c|  4 ++-
>  target/unicore32/cpu.c  |  4 ++-
>  target/xtensa/cpu.c |  4 ++-
>  24 files changed, 108 insertions(+), 55 deletions(-)
> 
> diff --git a/accel/tcg/user-exec-stub.c b/accel/tcg/user-exec-stub.c
> index a32b4496af..f8c38a375c 100644
> --- a/accel/tcg/user-exec-stub.c
> +++ b/accel/tcg/user-exec-stub.c
> @@ -10,8 +10,9 @@ void cpu_resume(CPUState *cpu)
>  {
>  }
>  
> -void qemu_init_vcpu(CPUState *cpu)
> +bool qemu_init_vcpu(CPUState *cpu, Error **errp)
>  {
> +return true;
>  }
>  
>  /* User mode emulation does not support record/replay yet.  */
> diff --git a/cpus.c b/cpus.c
> index 2c70c06da8..fe58940407 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -1932,7 +1932,7 @@ void cpu_remove_sync(CPUState *cpu)
>  /* For temporary buffers for forming a name */
>  #define VCPU_THREAD_NAME_SIZE 16
>  
> -static void qemu_tcg_init_vcpu(CPUState *cpu)
> +static void qemu_tcg_init_vcpu(CPUState *cpu, Error **errp)
>  {
>  char thread_name[VCPU_THREAD_NAME_SIZE];
>  static QemuCond *single_tcg_halt_cond;
> @@ -1962,17 +1962,20 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
>  snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/TCG",
>   cpu->cpu_index);
>  
> -/* TODO: let the callers handle the error instead of abort() 
> here */
> -qemu_thread_create(cpu->thread, thread_name, 
> qemu_tcg_cpu_thread_fn,
> -   cpu, QEMU_THREAD_JOINABLE, &error_abort);
> +if (qemu_thread_create(cpu->thread, thread_name,
> +   qemu_tcg_cpu_thread_fn, cpu,
> +   QEMU_THREAD_JOINABLE, errp) < 0) {
> +return;
> +}
>  
>  } else {
>  /* share a single thread for all cpus with TCG */
>  snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "ALL CPUs/TCG");
> -/* TODO: let the callers handle the error instead of abort() 
> here */
> -qemu_thread_create(cpu->thread, thread_name,
> -   qemu_tcg_rr_cpu_thread_fn,
> -   cpu, QEMU_THREAD_JOINABLE, &error_abort);
> +if (qemu_thread_create(cpu->thread, thread_name,
> +   qemu_tcg_rr_cpu_thread_fn, cpu,
> +   QEMU_THREAD_JOINABLE, errp) < 0) {
> +return;
> +}
>  
>  single_tcg_halt_cond = cpu->halt_cond;
>  single_tcg_cpu_thread = cpu->thread;
> @@ -1990,7 +1993,7 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
>  }
>  }
>  
> -static void qemu_hax_start_vcpu(CPUState *cpu)
> +static void qemu_hax_start_vcpu(CPUState *cpu, Error **errp)
>  {
>  char thread_name[VCPU_THREAD_NAME_SIZE];
>  
> @@ -2000,15 +2003,16 @@ static void qemu_hax_start_vcpu(CPUState *cpu)
>  
>  snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/HAX",
>   cpu->cpu_index);
> -/* TODO: let the further caller handle the error instead of abort() here 
> */
> -qemu_thread_create(cpu->thread, thread_name, qemu_hax_cpu_thread_fn,
> -   cpu, QEMU_THREAD_JOINABLE, &error_abort);
> +if (qemu_thread_create(cpu->thread, thread_name, qemu_hax_cpu_thread_fn,
> +   cpu, QEMU_THREAD_JOINABLE, errp) < 0) {
> + 

Re: [Qemu-devel] [PATCH] device_tree: check device tree blob file size

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 09:14:53AM +, Peter Maydell wrote:
> On Fri, 22 Mar 2019 at 07:38, P J P  wrote:
> >
> > From: Prasad J Pandit 
> >
> > Device tree blob(dtb) file can not be larger than 2MB in size.[*]
> > Add check to avoid loading large dtb files in load_device_tree(),
> > and potential integer(dt_size) overflow.
> >
> > [*] linux.git/tree/Documentation/arm64/booting.txt
> 
> This document is specific to aarch64, but the part of
> QEMU's device tree code being modified here is
> architecture independent.
> 
> Cc'ing David Gibson who will probably know if there is
> an architecture-independent limit on DTB size we should
> be enforcing, or whether we are better just to have a check
> that avoids the overflow.

The only inherent limit to dtb size should be 2^31-1 bytes (the format
uses signed 32-bit ints as offsets).

Indeed there shouldn't be any architecture (as in instruction set)
dependent limits either.  There may however be more specific platform
dependent limits.

> It's also worth noting in the commit message that this is
> not a security problem -- even if the "add 1 and double"
> calculation overflows, the load_image_size() function will
> not load more data into the buffer than will fit, so the
> behaviour will be to truncate the DTB.

Yeah, you should probably make that hard error rather than truncating.
If a system works with a truncated tree, it can only be by sheer
accident.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [PATCH V2 3/4] tests/libqos: fix usage of bool in pci-spapr.c

2019-03-24 Thread David Gibson
On Sat, Mar 23, 2019 at 05:26:36PM +0300, Jafar Abdi wrote:
> Clean up wrong usage of FALSE and TRUE in places that use "bool" from 
> stdbool.h.
> 
> FALSE and TRUE (with capital letters) are the constants defined by glib for
> being used with the "gboolean" type of glib. But some parts of the code also 
> use
> TRUE and FALSE for variables that are declared as "bool" (the type from 
> ).
> 
> Signed-off-by: Jafar Abdi 
> Reviewed-by: Eric Blake 

Acked-by: David Gibson 

> ---
>  tests/libqos/pci-spapr.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tests/libqos/pci-spapr.c b/tests/libqos/pci-spapr.c
> index 6925925..58ba27a 100644
> --- a/tests/libqos/pci-spapr.c
> +++ b/tests/libqos/pci-spapr.c
> @@ -156,7 +156,7 @@ void qpci_init_spapr(QPCIBusSPAPR *qpci, QTestState *qts,
>  assert(qts);
>  
>  /* tests cannot use spapr, needs to be fixed first */
> -qpci->bus.has_buggy_msi = TRUE;
> +qpci->bus.has_buggy_msi = true;
>  
>  qpci->alloc = alloc;
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [PATCH] device_tree: check device tree blob file size

2019-03-24 Thread David Gibson
On Fri, Mar 22, 2019 at 10:30:51AM +, Peter Maydell wrote:
> On Fri, 22 Mar 2019 at 10:11, P J P  wrote:
> >
> > +-- On Fri, 22 Mar 2019, Peter Maydell wrote --+
> > | This document is specific to aarch64, but the part of
> > | QEMU's device tree code being modified here is
> > | architecture independent.
> > |
> > | Cc'ing David Gibson who will probably know if there is
> > | an architecture-independent limit on DTB size we should
> > | be enforcing, or whether we are better just to have a check
> > | that avoids the overflow.
> >
> > Thank you for CC'ing David. It seems Agraf did not receive email @suse.de.
> 
> Yes, Alex's email has changed (I've updated the cc list).
> 
> > Current limit defined by FDT_MAX_SIZE is ~1MB.
> 
> But currently this is only used when creating a DT from scratch.

Right, and AFAIK the only reason we have a fixed buffer size for that
is because it avoids having to mess around with reallocation if we hit
an -FDT_ERR_NOSPACE during creation.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [Qemu-devel] [RFT 0/4] Don't start virtqueues that are not enabled for vhost

2019-03-24 Thread Jason Wang



On 2019/3/24 下午6:53, Yuri Benditovich wrote:

Hi Jason,

This series does not do the job. Test case: tap, 4 queues, 2 CPU (so
only 2 queues are enabled)
For Q0 and Q1 vhost_net_start_one succeeds,
For Q2:
vhost_net_start_one calls vhost_dev_start (the call succeeds, does not
start queue that is not enabled),
then vhost_net_start_one calls vhost_net_set_backend, the call fails

Thanks,
Yuri



Thanks a lot for the testing. I miss the case of 
vhost_net_set_backend(). Let me post a simplified V2.





On Fri, Mar 22, 2019 at 11:28 AM Jason Wang  wrote:

Hi:

This series try to avoid starting virtqueue that is not enabled. This
is done through querying it through a bus specific way and skip the
virtqueues if not enabled when starting vhost virtqueues.

Only PCI is implemented, maybe it's better to move the enable flag to
virito genenic virtqueue structure.

Yuri, Could you please to test this series to see if it solves the
issues when using windows driver?

Thanks

Jason Wang (4):
   virtio-bus: introduce a new method for querying the queue status
   virtio-pci: set enabled for legacy device
   virtio-pci: implement queue_enabled
   vhost_net: don't start vhost for the virtqueue that is not enabled

  hw/virtio/vhost.c  | 11 +++
  hw/virtio/virtio-pci.c | 12 +++-
  include/hw/virtio/virtio-bus.h |  4 
  3 files changed, 26 insertions(+), 1 deletion(-)

--
2.19.1





[Qemu-devel] [PATCH V2 RFT] vhost_net: don't set backend for the uninitialized virtqueue

2019-03-24 Thread Jason Wang
We used to set backend unconditionally, this won't work for some
guests (e.g windows driver) who may not initialize all virtqueues. For
kernel backend, this will fail since it may try to validate the rings
during setting backend.

Fixing this by simply skipping the backend set when we find desc is
not ready.

Signed-off-by: Jason Wang 
---
 hw/net/vhost_net.c | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index be3cc88370..04fd924d15 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -221,6 +221,7 @@ static int vhost_net_start_one(struct vhost_net *net,
VirtIODevice *dev)
 {
 struct vhost_vring_file file = { };
+hwaddr a;
 int r;
 
 net->dev.nvqs = 2;
@@ -244,6 +245,13 @@ static int vhost_net_start_one(struct vhost_net *net,
 qemu_set_fd_handler(net->backend, NULL, NULL, NULL);
 file.fd = net->backend;
 for (file.index = 0; file.index < net->dev.nvqs; ++file.index) {
+a = virtio_queue_get_desc_addr(dev,
+   net->dev.vq_index +
+   file.index);
+if (a == 0) {
+/* Queue might not be ready for start */
+continue;
+}
 r = vhost_net_set_backend(&net->dev, &file);
 if (r < 0) {
 r = -errno;
@@ -256,6 +264,13 @@ fail:
 file.fd = -1;
 if (net->nc->info->type == NET_CLIENT_DRIVER_TAP) {
 while (file.index-- > 0) {
+a = virtio_queue_get_desc_addr(dev,
+   net->dev.vq_index +
+   file.index);
+if (a == 0) {
+/* Queue might not be ready for start */
+continue;
+}
 int r = vhost_net_set_backend(&net->dev, &file);
 assert(r >= 0);
 }
-- 
2.19.1




Re: [Qemu-devel] [PATCH] migration: avoid copying ignore-shared ramblock when in incoming migration

2019-03-24 Thread Peter Xu
On Fri, Mar 22, 2019 at 10:12:11AM +, Dr. David Alan Gilbert wrote:

[...]

> > In general, when we reset the system, we want to bring it
> > back to exactly the state that it was in when QEMU was
> > first started. That means we need to reload all the rom blob
> > data into memory (because the guest might have modified
> > that memory while it was running).
> > 
> > If I understand correctly from other threads, the idea is
> > that some of the RAM is shared between source and destination
> > so it does not need to be manually copied during migration.
> > If that is correct, then perhaps the right thing is that
> > in the rom_reset code:
> >  * if this rom blob is being loaded into a "shared" ram block
> >  * and this reset is happening specifically before an
> >inbound migration
> >  * then skip loading the rom blob data
> > 
> > ?
> > 
> > I don't know the right way to determine either the "is this
> > a shared ram area" or "is this the reset prior to inbound
> > migration", but perhaps you can fill that in.
> 
> Right, so in Catherine's patch there's a simple in_incoming_migration
> and checking ramblock_is_ignored;  it might be better to use the
> qemu_ram_is_shared() call and I wonder if we can just check for being in
> RUN_STATE_INMIGRATE - if that's early enough.

Yes I feel like runstate_check(RUN_STATE_INMIGRATE) should be enough
to replace the new variable.  And I'm even thinking whether we need to
check qemu_ram_is_shared() at all... if rom_reset() simply refills the
ROM data into the RAMs, then IIUC that operation could be skipped for
all incoming migrations because all those ROM data (no matter they are
filled into shared RAM or not) should already have been filled on the
source side and:

- if the ROM data's RAMBlock is shared backend, the latest data should
  already been there on the shared backend files, or,

- if the ROM data's RAMBlock is not shared backend, they'll eventually
  be migrated to the destination later on after this rom_reset() on
  destination by the general RAM migration code.

Regards,

-- 
Peter Xu



Re: [Qemu-devel] [PATCH v12 for-4.1 00/11] qemu_thread_create: propagate the error to callers to handle

2019-03-24 Thread Fei Li

Emm, the order seems a mess.. I will resend this patch series later as v13.

So sorry for the trouble!

Have a nice day

Fei

在 2019/3/25 上午1:21, Fei Li 写道:

Hi,

This idea comes from BiteSizedTasks, and this patch series implement
the error checking of qemu_thread_create: make qemu_thread_create
return a flag to indicate if it succeeded rather than failing with
an error; make all callers check it.

The first patch modifies the qemu_thread_create() by passing
&error_abort and returing a value to indicate if it succeeds. The next
10 patches will improve on &error_abort for callers who could handle
more properly.

Please help to review, thanks a lot!

v12:
- For patch 6/11, make event_thread terminate by stopping vevent
   thread when failing to create handle_apdu_thread.
- Rectify the commit message for patch 7/11, 8/11.
- For patch 9/11, change two cleanup sentences' order when failing
   to create multifd_recv_thread.
- For patch 11/11, fix the SIGBUS conflict for touch_all_pages().

v11:
- Resend as I sent the last version in a mess..

v10:
- Make qemu_thread_create() return -errno instead of a Boolean.
- Add more cleanup for pci_edu_realize()/emulated_realize().
- Polish for iothread_complete()/compress_threads_save_cleanup()/
   vnc_start_worker_thread()/touch_all_pages.
- Change to return H_HARDWARE for h_resize_hpt_prepare().
- Remove five derivative patches as they have been merged.

v9:
- To ease the review and involve the appropriate maintainers, split
   the previous 6/7 patch into 10 patches: the 6/16 patch passes
   the &error_abort to qemu_thread_create() everywhere, and the next
   9 patches will improve on &error_abort for callers who need.
- Add a new patch 5/7 to unify error handling for
   process_incoming_migration_co().
- Merge the previous 2/7 to current 7/16 to collaboratively handle
   for qemu_X_start_vcpu and for the qemu_init_vpcu in each arch.
- Add comment for multifd_recv_new_channel() in current patch 2/7.

v8:
- Remove previous two patches trying to fix the multifd issue on the
   source side, as we are still waiting for maintainer's opinions.
- Use atomic_read to get multifd_recv_state->count in patch 3/7.
- Get three more "Reviewed-by:".

v7:
- Split the previous multifd-migration into two patches: the src and
   the dst. For the dst, only dump the error instead of quitting.
- Safely do the cleanup for postcopy_ram_enable_notify().
- Split the previous migration-error-handling patch into two patches.

v6:
- Add a new migration-multifd related patch. BTW, delete the previous
   vnc related patch as it has been upstreamed.
- Use error_setg_errno() to set the errno when qemu_thread_create()
   fails for both Linux and Windows implementation.
- Optimize the first patch, less codes are needed

v5:
- Remove `errno = err` in qemu_thread_create() for Linux, and change
   `return errno` to `return -1` in qemu_signal_init() to indicate
   the error in case qemu_thread_create() fails.
- Delete the v4-added qemu_cond/mutex_destroy() in iothread_complete()
   as the destroy() will be done by its callers' object_unref().

v4:
- Separate the migration compression patch from this series
- Add one more error handling patch related with migration
- Add more cleaning up code for touched functions

v3:
- Add two migration related patches to fix the segmentaion fault
- Extract the segmentation fault fix from v2's last patch to be a
   separate patch

v2:
- Pass errp straightly instead of using a local_err & error_propagate
- Return a bool: false/true to indicate if one function succeeds
- Merge v1's last two patches into one to avoid the compile error
- Fix one omitted error in patch1 and update some error messages


Fei Li (11):
   qemu_thread: make qemu_thread_create() take Error ** argument
   qemu_thread: supplement error handling for qemu_X_start_vcpu
   qemu_thread: supplement error handling for qmp_dump_guest_memory
   qemu_thread: supplement error handling for pci_edu_realize
   qemu_thread: supplement error handling for h_resize_hpt_prepare
   qemu_thread: supplement error handling for emulated_realize
   qemu_thread: supplement error handling for iothread_complete
   qemu_thread: supplement error handling for qemu_signalfd_compat
   qemu_thread: supplement error handling for migration
   qemu_thread: supplement error handling for vnc_start_worker_thread
   qemu_thread: supplement error handling for touch_all_pages

  accel/tcg/user-exec-stub.c  |  3 +-
  cpus.c  | 69 +
  dump.c  |  2 +-
  hw/misc/edu.c   | 11 +--
  hw/ppc/spapr_hcall.c| 10 --
  hw/rdma/rdma_backend.c  |  3 +-
  hw/usb/ccid-card-emulated.c | 16 +++---
  include/qemu/thread.h   |  6 ++--
  include/qom/cpu.h   |  2 +-
  io/task.c   |  3 +-
  iothread.c  | 17 +++---
  migration/migration.c   | 30 

Re: [Qemu-devel] [PATCH] docker: trivial changes to `make docker` help

2019-03-24 Thread Fam Zheng



> On Mar 22, 2019, at 05:25, Wainer dos Santos Moschetta  
> wrote:
> 
> Apply double quotes and period punctuation uniformly.
> 
> Signed-off-by: Wainer dos Santos Moschetta 
> ---
> tests/docker/Makefile.include | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
> index 60314d293a..c0e1bf57a3 100644
> --- a/tests/docker/Makefile.include
> +++ b/tests/docker/Makefile.include
> @@ -151,15 +151,15 @@ docker:
>   @echo
>   @echo 'docker:  Print this help.'
>   @echo 'docker-all-tests:Run all image/test combinations.'
> - @echo 'docker-TEST: Run TEST on all image combinations.'
> + @echo 'docker-TEST: Run "TEST" on all image combinations.'
>   @echo 'docker-clean:Kill and remove residual docker testing 
> containers.'
>   @echo 'docker-TEST@IMAGE:   Run "TEST" in container "IMAGE".'
>   @echo ' Note: "TEST" is one of the listed test 
> name,'
>   @echo ' or a script name under 
> $$QEMU_SRC/tests/docker/;'
> - @echo ' "IMAGE" is one of the listed container 
> name."'
> + @echo ' "IMAGE" is one of the listed container 
> name.'
>   @echo 'docker-image:Build all images.'
>   @echo 'docker-image-IMAGE:  Build image "IMAGE".'
> - @echo 'docker-run:  For manually running a "TEST" with 
> "IMAGE"'
> + @echo 'docker-run:  For manually running a "TEST" with 
> "IMAGE".'
>   @echo
>   @echo 'Available container images:'
>   @echo '$(DOCKER_IMAGES)'
> -- 
> 2.20.1
> 
> 

Reviewed-by: Fam Zheng 





Re: [Qemu-devel] [Qemu-ppc] [PATCH for-4.0 3/3] target/ppc: Consolidate 64-bit server processor detection in a helper

2019-03-24 Thread Suraj Jitindar Singh
On Fri, 2019-03-22 at 19:03 +0100, Greg Kurz wrote:
> We use PPC_SEGMENT_64B in various places to guard code that is
> specific
> to 64-bit server processors compliant with arch 2.x. Consolidate the
> logic in a helper macro with an explicit name.

Tested-by: Suraj Jitindar Singh 

> 
> Signed-off-by: Greg Kurz 
> ---
>  hw/ppc/ppc.c |2 +-
>  target/ppc/cpu.h |6 ++
>  target/ppc/helper_regs.h |2 +-
>  target/ppc/translate.c   |   10 --
>  4 files changed, 12 insertions(+), 8 deletions(-)
> 
> diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
> index 49d57469fb34..ad20584f268d 100644
> --- a/hw/ppc/ppc.c
> +++ b/hw/ppc/ppc.c
> @@ -1101,7 +1101,7 @@ clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env,
> uint32_t freq)
>  tb_env = g_malloc0(sizeof(ppc_tb_t));
>  env->tb_env = tb_env;
>  tb_env->flags = PPC_DECR_UNDERFLOW_TRIGGERED;
> -if (env->insns_flags & PPC_SEGMENT_64B) {
> +if (is_book3s_arch2x(env)) {
>  /* All Book3S 64bit CPUs implement level based DEC logic */
>  tb_env->flags |= PPC_DECR_UNDERFLOW_LEVEL;
>  }
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index fc12b4688e8c..070717758452 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -2409,6 +2409,12 @@ enum {
>  target_ulong cpu_read_xer(CPUPPCState *env);
>  void cpu_write_xer(CPUPPCState *env, target_ulong xer);
>  
> +/*
> + * All 64-bit server processors compliant with arch 2.x, ie. 970 and
> newer,
> + * have PPC_SEGMENT_64B.
> + */
> +#define is_book3s_arch2x(ctx) (!!((ctx)->insns_flags &
> PPC_SEGMENT_64B))
> +
>  static inline void cpu_get_tb_cpu_state(CPUPPCState *env,
> target_ulong *pc,
>  target_ulong *cs_base,
> uint32_t *flags)
>  {
> diff --git a/target/ppc/helper_regs.h b/target/ppc/helper_regs.h
> index a2205e1044c9..c863abc0bfc3 100644
> --- a/target/ppc/helper_regs.h
> +++ b/target/ppc/helper_regs.h
> @@ -152,7 +152,7 @@ static inline int hreg_store_msr(CPUPPCState
> *env, target_ulong value,
>   * - 64-bit embedded implementations do not need any operation
> to be
>   *   performed when PR is set.
>   */
> -if ((env->insns_flags & PPC_SEGMENT_64B) && ((value >> MSR_PR) &
> 1)) {
> +if (is_book3s_arch2x(env) && ((value >> MSR_PR) & 1)) {
>  value |= (1 << MSR_EE) | (1 << MSR_DR) | (1 << MSR_IR);
>  }
>  #endif
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index d3aaa6482c6a..576210d901ad 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -3755,7 +3755,7 @@ static void gen_bcond(DisasContext *ctx, int
> type)
>   * arch 2.x, do implement a "test and decrement" logic
> instead,
>   * as described in their respective UMs.
>   */
> -if (unlikely(!(ctx->insns_flags & PPC_SEGMENT_64B))) {
> +if (unlikely(!is_book3s_arch2x(ctx))) {
>  gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
>  tcg_temp_free(temp);
>  tcg_temp_free(target);
> @@ -3913,7 +3913,7 @@ static void gen_rfi(DisasContext *ctx)
>  /* This instruction doesn't exist anymore on 64-bit server
>   * processors compliant with arch 2.x
>   */
> -if (ctx->insns_flags & PPC_SEGMENT_64B) {
> +if (is_book3s_arch2x(ctx)) {
>  gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
>  return;
>  }
> @@ -6535,8 +6535,7 @@ static void gen_msgclr(DisasContext *ctx)
>  GEN_PRIV;
>  #else
>  CHK_HV;
> -/* 64-bit server processors compliant with arch 2.x */
> -if (ctx->insns_flags & PPC_SEGMENT_64B) {
> +if (is_book3s_arch2x(ctx)) {
>  gen_helper_book3s_msgclr(cpu_env, cpu_gpr[rB(ctx->opcode)]);
>  } else {
>  gen_helper_msgclr(cpu_env, cpu_gpr[rB(ctx->opcode)]);
> @@ -6550,8 +6549,7 @@ static void gen_msgsnd(DisasContext *ctx)
>  GEN_PRIV;
>  #else
>  CHK_HV;
> -/* 64-bit server processors compliant with arch 2.x */
> -if (ctx->insns_flags & PPC_SEGMENT_64B) {
> +if (is_book3s_arch2x(ctx)) {
>  gen_helper_book3s_msgsnd(cpu_gpr[rB(ctx->opcode)]);
>  } else {
>  gen_helper_msgsnd(cpu_gpr[rB(ctx->opcode)]);
> 
> 



Re: [Qemu-devel] [Qemu-ppc] [PATCH for-4.0 1/3] target/ppc: Fix TCG temporary leaks in gen_bcond()

2019-03-24 Thread Suraj Jitindar Singh
On Fri, 2019-03-22 at 19:03 +0100, Greg Kurz wrote:
> Signed-off-by: Greg Kurz 

Tested-by: Suraj Jitindar Singh 

> ---
>  target/ppc/translate.c |2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index 98b37cebc2f5..aaafa3a715d8 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -3749,6 +3749,8 @@ static void gen_bcond(DisasContext *ctx, int
> type)
>  TCGv temp = tcg_temp_new();
>  if (unlikely(type == BCOND_CTR)) {
>  gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
> +tcg_temp_free(temp);
> +tcg_temp_free(target);
>  return;
>  }
>  tcg_gen_subi_tl(cpu_ctr, cpu_ctr, 1);
> 
> 



Re: [Qemu-devel] [Qemu-ppc] [PATCH for-4.0 2/3] target/ppc: Enable "decrement and test CTR" version of bcctr

2019-03-24 Thread Suraj Jitindar Singh
On Fri, 2019-03-22 at 19:03 +0100, Greg Kurz wrote:
> Even if all ISAs up to v3 indeed mention:
> 
> If the "decrement and test CTR" option is specified (BO2=0), the
> instruction form is invalid.
> 
> The UMs of all existing 64-bit server class processors say:
> 
> If BO[2] = 0, the contents of CTR (before any update) are used as
> the
> target address and for the test of the contents of CTR to resolve
> the
> branch. The contents of the CTR are then decremented and written
> back
> to the CTR.
> 
> The linux kernel has spectre v2 mitigation code that relies on a
> BO[2] = 0 variant of bcctr, which is now activated by default on
> spapr, even with TCG. This causes linux guests to panic with
> the default machine type under TCG.
> 
> Since any CPU model can provide its own behaviour for invalid forms,
> we could possibly introduce a new instruction flag to handle this.
> In practice, since the behaviour is shared by all 64-bit server
> processors starting with 970 up to POWER9, let's reuse the
> PPC_SEGMENT_64B flag. Caveat: this may have to be fixed later if
> POWER10 introduces a different behaviour.
> 
> The existing behaviour of throwing a program interrupt is kept for
> all other CPU models.
> 
> Signed-off-by: Greg Kurz 

Tested-by: Suraj Jitindar Singh 

> ---
>  target/ppc/translate.c |   52 ++--
> 
>  1 file changed, 37 insertions(+), 15 deletions(-)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index aaafa3a715d8..d3aaa6482c6a 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -3747,22 +3747,44 @@ static void gen_bcond(DisasContext *ctx, int
> type)
>  if ((bo & 0x4) == 0) {
>  /* Decrement and test CTR */
>  TCGv temp = tcg_temp_new();
> -if (unlikely(type == BCOND_CTR)) {
> -gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
> -tcg_temp_free(temp);
> -tcg_temp_free(target);
> -return;
> -}
> -tcg_gen_subi_tl(cpu_ctr, cpu_ctr, 1);
> -if (NARROW_MODE(ctx)) {
> -tcg_gen_ext32u_tl(temp, cpu_ctr);
> -} else {
> -tcg_gen_mov_tl(temp, cpu_ctr);
> -}
> -if (bo & 0x2) {
> -tcg_gen_brcondi_tl(TCG_COND_NE, temp, 0, l1);
> +
> +if (type == BCOND_CTR) {
> +/*
> + * All ISAs up to v3 describe this form of bcctr as
> invalid but
> + * some processors, ie. 64-bit server processors
> compliant with
> + * arch 2.x, do implement a "test and decrement" logic
> instead,
> + * as described in their respective UMs.
> + */
> +if (unlikely(!(ctx->insns_flags & PPC_SEGMENT_64B))) {
> +gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
> +tcg_temp_free(temp);
> +tcg_temp_free(target);
> +return;
> +}
> +
> +if (NARROW_MODE(ctx)) {
> +tcg_gen_ext32u_tl(temp, cpu_ctr);
> +} else {
> +tcg_gen_mov_tl(temp, cpu_ctr);
> +}
> +if (bo & 0x2) {
> +tcg_gen_brcondi_tl(TCG_COND_NE, temp, 0, l1);
> +} else {
> +tcg_gen_brcondi_tl(TCG_COND_EQ, temp, 0, l1);
> +}
> +tcg_gen_subi_tl(cpu_ctr, cpu_ctr, 1);
>  } else {
> -tcg_gen_brcondi_tl(TCG_COND_EQ, temp, 0, l1);
> +tcg_gen_subi_tl(cpu_ctr, cpu_ctr, 1);
> +if (NARROW_MODE(ctx)) {
> +tcg_gen_ext32u_tl(temp, cpu_ctr);
> +} else {
> +tcg_gen_mov_tl(temp, cpu_ctr);
> +}
> +if (bo & 0x2) {
> +tcg_gen_brcondi_tl(TCG_COND_NE, temp, 0, l1);
> +} else {
> +tcg_gen_brcondi_tl(TCG_COND_EQ, temp, 0, l1);
> +}
>  }
>  tcg_temp_free(temp);
>  }
> 
> 



Re: [Qemu-devel] [Qemu-ppc] [PATCH for-4.0 0/3] target/ppc: Fix pseries.cap-ibs=workaround with TCG

2019-03-24 Thread Suraj Jitindar Singh
On Fri, 2019-03-22 at 19:03 +0100, Greg Kurz wrote:
> Since recent commit 2782ad4c4102 "target/ppc/spapr: Enable
> mitigations by
> default for pseries-4.0 machine type", some recent distros, eg.
> fedora29,
> fail to boot under TCG because of a kernel panic:

Good catch! I noticed this as well but didn't get around to fixing it
so thanks for doing it for me :D

> 
> [0.614425] Oops: Exception in kernel mode, sig: 4 [#1]
> [0.618832] LE SMP NR_CPUS=1024 NUMA pSeries
> [0.621868] Modules linked in:
> [0.624958] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.16-
> 200.fc29.ppc64le #1
> [0.625978] NIP:  c000bf00 LR: c000e268 CTR:
> 7fff
> [0.626572] REGS: c15a3750 TRAP: 0700   Not
> tainted  (4.20.16-200.fc29.ppc64le)
> [0.626835] MSR:  82089033   CR:
> 44828222  XER: 
> [0.628497] CFAR: c000bee4 IRQMASK: 1 
> [0.628497] GPR00: c001fbc8 c15a39e0
> c15a6200 c1533450 
> [0.628497] GPR04: c0003e5819d0 c0003ff15f68
>  22f63728 
> [0.628497] GPR08:  7fff
>   
> [0.628497] GPR12: 8000 c18b
> 3dc5fd20 02e75e90 
> [0.628497] GPR16: 02e75d40 c0003e594d00
> 3dc5fd20 02e90b50 
> [0.628497] GPR20: 3e45e800 c1531a80
> c1532100 44828222 
> [0.628497] GPR24: c1533450 c1533450
> c0003e5819d0 c10e51e0 
> [0.628497] GPR28: c15d5c18 c1531a80
> c0003e58 c1531a80 
> [0.631710] NIP [c000bf00] flush_count_cache+0x120/0x2420
> [0.631905] LR [c000e268] _switch+0x68/0x180
> [0.632585] Call Trace:
> [0.633490] [c15a39e0] [c15dbd58]
> __cpu_online_mask+0x0/0x80 (unreliable)
> [0.634383] [c15a3bc0] [c001fbc8]
> __switch_to+0x348/0x500
> [0.634614] [c15a3c20] [c0c509dc]
> __schedule+0x2bc/0xac0
> [0.634731] [c15a3cf0] [c0c51648]
> preempt_schedule_common+0x38/0x60
> [0.634852] [c15a3d10] [c0c516d4]
> _cond_resched+0x64/0x80
> [0.635527] [c15a3d40] [c011a190]
> copy_process.isra.4.part.5+0xc90/0x1d20
> [0.635656] [c15a3e40] [c011b414]
> _do_fork+0xd4/0x470
> [0.635772] [c15a3eb0] [c011b88c]
> kernel_thread+0x3c/0x50
> [0.635891] [c15a3ed0] [c0010b08]
> rest_init+0x98/0xf8
> [0.636025] [c15a3f00] [c0fe4084]
> start_kernel+0x658/0x67c
> [0.636163] [c15a3f90] [c000b37c]
> start_here_common+0x1c/0x520
> [0.636763] Instruction dump:
> [0.640925] 4805 4805 4805 4805 4805 481c
> 6000 6000 
> [0.641448] 6000 6000 6000 6000 <7d2803a6>
> 39207fff 7d2903a6 4c400420 
> [0.648580] ---[ end trace 1dcd9494acdef8df ]---
> [0.649361] 
> [1.657870] Kernel panic - not syncing: Attempted to kill the idle
> task!
> 
> The following error is also printed by QEMU:
> 
> Opcode 13 10 10 00 (4c400420) leaked temporaries
> 
> The root cause behind the panic is that the linux kernel uses for
> spectre v2
> mitigation a form of the bcctr instruction that we don't support.
> This gets
> triggered when passing cap-ibs=workaround machine option, which is
> the default
> since 2782ad4c4102.
> 
> The TCG temp leak comes from some missing tcg_temp_free()s on the
> exception path.
> 
> This series fixes the leak and adds support for the invalid form of
> bcctr.
> Since this adds yet another user of PPC_SEGMENT_64B to discriminate
> CPU
> models that should expose the _new_ behaviour, the final patch
> introduces
> a helper for that purpose.
> 
> --
> Greg
> 
> ---
> 
> Greg Kurz (3):
>   target/ppc: Fix TCG temporary leaks in gen_bcond()
>   target/ppc: Enable "decrement and test CTR" version of bcctr
>   target/ppc: Consolidate 64-bit server processor detection in a
> helper
> 
> 
>  hw/ppc/ppc.c |2 +-
>  target/ppc/cpu.h |6 +
>  target/ppc/helper_regs.h |2 +-
>  target/ppc/translate.c   |   58 --
> 
>  4 files changed, 48 insertions(+), 20 deletions(-)
> 
> 



Re: [Qemu-devel] [PATCH V2 1/4] authz: fix usage of bool in listfile.c

2019-03-24 Thread Philippe Mathieu-Daudé
Le sam. 23 mars 2019 15:27, Jafar Abdi  a écrit :

> Clean up wrong usage of FALSE and TRUE in places that use "bool" from
> stdbool.h.
>
> FALSE and TRUE (with capital letters) are the constants defined by glib for
> being used with the "gboolean" type of glib. But some parts of the code
> also use
> TRUE and FALSE for variables that are declared as "bool" (the type from
> ).
>
> Signed-off-by: Jafar Abdi 
> Reviewed-by: Eric Blake 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  authz/listfile.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/authz/listfile.c b/authz/listfile.c
> index d457976..03eaf46 100644
> --- a/authz/listfile.c
> +++ b/authz/listfile.c
> @@ -238,7 +238,7 @@ qauthz_list_file_init(Object *obj)
>
>  authz->file_watch = -1;
>  #ifdef CONFIG_INOTIFY1
> -authz->refresh = TRUE;
> +authz->refresh = true;
>  #endif
>  }
>
> --
> 2.7.4
>
>
>


Re: [Qemu-devel] Maintainers, please tell us how to boot your machines!

2019-03-24 Thread Stafford Horne
On Thu, Mar 14, 2019 at 05:55:26AM +0900, Stafford Horne wrote:
> On Tue, Mar 12, 2019 at 06:36:05PM +0100, Markus Armbruster wrote:
> > = hw/openrisc/openrisc_sim.c =
> > Jia Liu  (maintainer:or1k-sim)
> > Stafford Horne  (odd fixer:OpenRISC)
> 
> For OpenRISC the main test I do is booting linux.  The steps and a link to a
> system image are described here:
> 
>   https://wiki.qemu.org/Documentation/Platforms/OpenRISC
> 
> I just confirmed with the latest QEMU and it works well.
> 
> For good measure, we probably should have an SMP kernel as well and try to 
> boot
> both so we would have 2 test cases.  I will update the wiki to add SMP.

Hello,

I uploaded some new 5.0 based kernel's and updated instructions on how to run
the SMP kernel as well as getting networking running.

-Stafford

> Let me know if you need me to create patches for the automated tests.
> 
> -Stafford



Re: [Qemu-devel] [PATCH V2 4/4] hw/tpm: fix usage of bool in tpm-tis.c

2019-03-24 Thread Thomas Huth
On 23/03/2019 15.26, Jafar Abdi wrote:
> Clean up wrong usage of FALSE and TRUE in places that use "bool" from 
> stdbool.h.
> 
> FALSE and TRUE (with capital letters) are the constants defined by glib for
> being used with the "gboolean" type of glib. But some parts of the code also 
> use
> TRUE and FALSE for variables that are declared as "bool" (the type from 
> ).
> 
> Signed-off-by: Jafar Abdi 
> ---
>  hw/tpm/tpm_tis.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index fd183e8..c1eb094 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -611,7 +611,7 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>  while ((TPM_TIS_IS_VALID_LOCTY(s->active_locty) &&
>  locty > s->active_locty) ||
>  !TPM_TIS_IS_VALID_LOCTY(s->active_locty)) {
> -bool higher_seize = FALSE;
> +bool higher_seize = false;
>  
>  /* already a pending SEIZE ? */
>  if ((s->loc[locty].access & TPM_TIS_ACCESS_SEIZE)) {
> @@ -621,7 +621,7 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>  /* check for ongoing seize by a higher locality */
>  for (l = locty + 1; l < TPM_TIS_NUM_LOCALITIES; l++) {
>  if ((s->loc[l].access & TPM_TIS_ACCESS_SEIZE)) {
> -higher_seize = TRUE;
> +higher_seize = true;
>  break;
>  }
>  }
> 

Reviewed-by: Thomas Huth 



Re: [Qemu-devel] [PATCH V2 3/4] tests/libqos: fix usage of bool in pci-spapr.c

2019-03-24 Thread Thomas Huth
On 23/03/2019 15.26, Jafar Abdi wrote:
> Clean up wrong usage of FALSE and TRUE in places that use "bool" from 
> stdbool.h.
> 
> FALSE and TRUE (with capital letters) are the constants defined by glib for
> being used with the "gboolean" type of glib. But some parts of the code also 
> use
> TRUE and FALSE for variables that are declared as "bool" (the type from 
> ).
> 
> Signed-off-by: Jafar Abdi 
> Reviewed-by: Eric Blake 
> ---
>  tests/libqos/pci-spapr.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tests/libqos/pci-spapr.c b/tests/libqos/pci-spapr.c
> index 6925925..58ba27a 100644
> --- a/tests/libqos/pci-spapr.c
> +++ b/tests/libqos/pci-spapr.c
> @@ -156,7 +156,7 @@ void qpci_init_spapr(QPCIBusSPAPR *qpci, QTestState *qts,
>  assert(qts);
>  
>  /* tests cannot use spapr, needs to be fixed first */
> -qpci->bus.has_buggy_msi = TRUE;
> +qpci->bus.has_buggy_msi = true;
>  
>  qpci->alloc = alloc;

Reviewed-by: Thomas Huth 



Re: [Qemu-devel] [PATCH V2 2/4] tests/libqos: fix usage of bool in pci-pc.c

2019-03-24 Thread Thomas Huth
On 23/03/2019 15.26, Jafar Abdi wrote:
> Clean up wrong usage of FALSE and TRUE in places that use "bool" from 
> stdbool.h.
> 
> FALSE and TRUE (with capital letters) are the constants defined by glib for
> being used with the "gboolean" type of glib. But some parts of the code also 
> use
> TRUE and FALSE for variables that are declared as "bool" (the type from 
> ).
> 
> Signed-off-by: Jafar Abdi 
> Reviewed-by: Eric Blake 
> ---
>  tests/libqos/pci-pc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tests/libqos/pci-pc.c b/tests/libqos/pci-pc.c
> index 4ab16fa..407d8af 100644
> --- a/tests/libqos/pci-pc.c
> +++ b/tests/libqos/pci-pc.c
> @@ -125,7 +125,7 @@ void qpci_init_pc(QPCIBusPC *qpci, QTestState *qts, 
> QGuestAllocator *alloc)
>  assert(qts);
>  
>  /* tests can use pci-bus */
> -qpci->bus.has_buggy_msi = FALSE;
> +qpci->bus.has_buggy_msi = false;
>  
>  qpci->bus.pio_readb = qpci_pc_pio_readb;
>  qpci->bus.pio_readw = qpci_pc_pio_readw;

Reviewed-by: Thomas Huth 



Re: [Qemu-devel] [PATCH V2 1/4] authz: fix usage of bool in listfile.c

2019-03-24 Thread Thomas Huth
On 23/03/2019 15.26, Jafar Abdi wrote:
> Clean up wrong usage of FALSE and TRUE in places that use "bool" from 
> stdbool.h.
> 
> FALSE and TRUE (with capital letters) are the constants defined by glib for
> being used with the "gboolean" type of glib. But some parts of the code also 
> use
> TRUE and FALSE for variables that are declared as "bool" (the type from 
> ).
> 
> Signed-off-by: Jafar Abdi 
> Reviewed-by: Eric Blake 
> ---
>  authz/listfile.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/authz/listfile.c b/authz/listfile.c
> index d457976..03eaf46 100644
> --- a/authz/listfile.c
> +++ b/authz/listfile.c
> @@ -238,7 +238,7 @@ qauthz_list_file_init(Object *obj)
>  
>  authz->file_watch = -1;
>  #ifdef CONFIG_INOTIFY1
> -authz->refresh = TRUE;
> +authz->refresh = true;
>  #endif
>  }

Reviewed-by: Thomas Huth 



[Qemu-devel] [PATCH] Categorize devices

2019-03-24 Thread Ernest Esene
Categorize devices in "uncategorised devices" section
This patch is based on BiteSizedTask.

Signed-off-by: Ernest Esene 
---
 hw/dma/i82374.c   | 2 ++
 hw/i386/amd_iommu.c   | 2 ++
 hw/i386/intel_iommu.c | 2 ++
 hw/i386/pc_piix.c | 1 +
 hw/ipmi/ipmi_bmc_extern.c | 2 ++
 hw/ipmi/ipmi_bmc_sim.c| 2 ++
 hw/ipmi/isa_ipmi_bt.c | 2 ++
 hw/ipmi/isa_ipmi_kcs.c| 2 ++
 hw/mem/nvdimm.c   | 1 +
 hw/mem/pc-dimm.c  | 1 +
 hw/tpm/tpm_tis.c  | 3 +++
 11 files changed, 20 insertions(+)

diff --git a/hw/dma/i82374.c b/hw/dma/i82374.c
index 892f655a..5b42dd1b 100644
--- a/hw/dma/i82374.c
+++ b/hw/dma/i82374.c
@@ -147,6 +147,8 @@ static void i82374_class_init(ObjectClass *klass, void 
*data)
 dc->realize = i82374_realize;
 dc->vmsd = &vmstate_i82374;
 dc->props = i82374_properties;
+dc->desc = "Intel Enhanced DMA controller";
+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
 }
 
 static const TypeInfo i82374_info = {
diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 6eabdf99..4a4e2c7f 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -1601,6 +1601,8 @@ static void amdvi_class_init(ObjectClass *klass, void* 
data)
 dc_class->int_remap = amdvi_int_remap;
 /* Supported by the pc-q35-* machine types */
 dc->user_creatable = true;
+set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+dc->desc = "AMD IOMMU (AMD-Vi) DMA Remapping device";
 }
 
 static const TypeInfo amdvi = {
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index b90de6c6..4d0e6042 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3702,6 +3702,8 @@ static void vtd_class_init(ObjectClass *klass, void *data)
 x86_class->int_remap = vtd_int_remap;
 /* Supported by the pc-q35-* machine types */
 dc->user_creatable = true;
+set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+dc->desc = "Intel IOMMU (VT-d) DMA Remapping device";
 }
 
 static const TypeInfo vtd_info = {
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 8ad8e885..03a9cb8a 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -911,6 +911,7 @@ static void isa_bridge_class_init(ObjectClass *klass, void 
*data)
 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
 
 dc->desc= "ISA bridge faked to support IGD PT";
+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
 k->vendor_id= PCI_VENDOR_ID_INTEL;
 k->class_id = PCI_CLASS_BRIDGE_ISA;
 };
diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c
index bf0b7ee0..39049c4d 100644
--- a/hw/ipmi/ipmi_bmc_extern.c
+++ b/hw/ipmi/ipmi_bmc_extern.c
@@ -526,6 +526,8 @@ static void ipmi_bmc_extern_class_init(ObjectClass *oc, 
void *data)
 dc->hotpluggable = false;
 dc->realize = ipmi_bmc_extern_realize;
 dc->props = ipmi_bmc_extern_properties;
+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+dc->desc = "IPMI Baseboard management controller";
 }
 
 static const TypeInfo ipmi_bmc_extern_type = {
diff --git a/hw/ipmi/ipmi_bmc_sim.c b/hw/ipmi/ipmi_bmc_sim.c
index 9b509f82..95a096fa 100644
--- a/hw/ipmi/ipmi_bmc_sim.c
+++ b/hw/ipmi/ipmi_bmc_sim.c
@@ -2016,6 +2016,8 @@ static void ipmi_sim_class_init(ObjectClass *oc, void 
*data)
 dc->realize = ipmi_sim_realize;
 dc->props = ipmi_sim_properties;
 bk->handle_command = ipmi_sim_handle_command;
+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+dc->desc = "IPMI Baseboard management controller";
 }
 
 static const TypeInfo ipmi_sim_type = {
diff --git a/hw/ipmi/isa_ipmi_bt.c b/hw/ipmi/isa_ipmi_bt.c
index 8bbb1fa7..9ca3402e 100644
--- a/hw/ipmi/isa_ipmi_bt.c
+++ b/hw/ipmi/isa_ipmi_bt.c
@@ -541,6 +541,8 @@ static void isa_ipmi_bt_class_init(ObjectClass *oc, void 
*data)
 
 dc->realize = isa_ipmi_bt_realize;
 dc->props = ipmi_isa_properties;
+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+dc->desc = "ISA IPMI BT System Interface";
 
 iic->get_backend_data = isa_ipmi_bt_get_backend_data;
 ipmi_bt_class_init(iic);
diff --git a/hw/ipmi/isa_ipmi_kcs.c b/hw/ipmi/isa_ipmi_kcs.c
index a7943155..818d59d1 100644
--- a/hw/ipmi/isa_ipmi_kcs.c
+++ b/hw/ipmi/isa_ipmi_kcs.c
@@ -524,6 +524,8 @@ static void isa_ipmi_kcs_class_init(ObjectClass *oc, void 
*data)
 
 dc->realize = ipmi_isa_realize;
 dc->props = ipmi_isa_properties;
+set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+dc->desc = "ISA IPMI KCS System Interface";
 
 iic->get_backend_data = isa_ipmi_kcs_get_backend_data;
 ipmi_kcs_class_init(iic);
diff --git a/hw/mem/nvdimm.c b/hw/mem/nvdimm.c
index bf2adf5e..a334dbe1 100644
--- a/hw/mem/nvdimm.c
+++ b/hw/mem/nvdimm.c
@@ -200,6 +200,7 @@ static void nvdimm_class_init(ObjectClass *oc, void *data)
 ddc->realize = nvdimm_realize;
 mdc->get_memory_region = nvdimm_md_get_memory_region;
 dc->props = nvdimm_properties;
+dc->desc = "NVDIMM memory module";
 
 nvc->read_label_data = nvdimm_read_label_data;
 nvc->write_label_data = n

Re: [Qemu-devel] [PATCH 1/2] iotests: 030 TestParallelOps non-shared base node

2019-03-24 Thread Alberto Garcia
On Fri 22 Mar 2019 04:54:59 PM CET, Alberto Garcia  wrote:
>E <- D <- C <- B <- A
>
> 2) commit from C to E, then stream from C to A
>
>This fails because the commit job inserts a filter between C and B
>and the bdrv_freeze_backing_chain(bs, base) call in stream_start()
>fails.
>
>However! I found this crash in a couple of occasions, I believe that
>it happens if the commit job finishes before block_stream, but I need
>to debug it further to see why the previous error didn't happen.

I was debugging this today. Here's what happens:

 - The commit job starts
 - The stream job starts and yields during bdrv_reopen_set_read_only()
   in stream_start()
 - The commit job ends and removes C and D from the backing chain.
 - stream_start() resumes but now 'C' doesn't exist anymore, so
   BlockDriverState *base is a dead pointer.

Berto



[Qemu-devel] [PATCH v12 for-4.1 09/11] qemu_thread: supplement error handling for migration

2019-03-24 Thread Fei Li
From: Fei Li 

Update qemu_thread_create()'s callers by
- setting an error on qemu_thread_create() failure for callers that
  set an error on failure;
- reporting the error and returning failure for callers that return
  an error code on failure;
- reporting the error and setting some state for callers that just
  report errors and choose not to continue on.

Besides, make compress_threads_save_cleanup() cope with partially
initialized comp_param[i] to adapt to the new qemu_thread_create()
failure case.

Cc: Markus Armbruster 
Cc: Dr. David Alan Gilbert 
Signed-off-by: Fei Li 
Reviewed-by: Dr. David Alan Gilbert 
---
 migration/migration.c| 35 
 migration/postcopy-ram.c | 16 ---
 migration/ram.c  | 70 +++-
 migration/savevm.c   | 12 ++---
 4 files changed, 89 insertions(+), 44 deletions(-)

diff --git a/migration/migration.c b/migration/migration.c
index e9e83ab564..05b20174c5 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -484,10 +484,13 @@ static void process_incoming_migration_co(void *opaque)
 goto fail;
 }
 
-/* TODO: let the further caller handle the error instead of abort() */
-qemu_thread_create(&mis->colo_incoming_thread, "COLO incoming",
-   colo_process_incoming_thread, mis,
-   QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&mis->colo_incoming_thread, "COLO incoming",
+   colo_process_incoming_thread, mis,
+   QEMU_THREAD_JOINABLE, &local_err) < 0) {
+error_reportf_err(local_err, "failed to create "
+  "colo_process_incoming_thread: ");
+goto fail;
+}
 mis->have_colo_incoming_thread = true;
 qemu_coroutine_yield();
 
@@ -2481,6 +2484,7 @@ out:
 static int open_return_path_on_source(MigrationState *ms,
   bool create_thread)
 {
+Error *local_err = NULL;
 
 ms->rp_state.from_dst_file = qemu_file_get_return_path(ms->to_dst_file);
 if (!ms->rp_state.from_dst_file) {
@@ -2494,10 +2498,15 @@ static int open_return_path_on_source(MigrationState 
*ms,
 return 0;
 }
 
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&ms->rp_state.rp_thread, "return path",
-   source_return_path_thread, ms,
-   QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&ms->rp_state.rp_thread, "return path",
+   source_return_path_thread, ms,
+   QEMU_THREAD_JOINABLE, &local_err) < 0) {
+error_reportf_err(local_err,
+  "failed to create source_return_path_thread: ");
+qemu_fclose(ms->rp_state.from_dst_file);
+ms->rp_state.from_dst_file = NULL;
+return -1;
+ }
 
 trace_open_return_path_on_source_continue();
 
@@ -3342,9 +3351,13 @@ void migrate_fd_connect(MigrationState *s, Error 
*error_in)
 migrate_fd_cleanup(s);
 return;
 }
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&s->thread, "live_migration", migration_thread, s,
-   QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&s->thread, "live_migration", migration_thread, s,
+   QEMU_THREAD_JOINABLE, &error_in) < 0) {
+error_reportf_err(error_in, "failed to create migration_thread: ");
+migrate_set_state(&s->state, s->state, MIGRATION_STATUS_FAILED);
+migrate_fd_cleanup(s);
+return;
+}
 s->migration_thread_running = true;
 }
 
diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
index e9d69c8b1e..9df1995ed8 100644
--- a/migration/postcopy-ram.c
+++ b/migration/postcopy-ram.c
@@ -1089,6 +1089,8 @@ retry:
 
 int postcopy_ram_enable_notify(MigrationIncomingState *mis)
 {
+Error *local_err = NULL;
+
 /* Open the fd for the kernel to give us userfaults */
 mis->userfault_fd = syscall(__NR_userfaultfd, O_CLOEXEC | O_NONBLOCK);
 if (mis->userfault_fd == -1) {
@@ -1115,10 +1117,16 @@ int postcopy_ram_enable_notify(MigrationIncomingState 
*mis)
 }
 
 qemu_sem_init(&mis->fault_thread_sem, 0);
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&mis->fault_thread, "postcopy/fault",
-   postcopy_ram_fault_thread, mis,
-   QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&mis->fault_thread, "postcopy/fault",
+   postcopy_ram_fault_thread, mis,
+   QEMU_THREAD_JOINABLE, &local_err) < 0) {
+error_reportf_err(local_err,
+  "failed to create postcopy_ram_fault_thread: ");
+ 

[Qemu-devel] [Bug 1772165] Re: arm raspi2/raspi3 emulation has no USB support

2019-03-24 Thread mcandre
Out of curiousity, does the raspi2 machine support a PCI bus? I am
trying to boot Debian arm64 with qemu-system-aarch64, and am running
into all manner of complaints from qemu about missing devices. Is there
another machine like virt, but that offers support for boot devices?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772165

Title:
  arm raspi2/raspi3 emulation has no USB support

Status in QEMU:
  Confirmed

Bug description:
  Using Qemu 2.12.0 on ArchLinux.

  Trying to emulate arm device with `qemu-system-arm` and attach usb
  device for unput using

  ` -usb -device usb-host,bus=001,vendorid=0x1d6b,productid=0x0002 `

  # lsusb returns

  Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
  Bus 001 Device 014: ID 13d3:3487 IMC Networks 
  Bus 001 Device 004: ID 0457:11af Silicon Integrated Systems Corp. 
  Bus 001 Device 003: ID 0bda:57e6 Realtek Semiconductor Corp. 
  Bus 001 Device 002: ID 0bda:0129 Realtek Semiconductor Corp. RTS5129 Card 
Reader Controller
  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

  # qemu returns
  qemu-system-arm: -device usb-host,bus=001,vendorid=0x1d6b,productid=0x0002: 
Bus '001' not found

  
  Tried with connecting external usb keyboard but that didn't seem to work 
either.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772165/+subscriptions



[Qemu-devel] [PATCH v12 for-4.1 11/11] qemu_thread: supplement error handling for touch_all_pages

2019-03-24 Thread Fei Li
From: Fei Li 

Supplement the error handling for touch_all_pages: add an Error
parameter for it to propagate the error to its caller to do the
handling in case it fails.

Cc: Markus Armbruster 
Signed-off-by: Fei Li 
---
 util/oslib-posix.c | 35 ++-
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index eb849997cc..2131e68dab 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -447,12 +447,12 @@ static inline int get_memset_num_threads(int smp_cpus)
 }
 
 static bool touch_all_pages(char *area, size_t hpagesize, size_t numpages,
-int smp_cpus)
+int smp_cpus, Error **errp)
 {
 size_t numpages_per_thread;
 size_t size_per_thread;
 char *addr = area;
-int i = 0;
+int i = 0, j = 0;
 
 memset_thread_failed = false;
 memset_num_threads = get_memset_num_threads(smp_cpus);
@@ -464,20 +464,32 @@ static bool touch_all_pages(char *area, size_t hpagesize, 
size_t numpages,
 memset_thread[i].numpages = (i == (memset_num_threads - 1)) ?
 numpages : numpages_per_thread;
 memset_thread[i].hpagesize = hpagesize;
-/* TODO: let the callers handle the error instead of abort() here */
-qemu_thread_create(&memset_thread[i].pgthread, "touch_pages",
-   do_touch_pages, &memset_thread[i],
-   QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&memset_thread[i].pgthread, "touch_pages",
+   do_touch_pages, &memset_thread[i],
+   QEMU_THREAD_JOINABLE, errp) < 0) {
+break;
+}
 addr += size_per_thread;
 numpages -= numpages_per_thread;
 }
-for (i = 0; i < memset_num_threads; i++) {
-qemu_thread_join(&memset_thread[i].pgthread);
+
+for (j = 0; j < i; j++) {
+qemu_thread_join(&memset_thread[j].pgthread);
 }
 g_free(memset_thread);
 memset_thread = NULL;
 
-return memset_thread_failed;
+if (i < memset_num_threads) {
+/* qemu_thread_create() has set @errp */
+return false;
+}
+
+if (memset_thread_failed) {
+error_setg(errp, "os_mem_prealloc: Insufficient free host "
+  "memory pages available to allocate guest RAM");
+return false;
+}
+return true;
 }
 
 void os_mem_prealloc(int fd, char *area, size_t memory, int smp_cpus,
@@ -500,10 +512,7 @@ void os_mem_prealloc(int fd, char *area, size_t memory, 
int smp_cpus,
 }
 
 /* touch pages simultaneously */
-if (touch_all_pages(area, hpagesize, numpages, smp_cpus)) {
-error_setg(errp, "os_mem_prealloc: Insufficient free host memory "
-"pages available to allocate guest RAM");
-}
+touch_all_pages(area, hpagesize, numpages, smp_cpus, errp);
 
 ret = sigaction(SIGBUS, &oldact, NULL);
 if (ret) {
-- 
2.11.0





[Qemu-devel] [PATCH v12 for-4.1 10/11] qemu_thread: supplement error handling for vnc_start_worker_thread

2019-03-24 Thread Fei Li
From: Fei Li 

Supplement the error handling for vnc_thread_worker_thread: add
an Error parameter for it to propagate the error to its caller to
handle in case it fails, and make it return a Boolean to indicate
whether it succeeds.

Cc: Markus Armbruster 
Cc: Gerd Hoffmann 
Signed-off-by: Fei Li 
Reviewed-by: Markus Armbruster 
---
 ui/vnc-jobs.c | 17 +++--
 ui/vnc-jobs.h |  2 +-
 ui/vnc.c  |  4 +++-
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/ui/vnc-jobs.c b/ui/vnc-jobs.c
index 5712f1f501..1371895513 100644
--- a/ui/vnc-jobs.c
+++ b/ui/vnc-jobs.c
@@ -332,16 +332,21 @@ static bool vnc_worker_thread_running(void)
 return queue; /* Check global queue */
 }
 
-void vnc_start_worker_thread(void)
+bool vnc_start_worker_thread(Error **errp)
 {
 VncJobQueue *q;
 
-if (vnc_worker_thread_running())
-return ;
+if (vnc_worker_thread_running()) {
+return true;
+}
 
 q = vnc_queue_init();
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&q->thread, "vnc_worker", vnc_worker_thread,
-   q, QEMU_THREAD_DETACHED, &error_abort);
+if (qemu_thread_create(&q->thread, "vnc_worker", vnc_worker_thread,
+   q, QEMU_THREAD_DETACHED, errp) < 0) {
+vnc_queue_clear(q);
+return false;
+}
 queue = q; /* Set global queue */
+
+return true;
 }
diff --git a/ui/vnc-jobs.h b/ui/vnc-jobs.h
index 59f66bcc35..14640593db 100644
--- a/ui/vnc-jobs.h
+++ b/ui/vnc-jobs.h
@@ -37,7 +37,7 @@ void vnc_job_push(VncJob *job);
 void vnc_jobs_join(VncState *vs);
 
 void vnc_jobs_consume_buffer(VncState *vs);
-void vnc_start_worker_thread(void);
+bool vnc_start_worker_thread(Error **errp);
 
 /* Locks */
 static inline int vnc_trylock_display(VncDisplay *vd)
diff --git a/ui/vnc.c b/ui/vnc.c
index 1871422e1d..602e6b679d 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3202,7 +3202,9 @@ void vnc_display_init(const char *id, Error **errp)
 vd->connections_limit = 32;
 
 qemu_mutex_init(&vd->mutex);
-vnc_start_worker_thread();
+if (!vnc_start_worker_thread(errp)) {
+return;
+}
 
 vd->dcl.ops = &dcl_ops;
 register_displaychangelistener(&vd->dcl);
-- 
2.11.0





[Qemu-devel] [PATCH v12 for-4.1 02/11] qemu_thread: supplement error handling for qemu_X_start_vcpu

2019-03-24 Thread Fei Li
From: Fei Li 

The callers of qemu_init_vcpu() already passed the **errp to handle
errors. In view of this, add a new Error parameter to qemu_init_vcpu()
and all qemu_X_start_vcpu() functions called by qemu_init_vcpu() to
propagate the error and let the further callers check it.

Besides, make qemu_init_vcpu() return a Boolean value to let its
callers know whether it succeeds.

Cc: Paolo Bonzini 
Signed-off-by: Fei Li 
Reviewed-by: Fam Zheng 
Reviewed-by: Juan Quintela 
Reviewed-by: Markus Armbruster 
---
 accel/tcg/user-exec-stub.c  |  3 +-
 cpus.c  | 74 +++--
 include/qom/cpu.h   |  2 +-
 target/alpha/cpu.c  |  4 ++-
 target/arm/cpu.c|  4 ++-
 target/cris/cpu.c   |  4 ++-
 target/hppa/cpu.c   |  4 ++-
 target/i386/cpu.c   |  4 ++-
 target/lm32/cpu.c   |  4 ++-
 target/m68k/cpu.c   |  4 ++-
 target/microblaze/cpu.c |  4 ++-
 target/mips/cpu.c   |  4 ++-
 target/moxie/cpu.c  |  4 ++-
 target/nios2/cpu.c  |  4 ++-
 target/openrisc/cpu.c   |  4 ++-
 target/ppc/translate_init.inc.c |  4 ++-
 target/riscv/cpu.c  |  4 ++-
 target/s390x/cpu.c  |  4 ++-
 target/sh4/cpu.c|  4 ++-
 target/sparc/cpu.c  |  4 ++-
 target/tilegx/cpu.c |  4 ++-
 target/tricore/cpu.c|  4 ++-
 target/unicore32/cpu.c  |  4 ++-
 target/xtensa/cpu.c |  4 ++-
 24 files changed, 108 insertions(+), 55 deletions(-)

diff --git a/accel/tcg/user-exec-stub.c b/accel/tcg/user-exec-stub.c
index a32b4496af..f8c38a375c 100644
--- a/accel/tcg/user-exec-stub.c
+++ b/accel/tcg/user-exec-stub.c
@@ -10,8 +10,9 @@ void cpu_resume(CPUState *cpu)
 {
 }
 
-void qemu_init_vcpu(CPUState *cpu)
+bool qemu_init_vcpu(CPUState *cpu, Error **errp)
 {
+return true;
 }
 
 /* User mode emulation does not support record/replay yet.  */
diff --git a/cpus.c b/cpus.c
index 2c70c06da8..fe58940407 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1932,7 +1932,7 @@ void cpu_remove_sync(CPUState *cpu)
 /* For temporary buffers for forming a name */
 #define VCPU_THREAD_NAME_SIZE 16
 
-static void qemu_tcg_init_vcpu(CPUState *cpu)
+static void qemu_tcg_init_vcpu(CPUState *cpu, Error **errp)
 {
 char thread_name[VCPU_THREAD_NAME_SIZE];
 static QemuCond *single_tcg_halt_cond;
@@ -1962,17 +1962,20 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/TCG",
  cpu->cpu_index);
 
-/* TODO: let the callers handle the error instead of abort() here 
*/
-qemu_thread_create(cpu->thread, thread_name, 
qemu_tcg_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(cpu->thread, thread_name,
+   qemu_tcg_cpu_thread_fn, cpu,
+   QEMU_THREAD_JOINABLE, errp) < 0) {
+return;
+}
 
 } else {
 /* share a single thread for all cpus with TCG */
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "ALL CPUs/TCG");
-/* TODO: let the callers handle the error instead of abort() here 
*/
-qemu_thread_create(cpu->thread, thread_name,
-   qemu_tcg_rr_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(cpu->thread, thread_name,
+   qemu_tcg_rr_cpu_thread_fn, cpu,
+   QEMU_THREAD_JOINABLE, errp) < 0) {
+return;
+}
 
 single_tcg_halt_cond = cpu->halt_cond;
 single_tcg_cpu_thread = cpu->thread;
@@ -1990,7 +1993,7 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
 }
 }
 
-static void qemu_hax_start_vcpu(CPUState *cpu)
+static void qemu_hax_start_vcpu(CPUState *cpu, Error **errp)
 {
 char thread_name[VCPU_THREAD_NAME_SIZE];
 
@@ -2000,15 +2003,16 @@ static void qemu_hax_start_vcpu(CPUState *cpu)
 
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/HAX",
  cpu->cpu_index);
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(cpu->thread, thread_name, qemu_hax_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(cpu->thread, thread_name, qemu_hax_cpu_thread_fn,
+   cpu, QEMU_THREAD_JOINABLE, errp) < 0) {
+return;
+}
 #ifdef _WIN32
 cpu->hThread = qemu_thread_get_handle(cpu->thread);
 #endif
 }
 
-static void qemu_kvm_start_vcpu(CPUState *cpu)
+static void qemu_kvm_start_vcpu(CPUState *cpu, Error **errp)
 {
 char thread_name[VCPU_THREAD_NAME_SIZE];
 
@@ -2017,12 +2021,11 @@ static void qemu_kvm_start_vcpu(CPUState *cpu)

[Qemu-devel] [PATCH v12 for-4.1 06/11] qemu_thread: supplement error handling for emulated_realize

2019-03-24 Thread Fei Li
From: Fei Li 

Utilize the existed errp to propagate the error and do the
corresponding cleanup to replace the temporary &error_abort.

Cc: Markus Armbruster 
Cc: Gerd Hoffmann 
Cc: Christophe Fergeau 
Cc: Marc-André Lureau 
Signed-off-by: Fei Li 
---
 hw/usb/ccid-card-emulated.c | 17 -
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c
index 0b170f6328..5ffc97dcfe 100644
--- a/hw/usb/ccid-card-emulated.c
+++ b/hw/usb/ccid-card-emulated.c
@@ -544,11 +544,18 @@ static void emulated_realize(CCIDCardState *base, Error 
**errp)
 error_setg(errp, "%s: failed to initialize vcard", TYPE_EMULATED_CCID);
 goto out2;
 }
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&card->event_thread_id, "ccid/event", event_thread,
-   card, QEMU_THREAD_JOINABLE, &error_abort);
-qemu_thread_create(&card->apdu_thread_id, "ccid/apdu", handle_apdu_thread,
-   card, QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&card->event_thread_id, "ccid/event", event_thread,
+   card, QEMU_THREAD_JOINABLE, errp) < 0) {
+goto out2;
+}
+if (qemu_thread_create(&card->apdu_thread_id, "ccid/apdu",
+   handle_apdu_thread, card,
+   QEMU_THREAD_JOINABLE, errp) < 0) {
+VEvent *vevent = vevent_new(VEVENT_LAST, NULL, NULL);
+vevent_queue_vevent(vevent); /* stop vevent thread */
+qemu_thread_join(&card->event_thread_id);
+goto out2;
+}
 
 return;
 
-- 
2.11.0




[Qemu-devel] [PATCH v12 for-4.1 11/11] qemu_thread: supplement error handling for touch_all_pages

2019-03-24 Thread Fei Li
From: Fei Li 

Supplement the error handling for touch_all_pages: add an Error
parameter for it to propagate the error to its caller to do the
handling in case it fails.

Cc: Markus Armbruster 
Signed-off-by: Fei Li 
---
 util/oslib-posix.c | 35 ++-
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index eb849997cc..2131e68dab 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -447,12 +447,12 @@ static inline int get_memset_num_threads(int smp_cpus)
 }
 
 static bool touch_all_pages(char *area, size_t hpagesize, size_t numpages,
-int smp_cpus)
+int smp_cpus, Error **errp)
 {
 size_t numpages_per_thread;
 size_t size_per_thread;
 char *addr = area;
-int i = 0;
+int i = 0, j = 0;
 
 memset_thread_failed = false;
 memset_num_threads = get_memset_num_threads(smp_cpus);
@@ -464,20 +464,32 @@ static bool touch_all_pages(char *area, size_t hpagesize, 
size_t numpages,
 memset_thread[i].numpages = (i == (memset_num_threads - 1)) ?
 numpages : numpages_per_thread;
 memset_thread[i].hpagesize = hpagesize;
-/* TODO: let the callers handle the error instead of abort() here */
-qemu_thread_create(&memset_thread[i].pgthread, "touch_pages",
-   do_touch_pages, &memset_thread[i],
-   QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&memset_thread[i].pgthread, "touch_pages",
+   do_touch_pages, &memset_thread[i],
+   QEMU_THREAD_JOINABLE, errp) < 0) {
+break;
+}
 addr += size_per_thread;
 numpages -= numpages_per_thread;
 }
-for (i = 0; i < memset_num_threads; i++) {
-qemu_thread_join(&memset_thread[i].pgthread);
+
+for (j = 0; j < i; j++) {
+qemu_thread_join(&memset_thread[j].pgthread);
 }
 g_free(memset_thread);
 memset_thread = NULL;
 
-return memset_thread_failed;
+if (i < memset_num_threads) {
+/* qemu_thread_create() has set @errp */
+return false;
+}
+
+if (memset_thread_failed) {
+error_setg(errp, "os_mem_prealloc: Insufficient free host "
+  "memory pages available to allocate guest RAM");
+return false;
+}
+return true;
 }
 
 void os_mem_prealloc(int fd, char *area, size_t memory, int smp_cpus,
@@ -500,10 +512,7 @@ void os_mem_prealloc(int fd, char *area, size_t memory, 
int smp_cpus,
 }
 
 /* touch pages simultaneously */
-if (touch_all_pages(area, hpagesize, numpages, smp_cpus)) {
-error_setg(errp, "os_mem_prealloc: Insufficient free host memory "
-"pages available to allocate guest RAM");
-}
+touch_all_pages(area, hpagesize, numpages, smp_cpus, errp);
 
 ret = sigaction(SIGBUS, &oldact, NULL);
 if (ret) {
-- 
2.11.0




[Qemu-devel] [PATCH v12 for-4.1 04/11] qemu_thread: supplement error handling for pci_edu_realize

2019-03-24 Thread Fei Li
From: Fei Li 

Utilize the existed errp to propagate the error and do the
corresponding cleanup to replace the temporary &error_abort.

Cc: Markus Armbruster 
Cc: Jiri Slaby 
Signed-off-by: Fei Li 
Reviewed-by: Markus Armbruster 
---
 hw/misc/edu.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/hw/misc/edu.c b/hw/misc/edu.c
index 21adbfddce..8fe232b6d6 100644
--- a/hw/misc/edu.c
+++ b/hw/misc/edu.c
@@ -356,9 +356,14 @@ static void pci_edu_realize(PCIDevice *pdev, Error **errp)
 
 qemu_mutex_init(&edu->thr_mutex);
 qemu_cond_init(&edu->thr_cond);
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&edu->thread, "edu", edu_fact_thread,
-   edu, QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&edu->thread, "edu", edu_fact_thread,
+   edu, QEMU_THREAD_JOINABLE, errp) < 0) {
+qemu_cond_destroy(&edu->thr_cond);
+qemu_mutex_destroy(&edu->thr_mutex);
+timer_del(&edu->dma_timer);
+msi_uninit(pdev);
+return;
+}
 
 memory_region_init_io(&edu->mmio, OBJECT(edu), &edu_mmio_ops, edu,
 "edu-mmio", 1 * MiB);
-- 
2.11.0




[Qemu-devel] [PATCH v12 for-4.1 05/11] qemu_thread: supplement error handling for h_resize_hpt_prepare

2019-03-24 Thread Fei Li
From: Fei Li 

Add a local_err to hold the error, and return the corresponding
error code to replace the temporary &error_abort.

Cc: Markus Armbruster 
Cc: David Gibson 
Signed-off-by: Fei Li 
Acked-by: David Gibson 
Reviewed-by: Markus Armbruster 
---
 hw/ppc/spapr_hcall.c | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 900b71f4a6..25e385d9a1 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -447,6 +447,7 @@ static target_ulong h_resize_hpt_prepare(PowerPCCPU *cpu,
 SpaprPendingHpt *pending = spapr->pending_hpt;
 uint64_t current_ram_size;
 int rc;
+Error *local_err = NULL;
 
 if (spapr->resize_hpt == SPAPR_RESIZE_HPT_DISABLED) {
 return H_AUTHORITY;
@@ -507,10 +508,13 @@ static target_ulong h_resize_hpt_prepare(PowerPCCPU *cpu,
 pending->shift = shift;
 pending->ret = H_HARDWARE;
 
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&pending->thread, "sPAPR HPT prepare",
-   hpt_prepare_thread, pending,
-   QEMU_THREAD_DETACHED, &error_abort);
+if (qemu_thread_create(&pending->thread, "sPAPR HPT prepare",
+   hpt_prepare_thread, pending,
+   QEMU_THREAD_DETACHED, &local_err) < 0) {
+error_reportf_err(local_err, "failed to create hpt_prepare_thread: ");
+g_free(pending);
+return H_HARDWARE;
+}
 
 spapr->pending_hpt = pending;
 
-- 
2.11.0




[Qemu-devel] [PATCH v12 for-4.1 07/11] qemu_thread: supplement error handling for iothread_complete

2019-03-24 Thread Fei Li
From: Fei Li 

Utilize the existed errp to propagate the error and do the
corresponding cleanup to replace the temporary &error_abort.

Cc: Markus Armbruster 
Cc: Stefan Hajnoczi 
Cc: Eric Blake 
Signed-off-by: Fei Li 
Reviewed-by: Markus Armbruster 
---
 iothread.c | 18 --
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/iothread.c b/iothread.c
index 2d5a5bfe6c..1ebacaf089 100644
--- a/iothread.c
+++ b/iothread.c
@@ -166,6 +166,7 @@ static void iothread_complete(UserCreatable *obj, Error 
**errp)
 Error *local_error = NULL;
 IOThread *iothread = IOTHREAD(obj);
 char *name, *thread_name;
+int thread_ok;
 
 iothread->stopping = false;
 iothread->running = true;
@@ -188,9 +189,7 @@ static void iothread_complete(UserCreatable *obj, Error 
**errp)
 &local_error);
 if (local_error) {
 error_propagate(errp, local_error);
-aio_context_unref(iothread->ctx);
-iothread->ctx = NULL;
-return;
+goto fail;
 }
 
 /* This assumes we are called from a thread with useful CPU affinity for us
@@ -198,16 +197,23 @@ static void iothread_complete(UserCreatable *obj, Error 
**errp)
  */
 name = object_get_canonical_path_component(OBJECT(obj));
 thread_name = g_strdup_printf("IO %s", name);
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&iothread->thread, thread_name, iothread_run,
-   iothread, QEMU_THREAD_JOINABLE, &error_abort);
+thread_ok = qemu_thread_create(&iothread->thread, thread_name, 
iothread_run,
+   iothread, QEMU_THREAD_JOINABLE, errp);
 g_free(thread_name);
 g_free(name);
+if (thread_ok < 0) {
+qemu_sem_destroy(&iothread->init_done_sem);
+goto fail;
+}
 
 /* Wait for initialization to complete */
 while (iothread->thread_id == -1) {
 qemu_sem_wait(&iothread->init_done_sem);
 }
+return;
+fail:
+aio_context_unref(iothread->ctx);
+iothread->ctx = NULL;
 }
 
 typedef struct {
-- 
2.11.0




[Qemu-devel] [PATCH v12 for-4.1 01/11] qemu_thread: make qemu_thread_create() take Error ** argument

2019-03-24 Thread Fei Li
From: Fei Li 

qemu_thread_create() abort()s on error. Not nice. Give it a return
value and an Error ** argument, so it can return success/failure.

Considering qemu_thread_create() is quite widely used in qemu, split
this into two steps: this patch passes the &error_abort to
qemu_thread_create() everywhere, and the next 10 patches will improve
on &error_abort for callers who need.  To differentiate callers who
need the improvement, temporarily add the "TODO:" comment for them.

Cc: Markus Armbruster 
Cc: Paolo Bonzini 
Signed-off-by: Fei Li 
Reviewed-by: Markus Armbruster 
---
 cpus.c  | 23 +++
 dump.c  |  3 ++-
 hw/misc/edu.c   |  4 +++-
 hw/ppc/spapr_hcall.c|  4 +++-
 hw/rdma/rdma_backend.c  |  3 ++-
 hw/usb/ccid-card-emulated.c |  5 +++--
 include/qemu/thread.h   |  6 +++---
 io/task.c   |  3 ++-
 iothread.c  |  3 ++-
 migration/migration.c   | 11 ---
 migration/postcopy-ram.c|  4 +++-
 migration/ram.c | 12 
 migration/savevm.c  |  3 ++-
 tests/atomic_add-bench.c|  3 ++-
 tests/iothread.c|  2 +-
 tests/qht-bench.c   |  3 ++-
 tests/rcutorture.c  |  3 ++-
 tests/test-aio.c|  2 +-
 tests/test-rcu-list.c   |  3 ++-
 ui/vnc-jobs.c   |  6 --
 util/compatfd.c |  6 --
 util/oslib-posix.c  |  3 ++-
 util/qemu-thread-posix.c| 30 +++---
 util/qemu-thread-win32.c| 13 ++---
 util/rcu.c  |  3 ++-
 util/thread-pool.c  |  4 +++-
 26 files changed, 114 insertions(+), 51 deletions(-)

diff --git a/cpus.c b/cpus.c
index e83f72b48b..2c70c06da8 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1962,15 +1962,17 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/TCG",
  cpu->cpu_index);
 
+/* TODO: let the callers handle the error instead of abort() here 
*/
 qemu_thread_create(cpu->thread, thread_name, 
qemu_tcg_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 
 } else {
 /* share a single thread for all cpus with TCG */
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "ALL CPUs/TCG");
+/* TODO: let the callers handle the error instead of abort() here 
*/
 qemu_thread_create(cpu->thread, thread_name,
qemu_tcg_rr_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 
 single_tcg_halt_cond = cpu->halt_cond;
 single_tcg_cpu_thread = cpu->thread;
@@ -1998,8 +2000,9 @@ static void qemu_hax_start_vcpu(CPUState *cpu)
 
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/HAX",
  cpu->cpu_index);
+/* TODO: let the further caller handle the error instead of abort() here */
 qemu_thread_create(cpu->thread, thread_name, qemu_hax_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 #ifdef _WIN32
 cpu->hThread = qemu_thread_get_handle(cpu->thread);
 #endif
@@ -2014,8 +2017,9 @@ static void qemu_kvm_start_vcpu(CPUState *cpu)
 qemu_cond_init(cpu->halt_cond);
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/KVM",
  cpu->cpu_index);
+/* TODO: let the further caller handle the error instead of abort() here */
 qemu_thread_create(cpu->thread, thread_name, qemu_kvm_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 }
 
 static void qemu_hvf_start_vcpu(CPUState *cpu)
@@ -2032,8 +2036,9 @@ static void qemu_hvf_start_vcpu(CPUState *cpu)
 
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/HVF",
  cpu->cpu_index);
+/* TODO: let the further caller handle the error instead of abort() here */
 qemu_thread_create(cpu->thread, thread_name, qemu_hvf_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 }
 
 static void qemu_whpx_start_vcpu(CPUState *cpu)
@@ -2045,8 +2050,9 @@ static void qemu_whpx_start_vcpu(CPUState *cpu)
 qemu_cond_init(cpu->halt_cond);
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/WHPX",
  cpu->cpu_index);
+/* TODO: let the further caller handle the error instead of abort() here */
 qemu_thread_create(cpu->thread, thread_name, qemu_whpx_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 #ifdef _WIN32
 cpu->hThread = qemu_thread_get_handle(cpu->thread);
 #endif
@@ -2061,8 +2067,9 @@ 

[Qemu-devel] [PATCH v12 for-4.1 00/11] qemu_thread_create: propagate the error to callers to handle

2019-03-24 Thread Fei Li
Hi,

This idea comes from BiteSizedTasks, and this patch series implement
the error checking of qemu_thread_create: make qemu_thread_create
return a flag to indicate if it succeeded rather than failing with
an error; make all callers check it.

The first patch modifies the qemu_thread_create() by passing
&error_abort and returing a value to indicate if it succeeds. The next
10 patches will improve on &error_abort for callers who could handle
more properly.

Please help to review, thanks a lot! 

v12:
- For patch 6/11, make event_thread terminate by stopping vevent
  thread when failing to create handle_apdu_thread.
- Rectify the commit message for patch 7/11, 8/11.
- For patch 9/11, change two cleanup sentences' order when failing
  to create multifd_recv_thread.
- For patch 11/11, fix the SIGBUS conflict for touch_all_pages().

v11:
- Resend as I sent the last version in a mess..

v10:
- Make qemu_thread_create() return -errno instead of a Boolean.
- Add more cleanup for pci_edu_realize()/emulated_realize(). 
- Polish for iothread_complete()/compress_threads_save_cleanup()/
  vnc_start_worker_thread()/touch_all_pages.
- Change to return H_HARDWARE for h_resize_hpt_prepare().
- Remove five derivative patches as they have been merged.

v9:
- To ease the review and involve the appropriate maintainers, split
  the previous 6/7 patch into 10 patches: the 6/16 patch passes
  the &error_abort to qemu_thread_create() everywhere, and the next
  9 patches will improve on &error_abort for callers who need.
- Add a new patch 5/7 to unify error handling for 
  process_incoming_migration_co().
- Merge the previous 2/7 to current 7/16 to collaboratively handle
  for qemu_X_start_vcpu and for the qemu_init_vpcu in each arch.
- Add comment for multifd_recv_new_channel() in current patch 2/7.

v8:
- Remove previous two patches trying to fix the multifd issue on the
  source side, as we are still waiting for maintainer's opinions.
- Use atomic_read to get multifd_recv_state->count in patch 3/7.
- Get three more "Reviewed-by:".

v7:
- Split the previous multifd-migration into two patches: the src and
  the dst. For the dst, only dump the error instead of quitting.
- Safely do the cleanup for postcopy_ram_enable_notify().
- Split the previous migration-error-handling patch into two patches.

v6:
- Add a new migration-multifd related patch. BTW, delete the previous
  vnc related patch as it has been upstreamed.
- Use error_setg_errno() to set the errno when qemu_thread_create()
  fails for both Linux and Windows implementation.
- Optimize the first patch, less codes are needed

v5:
- Remove `errno = err` in qemu_thread_create() for Linux, and change
  `return errno` to `return -1` in qemu_signal_init() to indicate
  the error in case qemu_thread_create() fails.
- Delete the v4-added qemu_cond/mutex_destroy() in iothread_complete()
  as the destroy() will be done by its callers' object_unref().

v4:
- Separate the migration compression patch from this series
- Add one more error handling patch related with migration
- Add more cleaning up code for touched functions

v3:
- Add two migration related patches to fix the segmentaion fault
- Extract the segmentation fault fix from v2's last patch to be a
  separate patch

v2:
- Pass errp straightly instead of using a local_err & error_propagate
- Return a bool: false/true to indicate if one function succeeds
- Merge v1's last two patches into one to avoid the compile error
- Fix one omitted error in patch1 and update some error messages


Fei Li (11):
  qemu_thread: make qemu_thread_create() take Error ** argument
  qemu_thread: supplement error handling for qemu_X_start_vcpu
  qemu_thread: supplement error handling for qmp_dump_guest_memory
  qemu_thread: supplement error handling for pci_edu_realize
  qemu_thread: supplement error handling for h_resize_hpt_prepare
  qemu_thread: supplement error handling for emulated_realize
  qemu_thread: supplement error handling for iothread_complete
  qemu_thread: supplement error handling for qemu_signalfd_compat
  qemu_thread: supplement error handling for migration
  qemu_thread: supplement error handling for vnc_start_worker_thread
  qemu_thread: supplement error handling for touch_all_pages

 accel/tcg/user-exec-stub.c  |  3 +-
 cpus.c  | 69 +
 dump.c  |  2 +-
 hw/misc/edu.c   | 11 +--
 hw/ppc/spapr_hcall.c| 10 --
 hw/rdma/rdma_backend.c  |  3 +-
 hw/usb/ccid-card-emulated.c | 16 +++---
 include/qemu/thread.h   |  6 ++--
 include/qom/cpu.h   |  2 +-
 io/task.c   |  3 +-
 iothread.c  | 17 +++---
 migration/migration.c   | 30 ++
 migration/postcopy-ram.c| 14 +++--
 migration/ram.c | 66 ++-
 migration/savevm.c  | 11 +--
 target/alpha/cp

[Qemu-devel] [PATCH v12 for-4.1 08/11] qemu_thread: supplement error handling for qemu_signalfd_compat

2019-03-24 Thread Fei Li
From: Fei Li 

Set errno, do some cleanup, and return -1 to replace the temporary
&error_abort when failing to create sigwait_compat.

Cc: Markus Armbruster 
Cc: Eric Blake 
Signed-off-by: Fei Li 
Reviewed-by: Markus Armbruster 
---
 util/compatfd.c | 13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/util/compatfd.c b/util/compatfd.c
index c3d8448264..9d642475fc 100644
--- a/util/compatfd.c
+++ b/util/compatfd.c
@@ -71,6 +71,7 @@ static int qemu_signalfd_compat(const sigset_t *mask)
 struct sigfd_compat_info *info;
 QemuThread thread;
 int fds[2];
+int ret;
 
 info = malloc(sizeof(*info));
 if (info == NULL) {
@@ -89,9 +90,15 @@ static int qemu_signalfd_compat(const sigset_t *mask)
 memcpy(&info->mask, mask, sizeof(*mask));
 info->fd = fds[1];
 
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&thread, "signalfd_compat", sigwait_compat,
-   info, QEMU_THREAD_DETACHED, &error_abort);
+ret = qemu_thread_create(&thread, "signalfd_compat", sigwait_compat,
+ info, QEMU_THREAD_DETACHED, NULL);
+if (ret < 0) {
+close(fds[0]);
+close(fds[1]);
+free(info);
+errno = -ret;
+return -1;
+}
 
 return fds[0];
 }
-- 
2.11.0




[Qemu-devel] [PATCH v12 for-4.1 03/11] qemu_thread: supplement error handling for qmp_dump_guest_memory

2019-03-24 Thread Fei Li
From: Fei Li 

Utilize the existed errp to propagate the error instead of the
temporary &error_abort.

Cc: Markus Armbruster 
Cc: Marc-André Lureau 
Signed-off-by: Fei Li 
Reviewed-by: Markus Armbruster 
---
 dump.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/dump.c b/dump.c
index 3401078af4..4e9cbdf151 100644
--- a/dump.c
+++ b/dump.c
@@ -2021,9 +2021,8 @@ void qmp_dump_guest_memory(bool paging, const char *file,
 if (detach_p) {
 /* detached dump */
 s->detached = true;
-/* TODO: let the further caller handle the error instead of abort() */
 qemu_thread_create(&s->dump_thread, "dump_thread", dump_thread,
-   s, QEMU_THREAD_DETACHED, &error_abort);
+   s, QEMU_THREAD_DETACHED, errp);
 } else {
 /* sync dump */
 dump_process(s, errp);
-- 
2.11.0




Re: [Qemu-devel] [PULL 02/29] ppc/spapr: Receive and store device tree blob from SLOF

2019-03-24 Thread Brad Smith

I filed a bug report for libfdt..

https://github.com/dgibson/dtc/issues/27

On 3/24/2019 12:03 AM, Brad Smith wrote:

Now that I am checking out 4.0.0 rc's I see this diff is broken and
depends on a function libfdt does not expose. The breakage is
hidden by the fallback check in the configure script.

On 1/8/2019 5:45 PM, David Gibson wrote:

From: Alexey Kardashevskiy 

SLOF receives a device tree and updates it with various properties
before switching to the guest kernel and QEMU is not aware of any 
changes

made by SLOF. Since there is no real RTAS (QEMU implements it), it makes
sense to pass the SLOF final device tree to QEMU to let it implement
RTAS related tasks better, such as PCI host bus adapter hotplug.

Specifially, now QEMU can find out the actual XICS phandle (for PHB
hotplug) and the RTAS linux,rtas-entry/base properties (for firmware
assisted NMI - FWNMI).

This stores the initial DT blob in the sPAPR machine and replaces it
in the KVMPPC_H_UPDATE_DT (new private hypercall) handler.

This adds an @update_dt_enabled machine property to allow backward
migration.

SLOF already has a hypercall since
https://github.com/aik/SLOF/commit/e6fc84652c9c0073f9183

This makes use of the new fdt_check_full() helper. In order to allow
the configure script to pick the correct DTC version, this adjusts
the DTC presense test.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: Greg Kurz 
Signed-off-by: David Gibson 
Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
  configure  |  2 +-
  hw/ppc/spapr.c | 43 +-
  hw/ppc/spapr_hcall.c   | 42 +
  hw/ppc/trace-events    |  3 +++
  include/hw/ppc/spapr.h |  7 ++-
  5 files changed, 94 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index b9f34afc9e..8049b71eef 100755
--- a/configure
+++ b/configure
@@ -3939,7 +3939,7 @@ if test "$fdt" != "no" ; then
    cat > $TMPC << EOF
  #include 
  #include 
-int main(void) { fdt_first_subnode(0, 0); return 0; }
+int main(void) { fdt_check_full(NULL, 0); return 0; }
  EOF
    if compile_prog "" "$fdt_libs" ; then
  # system DTC is good - use it
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 5fba04e7b2..7e61f1e5ff 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1669,7 +1669,10 @@ static void spapr_machine_reset(void)
  /* Load the fdt */
  qemu_fdt_dumpdtb(fdt, fdt_totalsize(fdt));
  cpu_physical_memory_write(fdt_addr, fdt, fdt_totalsize(fdt));
-    g_free(fdt);
+    g_free(spapr->fdt_blob);
+    spapr->fdt_size = fdt_totalsize(fdt);
+    spapr->fdt_initial_size = spapr->fdt_size;
+    spapr->fdt_blob = fdt;
    /* Set up the entry state */
  spapr_cpu_set_entry_state(first_ppc_cpu, SPAPR_ENTRY_POINT, 
fdt_addr);
@@ -1920,6 +1923,39 @@ static const VMStateDescription 
vmstate_spapr_irq_map = {

  },
  };
  +static bool spapr_dtb_needed(void *opaque)
+{
+    sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(opaque);
+
+    return smc->update_dt_enabled;
+}
+
+static int spapr_dtb_pre_load(void *opaque)
+{
+    sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
+
+    g_free(spapr->fdt_blob);
+    spapr->fdt_blob = NULL;
+    spapr->fdt_size = 0;
+
+    return 0;
+}
+
+static const VMStateDescription vmstate_spapr_dtb = {
+    .name = "spapr_dtb",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .needed = spapr_dtb_needed,
+    .pre_load = spapr_dtb_pre_load,
+    .fields = (VMStateField[]) {
+    VMSTATE_UINT32(fdt_initial_size, sPAPRMachineState),
+    VMSTATE_UINT32(fdt_size, sPAPRMachineState),
+    VMSTATE_VBUFFER_ALLOC_UINT32(fdt_blob, sPAPRMachineState, 0, 
NULL,

+ fdt_size),
+    VMSTATE_END_OF_LIST()
+    },
+};
+
  static const VMStateDescription vmstate_spapr = {
  .name = "spapr",
  .version_id = 3,
@@ -1949,6 +1985,7 @@ static const VMStateDescription vmstate_spapr = {
  &vmstate_spapr_cap_ibs,
  &vmstate_spapr_irq_map,
  &vmstate_spapr_cap_nested_kvm_hv,
+    &vmstate_spapr_dtb,
  NULL
  }
  };
@@ -3931,6 +3968,7 @@ static void 
spapr_machine_class_init(ObjectClass *oc, void *data)

  hc->unplug = spapr_machine_device_unplug;
    smc->dr_lmb_enabled = true;
+    smc->update_dt_enabled = true;
  mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power9_v2.0");
  mc->has_hotpluggable_cpus = true;
  smc->resize_hpt_default = SPAPR_RESIZE_HPT_ENABLED;
@@ -4023,9 +4061,12 @@ DEFINE_SPAPR_MACHINE(4_0, "4.0", true);
   */
  static void spapr_machine_3_1_class_options(MachineClass *mc)
  {
+    sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
+
  spapr_machine_4_0_class_options(mc);
  compat_props_add(mc->compat_props, hw_compat_3_1, 
hw_compat_3_1_len);

  mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0");
+    smc->update_dt_enabled = false;
  }
    DEFINE_SPAPR_MACHINE(3_1, "3.1", false);
diff --git a/hw/p

Re: [Qemu-devel] [PATCH v12 for-4.1 00/11] qemu_thread_create: propagate the error to callers to handle

2019-03-24 Thread Fei Li

Please ignore this incomplete patch series, it seems there's
something wrong with my email client.. :(

Sorry for this!

在 2019/3/25 上午12:51, Fei Li 写道:

Hi,

This idea comes from BiteSizedTasks, and this patch series implement
the error checking of qemu_thread_create: make qemu_thread_create
return a flag to indicate if it succeeded rather than failing with
an error; make all callers check it.

The first patch modifies the qemu_thread_create() by passing
&error_abort and returing a value to indicate if it succeeds. The next
10 patches will improve on &error_abort for callers who could handle
more properly.

Please help to review, thanks a lot!

v12:
- For patch 6/11, make event_thread terminate by stopping vevent
   thread when failing to create handle_apdu_thread.
- Rectify the commit message for patch 7/11, 8/11.
- For patch 9/11, change two cleanup sentences' order when failing
   to create multifd_recv_thread.
- For patch 11/11, fix the SIGBUS conflict for touch_all_pages().

v11:
- Resend as I sent the last version in a mess..

v10:
- Make qemu_thread_create() return -errno instead of a Boolean.
- Add more cleanup for pci_edu_realize()/emulated_realize().
- Polish for iothread_complete()/compress_threads_save_cleanup()/
   vnc_start_worker_thread()/touch_all_pages.
- Change to return H_HARDWARE for h_resize_hpt_prepare().
- Remove five derivative patches as they have been merged.

v9:
- To ease the review and involve the appropriate maintainers, split
   the previous 6/7 patch into 10 patches: the 6/16 patch passes
   the &error_abort to qemu_thread_create() everywhere, and the next
   9 patches will improve on &error_abort for callers who need.
- Add a new patch 5/7 to unify error handling for
   process_incoming_migration_co().
- Merge the previous 2/7 to current 7/16 to collaboratively handle
   for qemu_X_start_vcpu and for the qemu_init_vpcu in each arch.
- Add comment for multifd_recv_new_channel() in current patch 2/7.

v8:
- Remove previous two patches trying to fix the multifd issue on the
   source side, as we are still waiting for maintainer's opinions.
- Use atomic_read to get multifd_recv_state->count in patch 3/7.
- Get three more "Reviewed-by:".

v7:
- Split the previous multifd-migration into two patches: the src and
   the dst. For the dst, only dump the error instead of quitting.
- Safely do the cleanup for postcopy_ram_enable_notify().
- Split the previous migration-error-handling patch into two patches.

v6:
- Add a new migration-multifd related patch. BTW, delete the previous
   vnc related patch as it has been upstreamed.
- Use error_setg_errno() to set the errno when qemu_thread_create()
   fails for both Linux and Windows implementation.
- Optimize the first patch, less codes are needed

v5:
- Remove `errno = err` in qemu_thread_create() for Linux, and change
   `return errno` to `return -1` in qemu_signal_init() to indicate
   the error in case qemu_thread_create() fails.
- Delete the v4-added qemu_cond/mutex_destroy() in iothread_complete()
   as the destroy() will be done by its callers' object_unref().

v4:
- Separate the migration compression patch from this series
- Add one more error handling patch related with migration
- Add more cleaning up code for touched functions

v3:
- Add two migration related patches to fix the segmentaion fault
- Extract the segmentation fault fix from v2's last patch to be a
   separate patch

v2:
- Pass errp straightly instead of using a local_err & error_propagate
- Return a bool: false/true to indicate if one function succeeds
- Merge v1's last two patches into one to avoid the compile error
- Fix one omitted error in patch1 and update some error messages


Fei Li (11):
   qemu_thread: make qemu_thread_create() take Error ** argument
   qemu_thread: supplement error handling for qemu_X_start_vcpu
   qemu_thread: supplement error handling for qmp_dump_guest_memory
   qemu_thread: supplement error handling for pci_edu_realize
   qemu_thread: supplement error handling for h_resize_hpt_prepare
   qemu_thread: supplement error handling for emulated_realize
   qemu_thread: supplement error handling for iothread_complete
   qemu_thread: supplement error handling for qemu_signalfd_compat
   qemu_thread: supplement error handling for migration
   qemu_thread: supplement error handling for vnc_start_worker_thread
   qemu_thread: supplement error handling for touch_all_pages

  accel/tcg/user-exec-stub.c  |  3 +-
  cpus.c  | 69 +
  dump.c  |  2 +-
  hw/misc/edu.c   | 11 +--
  hw/ppc/spapr_hcall.c| 10 --
  hw/rdma/rdma_backend.c  |  3 +-
  hw/usb/ccid-card-emulated.c | 16 +++---
  include/qemu/thread.h   |  6 ++--
  include/qom/cpu.h   |  2 +-
  io/task.c   |  3 +-
  iothread.c  | 17 +++---
  migration/migration.c   | 30 ++--

[Qemu-devel] [PATCH v12 for-4.1 02/11] qemu_thread: supplement error handling for qemu_X_start_vcpu

2019-03-24 Thread Fei Li
From: Fei Li 

The callers of qemu_init_vcpu() already passed the **errp to handle
errors. In view of this, add a new Error parameter to qemu_init_vcpu()
and all qemu_X_start_vcpu() functions called by qemu_init_vcpu() to
propagate the error and let the further callers check it.

Besides, make qemu_init_vcpu() return a Boolean value to let its
callers know whether it succeeds.

Cc: Paolo Bonzini 
Signed-off-by: Fei Li 
Reviewed-by: Fam Zheng 
Reviewed-by: Juan Quintela 
Reviewed-by: Markus Armbruster 
---
 accel/tcg/user-exec-stub.c  |  3 +-
 cpus.c  | 74 +++--
 include/qom/cpu.h   |  2 +-
 target/alpha/cpu.c  |  4 ++-
 target/arm/cpu.c|  4 ++-
 target/cris/cpu.c   |  4 ++-
 target/hppa/cpu.c   |  4 ++-
 target/i386/cpu.c   |  4 ++-
 target/lm32/cpu.c   |  4 ++-
 target/m68k/cpu.c   |  4 ++-
 target/microblaze/cpu.c |  4 ++-
 target/mips/cpu.c   |  4 ++-
 target/moxie/cpu.c  |  4 ++-
 target/nios2/cpu.c  |  4 ++-
 target/openrisc/cpu.c   |  4 ++-
 target/ppc/translate_init.inc.c |  4 ++-
 target/riscv/cpu.c  |  4 ++-
 target/s390x/cpu.c  |  4 ++-
 target/sh4/cpu.c|  4 ++-
 target/sparc/cpu.c  |  4 ++-
 target/tilegx/cpu.c |  4 ++-
 target/tricore/cpu.c|  4 ++-
 target/unicore32/cpu.c  |  4 ++-
 target/xtensa/cpu.c |  4 ++-
 24 files changed, 108 insertions(+), 55 deletions(-)

diff --git a/accel/tcg/user-exec-stub.c b/accel/tcg/user-exec-stub.c
index a32b4496af..f8c38a375c 100644
--- a/accel/tcg/user-exec-stub.c
+++ b/accel/tcg/user-exec-stub.c
@@ -10,8 +10,9 @@ void cpu_resume(CPUState *cpu)
 {
 }
 
-void qemu_init_vcpu(CPUState *cpu)
+bool qemu_init_vcpu(CPUState *cpu, Error **errp)
 {
+return true;
 }
 
 /* User mode emulation does not support record/replay yet.  */
diff --git a/cpus.c b/cpus.c
index 2c70c06da8..fe58940407 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1932,7 +1932,7 @@ void cpu_remove_sync(CPUState *cpu)
 /* For temporary buffers for forming a name */
 #define VCPU_THREAD_NAME_SIZE 16
 
-static void qemu_tcg_init_vcpu(CPUState *cpu)
+static void qemu_tcg_init_vcpu(CPUState *cpu, Error **errp)
 {
 char thread_name[VCPU_THREAD_NAME_SIZE];
 static QemuCond *single_tcg_halt_cond;
@@ -1962,17 +1962,20 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/TCG",
  cpu->cpu_index);
 
-/* TODO: let the callers handle the error instead of abort() here 
*/
-qemu_thread_create(cpu->thread, thread_name, 
qemu_tcg_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(cpu->thread, thread_name,
+   qemu_tcg_cpu_thread_fn, cpu,
+   QEMU_THREAD_JOINABLE, errp) < 0) {
+return;
+}
 
 } else {
 /* share a single thread for all cpus with TCG */
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "ALL CPUs/TCG");
-/* TODO: let the callers handle the error instead of abort() here 
*/
-qemu_thread_create(cpu->thread, thread_name,
-   qemu_tcg_rr_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(cpu->thread, thread_name,
+   qemu_tcg_rr_cpu_thread_fn, cpu,
+   QEMU_THREAD_JOINABLE, errp) < 0) {
+return;
+}
 
 single_tcg_halt_cond = cpu->halt_cond;
 single_tcg_cpu_thread = cpu->thread;
@@ -1990,7 +1993,7 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
 }
 }
 
-static void qemu_hax_start_vcpu(CPUState *cpu)
+static void qemu_hax_start_vcpu(CPUState *cpu, Error **errp)
 {
 char thread_name[VCPU_THREAD_NAME_SIZE];
 
@@ -2000,15 +2003,16 @@ static void qemu_hax_start_vcpu(CPUState *cpu)
 
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/HAX",
  cpu->cpu_index);
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(cpu->thread, thread_name, qemu_hax_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(cpu->thread, thread_name, qemu_hax_cpu_thread_fn,
+   cpu, QEMU_THREAD_JOINABLE, errp) < 0) {
+return;
+}
 #ifdef _WIN32
 cpu->hThread = qemu_thread_get_handle(cpu->thread);
 #endif
 }
 
-static void qemu_kvm_start_vcpu(CPUState *cpu)
+static void qemu_kvm_start_vcpu(CPUState *cpu, Error **errp)
 {
 char thread_name[VCPU_THREAD_NAME_SIZE];
 
@@ -2017,12 +2021,11 @@ static void qemu_kvm_start_vcpu(CPUState *cpu)

[Qemu-devel] [PATCH v12 for-4.1 05/11] qemu_thread: supplement error handling for h_resize_hpt_prepare

2019-03-24 Thread Fei Li
From: Fei Li 

Add a local_err to hold the error, and return the corresponding
error code to replace the temporary &error_abort.

Cc: Markus Armbruster 
Cc: David Gibson 
Signed-off-by: Fei Li 
Acked-by: David Gibson 
Reviewed-by: Markus Armbruster 
---
 hw/ppc/spapr_hcall.c | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 900b71f4a6..25e385d9a1 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -447,6 +447,7 @@ static target_ulong h_resize_hpt_prepare(PowerPCCPU *cpu,
 SpaprPendingHpt *pending = spapr->pending_hpt;
 uint64_t current_ram_size;
 int rc;
+Error *local_err = NULL;
 
 if (spapr->resize_hpt == SPAPR_RESIZE_HPT_DISABLED) {
 return H_AUTHORITY;
@@ -507,10 +508,13 @@ static target_ulong h_resize_hpt_prepare(PowerPCCPU *cpu,
 pending->shift = shift;
 pending->ret = H_HARDWARE;
 
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&pending->thread, "sPAPR HPT prepare",
-   hpt_prepare_thread, pending,
-   QEMU_THREAD_DETACHED, &error_abort);
+if (qemu_thread_create(&pending->thread, "sPAPR HPT prepare",
+   hpt_prepare_thread, pending,
+   QEMU_THREAD_DETACHED, &local_err) < 0) {
+error_reportf_err(local_err, "failed to create hpt_prepare_thread: ");
+g_free(pending);
+return H_HARDWARE;
+}
 
 spapr->pending_hpt = pending;
 
-- 
2.11.0




[Qemu-devel] [PATCH v12 for-4.1 01/11] qemu_thread: make qemu_thread_create() take Error ** argument

2019-03-24 Thread Fei Li
From: Fei Li 

qemu_thread_create() abort()s on error. Not nice. Give it a return
value and an Error ** argument, so it can return success/failure.

Considering qemu_thread_create() is quite widely used in qemu, split
this into two steps: this patch passes the &error_abort to
qemu_thread_create() everywhere, and the next 10 patches will improve
on &error_abort for callers who need.  To differentiate callers who
need the improvement, temporarily add the "TODO:" comment for them.

Cc: Markus Armbruster 
Cc: Paolo Bonzini 
Signed-off-by: Fei Li 
Reviewed-by: Markus Armbruster 
---
 cpus.c  | 23 +++
 dump.c  |  3 ++-
 hw/misc/edu.c   |  4 +++-
 hw/ppc/spapr_hcall.c|  4 +++-
 hw/rdma/rdma_backend.c  |  3 ++-
 hw/usb/ccid-card-emulated.c |  5 +++--
 include/qemu/thread.h   |  6 +++---
 io/task.c   |  3 ++-
 iothread.c  |  3 ++-
 migration/migration.c   | 11 ---
 migration/postcopy-ram.c|  4 +++-
 migration/ram.c | 12 
 migration/savevm.c  |  3 ++-
 tests/atomic_add-bench.c|  3 ++-
 tests/iothread.c|  2 +-
 tests/qht-bench.c   |  3 ++-
 tests/rcutorture.c  |  3 ++-
 tests/test-aio.c|  2 +-
 tests/test-rcu-list.c   |  3 ++-
 ui/vnc-jobs.c   |  6 --
 util/compatfd.c |  6 --
 util/oslib-posix.c  |  3 ++-
 util/qemu-thread-posix.c| 30 +++---
 util/qemu-thread-win32.c| 13 ++---
 util/rcu.c  |  3 ++-
 util/thread-pool.c  |  4 +++-
 26 files changed, 114 insertions(+), 51 deletions(-)

diff --git a/cpus.c b/cpus.c
index e83f72b48b..2c70c06da8 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1962,15 +1962,17 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/TCG",
  cpu->cpu_index);
 
+/* TODO: let the callers handle the error instead of abort() here 
*/
 qemu_thread_create(cpu->thread, thread_name, 
qemu_tcg_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 
 } else {
 /* share a single thread for all cpus with TCG */
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "ALL CPUs/TCG");
+/* TODO: let the callers handle the error instead of abort() here 
*/
 qemu_thread_create(cpu->thread, thread_name,
qemu_tcg_rr_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 
 single_tcg_halt_cond = cpu->halt_cond;
 single_tcg_cpu_thread = cpu->thread;
@@ -1998,8 +2000,9 @@ static void qemu_hax_start_vcpu(CPUState *cpu)
 
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/HAX",
  cpu->cpu_index);
+/* TODO: let the further caller handle the error instead of abort() here */
 qemu_thread_create(cpu->thread, thread_name, qemu_hax_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 #ifdef _WIN32
 cpu->hThread = qemu_thread_get_handle(cpu->thread);
 #endif
@@ -2014,8 +2017,9 @@ static void qemu_kvm_start_vcpu(CPUState *cpu)
 qemu_cond_init(cpu->halt_cond);
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/KVM",
  cpu->cpu_index);
+/* TODO: let the further caller handle the error instead of abort() here */
 qemu_thread_create(cpu->thread, thread_name, qemu_kvm_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 }
 
 static void qemu_hvf_start_vcpu(CPUState *cpu)
@@ -2032,8 +2036,9 @@ static void qemu_hvf_start_vcpu(CPUState *cpu)
 
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/HVF",
  cpu->cpu_index);
+/* TODO: let the further caller handle the error instead of abort() here */
 qemu_thread_create(cpu->thread, thread_name, qemu_hvf_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 }
 
 static void qemu_whpx_start_vcpu(CPUState *cpu)
@@ -2045,8 +2050,9 @@ static void qemu_whpx_start_vcpu(CPUState *cpu)
 qemu_cond_init(cpu->halt_cond);
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/WHPX",
  cpu->cpu_index);
+/* TODO: let the further caller handle the error instead of abort() here */
 qemu_thread_create(cpu->thread, thread_name, qemu_whpx_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
+   cpu, QEMU_THREAD_JOINABLE, &error_abort);
 #ifdef _WIN32
 cpu->hThread = qemu_thread_get_handle(cpu->thread);
 #endif
@@ -2061,8 +2067,9 @@ 

[Qemu-devel] [PATCH v12 for-4.1 03/11] qemu_thread: supplement error handling for qmp_dump_guest_memory

2019-03-24 Thread Fei Li
From: Fei Li 

Utilize the existed errp to propagate the error instead of the
temporary &error_abort.

Cc: Markus Armbruster 
Cc: Marc-André Lureau 
Signed-off-by: Fei Li 
Reviewed-by: Markus Armbruster 
---
 dump.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/dump.c b/dump.c
index 3401078af4..4e9cbdf151 100644
--- a/dump.c
+++ b/dump.c
@@ -2021,9 +2021,8 @@ void qmp_dump_guest_memory(bool paging, const char *file,
 if (detach_p) {
 /* detached dump */
 s->detached = true;
-/* TODO: let the further caller handle the error instead of abort() */
 qemu_thread_create(&s->dump_thread, "dump_thread", dump_thread,
-   s, QEMU_THREAD_DETACHED, &error_abort);
+   s, QEMU_THREAD_DETACHED, errp);
 } else {
 /* sync dump */
 dump_process(s, errp);
-- 
2.11.0




[Qemu-devel] [PATCH v12 for-4.1 06/11] qemu_thread: supplement error handling for emulated_realize

2019-03-24 Thread Fei Li
From: Fei Li 

Utilize the existed errp to propagate the error and do the
corresponding cleanup to replace the temporary &error_abort.

Cc: Markus Armbruster 
Cc: Gerd Hoffmann 
Signed-off-by: Fei Li 
---
 hw/usb/ccid-card-emulated.c | 17 -
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c
index 0b170f6328..5ffc97dcfe 100644
--- a/hw/usb/ccid-card-emulated.c
+++ b/hw/usb/ccid-card-emulated.c
@@ -544,11 +544,18 @@ static void emulated_realize(CCIDCardState *base, Error 
**errp)
 error_setg(errp, "%s: failed to initialize vcard", TYPE_EMULATED_CCID);
 goto out2;
 }
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&card->event_thread_id, "ccid/event", event_thread,
-   card, QEMU_THREAD_JOINABLE, &error_abort);
-qemu_thread_create(&card->apdu_thread_id, "ccid/apdu", handle_apdu_thread,
-   card, QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&card->event_thread_id, "ccid/event", event_thread,
+   card, QEMU_THREAD_JOINABLE, errp) < 0) {
+goto out2;
+}
+if (qemu_thread_create(&card->apdu_thread_id, "ccid/apdu",
+   handle_apdu_thread, card,
+   QEMU_THREAD_JOINABLE, errp) < 0) {
+VEvent *vevent = vevent_new(VEVENT_LAST, NULL, NULL);
+vevent_queue_vevent(vevent); /* stop vevent thread */
+qemu_thread_join(&card->event_thread_id);
+goto out2;
+}
 
 return;
 
-- 
2.11.0




[Qemu-devel] [PATCH v12 for-4.1 04/11] qemu_thread: supplement error handling for pci_edu_realize

2019-03-24 Thread Fei Li
From: Fei Li 

Utilize the existed errp to propagate the error and do the
corresponding cleanup to replace the temporary &error_abort.

Cc: Markus Armbruster 
Cc: Jiri Slaby 
Signed-off-by: Fei Li 
Reviewed-by: Markus Armbruster 
---
 hw/misc/edu.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/hw/misc/edu.c b/hw/misc/edu.c
index 21adbfddce..8fe232b6d6 100644
--- a/hw/misc/edu.c
+++ b/hw/misc/edu.c
@@ -356,9 +356,14 @@ static void pci_edu_realize(PCIDevice *pdev, Error **errp)
 
 qemu_mutex_init(&edu->thr_mutex);
 qemu_cond_init(&edu->thr_cond);
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&edu->thread, "edu", edu_fact_thread,
-   edu, QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&edu->thread, "edu", edu_fact_thread,
+   edu, QEMU_THREAD_JOINABLE, errp) < 0) {
+qemu_cond_destroy(&edu->thr_cond);
+qemu_mutex_destroy(&edu->thr_mutex);
+timer_del(&edu->dma_timer);
+msi_uninit(pdev);
+return;
+}
 
 memory_region_init_io(&edu->mmio, OBJECT(edu), &edu_mmio_ops, edu,
 "edu-mmio", 1 * MiB);
-- 
2.11.0




[Qemu-devel] [PATCH v12 for-4.1 00/11] qemu_thread_create: propagate the error to callers to handle

2019-03-24 Thread Fei Li
Hi,

This idea comes from BiteSizedTasks, and this patch series implement
the error checking of qemu_thread_create: make qemu_thread_create
return a flag to indicate if it succeeded rather than failing with
an error; make all callers check it.

The first patch modifies the qemu_thread_create() by passing
&error_abort and returing a value to indicate if it succeeds. The next
10 patches will improve on &error_abort for callers who could handle
more properly.

Please help to review, thanks a lot! 

v12:
- For patch 6/11, make event_thread terminate by stopping vevent
  thread when failing to create handle_apdu_thread.
- Rectify the commit message for patch 7/11, 8/11.
- For patch 9/11, change two cleanup sentences' order when failing
  to create multifd_recv_thread.
- For patch 11/11, fix the SIGBUS conflict for touch_all_pages().

v11:
- Resend as I sent the last version in a mess..

v10:
- Make qemu_thread_create() return -errno instead of a Boolean.
- Add more cleanup for pci_edu_realize()/emulated_realize(). 
- Polish for iothread_complete()/compress_threads_save_cleanup()/
  vnc_start_worker_thread()/touch_all_pages.
- Change to return H_HARDWARE for h_resize_hpt_prepare().
- Remove five derivative patches as they have been merged.

v9:
- To ease the review and involve the appropriate maintainers, split
  the previous 6/7 patch into 10 patches: the 6/16 patch passes
  the &error_abort to qemu_thread_create() everywhere, and the next
  9 patches will improve on &error_abort for callers who need.
- Add a new patch 5/7 to unify error handling for 
  process_incoming_migration_co().
- Merge the previous 2/7 to current 7/16 to collaboratively handle
  for qemu_X_start_vcpu and for the qemu_init_vpcu in each arch.
- Add comment for multifd_recv_new_channel() in current patch 2/7.

v8:
- Remove previous two patches trying to fix the multifd issue on the
  source side, as we are still waiting for maintainer's opinions.
- Use atomic_read to get multifd_recv_state->count in patch 3/7.
- Get three more "Reviewed-by:".

v7:
- Split the previous multifd-migration into two patches: the src and
  the dst. For the dst, only dump the error instead of quitting.
- Safely do the cleanup for postcopy_ram_enable_notify().
- Split the previous migration-error-handling patch into two patches.

v6:
- Add a new migration-multifd related patch. BTW, delete the previous
  vnc related patch as it has been upstreamed.
- Use error_setg_errno() to set the errno when qemu_thread_create()
  fails for both Linux and Windows implementation.
- Optimize the first patch, less codes are needed

v5:
- Remove `errno = err` in qemu_thread_create() for Linux, and change
  `return errno` to `return -1` in qemu_signal_init() to indicate
  the error in case qemu_thread_create() fails.
- Delete the v4-added qemu_cond/mutex_destroy() in iothread_complete()
  as the destroy() will be done by its callers' object_unref().

v4:
- Separate the migration compression patch from this series
- Add one more error handling patch related with migration
- Add more cleaning up code for touched functions

v3:
- Add two migration related patches to fix the segmentaion fault
- Extract the segmentation fault fix from v2's last patch to be a
  separate patch

v2:
- Pass errp straightly instead of using a local_err & error_propagate
- Return a bool: false/true to indicate if one function succeeds
- Merge v1's last two patches into one to avoid the compile error
- Fix one omitted error in patch1 and update some error messages


Fei Li (11):
  qemu_thread: make qemu_thread_create() take Error ** argument
  qemu_thread: supplement error handling for qemu_X_start_vcpu
  qemu_thread: supplement error handling for qmp_dump_guest_memory
  qemu_thread: supplement error handling for pci_edu_realize
  qemu_thread: supplement error handling for h_resize_hpt_prepare
  qemu_thread: supplement error handling for emulated_realize
  qemu_thread: supplement error handling for iothread_complete
  qemu_thread: supplement error handling for qemu_signalfd_compat
  qemu_thread: supplement error handling for migration
  qemu_thread: supplement error handling for vnc_start_worker_thread
  qemu_thread: supplement error handling for touch_all_pages

 accel/tcg/user-exec-stub.c  |  3 +-
 cpus.c  | 69 +
 dump.c  |  2 +-
 hw/misc/edu.c   | 11 +--
 hw/ppc/spapr_hcall.c| 10 --
 hw/rdma/rdma_backend.c  |  3 +-
 hw/usb/ccid-card-emulated.c | 16 +++---
 include/qemu/thread.h   |  6 ++--
 include/qom/cpu.h   |  2 +-
 io/task.c   |  3 +-
 iothread.c  | 17 +++---
 migration/migration.c   | 30 ++
 migration/postcopy-ram.c| 14 +++--
 migration/ram.c | 66 ++-
 migration/savevm.c  | 11 +--
 target/alpha/cp

[Qemu-devel] [PATCH v12 for-4.1 07/11] qemu_thread: supplement error handling for iothread_complete

2019-03-24 Thread Fei Li
From: Fei Li 

Utilize the existed errp to propagate the error and do the
corresponding cleanup to replace the temporary &error_abort.

Cc: Markus Armbruster 
Cc: Stefan Hajnoczi 
Cc: Eric Blake 
Signed-off-by: Fei Li 
Reviewed-by: Markus Armbruster 
---
 iothread.c | 18 --
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/iothread.c b/iothread.c
index 2d5a5bfe6c..1ebacaf089 100644
--- a/iothread.c
+++ b/iothread.c
@@ -166,6 +166,7 @@ static void iothread_complete(UserCreatable *obj, Error 
**errp)
 Error *local_error = NULL;
 IOThread *iothread = IOTHREAD(obj);
 char *name, *thread_name;
+int thread_ok;
 
 iothread->stopping = false;
 iothread->running = true;
@@ -188,9 +189,7 @@ static void iothread_complete(UserCreatable *obj, Error 
**errp)
 &local_error);
 if (local_error) {
 error_propagate(errp, local_error);
-aio_context_unref(iothread->ctx);
-iothread->ctx = NULL;
-return;
+goto fail;
 }
 
 /* This assumes we are called from a thread with useful CPU affinity for us
@@ -198,16 +197,23 @@ static void iothread_complete(UserCreatable *obj, Error 
**errp)
  */
 name = object_get_canonical_path_component(OBJECT(obj));
 thread_name = g_strdup_printf("IO %s", name);
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&iothread->thread, thread_name, iothread_run,
-   iothread, QEMU_THREAD_JOINABLE, &error_abort);
+thread_ok = qemu_thread_create(&iothread->thread, thread_name, 
iothread_run,
+   iothread, QEMU_THREAD_JOINABLE, errp);
 g_free(thread_name);
 g_free(name);
+if (thread_ok < 0) {
+qemu_sem_destroy(&iothread->init_done_sem);
+goto fail;
+}
 
 /* Wait for initialization to complete */
 while (iothread->thread_id == -1) {
 qemu_sem_wait(&iothread->init_done_sem);
 }
+return;
+fail:
+aio_context_unref(iothread->ctx);
+iothread->ctx = NULL;
 }
 
 typedef struct {
-- 
2.11.0




[Qemu-devel] [Bug 1821430] Re: qemu-user-arm (4.0.0-rc0) crashes

2019-03-24 Thread Peter Maydell
Yeah, unfortunately we don't support cortex-a53 (or other 64-bit CPUs)
in qemu-arm. (We also don't support them as highest-EL-is-AArch32 config
in system mode.) Ideally we should fill in that gap, but in practice
most people aren't building aarch32 code for ARMv8 -- either they want
the back-compat with v7 CPUs or they are using 64-bit -- so it hasn't
been very high priority for us.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1821430

Title:
  qemu-user-arm (4.0.0-rc0) crashes

Status in QEMU:
  New

Bug description:
  I'm using qemu-user-arm for crosscompilation needs, usually via a wrapper.
  qemu-user-arm (4.0.0-rc0) crashes with SIGILL on at least 2 instructions:

  first case (sadly I don't have more data handy, can reproduce at a later time 
if needed):
  (gdb) x/i $pc
  => 0xfffce314:  vseleq.f64  d0, d17, d0

  second case (llvm-config):
  qemu cmdline:
  qemu-arm -strace -cpu max -r 5.0.0 -L /home/asavah/kross/build/rpi3/rootfs -E 
LD_LIBRARY_PATH=/home/asavah/kross/build/rpi3/rootfs/usr/bin:/home/asavah/kross/build/rpi3/rootfs/usr/lib
 /home/asavah/kross/build/rpi3/rootfs/usr/bin/llvm-config --shared-mode

  --- SIGILL {si_signo=SIGILL, si_code=2, si_addr=0xf9f89f80} ---
  qemu: uncaught target signal 4 (Illegal instruction) - core dumped

  output from gdb(arm) attached to qemu-user-arm
  Program received signal SIGILL, Illegal instruction.
  0xf9f77f80 in ?? ()
  (gdb) bt
  #0  0xf9f77f80 in ?? ()
  #1  0xfffd796c in ?? ()
  Backtrace stopped: previous frame identical to this frame (corrupt stack?)
  (gdb)  x/i $pc
  => 0xf9f77f80:  vrintm.f64  d18, d18

  
  The very same binaries when run with qemu-user-arm 3.1.0 (both from ubuntu 
19.04 package and self built)
  work flawlessly.

  This is clearly a regression.
  Please fix before releasing 4.0.0.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1821430/+subscriptions



Re: [Qemu-devel] [PATCH v11 for-4.0 06/11] qemu_thread: supplement error handling for emulated_realize

2019-03-24 Thread Fei Li



在 2019/2/15 下午8:35, Fei Li 写道:


在 2019/2/4 下午9:30, Markus Armbruster 写道:

Fei Li  writes:


在 2019/2/1 下午9:04, Markus Armbruster 写道:

Fei Li  writes:


From: Fei Li 

Utilize the existed errp to propagate the error and do the
corresponding cleanup to replace the temporary &error_abort.

Cc: Markus Armbruster 
Cc: Gerd Hoffmann 
Signed-off-by: Fei Li 
---
   hw/usb/ccid-card-emulated.c | 15 ++-
   1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/hw/usb/ccid-card-emulated.c 
b/hw/usb/ccid-card-emulated.c

index 0b170f6328..19b4b9a8fa 100644
--- a/hw/usb/ccid-card-emulated.c
+++ b/hw/usb/ccid-card-emulated.c
@@ -544,11 +544,16 @@ static void emulated_realize(CCIDCardState 
*base, Error **errp)
   error_setg(errp, "%s: failed to initialize vcard", 
TYPE_EMULATED_CCID);

   goto out2;
   }
-    /* TODO: let the further caller handle the error instead of 
abort() here */
-    qemu_thread_create(&card->event_thread_id, "ccid/event", 
event_thread,

-   card, QEMU_THREAD_JOINABLE, &error_abort);
-    qemu_thread_create(&card->apdu_thread_id, "ccid/apdu", 
handle_apdu_thread,

-   card, QEMU_THREAD_JOINABLE, &error_abort);
+    if (qemu_thread_create(&card->event_thread_id, "ccid/event", 
event_thread,

+   card, QEMU_THREAD_JOINABLE, errp) < 0) {
+    goto out2;
+    }
+    if (qemu_thread_create(&card->apdu_thread_id, "ccid/apdu",
+   handle_apdu_thread, card,
+   QEMU_THREAD_JOINABLE, errp) < 0) {
+    qemu_thread_join(&card->event_thread_id);

What makes event_thread terminate here?

I'm asking because if it doesn't, the join will hang.

Oops, my neglect..  Could we add a
`qemu_thread_cancel(card->event_thread_id);` here
before the join()?

pthread_cancel() is difficult to use correctly, and we don't use it in
QEMU so far.  Instead, we tell threads to stop, e.g. by setting a flag
the thread checks in its main loop, and making sure the thread actually
loops in bounded time.  How to best achieve that for this thread I don't
know.  Christophe, Marc-André, can you help?

Hi, Christophe, Marc-André,
Would you like to share your views and give some suggestions? :)
That would be very helpful, thanks a lot!

Have a nice day
Fei


Hi all,

I refer to the method in emulated_unrealize(): terminate event_thread
by stopping vevent thread [1]. But I am not sure whether this is proper,
please share your views in [PATCH v12 for-4.1 06/11]. Thanks a lot! :)

[1]

    VEvent *vevent = vevent_new(VEVENT_LAST, NULL, NULL);

    vevent_queue_vevent(vevent); /* stop vevent thread */
    qemu_thread_join(&card->event_thread_id);

Have a nice day, thanks
Fei



[Qemu-devel] [Bug 1821430] Re: qemu-user-arm (4.0.0-rc0) crashes

2019-03-24 Thread asavah
I should point that -cpu cortex-a53 is not available in qemu-arm,
I'm building arm 32 bit stuff.

qemu-arm -cpu help
Available CPUs:
  arm1026
  arm1136
  arm1136-r2
  arm1176
  arm11mpcore
  arm926
  arm946
  cortex-a15
  cortex-a7
  cortex-a8
  cortex-a9
  cortex-m0
  cortex-m3
  cortex-m33
  cortex-m4
  cortex-r5
  cortex-r5f
  max
  pxa250
  pxa255
  pxa260
  pxa261
  pxa262
  pxa270-a0
  pxa270-a1
  pxa270
  pxa270-b0
  pxa270-b1
  pxa270-c0
  pxa270-c5
  sa1100
  sa1110
  ti925t
  any

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1821430

Title:
  qemu-user-arm (4.0.0-rc0) crashes

Status in QEMU:
  New

Bug description:
  I'm using qemu-user-arm for crosscompilation needs, usually via a wrapper.
  qemu-user-arm (4.0.0-rc0) crashes with SIGILL on at least 2 instructions:

  first case (sadly I don't have more data handy, can reproduce at a later time 
if needed):
  (gdb) x/i $pc
  => 0xfffce314:  vseleq.f64  d0, d17, d0

  second case (llvm-config):
  qemu cmdline:
  qemu-arm -strace -cpu max -r 5.0.0 -L /home/asavah/kross/build/rpi3/rootfs -E 
LD_LIBRARY_PATH=/home/asavah/kross/build/rpi3/rootfs/usr/bin:/home/asavah/kross/build/rpi3/rootfs/usr/lib
 /home/asavah/kross/build/rpi3/rootfs/usr/bin/llvm-config --shared-mode

  --- SIGILL {si_signo=SIGILL, si_code=2, si_addr=0xf9f89f80} ---
  qemu: uncaught target signal 4 (Illegal instruction) - core dumped

  output from gdb(arm) attached to qemu-user-arm
  Program received signal SIGILL, Illegal instruction.
  0xf9f77f80 in ?? ()
  (gdb) bt
  #0  0xf9f77f80 in ?? ()
  #1  0xfffd796c in ?? ()
  Backtrace stopped: previous frame identical to this frame (corrupt stack?)
  (gdb)  x/i $pc
  => 0xf9f77f80:  vrintm.f64  d18, d18

  
  The very same binaries when run with qemu-user-arm 3.1.0 (both from ubuntu 
19.04 package and self built)
  work flawlessly.

  This is clearly a regression.
  Please fix before releasing 4.0.0.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1821430/+subscriptions



Re: [Qemu-devel] [PATCH v11 for-4.0 09/11] qemu_thread: supplement error handling for migration

2019-03-24 Thread Fei Li



在 2019/2/5 上午12:34, Dr. David Alan Gilbert 写道:

* Markus Armbruster (arm...@redhat.com) wrote:

Dave, I tried to review the error paths, in particular resource cleanup,
but there's a lot going on, and I'm not feeling confident.  Please have
a close look.

Fei Li  writes:


From: Fei Li 

Update qemu_thread_create()'s callers by
- setting an error on qemu_thread_create() failure for callers that
   set an error on failure;
- reporting the error and returning failure for callers that return
   an error code on failure;
- reporting the error and setting some state for callers that just
   report errors and choose not to continue on.

Besides, make compress_threads_save_cleanup() cope with partially
initialized comp_param[i] to adapt to the new qemu_thread_create()
failure case.

Cc: Markus Armbruster 
Cc: Dr. David Alan Gilbert 
Signed-off-by: Fei Li 
Reviewed-by: Dr. David Alan Gilbert 
---
  migration/migration.c| 35 +---
  migration/postcopy-ram.c | 16 ++---
  migration/ram.c  | 70 ++--
  migration/savevm.c   | 12 ---
  4 files changed, 89 insertions(+), 44 deletions(-)

diff --git a/migration/migration.c b/migration/migration.c
index 1da71211c8..0034ca1334 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -447,10 +447,13 @@ static void process_incoming_migration_co(void *opaque)
  goto fail;
  }
  
-/* TODO: let the further caller handle the error instead of abort() */

-qemu_thread_create(&mis->colo_incoming_thread, "COLO incoming",
-   colo_process_incoming_thread, mis,
-   QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&mis->colo_incoming_thread, "COLO incoming",
+   colo_process_incoming_thread, mis,
+   QEMU_THREAD_JOINABLE, &local_err) < 0) {
+error_reportf_err(local_err, "failed to create "
+  "colo_process_incoming_thread: ");
+goto fail;
+}
  mis->have_colo_incoming_thread = true;
  qemu_coroutine_yield();
  
@@ -2349,6 +2352,7 @@ out:

  static int open_return_path_on_source(MigrationState *ms,
bool create_thread)
  {
+Error *local_err = NULL;
  
  ms->rp_state.from_dst_file = qemu_file_get_return_path(ms->to_dst_file);

  if (!ms->rp_state.from_dst_file) {
@@ -2362,10 +2366,15 @@ static int open_return_path_on_source(MigrationState 
*ms,
  return 0;
  }
  
-/* TODO: let the further caller handle the error instead of abort() here */

-qemu_thread_create(&ms->rp_state.rp_thread, "return path",
-   source_return_path_thread, ms,
-   QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&ms->rp_state.rp_thread, "return path",
+   source_return_path_thread, ms,
+   QEMU_THREAD_JOINABLE, &local_err) < 0) {
+error_reportf_err(local_err,
+  "failed to create source_return_path_thread: ");
+qemu_fclose(ms->rp_state.from_dst_file);
+ms->rp_state.from_dst_file = NULL;
+return -1;
+ }
  
  trace_open_return_path_on_source_continue();
  
@@ -3201,9 +3210,13 @@ void migrate_fd_connect(MigrationState *s, Error *error_in)

if (multifd_save_setup() != 0) {
migrate_set_state(&s->state, MIGRATION_STATUS_SETUP,
  MIGRATION_STATUS_FAILED);

  migrate_fd_cleanup(s);
  return;
  }
-/* TODO: let the further caller handle the error instead of abort() here */
-qemu_thread_create(&s->thread, "live_migration", migration_thread, s,
-   QEMU_THREAD_JOINABLE, &error_abort);
+if (qemu_thread_create(&s->thread, "live_migration", migration_thread, s,
+   QEMU_THREAD_JOINABLE, &error_in) < 0) {
+error_reportf_err(error_in, "failed to create migration_thread: ");
+migrate_set_state(&s->state, s->state, MIGRATION_STATUS_FAILED);
+migrate_fd_cleanup(s);

Is there anything to clean up for multifd_save_setup()?  Dave?

I need to bounce that one to Juan; he knows the multifd stuff; cc'd


Hi all,

I check the code again, the migrate_fd_cleanup() will call 
multifd_save_setup() to clean

the multifd-stuff. Thus the current code is just fine. :)

Sorry for the late reply...

BTW, I will send the updated v12 later.

Have a nice day, thanks
Fei



+return;
+}
  s->migration_thread_running = true;
  }
  
diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c

index 221ea24919..0934a1403a 100644
--- a/migration/postcopy-ram.c
+++ b/migration/postcopy-ram.c
@@ -1083,6 +1083,8 @@ retry:
  
  int postcopy_ram_enable_notify(MigrationIncomingState *mis)

  {
+Error *local_err = NULL;
+
  /* Open the fd for the

Re: [Qemu-devel] [Bug 1821430] [NEW] qemu-user-arm (4.0.0-rc0) crashes

2019-03-24 Thread Alex Bennée


asavah  writes:

> Public bug reported:
>
> I'm using qemu-user-arm for crosscompilation needs, usually via a wrapper.
> qemu-user-arm (4.0.0-rc0) crashes with SIGILL on at least 2 instructions:
>
> first case (sadly I don't have more data handy, can reproduce at a later time 
> if needed):
> (gdb) x/i $pc
> => 0xfffce314:  vseleq.f64  d0, d17, d0
>
> second case (llvm-config):
> qemu cmdline:
> qemu-arm -strace -cpu max -r 5.0.0 -L
> /home/asavah/kross/build/rpi3/rootfs -E
> LD_LIBRARY_PATH=/home/asavah/kross/build/rpi3/rootfs/usr/bin:/home/asavah/kross/build/rpi3/rootfs/usr/lib
> /home/asavah/kross/build/rpi3/rootfs/usr/bin/llvm-config --shared-mode

I should point out that a rpi3 is a cortex-a53 so -cpu cortex-a53 should
be all you need to run the binaries. -cpu max will enabled a bunch of
features you cannot use on an actual pi.

>
> --- SIGILL {si_signo=SIGILL, si_code=2, si_addr=0xf9f89f80} ---
> qemu: uncaught target signal 4 (Illegal instruction) - core dumped
>
> output from gdb(arm) attached to qemu-user-arm
> Program received signal SIGILL, Illegal instruction.
> 0xf9f77f80 in ?? ()
> (gdb) bt
> #0  0xf9f77f80 in ?? ()
> #1  0xfffd796c in ?? ()
> Backtrace stopped: previous frame identical to this frame (corrupt stack?)
> (gdb)  x/i $pc
> => 0xf9f77f80:  vrintm.f64  d18, d18
>
>
> The very same binaries when run with qemu-user-arm 3.1.0 (both from ubuntu 
> 19.04 package and self built)
> work flawlessly.
>
> This is clearly a regression.
> Please fix before releasing 4.0.0.
>
> ** Affects: qemu
>  Importance: Undecided
>  Status: New


--
Alex Bennée



[Qemu-devel] qemu-system-x86_64: Initialization of device isa-pcspk failed: Initializing audio voice failed

2019-03-24 Thread Dominick Grift
qemu-kvm-4.0.0-0.2.rc0.fc31.x86_64

2019-03-24 10:09:11,070: cmd: qemu-system-x86_64 -no-user-config -m 4096 
--machine accel=kvm -kernel /var/tmp/lorax.imgutils.5oejwg8q/isolinux/vmlinuz 
-initrd /var/tmp/lmc-initrd-npcsdyha.img -drive 
file=/var/tmp/lmc-disk-txw8t0m7.img,cache=unsafe,discard=unmap,format=raw 
-drive file=/root/boot.iso,media=cdrom,readonly=on -append 
ks=file:/livemedia_creator.ks inst.stage2=hd:LABEL=Fedora-E-dvd-x86_64-rawh 
inst.text inst.cmdline -nographic -display vnc=127.0.0.1:0 -device 
virtio-serial-pci,id=virtio-serial0 -device 
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.fedoraproject.anaconda.log.0
 -chardev socket,id=charchannel0,host=127.0.0.1,port=59127 -object 
rng-random,id=virtio-rng0,filename=/dev/random -device 
virtio-rng-pci,rng=virtio-rng0,id=rng0,bus=pci.0,addr=0x9
2019-03-24 10:09:11,070: output: xcb_connection_has_error() returned true
xcb_connection_has_error() returned true
ALSA lib pulse.c:242:(pulse_connect) PulseAudio: Unable to connect: Connection 
refused
sdl: SDL_OpenAudio failed
sdl: Reason: ALSA: Couldn't open audio device: Connection refused
xcb_connection_has_error() returned true
ALSA lib pulse.c:242:(pulse_connect) PulseAudio: Unable to connect: Connection 
refused
sdl: SDL_OpenAudio failed
sdl: Reason: ALSA: Couldn't open audio device: Connection refused
audio: Failed to create voice `pcspk'
qemu-system-x86_64: Initialization of device isa-pcspk failed: Initializing 
audio voice failed
2019-03-24 10:09:11,168: VirtualInstall failed: QEMUInstall failed

Setting "QEMU_AUDIO_DRV=none" fixes the above issue.

-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift



[Qemu-devel] [Bug 1821515] [NEW] qemu-ppc (user) incorrectly converts float(nan)->double(non-nan)

2019-03-24 Thread Sergei Trofimovich
Public bug reported:

Noticed on qemu-3.1.0 on GHC test suite where float32 comparisons didn't work 
on NaNs.
Here is the minimal reproducer:

```c
// cat a.c
#include 
#include 
#include 

int main() {
volatile float f1 = NAN;
volatile float f2 = NAN;
printf ("f1 (%e, %#x) >= f2 (%e, %#x): %s\n",
f1, *(volatile uint32_t*)&f1,
f2, *(volatile uint32_t*)&f2,
(f1 >= f2) ? "True"
   : "False");
volatile double d = f1;
printf ("d (%e, %#llx)\n",
d, *(volatile uint64_t*)&d);
}
```

```
# incorrect execution:
$ powerpc-unknown-linux-gnu-gcc -O2 a.c -o a -static && qemu-ppc ./a 
f1 (5.104236e+38, 0x7fc0) >= f2 (5.104236e+38, 0x7fc0): True
d (5.104236e+38, 0x47f8)

# correct execution
$ scp a timberdoodle.ppc64.dev.gentoo.org:~/;  ssh 
timberdoodle.ppc64.dev.gentoo.org ./a
f1 (nan, 0x7fc0) >= f2 (nan, 0x7fc0): False
d (nan, 0x7ff8)
```

Note: qemu-ppc handled float32 extension as it was not a NaN
(exp=111..) but a normalized number.

** Affects: qemu
 Importance: Undecided
 Status: New

** Attachment added: "statically linked binary"
   https://bugs.launchpad.net/bugs/1821515/+attachment/5249031/+files/ppc-bug

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1821515

Title:
  qemu-ppc (user) incorrectly converts float(nan)->double(non-nan)

Status in QEMU:
  New

Bug description:
  Noticed on qemu-3.1.0 on GHC test suite where float32 comparisons didn't work 
on NaNs.
  Here is the minimal reproducer:

  ```c
  // cat a.c
  #include 
  #include 
  #include 

  int main() {
  volatile float f1 = NAN;
  volatile float f2 = NAN;
  printf ("f1 (%e, %#x) >= f2 (%e, %#x): %s\n",
  f1, *(volatile uint32_t*)&f1,
  f2, *(volatile uint32_t*)&f2,
  (f1 >= f2) ? "True"
 : "False");
  volatile double d = f1;
  printf ("d (%e, %#llx)\n",
  d, *(volatile uint64_t*)&d);
  }
  ```

  ```
  # incorrect execution:
  $ powerpc-unknown-linux-gnu-gcc -O2 a.c -o a -static && qemu-ppc ./a 
  f1 (5.104236e+38, 0x7fc0) >= f2 (5.104236e+38, 0x7fc0): True
  d (5.104236e+38, 0x47f8)

  # correct execution
  $ scp a timberdoodle.ppc64.dev.gentoo.org:~/;  ssh 
timberdoodle.ppc64.dev.gentoo.org ./a
  f1 (nan, 0x7fc0) >= f2 (nan, 0x7fc0): False
  d (nan, 0x7ff8)
  ```

  Note: qemu-ppc handled float32 extension as it was not a NaN
  (exp=111..) but a normalized number.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1821515/+subscriptions



[Qemu-devel] [Bug 1821515] Re: qemu-ppc (user) incorrectly converts float(nan)->double(non-nan)

2019-03-24 Thread Sergei Trofimovich
The bug is in the same area as
https://bugs.launchpad.net/qemu/+bug/1821444 but in another branch of
'uint64_t helper_todouble(uint32_t arg=0x1)'.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1821515

Title:
  qemu-ppc (user) incorrectly converts float(nan)->double(non-nan)

Status in QEMU:
  New

Bug description:
  Noticed on qemu-3.1.0 on GHC test suite where float32 comparisons didn't work 
on NaNs.
  Here is the minimal reproducer:

  ```c
  // cat a.c
  #include 
  #include 
  #include 

  int main() {
  volatile float f1 = NAN;
  volatile float f2 = NAN;
  printf ("f1 (%e, %#x) >= f2 (%e, %#x): %s\n",
  f1, *(volatile uint32_t*)&f1,
  f2, *(volatile uint32_t*)&f2,
  (f1 >= f2) ? "True"
 : "False");
  volatile double d = f1;
  printf ("d (%e, %#llx)\n",
  d, *(volatile uint64_t*)&d);
  }
  ```

  ```
  # incorrect execution:
  $ powerpc-unknown-linux-gnu-gcc -O2 a.c -o a -static && qemu-ppc ./a 
  f1 (5.104236e+38, 0x7fc0) >= f2 (5.104236e+38, 0x7fc0): True
  d (5.104236e+38, 0x47f8)

  # correct execution
  $ scp a timberdoodle.ppc64.dev.gentoo.org:~/;  ssh 
timberdoodle.ppc64.dev.gentoo.org ./a
  f1 (nan, 0x7fc0) >= f2 (nan, 0x7fc0): False
  d (nan, 0x7ff8)
  ```

  Note: qemu-ppc handled float32 extension as it was not a NaN
  (exp=111..) but a normalized number.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1821515/+subscriptions



Re: [Qemu-devel] [RFT 0/4] Don't start virtqueues that are not enabled for vhost

2019-03-24 Thread Yuri Benditovich
Hi Jason,

This series does not do the job. Test case: tap, 4 queues, 2 CPU (so
only 2 queues are enabled)
For Q0 and Q1 vhost_net_start_one succeeds,
For Q2:
vhost_net_start_one calls vhost_dev_start (the call succeeds, does not
start queue that is not enabled),
then vhost_net_start_one calls vhost_net_set_backend, the call fails

Thanks,
Yuri

On Fri, Mar 22, 2019 at 11:28 AM Jason Wang  wrote:
>
> Hi:
>
> This series try to avoid starting virtqueue that is not enabled. This
> is done through querying it through a bus specific way and skip the
> virtqueues if not enabled when starting vhost virtqueues.
>
> Only PCI is implemented, maybe it's better to move the enable flag to
> virito genenic virtqueue structure.
>
> Yuri, Could you please to test this series to see if it solves the
> issues when using windows driver?
>
> Thanks
>
> Jason Wang (4):
>   virtio-bus: introduce a new method for querying the queue status
>   virtio-pci: set enabled for legacy device
>   virtio-pci: implement queue_enabled
>   vhost_net: don't start vhost for the virtqueue that is not enabled
>
>  hw/virtio/vhost.c  | 11 +++
>  hw/virtio/virtio-pci.c | 12 +++-
>  include/hw/virtio/virtio-bus.h |  4 
>  3 files changed, 26 insertions(+), 1 deletion(-)
>
> --
> 2.19.1
>



Re: [Qemu-devel] [qemu-s390x] [PATCH] hw/s390x: fix clang compilation on 32bit machines

2019-03-24 Thread Marcel Apfelbaum

Hi,

On 3/22/19 5:52 PM, Halil Pasic wrote:

On Mon, 18 Mar 2019 22:08:50 +0100
Philippe Mathieu-Daudé  wrote:


Le lun. 18 mars 2019 11:34, Marcel Apfelbaum  a
écrit :


Hi Christian,

On 3/18/19 11:27 AM, Christian Borntraeger wrote:

On 16.03.19 12:09, Philippe Mathieu-Daudé wrote:

Hi Marcel,

On 3/16/19 10:50 AM, Marcel Apfelbaum wrote:

Configuring QEMU with:
  configure --cc=clang --target-list=s390x-softmmu
And compiling it using a 32 bit machine leads to:

Because there sizeof(ram_addr_t) = sizeof(uintptr_t) = 32.


  v:27: error: implicit conversion from
'unsigned long long' to 'ram_addr_t' (aka 'unsigned int')

changes value

from 8796091973632 to 4293918720 [-Werror,-Wconstant-conversion]
  chunk = MIN(size, KVM_SLOT_MAX_BYTES);
~ ~~^~~

The comment 1 line earlier is:

  /* KVM does not allow memslots >= 8 TB */

Clang is correct, this KVM_SLOT_MAX_BYTES is incorrect on a 32bit s390,
you need a 64bit system.

Sorry guys for the long wait. We are decimated by flue at the moment.

IMHO Clang is wrong about this. The value put in chunk is guaranteed to
fit unsigned int.

Namely


static void s390_memory_init(ram_addr_t mem_size)
{
 MemoryRegion *sysmem = get_system_memory();
 ram_addr_t chunk, offset = 0;
 unsigned int number = 0;
 gchar *name;
 
 /* allocate RAM for core */

 name = g_strdup_printf("s390.ram");
 while (mem_size) {
 MemoryRegion *ram = g_new(MemoryRegion, 1);
 uint64_t size = mem_size;

The most significant 32 bits of size are zeros because mem_size
is effectively uint.
 
 /* KVM does not allow memslots >= 8 TB */

 chunk = MIN(size, KVM_SLOT_MAX_BYTES);

Thus the result of MIN() is guaranteed to fit into chunk despite of its
type being wider.


KVM is only supported on 64bit s390.


So maybe the fix I proposed is enough.


Enough to silent a warning due to a bug, as confirmed Christian KVM code
should be reachable on 32 bit hosts.
Safer would it be to fix the bug.



IMHO there is no bug! Thus I think Marcel's fix is sufficient. A simple
cast to ram_addr_t could be even simpler, but I did not check if that
silences Clang. @Marcel would you like to try that out?


I confirm casting the result of MIN(...) to ram_addr_t silences clang.


Per Hacking:

Use hwaddr for guest physical addresses except pcibus_t
for PCI addresses.  In addition, ram_addr_t is a QEMU internal

address

space that maps guest RAM physical addresses into an intermediate
address space that can map to host virtual address spaces.  Generally
speaking, the size of guest memory can always fit into ram_addr_t but
it would not be correct to store an actual guest physical address in

a

ram_addr_t.

My understanding is we should not use ram_addr_t with KVM but rather
hwaddr, but I'm not sure.

I tend to agree with you. The usage of the types is IMHO messy in the
function under discussion. But I'm not a memory guy, and I would hate to
make calls on this.


I don't know about s390, if 32bit host is supported or supports KVM.
If it is, maybe this could work:

I don't think the following is clean:

#if TARGET_LONG_BITS == 32
# define KVM_SLOT_MAX_BYTES RAM_ADDR_MAX
#else
# define KVM_SLOT_MAX_BYTES \
   ((KVM_MEM_MAX_NR_PAGES * TARGET_PAGE_SIZE) & SEG_MSK)
#endif

But checking ifdef CONFIG_KVM might be clever:

-- >8 --
@@ -161,7 +161,7 @@ static void virtio_ccw_register_hcalls(void)
   static void s390_memory_init(ram_addr_t mem_size)
   {
   MemoryRegion *sysmem = get_system_memory();
-ram_addr_t chunk, offset = 0;
+hwaddr offset = 0;
   unsigned int number = 0;
   gchar *name;

@@ -169,14 +169,16 @@ static void s390_memory_init(ram_addr_t mem_size)
   name = g_strdup_printf("s390.ram");
   while (mem_size) {
   MemoryRegion *ram = g_new(MemoryRegion, 1);
-uint64_t size = mem_size;
+uint64_t chunk_size = mem_size;

+#ifdef CONFIG_KVM
   /* KVM does not allow memslots >= 8 TB */
-chunk = MIN(size, KVM_SLOT_MAX_BYTES);
-memory_region_allocate_system_memory(ram, NULL, name, chunk);
+chunk_size = MIN(mem_size, KVM_SLOT_MAX_BYTES);
+#endif
+memory_region_allocate_system_memory(ram, NULL, name,

chunk_size);

   memory_region_add_subregion(sysmem, offset, ram);
-mem_size -= chunk;
-offset += chunk;
+mem_size -= chunk_size;
+offset += chunk_size;
   g_free(name);
   name = g_strdup_printf("s390.ram.%u", ++number);
   }
---

Anyway s390x experts will figure that out ;)

Given that I don't think there is a bug I would like any cleanup
done as a separate cleanup patch.

This snipped does seem to synchronize the formal and effective arguments
of m

  1   2   >