Re: [Qemu-devel] Using --enable-kvm fails with WindowsXP guest on an AMD host (works on Intel host)

[Antti Antinoja]

Tested with 4.14.105 kernel and the XP guest now boots fine with Qemu 3.1.0-r4.

My _guess_ is that this issue has something to do with changes made to kvm_amd 
module. 

Cheers,
Antti

On Sat, 20 Apr 2019 07:41:17 +0800
Antti Antinoja  wrote:

> Hi,
> 
> After upgrading host (Gentoo Linux) a Windows XP guest can't boot anymore.
> 
> Some findings while testing:
> 
> * XP image boots & works OK on an Intel machine (Gentoo Linux)
> ** qemu: 3.1.0-r4
> ** kernel: 5.0.7
> ** CPU: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
> 
> * XP image FAILS to boot on an AMD machine (Gentoo Linux)
> ** qemu: 3.1.0-r4
> ** kernel: 4.19.34
> ** CPU: AMD FX-6300 Six-Core Processor
> ** image boots OK if NOT using --enable-kvm
> 
> * XP image FAILS to boot on an AMD machine (Gentoo Linux)
> ** qemu: 3.1.0-r4 & 3.1.0-r1
> ** kernel: 4.19.34 & 5.0.7
> ** CPU: AMD Opteron(tm) Processor 4170 HE
> ** image boots OK if NOT using --enable-kvm
> ** The image worked OK on this machine with Qemu 2.12.1 & Kernel 4.18.20
> 
> Booting to Safe Mode fails too (on mentioned AMD machines with --enbale-kvm). 
> 
> Trying various -cpu options on the AMD machines didn't seem to help either 
> (qemu64, pentium3, etc).
> 
> There are no errors visible on the host (kernel logs etc clean). The guest 
> boot just interrupts on very early state and Windows safe mode menu will loop 
> forever.
> 
> All Linux VM's are working without issues.
> 
> Cheers,
> Antti
> 
> -- 
> Antti Antinoja 
> 


-- 
Antti Antinoja 

[Qemu-devel] [Bug 1824053] Re: Qemu-img convert appears to be stuck on aarch64 host with low probability

[贞贵李]

** Description changed:

  Hi,  I found a problem that qemu-img convert appears to be stuck on
  aarch64 host with low probability.
  
  The convert command  line is  "qemu-img convert -f qcow2 -O raw
  disk.qcow2 disk.raw ".
  
  The bt is below:
  
  Thread 2 (Thread 0x4b776e50 (LWP 27215)):
  #0  0x4a3f2994 in sigtimedwait () from /lib64/libc.so.6
  #1  0x4a39c60c in sigwait () from /lib64/libpthread.so.0
  #2  0xaae82610 in sigwait_compat (opaque=0xc5163b00) at 
util/compatfd.c:37
  #3  0xaae85038 in qemu_thread_start (args=args@entry=0xc5163b90) 
at util/qemu_thread_posix.c:496
  #4  0x4a3918bc in start_thread () from /lib64/libpthread.so.0
  #5  0x4a492b2c in thread_start () from /lib64/libc.so.6
  
  Thread 1 (Thread 0x4b573370 (LWP 27214)):
  #0  0x4a489020 in ppoll () from /lib64/libc.so.6
  #1  0xaadaefc0 in ppoll (__ss=0x0, __timeout=0x0, __nfds=, __fds=) at /usr/include/bits/poll2.h:77
  #2  qemu_poll_ns (fds=, nfds=, 
timeout=) at qemu_timer.c:391
  #3  0xaadae014 in os_host_main_loop_wait (timeout=) at 
main_loop.c:272
  #4  0xaadae190 in main_loop_wait (nonblocking=) at 
main_loop.c:534
  #5  0xaad97be0 in convert_do_copy (s=0xdc32eb48) at 
qemu-img.c:1923
  #6  0xaada2d70 in img_convert (argc=, argv=) at qemu-img.c:2414
  #7  0xaad99ac4 in main (argc=7, argv=) at 
qemu-img.c:5305
  
- 
- The problem seems to be very similar to the phenomenon described by this 
patch 
(https://resources.ovirt.org/pub/ovirt-4.1/src/qemu-kvm-ev/0025-aio_notify-force-main-loop-wakeup-with-SIGIO-aarch64.patch),
 
+ The problem seems to be very similar to the phenomenon described by this
+ patch (https://resources.ovirt.org/pub/ovirt-4.1/src/qemu-kvm-ev/0025
+ -aio_notify-force-main-loop-wakeup-with-SIGIO-aarch64.patch),
  
  which force main loop wakeup with SIGIO.  But this patch was reverted by
  the patch (http://ovirt.repo.nfrance.com/src/qemu-kvm-ev/kvm-Revert-
  aio_notify-force-main-loop-wakeup-with-SIGIO-.patch).
  
- The problem still seems to exist in aarch64 host. The qemu version I used is 
2.8.1. The host version is 4.19.28-1.2.108.aarch64.
-  Do you have any solutions to fix it?  Thanks for your reply !
+ I can reproduce this problem with qemu.git/matser. It still exists in 
qemu.git/matser. I found that when an IO return in
+ worker threads and want to call aio_notify to wake up main_loop, but it found 
that ctx->notify_me is cleared to 0 by main_loop in aio_ctx_check by calling 
atomic_and(>notify_me, ~1) . So worker thread won't write enventfd to 
notify main_loop. If such a scene happens, the main_loop will hang:
+ main loopworker thread1 
worker thread2
+ 
--
   
+  qemu_poll_ns aio_worker
+ qemu_bh_schedule(pool->completion_bh) 
 
+ glib_pollfds_poll
+ g_main_context_check
+ aio_ctx_check 
aio_worker  
  
+ atomic_and(>notify_me, ~1) 
qemu_bh_schedule(pool->completion_bh)  
+   
 
+ /* do something for event */   
+ qemu_poll_ns
+ /* hangs !!!*/
+ 
+ As we known ,ctx->notify_me will be visited by worker thread and main
+ loop. I thank we should add a lock protection for ctx->notify_me to
+ avoid this happend.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1824053

Title:
  Qemu-img convert appears to be stuck on aarch64 host with low
  probability

Status in QEMU:
  Confirmed

Bug description:
  Hi,  I found a problem that qemu-img convert appears to be stuck on
  aarch64 host with low probability.

  The convert command  line is  "qemu-img convert -f qcow2 -O raw
  disk.qcow2 disk.raw ".

  The bt is below:

  Thread 2 (Thread 0x4b776e50 (LWP 27215)):
  #0  0x4a3f2994 in sigtimedwait () from /lib64/libc.so.6
  #1  0x4a39c60c in sigwait () from /lib64/libpthread.so.0
  #2  0xaae82610 in sigwait_compat (opaque=0xc5163b00) at 
util/compatfd.c:37
  #3  0xaae85038 in qemu_thread_start (args=args@entry=0xc5163b90) 
at util/qemu_thread_posix.c:496
  #4  0x4a3918bc in start_thread () from /lib64/libpthread.so.0
  #5  0x4a492b2c in thread_start () from /lib64/libc.so.6

  Thread 1 (Thread 0x4b573370 (LWP 27214)):
  #0  0x4a489020 in ppoll () from /lib64/libc.so.6
  #1  0xaadaefc0 in ppoll (__ss=0x0, __timeout=0x0, __nfds=, __fds=) at /usr/include/bits/poll2.h:77
  #2  

[Qemu-devel] [Bug 1824053] Re: Qemu-img convert appears to be stuck on aarch64 host with low probability

[贞贵李]

I can reproduce this problem with qemu.git/matser. It still exists in 
qemu.git/matser. I found that when an IO return in
worker threads and want to call aio_notify to wake up main_loop, but it found 
that ctx->notify_me is cleared to 0 by main_loop in aio_ctx_check by calling 
atomic_and(>notify_me, ~1) . So worker thread won't write enventfd to 
notify main_loop. If such a scene happens, the main_loop will hang:

   main loop   worker thread1   
  worker thread2
-

 qemu_poll_nsaio_worker
qemu_bh_schedule(pool->completion_bh)   
   
glib_pollfds_poll
g_main_context_check
aio_ctx_check   
  aio_worker
   
atomic_and(>notify_me, ~1) 
  
   
qemu_bh_schedule(pool->completion_bh)
/* do something for event */   
qemu_poll_ns
/* hangs !!!*/  


As we known ,ctx->notify_me will be visited by worker thread and main loop. I 
thank we should add a lock protection for ctx->notify_me to avoid this happend.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1824053

Title:
  Qemu-img convert appears to be stuck on aarch64 host with low
  probability

Status in QEMU:
  Confirmed

Bug description:
  Hi,  I found a problem that qemu-img convert appears to be stuck on
  aarch64 host with low probability.

  The convert command  line is  "qemu-img convert -f qcow2 -O raw
  disk.qcow2 disk.raw ".

  The bt is below:

  Thread 2 (Thread 0x4b776e50 (LWP 27215)):
  #0  0x4a3f2994 in sigtimedwait () from /lib64/libc.so.6
  #1  0x4a39c60c in sigwait () from /lib64/libpthread.so.0
  #2  0xaae82610 in sigwait_compat (opaque=0xc5163b00) at 
util/compatfd.c:37
  #3  0xaae85038 in qemu_thread_start (args=args@entry=0xc5163b90) 
at util/qemu_thread_posix.c:496
  #4  0x4a3918bc in start_thread () from /lib64/libpthread.so.0
  #5  0x4a492b2c in thread_start () from /lib64/libc.so.6

  Thread 1 (Thread 0x4b573370 (LWP 27214)):
  #0  0x4a489020 in ppoll () from /lib64/libc.so.6
  #1  0xaadaefc0 in ppoll (__ss=0x0, __timeout=0x0, __nfds=, __fds=) at /usr/include/bits/poll2.h:77
  #2  qemu_poll_ns (fds=, nfds=, 
timeout=) at qemu_timer.c:391
  #3  0xaadae014 in os_host_main_loop_wait (timeout=) at 
main_loop.c:272
  #4  0xaadae190 in main_loop_wait (nonblocking=) at 
main_loop.c:534
  #5  0xaad97be0 in convert_do_copy (s=0xdc32eb48) at 
qemu-img.c:1923
  #6  0xaada2d70 in img_convert (argc=, argv=) at qemu-img.c:2414
  #7  0xaad99ac4 in main (argc=7, argv=) at 
qemu-img.c:5305

  
  The problem seems to be very similar to the phenomenon described by this 
patch 
(https://resources.ovirt.org/pub/ovirt-4.1/src/qemu-kvm-ev/0025-aio_notify-force-main-loop-wakeup-with-SIGIO-aarch64.patch),
 

  which force main loop wakeup with SIGIO.  But this patch was reverted
  by the patch (http://ovirt.repo.nfrance.com/src/qemu-kvm-ev/kvm-
  Revert-aio_notify-force-main-loop-wakeup-with-SIGIO-.patch).

  The problem still seems to exist in aarch64 host. The qemu version I used is 
2.8.1. The host version is 4.19.28-1.2.108.aarch64.
   Do you have any solutions to fix it?  Thanks for your reply !

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1824053/+subscriptions

[Qemu-devel] [PATCH v1 5/6] target/riscv: Deprecate the generic no MMU CPUs

[Alistair Francis]

These can now be specified via the command line so we no longer need
these.

Signed-off-by: Alistair Francis 
---
 qemu-deprecated.texi | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
index 92ce909e50..d01fdf9907 100644
--- a/qemu-deprecated.texi
+++ b/qemu-deprecated.texi
@@ -137,6 +137,12 @@ four CPUs are: ``rv32gcsu-v1.9.1``, ``rv32gcsu-v1.10.0``, 
``rv64gcsu-v1.9.1`` an
 ``rv64gcsu-v1.10.0``. Instead the version can be specified via the CPU 
``priv_spec``
 option when using the ``rv32`` or ``rv64`` CPUs.
 
+@subsection RISC-V ISA CPUs (since 4.1)
+
+The RISC-V no MMU cpus have been depcreated. The two CPUs: ``rv32imacu-nommu`` 
and
+``rv64imacu-nommu`` should no longer be used. Instead the MMU status can be 
specified
+via the CPU ``mmu`` option when using the ``rv32`` or ``rv64`` CPUs.
+
 @section System emulator devices
 
 @subsection bluetooth (since 3.1)
-- 
2.21.0

[Qemu-devel] [PATCH v1 8/8] target/riscv: Add the HGATP register masks

[Alistair Francis]

Signed-off-by: Alistair Francis 
---
 target/riscv/cpu_bits.h | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index a179137bc1..dc9d53d4be 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -208,6 +208,17 @@
 #define CSR_HIDELEG 0xa03
 #define CSR_HGATP   0xa80
 
+#if defined(TARGET_RISCV32)
+#define HGATP_MODE   SATP32_MODE
+#define HGATP_ASID   SATP32_ASID
+#define HGATP_PPNSATP32_PPN
+#endif
+#if defined(TARGET_RISCV64)
+#define HGATP_MODE   SATP64_MODE
+#define HGATP_ASID   SATP64_ASID
+#define HGATP_PPNSATP64_PPN
+#endif
+
 /* Performance Counters */
 #define CSR_MHPMCOUNTER30xb03
 #define CSR_MHPMCOUNTER40xb04
-- 
2.21.0

[Qemu-devel] [PATCH v1 6/6] riscv: spike: Add a generic spike machine

[Alistair Francis]

Add a generic spike machine (not tied to a version) and deprecate the
spike mahines that are tied to a specific version. As we can now specify
the CPU via the command line we no londer need specific versions of the
spike machines.

Signed-off-by: Alistair Francis 
Acked-by: Igor Mammedov 
---
 hw/riscv/spike.c | 106 ++-
 qemu-deprecated.texi |   6 +++
 2 files changed, 111 insertions(+), 1 deletion(-)

diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index 2a000a5800..5b33d4be3b 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -39,6 +39,7 @@
 #include "chardev/char.h"
 #include "sysemu/arch_init.h"
 #include "sysemu/device_tree.h"
+#include "sysemu/qtest.h"
 #include "exec/address-spaces.h"
 #include "elf.h"
 
@@ -160,7 +161,89 @@ static void create_fdt(SpikeState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_add_subnode(fdt, "/chosen");
 qemu_fdt_setprop_string(fdt, "/chosen", "bootargs", cmdline);
 }
- }
+}
+
+static void spike_board_init(MachineState *machine)
+{
+const struct MemmapEntry *memmap = spike_memmap;
+
+SpikeState *s = g_new0(SpikeState, 1);
+MemoryRegion *system_memory = get_system_memory();
+MemoryRegion *main_mem = g_new(MemoryRegion, 1);
+MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
+int i;
+
+/* Initialize SOC */
+object_initialize_child(OBJECT(machine), "soc", >soc, sizeof(s->soc),
+TYPE_RISCV_HART_ARRAY, _abort, NULL);
+object_property_set_str(OBJECT(>soc), machine->cpu_type, "cpu-type",
+_abort);
+object_property_set_int(OBJECT(>soc), smp_cpus, "num-harts",
+_abort);
+object_property_set_bool(OBJECT(>soc), true, "realized",
+_abort);
+
+/* register system main memory (actual RAM) */
+memory_region_init_ram(main_mem, NULL, "riscv.spike.ram",
+   machine->ram_size, _fatal);
+memory_region_add_subregion(system_memory, memmap[SPIKE_DRAM].base,
+main_mem);
+
+/* create device tree */
+create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
+
+/* boot rom */
+memory_region_init_rom(mask_rom, NULL, "riscv.spike.mrom",
+   memmap[SPIKE_MROM].size, _fatal);
+memory_region_add_subregion(system_memory, memmap[SPIKE_MROM].base,
+mask_rom);
+
+if (machine->kernel_filename) {
+load_kernel(machine->kernel_filename);
+}
+
+/* reset vector */
+uint32_t reset_vec[8] = {
+0x0297,  /* 1:  auipc  t0, %pcrel_hi(dtb) */
+0x02028593,  /* addi   a1, t0, %pcrel_lo(1b) */
+0xf1402573,  /* csrr   a0, mhartid  */
+#if defined(TARGET_RISCV32)
+0x0182a283,  /* lw t0, 24(t0) */
+#elif defined(TARGET_RISCV64)
+0x0182b283,  /* ld t0, 24(t0) */
+#endif
+0x00028067,  /* jr t0 */
+0x,
+memmap[SPIKE_DRAM].base, /* start: .dword DRAM_BASE */
+0x,
+ /* dtb: */
+};
+
+/* copy in the reset vector in little_endian byte order */
+for (i = 0; i < sizeof(reset_vec) >> 2; i++) {
+reset_vec[i] = cpu_to_le32(reset_vec[i]);
+}
+rom_add_blob_fixed_as("mrom.reset", reset_vec, sizeof(reset_vec),
+  memmap[SPIKE_MROM].base, _space_memory);
+
+/* copy in the device tree */
+if (fdt_pack(s->fdt) || fdt_totalsize(s->fdt) >
+memmap[SPIKE_MROM].size - sizeof(reset_vec)) {
+error_report("not enough space to store device-tree");
+exit(1);
+}
+qemu_fdt_dumpdtb(s->fdt, fdt_totalsize(s->fdt));
+rom_add_blob_fixed_as("mrom.fdt", s->fdt, fdt_totalsize(s->fdt),
+  memmap[SPIKE_MROM].base + sizeof(reset_vec),
+  _space_memory);
+
+/* initialize HTIF using symbols found in load_kernel */
+htif_mm_init(system_memory, mask_rom, >soc.harts[0].env, serial_hd(0));
+
+/* Core Local Interruptor (timer and IPI) */
+sifive_clint_create(memmap[SPIKE_CLINT].base, memmap[SPIKE_CLINT].size,
+smp_cpus, SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE);
+}
 
 static void spike_v1_10_0_board_init(MachineState *machine)
 {
@@ -172,6 +255,12 @@ static void spike_v1_10_0_board_init(MachineState *machine)
 MemoryRegion *mask_rom = g_new(MemoryRegion, 1);
 int i;
 
+if (!qtest_enabled()) {
+info_report("The Spike v1.10.0 machine has been deprecated. "
+"Please use the generic spike machine and specify the ISA "
+"versions using -cpu.");
+}
+
 /* Initialize SOC */
 object_initialize_child(OBJECT(machine), "soc", >soc, sizeof(s->soc),
 TYPE_RISCV_HART_ARRAY, 

[Qemu-devel] [PATCH v1 3/8] target/riscv: Improve the scause logic

[Alistair Francis]

No functional change, just making the code easier to read.

Signed-off-by: Alistair Francis 
---
 target/riscv/cpu_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 582d58aad9..e7d9dd95cc 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -525,7 +525,7 @@ void riscv_cpu_do_interrupt(CPUState *cs)
 s = set_field(s, MSTATUS_SPP, env->priv);
 s = set_field(s, MSTATUS_SIE, 0);
 env->mstatus = s;
-env->scause = cause | ~(((target_ulong)-1) >> async);
+env->scause = cause | ((target_ulong)async << (TARGET_LONG_BITS - 1));
 env->sepc = env->pc;
 env->sbadaddr = tval;
 env->pc = (env->stvec >> 2 << 2) +
-- 
2.21.0

[Qemu-devel] [PATCH v1 4/8] target/riscv: Add the MPV and MTL mstatus bits

[Alistair Francis]

Signed-off-by: Alistair Francis 
---
 target/riscv/cpu_bits.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 945aa8dbb8..fe7164754b 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -316,14 +316,11 @@
 /* mstatus CSR bits */
 #define MSTATUS_UIE 0x0001
 #define MSTATUS_SIE 0x0002
-#define MSTATUS_HIE 0x0004
 #define MSTATUS_MIE 0x0008
 #define MSTATUS_UPIE0x0010
 #define MSTATUS_SPIE0x0020
-#define MSTATUS_HPIE0x0040
 #define MSTATUS_MPIE0x0080
 #define MSTATUS_SPP 0x0100
-#define MSTATUS_HPP 0x0600
 #define MSTATUS_MPP 0x1800
 #define MSTATUS_FS  0x6000
 #define MSTATUS_XS  0x00018000
@@ -335,6 +332,8 @@
 #define MSTATUS_TVM 0x0010 /* since: priv-1.10 */
 #define MSTATUS_TW  0x2000 /* since: priv-1.10 */
 #define MSTATUS_TSR 0x4000 /* since: priv-1.10 */
+#define MSTATUS_MTL 0x40ULL
+#define MSTATUS_MPV 0x80ULL
 
 #define MSTATUS64_UXL   0x0003ULL
 #define MSTATUS64_SXL   0x000CULL
-- 
2.21.0

[Qemu-devel] [PATCH v1 7/8] target/riscv: Add the HSTATUS register masks

[Alistair Francis]

Signed-off-by: Alistair Francis 
---
 target/riscv/cpu_bits.h | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 52c2169977..a179137bc1 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -382,6 +382,24 @@
 #define SSTATUS_SD SSTATUS64_SD
 #endif
 
+/* hstatus CSR bits */
+#define HSTATUS_SPRV 0x0001
+#define HSTATUS_STL  0x0040
+#define HSTATUS_SPV  0x0080
+#define HSTATUS_SP2P 0x0100
+#define HSTATUS_SP2V 0x0200
+#define HSTATUS_VTVM 0x0010
+#define HSTATUS_VTSR 0x0040
+
+#define HSTATUS32_WPRI   0xFF8FF87E
+#define HSTATUS64_WPRI   0xFF8FF87EULL
+
+#if defined(TARGET_RISCV32)
+#define HSTATUS_WPRI HSTATUS32_WPRI
+#elif defined(TARGET_RISCV64)
+#define HSTATUS_WPRI HSTATUS64_WPRI
+#endif
+
 /* Privilege modes */
 #define PRV_U 0
 #define PRV_S 1
-- 
2.21.0

[Qemu-devel] [PATCH v1 2/8] target/riscv: Trigger interrupt on MIP update asynchronously

[Alistair Francis]

The requirement of holding the iothread_mutex is burdersome when
swapping the background and foreground registers in the Hypervisor
extension. To avoid the requrirement let's set the interrupt
asynchronously.

Signed-off-by: Alistair Francis 
---
 target/riscv/cpu_helper.c | 33 +++--
 target/riscv/csr.c|  2 --
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index b17f169681..582d58aad9 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -82,10 +82,31 @@ int riscv_cpu_claim_interrupts(RISCVCPU *cpu, uint32_t 
interrupts)
 }
 }
 
-/* iothread_mutex must be held */
+struct CpuAsyncInfo {
+uint32_t new_mip;
+};
+
+static void riscv_cpu_update_mip_irqs_async(CPUState *target_cpu_state,
+run_on_cpu_data data)
+{
+CPURISCVState *env = _CPU(target_cpu_state)->env;
+RISCVCPU *cpu = riscv_env_get_cpu(env);
+struct CpuAsyncInfo *info = (struct CpuAsyncInfo *) data.host_ptr;
+
+if (info->new_mip) {
+cpu_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
+} else {
+cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
+}
+
+g_free(info);
+}
+
 uint32_t riscv_cpu_update_mip(RISCVCPU *cpu, uint32_t mask, uint32_t value)
 {
 CPURISCVState *env = >env;
+CPUState *cs = CPU(cpu);
+struct CpuAsyncInfo *info;
 uint32_t old, new, cmp = atomic_read(>mip);
 
 do {
@@ -94,11 +115,11 @@ uint32_t riscv_cpu_update_mip(RISCVCPU *cpu, uint32_t 
mask, uint32_t value)
 cmp = atomic_cmpxchg(>mip, old, new);
 } while (old != cmp);
 
-if (new) {
-cpu_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
-} else {
-cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
-}
+info = g_new(struct CpuAsyncInfo, 1);
+info->new_mip = new;
+
+async_run_on_cpu(cs, riscv_cpu_update_mip_irqs_async,
+ RUN_ON_CPU_HOST_PTR(info));
 
 return old;
 }
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index e1d91b6c60..f9d8d150e0 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -555,9 +555,7 @@ static int rmw_mip(CPURISCVState *env, int csrno, 
target_ulong *ret_value,
 uint32_t old_mip;
 
 if (mask) {
-qemu_mutex_lock_iothread();
 old_mip = riscv_cpu_update_mip(cpu, mask, (new_value & mask));
-qemu_mutex_unlock_iothread();
 } else {
 old_mip = atomic_read(>mip);
 }
-- 
2.21.0

[Qemu-devel] [PATCH v1 5/8] target/riscv: Allow setting mstatus virtulisation bits

[Alistair Francis]

Signed-off-by: Alistair Francis 
---
 target/riscv/csr.c | 17 -
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index f9d8d150e0..e6d68a9956 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -290,7 +290,6 @@ static int write_mstatus(CPURISCVState *env, int csrno, 
target_ulong val)
 {
 target_ulong mstatus = env->mstatus;
 target_ulong mask = 0;
-target_ulong mpp = get_field(val, MSTATUS_MPP);
 
 /* flush tlb on mstatus fields that affect VM */
 if (env->priv_ver <= PRIV_VERSION_1_09_1) {
@@ -305,7 +304,7 @@ static int write_mstatus(CPURISCVState *env, int csrno, 
target_ulong val)
 MSTATUS_VM : 0);
 }
 if (env->priv_ver >= PRIV_VERSION_1_10_0) {
-if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPP |
+if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPP | MSTATUS_MPV |
 MSTATUS_MPRV | MSTATUS_SUM)) {
 tlb_flush(CPU(riscv_env_get_cpu(env)));
 }
@@ -313,13 +312,13 @@ static int write_mstatus(CPURISCVState *env, int csrno, 
target_ulong val)
 MSTATUS_SPP | MSTATUS_FS | MSTATUS_MPRV | MSTATUS_SUM |
 MSTATUS_MPP | MSTATUS_MXR | MSTATUS_TVM | MSTATUS_TSR |
 MSTATUS_TW;
-}
-
-/* silenty discard mstatus.mpp writes for unsupported modes */
-if (mpp == PRV_H ||
-(!riscv_has_ext(env, RVS) && mpp == PRV_S) ||
-(!riscv_has_ext(env, RVU) && mpp == PRV_U)) {
-mask &= ~MSTATUS_MPP;
+#if defined(TARGET_RISCV64)
+/*
+ * RV32: MPV and MTL are not in mstatus. The current plan is to
+ * add them to mstatush. For now, we just don't support it.
+ */
+mask |= MSTATUS_MPP | MSTATUS_MPV;
+#endif
 }
 
 mstatus = (mstatus & ~mask) | (val & mask);
-- 
2.21.0

[Qemu-devel] [PATCH v1 6/8] target/riscv: Add Hypervisor CSR macros

[Alistair Francis]

Add the 1.10.1 Hypervisor CSRs and remove the 1.9.1 spec versions.

Signed-off-by: Alistair Francis 
---
 target/riscv/cpu_bits.h | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index fe7164754b..52c2169977 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -202,6 +202,12 @@
 #define CSR_DPC 0x7b1
 #define CSR_DSCRATCH0x7b2
 
+/* Hpervisor CSRs */
+#define CSR_HSTATUS 0xa00
+#define CSR_HEDELEG 0xa02
+#define CSR_HIDELEG 0xa03
+#define CSR_HGATP   0xa80
+
 /* Performance Counters */
 #define CSR_MHPMCOUNTER30xb03
 #define CSR_MHPMCOUNTER40xb04
@@ -292,9 +298,6 @@
 #define CSR_MHPMCOUNTER31H  0xb9f
 
 /* Legacy Hypervisor Trap Setup (priv v1.9.1) */
-#define CSR_HSTATUS 0x200
-#define CSR_HEDELEG 0x202
-#define CSR_HIDELEG 0x203
 #define CSR_HIE 0x204
 #define CSR_HTVEC   0x205
 
-- 
2.21.0

[Qemu-devel] [PATCH v1 1/8] target/riscv: Mark privilege level 2 as reserved

[Alistair Francis]

Signed-off-by: Alistair Francis 
---
 target/riscv/cpu_bits.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 7180fccf54..945aa8dbb8 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -383,7 +383,7 @@
 /* Privilege modes */
 #define PRV_U 0
 #define PRV_S 1
-#define PRV_H 2
+#define PRV_H 2 /* Reserved */
 #define PRV_M 3
 
 /* RV32 satp CSR field masks */
-- 
2.21.0

[Qemu-devel] [PATCH v1 4/6] target/riscv: Add a base 32 and 64 bit CPU

[Alistair Francis]

At the same time deprecate the ISA string CPUs.

It is dobtful anyone specifies the CPUs, but we are keeping them for the
Spike machine (which is about to be depreated) so we may as well just
mark them as deprecated.

Signed-off-by: Alistair Francis 
---
 include/hw/riscv/virt.h |  4 ++--
 qemu-deprecated.texi|  9 +
 target/riscv/cpu.c  | 14 ++
 target/riscv/cpu.h  |  2 ++
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/include/hw/riscv/virt.h b/include/hw/riscv/virt.h
index 568764b570..d01a1a85c4 100644
--- a/include/hw/riscv/virt.h
+++ b/include/hw/riscv/virt.h
@@ -74,9 +74,9 @@ enum {
FDT_PLIC_ADDR_CELLS + FDT_PLIC_INT_CELLS)
 
 #if defined(TARGET_RISCV32)
-#define VIRT_CPU TYPE_RISCV_CPU_RV32GCSU_V1_10_0
+#define VIRT_CPU TYPE_RISCV_CPU_BASE32
 #elif defined(TARGET_RISCV64)
-#define VIRT_CPU TYPE_RISCV_CPU_RV64GCSU_V1_10_0
+#define VIRT_CPU TYPE_RISCV_CPU_BASE64
 #endif
 
 #endif
diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
index 842e71b11d..92ce909e50 100644
--- a/qemu-deprecated.texi
+++ b/qemu-deprecated.texi
@@ -128,6 +128,15 @@ The ``acl_show'', ``acl_reset'', ``acl_policy'', 
``acl_add'', and
 ``acl_remove'' commands are deprecated with no replacement. Authorization
 for VNC should be performed using the pluggable QAuthZ objects.
 
+@section System emulator CPUS
+
+@subsection RISC-V ISA CPUs (since 4.1)
+
+The RISC-V cpus with the ISA version in the CPU name have been depcreated. The
+four CPUs are: ``rv32gcsu-v1.9.1``, ``rv32gcsu-v1.10.0``, ``rv64gcsu-v1.9.1`` 
and
+``rv64gcsu-v1.10.0``. Instead the version can be specified via the CPU 
``priv_spec``
+option when using the ``rv32`` or ``rv64`` CPUs.
+
 @section System emulator devices
 
 @subsection bluetooth (since 3.1)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 8f14fb8a1f..a3431d66a3 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -114,6 +114,12 @@ static void riscv_any_cpu_init(Object *obj)
 
 #if defined(TARGET_RISCV32)
 
+static void riscv_base32_cpu_init(Object *obj)
+{
+CPURISCVState *env = _CPU(obj)->env;
+set_misa(env, RV32 | RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
+}
+
 static void rv32gcsu_priv1_09_1_cpu_init(Object *obj)
 {
 CPURISCVState *env = _CPU(obj)->env;
@@ -145,6 +151,12 @@ static void rv32imacu_nommu_cpu_init(Object *obj)
 
 #elif defined(TARGET_RISCV64)
 
+static void riscv_base64_cpu_init(Object *obj)
+{
+CPURISCVState *env = _CPU(obj)->env;
+set_misa(env, RV64 | RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
+}
+
 static void rv64gcsu_priv1_09_1_cpu_init(Object *obj)
 {
 CPURISCVState *env = _CPU(obj)->env;
@@ -490,12 +502,14 @@ static const TypeInfo riscv_cpu_type_infos[] = {
 },
 DEFINE_CPU(TYPE_RISCV_CPU_ANY,  riscv_any_cpu_init),
 #if defined(TARGET_RISCV32)
+DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   riscv_base32_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_RV32GCSU_V1_09_1, rv32gcsu_priv1_09_1_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_RV32GCSU_V1_10_0, rv32gcsu_priv1_10_0_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_RV32IMACU_NOMMU,  rv32imacu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rv32imacu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   rv32gcsu_priv1_10_0_cpu_init)
 #elif defined(TARGET_RISCV64)
+DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base64_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_RV64GCSU_V1_09_1, rv64gcsu_priv1_09_1_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_RV64GCSU_V1_10_0, rv64gcsu_priv1_10_0_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_RV64IMACU_NOMMU,  rv64imacu_nommu_cpu_init),
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 6321983584..a2c1a9af0a 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -48,6 +48,8 @@
 #define CPU_RESOLVING_TYPE TYPE_RISCV_CPU
 
 #define TYPE_RISCV_CPU_ANY  RISCV_CPU_TYPE_NAME("any")
+#define TYPE_RISCV_CPU_BASE32   RISCV_CPU_TYPE_NAME("rv32")
+#define TYPE_RISCV_CPU_BASE64   RISCV_CPU_TYPE_NAME("rv64")
 #define TYPE_RISCV_CPU_RV32GCSU_V1_09_1 RISCV_CPU_TYPE_NAME("rv32gcsu-v1.9.1")
 #define TYPE_RISCV_CPU_RV32GCSU_V1_10_0 RISCV_CPU_TYPE_NAME("rv32gcsu-v1.10.0")
 #define TYPE_RISCV_CPU_RV32IMACU_NOMMU  RISCV_CPU_TYPE_NAME("rv32imacu-nommu")
-- 
2.21.0

[Qemu-devel] [PATCH v1 0/8] RISC-V: Add some prep patches for the Hypervisor

[Alistair Francis]

Alistair Francis (8):
  target/riscv: Mark privilege level 2 as reserved
  target/riscv: Trigger interrupt on MIP update asynchronously
  target/riscv: Improve the scause logic
  target/riscv: Add the MPV and MTL mstatus bits
  target/riscv: Allow setting mstatus virtulisation bits
  target/riscv: Add Hypervisor CSR macros
  target/riscv: Add the HSTATUS register masks
  target/riscv: Add the HGATP register masks

 target/riscv/cpu_bits.h   | 45 +--
 target/riscv/cpu_helper.c | 35 --
 target/riscv/csr.c| 19 +++--
 3 files changed, 74 insertions(+), 25 deletions(-)

-- 
2.21.0

[Qemu-devel] [PATCH v1 2/6] riscv: virt: Allow specifying a CPU via commandline

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reviewed-by: Igor Mammedov 
---
 hw/riscv/virt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index fc4c6b306e..5b25f028ad 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -400,7 +400,7 @@ static void riscv_virt_board_init(MachineState *machine)
 /* Initialize SOC */
 object_initialize_child(OBJECT(machine), "soc", >soc, sizeof(s->soc),
 TYPE_RISCV_HART_ARRAY, _abort, NULL);
-object_property_set_str(OBJECT(>soc), VIRT_CPU, "cpu-type",
+object_property_set_str(OBJECT(>soc), machine->cpu_type, "cpu-type",
 _abort);
 object_property_set_int(OBJECT(>soc), smp_cpus, "num-harts",
 _abort);
@@ -526,6 +526,7 @@ static void riscv_virt_board_machine_init(MachineClass *mc)
 mc->desc = "RISC-V VirtIO Board (Privileged ISA v1.10)";
 mc->init = riscv_virt_board_init;
 mc->max_cpus = 8; /* hardcoded limit in BBL */
+mc->default_cpu_type = VIRT_CPU;
 }
 
 DEFINE_MACHINE("virt", riscv_virt_board_machine_init)
-- 
2.21.0

[Qemu-devel] [PATCH v1 1/6] linux-user/riscv: Add the CPU type as a comment

[Alistair Francis]

Signed-off-by: Alistair Francis 
---
 linux-user/riscv/target_elf.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux-user/riscv/target_elf.h b/linux-user/riscv/target_elf.h
index a6716a6aac..9dd65652ee 100644
--- a/linux-user/riscv/target_elf.h
+++ b/linux-user/riscv/target_elf.h
@@ -9,6 +9,7 @@
 #define RISCV_TARGET_ELF_H
 static inline const char *cpu_get_model(uint32_t eflags)
 {
+/* TYPE_RISCV_CPU_ANY */
 return "any";
 }
 #endif
-- 
2.21.0

[Qemu-devel] [PATCH v1 0/6] RISC-V: Add properties to the CPUs

[Alistair Francis]

This series is based on the previous "RISC-V: Allow specifying CPU ISA
via command line" series. This series does not allow custom ISA
extensions instead it just allows other property setting.

This series allows users to specify spec versions, MMU support and PMP
support from the command line.

This series depreates some existing CPUs and machines as they are no
longer required.

Alistair Francis (6):
  linux-user/riscv: Add the CPU type as a comment
  riscv: virt: Allow specifying a CPU via commandline
  target/riscv: Create settable CPU properties
  target/riscv: Add a base 32 and 64 bit CPU
  target/riscv: Deprecate the generic no MMU CPUs
  riscv: spike: Add a generic spike machine

 hw/riscv/spike.c  | 106 +-
 hw/riscv/virt.c   |   3 +-
 include/hw/riscv/virt.h   |   4 +-
 linux-user/riscv/target_elf.h |   1 +
 qemu-deprecated.texi  |  21 +++
 target/riscv/cpu.c|  63 
 target/riscv/cpu.h|  10 
 7 files changed, 204 insertions(+), 4 deletions(-)

-- 
2.21.0

[Qemu-devel] [PATCH v1 3/6] target/riscv: Create settable CPU properties

[Alistair Francis]

Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.c | 49 ++
 target/riscv/cpu.h |  8 
 2 files changed, 57 insertions(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index d61bce6d55..8f14fb8a1f 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -22,6 +22,7 @@
 #include "cpu.h"
 #include "exec/exec-all.h"
 #include "qapi/error.h"
+#include "hw/qdev-properties.h"
 #include "migration/vmstate.h"
 
 /* RISC-V CPU definitions */
@@ -296,7 +297,11 @@ static void riscv_cpu_disas_set_info(CPUState *s, 
disassemble_info *info)
 static void riscv_cpu_realize(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
+RISCVCPU *cpu = RISCV_CPU(dev);
+CPURISCVState *env = >env;
 RISCVCPUClass *mcc = RISCV_CPU_GET_CLASS(dev);
+int priv_version = PRIV_VERSION_1_10_0;
+int user_version = USER_VERSION_2_02_0;
 Error *local_err = NULL;
 
 cpu_exec_realizefn(cs, _err);
@@ -305,6 +310,41 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
+if (cpu->cfg.priv_spec) {
+if (!g_strcmp0(cpu->cfg.priv_spec, "v1.10.0")) {
+priv_version = PRIV_VERSION_1_10_0;
+} else if (!g_strcmp0(cpu->cfg.priv_spec, "v1.9.1")) {
+priv_version = PRIV_VERSION_1_09_1;
+} else {
+error_setg(errp,
+   "Unsupported privilege spec version '%s'",
+   cpu->cfg.priv_spec);
+return;
+}
+}
+
+if (cpu->cfg.user_spec) {
+if (!g_strcmp0(cpu->cfg.user_spec, "v2.02.0")) {
+user_version = USER_VERSION_2_02_0;
+} else {
+error_setg(errp,
+   "Unsupported user spec version '%s'",
+   cpu->cfg.user_spec);
+return;
+}
+}
+
+set_versions(env, user_version, priv_version);
+set_resetvec(env, DEFAULT_RSTVEC);
+
+if (cpu->cfg.mmu) {
+set_feature(env, RISCV_FEATURE_MMU);
+}
+
+if (cpu->cfg.pmp) {
+set_feature(env, RISCV_FEATURE_PMP);
+}
+
 riscv_cpu_register_gdb_regs_for_features(cs);
 
 qemu_init_vcpu(cs);
@@ -326,6 +366,14 @@ static const VMStateDescription vmstate_riscv_cpu = {
 .unmigratable = 1,
 };
 
+static Property riscv_cpu_properties[] = {
+DEFINE_PROP_STRING("priv_spec", RISCVCPU, cfg.priv_spec),
+DEFINE_PROP_STRING("user_spec", RISCVCPU, cfg.user_spec),
+DEFINE_PROP_BOOL("mmu", RISCVCPU, cfg.mmu, true),
+DEFINE_PROP_BOOL("pmp", RISCVCPU, cfg.pmp, true),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void riscv_cpu_class_init(ObjectClass *c, void *data)
 {
 RISCVCPUClass *mcc = RISCV_CPU_CLASS(c);
@@ -366,6 +414,7 @@ static void riscv_cpu_class_init(ObjectClass *c, void *data)
 #endif
 /* For now, mark unmigratable: */
 cc->vmsd = _riscv_cpu;
+dc->props = riscv_cpu_properties;
 }
 
 char *riscv_isa_string(RISCVCPU *cpu)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 20bce8742e..6321983584 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -224,6 +224,14 @@ typedef struct RISCVCPU {
 CPUState parent_obj;
 /*< public >*/
 CPURISCVState env;
+
+/* Configuration Settings */
+struct {
+char *priv_spec;
+char *user_spec;
+bool mmu;
+bool pmp;
+} cfg;
 } RISCVCPU;
 
 static inline RISCVCPU *riscv_env_get_cpu(CPURISCVState *env)
-- 
2.21.0

[Qemu-devel] [Bug 1824053] Re: Qemu-img convert appears to be stuck on aarch64 host with low probability

[贞贵李]

** Changed in: qemu
   Status: Fix Released => Confirmed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1824053

Title:
  Qemu-img convert appears to be stuck on aarch64 host with low
  probability

Status in QEMU:
  Confirmed

Bug description:
  Hi,  I found a problem that qemu-img convert appears to be stuck on
  aarch64 host with low probability.

  The convert command  line is  "qemu-img convert -f qcow2 -O raw
  disk.qcow2 disk.raw ".

  The bt is below:

  Thread 2 (Thread 0x4b776e50 (LWP 27215)):
  #0  0x4a3f2994 in sigtimedwait () from /lib64/libc.so.6
  #1  0x4a39c60c in sigwait () from /lib64/libpthread.so.0
  #2  0xaae82610 in sigwait_compat (opaque=0xc5163b00) at 
util/compatfd.c:37
  #3  0xaae85038 in qemu_thread_start (args=args@entry=0xc5163b90) 
at util/qemu_thread_posix.c:496
  #4  0x4a3918bc in start_thread () from /lib64/libpthread.so.0
  #5  0x4a492b2c in thread_start () from /lib64/libc.so.6

  Thread 1 (Thread 0x4b573370 (LWP 27214)):
  #0  0x4a489020 in ppoll () from /lib64/libc.so.6
  #1  0xaadaefc0 in ppoll (__ss=0x0, __timeout=0x0, __nfds=, __fds=) at /usr/include/bits/poll2.h:77
  #2  qemu_poll_ns (fds=, nfds=, 
timeout=) at qemu_timer.c:391
  #3  0xaadae014 in os_host_main_loop_wait (timeout=) at 
main_loop.c:272
  #4  0xaadae190 in main_loop_wait (nonblocking=) at 
main_loop.c:534
  #5  0xaad97be0 in convert_do_copy (s=0xdc32eb48) at 
qemu-img.c:1923
  #6  0xaada2d70 in img_convert (argc=, argv=) at qemu-img.c:2414
  #7  0xaad99ac4 in main (argc=7, argv=) at 
qemu-img.c:5305

  
  The problem seems to be very similar to the phenomenon described by this 
patch 
(https://resources.ovirt.org/pub/ovirt-4.1/src/qemu-kvm-ev/0025-aio_notify-force-main-loop-wakeup-with-SIGIO-aarch64.patch),
 

  which force main loop wakeup with SIGIO.  But this patch was reverted
  by the patch (http://ovirt.repo.nfrance.com/src/qemu-kvm-ev/kvm-
  Revert-aio_notify-force-main-loop-wakeup-with-SIGIO-.patch).

  The problem still seems to exist in aarch64 host. The qemu version I used is 
2.8.1. The host version is 4.19.28-1.2.108.aarch64.
   Do you have any solutions to fix it?  Thanks for your reply !

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1824053/+subscriptions

Re: [Qemu-devel] [PATCH 0/2] tcg: Fix launchpad 1824853

[Richard Henderson]

On 4/19/19 1:07 PM, Alex Bennée wrote:
> 
> Richard Henderson  writes:
> 
>> This is a case where we generate more than 64k code for a mere 231
>> guest instructions.
> 
> I would like to know more! Are these unrolled vector ops or something else?

Yes.  E.g.

  ld4  { v0.16b - v3.16b }, [x0]

will generate 64 guest byte loads.  Given the size of the code
generated for each guest memory operation, we should probably
change this to use 64-bit loads and dole out the bytes manually.

Even for linux-user, with direct host memory ops this converts
to 1k code.

r~

[Qemu-devel] Using --enable-kvm fails with WindowsXP guest on an AMD host (works on Intel host)

[Antti Antinoja]

Hi,

After upgrading host (Gentoo Linux) a Windows XP guest can't boot anymore.

Some findings while testing:

* XP image boots & works OK on an Intel machine (Gentoo Linux)
** qemu: 3.1.0-r4
** kernel: 5.0.7
** CPU: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz

* XP image FAILS to boot on an AMD machine (Gentoo Linux)
** qemu: 3.1.0-r4
** kernel: 4.19.34
** CPU: AMD FX-6300 Six-Core Processor
** image boots OK if NOT using --enable-kvm

* XP image FAILS to boot on an AMD machine (Gentoo Linux)
** qemu: 3.1.0-r4 & 3.1.0-r1
** kernel: 4.19.34 & 5.0.7
** CPU: AMD Opteron(tm) Processor 4170 HE
** image boots OK if NOT using --enable-kvm
** The image worked OK on this machine with Qemu 2.12.1 & Kernel 4.18.20

Booting to Safe Mode fails too (on mentioned AMD machines with --enbale-kvm). 

Trying various -cpu options on the AMD machines didn't seem to help either 
(qemu64, pentium3, etc).

There are no errors visible on the host (kernel logs etc clean). The guest boot 
just interrupts on very early state and Windows safe mode menu will loop 
forever.

All Linux VM's are working without issues.

Cheers,
Antti

-- 
Antti Antinoja 

Re: [Qemu-devel] [PATCH] configure: Change capstone's default state to disabled

[Programmingkid]

> On Apr 19, 2019, at 2:22 PM, Richard Henderson  wrote:
> 
> On 4/19/19 3:44 AM, G 3 wrote:
>> 
>> Here is the error message I see when compiling QEMU:
>> 
>> CHK version_gen.h
>> make[1]: *** No rule to make target
>> `/Users/John/qemu-git/capstone/libcapstone.a'.  Stop.
>> make: *** [subdir-capstone] Error 2
> 
> You are configuring with --static?
> 
> I've seen this before myself -- IMO it's broken distro packaging, in that the
> shipped pkgconfig/capstone.pc claims static library support, but the static
> library itself wasn't shipped.
> 
> We should probably work around this in configure, and report the packaging 
> bug.

I do not use --static. This is what I use: ./configure 
--target-list=ppc-softmmu.

I think this is a bug with configure, or with the capstone repo.

Re: [Qemu-devel] [RFC 2/3] hw/virtio-rdma: VirtIO rdma device

[Michael S. Tsirkin]

On Thu, Apr 11, 2019 at 02:01:56PM +0300, Yuval Shaia wrote:
> diff --git a/include/standard-headers/linux/virtio_ids.h 
> b/include/standard-headers/linux/virtio_ids.h
> index 6d5c3b2d4f..bd2c699450 100644
> --- a/include/standard-headers/linux/virtio_ids.h
> +++ b/include/standard-headers/linux/virtio_ids.h
> @@ -43,5 +43,6 @@
>  #define VIRTIO_ID_INPUT18 /* virtio input */
>  #define VIRTIO_ID_VSOCK19 /* virtio vsock transport */
>  #define VIRTIO_ID_CRYPTO   20 /* virtio crypto */
> +#define VIRTIO_ID_RDMA 26 /* virtio crypto */
>  
>  #endif /* _LINUX_VIRTIO_IDS_H */


Please reserve an ID with the virtio TC.
Process:
- create a github issue
- post patch with Fixes: tag
- wait a bit
- if no comments on either ask for a vote

> -- 
> 2.20.1

Re: [Qemu-devel] [PATCH 1/2] add VirtIONet vhost_stopped flag to prevent multiple stops

[Michael S. Tsirkin]

On Tue, Apr 16, 2019 at 02:46:23PM -0400, Dan Streetman wrote:
> From: Dan Streetman 
> 
> Buglink: https://launchpad.net/bugs/1823458
> 
> There is a race condition when using the vhost-user driver, between a guest
> shutdown and the vhost-user interface being closed.  This is explained in
> more detail at the bug link above; the short explanation is the vhost-user
> device can be closed while the main thread is in the middle of stopping
> the vhost_net.  In this case, the main thread handling shutdown will
> enter virtio_net_vhost_status() and move into the n->vhost_started (else)
> block, and call vhost_net_stop(); while it is running that function,
> another thread is notified that the vhost-user device has been closed,
> and (indirectly) calls into virtio_net_vhost_status() also.  Since the
> vhost_net status hasn't yet changed, the second thread also enters
> the n->vhost_started block, and also calls vhost_net_stop().  This
> causes problems for the second thread when it tries to stop the network
> that's already been stopped.
> 
> This adds a flag to the struct that's atomically set to prevent more than
> one thread from calling vhost_net_stop().  The atomic_fetch_inc() is likely
> overkill and probably could be done with a simple check-and-set, but
> since it's a race condition there would still be a (very, very) small
> window without using an atomic to set it.

How? Isn't all this under the BQL?

> 
> Signed-off-by: Dan Streetman 
> ---
>  hw/net/virtio-net.c| 3 ++-
>  include/hw/virtio/virtio-net.h | 1 +
>  2 files changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index ffe0872fff..d36f50d5dd 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -13,6 +13,7 @@
>  
>  #include "qemu/osdep.h"
>  #include "qemu/iov.h"
> +#include "qemu/atomic.h"
>  #include "hw/virtio/virtio.h"
>  #include "net/net.h"
>  #include "net/checksum.h"
> @@ -240,7 +241,7 @@ static void virtio_net_vhost_status(VirtIONet *n, uint8_t 
> status)
>   "falling back on userspace virtio", -r);
>  n->vhost_started = 0;
>  }
> -} else {
> +} else if (atomic_fetch_inc(>vhost_stopped) == 0) {
>  vhost_net_stop(vdev, n->nic->ncs, queues);
>  n->vhost_started = 0;
>  }
> diff --git a/include/hw/virtio/virtio-net.h b/include/hw/virtio/virtio-net.h
> index b96f0c643f..d03fd933d0 100644
> --- a/include/hw/virtio/virtio-net.h
> +++ b/include/hw/virtio/virtio-net.h
> @@ -164,6 +164,7 @@ struct VirtIONet {
>  uint8_t nouni;
>  uint8_t nobcast;
>  uint8_t vhost_started;
> +int vhost_stopped;
>  struct {
>  uint32_t in_use;
>  uint32_t first_multi;

OK questions same as any state:

- do we need to migrate this?
- reset it on device reset?

> -- 
> 2.20.1

Re: [Qemu-devel] [PATCH 0/2] vhost-user race condition on shutdown

[Michael S. Tsirkin]

On Tue, Apr 16, 2019 at 02:46:22PM -0400, Dan Streetman wrote:
> From: Dan Streetman 
> 
> Buglink: https://launchpad.net/bugs/1823458

Cc Maxime.


> This is a race condition between the normal shutdown of a guest
> and the handling of its vhost-user net being externally closed.
> It's explained in more detail at the bug link; the short version
> is that there are 2 problems, fixed by the 2 patches.  The first
> patch fixes the race condition where multiple threads call
> vhost_net_stop(), and the second patch prevents vhost-user from
> calling vhost_net_cleanup() on CHR_EVENT_CLOSED, because it will
> be cleaned up later and its fields will be accessed when
> vhost_net_stop() is called later.
> 
> As explained in the bug report, this requires a rather complicated
> setup to reproduce, and I'm not able to create a setup to reproduce
> it myself.  However this has been reported to me/Canonical, and the
> reporter is able to reproduce it consistently, so I've used them for
> debug and testing.  This reproduction was done with the older 2.5
> qemu, from Ubuntu Xenial; but the problem does still appear to exist
> in upstream qemu, based on review of the code, which is why I'm sending
> these patches.
> 
> Dan Streetman (2):
>   add VirtIONet vhost_stopped flag to prevent multiple stops
>   do not call vhost_net_cleanup() on running net from char user event
> 
>  hw/net/virtio-net.c| 3 ++-
>  include/hw/virtio/virtio-net.h | 1 +
>  net/vhost-user.c   | 1 -
>  3 files changed, 3 insertions(+), 2 deletions(-)
> 
> -- 
> 2.20.1

Re: [Qemu-devel] [PATCH 0/2] tcg: Fix launchpad 1824853

[Alex Bennée]

Richard Henderson  writes:

> This is a case where we generate more than 64k code for a mere 231
> guest instructions.

I would like to know more! Are these unrolled vector ops or something else?

> This hits some assertions within TCG that we're
> not overflowing the uint16_t that we use for representing our
> unwind info.
>
> Fix this by returning an error indication, rather than asserting.
> This lets us try again from tb_gen_code with a lower max_insns.
>
> This should resolve the problem for x86 as a host.  There are other
> failure modes wrt out-of-range relocations that might affect the
> RISC hosts.  I'm going to leave those for a different patch set.
>
>
> r~
>
>
> Richard Henderson (2):
>   tcg: Hoist max_insns computation to tb_gen_code
>   tcg: Restart after TB code generation overflow
>
>  include/exec/exec-all.h   |  4 +--
>  include/exec/translator.h |  3 +-
>  accel/tcg/translate-all.c | 54 +--
>  accel/tcg/translator.c| 15 ++
>  target/alpha/translate.c  |  4 +--
>  target/arm/translate.c|  4 +--
>  target/cris/translate.c   | 10 +--
>  target/hppa/translate.c   |  5 ++--
>  target/i386/translate.c   |  4 +--
>  target/lm32/translate.c   | 10 +--
>  target/m68k/translate.c   |  4 +--
>  target/microblaze/translate.c | 10 +--
>  target/mips/translate.c   |  4 +--
>  target/moxie/translate.c  | 11 ++-
>  target/nios2/translate.c  | 14 ++---
>  target/openrisc/translate.c   |  4 +--
>  target/ppc/translate.c|  4 +--
>  target/riscv/translate.c  |  4 +--
>  target/s390x/translate.c  |  4 +--
>  target/sh4/translate.c|  4 +--
>  target/sparc/translate.c  |  4 +--
>  target/tilegx/translate.c | 12 +---
>  target/tricore/translate.c| 16 ++-
>  target/unicore32/translate.c  | 10 +--
>  target/xtensa/translate.c |  4 +--
>  tcg/tcg.c |  4 +++
>  26 files changed, 93 insertions(+), 133 deletions(-)


--
Alex Bennée

Re: [Qemu-devel] [PATCH] target/riscv: Expose time CSRs when allowed by [m|s]counteren

[Alistair Francis]

On Mon, Apr 15, 2019 at 5:46 PM Jonathan Behrens  wrote:
>
> For any chip that has a CLINT, we want the frequency of the time register and 
> the frequency of the CLINT to match. That frequency, 
> SIFIVE_CLINT_TIMEBASE_FREQ (=10MHz) is currently defined in 
> hw/riscv/sifive_clint.h and so isn't visible to target/riscv/cpu.c where the 
> CPURISCVState is first created. Instead, I first initialize the frequency to 
> a reasonable default (1GHz) and then let the CLINT override the value if one 
> is attached. Phrased differently, the values produced by the `sifive_clint.c: 
> cpu_riscv_read_rtc()` and `csr.c: read_time()` must match, and this is one 
> way of doing that.

Ah that seems fine. Can you add a comment in the code to indicate that
it will be overwritten later?

Alistair

>
> I'd be open to other suggestions.
>
> Jonathan
>
> On Mon, Apr 15, 2019 at 8:23 PM Alistair Francis  wrote:
>>
>> On Fri, Apr 12, 2019 at 12:04 PM Jonathan Behrens  wrote:
>> >
>> > Currently mcounteren.TM acts as though it is hardwired to zero, even though
>> > QEMU
>> > allows it to be set. This change resolves the issue by allowing reads to 
>> > the
>> > time and timeh control registers when running in a privileged mode where
>> > such
>> > accesses are allowed.
>> >
>> > Signed-off-by: Jonathan Behrens 
>> > ---
>> >  hw/riscv/sifive_clint.c |  1 +
>> >  target/riscv/cpu.c  | 14 ++
>> >  target/riscv/cpu.h  |  2 ++
>> >  target/riscv/csr.c  | 17 +++--
>> >  4 files changed, 28 insertions(+), 6 deletions(-)
>> >
>> > diff --git a/hw/riscv/sifive_clint.c b/hw/riscv/sifive_clint.c
>> > index d4c159e937..3ad4fe6139 100644
>> > --- a/hw/riscv/sifive_clint.c
>> > +++ b/hw/riscv/sifive_clint.c
>> > @@ -237,6 +237,7 @@ DeviceState *sifive_clint_create(hwaddr addr, hwaddr
>> > size, uint32_t num_harts,
>> >  env->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
>> >_clint_timer_cb, cpu);
>> >  env->timecmp = 0;
>> > +env->time_freq = SIFIVE_CLINT_TIMEBASE_FREQ;
>>
>> Why do you need to set this here?
>>
>> Alistair
>>
>> >  }
>> >
>> >  DeviceState *dev = qdev_create(NULL, TYPE_SIFIVE_CLINT);
>> > diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
>> > index d61bce6d55..ff17d54691 100644
>> > --- a/target/riscv/cpu.c
>> > +++ b/target/riscv/cpu.c
>> > @@ -103,12 +103,20 @@ static void set_resetvec(CPURISCVState *env, int
>> > resetvec)
>> >  #endif
>> >  }
>> >
>> > +static void set_time_freq(CPURISCVState *env, uint64_t freq)
>> > +{
>> > +#ifndef CONFIG_USER_ONLY
>> > +env->time_freq = freq;
>> > +#endif
>> > +}
>> > +
>> >  static void riscv_any_cpu_init(Object *obj)
>> >  {
>> >  CPURISCVState *env = _CPU(obj)->env;
>> >  set_misa(env, RVXLEN | RVI | RVM | RVA | RVF | RVD | RVC | RVU);
>> >  set_versions(env, USER_VERSION_2_02_0, PRIV_VERSION_1_10_0);
>> >  set_resetvec(env, DEFAULT_RSTVEC);
>> > +set_time_freq(env, NANOSECONDS_PER_SECOND);
>> >  }
>> >
>> >  #if defined(TARGET_RISCV32)
>> > @@ -121,6 +129,7 @@ static void rv32gcsu_priv1_09_1_cpu_init(Object *obj)
>> >  set_resetvec(env, DEFAULT_RSTVEC);
>> >  set_feature(env, RISCV_FEATURE_MMU);
>> >  set_feature(env, RISCV_FEATURE_PMP);
>> > +set_time_freq(env, NANOSECONDS_PER_SECOND);
>> >  }
>> >
>> >  static void rv32gcsu_priv1_10_0_cpu_init(Object *obj)
>> > @@ -131,6 +140,7 @@ static void rv32gcsu_priv1_10_0_cpu_init(Object *obj)
>> >  set_resetvec(env, DEFAULT_RSTVEC);
>> >  set_feature(env, RISCV_FEATURE_MMU);
>> >  set_feature(env, RISCV_FEATURE_PMP);
>> > +set_time_freq(env, NANOSECONDS_PER_SECOND);
>> >  }
>> >
>> >  static void rv32imacu_nommu_cpu_init(Object *obj)
>> > @@ -140,6 +150,7 @@ static void rv32imacu_nommu_cpu_init(Object *obj)
>> >  set_versions(env, USER_VERSION_2_02_0, PRIV_VERSION_1_10_0);
>> >  set_resetvec(env, DEFAULT_RSTVEC);
>> >  set_feature(env, RISCV_FEATURE_PMP);
>> > +set_time_freq(env, NANOSECONDS_PER_SECOND);
>> >  }
>> >
>> >  #elif defined(TARGET_RISCV64)
>> > @@ -152,6 +163,7 @@ static void rv64gcsu_priv1_09_1_cpu_init(Object *obj)
>> >  set_resetvec(env, DEFAULT_RSTVEC);
>> >  set_feature(env, RISCV_FEATURE_MMU);
>> >  set_feature(env, RISCV_FEATURE_PMP);
>> > +set_time_freq(env, NANOSECONDS_PER_SECOND);
>> >  }
>> >
>> >  static void rv64gcsu_priv1_10_0_cpu_init(Object *obj)
>> > @@ -162,6 +174,7 @@ static void rv64gcsu_priv1_10_0_cpu_init(Object *obj)
>> >  set_resetvec(env, DEFAULT_RSTVEC);
>> >  set_feature(env, RISCV_FEATURE_MMU);
>> >  set_feature(env, RISCV_FEATURE_PMP);
>> > +set_time_freq(env, NANOSECONDS_PER_SECOND);
>> >  }
>> >
>> >  static void rv64imacu_nommu_cpu_init(Object *obj)
>> > @@ -171,6 +184,7 @@ static void rv64imacu_nommu_cpu_init(Object *obj)
>> >  set_versions(env, USER_VERSION_2_02_0, PRIV_VERSION_1_10_0);
>> >  set_resetvec(env, DEFAULT_RSTVEC);
>> >  set_feature(env, RISCV_FEATURE_PMP);
>> > 

Re: [Qemu-devel] [PATCH] cputlb: Fix io_readx() to respect the access_type

[Alex Bennée]

Shahab Vahedi  writes:

> This change adapts io_readx() to its input access_type. Currently
> io_readx() treats any memory access as a read, although it has an
> input argument "MMUAccessType access_type". This results in:
>
> 1) Calling the tlb_fill() only with MMU_DATA_LOAD
> 2) Considering only entry->addr_read as the tlb_addr
>
> Buglink: https://bugs.launchpad.net/qemu/+bug/1825359

This bug talks about the distinction between DATA_LOAD and INST_FETCH but...

>
> Signed-off-by: Shahab Vahedi 
> ---
>  accel/tcg/cputlb.c | 7 +--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
> index 88cc8389e9..0daac0e806 100644
> --- a/accel/tcg/cputlb.c
> +++ b/accel/tcg/cputlb.c
> @@ -878,10 +878,13 @@ static uint64_t io_readx(CPUArchState *env, 
> CPUIOTLBEntry *iotlbentry,
>  CPUTLBEntry *entry;
>  target_ulong tlb_addr;
>
> -tlb_fill(cpu, addr, size, MMU_DATA_LOAD, mmu_idx, retaddr);
> +tlb_fill(cpu, addr, size, access_type, mmu_idx, retaddr);
>
>  entry = tlb_entry(env, mmu_idx, addr);
> -tlb_addr = entry->addr_read;
> +tlb_addr =
> +(access_type == MMU_DATA_LOAD ) ? entry->addr_read  :
> +(access_type == MMU_DATA_STORE) ? entry->addr_write :
> +entry->addr_code;

...why do we care here about MMU_DATA_STORE?

We could just assert (access_type == MMU_DATA_LOAD || access_type ==
MMU_INST_FETCH) and then have:

  (access_type == MMU_DATA_LOAD ) ? entry->addr_read  : entry->addr_code


>  if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
>  /* RAM access */
>  uintptr_t haddr = addr + entry->addend;


--
Alex Bennée

Re: [Qemu-devel] [PATCH for-QEMU-4.1 v5 26/29] hw/arm: Express dependencies of the ZynqMP zcu102 machine with Kconfig

[Alistair Francis]

On Thu, Apr 18, 2019 at 11:15 AM Thomas Huth  wrote:
>
> This cleans up most settings in default-configs/aarch64-softmmu.mak.
>
> Signed-off-by: Thomas Huth 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  default-configs/aarch64-softmmu.mak |  4 
>  hw/arm/Kconfig  | 11 +++
>  hw/display/Kconfig  |  1 +
>  3 files changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/default-configs/aarch64-softmmu.mak 
> b/default-configs/aarch64-softmmu.mak
> index 4ea9add003..3a4b15e7e8 100644
> --- a/default-configs/aarch64-softmmu.mak
> +++ b/default-configs/aarch64-softmmu.mak
> @@ -3,10 +3,6 @@
>  # We support all the 32 bit boards so need all their config
>  include arm-softmmu.mak
>
> -CONFIG_AUX=y
> -CONFIG_DDC=y
> -CONFIG_DPCD=y
> -CONFIG_XLNX_ZYNQMP=y
>  CONFIG_XLNX_ZYNQMP_ARM=y
>  CONFIG_XLNX_VERSAL=y
>  CONFIG_ARM_SMMUV3=y
> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> index 708eae19e5..32e4cc50e5 100644
> --- a/hw/arm/Kconfig
> +++ b/hw/arm/Kconfig
> @@ -277,6 +277,17 @@ config STM32F205_SOC
>
>  config XLNX_ZYNQMP_ARM
>  bool
> +select AHCI
> +select ARM_GIC
> +select CADENCE
> +select DDC
> +select DPCD
> +select SDHCI
> +select SSI
> +select SSI_M25P80
> +select XILINX_AXI
> +select XILINX_SPIPS
> +select XLNX_ZYNQMP
>
>  config XLNX_VERSAL
>  bool
> diff --git a/hw/display/Kconfig b/hw/display/Kconfig
> index 0577e68c8e..bb95f8d6a4 100644
> --- a/hw/display/Kconfig
> +++ b/hw/display/Kconfig
> @@ -108,6 +108,7 @@ config VIRTIO_VGA
>
>  config DPCD
>  bool
> +select AUX
>
>  config ATI_VGA
>  bool
> --
> 2.21.0
>
>

Re: [Qemu-devel] [PATCH for-QEMU-4.1 v5 20/29] hw/arm: Express dependencies of the raspi machines with Kconfig

[Alistair Francis]

On Thu, Apr 18, 2019 at 11:25 AM Thomas Huth  wrote:
>
> Most of the code is directly controlled by the CONFIG_RASPI switch,
> so not much to add here additionally.
>
> Signed-off-by: Thomas Huth 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  default-configs/arm-softmmu.mak | 4 +---
>  hw/arm/Kconfig  | 3 +++
>  2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
> index 31d31d3f4a..22bff20b32 100644
> --- a/default-configs/arm-softmmu.mak
> +++ b/default-configs/arm-softmmu.mak
> @@ -31,15 +31,13 @@ CONFIG_COLLIE=y
>  CONFIG_ASPEED_SOC=y
>  CONFIG_NETDUINO2=y
>  CONFIG_MPS2=y
> +CONFIG_RASPI=y
>
>  CONFIG_VGA=y
>  CONFIG_SSI_M25P80=y
>  CONFIG_IMX_FEC=y
>
> -CONFIG_FRAMEBUFFER=y
> -
>  CONFIG_DIGIC=y
> -CONFIG_RASPI=y
>  CONFIG_NRF51_SOC=y
>
>  CONFIG_FSL_IMX6=y
> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> index 466b143fdf..e68a29ca2b 100644
> --- a/hw/arm/Kconfig
> +++ b/hw/arm/Kconfig
> @@ -257,6 +257,9 @@ config ALLWINNER_A10
>
>  config RASPI
>  bool
> +select FRAMEBUFFER
> +select PL011 # UART
> +select SDHCI
>
>  config STM32F205_SOC
>  bool
> --
> 2.21.0
>
>

Re: [Qemu-devel] [PATCH for-QEMU-4.1 v5 25/29] hw/arm: Express dependencies of the microbit / nrf51 machine with Kconfig

[Alistair Francis]

On Thu, Apr 18, 2019 at 11:23 AM Thomas Huth  wrote:
>
> Add Kconfig dependencies for the NRF51 / microbit machine.
>
> Signed-off-by: Thomas Huth 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  default-configs/arm-softmmu.mak | 3 +--
>  hw/arm/Kconfig  | 6 ++
>  hw/arm/Makefile.objs| 3 ++-
>  3 files changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
> index 6dc388c43e..233937f394 100644
> --- a/default-configs/arm-softmmu.mak
> +++ b/default-configs/arm-softmmu.mak
> @@ -35,11 +35,10 @@ CONFIG_RASPI=y
>  CONFIG_DIGIC=y
>  CONFIG_SABRELITE=y
>  CONFIG_EMCRAFT_SF2=y
> +CONFIG_MICROBIT=y
>
>  CONFIG_VGA=y
>
> -CONFIG_NRF51_SOC=y
> -
>  CONFIG_FSL_IMX25=y
>  CONFIG_FSL_IMX7=y
>  CONFIG_FSL_IMX6UL=y
> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> index 58439c492a..708eae19e5 100644
> --- a/hw/arm/Kconfig
> +++ b/hw/arm/Kconfig
> @@ -347,8 +347,14 @@ config FSL_IMX6UL
>  select IMX_I2C
>  select SDHCI
>
> +config MICROBIT
> +bool
> +select NRF51_SOC
> +
>  config NRF51_SOC
>  bool
> +select I2C
> +select ARM_V7M
>
>  config EMCRAFT_SF2
>  bool
> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
> index eae9f6c442..994e67dd0d 100644
> --- a/hw/arm/Makefile.objs
> +++ b/hw/arm/Makefile.objs
> @@ -8,6 +8,7 @@ obj-$(CONFIG_EMCRAFT_SF2) += msf2-som.o
>  obj-$(CONFIG_HIGHBANK) += highbank.o
>  obj-$(CONFIG_INTEGRATOR) += integratorcp.o
>  obj-$(CONFIG_MAINSTONE) += mainstone.o
> +obj-$(CONFIG_MICROBIT) += microbit.o
>  obj-$(CONFIG_MUSICPAL) += musicpal.o
>  obj-$(CONFIG_NETDUINO2) += netduino2.o
>  obj-$(CONFIG_NSERIES) += nseries.o
> @@ -48,4 +49,4 @@ obj-$(CONFIG_ARMSSE) += armsse.o
>  obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o mcimx7d-sabre.o
>  obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o smmuv3.o
>  obj-$(CONFIG_FSL_IMX6UL) += fsl-imx6ul.o mcimx6ul-evk.o
> -obj-$(CONFIG_NRF51_SOC) += nrf51_soc.o microbit.o
> +obj-$(CONFIG_NRF51_SOC) += nrf51_soc.o
> --
> 2.21.0
>
>

Re: [Qemu-devel] [PATCH for-QEMU-4.1 v5 13/29] hw/arm: Express dependencies of xilinx-zynq with Kconfig

[Alistair Francis]

On Thu, Apr 18, 2019 at 11:18 AM Thomas Huth  wrote:
>
> Add Kconfig dependencies for the xilinx-zynq-a9 board.
> This patch is based on earlier work by Ákos Kovács (i.e.
> his "hw/arm/Kconfig: Add ARM Kconfig" patch).
>
> Signed-off-by: Thomas Huth 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  default-configs/arm-softmmu.mak |  7 +--
>  hw/arm/Kconfig  | 12 
>  2 files changed, 13 insertions(+), 6 deletions(-)
>
> diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
> index f39a854f2e..af78e7c892 100644
> --- a/default-configs/arm-softmmu.mak
> +++ b/default-configs/arm-softmmu.mak
> @@ -19,6 +19,7 @@ CONFIG_STELLARIS=y
>  CONFIG_REALVIEW=y
>  CONFIG_VERSATILE=y
>  CONFIG_VEXPRESS=y
> +CONFIG_ZYNQ=y
>  CONFIG_MAINSTONE=y
>  CONFIG_GUMSTIX=y
>  CONFIG_SPITZ=y
> @@ -38,16 +39,11 @@ CONFIG_VIRTIO_MMIO=y
>
>  CONFIG_NETDUINO2=y
>
> -CONFIG_PL330=y
> -CONFIG_CADENCE=y
>  CONFIG_FRAMEBUFFER=y
> -CONFIG_XILINX_SPIPS=y
> -CONFIG_ZYNQ_DEVCFG=y
>
>  CONFIG_DIGIC=y
>  CONFIG_MPS2=y
>  CONFIG_RASPI=y
> -CONFIG_ZYNQ=y
>  CONFIG_STM32F2XX_TIMER=y
>  CONFIG_STM32F2XX_USART=y
>  CONFIG_STM32F2XX_SYSCFG=y
> @@ -100,7 +96,6 @@ CONFIG_SMBUS_EEPROM=y
>  CONFIG_GPIO_KEY=y
>  CONFIG_MSF2=y
>  CONFIG_FW_CFG_DMA=y
> -CONFIG_XILINX_AXI=y
>  CONFIG_PCI_EXPRESS_DESIGNWARE=y
>
>  CONFIG_STRONGARM=y
> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> index 101de74260..785e383411 100644
> --- a/hw/arm/Kconfig
> +++ b/hw/arm/Kconfig
> @@ -201,6 +201,18 @@ config VEXPRESS
>
>  config ZYNQ
>  bool
> +select A9MPCORE
> +select CADENCE # UART
> +select PFLASH_CFI02
> +select PL330
> +select SDHCI
> +select SSI_M25P80
> +select USB_EHCI_SYSBUS
> +select XILINX # UART
> +select XILINX_AXI
> +select XILINX_SPI
> +select XILINX_SPIPS
> +select ZYNQ_DEVCFG
>
>  config ARM_V7M
>  bool
> --
> 2.21.0
>
>

[Qemu-devel] [PATCH v1 1/2] Implement the pcxl and pcxl2 Fast TLB Insert, instructions as used by NetBSD (and OpenBSD)

[Nick Hudson]

Implement the pcxl and pcxl2 Fast TLB Insert instructions as used by NetBSD 
(and OpenBSD)

See
 https://parisc.wiki.kernel.org/images-parisc/a/a9/Pcxl2_ers.pdf
 page 13-9 (195/206)

Signed-off-by: Nick Hudson 
---
 target/hppa/insns.decode |  3 +++
 target/hppa/translate.c  | 54 
 2 files changed, 57 insertions(+)

diff --git a/target/hppa/insns.decode b/target/hppa/insns.decode
index 098370c2f0..f0dd71dd08 100644
--- a/target/hppa/insns.decode
+++ b/target/hppa/insns.decode
@@ -133,6 +133,9 @@ ixtlbx  01 b:5 r:5 sp:2 010 addr:1 0 0  
data=1
 ixtlbx  01 b:5 r:5 ... 00 addr:1 0 0\
 sp=%assemble_sr3x data=0
 +# pcxl and pcxl2 Fast TLB Insert instructions
+ixtlbxf 01 0 r:5 00 0 data:1 01000 addr:1 0 0
+
 pxtlbx  01 b:5 x:5 sp:2 0100100 local:1 m:1 -   data=1
 pxtlbx  01 b:5 x:5 ... 000100 local:1 m:1 - \
 sp=%assemble_sr3x data=0
diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index 43b74367ea..860a659818 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -2518,6 +2518,60 @@ static bool trans_pxtlbx(DisasContext *ctx, arg_pxtlbx 
*a)
 #endif
 }
 +/* Implement the pcxl and pcxl2 Fast TLB Insert instructions.
+ * See
+ * https://parisc.wiki.kernel.org/images-parisc/a/a9/Pcxl2_ers.pdf
+ * page 13-9 (195/206) */
+static bool trans_ixtlbxf(DisasContext *ctx, arg_ixtlbxf *a)
+{
+CHECK_MOST_PRIVILEGED(EXCP_PRIV_OPR);
+#ifndef CONFIG_USER_ONLY
+TCGv_tl addr;
+TCGv_reg reg;
+TCGv_reg ar, sr;
+TCGv_tl atl, stl;
+
+nullify_over(ctx);
+
+//if (not (pcx or pcxl2))
+//return gen_illegal(ctx);
+
+ar = get_temp(ctx);
+sr = get_temp(ctx);
+atl = get_temp_tl(ctx);
+stl = get_temp_tl(ctx);
+addr = get_temp_tl(ctx);
+
+
+if (a->data) {
+gen_helper_ixtlbxf_d(cpu_env);
+tcg_gen_ld_reg(sr, cpu_env, offsetof(CPUHPPAState, cr[CR_ISR]));
+tcg_gen_ld_reg(ar, cpu_env, offsetof(CPUHPPAState, cr[CR_IOR]));
+} else {
+gen_helper_ixtlbxf_i(cpu_env);
+tcg_gen_ld_reg(sr, cpu_env, offsetof(CPUHPPAState, cr[CR_IIASQ]));
+tcg_gen_ld_reg(ar, cpu_env, offsetof(CPUHPPAState, cr[CR_IIAOQ]));
+}
+
+tcg_gen_extu_reg_tl(atl, ar);
+tcg_gen_extu_reg_tl(stl, sr);
+tcg_gen_shli_i64(stl, stl, 32);
+tcg_gen_or_tl(addr, atl, stl);
+reg = load_gpr(ctx, a->r);
+if (a->addr) {
+gen_helper_itlba(cpu_env, addr, reg);
+} else {
+gen_helper_itlbp(cpu_env, addr, reg);
+}
+
+/* Exit TB for TLB change if mmu is enabled.  */
+if (ctx->tb_flags & PSW_C) {
+ctx->base.is_jmp = DISAS_IAQ_N_STALE;
+}
+return nullify_end(ctx);
+#endif
+}
+
 static bool trans_lpa(DisasContext *ctx, arg_ldst *a)
 {
 CHECK_MOST_PRIVILEGED(EXCP_PRIV_OPR);
--
2.17.1

[Qemu-devel] [PATCH v1 2/2] Always return EXCP_DMAR for protection id trap as, EXCP_DMP is considered legacy.

[Nick Hudson]

Always return EXCP_DMAR for protection id trap as EXCP_DMP is considered legacy.

"In PA-RISC 1.1 (Second Edition) and later revisions, processors must
use traps 26, 27,and 28 which provide equivalent functionality"

Signed-off-by: Nick Hudson 
---
 target/hppa/mem_helper.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/target/hppa/mem_helper.c b/target/hppa/mem_helper.c
index c9b57d07c3..77fb544838 100644
--- a/target/hppa/mem_helper.c
+++ b/target/hppa/mem_helper.c
@@ -154,8 +154,7 @@ int hppa_get_physical_address(CPUHPPAState *env, vaddr 
addr, int mmu_idx,
  if (unlikely(!(prot & type))) {
 /* The access isn't allowed -- Inst/Data Memory Protection Fault.  */
-ret = (type & PAGE_EXEC ? EXCP_IMP :
-   prot & PAGE_READ ? EXCP_DMP : EXCP_DMAR);
+ret = (type & PAGE_EXEC) ? EXCP_IMP : EXCP_DMAR;
 goto egress;
 }
 -- 2.17.1

Re: [Qemu-devel] [PATCH 1/2] tcg: Hoist max_insns computation to tb_gen_code

[Alistair Francis]

On Tue, Apr 16, 2019 at 1:34 AM Richard Henderson
 wrote:
>
> In order to handle TB's that translate to too much code, we
> need to place the control of the length of the translation
> in the hands of the code gen master loop.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  include/exec/exec-all.h   |  4 ++--
>  include/exec/translator.h |  3 ++-
>  accel/tcg/translate-all.c | 15 +--
>  accel/tcg/translator.c| 15 ++-
>  target/alpha/translate.c  |  4 ++--
>  target/arm/translate.c|  4 ++--
>  target/cris/translate.c   | 10 +-
>  target/hppa/translate.c   |  5 ++---
>  target/i386/translate.c   |  4 ++--
>  target/lm32/translate.c   | 10 +-
>  target/m68k/translate.c   |  4 ++--
>  target/microblaze/translate.c | 10 +-
>  target/mips/translate.c   |  4 ++--
>  target/moxie/translate.c  | 11 ++-
>  target/nios2/translate.c  | 14 ++
>  target/openrisc/translate.c   |  4 ++--
>  target/ppc/translate.c|  4 ++--
>  target/riscv/translate.c  |  4 ++--
>  target/s390x/translate.c  |  4 ++--
>  target/sh4/translate.c|  4 ++--
>  target/sparc/translate.c  |  4 ++--
>  target/tilegx/translate.c | 12 +---
>  target/tricore/translate.c| 16 ++--
>  target/unicore32/translate.c  | 10 +-
>  target/xtensa/translate.c |  4 ++--
>  25 files changed, 56 insertions(+), 127 deletions(-)
>
> diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
> index 97b90cb0db..58e988b3b1 100644
> --- a/include/exec/exec-all.h
> +++ b/include/exec/exec-all.h
> @@ -40,8 +40,8 @@ typedef ram_addr_t tb_page_addr_t;
>
>  #include "qemu/log.h"
>
> -void gen_intermediate_code(CPUState *cpu, struct TranslationBlock *tb);
> -void restore_state_to_opc(CPUArchState *env, struct TranslationBlock *tb,
> +void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int 
> max_insns);
> +void restore_state_to_opc(CPUArchState *env, TranslationBlock *tb,
>target_ulong *data);
>
>  void cpu_gen_init(void);
> diff --git a/include/exec/translator.h b/include/exec/translator.h
> index 71e7b2c347..66dfe906c4 100644
> --- a/include/exec/translator.h
> +++ b/include/exec/translator.h
> @@ -123,6 +123,7 @@ typedef struct TranslatorOps {
>   * @db: Disassembly context.
>   * @cpu: Target vCPU.
>   * @tb: Translation block.
> + * @max_insns: Maximum number of insns to translate.
>   *
>   * Generic translator loop.
>   *
> @@ -137,7 +138,7 @@ typedef struct TranslatorOps {
>   * - When too many instructions have been translated.
>   */
>  void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
> - CPUState *cpu, TranslationBlock *tb);
> + CPUState *cpu, TranslationBlock *tb, int max_insns);
>
>  void translator_loop_temp_check(DisasContextBase *db);
>
> diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
> index 8f593b926f..fcdfe6c0ec 100644
> --- a/accel/tcg/translate-all.c
> +++ b/accel/tcg/translate-all.c
> @@ -1673,7 +1673,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
>  tb_page_addr_t phys_pc, phys_page2;
>  target_ulong virt_page2;
>  tcg_insn_unit *gen_code_buf;
> -int gen_code_size, search_size;
> +int gen_code_size, search_size, max_insns;
>  #ifdef CONFIG_PROFILER
>  TCGProfile *prof = _ctx->prof;
>  int64_t ti;
> @@ -1691,6 +1691,17 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
>  cflags &= ~CF_CLUSTER_MASK;
>  cflags |= cpu->cluster_index << CF_CLUSTER_SHIFT;
>
> +max_insns = cflags & CF_COUNT_MASK;
> +if (max_insns == 0) {
> +max_insns = CF_COUNT_MASK;
> +}
> +if (max_insns > TCG_MAX_INSNS) {
> +max_insns = TCG_MAX_INSNS;
> +}
> +if (cpu->singlestep_enabled || singlestep) {
> +max_insns = 1;
> +}
> +
>   buffer_overflow:
>  tb = tb_alloc(pc);
>  if (unlikely(!tb)) {
> @@ -1720,7 +1731,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
>  tcg_func_start(tcg_ctx);
>
>  tcg_ctx->cpu = ENV_GET_CPU(env);
> -gen_intermediate_code(cpu, tb);
> +gen_intermediate_code(cpu, tb, max_insns);
>  tcg_ctx->cpu = NULL;
>
>  trace_translate_block(tb, tb->pc, tb->tc.ptr);
> diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
> index afd0a49ea6..8d65ead708 100644
> --- a/accel/tcg/translator.c
> +++ b/accel/tcg/translator.c
> @@ -32,7 +32,7 @@ void translator_loop_temp_check(DisasContextBase *db)
>  }
>
>  void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
> - CPUState *cpu, TranslationBlock *tb)
> + CPUState *cpu, TranslationBlock *tb, int max_insns)
>  {
>  int bp_insn = 0;
>
> @@ -42,20 +42,9 @@ void translator_loop(const TranslatorOps *ops, 
> DisasContextBase *db,
>  db->pc_next = db->pc_first;
>  db->is_jmp = DISAS_NEXT;
>  

Re: [Qemu-devel] [PATCH 2/7] riscv: Don't split CPU model string

[Alistair Francis]

On Thu, Apr 18, 2019 at 11:20 PM Eduardo Habkost  wrote:
>
> CPUClass::class_by_name is called after the CPU model name and
> options were already split, there's no need to split the string
> again.
>
> Signed-off-by: Eduardo Habkost 

Reviewed-by: Alistair Francis 

Alistair

> ---
> Cc: Palmer Dabbelt 
> Cc: Alistair Francis 
> Cc: Sagar Karandikar 
> Cc: Bastian Koppelmann 
> Cc: qemu-ri...@nongnu.org
> ---
>  target/riscv/cpu.c | 5 +
>  1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index d61bce6d55..5e97a83c80 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -179,12 +179,9 @@ static ObjectClass *riscv_cpu_class_by_name(const char 
> *cpu_model)
>  {
>  ObjectClass *oc;
>  char *typename;
> -char **cpuname;
>
> -cpuname = g_strsplit(cpu_model, ",", 1);
> -typename = g_strdup_printf(RISCV_CPU_TYPE_NAME("%s"), cpuname[0]);
> +typename = g_strdup_printf(RISCV_CPU_TYPE_NAME("%s"), cpu_model);
>  oc = object_class_by_name(typename);
> -g_strfreev(cpuname);
>  g_free(typename);
>  if (!oc || !object_class_dynamic_cast(oc, TYPE_RISCV_CPU) ||
>  object_class_is_abstract(oc)) {
> --
> 2.18.0.rc1.1.g3f1ff2140
>
>

[Qemu-devel] [PATCH v1 0/2] HPPA fixes for NetBSD/hppa emulation

[Nick Hudson]

Hi,

Here are the required changes to allow qemu to emulate NetBSD/hppa.

Nick Hudson (2):
  Implement the pcxl and pcxl2 Fast TLB Insert instructions as used by
NetBSD (and OpenBSD)
  Always return EXCP_DMAR for protection id trap as EXCP_DMP is
considered legacy.

 target/hppa/insns.decode |  3 +++
 target/hppa/mem_helper.c |  3 +--
 target/hppa/translate.c  | 54 
 3 files changed, 58 insertions(+), 2 deletions(-)

--
2.17.1

Re: [Qemu-devel] [PATCH 6/7] cpu: Set class name format for some architectures

[Alistair Francis]

On Thu, Apr 18, 2019 at 11:23 PM Eduardo Habkost  wrote:
>
> Set CPUClass::class_name_format for 12 architectures that simply
> generate a class name using g_strdup_printf(): arm, i386, lm32,
> m68k, mips, moxie, openrisc, riscv, s390x, tricore, unicore32,
> xtensa.
>
> Signed-off-by: Eduardo Habkost 
> ---
> Cc: Peter Maydell 
> Cc: Paolo Bonzini 
> Cc: Richard Henderson 
> Cc: Eduardo Habkost 
> Cc: Michael Walle 
> Cc: Laurent Vivier 
> Cc: Aurelien Jarno 
> Cc: Aleksandar Markovic 
> Cc: Aleksandar Rikalo 
> Cc: Anthony Green 
> Cc: Stafford Horne 
> Cc: Palmer Dabbelt 
> Cc: Alistair Francis 
> Cc: Sagar Karandikar 
> Cc: Bastian Koppelmann 
> Cc: Cornelia Huck 
> Cc: David Hildenbrand 
> Cc: Guan Xuetao 
> Cc: Max Filippov 
> Cc: qemu-...@nongnu.org
> Cc: qemu-ri...@nongnu.org
> Cc: qemu-s3...@nongnu.org

For RISC-V:

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/s390x/internal.h   |  1 -
>  target/arm/cpu.c  | 17 +
>  target/i386/cpu.c | 11 +--
>  target/lm32/cpu.c | 17 +
>  target/m68k/cpu.c | 17 +
>  target/mips/cpu.c | 13 +
>  target/moxie/cpu.c| 17 +
>  target/openrisc/cpu.c | 17 +
>  target/riscv/cpu.c| 17 +
>  target/s390x/cpu.c|  2 +-
>  target/s390x/cpu_models.c | 10 --
>  target/tricore/cpu.c  | 17 +
>  target/unicore32/cpu.c| 17 +
>  target/xtensa/cpu.c   | 17 +
>  14 files changed, 12 insertions(+), 178 deletions(-)
>
> diff --git a/target/s390x/internal.h b/target/s390x/internal.h
> index 3b4855c175..789d6444c9 100644
> --- a/target/s390x/internal.h
> +++ b/target/s390x/internal.h
> @@ -256,7 +256,6 @@ static inline void s390_cpu_unhalt(S390CPU *cpu)
>  void s390_cpu_model_register_props(Object *obj);
>  void s390_cpu_model_class_register_props(ObjectClass *oc);
>  void s390_realize_cpu_model(CPUState *cs, Error **errp);
> -ObjectClass *s390_cpu_class_by_name(const char *name);
>
>
>  /* excp_helper.c */
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index dcc65093d9..4f0ed3715d 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -1208,21 +1208,6 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
> **errp)
>  acc->parent_realize(dev, errp);
>  }
>
> -static ObjectClass *arm_cpu_class_by_name(const char *cpu_model)
> -{
> -ObjectClass *oc;
> -char *typename;
> -
> -typename = g_strdup_printf(ARM_CPU_TYPE_NAME("%s"), cpu_model);
> -oc = object_class_by_name(typename);
> -g_free(typename);
> -if (!oc || !object_class_dynamic_cast(oc, TYPE_ARM_CPU) ||
> -object_class_is_abstract(oc)) {
> -return NULL;
> -}
> -return oc;
> -}
> -
>  /* CPU models. These are not needed for the AArch64 linux-user build. */
>  #if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
>
> @@ -2142,7 +2127,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
> *data)
>  acc->parent_reset = cc->reset;
>  cc->reset = arm_cpu_reset;
>
> -cc->class_by_name = arm_cpu_class_by_name;
> +cc->class_name_format = ARM_CPU_TYPE_NAME("%s");
>  cc->has_work = arm_cpu_has_work;
>  cc->cpu_exec_interrupt = arm_cpu_exec_interrupt;
>  cc->dump_state = arm_cpu_dump_state;
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index d6bb57d210..18adef524f 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -1391,15 +1391,6 @@ static char *x86_cpu_type_name(const char *model_name)
>  return g_strdup_printf(X86_CPU_TYPE_NAME("%s"), model_name);
>  }
>
> -static ObjectClass *x86_cpu_class_by_name(const char *cpu_model)
> -{
> -ObjectClass *oc;
> -char *typename = x86_cpu_type_name(cpu_model);
> -oc = object_class_by_name(typename);
> -g_free(typename);
> -return oc;
> -}
> -
>  static char *x86_cpu_class_get_model_name(X86CPUClass *cc)
>  {
>  const char *class_name = object_class_get_name(OBJECT_CLASS(cc));
> @@ -5851,7 +5842,7 @@ static void x86_cpu_common_class_init(ObjectClass *oc, 
> void *data)
>  cc->reset = x86_cpu_reset;
>  cc->reset_dump_flags = CPU_DUMP_FPU | CPU_DUMP_CCOP;
>
> -cc->class_by_name = x86_cpu_class_by_name;
> +cc->class_name_format = X86_CPU_TYPE_NAME("%s");
>  cc->parse_features = x86_cpu_parse_featurestr;
>  cc->has_work = x86_cpu_has_work;
>  #ifdef CONFIG_TCG
> diff --git a/target/lm32/cpu.c b/target/lm32/cpu.c
> index b7499cb627..675bea10e8 100644
> --- a/target/lm32/cpu.c
> +++ b/target/lm32/cpu.c
> @@ -201,21 +201,6 @@ static void lm32_full_cpu_initfn(Object *obj)
>| LM32_FEATURE_CYCLE_COUNT;
>  }
>
> -static ObjectClass *lm32_cpu_class_by_name(const char *cpu_model)
> -{
> -ObjectClass *oc;
> -char *typename;
> -
> -typename = g_strdup_printf(LM32_CPU_TYPE_NAME("%s"), cpu_model);
> -oc = object_class_by_name(typename);
> -

Re: [Qemu-devel] [PATCH for 4.1 v3 2/6] target/riscv: Fall back to generating a RISC-V CPU

[Alistair Francis]

On Tue, Apr 16, 2019 at 6:23 AM Daniel P. Berrangé  wrote:
>
> On Wed, Apr 10, 2019 at 11:10:25PM +, Alistair Francis wrote:
> > If a user specifies a CPU that we don't understand then we want to fall
> > back to a CPU generated from the ISA string.
> >
> > At the moment the generated CPU is assumed to be a privledge spec
> > version 1.10 CPU with an MMU. This can be changed in the future.
> >
> > Signed-off-by: Alistair Francis 
> > ---
> > v3:
> >  - Ensure a minimal length so we don't run off the end of the string.
> >  - Don't parse the rv32/rv64 in the loop
> >  target/riscv/cpu.c | 101 -
> >  target/riscv/cpu.h |   2 +
> >  2 files changed, 102 insertions(+), 1 deletion(-)
> >
> > diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> > index d61bce6d55..27be9e412a 100644
> > --- a/target/riscv/cpu.c
> > +++ b/target/riscv/cpu.c
> > @@ -19,6 +19,7 @@
> >
> >  #include "qemu/osdep.h"
> >  #include "qemu/log.h"
> > +#include "qemu/error-report.h"
> >  #include "cpu.h"
> >  #include "exec/exec-all.h"
> >  #include "qapi/error.h"
> > @@ -103,6 +104,99 @@ static void set_resetvec(CPURISCVState *env, int 
> > resetvec)
> >  #endif
> >  }
> >
> > +static void riscv_generate_cpu_init(Object *obj)
> > +{
> > +RISCVCPU *cpu = RISCV_CPU(obj);
> > +CPURISCVState *env = >env;
> > +RISCVCPUClass *mcc = RISCV_CPU_GET_CLASS(cpu);
> > +const char *riscv_cpu = mcc->isa_str;
> > +target_ulong target_misa = 0;
> > +target_ulong rvxlen = 0;
> > +int i;
> > +bool valid = false;
> > +
> > +/*
> > + * We need at least 5 charecters for the string to be valid. Check that
> > + * now so we can be lazier later.
> > + */
> > +if (strlen(riscv_cpu) < 5) {
> > +error_report("'%s' does not appear to be a valid RISC-V ISA 
> > string",
> > + riscv_cpu);
> > +exit(1);
> > +}
> > +
> > +if (riscv_cpu[0] == 'r' && riscv_cpu[1] == 'v') {
> > +/* Starts with "rv" */
> > +if (riscv_cpu[2] == '3' && riscv_cpu[3] == '2') {
> > +valid = true;
> > +rvxlen = RV32;
> > +}
> > +if (riscv_cpu[2] == '6' && riscv_cpu[3] == '4') {
> > +valid = true;
> > +rvxlen = RV64;
> > +}
> > +}
> > +
> > +if (!valid) {
> > +error_report("'%s' does not appear to be a valid RISC-V CPU",
> > + riscv_cpu);
> > +exit(1);
> > +}
> > +
> > +for (i = 4; i < strlen(riscv_cpu); i++) {
> > +switch (riscv_cpu[i]) {
> > +case 'i':
> > +if (target_misa & RVE) {
> > +error_report("I and E extensions are incompatible");
> > +exit(1);
> > +}
> > +target_misa |= RVI;
> > +continue;
> > +case 'e':
> > +if (target_misa & RVI) {
> > +error_report("I and E extensions are incompatible");
> > +exit(1);
> > +}
> > +target_misa |= RVE;
> > +continue;
> > +case 'g':
> > +target_misa |= RVI | RVM | RVA | RVF | RVD;
> > +continue;
> > +case 'm':
> > +target_misa |= RVM;
> > +continue;
> > +case 'a':
> > +target_misa |= RVA;
> > +continue;
> > +case 'f':
> > +target_misa |= RVF;
> > +continue;
> > +case 'd':
> > +target_misa |= RVD;
> > +continue;
> > +case 'c':
> > +target_misa |= RVC;
> > +continue;
> > +case 's':
> > +target_misa |= RVS;
> > +continue;
> > +case 'u':
> > +target_misa |= RVU;
> > +continue;
> > +default:
> > +warn_report("QEMU does not support the %c extension",
> > +riscv_cpu[i]);
> > +continue;
> > +}
> > +}
> > +
> > +set_misa(env, rvxlen | target_misa);
> > +set_versions(env, USER_VERSION_2_02_0, PRIV_VERSION_1_10_0);
> > +set_resetvec(env, DEFAULT_RSTVEC);
> > +set_feature(env, RISCV_FEATURE_MMU);
> > +set_feature(env, RISCV_FEATURE_PMP);
> > +}
>
> This whole approach feels undesirable to me, as it is quite different to
> way CPUs are represented in the other architectures in QEMU and as a result
> does not fit in the QAPI commands we've been building in QEMU for dealing
> with CPU model representation. This will make for increased maint burden
> in both QEMU and apps managing QEMU
>
> IIUC, this code is taking an arbitrary CPU model string and looking
> at individual characters in that string & turning on individual features
> according to what characters it sees. There's several problems with this
>
>  - There's no way to enumerate valid CPU model names
>
>  - There can be many different names that all result
>in the same CPU model. eg "fdcs", "scdf", a"ffddccss"

Re: [Qemu-devel] [PATCH v5 1/2] target/mips: add or remove space to fix checkpatch errors

[Aleksandar Markovic]

> From: Jules Irenge 
> Subject: [PATCH v5 1/2] target/mips: add or remove space to fix checkpatch 
> errors

Reviewed-by: Aleksandar Markovic 

Re: [Qemu-devel] [PATCH v5 2/2] target/mips: realign comments to fix checkpatch warnings

[Aleksandar Markovic]

> From: Jules Irenge 
> Subject: [PATCH v5 2/2] target/mips: realign comments to fix checkpatch 
> warnings

Reviewed-by: Aleksandar Markovic 

[Qemu-devel] [PATCH 1/5] target/mips: Make the results of DIV_. the same as on hardware

[Aleksandar Markovic]

From: Mateja Marjanovic 

MSA instructions DIV_. when dividing by zero,
didn't return the same value when executed on a referent hardware
(FPGA MIPS 64 r6, little endian) and when executed on QEMU, which
is not a real bug, because the result when dividing by zero is
UNPREDICTABLE [1] (page 141, 142).

[1] MIPS Architecture for Programmers
Volume IV-j: The MIPS64 SIMD
Architecture Module, Revision 1.12

Signed-off-by: Mateja Marjanovic 
Reviewed-by: Aleksandar Markovic 
Message-Id: <1554207110-9113-2-git-send-email-mateja.marjano...@rt-rk.com>
---
 target/mips/msa_helper.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 6c57281..fec4db9 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -641,14 +641,15 @@ static inline int64_t msa_div_s_df(uint32_t df, int64_t 
arg1, int64_t arg2)
 if (arg1 == DF_MIN_INT(df) && arg2 == -1) {
 return DF_MIN_INT(df);
 }
-return arg2 ? arg1 / arg2 : 0;
+return arg2 ? arg1 / arg2
+: arg1 >= 0 ? -1 : 1;
 }
 
 static inline int64_t msa_div_u_df(uint32_t df, int64_t arg1, int64_t arg2)
 {
 uint64_t u_arg1 = UNSIGNED(arg1, df);
 uint64_t u_arg2 = UNSIGNED(arg2, df);
-return u_arg2 ? u_arg1 / u_arg2 : 0;
+return arg2 ? u_arg1 / u_arg2 : -1;
 }
 
 static inline int64_t msa_mod_s_df(uint32_t df, int64_t arg1, int64_t arg2)
-- 
2.7.4

[Qemu-devel] [PATCH 2/5] target/mips: Make the results of MOD_. the same as on hardware

[Aleksandar Markovic]

From: Mateja Marjanovic 

MSA instructions MOD_. when dividing by zero,
didn't return the same value when executed on a referent hardware
(FPGA MIPS 64 r6, little endian) and when executed on QEMU, which
is not a real bug, because the result when dividing by zero is
UNPREDICTABLE [1] (page 255, 256).

[1] MIPS Architecture for Programmers
Volume IV-j: The MIPS64 SIMD
Architecture Module, Revision 1.12

Signed-off-by: Mateja Marjanovic 
Reviewed-by: Aleksandar Markovic 
Message-Id: <1554207110-9113-3-git-send-email-mateja.marjano...@rt-rk.com>
---
 target/mips/msa_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index fec4db9..ee1b1fa 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -657,14 +657,14 @@ static inline int64_t msa_mod_s_df(uint32_t df, int64_t 
arg1, int64_t arg2)
 if (arg1 == DF_MIN_INT(df) && arg2 == -1) {
 return 0;
 }
-return arg2 ? arg1 % arg2 : 0;
+return arg2 ? arg1 % arg2 : arg1;
 }
 
 static inline int64_t msa_mod_u_df(uint32_t df, int64_t arg1, int64_t arg2)
 {
 uint64_t u_arg1 = UNSIGNED(arg1, df);
 uint64_t u_arg2 = UNSIGNED(arg2, df);
-return u_arg2 ? u_arg1 % u_arg2 : 0;
+return u_arg2 ? u_arg1 % u_arg2 : u_arg1;
 }
 
 #define SIGNED_EVEN(a, df) \
-- 
2.7.4

[Qemu-devel] [PATCH 0/5] target/mips: Consolidate MIPS TCG tests

[Aleksandar Markovic]

From: Aleksandar Markovic 

This series contains a number of fixes, improvements and amendments
related to MIPS TCG tests. It is focused on improving existing tests,
even though some small number of tests are added.

Aleksandar Markovic (3):
  target/mips: Amend and cleanup MSA TCG tests
  tests/tcg: target/mips: Add tests for MSA bit set instructions
  tests/tcg: target/mips: Add README for MSA tests

Mateja Marjanovic (2):
  target/mips: Make the results of DIV_. the same as on
hardware
  target/mips: Make the results of MOD_. the same as on
hardware

 target/mips/msa_helper.c   |   9 +-
 tests/tcg/mips/include/test_utils_128.h|   2 +-
 tests/tcg/mips/include/wrappers_msa.h  | 147 -
 tests/tcg/mips/user/ase/msa/README | 639 +
 .../mips/user/ase/msa/bit-set/test_msa_bclr_b.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bclr_d.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bclr_h.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bclr_w.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bneg_b.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bneg_d.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bneg_h.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bneg_w.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bset_b.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bset_d.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bset_h.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bset_w.c| 153 +
 .../mips/user/ase/msa/int-add/test_msa_add_a_b.c   |   4 +
 .../mips/user/ase/msa/int-add/test_msa_add_a_d.c   |   4 +
 .../mips/user/ase/msa/int-add/test_msa_add_a_h.c   |   4 +
 .../mips/user/ase/msa/int-add/test_msa_add_a_w.c   |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_a_b.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_a_d.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_a_h.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_a_w.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_s_b.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_s_d.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_s_h.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_s_w.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_u_b.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_u_d.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_u_h.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_adds_u_w.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_addv_b.c|   4 +
 .../mips/user/ase/msa/int-add/test_msa_addv_d.c|   4 +
 .../mips/user/ase/msa/int-add/test_msa_addv_h.c|   4 +
 .../mips/user/ase/msa/int-add/test_msa_addv_w.c|   4 +
 .../mips/user/ase/msa/int-add/test_msa_hadd_s_d.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_hadd_s_h.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_hadd_s_w.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_hadd_u_d.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_hadd_u_h.c  |   4 +
 .../mips/user/ase/msa/int-add/test_msa_hadd_u_w.c  |   4 +
 .../user/ase/msa/int-average/test_msa_ave_s_b.c|  12 +-
 .../user/ase/msa/int-average/test_msa_ave_s_d.c|  12 +-
 .../user/ase/msa/int-average/test_msa_ave_s_h.c|  12 +-
 .../user/ase/msa/int-average/test_msa_ave_s_w.c|  12 +-
 .../user/ase/msa/int-average/test_msa_ave_u_b.c|  12 +-
 .../user/ase/msa/int-average/test_msa_ave_u_d.c|  12 +-
 .../user/ase/msa/int-average/test_msa_ave_u_h.c|  12 +-
 .../user/ase/msa/int-average/test_msa_ave_u_w.c|  12 +-
 .../user/ase/msa/int-average/test_msa_aver_s_b.c   |  12 +-
 .../user/ase/msa/int-average/test_msa_aver_s_d.c   |  12 +-
 .../user/ase/msa/int-average/test_msa_aver_s_h.c   |  12 +-
 .../user/ase/msa/int-average/test_msa_aver_s_w.c   |  12 +-
 .../user/ase/msa/int-average/test_msa_aver_u_b.c   |  12 +-
 .../user/ase/msa/int-average/test_msa_aver_u_d.c   |  12 +-
 .../user/ase/msa/int-average/test_msa_aver_u_h.c   |  12 +-
 .../user/ase/msa/int-average/test_msa_aver_u_w.c   |  12 +-
 .../mips/user/ase/msa/int-compare/test_msa_ceq_b.c |   2 +
 .../mips/user/ase/msa/int-compare/test_msa_ceq_d.c |   2 +
 .../mips/user/ase/msa/int-compare/test_msa_ceq_h.c |   2 +
 .../mips/user/ase/msa/int-compare/test_msa_ceq_w.c |   2 +
 .../user/ase/msa/int-compare/test_msa_cle_s_b.c|   2 +
 .../user/ase/msa/int-compare/test_msa_cle_s_d.c|   2 +
 .../user/ase/msa/int-compare/test_msa_cle_s_h.c|   2 +
 .../user/ase/msa/int-compare/test_msa_cle_s_w.c|   2 +
 .../user/ase/msa/int-compare/test_msa_cle_u_b.c|   2 +
 .../user/ase/msa/int-compare/test_msa_cle_u_d.c|   2 +
 .../user/ase/msa/int-compare/test_msa_cle_u_h.c|   2 +
 .../user/ase/msa/int-compare/test_msa_cle_u_w.c|   2 +
 .../user/ase/msa/int-compare/test_msa_clt_s_b.c|   2 +
 .../user/ase/msa/int-compare/test_msa_clt_s_d.c|   2 +
 

[Qemu-devel] [PATCH 5/5] tests/tcg: target/mips: Add README for MSA tests

[Aleksandar Markovic]

From: Aleksandar Markovic 

Add README for MSA tests. This is just to explain how to run tests even
without Makefile. Makefile will be provided later on.

Signed-off-by: Aleksandar Markovic 
---
 tests/tcg/mips/user/ase/msa/README | 639 +
 1 file changed, 639 insertions(+)
 create mode 100644 tests/tcg/mips/user/ase/msa/README

diff --git a/tests/tcg/mips/user/ase/msa/README 
b/tests/tcg/mips/user/ase/msa/README
new file mode 100644
index 000..3df0fd0
--- /dev/null
+++ b/tests/tcg/mips/user/ase/msa/README
@@ -0,0 +1,639 @@
+The tests in subdirectories of this directory are supposed to be compiled for
+mips64el MSA-enabled CPU (I6400, I6500), using an appropriate MIPS toolchain.
+For example:
+
+/opt/img/bin/mips-img-linux-gnu-gcc   \
+-EL -static -mabi=64 -march=mips64r6 -mmsa  -o 
+
+They are to be executed using QEMU user mode, using command line:
+
+mips64el-linux-user/qemu-mips64el -cpu I6400 
+
+This is an example of a shell script that will compile and execute tests for
+206 MSA instructions:
+
+
+cd 
+cd tests/tcg/mips/user/ase/msa
+
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_nloc_b.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_nloc_b
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_nloc_h.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_nloc_h
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_nloc_w.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_nloc_w
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_nloc_d.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_nloc_d
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_nlzc_b.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_nlzc_b
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_nlzc_h.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_nlzc_h
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_nlzc_w.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_nlzc_w
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_nlzc_d.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_nlzc_d
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_pcnt_b.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_pcnt_b
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_pcnt_h.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_pcnt_h
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_pcnt_w.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_pcnt_w
+/opt/img/bin/mips-img-linux-gnu-gcc   bit-count/test_msa_pcnt_d.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_pcnt_d
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bclr_b.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bclr_b
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bclr_h.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bclr_h
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bclr_w.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bclr_w
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bclr_d.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bclr_d
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bneg_b.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bneg_b
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bneg_h.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bneg_h
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bneg_w.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bneg_w
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bneg_d.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bneg_d
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bset_b.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bset_b
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bset_h.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bset_h
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bset_w.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bset_w
+/opt/img/bin/mips-img-linux-gnu-gcc bit-set/test_msa_bset_d.c  
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_bset_d
+/opt/img/bin/mips-img-linux-gnu-gcc int-add/test_msa_add_a_b.c 
\
+-EL -static -mabi=64 -march=mips64r6 -mmsa -o  /tmp/test_msa_add_a_b
+/opt/img/bin/mips-img-linux-gnu-gcc int-add/test_msa_add_a_h.c 
\

[Qemu-devel] [PATCH 4/5] tests/tcg: target/mips: Add tests for MSA bit set instructions

[Aleksandar Markovic]

From: Aleksandar Markovic 

Add tests for MSA bit set instructions. This includes following
instructions:

  * BCLR.B - clear bit (bytes)
  * BCLR.H - clear bit (halfwords)
  * BCLR.W - clear bit (words)
  * BCLR.D - clear bit (doublewords)
  * BNEG.B - negate bit (bytes)
  * BNEG.H - negate bit (halfwords)
  * BNEG.W - negate bit (words)
  * BNEG.D - negate bit (doublewords)
  * BSET.B - set bit (bytes)
  * BSET.H - set bit (halfwords)
  * BSET.W - set bit (words)
  * BSET.D - set bit (doublewords)

Signed-off-by: Aleksandar Markovic 
---
 .../mips/user/ase/msa/bit-set/test_msa_bclr_b.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bclr_d.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bclr_h.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bclr_w.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bneg_b.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bneg_d.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bneg_h.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bneg_w.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bset_b.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bset_d.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bset_h.c| 153 +
 .../mips/user/ase/msa/bit-set/test_msa_bset_w.c| 153 +
 12 files changed, 1836 insertions(+)
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bclr_b.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bclr_d.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bclr_h.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bclr_w.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bneg_b.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bneg_d.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bneg_h.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bneg_w.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bset_b.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bset_d.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bset_h.c
 create mode 100644 tests/tcg/mips/user/ase/msa/bit-set/test_msa_bset_w.c

diff --git a/tests/tcg/mips/user/ase/msa/bit-set/test_msa_bclr_b.c 
b/tests/tcg/mips/user/ase/msa/bit-set/test_msa_bclr_b.c
new file mode 100644
index 000..c5aab14
--- /dev/null
+++ b/tests/tcg/mips/user/ase/msa/bit-set/test_msa_bclr_b.c
@@ -0,0 +1,153 @@
+/*
+ *  Test program for MSA instruction BCLR.B
+ *
+ *  Copyright (C) 2019  Wave Computing, Inc.
+ *  Copyright (C) 2019  Aleksandar Markovic 
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see .
+ *
+ */
+
+#include 
+#include 
+
+#include "../../../../include/wrappers_msa.h"
+#include "../../../../include/test_inputs_128.h"
+#include "../../../../include/test_utils_128.h"
+
+#define TEST_COUNT_TOTAL (\
+(PATTERN_INPUTS_SHORT_COUNT) * (PATTERN_INPUTS_SHORT_COUNT) + \
+(RANDOM_INPUTS_SHORT_COUNT) * (RANDOM_INPUTS_SHORT_COUNT))
+
+
+int32_t main(void)
+{
+char *instruction_name = "BCLR.B";
+int32_t ret;
+uint32_t i, j;
+struct timeval start, end;
+double elapsed_time;
+
+uint64_t b128_result[TEST_COUNT_TOTAL][2];
+uint64_t b128_expect[TEST_COUNT_TOTAL][2] = {
+{ 0x7f7f7f7f7f7f7f7fULL, 0x7f7f7f7f7f7f7f7fULL, },/*   0  */
+{ 0xfefefefefefefefeULL, 0xfefefefefefefefeULL, },
+{ 0xfbfbfbfbfbfbfbfbULL, 0xfbfbfbfbfbfbfbfbULL, },
+{ 0xdfdfdfdfdfdfdfdfULL, 0xdfdfdfdfdfdfdfdfULL, },
+{ 0xefefefefefefefefULL, 0xefefefefefefefefULL, },
+{ 0xf7f7f7f7f7f7f7f7ULL, 0xf7f7f7f7f7f7f7f7ULL, },
+{ 0xf7bffef7bffef7bfULL, 0xfef7bffef7bffef7ULL, },
+{ 0xeffd7feffd7feffdULL, 0x7feffd7feffd7fefULL, },
+{ 0xULL, 0xULL, },/*   8  */
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+{ 0xULL, 0xULL, },
+  

Re: [Qemu-devel] [PATCH] configure: Change capstone's default state to disabled

[Richard Henderson]

On 4/19/19 3:44 AM, G 3 wrote:
> 
> Here is the error message I see when compiling QEMU:
> 
> CHK version_gen.h
> make[1]: *** No rule to make target
> `/Users/John/qemu-git/capstone/libcapstone.a'.  Stop.
> make: *** [subdir-capstone] Error 2

You are configuring with --static?

I've seen this before myself -- IMO it's broken distro packaging, in that the
shipped pkgconfig/capstone.pc claims static library support, but the static
library itself wasn't shipped.

We should probably work around this in configure, and report the packaging bug.


r~

[Qemu-devel] [PATCH 2/2] blockjob: use blk_new_pinned in block_job_create

[Vladimir Sementsov-Ogievskiy]

child_role job already has .stay_at_node=true, so on bdrv_replace_node
operation these child are unchanged. Make block job blk behave in same
manner, to avoid inconsistent intermediate graph states and workarounds
like in mirror.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/mirror.c | 6 +-
 blockjob.c | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/block/mirror.c b/block/mirror.c
index ff15cfb197..c2cb6bccff 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -713,12 +713,8 @@ static int mirror_exit_common(Job *job)
 _abort);
 bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), _abort);
 
-/* We just changed the BDS the job BB refers to (with either or both of the
- * bdrv_replace_node() calls), so switch the BB back so the cleanup does
- * the right thing. We don't need any permissions any more now. */
-blk_remove_bs(bjob->blk);
+/* We don't need any permissions any more now. */
 blk_set_perm(bjob->blk, 0, BLK_PERM_ALL, _abort);
-blk_insert_bs(bjob->blk, mirror_top_bs, _abort);
 
 bs_opaque->job = NULL;
 
diff --git a/blockjob.c b/blockjob.c
index 730101d282..47466bdfcf 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -396,7 +396,7 @@ void *block_job_create(const char *job_id, const 
BlockJobDriver *driver,
 job_id = bdrv_get_device_name(bs);
 }
 
-blk = blk_new(perm, shared_perm);
+blk = blk_new_pinned(perm, shared_perm);
 ret = blk_insert_bs(blk, bs, errp);
 if (ret < 0) {
 blk_unref(blk);
-- 
2.18.0

[Qemu-devel] [PATCH 1/2] block: introduce pinned blk

[Vladimir Sementsov-Ogievskiy]

Add stay_at_node fields to BlockBackend and BdrvChild, for the same
behavior as stay_at_node field of BdrvChildRole. It will be used for
block-job blk.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 include/block/block_int.h  |  6 ++
 include/sysemu/block-backend.h |  1 +
 block.c|  2 +-
 block/block-backend.c  | 23 ++-
 4 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/include/block/block_int.h b/include/block/block_int.h
index 01e855a066..ae8fc3a580 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -725,6 +725,12 @@ struct BdrvChild {
  */
 bool frozen;
 
+/*
+ * This link should not be modified in bdrv_replace_node process. Used by
+ * should_update_child()
+ */
+bool stay_at_node;
+
 QLIST_ENTRY(BdrvChild) next;
 QLIST_ENTRY(BdrvChild) next_parent;
 };
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 3be05c2d68..d9c7b9f86a 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -77,6 +77,7 @@ typedef struct BlockBackendPublic {
 } BlockBackendPublic;
 
 BlockBackend *blk_new(uint64_t perm, uint64_t shared_perm);
+BlockBackend *blk_new_pinned(uint64_t perm, uint64_t shared_perm);
 BlockBackend *blk_new_open(const char *filename, const char *reference,
QDict *options, int flags, Error **errp);
 int blk_get_refcnt(BlockBackend *blk);
diff --git a/block.c b/block.c
index 16615bc876..5069515976 100644
--- a/block.c
+++ b/block.c
@@ -3905,7 +3905,7 @@ static bool should_update_child(BdrvChild *c, 
BlockDriverState *to)
 GHashTable *found;
 bool ret;
 
-if (c->role->stay_at_node) {
+if (c->stay_at_node || c->role->stay_at_node) {
 return false;
 }
 
diff --git a/block/block-backend.c b/block/block-backend.c
index f78e82a707..b2de911383 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -86,6 +86,11 @@ struct BlockBackend {
  * Accessed with atomic ops.
  */
 unsigned int in_flight;
+
+/*
+ * On blk_insert_bs() new child will inherit  @stay_at_node.
+ */
+bool stay_at_node;
 };
 
 typedef struct BlockBackendAIOCB {
@@ -311,9 +316,13 @@ static const BdrvChildRole child_root = {
  * to other users of the attached node.
  * Both sets of permissions can be changed later using blk_set_perm().
  *
+ * @stay_at_node is used to set stay_at_node field of child, attached in
+ * blk_insert_bs(). If true, child bs will not be updated on bdrv_replace_node.
+ *
  * Return the new BlockBackend on success, null on failure.
  */
-BlockBackend *blk_new(uint64_t perm, uint64_t shared_perm)
+static BlockBackend *blk_new_common(uint64_t perm, uint64_t shared_perm,
+bool stay_at_node)
 {
 BlockBackend *blk;
 
@@ -321,6 +330,7 @@ BlockBackend *blk_new(uint64_t perm, uint64_t shared_perm)
 blk->refcnt = 1;
 blk->perm = perm;
 blk->shared_perm = shared_perm;
+blk->stay_at_node = stay_at_node;
 blk_set_enable_write_cache(blk, true);
 
 blk->on_read_error = BLOCKDEV_ON_ERROR_REPORT;
@@ -336,6 +346,16 @@ BlockBackend *blk_new(uint64_t perm, uint64_t shared_perm)
 return blk;
 }
 
+BlockBackend *blk_new(uint64_t perm, uint64_t shared_perm)
+{
+return blk_new_common(perm, shared_perm, false);
+}
+
+BlockBackend *blk_new_pinned(uint64_t perm, uint64_t shared_perm)
+{
+return blk_new_common(perm, shared_perm, true);
+}
+
 /*
  * Creates a new BlockBackend, opens a new BlockDriverState, and connects both.
  *
@@ -796,6 +816,7 @@ int blk_insert_bs(BlockBackend *blk, BlockDriverState *bs, 
Error **errp)
 if (blk->root == NULL) {
 return -EPERM;
 }
+blk->root->stay_at_node = blk->stay_at_node;
 bdrv_ref(bs);
 
 notifier_list_notify(>insert_bs_notifiers, blk);
-- 
2.18.0

[Qemu-devel] [PATCH 0/2] introduce pinned blk

[Vladimir Sementsov-Ogievskiy]

Hi all.

Here is a proposal of replacing workaround in mirror, when
we have to move filter node back to block-job blk after
bdrv_replace_node.

Vladimir Sementsov-Ogievskiy (2):
  block: introduce pinned blk
  blockjob: use blk_new_pinned in block_job_create

 include/block/block_int.h  |  6 ++
 include/sysemu/block-backend.h |  1 +
 block.c|  2 +-
 block/block-backend.c  | 23 ++-
 block/mirror.c |  6 +-
 blockjob.c |  2 +-
 6 files changed, 32 insertions(+), 8 deletions(-)

-- 
2.18.0

Re: [Qemu-devel] [PATCH] net/colo-compare.c: Fix a crash in COLO Primary.

[Zhang, Chen]

> -Original Message-
> From: Lukas Straub [mailto:lukasstra...@web.de]
> Sent: Friday, April 19, 2019 9:56 PM
> To: qemu-devel@nongnu.org
> Cc: Zhang, Chen 
> Subject: [PATCH] net/colo-compare.c: Fix a crash in COLO Primary.
> 
> From: Lukas Straub  Fixes the following bug:
> https://bugs.launchpad.net/qemu/+bug/1824622

It looks good for me, but I think you need add more comments in commit message,
For example what situation will trigger this bug and why it will occur.
After that, I think you can close the bug in Launchpad.

Thanks
Zhang Chen

> 
> Signed-off-by: Lukas Straub 
> ---
>  net/colo-compare.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/net/colo-compare.c b/net/colo-compare.c index
> bf10526f05..fcb491121b 100644
> --- a/net/colo-compare.c
> +++ b/net/colo-compare.c
> @@ -813,9 +813,8 @@ static void colo_compare_handle_event(void *opaque)
>  break;
>  }
> 
> -assert(event_unhandled_count > 0);
> -
>  qemu_mutex_lock(_mtx);
> +assert(event_unhandled_count > 0);
>  event_unhandled_count--;
>  qemu_cond_broadcast(_complete_cond);
>  qemu_mutex_unlock(_mtx);
> --
> 2.20.1

Re: [Qemu-devel] [PATCH v2] hw/char/escc: Lower irq when transmit buffer is filled

[Stephen Checkoway]

> On Apr 18, 2019, at 08:13, Philippe Mathieu-Daudé  wrote:
> 
> On 4/17/19 2:50 AM, Stephen Checkoway wrote:
>> The SCC/ESCC will briefly stop asserting an interrupt when the
>> transmit FIFO is filled.
>> 
>> This code doesn't model the transmit FIFO/shift register so the
>> pending transmit interrupt is never deasserted which means that an
>> edge-triggered interrupt controller will never see the low-to-high
>> transition it needs to raise another interrupt. The practical
>> consequence of this is that guest firmware with an interrupt service
>> routine for the ESCC that does not send all of the data it has
>> immediately will stop sending data if the following sequence of
>> events occurs:
>> 1. Disable processor interrupts
>> 2. Write a character to the ESCC
>> 3. Add additional characters to a buffer which is drained by the ISR
>> 4. Enable processor interrupts
>> 
>> In this case, the first character will be sent, the interrupt will
>> fire and the ISR will output the second character. Since the pending
>> transmit interrupt remains asserted, no additional interrupts will
>> ever fire.
> 
> You might want to add a line expliciting the chipset model which forced
> you to do that patch (Z85C30).

Done.

Thanks for looking at this.

-- 
Stephen Checkoway

[Qemu-devel] [PATCH v3] hw/char/escc: Lower irq when transmit buffer is filled

[Stephen Checkoway]

The SCC/ESCC will briefly stop asserting an interrupt when the
transmit FIFO is filled.

This code doesn't model the transmit FIFO/shift register so the
pending transmit interrupt is never deasserted which means that an
edge-triggered interrupt controller will never see the low-to-high
transition it needs to raise another interrupt. The practical
consequence of this is that guest firmware with an interrupt service
routine for the ESCC that does not send all of the data it has
immediately will stop sending data if the following sequence of
events occurs:
1. Disable processor interrupts
2. Write a character to the ESCC
3. Add additional characters to a buffer which is drained by the ISR
4. Enable processor interrupts

In this case, the first character will be sent, the interrupt will
fire and the ISR will output the second character. Since the pending
transmit interrupt remains asserted, no additional interrupts will
ever fire.

This behavior was triggered by firmware for an embedded system with a
Z85C30 which necessitated this patch.

This patch fixes that situation by explicitly lowering the IRQ when a
character is written to the buffer and no other interrupts are currently
pending.

Signed-off-by: Stephen Checkoway 
Reviewed-by: Philippe Mathieu-Daudé 
---

I added a sentence about the Z85C30 necessitating this to the commit message.

 hw/char/escc.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/char/escc.c b/hw/char/escc.c
index 628f5f81f7..c5b05a63f1 100644
--- a/hw/char/escc.c
+++ b/hw/char/escc.c
@@ -509,6 +509,13 @@ static void escc_mem_write(void *opaque, hwaddr addr,
 break;
 case SERIAL_DATA:
 trace_escc_mem_writeb_data(CHN_C(s), val);
+/*
+ * Lower the irq when data is written to the Tx buffer and no other
+ * interrupts are currently pending. The irq will be raised again once
+ * the Tx buffer becomes empty below.
+ */
+s->txint = 0;
+escc_update_irq(s);
 s->tx = val;
 if (s->wregs[W_TXCTRL2] & TXCTRL2_TXEN) { // tx enabled
 if (qemu_chr_fe_backend_connected(>chr)) {
-- 
2.20.1 (Apple Git-117)

[Qemu-devel] [PATCH v3 2/3] block/io: bdrv_pdiscard: support int64_t bytes parameter

[Vladimir Sementsov-Ogievskiy]

This fixes at least one overflow in qcow2_process_discards, which
passes 64bit region length to bdrv_pdiscard which bytes (or sectors in
the past) parameter is int since it's introduction in 0b919fae.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 include/block/block.h |  4 ++--
 block/io.c| 16 
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/include/block/block.h b/include/block/block.h
index c7a26199aa..69fa18867e 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -432,8 +432,8 @@ void bdrv_drain_all(void);
 AIO_WAIT_WHILE(bdrv_get_aio_context(bs_),  \
cond); })
 
-int bdrv_pdiscard(BdrvChild *child, int64_t offset, int bytes);
-int bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes);
+int bdrv_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes);
+int bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes);
 int bdrv_has_zero_init_1(BlockDriverState *bs);
 int bdrv_has_zero_init(BlockDriverState *bs);
 bool bdrv_unallocated_blocks_are_zero(BlockDriverState *bs);
diff --git a/block/io.c b/block/io.c
index dfc153b8d8..35c4157669 100644
--- a/block/io.c
+++ b/block/io.c
@@ -2653,7 +2653,7 @@ int bdrv_flush(BlockDriverState *bs)
 typedef struct DiscardCo {
 BdrvChild *child;
 int64_t offset;
-int bytes;
+int64_t bytes;
 int ret;
 } DiscardCo;
 static void coroutine_fn bdrv_pdiscard_co_entry(void *opaque)
@@ -2664,14 +2664,15 @@ static void coroutine_fn bdrv_pdiscard_co_entry(void 
*opaque)
 aio_wait_kick();
 }
 
-int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes)
+int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset,
+  int64_t bytes)
 {
 BdrvTrackedRequest req;
 int max_pdiscard, ret;
 int head, tail, align;
 BlockDriverState *bs = child->bs;
 
-if (!bs || !bs->drv) {
+if (!bs || !bs->drv || !bdrv_is_inserted(bs)) {
 return -ENOMEDIUM;
 }
 
@@ -2679,9 +2680,8 @@ int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, 
int64_t offset, int bytes)
 return -EPERM;
 }
 
-ret = bdrv_check_byte_request(bs, offset, bytes);
-if (ret < 0) {
-return ret;
+if (offset < 0) {
+return -EIO;
 }
 
 /* Do nothing if disabled.  */
@@ -2716,7 +2716,7 @@ int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, 
int64_t offset, int bytes)
 assert(max_pdiscard >= bs->bl.request_alignment);
 
 while (bytes > 0) {
-int num = bytes;
+int64_t num = bytes;
 
 if (head) {
 /* Make small requests to get to alignment boundaries. */
@@ -2778,7 +2778,7 @@ out:
 return ret;
 }
 
-int bdrv_pdiscard(BdrvChild *child, int64_t offset, int bytes)
+int bdrv_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes)
 {
 Coroutine *co;
 DiscardCo rwco = {
-- 
2.18.0

[Qemu-devel] [PATCH v3 0/3] Fix overflow bug in qcow2 discard

[Vladimir Sementsov-Ogievskiy]

v3: don't filter mapping info from qemu-img map output, otherwise
it don't show what I try to check [sorry for extra noise in list]

v2: [mostly by Eric's review]
01: new
02: point to bug introducing commit in cover letter [Eric]
 [but I failed to compile it, to check]
drop s/INT_MAX/BDRV_REQUEST_MAX_BYTES/ chunk
03: - improve wording
- cheating with preallocation=metadata and discards
  to make test quick and not eating disk space
- use new trace-point
- move it to be 250 iotest
- filter out extra qemu-img info output

Vladimir Sementsov-Ogievskiy (3):
  block/qcow2-refcount: add trace-point to qcow2_process_discards
  block/io: bdrv_pdiscard: support int64_t bytes parameter
  iotests: test big qcow2 shrink

 include/block/block.h  |  4 +--
 block/io.c | 16 -
 block/qcow2-refcount.c |  7 +++-
 block/trace-events |  3 ++
 tests/qemu-iotests/250 | 72 ++
 tests/qemu-iotests/250.out | 21 +++
 tests/qemu-iotests/group   |  1 +
 7 files changed, 113 insertions(+), 11 deletions(-)
 create mode 100755 tests/qemu-iotests/250
 create mode 100644 tests/qemu-iotests/250.out

-- 
2.18.0

[Qemu-devel] [PATCH v3 1/3] block/qcow2-refcount: add trace-point to qcow2_process_discards

[Vladimir Sementsov-Ogievskiy]

Let's at least trace ignored failure.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/qcow2-refcount.c | 7 ++-
 block/trace-events | 3 +++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index e0fe322500..60284bcaac 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -30,6 +30,7 @@
 #include "qemu/range.h"
 #include "qemu/bswap.h"
 #include "qemu/cutils.h"
+#include "trace.h"
 
 static int64_t alloc_clusters_noref(BlockDriverState *bs, uint64_t size,
 uint64_t max);
@@ -738,7 +739,11 @@ void qcow2_process_discards(BlockDriverState *bs, int ret)
 
 /* Discard is optional, ignore the return value */
 if (ret >= 0) {
-bdrv_pdiscard(bs->file, d->offset, d->bytes);
+int r2 = bdrv_pdiscard(bs->file, d->offset, d->bytes);
+if (r2 < 0) {
+trace_qcow2_process_discards_failed_region(d->offset, d->bytes,
+   r2);
+}
 }
 
 g_free(d);
diff --git a/block/trace-events b/block/trace-events
index 7335a42540..ea508f637e 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -91,6 +91,9 @@ qcow2_cache_get_done(void *co, int c, int i) "co %p 
is_l2_cache %d index %d"
 qcow2_cache_flush(void *co, int c) "co %p is_l2_cache %d"
 qcow2_cache_entry_flush(void *co, int c, int i) "co %p is_l2_cache %d index %d"
 
+# qcow2-refcount.c
+qcow2_process_discards_failed_region(uint64_t offset, uint64_t bytes, int ret) 
"offset 0x%" PRIx64 " bytes 0x%" PRIx64 " ret %d"
+
 # qed-l2-cache.c
 qed_alloc_l2_cache_entry(void *l2_cache, void *entry) "l2_cache %p entry %p"
 qed_unref_l2_cache_entry(void *entry, int ref) "entry %p ref %d"
-- 
2.18.0

[Qemu-devel] [PATCH v2 2/3] block/io: bdrv_pdiscard: support int64_t bytes parameter

[Vladimir Sementsov-Ogievskiy]

This fixes at least one overflow in qcow2_process_discards, which
passes 64bit region length to bdrv_pdiscard which bytes (or sectors in
the past) parameter is int since it's introduction in 0b919fae.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 include/block/block.h |  4 ++--
 block/io.c| 16 
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/include/block/block.h b/include/block/block.h
index c7a26199aa..69fa18867e 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -432,8 +432,8 @@ void bdrv_drain_all(void);
 AIO_WAIT_WHILE(bdrv_get_aio_context(bs_),  \
cond); })
 
-int bdrv_pdiscard(BdrvChild *child, int64_t offset, int bytes);
-int bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes);
+int bdrv_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes);
+int bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes);
 int bdrv_has_zero_init_1(BlockDriverState *bs);
 int bdrv_has_zero_init(BlockDriverState *bs);
 bool bdrv_unallocated_blocks_are_zero(BlockDriverState *bs);
diff --git a/block/io.c b/block/io.c
index dfc153b8d8..35c4157669 100644
--- a/block/io.c
+++ b/block/io.c
@@ -2653,7 +2653,7 @@ int bdrv_flush(BlockDriverState *bs)
 typedef struct DiscardCo {
 BdrvChild *child;
 int64_t offset;
-int bytes;
+int64_t bytes;
 int ret;
 } DiscardCo;
 static void coroutine_fn bdrv_pdiscard_co_entry(void *opaque)
@@ -2664,14 +2664,15 @@ static void coroutine_fn bdrv_pdiscard_co_entry(void 
*opaque)
 aio_wait_kick();
 }
 
-int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes)
+int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset,
+  int64_t bytes)
 {
 BdrvTrackedRequest req;
 int max_pdiscard, ret;
 int head, tail, align;
 BlockDriverState *bs = child->bs;
 
-if (!bs || !bs->drv) {
+if (!bs || !bs->drv || !bdrv_is_inserted(bs)) {
 return -ENOMEDIUM;
 }
 
@@ -2679,9 +2680,8 @@ int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, 
int64_t offset, int bytes)
 return -EPERM;
 }
 
-ret = bdrv_check_byte_request(bs, offset, bytes);
-if (ret < 0) {
-return ret;
+if (offset < 0) {
+return -EIO;
 }
 
 /* Do nothing if disabled.  */
@@ -2716,7 +2716,7 @@ int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, 
int64_t offset, int bytes)
 assert(max_pdiscard >= bs->bl.request_alignment);
 
 while (bytes > 0) {
-int num = bytes;
+int64_t num = bytes;
 
 if (head) {
 /* Make small requests to get to alignment boundaries. */
@@ -2778,7 +2778,7 @@ out:
 return ret;
 }
 
-int bdrv_pdiscard(BdrvChild *child, int64_t offset, int bytes)
+int bdrv_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes)
 {
 Coroutine *co;
 DiscardCo rwco = {
-- 
2.18.0

[Qemu-devel] [PATCH v3 3/3] iotests: test big qcow2 shrink

[Vladimir Sementsov-Ogievskiy]

This test checks bug in qcow2_process_discards, fixed by previous
commit.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 tests/qemu-iotests/250 | 72 ++
 tests/qemu-iotests/250.out | 21 +++
 tests/qemu-iotests/group   |  1 +
 3 files changed, 94 insertions(+)
 create mode 100755 tests/qemu-iotests/250
 create mode 100644 tests/qemu-iotests/250.out

diff --git a/tests/qemu-iotests/250 b/tests/qemu-iotests/250
new file mode 100755
index 00..618ddef5e4
--- /dev/null
+++ b/tests/qemu-iotests/250
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+#
+# Test big discard in qcow2 shrink
+#
+# Copyright (c) 2019 Virtuozzo International GmbH. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=vsement...@virtuozzo.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+status=1   # failure is the default!
+
+_cleanup()
+{
+_cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qcow2
+_supported_proto file
+_supported_os Linux
+
+# This test checks that qcow2_process_discards does not truncate a discard
+# request > 2G.
+# To reproduce bug we need to overflow int by one sequential discard, so we
+# need size > 2G, bigger cluster size (as with default 64k we may have maximum
+# of 512M sequential data, corresponding to one L1 entry), and we need some
+# data of the beginning of the disk mapped to the end of file to prevent
+# bdrv_co_truncate(bs->file) call in qcow2_co_truncate(), which may success
+# anyway.
+
+size=2100M
+IMGOPTS="cluster_size=1M,preallocation=metadata"
+
+_make_test_img $size
+$QEMU_IO -c 'discard 0 10M' -c 'discard 2090M 10M' \
+ -c 'write 2090M 10M' -c 'write 0 10M' "$TEST_IMG" | _filter_qemu_io
+
+# Check that our trick with swapping first and last 10M chunks succeeded.
+# Otherwise test will may pass even if bdrv_pdiscard() fails in
+# qcow2_process_discards()
+$QEMU_IMG map "$TEST_IMG" | _filter_testdir
+$QEMU_IMG info "$TEST_IMG" | grep size |  _filter_testdir
+
+$QEMU_IMG -T 'qcow2_process_discards_failed*' resize --shrink "$TEST_IMG" 5M
+
+$QEMU_IMG info "$TEST_IMG" | grep size | _filter_testdir
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/250.out b/tests/qemu-iotests/250.out
new file mode 100644
index 00..37e37f0c9e
--- /dev/null
+++ b/tests/qemu-iotests/250.out
@@ -0,0 +1,21 @@
+QA output created by 250
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=2202009600 
preallocation=metadata
+discard 10485760/10485760 bytes at offset 0
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+discard 10485760/10485760 bytes at offset 2191523840
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 10485760/10485760 bytes at offset 2191523840
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 10485760/10485760 bytes at offset 0
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+Offset  Length  Mapped to   File
+0   0xa00x82f0  TEST_DIR/t.qcow2
+0x82a0  0xa00x50TEST_DIR/t.qcow2
+virtual size: 2.1G (2202009600 bytes)
+disk size: 24M
+cluster_size: 1048576
+Image resized.
+virtual size: 5.0M (5242880 bytes)
+disk size: 9.0M
+cluster_size: 1048576
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index bae7718380..588ae8b8b1 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -248,3 +248,4 @@
 246 rw auto quick
 247 rw auto quick
 248 rw auto quick
+250 rw auto quick
-- 
2.18.0

[Qemu-devel] [PATCH v2 1/3] block/qcow2-refcount: add trace-point to qcow2_process_discards

[Vladimir Sementsov-Ogievskiy]

Let's at least trace ignored failure.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/qcow2-refcount.c | 7 ++-
 block/trace-events | 3 +++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index e0fe322500..60284bcaac 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -30,6 +30,7 @@
 #include "qemu/range.h"
 #include "qemu/bswap.h"
 #include "qemu/cutils.h"
+#include "trace.h"
 
 static int64_t alloc_clusters_noref(BlockDriverState *bs, uint64_t size,
 uint64_t max);
@@ -738,7 +739,11 @@ void qcow2_process_discards(BlockDriverState *bs, int ret)
 
 /* Discard is optional, ignore the return value */
 if (ret >= 0) {
-bdrv_pdiscard(bs->file, d->offset, d->bytes);
+int r2 = bdrv_pdiscard(bs->file, d->offset, d->bytes);
+if (r2 < 0) {
+trace_qcow2_process_discards_failed_region(d->offset, d->bytes,
+   r2);
+}
 }
 
 g_free(d);
diff --git a/block/trace-events b/block/trace-events
index 7335a42540..ea508f637e 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -91,6 +91,9 @@ qcow2_cache_get_done(void *co, int c, int i) "co %p 
is_l2_cache %d index %d"
 qcow2_cache_flush(void *co, int c) "co %p is_l2_cache %d"
 qcow2_cache_entry_flush(void *co, int c, int i) "co %p is_l2_cache %d index %d"
 
+# qcow2-refcount.c
+qcow2_process_discards_failed_region(uint64_t offset, uint64_t bytes, int ret) 
"offset 0x%" PRIx64 " bytes 0x%" PRIx64 " ret %d"
+
 # qed-l2-cache.c
 qed_alloc_l2_cache_entry(void *l2_cache, void *entry) "l2_cache %p entry %p"
 qed_unref_l2_cache_entry(void *entry, int ref) "entry %p ref %d"
-- 
2.18.0

[Qemu-devel] [PATCH v2 3/3] iotests: test big qcow2 shrink

[Vladimir Sementsov-Ogievskiy]

This test checks bug in qcow2_process_discards, fixed by previous
commit.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 tests/qemu-iotests/250 | 72 ++
 tests/qemu-iotests/250.out | 21 +++
 tests/qemu-iotests/group   |  1 +
 3 files changed, 94 insertions(+)
 create mode 100755 tests/qemu-iotests/250
 create mode 100644 tests/qemu-iotests/250.out

diff --git a/tests/qemu-iotests/250 b/tests/qemu-iotests/250
new file mode 100755
index 00..ab64019dd2
--- /dev/null
+++ b/tests/qemu-iotests/250
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+#
+# Test big discard in qcow2 shrink
+#
+# Copyright (c) 2019 Virtuozzo International GmbH. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=vsement...@virtuozzo.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+status=1   # failure is the default!
+
+_cleanup()
+{
+_cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qcow2
+_supported_proto file
+_supported_os Linux
+
+# This test checks that qcow2_process_discards does not truncate a discard
+# request > 2G.
+# To reproduce bug we need to overflow int by one sequential discard, so we
+# need size > 2G, bigger cluster size (as with default 64k we may have maximum
+# of 512M sequential data, corresponding to one L1 entry), and we need some
+# data of the beginning of the disk mapped to the end of file to prevent
+# bdrv_co_truncate(bs->file) call in qcow2_co_truncate(), which may success
+# anyway.
+
+size=2100M
+IMGOPTS="cluster_size=1M,preallocation=metadata"
+
+_make_test_img $size
+$QEMU_IO -c 'discard 0 10M' -c 'discard 2090M 10M' \
+ -c 'write 2090M 10M' -c 'write 0 10M' "$TEST_IMG" | _filter_qemu_io
+
+# Check that our trick with swapping first and last 10M chunks succeeded.
+# Otherwise test will may pass even if bdrv_pdiscard() fails in
+# qcow2_process_discards()
+$QEMU_IMG map "$TEST_IMG" | _filter_qemu_img_map
+$QEMU_IMG info "$TEST_IMG" | grep size |  _filter_testdir
+
+$QEMU_IMG -T 'qcow2_process_discards_failed*' resize --shrink "$TEST_IMG" 5M
+
+$QEMU_IMG info "$TEST_IMG" | grep size | _filter_testdir
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/250.out b/tests/qemu-iotests/250.out
new file mode 100644
index 00..62ab775e6c
--- /dev/null
+++ b/tests/qemu-iotests/250.out
@@ -0,0 +1,21 @@
+QA output created by 250
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=2202009600 
preallocation=metadata
+discard 10485760/10485760 bytes at offset 0
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+discard 10485760/10485760 bytes at offset 2191523840
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 10485760/10485760 bytes at offset 2191523840
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 10485760/10485760 bytes at offset 0
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+Offset  Length  File
+0   0xa0TEST_DIR/t.IMGFMT
+0x82a0  0xa0TEST_DIR/t.IMGFMT
+virtual size: 2.1G (2202009600 bytes)
+disk size: 24M
+cluster_size: 1048576
+Image resized.
+virtual size: 5.0M (5242880 bytes)
+disk size: 9.0M
+cluster_size: 1048576
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index bae7718380..588ae8b8b1 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -248,3 +248,4 @@
 246 rw auto quick
 247 rw auto quick
 248 rw auto quick
+250 rw auto quick
-- 
2.18.0

[Qemu-devel] [PATCH v2 0/3] Fix overflow bug in qcow2 discard

[Vladimir Sementsov-Ogievskiy]

v2: [mostly by Eric's review]
01: new
02: point to bug introducing commit in cover letter [Eric]
 [but I failed to compile it, to check]
drop s/INT_MAX/BDRV_REQUEST_MAX_BYTES/ chunk
03: - improve wording
- cheating with preallocation=metadata and discards
  to make test quick and not eating disk space
- use new trace-point
- move it to be 250 iotest
- filter out extra qemu-img info output

Vladimir Sementsov-Ogievskiy (3):
  block/qcow2-refcount: add trace-point to qcow2_process_discards
  block/io: bdrv_pdiscard: support int64_t bytes parameter
  iotests: test big qcow2 shrink

 include/block/block.h  |  4 +--
 block/io.c | 16 -
 block/qcow2-refcount.c |  7 +++-
 block/trace-events |  3 ++
 tests/qemu-iotests/250 | 72 ++
 tests/qemu-iotests/250.out | 21 +++
 tests/qemu-iotests/group   |  1 +
 7 files changed, 113 insertions(+), 11 deletions(-)
 create mode 100755 tests/qemu-iotests/250
 create mode 100644 tests/qemu-iotests/250.out

-- 
2.18.0

[Qemu-devel] [PATCH] net/colo-compare.c: Fix a crash in COLO Primary.

[Lukas Straub]

From: Lukas Straub 
Fixes the following bug: https://bugs.launchpad.net/qemu/+bug/1824622

Signed-off-by: Lukas Straub 
---
 net/colo-compare.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/colo-compare.c b/net/colo-compare.c
index bf10526f05..fcb491121b 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -813,9 +813,8 @@ static void colo_compare_handle_event(void *opaque)
 break;
 }

-assert(event_unhandled_count > 0);
-
 qemu_mutex_lock(_mtx);
+assert(event_unhandled_count > 0);
 event_unhandled_count--;
 qemu_cond_broadcast(_complete_cond);
 qemu_mutex_unlock(_mtx);
--
2.20.1

Re: [Qemu-devel] [PATCH] configure: Change capstone's default state to disabled

[G 3]

On Apr 19, 2019, at 3:10 AM, Thomas Huth wrote:


On 19/04/2019 00.47, John Arbuckle wrote:
Capstone is not necessary in order to use QEMU. Disable it by  
default.

This will save the user the pain of having to figure why QEMU isn't
building when this library is missing.

Signed-off-by: John Arbuckle 
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index 1c563a7027..77d7967f92 100755
--- a/configure
+++ b/configure
@@ -433,7 +433,7 @@ opengl_dmabuf="no"
 cpuid_h="no"
 avx2_opt=""
 zlib="yes"
-capstone=""
+capstone="no"
 lzo=""
 snappy=""
 bzip2=""


AFAIK we ship capstone as a submodule, so how can this be missing?  
Also,
our philosophy is to keep everything enabled by default if  
possible, so
that the code paths don't bitrot. Thus I don't think that disabling  
this

by default is a good idea. ... so if you've got a problem here, there
must be another solution (e.g. is the system capstone detection not
working right on your system?).

 Thomas


Thank you for replying. Capstone comes with QEMU? Every time I try to  
compile QEMU I see an error relating to Capstone not being on my  
system. Why do you feel that disabling Capstone by default is not a  
good idea?


Here is the error message I see when compiling QEMU:

CHK version_gen.h
make[1]: *** No rule to make target `/Users/John/qemu-git/capstone/ 
libcapstone.a'.  Stop.

make: *** [subdir-capstone] Error 2

Re: [Qemu-devel] [PATCH RFC 1/1] block/rbd: increase dynamically the image size

[Stefano Garzarella]

Hi Kevin,

On Wed, Apr 17, 2019 at 10:04:43AM +0200, Kevin Wolf wrote:
> Am 17.04.2019 um 09:34 hat Stefano Garzarella geschrieben:
> > On Mon, Apr 15, 2019 at 10:04:52AM +0200, Kevin Wolf wrote:
> > > 
> > > I think a potential actual use case could be persistent dirty bitmaps
> > > for incremental backup. Though maybe that would be better served by
> > > using the rbd image just as a raw external data file and keeping the
> > > qcow2 metadata on a filesystem.
> > 
> > Thanks to point it out! I'll take a look to understand how to keep
> > metadata separated from the data.
> 
> I'd consider the feature still experimental, but for local files, it
> works like this:
> 
> qemu-img create -f qcow2 -o data_file=test.raw test.qcow2 4G
> 
> And then just use test.qcow2. As long as you can put everything you need
> into an rbd URL, the same approach should work. Otherwise, you may need
> to use QMP blockdev-create on creation and possibly the data-file option
> of the qcow2 driver for opening.
>

Very interesting, I'll try to add this support also in the rbd driver.

> > > How fast is rbd_resize()? Does automatically resizing for every write
> > > request actually work reasonably well in practice? If it does, there is
> > > probably little reason not to allow it, even if the use cases are rather
> > > obscure.
> > 
> > I'll try to measure the percentage of the time spent in the rbd_resize.
> > 
> > Another solution could be to pass to the rbd driver the virtual size of
> > the image and resize it only one time also if the preallocation is
> > disabled, because RBD will not allocate blocks but IIUC it only set the max
> > size.
> > 
> > Do you think make sense? Is it feasible?
> 
> In theory yes, though it requires modification of every driver that
> should be usable together with rbd (i.e. ideally all of the drivers). If
> automatic resize works good enough, I'd prefer that

I did some tests and it seems that the cost of rbd_resize() is
negligible. IIUC it only updates the metadata without allocating any
blocks (if we are growing, like that case).

Anyway the automatic resize will not affect the current use-case (raw
images on rbd), where the file size is set during the creation, so I
think there should not be side effects with this patch.

I'm also adding the support for preallocation (i.e. full) in the rbd
driver that can be useful for qcow2 images.

If you prefer I can resend this patch with the preallocation series.

Thanks,
Stefano

[Qemu-devel] [PATCH] cputlb: Fix io_readx() to respect the access_type

[Shahab Vahedi]

This change adapts io_readx() to its input access_type. Currently
io_readx() treats any memory access as a read, although it has an
input argument "MMUAccessType access_type". This results in:

1) Calling the tlb_fill() only with MMU_DATA_LOAD
2) Considering only entry->addr_read as the tlb_addr

Buglink: https://bugs.launchpad.net/qemu/+bug/1825359

Signed-off-by: Shahab Vahedi 
---
Changelog:
- Extra space before closing parenthesis is removed

 accel/tcg/cputlb.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 88cc8389e9..4a305ac942 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -878,10 +878,13 @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry 
*iotlbentry,
 CPUTLBEntry *entry;
 target_ulong tlb_addr;
 
-tlb_fill(cpu, addr, size, MMU_DATA_LOAD, mmu_idx, retaddr);
+tlb_fill(cpu, addr, size, access_type, mmu_idx, retaddr);
 
 entry = tlb_entry(env, mmu_idx, addr);
-tlb_addr = entry->addr_read;
+tlb_addr =
+(access_type == MMU_DATA_LOAD)  ? entry->addr_read  :
+(access_type == MMU_DATA_STORE) ? entry->addr_write :
+entry->addr_code;
 if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
 /* RAM access */
 uintptr_t haddr = addr + entry->addend;
-- 
2.21.0

Re: [Qemu-devel] [PATCH] cputlb: Fix io_readx() to respect the access_type

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190419103722.17062-1-shahab.vah...@gmail.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20190419103722.17062-1-shahab.vah...@gmail.com
Subject: [Qemu-devel] [PATCH] cputlb: Fix io_readx() to respect the access_type

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/20190419103722.17062-1-shahab.vah...@gmail.com -> 
patchew/20190419103722.17062-1-shahab.vah...@gmail.com
Switched to a new branch 'test'
f4446976ec cputlb: Fix io_readx() to respect the access_type

=== OUTPUT BEGIN ===
ERROR: space prohibited before that close parenthesis ')'
#33: FILE: accel/tcg/cputlb.c:885:
+(access_type == MMU_DATA_LOAD ) ? entry->addr_read  :

total: 1 errors, 0 warnings, 15 lines checked

Commit f4446976ec23 (cputlb: Fix io_readx() to respect the access_type) has 
style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190419103722.17062-1-shahab.vah...@gmail.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [Qemu-devel] [PATCH 1/2] block/io: bdrv_pdiscard: support int64_t bytes parameter

[Vladimir Sementsov-Ogievskiy]

17.04.2019 17:48, Eric Blake wrote:
> On 4/17/19 5:09 AM, Vladimir Sementsov-Ogievskiy wrote:
>> This fixes at least one overflow in qcow2_process_discards.
> 
> It's worth calling out how long the problem of passing >2G discard
> requests has been present (my reply to the cover letter tracked down
> 0b919fae as tracking a 64-bit discard region but passing it to
> bdrv_discard() which took an int sectors; I'm not sure if later changes
> to byte-based rather than sector-based made a difference).
> 
> 
>> @@ -2664,14 +2664,15 @@ static void coroutine_fn bdrv_pdiscard_co_entry(void 
>> *opaque)
>>   aio_wait_kick();
>>   }
>>   
>> -int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int 
>> bytes)
>> +int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset,
>> +  int64_t bytes)
>>   {
>>   BdrvTrackedRequest req;
>>   int max_pdiscard, ret;
>>   int head, tail, align;
>>   BlockDriverState *bs = child->bs;
>>   
>> -if (!bs || !bs->drv) {
>> +if (!bs || !bs->drv || !bdrv_is_inserted(bs)) {
> 
> This change seems unrelated? Oh, it's because you are inlining the rest
> of what bdrv_check_byte_request used to do.
> 
>>   return -ENOMEDIUM;
>>   }
>>   
>> @@ -2679,9 +2680,8 @@ int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, 
>> int64_t offset, int bytes)
>>   return -EPERM;
>>   }
>>   
>> -ret = bdrv_check_byte_request(bs, offset, bytes);
>> -if (ret < 0) {
>> -return ret;
> 
> If we keep this call in place, we can flag if there were any other
> callers that were passing truncated 64-bit quantities. But I also agree
> that now that we are switching to a 64-bit interface, we no longer have
> to check whether callers were properly limiting their requests.
> 
> Hmm - I just realized that bdrv_check_byte_request() takes a size_t
> (rather than int64_t) size argument - could this result in any other
> truncations on a 32-bit platform that don't affect 64-bit platforms?
> 
>> @@ -2711,12 +2711,13 @@ int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, 
>> int64_t offset, int bytes)
>>   goto out;
>>   }
>>   
>> -max_pdiscard = QEMU_ALIGN_DOWN(MIN_NON_ZERO(bs->bl.max_pdiscard, 
>> INT_MAX),
>> +max_pdiscard = QEMU_ALIGN_DOWN(MIN_NON_ZERO(bs->bl.max_pdiscard,
>> +BDRV_REQUEST_MAX_BYTES),
>>  align);
> 
> This change is a no-op, since BDRV_REQUEST_MAX_BYTES is already INT_MAX
> aligned down to sector size, and align is at least sector size.

It's a part of inlining bdrv_check_byte_request too.
It's MIN(SIZE_MAX, INT_MAX).. is it possible for size to less than int? seems 
not

> 
>>   assert(max_pdiscard >= bs->bl.request_alignment);
>>   
>>   while (bytes > 0) {
>> -int num = bytes;
>> +int64_t num = bytes;
>>   
>>   if (head) {
>>   /* Make small requests to get to alignment boundaries. */
>> @@ -2778,7 +2779,7 @@ out:
>>   return ret;
>>   }
>>   
>> -int bdrv_pdiscard(BdrvChild *child, int64_t offset, int bytes)
>> +int bdrv_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes)
>>   {
>>   Coroutine *co;
>>   DiscardCo rwco = {
>>
> 
> I'm not sure the patch is perfect, but I definitely agree that we want
> to support 64-byte discard length (where the block layer fragments the
> request as needed) rather than the current 32-byte discard length (where
> callers have to be careful to not suffer from truncation).
> 


-- 
Best regards,
Vladimir

Re: [Qemu-devel] [RFC 0/3] VirtIO RDMA

[Hannes Reinecke]

On 4/15/19 12:35 PM, Yuval Shaia wrote:

On Thu, Apr 11, 2019 at 07:02:15PM +0200, Cornelia Huck wrote:

On Thu, 11 Apr 2019 14:01:54 +0300
Yuval Shaia  wrote:


Data center backends use more and more RDMA or RoCE devices and more and
more software runs in virtualized environment.
There is a need for a standard to enable RDMA/RoCE on Virtual Machines.

Virtio is the optimal solution since is the de-facto para-virtualizaton
technology and also because the Virtio specification
allows Hardware Vendors to support Virtio protocol natively in order to
achieve bare metal performance.

This RFC is an effort to addresses challenges in defining the RDMA/RoCE
Virtio Specification and a look forward on possible implementation
techniques.

Open issues/Todo list:
List is huge, this is only start point of the project.
Anyway, here is one example of item in the list:
- Multi VirtQ: Every QP has two rings and every CQ has one. This means that
   in order to support for example 32K QPs we will need 64K VirtQ. Not sure
   that this is reasonable so one option is to have one for all and
   multiplex the traffic on it. This is not good approach as by design it
   introducing an optional starvation. Another approach would be multi
   queues and round-robin (for example) between them.

Typically there will be a one-to-one mapping between QPs and CPUs (on 
the guest). So while one would need to be prepared to support quite some 
QPs, the expectation is that the actual number of QPs used will be 
rather low.
In a similar vein, multiplexing QPs would be defeating the purpose, as 
the overall idea was to have _independent_ QPs to enhance parallelism.



Expectations from this posting:
In general, any comment is welcome, starting from hey, drop this as it is a
very bad idea, to yeah, go ahead, we really want it.
Idea here is that since it is not a minor effort i first want to know if
there is some sort interest in the community for such device.


My first reaction is: Sounds sensible, but it would be good to have a
spec for this :)

You'll need a spec if you want this to go forward anyway, so at least a
sketch would be good to answer questions such as how many virtqueues
you use for which purpose, what is actually put on the virtqueues,
whether there are negotiable features, and what the expectations for
the device and the driver are. It also makes it easier to understand
how this is supposed to work in practice.

If folks agree that this sounds useful, the next step would be to
reserve an id for the device type.


Thanks for the tips, will sure do that, it is that first i wanted to make
sure there is a use case here.

Waiting for any feedback from the community.

I really do like the ides; in fact, it saved me from coding a similar 
thing myself :-)


However, I'm still curious about the overall intent of this driver. 
Where would the I/O be routed _to_ ?

It's nice that we have a virtualized driver, but this driver is
intended to do I/O (even if it doesn't _do_ any I/O ATM :-)
And this I/O needs to be send to (and possibly received from)
something.

So what exactly is this something?
An existing piece of HW on the host?
If so, wouldn't it be more efficient to use vfio, either by using SR-IOV 
or by using virtio-mdev?


Another guest?
If so, how would we route the I/O from one guest to the other?
Shared memory? Implementing a full-blown RDMA switch in qemu?

Oh, and I would _love_ to have a discussion about this at KVM Forum.
Maybe I'll manage to whip up guest-to-guest RDMA connection using 
ivshmem ... let's see.


Cheers,

Hannes
--
Dr. Hannes ReineckeTeamlead Storage & Networking
h...@suse.de  +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah
HRB 21284 (AG Nürnberg)

[Qemu-devel] [PATCH] cputlb: Fix io_readx() to respect the access_type

[Shahab Vahedi]

This change adapts io_readx() to its input access_type. Currently
io_readx() treats any memory access as a read, although it has an
input argument "MMUAccessType access_type". This results in:

1) Calling the tlb_fill() only with MMU_DATA_LOAD
2) Considering only entry->addr_read as the tlb_addr

Buglink: https://bugs.launchpad.net/qemu/+bug/1825359

Signed-off-by: Shahab Vahedi 
---
 accel/tcg/cputlb.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 88cc8389e9..0daac0e806 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -878,10 +878,13 @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry 
*iotlbentry,
 CPUTLBEntry *entry;
 target_ulong tlb_addr;
 
-tlb_fill(cpu, addr, size, MMU_DATA_LOAD, mmu_idx, retaddr);
+tlb_fill(cpu, addr, size, access_type, mmu_idx, retaddr);
 
 entry = tlb_entry(env, mmu_idx, addr);
-tlb_addr = entry->addr_read;
+tlb_addr =
+(access_type == MMU_DATA_LOAD ) ? entry->addr_read  :
+(access_type == MMU_DATA_STORE) ? entry->addr_write :
+entry->addr_code;
 if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
 /* RAM access */
 uintptr_t haddr = addr + entry->addend;
-- 
2.21.0

Re: [Qemu-devel] [PATCH v4 02/11] block: Filtered children access functions

[Vladimir Sementsov-Ogievskiy]

17.04.2019 19:22, Max Reitz wrote:
> On 16.04.19 12:02, Vladimir Sementsov-Ogievskiy wrote:
>> 10.04.2019 23:20, Max Reitz wrote:
>>> What bs->file and bs->backing mean depends on the node.  For filter
>>> nodes, both signify a node that will eventually receive all R/W
>>> accesses.  For format nodes, bs->file contains metadata and data, and
>>> bs->backing will not receive writes -- instead, writes are COWed to
>>> bs->file.  Usually.
>>>
>>> In any case, it is not trivial to guess what a child means exactly with
>>> our currently limited form of expression.  It is better to introduce
>>> some functions that actually guarantee a meaning:
>>>
>>> - bdrv_filtered_cow_child() will return the child that receives requests
>>> filtered through COW.  That is, reads may or may not be forwarded
>>> (depending on the overlay's allocation status), but writes never go to
>>> this child.
>>>
>>> - bdrv_filtered_rw_child() will return the child that receives requests
>>> filtered through some very plain process.  Reads and writes issued to
>>> the parent will go to the child as well (although timing, etc. may be
>>> modified).
>>>
>>> - All drivers but quorum (but quorum is pretty opaque to the general
>>> block layer anyway) always only have one of these children: All read
>>> requests must be served from the filtered_rw_child (if it exists), so
>>> if there was a filtered_cow_child in addition, it would not receive
>>> any requests at all.
>>> (The closest here is mirror, where all requests are passed on to the
>>> source, but with write-blocking, write requests are "COWed" to the
>>> target.  But that just means that the target is a special child that
>>> cannot be introspected by the generic block layer functions, and that
>>> source is a filtered_rw_child.)
>>> Therefore, we can also add bdrv_filtered_child() which returns that
>>> one child (or NULL, if there is no filtered child).
>>>
>>> Also, many places in the current block layer should be skipping filters
>>> (all filters or just the ones added implicitly, it depends) when going
>>> through a block node chain.  They do not do that currently, but this
>>> patch makes them.
>>>
>>> One example for this is qemu-img map, which should skip filters and only
>>> look at the COW elements in the graph.  The change to iotest 204's
>>> reference output shows how using blkdebug on top of a COW node used to
>>> make qemu-img map disregard the rest of the backing chain, but with this
>>> patch, the allocation in the base image is reported correctly.
>>>
>>> Furthermore, a note should be made that sometimes we do want to access
>>> bs->backing directly.  This is whenever the operation in question is not
>>> about accessing the COW child, but the "backing" child, be it COW or
>>> not.  This is the case in functions such as bdrv_open_backing_file() or
>>> whenever we have to deal with the special behavior of @backing as a
>>> blockdev option, which is that it does not default to null like all
>>> other child references do.
>>>
>>> Finally, the query functions (query-block and query-named-block-nodes)
>>> are modified to return any filtered child under "backing", not just
>>> bs->backing or COW children.  This is so that filters do not interrupt
>>> the reported backing chain.  This changes the output of iotest 184, as
>>> the throttled node now appears as a backing child.
>>>
>>> Signed-off-by: Max Reitz 
>>> ---
>>>qapi/block-core.json   |   4 +
>>>include/block/block.h  |   1 +
>>>include/block/block_int.h  |  40 +--
>>>block.c| 210 +++--
>>>block/backup.c |   8 +-
>>>block/block-backend.c  |  16 ++-
>>>block/commit.c |  33 +++---
>>>block/io.c |  45 ---
>>>block/mirror.c |  21 ++--
>>>block/qapi.c   |  30 +++--
>>>block/stream.c |  13 +-
>>>blockdev.c |  88 +++---
>>>migration/block-dirty-bitmap.c |   4 +-
>>>nbd/server.c   |   6 +-
>>>qemu-img.c |  29 ++---
>>>tests/qemu-iotests/184.out |   7 +-
>>>tests/qemu-iotests/204.out |   1 +
>>>17 files changed, 411 insertions(+), 145 deletions(-)
>>
>> really huge... didn't you consider conversion file-by-file?
> 
> Frankly, no, I just didn’t consider it.
> 
> Hm.  I don’t know, 30-patch series always look so frightening.
> 
>>> diff --git a/block.c b/block.c
>>> index 16615bc876..e8f6febda0 100644
>>> --- a/block.c
>>> +++ b/block.c
>>
>> [..]
>>
>>>
>>> @@ -3467,14 +3469,17 @@ static int 
>>> bdrv_reopen_parse_backing(BDRVReopenState *reopen_state,
>>>/*
>>> * Find the "actual" backing file by skipping all links that point
>>> * to an implicit node, if any (e.g. a commit filter node).
>>> + * We cannot 

[Qemu-devel] [Bug 1818367] Re: Initialization of device cfi.pflash01 failed: Block node is read-only

[José Pekkarinen]

oh well, it turns out to be actually related, it turns out
virt-aa-helper is skipping the code file of ovmf:

2019-04-19 10:06:43.576+: 9272: error : AppArmorGenSecurityLabel:469 : 
internal error: cannot load AppArmor profile 
'libvirt-34c41008-ab91-483b-959c-81a7a12ae9be'
2019-04-19 10:09:25.751+: 9270: error : virCommandWait:2636 : internal 
error: Child process (LIBVIRT_LOG_OUTPUTS=3:stderr /usr/libexec/virt-aa-helper 
-c -u libvirt-34c41008-ab91-483b-959c-81a7a12ae9be) unexpected exit status 1: 
2019-04-19 10:09:25.750+: 13797: info : libvirt version: 5.2.0
2019-04-19 10:09:25.750+: 13797: info : hostname: mole
2019-04-19 10:09:25.750+: 13797: error : virStorageFileBackendFileRead:129 
: Failed to open file '/dev/mole-vg0/os-1-vda': Permission denied
2019-04-19 10:09:25.750+: 13797: error : virStorageFileBackendFileRead:129 
: Failed to open file '/dev/mole-vg0/os-1-vdb': Permission denied
virt-aa-helper: error: /usr/share/edk2-ovmf/OVMF_CODE.fd
virt-aa-helper: error: skipped restricted file
virt-aa-helper: error: invalid VM definition

The domain now looks like:

 


   [40/100]
  os-1
  34c41008-ab91-483b-959c-81a7a12ae9be
  8388608
  8388608 
 
  
 

  4
 
hvm 
 
/usr/share/edk2-ovmf/OVMF_CODE.fd
/var/lib/libvirt/qemu/nvram/os-1_VARS.fd
   
   

  
 
 

  
  
  


 
  
  destroy
  restart  
  destroy
  



   
 
/usr/bin/qemu-system-x86_64

   
 
  
  
  


  
  
  
  


  


  
  


  
  


  
  



  


  
  
  
  


  
  
  
  


  

  


  




  


  
  


  

  


-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1818367

Title:
  Initialization of device cfi.pflash01 failed: Block node is read-only

Status in libvirt:
  New
Status in QEMU:
  Invalid

Bug description:
  Hi,

  I have several vms defined in libvirt using ovmf for uefi, since a later
  update of my server I'm unable to start any of the domains defined. This is
  an example of the output given:

  # virsh start os-1
  error: Failed to start domain os-1
  error: internal error: qemu unexpectedly closed the monitor: 
2019-03-02T21:23:51.726446Z qemu-system-x86_64: Initialization of device 
cfi.pflash01 failed: Block node is read-only

  an example of domain is like this:

 


 
os-1   


 
34c41008-ab91-483b-959c-81a7a12ae9be   


 
8388608 


 
8388608   


 
 


 

  

[Qemu-devel] [PATCH V1 0/3] Leon3 patches

[KONRAD Frederic]

Hi all,

Those are some little fixes for the leon3 machine:
  * The first part has already been submitted before and has been reworked
to follow Philippe's advice see:
  <1519898536-19027-1-git-send-email-frederic.kon...@adacore.com>
  "grlib_apbuart: always enable tx and rx"
  * The second part adds AHB and APB plug and play devices to allow to boot
linux.
  * The third part adds myself to the MAINTAINERS for this board.

The test images are available here: https://www.gaisler.com/anonftp/linux/lin
ux-2.6/images/leon-linux-4.9/leon-linux-4.9-1.0/up/

Tested with:
  qemu-system-sparc -M leon3_generic --nographic --kernel image.ram

Regards,
Fred

KONRAD Frederic (3):
  leon3: add a little bootloader
  leon3: introduce the plug and play mecanism
  MAINTAINERS: add myself for leon3

 MAINTAINERS |   1 +
 hw/misc/Makefile.objs   |   2 +
 hw/misc/grlib_ahb_apb_pnp.c | 269 
 hw/sparc/leon3.c| 110 +--
 include/hw/misc/grlib_ahb_apb_pnp.h |  60 
 include/hw/sparc/grlib.h|  35 +++--
 6 files changed, 451 insertions(+), 26 deletions(-)
 create mode 100644 hw/misc/grlib_ahb_apb_pnp.c
 create mode 100644 include/hw/misc/grlib_ahb_apb_pnp.h

-- 
1.8.3.1

[Qemu-devel] [PATCH V1 2/3] leon3: introduce the plug and play mecanism

[KONRAD Frederic]

This adds the AHB and APB plug and play devices.
They are scanned during the linux boot to discover the various peripheral.

Signed-off-by: KONRAD Frederic 
---
 hw/misc/Makefile.objs   |   2 +
 hw/misc/grlib_ahb_apb_pnp.c | 269 
 hw/sparc/leon3.c|  34 -
 include/hw/misc/grlib_ahb_apb_pnp.h |  60 
 include/hw/sparc/grlib.h|  35 +++--
 5 files changed, 382 insertions(+), 18 deletions(-)
 create mode 100644 hw/misc/grlib_ahb_apb_pnp.c
 create mode 100644 include/hw/misc/grlib_ahb_apb_pnp.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index c71e07a..77b9df9 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -77,3 +77,5 @@ obj-$(CONFIG_AUX) += auxbus.o
 obj-$(CONFIG_ASPEED_SOC) += aspeed_scu.o aspeed_sdmc.o
 obj-$(CONFIG_MSF2) += msf2-sysreg.o
 obj-$(CONFIG_NRF51_SOC) += nrf51_rng.o
+
+obj-$(CONFIG_GRLIB) += grlib_ahb_apb_pnp.o
diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c
new file mode 100644
index 000..90d5f6e
--- /dev/null
+++ b/hw/misc/grlib_ahb_apb_pnp.c
@@ -0,0 +1,269 @@
+/*
+ * GRLIB AHB APB PNP
+ *
+ *  Copyright (C) 2019 AdaCore
+ *
+ *  Developed by :
+ *  Frederic Konrad   
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/misc/grlib_ahb_apb_pnp.h"
+
+#define GRLIB_PNP_VENDOR_SHIFT (24)
+#define GRLIB_PNP_VENDOR_SIZE   (8)
+#define GRLIB_PNP_DEV_SHIFT(12)
+#define GRLIB_PNP_DEV_SIZE (12)
+#define GRLIB_PNP_VER_SHIFT (5)
+#define GRLIB_PNP_VER_SIZE  (5)
+#define GRLIB_PNP_IRQ_SHIFT (0)
+#define GRLIB_PNP_IRQ_SIZE  (5)
+#define GRLIB_PNP_ADDR_SHIFT   (20)
+#define GRLIB_PNP_ADDR_SIZE(12)
+#define GRLIB_PNP_MASK_SHIFT(4)
+#define GRLIB_PNP_MASK_SIZE(12)
+
+#define GRLIB_AHB_DEV_ADDR_SHIFT   (20)
+#define GRLIB_AHB_DEV_ADDR_SIZE(12)
+#define GRLIB_AHB_ENTRY_SIZE   (0x20)
+#define GRLIB_AHB_MAX_DEV  (64)
+#define GRLIB_AHB_SLAVE_OFFSET (0x800)
+
+#define GRLIB_APB_DEV_ADDR_SHIFT   (8)
+#define GRLIB_APB_DEV_ADDR_SIZE(12)
+#define GRLIB_APB_ENTRY_SIZE   (0x08)
+#define GRLIB_APB_MAX_DEV  (512)
+
+#define GRLIB_PNP_MAX_REGS (0x1000)
+
+typedef struct AHBPnp {
+SysBusDevice parent_obj;
+MemoryRegion iomem;
+
+uint32_t regs[GRLIB_PNP_MAX_REGS >> 2];
+uint8_t master_count;
+uint8_t slave_count;
+} AHBPnp;
+
+void grlib_ahb_pnp_add_entry(AHBPnp *dev, uint32_t address, uint32_t mask,
+ uint8_t vendor, uint16_t device, int slave,
+ int type)
+{
+unsigned int reg_start;
+
+/*
+ * AHB entries look like this:
+ *
+ * 31  23  11 - 9  4 --- 0
+ *  | VENDOR ID | DEVICE ID | IRQ ? | VERSION  | IRQ |
+ *  --
+ *  |  USER  |
+ *  --
+ *  |  USER  |
+ *  --
+ *  |  USER  |
+ *  --
+ *  |  USER  |
+ *  --
+ * 31 --- 20 --- 15 - 3  0
+ *  | ADDR[31..12] | 00PC |MASK   | TYPE |
+ *  --
+ * 31 --- 20 --- 15 - 3  0
+ *  | ADDR[31..12] | 00PC |MASK   | TYPE |
+ *  --
+ * 31 --- 20 --- 15 - 3  0
+ *  | ADDR[31..12] | 00PC |MASK   | TYPE |
+ *  --
+ * 31 --- 20 --- 15 - 3  0
+ *  | ADDR[31..12] | 00PC |MASK   | TYPE |
+ *  --
+ */
+
+if (slave) {
+assert(dev->slave_count < GRLIB_AHB_MAX_DEV);
+reg_start = (GRLIB_AHB_SLAVE_OFFSET
+  + (dev->slave_count * GRLIB_AHB_ENTRY_SIZE)) >> 2;
+dev->slave_count++;
+} else {
+

[Qemu-devel] [PATCH V1 1/3] leon3: add a little bootloader

[KONRAD Frederic]

This adds a little bootloader to the leon3_machine when a ram image is
given through the kernel parameter and no bios are provided:
  * The UART transmiter is enabled.
  * The TIMER is initialized.

Signed-off-by: KONRAD Frederic 
---
 hw/sparc/leon3.c | 80 +---
 1 file changed, 70 insertions(+), 10 deletions(-)

diff --git a/hw/sparc/leon3.c b/hw/sparc/leon3.c
index 774639a..2c6f486 100644
--- a/hw/sparc/leon3.c
+++ b/hw/sparc/leon3.c
@@ -1,7 +1,7 @@
 /*
  * QEMU Leon3 System Emulator
  *
- * Copyright (c) 2010-2011 AdaCore
+ * Copyright (c) 2010-2019 AdaCore
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to 
deal
@@ -44,6 +44,8 @@
 #define CPU_CLK (40 * 1000 * 1000)
 
 #define PROM_FILENAME"u-boot.bin"
+#define LEON3_PROM_OFFSET(0x)
+#define LEON3_RAM_OFFSET (0x4000)
 
 #define MAX_PILS 16
 
@@ -53,6 +55,55 @@ typedef struct ResetData {
 target_ulong sp;/* initial stack pointer */
 } ResetData;
 
+static uint32_t *gen_write_to_addr(uint32_t *code, hwaddr addr, uint32_t val)
+{
+stl_p(code++, 0x8210); /* mov %g0, %g1*/
+stl_p(code++, 0x8410); /* mov %g0, %g2*/
+stl_p(code++, 0x0300 +
+  extract32(addr, 10, 22));
+   /* sethi %hi(addr), %g1*/
+stl_p(code++, 0x82106000 +
+  extract32(addr, 0, 10));
+   /* or %g1, addr, %g1   */
+stl_p(code++, 0x0500 +
+  extract32(val, 10, 22));
+   /* sethi %hi(val), %g2 */
+stl_p(code++, 0x8410a000 +
+  extract32(val, 0, 10));
+   /* or %g2, val, %g2*/
+stl_p(code++, 0xc4204000); /* st %g2, [ %g1 ] */
+
+return code;
+}
+
+/*
+ * When loading a kernel in RAM the machine is expected to be in a different
+ * state (eg: initialized by the bootloader). This little code reproduces
+ * this behavior.
+ */
+static void write_bootloader(CPUSPARCState *env, uint8_t *base,
+ hwaddr kernel_addr)
+{
+uint32_t *p = (uint32_t *) base;
+
+/* Initialize the UARTs*/
+p = gen_write_to_addr(p, 0x8108, 3);
+
+/* Initialize the TIMER 0  */
+p = gen_write_to_addr(p, 0x8304, 39);
+p = gen_write_to_addr(p, 0x8314, 0xFFFE);
+p = gen_write_to_addr(p, 0x8318, 3);
+
+/* JUMP to the entry point */
+stl_p(p++, 0x8210); /* mov %g0, %g1*/
+stl_p(p++, 0x0300 + extract32(kernel_addr, 10, 22));
+/* sethi %hi(kernel_addr), %g1 */
+stl_p(p++, 0x82106000 + extract32(kernel_addr, 0, 10));
+/* or kernel_addr, %g1 */
+stl_p(p++, 0x81c04000); /* jmp  %g1 */
+stl_p(p++, 0x0100); /* nop */
+}
+
 static void main_cpu_reset(void *opaque)
 {
 ResetData *s   = (ResetData *)opaque;
@@ -131,11 +182,12 @@ static void leon3_generic_hw_init(MachineState *machine)
 /* Reset data */
 reset_info= g_malloc0(sizeof(ResetData));
 reset_info->cpu   = cpu;
-reset_info->sp= 0x4000 + ram_size;
+reset_info->sp= LEON3_RAM_OFFSET + ram_size;
 qemu_register_reset(main_cpu_reset, reset_info);
 
 /* Allocate IRQ manager */
-grlib_irqmp_create(0x8200, env, _irqs, MAX_PILS, 
_set_pil_in);
+grlib_irqmp_create(0x8200, env, _irqs, MAX_PILS,
+   _set_pil_in);
 
 env->qemu_irq_ack = leon3_irq_manager;
 
@@ -148,13 +200,13 @@ static void leon3_generic_hw_init(MachineState *machine)
 }
 
 memory_region_allocate_system_memory(ram, NULL, "leon3.ram", ram_size);
-memory_region_add_subregion(address_space_mem, 0x4000, ram);
+memory_region_add_subregion(address_space_mem, LEON3_RAM_OFFSET, ram);
 
 /* Allocate BIOS */
 prom_size = 8 * MiB;
 memory_region_init_ram(prom, NULL, "Leon3.bios", prom_size, _fatal);
 memory_region_set_readonly(prom, true);
-memory_region_add_subregion(address_space_mem, 0x, prom);
+memory_region_add_subregion(address_space_mem, LEON3_PROM_OFFSET, prom);
 
 /* Load boot prom */
 if (bios_name == NULL) {
@@ -174,7 +226,7 @@ static void leon3_generic_hw_init(MachineState *machine)
 }
 
 if (bios_size > 0) {
-ret = load_image_targphys(filename, 0x, bios_size);
+ret = load_image_targphys(filename, LEON3_PROM_OFFSET, bios_size);
 if (ret < 0 || ret > prom_size) {
 error_report("could not load prom '%s'", filename);
 exit(1);
@@ -198,10 +250,18 @@ static void leon3_generic_hw_init(MachineState *machine)
 exit(1);
 }
 if (bios_size <= 0) {
-/* If there is no 

[Qemu-devel] [PATCH V1 3/3] MAINTAINERS: add myself for leon3

[KONRAD Frederic]

Signed-off-by: KONRAD Frederic 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 56139ac..3543035 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1151,6 +1151,7 @@ F: include/hw/timer/sun4v-rtc.h
 
 Leon3
 M: Fabien Chouteau 
+M: KONRAD Frederic 
 S: Maintained
 F: hw/sparc/leon3.c
 F: hw/*/grlib*
-- 
1.8.3.1

[Qemu-devel] [Bug 1818367] Re: Initialization of device cfi.pflash01 failed: Block node is read-only

[José Pekkarinen]

thanks for the thorough pointers Laszlo, I did and run in different kind
of issues, and given that I was just having the vars around I really wonder
how it ever worked, perhaps I copied the unified and I forgot, as gentoo
thas provide it:

# du -h /usr/share/edk2-ovmf/*
1.9M/usr/share/edk2-ovmf/OVMF_CODE.fd
2.0M/usr/share/edk2-ovmf/OVMF.fd
128K/usr/share/edk2-ovmf/OVMF_VARS.fd

Thanks!

José

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1818367

Title:
  Initialization of device cfi.pflash01 failed: Block node is read-only

Status in libvirt:
  New
Status in QEMU:
  Invalid

Bug description:
  Hi,

  I have several vms defined in libvirt using ovmf for uefi, since a later
  update of my server I'm unable to start any of the domains defined. This is
  an example of the output given:

  # virsh start os-1
  error: Failed to start domain os-1
  error: internal error: qemu unexpectedly closed the monitor: 
2019-03-02T21:23:51.726446Z qemu-system-x86_64: Initialization of device 
cfi.pflash01 failed: Block node is read-only

  an example of domain is like this:

 


 
os-1   


 
34c41008-ab91-483b-959c-81a7a12ae9be   


 
8388608 


 
8388608   


 
 


 



 



 
4  


 



 
  hvm   


 
  /var/lib/libvirt/qemu/nvram/os-1-ovmf.fd   


 
   


 



 
   


 

[Qemu-devel] [Bug 1825452] Re: Pulse audio backend doesn't work in v4.0.0-rc4 release

[Ivan Volosyuk]

Removing this lines makes pa backend work fine again. Much better than
3.x versions due to buffer fixes.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1825452

Title:
  Pulse audio backend doesn't work in  v4.0.0-rc4 release

Status in QEMU:
  New

Bug description:
  Using Gentoo linux, build from source: qemu v4.0.0-rc4 release
  (eeba63fc7fface36f438bcbc0d3b02e7dcb59983)

  Pulse audio backend doesn't initialize because of the:
  audio/paaudio.c:
  -if (!popts->has_server) {
  -char pidfile[64];
  -char *runtime;
  -struct stat st;
  -
  -runtime = getenv("XDG_RUNTIME_DIR");
  -if (!runtime) {
  -return NULL;
  -}
  -snprintf(pidfile, sizeof(pidfile), "%s/pulse/pid", runtime);
  -if (stat(pidfile, ) != 0) {
  -return NULL;
  -}
  -}
  XDG_RUNTIME_DIR is not set for me. There is no /run/user directory exist in 
my system.

  Also:
  $ less ~/.pulse/client.conf  
  default-server = unix:/home/ivan/.pulse_server

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1825452/+subscriptions

[Qemu-devel] [PATCH 2/2] drm/i915/gvt: export mdev device version to sysfs for Intel vGPU

[Yan Zhao]

This feature implements the version attribute for Intel's vGPU mdev
devices.

version attribute is rw. It is queried by userspace software like libvirt
to check whether two vGPUs are compatible for live migration.

It consists of two parts: common part and vendor proprietary part.
common part: 32 bit. lower 16 bits is vendor id and higher 16 bits
 identifies device type. e.g., for pci device, it is
 "pci vendor id" | (VFIO_DEVICE_FLAGS_PCI << 16).
vendor proprietary part: this part is varied in length. vendor driver can
 specify any string to identify a device.

For Intel vGPU of gen8 and gen9, the vendor proprietary part currently
consists of 2 fields: "device id" + "mdev type".

Reading from a vGPU's version attribute, a string is returned in below
format: 00028086--. e.g.
00028086-193b-i915-GVTg_V5_2.

Writing a string to a vGPU's version attribute will trigger GVT to check
whether a vGPU identified by the written string is compatible with
current vGPU owning this version attribute. errno is returned if the two
vGPUs are incompatible. The length of written string is returned in
compatible case.

For other platforms, and for GVT not supporting vGPU live migration
feature, errnos are returned when read/write of mdev devices' version
attributes.

For old GVT versions where no version attributes exposed in sysfs, it is
regarded as not supporting vGPU live migration.

For future platforms, besides the current 2 fields in vendor proprietary
part, more fields may be added to identify Intel vGPU well for live
migration purpose.

Cc: Alex Williamson 
Cc: Erik Skultety 
Cc: "Dr. David Alan Gilbert" 
Cc: Cornelia Huck 
Cc: "Tian, Kevin" 
Cc: Zhenyu Wang 
Cc: "Wang, Zhi A" 
c: Neo Jia 
Cc: Kirti Wankhede 

Signed-off-by: Yan Zhao 
---
 drivers/gpu/drm/i915/gvt/Makefile |  2 +-
 drivers/gpu/drm/i915/gvt/device_version.c | 94 +++
 drivers/gpu/drm/i915/gvt/gvt.c| 55 +
 drivers/gpu/drm/i915/gvt/gvt.h|  6 ++
 4 files changed, 156 insertions(+), 1 deletion(-)
 create mode 100644 drivers/gpu/drm/i915/gvt/device_version.c

diff --git a/drivers/gpu/drm/i915/gvt/Makefile 
b/drivers/gpu/drm/i915/gvt/Makefile
index 271fb46d4dd0..54e209a23899 100644
--- a/drivers/gpu/drm/i915/gvt/Makefile
+++ b/drivers/gpu/drm/i915/gvt/Makefile
@@ -3,7 +3,7 @@ GVT_DIR := gvt
 GVT_SOURCE := gvt.o aperture_gm.o handlers.o vgpu.o trace_points.o firmware.o \
interrupt.o gtt.o cfg_space.o opregion.o mmio.o display.o edid.o \
execlist.o scheduler.o sched_policy.o mmio_context.o cmd_parser.o 
debugfs.o \
-   fb_decoder.o dmabuf.o page_track.o
+   fb_decoder.o dmabuf.o page_track.o device_version.o
 
 ccflags-y  += -I$(src) -I$(src)/$(GVT_DIR)
 i915-y += $(addprefix $(GVT_DIR)/, 
$(GVT_SOURCE))
diff --git a/drivers/gpu/drm/i915/gvt/device_version.c 
b/drivers/gpu/drm/i915/gvt/device_version.c
new file mode 100644
index ..c64010d2bc54
--- /dev/null
+++ b/drivers/gpu/drm/i915/gvt/device_version.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright(c) 2011-2017 Intel Corporation. All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the next
+ * paragraph) shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 
THE
+ * SOFTWARE.
+ */
+#include 
+#include "i915_drv.h"
+
+#define GVT_VFIO_DEVICE_VENDOR_ID ((0x8086) |  \
+   ((VFIO_DEVICE_FLAGS_PCI & 0xff) << 16))
+
+#define GVT_DEVICE_VERSION_COMMON_LEN 0x8
+#define GVT_DEVICE_VERSION_DEVICE_ID_LEN 0x4
+
+static bool is_compatible(const char *self, const char *remote)
+{
+   if (strlen(remote) != strlen(self))
+   return false;
+
+   return (strncmp(self, remote, strlen(self))) ? false : true;
+}
+
+ssize_t intel_gvt_get_vfio_device_version_len(struct drm_i915_private 
*dev_priv)
+{
+   if (!IS_GEN(dev_priv, 8) && !IS_GEN(dev_priv, 9))
+   return -ENODEV;
+
+   return PAGE_SIZE;
+}
+
+ssize_t 

[Qemu-devel] [PATCH 1/2] vfio/mdev: add version field as mandatory attribute for mdev device

[Yan Zhao]

device version attribute in mdev sysfs is used by user space software
(e.g. libvirt) to query device compatibility for live migration of VFIO
mdev devices. This attribute is mandatory if a mdev device supports live
migration.

It consists of two parts: common part and vendor proprietary part.
common part: 32 bit. lower 16 bits is vendor id and higher 16 bits
 identifies device type. e.g., for pci device, it is
 "pci vendor id" | (VFIO_DEVICE_FLAGS_PCI << 16).
vendor proprietary part: this part is varied in length. vendor driver can
 specify any string to identify a device.

When reading this attribute, it should show device version string of the
device of type . If a device does not support live migration, it
should return errno.
When writing a string to this attribute, it returns errno for
incompatibility or returns written string length in compatibility case.
If a device does not support live migration, it always returns errno.

For user space software to use:
1.
Before starting live migration, user space software first reads source side
mdev device's version. e.g.
"#cat \
/sys/bus/pci/devices/\:00\:02.0/5ac1fb20-2bbf-4842-bb7e-36c58c3be9cd/mdev_type/version"
00028086-193b-i915-GVTg_V5_4

2.
Then, user space software writes the source side returned version string
to device version attribute in target side, and checks the return value.
If a negative errno is returned in the target side, then mdev devices in
source and target sides are not compatible;
If a positive number is returned and it equals to the length of written
string, then the two mdev devices in source and target side are compatible.
e.g.
(a) compatibility case
"# echo 00028086-193b-i915-GVTg_V5_4 >
/sys/bus/pci/devices/\:00\:02.0/882cc4da-dede-11e7-9180-078a62063ab1/mdev_type/version"

(b) incompatibility case
"#echo 00028086-193b-i915-GVTg_V5_1 >
/sys/bus/pci/devices/\:00\:02.0/882cc4da-dede-11e7-9180-078a62063ab1/mdev_type/version"
-bash: echo: write error: Invalid argument

3. if two mdev devices are compatible, user space software can start
live migration, and vice versa.

Note: if a mdev device does not support live migration, it either does
not provide a version attribute, or always returns errno when its version
attribute is read/written.

Cc: Alex Williamson 
Cc: Erik Skultety 
Cc: "Dr. David Alan Gilbert" 
Cc: Cornelia Huck 
Cc: "Tian, Kevin" 
Cc: Zhenyu Wang 
Cc: "Wang, Zhi A" 
Cc: Neo Jia 
Cc: Kirti Wankhede 

Signed-off-by: Yan Zhao 
---
 Documentation/vfio-mediated-device.txt | 36 ++
 samples/vfio-mdev/mbochs.c | 17 
 samples/vfio-mdev/mdpy.c   | 16 
 samples/vfio-mdev/mtty.c   | 16 
 4 files changed, 85 insertions(+)

diff --git a/Documentation/vfio-mediated-device.txt 
b/Documentation/vfio-mediated-device.txt
index c3f69bcaf96e..bc28471c0667 100644
--- a/Documentation/vfio-mediated-device.txt
+++ b/Documentation/vfio-mediated-device.txt
@@ -202,6 +202,7 @@ Directories and files under the sysfs for Each Physical 
Device
   | |   |--- available_instances
   | |   |--- device_api
   | |   |--- description
+  | |   |--- version
   | |   |--- [devices]
   | |--- []
   | |   |--- create
@@ -209,6 +210,7 @@ Directories and files under the sysfs for Each Physical 
Device
   | |   |--- available_instances
   | |   |--- device_api
   | |   |--- description
+  | |   |--- version
   | |   |--- [devices]
   | |--- []
   |  |--- create
@@ -216,6 +218,7 @@ Directories and files under the sysfs for Each Physical 
Device
   |  |--- available_instances
   |  |--- device_api
   |  |--- description
+  |  |--- version
   |  |--- [devices]
 
 * [mdev_supported_types]
@@ -225,6 +228,8 @@ Directories and files under the sysfs for Each Physical 
Device
   [], device_api, and available_instances are mandatory attributes
   that should be provided by vendor driver.
 
+  version is a mandatory attribute if a mdev device supports live migration.
+
 * []
 
   The [] name is created by adding the device driver string as a 
prefix
@@ -246,6 +251,35 @@ Directories and files under the sysfs for Each Physical 
Device
   This attribute should show the number of devices of type  that can 
be
   created.
 
+* version
+
+  This attribute is rw. It is used to check whether two devices are compatible
+  for live migration. If this attribute is missing, then the corresponding mdev
+  device is regarded as not supporting live migration.
+
+  It consists of two parts: common part and vendor proprietary part.
+  common part: 32 bit. lower 16 bits is vendor id and higher 16 bits identifies
+   device type. e.g., for pci device, it is
+   "pci vendor id" | (VFIO_DEVICE_FLAGS_PCI << 16).
+  vendor proprietary part: this part is varied in length. vendor driver can
+   specify any string to identify a 

[Qemu-devel] [PATCH 0/2] introduction of version attribute for VFIO live migration

[Yan Zhao]

This patchset introduces a version attribute under sysfs of VFIO Mediated
devices.

This version attribute is used by user space software like libvirt to
determine whether two mdev devices are compatible for live migration
before starting live migration.

Patch 1 defines version attribute as mandatory for VFIO live migration. It
means if version attribute is missing or it returns errno, the
corresponding mdev device is regarded as not supporting live migration.
samples for vfio-mdev are modified to demonstrate it.

Patch 2 uses GVT as an example to show how to expose version attribute and
check device compatibility in vendor driver.


Yan Zhao (2):
  vfio/mdev: add version field as mandatory attribute for mdev device
  drm/i915/gvt: export mdev device version to sysfs for Intel vGPU

 Documentation/vfio-mediated-device.txt| 36 +
 drivers/gpu/drm/i915/gvt/Makefile |  2 +-
 drivers/gpu/drm/i915/gvt/device_version.c | 94 +++
 drivers/gpu/drm/i915/gvt/gvt.c| 55 +
 drivers/gpu/drm/i915/gvt/gvt.h|  6 ++
 samples/vfio-mdev/mbochs.c| 17 
 samples/vfio-mdev/mdpy.c  | 16 
 samples/vfio-mdev/mtty.c  | 16 
 8 files changed, 241 insertions(+), 1 deletion(-)
 create mode 100644 drivers/gpu/drm/i915/gvt/device_version.c

-- 
2.17.1

Re: [Qemu-devel] [PATCH for-QEMU-4.1 v5 15/29] hw/arm: Express dependencies of the aspeed boards with Kconfig

[Cédric Le Goater]

On 4/18/19 8:00 PM, Thomas Huth wrote:
> Dependencies have been determined by looking at hw/arm/aspeed.c

Looks correct to me. 

Reviewed-by: Cédric Le Goater 

Thanks Thomas,

C.

> 
> Signed-off-by: Thomas Huth 
> ---
>  default-configs/arm-softmmu.mak |  7 +--
>  hw/arm/Kconfig  | 10 ++
>  2 files changed, 11 insertions(+), 6 deletions(-)
> 
> diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
> index 25e8f717ac..2580584281 100644
> --- a/default-configs/arm-softmmu.mak
> +++ b/default-configs/arm-softmmu.mak
> @@ -26,15 +26,12 @@ CONFIG_SPITZ=y
>  CONFIG_TOSA=y
>  CONFIG_Z2=y
>  CONFIG_COLLIE=y
> +CONFIG_ASPEED_SOC=y
>  
>  CONFIG_VGA=y
> -CONFIG_TMP421=y
> -CONFIG_PCA9552=y
>  CONFIG_SSI_M25P80=y
>  CONFIG_ALLWINNER_EMAC=y
>  CONFIG_IMX_FEC=y
> -CONFIG_FTGMAC100=y
> -CONFIG_DS1338=y
>  CONFIG_PLATFORM_BUS=y
>  CONFIG_VIRTIO_MMIO=y
>  
> @@ -92,8 +89,6 @@ CONFIG_I82801B11=y
>  CONFIG_ACPI=y
>  CONFIG_ARM_VIRT=y
>  CONFIG_SMBIOS=y
> -CONFIG_ASPEED_SOC=y
> -CONFIG_SMBUS_EEPROM=y
>  CONFIG_GPIO_KEY=y
>  CONFIG_MSF2=y
>  CONFIG_FW_CFG_DMA=y
> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> index 325133c129..abeaa54d88 100644
> --- a/hw/arm/Kconfig
> +++ b/hw/arm/Kconfig
> @@ -254,6 +254,16 @@ config FSL_IMX6
>  
>  config ASPEED_SOC
>  bool
> +select DS1338
> +select FTGMAC100
> +select I2C
> +select PCA9552
> +select SERIAL
> +select SMBUS_EEPROM
> +select SSI
> +select SSI_M25P80
> +select TMP105
> +select TMP421
>  
>  config MPS2
>  bool
> 

[Qemu-devel] [PATCH v2 for-4.1 0/2] Fix ohci_die() and move PCI code to separate file

[Thomas Huth]

First patch fixes a problem with ohci_die(), second patch moves PCI code into
a separate file, so that the sysbus OHCI device can also be used without
the dependency on the PCI code.

v2: Split the patch into two patches, one for the ohci_die() fix and one
for the PCI code movement.

Thomas Huth (2):
  hw/usb/hcd-ohci: Do not use PCI functions with sysbus devices in
ohci_die()
  hw/usb/hcd-ohci: Move PCI-related code into a separate file

 hw/sh4/Kconfig|   2 +-
 hw/usb/Kconfig|   6 +-
 hw/usb/Makefile.objs  |   1 +
 hw/usb/hcd-ohci-pci.c | 163 +++
 hw/usb/hcd-ohci.c | 219 --
 hw/usb/hcd-ohci.h | 104 
 6 files changed, 293 insertions(+), 202 deletions(-)
 create mode 100644 hw/usb/hcd-ohci-pci.c
 create mode 100644 hw/usb/hcd-ohci.h

-- 
2.21.0

[Qemu-devel] [PATCH v2 for-4.1 1/2] hw/usb/hcd-ohci: Do not use PCI functions with sysbus devices in ohci_die()

[Thomas Huth]

The ohci_die() function always assumes to be running with a PCI OHCI
controller and calls the PCI-specific functions pci_set_word(). However,
this function might also get called for the sysbus OHCI devices, so it
likely fails in that case. To fix this issue, change the code now, so that
there are two implementations now, one for sysbus and one for PCI, and
use the right function via a function pointer in the OHCIState structure.

Signed-off-by: Thomas Huth 
---
 hw/usb/hcd-ohci.c | 39 +++
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
index 81cf5ab7a5..6d3f556989 100644
--- a/hw/usb/hcd-ohci.c
+++ b/hw/usb/hcd-ohci.c
@@ -52,7 +52,7 @@ typedef struct OHCIPort {
 uint32_t ctrl;
 } OHCIPort;
 
-typedef struct {
+typedef struct OHCIState {
 USBBus bus;
 qemu_irq irq;
 MemoryRegion mem;
@@ -108,6 +108,7 @@ typedef struct {
 uint32_t async_td;
 bool async_complete;
 
+void (*ohci_die)(struct OHCIState *ohci);
 } OHCIState;
 
 /* Host Controller Communications Area */
@@ -302,7 +303,10 @@ struct ohci_iso_td {
 
 #define OHCI_HRESET_FSBIR   (1 << 0)
 
-static void ohci_die(OHCIState *ohci);
+static void ohci_die(OHCIState *ohci)
+{
+ohci->ohci_die(ohci);
+}
 
 /* Update IRQ levels */
 static inline void ohci_intr_update(OHCIState *ohci)
@@ -1854,13 +1858,14 @@ static USBBusOps ohci_bus_ops = {
 
 static void usb_ohci_init(OHCIState *ohci, DeviceState *dev,
   uint32_t num_ports, dma_addr_t localmem_base,
-  char *masterbus, uint32_t firstport,
-  AddressSpace *as, Error **errp)
+  char *masterbus, uint32_t firstport, AddressSpace 
*as,
+  void (*ohci_die_fn)(struct OHCIState *), Error 
**errp)
 {
 Error *err = NULL;
 int i;
 
 ohci->as = as;
+ohci->ohci_die = ohci_die_fn;
 
 if (num_ports > OHCI_MAX_PORTS) {
 error_setg(errp, "OHCI num-ports=%u is too big (limit is %u ports)",
@@ -1933,18 +1938,28 @@ typedef struct {
 uint32_t firstport;
 } OHCIPCIState;
 
-/** A typical O/EHCI will stop operating, set itself into error state
- * (which can be queried by MMIO) and will set PERR in its config
- * space to signal that it got an error
+/**
+ * A typical OHCI will stop operating and set itself into error state
+ * (which can be queried by MMIO) to signal that it got an error.
  */
-static void ohci_die(OHCIState *ohci)
+static void ohci_sysbus_die(struct OHCIState *ohci)
 {
-OHCIPCIState *dev = container_of(ohci, OHCIPCIState, state);
-
 trace_usb_ohci_die();
 
 ohci_set_interrupt(ohci, OHCI_INTR_UE);
 ohci_bus_stop(ohci);
+}
+
+/**
+ * A typical PCI OHCI will additionally set PERR in its configspace to
+ * signal that it got an error.
+ */
+static void ohci_pci_die(struct OHCIState *ohci)
+{
+OHCIPCIState *dev = container_of(ohci, OHCIPCIState, state);
+
+ohci_sysbus_die(ohci);
+
 pci_set_word(dev->parent_obj.config + PCI_STATUS,
  PCI_STATUS_DETECTED_PARITY);
 }
@@ -1959,7 +1974,7 @@ static void usb_ohci_realize_pci(PCIDevice *dev, Error 
**errp)
 
 usb_ohci_init(>state, DEVICE(dev), ohci->num_ports, 0,
   ohci->masterbus, ohci->firstport,
-  pci_get_address_space(dev), );
+  pci_get_address_space(dev), ohci_pci_die, );
 if (err) {
 error_propagate(errp, err);
 return;
@@ -2023,7 +2038,7 @@ static void ohci_realize_pxa(DeviceState *dev, Error 
**errp)
 
 usb_ohci_init(>ohci, dev, s->num_ports, s->dma_offset,
   s->masterbus, s->firstport,
-  _space_memory, );
+  _space_memory, ohci_sysbus_die, );
 if (err) {
 error_propagate(errp, err);
 return;
-- 
2.21.0

[Qemu-devel] [PATCH v2 for-4.1 2/2] hw/usb/hcd-ohci: Move PCI-related code into a separate file

[Thomas Huth]

Some machines (like the pxa2xx-based ARM machines) only have a sysbus
OHCI controller, but no PCI. With the new Kconfig-style build system,
it will soon be possible to create QEMU binaries that only contain
such PCI-less machines. However, the two OHCI controllers, for sysbus
and for PCI, are currently both located in one file, so the PCI code
is still required for linking here. Move the OHCI-PCI device code
into a separate file, so that it is possible to use the sysbus OHCI
device also without the PCI dependency.

Signed-off-by: Thomas Huth 
---
 hw/sh4/Kconfig|   2 +-
 hw/usb/Kconfig|   6 +-
 hw/usb/Makefile.objs  |   1 +
 hw/usb/hcd-ohci-pci.c | 163 +++
 hw/usb/hcd-ohci.c | 216 ++
 hw/usb/hcd-ohci.h | 104 
 6 files changed, 284 insertions(+), 208 deletions(-)
 create mode 100644 hw/usb/hcd-ohci-pci.c
 create mode 100644 hw/usb/hcd-ohci.h

diff --git a/hw/sh4/Kconfig b/hw/sh4/Kconfig
index 593662d28a..4cbce3a0ed 100644
--- a/hw/sh4/Kconfig
+++ b/hw/sh4/Kconfig
@@ -6,7 +6,7 @@ config R2D
 select I82378 if TEST_DEVICES
 select IDE_MMIO
 select PFLASH_CFI02
-select USB_OHCI
+select USB_OHCI_PCI
 select PCI
 select SM501
 select SH4
diff --git a/hw/usb/Kconfig b/hw/usb/Kconfig
index a1b7acb12a..564305e283 100644
--- a/hw/usb/Kconfig
+++ b/hw/usb/Kconfig
@@ -8,10 +8,14 @@ config USB_UHCI
 select USB
 
 config USB_OHCI
+bool
+select USB
+
+config USB_OHCI_PCI
 bool
 default y if PCI_DEVICES
 depends on PCI
-select USB
+select USB_OHCI
 
 config USB_EHCI
 bool
diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs
index 2b929649ac..81688f6e70 100644
--- a/hw/usb/Makefile.objs
+++ b/hw/usb/Makefile.objs
@@ -5,6 +5,7 @@ common-obj-$(CONFIG_USB) += desc.o desc-msos.o
 # usb host adapters
 common-obj-$(CONFIG_USB_UHCI) += hcd-uhci.o
 common-obj-$(CONFIG_USB_OHCI) += hcd-ohci.o
+common-obj-$(CONFIG_USB_OHCI_PCI) += hcd-ohci-pci.o
 common-obj-$(CONFIG_USB_EHCI) += hcd-ehci.o hcd-ehci-pci.o
 common-obj-$(CONFIG_USB_EHCI_SYSBUS) += hcd-ehci.o hcd-ehci-sysbus.o
 common-obj-$(CONFIG_USB_XHCI) += hcd-xhci.o
diff --git a/hw/usb/hcd-ohci-pci.c b/hw/usb/hcd-ohci-pci.c
new file mode 100644
index 00..e8f372c6ad
--- /dev/null
+++ b/hw/usb/hcd-ohci-pci.c
@@ -0,0 +1,163 @@
+/*
+ * QEMU USB OHCI Emulation
+ * Copyright (c) 2004 Gianni Tedesco
+ * Copyright (c) 2006 CodeSourcery
+ * Copyright (c) 2006 Openedhand Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "hw/hw.h"
+#include "qapi/error.h"
+#include "qemu/timer.h"
+#include "hw/usb.h"
+#include "hw/pci/pci.h"
+#include "hw/sysbus.h"
+#include "hw/qdev-dma.h"
+#include "trace.h"
+#include "hcd-ohci.h"
+
+#define TYPE_PCI_OHCI "pci-ohci"
+#define PCI_OHCI(obj) OBJECT_CHECK(OHCIPCIState, (obj), TYPE_PCI_OHCI)
+
+typedef struct {
+/*< private >*/
+PCIDevice parent_obj;
+/*< public >*/
+
+OHCIState state;
+char *masterbus;
+uint32_t num_ports;
+uint32_t firstport;
+} OHCIPCIState;
+
+/**
+ * A typical PCI OHCI will additionally set PERR in its configspace to
+ * signal that it got an error.
+ */
+static void ohci_pci_die(struct OHCIState *ohci)
+{
+OHCIPCIState *dev = container_of(ohci, OHCIPCIState, state);
+
+ohci_sysbus_die(ohci);
+
+pci_set_word(dev->parent_obj.config + PCI_STATUS,
+ PCI_STATUS_DETECTED_PARITY);
+}
+
+static void usb_ohci_realize_pci(PCIDevice *dev, Error **errp)
+{
+Error *err = NULL;
+OHCIPCIState *ohci = PCI_OHCI(dev);
+
+dev->config[PCI_CLASS_PROG] = 0x10; /* OHCI */
+dev->config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin A */
+
+usb_ohci_init(>state, DEVICE(dev), ohci->num_ports, 0,
+  ohci->masterbus, ohci->firstport,
+  pci_get_address_space(dev), ohci_pci_die, );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+ohci->state.irq = pci_allocate_irq(dev);
+pci_register_bar(dev, 0, 0, >state.mem);
+}
+
+static void usb_ohci_exit(PCIDevice *dev)
+{
+OHCIPCIState *ohci = PCI_OHCI(dev);
+OHCIState *s = >state;
+
+trace_usb_ohci_exit(s->name);
+ohci_bus_stop(s);
+
+if (s->async_td) {
+usb_cancel_packet(>usb_packet);
+

Re: [Qemu-devel] [PATCH] configure: Change capstone's default state to disabled

[Thomas Huth]

On 19/04/2019 00.47, John Arbuckle wrote:
> Capstone is not necessary in order to use QEMU. Disable it by default.
> This will save the user the pain of having to figure why QEMU isn't
> building when this library is missing.
> 
> Signed-off-by: John Arbuckle 
> ---
>  configure | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/configure b/configure
> index 1c563a7027..77d7967f92 100755
> --- a/configure
> +++ b/configure
> @@ -433,7 +433,7 @@ opengl_dmabuf="no"
>  cpuid_h="no"
>  avx2_opt=""
>  zlib="yes"
> -capstone=""
> +capstone="no"
>  lzo=""
>  snappy=""
>  bzip2=""

AFAIK we ship capstone as a submodule, so how can this be missing? Also,
our philosophy is to keep everything enabled by default if possible, so
that the code paths don't bitrot. Thus I don't think that disabling this
by default is a good idea. ... so if you've got a problem here, there
must be another solution (e.g. is the system capstone detection not
working right on your system?).

 Thomas

Re: [Qemu-devel] [PATCH for-4.1] hw/usb/hcd-ohci: Move PCI-related code into a separate file

[Thomas Huth]

On 18/04/2019 14.35, Philippe Mathieu-Daudé wrote:
> Hi Thomas,
> 
> On 4/18/19 1:10 PM, Thomas Huth wrote:
>> Some machines (like the pxa2xx-based ARM machines) only have a sysbus
>> OHCI controller, but no PCI. With the new Kconfig-style build system,
>> it will soon be possible to create QEMU binaries that only contain
>> such PCI-less machines. However, the two OHCI controllers, for sysbus
>> and for PCI, are currently both located in one file, so the PCI code
>> is still required for linking here. Move the OHCI-PCI device code
>> into a separate file, so that it is possible to use the sysbus OHCI
>> device also without the PCI dependency.
>>
>> Apart from moving code to a new file (and a new header), this patch
>> might also fix one subtle bug: The ohci_die() function always assumed
>> to be running with a OHCI-PCI controller and called some PCI-specific
>> functions - but if I got the code right, ohci_die() might also get
>> called for the sysbus-OHCI device, so it likely failed in that case.
>> I've changed this part of the code now, so that there are two ohci_die()
>> implementations now, one for sysbus and one for PCI.
> 
> Can this be done in 2 patches?

Yeah, maybe that's cleaner... I'll send a v2...

 Thomas

Re: [Qemu-devel] [PATCH 1/2] tests: fw_cfg: add a function to get the fw_cfg file

[Thomas Huth]

On 19/03/2019 03.30, Li Qiang wrote:
> This is useful to write qtest about fw_cfg file entry.
> 
> Signed-off-by: Li Qiang 
> ---
>  tests/libqos/fw_cfg.c | 45 +++
>  tests/libqos/fw_cfg.h |  2 ++
>  2 files changed, 47 insertions(+)
> 
> diff --git a/tests/libqos/fw_cfg.c b/tests/libqos/fw_cfg.c
> index d0889d1e22..2df33df859 100644
> --- a/tests/libqos/fw_cfg.c
> +++ b/tests/libqos/fw_cfg.c
> @@ -16,12 +16,57 @@
>  #include "libqos/fw_cfg.h"
>  #include "libqtest.h"
>  #include "qemu/bswap.h"
> +#include "hw/nvram/fw_cfg.h"
>  
>  void qfw_cfg_select(QFWCFG *fw_cfg, uint16_t key)
>  {
>  fw_cfg->select(fw_cfg, key);
>  }
>  
> +/*
> + * The caller need check the return value. When the return value is
> + * nonzero, it means that some bytes have been transferred.
> + *
> + * If the fw_cfg file in question is smaller than the allocated & passed-in
> + * buffer, then the buffer has been populated only in part.
> + *
> + * If the fw_cfg file in question is larger than the passed-in
> + * buffer, then the return value explains how much room would have been
> + * necessary in total. And, while the caller's buffer has been fully
> + * populated, it has received only a starting slice of the fw_cfg file.
> + */
> +size_t qfw_cfg_get_file(QFWCFG *fw_cfg, const char *filename,
> +  void *data, size_t buflen)
> +{
> +uint32_t count;
> +uint32_t i;
> +unsigned char *filesbuf = NULL;
> +size_t dsize;
> +FWCfgFile *pdir_entry;
> +size_t filesize = 0;
> +
> +qfw_cfg_get(fw_cfg, FW_CFG_FILE_DIR, , sizeof(count));
> +count = be32_to_cpu(count);
> +dsize = sizeof(uint32_t) + count * sizeof(struct fw_cfg_file);
> +filesbuf = g_malloc0(dsize);
> +qfw_cfg_get(fw_cfg, FW_CFG_FILE_DIR, filesbuf, dsize);

If I get the code right,  qfw_cfg_get() fills the whole buffer here...
in that case, g_malloc() should be sufficient, so you don't need
g_malloc0() here.

 Thomas

[Qemu-devel] [PATCH 7/7] cpu: Set fixed class name on some architectures

[Eduardo Habkost]

hppa, microblaze, nios2, and tilegx have a fixed class name being
returned by CPUClass::class_by_name.  We can implement the same
behavior by setting CPUClass::class_name_format.

Signed-off-by: Eduardo Habkost 
---
Cc: Richard Henderson 
Cc: "Edgar E. Iglesias" 
Cc: Chris Wulff 
Cc: Marek Vasut 
---
 target/hppa/cpu.c   | 8 ++--
 target/microblaze/cpu.c | 8 ++--
 target/nios2/cpu.c  | 8 ++--
 target/tilegx/cpu.c | 8 ++--
 4 files changed, 8 insertions(+), 24 deletions(-)

diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
index 00bf444620..c4a1106df9 100644
--- a/target/hppa/cpu.c
+++ b/target/hppa/cpu.c
@@ -144,11 +144,6 @@ static void hppa_cpu_initfn(Object *obj)
 cpu_hppa_put_psw(env, PSW_W);
 }
 
-static ObjectClass *hppa_cpu_class_by_name(const char *cpu_model)
-{
-return object_class_by_name(TYPE_HPPA_CPU);
-}
-
 static void hppa_cpu_class_init(ObjectClass *oc, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(oc);
@@ -158,7 +153,8 @@ static void hppa_cpu_class_init(ObjectClass *oc, void *data)
 device_class_set_parent_realize(dc, hppa_cpu_realizefn,
 >parent_realize);
 
-cc->class_by_name = hppa_cpu_class_by_name;
+/* All CPU model names are translated to the same QOM class */
+cc->class_name_format = TYPE_HPPA_CPU;
 cc->has_work = hppa_cpu_has_work;
 cc->do_interrupt = hppa_cpu_do_interrupt;
 cc->cpu_exec_interrupt = hppa_cpu_exec_interrupt;
diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
index 5596cd5485..aee09f7d96 100644
--- a/target/microblaze/cpu.c
+++ b/target/microblaze/cpu.c
@@ -280,11 +280,6 @@ static Property mb_properties[] = {
 DEFINE_PROP_END_OF_LIST(),
 };
 
-static ObjectClass *mb_cpu_class_by_name(const char *cpu_model)
-{
-return object_class_by_name(TYPE_MICROBLAZE_CPU);
-}
-
 static void mb_cpu_class_init(ObjectClass *oc, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(oc);
@@ -296,7 +291,8 @@ static void mb_cpu_class_init(ObjectClass *oc, void *data)
 mcc->parent_reset = cc->reset;
 cc->reset = mb_cpu_reset;
 
-cc->class_by_name = mb_cpu_class_by_name;
+/* All CPU model names are translated to the same QOM class */
+cc->class_name_format = TYPE_MICROBLAZE_CPU;
 cc->has_work = mb_cpu_has_work;
 cc->do_interrupt = mb_cpu_do_interrupt;
 cc->cpu_exec_interrupt = mb_cpu_exec_interrupt;
diff --git a/target/nios2/cpu.c b/target/nios2/cpu.c
index fbfaa2ce26..3427ffedca 100644
--- a/target/nios2/cpu.c
+++ b/target/nios2/cpu.c
@@ -77,11 +77,6 @@ static void nios2_cpu_initfn(Object *obj)
 #endif
 }
 
-static ObjectClass *nios2_cpu_class_by_name(const char *cpu_model)
-{
-return object_class_by_name(TYPE_NIOS2_CPU);
-}
-
 static void nios2_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
@@ -193,7 +188,8 @@ static void nios2_cpu_class_init(ObjectClass *oc, void 
*data)
 ncc->parent_reset = cc->reset;
 cc->reset = nios2_cpu_reset;
 
-cc->class_by_name = nios2_cpu_class_by_name;
+/* All CPU model names are translated to the same QOM class */
+cc->class_name_format = TYPE_NIOS2_CPU;
 cc->has_work = nios2_cpu_has_work;
 cc->do_interrupt = nios2_cpu_do_interrupt;
 cc->cpu_exec_interrupt = nios2_cpu_exec_interrupt;
diff --git a/target/tilegx/cpu.c b/target/tilegx/cpu.c
index bfe9be59b5..710af17507 100644
--- a/target/tilegx/cpu.c
+++ b/target/tilegx/cpu.c
@@ -51,11 +51,6 @@ static void tilegx_cpu_dump_state(CPUState *cs, FILE *f,
 env->pc, env->spregs[TILEGX_SPR_CMPEXCH]);
 }
 
-static ObjectClass *tilegx_cpu_class_by_name(const char *cpu_model)
-{
-return object_class_by_name(TYPE_TILEGX_CPU);
-}
-
 static void tilegx_cpu_set_pc(CPUState *cs, vaddr value)
 {
 TileGXCPU *cpu = TILEGX_CPU(cs);
@@ -146,7 +141,8 @@ static void tilegx_cpu_class_init(ObjectClass *oc, void 
*data)
 tcc->parent_reset = cc->reset;
 cc->reset = tilegx_cpu_reset;
 
-cc->class_by_name = tilegx_cpu_class_by_name;
+/* All CPU model names are translated to the same QOM class */
+cc->class_name_format = TYPE_TILEGX_CPU;
 cc->has_work = tilegx_cpu_has_work;
 cc->do_interrupt = tilegx_cpu_do_interrupt;
 cc->cpu_exec_interrupt = tilegx_cpu_exec_interrupt;
-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 1/7] cpu: Change return type of cpu_class_by_name() to CPUClass

[Eduardo Habkost]

The function always returns a CPU class.  Change the return type
to reflect that.

I'm not changing the return type of CPUClass::class_by_name()
yet, because many of its implementations will be eliminated by
the next commits.

Signed-off-by: Eduardo Habkost 
---
Cc: Cornelia Huck 
Cc: David Hildenbrand 
Cc: qemu-s3...@nongnu.org
Cc: Markus Armbruster 
---
 include/qom/cpu.h |  2 +-
 exec.c|  8 +++-
 qom/cpu.c |  4 ++--
 target/s390x/cpu_models.c | 10 +-
 4 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index d28c690b27..fefd5c26b0 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -676,7 +676,7 @@ void cpu_reset(CPUState *cpu);
  *
  * Returns: A #CPUClass or %NULL if not matching class is found.
  */
-ObjectClass *cpu_class_by_name(const char *typename, const char *cpu_model);
+CPUClass *cpu_class_by_name(const char *typename, const char *cpu_model);
 
 /**
  * cpu_create:
diff --git a/exec.c b/exec.c
index efb1616ece..d303ac5f25 100644
--- a/exec.c
+++ b/exec.c
@@ -984,7 +984,6 @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
 
 const char *parse_cpu_option(const char *cpu_option)
 {
-ObjectClass *oc;
 CPUClass *cc;
 gchar **model_pieces;
 const char *cpu_type;
@@ -995,15 +994,14 @@ const char *parse_cpu_option(const char *cpu_option)
 exit(1);
 }
 
-oc = cpu_class_by_name(CPU_RESOLVING_TYPE, model_pieces[0]);
-if (oc == NULL) {
+cc = cpu_class_by_name(CPU_RESOLVING_TYPE, model_pieces[0]);
+if (cc == NULL) {
 error_report("unable to find CPU model '%s'", model_pieces[0]);
 g_strfreev(model_pieces);
 exit(EXIT_FAILURE);
 }
 
-cpu_type = object_class_get_name(oc);
-cc = CPU_CLASS(oc);
+cpu_type = object_class_get_name(OBJECT_CLASS(cc));
 cc->parse_features(cpu_type, model_pieces[1], _fatal);
 g_strfreev(model_pieces);
 return cpu_type;
diff --git a/qom/cpu.c b/qom/cpu.c
index a8d2958956..b971a56242 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -283,12 +283,12 @@ static bool cpu_common_has_work(CPUState *cs)
 return false;
 }
 
-ObjectClass *cpu_class_by_name(const char *typename, const char *cpu_model)
+CPUClass *cpu_class_by_name(const char *typename, const char *cpu_model)
 {
 CPUClass *cc = CPU_CLASS(object_class_by_name(typename));
 
 assert(cpu_model && cc->class_by_name);
-return cc->class_by_name(cpu_model);
+return CPU_CLASS(cc->class_by_name(cpu_model));
 }
 
 static void cpu_common_parse_features(const char *typename, char *features,
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index eb125d4d0d..391698595f 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -482,7 +482,7 @@ static void cpu_model_from_info(S390CPUModel *model, const 
CpuModelInfo *info,
 const QDict *qdict = NULL;
 const QDictEntry *e;
 Visitor *visitor;
-ObjectClass *oc;
+CPUClass *cc;
 S390CPU *cpu;
 Object *obj;
 
@@ -494,16 +494,16 @@ static void cpu_model_from_info(S390CPUModel *model, 
const CpuModelInfo *info,
 }
 }
 
-oc = cpu_class_by_name(TYPE_S390_CPU, info->name);
-if (!oc) {
+cc = cpu_class_by_name(TYPE_S390_CPU, info->name);
+if (!cc) {
 error_setg(errp, "The CPU definition \'%s\' is unknown.", info->name);
 return;
 }
-if (S390_CPU_CLASS(oc)->kvm_required && !kvm_enabled()) {
+if (S390_CPU_CLASS(cc)->kvm_required && !kvm_enabled()) {
 error_setg(errp, "The CPU definition '%s' requires KVM", info->name);
 return;
 }
-obj = object_new(object_class_get_name(oc));
+obj = object_new(object_class_get_name(OBJECT_CLASS(cc)));
 cpu = S390_CPU(obj);
 
 if (!cpu->model) {
-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 6/7] cpu: Set class name format for some architectures

[Eduardo Habkost]

Set CPUClass::class_name_format for 12 architectures that simply
generate a class name using g_strdup_printf(): arm, i386, lm32,
m68k, mips, moxie, openrisc, riscv, s390x, tricore, unicore32,
xtensa.

Signed-off-by: Eduardo Habkost 
---
Cc: Peter Maydell 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: Michael Walle 
Cc: Laurent Vivier 
Cc: Aurelien Jarno 
Cc: Aleksandar Markovic 
Cc: Aleksandar Rikalo 
Cc: Anthony Green 
Cc: Stafford Horne 
Cc: Palmer Dabbelt 
Cc: Alistair Francis 
Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Cc: Cornelia Huck 
Cc: David Hildenbrand 
Cc: Guan Xuetao 
Cc: Max Filippov 
Cc: qemu-...@nongnu.org
Cc: qemu-ri...@nongnu.org
Cc: qemu-s3...@nongnu.org
---
 target/s390x/internal.h   |  1 -
 target/arm/cpu.c  | 17 +
 target/i386/cpu.c | 11 +--
 target/lm32/cpu.c | 17 +
 target/m68k/cpu.c | 17 +
 target/mips/cpu.c | 13 +
 target/moxie/cpu.c| 17 +
 target/openrisc/cpu.c | 17 +
 target/riscv/cpu.c| 17 +
 target/s390x/cpu.c|  2 +-
 target/s390x/cpu_models.c | 10 --
 target/tricore/cpu.c  | 17 +
 target/unicore32/cpu.c| 17 +
 target/xtensa/cpu.c   | 17 +
 14 files changed, 12 insertions(+), 178 deletions(-)

diff --git a/target/s390x/internal.h b/target/s390x/internal.h
index 3b4855c175..789d6444c9 100644
--- a/target/s390x/internal.h
+++ b/target/s390x/internal.h
@@ -256,7 +256,6 @@ static inline void s390_cpu_unhalt(S390CPU *cpu)
 void s390_cpu_model_register_props(Object *obj);
 void s390_cpu_model_class_register_props(ObjectClass *oc);
 void s390_realize_cpu_model(CPUState *cs, Error **errp);
-ObjectClass *s390_cpu_class_by_name(const char *name);
 
 
 /* excp_helper.c */
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index dcc65093d9..4f0ed3715d 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1208,21 +1208,6 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 acc->parent_realize(dev, errp);
 }
 
-static ObjectClass *arm_cpu_class_by_name(const char *cpu_model)
-{
-ObjectClass *oc;
-char *typename;
-
-typename = g_strdup_printf(ARM_CPU_TYPE_NAME("%s"), cpu_model);
-oc = object_class_by_name(typename);
-g_free(typename);
-if (!oc || !object_class_dynamic_cast(oc, TYPE_ARM_CPU) ||
-object_class_is_abstract(oc)) {
-return NULL;
-}
-return oc;
-}
-
 /* CPU models. These are not needed for the AArch64 linux-user build. */
 #if !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64)
 
@@ -2142,7 +2127,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 acc->parent_reset = cc->reset;
 cc->reset = arm_cpu_reset;
 
-cc->class_by_name = arm_cpu_class_by_name;
+cc->class_name_format = ARM_CPU_TYPE_NAME("%s");
 cc->has_work = arm_cpu_has_work;
 cc->cpu_exec_interrupt = arm_cpu_exec_interrupt;
 cc->dump_state = arm_cpu_dump_state;
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index d6bb57d210..18adef524f 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1391,15 +1391,6 @@ static char *x86_cpu_type_name(const char *model_name)
 return g_strdup_printf(X86_CPU_TYPE_NAME("%s"), model_name);
 }
 
-static ObjectClass *x86_cpu_class_by_name(const char *cpu_model)
-{
-ObjectClass *oc;
-char *typename = x86_cpu_type_name(cpu_model);
-oc = object_class_by_name(typename);
-g_free(typename);
-return oc;
-}
-
 static char *x86_cpu_class_get_model_name(X86CPUClass *cc)
 {
 const char *class_name = object_class_get_name(OBJECT_CLASS(cc));
@@ -5851,7 +5842,7 @@ static void x86_cpu_common_class_init(ObjectClass *oc, 
void *data)
 cc->reset = x86_cpu_reset;
 cc->reset_dump_flags = CPU_DUMP_FPU | CPU_DUMP_CCOP;
 
-cc->class_by_name = x86_cpu_class_by_name;
+cc->class_name_format = X86_CPU_TYPE_NAME("%s");
 cc->parse_features = x86_cpu_parse_featurestr;
 cc->has_work = x86_cpu_has_work;
 #ifdef CONFIG_TCG
diff --git a/target/lm32/cpu.c b/target/lm32/cpu.c
index b7499cb627..675bea10e8 100644
--- a/target/lm32/cpu.c
+++ b/target/lm32/cpu.c
@@ -201,21 +201,6 @@ static void lm32_full_cpu_initfn(Object *obj)
   | LM32_FEATURE_CYCLE_COUNT;
 }
 
-static ObjectClass *lm32_cpu_class_by_name(const char *cpu_model)
-{
-ObjectClass *oc;
-char *typename;
-
-typename = g_strdup_printf(LM32_CPU_TYPE_NAME("%s"), cpu_model);
-oc = object_class_by_name(typename);
-g_free(typename);
-if (oc != NULL && (!object_class_dynamic_cast(oc, TYPE_LM32_CPU) ||
-   object_class_is_abstract(oc))) {
-oc = NULL;
-}
-return oc;
-}
-
 static void lm32_cpu_class_init(ObjectClass *oc, void *data)
 {
 LM32CPUClass *lcc = LM32_CPU_CLASS(oc);
@@ -227,7 +212,7 @@ static void lm32_cpu_class_init(ObjectClass *oc, void *data)
 

[Qemu-devel] [PATCH 0/7] Delete 16 *_cpu_class_by_name() functions

[Eduardo Habkost]

This series adds a new CPUClass::class_name_format field, which
allows us to delete 16 of the 21 *_cpu_class_by_name() functions
that exist today.

Eduardo Habkost (7):
  cpu: Change return type of cpu_class_by_name() to CPUClass
  riscv: Don't split CPU model string
  arm: Don't split CPU model string
  arm: Remove special case for "any" CPU model
  cpu: Let architectures set CPU class name format
  cpu: Set class name format for some architectures
  cpu: Set fixed class name on some architectures

 include/qom/cpu.h | 14 +-
 target/s390x/internal.h   |  1 -
 exec.c|  8 +++-
 qom/cpu.c | 20 +---
 target/arm/cpu.c  | 30 +-
 target/hppa/cpu.c |  8 ++--
 target/i386/cpu.c | 11 +--
 target/lm32/cpu.c | 17 +
 target/m68k/cpu.c | 17 +
 target/microblaze/cpu.c   |  8 ++--
 target/mips/cpu.c | 13 +
 target/moxie/cpu.c| 17 +
 target/nios2/cpu.c|  8 ++--
 target/openrisc/cpu.c | 17 +
 target/riscv/cpu.c| 20 +---
 target/s390x/cpu.c|  2 +-
 target/s390x/cpu_models.c | 20 +---
 target/tilegx/cpu.c   |  8 ++--
 target/tricore/cpu.c  | 17 +
 target/unicore32/cpu.c| 17 +
 target/xtensa/cpu.c   | 17 +
 21 files changed, 58 insertions(+), 232 deletions(-)

-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 3/7] arm: Don't split CPU model string

[Eduardo Habkost]

CPUClass::class_by_name is called after the CPU model name and
options were already split, there's no need to split the string
again.

Fixes: fb8d6c24b095 ("target-arm: Add CPU property to disable AArch64")
Signed-off-by: Eduardo Habkost 
---
Cc: Greg Bellows 
Cc: Peter Maydell 
Cc: qemu-...@nongnu.org
---
 target/arm/cpu.c | 11 +++
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 4155782197..6848d9c94d 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1212,22 +1212,17 @@ static ObjectClass *arm_cpu_class_by_name(const char 
*cpu_model)
 {
 ObjectClass *oc;
 char *typename;
-char **cpuname;
-const char *cpunamestr;
 
-cpuname = g_strsplit(cpu_model, ",", 1);
-cpunamestr = cpuname[0];
 #ifdef CONFIG_USER_ONLY
 /* For backwards compatibility usermode emulation allows "-cpu any",
  * which has the same semantics as "-cpu max".
  */
-if (!strcmp(cpunamestr, "any")) {
-cpunamestr = "max";
+if (!strcmp(cpu_model, "any")) {
+cpu_model = "max";
 }
 #endif
-typename = g_strdup_printf(ARM_CPU_TYPE_NAME("%s"), cpunamestr);
+typename = g_strdup_printf(ARM_CPU_TYPE_NAME("%s"), cpu_model);
 oc = object_class_by_name(typename);
-g_strfreev(cpuname);
 g_free(typename);
 if (!oc || !object_class_dynamic_cast(oc, TYPE_ARM_CPU) ||
 object_class_is_abstract(oc)) {
-- 
2.18.0.rc1.1.g3f1ff2140

Re: [Qemu-devel] [PATCH 00/17] Delete 16 *_cpu_class_by_name() functions

[Eduardo Habkost]

Please ignore this series.  I used master as base instead of
machine-next by mistake and it included all the patches that were
already in machine-next.  I'm sending another series with just
the 7 patches that I intended to submit.

-- 
Eduardo

[Qemu-devel] [PATCH 4/7] arm: Remove special case for "any" CPU model

[Eduardo Habkost]

We already have an entry for "any" at arm_cpus[], which makes a
"any-arm-cpu" QOM type be registered.  This means the regular QOM
type name lookup code already works and there's no need for a
special case.

Signed-off-by: Eduardo Habkost 
---
Cc: Peter Maydell 
Cc: qemu-...@nongnu.org
---
 target/arm/cpu.c | 8 
 1 file changed, 8 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 6848d9c94d..dcc65093d9 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1213,14 +1213,6 @@ static ObjectClass *arm_cpu_class_by_name(const char 
*cpu_model)
 ObjectClass *oc;
 char *typename;
 
-#ifdef CONFIG_USER_ONLY
-/* For backwards compatibility usermode emulation allows "-cpu any",
- * which has the same semantics as "-cpu max".
- */
-if (!strcmp(cpu_model, "any")) {
-cpu_model = "max";
-}
-#endif
 typename = g_strdup_printf(ARM_CPU_TYPE_NAME("%s"), cpu_model);
 oc = object_class_by_name(typename);
 g_free(typename);
-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 2/7] riscv: Don't split CPU model string

[Eduardo Habkost]

CPUClass::class_by_name is called after the CPU model name and
options were already split, there's no need to split the string
again.

Signed-off-by: Eduardo Habkost 
---
Cc: Palmer Dabbelt 
Cc: Alistair Francis 
Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Cc: qemu-ri...@nongnu.org
---
 target/riscv/cpu.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index d61bce6d55..5e97a83c80 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -179,12 +179,9 @@ static ObjectClass *riscv_cpu_class_by_name(const char 
*cpu_model)
 {
 ObjectClass *oc;
 char *typename;
-char **cpuname;
 
-cpuname = g_strsplit(cpu_model, ",", 1);
-typename = g_strdup_printf(RISCV_CPU_TYPE_NAME("%s"), cpuname[0]);
+typename = g_strdup_printf(RISCV_CPU_TYPE_NAME("%s"), cpu_model);
 oc = object_class_by_name(typename);
-g_strfreev(cpuname);
 g_free(typename);
 if (!oc || !object_class_dynamic_cast(oc, TYPE_RISCV_CPU) ||
 object_class_is_abstract(oc)) {
-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 5/7] cpu: Let architectures set CPU class name format

[Eduardo Habkost]

Instead of requiring every architecture to implement a
class_by_name function, let them set a format string at
CPUClass::class_name_format.

This will let us get rid of at least 16 class_by_name functions
in the next commits.

Signed-off-by: Eduardo Habkost 
---
 include/qom/cpu.h | 12 
 qom/cpu.c | 18 --
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index fefd5c26b0..eda6a46b82 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -163,7 +163,19 @@ typedef struct CPUClass {
 DeviceClass parent_class;
 /*< public >*/
 
+/* The following fields configure CPU model name -> QOM type translation: 
*/
+
+/*
+ * arch-specific CPU model -> QOM type translation function.
+ * Optional if @class_name_format is set.
+ */
 ObjectClass *(*class_by_name)(const char *cpu_model);
+/*
+ * Format string for g_strdup_printf(), used to generate the CPU
+ * class name.
+ */
+const char *class_name_format;
+
 void (*parse_features)(const char *typename, char *str, Error **errp);
 
 void (*reset)(CPUState *cpu);
diff --git a/qom/cpu.c b/qom/cpu.c
index b971a56242..1fa64941b6 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -286,9 +286,23 @@ static bool cpu_common_has_work(CPUState *cs)
 CPUClass *cpu_class_by_name(const char *typename, const char *cpu_model)
 {
 CPUClass *cc = CPU_CLASS(object_class_by_name(typename));
+ObjectClass *oc;
+char *class_name;
 
-assert(cpu_model && cc->class_by_name);
-return CPU_CLASS(cc->class_by_name(cpu_model));
+assert(cpu_model);
+if (cc->class_by_name) {
+return CPU_CLASS(cc->class_by_name(cpu_model));
+}
+
+assert(cc->class_name_format);
+class_name = g_strdup_printf(cc->class_name_format, cpu_model);
+oc = object_class_by_name(class_name);
+g_free(class_name);
+if (!oc || !object_class_dynamic_cast(oc, typename) ||
+object_class_is_abstract(oc)) {
+return NULL;
+}
+return CPU_CLASS(oc);
 }
 
 static void cpu_common_parse_features(const char *typename, char *features,
-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 03/17] vl.c: allocate TYPE_MACHINE list once during bootup

[Eduardo Habkost]

From: Wei Yang 

Now all the functions used to select machine is local and the call flow
looks like below:

select_machine()
find_default_machine()
machine_parse()
find_machine()

All these related function will need a GSList for TYPE_MACHINE.
Currently we allocate this list each time we use it, while this is not
necessary to do so because we don't need to modify this.

This patch make the TYPE_MACHINE list allocation in select_machine and
pass this to its child for use.

Signed-off-by: Wei Yang 
Reviewed-by: Markus Armbruster 
Message-Id: <20190405064121.23662-3-richardw.y...@linux.intel.com>
Signed-off-by: Eduardo Habkost 
---
 vl.c | 24 +++-
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/vl.c b/vl.c
index 9d6a519d74..62f2656ccf 100644
--- a/vl.c
+++ b/vl.c
@@ -1465,9 +1465,9 @@ static int usb_parse(const char *cmdline)
 
 MachineState *current_machine;
 
-static MachineClass *find_machine(const char *name)
+static MachineClass *find_machine(const char *name, GSList *machines)
 {
-GSList *el, *machines = object_class_get_list(TYPE_MACHINE, false);
+GSList *el;
 MachineClass *mc = NULL;
 
 for (el = machines; el; el = el->next) {
@@ -1484,13 +1484,12 @@ static MachineClass *find_machine(const char *name)
 }
 }
 
-g_slist_free(machines);
 return mc;
 }
 
-static MachineClass *find_default_machine(void)
+static MachineClass *find_default_machine(GSList *machines)
 {
-GSList *el, *machines = object_class_get_list(TYPE_MACHINE, false);
+GSList *el;
 MachineClass *mc = NULL;
 
 for (el = machines; el; el = el->next) {
@@ -1502,7 +1501,6 @@ static MachineClass *find_default_machine(void)
 }
 }
 
-g_slist_free(machines);
 return mc;
 }
 
@@ -2585,16 +2583,15 @@ static gint machine_class_cmp(gconstpointer a, 
gconstpointer b)
   object_class_get_name(OBJECT_CLASS(mc1)));
 }
 
- static MachineClass *machine_parse(const char *name)
+static MachineClass *machine_parse(const char *name, GSList *machines)
 {
 MachineClass *mc = NULL;
-GSList *el, *machines = object_class_get_list(TYPE_MACHINE, false);
+GSList *el;
 
 if (name) {
-mc = find_machine(name);
+mc = find_machine(name, machines);
 }
 if (mc) {
-g_slist_free(machines);
 return mc;
 }
 if (name && !is_help_option(name)) {
@@ -2614,7 +2611,6 @@ static gint machine_class_cmp(gconstpointer a, 
gconstpointer b)
 }
 }
 
-g_slist_free(machines);
 exit(!name || !is_help_option(name));
 }
 
@@ -2706,7 +2702,8 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
 
 static MachineClass *select_machine(void)
 {
-MachineClass *machine_class = find_default_machine();
+GSList *machines = object_class_get_list(TYPE_MACHINE, false);
+MachineClass *machine_class = find_default_machine(machines);
 const char *optarg;
 QemuOpts *opts;
 Location loc;
@@ -2718,7 +2715,7 @@ static MachineClass *select_machine(void)
 
 optarg = qemu_opt_get(opts, "type");
 if (optarg) {
-machine_class = machine_parse(optarg);
+machine_class = machine_parse(optarg, machines);
 }
 
 if (!machine_class) {
@@ -2728,6 +2725,7 @@ static MachineClass *select_machine(void)
 }
 
 loc_pop();
+g_slist_free(machines);
 return machine_class;
 }
 
-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 05/17] vl: Simplify machine_parse()

[Eduardo Habkost]

From: Markus Armbruster 

Exploit that argument @name is nerver null.  Check is_help_option()
first, because that's what we do elsewhere.  If we (foolishly!)
defined a machine named "help", -machine help would now print help
instead of selecting the machine named "help".

Signed-off-by: Markus Armbruster 
Reviewed-by: Wei Yang 
Message-Id: <20190405064121.23662-5-richardw.y...@linux.intel.com>
Signed-off-by: Eduardo Habkost 
---
 vl.c | 22 ++
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/vl.c b/vl.c
index cb0f3f5856..d88638c54c 100644
--- a/vl.c
+++ b/vl.c
@@ -2576,19 +2576,10 @@ static gint machine_class_cmp(gconstpointer a, 
gconstpointer b)
 
 static MachineClass *machine_parse(const char *name, GSList *machines)
 {
-MachineClass *mc = NULL;
+MachineClass *mc;
 GSList *el;
 
-if (name) {
-mc = find_machine(name, machines);
-}
-if (mc) {
-return mc;
-}
-if (name && !is_help_option(name)) {
-error_report("unsupported machine type");
-error_printf("Use -machine help to list supported machines\n");
-} else {
+if (is_help_option(name)) {
 printf("Supported machines are:\n");
 machines = g_slist_sort(machines, machine_class_cmp);
 for (el = machines; el; el = el->next) {
@@ -2600,9 +2591,16 @@ static MachineClass *machine_parse(const char *name, 
GSList *machines)
mc->is_default ? " (default)" : "",
mc->deprecation_reason ? " (deprecated)" : "");
 }
+exit(0);
 }
 
-exit(!name || !is_help_option(name));
+mc = find_machine(name, machines);
+if (!mc) {
+error_report("unsupported machine type");
+error_printf("Use -machine help to list supported machines\n");
+exit(1);
+}
+return mc;
 }
 
 void qemu_add_exit_notifier(Notifier *notify)
-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 06/17] cpu: Rename parse_cpu_model() to parse_cpu_option()

[Eduardo Habkost]

The "model[,option...]" string parsed by the function is not just
a CPU model.  Rename the function and its argument to indicate it
expects the full "-cpu" option to be provided.

Signed-off-by: Eduardo Habkost 
Message-Id: <20190417025944.16154-2-ehabk...@redhat.com>
Reviewed-by: David Gibson 
Reviewed-by: Markus Armbruster 
Reviewed-by: Igor Mammedov 
Signed-off-by: Eduardo Habkost 
---
 include/qom/cpu.h |  6 +++---
 bsd-user/main.c   |  2 +-
 exec.c|  4 ++--
 linux-user/main.c |  2 +-
 vl.c  | 18 +-
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 1d6099e5d4..d28c690b27 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -689,15 +689,15 @@ ObjectClass *cpu_class_by_name(const char *typename, 
const char *cpu_model);
 CPUState *cpu_create(const char *typename);
 
 /**
- * parse_cpu_model:
- * @cpu_model: The model string including optional parameters.
+ * parse_cpu_option:
+ * @cpu_option: The -cpu option including optional parameters.
  *
  * processes optional parameters and registers them as global properties
  *
  * Returns: type of CPU to create or prints error and terminates process
  *  if an error occurred.
  */
-const char *parse_cpu_model(const char *cpu_model);
+const char *parse_cpu_option(const char *cpu_option);
 
 /**
  * cpu_has_work:
diff --git a/bsd-user/main.c b/bsd-user/main.c
index 0d3156974c..a6c055f5fb 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -903,7 +903,7 @@ int main(int argc, char **argv)
 /* init tcg before creating CPUs and to get qemu_host_page_size */
 tcg_exec_init(0);
 
-cpu_type = parse_cpu_model(cpu_model);
+cpu_type = parse_cpu_option(cpu_model);
 cpu = cpu_create(cpu_type);
 env = cpu->env_ptr;
 #if defined(TARGET_SPARC) || defined(TARGET_PPC)
diff --git a/exec.c b/exec.c
index 6ab62f4eee..840677f15f 100644
--- a/exec.c
+++ b/exec.c
@@ -982,14 +982,14 @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
 #endif
 }
 
-const char *parse_cpu_model(const char *cpu_model)
+const char *parse_cpu_option(const char *cpu_option)
 {
 ObjectClass *oc;
 CPUClass *cc;
 gchar **model_pieces;
 const char *cpu_type;
 
-model_pieces = g_strsplit(cpu_model, ",", 2);
+model_pieces = g_strsplit(cpu_option, ",", 2);
 
 oc = cpu_class_by_name(CPU_RESOLVING_TYPE, model_pieces[0]);
 if (oc == NULL) {
diff --git a/linux-user/main.c b/linux-user/main.c
index a0aba9cb1e..20e0f51cfa 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -660,7 +660,7 @@ int main(int argc, char **argv, char **envp)
 if (cpu_model == NULL) {
 cpu_model = cpu_get_model(get_elf_eflags(execfd));
 }
-cpu_type = parse_cpu_model(cpu_model);
+cpu_type = parse_cpu_option(cpu_model);
 
 /* init tcg before creating CPUs and to get qemu_host_page_size */
 tcg_exec_init(0);
diff --git a/vl.c b/vl.c
index d88638c54c..34cdb8cece 100644
--- a/vl.c
+++ b/vl.c
@@ -2989,7 +2989,7 @@ int main(int argc, char **argv, char **envp)
 const char *optarg;
 const char *loadvm = NULL;
 MachineClass *machine_class;
-const char *cpu_model;
+const char *cpu_option;
 const char *vga_model = NULL;
 const char *qtest_chrdev = NULL;
 const char *qtest_log = NULL;
@@ -3068,7 +3068,7 @@ int main(int argc, char **argv, char **envp)
 QLIST_INIT (_change_state_head);
 os_setup_early_signal_handling();
 
-cpu_model = NULL;
+cpu_option = NULL;
 snapshot = 0;
 
 nb_nics = 0;
@@ -3120,7 +3120,7 @@ int main(int argc, char **argv, char **envp)
 switch(popt->index) {
 case QEMU_OPTION_cpu:
 /* hw initialization will check this */
-cpu_model = optarg;
+cpu_option = optarg;
 break;
 case QEMU_OPTION_hda:
 case QEMU_OPTION_hdb:
@@ -4037,8 +4037,8 @@ int main(int argc, char **argv, char **envp)
 qemu_set_hw_version(machine_class->hw_version);
 }
 
-if (cpu_model && is_help_option(cpu_model)) {
-list_cpus(stdout, , cpu_model);
+if (cpu_option && is_help_option(cpu_option)) {
+list_cpus(stdout, , cpu_option);
 exit(0);
 }
 
@@ -4286,9 +4286,9 @@ int main(int argc, char **argv, char **envp)
  * Global properties get set up by qdev_prop_register_global(),
  * called from user_register_global_props(), and certain option
  * desugaring.  Also in CPU feature desugaring (buried in
- * parse_cpu_model()), which happens below this point, but may
+ * parse_cpu_option()), which happens below this point, but may
  * only target the CPU type, which can only be created after
- * parse_cpu_model() returned the type.
+ * parse_cpu_option() returned the type.
  *
  * Machine compat properties: object_set_machine_compat_props().
  * Accelerator compat props: object_set_accelerator_compat_props(),
@@ -4452,8