Re: [Qemu-devel] [PATCH v9 2/7] virtio-pmem: Add virtio pmem driver

[Pankaj Gupta]

Hi Jakub,

> 
> On 5/14/19 7:54 AM, Pankaj Gupta wrote:
> > +   if (!list_empty(>req_list)) {
> > +   req_buf = list_first_entry(>req_list,
> > +   struct virtio_pmem_request, list);
> > +   req_buf->wq_buf_avail = true;
> > +   wake_up(_buf->wq_buf);
> > +   list_del(_buf->list);
> Yes, this change is the right one, thank you!

Thank you for the confirmation.

> 
> > +/*
> > + * If virtqueue_add_sgs returns -ENOSPC then req_vq virtual
> > + * queue does not have free descriptor. We add the request
> > + * to req_list and wait for host_ack to wake us up when free
> > + * slots are available.
> > + */
> > +   while ((err = virtqueue_add_sgs(vpmem->req_vq, sgs, 1, 1, req,
> > +   GFP_ATOMIC)) == -ENOSPC) {
> > +
> > +   dev_err(>dev, "failed to send command to virtio pmem" \
> > +   "device, no free slots in the virtqueue\n");
> > +   req->wq_buf_avail = false;
> > +   list_add_tail(>list, >req_list);
> > +   spin_unlock_irqrestore(>pmem_lock, flags);
> > +
> > +   /* A host response results in "host_ack" getting called */
> > +   wait_event(req->wq_buf, req->wq_buf_avail);
> > +   spin_lock_irqsave(>pmem_lock, flags);
> > +   }
> > +   err1 = virtqueue_kick(vpmem->req_vq);
> > +   spin_unlock_irqrestore(>pmem_lock, flags);
> > +
> > +   /*
> > +* virtqueue_add_sgs failed with error different than -ENOSPC, we can't
> > +* do anything about that.
> > +*/
> > +   if (err || !err1) {
> > +   dev_info(>dev, "failed to send command to virtio pmem 
> > device\n");
> > +   err = -EIO;
> > +   } else {
> > +   /* A host repsonse results in "host_ack" getting called */
> > +   wait_event(req->host_acked, req->done);
> > +   err = req->ret;
> > +I confirm that the failures I was facing with the `-ENOSPC` error path are
> > not present in v9.

Can I take it your reviewed/acked-by? or tested-by tag? for the virtio patch :)

Thank you,
Pankaj

> 
> Best,
> Jakub Staron
> 
> 

Re: [Qemu-devel] [Qemu-block] [PATCH] nvme: add Get/Set Feature Timestamp support

[Klaus Birkelund]

Hi Kenneth,

On Thu, May 16, 2019 at 05:24:47PM -0600, Heitke, Kenneth wrote:
> Hi Klaus, thank you for you review. I have one comment inline
> 
> On 5/14/2019 12:02 AM, Klaus Birkelund wrote:
> > On Fri, Apr 05, 2019 at 03:41:17PM -0600, Kenneth Heitke wrote:
> > > Signed-off-by: Kenneth Heitke 
> > > ---
> > >   hw/block/nvme.c   | 120 +-
> > >   hw/block/nvme.h   |   3 ++
> > >   hw/block/trace-events |   2 +
> > >   include/block/nvme.h  |   2 +
> > >   4 files changed, 125 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> > > index 7caf92532a..e775e89299 100644
> > > --- a/hw/block/nvme.c
> > > +++ b/hw/block/nvme.c
> > > @@ -219,6 +219,30 @@ static uint16_t nvme_map_prp(QEMUSGList *qsg, 
> > > QEMUIOVector *iov, uint64_t prp1,
> > >   return NVME_INVALID_FIELD | NVME_DNR;
> > >   }
> > > +static uint16_t nvme_dma_write_prp(NvmeCtrl *n, uint8_t *ptr, uint32_t 
> > > len,
> > > +   uint64_t prp1, uint64_t prp2)
> > > +{
> > > +QEMUSGList qsg;
> > > +QEMUIOVector iov;
> > > +uint16_t status = NVME_SUCCESS;
> > > +
> > > +if (nvme_map_prp(, , prp1, prp2, len, n)) {
> > > +return NVME_INVALID_FIELD | NVME_DNR;
> > > +}
> > > +if (qsg.nsg > 0) {
> > > +if (dma_buf_write(ptr, len, )) {
> > > +status = NVME_INVALID_FIELD | NVME_DNR;
> > > +}
> > > +qemu_sglist_destroy();
> > > +} else {
> > > +if (qemu_iovec_from_buf(, 0, ptr, len) != len) {
> > 
> > This should be `qemu_iovec_to_buf`.
> > 
> 
> This function is transferring data from the "host" to the device so I
> believe I am using the correct function.
> 

Exactly, but this means that you need to populate `ptr` with data
described by the prps, hence dma_buf_*write* and qemu_iovec_*to*_buf. In
this case `ptr` is set to the address of the uint64_t timestamp, and
that is what we need to write to.

Re: [Qemu-devel] [PATCH v9 2/7] virtio-pmem: Add virtio pmem driver

[Pankaj Gupta]

> 
> On Wed, May 15, 2019 at 10:46:00PM +0200, David Hildenbrand wrote:
> > > + vpmem->vdev = vdev;
> > > + vdev->priv = vpmem;
> > > + err = init_vq(vpmem);
> > > + if (err) {
> > > + dev_err(>dev, "failed to initialize virtio pmem vq's\n");
> > > + goto out_err;
> > > + }
> > > +
> > > + virtio_cread(vpmem->vdev, struct virtio_pmem_config,
> > > + start, >start);
> > > + virtio_cread(vpmem->vdev, struct virtio_pmem_config,
> > > + size, >size);
> > > +
> > > + res.start = vpmem->start;
> > > + res.end   = vpmem->start + vpmem->size-1;
> > 
> > nit: " - 1;"
> > 
> > > + vpmem->nd_desc.provider_name = "virtio-pmem";
> > > + vpmem->nd_desc.module = THIS_MODULE;
> > > +
> > > + vpmem->nvdimm_bus = nvdimm_bus_register(>dev,
> > > + >nd_desc);
> > > + if (!vpmem->nvdimm_bus) {
> > > + dev_err(>dev, "failed to register device with 
> > > nvdimm_bus\n");
> > > + err = -ENXIO;
> > > + goto out_vq;
> > > + }
> > > +
> > > + dev_set_drvdata(>dev, vpmem->nvdimm_bus);
> > > +
> > > + ndr_desc.res = 
> > > + ndr_desc.numa_node = nid;
> > > + ndr_desc.flush = async_pmem_flush;
> > > + set_bit(ND_REGION_PAGEMAP, _desc.flags);
> > > + set_bit(ND_REGION_ASYNC, _desc.flags);
> > > + nd_region = nvdimm_pmem_region_create(vpmem->nvdimm_bus, _desc);
> > > + if (!nd_region) {
> > > + dev_err(>dev, "failed to create nvdimm region\n");
> > > + err = -ENXIO;
> > > + goto out_nd;
> > > + }
> > > + nd_region->provider_data =
> > > dev_to_virtio(nd_region->dev.parent->parent);
> > > + return 0;
> > > +out_nd:
> > > + nvdimm_bus_unregister(vpmem->nvdimm_bus);
> > > +out_vq:
> > > + vdev->config->del_vqs(vdev);
> > > +out_err:
> > > + return err;
> > > +}
> > > +
> > > +static void virtio_pmem_remove(struct virtio_device *vdev)
> > > +{
> > > + struct nvdimm_bus *nvdimm_bus = dev_get_drvdata(>dev);
> > > +
> > > + nvdimm_bus_unregister(nvdimm_bus);
> > > + vdev->config->del_vqs(vdev);
> > > + vdev->config->reset(vdev);
> > > +}
> > > +
> > > +static struct virtio_driver virtio_pmem_driver = {
> > > + .driver.name= KBUILD_MODNAME,
> > > + .driver.owner   = THIS_MODULE,
> > > + .id_table   = id_table,
> > > + .probe  = virtio_pmem_probe,
> > > + .remove = virtio_pmem_remove,
> > > +};
> > > +
> > > +module_virtio_driver(virtio_pmem_driver);
> > > +MODULE_DEVICE_TABLE(virtio, id_table);
> > > +MODULE_DESCRIPTION("Virtio pmem driver");
> > > +MODULE_LICENSE("GPL");
> > > diff --git a/drivers/nvdimm/virtio_pmem.h b/drivers/nvdimm/virtio_pmem.h
> > > new file mode 100644
> > > index ..ab1da877575d
> > > --- /dev/null
> > > +++ b/drivers/nvdimm/virtio_pmem.h
> > > @@ -0,0 +1,60 @@
> > > +/* SPDX-License-Identifier: GPL-2.0 */
> > > +/*
> > > + * virtio_pmem.h: virtio pmem Driver
> > > + *
> > > + * Discovers persistent memory range information
> > > + * from host and provides a virtio based flushing
> > > + * interface.
> > > + **/
> > > +
> > > +#ifndef _LINUX_VIRTIO_PMEM_H
> > > +#define _LINUX_VIRTIO_PMEM_H
> > > +
> > > +#include 
> > > +#include 
> > > +#include 
> > > +#include 
> > > +#include 
> > > +#include 
> > > +
> > > +struct virtio_pmem_request {
> > > + /* Host return status corresponding to flush request */
> > > + int ret;
> > > +
> > > + /* command name*/
> > > + char name[16];
> > 
> > So ... why are we sending string commands and expect native-endianess
> > integers and don't define a proper request/response structure + request
> > types in include/uapi/linux/virtio_pmem.h like
> 
> passing names could be ok.
> I missed the fact we return a native endian int.
> Pls fix that.

Sure. will fix this.

> 
> 
> > 
> > struct virtio_pmem_resp {
> > __virtio32 ret;
> > }
> > 
> > #define VIRTIO_PMEM_REQ_TYPE_FLUSH  1
> > struct virtio_pmem_req {
> > __virtio16 type;
> > }
> > 
> > ... and this way we also define a proper endianess format for exchange
> > and keep it extensible
> > 
> > @MST, what's your take on this?
> 
> Extensions can always use feature bits so I don't think
> it's a problem.

That was exactly my thought when I implemented this. Though I am
fine with separate structures for request/response and I made the
change. 

Thank you for all the comments.

Best regards,
Pankaj 
> > 
> > --
> > 
> > Thanks,
> > 
> > David / dhildenb
> 
> 

[Qemu-devel] [PATCH v14 12/13] Add rx-softmmu

[Richard Henderson]

From: Yoshinori Sato 

Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190516055244.95559-10-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/sysemu/arch_init.h | 1 +
 arch_init.c| 2 ++
 configure  | 8 
 default-configs/rx-softmmu.mak | 3 +++
 hw/Kconfig | 1 +
 5 files changed, 15 insertions(+)
 create mode 100644 default-configs/rx-softmmu.mak

diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index 10cbafe970..3f4f844f7b 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -25,6 +25,7 @@ enum {
 QEMU_ARCH_NIOS2 = (1 << 17),
 QEMU_ARCH_HPPA = (1 << 18),
 QEMU_ARCH_RISCV = (1 << 19),
+QEMU_ARCH_RX = (1 << 20),
 };
 
 extern const uint32_t arch_type;
diff --git a/arch_init.c b/arch_init.c
index f4f3f610c8..cc25ddd7ca 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -74,6 +74,8 @@ int graphic_depth = 32;
 #define QEMU_ARCH QEMU_ARCH_PPC
 #elif defined(TARGET_RISCV)
 #define QEMU_ARCH QEMU_ARCH_RISCV
+#elif defined(TARGET_RX)
+#define QEMU_ARCH QEMU_ARCH_RX
 #elif defined(TARGET_S390X)
 #define QEMU_ARCH QEMU_ARCH_S390X
 #elif defined(TARGET_SH4)
diff --git a/configure b/configure
index 8999698bc2..28782762dd 100755
--- a/configure
+++ b/configure
@@ -7547,6 +7547,11 @@ case "$target_name" in
 gdb_xml_files="riscv-64bit-cpu.xml riscv-64bit-fpu.xml riscv-64bit-csr.xml"
 target_compiler=$cross_cc_riscv64
   ;;
+  rx)
+TARGET_ARCH=rx
+bflt="yes"
+target_compiler=$cross_cc_rx
+  ;;
   sh4|sh4eb)
 TARGET_ARCH=sh4
 bflt="yes"
@@ -7767,6 +7772,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
   riscv*)
 disas_config "RISCV"
   ;;
+  rx)
+disas_config "RX"
+  ;;
   s390*)
 disas_config "S390"
   ;;
diff --git a/default-configs/rx-softmmu.mak b/default-configs/rx-softmmu.mak
new file mode 100644
index 00..a3eecefb11
--- /dev/null
+++ b/default-configs/rx-softmmu.mak
@@ -0,0 +1,3 @@
+# Default configuration for rx-softmmu
+
+CONFIG_RX_VIRT=y
diff --git a/hw/Kconfig b/hw/Kconfig
index 88b9f15007..63a071092e 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -53,6 +53,7 @@ source nios2/Kconfig
 source openrisc/Kconfig
 source ppc/Kconfig
 source riscv/Kconfig
+source rx/Kconfig
 source s390x/Kconfig
 source sh4/Kconfig
 source sparc/Kconfig
-- 
2.17.1

[Qemu-devel] [PATCH v14 08/13] hw/rx: RX Target hardware definition

[Richard Henderson]

From: Yoshinori Sato 

rx62n - RX62N cpu.
rx-virt - RX QEMU virtual target.

Signed-off-by: Yoshinori Sato 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-9-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/hw/rx/rx.h|   7 ++
 include/hw/rx/rx62n.h |  94 +
 hw/rx/rx-virt.c   | 105 +++
 hw/rx/rx62n.c | 238 ++
 hw/rx/Kconfig |  14 +++
 hw/rx/Makefile.objs   |   2 +
 6 files changed, 460 insertions(+)
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 hw/rx/rx-virt.c
 create mode 100644 hw/rx/rx62n.c
 create mode 100644 hw/rx/Kconfig
 create mode 100644 hw/rx/Makefile.objs

diff --git a/include/hw/rx/rx.h b/include/hw/rx/rx.h
new file mode 100644
index 00..ff5924b81f
--- /dev/null
+++ b/include/hw/rx/rx.h
@@ -0,0 +1,7 @@
+#ifndef QEMU_RX_H
+#define QEMU_RX_H
+/* Definitions for RX board emulation.  */
+
+#include "target/rx/cpu-qom.h"
+
+#endif
diff --git a/include/hw/rx/rx62n.h b/include/hw/rx/rx62n.h
new file mode 100644
index 00..5f6912fe46
--- /dev/null
+++ b/include/hw/rx/rx62n.h
@@ -0,0 +1,94 @@
+/*
+ * RX62N MCU Object
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_RX_RX62N_H
+#define HW_RX_RX62N_H
+
+#include "hw/sysbus.h"
+#include "hw/intc/rx_icu.h"
+#include "hw/timer/renesas_tmr.h"
+#include "hw/timer/renesas_cmt.h"
+#include "hw/char/renesas_sci.h"
+#include "target/rx/cpu.h"
+#include "qemu/units.h"
+
+#define TYPE_RX62N "rx62n"
+#define TYPE_RX62N_CPU RX_CPU_TYPE_NAME(TYPE_RX62N)
+#define RX62N(obj) OBJECT_CHECK(RX62NState, (obj), TYPE_RX62N)
+
+enum {
+RX62N_NR_TMR = 2,
+RX62N_NR_CMT = 2,
+RX62N_NR_SCI = 6,
+};
+
+typedef struct RX62NState {
+SysBusDevice parent_obj;
+
+RXCPU cpu;
+RXICUState icu;
+RTMRState tmr[RX62N_NR_TMR];
+RCMTState cmt[RX62N_NR_CMT];
+RSCIState sci[RX62N_NR_SCI];
+
+MemoryRegion *sysmem;
+bool kernel;
+
+MemoryRegion iram;
+MemoryRegion iomem1;
+MemoryRegion d_flash;
+MemoryRegion iomem2;
+MemoryRegion iomem3;
+MemoryRegion c_flash;
+qemu_irq irq[NR_IRQS];
+} RX62NState;
+
+/*
+ * RX62N Peripheral Address
+ * See users manual section 5
+ */
+#define RX62N_ICUBASE 0x00087000
+#define RX62N_TMRBASE 0x00088200
+#define RX62N_CMTBASE 0x00088000
+#define RX62N_SCIBASE 0x00088240
+
+/*
+ * RX62N Peripheral IRQ
+ * See users manual section 11
+ */
+#define RX62N_TMR_IRQBASE 174
+#define RX62N_CMT_IRQBASE 28
+#define RX62N_SCI_IRQBASE 214
+
+/*
+ * RX62N Internal Memory
+ * It is the value of R5F562N8.
+ * Please change the size for R5F562N7.
+ */
+#define RX62N_IRAM_BASE 0x
+#define RX62N_IRAM_SIZE (96 * KiB)
+#define RX62N_DFLASH_BASE 0x0010
+#define RX62N_DFLASH_SIZE (32 * KiB)
+#define RX62N_CFLASH_BASE 0xfff8
+#define RX62N_CFLASH_SIZE (512 * KiB)
+
+#define RX62N_PCLK (48 * 1000 * 1000)
+#endif
diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
new file mode 100644
index 00..3deb7cb335
--- /dev/null
+++ b/hw/rx/rx-virt.c
@@ -0,0 +1,105 @@
+/*
+ * RX QEMU virtual platform
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/loader.h"
+#include "hw/rx/rx62n.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
+#include "sysemu/device_tree.h"
+#include "hw/boards.h"
+
+/* Same address of GDB integrated simulator */
+#define SDRAM_BASE 0x0100
+
+static void 

[Qemu-devel] [PATCH v14 13/13] MAINTAINERS: Add RX

[Richard Henderson]

From: Yoshinori Sato 

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-13-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 MAINTAINERS | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index a73a61a546..ef6a02702e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -272,6 +272,13 @@ F: include/hw/riscv/
 F: linux-user/host/riscv32/
 F: linux-user/host/riscv64/
 
+RENESAS RX
+M: Yoshinori Sato 
+S: Maintained
+F: target/rx/
+F: hw/rx/
+F: include/hw/rx/
+
 S390
 M: Richard Henderson 
 M: David Hildenbrand 
@@ -1106,6 +1113,18 @@ F: pc-bios/canyonlands.dt[sb]
 F: pc-bios/u-boot-sam460ex-20100605.bin
 F: roms/u-boot-sam460ex
 
+RX Machines
+---
+RX-QEMU
+M: Yoshinori Sato 
+S: Maintained
+F: hw/rx/rxqemu.c
+F: hw/intc/rx_icu.c
+F: hw/timer/renesas_*.c
+F: hw/char/renesas_sci.c
+F: include/hw/timer/renesas_*.h
+F: include/hw/char/renesas_sci.h
+
 SH4 Machines
 
 R2D
-- 
2.17.1

[Qemu-devel] [PATCH v14 01/13] target/rx: TCG translation

[Richard Henderson]

From: Yoshinori Sato 

This part only supported RXv1 instructions.
Instruction manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01us0032ej0120_rxsm.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-2-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 target/rx/translate.c   | 2432 +++
 target/rx/Makefile.objs |   12 +
 target/rx/insns.decode  |  621 ++
 3 files changed, 3065 insertions(+)
 create mode 100644 target/rx/translate.c
 create mode 100644 target/rx/Makefile.objs
 create mode 100644 target/rx/insns.decode

diff --git a/target/rx/translate.c b/target/rx/translate.c
new file mode 100644
index 00..3765ea0895
--- /dev/null
+++ b/target/rx/translate.c
@@ -0,0 +1,2432 @@
+/*
+ *  RX translation
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bswap.h"
+#include "qemu/qemu-print.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "tcg-op.h"
+#include "exec/cpu_ldst.h"
+#include "exec/helper-proto.h"
+#include "exec/helper-gen.h"
+#include "exec/translator.h"
+#include "trace-tcg.h"
+#include "exec/log.h"
+
+typedef struct DisasContext {
+DisasContextBase base;
+CPURXState *env;
+uint32_t pc;
+} DisasContext;
+
+typedef struct DisasCompare {
+TCGv value;
+TCGv temp;
+TCGCond cond;
+} DisasCompare;
+
+const char rx_crname[][6] = {
+"psw", "pc", "usp", "fpsw", "", "", "", "",
+"bpsw", "bpc", "isp", "fintv", "intb", "", "", "",
+};
+
+/* Target-specific values for dc->base.is_jmp.  */
+#define DISAS_JUMPDISAS_TARGET_0
+#define DISAS_UPDATE  DISAS_TARGET_1
+#define DISAS_EXITDISAS_TARGET_2
+
+/* global register indexes */
+static TCGv cpu_regs[16];
+static TCGv cpu_psw_o, cpu_psw_s, cpu_psw_z, cpu_psw_c;
+static TCGv cpu_psw_i, cpu_psw_pm, cpu_psw_u, cpu_psw_ipl;
+static TCGv cpu_usp, cpu_fpsw, cpu_bpsw, cpu_bpc, cpu_isp;
+static TCGv cpu_fintv, cpu_intb, cpu_pc;
+static TCGv_i64 cpu_acc;
+
+#define cpu_sp cpu_regs[0]
+
+#include "exec/gen-icount.h"
+
+/* decoder helper */
+static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
+   int i, int n)
+{
+while (++i <= n) {
+uint8_t b = cpu_ldub_code(ctx->env, ctx->base.pc_next++);
+insn |= b << (32 - i * 8);
+}
+return insn;
+}
+
+static uint32_t li(DisasContext *ctx, int sz)
+{
+int32_t tmp, addr;
+CPURXState *env = ctx->env;
+addr = ctx->base.pc_next;
+
+tcg_debug_assert(sz < 4);
+switch (sz) {
+case 1:
+ctx->base.pc_next += 1;
+return cpu_ldsb_code(env, addr);
+case 2:
+ctx->base.pc_next += 2;
+return cpu_ldsw_code(env, addr);
+case 3:
+ctx->base.pc_next += 3;
+tmp = cpu_ldsb_code(env, addr + 2) << 16;
+tmp |= cpu_lduw_code(env, addr) & 0x;
+return tmp;
+case 0:
+ctx->base.pc_next += 4;
+return cpu_ldl_code(env, addr);
+}
+return 0;
+}
+
+static int bdsp_s(DisasContext *ctx, int d)
+{
+/*
+ * 0 -> 8
+ * 1 -> 9
+ * 2 -> 10
+ * 3 -> 3
+ * :
+ * 7 -> 7
+ */
+if (d < 3) {
+d += 8;
+}
+return d;
+}
+
+/* Include the auto-generated decoder. */
+#include "decode.inc.c"
+
+void rx_cpu_dump_state(CPUState *cs, FILE *f, int flags)
+{
+RXCPU *cpu = RXCPU(cs);
+CPURXState *env = >env;
+int i;
+uint32_t psw;
+
+psw = rx_cpu_pack_psw(env);
+qemu_fprintf(f, "pc=0x%08x psw=0x%08x\n",
+ env->pc, psw);
+for (i = 0; i < 16; i += 4) {
+qemu_fprintf(f, "r%d=0x%08x r%d=0x%08x r%d=0x%08x r%d=0x%08x\n",
+ i, env->regs[i], i + 1, env->regs[i + 1],
+ i + 2, env->regs[i + 2], i + 3, env->regs[i + 3]);
+}
+}
+
+static bool use_goto_tb(DisasContext *dc, target_ulong dest)
+{
+if (unlikely(dc->base.singlestep_enabled)) {
+return false;
+} else {
+return true;
+}
+}
+
+static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
+{
+if (use_goto_tb(dc, dest)) {
+tcg_gen_goto_tb(n);
+tcg_gen_movi_i32(cpu_pc, dest);
+tcg_gen_exit_tb(dc->base.tb, n);
+} else {
+tcg_gen_movi_i32(cpu_pc, dest);
+if 

[Qemu-devel] [PATCH v14 07/13] hw/char: RX62N serial communication interface (SCI)

[Richard Henderson]

From: Yoshinori Sato 

This module supported only non FIFO type.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-8-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/hw/char/renesas_sci.h |  45 +
 hw/char/renesas_sci.c | 340 ++
 hw/char/Kconfig   |   3 +
 hw/char/Makefile.objs |   1 +
 4 files changed, 389 insertions(+)
 create mode 100644 include/hw/char/renesas_sci.h
 create mode 100644 hw/char/renesas_sci.c

diff --git a/include/hw/char/renesas_sci.h b/include/hw/char/renesas_sci.h
new file mode 100644
index 00..50d1336944
--- /dev/null
+++ b/include/hw/char/renesas_sci.h
@@ -0,0 +1,45 @@
+/*
+ * Renesas Serial Communication Interface
+ *
+ * Copyright (c) 2018 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#include "chardev/char-fe.h"
+#include "qemu/timer.h"
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_SCI "renesas-sci"
+#define RSCI(obj) OBJECT_CHECK(RSCIState, (obj), TYPE_RENESAS_SCI)
+
+enum {
+ERI = 0,
+RXI = 1,
+TXI = 2,
+TEI = 3,
+SCI_NR_IRQ = 4,
+};
+
+typedef struct {
+SysBusDevice parent_obj;
+MemoryRegion memory;
+
+uint8_t smr;
+uint8_t brr;
+uint8_t scr;
+uint8_t tdr;
+uint8_t ssr;
+uint8_t rdr;
+uint8_t scmr;
+uint8_t semr;
+
+uint8_t read_ssr;
+int64_t trtime;
+int64_t rx_next;
+QEMUTimer *timer;
+CharBackend chr;
+uint64_t input_freq;
+qemu_irq irq[SCI_NR_IRQ];
+} RSCIState;
diff --git a/hw/char/renesas_sci.c b/hw/char/renesas_sci.c
new file mode 100644
index 00..6298cbf43a
--- /dev/null
+++ b/hw/char/renesas_sci.c
@@ -0,0 +1,340 @@
+/*
+ * Renesas Serial Communication Interface
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/char/renesas_sci.h"
+#include "qemu/error-report.h"
+
+/* SCI register map */
+REG8(SMR, 0)
+  FIELD(SMR, CKS,  0, 2)
+  FIELD(SMR, MP,   2, 1)
+  FIELD(SMR, STOP, 3, 1)
+  FIELD(SMR, PM,   4, 1)
+  FIELD(SMR, PE,   5, 1)
+  FIELD(SMR, CHR,  6, 1)
+  FIELD(SMR, CM,   7, 1)
+REG8(BRR, 1)
+REG8(SCR, 2)
+  FIELD(SCR, CKE, 0, 2)
+  FIELD(SCR, TEIE, 2, 1)
+  FIELD(SCR, MPIE, 3, 1)
+  FIELD(SCR, RE,   4, 1)
+  FIELD(SCR, TE,   5, 1)
+  FIELD(SCR, RIE,  6, 1)
+  FIELD(SCR, TIE,  7, 1)
+REG8(TDR, 3)
+REG8(SSR, 4)
+  FIELD(SSR, MPBT, 0, 1)
+  FIELD(SSR, MPB,  1, 1)
+  FIELD(SSR, TEND, 2, 1)
+  FIELD(SSR, ERR, 3, 3)
+FIELD(SSR, PER,  3, 1)
+FIELD(SSR, FER,  4, 1)
+FIELD(SSR, ORER, 5, 1)
+  FIELD(SSR, RDRF, 6, 1)
+  FIELD(SSR, TDRE, 7, 1)
+REG8(RDR, 5)
+REG8(SCMR, 6)
+  FIELD(SCMR, SMIF, 0, 1)
+  FIELD(SCMR, SINV, 2, 1)
+  FIELD(SCMR, SDIR, 3, 1)
+  FIELD(SCMR, BCP2, 7, 1)
+REG8(SEMR, 7)
+  FIELD(SEMR, ACS0, 0, 1)
+  FIELD(SEMR, ABCS, 4, 1)
+
+static int can_receive(void *opaque)
+{
+RSCIState *sci = RSCI(opaque);
+if (sci->rx_next > qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)) {
+return 0;
+} else {
+return FIELD_EX8(sci->scr, SCR, RE);
+}
+}
+
+static void receive(void *opaque, const uint8_t *buf, int size)
+{
+RSCIState *sci = RSCI(opaque);
+sci->rx_next = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + sci->trtime;
+if (FIELD_EX8(sci->ssr, SSR, RDRF) || size > 1) {
+sci->ssr = FIELD_DP8(sci->ssr, SSR, ORER, 1);
+if (FIELD_EX8(sci->scr, SCR, RIE)) {
+qemu_set_irq(sci->irq[ERI], 1);
+}
+} else {
+sci->rdr = buf[0];
+sci->ssr = FIELD_DP8(sci->ssr, SSR, RDRF, 1);
+if (FIELD_EX8(sci->scr, SCR, RIE)) {
+qemu_irq_pulse(sci->irq[RXI]);
+}
+}
+}
+
+static void send_byte(RSCIState *sci)
+{
+if (qemu_chr_fe_backend_connected(>chr)) {
+qemu_chr_fe_write_all(>chr, >tdr, 1);
+}
+timer_mod(sci->timer,
+  qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + sci->trtime);
+sci->ssr = FIELD_DP8(sci->ssr, SSR, 

[Qemu-devel] [PATCH v14 09/13] qemu/bitops.h: Add extract8 and extract16

[Richard Henderson]

From: Yoshinori Sato 

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-12-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/qemu/bitops.h | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/include/qemu/bitops.h b/include/qemu/bitops.h
index 3f0926cf40..764f9d1ea0 100644
--- a/include/qemu/bitops.h
+++ b/include/qemu/bitops.h
@@ -300,6 +300,44 @@ static inline uint32_t extract32(uint32_t value, int 
start, int length)
 return (value >> start) & (~0U >> (32 - length));
 }
 
+/**
+ * extract8:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 8 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 8 bit word. It is valid to request that
+ * all 8 bits are returned (ie @length 8 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint8_t extract8(uint8_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 8 - start);
+return extract32(value, start, length);
+}
+
+/**
+ * extract16:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 16 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 16 bit word. It is valid to request that
+ * all 16 bits are returned (ie @length 16 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint16_t extract16(uint16_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 16 - start);
+return extract32(value, start, length);
+}
+
 /**
  * extract64:
  * @value: the value to extract the bit field from
-- 
2.17.1

[Qemu-devel] [PATCH v14 11/13] target/rx: Convert to CPUClass::tlb_fill

[Richard Henderson]

The interface for tlb_fill has changed very recently.
Move the function into cpu.c so that it may be static
while assigning to the CPUClass methods.

Signed-off-by: Richard Henderson 
---
 target/rx/cpu.c   | 14 ++
 target/rx/op_helper.c | 11 ---
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index 4b96f2e463..3268077d08 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -143,6 +143,19 @@ static void rx_cpu_disas_set_info(CPUState *cpu, 
disassemble_info *info)
 info->print_insn = print_insn_rx;
 }
 
+static bool rx_cpu_tlb_fill(CPUState *cs, vaddr addr, int size,
+MMUAccessType access_type, int mmu_idx,
+bool probe, uintptr_t retaddr)
+{
+uint32_t address, physical, prot;
+
+/* Linear mapping */
+address = physical = addr & TARGET_PAGE_MASK;
+prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+tlb_set_page(cs, address, physical, prot, mmu_idx, TARGET_PAGE_SIZE);
+return true;
+}
+
 static void rx_cpu_init(Object *obj)
 {
 CPUState *cs = CPU(obj);
@@ -177,6 +190,7 @@ static void rxcpu_class_init(ObjectClass *klass, void *data)
 cc->get_phys_page_debug = rx_cpu_get_phys_page_debug;
 cc->disas_set_info = rx_cpu_disas_set_info;
 cc->tcg_initialize = rx_translate_init;
+cc->tlb_fill = rx_cpu_tlb_fill;
 
 cc->gdb_num_core_regs = 26;
 }
diff --git a/target/rx/op_helper.c b/target/rx/op_helper.c
index 9a460070e9..fb7ae3c3ec 100644
--- a/target/rx/op_helper.c
+++ b/target/rx/op_helper.c
@@ -468,14 +468,3 @@ void QEMU_NORETURN helper_rxbrk(CPURXState *env)
 {
 raise_exception(env, 0x100, 0);
 }
-
-void tlb_fill(CPUState *cs, target_ulong addr, int size,
-  MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
-{
-uint32_t address, physical, prot;
-
-/* Linear mapping */
-address = physical = addr & TARGET_PAGE_MASK;
-prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
-tlb_set_page(cs, address, physical, prot, mmu_idx, TARGET_PAGE_SIZE);
-}
-- 
2.17.1

[Qemu-devel] [PATCH v14 10/13] hw/registerfields.h: Add 8bit and 16bit register macros

[Richard Henderson]

From: Yoshinori Sato 

Some RX peripheral using 8bit and 16bit registers.
Added 8bit and 16bit APIs.

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-11-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/hw/registerfields.h | 32 +++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h
index 2659a58737..a0bb0654d6 100644
--- a/include/hw/registerfields.h
+++ b/include/hw/registerfields.h
@@ -22,6 +22,14 @@
 enum { A_ ## reg = (addr) };  \
 enum { R_ ## reg = (addr) / 4 };
 
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };
+
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };
+
 /* Define SHIFT, LENGTH and MASK constants for a field within a register */
 
 /* This macro will define R_FOO_BAR_MASK, R_FOO_BAR_SHIFT and R_FOO_BAR_LENGTH
@@ -34,6 +42,12 @@
 MAKE_64BIT_MASK(shift, length)};
 
 /* Extract a field from a register */
+#define FIELD_EX8(storage, reg, field)\
+extract8((storage), R_ ## reg ## _ ## field ## _SHIFT,\
+  R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_EX16(storage, reg, field)   \
+extract16((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH)
 #define FIELD_EX32(storage, reg, field)   \
 extract32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH)
@@ -49,6 +63,22 @@
  * Assigning values larger then the target field will result in
  * compilation warnings.
  */
+#define FIELD_DP8(storage, reg, field, val) ({\
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint8_t d;\
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
+#define FIELD_DP16(storage, reg, field, val) ({   \
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint16_t d;   \
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
 #define FIELD_DP32(storage, reg, field, val) ({   \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
@@ -57,7 +87,7 @@
 d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
 d; })
-#define FIELD_DP64(storage, reg, field, val) ({   \
+#define FIELD_DP64(storage, reg, field, val) ({ \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
 } v = { .v = val };   \
-- 
2.17.1

[Qemu-devel] [PATCH v14 06/13] hw/timer: RX62N internal timer modules

[Richard Henderson]

From: Yoshinori Sato 

renesas_tmr: 8bit timer modules.
renesas_cmt: 16bit compare match timer modules.
This part use many renesas's CPU.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-7-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/hw/timer/renesas_cmt.h |  38 +++
 include/hw/timer/renesas_tmr.h |  53 
 hw/timer/renesas_cmt.c | 275 
 hw/timer/renesas_tmr.c | 455 +
 hw/timer/Kconfig   |   6 +
 hw/timer/Makefile.objs |   3 +
 6 files changed, 830 insertions(+)
 create mode 100644 include/hw/timer/renesas_cmt.h
 create mode 100644 include/hw/timer/renesas_tmr.h
 create mode 100644 hw/timer/renesas_cmt.c
 create mode 100644 hw/timer/renesas_tmr.c

diff --git a/include/hw/timer/renesas_cmt.h b/include/hw/timer/renesas_cmt.h
new file mode 100644
index 00..acd25c6e0b
--- /dev/null
+++ b/include/hw/timer/renesas_cmt.h
@@ -0,0 +1,38 @@
+/*
+ * Renesas Compare-match timer Object
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#ifndef HW_RENESAS_CMT_H
+#define HW_RENESAS_CMT_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_CMT "renesas-cmt"
+#define RCMT(obj) OBJECT_CHECK(RCMTState, (obj), TYPE_RENESAS_CMT)
+
+enum {
+CMT_CH = 2,
+CMT_NR_IRQ = 1 * CMT_CH,
+};
+
+typedef struct RCMTState {
+SysBusDevice parent_obj;
+
+uint64_t input_freq;
+MemoryRegion memory;
+
+uint16_t cmstr;
+uint16_t cmcr[CMT_CH];
+uint16_t cmcnt[CMT_CH];
+uint16_t cmcor[CMT_CH];
+int64_t tick[CMT_CH];
+qemu_irq cmi[CMT_CH];
+QEMUTimer *timer[CMT_CH];
+} RCMTState;
+
+#endif
diff --git a/include/hw/timer/renesas_tmr.h b/include/hw/timer/renesas_tmr.h
new file mode 100644
index 00..5787004c74
--- /dev/null
+++ b/include/hw/timer/renesas_tmr.h
@@ -0,0 +1,53 @@
+/*
+ * Renesas 8bit timer Object
+ *
+ * Copyright (c) 2018 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#ifndef HW_RENESAS_TMR_H
+#define HW_RENESAS_TMR_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_TMR "renesas-tmr"
+#define RTMR(obj) OBJECT_CHECK(RTMRState, (obj), TYPE_RENESAS_TMR)
+
+enum timer_event {
+cmia = 0,
+cmib = 1,
+ovi = 2,
+none = 3,
+TMR_NR_EVENTS = 4
+};
+
+enum {
+TMR_CH = 2,
+TMR_NR_IRQ = 3 * TMR_CH,
+};
+
+typedef struct RTMRState {
+SysBusDevice parent_obj;
+
+uint64_t input_freq;
+MemoryRegion memory;
+
+uint8_t tcnt[TMR_CH];
+uint8_t tcora[TMR_CH];
+uint8_t tcorb[TMR_CH];
+uint8_t tcr[TMR_CH];
+uint8_t tccr[TMR_CH];
+uint8_t tcor[TMR_CH];
+uint8_t tcsr[TMR_CH];
+int64_t tick;
+int64_t div_round[TMR_CH];
+enum timer_event next[TMR_CH];
+qemu_irq cmia[TMR_CH];
+qemu_irq cmib[TMR_CH];
+qemu_irq ovi[TMR_CH];
+QEMUTimer *timer[TMR_CH];
+} RTMRState;
+
+#endif
diff --git a/hw/timer/renesas_cmt.c b/hw/timer/renesas_cmt.c
new file mode 100644
index 00..a2a2b92055
--- /dev/null
+++ b/hw/timer/renesas_cmt.c
@@ -0,0 +1,275 @@
+/*
+ * Renesas 16bit Compare-match timer
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "qemu/timer.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/timer/renesas_cmt.h"
+#include "qemu/error-report.h"
+
+/*
+ *  +0 CMSTR - common control
+ *  +2 CMCR  - ch0
+ *  +4 CMCNT - ch0
+ *  +6 CMCOR - ch0
+ *  +8 CMCR  - ch1
+ * +10 CMCNT - ch1
+ * +12 CMCOR - ch1
+ * If we think that the address of CH 0 has an offset of +2,
+ * we can treat it with the same address as CH 1, so define it like that.
+ */
+REG16(CMSTR, 0)
+  FIELD(CMSTR, STR0, 0, 1)
+  FIELD(CMSTR, STR1, 1, 1)
+  FIELD(CMSTR, STR,  0, 2)
+/* This addeess is channel offset */
+REG16(CMCR, 0)
+  FIELD(CMCR, CKS, 0, 2)
+  FIELD(CMCR, CMIE, 6, 1)
+REG16(CMCNT, 2)
+REG16(CMCOR, 4)
+
+static void update_events(RCMTState *cmt, int ch)
+{
+

[Qemu-devel] [PATCH v14 03/13] target/rx: CPU definition

[Richard Henderson]

From: Yoshinori Sato 

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Message-Id: <20190516055244.95559-4-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 target/rx/cpu.h | 227 
 target/rx/cpu.c | 222 +++
 target/rx/gdbstub.c | 112 ++
 target/rx/monitor.c |  38 
 4 files changed, 599 insertions(+)
 create mode 100644 target/rx/cpu.h
 create mode 100644 target/rx/cpu.c
 create mode 100644 target/rx/gdbstub.c
 create mode 100644 target/rx/monitor.c

diff --git a/target/rx/cpu.h b/target/rx/cpu.h
new file mode 100644
index 00..fa07c25af4
--- /dev/null
+++ b/target/rx/cpu.h
@@ -0,0 +1,227 @@
+/*
+ *  RX emulation definition
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef RX_CPU_H
+#define RX_CPU_H
+
+#include "qemu/bitops.h"
+#include "qemu-common.h"
+#include "hw/registerfields.h"
+#include "qom/cpu.h"
+
+#define TYPE_RXCPU "rxcpu"
+
+#define RXCPU_CLASS(klass) \
+OBJECT_CLASS_CHECK(RXCPUClass, (klass), TYPE_RXCPU)
+#define RXCPU(obj) \
+OBJECT_CHECK(RXCPU, (obj), TYPE_RXCPU)
+#define RXCPU_GET_CLASS(obj) \
+OBJECT_GET_CLASS(RXCPUClass, (obj), TYPE_RXCPU)
+
+/*
+ * RXCPUClass:
+ * @parent_realize: The parent class' realize handler.
+ * @parent_reset: The parent class' reset handler.
+ *
+ * A RX CPU model.
+ */
+typedef struct RXCPUClass {
+/*< private >*/
+CPUClass parent_class;
+/*< public >*/
+
+DeviceRealize parent_realize;
+void (*parent_reset)(CPUState *cpu);
+
+} RXCPUClass;
+
+#define TARGET_LONG_BITS 32
+#define TARGET_PAGE_BITS 12
+
+#define CPUArchState struct CPURXState
+
+#include "exec/cpu-defs.h"
+
+#define TARGET_PHYS_ADDR_SPACE_BITS 32
+#define TARGET_VIRT_ADDR_SPACE_BITS 32
+
+/* PSW define */
+REG32(PSW, 0)
+FIELD(PSW, C, 0, 1)
+FIELD(PSW, Z, 1, 1)
+FIELD(PSW, S, 2, 1)
+FIELD(PSW, O, 3, 1)
+FIELD(PSW, I, 16, 1)
+FIELD(PSW, U, 17, 1)
+FIELD(PSW, PM, 20, 1)
+FIELD(PSW, IPL, 24, 4)
+
+/* FPSW define */
+REG32(FPSW, 0)
+FIELD(FPSW, RM, 0, 2)
+FIELD(FPSW, CV, 2, 1)
+FIELD(FPSW, CO, 3, 1)
+FIELD(FPSW, CZ, 4, 1)
+FIELD(FPSW, CU, 5, 1)
+FIELD(FPSW, CX, 6, 1)
+FIELD(FPSW, CE, 7, 1)
+FIELD(FPSW, CAUSE, 2, 6)
+FIELD(FPSW, DN, 8, 1)
+FIELD(FPSW, EV, 10, 1)
+FIELD(FPSW, EO, 11, 1)
+FIELD(FPSW, EZ, 12, 1)
+FIELD(FPSW, EU, 13, 1)
+FIELD(FPSW, EX, 14, 1)
+FIELD(FPSW, ENABLE, 10, 5)
+FIELD(FPSW, FV, 26, 1)
+FIELD(FPSW, FO, 27, 1)
+FIELD(FPSW, FZ, 28, 1)
+FIELD(FPSW, FU, 29, 1)
+FIELD(FPSW, FX, 30, 1)
+FIELD(FPSW, FLAGS, 26, 4)
+FIELD(FPSW, FS, 31, 1)
+
+#define NB_MMU_MODES 1
+#define MMU_MODE0_SUFFIX _all
+
+enum {
+NUM_REGS = 16,
+};
+
+typedef struct CPURXState {
+/* CPU registers */
+uint32_t regs[NUM_REGS];/* general registers */
+uint32_t psw_o; /* O bit of status register */
+uint32_t psw_s; /* S bit of status register */
+uint32_t psw_z; /* Z bit of status register */
+uint32_t psw_c; /* C bit of status register */
+uint32_t psw_u;
+uint32_t psw_i;
+uint32_t psw_pm;
+uint32_t psw_ipl;
+uint32_t bpsw;  /* backup status */
+uint32_t bpc;   /* backup pc */
+uint32_t isp;   /* global base register */
+uint32_t usp;   /* vector base register */
+uint32_t pc;/* program counter */
+uint32_t intb;  /* interrupt vector */
+uint32_t fintv;
+uint32_t fpsw;
+uint64_t acc;
+
+/* Fields up to this point are cleared by a CPU reset */
+struct {} end_reset_fields;
+
+/* Internal use */
+uint32_t in_sleep;
+uint32_t req_irq;   /* Requested interrupt no (hard) */
+uint32_t req_ipl;   /* Requested interrupt level */
+uint32_t ack_irq;   /* execute irq */
+uint32_t ack_ipl;   /* execute ipl */
+float_status fp_status;
+qemu_irq ack;  /* Interrupt acknowledge */
+
+CPU_COMMON
+} CPURXState;
+
+/*
+ * RXCPU:
+ * @env: #CPURXState
+ *
+ * A RX CPU
+ */
+struct RXCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPURXState env;
+};
+
+typedef struct RXCPU RXCPU;
+
+static inline RXCPU *rx_env_get_cpu(CPURXState *env)
+{
+return container_of(env, RXCPU, env);

[Qemu-devel] [PATCH v14 04/13] target/rx: RX disassembler

[Richard Henderson]

From: Yoshinori Sato 

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-5-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/disas/dis-asm.h |5 +
 target/rx/disas.c   | 1480 +++
 2 files changed, 1485 insertions(+)
 create mode 100644 target/rx/disas.c

diff --git a/include/disas/dis-asm.h b/include/disas/dis-asm.h
index 9240ec32c2..de17792e88 100644
--- a/include/disas/dis-asm.h
+++ b/include/disas/dis-asm.h
@@ -226,6 +226,10 @@ enum bfd_architecture
 #define bfd_mach_nios2r22
   bfd_arch_lm32,   /* Lattice Mico32 */
 #define bfd_mach_lm32 1
+  bfd_arch_rx,   /* Renesas RX */
+#define bfd_mach_rx0x75
+#define bfd_mach_rx_v2 0x76
+#define bfd_mach_rx_v3 0x77
   bfd_arch_last
   };
 #define bfd_mach_s390_31 31
@@ -433,6 +437,7 @@ int print_insn_little_nios2 (bfd_vma, 
disassemble_info*);
 int print_insn_xtensa   (bfd_vma, disassemble_info*);
 int print_insn_riscv32  (bfd_vma, disassemble_info*);
 int print_insn_riscv64  (bfd_vma, disassemble_info*);
+int print_insn_rx(bfd_vma, disassemble_info *);
 
 #if 0
 /* Fetch the disassembler for a given BFD, if that support is available.  */
diff --git a/target/rx/disas.c b/target/rx/disas.c
new file mode 100644
index 00..8cada4825d
--- /dev/null
+++ b/target/rx/disas.c
@@ -0,0 +1,1480 @@
+/*
+ * Renesas RX Disassembler
+ *
+ * Copyright (c) 2019 Yoshinori Sato 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "disas/dis-asm.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+
+typedef struct DisasContext {
+disassemble_info *dis;
+uint32_t addr;
+uint32_t pc;
+} DisasContext;
+
+
+static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
+   int i, int n)
+{
+bfd_byte buf;
+while (++i <= n) {
+ctx->dis->read_memory_func(ctx->addr++, , 1, ctx->dis);
+insn |= buf << (32 - i * 8);
+}
+return insn;
+}
+
+static int32_t li(DisasContext *ctx, int sz)
+{
+int32_t addr;
+bfd_byte buf[4];
+addr = ctx->addr;
+
+switch (sz) {
+case 1:
+ctx->addr += 1;
+ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
+return (int8_t)buf[0];
+case 2:
+ctx->addr += 2;
+ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
+return ldsw_le_p(buf);
+case 3:
+ctx->addr += 3;
+ctx->dis->read_memory_func(addr, buf, 3, ctx->dis);
+return (int8_t)buf[2] << 16 | lduw_le_p(buf);
+case 0:
+ctx->addr += 4;
+ctx->dis->read_memory_func(addr, buf, 4, ctx->dis);
+return ldl_le_p(buf);
+default:
+g_assert_not_reached();
+}
+}
+
+static int bdsp_s(DisasContext *ctx, int d)
+{
+/*
+ * 0 -> 8
+ * 1 -> 9
+ * 2 -> 10
+ * 3 -> 3
+ * :
+ * 7 -> 7
+ */
+if (d < 3) {
+d += 8;
+}
+return d;
+}
+
+/* Include the auto-generated decoder.  */
+#include "decode.inc.c"
+
+#define prt(...) (ctx->dis->fprintf_func)((ctx->dis->stream), __VA_ARGS__)
+
+#define RX_MEMORY_BYTE 0
+#define RX_MEMORY_WORD 1
+#define RX_MEMORY_LONG 2
+
+#define RX_IM_BYTE 0
+#define RX_IM_WORD 1
+#define RX_IM_LONG 2
+#define RX_IM_UWORD 3
+
+static const char size[] = {'b', 'w', 'l'};
+static const char cond[][4] = {
+"eq", "ne", "c", "nc", "gtu", "leu", "pz", "n",
+"ge", "lt", "gt", "le", "o", "no", "ra", "f"
+};
+static const char psw[] = {
+'c', 'z', 's', 'o', 0, 0, 0, 0,
+'i', 'u', 0, 0, 0, 0, 0, 0,
+};
+
+static uint32_t rx_index_addr(int ld, int size, DisasContext *ctx)
+{
+bfd_byte buf[2];
+switch (ld) {
+case 0:
+return 0;
+case 1:
+ctx->dis->read_memory_func(ctx->addr, buf, 1, ctx->dis);
+ctx->addr += 1;
+return ((uint8_t)buf[0]) << size;
+case 2:
+ctx->dis->read_memory_func(ctx->addr, buf, 2, ctx->dis);
+ctx->addr += 2;
+return lduw_le_p(buf) << size;
+}
+g_assert_not_reached();
+}
+
+static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
+{
+int dsp;
+static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
+if (ld < 3) {
+switch (mi) {
+case 4:
+/* dsp[rs].ub */
+dsp = 

[Qemu-devel] [PATCH v14 05/13] hw/intc: RX62N interrupt controller (ICUa)

[Richard Henderson]

From: Yoshinori Sato 

This implementation supported only ICUa.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-6-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/hw/intc/rx_icu.h |  56 ++
 hw/intc/rx_icu.c | 376 +++
 hw/intc/Kconfig  |   3 +
 hw/intc/Makefile.objs|   1 +
 4 files changed, 436 insertions(+)
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 hw/intc/rx_icu.c

diff --git a/include/hw/intc/rx_icu.h b/include/hw/intc/rx_icu.h
new file mode 100644
index 00..aab88f2ea7
--- /dev/null
+++ b/include/hw/intc/rx_icu.h
@@ -0,0 +1,56 @@
+#ifndef RX_ICU_H
+#define RX_ICU_H
+
+#include "qemu-common.h"
+#include "hw/irq.h"
+
+enum TRG_MODE {
+TRG_LEVEL = 0,
+TRG_NEDGE = 1, /* Falling */
+TRG_PEDGE = 2, /* Raising */
+TRG_BEDGE = 3, /* Both */
+};
+
+struct IRQSource {
+enum TRG_MODE sense;
+int level;
+};
+
+enum {
+/* Software interrupt request */
+SWI = 27,
+NR_IRQS = 256,
+};
+
+struct RXICUState {
+SysBusDevice parent_obj;
+
+MemoryRegion memory;
+struct IRQSource src[NR_IRQS];
+char *icutype;
+uint32_t nr_irqs;
+uint32_t *map;
+uint32_t nr_sense;
+uint32_t *init_sense;
+
+uint8_t ir[NR_IRQS];
+uint8_t dtcer[NR_IRQS];
+uint8_t ier[NR_IRQS / 8];
+uint8_t ipr[142];
+uint8_t dmasr[4];
+uint16_t fir;
+uint8_t nmisr;
+uint8_t nmier;
+uint8_t nmiclr;
+uint8_t nmicr;
+int req_irq;
+qemu_irq _irq;
+qemu_irq _fir;
+qemu_irq _swi;
+};
+typedef struct RXICUState RXICUState;
+
+#define TYPE_RXICU "rx-icu"
+#define RXICU(obj) OBJECT_CHECK(RXICUState, (obj), TYPE_RXICU)
+
+#endif /* RX_ICU_H */
diff --git a/hw/intc/rx_icu.c b/hw/intc/rx_icu.c
new file mode 100644
index 00..cb28c7a8d2
--- /dev/null
+++ b/hw/intc/rx_icu.c
@@ -0,0 +1,376 @@
+/*
+ * RX Interrupt Control Unit
+ *
+ * Warning: Only ICUa is supported.
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/intc/rx_icu.h"
+#include "qemu/error-report.h"
+
+REG8(IR, 0)
+  FIELD(IR, IR,  0, 1)
+REG8(DTCER, 0x100)
+  FIELD(DTCER, DTCE,  0, 1)
+REG8(IER, 0x200)
+REG8(SWINTR, 0x2e0)
+  FIELD(SWINTR, SWINT, 0, 1)
+REG16(FIR, 0x2f0)
+  FIELD(FIR, FVCT, 0, 8)
+  FIELD(FIR, FIEN, 15, 1)
+REG8(IPR, 0x300)
+  FIELD(IPR, IPR, 0, 4)
+REG8(DMRSR, 0x400)
+REG8(IRQCR, 0x500)
+  FIELD(IRQCR, IRQMD, 2, 2)
+REG8(NMISR, 0x580)
+  FIELD(NMISR, NMIST, 0, 1)
+  FIELD(NMISR, LVDST, 1, 1)
+  FIELD(NMISR, OSTST, 2, 1)
+REG8(NMIER, 0x581)
+  FIELD(NMIER, NMIEN, 0, 1)
+  FIELD(NMIER, LVDEN, 1, 1)
+  FIELD(NMIER, OSTEN, 2, 1)
+REG8(NMICLR, 0x582)
+  FIELD(NMICLR, NMICLR, 0, 1)
+  FIELD(NMICLR, OSTCLR, 2, 1)
+REG8(NMICR, 0x583)
+  FIELD(NMICR, NMIMD, 3, 1)
+
+#define request(icu, n) (icu->ipr[icu->map[n]] << 8 | n)
+
+static void set_irq(RXICUState *icu, int n_IRQ, int req)
+{
+if ((icu->fir & R_FIR_FIEN_MASK) &&
+(icu->fir & R_FIR_FVCT_MASK) == n_IRQ) {
+qemu_set_irq(icu->_fir, req);
+} else {
+qemu_set_irq(icu->_irq, req);
+}
+}
+
+static void rxicu_request(RXICUState *icu, int n_IRQ)
+{
+int enable;
+
+enable = icu->ier[n_IRQ / 8] & (1 << (n_IRQ & 7));
+if (n_IRQ > 0 && enable != 0 && atomic_read(>req_irq) < 0) {
+atomic_set(>req_irq, n_IRQ);
+set_irq(icu, n_IRQ, request(icu, n_IRQ));
+}
+}
+
+static void rxicu_set_irq(void *opaque, int n_IRQ, int level)
+{
+RXICUState *icu = opaque;
+struct IRQSource *src;
+int issue;
+
+if (n_IRQ >= NR_IRQS) {
+error_report("%s: IRQ %d out of range", __func__, n_IRQ);
+return;
+}
+
+src = >src[n_IRQ];
+
+level = (level != 0);
+switch (src->sense) {
+case TRG_LEVEL:
+/* level-sensitive irq */
+issue = level;
+src->level = level;
+break;
+case TRG_NEDGE:
+

[Qemu-devel] [PATCH v14 00/13] RX architecture support

[Richard Henderson]

This is Sato-san's v13, plus the typos that Phil noticed therein,
plus the change to tlb_fill required by

commit d8276573da58e8ce78dab8c46dd660efd664bcb7
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20190510'
Add CPUClass::tlb_fill.
Improve tlb_vaddr_to_host for use by ARM SVE no-fault loads.


r~


Richard Henderson (1):
  target/rx: Convert to CPUClass::tlb_fill

Yoshinori Sato (12):
  target/rx: TCG translation
  target/rx: TCG helper
  target/rx: CPU definition
  target/rx: RX disassembler
  hw/intc: RX62N interrupt controller (ICUa)
  hw/timer: RX62N internal timer modules
  hw/char: RX62N serial communication interface (SCI)
  hw/rx: RX Target hardware definition
  qemu/bitops.h: Add extract8 and extract16
  hw/registerfields.h: Add 8bit and 16bit register macros
  Add rx-softmmu
  MAINTAINERS: Add RX

 include/disas/dis-asm.h|5 +
 include/hw/char/renesas_sci.h  |   45 +
 include/hw/intc/rx_icu.h   |   56 +
 include/hw/registerfields.h|   32 +-
 include/hw/rx/rx.h |7 +
 include/hw/rx/rx62n.h  |   94 ++
 include/hw/timer/renesas_cmt.h |   38 +
 include/hw/timer/renesas_tmr.h |   53 +
 include/qemu/bitops.h  |   38 +
 include/sysemu/arch_init.h |1 +
 target/rx/cpu.h|  227 +++
 target/rx/helper.h |   31 +
 arch_init.c|2 +
 hw/char/renesas_sci.c  |  340 +
 hw/intc/rx_icu.c   |  376 +
 hw/rx/rx-virt.c|  105 ++
 hw/rx/rx62n.c  |  238 
 hw/timer/renesas_cmt.c |  275 
 hw/timer/renesas_tmr.c |  455 ++
 target/rx/cpu.c|  236 
 target/rx/disas.c  | 1480 +++
 target/rx/gdbstub.c|  112 ++
 target/rx/helper.c |  148 ++
 target/rx/monitor.c|   38 +
 target/rx/op_helper.c  |  470 ++
 target/rx/translate.c  | 2432 
 MAINTAINERS|   19 +
 configure  |8 +
 default-configs/rx-softmmu.mak |3 +
 hw/Kconfig |1 +
 hw/char/Kconfig|3 +
 hw/char/Makefile.objs  |1 +
 hw/intc/Kconfig|3 +
 hw/intc/Makefile.objs  |1 +
 hw/rx/Kconfig  |   14 +
 hw/rx/Makefile.objs|2 +
 hw/timer/Kconfig   |6 +
 hw/timer/Makefile.objs |3 +
 target/rx/Makefile.objs|   12 +
 target/rx/insns.decode |  621 
 40 files changed, 8030 insertions(+), 1 deletion(-)
 create mode 100644 include/hw/char/renesas_sci.h
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 include/hw/timer/renesas_cmt.h
 create mode 100644 include/hw/timer/renesas_tmr.h
 create mode 100644 target/rx/cpu.h
 create mode 100644 target/rx/helper.h
 create mode 100644 hw/char/renesas_sci.c
 create mode 100644 hw/intc/rx_icu.c
 create mode 100644 hw/rx/rx-virt.c
 create mode 100644 hw/rx/rx62n.c
 create mode 100644 hw/timer/renesas_cmt.c
 create mode 100644 hw/timer/renesas_tmr.c
 create mode 100644 target/rx/cpu.c
 create mode 100644 target/rx/disas.c
 create mode 100644 target/rx/gdbstub.c
 create mode 100644 target/rx/helper.c
 create mode 100644 target/rx/monitor.c
 create mode 100644 target/rx/op_helper.c
 create mode 100644 target/rx/translate.c
 create mode 100644 default-configs/rx-softmmu.mak
 create mode 100644 hw/rx/Kconfig
 create mode 100644 hw/rx/Makefile.objs
 create mode 100644 target/rx/Makefile.objs
 create mode 100644 target/rx/insns.decode

-- 
2.17.1

[Qemu-devel] [PATCH v14 02/13] target/rx: TCG helper

[Richard Henderson]

From: Yoshinori Sato 

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Message-Id: <20190516055244.95559-3-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 target/rx/helper.h|  31 +++
 target/rx/helper.c| 148 +
 target/rx/op_helper.c | 481 ++
 3 files changed, 660 insertions(+)
 create mode 100644 target/rx/helper.h
 create mode 100644 target/rx/helper.c
 create mode 100644 target/rx/op_helper.c

diff --git a/target/rx/helper.h b/target/rx/helper.h
new file mode 100644
index 00..f0b7ebbbf7
--- /dev/null
+++ b/target/rx/helper.h
@@ -0,0 +1,31 @@
+DEF_HELPER_1(raise_illegal_instruction, noreturn, env)
+DEF_HELPER_1(raise_access_fault, noreturn, env)
+DEF_HELPER_1(raise_privilege_violation, noreturn, env)
+DEF_HELPER_1(wait, noreturn, env)
+DEF_HELPER_1(debug, noreturn, env)
+DEF_HELPER_2(rxint, noreturn, env, i32)
+DEF_HELPER_1(rxbrk, noreturn, env)
+DEF_HELPER_FLAGS_3(fadd, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fsub, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fmul, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fdiv, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fcmp, TCG_CALL_NO_WG, void, env, f32, f32)
+DEF_HELPER_FLAGS_2(ftoi, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(round, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(itof, TCG_CALL_NO_WG, f32, env, i32)
+DEF_HELPER_2(set_fpsw, void, env, i32)
+DEF_HELPER_FLAGS_2(racw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw_rte, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(pack_psw, i32, env)
+DEF_HELPER_FLAGS_3(div, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_3(divu, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_1(scmpu, TCG_CALL_NO_WG, void, env)
+DEF_HELPER_1(smovu, void, env)
+DEF_HELPER_1(smovf, void, env)
+DEF_HELPER_1(smovb, void, env)
+DEF_HELPER_2(sstr, void, env, i32)
+DEF_HELPER_FLAGS_2(swhile, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(suntil, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(rmpa, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(satr, void, env)
diff --git a/target/rx/helper.c b/target/rx/helper.c
new file mode 100644
index 00..1dae74eae7
--- /dev/null
+++ b/target/rx/helper.c
@@ -0,0 +1,148 @@
+/*
+ *  RX emulation
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+#include "exec/log.h"
+#include "exec/cpu_ldst.h"
+#include "sysemu/sysemu.h"
+
+void rx_cpu_unpack_psw(CPURXState *env, uint32_t psw, int rte)
+{
+if (env->psw_pm == 0) {
+env->psw_ipl = FIELD_EX32(psw, PSW, IPL);
+if (rte) {
+/* PSW.PM can write RTE and RTFI */
+env->psw_pm = FIELD_EX32(psw, PSW, PM);
+}
+env->psw_u = FIELD_EX32(psw, PSW, U);
+env->psw_i = FIELD_EX32(psw, PSW, I);
+}
+env->psw_o = FIELD_EX32(psw, PSW, O) << 31;
+env->psw_s = FIELD_EX32(psw, PSW, S) << 31;
+env->psw_z = 1 - FIELD_EX32(psw, PSW, Z);
+env->psw_c = FIELD_EX32(psw, PSW, C);
+}
+
+#define INT_FLAGS (CPU_INTERRUPT_HARD | CPU_INTERRUPT_FIR)
+void rx_cpu_do_interrupt(CPUState *cs)
+{
+RXCPU *cpu = RXCPU(cs);
+CPURXState *env = >env;
+int do_irq = cs->interrupt_request & INT_FLAGS;
+uint32_t save_psw;
+
+env->in_sleep = 0;
+
+if (env->psw_u) {
+env->usp = env->regs[0];
+} else {
+env->isp = env->regs[0];
+}
+save_psw = rx_cpu_pack_psw(env);
+env->psw_pm = env->psw_i = env->psw_u = 0;
+
+if (do_irq) {
+if (do_irq & CPU_INTERRUPT_FIR) {
+env->bpc = env->pc;
+env->bpsw = save_psw;
+env->pc = env->fintv;
+env->psw_ipl = 15;
+cs->interrupt_request &= ~CPU_INTERRUPT_FIR;
+qemu_set_irq(env->ack, env->ack_irq);
+qemu_log_mask(CPU_LOG_INT, "fast interrupt raised\n");
+} else if (do_irq & CPU_INTERRUPT_HARD) {
+env->isp -= 4;
+cpu_stl_all(env, env->isp, save_psw);
+env->isp -= 4;
+cpu_stl_all(env, env->isp, env->pc);
+env->pc = cpu_ldl_all(env, env->intb + env->ack_irq * 4);
+env->psw_ipl = env->ack_ipl;
+cs->interrupt_request &= 

Re: [Qemu-devel] [PATCH 1/6] qemu-bridge-helper: Fix misuse of isspace()

[Jason Wang]

On 2019/5/15 下午9:35, Paolo Bonzini wrote:

On 15/05/19 08:34, Markus Armbruster wrote:

qemu-bridge-helper should have a manual page, and its handling of errors
in ACL include files needs work.  There's probably more; I just glanced
at it.  I'm not volunteering, though.  It lacks a maintainer.  Should we
add it to Jason's "Network device backends"?


Yes.


-netdev's helper parameter is seriously underdocumented.  Document or
deprecate?


I believe management should only use fd parameter of TAP. If we have
other, it should be a duplication. So I suggest to deprecate the
bridge helper and -netdev bridge.

Objections, anyone?

Yes, your honor. :)  The helper is the only way for unprivileged users
to set up TAP networking, which is basically the only really way to have
*working* network.  It's widely used in the wild, it's self-contained
and the only alternative for users is the S-word (hint, it's five
letters long and ends with LIRP).



The issue is it can't deal with e.g vhost-net and multiqueue. We can 
have a simple privileged launcher to do network configuration and pass 
the fds to unprivileged qemu.


Thanks




However, I have no problem with deprecating the helper argument of
"-netdev tap", which is a useless duplication with "-netdev bridge".

Paolo

[Qemu-devel] [PATCH] spapr: Add forgotten capability to migration stream

[David Gibson]

spapr machine capabilities are supposed to be sent in the migration stream
so that we can sanity check the source and destination have compatible
configuration.  Unfortunately, when we added the hpt-max-page-size
capability, we forgot to add it to the migration state.  This means that we
can generate spurious warnings when both ends are configured for large
pages, or potentially fail to warn if the source is configured for huge
pages, but the destination is not.

Fixes: 2309832afda "spapr: Maximum (HPT) pagesize property"

Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 1 +
 hw/ppc/spapr_caps.c| 1 +
 include/hw/ppc/spapr.h | 1 +
 3 files changed, 3 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 8580a8dc67..bcae30ad26 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2125,6 +2125,7 @@ static const VMStateDescription vmstate_spapr = {
 _spapr_cap_cfpc,
 _spapr_cap_sbbc,
 _spapr_cap_ibs,
+_spapr_cap_hpt_maxpagesize,
 _spapr_irq_map,
 _spapr_cap_nested_kvm_hv,
 _spapr_dtb,
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 9b1c10baa6..658eb15a14 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -703,6 +703,7 @@ SPAPR_CAP_MIG_STATE(dfp, SPAPR_CAP_DFP);
 SPAPR_CAP_MIG_STATE(cfpc, SPAPR_CAP_CFPC);
 SPAPR_CAP_MIG_STATE(sbbc, SPAPR_CAP_SBBC);
 SPAPR_CAP_MIG_STATE(ibs, SPAPR_CAP_IBS);
+SPAPR_CAP_MIG_STATE(hpt_maxpagesize, SPAPR_CAP_HPT_MAXPAGESIZE);
 SPAPR_CAP_MIG_STATE(nested_kvm_hv, SPAPR_CAP_NESTED_KVM_HV);
 SPAPR_CAP_MIG_STATE(large_decr, SPAPR_CAP_LARGE_DECREMENTER);
 SPAPR_CAP_MIG_STATE(ccf_assist, SPAPR_CAP_CCF_ASSIST);
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 7e32f309c2..9fc91c8f5e 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -849,6 +849,7 @@ extern const VMStateDescription vmstate_spapr_cap_dfp;
 extern const VMStateDescription vmstate_spapr_cap_cfpc;
 extern const VMStateDescription vmstate_spapr_cap_sbbc;
 extern const VMStateDescription vmstate_spapr_cap_ibs;
+extern const VMStateDescription vmstate_spapr_cap_hpt_maxpagesize;
 extern const VMStateDescription vmstate_spapr_cap_nested_kvm_hv;
 extern const VMStateDescription vmstate_spapr_cap_large_decr;
 extern const VMStateDescription vmstate_spapr_cap_ccf_assist;
-- 
2.21.0

[Qemu-devel] [PULL v2 00/21] Misc patches for 2019-05-15

[Paolo Bonzini]

The following changes since commit e329ad2ab72c43b56df88b34954c2c7d839bb373:

  Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20190513' into 
staging (2019-05-14 10:08:47 +0100)

are available in the git repository at:


  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to ff4a1ff34ba90203845d9668d4ef7d7b5973c64b:

  hw/net/ne2000: Extract the PCI device from the chipset common code 
(2019-05-15 11:56:54 +0200)


Mostly bugfixes and cleanups, the most important being
"megasas: fix mapped frame size" from Peter Lieven.
In addition, -realtime is marked as deprecated.


Chen Zhang (1):
  hvf: Add missing break statement

Igor Mammedov (1):
  roms: assert if max rom size is less than the used size

Laurent Vivier (5):
  trace: only include trace-event-subdirs when they are needed
  build: replace GENERATED_FILES by generated-files-y
  configure: qemu-ga is only needed with softmmu targets
  build: chardev is only needed for softmmu targets
  build: don't build hardware objects with linux-user

Marc-André Lureau (1):
  vl: fix -sandbox parsing crash when seccomp support is disabled

Paolo Bonzini (2):
  mips-fulong2e: obey -vga none
  sun4m: obey -vga none

Peter Lieven (1):
  megasas: fix mapped frame size

Philippe Mathieu-Daudé (5):
  vl: Add missing descriptions to the VGA adapters list
  hw/acpi/piix4: Move TYPE_PIIX4_PM to a public header
  hw/i386/acpi: Add object_resolve_type_unambiguous to improve modularity
  hw/i386/acpi: Assert a pointer is not null BEFORE using it
  hw/net/ne2000: Extract the PCI device from the chipset common code

Thomas Huth (3):
  hw/input: Add a CONFIG_PS2 switch for the ps2.c file
  Declare -realtime as deprecated
  hw/char: Move multi-serial devices into separate file

Vitaly Kuznetsov (1):
  ioapic: allow buggy guests mishandling level-triggered interrupts to make 
progress

Wei Yang (1):
  memory: correct the comment to DIRTY_MEMORY_MIGRATION

 Makefile  |  43 
 Makefile.objs |  22 ++--
 Makefile.target   |   6 +-
 configure |   4 +-
 hw/acpi/piix4.c   |  13 ---
 hw/char/Kconfig   |   6 ++
 hw/char/Makefile.objs |   1 +
 hw/char/serial-pci-multi.c| 208 ++
 hw/char/serial-pci.c  | 170 ---
 hw/core/loader.c  |   1 +
 hw/i386/acpi-build.c  |  22 +++-
 hw/input/Kconfig  |   5 +
 hw/input/Makefile.objs|   2 +-
 hw/intc/ioapic.c  |  57 ++-
 hw/intc/trace-events  |   1 +
 hw/isa/lpc_ich9.c |  11 --
 hw/mips/mips_fulong2e.c   |  10 +-
 hw/net/Kconfig|   7 +-
 hw/net/Makefile.objs  |   3 +-
 hw/net/ne2000-pci.c   | 132 
 hw/net/ne2000.c   | 105 ---
 hw/scsi/megasas.c |   2 +-
 hw/sparc/sun4m.c  |   6 +-
 include/hw/acpi/piix4.h   |   2 +-
 include/hw/i386/ich9.h|   2 -
 include/hw/i386/ioapic_internal.h |   3 +
 memory.c  |   4 +-
 qemu-deprecated.texi  |   5 +
 target/i386/hvf/hvf.c |   1 +
 target/s390x/Makefile.objs|   2 +-
 tests/Makefile.include| 116 ++---
 vl.c  |  22 ++--
 32 files changed, 568 insertions(+), 426 deletions(-)
 create mode 100644 hw/char/serial-pci-multi.c
 create mode 100644 hw/net/ne2000-pci.c
-- 
1.8.3.1

Re: [Qemu-devel] [PULL 00/37] pci, pc, virtio: features, fixes

[Wei Yang]

On Fri, May 17, 2019 at 10:59:03AM +0800, Wei Yang wrote:
>On Thu, May 16, 2019 at 08:53:04PM +0200, Philippe Mathieu-Daudé wrote:
>>On Thu, May 16, 2019 at 8:33 PM Philippe Mathieu-Daudé
>> wrote:
>>> On 5/16/19 6:04 PM, Peter Maydell wrote:
>>> > On Thu, 16 May 2019 at 13:17, Michael S. Tsirkin  wrote:
>>> >>
>>> >> The following changes since commit 
>>> >> efb4f3b62c69383a7308d7b739a3193e7c0ccae8:
>>> >>
>>> >>   Merge remote-tracking branch 
>>> >> 'remotes/stefanha/tags/block-pull-request' into staging (2019-05-10 
>>> >> 14:49:36 +0100)
>>> >>
>>> >> are available in the Git repository at:
>>> >>
>>> >>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>>> >>
>>> >> for you to fetch changes up to 0534d255dae78450d90d59db0f3a9a46b32ebd73:
>>> >>
>>> >>   tests: acpi: print error unable to dump ACPI table during rebuild 
>>> >> (2019-05-14 21:19:14 -0400)
>>> >>
>>> >> 
>>> >> pci, pc, virtio: features, fixes
>>> >>
>>> >> reconnect for vhost blk
>>> >> tests for UEFI
>>> >> misc other stuff
>>> >>
>>> >> Signed-off-by: Michael S. Tsirkin 
>>> >>
>>> >> 
>>> >
>>> > Hi -- this pullreq has a conflict in default-configs/arm-softmmu.mak
>>> > because the conversion of arm to Kconfig has landed in master.
>>> > Could you rebase and fix up to use whatever the Kconfig
>>> > equivalent of these changes is, please?
>>>
>>> Culprit is "hw/acpi: Consolidate build_mcfg to pci.c"
>>>
>>> The conflict doesn't look trivial to resolve (to me) so I'd rather see
>>> it reviewed (by Thomas). I suggest to drop the patch(es) from your PR :(
>>
>>Thomas, FYI I did this to resolve the conflict:
>>
>>- keep default-configs/arm-softmmu.mak from master:
>>
>>  git checkout origin/master default-configs/arm-softmmu.mak
>>
>>- applied the following !fixup snippet:
>>
>>-- >8 --
>>--- a/hw/acpi/Kconfig
>>+++ b/hw/acpi/Kconfig
>>@@ -25,7 +25,7 @@ config ACPI_NVDIMM
>>
>> config ACPI_PCI
>> bool
>>-depends on ACPI
>>+depends on ACPI && PCI
>>
>>---
>>
>>I felt it easier to review on top of "hw/acpi: Improve build modularity"
>>https://lists.gnu.org/archive/html/qemu-devel/2019-04/msg04718.html
>>
>
>Well, I hope this will not block the merge.
>
>I took a look in the change of default-configs/arm-softmmu.mak. The general
>idea from Thomas is put those hard-coded config to Kconfig.
>
>This is fine and what I need to change in my patch is to select ACPI_PCI in
>the proper place, if my understanding is correct.
>
>Two things I need to fix:
>
>  * add select ACPI_PCI in proper place of hw/arm/Kconfig
>  * add a dummy build_mcfg() for link when ACPI_PCI is not configured.
>
>Then I have two questions:
>
>  * In hw/arm/Kconfig, I don't see one option contains both PCI and ACPI. I am
>confused where to put the select.
>  * put dummy build_mcfg() in aml-build.c works. Igor, do you like this? Or
>you haver other preference?

Hmm... put build_mcfg() in aml-build.c seems not work when we config both x86
and arm. e.g. --target-list=x86_64-softmmu,arm-softmmu. Because we only have
one aml-build.o object file.

What comes into my mind is wrap build_mcfg() with #ifdef CONFIG_ACPI_PCI.

Any better idea?

>
>>Sadly both series clash :(
>>
>>Regards,
>>
>>Phil.
>
>-- 
>Wei Yang
>Help you, Help me

-- 
Wei Yang
Help you, Help me

Re: [Qemu-devel] Pentium Pro Feature Bugs

[tedheadster]

On Thu, May 16, 2019 at 10:57 PM Paolo Bonzini  wrote:
>
> On 17/05/19 02:30, tedheadster wrote:
> > Paolo,
> >   I am running the kvm32 machine and I see a problem. Here is the
> > output of /proc/cpuinfo :
> >
> > flags   : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca
> > cmov constant_tsc
> >
> > I see something rather important missing: cpuid.
> >
> > A lot of stuff breaks without cpuid, and I am fairly sure that qemu is
> > supposed to 'hard code' in support for it. It is present with both my
> > i486 and i586 virtual machines.
> >
> > - Matthew
> >
>
> That's weird... The cpuid flag does not come from QEMU, it is a "soft"
> flag determined by trying to toggle EFLAGS.ID and EFLAGS.ID behaves the
> same for all CPU models.  What else do you see in /proc/cpuinfo?
>
> Paolo

Here is all of /proc/cpuinfo

processor   : 7
vendor_id   : GenuineIntel
cpu family  : 15
model   : 6
model name  : Common 32-bit KVM processor
stepping: 1
microcode   : 0x1
cpu MHz : 2394.405
cache size  : 16384 KB
physical id : 7
siblings: 1
core id : 0
cpu cores   : 1
apicid  : 7
initial apicid  : 7
fdiv_bug: no
f00f_bug: no
coma_bug: no
fpu : yes
fpu_exception   : yes
cpuid level : 5
wp  : yes
stant_tsc: fpu vme de pse tsc msr pae mce cx8 apic
mtrr pge mca cmov cons
bugs: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
bogomips: 4789.21
clflush size: 32
cache_alignment : 32
address sizes   : 32 bits physical, 0 bits virtual
power management:

Re: [Qemu-devel] [PULL 00/37] pci, pc, virtio: features, fixes

[Wei Yang]

On Thu, May 16, 2019 at 08:53:04PM +0200, Philippe Mathieu-Daudé wrote:
>On Thu, May 16, 2019 at 8:33 PM Philippe Mathieu-Daudé
> wrote:
>> On 5/16/19 6:04 PM, Peter Maydell wrote:
>> > On Thu, 16 May 2019 at 13:17, Michael S. Tsirkin  wrote:
>> >>
>> >> The following changes since commit 
>> >> efb4f3b62c69383a7308d7b739a3193e7c0ccae8:
>> >>
>> >>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
>> >> into staging (2019-05-10 14:49:36 +0100)
>> >>
>> >> are available in the Git repository at:
>> >>
>> >>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>> >>
>> >> for you to fetch changes up to 0534d255dae78450d90d59db0f3a9a46b32ebd73:
>> >>
>> >>   tests: acpi: print error unable to dump ACPI table during rebuild 
>> >> (2019-05-14 21:19:14 -0400)
>> >>
>> >> 
>> >> pci, pc, virtio: features, fixes
>> >>
>> >> reconnect for vhost blk
>> >> tests for UEFI
>> >> misc other stuff
>> >>
>> >> Signed-off-by: Michael S. Tsirkin 
>> >>
>> >> 
>> >
>> > Hi -- this pullreq has a conflict in default-configs/arm-softmmu.mak
>> > because the conversion of arm to Kconfig has landed in master.
>> > Could you rebase and fix up to use whatever the Kconfig
>> > equivalent of these changes is, please?
>>
>> Culprit is "hw/acpi: Consolidate build_mcfg to pci.c"
>>
>> The conflict doesn't look trivial to resolve (to me) so I'd rather see
>> it reviewed (by Thomas). I suggest to drop the patch(es) from your PR :(
>
>Thomas, FYI I did this to resolve the conflict:
>
>- keep default-configs/arm-softmmu.mak from master:
>
>  git checkout origin/master default-configs/arm-softmmu.mak
>
>- applied the following !fixup snippet:
>
>-- >8 --
>--- a/hw/acpi/Kconfig
>+++ b/hw/acpi/Kconfig
>@@ -25,7 +25,7 @@ config ACPI_NVDIMM
>
> config ACPI_PCI
> bool
>-depends on ACPI
>+depends on ACPI && PCI
>
>---
>
>I felt it easier to review on top of "hw/acpi: Improve build modularity"
>https://lists.gnu.org/archive/html/qemu-devel/2019-04/msg04718.html
>

Well, I hope this will not block the merge.

I took a look in the change of default-configs/arm-softmmu.mak. The general
idea from Thomas is put those hard-coded config to Kconfig.

This is fine and what I need to change in my patch is to select ACPI_PCI in
the proper place, if my understanding is correct.

Two things I need to fix:

  * add select ACPI_PCI in proper place of hw/arm/Kconfig
  * add a dummy build_mcfg() for link when ACPI_PCI is not configured.

Then I have two questions:

  * In hw/arm/Kconfig, I don't see one option contains both PCI and ACPI. I am
confused where to put the select.
  * put dummy build_mcfg() in aml-build.c works. Igor, do you like this? Or
you haver other preference?

>Sadly both series clash :(
>
>Regards,
>
>Phil.

-- 
Wei Yang
Help you, Help me

[Qemu-devel] [PATCH v8 21/25] target/arm: Put all PAC keys into a structure

[Richard Henderson]

This allows us to use a single syscall to initialize them all.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h  | 12 +++-
 linux-user/aarch64/cpu_loop.c |  6 +-
 linux-user/syscall.c  | 10 +-
 target/arm/helper.c   | 20 ++--
 target/arm/pauth_helper.c | 18 +-
 5 files changed, 32 insertions(+), 34 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 733b840a71..892f9a4ad2 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -636,11 +636,13 @@ typedef struct CPUARMState {
 } iwmmxt;
 
 #ifdef TARGET_AARCH64
-ARMPACKey apia_key;
-ARMPACKey apib_key;
-ARMPACKey apda_key;
-ARMPACKey apdb_key;
-ARMPACKey apga_key;
+struct {
+ARMPACKey apia;
+ARMPACKey apib;
+ARMPACKey apda;
+ARMPACKey apdb;
+ARMPACKey apga;
+} keys;
 #endif
 
 #if defined(CONFIG_USER_ONLY)
diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index cedad39ca0..2f2f63e3e8 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -175,11 +175,7 @@ void target_cpu_copy_regs(CPUArchState *env, struct 
target_pt_regs *regs)
 #endif
 
 if (cpu_isar_feature(aa64_pauth, cpu)) {
-qemu_guest_getrandom_nofail(>apia_key, sizeof(ARMPACKey));
-qemu_guest_getrandom_nofail(>apib_key, sizeof(ARMPACKey));
-qemu_guest_getrandom_nofail(>apda_key, sizeof(ARMPACKey));
-qemu_guest_getrandom_nofail(>apdb_key, sizeof(ARMPACKey));
-qemu_guest_getrandom_nofail(>apga_key, sizeof(ARMPACKey));
+qemu_guest_getrandom_nofail(>keys, sizeof(env->keys));
 }
 
 ts->stack_base = info->start_stack;
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8c17b14d51..394b956b4a 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9775,23 +9775,23 @@ static abi_long do_syscall1(void *cpu_env, int num, 
abi_long arg1,
 return -TARGET_EINVAL;
 }
 if (arg2 & TARGET_PR_PAC_APIAKEY) {
-ret |= qemu_guest_getrandom(>apia_key,
+ret |= qemu_guest_getrandom(>keys.apia,
 sizeof(ARMPACKey), );
 }
 if (arg2 & TARGET_PR_PAC_APIBKEY) {
-ret |= qemu_guest_getrandom(>apib_key,
+ret |= qemu_guest_getrandom(>keys.apib,
 sizeof(ARMPACKey), );
 }
 if (arg2 & TARGET_PR_PAC_APDAKEY) {
-ret |= qemu_guest_getrandom(>apda_key,
+ret |= qemu_guest_getrandom(>keys.apda,
 sizeof(ARMPACKey), );
 }
 if (arg2 & TARGET_PR_PAC_APDBKEY) {
-ret |= qemu_guest_getrandom(>apdb_key,
+ret |= qemu_guest_getrandom(>keys.apdb,
 sizeof(ARMPACKey), );
 }
 if (arg2 & TARGET_PR_PAC_APGAKEY) {
-ret |= qemu_guest_getrandom(>apga_key,
+ret |= qemu_guest_getrandom(>keys.apga,
 sizeof(ARMPACKey), );
 }
 if (ret != 0) {
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 1e6eb0d0f3..7e88b2cadd 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5707,43 +5707,43 @@ static const ARMCPRegInfo pauth_reginfo[] = {
 { .name = "APDAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 0,
   .access = PL1_RW, .accessfn = access_pauth,
-  .fieldoffset = offsetof(CPUARMState, apda_key.lo) },
+  .fieldoffset = offsetof(CPUARMState, keys.apda.lo) },
 { .name = "APDAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 1,
   .access = PL1_RW, .accessfn = access_pauth,
-  .fieldoffset = offsetof(CPUARMState, apda_key.hi) },
+  .fieldoffset = offsetof(CPUARMState, keys.apda.hi) },
 { .name = "APDBKEYLO_EL1", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 2,
   .access = PL1_RW, .accessfn = access_pauth,
-  .fieldoffset = offsetof(CPUARMState, apdb_key.lo) },
+  .fieldoffset = offsetof(CPUARMState, keys.apdb.lo) },
 { .name = "APDBKEYHI_EL1", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 3,
   .access = PL1_RW, .accessfn = access_pauth,
-  .fieldoffset = offsetof(CPUARMState, apdb_key.hi) },
+  .fieldoffset = offsetof(CPUARMState, keys.apdb.hi) },
 { .name = "APGAKEYLO_EL1", .state = 

[Qemu-devel] [PATCH v8 23/25] target/ppc: Use gen_io_start/end around DARN

[Richard Henderson]

Generating a random number counts as I/O, as it cannot be
replayed and produce the same results.

Acked-by: David Gibson 
Reviewed-by: Laurent Vivier 
Suggested-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/ppc/translate.c | 21 +++--
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index b5217f632f..4a5de28036 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -1847,13 +1847,22 @@ static void gen_darn(DisasContext *ctx)
 {
 int l = L(ctx->opcode);
 
-if (l == 0) {
-gen_helper_darn32(cpu_gpr[rD(ctx->opcode)]);
-} else if (l <= 2) {
-/* Return 64-bit random for both CRN and RRN */
-gen_helper_darn64(cpu_gpr[rD(ctx->opcode)]);
-} else {
+if (l > 2) {
 tcg_gen_movi_i64(cpu_gpr[rD(ctx->opcode)], -1);
+} else {
+if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
+gen_io_start();
+}
+if (l == 0) {
+gen_helper_darn32(cpu_gpr[rD(ctx->opcode)]);
+} else {
+/* Return 64-bit random for both CRN and RRN */
+gen_helper_darn64(cpu_gpr[rD(ctx->opcode)]);
+}
+if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
+gen_io_end();
+gen_stop_exception(ctx);
+}
 }
 }
 #endif
-- 
2.17.1

Re: [Qemu-devel] Pentium Pro Feature Bugs

[Paolo Bonzini]

On 17/05/19 02:30, tedheadster wrote:
> Paolo,
>   I am running the kvm32 machine and I see a problem. Here is the
> output of /proc/cpuinfo :
> 
> flags   : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca
> cmov constant_tsc
> 
> I see something rather important missing: cpuid.
> 
> A lot of stuff breaks without cpuid, and I am fairly sure that qemu is
> supposed to 'hard code' in support for it. It is present with both my
> i486 and i586 virtual machines.
> 
> - Matthew
> 

That's weird... The cpuid flag does not come from QEMU, it is a "soft"
flag determined by trying to toggle EFLAGS.ID and EFLAGS.ID behaves the
same for all CPU models.  What else do you see in /proc/cpuinfo?

Paolo

[Qemu-devel] [PATCH v8 20/25] hw/misc/exynos4210_rng: Use qemu_guest_getrandom

[Richard Henderson]

The random number is intended for use by the guest.  As such, we should
honor the -seed argument for reproducibility.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 hw/misc/exynos4210_rng.c | 11 ---
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/hw/misc/exynos4210_rng.c b/hw/misc/exynos4210_rng.c
index 4ecbebd2d7..0e70ffb404 100644
--- a/hw/misc/exynos4210_rng.c
+++ b/hw/misc/exynos4210_rng.c
@@ -18,10 +18,10 @@
  */
 
 #include "qemu/osdep.h"
-#include "crypto/random.h"
 #include "hw/sysbus.h"
 #include "qapi/error.h"
 #include "qemu/log.h"
+#include "qemu/guest-random.h"
 
 #define DEBUG_EXYNOS_RNG 0
 
@@ -109,7 +109,6 @@ static void exynos4210_rng_set_seed(Exynos4210RngState *s, 
unsigned int i,
 static void exynos4210_rng_run_engine(Exynos4210RngState *s)
 {
 Error *err = NULL;
-int ret;
 
 /* Seed set? */
 if ((s->reg_status & EXYNOS4210_RNG_STATUS_SEED_SETTING_DONE) == 0) {
@@ -127,13 +126,11 @@ static void exynos4210_rng_run_engine(Exynos4210RngState 
*s)
 }
 
 /* Get randoms */
-ret = qcrypto_random_bytes((uint8_t *)s->randr_value,
-   sizeof(s->randr_value), );
-if (!ret) {
+if (qemu_guest_getrandom(s->randr_value, sizeof(s->randr_value), )) {
+error_report_err(err);
+} else {
 /* Notify that PRNG is ready */
 s->reg_status |= EXYNOS4210_RNG_STATUS_PRNG_DONE;
-} else {
-error_report_err(err);
 }
 
 out:
-- 
2.17.1

[Qemu-devel] [PATCH v8 24/25] target/ppc: Use qemu_guest_getrandom for DARN

[Richard Henderson]

We now have an interface for guest visible random numbers.

Acked-by: David Gibson 
Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 target/ppc/int_helper.c | 39 +++
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index f6a088ac08..9af779ad38 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -23,6 +23,8 @@
 #include "exec/helper-proto.h"
 #include "crypto/aes.h"
 #include "fpu/softfloat.h"
+#include "qapi/error.h"
+#include "qemu/guest-random.h"
 
 #include "helper_regs.h"
 /*/
@@ -158,25 +160,38 @@ uint32_t helper_cmpeqb(target_ulong ra, target_ulong rb)
 #undef hasvalue
 
 /*
- * Return invalid random number.
- *
- * FIXME: Add rng backend or other mechanism to get cryptographically suitable
- * random number
+ * Return a random number.
  */
-target_ulong helper_darn32(void)
+uint64_t helper_darn32(void)
 {
-return -1;
+Error *err = NULL;
+uint32_t ret;
+
+if (qemu_guest_getrandom(, sizeof(ret), ) < 0) {
+qemu_log_mask(LOG_UNIMP, "darn: Crypto failure: %s",
+  error_get_pretty(err));
+error_free(err);
+return -1;
+}
+
+return ret;
 }
 
-target_ulong helper_darn64(void)
+uint64_t helper_darn64(void)
 {
-return -1;
+Error *err = NULL;
+uint64_t ret;
+
+if (qemu_guest_getrandom(, sizeof(ret), ) < 0) {
+qemu_log_mask(LOG_UNIMP, "darn: Crypto failure: %s",
+  error_get_pretty(err));
+error_free(err);
+return -1;
+}
+
+return ret;
 }
 
-#endif
-
-#if defined(TARGET_PPC64)
-
 uint64_t helper_bpermd(uint64_t rs, uint64_t rb)
 {
 int i;
-- 
2.17.1

[Qemu-devel] [PATCH v8 16/25] linux-user: Remove srand call

[Richard Henderson]

We no longer use rand() within linux-user.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 linux-user/main.c | 11 ---
 1 file changed, 11 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index 66c909a1a6..689bcf436d 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -623,8 +623,6 @@ int main(int argc, char **argv, char **envp)
 
 cpu_model = NULL;
 
-srand(time(NULL));
-
 qemu_add_opts(_trace_opts);
 
 optind = parse_args(argc, argv);
@@ -692,15 +690,6 @@ int main(int argc, char **argv, char **envp)
 {
 Error *err = NULL;
 if (seed_optarg != NULL) {
-unsigned long long seed;
-
-/* This will go away with the last user of rand(). */
-if (parse_uint_full(seed_optarg, , 0) != 0) {
-fprintf(stderr, "Invalid seed number: %s\n", seed_optarg);
-exit(EXIT_FAILURE);
-}
-srand(seed);
-
 qemu_guest_random_seed_main(seed_optarg, );
 } else {
 qcrypto_init();
-- 
2.17.1

[Qemu-devel] [PATCH v8 13/25] linux-user: Call qcrypto_init if not using -seed

[Richard Henderson]

When not using -seed, we will use the crypto subsystem
for random numbers.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 linux-user/main.c | 28 +++-
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index 7e704845c0..66c909a1a6 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -39,6 +39,7 @@
 #include "trace/control.h"
 #include "target_elf.h"
 #include "cpu_loop-common.h"
+#include "crypto/init.h"
 
 char *exec_path;
 
@@ -688,17 +689,26 @@ int main(int argc, char **argv, char **envp)
 if (seed_optarg == NULL) {
 seed_optarg = getenv("QEMU_RAND_SEED");
 }
-if (seed_optarg != NULL) {
-unsigned long long seed;
+{
+Error *err = NULL;
+if (seed_optarg != NULL) {
+unsigned long long seed;
 
-/* This will go away with the last user of rand(). */
-if (parse_uint_full(seed_optarg, , 0) != 0) {
-fprintf(stderr, "Invalid seed number: %s\n", seed_optarg);
-exit(EXIT_FAILURE);
+/* This will go away with the last user of rand(). */
+if (parse_uint_full(seed_optarg, , 0) != 0) {
+fprintf(stderr, "Invalid seed number: %s\n", seed_optarg);
+exit(EXIT_FAILURE);
+}
+srand(seed);
+
+qemu_guest_random_seed_main(seed_optarg, );
+} else {
+qcrypto_init();
+}
+if (err) {
+error_reportf_err(err, "cannot initialize crypto: ");
+exit(1);
 }
-srand(seed);
-
-qemu_guest_random_seed_main(seed_optarg, _fatal);
 }
 
 target_environ = envlist_to_environ(envlist, NULL);
-- 
2.17.1

[Qemu-devel] [PATCH v8 19/25] hw/misc/bcm2835_rng: Use qemu_guest_getrandom_nofail

[Richard Henderson]

The random number is intended for use by the guest.  As such, we should
honor the -seed argument for reproducibility.  Use the *_nofail routine
instead of rolling our own error handling locally.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 hw/misc/bcm2835_rng.c | 32 ++--
 1 file changed, 14 insertions(+), 18 deletions(-)

diff --git a/hw/misc/bcm2835_rng.c b/hw/misc/bcm2835_rng.c
index 4d62143b24..fe59c868f5 100644
--- a/hw/misc/bcm2835_rng.c
+++ b/hw/misc/bcm2835_rng.c
@@ -9,30 +9,26 @@
 
 #include "qemu/osdep.h"
 #include "qemu/log.h"
-#include "qapi/error.h"
-#include "crypto/random.h"
+#include "qemu/guest-random.h"
 #include "hw/misc/bcm2835_rng.h"
 
 static uint32_t get_random_bytes(void)
 {
 uint32_t res;
-Error *err = NULL;
 
-if (qcrypto_random_bytes((uint8_t *), sizeof(res), ) < 0) {
-/* On failure we don't want to return the guest a non-random
- * value in case they're really using it for cryptographic
- * purposes, so the best we can do is die here.
- * This shouldn't happen unless something's broken.
- * In theory we could implement this device's full FIFO
- * and interrupt semantics and then just stop filling the
- * FIFO. That's a lot of work, though, so we assume any
- * errors are systematic problems and trust that if we didn't
- * fail as the guest inited then we won't fail later on
- * mid-run.
- */
-error_report_err(err);
-exit(1);
-}
+/*
+ * On failure we don't want to return the guest a non-random
+ * value in case they're really using it for cryptographic
+ * purposes, so the best we can do is die here.
+ * This shouldn't happen unless something's broken.
+ * In theory we could implement this device's full FIFO
+ * and interrupt semantics and then just stop filling the
+ * FIFO. That's a lot of work, though, so we assume any
+ * errors are systematic problems and trust that if we didn't
+ * fail as the guest inited then we won't fail later on
+ * mid-run.
+ */
+qemu_guest_getrandom_nofail(, sizeof(res));
 return res;
 }
 
-- 
2.17.1

[Qemu-devel] [PATCH v8 22/25] target/arm: Implement ARMv8.5-RNG

[Richard Henderson]

Use the newly introduced infrastructure for guest random numbers.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h|  5 +
 target/arm/cpu64.c  |  1 +
 target/arm/helper.c | 44 
 3 files changed, 50 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 892f9a4ad2..c34207611b 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3521,6 +3521,11 @@ static inline bool isar_feature_aa64_condm_5(const 
ARMISARegisters *id)
 return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TS) >= 2;
 }
 
+static inline bool isar_feature_aa64_rndr(const ARMISARegisters *id)
+{
+return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, RNDR) != 0;
+}
+
 static inline bool isar_feature_aa64_jscvt(const ARMISARegisters *id)
 {
 return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, JSCVT) != 0;
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 228906f267..835f73cceb 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -310,6 +310,7 @@ static void aarch64_max_initfn(Object *obj)
 t = FIELD_DP64(t, ID_AA64ISAR0, DP, 1);
 t = FIELD_DP64(t, ID_AA64ISAR0, FHM, 1);
 t = FIELD_DP64(t, ID_AA64ISAR0, TS, 2); /* v8.5-CondM */
+t = FIELD_DP64(t, ID_AA64ISAR0, RNDR, 1);
 cpu->isar.id_aa64isar0 = t;
 
 t = cpu->isar.id_aa64isar1;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 7e88b2cadd..1e90f4d722 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -22,6 +22,8 @@
 #include "fpu/softfloat.h"
 #include "qemu/range.h"
 #include "qapi/qapi-commands-target.h"
+#include "qapi/error.h"
+#include "qemu/guest-random.h"
 
 #define ARM_CPU_FREQ 10 /* FIXME: 1 GHz, should be configurable */
 
@@ -5746,6 +5748,45 @@ static const ARMCPRegInfo pauth_reginfo[] = {
   .fieldoffset = offsetof(CPUARMState, keys.apib.hi) },
 REGINFO_SENTINEL
 };
+
+static uint64_t rndr_readfn(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+Error *err = NULL;
+uint64_t ret;
+
+/* Success sets NZCV = .  */
+env->NF = env->CF = env->VF = 0, env->ZF = 1;
+
+if (qemu_guest_getrandom(, sizeof(ret), ) < 0) {
+/*
+ * ??? Failed, for unknown reasons in the crypto subsystem.
+ * The best we can do is log the reason and return the
+ * timed-out indication to the guest.  There is no reason
+ * we know to expect this failure to be transitory, so the
+ * guest may well hang retrying the operation.
+ */
+qemu_log_mask(LOG_UNIMP, "%s: Crypto failure: %s",
+  ri->name, error_get_pretty(err));
+error_free(err);
+
+env->ZF = 0; /* NZCF = 0100 */
+return 0;
+}
+return ret;
+}
+
+/* We do not support re-seeding, so the two registers operate the same.  */
+static const ARMCPRegInfo rndr_reginfo[] = {
+{ .name = "RNDR", .state = ARM_CP_STATE_AA64,
+  .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END | ARM_CP_IO,
+  .opc0 = 3, .opc1 = 3, .crn = 2, .crm = 4, .opc2 = 0,
+  .access = PL0_R, .readfn = rndr_readfn },
+{ .name = "RNDRRS", .state = ARM_CP_STATE_AA64,
+  .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END | ARM_CP_IO,
+  .opc0 = 3, .opc1 = 3, .crn = 2, .crm = 4, .opc2 = 1,
+  .access = PL0_R, .readfn = rndr_readfn },
+REGINFO_SENTINEL
+};
 #endif
 
 static CPAccessResult access_predinv(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -6690,6 +6731,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 if (cpu_isar_feature(aa64_pauth, cpu)) {
 define_arm_cp_regs(cpu, pauth_reginfo);
 }
+if (cpu_isar_feature(aa64_rndr, cpu)) {
+define_arm_cp_regs(cpu, rndr_reginfo);
+}
 #endif
 
 /*
-- 
2.17.1

[Qemu-devel] [PATCH v8 17/25] aspeed/scu: Use qemu_guest_getrandom_nofail

[Richard Henderson]

The random number is intended for use by the guest.  As such, we should
honor the -seed argument for reproducibility.  Use the *_nofail routine
instead of rolling our own error handling locally.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Signed-off-by: Richard Henderson 
---
 hw/misc/aspeed_scu.c | 10 ++
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index c8217740ef..ab1e18ed4b 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -16,7 +16,7 @@
 #include "qapi/visitor.h"
 #include "qemu/bitops.h"
 #include "qemu/log.h"
-#include "crypto/random.h"
+#include "qemu/guest-random.h"
 #include "trace.h"
 
 #define TO_REG(offset) ((offset) >> 2)
@@ -157,14 +157,8 @@ static const uint32_t 
ast2500_a1_resets[ASPEED_SCU_NR_REGS] = {
 
 static uint32_t aspeed_scu_get_random(void)
 {
-Error *err = NULL;
 uint32_t num;
-
-if (qcrypto_random_bytes((uint8_t *), sizeof(num), )) {
-error_report_err(err);
-exit(1);
-}
-
+qemu_guest_getrandom_nofail(, sizeof(num));
 return num;
 }
 
-- 
2.17.1

[Qemu-devel] [PATCH v8 18/25] hw/misc/nrf51_rng: Use qemu_guest_getrandom_nofail

[Richard Henderson]

The random number is intended for use by the guest.  As such, we should
honor the -seed argument for reproducibility.  Use the *_nofail routine
instead of error_abort directly.

Reviewed-by: Laurent Vivier 
Reviewed-by: Joel Stanley 
Signed-off-by: Richard Henderson 
---
 hw/misc/nrf51_rng.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/misc/nrf51_rng.c b/hw/misc/nrf51_rng.c
index d188f044f4..3400e90a9b 100644
--- a/hw/misc/nrf51_rng.c
+++ b/hw/misc/nrf51_rng.c
@@ -14,7 +14,7 @@
 #include "qapi/error.h"
 #include "hw/arm/nrf51.h"
 #include "hw/misc/nrf51_rng.h"
-#include "crypto/random.h"
+#include "qemu/guest-random.h"
 
 static void update_irq(NRF51RNGState *s)
 {
@@ -145,7 +145,7 @@ static void nrf51_rng_timer_expire(void *opaque)
 {
 NRF51RNGState *s = NRF51_RNG(opaque);
 
-qcrypto_random_bytes(>value, 1, _abort);
+qemu_guest_getrandom_nofail(>value, 1);
 
 s->event_valrdy = 1;
 qemu_set_irq(s->eep_valrdy, 1);
-- 
2.17.1

[Qemu-devel] [PATCH v8 10/25] util: Add qemu_guest_getrandom and associated routines

[Richard Henderson]

This routine is intended to produce high-quality random numbers to the
guest.  Normally, such numbers are crypto quality from the host, but a
command-line option can force the use of a fully deterministic sequence
for use while debugging.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Richard Henderson 
---
 include/qemu/guest-random.h | 68 +++
 util/guest-random.c | 93 +
 util/Makefile.objs  |  1 +
 3 files changed, 162 insertions(+)
 create mode 100644 include/qemu/guest-random.h
 create mode 100644 util/guest-random.c

diff --git a/include/qemu/guest-random.h b/include/qemu/guest-random.h
new file mode 100644
index 00..09ff9c2236
--- /dev/null
+++ b/include/qemu/guest-random.h
@@ -0,0 +1,68 @@
+/*
+ * QEMU guest-visible random functions
+ *
+ * Copyright 2019 Linaro, Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+#ifndef QEMU_GUEST_RANDOM_H
+#define QEMU_GUEST_RANDOM_H
+
+/**
+ * qemu_guest_random_seed_main(const char *optarg, Error **errp)
+ * @optarg: a non-NULL pointer to a C string
+ * @errp: an error indicator
+ *
+ * The @optarg value is that which accompanies the -seed argument.
+ * This forces qemu_guest_getrandom into deterministic mode.
+ *
+ * Returns 0 on success, < 0 on failure while setting *errp.
+ */
+int qemu_guest_random_seed_main(const char *optarg, Error **errp);
+
+/**
+ * qemu_guest_random_seed_thread_part1(void)
+ *
+ * If qemu_getrandom is in deterministic mode, returns an
+ * independent seed for the new thread.  Otherwise returns 0.
+ */
+uint64_t qemu_guest_random_seed_thread_part1(void);
+
+/**
+ * qemu_guest_random_seed_thread_part2(uint64_t seed)
+ * @seed: a value for the new thread.
+ *
+ * If qemu_guest_getrandom is in deterministic mode, this stores an
+ * independent seed for the new thread.  Otherwise a no-op.
+ */
+void qemu_guest_random_seed_thread_part2(uint64_t seed);
+
+/**
+ * qemu_guest_getrandom(void *buf, size_t len, Error **errp)
+ * @buf: a buffer of bytes to be written
+ * @len: the number of bytes in @buf
+ * @errp: an error indicator
+ *
+ * Fills len bytes in buf with random data.  This should only be used
+ * for data presented to the guest.  Host-side crypto services should
+ * use qcrypto_random_bytes.
+ *
+ * Returns 0 on success, < 0 on failure while setting *errp.
+ */
+int qemu_guest_getrandom(void *buf, size_t len, Error **errp);
+
+/**
+ * qemu_guest_getrandom_nofail(void *buf, size_t len)
+ * @buf: a buffer of bytes to be written
+ * @len: the number of bytes in @buf
+ *
+ * Like qemu_guest_getrandom, but will assert for failure.
+ * Use this when there is no reasonable recovery.
+ */
+void qemu_guest_getrandom_nofail(void *buf, size_t len);
+
+#endif /* QEMU_GUEST_RANDOM_H */
diff --git a/util/guest-random.c b/util/guest-random.c
new file mode 100644
index 00..e8124a3cad
--- /dev/null
+++ b/util/guest-random.c
@@ -0,0 +1,93 @@
+/*
+ * QEMU guest-visible random functions
+ *
+ * Copyright 2019 Linaro, Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/cutils.h"
+#include "qapi/error.h"
+#include "qemu/guest-random.h"
+#include "crypto/random.h"
+
+
+static __thread GRand *thread_rand;
+static bool deterministic;
+
+
+static int glib_random_bytes(void *buf, size_t len)
+{
+GRand *rand = thread_rand;
+size_t i;
+uint32_t x;
+
+if (unlikely(rand == NULL)) {
+/* Thread not initialized for a cpu, or main w/o -seed.  */
+thread_rand = rand = g_rand_new();
+}
+
+for (i = 0; i + 4 <= len; i += 4) {
+x = g_rand_int(rand);
+__builtin_memcpy(buf + i, , 4);
+}
+if (i < len) {
+x = g_rand_int(rand);
+__builtin_memcpy(buf + i, , i - len);
+}
+return 0;
+}
+
+int qemu_guest_getrandom(void *buf, size_t len, Error **errp)
+{
+if (unlikely(deterministic)) {
+/* Deterministic implementation using Glib's Mersenne Twister.  */
+return glib_random_bytes(buf, len);
+} else {
+/* Non-deterministic implementation using crypto routines.  */
+return qcrypto_random_bytes(buf, len, errp);
+}
+}
+
+void qemu_guest_getrandom_nofail(void *buf, size_t len)
+{
+qemu_guest_getrandom(buf, len, _fatal);
+}
+
+uint64_t qemu_guest_random_seed_thread_part1(void)
+{
+if (deterministic) {
+uint64_t ret;
+glib_random_bytes(, sizeof(ret));
+return ret;
+}
+

[Qemu-devel] [PATCH v8 15/25] linux-user/aarch64: Use qemu_guest_getrandom for PAUTH keys

[Richard Henderson]

Use a better interface for random numbers than rand() * 3.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 linux-user/aarch64/target_syscall.h |  2 --
 linux-user/aarch64/cpu_loop.c   | 29 ++-
 linux-user/syscall.c| 31 -
 3 files changed, 32 insertions(+), 30 deletions(-)

diff --git a/linux-user/aarch64/target_syscall.h 
b/linux-user/aarch64/target_syscall.h
index b595e5da82..995e475c73 100644
--- a/linux-user/aarch64/target_syscall.h
+++ b/linux-user/aarch64/target_syscall.h
@@ -29,6 +29,4 @@ struct target_pt_regs {
 # define TARGET_PR_PAC_APDBKEY   (1 << 3)
 # define TARGET_PR_PAC_APGAKEY   (1 << 4)
 
-void arm_init_pauth_key(ARMPACKey *key);
-
 #endif /* AARCH64_TARGET_SYSCALL_H */
diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index d75fd9d3e2..cedad39ca0 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -20,6 +20,7 @@
 #include "qemu/osdep.h"
 #include "qemu.h"
 #include "cpu_loop-common.h"
+#include "qemu/guest-random.h"
 
 #define get_user_code_u32(x, gaddr, env)\
 ({ abi_long __r = get_user_u32((x), (gaddr));   \
@@ -147,24 +148,6 @@ void cpu_loop(CPUARMState *env)
 }
 }
 
-static uint64_t arm_rand64(void)
-{
-int shift = 64 - clz64(RAND_MAX);
-int i, n = 64 / shift + (64 % shift != 0);
-uint64_t ret = 0;
-
-for (i = 0; i < n; i++) {
-ret = (ret << shift) | rand();
-}
-return ret;
-}
-
-void arm_init_pauth_key(ARMPACKey *key)
-{
-key->lo = arm_rand64();
-key->hi = arm_rand64();
-}
-
 void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
 {
 ARMCPU *cpu = arm_env_get_cpu(env);
@@ -192,11 +175,11 @@ void target_cpu_copy_regs(CPUArchState *env, struct 
target_pt_regs *regs)
 #endif
 
 if (cpu_isar_feature(aa64_pauth, cpu)) {
-arm_init_pauth_key(>apia_key);
-arm_init_pauth_key(>apib_key);
-arm_init_pauth_key(>apda_key);
-arm_init_pauth_key(>apdb_key);
-arm_init_pauth_key(>apga_key);
+qemu_guest_getrandom_nofail(>apia_key, sizeof(ARMPACKey));
+qemu_guest_getrandom_nofail(>apib_key, sizeof(ARMPACKey));
+qemu_guest_getrandom_nofail(>apda_key, sizeof(ARMPACKey));
+qemu_guest_getrandom_nofail(>apdb_key, sizeof(ARMPACKey));
+qemu_guest_getrandom_nofail(>apga_key, sizeof(ARMPACKey));
 }
 
 ts->stack_base = info->start_stack;
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 96f20886ce..8c17b14d51 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -108,6 +108,7 @@
 
 #include "qemu.h"
 #include "qemu/guest-random.h"
+#include "qapi/error.h"
 #include "fd-trans.h"
 
 #ifndef CLONE_IO
@@ -9765,25 +9766,45 @@ static abi_long do_syscall1(void *cpu_env, int num, 
abi_long arg1,
 int all = (TARGET_PR_PAC_APIAKEY | TARGET_PR_PAC_APIBKEY |
TARGET_PR_PAC_APDAKEY | TARGET_PR_PAC_APDBKEY |
TARGET_PR_PAC_APGAKEY);
+int ret = 0;
+Error *err = NULL;
+
 if (arg2 == 0) {
 arg2 = all;
 } else if (arg2 & ~all) {
 return -TARGET_EINVAL;
 }
 if (arg2 & TARGET_PR_PAC_APIAKEY) {
-arm_init_pauth_key(>apia_key);
+ret |= qemu_guest_getrandom(>apia_key,
+sizeof(ARMPACKey), );
 }
 if (arg2 & TARGET_PR_PAC_APIBKEY) {
-arm_init_pauth_key(>apib_key);
+ret |= qemu_guest_getrandom(>apib_key,
+sizeof(ARMPACKey), );
 }
 if (arg2 & TARGET_PR_PAC_APDAKEY) {
-arm_init_pauth_key(>apda_key);
+ret |= qemu_guest_getrandom(>apda_key,
+sizeof(ARMPACKey), );
 }
 if (arg2 & TARGET_PR_PAC_APDBKEY) {
-arm_init_pauth_key(>apdb_key);
+ret |= qemu_guest_getrandom(>apdb_key,
+sizeof(ARMPACKey), );
 }
 if (arg2 & TARGET_PR_PAC_APGAKEY) {
-arm_init_pauth_key(>apga_key);
+ret |= qemu_guest_getrandom(>apga_key,
+sizeof(ARMPACKey), );
+}
+if (ret != 0) {
+/*
+ * Some unknown failure in the crypto.  The best
+ * we can do is log it and fail the syscall.
+  

[Qemu-devel] [PATCH v8 09/25] ui/vnc: Use gcrypto_random_bytes for start_auth_vnc

[Richard Henderson]

Use a better interface for random numbers than rand().
Fail gracefully if for some reason we cannot use the crypto system.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Gerd Hoffmann 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Richard Henderson 
---
 ui/vnc.c | 22 +++---
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index 785edf3af1..d83f4a6ff9 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -43,6 +43,7 @@
 #include "crypto/hash.h"
 #include "crypto/tlscredsanon.h"
 #include "crypto/tlscredsx509.h"
+#include "crypto/random.h"
 #include "qom/object_interfaces.h"
 #include "qemu/cutils.h"
 #include "io/dns-resolver.h"
@@ -2547,16 +2548,6 @@ static void authentication_failed(VncState *vs)
 vnc_client_error(vs);
 }
 
-static void make_challenge(VncState *vs)
-{
-int i;
-
-srand(time(NULL)+getpid()+getpid()*987654+rand());
-
-for (i = 0 ; i < sizeof(vs->challenge) ; i++)
-vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
-}
-
 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
 {
 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
@@ -2628,7 +2619,16 @@ reject:
 
 void start_auth_vnc(VncState *vs)
 {
-make_challenge(vs);
+Error *err = NULL;
+
+if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), )) {
+trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
+error_get_pretty(err));
+error_free(err);
+authentication_failed(vs);
+return;
+}
+
 /* Send client a 'random' challenge */
 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
 vnc_flush(vs);
-- 
2.17.1

[Qemu-devel] [PATCH v8 11/25] cpus: Initialize pseudo-random seeds for all guest cpus

[Richard Henderson]

When the -seed option is given, call qemu_guest_random_seed_main,
putting the subsystem into deterministic mode.  Pass derived seeds
to each cpu created; which is a no-op unless the subsystem is in
deterministic mode.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Richard Henderson 
---
 include/qom/cpu.h |  1 +
 cpus.c|  9 +
 vl.c  |  4 
 qemu-options.hx   | 10 ++
 4 files changed, 24 insertions(+)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 08abcbd3fe..9793ec39bc 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -369,6 +369,7 @@ struct CPUState {
 int singlestep_enabled;
 int64_t icount_budget;
 int64_t icount_extra;
+uint64_t random_seed;
 sigjmp_buf jmp_env;
 
 QemuMutex work_mutex;
diff --git a/cpus.c b/cpus.c
index e58e7ab0f6..ffc57119ca 100644
--- a/cpus.c
+++ b/cpus.c
@@ -50,6 +50,7 @@
 #include "qemu/option.h"
 #include "qemu/bitmap.h"
 #include "qemu/seqlock.h"
+#include "qemu/guest-random.h"
 #include "tcg.h"
 #include "hw/nmi.h"
 #include "sysemu/replay.h"
@@ -1276,6 +1277,7 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
 /* signal CPU creation */
 cpu->created = true;
 qemu_cond_signal(_cpu_cond);
+qemu_guest_random_seed_thread_part2(cpu->random_seed);
 
 do {
 if (cpu_can_run(cpu)) {
@@ -1319,6 +1321,7 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
 /* signal CPU creation */
 cpu->created = true;
 qemu_cond_signal(_cpu_cond);
+qemu_guest_random_seed_thread_part2(cpu->random_seed);
 
 do {
 qemu_mutex_unlock_iothread();
@@ -1478,6 +1481,7 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
 cpu->created = true;
 cpu->can_do_io = 1;
 qemu_cond_signal(_cpu_cond);
+qemu_guest_random_seed_thread_part2(cpu->random_seed);
 
 /* wait for initial kick-off after machine start */
 while (first_cpu->stopped) {
@@ -1592,6 +1596,7 @@ static void *qemu_hax_cpu_thread_fn(void *arg)
 
 hax_init_vcpu(cpu);
 qemu_cond_signal(_cpu_cond);
+qemu_guest_random_seed_thread_part2(cpu->random_seed);
 
 do {
 if (cpu_can_run(cpu)) {
@@ -1631,6 +1636,7 @@ static void *qemu_hvf_cpu_thread_fn(void *arg)
 /* signal CPU creation */
 cpu->created = true;
 qemu_cond_signal(_cpu_cond);
+qemu_guest_random_seed_thread_part2(cpu->random_seed);
 
 do {
 if (cpu_can_run(cpu)) {
@@ -1671,6 +1677,7 @@ static void *qemu_whpx_cpu_thread_fn(void *arg)
 /* signal CPU creation */
 cpu->created = true;
 qemu_cond_signal(_cpu_cond);
+qemu_guest_random_seed_thread_part2(cpu->random_seed);
 
 do {
 if (cpu_can_run(cpu)) {
@@ -1724,6 +1731,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 cpu->can_do_io = 1;
 current_cpu = cpu;
 qemu_cond_signal(_cpu_cond);
+qemu_guest_random_seed_thread_part2(cpu->random_seed);
 
 /* process any pending work */
 cpu->exit_request = 1;
@@ -2071,6 +2079,7 @@ void qemu_init_vcpu(CPUState *cpu)
 cpu->nr_cores = smp_cores;
 cpu->nr_threads = smp_threads;
 cpu->stopped = true;
+cpu->random_seed = qemu_guest_random_seed_thread_part1();
 
 if (!cpu->as) {
 /* If the target cpu hasn't set up any address spaces itself,
diff --git a/vl.c b/vl.c
index b6709514c1..e1d75a047f 100644
--- a/vl.c
+++ b/vl.c
@@ -128,6 +128,7 @@ int main(int argc, char **argv)
 #include "qapi/qapi-commands-ui.h"
 #include "qapi/qmp/qerror.h"
 #include "sysemu/iothread.h"
+#include "qemu/guest-random.h"
 
 #define MAX_VIRTIO_CONSOLES 1
 
@@ -3347,6 +3348,9 @@ int main(int argc, char **argv, char **envp)
 case QEMU_OPTION_DFILTER:
 qemu_set_dfilter_ranges(optarg, _fatal);
 break;
+case QEMU_OPTION_seed:
+qemu_guest_random_seed_main(optarg, _fatal);
+break;
 case QEMU_OPTION_s:
 add_device_config(DEV_GDB, "tcp::" DEFAULT_GDBSTUB_PORT);
 break;
diff --git a/qemu-options.hx b/qemu-options.hx
index 51802cbb26..0191ef8b1e 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3601,6 +3601,16 @@ the 0x200 sized block starting at 0xffc8 and 
another 0x1000 sized
 block starting at 0xffc5f000.
 ETEXI
 
+DEF("seed", HAS_ARG, QEMU_OPTION_seed, \
+"-seed number   seed the pseudo-random number generator\n",
+QEMU_ARCH_ALL)
+STEXI
+@item -seed @var{number}
+@findex -seed
+Force the guest to use a deterministic pseudo-random number generator, seeded
+with @var{number}.  This does not affect crypto routines within the host.
+ETEXI
+
 DEF("L", HAS_ARG, QEMU_OPTION_L, \
 "-L path set the directory for the BIOS, VGA BIOS and keymaps\n",
 QEMU_ARCH_ALL)
-- 
2.17.1

[Qemu-devel] [PATCH v8 25/25] target/i386: Implement CPUID_EXT_RDRAND

[Richard Henderson]

We now have an interface for guest visible random numbers.

Reviewed-by: Eduardo Habkost 
Signed-off-by: Richard Henderson 
---
 target/i386/helper.h |  2 ++
 target/i386/cpu.c|  5 ++--
 target/i386/int_helper.c | 21 ++
 target/i386/translate.c  | 62 ++--
 4 files changed, 73 insertions(+), 17 deletions(-)

diff --git a/target/i386/helper.h b/target/i386/helper.h
index 6fb8fb9b74..8f9e1905c3 100644
--- a/target/i386/helper.h
+++ b/target/i386/helper.h
@@ -226,3 +226,5 @@ DEF_HELPER_3(rcrl, tl, env, tl, tl)
 DEF_HELPER_3(rclq, tl, env, tl, tl)
 DEF_HELPER_3(rcrq, tl, env, tl, tl)
 #endif
+
+DEF_HELPER_1(rdrand, tl, env)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 722c5514d4..1386814957 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -730,13 +730,14 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t 
vendor1,
   CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | \
   CPUID_EXT_SSE41 | CPUID_EXT_SSE42 | CPUID_EXT_POPCNT | \
   CPUID_EXT_XSAVE | /* CPUID_EXT_OSXSAVE is dynamic */   \
-  CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR)
+  CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR | \
+  CPUID_EXT_RDRAND)
   /* missing:
   CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_VMX, CPUID_EXT_SMX,
   CPUID_EXT_EST, CPUID_EXT_TM2, CPUID_EXT_CID, CPUID_EXT_FMA,
   CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_PCID, CPUID_EXT_DCA,
   CPUID_EXT_X2APIC, CPUID_EXT_TSC_DEADLINE_TIMER, CPUID_EXT_AVX,
-  CPUID_EXT_F16C, CPUID_EXT_RDRAND */
+  CPUID_EXT_F16C */
 
 #ifdef TARGET_X86_64
 #define TCG_EXT2_X86_64_FEATURES (CPUID_EXT2_SYSCALL | CPUID_EXT2_LM)
diff --git a/target/i386/int_helper.c b/target/i386/int_helper.c
index 4dc5c65991..334469ca8c 100644
--- a/target/i386/int_helper.c
+++ b/target/i386/int_helper.c
@@ -22,6 +22,8 @@
 #include "exec/exec-all.h"
 #include "qemu/host-utils.h"
 #include "exec/helper-proto.h"
+#include "qapi/error.h"
+#include "qemu/guest-random.h"
 
 //#define DEBUG_MULDIV
 
@@ -470,3 +472,22 @@ void helper_cr4_testbit(CPUX86State *env, uint32_t bit)
 raise_exception_ra(env, EXCP06_ILLOP, GETPC());
 }
 }
+
+target_ulong HELPER(rdrand)(CPUX86State *env)
+{
+Error *err = NULL;
+target_ulong ret;
+
+if (qemu_guest_getrandom(, sizeof(ret), ) < 0) {
+qemu_log_mask(LOG_UNIMP, "rdrand: Crypto failure: %s",
+  error_get_pretty(err));
+error_free(err);
+/* Failure clears CF and all other flags, and returns 0.  */
+env->cc_src = 0;
+return 0;
+}
+
+/* Success sets CF and clears all others.  */
+env->cc_src = CC_C;
+return ret;
+}
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 77d6b73e42..03150a86e2 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -5332,31 +5332,63 @@ static target_ulong disas_insn(DisasContext *s, 
CPUState *cpu)
 case 0x1c7: /* cmpxchg8b */
 modrm = x86_ldub_code(env, s);
 mod = (modrm >> 6) & 3;
-if ((mod == 3) || ((modrm & 0x38) != 0x8))
-goto illegal_op;
-#ifdef TARGET_X86_64
-if (dflag == MO_64) {
-if (!(s->cpuid_ext_features & CPUID_EXT_CX16))
+switch ((modrm >> 3) & 7) {
+case 1: /* CMPXCHG8, CMPXCHG16 */
+if (mod == 3) {
 goto illegal_op;
-gen_lea_modrm(env, s, modrm);
-if ((s->prefix & PREFIX_LOCK) && (tb_cflags(s->base.tb) & 
CF_PARALLEL)) {
-gen_helper_cmpxchg16b(cpu_env, s->A0);
-} else {
-gen_helper_cmpxchg16b_unlocked(cpu_env, s->A0);
 }
-} else
+#ifdef TARGET_X86_64
+if (dflag == MO_64) {
+if (!(s->cpuid_ext_features & CPUID_EXT_CX16)) {
+goto illegal_op;
+}
+gen_lea_modrm(env, s, modrm);
+if ((s->prefix & PREFIX_LOCK) &&
+(tb_cflags(s->base.tb) & CF_PARALLEL)) {
+gen_helper_cmpxchg16b(cpu_env, s->A0);
+} else {
+gen_helper_cmpxchg16b_unlocked(cpu_env, s->A0);
+}
+set_cc_op(s, CC_OP_EFLAGS);
+break;
+}
 #endif
-{
-if (!(s->cpuid_features & CPUID_CX8))
+if (!(s->cpuid_features & CPUID_CX8)) {
 goto illegal_op;
+}
 gen_lea_modrm(env, s, modrm);
-if ((s->prefix & PREFIX_LOCK) && (tb_cflags(s->base.tb) & 
CF_PARALLEL)) {
+if ((s->prefix & PREFIX_LOCK) &&
+(tb_cflags(s->base.tb) & CF_PARALLEL)) {
 gen_helper_cmpxchg8b(cpu_env, s->A0);
 } else {
 gen_helper_cmpxchg8b_unlocked(cpu_env, s->A0);
 }
+set_cc_op(s, CC_OP_EFLAGS);
+   

[Qemu-devel] [PATCH v8 14/25] linux-user: Use qemu_guest_getrandom_nofail for AT_RANDOM

[Richard Henderson]

Use a better interface for random numbers than rand * 16.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 linux-user/elfload.c | 8 +++-
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index ef42e02d82..1e06b908b7 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -7,6 +7,7 @@
 #include "qemu.h"
 #include "disas/disas.h"
 #include "qemu/path.h"
+#include "qemu/guest-random.h"
 
 #ifdef _ARCH_PPC64
 #undef ARCH_DLINFO
@@ -1883,12 +1884,9 @@ static abi_ulong create_elf_tables(abi_ulong p, int 
argc, int envc,
 }
 
 /*
- * Generate 16 random bytes for userspace PRNG seeding (not
- * cryptically secure but it's not the aim of QEMU).
+ * Generate 16 random bytes for userspace PRNG seeding.
  */
-for (i = 0; i < 16; i++) {
-k_rand_bytes[i] = rand();
-}
+qemu_guest_getrandom_nofail(k_rand_bytes, sizeof(k_rand_bytes));
 if (STACK_GROWS_DOWN) {
 sp -= 16;
 u_rand_bytes = sp;
-- 
2.17.1

[Qemu-devel] [PATCH v8 04/25] crypto: Do not fail for EINTR during qcrypto_random_bytes

[Richard Henderson]

We can always get EINTR for read; /dev/urandom is no exception.

Rearrange the order of tests for likelihood; allow degenerate buflen==0
case to perform a no-op zero-length read.  This means that the normal
success path is a straight line with a single test for success.

Reviewed-by: Laurent Vivier 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Richard Henderson 
---
 crypto/random-platform.c | 36 +++-
 1 file changed, 15 insertions(+), 21 deletions(-)

diff --git a/crypto/random-platform.c b/crypto/random-platform.c
index f995fc0ef1..260b64564d 100644
--- a/crypto/random-platform.c
+++ b/crypto/random-platform.c
@@ -65,29 +65,23 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
  "Unable to read random bytes");
 return -1;
 }
-
-return 0;
 #else
-int ret = -1;
-int got;
-
-while (buflen > 0) {
-got = read(fd, buf, buflen);
-if (got < 0) {
-error_setg_errno(errp, errno,
- "Unable to read random bytes");
-goto cleanup;
-} else if (!got) {
-error_setg(errp,
-   "Unexpected EOF reading random bytes");
-goto cleanup;
+while (1) {
+ssize_t got = read(fd, buf, buflen);
+if (likely(got == buflen)) {
+return 0;
+}
+if (got > 0) {
+buflen -= got;
+buf += got;
+} else if (got == 0) {
+error_setg(errp, "Unexpected EOF reading random bytes");
+return -1;
+} else if (errno != EINTR) {
+error_setg_errno(errp, errno, "Unable to read random bytes");
+return -1;
 }
-buflen -= got;
-buf += got;
 }
-
-ret = 0;
- cleanup:
-return ret;
 #endif
+return 0;
 }
-- 
2.17.1

[Qemu-devel] [PATCH v8 06/25] crypto: Use getrandom for qcrypto_random_bytes

[Richard Henderson]

Prefer it to direct use of /dev/urandom.

Reviewed-by: Laurent Vivier 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Richard Henderson 
---
 crypto/random-platform.c | 37 -
 configure| 18 +-
 2 files changed, 49 insertions(+), 6 deletions(-)

diff --git a/crypto/random-platform.c b/crypto/random-platform.c
index 6df40744c7..cb3ca1bc09 100644
--- a/crypto/random-platform.c
+++ b/crypto/random-platform.c
@@ -27,7 +27,11 @@
 #include 
 static HCRYPTPROV hCryptProv;
 #else
-static int fd; /* a file handle to either /dev/urandom or /dev/random */
+# ifdef CONFIG_GETRANDOM
+#  include 
+# endif
+/* This is -1 for getrandom(), or a file handle for /dev/{u,}random.  */
+static int fd;
 #endif
 
 int qcrypto_random_init(Error **errp)
@@ -40,15 +44,20 @@ int qcrypto_random_init(Error **errp)
 return -1;
 }
 #else
-/* TBD perhaps also add support for BSD getentropy / Linux
- * getrandom syscalls directly */
+# ifdef CONFIG_GETRANDOM
+if (getrandom(NULL, 0, 0) == 0) {
+/* Use getrandom() */
+fd = -1;
+return 0;
+}
+/* Fall through to /dev/urandom case.  */
+# endif
 fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
 if (fd == -1 && errno == ENOENT) {
 fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
 }
-
 if (fd < 0) {
-error_setg(errp, "No /dev/urandom or /dev/random found");
+error_setg_errno(errp, errno, "No /dev/urandom or /dev/random");
 return -1;
 }
 #endif
@@ -66,6 +75,24 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
 return -1;
 }
 #else
+# ifdef CONFIG_GETRANDOM
+if (likely(fd < 0)) {
+while (1) {
+ssize_t got = getrandom(buf, buflen, 0);
+if (likely(got == buflen)) {
+return 0;
+}
+if (got >= 0) {
+buflen -= got;
+buf += got;
+} else if (errno != EINTR) {
+error_setg_errno(errp, errno, "getrandom");
+return -1;
+}
+}
+}
+/* Fall through to /dev/urandom case.  */
+# endif
 while (1) {
 ssize_t got = read(fd, buf, buflen);
 if (likely(got == buflen)) {
diff --git a/configure b/configure
index 03e71ef7b6..4e43bf766b 100755
--- a/configure
+++ b/configure
@@ -5815,6 +5815,20 @@ if compile_prog "" "" ; then
 have_utmpx=yes
 fi
 
+##
+# check for getrandom()
+
+have_getrandom=no
+cat > $TMPC << EOF
+#include 
+int main(void) {
+return getrandom(0, 0, GRND_NONBLOCK);
+}
+EOF
+if compile_prog "" "" ; then
+have_getrandom=yes
+fi
+
 ##
 # checks for sanitizers
 
@@ -7202,7 +7216,9 @@ fi
 if test "$have_utmpx" = "yes" ; then
   echo "HAVE_UTMPX=y" >> $config_host_mak
 fi
-
+if test "$have_getrandom" = "yes" ; then
+  echo "CONFIG_GETRANDOM=y" >> $config_host_mak
+fi
 if test "$ivshmem" = "yes" ; then
   echo "CONFIG_IVSHMEM=y" >> $config_host_mak
 fi
-- 
2.17.1

[Qemu-devel] [PATCH v8 12/25] linux-user: Initialize pseudo-random seeds for all guest cpus

[Richard Henderson]

When the -seed option is given, call qemu_guest_random_seed_main,
putting the subsystem into deterministic mode.  Pass derived seeds
to each cpu created during clone; which is a no-op unless the
subsystem is in deterministic mode.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 linux-user/main.c| 30 +++---
 linux-user/syscall.c |  3 +++
 2 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index 3d2230320b..7e704845c0 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -34,6 +34,7 @@
 #include "tcg.h"
 #include "qemu/timer.h"
 #include "qemu/envlist.h"
+#include "qemu/guest-random.h"
 #include "elf.h"
 #include "trace/control.h"
 #include "target_elf.h"
@@ -48,6 +49,7 @@ static int gdbstub_port;
 static envlist_t *envlist;
 static const char *cpu_model;
 static const char *cpu_type;
+static const char *seed_optarg;
 unsigned long mmap_min_addr;
 unsigned long guest_base;
 int have_guest_base;
@@ -290,15 +292,9 @@ static void handle_arg_pagesize(const char *arg)
 }
 }
 
-static void handle_arg_randseed(const char *arg)
+static void handle_arg_seed(const char *arg)
 {
-unsigned long long seed;
-
-if (parse_uint_full(arg, , 0) != 0 || seed > UINT_MAX) {
-fprintf(stderr, "Invalid seed number: %s\n", arg);
-exit(EXIT_FAILURE);
-}
-srand(seed);
+seed_optarg = arg;
 }
 
 static void handle_arg_gdb(const char *arg)
@@ -433,7 +429,7 @@ static const struct qemu_argument arg_table[] = {
  "",   "run in singlestep mode"},
 {"strace", "QEMU_STRACE",  false, handle_arg_strace,
  "",   "log system calls"},
-{"seed",   "QEMU_RAND_SEED",   true,  handle_arg_randseed,
+{"seed",   "QEMU_RAND_SEED",   true,  handle_arg_seed,
  "",   "Seed for pseudo-random number generator"},
 {"trace",  "QEMU_TRACE",   true,  handle_arg_trace,
  "",   "[[enable=]][,events=][,file=]"},
@@ -689,8 +685,20 @@ int main(int argc, char **argv, char **envp)
 do_strace = 1;
 }
 
-if (getenv("QEMU_RAND_SEED")) {
-handle_arg_randseed(getenv("QEMU_RAND_SEED"));
+if (seed_optarg == NULL) {
+seed_optarg = getenv("QEMU_RAND_SEED");
+}
+if (seed_optarg != NULL) {
+unsigned long long seed;
+
+/* This will go away with the last user of rand(). */
+if (parse_uint_full(seed_optarg, , 0) != 0) {
+fprintf(stderr, "Invalid seed number: %s\n", seed_optarg);
+exit(EXIT_FAILURE);
+}
+srand(seed);
+
+qemu_guest_random_seed_main(seed_optarg, _fatal);
 }
 
 target_environ = envlist_to_environ(envlist, NULL);
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index f5ff6f5dc8..96f20886ce 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -107,6 +107,7 @@
 #include "uname.h"
 
 #include "qemu.h"
+#include "qemu/guest-random.h"
 #include "fd-trans.h"
 
 #ifndef CLONE_IO
@@ -5482,6 +5483,7 @@ static void *clone_func(void *arg)
 put_user_u32(info->tid, info->child_tidptr);
 if (info->parent_tidptr)
 put_user_u32(info->tid, info->parent_tidptr);
+qemu_guest_random_seed_thread_part2(cpu->random_seed);
 /* Enable signals.  */
 sigprocmask(SIG_SETMASK, >sigmask, NULL);
 /* Signal to the parent that we're ready.  */
@@ -5568,6 +5570,7 @@ static int do_fork(CPUArchState *env, unsigned int flags, 
abi_ulong newsp,
initializing, so temporarily block all signals.  */
 sigfillset();
 sigprocmask(SIG_BLOCK, , );
+cpu->random_seed = qemu_guest_random_seed_thread_part1();
 
 /* If this is our first additional thread, we need to ensure we
  * generate code for parallel execution and flush old translations.
-- 
2.17.1

[Qemu-devel] [PATCH v8 05/25] crypto: Use O_CLOEXEC in qcrypto_random_init

[Richard Henderson]

Avoids leaking the /dev/urandom fd into any child processes.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Richard Henderson 
---
 crypto/random-platform.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/random-platform.c b/crypto/random-platform.c
index 260b64564d..6df40744c7 100644
--- a/crypto/random-platform.c
+++ b/crypto/random-platform.c
@@ -42,9 +42,9 @@ int qcrypto_random_init(Error **errp)
 #else
 /* TBD perhaps also add support for BSD getentropy / Linux
  * getrandom syscalls directly */
-fd = open("/dev/urandom", O_RDONLY);
+fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
 if (fd == -1 && errno == ENOENT) {
-fd = open("/dev/random", O_RDONLY);
+fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
 }
 
 if (fd < 0) {
-- 
2.17.1

[Qemu-devel] [PATCH v8 07/25] crypto: Change the qcrypto_random_bytes buffer type to void*

[Richard Henderson]

Using uint8_t* merely requires useless casts for use with
other types to be filled with randomness.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Richard Henderson 
---
 include/crypto/random.h  | 2 +-
 crypto/random-gcrypt.c   | 2 +-
 crypto/random-gnutls.c   | 2 +-
 crypto/random-platform.c | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/crypto/random.h b/include/crypto/random.h
index 8764ca0562..fde592904e 100644
--- a/include/crypto/random.h
+++ b/include/crypto/random.h
@@ -34,7 +34,7 @@
  *
  * Returns 0 on success, -1 on error
  */
-int qcrypto_random_bytes(uint8_t *buf,
+int qcrypto_random_bytes(void *buf,
  size_t buflen,
  Error **errp);
 
diff --git a/crypto/random-gcrypt.c b/crypto/random-gcrypt.c
index 9f1c9ee60e..7aea4ac81f 100644
--- a/crypto/random-gcrypt.c
+++ b/crypto/random-gcrypt.c
@@ -24,7 +24,7 @@
 
 #include 
 
-int qcrypto_random_bytes(uint8_t *buf,
+int qcrypto_random_bytes(void *buf,
  size_t buflen,
  Error **errp G_GNUC_UNUSED)
 {
diff --git a/crypto/random-gnutls.c b/crypto/random-gnutls.c
index 445fd6a30b..ed6c9ca12f 100644
--- a/crypto/random-gnutls.c
+++ b/crypto/random-gnutls.c
@@ -26,7 +26,7 @@
 #include 
 #include 
 
-int qcrypto_random_bytes(uint8_t *buf,
+int qcrypto_random_bytes(void *buf,
  size_t buflen,
  Error **errp)
 {
diff --git a/crypto/random-platform.c b/crypto/random-platform.c
index cb3ca1bc09..66624106fe 100644
--- a/crypto/random-platform.c
+++ b/crypto/random-platform.c
@@ -64,8 +64,8 @@ int qcrypto_random_init(Error **errp)
 return 0;
 }
 
-int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
- size_t buflen G_GNUC_UNUSED,
+int qcrypto_random_bytes(void *buf,
+ size_t buflen,
  Error **errp)
 {
 #ifdef _WIN32
-- 
2.17.1

[Qemu-devel] [PATCH v8 02/25] build: Link user-only with crypto random number objects

[Richard Henderson]

For user-only, we require only the random number bits of the
crypto subsystem.  Rename crypto-aes-obj-y to crypto-user-obj-y,
and add the random number objects, plus init.o to handle any
extra stuff the crypto library requires.

Move the crypto libraries from libs_softmmu and libs_tools to
LIBS, so that they are universally used.

Signed-off-by: Richard Henderson 
---
 Makefile |  4 ++--
 Makefile.objs|  2 +-
 Makefile.target  |  4 ++--
 configure|  9 +++--
 crypto/Makefile.objs | 11 ++-
 5 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/Makefile b/Makefile
index 66d5c65156..8419d759e0 100644
--- a/Makefile
+++ b/Makefile
@@ -410,7 +410,7 @@ dummy := $(call unnest-vars,, \
 block-obj-y \
 block-obj-m \
 crypto-obj-y \
-crypto-aes-obj-y \
+crypto-user-obj-y \
 qom-obj-y \
 io-obj-y \
 common-obj-y \
@@ -483,7 +483,7 @@ subdir-slirp: .git-submodule-status
$(call quiet-command,$(MAKE) -C $(SRC_PATH)/slirp 
BUILD_DIR="$(BUILD_DIR)/slirp" CC="$(CC)" AR="$(AR)" LD="$(LD)" 
RANLIB="$(RANLIB)" CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(LDFLAGS)")
 
 $(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) \
-   $(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY))
+   $(qom-obj-y) $(crypto-user-obj-$(CONFIG_USER_ONLY))
 
 ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
 # Only keep -O and -g cflags
diff --git a/Makefile.objs b/Makefile.objs
index cf065de5ed..84fa83ba21 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -25,7 +25,7 @@ block-obj-m = block/
 # crypto-obj-y is code used by both qemu system emulation and qemu-img
 
 crypto-obj-y = crypto/
-crypto-aes-obj-y = crypto/
+crypto-user-obj-y = crypto/
 
 ###
 # qom-obj-y is code used by both qemu system emulation and qemu-img
diff --git a/Makefile.target b/Makefile.target
index ae02495951..bde256436b 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -180,7 +180,7 @@ dummy := $(call unnest-vars,.., \
block-obj-m \
chardev-obj-y \
crypto-obj-y \
-   crypto-aes-obj-y \
+   crypto-user-obj-y \
qom-obj-y \
io-obj-y \
common-obj-y \
@@ -189,7 +189,7 @@ all-obj-y += $(common-obj-y)
 all-obj-y += $(qom-obj-y)
 all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y)
 all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y)
-all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
+all-obj-$(CONFIG_USER_ONLY) += $(crypto-user-obj-y)
 all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
 all-obj-$(CONFIG_SOFTMMU) += $(io-obj-y)
 
diff --git a/configure b/configure
index f8345368bf..03e71ef7b6 100755
--- a/configure
+++ b/configure
@@ -2792,8 +2792,7 @@ if test "$gnutls" != "no"; then
 # At least ubuntu 18.04 ships only shared libraries.
 write_c_skeleton
 if compile_prog "" "$gnutls_libs" ; then
-libs_softmmu="$gnutls_libs $libs_softmmu"
-libs_tools="$gnutls_libs $libs_tools"
+LIBS="$gnutls_libs $LIBS"
 QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
 pass="yes"
 fi
@@ -2864,8 +2863,7 @@ if test "$nettle" != "no"; then
 # Link test to make sure the given libraries work (e.g for static).
 write_c_skeleton
 if compile_prog "" "$nettle_libs" ; then
-libs_softmmu="$nettle_libs $libs_softmmu"
-libs_tools="$nettle_libs $libs_tools"
+LIBS="$nettle_libs $LIBS"
 QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
 if test -z "$gcrypt"; then
gcrypt="no"
@@ -2896,8 +2894,7 @@ if test "$gcrypt" != "no"; then
 # Link test to make sure the given libraries work (e.g for static).
 write_c_skeleton
 if compile_prog "" "$gcrypt_libs" ; then
-libs_softmmu="$gcrypt_libs $libs_softmmu"
-libs_tools="$gcrypt_libs $libs_tools"
+LIBS="$gcrypt_libs $LIBS"
 QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
 pass="yes"
 fi
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 256c9aca1f..7fe2fa9da2 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -19,9 +19,10 @@ crypto-obj-y += tlscredspsk.o
 crypto-obj-y += tlscredsx509.o
 crypto-obj-y += tlssession.o
 crypto-obj-y += secret.o
-crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
-crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
-crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += 
random-platform.o
+crypto-rng-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
+crypto-rng-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
+crypto-rng-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += 
random-platform.o
+crypto-obj-y += $(crypto-rng-obj-y)
 

[Qemu-devel] [PATCH v8 08/25] ui/vnc: Split out authentication_failed

[Richard Henderson]

There were 3 copies of this code, one of which used the wrong
data size for the failure indicator.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Gerd Hoffmann 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Richard Henderson 
---
 ui/vnc.c | 37 +++--
 1 file changed, 15 insertions(+), 22 deletions(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index 1871422e1d..785edf3af1 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2535,6 +2535,18 @@ void start_client_init(VncState *vs)
 vnc_read_when(vs, protocol_client_init, 1);
 }
 
+static void authentication_failed(VncState *vs)
+{
+vnc_write_u32(vs, 1); /* Reject auth */
+if (vs->minor >= 8) {
+static const char err[] = "Authentication failed";
+vnc_write_u32(vs, sizeof(err));
+vnc_write(vs, err, sizeof(err));
+}
+vnc_flush(vs);
+vnc_client_error(vs);
+}
+
 static void make_challenge(VncState *vs)
 {
 int i;
@@ -2609,14 +2621,7 @@ static int protocol_client_auth_vnc(VncState *vs, 
uint8_t *data, size_t len)
 return 0;
 
 reject:
-vnc_write_u32(vs, 1); /* Reject auth */
-if (vs->minor >= 8) {
-static const char err[] = "Authentication failed";
-vnc_write_u32(vs, sizeof(err));
-vnc_write(vs, err, sizeof(err));
-}
-vnc_flush(vs);
-vnc_client_error(vs);
+authentication_failed(vs);
 qcrypto_cipher_free(cipher);
 return 0;
 }
@@ -2638,13 +2643,7 @@ static int protocol_client_auth(VncState *vs, uint8_t 
*data, size_t len)
  * must pick the one we sent. Verify this */
 if (data[0] != vs->auth) { /* Reject auth */
trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
-   vnc_write_u32(vs, 1);
-   if (vs->minor >= 8) {
-   static const char err[] = "Authentication failed";
-   vnc_write_u32(vs, sizeof(err));
-   vnc_write(vs, err, sizeof(err));
-   }
-   vnc_client_error(vs);
+   authentication_failed(vs);
 } else { /* Accept requested auth */
trace_vnc_auth_start(vs, vs->auth);
switch (vs->auth) {
@@ -2673,13 +2672,7 @@ static int protocol_client_auth(VncState *vs, uint8_t 
*data, size_t len)
 
default: /* Should not be possible, but just in case */
trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
-   vnc_write_u8(vs, 1);
-   if (vs->minor >= 8) {
-   static const char err[] = "Authentication failed";
-   vnc_write_u32(vs, sizeof(err));
-   vnc_write(vs, err, sizeof(err));
-   }
-   vnc_client_error(vs);
+   authentication_failed(vs);
}
 }
 return 0;
-- 
2.17.1

[Qemu-devel] [PATCH v8 03/25] crypto: Reverse code blocks in random-platform.c

[Richard Henderson]

Use #ifdef _WIN32 instead of #ifndef _WIN32.
This will make other tests easier to sequence.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Richard Henderson 
---
 crypto/random-platform.c | 35 +--
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/crypto/random-platform.c b/crypto/random-platform.c
index 7541b4cae7..f995fc0ef1 100644
--- a/crypto/random-platform.c
+++ b/crypto/random-platform.c
@@ -32,7 +32,14 @@ static int fd; /* a file handle to either /dev/urandom or 
/dev/random */
 
 int qcrypto_random_init(Error **errp)
 {
-#ifndef _WIN32
+#ifdef _WIN32
+if (!CryptAcquireContext(, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) {
+error_setg_win32(errp, GetLastError(),
+ "Unable to create cryptographic provider");
+return -1;
+}
+#else
 /* TBD perhaps also add support for BSD getentropy / Linux
  * getrandom syscalls directly */
 fd = open("/dev/urandom", O_RDONLY);
@@ -44,15 +51,7 @@ int qcrypto_random_init(Error **errp)
 error_setg(errp, "No /dev/urandom or /dev/random found");
 return -1;
 }
-#else
-if (!CryptAcquireContext(, NULL, NULL, PROV_RSA_FULL,
- CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) {
-error_setg_win32(errp, GetLastError(),
- "Unable to create cryptographic provider");
-return -1;
-}
 #endif
-
 return 0;
 }
 
@@ -60,7 +59,15 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
  size_t buflen G_GNUC_UNUSED,
  Error **errp)
 {
-#ifndef _WIN32
+#ifdef _WIN32
+if (!CryptGenRandom(hCryptProv, buflen, buf)) {
+error_setg_win32(errp, GetLastError(),
+ "Unable to read random bytes");
+return -1;
+}
+
+return 0;
+#else
 int ret = -1;
 int got;
 
@@ -82,13 +89,5 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
 ret = 0;
  cleanup:
 return ret;
-#else
-if (!CryptGenRandom(hCryptProv, buflen, buf)) {
-error_setg_win32(errp, GetLastError(),
- "Unable to read random bytes");
-return -1;
-}
-
-return 0;
 #endif
 }
-- 
2.17.1

[Qemu-devel] [PATCH v8 01/25] configure: Link test before auto-enabling crypto libraries

[Richard Henderson]

At least ubuntu 18.04 does not package static gnutls libraries.
At least Fedora 30 does not ship static nettle and gcrypt libraries.

Reviewed-by: Daniel P. Berrangé 
Reviewed-by: Laurent Vivier 
Tested-by: Laurent Vivier 
Message-Id: <20190510012458.22706-2-richard.hender...@linaro.org>
Signed-off-by: Richard Henderson 
---
 configure | 72 +--
 1 file changed, 44 insertions(+), 28 deletions(-)

diff --git a/configure b/configure
index 8999698bc2..f8345368bf 100755
--- a/configure
+++ b/configure
@@ -2784,17 +2784,24 @@ fi
 # GNUTLS probe
 
 if test "$gnutls" != "no"; then
+pass="no"
 if $pkg_config --exists "gnutls >= 3.1.18"; then
 gnutls_cflags=$($pkg_config --cflags gnutls)
 gnutls_libs=$($pkg_config --libs gnutls)
-libs_softmmu="$gnutls_libs $libs_softmmu"
-libs_tools="$gnutls_libs $libs_tools"
-   QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
-gnutls="yes"
-elif test "$gnutls" = "yes"; then
+# Packaging for the static libraries is not always correct.
+# At least ubuntu 18.04 ships only shared libraries.
+write_c_skeleton
+if compile_prog "" "$gnutls_libs" ; then
+libs_softmmu="$gnutls_libs $libs_softmmu"
+libs_tools="$gnutls_libs $libs_tools"
+QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
+pass="yes"
+fi
+fi
+if test "$pass" = "no" && test "$gnutls" = "yes"; then
feature_not_found "gnutls" "Install gnutls devel >= 3.1.18"
 else
-gnutls="no"
+gnutls="$pass"
 fi
 fi
 
@@ -2849,43 +2856,54 @@ has_libgcrypt() {
 
 
 if test "$nettle" != "no"; then
+pass="no"
 if $pkg_config --exists "nettle >= 2.7.1"; then
 nettle_cflags=$($pkg_config --cflags nettle)
 nettle_libs=$($pkg_config --libs nettle)
 nettle_version=$($pkg_config --modversion nettle)
-libs_softmmu="$nettle_libs $libs_softmmu"
-libs_tools="$nettle_libs $libs_tools"
-QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
-nettle="yes"
-
-if test -z "$gcrypt"; then
-   gcrypt="no"
+# Link test to make sure the given libraries work (e.g for static).
+write_c_skeleton
+if compile_prog "" "$nettle_libs" ; then
+libs_softmmu="$nettle_libs $libs_softmmu"
+libs_tools="$nettle_libs $libs_tools"
+QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
+if test -z "$gcrypt"; then
+   gcrypt="no"
+fi
+pass="yes"
 fi
+fi
+if test "$pass" = "no" && test "$nettle" = "yes"; then
+feature_not_found "nettle" "Install nettle devel >= 2.7.1"
 else
-if test "$nettle" = "yes"; then
-feature_not_found "nettle" "Install nettle devel >= 2.7.1"
-else
-nettle="no"
-fi
+nettle="$pass"
 fi
 fi
 
 if test "$gcrypt" != "no"; then
+pass="no"
 if has_libgcrypt; then
 gcrypt_cflags=$(libgcrypt-config --cflags)
 gcrypt_libs=$(libgcrypt-config --libs)
-# Debian has remove -lgpg-error from libgcrypt-config
+# Debian has removed -lgpg-error from libgcrypt-config
 # as it "spreads unnecessary dependencies" which in
 # turn breaks static builds...
 if test "$static" = "yes"
 then
 gcrypt_libs="$gcrypt_libs -lgpg-error"
 fi
-libs_softmmu="$gcrypt_libs $libs_softmmu"
-libs_tools="$gcrypt_libs $libs_tools"
-QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
-gcrypt="yes"
 
+# Link test to make sure the given libraries work (e.g for static).
+write_c_skeleton
+if compile_prog "" "$gcrypt_libs" ; then
+libs_softmmu="$gcrypt_libs $libs_softmmu"
+libs_tools="$gcrypt_libs $libs_tools"
+QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
+pass="yes"
+fi
+fi
+if test "$pass" = "yes"; then
+gcrypt="yes"
 cat > $TMPC << EOF
 #include 
 int main(void) {
@@ -2898,12 +2916,10 @@ EOF
 if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then
 gcrypt_hmac=yes
 fi
+elif test "$gcrypt" = "yes"; then
+feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0"
 else
-if test "$gcrypt" = "yes"; then
-feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0"
-else
-gcrypt="no"
-fi
+gcrypt="no"
 fi
 fi
 
-- 
2.17.1

[Qemu-devel] [PATCH v8 00/25] Add qemu_getrandom and ARMv8.5-RNG etc

[Richard Henderson]

The change in v8 is to which objects are linked in to user-only
from the crypto directory.  Daniel asked for all of crypto-obj-y
to be added, but I have been unable to find a solution that works.

If I add crypto-obj-y, then authz-obj-y must be included to resolve
dependencies.  Daniel suggested splitting authz-obj-y into two, so
that linux-user plus some of the tools need not link against libpam.

However, I tried that, and in the process managed to break testing.
I'm not really sure what I did wrong:

  TESTcheck-speed: tests/benchmark-crypto-cipher
  ERROR - too few tests run (expected 32, got 0)

Or maybe it was broken before, but at least this way I'm not touching
any of the variables that affect tests/Makefile.include.

Given that user-only *is* being linked against the enabled crypto libs,
the behaviour between static and non-static is identical, which is I
believe the major portion of Daniel's request.  I think further cleanup
to the makefiles can be done separately.


r~


Changes since v7:
  * Re-instate the configure probe for --static from v5.
  * Revert the changes to crypto-obj-y.
  * Rename crypto-aes-obj-y to crypto-user-obj-y.
  * Add crypto random number objects to crypto-user-obj-y.

Changes since v6:
  * Drop the crypto-obj-y, crypto-aes-obj-y, and configure changes.
This fixes the regression visible in make check-unit, due to
objects not being pulled in from libqemuutil.a.
  * Add a crypto-rng-obj-y, and force it to be random-platform.o.
This avoids attempting to link the crypto libraries into the
user-only binaries.  Which in turn means we can drop all of
the configure changes to cope with the crypto libraries not
having the static libraries packaged by recent distros.

Changes since v5:
  * Merge crypto-obj-y into util-obj-y (patch 2).
  * Fix leftover crypto-obj-aes-y reference (patch 2).
  * Add ARM_CP_IO to the RNG registers (patch 22).
  * Issue gen_io_start/end around ppc DARN (new patch 24).
  * Issue gen_io_start/end around x86 rdrand (patch 25).

Changes since v4:
  * Do not autoenable nettle or gcrypt if linking is broken.
Fixes --static on fedora 30.
  * Delay removal of srand() for -seed.
  * Do not loop for -1 result for ppc64 DARN.

Changes since v3:
  * Do not autoenable gnutls if linking is broken.
Fixes --static on ubuntu 18.04.

Changes since v2:
  * Changes from review.
- getrandom is not exclusive of /dev/urandom fallback.
- vnc fails gracefully on crypto failure.
- a great renaming.
  * Drop the "nonblock" argument, as it's not deliverable from the backend.
  * Propagate Error back through qemu_guest_getrandom.
  * Add qemu_guest_getrandom_nofail to centralize "Argh! Death!".
  * Convert hw/misc/
  * Implement ppc darn.
  * Implement x86 rdrand.

Changes since v1:
  * Build crypto-obj-y for linux-user as well.
  * Several patches to tidy crypto/random-platform.c.
  * Use getrandom(2) in crypto/random-platform.c.
  * Use qcrypto_random_bytes in ui/vnc.c.
  * In qemu_getrandom:
- Use g_rand_int instead of srand48.
- Use qcrypto_random_bytes instead of getrandom directly.


Richard Henderson (25):
  configure: Link test before auto-enabling crypto libraries
  build: Link user-only with crypto random number objects
  crypto: Reverse code blocks in random-platform.c
  crypto: Do not fail for EINTR during qcrypto_random_bytes
  crypto: Use O_CLOEXEC in qcrypto_random_init
  crypto: Use getrandom for qcrypto_random_bytes
  crypto: Change the qcrypto_random_bytes buffer type to void*
  ui/vnc: Split out authentication_failed
  ui/vnc: Use gcrypto_random_bytes for start_auth_vnc
  util: Add qemu_guest_getrandom and associated routines
  cpus: Initialize pseudo-random seeds for all guest cpus
  linux-user: Initialize pseudo-random seeds for all guest cpus
  linux-user: Call qcrypto_init if not using -seed
  linux-user: Use qemu_guest_getrandom_nofail for AT_RANDOM
  linux-user/aarch64: Use qemu_guest_getrandom for PAUTH keys
  linux-user: Remove srand call
  aspeed/scu: Use qemu_guest_getrandom_nofail
  hw/misc/nrf51_rng: Use qemu_guest_getrandom_nofail
  hw/misc/bcm2835_rng: Use qemu_guest_getrandom_nofail
  hw/misc/exynos4210_rng: Use qemu_guest_getrandom
  target/arm: Put all PAC keys into a structure
  target/arm: Implement ARMv8.5-RNG
  target/ppc: Use gen_io_start/end around DARN
  target/ppc: Use qemu_guest_getrandom for DARN
  target/i386: Implement CPUID_EXT_RDRAND

 Makefile|   4 +-
 Makefile.objs   |   2 +-
 Makefile.target |   4 +-
 include/crypto/random.h |   2 +-
 include/qemu/guest-random.h |  68 ++
 include/qom/cpu.h   |   1 +
 linux-user/aarch64/target_syscall.h |   2 -
 target/arm/cpu.h|  17 +++--
 target/i386/helper.h|   2 +
 cpus.c  |   9 +++
 crypto/random-gcrypt.c  |   2 +-
 crypto/random-gnutls.c

Re: [Qemu-devel] [PATCH v2 0/5] fw_cfg_test refactor and add two test cases

[Li Qiang]

Ping.

Li Qiang  于2019年5月9日周四 下午5:57写道：

> Ping this serials.
>
> Thanks,
> Li Qiang
>
> Li Qiang  于2019年4月24日周三 下午10:07写道：
>
>> In the disscuss of adding reboot timeout test case:
>> https://lists.gnu.org/archive/html/qemu-devel/2019-04/msg03304.html
>>
>> Philippe suggested we should uses the only related option for one
>> specific test. However currently we uses one QTestState for all the
>> test cases. In order to achieve Philippe's idea, I split the test case
>> for its own QTestState. As this patchset has changed a lot, I don't bump
>> the version.
>>
>> Change since v1:
>> Add a patch to store the reboot_timeout as little endian
>> Fix the endian issue per Thomas's review
>>
>> Li Qiang (5):
>>   tests: refactor fw_cfg_test
>>   tests: fw_cfg: add a function to get the fw_cfg file
>>   fw_cfg: reboot: store reboot-timeout as little endian
>>   tests: fw_cfg: add reboot_timeout test case
>>   tests: fw_cfg: add splash time test case
>>
>>  hw/nvram/fw_cfg.c |   4 +-
>>  tests/fw_cfg-test.c   | 125 +++---
>>  tests/libqos/fw_cfg.c |  55 +++
>>  tests/libqos/fw_cfg.h |   9 +++
>>  4 files changed, 184 insertions(+), 9 deletions(-)
>>
>> --
>> 2.17.1
>>
>>
>>

Re: [Qemu-devel] [PULL 00/37] pci, pc, virtio: features, fixes

[Wei Yang]

On Thu, May 16, 2019 at 08:53:04PM +0200, Philippe Mathieu-Daudé wrote:
>On Thu, May 16, 2019 at 8:33 PM Philippe Mathieu-Daudé
> wrote:
>> On 5/16/19 6:04 PM, Peter Maydell wrote:
>> > On Thu, 16 May 2019 at 13:17, Michael S. Tsirkin  wrote:
>> >>
>> >> The following changes since commit 
>> >> efb4f3b62c69383a7308d7b739a3193e7c0ccae8:
>> >>
>> >>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
>> >> into staging (2019-05-10 14:49:36 +0100)
>> >>
>> >> are available in the Git repository at:
>> >>
>> >>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>> >>
>> >> for you to fetch changes up to 0534d255dae78450d90d59db0f3a9a46b32ebd73:
>> >>
>> >>   tests: acpi: print error unable to dump ACPI table during rebuild 
>> >> (2019-05-14 21:19:14 -0400)
>> >>
>> >> 
>> >> pci, pc, virtio: features, fixes
>> >>
>> >> reconnect for vhost blk
>> >> tests for UEFI
>> >> misc other stuff
>> >>
>> >> Signed-off-by: Michael S. Tsirkin 
>> >>
>> >> 
>> >
>> > Hi -- this pullreq has a conflict in default-configs/arm-softmmu.mak
>> > because the conversion of arm to Kconfig has landed in master.
>> > Could you rebase and fix up to use whatever the Kconfig
>> > equivalent of these changes is, please?
>>
>> Culprit is "hw/acpi: Consolidate build_mcfg to pci.c"
>>
>> The conflict doesn't look trivial to resolve (to me) so I'd rather see
>> it reviewed (by Thomas). I suggest to drop the patch(es) from your PR :(
>
>Thomas, FYI I did this to resolve the conflict:
>
>- keep default-configs/arm-softmmu.mak from master:
>
>  git checkout origin/master default-configs/arm-softmmu.mak
>
>- applied the following !fixup snippet:
>
>-- >8 --
>--- a/hw/acpi/Kconfig
>+++ b/hw/acpi/Kconfig
>@@ -25,7 +25,7 @@ config ACPI_NVDIMM
>
> config ACPI_PCI
> bool
>-depends on ACPI
>+depends on ACPI && PCI

Take a look into hw/arm/Kconfig. Only ARM_VIRT selects ACPI, but this one
doesn't select PCI.

Which option on arm select both?

>
>---
>
>I felt it easier to review on top of "hw/acpi: Improve build modularity"
>https://lists.gnu.org/archive/html/qemu-devel/2019-04/msg04718.html
>
>Sadly both series clash :(
>
>Regards,
>
>Phil.

-- 
Wei Yang
Help you, Help me

Re: [Qemu-devel] [PATCH] hw/acpi: ACPI_PCI should depends on both ACPI and PCI

[Richard Henderson]

On 5/16/19 5:51 PM, Wei Yang wrote:
> Pointed out by Philippe Mathieu-Daudé .
> 
> Signed-off-by: Wei Yang 
> ---
>  hw/acpi/Kconfig | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson 


r~

[Qemu-devel] QEMU on OpenBSD is broken? (was: Re: [PATCH v2 00/13] tests/vm: serial console autoinstall, misc fixes.)

[Thomas Huth]

On 10/05/2019 12.46, Gerd Hoffmann wrote:
> This patch series changes the way virtual machines for test builds are
> managed.  They are created locally on the developer machine now.  The
> installer is booted on the serial console and the scripts walks through
> the dialogs to install and configure the guest.
> 
> That takes the download.patchew.org server out of the loop and makes it
> alot easier to tweak the guest images (adding build dependencies for
> example).
> 
> The install scripts take care to apply host proxy settings (from *_proxy
> environment variables) to the guest, so any package downloads will be
> routed through the proxy and can be cached that way.  This also makes
> them work behind strict firewalls.
> 
> There are also a bunch of smaller tweaks for tests/vm to fix issues I
> was struggling with.  See commit messages of individual patches for
> details.
> 
> Gerd Hoffmann (13):
>   scripts: use git archive in archive-source
>   tests/vm: send proxy environment variables over ssh
>   tests/vm: use ssh with pty unconditionally
>   tests/vm: run test builds on snapshot
>   tests/vm: proper guest shutdown
>   tests/vm: add vm-boot-{ssh,serial}- targets
>   tests/vm: add DEBUG=1 to help text
>   tests/vm: serial console support helpers
>   tests/vm: openbsd autoinstall, using serial console
>   tests/vm: freebsd autoinstall, using serial console
>   tests/vm: netbsd autoinstall, using serial console
>   tests/vm: fedora autoinstall, using serial console
>   tests/vm: ubuntu.i386: apt proxy setup

freebsd, netbsd and fedora targets work fine for me, so for the patches
1 - 8 and 10 - 12 :

Tested-by: Thomas Huth 

openbsd still fails for me:

  TESTcheck-qtest-arm: tests/tmp105-test
  TESTcheck-qtest-arm: tests/pca9552-test
  TESTcheck-qtest-arm: tests/ds1338-test
  TESTcheck-qtest-arm: tests/microbit-test
  TESTcheck-qtest-arm: tests/m25p80-test
  TESTcheck-qtest-arm: tests/test-arm-mptimer
  TESTcheck-qtest-arm: tests/boot-serial-test
qemu-system-arm: cannot set up guest memory 'ram': Cannot allocate memory
Broken pipe
/home/qemu/qemu-test.Ka98K9/src/tests/libqtest.c:135: kill_qemu() tried
to terminate QEMU process but encountered exit status 1
ERROR - too few tests run (expected 2, got 0)
Abort trap (core dumped)
gmake: *** [/home/qemu/qemu-test.Ka98K9/src/tests/Makefile.include:884:
check-qtest-arm] Error 1

Brad, does current master work for you on OpenBSD? ... looking at the
history of the openbsd script, it seems like "make check" is broken on
OpenBSD since 2017 ... any chance that this could ever be fixed?

 Thomas

[Qemu-devel] [PATCH] hw/acpi: ACPI_PCI should depends on both ACPI and PCI

[Wei Yang]

Pointed out by Philippe Mathieu-Daudé .

Signed-off-by: Wei Yang 
---
 hw/acpi/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
index 7265843cc3..7c59cf900b 100644
--- a/hw/acpi/Kconfig
+++ b/hw/acpi/Kconfig
@@ -25,7 +25,7 @@ config ACPI_NVDIMM
 
 config ACPI_PCI
 bool
-depends on ACPI
+depends on ACPI && PCI
 
 config ACPI_VMGENID
 bool
-- 
2.19.1

[Qemu-devel] [PATCH v2] acpi: pci: use build_append_foo() API to construct MCFG

[Wei Yang]

build_append_foo() API doesn't need explicit endianness conversions
which eliminates a source of errors and it makes build_mcfg() look like
declarative definition of MCFG table in ACPI spec, which makes it easy
to review.

Signed-off-by: Wei Yang 
Suggested-by: Igor Mammedov 

---
v2:
   * miss the reserved[8] of MCFG in last version, add it back
   * drop SOBs and make sure bios-tables-test all OK
---
 hw/acpi/pci.c   | 35 +++
 include/hw/acpi/acpi-defs.h | 18 --
 2 files changed, 23 insertions(+), 30 deletions(-)

diff --git a/hw/acpi/pci.c b/hw/acpi/pci.c
index fa0fa30bb9..49df7b7d54 100644
--- a/hw/acpi/pci.c
+++ b/hw/acpi/pci.c
@@ -30,17 +30,28 @@
 
 void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
 {
-AcpiTableMcfg *mcfg;
-int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
-
-mcfg = acpi_data_push(table_data, len);
-mcfg->allocation[0].address = cpu_to_le64(info->base);
-
-/* Only a single allocation so no need to play with segments */
-mcfg->allocation[0].pci_segment = cpu_to_le16(0);
-mcfg->allocation[0].start_bus_number = 0;
-mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
-
-build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
+int mcfg_start = table_data->len;
+
+acpi_data_push(table_data, sizeof(AcpiTableHeader));
+
+/*
+ * PCI Firmware Specification, Revision 3.0
+ * 4.1.2 MCFG Table Description.
+ */
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 8);
+/* Base address, processor-relative */
+build_append_int_noprefix(table_data, info->base, 8);
+/* PCI segment group number */
+build_append_int_noprefix(table_data, 0, 2);
+/* Starting PCI Bus number */
+build_append_int_noprefix(table_data, 0, 1);
+/* Final PCI Bus number */
+build_append_int_noprefix(table_data, PCIE_MMCFG_BUS(info->size - 1), 1);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 4);
+
+build_header(linker, table_data, (void *)(table_data->data + mcfg_start),
+ "MCFG", table_data->len - mcfg_start, 1, NULL, NULL);
 }
 
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index f9aa4bd398..57a3f58b0c 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -449,24 +449,6 @@ struct AcpiSratProcessorGiccAffinity {
 
 typedef struct AcpiSratProcessorGiccAffinity AcpiSratProcessorGiccAffinity;
 
-/* PCI fw r3.0 MCFG table. */
-/* Subtable */
-struct AcpiMcfgAllocation {
-uint64_t address;/* Base address, processor-relative */
-uint16_t pci_segment;/* PCI segment group number */
-uint8_t start_bus_number;   /* Starting PCI Bus number */
-uint8_t end_bus_number; /* Final PCI Bus number */
-uint32_t reserved;
-} QEMU_PACKED;
-typedef struct AcpiMcfgAllocation AcpiMcfgAllocation;
-
-struct AcpiTableMcfg {
-ACPI_TABLE_HEADER_DEF;
-uint8_t reserved[8];
-AcpiMcfgAllocation allocation[0];
-} QEMU_PACKED;
-typedef struct AcpiTableMcfg AcpiTableMcfg;
-
 /*
  * TCPA Description Table
  *
-- 
2.19.1

Re: [Qemu-devel] [PATCH v4 5/6] hw/acpi: Consolidate build_mcfg to pci.c

[Wei Yang]

On Thu, May 16, 2019 at 08:35:43PM +0200, Philippe Mathieu-Daudé wrote:
>On 4/19/19 2:30 AM, Wei Yang wrote:
>> Now we have two identical build_mcfg functions.
>> 
>> Consolidate them in acpi/pci.c.
>> 
>> Signed-off-by: Wei Yang 
>> Reviewed-by: Philippe Mathieu-Daudé 
>> Reviewed-by: Igor Mammedov 
>> 
>> ---
>> v3:
>>   * adjust changelog based on Igor's suggestion
>> ---
>>  default-configs/arm-softmmu.mak  |  1 +
>>  default-configs/i386-softmmu.mak |  1 +
>>  hw/acpi/Kconfig  |  4 +++
>>  hw/acpi/Makefile.objs|  1 +
>>  hw/acpi/pci.c| 46 
>>  hw/arm/virt-acpi-build.c | 17 
>>  hw/i386/acpi-build.c | 18 +
>>  include/hw/acpi/pci.h|  1 +
>>  8 files changed, 55 insertions(+), 34 deletions(-)
>>  create mode 100644 hw/acpi/pci.c
>> 
>> diff --git a/default-configs/arm-softmmu.mak 
>> b/default-configs/arm-softmmu.mak
>> index 613d19a06d..8f2796e195 100644
>> --- a/default-configs/arm-softmmu.mak
>> +++ b/default-configs/arm-softmmu.mak
>> @@ -144,6 +144,7 @@ CONFIG_XIO3130=y
>>  CONFIG_IOH3420=y
>>  CONFIG_I82801B11=y
>>  CONFIG_ACPI=y
>> +CONFIG_ACPI_PCI=y
>>  CONFIG_ARM_VIRT=y
>>  CONFIG_SMBIOS=y
>>  CONFIG_ASPEED_SOC=y
>> diff --git a/default-configs/i386-softmmu.mak 
>> b/default-configs/i386-softmmu.mak
>> index ba3fb3ff50..cd5ea391e8 100644
>> --- a/default-configs/i386-softmmu.mak
>> +++ b/default-configs/i386-softmmu.mak
>> @@ -25,3 +25,4 @@
>>  CONFIG_ISAPC=y
>>  CONFIG_I440FX=y
>>  CONFIG_Q35=y
>> +CONFIG_ACPI_PCI=y
>> diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
>> index eca3beed75..7265843cc3 100644
>> --- a/hw/acpi/Kconfig
>> +++ b/hw/acpi/Kconfig
>> @@ -23,6 +23,10 @@ config ACPI_NVDIMM
>>  bool
>>  depends on ACPI
>>  
>> +config ACPI_PCI
>> +bool
>> +depends on ACPI
>
>Shouldn't this be "depends on ACPI && PCI"?
>

I think you are right. Let me fix this.

Thanks

-- 
Wei Yang
Help you, Help me

Re: [Qemu-devel] [PATCH 1/2] qapi: support external bitmaps in block-dirty-bitmap-merge

[John Snow]

On 5/16/19 8:27 AM, Vladimir Sementsov-Ogievskiy wrote:
> Add new optional parameter making possible to merge bitmaps from
> different nodes. It is needed to maintain external snapshots during
> incremental backup chain history.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  qapi/block-core.json | 13 ++---
>  block/dirty-bitmap.c |  9 ++---
>  blockdev.c   | 46 ++--
>  3 files changed, 48 insertions(+), 20 deletions(-)
> 
> diff --git a/qapi/block-core.json b/qapi/block-core.json
> index 7ccbfff9d0..933b50771a 100644
> --- a/qapi/block-core.json
> +++ b/qapi/block-core.json
> @@ -2006,16 +2006,23 @@
>  ##
>  # @BlockDirtyBitmapMerge:
>  #
> -# @node: name of device/node which the bitmap is tracking
> +# @node: name of device/node which the @target and @bitmaps bitmaps are
> +#tracking
>  #
>  # @target: name of the destination dirty bitmap
>  #
> -# @bitmaps: name(s) of the source dirty bitmap(s)
> +# @bitmaps: name(s) of the source dirty bitmap(s). The field is optional
> +#   since 4.1.
> +#
> +# @external-bitmaps: additional list of source dirty bitmaps with specified
> +#nodes, which allows merging bitmaps between different
> +#nodes. (Since: 4.1)
>  #
>  # Since: 4.0
>  ##
>  { 'struct': 'BlockDirtyBitmapMerge',
> -  'data': { 'node': 'str', 'target': 'str', 'bitmaps': ['str'] } }
> +  'data': { 'node': 'str', 'target': 'str', '*bitmaps': ['str'],
> +'*external-bitmaps': ['BlockDirtyBitmap'] } }
>  

I guess you can specify one, or both, or maybe neither! Seems fine.

>  ##
>  # @block-dirty-bitmap-add:
> diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
> index 59e6ebb861..49646a30e6 100644
> --- a/block/dirty-bitmap.c
> +++ b/block/dirty-bitmap.c
> @@ -816,10 +816,10 @@ void bdrv_merge_dirty_bitmap(BdrvDirtyBitmap *dest, 
> const BdrvDirtyBitmap *src,
>  {
>  bool ret;
>  
> -/* only bitmaps from one bds are supported */
> -assert(dest->mutex == src->mutex);
> -
>  qemu_mutex_lock(dest->mutex);
> +if (src->mutex != dest->mutex) {
> +qemu_mutex_lock(src->mutex);
> +}
>  
>  if (bdrv_dirty_bitmap_check(dest, BDRV_BITMAP_DEFAULT, errp)) {
>  goto out;
> @@ -845,4 +845,7 @@ void bdrv_merge_dirty_bitmap(BdrvDirtyBitmap *dest, const 
> BdrvDirtyBitmap *src,
>  
>  out:
>  qemu_mutex_unlock(dest->mutex);
> +if (src->mutex != dest->mutex) {
> +qemu_mutex_unlock(src->mutex);
> +}
>  }
> diff --git a/blockdev.c b/blockdev.c
> index 79fbac8450..8d37ce5943 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -2112,11 +2112,9 @@ static void 
> block_dirty_bitmap_disable_abort(BlkActionState *common)
>  }
>  }
>  
> -static BdrvDirtyBitmap *do_block_dirty_bitmap_merge(const char *node,
> -const char *target,
> -strList *bitmaps,
> -HBitmap **backup,
> -Error **errp);
> +static BdrvDirtyBitmap *do_block_dirty_bitmap_merge(
> +const char *node, const char *target, strList *bitmaps,
> +BlockDirtyBitmapList *external_bitmaps, HBitmap **backup, Error 
> **errp);
>  

You know, that's actually a much smarter way to reflow these ...

>  static void block_dirty_bitmap_merge_prepare(BlkActionState *common,
>   Error **errp)
> @@ -2132,8 +2130,9 @@ static void 
> block_dirty_bitmap_merge_prepare(BlkActionState *common,
>  action = common->action->u.block_dirty_bitmap_merge.data;
>  
>  state->bitmap = do_block_dirty_bitmap_merge(action->node, action->target,
> -action->bitmaps, 
> >backup,
> -errp);
> +action->bitmaps,
> +action->external_bitmaps,
> +>backup, errp);
>  }
>  
>  static void abort_prepare(BlkActionState *common, Error **errp)
> @@ -2965,15 +2964,14 @@ void qmp_block_dirty_bitmap_disable(const char *node, 
> const char *name,
>  bdrv_disable_dirty_bitmap(bitmap);
>  }
>  
> -static BdrvDirtyBitmap *do_block_dirty_bitmap_merge(const char *node,
> -const char *target,
> -strList *bitmaps,
> -HBitmap **backup,
> -Error **errp)
> +static BdrvDirtyBitmap *do_block_dirty_bitmap_merge(
> +const char *node, const char *target, strList *bitmaps,
> +BlockDirtyBitmapList *external_bitmaps, HBitmap **backup, Error 
> **errp)
>  {
>  BlockDriverState *bs;
>  

Re: [Qemu-devel] Pentium Pro Feature Bugs

[tedheadster]

Paolo,
  I am running the kvm32 machine and I see a problem. Here is the
output of /proc/cpuinfo :

flags   : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca
cmov constant_tsc

I see something rather important missing: cpuid.

A lot of stuff breaks without cpuid, and I am fairly sure that qemu is
supposed to 'hard code' in support for it. It is present with both my
i486 and i586 virtual machines.

- Matthew

Re: [Qemu-devel] [PATCH v2 0/4] blockdev-backup: don't check aio_context too early

[John Snow]

Happy Friday: ping!

Max: this series corrects some things that were causing some of the
pitfalls that made me nervous about the context I wrote about in 219.

On 5/10/19 3:03 PM, John Snow wrote:
> See patch one's commit message for justification.
> 
> v2: added patch 4, with iotest framework adjustments in patches 2/3.
> 
> John Snow (4):
>   blockdev-backup: don't check aio_context too early
>   iotests.py: do not use infinite waits
>   iotests.py: rewrite run_job to be pickier
>   iotests: add iotest 250 for testing blockdev-backup across iothread
> contexts
> 
>  blockdev.c|   4 --
>  tests/qemu-iotests/250| 129 ++
>  tests/qemu-iotests/250.out| 119 +++
>  tests/qemu-iotests/group  |   1 +
>  tests/qemu-iotests/iotests.py |  44 ++--
>  5 files changed, 270 insertions(+), 27 deletions(-)
>  create mode 100755 tests/qemu-iotests/250
>  create mode 100644 tests/qemu-iotests/250.out
> 

Re: [Qemu-devel] [Qemu-block] [PATCH] iotests: Fix intermittent failure in 219

[John Snow]

On 5/16/19 12:11 PM, Max Reitz wrote:
> In 219, we wait for the job to make progress before we emit its status.
> This makes the output reliable.
> 
> Unfortunately, there is a bug: We do not wait for any more progress if
> the job has already reached its total-progress.  Right after the job has
> been started, it is possible that total-progress is still 0, though.  In
> that case, we may skip the first progress-making step and keep ending up
> 64 kB short.
> 

Oh, this took a while to understand.

The bug is that when the job has started, its current progress is the
same as its total progress, 0, which we might confuse as as being
sufficiently done.

You avoid this by forcing the job to update its total progress at least
once before proceeding.

We do this checking pre-patch in test_pause_resume, not excerpted below
in the diffstat.

I might recommend:

"In 219, we wait for the job to make progress before we emit its status.
This makes the output reliable. We do not wait for any more progress if
the job's current-progress already matches its total-progress.

Unfortunately, there is a bug: Right after the job has been started,
it's possible that total-progress is still 0."

But, well, that's just like, my opinion, man.

> To fix that bug, we cab simply wait for total-progress to reach 4 MB
> (the image size) after starting the job.
> 
> Reported-by: Karen Mezick 
> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1686651
> Signed-off-by: Max Reitz 
> ---
>  tests/qemu-iotests/219 | 13 ++---
>  1 file changed, 10 insertions(+), 3 deletions(-)
> 
> diff --git a/tests/qemu-iotests/219 b/tests/qemu-iotests/219
> index c03bbdb294..e0c51662c0 100755
> --- a/tests/qemu-iotests/219
> +++ b/tests/qemu-iotests/219
> @@ -23,6 +23,8 @@ import iotests
>  
>  iotests.verify_image_format(supported_fmts=['qcow2'])
>  
> +img_size = 4 * 1024 * 1024
> +
>  def pause_wait(vm, job_id):
>  with iotests.Timeout(3, "Timeout waiting for job to pause"):
>  while True:
> @@ -62,6 +64,8 @@ def test_pause_resume(vm):
>  iotests.log(vm.qmp('query-jobs'))
>  
>  def test_job_lifecycle(vm, job, job_args, has_ready=False):
> +global img_size
> +

You hate to see it happen, folks

>  iotests.log('')
>  iotests.log('')
>  iotests.log('Starting block job: %s (auto-finalize: %s; auto-dismiss: 
> %s)' %
> @@ -84,6 +88,10 @@ def test_job_lifecycle(vm, job, job_args, has_ready=False):
>  iotests.log(iotests.filter_qmp_event(vm.event_wait('JOB_STATUS_CHANGE')))
>  iotests.log(iotests.filter_qmp_event(vm.event_wait('JOB_STATUS_CHANGE')))
>  

In my recent writing of tests, I have come to be quite afraid of naked
waits on JOB_STATUS_CHANGE without actually waiting on a specific one. I
suppose it's fine because we log it, so we will eventually see what went
wrong, but ...

Ehm, just a style thing. Not related to this patch.

> +# Wait for total-progress to stabilize
> +while vm.qmp('query-jobs')['return'][0]['total-progress'] < img_size:
> +pass
> +
>  # RUNNING state:
>  # pause/resume should work, complete/finalize/dismiss should error out
>  iotests.log('')
> @@ -173,9 +181,8 @@ with iotests.FilePath('disk.img') as disk_path, \
>   iotests.FilePath('copy.img') as copy_path, \
>   iotests.VM() as vm:
>  
> -img_size = '4M'
> -iotests.qemu_img_create('-f', iotests.imgfmt, disk_path, img_size)
> -iotests.qemu_io('-c', 'write 0 %s' % (img_size),
> +iotests.qemu_img_create('-f', iotests.imgfmt, disk_path, str(img_size))
> +iotests.qemu_io('-c', 'write 0 %i' % (img_size),
>  '-f', iotests.imgfmt, disk_path)
>  
>  iotests.log('Launching VM...')
> 

Regardless of my spurious noisemaking:

Reviewed-by: John Snow 

Re: [Qemu-devel] [PATCH v9 2/7] virtio-pmem: Add virtio pmem driver

[Jakub Staroń via Qemu-devel]

On 5/14/19 7:54 AM, Pankaj Gupta wrote:
> + if (!list_empty(>req_list)) {
> + req_buf = list_first_entry(>req_list,
> + struct virtio_pmem_request, list);
> + req_buf->wq_buf_avail = true;
> + wake_up(_buf->wq_buf);
> + list_del(_buf->list);
Yes, this change is the right one, thank you!

> +  /*
> +   * If virtqueue_add_sgs returns -ENOSPC then req_vq virtual
> +   * queue does not have free descriptor. We add the request
> +   * to req_list and wait for host_ack to wake us up when free
> +   * slots are available.
> +   */
> + while ((err = virtqueue_add_sgs(vpmem->req_vq, sgs, 1, 1, req,
> + GFP_ATOMIC)) == -ENOSPC) {
> +
> + dev_err(>dev, "failed to send command to virtio pmem" \
> + "device, no free slots in the virtqueue\n");
> + req->wq_buf_avail = false;
> + list_add_tail(>list, >req_list);
> + spin_unlock_irqrestore(>pmem_lock, flags);
> +
> + /* A host response results in "host_ack" getting called */
> + wait_event(req->wq_buf, req->wq_buf_avail);
> + spin_lock_irqsave(>pmem_lock, flags);
> + }
> + err1 = virtqueue_kick(vpmem->req_vq);
> + spin_unlock_irqrestore(>pmem_lock, flags);
> +
> + /*
> +  * virtqueue_add_sgs failed with error different than -ENOSPC, we can't
> +  * do anything about that.
> +  */
> + if (err || !err1) {
> + dev_info(>dev, "failed to send command to virtio pmem 
> device\n");
> + err = -EIO;
> + } else {
> + /* A host repsonse results in "host_ack" getting called */
> + wait_event(req->host_acked, req->done);
> + err = req->ret;
> +I confirm that the failures I was facing with the `-ENOSPC` error path are 
> not present in v9.

Best,
Jakub Staron

Re: [Qemu-devel] [Qemu-block] [PATCH v1] [RFC] qcow2: add compression type feature

[John Snow]

On 5/16/19 9:48 AM, Denis Plotnikov wrote:
> The patch adds some preparation parts for incompatible compression type
> feature into QCOW2 header that indicates that *all* compressed clusters
> must be (de)compressed using a certain compression type.
> 
> It is implied that the compression type is set on the image creation and
> can be changed only later by image conversion, thus the only compression
> algorithm is used for the image.
> 
> The plan is to add support for ZSTD and then may be something more effective
> in the future.
> 
> ZSTD compression algorithm consumes 3-5 times less CPU power with a
> comparable compression ratio with zlib. It would be wise to use it for
> data compression e.g. for backups.
> 
> The default compression is ZLIB.
> 

(Merely a curiosity:)

Since this is coming from Virtuozzo, I trust that you've had good luck
with ZSTD already in R What do the compression ratios look like in
practice? It's touted as "comparable to zlib" which certainly does sound
quite nice for streaming compression of backups.

I suppose in the worst case it ought to be faster than bandwidth speeds,
so no harm in utilizing it.

> Signed-off-by: Denis Plotnikov 

Re: [Qemu-devel] [Qemu-block] [PATCH] nvme: add Get/Set Feature Timestamp support

[Heitke, Kenneth]

Hi Klaus, thank you for you review. I have one comment inline

On 5/14/2019 12:02 AM, Klaus Birkelund wrote:

On Fri, Apr 05, 2019 at 03:41:17PM -0600, Kenneth Heitke wrote:

Signed-off-by: Kenneth Heitke 
---
  hw/block/nvme.c   | 120 +-
  hw/block/nvme.h   |   3 ++
  hw/block/trace-events |   2 +
  include/block/nvme.h  |   2 +
  4 files changed, 125 insertions(+), 2 deletions(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 7caf92532a..e775e89299 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -219,6 +219,30 @@ static uint16_t nvme_map_prp(QEMUSGList *qsg, QEMUIOVector 
*iov, uint64_t prp1,
  return NVME_INVALID_FIELD | NVME_DNR;
  }
  
+static uint16_t nvme_dma_write_prp(NvmeCtrl *n, uint8_t *ptr, uint32_t len,

+   uint64_t prp1, uint64_t prp2)
+{
+QEMUSGList qsg;
+QEMUIOVector iov;
+uint16_t status = NVME_SUCCESS;
+
+if (nvme_map_prp(, , prp1, prp2, len, n)) {
+return NVME_INVALID_FIELD | NVME_DNR;
+}
+if (qsg.nsg > 0) {
+if (dma_buf_write(ptr, len, )) {
+status = NVME_INVALID_FIELD | NVME_DNR;
+}
+qemu_sglist_destroy();
+} else {
+if (qemu_iovec_from_buf(, 0, ptr, len) != len) {


This should be `qemu_iovec_to_buf`.



This function is transferring data from the "host" to the device so I
believe I am using the correct function.

[Qemu-devel] [PATCH] tcg/i386: Fix dupi/dupm for avx1 and 32-bit hosts

[Richard Henderson]

The VBROADCASTSD instruction only allows %ymm registers as destination.
Rather than forcing VEX.L and writing to the entire 256-bit register,
revert to using MOVDDUP with an %xmm register.  This is sufficient for
an avx1 host since we do not support TCG_TYPE_V256 for that case.

Also fix the 32-bit avx2, which should have used VPBROADCASTW.

Fixes: 1e262b49b533
Reported-by: Mark Cave-Ayland 
Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.inc.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
index aafd01cb49..b3601446cd 100644
--- a/tcg/i386/tcg-target.inc.c
+++ b/tcg/i386/tcg-target.inc.c
@@ -358,6 +358,7 @@ static inline int tcg_target_const_match(tcg_target_long 
val, TCGType type,
 #define OPC_MOVBE_MyGy  (0xf1 | P_EXT38)
 #define OPC_MOVD_VyEy   (0x6e | P_EXT | P_DATA16)
 #define OPC_MOVD_EyVy   (0x7e | P_EXT | P_DATA16)
+#define OPC_MOVDDUP (0x12 | P_EXT | P_SIMDF2)
 #define OPC_MOVDQA_VxWx (0x6f | P_EXT | P_DATA16)
 #define OPC_MOVDQA_WxVx (0x7f | P_EXT | P_DATA16)
 #define OPC_MOVDQU_VxWx (0x6f | P_EXT | P_SIMDF3)
@@ -921,7 +922,7 @@ static bool tcg_out_dupm_vec(TCGContext *s, TCGType type, 
unsigned vece,
 } else {
 switch (vece) {
 case MO_64:
-tcg_out_vex_modrm_offset(s, OPC_VBROADCASTSD, r, 0, base, offset);
+tcg_out_vex_modrm_offset(s, OPC_MOVDDUP, r, 0, base, offset);
 break;
 case MO_32:
 tcg_out_vex_modrm_offset(s, OPC_VBROADCASTSS, r, 0, base, offset);
@@ -963,12 +964,12 @@ static void tcg_out_dupi_vec(TCGContext *s, TCGType type,
 } else if (have_avx2) {
 tcg_out_vex_modrm_pool(s, OPC_VPBROADCASTQ + vex_l, ret);
 } else {
-tcg_out_vex_modrm_pool(s, OPC_VBROADCASTSD, ret);
+tcg_out_vex_modrm_pool(s, OPC_MOVDDUP, ret);
 }
 new_pool_label(s, arg, R_386_PC32, s->code_ptr - 4, -4);
 } else {
 if (have_avx2) {
-tcg_out_vex_modrm_pool(s, OPC_VBROADCASTSD + vex_l, ret);
+tcg_out_vex_modrm_pool(s, OPC_VPBROADCASTW + vex_l, ret);
 } else {
 tcg_out_vex_modrm_pool(s, OPC_VBROADCASTSS, ret);
 }
-- 
2.17.1

[Qemu-devel] [PULL 6/6] target/m68k: Optimize rotate_x() using extract_i32()

[Laurent Vivier]

From: Philippe Mathieu-Daudé 

Optimize rotate_x() using tcg_gen_extract_i32(). We can now free the
'sz' tcg_temp earlier. Since it is allocated with tcg_const_i32(),
free it with tcg_temp_free_i32().

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20190310003428.11723-6-f4...@amsat.org>
Signed-off-by: Laurent Vivier 
---
 target/m68k/translate.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index bf700c01b1..f0534a4ba0 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -3693,6 +3693,7 @@ static TCGv rotate_x(TCGv reg, TCGv shift, int left, int 
size)
 tcg_gen_sub_i32(shl, shl, shift); /* shl = size + 1 - shift */
 tcg_gen_sub_i32(shx, sz, shift); /* shx = size - shift */
 }
+tcg_temp_free_i32(sz);
 
 /* reg = (reg << shl) | (reg >> shr) | (x << shx); */
 
@@ -3708,9 +3709,7 @@ static TCGv rotate_x(TCGv reg, TCGv shift, int left, int 
size)
 /* X = (reg >> size) & 1 */
 
 X = tcg_temp_new();
-tcg_gen_shr_i32(X, reg, sz);
-tcg_gen_andi_i32(X, X, 1);
-tcg_temp_free(sz);
+tcg_gen_extract_i32(X, reg, size, 1);
 
 return X;
 }
-- 
2.20.1

[Qemu-devel] [PULL 4/6] target/m68k: Reduce the l1 TCGLabel scope

[Laurent Vivier]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20190310003428.11723-2-f4...@amsat.org>
Signed-off-by: Laurent Vivier 
---
 target/m68k/translate.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 58596278c2..176c5d966c 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -3020,7 +3020,6 @@ DISAS_INSN(branch)
 int32_t offset;
 uint32_t base;
 int op;
-TCGLabel *l1;
 
 base = s->pc;
 op = (insn >> 8) & 0xf;
@@ -3036,7 +3035,7 @@ DISAS_INSN(branch)
 }
 if (op > 1) {
 /* Bcc */
-l1 = gen_new_label();
+TCGLabel *l1 = gen_new_label();
 gen_jmpcc(s, ((insn >> 8) & 0xf) ^ 1, l1);
 gen_jmp_tb(s, 1, base + offset);
 gen_set_label(l1);
-- 
2.20.1

[Qemu-devel] [PULL 5/6] target/m68k: Fix a tcg_temp leak

[Laurent Vivier]

From: Philippe Mathieu-Daudé 

The function gen_get_ccr() returns a tcg_temp created with
tcg_temp_new(). Free it with tcg_temp_free().

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20190310003428.11723-4-f4...@amsat.org>
Signed-off-by: Laurent Vivier 
---
 target/m68k/translate.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 176c5d966c..bf700c01b1 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -2227,6 +2227,7 @@ static TCGv gen_get_sr(DisasContext *s)
 sr = tcg_temp_new();
 tcg_gen_andi_i32(sr, QREG_SR, 0xffe0);
 tcg_gen_or_i32(sr, sr, ccr);
+tcg_temp_free(ccr);
 return sr;
 }
 
-- 
2.20.1

[Qemu-devel] [PULL 2/6] target/m68k: In get_physical_address() check for memory access failures

[Laurent Vivier]

From: Peter Maydell 

In get_physical_address(), use address_space_ldl() and
address_space_stl() instead of ldl_phys() and stl_phys().
This allows us to check whether the memory access failed.
For the moment, we simply return -1 in this case;
add a TODO comment that we should ideally generate the
appropriate kind of fault.

Signed-off-by: Peter Maydell 
Message-Id: <20181210165636.28366-3-peter.mayd...@linaro.org>
Signed-off-by: Laurent Vivier 
---
 target/m68k/helper.c | 62 +---
 1 file changed, 52 insertions(+), 10 deletions(-)

diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index 5b81995ee7..edd7bb64ed 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -651,6 +651,7 @@ static int get_physical_address(CPUM68KState *env, hwaddr 
*physical,
 bool debug = access_type & ACCESS_DEBUG;
 int page_bits;
 int i;
+MemTxResult txres;
 
 /* Transparent Translation (physical = logical) */
 for (i = 0; i < M68K_MAX_TTR; i++) {
@@ -680,12 +681,19 @@ static int get_physical_address(CPUM68KState *env, hwaddr 
*physical,
 /* Root Index */
 entry = M68K_POINTER_BASE(next) | M68K_ROOT_INDEX(address);
 
-next = ldl_phys(cs->as, entry);
+next = address_space_ldl(cs->as, entry, MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK) {
+goto txfail;
+}
 if (!M68K_UDT_VALID(next)) {
 return -1;
 }
 if (!(next & M68K_DESC_USED) && !debug) {
-stl_phys(cs->as, entry, next | M68K_DESC_USED);
+address_space_stl(cs->as, entry, next | M68K_DESC_USED,
+  MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK) {
+goto txfail;
+}
 }
 if (next & M68K_DESC_WRITEPROT) {
 if (access_type & ACCESS_PTEST) {
@@ -700,12 +708,19 @@ static int get_physical_address(CPUM68KState *env, hwaddr 
*physical,
 /* Pointer Index */
 entry = M68K_POINTER_BASE(next) | M68K_POINTER_INDEX(address);
 
-next = ldl_phys(cs->as, entry);
+next = address_space_ldl(cs->as, entry, MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK) {
+goto txfail;
+}
 if (!M68K_UDT_VALID(next)) {
 return -1;
 }
 if (!(next & M68K_DESC_USED) && !debug) {
-stl_phys(cs->as, entry, next | M68K_DESC_USED);
+address_space_stl(cs->as, entry, next | M68K_DESC_USED,
+  MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK) {
+goto txfail;
+}
 }
 if (next & M68K_DESC_WRITEPROT) {
 if (access_type & ACCESS_PTEST) {
@@ -724,27 +739,46 @@ static int get_physical_address(CPUM68KState *env, hwaddr 
*physical,
 entry = M68K_4K_PAGE_BASE(next) | M68K_4K_PAGE_INDEX(address);
 }
 
-next = ldl_phys(cs->as, entry);
+next = address_space_ldl(cs->as, entry, MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK) {
+goto txfail;
+}
 
 if (!M68K_PDT_VALID(next)) {
 return -1;
 }
 if (M68K_PDT_INDIRECT(next)) {
-next = ldl_phys(cs->as, M68K_INDIRECT_POINTER(next));
+next = address_space_ldl(cs->as, M68K_INDIRECT_POINTER(next),
+ MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK) {
+goto txfail;
+}
 }
 if (access_type & ACCESS_STORE) {
 if (next & M68K_DESC_WRITEPROT) {
 if (!(next & M68K_DESC_USED) && !debug) {
-stl_phys(cs->as, entry, next | M68K_DESC_USED);
+address_space_stl(cs->as, entry, next | M68K_DESC_USED,
+  MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK) {
+goto txfail;
+}
 }
 } else if ((next & (M68K_DESC_MODIFIED | M68K_DESC_USED)) !=
(M68K_DESC_MODIFIED | M68K_DESC_USED) && !debug) {
-stl_phys(cs->as, entry,
- next | (M68K_DESC_MODIFIED | M68K_DESC_USED));
+address_space_stl(cs->as, entry,
+  next | (M68K_DESC_MODIFIED | M68K_DESC_USED),
+  MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK) {
+goto txfail;
+}
 }
 } else {
 if (!(next & M68K_DESC_USED) && !debug) {
-stl_phys(cs->as, entry, next | M68K_DESC_USED);
+address_space_stl(cs->as, entry, next | M68K_DESC_USED,
+  MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK) {
+goto txfail;
+}
 }
 }
 
@@ -776,6 +810,14 @@ static int get_physical_address(CPUM68KState *env, hwaddr 
*physical,
 }
 
 return 0;
+
+txfail:
+/*
+ * A page table load/store failed. TODO: we should really raise a
+ * suitable guest fault here if this is not a debug access.
+ * For now just return that the translation failed.
+ */

[Qemu-devel] [PULL 1/6] target/m68k: In dump_address_map() check for memory access failures

[Laurent Vivier]

From: Peter Maydell 

In dump_address_map(), use address_space_ldl() instead of ldl_phys().
This allows us to check whether the memory access failed.

Signed-off-by: Peter Maydell 
Message-Id: <20181210165636.28366-2-peter.mayd...@linaro.org>
Signed-off-by: Laurent Vivier 
---
 target/m68k/helper.c | 22 +++---
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index d958a34959..5b81995ee7 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -403,6 +403,7 @@ static void dump_address_map(CPUM68KState *env, uint32_t 
root_pointer)
 int last_attr = -1, attr = -1;
 M68kCPU *cpu = m68k_env_get_cpu(env);
 CPUState *cs = CPU(cpu);
+MemTxResult txres;
 
 if (env->mmu.tcr & M68K_TCR_PAGE_8K) {
 /* 8k page */
@@ -416,22 +417,29 @@ static void dump_address_map(CPUM68KState *env, uint32_t 
root_pointer)
 tib_mask = M68K_4K_PAGE_MASK;
 }
 for (i = 0; i < M68K_ROOT_POINTER_ENTRIES; i++) {
-tia = ldl_phys(cs->as, M68K_POINTER_BASE(root_pointer) + i * 4);
-if (!M68K_UDT_VALID(tia)) {
+tia = address_space_ldl(cs->as, M68K_POINTER_BASE(root_pointer) + i * 
4,
+MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK || !M68K_UDT_VALID(tia)) {
 continue;
 }
 for (j = 0; j < M68K_ROOT_POINTER_ENTRIES; j++) {
-tib = ldl_phys(cs->as, M68K_POINTER_BASE(tia) + j * 4);
-if (!M68K_UDT_VALID(tib)) {
+tib = address_space_ldl(cs->as, M68K_POINTER_BASE(tia) + j * 4,
+MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK || !M68K_UDT_VALID(tib)) {
 continue;
 }
 for (k = 0; k < tic_size; k++) {
-tic = ldl_phys(cs->as, (tib & tib_mask) + k * 4);
-if (!M68K_PDT_VALID(tic)) {
+tic = address_space_ldl(cs->as, (tib & tib_mask) + k * 4,
+MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK || !M68K_PDT_VALID(tic)) {
 continue;
 }
 if (M68K_PDT_INDIRECT(tic)) {
-tic = ldl_phys(cs->as, M68K_INDIRECT_POINTER(tic));
+tic = address_space_ldl(cs->as, M68K_INDIRECT_POINTER(tic),
+MEMTXATTRS_UNSPECIFIED, );
+if (txres != MEMTX_OK) {
+continue;
+}
 }
 
 last_logical = logical;
-- 
2.20.1

[Qemu-devel] [PULL 0/6] M68k staging patches

[Laurent Vivier]

The following changes since commit c1497fba36465d0259d4d04f2bf09ea59ed42680:

  Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20190514b' 
into staging (2019-05-16 10:24:08 +0100)

are available in the Git repository at:

  git://github.com/vivier/qemu-m68k.git tags/m68k-staging-pull-request

for you to fetch changes up to 60d3d0cfeb1658d2827d6a4f0df27252bb36baba:

  target/m68k: Optimize rotate_x() using extract_i32() (2019-05-17 00:30:47 
+0200)


code cleanup, switch to transaction_failed hook



Peter Maydell (3):
  target/m68k: In dump_address_map() check for memory access failures
  target/m68k: In get_physical_address() check for memory access
failures
  target/m68k: Switch to transaction_failed hook

Philippe Mathieu-Daudé (3):
  target/m68k: Reduce the l1 TCGLabel scope
  target/m68k: Fix a tcg_temp leak
  target/m68k: Optimize rotate_x() using extract_i32()

 target/m68k/cpu.c   |  2 +-
 target/m68k/cpu.h   |  7 ++--
 target/m68k/helper.c| 84 -
 target/m68k/op_helper.c | 20 --
 target/m68k/translate.c |  9 ++---
 5 files changed, 84 insertions(+), 38 deletions(-)

-- 
2.20.1

[Qemu-devel] [PULL 3/6] target/m68k: Switch to transaction_failed hook

[Laurent Vivier]

From: Peter Maydell 

Switch the m68k target from the old unassigned_access hook
to the transaction_failed hook.

The notable difference is that rather than it being called
for all physical memory accesses which fail (including
those made by DMA devices or by the gdbstub), it is only
called for those made by the CPU via its MMU. (In previous
commits we put in explicit checks for the direct physical
loads made by the target/m68k code which will no longer
be handled by calling the unassigned_access hook.)

Signed-off-by: Peter Maydell 
Message-Id: <20181210165636.28366-4-peter.mayd...@linaro.org>
Signed-off-by: Laurent Vivier 
---
 target/m68k/cpu.c   |  2 +-
 target/m68k/cpu.h   |  7 ---
 target/m68k/op_helper.c | 20 
 3 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index 582e3a73b3..6d09c630b0 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -271,7 +271,7 @@ static void m68k_cpu_class_init(ObjectClass *c, void *data)
 cc->gdb_write_register = m68k_cpu_gdb_write_register;
 cc->handle_mmu_fault = m68k_cpu_handle_mmu_fault;
 #if defined(CONFIG_SOFTMMU)
-cc->do_unassigned_access = m68k_cpu_unassigned_access;
+cc->do_transaction_failed = m68k_cpu_transaction_failed;
 cc->get_phys_page_debug = m68k_cpu_get_phys_page_debug;
 #endif
 cc->disas_set_info = m68k_cpu_disas_set_info;
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index ad41608341..6039b47d0c 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -544,9 +544,10 @@ static inline int cpu_mmu_index (CPUM68KState *env, bool 
ifetch)
 
 int m68k_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw,
   int mmu_idx);
-void m68k_cpu_unassigned_access(CPUState *cs, hwaddr addr,
-bool is_write, bool is_exec, int is_asi,
-unsigned size);
+void m68k_cpu_transaction_failed(CPUState *cs, hwaddr physaddr, vaddr addr,
+ unsigned size, MMUAccessType access_type,
+ int mmu_idx, MemTxAttrs attrs,
+ MemTxResult response, uintptr_t retaddr);
 
 #include "exec/cpu-all.h"
 
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 76f439985a..1c272b4cda 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -454,19 +454,15 @@ static inline void do_interrupt_m68k_hardirq(CPUM68KState 
*env)
 do_interrupt_all(env, 1);
 }
 
-void m68k_cpu_unassigned_access(CPUState *cs, hwaddr addr, bool is_write,
-bool is_exec, int is_asi, unsigned size)
+void m68k_cpu_transaction_failed(CPUState *cs, hwaddr physaddr, vaddr addr,
+ unsigned size, MMUAccessType access_type,
+ int mmu_idx, MemTxAttrs attrs,
+ MemTxResult response, uintptr_t retaddr)
 {
 M68kCPU *cpu = M68K_CPU(cs);
 CPUM68KState *env = >env;
-#ifdef DEBUG_UNASSIGNED
-qemu_log_mask(CPU_LOG_INT, "Unassigned " TARGET_FMT_plx " wr=%d exe=%d\n",
- addr, is_write, is_exec);
-#endif
-if (env == NULL) {
-/* when called from gdb, env is NULL */
-return;
-}
+
+cpu_restore_state(cs, retaddr, true);
 
 if (m68k_feature(env, M68K_FEATURE_M68040)) {
 env->mmu.mmusr = 0;
@@ -476,7 +472,7 @@ void m68k_cpu_unassigned_access(CPUState *cs, hwaddr addr, 
bool is_write,
 if (env->sr & SR_S) { /* SUPERVISOR */
 env->mmu.ssw |= M68K_TM_040_SUPER;
 }
-if (is_exec) { /* instruction or data */
+if (access_type == MMU_INST_FETCH) { /* instruction or data */
 env->mmu.ssw |= M68K_TM_040_CODE;
 } else {
 env->mmu.ssw |= M68K_TM_040_DATA;
@@ -494,7 +490,7 @@ void m68k_cpu_unassigned_access(CPUState *cs, hwaddr addr, 
bool is_write,
 break;
 }
 
-if (!is_write) {
+if (access_type != MMU_DATA_STORE) {
 env->mmu.ssw |= M68K_RW_040;
 }
 
-- 
2.20.1

Re: [Qemu-devel] [PATCH v2] mips: Decide to map PAGE_EXEC in map_address

[Aleksandar Markovic]

On May 16, 2019 10:05 PM, "Philippe Mathieu-Daudé"  wrote:
>
> On 5/16/19 8:04 PM, Aleksandar Markovic wrote:
> > On May 16, 2019 6:31 PM, "Philippe Mathieu-Daudé" 
wrote:
> >>
> >> Hi Jakub,
> >>
> >> On 5/16/19 3:10 PM, Jakub Jermar wrote:
> >>> Hi,
> >>>
> >>> On 5/3/19 12:02 PM, Jakub Jermar wrote:
>  Hi,
> 
>  On 4/23/19 4:58 PM, Jakub Jermar wrote:
> > Hi Philippe!
> >
> > On 4/23/19 3:48 PM, Philippe Mathieu-Daudé wrote:
> >> Hi Jakub,
> >>
> >> On 4/23/19 1:00 PM, Jakub Jermář wrote:
> >>> This commit addresses QEMU Bug #1825311:
> >>>
> >>>   mips_cpu_handle_mmu_fault renders all accessed pages executable
> >>>
> >>> It allows finer-grained control over whether the accessed page
> > should be
> >>> executable by moving the decision to the underlying map_address
> >>> function, which has more information for this.
> >>>
> >>> As a result, pages that have the XI bit set in the TLB and are
> > accessed
> >>> for read/write, don't suddenly end up being executable.
> >>>
> >>
> >> Fixes: https://bugs.launchpad.net/qemu/+bug/1825311
> >>
> >>> Signed-off-by: Jakub Jermář 
> >>> ---
> >>>  target/mips/helper.c | 17 ++---
> >>>  1 file changed, 10 insertions(+), 7 deletions(-)
> >>>
> >>> diff --git a/target/mips/helper.c b/target/mips/helper.c
> >>> index c44cdca3b5..132d073fbe 100644
> >>> --- a/target/mips/helper.c
> >>> +++ b/target/mips/helper.c
> >>> @@ -43,7 +43,7 @@ int no_mmu_map_address (CPUMIPSState *env,
hwaddr
> > *physical, int *prot,
> >>>  target_ulong address, int rw, int
> > access_type)
> >>>  {
> >>>  *physical = address;
> >>> -*prot = PAGE_READ | PAGE_WRITE;
> >>> +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
> >>>  return TLBRET_MATCH;
> >>>  }
> >>>
> >>> @@ -61,7 +61,7 @@ int fixed_mmu_map_address (CPUMIPSState *env,
> > hwaddr *physical, int *prot,
> >>>  else
> >>>  *physical = address;
> >>>
> >>> -*prot = PAGE_READ | PAGE_WRITE;
> >>> +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
> >>>  return TLBRET_MATCH;
> >>>  }
> >>>
> >>> @@ -101,6 +101,9 @@ int r4k_map_address (CPUMIPSState *env, hwaddr
> > *physical, int *prot,
> >>>  *prot = PAGE_READ;
> >>>  if (n ? tlb->D1 : tlb->D0)
> >>>  *prot |= PAGE_WRITE;
> >>> +if (!(n ? tlb->XI1 : tlb->XI0)) {
> >>> +*prot |= PAGE_EXEC;
> >>> +}
> >>
> >> This was indeed missed in commit 2fb58b73746e.
> >>
> >> Aleksandar, if this patch is OK with you, can you amend this comment,
> >> and add the "Fixes:" tag too when applying? Thanks!
> >
> > Yes, definitely, Philippe, that is not a problem.
> >
> > Thanks for helping out!
> >
> > I tested Jakub's scenario too, it works as expected, but I am not
concerned
> > about it as much as about regression tests. Knowing that you have many
MIPS
> > test kernels and images, may I ask you to test some of them WITH Jakub's
> > fix (so indepenently of myself anf Jakub), just to confirm that there
are
> > no regressions?
>
> Yes, I can do that (during next WE).
>
> FYI I try to test all QEMU MIPS boards at least once a month (except the
> Jazz board, I don't have handy setup and think Hervé does test it).
> It is time consuming so I'm investing time to offload that testing with
> Avocado slowly. This will take me some months (at least 2 QEMU releases).
>

Avocado MIPS testing was one of the best news for QEMU for MIPS in years.
Even my bosses nodded with approval and interest, which doesn't happen too
often. In other words, it was received very well, excellent.

> I'm also regularly testing embedded firmwares on boards not yet
> upstreamed (which are of my interest) and am working on a Avocado test
> setup too. I wish I can upstream the whole work this year...
>
> > C’est vraiment gentil de votre part.
>
> ;)
>
> >
> > Aleksandar
> >
> >> Reviewed-by: Philippe Mathieu-Daudé 
> >>
> >>
> >>>  return TLBRET_MATCH;
> >>>  }
> >>>  return TLBRET_DIRTY;
> >>> @@ -182,7 +185,7 @@ static int
> > get_seg_physical_address(CPUMIPSState *env, hwaddr *physical,
> >>>  } else {
> >>>  /* The segment is unmapped */
> >>>  *physical = physical_base | (real_address & segmask);
> >>> -*prot = PAGE_READ | PAGE_WRITE;
> >>> +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
> >>>  return TLBRET_MATCH;
> >>>  }
> >>>  }
> >>> @@ -913,8 +916,8 @@ int mips_cpu_handle_mmu_fault(CPUState *cs,
> > vaddr address, int size, int rw,
> >>>  }
> >>>  if (ret == TLBRET_MATCH) {
> >>>  tlb_set_page(cs, address & TARGET_PAGE_MASK,
> >>> - 

Re: [Qemu-devel] [PATCH v2] mips: Decide to map PAGE_EXEC in map_address

[Philippe Mathieu-Daudé]

On 5/16/19 8:04 PM, Aleksandar Markovic wrote:
> On May 16, 2019 6:31 PM, "Philippe Mathieu-Daudé"  wrote:
>>
>> Hi Jakub,
>>
>> On 5/16/19 3:10 PM, Jakub Jermar wrote:
>>> Hi,
>>>
>>> On 5/3/19 12:02 PM, Jakub Jermar wrote:
 Hi,

 On 4/23/19 4:58 PM, Jakub Jermar wrote:
> Hi Philippe!
>
> On 4/23/19 3:48 PM, Philippe Mathieu-Daudé wrote:
>> Hi Jakub,
>>
>> On 4/23/19 1:00 PM, Jakub Jermář wrote:
>>> This commit addresses QEMU Bug #1825311:
>>>
>>>   mips_cpu_handle_mmu_fault renders all accessed pages executable
>>>
>>> It allows finer-grained control over whether the accessed page
> should be
>>> executable by moving the decision to the underlying map_address
>>> function, which has more information for this.
>>>
>>> As a result, pages that have the XI bit set in the TLB and are
> accessed
>>> for read/write, don't suddenly end up being executable.
>>>
>>
>> Fixes: https://bugs.launchpad.net/qemu/+bug/1825311
>>
>>> Signed-off-by: Jakub Jermář 
>>> ---
>>>  target/mips/helper.c | 17 ++---
>>>  1 file changed, 10 insertions(+), 7 deletions(-)
>>>
>>> diff --git a/target/mips/helper.c b/target/mips/helper.c
>>> index c44cdca3b5..132d073fbe 100644
>>> --- a/target/mips/helper.c
>>> +++ b/target/mips/helper.c
>>> @@ -43,7 +43,7 @@ int no_mmu_map_address (CPUMIPSState *env, hwaddr
> *physical, int *prot,
>>>  target_ulong address, int rw, int
> access_type)
>>>  {
>>>  *physical = address;
>>> -*prot = PAGE_READ | PAGE_WRITE;
>>> +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
>>>  return TLBRET_MATCH;
>>>  }
>>>
>>> @@ -61,7 +61,7 @@ int fixed_mmu_map_address (CPUMIPSState *env,
> hwaddr *physical, int *prot,
>>>  else
>>>  *physical = address;
>>>
>>> -*prot = PAGE_READ | PAGE_WRITE;
>>> +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
>>>  return TLBRET_MATCH;
>>>  }
>>>
>>> @@ -101,6 +101,9 @@ int r4k_map_address (CPUMIPSState *env, hwaddr
> *physical, int *prot,
>>>  *prot = PAGE_READ;
>>>  if (n ? tlb->D1 : tlb->D0)
>>>  *prot |= PAGE_WRITE;
>>> +if (!(n ? tlb->XI1 : tlb->XI0)) {
>>> +*prot |= PAGE_EXEC;
>>> +}
>>
>> This was indeed missed in commit 2fb58b73746e.
>>
>> Aleksandar, if this patch is OK with you, can you amend this comment,
>> and add the "Fixes:" tag too when applying? Thanks!
> 
> Yes, definitely, Philippe, that is not a problem.
> 
> Thanks for helping out!
> 
> I tested Jakub's scenario too, it works as expected, but I am not concerned
> about it as much as about regression tests. Knowing that you have many MIPS
> test kernels and images, may I ask you to test some of them WITH Jakub's
> fix (so indepenently of myself anf Jakub), just to confirm that there are
> no regressions?

Yes, I can do that (during next WE).

FYI I try to test all QEMU MIPS boards at least once a month (except the
Jazz board, I don't have handy setup and think Hervé does test it).
It is time consuming so I'm investing time to offload that testing with
Avocado slowly. This will take me some months (at least 2 QEMU releases).

I'm also regularly testing embedded firmwares on boards not yet
upstreamed (which are of my interest) and am working on a Avocado test
setup too. I wish I can upstream the whole work this year...

> C’est vraiment gentil de votre part.

;)

> 
> Aleksandar
> 
>> Reviewed-by: Philippe Mathieu-Daudé 
>>
>>
>>>  return TLBRET_MATCH;
>>>  }
>>>  return TLBRET_DIRTY;
>>> @@ -182,7 +185,7 @@ static int
> get_seg_physical_address(CPUMIPSState *env, hwaddr *physical,
>>>  } else {
>>>  /* The segment is unmapped */
>>>  *physical = physical_base | (real_address & segmask);
>>> -*prot = PAGE_READ | PAGE_WRITE;
>>> +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
>>>  return TLBRET_MATCH;
>>>  }
>>>  }
>>> @@ -913,8 +916,8 @@ int mips_cpu_handle_mmu_fault(CPUState *cs,
> vaddr address, int size, int rw,
>>>  }
>>>  if (ret == TLBRET_MATCH) {
>>>  tlb_set_page(cs, address & TARGET_PAGE_MASK,
>>> - physical & TARGET_PAGE_MASK, prot | PAGE_EXEC,
>>> - mmu_idx, TARGET_PAGE_SIZE);
>>> + physical & TARGET_PAGE_MASK, prot, mmu_idx,
>>> + TARGET_PAGE_SIZE);
>>>  ret = 0;
>>>  } else if (ret < 0)
>>>  #endif
>>> @@ -936,8 +939,8 @@ int mips_cpu_handle_mmu_fault(CPUState *cs,
> vaddr address, int size, int rw,
>>> address, rw,
> access_type, mmu_idx);
>>>  

Re: [Qemu-devel] Maintainers, please tell us how to boot your machines!

[Philippe Mathieu-Daudé]

Hi Markus,

On 3/12/19 6:36 PM, Markus Armbruster wrote:
> Dear board code maintainers,
> 
> This is a (rather late) follow-up to the last QEMU summit.  Minutes[*]:
> 
>  * Deprecating unmaintained features (devices, targets, backends) in QEMU
> 
>QEMU has a mechanism to deprecate features but there remains a lot of
>old unmaintained code.  Refactoring is hindered by untested legacy
>code, so there is a desire to deprecate unmaintained features more
>often.
> 
>[...]
> 
>We should require at least a minimal test for each board; if nobody
>cares enough to come up with one, that board should be deprecated.
> 
>[...]
> 
>Also see the qemu-devel discussion about deprecating code:
>https://lists.nongnu.org/archive/html/qemu-devel/2018-10/msg05828.html.
> 
> That's a link to "Minutes of KVM Forum BoF on deprecating stuff".
> Quote:
> 
>  * One obvious class of candidates for removal is machines we don't know
>how to boot, or can't boot, say because we lack required firmware
>and/or OS.
> 
>Of course, "can boot" should be an automated test.  As a first step
>towards that, we should at least document how to boot each machine.
>We're going to ask machine maintainers to do that.
> 
> Let's get going on this.
> 
> I gathered the machine types, mapped them to source files, which I fed
> to get_maintainer.pl.  Results are appended.  If you're cc'ed,
> MAINTAINERS fingers you for at least one machine type's source file.
> Please tell us for all of them how to to a "meaningful" boot test.
> 
> For now, what's "meaningful" is entirely up to you.  Booting Linux
> certainly is.
> 
> Make sure to include a complete QEMU command line.  If your QEMU command
> line requires resources beyond the QEMU source tree and what we build
> from it, please detail them, and provide download URLs as far as
> possible.
> 
> Goals for this exercise:
> 
> * Gather information we need to cover more machines in our automated
>   testing.
> 
>   Related work:
>   [PATCH v4 00/19] Acceptance Tests: target architecture support
>   Message-Id: <20190312121150.8638-1-cr...@redhat.com>
>   https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg03881.html
> 
> * Maybe identify a few machines we don't know how to boot anymore.
> 
> Thanks in advance for your help!

How do you want to proceed with all the information provided in this
thread? I think a big table in the wiki collecting the answers is ideal.
What do you think?

Regards,

Phil.

Re: [Qemu-devel] [PATCH v2] migration/dirty-bitmaps: change bitmap enumeration method

[John Snow]

On 5/16/19 6:12 AM, Vladimir Sementsov-Ogievskiy wrote:
> 14.05.2019 23:19, John Snow wrote:
>> Shift from looking at every root BDS to *every* BDS. This will migrate
>> bitmaps that are attached to blockdev created nodes instead of just ones
>> attached to emulated storage devices.
>>
>> Note that this will not migrate anonymous or internal-use bitmaps, as
>> those are defined as having no name.
>>
>> This will also fix the Coverity issues Peter Maydell has been asking
>> about for the past several releases, as well as fixing a real bug.
>>
>> Reported-by: Peter Maydell 
>> Reported-by: Coverity 
>> Reported-by: aihua liang 
>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1652490
>> Fixes: Coverity CID 1390625
>> CC: Stefan Hajnoczi 
>> Signed-off-by: John Snow 
>> ---
>>   migration/block-dirty-bitmap.c | 14 --
>>   1 file changed, 4 insertions(+), 10 deletions(-)
>>
>> diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
>> index d1bb863cb6..4a896a09eb 100644
>> --- a/migration/block-dirty-bitmap.c
>> +++ b/migration/block-dirty-bitmap.c
>> @@ -273,7 +273,6 @@ static int init_dirty_bitmap_migration(void)
>>   BlockDriverState *bs;
>>   BdrvDirtyBitmap *bitmap;
>>   DirtyBitmapMigBitmapState *dbms;
>> -BdrvNextIterator it;
>>   Error *local_err = NULL;
>>   
>>   dirty_bitmap_mig_state.bulk_completed = false;
>> @@ -281,13 +280,8 @@ static int init_dirty_bitmap_migration(void)
>>   dirty_bitmap_mig_state.prev_bitmap = NULL;
>>   dirty_bitmap_mig_state.no_bitmaps = false;
>>   
>> -for (bs = bdrv_first(); bs; bs = bdrv_next()) {
>> -const char *drive_name = bdrv_get_device_or_node_name(bs);
>> -
>> -/* skip automatically inserted nodes */
>> -while (bs && bs->drv && bs->implicit) {
>> -bs = backing_bs(bs);
>> -}
> 
> hm, so, after the patch, for implicitly-filtered nodes we'll have node_name 
> instead of device name..
> 

Oh, I see -- this does change what we send over the wire for
interior/leaf nodes; that was unintentional on my part.

After my patch, this requires that if you have a manually constructed
tree such that you have attached a bitmap to an interior or leaf node,
you *need* to name that node so that it can be consistently
reconstructed at the target.

I think that's a reasonable requirement and is actually superior to
re-attaching all bitmaps to the root on migration (which would have
happened before.)

Codewise, what we have currently (both before and after this patch) is:

if (flags & DIRTY_BITMAP_MIG_FLAG_DEVICE_NAME) {
qemu_put_counted_string(f, dbms->node_name);
}

So we named the constant "DEVICE_NAME", but the field was already named
node_name, so this seems fine on the sending end. In practice, pre-patch
we sent a device_name for any node that was the root attached to a
device. Post-patch, that doesn't change because I am using the same API
call to retrieve the name.

For interior/leaf nodes, we now send the node-name specifically instead
of the name of the device root. This requires identically constructed
(or at least compatibly named) graphs on the source and destination,
which is a reasonable requirement for migration.

On the receiving end, we have this code:

if (s->flags & DIRTY_BITMAP_MIG_FLAG_DEVICE_NAME) {
if (!qemu_get_counted_string(f, s->node_name)) {
error_report("Unable to read node name string");
return -EINVAL;
}
s->bs = bdrv_lookup_bs(s->node_name, s->node_name, _err);

which looks like a correct mapping. I think this is a safe change, even
though I made it somewhat unintentionally.

> But, on the other, hand, if we have implicitly-filtered node on target, we 
> were doing wrong thing anyway,
> as dirty_bitmap_load_header don't skip implicit nodes.
> 
>> +for (bs = bdrv_next_all_states(NULL); bs; bs = 
>> bdrv_next_all_states(bs)) {
> 
> As I understand, difference with bdrv_next_node is that we don't skip unnamed 
> nodes [...]
> 

The difference is that we iterate over states that aren't roots of
trees; so not just unnamed nodes but rather intermediate nodes as well
as nodes not attached to a storage device.

bdrv_next says: `Iterates over all top-level BlockDriverStates, i.e.
BDSs that are owned by the monitor or attached to a BlockBackend`

So this loop is going to iterate over *everything*, not just top-level
nodes. This lets me skip the tree-crawling loop that didn't work quite
right.

>> +const char *name = bdrv_get_device_or_node_name(bs);
>>   
>>   for (bitmap = bdrv_dirty_bitmap_next(bs, NULL); bitmap;
>>bitmap = bdrv_dirty_bitmap_next(bs, bitmap))
>> @@ -296,7 +290,7 @@ static int init_dirty_bitmap_migration(void)
>>   continue;
>>   }
>>   
>> -if (drive_name == NULL) {
>> +if (!name || strcmp(name, "") == 0) {
> 
> [...] to do this (may be paranoiac, but why not?) check
> 

[Qemu-devel] [PATCH] target/i386: add MDS-NO feature

[Paolo Bonzini]

Microarchitectural Data Sampling is a hardware vulnerability which allows
unprivileged speculative access to data which is available in various CPU
internal buffers.

Some Intel processors use the ARCH_CAP_MDS_NO bit in the
IA32_ARCH_CAPABILITIES
MSR to report that they are not vulnerable, make it available to guests.

Signed-off-by: Paolo Bonzini 
---
 target/i386/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 722c5514d4..558347e6c3 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1184,7 +1184,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = 
{
 .type = MSR_FEATURE_WORD,
 .feat_names = {
 "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
-"ssb-no", NULL, NULL, NULL,
+"ssb-no", "mds-no", NULL, NULL,
 NULL, NULL, NULL, NULL,
 NULL, NULL, NULL, NULL,
 NULL, NULL, NULL, NULL,
-- 
2.21.0

Re: [Qemu-devel] [PULL 00/37] pci, pc, virtio: features, fixes

[Philippe Mathieu-Daudé]

On Thu, May 16, 2019 at 8:33 PM Philippe Mathieu-Daudé
 wrote:
> On 5/16/19 6:04 PM, Peter Maydell wrote:
> > On Thu, 16 May 2019 at 13:17, Michael S. Tsirkin  wrote:
> >>
> >> The following changes since commit 
> >> efb4f3b62c69383a7308d7b739a3193e7c0ccae8:
> >>
> >>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
> >> into staging (2019-05-10 14:49:36 +0100)
> >>
> >> are available in the Git repository at:
> >>
> >>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
> >>
> >> for you to fetch changes up to 0534d255dae78450d90d59db0f3a9a46b32ebd73:
> >>
> >>   tests: acpi: print error unable to dump ACPI table during rebuild 
> >> (2019-05-14 21:19:14 -0400)
> >>
> >> 
> >> pci, pc, virtio: features, fixes
> >>
> >> reconnect for vhost blk
> >> tests for UEFI
> >> misc other stuff
> >>
> >> Signed-off-by: Michael S. Tsirkin 
> >>
> >> 
> >
> > Hi -- this pullreq has a conflict in default-configs/arm-softmmu.mak
> > because the conversion of arm to Kconfig has landed in master.
> > Could you rebase and fix up to use whatever the Kconfig
> > equivalent of these changes is, please?
>
> Culprit is "hw/acpi: Consolidate build_mcfg to pci.c"
>
> The conflict doesn't look trivial to resolve (to me) so I'd rather see
> it reviewed (by Thomas). I suggest to drop the patch(es) from your PR :(

Thomas, FYI I did this to resolve the conflict:

- keep default-configs/arm-softmmu.mak from master:

  git checkout origin/master default-configs/arm-softmmu.mak

- applied the following !fixup snippet:

-- >8 --
--- a/hw/acpi/Kconfig
+++ b/hw/acpi/Kconfig
@@ -25,7 +25,7 @@ config ACPI_NVDIMM

 config ACPI_PCI
 bool
-depends on ACPI
+depends on ACPI && PCI

---

I felt it easier to review on top of "hw/acpi: Improve build modularity"
https://lists.gnu.org/archive/html/qemu-devel/2019-04/msg04718.html

Sadly both series clash :(

Regards,

Phil.

Re: [Qemu-devel] [PATCH v4 5/6] hw/acpi: Consolidate build_mcfg to pci.c

[Philippe Mathieu-Daudé]

On 4/19/19 2:30 AM, Wei Yang wrote:
> Now we have two identical build_mcfg functions.
> 
> Consolidate them in acpi/pci.c.
> 
> Signed-off-by: Wei Yang 
> Reviewed-by: Philippe Mathieu-Daudé 
> Reviewed-by: Igor Mammedov 
> 
> ---
> v3:
>   * adjust changelog based on Igor's suggestion
> ---
>  default-configs/arm-softmmu.mak  |  1 +
>  default-configs/i386-softmmu.mak |  1 +
>  hw/acpi/Kconfig  |  4 +++
>  hw/acpi/Makefile.objs|  1 +
>  hw/acpi/pci.c| 46 
>  hw/arm/virt-acpi-build.c | 17 
>  hw/i386/acpi-build.c | 18 +
>  include/hw/acpi/pci.h|  1 +
>  8 files changed, 55 insertions(+), 34 deletions(-)
>  create mode 100644 hw/acpi/pci.c
> 
> diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
> index 613d19a06d..8f2796e195 100644
> --- a/default-configs/arm-softmmu.mak
> +++ b/default-configs/arm-softmmu.mak
> @@ -144,6 +144,7 @@ CONFIG_XIO3130=y
>  CONFIG_IOH3420=y
>  CONFIG_I82801B11=y
>  CONFIG_ACPI=y
> +CONFIG_ACPI_PCI=y
>  CONFIG_ARM_VIRT=y
>  CONFIG_SMBIOS=y
>  CONFIG_ASPEED_SOC=y
> diff --git a/default-configs/i386-softmmu.mak 
> b/default-configs/i386-softmmu.mak
> index ba3fb3ff50..cd5ea391e8 100644
> --- a/default-configs/i386-softmmu.mak
> +++ b/default-configs/i386-softmmu.mak
> @@ -25,3 +25,4 @@
>  CONFIG_ISAPC=y
>  CONFIG_I440FX=y
>  CONFIG_Q35=y
> +CONFIG_ACPI_PCI=y
> diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
> index eca3beed75..7265843cc3 100644
> --- a/hw/acpi/Kconfig
> +++ b/hw/acpi/Kconfig
> @@ -23,6 +23,10 @@ config ACPI_NVDIMM
>  bool
>  depends on ACPI
>  
> +config ACPI_PCI
> +bool
> +depends on ACPI

Shouldn't this be "depends on ACPI && PCI"?

> +
>  config ACPI_VMGENID
>  bool
>  default y
> diff --git a/hw/acpi/Makefile.objs b/hw/acpi/Makefile.objs
> index ba93c5b64a..9bb2101e3b 100644
> --- a/hw/acpi/Makefile.objs
> +++ b/hw/acpi/Makefile.objs
> @@ -11,6 +11,7 @@ common-obj-$(call lnot,$(CONFIG_ACPI_X86)) += acpi-stub.o
>  common-obj-y += acpi_interface.o
>  common-obj-y += bios-linker-loader.o
>  common-obj-y += aml-build.o utils.o
> +common-obj-$(CONFIG_ACPI_PCI) += pci.o
>  common-obj-$(CONFIG_TPM) += tpm.o
>  
>  common-obj-$(CONFIG_IPMI) += ipmi.o
> diff --git a/hw/acpi/pci.c b/hw/acpi/pci.c
> new file mode 100644
> index 00..fa0fa30bb9
> --- /dev/null
> +++ b/hw/acpi/pci.c
> @@ -0,0 +1,46 @@
> +/*
> + * Support for generating PCI related ACPI tables and passing them to Guests
> + *
> + * Copyright (C) 2006 Fabrice Bellard
> + * Copyright (C) 2008-2010  Kevin O'Connor 
> + * Copyright (C) 2013-2019 Red Hat Inc
> + * Copyright (C) 2019 Intel Corporation
> + *
> + * Author: Wei Yang 
> + * Author: Michael S. Tsirkin 
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> +
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> +
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "hw/acpi/aml-build.h"
> +#include "hw/acpi/pci.h"
> +#include "hw/pci/pcie_host.h"
> +
> +void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
> +{
> +AcpiTableMcfg *mcfg;
> +int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
> +
> +mcfg = acpi_data_push(table_data, len);
> +mcfg->allocation[0].address = cpu_to_le64(info->base);
> +
> +/* Only a single allocation so no need to play with segments */
> +mcfg->allocation[0].pci_segment = cpu_to_le16(0);
> +mcfg->allocation[0].start_bus_number = 0;
> +mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
> +
> +build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, 
> NULL);
> +}
> +
> diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> index ebddcde596..e3353de9e4 100644
> --- a/hw/arm/virt-acpi-build.c
> +++ b/hw/arm/virt-acpi-build.c
> @@ -546,23 +546,6 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
> VirtMachineState *vms)
>   "SRAT", table_data->len - srat_start, 3, NULL, NULL);
>  }
>  
> -static void
> -build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
> -{
> -AcpiTableMcfg *mcfg;
> -int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
> -
> -mcfg = acpi_data_push(table_data, len);
> -mcfg->allocation[0].address = cpu_to_le64(info->base);
> -
> -/* Only a single allocation so no need to play with segments */
> -

Re: [Qemu-devel] [PULL 00/37] pci, pc, virtio: features, fixes

[Philippe Mathieu-Daudé]

On 5/16/19 6:04 PM, Peter Maydell wrote:
> On Thu, 16 May 2019 at 13:17, Michael S. Tsirkin  wrote:
>>
>> The following changes since commit efb4f3b62c69383a7308d7b739a3193e7c0ccae8:
>>
>>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
>> into staging (2019-05-10 14:49:36 +0100)
>>
>> are available in the Git repository at:
>>
>>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>>
>> for you to fetch changes up to 0534d255dae78450d90d59db0f3a9a46b32ebd73:
>>
>>   tests: acpi: print error unable to dump ACPI table during rebuild 
>> (2019-05-14 21:19:14 -0400)
>>
>> 
>> pci, pc, virtio: features, fixes
>>
>> reconnect for vhost blk
>> tests for UEFI
>> misc other stuff
>>
>> Signed-off-by: Michael S. Tsirkin 
>>
>> 
> 
> Hi -- this pullreq has a conflict in default-configs/arm-softmmu.mak
> because the conversion of arm to Kconfig has landed in master.
> Could you rebase and fix up to use whatever the Kconfig
> equivalent of these changes is, please?

Culprit is "hw/acpi: Consolidate build_mcfg to pci.c"

The conflict doesn't look trivial to resolve (to me) so I'd rather see
it reviewed (by Thomas). I suggest to drop the patch(es) from your PR :(

Regards,

Phil.

Re: [Qemu-devel] [PATCH 3/3] arm: Rename hw/arm/arm.h to hw/arm/boot.h

[Peter Maydell]

On Thu, 16 May 2019 at 19:16, Philippe Mathieu-Daudé  wrote:
>
> On 5/16/19 6:38 PM, Peter Maydell wrote:
> > The header file hw/arm/arm.h now includes only declarations
> > relating to hw/arm/boot.c functionality. Rename it accordingly,
> > and adjust its header comment.
> >
> > The bulk of this commit was created via
> >  perl -pi -e 's|hw/arm/arm.h|hw/arm/boot.h|' hw/arm/*.c include/hw/arm/*.h
> >
> > Signed-off-by: Peter Maydell 
> > ---

> > diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
> > index 11ec0179db5..24078fd1895 100644
> > --- a/include/hw/arm/aspeed_soc.h
> > +++ b/include/hw/arm/aspeed_soc.h
> > @@ -12,7 +12,7 @@
> >  #ifndef ASPEED_SOC_H
> >  #define ASPEED_SOC_H
> >
> > -#include "hw/arm/arm.h"
> > +#include "hw/arm/boot.h"
>
> I guess we can drop this one...
>
> >  #include "hw/intc/aspeed_vic.h"
> >  #include "hw/misc/aspeed_scu.h"
> >  #include "hw/misc/aspeed_sdmc.h"
> > diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
> > index 93248399ba0..1b04a0e7fe8 100644
> > --- a/include/hw/arm/bcm2836.h
> > +++ b/include/hw/arm/bcm2836.h
> > @@ -11,7 +11,7 @@
> >  #ifndef BCM2836_H
> >  #define BCM2836_H
> >
> > -#include "hw/arm/arm.h"
> > +#include "hw/arm/boot.h"
>
> ... this one too ...
>

> > --- a/hw/arm/msf2-soc.c
> > +++ b/hw/arm/msf2-soc.c
> > @@ -26,7 +26,7 @@
> >  #include "qemu/units.h"
> >  #include "qapi/error.h"
> >  #include "qemu-common.h"
> > -#include "hw/arm/arm.h"
> > +#include "hw/arm/boot.h"
>
> ... and this one too, it is not required.
>
> >  #include "exec/address-spaces.h"
> >  #include "hw/char/serial.h"
> >  #include "hw/boards.h"

I guess so. I decided I didn't really feel like trying to test
whether all of them were needed, since they're at least all
includes in board or SoC sources in hw/arm...

thanks
-- PMM

Re: [Qemu-devel] [PATCH 0/3] arm: Clean up and rename hw/arm/arm.h to hw/arm/boot.h

[Philippe Mathieu-Daudé]

On 5/16/19 6:38 PM, Peter Maydell wrote:
> The header hw/arm/arm.h used to be a general bucket for
> putting all kinds of arm-related declarations in. It now
> has mostly kernel-boot related declarations, with one
> exception: the declaration of the system_clock_scale global.
> This patchset:
>  * moves system_clock_scale to armv7m_systick.h (since that
>is the only device that uses it)
>  * deletes some unnecessary #includes of hw/arm/arm.h
>  * renames it to hw/arm/boot.h, since it now only has
>declarations relating to hw/arm/boot.c functionality

Yay \o/

> Since system_clock_scale is a weird thing, I have included
> in the first patch an expansion of the comment describing
> it to be clearer about what it does, and also a TODO note
> sketching out how we could go about eradicating this global.
> 
> thanks
> -- PMM
> 
> Peter Maydell (3):
>   arm: Move system_clock_scale to armv7m_systick.h
>   arm: Remove unnecessary includes of hw/arm/arm.h
>   arm: Rename hw/arm/arm.h to hw/arm/boot.h

Series:

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

Re: [Qemu-devel] [PATCH 3/3] arm: Rename hw/arm/arm.h to hw/arm/boot.h

[Philippe Mathieu-Daudé]

On 5/16/19 6:38 PM, Peter Maydell wrote:
> The header file hw/arm/arm.h now includes only declarations
> relating to hw/arm/boot.c functionality. Rename it accordingly,
> and adjust its header comment.
> 
> The bulk of this commit was created via
>  perl -pi -e 's|hw/arm/arm.h|hw/arm/boot.h|' hw/arm/*.c include/hw/arm/*.h
> 
> Signed-off-by: Peter Maydell 
> ---
>  include/hw/arm/allwinner-a10.h   | 2 +-
>  include/hw/arm/aspeed_soc.h  | 2 +-
>  include/hw/arm/bcm2836.h | 2 +-
>  include/hw/arm/{arm.h => boot.h} | 8 
>  include/hw/arm/fsl-imx25.h   | 2 +-
>  include/hw/arm/fsl-imx31.h   | 2 +-
>  include/hw/arm/fsl-imx6.h| 2 +-
>  include/hw/arm/fsl-imx6ul.h  | 2 +-
>  include/hw/arm/fsl-imx7.h| 2 +-
>  include/hw/arm/virt.h| 2 +-
>  include/hw/arm/xlnx-versal.h | 2 +-
>  include/hw/arm/xlnx-zynqmp.h | 2 +-
>  hw/arm/armsse.c  | 2 +-
>  hw/arm/armv7m.c  | 2 +-
>  hw/arm/aspeed.c  | 2 +-
>  hw/arm/boot.c| 2 +-
>  hw/arm/collie.c  | 2 +-
>  hw/arm/exynos4210.c  | 2 +-
>  hw/arm/exynos4_boards.c  | 2 +-
>  hw/arm/highbank.c| 2 +-
>  hw/arm/integratorcp.c| 2 +-
>  hw/arm/mainstone.c   | 2 +-
>  hw/arm/microbit.c| 2 +-
>  hw/arm/mps2-tz.c | 2 +-
>  hw/arm/mps2.c| 2 +-
>  hw/arm/msf2-soc.c| 2 +-
>  hw/arm/msf2-som.c| 2 +-
>  hw/arm/musca.c   | 2 +-
>  hw/arm/musicpal.c| 2 +-
>  hw/arm/netduino2.c   | 2 +-
>  hw/arm/nrf51_soc.c   | 2 +-
>  hw/arm/nseries.c | 2 +-
>  hw/arm/omap1.c   | 2 +-
>  hw/arm/omap2.c   | 2 +-
>  hw/arm/omap_sx1.c| 2 +-
>  hw/arm/palm.c| 2 +-
>  hw/arm/raspi.c   | 2 +-
>  hw/arm/realview.c| 2 +-
>  hw/arm/spitz.c   | 2 +-
>  hw/arm/stellaris.c   | 2 +-
>  hw/arm/stm32f205_soc.c   | 2 +-
>  hw/arm/strongarm.c   | 2 +-
>  hw/arm/tosa.c| 2 +-
>  hw/arm/versatilepb.c | 2 +-
>  hw/arm/vexpress.c| 2 +-
>  hw/arm/virt.c| 2 +-
>  hw/arm/xilinx_zynq.c | 2 +-
>  hw/arm/xlnx-versal.c | 2 +-
>  hw/arm/z2.c  | 2 +-
>  49 files changed, 52 insertions(+), 52 deletions(-)
>  rename include/hw/arm/{arm.h => boot.h} (98%)
> 
> diff --git a/include/hw/arm/allwinner-a10.h b/include/hw/arm/allwinner-a10.h
> index 389e128d0fc..6305b9c586f 100644
> --- a/include/hw/arm/allwinner-a10.h
> +++ b/include/hw/arm/allwinner-a10.h
> @@ -3,7 +3,7 @@
>  #include "qemu-common.h"
>  #include "qemu/error-report.h"
>  #include "hw/char/serial.h"
> -#include "hw/arm/arm.h"
> +#include "hw/arm/boot.h"
>  #include "hw/timer/allwinner-a10-pit.h"
>  #include "hw/intc/allwinner-a10-pic.h"
>  #include "hw/net/allwinner_emac.h"
> diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
> index 11ec0179db5..24078fd1895 100644
> --- a/include/hw/arm/aspeed_soc.h
> +++ b/include/hw/arm/aspeed_soc.h
> @@ -12,7 +12,7 @@
>  #ifndef ASPEED_SOC_H
>  #define ASPEED_SOC_H
>  
> -#include "hw/arm/arm.h"
> +#include "hw/arm/boot.h"

I guess we can drop this one...

>  #include "hw/intc/aspeed_vic.h"
>  #include "hw/misc/aspeed_scu.h"
>  #include "hw/misc/aspeed_sdmc.h"
> diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
> index 93248399ba0..1b04a0e7fe8 100644
> --- a/include/hw/arm/bcm2836.h
> +++ b/include/hw/arm/bcm2836.h
> @@ -11,7 +11,7 @@
>  #ifndef BCM2836_H
>  #define BCM2836_H
>  
> -#include "hw/arm/arm.h"
> +#include "hw/arm/boot.h"

... this one too ...

>  #include "hw/arm/bcm2835_peripherals.h"
>  #include "hw/intc/bcm2836_control.h"
>  
> diff --git a/include/hw/arm/arm.h b/include/hw/arm/boot.h
> similarity index 98%
> rename from include/hw/arm/arm.h
> rename to include/hw/arm/boot.h
> index ba3a9b41422..c48cc4c2bca 100644
> --- a/include/hw/arm/arm.h
> +++ b/include/hw/arm/boot.h
> @@ -1,5 +1,5 @@
>  /*
> - * Misc ARM declarations
> + * ARM kernel loader.
>   *
>   * Copyright (c) 2006 CodeSourcery.
>   * Written by Paul Brook
> @@ -8,8 +8,8 @@
>   *
>   */
>  
> -#ifndef HW_ARM_H
> -#define HW_ARM_H
> +#ifndef HW_ARM_BOOT_H
> +#define HW_ARM_BOOT_H
>  
>  #include "exec/memory.h"
>  #include "target/arm/cpu-qom.h"
> @@ -167,4 +167,4 @@ void arm_write_secure_board_setup_dummy_smc(ARMCPU *cpu,
>  const struct arm_boot_info *info,
>  hwaddr mvbar_addr);
>  
> -#endif /* HW_ARM_H */
> +#endif /* HW_ARM_BOOT_H */
> diff --git a/include/hw/arm/fsl-imx25.h b/include/hw/arm/fsl-imx25.h
> index 65a73714efe..3280ab1fb05 100644
> --- a/include/hw/arm/fsl-imx25.h
> +++ b/include/hw/arm/fsl-imx25.h
> @@ -17,7 

Re: [Qemu-devel] [PATCH v2] mips: Decide to map PAGE_EXEC in map_address

[Aleksandar Markovic]

On May 16, 2019 6:31 PM, "Philippe Mathieu-Daudé"  wrote:
>
> Hi Jakub,
>
> On 5/16/19 3:10 PM, Jakub Jermar wrote:
> > Hi,
> >
> > On 5/3/19 12:02 PM, Jakub Jermar wrote:
> >> Hi,
> >>
> >> On 4/23/19 4:58 PM, Jakub Jermar wrote:
> >>> Hi Philippe!
> >>>
> >>> On 4/23/19 3:48 PM, Philippe Mathieu-Daudé wrote:
>  Hi Jakub,
> 
>  On 4/23/19 1:00 PM, Jakub Jermář wrote:
> > This commit addresses QEMU Bug #1825311:
> >
> >   mips_cpu_handle_mmu_fault renders all accessed pages executable
> >
> > It allows finer-grained control over whether the accessed page
should be
> > executable by moving the decision to the underlying map_address
> > function, which has more information for this.
> >
> > As a result, pages that have the XI bit set in the TLB and are
accessed
> > for read/write, don't suddenly end up being executable.
> >
> 
>  Fixes: https://bugs.launchpad.net/qemu/+bug/1825311
> 
> > Signed-off-by: Jakub Jermář 
> > ---
> >  target/mips/helper.c | 17 ++---
> >  1 file changed, 10 insertions(+), 7 deletions(-)
> >
> > diff --git a/target/mips/helper.c b/target/mips/helper.c
> > index c44cdca3b5..132d073fbe 100644
> > --- a/target/mips/helper.c
> > +++ b/target/mips/helper.c
> > @@ -43,7 +43,7 @@ int no_mmu_map_address (CPUMIPSState *env, hwaddr
*physical, int *prot,
> >  target_ulong address, int rw, int
access_type)
> >  {
> >  *physical = address;
> > -*prot = PAGE_READ | PAGE_WRITE;
> > +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
> >  return TLBRET_MATCH;
> >  }
> >
> > @@ -61,7 +61,7 @@ int fixed_mmu_map_address (CPUMIPSState *env,
hwaddr *physical, int *prot,
> >  else
> >  *physical = address;
> >
> > -*prot = PAGE_READ | PAGE_WRITE;
> > +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
> >  return TLBRET_MATCH;
> >  }
> >
> > @@ -101,6 +101,9 @@ int r4k_map_address (CPUMIPSState *env, hwaddr
*physical, int *prot,
> >  *prot = PAGE_READ;
> >  if (n ? tlb->D1 : tlb->D0)
> >  *prot |= PAGE_WRITE;
> > +if (!(n ? tlb->XI1 : tlb->XI0)) {
> > +*prot |= PAGE_EXEC;
> > +}
> 
>  This was indeed missed in commit 2fb58b73746e.
>
> Aleksandar, if this patch is OK with you, can you amend this comment,
> and add the "Fixes:" tag too when applying? Thanks!

Yes, definitely, Philippe, that is not a problem.

Thanks for helping out!

I tested Jakub's scenario too, it works as expected, but I am not concerned
about it as much as about regression tests. Knowing that you have many MIPS
test kernels and images, may I ask you to test some of them WITH Jakub's
fix (so indepenently of myself anf Jakub), just to confirm that there are
no regressions?

C’est vraiment gentil de votre part.

Aleksandar

> Reviewed-by: Philippe Mathieu-Daudé 
>
> 
> >  return TLBRET_MATCH;
> >  }
> >  return TLBRET_DIRTY;
> > @@ -182,7 +185,7 @@ static int
get_seg_physical_address(CPUMIPSState *env, hwaddr *physical,
> >  } else {
> >  /* The segment is unmapped */
> >  *physical = physical_base | (real_address & segmask);
> > -*prot = PAGE_READ | PAGE_WRITE;
> > +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
> >  return TLBRET_MATCH;
> >  }
> >  }
> > @@ -913,8 +916,8 @@ int mips_cpu_handle_mmu_fault(CPUState *cs,
vaddr address, int size, int rw,
> >  }
> >  if (ret == TLBRET_MATCH) {
> >  tlb_set_page(cs, address & TARGET_PAGE_MASK,
> > - physical & TARGET_PAGE_MASK, prot | PAGE_EXEC,
> > - mmu_idx, TARGET_PAGE_SIZE);
> > + physical & TARGET_PAGE_MASK, prot, mmu_idx,
> > + TARGET_PAGE_SIZE);
> >  ret = 0;
> >  } else if (ret < 0)
> >  #endif
> > @@ -936,8 +939,8 @@ int mips_cpu_handle_mmu_fault(CPUState *cs,
vaddr address, int size, int rw,
> > address, rw,
access_type, mmu_idx);
> >  if (ret == TLBRET_MATCH) {
> >  tlb_set_page(cs, address & TARGET_PAGE_MASK,
> > -physical & TARGET_PAGE_MASK, prot |
PAGE_EXEC,
> > -mmu_idx, TARGET_PAGE_SIZE);
> > +physical & TARGET_PAGE_MASK, prot,
mmu_idx,
> > +TARGET_PAGE_SIZE);
> >  ret = 0;
> >  return ret;
> >  }
> >
> 
>  Your patch looks correct, but I'd like to test it.
>  Do you have a reproducer?
>  Can you describe the 

Re: [Qemu-devel] [PULL 00/21] Misc patches for 2019-05-15

[Paolo Bonzini]

On 16/05/19 14:14, Peter Maydell wrote:
>> Chen Zhang via Qemu-devel (1):
>>   hvf: Add missing break statement
> Hi -- looks like this commit needs its author
> email tidying up so it isn't attributed to the mailing list.

Oops, it's the first time I see this.  I'll fix and resend.

Paolo

Re: [Qemu-devel] [PATCH v4 6/6] acpi: pci: use build_append_foo() API to construct MCFG

[Igor Mammedov]

On Thu, 16 May 2019 13:01:31 +0200
Philippe Mathieu-Daudé  wrote:

> On Thu, May 16, 2019 at 9:41 AM Wei Yang  
> wrote:
> >
> > On Wed, May 15, 2019 at 07:29:17AM +0200, Philippe Mathieu-Daudé wrote:  
> > >
> > >Thanks Michael for testing...
> > >
> > >Wei, can you add a MCFG test in tests/bios-tables-test.c?
> > >  
> >
> > I took a look into the test, current q35 has already has a reference MCFG in
> > tests/data/acpi/q35/MCFG.
> >
> > And there would be a warning message when reserved[8] is missed.
> >
> > /x86_64/acpi/q35/bridge: acpi-test: Warning! MCFG mismatch.
> >
> > Is this enough? Or what more information prefer to add?  
> 
> Well, the test has to fail for any mismatch (not a simple warning).
> 
> A mismatch failure seems to be enough IMHO.
Warning is sufficient, we do not fail ACPI tests on mismatch.
It was a policy decision for APCI tests as far as I remember.
We might reconsider it in the future but it shouldn't affect this patch.


> 
> > >>> -AcpiMcfgAllocation allocation[0];
> > >>> -} QEMU_PACKED;
> > >>> -typedef struct AcpiTableMcfg AcpiTableMcfg;
> > >>> -
> > >>>  /*
> > >>>   * TCPA Description Table
> > >>>   *
> > >>> --
> > >>> 2.19.1  
> >
> > --
> > Wei Yang
> > Help you, Help me  
> 

Re: [Qemu-devel] [PATCH v3 1/1] target/arm: Fix vector operation segfault

[Peter Maydell]

On Thu, 16 May 2019 at 16:56, Alistair Francis  wrote:
>
> Commit 89e68b575 "target/arm: Use vector operations for saturation"
> causes this abort() when booting QEMU ARM with a Cortex-A15:
>
> 0  0x74c2382f in raise () at /usr/lib/libc.so.6
> 1  0x74c0e672 in abort () at /usr/lib/libc.so.6
> 2  0x559c1839 in disas_neon_data_insn (insn=, 
> s=) at ./target/arm/translate.c:6673
> 3  0x559c1839 in disas_neon_data_insn (s=, 
> insn=) at ./target/arm/translate.c:6386
> 4  0x559cd8a4 in disas_arm_insn (insn=4081107068, s=0x7fffe59a9510) 
> at ./target/arm/translate.c:9289
> 5  0x559cd8a4 in arm_tr_translate_insn (dcbase=0x7fffe59a9510, 
> cpu=) at ./target/arm/translate.c:13612
> 6  0x558d1d39 in translator_loop (ops=0x561cc580 
> , db=0x7fffe59a9510, cpu=0x5686a2f0, tb= out>, max_insns=) at ./accel/tcg/translator.c:96
> 7  0x559d10d4 in gen_intermediate_code (cpu=cpu@entry=0x5686a2f0, 
> tb=tb@entry=0x7fffd7840080 , 
> max_insns=max_insns@entry=512) at ./target/arm/translate.c:13901
> 8  0x558d06b9 in tb_gen_code (cpu=cpu@entry=0x5686a2f0, 
> pc=3067096216, cs_base=0, flags=192, cflags=-16252928, cflags@entry=524288) 
> at ./accel/tcg/translate-all.c:1736
> 9  0x558ce467 in tb_find (cf_mask=524288, tb_exit=1, 
> last_tb=0x7fffd783e640 , cpu=0x1) at 
> ./accel/tcg/cpu-exec.c:407
> 10 0x558ce467 in cpu_exec (cpu=cpu@entry=0x5686a2f0) at 
> ./accel/tcg/cpu-exec.c:728
> 11 0x5588b0cf in tcg_cpu_exec (cpu=0x5686a2f0) at ./cpus.c:1431
> 12 0x5588d223 in qemu_tcg_cpu_thread_fn (arg=0x5686a2f0) at 
> ./cpus.c:1735
> 13 0x5588d223 in qemu_tcg_cpu_thread_fn 
> (arg=arg@entry=0x5686a2f0) at ./cpus.c:1709
> 14 0x55d2629a in qemu_thread_start (args=) at 
> ./util/qemu-thread-posix.c:502
> 15 0x74db8a92 in start_thread () at /usr/lib/libpthread.
>
> This patch ensures that we don't hit the abort() in the second switch
> case in disas_neon_data_insn() as we will return from the first case.
>
> Signed-off-by: Alistair Francis 
> Reviewed-by: Richard Henderson 
> Reviewed-by: Philippe Mathieu-Daudé 
> Reviewed-by: Alex Bennée 
> Tested-by: Alex Bennée 



Applied to target-arm.next, thanks.

-- PMM

[Qemu-devel] [PATCH 3/3] arm: Rename hw/arm/arm.h to hw/arm/boot.h

[Peter Maydell]

The header file hw/arm/arm.h now includes only declarations
relating to hw/arm/boot.c functionality. Rename it accordingly,
and adjust its header comment.

The bulk of this commit was created via
 perl -pi -e 's|hw/arm/arm.h|hw/arm/boot.h|' hw/arm/*.c include/hw/arm/*.h

Signed-off-by: Peter Maydell 
---
 include/hw/arm/allwinner-a10.h   | 2 +-
 include/hw/arm/aspeed_soc.h  | 2 +-
 include/hw/arm/bcm2836.h | 2 +-
 include/hw/arm/{arm.h => boot.h} | 8 
 include/hw/arm/fsl-imx25.h   | 2 +-
 include/hw/arm/fsl-imx31.h   | 2 +-
 include/hw/arm/fsl-imx6.h| 2 +-
 include/hw/arm/fsl-imx6ul.h  | 2 +-
 include/hw/arm/fsl-imx7.h| 2 +-
 include/hw/arm/virt.h| 2 +-
 include/hw/arm/xlnx-versal.h | 2 +-
 include/hw/arm/xlnx-zynqmp.h | 2 +-
 hw/arm/armsse.c  | 2 +-
 hw/arm/armv7m.c  | 2 +-
 hw/arm/aspeed.c  | 2 +-
 hw/arm/boot.c| 2 +-
 hw/arm/collie.c  | 2 +-
 hw/arm/exynos4210.c  | 2 +-
 hw/arm/exynos4_boards.c  | 2 +-
 hw/arm/highbank.c| 2 +-
 hw/arm/integratorcp.c| 2 +-
 hw/arm/mainstone.c   | 2 +-
 hw/arm/microbit.c| 2 +-
 hw/arm/mps2-tz.c | 2 +-
 hw/arm/mps2.c| 2 +-
 hw/arm/msf2-soc.c| 2 +-
 hw/arm/msf2-som.c| 2 +-
 hw/arm/musca.c   | 2 +-
 hw/arm/musicpal.c| 2 +-
 hw/arm/netduino2.c   | 2 +-
 hw/arm/nrf51_soc.c   | 2 +-
 hw/arm/nseries.c | 2 +-
 hw/arm/omap1.c   | 2 +-
 hw/arm/omap2.c   | 2 +-
 hw/arm/omap_sx1.c| 2 +-
 hw/arm/palm.c| 2 +-
 hw/arm/raspi.c   | 2 +-
 hw/arm/realview.c| 2 +-
 hw/arm/spitz.c   | 2 +-
 hw/arm/stellaris.c   | 2 +-
 hw/arm/stm32f205_soc.c   | 2 +-
 hw/arm/strongarm.c   | 2 +-
 hw/arm/tosa.c| 2 +-
 hw/arm/versatilepb.c | 2 +-
 hw/arm/vexpress.c| 2 +-
 hw/arm/virt.c| 2 +-
 hw/arm/xilinx_zynq.c | 2 +-
 hw/arm/xlnx-versal.c | 2 +-
 hw/arm/z2.c  | 2 +-
 49 files changed, 52 insertions(+), 52 deletions(-)
 rename include/hw/arm/{arm.h => boot.h} (98%)

diff --git a/include/hw/arm/allwinner-a10.h b/include/hw/arm/allwinner-a10.h
index 389e128d0fc..6305b9c586f 100644
--- a/include/hw/arm/allwinner-a10.h
+++ b/include/hw/arm/allwinner-a10.h
@@ -3,7 +3,7 @@
 #include "qemu-common.h"
 #include "qemu/error-report.h"
 #include "hw/char/serial.h"
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/timer/allwinner-a10-pit.h"
 #include "hw/intc/allwinner-a10-pic.h"
 #include "hw/net/allwinner_emac.h"
diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index 11ec0179db5..24078fd1895 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -12,7 +12,7 @@
 #ifndef ASPEED_SOC_H
 #define ASPEED_SOC_H
 
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/intc/aspeed_vic.h"
 #include "hw/misc/aspeed_scu.h"
 #include "hw/misc/aspeed_sdmc.h"
diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
index 93248399ba0..1b04a0e7fe8 100644
--- a/include/hw/arm/bcm2836.h
+++ b/include/hw/arm/bcm2836.h
@@ -11,7 +11,7 @@
 #ifndef BCM2836_H
 #define BCM2836_H
 
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/arm/bcm2835_peripherals.h"
 #include "hw/intc/bcm2836_control.h"
 
diff --git a/include/hw/arm/arm.h b/include/hw/arm/boot.h
similarity index 98%
rename from include/hw/arm/arm.h
rename to include/hw/arm/boot.h
index ba3a9b41422..c48cc4c2bca 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/boot.h
@@ -1,5 +1,5 @@
 /*
- * Misc ARM declarations
+ * ARM kernel loader.
  *
  * Copyright (c) 2006 CodeSourcery.
  * Written by Paul Brook
@@ -8,8 +8,8 @@
  *
  */
 
-#ifndef HW_ARM_H
-#define HW_ARM_H
+#ifndef HW_ARM_BOOT_H
+#define HW_ARM_BOOT_H
 
 #include "exec/memory.h"
 #include "target/arm/cpu-qom.h"
@@ -167,4 +167,4 @@ void arm_write_secure_board_setup_dummy_smc(ARMCPU *cpu,
 const struct arm_boot_info *info,
 hwaddr mvbar_addr);
 
-#endif /* HW_ARM_H */
+#endif /* HW_ARM_BOOT_H */
diff --git a/include/hw/arm/fsl-imx25.h b/include/hw/arm/fsl-imx25.h
index 65a73714efe..3280ab1fb05 100644
--- a/include/hw/arm/fsl-imx25.h
+++ b/include/hw/arm/fsl-imx25.h
@@ -17,7 +17,7 @@
 #ifndef FSL_IMX25_H
 #define FSL_IMX25_H
 
-#include "hw/arm/arm.h"
+#include "hw/arm/boot.h"
 #include "hw/intc/imx_avic.h"
 #include "hw/misc/imx25_ccm.h"
 #include "hw/char/imx_serial.h"
diff --git a/include/hw/arm/fsl-imx31.h b/include/hw/arm/fsl-imx31.h
index d408abbba0d..e68a81efd75 100644
--- a/include/hw/arm/fsl-imx31.h
+++ 

[Qemu-devel] [PATCH 2/3] arm: Remove unnecessary includes of hw/arm/arm.h

[Peter Maydell]

The hw/arm/arm.h header now only includes declarations relating
to boot.c code, so it is only needed by Arm board or SoC code.
Remove some unnecessary inclusions of it from target/arm files
and from hw/intc/armv7m_nvic.c.

Signed-off-by: Peter Maydell 
---
 hw/intc/armv7m_nvic.c | 1 -
 target/arm/arm-semi.c | 1 -
 target/arm/cpu.c  | 1 -
 target/arm/cpu64.c| 1 -
 target/arm/kvm.c  | 1 -
 target/arm/kvm32.c| 1 -
 target/arm/kvm64.c| 1 -
 7 files changed, 7 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 3a346a682a3..815e720cfab 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -16,7 +16,6 @@
 #include "cpu.h"
 #include "hw/sysbus.h"
 #include "qemu/timer.h"
-#include "hw/arm/arm.h"
 #include "hw/intc/armv7m_nvic.h"
 #include "target/arm/cpu.h"
 #include "exec/exec-all.h"
diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
index 8b5fd7bc6e3..ddb94e0aba0 100644
--- a/target/arm/arm-semi.c
+++ b/target/arm/arm-semi.c
@@ -29,7 +29,6 @@
 #else
 #include "qemu-common.h"
 #include "exec/gdbstub.h"
-#include "hw/arm/arm.h"
 #include "qemu/cutils.h"
 #endif
 
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index a181fa8dc1a..6e421271580 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -30,7 +30,6 @@
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/loader.h"
 #endif
-#include "hw/arm/arm.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/hw_accel.h"
 #include "kvm_arm.h"
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 228906f2678..37a57c4f60b 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -25,7 +25,6 @@
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/loader.h"
 #endif
-#include "hw/arm/arm.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/kvm.h"
 #include "kvm_arm.h"
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 59956346126..fe4f461d4ef 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -23,7 +23,6 @@
 #include "cpu.h"
 #include "trace.h"
 #include "internals.h"
-#include "hw/arm/arm.h"
 #include "hw/pci/pci.h"
 #include "exec/memattrs.h"
 #include "exec/address-spaces.h"
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index 327375f6252..4e54e372a66 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -20,7 +20,6 @@
 #include "sysemu/kvm.h"
 #include "kvm_arm.h"
 #include "internals.h"
-#include "hw/arm/arm.h"
 #include "qemu/log.h"
 
 static inline void set_feature(uint64_t *features, int feature)
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index e3ba1492482..998d21f399f 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -26,7 +26,6 @@
 #include "sysemu/kvm.h"
 #include "kvm_arm.h"
 #include "internals.h"
-#include "hw/arm/arm.h"
 
 static bool have_guest_debug;
 
-- 
2.20.1

[Qemu-devel] [PATCH 1/3] arm: Move system_clock_scale to armv7m_systick.h

[Peter Maydell]

The system_clock_scale global is used only by the armv7m systick
device; move the extern declaration to the armv7m_systick.h header,
and expand the comment to explain what it is and that it should
ideally be replaced with a different approach.

Signed-off-by: Peter Maydell 
---
 include/hw/arm/arm.h  |  4 
 include/hw/timer/armv7m_systick.h | 22 ++
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index ffed39252d8..ba3a9b41422 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -167,8 +167,4 @@ void arm_write_secure_board_setup_dummy_smc(ARMCPU *cpu,
 const struct arm_boot_info *info,
 hwaddr mvbar_addr);
 
-/* Multiplication factor to convert from system clock ticks to qemu timer
-   ticks.  */
-extern int system_clock_scale;
-
 #endif /* HW_ARM_H */
diff --git a/include/hw/timer/armv7m_systick.h 
b/include/hw/timer/armv7m_systick.h
index cca04defd8e..25e5ceacc85 100644
--- a/include/hw/timer/armv7m_systick.h
+++ b/include/hw/timer/armv7m_systick.h
@@ -31,4 +31,26 @@ typedef struct SysTickState {
 qemu_irq irq;
 } SysTickState;
 
+/*
+ * Multiplication factor to convert from system clock ticks to qemu timer
+ * ticks. This should be set (by board code, usually) to a value
+ * equal to NANOSECONDS_PER_SECOND / frq, where frq is the clock frequency
+ * in Hz of the CPU.
+ *
+ * This value is used by the systick device when it is running in
+ * its "use the CPU clock" mode (ie when SYST_CSR.CLKSOURCE == 1) to
+ * set how fast the timer should tick.
+ *
+ * TODO: we should refactor this so that rather than using a global
+ * we use a device property or something similar. This is complicated
+ * because (a) the property would need to be plumbed through from the
+ * board code down through various layers to the systick device
+ * and (b) the property needs to be modifiable after realize, because
+ * the stellaris board uses this to implement the behaviour where the
+ * guest can reprogram the PLL registers to downclock the CPU, and the
+ * systick device needs to react accordingly. Possibly this should
+ * be deferred until we have a good API for modelling clock trees.
+ */
+extern int system_clock_scale;
+
 #endif
-- 
2.20.1

[Qemu-devel] [PATCH 0/3] arm: Clean up and rename hw/arm/arm.h to hw/arm/boot.h

[Peter Maydell]

The header hw/arm/arm.h used to be a general bucket for
putting all kinds of arm-related declarations in. It now
has mostly kernel-boot related declarations, with one
exception: the declaration of the system_clock_scale global.
This patchset:
 * moves system_clock_scale to armv7m_systick.h (since that
   is the only device that uses it)
 * deletes some unnecessary #includes of hw/arm/arm.h
 * renames it to hw/arm/boot.h, since it now only has
   declarations relating to hw/arm/boot.c functionality

Since system_clock_scale is a weird thing, I have included
in the first patch an expansion of the comment describing
it to be clearer about what it does, and also a TODO note
sketching out how we could go about eradicating this global.

thanks
-- PMM

Peter Maydell (3):
  arm: Move system_clock_scale to armv7m_systick.h
  arm: Remove unnecessary includes of hw/arm/arm.h
  arm: Rename hw/arm/arm.h to hw/arm/boot.h

 include/hw/arm/allwinner-a10.h|  2 +-
 include/hw/arm/aspeed_soc.h   |  2 +-
 include/hw/arm/bcm2836.h  |  2 +-
 include/hw/arm/{arm.h => boot.h}  | 12 
 include/hw/arm/fsl-imx25.h|  2 +-
 include/hw/arm/fsl-imx31.h|  2 +-
 include/hw/arm/fsl-imx6.h |  2 +-
 include/hw/arm/fsl-imx6ul.h   |  2 +-
 include/hw/arm/fsl-imx7.h |  2 +-
 include/hw/arm/virt.h |  2 +-
 include/hw/arm/xlnx-versal.h  |  2 +-
 include/hw/arm/xlnx-zynqmp.h  |  2 +-
 include/hw/timer/armv7m_systick.h | 22 ++
 hw/arm/armsse.c   |  2 +-
 hw/arm/armv7m.c   |  2 +-
 hw/arm/aspeed.c   |  2 +-
 hw/arm/boot.c |  2 +-
 hw/arm/collie.c   |  2 +-
 hw/arm/exynos4210.c   |  2 +-
 hw/arm/exynos4_boards.c   |  2 +-
 hw/arm/highbank.c |  2 +-
 hw/arm/integratorcp.c |  2 +-
 hw/arm/mainstone.c|  2 +-
 hw/arm/microbit.c |  2 +-
 hw/arm/mps2-tz.c  |  2 +-
 hw/arm/mps2.c |  2 +-
 hw/arm/msf2-soc.c |  2 +-
 hw/arm/msf2-som.c |  2 +-
 hw/arm/musca.c|  2 +-
 hw/arm/musicpal.c |  2 +-
 hw/arm/netduino2.c|  2 +-
 hw/arm/nrf51_soc.c|  2 +-
 hw/arm/nseries.c  |  2 +-
 hw/arm/omap1.c|  2 +-
 hw/arm/omap2.c|  2 +-
 hw/arm/omap_sx1.c |  2 +-
 hw/arm/palm.c |  2 +-
 hw/arm/raspi.c|  2 +-
 hw/arm/realview.c |  2 +-
 hw/arm/spitz.c|  2 +-
 hw/arm/stellaris.c|  2 +-
 hw/arm/stm32f205_soc.c|  2 +-
 hw/arm/strongarm.c|  2 +-
 hw/arm/tosa.c |  2 +-
 hw/arm/versatilepb.c  |  2 +-
 hw/arm/vexpress.c |  2 +-
 hw/arm/virt.c |  2 +-
 hw/arm/xilinx_zynq.c  |  2 +-
 hw/arm/xlnx-versal.c  |  2 +-
 hw/arm/z2.c   |  2 +-
 hw/intc/armv7m_nvic.c |  1 -
 target/arm/arm-semi.c |  1 -
 target/arm/cpu.c  |  1 -
 target/arm/cpu64.c|  1 -
 target/arm/kvm.c  |  1 -
 target/arm/kvm32.c|  1 -
 target/arm/kvm64.c|  1 -
 57 files changed, 74 insertions(+), 63 deletions(-)
 rename include/hw/arm/{arm.h => boot.h} (96%)

-- 
2.20.1

Re: [Qemu-devel] [PATCH v3 1/1] target/arm: Fix vector operation segfault

[Alex Bennée]

Alistair Francis  writes:

> Commit 89e68b575 "target/arm: Use vector operations for saturation"
> causes this abort() when booting QEMU ARM with a Cortex-A15:
>
> 0  0x74c2382f in raise () at /usr/lib/libc.so.6
> 1  0x74c0e672 in abort () at /usr/lib/libc.so.6
> 2  0x559c1839 in disas_neon_data_insn (insn=, 
> s=) at ./target/arm/translate.c:6673
> 3  0x559c1839 in disas_neon_data_insn (s=, 
> insn=) at ./target/arm/translate.c:6386
> 4  0x559cd8a4 in disas_arm_insn (insn=4081107068, s=0x7fffe59a9510) 
> at ./target/arm/translate.c:9289
> 5  0x559cd8a4 in arm_tr_translate_insn (dcbase=0x7fffe59a9510, 
> cpu=) at ./target/arm/translate.c:13612
> 6  0x558d1d39 in translator_loop (ops=0x561cc580 
> , db=0x7fffe59a9510, cpu=0x5686a2f0, tb= out>, max_insns=) at ./accel/tcg/translator.c:96
> 7  0x559d10d4 in gen_intermediate_code (cpu=cpu@entry=0x5686a2f0, 
> tb=tb@entry=0x7fffd7840080 , 
> max_insns=max_insns@entry=512) at ./target/arm/translate.c:13901
> 8  0x558d06b9 in tb_gen_code (cpu=cpu@entry=0x5686a2f0, 
> pc=3067096216, cs_base=0, flags=192, cflags=-16252928, cflags@entry=524288) 
> at ./accel/tcg/translate-all.c:1736
> 9  0x558ce467 in tb_find (cf_mask=524288, tb_exit=1, 
> last_tb=0x7fffd783e640 , cpu=0x1) at 
> ./accel/tcg/cpu-exec.c:407
> 10 0x558ce467 in cpu_exec (cpu=cpu@entry=0x5686a2f0) at 
> ./accel/tcg/cpu-exec.c:728
> 11 0x5588b0cf in tcg_cpu_exec (cpu=0x5686a2f0) at ./cpus.c:1431
> 12 0x5588d223 in qemu_tcg_cpu_thread_fn (arg=0x5686a2f0) at 
> ./cpus.c:1735
> 13 0x5588d223 in qemu_tcg_cpu_thread_fn 
> (arg=arg@entry=0x5686a2f0) at ./cpus.c:1709
> 14 0x55d2629a in qemu_thread_start (args=) at 
> ./util/qemu-thread-posix.c:502
> 15 0x74db8a92 in start_thread () at /usr/lib/libpthread.
>
> This patch ensures that we don't hit the abort() in the second switch
> case in disas_neon_data_insn() as we will return from the first case.
>
> Signed-off-by: Alistair Francis 
> Reviewed-by: Richard Henderson 
> Reviewed-by: Philippe Mathieu-Daudé 
> Reviewed-by: Alex Bennée 
> Tested-by: Alex Bennée 
> ---
> v3:
>  - Resend with hopefully 8bit encoding instead of base64

Applies nicely thanks ;-)

--
Alex Bennée

Re: [Qemu-devel] [PATCH v2] mips: Decide to map PAGE_EXEC in map_address

[Philippe Mathieu-Daudé]

Hi Jakub,

On 5/16/19 3:10 PM, Jakub Jermar wrote:
> Hi,
> 
> On 5/3/19 12:02 PM, Jakub Jermar wrote:
>> Hi,
>>
>> On 4/23/19 4:58 PM, Jakub Jermar wrote:
>>> Hi Philippe!
>>>
>>> On 4/23/19 3:48 PM, Philippe Mathieu-Daudé wrote:
 Hi Jakub,

 On 4/23/19 1:00 PM, Jakub Jermář wrote:
> This commit addresses QEMU Bug #1825311:
>
>   mips_cpu_handle_mmu_fault renders all accessed pages executable
>
> It allows finer-grained control over whether the accessed page should be
> executable by moving the decision to the underlying map_address
> function, which has more information for this.
>
> As a result, pages that have the XI bit set in the TLB and are accessed
> for read/write, don't suddenly end up being executable.
>

 Fixes: https://bugs.launchpad.net/qemu/+bug/1825311

> Signed-off-by: Jakub Jermář 
> ---
>  target/mips/helper.c | 17 ++---
>  1 file changed, 10 insertions(+), 7 deletions(-)
>
> diff --git a/target/mips/helper.c b/target/mips/helper.c
> index c44cdca3b5..132d073fbe 100644
> --- a/target/mips/helper.c
> +++ b/target/mips/helper.c
> @@ -43,7 +43,7 @@ int no_mmu_map_address (CPUMIPSState *env, hwaddr 
> *physical, int *prot,
>  target_ulong address, int rw, int access_type)
>  {
>  *physical = address;
> -*prot = PAGE_READ | PAGE_WRITE;
> +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
>  return TLBRET_MATCH;
>  }
>  
> @@ -61,7 +61,7 @@ int fixed_mmu_map_address (CPUMIPSState *env, hwaddr 
> *physical, int *prot,
>  else
>  *physical = address;
>  
> -*prot = PAGE_READ | PAGE_WRITE;
> +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
>  return TLBRET_MATCH;
>  }
>  
> @@ -101,6 +101,9 @@ int r4k_map_address (CPUMIPSState *env, hwaddr 
> *physical, int *prot,
>  *prot = PAGE_READ;
>  if (n ? tlb->D1 : tlb->D0)
>  *prot |= PAGE_WRITE;
> +if (!(n ? tlb->XI1 : tlb->XI0)) {
> +*prot |= PAGE_EXEC;
> +}

 This was indeed missed in commit 2fb58b73746e.

Aleksandar, if this patch is OK with you, can you amend this comment,
and add the "Fixes:" tag too when applying? Thanks!

Reviewed-by: Philippe Mathieu-Daudé 


>  return TLBRET_MATCH;
>  }
>  return TLBRET_DIRTY;
> @@ -182,7 +185,7 @@ static int get_seg_physical_address(CPUMIPSState 
> *env, hwaddr *physical,
>  } else {
>  /* The segment is unmapped */
>  *physical = physical_base | (real_address & segmask);
> -*prot = PAGE_READ | PAGE_WRITE;
> +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
>  return TLBRET_MATCH;
>  }
>  }
> @@ -913,8 +916,8 @@ int mips_cpu_handle_mmu_fault(CPUState *cs, vaddr 
> address, int size, int rw,
>  }
>  if (ret == TLBRET_MATCH) {
>  tlb_set_page(cs, address & TARGET_PAGE_MASK,
> - physical & TARGET_PAGE_MASK, prot | PAGE_EXEC,
> - mmu_idx, TARGET_PAGE_SIZE);
> + physical & TARGET_PAGE_MASK, prot, mmu_idx,
> + TARGET_PAGE_SIZE);
>  ret = 0;
>  } else if (ret < 0)
>  #endif
> @@ -936,8 +939,8 @@ int mips_cpu_handle_mmu_fault(CPUState *cs, vaddr 
> address, int size, int rw,
> address, rw, access_type, 
> mmu_idx);
>  if (ret == TLBRET_MATCH) {
>  tlb_set_page(cs, address & TARGET_PAGE_MASK,
> -physical & TARGET_PAGE_MASK, prot | 
> PAGE_EXEC,
> -mmu_idx, TARGET_PAGE_SIZE);
> +physical & TARGET_PAGE_MASK, prot, mmu_idx,
> +TARGET_PAGE_SIZE);
>  ret = 0;
>  return ret;
>  }
>

 Your patch looks correct, but I'd like to test it.
 Do you have a reproducer?
 Can you describe the command line you used?
>>>
>>> I've just attached a reproducer image and script to the bug. It's a
>>> 32-bit little-endian test binary running on top of the L4Re microkernel.

I can't get the "TAP" output you described on launchpad.

>>> Let me know if you also need a 64-bit version.

64-bit version is welcomed.

>>> I tested both 32 and 64-bit versions of the reproducer and also checked
>>> to see that the the other images I have lying around here (Linux 2.6.32
>>> big endian and HelenOS master little-endian, both 32-bit for 4Kc)
>>> continue to run without regressions.

Yes, definitively an improvement:
Tested-by: Philippe Mathieu-Daudé 

Regards,

Re: [Qemu-devel] [PATCH] iotests: Fix intermittent failure in 219

[Max Reitz]

On 16.05.19 18:11, Max Reitz wrote:
> In 219, we wait for the job to make progress before we emit its status.
> This makes the output reliable.
> 
> Unfortunately, there is a bug: We do not wait for any more progress if
> the job has already reached its total-progress.  Right after the job has
> been started, it is possible that total-progress is still 0, though.  In
> that case, we may skip the first progress-making step and keep ending up
> 64 kB short.
> 
> To fix that bug, we cab simply wait for total-progress to reach 4 MB

s/cab/can/...

> (the image size) after starting the job.
> 
> Reported-by: Karen Mezick 
> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1686651
> Signed-off-by: Max Reitz 
> ---
>  tests/qemu-iotests/219 | 13 ++---
>  1 file changed, 10 insertions(+), 3 deletions(-)



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] iotests: Fix intermittent failure in 219

[Max Reitz]

In 219, we wait for the job to make progress before we emit its status.
This makes the output reliable.

Unfortunately, there is a bug: We do not wait for any more progress if
the job has already reached its total-progress.  Right after the job has
been started, it is possible that total-progress is still 0, though.  In
that case, we may skip the first progress-making step and keep ending up
64 kB short.

To fix that bug, we cab simply wait for total-progress to reach 4 MB
(the image size) after starting the job.

Reported-by: Karen Mezick 
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1686651
Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/219 | 13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/tests/qemu-iotests/219 b/tests/qemu-iotests/219
index c03bbdb294..e0c51662c0 100755
--- a/tests/qemu-iotests/219
+++ b/tests/qemu-iotests/219
@@ -23,6 +23,8 @@ import iotests
 
 iotests.verify_image_format(supported_fmts=['qcow2'])
 
+img_size = 4 * 1024 * 1024
+
 def pause_wait(vm, job_id):
 with iotests.Timeout(3, "Timeout waiting for job to pause"):
 while True:
@@ -62,6 +64,8 @@ def test_pause_resume(vm):
 iotests.log(vm.qmp('query-jobs'))
 
 def test_job_lifecycle(vm, job, job_args, has_ready=False):
+global img_size
+
 iotests.log('')
 iotests.log('')
 iotests.log('Starting block job: %s (auto-finalize: %s; auto-dismiss: %s)' 
%
@@ -84,6 +88,10 @@ def test_job_lifecycle(vm, job, job_args, has_ready=False):
 iotests.log(iotests.filter_qmp_event(vm.event_wait('JOB_STATUS_CHANGE')))
 iotests.log(iotests.filter_qmp_event(vm.event_wait('JOB_STATUS_CHANGE')))
 
+# Wait for total-progress to stabilize
+while vm.qmp('query-jobs')['return'][0]['total-progress'] < img_size:
+pass
+
 # RUNNING state:
 # pause/resume should work, complete/finalize/dismiss should error out
 iotests.log('')
@@ -173,9 +181,8 @@ with iotests.FilePath('disk.img') as disk_path, \
  iotests.FilePath('copy.img') as copy_path, \
  iotests.VM() as vm:
 
-img_size = '4M'
-iotests.qemu_img_create('-f', iotests.imgfmt, disk_path, img_size)
-iotests.qemu_io('-c', 'write 0 %s' % (img_size),
+iotests.qemu_img_create('-f', iotests.imgfmt, disk_path, str(img_size))
+iotests.qemu_io('-c', 'write 0 %i' % (img_size),
 '-f', iotests.imgfmt, disk_path)
 
 iotests.log('Launching VM...')
-- 
2.21.0

Re: [Qemu-devel] [PULL 00/37] pci, pc, virtio: features, fixes

[Peter Maydell]

On Thu, 16 May 2019 at 13:17, Michael S. Tsirkin  wrote:
>
> The following changes since commit efb4f3b62c69383a7308d7b739a3193e7c0ccae8:
>
>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
> into staging (2019-05-10 14:49:36 +0100)
>
> are available in the Git repository at:
>
>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>
> for you to fetch changes up to 0534d255dae78450d90d59db0f3a9a46b32ebd73:
>
>   tests: acpi: print error unable to dump ACPI table during rebuild 
> (2019-05-14 21:19:14 -0400)
>
> 
> pci, pc, virtio: features, fixes
>
> reconnect for vhost blk
> tests for UEFI
> misc other stuff
>
> Signed-off-by: Michael S. Tsirkin 
>
> 

Hi -- this pullreq has a conflict in default-configs/arm-softmmu.mak
because the conversion of arm to Kconfig has landed in master.
Could you rebase and fix up to use whatever the Kconfig
equivalent of these changes is, please?

thanks
-- PMM

Re: [Qemu-devel] [PATCH v8 3/9] block: add empty account cookie type

[Anton Nefedov]

On 16/5/2019 6:34 PM, Vladimir Sementsov-Ogievskiy wrote:
> 16.05.2019 17:33, Anton Nefedov wrote:
>> This adds some protection from accounting uninitialized cookie.
>> That is, block_acct_failed/done without previous block_acct_start;
>> in that case, cookie probably holds values from previous operation.
>>
>> (Note: it might also be uninitialized holding garbage value and there is
>>still "< BLOCK_MAX_IOTYPE" assertion for that.
>>So block_acct_failed/done without previous block_acct_start should be used
>>with caution.)
>>
>> Currently this is particularly useful in ide code where it's hard to
>> keep track whether the request started accounting or not. For example,
>> trim requests do the accounting separately.
>>
>> Signed-off-by: Anton Nefedov 
>> ---
>>include/block/accounting.h | 1 +
>>block/accounting.c | 6 ++
>>2 files changed, 7 insertions(+)
>>
>> diff --git a/include/block/accounting.h b/include/block/accounting.h
>> index ba8b04d572..878b4c3581 100644
>> --- a/include/block/accounting.h
>> +++ b/include/block/accounting.h
>> @@ -33,6 +33,7 @@ typedef struct BlockAcctTimedStats BlockAcctTimedStats;
>>typedef struct BlockAcctStats BlockAcctStats;
>>
>>enum BlockAcctType {
>> +BLOCK_ACCT_NONE = 0,
>>BLOCK_ACCT_READ,
>>BLOCK_ACCT_WRITE,
>>BLOCK_ACCT_FLUSH,
>> diff --git a/block/accounting.c b/block/accounting.c
>> index 70a3d9a426..8d41c8a83a 100644
>> --- a/block/accounting.c
>> +++ b/block/accounting.c
>> @@ -195,6 +195,10 @@ static void block_account_one_io(BlockAcctStats *stats, 
>> BlockAcctCookie *cookie,
>>
>>assert(cookie->type < BLOCK_MAX_IOTYPE);
>>
>> +if (cookie->type == BLOCK_ACCT_NONE) {
> 
> worth error_report() ?
> 

I don't think we should necessarily consider it an error;
as mentioned in the commit message this might be useful in some places
like IDE trim handling.

Re: [Qemu-devel] [Qemu-arm] [PATCH v2 1/1] target/arm: Fix vector operation segfault

[Alistair Francis]

On Thu, 2019-05-16 at 07:54 +0100, Alex Bennée wrote:
> Alistair Francis  writes:
> 
> > Commit 89e68b575 "target/arm: Use vector operations for saturation"
> > causes this abort() when booting QEMU ARM with a Cortex-A15:
> > 
> > 0  0x74c2382f in raise () at /usr/lib/libc.so.6
> > 1  0x74c0e672 in abort () at /usr/lib/libc.so.6
> > 2  0x559c1839 in disas_neon_data_insn (insn= > out>, s=) at ./target/arm/translate.c:6673
> > 3  0x559c1839 in disas_neon_data_insn (s=,
> > insn=) at ./target/arm/translate.c:6386
> > 4  0x559cd8a4 in disas_arm_insn (insn=4081107068,
> > s=0x7fffe59a9510) at ./target/arm/translate.c:9289
> > 5  0x559cd8a4 in arm_tr_translate_insn
> > (dcbase=0x7fffe59a9510, cpu=) at
> > ./target/arm/translate.c:13612
> > 6  0x558d1d39 in translator_loop (ops=0x561cc580
> > , db=0x7fffe59a9510, cpu=0x5686a2f0,
> > tb=, max_insns=) at
> > ./accel/tcg/translator.c:96
> > 7  0x559d10d4 in gen_intermediate_code (cpu=cpu@entry=0x555
> > 55686a2f0, tb=tb@entry=0x7fffd7840080 , 
> > max_insns=max_insns@entry=512) at ./target/arm/translate.c:13901
> > 8  0x558d06b9 in tb_gen_code (cpu=cpu@entry=0x5686a2f0,
> > pc=3067096216, cs_base=0, flags=192, cflags=-16252928, cflags@entry
> > =524288) at ./accel/tcg/translate-all.c:1736
> > 9  0x558ce467 in tb_find (cf_mask=524288, tb_exit=1,
> > last_tb=0x7fffd783e640 , cpu=0x1) at
> > ./accel/tcg/cpu-exec.c:407
> > 10 0x558ce467 in cpu_exec (cpu=cpu@entry=0x5686a2f0) at
> > ./accel/tcg/cpu-exec.c:728
> > 11 0x5588b0cf in tcg_cpu_exec (cpu=0x5686a2f0) at
> > ./cpus.c:1431
> > 12 0x5588d223 in qemu_tcg_cpu_thread_fn
> > (arg=0x5686a2f0) at ./cpus.c:1735
> > 13 0x5588d223 in qemu_tcg_cpu_thread_fn (arg=arg@entry=0x55
> > 555686a2f0) at ./cpus.c:1709
> > 14 0x55d2629a in qemu_thread_start (args=)
> > at ./util/qemu-thread-posix.c:502
> > 15 0x74db8a92 in start_thread () at /usr/lib/libpthread.
> > 
> > This patch ensures that we don't hit the abort() in the second
> > switch
> > case in disas_neon_data_insn() as we will return from the first
> > case.
> > 
> > Signed-off-by: Alistair Francis 
> 
> This fixes the abort()'s I was seeing while running the qemu-iotests
> under an emulated Debian Buster armhf system so:

Great! I just send a v3 which should be plain text.

Alistair

> 
> Reviewed-by: Alex Bennée 
> Tested-by: Alex Bennée 
> 
> 
> > ---
> >  target/arm/translate.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/target/arm/translate.c b/target/arm/translate.c
> > index dd053c80d6..298c262825 100644
> > --- a/target/arm/translate.c
> > +++ b/target/arm/translate.c
> > @@ -6598,13 +6598,13 @@ static int
> > disas_neon_data_insn(DisasContext *s, uint32_t insn)
> >  tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
> > rn_ofs, rm_ofs, vec_size, vec_size,
> > (u ? uqadd_op : sqadd_op) + size);
> > -break;
> > +return 0;
> > 
> >  case NEON_3R_VQSUB:
> >  tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
> > rn_ofs, rm_ofs, vec_size, vec_size,
> > (u ? uqsub_op : sqsub_op) + size);
> > -break;
> > +return 0;
> > 
> >  case NEON_3R_VMUL: /* VMUL */
> >  if (u) {
> 
> --
> Alex Bennée

Re: [Qemu-devel] [PULL v2 00/27] tcg: Add CPUClass::tlb_fill

[Peter Maydell]

On Tue, 14 May 2019 at 13:36, Peter Maydell  wrote:
>
> On Fri, 10 May 2019 at 19:54, Richard Henderson
>  wrote:
> >
> > Changes in v2:
> >
> >   * Fix --disable-tcg compilation for x86 and s390x.
> > I adjusted every target/ that used any CONFIG_TCG in cpu.c.
> > but then afterward I see that only x86 and s390x have had
> > their Makefiles adjusted to make --disable-tcg actually work.
> >
> >   * Fix Werror for 64-bit on 32-bit.
> >
> > Only re-posting changed patches.
> >
> >
> > r~
> >
> >
> > The following changes since commit efb4f3b62c69383a7308d7b739a3193e7c0ccae8:
> >
> >   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
> > into staging (2019-05-10 14:49:36 +0100)
> >
> > are available in the Git repository at:
> >
> >   https://github.com/rth7680/qemu.git tags/pull-tcg-20190510
> >
> > for you to fetch changes up to 4811e9095c0491bc6f5450e5012c9c4796b9e59d:
> >
> >   tcg: Use tlb_fill probe from tlb_vaddr_to_host (2019-05-10 11:12:50 -0700)
> >
> > 
> > Add CPUClass::tlb_fill.
> > Improve tlb_vaddr_to_host for use by ARM SVE no-fault loads.
> >
>
> I did a test merge of this and it passed my build tests; I haven't
> applied it though pending resolution of Aleksandar's comments.


Applied, thanks (conclusion of mailing list discussion was that it
was ok to apply as-is).

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.1
for any user-visible changes.

-- PMM

[Qemu-devel] [PATCH v3 1/1] target/arm: Fix vector operation segfault

[Alistair Francis]

Commit 89e68b575 "target/arm: Use vector operations for saturation"
causes this abort() when booting QEMU ARM with a Cortex-A15:

0  0x74c2382f in raise () at /usr/lib/libc.so.6
1  0x74c0e672 in abort () at /usr/lib/libc.so.6
2  0x559c1839 in disas_neon_data_insn (insn=, 
s=) at ./target/arm/translate.c:6673
3  0x559c1839 in disas_neon_data_insn (s=, 
insn=) at ./target/arm/translate.c:6386
4  0x559cd8a4 in disas_arm_insn (insn=4081107068, s=0x7fffe59a9510) at 
./target/arm/translate.c:9289
5  0x559cd8a4 in arm_tr_translate_insn (dcbase=0x7fffe59a9510, 
cpu=) at ./target/arm/translate.c:13612
6  0x558d1d39 in translator_loop (ops=0x561cc580 
, db=0x7fffe59a9510, cpu=0x5686a2f0, tb=, max_insns=) at ./accel/tcg/translator.c:96
7  0x559d10d4 in gen_intermediate_code (cpu=cpu@entry=0x5686a2f0, 
tb=tb@entry=0x7fffd7840080 , 
max_insns=max_insns@entry=512) at ./target/arm/translate.c:13901
8  0x558d06b9 in tb_gen_code (cpu=cpu@entry=0x5686a2f0, 
pc=3067096216, cs_base=0, flags=192, cflags=-16252928, cflags@entry=524288) at 
./accel/tcg/translate-all.c:1736
9  0x558ce467 in tb_find (cf_mask=524288, tb_exit=1, 
last_tb=0x7fffd783e640 , cpu=0x1) at 
./accel/tcg/cpu-exec.c:407
10 0x558ce467 in cpu_exec (cpu=cpu@entry=0x5686a2f0) at 
./accel/tcg/cpu-exec.c:728
11 0x5588b0cf in tcg_cpu_exec (cpu=0x5686a2f0) at ./cpus.c:1431
12 0x5588d223 in qemu_tcg_cpu_thread_fn (arg=0x5686a2f0) at 
./cpus.c:1735
13 0x5588d223 in qemu_tcg_cpu_thread_fn (arg=arg@entry=0x5686a2f0) 
at ./cpus.c:1709
14 0x55d2629a in qemu_thread_start (args=) at 
./util/qemu-thread-posix.c:502
15 0x74db8a92 in start_thread () at /usr/lib/libpthread.

This patch ensures that we don't hit the abort() in the second switch
case in disas_neon_data_insn() as we will return from the first case.

Signed-off-by: Alistair Francis 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alex Bennée 
Tested-by: Alex Bennée 
---
v3:
 - Resend with hopefully 8bit encoding instead of base64

 target/arm/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index dd053c80d6..298c262825 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6598,13 +6598,13 @@ static int disas_neon_data_insn(DisasContext *s, 
uint32_t insn)
 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
rn_ofs, rm_ofs, vec_size, vec_size,
(u ? uqadd_op : sqadd_op) + size);
-break;
+return 0;
 
 case NEON_3R_VQSUB:
 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
rn_ofs, rm_ofs, vec_size, vec_size,
(u ? uqsub_op : sqsub_op) + size);
-break;
+return 0;
 
 case NEON_3R_VMUL: /* VMUL */
 if (u) {
-- 
2.21.0