[Qemu-devel] [PULL 36/38] spapr/irq: initialize the IRQ device only once

[David Gibson]

From: Cédric Le Goater 

Add a check to make sure that the routine initializing the emulated
IRQ device is called once. We don't have much to test on the XICS
side, so we introduce a 'init' boolean under ICSState.

Signed-off-by: Cédric Le Goater 
Message-Id: <20190513084245.25755-13-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive.c  | 9 +
 hw/intc/xics_spapr.c  | 7 +++
 include/hw/ppc/xics.h | 1 +
 3 files changed, 17 insertions(+)

diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
index a79574b23c..f6f6c29d6a 100644
--- a/hw/intc/spapr_xive.c
+++ b/hw/intc/spapr_xive.c
@@ -338,6 +338,15 @@ void spapr_xive_init(SpaprXive *xive, Error **errp)
 XiveSource *xsrc = &xive->source;
 XiveENDSource *end_xsrc = &xive->end_source;
 
+/*
+ * The emulated XIVE device can only be initialized once. If the
+ * ESB memory region has been already mapped, it means we have been
+ * through there.
+ */
+if (memory_region_is_mapped(&xsrc->esb_mmio)) {
+return;
+}
+
 /* TIMA initialization */
 memory_region_init_io(&xive->tm_mmio, OBJECT(xive), &xive_tm_ops, xive,
   "xive.tima", 4ull << TM_SHIFT);
diff --git a/hw/intc/xics_spapr.c b/hw/intc/xics_spapr.c
index 9d2b8adef7..5a1835e8b1 100644
--- a/hw/intc/xics_spapr.c
+++ b/hw/intc/xics_spapr.c
@@ -239,6 +239,13 @@ static void rtas_int_on(PowerPCCPU *cpu, SpaprMachineState 
*spapr,
 
 void xics_spapr_init(SpaprMachineState *spapr)
 {
+/* Emulated mode can only be initialized once. */
+if (spapr->ics->init) {
+return;
+}
+
+spapr->ics->init = true;
+
 /* Registration of global state belongs into realize */
 spapr_rtas_register(RTAS_IBM_SET_XIVE, "ibm,set-xive", rtas_set_xive);
 spapr_rtas_register(RTAS_IBM_GET_XIVE, "ibm,get-xive", rtas_get_xive);
diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
index eb65ad7e43..d6f8e4c4c2 100644
--- a/include/hw/ppc/xics.h
+++ b/include/hw/ppc/xics.h
@@ -119,6 +119,7 @@ struct ICSState {
 uint32_t offset;
 ICSIRQState *irqs;
 XICSFabric *xics;
+bool init; /* sPAPR ICS device initialized */
 };
 
 #define ICS_PROP_XICS "xics"
-- 
2.21.0

[Qemu-devel] [PULL 31/38] spapr/xive: activate KVM support

[David Gibson]

From: Cédric Le Goater 

All is in place for KVM now. State synchronization and migration will
come next.

Signed-off-by: Cédric Le Goater 
Reviewed-by: David Gibson 
Message-Id: <20190513084245.25755-8-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_irq.c | 9 -
 1 file changed, 9 deletions(-)

diff --git a/hw/ppc/spapr_irq.c b/hw/ppc/spapr_irq.c
index 8d371523e6..e969683f5c 100644
--- a/hw/ppc/spapr_irq.c
+++ b/hw/ppc/spapr_irq.c
@@ -248,19 +248,10 @@ SpaprIrq spapr_irq_xics = {
 static void spapr_irq_init_xive(SpaprMachineState *spapr, int nr_irqs,
 Error **errp)
 {
-MachineState *machine = MACHINE(spapr);
 uint32_t nr_servers = spapr_max_server_number(spapr);
 DeviceState *dev;
 int i;
 
-/* KVM XIVE device not yet available */
-if (kvm_enabled()) {
-if (machine_kernel_irqchip_required(machine)) {
-error_setg(errp, "kernel_irqchip requested. no KVM XIVE support");
-return;
-}
-}
-
 dev = qdev_create(NULL, TYPE_SPAPR_XIVE);
 qdev_prop_set_uint32(dev, "nr-irqs", nr_irqs);
 /*
-- 
2.21.0

[Qemu-devel] [PULL 35/38] spapr/irq: introduce a spapr_irq_init_device() helper

[David Gibson]

From: Cédric Le Goater 

The way the XICS and the XIVE devices are initialized follows the same
pattern. First, try to connect to the KVM device and if not possible
fallback on the emulated device, unless a kernel_irqchip is required.
The spapr_irq_init_device() routine implements this sequence in
generic way using new sPAPR IRQ handlers ->init_emu() and ->init_kvm().

The XIVE init sequence is moved under the associated sPAPR IRQ
->init() handler. This will change again when KVM support is added for
the dual interrupt mode.

Signed-off-by: Cédric Le Goater 
Reviewed-by: David Gibson 
Message-Id: <20190513084245.25755-12-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive.c| 26 +++
 hw/ppc/spapr_irq.c  | 89 +
 include/hw/ppc/spapr_irq.h  |  2 +
 include/hw/ppc/spapr_xive.h |  1 +
 4 files changed, 78 insertions(+), 40 deletions(-)

diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
index 0aa5d8a55e..a79574b23c 100644
--- a/hw/intc/spapr_xive.c
+++ b/hw/intc/spapr_xive.c
@@ -281,7 +281,6 @@ static void spapr_xive_realize(DeviceState *dev, Error 
**errp)
 XiveSource *xsrc = &xive->source;
 XiveENDSource *end_xsrc = &xive->end_source;
 Error *local_err = NULL;
-MachineState *machine = MACHINE(qdev_get_machine());
 
 if (!xive->nr_irqs) {
 error_setg(errp, "Number of interrupt needs to be greater 0");
@@ -332,27 +331,12 @@ static void spapr_xive_realize(DeviceState *dev, Error 
**errp)
xive->tm_base + XIVE_TM_USER_PAGE * (1 << 
TM_SHIFT));
 
 qemu_register_reset(spapr_xive_reset, dev);
+}
 
-if (kvm_enabled() && machine_kernel_irqchip_allowed(machine)) {
-kvmppc_xive_connect(xive, &local_err);
-if (local_err && machine_kernel_irqchip_required(machine)) {
-error_prepend(&local_err,
-  "kernel_irqchip requested but unavailable: ");
-error_propagate(errp, local_err);
-return;
-}
-
-if (!local_err) {
-return;
-}
-
-/*
- * We failed to initialize the XIVE KVM device, fallback to
- * emulated mode
- */
-error_prepend(&local_err, "kernel_irqchip allowed but unavailable: ");
-warn_report_err(local_err);
-}
+void spapr_xive_init(SpaprXive *xive, Error **errp)
+{
+XiveSource *xsrc = &xive->source;
+XiveENDSource *end_xsrc = &xive->end_source;
 
 /* TIMA initialization */
 memory_region_init_io(&xive->tm_mmio, OBJECT(xive), &xive_tm_ops, xive,
diff --git a/hw/ppc/spapr_irq.c b/hw/ppc/spapr_irq.c
index e969683f5c..d1e87577fb 100644
--- a/hw/ppc/spapr_irq.c
+++ b/hw/ppc/spapr_irq.c
@@ -62,36 +62,50 @@ void spapr_irq_msi_reset(SpaprMachineState *spapr)
 bitmap_clear(spapr->irq_map, 0, spapr->irq_map_nr);
 }
 
-
-/*
- * XICS IRQ backend.
- */
-
-static void spapr_irq_init_xics(SpaprMachineState *spapr, int nr_irqs,
-Error **errp)
+static void spapr_irq_init_device(SpaprMachineState *spapr,
+  SpaprIrq *irq, Error **errp)
 {
 MachineState *machine = MACHINE(spapr);
-Object *obj;
 Error *local_err = NULL;
-bool xics_kvm = false;
 
-if (kvm_enabled()) {
-if (machine_kernel_irqchip_allowed(machine) &&
-!xics_kvm_init(spapr, &local_err)) {
-xics_kvm = true;
-}
-if (machine_kernel_irqchip_required(machine) && !xics_kvm) {
+if (kvm_enabled() && machine_kernel_irqchip_allowed(machine)) {
+irq->init_kvm(spapr, &local_err);
+if (local_err && machine_kernel_irqchip_required(machine)) {
 error_prepend(&local_err,
   "kernel_irqchip requested but unavailable: ");
 error_propagate(errp, local_err);
 return;
 }
-error_free(local_err);
-local_err = NULL;
+
+if (!local_err) {
+return;
+}
+
+/*
+ * We failed to initialize the KVM device, fallback to
+ * emulated mode
+ */
+error_prepend(&local_err, "kernel_irqchip allowed but unavailable: ");
+warn_report_err(local_err);
 }
 
-if (!xics_kvm) {
-xics_spapr_init(spapr);
+irq->init_emu(spapr, errp);
+}
+
+/*
+ * XICS IRQ backend.
+ */
+
+static void spapr_irq_init_xics(SpaprMachineState *spapr, int nr_irqs,
+Error **errp)
+{
+Object *obj;
+Error *local_err = NULL;
+
+spapr_irq_init_device(spapr, &spapr_irq_xics, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
 }
 
 obj = object_new(TYPE_ICS_SIMPLE);
@@ -220,6 +234,18 @@ static const char 
*spapr_irq_get_nodename_xics(SpaprMachineState *spapr)
 return XICS_NODENAME;
 }
 
+static void spapr_irq_init_emu_xics(SpaprMachineState *spapr, Error **errp)
+{
+xics_spapr_init(spapr);
+}
+
+static void s

[Qemu-devel] [PULL 38/38] spapr/irq: add KVM support to the 'dual' machine

[David Gibson]

From: Cédric Le Goater 

The interrupt mode is chosen by the CAS negotiation process and
activated after a reset to take into account the required changes in
the machine. This brings new constraints on how the associated KVM IRQ
device is initialized.

Currently, each model takes care of the initialization of the KVM
device in their realize method but this is not possible anymore as the
initialization needs to be done globaly when the interrupt mode is
known, i.e. when machine is reseted. It also means that we need a way
to delete a KVM device when another mode is chosen.

Also, to support migration, the QEMU objects holding the state to
transfer should always be available but not necessarily activated.

The overall approach of this proposal is to initialize both interrupt
mode at the QEMU level to keep the IRQ number space in sync and to
allow switching from one mode to another. For the KVM side of things,
the whole initialization of the KVM device, sources and presenters, is
grouped in a single routine. The XICS and XIVE sPAPR IRQ reset
handlers are modified accordingly to handle the init and the delete
sequences of the KVM device.

Signed-off-by: Cédric Le Goater 
Reviewed-by: David Gibson 
Message-Id: <20190513084245.25755-15-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive_kvm.c | 29 +++-
 hw/intc/xics_kvm.c   | 31 +
 hw/intc/xive.c   |  4 ---
 hw/ppc/spapr_irq.c   | 58 ++--
 include/hw/ppc/xive.h|  1 -
 5 files changed, 97 insertions(+), 26 deletions(-)

diff --git a/hw/intc/spapr_xive_kvm.c b/hw/intc/spapr_xive_kvm.c
index 078d18d775..ec170b3045 100644
--- a/hw/intc/spapr_xive_kvm.c
+++ b/hw/intc/spapr_xive_kvm.c
@@ -246,7 +246,7 @@ void kvmppc_xive_source_reset_one(XiveSource *xsrc, int 
srcno, Error **errp)
   true, errp);
 }
 
-void kvmppc_xive_source_reset(XiveSource *xsrc, Error **errp)
+static void kvmppc_xive_source_reset(XiveSource *xsrc, Error **errp)
 {
 int i;
 
@@ -697,6 +697,15 @@ void kvmppc_xive_connect(SpaprXive *xive, Error **errp)
 Error *local_err = NULL;
 size_t esb_len = (1ull << xsrc->esb_shift) * xsrc->nr_irqs;
 size_t tima_len = 4ull << TM_SHIFT;
+CPUState *cs;
+
+/*
+ * The KVM XIVE device already in use. This is the case when
+ * rebooting under the XIVE-only interrupt mode.
+ */
+if (xive->fd != -1) {
+return;
+}
 
 if (!kvmppc_has_cap_xive()) {
 error_setg(errp, "IRQ_XIVE capability must be present for KVM");
@@ -745,6 +754,24 @@ void kvmppc_xive_connect(SpaprXive *xive, Error **errp)
 xive->change = qemu_add_vm_change_state_handler(
 kvmppc_xive_change_state_handler, xive);
 
+/* Connect the presenters to the initial VCPUs of the machine */
+CPU_FOREACH(cs) {
+PowerPCCPU *cpu = POWERPC_CPU(cs);
+
+kvmppc_xive_cpu_connect(spapr_cpu_state(cpu)->tctx, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+}
+
+/* Update the KVM sources */
+kvmppc_xive_source_reset(xsrc, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+
 kvm_kernel_irqchip = true;
 kvm_msi_via_irqfd_allowed = true;
 kvm_gsi_direct_mapping = true;
diff --git a/hw/intc/xics_kvm.c b/hw/intc/xics_kvm.c
index 12bd5190cf..5ba5b77561 100644
--- a/hw/intc/xics_kvm.c
+++ b/hw/intc/xics_kvm.c
@@ -33,6 +33,7 @@
 #include "trace.h"
 #include "sysemu/kvm.h"
 #include "hw/ppc/spapr.h"
+#include "hw/ppc/spapr_cpu_core.h"
 #include "hw/ppc/xics.h"
 #include "hw/ppc/xics_spapr.h"
 #include "kvm_ppc.h"
@@ -342,6 +343,16 @@ static void rtas_dummy(PowerPCCPU *cpu, SpaprMachineState 
*spapr,
 int xics_kvm_init(SpaprMachineState *spapr, Error **errp)
 {
 int rc;
+CPUState *cs;
+Error *local_err = NULL;
+
+/*
+ * The KVM XICS device already in use. This is the case when
+ * rebooting under the XICS-only interrupt mode.
+ */
+if (kernel_xics_fd != -1) {
+return 0;
+}
 
 if (!kvm_enabled() || !kvm_check_extension(kvm_state, KVM_CAP_IRQ_XICS)) {
 error_setg(errp,
@@ -390,6 +401,26 @@ int xics_kvm_init(SpaprMachineState *spapr, Error **errp)
 kvm_msi_via_irqfd_allowed = true;
 kvm_gsi_direct_mapping = true;
 
+/* Create the presenters */
+CPU_FOREACH(cs) {
+PowerPCCPU *cpu = POWERPC_CPU(cs);
+
+icp_kvm_realize(DEVICE(spapr_cpu_state(cpu)->icp), &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+goto fail;
+}
+}
+
+/* Update the KVM sources */
+ics_set_kvm_state(spapr->ics);
+
+/* Connect the presenters to the initial VCPUs of the machine */
+CPU_FOREACH(cs) {
+PowerPCCPU *cpu = POWERPC_CPU(cs);
+icp_set_kvm_state(spapr_cpu_state(cpu)->icp);
+}
+
 return 0;
 
 fail:
diff --git a

[Qemu-devel] [PATCH v6 2/2] acpi: pci: use build_append_foo() API to construct MCFG

[Wei Yang]

build_append_foo() API doesn't need explicit endianness conversions
which eliminates a source of errors and it makes build_mcfg() look like
declarative definition of MCFG table in ACPI spec, which makes it easy
to review.

Signed-off-by: Wei Yang 
Suggested-by: Igor Mammedov 
Reviewed-by: Igor Mammedov 

v3:
   * add some comment on the Configuration Space base address allocation
 structure
v2:
   * miss the reserved[8] of MCFG in last version, add it back
   * drop SOBs and make sure bios-tables-test all OK
---
 hw/acpi/pci.c   | 39 +
 include/hw/acpi/acpi-defs.h | 18 -
 2 files changed, 27 insertions(+), 30 deletions(-)

diff --git a/hw/acpi/pci.c b/hw/acpi/pci.c
index fa0fa30bb9..9510597a19 100644
--- a/hw/acpi/pci.c
+++ b/hw/acpi/pci.c
@@ -30,17 +30,32 @@
 
 void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
 {
-AcpiTableMcfg *mcfg;
-int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
-
-mcfg = acpi_data_push(table_data, len);
-mcfg->allocation[0].address = cpu_to_le64(info->base);
-
-/* Only a single allocation so no need to play with segments */
-mcfg->allocation[0].pci_segment = cpu_to_le16(0);
-mcfg->allocation[0].start_bus_number = 0;
-mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
-
-build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
+int mcfg_start = table_data->len;
+
+/*
+ * PCI Firmware Specification, Revision 3.0
+ * 4.1.2 MCFG Table Description.
+ */
+acpi_data_push(table_data, sizeof(AcpiTableHeader));
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 8);
+
+/*
+ * Memory Mapped Enhanced Configuration Space Base Address Allocation
+ * Structure
+ */
+/* Base address, processor-relative */
+build_append_int_noprefix(table_data, info->base, 8);
+/* PCI segment group number */
+build_append_int_noprefix(table_data, 0, 2);
+/* Starting PCI Bus number */
+build_append_int_noprefix(table_data, 0, 1);
+/* Final PCI Bus number */
+build_append_int_noprefix(table_data, PCIE_MMCFG_BUS(info->size - 1), 1);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 4);
+
+build_header(linker, table_data, (void *)(table_data->data + mcfg_start),
+ "MCFG", table_data->len - mcfg_start, 1, NULL, NULL);
 }
 
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index f9aa4bd398..57a3f58b0c 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -449,24 +449,6 @@ struct AcpiSratProcessorGiccAffinity {
 
 typedef struct AcpiSratProcessorGiccAffinity AcpiSratProcessorGiccAffinity;
 
-/* PCI fw r3.0 MCFG table. */
-/* Subtable */
-struct AcpiMcfgAllocation {
-uint64_t address;/* Base address, processor-relative */
-uint16_t pci_segment;/* PCI segment group number */
-uint8_t start_bus_number;   /* Starting PCI Bus number */
-uint8_t end_bus_number; /* Final PCI Bus number */
-uint32_t reserved;
-} QEMU_PACKED;
-typedef struct AcpiMcfgAllocation AcpiMcfgAllocation;
-
-struct AcpiTableMcfg {
-ACPI_TABLE_HEADER_DEF;
-uint8_t reserved[8];
-AcpiMcfgAllocation allocation[0];
-} QEMU_PACKED;
-typedef struct AcpiTableMcfg AcpiTableMcfg;
-
 /*
  * TCPA Description Table
  *
-- 
2.19.1

[Qemu-devel] [PULL 23/38] spapr: Fix phb_placement backwards compatibility

[David Gibson]

When we added support for NVLink2 passthrough devices, we changed the
phb_placement hook to handle the placement of NVLink2 bridges' specific
resources.  For compatibility we use a version that doesn't do this
allocation  for old machine types.

However, because of the delay between when the patch was posted and when
it was merged, we ended up with that compatibility hook applying for
machine versions 3.1 and earlier whereas it should apply for 4.0 and
earlier (since the patch was applied early in the 4.1 tree).

Fixes: ec132efaa81 "spapr: Support NVIDIA V100 GPU with NVLink2"

Reported-by: Laurent Vivier 
Signed-off-by: David Gibson 
Reviewed-by: Cédric Le Goater 
Reviewed-by: Greg Kurz 
Reviewed-by: Laurent Vivier 
---
 hw/ppc/spapr.c | 28 +++-
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index bcae30ad26..39e698e9b0 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -4411,18 +4411,7 @@ DEFINE_SPAPR_MACHINE(4_1, "4.1", true);
 /*
  * pseries-4.0
  */
-static void spapr_machine_4_0_class_options(MachineClass *mc)
-{
-spapr_machine_4_1_class_options(mc);
-compat_props_add(mc->compat_props, hw_compat_4_0, hw_compat_4_0_len);
-}
-
-DEFINE_SPAPR_MACHINE(4_0, "4.0", false);
-
-/*
- * pseries-3.1
- */
-static void phb_placement_3_1(SpaprMachineState *spapr, uint32_t index,
+static void phb_placement_4_0(SpaprMachineState *spapr, uint32_t index,
   uint64_t *buid, hwaddr *pio,
   hwaddr *mmio32, hwaddr *mmio64,
   unsigned n_dma, uint32_t *liobns,
@@ -4434,6 +4423,20 @@ static void phb_placement_3_1(SpaprMachineState *spapr, 
uint32_t index,
 *nv2atsd = 0;
 }
 
+static void spapr_machine_4_0_class_options(MachineClass *mc)
+{
+SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
+
+spapr_machine_4_1_class_options(mc);
+compat_props_add(mc->compat_props, hw_compat_4_0, hw_compat_4_0_len);
+smc->phb_placement = phb_placement_4_0;
+}
+
+DEFINE_SPAPR_MACHINE(4_0, "4.0", false);
+
+/*
+ * pseries-3.1
+ */
 static void spapr_machine_3_1_class_options(MachineClass *mc)
 {
 SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
@@ -4449,7 +4452,6 @@ static void spapr_machine_3_1_class_options(MachineClass 
*mc)
 smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
 smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
 smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_OFF;
-smc->phb_placement = phb_placement_3_1;
 }
 
 DEFINE_SPAPR_MACHINE(3_1, "3.1", false);
-- 
2.21.0

[Qemu-devel] [PULL 37/38] ppc/xics: fix irq priority in ics_set_irq_type()

[David Gibson]

From: Cédric Le Goater 

Recent commits changed the behavior of ics_set_irq_type() to
initialize correctly LSIs at the KVM level. ics_set_irq_type() is also
called by the realize routine of the different devices of the machine
when initial interrupts are claimed, before the ICSState device is
reseted.

In the case, the ICSIRQState priority is 0x0 and the call to
ics_set_irq_type() results in configuring the target of the
interrupt. On P9, when using the KVM XICS-on-XIVE device, the target
is configured to be server 0, priority 0 and the event queue 0 is
created automatically by KVM.

With the dual interrupt mode creating the KVM device at reset, it
leads to unexpected effects on the guest, mostly blocking IPIs. This
is wrong, fix it by reseting the ICSIRQState structure when
ics_set_irq_type() is called.

Fixes: commit 6cead90c5c9c ("xics: Write source state to KVM at claim time")
Signed-off-by: Greg Kurz 
Signed-off-by: Cédric Le Goater 
Message-Id: <20190513084245.25755-14-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/intc/xics.c | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/hw/intc/xics.c b/hw/intc/xics.c
index af7dc709ab..79f5a8a916 100644
--- a/hw/intc/xics.c
+++ b/hw/intc/xics.c
@@ -610,6 +610,12 @@ static const TypeInfo ics_simple_info = {
 .class_size = sizeof(ICSStateClass),
 };
 
+static void ics_reset_irq(ICSIRQState *irq)
+{
+irq->priority = 0xff;
+irq->saved_priority = 0xff;
+}
+
 static void ics_base_reset(DeviceState *dev)
 {
 ICSState *ics = ICS_BASE(dev);
@@ -623,8 +629,7 @@ static void ics_base_reset(DeviceState *dev)
 memset(ics->irqs, 0, sizeof(ICSIRQState) * ics->nr_irqs);
 
 for (i = 0; i < ics->nr_irqs; i++) {
-ics->irqs[i].priority = 0xff;
-ics->irqs[i].saved_priority = 0xff;
+ics_reset_irq(ics->irqs + i);
 ics->irqs[i].flags = flags[i];
 }
 }
@@ -760,6 +765,7 @@ void ics_set_irq_type(ICSState *ics, int srcno, bool lsi)
 lsi ? XICS_FLAGS_IRQ_LSI : XICS_FLAGS_IRQ_MSI;
 
 if (kvm_irqchip_in_kernel()) {
+ics_reset_irq(ics->irqs + srcno);
 ics_set_kvm_state_one(ics, srcno);
 }
 }
-- 
2.21.0

[Qemu-devel] [PULL 32/38] sysbus: add a sysbus_mmio_unmap() helper

[David Gibson]

From: Cédric Le Goater 

This will be used to remove the MMIO regions of the POWER9 XIVE
interrupt controller when the sPAPR machine is reseted.

Signed-off-by: Cédric Le Goater 
Reviewed-by: David Gibson 
Message-Id: <20190513084245.25755-9-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/core/sysbus.c| 10 ++
 include/hw/sysbus.h |  1 +
 2 files changed, 11 insertions(+)

diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
index 307cf90a51..689a867a22 100644
--- a/hw/core/sysbus.c
+++ b/hw/core/sysbus.c
@@ -153,6 +153,16 @@ static void sysbus_mmio_map_common(SysBusDevice *dev, int 
n, hwaddr addr,
 }
 }
 
+void sysbus_mmio_unmap(SysBusDevice *dev, int n)
+{
+assert(n >= 0 && n < dev->num_mmio);
+
+if (dev->mmio[n].addr != (hwaddr)-1) {
+memory_region_del_subregion(get_system_memory(), dev->mmio[n].memory);
+dev->mmio[n].addr = (hwaddr)-1;
+}
+}
+
 void sysbus_mmio_map(SysBusDevice *dev, int n, hwaddr addr)
 {
 sysbus_mmio_map_common(dev, n, addr, false, 0);
diff --git a/include/hw/sysbus.h b/include/hw/sysbus.h
index 1aedcf05c9..4c668fbbdc 100644
--- a/include/hw/sysbus.h
+++ b/include/hw/sysbus.h
@@ -89,6 +89,7 @@ qemu_irq sysbus_get_connected_irq(SysBusDevice *dev, int n);
 void sysbus_mmio_map(SysBusDevice *dev, int n, hwaddr addr);
 void sysbus_mmio_map_overlap(SysBusDevice *dev, int n, hwaddr addr,
  int priority);
+void sysbus_mmio_unmap(SysBusDevice *dev, int n);
 void sysbus_add_io(SysBusDevice *dev, hwaddr addr,
MemoryRegion *mem);
 MemoryRegion *sysbus_address_space(SysBusDevice *dev);
-- 
2.21.0

[Qemu-devel] [PULL 16/38] Fix typo on "info pic" monitor cmd output for xive

[David Gibson]

From: Satheesh Rajendran 

Instead of LISN i.e "Logical Interrupt Source Number" as per
Xive PAPR document "info pic" prints as LSIN, let's fix it.

Signed-off-by: Satheesh Rajendran 
Message-Id: <20190509080750.21999-1-sathn...@linux.vnet.ibm.com>
Reviewed-by: Greg Kurz 
Reviewed-by: Cédric Le Goater 
Reviewed-by: Stefano Garzarella 
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
index 58cc6e2b50..62e13ac353 100644
--- a/hw/intc/spapr_xive.c
+++ b/hw/intc/spapr_xive.c
@@ -141,7 +141,7 @@ void spapr_xive_pic_print_info(SpaprXive *xive, Monitor 
*mon)
 XiveSource *xsrc = &xive->source;
 int i;
 
-monitor_printf(mon, "  LSIN PQEISN CPU/PRIO EQ\n");
+monitor_printf(mon, "  LISN PQEISN CPU/PRIO EQ\n");
 
 for (i = 0; i < xive->nr_irqs; i++) {
 uint8_t pq = xive_source_esb_get(xsrc, i);
-- 
2.21.0

[Qemu-devel] [PULL 22/38] target/ppc: Use vector variable shifts for VSL, VSR, VSRA

[David Gibson]

From: Richard Henderson 

The gvec expanders take care of masking the shift amount
against the element width.

Signed-off-by: Richard Henderson 
Message-Id: <20190518191430.21686-2-richard.hender...@linaro.org>
Signed-off-by: David Gibson 
---
 target/ppc/helper.h | 12 --
 target/ppc/int_helper.c | 37 -
 target/ppc/translate/vmx-impl.inc.c | 24 +--
 3 files changed, 12 insertions(+), 61 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 638a6e99c4..02b67a333e 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -180,18 +180,6 @@ DEF_HELPER_3(vmuloub, void, avr, avr, avr)
 DEF_HELPER_3(vmulouh, void, avr, avr, avr)
 DEF_HELPER_3(vmulouw, void, avr, avr, avr)
 DEF_HELPER_3(vmuluwm, void, avr, avr, avr)
-DEF_HELPER_3(vsrab, void, avr, avr, avr)
-DEF_HELPER_3(vsrah, void, avr, avr, avr)
-DEF_HELPER_3(vsraw, void, avr, avr, avr)
-DEF_HELPER_3(vsrad, void, avr, avr, avr)
-DEF_HELPER_3(vsrb, void, avr, avr, avr)
-DEF_HELPER_3(vsrh, void, avr, avr, avr)
-DEF_HELPER_3(vsrw, void, avr, avr, avr)
-DEF_HELPER_3(vsrd, void, avr, avr, avr)
-DEF_HELPER_3(vslb, void, avr, avr, avr)
-DEF_HELPER_3(vslh, void, avr, avr, avr)
-DEF_HELPER_3(vslw, void, avr, avr, avr)
-DEF_HELPER_3(vsld, void, avr, avr, avr)
 DEF_HELPER_3(vslo, void, avr, avr, avr)
 DEF_HELPER_3(vsro, void, avr, avr, avr)
 DEF_HELPER_3(vsrv, void, avr, avr, avr)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index f5c81acd53..0b22774a9d 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -1776,23 +1776,6 @@ VSHIFT(l, 1)
 VSHIFT(r, 0)
 #undef VSHIFT
 
-#define VSL(suffix, element, mask)  \
-void helper_vsl##suffix(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)   \
-{   \
-int i;  \
-\
-for (i = 0; i < ARRAY_SIZE(r->element); i++) {  \
-unsigned int shift = b->element[i] & mask;  \
-\
-r->element[i] = a->element[i] << shift; \
-}   \
-}
-VSL(b, u8, 0x7)
-VSL(h, u16, 0x0F)
-VSL(w, u32, 0x1F)
-VSL(d, u64, 0x3F)
-#undef VSL
-
 void helper_vslv(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)
 {
 int i;
@@ -1965,26 +1948,6 @@ VNEG(vnegw, s32)
 VNEG(vnegd, s64)
 #undef VNEG
 
-#define VSR(suffix, element, mask)  \
-void helper_vsr##suffix(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)   \
-{   \
-int i;  \
-\
-for (i = 0; i < ARRAY_SIZE(r->element); i++) {  \
-unsigned int shift = b->element[i] & mask;  \
-r->element[i] = a->element[i] >> shift; \
-}   \
-}
-VSR(ab, s8, 0x7)
-VSR(ah, s16, 0xF)
-VSR(aw, s32, 0x1F)
-VSR(ad, s64, 0x3F)
-VSR(b, u8, 0x7)
-VSR(h, u16, 0xF)
-VSR(w, u32, 0x1F)
-VSR(d, u64, 0x3F)
-#undef VSR
-
 void helper_vsro(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)
 {
 int sh = (b->VsrB(0xf) >> 3) & 0xf;
diff --git a/target/ppc/translate/vmx-impl.inc.c 
b/target/ppc/translate/vmx-impl.inc.c
index 6861f4c5b9..663275b729 100644
--- a/target/ppc/translate/vmx-impl.inc.c
+++ b/target/ppc/translate/vmx-impl.inc.c
@@ -530,21 +530,21 @@ GEN_VXFORM(vmuleuw, 4, 10);
 GEN_VXFORM(vmulesb, 4, 12);
 GEN_VXFORM(vmulesh, 4, 13);
 GEN_VXFORM(vmulesw, 4, 14);
-GEN_VXFORM(vslb, 2, 4);
-GEN_VXFORM(vslh, 2, 5);
-GEN_VXFORM(vslw, 2, 6);
+GEN_VXFORM_V(vslb, MO_8, tcg_gen_gvec_shlv, 2, 4);
+GEN_VXFORM_V(vslh, MO_16, tcg_gen_gvec_shlv, 2, 5);
+GEN_VXFORM_V(vslw, MO_32, tcg_gen_gvec_shlv, 2, 6);
 GEN_VXFORM(vrlwnm, 2, 6);
 GEN_VXFORM_DUAL(vslw, PPC_ALTIVEC, PPC_NONE, \
 vrlwnm, PPC_NONE, PPC2_ISA300)
-GEN_VXFORM(vsld, 2, 23);
-GEN_VXFORM(vsrb, 2, 8);
-GEN_VXFORM(vsrh, 2, 9);
-GEN_VXFORM(vsrw, 2, 10);
-GEN_VXFORM(vsrd, 2, 27);
-GEN_VXFORM(vsrab, 2, 12);
-GEN_VXFORM(vsrah, 2, 13);
-GEN_VXFORM(vsraw, 2, 14);
-GEN_VXFORM(vsrad, 2, 15);
+GEN_VXFORM_V(vsld, MO_64, tcg_gen_gvec_shlv, 2, 23);
+GEN_VXFORM_V(vsrb, MO_8, tcg_gen_gvec_shrv, 2, 8);
+GEN_VXFORM_V(vsrh, MO_16, tcg_gen_gvec_shrv, 2, 9);
+GEN_VXFORM_V(vsrw, MO_32, tcg_gen_gvec_shrv, 2, 10);
+GEN_VXFORM_V(vsrd, MO_64, tcg_gen_gvec_shrv, 2, 27);
+GEN_VXFORM_V(vsrab, MO_8, tcg_gen_gvec_sarv, 2, 12);
+GEN_VXFORM_V(vsrah, MO_16, tcg_gen_gvec_sarv, 2, 13);
+GEN_VXFORM_V(vsraw, MO_32, tcg_gen_gvec_sarv, 2, 14);
+GEN_VXFORM_V(vsrad,

[Qemu-devel] [PULL 33/38] spapr: introduce routines to delete the KVM IRQ device

[David Gibson]

From: Cédric Le Goater 

If a new interrupt mode is chosen by CAS, the machine generates a
reset to reconfigure. At this point, the connection with the previous
KVM device needs to be closed and a new connection needs to opened
with the KVM device operating the chosen interrupt mode.

New routines are introduced to destroy the XICS and the XIVE KVM
devices. They make use of a new KVM device ioctl which destroys the
device and also disconnects the IRQ presenters from the vCPUs.

Signed-off-by: Cédric Le Goater 
Reviewed-by: David Gibson 
Message-Id: <20190513084245.25755-10-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive_kvm.c| 56 +
 hw/intc/xics_kvm.c  | 51 +
 include/hw/ppc/spapr_xive.h |  1 +
 include/hw/ppc/xics_spapr.h |  1 +
 4 files changed, 109 insertions(+)

diff --git a/hw/intc/spapr_xive_kvm.c b/hw/intc/spapr_xive_kvm.c
index 3999e4b7ed..259cd1db95 100644
--- a/hw/intc/spapr_xive_kvm.c
+++ b/hw/intc/spapr_xive_kvm.c
@@ -58,6 +58,16 @@ static void kvm_cpu_enable(CPUState *cs)
 QLIST_INSERT_HEAD(&kvm_enabled_cpus, enabled_cpu, node);
 }
 
+static void kvm_cpu_disable_all(void)
+{
+KVMEnabledCPU *enabled_cpu, *next;
+
+QLIST_FOREACH_SAFE(enabled_cpu, &kvm_enabled_cpus, node, next) {
+QLIST_REMOVE(enabled_cpu, node);
+g_free(enabled_cpu);
+}
+}
+
 /*
  * XIVE Thread Interrupt Management context (KVM)
  */
@@ -709,3 +719,49 @@ void kvmppc_xive_connect(SpaprXive *xive, Error **errp)
 /* Map all regions */
 spapr_xive_map_mmio(xive);
 }
+
+void kvmppc_xive_disconnect(SpaprXive *xive, Error **errp)
+{
+XiveSource *xsrc;
+size_t esb_len;
+
+/* The KVM XIVE device is not in use */
+if (!xive || xive->fd == -1) {
+return;
+}
+
+if (!kvmppc_has_cap_xive()) {
+error_setg(errp, "IRQ_XIVE capability must be present for KVM");
+return;
+}
+
+/* Clear the KVM mapping */
+xsrc = &xive->source;
+esb_len = (1ull << xsrc->esb_shift) * xsrc->nr_irqs;
+
+sysbus_mmio_unmap(SYS_BUS_DEVICE(xive), 0);
+munmap(xsrc->esb_mmap, esb_len);
+
+sysbus_mmio_unmap(SYS_BUS_DEVICE(xive), 1);
+
+sysbus_mmio_unmap(SYS_BUS_DEVICE(xive), 2);
+munmap(xive->tm_mmap, 4ull << TM_SHIFT);
+
+/*
+ * When the KVM device fd is closed, the KVM device is destroyed
+ * and removed from the list of devices of the VM. The VCPU
+ * presenters are also detached from the device.
+ */
+close(xive->fd);
+xive->fd = -1;
+
+kvm_kernel_irqchip = false;
+kvm_msi_via_irqfd_allowed = false;
+kvm_gsi_direct_mapping = false;
+
+/* Clear the local list of presenter (hotplug) */
+kvm_cpu_disable_all();
+
+/* VM Change state handler is not needed anymore */
+qemu_del_vm_change_state_handler(xive->change);
+}
diff --git a/hw/intc/xics_kvm.c b/hw/intc/xics_kvm.c
index 78a252e6df..1185846ff1 100644
--- a/hw/intc/xics_kvm.c
+++ b/hw/intc/xics_kvm.c
@@ -51,6 +51,16 @@ typedef struct KVMEnabledICP {
 static QLIST_HEAD(, KVMEnabledICP)
 kvm_enabled_icps = QLIST_HEAD_INITIALIZER(&kvm_enabled_icps);
 
+static void kvm_disable_icps(void)
+{
+KVMEnabledICP *enabled_icp, *next;
+
+QLIST_FOREACH_SAFE(enabled_icp, &kvm_enabled_icps, node, next) {
+QLIST_REMOVE(enabled_icp, node);
+g_free(enabled_icp);
+}
+}
+
 /*
  * ICP-KVM
  */
@@ -360,3 +370,44 @@ fail:
 kvmppc_define_rtas_kernel_token(0, "ibm,int-off");
 return -1;
 }
+
+void xics_kvm_disconnect(SpaprMachineState *spapr, Error **errp)
+{
+/* The KVM XICS device is not in use */
+if (kernel_xics_fd == -1) {
+return;
+}
+
+if (!kvm_enabled() || !kvm_check_extension(kvm_state, KVM_CAP_IRQ_XICS)) {
+error_setg(errp,
+   "KVM and IRQ_XICS capability must be present for KVM XICS 
device");
+return;
+}
+
+/*
+ * Only on P9 using the XICS-on XIVE KVM device:
+ *
+ * When the KVM device fd is closed, the device is destroyed and
+ * removed from the list of devices of the VM. The VCPU presenters
+ * are also detached from the device.
+ */
+close(kernel_xics_fd);
+kernel_xics_fd = -1;
+
+spapr_rtas_unregister(RTAS_IBM_SET_XIVE);
+spapr_rtas_unregister(RTAS_IBM_GET_XIVE);
+spapr_rtas_unregister(RTAS_IBM_INT_OFF);
+spapr_rtas_unregister(RTAS_IBM_INT_ON);
+
+kvmppc_define_rtas_kernel_token(0, "ibm,set-xive");
+kvmppc_define_rtas_kernel_token(0, "ibm,get-xive");
+kvmppc_define_rtas_kernel_token(0, "ibm,int-on");
+kvmppc_define_rtas_kernel_token(0, "ibm,int-off");
+
+kvm_kernel_irqchip = false;
+kvm_msi_via_irqfd_allowed = false;
+kvm_gsi_direct_mapping = false;
+
+/* Clear the presenter from the VCPUs */
+kvm_disable_icps();
+}
diff --git a/include/hw/ppc/spapr_xive.h b/include/hw/ppc/spapr_xive.h
index 04294b0ca2..0b5e972d52 100644
--- a/include/hw/ppc/spapr_xive.h
+++ b/include/hw/

[Qemu-devel] [PULL 28/38] spapr/xive: add state synchronization with KVM

[David Gibson]

From: Cédric Le Goater 

This extends the KVM XIVE device backend with 'synchronize_state'
methods used to retrieve the state from KVM. The HW state of the
sources, the KVM device and the thread interrupt contexts are
collected for the monitor usage and also migration.

These get operations rely on their KVM counterpart in the host kernel
which acts as a proxy for OPAL, the host firmware. The set operations
will be added for migration support later.

Signed-off-by: Cédric Le Goater 
Message-Id: <20190513084245.25755-5-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive.c| 17 ---
 hw/intc/spapr_xive_kvm.c| 90 +
 hw/intc/xive.c  | 10 +
 include/hw/ppc/spapr_xive.h |  8 
 include/hw/ppc/xive.h   |  1 +
 5 files changed, 119 insertions(+), 7 deletions(-)

diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
index 03f92c3e65..e771db5fd0 100644
--- a/hw/intc/spapr_xive.c
+++ b/hw/intc/spapr_xive.c
@@ -40,13 +40,6 @@
 
 #define SPAPR_XIVE_NVT_BASE 0x400
 
-/*
- * The sPAPR machine has a unique XIVE IC device. Assign a fixed value
- * to the controller block id value. It can nevertheless be changed
- * for testing purpose.
- */
-#define SPAPR_XIVE_BLOCK_ID 0x0
-
 /*
  * sPAPR NVT and END indexing helpers
  */
@@ -157,6 +150,16 @@ void spapr_xive_pic_print_info(SpaprXive *xive, Monitor 
*mon)
 XiveSource *xsrc = &xive->source;
 int i;
 
+if (kvm_irqchip_in_kernel()) {
+Error *local_err = NULL;
+
+kvmppc_xive_synchronize_state(xive, &local_err);
+if (local_err) {
+error_report_err(local_err);
+return;
+}
+}
+
 monitor_printf(mon, "  LISN PQEISN CPU/PRIO EQ\n");
 
 for (i = 0; i < xive->nr_irqs; i++) {
diff --git a/hw/intc/spapr_xive_kvm.c b/hw/intc/spapr_xive_kvm.c
index 964bad0c23..8dd4f96e0b 100644
--- a/hw/intc/spapr_xive_kvm.c
+++ b/hw/intc/spapr_xive_kvm.c
@@ -60,6 +60,54 @@ static void kvm_cpu_enable(CPUState *cs)
 /*
  * XIVE Thread Interrupt Management context (KVM)
  */
+static void kvmppc_xive_cpu_get_state(XiveTCTX *tctx, Error **errp)
+{
+uint64_t state[2] = { 0 };
+int ret;
+
+ret = kvm_get_one_reg(tctx->cs, KVM_REG_PPC_VP_STATE, state);
+if (ret != 0) {
+error_setg_errno(errp, errno,
+ "XIVE: could not capture KVM state of CPU %ld",
+ kvm_arch_vcpu_id(tctx->cs));
+return;
+}
+
+/* word0 and word1 of the OS ring. */
+*((uint64_t *) &tctx->regs[TM_QW1_OS]) = state[0];
+}
+
+typedef struct {
+XiveTCTX *tctx;
+Error *err;
+} XiveCpuGetState;
+
+static void kvmppc_xive_cpu_do_synchronize_state(CPUState *cpu,
+ run_on_cpu_data arg)
+{
+XiveCpuGetState *s = arg.host_ptr;
+
+kvmppc_xive_cpu_get_state(s->tctx, &s->err);
+}
+
+void kvmppc_xive_cpu_synchronize_state(XiveTCTX *tctx, Error **errp)
+{
+XiveCpuGetState s = {
+.tctx = tctx,
+.err = NULL,
+};
+
+/*
+ * Kick the vCPU to make sure they are available for the KVM ioctl.
+ */
+run_on_cpu(tctx->cs, kvmppc_xive_cpu_do_synchronize_state,
+   RUN_ON_CPU_HOST_PTR(&s));
+
+if (s.err) {
+error_propagate(errp, s.err);
+return;
+}
+}
 
 void kvmppc_xive_cpu_connect(XiveTCTX *tctx, Error **errp)
 {
@@ -227,6 +275,19 @@ uint64_t kvmppc_xive_esb_rw(XiveSource *xsrc, int srcno, 
uint32_t offset,
 }
 }
 
+static void kvmppc_xive_source_get_state(XiveSource *xsrc)
+{
+int i;
+
+for (i = 0; i < xsrc->nr_irqs; i++) {
+/* Perform a load without side effect to retrieve the PQ bits */
+uint8_t pq = xive_esb_read(xsrc, i, XIVE_ESB_GET);
+
+/* and save PQ locally */
+xive_source_esb_set(xsrc, i, pq);
+}
+}
+
 void kvmppc_xive_source_set_irq(void *opaque, int srcno, int val)
 {
 XiveSource *xsrc = opaque;
@@ -353,6 +414,35 @@ void kvmppc_xive_reset(SpaprXive *xive, Error **errp)
   NULL, true, errp);
 }
 
+static void kvmppc_xive_get_queues(SpaprXive *xive, Error **errp)
+{
+Error *local_err = NULL;
+int i;
+
+for (i = 0; i < xive->nr_ends; i++) {
+if (!xive_end_is_valid(&xive->endt[i])) {
+continue;
+}
+
+kvmppc_xive_get_queue_config(xive, SPAPR_XIVE_BLOCK_ID, i,
+ &xive->endt[i], &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+}
+}
+
+void kvmppc_xive_synchronize_state(SpaprXive *xive, Error **errp)
+{
+kvmppc_xive_source_get_state(&xive->source);
+
+/* EAT: there is no extra state to query from KVM */
+
+/* ENDT */
+kvmppc_xive_get_queues(xive, errp);
+}
+
 static void *kvmppc_xive_mmap(SpaprXive *xive, int pgoff, size_t len,
   Error **errp)
 {
diff --git a/hw/intc/xive.c b/hw/intc/xive.c
in

[Qemu-devel] [PATCH v6 1/2] hw/acpi: Consolidate build_mcfg to pci.c

[Wei Yang]

Now we have two identical build_mcfg functions.

Consolidate them in acpi/pci.c.

Signed-off-by: Wei Yang 

v4:
  * ACPI_PCI depends on both ACPI and PCI
  * rebase on latest master, adjust arm Kconfig
v3:
  * adjust changelog based on Igor's suggestion
---
 default-configs/i386-softmmu.mak |  1 +
 hw/acpi/Kconfig  |  4 +++
 hw/acpi/Makefile.objs|  1 +
 hw/acpi/pci.c| 46 
 hw/arm/Kconfig   |  1 +
 hw/arm/virt-acpi-build.c | 17 
 hw/i386/acpi-build.c | 18 +
 include/hw/acpi/pci.h|  1 +
 8 files changed, 55 insertions(+), 34 deletions(-)
 create mode 100644 hw/acpi/pci.c

diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index ba3fb3ff50..cd5ea391e8 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -25,3 +25,4 @@
 CONFIG_ISAPC=y
 CONFIG_I440FX=y
 CONFIG_Q35=y
+CONFIG_ACPI_PCI=y
diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
index eca3beed75..7c59cf900b 100644
--- a/hw/acpi/Kconfig
+++ b/hw/acpi/Kconfig
@@ -23,6 +23,10 @@ config ACPI_NVDIMM
 bool
 depends on ACPI
 
+config ACPI_PCI
+bool
+depends on ACPI && PCI
+
 config ACPI_VMGENID
 bool
 default y
diff --git a/hw/acpi/Makefile.objs b/hw/acpi/Makefile.objs
index 2d46e3789a..661a9b8c2f 100644
--- a/hw/acpi/Makefile.objs
+++ b/hw/acpi/Makefile.objs
@@ -11,6 +11,7 @@ common-obj-$(call lnot,$(CONFIG_ACPI_X86)) += acpi-stub.o
 common-obj-y += acpi_interface.o
 common-obj-y += bios-linker-loader.o
 common-obj-y += aml-build.o
+common-obj-$(CONFIG_ACPI_PCI) += pci.o
 common-obj-$(CONFIG_TPM) += tpm.o
 
 common-obj-$(CONFIG_IPMI) += ipmi.o
diff --git a/hw/acpi/pci.c b/hw/acpi/pci.c
new file mode 100644
index 00..fa0fa30bb9
--- /dev/null
+++ b/hw/acpi/pci.c
@@ -0,0 +1,46 @@
+/*
+ * Support for generating PCI related ACPI tables and passing them to Guests
+ *
+ * Copyright (C) 2006 Fabrice Bellard
+ * Copyright (C) 2008-2010  Kevin O'Connor 
+ * Copyright (C) 2013-2019 Red Hat Inc
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Author: Wei Yang 
+ * Author: Michael S. Tsirkin 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "hw/acpi/aml-build.h"
+#include "hw/acpi/pci.h"
+#include "hw/pci/pcie_host.h"
+
+void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
+{
+AcpiTableMcfg *mcfg;
+int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
+
+mcfg = acpi_data_push(table_data, len);
+mcfg->allocation[0].address = cpu_to_le64(info->base);
+
+/* Only a single allocation so no need to play with segments */
+mcfg->allocation[0].pci_segment = cpu_to_le16(0);
+mcfg->allocation[0].start_bus_number = 0;
+mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
+
+build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
+}
+
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index af8cffde9c..9aced9d54d 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -19,6 +19,7 @@ config ARM_VIRT
 select PLATFORM_BUS
 select SMBIOS
 select VIRTIO_MMIO
+select ACPI_PCI
 
 config CHEETAH
 bool
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index e7c96d658e..4a64f9985c 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -546,23 +546,6 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
  "SRAT", table_data->len - srat_start, 3, NULL, NULL);
 }
 
-static void
-build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
-{
-AcpiTableMcfg *mcfg;
-int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
-
-mcfg = acpi_data_push(table_data, len);
-mcfg->allocation[0].address = cpu_to_le64(info->base);
-
-/* Only a single allocation so no need to play with segments */
-mcfg->allocation[0].pci_segment = cpu_to_le16(0);
-mcfg->allocation[0].start_bus_number = 0;
-mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
-
-build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
-}
-
 /* GTDT */
 static void
 build_gtdt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 0d78d73894..85dc16

[Qemu-devel] [PULL 27/38] spapr/xive: add hcall support when under KVM

[David Gibson]

From: Cédric Le Goater 

XIVE hcalls are all redirected to QEMU as none are on a fast path.
When necessary, QEMU invokes KVM through specific ioctls to perform
host operations. QEMU should have done the necessary checks before
calling KVM and, in case of failure, H_HARDWARE is simply returned.

H_INT_ESB is a special case that could have been handled under KVM
but the impact on performance was low when under QEMU. Here are some
figures :

kernel irqchip  OFF  ON
H_INT_ESBKVM   QEMU

rtl8139 (LSI )  1.19 1.24  1.23  Gbits/sec
virtio 31.8042.30   --   Gbits/sec

Signed-off-by: Cédric Le Goater 
Reviewed-by: David Gibson 
Message-Id: <20190513084245.25755-4-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive.c|  90 ++--
 hw/intc/spapr_xive_kvm.c| 197 
 include/hw/ppc/spapr_xive.h |  15 +++
 3 files changed, 294 insertions(+), 8 deletions(-)

diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
index 27632683e6..03f92c3e65 100644
--- a/hw/intc/spapr_xive.c
+++ b/hw/intc/spapr_xive.c
@@ -86,6 +86,22 @@ static int spapr_xive_target_to_nvt(uint32_t target,
  * sPAPR END indexing uses a simple mapping of the CPU vcpu_id, 8
  * priorities per CPU
  */
+int spapr_xive_end_to_target(uint8_t end_blk, uint32_t end_idx,
+ uint32_t *out_server, uint8_t *out_prio)
+{
+
+assert(end_blk == SPAPR_XIVE_BLOCK_ID);
+
+if (out_server) {
+*out_server = end_idx >> 3;
+}
+
+if (out_prio) {
+*out_prio = end_idx & 0x7;
+}
+return 0;
+}
+
 static void spapr_xive_cpu_to_end(PowerPCCPU *cpu, uint8_t prio,
   uint8_t *out_end_blk, uint32_t *out_end_idx)
 {
@@ -792,6 +808,16 @@ static target_ulong h_int_set_source_config(PowerPCCPU 
*cpu,
 new_eas.w = xive_set_field64(EAS_END_DATA, new_eas.w, eisn);
 }
 
+if (kvm_irqchip_in_kernel()) {
+Error *local_err = NULL;
+
+kvmppc_xive_set_source_config(xive, lisn, &new_eas, &local_err);
+if (local_err) {
+error_report_err(local_err);
+return H_HARDWARE;
+}
+}
+
 out:
 xive->eat[lisn] = new_eas;
 return H_SUCCESS;
@@ -1103,6 +1129,16 @@ static target_ulong h_int_set_queue_config(PowerPCCPU 
*cpu,
  */
 
 out:
+if (kvm_irqchip_in_kernel()) {
+Error *local_err = NULL;
+
+kvmppc_xive_set_queue_config(xive, end_blk, end_idx, &end, &local_err);
+if (local_err) {
+error_report_err(local_err);
+return H_HARDWARE;
+}
+}
+
 /* Update END */
 memcpy(&xive->endt[end_idx], &end, sizeof(XiveEND));
 return H_SUCCESS;
@@ -1194,6 +1230,16 @@ static target_ulong h_int_get_queue_config(PowerPCCPU 
*cpu,
 args[2] = 0;
 }
 
+if (kvm_irqchip_in_kernel()) {
+Error *local_err = NULL;
+
+kvmppc_xive_get_queue_config(xive, end_blk, end_idx, end, &local_err);
+if (local_err) {
+error_report_err(local_err);
+return H_HARDWARE;
+}
+}
+
 /* TODO: do we need any locking on the END ? */
 if (flags & SPAPR_XIVE_END_DEBUG) {
 /* Load the event queue generation number into the return flags */
@@ -1346,15 +1392,20 @@ static target_ulong h_int_esb(PowerPCCPU *cpu,
 return H_P3;
 }
 
-mmio_addr = xive->vc_base + xive_source_esb_mgmt(xsrc, lisn) + offset;
+if (kvm_irqchip_in_kernel()) {
+args[0] = kvmppc_xive_esb_rw(xsrc, lisn, offset, data,
+ flags & SPAPR_XIVE_ESB_STORE);
+} else {
+mmio_addr = xive->vc_base + xive_source_esb_mgmt(xsrc, lisn) + offset;
 
-if (dma_memory_rw(&address_space_memory, mmio_addr, &data, 8,
-  (flags & SPAPR_XIVE_ESB_STORE))) {
-qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to access ESB @0x%"
-  HWADDR_PRIx "\n", mmio_addr);
-return H_HARDWARE;
+if (dma_memory_rw(&address_space_memory, mmio_addr, &data, 8,
+  (flags & SPAPR_XIVE_ESB_STORE))) {
+qemu_log_mask(LOG_GUEST_ERROR, "XIVE: failed to access ESB @0x%"
+  HWADDR_PRIx "\n", mmio_addr);
+return H_HARDWARE;
+}
+args[0] = (flags & SPAPR_XIVE_ESB_STORE) ? -1 : data;
 }
-args[0] = (flags & SPAPR_XIVE_ESB_STORE) ? -1 : data;
 return H_SUCCESS;
 }
 
@@ -1411,7 +1462,20 @@ static target_ulong h_int_sync(PowerPCCPU *cpu,
  * This is not needed when running the emulation under QEMU
  */
 
-/* This is not real hardware. Nothing to be done */
+/*
+ * This is not real hardware. Nothing to be done unless when
+ * under KVM
+ */
+
+if (kvm_irqchip_in_kernel()) {
+Error *local_err = NULL;
+
+kvmppc_xive_sync_source(xive, lisn, &local_err);
+if (local_err) {
+error_r

[Qemu-devel] [PULL 30/38] spapr/xive: add migration support for KVM

[David Gibson]

From: Cédric Le Goater 

When the VM is stopped, the VM state handler stabilizes the XIVE IC
and marks the EQ pages dirty. These are then transferred to destination
before the transfer of the device vmstates starts.

The SpaprXive interrupt controller model captures the XIVE internal
tables, EAT and ENDT and the XiveTCTX model does the same for the
thread interrupt context registers.

At restart, the SpaprXive 'post_load' method restores all the XIVE
states. It is called by the sPAPR machine 'post_load' method, when all
XIVE states have been transferred and loaded.

Finally, the source states are restored in the VM change state handler
when the machine reaches the running state.

Signed-off-by: Cédric Le Goater 
Reviewed-by: David Gibson 
Message-Id: <20190513084245.25755-7-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive.c| 24 ++
 hw/intc/spapr_xive_kvm.c| 95 -
 hw/intc/xive.c  | 17 +++
 hw/ppc/spapr_irq.c  |  2 +-
 include/hw/ppc/spapr_xive.h |  3 ++
 include/hw/ppc/xive.h   |  1 +
 6 files changed, 140 insertions(+), 2 deletions(-)

diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
index e771db5fd0..0aa5d8a55e 100644
--- a/hw/intc/spapr_xive.c
+++ b/hw/intc/spapr_xive.c
@@ -472,10 +472,34 @@ static const VMStateDescription vmstate_spapr_xive_eas = {
 },
 };
 
+static int vmstate_spapr_xive_pre_save(void *opaque)
+{
+if (kvm_irqchip_in_kernel()) {
+return kvmppc_xive_pre_save(SPAPR_XIVE(opaque));
+}
+
+return 0;
+}
+
+/*
+ * Called by the sPAPR IRQ backend 'post_load' method at the machine
+ * level.
+ */
+int spapr_xive_post_load(SpaprXive *xive, int version_id)
+{
+if (kvm_irqchip_in_kernel()) {
+return kvmppc_xive_post_load(xive, version_id);
+}
+
+return 0;
+}
+
 static const VMStateDescription vmstate_spapr_xive = {
 .name = TYPE_SPAPR_XIVE,
 .version_id = 1,
 .minimum_version_id = 1,
+.pre_save = vmstate_spapr_xive_pre_save,
+.post_load = NULL, /* handled at the machine level */
 .fields = (VMStateField[]) {
 VMSTATE_UINT32_EQUAL(nr_irqs, SpaprXive, NULL),
 VMSTATE_STRUCT_VARRAY_POINTER_UINT32(eat, SpaprXive, nr_irqs,
diff --git a/hw/intc/spapr_xive_kvm.c b/hw/intc/spapr_xive_kvm.c
index 735577a6f8..3999e4b7ed 100644
--- a/hw/intc/spapr_xive_kvm.c
+++ b/hw/intc/spapr_xive_kvm.c
@@ -15,6 +15,7 @@
 #include "sysemu/cpus.h"
 #include "sysemu/kvm.h"
 #include "hw/ppc/spapr.h"
+#include "hw/ppc/spapr_cpu_core.h"
 #include "hw/ppc/spapr_xive.h"
 #include "hw/ppc/xive.h"
 #include "kvm_ppc.h"
@@ -60,7 +61,24 @@ static void kvm_cpu_enable(CPUState *cs)
 /*
  * XIVE Thread Interrupt Management context (KVM)
  */
-static void kvmppc_xive_cpu_get_state(XiveTCTX *tctx, Error **errp)
+
+static void kvmppc_xive_cpu_set_state(XiveTCTX *tctx, Error **errp)
+{
+uint64_t state[2];
+int ret;
+
+/* word0 and word1 of the OS ring. */
+state[0] = *((uint64_t *) &tctx->regs[TM_QW1_OS]);
+
+ret = kvm_set_one_reg(tctx->cs, KVM_REG_PPC_VP_STATE, state);
+if (ret != 0) {
+error_setg_errno(errp, errno,
+ "XIVE: could not restore KVM state of CPU %ld",
+ kvm_arch_vcpu_id(tctx->cs));
+}
+}
+
+void kvmppc_xive_cpu_get_state(XiveTCTX *tctx, Error **errp)
 {
 uint64_t state[2] = { 0 };
 int ret;
@@ -534,6 +552,81 @@ void kvmppc_xive_synchronize_state(SpaprXive *xive, Error 
**errp)
 kvmppc_xive_get_queues(xive, errp);
 }
 
+/*
+ * The SpaprXive 'pre_save' method is called by the vmstate handler of
+ * the SpaprXive model, after the XIVE controller is synced in the VM
+ * change handler.
+ */
+int kvmppc_xive_pre_save(SpaprXive *xive)
+{
+Error *local_err = NULL;
+
+/* EAT: there is no extra state to query from KVM */
+
+/* ENDT */
+kvmppc_xive_get_queues(xive, &local_err);
+if (local_err) {
+error_report_err(local_err);
+return -1;
+}
+
+return 0;
+}
+
+/*
+ * The SpaprXive 'post_load' method is not called by a vmstate
+ * handler. It is called at the sPAPR machine level at the end of the
+ * migration sequence by the sPAPR IRQ backend 'post_load' method,
+ * when all XIVE states have been transferred and loaded.
+ */
+int kvmppc_xive_post_load(SpaprXive *xive, int version_id)
+{
+Error *local_err = NULL;
+CPUState *cs;
+int i;
+
+/* Restore the ENDT first. The targetting depends on it. */
+for (i = 0; i < xive->nr_ends; i++) {
+if (!xive_end_is_valid(&xive->endt[i])) {
+continue;
+}
+
+kvmppc_xive_set_queue_config(xive, SPAPR_XIVE_BLOCK_ID, i,
+ &xive->endt[i], &local_err);
+if (local_err) {
+error_report_err(local_err);
+return -1;
+}
+}
+
+/* Restore the EAT */
+for (i = 0; i < xive->nr_irqs; i++) {
+if (!xive_eas_is_valid(&xive->eat[i])) {
+  

[Qemu-devel] [PULL 24/38] spapr: Print out extra hints when CAS negotiation of interrupt mode fails

[David Gibson]

From: Greg Kurz 

Let's suggest to the user how the machine should be configured to allow
the guest to boot successfully.

Suggested-by: Satheesh Rajendran 
Signed-off-by: Greg Kurz 
Message-Id: <155799221739.527449.14907564571096243745.st...@bahia.lan>
Reviewed-by: Satheesh Rajendran 
Tested-by: Satheesh Rajendran 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_hcall.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 63a55614b8..aae9fd2b3e 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1646,12 +1646,12 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
  */
 if (guest_xive) {
 if (spapr->irq->ov5 == SPAPR_OV5_XIVE_LEGACY) {
-error_report("Guest requested unavailable interrupt mode (XIVE)");
+error_report("Guest requested unavailable interrupt mode (XIVE), 
try the ic-mode=xive or ic-mode=dual machine property");
 exit(EXIT_FAILURE);
 }
 } else {
 if (spapr->irq->ov5 == SPAPR_OV5_XIVE_EXPLOIT) {
-error_report("Guest requested unavailable interrupt mode (XICS)");
+error_report("Guest requested unavailable interrupt mode (XICS), 
either don't set the ic-mode machine property or try ic-mode=xics or 
ic-mode=dual");
 exit(EXIT_FAILURE);
 }
 }
-- 
2.21.0

[Qemu-devel] [PULL 11/38] target/ppc: Fix vsum2sws

[David Gibson]

From: Anton Blanchard 

A recent cleanup changed the pre zeroing of the result from 64 bit
to 32 bit operations:

-result.u64[i] = 0;
+result.VsrW(i) = 0;

This corrupts the result.

Fixes: 60594fea298d ("target/ppc: remove various HOST_WORDS_BIGENDIAN hacks in 
int_helper.c")
Signed-off-by: Anton Blanchard 
Message-Id: <20190507004811.29968-9-an...@ozlabs.org>
Signed-off-by: David Gibson 
---
 target/ppc/int_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index fd715b4076..f5c81acd53 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -2038,7 +2038,7 @@ void helper_vsum2sws(CPUPPCState *env, ppc_avr_t *r, 
ppc_avr_t *a, ppc_avr_t *b)
 for (i = 0; i < ARRAY_SIZE(r->u64); i++) {
 int64_t t = (int64_t)b->VsrSW(upper + i * 2);
 
-result.VsrW(i) = 0;
+result.VsrD(i) = 0;
 for (j = 0; j < ARRAY_SIZE(r->u64); j++) {
 t += a->VsrSW(2 * i + j);
 }
-- 
2.21.0

[Qemu-devel] [PATCH v6 0/2] Extract build_mcfg Part 2

[Wei Yang]

This patch set tries to generalize MCFG table build process. Several patches
are already merged and these two are left for the following reasons:

  * conflict with latest upstream
  * ACPI_PCI dependency fix
  * missed reserved[8] in MCFG

v4->v5:
* ACPI_PCI depends on both ACPI and PCI
* rebase on latest master, adjust arm Kconfig
* miss the reserved[8] of MCFG, add it back
* make sure bios-tables-test all OK

Wei Yang (2):
  hw/acpi: Consolidate build_mcfg to pci.c
  acpi: pci: use build_append_foo() API to construct MCFG

 default-configs/i386-softmmu.mak |  1 +
 hw/acpi/Kconfig  |  4 +++
 hw/acpi/Makefile.objs|  1 +
 hw/acpi/pci.c| 61 
 hw/arm/Kconfig   |  1 +
 hw/arm/virt-acpi-build.c | 17 -
 hw/i386/acpi-build.c | 18 +-
 include/hw/acpi/acpi-defs.h  | 18 --
 include/hw/acpi/pci.h|  1 +
 9 files changed, 70 insertions(+), 52 deletions(-)
 create mode 100644 hw/acpi/pci.c

-- 
2.19.1

[Qemu-devel] [PULL 14/38] spapr/xive: fix EQ page addresses above 64GB

[David Gibson]

From: Cédric Le Goater 

The high order bits of the address of the OS event queue is stored in
bits [4-31] of word2 of the XIVE END internal structures and the low
order bits in word3. This structure is using Big Endian ordering and
computing the value requires some simple arithmetic which happens to
be wrong. The mask removing bits [0-3] of word2 is applied to the
wrong value and the resulting address is bogus when above 64GB.

Guests with more than 64GB of RAM will allocate pages for the OS event
queues which will reside above the 64GB limit. In this case, the XIVE
device model will wake up the CPUs in case of a notification, such as
IPIs, but the update of the event queue will be written at the wrong
place in memory. The result is uncertain as the guest memory is
trashed and IPI are not delivered.

Introduce a helper xive_end_qaddr() to compute this value correctly in
all places where it is used.

Signed-off-by: Cédric Le Goater 
Message-Id: <20190508171946.657-3-...@kaod.org>
Reviewed-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive.c   | 3 +--
 hw/intc/xive.c | 9 +++--
 include/hw/ppc/xive_regs.h | 6 ++
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
index 33da1a52c6..a19e998093 100644
--- a/hw/intc/spapr_xive.c
+++ b/hw/intc/spapr_xive.c
@@ -1150,8 +1150,7 @@ static target_ulong h_int_get_queue_config(PowerPCCPU 
*cpu,
 }
 
 if (xive_end_is_enqueue(end)) {
-args[1] = (uint64_t) be32_to_cpu(end->w2 & 0x0fff) << 32
-| be32_to_cpu(end->w3);
+args[1] = xive_end_qaddr(end);
 args[2] = xive_get_field32(END_W0_QSIZE, end->w0) + 12;
 } else {
 args[1] = 0;
diff --git a/hw/intc/xive.c b/hw/intc/xive.c
index a0b87001da..dcf2fcd108 100644
--- a/hw/intc/xive.c
+++ b/hw/intc/xive.c
@@ -1042,8 +1042,7 @@ static const TypeInfo xive_source_info = {
 
 void xive_end_queue_pic_print_info(XiveEND *end, uint32_t width, Monitor *mon)
 {
-uint64_t qaddr_base = (uint64_t) be32_to_cpu(end->w2 & 0x0fff) << 32
-| be32_to_cpu(end->w3);
+uint64_t qaddr_base = xive_end_qaddr(end);
 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0);
 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1);
 uint32_t qentries = 1 << (qsize + 10);
@@ -1072,8 +1071,7 @@ void xive_end_queue_pic_print_info(XiveEND *end, uint32_t 
width, Monitor *mon)
 
 void xive_end_pic_print_info(XiveEND *end, uint32_t end_idx, Monitor *mon)
 {
-uint64_t qaddr_base = (uint64_t) be32_to_cpu(end->w2 & 0x0fff) << 32
-| be32_to_cpu(end->w3);
+uint64_t qaddr_base = xive_end_qaddr(end);
 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1);
 uint32_t qgen = xive_get_field32(END_W1_GENERATION, end->w1);
 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0);
@@ -1101,8 +1099,7 @@ void xive_end_pic_print_info(XiveEND *end, uint32_t 
end_idx, Monitor *mon)
 
 static void xive_end_enqueue(XiveEND *end, uint32_t data)
 {
-uint64_t qaddr_base = (uint64_t) be32_to_cpu(end->w2 & 0x0fff) << 32
-| be32_to_cpu(end->w3);
+uint64_t qaddr_base = xive_end_qaddr(end);
 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0);
 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1);
 uint32_t qgen = xive_get_field32(END_W1_GENERATION, end->w1);
diff --git a/include/hw/ppc/xive_regs.h b/include/hw/ppc/xive_regs.h
index bf36678a24..1a8c5b5e64 100644
--- a/include/hw/ppc/xive_regs.h
+++ b/include/hw/ppc/xive_regs.h
@@ -208,6 +208,12 @@ typedef struct XiveEND {
 #define xive_end_is_backlog(end)  (be32_to_cpu((end)->w0) & END_W0_BACKLOG)
 #define xive_end_is_escalate(end) (be32_to_cpu((end)->w0) & 
END_W0_ESCALATE_CTL)
 
+static inline uint64_t xive_end_qaddr(XiveEND *end)
+{
+return ((uint64_t) be32_to_cpu(end->w2) & 0x0fff) << 32 |
+be32_to_cpu(end->w3);
+}
+
 /* Notification Virtual Target (NVT) */
 typedef struct XiveNVT {
 uint32_tw0;
-- 
2.21.0

[Qemu-devel] [PULL 29/38] spapr/xive: introduce a VM state change handler

[David Gibson]

From: Cédric Le Goater 

This handler is in charge of stabilizing the flow of event notifications
in the XIVE controller before migrating a guest. This is a requirement
before transferring the guest EQ pages to a destination.

When the VM is stopped, the handler sets the source PQs to PENDING to
stop the flow of events and to possibly catch a triggered interrupt
occuring while the VM is stopped. Their previous state is saved. The
XIVE controller is then synced through KVM to flush any in-flight
event notification and to stabilize the EQs. At this stage, the EQ
pages are marked dirty to make sure the EQ pages are transferred if a
migration sequence is in progress.

The previous configuration of the sources is restored when the VM
resumes, after a migration or a stop. If an interrupt was queued while
the VM was stopped, the handler simply generates the missing trigger.

Signed-off-by: Cédric Le Goater 
Reviewed-by: David Gibson 
Message-Id: <20190513084245.25755-6-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive_kvm.c| 96 -
 include/hw/ppc/spapr_xive.h |  1 +
 2 files changed, 96 insertions(+), 1 deletion(-)

diff --git a/hw/intc/spapr_xive_kvm.c b/hw/intc/spapr_xive_kvm.c
index 8dd4f96e0b..735577a6f8 100644
--- a/hw/intc/spapr_xive_kvm.c
+++ b/hw/intc/spapr_xive_kvm.c
@@ -433,9 +433,100 @@ static void kvmppc_xive_get_queues(SpaprXive *xive, Error 
**errp)
 }
 }
 
+/*
+ * The primary goal of the XIVE VM change handler is to mark the EQ
+ * pages dirty when all XIVE event notifications have stopped.
+ *
+ * Whenever the VM is stopped, the VM change handler sets the source
+ * PQs to PENDING to stop the flow of events and to possibly catch a
+ * triggered interrupt occuring while the VM is stopped. The previous
+ * state is saved in anticipation of a migration. The XIVE controller
+ * is then synced through KVM to flush any in-flight event
+ * notification and stabilize the EQs.
+ *
+ * At this stage, we can mark the EQ page dirty and let a migration
+ * sequence transfer the EQ pages to the destination, which is done
+ * just after the stop state.
+ *
+ * The previous configuration of the sources is restored when the VM
+ * runs again. If an interrupt was queued while the VM was stopped,
+ * simply generate a trigger.
+ */
+static void kvmppc_xive_change_state_handler(void *opaque, int running,
+ RunState state)
+{
+SpaprXive *xive = opaque;
+XiveSource *xsrc = &xive->source;
+Error *local_err = NULL;
+int i;
+
+/*
+ * Restore the sources to their initial state. This is called when
+ * the VM resumes after a stop or a migration.
+ */
+if (running) {
+for (i = 0; i < xsrc->nr_irqs; i++) {
+uint8_t pq = xive_source_esb_get(xsrc, i);
+uint8_t old_pq;
+
+old_pq = xive_esb_read(xsrc, i, XIVE_ESB_SET_PQ_00 + (pq << 8));
+
+/*
+ * An interrupt was queued while the VM was stopped,
+ * generate a trigger.
+ */
+if (pq == XIVE_ESB_RESET && old_pq == XIVE_ESB_QUEUED) {
+xive_esb_trigger(xsrc, i);
+}
+}
+
+return;
+}
+
+/*
+ * Mask the sources, to stop the flow of event notifications, and
+ * save the PQs locally in the XiveSource object. The XiveSource
+ * state will be collected later on by its vmstate handler if a
+ * migration is in progress.
+ */
+for (i = 0; i < xsrc->nr_irqs; i++) {
+uint8_t pq = xive_esb_read(xsrc, i, XIVE_ESB_GET);
+
+/*
+ * PQ is set to PENDING to possibly catch a triggered
+ * interrupt occuring while the VM is stopped (hotplug event
+ * for instance) .
+ */
+if (pq != XIVE_ESB_OFF) {
+pq = xive_esb_read(xsrc, i, XIVE_ESB_SET_PQ_10);
+}
+xive_source_esb_set(xsrc, i, pq);
+}
+
+/*
+ * Sync the XIVE controller in KVM, to flush in-flight event
+ * notification that should be enqueued in the EQs and mark the
+ * XIVE EQ pages dirty to collect all updates.
+ */
+kvm_device_access(xive->fd, KVM_DEV_XIVE_GRP_CTRL,
+  KVM_DEV_XIVE_EQ_SYNC, NULL, true, &local_err);
+if (local_err) {
+error_report_err(local_err);
+return;
+}
+}
+
 void kvmppc_xive_synchronize_state(SpaprXive *xive, Error **errp)
 {
-kvmppc_xive_source_get_state(&xive->source);
+/*
+ * When the VM is stopped, the sources are masked and the previous
+ * state is saved in anticipation of a migration. We should not
+ * synchronize the source state in that case else we will override
+ * the saved state.
+ */
+if (runstate_is_running()) {
+kvmppc_xive_source_get_state(&xive->source);
+}
 
 /* EAT: there is no extra state to query from KVM */
 
@@ -515,6 +606,9 @@ void kvmppc_xive_connect(SpaprXive *xive, Error **errp)

[Qemu-devel] [PULL 09/38] target/ppc: Fix xxbrq, xxbrw

[David Gibson]

From: Anton Blanchard 

Fix a typo in xxbrq and xxbrw where we put both results into the lower
doubleword.

Fixes: 8b3b2d75c7c0 ("introduce get_cpu_vsr{l,h}() and set_cpu_vsr{l,h}() 
helpers for VSR register access")
Signed-off-by: Anton Blanchard 
Message-Id: <20190507004811.29968-3-an...@ozlabs.org>
Signed-off-by: David Gibson 
---
 target/ppc/translate/vsx-impl.inc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 4d8ca7cf32..d29f60e2f9 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -1192,7 +1192,7 @@ static void gen_xxbrq(DisasContext *ctx)
 tcg_gen_bswap64_i64(xtl, xbh);
 set_cpu_vsrl(xT(ctx->opcode), xtl);
 tcg_gen_mov_i64(xth, t0);
-set_cpu_vsrl(xT(ctx->opcode), xth);
+set_cpu_vsrh(xT(ctx->opcode), xth);
 
 tcg_temp_free_i64(t0);
 tcg_temp_free_i64(xth);
@@ -1220,7 +1220,7 @@ static void gen_xxbrw(DisasContext *ctx)
 get_cpu_vsrl(xbl, xB(ctx->opcode));
 
 gen_bswap32x4(xth, xtl, xbh, xbl);
-set_cpu_vsrl(xT(ctx->opcode), xth);
+set_cpu_vsrh(xT(ctx->opcode), xth);
 set_cpu_vsrl(xT(ctx->opcode), xtl);
 
 tcg_temp_free_i64(xth);
-- 
2.21.0

[Qemu-devel] [PULL 10/38] target/ppc: Fix vslv and vsrv

[David Gibson]

From: Anton Blanchard 

vslv and vsrv are broken on little endian, we append 00 to the
high byte not the low byte. Fix it by using the VsrB() accessor.

Signed-off-by: Anton Blanchard 
Message-Id: <20190507004811.29968-6-an...@ozlabs.org>
Signed-off-by: David Gibson 
---
 target/ppc/int_helper.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index f6a088ac08..fd715b4076 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -1800,10 +1800,10 @@ void helper_vslv(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t 
*b)
 
 size = ARRAY_SIZE(r->u8);
 for (i = 0; i < size; i++) {
-shift = b->u8[i] & 0x7; /* extract shift value */
-bytes = (a->u8[i] << 8) + /* extract adjacent bytes */
-(((i + 1) < size) ? a->u8[i + 1] : 0);
-r->u8[i] = (bytes << shift) >> 8;   /* shift and store result */
+shift = b->VsrB(i) & 0x7; /* extract shift value */
+bytes = (a->VsrB(i) << 8) +   /* extract adjacent bytes */
+(((i + 1) < size) ? a->VsrB(i + 1) : 0);
+r->VsrB(i) = (bytes << shift) >> 8;   /* shift and store result */
 }
 }
 
@@ -1818,10 +1818,10 @@ void helper_vsrv(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t 
*b)
  * order will guarantee that computed result is not fed back.
  */
 for (i = ARRAY_SIZE(r->u8) - 1; i >= 0; i--) {
-shift = b->u8[i] & 0x7; /* extract shift value */
-bytes = ((i ? a->u8[i - 1] : 0) << 8) + a->u8[i];
+shift = b->VsrB(i) & 0x7;   /* extract shift value */
+bytes = ((i ? a->VsrB(i - 1) : 0) << 8) + a->VsrB(i);
 /* extract adjacent bytes */
-r->u8[i] = (bytes >> shift) & 0xFF; /* shift and store result */
+r->VsrB(i) = (bytes >> shift) & 0xFF;   /* shift and store result */
 }
 }
 
-- 
2.21.0

[Qemu-devel] [PULL 15/38] spapr/xive: print out the EQ page address in the monitor

[David Gibson]

From: Cédric Le Goater 

This proved to be a useful information when debugging issues with OS
event queues allocated above 64GB.

Signed-off-by: Cédric Le Goater 
Message-Id: <20190508171946.657-4-...@kaod.org>
Reviewed-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
index a19e998093..58cc6e2b50 100644
--- a/hw/intc/spapr_xive.c
+++ b/hw/intc/spapr_xive.c
@@ -120,6 +120,7 @@ static int spapr_xive_target_to_end(uint32_t target, 
uint8_t prio,
 static void spapr_xive_end_pic_print_info(SpaprXive *xive, XiveEND *end,
   Monitor *mon)
 {
+uint64_t qaddr_base = xive_end_qaddr(end);
 uint32_t qindex = xive_get_field32(END_W1_PAGE_OFF, end->w1);
 uint32_t qgen = xive_get_field32(END_W1_GENERATION, end->w1);
 uint32_t qsize = xive_get_field32(END_W0_QSIZE, end->w0);
@@ -127,9 +128,9 @@ static void spapr_xive_end_pic_print_info(SpaprXive *xive, 
XiveEND *end,
 uint32_t nvt = xive_get_field32(END_W6_NVT_INDEX, end->w6);
 uint8_t priority = xive_get_field32(END_W7_F0_PRIORITY, end->w7);
 
-monitor_printf(mon, "%3d/%d % 6d/%5d ^%d",
+monitor_printf(mon, "%3d/%d % 6d/%5d @%"PRIx64" ^%d",
spapr_xive_nvt_to_target(0, nvt),
-   priority, qindex, qentries, qgen);
+   priority, qindex, qentries, qaddr_base, qgen);
 
 xive_end_queue_pic_print_info(end, 6, mon);
 monitor_printf(mon, "]");
-- 
2.21.0

[Qemu-devel] [PULL 17/38] target/ppc: Optimise VSX_LOAD_SCALAR_DS and VSX_VECTOR_LOAD_STORE

[David Gibson]

From: Anton Blanchard 

A few small optimisations:

In VSX_LOAD_SCALAR_DS() we can don't need to read the VSR via
get_cpu_vsrh().

Split VSX_VECTOR_LOAD_STORE() into two functions. Loads only need to
write the VSRs (set_cpu_vsr*()) and stores only need to read the VSRs
(get_cpu_vsr*())

Thanks to Mark Cave-Ayland for the suggestions.

Signed-off-by: Anton Blanchard 
Message-Id: <20190509103545.4a7fa71a@kryten>
Reviewed-by: Mark Cave-Ayland 
Signed-off-by: David Gibson 
---
 target/ppc/translate/vsx-impl.inc.c | 68 -
 1 file changed, 58 insertions(+), 10 deletions(-)

diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 4b8f6cefe3..c39829cf33 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -227,7 +227,7 @@ static void gen_lxvb16x(DisasContext *ctx)
 tcg_temp_free_i64(xtl);
 }
 
-#define VSX_VECTOR_LOAD_STORE(name, op, indexed)\
+#define VSX_VECTOR_LOAD(name, op, indexed)  \
 static void gen_##name(DisasContext *ctx)   \
 {   \
 int xt; \
@@ -254,8 +254,6 @@ static void gen_##name(DisasContext *ctx)   
\
 }   \
 xth = tcg_temp_new_i64();   \
 xtl = tcg_temp_new_i64();   \
-get_cpu_vsrh(xth, xt);  \
-get_cpu_vsrl(xtl, xt);  \
 gen_set_access_type(ctx, ACCESS_INT);   \
 EA = tcg_temp_new();\
 if (indexed) {  \
@@ -281,10 +279,61 @@ static void gen_##name(DisasContext *ctx) 
  \
 tcg_temp_free_i64(xtl); \
 }
 
-VSX_VECTOR_LOAD_STORE(lxv, ld_i64, 0)
-VSX_VECTOR_LOAD_STORE(stxv, st_i64, 0)
-VSX_VECTOR_LOAD_STORE(lxvx, ld_i64, 1)
-VSX_VECTOR_LOAD_STORE(stxvx, st_i64, 1)
+VSX_VECTOR_LOAD(lxv, ld_i64, 0)
+VSX_VECTOR_LOAD(lxvx, ld_i64, 1)
+
+#define VSX_VECTOR_STORE(name, op, indexed) \
+static void gen_##name(DisasContext *ctx)   \
+{   \
+int xt; \
+TCGv EA;\
+TCGv_i64 xth;   \
+TCGv_i64 xtl;   \
+\
+if (indexed) {  \
+xt = xT(ctx->opcode);   \
+} else {\
+xt = DQxT(ctx->opcode); \
+}   \
+\
+if (xt < 32) {  \
+if (unlikely(!ctx->vsx_enabled)) {  \
+gen_exception(ctx, POWERPC_EXCP_VSXU);  \
+return; \
+}   \
+} else {\
+if (unlikely(!ctx->altivec_enabled)) {  \
+gen_exception(ctx, POWERPC_EXCP_VPU);   \
+return; \
+}   \
+}   \
+xth = tcg_temp_new_i64();   \
+xtl = tcg_temp_new_i64();   \
+get_cpu_vsrh(xth, xt);  \
+get_cpu_vsrl(xtl, xt);  \
+gen_set_access_type(ctx, ACCESS_INT);   \
+EA = tcg_temp_new();\
+if (indexed) {  \
+gen_addr_reg_index(ctx, EA);\
+} else {\
+gen_addr_imm_index(ctx, EA, 0x0F);  \
+}   \
+if (ctx->le_mode) { \
+tcg_gen_qemu_##op(xtl, EA, ctx->mem_idx, MO_LEQ);   \
+tcg_gen_addi_tl(EA, EA, 8); \
+tcg_gen_qemu_##op(xth, EA, ctx->mem_idx, MO_LEQ);   \
+} else {\
+tcg_gen_qemu_##op(xth, EA, ctx->mem_idx, MO_BEQ);   \
+tcg_gen_addi_tl(EA, EA, 8); \
+tcg_gen_qemu_##op(xtl, EA, ctx->mem_idx, MO_BEQ);   \
+}  

[Qemu-devel] [PULL 07/38] target/ppc: Add ibm, purr and ibm, spurr device-tree properties

[David Gibson]

From: Suraj Jitindar Singh 

The ibm,purr and ibm,spurr device tree properties are used to indicate
that the processor implements the Processor Utilisation of Resources
Register (PURR) and Scaled Processor Utilisation of Resources Registers
(SPURR), respectively. Each property has a single value which represents
the level of architecture supported. A value of 1 for ibm,purr means
support for the version of the PURR defined in book 3 in version 2.02 of
the architecture. A value of 1 for ibm,spurr means support for the
version of the SPURR defined in version 2.05 of the architecture.

Add these properties for all processors for which the PURR and SPURR
registers are generated.

Fixes: 0da6f3fef9a "spapr: Reorganize CPU dt generation code"
Signed-off-by: Suraj Jitindar Singh 
Message-Id: <20190506014803.21299-1-sjitindarsi...@gmail.com>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 2ef3ce4362..8580a8dc67 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -500,7 +500,10 @@ static void spapr_populate_cpu_dt(CPUState *cs, void *fdt, 
int offset,
 _FDT((fdt_setprop(fdt, offset, "64-bit", NULL, 0)));
 
 if (env->spr_cb[SPR_PURR].oea_read) {
-_FDT((fdt_setprop(fdt, offset, "ibm,purr", NULL, 0)));
+_FDT((fdt_setprop_cell(fdt, offset, "ibm,purr", 1)));
+}
+if (env->spr_cb[SPR_SPURR].oea_read) {
+_FDT((fdt_setprop_cell(fdt, offset, "ibm,spurr", 1)));
 }
 
 if (ppc_hash64_has(cpu, PPC_HASH64_1TSEG)) {
-- 
2.21.0

[Qemu-devel] [PULL 13/38] spapr/xive: EQ page should be naturally aligned

[David Gibson]

From: Cédric Le Goater 

When the OS configures the EQ page in which to receive event
notifications from the XIVE interrupt controller, the page should be
naturally aligned. Add this check.

Signed-off-by: Cédric Le Goater 
Message-Id: <20190508171946.657-2-...@kaod.org>
Reviewed-by: Greg Kurz 
[dwg: Minor change for printf warning on some platforms]
Signed-off-by: David Gibson 
---
 hw/intc/spapr_xive.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
index 097f88d460..33da1a52c6 100644
--- a/hw/intc/spapr_xive.c
+++ b/hw/intc/spapr_xive.c
@@ -993,6 +993,12 @@ static target_ulong h_int_set_queue_config(PowerPCCPU *cpu,
 case 16:
 case 21:
 case 24:
+if (!QEMU_IS_ALIGNED(qpage, 1ul << qsize)) {
+qemu_log_mask(LOG_GUEST_ERROR, "XIVE: EQ @0x%" HWADDR_PRIx
+  " is not naturally aligned with %" HWADDR_PRIx "\n",
+  qpage, (hwaddr)1 << qsize);
+return H_P4;
+}
 end.w2 = cpu_to_be32((qpage >> 32) & 0x0fff);
 end.w3 = cpu_to_be32(qpage & 0x);
 end.w0 |= cpu_to_be32(END_W0_ENQUEUE);
-- 
2.21.0

[Qemu-devel] [PULL 20/38] target/ppc: Set PSSCR_EC on cpu halt to prevent spurious wakeup

[David Gibson]

From: Suraj Jitindar Singh 

The processor stop status and control register (PSSCR) is used to
control the power saving facilities of the thread. The exit criterion
bit (EC) is used to specify whether the thread should be woken by any
interrupt (EC == 0) or only an interrupt enabled in the LPCR to wake the
thread (EC == 1).

The rtas facilities start-cpu and self-stop are used to transition a
vcpu between the stopped and running states. When a vcpu is stopped it
may only be started again by the start-cpu rtas call.

Currently a vcpu in the stopped state will start again whenever an
interrupt comes along due to PSSCR_EC being cleared, and while this is
architecturally correct for a hardware thread, a vcpu is expected to
only be woken by calling start-cpu. This means when performing a reboot
on a tcg machine that the secondary threads will restart while the
primary is still in slof, this is unsupported and causes call traces
like:

SLOF **
QEMU Starting
 Build Date = Jan 14 2019 18:00:39
 FW Version = git-a5b428e1c1eae703
 Press "s" to enter Open Firmware.

qemu: fatal: Trying to deliver HV exception (MSR) 70 with no HV support

NIP 6d61676963313230   LR 3dbe0308 CTR 6d61676963313233 XER 
 CPU#1
MSR  HID0   HF  iidx 3 didx 3
TB 0026 115746031956 DECR 18446744073326238463
GPR00 3dbe0308 3e669fe0 3dc10700 0003
GPR04 3dc62198 3dc62178 3dc0ea48 0030
GPR08 3dc621a8 0018 3e466008 3dc50700
GPR12 c093a4e0 c0003300 c0003e533f90 
GPR16   3e466010 3dc0b040
GPR20 8000 f003 0006 3e66a050
GPR24 3dc06400 3dc0ae70 0003 f001
GPR28 3e66a060  6d61676963313233 0028
CR 28000222  [ E  L  -  -  -  E  E  E  ] RES 
FPR00    
FPR04    
FPR08    311825e0
FPR12 311825e0   
FPR16    
FPR20    
FPR24    
FPR28    
FPSCR 
 SRR0 3dbe06b0  SRR1 0008PVR 004e1200 VRSAVE 

SPRG0 3dbe0308 SPRG1 3e669fe0  SPRG2 00d8  SPRG3 
3dbe0308
SPRG4  SPRG5   SPRG6   SPRG7 

HSRR0 6d61676963313230 HSRR1 
 CFAR 3dbe3e64
 LPCR 04020008
 PTCR    DAR   DSISR 
Aborted (core dumped)

To fix this, set the PSSCR_EC bit when a vcpu is stopped to disable it
from coming back online until the start-cpu rtas call is made.

Fixes: 21c0d66a9c99 ("target/ppc: Fix support for "STOP light" states on 
POWER9")

Signed-off-by: Suraj Jitindar Singh 
Message-Id: <20190516005744.24366-1-sjitindarsi...@gmail.com>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_cpu_core.c | 2 ++
 hw/ppc/spapr_rtas.c | 6 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index f04e06cdf6..5621fb9a3d 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -58,9 +58,11 @@ static void spapr_cpu_reset(void *opaque)
  *
  * Disable Power-saving mode Exit Cause exceptions for the CPU, so
  * we don't get spurious wakups before an RTAS start-cpu call.
+ * For the same reason, set PSSCR_EC.
  */
 lpcr &= ~(LPCR_VPM0 | LPCR_VPM1 | LPCR_ISL | LPCR_KBV | pcc->lpcr_pm);
 lpcr |= LPCR_LPES0 | LPCR_LPES1;
+env->spr[SPR_PSSCR] |= PSSCR_EC;
 
 /* Set RMLS to the max (ie, 16G) */
 lpcr &= ~LPCR_RMLS;
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index ee24212765..5bc1a93271 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -177,6 +177,7 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, 
SpaprMachineState *spapr,
 } else {
 lpcr &= ~(LPCR_UPRT | LPCR_GTSE | LPCR_HR);
 }
+env->spr[SPR_PSSCR] &= ~PSSCR_EC;
 }
 ppc_store_lpcr(newcpu, lpcr);
 
@@ -205,8 +206,11 @@ static void rtas_stop_self(PowerPCCPU *cpu, 
SpaprMachineState *spapr,
 
 /* Disable Power-saving mode Exit Cause exceptions for the CPU.
  * This could deliver an interrupt on a dying CPU and crash the
- * guest */
+ * guest.
+ * For the same reason, s

[Qemu-devel] [PULL 19/38] spapr/xive: Sanity checks of OV5 during CAS

[David Gibson]

From: Greg Kurz 

If a machine is started with ic-mode=xive but the guest only knows
about XICS, eg. an RHEL 7.6 guest, the kernel panics. This is
expected but a bit unfortunate since the crash doesn't provide
much information for the end user to guess what's happening.

Detect that during CAS and exit QEMU with a proper error message
instead, like it is already done for the MMU.

Even if this is less likely to happen, the opposite case of a guest
that only knows about XIVE would certainly fail all the same if the
machine is started with ic-mode=xics.

Also, the only valid values a guest can pass in byte 23 of OV5 during
CAS are 0b00 (XIVE legacy mode) and 0b01 (XIVE exploitation mode). Any
other value is a bug, at least with the current spec. Again, it does
not seem right to let the guest go on without a precise idea of the
interrupt mode it asked for.

Handle these cases as well.

Reported-by: Satheesh Rajendran 
Signed-off-by: Greg Kurz 
Message-Id: <155793986451.464434.1288793307255549.st...@bahia.lan>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_hcall.c | 24 
 1 file changed, 24 insertions(+)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 6c16d2b120..63a55614b8 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1513,6 +1513,7 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 bool guest_radix;
 Error *local_err = NULL;
 bool raw_mode_supported = false;
+bool guest_xive;
 
 cas_pvr = cas_check_pvr(spapr, cpu, &addr, &raw_mode_supported, 
&local_err);
 if (local_err) {
@@ -1545,10 +1546,17 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 error_report("guest requested hash and radix MMU, which is invalid.");
 exit(EXIT_FAILURE);
 }
+if (spapr_ovec_test(ov5_guest, OV5_XIVE_BOTH)) {
+error_report("guest requested an invalid interrupt mode");
+exit(EXIT_FAILURE);
+}
+
 /* The radix/hash bit in byte 24 requires special handling: */
 guest_radix = spapr_ovec_test(ov5_guest, OV5_MMU_RADIX_300);
 spapr_ovec_clear(ov5_guest, OV5_MMU_RADIX_300);
 
+guest_xive = spapr_ovec_test(ov5_guest, OV5_XIVE_EXPLOIT);
+
 /*
  * HPT resizing is a bit of a special case, because when enabled
  * we assume an HPT guest will support it until it says it
@@ -1632,6 +1640,22 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
   ov5_updates) != 0);
 }
 
+/*
+ * Ensure the guest asks for an interrupt mode we support; otherwise
+ * terminate the boot.
+ */
+if (guest_xive) {
+if (spapr->irq->ov5 == SPAPR_OV5_XIVE_LEGACY) {
+error_report("Guest requested unavailable interrupt mode (XIVE)");
+exit(EXIT_FAILURE);
+}
+} else {
+if (spapr->irq->ov5 == SPAPR_OV5_XIVE_EXPLOIT) {
+error_report("Guest requested unavailable interrupt mode (XICS)");
+exit(EXIT_FAILURE);
+}
+}
+
 /*
  * Generate a machine reset when we have an update of the
  * interrupt mode. Only required when the machine supports both
-- 
2.21.0

[Qemu-devel] [PULL 12/38] target/ppc: Fix xxspltib

[David Gibson]

From: Anton Blanchard 

xxspltib raises a VMX or a VSX exception depending on the register
set it is operating on. We had a check, but it was backwards.

Fixes: f113283525a4 ("target-ppc: add xxspltib instruction")
Signed-off-by: Anton Blanchard 
Message-Id: <20190509061713.69490488@kryten>
Signed-off-by: David Gibson 
---
 target/ppc/translate/vsx-impl.inc.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index d29f60e2f9..4b8f6cefe3 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -1355,13 +1355,13 @@ static void gen_xxspltib(DisasContext *ctx)
 int rt = xT(ctx->opcode);
 
 if (rt < 32) {
-if (unlikely(!ctx->altivec_enabled)) {
-gen_exception(ctx, POWERPC_EXCP_VPU);
+if (unlikely(!ctx->vsx_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VSXU);
 return;
 }
 } else {
-if (unlikely(!ctx->vsx_enabled)) {
-gen_exception(ctx, POWERPC_EXCP_VSXU);
+if (unlikely(!ctx->altivec_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VPU);
 return;
 }
 }
-- 
2.21.0

[Qemu-devel] [PULL 08/38] target/ppc: Fix xvxsigdp

[David Gibson]

From: Anton Blanchard 

Fix a typo in xvxsigdp where we put both results into the lower
doubleword.

Fixes: dd977e4f45cb ("target/ppc: Optimize x[sv]xsigdp using deposit_i64()")
Signed-off-by: Anton Blanchard 
Message-Id: <20190507004811.29968-1-an...@ozlabs.org>
Signed-off-by: David Gibson 
---
 target/ppc/translate/vsx-impl.inc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 11d9b75d01..4d8ca7cf32 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -1820,7 +1820,7 @@ static void gen_xvxsigdp(DisasContext *ctx)
 tcg_gen_movi_i64(t0, 0x0010);
 tcg_gen_movcond_i64(TCG_COND_EQ, t0, exp, zr, zr, t0);
 tcg_gen_movcond_i64(TCG_COND_EQ, t0, exp, nan, zr, t0);
-tcg_gen_deposit_i64(xth, t0, xbl, 0, 52);
+tcg_gen_deposit_i64(xtl, t0, xbl, 0, 52);
 set_cpu_vsrl(xT(ctx->opcode), xtl);
 
 tcg_temp_free_i64(t0);
-- 
2.21.0

[Qemu-devel] [PULL 18/38] target/ppc: Fix xvabs[sd]p, xvnabs[sd]p, xvneg[sd]p, xvcpsgn[sd]p

[David Gibson]

From: Anton Blanchard 

We were using set_cpu_vsr*() when we should have used get_cpu_vsr*().

Fixes: 8b3b2d75c7c0 ("introduce get_cpu_vsr{l,h}() and set_cpu_vsr{l,h}() 
helpers for VSR register access")
Signed-off-by: Anton Blanchard 
Message-Id: <20190509104912.6b754dff@kryten>
Reviewed-by: Mark Cave-Ayland 
Signed-off-by: David Gibson 
---
 target/ppc/translate/vsx-impl.inc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index c39829cf33..199d22da97 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -906,8 +906,8 @@ static void glue(gen_, name)(DisasContext *ctx) 
 \
 xbh = tcg_temp_new_i64();\
 xbl = tcg_temp_new_i64();\
 sgm = tcg_temp_new_i64();\
-set_cpu_vsrh(xB(ctx->opcode), xbh);  \
-set_cpu_vsrl(xB(ctx->opcode), xbl);  \
+get_cpu_vsrh(xbh, xB(ctx->opcode));  \
+get_cpu_vsrl(xbl, xB(ctx->opcode));  \
 tcg_gen_movi_i64(sgm, sgn_mask); \
 switch (op) {\
 case OP_ABS: {   \
-- 
2.21.0

[Qemu-devel] [PULL 06/38] hw/ppc/40p: use 1900 as a base year

[David Gibson]

From: Artyom Tarasenko 

AIX 5.1 expects the base year to be 1900. Adjust accordingly.

Signed-off-by: Artyom Tarasenko 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20190505152839.18650-4-phi...@redhat.com>
Signed-off-by: David Gibson 
---
 hw/ppc/prep.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 7a0d311d43..2a8009e20b 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -676,7 +676,9 @@ static void ibm_40p_init(MachineState *machine)
 qdev_init_nofail(dev);
 
 /* RTC */
-isa_create_simple(isa_bus, TYPE_MC146818_RTC);
+dev = DEVICE(isa_create(isa_bus, TYPE_MC146818_RTC));
+qdev_prop_set_int32(dev, "base_year", 1900);
+qdev_init_nofail(dev);
 
 /* initialize CMOS checksums */
 cmos_checksum = 0x6aa9;
-- 
2.21.0

[Qemu-devel] [PULL 00/38] ppc-for-4.1 queue 20190521

[David Gibson]

The following changes since commit 2259637b95bef3116cc262459271de08e038cc66:

  Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging 
(2019-05-20 17:22:05 +0100)

are available in the Git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-4.1-20190521

for you to fetch changes up to 271226c30a2128c563974dd359cb1e25a54e1cbf:

  spapr/irq: add KVM support to the 'dual' machine (2019-05-21 10:55:47 +1000)


ppc patch queue 2019-05-21

Next pull request against qemu-4.1.  Highlights:
  * KVM accelerated support for the XIVE interrupt controller in PAPR
guests
  * A number of TCG vector fixes
  * Fixes for the PReP / 40p machine

Other than that it's just a bunch of assorted fixes, cleanups and
minor improvements.


Anton Blanchard (7):
  target/ppc: Fix xvxsigdp
  target/ppc: Fix xxbrq, xxbrw
  target/ppc: Fix vslv and vsrv
  target/ppc: Fix vsum2sws
  target/ppc: Fix xxspltib
  target/ppc: Optimise VSX_LOAD_SCALAR_DS and VSX_VECTOR_LOAD_STORE
  target/ppc: Fix xvabs[sd]p, xvnabs[sd]p, xvneg[sd]p, xvcpsgn[sd]p

Artyom Tarasenko (1):
  hw/ppc/40p: use 1900 as a base year

Boxuan Li (1):
  target/ppc/kvm: Fix trace typo

Cédric Le Goater (17):
  spapr/xive: EQ page should be naturally aligned
  spapr/xive: fix EQ page addresses above 64GB
  spapr/xive: print out the EQ page address in the monitor
  linux-headers: Update linux headers to 5.2-rc1
  spapr/xive: add KVM support
  spapr/xive: add hcall support when under KVM
  spapr/xive: add state synchronization with KVM
  spapr/xive: introduce a VM state change handler
  spapr/xive: add migration support for KVM
  spapr/xive: activate KVM support
  sysbus: add a sysbus_mmio_unmap() helper
  spapr: introduce routines to delete the KVM IRQ device
  spapr: check for the activation of the KVM IRQ device
  spapr/irq: introduce a spapr_irq_init_device() helper
  spapr/irq: initialize the IRQ device only once
  ppc/xics: fix irq priority in ics_set_irq_type()
  spapr/irq: add KVM support to the 'dual' machine

David Gibson (2):
  spapr: Add forgotten capability to migration stream
  spapr: Fix phb_placement backwards compatibility

Greg Kurz (2):
  spapr/xive: Sanity checks of OV5 during CAS
  spapr: Print out extra hints when CAS negotiation of interrupt mode fails

Philippe Mathieu-Daudé (2):
  hw/ppc/prep: use TYPE_MC146818_RTC instead of a hardcoded string
  hw/ppc/40p: Move the MC146818 RTC to the board where it belongs

Richard Henderson (3):
  configure: Distinguish ppc64 and ppc64le hosts
  configure: Use quotes around uses of $CPU_CFLAGS
  target/ppc: Use vector variable shifts for VSL, VSR, VSRA

Satheesh Rajendran (1):
  Fix typo on "info pic" monitor cmd output for xive

Suraj Jitindar Singh (2):
  target/ppc: Add ibm,purr and ibm,spurr device-tree properties
  target/ppc: Set PSSCR_EC on cpu halt to prevent spurious wakeup

 configure  |  52 +-
 hw/core/sysbus.c   |  10 +
 hw/intc/Makefile.objs  |   1 +
 hw/intc/spapr_xive.c   | 188 -
 hw/intc/spapr_xive_kvm.c   | 827 +
 hw/intc/xics.c |  10 +-
 hw/intc/xics_kvm.c | 113 ++-
 hw/intc/xics_spapr.c   |   7 +
 hw/intc/xive.c |  53 +-
 hw/isa/i82378.c|   4 -
 hw/ppc/Kconfig |   5 +
 hw/ppc/prep.c  |   7 +-
 hw/ppc/spapr.c |  34 +-
 hw/ppc/spapr_caps.c|   1 +
 hw/ppc/spapr_cpu_core.c|   2 +
 hw/ppc/spapr_hcall.c   |  24 +
 hw/ppc/spapr_irq.c | 140 +++-
 hw/ppc/spapr_rtas.c|   6 +-
 include/hw/ppc/spapr.h |   1 +
 include/hw/ppc/spapr_irq.h |   2 +
 include/hw/ppc/spapr_xive.h|  39 +
 include/hw/ppc/xics.h  |   1 +
 include/hw/ppc/xics_spapr.h|   1 +
 include/hw/ppc/xive.h  |  14 +
 include/hw/ppc/xive_regs.h |   6 +
 include/hw/sysbus.h|   1 +
 .../infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h  |  15 +-
 include/standard-headers/drm/drm_fourcc.h  | 114 ++-
 include/standard-headers/linux/ethtool.h   |  48 +-
 include/standard-headers/linux/input-event-codes.h |   9 +-
 include/standa

[Qemu-devel] [PULL 02/38] configure: Distinguish ppc64 and ppc64le hosts

[David Gibson]

From: Richard Henderson 

We cannot use the ppc64le host compiler to build ppc64(be) guest code.
Clean up confusion between cross_cc_powerpc and cross_cc_ppc; make use
of the cflags variable as well.

Signed-off-by: Richard Henderson 
Message-Id: <20190501223819.8584-2-richard.hender...@linaro.org>
Signed-off-by: David Gibson 
---
 configure | 36 +---
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/configure b/configure
index d2fc346302..69402f18b8 100755
--- a/configure
+++ b/configure
@@ -198,7 +198,7 @@ supported_kvm_target() {
 i386:i386 | i386:x86_64 | i386:x32 | \
 x86_64:i386 | x86_64:x86_64 | x86_64:x32 | \
 mips:mips | mipsel:mips | \
-ppc:ppc | ppc64:ppc | ppc:ppc64 | ppc64:ppc64 | \
+ppc:ppc | ppc64:ppc | ppc:ppc64 | ppc64:ppc64 | ppc64:ppc64le | \
 s390x:s390x)
 return 0
 ;;
@@ -502,8 +502,11 @@ cross_cc_arm="arm-linux-gnueabihf-gcc"
 cross_cc_cflags_armeb="-mbig-endian"
 cross_cc_i386="i386-pc-linux-gnu-gcc"
 cross_cc_cflags_i386=""
-cross_cc_powerpc="powerpc-linux-gnu-gcc"
-cross_cc_powerpc="powerpc-linux-gnu-gcc"
+cross_cc_ppc="powerpc-linux-gnu-gcc"
+cross_cc_cflags_ppc="-m32"
+cross_cc_ppc64="powerpc-linux-gnu-gcc"
+cross_cc_cflags_ppc64="-m64"
+cross_cc_ppc64le="powerpc64le-linux-gnu-gcc"
 
 enabled_cross_compilers=""
 
@@ -700,7 +703,11 @@ elif check_define __sparc__ ; then
   fi
 elif check_define _ARCH_PPC ; then
   if check_define _ARCH_PPC64 ; then
-cpu="ppc64"
+if check_define _LITTLE_ENDIAN ; then
+  cpu="ppc64le"
+else
+  cpu="ppc64"
+fi
   else
 cpu="ppc"
   fi
@@ -731,10 +738,14 @@ ARCH=
 # Note that this case should only have supported host CPUs, not guests.
 case "$cpu" in
   ppc|ppc64|s390|s390x|sparc64|x32|riscv32|riscv64)
-cpu="$cpu"
 supported_cpu="yes"
 eval "cross_cc_${cpu}=\$host_cc"
   ;;
+  ppc64le)
+ARCH="ppc64"
+supported_cpu="yes"
+cross_cc_ppc64le=$host_cc
+  ;;
   i386|i486|i586|i686|i86pc|BePC)
 cpu="i386"
 supported_cpu="yes"
@@ -1538,8 +1549,8 @@ case "$cpu" in
 ppc)
CPU_CFLAGS="-m32"
LDFLAGS="-m32 $LDFLAGS"
-   cross_cc_powerpc=$cc
-   cross_cc_cflags_powerpc=$CPU_CFLAGS
+   cross_cc_ppc=$cc
+   cross_cc_cflags_ppc="$CPU_CFLAGS"
;;
 ppc64)
CPU_CFLAGS="-m64"
@@ -6164,7 +6175,7 @@ if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; } && 
\
 fi
 done
 fi
-if test "$cpu" = "ppc64" && test "$targetos" != "Darwin" ; then
+if test "$ARCH" = "ppc64" && test "$targetos" != "Darwin" ; then
   roms="$roms spapr-rtas"
 fi
 
@@ -7349,7 +7360,7 @@ if test "$linux" = "yes" ; then
   i386|x86_64|x32)
 linux_arch=x86
 ;;
-  ppc|ppc64)
+  ppc|ppc64|ppc64le)
 linux_arch=powerpc
 ;;
   s390x)
@@ -7510,7 +7521,8 @@ case "$target_name" in
   ;;
   ppc)
 gdb_xml_files="power-core.xml power-fpu.xml power-altivec.xml 
power-spe.xml"
-target_compiler=$cross_cc_powerpc
+target_compiler=$cross_cc_ppc
+target_compiler_cflags="$cross_cc_cflags_ppc"
   ;;
   ppc64)
 TARGET_BASE_ARCH=ppc
@@ -7518,6 +7530,7 @@ case "$target_name" in
 mttcg=yes
 gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml 
power-spe.xml power-vsx.xml"
 target_compiler=$cross_cc_ppc64
+target_compiler_cflags="$cross_cc_cflags_ppc64"
   ;;
   ppc64le)
 TARGET_ARCH=ppc64
@@ -7533,7 +7546,8 @@ case "$target_name" in
 TARGET_ABI_DIR=ppc
 echo "TARGET_ABI32=y" >> $config_target_mak
 gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml 
power-spe.xml power-vsx.xml"
-target_compiler=$cross_cc_ppc64abi32
+target_compiler=$cross_cc_ppc
+target_compiler_cflags="$cross_cc_cflags_ppc"
   ;;
   riscv32)
 TARGET_BASE_ARCH=riscv
-- 
2.21.0

[Qemu-devel] [PULL 04/38] hw/ppc/prep: use TYPE_MC146818_RTC instead of a hardcoded string

[David Gibson]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20190505152839.18650-2-phi...@redhat.com>
Signed-off-by: David Gibson 
---
 hw/ppc/prep.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index b7f459d475..ebee321148 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -601,7 +601,7 @@ static int prep_set_cmos_checksum(DeviceState *dev, void 
*opaque)
 uint16_t checksum = *(uint16_t *)opaque;
 ISADevice *rtc;
 
-if (object_dynamic_cast(OBJECT(dev), "mc146818rtc")) {
+if (object_dynamic_cast(OBJECT(dev), TYPE_MC146818_RTC)) {
 rtc = ISA_DEVICE(dev);
 rtc_set_memory(rtc, 0x2e, checksum & 0xff);
 rtc_set_memory(rtc, 0x3e, checksum & 0xff);
-- 
2.21.0

[Qemu-devel] [PULL 05/38] hw/ppc/40p: Move the MC146818 RTC to the board where it belongs

[David Gibson]

From: Philippe Mathieu-Daudé 

The MC146818 RTC was incorrectly added to the i82378 chipset in
commit a04ff940974a. In the next commit (506b7ddf8893) the PReP
machine use the i82378.
Since the MC146818 is specific to the PReP machine, move its use
there.

Fixes: a04ff940974a
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20190505152839.18650-3-phi...@redhat.com>
Signed-off-by: David Gibson 
---
 hw/isa/i82378.c | 4 
 hw/ppc/prep.c   | 3 +++
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/hw/isa/i82378.c b/hw/isa/i82378.c
index a5d67bc6d7..c08970b24a 100644
--- a/hw/isa/i82378.c
+++ b/hw/isa/i82378.c
@@ -21,7 +21,6 @@
 #include "hw/pci/pci.h"
 #include "hw/i386/pc.h"
 #include "hw/timer/i8254.h"
-#include "hw/timer/mc146818rtc.h"
 #include "hw/audio/pcspk.h"
 
 #define TYPE_I82378 "i82378"
@@ -105,9 +104,6 @@ static void i82378_realize(PCIDevice *pci, Error **errp)
 
 /* 2 82C37 (dma) */
 isa = isa_create_simple(isabus, "i82374");
-
-/* timer */
-isa_create_simple(isabus, TYPE_MC146818_RTC);
 }
 
 static void i82378_init(Object *obj)
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index ebee321148..7a0d311d43 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -675,6 +675,9 @@ static void ibm_40p_init(MachineState *machine)
 qdev_prop_set_uint32(dev, "ram-size", machine->ram_size);
 qdev_init_nofail(dev);
 
+/* RTC */
+isa_create_simple(isa_bus, TYPE_MC146818_RTC);
+
 /* initialize CMOS checksums */
 cmos_checksum = 0x6aa9;
 qbus_walk_children(BUS(isa_bus), prep_set_cmos_checksum, NULL, NULL, NULL,
-- 
2.21.0

[Qemu-devel] [PULL 03/38] configure: Use quotes around uses of $CPU_CFLAGS

[David Gibson]

From: Richard Henderson 

About half of the values to which CPU_CFLAGS is set
have multiple space separated arguments.

Signed-off-by: Richard Henderson 
Message-Id: <20190501223819.8584-3-richard.hender...@linaro.org>
Signed-off-by: David Gibson 
---
 configure | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/configure b/configure
index 69402f18b8..d0050f9afc 100755
--- a/configure
+++ b/configure
@@ -1556,37 +1556,37 @@ case "$cpu" in
CPU_CFLAGS="-m64"
LDFLAGS="-m64 $LDFLAGS"
cross_cc_ppc64=$cc
-   cross_cc_cflags_ppc64=$CPU_CFLAGS
+   cross_cc_cflags_ppc64="$CPU_CFLAGS"
;;
 sparc)
CPU_CFLAGS="-m32 -mv8plus -mcpu=ultrasparc"
LDFLAGS="-m32 -mv8plus $LDFLAGS"
cross_cc_sparc=$cc
-   cross_cc_cflags_sparc=$CPU_CFLAGS
+   cross_cc_cflags_sparc="$CPU_CFLAGS"
;;
 sparc64)
CPU_CFLAGS="-m64 -mcpu=ultrasparc"
LDFLAGS="-m64 $LDFLAGS"
cross_cc_sparc64=$cc
-   cross_cc_cflags_sparc64=$CPU_CFLAGS
+   cross_cc_cflags_sparc64="$CPU_CFLAGS"
;;
 s390)
CPU_CFLAGS="-m31"
LDFLAGS="-m31 $LDFLAGS"
cross_cc_s390=$cc
-   cross_cc_cflags_s390=$CPU_CFLAGS
+   cross_cc_cflags_s390="$CPU_CFLAGS"
;;
 s390x)
CPU_CFLAGS="-m64"
LDFLAGS="-m64 $LDFLAGS"
cross_cc_s390x=$cc
-   cross_cc_cflags_s390x=$CPU_CFLAGS
+   cross_cc_cflags_s390x="$CPU_CFLAGS"
;;
 i386)
CPU_CFLAGS="-m32"
LDFLAGS="-m32 $LDFLAGS"
cross_cc_i386=$cc
-   cross_cc_cflags_i386=$CPU_CFLAGS
+   cross_cc_cflags_i386="$CPU_CFLAGS"
;;
 x86_64)
# ??? Only extremely old AMD cpus do not have cmpxchg16b.
@@ -1595,13 +1595,13 @@ case "$cpu" in
CPU_CFLAGS="-m64 -mcx16"
LDFLAGS="-m64 $LDFLAGS"
cross_cc_x86_64=$cc
-   cross_cc_cflags_x86_64=$CPU_CFLAGS
+   cross_cc_cflags_x86_64="$CPU_CFLAGS"
;;
 x32)
CPU_CFLAGS="-mx32"
LDFLAGS="-mx32 $LDFLAGS"
cross_cc_i386=$cc
-   cross_cc_cflags_i386=$CPU_CFLAGS
+   cross_cc_cflags_i386="$CPU_CFLAGS"
;;
 # No special flags required for other host CPUs
 esac
-- 
2.21.0

[Qemu-devel] [PULL 01/38] target/ppc/kvm: Fix trace typo

[David Gibson]

From: Boxuan Li 

Signed-off-by: Boxuan Li 
Message-Id: <20190430172842.27369-1-libox...@connect.hku.hk>
Signed-off-by: David Gibson 
---
 target/ppc/kvm.c| 2 +-
 target/ppc/trace-events | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 02e22e2017..1a9caf8f40 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -1721,7 +1721,7 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run 
*run)
 trace_kvm_handle_dcr_write();
 ret = kvmppc_handle_dcr_write(env, run->dcr.dcrn, run->dcr.data);
 } else {
-trace_kvm_handle_drc_read();
+trace_kvm_handle_dcr_read();
 ret = kvmppc_handle_dcr_read(env, run->dcr.dcrn, &run->dcr.data);
 }
 break;
diff --git a/target/ppc/trace-events b/target/ppc/trace-events
index 7b3cfe11fd..3dc6740706 100644
--- a/target/ppc/trace-events
+++ b/target/ppc/trace-events
@@ -22,7 +22,7 @@ kvm_failed_put_vpa(void) "Warning: Unable to set VPA 
information to KVM"
 kvm_failed_get_vpa(void) "Warning: Unable to get VPA information from KVM"
 kvm_injected_interrupt(int irq) "injected interrupt %d"
 kvm_handle_dcr_write(void) "handle dcr write"
-kvm_handle_drc_read(void) "handle dcr read"
+kvm_handle_dcr_read(void) "handle dcr read"
 kvm_handle_halt(void) "handle halt"
 kvm_handle_papr_hcall(void) "handle PAPR hypercall"
 kvm_handle_epr(void) "handle epr"
-- 
2.21.0

Re: [Qemu-devel] [PATCH v5 2/2] acpi: pci: use build_append_foo() API to construct MCFG

[Wei Yang]

On Mon, May 20, 2019 at 11:44:28PM -0400, Michael S. Tsirkin wrote:
>On Tue, May 21, 2019 at 11:32:49AM +0800, Wei Yang wrote:
>> build_append_foo() API doesn't need explicit endianness conversions
>> which eliminates a source of errors and it makes build_mcfg() look like
>> declarative definition of MCFG table in ACPI spec, which makes it easy
>> to review.
>> 
>> Signed-off-by: Wei Yang 
>> Suggested-by: Igor Mammedov 
>> Reviewed-by: Igor Mammedov 
>> 
>> ---
>> v5:
>>* miss the reserved[8] of MCFG in last version, add it back
>>* drop SOBs and make sure bios-tables-test all OK
>> ---
>>  hw/acpi/pci.c   | 35 +++
>>  include/hw/acpi/acpi-defs.h | 18 --
>>  2 files changed, 23 insertions(+), 30 deletions(-)
>> 
>> diff --git a/hw/acpi/pci.c b/hw/acpi/pci.c
>> index fa0fa30bb9..49df7b7d54 100644
>> --- a/hw/acpi/pci.c
>> +++ b/hw/acpi/pci.c
>> @@ -30,17 +30,28 @@
>>  
>>  void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
>>  {
>> -AcpiTableMcfg *mcfg;
>> -int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
>> -
>> -mcfg = acpi_data_push(table_data, len);
>> -mcfg->allocation[0].address = cpu_to_le64(info->base);
>> -
>> -/* Only a single allocation so no need to play with segments */
>> -mcfg->allocation[0].pci_segment = cpu_to_le16(0);
>> -mcfg->allocation[0].start_bus_number = 0;
>> -mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
>> -
>> -build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, 
>> NULL);
>> +int mcfg_start = table_data->len;
>> +
>> +acpi_data_push(table_data, sizeof(AcpiTableHeader));
>> +
>> +/*
>> + * PCI Firmware Specification, Revision 3.0
>> + * 4.1.2 MCFG Table Description.
>> + */
>> +/* Reserved */
>> +build_append_int_noprefix(table_data, 0, 8);
>
>below is in fact
>   Memory Mapped Enhanced Configuration Space Base Address Allocation 
> Structure
>
>maybe document this?
>

Sure. Let me add this.

>> +/* Base address, processor-relative */
>> +build_append_int_noprefix(table_data, info->base, 8);
>> +/* PCI segment group number */
>> +build_append_int_noprefix(table_data, 0, 2);
>> +/* Starting PCI Bus number */
>> +build_append_int_noprefix(table_data, 0, 1);
>> +/* Final PCI Bus number */
>> +build_append_int_noprefix(table_data, PCIE_MMCFG_BUS(info->size - 1), 
>> 1);
>> +/* Reserved */
>> +build_append_int_noprefix(table_data, 0, 4);
>> +
>> +build_header(linker, table_data, (void *)(table_data->data + 
>> mcfg_start),
>> + "MCFG", table_data->len - mcfg_start, 1, NULL, NULL);
>>  }
>>  
>> diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
>> index f9aa4bd398..57a3f58b0c 100644
>> --- a/include/hw/acpi/acpi-defs.h
>> +++ b/include/hw/acpi/acpi-defs.h
>> @@ -449,24 +449,6 @@ struct AcpiSratProcessorGiccAffinity {
>>  
>>  typedef struct AcpiSratProcessorGiccAffinity AcpiSratProcessorGiccAffinity;
>>  
>> -/* PCI fw r3.0 MCFG table. */
>> -/* Subtable */
>> -struct AcpiMcfgAllocation {
>> -uint64_t address;/* Base address, processor-relative */
>> -uint16_t pci_segment;/* PCI segment group number */
>> -uint8_t start_bus_number;   /* Starting PCI Bus number */
>> -uint8_t end_bus_number; /* Final PCI Bus number */
>> -uint32_t reserved;
>> -} QEMU_PACKED;
>> -typedef struct AcpiMcfgAllocation AcpiMcfgAllocation;
>> -
>> -struct AcpiTableMcfg {
>> -ACPI_TABLE_HEADER_DEF;
>> -uint8_t reserved[8];
>> -AcpiMcfgAllocation allocation[0];
>> -} QEMU_PACKED;
>> -typedef struct AcpiTableMcfg AcpiTableMcfg;
>> -
>>  /*
>>   * TCPA Description Table
>>   *
>> -- 
>> 2.19.1

-- 
Wei Yang
Help you, Help me

[Qemu-devel] [PATCH] kvm: support guest access CORE cstate

[Wanpeng Li]

From: Wanpeng Li 

Allow guest reads CORE cstate when exposing host CPU power management 
capabilities 
to the guest. PKG cstate is restricted to avoid a guest to get the whole 
package 
information in multi-tenant scenario.

Cc: Eduardo Habkost 
Cc: Paolo Bonzini 
Cc: Radim Krčmář 
Signed-off-by: Wanpeng Li 
---
 linux-headers/linux/kvm.h | 4 +++-
 target/i386/kvm.c | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index b53ee59..d648fde 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -696,9 +696,11 @@ struct kvm_ioeventfd {
 #define KVM_X86_DISABLE_EXITS_MWAIT  (1 << 0)
 #define KVM_X86_DISABLE_EXITS_HLT(1 << 1)
 #define KVM_X86_DISABLE_EXITS_PAUSE  (1 << 2)
+#define KVM_X86_DISABLE_EXITS_CSTATE (1 << 3)
 #define KVM_X86_DISABLE_VALID_EXITS  (KVM_X86_DISABLE_EXITS_MWAIT | \
   KVM_X86_DISABLE_EXITS_HLT | \
-  KVM_X86_DISABLE_EXITS_PAUSE)
+  KVM_X86_DISABLE_EXITS_PAUSE | \
+  KVM_X86_DISABLE_EXITS_CSTATE)
 
 /* for KVM_ENABLE_CAP */
 struct kvm_enable_cap {
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 3b29ce5..49a0cc1 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1645,7 +1645,8 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
 if (disable_exits) {
 disable_exits &= (KVM_X86_DISABLE_EXITS_MWAIT |
   KVM_X86_DISABLE_EXITS_HLT |
-  KVM_X86_DISABLE_EXITS_PAUSE);
+  KVM_X86_DISABLE_EXITS_PAUSE |
+  KVM_X86_DISABLE_EXITS_CSTATE);
 }
 
 ret = kvm_vm_enable_cap(s, KVM_CAP_X86_DISABLE_EXITS, 0,
-- 
2.7.4

[Qemu-devel] [Bug 1829498] Re: window 8 stuck during boot on Qemu

[arseniy]

My host kernel is 4.15.0-47. Windows 8 version is 6.3.9600. About KVM,
i've got same problem in TCG mode.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1829498

Title:
  window 8 stuck during boot on Qemu

Status in QEMU:
  New

Bug description:
  Description of problem:
  I've got windows 8 image(64 bit), installed on Qemu(x86-64_softmmu) and then 
i'm trying to boot/shutdown it in the same Qemu configuration. Windows 8 has 
feature - when you click "Shutdown" in UI, windows 8 doesn't actually power 
off, it goes to "Suspend to disc" ACPI state. After shutdown, i'm trying to 
boot it again, but it stucks during boot.

  I've discovered, that it hangs when windows 8 writes to AHCI's command 
register, AHCI triggers irq, but windows 8 sends EOI, don't accessing AHCI 
register,so irq line stills in high state, and irq will be injected again and 
again, while windows will send EOI on each AHCI interrupt. Strange thing is 
that it happens only on TCG mode or 
  with option "kernel-irqchip=off/split", with "kernel-irqchip=on" everything 
works ok(windows 8 accesses AHCI register and line goes to low state).

  Version-Release number of selected component (if applicable):
  Qemu revision: d8276573da58e8ce78dab8c46dd660efd664bcb7

  
  Steps to Reproduce:
  1. Install Windows 8 on QEMU(qemu command line: "-enable-kvm -m 1G -hda 
  -serial stdio  -cpu core2duo -machine q35,kernel-irqchip=off"
  2. Click shutdown in UI.
  3. Try to boot again(it will stuck)
  4. Kill Qemu and boot again, it will boot, now go to 2) :)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1829498/+subscriptions

Re: [Qemu-devel] [PATCH v9 02/27] gdbstub: Implement deatch (D pkt) with new infra

[Jon Doron]

Hi Alex, I implemented this change but i'm having second guesses on
this, basically a NULL packet means the command is not supported (as
far as i understand from the protocol documentation and implementation
of GDB)
That being said I think it's correct to send back a NULL packet if
process_string_cmd fails for any reason, or you would prefer ill just
omit it?

Snippet of the change I did according to your review:
-if (cmd_parser &&
-process_string_cmd(s, NULL, line_buf, cmd_parser, 1)) {
-put_packet(s, "");
+if (!cmd_parser) {
+return RS_IDLE;
 }

+process_string_cmd(s, NULL, line_buf, cmd_parser, 1);

-- Jon.

On Tue, May 14, 2019 at 9:54 PM Alex Bennée  wrote:
>
>
> Jon Doron  writes:
>
> > Signed-off-by: Jon Doron 
> > ---
> >  gdbstub.c | 90 ++-
> >  1 file changed, 50 insertions(+), 40 deletions(-)
> >
> > diff --git a/gdbstub.c b/gdbstub.c
> > index d5e0f3878a..621d689868 100644
> > --- a/gdbstub.c
> > +++ b/gdbstub.c
> > @@ -1418,11 +1418,6 @@ static inline int startswith(const char *string, 
> > const char *pattern)
> >return !strncmp(string, pattern, strlen(pattern));
> >  }
> >
> > -static int process_string_cmd(
> > -GDBState *s, void *user_ctx, const char *data,
> > -const GdbCmdParseEntry *cmds, int num_cmds)
> > -__attribute__((unused));
> > -
> >  static int process_string_cmd(GDBState *s, void *user_ctx, const char 
> > *data,
> >const GdbCmdParseEntry *cmds, int num_cmds)
> >  {
> > @@ -1468,6 +1463,41 @@ static int process_string_cmd(GDBState *s, void 
> > *user_ctx, const char *data,
> >  return -1;
> >  }
> >
> > +static void handle_detach(GdbCmdContext *gdb_ctx, void *user_ctx)
> > +{
> > +GDBProcess *process;
> > +GDBState *s = gdb_ctx->s;
> > +uint32_t pid = 1;
> > +
> > +if (s->multiprocess) {
> > +if (!gdb_ctx->num_params) {
> > +put_packet(s, "E22");
> > +return;
> > +}
> > +
> > +pid = gdb_ctx->params[0].val_ul;
> > +}
> > +
> > +process = gdb_get_process(s, pid);
> > +gdb_process_breakpoint_remove_all(s, process);
> > +process->attached = false;
> > +
> > +if (pid == gdb_get_cpu_pid(s, s->c_cpu)) {
> > +s->c_cpu = gdb_first_attached_cpu(s);
> > +}
> > +
> > +if (pid == gdb_get_cpu_pid(s, s->g_cpu)) {
> > +s->g_cpu = gdb_first_attached_cpu(s);
> > +}
> > +
> > +if (!s->c_cpu) {
> > +/* No more process attached */
> > +gdb_syscall_mode = GDB_SYS_DISABLED;
> > +gdb_continue(s);
> > +}
> > +put_packet(s, "OK");
> > +}
> > +
> >  static int gdb_handle_packet(GDBState *s, const char *line_buf)
> >  {
> >  CPUState *cpu;
> > @@ -1482,6 +1512,7 @@ static int gdb_handle_packet(GDBState *s, const char 
> > *line_buf)
> >  uint8_t *registers;
> >  target_ulong addr, len;
> >  GDBThreadIdKind thread_kind;
> > +const GdbCmdParseEntry *cmd_parser = NULL;
> >
> >  trace_gdbstub_io_command(line_buf);
> >
> > @@ -1582,42 +1613,15 @@ static int gdb_handle_packet(GDBState *s, const 
> > char *line_buf)
> >  error_report("QEMU: Terminated via GDBstub");
> >  exit(0);
> >  case 'D':
> > -/* Detach packet */
> > -pid = 1;
> > -
> > -if (s->multiprocess) {
> > -unsigned long lpid;
> > -if (*p != ';') {
> > -put_packet(s, "E22");
> > -break;
> > -}
> > -
> > -if (qemu_strtoul(p + 1, &p, 16, &lpid)) {
> > -put_packet(s, "E22");
> > -break;
> > -}
> > -
> > -pid = lpid;
> > -}
> > -
> > -process = gdb_get_process(s, pid);
> > -gdb_process_breakpoint_remove_all(s, process);
> > -process->attached = false;
> > -
> > -if (pid == gdb_get_cpu_pid(s, s->c_cpu)) {
> > -s->c_cpu = gdb_first_attached_cpu(s);
> > -}
> > -
> > -if (pid == gdb_get_cpu_pid(s, s->g_cpu)) {
> > -s->g_cpu = gdb_first_attached_cpu(s);
> > -}
> > -
> > -if (s->c_cpu == NULL) {
> > -/* No more process attached */
> > -gdb_syscall_mode = GDB_SYS_DISABLED;
> > -gdb_continue(s);
> > +{
> > +static const GdbCmdParseEntry detach_cmd_desc = {
> > +.handler = handle_detach,
> > +.cmd = "D",
> > +.cmd_startswith = 1,
> > +.schema = "?.l0"
> > +};
> > +cmd_parser = &detach_cmd_desc;
> >  }
> > -put_packet(s, "OK");
> >  break;
> >  case 's':
> >  if (*p != '\0') {
> > @@ -1990,6 +1994,12 @@ static int gdb_handle_packet(GDBState *s, const char 
> > *line_buf)
> >  put_packet(s, buf);
> >  break;
> >  }
> > +
> > +if (cmd_parser &&
> > +process_strin

Re: [Qemu-devel] [PATCH v5 2/2] acpi: pci: use build_append_foo() API to construct MCFG

[Michael S. Tsirkin]

On Tue, May 21, 2019 at 11:32:49AM +0800, Wei Yang wrote:
> build_append_foo() API doesn't need explicit endianness conversions
> which eliminates a source of errors and it makes build_mcfg() look like
> declarative definition of MCFG table in ACPI spec, which makes it easy
> to review.
> 
> Signed-off-by: Wei Yang 
> Suggested-by: Igor Mammedov 
> Reviewed-by: Igor Mammedov 
> 
> ---
> v5:
>* miss the reserved[8] of MCFG in last version, add it back
>* drop SOBs and make sure bios-tables-test all OK
> ---
>  hw/acpi/pci.c   | 35 +++
>  include/hw/acpi/acpi-defs.h | 18 --
>  2 files changed, 23 insertions(+), 30 deletions(-)
> 
> diff --git a/hw/acpi/pci.c b/hw/acpi/pci.c
> index fa0fa30bb9..49df7b7d54 100644
> --- a/hw/acpi/pci.c
> +++ b/hw/acpi/pci.c
> @@ -30,17 +30,28 @@
>  
>  void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
>  {
> -AcpiTableMcfg *mcfg;
> -int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
> -
> -mcfg = acpi_data_push(table_data, len);
> -mcfg->allocation[0].address = cpu_to_le64(info->base);
> -
> -/* Only a single allocation so no need to play with segments */
> -mcfg->allocation[0].pci_segment = cpu_to_le16(0);
> -mcfg->allocation[0].start_bus_number = 0;
> -mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
> -
> -build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, 
> NULL);
> +int mcfg_start = table_data->len;
> +
> +acpi_data_push(table_data, sizeof(AcpiTableHeader));
> +
> +/*
> + * PCI Firmware Specification, Revision 3.0
> + * 4.1.2 MCFG Table Description.
> + */
> +/* Reserved */
> +build_append_int_noprefix(table_data, 0, 8);

below is in fact
Memory Mapped Enhanced Configuration Space Base Address Allocation 
Structure

maybe document this?

> +/* Base address, processor-relative */
> +build_append_int_noprefix(table_data, info->base, 8);
> +/* PCI segment group number */
> +build_append_int_noprefix(table_data, 0, 2);
> +/* Starting PCI Bus number */
> +build_append_int_noprefix(table_data, 0, 1);
> +/* Final PCI Bus number */
> +build_append_int_noprefix(table_data, PCIE_MMCFG_BUS(info->size - 1), 1);
> +/* Reserved */
> +build_append_int_noprefix(table_data, 0, 4);
> +
> +build_header(linker, table_data, (void *)(table_data->data + mcfg_start),
> + "MCFG", table_data->len - mcfg_start, 1, NULL, NULL);
>  }
>  
> diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
> index f9aa4bd398..57a3f58b0c 100644
> --- a/include/hw/acpi/acpi-defs.h
> +++ b/include/hw/acpi/acpi-defs.h
> @@ -449,24 +449,6 @@ struct AcpiSratProcessorGiccAffinity {
>  
>  typedef struct AcpiSratProcessorGiccAffinity AcpiSratProcessorGiccAffinity;
>  
> -/* PCI fw r3.0 MCFG table. */
> -/* Subtable */
> -struct AcpiMcfgAllocation {
> -uint64_t address;/* Base address, processor-relative */
> -uint16_t pci_segment;/* PCI segment group number */
> -uint8_t start_bus_number;   /* Starting PCI Bus number */
> -uint8_t end_bus_number; /* Final PCI Bus number */
> -uint32_t reserved;
> -} QEMU_PACKED;
> -typedef struct AcpiMcfgAllocation AcpiMcfgAllocation;
> -
> -struct AcpiTableMcfg {
> -ACPI_TABLE_HEADER_DEF;
> -uint8_t reserved[8];
> -AcpiMcfgAllocation allocation[0];
> -} QEMU_PACKED;
> -typedef struct AcpiTableMcfg AcpiTableMcfg;
> -
>  /*
>   * TCPA Description Table
>   *
> -- 
> 2.19.1

Re: [Qemu-devel] [PATCH v5 2/2] acpi: pci: use build_append_foo() API to construct MCFG

[Michael S. Tsirkin]

On Tue, May 21, 2019 at 11:32:49AM +0800, Wei Yang wrote:
> build_append_foo() API doesn't need explicit endianness conversions
> which eliminates a source of errors and it makes build_mcfg() look like
> declarative definition of MCFG table in ACPI spec, which makes it easy
> to review.
> 
> Signed-off-by: Wei Yang 
> Suggested-by: Igor Mammedov 
> Reviewed-by: Igor Mammedov 
> 
> ---
> v5:
>* miss the reserved[8] of MCFG in last version, add it back
>* drop SOBs and make sure bios-tables-test all OK
> ---


Please do not add two --- separators. It breaks git am.

One --- should come after the commit log. Anything after that and
until diff is ignored anyway.

>  hw/acpi/pci.c   | 35 +++
>  include/hw/acpi/acpi-defs.h | 18 --
>  2 files changed, 23 insertions(+), 30 deletions(-)
> 
> diff --git a/hw/acpi/pci.c b/hw/acpi/pci.c
> index fa0fa30bb9..49df7b7d54 100644
> --- a/hw/acpi/pci.c
> +++ b/hw/acpi/pci.c
> @@ -30,17 +30,28 @@
>  
>  void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
>  {
> -AcpiTableMcfg *mcfg;
> -int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
> -
> -mcfg = acpi_data_push(table_data, len);
> -mcfg->allocation[0].address = cpu_to_le64(info->base);
> -
> -/* Only a single allocation so no need to play with segments */
> -mcfg->allocation[0].pci_segment = cpu_to_le16(0);
> -mcfg->allocation[0].start_bus_number = 0;
> -mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
> -
> -build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, 
> NULL);
> +int mcfg_start = table_data->len;
> +
> +acpi_data_push(table_data, sizeof(AcpiTableHeader));
> +
> +/*
> + * PCI Firmware Specification, Revision 3.0
> + * 4.1.2 MCFG Table Description.
> + */
> +/* Reserved */
> +build_append_int_noprefix(table_data, 0, 8);
> +/* Base address, processor-relative */
> +build_append_int_noprefix(table_data, info->base, 8);
> +/* PCI segment group number */
> +build_append_int_noprefix(table_data, 0, 2);
> +/* Starting PCI Bus number */
> +build_append_int_noprefix(table_data, 0, 1);
> +/* Final PCI Bus number */
> +build_append_int_noprefix(table_data, PCIE_MMCFG_BUS(info->size - 1), 1);
> +/* Reserved */
> +build_append_int_noprefix(table_data, 0, 4);
> +
> +build_header(linker, table_data, (void *)(table_data->data + mcfg_start),
> + "MCFG", table_data->len - mcfg_start, 1, NULL, NULL);
>  }
>  
> diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
> index f9aa4bd398..57a3f58b0c 100644
> --- a/include/hw/acpi/acpi-defs.h
> +++ b/include/hw/acpi/acpi-defs.h
> @@ -449,24 +449,6 @@ struct AcpiSratProcessorGiccAffinity {
>  
>  typedef struct AcpiSratProcessorGiccAffinity AcpiSratProcessorGiccAffinity;
>  
> -/* PCI fw r3.0 MCFG table. */
> -/* Subtable */
> -struct AcpiMcfgAllocation {
> -uint64_t address;/* Base address, processor-relative */
> -uint16_t pci_segment;/* PCI segment group number */
> -uint8_t start_bus_number;   /* Starting PCI Bus number */
> -uint8_t end_bus_number; /* Final PCI Bus number */
> -uint32_t reserved;
> -} QEMU_PACKED;
> -typedef struct AcpiMcfgAllocation AcpiMcfgAllocation;
> -
> -struct AcpiTableMcfg {
> -ACPI_TABLE_HEADER_DEF;
> -uint8_t reserved[8];
> -AcpiMcfgAllocation allocation[0];
> -} QEMU_PACKED;
> -typedef struct AcpiTableMcfg AcpiTableMcfg;
> -
>  /*
>   * TCPA Description Table
>   *
> -- 
> 2.19.1

Re: [Qemu-devel] [PATCH v5 1/2] hw/acpi: Consolidate build_mcfg to pci.c

[Michael S. Tsirkin]

On Tue, May 21, 2019 at 11:32:48AM +0800, Wei Yang wrote:
> Now we have two identical build_mcfg functions.
> 
> Consolidate them in acpi/pci.c.
> 
> Signed-off-by: Wei Yang 
> 
> ---
> v5:
>   * ACPI_PCI depends on both ACPI and PCI
>   * rebase on latest master, adjust arm Kconfig
> v3:
>   * adjust changelog based on Igor's suggestion
> ---


same as 2/2 - do not use two --- separators pls.

>  default-configs/i386-softmmu.mak |  1 +
>  hw/acpi/Kconfig  |  4 +++
>  hw/acpi/Makefile.objs|  1 +
>  hw/acpi/pci.c| 46 
>  hw/arm/Kconfig   |  1 +
>  hw/arm/virt-acpi-build.c | 17 
>  hw/i386/acpi-build.c | 18 +
>  include/hw/acpi/pci.h|  1 +
>  8 files changed, 55 insertions(+), 34 deletions(-)
>  create mode 100644 hw/acpi/pci.c
> 
> diff --git a/default-configs/i386-softmmu.mak 
> b/default-configs/i386-softmmu.mak
> index ba3fb3ff50..cd5ea391e8 100644
> --- a/default-configs/i386-softmmu.mak
> +++ b/default-configs/i386-softmmu.mak
> @@ -25,3 +25,4 @@
>  CONFIG_ISAPC=y
>  CONFIG_I440FX=y
>  CONFIG_Q35=y
> +CONFIG_ACPI_PCI=y
> diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
> index eca3beed75..7c59cf900b 100644
> --- a/hw/acpi/Kconfig
> +++ b/hw/acpi/Kconfig
> @@ -23,6 +23,10 @@ config ACPI_NVDIMM
>  bool
>  depends on ACPI
>  
> +config ACPI_PCI
> +bool
> +depends on ACPI && PCI
> +
>  config ACPI_VMGENID
>  bool
>  default y
> diff --git a/hw/acpi/Makefile.objs b/hw/acpi/Makefile.objs
> index 2d46e3789a..661a9b8c2f 100644
> --- a/hw/acpi/Makefile.objs
> +++ b/hw/acpi/Makefile.objs
> @@ -11,6 +11,7 @@ common-obj-$(call lnot,$(CONFIG_ACPI_X86)) += acpi-stub.o
>  common-obj-y += acpi_interface.o
>  common-obj-y += bios-linker-loader.o
>  common-obj-y += aml-build.o
> +common-obj-$(CONFIG_ACPI_PCI) += pci.o
>  common-obj-$(CONFIG_TPM) += tpm.o
>  
>  common-obj-$(CONFIG_IPMI) += ipmi.o
> diff --git a/hw/acpi/pci.c b/hw/acpi/pci.c
> new file mode 100644
> index 00..fa0fa30bb9
> --- /dev/null
> +++ b/hw/acpi/pci.c
> @@ -0,0 +1,46 @@
> +/*
> + * Support for generating PCI related ACPI tables and passing them to Guests
> + *
> + * Copyright (C) 2006 Fabrice Bellard
> + * Copyright (C) 2008-2010  Kevin O'Connor 
> + * Copyright (C) 2013-2019 Red Hat Inc
> + * Copyright (C) 2019 Intel Corporation
> + *
> + * Author: Wei Yang 
> + * Author: Michael S. Tsirkin 
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> +
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> +
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "hw/acpi/aml-build.h"
> +#include "hw/acpi/pci.h"
> +#include "hw/pci/pcie_host.h"
> +
> +void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
> +{
> +AcpiTableMcfg *mcfg;
> +int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
> +
> +mcfg = acpi_data_push(table_data, len);
> +mcfg->allocation[0].address = cpu_to_le64(info->base);
> +
> +/* Only a single allocation so no need to play with segments */
> +mcfg->allocation[0].pci_segment = cpu_to_le16(0);
> +mcfg->allocation[0].start_bus_number = 0;
> +mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
> +
> +build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, 
> NULL);
> +}
> +
> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> index af8cffde9c..9aced9d54d 100644
> --- a/hw/arm/Kconfig
> +++ b/hw/arm/Kconfig
> @@ -19,6 +19,7 @@ config ARM_VIRT
>  select PLATFORM_BUS
>  select SMBIOS
>  select VIRTIO_MMIO
> +select ACPI_PCI
>  
>  config CHEETAH
>  bool
> diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> index e7c96d658e..4a64f9985c 100644
> --- a/hw/arm/virt-acpi-build.c
> +++ b/hw/arm/virt-acpi-build.c
> @@ -546,23 +546,6 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
> VirtMachineState *vms)
>   "SRAT", table_data->len - srat_start, 3, NULL, NULL);
>  }
>  
> -static void
> -build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
> -{
> -AcpiTableMcfg *mcfg;
> -int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
> -
> -mcfg = acpi_data_push(table_data, len);
> -mcfg->allocation[0].address = cpu_to_le64(info->base);
> -
> -/* Only a single allocation so no need to play with segments */
> -mcfg->allocation[0].pci_segment 

[Qemu-devel] [PATCH v5 2/2] acpi: pci: use build_append_foo() API to construct MCFG

[Wei Yang]

build_append_foo() API doesn't need explicit endianness conversions
which eliminates a source of errors and it makes build_mcfg() look like
declarative definition of MCFG table in ACPI spec, which makes it easy
to review.

Signed-off-by: Wei Yang 
Suggested-by: Igor Mammedov 
Reviewed-by: Igor Mammedov 

---
v5:
   * miss the reserved[8] of MCFG in last version, add it back
   * drop SOBs and make sure bios-tables-test all OK
---
 hw/acpi/pci.c   | 35 +++
 include/hw/acpi/acpi-defs.h | 18 --
 2 files changed, 23 insertions(+), 30 deletions(-)

diff --git a/hw/acpi/pci.c b/hw/acpi/pci.c
index fa0fa30bb9..49df7b7d54 100644
--- a/hw/acpi/pci.c
+++ b/hw/acpi/pci.c
@@ -30,17 +30,28 @@
 
 void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
 {
-AcpiTableMcfg *mcfg;
-int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
-
-mcfg = acpi_data_push(table_data, len);
-mcfg->allocation[0].address = cpu_to_le64(info->base);
-
-/* Only a single allocation so no need to play with segments */
-mcfg->allocation[0].pci_segment = cpu_to_le16(0);
-mcfg->allocation[0].start_bus_number = 0;
-mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
-
-build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
+int mcfg_start = table_data->len;
+
+acpi_data_push(table_data, sizeof(AcpiTableHeader));
+
+/*
+ * PCI Firmware Specification, Revision 3.0
+ * 4.1.2 MCFG Table Description.
+ */
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 8);
+/* Base address, processor-relative */
+build_append_int_noprefix(table_data, info->base, 8);
+/* PCI segment group number */
+build_append_int_noprefix(table_data, 0, 2);
+/* Starting PCI Bus number */
+build_append_int_noprefix(table_data, 0, 1);
+/* Final PCI Bus number */
+build_append_int_noprefix(table_data, PCIE_MMCFG_BUS(info->size - 1), 1);
+/* Reserved */
+build_append_int_noprefix(table_data, 0, 4);
+
+build_header(linker, table_data, (void *)(table_data->data + mcfg_start),
+ "MCFG", table_data->len - mcfg_start, 1, NULL, NULL);
 }
 
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index f9aa4bd398..57a3f58b0c 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -449,24 +449,6 @@ struct AcpiSratProcessorGiccAffinity {
 
 typedef struct AcpiSratProcessorGiccAffinity AcpiSratProcessorGiccAffinity;
 
-/* PCI fw r3.0 MCFG table. */
-/* Subtable */
-struct AcpiMcfgAllocation {
-uint64_t address;/* Base address, processor-relative */
-uint16_t pci_segment;/* PCI segment group number */
-uint8_t start_bus_number;   /* Starting PCI Bus number */
-uint8_t end_bus_number; /* Final PCI Bus number */
-uint32_t reserved;
-} QEMU_PACKED;
-typedef struct AcpiMcfgAllocation AcpiMcfgAllocation;
-
-struct AcpiTableMcfg {
-ACPI_TABLE_HEADER_DEF;
-uint8_t reserved[8];
-AcpiMcfgAllocation allocation[0];
-} QEMU_PACKED;
-typedef struct AcpiTableMcfg AcpiTableMcfg;
-
 /*
  * TCPA Description Table
  *
-- 
2.19.1

[Qemu-devel] [PATCH v5 1/2] hw/acpi: Consolidate build_mcfg to pci.c

[Wei Yang]

Now we have two identical build_mcfg functions.

Consolidate them in acpi/pci.c.

Signed-off-by: Wei Yang 

---
v5:
  * ACPI_PCI depends on both ACPI and PCI
  * rebase on latest master, adjust arm Kconfig
v3:
  * adjust changelog based on Igor's suggestion
---
 default-configs/i386-softmmu.mak |  1 +
 hw/acpi/Kconfig  |  4 +++
 hw/acpi/Makefile.objs|  1 +
 hw/acpi/pci.c| 46 
 hw/arm/Kconfig   |  1 +
 hw/arm/virt-acpi-build.c | 17 
 hw/i386/acpi-build.c | 18 +
 include/hw/acpi/pci.h|  1 +
 8 files changed, 55 insertions(+), 34 deletions(-)
 create mode 100644 hw/acpi/pci.c

diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index ba3fb3ff50..cd5ea391e8 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -25,3 +25,4 @@
 CONFIG_ISAPC=y
 CONFIG_I440FX=y
 CONFIG_Q35=y
+CONFIG_ACPI_PCI=y
diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
index eca3beed75..7c59cf900b 100644
--- a/hw/acpi/Kconfig
+++ b/hw/acpi/Kconfig
@@ -23,6 +23,10 @@ config ACPI_NVDIMM
 bool
 depends on ACPI
 
+config ACPI_PCI
+bool
+depends on ACPI && PCI
+
 config ACPI_VMGENID
 bool
 default y
diff --git a/hw/acpi/Makefile.objs b/hw/acpi/Makefile.objs
index 2d46e3789a..661a9b8c2f 100644
--- a/hw/acpi/Makefile.objs
+++ b/hw/acpi/Makefile.objs
@@ -11,6 +11,7 @@ common-obj-$(call lnot,$(CONFIG_ACPI_X86)) += acpi-stub.o
 common-obj-y += acpi_interface.o
 common-obj-y += bios-linker-loader.o
 common-obj-y += aml-build.o
+common-obj-$(CONFIG_ACPI_PCI) += pci.o
 common-obj-$(CONFIG_TPM) += tpm.o
 
 common-obj-$(CONFIG_IPMI) += ipmi.o
diff --git a/hw/acpi/pci.c b/hw/acpi/pci.c
new file mode 100644
index 00..fa0fa30bb9
--- /dev/null
+++ b/hw/acpi/pci.c
@@ -0,0 +1,46 @@
+/*
+ * Support for generating PCI related ACPI tables and passing them to Guests
+ *
+ * Copyright (C) 2006 Fabrice Bellard
+ * Copyright (C) 2008-2010  Kevin O'Connor 
+ * Copyright (C) 2013-2019 Red Hat Inc
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Author: Wei Yang 
+ * Author: Michael S. Tsirkin 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "hw/acpi/aml-build.h"
+#include "hw/acpi/pci.h"
+#include "hw/pci/pcie_host.h"
+
+void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
+{
+AcpiTableMcfg *mcfg;
+int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
+
+mcfg = acpi_data_push(table_data, len);
+mcfg->allocation[0].address = cpu_to_le64(info->base);
+
+/* Only a single allocation so no need to play with segments */
+mcfg->allocation[0].pci_segment = cpu_to_le16(0);
+mcfg->allocation[0].start_bus_number = 0;
+mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
+
+build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
+}
+
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index af8cffde9c..9aced9d54d 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -19,6 +19,7 @@ config ARM_VIRT
 select PLATFORM_BUS
 select SMBIOS
 select VIRTIO_MMIO
+select ACPI_PCI
 
 config CHEETAH
 bool
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index e7c96d658e..4a64f9985c 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -546,23 +546,6 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
  "SRAT", table_data->len - srat_start, 3, NULL, NULL);
 }
 
-static void
-build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
-{
-AcpiTableMcfg *mcfg;
-int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
-
-mcfg = acpi_data_push(table_data, len);
-mcfg->allocation[0].address = cpu_to_le64(info->base);
-
-/* Only a single allocation so no need to play with segments */
-mcfg->allocation[0].pci_segment = cpu_to_le16(0);
-mcfg->allocation[0].start_bus_number = 0;
-mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
-
-build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
-}
-
 /* GTDT */
 static void
 build_gtdt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 0d78d73894..85

[Qemu-devel] [PATCH v5 0/2] Extract build_mcfg Part 2

[Wei Yang]

This patch set tries to generalize MCFG table build process. Several patches
are already merged and these two are left for the following reasons:

  * conflict with latest upstream
  * ACPI_PCI dependency fix
  * missed reserved[8] in MCFG

v4->v5:
* ACPI_PCI depends on both ACPI and PCI
* rebase on latest master, adjust arm Kconfig
* miss the reserved[8] of MCFG, add it back
* make sure bios-tables-test all OK

Wei Yang (2):
  hw/acpi: Consolidate build_mcfg to pci.c
  acpi: pci: use build_append_foo() API to construct MCFG

 default-configs/i386-softmmu.mak |  1 +
 hw/acpi/Kconfig  |  4 +++
 hw/acpi/Makefile.objs|  1 +
 hw/acpi/pci.c| 57 
 hw/arm/Kconfig   |  1 +
 hw/arm/virt-acpi-build.c | 17 --
 hw/i386/acpi-build.c | 18 +-
 include/hw/acpi/acpi-defs.h  | 18 --
 include/hw/acpi/pci.h|  1 +
 9 files changed, 66 insertions(+), 52 deletions(-)
 create mode 100644 hw/acpi/pci.c

-- 
2.19.1

Re: [Qemu-devel] [PATCH] ftgmac100: do not link to netdev

[Jason Wang]

On 2019/5/21 上午2:11, Cédric Le Goater wrote:

qdev_set_nic_properties() is already used in the Aspeed SoC level to
bind the ftgmac100 device to the netdev.

This is fixing support for multiple net devices.

Signed-off-by: Cédric Le Goater 
---
  hw/net/ftgmac100.c | 2 --
  1 file changed, 2 deletions(-)

diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c
index 790430346b51..d9986c6baa92 100644
--- a/hw/net/ftgmac100.c
+++ b/hw/net/ftgmac100.c
@@ -1016,8 +1016,6 @@ static void ftgmac100_realize(DeviceState *dev, Error 
**errp)
  sysbus_init_irq(sbd, &s->irq);
  qemu_macaddr_default_if_unset(&s->conf.macaddr);
  
-s->conf.peers.ncs[0] = nd_table[0].netdev;

-
  s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf,
object_get_typename(OBJECT(dev)), DEVICE(dev)->id,
s);



Applied.

Thanks

Re: [Qemu-devel] [PATCH v5 0/6] Extract build_mcfg

[Wei Yang]

On Mon, May 20, 2019 at 06:55:53PM -0400, Michael S. Tsirkin wrote:
>On Mon, May 20, 2019 at 08:59:51AM +0800, Wei Yang wrote:
>> This patch set tries to generalize MCFG table build process. And it is
>> based on one un-merged patch from Igor, which is included in this serials.
>> 
>> v4->v5:
>> * ACPI_PCI depends on both ACPI and PCI
>> * rebase on latest master, adjust arm Kconfig
>> * miss the reserved[8] of MCFG, add it back
>> * make sure bios-tables-test all OK
>
>So I am merging 1-4 now - they are unchanged from previous iterations.
>You just need to repost 5-6.
>

Sure, I would repost 5-6.

-- 
Wei Yang
Help you, Help me

Re: [Qemu-devel] [PATCH v3 8/8] multifd: rest of zlib compression

[Wei Yang]

On Wed, May 15, 2019 at 02:15:44PM +0200, Juan Quintela wrote:
>This is still a work in progress, but get everything sent as expected
>and it is faster than the code that is already there.

Generally, I prefer to merge this one with previous one.

>
>Signed-off-by: Juan Quintela 
>---
> migration/ram.c | 106 +++-
> 1 file changed, 104 insertions(+), 2 deletions(-)
>
>diff --git a/migration/ram.c b/migration/ram.c
>index fdb5bf07a5..efbb253c1a 100644
>--- a/migration/ram.c
>+++ b/migration/ram.c
>@@ -747,6 +747,100 @@ MultifdMethods multifd_none_ops = {
> .recv_pages = none_recv_pages
> };
> 
>+/* Multifd zlib compression */
>+
>+static int zlib_send_prepare(MultiFDSendParams *p, uint32_t used)
>+{
>+struct iovec *iov = p->pages->iov;
>+z_stream *zs = &p->zs;
>+uint32_t out_size = 0;
>+int ret;
>+int i;
>+
>+for (i = 0; i < used; i++) {
>+uint32_t available = p->zbuff_len - out_size;
>+int flush = Z_NO_FLUSH;
>+
>+if (i == used  - 1) {
>+flush = Z_SYNC_FLUSH;
>+}
>+
>+zs->avail_in = iov[i].iov_len;
>+zs->next_in = iov[i].iov_base;
>+
>+zs->avail_out = available;
>+zs->next_out = p->zbuff + out_size;
>+
>+ret = deflate(zs, flush);
>+if (ret != Z_OK) {
>+printf("problem with deflate? %d\n", ret);
>+qemu_mutex_unlock(&p->mutex);
>+return -1;
>+}
>+out_size += available - zs->avail_out;
>+}
>+p->next_packet_size = out_size;
>+
>+return 0;
>+}
>+
>+static int zlib_send_write(MultiFDSendParams *p, uint32_t used, Error **perr)
>+{
>+return qio_channel_write_all(p->c, (void *)p->zbuff, p->next_packet_size,
>+ perr);
>+}
>+
>+static int zlib_recv_pages(MultiFDRecvParams *p, uint32_t used, Error **perr)
>+{
>+uint32_t in_size = p->next_packet_size;
>+uint32_t out_size = 0;
>+uint32_t expected_size = used * qemu_target_page_size();
>+z_stream *zs = &p->zs;
>+int ret;
>+int i;
>+
>+ret = qio_channel_read_all(p->c, (void *)p->zbuff, in_size, perr);
>+
>+if (ret != 0) {
>+return ret;
>+}
>+
>+zs->avail_in = in_size;
>+zs->next_in = p->zbuff;
>+
>+for (i = 0; i < used; i++) {
>+struct iovec *iov = &p->pages->iov[i];
>+int flush = Z_NO_FLUSH;
>+
>+if (i == used  - 1) {
>+flush = Z_SYNC_FLUSH;
>+}
>+
>+zs->avail_out = iov->iov_len;
>+zs->next_out = iov->iov_base;
>+
>+ret = inflate(zs, flush);
>+if (ret != Z_OK) {
>+printf("%d: problem with inflate? %d\n", p->id, ret);
>+qemu_mutex_unlock(&p->mutex);
>+return ret;
>+}
>+out_size += iov->iov_len;
>+}
>+if (out_size != expected_size) {
>+printf("out size %d expected size %d\n",
>+   out_size, expected_size);
>+return -1;
>+}
>+return 0;
>+}
>+
>+MultifdMethods multifd_zlib_ops = {
>+.send_prepare = zlib_send_prepare,
>+.send_write = zlib_send_write,
>+.recv_pages = zlib_recv_pages
>+};
>+
> static int multifd_send_initial_packet(MultiFDSendParams *p, Error **errp)
> {
> MultiFDInit_t msg;
>@@ -1145,7 +1239,11 @@ static void *multifd_send_thread(void *opaque)
> /* initial packet */
> p->num_packets = 1;
> 
>-multifd_send_state->ops = &multifd_none_ops;
>+if (migrate_use_multifd_zlib()) {
>+multifd_send_state->ops = &multifd_zlib_ops;
>+} else {
>+multifd_send_state->ops = &multifd_none_ops;
>+}

Again, to manipulate a global variable in each thread is not a good idea.

This would be better to use an array to assign ops instead of *if*. In case
you would have several compress methods, the code would be difficult to read.

> 
> while (true) {
> qemu_sem_wait(&p->sem);
>@@ -1399,7 +1497,11 @@ static void *multifd_recv_thread(void *opaque)
> trace_multifd_recv_thread_start(p->id);
> rcu_register_thread();
> 
>-multifd_recv_state->ops = &multifd_none_ops;
>+if (migrate_use_multifd_zlib()) {
>+multifd_recv_state->ops = &multifd_zlib_ops;
>+} else {
>+multifd_recv_state->ops = &multifd_none_ops;
>+}
> while (true) {
> uint32_t used;
> uint32_t flags;
>-- 
>2.21.0
>

-- 
Wei Yang
Help you, Help me

Re: [Qemu-devel] [PATCH v3 7/8] multifd: Add zlib compression support

[Wei Yang]

On Wed, May 15, 2019 at 02:15:43PM +0200, Juan Quintela wrote:
>Signed-off-by: Juan Quintela 
>---
> hw/core/qdev-properties.c |  2 +-
> migration/migration.c |  9 
> migration/migration.h |  1 +
> migration/ram.c   | 47 +++
> qapi/migration.json   |  2 +-
> tests/migration-test.c|  6 +
> 6 files changed, 65 insertions(+), 2 deletions(-)
>
>diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
>index ebeeb5c88d..e40aa806e2 100644
>--- a/hw/core/qdev-properties.c
>+++ b/hw/core/qdev-properties.c
>@@ -651,7 +651,7 @@ const PropertyInfo qdev_prop_fdc_drive_type = {
> const PropertyInfo qdev_prop_multifd_compress = {
> .name = "MultifdCompress",
> .description = "multifd_compress values, "
>-   "none",
>+   "none/zlib",
> .enum_table = &MultifdCompress_lookup,
> .get = get_enum,
> .set = set_enum,
>diff --git a/migration/migration.c b/migration/migration.c
>index d6f8ef342a..69d85cbe5e 100644
>--- a/migration/migration.c
>+++ b/migration/migration.c
>@@ -2141,6 +2141,15 @@ bool migrate_use_multifd(void)
> return s->enabled_capabilities[MIGRATION_CAPABILITY_MULTIFD];
> }
> 
>+bool migrate_use_multifd_zlib(void)
>+{
>+MigrationState *s;
>+
>+s = migrate_get_current();
>+
>+return s->parameters.multifd_compress == MULTIFD_COMPRESS_ZLIB;
>+}
>+
> bool migrate_pause_before_switchover(void)
> {
> MigrationState *s;
>diff --git a/migration/migration.h b/migration/migration.h
>index 438f17edad..fc4fb841d4 100644
>--- a/migration/migration.h
>+++ b/migration/migration.h
>@@ -269,6 +269,7 @@ bool migrate_ignore_shared(void);
> 
> bool migrate_auto_converge(void);
> bool migrate_use_multifd(void);
>+bool migrate_use_multifd_zlib(void);
> bool migrate_pause_before_switchover(void);
> int migrate_multifd_channels(void);
> 
>diff --git a/migration/ram.c b/migration/ram.c
>index 6679e4f213..fdb5bf07a5 100644
>--- a/migration/ram.c
>+++ b/migration/ram.c
>@@ -582,6 +582,7 @@ exit:
> #define MULTIFD_VERSION 1
> 
> #define MULTIFD_FLAG_SYNC (1 << 0)
>+#define MULTIFD_FLAG_ZLIB (1 << 1)
> 

If no one use this in this patch, prefer to put it where it will be used.

> /* This value needs to be a multiple of qemu_target_page_size() */
> #define MULTIFD_PACKET_SIZE (512 * 1024)
>@@ -663,6 +664,12 @@ typedef struct {
> uint64_t num_pages;
> /* syncs main thread and channels */
> QemuSemaphore sem_sync;
>+/* stream for compression */
>+z_stream zs;
>+/* compressed buffer */
>+uint8_t *zbuff;
>+/* size of compressed buffer */
>+uint32_t zbuff_len;
> }  MultiFDSendParams;
> 
> typedef struct {
>@@ -698,6 +705,12 @@ typedef struct {
> uint64_t num_pages;
> /* syncs main thread and channels */
> QemuSemaphore sem_sync;
>+/* stream for compression */
>+z_stream zs;
>+/* compressed buffer */
>+uint8_t *zbuff;
>+/* size of compressed buffer */
>+uint32_t zbuff_len;
> } MultiFDRecvParams;
> 
> typedef struct {
>@@ -1071,6 +1084,9 @@ void multifd_save_cleanup(void)
> p->packet_len = 0;
> g_free(p->packet);
> p->packet = NULL;
>+deflateEnd(&p->zs);
>+g_free(p->zbuff);
>+p->zbuff = NULL;
> }
> qemu_sem_destroy(&multifd_send_state->channels_ready);
> qemu_sem_destroy(&multifd_send_state->sem_sync);
>@@ -1240,6 +1256,7 @@ int multifd_save_setup(void)
> 
> for (i = 0; i < thread_count; i++) {
> MultiFDSendParams *p = &multifd_send_state->params[i];
>+z_stream *zs = &p->zs;
> 
> qemu_mutex_init(&p->mutex);
> qemu_sem_init(&p->sem, 0);
>@@ -1253,6 +1270,17 @@ int multifd_save_setup(void)
> p->packet = g_malloc0(p->packet_len);
> p->name = g_strdup_printf("multifdsend_%d", i);
> socket_send_channel_create(multifd_new_send_channel_async, p);
>+zs->zalloc = Z_NULL;
>+zs->zfree = Z_NULL;
>+zs->opaque = Z_NULL;

Since zlib is not default option, is it better to setup these when zlib is
set?

>+if (deflateInit(zs, migrate_compress_level()) != Z_OK) {
>+printf("deflate init failed\n");
>+return -1;
>+}
>+/* We will never have more than page_count pages */
>+p->zbuff_len = page_count * qemu_target_page_size();
>+p->zbuff_len *= 2;
>+p->zbuff = g_malloc0(p->zbuff_len);
> }
> return 0;
> }
>@@ -1322,6 +1350,9 @@ int multifd_load_cleanup(Error **errp)
> p->packet_len = 0;
> g_free(p->packet);
> p->packet = NULL;
>+inflateEnd(&p->zs);
>+g_free(p->zbuff);
>+p->zbuff = NULL;
> }
> qemu_sem_destroy(&multifd_recv_state->sem_sync);
> g_free(multifd_recv_state->params);
>@@ -1440,6 +1471,7 @@ int multifd_load_setup(void)
> 
> for (i = 0; i < thread_count; i++) {
> MultiFDRecvParams *p = &multifd_recv_state->params[i];
>+z_stream *zs = &p->zs;
> 

Re: [Qemu-devel] [PATCH v3 6/8] migration: Make none operations into its own structure

[Wei Yang]

On Wed, May 15, 2019 at 02:15:42PM +0200, Juan Quintela wrote:
>+
>+MultifdMethods multifd_none_ops = {
>+.send_prepare = none_send_prepare,
>+.send_write = none_send_write,
>+.recv_pages = none_recv_pages
>+};
>+
> static int multifd_send_initial_packet(MultiFDSendParams *p, Error **errp)
> {
> MultiFDInit_t msg;
>@@ -904,6 +938,8 @@ struct {
> uint64_t packet_num;
> /* send channels ready */
> QemuSemaphore channels_ready;
>+/* multifd ops */
>+MultifdMethods *ops;
> } *multifd_send_state;
> 
> /*
>@@ -1093,6 +1129,8 @@ static void *multifd_send_thread(void *opaque)
> /* initial packet */
> p->num_packets = 1;
> 
>+multifd_send_state->ops = &multifd_none_ops;
>+

I am afraid it is not a good practice to assign ops when each thread starts
work.

> while (true) {
> qemu_sem_wait(&p->sem);
> qemu_mutex_lock(&p->mutex);
>@@ -1102,7 +1140,12 @@ static void *multifd_send_thread(void *opaque)
> uint64_t packet_num = p->packet_num;
> uint32_t flags = p->flags;
> 
>-p->next_packet_size = used * qemu_target_page_size();
>+if (used) {
>+ret = multifd_send_state->ops->send_prepare(p, used);
>+if (ret != 0) {
>+break;
>+}
>+}
> multifd_send_fill_packet(p);
> p->flags = 0;
> p->num_packets++;
>@@ -1120,8 +1163,7 @@ static void *multifd_send_thread(void *opaque)
> }
> 
> if (used) {
>-ret = qio_channel_writev_all(p->c, p->pages->iov,
>- used, &local_err);
>+ret = multifd_send_state->ops->send_write(p, used, 
>&local_err);
> if (ret != 0) {
> break;
> }
>@@ -1223,6 +1265,8 @@ struct {
> QemuSemaphore sem_sync;
> /* global number of generated multifd packets */
> uint64_t packet_num;
>+/* multifd ops */
>+MultifdMethods *ops;
> } *multifd_recv_state;
> 
> static void multifd_recv_terminate_threads(Error *err)
>@@ -1324,6 +1368,7 @@ static void *multifd_recv_thread(void *opaque)
> trace_multifd_recv_thread_start(p->id);
> rcu_register_thread();
> 
>+multifd_recv_state->ops = &multifd_none_ops;

same as here.

> while (true) {
> uint32_t used;
> uint32_t flags;
>@@ -1353,8 +1398,7 @@ static void *multifd_recv_thread(void *opaque)
> qemu_mutex_unlock(&p->mutex);
> 
> if (used) {
>-ret = qio_channel_readv_all(p->c, p->pages->iov,
>-used, &local_err);
>+ret = multifd_recv_state->ops->recv_pages(p, used, &local_err);
> if (ret != 0) {
> break;
> }
>-- 
>2.21.0
>

-- 
Wei Yang
Help you, Help me

Re: [Qemu-devel] [PATCH v2 13/15] qmp: Expose manual_dirty_log_protect via "query-kvm"

[Peter Xu]

On Mon, May 20, 2019 at 11:30:01AM -0500, Eric Blake wrote:
> On 5/19/19 10:08 PM, Peter Xu wrote:
> > Expose the new capability via "query-kvm" QMP command too so we know
> > whether that's turned on on the source VM when we want.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  accel/kvm/kvm-all.c  | 5 +
> >  include/sysemu/kvm.h | 2 ++
> >  qapi/misc.json   | 6 +-
> >  qmp.c| 1 +
> >  4 files changed, 13 insertions(+), 1 deletion(-)
> > 
> 
> > +++ b/qapi/misc.json
> > @@ -253,9 +253,13 @@
> >  #
> >  # @present: true if KVM acceleration is built into this executable
> >  #
> > +# @manual-dirty-log-protect: true if manual dirty log protect is enabled
> > +#
> 
> If we want this exposed (and Paolo is right that we might not), it needs
> '(since 4.1)' designation.

Yes I'll drop them.  Still, thanks to review the grammar part (as
always).

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 12/15] kvm: Support KVM_CLEAR_DIRTY_LOG

[Peter Xu]

On Mon, May 20, 2019 at 12:50:24PM +0200, Paolo Bonzini wrote:
> On 20/05/19 05:08, Peter Xu wrote:
> > +s->manual_dirty_log_protect =
> > +kvm_check_extension(s, KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2);
> > +if (s->manual_dirty_log_protect) {
> > +ret = kvm_vm_enable_cap(s, KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2, 0, 
> > 1);
> > +if (ret) {
> > +warn_report("Trying to enable KVM_CAP_MANUAL_DIRTY_LOG_PROTECT 
> > "
> 
> Please use KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2 in the error too (and in
> the commit message).

Oops I did miss these, actually I also noticed some commit messages
that mentioned the wrong capability name and I'll change them too
(e.g., in patch 8 where the new memory API is introduced).

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 11/15] kvm: Introduce slots lock for memory listener

[Peter Xu]

On Mon, May 20, 2019 at 12:49:39PM +0200, Paolo Bonzini wrote:
> On 20/05/19 05:08, Peter Xu wrote:
> > +/* Must be with slots_lock held */
> 
> Perhaps "Called with KVMMemoryListener slots_lock held."?

Yes sounds better.  I'm replacing the old comments with "Called with
KVMMemoryListener.slots_lock held" (with the dot).

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 03/15] migration: No need to take rcu during sync_dirty_bitmap

[Peter Xu]

On Mon, May 20, 2019 at 12:48:01PM +0200, Paolo Bonzini wrote:
> On 20/05/19 05:08, Peter Xu wrote:
> > cpu_physical_memory_sync_dirty_bitmap() has one RAMBlock* as
> > parameter, which means that it must be with RCU read lock held
> > already.  Taking it again inside seems redundant.  Removing it.
> > Instead comment on the functions about the RCU read lock.
> > 
> > Reviewed-by: Paolo Bonzini 
> > Signed-off-by: Peter Xu 
> > ---
> >  include/exec/ram_addr.h | 5 +
> >  migration/ram.c | 1 +
> >  2 files changed, 2 insertions(+), 4 deletions(-)
> > 
> > diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
> > index 139ad79390..993fb760f3 100644
> > --- a/include/exec/ram_addr.h
> > +++ b/include/exec/ram_addr.h
> > @@ -408,6 +408,7 @@ static inline void 
> > cpu_physical_memory_clear_dirty_range(ram_addr_t start,
> >  }
> >  
> >  
> > +/* Must be with rcu read lock held */
> 
> The usual way to spell this is "Called within RCU critical section.",
> otherwise the patch looks good.

Sure, I'm switching to this with the r-b kept.

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 0/5] fw_cfg_test refactor and add two test cases

[Li Qiang]

Philippe Mathieu-Daudé  于2019年5月21日周二 上午5:29写道：

> Hi Li,
>
> On 5/17/19 4:28 AM, Li Qiang wrote:
> > Ping.
> >
> > Li Qiang mailto:liq...@gmail.com>> 于2019年5月9日周四
> > 下午5:57写道：
> >
> > Ping this serials.
>
> I apologize I hold this series for too long.
> With your v1 I wanted to clarify the commit descriptions without asking
> you to send a v2, then I reword your patches and the same day you sent
> your v2, then I had mixed feeling about how to do to not frustrate you
> asking to respin again, but I ended it worst :(
>


Hi Philippe, not afraid to frustrate me next time, just send out the review
email. I don't mind to make
revisions to improve the patches.



> I adapted the descriptions on your v2 and will repost as v3, then merge
> if you are OK with v3.
>
>

I have no objection for this, just merge it.

Thanks,
Li Qiang




> Regards,
>
> Phil.
>
> >
> > Thanks,
> > Li Qiang
> >
> > Li Qiang mailto:liq...@163.com>> 于2019年4月24日周
> > 三 下午10:07写道：
> >
> > In the disscuss of adding reboot timeout test case:
> >
> https://lists.gnu.org/archive/html/qemu-devel/2019-04/msg03304.html
> >
> > Philippe suggested we should uses the only related option for one
> > specific test. However currently we uses one QTestState for all
> the
> > test cases. In order to achieve Philippe's idea, I split the
> > test case
> > for its own QTestState. As this patchset has changed a lot, I
> > don't bump
> > the version.
> >
> > Change since v1:
> > Add a patch to store the reboot_timeout as little endian
> > Fix the endian issue per Thomas's review
> >
> > Li Qiang (5):
> >   tests: refactor fw_cfg_test
> >   tests: fw_cfg: add a function to get the fw_cfg file
> >   fw_cfg: reboot: store reboot-timeout as little endian
> >   tests: fw_cfg: add reboot_timeout test case
> >   tests: fw_cfg: add splash time test case
> >
> >  hw/nvram/fw_cfg.c |   4 +-
> >  tests/fw_cfg-test.c   | 125
> > +++---
> >  tests/libqos/fw_cfg.c |  55 +++
> >  tests/libqos/fw_cfg.h |   9 +++
> >  4 files changed, 184 insertions(+), 9 deletions(-)
> >
> > --
> > 2.17.1
> >
> >
>

Re: [Qemu-devel] [PATCH 1/2] target/ppc: Use vector variable shifts for VSL, VSR, VSRA

[Richard Henderson]

On 5/20/19 2:49 AM, Aleksandar Markovic wrote:
> 
> On May 18, 2019 9:21 PM, "Richard Henderson"  > wrote:
>>
>> The gvec expanders take care of masking the shift amount
>> against the element width.
>>
>> Signed-off-by: Richard Henderson  >
>> ---
>>  target/ppc/helper.h                 | 12 --
>>  target/ppc/int_helper.c             | 37 -
>>  target/ppc/translate/vmx-impl.inc.c | 24 +--
> 
> You changed the line
> 
> -GEN_VXFORM(vslw, 2, 6);
> 
> to be:
> 
> +GEN_VXFORM_V(vslw, MO_32, tcg_gen_gvec_shlv, 2, 6);
> 
> and left this line unchanged (even though it deals with the same vslw 
> instruction):
> 
> GEN_VXFORM_DUAL(vslw, PPC_ALTIVEC, PPC_NONE, \                 vrlwnm,
> PPC_NONE, PPC2_ISA300)
> 
> I just want to doublecheck - is this really what you wanted to do?

Yes, the macros do two different things.

The first defines a function using tcg_gen_gvec_shlv as the implementation.

The second defines a function that chooses between two overloaded encodings,
depending on whether PPC_ALTIVEC or PPC2_ISA300 is enabled.  If PPC_ALTIVEC, it
will forward the implementation to the function defined with the first macro.


r~

Re: [Qemu-devel] [PATCH v4 00/14] spapr: add KVM support to the XIVE interrupt mode

[David Gibson]

On Mon, May 13, 2019 at 10:42:31AM +0200, Cédric Le Goater wrote:
> Hello,
> 
> This is the v4 of the QEMU/KVM patchset.
> 
> The first patches introduce the XIVE KVM device, state synchronization
> and migration support under KVM. The second part of the patchset
> modifies the XICS and XIVE interrupt models to add KVM support to the
> 'dual' IRQ backend.

Ok, I've applied this to my tree, and I'm prepping for a pull request
right now.

> 
> GitHub trees available here :
>  
> QEMU sPAPR:
> 
>   https://github.com/legoater/qemu/commits/xive-next
>   
> Linux/KVM:
> 
>   https://github.com/legoater/linux/commits/xive-5.1
> 
> Thanks,
> 
> C.
> 
> Changes since v3:
> 
>  - updates of the kvm headers are synced with commit 0caecf5b0019
>(kvm-ppc-next-5.2-1) in branch kvm-ppc-next. will conflict with
>kvm-arm.   
>  - added usage of xive_end_qaddr() helper
>  - removed KVM_DESTROY_DEVICE control. KVM device is destroyed when
>the fd is closed.
>  - update in kvmppc_xive_source_reset_one()
>  - introduced a 'init' boolean under ICSState
>  - removed extra spapr_irq_init_device() in spapr_irq_init_xive() 
>  - reworked slightly the code sequence in xics_kvm_init() creating the
>presenters and connecting them to the KVM XICS device.
> 
> Changes since v2:
> 
>  - update linux headers to 5.1-rc1
>  - rebased on new naming scheme
>  - rebased on new configuration system
>  - replaced error_report_err() by warn_report_err()
>  - added an assert() in spapr_xive_end_to_target()
>  - moved xive_end_is_valid() check out of kvmppc_xive_set_queue_config()
>  - dealt with MASKED EAS
>  - reworked ESB memory operations
>  - improved KVM_XIVE_EQ_ALWAYS_NOTIFY handling
>  - removed the capture of the OS CAM line value from KVM
>  - merged in the handling of pending interrupts while the VM is stopped.
>  - did an update in ics_set_kvm_state_one()
>  - removed spapr_ics_create() 
>  - introduced a spapr_irq_init_device() helper
>  - reworked test on single initialization of the emulated IRQ device
> 
> Changes since v1:
> 
>  - Reworked most of the KVM interface
>  - Reworked *All* hcalls which are now handled at the QEMU level,
>possibly extended with a KVM device ioctl when required.
>  - TIMA and ESB special mapping done on the KVM device fd.
>  - Tested on nested
>  - Implemented the device fallback mode when a kernel_irqchip is not
>available and not required. Useful on nested to use XIVE. 
>  - Fix device hotplug when VM is stopped (Is this necessary ?)
> 
> 
> Cédric Le Goater (14):
>   linux-headers: update linux headers to kvm-ppc-next-5.2-1
>   spapr/xive: add KVM support
>   spapr/xive: add hcall support when under KVM
>   spapr/xive: add state synchronization with KVM
>   spapr/xive: introduce a VM state change handler
>   spapr/xive: add migration support for KVM
>   spapr/xive: activate KVM support
>   sysbus: add a sysbus_mmio_unmap() helper
>   spapr: introduce routines to delete the KVM IRQ device
>   spapr: check for the activation of the KVM IRQ device
>   spapr/irq: introduce a spapr_irq_init_device() helper
>   spapr/irq: initialize the IRQ device only once
>   ppc/xics: fix irq priority in ics_set_irq_type()
>   spapr/irq: add KVM support to the 'dual' machine
> 
>  include/hw/ppc/spapr_irq.h  |   2 +
>  include/hw/ppc/spapr_xive.h |  39 ++
>  include/hw/ppc/xics.h   |   1 +
>  include/hw/ppc/xics_spapr.h |   1 +
>  include/hw/ppc/xive.h   |  14 +
>  include/hw/sysbus.h |   1 +
>  linux-headers/asm-powerpc/kvm.h |  46 ++
>  linux-headers/linux/kvm.h   |   3 +
>  target/ppc/kvm_ppc.h|   6 +
>  hw/core/sysbus.c|  10 +
>  hw/intc/spapr_xive.c| 172 ++-
>  hw/intc/spapr_xive_kvm.c| 827 
>  hw/intc/xics.c  |  10 +-
>  hw/intc/xics_kvm.c  | 113 -
>  hw/intc/xics_spapr.c|   7 +
>  hw/intc/xive.c  |  44 +-
>  hw/ppc/spapr_irq.c  | 140 --
>  target/ppc/kvm.c|   7 +
>  hw/intc/Makefile.objs   |   1 +
>  hw/ppc/Kconfig  |   5 +
>  20 files changed, 1384 insertions(+), 65 deletions(-)
>  create mode 100644 hw/intc/spapr_xive_kvm.c
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 13/15] qmp: Expose manual_dirty_log_protect via "query-kvm"

[Peter Xu]

On Mon, May 20, 2019 at 12:44:29PM +0200, Paolo Bonzini wrote:
> On 20/05/19 05:08, Peter Xu wrote:
> > Expose the new capability via "query-kvm" QMP command too so we know
> > whether that's turned on on the source VM when we want.
> > 
> > Signed-off-by: Peter Xu 
> 
> Is this useful?  We could I guess make a migration capability in order
> to benchmark with the old code, but otherwise I would just make this a
> "hidden" optimization just like many others (same for patch 14).
> 
> In other words, there are many other capabilities that we could inform
> the user about, I don't see what makes manual_dirty_log_protect special.

Yes this is mostly used for me to make sure the new capability is
enabled when comparing with the old code.  I added QMP part too
because otherwise I'll need to justify why I only add HMP...

But I agree with above - let's drop these two QMP/HMP patches.

Thanks,

-- 
Peter Xu

[Qemu-devel] [PATCH 2/4] BootLinuxConsoleTest: Test nanoMIPS kernels on the I7200 CPU

[Philippe Mathieu-Daudé]

Similar to the x86_64/pc test, it boots a Linux kernel on a Malta
machine and verify the serial is working.

Use the documentation added in commit f7d257cb4a17 to test
nanoMIPS kernels and the I7200 CPU.

This test can be run using:

  $ avocado --show=console run -t arch:mipsel 
tests/acceptance/boot_linux_console.py
  console: [0.00] Linux version 4.15.18-00432-gb2eb9a8b 
(emubuild@mipscs563) (gcc version 6.3.0 (Codescape GNU Tools 2018.04-02 for 
nanoMIPS Linux)) #1 SMP Wed Jun 27 11:10:08 PDT 2018
  console: [0.00] GCRs appear to have been moved (expected them at 
0x1fbf8000)!
  console: [0.00] GCRs appear to have been moved (expected them at 
0x1fbf8000)!
  console: [0.00] CPU0 revision is: 0001 (MIPS GENERIC QEMU)
  console: [0.00] MIPS: machine is mti,malta
  console: [0.00] Determined physical RAM map:
  console: [0.00]  memory: 0800 @  (usable)
  console: [0.00] earlycon: ns16550a0 at I/O port 0x3f8 (options 
'38400n8')
  console: [0.00] bootconsole [ns16550a0] enabled
  console: [0.00] User-defined physical RAM map:
  console: [0.00]  memory: 1000 @  (usable)
  console: [0.00] Initrd not found or empty - disabling initrd
  console: [0.00] MIPS CPS SMP unable to proceed without a CM
  console: [0.00] Primary instruction cache 32kB, VIPT, 4-way, linesize 
32 bytes.
  console: [0.00] Primary data cache 32kB, 4-way, VIPT, cache aliases, 
linesize 32 bytes
  console: [0.00] This processor doesn't support highmem. -262144k 
highmem ignored
  console: [0.00] Zone ranges:
  console: [0.00]   Normal   [mem 0x-0x0fff]
  console: [0.00]   HighMem  empty
  console: [0.00] Movable zone start for each node
  console: [0.00] Early memory node ranges
  console: [0.00]   node   0: [mem 
0x-0x0fff]
  console: [0.00] Initmem setup node 0 [mem 
0x-0x0fff]
  console: [0.00] random: get_random_bytes called from 
start_kernel+0x60/0x2f0 with crng_init=0
  console: [0.00] percpu: Embedded 16 pages/cpu @(ptrval) s36620 r8192 
d20724 u65536
  console: [0.00] Built 1 zonelists, mobility grouping on.  Total 
pages: 64960
  console: [0.00] Kernel command line: printk.time=0 mem=256m@@0x0 
console=ttyS0 earlycon

Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/acceptance/boot_linux_console.py | 58 ++
 1 file changed, 58 insertions(+)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index 6aa084e049..1c330871c0 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -10,6 +10,8 @@
 
 import os
 import logging
+import lzma
+import shutil
 
 from avocado_qemu import Test
 from avocado.utils import process
@@ -136,6 +138,62 @@ class BootLinuxConsole(Test):
 console_pattern = 'Kernel command line: %s' % kernel_command_line
 self.wait_for_console_pattern(console_pattern)
 
+def do_test_mips_malta32el_nanomips(self, kernel_url, kernel_hash):
+kernel_path_xz = self.fetch_asset(kernel_url, asset_hash=kernel_hash)
+kernel_path = self.workdir + "kernel"
+with lzma.open(kernel_path_xz, 'rb') as f_in:
+with open(kernel_path, 'wb') as f_out:
+shutil.copyfileobj(f_in, f_out)
+
+self.vm.set_machine('malta')
+self.vm.set_console()
+kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE
+   + 'mem=256m@@0x0 '
+   + 'console=ttyS0')
+self.vm.add_args('-no-reboot',
+ '-cpu', 'I7200',
+ '-kernel', kernel_path,
+ '-append', kernel_command_line)
+self.vm.launch()
+console_pattern = 'Kernel command line: %s' % kernel_command_line
+self.wait_for_console_pattern(console_pattern)
+
+def test_mips_malta32el_nanomips_4k(self):
+"""
+:avocado: tags=arch:mipsel
+:avocado: tags=machine:malta
+:avocado: tags=endian:little
+"""
+kernel_url = ('https://mipsdistros.mips.com/LinuxDistro/nanomips/'
+  'kernels/v4.15.18-432-gb2eb9a8b07a1-20180627102142/'
+  'generic_nano32r6el_page4k.xz')
+kernel_hash = '477456aafd2a0f1ddc9482727f20fe9575565dd6'
+self.do_test_mips_malta32el_nanomips(kernel_url, kernel_hash)
+
+def test_mips_malta32el_nanomips_16k_up(self):
+"""
+:avocado: tags=arch:mipsel
+:avocado: tags=machine:malta
+:avocado: tags=endian:little
+"""
+kernel_url = ('https://mipsdistros.mips.com/LinuxDistro/nanomips/'
+  'kernels/v4.15.18-432-gb2eb9a8b07a1-20180627102142/'
+  'gen

[Qemu-devel] [PATCH 3/4] BootLinuxConsoleTest: Run kerneltests BusyBox on Malta

[Philippe Mathieu-Daudé]

This tests boots a Linux kernel on a Malta machine up to a
busybox shell on the serial console. Few commands are executed
before halting the machine (via reboot).

We use the initrd cpio image from the kerneltests project:
https://kerneltests.org/

If MIPS is a target being built, "make check-acceptance" will
automatically include this test by the use of the "arch:mips" tags.

Alternatively, this test can be run using:

  $ avocado --show=console run -t arch:mips 
tests/acceptance/boot_linux_console.py
  [...]
  console: Boot successful.
  [...]
  console: / # uname -a
  console: Linux buildroot 4.5.0-2-4kc-malta #1 Debian 4.5.5-1 (2016-05-29) 
mips GNU/Linux
  console: / # reboot
  console: / # reboot: Restarting system

Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/acceptance/boot_linux_console.py | 49 ++
 1 file changed, 49 insertions(+)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index 1c330871c0..60ea240ab6 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -11,6 +11,7 @@
 import os
 import logging
 import lzma
+import gzip
 import shutil
 
 from avocado_qemu import Test
@@ -47,6 +48,11 @@ class BootLinuxConsole(Test):
 fail = 'Failure message found in console: %s' % failure_message
 self.fail(fail)
 
+def exec_command_and_wait_for_pattern(self, command, success_message):
+command += '\n'
+self.vm.console_socket.sendall(command.encode())
+self.wait_for_console_pattern(success_message)
+
 def extract_from_deb(self, deb, path):
 """
 Extracts a file from a deb package into the test workdir
@@ -138,6 +144,49 @@ class BootLinuxConsole(Test):
 console_pattern = 'Kernel command line: %s' % kernel_command_line
 self.wait_for_console_pattern(console_pattern)
 
+def test_mips_malta_cpio(self):
+"""
+:avocado: tags=arch:mips
+:avocado: tags=machine:malta
+:avocado: tags=endian:big
+"""
+deb_url = ('http://snapshot.debian.org/archive/debian/'
+   '20160601T041800Z/pool/main/l/linux/'
+   'linux-image-4.5.0-2-4kc-malta_4.5.5-1_mips.deb')
+deb_hash = 'a3c84f3e88b54e06107d65a410d1d1e8e0f340f8'
+deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+kernel_path = self.extract_from_deb(deb_path,
+'/boot/vmlinux-4.5.0-2-4kc-malta')
+initrd_url = ('https://github.com/groeck/linux-build-test/raw/'
+  '8584a59ed9e5eb5ee7ca91f6d74bbb06619205b8/rootfs/'
+  'mips/rootfs.cpio.gz')
+initrd_hash = 'bf806e17009360a866bf537f6de66590de349a99'
+initrd_path_gz = self.fetch_asset(initrd_url, asset_hash=initrd_hash)
+initrd_path = self.workdir + "rootfs.cpio"
+
+with gzip.open(initrd_path_gz, 'rb') as f_in:
+with open(initrd_path, 'wb') as f_out:
+shutil.copyfileobj(f_in, f_out)
+
+self.vm.set_machine('malta')
+self.vm.set_console()
+kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE
+   + 'console=ttyS0 console=tty '
+   + 'rdinit=/sbin/init noreboot')
+self.vm.add_args('-kernel', kernel_path,
+ '-initrd', initrd_path,
+ '-append', kernel_command_line,
+ '-no-reboot')
+self.vm.launch()
+self.wait_for_console_pattern('Boot successful.')
+
+self.exec_command_and_wait_for_pattern('cat /proc/cpuinfo',
+   'BogoMIPS')
+self.exec_command_and_wait_for_pattern('uname -a',
+   'Debian')
+self.exec_command_and_wait_for_pattern('reboot',
+   'reboot: Restarting system')
+
 def do_test_mips_malta32el_nanomips(self, kernel_url, kernel_hash):
 kernel_path_xz = self.fetch_asset(kernel_url, asset_hash=kernel_hash)
 kernel_path = self.workdir + "kernel"
-- 
2.19.1

[Qemu-devel] [PATCH 4/4] BootLinuxSshTest: Test some userspace commands on Malta

[Philippe Mathieu-Daudé]

This tests boot a full VM and check the serial console until
the SSH daemon is running, then start a SSH session and run
some commands.

This test can be run using:

  $ avocado --show=ssh run -t arch:mips tests/acceptance/linux_ssh_mips_malta.py
  ssh: Entering interactive session.
  ssh: # uname -a
  ssh: Linux debian-mips 3.2.0-4-4kc-malta #1 Debian 3.2.51-1 mips GNU/Linux
  ssh: # lspci -d 11ab:4620
  ssh: 00:00.0 Host bridge: Marvell Technology Group Ltd. 
GT-64120/64120A/64121A System Controller (rev 10)
  ssh: # cat /sys/bus/i2c/devices/i2c-0/name
  ssh: SMBus PIIX4 adapter at 1100
  ssh: # cat /proc/mtd
  ssh: dev:size   erasesize  name
  ssh: mtd0: 0010 0001 "YAMON"
  ssh: mtd1: 002e 0001 "User FS"
  ssh: mtd2: 0002 0001 "Board Config"
  ssh: # md5sum /dev/mtd2ro
  ssh: 0dfbe8aa4c20b52e1b8bf3cb6cbdf193  /dev/mtd2ro
  ssh: # poweroff

Signed-off-by: Philippe Mathieu-Daudé 
---
TODO: do not run this tests by default, use the 'slow' tag
---
 MAINTAINERS  |   1 +
 tests/acceptance/linux_ssh_mips_malta.py | 229 +++
 tests/requirements.txt   |   1 +
 3 files changed, 231 insertions(+)
 create mode 100644 tests/acceptance/linux_ssh_mips_malta.py

diff --git a/MAINTAINERS b/MAINTAINERS
index 9424a490d6..69fa4b3abc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -934,6 +934,7 @@ M: Aurelien Jarno 
 R: Aleksandar Rikalo 
 S: Maintained
 F: hw/mips/mips_malta.c
+F: tests/acceptance/linux_ssh_mips_malta.py
 
 Mipssim
 M: Aleksandar Markovic 
diff --git a/tests/acceptance/linux_ssh_mips_malta.py 
b/tests/acceptance/linux_ssh_mips_malta.py
new file mode 100644
index 00..ceb530ff88
--- /dev/null
+++ b/tests/acceptance/linux_ssh_mips_malta.py
@@ -0,0 +1,229 @@
+# Functional test that boots a VM and run commands via a SSH session
+#
+# Copyright (c) Philippe Mathieu-Daudé 
+#
+# This work is licensed under the terms of the GNU GPL, version 2 or
+# later.  See the COPYING file in the top-level directory.
+
+import os
+import re
+import base64
+import logging
+import paramiko
+import time
+
+from avocado_qemu import Test
+from avocado.utils import process
+from avocado.utils import archive
+
+
+class LinuxSSH(Test):
+
+timeout = 150 # Not for 'configure --enable-debug --enable-debug-tcg'
+
+KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 '
+VM_IP = '127.0.0.1'
+
+IMAGE_INFO = {
+'be': {
+'image_url': 'https://people.debian.org/~aurel32/qemu/mips/'
+ 'debian_wheezy_mips_standard.qcow2',
+'image_hash': '8987a63270df67345b2135a6b7a4885a35e392d5',
+'rsa_hostkey': b'B3NzaC1yc2EDAQABAAABAQCca1VitiyLAdQOld'
+   b'zT43IOEVJZ0wHD78GJi8wDAjMiYWUzNSSn0rXGQsINHuH5'
+   b'IlF+kBZsHinb/FtKCAyS9a8uCHhQI4SuB4QhAb0+39MlUw'
+   b'Mm0CLkctgM2eUUZ6MQMQvDlqnue6CCkxN62EZYbaxmby7j'
+   b'CQa1125o1HRKBvdGm2zrJWxXAfA+f1v6jHLyE8Jnu83eQ+'
+   b'BFY25G+Vzx1PVc3zQBwJ8r0NGTRqy2//oWQP0h+bMsgeFe'
+   b'KH/J3RJM22vg6+I4JAdBFcxnK+l781h1FuRxOn4O/Xslbg'
+   b'go6WtB4V4TOsw2E/KfxI5IZ/icxF+swVcnvF46Hf3uQc/0'
+   b'BBqb',
+},
+'le': {
+'image_url': 'https://people.debian.org/~aurel32/qemu/mipsel/'
+ 'debian_wheezy_mipsel_standard.qcow2',
+'image_hash': '7866764d9de3ef536ffca24c9fb9f04ffdb45802',
+'rsa_hostkey': b'B3NzaC1yc2EDAQABAAABAQClXJlBT71HL5yKvv'
+   b'gfC7jmxSWx5zSBCzET6CLZczwAafSIs7YKfNOy/dQTxhuk'
+   b'yIGFUugZFoF3E9PzdhunuyvyTd56MPoNIqFbb5rGokwU5I'
+   b'TOx3dBHZR0mClypL6MVrwe0bsiIb8GhF1zioNwcsaAZnAi'
+   b'KfXStVDtXvn/kLLq+xLABYt48CC5KYWoFaCoICskLAY+qo'
+   b'L+LWyAnQisj4jAH8VSaSKIImFpfkHWEXPhHcC4ZBlDKtnH'
+   b'po9vhfCHgnfW3Pzrqmk8BI4HysqPFVmJWkJGlGUL+sGeg3'
+   b'ZZolAYuDXGuBrw8ooPJq2v2dOH+z6dyD2q/ypmAbyPqj5C'
+   b'rc8H',
+},
+}
+
+def wait_for_console_pattern(self, success_message,
+ failure_message='Oops'):
+console = self.vm.console_socket.makefile()
+console_logger = logging.getLogger('console')
+while True:
+msg = console.readline()
+console_logger.debug(msg.strip())
+if success_message in msg:
+break
+if failure_message in msg:
+fail = 'Failure message found in console: %s' % failure_message
+self.fail(fail)
+
+def get_portfwd(self):
+res = self.vm.command('human-monitor-command',
+  command_line='info usernet')
+line = res.split('\r\n')[2]
+port = re.split(r'.*TCP.HOST_FOR

[Qemu-devel] [PATCH 0/4] mips: Add more Avocado tests

[Philippe Mathieu-Daudé]

Hi,

It was a rainy week-end here, so I invested it to automatize some
of my MIPS tests.

The BootLinuxSshTest is not Global warming friendly, it is not
meant to run on a CI system but rather on a workstation previous
to post a pull request.
It can surely be improved, but it is a good starting point.

Regards,

Phil.

Philippe Mathieu-Daudé (4):
  BootLinuxConsoleTest: Let extract_from_deb handle various compressions
  BootLinuxConsoleTest: Test nanoMIPS kernels on the I7200 CPU
  BootLinuxConsoleTest: Run kerneltests BusyBox on Malta
  BootLinuxSshTest: Test some userspace commands on Malta

 MAINTAINERS  |   1 +
 tests/acceptance/boot_linux_console.py   | 112 ++-
 tests/acceptance/linux_ssh_mips_malta.py | 229 +++
 tests/requirements.txt   |   1 +
 4 files changed, 341 insertions(+), 2 deletions(-)
 create mode 100644 tests/acceptance/linux_ssh_mips_malta.py

-- 
2.19.1

[Qemu-devel] [PATCH 1/4] BootLinuxConsoleTest: Let extract_from_deb handle various compressions

[Philippe Mathieu-Daudé]

Debian binary package format supports various compressions.

Per man deb(5):

  NAME
deb - Debian binary package format

  FORMAT
...
The third, last required member is named data.tar.  It contains the
filesystem as a tar archive, either not compressed (supported since
dpkg 1.10.24), or compressed with gzip (with .gz extension),
xz (with .xz extension, supported since dpkg 1.15.6),
bzip2 (with .bz2 extension, supported since dpkg 1.10.24) or
lzma (with .lzma extension, supported since dpkg 1.13.25).

List the archive files to have the 3rd name with the correct extension.

The function avocado.utils.archive.extract() will handle the different
compression format for us.

Signed-off-by: Philippe Mathieu-Daudé 
---
This patch is already in Eduardo's queue, but is required in
this series.
---
 tests/acceptance/boot_linux_console.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index d5c500ea30..6aa084e049 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -55,8 +55,9 @@ class BootLinuxConsole(Test):
 """
 cwd = os.getcwd()
 os.chdir(self.workdir)
-process.run("ar x %s data.tar.gz" % deb)
-archive.extract("data.tar.gz", self.workdir)
+file_path = process.run("ar t %s" % deb).stdout_text.split()[2]
+process.run("ar x %s %s" % (deb, file_path))
+archive.extract(file_path, self.workdir)
 os.chdir(cwd)
 return self.workdir + path
 
-- 
2.19.1

[Qemu-devel] [PULL v2 00/36] pci, pc, virtio: features, fixes

[Michael S. Tsirkin]

The following changes since commit 2259637b95bef3116cc262459271de08e038cc66:

  Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging 
(2019-05-20 17:22:05 +0100)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream

for you to fetch changes up to 0c05ec64c388aea59facbef740651afa78e04f50:

  tests: acpi: print error unable to dump ACPI table during rebuild (2019-05-20 
18:40:02 -0400)


pci, pc, virtio: features, fixes

reconnect for vhost blk
tests for UEFI
misc other stuff

Signed-off-by: Michael S. Tsirkin 


Dan Streetman (1):
  do not call vhost_net_cleanup() on running net from char user event

Daniel P. Berrangé (2):
  hw: report invalid disable-legacy|modern usage for virtio-1-only devs
  Revert "globals: Allow global properties to be optional"

David Gibson (2):
  pcie: Remove redundant test in pcie_mmcfg_data_{read,write}()
  pci: Simplify pci_bus_is_root()

Igor Mammedov (16):
  q35: acpi: do not create dummy MCFG table
  tests: acpi: rename acpi_parse_rsdp_table() into acpi_fetch_rsdp_table()
  tests: acpi: make acpi_fetch_table() take size of fetched table pointer
  tests: acpi: make RSDT test routine handle XSDT
  tests: acpi: make pointer to RSDP 64bit
  tests: acpi: fetch X_DSDT if pointer to DSDT is 0
  tests: acpi: skip FACS table if board uses hw reduced ACPI profile
  tests: acpi: move boot_sector_init() into x86 tests branch
  tests: acpi: add acpi_find_rsdp_address_uefi() helper
  tests: acpi: add a way to start tests with UEFI firmware
  tests: acpi: ignore SMBIOS tests when UEFI firmware is used
  tests: acpi: allow to override default accelerator
  tests: add expected ACPI tables for arm/virt board
  tests: acpi: add simple arm/virt testcase
  tests: acpi: refactor rebuild-expected-aml.sh to dump ACPI tables for a 
specified list of targets
  tests: acpi: print error unable to dump ACPI table during rebuild

Li Feng (1):
  libvhost-user: fix bad vu_log_write

Marc-André Lureau (1):
  docs: reST-ify vhost-user documentation

Markus Armbruster (3):
  acpi/piix4: Convert debug printf()s to trace events
  acpi/pcihp: Convert debug printf()s to trace events
  acpi/pcihp: Add a few more trace points related to unplug

Wei Yang (3):
  hw/arm/virt-acpi-build: remove unnecessary variable mcfg_start
  i386, acpi: remove mcfg_ prefix in AcpiMcfgInfo members
  hw/arm/virt-acpi-build: pass AcpiMcfgInfo to build_mcfg()

Xie Yongji (7):
  virtio: Introduce started flag to VirtioDevice
  virtio: Use started flag in virtio_vmstate_change()
  vhost-user-blk: Use started flag in vhost_user_blk_set_status()
  vhost-user-blk: Only start vhost-user backend with the first kick
  vhost-user-blk: Add return value for vhost_user_blk_start()
  vhost-user-blk: Add support to reconnect backend
  contrib/vhost-user-blk: enable inflight I/O tracking

 docs/interop/vhost-user.txt | 1219 
 hw/virtio/virtio-pci.h  |   31 +-
 include/hw/acpi/pci.h   |   33 +
 include/hw/pci/pci.h|1 -
 include/hw/pci/pci_bus.h|   12 +-
 include/hw/qdev-core.h  |3 -
 include/hw/virtio/vhost-user-blk.h  |3 +
 include/hw/virtio/virtio.h  |2 +
 tests/acpi-utils.h  |7 +-
 contrib/libvhost-user/libvhost-user.c   |2 +-
 contrib/vhost-user-blk/vhost-user-blk.c |3 +-
 hw/acpi/pcihp.c |   32 +-
 hw/acpi/piix4.c |   14 +-
 hw/arm/virt-acpi-build.c|   22 +-
 hw/block/vhost-user-blk.c   |  175 +++-
 hw/core/machine.c   |   23 +-
 hw/display/virtio-gpu-pci.c |4 +-
 hw/display/virtio-vga.c |4 +-
 hw/i386/acpi-build.c|   32 +-
 hw/pci-bridge/pci_expander_bridge.c |6 -
 hw/pci/pci.c|   14 +-
 hw/pci/pcie_host.c  |   10 -
 hw/virtio/virtio-crypto-pci.c   |4 +-
 hw/virtio/virtio-input-pci.c|4 +-
 hw/virtio/virtio-pci.c  |   27 +-
 hw/virtio/virtio.c  |   54 +-
 net/vhost-user.c|1 -
 qom/object.c|3 -
 tests/acpi-utils.c  |   68 +-
 tests/bios-tables-test.c|  146 +++-
 tests/vmgenid-test.c|6 +-
 MAINTAINERS |2 +-
 docs/interop/index.rst  |2 +-
 docs/interop/vhost-user.rst | 1351 +++
 hw/acpi/trace-events|   16 +
 tests/Makefile.

Re: [Qemu-devel] QMP Example Formatting in ReST, Sphinx, and Pygments (was: Re: [Bug] Docs build fails at interop.rst)

[Eduardo Habkost]

On Mon, May 20, 2019 at 05:25:28PM -0400, John Snow wrote:
> 
> 
> On 5/20/19 12:37 PM, John Snow wrote:
> > 
> > 
> > On 5/20/19 7:30 AM, Aarushi Mehta wrote:
> >> https://paste.fedoraproject.org/paste/kOPx4jhtUli---TmxSLrlw
> >> running python3-sphinx-2.0.1-1.fc31.noarch on Fedora release 31
> >> (Rawhide)
> >>
> >> uname - a
> >> Linux iouring 5.1.0-0.rc6.git3.1.fc31.x86_64 #1 SMP Thu Apr 25 14:25:32
> >> UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
> >>
> >> Reverting commmit 90edef80a0852cf8a3d2668898ee40e8970e431
> >> allows for the build to occur
> >>
> >> Regards
> >> Aarushi Mehta
> >>
> >>
> > 
> > Ah, dang. The blocks aren't strictly conforming json, but the version I
> > tested this under didn't seem to care. Your version is much newer. (I
> > was using 1.7 as provided by Fedora 29.)
> > 
> > For now, try reverting 9e5b6cb87db66dfb606604fe6cf40e5ddf1ef0e7 instead,
> > which should at least turn off the "warnings as errors" option, but I
> > don't think that reverting -n will turn off this warning.
> > 
> > I'll try to get ahold of this newer version and see if I can't fix it
> > more appropriately.
> > 
> > --js
> > 
> 
> ...Sigh, okay.
> 
> So, I am still not actually sure what changed from pygments 2.2 and
> sphinx 1.7 to pygments 2.4 and sphinx 2.0.1, but it appears as if Sphinx
> by default always tries to do add a filter to the pygments lexer that
> raises an error on highlighting failure, instead of the default behavior
> which is to just highlight those errors in the output. There is no
> option to Sphinx that I am aware of to retain this lexing behavior.
> (Effectively, it's strict or nothing.)
> 
> This approach, apparently, is broken in Sphinx 1.7/Pygments 2.2, so the
> build works with our malformed json.
> 
> There are a few options:
> 
> 1. Update conf.py to ignore these warnings (and all future lexing
> errors), and settle for the fact that there will be no QMP highlighting
> wherever we use the directionality indicators ('->', '<-').
> 
> 2. Update bitmaps.rst to remove the directionality indicators.
> 
> 3. Update bitmaps.rst to format the QMP blocks as raw text instead of JSON.
> 
> 4. Update bitmaps.rst to remove the "json" specification from the code
> block. This will cause sphinx to "guess" the formatting, and the
> pygments guesser will decide it's Python3.
> 
> This will parse well enough, but will mis-highlight 'true' and 'false'
> which are not python keywords. This approach may break in the future if
> the Python3 lexer is upgraded to be stricter (because '->' and '<-' are
> still invalid), and leaves us at the mercy of both the guesser and the
> lexer.
> 
> I'm not actually sure what I dislike the least; I think I dislike #1 the
> most. #4 gets us most of what we want but is perhaps porcelain.
> 
> I suspect if we attempt to move more of our documentation to ReST and
> Sphinx that we will need to answer for ourselves how we intend to
> document QMP code flow examples.

Writing a custom lexer that handles "<-" and "->" was simple (see below).

Now, is it possible to convince Sphinx to register and use a custom lexer?

$ cat > /tmp/lexer.py < *', Generic.Prompt),
(r' *<- *', Generic.Output),
]
}

class QMPExampleLexer(DelegatingLexer):
def __init__(self, **options):
super(QMPExampleLexer, self).__init__(JsonLexer, 
QMPExampleMarkersLexer, Error, **options)
EOF
$ pygmentize -l /tmp/lexer.py:QMPExampleLexer -x -f html < {
 "execute": "drive-backup",
 "arguments": {
   "device": "drive0",
   "bitmap": "bitmap0",
   "target": "drive0.inc0.qcow2",
   "format": "qcow2",
   "sync": "incremental",
   "mode": "existing"
 }
   }

<- { "return": {} }
EOF
-> 
{
 "execute": 
"drive-backup",
 "arguments": 
{
   "device": 
"drive0",
   "bitmap": 
"bitmap0",
   "target": 
"drive0.inc0.qcow2",
   "format": 
"qcow2",
   "sync": 
"incremental",
   "mode": 
"existing"
 }
   }

<- { "return": {} }

$ 


-- 
Eduardo

Re: [Qemu-devel] [PATCH v4 6/6] acpi: pci: use build_append_foo() API to construct MCFG

[Michael S. Tsirkin]

On Thu, May 16, 2019 at 07:00:33PM +0200, Igor Mammedov wrote:
> On Thu, 16 May 2019 13:01:31 +0200
> Philippe Mathieu-Daudé  wrote:
> 
> > On Thu, May 16, 2019 at 9:41 AM Wei Yang  
> > wrote:
> > >
> > > On Wed, May 15, 2019 at 07:29:17AM +0200, Philippe Mathieu-Daudé wrote:  
> > > >
> > > >Thanks Michael for testing...
> > > >
> > > >Wei, can you add a MCFG test in tests/bios-tables-test.c?
> > > >  
> > >
> > > I took a look into the test, current q35 has already has a reference MCFG 
> > > in
> > > tests/data/acpi/q35/MCFG.
> > >
> > > And there would be a warning message when reserved[8] is missed.
> > >
> > > /x86_64/acpi/q35/bridge: acpi-test: Warning! MCFG mismatch.
> > >
> > > Is this enough? Or what more information prefer to add?  
> > 
> > Well, the test has to fail for any mismatch (not a simple warning).
> > 
> > A mismatch failure seems to be enough IMHO.
> Warning is sufficient, we do not fail ACPI tests on mismatch.
> It was a policy decision for APCI tests as far as I remember.
> We might reconsider it in the future but it shouldn't affect this patch.

Yes. And the reason is that conflicts in binary expected files are
impossible to resolve. So it's important that we can
fix expected files after a patch that changes them.

I actually have an idea for a better way to fix this:
a special list of "warn on mismatch" files.

A patch changing tables will add the changed tables to the list.
Then maintainer knows to inspec the diff manually
and re-generate expected files, and remove the
changed tables from the list.



Another thing we should do is drop dependency on IASL:

if IASL is present we should use it to show diff to simplify debugging
but at this point a verbatim difference is good enough if IASL is not
installed.


And I agree 100%: all this is a subject for a separate patch(set).



> 
> > 
> > > >>> -AcpiMcfgAllocation allocation[0];
> > > >>> -} QEMU_PACKED;
> > > >>> -typedef struct AcpiTableMcfg AcpiTableMcfg;
> > > >>> -
> > > >>>  /*
> > > >>>   * TCPA Description Table
> > > >>>   *
> > > >>> --
> > > >>> 2.19.1  
> > >
> > > --
> > > Wei Yang
> > > Help you, Help me  
> > 

Re: [Qemu-devel] [PULL 00/37] pci, pc, virtio: features, fixes

[Michael S. Tsirkin]

On Thu, May 16, 2019 at 08:33:13PM +0200, Philippe Mathieu-Daudé wrote:
> On 5/16/19 6:04 PM, Peter Maydell wrote:
> > On Thu, 16 May 2019 at 13:17, Michael S. Tsirkin  wrote:
> >>
> >> The following changes since commit 
> >> efb4f3b62c69383a7308d7b739a3193e7c0ccae8:
> >>
> >>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
> >> into staging (2019-05-10 14:49:36 +0100)
> >>
> >> are available in the Git repository at:
> >>
> >>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
> >>
> >> for you to fetch changes up to 0534d255dae78450d90d59db0f3a9a46b32ebd73:
> >>
> >>   tests: acpi: print error unable to dump ACPI table during rebuild 
> >> (2019-05-14 21:19:14 -0400)
> >>
> >> 
> >> pci, pc, virtio: features, fixes
> >>
> >> reconnect for vhost blk
> >> tests for UEFI
> >> misc other stuff
> >>
> >> Signed-off-by: Michael S. Tsirkin 
> >>
> >> 
> > 
> > Hi -- this pullreq has a conflict in default-configs/arm-softmmu.mak
> > because the conversion of arm to Kconfig has landed in master.
> > Could you rebase and fix up to use whatever the Kconfig
> > equivalent of these changes is, please?
> 
> Culprit is "hw/acpi: Consolidate build_mcfg to pci.c"
> 
> The conflict doesn't look trivial to resolve (to me) so I'd rather see
> it reviewed (by Thomas). I suggest to drop the patch(es) from your PR :(
> 
> Regards,
> 
> Phil.

Yea, that's what I did.

-- 
MST

Re: [Qemu-devel] [PULL 00/37] pci, pc, virtio: features, fixes

[Michael S. Tsirkin]

On Thu, May 16, 2019 at 05:04:42PM +0100, Peter Maydell wrote:
> On Thu, 16 May 2019 at 13:17, Michael S. Tsirkin  wrote:
> >
> > The following changes since commit efb4f3b62c69383a7308d7b739a3193e7c0ccae8:
> >
> >   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
> > into staging (2019-05-10 14:49:36 +0100)
> >
> > are available in the Git repository at:
> >
> >   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
> >
> > for you to fetch changes up to 0534d255dae78450d90d59db0f3a9a46b32ebd73:
> >
> >   tests: acpi: print error unable to dump ACPI table during rebuild 
> > (2019-05-14 21:19:14 -0400)
> >
> > 
> > pci, pc, virtio: features, fixes
> >
> > reconnect for vhost blk
> > tests for UEFI
> > misc other stuff
> >
> > Signed-off-by: Michael S. Tsirkin 
> >
> > 
> 
> Hi -- this pullreq has a conflict in default-configs/arm-softmmu.mak
> because the conversion of arm to Kconfig has landed in master.
> Could you rebase and fix up to use whatever the Kconfig
> equivalent of these changes is, please?
> 
> thanks
> -- PMM


Rebased and dropped the conflicting patch.
Pls re-pull.

-- 
MST

Re: [Qemu-devel] [PATCH 0/4] add failover feature for assigned network devices

[Alex Williamson]

On Fri, 17 May 2019 14:58:16 +0200
Jens Freimann  wrote:

> This is another attempt at implementing the host side of the
> net_failover concept
> (https://www.kernel.org/doc/html/latest/networking/net_failover.html)
> 
> Changes since last RFC:
> - work around circular dependency of commandline options. Just add
>   failover=on to the virtio-net standby options and reference it from
>   primary (vfio-pci) device with standby=  
> - add patch 3/4 to allow migration of vfio-pci device when it is part of a
>   failover pair, still disallow for all other devices
> - add patch 4/4 to allow unplug of device during migrationm, make an
>   exception for failover primary devices. I'd like feedback on how to
>   solve this more elegant. I added a boolean to DeviceState, have it
>   default to false for all devices except for primary devices. 
> - not tested yet with surprise removal
> - I don't expect this to go in as it is, still needs more testing but
>   I'd like to get feedback on above mentioned changes.
> 
> The general idea is that we have a pair of devices, a vfio-pci and a
> emulated device. Before migration the vfio device is unplugged and data
> flows to the emulated device, on the target side another vfio-pci device
> is plugged in to take over the data-path. In the guest the net_failover
> module will pair net devices with the same MAC address.
> 
> * In the first patch the infrastructure for hiding the device is added
>   for the qbus and qdev APIs. 
> 
> * In the second patch the virtio-net uses the API to defer adding the vfio
>   device until the VIRTIO_NET_F_STANDBY feature is acked.
> 
> Previous discussion: 
>   RFC v1 https://patchwork.ozlabs.org/cover/989098/
>   RFC v2 https://www.mail-archive.com/qemu-devel@nongnu.org/msg606906.html
> 
> To summarize concerns/feedback from previous discussion:
> 1.- guest OS can reject or worse _delay_ unplug by any amount of time.
>   Migration might get stuck for unpredictable time with unclear reason.
>   This approach combines two tricky things, hot/unplug and migration. 
>   -> We can surprise-remove the PCI device and in QEMU we can do all  
>  necessary rollbacks transparent to management software. Will it be
>  easy, probably not.
> 2. PCI devices are a precious ressource. The primary device should never
>   be added to QEMU if it won't be used by guest instead of hiding it in
>   QEMU. 
>   -> We only hotplug the device when the standby feature bit was  
>  negotiated. We save the device cmdline options until we need it for
>  qdev_device_add()
>  Hiding a device can be a useful concept to model. For example a
>  pci device in a powered-off slot could be marked as hidden until the 
> slot is
>  powered on (mst).
> 3. Management layer software should handle this. Open Stack already has
>   components/code to handle unplug/replug VFIO devices and metadata to
>   provide to the guest for detecting which devices should be paired.
>   -> An approach that includes all software from firmware to  
>  higher-level management software wasn't tried in the last years. This is
>  an attempt to keep it simple and contained in QEMU as much as possible.
> 4. Hotplugging a device and then making it part of a failover setup is
>not possible
>   -> addressed by extending qdev hotplug functions to check for hidden  
>  attribute, so e.g. device_add can be used to plug a device.
> 
> 
> I have tested this with a mlx5 NIC and was able to migrate the VM with
> above mentioned workarounds for open problems.
> 
> Command line example:
> 
> qemu-system-x86_64 -enable-kvm -m 3072 -smp 3 \
> -machine q35,kernel-irqchip=split -cpu host   \
> -k fr   \
> -serial stdio   \
> -net none \
> -qmp unix:/tmp/qmp.socket,server,nowait \
> -monitor telnet:127.0.0.1:,server,nowait \
> -device pcie-root-port,id=root0,multifunction=on,chassis=0,addr=0xa \
> -device pcie-root-port,id=root1,bus=pcie.0,chassis=1 \
> -device pcie-root-port,id=root2,bus=pcie.0,chassis=2 \
> -netdev 
> tap,script=/root/bin/bridge.sh,downscript=no,id=hostnet1,vhost=on \
> -device 
> virtio-net-pci,netdev=hostnet1,id=net1,mac=52:54:00:6f:55:cc,bus=root2,failover=on
>  \
> 
> /root/rhel-guest-image-8.0-1781.x86_64.qcow2
> 
> Then the primary device can be hotplugged via
>  (qemu) device_add vfio-pci,host=5e:00.2,id=hostdev0,bus=root1,standby=net1

Is this standby= option only valid for Network/Ethernet class code
devices?  If so, perhaps vfio-pci code should reject the option on any
non-ethernet devices.  The option is also non-intuitive for users, only
through examples like above can we see it relates to the id of the
secondary device.  Could we instead name it something like
"standby_net_failover_pair_id="?

Also, this feature requires matching MAC addresses per the description,
where is tha

Re: [Qemu-devel] [PATCH v5 0/6] Extract build_mcfg

[Michael S. Tsirkin]

On Mon, May 20, 2019 at 08:59:51AM +0800, Wei Yang wrote:
> This patch set tries to generalize MCFG table build process. And it is
> based on one un-merged patch from Igor, which is included in this serials.
> 
> v4->v5:
> * ACPI_PCI depends on both ACPI and PCI
> * rebase on latest master, adjust arm Kconfig
> * miss the reserved[8] of MCFG, add it back
> * make sure bios-tables-test all OK

So I am merging 1-4 now - they are unchanged from previous iterations.
You just need to repost 5-6.

> v3->v4:
> * adjust comment to give more information about MCFG table
> 
> v2->v3:
> * Includes the un-merged patch from Igor
> * use build_append_foo() API to construct MCFG
> 
> Igor Mammedov (1):
>   q35: acpi: do not create dummy MCFG table
> 
> Wei Yang (5):
>   hw/arm/virt-acpi-build: remove unnecessary variable mcfg_start
>   i386, acpi: remove mcfg_ prefix in AcpiMcfgInfo members
>   hw/arm/virt-acpi-build: pass AcpiMcfgInfo to build_mcfg()
>   hw/acpi: Consolidate build_mcfg to pci.c
>   acpi: pci: use build_append_foo() API to construct MCFG
> 
>  default-configs/i386-softmmu.mak |  1 +
>  hw/acpi/Kconfig  |  4 +++
>  hw/acpi/Makefile.objs|  1 +
>  hw/acpi/pci.c| 57 
>  hw/arm/Kconfig   |  1 +
>  hw/arm/virt-acpi-build.c | 31 +
>  hw/i386/acpi-build.c | 44 
>  include/hw/acpi/acpi-defs.h  | 18 --
>  include/hw/acpi/pci.h| 34 +++
>  9 files changed, 113 insertions(+), 78 deletions(-)
>  create mode 100644 hw/acpi/pci.c
>  create mode 100644 include/hw/acpi/pci.h
> 
> -- 
> 2.19.1

Re: [Qemu-devel] [PATCH v2 2/2] iotests: test external snapshot with bitmap copying

[John Snow]

On 5/20/19 3:47 AM, Vladimir Sementsov-Ogievskiy wrote:
> 18.05.2019 4:31, John Snow wrote:
>>
>>
>> On 5/17/19 11:21 AM, Vladimir Sementsov-Ogievskiy wrote:
>>> This test shows that external snapshots and incremental backups are
>>> friends.
>>>
>>> Signed-off-by: Vladimir Sementsov-Ogievskiy 

...

>> Reviewed-by: John Snow 
>>
>> We will eventually want something more rigorous in terms of a full
>> workflow, but for the purposes of testing cross-node merge I think this
>> demonstrates it fine.
>>
>> I'll stage these shortly.
>>
> 
> Thank you!
> 
> 

Staged: https://github.com/jnsnow/qemu/tree/bitmaps

Re: [Qemu-devel] [RISU v2 07/11] test_i386: change syntax from nasm to gas

[Richard Henderson]

On Mon, May 20, 2019, 08:17 Alex Bennée  wrote:

>
> Jan Bobek  writes:
>
> > This allows us to drop dependency on NASM and build the test image
> > with GCC only. Adds support for x86_64, too.
>
>   ./risu --master -t run.out test_i386.bin
>
> and then:
>
>   ./risu -t run.out test_i386.bin
>
> Gives:
>
>   loading test image test_i386.bin...
>   starting apprentice image at 0xf7f07000
>   starting image
>   finished early after 1 checkpoints
>   match status...
>   mismatch on regs!
>   this reginfo:
> faulting insn fc0b90f
>
> Because:
>
>   Mismatch (master v apprentice):
>   xmm4  : fe76ea16f7d9c58c 06fc
>v: fe76ea16f7d1a58c 06fc
>
> We probably need to zero or reset the xmm regs both in the test and when
> risugen dumps it's preamble.
>

That gets fixed later in the series.

r~

>

Re: [Qemu-devel] [PATCH] blockdev: loosen restrictions on drive-backup source node

[John Snow]

On 5/10/19 5:11 PM, John Snow wrote:
> We mandate that the source node must be a root node; but there's no reason
> I am aware of that it needs to be restricted to such. In some cases, we need
> to make sure that there's a medium present, but in the general case we can
> allow the backup job itself to do the graph checking.
> 
> This patch helps improve the error message when you try to backup from
> the same node more than once, which is reflected in the change to test
> 056.
> 
> For backups with bitmaps, it will also show a better error message that
> the bitmap is in use instead of giving you something cryptic like "need
> a root node."
> 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1707303
> Signed-off-by: John Snow 
> ---
>  blockdev.c | 6 +-
>  tests/qemu-iotests/056 | 2 +-
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/blockdev.c b/blockdev.c
> index 79fbac8450..27cb72f7aa 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -3450,7 +3450,7 @@ static BlockJob *do_drive_backup(DriveBackup *backup, 
> JobTxn *txn,
>  backup->compress = false;
>  }
>  
> -bs = qmp_get_root_bs(backup->device, errp);
> +bs = bdrv_lookup_bs(backup->device, backup->device, errp);
>  if (!bs) {
>  return NULL;
>  }
> @@ -3459,6 +3459,10 @@ static BlockJob *do_drive_backup(DriveBackup *backup, 
> JobTxn *txn,
>  aio_context_acquire(aio_context);
>  
>  if (!backup->has_format) {
> +if (!bs->drv) {
> +error_setg(errp, "Device has no medium");
> +return NULL;
> +}

Pinging my own patch with a review comment. It is weird that I shuffled
the error checking down below a conditional, but it's the only case
where we directly need do access bs->drv now.

Otherwise, block/backup already checks for this in its own routine and I
felt like it was best to let the job handle if it had the right type of
arguments instead of splitting that out up here.

Still, it probably looks weird to see the "Device has no medium" error
in a conditional here, so if this patch looks okay otherwise, I can send
a v2 with that error checking shuffled back up to top-level to maintain
some consistency with how the error checking used to be handled.

>  backup->format = backup->mode == NEW_IMAGE_MODE_EXISTING ?
>   NULL : (char*) bs->drv->format_name;
>  }
> diff --git a/tests/qemu-iotests/056 b/tests/qemu-iotests/056
> index 3df323984d..f40fc11a09 100755
> --- a/tests/qemu-iotests/056
> +++ b/tests/qemu-iotests/056
> @@ -214,7 +214,7 @@ class BackupTest(iotests.QMPTestCase):
>  res = self.vm.qmp('query-block-jobs')
>  self.assert_qmp(res, 'return[0]/status', 'concluded')
>  # Leave zombie job un-dismissed, observe a failure:
> -res = self.qmp_backup_and_wait(serror='Need a root block node',
> +res = self.qmp_backup_and_wait(serror="Node 'drive0' is busy: block 
> device is in use by block job: backup",
> device='drive0', 
> format=iotests.imgfmt,
> sync='full', target=self.dest_img,
> auto_dismiss=False)
> 

Re: [Qemu-devel] [PATCH 2/2] BootLinuxConsoleTest: Test the SmartFusion2 board

[Alistair Francis]

On Mon, May 20, 2019 at 3:09 PM Philippe Mathieu-Daudé  wrote:
>
> Similar to the x86_64/pc test, it boots a Linux kernel on an
> Emcraft board and verify the serial is working.
>
> If ARM is a target being built, "make check-acceptance" will
> automatically include this test by the use of the "arch:arm" tags.
>
> Alternatively, this test can be run using:
>
>   $ avocado run -t arch:arm tests/acceptance
>   $ avocado run -t machine:emcraft-sf2 tests/acceptance
>
> Based on the recommended test setup from Subbaraya Sundeep:
> https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03810.html
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  tests/acceptance/boot_linux_console.py | 27 ++
>  1 file changed, 27 insertions(+)
>
> diff --git a/tests/acceptance/boot_linux_console.py 
> b/tests/acceptance/boot_linux_console.py
> index f593f3858e..844cb80bb5 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -178,6 +178,33 @@ class BootLinuxConsole(Test):
>  console_pattern = 'Kernel command line: %s' % kernel_command_line
>  self.wait_for_console_pattern(console_pattern)
>
> +def test_arm_emcraft_sf2(self):
> +"""
> +:avocado: tags=arch:arm
> +:avocado: tags=machine:emcraft-sf2
> +:avocado: tags=endian:little
> +"""
> +uboot_url = ('https://raw.githubusercontent.com/'
> + 'Subbaraya-Sundeep/qemu-test-binaries/'
> + 'fa030bd77a014a0b8e360d3b7011df89283a2f0b/u-boot')
> +uboot_hash = 'abba5d9c24cdd2d49cdc2a8aa92976cf20737eff'
> +uboot_path = self.fetch_asset(uboot_url, asset_hash=uboot_hash)
> +spi_url = ('https://raw.githubusercontent.com/'
> +   'Subbaraya-Sundeep/qemu-test-binaries/'
> +   'fa030bd77a014a0b8e360d3b7011df89283a2f0b/spi.bin')
> +spi_hash = '85f698329d38de63aea6e884a86fbde70890a78a'
> +spi_path = self.fetch_asset(spi_url, asset_hash=spi_hash)
> +
> +self.vm.set_machine('emcraft-sf2')
> +self.vm.set_console()
> +kernel_command_line = self.KERNEL_COMMON_COMMAND_LINE
> +self.vm.add_args('-kernel', uboot_path,
> + '-append', kernel_command_line,
> + '-drive', 'file=' + spi_path + ',if=mtd,format=raw',
> + '-no-reboot')
> +self.vm.launch()
> +self.wait_for_console_pattern('init started: BusyBox')
> +
>  def test_s390x_s390_ccw_virtio(self):
>  """
>  :avocado: tags=arch:s390x
> --
> 2.19.1
>
>

Re: [Qemu-devel] [PATCH 1/2] BootLinuxConsoleTest: Do not log empty lines

[Alistair Francis]

On Mon, May 20, 2019 at 3:07 PM Philippe Mathieu-Daudé  wrote:
>
> Avoid to log empty lines in console debug logs.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  tests/acceptance/boot_linux_console.py | 6 --
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/tests/acceptance/boot_linux_console.py 
> b/tests/acceptance/boot_linux_console.py
> index d5c500ea30..f593f3858e 100644
> --- a/tests/acceptance/boot_linux_console.py
> +++ b/tests/acceptance/boot_linux_console.py
> @@ -37,8 +37,10 @@ class BootLinuxConsole(Test):
>  console = self.vm.console_socket.makefile()
>  console_logger = logging.getLogger('console')
>  while True:
> -msg = console.readline()
> -console_logger.debug(msg.strip())
> +msg = console.readline().strip()
> +if not msg:
> +continue
> +console_logger.debug(msg)
>  if success_message in msg:
>  break
>  if failure_message in msg:
> --
> 2.19.1
>
>

Re: [Qemu-devel] [PATCH v2] blockdev: fix missed target unref for drive-backup

[John Snow]

On 5/13/19 11:06 AM, John Snow wrote:
> If the bitmap can't be used for whatever reason, we skip putting down
> the reference. Fix that.
> 
> In practice, this means that if you attempt to gracefully exit QEMU
> after a backup command being rejected, bdrv_close_all will fail and
> tell you some unpleasant things via assert().
> 
> Reported-by: aihua liang 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1703916
> Signed-off-by: John Snow 
> Reviewed-by: Kevin Wolf 

(I assume this can go through either Kevin or Max's tree?)

[Qemu-devel] [Bug 1829498] Re: window 8 stuck during boot on Qemu

[John Snow]

What host kernel are you using? This sounds like a bug we used to have
in KVM a while ago. Maybe it's back.

The same problem was also alleviated by a guest driver update, are you
using the initial release of Windows 8?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1829498

Title:
  window 8 stuck during boot on Qemu

Status in QEMU:
  New

Bug description:
  Description of problem:
  I've got windows 8 image(64 bit), installed on Qemu(x86-64_softmmu) and then 
i'm trying to boot/shutdown it in the same Qemu configuration. Windows 8 has 
feature - when you click "Shutdown" in UI, windows 8 doesn't actually power 
off, it goes to "Suspend to disc" ACPI state. After shutdown, i'm trying to 
boot it again, but it stucks during boot.

  I've discovered, that it hangs when windows 8 writes to AHCI's command 
register, AHCI triggers irq, but windows 8 sends EOI, don't accessing AHCI 
register,so irq line stills in high state, and irq will be injected again and 
again, while windows will send EOI on each AHCI interrupt. Strange thing is 
that it happens only on TCG mode or 
  with option "kernel-irqchip=off/split", with "kernel-irqchip=on" everything 
works ok(windows 8 accesses AHCI register and line goes to low state).

  Version-Release number of selected component (if applicable):
  Qemu revision: d8276573da58e8ce78dab8c46dd660efd664bcb7

  
  Steps to Reproduce:
  1. Install Windows 8 on QEMU(qemu command line: "-enable-kvm -m 1G -hda 
  -serial stdio  -cpu core2duo -machine q35,kernel-irqchip=off"
  2. Click shutdown in UI.
  3. Try to boot again(it will stuck)
  4. Kill Qemu and boot again, it will boot, now go to 2) :)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1829498/+subscriptions

[Qemu-devel] [PATCH 2/2] BootLinuxConsoleTest: Test the SmartFusion2 board

[Philippe Mathieu-Daudé]

Similar to the x86_64/pc test, it boots a Linux kernel on an
Emcraft board and verify the serial is working.

If ARM is a target being built, "make check-acceptance" will
automatically include this test by the use of the "arch:arm" tags.

Alternatively, this test can be run using:

  $ avocado run -t arch:arm tests/acceptance
  $ avocado run -t machine:emcraft-sf2 tests/acceptance

Based on the recommended test setup from Subbaraya Sundeep:
https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03810.html

Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/acceptance/boot_linux_console.py | 27 ++
 1 file changed, 27 insertions(+)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index f593f3858e..844cb80bb5 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -178,6 +178,33 @@ class BootLinuxConsole(Test):
 console_pattern = 'Kernel command line: %s' % kernel_command_line
 self.wait_for_console_pattern(console_pattern)
 
+def test_arm_emcraft_sf2(self):
+"""
+:avocado: tags=arch:arm
+:avocado: tags=machine:emcraft-sf2
+:avocado: tags=endian:little
+"""
+uboot_url = ('https://raw.githubusercontent.com/'
+ 'Subbaraya-Sundeep/qemu-test-binaries/'
+ 'fa030bd77a014a0b8e360d3b7011df89283a2f0b/u-boot')
+uboot_hash = 'abba5d9c24cdd2d49cdc2a8aa92976cf20737eff'
+uboot_path = self.fetch_asset(uboot_url, asset_hash=uboot_hash)
+spi_url = ('https://raw.githubusercontent.com/'
+   'Subbaraya-Sundeep/qemu-test-binaries/'
+   'fa030bd77a014a0b8e360d3b7011df89283a2f0b/spi.bin')
+spi_hash = '85f698329d38de63aea6e884a86fbde70890a78a'
+spi_path = self.fetch_asset(spi_url, asset_hash=spi_hash)
+
+self.vm.set_machine('emcraft-sf2')
+self.vm.set_console()
+kernel_command_line = self.KERNEL_COMMON_COMMAND_LINE
+self.vm.add_args('-kernel', uboot_path,
+ '-append', kernel_command_line,
+ '-drive', 'file=' + spi_path + ',if=mtd,format=raw',
+ '-no-reboot')
+self.vm.launch()
+self.wait_for_console_pattern('init started: BusyBox')
+
 def test_s390x_s390_ccw_virtio(self):
 """
 :avocado: tags=arch:s390x
-- 
2.19.1

[Qemu-devel] [PATCH 1/2] BootLinuxConsoleTest: Do not log empty lines

[Philippe Mathieu-Daudé]

Avoid to log empty lines in console debug logs.

Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/acceptance/boot_linux_console.py | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index d5c500ea30..f593f3858e 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -37,8 +37,10 @@ class BootLinuxConsole(Test):
 console = self.vm.console_socket.makefile()
 console_logger = logging.getLogger('console')
 while True:
-msg = console.readline()
-console_logger.debug(msg.strip())
+msg = console.readline().strip()
+if not msg:
+continue
+console_logger.debug(msg)
 if success_message in msg:
 break
 if failure_message in msg:
-- 
2.19.1

[Qemu-devel] [PATCH 0/2] tests: Avocado-test for the SmartFusion2 board

[Philippe Mathieu-Daudé]

Hi,

I added test guide lines from Subbaraya Sundeep [*] to avoid this
board to bitrot.

Regards,

Phil.

[*] https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03810.html

Philippe Mathieu-Daudé (2):
  BootLinuxConsoleTest: Do not log empty lines
  BootLinuxConsoleTest: Test the SmartFusion2 board

 tests/acceptance/boot_linux_console.py | 33 --
 1 file changed, 31 insertions(+), 2 deletions(-)

-- 
2.19.1

Re: [Qemu-devel] [PATCHv2 2/3] RISC-V: Only Check PMP if MMU translation succeeds

[Alistair Francis]

On Sat, May 18, 2019 at 6:36 PM Hesham Almatary
 wrote:
>
> The current implementation unnecessarily checks for PMP even if MMU 
> translation
> failed. This may trigger a wrong PMP access exception instead of
> a page exception.
>
> For example, the very first instruction fetched after the first satp write in
> S-Mode will trigger a PMP access fault instead of an instruction fetch page
> fault.
>
> This patch prioritises MMU exceptions over PMP exceptions and only checks for
> PMP if MMU translation succeeds.
>
> Signed-off-by: Hesham Almatary 

This should come before patch 1 otherwise we will introduce a regression.

Alistair

> ---
>  target/riscv/cpu_helper.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> index b48de36114..7c7282c680 100644
> --- a/target/riscv/cpu_helper.c
> +++ b/target/riscv/cpu_helper.c
> @@ -403,6 +403,7 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int 
> size,
>" prot %d\n", __func__, address, ret, pa, prot);
>
>  if (riscv_feature(env, RISCV_FEATURE_PMP) &&
> +(ret == TRANSLATE_SUCCESS) &&
>  !pmp_hart_has_privs(env, pa, TARGET_PAGE_SIZE, 1 << access_type)) {
>  pmp_violation = true;
>  ret = TRANSLATE_FAIL;
> --
> 2.17.1
>
>

Re: [Qemu-devel] [PATCHv2 1/3] RISC-V: Raise access fault exceptions on PMP violations

[Alistair Francis]

On Sat, May 18, 2019 at 6:35 PM Hesham Almatary
 wrote:
>
> Section 3.6 in RISC-V v1.10 privilege specification states that PMP violations
> report "access exceptions." The current PMP implementation has
> a bug which wrongly reports "page exceptions" on PMP violations.
>
> This patch fixes this bug by reporting the correct PMP access exceptions
> trap values.
>
> Signed-off-by: Hesham Almatary 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/cpu_helper.c | 9 ++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> index 41d6db41c3..b48de36114 100644
> --- a/target/riscv/cpu_helper.c
> +++ b/target/riscv/cpu_helper.c
> @@ -318,12 +318,13 @@ restart:
>  }
>
>  static void raise_mmu_exception(CPURISCVState *env, target_ulong address,
> -MMUAccessType access_type)
> +MMUAccessType access_type, bool 
> pmp_violation)
>  {
>  CPUState *cs = CPU(riscv_env_get_cpu(env));
>  int page_fault_exceptions =
>  (env->priv_ver >= PRIV_VERSION_1_10_0) &&
> -get_field(env->satp, SATP_MODE) != VM_1_10_MBARE;
> +get_field(env->satp, SATP_MODE) != VM_1_10_MBARE &&
> +!pmp_violation;
>  switch (access_type) {
>  case MMU_INST_FETCH:
>  cs->exception_index = page_fault_exceptions ?
> @@ -389,6 +390,7 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int 
> size,
>  CPURISCVState *env = &cpu->env;
>  hwaddr pa = 0;
>  int prot;
> +bool pmp_violation = false;
>  int ret = TRANSLATE_FAIL;
>
>  qemu_log_mask(CPU_LOG_MMU, "%s ad %" VADDR_PRIx " rw %d mmu_idx %d\n",
> @@ -402,6 +404,7 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int 
> size,
>
>  if (riscv_feature(env, RISCV_FEATURE_PMP) &&
>  !pmp_hart_has_privs(env, pa, TARGET_PAGE_SIZE, 1 << access_type)) {
> +pmp_violation = true;
>  ret = TRANSLATE_FAIL;
>  }
>  if (ret == TRANSLATE_SUCCESS) {
> @@ -411,7 +414,7 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int 
> size,
>  } else if (probe) {
>  return false;
>  } else {
> -raise_mmu_exception(env, address, access_type);
> +raise_mmu_exception(env, address, access_type, pmp_violation);
>  riscv_raise_exception(env, cs->exception_index, retaddr);
>  }
>  #else
> --
> 2.17.1
>
>

Re: [Qemu-devel] [PATCH v3 05/10] hw/riscv: Replace global smp variables with machine smp properties

[Alistair Francis]

On Sun, May 19, 2019 at 5:56 AM Like Xu  wrote:
>
> The global smp variables in riscv are replaced with smp machine properties.
>
> A local variable of the same name would be introduced in the declaration
> phase if it's used widely in the context OR replace it on the spot if it's
> only used once. No semantic changes.
>
> Signed-off-by: Like Xu 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/riscv/sifive_e.c| 6 --
>  hw/riscv/sifive_plic.c | 3 +++
>  hw/riscv/sifive_u.c| 6 --
>  hw/riscv/spike.c   | 2 ++
>  hw/riscv/virt.c| 1 +
>  5 files changed, 14 insertions(+), 4 deletions(-)
>
> diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
> index b1cd11363c..ae86a63c04 100644
> --- a/hw/riscv/sifive_e.c
> +++ b/hw/riscv/sifive_e.c
> @@ -137,6 +137,7 @@ static void riscv_sifive_e_init(MachineState *machine)
>
>  static void riscv_sifive_e_soc_init(Object *obj)
>  {
> +MachineState *ms = MACHINE(qdev_get_machine());
>  SiFiveESoCState *s = RISCV_E_SOC(obj);
>
>  object_initialize_child(obj, "cpus", &s->cpus,
> @@ -144,12 +145,13 @@ static void riscv_sifive_e_soc_init(Object *obj)
>  &error_abort, NULL);
>  object_property_set_str(OBJECT(&s->cpus), SIFIVE_E_CPU, "cpu-type",
>  &error_abort);
> -object_property_set_int(OBJECT(&s->cpus), smp_cpus, "num-harts",
> +object_property_set_int(OBJECT(&s->cpus), ms->smp.cpus, "num-harts",
>  &error_abort);
>  }
>
>  static void riscv_sifive_e_soc_realize(DeviceState *dev, Error **errp)
>  {
> +MachineState *ms = MACHINE(qdev_get_machine());
>  const struct MemmapEntry *memmap = sifive_e_memmap;
>
>  SiFiveESoCState *s = RISCV_E_SOC(dev);
> @@ -179,7 +181,7 @@ static void riscv_sifive_e_soc_realize(DeviceState *dev, 
> Error **errp)
>  SIFIVE_E_PLIC_CONTEXT_STRIDE,
>  memmap[SIFIVE_E_PLIC].size);
>  sifive_clint_create(memmap[SIFIVE_E_CLINT].base,
> -memmap[SIFIVE_E_CLINT].size, smp_cpus,
> +memmap[SIFIVE_E_CLINT].size, ms->smp.cpus,
>  SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE);
>  sifive_mmio_emulate(sys_mem, "riscv.sifive.e.aon",
>  memmap[SIFIVE_E_AON].base, memmap[SIFIVE_E_AON].size);
> diff --git a/hw/riscv/sifive_plic.c b/hw/riscv/sifive_plic.c
> index 07a032d93d..d4010a1f39 100644
> --- a/hw/riscv/sifive_plic.c
> +++ b/hw/riscv/sifive_plic.c
> @@ -23,6 +23,7 @@
>  #include "qemu/error-report.h"
>  #include "hw/sysbus.h"
>  #include "hw/pci/msi.h"
> +#include "hw/boards.h"
>  #include "target/riscv/cpu.h"
>  #include "sysemu/sysemu.h"
>  #include "hw/riscv/sifive_plic.h"
> @@ -438,6 +439,8 @@ static void sifive_plic_irq_request(void *opaque, int 
> irq, int level)
>
>  static void sifive_plic_realize(DeviceState *dev, Error **errp)
>  {
> +MachineState *ms = MACHINE(qdev_get_machine());
> +unsigned int smp_cpus = ms->smp.cpus;
>  SiFivePLICState *plic = SIFIVE_PLIC(dev);
>  int i;
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index 5ecc47cea3..43bf256946 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -321,13 +321,14 @@ static void riscv_sifive_u_init(MachineState *machine)
>
>  static void riscv_sifive_u_soc_init(Object *obj)
>  {
> +MachineState *ms = MACHINE(qdev_get_machine());
>  SiFiveUSoCState *s = RISCV_U_SOC(obj);
>
>  object_initialize_child(obj, "cpus", &s->cpus, sizeof(s->cpus),
>  TYPE_RISCV_HART_ARRAY, &error_abort, NULL);
>  object_property_set_str(OBJECT(&s->cpus), SIFIVE_U_CPU, "cpu-type",
>  &error_abort);
> -object_property_set_int(OBJECT(&s->cpus), smp_cpus, "num-harts",
> +object_property_set_int(OBJECT(&s->cpus), ms->smp.cpus, "num-harts",
>  &error_abort);
>
>  sysbus_init_child_obj(obj, "gem", &s->gem, sizeof(s->gem),
> @@ -336,6 +337,7 @@ static void riscv_sifive_u_soc_init(Object *obj)
>
>  static void riscv_sifive_u_soc_realize(DeviceState *dev, Error **errp)
>  {
> +MachineState *ms = MACHINE(qdev_get_machine());
>  SiFiveUSoCState *s = RISCV_U_SOC(dev);
>  const struct MemmapEntry *memmap = sifive_u_memmap;
>  MemoryRegion *system_memory = get_system_memory();
> @@ -371,7 +373,7 @@ static void riscv_sifive_u_soc_realize(DeviceState *dev, 
> Error **errp)
>  sifive_uart_create(system_memory, memmap[SIFIVE_U_UART1].base,
>  serial_hd(1), qdev_get_gpio_in(DEVICE(s->plic), SIFIVE_U_UART1_IRQ));
>  sifive_clint_create(memmap[SIFIVE_U_CLINT].base,
> -memmap[SIFIVE_U_CLINT].size, smp_cpus,
> +memmap[SIFIVE_U_CLINT].size, ms->smp.cpus,
>  SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE);
>
>  for (i = 0; i < SIFIVE_U_PLIC_NUM_SOURCES; i++) {
> diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
> index 2a000a5800..6a747ff22e 100644
> --- a/hw/riscv/spike.c
> +++ b/hw/riscv/spike.c
> @@ -171,6 +171,7

Re: [Qemu-devel] [PATCH 2/4] hw/arm/exynos4: Use the IEC binary prefix definitions

[Alistair Francis]

On Mon, May 20, 2019 at 2:48 PM Philippe Mathieu-Daudé
 wrote:
>
> It eases code review, unit is explicit.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/arm/exynos4_boards.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
> index f0c24b7992e..f824eef0d36 100644
> --- a/hw/arm/exynos4_boards.c
> +++ b/hw/arm/exynos4_boards.c
> @@ -22,6 +22,7 @@
>   */
>
>  #include "qemu/osdep.h"
> +#include "qemu/units.h"
>  #include "qapi/error.h"
>  #include "qemu/error-report.h"
>  #include "qemu-common.h"
> @@ -60,8 +61,8 @@ static int 
> exynos4_board_smp_bootreg_addr[EXYNOS4_NUM_OF_BOARDS] = {
>  };
>
>  static unsigned long exynos4_board_ram_size[EXYNOS4_NUM_OF_BOARDS] = {
> -[EXYNOS4_BOARD_NURI] = 0x4000,
> -[EXYNOS4_BOARD_SMDKC210] = 0x4000,
> +[EXYNOS4_BOARD_NURI] = 1 * GiB,
> +[EXYNOS4_BOARD_SMDKC210] = 1 * GiB,
>  };
>
>  static struct arm_boot_info exynos4_board_binfo = {
> --
> 2.20.1
>
>

Re: [Qemu-devel] [PATCH 1/4] hw/arm/exynos4: Remove unuseful debug code

[Alistair Francis]

On Mon, May 20, 2019 at 2:45 PM Philippe Mathieu-Daudé
 wrote:
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/arm/exynos4_boards.c | 24 
>  1 file changed, 24 deletions(-)
>
> diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
> index ea8100f65a8..f0c24b7992e 100644
> --- a/hw/arm/exynos4_boards.c
> +++ b/hw/arm/exynos4_boards.c
> @@ -35,20 +35,6 @@
>  #include "hw/net/lan9118.h"
>  #include "hw/boards.h"
>
> -#undef DEBUG
> -
> -//#define DEBUG
> -
> -#ifdef DEBUG
> -#undef PRINT_DEBUG
> -#define  PRINT_DEBUG(fmt, args...) \
> -do { \
> -fprintf(stderr, "  [%s:%d]   "fmt, __func__, __LINE__, ##args); \
> -} while (0)
> -#else
> -#define  PRINT_DEBUG(fmt, args...)  do {} while (0)
> -#endif
> -
>  #define SMDK_LAN9118_BASE_ADDR  0x0500
>
>  typedef enum Exynos4BoardType {
> @@ -140,16 +126,6 @@ exynos4_boards_init_common(MachineState *machine,
>  exynos4_board_binfo.gic_cpu_if_addr =
>  EXYNOS4210_SMP_PRIVATE_BASE_ADDR + 0x100;
>
> -PRINT_DEBUG("\n ram_size: %luMiB [0x%08lx]\n"
> -" kernel_filename: %s\n"
> -" kernel_cmdline: %s\n"
> -" initrd_filename: %s\n",
> -exynos4_board_ram_size[board_type] / 1048576,
> -exynos4_board_ram_size[board_type],
> -machine->kernel_filename,
> -machine->kernel_cmdline,
> -machine->initrd_filename);
> -
>  exynos4_boards_init_ram(s, get_system_memory(),
>  exynos4_board_ram_size[board_type]);
>
> --
> 2.20.1
>
>

[Qemu-devel] [PATCH 4/4] hw/arm/exynos4210: QOM'ify the Exynos4210 SoC

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/exynos4210.c | 26 +++---
 hw/arm/exynos4_boards.c |  9 ++---
 include/hw/arm/exynos4210.h |  9 +++--
 3 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
index 19009b76e7c..0b09129eff8 100644
--- a/hw/arm/exynos4210.c
+++ b/hw/arm/exynos4210.c
@@ -178,9 +178,10 @@ static void pl330_create(uint32_t base, qemu_irq irq, int 
nreq)
 sysbus_connect_irq(busdev, 0, irq);
 }
 
-Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
+static void exynos4210_realize(DeviceState *socdev, Error **errp)
 {
-Exynos4210State *s = g_new0(Exynos4210State, 1);
+Exynos4210State *s = EXYNOS4210_SOC(socdev);
+MemoryRegion *system_mem = get_system_memory();
 qemu_irq gate_irq[EXYNOS4210_NCPUS][EXYNOS4210_IRQ_GATE_NINPUTS];
 SysBusDevice *busdev;
 DeviceState *dev;
@@ -435,6 +436,25 @@ Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
  qemu_irq_invert(s->irq_table[exynos4210_get_irq(36, 1)]), 32);
 pl330_create(EXYNOS4210_PL330_BASE2_ADDR,
  qemu_irq_invert(s->irq_table[exynos4210_get_irq(34, 1)]), 1);
+}
+
+static void exynos4210_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
 
-return s;
+dc->realize = exynos4210_realize;
 }
+
+static const TypeInfo exynos4210_info = {
+.name = TYPE_EXYNOS4210_SOC,
+.parent = TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(Exynos4210State),
+.class_init = exynos4210_class_init,
+};
+
+static void exynos4210_register_types(void)
+{
+type_register_static(&exynos4210_info);
+}
+
+type_init(exynos4210_register_types)
diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
index f824eef0d36..700e90d6671 100644
--- a/hw/arm/exynos4_boards.c
+++ b/hw/arm/exynos4_boards.c
@@ -45,7 +45,7 @@ typedef enum Exynos4BoardType {
 } Exynos4BoardType;
 
 typedef struct Exynos4BoardState {
-Exynos4210State *soc;
+Exynos4210State soc;
 MemoryRegion dram0_mem;
 MemoryRegion dram1_mem;
 } Exynos4BoardState;
@@ -130,7 +130,10 @@ exynos4_boards_init_common(MachineState *machine,
 exynos4_boards_init_ram(s, get_system_memory(),
 exynos4_board_ram_size[board_type]);
 
-s->soc = exynos4210_init(get_system_memory());
+object_initialize(&s->soc, sizeof(s->soc), TYPE_EXYNOS4210_SOC);
+qdev_set_parent_bus(DEVICE(&s->soc), sysbus_get_default());
+object_property_set_bool(OBJECT(&s->soc), true, "realized",
+ &error_fatal);
 
 return s;
 }
@@ -148,7 +151,7 @@ static void smdkc210_init(MachineState *machine)
   EXYNOS4_BOARD_SMDKC210);
 
 lan9215_init(SMDK_LAN9118_BASE_ADDR,
-qemu_irq_invert(s->soc->irq_table[exynos4210_get_irq(37, 1)]));
+qemu_irq_invert(s->soc.irq_table[exynos4210_get_irq(37, 1)]));
 arm_load_kernel(ARM_CPU(first_cpu), &exynos4_board_binfo);
 }
 
diff --git a/include/hw/arm/exynos4210.h b/include/hw/arm/exynos4210.h
index 098a69ec73d..27c684e851d 100644
--- a/include/hw/arm/exynos4210.h
+++ b/include/hw/arm/exynos4210.h
@@ -85,6 +85,9 @@ typedef struct Exynos4210Irq {
 } Exynos4210Irq;
 
 typedef struct Exynos4210State {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public >*/
 ARMCPU *cpu[EXYNOS4210_NCPUS];
 Exynos4210Irq irqs;
 qemu_irq *irq_table;
@@ -98,11 +101,13 @@ typedef struct Exynos4210State {
 I2CBus *i2c_if[EXYNOS4210_I2C_NUMBER];
 } Exynos4210State;
 
+#define TYPE_EXYNOS4210_SOC "exynos4210"
+#define EXYNOS4210_SOC(obj) \
+OBJECT_CHECK(Exynos4210State, obj, TYPE_EXYNOS4210_SOC)
+
 void exynos4210_write_secondary(ARMCPU *cpu,
 const struct arm_boot_info *info);
 
-Exynos4210State *exynos4210_init(MemoryRegion *system_mem);
-
 /* Initialize exynos4210 IRQ subsystem stub */
 qemu_irq *exynos4210_init_irq(Exynos4210Irq *env);
 
-- 
2.20.1

[Qemu-devel] [PATCH 2/4] hw/arm/exynos4: Use the IEC binary prefix definitions

[Philippe Mathieu-Daudé]

It eases code review, unit is explicit.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/exynos4_boards.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
index f0c24b7992e..f824eef0d36 100644
--- a/hw/arm/exynos4_boards.c
+++ b/hw/arm/exynos4_boards.c
@@ -22,6 +22,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
 #include "qemu-common.h"
@@ -60,8 +61,8 @@ static int 
exynos4_board_smp_bootreg_addr[EXYNOS4_NUM_OF_BOARDS] = {
 };
 
 static unsigned long exynos4_board_ram_size[EXYNOS4_NUM_OF_BOARDS] = {
-[EXYNOS4_BOARD_NURI] = 0x4000,
-[EXYNOS4_BOARD_SMDKC210] = 0x4000,
+[EXYNOS4_BOARD_NURI] = 1 * GiB,
+[EXYNOS4_BOARD_SMDKC210] = 1 * GiB,
 };
 
 static struct arm_boot_info exynos4_board_binfo = {
-- 
2.20.1

[Qemu-devel] [PATCH 0/4] arm: exynos4: Add dma support for smdkc210

[Philippe Mathieu-Daudé]

Another intent to salvage previous work from Guenter Roeck:
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06302.html

Since v3: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06674.html
- rebased
- QOM'ify the SoC code

Since v2: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06459.html
- rename init -> create
- create controllers in SoC rather than the board (Peter Maydell)
- add Linux dtsi in commit message

Since v1: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06335.html
- Do not factor out pl330_init, which resulted in buggy v1, see:
  https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06448.html

Guenter Roeck (1):
  hw/arm/exynos4210: Add DMA support for the Exynos4210

Philippe Mathieu-Daudé (3):
  hw/arm/exynos4: Remove unuseful debug code
  hw/arm/exynos4: Use the IEC binary prefix definitions
  hw/arm/exynos4210: QOM'ify the Exynos4210 SoC

 hw/arm/exynos4210.c | 52 ++---
 hw/arm/exynos4_boards.c | 38 +++
 include/hw/arm/exynos4210.h |  9 +--
 3 files changed, 65 insertions(+), 34 deletions(-)

-- 
2.20.1

[Qemu-devel] [PATCH v3 5/7] hw/nvram/fw_cfg: Store 'reboot-timeout' as little endian

[Philippe Mathieu-Daudé]

From: Li Qiang 

The current codebase is not specific about the endianess of the
fw_cfg 'file' entry 'reboot-timeout'.

Per docs/specs/fw_cfg.txt:

  === All Other Data Items ===

  Please consult the QEMU source for the most up-to-date
  and authoritative list of selector keys and their respective
  items' purpose, format and writeability.

Checking the git history, this code was introduced in commit
ac05f3492421, very similar to commit 3d3b8303c6f8 for the
'boot-menu-wait' entry, which explicitely use little-endian.

OVMF consumes 'boot-menu-wait' as little-endian, however it does
not consume 'reboot-timeout'.

Regarding the git history and OVMF use, we choose to explicit
'reboot-timeout' endianess as little-endian.

Signed-off-by: Li Qiang 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190424140643.62457-4-liq...@163.com>
[PMD: Reword commit description based on review comments]
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/nvram/fw_cfg.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 5c3a46ce6f2..df4242fc9cb 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -178,6 +178,7 @@ static void fw_cfg_reboot(FWCfgState *s)
 {
 const char *reboot_timeout = NULL;
 int64_t rt_val = -1;
+uint32_t rt_le32;
 
 /* get user configuration */
 QemuOptsList *plist = qemu_find_opts("boot-opts");
@@ -194,7 +195,8 @@ static void fw_cfg_reboot(FWCfgState *s)
 }
 }
 
-fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&rt_val, 4), 4);
+rt_le32 = cpu_to_le32(rt_val);
+fw_cfg_add_file(s, "etc/boot-fail-wait", g_memdup(&rt_le32, 4), 4);
 }
 
 static void fw_cfg_write(FWCfgState *s, uint8_t value)
-- 
2.20.1

[Qemu-devel] [PATCH 1/4] hw/arm/exynos4: Remove unuseful debug code

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/exynos4_boards.c | 24 
 1 file changed, 24 deletions(-)

diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
index ea8100f65a8..f0c24b7992e 100644
--- a/hw/arm/exynos4_boards.c
+++ b/hw/arm/exynos4_boards.c
@@ -35,20 +35,6 @@
 #include "hw/net/lan9118.h"
 #include "hw/boards.h"
 
-#undef DEBUG
-
-//#define DEBUG
-
-#ifdef DEBUG
-#undef PRINT_DEBUG
-#define  PRINT_DEBUG(fmt, args...) \
-do { \
-fprintf(stderr, "  [%s:%d]   "fmt, __func__, __LINE__, ##args); \
-} while (0)
-#else
-#define  PRINT_DEBUG(fmt, args...)  do {} while (0)
-#endif
-
 #define SMDK_LAN9118_BASE_ADDR  0x0500
 
 typedef enum Exynos4BoardType {
@@ -140,16 +126,6 @@ exynos4_boards_init_common(MachineState *machine,
 exynos4_board_binfo.gic_cpu_if_addr =
 EXYNOS4210_SMP_PRIVATE_BASE_ADDR + 0x100;
 
-PRINT_DEBUG("\n ram_size: %luMiB [0x%08lx]\n"
-" kernel_filename: %s\n"
-" kernel_cmdline: %s\n"
-" initrd_filename: %s\n",
-exynos4_board_ram_size[board_type] / 1048576,
-exynos4_board_ram_size[board_type],
-machine->kernel_filename,
-machine->kernel_cmdline,
-machine->initrd_filename);
-
 exynos4_boards_init_ram(s, get_system_memory(),
 exynos4_board_ram_size[board_type]);
 
-- 
2.20.1

[Qemu-devel] [PATCH 3/4] hw/arm/exynos4210: Add DMA support for the Exynos4210

[Philippe Mathieu-Daudé]

From: Guenter Roeck 

QEMU already supports pl330. Instantiate it for Exynos4210.

Relevant part of Linux arch/arm/boot/dts/exynos4.dtsi:

/ {
soc: soc {
amba {
pdma0: pdma@1268 {
compatible = "arm,pl330", "arm,primecell";
reg = <0x1268 0x1000>;
interrupts = ;
clocks = <&clock CLK_PDMA0>;
clock-names = "apb_pclk";
#dma-cells = <1>;
#dma-channels = <8>;
#dma-requests = <32>;
};
pdma1: pdma@1269 {
compatible = "arm,pl330", "arm,primecell";
reg = <0x1269 0x1000>;
interrupts = ;
clocks = <&clock CLK_PDMA1>;
clock-names = "apb_pclk";
#dma-cells = <1>;
#dma-channels = <8>;
#dma-requests = <32>;
};
mdma1: mdma@1285 {
compatible = "arm,pl330", "arm,primecell";
reg = <0x1285 0x1000>;
interrupts = ;
clocks = <&clock CLK_MDMA>;
clock-names = "apb_pclk";
#dma-cells = <1>;
#dma-channels = <8>;
#dma-requests = <1>;
};
};
};
};

Signed-off-by: Guenter Roeck 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
[PMD: Do not set default qdev properties, create the controllers in the SoC
  rather than the board (Peter Maydell), add dtsi in commit message]
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Peter Maydell 
---
No SoC datasheet available, Guenter got it working using the
"look into the Linux kernel code and then play with parameters
until it magically starts working" method.
---
 hw/arm/exynos4210.c | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
index af82e955421..19009b76e7c 100644
--- a/hw/arm/exynos4210.c
+++ b/hw/arm/exynos4210.c
@@ -96,6 +96,11 @@
 /* EHCI */
 #define EXYNOS4210_EHCI_BASE_ADDR   0x1258
 
+/* DMA */
+#define EXYNOS4210_PL330_BASE0_ADDR 0x1268
+#define EXYNOS4210_PL330_BASE1_ADDR 0x1269
+#define EXYNOS4210_PL330_BASE2_ADDR 0x1285
+
 static uint8_t chipid_and_omr[] = { 0x11, 0x02, 0x21, 0x43,
 0x09, 0x00, 0x00, 0x00 };
 
@@ -160,6 +165,19 @@ static uint64_t exynos4210_calc_affinity(int cpu)
 return (0x9 << ARM_AFF1_SHIFT) | cpu;
 }
 
+static void pl330_create(uint32_t base, qemu_irq irq, int nreq)
+{
+SysBusDevice *busdev;
+DeviceState *dev;
+
+dev = qdev_create(NULL, "pl330");
+qdev_prop_set_uint8(dev, "num_periph_req",  nreq);
+qdev_init_nofail(dev);
+busdev = SYS_BUS_DEVICE(dev);
+sysbus_mmio_map(busdev, 0, base);
+sysbus_connect_irq(busdev, 0, irq);
+}
+
 Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
 {
 Exynos4210State *s = g_new0(Exynos4210State, 1);
@@ -410,5 +428,13 @@ Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
 sysbus_create_simple(TYPE_EXYNOS4210_EHCI, EXYNOS4210_EHCI_BASE_ADDR,
 s->irq_table[exynos4210_get_irq(28, 3)]);
 
+/*** DMA controllers ***/
+pl330_create(EXYNOS4210_PL330_BASE0_ADDR,
+ qemu_irq_invert(s->irq_table[exynos4210_get_irq(35, 1)]), 32);
+pl330_create(EXYNOS4210_PL330_BASE1_ADDR,
+ qemu_irq_invert(s->irq_table[exynos4210_get_irq(36, 1)]), 32);
+pl330_create(EXYNOS4210_PL330_BASE2_ADDR,
+ qemu_irq_invert(s->irq_table[exynos4210_get_irq(34, 1)]), 1);
+
 return s;
 }
-- 
2.20.1

[Qemu-devel] [PATCH v3 3/7] tests: refactor fw_cfg_test

[Philippe Mathieu-Daudé]

From: Li Qiang 

Currently, fw_cfg_test uses one QTestState for every test case.
This will add all command lines for every test case and
this is unnecessary. This patch split the test cases and for
every test case it uses his own QTestState. This patch does following
things:

1. Get rid of the global 'fw_cfg', this need add a uninit function

2. Convert every test case in a separate QTestState

After this patch, we can add fw_cfg test case freely and will not
have effect on other test cases.

Signed-off-by: Li Qiang 
Acked-by: Thomas Huth 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190424140643.62457-2-liq...@163.com>
[PMD: Removed 'ret' local variable in main()]
Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/fw_cfg-test.c | 93 +
 1 file changed, 78 insertions(+), 15 deletions(-)

diff --git a/tests/fw_cfg-test.c b/tests/fw_cfg-test.c
index a370ad56678..4597626dd78 100644
--- a/tests/fw_cfg-test.c
+++ b/tests/fw_cfg-test.c
@@ -21,62 +21,127 @@ static uint16_t nb_cpus = 1;
 static uint16_t max_cpus = 1;
 static uint64_t nb_nodes = 0;
 static uint16_t boot_menu = 0;
-static QFWCFG *fw_cfg = NULL;
 
 static void test_fw_cfg_signature(void)
 {
+QFWCFG *fw_cfg;
+QTestState *s;
 char buf[5];
 
+s = qtest_init("");
+fw_cfg = pc_fw_cfg_init(s);
+
 qfw_cfg_get(fw_cfg, FW_CFG_SIGNATURE, buf, 4);
 buf[4] = 0;
 
 g_assert_cmpstr(buf, ==, "QEMU");
+pc_fw_cfg_uninit(fw_cfg);
+qtest_quit(s);
 }
 
 static void test_fw_cfg_id(void)
 {
-uint32_t id = qfw_cfg_get_u32(fw_cfg, FW_CFG_ID);
+QFWCFG *fw_cfg;
+QTestState *s;
+uint32_t id;
+
+s = qtest_init("");
+fw_cfg = pc_fw_cfg_init(s);
+
+id = qfw_cfg_get_u32(fw_cfg, FW_CFG_ID);
 g_assert((id == 1) ||
  (id == 3));
+pc_fw_cfg_uninit(fw_cfg);
+qtest_quit(s);
 }
 
 static void test_fw_cfg_uuid(void)
 {
+QFWCFG *fw_cfg;
+QTestState *s;
+
 uint8_t buf[16];
 static const uint8_t uuid[16] = {
 0x46, 0x00, 0xcb, 0x32, 0x38, 0xec, 0x4b, 0x2f,
 0x8a, 0xcb, 0x81, 0xc6, 0xea, 0x54, 0xf2, 0xd8,
 };
 
+s = qtest_init("-uuid 4600cb32-38ec-4b2f-8acb-81c6ea54f2d8");
+fw_cfg = pc_fw_cfg_init(s);
+
 qfw_cfg_get(fw_cfg, FW_CFG_UUID, buf, 16);
 g_assert(memcmp(buf, uuid, sizeof(buf)) == 0);
+
+pc_fw_cfg_uninit(fw_cfg);
+qtest_quit(s);
+
 }
 
 static void test_fw_cfg_ram_size(void)
 {
+QFWCFG *fw_cfg;
+QTestState *s;
+
+s = qtest_init("");
+fw_cfg = pc_fw_cfg_init(s);
+
 g_assert_cmpint(qfw_cfg_get_u64(fw_cfg, FW_CFG_RAM_SIZE), ==, ram_size);
+
+pc_fw_cfg_uninit(fw_cfg);
+qtest_quit(s);
 }
 
 static void test_fw_cfg_nographic(void)
 {
+QFWCFG *fw_cfg;
+QTestState *s;
+
+s = qtest_init("");
+fw_cfg = pc_fw_cfg_init(s);
+
 g_assert_cmpint(qfw_cfg_get_u16(fw_cfg, FW_CFG_NOGRAPHIC), ==, 0);
+
+pc_fw_cfg_uninit(fw_cfg);
+qtest_quit(s);
 }
 
 static void test_fw_cfg_nb_cpus(void)
 {
+QFWCFG *fw_cfg;
+QTestState *s;
+
+s = qtest_init("");
+fw_cfg = pc_fw_cfg_init(s);
+
 g_assert_cmpint(qfw_cfg_get_u16(fw_cfg, FW_CFG_NB_CPUS), ==, nb_cpus);
+
+pc_fw_cfg_uninit(fw_cfg);
+qtest_quit(s);
 }
 
 static void test_fw_cfg_max_cpus(void)
 {
+QFWCFG *fw_cfg;
+QTestState *s;
+
+s = qtest_init("");
+fw_cfg = pc_fw_cfg_init(s);
+
 g_assert_cmpint(qfw_cfg_get_u16(fw_cfg, FW_CFG_MAX_CPUS), ==, max_cpus);
+pc_fw_cfg_uninit(fw_cfg);
+qtest_quit(s);
 }
 
 static void test_fw_cfg_numa(void)
 {
+QFWCFG *fw_cfg;
+QTestState *s;
 uint64_t *cpu_mask;
 uint64_t *node_mask;
 
+s = qtest_init("");
+fw_cfg = pc_fw_cfg_init(s);
+
 g_assert_cmpint(qfw_cfg_get_u64(fw_cfg, FW_CFG_NUMA), ==, nb_nodes);
 
 cpu_mask = g_new0(uint64_t, max_cpus);
@@ -92,24 +157,27 @@ static void test_fw_cfg_numa(void)
 
 g_free(node_mask);
 g_free(cpu_mask);
+pc_fw_cfg_uninit(fw_cfg);
+qtest_quit(s);
 }
 
 static void test_fw_cfg_boot_menu(void)
 {
+QFWCFG *fw_cfg;
+QTestState *s;
+
+s = qtest_init("");
+fw_cfg = pc_fw_cfg_init(s);
+
 g_assert_cmpint(qfw_cfg_get_u16(fw_cfg, FW_CFG_BOOT_MENU), ==, boot_menu);
+pc_fw_cfg_uninit(fw_cfg);
+qtest_quit(s);
 }
 
 int main(int argc, char **argv)
 {
-QTestState *s;
-int ret;
-
 g_test_init(&argc, &argv, NULL);
 
-s = qtest_init("-uuid 4600cb32-38ec-4b2f-8acb-81c6ea54f2d8");
-
-fw_cfg = pc_fw_cfg_init(s);
-
 qtest_add_func("fw_cfg/signature", test_fw_cfg_signature);
 qtest_add_func("fw_cfg/id", test_fw_cfg_id);
 qtest_add_func("fw_cfg/uuid", test_fw_cfg_uuid);
@@ -126,10 +194,5 @@ int main(int argc, char **argv)
 qtest_add_func("fw_cfg/numa", test_fw_cfg_numa);
 qtest_add_func("fw_cfg/boot_menu", test_fw_cfg_boot_menu);
 
-ret = g_test_run();
-
-pc_fw_cfg_uninit(fw_cfg);
-qtest_quit(s);
-
-return ret;
+return g

[Qemu-devel] [PATCH v3 7/7] tests: fw_cfg: add 'splash-time' test case

[Philippe Mathieu-Daudé]

From: Li Qiang 

Signed-off-by: Li Qiang 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190424140643.62457-6-liq...@163.com>
Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/fw_cfg-test.c | 20 
 1 file changed, 20 insertions(+)

diff --git a/tests/fw_cfg-test.c b/tests/fw_cfg-test.c
index 20b1eb75f4d..1d3147f8214 100644
--- a/tests/fw_cfg-test.c
+++ b/tests/fw_cfg-test.c
@@ -194,6 +194,25 @@ static void test_fw_cfg_reboot_timeout(void)
 qtest_quit(s);
 }
 
+static void test_fw_cfg_splash_time(void)
+{
+QFWCFG *fw_cfg;
+QTestState *s;
+uint16_t splash_time = 0;
+size_t filesize;
+
+s = qtest_init("-boot splash-time=12");
+fw_cfg = pc_fw_cfg_init(s);
+
+filesize = qfw_cfg_get_file(fw_cfg, "etc/boot-menu-wait",
+&splash_time, sizeof(splash_time));
+g_assert_cmpint(filesize, ==, sizeof(splash_time));
+splash_time = le16_to_cpu(splash_time);
+g_assert_cmpint(splash_time, ==, 12);
+pc_fw_cfg_uninit(fw_cfg);
+qtest_quit(s);
+}
+
 int main(int argc, char **argv)
 {
 g_test_init(&argc, &argv, NULL);
@@ -214,6 +233,7 @@ int main(int argc, char **argv)
 qtest_add_func("fw_cfg/numa", test_fw_cfg_numa);
 qtest_add_func("fw_cfg/boot_menu", test_fw_cfg_boot_menu);
 qtest_add_func("fw_cfg/reboot_timeout", test_fw_cfg_reboot_timeout);
+qtest_add_func("fw_cfg/splash_time", test_fw_cfg_splash_time);
 
 return g_test_run();
 }
-- 
2.20.1

[Qemu-devel] [PATCH v3 6/7] tests: fw_cfg: add 'reboot-timeout' test case

[Philippe Mathieu-Daudé]

From: Li Qiang 

Signed-off-by: Li Qiang 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190424140643.62457-5-liq...@163.com>
Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/fw_cfg-test.c | 21 +
 1 file changed, 21 insertions(+)

diff --git a/tests/fw_cfg-test.c b/tests/fw_cfg-test.c
index 4597626dd78..20b1eb75f4d 100644
--- a/tests/fw_cfg-test.c
+++ b/tests/fw_cfg-test.c
@@ -15,6 +15,7 @@
 #include "libqtest.h"
 #include "standard-headers/linux/qemu_fw_cfg.h"
 #include "libqos/fw_cfg.h"
+#include "qemu/bswap.h"
 
 static uint64_t ram_size = 128 << 20;
 static uint16_t nb_cpus = 1;
@@ -174,6 +175,25 @@ static void test_fw_cfg_boot_menu(void)
 qtest_quit(s);
 }
 
+static void test_fw_cfg_reboot_timeout(void)
+{
+QFWCFG *fw_cfg;
+QTestState *s;
+uint32_t reboot_timeout = 0;
+size_t filesize;
+
+s = qtest_init("-boot reboot-timeout=15");
+fw_cfg = pc_fw_cfg_init(s);
+
+filesize = qfw_cfg_get_file(fw_cfg, "etc/boot-fail-wait",
+&reboot_timeout, sizeof(reboot_timeout));
+g_assert_cmpint(filesize, ==, sizeof(reboot_timeout));
+reboot_timeout = le32_to_cpu(reboot_timeout);
+g_assert_cmpint(reboot_timeout, ==, 15);
+pc_fw_cfg_uninit(fw_cfg);
+qtest_quit(s);
+}
+
 int main(int argc, char **argv)
 {
 g_test_init(&argc, &argv, NULL);
@@ -193,6 +213,7 @@ int main(int argc, char **argv)
 qtest_add_func("fw_cfg/max_cpus", test_fw_cfg_max_cpus);
 qtest_add_func("fw_cfg/numa", test_fw_cfg_numa);
 qtest_add_func("fw_cfg/boot_menu", test_fw_cfg_boot_menu);
+qtest_add_func("fw_cfg/reboot_timeout", test_fw_cfg_reboot_timeout);
 
 return g_test_run();
 }
-- 
2.20.1

[Qemu-devel] [PATCH v3 2/7] tests/libqos: Add pc_fw_cfg_uninit() and use it

[Philippe Mathieu-Daudé]

The pc_fw_cfg_init() function allocates an IO QFWCFG object.
Add the pc_fw_cfg_uninit() function to deallocate it (and use it).

Signed-off-by: Li Qiang 
Tested-by: Thomas Huth 
Message-Id: <20190424140643.62457-2-liq...@163.com>
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
[PMD: Split patch, fill commit description, call uninit in malloc-pc.c]
Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/fw_cfg-test.c  | 1 +
 tests/libqos/fw_cfg.h| 5 +
 tests/libqos/malloc-pc.c | 2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/tests/fw_cfg-test.c b/tests/fw_cfg-test.c
index 1c5103fe1c5..a370ad56678 100644
--- a/tests/fw_cfg-test.c
+++ b/tests/fw_cfg-test.c
@@ -128,6 +128,7 @@ int main(int argc, char **argv)
 
 ret = g_test_run();
 
+pc_fw_cfg_uninit(fw_cfg);
 qtest_quit(s);
 
 return ret;
diff --git a/tests/libqos/fw_cfg.h b/tests/libqos/fw_cfg.h
index 391669031a3..60de81e8633 100644
--- a/tests/libqos/fw_cfg.h
+++ b/tests/libqos/fw_cfg.h
@@ -42,4 +42,9 @@ static inline QFWCFG *pc_fw_cfg_init(QTestState *qts)
 return io_fw_cfg_init(qts, 0x510);
 }
 
+static inline void pc_fw_cfg_uninit(QFWCFG *fw_cfg)
+{
+io_fw_cfg_uninit(fw_cfg);
+}
+
 #endif
diff --git a/tests/libqos/malloc-pc.c b/tests/libqos/malloc-pc.c
index 949a99361d1..6f92ce41350 100644
--- a/tests/libqos/malloc-pc.c
+++ b/tests/libqos/malloc-pc.c
@@ -29,5 +29,5 @@ void pc_alloc_init(QGuestAllocator *s, QTestState *qts, 
QAllocOpts flags)
 alloc_init(s, flags, 1 << 20, MIN(ram_size, 0xE000), PAGE_SIZE);
 
 /* clean-up */
-g_free(fw_cfg);
+pc_fw_cfg_uninit(fw_cfg);
 }
-- 
2.20.1

[Qemu-devel] [PATCH v3 4/7] tests: fw_cfg: add a function to get the fw_cfg file

[Philippe Mathieu-Daudé]

From: Li Qiang 

This is useful to write qtest about fw_cfg file entry.

Signed-off-by: Li Qiang 
Acked-by: Thomas Huth 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190424140643.62457-3-liq...@163.com>
Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/libqos/fw_cfg.c | 45 +++
 tests/libqos/fw_cfg.h |  2 ++
 2 files changed, 47 insertions(+)

diff --git a/tests/libqos/fw_cfg.c b/tests/libqos/fw_cfg.c
index c6839c53c80..1f46258f96b 100644
--- a/tests/libqos/fw_cfg.c
+++ b/tests/libqos/fw_cfg.c
@@ -16,6 +16,7 @@
 #include "libqos/fw_cfg.h"
 #include "libqtest.h"
 #include "qemu/bswap.h"
+#include "hw/nvram/fw_cfg.h"
 
 void qfw_cfg_select(QFWCFG *fw_cfg, uint16_t key)
 {
@@ -59,6 +60,50 @@ static void mm_fw_cfg_select(QFWCFG *fw_cfg, uint16_t key)
 qtest_writew(fw_cfg->qts, fw_cfg->base, key);
 }
 
+/*
+ * The caller need check the return value. When the return value is
+ * nonzero, it means that some bytes have been transferred.
+ *
+ * If the fw_cfg file in question is smaller than the allocated & passed-in
+ * buffer, then the buffer has been populated only in part.
+ *
+ * If the fw_cfg file in question is larger than the passed-in
+ * buffer, then the return value explains how much room would have been
+ * necessary in total. And, while the caller's buffer has been fully
+ * populated, it has received only a starting slice of the fw_cfg file.
+ */
+size_t qfw_cfg_get_file(QFWCFG *fw_cfg, const char *filename,
+  void *data, size_t buflen)
+{
+uint32_t count;
+uint32_t i;
+unsigned char *filesbuf = NULL;
+size_t dsize;
+FWCfgFile *pdir_entry;
+size_t filesize = 0;
+
+qfw_cfg_get(fw_cfg, FW_CFG_FILE_DIR, &count, sizeof(count));
+count = be32_to_cpu(count);
+dsize = sizeof(uint32_t) + count * sizeof(struct fw_cfg_file);
+filesbuf = g_malloc(dsize);
+qfw_cfg_get(fw_cfg, FW_CFG_FILE_DIR, filesbuf, dsize);
+pdir_entry = (FWCfgFile *)(filesbuf + sizeof(uint32_t));
+for (i = 0; i < count; ++i, ++pdir_entry) {
+if (!strcmp(pdir_entry->name, filename)) {
+uint32_t len = be32_to_cpu(pdir_entry->size);
+uint16_t sel = be16_to_cpu(pdir_entry->select);
+filesize = len;
+if (len > buflen) {
+len = buflen;
+}
+qfw_cfg_get(fw_cfg, sel, data, len);
+break;
+}
+}
+g_free(filesbuf);
+return filesize;
+}
+
 static void mm_fw_cfg_read(QFWCFG *fw_cfg, void *data, size_t len)
 {
 uint8_t *ptr = data;
diff --git a/tests/libqos/fw_cfg.h b/tests/libqos/fw_cfg.h
index 60de81e8633..13325cc4ffe 100644
--- a/tests/libqos/fw_cfg.h
+++ b/tests/libqos/fw_cfg.h
@@ -31,6 +31,8 @@ void qfw_cfg_get(QFWCFG *fw_cfg, uint16_t key, void *data, 
size_t len);
 uint16_t qfw_cfg_get_u16(QFWCFG *fw_cfg, uint16_t key);
 uint32_t qfw_cfg_get_u32(QFWCFG *fw_cfg, uint16_t key);
 uint64_t qfw_cfg_get_u64(QFWCFG *fw_cfg, uint16_t key);
+size_t qfw_cfg_get_file(QFWCFG *fw_cfg, const char *filename,
+void *data, size_t buflen);
 
 QFWCFG *mm_fw_cfg_init(QTestState *qts, uint64_t base);
 void mm_fw_cfg_uninit(QFWCFG *fw_cfg);
-- 
2.20.1

[Qemu-devel] [PATCH v3 1/7] tests/libqos: Add io_fw_cfg_uninit() and mm_fw_cfg_uninit()

[Philippe Mathieu-Daudé]

The mm_fw_cfg_init() allocates a QFWCFG object,
add mm_fw_cfg_uninit() to deallocate it.
Similarly with io_fw_cfg_init(), add io_fw_cfg_uninit().

Signed-off-by: Li Qiang 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190424140643.62457-2-liq...@163.com>
[PMD: Split patch, filled commit description]
Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/libqos/fw_cfg.c | 10 ++
 tests/libqos/fw_cfg.h |  2 ++
 2 files changed, 12 insertions(+)

diff --git a/tests/libqos/fw_cfg.c b/tests/libqos/fw_cfg.c
index d0889d1e22a..c6839c53c80 100644
--- a/tests/libqos/fw_cfg.c
+++ b/tests/libqos/fw_cfg.c
@@ -81,6 +81,11 @@ QFWCFG *mm_fw_cfg_init(QTestState *qts, uint64_t base)
 return fw_cfg;
 }
 
+void mm_fw_cfg_uninit(QFWCFG *fw_cfg)
+{
+g_free(fw_cfg);
+}
+
 static void io_fw_cfg_select(QFWCFG *fw_cfg, uint16_t key)
 {
 qtest_outw(fw_cfg->qts, fw_cfg->base, key);
@@ -107,3 +112,8 @@ QFWCFG *io_fw_cfg_init(QTestState *qts, uint16_t base)
 
 return fw_cfg;
 }
+
+void io_fw_cfg_uninit(QFWCFG *fw_cfg)
+{
+g_free(fw_cfg);
+}
diff --git a/tests/libqos/fw_cfg.h b/tests/libqos/fw_cfg.h
index 0353416af07..391669031a3 100644
--- a/tests/libqos/fw_cfg.h
+++ b/tests/libqos/fw_cfg.h
@@ -33,7 +33,9 @@ uint32_t qfw_cfg_get_u32(QFWCFG *fw_cfg, uint16_t key);
 uint64_t qfw_cfg_get_u64(QFWCFG *fw_cfg, uint16_t key);
 
 QFWCFG *mm_fw_cfg_init(QTestState *qts, uint64_t base);
+void mm_fw_cfg_uninit(QFWCFG *fw_cfg);
 QFWCFG *io_fw_cfg_init(QTestState *qts, uint16_t base);
+void io_fw_cfg_uninit(QFWCFG *fw_cfg);
 
 static inline QFWCFG *pc_fw_cfg_init(QTestState *qts)
 {
-- 
2.20.1