Re: [Qemu-devel] [PATCH v4 0/7] tcg/ppc: Add vector opcodes

2019-06-24 Thread Richard Henderson 
On 6/23/19 7:10 PM, Aleksandar Markovic wrote:
> On Sat, Jun 22, 2019 at 5:02 PM Mark Cave-Ayland
>  wrote:
>>
>> On 22/06/2019 15:20, Mark Cave-Ayland wrote:
>>
>>> I've just given your tcg-ppc-vsx branch a spin here, and like Howard I'm 
>>> getting
>>> segfaults trying to launch my MacOS images :(  The segfault is weird: it 
>>> doesn't get
>>> caught by an attached gdb and the qemu-system-ppc process seems to hang 
>>> around like a
>>> zombie which makes me think that it's probably an illegal instruction of 
>>> some kind,
>>> but the PPC kernel can't handle it as well as x86 does.
>>>
>>> With a bit more work I bisected it down to the first commit in the patchset
>>> (d8dcbb57e9: "tcg/ppc: Initial backend support for Altivec") and then as an
>>> experiment I hacked tcg_can_emit_vec_op() to always return 0 to see if that 
>>> made a
>>> difference, but the segfault still appears.
>>>
>>> The commit message mentions that the load and store helpers are also 
>>> improved, so I
>>> wonder if they are what is causing the error rather than the vector parts? 
>>> Also in
>>> the kernel log I see the following messages appearing:
>>>
>>> [3639669.374942] qemu-system-ppc[28591]: segfault (11) at 64b8 nip f87280 
>>> lr f8723c
>>> code 1 in qemu-system-ppc[94e000+aa]
>>> [3639669.380015] qemu-system-ppc[28591]: code: 93c10038 91810020 90010044 
>>> 7fc802a6
>>> 3fde0059 2e03 3bde6c18 7c9d2378
>>> [3639669.385056] qemu-system-ppc[28591]: code: 813e80a0 7cbb2b78 7cda3378 
>>> 7cf93b78
>>> <81428ff8> 9141001c 3940 8129
>>>
>>> Does that help at all? If not let me know if there are any other tests that 
>>> you'd
>>> like me to try to help debug this.
>>
>> One more hint: if I try a build of d8dcbb57e9 along with my 
>> tcg_can_emit_vec_op()
>> hack and pass --enable-debug-tcg to configure then I get an assert on 
>> startup:
>>
>> qemu-system-ppc: /home/mca/src/qemu/tcg/tcg.c:2207: process_op_defs: 
>> Assertion `tdefs
>> != ((void *)0)' failed.
>> Aborted
>>
> 
> Mark, Richard, Howard, David,
> 
> I just sent v5 of the series, that is (in the sense of net-result of
> code changes) equivalent to v4, but the patch 1/7 from v4 is now split
> into ten smaller patches. This was done mainly to enable Mark to
> perhaps try v5 and bisect, in order to at least somewhat narrow down
> the culprit. Most likely it will be patch 5 from v5, that is still
> sizeable, but even if this is the case, we can eliminate other smaller
> things from consideration.

Thanks for the help on that.

I don't believe your split is actually bisectable -- there's a minimum amount
that is required to enable vector opcodes at all.  Patch 5 is the first that
enables tcg_out_{mov,ld,st}, so while patches beforehand may compile, they
certainly will not run.

I can retain your split, but for real bisectability we need to move the enable
of TCG_TARGET_HAS_v128 from patch 2 to patch 5.

Given that all this works for me on a Power9 host, I expect that there's a
simple fix for Mark's G5 host.  Given the above assertion, a missing opcode
definition, perhaps for -m32 vs -m64?


r~

Re: [Qemu-devel] [PATCH v2] aspeed: Link SCU to the watchdog

2019-06-24 Thread Joel Stanley 
On Fri, 21 Jun 2019 at 09:06, Philippe Mathieu-Daudé  wrote:
>
> On 6/21/19 10:25 AM, Cédric Le Goater wrote:
> > On 21/06/2019 08:52, Joel Stanley wrote:
> >> The ast2500 uses the watchdog to reset the SDRAM controller. This
> >> operation is usually performed by u-boot's memory training procedure,
> >> and it is enabled by setting a bit in the SCU and then causing the
> >> watchdog to expire. Therefore, we need the watchdog to be able to
> >> access the SCU's register space.
> >>
> >> This causes the watchdog to not perform a system reset when the bit is
> >> set. In the future it could perform a reset of the SDMC model.
> >>
> >> Signed-off-by: Joel Stanley 
> >
> > I was keeping this patch in my tree (hence the Sob) hoping that
> > someone could find the time to study the reset question. But this
> > patch is useful as it is and I think we should merge it.
> >
> > Reviewed-by: Cédric Le Goater 
> >
> > Thanks,
> >
> > C.
> >
> >> Signed-off-by: Cédric Le Goater 

> >> --- a/hw/watchdog/wdt_aspeed.c
> >> +++ b/hw/watchdog/wdt_aspeed.c
> >> @@ -44,6 +44,9 @@
> >>
> >>  #define WDT_RESTART_MAGIC   0x4755
> >>
> >> +#define SCU_RESET_CONTROL1  (0x04 / 4)
> >> +#defineSCU_RESET_SDRAM  BIT(0)
> >> +
> >>  static bool aspeed_wdt_is_enabled(const AspeedWDTState *s)
> >>  {
> >>  return s->regs[WDT_CTRL] & WDT_CTRL_ENABLE;
> >> @@ -222,6 +225,13 @@ static void aspeed_wdt_timer_expired(void *dev)
> >>  {
> >>  AspeedWDTState *s = ASPEED_WDT(dev);
> >>
> >> +/* Do not reset on SDRAM controller reset */
> >> +if (s->scu->regs[SCU_RESET_CONTROL1] & SCU_RESET_SDRAM) {
>
> This would be cleaner as an static inlined function in
> "hw/misc/aspeed_scu.h" IMO, maybe 'bool scu_sdram_is_reset()'.

I will take this suggestion on board in the future when I model the
watchdog reset behavior in more detail.

>
> Anyway the patch looks sane:
> Reviewed-by: Philippe Mathieu-Daudé 

Thanks.

Joel

Re: [Qemu-devel] [PATCH v10 6/6] ppc: spapr: Handle "ibm, nmi-register" and "ibm, nmi-interlock" RTAS calls

2019-06-24 Thread Aravinda Prasad 



On Monday 24 June 2019 07:59 PM, Greg Kurz wrote:
> On Wed, 12 Jun 2019 14:51:38 +0530
> Aravinda Prasad  wrote:
> 
>> This patch adds support in QEMU to handle "ibm,nmi-register"
>> and "ibm,nmi-interlock" RTAS calls and sets the default
>> value of SPAPR_CAP_FWNMI_MCE to SPAPR_CAP_ON for machine
>> type 4.0.
>>
> 
> Next machine type is 4.1.

ok.

> 
>> The machine check notification address is saved when the
>> OS issues "ibm,nmi-register" RTAS call.
>>
>> This patch also handles the case when multiple processors
>> experience machine check at or about the same time by
>> handling "ibm,nmi-interlock" call. In such cases, as per
>> PAPR, subsequent processors serialize waiting for the first
>> processor to issue the "ibm,nmi-interlock" call. The second
>> processor that also received a machine check error waits
>> till the first processor is done reading the error log.
>> The first processor issues "ibm,nmi-interlock" call
>> when the error log is consumed.
>>
>> Signed-off-by: Aravinda Prasad 
>> ---
>>  hw/ppc/spapr.c |6 -
>>  hw/ppc/spapr_rtas.c|   63 
>> 
>>  include/hw/ppc/spapr.h |5 +++-
>>  3 files changed, 72 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
>> index 3d6d139..213d493 100644
>> --- a/hw/ppc/spapr.c
>> +++ b/hw/ppc/spapr.c
>> @@ -2946,6 +2946,9 @@ static void spapr_machine_init(MachineState *machine)
>>  /* Create the error string for live migration blocker */
>>  error_setg(&spapr->fwnmi_migration_blocker,
>>  "Live migration not supported during machine check 
>> handling");
>> +
>> +/* Register ibm,nmi-register and ibm,nmi-interlock RTAS calls */
>> +spapr_fwnmi_register();
> 
> IIRC this was supposed to depend on SPAPR_CAP_FWNMI_MCE being ON.

Yes this is inside SPAPR_CAP_FWNMI_MCE check:

if (spapr_get_cap(spapr, SPAPR_CAP_FWNMI_MCE) == SPAPR_CAP_ON) {
/*
 * Ensure that the rtas image size is less than RTAS_ERROR_LOG_OFFSET
 * or else the rtas image will be overwritten with the rtas error log
 * when a machine check exception is encountered.
 */
g_assert(spapr->rtas_size < RTAS_ERROR_LOG_OFFSET);

/* Resize rtas blob to accommodate error log */
spapr->rtas_size = RTAS_ERROR_LOG_MAX;

/* Create the error string for live migration blocker */
error_setg(&spapr->fwnmi_migration_blocker,
"Live migration not supported during machine check handling");

/* Register ibm,nmi-register and ibm,nmi-interlock RTAS calls */
spapr_fwnmi_register();
}


> 
>>  }
>>  
>>  spapr->rtas_blob = g_malloc(spapr->rtas_size);
>> @@ -4408,7 +4411,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
>> void *data)
>>  smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
>>  smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
>>  smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
>> -smc->default_caps.caps[SPAPR_CAP_FWNMI_MCE] = SPAPR_CAP_OFF;
>> +smc->default_caps.caps[SPAPR_CAP_FWNMI_MCE] = SPAPR_CAP_ON;
>>  spapr_caps_add_properties(smc, &error_abort);
>>  smc->irq = &spapr_irq_dual;
>>  smc->dr_phb_enabled = true;
>> @@ -4512,6 +4515,7 @@ static void 
>> spapr_machine_3_1_class_options(MachineClass *mc)
>>  smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
>>  smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
>>  smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_OFF;
>> +smc->default_caps.caps[SPAPR_CAP_FWNMI_MCE] = SPAPR_CAP_OFF;
> 
> This should have been put into spapr_machine_4_0_class_options().

ok. I will change it.

> 
> But unless you manage to get this merged before soft-freeze (2019-07-02),
> I'm afraid this will be a 4.2 feature.

If there are no other comments, can this be merged to 4.1? I will send a
revised version with the above changes.

Regards,
Aravinda

> 
>>  }
>>  
>>  DEFINE_SPAPR_MACHINE(3_1, "3.1", false);
>> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
>> index a015a80..e010cb2 100644
>> --- a/hw/ppc/spapr_rtas.c
>> +++ b/hw/ppc/spapr_rtas.c
>> @@ -49,6 +49,7 @@
>>  #include "hw/ppc/fdt.h"
>>  #include "target/ppc/mmu-hash64.h"
>>  #include "target/ppc/mmu-book3s-v3.h"
>> +#include "migration/blocker.h"
>>  
>>  static void rtas_display_character(PowerPCCPU *cpu, SpaprMachineState 
>> *spapr,
>> uint32_t token, uint32_t nargs,
>> @@ -352,6 +353,60 @@ static void rtas_get_power_level(PowerPCCPU *cpu, 
>> SpaprMachineState *spapr,
>>  rtas_st(rets, 1, 100);
>>  }
>>  
>> +static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
>> +  SpaprMachineState *spapr,
>> +  uint32_t token, uint32_t nargs,
>> +  target_ulong args,
>> +  uint32_t nret, target_ulong rets)
>> +{
>>

Re: [Qemu-devel] [PATCH v2 05/14] target/arm/helper: zcr: Add build bug next to value range assumption

2019-06-24 Thread Andrew Jones 
On Tue, Jun 25, 2019 at 08:11:27AM +0200, Andrew Jones wrote:
> On Mon, Jun 24, 2019 at 05:03:08PM +0100, Dave Martin wrote:
> > On Mon, Jun 24, 2019 at 12:30:37PM +0100, Andrew Jones wrote:
> > > On Mon, Jun 24, 2019 at 12:05:07PM +0100, Dave Martin wrote:
> > > > On Fri, Jun 21, 2019 at 05:34:13PM +0100, Andrew Jones wrote:
> > > > 
> > > > The purpose of this check should probably at least be described in a
> > > > comment -- i.e., what actually depends on this?
> > > 
> > > I was thinking the already present "Bits other than [3:0] are RAZ/WI."
> > > explained that, but how about this for an improvement?
> > > 
> > > /*
> > >  * Only the lowest 4 bits of ZCR_ELx may be used to constrain the vector
> > >  * length, the rest of the bits are RAZ/WI. Since the vector length of
> > >  * 128-bits (1 in quadwords) is represented as zero in ZCR_ELx, and all
> > >  * vector lengths are represented as their length in quadwords minus 1,
> > >  * then four bits allow up to quadword 16 to be selected.
> > >  */
> > 
> > No, maybe the existing comment is enough.
> > 
> > I thought there might be more code elsewhere that assumes that checks
> > sve_max_vq <= ARM_MAX_VQ then then assumes that sve_max_vq <= 16.  But
> > if not, we probably don't need an additional comment here.
> 
> I suppose there is some assumption that if sve_max_vq > 0 then it is
> also <= ARM_MAX_VQ elsewhere in QEMU. However here in zcr_write I don't
> think that assumption is being used. Here we're simply enforcing a limit
> of 16 within the emulation, without checking sve_max_vq at all. So I like
> the suggestion for a build bug like the one this patch adds, because
> otherwise we have 16 in two separate places; the ARM_MAX_VQ definition
> and the '& 0xf'.

I suppose we could also write the 0xf in terms of ARM_MAX_VQ, with a
(ARM_MAX_VQ - 1), but that's getting into emulation implementation
preferences, which I don't know anything about. So I'd leave that to
Richard and Peter.

> 
> > 
> > I haven't tried to understand all the code in the series beyond the
> > user/kernel interactions, so maybe I was just paranoid.
> 
> Paranoia is good for the soul. Or something like that...
> 
> Thanks,
> drew

Re: [Qemu-devel] [PATCH v2 05/14] target/arm/helper: zcr: Add build bug next to value range assumption

2019-06-24 Thread Andrew Jones 
On Mon, Jun 24, 2019 at 05:03:08PM +0100, Dave Martin wrote:
> On Mon, Jun 24, 2019 at 12:30:37PM +0100, Andrew Jones wrote:
> > On Mon, Jun 24, 2019 at 12:05:07PM +0100, Dave Martin wrote:
> > > On Fri, Jun 21, 2019 at 05:34:13PM +0100, Andrew Jones wrote:
> > > 
> > > The purpose of this check should probably at least be described in a
> > > comment -- i.e., what actually depends on this?
> > 
> > I was thinking the already present "Bits other than [3:0] are RAZ/WI."
> > explained that, but how about this for an improvement?
> > 
> > /*
> >  * Only the lowest 4 bits of ZCR_ELx may be used to constrain the vector
> >  * length, the rest of the bits are RAZ/WI. Since the vector length of
> >  * 128-bits (1 in quadwords) is represented as zero in ZCR_ELx, and all
> >  * vector lengths are represented as their length in quadwords minus 1,
> >  * then four bits allow up to quadword 16 to be selected.
> >  */
> 
> No, maybe the existing comment is enough.
> 
> I thought there might be more code elsewhere that assumes that checks
> sve_max_vq <= ARM_MAX_VQ then then assumes that sve_max_vq <= 16.  But
> if not, we probably don't need an additional comment here.

I suppose there is some assumption that if sve_max_vq > 0 then it is
also <= ARM_MAX_VQ elsewhere in QEMU. However here in zcr_write I don't
think that assumption is being used. Here we're simply enforcing a limit
of 16 within the emulation, without checking sve_max_vq at all. So I like
the suggestion for a build bug like the one this patch adds, because
otherwise we have 16 in two separate places; the ARM_MAX_VQ definition
and the '& 0xf'.

> 
> I haven't tried to understand all the code in the series beyond the
> user/kernel interactions, so maybe I was just paranoid.

Paranoia is good for the soul. Or something like that...

Thanks,
drew

Re: [Qemu-devel] [Qemu-block] [RFC] nvme: how to support multiple namespaces

2019-06-24 Thread Markus Armbruster 
Laszlo Ersek  writes:

> On 06/24/19 12:18, Kevin Wolf wrote:
>> Am 24.06.2019 um 10:01 hat Klaus Birkelund geschrieben:
>>> On Thu, Jun 20, 2019 at 05:37:24PM +0200, Laszlo Ersek wrote:
 On 06/17/19 10:12, Klaus Birkelund wrote:
> Hi all,
>
> I'm thinking about how to support multiple namespaces in the NVMe
> device. My first idea was to add a "namespaces" property array to the
> device that references blockdevs, but as Laszlo writes below, this might
> not be the best idea. It also makes it troublesome to add per-namespace
> parameters (which is something I will be required to do for other
> reasons). Some of you might remember my first attempt at this that
> included adding a new block driver (derived from raw) that could be
> given certain parameters that would then be stored in the image. But I
> understand that this is a no-go, and I can see why.
>
> I guess the optimal way would be such that the parameters was something
> like:
>
>-blockdev 
> raw,node-name=blk_ns1,file.driver=file,file.filename=blk_ns1.img
>-blockdev 
> raw,node-name=blk_ns2,file.driver=file,file.filename=blk_ns2.img
>-device nvme-ns,drive=blk_ns1,ns-specific-options (nsfeat,mc,dlfeat)...
>-device nvme-ns,drive=blk_ns2,...
>-device nvme,...
>
> My question is how to state the parent/child relationship between the
> nvme and nvme-ns devices. I've been looking at how ide and virtio does
> this, and maybe a "bus" is the right way to go?

 I've added Markus to the address list, because of this question. No
 other (new) comments from me on the thread starter at this time, just
 keeping the full context.

>>>
>>> Hi all,
>>>
>>> I've succesfully implemented this by introducing a new 'nvme-ns' device
>>> model. The nvme device creates a bus named from the device id ('id'
>>> parameter) and the nvme-ns devices are then registered on this.
>>>
>>> This results in an nvme device being creates like this (two namespaces
>>> example):
>>>
>>>   -drive file=nvme0n1.img,if=none,id=disk1
>>>   -drive file=nvme0n2.img,if=none,id=disk2
>>>   -device nvme,serial=deadbeef,id=nvme0
>>>   -device nvme-ns,drive=disk1,bus=nvme0,nsid=1
>>>   -device nvme-ns,drive=disk2,bus=nvme0,nsid=2
>>>
>>> How does that look as a way forward?
>> 
>> This looks very similar to what other devices do (one bus controller
>> that has multiple devices on its but), so I like it.

Devices can be wired together without a bus intermediary.  You
definitely want a bus when the physical connection you model has one.
If not, a bus may be useful anyway, say because it provides a convenient
way to encapsulate the connection model, or to support -device bus=...

> +1
>
> Also, I believe it's more modern nowadays to express the same example
> with "blockdev" syntax, rather than "drive". (Not that I could suggest
> the exact spelling for that :)) I don't expect the modern syntax to
> behave differently, I just guess it's better to stick with the new in
> examples / commit messages etc.

Management applications should move to -blockdev.  -drive has too much
bad magic sticking to it.

We're not urging humans to switch, at least not yet.  We may want to
provide convenience features on top of plain -blockdev before we do.

As far as I know, we don't yet eschew -drive in documentation or commit
messages.  Perhaps we should consider such a policy for documentation.

[...]

Re: [Qemu-devel] [PATCH 6/6] i386: Add Cascadelake-Server-4.1.1 CPU model

2019-06-24 Thread Tao Xu 

On 6/25/2019 1:00 PM, Eduardo Habkost wrote:

Add new version of Cascadelake-Server CPU model, setting
stepping=5 and enabling the IA32_ARCH_CAPABILITIES MSR.

The new feature will introduce a new host software requirement,
breaking our CPU model runnability promises.  This means we can't
enable the new CPU model version by default in QEMU 4.1, because
management software isn't ready yet to resolve CPU model aliases.
This is why the feature is being enabled in a
Cascadelake-Server-4.1.1 CPU model instead of
Cascadelake-Server-4.1.

Includes a test case to ensure the right combinations of
machine-type + CPU model + command-line feature flags will work
as expected.

Signed-off-by: Eduardo Habkost 
---
Cc: "Hu, Robert" 
Cc: Tao Xu 
Cc: jingqi@intel.com,
Cc: "Lai, Paul C" 
---
  target/i386/cpu.c  | 15 +
  tests/acceptance/x86_cpu_model_versions.py | 71 ++
  2 files changed, 86 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 121f568954..8edae04161 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2607,6 +2607,21 @@ static X86CPUDefinition builtin_x86_defs[] = {

...

+# versioned CPU model overrides machine-type:
+vm = self.get_vm()
+vm.add_args('-S')
+vm.set_machine('pc-i440fx-4.0')
+vm.add_args('-cpu', 
'Cascadelake-Server-4.1,x-force-features=on,check=off,enforce=off')
+vm.launch()
+self.assertFalse(get_cpu_prop(vm, 'arch-capabilities'),
+ 'pc-i440fx-4.1 + Cascadelake-Server-4.1 should not 
have arch-capabilities')
+
+vm = self.get_vm()
+vm.add_args('-S')
+vm.set_machine('pc-i440fx-4.0')
+vm.add_args('-cpu', 
'Cascadelake-Server-4.1.1,x-force-features=on,check=off,enforce=off')
+vm.launch()
+self.assertTrue(get_cpu_prop(vm, 'arch-capabilities'),
+ 'pc-i440fx-4.1 + Cascadelake-Server-4.1 should have 
arch-capabilities')

Hi Eduardo

Could me ask why here the error show "Cascadelake-Server-4.1" instead of 
"Cascadelake-Server-4.1.1"?


And will you add the MSR_ARCH_CAP_RDCL_NO, MSR_ARCH_CAP_IBRS_ALL, and 
MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY into .features[FEAT_ARCH_CAPABILITIES]?


Tao

Re: [Qemu-devel] [PATCH 0/6] x86 CPU model versioning

2019-06-24 Thread no-reply 
Patchew URL: 
https://patchew.org/QEMU/20190625050008.12789-1-ehabk...@redhat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190625050008.12789-1-ehabk...@redhat.com
Type: series
Subject: [Qemu-devel] [PATCH 0/6] x86 CPU model versioning

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 * [new tag]   patchew/20190625050008.12789-1-ehabk...@redhat.com 
-> patchew/20190625050008.12789-1-ehabk...@redhat.com
Switched to a new branch 'test'
fa60fbbfe4 i386: Add Cascadelake-Server-4.1.1 CPU model
41aac3f41c docs: Deprecate CPU model runnability guarantees
7702d3e8ca i386: Infrastructure for versioned CPU models
3fe33acf1b qmp: Add "alias-of" field to query-cpu-definitions
582f02c5f5 i386: Remove unused host_cpudef variable
be6cf76099 i386: Add x-force-features option for testing

=== OUTPUT BEGIN ===
1/6 Checking commit be6cf760996c (i386: Add x-force-features option for testing)
2/6 Checking commit 582f02c5f580 (i386: Remove unused host_cpudef variable)
3/6 Checking commit 3fe33acf1b30 (qmp: Add "alias-of" field to 
query-cpu-definitions)
4/6 Checking commit 7702d3e8ca63 (i386: Infrastructure for versioned CPU models)
WARNING: Block comments use a leading /* on a separate line
#212: FILE: target/i386/cpu.c:3075:
+{ /* end of list */ },

WARNING: line over 80 characters
#261: FILE: target/i386/cpu.c:3987:
+static const X86CPUVersionDefinition 
*x86_cpu_def_get_versions(X86CPUDefinition *def)

WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#457: 
new file mode 100644

WARNING: line over 80 characters
#507: FILE: tests/acceptance/x86_cpu_model_versions.py:46:
+cpus = dict((m['name'], m) for m in 
self.vm.command('query-cpu-definitions'))

WARNING: line over 80 characters
#510: FILE: tests/acceptance/x86_cpu_model_versions.py:49:
+ 'unversioned Cascadelake-Server CPU model must not be 
static')

WARNING: line over 80 characters
#527: FILE: tests/acceptance/x86_cpu_model_versions.py:66:
+cpus = dict((m['name'], m) for m in 
self.vm.command('query-cpu-definitions'))

WARNING: line over 80 characters
#530: FILE: tests/acceptance/x86_cpu_model_versions.py:69:
+ 'unversioned Cascadelake-Server CPU model must not be 
static')

ERROR: line over 90 characters
#531: FILE: tests/acceptance/x86_cpu_model_versions.py:70:
+self.assertEquals(cpus['Cascadelake-Server'].get('alias-of'), 
'Cascadelake-Server-4.1',

WARNING: line over 80 characters
#532: FILE: tests/acceptance/x86_cpu_model_versions.py:71:
+  'Cascadelake-Server must be an alias of 
Cascadelake-Server-4.1')

WARNING: line over 80 characters
#549: FILE: tests/acceptance/x86_cpu_model_versions.py:88:
+cpus = dict((m['name'], m) for m in 
self.vm.command('query-cpu-definitions'))

WARNING: line over 80 characters
#552: FILE: tests/acceptance/x86_cpu_model_versions.py:91:
+ 'unversioned Cascadelake-Server CPU model must not be 
static')

ERROR: line over 90 characters
#553: FILE: tests/acceptance/x86_cpu_model_versions.py:92:
+
self.assertTrue(cpus['Cascadelake-Server']['alias-of'].startswith('Cascadelake-Server-'),

WARNING: line over 80 characters
#554: FILE: tests/acceptance/x86_cpu_model_versions.py:93:
+  'Cascadelake-Server must be an alias of versioned 
CPU model')

total: 2 errors, 11 warnings, 477 lines checked

Patch 4/6 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/6 Checking commit 41aac3f41c03 (docs: Deprecate CPU model runnability 
guarantees)
6/6 Checking commit fa60fbbfe411 (i386: Add Cascadelake-Server-4.1.1 CPU model)
WARNING: Block comments use a leading /* on a separate line
#43: FILE: target/i386/cpu.c:2620:
+  { /* end of list */ },

WARNING: Block comments use a leading /* on a separate line
#46: FILE: target/i386/cpu.c:2623:
+{ /* end of list */ },

ERROR: line over 90 characters
#74: FILE: tests/acceptance/x86_cpu_model_versions.py:111:
+vm.add_args('-cpu', 
'Cascadelake-Server,x-force-features=on,check=off,enforce=off')

ERROR: line over 90 characters
#77: FILE: tests/acceptance/x86_cpu_model_versions.py:114:
+ 'pc-i440fx-4.1 + Cascadelake-Server should not have 
arch-capabilities')

ERROR: line over 90 characters
#82: FILE: tests/acceptance/x86_cpu_model_versions.py:119:
+vm.add_args('-cpu', 
'Cascadelake-Server,x-force-features=on,check=off,enforce=off')

ERROR: line over 90 characters
#85: FILE: tests/acceptance/x86_cpu_model_versions.py:122:
+

[Qemu-devel] [PATCH 6/6] i386: Add Cascadelake-Server-4.1.1 CPU model

2019-06-24 Thread Eduardo Habkost 
Add new version of Cascadelake-Server CPU model, setting
stepping=5 and enabling the IA32_ARCH_CAPABILITIES MSR.

The new feature will introduce a new host software requirement,
breaking our CPU model runnability promises.  This means we can't
enable the new CPU model version by default in QEMU 4.1, because
management software isn't ready yet to resolve CPU model aliases.
This is why the feature is being enabled in a
Cascadelake-Server-4.1.1 CPU model instead of
Cascadelake-Server-4.1.

Includes a test case to ensure the right combinations of
machine-type + CPU model + command-line feature flags will work
as expected.

Signed-off-by: Eduardo Habkost 
---
Cc: "Hu, Robert" 
Cc: Tao Xu 
Cc: jingqi@intel.com,
Cc: "Lai, Paul C" 
---
 target/i386/cpu.c  | 15 +
 tests/acceptance/x86_cpu_model_versions.py | 71 ++
 2 files changed, 86 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 121f568954..8edae04161 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2607,6 +2607,21 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_6_EAX_ARAT,
 .xlevel = 0x8008,
 .model_id = "Intel Xeon Processor (Cascadelake)",
+.versions = (X86CPUVersionDefinition[]) {
+/*
+ * 4.1 won't have arch-capabilities enabled yet, to not break
+ * older management software
+ */
+{ .name = "4.1" },
+{ .name = "4.1.1",
+  .props = (PropValue[]) {
+  { "stepping", "5" },
+  { "arch-capabilities", "on" },
+  { /* end of list */ },
+  },
+},
+{ /* end of list */ },
+}
 },
 {
 .name = "Icelake-Client",
diff --git a/tests/acceptance/x86_cpu_model_versions.py 
b/tests/acceptance/x86_cpu_model_versions.py
index c0660a552f..127239e2a1 100644
--- a/tests/acceptance/x86_cpu_model_versions.py
+++ b/tests/acceptance/x86_cpu_model_versions.py
@@ -49,6 +49,8 @@ class X86CPUModelAliases(avocado_qemu.Test):
  'unversioned Cascadelake-Server CPU model must not be 
static')
 self.assertNotIn('alias-of', cpus['Cascadelake-Server'],
  'Cascadelake-Server must not be an alias')
+self.assertNotIn('alias-of', cpus['Cascadelake-Server-4.1'],
+ 'Cascadelake-Server-4.1 must not be an alias')
 
 self.assertFalse(cpus['qemu64']['static'],
  'unversioned qemu64 CPU model must not be static')
@@ -100,3 +102,72 @@ class X86CPUModelAliases(avocado_qemu.Test):
   'qemu64 must be an alias of versioned CPU model')
 self.assertNotIn('alias-of', cpus['qemu64-4.1'],
  'qemu64-4.1 must not be an alias')
+
+def test_Cascadelake_arch_capabilities_result(self):
+# machine-type only:
+vm = self.get_vm()
+vm.add_args('-S')
+vm.set_machine('pc-i440fx-4.1')
+vm.add_args('-cpu', 
'Cascadelake-Server,x-force-features=on,check=off,enforce=off')
+vm.launch()
+self.assertFalse(get_cpu_prop(vm, 'arch-capabilities'),
+ 'pc-i440fx-4.1 + Cascadelake-Server should not have 
arch-capabilities')
+
+vm = self.get_vm()
+vm.add_args('-S')
+vm.set_machine('pc-i440fx-4.0')
+vm.add_args('-cpu', 
'Cascadelake-Server,x-force-features=on,check=off,enforce=off')
+vm.launch()
+self.assertFalse(get_cpu_prop(vm, 'arch-capabilities'),
+ 'pc-i440fx-4.0 + Cascadelake-Server should not have 
arch-capabilities')
+
+# command line must override machine-type if CPU model is not 
versioned:
+vm = self.get_vm()
+vm.add_args('-S')
+vm.set_machine('pc-i440fx-4.0')
+vm.add_args('-cpu', 
'Cascadelake-Server,x-force-features=on,check=off,enforce=off,+arch-capabilities')
+vm.launch()
+self.assertTrue(get_cpu_prop(vm, 'arch-capabilities'),
+'pc-i440fx-4.0 + Cascadelake-Server,+arch-capabilities 
should have arch-capabilities')
+
+vm = self.get_vm()
+vm.add_args('-S')
+vm.set_machine('pc-i440fx-4.1')
+vm.add_args('-cpu', 
'Cascadelake-Server,x-force-features=on,check=off,enforce=off,-arch-capabilities')
+vm.launch()
+self.assertFalse(get_cpu_prop(vm, 'arch-capabilities'),
+ 'pc-i440fx-4.1 + 
Cascadelake-Server,-arch-capabilities should not have arch-capabilities')
+
+# versioned CPU model overrides machine-type:
+vm = self.get_vm()
+vm.add_args('-S')
+vm.set_machine('pc-i440fx-4.0')
+vm.add_args('-cpu', 
'Cascadelake-Server-4.1,x-force-features=on,check=off,enforce=off')
+vm.launch()
+self.assertFalse(get_cpu_prop(vm, 'arch-capabilities'),
+ 'pc-i440fx-4.1 + Cascadelake

[Qemu-devel] [PATCH 4/6] i386: Infrastructure for versioned CPU models

2019-06-24 Thread Eduardo Habkost 
Base code for versioned CPU models.  This will register a "-4.1"
version of all existing CPU models, and make the unversioned CPU
models be an alias for the -4.1 versions on the pc-*-4.1 machine
types.

On older machine types, the unversioned CPU models will keep the
old behavior.  This way, management software can use old machine
types while resolving aliases if compatibility with older QEMU
versions is required.

Using "-machine none", the unversioned CPU models will be aliases
to the latest CPU model version.

Includes a test case to ensure that:
old machine types won't report any alias to versioned CPU models;
"pc-*-4.1" will return aliases to -4.1 CPU models;
and "-machine none" will report aliases to some versioned CPU model.

Signed-off-by: Eduardo Habkost 
---
Cc: Paolo Bonzini 
Cc: Richard Henderson 
---
 include/hw/i386/pc.h   |   3 +
 target/i386/cpu-qom.h  |  10 +-
 target/i386/cpu.h  |  10 ++
 hw/i386/pc.c   |   3 +
 hw/i386/pc_piix.c  |   4 +
 hw/i386/pc_q35.c   |   4 +
 target/i386/cpu.c  | 159 +
 tests/acceptance/x86_cpu_model_versions.py | 102 +
 8 files changed, 263 insertions(+), 32 deletions(-)
 create mode 100644 tests/acceptance/x86_cpu_model_versions.py

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index c54cc54a47..d2e2ed072f 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -107,6 +107,9 @@ typedef struct PCMachineClass {
 
 /* Compat options: */
 
+/* Default CPU model version.  See x86_cpu_set_default_version(). */
+const char *default_cpu_version;
+
 /* ACPI compat: */
 bool has_acpi_build;
 bool rsdp_in_ram;
diff --git a/target/i386/cpu-qom.h b/target/i386/cpu-qom.h
index 22f95eb3a4..1a52f02a4c 100644
--- a/target/i386/cpu-qom.h
+++ b/target/i386/cpu-qom.h
@@ -36,13 +36,7 @@
 #define X86_CPU_GET_CLASS(obj) \
 OBJECT_GET_CLASS(X86CPUClass, (obj), TYPE_X86_CPU)
 
-/**
- * X86CPUDefinition:
- *
- * CPU model definition data that was not converted to QOM per-subclass
- * property defaults yet.
- */
-typedef struct X86CPUDefinition X86CPUDefinition;
+typedef struct X86CPUModel X86CPUModel;
 
 /**
  * X86CPUClass:
@@ -64,7 +58,7 @@ typedef struct X86CPUClass {
 /* CPU definition, automatically loaded by instance_init if not NULL.
  * Should be eventually replaced by subclass-specific property defaults.
  */
-X86CPUDefinition *cpu_def;
+X86CPUModel *model;
 
 bool host_cpuid_required;
 int ordering;
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 25544fdaaa..800bee3c6a 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1925,6 +1925,16 @@ void apic_handle_tpr_access_report(DeviceState *d, 
target_ulong ip,
  */
 void x86_cpu_change_kvm_default(const char *prop, const char *value);
 
+/*
+ * Set default CPU model version for all CPU models
+ *
+ * If set to NULL, the old unversioned CPU models will be used by default.
+ *
+ * If non-NULL, the unversioned CPU models will be aliases to the
+ * corresponding version.
+ */
+void x86_cpu_set_default_version(const char *version);
+
 /* Return name of 32-bit register, from a R_* constant */
 const char *get_register_name_32(unsigned int reg);
 
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index e96360b47a..d2852a77f8 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1561,6 +1561,9 @@ void pc_cpus_init(PCMachineState *pcms)
 const CPUArchIdList *possible_cpus;
 MachineState *ms = MACHINE(pcms);
 MachineClass *mc = MACHINE_GET_CLASS(pcms);
+PCMachineClass *pcmc = PC_MACHINE_CLASS(mc);
+
+x86_cpu_set_default_version(pcmc->default_cpu_version);
 
 /* Calculates the limit to CPU APIC ID values
  *
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index c07c4a5b38..9de86c71bd 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -430,9 +430,11 @@ static void pc_i440fx_machine_options(MachineClass *m)
 
 static void pc_i440fx_4_1_machine_options(MachineClass *m)
 {
+PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
 pc_i440fx_machine_options(m);
 m->alias = "pc";
 m->is_default = 1;
+pcmc->default_cpu_version = "4.1";
 }
 
 DEFINE_I440FX_MACHINE(v4_1, "pc-i440fx-4.1", NULL,
@@ -440,9 +442,11 @@ DEFINE_I440FX_MACHINE(v4_1, "pc-i440fx-4.1", NULL,
 
 static void pc_i440fx_4_0_machine_options(MachineClass *m)
 {
+PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
 pc_i440fx_4_1_machine_options(m);
 m->alias = NULL;
 m->is_default = 0;
+pcmc->default_cpu_version = NULL;
 compat_props_add(m->compat_props, hw_compat_4_0, hw_compat_4_0_len);
 compat_props_add(m->compat_props, pc_compat_4_0, pc_compat_4_0_len);
 }
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 57232aed6b..7755d60167 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -367,8 +367,10 @@ static void pc_q35_machine_options(MachineCla

[Qemu-devel] [PATCH 5/6] docs: Deprecate CPU model runnability guarantees

2019-06-24 Thread Eduardo Habkost 
Document that CPU model runnability guarantees won't apply to
unversioned CPU models anymore.

Signed-off-by: Eduardo Habkost 
---
Cc: libvir-l...@redhat.com
---
 qemu-deprecated.texi | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
index df04f2840b..5fafb62a6d 100644
--- a/qemu-deprecated.texi
+++ b/qemu-deprecated.texi
@@ -243,3 +243,22 @@ Note that if you are exposing the export via /dev/nbd0, it 
is easier
 to just export the entire image and then mount only /dev/nbd0p1 than
 it is to reinvoke @command{qemu-nbd -c /dev/nbd0} limited to just a
 subset of the image.
+
+@section Backwards compatibility
+
+@subsection Runnability guarantee of CPU models (since 4.1.0)
+
+Previous versions of QEMU never changed existing CPU models in
+ways that introduced additional host software or hardware
+requirements to the VM.  This allowed management software to
+safely change the machine type of an existing VM without
+introducing new requirements ("runnability guarantee").  This
+prevented CPU models from being updated to include CPU
+vulnerability mitigations, leaving guests vulnerable in the
+default configuration.
+
+The CPU model runnability guarantee won't apply anymore to
+existing CPU models.  Management software that needs runnability
+guarantees must resolve the CPU model aliases using te
+``alias-of'' field returned by the ``query-cpu-definitions'' QMP
+command.
-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 2/6] i386: Remove unused host_cpudef variable

2019-06-24 Thread Eduardo Habkost 
The variable is completely unused, probably a leftover from
previous code clean up.

Signed-off-by: Eduardo Habkost 
---
 target/i386/cpu.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 1bad957f6e..cf03dc786e 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3133,14 +3133,8 @@ static void max_x86_cpu_initfn(Object *obj)
 char vendor[CPUID_VENDOR_SZ + 1] = { 0 };
 char model_id[CPUID_MODEL_ID_SZ + 1] = { 0 };
 int family, model, stepping;
-X86CPUDefinition host_cpudef = { };
-uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0;
-
-host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx);
-x86_cpu_vendor_words2str(host_cpudef.vendor, ebx, edx, ecx);
 
 host_vendor_fms(vendor, &family, &model, &stepping);
-
 cpu_x86_fill_model_id(model_id);
 
 object_property_set_str(OBJECT(cpu), vendor, "vendor", &error_abort);
-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 3/6] qmp: Add "alias-of" field to query-cpu-definitions

2019-06-24 Thread Eduardo Habkost 
Management software will be expected to resolve CPU model name
aliases using the new field.

Signed-off-by: Eduardo Habkost 
---
Cc: Eric Blake 
Cc: Markus Armbruster 
---
 qapi/target.json | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/qapi/target.json b/qapi/target.json
index 1d4d54b600..0197c7962c 100644
--- a/qapi/target.json
+++ b/qapi/target.json
@@ -475,6 +475,12 @@
 #to introspect properties configurable using -cpu or -global.
 #(since 2.9)
 #
+# @alias-of: Name of CPU model this model is an alias for.  The target of the
+#CPU model alias may change depending on the machine type.
+#Management software is supposed to translate CPU model aliases
+#in the VM configuration, because aliases may stop being
+#migration-safe in the future (since 4.1)
+#
 # @unavailable-features is a list of QOM property names that
 # represent CPU model attributes that prevent the CPU from running.
 # If the QOM property is read-only, that means there's no known
@@ -498,7 +504,8 @@
 '*migration-safe': 'bool',
 'static': 'bool',
 '*unavailable-features': [ 'str' ],
-'typename': 'str' },
+'typename': 'str',
+'*alias-of' : 'str' },
   'if': 'defined(TARGET_PPC) || defined(TARGET_ARM) || defined(TARGET_I386) || 
defined(TARGET_S390X) || defined(TARGET_MIPS)' }
 
 ##
-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 0/6] x86 CPU model versioning

2019-06-24 Thread Eduardo Habkost 
This series implements basic infrastructure for CPU model
versioning, as discussed before[1][2][3].  This will finally
allow us to update CPU models in ways that introduce new software
or hardware requirements.

My original plan was to use "query-cpu-model-expansion
mode=static" to resolve aliases, but I dropped that plan because
it would increase complexity for management software a lot.
static CPU models are documented as not being affected by the
machine type and accelerator at all, which would make the
versioned CPU models very inconvenient to use in the command
line.  e.g.: users would be forced to replace:

  -cpu Haswell

with:

  -cpu 
Haswell-4.1,+2apic,+monitor,+kvmclock,+kvm-nopiodelay,+kvm-asyncpf,+kvm-steal-time,+kvm-pv-eoi,+kvmclock-stable-bit,+x2apic,-acpi,-monitor,-svm

In the end, making the versioned CPU models static is not a
requirement at all: what we really need is to drop the
runnability guarantees from unversioned CPU model names, and
require management software to resolve the unversioned alias
before saving the VM configuration.

Guest ABI compatibility and live migration guarantees are going
to be kept: unversioned CPU models will still be usable with live
migration.  Only runnability guarantees when updating the machine
type will be dropped.  This means unversioned CPU models are
still reported as migration-safe in query-cpu-definitions.

The last patch in the series demonstrates how the new feature can
be used to update a CPU model: it adds a Cascadelake-Server-4.1.1
CPU model, including "arch-capabilities=on" and "stepping=5".
Unfortunately we can't enable arch-capabilities in the -4.1
version of Cascadelake-Server because it would break our existing
runnability guarantees.

[1] https://www.mail-archive.com/libvir-list@redhat.com/msg167342.html
[2] https://www.mail-archive.com/qemu-devel@nongnu.org/msg590034.html
[3] https://www.mail-archive.com/qemu-devel@nongnu.org/msg611244.html

---
Cc: Paolo Bonzini 
Cc: Pavel Hrdina 
Cc: Jiri Denemark 
Cc: "Hu, Robert" 
Cc: Tao Xu 
Cc: Richard Henderson 

Eduardo Habkost (6):
  i386: Add x-force-features option for testing
  i386: Remove unused host_cpudef variable
  qmp: Add "alias-of" field to query-cpu-definitions
  i386: Infrastructure for versioned CPU models
  docs: Deprecate CPU model runnability guarantees
  i386: Add Cascadelake-Server-4.1.1 CPU model

 qapi/target.json   |   9 +-
 include/hw/i386/pc.h   |   3 +
 target/i386/cpu-qom.h  |  10 +-
 target/i386/cpu.h  |  16 ++
 hw/i386/pc.c   |   3 +
 hw/i386/pc_piix.c  |   4 +
 hw/i386/pc_q35.c   |   4 +
 target/i386/cpu.c  | 188 +
 qemu-deprecated.texi   |  19 +++
 tests/acceptance/x86_cpu_model_versions.py | 173 +++
 10 files changed, 388 insertions(+), 41 deletions(-)
 create mode 100644 tests/acceptance/x86_cpu_model_versions.py

-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 1/6] i386: Add x-force-features option for testing

2019-06-24 Thread Eduardo Habkost 
Add a new option that can be used to disable feature flag
filtering.  This will allow CPU model compatibility test cases to
work without host hardware dependencies.

Signed-off-by: Eduardo Habkost 
---
 target/i386/cpu.h | 6 ++
 target/i386/cpu.c | 8 ++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index df99d70c43..25544fdaaa 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1414,6 +1414,12 @@ struct X86CPU {
 
 bool check_cpuid;
 bool enforce_cpuid;
+/*
+ * Force features to be enabled even if the host doesn't support them.
+ * This is dangerous and should be done only for testing CPUID
+ * compatibility.
+ */
+bool force_features;
 bool expose_kvm;
 bool expose_tcg;
 bool migratable;
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index f8d8f779c1..1bad957f6e 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5140,8 +5140,11 @@ static int x86_cpu_filter_features(X86CPU *cpu)
 uint32_t host_feat =
 x86_cpu_get_supported_feature_word(w, false);
 uint32_t requested_features = env->features[w];
-env->features[w] &= host_feat;
-cpu->filtered_features[w] = requested_features & ~env->features[w];
+uint32_t available_features = requested_features & host_feat;
+if (!cpu->force_features) {
+env->features[w] = available_features;
+}
+cpu->filtered_features[w] = requested_features & ~available_features;
 if (cpu->filtered_features[w]) {
 rv = 1;
 }
@@ -5866,6 +5869,7 @@ static Property x86_cpu_properties[] = {
 
 DEFINE_PROP_BOOL("check", X86CPU, check_cpuid, true),
 DEFINE_PROP_BOOL("enforce", X86CPU, enforce_cpuid, false),
+DEFINE_PROP_BOOL("x-force-features", X86CPU, force_features, false),
 DEFINE_PROP_BOOL("kvm", X86CPU, expose_kvm, true),
 DEFINE_PROP_UINT32("phys-bits", X86CPU, phys_bits, 0),
 DEFINE_PROP_BOOL("host-phys-bits", X86CPU, host_phys_bits, false),
-- 
2.18.0.rc1.1.g3f1ff2140

Re: [Qemu-devel] [PATCH v4 08/13] vfio: Add save state functions to SaveVMHandlers

2019-06-24 Thread Yan Zhao 
On Fri, Jun 21, 2019 at 08:31:53AM +0800, Yan Zhao wrote:
> On Thu, Jun 20, 2019 at 10:37:36PM +0800, Kirti Wankhede wrote:
> > Added .save_live_pending, .save_live_iterate and .save_live_complete_precopy
> > functions. These functions handles pre-copy and stop-and-copy phase.
> > 
> > In _SAVING|_RUNNING device state or pre-copy phase:
> > - read pending_bytes
> > - read data_offset - indicates kernel driver to write data to staging
> >   buffer which is mmapped.
> > - read data_size - amount of data in bytes written by vendor driver in 
> > migration
> >   region.
> > - if data section is trapped, pread() number of bytes in data_size, from
> >   data_offset.
> > - if data section is mmaped, read mmaped buffer of size data_size.
> > - Write data packet to file stream as below:
> > {VFIO_MIG_FLAG_DEV_DATA_STATE, data_size, actual data,
> > VFIO_MIG_FLAG_END_OF_STATE }
> > 
> > In _SAVING device state or stop-and-copy phase
> > a. read config space of device and save to migration file stream. This
> >doesn't need to be from vendor driver. Any other special config state
> >from driver can be saved as data in following iteration.
> > b. read pending_bytes - indicates kernel driver to write data to staging
> >buffer which is mmapped.
> > c. read data_size - amount of data in bytes written by vendor driver in
> >migration region.
> > d. if data section is trapped, pread() from data_offset of size data_size.
> > e. if data section is mmaped, read mmaped buffer of size data_size.
> > f. Write data packet as below:
> >{VFIO_MIG_FLAG_DEV_DATA_STATE, data_size, actual data}
> > g. iterate through steps b to f until (pending_bytes > 0)
> > h. Write {VFIO_MIG_FLAG_END_OF_STATE}
> > 
> > .save_live_iterate runs outside the iothread lock in the migration case, 
> > which
> > could race with asynchronous call to get dirty page list causing data 
> > corruption
> > in mapped migration region. Mutex added here to serial migration buffer read
> > operation.
> > 
> > Signed-off-by: Kirti Wankhede 
> > Reviewed-by: Neo Jia 
> > ---
> >  hw/vfio/migration.c | 212 
> > 
> >  1 file changed, 212 insertions(+)
> > 
> > diff --git a/hw/vfio/migration.c b/hw/vfio/migration.c
> > index fe0887c27664..0a2f30872316 100644
> > --- a/hw/vfio/migration.c
> > +++ b/hw/vfio/migration.c
> > @@ -107,6 +107,111 @@ static int vfio_migration_set_state(VFIODevice 
> > *vbasedev, uint32_t state)
> >  return 0;
> >  }
> >  
> > +static int vfio_save_buffer(QEMUFile *f, VFIODevice *vbasedev)
> > +{
> > +VFIOMigration *migration = vbasedev->migration;
> > +VFIORegion *region = &migration->region.buffer;
> > +uint64_t data_offset = 0, data_size = 0;
> > +int ret;
> > +
> > +ret = pread(vbasedev->fd, &data_offset, sizeof(data_offset),
> > +region->fd_offset + offsetof(struct 
> > vfio_device_migration_info,
> > + data_offset));
> > +if (ret != sizeof(data_offset)) {
> > +error_report("Failed to get migration buffer data offset %d",
> > + ret);
> > +return -EINVAL;
> > +}
> > +
> > +ret = pread(vbasedev->fd, &data_size, sizeof(data_size),
> > +region->fd_offset + offsetof(struct 
> > vfio_device_migration_info,
> > + data_size));
> > +if (ret != sizeof(data_size)) {
> > +error_report("Failed to get migration buffer data size %d",
> > + ret);
> > +return -EINVAL;
> > +}
> > +
> how big is the data_size ? 
> if this size is too big, it may take too much time and block others.
> 
> > +if (data_size > 0) {
> > +void *buf = NULL;
> > +bool buffer_mmaped = false;
> > +
> > +if (region->mmaps) {
> > +int i;
> > +
> > +for (i = 0; i < region->nr_mmaps; i++) {
> > +if ((data_offset >= region->mmaps[i].offset) &&
> > +(data_offset < region->mmaps[i].offset +
> > +   region->mmaps[i].size)) {
> > +buf = region->mmaps[i].mmap + (data_offset -
> > +   
> > region->mmaps[i].offset);
> > +buffer_mmaped = true;
> > +break;
> > +}
> > +}
> > +}
> > +
> > +if (!buffer_mmaped) {
> > +buf = g_malloc0(data_size);
> > +ret = pread(vbasedev->fd, buf, data_size,
> > +region->fd_offset + data_offset);
> > +if (ret != data_size) {
> > +error_report("Failed to get migration data %d", ret);
> > +g_free(buf);
> > +return -EINVAL;
> > +}
> > +}
> > +
> > +qemu_put_be64(f, data_size);
> > +qemu_put_buffer(f, buf, data_size);
> > +
> > +if (!buffer_mmaped) {
> > +

[Qemu-devel] [PATCH] ui: Correct icon install path

2019-06-24 Thread Colin Xu 
The double slash in path will fail the installation on MINGW/MSYS.

Fixes: a8260d387638 (ui: install logo icons to $prefix/share/icons)

Signed-off-by: Colin Xu 
---
 Makefile | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index cfb18f152544..562205be290c 100644
--- a/Makefile
+++ b/Makefile
@@ -875,19 +875,19 @@ ifneq ($(DESCS),)
done
 endif
for s in $(ICON_SIZES); do \
-   mkdir -p "$(DESTDIR)/$(qemu_icondir)/hicolor/$${s}/apps"; \
+   mkdir -p "$(DESTDIR)$(qemu_icondir)/hicolor/$${s}/apps"; \
$(INSTALL_DATA) $(SRC_PATH)/ui/icons/qemu_$${s}.png \
-   
"$(DESTDIR)/$(qemu_icondir)/hicolor/$${s}/apps/qemu.png"; \
+   
"$(DESTDIR)$(qemu_icondir)/hicolor/$${s}/apps/qemu.png"; \
done; \
-   mkdir -p "$(DESTDIR)/$(qemu_icondir)/hicolor/32x32/apps"; \
+   mkdir -p "$(DESTDIR)$(qemu_icondir)/hicolor/32x32/apps"; \
$(INSTALL_DATA) $(SRC_PATH)/ui/icons/qemu_32x32.bmp \
-   "$(DESTDIR)/$(qemu_icondir)/hicolor/32x32/apps/qemu.bmp"; \
-   mkdir -p "$(DESTDIR)/$(qemu_icondir)/hicolor/scalable/apps"; \
+   "$(DESTDIR)$(qemu_icondir)/hicolor/32x32/apps/qemu.bmp"; \
+   mkdir -p "$(DESTDIR)$(qemu_icondir)/hicolor/scalable/apps"; \
$(INSTALL_DATA) $(SRC_PATH)/ui/icons/qemu.svg \
-   "$(DESTDIR)/$(qemu_icondir)/hicolor/scalable/apps/qemu.svg"
-   mkdir -p "$(DESTDIR)/$(qemu_desktopdir)"
+   "$(DESTDIR)$(qemu_icondir)/hicolor/scalable/apps/qemu.svg"
+   mkdir -p "$(DESTDIR)$(qemu_desktopdir)"
$(INSTALL_DATA) $(SRC_PATH)/ui/qemu.desktop \
-   "$(DESTDIR)/$(qemu_desktopdir)/qemu.desktop"
+   "$(DESTDIR)$(qemu_desktopdir)/qemu.desktop"
 ifdef CONFIG_GTK
$(MAKE) -C po $@
 endif
-- 
2.22.0

[Qemu-devel] [PATCH v4] memory: assert on out of scope notification

2019-06-24 Thread Yan Zhao 
It is wrong for an entry to have parts out of scope of notifier's range.
assert this condition.

Out of scope mapping/unmapping would cause problem, as in below case:

1. initially there are two notifiers with ranges
0-0xfedf, 0xfef0-0x,
IOVAs from 0x3c00 - 0x3c1f is in shadow page table.

2. in vfio, memory_region_register_iommu_notifier() is followed by
memory_region_iommu_replay(), which will first call address space
unmap,
and walk and add back all entries in vtd shadow page table. e.g.
(1) for notifier 0-0xfedf,
IOVAs from 0 - 0x get unmapped,
and IOVAs from 0x3c00 - 0x3c1f get mapped
(2) for notifier 0xfef0-0x
IOVAs from 0 - 0x7f get unmapped,
but IOVAs from 0x3c00 - 0x3c1f cannot get mapped back.

Cc: Eric Auger 
Signed-off-by: Yan Zhao 

---
v4:
1. modified commit title
2. using "assert" instead of printing warning message
(Eric Auger)

v3:
refined code style and message format

v2:
1. added a local variable entry_end (Eric Auger)
2. using PRIx64 as format for address range in warning message
(Eric Auger)
---
 memory.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/memory.c b/memory.c
index 0a089a7..35e8e77 100644
--- a/memory.c
+++ b/memory.c
@@ -1937,16 +1937,18 @@ void memory_region_notify_one(IOMMUNotifier *notifier,
   IOMMUTLBEntry *entry)
 {
 IOMMUNotifierFlag request_flags;
+hwaddr entry_end = entry->iova + entry->addr_mask;
 
 /*
  * Skip the notification if the notification does not overlap
  * with registered range.
  */
-if (notifier->start > entry->iova + entry->addr_mask ||
-notifier->end < entry->iova) {
+if (notifier->start > entry_end || notifier->end < entry->iova) {
 return;
 }
 
+assert(entry->iova >= notifier->start && entry_end <= notifier->end);
+
 if (entry->perm & IOMMU_RW) {
 request_flags = IOMMU_NOTIFIER_MAP;
 } else {
-- 
2.7.4

Re: [Qemu-devel] [PATCH v3] memory: warning on out of scope notification

2019-06-24 Thread Yan Zhao 
On Mon, Jun 24, 2019 at 06:11:11PM +0800, Auger Eric wrote:
> Hi Yan,
> 
> On 6/24/19 10:39 AM, Yan Zhao wrote:
> > if an entry has parts out of scope of notifier's range, print warning
> > message.
> > 
> > Out of scope mapping/unmapping would cause problem, as in below case:
> > 
> > 1. initially there are two notifiers with ranges
> > 0-0xfedf, 0xfef0-0x,
> > IOVAs from 0x3c00 - 0x3c1f is in shadow page table.
> > 
> > 2. in vfio, memory_region_register_iommu_notifier() is followed by
> > memory_region_iommu_replay(), which will first call address space
> > unmap,
> > and walk and add back all entries in vtd shadow page table. e.g.
> > (1) for notifier 0-0xfedf,
> > IOVAs from 0 - 0x get unmapped,
> > and IOVAs from 0x3c00 - 0x3c1f get mapped
> > (2) for notifier 0xfef0-0x
> > IOVAs from 0 - 0x7f get unmapped,
> > but IOVAs from 0x3c00 - 0x3c1f cannot get mapped back.
> > 
> > Cc: Auger Eric 
> > Signed-off-by: Yan Zhao 
> > 
> > ---
> > v3:
> > refined code style and message format
> > 
> > v2:
> > 1. added a local variable entry_end (Auger Eric)
> > 2. using PRIx64 as format for address range in warning message
> > (Auger Eric)
> > ---
> >  memory.c | 13 +++--
> >  1 file changed, 11 insertions(+), 2 deletions(-)
> > 
> > diff --git a/memory.c b/memory.c
> > index 0a089a7..c7154ab 100644
> > --- a/memory.c
> > +++ b/memory.c
> > @@ -1937,13 +1937,13 @@ void memory_region_notify_one(IOMMUNotifier 
> > *notifier,
> >IOMMUTLBEntry *entry)
> >  {
> >  IOMMUNotifierFlag request_flags;
> > +hwaddr entry_end = entry->iova + entry->addr_mask;
> >  
> >  /*
> >   * Skip the notification if the notification does not overlap
> >   * with registered range.
> >   */
> > -if (notifier->start > entry->iova + entry->addr_mask ||
> > -notifier->end < entry->iova) {
> > +if (notifier->start > entry_end || notifier->end < entry->iova) {
> >  return;
> >  }
> >  
> > @@ -1953,6 +1953,15 @@ void memory_region_notify_one(IOMMUNotifier 
> > *notifier,
> >  request_flags = IOMMU_NOTIFIER_UNMAP;
> >  }
> >  
> > +if (entry->iova < notifier->start || entry_end > notifier->end) {
> > +warn_report("%s IOMMUTLBEntry 0x%" PRIx64 " - 0x%" PRIx64
> > +" outside of notifier scope 0x%" PRIx64 " - 0x%" PRIx64,
> > +(request_flags == IOMMU_NOTIFIER_MAP) ?
> > +"Mapping" : "Unmapping",
> > +entry->iova, entry->iova + entry->addr_mask,
> entry_end as well.
> 
> Then shouldn't we assert in that case?
>
Yes, assert is good. I'll change warning to assert then.
Thanks
Yan

> Thanks
> 
> Eric
> > +notifier->start, notifier->end);
> > +}
> > +
> >  if (notifier->notifier_flags & request_flags) {
> >  notifier->notify(notifier, entry);
> >  }
> >

Re: [Qemu-devel] [PATCH v2 2/2] intel_iommu: Fix unexpected unmaps during global unmap

2019-06-24 Thread Yan Zhao 
Tested-by: Yan Zhao 

On Mon, Jun 24, 2019 at 05:18:11PM +0800, Peter Xu wrote:
> This is an replacement work of Yan Zhao's patch:
> 
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg625340.html
> 
> vtd_address_space_unmap() will do proper page mask alignment to make
> sure each IOTLB message will have correct masks for notification
> messages (2^N-1), but sometimes it can be expanded to even supercede
> the registered range.  That could lead to unexpected UNMAP of already
> mapped regions in some other notifiers.
> 
> Instead of doing mindless expension of the start address and address
> mask, we split the range into smaller ones and guarantee that each
> small range will have correct masks (2^N-1) and at the same time we
> should also try our best to generate as less IOTLB messages as
> possible.
> 
> Reported-by: Yan Zhao 
> Signed-off-by: Peter Xu 
> ---
>  hw/i386/intel_iommu.c | 67 ++-
>  1 file changed, 41 insertions(+), 26 deletions(-)
> 
> diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
> index 719ce19ab3..de86f53b4e 100644
> --- a/hw/i386/intel_iommu.c
> +++ b/hw/i386/intel_iommu.c
> @@ -3363,11 +3363,28 @@ VTDAddressSpace *vtd_find_add_as(IntelIOMMUState *s, 
> PCIBus *bus, int devfn)
>  return vtd_dev_as;
>  }
>  
> +static uint64_t get_naturally_aligned_size(uint64_t start,
> +   uint64_t size, int gaw)
> +{
> +uint64_t max_mask = 1ULL << gaw;
> +uint64_t alignment = start ? start & -start : max_mask;
> +
> +alignment = MIN(alignment, max_mask);
> +size = MIN(size, max_mask);
> +
> +if (alignment <= size) {
> +/* Increase the alignment of start */
> +return alignment;
> +} else {
> +/* Find the largest page mask from size */
> +return 1ULL << (63 - clz64(size));
> +}
> +}
> +
>  /* Unmap the whole range in the notifier's scope. */
>  static void vtd_address_space_unmap(VTDAddressSpace *as, IOMMUNotifier *n)
>  {
> -IOMMUTLBEntry entry;
> -hwaddr size;
> +hwaddr size, remain;
>  hwaddr start = n->start;
>  hwaddr end = n->end;
>  IntelIOMMUState *s = as->iommu_state;
> @@ -3388,39 +3405,37 @@ static void vtd_address_space_unmap(VTDAddressSpace 
> *as, IOMMUNotifier *n)
>  }
>  
>  assert(start <= end);
> -size = end - start;
> +size = remain = end - start + 1;
>  
> -if (ctpop64(size) != 1) {
> -/*
> - * This size cannot format a correct mask. Let's enlarge it to
> - * suite the minimum available mask.
> - */
> -int n = 64 - clz64(size);
> -if (n > s->aw_bits) {
> -/* should not happen, but in case it happens, limit it */
> -n = s->aw_bits;
> -}
> -size = 1ULL << n;
> +while (remain >= VTD_PAGE_SIZE) {
> +IOMMUTLBEntry entry;
> +uint64_t mask = get_naturally_aligned_size(start, remain, 
> s->aw_bits);
> +
> +assert(mask);
> +
> +entry.iova = start;
> +entry.addr_mask = mask - 1;
> +entry.target_as = &address_space_memory;
> +entry.perm = IOMMU_NONE;
> +/* This field is meaningless for unmap */
> +entry.translated_addr = 0;
> +
> +memory_region_notify_one(n, &entry);
> +
> +start += mask;
> +remain -= mask;
>  }
>  
> -entry.target_as = &address_space_memory;
> -/* Adjust iova for the size */
> -entry.iova = n->start & ~(size - 1);
> -/* This field is meaningless for unmap */
> -entry.translated_addr = 0;
> -entry.perm = IOMMU_NONE;
> -entry.addr_mask = size - 1;
> +assert(!remain);
>  
>  trace_vtd_as_unmap_whole(pci_bus_num(as->bus),
>   VTD_PCI_SLOT(as->devfn),
>   VTD_PCI_FUNC(as->devfn),
> - entry.iova, size);
> + n->start, size);
>  
> -map.iova = entry.iova;
> -map.size = entry.addr_mask;
> +map.iova = n->start;
> +map.size = size;
>  iova_tree_remove(as->iova_tree, &map);
> -
> -memory_region_notify_one(n, &entry);
>  }
>  
>  static void vtd_address_space_unmap_all(IntelIOMMUState *s)
> -- 
> 2.21.0
>

Re: [Qemu-devel] [PATCH] ioapic: clear irq_eoi when updating the ioapic redirect table entry

2019-06-24 Thread Peter Xu 
On Mon, Jun 24, 2019 at 08:16:35AM -0700, Li Qiang wrote:
> irq_eoi is used to count the number of irq injected during eoi
> broadcast. It should be set to 0 when updating the ioapic's redirect
> table entry.
> 
> Suggested-by: Peter Xu 
> Signed-off-by: Li Qiang 
> ---
>  hw/intc/ioapic.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/intc/ioapic.c b/hw/intc/ioapic.c
> index 7074489fdf..db9e518602 100644
> --- a/hw/intc/ioapic.c
> +++ b/hw/intc/ioapic.c
> @@ -380,6 +380,7 @@ ioapic_mem_write(void *opaque, hwaddr addr, uint64_t val,
>  /* restore RO bits */
>  s->ioredtbl[index] &= IOAPIC_RW_BITS;
>  s->ioredtbl[index] |= ro_bits;
> +s->irq_eoi[index] = 0;

It'll be cleared for twice for each ioapic entry because it only
supports 32bit write to these registers.  Though it seems fine, e.g.,
when the guest only want to update the vector info we should still
clear it:

Reviewed-by: Peter Xu 

>  ioapic_fix_edge_remote_irr(&s->ioredtbl[index]);
>  ioapic_service(s);
>  }
> -- 
> 2.17.1
> 
> 

Regards,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 0/4] Miscellaneous patches from the RISC-V fork

2019-06-24 Thread no-reply 
Patchew URL: 
https://patchew.org/QEMU/cover.1561419713.git.alistair.fran...@wdc.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: cover.1561419713.git.alistair.fran...@wdc.com
Type: series
Subject: [Qemu-devel] [PATCH v2 0/4] Miscellaneous patches from the RISC-V fork

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 * [new tag] patchew/cover.1561419713.git.alistair.fran...@wdc.com -> 
patchew/cover.1561419713.git.alistair.fran...@wdc.com
Switched to a new branch 'test'
ea39509 target/riscv: Implement riscv_cpu_unassigned_access
e1ca264 disas/riscv: Fix `rdinstreth` constraint
6e119a5 disas/riscv: Disassemble reserved compressed encodings as illegal
eb4b804 target/riscv: Fix PMP range boundary address bug

=== OUTPUT BEGIN ===
1/4 Checking commit eb4b80481b1a (target/riscv: Fix PMP range boundary address 
bug)
2/4 Checking commit 6e119a562b35 (disas/riscv: Disassemble reserved compressed 
encodings as illegal)
ERROR: line over 90 characters
#54: FILE: disas/riscv.c:1019:
+{ "c.addi4spn", rv_codec_ciw_4spn, rv_fmt_rd_rs1_imm, NULL, rv_op_addi, 
rv_op_addi, rv_op_addi, rvcd_imm_nz },

ERROR: line over 90 characters
#63: FILE: disas/riscv.c:1027:
+{ "c.addi", rv_codec_ci, rv_fmt_rd_rs1_imm, NULL, rv_op_addi, rv_op_addi, 
rv_op_addi, rvcd_imm_nz },

ERROR: line over 90 characters
#71: FILE: disas/riscv.c:1030:
+{ "c.addi16sp", rv_codec_ci_16sp, rv_fmt_rd_rs1_imm, NULL, rv_op_addi, 
rv_op_addi, rv_op_addi, rvcd_imm_nz },

ERROR: line over 90 characters
#72: FILE: disas/riscv.c:1031:
+{ "c.lui", rv_codec_ci_lui, rv_fmt_rd_imm, NULL, rv_op_lui, rv_op_lui, 
rv_op_lui, rvcd_imm_nz },

ERROR: line over 90 characters
#73: FILE: disas/riscv.c:1032:
+{ "c.srli", rv_codec_cb_sh6, rv_fmt_rd_rs1_imm, NULL, rv_op_srli, 
rv_op_srli, rv_op_srli, rvcd_imm_nz },

ERROR: line over 90 characters
#74: FILE: disas/riscv.c:1033:
+{ "c.srai", rv_codec_cb_sh6, rv_fmt_rd_rs1_imm, NULL, rv_op_srai, 
rv_op_srai, rv_op_srai, rvcd_imm_nz },

ERROR: line over 90 characters
#75: FILE: disas/riscv.c:1034:
+{ "c.andi", rv_codec_cb_imm, rv_fmt_rd_rs1_imm, NULL, rv_op_andi, 
rv_op_andi, rv_op_andi, rvcd_imm_nz },

ERROR: line over 90 characters
#84: FILE: disas/riscv.c:1044:
+{ "c.slli", rv_codec_ci_sh6, rv_fmt_rd_rs1_imm, NULL, rv_op_slli, 
rv_op_slli, rv_op_slli, rvcd_imm_nz },

total: 8 errors, 0 warnings, 100 lines checked

Patch 2/4 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

3/4 Checking commit e1ca26481ca9 (disas/riscv: Fix `rdinstreth` constraint)
ERROR: line over 90 characters
#24: FILE: disas/riscv.c:617:
+static const rvc_constraint rvcc_rdinstreth[] = { rvc_rs1_eq_x0, 
rvc_csr_eq_0xc82, rvc_end };

ERROR: line over 90 characters
#33: FILE: disas/riscv.c:1034:
+{ "c.andi", rv_codec_cb_imm, rv_fmt_rd_rs1_imm, NULL, rv_op_andi, 
rv_op_andi, rv_op_andi },

total: 2 errors, 0 warnings, 16 lines checked

Patch 3/4 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

4/4 Checking commit ea39509e914c (target/riscv: Implement 
riscv_cpu_unassigned_access)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/cover.1561419713.git.alistair.fran...@wdc.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [Qemu-devel] [PATCH 07/10] hw/mips/gt64xxx_pci: Align the pci0-mem size

2019-06-24 Thread Aleksandar Markovic 
On Jun 25, 2019 12:44 AM, "Philippe Mathieu-Daudé"  wrote:
>
> One byte is missing, use an aligned size.
>
> (qemu) info mtree
> memory-region: pci0-mem
>   -fffe (prio 0, i/o): pci0-mem
>   ^
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---

Reviewed-by: Aleksandar Markovic 

I agree with this change, but do we have similar situations in QEMU code
elsewhere?

>  hw/mips/gt64xxx_pci.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
> index 815ef0711d..2fa313f498 100644
> --- a/hw/mips/gt64xxx_pci.c
> +++ b/hw/mips/gt64xxx_pci.c
> @@ -23,6 +23,7 @@
>   */
>
>  #include "qemu/osdep.h"
> +#include "qemu/units.h"
>  #include "qemu/log.h"
>  #include "hw/hw.h"
>  #include "hw/mips/mips.h"
> @@ -1201,7 +1202,7 @@ PCIBus *gt64120_register(qemu_irq *pic)
>  dev = qdev_create(NULL, TYPE_GT64120_PCI_HOST_BRIDGE);
>  d = GT64120_PCI_HOST_BRIDGE(dev);
>  phb = PCI_HOST_BRIDGE(dev);
> -memory_region_init(&d->pci0_mem, OBJECT(dev), "pci0-mem",
UINT32_MAX);
> +memory_region_init(&d->pci0_mem, OBJECT(dev), "pci0-mem", 4 * GiB);
>  address_space_init(&d->pci0_mem_as, &d->pci0_mem, "pci0-mem");
>  phb->bus = pci_register_root_bus(dev, "pci",
>   gt64120_pci_set_irq,
gt64120_pci_map_irq,
> --
> 2.19.1
>
>

Re: [Qemu-devel] [PATCH 06/10] hw/mips/gt64xxx_pci: Convert debug printf()s to trace events

2019-06-24 Thread Aleksandar Markovic 
On Jun 25, 2019 12:46 AM, "Philippe Mathieu-Daudé"  wrote:
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---

Philipoe, can you hust clarify (explain) what is the criterium when to use
log message, and when to use trace event, which are bith present in gt64xxx
implementation.

>  Makefile.objs |  1 +
>  hw/mips/gt64xxx_pci.c | 29 ++---
>  hw/mips/trace-events  |  4 
>  3 files changed, 15 insertions(+), 19 deletions(-)
>  create mode 100644 hw/mips/trace-events
>
> diff --git a/Makefile.objs b/Makefile.objs
> index 658cfc9d9f..3b83621f32 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -163,6 +163,7 @@ trace-events-subdirs += hw/input
>  trace-events-subdirs += hw/intc
>  trace-events-subdirs += hw/isa
>  trace-events-subdirs += hw/mem
> +trace-events-subdirs += hw/mips
>  trace-events-subdirs += hw/misc
>  trace-events-subdirs += hw/misc/macio
>  trace-events-subdirs += hw/net
> diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
> index f44326f14f..815ef0711d 100644
> --- a/hw/mips/gt64xxx_pci.c
> +++ b/hw/mips/gt64xxx_pci.c
> @@ -30,14 +30,7 @@
>  #include "hw/pci/pci_host.h"
>  #include "hw/i386/pc.h"
>  #include "exec/address-spaces.h"
> -
> -//#define DEBUG
> -
> -#ifdef DEBUG
> -#define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __func__,
##__VA_ARGS__)
> -#else
> -#define DPRINTF(fmt, ...)
> -#endif
> +#include "trace.h"
>
>  #define GT_REGS (0x1000 >> 2)
>
> @@ -294,9 +287,7 @@ static void gt64120_isd_mapping(GT64120State *s)
>  check_reserved_space(&start, &length);
>  length = 0x1000;
>  /* Map new address */
> -DPRINTF("ISD: "TARGET_FMT_plx"@"TARGET_FMT_plx
> -" -> "TARGET_FMT_plx"@"TARGET_FMT_plx"\n",
> -s->ISD_length, s->ISD_start, length, start);
> +trace_gt64120_isd_remap(s->ISD_length, s->ISD_start, length, start);
>  s->ISD_start = start;
>  s->ISD_length = length;
>  memory_region_add_subregion(get_system_memory(), s->ISD_start,
&s->ISD_mem);
> @@ -648,19 +639,19 @@ static void gt64120_writel(void *opaque, hwaddr
addr,
>  /* not really implemented */
>  s->regs[saddr] = ~(~(s->regs[saddr]) | ~(val & 0xfffe));
>  s->regs[saddr] |= !!(s->regs[saddr] & 0xfffe);
> -DPRINTF("INTRCAUSE %" PRIx64 "\n", val);
> +trace_gt64120_write("INTRCAUSE", size << 1, val);
>  break;
>  case GT_INTRMASK:
>  s->regs[saddr] = val & 0x3c3e;
> -DPRINTF("INTRMASK %" PRIx64 "\n", val);
> +trace_gt64120_write("INTRMASK", size << 1, val);
>  break;
>  case GT_PCI0_ICMASK:
>  s->regs[saddr] = val & 0x03fe;
> -DPRINTF("ICMASK %" PRIx64 "\n", val);
> +trace_gt64120_write("ICMASK", size << 1, val);
>  break;
>  case GT_PCI0_SERR0MASK:
>  s->regs[saddr] = val & 0x003f;
> -DPRINTF("SERR0MASK %" PRIx64 "\n", val);
> +trace_gt64120_write("SERR0MASK", size << 1, val);
>  break;
>
>  /* Reserved when only PCI_0 is configured. */
> @@ -936,19 +927,19 @@ static uint64_t gt64120_readl(void *opaque,
>  /* Interrupts */
>  case GT_INTRCAUSE:
>  val = s->regs[saddr];
> -DPRINTF("INTRCAUSE %x\n", val);
> +trace_gt64120_read("INTRCAUSE", size << 1, val);
>  break;
>  case GT_INTRMASK:
>  val = s->regs[saddr];
> -DPRINTF("INTRMASK %x\n", val);
> +trace_gt64120_read("INTRMASK", size << 1, val);
>  break;
>  case GT_PCI0_ICMASK:
>  val = s->regs[saddr];
> -DPRINTF("ICMASK %x\n", val);
> +trace_gt64120_read("ICMASK", size << 1, val);
>  break;
>  case GT_PCI0_SERR0MASK:
>  val = s->regs[saddr];
> -DPRINTF("SERR0MASK %x\n", val);
> +trace_gt64120_read("SERR0MASK", size << 1, val);
>  break;
>
>  /* Reserved when only PCI_0 is configured. */
> diff --git a/hw/mips/trace-events b/hw/mips/trace-events
> new file mode 100644
> index 00..75d4c73f2e
> --- /dev/null
> +++ b/hw/mips/trace-events
> @@ -0,0 +1,4 @@
> +# gt64xxx.c
> +gt64120_read(const char *regname, int width, uint64_t value) "gt64120
read %s value:0x%0*" PRIx64
> +gt64120_write(const char *regname, int width, uint64_t value) "gt64120
write %s value:0x%0*" PRIx64
> +gt64120_isd_remap(uint64_t from_length, uint64_t from_addr, uint64_t
to_length, uint64_t to_addr) "ISD: 0x%08" PRIx64 "@0x%08" PRIx64 " ->
0x%08" PRIx64 "@0x%08" PRIx64
> --
> 2.19.1
>
>

Re: [Qemu-devel] [PATCH 05/10] hw/mips/gt64xxx_pci: Use qemu_log_mask() instead of debug printf()

2019-06-24 Thread Aleksandar Markovic 
On Jun 25, 2019 12:42 AM, "Philippe Mathieu-Daudé"  wrote:
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---

This patch is not only mechanical replacement of printf(), but it also
improves existing log messages, and adds some new ones as well. Reflect
that in both commit message title and body. Perhaps there are more spots
that deserve logging. But, also, please, Philippe, doublecheck in real
scenarios if we don't flood the log with too many messages.

Thank you,
Aleksandar

>  hw/mips/gt64xxx_pci.c | 48 +--
>  1 file changed, 37 insertions(+), 11 deletions(-)
>
> diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
> index 0b9fb02475..f44326f14f 100644
> --- a/hw/mips/gt64xxx_pci.c
> +++ b/hw/mips/gt64xxx_pci.c
> @@ -23,6 +23,7 @@
>   */
>
>  #include "qemu/osdep.h"
> +#include "qemu/log.h"
>  #include "hw/hw.h"
>  #include "hw/mips/mips.h"
>  #include "hw/pci/pci.h"
> @@ -466,12 +467,20 @@ static void gt64120_writel(void *opaque, hwaddr
addr,
>  case GT_CPUERR_DATAHI:
>  case GT_CPUERR_PARITY:
>  /* Read-only registers, do nothing */
> +qemu_log_mask(LOG_GUEST_ERROR,
> +  "gt64120: Read-only register write "
> +  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
> +  saddr << 2, size, size << 1, val);
>  break;
>
>  /* CPU Sync Barrier */
>  case GT_PCI0SYNC:
>  case GT_PCI1SYNC:
>  /* Read-only registers, do nothing */
> +qemu_log_mask(LOG_GUEST_ERROR,
> +  "gt64120: Read-only register write "
> +  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
> +  saddr << 2, size, size << 1, val);
>  break;
>
>  /* SDRAM and Device Address Decode */
> @@ -510,7 +519,10 @@ static void gt64120_writel(void *opaque, hwaddr addr,
>  case GT_DEV_B3:
>  case GT_DEV_BOOT:
>  /* Not implemented */
> -DPRINTF ("Unimplemented device register offset 0x%x\n", saddr <<
2);
> +qemu_log_mask(LOG_UNIMP,
> +  "gt64120: Unimplemented device register write "
> +  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
> +  saddr << 2, size, size << 1, val);
>  break;
>
>  /* ECC */
> @@ -520,6 +532,10 @@ static void gt64120_writel(void *opaque, hwaddr addr,
>  case GT_ECC_CALC:
>  case GT_ECC_ERRADDR:
>  /* Read-only registers, do nothing */
> +qemu_log_mask(LOG_GUEST_ERROR,
> +  "gt64120: Read-only register write "
> +  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
> +  saddr << 2, size, size << 1, val);
>  break;
>
>  /* DMA Record */
> @@ -543,23 +559,20 @@ static void gt64120_writel(void *opaque, hwaddr
addr,
>  case GT_DMA1_CUR:
>  case GT_DMA2_CUR:
>  case GT_DMA3_CUR:
> -/* Not implemented */
> -DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
> -break;
>
>  /* DMA Channel Control */
>  case GT_DMA0_CTRL:
>  case GT_DMA1_CTRL:
>  case GT_DMA2_CTRL:
>  case GT_DMA3_CTRL:
> -/* Not implemented */
> -DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
> -break;
>
>  /* DMA Arbiter */
>  case GT_DMA_ARB:
>  /* Not implemented */
> -DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
> +qemu_log_mask(LOG_UNIMP,
> +  "gt64120: Unimplemented DMA register write "
> +  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
> +  saddr << 2, size, size << 1, val);
>  break;
>
>  /* Timer/Counter */
> @@ -569,7 +582,10 @@ static void gt64120_writel(void *opaque, hwaddr addr,
>  case GT_TC3:
>  case GT_TC_CONTROL:
>  /* Not implemented */
> -DPRINTF ("Unimplemented timer register offset 0x%x\n", saddr <<
2);
> +qemu_log_mask(LOG_UNIMP,
> +  "gt64120: Unimplemented timer register write "
> +  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
> +  saddr << 2, size, size << 1, val);
>  break;
>
>  /* PCI Internal */
> @@ -610,6 +626,10 @@ static void gt64120_writel(void *opaque, hwaddr addr,
>  case GT_PCI1_CFGADDR:
>  case GT_PCI1_CFGDATA:
>  /* not implemented */
> +qemu_log_mask(LOG_UNIMP,
> +  "gt64120: Unimplemented timer register write "
> +  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
> +  saddr << 2, size, size << 1, val);
>  break;
>  case GT_PCI0_CFGADDR:
>  phb->config_reg = val & 0x80fc;
> @@ -666,7 +686,10 @@ static void gt64120_writel(void *opaque, hwaddr addr,
>  break;
>
>  default:
> -DPRINTF ("Bad register offset 0x%x\n", (int)addr);
> +qemu_log_mask(LOG_GUEST_ERR

Re: [Qemu-devel] [PATCH 04/10] hw/mips/gt64xxx_pci: Fix 'spaces' coding style issues

2019-06-24 Thread Aleksandar Markovic 
On Jun 25, 2019 12:29 AM, "Philippe Mathieu-Daudé"  wrote:
>
> Since we'll move this code around, fix its style first:
>
>   ERROR: space prohibited between function name and open parenthesis
>   ERROR: line over 90 characters
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---

Reviewed-by: Aleksandar Markovic 

>  hw/mips/gt64xxx_pci.c | 11 ++-
>  1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
> index cfd497960c..0b9fb02475 100644
> --- a/hw/mips/gt64xxx_pci.c
> +++ b/hw/mips/gt64xxx_pci.c
> @@ -384,8 +384,8 @@ static const VMStateDescription vmstate_gt64120 = {
>  }
>  };
>
> -static void gt64120_writel (void *opaque, hwaddr addr,
> -uint64_t val, unsigned size)
> +static void gt64120_writel(void *opaque, hwaddr addr,
> +   uint64_t val, unsigned size)
>  {
>  GT64120State *s = opaque;
>  PCIHostState *phb = PCI_HOST_BRIDGE(s);
> @@ -671,8 +671,8 @@ static void gt64120_writel (void *opaque, hwaddr addr,
>  }
>  }
>
> -static uint64_t gt64120_readl (void *opaque,
> -   hwaddr addr, unsigned size)
> +static uint64_t gt64120_readl(void *opaque,
> +  hwaddr addr, unsigned size)
>  {
>  GT64120State *s = opaque;
>  PCIHostState *phb = PCI_HOST_BRIDGE(s);
> @@ -1193,7 +1193,8 @@ PCIBus *gt64120_register(qemu_irq *pic)
>   get_system_io(),
>   PCI_DEVFN(18, 0), 4, TYPE_PCI_BUS);
>  qdev_init_nofail(dev);
> -memory_region_init_io(&d->ISD_mem, OBJECT(dev), &isd_mem_ops, d,
"isd-mem", 0x1000);
> +memory_region_init_io(&d->ISD_mem, OBJECT(dev), &isd_mem_ops, d,
> +  "isd-mem", 0x1000);
>
>  pci_create_simple(phb->bus, PCI_DEVFN(0, 0), "gt64120_pci");
>  return phb->bus;
> --
> 2.19.1
>
>

Re: [Qemu-devel] [PATCH 03/10] hw/mips/gt64xxx_pci: Fix 'braces' coding style issues

2019-06-24 Thread Aleksandar Markovic 
On Jun 25, 2019 12:38 AM, "Philippe Mathieu-Daudé"  wrote:
>
> Since we'll move this code around, fix its style first:
>
>   ERROR: braces {} are necessary for all arms of this statement
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---

Reviewed-by: Aleksandar Markovic 

>  hw/mips/gt64xxx_pci.c | 27 ++-
>  1 file changed, 18 insertions(+), 9 deletions(-)
>
> diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
> index bbd719f091..cfd497960c 100644
> --- a/hw/mips/gt64xxx_pci.c
> +++ b/hw/mips/gt64xxx_pci.c
> @@ -257,19 +257,25 @@ static void check_reserved_space(hwaddr *start,
hwaddr *length)
>  hwaddr begin = *start;
>  hwaddr end = *start + *length;
>
> -if (end >= 0x1e00LL && end < 0x1f10LL)
> +if (end >= 0x1e00LL && end < 0x1f10LL) {
>  end = 0x1e00LL;
> -if (begin >= 0x1e00LL && begin < 0x1f10LL)
> +}
> +if (begin >= 0x1e00LL && begin < 0x1f10LL) {
>  begin = 0x1f10LL;
> -if (end >= 0x1fc0LL && end < 0x1fd0LL)
> +}
> +if (end >= 0x1fc0LL && end < 0x1fd0LL) {
>  end = 0x1fc0LL;
> -if (begin >= 0x1fc0LL && begin < 0x1fd0LL)
> +}
> +if (begin >= 0x1fc0LL && begin < 0x1fd0LL) {
>  begin = 0x1fd0LL;
> +}
>  /* XXX: This is broken when a reserved range splits the requested
range */
> -if (end >= 0x1f10LL && begin < 0x1e00LL)
> +if (end >= 0x1f10LL && begin < 0x1e00LL) {
>  end = 0x1e00LL;
> -if (end >= 0x1fd0LL && begin < 0x1fc0LL)
> +}
> +if (end >= 0x1fd0LL && begin < 0x1fc0LL) {
>  end = 0x1fc0LL;
> +}
>
>  *start = begin;
>  *length = end - begin;
> @@ -385,8 +391,9 @@ static void gt64120_writel (void *opaque, hwaddr addr,
>  PCIHostState *phb = PCI_HOST_BRIDGE(s);
>  uint32_t saddr;
>
> -if (!(s->regs[GT_CPU] & 0x1000))
> +if (!(s->regs[GT_CPU] & 0x1000)) {
>  val = bswap32(val);
> +}
>
>  saddr = (addr & 0xfff) >> 2;
>  switch (saddr) {
> @@ -937,8 +944,9 @@ static uint64_t gt64120_readl (void *opaque,
>  break;
>  }
>
> -if (!(s->regs[GT_CPU] & 0x1000))
> +if (!(s->regs[GT_CPU] & 0x1000)) {
>  val = bswap32(val);
> +}
>
>  return val;
>  }
> @@ -990,8 +998,9 @@ static void gt64120_pci_set_irq(void *opaque, int
irq_num, int level)
>  /* The pic level is the logical OR of all the PCI irqs mapped to
it. */
>  pic_level = 0;
>  for (i = 0; i < 4; i++) {
> -if (pic_irq == piix4_dev->config[0x60 + i])
> +if (pic_irq == piix4_dev->config[0x60 + i]) {
>  pic_level |= pci_irq_levels[i];
> +}
>  }
>  qemu_set_irq(pic[pic_irq], pic_level);
>  }
> --
> 2.19.1
>
>

Re: [Qemu-devel] [PATCH 02/10] hw/mips/gt64xxx_pci: Fix 'tabs' coding style issues

2019-06-24 Thread Aleksandar Markovic 
On Jun 25, 2019 12:30 AM, "Philippe Mathieu-Daudé"  wrote:
>
> Since we'll move this code around, fix its style first:
>
>   ERROR: code indent should never use tabs
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---

Reviewed-by: Aleksandar Markovic 

>  hw/mips/gt64xxx_pci.c | 312 +-
>  1 file changed, 156 insertions(+), 156 deletions(-)
>
> diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
> index c0924646b5..bbd719f091 100644
> --- a/hw/mips/gt64xxx_pci.c
> +++ b/hw/mips/gt64xxx_pci.c
> @@ -38,192 +38,192 @@
>  #define DPRINTF(fmt, ...)
>  #endif
>
> -#define GT_REGS(0x1000 >> 2)
> +#define GT_REGS (0x1000 >> 2)
>
>  /* CPU Configuration */
> -#define GT_CPU (0x000 >> 2)
> -#define GT_MULTI   (0x120 >> 2)
> +#define GT_CPU  (0x000 >> 2)
> +#define GT_MULTI(0x120 >> 2)
>
>  /* CPU Address Decode */
> -#define GT_SCS10LD (0x008 >> 2)
> -#define GT_SCS10HD (0x010 >> 2)
> -#define GT_SCS32LD (0x018 >> 2)
> -#define GT_SCS32HD (0x020 >> 2)
> -#define GT_CS20LD  (0x028 >> 2)
> -#define GT_CS20HD  (0x030 >> 2)
> -#define GT_CS3BOOTLD   (0x038 >> 2)
> -#define GT_CS3BOOTHD   (0x040 >> 2)
> -#define GT_PCI0IOLD(0x048 >> 2)
> -#define GT_PCI0IOHD(0x050 >> 2)
> -#define GT_PCI0M0LD(0x058 >> 2)
> -#define GT_PCI0M0HD(0x060 >> 2)
> -#define GT_PCI0M1LD(0x080 >> 2)
> -#define GT_PCI0M1HD(0x088 >> 2)
> -#define GT_PCI1IOLD(0x090 >> 2)
> -#define GT_PCI1IOHD(0x098 >> 2)
> -#define GT_PCI1M0LD(0x0a0 >> 2)
> -#define GT_PCI1M0HD(0x0a8 >> 2)
> -#define GT_PCI1M1LD(0x0b0 >> 2)
> -#define GT_PCI1M1HD(0x0b8 >> 2)
> -#define GT_ISD (0x068 >> 2)
> -
> -#define GT_SCS10AR (0x0d0 >> 2)
> -#define GT_SCS32AR (0x0d8 >> 2)
> -#define GT_CS20R   (0x0e0 >> 2)
> -#define GT_CS3BOOTR(0x0e8 >> 2)
> -
> -#define GT_PCI0IOREMAP (0x0f0 >> 2)
> -#define GT_PCI0M0REMAP (0x0f8 >> 2)
> -#define GT_PCI0M1REMAP (0x100 >> 2)
> -#define GT_PCI1IOREMAP (0x108 >> 2)
> -#define GT_PCI1M0REMAP (0x110 >> 2)
> -#define GT_PCI1M1REMAP (0x118 >> 2)
> +#define GT_SCS10LD  (0x008 >> 2)
> +#define GT_SCS10HD  (0x010 >> 2)
> +#define GT_SCS32LD  (0x018 >> 2)
> +#define GT_SCS32HD  (0x020 >> 2)
> +#define GT_CS20LD   (0x028 >> 2)
> +#define GT_CS20HD   (0x030 >> 2)
> +#define GT_CS3BOOTLD(0x038 >> 2)
> +#define GT_CS3BOOTHD(0x040 >> 2)
> +#define GT_PCI0IOLD (0x048 >> 2)
> +#define GT_PCI0IOHD (0x050 >> 2)
> +#define GT_PCI0M0LD (0x058 >> 2)
> +#define GT_PCI0M0HD (0x060 >> 2)
> +#define GT_PCI0M1LD (0x080 >> 2)
> +#define GT_PCI0M1HD (0x088 >> 2)
> +#define GT_PCI1IOLD (0x090 >> 2)
> +#define GT_PCI1IOHD (0x098 >> 2)
> +#define GT_PCI1M0LD (0x0a0 >> 2)
> +#define GT_PCI1M0HD (0x0a8 >> 2)
> +#define GT_PCI1M1LD (0x0b0 >> 2)
> +#define GT_PCI1M1HD (0x0b8 >> 2)
> +#define GT_ISD  (0x068 >> 2)
> +
> +#define GT_SCS10AR  (0x0d0 >> 2)
> +#define GT_SCS32AR  (0x0d8 >> 2)
> +#define GT_CS20R(0x0e0 >> 2)
> +#define GT_CS3BOOTR (0x0e8 >> 2)
> +
> +#define GT_PCI0IOREMAP  (0x0f0 >> 2)
> +#define GT_PCI0M0REMAP  (0x0f8 >> 2)
> +#define GT_PCI0M1REMAP  (0x100 >> 2)
> +#define GT_PCI1IOREMAP  (0x108 >> 2)
> +#define GT_PCI1M0REMAP  (0x110 >> 2)
> +#define GT_PCI1M1REMAP  (0x118 >> 2)
>
>  /* CPU Error Report */
> -#define GT_CPUERR_ADDRLO   (0x070 >> 2)
> -#define GT_CPUERR_ADDRHI   (0x078 >> 2)
> -#define GT_CPUERR_DATALO   (0x128 >> 2)/* GT-64120A
only  */
> -#define GT_CPUERR_DATAHI   (0x130 >> 2)/* GT-64120A
only  */
> -#define GT_CPUERR_PARITY   (0x138 >> 2)/* GT-64120A
only  */
> +#define GT_CPUERR_ADDRLO(0x070 >> 2)
> +#define GT_CPUERR_ADDRHI(0x078 >> 2)
> +#define GT_CPUERR_DATALO(0x128 >> 2)/* GT-64120A only  */
> +#define GT_CPUERR_DATAHI(0x130 >> 2)/* GT-64120A only  */
> +#define GT_CPUERR_PARITY(0x138 >> 2)/* GT-64120A only  */
>
>  /* CPU Sync Barrier */
> -#define GT_PCI0SYNC(0x0c0 >> 2)
> -#define GT_PCI1SYNC(0x0c8 >> 2)
> +#define GT_PCI0SYNC (0x0c0 >> 2)
> +#define GT_PCI1SYNC (0x0c8 >> 2)
>
>  /* SDRAM and Device Address Decode */
> -#defi

Re: [Qemu-devel] [PATCH 01/10] hw/mips/gt64xxx_pci: Fix multiline comment syntax

2019-06-24 Thread Aleksandar Markovic 
On Jun 25, 2019 12:36 AM, "Philippe Mathieu-Daudé"  wrote:
>
> Since commit 8c06fbdf36b checkpatch.pl enforce a new multiline
> comment syntax. Since we'll move this code around, fix its style
> first.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---

Yes, I find that this a very good practice (this makes make the file moving
in one of subsequent patches pure moving, which is important for future
“git blames” and similar commands).

Reviewed-by: Aleksandar Markovic 

>  hw/mips/gt64xxx_pci.c | 64 +++
>  1 file changed, 35 insertions(+), 29 deletions(-)
>
> diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
> index f707e59c7a..c0924646b5 100644
> --- a/hw/mips/gt64xxx_pci.c
> +++ b/hw/mips/gt64xxx_pci.c
> @@ -248,10 +248,11 @@ typedef struct GT64120State {
>  } GT64120State;
>
>  /* Adjust range to avoid touching space which isn't mappable via PCI */
> -/* XXX: Hardcoded values for Malta: 0x1e00 - 0x1f10
> -0x1fc0 - 0x1fd0  */
> -static void check_reserved_space (hwaddr *start,
> -  hwaddr *length)
> +/*
> + * XXX: Hardcoded values for Malta: 0x1e00 - 0x1f10
> + *  0x1fc0 - 0x1fd0
> + */
> +static void check_reserved_space(hwaddr *start, hwaddr *length)
>  {
>  hwaddr begin = *start;
>  hwaddr end = *start + *length;
> @@ -650,8 +651,10 @@ static void gt64120_writel (void *opaque, hwaddr
addr,
>  case GT_SDRAM_B1:
>  case GT_SDRAM_B2:
>  case GT_SDRAM_B3:
> -/* We don't simulate electrical parameters of the SDRAM.
> -   Accept, but ignore the values. */
> +/*
> + * We don't simulate electrical parameters of the SDRAM.
> + * Accept, but ignore the values.
> + */
>  s->regs[saddr] = val;
>  break;
>
> @@ -674,8 +677,10 @@ static uint64_t gt64120_readl (void *opaque,
>
>  /* CPU Configuration */
>  case GT_MULTI:
> -/* Only one GT64xxx is present on the CPU bus, return
> -   the initial value */
> +/*
> + * Only one GT64xxx is present on the CPU bus, return
> + * the initial value.
> + */
>  val = s->regs[saddr];
>  break;
>
> @@ -685,17 +690,18 @@ static uint64_t gt64120_readl (void *opaque,
>  case GT_CPUERR_DATALO:
>  case GT_CPUERR_DATAHI:
>  case GT_CPUERR_PARITY:
> -/* Emulated memory has no error, always return the initial
> -   values */
> +/* Emulated memory has no error, always return the initial
values. */
>  val = s->regs[saddr];
>  break;
>
>  /* CPU Sync Barrier */
>  case GT_PCI0SYNC:
>  case GT_PCI1SYNC:
> -/* Reading those register should empty all FIFO on the PCI
> -   bus, which are not emulated. The return value should be
> -   a random value that should be ignored. */
> +/*
> + * Reading those register should empty all FIFO on the PCI
> + * bus, which are not emulated. The return value should be
> + * a random value that should be ignored.
> + */
>  val = 0xc000ffee;
>  break;
>
> @@ -705,8 +711,7 @@ static uint64_t gt64120_readl (void *opaque,
>  case GT_ECC_MEM:
>  case GT_ECC_CALC:
>  case GT_ECC_ERRADDR:
> -/* Emulated memory has no error, always return the initial
> -   values */
> +/* Emulated memory has no error, always return the initial
values. */
>  val = s->regs[saddr];
>  break;
>
> @@ -785,8 +790,10 @@ static uint64_t gt64120_readl (void *opaque,
>  case GT_SDRAM_B1:
>  case GT_SDRAM_B2:
>  case GT_SDRAM_B3:
> -/* We don't simulate electrical parameters of the SDRAM.
> -   Just return the last written value. */
> +/*
> + * We don't simulate electrical parameters of the SDRAM.
> + * Just return the last written value.
> + */
>  val = s->regs[saddr];
>  break;
>
> @@ -949,20 +956,20 @@ static int gt64120_pci_map_irq(PCIDevice *pci_dev,
int irq_num)
>  slot = (pci_dev->devfn >> 3);
>
>  switch (slot) {
> -  /* PIIX4 USB */
> -  case 10:
> +/* PIIX4 USB */
> +case 10:
>  return 3;
> -  /* AMD 79C973 Ethernet */
> -  case 11:
> +/* AMD 79C973 Ethernet */
> +case 11:
>  return 1;
> -  /* Crystal 4281 Sound */
> -  case 12:
> +/* Crystal 4281 Sound */
> +case 12:
>  return 2;
> -  /* PCI slot 1 to 4 */
> -  case 18 ... 21:
> +/* PCI slot 1 to 4 */
> +case 18 ... 21:
>  return ((slot - 18) + irq_num) & 0x03;
> -  /* Unknown device, don't do any translation */
> -  default:
> +/* Unknown device, don't do any translation */
> +default:
>  return irq_num;
>  }
>  }
> @@ -980,8 +987,7 @@ static void gt64120_pci_set_irq(void *opaque, int
irq_num, int level)
>

[Qemu-devel] [PATCH v2 4/4] target/riscv: Implement riscv_cpu_unassigned_access

2019-06-24 Thread Alistair Francis 
From: Michael Clark 

This patch adds support for the riscv_cpu_unassigned_access call
and will raise a load or store access fault.

Signed-off-by: Michael Clark 
[Changes by AF:
 - Squash two patches and rewrite commit message
 - Set baddr to the access address
]
Signed-off-by: Alistair Francis 
---
 target/riscv/cpu.c|  1 +
 target/riscv/cpu.h|  2 ++
 target/riscv/cpu_helper.c | 16 
 3 files changed, 19 insertions(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 6f2b644220..f656714d59 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -416,6 +416,7 @@ static void riscv_cpu_class_init(ObjectClass *c, void *data)
 cc->gdb_stop_before_watchpoint = true;
 cc->disas_set_info = riscv_cpu_disas_set_info;
 #ifndef CONFIG_USER_ONLY
+cc->do_unassigned_access = riscv_cpu_unassigned_access;
 cc->do_unaligned_access = riscv_cpu_do_unaligned_access;
 cc->get_phys_page_debug = riscv_cpu_get_phys_page_debug;
 #endif
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 6c5de37b25..dc31b16dcb 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -248,6 +248,8 @@ void  riscv_cpu_do_unaligned_access(CPUState *cs, vaddr 
addr,
 bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
 MMUAccessType access_type, int mmu_idx,
 bool probe, uintptr_t retaddr);
+void riscv_cpu_unassigned_access(CPUState *cpu, hwaddr addr, bool is_write,
+ bool is_exec, int unused, unsigned size);
 char *riscv_isa_string(RISCVCPU *cpu);
 void riscv_cpu_list(void);
 
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 8b6754b917..0bbfb7f48b 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -375,6 +375,22 @@ hwaddr riscv_cpu_get_phys_page_debug(CPUState *cs, vaddr 
addr)
 return phys_addr;
 }
 
+void riscv_cpu_unassigned_access(CPUState *cs, hwaddr addr, bool is_write,
+ bool is_exec, int unused, unsigned size)
+{
+RISCVCPU *cpu = RISCV_CPU(cs);
+CPURISCVState *env = &cpu->env;
+
+if (is_write) {
+cs->exception_index = RISCV_EXCP_STORE_AMO_ACCESS_FAULT;
+} else {
+cs->exception_index = RISCV_EXCP_LOAD_ACCESS_FAULT;
+}
+
+env->badaddr = addr;
+riscv_raise_exception(&cpu->env, cs->exception_index, GETPC());
+}
+
 void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
MMUAccessType access_type, int mmu_idx,
uintptr_t retaddr)
-- 
2.22.0

[Qemu-devel] [PATCH v2 2/4] disas/riscv: Disassemble reserved compressed encodings as illegal

2019-06-24 Thread Alistair Francis 
From: Michael Clark 

Due to the design of the disassembler, the immediate is not
known during decoding of the opcode; so to handle compressed
encodings with reserved immediate values (non-zero), we need
to add an additional check during decompression to match
reserved encodings with zero immediates and translate them
into the illegal instruction.

The following compressed opcodes have reserved encodings with
zero immediates: c.addi4spn, c.addi, c.lui, c.addi16sp, c.srli,
c.srai, c.andi and c.slli

Signed-off-by: Michael Clark 
Signed-off-by: Alistair Francis 
---
 disas/riscv.c | 51 ++-
 1 file changed, 34 insertions(+), 17 deletions(-)

diff --git a/disas/riscv.c b/disas/riscv.c
index 59a9b0437a..3ab4586f0a 100644
--- a/disas/riscv.c
+++ b/disas/riscv.c
@@ -504,14 +504,19 @@ typedef struct {
 const rvc_constraint *constraints;
 } rv_comp_data;
 
+enum {
+rvcd_imm_nz = 0x1
+};
+
 typedef struct {
 const char * const name;
 const rv_codec codec;
 const char * const format;
 const rv_comp_data *pseudo;
-const int decomp_rv32;
-const int decomp_rv64;
-const int decomp_rv128;
+const short decomp_rv32;
+const short decomp_rv64;
+const short decomp_rv128;
+const short decomp_data;
 } rv_opcode_data;
 
 /* register names */
@@ -1011,7 +1016,7 @@ const rv_opcode_data opcode_data[] = {
 { "fcvt.q.lu", rv_codec_r_m, rv_fmt_rm_frd_rs1, NULL, 0, 0, 0 },
 { "fmv.x.q", rv_codec_r, rv_fmt_rd_frs1, NULL, 0, 0, 0 },
 { "fmv.q.x", rv_codec_r, rv_fmt_frd_rs1, NULL, 0, 0, 0 },
-{ "c.addi4spn", rv_codec_ciw_4spn, rv_fmt_rd_rs1_imm, NULL, rv_op_addi, 
rv_op_addi, rv_op_addi },
+{ "c.addi4spn", rv_codec_ciw_4spn, rv_fmt_rd_rs1_imm, NULL, rv_op_addi, 
rv_op_addi, rv_op_addi, rvcd_imm_nz },
 { "c.fld", rv_codec_cl_ld, rv_fmt_frd_offset_rs1, NULL, rv_op_fld, 
rv_op_fld, 0 },
 { "c.lw", rv_codec_cl_lw, rv_fmt_rd_offset_rs1, NULL, rv_op_lw, rv_op_lw, 
rv_op_lw },
 { "c.flw", rv_codec_cl_lw, rv_fmt_frd_offset_rs1, NULL, rv_op_flw, 0, 0 },
@@ -1019,14 +1024,14 @@ const rv_opcode_data opcode_data[] = {
 { "c.sw", rv_codec_cs_sw, rv_fmt_rs2_offset_rs1, NULL, rv_op_sw, rv_op_sw, 
rv_op_sw },
 { "c.fsw", rv_codec_cs_sw, rv_fmt_frs2_offset_rs1, NULL, rv_op_fsw, 0, 0 },
 { "c.nop", rv_codec_ci_none, rv_fmt_none, NULL, rv_op_addi, rv_op_addi, 
rv_op_addi },
-{ "c.addi", rv_codec_ci, rv_fmt_rd_rs1_imm, NULL, rv_op_addi, rv_op_addi, 
rv_op_addi },
+{ "c.addi", rv_codec_ci, rv_fmt_rd_rs1_imm, NULL, rv_op_addi, rv_op_addi, 
rv_op_addi, rvcd_imm_nz },
 { "c.jal", rv_codec_cj_jal, rv_fmt_rd_offset, NULL, rv_op_jal, 0, 0 },
 { "c.li", rv_codec_ci_li, rv_fmt_rd_rs1_imm, NULL, rv_op_addi, rv_op_addi, 
rv_op_addi },
-{ "c.addi16sp", rv_codec_ci_16sp, rv_fmt_rd_rs1_imm, NULL, rv_op_addi, 
rv_op_addi, rv_op_addi },
-{ "c.lui", rv_codec_ci_lui, rv_fmt_rd_imm, NULL, rv_op_lui, rv_op_lui, 
rv_op_lui },
-{ "c.srli", rv_codec_cb_sh6, rv_fmt_rd_rs1_imm, NULL, rv_op_srli, 
rv_op_srli, rv_op_srli },
-{ "c.srai", rv_codec_cb_sh6, rv_fmt_rd_rs1_imm, NULL, rv_op_srai, 
rv_op_srai, rv_op_srai },
-{ "c.andi", rv_codec_cb_imm, rv_fmt_rd_rs1_imm, NULL, rv_op_andi, 
rv_op_andi, rv_op_andi },
+{ "c.addi16sp", rv_codec_ci_16sp, rv_fmt_rd_rs1_imm, NULL, rv_op_addi, 
rv_op_addi, rv_op_addi, rvcd_imm_nz },
+{ "c.lui", rv_codec_ci_lui, rv_fmt_rd_imm, NULL, rv_op_lui, rv_op_lui, 
rv_op_lui, rvcd_imm_nz },
+{ "c.srli", rv_codec_cb_sh6, rv_fmt_rd_rs1_imm, NULL, rv_op_srli, 
rv_op_srli, rv_op_srli, rvcd_imm_nz },
+{ "c.srai", rv_codec_cb_sh6, rv_fmt_rd_rs1_imm, NULL, rv_op_srai, 
rv_op_srai, rv_op_srai, rvcd_imm_nz },
+{ "c.andi", rv_codec_cb_imm, rv_fmt_rd_rs1_imm, NULL, rv_op_andi, 
rv_op_andi, rv_op_andi, rvcd_imm_nz },
 { "c.sub", rv_codec_cs, rv_fmt_rd_rs1_rs2, NULL, rv_op_sub, rv_op_sub, 
rv_op_sub },
 { "c.xor", rv_codec_cs, rv_fmt_rd_rs1_rs2, NULL, rv_op_xor, rv_op_xor, 
rv_op_xor },
 { "c.or", rv_codec_cs, rv_fmt_rd_rs1_rs2, NULL, rv_op_or, rv_op_or, 
rv_op_or },
@@ -1036,7 +1041,7 @@ const rv_opcode_data opcode_data[] = {
 { "c.j", rv_codec_cj, rv_fmt_rd_offset, NULL, rv_op_jal, rv_op_jal, 
rv_op_jal },
 { "c.beqz", rv_codec_cb, rv_fmt_rs1_rs2_offset, NULL, rv_op_beq, 
rv_op_beq, rv_op_beq },
 { "c.bnez", rv_codec_cb, rv_fmt_rs1_rs2_offset, NULL, rv_op_bne, 
rv_op_bne, rv_op_bne },
-{ "c.slli", rv_codec_ci_sh6, rv_fmt_rd_rs1_imm, NULL, rv_op_slli, 
rv_op_slli, rv_op_slli },
+{ "c.slli", rv_codec_ci_sh6, rv_fmt_rd_rs1_imm, NULL, rv_op_slli, 
rv_op_slli, rv_op_slli, rvcd_imm_nz },
 { "c.fldsp", rv_codec_ci_ldsp, rv_fmt_frd_offset_rs1, NULL, rv_op_fld, 
rv_op_fld, rv_op_fld },
 { "c.lwsp", rv_codec_ci_lwsp, rv_fmt_rd_offset_rs1, NULL, rv_op_lw, 
rv_op_lw, rv_op_lw },
 { "c.flwsp", rv_codec_ci_lwsp, rv_fmt_frd_offset_rs1, NULL, rv_op_flw, 0, 
0 },
@@ -2795,8 +2800,12 @@ static void decode_inst_decompress_rv32(rv_decode *dec)
 {

[Qemu-devel] [PATCH v2 3/4] disas/riscv: Fix `rdinstreth` constraint

2019-06-24 Thread Alistair Francis 
From: Michael Clark 

The constraint for `rdinstreth` was comparing the csr number to 0xc80,
which is `cycleh` instead. Fix this.

Signed-off-by: Wladimir J. van der Laan 
Signed-off-by: Michael Clark 
Signed-off-by: Alistair Francis 
---
 disas/riscv.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/disas/riscv.c b/disas/riscv.c
index 3ab4586f0a..bdcc70a68e 100644
--- a/disas/riscv.c
+++ b/disas/riscv.c
@@ -614,7 +614,7 @@ static const rvc_constraint rvcc_rdtime[] = { 
rvc_rs1_eq_x0, rvc_csr_eq_0xc01, r
 static const rvc_constraint rvcc_rdinstret[] = { rvc_rs1_eq_x0, 
rvc_csr_eq_0xc02, rvc_end };
 static const rvc_constraint rvcc_rdcycleh[] = { rvc_rs1_eq_x0, 
rvc_csr_eq_0xc80, rvc_end };
 static const rvc_constraint rvcc_rdtimeh[] = { rvc_rs1_eq_x0, 
rvc_csr_eq_0xc81, rvc_end };
-static const rvc_constraint rvcc_rdinstreth[] = { rvc_rs1_eq_x0, 
rvc_csr_eq_0xc80, rvc_end };
+static const rvc_constraint rvcc_rdinstreth[] = { rvc_rs1_eq_x0, 
rvc_csr_eq_0xc82, rvc_end };
 static const rvc_constraint rvcc_frcsr[] = { rvc_rs1_eq_x0, rvc_csr_eq_0x003, 
rvc_end };
 static const rvc_constraint rvcc_frrm[] = { rvc_rs1_eq_x0, rvc_csr_eq_0x002, 
rvc_end };
 static const rvc_constraint rvcc_frflags[] = { rvc_rs1_eq_x0, 
rvc_csr_eq_0x001, rvc_end };
@@ -1031,7 +1031,7 @@ const rv_opcode_data opcode_data[] = {
 { "c.lui", rv_codec_ci_lui, rv_fmt_rd_imm, NULL, rv_op_lui, rv_op_lui, 
rv_op_lui, rvcd_imm_nz },
 { "c.srli", rv_codec_cb_sh6, rv_fmt_rd_rs1_imm, NULL, rv_op_srli, 
rv_op_srli, rv_op_srli, rvcd_imm_nz },
 { "c.srai", rv_codec_cb_sh6, rv_fmt_rd_rs1_imm, NULL, rv_op_srai, 
rv_op_srai, rv_op_srai, rvcd_imm_nz },
-{ "c.andi", rv_codec_cb_imm, rv_fmt_rd_rs1_imm, NULL, rv_op_andi, 
rv_op_andi, rv_op_andi, rvcd_imm_nz },
+{ "c.andi", rv_codec_cb_imm, rv_fmt_rd_rs1_imm, NULL, rv_op_andi, 
rv_op_andi, rv_op_andi },
 { "c.sub", rv_codec_cs, rv_fmt_rd_rs1_rs2, NULL, rv_op_sub, rv_op_sub, 
rv_op_sub },
 { "c.xor", rv_codec_cs, rv_fmt_rd_rs1_rs2, NULL, rv_op_xor, rv_op_xor, 
rv_op_xor },
 { "c.or", rv_codec_cs, rv_fmt_rd_rs1_rs2, NULL, rv_op_or, rv_op_or, 
rv_op_or },
-- 
2.22.0

[Qemu-devel] [PATCH v2 1/4] target/riscv: Fix PMP range boundary address bug

2019-06-24 Thread Alistair Francis 
From: Dayeol Lee 

A wrong address is passed to `pmp_is_in_range` while checking if a
memory access is within a PMP range.
Since the ending address of the pmp range (i.e., pmp_state.addr[i].ea)
is set to the last address in the range (i.e., pmp base + pmp size - 1),
memory accesses containg the last address in the range will always fail.

For example, assume that a PMP range is 4KB from 0x87654000 such that
the last address within the range is 0x87654fff.
1-byte access to 0x87654fff should be considered to be fully inside the
PMP range.
However the access now fails and complains partial inclusion because
pmp_is_in_range(env, i, addr + size) returns 0 whereas
pmp_is_in_range(env, i, addr) returns 1.

Signed-off-by: Dayeol Lee 
Reviewed-by: Alistair Francis 
Reviewed-by: Michael Clark 
Signed-off-by: Alistair Francis 
---
 target/riscv/pmp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index fed1c3c030..e0fe206407 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -245,7 +245,7 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong 
addr,
  from low to high */
 for (i = 0; i < MAX_RISCV_PMPS; i++) {
 s = pmp_is_in_range(env, i, addr);
-e = pmp_is_in_range(env, i, addr + size);
+e = pmp_is_in_range(env, i, addr + size - 1);
 
 /* partially inside */
 if ((s + e) == 1) {
-- 
2.22.0

[Qemu-devel] [PATCH v2 0/4] Miscellaneous patches from the RISC-V fork

2019-06-24 Thread Alistair Francis 
This should be the last series bringing the patches from the RISC-V fork
into mainline QEMU.

v2:
 - Add Wladimir's SOB line, after talking to them
 - Allow c.andi to have a 0 immediate

Dayeol Lee (1):
  target/riscv: Fix PMP range boundary address bug

Michael Clark (3):
  disas/riscv: Disassemble reserved compressed encodings as illegal
  disas/riscv: Fix `rdinstreth` constraint
  target/riscv: Implement riscv_cpu_unassigned_access

 disas/riscv.c | 51 ++-
 target/riscv/cpu.c|  1 +
 target/riscv/cpu.h|  2 ++
 target/riscv/cpu_helper.c | 16 
 target/riscv/pmp.c|  2 +-
 5 files changed, 54 insertions(+), 18 deletions(-)

-- 
2.22.0

Re: [Qemu-devel] [PATCH] riscv: virt: Add cpu-topology DT node.

2019-06-24 Thread Atish Patra 
On Mon, 2019-06-24 at 16:24 -0700, Alistair Francis wrote:
> On Mon, Jun 24, 2019 at 3:57 PM Atish Patra 
> wrote:
> > Currently, there is no cpu topology defined in RISC-V.
> > Define a device tree node that clearly describes the
> > entire topology. This saves the trouble of scanning individual
> > cache to figure out the topology.
> > 
> > Here is the linux kernel patch series that enables topology
> > for RISC-V.
> > 
> > http://lists.infradead.org/pipermail/linux-riscv/2019-June/005072.html
> > 
> > CPU topology after applying this patch in QEMU & above series in
> > kernel
> > 
> > / # cat /sys/devices/system/cpu/cpu2/topology/thread_siblings_list
> > 2
> > / # cat /sys/devices/system/cpu/cpu2/topology/physical_package_id
> > 0
> > / # cat /sys/devices/system/cpu/cpu2/topology/core_siblings_list
> > 0-7
> > 
> > Signed-off-by: Atish Patra 
> > ---
> >  hw/riscv/virt.c | 21 +++--
> >  1 file changed, 19 insertions(+), 2 deletions(-)
> > 
> > diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> > index 84d94d0c42d8..da0b8aa18747 100644
> > --- a/hw/riscv/virt.c
> > +++ b/hw/riscv/virt.c
> > @@ -203,9 +203,12 @@ static void *create_fdt(RISCVVirtState *s,
> > const struct MemmapEntry *memmap,
> >  qemu_fdt_setprop_string(fdt, nodename, "status", "okay");
> >  qemu_fdt_setprop_cell(fdt, nodename, "reg", cpu);
> >  qemu_fdt_setprop_string(fdt, nodename, "device_type",
> > "cpu");
> > +qemu_fdt_setprop_cell(fdt, nodename, "phandle",
> > cpu_phandle);
> > +qemu_fdt_setprop_cell(fdt, nodename, "linux,phandle",
> > cpu_phandle);
> > +int intc_phandle = phandle++;
> 
> Don't declare variables in the middle of code. The variable must be
> declared at the start of a block.
> 
My bad. Fixed in v2.

> With that fixed:
> 
> Reviewed-by: Alistair Francis 
> 
> Alistair
> 
> >  qemu_fdt_add_subnode(fdt, intc);
> > -qemu_fdt_setprop_cell(fdt, intc, "phandle", cpu_phandle);
> > -qemu_fdt_setprop_cell(fdt, intc, "linux,phandle",
> > cpu_phandle);
> > +qemu_fdt_setprop_cell(fdt, intc, "phandle", intc_phandle);
> > +qemu_fdt_setprop_cell(fdt, intc, "linux,phandle",
> > intc_phandle);
> >  qemu_fdt_setprop_string(fdt, intc, "compatible",
> > "riscv,cpu-intc");
> >  qemu_fdt_setprop(fdt, intc, "interrupt-controller", NULL,
> > 0);
> >  qemu_fdt_setprop_cell(fdt, intc, "#interrupt-cells", 1);
> > @@ -214,6 +217,20 @@ static void *create_fdt(RISCVVirtState *s,
> > const struct MemmapEntry *memmap,
> >  g_free(nodename);
> >  }
> > 
> > +/* Add cpu-topology node */
> > +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map");
> > +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map/cluster0");
> > +for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) {
> > +char *core_nodename = g_strdup_printf("/cpus/cpu-
> > map/cluster0/core%d",
> > +  cpu);
> > +char *cpu_nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
> > +uint32_t intc_phandle = qemu_fdt_get_phandle(fdt,
> > cpu_nodename);
> > +qemu_fdt_add_subnode(fdt, core_nodename);
> > +qemu_fdt_setprop_cell(fdt, core_nodename, "cpu",
> > intc_phandle);
> > +g_free(core_nodename);
> > +g_free(cpu_nodename);
> > +}
> > +
> >  cells =  g_new0(uint32_t, s->soc.num_harts * 4);
> >  for (cpu = 0; cpu < s->soc.num_harts; cpu++) {
> >  nodename =
> > --
> > 2.21.0
> > 
> > 
-- 
Regards,
Atish

[Qemu-devel] [PATCH v2] riscv: virt: Add cpu-topology DT node.

2019-06-24 Thread Atish Patra 
Currently, there is no cpu topology defined in RISC-V.
Define a device tree node that clearly describes the
entire topology. This saves the trouble of scanning individual
cache to figure out the topology.

Here is the linux kernel patch series that enables topology
for RISC-V.

http://lists.infradead.org/pipermail/linux-riscv/2019-June/005072.html

CPU topology after applying this patch in QEMU & above series in kernel

/ # cat /sys/devices/system/cpu/cpu2/topology/thread_siblings_list
2
/ # cat /sys/devices/system/cpu/cpu2/topology/physical_package_id
0
/ # cat /sys/devices/system/cpu/cpu2/topology/core_siblings_list
0-7

Signed-off-by: Atish Patra 
Reviewed-by: Alistair Francis 
---
 hw/riscv/virt.c | 22 --
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 84d94d0c42d8..45a1edcd6c4a 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -191,6 +191,7 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 
 for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) {
 int cpu_phandle = phandle++;
+int intc_phandle;
 nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
 char *intc = g_strdup_printf("/cpus/cpu@%d/interrupt-controller", cpu);
 char *isa = riscv_isa_string(&s->soc.harts[cpu]);
@@ -203,9 +204,12 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_string(fdt, nodename, "status", "okay");
 qemu_fdt_setprop_cell(fdt, nodename, "reg", cpu);
 qemu_fdt_setprop_string(fdt, nodename, "device_type", "cpu");
+qemu_fdt_setprop_cell(fdt, nodename, "phandle", cpu_phandle);
+qemu_fdt_setprop_cell(fdt, nodename, "linux,phandle", cpu_phandle);
+intc_phandle = phandle++;
 qemu_fdt_add_subnode(fdt, intc);
-qemu_fdt_setprop_cell(fdt, intc, "phandle", cpu_phandle);
-qemu_fdt_setprop_cell(fdt, intc, "linux,phandle", cpu_phandle);
+qemu_fdt_setprop_cell(fdt, intc, "phandle", intc_phandle);
+qemu_fdt_setprop_cell(fdt, intc, "linux,phandle", intc_phandle);
 qemu_fdt_setprop_string(fdt, intc, "compatible", "riscv,cpu-intc");
 qemu_fdt_setprop(fdt, intc, "interrupt-controller", NULL, 0);
 qemu_fdt_setprop_cell(fdt, intc, "#interrupt-cells", 1);
@@ -214,6 +218,20 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 g_free(nodename);
 }
 
+/* Add cpu-topology node */
+qemu_fdt_add_subnode(fdt, "/cpus/cpu-map");
+qemu_fdt_add_subnode(fdt, "/cpus/cpu-map/cluster0");
+for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) {
+char *core_nodename = g_strdup_printf("/cpus/cpu-map/cluster0/core%d",
+  cpu);
+char *cpu_nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
+uint32_t intc_phandle = qemu_fdt_get_phandle(fdt, cpu_nodename);
+qemu_fdt_add_subnode(fdt, core_nodename);
+qemu_fdt_setprop_cell(fdt, core_nodename, "cpu", intc_phandle);
+g_free(core_nodename);
+g_free(cpu_nodename);
+}
+
 cells =  g_new0(uint32_t, s->soc.num_harts * 4);
 for (cpu = 0; cpu < s->soc.num_harts; cpu++) {
 nodename =
-- 
2.21.0

Re: [Qemu-devel] [PATCH] riscv: virt: Add cpu-topology DT node.

2019-06-24 Thread Alistair Francis 
On Mon, Jun 24, 2019 at 3:57 PM Atish Patra  wrote:
>
> Currently, there is no cpu topology defined in RISC-V.
> Define a device tree node that clearly describes the
> entire topology. This saves the trouble of scanning individual
> cache to figure out the topology.
>
> Here is the linux kernel patch series that enables topology
> for RISC-V.
>
> http://lists.infradead.org/pipermail/linux-riscv/2019-June/005072.html
>
> CPU topology after applying this patch in QEMU & above series in kernel
>
> / # cat /sys/devices/system/cpu/cpu2/topology/thread_siblings_list
> 2
> / # cat /sys/devices/system/cpu/cpu2/topology/physical_package_id
> 0
> / # cat /sys/devices/system/cpu/cpu2/topology/core_siblings_list
> 0-7
>
> Signed-off-by: Atish Patra 
> ---
>  hw/riscv/virt.c | 21 +++--
>  1 file changed, 19 insertions(+), 2 deletions(-)
>
> diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> index 84d94d0c42d8..da0b8aa18747 100644
> --- a/hw/riscv/virt.c
> +++ b/hw/riscv/virt.c
> @@ -203,9 +203,12 @@ static void *create_fdt(RISCVVirtState *s, const struct 
> MemmapEntry *memmap,
>  qemu_fdt_setprop_string(fdt, nodename, "status", "okay");
>  qemu_fdt_setprop_cell(fdt, nodename, "reg", cpu);
>  qemu_fdt_setprop_string(fdt, nodename, "device_type", "cpu");
> +qemu_fdt_setprop_cell(fdt, nodename, "phandle", cpu_phandle);
> +qemu_fdt_setprop_cell(fdt, nodename, "linux,phandle", cpu_phandle);
> +int intc_phandle = phandle++;

Don't declare variables in the middle of code. The variable must be
declared at the start of a block.

With that fixed:

Reviewed-by: Alistair Francis 

Alistair

>  qemu_fdt_add_subnode(fdt, intc);
> -qemu_fdt_setprop_cell(fdt, intc, "phandle", cpu_phandle);
> -qemu_fdt_setprop_cell(fdt, intc, "linux,phandle", cpu_phandle);
> +qemu_fdt_setprop_cell(fdt, intc, "phandle", intc_phandle);
> +qemu_fdt_setprop_cell(fdt, intc, "linux,phandle", intc_phandle);
>  qemu_fdt_setprop_string(fdt, intc, "compatible", "riscv,cpu-intc");
>  qemu_fdt_setprop(fdt, intc, "interrupt-controller", NULL, 0);
>  qemu_fdt_setprop_cell(fdt, intc, "#interrupt-cells", 1);
> @@ -214,6 +217,20 @@ static void *create_fdt(RISCVVirtState *s, const struct 
> MemmapEntry *memmap,
>  g_free(nodename);
>  }
>
> +/* Add cpu-topology node */
> +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map");
> +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map/cluster0");
> +for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) {
> +char *core_nodename = 
> g_strdup_printf("/cpus/cpu-map/cluster0/core%d",
> +  cpu);
> +char *cpu_nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
> +uint32_t intc_phandle = qemu_fdt_get_phandle(fdt, cpu_nodename);
> +qemu_fdt_add_subnode(fdt, core_nodename);
> +qemu_fdt_setprop_cell(fdt, core_nodename, "cpu", intc_phandle);
> +g_free(core_nodename);
> +g_free(cpu_nodename);
> +}
> +
>  cells =  g_new0(uint32_t, s->soc.num_harts * 4);
>  for (cpu = 0; cpu < s->soc.num_harts; cpu++) {
>  nodename =
> --
> 2.21.0
>
>

Re: [Qemu-devel] [PATCH v1 9/9] target/riscv: Add Zifencei and Zicsr as command line options

2019-06-24 Thread Alistair Francis 
On Mon, Jun 24, 2019 at 2:31 AM Palmer Dabbelt  wrote:
>
> On Mon, 17 Jun 2019 18:31:25 PDT (-0700), Alistair Francis wrote:
> > For completeness let's add Zifencei and Zicsr as command line options,
> > even though they can't be disabled at the moment.
> >
> > Signed-off-by: Alistair Francis 
> > ---
> >  target/riscv/cpu.c | 9 +
> >  target/riscv/cpu.h | 2 ++
> >  2 files changed, 11 insertions(+)
> >
> > diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> > index 5af1c9b38c..53cf8607f7 100644
> > --- a/target/riscv/cpu.c
> > +++ b/target/riscv/cpu.c
> > @@ -409,6 +409,13 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
> > **errp)
> >  set_misa(env, RVXLEN | target_misa);
> >  }
> >
> > +if (!cpu->cfg.ext_ifencei) {
> > +warn_report("QEMU does not support disabling Zifencei");
> > +}
> > +if (!cpu->cfg.ext_icsr) {
> > +warn_report("QEMU does not support disabling Zicsr");
> > +}
> > +
> >  riscv_cpu_register_gdb_regs_for_features(cs);
> >
> >  qemu_init_vcpu(cs);
> > @@ -441,6 +448,8 @@ static Property riscv_cpu_properties[] = {
> >  DEFINE_PROP_BOOL("s", RISCVCPU, cfg.ext_s, true),
> >  DEFINE_PROP_BOOL("u", RISCVCPU, cfg.ext_u, true),
> >  DEFINE_PROP_BOOL("Counters", RISCVCPU, cfg.ext_counters, true),
> > +DEFINE_PROP_BOOL("Zifencei", RISCVCPU, cfg.ext_ifencei, true),
> > +DEFINE_PROP_BOOL("Zicsr", RISCVCPU, cfg.ext_icsr, true),
> >  DEFINE_PROP_STRING("priv_spec", RISCVCPU, cfg.priv_spec),
> >  DEFINE_PROP_BOOL("mmu", RISCVCPU, cfg.mmu, true),
> >  DEFINE_PROP_BOOL("pmp", RISCVCPU, cfg.pmp, true),
> > diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> > index 786f620564..b4c212dfcf 100644
> > --- a/target/riscv/cpu.h
> > +++ b/target/riscv/cpu.h
> > @@ -222,6 +222,8 @@ typedef struct RISCVCPU {
> >  bool ext_s;
> >  bool ext_u;
> >  bool ext_counters;
> > +bool ext_ifencei;
> > +bool ext_icsr;
> >
> >  char *priv_spec;
> >  char *user_spec;
>
> I'd rather just support these, which seems about as hard as emitting a 
> warning.
> Disabling Zifencei is particularly useful, as the Linux ABI forbids it so this
> way we can run tests that way.  Unless I'm missing something, I think these 
> two
> should do it:
>
> From 6d645eb1e8ba4d16431af40bf04e5c165475bf5a Mon Sep 17 00:00:00 2001
> From: Palmer Dabbelt 
> Date: Mon, 24 Jun 2019 01:59:05 -0700
> Subject: [PATCH 1/2] RISC-V: Add support for the Zifencei extension
>
> fence.i has been split out of the base ISA as part of the ratification
> process.  This patch adds a Zifencei argument, which disables the
> fence.i instruction.
>
> Signed-off-by: Palmer Dabbelt 

This looks good.

> ---
>  target/riscv/cpu.c  | 1 +
>  target/riscv/cpu.h  | 1 +
>  target/riscv/insn_trans/trans_rvi.inc.c | 3 +++
>  target/riscv/translate.c| 3 +++
>  4 files changed, 8 insertions(+)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index be90fa7d0808..bbad39a337b3 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -441,6 +441,7 @@ static Property riscv_cpu_properties[] = {
>  DEFINE_PROP_BOOL("s", RISCVCPU, cfg.ext_s, true),
>  DEFINE_PROP_BOOL("u", RISCVCPU, cfg.ext_u, true),
>  DEFINE_PROP_BOOL("Counters", RISCVCPU, cfg.ext_counters, true),
> +DEFINE_PROP_BOOL("Zifencei", RISCVCPU, cfg.ext_ifencei, true),
>  DEFINE_PROP_STRING("priv_spec", RISCVCPU, cfg.priv_spec),
>  DEFINE_PROP_BOOL("mmu", RISCVCPU, cfg.mmu, true),
>  DEFINE_PROP_BOOL("pmp", RISCVCPU, cfg.pmp, true),
> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> index 4d4e0f89e206..ba551cd3082c 100644
> --- a/target/riscv/cpu.h
> +++ b/target/riscv/cpu.h
> @@ -223,6 +223,7 @@ typedef struct RISCVCPU {
>  bool ext_s;
>  bool ext_u;
>  bool ext_counters;
> +bool ext_ifencei;
>
>  char *priv_spec;
>  char *user_spec;
> diff --git a/target/riscv/insn_trans/trans_rvi.inc.c 
> b/target/riscv/insn_trans/trans_rvi.inc.c
> index 6cda078ed6ba..766594ba08ce 100644
> --- a/target/riscv/insn_trans/trans_rvi.inc.c
> +++ b/target/riscv/insn_trans/trans_rvi.inc.c
> @@ -484,6 +484,9 @@ static bool trans_fence(DisasContext *ctx, arg_fence *a)
>
>  static bool trans_fence_i(DisasContext *ctx, arg_fence_i *a)
>  {
> +if (!ctx->ext_ifencei)
> +return false;
> +
>  /*
>   * FENCE_I is a no-op in QEMU,
>   * however we need to end the translation block
> diff --git a/target/riscv/translate.c b/target/riscv/translate.c
> index 313c27b70073..8d6ab732588d 100644
> --- a/target/riscv/translate.c
> +++ b/target/riscv/translate.c
> @@ -54,6 +54,7 @@ typedef struct DisasContext {
> to any system register, which includes CSR_FRM, so we do not have
> to reset this known value.  */
>  int frm;
> +bool ext_ifencei;
>  } DisasContext;
>
>  #ifdef TARGET_RISCV64
> @@ -752,6 +753,7 @@

[Qemu-devel] [PATCH] target/i386: kvm: Fix when nested state is needed for migration

2019-06-24 Thread Liran Alon 
When vCPU is in VMX operation and enters SMM mode,
it temporarily exits VMX operation but KVM maintained nested-state
still stores the VMXON region physical address, i.e. even when the
vCPU is in SMM mode then (nested_state->hdr.vmx.vmxon_pa != -1ull).

Therefore, there is no need to explicitly check for
KVM_STATE_NESTED_SMM_VMXON to determine if it is necessary
to save nested-state as part of migration stream.

In addition, destination must enable eVMCS if it is enabled on
source as specified by the KVM_STATE_NESTED_EVMCS flag, even if
the VMXON region is not set. Thus, change the code to require saving
nested-state as part of migration stream in case it is set.

Reviewed-by: Karl Heubaum 
Signed-off-by: Liran Alon 
---
 target/i386/machine.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/machine.c b/target/i386/machine.c
index 851b249d1a39..e7d72faf9e24 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -999,7 +999,7 @@ static bool vmx_nested_state_needed(void *opaque)
 
 return ((nested_state->format == KVM_STATE_NESTED_FORMAT_VMX) &&
 ((nested_state->hdr.vmx.vmxon_pa != -1ull) ||
- (nested_state->hdr.vmx.smm.flags & KVM_STATE_NESTED_SMM_VMXON)));
+ (nested_state->flags & KVM_STATE_NESTED_EVMCS)));
 }
 
 static const VMStateDescription vmstate_vmx_nested_state = {
-- 
2.20.1

Re: [Qemu-devel] [PATCH for 4.1 v3] target/riscv: Expose time CSRs when allowed by [m|s]counteren

2019-06-24 Thread Jonathan Behrens 
Apparently my previous message didn't make it out onto the list (sorry
about all these email glitches!). I've included the message again below.
Hopefully either a patch like this one or something simpler that just hard
codes mcounteren.TM to zero (so QEMU is at least conformant) can be merged
in time for 4.1.

On Fri, Jun 14, 2019 at 8:55 AM Jonathan Behrens 
wrote:

> I'm not sure that is accurate. Based on the discussion here
>  the
> HiFive Unleashed actually does support reading the timer CSR from
> unprivileged modes (from that discussion it does so a little too well...
> but it should presumably be fixed in later iterations of the processor).
> And even if no real hardware supported this capability, it still might make
> sense to provide it in QEMU as an optimization.
>
> On Fri, Jun 14, 2019 at 7:52 AM Palmer Dabbelt  wrote:
>
>> On Tue, 28 May 2019 11:30:20 PDT (-0700), jonat...@fintelia.io wrote:
>> > Currently mcounteren.TM acts as though it is hardwired to zero, even
>> though QEMU allows it to be set. This change resolves the issue by allowing
>> reads to the time and timeh control registers when running in a privileged
>> mode where such accesses are allowed.
>> >
>> > The frequency of the time register is stored in the time_freq field of
>> each hart so that it is accessible during CSR reads, but must be the same
>> across all harts. Each board can initialize it to a custom value, although
>> all currently use a 10 MHz frequency.
>> >
>> > Signed-off-by: Jonathan Behrens 
>> > ---
>> >  hw/riscv/riscv_hart.c   |  4 
>> >  hw/riscv/sifive_clint.c | 30 ++
>> >  hw/riscv/sifive_e.c |  2 ++
>> >  hw/riscv/sifive_u.c |  4 +++-
>> >  hw/riscv/spike.c|  6 +-
>> >  hw/riscv/virt.c |  4 +++-
>> >  include/hw/riscv/riscv_hart.h   |  1 +
>> >  include/hw/riscv/sifive_clint.h |  4 
>> >  include/hw/riscv/sifive_e.h |  4 
>> >  include/hw/riscv/sifive_u.h |  1 +
>> >  include/hw/riscv/spike.h|  1 +
>> >  include/hw/riscv/virt.h |  1 +
>> >  target/riscv/cpu.h  |  2 ++
>> >  target/riscv/csr.c  | 17 +++--
>> >  14 files changed, 60 insertions(+), 21 deletions(-)
>> >
>> > diff --git a/hw/riscv/riscv_hart.c b/hw/riscv/riscv_hart.c
>> > index e34a26a0ef..c39cd55330 100644
>> > --- a/hw/riscv/riscv_hart.c
>> > +++ b/hw/riscv/riscv_hart.c
>> > @@ -19,6 +19,7 @@
>> >   */
>> >
>> >  #include "qemu/osdep.h"
>> > +#include "qemu/timer.h"
>> >  #include "qapi/error.h"
>> >  #include "hw/sysbus.h"
>> >  #include "target/riscv/cpu.h"
>> > @@ -27,6 +28,8 @@
>> >  static Property riscv_harts_props[] = {
>> >  DEFINE_PROP_UINT32("num-harts", RISCVHartArrayState, num_harts, 1),
>> >  DEFINE_PROP_STRING("cpu-type", RISCVHartArrayState, cpu_type),
>> > +DEFINE_PROP_UINT64("timebase-frequency", RISCVHartArrayState,
>> time_freq,
>> > +   NANOSECONDS_PER_SECOND),
>> >  DEFINE_PROP_END_OF_LIST(),
>> >  };
>> >
>> > @@ -49,6 +52,7 @@ static void riscv_harts_realize(DeviceState *dev,
>> Error **errp)
>> >  sizeof(RISCVCPU), s->cpu_type,
>> >  &error_abort, NULL);
>> >  s->harts[n].env.mhartid = n;
>> > +s->harts[n].env.time_freq = s->time_freq;
>> >  qemu_register_reset(riscv_harts_cpu_reset, &s->harts[n]);
>> >  object_property_set_bool(OBJECT(&s->harts[n]), true,
>> >   "realized", &err);
>> > diff --git a/hw/riscv/sifive_clint.c b/hw/riscv/sifive_clint.c
>> > index d4c159e937..71edf4dcc6 100644
>> > --- a/hw/riscv/sifive_clint.c
>> > +++ b/hw/riscv/sifive_clint.c
>> > @@ -26,10 +26,10 @@
>> >  #include "hw/riscv/sifive_clint.h"
>> >  #include "qemu/timer.h"
>> >
>> > -static uint64_t cpu_riscv_read_rtc(void)
>> > +static uint64_t cpu_riscv_read_rtc(CPURISCVState *env)
>> >  {
>> >  return muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
>> > -SIFIVE_CLINT_TIMEBASE_FREQ, NANOSECONDS_PER_SECOND);
>> > +env->time_freq, NANOSECONDS_PER_SECOND);
>> >  }
>> >
>> >  /*
>> > @@ -41,7 +41,7 @@ static void sifive_clint_write_timecmp(RISCVCPU *cpu,
>> uint64_t value)
>> >  uint64_t next;
>> >  uint64_t diff;
>> >
>> > -uint64_t rtc_r = cpu_riscv_read_rtc();
>> > +uint64_t rtc_r = cpu_riscv_read_rtc(&cpu->env);
>> >
>> >  cpu->env.timecmp = value;
>> >  if (cpu->env.timecmp <= rtc_r) {
>> > @@ -56,7 +56,7 @@ static void sifive_clint_write_timecmp(RISCVCPU *cpu,
>> uint64_t value)
>> >  diff = cpu->env.timecmp - rtc_r;
>> >  /* back to ns (note args switched in muldiv64) */
>> >  next = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
>> > -muldiv64(diff, NANOSECONDS_PER_SECOND,
>> SIFIVE_CLINT_TIMEBASE_FREQ);
>> > +muldiv64(diff, NANOSECONDS_PER_SECOND, cpu->env.time_freq);
>>

[Qemu-devel] [PATCH] riscv: virt: Add cpu-topology DT node.

2019-06-24 Thread Atish Patra 
Currently, there is no cpu topology defined in RISC-V.
Define a device tree node that clearly describes the
entire topology. This saves the trouble of scanning individual
cache to figure out the topology.

Here is the linux kernel patch series that enables topology
for RISC-V.

http://lists.infradead.org/pipermail/linux-riscv/2019-June/005072.html

CPU topology after applying this patch in QEMU & above series in kernel

/ # cat /sys/devices/system/cpu/cpu2/topology/thread_siblings_list
2
/ # cat /sys/devices/system/cpu/cpu2/topology/physical_package_id
0
/ # cat /sys/devices/system/cpu/cpu2/topology/core_siblings_list
0-7

Signed-off-by: Atish Patra 
---
 hw/riscv/virt.c | 21 +++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 84d94d0c42d8..da0b8aa18747 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -203,9 +203,12 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_string(fdt, nodename, "status", "okay");
 qemu_fdt_setprop_cell(fdt, nodename, "reg", cpu);
 qemu_fdt_setprop_string(fdt, nodename, "device_type", "cpu");
+qemu_fdt_setprop_cell(fdt, nodename, "phandle", cpu_phandle);
+qemu_fdt_setprop_cell(fdt, nodename, "linux,phandle", cpu_phandle);
+int intc_phandle = phandle++;
 qemu_fdt_add_subnode(fdt, intc);
-qemu_fdt_setprop_cell(fdt, intc, "phandle", cpu_phandle);
-qemu_fdt_setprop_cell(fdt, intc, "linux,phandle", cpu_phandle);
+qemu_fdt_setprop_cell(fdt, intc, "phandle", intc_phandle);
+qemu_fdt_setprop_cell(fdt, intc, "linux,phandle", intc_phandle);
 qemu_fdt_setprop_string(fdt, intc, "compatible", "riscv,cpu-intc");
 qemu_fdt_setprop(fdt, intc, "interrupt-controller", NULL, 0);
 qemu_fdt_setprop_cell(fdt, intc, "#interrupt-cells", 1);
@@ -214,6 +217,20 @@ static void *create_fdt(RISCVVirtState *s, const struct 
MemmapEntry *memmap,
 g_free(nodename);
 }
 
+/* Add cpu-topology node */
+qemu_fdt_add_subnode(fdt, "/cpus/cpu-map");
+qemu_fdt_add_subnode(fdt, "/cpus/cpu-map/cluster0");
+for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) {
+char *core_nodename = g_strdup_printf("/cpus/cpu-map/cluster0/core%d",
+  cpu);
+char *cpu_nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
+uint32_t intc_phandle = qemu_fdt_get_phandle(fdt, cpu_nodename);
+qemu_fdt_add_subnode(fdt, core_nodename);
+qemu_fdt_setprop_cell(fdt, core_nodename, "cpu", intc_phandle);
+g_free(core_nodename);
+g_free(cpu_nodename);
+}
+
 cells =  g_new0(uint32_t, s->soc.num_harts * 4);
 for (cpu = 0; cpu < s->soc.num_harts; cpu++) {
 nodename =
-- 
2.21.0

Re: [Qemu-devel] [PATCH v2 0/1] Export machine type deprecation info through QMP

2019-06-24 Thread Wainer dos Santos Moschetta 




On 06/24/2019 03:03 PM, Eduardo Habkost wrote:

Any objections to this?  I'm planning to merge it this week.


IMHO, 1+. So I don't have objections.

- Wainer



On Sat, Jun 08, 2019 at 08:34:46PM -0300, Eduardo Habkost wrote:

Changes v1 -> v2:
* I've decided to get rid of the status-message and
   suggested-alternative fields, to avoid more bikeshedding.

This series adds machine type deprecation information to the
output of the `query-machines` QMP command.  With this, libvirt
and management software will be able to show this information to
users and/or suggest changes to VM configuration to avoid
deprecated machine types.

Eduardo Habkost (1):
   qmp: Add deprecation information to query-machines

  qapi/misc.json | 7 ++-
  vl.c   | 1 +
  2 files changed, 7 insertions(+), 1 deletion(-)

--
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PATCH 06/10] hw/mips/gt64xxx_pci: Convert debug printf()s to trace events

2019-06-24 Thread Philippe Mathieu-Daudé 
Signed-off-by: Philippe Mathieu-Daudé 
---
 Makefile.objs |  1 +
 hw/mips/gt64xxx_pci.c | 29 ++---
 hw/mips/trace-events  |  4 
 3 files changed, 15 insertions(+), 19 deletions(-)
 create mode 100644 hw/mips/trace-events

diff --git a/Makefile.objs b/Makefile.objs
index 658cfc9d9f..3b83621f32 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -163,6 +163,7 @@ trace-events-subdirs += hw/input
 trace-events-subdirs += hw/intc
 trace-events-subdirs += hw/isa
 trace-events-subdirs += hw/mem
+trace-events-subdirs += hw/mips
 trace-events-subdirs += hw/misc
 trace-events-subdirs += hw/misc/macio
 trace-events-subdirs += hw/net
diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
index f44326f14f..815ef0711d 100644
--- a/hw/mips/gt64xxx_pci.c
+++ b/hw/mips/gt64xxx_pci.c
@@ -30,14 +30,7 @@
 #include "hw/pci/pci_host.h"
 #include "hw/i386/pc.h"
 #include "exec/address-spaces.h"
-
-//#define DEBUG
-
-#ifdef DEBUG
-#define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __func__, ##__VA_ARGS__)
-#else
-#define DPRINTF(fmt, ...)
-#endif
+#include "trace.h"
 
 #define GT_REGS (0x1000 >> 2)
 
@@ -294,9 +287,7 @@ static void gt64120_isd_mapping(GT64120State *s)
 check_reserved_space(&start, &length);
 length = 0x1000;
 /* Map new address */
-DPRINTF("ISD: "TARGET_FMT_plx"@"TARGET_FMT_plx
-" -> "TARGET_FMT_plx"@"TARGET_FMT_plx"\n",
-s->ISD_length, s->ISD_start, length, start);
+trace_gt64120_isd_remap(s->ISD_length, s->ISD_start, length, start);
 s->ISD_start = start;
 s->ISD_length = length;
 memory_region_add_subregion(get_system_memory(), s->ISD_start, 
&s->ISD_mem);
@@ -648,19 +639,19 @@ static void gt64120_writel(void *opaque, hwaddr addr,
 /* not really implemented */
 s->regs[saddr] = ~(~(s->regs[saddr]) | ~(val & 0xfffe));
 s->regs[saddr] |= !!(s->regs[saddr] & 0xfffe);
-DPRINTF("INTRCAUSE %" PRIx64 "\n", val);
+trace_gt64120_write("INTRCAUSE", size << 1, val);
 break;
 case GT_INTRMASK:
 s->regs[saddr] = val & 0x3c3e;
-DPRINTF("INTRMASK %" PRIx64 "\n", val);
+trace_gt64120_write("INTRMASK", size << 1, val);
 break;
 case GT_PCI0_ICMASK:
 s->regs[saddr] = val & 0x03fe;
-DPRINTF("ICMASK %" PRIx64 "\n", val);
+trace_gt64120_write("ICMASK", size << 1, val);
 break;
 case GT_PCI0_SERR0MASK:
 s->regs[saddr] = val & 0x003f;
-DPRINTF("SERR0MASK %" PRIx64 "\n", val);
+trace_gt64120_write("SERR0MASK", size << 1, val);
 break;
 
 /* Reserved when only PCI_0 is configured. */
@@ -936,19 +927,19 @@ static uint64_t gt64120_readl(void *opaque,
 /* Interrupts */
 case GT_INTRCAUSE:
 val = s->regs[saddr];
-DPRINTF("INTRCAUSE %x\n", val);
+trace_gt64120_read("INTRCAUSE", size << 1, val);
 break;
 case GT_INTRMASK:
 val = s->regs[saddr];
-DPRINTF("INTRMASK %x\n", val);
+trace_gt64120_read("INTRMASK", size << 1, val);
 break;
 case GT_PCI0_ICMASK:
 val = s->regs[saddr];
-DPRINTF("ICMASK %x\n", val);
+trace_gt64120_read("ICMASK", size << 1, val);
 break;
 case GT_PCI0_SERR0MASK:
 val = s->regs[saddr];
-DPRINTF("SERR0MASK %x\n", val);
+trace_gt64120_read("SERR0MASK", size << 1, val);
 break;
 
 /* Reserved when only PCI_0 is configured. */
diff --git a/hw/mips/trace-events b/hw/mips/trace-events
new file mode 100644
index 00..75d4c73f2e
--- /dev/null
+++ b/hw/mips/trace-events
@@ -0,0 +1,4 @@
+# gt64xxx.c
+gt64120_read(const char *regname, int width, uint64_t value) "gt64120 read %s 
value:0x%0*" PRIx64
+gt64120_write(const char *regname, int width, uint64_t value) "gt64120 write 
%s value:0x%0*" PRIx64
+gt64120_isd_remap(uint64_t from_length, uint64_t from_addr, uint64_t 
to_length, uint64_t to_addr) "ISD: 0x%08" PRIx64 "@0x%08" PRIx64 " -> 0x%08" 
PRIx64 "@0x%08" PRIx64
-- 
2.19.1

[Qemu-devel] [PATCH 07/10] hw/mips/gt64xxx_pci: Align the pci0-mem size

2019-06-24 Thread Philippe Mathieu-Daudé 
One byte is missing, use an aligned size.

(qemu) info mtree
memory-region: pci0-mem
  -fffe (prio 0, i/o): pci0-mem
  ^

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/gt64xxx_pci.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
index 815ef0711d..2fa313f498 100644
--- a/hw/mips/gt64xxx_pci.c
+++ b/hw/mips/gt64xxx_pci.c
@@ -23,6 +23,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "qemu/log.h"
 #include "hw/hw.h"
 #include "hw/mips/mips.h"
@@ -1201,7 +1202,7 @@ PCIBus *gt64120_register(qemu_irq *pic)
 dev = qdev_create(NULL, TYPE_GT64120_PCI_HOST_BRIDGE);
 d = GT64120_PCI_HOST_BRIDGE(dev);
 phb = PCI_HOST_BRIDGE(dev);
-memory_region_init(&d->pci0_mem, OBJECT(dev), "pci0-mem", UINT32_MAX);
+memory_region_init(&d->pci0_mem, OBJECT(dev), "pci0-mem", 4 * GiB);
 address_space_init(&d->pci0_mem_as, &d->pci0_mem, "pci0-mem");
 phb->bus = pci_register_root_bus(dev, "pci",
  gt64120_pci_set_irq, gt64120_pci_map_irq,
-- 
2.19.1

[Qemu-devel] [PATCH 05/10] hw/mips/gt64xxx_pci: Use qemu_log_mask() instead of debug printf()

2019-06-24 Thread Philippe Mathieu-Daudé 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/gt64xxx_pci.c | 48 +--
 1 file changed, 37 insertions(+), 11 deletions(-)

diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
index 0b9fb02475..f44326f14f 100644
--- a/hw/mips/gt64xxx_pci.c
+++ b/hw/mips/gt64xxx_pci.c
@@ -23,6 +23,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/log.h"
 #include "hw/hw.h"
 #include "hw/mips/mips.h"
 #include "hw/pci/pci.h"
@@ -466,12 +467,20 @@ static void gt64120_writel(void *opaque, hwaddr addr,
 case GT_CPUERR_DATAHI:
 case GT_CPUERR_PARITY:
 /* Read-only registers, do nothing */
+qemu_log_mask(LOG_GUEST_ERROR,
+  "gt64120: Read-only register write "
+  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
+  saddr << 2, size, size << 1, val);
 break;
 
 /* CPU Sync Barrier */
 case GT_PCI0SYNC:
 case GT_PCI1SYNC:
 /* Read-only registers, do nothing */
+qemu_log_mask(LOG_GUEST_ERROR,
+  "gt64120: Read-only register write "
+  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
+  saddr << 2, size, size << 1, val);
 break;
 
 /* SDRAM and Device Address Decode */
@@ -510,7 +519,10 @@ static void gt64120_writel(void *opaque, hwaddr addr,
 case GT_DEV_B3:
 case GT_DEV_BOOT:
 /* Not implemented */
-DPRINTF ("Unimplemented device register offset 0x%x\n", saddr << 2);
+qemu_log_mask(LOG_UNIMP,
+  "gt64120: Unimplemented device register write "
+  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
+  saddr << 2, size, size << 1, val);
 break;
 
 /* ECC */
@@ -520,6 +532,10 @@ static void gt64120_writel(void *opaque, hwaddr addr,
 case GT_ECC_CALC:
 case GT_ECC_ERRADDR:
 /* Read-only registers, do nothing */
+qemu_log_mask(LOG_GUEST_ERROR,
+  "gt64120: Read-only register write "
+  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
+  saddr << 2, size, size << 1, val);
 break;
 
 /* DMA Record */
@@ -543,23 +559,20 @@ static void gt64120_writel(void *opaque, hwaddr addr,
 case GT_DMA1_CUR:
 case GT_DMA2_CUR:
 case GT_DMA3_CUR:
-/* Not implemented */
-DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
-break;
 
 /* DMA Channel Control */
 case GT_DMA0_CTRL:
 case GT_DMA1_CTRL:
 case GT_DMA2_CTRL:
 case GT_DMA3_CTRL:
-/* Not implemented */
-DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
-break;
 
 /* DMA Arbiter */
 case GT_DMA_ARB:
 /* Not implemented */
-DPRINTF ("Unimplemented DMA register offset 0x%x\n", saddr << 2);
+qemu_log_mask(LOG_UNIMP,
+  "gt64120: Unimplemented DMA register write "
+  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
+  saddr << 2, size, size << 1, val);
 break;
 
 /* Timer/Counter */
@@ -569,7 +582,10 @@ static void gt64120_writel(void *opaque, hwaddr addr,
 case GT_TC3:
 case GT_TC_CONTROL:
 /* Not implemented */
-DPRINTF ("Unimplemented timer register offset 0x%x\n", saddr << 2);
+qemu_log_mask(LOG_UNIMP,
+  "gt64120: Unimplemented timer register write "
+  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
+  saddr << 2, size, size << 1, val);
 break;
 
 /* PCI Internal */
@@ -610,6 +626,10 @@ static void gt64120_writel(void *opaque, hwaddr addr,
 case GT_PCI1_CFGADDR:
 case GT_PCI1_CFGDATA:
 /* not implemented */
+qemu_log_mask(LOG_UNIMP,
+  "gt64120: Unimplemented timer register write "
+  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
+  saddr << 2, size, size << 1, val);
 break;
 case GT_PCI0_CFGADDR:
 phb->config_reg = val & 0x80fc;
@@ -666,7 +686,10 @@ static void gt64120_writel(void *opaque, hwaddr addr,
 break;
 
 default:
-DPRINTF ("Bad register offset 0x%x\n", (int)addr);
+qemu_log_mask(LOG_GUEST_ERROR,
+  "gt64120: Illegal register write "
+  "reg:0x03%x size:%u value:0x%0*" PRIx64 "\n",
+  saddr << 2, size, size << 1, val);
 break;
 }
 }
@@ -940,7 +963,10 @@ static uint64_t gt64120_readl(void *opaque,
 
 default:
 val = s->regs[saddr];
-DPRINTF ("Bad register offset 0x%x\n", (int)addr);
+qemu_log_mask(LOG_GUEST_ERROR,
+  "gt64120: Illegal register read "
+  "reg:0x03%x size:%u value:0x%0*x\n",
+  saddr << 2, size, size << 1, val);
 break;
 }
 
-- 
2.19.1

[Qemu-devel] [PATCH 03/10] hw/mips/gt64xxx_pci: Fix 'braces' coding style issues

2019-06-24 Thread Philippe Mathieu-Daudé 
Since we'll move this code around, fix its style first:

  ERROR: braces {} are necessary for all arms of this statement

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/gt64xxx_pci.c | 27 ++-
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
index bbd719f091..cfd497960c 100644
--- a/hw/mips/gt64xxx_pci.c
+++ b/hw/mips/gt64xxx_pci.c
@@ -257,19 +257,25 @@ static void check_reserved_space(hwaddr *start, hwaddr 
*length)
 hwaddr begin = *start;
 hwaddr end = *start + *length;
 
-if (end >= 0x1e00LL && end < 0x1f10LL)
+if (end >= 0x1e00LL && end < 0x1f10LL) {
 end = 0x1e00LL;
-if (begin >= 0x1e00LL && begin < 0x1f10LL)
+}
+if (begin >= 0x1e00LL && begin < 0x1f10LL) {
 begin = 0x1f10LL;
-if (end >= 0x1fc0LL && end < 0x1fd0LL)
+}
+if (end >= 0x1fc0LL && end < 0x1fd0LL) {
 end = 0x1fc0LL;
-if (begin >= 0x1fc0LL && begin < 0x1fd0LL)
+}
+if (begin >= 0x1fc0LL && begin < 0x1fd0LL) {
 begin = 0x1fd0LL;
+}
 /* XXX: This is broken when a reserved range splits the requested range */
-if (end >= 0x1f10LL && begin < 0x1e00LL)
+if (end >= 0x1f10LL && begin < 0x1e00LL) {
 end = 0x1e00LL;
-if (end >= 0x1fd0LL && begin < 0x1fc0LL)
+}
+if (end >= 0x1fd0LL && begin < 0x1fc0LL) {
 end = 0x1fc0LL;
+}
 
 *start = begin;
 *length = end - begin;
@@ -385,8 +391,9 @@ static void gt64120_writel (void *opaque, hwaddr addr,
 PCIHostState *phb = PCI_HOST_BRIDGE(s);
 uint32_t saddr;
 
-if (!(s->regs[GT_CPU] & 0x1000))
+if (!(s->regs[GT_CPU] & 0x1000)) {
 val = bswap32(val);
+}
 
 saddr = (addr & 0xfff) >> 2;
 switch (saddr) {
@@ -937,8 +944,9 @@ static uint64_t gt64120_readl (void *opaque,
 break;
 }
 
-if (!(s->regs[GT_CPU] & 0x1000))
+if (!(s->regs[GT_CPU] & 0x1000)) {
 val = bswap32(val);
+}
 
 return val;
 }
@@ -990,8 +998,9 @@ static void gt64120_pci_set_irq(void *opaque, int irq_num, 
int level)
 /* The pic level is the logical OR of all the PCI irqs mapped to it. */
 pic_level = 0;
 for (i = 0; i < 4; i++) {
-if (pic_irq == piix4_dev->config[0x60 + i])
+if (pic_irq == piix4_dev->config[0x60 + i]) {
 pic_level |= pci_irq_levels[i];
+}
 }
 qemu_set_irq(pic[pic_irq], pic_level);
 }
-- 
2.19.1

[Qemu-devel] [RFC PATCH 10/10] hw/pci-host/gt64120: Clean the decoded address space

2019-06-24 Thread Philippe Mathieu-Daudé 
The SysAd bus is split in various address spaces.
Declare the different regions separately, this helps a lot
while tracing different access while debugging.

We also add the PCI1 ranges.

See 'GT-64120A System Controller' datasheet Rev, 1.1,
"Table 15: CPU and Device Decoder Default Address Mapping"

Signed-off-by: Philippe Mathieu-Daudé 
---
While this device is modelled toward the Malta board, it is generic.
---
 hw/mips/mips_malta.c  |  6 --
 hw/pci-host/gt64120.c | 19 +++
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 97f8ffbf1b..d6e4a0dad9 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -53,7 +53,6 @@
 #include "sysemu/qtest.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
-#include "hw/misc/empty_slot.h"
 #include "sysemu/kvm.h"
 #include "hw/semihosting/semihost.h"
 #include "hw/mips/cps.h"
@@ -1209,11 +1208,6 @@ void mips_malta_init(MachineState *machine)
 DeviceState *dev = qdev_create(NULL, TYPE_MIPS_MALTA);
 MaltaState *s = MIPS_MALTA(dev);
 
-/* The whole address space decoded by the GT-64120A doesn't generate
-   exception when accessing invalid memory. Create an empty slot to
-   emulate this feature. */
-empty_slot_init("gt64120-ad", 0x, 0x2000);
-
 qdev_init_nofail(dev);
 
 /* create CPU */
diff --git a/hw/pci-host/gt64120.c b/hw/pci-host/gt64120.c
index 5209038ee5..6eaa571994 100644
--- a/hw/pci-host/gt64120.c
+++ b/hw/pci-host/gt64120.c
@@ -31,6 +31,8 @@
 #include "hw/pci/pci_host.h"
 #include "hw/i386/pc.h"
 #include "exec/address-spaces.h"
+#include "hw/misc/empty_slot.h"
+#include "hw/misc/unimp.h"
 #include "trace.h"
 
 #define GT_REGS (0x1000 >> 2)
@@ -1206,6 +1208,23 @@ PCIBus *gt64120_create(qemu_irq *pic, bool 
target_is_bigendian)
   "isd-mem", 0x1000);
 
 pci_create_simple(phb->bus, PCI_DEVFN(0, 0), "gt64120_pci");
+
+create_unimplemented_device("gt64120_i2o", 0x1400, 256);
+
+empty_slot_init("SCS0", 0x, 8 * MiB);
+empty_slot_init("SCS1", 0x0080, 8 * MiB);
+empty_slot_init("SCS2", 0x0100, 8 * MiB);
+empty_slot_init("SCS3", 0x0180, 8 * MiB);
+empty_slot_init("CS0",  0x1c00, 8 * MiB);
+empty_slot_init("CS1",  0x1c80, 8 * MiB);
+empty_slot_init("CS2",  0x1d00, 32 * MiB);
+empty_slot_init("CS3",  0x1f00, 12 * MiB);
+empty_slot_init("BootCS",   0x1fc0, 4 * MiB);
+
+create_unimplemented_device("pci1-io", 0x2000, 32 * MiB);
+empty_slot_init("pci1-mem0", 0x2200, 32 * MiB);
+empty_slot_init("pci1-mem1", 0x2400, 32 * MiB);
+
 return phb->bus;
 }
 
-- 
2.19.1

[Qemu-devel] [PATCH 01/10] hw/mips/gt64xxx_pci: Fix multiline comment syntax

2019-06-24 Thread Philippe Mathieu-Daudé 
Since commit 8c06fbdf36b checkpatch.pl enforce a new multiline
comment syntax. Since we'll move this code around, fix its style
first.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/gt64xxx_pci.c | 64 +++
 1 file changed, 35 insertions(+), 29 deletions(-)

diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
index f707e59c7a..c0924646b5 100644
--- a/hw/mips/gt64xxx_pci.c
+++ b/hw/mips/gt64xxx_pci.c
@@ -248,10 +248,11 @@ typedef struct GT64120State {
 } GT64120State;
 
 /* Adjust range to avoid touching space which isn't mappable via PCI */
-/* XXX: Hardcoded values for Malta: 0x1e00 - 0x1f10
-0x1fc0 - 0x1fd0  */
-static void check_reserved_space (hwaddr *start,
-  hwaddr *length)
+/*
+ * XXX: Hardcoded values for Malta: 0x1e00 - 0x1f10
+ *  0x1fc0 - 0x1fd0
+ */
+static void check_reserved_space(hwaddr *start, hwaddr *length)
 {
 hwaddr begin = *start;
 hwaddr end = *start + *length;
@@ -650,8 +651,10 @@ static void gt64120_writel (void *opaque, hwaddr addr,
 case GT_SDRAM_B1:
 case GT_SDRAM_B2:
 case GT_SDRAM_B3:
-/* We don't simulate electrical parameters of the SDRAM.
-   Accept, but ignore the values. */
+/*
+ * We don't simulate electrical parameters of the SDRAM.
+ * Accept, but ignore the values.
+ */
 s->regs[saddr] = val;
 break;
 
@@ -674,8 +677,10 @@ static uint64_t gt64120_readl (void *opaque,
 
 /* CPU Configuration */
 case GT_MULTI:
-/* Only one GT64xxx is present on the CPU bus, return
-   the initial value */
+/*
+ * Only one GT64xxx is present on the CPU bus, return
+ * the initial value.
+ */
 val = s->regs[saddr];
 break;
 
@@ -685,17 +690,18 @@ static uint64_t gt64120_readl (void *opaque,
 case GT_CPUERR_DATALO:
 case GT_CPUERR_DATAHI:
 case GT_CPUERR_PARITY:
-/* Emulated memory has no error, always return the initial
-   values */
+/* Emulated memory has no error, always return the initial values. */
 val = s->regs[saddr];
 break;
 
 /* CPU Sync Barrier */
 case GT_PCI0SYNC:
 case GT_PCI1SYNC:
-/* Reading those register should empty all FIFO on the PCI
-   bus, which are not emulated. The return value should be
-   a random value that should be ignored. */
+/*
+ * Reading those register should empty all FIFO on the PCI
+ * bus, which are not emulated. The return value should be
+ * a random value that should be ignored.
+ */
 val = 0xc000ffee;
 break;
 
@@ -705,8 +711,7 @@ static uint64_t gt64120_readl (void *opaque,
 case GT_ECC_MEM:
 case GT_ECC_CALC:
 case GT_ECC_ERRADDR:
-/* Emulated memory has no error, always return the initial
-   values */
+/* Emulated memory has no error, always return the initial values. */
 val = s->regs[saddr];
 break;
 
@@ -785,8 +790,10 @@ static uint64_t gt64120_readl (void *opaque,
 case GT_SDRAM_B1:
 case GT_SDRAM_B2:
 case GT_SDRAM_B3:
-/* We don't simulate electrical parameters of the SDRAM.
-   Just return the last written value. */
+/*
+ * We don't simulate electrical parameters of the SDRAM.
+ * Just return the last written value.
+ */
 val = s->regs[saddr];
 break;
 
@@ -949,20 +956,20 @@ static int gt64120_pci_map_irq(PCIDevice *pci_dev, int 
irq_num)
 slot = (pci_dev->devfn >> 3);
 
 switch (slot) {
-  /* PIIX4 USB */
-  case 10:
+/* PIIX4 USB */
+case 10:
 return 3;
-  /* AMD 79C973 Ethernet */
-  case 11:
+/* AMD 79C973 Ethernet */
+case 11:
 return 1;
-  /* Crystal 4281 Sound */
-  case 12:
+/* Crystal 4281 Sound */
+case 12:
 return 2;
-  /* PCI slot 1 to 4 */
-  case 18 ... 21:
+/* PCI slot 1 to 4 */
+case 18 ... 21:
 return ((slot - 18) + irq_num) & 0x03;
-  /* Unknown device, don't do any translation */
-  default:
+/* Unknown device, don't do any translation */
+default:
 return irq_num;
 }
 }
@@ -980,8 +987,7 @@ static void gt64120_pci_set_irq(void *opaque, int irq_num, 
int level)
 /* XXX: optimize */
 pic_irq = piix4_dev->config[0x60 + irq_num];
 if (pic_irq < 16) {
-/* The pic level is the logical OR of all the PCI irqs mapped
-   to it */
+/* The pic level is the logical OR of all the PCI irqs mapped to it. */
 pic_level = 0;
 for (i = 0; i < 4; i++) {
 if (pic_irq == piix4_dev->config[0x60 + i])
-- 
2.19.1

[Qemu-devel] [PATCH 09/10] hw/mips/gt64xxx_pci: Move it to hw/pci-host/

2019-06-24 Thread Philippe Mathieu-Daudé 
The GT-64120 is a north-bridge, and it is not MIPS specific.
Move it with the other north-bridge devices.

We move this device in the common-obj, and compile it once for
the 4 different MIPS targets.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/{mips/gt64xxx_pci.c => pci-host/gt64120.c} | 0
 MAINTAINERS   | 2 +-
 hw/mips/Makefile.objs | 2 +-
 hw/mips/trace-events  | 4 
 hw/pci-host/Makefile.objs | 2 +-
 hw/pci-host/trace-events  | 5 +
 6 files changed, 8 insertions(+), 7 deletions(-)
 rename hw/{mips/gt64xxx_pci.c => pci-host/gt64120.c} (100%)

diff --git a/hw/mips/gt64xxx_pci.c b/hw/pci-host/gt64120.c
similarity index 100%
rename from hw/mips/gt64xxx_pci.c
rename to hw/pci-host/gt64120.c
diff --git a/MAINTAINERS b/MAINTAINERS
index abef4a1cfc..da348e1af1 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -928,7 +928,7 @@ M: Aurelien Jarno 
 R: Aleksandar Rikalo 
 S: Maintained
 F: hw/mips/mips_malta.c
-F: hw/mips/gt64xxx_pci.c
+F: hw/pci-host/gt64120.c
 F: tests/acceptance/linux_ssh_mips_malta.py
 
 Mipssim
diff --git a/hw/mips/Makefile.objs b/hw/mips/Makefile.objs
index 525809af07..da65e19c20 100644
--- a/hw/mips/Makefile.objs
+++ b/hw/mips/Makefile.objs
@@ -1,6 +1,6 @@
 obj-y += addr.o mips_int.o
 obj-$(CONFIG_R4K) += mips_r4k.o
-obj-$(CONFIG_MALTA) += gt64xxx_pci.o mips_malta.o
+obj-$(CONFIG_MALTA) += mips_malta.o
 obj-$(CONFIG_MIPSSIM) += mips_mipssim.o
 obj-$(CONFIG_JAZZ) += mips_jazz.o
 obj-$(CONFIG_FULONG) += mips_fulong2e.o
diff --git a/hw/mips/trace-events b/hw/mips/trace-events
index 75d4c73f2e..e69de29bb2 100644
--- a/hw/mips/trace-events
+++ b/hw/mips/trace-events
@@ -1,4 +0,0 @@
-# gt64xxx.c
-gt64120_read(const char *regname, int width, uint64_t value) "gt64120 read %s 
value:0x%0*" PRIx64
-gt64120_write(const char *regname, int width, uint64_t value) "gt64120 write 
%s value:0x%0*" PRIx64
-gt64120_isd_remap(uint64_t from_length, uint64_t from_addr, uint64_t 
to_length, uint64_t to_addr) "ISD: 0x%08" PRIx64 "@0x%08" PRIx64 " -> 0x%08" 
PRIx64 "@0x%08" PRIx64
diff --git a/hw/pci-host/Makefile.objs b/hw/pci-host/Makefile.objs
index a9cd3e022d..3e1657774d 100644
--- a/hw/pci-host/Makefile.objs
+++ b/hw/pci-host/Makefile.objs
@@ -17,5 +17,5 @@ common-obj-$(CONFIG_PCI_PIIX) += piix.o
 common-obj-$(CONFIG_PCI_EXPRESS_Q35) += q35.o
 common-obj-$(CONFIG_PCI_EXPRESS_GENERIC_BRIDGE) += gpex.o
 common-obj-$(CONFIG_PCI_EXPRESS_XILINX) += xilinx-pcie.o
-
+common-obj-$(CONFIG_MALTA) += gt64120.o
 common-obj-$(CONFIG_PCI_EXPRESS_DESIGNWARE) += designware.o
diff --git a/hw/pci-host/trace-events b/hw/pci-host/trace-events
index d19ca9aef6..eecc233670 100644
--- a/hw/pci-host/trace-events
+++ b/hw/pci-host/trace-events
@@ -20,3 +20,8 @@ unin_data_write(uint64_t addr, unsigned len, uint64_t val) 
"write addr 0x%"PRIx6
 unin_data_read(uint64_t addr, unsigned len, uint64_t val) "read addr 
0x%"PRIx64 " len %d val 0x%"PRIx64
 unin_write(uint64_t addr, uint64_t value) "addr=0x%" PRIx64 " val=0x%"PRIx64
 unin_read(uint64_t addr, uint64_t value) "addr=0x%" PRIx64 " val=0x%"PRIx64
+
+# gt64120.c
+gt64120_read(const char *regname, int width, uint64_t value) "gt64120 read %s 
value:0x%0*" PRIx64
+gt64120_write(const char *regname, int width, uint64_t value) "gt64120 write 
%s value:0x%0*" PRIx64
+gt64120_isd_remap(uint64_t from_length, uint64_t from_addr, uint64_t 
to_length, uint64_t to_addr) "ISD: 0x%08" PRIx64 "@0x%08" PRIx64 " -> 0x%08" 
PRIx64 "@0x%08" PRIx64
-- 
2.19.1

[Qemu-devel] [PATCH 08/10] hw/mips/gt64xxx_pci: Add a 'cpu_big_endian' qdev property

2019-06-24 Thread Philippe Mathieu-Daudé 
This device does not have to be TARGET-dependent.
Add a 'cpu_big_endian' property which sets the byte-swapping
options if required.

Signed-off-by: Philippe Mathieu-Daudé 
---
I might change my mind and name it 'little_endian' to be closer
to the datasheet.
---
 include/hw/mips/mips.h |  2 +-
 hw/mips/gt64xxx_pci.c  | 29 +
 hw/mips/mips_malta.c   |  2 +-
 3 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/include/hw/mips/mips.h b/include/hw/mips/mips.h
index 2f6774d540..6ec41d33f1 100644
--- a/include/hw/mips/mips.h
+++ b/include/hw/mips/mips.h
@@ -9,7 +9,7 @@
 #include "hw/irq.h"
 
 /* gt64xxx.c */
-PCIBus *gt64120_register(qemu_irq *pic);
+PCIBus *gt64120_create(qemu_irq *pic, bool target_is_bigendian);
 
 /* bonito.c */
 PCIBus *bonito_init(qemu_irq *pic);
diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
index 2fa313f498..5209038ee5 100644
--- a/hw/mips/gt64xxx_pci.c
+++ b/hw/mips/gt64xxx_pci.c
@@ -240,6 +240,7 @@ typedef struct GT64120State {
 PCI_MAPPING_ENTRY(ISD);
 MemoryRegion pci0_mem;
 AddressSpace pci0_mem_as;
+bool cpu_big_endian;
 } GT64120State;
 
 /* Adjust range to avoid touching space which isn't mappable via PCI */
@@ -1028,15 +1029,12 @@ static void gt64120_pci_set_irq(void *opaque, int 
irq_num, int level)
 static void gt64120_reset(DeviceState *dev)
 {
 GT64120State *s = GT64120_PCI_HOST_BRIDGE(dev);
+const uint32_t pci_cmd = s->cpu_big_endian ? 0x : 0x00010001;
 
 /* FIXME: Malta specific hw assumptions ahead */
 
 /* CPU Configuration */
-#ifdef TARGET_WORDS_BIGENDIAN
-s->regs[GT_CPU]   = 0x;
-#else
-s->regs[GT_CPU]   = 0x1000;
-#endif
+s->regs[GT_CPU]   = !s->cpu_big_endian << 12;
 s->regs[GT_MULTI] = 0x0003;
 
 /* CPU Address decode */
@@ -1143,11 +1141,7 @@ static void gt64120_reset(DeviceState *dev)
 s->regs[GT_TC_CONTROL]= 0x;
 
 /* PCI Internal */
-#ifdef TARGET_WORDS_BIGENDIAN
-s->regs[GT_PCI0_CMD]  = 0x;
-#else
-s->regs[GT_PCI0_CMD]  = 0x00010001;
-#endif
+s->regs[GT_PCI0_CMD]  = pci_cmd;
 s->regs[GT_PCI0_TOR]  = 0x070f;
 s->regs[GT_PCI0_BS_SCS10] = 0x00fff000;
 s->regs[GT_PCI0_BS_SCS32] = 0x00fff000;
@@ -1164,11 +1158,7 @@ static void gt64120_reset(DeviceState *dev)
 s->regs[GT_PCI0_SSCS10_BAR] = 0x;
 s->regs[GT_PCI0_SSCS32_BAR] = 0x0100;
 s->regs[GT_PCI0_SCS3BT_BAR] = 0x1f00;
-#ifdef TARGET_WORDS_BIGENDIAN
-s->regs[GT_PCI1_CMD]  = 0x;
-#else
-s->regs[GT_PCI1_CMD]  = 0x00010001;
-#endif
+s->regs[GT_PCI1_CMD]  = pci_cmd;
 s->regs[GT_PCI1_TOR]  = 0x070f;
 s->regs[GT_PCI1_BS_SCS10] = 0x00fff000;
 s->regs[GT_PCI1_BS_SCS32] = 0x00fff000;
@@ -1193,13 +1183,14 @@ static void gt64120_reset(DeviceState *dev)
 gt64120_pci_mapping(s);
 }
 
-PCIBus *gt64120_register(qemu_irq *pic)
+PCIBus *gt64120_create(qemu_irq *pic, bool target_is_bigendian)
 {
 GT64120State *d;
 PCIHostState *phb;
 DeviceState *dev;
 
 dev = qdev_create(NULL, TYPE_GT64120_PCI_HOST_BRIDGE);
+qdev_prop_set_bit(dev, "cpu_big_endian", target_is_bigendian);
 d = GT64120_PCI_HOST_BRIDGE(dev);
 phb = PCI_HOST_BRIDGE(dev);
 memory_region_init(&d->pci0_mem, OBJECT(dev), "pci0-mem", 4 * GiB);
@@ -1262,6 +1253,11 @@ static const TypeInfo gt64120_pci_info = {
 },
 };
 
+static Property gt64120_properties[] = {
+DEFINE_PROP_BOOL("cpu_big_endian", GT64120State, cpu_big_endian, true),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void gt64120_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -1269,6 +1265,7 @@ static void gt64120_class_init(ObjectClass *klass, void 
*data)
 set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
 dc->reset = gt64120_reset;
 dc->vmsd = &vmstate_gt64120;
+dc->props = gt64120_properties;
 }
 
 static const TypeInfo gt64120_info = {
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 51db5212be..97f8ffbf1b 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1375,7 +1375,7 @@ void mips_malta_init(MachineState *machine)
 isa_irq = qemu_irq_proxy(&s->i8259, 16);
 
 /* Northbridge */
-pci_bus = gt64120_register(isa_irq);
+pci_bus = gt64120_create(isa_irq, be);
 
 /* Southbridge */
 ide_drive_get(hd, ARRAY_SIZE(hd));
-- 
2.19.1

[Qemu-devel] [PATCH 00/10] hw/pci-host: Clean the GT64120 north bridge

2019-06-24 Thread Philippe Mathieu-Daudé 
Hi,

This series clean the gt64120 device.
It is no more target-dependent, and tracing is improved.

Regards,

Phil.

Based-on: 20190624220056.25861-1-f4...@amsat.org
https://lists.gnu.org/archive/html/qemu-devel/2019-06/msg05304.html

Philippe Mathieu-Daudé (10):
  hw/mips/gt64xxx_pci: Fix multiline comment syntax
  hw/mips/gt64xxx_pci: Fix 'tabs' coding style issues
  hw/mips/gt64xxx_pci: Fix 'braces' coding style issues
  hw/mips/gt64xxx_pci: Fix 'spaces' coding style issues
  hw/mips/gt64xxx_pci: Use qemu_log_mask() instead of debug printf()
  hw/mips/gt64xxx_pci: Convert debug printf()s to trace events
  hw/mips/gt64xxx_pci: Align the pci0-mem size
  hw/mips/gt64xxx_pci: Add a 'cpu_big_endian' qdev property
  hw/mips/gt64xxx_pci: Move it to hw/pci-host/
  hw/pci-host/gt64120: Clean the decoded address space

 Makefile.objs |   1 +
 include/hw/mips/mips.h|   2 +-
 hw/mips/mips_malta.c  |   8 +-
 hw/{mips/gt64xxx_pci.c => pci-host/gt64120.c} | 542 ++
 MAINTAINERS   |   2 +-
 hw/mips/Makefile.objs |   2 +-
 hw/mips/trace-events  |   0
 hw/pci-host/Makefile.objs |   2 +-
 hw/pci-host/trace-events  |   5 +
 9 files changed, 307 insertions(+), 257 deletions(-)
 rename hw/{mips/gt64xxx_pci.c => pci-host/gt64120.c} (68%)
 create mode 100644 hw/mips/trace-events

-- 
2.19.1

[Qemu-devel] [PATCH 02/10] hw/mips/gt64xxx_pci: Fix 'tabs' coding style issues

2019-06-24 Thread Philippe Mathieu-Daudé 
Since we'll move this code around, fix its style first:

  ERROR: code indent should never use tabs

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/gt64xxx_pci.c | 312 +-
 1 file changed, 156 insertions(+), 156 deletions(-)

diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
index c0924646b5..bbd719f091 100644
--- a/hw/mips/gt64xxx_pci.c
+++ b/hw/mips/gt64xxx_pci.c
@@ -38,192 +38,192 @@
 #define DPRINTF(fmt, ...)
 #endif
 
-#define GT_REGS(0x1000 >> 2)
+#define GT_REGS (0x1000 >> 2)
 
 /* CPU Configuration */
-#define GT_CPU (0x000 >> 2)
-#define GT_MULTI   (0x120 >> 2)
+#define GT_CPU  (0x000 >> 2)
+#define GT_MULTI(0x120 >> 2)
 
 /* CPU Address Decode */
-#define GT_SCS10LD (0x008 >> 2)
-#define GT_SCS10HD (0x010 >> 2)
-#define GT_SCS32LD (0x018 >> 2)
-#define GT_SCS32HD (0x020 >> 2)
-#define GT_CS20LD  (0x028 >> 2)
-#define GT_CS20HD  (0x030 >> 2)
-#define GT_CS3BOOTLD   (0x038 >> 2)
-#define GT_CS3BOOTHD   (0x040 >> 2)
-#define GT_PCI0IOLD(0x048 >> 2)
-#define GT_PCI0IOHD(0x050 >> 2)
-#define GT_PCI0M0LD(0x058 >> 2)
-#define GT_PCI0M0HD(0x060 >> 2)
-#define GT_PCI0M1LD(0x080 >> 2)
-#define GT_PCI0M1HD(0x088 >> 2)
-#define GT_PCI1IOLD(0x090 >> 2)
-#define GT_PCI1IOHD(0x098 >> 2)
-#define GT_PCI1M0LD(0x0a0 >> 2)
-#define GT_PCI1M0HD(0x0a8 >> 2)
-#define GT_PCI1M1LD(0x0b0 >> 2)
-#define GT_PCI1M1HD(0x0b8 >> 2)
-#define GT_ISD (0x068 >> 2)
-
-#define GT_SCS10AR (0x0d0 >> 2)
-#define GT_SCS32AR (0x0d8 >> 2)
-#define GT_CS20R   (0x0e0 >> 2)
-#define GT_CS3BOOTR(0x0e8 >> 2)
-
-#define GT_PCI0IOREMAP (0x0f0 >> 2)
-#define GT_PCI0M0REMAP (0x0f8 >> 2)
-#define GT_PCI0M1REMAP (0x100 >> 2)
-#define GT_PCI1IOREMAP (0x108 >> 2)
-#define GT_PCI1M0REMAP (0x110 >> 2)
-#define GT_PCI1M1REMAP (0x118 >> 2)
+#define GT_SCS10LD  (0x008 >> 2)
+#define GT_SCS10HD  (0x010 >> 2)
+#define GT_SCS32LD  (0x018 >> 2)
+#define GT_SCS32HD  (0x020 >> 2)
+#define GT_CS20LD   (0x028 >> 2)
+#define GT_CS20HD   (0x030 >> 2)
+#define GT_CS3BOOTLD(0x038 >> 2)
+#define GT_CS3BOOTHD(0x040 >> 2)
+#define GT_PCI0IOLD (0x048 >> 2)
+#define GT_PCI0IOHD (0x050 >> 2)
+#define GT_PCI0M0LD (0x058 >> 2)
+#define GT_PCI0M0HD (0x060 >> 2)
+#define GT_PCI0M1LD (0x080 >> 2)
+#define GT_PCI0M1HD (0x088 >> 2)
+#define GT_PCI1IOLD (0x090 >> 2)
+#define GT_PCI1IOHD (0x098 >> 2)
+#define GT_PCI1M0LD (0x0a0 >> 2)
+#define GT_PCI1M0HD (0x0a8 >> 2)
+#define GT_PCI1M1LD (0x0b0 >> 2)
+#define GT_PCI1M1HD (0x0b8 >> 2)
+#define GT_ISD  (0x068 >> 2)
+
+#define GT_SCS10AR  (0x0d0 >> 2)
+#define GT_SCS32AR  (0x0d8 >> 2)
+#define GT_CS20R(0x0e0 >> 2)
+#define GT_CS3BOOTR (0x0e8 >> 2)
+
+#define GT_PCI0IOREMAP  (0x0f0 >> 2)
+#define GT_PCI0M0REMAP  (0x0f8 >> 2)
+#define GT_PCI0M1REMAP  (0x100 >> 2)
+#define GT_PCI1IOREMAP  (0x108 >> 2)
+#define GT_PCI1M0REMAP  (0x110 >> 2)
+#define GT_PCI1M1REMAP  (0x118 >> 2)
 
 /* CPU Error Report */
-#define GT_CPUERR_ADDRLO   (0x070 >> 2)
-#define GT_CPUERR_ADDRHI   (0x078 >> 2)
-#define GT_CPUERR_DATALO   (0x128 >> 2)/* GT-64120A only  */
-#define GT_CPUERR_DATAHI   (0x130 >> 2)/* GT-64120A only  */
-#define GT_CPUERR_PARITY   (0x138 >> 2)/* GT-64120A only  */
+#define GT_CPUERR_ADDRLO(0x070 >> 2)
+#define GT_CPUERR_ADDRHI(0x078 >> 2)
+#define GT_CPUERR_DATALO(0x128 >> 2)/* GT-64120A only  */
+#define GT_CPUERR_DATAHI(0x130 >> 2)/* GT-64120A only  */
+#define GT_CPUERR_PARITY(0x138 >> 2)/* GT-64120A only  */
 
 /* CPU Sync Barrier */
-#define GT_PCI0SYNC(0x0c0 >> 2)
-#define GT_PCI1SYNC(0x0c8 >> 2)
+#define GT_PCI0SYNC (0x0c0 >> 2)
+#define GT_PCI1SYNC (0x0c8 >> 2)
 
 /* SDRAM and Device Address Decode */
-#define GT_SCS0LD  (0x400 >> 2)
-#define GT_SCS0HD  (0x404 >> 2)
-#define GT_SCS1LD  (0x408 >> 2)
-#define GT_SCS1HD  (0x40c >> 2)
-#define GT_SCS2LD  (0x410 >> 2)
-#define GT_SCS2HD  (0x414 >> 2)
-#define GT_SCS3LD  (0x418 >> 2)
-

[Qemu-devel] [PATCH 04/10] hw/mips/gt64xxx_pci: Fix 'spaces' coding style issues

2019-06-24 Thread Philippe Mathieu-Daudé 
Since we'll move this code around, fix its style first:

  ERROR: space prohibited between function name and open parenthesis
  ERROR: line over 90 characters

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/gt64xxx_pci.c | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
index cfd497960c..0b9fb02475 100644
--- a/hw/mips/gt64xxx_pci.c
+++ b/hw/mips/gt64xxx_pci.c
@@ -384,8 +384,8 @@ static const VMStateDescription vmstate_gt64120 = {
 }
 };
 
-static void gt64120_writel (void *opaque, hwaddr addr,
-uint64_t val, unsigned size)
+static void gt64120_writel(void *opaque, hwaddr addr,
+   uint64_t val, unsigned size)
 {
 GT64120State *s = opaque;
 PCIHostState *phb = PCI_HOST_BRIDGE(s);
@@ -671,8 +671,8 @@ static void gt64120_writel (void *opaque, hwaddr addr,
 }
 }
 
-static uint64_t gt64120_readl (void *opaque,
-   hwaddr addr, unsigned size)
+static uint64_t gt64120_readl(void *opaque,
+  hwaddr addr, unsigned size)
 {
 GT64120State *s = opaque;
 PCIHostState *phb = PCI_HOST_BRIDGE(s);
@@ -1193,7 +1193,8 @@ PCIBus *gt64120_register(qemu_irq *pic)
  get_system_io(),
  PCI_DEVFN(18, 0), 4, TYPE_PCI_BUS);
 qdev_init_nofail(dev);
-memory_region_init_io(&d->ISD_mem, OBJECT(dev), &isd_mem_ops, d, 
"isd-mem", 0x1000);
+memory_region_init_io(&d->ISD_mem, OBJECT(dev), &isd_mem_ops, d,
+  "isd-mem", 0x1000);
 
 pci_create_simple(phb->bus, PCI_DEVFN(0, 0), "gt64120_pci");
 return phb->bus;
-- 
2.19.1

[Qemu-devel] [PATCH v1 5/5] hw/riscv: Load OpenSBI as the default firmware

2019-06-24 Thread Alistair Francis 
If the user hasn't specified a firmware to load (with -bios) or
specified no bios (with -bios none) then load OpenSBI by default. This
allows users to boot a RISC-V kernel with just -kernel.

Signed-off-by: Alistair Francis 
---
 hw/riscv/boot.c | 49 +
 hw/riscv/sifive_u.c |  7 +++---
 hw/riscv/virt.c | 11 ++---
 include/hw/riscv/boot.h |  3 +++
 qemu-deprecated.texi| 20 +
 5 files changed, 84 insertions(+), 6 deletions(-)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index ff023f42d0..c7d72f682f 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -18,6 +18,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu-common.h"
 #include "qemu/units.h"
 #include "qemu/error-report.h"
 #include "exec/cpu-defs.h"
@@ -32,6 +33,54 @@
 # define KERNEL_BOOT_ADDRESS 0x8020
 #endif
 
+void riscv_find_and_load_firmware(MachineState *machine,
+  const char *default_machine_firmware,
+  hwaddr firmware_load_addr)
+{
+char *firmware_filename;
+
+if (!machine->firmware) {
+/*
+ * The user didn't specify -bios.
+ * At the moment we default to loading nothing when this hapens.
+ * In the future this defaul will change to loading the prebuilt
+ * OpenSBI firmware. Let's warn the user and then continue.
+*/
+warn_report("No -bios option specified. Not loading a firmware.");
+warn_report("This default will change in QEMU 4.3. Please use the " \
+"-bios option to aviod breakages when this happens.");
+warn_report("See QEMU's deprecation documentation for details");
+return;
+}
+
+if (!strcmp(machine->firmware, "default")) {
+/*
+ * The user has specified "-bios default". That means we are going to
+ * load the OpenSBI binary included in the QEMU source.
+ *
+ * We can't load the binary by default as it will break existing users
+ * as users are already loading their own firmware.
+ *
+ * Let's try to get everyone to specify the -bios option at all times,
+ * so then in the future we can make "-bios default" the default option
+ * if no -bios option is set without breaking anything.
+ */
+firmware_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS,
+   default_machine_firmware);
+} else {
+firmware_filename = machine->firmware;
+}
+
+if (strcmp(firmware_filename, "none")) {
+/* If not "none" load the firmware */
+riscv_load_firmware(firmware_filename, firmware_load_addr);
+}
+
+if (!strcmp(machine->firmware, "default")) {
+g_free(firmware_filename);
+}
+}
+
 target_ulong riscv_load_firmware(const char *firmware_filename,
  hwaddr firmware_load_addr)
 {
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index a04f2d0754..d308aec592 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -49,6 +49,8 @@
 
 #include 
 
+#define BIOS_FILENAME "opensbi-riscv64-sifive_u-fw_jump.bin"
+
 static const struct MemmapEntry {
 hwaddr base;
 hwaddr size;
@@ -266,9 +268,8 @@ static void riscv_sifive_u_init(MachineState *machine)
 /* create device tree */
 create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
 
-if (machine->firmware) {
-riscv_load_firmware(machine->firmware, memmap[SIFIVE_U_DRAM].base);
-}
+riscv_find_and_load_firmware(machine, BIOS_FILENAME,
+ memmap[SIFIVE_U_DRAM].base);
 
 if (machine->kernel_filename) {
 riscv_load_kernel(machine->kernel_filename);
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 7fcc8c03b5..260e6e8e4d 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -44,6 +44,12 @@
 
 #include 
 
+#if defined(TARGET_RISCV32)
+# define BIOS_FILENAME "opensbi-riscv32-virt-fw_jump.bin"
+#else
+# define BIOS_FILENAME "opensbi-riscv64-virt-fw_jump.bin"
+#endif
+
 static const struct MemmapEntry {
 hwaddr base;
 hwaddr size;
@@ -380,9 +386,8 @@ static void riscv_virt_board_init(MachineState *machine)
 memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base,
 mask_rom);
 
-if (machine->firmware) {
-riscv_load_firmware(machine->firmware, memmap[VIRT_DRAM].base);
-}
+riscv_find_and_load_firmware(machine, BIOS_FILENAME,
+ memmap[VIRT_DRAM].base);
 
 if (machine->kernel_filename) {
 uint64_t kernel_entry = riscv_load_kernel(machine->kernel_filename);
diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index daa179b600..d56f2ae3eb 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -20,6 +20,9 @@
 #ifndef RISCV_BOOT_H
 #define RISCV_BOOT_H
 
+void riscv_find_and_load_firmware(MachineState *machine,
+

[Qemu-devel] [PATCH v1 1/5] hw/riscv: Split out the boot functions

2019-06-24 Thread Alistair Francis 
Split the common RISC-V boot functions into a seperate file. This allows
us to share the common code.

Signed-off-by: Alistair Francis 
Reviewed-by: Bin Meng 
Tested-by: Bin Meng 
---
 hw/riscv/Makefile.objs  |  1 +
 hw/riscv/boot.c | 69 +
 hw/riscv/sifive_e.c | 17 ++
 hw/riscv/sifive_u.c | 17 ++
 hw/riscv/spike.c| 21 +++--
 hw/riscv/virt.c | 51 +++---
 include/hw/riscv/boot.h | 27 
 7 files changed, 110 insertions(+), 93 deletions(-)
 create mode 100644 hw/riscv/boot.c
 create mode 100644 include/hw/riscv/boot.h

diff --git a/hw/riscv/Makefile.objs b/hw/riscv/Makefile.objs
index a65027304a..eb9d4f9ffc 100644
--- a/hw/riscv/Makefile.objs
+++ b/hw/riscv/Makefile.objs
@@ -1,3 +1,4 @@
+obj-y += boot.o
 obj-$(CONFIG_SPIKE) += riscv_htif.o
 obj-$(CONFIG_HART) += riscv_hart.o
 obj-$(CONFIG_SIFIVE_E) += sifive_e.o
diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
new file mode 100644
index 00..0c8e72e455
--- /dev/null
+++ b/hw/riscv/boot.c
@@ -0,0 +1,69 @@
+/*
+ * QEMU RISC-V Boot Helper
+ *
+ * Copyright (c) 2017 SiFive, Inc.
+ * Copyright (c) 2019 Alistair Francis 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/units.h"
+#include "qemu/error-report.h"
+#include "exec/cpu-defs.h"
+#include "hw/loader.h"
+#include "hw/riscv/boot.h"
+#include "elf.h"
+
+target_ulong riscv_load_kernel(const char *kernel_filename)
+{
+uint64_t kernel_entry, kernel_high;
+
+if (load_elf(kernel_filename, NULL, NULL, NULL,
+ &kernel_entry, NULL, &kernel_high, 0, EM_RISCV, 1, 0) < 0) {
+error_report("could not load kernel '%s'", kernel_filename);
+exit(1);
+}
+
+return kernel_entry;
+}
+
+hwaddr riscv_load_initrd(const char *filename, uint64_t mem_size,
+ uint64_t kernel_entry, hwaddr *start)
+{
+int size;
+
+/*
+ * We want to put the initrd far enough into RAM that when the
+ * kernel is uncompressed it will not clobber the initrd. However
+ * on boards without much RAM we must ensure that we still leave
+ * enough room for a decent sized initrd, and on boards with large
+ * amounts of RAM we must avoid the initrd being so far up in RAM
+ * that it is outside lowmem and inaccessible to the kernel.
+ * So for boards with less  than 256MB of RAM we put the initrd
+ * halfway into RAM, and for boards with 256MB of RAM or more we put
+ * the initrd at 128MB.
+ */
+*start = kernel_entry + MIN(mem_size / 2, 128 * MiB);
+
+size = load_ramdisk(filename, *start, mem_size - *start);
+if (size == -1) {
+size = load_image_targphys(filename, *start, mem_size - *start);
+if (size == -1) {
+error_report("could not load ramdisk '%s'", filename);
+exit(1);
+}
+}
+
+return *start + size;
+}
diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 80ac56fa7d..9d58ae362b 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -44,10 +44,10 @@
 #include "hw/riscv/sifive_prci.h"
 #include "hw/riscv/sifive_uart.h"
 #include "hw/riscv/sifive_e.h"
+#include "hw/riscv/boot.h"
 #include "chardev/char.h"
 #include "sysemu/arch_init.h"
 #include "exec/address-spaces.h"
-#include "elf.h"
 
 static const struct MemmapEntry {
 hwaddr base;
@@ -74,19 +74,6 @@ static const struct MemmapEntry {
 [SIFIVE_E_DTIM] = { 0x8000, 0x4000 }
 };
 
-static target_ulong load_kernel(const char *kernel_filename)
-{
-uint64_t kernel_entry, kernel_high;
-
-if (load_elf(kernel_filename, NULL, NULL, NULL,
- &kernel_entry, NULL, &kernel_high,
- 0, EM_RISCV, 1, 0) < 0) {
-error_report("could not load kernel '%s'", kernel_filename);
-exit(1);
-}
-return kernel_entry;
-}
-
 static void sifive_mmio_emulate(MemoryRegion *parent, const char *name,
  uintptr_t offset, uintptr_t length)
 {
@@ -131,7 +118,7 @@ static void riscv_sifive_e_init(MachineState *machine)
   memmap[SIFIVE_E_MROM].base, &address_space_memory);
 
 if (machine->kernel_filename) {
-load_kernel(machine->kernel_filename);
+riscv_load_kernel(machine->kernel_filename);
 }
 }
 
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
ind

[Qemu-devel] [PATCH v1 2/5] hw/riscv: Add support for loading a firmware

2019-06-24 Thread Alistair Francis 
Add support for loading a firmware file for the virt machine and the
SiFive U. This can be run with the following command:

qemu-system-riscv64 -machine virt -bios fw_jump.bin -kernel vmlinux

Signed-off-by: Alistair Francis 
---
 hw/riscv/boot.c | 26 ++
 hw/riscv/sifive_u.c |  4 
 hw/riscv/virt.c |  4 
 include/hw/riscv/boot.h |  2 ++
 4 files changed, 36 insertions(+)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 0c8e72e455..883df49a0c 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -23,8 +23,34 @@
 #include "exec/cpu-defs.h"
 #include "hw/loader.h"
 #include "hw/riscv/boot.h"
+#include "hw/boards.h"
 #include "elf.h"
 
+#if defined(TARGET_RISCV32)
+# define KERNEL_BOOT_ADDRESS 0x8040
+#else
+# define KERNEL_BOOT_ADDRESS 0x8020
+#endif
+
+target_ulong riscv_load_firmware(const char *firmware_filename,
+ hwaddr firmware_load_addr)
+{
+uint64_t firmware_entry, firmware_start, firmware_end;
+
+if (load_elf(firmware_filename, NULL, NULL, NULL, &firmware_entry,
+ &firmware_start, &firmware_end, 0, EM_RISCV, 1, 0) > 0) {
+return firmware_entry;
+}
+
+if (load_image_targphys_as(firmware_filename, firmware_load_addr,
+   ram_size, NULL) > 0) {
+return firmware_load_addr;
+}
+
+error_report("could not load firmware '%s'", firmware_filename);
+exit(1);
+}
+
 target_ulong riscv_load_kernel(const char *kernel_filename)
 {
 uint64_t kernel_entry, kernel_high;
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 1b9281bd4a..a04f2d0754 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -266,6 +266,10 @@ static void riscv_sifive_u_init(MachineState *machine)
 /* create device tree */
 create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
 
+if (machine->firmware) {
+riscv_load_firmware(machine->firmware, memmap[SIFIVE_U_DRAM].base);
+}
+
 if (machine->kernel_filename) {
 riscv_load_kernel(machine->kernel_filename);
 }
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 5f8c11471b..7fcc8c03b5 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -380,6 +380,10 @@ static void riscv_virt_board_init(MachineState *machine)
 memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base,
 mask_rom);
 
+if (machine->firmware) {
+riscv_load_firmware(machine->firmware, memmap[VIRT_DRAM].base);
+}
+
 if (machine->kernel_filename) {
 uint64_t kernel_entry = riscv_load_kernel(machine->kernel_filename);
 
diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index f84fd6c2df..daa179b600 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -20,6 +20,8 @@
 #ifndef RISCV_BOOT_H
 #define RISCV_BOOT_H
 
+target_ulong riscv_load_firmware(const char *firmware_filename,
+ hwaddr firmware_load_addr);
 target_ulong riscv_load_kernel(const char *kernel_filename);
 hwaddr riscv_load_initrd(const char *filename, uint64_t mem_size,
  uint64_t kernel_entry, hwaddr *start);
-- 
2.22.0

[Qemu-devel] [PATCH v1 4/5] roms: Add OpenSBI version 0.3

2019-06-24 Thread Alistair Francis 
Add OpenSBI version 0.3 as a git submodule and as a prebult binary.

Signed-off-by: Alistair Francis 
---
 .gitmodules  |   3 ++
 Makefile |   5 +-
 pc-bios/opensbi-riscv32-virt-fw_jump.bin | Bin 0 -> 28848 bytes
 pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin | Bin 0 -> 28904 bytes
 pc-bios/opensbi-riscv64-virt-fw_jump.bin | Bin 0 -> 28904 bytes
 roms/Makefile|  48 ++-
 roms/opensbi |   1 +
 7 files changed, 44 insertions(+), 13 deletions(-)
 create mode 100644 pc-bios/opensbi-riscv32-virt-fw_jump.bin
 create mode 100644 pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin
 create mode 100644 pc-bios/opensbi-riscv64-virt-fw_jump.bin
 create mode 16 roms/opensbi

diff --git a/.gitmodules b/.gitmodules
index 2857eec763..7a10e72e09 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -55,3 +55,6 @@
 [submodule "slirp"]
path = slirp
url = https://git.qemu.org/git/libslirp.git
+[submodule "roms/opensbi"]
+   path = roms/opensbi
+   url = https://github.com/riscv/opensbi.git
diff --git a/Makefile b/Makefile
index cfb18f1525..c74e5ba914 100644
--- a/Makefile
+++ b/Makefile
@@ -761,7 +761,10 @@ palcode-clipper \
 u-boot.e500 u-boot-sam460-20100605.bin \
 qemu_vga.ndrv \
 edk2-licenses.txt \
-hppa-firmware.img
+hppa-firmware.img \
+opensbi-riscv32-virt-fw_jump.bin \
+opensbi-riscv64-sifive_u-fw_jump.bin opensbi-riscv64-virt-fw_jump.bin
+
 
 DESCS=50-edk2-i386-secure.json 50-edk2-x86_64-secure.json \
 60-edk2-aarch64.json 60-edk2-arm.json 60-edk2-i386.json 60-edk2-x86_64.json
diff --git a/pc-bios/opensbi-riscv32-virt-fw_jump.bin 
b/pc-bios/opensbi-riscv32-virt-fw_jump.bin
new file mode 100644
index 
..c3e2aaa5148930754d3f88dcc9c6efdb961774d8
GIT binary patch
literal 28848
zcmeHv4OkRMwrF+tboUG@3^p)eG>eRYvWY=PCF;iIZy3Pn8Wjm{)L=UhcGV<~#+bw`
zIP?sN{Fn}mcs1)!l<2#0v(D-yzH1Pa0Zk;v1W-2`BLXqIic$Gh;GLT85ionRd*A)u
zd*Amy;j2Df)m3$V>QwcqbE?NQKI%t4360QL5#m^DzYU;hW&5>(Eb?ZXW_R}K6g0Bu
z&}jV=I*LX*T7m3>0`Uq8*=Y)$s;pedvA4Y3wW7xjsYOzZ&h!pF`$7F-TWP
zA#RB$p?mu#3i7l=PP|-*?0q*;m8Y(VLb^Y+p=Dm;S7yR~rwQ4cP7wB{uOKxM+eChm
z2~h`0qzyblY$3g=rX*9JhQ*Y(BEc~F#Dtv){y0cdskMJ}Z0}!9>Zou?lTE*j`cbnE
z*Jgh-|I(_Uo~TjaGJeUMBQzVKoZQ%Ex8_qb-?6hRC>?n_N@S55Lz9}EEcKXiLy}PI
z-|ZXosZv{6kv8xu(gxi|sX^LtyHQ$@He@%V4chTn-86J*!{FY9*Lq$1guA?k)J}w!
zfh4I7B1s)V%Jpk#lR72b6pSW+5|+2~Iq#t3Ayr8yHS2*sRbDeS?v#R>kf+e8@<>|_
zj8#tDwbSqFRPU4aoN>{d3g{KaMU!#w#04czA~t53&|GzU1%XT>$;sNFdE}iS6fT}S
zgv8qsNUVxLyp=?Dl0Y1>v2(&s=`Op|@1!{>hV(m)Tipp#PxhzfU?&v#tx
z`KIr(jwa9@;HnLso%~MJq3D>HWwEzo$p!B$2uePb9JBD;!euG9Q<#L(gpkA|iSbDd
zN$ImXW-%|6z7Vqb$l~}V4NKCOb}Zc#V=5jwc^h2G@N+Ri(Iylaj>lU^BeXG#K#_Fd
zMhrEO=V+QxMsLi*&k>5sa)AezF|Y3aeBbFhr={+6?YWa#>H|4#>a%Oi&UXpQnL|)D
z?-S;lzYx2bFAHPXF0Tt^4d
zq9zyFTQg7L`g(AL`^%wLS
z0aI+OX;Y&~f`M1I`%tIeCCosJ8EBz^mLQcb^8%`3?X95%7holHncc{2P$}~Ac`NI~
z4^t^9eE@CNr_xkHB5h7k(Nz2d+8m!rn+?-w%CH`&+fCb>X+ol`N~Y~hVPfG`b{TN_
zT||AM0FK8I=DL%Js=0=!
zx*P=DBkIIt!d!b7QMG?TL39wa8)Vx|=+YYqdvi5W#l)~x?5V=%ip~@*qqx#sLiEig
z?CD>j)WS;z7~63TRU?fnmZjMVvSgnts)8{U^ms%<1YKq)s+{0`sx1)txHt_w{zOxN
z>IcFh@jdsY4L@T3=jzt?@`|75Kf8w3Z?rA$7Jy%R?BaF|eVQnuuY|neVPo=2R37$EgfdLW#7IL@mi!r*?Nu9
zr6>E^)ZxMMeR-Sum2sy9DOde*o4QzgCsZ9S(n!IdWD!7;V-!7uo{!De^GHQfhBAdY
zK2Kpb>{poepD2Pr2e4GG(w7RP+QHD_
z+{dVz1yC;z>Me(QYlhU@pFOC5f54#)+XNhq3$vV)aS70eS|ioc{}1TT56fRYQ_`Ef
z8a%F9)G50(S}*>hx`OZy`kbi?Ih|BH$BESDxDvt~FA!$KUV<_lCUz_8H&?OMMWTVsxFQ;*C}YKb{x#$<+QnGGR)>RbP%;$Y5%^K(D7dpF-n*#b99e?
zitH_Zgzlx6kThTHtt=rf?2BGoWbdpYE);D@Io1@BcQ6n1n-*!BOv0M~rWd;9_2-kY
zvapmhhox%XXJKV|XvWMDHrim;Q{AN5`8Cu#3H7c)y}SRQ9$~m0wJh#jTukDj#OVT^
z2J4+SQy27k$mu!Gc_$ZEEjo_WNwo)aBJvM_OwX=AkOz_t4cnCcxhX_F*};DW0K{8VXc3Ih
zLLv2;0SbbW-bo^75qeBVw0DpbDNV0LPmYL-hPThOSA)J;be6dsaxv-roQ8Q{FFd!T
zE(=kHfsrxC9fr9mYn|fK=CFLw!0;&gEyBIbiEvO-a!w>`rqrf5&Erxep{j6&i_KcZccuV?vfK`r%eTP
ztAK75(5)Iwci9On1K|c|`%4(Ch4vPPh>>ldPq3VnRCNu|-3oMf0^O$`
zSVlsPd+a6(hhPN2ZYE71872c%nsyq(-Fo?OxqHQM)%(a0?s~q{Ag>-jCr{VB01gen
zVFqxxZU~1zufNh5QVGdQbAn!J)*F>(!&+sKQumTSQRT9auCix}J~VS(p@<)&REq79
z$fS<+F{%B0OvNESrjWU6b9}Or!mSNPB?YZ_Ggw+xYLU}5YBdodI2!%x7{SdZL&o+_+jW7sc?z<#Hf!T5He*+sS#
z;J{j*B=MD=3fgdl*831x-nFbkucDc+K_r3@BkRf0K+N3kOvs91BU&8p&KxK
z@-JYh370Tf!rd75Y9tKJVQuKvE5L&Scu)Wj3gAHjJScz%1@NE%9u)tahtOY27+S*I
z7zA$#L-jb=?fwpU01Rb-;S^xV0}R&z!+yZf4H&@cmS@0!uC3N!2}69a8-sC}gkkUF
zZRn%rzysK>u=lG?gx#qM-n*Ib{+$3e?RwayPQyDU*BtxLF|__d!m#fbZVY-_!XWsA
zRkH+m01Rb-;S^xV0}R&z!+yZf4H!Q87cdw`Nf?+>ZVbWw5(eW)u#%q#9vI+(0Uj9O
zfdL*E;DG@i7~p~V=RB1ANEp(6+!*L?34?xk8=5;0cmND#fZ-Hi$O8=50mFX4&}`=S
zGI4w$-G_g)ys^dkFS%
zw_dhCj6<>`BI0O0-s?!Y>>E1_qpP$#8H8<_(I?#R>P{39N4R@%S@HqZyY!K;X9tQF1bhcp=WpEh6ZG&<4RtiGq5jq28sINHjxFD?JXjkH
z2Xc516&f2a

[Qemu-devel] [PATCH v1 0/5] RISC-V: Add firmware loading support and default

2019-06-24 Thread Alistair Francis 
This series consolidates the current RISC-V kernel loading
impelementation while also adding support for the -bios option and more
advanced kernel image types.

After consolidating the kernel loading we can extend the boot loader to
support a -bios option. We can also extend the kernel loading options to
support not just ELF files but other standard formats.

Finally we can include the OpenSBI firmware for QEMU users.

To avoid breakages we have not changed the default behaviour of QEMU.
The plan is to change the default though, which is why an entry to the
qemu-deprecated.texi file has been added as well as a new warning.

After this series QEMU 4.1 has three options:
 1. ``-bios none`` - This is the current default behavior if no -bios option
  is included. QEMU will not automatically load any firmware. It is up
  to the user to load all the images they need.
 2. ``-bios default`` - In a future QEMU release this will become the default
  behaviour if no -bios option is specified. This option will load the
  default OpenSBI firmware automatically. The firmware is included with
  the QEMU release and no user interaction is required. All a user needs
  to do is specify the kernel they want to boot with the -kernel option
 3. ``-bios `` - Tells QEMU to load the specified file as the firmwrae.

All users should transition to using a -bios option. We can start
updating all documentation after the release of 4.1.

At the end of this series and the transition period we are in the good
place of no longer requiring users to build firmware to boot a kernel.
Instead users can just run QEMU with the -kernel option and everything
will work. They can also override the firmware with their own using
the -bios option. Using "-bios none" will result in no firmware being
loaded (as it is today).


Alistair Francis (5):
  hw/riscv: Split out the boot functions
  hw/riscv: Add support for loading a firmware
  hw/riscv: Extend the kernel loading support
  roms: Add OpenSBI version 0.3
  hw/riscv: Load OpenSBI as the default firmware

 .gitmodules  |   3 +
 Makefile |   5 +-
 hw/riscv/Makefile.objs   |   1 +
 hw/riscv/boot.c  | 154 +++
 hw/riscv/sifive_e.c  |  17 +-
 hw/riscv/sifive_u.c  |  22 +--
 hw/riscv/spike.c |  21 +--
 hw/riscv/virt.c  |  60 ++--
 include/hw/riscv/boot.h  |  32 
 pc-bios/opensbi-riscv32-virt-fw_jump.bin | Bin 0 -> 28848 bytes
 pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin | Bin 0 -> 28904 bytes
 pc-bios/opensbi-riscv64-virt-fw_jump.bin | Bin 0 -> 28904 bytes
 qemu-deprecated.texi |  20 +++
 roms/Makefile|  48 --
 roms/opensbi |   1 +
 15 files changed, 278 insertions(+), 106 deletions(-)
 create mode 100644 hw/riscv/boot.c
 create mode 100644 include/hw/riscv/boot.h
 create mode 100644 pc-bios/opensbi-riscv32-virt-fw_jump.bin
 create mode 100644 pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin
 create mode 100644 pc-bios/opensbi-riscv64-virt-fw_jump.bin
 create mode 16 roms/opensbi

-- 
2.22.0

[Qemu-devel] [PATCH v1 3/5] hw/riscv: Extend the kernel loading support

2019-06-24 Thread Alistair Francis 
Extend the RISC-V kernel loader to support Image and uImage files.
A Linux kernel can now be booted with:

qemu-system-riscv64 -machine virt -bios fw_jump.bin -kernel Image

Signed-off-by: Alistair Francis 
---
 hw/riscv/boot.c | 18 ++
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 883df49a0c..ff023f42d0 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -56,12 +56,22 @@ target_ulong riscv_load_kernel(const char *kernel_filename)
 uint64_t kernel_entry, kernel_high;
 
 if (load_elf(kernel_filename, NULL, NULL, NULL,
- &kernel_entry, NULL, &kernel_high, 0, EM_RISCV, 1, 0) < 0) {
-error_report("could not load kernel '%s'", kernel_filename);
-exit(1);
+ &kernel_entry, NULL, &kernel_high, 0, EM_RISCV, 1, 0) > 0) {
+return kernel_entry;
 }
 
-return kernel_entry;
+if (load_uimage_as(kernel_filename, &kernel_entry, NULL, NULL,
+   NULL, NULL, NULL) > 0) {
+return kernel_entry;
+}
+
+if (load_image_targphys_as(kernel_filename, KERNEL_BOOT_ADDRESS,
+   ram_size, NULL) > 0) {
+return KERNEL_BOOT_ADDRESS;
+}
+
+error_report("could not load kernel '%s'", kernel_filename);
+exit(1);
 }
 
 hwaddr riscv_load_initrd(const char *filename, uint64_t mem_size,
-- 
2.22.0

[Qemu-devel] [PATCH 5/9] hw/misc/empty_slot: Add a qdev property 'name'

2019-06-24 Thread Philippe Mathieu-Daudé 
If few commits empty_slot_init() will take 'name' as argument.
Meanwhile, initialize it as 'empty-slot'.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/misc/empty_slot.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/misc/empty_slot.c b/hw/misc/empty_slot.c
index ef0a7b99ba..c32241a9e5 100644
--- a/hw/misc/empty_slot.c
+++ b/hw/misc/empty_slot.c
@@ -32,6 +32,7 @@ typedef struct EmptySlot {
 SysBusDevice parent_obj;
 
 MemoryRegion iomem;
+char *name;
 uint64_t size;
 } EmptySlot;
 
@@ -78,14 +79,18 @@ static void empty_slot_realize(DeviceState *dev, Error 
**errp)
 error_setg(errp, "property 'size' not specified or zero");
 return;
 }
+if (s->name == NULL) {
+s->name = g_strdup("empty-slot");
+}
 
 memory_region_init_io(&s->iomem, OBJECT(s), &empty_slot_ops, s,
-  "empty-slot", s->size);
+  s->name, s->size);
 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
 }
 
 static Property empty_slot_properties[] = {
 DEFINE_PROP_UINT64("size", EmptySlot, size, 0),
+DEFINE_PROP_STRING("name", EmptySlot, name),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.19.1

[Qemu-devel] [PATCH 7/9] hw/sparc/sun4m: Mark some devices as 'unimplemented'

2019-06-24 Thread Philippe Mathieu-Daudé 
These devices are not slots on a bus, but real devices that
we do not implement.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/sparc/sun4m.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index cc85598d5b..0df5a8edfc 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -42,6 +42,7 @@
 #include "hw/nvram/fw_cfg.h"
 #include "hw/char/escc.h"
 #include "hw/misc/empty_slot.h"
+#include "hw/misc/unimp.h"
 #include "hw/loader.h"
 #include "elf.h"
 #include "trace.h"
@@ -970,7 +971,7 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
 }
 
 if (hwdef->sx_base) {
-empty_slot_init(hwdef->sx_base, 0x2000);
+create_unimplemented_device("sx", hwdef->sx_base, 0x2000);
 }
 
 nvram = m48t59_init(slavio_irq[0], hwdef->nvram_base, 0, 0x2000, 1968, 8);
@@ -1033,14 +1034,16 @@ static void sun4m_hw_init(const struct sun4m_hwdef 
*hwdef,
 if (hwdef->dbri_base) {
 /* ISDN chip with attached CS4215 audio codec */
 /* prom space */
-empty_slot_init(hwdef->dbri_base+0x1000, 0x30);
+create_unimplemented_device("SUNW,DBRI.prom",
+hwdef->dbri_base + 0x1000, 0x30);
 /* reg space */
-empty_slot_init(hwdef->dbri_base+0x1, 0x100);
+create_unimplemented_device("SUNW,DBRI",
+hwdef->dbri_base + 0x1, 0x100);
 }
 
 if (hwdef->bpp_base) {
 /* parallel port */
-empty_slot_init(hwdef->bpp_base, 0x20);
+create_unimplemented_device("parallel", hwdef->bpp_base, 0x20);
 }
 
 initrd_size = 0;
-- 
2.19.1

[Qemu-devel] [RFC PATCH 2/9] MAINTAINERS: Add the 'empty_slot' device with the 'unimp' one

2019-06-24 Thread Philippe Mathieu-Daudé 
The EmptySlot and UnimplementedDevice are very similar, the only
difference is how they log guest accesses.
Maintain them altogether.

Signed-off-by: Philippe Mathieu-Daudé 
---
Peter, are you OK with that? Do you prefer 2 distinct sections?

 MAINTAINERS | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index cad58b9487..abef4a1cfc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1643,11 +1643,13 @@ F: docs/specs/vmgenid.txt
 F: tests/vmgenid-test.c
 F: stubs/vmgenid.c
 
-Unimplemented device
+Unimplemented device, empty slot device
 M: Peter Maydell 
 R: Philippe Mathieu-Daudé 
 S: Maintained
+F: include/hw/misc/empty_slot.h
 F: include/hw/misc/unimp.h
+F: hw/misc/empty_slot.c
 F: hw/misc/unimp.c
 
 Standard VGA
-- 
2.19.1

[Qemu-devel] [PATCH 9/9] hw/misc/empty_slot: Pass the slot name as argument

2019-06-24 Thread Philippe Mathieu-Daudé 
Use the slot name to have more meaningful tracing logs.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/misc/empty_slot.h | 3 ++-
 hw/mips/mips_malta.c | 2 +-
 hw/misc/empty_slot.c | 6 --
 hw/sparc/sun4m.c | 9 ++---
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/include/hw/misc/empty_slot.h b/include/hw/misc/empty_slot.h
index 46483f24c3..d0cd989d2d 100644
--- a/include/hw/misc/empty_slot.h
+++ b/include/hw/misc/empty_slot.h
@@ -14,6 +14,7 @@
 
 /**
  * empty_slot_init: create and map a RAZ/WI device
+ * @name: name of the device for debug logging
  * @base: base address of the device's MMIO region
  * @size: size of the device's MMIO region
  *
@@ -27,6 +28,6 @@
  * use it to cover a large region and then map other devices on top of it
  * if necessary.
  */
-void empty_slot_init(hwaddr addr, uint64_t slot_size);
+void empty_slot_init(const char *name, hwaddr addr, uint64_t slot_size);
 
 #endif
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 7008be2e5b..51db5212be 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1212,7 +1212,7 @@ void mips_malta_init(MachineState *machine)
 /* The whole address space decoded by the GT-64120A doesn't generate
exception when accessing invalid memory. Create an empty slot to
emulate this feature. */
-empty_slot_init(0, 0x2000);
+empty_slot_init("gt64120-ad", 0x, 0x2000);
 
 qdev_init_nofail(dev);
 
diff --git a/hw/misc/empty_slot.c b/hw/misc/empty_slot.c
index b81064..396f9dd06a 100644
--- a/hw/misc/empty_slot.c
+++ b/hw/misc/empty_slot.c
@@ -52,12 +52,13 @@ static const MemoryRegionOps empty_slot_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-void empty_slot_init(hwaddr addr, uint64_t slot_size)
+void empty_slot_init(const char *name, hwaddr addr, uint64_t slot_size)
 {
 DeviceState *dev;
 
 dev = qdev_create(NULL, TYPE_EMPTY_SLOT);
 
+qdev_prop_set_string(dev, "name", name);
 qdev_prop_set_uint64(dev, "size", slot_size);
 qdev_init_nofail(dev);
 
@@ -77,7 +78,8 @@ static void empty_slot_realize(DeviceState *dev, Error **errp)
 return;
 }
 if (s->name == NULL) {
-s->name = g_strdup("empty-slot");
+error_setg(errp, "property 'name' not specified");
+return;
 }
 
 memory_region_init_io(&s->iomem, OBJECT(s), &empty_slot_ops, s,
diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index d55753d5cb..b17be3ddb8 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -819,7 +819,7 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
  machine->ram_size);
 memory_region_add_subregion(get_system_memory(), 0x, &ram);
 /* models without ECC don't trap when missing ram is accessed */
-empty_slot_init(0x, hwdef->max_mem);
+empty_slot_init("dram", 0x, hwdef->max_mem);
 
 /* init CPUs */
 for(i = 0; i < smp_cpus; i++) {
@@ -859,7 +859,8 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
Software shouldn't use aliased addresses, neither should it crash
when does. Using empty_slot instead of aliasing can help with
debugging such accesses */
-empty_slot_init(hwdef->iommu_pad_base,hwdef->iommu_pad_len);
+empty_slot_init("iommu.alias",
+hwdef->iommu_pad_base, hwdef->iommu_pad_len);
 }
 
 sparc32_dma_init(hwdef->dma_base,
@@ -908,7 +909,9 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
 for (i = 0; i < MAX_VSIMMS; i++) {
 /* vsimm registers probed by OBP */
 if (hwdef->vsimm[i].reg_base) {
-empty_slot_init(hwdef->vsimm[i].reg_base, 0x2000);
+char *name = g_strdup_printf("vsimm[%d]", i);
+empty_slot_init(name, hwdef->vsimm[i].reg_base, 0x2000);
+g_free(name);
 }
 }
 
-- 
2.19.1

[Qemu-devel] [PATCH 1/9] hw/misc: Move the 'empty_slot' device to hw/misc/

2019-06-24 Thread Philippe Mathieu-Daudé 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/empty_slot.h|  7 ---
 include/hw/misc/empty_slot.h   | 32 
 hw/mips/mips_malta.c   |  2 +-
 hw/{core => misc}/empty_slot.c |  2 +-
 hw/sparc/sun4m.c   |  2 +-
 hw/core/Makefile.objs  |  1 -
 hw/misc/Makefile.objs  |  1 +
 7 files changed, 36 insertions(+), 11 deletions(-)
 delete mode 100644 include/hw/empty_slot.h
 create mode 100644 include/hw/misc/empty_slot.h
 rename hw/{core => misc}/empty_slot.c (98%)

diff --git a/include/hw/empty_slot.h b/include/hw/empty_slot.h
deleted file mode 100644
index 123a9f8989..00
--- a/include/hw/empty_slot.h
+++ /dev/null
@@ -1,7 +0,0 @@
-#ifndef HW_EMPTY_SLOT_H
-#define HW_EMPTY_SLOT_H
-
-/* empty_slot.c */
-void empty_slot_init(hwaddr addr, uint64_t slot_size);
-
-#endif
diff --git a/include/hw/misc/empty_slot.h b/include/hw/misc/empty_slot.h
new file mode 100644
index 00..46483f24c3
--- /dev/null
+++ b/include/hw/misc/empty_slot.h
@@ -0,0 +1,32 @@
+/*
+ * QEMU Empty Slot
+ *
+ * The empty_slot device emulates known to a bus but not connected devices.
+ *
+ * Copyright (c) 2010 Artyom Tarasenko
+ *
+ * This code is licensed under the GNU GPL v2 or (at your option) any later
+ * version.
+ */
+
+#ifndef HW_EMPTY_SLOT_H
+#define HW_EMPTY_SLOT_H
+
+/**
+ * empty_slot_init: create and map a RAZ/WI device
+ * @base: base address of the device's MMIO region
+ * @size: size of the device's MMIO region
+ *
+ * This utility function creates and maps an instance of empty slot,
+ * which is a dummy device which simply read as zero, and ignore writes.
+ * An empty slot sit on a bus, and no bus errors are generated when it is
+ * accessed.
+ * Guest accesses can be traced, using the '-trace empty_slot\*' command
+ * line argument.
+ * The device is mapped at priority -1, which means that you can
+ * use it to cover a large region and then map other devices on top of it
+ * if necessary.
+ */
+void empty_slot_init(hwaddr addr, uint64_t slot_size);
+
+#endif
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 37ec89b07e..7008be2e5b 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -53,7 +53,7 @@
 #include "sysemu/qtest.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
-#include "hw/empty_slot.h"
+#include "hw/misc/empty_slot.h"
 #include "sysemu/kvm.h"
 #include "hw/semihosting/semihost.h"
 #include "hw/mips/cps.h"
diff --git a/hw/core/empty_slot.c b/hw/misc/empty_slot.c
similarity index 98%
rename from hw/core/empty_slot.c
rename to hw/misc/empty_slot.c
index c694532046..0adf7a26dc 100644
--- a/hw/core/empty_slot.c
+++ b/hw/misc/empty_slot.c
@@ -13,7 +13,7 @@
 #include "hw/hw.h"
 #include "hw/sysbus.h"
 #include "qemu/module.h"
-#include "hw/empty_slot.h"
+#include "hw/misc/empty_slot.h"
 
 //#define DEBUG_EMPTY_SLOT
 
diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index 7e4f61fc3e..cc85598d5b 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -41,7 +41,7 @@
 #include "hw/nvram/chrp_nvram.h"
 #include "hw/nvram/fw_cfg.h"
 #include "hw/char/escc.h"
-#include "hw/empty_slot.h"
+#include "hw/misc/empty_slot.h"
 #include "hw/loader.h"
 #include "elf.h"
 #include "trace.h"
diff --git a/hw/core/Makefile.objs b/hw/core/Makefile.objs
index a799c83815..5122a28a3b 100644
--- a/hw/core/Makefile.objs
+++ b/hw/core/Makefile.objs
@@ -8,7 +8,6 @@ common-obj-y += irq.o
 common-obj-y += hotplug.o
 common-obj-$(CONFIG_SOFTMMU) += nmi.o
 
-common-obj-$(CONFIG_EMPTY_SLOT) += empty_slot.o
 common-obj-$(CONFIG_XILINX_AXI) += stream.o
 common-obj-$(CONFIG_PTIMER) += ptimer.o
 common-obj-$(CONFIG_SOFTMMU) += sysbus.o
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 77b9df9796..8ed900f9f5 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -10,6 +10,7 @@ common-obj-$(CONFIG_EDU) += edu.o
 common-obj-$(CONFIG_PCA9552) += pca9552.o
 
 common-obj-y += unimp.o
+common-obj-$(CONFIG_EMPTY_SLOT) += empty_slot.o
 common-obj-$(CONFIG_FW_CFG_DMA) += vmcoreinfo.o
 
 # ARM devices
-- 
2.19.1

[Qemu-devel] [PATCH 8/9] hw/sparc/sun4m: Simplify the RAM creation

2019-06-24 Thread Philippe Mathieu-Daudé 
Now than the empty_slot device can be overlapped, use it to cover
the maximum memory range.
We can simplify now the main RAM is created.
The TYPE_SUN4M_MEMORY is not migratable, simply remove it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/sparc/sun4m.c | 85 
 1 file changed, 13 insertions(+), 72 deletions(-)

diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index 0df5a8edfc..d55753d5cb 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -767,71 +767,6 @@ static const TypeInfo prom_info = {
 .class_init= prom_class_init,
 };
 
-#define TYPE_SUN4M_MEMORY "memory"
-#define SUN4M_RAM(obj) OBJECT_CHECK(RamDevice, (obj), TYPE_SUN4M_MEMORY)
-
-typedef struct RamDevice {
-SysBusDevice parent_obj;
-
-MemoryRegion ram;
-uint64_t size;
-} RamDevice;
-
-/* System RAM */
-static void ram_realize(DeviceState *dev, Error **errp)
-{
-RamDevice *d = SUN4M_RAM(dev);
-SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
-
-memory_region_allocate_system_memory(&d->ram, OBJECT(d), "sun4m.ram",
- d->size);
-sysbus_init_mmio(sbd, &d->ram);
-}
-
-static void ram_init(hwaddr addr, ram_addr_t RAM_size,
- uint64_t max_mem)
-{
-DeviceState *dev;
-SysBusDevice *s;
-RamDevice *d;
-
-/* allocate RAM */
-if ((uint64_t)RAM_size > max_mem) {
-error_report("Too much memory for this machine: %" PRId64 ","
- " maximum %" PRId64,
- RAM_size / MiB, max_mem / MiB);
-exit(1);
-}
-dev = qdev_create(NULL, "memory");
-s = SYS_BUS_DEVICE(dev);
-
-d = SUN4M_RAM(dev);
-d->size = RAM_size;
-qdev_init_nofail(dev);
-
-sysbus_mmio_map(s, 0, addr);
-}
-
-static Property ram_properties[] = {
-DEFINE_PROP_UINT64("size", RamDevice, size, 0),
-DEFINE_PROP_END_OF_LIST(),
-};
-
-static void ram_class_init(ObjectClass *klass, void *data)
-{
-DeviceClass *dc = DEVICE_CLASS(klass);
-
-dc->realize = ram_realize;
-dc->props = ram_properties;
-}
-
-static const TypeInfo ram_info = {
-.name  = TYPE_SUN4M_MEMORY,
-.parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(RamDevice),
-.class_init= ram_class_init,
-};
-
 static void cpu_devinit(const char *cpu_type, unsigned int id,
 uint64_t prom_addr, qemu_irq **cpu_irqs)
 {
@@ -872,6 +807,19 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
 FWCfgState *fw_cfg;
 DeviceState *dev;
 SysBusDevice *s;
+MemoryRegion ram;
+
+if ((uint64_t)machine->ram_size > hwdef->max_mem) {
+error_report("Too much memory for this machine: %" PRId64 ","
+ " maximum %" PRId64,
+ machine->ram_size / MiB, hwdef->max_mem / MiB);
+exit(1);
+}
+memory_region_allocate_system_memory(&ram, OBJECT(machine), "sun4m.ram",
+ machine->ram_size);
+memory_region_add_subregion(get_system_memory(), 0x, &ram);
+/* models without ECC don't trap when missing ram is accessed */
+empty_slot_init(0x, hwdef->max_mem);
 
 /* init CPUs */
 for(i = 0; i < smp_cpus; i++) {
@@ -881,13 +829,7 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
 for (i = smp_cpus; i < MAX_CPUS; i++)
 cpu_irqs[i] = qemu_allocate_irqs(dummy_cpu_set_irq, NULL, MAX_PILS);
 
-
 /* set up devices */
-ram_init(0, machine->ram_size, hwdef->max_mem);
-/* models without ECC don't trap when missing ram is accessed */
-if (!hwdef->ecc_base) {
-empty_slot_init(machine->ram_size, hwdef->max_mem - machine->ram_size);
-}
 
 prom_init(hwdef->slavio_base, bios_name);
 
@@ -1561,7 +1503,6 @@ static void sun4m_register_types(void)
 type_register_static(&idreg_info);
 type_register_static(&afx_info);
 type_register_static(&prom_info);
-type_register_static(&ram_info);
 
 type_register_static(&ss5_type);
 type_register_static(&ss10_type);
-- 
2.19.1

[Qemu-devel] [PATCH 0/9] hw/misc: Clean the empty_slot device

2019-06-24 Thread Philippe Mathieu-Daudé 
Hi, this is another clean-up series, paving the road for a later
series touching the GT64120 north bridge.

It makes the EMPTY_SLOT more in shape with the UNIMPLEMENTED_DEVICE,
and slighly more powerful (allowing overlapping, trace events).

Previous discussions with Artyom and Peter:

- https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg00235.html
  'TYPE_EMPTY_SLOT is not UNIMPLEMENTED_DEVICE'

- https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg00336.html
  '"no bus errors when this range is touched" behaviour'

- https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg00292.html
  'background region with the "RAZ/WI" behaviour'

Regards,

Phil.

Philippe Mathieu-Daudé (9):
  hw/misc: Move the 'empty_slot' device to hw/misc/
  MAINTAINERS: Add the 'empty_slot' device with the 'unimp' one
  hw/misc/empty_slot: Allow overide by device with higher priority
  hw/misc/empty_slot: Add a qdev property 'size'
  hw/misc/empty_slot: Add a qdev property 'name'
  hw/misc/empty_slot: Convert debug printf()s to trace events
  hw/sparc/sun4m: Mark some devices as 'unimplemented'
  hw/sparc/sun4m: Simplify the RAM creation
  hw/misc/empty_slot: Pass the slot name as argument

 include/hw/empty_slot.h|   7 ---
 include/hw/misc/empty_slot.h   |  33 +++
 hw/mips/mips_malta.c   |   4 +-
 hw/{core => misc}/empty_slot.c |  65 
 hw/sparc/sun4m.c   | 105 -
 MAINTAINERS|   4 +-
 hw/core/Makefile.objs  |   1 -
 hw/misc/Makefile.objs  |   1 +
 hw/misc/trace-events   |   4 ++
 9 files changed, 108 insertions(+), 116 deletions(-)
 delete mode 100644 include/hw/empty_slot.h
 create mode 100644 include/hw/misc/empty_slot.h
 rename hw/{core => misc}/empty_slot.c (57%)

-- 
2.19.1

[Qemu-devel] [PATCH 3/9] hw/misc/empty_slot: Allow overide by device with higher priority

2019-06-24 Thread Philippe Mathieu-Daudé 
The 'empty_slot' models a ChipEnable (or ChipSelect) MMIO device
pluggable on a bus.
The bus allow such slots to be not connected ('empty), thus no
bus errors are generated when this range is accessed.

The device is mapped at priority -1 to allow other devices
to be mapped on top of it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/misc/empty_slot.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/misc/empty_slot.c b/hw/misc/empty_slot.c
index 0adf7a26dc..53299cdbd1 100644
--- a/hw/misc/empty_slot.c
+++ b/hw/misc/empty_slot.c
@@ -68,7 +68,11 @@ void empty_slot_init(hwaddr addr, uint64_t slot_size)
 
 qdev_init_nofail(dev);
 
-sysbus_mmio_map(s, 0, addr);
+/*
+ * We use a priority lower than the default UNIMPLEMENTED_DEVICE
+ * to be able to plug a UnimplementedDevice on an EmptySlot.
+ */
+sysbus_mmio_map_overlap(s, 0, addr, -1);
 }
 }
 
-- 
2.19.1

[Qemu-devel] [PATCH 4/9] hw/misc/empty_slot: Add a qdev property 'size'

2019-06-24 Thread Philippe Mathieu-Daudé 
Add a qdev 'size' property, check the size is not zero in the
realize() function, simplify the empty_slot_init() logic.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/misc/empty_slot.c | 43 ---
 1 file changed, 24 insertions(+), 19 deletions(-)

diff --git a/hw/misc/empty_slot.c b/hw/misc/empty_slot.c
index 53299cdbd1..ef0a7b99ba 100644
--- a/hw/misc/empty_slot.c
+++ b/hw/misc/empty_slot.c
@@ -10,6 +10,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qapi/error.h"
 #include "hw/hw.h"
 #include "hw/sysbus.h"
 #include "qemu/module.h"
@@ -55,41 +56,45 @@ static const MemoryRegionOps empty_slot_ops = {
 
 void empty_slot_init(hwaddr addr, uint64_t slot_size)
 {
-if (slot_size > 0) {
-/* Only empty slots larger than 0 byte need handling. */
-DeviceState *dev;
-SysBusDevice *s;
-EmptySlot *e;
-
-dev = qdev_create(NULL, TYPE_EMPTY_SLOT);
-s = SYS_BUS_DEVICE(dev);
-e = EMPTY_SLOT(dev);
-e->size = slot_size;
-
-qdev_init_nofail(dev);
-
-/*
- * We use a priority lower than the default UNIMPLEMENTED_DEVICE
- * to be able to plug a UnimplementedDevice on an EmptySlot.
- */
-sysbus_mmio_map_overlap(s, 0, addr, -1);
-}
+DeviceState *dev;
+
+dev = qdev_create(NULL, TYPE_EMPTY_SLOT);
+
+qdev_prop_set_uint64(dev, "size", slot_size);
+qdev_init_nofail(dev);
+
+/*
+ * We use a priority lower than the default UNIMPLEMENTED_DEVICE
+ * to be able to plug a UnimplementedDevice on an EmptySlot.
+ */
+sysbus_mmio_map_overlap(SYS_BUS_DEVICE(dev), 0, addr, -1);
 }
 
 static void empty_slot_realize(DeviceState *dev, Error **errp)
 {
 EmptySlot *s = EMPTY_SLOT(dev);
 
+if (s->size == 0) {
+error_setg(errp, "property 'size' not specified or zero");
+return;
+}
+
 memory_region_init_io(&s->iomem, OBJECT(s), &empty_slot_ops, s,
   "empty-slot", s->size);
 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
 }
 
+static Property empty_slot_properties[] = {
+DEFINE_PROP_UINT64("size", EmptySlot, size, 0),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void empty_slot_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 
 dc->realize = empty_slot_realize;
+dc->props = empty_slot_properties;
 }
 
 static const TypeInfo empty_slot_info = {
-- 
2.19.1

[Qemu-devel] [PATCH 6/9] hw/misc/empty_slot: Convert debug printf()s to trace events

2019-06-24 Thread Philippe Mathieu-Daudé 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/misc/empty_slot.c | 19 ---
 hw/misc/trace-events |  4 
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/hw/misc/empty_slot.c b/hw/misc/empty_slot.c
index c32241a9e5..b81064 100644
--- a/hw/misc/empty_slot.c
+++ b/hw/misc/empty_slot.c
@@ -15,15 +15,7 @@
 #include "hw/sysbus.h"
 #include "qemu/module.h"
 #include "hw/misc/empty_slot.h"
-
-//#define DEBUG_EMPTY_SLOT
-
-#ifdef DEBUG_EMPTY_SLOT
-#define DPRINTF(fmt, ...)   \
-do { printf("empty_slot: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while (0)
-#endif
+#include "trace.h"
 
 #define TYPE_EMPTY_SLOT "empty_slot"
 #define EMPTY_SLOT(obj) OBJECT_CHECK(EmptySlot, (obj), TYPE_EMPTY_SLOT)
@@ -39,14 +31,19 @@ typedef struct EmptySlot {
 static uint64_t empty_slot_read(void *opaque, hwaddr addr,
 unsigned size)
 {
-DPRINTF("read from " TARGET_FMT_plx "\n", addr);
+EmptySlot *s = EMPTY_SLOT(opaque);
+
+trace_empty_slot_write(addr, size << 1, 0, size, s->name);
+
 return 0;
 }
 
 static void empty_slot_write(void *opaque, hwaddr addr,
  uint64_t val, unsigned size)
 {
-DPRINTF("write 0x%x to " TARGET_FMT_plx "\n", (unsigned)val, addr);
+EmptySlot *s = EMPTY_SLOT(opaque);
+
+trace_empty_slot_write(addr, size << 1, val, size, s->name);
 }
 
 static const MemoryRegionOps empty_slot_ops = {
diff --git a/hw/misc/trace-events b/hw/misc/trace-events
index 47e1bccf71..b81135ab1e 100644
--- a/hw/misc/trace-events
+++ b/hw/misc/trace-events
@@ -1,5 +1,9 @@
 # See docs/devel/tracing.txt for syntax documentation.
 
+# empty_slot.c
+empty_slot_read(uint64_t addr, unsigned width, uint64_t value, unsigned size, 
const char *name) "rd addr:0x%04"PRIx64" data:0x%0*"PRIx64" size %u [%s]"
+empty_slot_write(uint64_t addr, unsigned width, uint64_t value, unsigned size, 
const char *name) "wr addr:0x%04"PRIx64" data:0x%0*"PRIx64" size %u [%s]"
+
 # eccmemctl.c
 ecc_mem_writel_mer(uint32_t val) "Write memory enable 0x%08x"
 ecc_mem_writel_mdr(uint32_t val) "Write memory delay 0x%08x"
-- 
2.19.1

[Qemu-devel] [Bug 1831545] Re: "accel/tcg: demacro cputlb" break qemu-system-x86_64 on 32-bit x86 host

2019-06-24 Thread Alex Bennée 
** Changed in: qemu
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1831545

Title:
  "accel/tcg: demacro cputlb" break qemu-system-x86_64 on 32-bit x86
  host

Status in QEMU:
  Fix Committed

Bug description:
  As described in https://lists.gnu.org/archive/html/qemu-
  devel//2019-05/msg07362.html I run into TCG regression in qemu-git.

  Unfortunately, fix from bug
  https://bugs.launchpad.net/qemu/+bug/1830872 seems to be nonn-
  effective for my case.

  For reproduction (on 32-bit x86 host, in my case Slackware with gcc
  5.5.0):

  ./configure --target-list=x86_64-softmmu --disable-werror --enable-
  debug-tcg

  make (-j5 in my case)

  try to boot any 64-bit kernel:

  x86_64-softmmu/qemu-system-x86_64 -kernel /boot/bzImage-4.12.0-x64
  -accel tcg

  result is - qemu appear to hang right after "Booting the kernel" line.
  Decompression (xz) was ok.

  Tested with qemu-git commit  e2a58ff493a2e00db3e963c1839c5374500110f2

  32-bit OS can be booted fine, and -enable-kvm also allow 64 bit
  kernel/os to boot.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1831545/+subscriptions

Re: [Qemu-devel] [PATCH v12 1/5] linux-user: Add support for setsockopt() options IPV6__MEMBERSHIP

2019-06-24 Thread Laurent Vivier 
Le 19/06/2019 à 16:17, Aleksandar Markovic a écrit :
> From: Neng Chen 
> 
> Add support for the option IPV6__MEMBERSHIP of the syscall
> setsockopt(). This option controls membership in multicast groups.
> Argument is a pointer to a struct ipv6_mreq.
> 
> The glibc  header defines the ipv6_mreq structure,
> which includes the following members:
> 
>   struct in6_addr  ipv6mr_multiaddr;
>   unsigned int ipv6mr_interface;
> 
> Whereas the kernel in its  header defines following
> members of the same structure:
> 
>   struct in6_addr  ipv6mr_multiaddr;
>   int  ipv6mr_ifindex;
> 
> POSIX defines ipv6mr_interface [1].
> 
> __UAPI_DEF_IVP6_MREQ appears in kernel headers with v3.12:
> 
>   cfd280c91253 net: sync some IP headers with glibc
> 
> Without __UAPI_DEF_IVP6_MREQ, kernel defines ipv6mr_ifindex, and
> this is explained in cfd280c91253:
> 
>   "If you include the kernel headers first you get those,
>   and if you include the glibc headers first you get those,
>   and the following patch arranges a coordination and
>   synchronization between the two."
> 
> So before 3.12, a program can't include both  and
> .
> 
> In linux-user/syscall.c, we only include  (glibc) and
> not  (kernel headers), so ipv6mr_interface is the one
> to use.
> 
> [1] http://pubs.opengroup.org/onlinepubs/009695399/basedefs/netinet/in.h.html
> 
> Signed-off-by: Neng Chen 
> Signed-off-by: Aleksandar Markovic 
> ---
>  linux-user/syscall.c | 19 +++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index b187c12..f267ad0 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -1920,6 +1920,25 @@ static abi_long do_setsockopt(int sockfd, int level, 
> int optname,
> &pki, sizeof(pki)));
>  break;
>  }
> +case IPV6_ADD_MEMBERSHIP:
> +case IPV6_DROP_MEMBERSHIP:
> +{
> +struct ipv6_mreq ipv6mreq;
> +
> +if (optlen < sizeof(ipv6mreq)) {
> +return -TARGET_EINVAL;
> +}
> +
> +if (copy_from_user(&ipv6mreq, optval_addr, sizeof(ipv6mreq))) {
> +return -TARGET_EFAULT;
> +}
> +
> +ipv6mreq.ipv6mr_interface = tswap32(ipv6mreq.ipv6mr_interface);
> +
> +ret = get_errno(setsockopt(sockfd, level, optname,
> +   &ipv6mreq, sizeof(ipv6mreq)));
> +break;
> +}
>  default:
>  goto unimplemented;
>  }
> 

Applied to my linux-user branch.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH v12 2/5] linux-user: Add support for setsockopt() option SOL_ALG

2019-06-24 Thread Laurent Vivier 
Le 19/06/2019 à 16:17, Aleksandar Markovic a écrit :
> From: Yunqiang Su 
> 
> Add support for options SOL_ALG of the syscall setsockopt(). This
> option is used in relation to Linux kernel Crypto API, and allows
> a user to set additional information for the cipher operation via
> syscall setsockopt(). The field "optname" must be one of the
> following:
> 
>   - ALG_SET_KEY – seting the key
>   - ALG_SET_AEAD_AUTHSIZE – set the authentication tag size
> 
> SOL_ALG is relatively newer setsockopt() option. Therefore, the
> code that handles SOL_ALG is enclosed in "ifdef" so that the build
> does not fail for older kernels that do not contain support for
> SOL_ALG. "ifdef" also contains check if ALG_SET_KEY and
> ALG_SET_AEAD_AUTHSIZE are defined.
> 
> Signed-off-by: Yunqiang Su 
> Signed-off-by: Aleksandar Markovic 
> Reviewed-by: Laurent Vivier 
> ---
>  linux-user/syscall.c | 31 +++
>  1 file changed, 31 insertions(+)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index f267ad0..d116287 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -102,6 +102,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  #include "linux_loop.h"
>  #include "uname.h"
>  
> @@ -1989,6 +1990,36 @@ static abi_long do_setsockopt(int sockfd, int level, 
> int optname,
>  goto unimplemented;
>  }
>  break;
> +#if defined(SOL_ALG) && defined(ALG_SET_KEY) && 
> defined(ALG_SET_AEAD_AUTHSIZE)
> +case SOL_ALG:
> +switch (optname) {
> +case ALG_SET_KEY:
> +{
> +char *alg_key = g_malloc(optlen);
> +
> +if (!alg_key) {
> +return -TARGET_ENOMEM;
> +}
> +if (copy_from_user(alg_key, optval_addr, optlen)) {
> +g_free(alg_key);
> +return -TARGET_EFAULT;
> +}
> +ret = get_errno(setsockopt(sockfd, level, optname,
> +   alg_key, optlen));
> +g_free(alg_key);
> +break;
> +}
> +case ALG_SET_AEAD_AUTHSIZE:
> +{
> +ret = get_errno(setsockopt(sockfd, level, optname,
> +   NULL, optlen));
> +break;
> +}
> +default:
> +goto unimplemented;
> +}
> +break;
> +#endif
>  case TARGET_SOL_SOCKET:
>  switch (optname) {
>  case TARGET_SO_RCVTIMEO:
> 

Applied to my linux-user branch.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH v2] linux-user: emulate msgsnd(), msgrcv() and semtimedop()

2019-06-24 Thread Laurent Vivier 
Le 29/05/2019 à 10:48, Laurent Vivier a écrit :
> When we have updated kernel headers to 5.2-rc1 we have introduced
> new syscall numbers that can be not supported by older kernels
> and fail with ENOSYS while the guest emulation succeeded before
> because the syscalls were emulated with ipc().
> 
> This patch fixes the problem by using ipc() if the new syscall
> returns ENOSYS.
> 
> Fixes: 86e636951ddc ("linux-user: fix __NR_semtimedop undeclared error")
> Signed-off-by: Laurent Vivier 
> ---
> 
> Notes:
> v2: replace ENOSYS by TARGET_ENOSYS
> 
>  linux-user/syscall.c  | 61 +++
>  linux-user/syscall_defs.h |  1 +
>  2 files changed, 31 insertions(+), 31 deletions(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 5e29e675e9cf..9ecbac463385 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -763,50 +763,21 @@ safe_syscall2(int, nanosleep, const struct timespec *, 
> req,
>  safe_syscall4(int, clock_nanosleep, const clockid_t, clock, int, flags,
>const struct timespec *, req, struct timespec *, rem)
>  #endif
> -#if !defined(__NR_msgsnd) || !defined(__NR_msgrcv) || 
> !defined(__NR_semtimedop)
> -/* This host kernel architecture uses a single ipc syscall; fake up
> - * wrappers for the sub-operations to hide this implementation detail.
> - * Annoyingly we can't include linux/ipc.h to get the constant definitions
> - * for the call parameter because some structs in there conflict with the
> - * sys/ipc.h ones. So we just define them here, and rely on them being
> - * the same for all host architectures.
> - */
> -#define Q_SEMTIMEDOP 4
> -#define Q_MSGSND 11
> -#define Q_MSGRCV 12
> -#define Q_IPCCALL(VERSION, OP) ((VERSION) << 16 | (OP))
> -
> +#ifdef __NR_ipc
>  safe_syscall6(int, ipc, int, call, long, first, long, second, long, third,
>void *, ptr, long, fifth)
>  #endif
>  #ifdef __NR_msgsnd
>  safe_syscall4(int, msgsnd, int, msgid, const void *, msgp, size_t, sz,
>int, flags)
> -#else
> -static int safe_msgsnd(int msgid, const void *msgp, size_t sz, int flags)
> -{
> -return safe_ipc(Q_IPCCALL(0, Q_MSGSND), msgid, sz, flags, (void *)msgp, 
> 0);
> -}
>  #endif
>  #ifdef __NR_msgrcv
>  safe_syscall5(int, msgrcv, int, msgid, void *, msgp, size_t, sz,
>long, msgtype, int, flags)
> -#else
> -static int safe_msgrcv(int msgid, void *msgp, size_t sz, long type, int 
> flags)
> -{
> -return safe_ipc(Q_IPCCALL(1, Q_MSGRCV), msgid, sz, flags, msgp, type);
> -}
>  #endif
>  #ifdef __NR_semtimedop
>  safe_syscall4(int, semtimedop, int, semid, struct sembuf *, tsops,
>unsigned, nsops, const struct timespec *, timeout)
> -#else
> -static int safe_semtimedop(int semid, struct sembuf *tsops, unsigned nsops,
> -   const struct timespec *timeout)
> -{
> -return safe_ipc(Q_IPCCALL(0, Q_SEMTIMEDOP), semid, nsops, 0, tsops,
> -(long)timeout);
> -}
>  #endif
>  #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
>  safe_syscall5(int, mq_timedsend, int, mqdes, const char *, msg_ptr,
> @@ -3530,11 +3501,21 @@ static inline abi_long target_to_host_sembuf(struct 
> sembuf *host_sembuf,
>  static inline abi_long do_semop(int semid, abi_long ptr, unsigned nsops)
>  {
>  struct sembuf sops[nsops];
> +abi_long ret;
>  
>  if (target_to_host_sembuf(sops, ptr, nsops))
>  return -TARGET_EFAULT;
>  
> -return get_errno(safe_semtimedop(semid, sops, nsops, NULL));
> +ret = -TARGET_ENOSYS;
> +#ifdef __NR_semtimedop
> +ret = get_errno(safe_semtimedop(semid, sops, nsops, NULL));
> +#endif
> +#ifdef __NR_ipc
> +if (ret == -TARGET_ENOSYS) {
> +ret = get_errno(safe_ipc(IPCOP_semtimedop, semid, nsops, 0, sops, 
> 0));
> +}
> +#endif
> +return ret;
>  }
>  
>  struct target_msqid_ds
> @@ -3689,7 +3670,16 @@ static inline abi_long do_msgsnd(int msqid, abi_long 
> msgp,
>  }
>  host_mb->mtype = (abi_long) tswapal(target_mb->mtype);
>  memcpy(host_mb->mtext, target_mb->mtext, msgsz);
> +ret = -TARGET_ENOSYS;
> +#ifdef __NR_msgsnd
>  ret = get_errno(safe_msgsnd(msqid, host_mb, msgsz, msgflg));
> +#endif
> +#ifdef __NR_ipc
> +if (ret == -TARGET_ENOSYS) {
> +ret = get_errno(safe_ipc(IPCOP_msgsnd, msqid, msgsz, msgflg,
> + host_mb, 0));
> +}
> +#endif
>  g_free(host_mb);
>  unlock_user_struct(target_mb, msgp, 0);
>  
> @@ -3717,7 +3707,16 @@ static inline abi_long do_msgrcv(int msqid, abi_long 
> msgp,
>  ret = -TARGET_ENOMEM;
>  goto end;
>  }
> +ret = -TARGET_ENOSYS;
> +#ifdef __NR_msgrcv
>  ret = get_errno(safe_msgrcv(msqid, host_mb, msgsz, msgtyp, msgflg));
> +#endif
> +#ifdef __NR_ipc
> +if (ret == -TARGET_ENOSYS) {
> +ret = get_errno(safe_ipc(IPCOP_CALL(1, IPCOP_msgrcv), msqid, msgsz,
> +msgflg, host_mb, msgtyp));
> +}
> +#endif
>  
>

Re: [Qemu-devel] [PATCH] RISC-V: Update syscall list for 32-bit support.

2019-06-24 Thread Laurent Vivier 
Le 19/06/2019 à 00:32, Jim Wilson a écrit :
> 32-bit RISC-V uses _llseek instead of lseek as syscall number 62.
> Update syscall list from open-embedded build, primarily because
> 32-bit RISC-V requires statx support.
> 
> Tested with cross gcc testsuite runs for rv32 and rv64, with the
> pending statx patch also applied.
> 
> Signed-off-by: Jim Wilson 
> ---
>  linux-user/riscv/syscall_nr.h | 15 ++-
>  1 file changed, 14 insertions(+), 1 deletion(-)
> 
> diff --git a/linux-user/riscv/syscall_nr.h b/linux-user/riscv/syscall_nr.h
> index dab6509..5c87282 100644
> --- a/linux-user/riscv/syscall_nr.h
> +++ b/linux-user/riscv/syscall_nr.h
> @@ -72,7 +72,11 @@
>  #define TARGET_NR_pipe2 59
>  #define TARGET_NR_quotactl 60
>  #define TARGET_NR_getdents64 61
> +#ifdef TARGET_RISCV32
> +#define TARGET_NR__llseek 62
> +#else
>  #define TARGET_NR_lseek 62
> +#endif
>  #define TARGET_NR_read 63
>  #define TARGET_NR_write 64
>  #define TARGET_NR_readv 65
> @@ -286,7 +290,16 @@
>  #define TARGET_NR_membarrier 283
>  #define TARGET_NR_mlock2 284
>  #define TARGET_NR_copy_file_range 285
> +#define TARGET_NR_preadv2 286
> +#define TARGET_NR_pwritev2 287
> +#define TARGET_NR_pkey_mprotect 288
> +#define TARGET_NR_pkey_alloc 289
> +#define TARGET_NR_pkey_free 290
> +#define TARGET_NR_statx 291
> +#define TARGET_NR_io_pgetevents 292
> +#define TARGET_NR_rseq 293
> +#define TARGET_NR_kexec_file_load 294
>  
> -#define TARGET_NR_syscalls (TARGET_NR_copy_file_range + 1)
> +#define TARGET_NR_syscalls (TARGET_NR_kexec_file_load + 1)
>  
>  #endif
> 

Reviewed-by: Laurent Vivier

Re: [Qemu-devel] [Qemu-block] [RFC] nvme: how to support multiple namespaces

2019-06-24 Thread Laszlo Ersek 
On 06/24/19 12:18, Kevin Wolf wrote:
> Am 24.06.2019 um 10:01 hat Klaus Birkelund geschrieben:
>> On Thu, Jun 20, 2019 at 05:37:24PM +0200, Laszlo Ersek wrote:
>>> On 06/17/19 10:12, Klaus Birkelund wrote:
 Hi all,

 I'm thinking about how to support multiple namespaces in the NVMe
 device. My first idea was to add a "namespaces" property array to the
 device that references blockdevs, but as Laszlo writes below, this might
 not be the best idea. It also makes it troublesome to add per-namespace
 parameters (which is something I will be required to do for other
 reasons). Some of you might remember my first attempt at this that
 included adding a new block driver (derived from raw) that could be
 given certain parameters that would then be stored in the image. But I
 understand that this is a no-go, and I can see why.

 I guess the optimal way would be such that the parameters was something
 like:

-blockdev 
 raw,node-name=blk_ns1,file.driver=file,file.filename=blk_ns1.img
-blockdev 
 raw,node-name=blk_ns2,file.driver=file,file.filename=blk_ns2.img
-device nvme-ns,drive=blk_ns1,ns-specific-options (nsfeat,mc,dlfeat)...
-device nvme-ns,drive=blk_ns2,...
-device nvme,...

 My question is how to state the parent/child relationship between the
 nvme and nvme-ns devices. I've been looking at how ide and virtio does
 this, and maybe a "bus" is the right way to go?
>>>
>>> I've added Markus to the address list, because of this question. No
>>> other (new) comments from me on the thread starter at this time, just
>>> keeping the full context.
>>>
>>
>> Hi all,
>>
>> I've succesfully implemented this by introducing a new 'nvme-ns' device
>> model. The nvme device creates a bus named from the device id ('id'
>> parameter) and the nvme-ns devices are then registered on this.
>>
>> This results in an nvme device being creates like this (two namespaces
>> example):
>>
>>   -drive file=nvme0n1.img,if=none,id=disk1
>>   -drive file=nvme0n2.img,if=none,id=disk2
>>   -device nvme,serial=deadbeef,id=nvme0
>>   -device nvme-ns,drive=disk1,bus=nvme0,nsid=1
>>   -device nvme-ns,drive=disk2,bus=nvme0,nsid=2
>>
>> How does that look as a way forward?
> 
> This looks very similar to what other devices do (one bus controller
> that has multiple devices on its but), so I like it.

+1

Also, I believe it's more modern nowadays to express the same example
with "blockdev" syntax, rather than "drive". (Not that I could suggest
the exact spelling for that :)) I don't expect the modern syntax to
behave differently, I just guess it's better to stick with the new in
examples / commit messages etc.

> The thing that is special here is that -device nvme is already a block
> device by itself that can take a drive property. So how does this play
> together? Can I choose to either specify a drive directly for the nvme
> device or nvme-ns devices, but when I do both, I will get an error? What
> happens if I don't specify a drive for nvme, but also don't add nvme-ns
> devices?

Great questions!

Thanks!
Laszlo

Re: [Qemu-devel] icount mode

2019-06-24 Thread Wu, Wentong 
Hi Alex,

Thanks for your reply.

For the different frequencies, please see below code in armv7m_systick.c and 
mps2.c first, the s->reload will be set by the guest os code according to the 
CPU's frequency which will be SYSCLK_FRQ, and s->tick will be set as "s->tick 
+= (s->reload + 1) * systick_scale(s);", it means the frequency of this timer 
which I called qemu timer will be NANOSECONDS_PER_SECOND.
static void systick_reload(SysTickState *s, int reset)
{
/* The Cortex-M3 Devices Generic User Guide says that "When the
 * ENABLE bit is set to 1, the counter loads the RELOAD value from the
 * SYST RVR register and then counts down". So, we need to check the
 * ENABLE bit before reloading the value.
 */
trace_systick_reload();

if ((s->control & SYSTICK_ENABLE) == 0) {
return;
}

if (reset) {
s->tick = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
}
s->tick += (s->reload + 1) * systick_scale(s);
timer_mod(s->timer, s->tick);
}

static void mps2_common_init(MachineState *machine)
{
  ...
  system_clock_scale = NANOSECONDS_PER_SECOND / SYSCLK_FRQ;
  ...
}

But for below code, it will use qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) to get 
the current time which will be calculated by 2^N ns * instruction counter, but 
this frequency will be NANOSECONDS_PER_SECOND /  2^N. Below code is an example 
two different frequencies are used, actually in cpus.c, 
qemu_clock_deadline_ns_all(QEMU_CLOCK_VIRTUAL) will use the qemu timer(freq is 
NANOSECONDS_PER_SECOND), and cpu_icount_to_ns will calcaute time with frequency 
NANOSECONDS_PER_SECOND /  2^N.

static void systick_write(void *opaque, hwaddr addr,
  uint64_t value, unsigned size)
{
SysTickState *s = opaque;

trace_systick_write(addr, value, size);

switch (addr) {
case 0x0: /* SysTick Control and Status.  */
{
uint32_t oldval = s->control;

s->control &= 0xfff8;
s->control |= value & 7;
if ((oldval ^ value) & SYSTICK_ENABLE) {
int64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
if (value & SYSTICK_ENABLE) {
if (s->tick) {
s->tick += now;
timer_mod(s->timer, s->tick);
} else {
systick_reload(s, 1);
}
} else {
timer_del(s->timer);
s->tick -= now;
if (s->tick < 0) {
s->tick = 0;
}
}
} else if ((oldval ^ value) & SYSTICK_CLKSOURCE) {
/* This is a hack. Force the timer to be reloaded
   when the reference clock is changed.  */
systick_reload(s, 1);
}
break;
}
case 0x4: /* SysTick Reload Value.  */
s->reload = value;
break;
..

Yes, I'm for the for determinism, in my guest image there are some testing 
cases for timer system which locate in a small rtos.
And for shift value, I mean it seems shift value impact system greatly, for the 
same one guest image and different shift value in count mode(-icount 
shift=4,align=off,sleep=off -rtc clock=vm) give very different accuracy for 
guest timer. So my question is how to calculate the shift value for the end 
user.

Thanks again for your help.

Thanks  

-Original Message-
From: Qemu-devel [mailto:qemu-devel-bounces+wentong.wu=intel@nongnu.org] On 
Behalf Of Alex Bennée
Sent: Monday, June 24, 2019 11:48 PM
To: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] icount mode


Wu, Wentong  writes:

> Hi all,
>
> Recently I'm using Qemu TCG icount mode, from the code I found Qemu 
> timers run at 1GHz, and for ArmV7M example, there will be conversion

Are you talking about:

  #define ARM_CPU_FREQ 10 /* FIXME: 1 GHz, should be configurable */

because as far as I can tell that only affects the scaling factors applied to 
PMU counters. The internal counters (CNTFRQ_EL0 and friends) are hardwired to:

   /* Scale factor for generic timers, ie number of ns per tick.
* This gives a 62.5MHz timer.
*/
   #define GTIMER_SCALE 16

but this only affects the nominal rate the counters expire at. Software could 
attempt to reprogram it and the emulation will read-as-written but it won't 
actually change anything. However this only affects the clocks
- it implies nothing about how fast the core may be executing. In fact unless 
you are using icount we will just run as fast a possible.

> factor from qemu timer to SysTick frequency which will be calculated 
> by NANOSECONDS_PER_SECOND / SYSCLK_FRQ.

You need to be a little more precise here. ARM systems vary in the number of 
timer sources they have. The qemu timers are an internal implementation detail 
for providing a way to track time. The value of SYSCLK_FRQ varies depending on 
what board you have launched and mostly seems to be used to calculate the 
additional timer values for various peripher

Re: [Qemu-devel] [PATCH v4 04/10] block/pflash_cfi02: Implement intereleaved flash devices

2019-06-24 Thread Stephen Checkoway 



> On Jun 24, 2019, at 12:05, Philippe Mathieu-Daudé  wrote:
> 
>> On 6/22/19 2:25 PM, Philippe Mathieu-Daudé wrote:
>> Hi Stephen,
>> 
>> This series haven't fall through the cracks, however it is taking me
>> longer than expected to review it.
>> 
>>> On 4/26/19 6:26 PM, Stephen Checkoway wrote:
>>> It's common for multiple narrow flash chips to be hooked up in parallel
>>> to support wider buses. For example, four 8-bit wide flash chips (x8)
>>> may be combined in parallel to produce a 32-bit wide device. Similarly,
>>> two 16-bit wide chips (x16) may be combined.
>>> 
>>> This commit introduces `device-width` and `max-device-width` properties,
>>> similar to pflash_cfi01, with the following meanings:
>>> - `width`: The width of the logical, qemu device (same as before);
>>> - `device-width`: The width of an individual flash chip, defaulting to
>>>  `width`; and
>>> - `max-device-width`: The maximum width of an individual flash chip,
>>>  defaulting to `device-width`.
>>> 
>>> Nothing needs to change to support reading such interleaved devices but
>>> commands (e.g., erase and programming) must be sent to all devices at
>>> the same time or else the various chips will be in different states.
>> 
>> After some thoughts on this, I'd rather we model how hardware manage
>> interleaved devices: do it at the bus level, and instanciate N devices
>> in an interleaved config.
>> I believe that would drastically reduce this device complexity, and we
>> would match the real internal state machine.
>> Also this could be reused by other parallel devices used in a such config.
>> 
>>> For example, a 4-byte wide logical device can be composed of four x8/x16
>>> devices in x8 mode. That is, each device supports both x8 or x16 and
>>> they're being used in the byte, rather than word, mode. This
>>> configuration would have `width=4`, `device-width=1`, and
>>> `max-device-width=2`.
>> 
>> 
>> I'm thinking of this draft:
>> 
>> FlashDevice # x8
>>  MemoryRegionOps
>>.valid.max_access_size = 1
>> 
>> FlashDevice # x16
>>  MemoryRegionOps
>>.valid.min_access_size = 2
>>.valid.max_access_size = 2
>> 
>> FlashDevice # x8/x16
>>  MemoryRegionOps
>>.valid.min_access_size = 1
>>.valid.max_access_size = 2
>> 
>> We might use .impl.min_access_size = 2 and consider all NOR flash using
>> 16-bit words internally.
>>.impl.max_access_size = 2 is implicit.
>> 
>> So for you example we'd instanciate one:
>> 
>> InterleaverDevice
>>  Property
>>.bus_width = 4 # 4-byte wide logical device, `width=4`
>>.device_width = 1 # `device-width=1`
>>  MemoryRegionOps
>>.valid.max_access_size = .bus_width # 4, set at realize()
>>.impl.max_access_size = .device_width # 1, set at realize()
>> 
>> Then instanciate 4 pflash devices, and link them to the interleaver
>> using object_property_set_link().
>> 
>> typedef struct {
>>SysBusDevice parent_obj;
>>MemoryRegion iomem;
>>char *name;
>>/*
>> * On a 64-bit wide bus we can have at most
>> * 8 devices in 8-bit access mode.
>> */
>>MemoryRegion device[8];
>>unsigned device_count;
>>unsigned device_index_mask;
>>/* Properties */
>>unsigned bus_width;
>>unsigned device_width;
>> } InterleaverDeviceState;
>> 
>> static Property interleaver_properties[] = {
>>DEFINE_PROP_LINK("device[0]", InterleaverDeviceState,
>> device[0],
>> TYPE_MEMORY_REGION, MemoryRegion *),
>>...
>>DEFINE_PROP_LINK("device[7]", InterleaverDeviceState,
>> device[7],
>> TYPE_MEMORY_REGION, MemoryRegion *),
>>DEFINE_PROP_END_OF_LIST(),
>> };
>> 
>> Then previous to call InterleaverDevice.realize():
>> 
>> In the board realize():
>> 
>> 
>>for (i = 0; i < interleaved_devices; i++) {
>>pflash[i] = create_pflash(...);
>>...
>>}
>> 
>>ild = ... create InterleaverDevice ...
>>for (i = 0; i < interleaved_devices; i++) {
>>char *propname = g_strdup_printf("device[%u]", i);
>> 
>> 
>>object_property_set_link(OBJECT(&ild->device[i]),
>> OBJECT(pflash[i]),
>> propname, &err);
>>...
>>}
>> 
>> Finally,
>> 
>> static void interleaved_realize(DeviceState *dev, Error **errp)
>> {
>>InterleaverDeviceState *s = INTERLEAVER_DEVICE(opaque);
>> 
>>s->device_count = s->bus_width / s->device_width;
>>s->device_index_mask = ~(s->device_count - 1);
>>...
>> }
>> 
>> static void interleaved_write(void *opaque, hwaddr offset,
>>  uint64_t value, unsigned size)
>> {
>>InterleaverDeviceState *s = INTERLEAVER_DEVICE(opaque);
>>MemoryRegion *mr;
>> 
>>/*
>> * Since we set .impl.max_access_size = device_width,
>> * access_with_adjusted_size() always call this with
>> * size = device_width.
>> *
>> * Adjust the address (offset).
>> */
>>offset >>= size;
>>/* Access the N i

Re: [Qemu-devel] [PATCH 1/2] linux-user: update PPC64 HWCAP2 feature list

2019-06-24 Thread Laurent Vivier 
Ping?

Le 09/06/2019 à 16:35, Laurent Vivier a écrit :
> QEMU_PPC_FEATURE2_VEC_CRYPTO enables the use
> of VSX instructions in libcrypto that are accelerated
> by the TCG vector instructions now.
> 
> QEMU_PPC_FEATURE2_DARN allows to use the new builtin
> qemu_guest_getrandom() function.
> 
> Signed-off-by: Laurent Vivier 
> ---
>  linux-user/elfload.c | 12 ++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/linux-user/elfload.c b/linux-user/elfload.c
> index 5451d262ec8e..5751beff1b64 100644
> --- a/linux-user/elfload.c
> +++ b/linux-user/elfload.c
> @@ -768,7 +768,13 @@ enum {
>  QEMU_PPC_FEATURE2_HAS_EBB = 0x1000, /* Event Base Branching */
>  QEMU_PPC_FEATURE2_HAS_ISEL = 0x0800, /* Integer Select */
>  QEMU_PPC_FEATURE2_HAS_TAR = 0x0400, /* Target Address Register */
> +QEMU_PPC_FEATURE2_VEC_CRYPTO = 0x0200,
> +QEMU_PPC_FEATURE2_HTM_NOSC = 0x0100,
>  QEMU_PPC_FEATURE2_ARCH_3_00 = 0x0080, /* ISA 3.00 */
> +QEMU_PPC_FEATURE2_HAS_IEEE128 = 0x0040, /* VSX IEEE Bin Float 
> 128-bit */
> +QEMU_PPC_FEATURE2_DARN = 0x0020, /* darn random number insn */
> +QEMU_PPC_FEATURE2_SCV = 0x0010, /* scv syscall */
> +QEMU_PPC_FEATURE2_HTM_NO_SUSPEND = 0x0008, /* TM w/o suspended state 
> */
>  };
>  
>  #define ELF_HWCAP get_elf_hwcap()
> @@ -822,8 +828,10 @@ static uint32_t get_elf_hwcap2(void)
>  GET_FEATURE(PPC_ISEL, QEMU_PPC_FEATURE2_HAS_ISEL);
>  GET_FEATURE2(PPC2_BCTAR_ISA207, QEMU_PPC_FEATURE2_HAS_TAR);
>  GET_FEATURE2((PPC2_BCTAR_ISA207 | PPC2_LSQ_ISA207 | PPC2_ALTIVEC_207 |
> -  PPC2_ISA207S), QEMU_PPC_FEATURE2_ARCH_2_07);
> -GET_FEATURE2(PPC2_ISA300, QEMU_PPC_FEATURE2_ARCH_3_00);
> +  PPC2_ISA207S), QEMU_PPC_FEATURE2_ARCH_2_07 |
> +  QEMU_PPC_FEATURE2_VEC_CRYPTO);
> +GET_FEATURE2(PPC2_ISA300, QEMU_PPC_FEATURE2_ARCH_3_00 |
> + QEMU_PPC_FEATURE2_DARN);
>  
>  #undef GET_FEATURE
>  #undef GET_FEATURE2
>

Re: [Qemu-devel] [PATCH v1 3/9] target/riscv: Comment in the mcountinhibit CSR

2019-06-24 Thread Alistair Francis 
On Mon, Jun 24, 2019 at 2:31 AM Palmer Dabbelt  wrote:
>
> On Mon, 17 Jun 2019 18:31:08 PDT (-0700), Alistair Francis wrote:
> > Add a comment for the new mcountinhibit which conflicts with the
> > CSR_MUCOUNTEREN from version 1.09.1. This can be updated when we remove
> > 1.09.1.
> >
> > Signed-off-by: Alistair Francis 
> > ---
> >  target/riscv/cpu_bits.h | 1 +
> >  target/riscv/csr.c  | 6 --
> >  2 files changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
> > index 47450a3cdb..11f971ad5d 100644
> > --- a/target/riscv/cpu_bits.h
> > +++ b/target/riscv/cpu_bits.h
> > @@ -136,6 +136,7 @@
> >  #define CSR_MCOUNTEREN  0x306
> >
> >  /* Legacy Counter Setup (priv v1.9.1) */
> > +/* Update to #define CSR_MCOUNTINHIBIT 0x320 for 1.11.0 */
> >  #define CSR_MUCOUNTEREN 0x320
> >  #define CSR_MSCOUNTEREN 0x321
> >  #define CSR_MHCOUNTEREN 0x322
> > diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> > index c67d29e206..437387fd28 100644
> > --- a/target/riscv/csr.c
> > +++ b/target/riscv/csr.c
> > @@ -461,18 +461,20 @@ static int write_mcounteren(CPURISCVState *env, int 
> > csrno, target_ulong val)
> >  return 0;
> >  }
> >
> > +/* This regiser is replaced with CSR_MCOUNTINHIBIT in 1.11.0 */
> >  static int read_mscounteren(CPURISCVState *env, int csrno, target_ulong 
> > *val)
> >  {
> > -if (env->priv_ver > PRIV_VERSION_1_09_1) {
> > +if (env->priv_ver > PRIV_VERSION_1_09_1 && env->priv_ver < 
> > PRIV_VERSION_1_11_0) {
> >  return -1;
> >  }
> >  *val = env->mcounteren;
> >  return 0;
> >  }
> >
> > +/* This regiser is replaced with CSR_MCOUNTINHIBIT in 1.11.0 */
> >  static int write_mscounteren(CPURISCVState *env, int csrno, target_ulong 
> > val)
> >  {
> > -if (env->priv_ver > PRIV_VERSION_1_09_1) {
> > +if (env->priv_ver > PRIV_VERSION_1_09_1 && env->priv_ver < 
> > PRIV_VERSION_1_11_0) {
> >  return -1;
> >  }
> >  env->mcounteren = val;
>
> I don't think this one is right: this should be unsupported on 1.11, as the
> semantics of this bit are slightly different.  It shouldn't be that hard to
> just emulate it fully for both 1.09.1 and 1.11: for 1.09 this disables access
> to the counters (which still tick), while for 1.11 it disables ticking the
> counters (which can still be accessed).  Since we don't do anything with the
> counters in QEMU, I think this should do it
>
> LMK if you're OK with me replacing the patch with this
>
> commit e9169ccd5ca97a036de41dad23f37f6724712b90
> Author: Alistair Francis 
> Date:   Mon Jun 17 18:31:08 2019 -0700
>
> target/riscv: Add the mcountinhibit CSR
>
> 1.11 defines mcountinhibit, which has the same numeric CSR value as
> mucounteren from 1.09.1 but has different semantics.  This patch enables
> the CSR for 1.11-based targets, which is trivial to implement because
> the counters in QEMU never tick (legal according to the spec).
>
> Signed-off-by: Alistair Francis 
> [Palmer: Fix counter access semantics, change commit message to indicate
> the behavior is fully emulated.]
> Reviewed-by: Palmer Dabbelt 
> Signed-off-by: Palmer Dabbelt 

Yep, looks good.

Alistair

>
> diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
> index 47450a3cdb75..11f971ad5df0 100644
> --- a/target/riscv/cpu_bits.h
> +++ b/target/riscv/cpu_bits.h
> @@ -136,6 +136,7 @@
>  #define CSR_MCOUNTEREN  0x306
>
>  /* Legacy Counter Setup (priv v1.9.1) */
> +/* Update to #define CSR_MCOUNTINHIBIT 0x320 for 1.11.0 */
>  #define CSR_MUCOUNTEREN 0x320
>  #define CSR_MSCOUNTEREN 0x321
>  #define CSR_MHCOUNTEREN 0x322
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index c67d29e20618..2622b2e05474 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -56,6 +56,14 @@ static int fs(CPURISCVState *env, int csrno)
>  static int ctr(CPURISCVState *env, int csrno)
>  {
>  #if !defined(CONFIG_USER_ONLY)
> +/*
> + * The counters are always enabled on newer priv specs, as the CSR has
> + * changed from controlling that the counters can be read to controlling
> + * that the counters increment.
> + */
> +if (env->priv_ver > PRIV_VERSION_1_09_1)
> +return 0;
> +
>  uint32_t ctr_en = ~0u;
>
>  if (env->priv < PRV_M) {
> @@ -461,18 +469,20 @@ static int write_mcounteren(CPURISCVState *env, int 
> csrno, target_ulong val)
>  return 0;
>  }
>
> +/* This regiser is replaced with CSR_MCOUNTINHIBIT in 1.11.0 */
>  static int read_mscounteren(CPURISCVState *env, int csrno, target_ulong *val)
>  {
> -if (env->priv_ver > PRIV_VERSION_1_09_1) {
> +if (env->priv_ver > PRIV_VERSION_1_09_1 && env->priv_ver < 
> PRIV_VERSION_1_11_0) {
>  return -1;
>  }
>  *val = env->mcounteren;
>  return 0;
>  }
>
> +/* This regiser is replaced with CSR_MCOUNTINHIBIT in 1.11.0 */
>  static int write_mscounteren(CPURISCVState *env, int csrno, target

Re: [Qemu-devel] [PATCH v1 0/9] Update the RISC-V specification versions

2019-06-24 Thread Alistair Francis 
On Mon, Jun 24, 2019 at 2:33 AM Palmer Dabbelt  wrote:
>
> On Mon, 17 Jun 2019 18:31:00 PDT (-0700), Alistair Francis wrote:
> > Based-on: 
> >
> > Now that the RISC-V spec has started to be ratified let's update our
> > QEMU implementation. There are a few things going on here:
> >  - Add priv version 1.11.0 to QEMU
> > - This is the ratified version of the Privledge spec
> > - There are almost no changes to 1.10
> >  - Mark the 1.09.1 privledge spec as depreated
> >  - Let's aim to remove it in two releases
> >  - Set priv version 1.11.0 as the default
> >  - Remove the user_spec version
> >  - This doesn't really mean anything so let's remove it
> >  - Add support for the "Counters" extension
> >  - Add command line options for Zifencei and Zicsr
> >
> > We can remove the spec version as it's unused and has never been exposed
> > to users. The idea is to match the specs in specifying the version. To
> > handle versions in the future we can extend the extension props to
> > handle version information.
> >
> > For example something like this: -cpu rv64,i=2.2,c=2.0,h=0.4,priv_spec=1.11
> >
> > NOTE: This isn't supported today as we only have one of each version.
> >
> > This will be a future change if we decide to support multiple versions
> > of extensions.
> >
> > The "priv_spec" string doesn't really match, but I don't have a better
> > way to say "Machine ISA" and "Supervisor ISA" which is what is included
> > in "priv_spec".
> >
> > For completeness I have also added the Counters, Zifencei and Zicsr
> > extensions.
> >
> > Everything else seems to match the spec names/style.
> >
> > Please let me know if I'm missing something. QEMU 4.1 is the first
> > release to support the extensions from the command line, so we can
> > easily change it until then. After that it'll take more work to change
> > the command line interface.
> >
> > Alistair Francis (9):
> >   target/riscv: Restructure deprecatd CPUs
> >   target/riscv: Add the privledge spec version 1.11.0
> >   target/riscv: Comment in the mcountinhibit CSR
> >   target/riscv: Set privledge spec 1.11.0 as default
> >   qemu-deprecated.texi: Deprecate the RISC-V privledge spec 1.09.1
> >   target/riscv: Require either I or E base extension
> >   target/riscv: Remove user version information
> >   target/riscv: Add support for disabling/enabling Counters
> >   target/riscv: Add Zifencei and Zicsr as command line options
> >
> >  qemu-deprecated.texi  |  8 +++
> >  target/riscv/cpu.c| 72 ++-
> >  target/riscv/cpu.h| 19 ++---
> >  target/riscv/cpu_bits.h   |  1 +
> >  target/riscv/csr.c| 13 +++-
> >  .../riscv/insn_trans/trans_privileged.inc.c   |  2 +-
> >  6 files changed, 71 insertions(+), 44 deletions(-)
>
> Aside from the comments on 3 and 9
>
> Reviewed-by: Palmer Dabbelt 
>
> I've got these, along with my proposed modifications, queued up.  LMK if 
> that's
> a problem, particularly the two-patch replacement for 9 needs a review as it's
> entirely new code.

I haven't looked at the new code yet, but it all passes my tests so LGTM.

Alistair

Re: [Qemu-devel] [PATCH v4 11/14] block: Try to create well typed json:{} filenames

2019-06-24 Thread Max Reitz 
On 24.06.19 19:39, Max Reitz wrote:
> By applying qdict_flatten(), the flat-confused input visitor, and the
> output visitor, we can at least try to bring bs->full_open_options into
> accordance with the QAPI schema.  This may not always work (there are
> some options left that have not been QAPI-fied yet), but in practice it
> usually will.
> 
> In any case, sometimes emitting wrongly typed json:{} filenames is
> better than doing it effectively half the time.
> 
> This affects some iotests because json:{} filenames are now usually
> crumpled.  In 198, "format": "auto" now appears in the qcow2 encryption
> options because going through a visitor makes optional members' default
> values explicit.
> 
> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1534396
> Signed-off-by: Max Reitz 
> ---
>  block.c| 68 +-
>  tests/qemu-iotests/059.out |  2 +-
>  tests/qemu-iotests/099.out |  4 +--
>  tests/qemu-iotests/110.out |  2 +-
>  tests/qemu-iotests/198.out |  4 +--
>  5 files changed, 73 insertions(+), 7 deletions(-)
> 
> diff --git a/block.c b/block.c
> index c139540f2b..d3c1041087 100644
> --- a/block.c
> +++ b/block.c
> @@ -36,6 +36,7 @@
>  #include "qapi/qmp/qjson.h"
>  #include "qapi/qmp/qnull.h"
>  #include "qapi/qmp/qstring.h"
> +#include "qapi/qobject-input-visitor.h"
>  #include "qapi/qobject-output-visitor.h"
>  #include "qapi/qapi-visit-block-core.h"
>  #include "sysemu/block-backend.h"
> @@ -6283,6 +6284,56 @@ static bool bdrv_backing_overridden(BlockDriverState 
> *bs)
>  }
>  }
>  
> +/**
> + * Take a blockdev @options QDict and convert its values to the
> + * correct type.
> + *
> + * Fail if @options does not match the QAPI schema of BlockdevOptions.
> + *
> + * In case of failure, return NULL and set @errp.
> + *
> + * In case of success, return a correctly typed new QDict.
> + */
> +static QDict *bdrv_type_blockdev_opts(const QDict *options, Error **errp)
> +{
> +Visitor *v;
> +BlockdevOptions *blockdev_options;
> +QObject *typed_opts;
> +QDict *string_options;
> +Error *local_err = NULL;
> +
> +string_options = qdict_clone_shallow(options);
> +
> +qdict_flatten(string_options);
> +v = qobject_input_visitor_new_flat_confused(string_options, errp);

Imagine a

+qobject_unref(string_options);

here.

Max

> +if (!v) {
> +error_prepend(errp, "Failed to prepare options: ");
> +return NULL;
> +}
> +
> +visit_type_BlockdevOptions(v, NULL, &blockdev_options, &local_err);
> +visit_free(v);
> +if (local_err) {
> +error_propagate(errp, local_err);
> +error_prepend(errp, "Not a valid BlockdevOptions object: ");
> +return NULL;
> +}
> +
> +v = qobject_output_visitor_new(&typed_opts);
> +visit_type_BlockdevOptions(v, NULL, &blockdev_options, &local_err);
> +if (!local_err) {
> +visit_complete(v, &typed_opts);
> +}
> +visit_free(v);
> +qapi_free_BlockdevOptions(blockdev_options);
> +if (local_err) {
> +error_propagate(errp, local_err);
> +return NULL;
> +}
> +
> +return qobject_to(QDict, typed_opts);
> +}
> +
>  /* Updates the following BDS fields:
>   *  - exact_filename: A filename which may be used for opening a block device
>   *which (mostly) equals the given BDS (even without any
> @@ -6400,10 +6451,25 @@ void bdrv_refresh_filename(BlockDriverState *bs)
>  if (bs->exact_filename[0]) {
>  pstrcpy(bs->filename, sizeof(bs->filename), bs->exact_filename);
>  } else {
> -QString *json = qobject_to_json(QOBJECT(bs->full_open_options));
> +QString *json;
> +QDict *typed_opts, *json_opts;
> +
> +typed_opts = bdrv_type_blockdev_opts(bs->full_open_options, NULL);
> +
> +/*
> + * We cannot be certain that bs->full_open_options matches
> + * BlockdevOptions, so bdrv_type_blockdev_opts() may fail.
> + * That is not fatal, we can just emit bs->full_open_options
> + * directly -- qemu will accept that, even if it does not
> + * match the schema.
> + */
> +json_opts = typed_opts ?: bs->full_open_options;
> +
> +json = qobject_to_json(QOBJECT(json_opts));
>  snprintf(bs->filename, sizeof(bs->filename), "json:%s",
>   qstring_get_str(json));
>  qobject_unref(json);
> +qobject_unref(typed_opts);
>  }
>  }
>  
> diff --git a/tests/qemu-iotests/059.out b/tests/qemu-iotests/059.out
> index 4fab42a28c..53109b2d49 100644
> --- a/tests/qemu-iotests/059.out
> +++ b/tests/qemu-iotests/059.out
> @@ -2050,7 +2050,7 @@ wrote 512/512 bytes at offset 10240
>  
>  === Testing monolithicFlat with internally generated JSON file name ===
>  Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 
> subformat=monolithicFlat
> -qemu-io: can't open: Cannot use relative extent paths with VMDK descriptor 
> file 'json:{"image": {"driver": "f

Re: [Qemu-devel] [PATCH v8 03/10] dp8393x: manage big endian bus

2019-06-24 Thread Laurent Vivier 
Hi,

Jason, Can I have an Acked-by from you (as network devices maintainer)?

Thanks,
Laurent

Le 20/06/2019 à 00:19, Laurent Vivier a écrit :
> This is needed by Quadra 800, this card can run on little-endian
> or big-endian bus.
> 
> Signed-off-by: Laurent Vivier 
> Tested-by: Hervé Poussineau 
> Reviewed-by: Philippe Mathieu-Daudé 
> Reviewed-by: Hervé Poussineau 
> ---
>  hw/net/dp8393x.c | 88 +++-
>  1 file changed, 57 insertions(+), 31 deletions(-)
> 
> diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
> index bdb0b3b2c2..b014c015c6 100644
> --- a/hw/net/dp8393x.c
> +++ b/hw/net/dp8393x.c
> @@ -150,6 +150,7 @@ typedef struct dp8393xState {
>  
>  /* Hardware */
>  uint8_t it_shift;
> +bool big_endian;
>  qemu_irq irq;
>  #ifdef DEBUG_SONIC
>  int irq_level;
> @@ -220,6 +221,29 @@ static uint32_t dp8393x_wt(dp8393xState *s)
>  return s->regs[SONIC_WT1] << 16 | s->regs[SONIC_WT0];
>  }
>  
> +static uint16_t dp8393x_get(dp8393xState *s, int width, uint16_t *base,
> +int offset)
> +{
> +uint16_t val;
> +
> +if (s->big_endian) {
> +val = be16_to_cpu(base[offset * width + width - 1]);
> +} else {
> +val = le16_to_cpu(base[offset * width]);
> +}
> +return val;
> +}
> +
> +static void dp8393x_put(dp8393xState *s, int width, uint16_t *base, int 
> offset,
> +uint16_t val)
> +{
> +if (s->big_endian) {
> +base[offset * width + width - 1] = cpu_to_be16(val);
> +} else {
> +base[offset * width] = cpu_to_le16(val);
> +}
> +}
> +
>  static void dp8393x_update_irq(dp8393xState *s)
>  {
>  int level = (s->regs[SONIC_IMR] & s->regs[SONIC_ISR]) ? 1 : 0;
> @@ -251,12 +275,12 @@ static void dp8393x_do_load_cam(dp8393xState *s)
>  /* Fill current entry */
>  address_space_rw(&s->as, dp8393x_cdp(s),
>  MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
> -s->cam[index][0] = data[1 * width] & 0xff;
> -s->cam[index][1] = data[1 * width] >> 8;
> -s->cam[index][2] = data[2 * width] & 0xff;
> -s->cam[index][3] = data[2 * width] >> 8;
> -s->cam[index][4] = data[3 * width] & 0xff;
> -s->cam[index][5] = data[3 * width] >> 8;
> +s->cam[index][0] = dp8393x_get(s, width, data, 1) & 0xff;
> +s->cam[index][1] = dp8393x_get(s, width, data, 1) >> 8;
> +s->cam[index][2] = dp8393x_get(s, width, data, 2) & 0xff;
> +s->cam[index][3] = dp8393x_get(s, width, data, 2) >> 8;
> +s->cam[index][4] = dp8393x_get(s, width, data, 3) & 0xff;
> +s->cam[index][5] = dp8393x_get(s, width, data, 3) >> 8;
>  DPRINTF("load cam[%d] with %02x%02x%02x%02x%02x%02x\n", index,
>  s->cam[index][0], s->cam[index][1], s->cam[index][2],
>  s->cam[index][3], s->cam[index][4], s->cam[index][5]);
> @@ -269,7 +293,7 @@ static void dp8393x_do_load_cam(dp8393xState *s)
>  /* Read CAM enable */
>  address_space_rw(&s->as, dp8393x_cdp(s),
>  MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
> -s->regs[SONIC_CE] = data[0 * width];
> +s->regs[SONIC_CE] = dp8393x_get(s, width, data, 0);
>  DPRINTF("load cam done. cam enable mask 0x%04x\n", s->regs[SONIC_CE]);
>  
>  /* Done */
> @@ -290,10 +314,10 @@ static void dp8393x_do_read_rra(dp8393xState *s)
>  MEMTXATTRS_UNSPECIFIED, (uint8_t *)data, size, 0);
>  
>  /* Update SONIC registers */
> -s->regs[SONIC_CRBA0] = data[0 * width];
> -s->regs[SONIC_CRBA1] = data[1 * width];
> -s->regs[SONIC_RBWC0] = data[2 * width];
> -s->regs[SONIC_RBWC1] = data[3 * width];
> +s->regs[SONIC_CRBA0] = dp8393x_get(s, width, data, 0);
> +s->regs[SONIC_CRBA1] = dp8393x_get(s, width, data, 1);
> +s->regs[SONIC_RBWC0] = dp8393x_get(s, width, data, 2);
> +s->regs[SONIC_RBWC1] = dp8393x_get(s, width, data, 3);
>  DPRINTF("CRBA0/1: 0x%04x/0x%04x, RBWC0/1: 0x%04x/0x%04x\n",
>  s->regs[SONIC_CRBA0], s->regs[SONIC_CRBA1],
>  s->regs[SONIC_RBWC0], s->regs[SONIC_RBWC1]);
> @@ -408,12 +432,12 @@ static void dp8393x_do_transmit_packets(dp8393xState *s)
>  tx_len = 0;
>  
>  /* Update registers */
> -s->regs[SONIC_TCR] = data[0 * width] & 0xf000;
> -s->regs[SONIC_TPS] = data[1 * width];
> -s->regs[SONIC_TFC] = data[2 * width];
> -s->regs[SONIC_TSA0] = data[3 * width];
> -s->regs[SONIC_TSA1] = data[4 * width];
> -s->regs[SONIC_TFS] = data[5 * width];
> +s->regs[SONIC_TCR] = dp8393x_get(s, width, data, 0) & 0xf000;
> +s->regs[SONIC_TPS] = dp8393x_get(s, width, data, 1);
> +s->regs[SONIC_TFC] = dp8393x_get(s, width, data, 2);
> +s->regs[SONIC_TSA0] = dp8393x_get(s, width, data, 3);
> +s->regs[SONIC_TSA1] = dp8393x_get(s, width, data, 4);
> +s->regs[SONIC_TFS] = dp8393x_get(s, width, data, 5);
>  
>  /* Handle programma

Re: [Qemu-devel] [PATCH v4 00/14] block: Try to create well-typed json:{} filenames

2019-06-24 Thread Max Reitz 
On 24.06.19 21:00, no-re...@patchew.org wrote:
> Patchew URL: 
> https://patchew.org/QEMU/20190624173935.25747-1-mre...@redhat.com/
> 
> 
> 
> Hi,
> 
> This series failed the asan build test. Please find the testing commands and
> their output below. If you have Docker installed, you can probably reproduce 
> it
> locally.

Many ASan leaks of the form:

> Indirect leak of 4120 byte(s) in 1 object(s) allocated from:
> #0 0x56245fee9d3e in calloc 
> (/tmp/qemu-test/build/tests/test-bdrv-drain+0x52fd3e)
> #1 0x7f285054bcf0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x55cf0)
> #2 0x562460610cf3 in qdict_clone_shallow 
> /tmp/qemu-test/src/qobject/qdict.c:367:12
> #3 0x56245ff8487b in bdrv_type_blockdev_opts 
> /tmp/qemu-test/src/block.c:6305:22

Oops, I forgot to free string_options in bdrv_type_blockdev_opts().
Thanks, Patchew!

Max



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 1831545] Re: "accel/tcg: demacro cputlb" break qemu-system-x86_64 on 32-bit x86 host

2019-06-24 Thread Andrew Randrianasulu 
bug fixed in current git (commit
474f3938d79ab36b9231c9ad3b5a9314c2aeacde). Thanks, Alex!

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1831545

Title:
  "accel/tcg: demacro cputlb" break qemu-system-x86_64 on 32-bit x86
  host

Status in QEMU:
  In Progress

Bug description:
  As described in https://lists.gnu.org/archive/html/qemu-
  devel//2019-05/msg07362.html I run into TCG regression in qemu-git.

  Unfortunately, fix from bug
  https://bugs.launchpad.net/qemu/+bug/1830872 seems to be nonn-
  effective for my case.

  For reproduction (on 32-bit x86 host, in my case Slackware with gcc
  5.5.0):

  ./configure --target-list=x86_64-softmmu --disable-werror --enable-
  debug-tcg

  make (-j5 in my case)

  try to boot any 64-bit kernel:

  x86_64-softmmu/qemu-system-x86_64 -kernel /boot/bzImage-4.12.0-x64
  -accel tcg

  result is - qemu appear to hang right after "Booting the kernel" line.
  Decompression (xz) was ok.

  Tested with qemu-git commit  e2a58ff493a2e00db3e963c1839c5374500110f2

  32-bit OS can be booted fine, and -enable-kvm also allow 64 bit
  kernel/os to boot.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1831545/+subscriptions

Re: [Qemu-devel] [PATCH v8 02/10] esp: add pseudo-DMA as used by Macintosh

2019-06-24 Thread Laurent Vivier 
Hi,

Paolo, can I have an "Acked-by" from you (as SCSI maintainer)?

The new PDMA states are not migrated, but as this is only used by q800
emulation, and q800 doesn't support migration too, I think it could be
added later.

Thanks,
Laurent

Le 20/06/2019 à 00:19, Laurent Vivier a écrit :
> There is no DMA in Quadra 800, so the CPU reads/writes the data from the
> PDMA register (offset 0x100, ESP_PDMA in hw/m68k/q800.c) and copies them
> to/from the memory.
> 
> There is a nice assembly loop in the kernel to do that, see
> linux/drivers/scsi/mac_esp.c:MAC_ESP_PDMA_LOOP().
> 
> The start of the transfer is triggered by the DREQ interrupt (see linux
> mac_esp_send_pdma_cmd()), the CPU polls on the IRQ flag to start the
> transfer after a SCSI command has been sent (in Quadra 800 it goes
> through the VIA2, the via2-irq line and the vIFR register)
> 
> The Macintosh hardware includes hardware handshaking to prevent the CPU
> from reading invalid data or writing data faster than the peripheral
> device can accept it.
> 
> This is the "blind mode", and from the doc:
> "Approximate maximum SCSI transfer rates within a blocks are 1.4 MB per
> second for blind transfers in the Macintosh II"
> 
> Some references can be found in:
>   Apple Macintosh Family Hardware Reference, ISBN 0-201-19255-1
>   Guide to the Macintosh Family Hardware, ISBN-0-201-52405-8
> 
> Co-developed-by: Mark Cave-Ayland 
> Signed-off-by: Mark Cave-Ayland 
> Signed-off-by: Laurent Vivier 
> ---
>  hw/scsi/esp.c | 296 +-
>  include/hw/scsi/esp.h |   7 +
>  2 files changed, 274 insertions(+), 29 deletions(-)
> 
> diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
> index 7508d035ca..edacb0bd9f 100644
> --- a/hw/scsi/esp.c
> +++ b/hw/scsi/esp.c
> @@ -36,6 +36,8 @@
>   * 
> http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
>   * and
>   * 
> http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
> + *
> + * On Macintosh Quadra it is a NCR53C96.
>   */
>  
>  static void esp_raise_irq(ESPState *s)
> @@ -56,6 +58,16 @@ static void esp_lower_irq(ESPState *s)
>  }
>  }
>  
> +static void esp_raise_drq(ESPState *s)
> +{
> +qemu_irq_raise(s->irq_data);
> +}
> +
> +static void esp_lower_drq(ESPState *s)
> +{
> +qemu_irq_lower(s->irq_data);
> +}
> +
>  void esp_dma_enable(ESPState *s, int irq, int level)
>  {
>  if (level) {
> @@ -82,29 +94,11 @@ void esp_request_cancelled(SCSIRequest *req)
>  }
>  }
>  
> -static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
> +static int get_cmd_cb(ESPState *s)
>  {
> -uint32_t dmalen;
>  int target;
>  
>  target = s->wregs[ESP_WBUSID] & BUSID_DID;
> -if (s->dma) {
> -dmalen = s->rregs[ESP_TCLO];
> -dmalen |= s->rregs[ESP_TCMID] << 8;
> -dmalen |= s->rregs[ESP_TCHI] << 16;
> -if (dmalen > buflen) {
> -return 0;
> -}
> -s->dma_memory_read(s->dma_opaque, buf, dmalen);
> -} else {
> -dmalen = s->ti_size;
> -if (dmalen > TI_BUFSZ) {
> -return 0;
> -}
> -memcpy(buf, s->ti_buf, dmalen);
> -buf[0] = buf[2] >> 5;
> -}
> -trace_esp_get_cmd(dmalen, target);
>  
>  s->ti_size = 0;
>  s->ti_rptr = 0;
> @@ -123,8 +117,48 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf, 
> uint8_t buflen)
>  s->rregs[ESP_RINTR] = INTR_DC;
>  s->rregs[ESP_RSEQ] = SEQ_0;
>  esp_raise_irq(s);
> +return -1;
> +}
> +return 0;
> +}
> +
> +static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
> +{
> +int target;
> +uint32_t dmalen;
> +
> +target = s->wregs[ESP_WBUSID] & BUSID_DID;
> +if (s->dma) {
> +dmalen = s->rregs[ESP_TCLO];
> +dmalen |= s->rregs[ESP_TCMID] << 8;
> +dmalen |= s->rregs[ESP_TCHI] << 16;
> +if (dmalen > buflen) {
> +return 0;
> +}
> +if (s->dma_memory_read) {
> +s->dma_memory_read(s->dma_opaque, buf, dmalen);
> +} else {
> +memcpy(s->pdma_buf, buf, dmalen);
> +s->pdma_len = dmalen;
> +s->pdma_start = s->pdma_buf;
> +s->pdma_cur = s->pdma_buf;
> +esp_raise_drq(s);
> +return 0;
> +}
> +} else {
> +dmalen = s->ti_size;
> +if (dmalen > TI_BUFSZ) {
> +return 0;
> +}
> +memcpy(buf, s->ti_buf, dmalen);
> +buf[0] = buf[2] >> 5;
> +}
> +trace_esp_get_cmd(dmalen, target);
> +
> +if (get_cmd_cb(s) < 0) {
>  return 0;
>  }
> +
>  return dmalen;
>  }
>  
> @@ -163,6 +197,16 @@ static void do_cmd(ESPState *s, uint8_t *buf)
>  do_busid_cmd(s, &buf[1], busid);
>  }
>  
> +static void satn_pdma_cb(ESPState *s)
> +{
> +if (get_cmd_cb(s) < 0) {
> +return;
> +}
> +if (s->pdma_cur != s->pdma_start) {
> +do_cmd(s, s->pdma_start);
> +}
> +}
> +
>

Re: [Qemu-devel] [PATCH v8 01/10] escc: introduce a selector for the register bit

2019-06-24 Thread Laurent Vivier 
Hi,

Marc-André, can I have an Acked-by from you (as character devices
maintainer)?

Thanks,
Laurent

Le 20/06/2019 à 00:19, Laurent Vivier a écrit :
> On Sparc and PowerMac, the bit 0 of the address
> selects the register type (control or data) and
> bit 1 selects the channel (B or A).
> 
> On m68k Macintosh, the bit 0 selects the channel and
> bit 1 the register type.
> 
> This patch introduces a new parameter (bit_swap) to
> the device interface to indicate bits usage must
> be swapped between registers and channels.
> 
> For the moment all the machines use the bit 0,
> but this change will be needed to emulate Quadra 800.
> 
> Signed-off-by: Laurent Vivier 
> Reviewed-by: Hervé Poussineau 
> Reviewed-by: Thomas Huth 
> ---
>  hw/char/escc.c | 30 --
>  include/hw/char/escc.h |  1 +
>  2 files changed, 25 insertions(+), 6 deletions(-)
> 
> diff --git a/hw/char/escc.c b/hw/char/escc.c
> index 8ddbb4be4f..2748bd62c3 100644
> --- a/hw/char/escc.c
> +++ b/hw/char/escc.c
> @@ -43,14 +43,21 @@
>   * mouse and keyboard ports don't implement all functions and they are
>   * only asynchronous. There is no DMA.
>   *
> - * Z85C30 is also used on PowerMacs. There are some small differences
> - * between Sparc version (sunzilog) and PowerMac (pmac):
> + * Z85C30 is also used on PowerMacs and m68k Macs.
> + *
> + * There are some small differences between Sparc version (sunzilog)
> + * and PowerMac (pmac):
>   *  Offset between control and data registers
>   *  There is some kind of lockup bug, but we can ignore it
>   *  CTS is inverted
>   *  DMA on pmac using DBDMA chip
>   *  pmac can do IRDA and faster rates, sunzilog can only do 38400
>   *  pmac baud rate generator clock is 3.6864 MHz, sunzilog 4.9152 MHz
> + *
> + * Linux driver for m68k Macs is the same as for PowerMac (pmac_zilog),
> + * but registers are grouped by type and not by channel:
> + * channel is selected by bit 0 of the address (instead of bit 1)
> + * and register is selected by bit 1 of the address (instead of bit 0).
>   */
>  
>  /*
> @@ -170,6 +177,16 @@ static void handle_kbd_command(ESCCChannelState *s, int 
> val);
>  static int serial_can_receive(void *opaque);
>  static void serial_receive_byte(ESCCChannelState *s, int ch);
>  
> +static int reg_shift(ESCCState *s)
> +{
> +return s->bit_swap ? s->it_shift + 1 : s->it_shift;
> +}
> +
> +static int chn_shift(ESCCState *s)
> +{
> +return s->bit_swap ? s->it_shift : s->it_shift + 1;
> +}
> +
>  static void clear_queue(void *opaque)
>  {
>  ESCCChannelState *s = opaque;
> @@ -434,8 +451,8 @@ static void escc_mem_write(void *opaque, hwaddr addr,
>  int newreg, channel;
>  
>  val &= 0xff;
> -saddr = (addr >> serial->it_shift) & 1;
> -channel = (addr >> (serial->it_shift + 1)) & 1;
> +saddr = (addr >> reg_shift(serial)) & 1;
> +channel = (addr >> chn_shift(serial)) & 1;
>  s = &serial->chn[channel];
>  switch (saddr) {
>  case SERIAL_CTRL:
> @@ -545,8 +562,8 @@ static uint64_t escc_mem_read(void *opaque, hwaddr addr,
>  uint32_t ret;
>  int channel;
>  
> -saddr = (addr >> serial->it_shift) & 1;
> -channel = (addr >> (serial->it_shift + 1)) & 1;
> +saddr = (addr >> reg_shift(serial)) & 1;
> +channel = (addr >> chn_shift(serial)) & 1;
>  s = &serial->chn[channel];
>  switch (saddr) {
>  case SERIAL_CTRL:
> @@ -830,6 +847,7 @@ static void escc_realize(DeviceState *dev, Error **errp)
>  static Property escc_properties[] = {
>  DEFINE_PROP_UINT32("frequency", ESCCState, frequency,   0),
>  DEFINE_PROP_UINT32("it_shift",  ESCCState, it_shift,0),
> +DEFINE_PROP_BOOL("bit_swap",ESCCState, bit_swap,false),
>  DEFINE_PROP_UINT32("disabled",  ESCCState, disabled,0),
>  DEFINE_PROP_UINT32("chnBtype",  ESCCState, chn[0].type, 0),
>  DEFINE_PROP_UINT32("chnAtype",  ESCCState, chn[1].type, 0),
> diff --git a/include/hw/char/escc.h b/include/hw/char/escc.h
> index 42aca83611..8762f61c14 100644
> --- a/include/hw/char/escc.h
> +++ b/include/hw/char/escc.h
> @@ -50,6 +50,7 @@ typedef struct ESCCState {
>  
>  struct ESCCChannelState chn[2];
>  uint32_t it_shift;
> +bool bit_swap;
>  MemoryRegion mmio;
>  uint32_t disabled;
>  uint32_t frequency;
>

Re: [Qemu-devel] [PATCH v2] i386/kvm: Fix build with -m32

2019-06-24 Thread Eduardo Habkost 
On Mon, Jun 24, 2019 at 09:39:13PM +0200, Max Reitz wrote:
> find_next_bit() takes a pointer of type "const unsigned long *", but the
> first argument passed here is a "uint64_t *".  These types are
> incompatible when compiling qemu with -m32.
> 
> Just use ctz64() instead.
> 
> Fixes: c686193072a47032d83cb4e131dc49ae30f9e5d
> Signed-off-by: Max Reitz 

Reviewed-by: Eduardo Habkost 

> ---
>  target/i386/kvm.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> index e4b4f5756a..31490bf8b5 100644
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -1043,14 +1043,15 @@ static int hv_cpuid_check_and_set(CPUState *cs, 
> struct kvm_cpuid2 *cpuid,
>  CPUX86State *env = &cpu->env;
>  uint32_t r, fw, bits;
>  uint64_t deps;
> -int i, dep_feat = 0;
> +int i, dep_feat;
>  
>  if (!hyperv_feat_enabled(cpu, feature) && !cpu->hyperv_passthrough) {
>  return 0;
>  }
>  
>  deps = kvm_hyperv_properties[feature].dependencies;
> -while ((dep_feat = find_next_bit(&deps, 64, dep_feat)) < 64) {
> +while (deps) {
> +dep_feat = ctz64(deps);
>  if (!(hyperv_feat_enabled(cpu, dep_feat))) {
>  fprintf(stderr,
>  "Hyper-V %s requires Hyper-V %s\n",
> @@ -1058,7 +1059,7 @@ static int hv_cpuid_check_and_set(CPUState *cs, struct 
> kvm_cpuid2 *cpuid,
>  kvm_hyperv_properties[dep_feat].desc);
>  return 1;
>  }
> -dep_feat++;
> +deps &= ~(1ull << dep_feat);
>  }
>  
>  for (i = 0; i < ARRAY_SIZE(kvm_hyperv_properties[feature].flags); i++) {
> -- 
> 2.21.0
> 

-- 
Eduardo

Re: [Qemu-devel] [PATCH] i386/kvm: Fix build with -m32

2019-06-24 Thread Eduardo Habkost 
On Mon, Jun 24, 2019 at 09:30:26PM +0200, Max Reitz wrote:
> On 24.06.19 21:26, Max Reitz wrote:
> > On 24.06.19 21:21, Eduardo Habkost wrote:
> >> On Mon, Jun 24, 2019 at 09:02:14PM +0200, Max Reitz wrote:
> >>> find_next_bit() takes a pointer of type "const unsigned long *", but the
> >>> first argument passed here is a "uint64_t *".  These types are
> >>> incompatible when compiling qemu with -m32.
> >>>
> >>> Just cast it to "const void *", find_next_bit() works fine with any type
> >>> on little-endian hosts (which x86 is).
> >>>
> >>> Fixes: c686193072a47032d83cb4e131dc49ae30f9e5d
> >>> Signed-off-by: Max Reitz 
> >>
> >> Why not declare kvm_hyperv_properties.dependencies with the right
> >> type for bitmaps, using
> >>   unsigned long dependencies[BITS_TO_LONGS(64)]
> >> ?
> > 
> > How would you (statically) initialize that field, then?
> > 
> > I cannot imagine a reasonable static way that does not invoke the same
> > “The host must be little-endian, so it’s OK” assumption.
> 
> Sorry, brain fart.  That’s not the problem because in either case, the
> lower index will receive the lower-indexed bits.
> 
> But we’d still have to deal with the fact that it could either be one or
> two indices, which doesn’t seem nice to initialize either.

Right, a uint64_t field is more convenient to initialize.

> 
> Max
> 
> > The better question is perhaps, why not use ffsll().  Hm.  I don’t know,
> > maybe I should?

uint64_t + ffsll() seems simple and appropriate.

-- 
Eduardo

[Qemu-devel] [PATCH v2] i386/kvm: Fix build with -m32

2019-06-24 Thread Max Reitz 
find_next_bit() takes a pointer of type "const unsigned long *", but the
first argument passed here is a "uint64_t *".  These types are
incompatible when compiling qemu with -m32.

Just use ctz64() instead.

Fixes: c686193072a47032d83cb4e131dc49ae30f9e5d
Signed-off-by: Max Reitz 
---
 target/i386/kvm.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index e4b4f5756a..31490bf8b5 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1043,14 +1043,15 @@ static int hv_cpuid_check_and_set(CPUState *cs, struct 
kvm_cpuid2 *cpuid,
 CPUX86State *env = &cpu->env;
 uint32_t r, fw, bits;
 uint64_t deps;
-int i, dep_feat = 0;
+int i, dep_feat;
 
 if (!hyperv_feat_enabled(cpu, feature) && !cpu->hyperv_passthrough) {
 return 0;
 }
 
 deps = kvm_hyperv_properties[feature].dependencies;
-while ((dep_feat = find_next_bit(&deps, 64, dep_feat)) < 64) {
+while (deps) {
+dep_feat = ctz64(deps);
 if (!(hyperv_feat_enabled(cpu, dep_feat))) {
 fprintf(stderr,
 "Hyper-V %s requires Hyper-V %s\n",
@@ -1058,7 +1059,7 @@ static int hv_cpuid_check_and_set(CPUState *cs, struct 
kvm_cpuid2 *cpuid,
 kvm_hyperv_properties[dep_feat].desc);
 return 1;
 }
-dep_feat++;
+deps &= ~(1ull << dep_feat);
 }
 
 for (i = 0; i < ARRAY_SIZE(kvm_hyperv_properties[feature].flags); i++) {
-- 
2.21.0

Re: [Qemu-devel] [PATCH] i386/kvm: Fix build with -m32

2019-06-24 Thread Max Reitz 
On 24.06.19 21:26, Max Reitz wrote:
> On 24.06.19 21:21, Eduardo Habkost wrote:
>> On Mon, Jun 24, 2019 at 09:02:14PM +0200, Max Reitz wrote:
>>> find_next_bit() takes a pointer of type "const unsigned long *", but the
>>> first argument passed here is a "uint64_t *".  These types are
>>> incompatible when compiling qemu with -m32.
>>>
>>> Just cast it to "const void *", find_next_bit() works fine with any type
>>> on little-endian hosts (which x86 is).
>>>
>>> Fixes: c686193072a47032d83cb4e131dc49ae30f9e5d
>>> Signed-off-by: Max Reitz 
>>
>> Why not declare kvm_hyperv_properties.dependencies with the right
>> type for bitmaps, using
>>   unsigned long dependencies[BITS_TO_LONGS(64)]
>> ?
> 
> How would you (statically) initialize that field, then?
> 
> I cannot imagine a reasonable static way that does not invoke the same
> “The host must be little-endian, so it’s OK” assumption.

Sorry, brain fart.  That’s not the problem because in either case, the
lower index will receive the lower-indexed bits.

But we’d still have to deal with the fact that it could either be one or
two indices, which doesn’t seem nice to initialize either.

Max

> The better question is perhaps, why not use ffsll().  Hm.  I don’t know,
> maybe I should?
> 
> Max
>

Re: [Qemu-devel] [PATCH] i386/kvm: Fix build with -m32

2019-06-24 Thread Max Reitz 
On 24.06.19 21:21, Eduardo Habkost wrote:
> On Mon, Jun 24, 2019 at 09:02:14PM +0200, Max Reitz wrote:
>> find_next_bit() takes a pointer of type "const unsigned long *", but the
>> first argument passed here is a "uint64_t *".  These types are
>> incompatible when compiling qemu with -m32.
>>
>> Just cast it to "const void *", find_next_bit() works fine with any type
>> on little-endian hosts (which x86 is).
>>
>> Fixes: c686193072a47032d83cb4e131dc49ae30f9e5d
>> Signed-off-by: Max Reitz 
> 
> Why not declare kvm_hyperv_properties.dependencies with the right
> type for bitmaps, using
>   unsigned long dependencies[BITS_TO_LONGS(64)]
> ?

How would you (statically) initialize that field, then?

I cannot imagine a reasonable static way that does not invoke the same
“The host must be little-endian, so it’s OK” assumption.

The better question is perhaps, why not use ffsll().  Hm.  I don’t know,
maybe I should?

Max

Re: [Qemu-devel] [PATCH] i386/kvm: Fix build with -m32

2019-06-24 Thread Eduardo Habkost 
On Mon, Jun 24, 2019 at 09:02:14PM +0200, Max Reitz wrote:
> find_next_bit() takes a pointer of type "const unsigned long *", but the
> first argument passed here is a "uint64_t *".  These types are
> incompatible when compiling qemu with -m32.
> 
> Just cast it to "const void *", find_next_bit() works fine with any type
> on little-endian hosts (which x86 is).
> 
> Fixes: c686193072a47032d83cb4e131dc49ae30f9e5d
> Signed-off-by: Max Reitz 

Why not declare kvm_hyperv_properties.dependencies with the right
type for bitmaps, using
  unsigned long dependencies[BITS_TO_LONGS(64)]
?

> ---
>  target/i386/kvm.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> index e4b4f5756a..1b5f3b1c00 100644
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -1050,7 +1050,7 @@ static int hv_cpuid_check_and_set(CPUState *cs, struct 
> kvm_cpuid2 *cpuid,
>  }
>  
>  deps = kvm_hyperv_properties[feature].dependencies;
> -while ((dep_feat = find_next_bit(&deps, 64, dep_feat)) < 64) {
> +while ((dep_feat = find_next_bit((const void *)&deps, 64, dep_feat)) < 
> 64) {
>  if (!(hyperv_feat_enabled(cpu, dep_feat))) {
>  fprintf(stderr,
>  "Hyper-V %s requires Hyper-V %s\n",
> -- 
> 2.21.0
> 

-- 
Eduardo

[Qemu-devel] [PATCH] i386/kvm: Fix build with -m32

2019-06-24 Thread Max Reitz 
find_next_bit() takes a pointer of type "const unsigned long *", but the
first argument passed here is a "uint64_t *".  These types are
incompatible when compiling qemu with -m32.

Just cast it to "const void *", find_next_bit() works fine with any type
on little-endian hosts (which x86 is).

Fixes: c686193072a47032d83cb4e131dc49ae30f9e5d
Signed-off-by: Max Reitz 
---
 target/i386/kvm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index e4b4f5756a..1b5f3b1c00 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1050,7 +1050,7 @@ static int hv_cpuid_check_and_set(CPUState *cs, struct 
kvm_cpuid2 *cpuid,
 }
 
 deps = kvm_hyperv_properties[feature].dependencies;
-while ((dep_feat = find_next_bit(&deps, 64, dep_feat)) < 64) {
+while ((dep_feat = find_next_bit((const void *)&deps, 64, dep_feat)) < 64) 
{
 if (!(hyperv_feat_enabled(cpu, dep_feat))) {
 fprintf(stderr,
 "Hyper-V %s requires Hyper-V %s\n",
-- 
2.21.0

Re: [Qemu-devel] [PATCH v4 04/10] block/pflash_cfi02: Implement intereleaved flash devices

2019-06-24 Thread Philippe Mathieu-Daudé 
On 6/22/19 2:25 PM, Philippe Mathieu-Daudé wrote:
> Hi Stephen,
> 
> This series haven't fall through the cracks, however it is taking me
> longer than expected to review it.
> 
> On 4/26/19 6:26 PM, Stephen Checkoway wrote:
>> It's common for multiple narrow flash chips to be hooked up in parallel
>> to support wider buses. For example, four 8-bit wide flash chips (x8)
>> may be combined in parallel to produce a 32-bit wide device. Similarly,
>> two 16-bit wide chips (x16) may be combined.
>>
>> This commit introduces `device-width` and `max-device-width` properties,
>> similar to pflash_cfi01, with the following meanings:
>> - `width`: The width of the logical, qemu device (same as before);
>> - `device-width`: The width of an individual flash chip, defaulting to
>>   `width`; and
>> - `max-device-width`: The maximum width of an individual flash chip,
>>   defaulting to `device-width`.
>>
>> Nothing needs to change to support reading such interleaved devices but
>> commands (e.g., erase and programming) must be sent to all devices at
>> the same time or else the various chips will be in different states.
> 
> After some thoughts on this, I'd rather we model how hardware manage
> interleaved devices: do it at the bus level, and instanciate N devices
> in an interleaved config.
> I believe that would drastically reduce this device complexity, and we
> would match the real internal state machine.
> Also this could be reused by other parallel devices used in a such config.
> 
>> For example, a 4-byte wide logical device can be composed of four x8/x16
>> devices in x8 mode. That is, each device supports both x8 or x16 and
>> they're being used in the byte, rather than word, mode. This
>> configuration would have `width=4`, `device-width=1`, and
>> `max-device-width=2`.
> 
> 
> I'm thinking of this draft:
> 
> FlashDevice # x8
>   MemoryRegionOps
> .valid.max_access_size = 1
> 
> FlashDevice # x16
>   MemoryRegionOps
> .valid.min_access_size = 2
> .valid.max_access_size = 2
> 
> FlashDevice # x8/x16
>   MemoryRegionOps
> .valid.min_access_size = 1
> .valid.max_access_size = 2
> 
> We might use .impl.min_access_size = 2 and consider all NOR flash using
> 16-bit words internally.
> .impl.max_access_size = 2 is implicit.
> 
> So for you example we'd instanciate one:
> 
> InterleaverDevice
>   Property
> .bus_width = 4 # 4-byte wide logical device, `width=4`
> .device_width = 1 # `device-width=1`
>   MemoryRegionOps
> .valid.max_access_size = .bus_width # 4, set at realize()
> .impl.max_access_size = .device_width # 1, set at realize()
> 
> Then instanciate 4 pflash devices, and link them to the interleaver
> using object_property_set_link().
> 
> typedef struct {
> SysBusDevice parent_obj;
> MemoryRegion iomem;
> char *name;
> /*
>  * On a 64-bit wide bus we can have at most
>  * 8 devices in 8-bit access mode.
>  */
> MemoryRegion device[8];
> unsigned device_count;
> unsigned device_index_mask;
> /* Properties */
> unsigned bus_width;
> unsigned device_width;
> } InterleaverDeviceState;
> 
> static Property interleaver_properties[] = {
> DEFINE_PROP_LINK("device[0]", InterleaverDeviceState,
>  device[0],
>  TYPE_MEMORY_REGION, MemoryRegion *),
> ...
> DEFINE_PROP_LINK("device[7]", InterleaverDeviceState,
>  device[7],
>  TYPE_MEMORY_REGION, MemoryRegion *),
> DEFINE_PROP_END_OF_LIST(),
> };
> 
> Then previous to call InterleaverDevice.realize():
> 
> In the board realize():
> 
> 
> for (i = 0; i < interleaved_devices; i++) {
> pflash[i] = create_pflash(...);
> ...
> }
> 
> ild = ... create InterleaverDevice ...
> for (i = 0; i < interleaved_devices; i++) {
> char *propname = g_strdup_printf("device[%u]", i);
> 
> 
> object_property_set_link(OBJECT(&ild->device[i]),
>  OBJECT(pflash[i]),
>  propname, &err);
> ...
> }
> 
> Finally,
> 
> static void interleaved_realize(DeviceState *dev, Error **errp)
> {
> InterleaverDeviceState *s = INTERLEAVER_DEVICE(opaque);
> 
> s->device_count = s->bus_width / s->device_width;
> s->device_index_mask = ~(s->device_count - 1);
> ...
> }
> 
> static void interleaved_write(void *opaque, hwaddr offset,
>   uint64_t value, unsigned size)
> {
> InterleaverDeviceState *s = INTERLEAVER_DEVICE(opaque);
> MemoryRegion *mr;
> 
> /*
>  * Since we set .impl.max_access_size = device_width,
>  * access_with_adjusted_size() always call this with
>  * size = device_width.
>  *
>  * Adjust the address (offset).
>  */
> offset >>= size;
> /* Access the N interleaved device */
> mr = s->device[offset & s->device_index_mask];
> memory_region_dispatch_write(mr, offset, &value, size,
>

Re: [Qemu-devel] [PATCH v4 00/14] block: Try to create well-typed json:{} filenames

2019-06-24 Thread no-reply 
Patchew URL: https://patchew.org/QEMU/20190624173935.25747-1-mre...@redhat.com/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

PASS 1 fdc-test /x86_64/fdc/cmos
PASS 2 fdc-test /x86_64/fdc/no_media_on_start
PASS 3 fdc-test /x86_64/fdc/read_without_media
==11234==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 4 fdc-test /x86_64/fdc/media_change
PASS 5 fdc-test /x86_64/fdc/sense_interrupt
PASS 6 fdc-test /x86_64/fdc/relative_seek
---
PASS 32 test-opts-visitor /visitor/opts/range/beyond
PASS 33 test-opts-visitor /visitor/opts/dict/unvisited
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-coroutine -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-coroutine" 
==11269==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-coroutine /basic/no-dangling-access
==11269==WARNING: ASan is ignoring requested __asan_handle_no_return: stack 
top: 0x7ffd309dc000; bottom 0x7f41b90f8000; size: 0x00bb778e4000 (805164695552)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 2 test-coroutine /basic/lifecycle
---
PASS 11 test-aio /aio/event/wait
PASS 12 test-aio /aio/event/flush
PASS 13 test-aio /aio/event/wait/no-flush-cb
==11284==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 14 test-aio /aio/timer/schedule
PASS 15 test-aio /aio/coroutine/queue-chaining
PASS 16 test-aio /aio-gsource/flush
---
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-aio-multithread -m=quick -k --tap < /dev/null | 
./scripts/tap-driver.pl --test-name="test-aio-multithread" 
PASS 12 fdc-test /x86_64/fdc/read_no_dma_19
PASS 13 fdc-test /x86_64/fdc/fuzz-registers
==11290==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-aio-multithread /aio/multi/lifecycle
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img 
tests/ide-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="ide-test" 
PASS 2 test-aio-multithread /aio/multi/schedule
==11308==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 3 test-aio-multithread /aio/multi/mutex/contended
PASS 1 ide-test /x86_64/ide/identify
==11324==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 2 ide-test /x86_64/ide/flush
==11330==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 3 ide-test /x86_64/ide/bmdma/simple_rw
PASS 4 test-aio-multithread /aio/multi/mutex/handoff
==11336==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 4 ide-test /x86_64/ide/bmdma/trim
PASS 5 test-aio-multithread /aio/multi/mutex/mcs
==11347==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 5 ide-test /x86_64/ide/bmdma/short_prdt
PASS 6 test-aio-multithread /aio/multi/mutex/pthread
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-throttle -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-throttle" 
==11358==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
==11362==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-throttle /throttle/leak_bucket
PASS 2 test-throttle /throttle/compute_wait
PASS 3 test-throttle /throttle/init
---
PASS 15 test-throttle /throttle/config/iops_size
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-thread-pool -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-thread-pool" 
PASS 6 ide-test /x86_64/ide/bmdma/one_sector_short_prdt
==11371==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-thread-pool /thread-pool/submit
PASS 2 test-thread-pool /thread-pool/submit-aio
PASS 3 test-thread-pool /thread-pool/submit-co
PASS 4 test-thread-pool /thread-pool/submit-many
==11373==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some

Re: [Qemu-devel] [PATCH v4 00/14] block: Try to create well-typed json:{} filenames

2019-06-24 Thread Max Reitz 
On 24.06.19 21:04, Max Reitz wrote:
> On 24.06.19 20:35, no-re...@patchew.org wrote:
>> Patchew URL: 
>> https://patchew.org/QEMU/20190624173935.25747-1-mre...@redhat.com/
>>
>>
>>
>> Hi,
>>
>> This series seems to have some coding style problems. See output below for
>> more information:
>>
>> Message-id: 20190624173935.25747-1-mre...@redhat.com
>> Type: series
>> Subject: [Qemu-devel] [PATCH v4 00/14] block: Try to create well-typed 
>> json:{} filenames
>>
>> === TEST SCRIPT BEGIN ===
>> #!/bin/bash
>> git rev-parse base > /dev/null || exit 0
>> git config --local diff.renamelimit 0
>> git config --local diff.renames True
>> git config --local diff.algorithm histogram
>> ./scripts/checkpatch.pl --mailback base..
>> === TEST SCRIPT END ===
>>
>> Switched to a new branch 'test'
>> ddd669a block: Make use of QAPI defaults
>> 3bcf922 iotests: qcow2's encrypt.format is now optional
>> 155c1db iotests: Test internal option typing
>> 364eac1 block: Try to create well typed json:{} filenames
>> 11726d2 qapi: Formalize qcow encryption probing
>> 567644f qapi: Formalize qcow2 encryption probing
>> 4eb3ca4 tests: Add QAPI optional discriminator tests
>> f3d9f53 tests: Test QAPI default values for struct members
>> 2862824 test-qapi: Print struct members' default values
>> ff7a7c5 qapi: Document default values for struct members
>> faef37f qapi: Allow optional discriminators
>> 64ae73c qapi: Introduce default values for struct members
>> f485950 qapi: Move to_c_string() to common.py
>> 8711bb4 qapi: Parse numeric values
>>
>> === OUTPUT BEGIN ===
>> 1/14 Checking commit 8711bb4c30f3 (qapi: Parse numeric values)
>> 2/14 Checking commit f485950c4595 (qapi: Move to_c_string() to common.py)
>> 3/14 Checking commit 64ae73cfedd6 (qapi: Introduce default values for struct 
>> members)
>> 4/14 Checking commit faef37f6cd45 (qapi: Allow optional discriminators)
>> 5/14 Checking commit ff7a7c5b6024 (qapi: Document default values for struct 
>> members)
>> 6/14 Checking commit 28628249dcf1 (test-qapi: Print struct members' default 
>> values)
>> 7/14 Checking commit f3d9f5343a99 (tests: Test QAPI default values for 
>> struct members)
>> ERROR: Invalid UTF-8, patch and commit message should be encoded in UTF-8
>> #106: FILE: tests/qapi-schema/qapi-schema-test.out:420:
>> +member str: str optional=True default=foo \鹿""'
>> ^
> 
> Already noted in patch 7.

Oops.  Didn’t note it in patch 7 because I reformatted the patches
afterwards and thus deleted my note. m(

Yes, it’s a test output and I’d like to test weird control characters,
mostly that the generated C code doesn’t break.  Any ideas how to fix
this?  I could just use \t instead of \b\x7f, but that would be boring.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v4 00/14] block: Try to create well-typed json:{} filenames

2019-06-24 Thread Max Reitz 
On 24.06.19 20:35, no-re...@patchew.org wrote:
> Patchew URL: 
> https://patchew.org/QEMU/20190624173935.25747-1-mre...@redhat.com/
> 
> 
> 
> Hi,
> 
> This series seems to have some coding style problems. See output below for
> more information:
> 
> Message-id: 20190624173935.25747-1-mre...@redhat.com
> Type: series
> Subject: [Qemu-devel] [PATCH v4 00/14] block: Try to create well-typed 
> json:{} filenames
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> git rev-parse base > /dev/null || exit 0
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> git config --local diff.algorithm histogram
> ./scripts/checkpatch.pl --mailback base..
> === TEST SCRIPT END ===
> 
> Switched to a new branch 'test'
> ddd669a block: Make use of QAPI defaults
> 3bcf922 iotests: qcow2's encrypt.format is now optional
> 155c1db iotests: Test internal option typing
> 364eac1 block: Try to create well typed json:{} filenames
> 11726d2 qapi: Formalize qcow encryption probing
> 567644f qapi: Formalize qcow2 encryption probing
> 4eb3ca4 tests: Add QAPI optional discriminator tests
> f3d9f53 tests: Test QAPI default values for struct members
> 2862824 test-qapi: Print struct members' default values
> ff7a7c5 qapi: Document default values for struct members
> faef37f qapi: Allow optional discriminators
> 64ae73c qapi: Introduce default values for struct members
> f485950 qapi: Move to_c_string() to common.py
> 8711bb4 qapi: Parse numeric values
> 
> === OUTPUT BEGIN ===
> 1/14 Checking commit 8711bb4c30f3 (qapi: Parse numeric values)
> 2/14 Checking commit f485950c4595 (qapi: Move to_c_string() to common.py)
> 3/14 Checking commit 64ae73cfedd6 (qapi: Introduce default values for struct 
> members)
> 4/14 Checking commit faef37f6cd45 (qapi: Allow optional discriminators)
> 5/14 Checking commit ff7a7c5b6024 (qapi: Document default values for struct 
> members)
> 6/14 Checking commit 28628249dcf1 (test-qapi: Print struct members' default 
> values)
> 7/14 Checking commit f3d9f5343a99 (tests: Test QAPI default values for struct 
> members)
> ERROR: Invalid UTF-8, patch and commit message should be encoded in UTF-8
> #106: FILE: tests/qapi-schema/qapi-schema-test.out:420:
> +member str: str optional=True default=foo \鹿""'
> ^

Already noted in patch 7.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v4 01/13] vfio: KABI for migration interface

2019-06-24 Thread Alex Williamson 
On Tue, 25 Jun 2019 00:22:16 +0530
Kirti Wankhede  wrote:

> On 6/24/2019 8:55 PM, Alex Williamson wrote:
> > On Mon, 24 Jun 2019 20:30:08 +0530
> > Kirti Wankhede  wrote:
> >   
> >> On 6/22/2019 3:31 AM, Alex Williamson wrote:  
> >>> On Sat, 22 Jun 2019 02:00:08 +0530
> >>> Kirti Wankhede  wrote:
>  On 6/22/2019 1:30 AM, Alex Williamson wrote:
> > On Sat, 22 Jun 2019 01:05:48 +0530
> > Kirti Wankhede  wrote:
> >   
> >> On 6/21/2019 8:33 PM, Alex Williamson wrote:  
> >>> On Fri, 21 Jun 2019 11:22:15 +0530
> >>> Kirti Wankhede  wrote:
> >>> 
>  On 6/20/2019 10:48 PM, Alex Williamson wrote:
> > On Thu, 20 Jun 2019 20:07:29 +0530
> > Kirti Wankhede  wrote:
> >   
> >> - Defined MIGRATION region type and sub-type.
> >> - Used 3 bits to define VFIO device states.
> >> Bit 0 => _RUNNING
> >> Bit 1 => _SAVING
> >> Bit 2 => _RESUMING
> >> Combination of these bits defines VFIO device's state during 
> >> migration
> >> _STOPPED => All bits 0 indicates VFIO device stopped.
> >> _RUNNING => Normal VFIO device running state.
> >> _SAVING | _RUNNING => vCPUs are running, VFIO device is 
> >> running but start
> >>   saving state of device i.e. pre-copy 
> >> state
> >> _SAVING  => vCPUs are stoppped, VFIO device should be stopped, 
> >> and
> >>   save device state,i.e. stop-n-copy state
> >> _RESUMING => VFIO device resuming state.
> >> _SAVING | _RESUMING => Invalid state if _SAVING and _RESUMING 
> >> bits are set
> >> - Defined vfio_device_migration_info structure which will be 
> >> placed at 0th
> >>   offset of migration region to get/set VFIO device related 
> >> information.
> >>   Defined members of structure and usage on read/write access:
> >> * device_state: (read/write)
> >> To convey VFIO device state to be transitioned to. Only 3 
> >> bits are used
> >> as of now.
> >> * pending bytes: (read only)
> >> To get pending bytes yet to be migrated for VFIO device.
> >> * data_offset: (read only)
> >> To get data offset in migration from where data exist 
> >> during _SAVING
> >> and from where data should be written by user space 
> >> application during
> >>  _RESUMING state
> >> * data_size: (read/write)
> >> To get and set size of data copied in migration region 
> >> during _SAVING
> >> and _RESUMING state.
> >> * start_pfn, page_size, total_pfns: (write only)
> >> To get bitmap of dirty pages from vendor driver from given
> >> start address for total_pfns.
> >> * copied_pfns: (read only)
> >> To get number of pfns bitmap copied in migration region.
> >> Vendor driver should copy the bitmap with bits set only for
> >> pages to be marked dirty in migration region. Vendor driver
> >> should return 0 if there are 0 pages dirty in requested
> >> range. Vendor driver should return -1 to mark all pages in 
> >> the section
> >> as dirty
> >>
> >> Migration region looks like:
> >>  --
> >> |vfio_device_migration_info|data section  |
> >> |  | ///  |
> >>  --
> >>  ^  ^  ^
> >>  offset 0-trapped partdata_offset data_size
> >>
> >> Data section is always followed by vfio_device_migration_info
> >> structure in the region, so data_offset will always be none-0.
> >> Offset from where data is copied is decided by kernel driver, data
> >> section can be trapped or mapped depending on how kernel driver
> >> defines data section. If mmapped, then data_offset should be page
> >> aligned, where as initial section which contain
> >> vfio_device_migration_info structure might not end at offset which
> >> is page aligned.
> >>
> >> Signed-off-by: Kirti Wankhede 
> >> Reviewed-by: Neo Jia 
> >> ---
> >>  linux-headers/linux/vfio.h | 71 
> >> ++
> >>  1 file changed, 71 insertions(+)
> >>
> >> diff --git a/linux-headers/linux/vfio.h 
> >> b/linux

Re: [Qemu-devel] [PATCH v4 00/13] Add migration support for VFIO device

2019-06-24 Thread Dr. David Alan Gilbert 
* Kirti Wankhede (kwankh...@nvidia.com) wrote:
> 
> 
> On 6/21/2019 2:16 PM, Yan Zhao wrote:
> > On Fri, Jun 21, 2019 at 04:02:50PM +0800, Kirti Wankhede wrote:
> >>
> >>
> >> On 6/21/2019 6:54 AM, Yan Zhao wrote:
> >>> On Fri, Jun 21, 2019 at 08:25:18AM +0800, Yan Zhao wrote:
>  On Thu, Jun 20, 2019 at 10:37:28PM +0800, Kirti Wankhede wrote:
> > Add migration support for VFIO device
> >
> > This Patch set include patches as below:
> > - Define KABI for VFIO device for migration support.
> > - Added save and restore functions for PCI configuration space
> > - Generic migration functionality for VFIO device.
> >   * This patch set adds functionality only for PCI devices, but can be
> > extended to other VFIO devices.
> >   * Added all the basic functions required for pre-copy, stop-and-copy 
> > and
> > resume phases of migration.
> >   * Added state change notifier and from that notifier function, VFIO
> > device's state changed is conveyed to VFIO device driver.
> >   * During save setup phase and resume/load setup phase, migration 
> > region
> > is queried and is used to read/write VFIO device data.
> >   * .save_live_pending and .save_live_iterate are implemented to use 
> > QEMU's
> > functionality of iteration during pre-copy phase.
> >   * In .save_live_complete_precopy, that is in stop-and-copy phase,
> > iteration to read data from VFIO device driver is implemented till 
> > pending
> > bytes returned by driver are not zero.
> >   * Added function to get dirty pages bitmap for the pages which are 
> > used by
> > driver.
> > - Add vfio_listerner_log_sync to mark dirty pages.
> > - Make VFIO PCI device migration capable. If migration region is not 
> > provided by
> >   driver, migration is blocked.
> >
> > Below is the flow of state change for live migration where states in 
> > brackets
> > represent VM state, migration state and VFIO device state as:
> > (VM state, MIGRATION_STATUS, VFIO_DEVICE_STATE)
> >
> > Live migration save path:
> > QEMU normal running state
> > (RUNNING, _NONE, _RUNNING)
> > |
> > migrate_init spawns migration_thread.
> > (RUNNING, _SETUP, _RUNNING|_SAVING)
> > Migration thread then calls each device's .save_setup()
> > |
> > (RUNNING, _ACTIVE, _RUNNING|_SAVING)
> > If device is active, get pending bytes by .save_live_pending()
> > if pending bytes >= threshold_size,  call save_live_iterate()
> > Data of VFIO device for pre-copy phase is copied.
> > Iterate till pending bytes converge and are less than threshold
> > |
> > On migration completion, vCPUs stops and calls 
> > .save_live_complete_precopy
> > for each active device. VFIO device is then transitioned in
> >  _SAVING state.
> > (FINISH_MIGRATE, _DEVICE, _SAVING)
> > For VFIO device, iterate in  .save_live_complete_precopy  until
> > pending data is 0.
> > (FINISH_MIGRATE, _DEVICE, _STOPPED)
> 
>  I suggest we also register to VMStateDescription, whose .pre_save
>  handler would get called after .save_live_complete_precopy in pre-copy
>  only case, and will called before .save_live_iterate in post-copy
>  enabled case.
>  In the .pre_save handler, we can save all device state which must be
>  copied after device stop in source vm and before device start in target 
>  vm.
> 
> >>> hi
> >>> to better describe this idea:
> >>>
> >>> in pre-copy only case, the flow is
> >>>
> >>> start migration --> .save_live_iterate (several round) -> stop source vm
> >>> --> .save_live_complete_precopy --> .pre_save  -->start target vm
> >>> -->migration complete
> >>>
> >>>
> >>> in post-copy enabled case, the flow is
> >>>
> >>> start migration --> .save_live_iterate (several round) --> start post 
> >>> copy --> 
> >>> stop source vm --> .pre_save --> start target vm --> .save_live_iterate 
> >>> (several round) 
> >>> -->migration complete
> >>>
> >>> Therefore, we should put saving of device state in .pre_save interface
> >>> rather than in .save_live_complete_precopy. 
> >>> The device state includes pci config data, page tables, register state, 
> >>> etc.
> >>>
> >>> The .save_live_iterate and .save_live_complete_precopy should only deal
> >>> with saving dirty memory.
> >>>
> >>
> >> Vendor driver can decide when to save device state depending on the VFIO
> >> device state set by user. Vendor driver doesn't have to depend on which
> >> callback function QEMU or user application calls. In pre-copy case,
> >> save_live_complete_precopy sets VFIO device state to
> >> VFIO_DEVICE_STATE_SAVING which means vCPUs are stopped and vendor driver
> >> should save all device state.
> >>

Re: [Qemu-devel] [PATCH v4 01/13] vfio: KABI for migration interface

2019-06-24 Thread Kirti Wankhede 



On 6/24/2019 8:55 PM, Alex Williamson wrote:
> On Mon, 24 Jun 2019 20:30:08 +0530
> Kirti Wankhede  wrote:
> 
>> On 6/22/2019 3:31 AM, Alex Williamson wrote:
>>> On Sat, 22 Jun 2019 02:00:08 +0530
>>> Kirti Wankhede  wrote:  
 On 6/22/2019 1:30 AM, Alex Williamson wrote:  
> On Sat, 22 Jun 2019 01:05:48 +0530
> Kirti Wankhede  wrote:
> 
>> On 6/21/2019 8:33 PM, Alex Williamson wrote:
>>> On Fri, 21 Jun 2019 11:22:15 +0530
>>> Kirti Wankhede  wrote:
>>>   
 On 6/20/2019 10:48 PM, Alex Williamson wrote:  
> On Thu, 20 Jun 2019 20:07:29 +0530
> Kirti Wankhede  wrote:
> 
>> - Defined MIGRATION region type and sub-type.
>> - Used 3 bits to define VFIO device states.
>> Bit 0 => _RUNNING
>> Bit 1 => _SAVING
>> Bit 2 => _RESUMING
>> Combination of these bits defines VFIO device's state during 
>> migration
>> _STOPPED => All bits 0 indicates VFIO device stopped.
>> _RUNNING => Normal VFIO device running state.
>> _SAVING | _RUNNING => vCPUs are running, VFIO device is running 
>> but start
>>   saving state of device i.e. pre-copy state
>> _SAVING  => vCPUs are stoppped, VFIO device should be stopped, 
>> and
>>   save device state,i.e. stop-n-copy state
>> _RESUMING => VFIO device resuming state.
>> _SAVING | _RESUMING => Invalid state if _SAVING and _RESUMING 
>> bits are set
>> - Defined vfio_device_migration_info structure which will be placed 
>> at 0th
>>   offset of migration region to get/set VFIO device related 
>> information.
>>   Defined members of structure and usage on read/write access:
>> * device_state: (read/write)
>> To convey VFIO device state to be transitioned to. Only 3 
>> bits are used
>> as of now.
>> * pending bytes: (read only)
>> To get pending bytes yet to be migrated for VFIO device.
>> * data_offset: (read only)
>> To get data offset in migration from where data exist during 
>> _SAVING
>> and from where data should be written by user space 
>> application during
>>  _RESUMING state
>> * data_size: (read/write)
>> To get and set size of data copied in migration region 
>> during _SAVING
>> and _RESUMING state.
>> * start_pfn, page_size, total_pfns: (write only)
>> To get bitmap of dirty pages from vendor driver from given
>> start address for total_pfns.
>> * copied_pfns: (read only)
>> To get number of pfns bitmap copied in migration region.
>> Vendor driver should copy the bitmap with bits set only for
>> pages to be marked dirty in migration region. Vendor driver
>> should return 0 if there are 0 pages dirty in requested
>> range. Vendor driver should return -1 to mark all pages in 
>> the section
>> as dirty
>>
>> Migration region looks like:
>>  --
>> |vfio_device_migration_info|data section  |
>> |  | ///  |
>>  --
>>  ^  ^  ^
>>  offset 0-trapped partdata_offset data_size
>>
>> Data section is always followed by vfio_device_migration_info
>> structure in the region, so data_offset will always be none-0.
>> Offset from where data is copied is decided by kernel driver, data
>> section can be trapped or mapped depending on how kernel driver
>> defines data section. If mmapped, then data_offset should be page
>> aligned, where as initial section which contain
>> vfio_device_migration_info structure might not end at offset which
>> is page aligned.
>>
>> Signed-off-by: Kirti Wankhede 
>> Reviewed-by: Neo Jia 
>> ---
>>  linux-headers/linux/vfio.h | 71 
>> ++
>>  1 file changed, 71 insertions(+)
>>
>> diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
>> index 24f505199f83..274ec477eb82 100644
>> --- a/linux-headers/linux/vfio.h
>> +++ b/linux-headers/linux/vfio.h
>> @@ -372,6 +372,77 @@ struct vfio_region_gfx_edid {
>>   */
>>  #define VFIO_REGION_SUBTYPE_IBM_NVLINK2_A

  1   2   3   >