Re: Can we retire Python 2 now?

[Markus Armbruster]

Juan Quintela  writes:

> Markus Armbruster  wrote:
>> Python 2 EOL is only a few days away[*].  We made configure bitch about
>> it in commit e5abf59eae "Deprecate Python 2 support", 2019-07-01.  Any
>> objections to retiring it now, i.e. in 5.0?
>>
>> Cc'ing everyone who appears to be maintaining something that looks like
>> a Python script.
>>
>> [*] https://pythonclock.org/
>
> I am pretty sure that I am not a python maintaainer at all.

You are:

$ scripts/get_maintainer.pl -f scripts/vmstate-static-checker.py
Juan Quintela  (maintainer:Migration)
"Dr. David Alan Gilbert"  (maintainer:Migration)
Eduardo Habkost  (odd fixer:Python scripts)
Cleber Rosa  (odd fixer:Python scripts)
qemu-devel@nongnu.org (open list:All patches CC here)

Resistance is futile!

[...]

RE: issue about virtio-blk queue size

[Wangyong]

> From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> Sent: Friday, December 20, 2019 5:53 PM
> To: wangyong (Cloud) 
> Cc: Stefan Hajnoczi ; pbonz...@redhat.com;
> mark.ka...@oracle.com; h...@lst.de; qemu-devel@nongnu.org
> Subject: Re: issue about virtio-blk queue size
>
> On Thu, Dec 05, 2019 at 01:30:09AM +, Wangyong wrote:
> > >
> > > On Thu, Nov 28, 2019 at 08:44:43AM +, Wangyong wrote:
> > > > Hi all,
> > >
> > > This looks interesting, please continue this discussion on the QEMU
> > > mailing list  so that others can participate.
> > >
> > > >
> > > > This patch makes virtio_blk queue size configurable
> > > >
> > > > commit 6040aedddb5f474a9c2304b6a432a652d82b3d3c
> > > > Author: Mark Kanda 
> > > > Date:   Mon Dec 11 09:16:24 2017 -0600
> > > >
> > > > virtio-blk: make queue size configurable
> > > >
> > > > But when we set the queue size to more than 128, it will not take 
> > > > effect.
> > > >
> > > > That's because linux aio's maximum outstanding requests at a time
> > > > is always less than or equal to 128
> > > >
> > > > The following code limits the outstanding requests at a time:
> > > >
> > > > #define MAX_EVENTS 128
> > > >
> > > > laio_do_submit()
> > > > {
> > > >
> > > > if (!s->io_q.blocked &&
> > > > (!s->io_q.plugged ||
> > > >  s->io_q.in_flight + s->io_q.in_queue >= MAX_EVENTS)) {
> > > > ioq_submit(s);
> > > > }
> > > > }
> > > >
> > > > Should we make the value of MAX_EVENTS configurable ?
> > >
> > > Increasing MAX_EVENTS to a larger hardcoded value seems reasonable
> > > as a shortterm fix.  Please first check how /proc/sys/fs/aio-max-nr
> > > and
> > > io_setup(2) handle this resource limit.  The patch must not break
> > > existing systems where 128 works today.
> > [root@node2 ~]# cat /etc/centos-release CentOS Linux release 7.5.1804
> > (Core)
> >
> > [root@node2 ~]# cat /proc/sys/fs/aio-max-nr
> > 4294967296
> >
> > > > MAX_EVENTS should have the same value as queue size ?
> > >
> > > Multiple virtio-blk devices can share a single AioContext,
> > Is multiple virtio-blk configured with one IOThread?
> > Multiple virtio-blk performance will be worse.
>
> Yes.  By default IOThreads are not used and all virtio-blk devices share the
> main loop's AioContext.
>
> When IOThreads are configured it's up to the user how to assign devices to
> IOThreads.  Assigning multiple devices to one IOThread is realistic because
> it's common to create only num_vcpus IOThreads.
>
> A good starting point would be a patch that raises the limit to a higher
> hardcoded number.  Then you can investigate how to size the AioContext
> appropriately (maybe dynamically?) for a full fix.
>
Okay.  Raising MAX_EVENT to 1024 may be more appropriate? If possible I can try 
to make a patch.

> Stefan
-
本邮件及其附件含有新华三集团的保密信息，仅限于发送给上面地址中列出
的个人或群组。禁止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、
或散发）本邮件中的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本
邮件！
This e-mail and its attachments contain confidential information from New H3C, 
which is
intended only for the person or entity whose address is listed above. Any use 
of the
information contained herein in any way (including, but not limited to, total 
or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify 
the sender
by phone or email immediately and delete it!

[PATCH v2 6/8] tests/acceptance: Do not set the machine type manually

[Philippe Mathieu-Daudé]

Since commit ba21bde93 we don't need to set the machine type
manually, the one set by the ":avocado: tags=machine" will be used.

Suggested-by: Cleber Rosa 
Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/acceptance/machine_avr6.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/acceptance/machine_avr6.py b/tests/acceptance/machine_avr6.py
index 7a7d8afc29..394b3d4f8f 100644
--- a/tests/acceptance/machine_avr6.py
+++ b/tests/acceptance/machine_avr6.py
@@ -45,7 +45,6 @@ class AVR6Machine(Test):
 rom_hash = '7eb521f511ca8f2622e0a3c5e8dd686efbb911d4'
 rom_path = self.fetch_asset(rom_url, asset_hash=rom_hash)
 
-self.vm.set_machine('sample')
 self.vm.add_args('-bios', rom_path)
 self.vm.add_args('-nographic')
 self.vm.launch()
-- 
2.21.0

[PATCH v2 4/8] hw/avr: Add some Arduino boards

[Philippe Mathieu-Daudé]

Arduino boards are build with AVR chipsets.
Add some of the popular boards:

- Arduino Duemilanove
- Arduino Uno
- Arduino Mega

For more information:
  https://www.arduino.cc/en/Main/Products
  https://store.arduino.cc/arduino-genuino/most-popular

Signed-off-by: Philippe Mathieu-Daudé 
---
v2:
- Reword description adding more information (Aleksandar)
- Use DEFINE_TYPES (Igor)

Cc: Phillip Stevens  (for FreeRTOS example)
Cc: Igor Mammedov 
---
 hw/avr/arduino.c | 177 +++
 hw/avr/Makefile.objs |   1 +
 2 files changed, 178 insertions(+)
 create mode 100644 hw/avr/arduino.c

diff --git a/hw/avr/arduino.c b/hw/avr/arduino.c
new file mode 100644
index 00..ecaaa295d8
--- /dev/null
+++ b/hw/avr/arduino.c
@@ -0,0 +1,177 @@
+/*
+ * QEMU Arduino boards
+ *
+ * Copyright (c) 2019 Philippe Mathieu-Daudé
+ *
+ * This work is licensed under the terms of the GNU GPLv2 or later.
+ * See the COPYING file in the top-level directory.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+/* TODO: Implement the use of EXTRAM */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "atmega.h"
+
+typedef struct ArduinoMachineState {
+/*< private >*/
+MachineState parent_obj;
+/*< public >*/
+AtmegaMcuState mcu;
+MemoryRegion extram;
+} ArduinoMachineState;
+
+typedef struct ArduinoMachineClass {
+/*< private >*/
+MachineClass parent_class;
+/*< public >*/
+const char *mcu_type;
+uint64_t xtal_hz;
+size_t extram_size;
+} ArduinoMachineClass;
+
+#define TYPE_ARDUINO_MACHINE \
+MACHINE_TYPE_NAME("arduino")
+#define ARDUINO_MACHINE(obj) \
+OBJECT_CHECK(ArduinoMachineState, (obj), TYPE_ARDUINO_MACHINE)
+#define ARDUINO_MACHINE_CLASS(klass) \
+OBJECT_CLASS_CHECK(ArduinoMachineClass, (klass), TYPE_ARDUINO_MACHINE)
+#define ARDUINO_MACHINE_GET_CLASS(obj) \
+OBJECT_GET_CLASS(ArduinoMachineClass, (obj), TYPE_ARDUINO_MACHINE)
+
+static void load_firmware(const char *firmware, uint64_t flash_size)
+{
+const char *filename;
+int bytes_loaded;
+
+/* Load firmware (contents of flash) trying to auto-detect format */
+filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, firmware);
+if (filename == NULL) {
+error_report("Unable to find %s", firmware);
+exit(1);
+}
+
+bytes_loaded = load_elf(filename, NULL, NULL, NULL, NULL, NULL, NULL,
+0, EM_NONE, 0, 0);
+if (bytes_loaded < 0) {
+bytes_loaded = load_image_targphys(filename, OFFSET_CODE, flash_size);
+}
+if (bytes_loaded < 0) {
+error_report("Unable to load firmware image %s as ELF or raw binary",
+ firmware);
+exit(1);
+}
+}
+
+static void arduino_machine_init(MachineState *machine)
+{
+ArduinoMachineClass *amc = ARDUINO_MACHINE_GET_CLASS(machine);
+ArduinoMachineState *ams = ARDUINO_MACHINE(machine);
+
+sysbus_init_child_obj(OBJECT(machine), "mcu", >mcu, sizeof(ams->mcu),
+  amc->mcu_type);
+object_property_set_uint(OBJECT(>mcu), amc->xtal_hz,
+ "xtal-frequency-hz", _abort);
+object_property_set_bool(OBJECT(>mcu), true, "realized",
+ _abort);
+
+if (machine->firmware) {
+load_firmware(machine->firmware, memory_region_size(>mcu.flash));
+}
+}
+
+static void arduino_machine_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+
+mc->init = arduino_machine_init;
+mc->default_cpus = 1;
+mc->min_cpus = mc->default_cpus;
+mc->max_cpus = mc->default_cpus;
+mc->no_floppy = 1;
+mc->no_cdrom = 1;
+mc->no_parallel = 1;
+}
+
+static void arduino_duemilanove_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+ArduinoMachineClass *amc = ARDUINO_MACHINE_CLASS(oc);
+
+/* https://www.arduino.cc/en/Main/ArduinoBoardDuemilanove */
+mc->desc= "Arduino Duemilanove (ATmega168)",
+mc->alias   = "2009";
+amc->mcu_type   = TYPE_ATMEGA168_MCU;
+amc->xtal_hz= 16 * 1000 * 1000;
+};
+
+static void arduino_uno_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+ArduinoMachineClass *amc = ARDUINO_MACHINE_CLASS(oc);
+
+/* https://store.arduino.cc/arduino-uno-rev3 */
+mc->desc= "Arduino UNO (ATmega328P)";
+mc->alias   = "uno";
+amc->mcu_type   = TYPE_ATMEGA328_MCU;
+amc->xtal_hz= 16 * 1000 * 1000;
+};
+
+static void arduino_mega_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+ArduinoMachineClass *amc = ARDUINO_MACHINE_CLASS(oc);
+
+/* https://www.arduino.cc/en/Main/ArduinoBoardMega */
+mc->desc= "Arduino Mega (ATmega1280)";
+mc->alias   = "mega";
+amc->mcu_type   = TYPE_ATMEGA1280_MCU;

[PATCH v2 5/8] tests/boot-serial-test: Test some Arduino boards (AVR based)

[Philippe Mathieu-Daudé]

The Arduino Duemilanove is based on a AVR5 CPU, while the
Arduino MEGA2560 on a AVR6 CPU.

Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/boot-serial-test.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index e556f09db8..582a497963 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -113,6 +113,8 @@ typedef struct testdef {
 static testdef_t tests[] = {
 { "alpha", "clipper", "", "PCI:" },
 { "avr", "sample", "", "T", sizeof(bios_avr), NULL, bios_avr },
+{ "avr", "arduino-duemilanove", "", "T", sizeof(bios_avr), NULL, bios_avr 
},
+{ "avr", "arduino-mega-2560-v3", "", "T", sizeof(bios_avr), NULL, 
bios_avr},
 { "ppc", "ppce500", "", "U-Boot" },
 { "ppc", "40p", "-vga none -boot d", "Trying cd:," },
 { "ppc", "g3beige", "", "PowerPC,750" },
-- 
2.21.0

Re: [PATCH v2 0/8] hw/avr: Introduce the Arduino boards

[Philippe Mathieu-Daudé]

On Sat, Dec 21, 2019 at 2:02 AM Philippe Mathieu-Daudé  wrote:
>
> Hi,
>
> This series add the arduino boards, aiming at removing the
> 'sample' board that doesn't follow any specification.
>
> Since v1:
> - Addressed Igor comments
> - Addressed Aleksandar comments
> - Fixed UART issue (was due to IRQ shifted by 2 in CPU)
>
> TODO after merge is:
> - Extract Timer8 common parts from Timer16
> - Add GPIOs
> - Connect LED to GPIO on Arduino
> - Plug to Scratch (See http://s4a.cat/).
>   (I plan to purpose that as a GSoC idea).
>
> Thank you for having insisted with this port during so long!
(This comment is for Michael)

I forgot to amend this series (including Michael patches) is available here:
https://gitlab.com/philmd/qemu/commits/arduino-v2

> Regards,
>
> Phil.
>
> Based-on: <20191218210329.1960-1-mrol...@gmail.com>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg666384.html

[PATCH v2 2/8] hw/timer/avr_timer16: Rename memory region debugging name

[Philippe Mathieu-Daudé]

This device expose 3 different I/O regions. Name them differently
to have a clearer 'info mtree' output.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/timer/avr_timer16.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/timer/avr_timer16.c b/hw/timer/avr_timer16.c
index f3dcef7246..8a0027861c 100644
--- a/hw/timer/avr_timer16.c
+++ b/hw/timer/avr_timer16.c
@@ -562,11 +562,11 @@ static void avr_timer16_init(Object *obj)
 sysbus_init_irq(SYS_BUS_DEVICE(obj), >ovf_irq);
 
 memory_region_init_io(>iomem, obj, _timer16_ops,
-  s, TYPE_AVR_TIMER16, 0xe);
+  s, "avr-timer16", 0xe);
 memory_region_init_io(>imsk_iomem, obj, _timer16_imsk_ops,
-  s, TYPE_AVR_TIMER16, 0x1);
+  s, "avr-timer16-intmask", 0x1);
 memory_region_init_io(>ifr_iomem, obj, _timer16_ifr_ops,
-  s, TYPE_AVR_TIMER16, 0x1);
+  s, "avr-timer16-intflag", 0x1);
 
 sysbus_init_mmio(SYS_BUS_DEVICE(obj), >iomem);
 sysbus_init_mmio(SYS_BUS_DEVICE(obj), >imsk_iomem);
-- 
2.21.0

[PATCH v2 0/8] hw/avr: Introduce the Arduino boards

[Philippe Mathieu-Daudé]

Hi,

This series add the arduino boards, aiming at removing the
'sample' board that doesn't follow any specification.

Since v1:
- Addressed Igor comments
- Addressed Aleksandar comments
- Fixed UART issue (was due to IRQ shifted by 2 in CPU)

TODO after merge is:
- Extract Timer8 common parts from Timer16
- Add GPIOs
- Connect LED to GPIO on Arduino
- Plug to Scratch (See http://s4a.cat/).
  (I plan to purpose that as a GSoC idea).

Thank you for having insisted with this port during so long!

Regards,

Phil.

Based-on: <20191218210329.1960-1-mrol...@gmail.com>
https://www.mail-archive.com/qemu-devel@nongnu.org/msg666384.html
Cc: Stefan Hajnoczi  (for GSoC idea)
Cc: Phillip Stevens  (for FreeRTOS example)

Philippe Mathieu-Daudé (8):
  hw/char/avr: Reduce USART I/O size
  hw/timer/avr_timer16: Rename memory region debugging name
  hw/avr: Add some ATmega microcontrollers
  hw/avr: Add some Arduino boards
  tests/boot-serial-test: Test some Arduino boards (AVR based)
  tests/acceptance: Do not set the machine type manually
  tests/acceptance: Keep multilines comment consistent with other tests
  tests/acceptance: Test the Arduino MEGA2560 board

 hw/avr/atmega.h  |  48 
 hw/avr/arduino.c | 177 
 hw/avr/atmega.c  | 460 +++
 hw/char/avr_usart.c  |   2 +-
 hw/timer/avr_timer16.c   |   6 +-
 tests/boot-serial-test.c |   2 +
 hw/avr/Makefile.objs |   2 +
 tests/acceptance/machine_avr6.py |  11 +-
 8 files changed, 697 insertions(+), 11 deletions(-)
 create mode 100644 hw/avr/atmega.h
 create mode 100644 hw/avr/arduino.c
 create mode 100644 hw/avr/atmega.c

-- 
2.21.0

Re: [PATCH v2] mos6522: remove anh register

[David Gibson]

On Fri, Dec 20, 2019 at 10:40:54PM +0100, Laurent Vivier wrote:
> Register addr 1 is defined as buffer A with handshake (vBufAH),
> register addr 15 is also defined as buffer A without handshake (vBufA).
> 
> As both addresses access the same register, remove the definition of
> 'anh' and use only 'a' (with VIA_REG_ANH and VIA_REG_A).
> 
> Fixes: 51f233ec92cd ("misc: introduce new mos6522 VIA device and enable it 
> for ppc builds")
> Signed-off-by: Laurent Vivier 

Applied to ppc-for-5.0, thanks.

> ---
> 
> Notes:
> v2: update commit message (remove reference to linux)
> add LOG_UNIMP for VIA_REG_A access
> 
>  hw/misc/mos6522.c | 16 
>  include/hw/misc/mos6522.h |  1 -
>  2 files changed, 8 insertions(+), 9 deletions(-)
> 
> diff --git a/hw/misc/mos6522.c b/hw/misc/mos6522.c
> index cecf0be59e..10b85bf751 100644
> --- a/hw/misc/mos6522.c
> +++ b/hw/misc/mos6522.c
> @@ -244,6 +244,9 @@ uint64_t mos6522_read(void *opaque, hwaddr addr, unsigned 
> size)
>  val = s->b;
>  break;
>  case VIA_REG_A:
> +   qemu_log_mask(LOG_UNIMP, "Read access to register A with handshake");
> +   /* fall through */
> +case VIA_REG_ANH:
>  val = s->a;
>  break;
>  case VIA_REG_DIRB:
> @@ -297,9 +300,7 @@ uint64_t mos6522_read(void *opaque, hwaddr addr, unsigned 
> size)
>  val = s->ier | 0x80;
>  break;
>  default:
> -case VIA_REG_ANH:
> -val = s->anh;
> -break;
> +g_assert_not_reached();
>  }
>  
>  if (addr != VIA_REG_IFR || val != 0) {
> @@ -322,6 +323,9 @@ void mos6522_write(void *opaque, hwaddr addr, uint64_t 
> val, unsigned size)
>  mdc->portB_write(s);
>  break;
>  case VIA_REG_A:
> +   qemu_log_mask(LOG_UNIMP, "Write access to register A with handshake");
> +   /* fall through */
> +case VIA_REG_ANH:
>  s->a = (s->a & ~s->dira) | (val & s->dira);
>  mdc->portA_write(s);
>  break;
> @@ -395,9 +399,7 @@ void mos6522_write(void *opaque, hwaddr addr, uint64_t 
> val, unsigned size)
>qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
>  break;
>  default:
> -case VIA_REG_ANH:
> -s->anh = val;
> -break;
> +g_assert_not_reached();
>  }
>  }
>  
> @@ -439,7 +441,6 @@ const VMStateDescription vmstate_mos6522 = {
>  VMSTATE_UINT8(pcr, MOS6522State),
>  VMSTATE_UINT8(ifr, MOS6522State),
>  VMSTATE_UINT8(ier, MOS6522State),
> -VMSTATE_UINT8(anh, MOS6522State),
>  VMSTATE_STRUCT_ARRAY(timers, MOS6522State, 2, 0,
>   vmstate_mos6522_timer, MOS6522Timer),
>  VMSTATE_END_OF_LIST()
> @@ -460,7 +461,6 @@ static void mos6522_reset(DeviceState *dev)
>  s->ifr = 0;
>  s->ier = 0;
>  /* s->ier = T1_INT | SR_INT; */
> -s->anh = 0;
>  
>  s->timers[0].frequency = s->frequency;
>  s->timers[0].latch = 0x;
> diff --git a/include/hw/misc/mos6522.h b/include/hw/misc/mos6522.h
> index 493c907537..97384c6e02 100644
> --- a/include/hw/misc/mos6522.h
> +++ b/include/hw/misc/mos6522.h
> @@ -115,7 +115,6 @@ typedef struct MOS6522State {
>  uint8_t pcr;
>  uint8_t ifr;
>  uint8_t ier;
> -uint8_t anh;
>  
>  MOS6522Timer timers[2];
>  uint64_t frequency;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH 2/2] ppc/pnv: Use the CPU topology to compute the default number of chips

[David Gibson]

On Fri, Dec 20, 2019 at 05:51:48PM +0100, Greg Kurz wrote:
> Multi TCG mandates the CPU topology to be dimensioned to the actual
> number of CPUs, depending on the number of chips the user asked for.
> That is, '-machine num-chips=N' should always have a '-smp' companion
> with a topology that meats the resulting number of CPUs, typically
> '-smp sockets=N'.
> 
> Simplify the command line for these setups by computing the default
> number of chips based on the CPU topology, ie. no need to explicitely
> set "num-chips" anymore. This must be done at machine init because
> smp_parse() is called after instance init.
> 
> Signed-off-by: Greg Kurz 

Is there actually any reason to retain num-chips at all?  Or could we
just set the number of chips equal to the number of sockets, which
seems to make sense to me.

> ---
>  hw/ppc/pnv.c |   23 ---
>  1 file changed, 16 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
> index f8cf2b6d760f..9b777b7084a0 100644
> --- a/hw/ppc/pnv.c
> +++ b/hw/ppc/pnv.c
> @@ -768,6 +768,19 @@ static void pnv_init(MachineState *machine)
>  exit(1);
>  }
>  
> +if (!pnv->num_chips) {
> +uint32_t num_chips =
> +machine->smp.max_cpus / (machine->smp.cores * 
> machine->smp.threads);
> +Error *local_err = NULL;
> +
> +object_property_set_uint(OBJECT(pnv), num_chips, "num-chips",
> + _err);
> +if (local_err) {
> +error_report_err(local_err);
> +exit(1);
> +}
> +}
> +
>  pnv->chips = g_new0(PnvChip *, pnv->num_chips);
>  for (i = 0; i < pnv->num_chips; i++) {
>  char chip_name[32];
> @@ -1722,6 +1735,9 @@ static void pnv_set_num_chips(Object *obj, Visitor *v, 
> const char *name,
>   */
>  if (!is_power_of_2(num_chips) || num_chips > 4) {
>  error_setg(errp, "invalid number of chips: '%d'", num_chips);
> +error_append_hint(errp,
> +  "Set 'num-chips' implicitely with '-smp 
> sockets=N'. "
> +  "Valid values are : 1, 2 or 4.\n");
>  return;
>  }
>  
> @@ -1735,12 +1751,6 @@ static void pnv_set_num_chips(Object *obj, Visitor *v, 
> const char *name,
>  pnv->num_chips = num_chips;
>  }
>  
> -static void pnv_machine_instance_init(Object *obj)
> -{
> -PnvMachineState *pnv = PNV_MACHINE(obj);
> -pnv->num_chips = 1;
> -}
> -
>  static void pnv_machine_class_props_init(ObjectClass *oc)
>  {
>  object_class_property_add(oc, "num-chips", "uint32",
> @@ -1874,7 +1884,6 @@ static const TypeInfo types[] = {
>  .parent= TYPE_MACHINE,
>  .abstract   = true,
>  .instance_size = sizeof(PnvMachineState),
> -.instance_init = pnv_machine_instance_init,
>  .class_init= pnv_machine_class_init,
>  .class_size= sizeof(PnvMachineClass),
>  .interfaces = (InterfaceInfo[]) {
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[PATCH v2 7/8] tests/acceptance: Keep multilines comment consistent with other tests

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
Cc: Cleber Rosa 

 tests/acceptance/machine_avr6.py | 8 +++-
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/tests/acceptance/machine_avr6.py b/tests/acceptance/machine_avr6.py
index 394b3d4f8f..94a8004e94 100644
--- a/tests/acceptance/machine_avr6.py
+++ b/tests/acceptance/machine_avr6.py
@@ -37,11 +37,9 @@ class AVR6Machine(Test):
 
https://github.com/seharris/qemu-avr-tests/raw/master/free-rtos/Demo/AVR_ATMega2560_GCC/demo.elf
 constantly prints out 
'ABCDEFGHIJKLMNOPQRSTUVWXABCDEFGHIJKLMNOPQRSTUVWX'
 """
-rom_url = 'https://github.com/seharris/qemu-avr-tests'
-rom_sha1= '36c3e67b8755dcf37e06af6730ef5d477b8ed16d'
-rom_url += '/raw/'
-rom_url += rom_sha1
-rom_url += '/free-rtos/Demo/AVR_ATMega2560_GCC/demo.elf'
+rom_url = ('https://github.com/seharris/qemu-avr-tests'
+   '/raw/36c3e67b8755dcf/free-rtos/Demo'
+   '/AVR_ATMega2560_GCC/demo.elf')
 rom_hash = '7eb521f511ca8f2622e0a3c5e8dd686efbb911d4'
 rom_path = self.fetch_asset(rom_url, asset_hash=rom_hash)
 
-- 
2.21.0

[PATCH v2 3/8] hw/avr: Add some ATmega microcontrollers

[Philippe Mathieu-Daudé]

Add some microcontrollers from the megaAVR family (ATmega series):

- middle range: ATmega168 and ATmega328
- high range: ATmega1280 and ATmega2560

For product comparison:
  https://www.microchip.com/wwwproducts/ProductCompare/ATmega168P/ATmega328P
  https://www.microchip.com/wwwproducts/ProductCompare/ATmega1280/ATmega2560

Datasheets:
  
http://ww1.microchip.com/downloads/en/DeviceDoc/ATmega48A-PA-88A-PA-168A-PA-328-P-DS-DS40002061A.pdf
  
http://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-2549-8-bit-AVR-Microcontroller-ATmega640-1280-1281-2560-2561_datasheet.pdf

Signed-off-by: Philippe Mathieu-Daudé 
---
v2:
- Reword description adding more information (Aleksandar)
- Use DEFINE_TYPES and memory_region_init_ram (Igor)

Cc: Igor Mammedov 
---
 hw/avr/atmega.h  |  48 +
 hw/avr/atmega.c  | 460 +++
 hw/avr/Makefile.objs |   1 +
 3 files changed, 509 insertions(+)
 create mode 100644 hw/avr/atmega.h
 create mode 100644 hw/avr/atmega.c

diff --git a/hw/avr/atmega.h b/hw/avr/atmega.h
new file mode 100644
index 00..aac09f7957
--- /dev/null
+++ b/hw/avr/atmega.h
@@ -0,0 +1,48 @@
+/*
+ * QEMU ATmega MCU
+ *
+ * Copyright (c) 2019 Philippe Mathieu-Daudé
+ *
+ * This work is licensed under the terms of the GNU GPLv2 or later.
+ * See the COPYING file in the top-level directory.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef HW_AVR_ATMEGA_H
+#define HW_AVR_ATMEGA_H
+
+#include "hw/char/avr_usart.h"
+#include "hw/timer/avr_timer16.h"
+#include "hw/misc/avr_mask.h"
+#include "target/avr/cpu.h"
+
+#define TYPE_ATMEGA_MCU "ATmega"
+#define TYPE_ATMEGA168_MCU  "ATmega168"
+#define TYPE_ATMEGA328_MCU  "ATmega328"
+#define TYPE_ATMEGA1280_MCU "ATmega1280"
+#define TYPE_ATMEGA2560_MCU "ATmega2560"
+
+#define ATMEGA_MCU(obj) OBJECT_CHECK(AtmegaMcuState, (obj), TYPE_ATMEGA_MCU)
+
+#define POWER_MAX 2
+#define USART_MAX 4
+#define TIMER_MAX 6
+#define GPIO_MAX 12
+
+typedef struct AtmegaMcuState {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public >*/
+
+AVRCPU cpu;
+MemoryRegion flash;
+MemoryRegion eeprom;
+MemoryRegion sram;
+DeviceState *io;
+AVRMaskState pwr[POWER_MAX];
+AVRUsartState usart[USART_MAX];
+AVRTimer16State timer[TIMER_MAX];
+uint64_t xtal_freq_hz;
+} AtmegaMcuState;
+
+#endif /* HW_AVR_ATMEGA_H */
diff --git a/hw/avr/atmega.c b/hw/avr/atmega.c
new file mode 100644
index 00..d4190605d6
--- /dev/null
+++ b/hw/avr/atmega.c
@@ -0,0 +1,460 @@
+/*
+ * QEMU ATmega MCU
+ *
+ * Copyright (c) 2019 Philippe Mathieu-Daudé
+ *
+ * This work is licensed under the terms of the GNU GPLv2 or later.
+ * See the COPYING file in the top-level directory.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/module.h"
+#include "qemu/units.h"
+#include "qapi/error.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+#include "sysemu/sysemu.h"
+#include "hw/qdev-properties.h"
+#include "hw/sysbus.h"
+#include "hw/boards.h" /* FIXME memory_region_allocate_system_memory for sram 
*/
+#include "hw/misc/unimp.h"
+#include "atmega.h"
+
+typedef struct {
+uint16_t addr;
+uint16_t prr_addr;
+uint8_t prr_bit;
+/* timer specific */
+uint16_t intmask_addr;
+uint16_t intflag_addr;
+bool is_timer16;
+} peripheral_cfg;
+
+typedef struct AtmegaMcuClass {
+/*< private >*/
+SysBusDeviceClass parent_class;
+/*< public >*/
+const char *uc_name;
+const char *cpu_type;
+size_t flash_size;
+size_t eeprom_size;
+size_t sram_size;
+size_t io_size;
+size_t gpio_count;
+size_t adc_count;
+const uint8_t *irq;
+const peripheral_cfg *dev;
+} AtmegaMcuClass;
+
+#define ATMEGA_MCU_CLASS(klass) \
+OBJECT_CLASS_CHECK(AtmegaMcuClass, (klass), TYPE_ATMEGA_MCU)
+#define ATMEGA_MCU_GET_CLASS(obj) \
+OBJECT_GET_CLASS(AtmegaMcuClass, (obj), TYPE_ATMEGA_MCU)
+
+enum AtmegaIrq {
+USART0_RXC_IRQ, USART0_DRE_IRQ, USART0_TXC_IRQ,
+USART1_RXC_IRQ, USART1_DRE_IRQ, USART1_TXC_IRQ,
+USART2_RXC_IRQ, USART2_DRE_IRQ, USART2_TXC_IRQ,
+USART3_RXC_IRQ, USART3_DRE_IRQ, USART3_TXC_IRQ,
+TIMER0_CAPT_IRQ, TIMER0_COMPA_IRQ, TIMER0_COMPB_IRQ,
+TIMER0_COMPC_IRQ, TIMER0_OVF_IRQ,
+TIMER1_CAPT_IRQ, TIMER1_COMPA_IRQ, TIMER1_COMPB_IRQ,
+TIMER1_COMPC_IRQ, TIMER1_OVF_IRQ,
+TIMER2_CAPT_IRQ, TIMER2_COMPA_IRQ, TIMER2_COMPB_IRQ,
+TIMER2_COMPC_IRQ, TIMER2_OVF_IRQ,
+TIMER3_CAPT_IRQ, TIMER3_COMPA_IRQ, TIMER3_COMPB_IRQ,
+TIMER3_COMPC_IRQ, TIMER3_OVF_IRQ,
+TIMER4_CAPT_IRQ, TIMER4_COMPA_IRQ, TIMER4_COMPB_IRQ,
+TIMER4_COMPC_IRQ, TIMER4_OVF_IRQ,
+TIMER5_CAPT_IRQ, TIMER5_COMPA_IRQ, TIMER5_COMPB_IRQ,
+TIMER5_COMPC_IRQ, TIMER5_OVF_IRQ,
+IRQ_COUNT
+};
+
+#define USART_IRQ_COUNT 3
+#define USART_RXC_IRQ(n)(n * USART_IRQ_COUNT + USART0_RXC_IRQ)
+#define USART_DRE_IRQ(n)(n * USART_IRQ_COUNT + USART0_DRE_IRQ)
+#define USART_TXC_IRQ(n)

[PATCH v2 8/8] tests/acceptance: Test the Arduino MEGA2560 board

[Philippe Mathieu-Daudé]

As the path name demonstrates, the FreeRTOS tests target a
board based on a ATMega2560 MCU. We have one, the Arduino
MEGA2560.

Complementary documentation:

https://feilipu.me/2012/01/15/ethermega-arduino-mega-2560-and-freertos/
https://feilipu.me/2015/11/24/arduino_freertos/ (see 'Compatibility')

Signed-off-by: Philippe Mathieu-Daudé 
---
Cc: Cleber Rosa 
Cc: Phillip Stevens  (for FreeRTOS example)
---
 tests/acceptance/machine_avr6.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/acceptance/machine_avr6.py b/tests/acceptance/machine_avr6.py
index 94a8004e94..c5ff423e50 100644
--- a/tests/acceptance/machine_avr6.py
+++ b/tests/acceptance/machine_avr6.py
@@ -31,7 +31,7 @@ class AVR6Machine(Test):
 def test_freertos(self):
 """
 :avocado: tags=arch:avr
-:avocado: tags=machine:sample
+:avocado: tags=machine:arduino-mega-2560-v3
 """
 """
 
https://github.com/seharris/qemu-avr-tests/raw/master/free-rtos/Demo/AVR_ATMega2560_GCC/demo.elf
-- 
2.21.0

[PATCH v2 1/8] hw/char/avr: Reduce USART I/O size

[Philippe Mathieu-Daudé]

Per the datasheet the USART uses 7 consecutive 8-bit registers.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/char/avr_usart.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/char/avr_usart.c b/hw/char/avr_usart.c
index cb307fe23d..becdb87847 100644
--- a/hw/char/avr_usart.c
+++ b/hw/char/avr_usart.c
@@ -280,7 +280,7 @@ static void avr_usart_init(Object *obj)
 sysbus_init_irq(SYS_BUS_DEVICE(obj), >rxc_irq);
 sysbus_init_irq(SYS_BUS_DEVICE(obj), >dre_irq);
 sysbus_init_irq(SYS_BUS_DEVICE(obj), >txc_irq);
-memory_region_init_io(>mmio, obj, _usart_ops, s, TYPE_AVR_USART, 8);
+memory_region_init_io(>mmio, obj, _usart_ops, s, TYPE_AVR_USART, 7);
 sysbus_init_mmio(SYS_BUS_DEVICE(obj), >mmio);
 qdev_init_gpio_in(DEVICE(s), avr_usart_pr, 1);
 s->enabled = true;
-- 
2.21.0

Re: [PATCH 00/10] Fixes for DP8393X SONIC device emulation

[Finn Thain]

On Fri, 20 Dec 2019, Laurent Vivier wrote:

> Le 20/12/2019 ? 12:38, Aleksandar Markovic a ?crit?:
> > On Sat, Dec 14, 2019 at 2:29 AM Finn Thain  
> > wrote:
> >>
> >> Hi All,
> >>
> >> There is a bug in the DP8393X emulation that can stop packet reception.
> >>
> >> Whilst debugging that issue I found that the receiver algorithm differs
> >> from the one described in the National Semiconductor datasheet.
> >>
> > 
> > Finn, could you please provide the link to the exact datasheet that
> > you used for reference, so that we are on the same page while looking
> > at your code?
> 
> According to his comments ,"National Semiconductor DP83932C" and
> sections seem to be the same, I think the datasheet is:
> 
> https://www.eit.lth.se/fileadmin/eit/courses/datablad/Periphery/Communication/DP83932C.pdf
> 

Yes. I know of 3 datasheets from National Semiconductor,

11719  DP83934CVUL-20/25 MHz SONIC-T Systems-Oriented Network Interface 
Controller with Twisted Pair Interface
10492  DP83932C-20/25/33 MHz SONIC Systems-Oriented Network Interface 
Controller
11722  DP83916 SONIC-16 Systems-Oriented Network Interface Controller

The publication numbered 10492 is the one that Laurent linked to. It and 
11722 both have the same table of contents. The references I gave in the 
patch descriptions are applicable to these. (Having said that, I see now 
that I did mess up one reference. I'll fix it.)

The "1995 National Ethernet Databook" on bitsavers has more information. 
https://mirrorservice.org/sites/www.bitsavers.org/components/national/_dataBooks/1995_National_Ethernet_Databook.pdf

-- 

> Thanks,
> Laurent
> 

Re: [PATCH v39 15/22] target/avr: Add example board configuration

[Philippe Mathieu-Daudé]

Hi Michael,

Few minor comments below.

On 12/18/19 10:03 PM, Michael Rolnik wrote:

A simple board setup that configures an AVR CPU to run a given firmware image.
This is all that's useful to implement without peripheral emulation as AVR CPUs 
include a lot of on-board peripherals.

NOTE: this is not a real board 
NOTE: it's used for CPU testing

Signed-off-by: Michael Rolnik 
Reviewed-by: Aleksandar Markovic 
Nacked-by: Philippe Mathieu-Daudé 
---
  include/elf.h|   2 +
  include/hw/elf_ops.h |   6 +-
  include/hw/loader.h  |   6 +-
  hw/avr/sample.c  | 293 +++
  hw/core/loader.c |  15 +--
  hw/riscv/boot.c  |   2 +-
  hw/Kconfig   |   1 +
  hw/avr/Kconfig   |   6 +
  hw/avr/Makefile.objs |   1 +
  9 files changed, 321 insertions(+), 11 deletions(-)
  create mode 100644 hw/avr/sample.c
  create mode 100644 hw/avr/Kconfig
  create mode 100644 hw/avr/Makefile.objs

diff --git a/include/elf.h b/include/elf.h
index 3501e0c8d0..53cdfa23b7 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -202,6 +202,8 @@ typedef struct mips_elf_abiflags_v0 {
  #define EM_MOXIE   223 /* Moxie processor family */
  #define EM_MOXIE_OLD   0xFEED
  
+#define EM_AVR 83 /* AVR 8-bit microcontroller */

+
  /* This is the info that is needed to parse the dynamic section of the file */
  #define DT_NULL   0
  #define DT_NEEDED 1
diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
index e07d276df7..70de85fa72 100644
--- a/include/hw/elf_ops.h
+++ b/include/hw/elf_ops.h
@@ -316,7 +316,8 @@ static int glue(load_elf, SZ)(const char *name, int fd,
void *translate_opaque,
int must_swab, uint64_t *pentry,
uint64_t *lowaddr, uint64_t *highaddr,
-  int elf_machine, int clear_lsb, int data_swab,
+  uint32_t *pe_flags, int elf_machine,
+  int clear_lsb, int data_swab,
AddressSpace *as, bool load_rom,
symbol_fn_t sym_cb)
  {
@@ -594,6 +595,9 @@ static int glue(load_elf, SZ)(const char *name, int fd,
  }
  }
  
+if (pe_flags) {

+*pe_flags = (uint32_t)(elf_sword)ehdr.e_flags;
+}
  if (lowaddr)
  *lowaddr = (uint64_t)(elf_sword)low;
  if (highaddr)
diff --git a/include/hw/loader.h b/include/hw/loader.h
index 48a96cd559..22b59e15ba 100644
--- a/include/hw/loader.h
+++ b/include/hw/loader.h
@@ -101,6 +101,7 @@ const char *load_elf_strerror(int error);
   * @pentry: Populated with program entry point. Ignored if NULL.
   * @lowaddr: Populated with lowest loaded address. Ignored if NULL.
   * @highaddr: Populated with highest loaded address. Ignored if NULL.
+ * @pe_flags: Populated with e_flags. Ignore if NULL.
   * @bigendian: Expected ELF endianness. 0 for LE otherwise BE
   * @elf_machine: Expected ELF machine type
   * @clear_lsb: Set to mask off LSB of addresses (Some architectures use
@@ -131,8 +132,9 @@ int load_elf_ram_sym(const char *filename,
   uint64_t (*elf_note_fn)(void *, void *, bool),
   uint64_t (*translate_fn)(void *, uint64_t),
   void *translate_opaque, uint64_t *pentry,
- uint64_t *lowaddr, uint64_t *highaddr, int big_endian,
- int elf_machine, int clear_lsb, int data_swab,
+ uint64_t *lowaddr, uint64_t *highaddr, uint32_t *pe_flags,
+ int big_endian, int elf_machine,
+ int clear_lsb, int data_swab,
   AddressSpace *as, bool load_rom, symbol_fn_t sym_cb);
  
  /** load_elf_ram:

diff --git a/hw/avr/sample.c b/hw/avr/sample.c
new file mode 100644
index 00..4fdbc17f1c
--- /dev/null
+++ b/hw/avr/sample.c
@@ -0,0 +1,293 @@
+/*
+ * QEMU AVR CPU
+ *
+ * Copyright (c) 2019 Michael Rolnik
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+/*
+ *  NOTE:
+ *  This is not a real AVR board, this is an example!
+ *  The CPU is an approximation of an ATmega2560, but is missing various
+ *  built-in peripherals.
+ *
+ *  This example board loads provided binary file into flash memory and
+ *  

Re: [PATCH v2 13/13] dp8393x: Correctly advance RRP

[Finn Thain]

Please disregard this patch. An off-by-one bug was found in one of my 
Linux sonic driver patches. When I fixed that bug, this patch (13/13) was 
shown to be incorrect.

The Linux sonic driver patches are being tested on actual SONIC hardware 
(Mac Centris 610). I will send v3 of this series after I've finished 
debugging the Linux sonic driver.

On Fri, 20 Dec 2019, Finn Thain wrote:

> The last entry in the RRA is at the address given by the REA register.
> The address wrap-around logic is off-by-one entry. The last resource
> never gets used and RRP can jump over the RWP. The guest driver fails
> badly because the SONIC starts re-using old buffer addresses. Fix this.
> 
> Signed-off-by: Finn Thain 
> ---
>  hw/net/dp8393x.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
> index bd92fa28f6..92a30f9f69 100644
> --- a/hw/net/dp8393x.c
> +++ b/hw/net/dp8393x.c
> @@ -340,7 +340,7 @@ static void dp8393x_do_read_rra(dp8393xState *s)
>  s->regs[SONIC_RRP] += size;
>  
>  /* Handle wrap */
> -if (s->regs[SONIC_RRP] == s->regs[SONIC_REA]) {
> +if (s->regs[SONIC_RRP] == s->regs[SONIC_REA] + size) {
>  s->regs[SONIC_RRP] = s->regs[SONIC_RSA];
>  }
>  
> 

Re: [PATCH] qapi/block: fix nbd-server-add spec

[Eric Blake]

On 12/19/19 10:14 AM, Nir Soffer wrote:


1. Using disk name as a bitmap name is a bad behavior, as they are completely
different concepts. Especially keeping in mind that user already knows disk 
name anyway
and no reason to write this export name inside metadata context of this export.


The different concept is expressed by the "qemu:dirty-bitmap:" prefix.
"qemu:dirty-bitmap:export-name" means the dirty bitmap for this export.


Why do you think so? Did you read NBD specification?


Yes - the name of the bitmap does not have any meaning.
But for nbd_server_add we allow only single bitmap for export.


Just because qemu is currently limited to only exposing one bitmap at 
the moment does not mean that a future version can't expose multiple 
bitmaps. It may very well be that we have reason to expose both 
"qemu:dirty-bitmap:timeA" and "qemu:dirty-bitmap:timeB" on the same 
export, for exposing two bitmaps at once.  To get to that point, we'd 
have to refactor the QAPI command to allow attaching more than one 
bitmap at the time of creating the NBD export, but it's not impossible.





Metadata context is always owned by some export.


Of course.


Do you mean that there will bemetadata contexts

qemu:dirty-bitmap:export-A
qemu:dirty-bitmap:export-B

both defined for export-A?


It does not make sense, but it is valid.


If an image has multiple bitmaps, exposing all of those as separate 
contexts at the same time for a single export can indeed make sense.





2. It's not directly documented. You assume that NAME == @name. I understand 
that
it may be assumed.. But it's not documented.


But NAME is likely to be understood as the name argument, and unlikely to be the
bitmap name.


Yes likely. But it's still bad specification, which should be fixed.


If we cannot change the current behavior since it will break current users,
I agree fixing the spec to describe the current behavior is a good idea.


We need the doc fix. Whether we also want an additional fix adding an 
optional parameter allowing user control over the export name is also 
under debate (the fact that the old x-nbd-server-add-bitmap supported it 
shows that it may be useful, but it is not minimal, and as I pointed out 
at the time of removing x-, libvirt can always control what name is 
exposed by creating a temporary bitmap and merging from other bitmaps 
into the temporary).


We also have to think about a future of parallel backup jobs: libvirt 
can create a single temporary bitmap to expose whatever name it wants 
under one job, but if libvirt wants to expose the SAME user-visible name 
to two parallel jobs, it cannot create two bitmaps with the same name, 
so having a way to set the user-visible name of an arbitrary bitmap when 
producing the NBD export makes sense on that front.






3. It's never worked like you write. So if we change the behavior, we'll break
existing users.


Do we have existing users? isn't this new feature in 4.2?


No, it's since 4.0


As long as altering the exported name is controlled by a new optional 
parameter, it does not hurt older 4.0 clients that do not use the new 
parameter.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH] qapi/block: fix nbd-server-add spec

[Eric Blake]

On 12/19/19 9:08 AM, Nir Soffer wrote:


Let's just fix qapi spec now.


But qapi documents a better behavior for users. We should fix the code instead
to mach the docs.


1. Using disk name as a bitmap name is a bad behavior, as they are completely
different concepts. Especially keeping in mind that user already knows disk 
name anyway
and no reason to write this export name inside metadata context of this export.


The different concept is expressed by the "qemu:dirty-bitmap:" prefix.
"qemu:dirty-bitmap:export-name" means the dirty bitmap for this export.


2. It's not directly documented. You assume that NAME == @name. I understand 
that
it may be assumed.. But it's not documented.


But NAME is likely to be understood as the name argument, and unlikely to be the
bitmap name.


That's a misunderstanding due to poor docs.  The bitmap name has always 
been what was exposed, ever since we promoted things to stable by 
getting rid of x-.





3. It's never worked like you write. So if we change the behavior, we'll break
existing users.


Do we have existing users? isn't this new feature in 4.2?


No, the feature stems back to 4.0, when we got rid of x-.  There are 
other reasons that dirty bitmaps aren't really usable for incremental 
backups without qemu 4.2, but qemu 4.0 was the first time we exposed a 
stable interface for a bitmap over an NBD export, and that release used 
the bitmap name (and not the export name), so at this point, a code 
change would break expectations of any 4.0 client using bitmaps for 
other reasons.  Libvirt currently has absolute control over the bitmap 
name (my initial code in libvirt created a temporary bitmap with my 
desired name, then merged the contents from the permanent bitmaps 
corresponding to the actual libvirt Checkpoint objects into the 
temporary, so that it could then call nbd-export-add with the temporary 
bitmap name).  But, as you point out...




Before we had experimental x-block-dirty-bitmap APIs, which are stable, so users
could not depend on them.


The unstable x-block-dirty-bitmap APIs _did_ have a way to export a 
user-controlled name SEPARATE from the bitmap name.  At the time I was 
removing the x- prefix, I asked if anyone had a strong use case for 
keeping that functionality.  No one spoke up in favor of keeping it 
(Nikolay mentioned using the old interface, but not being stumped by its 
removal), so we nuked it at the time.  We can always add it back (now 
that it sounds like you have a use case where it may be more 
compelling), but it was easier to stabilize less and add more later as 
needed, than to stabilize too much and regret that we had to support the 
flexibility that no one needed.

https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02373.html
https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg01970.html

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH 04/13] hw/timer/allwinner: Move definitions from header to source

[Niek Linnenbank]

On Thu, Dec 19, 2019 at 7:51 PM Philippe Mathieu-Daudé 
wrote:

> These definitions are only used in the implementation, thus don't
> need to be exported. Move them in the source file.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/timer/allwinner-a10-pit.h | 28 --
>  hw/timer/allwinner-a10-pit.c | 30 
>  2 files changed, 30 insertions(+), 28 deletions(-)
>
> diff --git a/include/hw/timer/allwinner-a10-pit.h
> b/include/hw/timer/allwinner-a10-pit.h
> index e4a644add9..c28ee5ca47 100644
> --- a/include/hw/timer/allwinner-a10-pit.h
> +++ b/include/hw/timer/allwinner-a10-pit.h
> @@ -5,37 +5,9 @@
>  #include "hw/sysbus.h"
>
>  #define TYPE_AW_A10_PIT "allwinner-A10-timer"
> -#define AW_A10_PIT(obj) OBJECT_CHECK(AwA10PITState, (obj),
> TYPE_AW_A10_PIT)
>
>  #define AW_PIT_TIMER_MAX6
>
> -#define AW_A10_PIT_TIMER_NR6
> -
> -#define AW_A10_PIT_TIMER_IRQ_EN0
> -#define AW_A10_PIT_TIMER_IRQ_ST0x4
> -
> -#define AW_A10_PIT_TIMER_CONTROL   0x0
> -#define AW_A10_PIT_TIMER_EN0x1
> -#define AW_A10_PIT_TIMER_RELOAD0x2
> -#define AW_A10_PIT_TIMER_MODE  0x80
> -
> -#define AW_A10_PIT_TIMER_INTERVAL  0x4
> -#define AW_A10_PIT_TIMER_COUNT 0x8
> -#define AW_A10_PIT_WDOG_CONTROL0x90
> -#define AW_A10_PIT_WDOG_MODE   0x94
> -
> -#define AW_A10_PIT_COUNT_CTL   0xa0
> -#define AW_A10_PIT_COUNT_RL_EN 0x2
> -#define AW_A10_PIT_COUNT_CLR_EN0x1
> -#define AW_A10_PIT_COUNT_LO0xa4
> -#define AW_A10_PIT_COUNT_HI0xa8
> -
> -#define AW_A10_PIT_TIMER_BASE  0x10
> -#define AW_A10_PIT_TIMER_BASE_END  \
> -(AW_A10_PIT_TIMER_BASE * AW_A10_PIT_TIMER_NR + AW_A10_PIT_TIMER_COUNT)
> -
> -#define AW_A10_PIT_DEFAULT_CLOCK   0x4
> -
>  typedef struct AwA10PITState AwA10PITState;
>
>  typedef struct AwA10TimerContext {
> diff --git a/hw/timer/allwinner-a10-pit.c b/hw/timer/allwinner-a10-pit.c
> index b31a0bcd43..00f7cc492d 100644
> --- a/hw/timer/allwinner-a10-pit.c
> +++ b/hw/timer/allwinner-a10-pit.c
> @@ -24,6 +24,36 @@
>  #include "qemu/log.h"
>  #include "qemu/module.h"
>
> +#define AW_A10_PIT_TIMER_NR 6
> +
> +#define AW_A10_PIT_TIMER_IRQ_EN 0
> +#define AW_A10_PIT_TIMER_IRQ_ST 0x4
> +
> +#define AW_A10_PIT_TIMER_CONTROL0x0
> +#define AW_A10_PIT_TIMER_EN 0x1
> +#define AW_A10_PIT_TIMER_RELOAD 0x2
> +#define AW_A10_PIT_TIMER_MODE   0x80
> +
> +#define AW_A10_PIT_TIMER_INTERVAL   0x4
> +#define AW_A10_PIT_TIMER_COUNT  0x8
> +#define AW_A10_PIT_WDOG_CONTROL 0x90
> +#define AW_A10_PIT_WDOG_MODE0x94
> +
> +#define AW_A10_PIT_COUNT_CTL0xa0
> +#define AW_A10_PIT_COUNT_RL_EN  0x2
> +#define AW_A10_PIT_COUNT_CLR_EN 0x1
> +#define AW_A10_PIT_COUNT_LO 0xa4
> +#define AW_A10_PIT_COUNT_HI 0xa8
> +
> +#define AW_A10_PIT_TIMER_BASE   0x10
> +#define AW_A10_PIT_TIMER_BASE_END   \
> +(AW_A10_PIT_TIMER_BASE * AW_A10_PIT_TIMER_NR + AW_A10_PIT_TIMER_COUNT)
> +
> +#define AW_A10_PIT_DEFAULT_CLOCK0x4
> +
> +#define AW_A10_PIT(obj) \
> +OBJECT_CHECK(AwA10PITState, (obj), TYPE_AW_A10_PIT)
> +
>  static void a10_pit_update_irq(AwA10PITState *s)
>  {
>  int i;
> --
> 2.21.0
>
>
Looks fine and tested on -M orangepi-pc, -M cubieboard:
   Tested-by: Niek Linnenbank 
   Reviewed-by: Niek Linnenbank 

-- 
Niek Linnenbank

[PATCH v2] mos6522: remove anh register

[Laurent Vivier]

Register addr 1 is defined as buffer A with handshake (vBufAH),
register addr 15 is also defined as buffer A without handshake (vBufA).

As both addresses access the same register, remove the definition of
'anh' and use only 'a' (with VIA_REG_ANH and VIA_REG_A).

Fixes: 51f233ec92cd ("misc: introduce new mos6522 VIA device and enable it for 
ppc builds")
Signed-off-by: Laurent Vivier 
---

Notes:
v2: update commit message (remove reference to linux)
add LOG_UNIMP for VIA_REG_A access

 hw/misc/mos6522.c | 16 
 include/hw/misc/mos6522.h |  1 -
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/hw/misc/mos6522.c b/hw/misc/mos6522.c
index cecf0be59e..10b85bf751 100644
--- a/hw/misc/mos6522.c
+++ b/hw/misc/mos6522.c
@@ -244,6 +244,9 @@ uint64_t mos6522_read(void *opaque, hwaddr addr, unsigned 
size)
 val = s->b;
 break;
 case VIA_REG_A:
+   qemu_log_mask(LOG_UNIMP, "Read access to register A with handshake");
+   /* fall through */
+case VIA_REG_ANH:
 val = s->a;
 break;
 case VIA_REG_DIRB:
@@ -297,9 +300,7 @@ uint64_t mos6522_read(void *opaque, hwaddr addr, unsigned 
size)
 val = s->ier | 0x80;
 break;
 default:
-case VIA_REG_ANH:
-val = s->anh;
-break;
+g_assert_not_reached();
 }
 
 if (addr != VIA_REG_IFR || val != 0) {
@@ -322,6 +323,9 @@ void mos6522_write(void *opaque, hwaddr addr, uint64_t val, 
unsigned size)
 mdc->portB_write(s);
 break;
 case VIA_REG_A:
+   qemu_log_mask(LOG_UNIMP, "Write access to register A with handshake");
+   /* fall through */
+case VIA_REG_ANH:
 s->a = (s->a & ~s->dira) | (val & s->dira);
 mdc->portA_write(s);
 break;
@@ -395,9 +399,7 @@ void mos6522_write(void *opaque, hwaddr addr, uint64_t val, 
unsigned size)
   qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
 break;
 default:
-case VIA_REG_ANH:
-s->anh = val;
-break;
+g_assert_not_reached();
 }
 }
 
@@ -439,7 +441,6 @@ const VMStateDescription vmstate_mos6522 = {
 VMSTATE_UINT8(pcr, MOS6522State),
 VMSTATE_UINT8(ifr, MOS6522State),
 VMSTATE_UINT8(ier, MOS6522State),
-VMSTATE_UINT8(anh, MOS6522State),
 VMSTATE_STRUCT_ARRAY(timers, MOS6522State, 2, 0,
  vmstate_mos6522_timer, MOS6522Timer),
 VMSTATE_END_OF_LIST()
@@ -460,7 +461,6 @@ static void mos6522_reset(DeviceState *dev)
 s->ifr = 0;
 s->ier = 0;
 /* s->ier = T1_INT | SR_INT; */
-s->anh = 0;
 
 s->timers[0].frequency = s->frequency;
 s->timers[0].latch = 0x;
diff --git a/include/hw/misc/mos6522.h b/include/hw/misc/mos6522.h
index 493c907537..97384c6e02 100644
--- a/include/hw/misc/mos6522.h
+++ b/include/hw/misc/mos6522.h
@@ -115,7 +115,6 @@ typedef struct MOS6522State {
 uint8_t pcr;
 uint8_t ifr;
 uint8_t ier;
-uint8_t anh;
 
 MOS6522Timer timers[2];
 uint64_t frequency;
-- 
2.24.1

Re: [PATCH 03/13] hw/timer/allwinner: Remove unused definitions

[Niek Linnenbank]

On Thu, Dec 19, 2019 at 7:51 PM Philippe Mathieu-Daudé 
wrote:

> Keeping unused definition is rather confusing when reviewing.
> Remove them.
>
Perhaps make it more clear that the definitions are unused IRQ defines?


>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/timer/allwinner-a10-pit.h | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/include/hw/timer/allwinner-a10-pit.h
> b/include/hw/timer/allwinner-a10-pit.h
> index 54c40c7db6..e4a644add9 100644
> --- a/include/hw/timer/allwinner-a10-pit.h
> +++ b/include/hw/timer/allwinner-a10-pit.h
> @@ -10,8 +10,6 @@
>  #define AW_PIT_TIMER_MAX6
>
>  #define AW_A10_PIT_TIMER_NR6
> -#define AW_A10_PIT_TIMER_IRQ   0x1
> -#define AW_A10_PIT_WDOG_IRQ0x100
>
>  #define AW_A10_PIT_TIMER_IRQ_EN0
>  #define AW_A10_PIT_TIMER_IRQ_ST0x4
> --
> 2.21.0
>
> Reviewed-by: Niek Linnenbank 
Tested-by: Niek Linnenbank 


-- 
Niek Linnenbank

Re: [PATCH 2/2] iotests: Fix IMGOPTSSYNTAX for nbd

[Eric Blake]

On 12/18/19 4:48 AM, Max Reitz wrote:

There is no $SOCKDIR, only $SOCK_DIR.

Fixes: f3923a72f199b2c63747a7032db74730546f55c6
Signed-off-by: Max Reitz 
---
  tests/qemu-iotests/common.rc | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)


Whoops.  Thanks for the fix.

Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH 02/13] hw/timer/allwinner: Add AW_PIT_TIMER_MAX definition

[Niek Linnenbank]

On Thu, Dec 19, 2019 at 7:51 PM Philippe Mathieu-Daudé 
wrote:

> This controller is able to use up to 6 timers.
> Later we will reuse part of it to model other similar controllers
> but with less timers. To simplify the VMSTATE, we'll keep a max
> of 6 timers. Add a definition for that value.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/timer/allwinner-a10-pit.h | 14 --
>  hw/timer/allwinner-a10-pit.c |  8 
>  2 files changed, 12 insertions(+), 10 deletions(-)
>
> diff --git a/include/hw/timer/allwinner-a10-pit.h
> b/include/hw/timer/allwinner-a10-pit.h
> index 6aceda81ee..54c40c7db6 100644
> --- a/include/hw/timer/allwinner-a10-pit.h
> +++ b/include/hw/timer/allwinner-a10-pit.h
> @@ -7,6 +7,8 @@
>  #define TYPE_AW_A10_PIT "allwinner-A10-timer"
>  #define AW_A10_PIT(obj) OBJECT_CHECK(AwA10PITState, (obj),
> TYPE_AW_A10_PIT)
>
> +#define AW_PIT_TIMER_MAX6
> +
>  #define AW_A10_PIT_TIMER_NR6
>  #define AW_A10_PIT_TIMER_IRQ   0x1
>  #define AW_A10_PIT_WDOG_IRQ0x100
> @@ -47,17 +49,17 @@ struct AwA10PITState {
>  /*< private >*/
>  SysBusDevice parent_obj;
>  /*< public >*/
> -qemu_irq irq[AW_A10_PIT_TIMER_NR];
> -ptimer_state * timer[AW_A10_PIT_TIMER_NR];
> -AwA10TimerContext timer_context[AW_A10_PIT_TIMER_NR];
> +qemu_irq irq[AW_PIT_TIMER_MAX];
> +ptimer_state * timer[AW_PIT_TIMER_MAX];
> +AwA10TimerContext timer_context[AW_PIT_TIMER_MAX];
>  MemoryRegion iomem;
>  uint32_t clk_freq[4];
>
>  uint32_t irq_enable;
>  uint32_t irq_status;
> -uint32_t control[AW_A10_PIT_TIMER_NR];
> -uint32_t interval[AW_A10_PIT_TIMER_NR];
> -uint32_t count[AW_A10_PIT_TIMER_NR];
> +uint32_t control[AW_PIT_TIMER_MAX];
> +uint32_t interval[AW_PIT_TIMER_MAX];
> +uint32_t count[AW_PIT_TIMER_MAX];
>  uint32_t watch_dog_mode;
>  uint32_t watch_dog_control;
>  uint32_t count_lo;
> diff --git a/hw/timer/allwinner-a10-pit.c b/hw/timer/allwinner-a10-pit.c
> index 117e5c7bf8..b31a0bcd43 100644
> --- a/hw/timer/allwinner-a10-pit.c
> +++ b/hw/timer/allwinner-a10-pit.c
> @@ -203,15 +203,15 @@ static const VMStateDescription vmstate_a10_pit = {
>  .fields = (VMStateField[]) {
>  VMSTATE_UINT32(irq_enable, AwA10PITState),
>  VMSTATE_UINT32(irq_status, AwA10PITState),
> -VMSTATE_UINT32_ARRAY(control, AwA10PITState, AW_A10_PIT_TIMER_NR),
> -VMSTATE_UINT32_ARRAY(interval, AwA10PITState,
> AW_A10_PIT_TIMER_NR),
> -VMSTATE_UINT32_ARRAY(count, AwA10PITState, AW_A10_PIT_TIMER_NR),
> +VMSTATE_UINT32_ARRAY(control, AwA10PITState, AW_PIT_TIMER_MAX),
> +VMSTATE_UINT32_ARRAY(interval, AwA10PITState, AW_PIT_TIMER_MAX),
> +VMSTATE_UINT32_ARRAY(count, AwA10PITState, AW_PIT_TIMER_MAX),
>  VMSTATE_UINT32(watch_dog_mode, AwA10PITState),
>  VMSTATE_UINT32(watch_dog_control, AwA10PITState),
>  VMSTATE_UINT32(count_lo, AwA10PITState),
>  VMSTATE_UINT32(count_hi, AwA10PITState),
>  VMSTATE_UINT32(count_ctl, AwA10PITState),
> -VMSTATE_PTIMER_ARRAY(timer, AwA10PITState, AW_A10_PIT_TIMER_NR),
> +VMSTATE_PTIMER_ARRAY(timer, AwA10PITState, AW_PIT_TIMER_MAX),
>  VMSTATE_END_OF_LIST()
>  }
>  };
> --
> 2.21.0
>
> Looks good and works fine with -M orangepi-pc and -M cubieboard.

Reviewed-by: Niek Linnenbank 
Tested-by: Niek Linnenbank 


-- 
Niek Linnenbank

Re: [PATCH 00/18] block: Allow exporting BDSs via FUSE

[Eric Blake]

On 12/20/19 6:50 AM, Kevin Wolf wrote:

Am 20.12.2019 um 11:30 hat Max Reitz geschrieben:

I placed it into block/ because that just seemed like the least bad
place to me (apart from creating a new top-level directory like nbd has)
– and also because we already have quite some few non-driver files in
block/ (io.c, the jobs (where some got drivers only rather recently),
accounting.c, ...).


We could consider block/exports/ and eventually also move the NBD server
there.


We already had another thread considering the motion of qemu-nbd.c to 
tools/, and I don't mind moving top-level nbd/ into block/exports/ if 
that makes things easier to reason about.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH 01/13] hw/timer/allwinner: Use the AW_A10_PIT_TIMER_NR definition

[Niek Linnenbank]

On Thu, Dec 19, 2019 at 7:51 PM Philippe Mathieu-Daudé 
wrote:

> We have a definition for this magic value '6', use it.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/timer/allwinner-a10-pit.h | 2 +-
>  hw/timer/allwinner-a10-pit.c | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/hw/timer/allwinner-a10-pit.h
> b/include/hw/timer/allwinner-a10-pit.h
> index 871c95b512..6aceda81ee 100644
> --- a/include/hw/timer/allwinner-a10-pit.h
> +++ b/include/hw/timer/allwinner-a10-pit.h
> @@ -32,7 +32,7 @@
>
>  #define AW_A10_PIT_TIMER_BASE  0x10
>  #define AW_A10_PIT_TIMER_BASE_END  \
> -(AW_A10_PIT_TIMER_BASE * 6 + AW_A10_PIT_TIMER_COUNT)
> +(AW_A10_PIT_TIMER_BASE * AW_A10_PIT_TIMER_NR + AW_A10_PIT_TIMER_COUNT)
>
>  #define AW_A10_PIT_DEFAULT_CLOCK   0x4
>
> diff --git a/hw/timer/allwinner-a10-pit.c b/hw/timer/allwinner-a10-pit.c
> index aae880f5b3..117e5c7bf8 100644
> --- a/hw/timer/allwinner-a10-pit.c
> +++ b/hw/timer/allwinner-a10-pit.c
> @@ -225,7 +225,7 @@ static void a10_pit_reset(DeviceState *dev)
>  s->irq_status = 0;
>  a10_pit_update_irq(s);
>
> -for (i = 0; i < 6; i++) {
> +for (i = 0; i < AW_A10_PIT_TIMER_NR; i++) {
>  s->control[i] = AW_A10_PIT_DEFAULT_CLOCK;
>  s->interval[i] = 0;
>  s->count[i] = 0;
> --
> 2.21.0
>
> Change looks fine to me:
  Reviewed-by: Niek Linnenbank 

Works fine with -M orangepi-pc and -M cubieboard:
  Tested-by: Niek Linnenbank 



-- 
Niek Linnenbank

[PATCH v5 5/6] hppa: Add emulation of Artist graphics

[Sven Schnelle]

This adds emulation of Artist graphics good enough
to get a Text console on both Linux and HP-UX. The
X11 server from HP-UX also works.

Signed-off-by: Sven Schnelle 
---
 hw/display/Kconfig   |4 +
 hw/display/Makefile.objs |1 +
 hw/display/artist.c  | 1450 ++
 hw/display/trace-events  |9 +
 hw/hppa/Kconfig  |1 +
 hw/hppa/hppa_hardware.h  |1 +
 hw/hppa/machine.c|9 +
 7 files changed, 1475 insertions(+)
 create mode 100644 hw/display/artist.c

diff --git a/hw/display/Kconfig b/hw/display/Kconfig
index c500d1fc6d..15d59e10dc 100644
--- a/hw/display/Kconfig
+++ b/hw/display/Kconfig
@@ -91,6 +91,10 @@ config TCX
 config CG3
 bool
 
+config ARTIST
+bool
+select FRAMEBUFFER
+
 config VGA
 bool
 
diff --git a/hw/display/Makefile.objs b/hw/display/Makefile.objs
index f2182e3bef..5f03dfdcc4 100644
--- a/hw/display/Makefile.objs
+++ b/hw/display/Makefile.objs
@@ -40,6 +40,7 @@ common-obj-$(CONFIG_SM501) += sm501.o
 common-obj-$(CONFIG_TCX) += tcx.o
 common-obj-$(CONFIG_CG3) += cg3.o
 common-obj-$(CONFIG_NEXTCUBE) += next-fb.o
+common-obj-$(CONFIG_ARTIST) += artist.o
 
 obj-$(CONFIG_VGA) += vga.o
 
diff --git a/hw/display/artist.c b/hw/display/artist.c
new file mode 100644
index 00..0885b7b988
--- /dev/null
+++ b/hw/display/artist.c
@@ -0,0 +1,1450 @@
+/*
+ * QEMU HP Artist Emulation
+ *
+ * Copyright (c) 2019 Sven Schnelle 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/error-report.h"
+#include "qemu/typedefs.h"
+#include "qemu/log.h"
+#include "qemu/module.h"
+#include "qemu/units.h"
+#include "qapi/error.h"
+#include "hw/sysbus.h"
+#include "hw/loader.h"
+#include "hw/qdev-core.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+#include "ui/console.h"
+#include "trace.h"
+#include "hw/display/framebuffer.h"
+
+#define TYPE_ARTIST "artist"
+#define ARTIST(obj) OBJECT_CHECK(ARTISTState, (obj), TYPE_ARTIST)
+
+#ifdef HOST_WORDS_BIGENDIAN
+#define ROP8OFF(_i) (3 - (_i))
+#else
+#define ROP8OFF
+#endif
+
+struct vram_buffer {
+MemoryRegion mr;
+uint8_t *data;
+int size;
+int width;
+int height;
+};
+
+typedef struct ARTISTState {
+SysBusDevice parent_obj;
+
+QemuConsole *con;
+MemoryRegion vram_mem;
+MemoryRegion mem_as_root;
+MemoryRegion reg;
+MemoryRegionSection fbsection;
+
+void *vram_int_mr;
+AddressSpace as;
+
+struct vram_buffer vram_buffer[16];
+
+uint16_t width;
+uint16_t height;
+uint16_t depth;
+
+uint32_t fg_color;
+uint32_t bg_color;
+
+uint32_t vram_char_y;
+uint32_t vram_bitmask;
+
+uint32_t vram_start;
+uint32_t vram_pos;
+
+uint32_t vram_size;
+
+uint32_t blockmove_source;
+uint32_t blockmove_dest;
+uint32_t blockmove_size;
+
+uint32_t line_size;
+uint32_t line_end;
+uint32_t line_xy;
+uint32_t line_pattern_start;
+uint32_t line_pattern_skip;
+
+uint32_t cursor_pos;
+
+uint32_t cursor_height;
+uint32_t cursor_width;
+
+uint32_t plane_mask;
+
+uint32_t reg_100080;
+uint32_t reg_300200;
+uint32_t reg_300208;
+uint32_t reg_300218;
+
+uint32_t cmap_bm_access;
+uint32_t dst_bm_access;
+uint32_t src_bm_access;
+uint32_t control_plane;
+uint32_t transfer_data;
+uint32_t image_bitmap_op;
+
+uint32_t font_write1;
+uint32_t font_write2;
+uint32_t font_write_pos_y;
+
+int draw_line_pattern;
+} ARTISTState;
+
+typedef enum {
+ARTIST_BUFFER_AP = 1,
+ARTIST_BUFFER_OVERLAY = 2,
+ARTIST_BUFFER_CURSOR1 = 6,
+ARTIST_BUFFER_CURSOR2 = 7,
+ARTIST_BUFFER_ATTRIBUTE = 13,
+ARTIST_BUFFER_CMAP = 15,
+} artist_buffer_t;
+
+typedef enum {
+VRAM_IDX = 0x1004a0,
+VRAM_BITMASK = 0x1005a0,
+VRAM_WRITE_INCR_X = 0x100600,
+VRAM_WRITE_INCR_X2 = 0x100604,
+VRAM_WRITE_INCR_Y = 0x100620,
+VRAM_START = 0x100800,
+BLOCK_MOVE_SIZE = 0x100804,
+BLOCK_MOVE_SOURCE = 0x100808,
+TRANSFER_DATA = 0x100820,
+FONT_WRITE_INCR_Y = 0x1008a0,
+VRAM_START_TRIGGER = 0x100a00,
+VRAM_SIZE_TRIGGER = 0x100a04,
+FONT_WRITE_START = 0x100aa0,
+BLOCK_MOVE_DEST_TRIGGER = 0x100b00,
+BLOCK_MOVE_SIZE_TRIGGER = 0x100b04,
+LINE_XY = 0x100ccc,
+PATTERN_LINE_START = 0x100ecc,
+LINE_SIZE = 0x100e04,
+LINE_END = 0x100e44,
+CMAP_BM_ACCESS = 0x118000,
+DST_BM_ACCESS = 0x118004,
+SRC_BM_ACCESS = 0x118008,
+CONTROL_PLANE = 0x11800c,
+FG_COLOR = 0x118010,
+BG_COLOR = 0x118014,
+PLANE_MASK = 0x118018,
+IMAGE_BITMAP_OP = 0x11801c,
+CURSOR_POS = 0x300100,
+CURSOR_CTRL = 0x300104,
+} artist_reg_t;
+
+typedef enum {
+ARTIST_ROP_CLEAR = 0,
+ARTIST_ROP_COPY = 3,
+ARTIST_ROP_XOR = 6,
+ARTIST_ROP_NOT_DST = 10,
+ARTIST_ROP_SET = 15,
+} artist_rop_t;
+
+#define REG_NAME(_x) case _x: return " "#_x;

[PATCH v5 4/6] hppa: add emulation of LASI PS2 controllers

[Sven Schnelle]

Signed-off-by: Sven Schnelle 
---
 hw/hppa/Kconfig|   1 +
 hw/hppa/lasi.c |  10 +-
 hw/input/Kconfig   |   3 +
 hw/input/Makefile.objs |   1 +
 hw/input/lasips2.c | 289 +
 hw/input/ps2.c |   5 +
 hw/input/trace-events  |   5 +
 include/hw/input/lasips2.h |  16 ++
 include/hw/input/ps2.h |   1 +
 9 files changed, 330 insertions(+), 1 deletion(-)
 create mode 100644 hw/input/lasips2.c
 create mode 100644 include/hw/input/lasips2.h

diff --git a/hw/hppa/Kconfig b/hw/hppa/Kconfig
index 2a7b38d6d6..7f9be7f25c 100644
--- a/hw/hppa/Kconfig
+++ b/hw/hppa/Kconfig
@@ -11,3 +11,4 @@ config DINO
 select MC146818RTC
 select LSI_SCSI_PCI
 select LASI_82596
+select LASIPS2
diff --git a/hw/hppa/lasi.c b/hw/hppa/lasi.c
index 51752589f3..d8d03f95c0 100644
--- a/hw/hppa/lasi.c
+++ b/hw/hppa/lasi.c
@@ -22,6 +22,7 @@
 #include "hw/net/lasi_82596.h"
 #include "hw/char/parallel.h"
 #include "hw/char/serial.h"
+#include "hw/input/lasips2.h"
 #include "exec/address-spaces.h"
 #include "migration/vmstate.h"
 
@@ -324,6 +325,7 @@ DeviceState *lasi_init(MemoryRegion *address_space)
  lpt_irq, parallel_hds[0]);
 
 /* Real time clock (RTC), it's only one 32-bit counter @9000 */
+
 s->rtc = time(NULL);
 s->rtc_ref = 0;
 
@@ -333,8 +335,14 @@ DeviceState *lasi_init(MemoryRegion *address_space)
 lasi_get_irq(LASI_UART_HPA));
 serial_mm_init(address_space, LASI_UART_HPA + 0x800, 0,
 serial_irq, 800 / 16,
-serial_hd(1), DEVICE_NATIVE_ENDIAN);
+serial_hd(0), DEVICE_NATIVE_ENDIAN);
 }
+
+/* PS/2 Keyboard/Mouse */
+qemu_irq ps2kbd_irq = qemu_allocate_irq(lasi_set_irq, s,
+lasi_get_irq(LASI_PS2KBD_HPA));
+lasips2_init(address_space, LASI_PS2KBD_HPA,  ps2kbd_irq);
+
 return dev;
 }
 
diff --git a/hw/input/Kconfig b/hw/input/Kconfig
index 287f08887b..25c77a1b87 100644
--- a/hw/input/Kconfig
+++ b/hw/input/Kconfig
@@ -41,3 +41,6 @@ config VHOST_USER_INPUT
 
 config TSC210X
 bool
+
+config LASIPS2
+select PS2
diff --git a/hw/input/Makefile.objs b/hw/input/Makefile.objs
index a1bc502ed0..f98f635685 100644
--- a/hw/input/Makefile.objs
+++ b/hw/input/Makefile.objs
@@ -15,3 +15,4 @@ common-obj-$(CONFIG_VHOST_USER_INPUT) += vhost-user-input.o
 obj-$(CONFIG_MILKYMIST) += milkymist-softusb.o
 obj-$(CONFIG_PXA2XX) += pxa2xx_keypad.o
 obj-$(CONFIG_TSC210X) += tsc210x.o
+obj-$(CONFIG_LASIPS2) += lasips2.o
diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
new file mode 100644
index 00..1943671d1e
--- /dev/null
+++ b/hw/input/lasips2.c
@@ -0,0 +1,289 @@
+/*
+ * QEMU HP Lasi PS/2 interface emulation
+ *
+ * Copyright (c) 2019 Sven Schnelle
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "hw/qdev-properties.h"
+#include "hw/hw.h"
+#include "hw/input/ps2.h"
+#include "hw/input/lasips2.h"
+#include "hw/sysbus.h"
+#include "exec/hwaddr.h"
+#include "sysemu/sysemu.h"
+#include "trace.h"
+#include "exec/address-spaces.h"
+#include "migration/vmstate.h"
+#include "hw/irq.h"
+struct LASIPS2State;
+typedef struct LASIPS2Port {
+struct LASIPS2State *parent;
+MemoryRegion reg;
+void *dev;
+uint8_t id;
+uint8_t control;
+uint8_t buf;
+bool loopback_rbne;
+bool irq;
+} LASIPS2Port;
+
+typedef struct LASIPS2State {
+LASIPS2Port kbd;
+LASIPS2Port mouse;
+qemu_irq irq;
+} LASIPS2State;
+
+static const VMStateDescription vmstate_lasips2 = {
+.name = "lasips2",
+.version_id = 0,
+.minimum_version_id = 0,
+.fields = (VMStateField[]) {
+VMSTATE_UINT8(kbd.control, LASIPS2State),
+VMSTATE_UINT8(kbd.id, LASIPS2State),
+VMSTATE_BOOL(kbd.irq, LASIPS2State),
+VMSTATE_UINT8(mouse.control, LASIPS2State),
+VMSTATE_UINT8(mouse.id, 

[PATCH v5 2/6] hppa: Add support for LASI chip with i82596 NIC

[Sven Schnelle]

From: Helge Deller 

LASI is a built-in multi-I/O chip which supports serial, parallel,
network (Intel i82596 Apricot), sound and other functionalities.
LASI has been used in many HP PARISC machines.
This patch adds the necessary parts to allow Linux and HP-UX to detect
LASI and the network card.

Signed-off-by: Helge Deller 
Signed-off-by: Sven Schnelle 
---
 MAINTAINERS |   2 +
 hw/hppa/Kconfig |   1 +
 hw/hppa/Makefile.objs   |   2 +-
 hw/hppa/hppa_sys.h  |   2 +
 hw/hppa/lasi.c  | 360 ++
 hw/hppa/machine.c   |   8 +-
 hw/hppa/trace-events|   5 +
 hw/net/Kconfig  |   7 +
 hw/net/Makefile.objs|   2 +
 hw/net/i82596.c | 734 
 hw/net/i82596.h |  55 +++
 hw/net/lasi_i82596.c| 188 +
 hw/net/trace-events |  14 +
 include/hw/net/lasi_82596.h |  29 ++
 14 files changed, 1407 insertions(+), 2 deletions(-)
 create mode 100644 hw/hppa/lasi.c
 create mode 100644 hw/net/i82596.c
 create mode 100644 hw/net/i82596.h
 create mode 100644 hw/net/lasi_i82596.c
 create mode 100644 include/hw/net/lasi_82596.h

diff --git a/MAINTAINERS b/MAINTAINERS
index e333bc67a4..8fa6f34156 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -178,6 +178,8 @@ S: Maintained
 F: target/hppa/
 F: hw/hppa/
 F: disas/hppa.c
+F: hw/net/*i82596*
+F: include/hw/net/lasi_82596.h
 
 LM32 TCG CPUs
 M: Michael Walle 
diff --git a/hw/hppa/Kconfig b/hw/hppa/Kconfig
index 6e5d74a825..2a7b38d6d6 100644
--- a/hw/hppa/Kconfig
+++ b/hw/hppa/Kconfig
@@ -10,3 +10,4 @@ config DINO
 select IDE_CMD646
 select MC146818RTC
 select LSI_SCSI_PCI
+select LASI_82596
diff --git a/hw/hppa/Makefile.objs b/hw/hppa/Makefile.objs
index 67838f50a3..eac3467d8a 100644
--- a/hw/hppa/Makefile.objs
+++ b/hw/hppa/Makefile.objs
@@ -1 +1 @@
-obj-$(CONFIG_DINO) += pci.o machine.o dino.o
+obj-$(CONFIG_DINO) += pci.o machine.o dino.o lasi.o
diff --git a/hw/hppa/hppa_sys.h b/hw/hppa/hppa_sys.h
index 4e5019695e..4d08501464 100644
--- a/hw/hppa/hppa_sys.h
+++ b/hw/hppa/hppa_sys.h
@@ -12,6 +12,8 @@
 #include "hppa_hardware.h"
 
 PCIBus *dino_init(MemoryRegion *, qemu_irq *, qemu_irq *);
+DeviceState *lasi_init(MemoryRegion *);
+#define enable_lasi_lan()   0
 
 #define TYPE_DINO_PCI_HOST_BRIDGE "dino-pcihost"
 
diff --git a/hw/hppa/lasi.c b/hw/hppa/lasi.c
new file mode 100644
index 00..51752589f3
--- /dev/null
+++ b/hw/hppa/lasi.c
@@ -0,0 +1,360 @@
+/*
+ * HP-PARISC Lasi chipset emulation.
+ *
+ * (C) 2019 by Helge Deller 
+ *
+ * This work is licensed under the GNU GPL license version 2 or later.
+ *
+ * Documentation available at:
+ * https://parisc.wiki.kernel.org/images-parisc/7/79/Lasi_ers.pdf
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/units.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "trace.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/runstate.h"
+#include "hppa_sys.h"
+#include "hw/net/lasi_82596.h"
+#include "hw/char/parallel.h"
+#include "hw/char/serial.h"
+#include "exec/address-spaces.h"
+#include "migration/vmstate.h"
+
+#define TYPE_LASI_CHIP "lasi-chip"
+
+#define LASI_IRR0x00/* RO */
+#define LASI_IMR0x04
+#define LASI_IPR0x08
+#define LASI_ICR0x0c
+#define LASI_IAR0x10
+
+#define LASI_PCR0x0C000 /* LASI Power Control register */
+#define LASI_ERRLOG 0x0C004 /* LASI Error Logging register */
+#define LASI_VER0x0C008 /* LASI Version Control register */
+#define LASI_IORESET0x0C00C /* LASI I/O Reset register */
+#define LASI_AMR0x0C010 /* LASI Arbitration Mask register */
+#define LASI_IO_CONF0x7FFFE /* LASI primary configuration register */
+#define LASI_IO_CONF2   0x7 /* LASI secondary configuration register */
+
+#define LASI_BIT(x) (1ul << (x))
+#define LASI_IRQ_BITS   (LASI_BIT(5) | LASI_BIT(7) | LASI_BIT(8) | LASI_BIT(9) 
\
+| LASI_BIT(13) | LASI_BIT(14) | LASI_BIT(16) | LASI_BIT(17) \
+| LASI_BIT(18) | LASI_BIT(19) | LASI_BIT(20) | LASI_BIT(21) \
+| LASI_BIT(26))
+
+#define ICR_BUS_ERROR_BIT  LASI_BIT(8)  /* bit 8 in ICR */
+#define ICR_TOC_BITLASI_BIT(1)  /* bit 1 in ICR */
+
+#define LASI_CHIP(obj) \
+OBJECT_CHECK(LasiState, (obj), TYPE_LASI_CHIP)
+
+#define LASI_RTC_HPA(LASI_HPA + 0x9000)
+
+typedef struct LasiState {
+PCIHostState parent_obj;
+
+uint32_t irr;
+uint32_t imr;
+uint32_t ipr;
+uint32_t icr;
+uint32_t iar;
+
+uint32_t errlog;
+uint32_t amr;
+uint32_t rtc;
+time_t rtc_ref;
+
+MemoryRegion this_mem;
+} LasiState;
+
+static bool lasi_chip_mem_valid(void *opaque, hwaddr addr,
+unsigned size, bool is_write,
+MemTxAttrs attrs)
+{
+bool ret = false;
+
+switch (addr) {
+case LASI_IRR:
+case LASI_IMR:
+case LASI_IPR:
+case 

Re: [PATCH 02/18] fuse: Allow exporting BDSs via FUSE

[Eric Blake]

On 12/20/19 7:25 AM, Markus Armbruster wrote:



I suppose moving a field between a union base and all variants does
still result in different introspection even though the accepted inputs
are the same.


Correct.  A common member (whether it's local or from the base) is in
SchemaInfoObject.members[].  Moving it to all the variants moves it to
the variant types' .members[].


   Is this kind of movement still allowed unconditionally or
should we be more careful with something like this?


QMP's backward compatibility promise does not include "introspection
value won't change".  Still, such changes can conceivably confuse
clients.  Care is advisable.  But it's not a hard "no".


And libvirt already correctly handles movements like this (so there are 
existing clients aware of the potential confusion).


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

[PATCH v5 1/6] hw/hppa/dino.c: Improve emulation of Dino PCI chip

[Sven Schnelle]

From: Helge Deller 

The tests of the dino chip with the Online-diagnostics CD
("ODE DINOTEST") now succeeds.
Additionally add some qemu trace events.

Signed-off-by: Helge Deller 
Signed-off-by: Sven Schnelle 
Reviewed-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS  |  2 +-
 hw/hppa/dino.c   | 97 +---
 hw/hppa/trace-events |  5 +++
 3 files changed, 89 insertions(+), 15 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 387879aebc..e333bc67a4 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -876,7 +876,7 @@ F: hw/*/etraxfs_*.c
 
 HP-PARISC Machines
 --
-Dino
+HP B160L
 M: Richard Henderson 
 R: Helge Deller 
 S: Odd Fixes
diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index ab6969b45f..9797a7f0d9 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -1,7 +1,7 @@
 /*
- * HP-PARISC Dino PCI chipset emulation.
+ * HP-PARISC Dino PCI chipset emulation, as in B160L and similiar machines
  *
- * (C) 2017 by Helge Deller 
+ * (C) 2017-2019 by Helge Deller 
  *
  * This work is licensed under the GNU GPL license version 2 or later.
  *
@@ -21,6 +21,7 @@
 #include "migration/vmstate.h"
 #include "hppa_sys.h"
 #include "exec/address-spaces.h"
+#include "trace.h"
 
 
 #define TYPE_DINO_PCI_HOST_BRIDGE "dino-pcihost"
@@ -82,11 +83,28 @@
 #define DINO_PCI_HOST_BRIDGE(obj) \
 OBJECT_CHECK(DinoState, (obj), TYPE_DINO_PCI_HOST_BRIDGE)
 
+#define DINO800_REGS ((DINO_TLTIM - DINO_GMASK) / 4)
+static const uint32_t reg800_keep_bits[DINO800_REGS] = {
+MAKE_64BIT_MASK(0, 1),
+MAKE_64BIT_MASK(0, 7),
+MAKE_64BIT_MASK(0, 7),
+MAKE_64BIT_MASK(0, 8),
+MAKE_64BIT_MASK(0, 7),
+MAKE_64BIT_MASK(0, 9),
+MAKE_64BIT_MASK(0, 32),
+MAKE_64BIT_MASK(0, 8),
+MAKE_64BIT_MASK(0, 30),
+MAKE_64BIT_MASK(0, 25),
+MAKE_64BIT_MASK(0, 22),
+MAKE_64BIT_MASK(0, 9),
+};
+
 typedef struct DinoState {
 PCIHostState parent_obj;
 
 /* PCI_CONFIG_ADDR is parent_obj.config_reg, via pci_host_conf_be_ops,
so that we can map PCI_CONFIG_DATA to pci_host_data_be_ops.  */
+uint32_t config_reg_dino; /* keep original copy, including 2 lowest bits */
 
 uint32_t iar0;
 uint32_t iar1;
@@ -94,8 +112,12 @@ typedef struct DinoState {
 uint32_t ipr;
 uint32_t icr;
 uint32_t ilr;
+uint32_t io_fbb_en;
 uint32_t io_addr_en;
 uint32_t io_control;
+uint32_t toc_addr;
+
+uint32_t reg800[DINO800_REGS];
 
 MemoryRegion this_mem;
 MemoryRegion pci_mem;
@@ -106,8 +128,6 @@ typedef struct DinoState {
 MemoryRegion bm_ram_alias;
 MemoryRegion bm_pci_alias;
 MemoryRegion bm_cpu_alias;
-
-MemoryRegion cpu0_eir_mem;
 } DinoState;
 
 /*
@@ -122,6 +142,8 @@ static void gsc_to_pci_forwarding(DinoState *s)
 tmp = extract32(s->io_control, 7, 2);
 enabled = (tmp == 0x01);
 io_addr_en = s->io_addr_en;
+/* Mask out first (=firmware) and last (=Dino) areas. */
+io_addr_en &= ~(BIT(31) | BIT(0));
 
 memory_region_transaction_begin();
 for (i = 1; i < 31; i++) {
@@ -142,6 +164,8 @@ static bool dino_chip_mem_valid(void *opaque, hwaddr addr,
 unsigned size, bool is_write,
 MemTxAttrs attrs)
 {
+bool ret = false;
+
 switch (addr) {
 case DINO_IAR0:
 case DINO_IAR1:
@@ -152,16 +176,22 @@ static bool dino_chip_mem_valid(void *opaque, hwaddr addr,
 case DINO_ICR:
 case DINO_ILR:
 case DINO_IO_CONTROL:
+case DINO_IO_FBB_EN:
 case DINO_IO_ADDR_EN:
 case DINO_PCI_IO_DATA:
-return true;
+case DINO_TOC_ADDR:
+case DINO_GMASK ... DINO_TLTIM:
+ret = true;
+break;
 case DINO_PCI_IO_DATA + 2:
-return size <= 2;
+ret = (size <= 2);
+break;
 case DINO_PCI_IO_DATA + 1:
 case DINO_PCI_IO_DATA + 3:
-return size == 1;
+ret = (size == 1);
 }
-return false;
+trace_dino_chip_mem_valid(addr, ret);
+return ret;
 }
 
 static MemTxResult dino_chip_read_with_attrs(void *opaque, hwaddr addr,
@@ -194,6 +224,9 @@ static MemTxResult dino_chip_read_with_attrs(void *opaque, 
hwaddr addr,
 }
 break;
 
+case DINO_IO_FBB_EN:
+val = s->io_fbb_en;
+break;
 case DINO_IO_ADDR_EN:
 val = s->io_addr_en;
 break;
@@ -227,12 +260,28 @@ static MemTxResult dino_chip_read_with_attrs(void 
*opaque, hwaddr addr,
 case DINO_IRR1:
 val = s->ilr & s->imr & s->icr;
 break;
+case DINO_TOC_ADDR:
+val = s->toc_addr;
+break;
+case DINO_GMASK ... DINO_TLTIM:
+val = s->reg800[(addr - DINO_GMASK) / 4];
+if (addr == DINO_PAMR) {
+val &= ~0x01;  /* LSB is hardwired to 0 */
+}
+if (addr == DINO_MLTIM) {
+val &= ~0x07;  /* 3 LSB are hardwired to 0 */
+}
+if (addr == 

[PATCH v5 0/6] HPPA: i82596, PS/2 and graphics emulation

[Sven Schnelle]

Hi,

these series adds quite a lot to the HPPA emulation in QEMU:
i82596 emulation from Helge, PS/2 and Artist graphics emulation.

See https://parisc.wiki.kernel.org/index.php/Qemu for a few screenshots
of QEMU running a X11/CDE session in HP-UX.

Changes in v5:
 - fix a buffer overrun in vram_bit_write()
 - improve STI line wraparound

Changes in v4:
 - introduce Artist-internal address space
 - rewrite screen update functions to use the generic framebuffer routines
 - use dirty bitmap code to not always redraw the whole screen

Changes in v3:
 - use BIT() macro in gsc_to_pci_forwarding()
 - fix version id in vm state
 - fix an error in the PS/2 KBD_CMD_SET_MAKE_BREAK implementation

Changes in v2:
 - dropped 'hppa: remove ISA region' as that patch requires some more work
 - added shortlog to seabios update
 - use const and MAKE_64BIT_MASK in dino.c

Regards,
Sven

Helge Deller (2):
  hw/hppa/dino.c: Improve emulation of Dino PCI chip
  hppa: Add support for LASI chip with i82596 NIC

Sven Schnelle (4):
  ps2: accept 'Set Key Make and Break' commands
  hppa: add emulation of LASI PS2 controllers
  hppa: Add emulation of Artist graphics
  seabios-hppa: update to latest version

 MAINTAINERS |4 +-
 hw/display/Kconfig  |4 +
 hw/display/Makefile.objs|1 +
 hw/display/artist.c | 1450 +++
 hw/display/trace-events |9 +
 hw/hppa/Kconfig |3 +
 hw/hppa/Makefile.objs   |2 +-
 hw/hppa/dino.c  |   97 ++-
 hw/hppa/hppa_hardware.h |1 +
 hw/hppa/hppa_sys.h  |2 +
 hw/hppa/lasi.c  |  368 +
 hw/hppa/machine.c   |   17 +-
 hw/hppa/trace-events|   10 +
 hw/input/Kconfig|3 +
 hw/input/Makefile.objs  |1 +
 hw/input/lasips2.c  |  289 +++
 hw/input/ps2.c  |   15 +
 hw/input/trace-events   |5 +
 hw/net/Kconfig  |7 +
 hw/net/Makefile.objs|2 +
 hw/net/i82596.c |  734 ++
 hw/net/i82596.h |   55 ++
 hw/net/lasi_i82596.c|  188 +
 hw/net/trace-events |   14 +
 include/hw/input/lasips2.h  |   16 +
 include/hw/input/ps2.h  |1 +
 include/hw/net/lasi_82596.h |   29 +
 pc-bios/hppa-firmware.img   |  Bin 783724 -> 766136 bytes
 roms/seabios-hppa   |2 +-
 29 files changed, 3311 insertions(+), 18 deletions(-)
 create mode 100644 hw/display/artist.c
 create mode 100644 hw/hppa/lasi.c
 create mode 100644 hw/input/lasips2.c
 create mode 100644 hw/net/i82596.c
 create mode 100644 hw/net/i82596.h
 create mode 100644 hw/net/lasi_i82596.c
 create mode 100644 include/hw/input/lasips2.h
 create mode 100644 include/hw/net/lasi_82596.h

-- 
2.24.0

Re: [PATCH 02/18] fuse: Allow exporting BDSs via FUSE

[Eric Blake]

On 12/19/19 8:38 AM, Max Reitz wrote:

fuse-export-add allows mounting block graph nodes via FUSE on some
existing regular file.  That file should then appears like a raw disk
image, and accesses to it result in accesses to the exported BDS.

Right now, we only set up the mount point and tear all mount points down
in bdrv_close_all().  We do not implement any access functions, so
accessing the mount point only results in errors.  This will be
addressed by a followup patch.

The set of exported nodes is kept in a hash table so we can later add a
fuse-export-remove that allows unmounting.


Before I review this, a quick question:

How does this compare to the recently added nbdfuse?
https://www.redhat.com/archives/libguestfs/2019-October/msg00080.html

Or put another way, maybe we get the same effect by combining qemu-nbd 
with nbdfuse, but this new utility would cut out a middleman for more 
efficiency, right?




+++ b/block/fuse.c
@@ -0,0 +1,260 @@
+/*
+ * Present a block device as a raw image through FUSE
+ *
+ * Copyright (c) 2019 Max Reitz 



--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

[PATCH v5 3/6] ps2: accept 'Set Key Make and Break' commands

[Sven Schnelle]

HP-UX sends both the 'Set key make and break (0xfc) and
'Set all key typematic make and break' (0xfa). QEMU response
with 'Resend' as it doesn't handle these commands. HP-UX than
reports an PS/2 max retransmission exceeded error. Add these
commands and just reply with ACK.

Signed-off-by: Sven Schnelle 
---
 hw/input/ps2.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 67f92f6112..0b671b6339 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -49,6 +49,8 @@
 #define KBD_CMD_RESET_DISABLE  0xF5/* reset and disable scanning */
 #define KBD_CMD_RESET_ENABLE   0xF6/* reset and enable scanning */
 #define KBD_CMD_RESET  0xFF/* Reset */
+#define KBD_CMD_SET_MAKE_BREAK  0xFC/* Set Make and Break mode */
+#define KBD_CMD_SET_TYPEMATIC   0xFA/* Set Typematic Make and Break mode */
 
 /* Keyboard Replies */
 #define KBD_REPLY_POR  0xAA/* Power on reset */
@@ -573,6 +575,7 @@ void ps2_write_keyboard(void *opaque, int val)
 case KBD_CMD_SCANCODE:
 case KBD_CMD_SET_LEDS:
 case KBD_CMD_SET_RATE:
+case KBD_CMD_SET_MAKE_BREAK:
 s->common.write_cmd = val;
 ps2_queue(>common, KBD_REPLY_ACK);
 break;
@@ -592,11 +595,18 @@ void ps2_write_keyboard(void *opaque, int val)
 KBD_REPLY_ACK,
 KBD_REPLY_POR);
 break;
+case KBD_CMD_SET_TYPEMATIC:
+ps2_queue(>common, KBD_REPLY_ACK);
+break;
 default:
 ps2_queue(>common, KBD_REPLY_RESEND);
 break;
 }
 break;
+case KBD_CMD_SET_MAKE_BREAK:
+ps2_queue(>common, KBD_REPLY_ACK);
+s->common.write_cmd = -1;
+break;
 case KBD_CMD_SCANCODE:
 if (val == 0) {
 if (s->common.queue.count <= PS2_QUEUE_SIZE - 2) {
-- 
2.24.0

Re: [RFC PATCH 11/13] hw/timer/allwinner: Introduce TYPE_AW_COMMON_PIT abstract device

[Niek Linnenbank]

Hi Philippe,

On Thu, Dec 19, 2019 at 7:51 PM Philippe Mathieu-Daudé 
wrote:

> Extract the common code from the TYPE_AW_A10_PIT device into a new
> abstract device: TYPE_AW_COMMON_PIT, then use it as parent, so we
> inherit the same functionalities.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> At this point, the only fields we can modify are the timer_count
> and the region_size. Not enough to implement the H3 timer, since
> we need to move the WDOG register. Still some progress, so Niek
> can continue ;)
> ---
>  include/hw/timer/allwinner-a10-pit.h |  1 +
>  hw/timer/allwinner-a10-pit.c | 50 +++-
>  2 files changed, 43 insertions(+), 8 deletions(-)
>
> diff --git a/include/hw/timer/allwinner-a10-pit.h
> b/include/hw/timer/allwinner-a10-pit.h
> index 9e28c6697a..8453a62706 100644
> --- a/include/hw/timer/allwinner-a10-pit.h
> +++ b/include/hw/timer/allwinner-a10-pit.h
> @@ -4,6 +4,7 @@
>  #include "hw/ptimer.h"
>  #include "hw/sysbus.h"
>
> +#define TYPE_AW_COMMON_PIT "allwinner-timer-controller"
>  #define TYPE_AW_A10_PIT "allwinner-A10-timer"
>

So for the Allwinner H3, that means we'll need another TYPE_AW_H3_PIT
definition?


>
>  #define AW_PIT_TIMER_MAX6
> diff --git a/hw/timer/allwinner-a10-pit.c b/hw/timer/allwinner-a10-pit.c
> index f2ac271e80..ad409b96a1 100644
> --- a/hw/timer/allwinner-a10-pit.c
> +++ b/hw/timer/allwinner-a10-pit.c
>

Perhaps we can rename the hw/timer/allwinner-a10-pit.c to a generic name,
for example hw/timer/allwinner-pit.c ?


> @@ -54,6 +54,20 @@
>  #define AW_A10_PIT(obj) \
>  OBJECT_CHECK(AllwinnerTmrCtrlState, (obj), TYPE_AW_A10_PIT)
>
> +typedef struct AllwinnerTmrCtrlClass {
> +/*< private >*/
> +SysBusDeviceClass parent_class;
> +/*< public >*/
> +
> +size_t timer_count;
> +size_t region_size;
> +} AllwinnerTmrCtrlClass;
> +
> +#define AW_TIMER_CLASS(klass) \
> + OBJECT_CLASS_CHECK(AllwinnerTmrCtrlClass, (klass),
> TYPE_AW_COMMON_PIT)
> +#define AW_TIMER_GET_CLASS(obj) \
> + OBJECT_GET_CLASS(AllwinnerTmrCtrlClass, (obj), TYPE_AW_COMMON_PIT)
> +
>  static void a10_pit_update_irq(AllwinnerTmrCtrlState *s)
>  {
>  int i;
> @@ -303,19 +317,20 @@ static void a10_pit_timer_cb(void *opaque)
>  }
>  }
>
> -static void a10_pit_init(Object *obj)
> +static void aw_pit_instance_init(Object *obj)
>  {
>  AllwinnerTmrCtrlState *s = AW_A10_PIT(obj);
> +AllwinnerTmrCtrlClass *c = AW_TIMER_GET_CLASS(s);
>  SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
>  uint8_t i;
>
> -s->timer_count = AW_A10_PIT_TIMER_NR;
> +s->timer_count = c->timer_count;
>
>  for (i = 0; i < s->timer_count; i++) {
>  sysbus_init_irq(sbd, >timer[i].irq);
>  }
>  memory_region_init_io(>iomem, OBJECT(s), _pit_ops, s,
>

I am curious how to support the different WDOG0 registers for the Allwinner
H3 while keeping
the A10 functionality also working :-) Will you give the TYPE_AW_H3_PIT
its own MemoryRegionOps with read/write?


> -  TYPE_AW_A10_PIT, 0x400);
> +  TYPE_AW_A10_PIT, c->region_size);
>  sysbus_init_mmio(sbd, >iomem);
>
>  for (i = 0; i < s->timer_count; i++) {
> @@ -328,26 +343,45 @@ static void a10_pit_init(Object *obj)
>  }
>  }
>
> -static void a10_pit_class_init(ObjectClass *klass, void *data)
> +static void aw_timer_class_init(ObjectClass *klass, void *data)
>  {
>  DeviceClass *dc = DEVICE_CLASS(klass);
>
>  dc->reset = a10_pit_reset;
>  dc->props = a10_pit_properties;
> -dc->desc = "allwinner a10 timer";
> +dc->desc = "Allwinner Timer Controller";
>  dc->vmsd = _a10_pit;
>  }
>
> +static const TypeInfo allwinner_pit_info = {
> +.name = TYPE_AW_COMMON_PIT,
> +.parent = TYPE_SYS_BUS_DEVICE,
> +.instance_init = aw_pit_instance_init,
> +.instance_size = sizeof(AllwinnerTmrCtrlState),
> +.class_init = aw_timer_class_init,
> +.class_size = sizeof(AllwinnerTmrCtrlClass),
> +.abstract   = true,
> +};
> +
> +static void a10_pit_class_init(ObjectClass *klass, void *data)
> +{
> +DeviceClass *dc = DEVICE_CLASS(klass);
> +AllwinnerTmrCtrlClass *atc = AW_TIMER_CLASS(klass);
> +
> +dc->desc = "Allwinner A10 Timer Controller";
> +atc->timer_count = AW_A10_PIT_TIMER_NR;
> +atc->region_size = 0x400;
> +}
> +
>  static const TypeInfo a10_pit_info = {
>  .name = TYPE_AW_A10_PIT,
> -.parent = TYPE_SYS_BUS_DEVICE,
> -.instance_size = sizeof(AllwinnerTmrCtrlState),
> -.instance_init = a10_pit_init,
> +.parent = TYPE_AW_COMMON_PIT,
>  .class_init = a10_pit_class_init,
>  };
>
>  static void a10_register_types(void)
>  {
> +type_register_static(_pit_info);
>  type_register_static(_pit_info);
>  }
>
> --
> 2.21.0
>
>

-- 
Niek Linnenbank

Re: Making QEMU easier for management tools and applications

[Richard W.M. Jones]

On Fri, Dec 20, 2019 at 04:13:59PM +, Stefan Hajnoczi wrote:
> Hi,
> QEMU presents a command-line interface and QMP monitor for
> applications to interact with.  Applications actually need API
> bindings in their programming language.  Bindings avoid reimplementing
> code to spawn a QEMU process and interact with QMP.  QEMU is kind of
> lazy and de facto relies on libvirt for API bindings.

Just wanted to add that for a concrete example you might want to look
at how libguestfs launches qemu, either directly:

  https://github.com/libguestfs/libguestfs/blob/master/lib/launch-direct.c

or via libvirt:

  https://github.com/libguestfs/libguestfs/blob/master/lib/launch-libvirt.c

Obviously I support anything that makes that easier, especially
the direct case.

Some points that you didn't cover:

- Any APIs we use need to be callable from a C library.  This has a
  few weird and wonderful beartraps to be aware of, such as being
  unable to predict the state of signal masks, not knowing what file
  descriptors will be open, and being religious about cleaning up any
  resources or subprocesses that you allocate / fork.

- To be usable, the new APIs need to cover everything that libguestfs
  needs, otherwise we literally cannot switch over to them.  (I guess
  the same applies to libvirt to an even greater extent.)

> 6. A configuration file format is sorely needed so that guest
> configuration can be persisted and easily launched. 

Actually qemu already has that, but it's really half-assed, barely
documented, and doesn't cover major features that qemu provides :-)

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW

Re: [PATCH] block/rbd: Add support for ceph namespaces

[Eric Blake]

On 12/20/19 11:17 AM, Florian Florensa wrote:


The patch LGTM, but I'd like to use 'namespace' instead of cryptic
'nspace'. (as BlockdevOptionsNVMe did)
What do you think?


Yes no worries, I can rename it to 'rbd_namespace' to avoid any possible
confusion, is this Ok for you ?


We use "pool_namespace" in the rbd CLI if you are trying to avoid the
word "namespace".


Yes I wanted to avoid namespace because it looks like the qapi generated
code changes the name to something like q_namespace, will use
pool_namespace in the v2.


The whole point of the mangling of 'q_namespace' in the C code is so 
that you can have a SANE name in the qapi, without tripping up 
compilation in a C++ compiler where 'namespace' is a reserved word 
(since we do have parts of qemu compiled by c++).  I'd go with just 
'namespace', rather than 'pool-namespace' (note that if you DO go with a 
longer name, we prefer - over _ in qapi names).



With those fixed:

Reviewed-by: Stefano Garzarella 


But see my other comment upthread about making the new parameter 
optional, to avoid breaks with older qapi clients.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH] block/rbd: Add support for ceph namespaces

[Eric Blake]

On 12/19/19 7:34 AM, Florian Florensa wrote:

Starting from ceph Nautilus, RBD has support for namespaces, allowing
for finer grain ACLs on images inside a pool, and tenant isolation.

In the rbd cli tool documentation, the new image-spec and snap-spec are :
  - [pool-name/[namespace-name/]]image-name
  - [pool-name/[namespace-name/]]image-name@snap-name

When using an non namespace's enabled qemu, it complains about not
finding the image called namespace-name/image-name, thus we only need to
parse the image once again to find if there is a '/' in its name, and if
there is, use what is before it as the name of the namespace to later
pass it to rados_ioctx_set_namespace.
rados_ioctx_set_namespace if called with en empty string or a null
pointer as the namespace parameters pretty much does nothing, as it then
defaults to the default namespace.

The namespace is extracted inside qemu_rbd_parse_filename, stored in the
qdict, and used in qemu_rbd_connect to make it work with both qemu-img,
and qemu itself.

Signed-off-by: Florian Florensa 
---



+++ b/qapi/block-core.json
@@ -3657,6 +3657,8 @@
  #
  # @pool:   Ceph pool name.
  #
+# @nspace: Rados namespace name in the Ceph pool.
+#


Needs a '(since 5.0)' tag.


  # @image:  Image name in the Ceph pool.
  #
  # @conf:   path to Ceph configuration file.  Values
@@ -3683,6 +3685,7 @@
  ##
  { 'struct': 'BlockdevOptionsRbd',
'data': { 'pool': 'str',
+'nspace': 'str',


This makes a new argument mandatory, which breaks expectations of older 
clients that failed to provide it. You probably want to make it 
'*nspace', and have a sane default when the argument is not present.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [RFC PATCH 00/13] hw/timer/allwinner: Make it reusable

[Niek Linnenbank]

Hi Philippe,

On Thu, Dec 19, 2019 at 7:51 PM Philippe Mathieu-Daudé 
wrote:

> Hi,
>
> Niek added the H3 SoC in [1] and noticed in [2] the timer
> controller is very similar (less timers, watchdog register
> placed at different address).
>
> On 12/18/19 9:14 PM, Niek Linnenbank wrote:
> > Actually, I copied the timer support code from the existing cubieboard.c
> > that has
> > the Allwinner A10, so potentially the same problem is there.
> >
> > While looking more closer at this part, I now also discovered that the
> > timer module from the Allwinner H3 is
> > mostly a stripped down version of the timer module in the Allwinner A10:
> >
> >Allwinner A10, 10.2 Timer Register List, page 85:
> > https://linux-sunxi.org/images/1/1e/Allwinner_A10_User_manual_V1.5.pdf
> >
> > The A10 version has six timers, where the H3 has only two. That should
> > be fine I would say, the guest would simply
> > use those available on H3 and ignore the rest. There is however one
> > conflicting difference: the WDOG0 registers in the Allwinner H3 start
> > at a different offset and are also different. The current A10 timer does
> > not currently implement the watchdog part.
> [...]
> > So in my opinion its a bit of a trade off here: we can keep it like this
> > and re-use the A10 timer for now, and perhaps
> > attempt to generalize that module for proper use in both SoCs. Or we can
> > introduce a new H3 specific timer module.
> > What do you think?
>
> As an answer to his question, this series is to help him to
> reuse the A10 timer controller instead of adding a new model
> to the codebase.
>

Great!! This certainly answers my question indeed!

I've applied this patch on top of the allwinner H3 v2 series to test it,
and after
changing the type from AwA10PITState to the new AllwinnerTmrCtrlState,
the code compiled and ran linux/u-boot without any problems:

diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
index 357bdfa711..fa0219fa1b 100644
--- a/include/hw/arm/allwinner-h3.h
+++ b/include/hw/arm/allwinner-h3.h
@@ -76,7 +76,7 @@ typedef struct AwH3State {

 ARMCPU cpus[AW_H3_NUM_CPUS];
 const hwaddr *memmap;
-AwA10PITState timer;
+AllwinnerTmrCtrlState timer;
 AwH3ClockState ccu;
 AwH3CpuCfgState cpucfg;
 AwH3SysconState syscon;

Also, I tested with the A10 cubieboard machine, and it also still works
fine:

./arm-softmmu/qemu-system-arm -M cubieboard -kernel zImage -nographic
-append 'console=ttyS0,115200 earlyprintk usbcore.nousb root=/dev/sda ro
init=/sbin/init' -dtb sun4i-a10-cubieboard.dtb -m 512 -drive
file=rootfs.ext2,if=none,id=drive-sata0-0-0,format=raw -device
ide-hd,bus=ide.0,drive=drive-sata0-0-0,id=sata0-0-0 -nic user
[0.00] Booting Linux on physical CPU 0x0
[0.00] Linux version 5.2.11 (me@host) (gcc version 5.4.0 20160609
(Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.9)) #1 SMP Fri Sep 13 22:48:39 CEST 2019
[0.00] CPU: ARMv7 Processor [410fc080] revision 0 (ARMv7),
cr=10c5387d
[0.00] CPU: PIPT / VIPT nonaliasing data cache, VIPT nonaliasing
instruction cache
[0.00] OF: fdt: Machine model: Cubietech Cubieboard
...

So for me this works with both the H3 and A10:
  Tested-by: Niek Linnenbank 

Regards,
Niek

>
> [1] https://www.mail-archive.com/qemu-devel@nongnu.org/msg665532.html
> [2] https://www.mail-archive.com/qemu-devel@nongnu.org/msg666304.html
>
> Philippe Mathieu-Daudé (13):
>   hw/timer/allwinner: Use the AW_A10_PIT_TIMER_NR definition
>   hw/timer/allwinner: Add AW_PIT_TIMER_MAX definition
>   hw/timer/allwinner: Remove unused definitions
>   hw/timer/allwinner: Move definitions from header to source
>   hw/timer/allwinner: Rename the ptimer field
>   hw/timer/allwinner: Rename 'timer_context' as 'timer'
>   hw/timer/allwinner: Move timer specific fields into AwA10TimerContext
>   hw/timer/allwinner: Add a timer_count field
>   hw/timer/allwinner: Rename AwA10TimerContext as AllwinnerTmrState
>   hw/timer/allwinner: Rename AwA10PITState as AllwinnerTmrCtrlState
>   hw/timer/allwinner: Introduce TYPE_AW_COMMON_PIT abstract device
>   hw/timer/allwinner: Rename AW_A10_PIT() as AW_TIMER_CTRL()
>   hw/timer/allwinner: Rename functions not specific to the A10 SoC
>
>  include/hw/arm/allwinner-a10.h   |   2 +-
>  include/hw/timer/allwinner-a10-pit.h |  54 ++
>  hw/timer/allwinner-a10-pit.c | 271 +--
>  3 files changed, 192 insertions(+), 135 deletions(-)
>
> --
> 2.21.0
>
>

-- 
Niek Linnenbank

[RFC PATCH 0/1] target/arm: kvm: Support for KVM DABT without valid ISS

[Beata Michalska]

Some of the ARMv7 & ARMv8 load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate the instruction which is one of the
(many) reasons why KVM will not even try to do so.

So far, if a guest made an attempt to access memory outside the memory slot,
KVM reported vague ENOSYS. As a result QEMU exited with no useful information
being provided or even a clue on what has just happened.

Recently ARM KVM introduced support for notifying guest of an attempt to
execute an instruction that resulted in dabt with no valid ISS decoding info.
This still leaves QEMU to handle the case, but at least now, it can enable
further debugging of the encountered issue by being more verbose
in a (hopefully) useful way.



Beata Michalska (1):
  target/arm: kvm: Handle DABT with no valid ISS

 accel/kvm/kvm-all.c| 15 +++
 accel/stubs/kvm-stub.c |  4 ++
 include/sysemu/kvm.h   |  1 +
 target/arm/cpu.h   |  3 +-
 target/arm/kvm.c   | 95 ++
 target/arm/kvm32.c |  3 ++
 target/arm/kvm64.c |  3 ++
 target/arm/kvm_arm.h   | 19 +
 8 files changed, 142 insertions(+), 1 deletion(-)

-- 
2.17.1

[RFC PATCH 1/1] target/arm: kvm: Handle DABT with no valid ISS

[Beata Michalska]

On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate those instruction which is one of the
(many) reasons why KVM will not even try to do so.

Add suport for handling those by requesting KVM to inject external
dabt into the quest.

Signed-off-by: Beata Michalska 
---
 accel/kvm/kvm-all.c| 15 +++
 accel/stubs/kvm-stub.c |  4 ++
 include/sysemu/kvm.h   |  1 +
 target/arm/cpu.h   |  3 +-
 target/arm/kvm.c   | 95 ++
 target/arm/kvm32.c |  3 ++
 target/arm/kvm64.c |  3 ++
 target/arm/kvm_arm.h   | 19 +
 8 files changed, 142 insertions(+), 1 deletion(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index ca00daa2f5..a3ee038142 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2174,6 +2174,14 @@ static void do_kvm_cpu_synchronize_state(CPUState *cpu, 
run_on_cpu_data arg)
 }
 }
 
+static void do_kvm_cpu_synchronize_state_force(CPUState *cpu,
+   run_on_cpu_data arg)
+{
+kvm_arch_get_registers(cpu);
+cpu->vcpu_dirty = true;
+}
+
+
 void kvm_cpu_synchronize_state(CPUState *cpu)
 {
 if (!cpu->vcpu_dirty) {
@@ -2181,6 +2189,13 @@ void kvm_cpu_synchronize_state(CPUState *cpu)
 }
 }
 
+void kvm_cpu_synchronize_state_force(CPUState *cpu)
+{
+/* Force the sync */
+run_on_cpu(cpu, do_kvm_cpu_synchronize_state_force, RUN_ON_CPU_NULL);
+}
+
+
 static void do_kvm_cpu_synchronize_post_reset(CPUState *cpu, run_on_cpu_data 
arg)
 {
 kvm_arch_put_registers(cpu, KVM_PUT_RESET_STATE);
diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c
index 82f118d2df..e917d1d55e 100644
--- a/accel/stubs/kvm-stub.c
+++ b/accel/stubs/kvm-stub.c
@@ -58,6 +58,10 @@ void kvm_cpu_synchronize_post_init(CPUState *cpu)
 {
 }
 
+void kvm_cpu_synchronize_state_force(CPUState *cpu)
+{
+}
+
 int kvm_cpu_exec(CPUState *cpu)
 {
 abort();
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 9fe233b9bf..0cacc61d8a 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -483,6 +483,7 @@ void kvm_cpu_synchronize_state(CPUState *cpu);
 void kvm_cpu_synchronize_post_reset(CPUState *cpu);
 void kvm_cpu_synchronize_post_init(CPUState *cpu);
 void kvm_cpu_synchronize_pre_loadvm(CPUState *cpu);
+void kvm_cpu_synchronize_state_force(CPUState *cpu);
 
 void kvm_init_cpu_signals(CPUState *cpu);
 
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 5f70e9e043..e11b5e7438 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -558,7 +558,8 @@ typedef struct CPUARMState {
 uint8_t has_esr;
 uint64_t esr;
 } serror;
-
+/* Status field for pending extarnal dabt */
+uint8_t ext_dabt_pending;
 /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
 uint32_t irq_line_state;
 
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 5b82cefef6..10fe739c2d 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -37,6 +37,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 
 static bool cap_has_mp_state;
 static bool cap_has_inject_serror_esr;
+static bool cap_has_inject_ext_dabt; /* KVM_CAP_ARM_INJECT_EXT_DABT */
 
 static ARMHostCPUFeatures arm_host_cpu_features;
 
@@ -62,6 +63,12 @@ void kvm_arm_init_serror_injection(CPUState *cs)
 KVM_CAP_ARM_INJECT_SERROR_ESR);
 }
 
+void kvm_arm_init_ext_dabt_injection(CPUState *cs)
+{
+cap_has_inject_ext_dabt = kvm_check_extension(cs->kvm_state,
+KVM_CAP_ARM_INJECT_EXT_DABT);
+}
+
 bool kvm_arm_create_scratch_host_vcpu(const uint32_t *cpus_to_try,
   int *fdarray,
   struct kvm_vcpu_init *init)
@@ -218,6 +225,11 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
 ret = -EINVAL;
 }
 
+if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER))
+if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
+warn_report("Failed to enable DABT NISV cap");
+}
+
 return ret;
 }
 
@@ -600,6 +612,10 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
 events.exception.serror_esr = env->serror.esr;
 }
 
+if (cap_has_inject_ext_dabt) {
+events.exception.ext_dabt_pending = env->ext_dabt_pending;
+}
+
 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, );
 if (ret) {
 error_report("failed to put vcpu events");
@@ -629,6 +645,8 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
 env->serror.has_esr = events.exception.serror_has_esr;
 env->serror.esr = events.exception.serror_esr;
 
+env->ext_dabt_pending = events.exception.ext_dabt_pending;
+
 return 0;
 }
 
@@ -701,6 +719,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
 ret = EXCP_DEBUG;
 } /* otherwise return to guest */
 break;
+case KVM_EXIT_ARM_NISV:
+/* 

Re: [PULL 2/2] configure: Require Python >= 3.5

[Eduardo Habkost]

On Fri, Dec 20, 2019 at 07:59:28PM +0100, Juan Quintela wrote:
> Eduardo Habkost  wrote:
> > Python 3.5 is the oldest Python version available on our
> > supported build platforms, and Python 2 end of life will be 3
> > weeks after the planned release date of QEMU 4.2.0.  Drop Python
> > 2 support from configure completely, and require Python 3.5 or
> > newer.
> >
> > Signed-off-by: Eduardo Habkost 
> > Message-Id: <20191016224237.26180-1-ehabk...@redhat.com>
> > Reviewed-by: John Snow 
> > Signed-off-by: Eduardo Habkost 
> 
> Reviewed-by: Juan Quintela 

Thanks!

> 
> But once here, a comment telling why we want 3.5, not 3.4 or 3.6 will
> have been helpful.

Is "Python 3.5 is the oldest Python version available on our
supported build platforms" a good explanation why we want 3.5?

-- 
Eduardo

[Bug 1857143] Re: VMs won't boot from external snapshots on qemu 4.2

[Toolybird]

This is due to the new way of configuring block devices in 4.2.

You'll need to create your snapshots correctly by using the '-F'
parameter of qemu-img create.

Full details here:

https://www.redhat.com/archives/libvirt-
users/2019-December/msg00016.html

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1857143

Title:
  VMs won't boot from external snapshots on qemu 4.2

Status in QEMU:
  New

Bug description:
  After upgrading from qemu 4.1.1-1 to 4.2.0-1, VMs that were set to use
  an external snapshot as their disk failed to boot.

  Depending on the guest OS and other VM settings the boot fails and you
  get either the "Boot failed: not a bootable drive" message or the grub
  rescue shell or the EFI shell. Downgrading back to qemu 4.1 allows the
  VMs to boot from the external snapshots without any problem and the
  disk images doesn't appear to be corrupted afterwards.

  From my testing this bug is easily reproducible. Create a VM, install
  a guest os, confirm that the VM boots the guest os without problems,
  shutdown the VM, create an external snapshot of the VM disk, set the
  VM to boot from the snapshot, try to boot the VM with qemu 4.2 and see
  it fail, try to boot it with qemu 4.1 and see it succeed.

  In my case, to test that this bug is reproducible, I used virt-manager
  to install Xubuntu 19.10 on a qcow2 disk image, and then used qemu-img
  create -f qcow2 -b base_image.qcow2 snapshot_image.qcow2 to create the
  external snapshot and edited the xml in virt-manager to point the VM's
  disk to snapshot_image.qcow2. It failed to boot with qemu 4.2, but it
  was working fine with 4.1.

  I booted this test VM off a live distro using the virtual CDROM and
  fdisk can't seem to find a partition table on the VM disk when qemu
  4.2 is used, with 4.1 it can see the partition table just fine.

  Internal snapshots don't seem to have this problem.

  I'm using Archlinux, virt-manager 2.2.1-2, libvirt 5.10.0-1, qemu
  4.2.0-1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1857143/+subscriptions

Re: [PATCH v2 28/28] cputlb: Expand cpu_ldst_template.h in cputlb.c

[Alex Bennée]

Richard Henderson  writes:

> Reduce the amount of preprocessor obfuscation by expanding
> the text of each of the functions generated.  The result is
> only slightly smaller than the original.
>
> Reviewed-by: Aleksandar Markovic 
> Signed-off-by: Richard Henderson 

\o/

Reviewed-by: Alex Bennée 

> ---
>  include/exec/cpu_ldst.h  |  67 +++---
>  include/exec/cpu_ldst_template.h | 117 ---
>  accel/tcg/cputlb.c   | 107 +++-
>  3 files changed, 130 insertions(+), 161 deletions(-)
>  delete mode 100644 include/exec/cpu_ldst_template.h
>
> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
> index cf4652bf48..62f38d5a22 100644
> --- a/include/exec/cpu_ldst.h
> +++ b/include/exec/cpu_ldst.h
> @@ -94,32 +94,6 @@ typedef target_ulong abi_ptr;
>  #define TARGET_ABI_FMT_ptr TARGET_ABI_FMT_lx
>  #endif
>  
> -#if defined(CONFIG_USER_ONLY)
> -
> -extern __thread uintptr_t helper_retaddr;
> -
> -static inline void set_helper_retaddr(uintptr_t ra)
> -{
> -helper_retaddr = ra;
> -/*
> - * Ensure that this write is visible to the SIGSEGV handler that
> - * may be invoked due to a subsequent invalid memory operation.
> - */
> -signal_barrier();
> -}
> -
> -static inline void clear_helper_retaddr(void)
> -{
> -/*
> - * Ensure that previous memory operations have succeeded before
> - * removing the data visible to the signal handler.
> - */
> -signal_barrier();
> -helper_retaddr = 0;
> -}
> -
> -/* In user-only mode we provide only the _code and _data accessors. */
> -
>  uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr);
>  uint32_t cpu_lduw_data(CPUArchState *env, abi_ptr ptr);
>  uint32_t cpu_ldl_data(CPUArchState *env, abi_ptr ptr);
> @@ -148,6 +122,30 @@ void cpu_stl_data_ra(CPUArchState *env, abi_ptr ptr,
>  void cpu_stq_data_ra(CPUArchState *env, abi_ptr ptr,
>   uint64_t val, uintptr_t retaddr);
>  
> +#if defined(CONFIG_USER_ONLY)
> +
> +extern __thread uintptr_t helper_retaddr;
> +
> +static inline void set_helper_retaddr(uintptr_t ra)
> +{
> +helper_retaddr = ra;
> +/*
> + * Ensure that this write is visible to the SIGSEGV handler that
> + * may be invoked due to a subsequent invalid memory operation.
> + */
> +signal_barrier();
> +}
> +
> +static inline void clear_helper_retaddr(void)
> +{
> +/*
> + * Ensure that previous memory operations have succeeded before
> + * removing the data visible to the signal handler.
> + */
> +signal_barrier();
> +helper_retaddr = 0;
> +}
> +
>  /*
>   * Provide the same *_mmuidx_ra interface as for softmmu.
>   * The mmu_idx argument is ignored.
> @@ -271,23 +269,6 @@ void cpu_stl_mmuidx_ra(CPUArchState *env, abi_ptr addr, 
> uint32_t val,
>  void cpu_stq_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
> int mmu_idx, uintptr_t retaddr);
>  
> -/* these access are slower, they must be as rare as possible */
> -#define CPU_MMU_INDEX (cpu_mmu_index(env, false))
> -#define MEMSUFFIX _data
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_template.h"
> -#undef CPU_MMU_INDEX
> -#undef MEMSUFFIX
> -
>  #endif /* defined(CONFIG_USER_ONLY) */
>  
>  uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr addr);
> diff --git a/include/exec/cpu_ldst_template.h 
> b/include/exec/cpu_ldst_template.h
> deleted file mode 100644
> index e400979f23..00
> --- a/include/exec/cpu_ldst_template.h
> +++ /dev/null
> @@ -1,117 +0,0 @@
> -/*
> - *  Software MMU support
> - *
> - * Generate inline load/store functions for one MMU mode and data
> - * size.
> - *
> - * Generate a store function as well as signed and unsigned loads.
> - *
> - * Not used directly but included from cpu_ldst.h.
> - *
> - *  Copyright (c) 2003 Fabrice Bellard
> - *
> - * This library is free software; you can redistribute it and/or
> - * modify it under the terms of the GNU Lesser General Public
> - * License as published by the Free Software Foundation; either
> - * version 2 of the License, or (at your option) any later version.
> - *
> - * This library is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> - * Lesser General Public License for more details.
> - *
> - * You should have received a copy of the GNU Lesser General Public
> - * License along with this library; if not, see 
> .
> - */
> -
> -#if DATA_SIZE == 8
> -#define SUFFIX q
> -#define USUFFIX q
> -#define DATA_TYPE uint64_t
> -#define SHIFT 3
> -#elif DATA_SIZE == 4
> -#define SUFFIX l
> -#define USUFFIX l
> -#define DATA_TYPE uint32_t
> -#define 

Re: [PATCH v2 27/28] cputlb: Remove support for MMU_MODE*_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> All users have now been converted to cpu_*_mmuidx_ra.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  include/exec/cpu_ldst.h | 230 
>  1 file changed, 230 deletions(-)
>
> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
> index 0f3c49a005..cf4652bf48 100644
> --- a/include/exec/cpu_ldst.h
> +++ b/include/exec/cpu_ldst.h
> @@ -271,236 +271,6 @@ void cpu_stl_mmuidx_ra(CPUArchState *env, abi_ptr addr, 
> uint32_t val,
>  void cpu_stq_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
> int mmu_idx, uintptr_t retaddr);
>  
> -#ifdef MMU_MODE0_SUFFIX
> -#define CPU_MMU_INDEX 0
> -#define MEMSUFFIX MMU_MODE0_SUFFIX
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_template.h"
> -#undef CPU_MMU_INDEX
> -#undef MEMSUFFIX
> -#endif
> -
> -#if (NB_MMU_MODES >= 2) && defined(MMU_MODE1_SUFFIX)
> -#define CPU_MMU_INDEX 1
> -#define MEMSUFFIX MMU_MODE1_SUFFIX
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_template.h"
> -#undef CPU_MMU_INDEX
> -#undef MEMSUFFIX
> -#endif
> -
> -#if (NB_MMU_MODES >= 3) && defined(MMU_MODE2_SUFFIX)
> -
> -#define CPU_MMU_INDEX 2
> -#define MEMSUFFIX MMU_MODE2_SUFFIX
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_template.h"
> -#undef CPU_MMU_INDEX
> -#undef MEMSUFFIX
> -#endif /* (NB_MMU_MODES >= 3) */
> -
> -#if (NB_MMU_MODES >= 4) && defined(MMU_MODE3_SUFFIX)
> -
> -#define CPU_MMU_INDEX 3
> -#define MEMSUFFIX MMU_MODE3_SUFFIX
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_template.h"
> -#undef CPU_MMU_INDEX
> -#undef MEMSUFFIX
> -#endif /* (NB_MMU_MODES >= 4) */
> -
> -#if (NB_MMU_MODES >= 5) && defined(MMU_MODE4_SUFFIX)
> -
> -#define CPU_MMU_INDEX 4
> -#define MEMSUFFIX MMU_MODE4_SUFFIX
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_template.h"
> -#undef CPU_MMU_INDEX
> -#undef MEMSUFFIX
> -#endif /* (NB_MMU_MODES >= 5) */
> -
> -#if (NB_MMU_MODES >= 6) && defined(MMU_MODE5_SUFFIX)
> -
> -#define CPU_MMU_INDEX 5
> -#define MEMSUFFIX MMU_MODE5_SUFFIX
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_template.h"
> -#undef CPU_MMU_INDEX
> -#undef MEMSUFFIX
> -#endif /* (NB_MMU_MODES >= 6) */
> -
> -#if (NB_MMU_MODES >= 7) && defined(MMU_MODE6_SUFFIX)
> -
> -#define CPU_MMU_INDEX 6
> -#define MEMSUFFIX MMU_MODE6_SUFFIX
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_template.h"
> -#undef CPU_MMU_INDEX
> -#undef MEMSUFFIX
> -#endif /* (NB_MMU_MODES >= 7) */
> -
> -#if (NB_MMU_MODES >= 8) && defined(MMU_MODE7_SUFFIX)
> -
> -#define CPU_MMU_INDEX 7
> -#define MEMSUFFIX MMU_MODE7_SUFFIX
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_template.h"
> -#undef CPU_MMU_INDEX
> -#undef MEMSUFFIX
> -#endif /* (NB_MMU_MODES >= 8) */
> -
> -#if (NB_MMU_MODES >= 9) && defined(MMU_MODE8_SUFFIX)
> -
> -#define CPU_MMU_INDEX 8
> -#define MEMSUFFIX MMU_MODE8_SUFFIX
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_template.h"
> -#undef CPU_MMU_INDEX
> -#undef MEMSUFFIX
> -#endif /* (NB_MMU_MODES >= 9) */
> -
> -#if (NB_MMU_MODES >= 10) && defined(MMU_MODE9_SUFFIX)
> -
> -#define CPU_MMU_INDEX 9
> -#define MEMSUFFIX MMU_MODE9_SUFFIX
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> 

Re: [PATCH v2 26/28] target/ppc: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> There are only two uses.  Within dcbz_common, the local variable
> mmu_idx already contains the epid computation, and we can avoid
> repeating it for the store.  Within helper_icbiep, the usage is
> trivially expanded using PPC_TLB_EPID_LOAD.
>
> Acked-by: David Gibson 
> Signed-off-by: Richard Henderson 
> ---
>  target/ppc/cpu.h|  2 --
>  target/ppc/mem_helper.c | 11 ++-
>  2 files changed, 2 insertions(+), 11 deletions(-)
>
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index e3e82327b7..3bd983adaa 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -951,8 +951,6 @@ struct ppc_radix_page_info {
>   * + real/paged mode combinations. The other two modes are for
>   * external PID load/store.
>   */
> -#define MMU_MODE8_SUFFIX _epl
> -#define MMU_MODE9_SUFFIX _eps
>  #define PPC_TLB_EPID_LOAD 8
>  #define PPC_TLB_EPID_STORE 9
>  
> diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
> index 1351b53f28..56855f2381 100644
> --- a/target/ppc/mem_helper.c
> +++ b/target/ppc/mem_helper.c
> @@ -177,14 +177,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong 
> addr,
>  } else {
>  /* Slow path */
>  for (i = 0; i < dcbz_size; i += 8) {
> -if (epid) {
> -#if !defined(CONFIG_USER_ONLY)
> -/* Does not make sense on USER_ONLY config */
> -cpu_stq_eps_ra(env, addr + i, 0, retaddr);
> -#endif
> -} else {
> -cpu_stq_data_ra(env, addr + i, 0, retaddr);
> -}
> +cpu_stq_mmuidx_ra(env, addr + i, 0, mmu_idx, retaddr);

I assume the possibility of a user-mode with epid is elided in the
translation phase by avoiding gen_dcbzep although I can't quite see
where they get called from. Anyway:

Reviewed-by: Alex Bennée 

>  }
>  }
>  }
> @@ -216,7 +209,7 @@ void helper_icbiep(CPUPPCState *env, target_ulong addr)
>  #if !defined(CONFIG_USER_ONLY)
>  /* See comments above */
>  addr &= ~(env->dcache_line_size - 1);
> -cpu_ldl_epl_ra(env, addr, GETPC());
> +cpu_ldl_mmuidx_ra(env, addr, PPC_TLB_EPID_LOAD, GETPC());
>  #endif
>  }


-- 
Alex Bennée

Re: [PATCH v2 25/28] target/s390x: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> The generated functions aside from *_real are unused.
> The *_real functions have a couple of users in mem_helper.c;
> use *_mmuidx_ra instead, with MMU_REAL_IDX.
>
> Reviewed-by: David Hildenbrand 
> Signed-off-by: Richard Henderson 

FYI there is a merge conflict with master as some of the helpers have
been replaced with inline code (by you ;-).

Reviewed-by: Alex Bennée 

> ---
> v2: Use *_mmuidx_ra directly, without intermediate macros.
> ---
>  target/s390x/cpu.h|  5 -
>  target/s390x/mem_helper.c | 21 -
>  2 files changed, 12 insertions(+), 14 deletions(-)
>
> diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
> index aa829e954c..cfa8a81265 100644
> --- a/target/s390x/cpu.h
> +++ b/target/s390x/cpu.h
> @@ -36,11 +36,6 @@
>  
>  #define TARGET_INSN_START_EXTRA_WORDS 2
>  
> -#define MMU_MODE0_SUFFIX _primary
> -#define MMU_MODE1_SUFFIX _secondary
> -#define MMU_MODE2_SUFFIX _home
> -#define MMU_MODE3_SUFFIX _real
> -
>  #define MMU_USER_IDX 0
>  
>  #define S390_MAX_CPUS 248
> diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
> index 57ce17c252..6f4a16b9b2 100644
> --- a/target/s390x/mem_helper.c
> +++ b/target/s390x/mem_helper.c
> @@ -2026,7 +2026,7 @@ uint32_t HELPER(testblock)(CPUS390XState *env, uint64_t 
> real_addr)
>  real_addr = wrap_address(env, real_addr) & TARGET_PAGE_MASK;
>  
>  for (i = 0; i < TARGET_PAGE_SIZE; i += 8) {
> -cpu_stq_real_ra(env, real_addr + i, 0, ra);
> +cpu_stq_mmuidx_ra(env, real_addr + i, 0, MMU_REAL_IDX, ra);
>  }
>  
>  return 0;
> @@ -2260,11 +2260,11 @@ void HELPER(idte)(CPUS390XState *env, uint64_t r1, 
> uint64_t r2, uint32_t m4)
>  for (i = 0; i < entries; i++) {
>  /* addresses are not wrapped in 24/31bit mode but table index is 
> */
>  raddr = table + ((index + i) & 0x7ff) * sizeof(entry);
> -entry = cpu_ldq_real_ra(env, raddr, ra);
> +entry = cpu_ldq_mmuidx_ra(env, raddr, MMU_REAL_IDX, ra);
>  if (!(entry & REGION_ENTRY_I)) {
>  /* we are allowed to not store if already invalid */
>  entry |= REGION_ENTRY_I;
> -cpu_stq_real_ra(env, raddr, entry, ra);
> +cpu_stq_mmuidx_ra(env, raddr, entry, MMU_REAL_IDX, ra);
>  }
>  }
>  }
> @@ -2291,9 +2291,9 @@ void HELPER(ipte)(CPUS390XState *env, uint64_t pto, 
> uint64_t vaddr,
>  pte_addr += VADDR_PAGE_TX(vaddr) * 8;
>  
>  /* Mark the page table entry as invalid */
> -pte = cpu_ldq_real_ra(env, pte_addr, ra);
> +pte = cpu_ldq_mmuidx_ra(env, pte_addr, MMU_REAL_IDX, ra);
>  pte |= PAGE_ENTRY_I;
> -cpu_stq_real_ra(env, pte_addr, pte, ra);
> +cpu_stq_mmuidx_ra(env, pte_addr, pte, MMU_REAL_IDX, ra);
>  
>  /* XXX we exploit the fact that Linux passes the exact virtual
> address here - it's not obliged to! */
> @@ -2333,18 +2333,21 @@ void HELPER(purge)(CPUS390XState *env)
>  /* load using real address */
>  uint64_t HELPER(lura)(CPUS390XState *env, uint64_t addr)
>  {
> -return cpu_ldl_real_ra(env, wrap_address(env, addr), GETPC());
> +return cpu_ldl_mmuidx_ra(env, wrap_address(env, addr),
> + MMU_REAL_IDX, GETPC());
>  }
>  
>  uint64_t HELPER(lurag)(CPUS390XState *env, uint64_t addr)
>  {
> -return cpu_ldq_real_ra(env, wrap_address(env, addr), GETPC());
> +return cpu_ldq_mmuidx_ra(env, wrap_address(env, addr),
> + MMU_REAL_IDX, GETPC());
>  }
>  
>  /* store using real address */
>  void HELPER(stura)(CPUS390XState *env, uint64_t addr, uint64_t v1)
>  {
> -cpu_stl_real_ra(env, wrap_address(env, addr), (uint32_t)v1, GETPC());
> +cpu_stl_mmuidx_ra(env, wrap_address(env, addr), (uint32_t)v1,
> +  MMU_REAL_IDX, GETPC());
>  
>  if ((env->psw.mask & PSW_MASK_PER) &&
>  (env->cregs[9] & PER_CR9_EVENT_STORE) &&
> @@ -2357,7 +2360,7 @@ void HELPER(stura)(CPUS390XState *env, uint64_t addr, 
> uint64_t v1)
>  
>  void HELPER(sturg)(CPUS390XState *env, uint64_t addr, uint64_t v1)
>  {
> -cpu_stq_real_ra(env, wrap_address(env, addr), v1, GETPC());
> +cpu_stq_mmuidx_ra(env, wrap_address(env, addr), v1, MMU_REAL_IDX, 
> GETPC());
>  
>  if ((env->psw.mask & PSW_MASK_PER) &&
>  (env->cregs[9] & PER_CR9_EVENT_STORE) &&


-- 
Alex Bennée

Re: [PATCH v2 24/28] target/mips: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> The separate suffixed functions were used to construct
> some do_##insn function switched on mmu_idx.  The interface
> is exactly identical to the *_mmuidx_ra functions.  Replace
> them directly and remove the constructions.
>
> Cc: Aurelien Jarno 
> Cc: Aleksandar Rikalo 
> Reviewed-by: Aleksandar Markovic 
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  target/mips/cpu.h   |   4 -
>  target/mips/op_helper.c | 182 +---
>  2 files changed, 60 insertions(+), 126 deletions(-)
>
> diff --git a/target/mips/cpu.h b/target/mips/cpu.h
> index ca00f41daf..c218ccc4a8 100644
> --- a/target/mips/cpu.h
> +++ b/target/mips/cpu.h
> @@ -1147,10 +1147,6 @@ extern uint32_t cpu_rddsp(uint32_t mask_num, 
> CPUMIPSState *env);
>   * MMU modes definitions. We carefully match the indices with our
>   * hflags layout.
>   */
> -#define MMU_MODE0_SUFFIX _kernel
> -#define MMU_MODE1_SUFFIX _super
> -#define MMU_MODE2_SUFFIX _user
> -#define MMU_MODE3_SUFFIX _error
>  #define MMU_USER_IDX 2
>  
>  static inline int hflags_mmu_index(uint32_t hflags)
> diff --git a/target/mips/op_helper.c b/target/mips/op_helper.c
> index 18fcee4a78..79d44da6fa 100644
> --- a/target/mips/op_helper.c
> +++ b/target/mips/op_helper.c
> @@ -52,69 +52,6 @@ static void raise_exception(CPUMIPSState *env, uint32_t 
> exception)
>  do_raise_exception(env, exception, 0);
>  }
>  
> -#if defined(CONFIG_USER_ONLY)
> -#define HELPER_LD(name, insn, type) \
> -static inline type do_##name(CPUMIPSState *env, target_ulong addr,  \
> - int mem_idx, uintptr_t retaddr)\
> -{   \
> -return (type) cpu_##insn##_data_ra(env, addr, retaddr); \
> -}
> -#else
> -#define HELPER_LD(name, insn, type) \
> -static inline type do_##name(CPUMIPSState *env, target_ulong addr,  \
> - int mem_idx, uintptr_t retaddr)\
> -{   \
> -switch (mem_idx) {  \
> -case 0: return (type) cpu_##insn##_kernel_ra(env, addr, retaddr);   \
> -case 1: return (type) cpu_##insn##_super_ra(env, addr, retaddr);\
> -default:\
> -case 2: return (type) cpu_##insn##_user_ra(env, addr, retaddr); \
> -case 3: return (type) cpu_##insn##_error_ra(env, addr, retaddr);\
> -}   \
> -}
> -#endif
> -HELPER_LD(lw, ldl, int32_t)
> -#if defined(TARGET_MIPS64)
> -HELPER_LD(ld, ldq, int64_t)
> -#endif
> -#undef HELPER_LD
> -
> -#if defined(CONFIG_USER_ONLY)
> -#define HELPER_ST(name, insn, type) \
> -static inline void do_##name(CPUMIPSState *env, target_ulong addr,  \
> - type val, int mem_idx, uintptr_t retaddr)  \
> -{   \
> -cpu_##insn##_data_ra(env, addr, val, retaddr);  \
> -}
> -#else
> -#define HELPER_ST(name, insn, type) \
> -static inline void do_##name(CPUMIPSState *env, target_ulong addr,  \
> - type val, int mem_idx, uintptr_t retaddr)  \
> -{   \
> -switch (mem_idx) {  \
> -case 0: \
> -cpu_##insn##_kernel_ra(env, addr, val, retaddr);\
> -break;  \
> -case 1: \
> -cpu_##insn##_super_ra(env, addr, val, retaddr); \
> -break;  \
> -default:\
> -case 2: \
> -cpu_##insn##_user_ra(env, addr, val, retaddr);  \
> -break;  \
> -case 3: \
> -cpu_##insn##_error_ra(env, addr, val, retaddr); \
> -break;  \
> -}   \
> -}
> -#endif
> -HELPER_ST(sb, stb, uint8_t)
> -HELPER_ST(sw, stl, uint32_t)
> -#if defined(TARGET_MIPS64)
> -HELPER_ST(sd, stq, uint64_t)
> -#endif
> -#undef HELPER_ST
> -
>  /* 64 bits arithmetic for 32 bits hosts */
>  static 

Re: [PATCH v2 23/28] target/m68k: Use cpu_*_mmuidx_ra instead of MMU_MODE{0, 1}_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> The generated *_user functions are unused.  The *_kernel functions
> have a couple of users in op_helper.c; use *_mmuidx_ra instead,
> with MMU_KERNEL_IDX.
>
> Reviewed-by: Laurent Vivier 
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 


> ---
> v2: Use *_mmuidx_ra directly, without intermediate macros.
> ---
>  target/m68k/cpu.h   |  2 --
>  target/m68k/op_helper.c | 77 +
>  2 files changed, 47 insertions(+), 32 deletions(-)
>
> diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
> index 20de3c379a..89af14e899 100644
> --- a/target/m68k/cpu.h
> +++ b/target/m68k/cpu.h
> @@ -516,8 +516,6 @@ enum {
>  #define cpu_list m68k_cpu_list
>  
>  /* MMU modes definitions */
> -#define MMU_MODE0_SUFFIX _kernel
> -#define MMU_MODE1_SUFFIX _user
>  #define MMU_KERNEL_IDX 0
>  #define MMU_USER_IDX 1
>  static inline int cpu_mmu_index (CPUM68KState *env, bool ifetch)
> diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
> index bc4f845e3f..202498deb5 100644
> --- a/target/m68k/op_helper.c
> +++ b/target/m68k/op_helper.c
> @@ -42,8 +42,8 @@ static void cf_rte(CPUM68KState *env)
>  uint32_t fmt;
>  
>  sp = env->aregs[7];
> -fmt = cpu_ldl_kernel(env, sp);
> -env->pc = cpu_ldl_kernel(env, sp + 4);
> +fmt = cpu_ldl_mmuidx_ra(env, sp, MMU_KERNEL_IDX, 0);
> +env->pc = cpu_ldl_mmuidx_ra(env, sp + 4, MMU_KERNEL_IDX, 0);
>  sp |= (fmt >> 28) & 3;
>  env->aregs[7] = sp + 8;
>  
> @@ -58,13 +58,13 @@ static void m68k_rte(CPUM68KState *env)
>  
>  sp = env->aregs[7];
>  throwaway:
> -sr = cpu_lduw_kernel(env, sp);
> +sr = cpu_lduw_mmuidx_ra(env, sp, MMU_KERNEL_IDX, 0);
>  sp += 2;
> -env->pc = cpu_ldl_kernel(env, sp);
> +env->pc = cpu_ldl_mmuidx_ra(env, sp, MMU_KERNEL_IDX, 0);
>  sp += 4;
>  if (m68k_feature(env, M68K_FEATURE_QUAD_MULDIV)) {
>  /*  all except 68000 */
> -fmt = cpu_lduw_kernel(env, sp);
> +fmt = cpu_lduw_mmuidx_ra(env, sp, MMU_KERNEL_IDX, 0);
>  sp += 2;
>  switch (fmt >> 12) {
>  case 0:
> @@ -260,12 +260,12 @@ static void cf_interrupt_all(CPUM68KState *env, int 
> is_hw)
>  /* ??? This could cause MMU faults.  */
>  sp &= ~3;
>  sp -= 4;
> -cpu_stl_kernel(env, sp, retaddr);
> +cpu_stl_mmuidx_ra(env, sp, retaddr, MMU_KERNEL_IDX, 0);
>  sp -= 4;
> -cpu_stl_kernel(env, sp, fmt);
> +cpu_stl_mmuidx_ra(env, sp, fmt, MMU_KERNEL_IDX, 0);
>  env->aregs[7] = sp;
>  /* Jump to vector.  */
> -env->pc = cpu_ldl_kernel(env, env->vbr + vector);
> +env->pc = cpu_ldl_mmuidx_ra(env, env->vbr + vector, MMU_KERNEL_IDX, 0);
>  }
>  
>  static inline void do_stack_frame(CPUM68KState *env, uint32_t *sp,
> @@ -278,23 +278,24 @@ static inline void do_stack_frame(CPUM68KState *env, 
> uint32_t *sp,
>  switch (format) {
>  case 4:
>  *sp -= 4;
> -cpu_stl_kernel(env, *sp, env->pc);
> +cpu_stl_mmuidx_ra(env, *sp, env->pc, MMU_KERNEL_IDX, 0);
>  *sp -= 4;
> -cpu_stl_kernel(env, *sp, addr);
> +cpu_stl_mmuidx_ra(env, *sp, addr, MMU_KERNEL_IDX, 0);
>  break;
>  case 3:
>  case 2:
>  *sp -= 4;
> -cpu_stl_kernel(env, *sp, addr);
> +cpu_stl_mmuidx_ra(env, *sp, addr, MMU_KERNEL_IDX, 0);
>  break;
>  }
>  *sp -= 2;
> -cpu_stw_kernel(env, *sp, (format << 12) + (cs->exception_index << 
> 2));
> +cpu_stw_mmuidx_ra(env, *sp, (format << 12) + (cs->exception_index << 
> 2),
> +  MMU_KERNEL_IDX, 0);
>  }
>  *sp -= 4;
> -cpu_stl_kernel(env, *sp, retaddr);
> +cpu_stl_mmuidx_ra(env, *sp, retaddr, MMU_KERNEL_IDX, 0);
>  *sp -= 2;
> -cpu_stw_kernel(env, *sp, sr);
> +cpu_stw_mmuidx_ra(env, *sp, sr, MMU_KERNEL_IDX, 0);
>  }
>  
>  static void m68k_interrupt_all(CPUM68KState *env, int is_hw)
> @@ -353,36 +354,52 @@ static void m68k_interrupt_all(CPUM68KState *env, int 
> is_hw)
>  cpu_abort(cs, "DOUBLE MMU FAULT\n");
>  }
>  env->mmu.fault = true;
> +/* push data 3 */
>  sp -= 4;
> -cpu_stl_kernel(env, sp, 0); /* push data 3 */
> +cpu_stl_mmuidx_ra(env, sp, 0, MMU_KERNEL_IDX, 0);
> +/* push data 2 */
>  sp -= 4;
> -cpu_stl_kernel(env, sp, 0); /* push data 2 */
> +cpu_stl_mmuidx_ra(env, sp, 0, MMU_KERNEL_IDX, 0);
> +/* push data 1 */
>  sp -= 4;
> -cpu_stl_kernel(env, sp, 0); /* push data 1 */
> +cpu_stl_mmuidx_ra(env, sp, 0, MMU_KERNEL_IDX, 0);
> +/* write back 1 / push data 0 */
>  sp -= 4;
> -cpu_stl_kernel(env, sp, 0); /* write back 1 / push data 0 */
> +cpu_stl_mmuidx_ra(env, sp, 0, MMU_KERNEL_IDX, 0);
> +/* write back 1 address */
>  sp -= 4;
> -cpu_stl_kernel(env, sp, 0); /* write 

Re: [PATCH v2 22/28] target/xtensa: Remove MMU_MODE{0,1,2,3}_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> The functions generated by these macros are unused.
>
> Acked-by: Max Filippov 
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  target/xtensa/cpu.h | 4 
>  1 file changed, 4 deletions(-)
>
> diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
> index b363ffcf10..f5a7ea48bb 100644
> --- a/target/xtensa/cpu.h
> +++ b/target/xtensa/cpu.h
> @@ -685,10 +685,6 @@ static inline uint32_t 
> xtensa_replicate_windowstart(CPUXtensaState *env)
>  }
>  
>  /* MMU modes definitions */
> -#define MMU_MODE0_SUFFIX _ring0
> -#define MMU_MODE1_SUFFIX _ring1
> -#define MMU_MODE2_SUFFIX _ring2
> -#define MMU_MODE3_SUFFIX _ring3
>  #define MMU_USER_IDX 3
>  
>  static inline int cpu_mmu_index(CPUXtensaState *env, bool ifetch)


-- 
Alex Bennée

[PULL 3/3] numa: properly check if numa is supported

[Eduardo Habkost]

From: Igor Mammedov 

Commit aa57020774b, by mistake used MachineClass::numa_mem_supported
to check if NUMA is supported by machine and also as unrelated change
set it to true for sbsa-ref board.

Luckily change didn't break machines that support NUMA, as the field
is set to true for them.

But the field is not intended for checking if NUMA is supported and
will be flipped to false within this release for new machine types.

Fix it:
 - by using previously used condition
  !mc->cpu_index_to_instance_props || !mc->get_default_cpu_node_id
   the first time and then use MachineState::numa_state down the road
   to check if NUMA is supported
 - dropping stray sbsa-ref chunk

Fixes: aa57020774b690a22be72453b8e91c9b5a68c516
Signed-off-by: Igor Mammedov 
Message-Id: <1576154936-178362-3-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/arm/sbsa-ref.c | 1 -
 hw/core/machine.c | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index 5853bdee5c..9b5bcb5634 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -789,7 +789,6 @@ static void sbsa_ref_class_init(ObjectClass *oc, void *data)
 mc->possible_cpu_arch_ids = sbsa_ref_possible_cpu_arch_ids;
 mc->cpu_index_to_instance_props = sbsa_ref_cpu_index_to_props;
 mc->get_default_cpu_node_id = sbsa_ref_get_default_cpu_node_id;
-mc->numa_mem_supported = true;
 }
 
 static const TypeInfo sbsa_ref_info = {
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 023548b4f3..e81f43cd0b 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -963,7 +963,7 @@ static void machine_initfn(Object *obj)
 NULL);
 }
 
-if (mc->numa_mem_supported) {
+if (mc->cpu_index_to_instance_props && mc->get_default_cpu_node_id) {
 ms->numa_state = g_new0(NumaState, 1);
 }
 
@@ -1107,7 +1107,7 @@ void machine_run_board_init(MachineState *machine)
 {
 MachineClass *machine_class = MACHINE_GET_CLASS(machine);
 
-if (machine_class->numa_mem_supported) {
+if (machine->numa_state) {
 numa_complete_configuration(machine);
 if (machine->numa_state->num_nodes) {
 machine_numa_finish_cpu_init(machine);
-- 
2.23.0

[PULL 1/3] i386: Resolve CPU models to v1 by default

[Eduardo Habkost]

When using `query-cpu-definitions` using `-machine none`,
QEMU is resolving all CPU models to their latest versions.  The
actual CPU model version being used by another machine type (e.g.
`pc-q35-4.0`) might be different.

In theory, this was OK because the correct CPU model
version is returned when using the correct `-machine` argument.

Except that in practice, this breaks libvirt expectations:
libvirt always use `-machine none` when checking if a CPU model
is runnable, because runnability is not expected to be affected
when the machine type is changed.

For example, when running on a Haswell host without TSX,
Haswell-v4 is runnable, but Haswell-v1 is not.  On those hosts,
`query-cpu-definitions` says Haswell is runnable if using
`-machine none`, but Haswell is actually not runnable using any
of the `pc-*` machine types (because they resolve Haswell to
Haswell-v1).  In other words, we're breaking the "runnability
guarantee" we promised to not break for a few releases (see
qemu-deprecated.texi).

To address this issue, change the default CPU model version to v1
on all machine types, so we make `query-cpu-definitions` output
when using `-machine none` match the results when using `pc-*`.
This will change in the future (the plan is to always return the
latest CPU model version if using `-machine none`), but only
after giving libvirt the opportunity to adapt.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1779078
Signed-off-by: Eduardo Habkost 
Message-Id: <20191205223339.764534-1-ehabk...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 qemu-deprecated.texi | 8 
 target/i386/cpu.c| 8 +++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/qemu-deprecated.texi b/qemu-deprecated.texi
index 62680f7bd5..7b94653cef 100644
--- a/qemu-deprecated.texi
+++ b/qemu-deprecated.texi
@@ -367,6 +367,14 @@ guarantees must resolve the CPU model aliases using te
 ``alias-of'' field returned by the ``query-cpu-definitions'' QMP
 command.
 
+While those guarantees are kept, the return value of
+``query-cpu-definitions'' will have existing CPU model aliases
+point to a version that doesn't break runnability guarantees
+(specifically, version 1 of those CPU models).  In future QEMU
+versions, aliases will point to newer CPU model versions
+depending on the machine type, so management software must
+resolve CPU model aliases before starting a virtual machine.
+
 
 @node Recently removed features
 @appendix Recently removed features
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 0a9ac65974..ba5e9d5d6b 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3981,7 +3981,13 @@ static PropValue tcg_default_props[] = {
 };
 
 
-X86CPUVersion default_cpu_version = CPU_VERSION_LATEST;
+/*
+ * We resolve CPU model aliases using -v1 when using "-machine
+ * none", but this is just for compatibility while libvirt isn't
+ * adapted to resolve CPU model versions before creating VMs.
+ * See "Runnability guarantee of CPU models" at * qemu-deprecated.texi.
+ */
+X86CPUVersion default_cpu_version = 1;
 
 void x86_cpu_set_default_version(X86CPUVersion version)
 {
-- 
2.23.0

[PULL 2/3] numa: remove not needed check

[Eduardo Habkost]

From: Igor Mammedov 

Currently parse_numa_node() is always called from already numa
enabled context.
Drop unnecessary check if numa is supported.

Signed-off-by: Igor Mammedov 
Message-Id: <1576154936-178362-2-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/core/numa.c | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/hw/core/numa.c b/hw/core/numa.c
index e3332a984f..19f082de12 100644
--- a/hw/core/numa.c
+++ b/hw/core/numa.c
@@ -83,10 +83,6 @@ static void parse_numa_node(MachineState *ms, 
NumaNodeOptions *node,
 return;
 }
 
-if (!mc->cpu_index_to_instance_props || !mc->get_default_cpu_node_id) {
-error_setg(errp, "NUMA is not supported by this machine-type");
-return;
-}
 for (cpus = node->cpus; cpus; cpus = cpus->next) {
 CpuInstanceProperties props;
 if (cpus->value >= max_cpus) {
@@ -178,9 +174,8 @@ void parse_numa_distance(MachineState *ms, NumaDistOptions 
*dist, Error **errp)
 void set_numa_options(MachineState *ms, NumaOptions *object, Error **errp)
 {
 Error *err = NULL;
-MachineClass *mc = MACHINE_GET_CLASS(ms);
 
-if (!mc->numa_mem_supported) {
+if (!ms->numa_state) {
 error_setg(errp, "NUMA is not supported by this machine-type");
 goto end;
 }
-- 
2.23.0

[PULL 0/3] x86 and machine queue, 2019-12-20

[Eduardo Habkost]

The following changes since commit aceeaa69d28e6f08a24395d0aa6915b687d0a681:

  Merge remote-tracking branch 
'remotes/huth-gitlab/tags/pull-request-2019-12-17' into staging (2019-12-17 
15:55:20 +)

are available in the Git repository at:

  git://github.com/ehabkost/qemu.git tags/x86-and-machine-pull-request

for you to fetch changes up to fcd3f2cc124600385dba46c69a80626985c15b50:

  numa: properly check if numa is supported (2019-12-19 14:57:14 -0300)


x86 and machine queue, 2019-12-20

Bug fix:
* Resolve CPU models to v1 by default (Eduardo Habkost)

Cleanup:
* Remove incorrect numa_mem_supported checks (Igor Mammedov)



Eduardo Habkost (1):
  i386: Resolve CPU models to v1 by default

Igor Mammedov (2):
  numa: remove not needed check
  numa: properly check if numa is supported

 hw/arm/sbsa-ref.c| 1 -
 hw/core/machine.c| 4 ++--
 hw/core/numa.c   | 7 +--
 qemu-deprecated.texi | 8 
 target/i386/cpu.c| 8 +++-
 5 files changed, 18 insertions(+), 10 deletions(-)

-- 
2.23.0

Re: [PULL 2/2] configure: Require Python >= 3.5

[Juan Quintela]

Eduardo Habkost  wrote:
> Python 3.5 is the oldest Python version available on our
> supported build platforms, and Python 2 end of life will be 3
> weeks after the planned release date of QEMU 4.2.0.  Drop Python
> 2 support from configure completely, and require Python 3.5 or
> newer.
>
> Signed-off-by: Eduardo Habkost 
> Message-Id: <20191016224237.26180-1-ehabk...@redhat.com>
> Reviewed-by: John Snow 
> Signed-off-by: Eduardo Habkost 

Reviewed-by: Juan Quintela 

But once here, a comment telling why we want 3.5, not 3.4 or 3.6 will
have been helpful.

Later, Juan.

Re: Can we retire Python 2 now?

[Juan Quintela]

Markus Armbruster  wrote:
> Python 2 EOL is only a few days away[*].  We made configure bitch about
> it in commit e5abf59eae "Deprecate Python 2 support", 2019-07-01.  Any
> objections to retiring it now, i.e. in 5.0?
>
> Cc'ing everyone who appears to be maintaining something that looks like
> a Python script.
>
> [*] https://pythonclock.org/

I am pretty sure that I am not a python maintaainer at all.

But anyways, python3 is only at python3.7.
python3.0 debuted at 2008, so ...

Acked-by: Juan Quintela 
Reviewed-by: Juan Quintela 

And anything else that you can think that endorses the change.

Later, Juan.

Re: [PATCH v2 04/28] cputlb: Move body of cpu_ldst_template.h out of line

[Alex Bennée]

Richard Henderson  writes:

> With the tracing hooks, the inline functions are no longer
> so simple.  Once out-of-line, the current tlb_entry lookup
> is redundant with the one in the main load/store_helper.
>
> This also begins the introduction of a new target facing
> interface, with suffix *_mmuidx_ra.  This is not yet
> official because the interface is not done for user-only.
>
> Use abi_ptr instead of target_ulong in preparation for
> user-only; the two types are identical for softmmu.
>
> What remains in cpu_ldst_template.h are the expansions
> for _code, _data, and MMU_MODE_SUFFIX.
>
> Signed-off-by: Richard Henderson 
> ---
>  include/exec/cpu_ldst.h  |  25 ++-
>  include/exec/cpu_ldst_template.h | 125 +++
>  accel/tcg/cputlb.c   | 116 
>  3 files changed, 166 insertions(+), 100 deletions(-)
>
> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
> index fd499f7e2f..cf8af36dbc 100644
> --- a/include/exec/cpu_ldst.h
> +++ b/include/exec/cpu_ldst.h
> @@ -152,7 +152,7 @@ static inline void clear_helper_retaddr(void)
>  
>  #else
>  
> -/* The memory helpers for tcg-generated code need tcg_target_long etc.  */
> +/* Needed for TCG_OVERSIZED_GUEST */
>  #include "tcg.h"
>  
>  static inline target_ulong tlb_addr_write(const CPUTLBEntry *entry)
> @@ -185,6 +185,29 @@ static inline CPUTLBEntry *tlb_entry(CPUArchState *env, 
> uintptr_t mmu_idx,
>  return _tlb(env)->f[mmu_idx].table[tlb_index(env, mmu_idx, addr)];
>  }
>  
> +uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +int mmu_idx, uintptr_t ra);
> +uint32_t cpu_lduw_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +int mmu_idx, uintptr_t ra);
> +uint32_t cpu_ldl_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +   int mmu_idx, uintptr_t ra);
> +uint64_t cpu_ldq_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +   int mmu_idx, uintptr_t ra);
> +
> +int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +   int mmu_idx, uintptr_t ra);
> +int cpu_ldsw_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +   int mmu_idx, uintptr_t ra);
> +
> +void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
> +   int mmu_idx, uintptr_t retaddr);
> +void cpu_stw_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
> +   int mmu_idx, uintptr_t retaddr);
> +void cpu_stl_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
> +   int mmu_idx, uintptr_t retaddr);
> +void cpu_stq_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
> +   int mmu_idx, uintptr_t retaddr);
> +
>  #ifdef MMU_MODE0_SUFFIX
>  #define CPU_MMU_INDEX 0
>  #define MEMSUFFIX MMU_MODE0_SUFFIX
> diff --git a/include/exec/cpu_ldst_template.h 
> b/include/exec/cpu_ldst_template.h
> index 0ad5de3ef9..ea39e29c19 100644
> --- a/include/exec/cpu_ldst_template.h
> +++ b/include/exec/cpu_ldst_template.h
> @@ -24,13 +24,6 @@
>   * License along with this library; if not, see 
> .
>   */
>  
> -#if !defined(SOFTMMU_CODE_ACCESS)
> -#include "trace-root.h"
> -#endif
> -
> -#include "qemu/plugin.h"
> -#include "trace/mem.h"

I think api.c needs to include trace/mem.h

-- 
Alex Bennée

Re: [PATCH v2 04/28] cputlb: Move body of cpu_ldst_template.h out of line

[Alex Bennée]

Alex Bennée  writes:

> Richard Henderson  writes:
>
>> With the tracing hooks, the inline functions are no longer
>> so simple.  Once out-of-line, the current tlb_entry lookup
>> is redundant with the one in the main load/store_helper.
>>
>> This also begins the introduction of a new target facing
>> interface, with suffix *_mmuidx_ra.  This is not yet
>> official because the interface is not done for user-only.
>>
>> Use abi_ptr instead of target_ulong in preparation for
>> user-only; the two types are identical for softmmu.
>>
>> What remains in cpu_ldst_template.h are the expansions
>> for _code, _data, and MMU_MODE_SUFFIX.
>>
>> Signed-off-by: Richard Henderson 
>
> Reviewed-by: Alex Bennée 

Although this seems to have broken --enable-plugins builds:

CC  aarch64-softmmu/plugins/api.o
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c: In function 
‘qemu_plugin_mem_size_shift’:
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c:229:19: error: 
‘TRACE_MEM_SZ_SHIFT_MASK’ undeclared (first use in this function)
   return info & TRACE_MEM_SZ_SHIFT_MASK;
 ^~~
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c:229:19: note: each undeclared 
identifier is reported only once for each function it appears in
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c: In function 
‘qemu_plugin_mem_is_sign_extended’:
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c:234:22: error: ‘TRACE_MEM_SE’ 
undeclared (first use in this function)
   return !!(info & TRACE_MEM_SE);
^~~~
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c: In function 
‘qemu_plugin_mem_is_big_endian’:
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c:239:22: error: ‘TRACE_MEM_BE’ 
undeclared (first use in this function)
   return !!(info & TRACE_MEM_BE);
^~~~
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c: In function 
‘qemu_plugin_mem_is_store’:
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c:244:22: error: ‘TRACE_MEM_ST’ 
undeclared (first use in this function)
   return !!(info & TRACE_MEM_ST);
^~~~
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c: In function 
‘qemu_plugin_get_hwaddr’:
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c:258:36: error: 
‘TRACE_MEM_MMU_SHIFT’ undeclared (first use in this function); did you mean 
‘TCP_MAX_WINSHIFT’?
   unsigned int mmu_idx = info >> TRACE_MEM_MMU_SHIFT;
  ^~~
  TCP_MAX_WINSHIFT
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c:259:35: error: ‘TRACE_MEM_ST’ 
undeclared (first use in this function); did you mean ‘TRACE_MEM_MMU_SHIFT’?
   hwaddr_info.is_store = info & TRACE_MEM_ST;
 ^~~~
 TRACE_MEM_MMU_SHIFT
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c: In function 
‘qemu_plugin_mem_size_shift’:
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c:230:1: error: control reaches 
end of non-void function [-Werror=return-type]
   }
   ^
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c: In function 
‘qemu_plugin_mem_is_sign_extended’:
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c:235:1: error: control reaches 
end of non-void function [-Werror=return-type]
   }
   ^
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c: In function 
‘qemu_plugin_mem_is_big_endian’:
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c:240:1: error: control reaches 
end of non-void function [-Werror=return-type]
   }
   ^
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c: In function 
‘qemu_plugin_mem_is_store’:
  /home/alex.bennee/lsrc/qemu.git/plugins/api.c:245:1: error: control reaches 
end of non-void function [-Werror=return-type]
   }
   ^
  cc1: all warnings being treated as errors
  /home/alex.bennee/lsrc/qemu.git/rules.mak:69: recipe for target 
'plugins/api.o' failed
  make[1]: *** [plugins/api.o] Error 1
  Makefile:491: recipe for target 'aarch64-softmmu/all' failed
  make: *** [aarch64-softmmu/all] Error 2


>
>> ---
>>  include/exec/cpu_ldst.h  |  25 ++-
>>  include/exec/cpu_ldst_template.h | 125 +++
>>  accel/tcg/cputlb.c   | 116 
>>  3 files changed, 166 insertions(+), 100 deletions(-)
>>
>> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
>> index fd499f7e2f..cf8af36dbc 100644
>> --- a/include/exec/cpu_ldst.h
>> +++ b/include/exec/cpu_ldst.h
>> @@ -152,7 +152,7 @@ static inline void clear_helper_retaddr(void)
>>  
>>  #else
>>  
>> -/* The memory helpers for tcg-generated code need tcg_target_long etc.  */
>> +/* Needed for TCG_OVERSIZED_GUEST */
>>  #include "tcg.h"
>>  
>>  static inline target_ulong tlb_addr_write(const CPUTLBEntry *entry)
>> @@ -185,6 +185,29 @@ static inline CPUTLBEntry *tlb_entry(CPUArchState *env, 
>> uintptr_t mmu_idx,
>>  return _tlb(env)->f[mmu_idx].table[tlb_index(env, mmu_idx, addr)];
>>  

Re: [PULL 00/24] virtio, pci, pc: fixes, features

[Peter Maydell]

On Thu, 19 Dec 2019 at 13:27, Michael S. Tsirkin  wrote:
>
> The following changes since commit b0ca999a43a22b38158a33d3f5881648bb4f:
>
>   Update version for v4.2.0 release (2019-12-12 16:45:57 +)
>
> are available in the Git repository at:
>
>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>
> for you to fetch changes up to d4fbea918a37c0586f1a0e15ac6ef04c9fc7b96b:
>
>   vhost-user-scsi: reset the device if supported (2019-12-19 08:25:35 -0500)
>
> 
> virtio, pci, pc: fixes, features
>
> Bugfixes all over the place.
> HMAT support.
> New flags for vhost-user-blk utility.
>
> Signed-off-by: Michael S. Tsirkin 
>

Compile failure on OSX:
/Users/pm215/src/qemu-for-merges/hw/core/numa.c:427:20: error: format
specifies type 'unsigned char' but the argument has type 'int'
[-Werror,-Wformat]
   node->level - 1);
~~~^~~
/Users/pm215/src/qemu-for-merges/include/qapi/error.h:166:35: note:
expanded from macro 'error_setg'
(fmt), ## __VA_ARGS__)
  ^~~
/Users/pm215/src/qemu-for-merges/hw/core/numa.c:440:20: error: format
specifies type 'unsigned char' but the argument has type 'int'
[-Werror,-Wformat]
   node->level + 1);
~~~^~~
/Users/pm215/src/qemu-for-merges/include/qapi/error.h:166:35: note:
expanded from macro 'error_setg'
(fmt), ## __VA_ARGS__)
  ^~~
2 errors generated.

thanks
-- PMM

Re: [PATCH v2 21/28] target/unicore32: Remove MMU_MODE{0,1}_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> The functions generated by these macros are unused.
>
> Cc: Guan Xuetao 
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  target/unicore32/cpu.h | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/target/unicore32/cpu.h b/target/unicore32/cpu.h
> index 50ed9dd99c..7a32e086ed 100644
> --- a/target/unicore32/cpu.h
> +++ b/target/unicore32/cpu.h
> @@ -133,8 +133,6 @@ void cpu_asr_write(CPUUniCore32State *env1, target_ulong 
> val, target_ulong mask)
>  int uc32_cpu_signal_handler(int host_signum, void *pinfo, void *puc);
>  
>  /* MMU modes definitions */
> -#define MMU_MODE0_SUFFIX _kernel
> -#define MMU_MODE1_SUFFIX _user
>  #define MMU_USER_IDX 1
>  static inline int cpu_mmu_index(CPUUniCore32State *env, bool ifetch)
>  {


-- 
Alex Bennée

Re: [PATCH v2 20/28] target/sh4: Remove MMU_MODE{0,1}_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> The functions generated by these macros are unused.
>
> Cc: Aurelien Jarno 
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  target/sh4/cpu.h | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
> index ecaa7a18a9..452a596e67 100644
> --- a/target/sh4/cpu.h
> +++ b/target/sh4/cpu.h
> @@ -254,8 +254,6 @@ void cpu_load_tlb(CPUSH4State * env);
>  #define cpu_list sh4_cpu_list
>  
>  /* MMU modes definitions */
> -#define MMU_MODE0_SUFFIX _kernel
> -#define MMU_MODE1_SUFFIX _user
>  #define MMU_USER_IDX 1
>  static inline int cpu_mmu_index (CPUSH4State *env, bool ifetch)
>  {


-- 
Alex Bennée

Re: [PATCH v2 19/28] target/microblaze: Remove MMU_MODE{0, 1, 2}_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> The functions generated by these macros are unused.
>
> Cc: Edgar E. Iglesias 
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  target/microblaze/cpu.h | 3 ---
>  1 file changed, 3 deletions(-)
>
> diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
> index 95773089aa..32522f606b 100644
> --- a/target/microblaze/cpu.h
> +++ b/target/microblaze/cpu.h
> @@ -328,9 +328,6 @@ int cpu_mb_signal_handler(int host_signum, void *pinfo,
>  #define cpu_signal_handler cpu_mb_signal_handler
>  
>  /* MMU modes definitions */
> -#define MMU_MODE0_SUFFIX _nommu
> -#define MMU_MODE1_SUFFIX _kernel
> -#define MMU_MODE2_SUFFIX _user
>  #define MMU_NOMMU_IDX   0
>  #define MMU_KERNEL_IDX  1
>  #define MMU_USER_IDX2


-- 
Alex Bennée

Re: [PATCH v2 16/28] target/alpha: Remove MMU_MODE{0,1}_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> The functions generated by these macros are unused.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  target/alpha/cpu.h | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
> index a530249a5b..3f782c0efe 100644
> --- a/target/alpha/cpu.h
> +++ b/target/alpha/cpu.h
> @@ -193,8 +193,6 @@ enum {
> PALcode cheats and usees the KSEG mapping for its code+data rather than
> physical addresses.  */
>  
> -#define MMU_MODE0_SUFFIX _kernel
> -#define MMU_MODE1_SUFFIX _user
>  #define MMU_KERNEL_IDX   0
>  #define MMU_USER_IDX 1
>  #define MMU_PHYS_IDX 2


-- 
Alex Bennée

Re: [PATCH v2 18/28] target/i386: Remove MMU_MODE{0,1,2}_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> The functions generated by these macros are unused.
>
> Cc: Eduardo Habkost 
> Acked-by: Paolo Bonzini 
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  target/i386/cpu.h | 3 ---
>  1 file changed, 3 deletions(-)
>
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index cde2a16b94..6a8228df4f 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -1949,9 +1949,6 @@ uint64_t cpu_get_tsc(CPUX86State *env);
>  #define cpu_list x86_cpu_list
>  
>  /* MMU modes definitions */
> -#define MMU_MODE0_SUFFIX _ksmap
> -#define MMU_MODE1_SUFFIX _user
> -#define MMU_MODE2_SUFFIX _knosmap /* SMAP disabled or CPL<3 && AC=1 */
>  #define MMU_KSMAP_IDX   0
>  #define MMU_USER_IDX1
>  #define MMU_KNOSMAP_IDX 2


-- 
Alex Bennée

Re: [PATCH v2 17/28] target/cris: Remove MMU_MODE{0,1}_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> The functions generated by these macros are unused.
>
> Cc: Edgar E. Iglesias 
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  target/cris/cpu.h | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/target/cris/cpu.h b/target/cris/cpu.h
> index aba0a66474..bc43bc23a1 100644
> --- a/target/cris/cpu.h
> +++ b/target/cris/cpu.h
> @@ -252,8 +252,6 @@ enum {
>  #define cpu_signal_handler cpu_cris_signal_handler
>  
>  /* MMU modes definitions */
> -#define MMU_MODE0_SUFFIX _kernel
> -#define MMU_MODE1_SUFFIX _user
>  #define MMU_USER_IDX 1
>  static inline int cpu_mmu_index (CPUCRISState *env, bool ifetch)
>  {


-- 
Alex Bennée

Re: [PATCH v2 15/28] target/nios2: Remove MMU_MODE{0,1}_SUFFIX

[Alex Bennée]

Richard Henderson  writes:

> The functions generated by these macros are unused.
>
> Cc: Chris Wulff 
> Cc: Marek Vasut 
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  target/nios2/cpu.h | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h
> index 361b06ffeb..78f633f970 100644
> --- a/target/nios2/cpu.h
> +++ b/target/nios2/cpu.h
> @@ -217,8 +217,6 @@ void do_nios2_semihosting(CPUNios2State *env);
>  #define CPU_SAVE_VERSION 1
>  
>  /* MMU modes definitions */
> -#define MMU_MODE0_SUFFIX _kernel
> -#define MMU_MODE1_SUFFIX _user
>  #define MMU_SUPERVISOR_IDX  0
>  #define MMU_USER_IDX1


-- 
Alex Bennée

Re: [PATCH v2 14/28] cputlb: Expand cpu_ldst_useronly_template.h in user-exec.c

[Alex Bennée]

Richard Henderson  writes:

> With the tracing hooks, the inline functions are no longer
> so simple.  Reduce the amount of preprocessor obfuscation
> by expanding the text of each of the functions generated.
> The result is only slightly larger than the original.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  include/exec/cpu_ldst.h   |  54 +++--
>  include/exec/cpu_ldst_useronly_template.h | 159 ---
>  accel/tcg/user-exec.c | 236 ++
>  3 files changed, 262 insertions(+), 187 deletions(-)
>  delete mode 100644 include/exec/cpu_ldst_useronly_template.h
>
> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
> index 41b98ba801..0f3c49a005 100644
> --- a/include/exec/cpu_ldst.h
> +++ b/include/exec/cpu_ldst.h
> @@ -120,35 +120,33 @@ static inline void clear_helper_retaddr(void)
>  
>  /* In user-only mode we provide only the _code and _data accessors. */
>  
> -#define MEMSUFFIX _data
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_useronly_template.h"
> +uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr);
> +uint32_t cpu_lduw_data(CPUArchState *env, abi_ptr ptr);
> +uint32_t cpu_ldl_data(CPUArchState *env, abi_ptr ptr);
> +uint64_t cpu_ldq_data(CPUArchState *env, abi_ptr ptr);
> +int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr);
> +int cpu_ldsw_data(CPUArchState *env, abi_ptr ptr);
>  
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_useronly_template.h"
> +uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr);
> +uint32_t cpu_lduw_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr);
> +uint32_t cpu_ldl_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr);
> +uint64_t cpu_ldq_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr);
> +int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr);
> +int cpu_ldsw_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr);
>  
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_useronly_template.h"
> +void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
> +void cpu_stw_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
> +void cpu_stl_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
> +void cpu_stq_data(CPUArchState *env, abi_ptr ptr, uint64_t val);
>  
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_useronly_template.h"
> -#undef MEMSUFFIX
> -
> -#define MEMSUFFIX _code
> -#define CODE_ACCESS
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_useronly_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_useronly_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_useronly_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_useronly_template.h"
> -#undef MEMSUFFIX
> -#undef CODE_ACCESS
> +void cpu_stb_data_ra(CPUArchState *env, abi_ptr ptr,
> + uint32_t val, uintptr_t retaddr);
> +void cpu_stw_data_ra(CPUArchState *env, abi_ptr ptr,
> + uint32_t val, uintptr_t retaddr);
> +void cpu_stl_data_ra(CPUArchState *env, abi_ptr ptr,
> + uint32_t val, uintptr_t retaddr);
> +void cpu_stq_data_ra(CPUArchState *env, abi_ptr ptr,
> + uint64_t val, uintptr_t retaddr);
>  
>  /*
>   * Provide the same *_mmuidx_ra interface as for softmmu.
> @@ -520,6 +518,8 @@ void cpu_stq_mmuidx_ra(CPUArchState *env, abi_ptr addr, 
> uint64_t val,
>  #undef CPU_MMU_INDEX
>  #undef MEMSUFFIX
>  
> +#endif /* defined(CONFIG_USER_ONLY) */
> +
>  uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr addr);
>  uint32_t cpu_lduw_code(CPUArchState *env, abi_ptr addr);
>  uint32_t cpu_ldl_code(CPUArchState *env, abi_ptr addr);
> @@ -535,8 +535,6 @@ static inline int cpu_ldsw_code(CPUArchState *env, 
> abi_ptr addr)
>  return (int16_t)cpu_lduw_code(env, addr);
>  }
>  
> -#endif /* defined(CONFIG_USER_ONLY) */
> -
>  /**
>   * tlb_vaddr_to_host:
>   * @env: CPUArchState
> diff --git a/include/exec/cpu_ldst_useronly_template.h 
> b/include/exec/cpu_ldst_useronly_template.h
> deleted file mode 100644
> index e5a3d1983a..00
> --- a/include/exec/cpu_ldst_useronly_template.h
> +++ /dev/null
> @@ -1,159 +0,0 @@
> -/*
> - *  User-only accessor function support
> - *
> - * Generate inline load/store functions for one data size.
> - *
> - * Generate a store function as well as signed and unsigned loads.
> - *
> - * Not used directly but included from cpu_ldst.h.
> - *
> - *  Copyright (c) 2015 Linaro Limited
> - *
> - * This library is free software; you can redistribute it and/or
> - * modify it under the terms of the GNU Lesser General Public
> - * License as published by the Free Software Foundation; either
> - * version 2 of the License, or (at your option) any later version.
> - *
> - * This library is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> - * 

Re: [PATCH v2 13/28] linux-user: Include trace-root.h in syscall-trace.h

[Alex Bennée]

Richard Henderson  writes:

> Code movement in an upcoming patch will show that this file
> was implicitly depending on trace-root.h being included beforehand.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  include/user/syscall-trace.h | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/include/user/syscall-trace.h b/include/user/syscall-trace.h
> index 9e60473643..79fd3e5aa9 100644
> --- a/include/user/syscall-trace.h
> +++ b/include/user/syscall-trace.h
> @@ -10,6 +10,8 @@
>  #ifndef _SYSCALL_TRACE_H_
>  #define _SYSCALL_TRACE_H_
>  
> +#include "trace-root.h"
> +
>  /*
>   * These helpers just provide a common place for the various
>   * subsystems that want to track syscalls to put their hooks in. We


-- 
Alex Bennée

Re: [PULL 0/6] more s390x patches

[Peter Maydell]

On Thu, 19 Dec 2019 at 11:01, Cornelia Huck  wrote:
>
> The following changes since commit aceeaa69d28e6f08a24395d0aa6915b687d0a681:
>
>   Merge remote-tracking branch 
> 'remotes/huth-gitlab/tags/pull-request-2019-12-17' into staging (2019-12-17 
> 15:55:20 +)
>
> are available in the Git repository at:
>
>   https://github.com/cohuck/qemu tags/s390x-20191219
>
> for you to fetch changes up to 104130cb7c106378dab944397c6a455c4a6d552f:
>
>   s390x: Properly fetch and test the short psw on diag308 subc 0/1 
> (2019-12-18 15:54:24 +0100)
>
> 
> More s390x patches:
> - tcg: implement LOAD/STORE TO REAL ADDRESS inline
> - fixes in tests, the bios, and diag308 handling
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.

-- PMM

Re: [PATCH v2 12/28] linux-user: Include tcg.h in syscall.c

[Alex Bennée]

Richard Henderson  writes:

> Code movement in an upcoming patch will show that this file
> was implicitly depending on tcg.h being included indirectly.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  linux-user/syscall.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 171c0caef3..34825f15bf 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -115,6 +115,7 @@
>  #include "user/syscall-trace.h"
>  #include "qapi/error.h"
>  #include "fd-trans.h"
> +#include "tcg.h"
>  
>  #ifndef CLONE_IO
>  #define CLONE_IO0x8000  /* Clone io context */


-- 
Alex Bennée

Re: [PATCH v2 10/28] target/arm: Include tcg.h in sve_helper.c

[Alex Bennée]

Richard Henderson  writes:

> Code movement in an upcoming patch will show that this file
> was implicitly depending on tcg.h being included indirectly.
>
> Cc: Peter Maydell 
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  target/arm/sve_helper.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
> index fc0c1755d2..83cc7f5bb5 100644
> --- a/target/arm/sve_helper.c
> +++ b/target/arm/sve_helper.c
> @@ -25,6 +25,7 @@
>  #include "exec/helper-proto.h"
>  #include "tcg/tcg-gvec-desc.h"
>  #include "fpu/softfloat.h"
> +#include "tcg.h"
>  
>  
>  /* Note that vector data is stored in host-endian 64-bit chunks,


-- 
Alex Bennée

Re: [PATCH v2 09/28] target/s390x: Include tcg.h in mem_helper.c

[Alex Bennée]

Richard Henderson  writes:

> Code movement in an upcoming patch will show that this file
> was implicitly depending on tcg.h being included indirectly.
>
> Reviewed-by: David Hildenbrand 
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  target/s390x/mem_helper.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
> index 2325767f17..57ce17c252 100644
> --- a/target/s390x/mem_helper.c
> +++ b/target/s390x/mem_helper.c
> @@ -27,6 +27,7 @@
>  #include "exec/cpu_ldst.h"
>  #include "qemu/int128.h"
>  #include "qemu/atomic128.h"
> +#include "tcg.h"
>  
>  #if !defined(CONFIG_USER_ONLY)
>  #include "hw/s390x/storage-keys.h"


-- 
Alex Bennée

Re: [PATCH v2 08/28] target/i386: Use cpu_*_mmuidx_ra instead of templates

[Alex Bennée]

Richard Henderson  writes:

> Do not use exec/cpu_ldst_{,useronly_}template.h directly,
> but instead use the functional interface.
>
> Cc: Eduardo Habkost 
> Acked-by: Paolo Bonzini 
> Signed-off-by: Richard Henderson 
> ---
>  target/i386/seg_helper.c | 56 
>  1 file changed, 28 insertions(+), 28 deletions(-)
>
> diff --git a/target/i386/seg_helper.c b/target/i386/seg_helper.c
> index 87a627f9dc..b96de068ca 100644
> --- a/target/i386/seg_helper.c
> +++ b/target/i386/seg_helper.c
> @@ -37,37 +37,37 @@
>  # define LOG_PCALL_STATE(cpu) do { } while (0)
>  #endif
>  
> -#ifdef CONFIG_USER_ONLY
> -#define MEMSUFFIX _kernel
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_useronly_template.h"
> +/*
> + * TODO: Convert callers to compute cpu_mmu_index_kernel once
> + * and use *_mmuidx_ra directly.
> + */

I guess this would only be if it was a significant performance impact?
They seem to be mainly called for (I assume) infrequently called
helpers.

Anyway lgtm:

Reviewed-by: Alex Bennée 


> +#define cpu_ldub_kernel_ra(e, p, r) \
> +cpu_ldub_mmuidx_ra(e, p, cpu_mmu_index_kernel(e), r)
> +#define cpu_lduw_kernel_ra(e, p, r) \
> +cpu_lduw_mmuidx_ra(e, p, cpu_mmu_index_kernel(e), r)
> +#define cpu_ldl_kernel_ra(e, p, r) \
> +cpu_ldl_mmuidx_ra(e, p, cpu_mmu_index_kernel(e), r)
> +#define cpu_ldq_kernel_ra(e, p, r) \
> +cpu_ldq_mmuidx_ra(e, p, cpu_mmu_index_kernel(e), r)
>  
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_useronly_template.h"
> +#define cpu_stb_kernel_ra(e, p, v, r) \
> +cpu_stb_mmuidx_ra(e, p, v, cpu_mmu_index_kernel(e), r)
> +#define cpu_stw_kernel_ra(e, p, v, r) \
> +cpu_stw_mmuidx_ra(e, p, v, cpu_mmu_index_kernel(e), r)
> +#define cpu_stl_kernel_ra(e, p, v, r) \
> +cpu_stl_mmuidx_ra(e, p, v, cpu_mmu_index_kernel(e), r)
> +#define cpu_stq_kernel_ra(e, p, v, r) \
> +cpu_stq_mmuidx_ra(e, p, v, cpu_mmu_index_kernel(e), r)
>  
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_useronly_template.h"
> +#define cpu_ldub_kernel(e, p)cpu_ldub_kernel_ra(e, p, 0)
> +#define cpu_lduw_kernel(e, p)cpu_lduw_kernel_ra(e, p, 0)
> +#define cpu_ldl_kernel(e, p) cpu_ldl_kernel_ra(e, p, 0)
> +#define cpu_ldq_kernel(e, p) cpu_ldq_kernel_ra(e, p, 0)
>  
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_useronly_template.h"
> -#undef MEMSUFFIX
> -#else
> -#define CPU_MMU_INDEX (cpu_mmu_index_kernel(env))
> -#define MEMSUFFIX _kernel
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 2
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 4
> -#include "exec/cpu_ldst_template.h"
> -
> -#define DATA_SIZE 8
> -#include "exec/cpu_ldst_template.h"
> -#undef CPU_MMU_INDEX
> -#undef MEMSUFFIX
> -#endif
> +#define cpu_stb_kernel(e, p, v)  cpu_stb_kernel_ra(e, p, v, 0)
> +#define cpu_stw_kernel(e, p, v)  cpu_stw_kernel_ra(e, p, v, 0)
> +#define cpu_stl_kernel(e, p, v)  cpu_stl_kernel_ra(e, p, v, 0)
> +#define cpu_stq_kernel(e, p, v)  cpu_stq_kernel_ra(e, p, v, 0)
>  
>  /* return non zero if error */
>  static inline int load_segment_ra(CPUX86State *env, uint32_t *e1_ptr,


-- 
Alex Bennée

Re: [PATCH v2 07/28] cputlb: Provide cpu_(ld, st}*_mmuidx_ra for user-only

[Alex Bennée]

Richard Henderson  writes:

> This finishes the new interface began with the previous patch.
> Document the interface and deprecate MMU_MODE_SUFFIX.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  include/exec/cpu_ldst.h |  80 +-
>  docs/devel/loads-stores.rst | 211 ++--
>  2 files changed, 230 insertions(+), 61 deletions(-)
>
> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
> index ef59ed61e4..41b98ba801 100644
> --- a/include/exec/cpu_ldst.h
> +++ b/include/exec/cpu_ldst.h
> @@ -25,9 +25,13 @@
>   *
>   * The syntax for the accessors is:
>   *
> - * load: cpu_ld{sign}{size}_{mmusuffix}(env, ptr)
> + * load:  cpu_ld{sign}{size}_{mmusuffix}(env, ptr)
> + *cpu_ld{sign}{size}_{mmusuffix}_ra(env, ptr, retaddr)
> + *cpu_ld{sign}{size}_mmuidx_ra(env, ptr, mmu_idx, retaddr)
>   *
> - * store: cpu_st{sign}{size}_{mmusuffix}(env, ptr, val)
> + * store: cpu_st{size}_{mmusuffix}(env, ptr, val)
> + *cpu_st{size}_{mmusuffix}_ra(env, ptr, val, retaddr)
> + *cpu_st{size}_mmuidx_ra(env, ptr, val, mmu_idx, retaddr)
>   *
>   * sign is:
>   * (empty): for 32 and 64 bit sizes
> @@ -40,9 +44,10 @@
>   *   l: 32 bits
>   *   q: 64 bits
>   *
> - * mmusuffix is one of the generic suffixes "data" or "code", or
> - * (for softmmu configs)  a target-specific MMU mode suffix as defined
> - * in target cpu.h.
> + * mmusuffix is one of the generic suffixes "data" or "code", or "mmuidx".
> + * The "mmuidx" suffix carries an extra mmu_idx argument that specifies
> + * the index to use; the "data" and "code" suffixes take the index from
> + * cpu_mmu_index().
>   */
>  #ifndef CPU_LDST_H
>  #define CPU_LDST_H
> @@ -145,6 +150,71 @@ static inline void clear_helper_retaddr(void)
>  #undef MEMSUFFIX
>  #undef CODE_ACCESS
>  
> +/*
> + * Provide the same *_mmuidx_ra interface as for softmmu.
> + * The mmu_idx argument is ignored.
> + */
> +
> +static inline uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +  int mmu_idx, uintptr_t ra)
> +{
> +return cpu_ldub_data_ra(env, addr, ra);
> +}
> +
> +static inline uint32_t cpu_lduw_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +  int mmu_idx, uintptr_t ra)
> +{
> +return cpu_lduw_data_ra(env, addr, ra);
> +}
> +
> +static inline uint32_t cpu_ldl_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> + int mmu_idx, uintptr_t ra)
> +{
> +return cpu_ldl_data_ra(env, addr, ra);
> +}
> +
> +static inline uint64_t cpu_ldq_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> + int mmu_idx, uintptr_t ra)
> +{
> +return cpu_ldq_data_ra(env, addr, ra);
> +}
> +
> +static inline int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> + int mmu_idx, uintptr_t ra)
> +{
> +return cpu_ldsb_data_ra(env, addr, ra);
> +}
> +
> +static inline int cpu_ldsw_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> + int mmu_idx, uintptr_t ra)
> +{
> +return cpu_ldsw_data_ra(env, addr, ra);
> +}
> +
> +static inline void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> + uint32_t val, int mmu_idx, uintptr_t ra)
> +{
> +cpu_stb_data_ra(env, addr, val, ra);
> +}
> +
> +static inline void cpu_stw_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> + uint32_t val, int mmu_idx, uintptr_t ra)
> +{
> +cpu_stw_data_ra(env, addr, val, ra);
> +}
> +
> +static inline void cpu_stl_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> + uint32_t val, int mmu_idx, uintptr_t ra)
> +{
> +cpu_stl_data_ra(env, addr, val, ra);
> +}
> +
> +static inline void cpu_stq_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> + uint64_t val, int mmu_idx, uintptr_t ra)
> +{
> +cpu_stq_data_ra(env, addr, val, ra);
> +}
> +
>  #else
>  
>  /* Needed for TCG_OVERSIZED_GUEST */
> diff --git a/docs/devel/loads-stores.rst b/docs/devel/loads-stores.rst
> index 8a5bc912a5..03aa9e7ff8 100644
> --- a/docs/devel/loads-stores.rst
> +++ b/docs/devel/loads-stores.rst
> @@ -72,31 +72,34 @@ Regexes for git grep
>   - ``\``
>   - ``\``
>  
> -``cpu_{ld,st}_*``
> -~
> +``cpu_{ld,st}*_mmuidx_ra``
> +~~
>  
> -These functions operate on a guest virtual address. Be aware
> -that these functions may cause a guest CPU exception to be
> -taken (e.g. for an alignment fault or MMU fault) which will
> -result in guest CPU state being updated and control longjumping
> -out of the function call. They should therefore only be used
> -in code that is implementing emulation of the target CPU.
> +These functions operate on a guest virtual address plus a context,
> +known as a "mmu index" or ``mmuidx``, which controls how that virtual
> 

[Bug 1856834] Re: Virtio broken in qemu ppc in 4.2.0 and other versions

[ecsdn]

fyi from what I recall guest kernel was built using mpc85xx_defconfig
with some additions like virtio etc. If virtio is working for you just
fine using same command as mine, then perhaps its some peculiarity to do
with my specific guest kernel or kernel version? (uImage is about 3.4M
with equivalent vmlinux about 72M)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1856834

Title:
  Virtio broken in qemu ppc in 4.2.0 and other versions

Status in QEMU:
  New

Bug description:
  The same qemu -M mpc... command that works on qemu-system-ppc version
  2.8.0 freezes guest on bootup and shows error for qemu-system-ppc
  version 4.2.0release and 4.19dirtygit:

  qemu-system-ppc: virtio-blk failed to set guest notifier (-24), ensure -accel 
kvm is set.
  qemu-system-ppc: virtio_bus_start_ioeventfd: failed. Fallback to userspace 
(slower).

  ends/freezes at:
  nbd: registered device at major 43
   vda:

  I'm using -drive file=/home/me/rawimage.dd,if=virtio and works fine in
  version 2.8.0 installed with apt-get install (Ubuntu 17.04) and also
  with 2.8.0 official release from git/github that I compiled/built
  myself. But both of the newer releases fail on the same exact machine
  same config.

  I also noticed that qemu-2.8.0 was fine with mtd but the newer ones I tried 
weren't, ie gave
  qemu-system-ppc: -drive if=mtd: machine type does not support 
if=mtd,bus=0,unit=0
  (but I removed -drive if=mtd since wasn't using it anyway)

  I also tried on windows but I think virtio doesn't work on windows
  hosts at all? On windows host it fails the same way, even version 2.12
  as well as 4.1.10...

  used:
  ./configure --prefix=/opt/... --enable-fdt --enable-kvm --enable-debug

  (basically all steps the same on same exact system same config, yet
  2.8.0 works fine whether apt-get installed or built from source while
  the others I built, 4.19/4.2.0 or 2.12/4.1.10(win) don't.)

  In case newer qemu versions act weird on various kernels, I did try with both 
vmlinuz-4.10.0-19-generic and vmlinuz-4.13.12-041312-generic (I didn't compile 
them but I can provide config-..files. This is on Ubuntu 17.04 x86_64 host 
emulating e500v2 cpm guest, ie -M mpc... GUEST kernel 2.6.32.44 which is why I 
can't use -M ppce500 instead..)
  tx
   ecs

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1856834/+subscriptions

Re: [PATCH v2 06/28] cputlb: Rename helper_ret_ld*_cmmu to cpu_ld*_code

[Alex Bennée]

Richard Henderson  writes:

> There are no uses of the *_cmmu names other than the bare wrapping
> within the *_code inlines.  Therefore rename the functions so we
> can drop the inlines.
>
> Use abi_ptr instead of target_ulong in preparation for user-only;
> the two types are identical for softmmu.
>
> Reviewed-by: Aleksandar Markovic 
> Signed-off-by: Richard Henderson 
> ---
>  include/exec/cpu_ldst.h  | 29 --
>  include/exec/cpu_ldst_template.h | 21 ---
>  tcg/tcg.h| 29 --
>  accel/tcg/cputlb.c   | 94 
>  docs/devel/loads-stores.rst  |  4 +-
>  5 files changed, 36 insertions(+), 141 deletions(-)
>
> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
> index 399ff6c3da..ef59ed61e4 100644
> --- a/include/exec/cpu_ldst.h
> +++ b/include/exec/cpu_ldst.h
> @@ -450,25 +450,20 @@ void cpu_stq_mmuidx_ra(CPUArchState *env, abi_ptr addr, 
> uint64_t val,
>  #undef CPU_MMU_INDEX
>  #undef MEMSUFFIX
>
> -#define CPU_MMU_INDEX (cpu_mmu_index(env, true))
> -#define MEMSUFFIX _code
> -#define SOFTMMU_CODE_ACCESS
> +uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr addr);
> +uint32_t cpu_lduw_code(CPUArchState *env, abi_ptr addr);
> +uint32_t cpu_ldl_code(CPUArchState *env, abi_ptr addr);
> +uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr addr);
>
> -#define DATA_SIZE 1
> -#include "exec/cpu_ldst_template.h"
> +static inline int cpu_ldsb_code(CPUArchState *env, abi_ptr addr)
> +{
> +return (int8_t)cpu_ldub_code(env, addr);
> +}

> --- a/tcg/tcg.h
> +++ b/tcg/tcg.h
> @@ -1290,27 +1290,6 @@ void helper_be_stl_mmu(CPUArchState *env, target_ulong 
> addr, uint32_t val,
>  void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
> TCGMemOpIdx oi, uintptr_t retaddr);
>
> -uint8_t helper_ret_ldub_cmmu(CPUArchState *env, target_ulong addr,
> -TCGMemOpIdx oi, uintptr_t retaddr);
> -int8_t helper_ret_ldsb_cmmu(CPUArchState *env, target_ulong addr,
> -TCGMemOpIdx oi, uintptr_t retaddr);
> -uint16_t helper_le_lduw_cmmu(CPUArchState *env, target_ulong addr,
> - TCGMemOpIdx oi, uintptr_t retaddr);
> -int16_t helper_le_ldsw_cmmu(CPUArchState *env, target_ulong addr,
> - TCGMemOpIdx oi, uintptr_t retaddr);
> -uint32_t helper_le_ldl_cmmu(CPUArchState *env, target_ulong addr,
> -TCGMemOpIdx oi, uintptr_t retaddr);
> -uint64_t helper_le_ldq_cmmu(CPUArchState *env, target_ulong addr,
> -TCGMemOpIdx oi, uintptr_t retaddr);
> -uint16_t helper_be_lduw_cmmu(CPUArchState *env, target_ulong addr,
> - TCGMemOpIdx oi, uintptr_t retaddr);
> -int16_t helper_be_ldsw_cmmu(CPUArchState *env, target_ulong addr,
> - TCGMemOpIdx oi, uintptr_t retaddr);
> -uint32_t helper_be_ldl_cmmu(CPUArchState *env, target_ulong addr,
> -TCGMemOpIdx oi, uintptr_t retaddr);
> -uint64_t helper_be_ldq_cmmu(CPUArchState *env, target_ulong addr,
> -TCGMemOpIdx oi, uintptr_t retaddr);
> -


Why have we dropped the final type and stuck to uint32/64? Do we rely on
the caller truncating any data by casting the result of their eventual
cpu_ldFoo?

--
Alex Bennée

[PATCH v2] target/m68k: only change valid bits in CACR

[Laurent Vivier]

This is used by netBSD (and MacOS ROM) to detect the MMU type

Signed-off-by: Laurent Vivier 
---

Notes:
v2: change accordingly to Thomas' comments
  - Replace MMU feature id by a CPU feature id
  - fix 68030 mask
  - add 68060 mask
  - only mask in m68k_movec_to() function

 target/m68k/cpu.c| 27 +--
 target/m68k/cpu.h|  5 -
 target/m68k/helper.c | 10 +-
 3 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index e6596de29c..f6a46bf2fb 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -114,11 +114,8 @@ static void m68000_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_MOVEP);
 }
 
-static void m68020_cpu_initfn(Object *obj)
+static void m680x0_cpu_common(CPUM68KState *env)
 {
-M68kCPU *cpu = M68K_CPU(obj);
-CPUM68KState *env = >env;
-
 m68k_set_feature(env, M68K_FEATURE_M68000);
 m68k_set_feature(env, M68K_FEATURE_USP);
 m68k_set_feature(env, M68K_FEATURE_WORD_INDEX);
@@ -136,14 +133,31 @@ static void m68020_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_CHK2);
 m68k_set_feature(env, M68K_FEATURE_MOVEP);
 }
-#define m68030_cpu_initfn m68020_cpu_initfn
+
+static void m68020_cpu_initfn(Object *obj)
+{
+M68kCPU *cpu = M68K_CPU(obj);
+CPUM68KState *env = >env;
+
+m680x0_cpu_common(env);
+m68k_set_feature(env, M68K_FEATURE_M68020);
+}
+
+static void m68030_cpu_initfn(Object *obj)
+{
+M68kCPU *cpu = M68K_CPU(obj);
+CPUM68KState *env = >env;
+
+m680x0_cpu_common(env);
+m68k_set_feature(env, M68K_FEATURE_M68030);
+}
 
 static void m68040_cpu_initfn(Object *obj)
 {
 M68kCPU *cpu = M68K_CPU(obj);
 CPUM68KState *env = >env;
 
-m68020_cpu_initfn(obj);
+m680x0_cpu_common(env);
 m68k_set_feature(env, M68K_FEATURE_M68040);
 }
 
@@ -166,6 +180,7 @@ static void m68060_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_BKPT);
 m68k_set_feature(env, M68K_FEATURE_RTD);
 m68k_set_feature(env, M68K_FEATURE_CHK2);
+m68k_set_feature(env, M68K_FEATURE_M68060);
 }
 
 static void m5208_cpu_initfn(Object *obj)
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 20de3c379a..11c71fa962 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -460,6 +460,10 @@ void do_m68k_semihosting(CPUM68KState *env, int nr);
 
 enum m68k_features {
 M68K_FEATURE_M68000,
+M68K_FEATURE_M68020,
+M68K_FEATURE_M68030,
+M68K_FEATURE_M68040,
+M68K_FEATURE_M68060,
 M68K_FEATURE_CF_ISA_A,
 M68K_FEATURE_CF_ISA_B, /* (ISA B or C).  */
 M68K_FEATURE_CF_ISA_APLUSC, /* BIT/BITREV, FF1, STRLDSR (ISA A+ or C).  */
@@ -481,7 +485,6 @@ enum m68k_features {
 M68K_FEATURE_BKPT,
 M68K_FEATURE_RTD,
 M68K_FEATURE_CHK2,
-M68K_FEATURE_M68040, /* instructions specific to MC68040 */
 M68K_FEATURE_MOVEP,
 };
 
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index ae766a6cb0..4aa13b34ed 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -205,7 +205,15 @@ void HELPER(m68k_movec_to)(CPUM68KState *env, uint32_t 
reg, uint32_t val)
 return;
 /* MC680[234]0 */
 case M68K_CR_CACR:
-env->cacr = val;
+if (m68k_feature(env, M68K_FEATURE_M68020)) {
+env->cacr = val & 0x000f;
+} else if (m68k_feature(env, M68K_FEATURE_M68030)) {
+env->cacr = val & 0x3f1f;
+} else if (m68k_feature(env, M68K_FEATURE_M68040)) {
+env->cacr = val & 0x80008000;
+} else if (m68k_feature(env, M68K_FEATURE_M68060)) {
+env->cacr = val & 0xf8e0e000;
+}
 m68k_switch_sp(env);
 return;
 /* MC680[34]0 */
-- 
2.24.1

Re: [RFC v4 PATCH 00/49] Initial support of multi-process qemu - status update

[John G Johnson]

> On Dec 19, 2019, at 5:36 AM, Stefan Hajnoczi  wrote:
> 
> On Wed, Dec 18, 2019 at 01:00:55AM +0100, Paolo Bonzini wrote:
>> On 17/12/19 23:57, Felipe Franciosi wrote:
>>> Doing it in userspace was the flow we proposed back in last year's KVM
>>> Forum (Edinburgh), but it got turned down.
>> 
>> I think the time since then has shown that essentially the cat is out of
>> the bag.  I didn't really like the idea of devices outside QEMU---and I
>> still don't---but if something like "VFIO over AF_UNIX" turns out to be
>> the cleanest way to implement multi-process QEMU device models, I am not
>> going to pull an RMS and block that from happening.  Assuming I could
>> even do so!
> 
> There are a range of approaches that will influence how out-of-process
> devices can be licensed and distributed.
> 
> A VFIO-over-UNIX domain sockets approach means a stable API so that any
> license (including proprietary) is possible.
> 
> Another approach is a QEMU-centric unstable protocol.  I'll call this
> the qdev-over-UNIX domain sockets approach.  Maintaining an out-of-tree
> device is expensive and ugly since the protocol changes between QEMU
> versions in ways that are incompatible and undetectable.
> 
> On top of that, the initialization protocol message could include the
> QEMU version string that the device was compiled against.  If the
> version string doesn't match then QEMU will refuse to talk to the
> device.
> 

This is very similar to our multi-process QEMU implementation before
we looked into using muser.  The differences are:

We use one object per emulated device type in QEMU rather than having a single
VFIO type that can masquerade as any PCI device.

We don’t pin guest memory; we pass the QEMU file descriptors used to create
guest memory to the emulation program, and it mmap()s them itself. (ala
vhost-user).

JJ



> Distributing a single device executable that works with many QEMUs (e.g.
> CentOS, Ubuntu) and versions becomes difficult.
> 
> I want to mention that we have the option of doing this if there are
> strong concerns about out-of-tree devices.  It does have downsides:
> 1. Inability to share devices with other VMMs.
> 2. Probably won't replace vhost-user due to the out-of-tree limitations.
> 3. Can still be circumvented by a motivated device author.
> 
> Stefan

Re: [PATCH] block/rbd: Add support for ceph namespaces

[Florian Florensa]

On Fri, Dec 20, 2019 at 09:56:51AM -0500, Jason Dillaman wrote:
> On Fri, Dec 20, 2019 at 9:11 AM Florian Florensa  wrote:
> >
> > Hello Stefano and Jason,
> >
> > First of all thanks for the quick reply,
> > Response inline belowe
> > > Hi Florian,
> > >
> > > I think we need to add (Since: 5.0).
> >
> > Are you implying by that (Since: 5.0) that we need to specify its
> > availability target is qemu 5.0 ?
> 
> FWIW, I took this as just a comment to add some documentation that the
> field is only valid starting w/ qemu v5.
> 
Works for me, will add this in v2.
> > I guess that maybe a version check would be better ? Like try to do
> > namespaces stuff only if we have a recent enough librbd in the system ?
> > Using something like :
> >
> > int rbd_major;
> >
> > rbd_version(_major, NULL, NULL);
> > /*
> >  * Target only nautilus+ librbd for namespace support
> > */
> > if (rbd_major >= 14) // tar
> >  
> 
> Unfortunately, those versions weren't updated in the Mimic nor
> Nautilus release so it would still return 1/12 (whoops). I think that
> means you would need to add a probe in "configure" to test for librbd
> namespace support (e.g. test for the existence of the `rbd_list2`
> function or the `rbd_linked_image_spec_t` structure). I'll fix this
> before the forthcoming Octopus release.
Will see to do this, I originally wanted to do this at runtime so a Qemu
built against an older librbd would work if the library was updated.
Else some dlopen + dlsym trickery would work by checking for the
existence of rbd_list2 in librbd.so, but I guess this might be a bad
idea, as it would add code that would be useless in sometime
> 
> > > The patch LGTM, but I'd like to use 'namespace' instead of cryptic
> > > 'nspace'. (as BlockdevOptionsNVMe did)
> > > What do you think?
> > >
> > Yes no worries, I can rename it to 'rbd_namespace' to avoid any possible
> > confusion, is this Ok for you ?
> 
> We use "pool_namespace" in the rbd CLI if you are trying to avoid the
> word "namespace".
> 
Yes I wanted to avoid namespace because it looks like the qapi generated
code changes the name to something like q_namespace, will use
pool_namespace in the v2.
> > > With those fixed:
> > >
> > > Reviewed-by: Stefano Garzarella 
> > >
> > > Thanks,
> > > Stefano
> >
> > Regards,
> > Florian
> 
> -- 
> Jason
> 

Regards,
Florian


signature.asc
Description: PGP signature

Re: [PATCH v2 05/28] translator: Use cpu_ld*_code instead of open-coding

[Alex Bennée]

Richard Henderson  writes:

> The DO_LOAD macros replicate the distinction already performed
> by the cpu_ldst.h functions.  Use them.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  include/exec/cpu_ldst.h   | 11 -
>  include/exec/translator.h | 48 +++
>  2 files changed, 13 insertions(+), 46 deletions(-)
>
> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
> index cf8af36dbc..399ff6c3da 100644
> --- a/include/exec/cpu_ldst.h
> +++ b/include/exec/cpu_ldst.h
> @@ -129,11 +129,6 @@ static inline void clear_helper_retaddr(void)
>  #include "exec/cpu_ldst_useronly_template.h"
>  #undef MEMSUFFIX
>  
> -/*
> - * Code access is deprecated in favour of translator_ld* functions
> - * (see translator.h). However there are still users that need to
> - * converted so for now these stay.
> - */
>  #define MEMSUFFIX _code
>  #define CODE_ACCESS
>  #define DATA_SIZE 1
> @@ -455,12 +450,6 @@ void cpu_stq_mmuidx_ra(CPUArchState *env, abi_ptr addr, 
> uint64_t val,
>  #undef CPU_MMU_INDEX
>  #undef MEMSUFFIX
>  
> -/*
> - * Code access is deprecated in favour of translator_ld* functions
> - * (see translator.h). However there are still users that need to
> - * converted so for now these stay.
> - */
> -
>  #define CPU_MMU_INDEX (cpu_mmu_index(env, true))
>  #define MEMSUFFIX _code
>  #define SOFTMMU_CODE_ACCESS
> diff --git a/include/exec/translator.h b/include/exec/translator.h
> index 459dd72aab..638e1529c5 100644
> --- a/include/exec/translator.h
> +++ b/include/exec/translator.h
> @@ -148,41 +148,19 @@ void translator_loop_temp_check(DisasContextBase *db);
>  /*
>   * Translator Load Functions
>   *
> - * These are intended to replace the old cpu_ld*_code functions and
> - * are mandatory for front-ends that have been migrated to the common
> - * translator_loop. These functions are only intended to be called
> - * from the translation stage and should not be called from helper
> - * functions. Those functions should be converted to encode the
> - * relevant information at translation time.
> + * These are intended to replace the direct usage of the cpu_ld*_code
> + * functions and are mandatory for front-ends that have been migrated
> + * to the common translator_loop. These functions are only intended
> + * to be called from the translation stage and should not be called
> + * from helper functions. Those functions should be converted to encode
> + * the relevant information at translation time.
>   */
>  
> -#ifdef CONFIG_USER_ONLY
> -
> -#define DO_LOAD(type, name, shift)   \
> -do { \
> -set_helper_retaddr(1);   \
> -ret = name ## _p(g2h(pc));   \
> -clear_helper_retaddr();  \
> -} while (0)
> -
> -#else
> -
> -#define DO_LOAD(type, name, shift)  \
> -do {\
> -int mmu_idx = cpu_mmu_index(env, true); \
> -TCGMemOpIdx oi = make_memop_idx(shift, mmu_idx);\
> -ret = helper_ret_ ## name ## _cmmu(env, pc, oi, 0); \
> -} while (0)
> -
> -#endif
> -
> -#define GEN_TRANSLATOR_LD(fullname, name, type, shift, swap_fn) \
> +#define GEN_TRANSLATOR_LD(fullname, type, load_fn, swap_fn) \
>  static inline type  \
>  fullname ## _swap(CPUArchState *env, abi_ptr pc, bool do_swap)  \
>  {   \
> -type ret;   \
> -DO_LOAD(type, name, shift); \
> -\
> +type ret = load_fn(env, pc);\
>  if (do_swap) {  \
>  ret = swap_fn(ret); \
>  }   \
> @@ -195,11 +173,11 @@ void translator_loop_temp_check(DisasContextBase *db);
>  return fullname ## _swap(env, pc, false);   \
>  }
>  
> -GEN_TRANSLATOR_LD(translator_ldub, ldub, uint8_t, 0, /* no swap */ )
> -GEN_TRANSLATOR_LD(translator_ldsw, ldsw, int16_t, 1, bswap16)
> -GEN_TRANSLATOR_LD(translator_lduw, lduw, uint16_t, 1, bswap16)
> -GEN_TRANSLATOR_LD(translator_ldl, ldl, uint32_t, 2, bswap32)
> -GEN_TRANSLATOR_LD(translator_ldq, ldq, uint64_t, 3, bswap64)
> +GEN_TRANSLATOR_LD(translator_ldub, uint8_t, cpu_ldub_code, /* no swap */)
> +GEN_TRANSLATOR_LD(translator_ldsw, int16_t, cpu_ldsw_code, bswap16)
> +GEN_TRANSLATOR_LD(translator_lduw, uint16_t, cpu_lduw_code, bswap16)
> +GEN_TRANSLATOR_LD(translator_ldl, uint32_t, cpu_ldl_code, bswap32)
> +GEN_TRANSLATOR_LD(translator_ldq, uint64_t, 

[Bug 1856834] Re: Virtio broken in qemu ppc in 4.2.0 and other versions

[ecsdn]

Thanks I tried with:

/root/QEMU/qemu-git-4.2.0rc4/qemu/build/ppc-softmmu/qemu-system-ppc -M
mpc8544ds -nographic -kernel /home/me/boot/uImage-2.6.32 -append
"root=/dev/vda rw" -device virtio-blk-pci,drive=drive0,disable-
modern=true -drive
file=/home/me/mmcblk0p2.dd,if=none,id=drive0,format=raw

And again it worked with qemu 2.8.1 but failed with the above 4.2.0rc4
on the same x86_64 host.

On another x86_64 host I confirmed that the below works with qemu 2.8.0

root@myserver:~# qemu-system-ppc -M mpc8544ds -nographic -kernel
/home/me/boot/uImage-2.6.32 -append "root=/dev/vda rw" -device virtio-
blk-pci,drive=drive0,disable-modern=true -drive
file=/home/me/mmcblk0p2.dd,if=none,id=drive0,format=raw

But again even on this system 4.2.0 failes with that same command:
root@myserver:~# /root/QEMU/qemu-4.2.0/build/ppc-softmmu/qemu-system-ppc -M 
mpc8544ds -nographic -kernel /home/me/boot/uImage-2.6.32 -append "root=/dev/vda 
rw" -device virtio-blk-pci,drive=drive0,disable-modern=true -drive 
file=/home/me/mmcblk0p2.dd,if=none,id=drive0,format=raw

Fails/freezes at the same vda: location.

Running it from its installed location didn't help, the following still
failed at vda: also.

root@myserver:/opt/qemu4.2.0/bin# ./qemu-system-ppc -M mpc8544ds
-nographic -kernel /home/me/boot/uImage-2.6.32 -append "root=/dev/vda
rw" -device virtio-blk-pci,drive=drive0,disable-modern=true -drive
file=/home/me/mmcblk0p2.dd,if=none,id=drive0,format=raw

Although I didn't think its required for the softmmu qemu "emulation"
only, ie not "kvm", I even enabled kvm as well as DMAR+IOMMU on the
kernel and recompiled 4.2.0 but had same vda: failure.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1856834

Title:
  Virtio broken in qemu ppc in 4.2.0 and other versions

Status in QEMU:
  New

Bug description:
  The same qemu -M mpc... command that works on qemu-system-ppc version
  2.8.0 freezes guest on bootup and shows error for qemu-system-ppc
  version 4.2.0release and 4.19dirtygit:

  qemu-system-ppc: virtio-blk failed to set guest notifier (-24), ensure -accel 
kvm is set.
  qemu-system-ppc: virtio_bus_start_ioeventfd: failed. Fallback to userspace 
(slower).

  ends/freezes at:
  nbd: registered device at major 43
   vda:

  I'm using -drive file=/home/me/rawimage.dd,if=virtio and works fine in
  version 2.8.0 installed with apt-get install (Ubuntu 17.04) and also
  with 2.8.0 official release from git/github that I compiled/built
  myself. But both of the newer releases fail on the same exact machine
  same config.

  I also noticed that qemu-2.8.0 was fine with mtd but the newer ones I tried 
weren't, ie gave
  qemu-system-ppc: -drive if=mtd: machine type does not support 
if=mtd,bus=0,unit=0
  (but I removed -drive if=mtd since wasn't using it anyway)

  I also tried on windows but I think virtio doesn't work on windows
  hosts at all? On windows host it fails the same way, even version 2.12
  as well as 4.1.10...

  used:
  ./configure --prefix=/opt/... --enable-fdt --enable-kvm --enable-debug

  (basically all steps the same on same exact system same config, yet
  2.8.0 works fine whether apt-get installed or built from source while
  the others I built, 4.19/4.2.0 or 2.12/4.1.10(win) don't.)

  In case newer qemu versions act weird on various kernels, I did try with both 
vmlinuz-4.10.0-19-generic and vmlinuz-4.13.12-041312-generic (I didn't compile 
them but I can provide config-..files. This is on Ubuntu 17.04 x86_64 host 
emulating e500v2 cpm guest, ie -M mpc... GUEST kernel 2.6.32.44 which is why I 
can't use -M ppce500 instead..)
  tx
   ecs

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1856834/+subscriptions

Re: [PATCH v2 04/28] cputlb: Move body of cpu_ldst_template.h out of line

[Alex Bennée]

Richard Henderson  writes:

> With the tracing hooks, the inline functions are no longer
> so simple.  Once out-of-line, the current tlb_entry lookup
> is redundant with the one in the main load/store_helper.
>
> This also begins the introduction of a new target facing
> interface, with suffix *_mmuidx_ra.  This is not yet
> official because the interface is not done for user-only.
>
> Use abi_ptr instead of target_ulong in preparation for
> user-only; the two types are identical for softmmu.
>
> What remains in cpu_ldst_template.h are the expansions
> for _code, _data, and MMU_MODE_SUFFIX.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

> ---
>  include/exec/cpu_ldst.h  |  25 ++-
>  include/exec/cpu_ldst_template.h | 125 +++
>  accel/tcg/cputlb.c   | 116 
>  3 files changed, 166 insertions(+), 100 deletions(-)
>
> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
> index fd499f7e2f..cf8af36dbc 100644
> --- a/include/exec/cpu_ldst.h
> +++ b/include/exec/cpu_ldst.h
> @@ -152,7 +152,7 @@ static inline void clear_helper_retaddr(void)
>  
>  #else
>  
> -/* The memory helpers for tcg-generated code need tcg_target_long etc.  */
> +/* Needed for TCG_OVERSIZED_GUEST */
>  #include "tcg.h"
>  
>  static inline target_ulong tlb_addr_write(const CPUTLBEntry *entry)
> @@ -185,6 +185,29 @@ static inline CPUTLBEntry *tlb_entry(CPUArchState *env, 
> uintptr_t mmu_idx,
>  return _tlb(env)->f[mmu_idx].table[tlb_index(env, mmu_idx, addr)];
>  }
>  
> +uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +int mmu_idx, uintptr_t ra);
> +uint32_t cpu_lduw_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +int mmu_idx, uintptr_t ra);
> +uint32_t cpu_ldl_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +   int mmu_idx, uintptr_t ra);
> +uint64_t cpu_ldq_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +   int mmu_idx, uintptr_t ra);
> +
> +int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +   int mmu_idx, uintptr_t ra);
> +int cpu_ldsw_mmuidx_ra(CPUArchState *env, abi_ptr addr,
> +   int mmu_idx, uintptr_t ra);
> +
> +void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
> +   int mmu_idx, uintptr_t retaddr);
> +void cpu_stw_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
> +   int mmu_idx, uintptr_t retaddr);
> +void cpu_stl_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
> +   int mmu_idx, uintptr_t retaddr);
> +void cpu_stq_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
> +   int mmu_idx, uintptr_t retaddr);
> +
>  #ifdef MMU_MODE0_SUFFIX
>  #define CPU_MMU_INDEX 0
>  #define MEMSUFFIX MMU_MODE0_SUFFIX
> diff --git a/include/exec/cpu_ldst_template.h 
> b/include/exec/cpu_ldst_template.h
> index 0ad5de3ef9..ea39e29c19 100644
> --- a/include/exec/cpu_ldst_template.h
> +++ b/include/exec/cpu_ldst_template.h
> @@ -24,13 +24,6 @@
>   * License along with this library; if not, see 
> .
>   */
>  
> -#if !defined(SOFTMMU_CODE_ACCESS)
> -#include "trace-root.h"
> -#endif
> -
> -#include "qemu/plugin.h"
> -#include "trace/mem.h"
> -
>  #if DATA_SIZE == 8
>  #define SUFFIX q
>  #define USUFFIX q
> @@ -63,56 +56,40 @@
>  #define RES_TYPE uint32_t
>  #endif
>  
> +/* generic load/store macros */
> +
>  #ifdef SOFTMMU_CODE_ACCESS
> -#define ADDR_READ addr_code
> -#define MMUSUFFIX _cmmu
> -#define URETSUFFIX USUFFIX
> -#define SRETSUFFIX glue(s, SUFFIX)
> -#else
> -#define ADDR_READ addr_read
> -#define MMUSUFFIX _mmu
> -#define URETSUFFIX USUFFIX
> -#define SRETSUFFIX glue(s, SUFFIX)
> +
> +static inline RES_TYPE
> +glue(glue(cpu_ld, USUFFIX), _code)(CPUArchState *env, target_ulong ptr)
> +{
> +TCGMemOpIdx oi = make_memop_idx(MO_TE | SHIFT, CPU_MMU_INDEX);
> +return glue(glue(helper_ret_ld, USUFFIX), _cmmu)(env, ptr, oi, 0);
> +}
> +
> +#if DATA_SIZE <= 2
> +static inline int
> +glue(glue(cpu_lds, SUFFIX), _code)(CPUArchState *env, target_ulong ptr)
> +{
> +return (DATA_STYPE)glue(glue(cpu_ld, USUFFIX), _code)(env, ptr);
> +}
>  #endif
>  
> -/* generic load/store macros */
> +#else
>  
>  static inline RES_TYPE
>  glue(glue(glue(cpu_ld, USUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
>target_ulong ptr,
>uintptr_t retaddr)
>  {
> -CPUTLBEntry *entry;
> -RES_TYPE res;
> -target_ulong addr;
> -int mmu_idx = CPU_MMU_INDEX;
> -MemOp op = MO_TE | SHIFT;
> -#if !defined(SOFTMMU_CODE_ACCESS)
> -uint16_t meminfo = trace_mem_get_info(op, mmu_idx, false);
> -trace_guest_mem_before_exec(env_cpu(env), ptr, meminfo);
> -#endif
> -
> -addr = ptr;
> -entry = tlb_entry(env, mmu_idx, addr);
> 

Re: [PATCH v4 5/6] hppa: Add emulation of Artist graphics

[Sven Schnelle]

Hi,

On Fri, Dec 20, 2019 at 05:36:36PM +0100, Helge Deller wrote:
> On 20.12.19 08:26, Helge Deller wrote:
> > On 19.12.19 01:28, Richard Henderson wrote:
> >> On 11/3/19 10:56 AM, Sven Schnelle wrote:
> >>> This adds emulation of Artist graphics good enough
> >>> to get a Text console on both Linux and HP-UX. The
> >>> X11 server from HP-UX also works.
> >>>
> >>> Signed-off-by: Sven Schnelle 
> >>> ---
> >>>  hw/display/Kconfig   |4 +
> >>>  hw/display/Makefile.objs |1 +
> >>>  hw/display/artist.c  | 1449 ++
> >>>  hw/display/trace-events  |9 +
> >>>  hw/hppa/Kconfig  |1 +
> >>>  hw/hppa/hppa_hardware.h  |1 +
> >>>  hw/hppa/machine.c|9 +
> >>>  7 files changed, 1474 insertions(+)
> >>>  create mode 100644 hw/display/artist.c
> >>
> >> Seems to have some problems rebased upon master:
> >>
> >> ...
> >
> > Richard, the attached patch (for seabios-hppa) fixes it for me.
> > Can you test as well?
> > It fixes the sti text column to go out-of-range and thus outside the 
> > framebuffer memory.
> 
> The attached patch is even better.
> It always wraps to the next line (or scrolls the screen if necessary) if
> the end of the line has been reached.
> 
> Helge

> diff --git a/src/parisc/sti.c b/src/parisc/sti.c
> index 7935770..61e7002 100644
> --- a/src/parisc/sti.c
> +++ b/src/parisc/sti.c
> @@ -168,5 +168,10 @@ void sti_putc(const char c)
>  }
>  return;
>  }
> +
> +/* wrap to next line or scroll screen if EOL reached */
> +if (col >= ((sti_glob_cfg.onscreen_x / font->width) - 1))
> + sti_putc('\n');
> +
>  sti_putchar(rom, row, col++, c);
>  }

Besides this, the root cause is the out-of-bounds check in vram_bit_write():
This fixes the crash for me. I'll resend an updated version later. Thanks for
helping debugging this issue!

diff --git a/hw/display/artist.c b/hw/display/artist.c
index 1d6c7d5d76..13c770e795 100644
--- a/hw/display/artist.c
+++ b/hw/display/artist.c
@@ -360,7 +360,7 @@ static void vram_bit_write(ARTISTState *s, int posx, int 
posy, bool incr_x,
 return;
 }

-if (posy * width + posx > buf->size) {
+if (posy * width + posx >= buf->size) {
 qemu_log("write outside bounds: wants %dx%d, max size %dx%d\n",
 posx, posy, width, height);
 return;

Regards
Sven

Re: [PATCH for-5.0 v11 05/20] virtio-iommu: Endpoint and domains structs and helpers

[Jean-Philippe Brucker]

On Thu, Dec 19, 2019 at 07:31:08PM +0100, Auger Eric wrote:
> Hi Jean,
> 
> On 12/10/19 5:37 PM, Jean-Philippe Brucker wrote:
> > On Fri, Nov 22, 2019 at 07:29:28PM +0100, Eric Auger wrote:
> >> +typedef struct viommu_domain {
> >> +uint32_t id;
> >> +GTree *mappings;
> >> +QLIST_HEAD(, viommu_endpoint) endpoint_list;
> >> +} viommu_domain;
> >> +
> >> +typedef struct viommu_endpoint {
> >> +uint32_t id;
> >> +viommu_domain *domain;
> >> +QLIST_ENTRY(viommu_endpoint) next;
> >> +} viommu_endpoint;
> > 
> > There might be a way to merge viommu_endpoint and the IOMMUDevice
> > structure introduced in patch 4, since they both represent one endpoint.
> > Maybe virtio_iommu_find_add_pci_as() could add the IOMMUDevice to
> > s->endpoints, and IOMMUDevice could store the endpoint ID rather than bus
> > and devfn.
> 
> On PCI bus enumeration we locally store the PCI bus hierarchy under the
> form of GHashTable of IOMMUDevice indexed by iommu_pci_bus pointer.
> Those are all the devices attached to the downstream buses. We also use
> an array of iommu pci bus pointers indexed by bus number that is lazily
> populated due to the fact, at enumeration time we do know the bus number
> yet. As you pointed, I haven't used the array of iommu pci bus pointers
> indexed by bus number in this series and I should actually. Currently I
> am not checking on attach that the sid effectively corresponds to a sid
> protected by this iommu. I will add this in my next version. The above
> structures are used in intel_iommu and smmu code as well and I think
> eventually this may be factorized a common base class..
> 
> on the other hand the gtree of viommu_endpoint - soon renamed in
> CamelCase form ;-) - corresponds to the EPs that are actually attached
> to any domain. It is indexed by sid and not by bus pointer. This is more
> adapted to the virtio-iommu case.
> 
> So, despite your suggestion, I am tempted to keep the different
> structures as the first ones are common to all iommu emulation code and
> the last is adapted to the virtio-iommu operations.
> 
> Thoughts?

Makes sense, it seems better to keep them separate. I had missed that the
PCI bus number is resolved later, and started to move the endpoint ID into
IOMMUDevice when adding MMIO support, but I'll need to revisit this.

I'll be off for two weeks, have a nice holiday!

Thanks,
Jean

Re: [PULL 0/2] Require Python >= 3.5 to build QEMU

[Philippe Mathieu-Daudé]

On 12/20/19 5:51 PM, Eduardo Habkost wrote:

Differences from the previous Python 3.5 pull request
that was rejected:

* Now tests/vm/netbsd was fixed
* .travis.yml is being updated to replace Python 3.4 job with 3.5

The following changes since commit f59b31e6d0c69792b5d817c5aa0a6ed64fba42e0:

   Merge remote-tracking branch 
'remotes/stsquad/tags/pull-tesing-and-misc-191219-1' into staging (2019-12-20 
14:00:49 +)

are available in the Git repository at:

   git://github.com/ehabkost/qemu.git tags/python-next-pull-request

for you to fetch changes up to ddf90699631db53c981b6a5a63d31c08e0eaeec7:

   configure: Require Python >= 3.5 (2019-12-20 13:45:59 -0300)


Require Python >= 3.5 to build QEMU

Python 2 EOL is 11 days away, we will stop supporting
it in QEMU 5.0.


That was quick! Thanks for sending it again today :)




Eduardo Habkost (2):
   travis: Replace Python 3.4 build with 3.5
   configure: Require Python >= 3.5

  .travis.yml|  2 +-
  configure  | 18 --
  tests/Makefile.include |  5 -
  3 files changed, 5 insertions(+), 20 deletions(-)

[PULL 2/2] configure: Require Python >= 3.5

[Eduardo Habkost]

Python 3.5 is the oldest Python version available on our
supported build platforms, and Python 2 end of life will be 3
weeks after the planned release date of QEMU 4.2.0.  Drop Python
2 support from configure completely, and require Python 3.5 or
newer.

Signed-off-by: Eduardo Habkost 
Message-Id: <20191016224237.26180-1-ehabk...@redhat.com>
Reviewed-by: John Snow 
Signed-off-by: Eduardo Habkost 
---
 configure  | 18 --
 tests/Makefile.include |  5 -
 2 files changed, 4 insertions(+), 19 deletions(-)

diff --git a/configure b/configure
index 940bf9e87a..747d3b4120 100755
--- a/configure
+++ b/configure
@@ -903,9 +903,9 @@ fi
 : ${install=${INSTALL-install}}
 # We prefer python 3.x. A bare 'python' is traditionally
 # python 2.x, but some distros have it as python 3.x, so
-# we check that before python2
+# we check that too
 python=
-for binary in "${PYTHON-python3}" python python2
+for binary in "${PYTHON-python3}" python
 do
 if has "$binary"
 then
@@ -1842,8 +1842,8 @@ fi
 
 # Note that if the Python conditional here evaluates True we will exit
 # with status 1 which is a shell 'false' value.
-if ! $python -c 'import sys; sys.exit(sys.version_info < (2,7))'; then
-  error_exit "Cannot use '$python', Python 2 >= 2.7 or Python 3 is required." \
+if ! $python -c 'import sys; sys.exit(sys.version_info < (3,5))'; then
+  error_exit "Cannot use '$python', Python >= 3.5 is required." \
   "Use --python=/path/to/python to specify a supported Python."
 fi
 
@@ -6594,15 +6594,6 @@ if test "$supported_os" = "no"; then
 echo "us upstream at qemu-devel@nongnu.org."
 fi
 
-# Note that if the Python conditional here evaluates True we will exit
-# with status 1 which is a shell 'false' value.
-if ! $python -c 'import sys; sys.exit(sys.version_info < (3,0))'; then
-  echo
-  echo "warning: Python 2 support is deprecated" >&2
-  echo "warning: Python 3 will be required for building future versions of 
QEMU" >&2
-  python2="y"
-fi
-
 config_host_mak="config-host.mak"
 
 echo "# Automatically generated by configure - do not modify" 
>config-all-disas.mak
@@ -7447,7 +7438,6 @@ echo "INSTALL_DATA=$install -c -m 0644" >> 
$config_host_mak
 echo "INSTALL_PROG=$install -c -m 0755" >> $config_host_mak
 echo "INSTALL_LIB=$install -c -m 0644" >> $config_host_mak
 echo "PYTHON=$python" >> $config_host_mak
-echo "PYTHON2=$python2" >> $config_host_mak
 echo "CC=$cc" >> $config_host_mak
 if $iasl -h > /dev/null 2>&1; then
   echo "IASL=$iasl" >> $config_host_mak
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 31b86674e5..9146e1bdee 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -1157,7 +1157,6 @@ TESTS_RESULTS_DIR=$(BUILD_DIR)/tests/results
 AVOCADO_SHOW=app
 AVOCADO_TAGS=$(patsubst %-softmmu,-t arch:%, $(filter 
%-softmmu,$(TARGET_DIRS)))
 
-ifneq ($(PYTHON2),y)
 $(TESTS_VENV_DIR): $(TESTS_VENV_REQ)
$(call quiet-command, \
 $(PYTHON) -m venv --system-site-packages $@, \
@@ -1166,10 +1165,6 @@ $(TESTS_VENV_DIR): $(TESTS_VENV_REQ)
 $(TESTS_VENV_DIR)/bin/python -m pip -q install -r 
$(TESTS_VENV_REQ), \
 PIP, $(TESTS_VENV_REQ))
$(call quiet-command, touch $@)
-else
-$(TESTS_VENV_DIR):
-   $(error "venv directory for tests requires Python 3")
-endif
 
 $(TESTS_RESULTS_DIR):
$(call quiet-command, mkdir -p $@, \
-- 
2.23.0

Re: Can we retire Python 2 now?

[Eduardo Habkost]

On Fri, Dec 20, 2019 at 05:29:30PM +0100, Markus Armbruster wrote:
> Python 2 EOL is only a few days away[*].  We made configure bitch about
> it in commit e5abf59eae "Deprecate Python 2 support", 2019-07-01.  Any
> objections to retiring it now, i.e. in 5.0?

Thanks for the reminder!

I'll be honest: even if somebody in this list objects to dropping
Python 2 support, I'm not willing to be maintainer of a Python 2
codebase in 2020.  The only reason for not doing it in 4.1 was
the tests/vm/netbsd breakage we took very long to debug and fix.

I have just submitted this pull request:

  Subject: [PULL 0/2] Require Python >= 3.5 to build QEMU
  
https://lore.kernel.org/qemu-devel/20191220165141.2207058-1-ehabk...@redhat.com/

> 
> Cc'ing everyone who appears to be maintaining something that looks like
> a Python script.
> 
> [*] https://pythonclock.org/

-- 
Eduardo

[PULL 1/2] travis: Replace Python 3.4 build with 3.5

[Eduardo Habkost]

We'll start requiring Python 3.5 to build QEMU.

Signed-off-by: Eduardo Habkost 
---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 376b7d6dfa..638fba4799 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -247,7 +247,7 @@ matrix:
 - CACHE_NAME="${TRAVIS_BRANCH}-linux-gcc-default"
   language: python
   python:
-- "3.4"
+- "3.5"
 
 
 - env:
-- 
2.23.0

[PATCH 2/2] ppc/pnv: Use the CPU topology to compute the default number of chips

[Greg Kurz]

Multi TCG mandates the CPU topology to be dimensioned to the actual
number of CPUs, depending on the number of chips the user asked for.
That is, '-machine num-chips=N' should always have a '-smp' companion
with a topology that meats the resulting number of CPUs, typically
'-smp sockets=N'.

Simplify the command line for these setups by computing the default
number of chips based on the CPU topology, ie. no need to explicitely
set "num-chips" anymore. This must be done at machine init because
smp_parse() is called after instance init.

Signed-off-by: Greg Kurz 
---
 hw/ppc/pnv.c |   23 ---
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index f8cf2b6d760f..9b777b7084a0 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -768,6 +768,19 @@ static void pnv_init(MachineState *machine)
 exit(1);
 }
 
+if (!pnv->num_chips) {
+uint32_t num_chips =
+machine->smp.max_cpus / (machine->smp.cores * 
machine->smp.threads);
+Error *local_err = NULL;
+
+object_property_set_uint(OBJECT(pnv), num_chips, "num-chips",
+ _err);
+if (local_err) {
+error_report_err(local_err);
+exit(1);
+}
+}
+
 pnv->chips = g_new0(PnvChip *, pnv->num_chips);
 for (i = 0; i < pnv->num_chips; i++) {
 char chip_name[32];
@@ -1722,6 +1735,9 @@ static void pnv_set_num_chips(Object *obj, Visitor *v, 
const char *name,
  */
 if (!is_power_of_2(num_chips) || num_chips > 4) {
 error_setg(errp, "invalid number of chips: '%d'", num_chips);
+error_append_hint(errp,
+  "Set 'num-chips' implicitely with '-smp sockets=N'. "
+  "Valid values are : 1, 2 or 4.\n");
 return;
 }
 
@@ -1735,12 +1751,6 @@ static void pnv_set_num_chips(Object *obj, Visitor *v, 
const char *name,
 pnv->num_chips = num_chips;
 }
 
-static void pnv_machine_instance_init(Object *obj)
-{
-PnvMachineState *pnv = PNV_MACHINE(obj);
-pnv->num_chips = 1;
-}
-
 static void pnv_machine_class_props_init(ObjectClass *oc)
 {
 object_class_property_add(oc, "num-chips", "uint32",
@@ -1874,7 +1884,6 @@ static const TypeInfo types[] = {
 .parent= TYPE_MACHINE,
 .abstract   = true,
 .instance_size = sizeof(PnvMachineState),
-.instance_init = pnv_machine_instance_init,
 .class_init= pnv_machine_class_init,
 .class_size= sizeof(PnvMachineClass),
 .interfaces = (InterfaceInfo[]) {

[PATCH 0/2] ppc/pnv: Improve command line experience with multi-chip

[Greg Kurz]

Patch 1 adds a sanity check of the CPU topology to avoid an assertion in
the multi TCG code that can be easily triggered with the "num-chips" property
of the powernv machine.

This still leaves us with the fact that the number of chips must be specified
twice on the command line: once for the "num-chips" property and once for the
CPU topology with '-smp sockets'. Patch 2 tries to tackle that by changing the
default value of "num-chips" (currently 1) to the number of "sockets" of the
CPU topology, computed at startup time as:

   smp.max_cpus / (smp.cores * smp.threads)

This allow to indirectly configure the number of chips and have a valid
CPU topology with a single '-smp sockets'.

--
Greg

---

Greg Kurz (2):
  ppc/pnv: Exit gracefully if CPU topology doesn't match the machine 
capacities
  ppc/pnv: Use the CPU topology to compute the default number of chips


 hw/ppc/pnv.c |   33 +
 1 file changed, 25 insertions(+), 8 deletions(-)

[PULL 0/2] Require Python >= 3.5 to build QEMU

[Eduardo Habkost]

Differences from the previous Python 3.5 pull request
that was rejected:

* Now tests/vm/netbsd was fixed
* .travis.yml is being updated to replace Python 3.4 job with 3.5

The following changes since commit f59b31e6d0c69792b5d817c5aa0a6ed64fba42e0:

  Merge remote-tracking branch 
'remotes/stsquad/tags/pull-tesing-and-misc-191219-1' into staging (2019-12-20 
14:00:49 +)

are available in the Git repository at:

  git://github.com/ehabkost/qemu.git tags/python-next-pull-request

for you to fetch changes up to ddf90699631db53c981b6a5a63d31c08e0eaeec7:

  configure: Require Python >= 3.5 (2019-12-20 13:45:59 -0300)


Require Python >= 3.5 to build QEMU

Python 2 EOL is 11 days away, we will stop supporting
it in QEMU 5.0.



Eduardo Habkost (2):
  travis: Replace Python 3.4 build with 3.5
  configure: Require Python >= 3.5

 .travis.yml|  2 +-
 configure  | 18 --
 tests/Makefile.include |  5 -
 3 files changed, 5 insertions(+), 20 deletions(-)

-- 
2.23.0

[PATCH 1/2] ppc/pnv: Exit gracefully if CPU topology doesn't match the machine capacities

[Greg Kurz]

QEMU crashes when started with:

   -machine powernv,num-chips=2 -smp cores=2 -accel tcg,thread=multi

ERROR:
tcg/tcg.c:789:tcg_register_thread: assertion failed: (n < ms->smp.max_cpus)
Aborted (core dumped)

This happens because the powernv machine creates num-chips * smp.cores
CPUs, which might exceed the maximum number of CPUs of the CPU topology
as computed by smp_parse().

Check the CPU topology in pnv_set_num_chips().

Signed-off-by: Greg Kurz 
---
 hw/ppc/pnv.c |   10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index f77e7ca84ede..f8cf2b6d760f 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -1706,7 +1706,8 @@ static void pnv_set_num_chips(Object *obj, Visitor *v, 
const char *name,
   void *opaque, Error **errp)
 {
 PnvMachineState *pnv = PNV_MACHINE(obj);
-uint32_t num_chips;
+MachineState *ms = MACHINE(pnv);
+uint32_t num_chips, num_cpus;
 Error *local_err = NULL;
 
 visit_type_uint32(v, name, _chips, _err);
@@ -1724,6 +1725,13 @@ static void pnv_set_num_chips(Object *obj, Visitor *v, 
const char *name,
 return;
 }
 
+num_cpus = num_chips * ms->smp.cores * ms->smp.threads;
+if (num_cpus > ms->smp.max_cpus) {
+error_setg(errp, "%d chips don't fit in the CPU topology", num_chips);
+error_append_hint(errp, "Try -smp sockets=%d.\n", num_chips);
+return;
+}
+
 pnv->num_chips = num_chips;
 }
 

Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate

[Peter Xu]

On Fri, Dec 20, 2019 at 05:26:42PM +0100, Jean-Philippe Brucker wrote:
> There is at the virtio transport level: the driver sets status to
> FEATURES_OK once it accepted the feature bits, and to DRIVER_OK once its
> fully operational. The virtio-iommu spec says:
> 
>   If the driver does not accept the VIRTIO_IOMMU_F_BYPASS feature, the
>   device SHOULD NOT let endpoints access the guest-physical address space.
> 
> So before features negotiation, there is no access. Afterwards it depends
> if the VIRTIO_IOMMU_F_BYPASS has been accepted by the driver.

Before enabling virtio-iommu device, should we still let the devices
to access the whole system address space?  I believe that's at least
what Intel IOMMUs are doing.  From code-wise, its:

if (likely(s->dmar_enabled)) {
success = vtd_do_iommu_translate(vtd_as, vtd_as->bus, vtd_as->devfn,
 addr, flag & IOMMU_WO, );
} else {
/* DMAR disabled, passthrough, use 4k-page*/
iotlb.iova = addr & VTD_PAGE_MASK_4K;
iotlb.translated_addr = addr & VTD_PAGE_MASK_4K;
iotlb.addr_mask = ~VTD_PAGE_MASK_4K;
iotlb.perm = IOMMU_RW;
success = true;
}

>From hardware-wise, an IOMMU should be close to transparent if you
never enable it, imho.

Otherwise I'm confused on how a guest (with virtio-iommu) could boot
with a normal BIOS that does not contain a virtio-iommu driver.  For
example, what if the BIOS needs to read some block sectors (as you
mentioned)?

> > >   - This flag is a must for all virtio-iommu emulation, right?
> > > (otherwise I can't see how system bootstraps..)
> 
> What do you mean by system bootstrap?

Sorry, I meant when the system boots before the OS.

> 
> One thing I've been wondering, and may be related, is how to handle a
> bootloader that wants to read for example an initrd from a virtio-block
> device that's behind the IOMMU.

My understanding is that virtio devices are special in that they can
use the VIRTIO_F_IOMMU_PLATFORM flag to bypass any vIOMMU (though, I
don't think that'll work when virtio hardwares comes to the
world.. because they can't really bypass the IOMMU hardware).

> Either we allow the device to let any DMA
> bypass the device until FEATURES_OK, which is a source of vulnerabilities
> [1], or we have to implement some support for the virtio-iommu in the
> BIOS. Again the F_BYPASS bit would help for this, since all the BIOS has
> to do is set it on boot. However, F_BYPASS is optional, and more complex
> support is needed for setting up identity mappings.
> 
> [1] See "IOMMU protection against I/O attacks: a vulnerability and a proof
> of concept" by Morgan et al, where a malicious device bypassing the IOMMU
> overwrites the IOMMU configuration as it is being created by the OS.
> Arguably we're not too concerned about malicious devices at the moment,
> but I'm not comfortable relaxing this.
> 
> > >   - Should this flag be gone right after OS starts (otherwise I think
> > > we still have the issue that any malicious device can be seen as
> > > in PT mode as default)?  How is that done?
> 
> Yes bypass mode assumes that devices and drivers aren't malicious, and the
> IOMMU is only used for things like assigning devices to guest userspace,
> or having large contiguous DMA buffers.

Yes I agree.  However again when the BYPASS flag was introduced, have
you thought of introducing that flag per-device?  IMHO that could be
better because you have a finer granularity on controlling all these,
so you'll be able to reject malicious devices but at the meantime
grant permission to trusted devices.

Thanks,

-- 
Peter Xu

Re: [PATCH v5 37/37] qdev/qom: remove some TODO limitations now that PROP_PTR is gone

[Markus Armbruster]

Marc-André Lureau  writes:

> Signed-off-by: Marc-André Lureau 
> ---
>  hw/core/qdev.c |  8 
>  qom/qom-qmp-cmds.c | 10 --
>  2 files changed, 18 deletions(-)
>
> diff --git a/hw/core/qdev.c b/hw/core/qdev.c
> index 98e786c50f..9feb81cff2 100644
> --- a/hw/core/qdev.c
> +++ b/hw/core/qdev.c
> @@ -736,14 +736,6 @@ void qdev_property_add_static(DeviceState *dev, Property 
> *prop,
>  if (prop->info->create) {
>  prop->info->create(obj, prop, _err);
>  } else {
> -/*
> - * TODO qdev_prop_ptr does not have getters or setters.  It must
> - * go now that it can be replaced with links.  The test should be
> - * removed along with it: all static properties are read/write.
> - */
> -if (!prop->info->get && !prop->info->set) {
> -return;
> -}
>  object_property_add(obj, prop->name, prop->info->name,
>  prop->info->get, prop->info->set,
>  prop->info->release,
> diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c
> index 236e8e41dd..f4494f98ac 100644
> --- a/qom/qom-qmp-cmds.c
> +++ b/qom/qom-qmp-cmds.c
> @@ -142,16 +142,6 @@ static ObjectPropertyInfo 
> *make_device_property_info(ObjectClass *klass,
>  continue;
>  }
>  
> -/*
> - * TODO Properties without a parser are just for dirty hacks.
> - * qdev_prop_ptr is the only such PropertyInfo.  It's marked
> - * for removal.  This conditional should be removed along with
> - * it.
> - */
> -if (!prop->info->set && !prop->info->create) {
> -return NULL;   /* no way to set it, don't show */
> -}
> -
>  info = g_malloc0(sizeof(*info));
>  info->name = g_strdup(prop->name);
>  info->type = default_type ? g_strdup(default_type)

Reviewed-by: Markus Armbruster 

Re: [PATCH v2 03/28] trace: Remove trace_mem_build_info_no_se_[bl]e

[Alex Bennée]

Richard Henderson  writes:

> It is easy for the atomic helpers to use trace_mem_build_info
> directly, without resorting to symbol pasting.  For this usage,
> we cannot use trace_mem_get_info, because the MemOp does not
> support 16-byte accesses.
>
> Signed-off-by: Richard Henderson 
> ---
>  accel/tcg/atomic_template.h | 67 +
>  trace/mem-internal.h| 17 --
>  2 files changed, 24 insertions(+), 60 deletions(-)
>
> diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
> index 837676231f..26969487d6 100644
> --- a/accel/tcg/atomic_template.h
> +++ b/accel/tcg/atomic_template.h
> @@ -64,13 +64,10 @@
> the ATOMIC_NAME macro, and redefined below.  */
>  #if DATA_SIZE == 1
>  # define END
> -# define MEND _be /* either le or be would be fine */
>  #elif defined(HOST_WORDS_BIGENDIAN)
>  # define END  _be
> -# define MEND _be
>  #else
>  # define END  _le
> -# define MEND _le
>  #endif
>  
>  ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
> @@ -79,8 +76,8 @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, 
> target_ulong addr,
>  ATOMIC_MMU_DECLS;
>  DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;
>  DATA_TYPE ret;
> -uint16_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, false,
> -   ATOMIC_MMU_IDX);
> +uint16_t info = trace_mem_build_info(SHIFT, false, 0, false,

What is MEND meant to be? Shouldn't we use the appropriate MO_TE instead
of 0 for these helpers?

> + ATOMIC_MMU_IDX);
>  
>  atomic_trace_rmw_pre(env, addr, info);
>  #if DATA_SIZE == 16
> @@ -99,8 +96,8 @@ ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong 
> addr EXTRA_ARGS)
>  {
>  ATOMIC_MMU_DECLS;
>  DATA_TYPE val, *haddr = ATOMIC_MMU_LOOKUP;
> -uint16_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, false,
> -   ATOMIC_MMU_IDX);
> +uint16_t info = trace_mem_build_info(SHIFT, false, 0, false,
> + ATOMIC_MMU_IDX);
>  
>  atomic_trace_ld_pre(env, addr, info);
>  val = atomic16_read(haddr);
> @@ -114,8 +111,8 @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr,
>  {
>  ATOMIC_MMU_DECLS;
>  DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;
> -uint16_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, true,
> -  ATOMIC_MMU_IDX);
> +uint16_t info = trace_mem_build_info(SHIFT, false, 0, true,
> + ATOMIC_MMU_IDX);
>  
>  atomic_trace_st_pre(env, addr, info);
>  atomic16_set(haddr, val);
> @@ -130,8 +127,8 @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, 
> target_ulong addr,
>  ATOMIC_MMU_DECLS;
>  DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;
>  DATA_TYPE ret;
> -uint16_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, false,
> -  ATOMIC_MMU_IDX);
> +uint16_t info = trace_mem_build_info(SHIFT, false, 0, false,
> + ATOMIC_MMU_IDX);
>  
>  atomic_trace_rmw_pre(env, addr, info);
>  ret = atomic_xchg__nocheck(haddr, val);
> @@ -147,10 +144,8 @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong 
> addr,   \
>  ATOMIC_MMU_DECLS;   \
>  DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;   \
>  DATA_TYPE ret;  \
> -uint16_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT,   \
> -   false,   \
> -   ATOMIC_MMU_IDX); \
> -\
> +uint16_t info = trace_mem_build_info(SHIFT, false, 0, false,\
> + ATOMIC_MMU_IDX);   \
>  atomic_trace_rmw_pre(env, addr, info);  \
>  ret = atomic_##X(haddr, val);   \
>  ATOMIC_MMU_CLEANUP; \
> @@ -183,10 +178,8 @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong 
> addr,   \
>  ATOMIC_MMU_DECLS;   \
>  XDATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;  \
>  XDATA_TYPE cmp, old, new, val = xval;   \
> -uint16_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT,   \
> -   false,   \
> -   ATOMIC_MMU_IDX); \
> -\
> +uint16_t info = trace_mem_build_info(SHIFT, false, 0, false,\
> +

Re: [PULL 00/25] testing and logging updates

[Peter Maydell]

On Thu, 19 Dec 2019 at 10:49, Alex Bennée  wrote:
>
> The following changes since commit aceeaa69d28e6f08a24395d0aa6915b687d0a681:
>
>   Merge remote-tracking branch 
> 'remotes/huth-gitlab/tags/pull-request-2019-12-17' into staging (2019-12-17 
> 15:55:20 +)
>
> are available in the Git repository at:
>
>   https://github.com/stsquad/qemu.git tags/pull-tesing-and-misc-191219-1
>
> for you to fetch changes up to 380976f40f909b735acb60d5d424de7eb1b7107e:
>
>   tests/tcg: ensure we re-configure if configure.sh is updated (2019-12-19 
> 08:20:16 +)
>
> 
> Various testing and logging updates
>
>   - test tci with Travis
>   - enable multiarch testing in Travis
>   - default to out-of-tree builds
>   - make changing logfile safe via RCU
>   - remove redundant tests
>   - remove gtester test from docker
>   - convert DEBUG_MMAP to tracepoints
>   - remove hand rolled glob function
>   - trigger tcg re-configure when needed
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.

-- PMM

Re: [PATCH v4 5/6] hppa: Add emulation of Artist graphics

[Helge Deller]

On 20.12.19 08:26, Helge Deller wrote:
> On 19.12.19 01:28, Richard Henderson wrote:
>> On 11/3/19 10:56 AM, Sven Schnelle wrote:
>>> This adds emulation of Artist graphics good enough
>>> to get a Text console on both Linux and HP-UX. The
>>> X11 server from HP-UX also works.
>>>
>>> Signed-off-by: Sven Schnelle 
>>> ---
>>>  hw/display/Kconfig   |4 +
>>>  hw/display/Makefile.objs |1 +
>>>  hw/display/artist.c  | 1449 ++
>>>  hw/display/trace-events  |9 +
>>>  hw/hppa/Kconfig  |1 +
>>>  hw/hppa/hppa_hardware.h  |1 +
>>>  hw/hppa/machine.c|9 +
>>>  7 files changed, 1474 insertions(+)
>>>  create mode 100644 hw/display/artist.c
>>
>> Seems to have some problems rebased upon master:
>>
>> ...
>
> Richard, the attached patch (for seabios-hppa) fixes it for me.
> Can you test as well?
> It fixes the sti text column to go out-of-range and thus outside the 
> framebuffer memory.

The attached patch is even better.
It always wraps to the next line (or scrolls the screen if necessary) if
the end of the line has been reached.

Helge
diff --git a/src/parisc/sti.c b/src/parisc/sti.c
index 7935770..61e7002 100644
--- a/src/parisc/sti.c
+++ b/src/parisc/sti.c
@@ -168,5 +168,10 @@ void sti_putc(const char c)
 }
 return;
 }
+
+/* wrap to next line or scroll screen if EOL reached */
+if (col >= ((sti_glob_cfg.onscreen_x / font->width) - 1))
+   sti_putc('\n');
+
 sti_putchar(rom, row, col++, c);
 }

Can we retire Python 2 now?

[Markus Armbruster]

Python 2 EOL is only a few days away[*].  We made configure bitch about
it in commit e5abf59eae "Deprecate Python 2 support", 2019-07-01.  Any
objections to retiring it now, i.e. in 5.0?

Cc'ing everyone who appears to be maintaining something that looks like
a Python script.

[*] https://pythonclock.org/

Re: [PATCH for-5.0 v11 08/20] virtio-iommu: Implement translate

[Jean-Philippe Brucker]

On Thu, Dec 19, 2019 at 04:09:47PM +0100, Auger Eric wrote:
> >> @@ -412,19 +412,80 @@ static IOMMUTLBEntry 
> >> virtio_iommu_translate(IOMMUMemoryRegion *mr, hwaddr addr,
> >>  int iommu_idx)
> >>  {
> >>  IOMMUDevice *sdev = container_of(mr, IOMMUDevice, iommu_mr);
> >> +viommu_interval interval, *mapping_key;
> >> +viommu_mapping *mapping_value;
> >> +VirtIOIOMMU *s = sdev->viommu;
> >> +viommu_endpoint *ep;
> >> +bool bypass_allowed;
> >>  uint32_t sid;
> >> +bool found;
> >> +
> >> +interval.low = addr;
> >> +interval.high = addr + 1;
> >>  
> >>  IOMMUTLBEntry entry = {
> >>  .target_as = _space_memory,
> >>  .iova = addr,
> >>  .translated_addr = addr,
> >> -.addr_mask = ~(hwaddr)0,
> >> +.addr_mask = (1 << ctz32(s->config.page_size_mask)) - 1,
> >>  .perm = IOMMU_NONE,
> >>  };
> >>  
> >> +bypass_allowed = virtio_has_feature(s->acked_features,
> >> +VIRTIO_IOMMU_F_BYPASS);
> >> +
> >
> > Would it be easier to check bypass_allowed here once and then drop the
> > latter [1] and [2] check?
>  bypass_allowed does not mean you systematically bypass. You bypass if
>  the SID is unknown or if the device is not attached to any domain.
>  Otherwise you translate. But maybe I miss your point.
> >>>
> >>> Ah ok, then could I ask how will this VIRTIO_IOMMU_F_BYPASS be used?
> >>> For example, I think VT-d defines passthrough in a totally different
> >>> way in that the PT mark will be stored in the per-device context
> >>> entries, then we can allow a specific device to be pass-through when
> >>> doing DMA.  That information is explicit (e.g., unknown SID will
> >>> always fail the DMA), and per-device.
> >>>
> >>> Here do you mean that you just don't put a device into any domain to
> >>> show it wants to use PT?  Then I'm not sure how do you identify
> >>> whether this is a legal PT or a malicious device (e.g., an unknown
> >>> device that even does not have any driver bound to it, which will also
> >>> satisfy "unknown SID" and "not attached to any domain", iiuc).
> >>
> >> The virtio-iommu spec currently says:
> >>
> >> "If the VIRTIO_IOMMU_F_BYPASS feature is negotiated, all accesses from
> >> unattached endpoints are
> >> allowed and translated by the IOMMU using the identity function. If the
> >> feature is not negotiated, any
> >> memory access from an unattached endpoint fails. Upon attaching an
> >> endpoint in bypass mode to a new
> >> domain, any memory access from the endpoint fails, since the domain does
> >> not contain any mapping.
> >> "
> >>
> >> I guess this can serve the purpose of devices doing early accesses,
> >> before the guest OS gets the hand and maps them?
> > 
> > OK, so there's no global enablement knob for virtio-iommu? Hmm... Then:

There is at the virtio transport level: the driver sets status to
FEATURES_OK once it accepted the feature bits, and to DRIVER_OK once its
fully operational. The virtio-iommu spec says:

  If the driver does not accept the VIRTIO_IOMMU_F_BYPASS feature, the
  device SHOULD NOT let endpoints access the guest-physical address space.

So before features negotiation, there is no access. Afterwards it depends
if the VIRTIO_IOMMU_F_BYPASS has been accepted by the driver.

> well this is a global knob. If this is bot negotiated any unmapped
> device can PT.
> 
> My assumption above must be wrong as this is a negotiated feature so
> anyway the virtio-iommu driver should be involved.
> 
> I don't really remember the rationale of the feature bit tbh.

I don't remember writing down a rationale for this bit, it was in the very
first version (I think someone suggested it during the initial internal
discussion) and I didn't remove it afterwards because it seems useful:

Say a guest only wants to use the vIOMMU for userspace assignment and
wants all other endpoints to bypass translation, which is our primary
use-case. In other words booting Linux with iommu.passthrough=1. It can
either create an identity domain for each endpoint (one MAP request with
VA==PA) or it can set the VIRTIO_IOMMU_F_BYPASS bit. The device-side
implementation should be more efficient with the latter, since you don't
need to lookup the domain + address space for each access.

> In "[virtio-dev] RE: [RFC] virtio-iommu version 0.4 " Jean discussed
> that with Kevein. Sorry I cannot find the link.
> 
> " If the endpoint is not attached to any address space,
> then the device MAY abort the transaction."

Hmm, that was regarding a "bypass" reserved memory region, which isn't in
the current spec.

> Kevin> From definition of BYPASS, it's orthogonal to whether there is an
> address space attached, then should we still allow "May abort" behavior?
> 
> Jean> The behavior is left as an 

Making QEMU easier for management tools and applications

[Stefan Hajnoczi]

Hi,
QEMU presents a command-line interface and QMP monitor for
applications to interact with.  Applications actually need API
bindings in their programming language.  Bindings avoid reimplementing
code to spawn a QEMU process and interact with QMP.  QEMU is kind of
lazy and de facto relies on libvirt for API bindings.

Is it time for better QEMU APIs?

1. We have qapi-schema.json.  Let's render to HTML and publish
versioned documentation online.

2. scripts/qmp/ contains command-line tools for QMP communication.
They could use some polish and then be shipped.

3. python/qemu/ contains Python modules for managing a QEMU process
and QMP communication.  This should be packaged in distros and
available on PyPI.

4. Go and Rust bindings would also be useful.  There is
https://github.com/intel/govmm but I think it makes sense to keep it
in qemu.git and provide an interface similar to our Python modules.

5. A jailer is needed to isolate the QEMU process and vhost-user
device backends using seccomp, Linux namespaces, and maybe
SELinux/AppArmor.  We used to be able to rely on libvirt for QEMU
security, but it's becoming a common task for any device backend and
IMO should be its own launcher tool.

6. A configuration file format is sorely needed so that guest
configuration can be persisted and easily launched.  Today you have to
create a shell script that executes a QEMU command-line, but this is
suboptimal because sharing executable scripts is dangerous from a
security perspective and is hard to parse or modify programmatically.

In many of these areas we already have a partial solution.  It just
needs more work.  I think it would be worth the effort and the mental
shift to really providing APIs that are easy to use by applications.

What do you think?

Have I missed things that are needed?

Have I included things that are unnecessary?

Stefan