Re: [PATCH 05/15] device-hotplug: Replace current_machine by qdev_get_machine()

[Alistair Francis]

On Thu, Jan 9, 2020 at 11:27 PM Philippe Mathieu-Daudé
 wrote:
>
> As we want to remove the global current_machine,
> replace MACHINE_GET_CLASS(current_machine) by
> MACHINE_GET_CLASS(qdev_get_machine()).
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  device-hotplug.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/device-hotplug.c b/device-hotplug.c
> index f01d53774b..44d687f254 100644
> --- a/device-hotplug.c
> +++ b/device-hotplug.c
> @@ -45,7 +45,7 @@ static DriveInfo *add_init_drive(const char *optstr)
>  if (!opts)
>  return NULL;
>
> -mc = MACHINE_GET_CLASS(current_machine);
> +mc = MACHINE_GET_CLASS(qdev_get_machine());
>  dinfo = drive_new(opts, mc->block_default_type, &err);
>  if (err) {
>  error_report_err(err);
> --
> 2.21.1
>
>

Re: [PATCH 06/15] migration/savevm: Replace current_machine by qdev_get_machine()

[Alistair Francis]

On Thu, Jan 9, 2020 at 11:30 PM Philippe Mathieu-Daudé
 wrote:
>
> As we want to remove the global current_machine,
> replace MACHINE_GET_CLASS(current_machine) by
> MACHINE_GET_CLASS(qdev_get_machine()).
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  migration/savevm.c | 10 +-
>  1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/migration/savevm.c b/migration/savevm.c
> index 59efc1981d..0e8b6a4715 100644
> --- a/migration/savevm.c
> +++ b/migration/savevm.c
> @@ -292,7 +292,8 @@ static uint32_t get_validatable_capabilities_count(void)
>  static int configuration_pre_save(void *opaque)
>  {
>  SaveState *state = opaque;
> -const char *current_name = MACHINE_GET_CLASS(current_machine)->name;
> +MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
> +const char *current_name = mc->name;
>  MigrationState *s = migrate_get_current();
>  int i, j;
>
> @@ -362,7 +363,8 @@ static bool configuration_validate_capabilities(SaveState 
> *state)
>  static int configuration_post_load(void *opaque, int version_id)
>  {
>  SaveState *state = opaque;
> -const char *current_name = MACHINE_GET_CLASS(current_machine)->name;
> +MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
> +const char *current_name = mc->name;
>
>  if (strncmp(state->name, current_name, state->len) != 0) {
>  error_report("Machine type received is '%.*s' and local is '%s'",
> @@ -615,9 +617,7 @@ static void dump_vmstate_vmsd(FILE *out_file,
>
>  static void dump_machine_type(FILE *out_file)
>  {
> -MachineClass *mc;
> -
> -mc = MACHINE_GET_CLASS(current_machine);
> +MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
>
>  fprintf(out_file, "  \"vmschkmachine\": {\n");
>  fprintf(out_file, "\"Name\": \"%s\"\n", mc->name);
> --
> 2.21.1
>
>

Re: [PATCH 07/15] hw/core/machine-qmp-cmds: Replace current_machine by qdev_get_machine()

[Alistair Francis]

On Thu, Jan 9, 2020 at 11:30 PM Philippe Mathieu-Daudé
 wrote:
>
> As we want to remove the global current_machine,
> replace MACHINE_GET_CLASS(current_machine) by
> MACHINE_GET_CLASS(qdev_get_machine()).
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/core/machine-qmp-cmds.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/core/machine-qmp-cmds.c b/hw/core/machine-qmp-cmds.c
> index eed5aeb2f7..5a04d00e4f 100644
> --- a/hw/core/machine-qmp-cmds.c
> +++ b/hw/core/machine-qmp-cmds.c
> @@ -280,9 +280,9 @@ void qmp_cpu_add(int64_t id, Error **errp)
>  {
>  MachineClass *mc;
>
> -mc = MACHINE_GET_CLASS(current_machine);
> +mc = MACHINE_GET_CLASS(qdev_get_machine());
>  if (mc->hot_add_cpu) {
> -mc->hot_add_cpu(current_machine, id, errp);
> +mc->hot_add_cpu(MACHINE(qdev_get_machine()), id, errp);
>  } else {
>  error_setg(errp, "Not supported");
>  }
> --
> 2.21.1
>
>

Re: [PATCH 08/15] target/arm/monitor: Replace current_machine by qdev_get_machine()

[Alistair Francis]

On Thu, Jan 9, 2020 at 11:23 PM Philippe Mathieu-Daudé
 wrote:
>
> As we want to remove the global current_machine,
> replace 'current_machine' by MACHINE(qdev_get_machine()).
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/arm/monitor.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/target/arm/monitor.c b/target/arm/monitor.c
> index fa054f8a36..bcbf69802d 100644
> --- a/target/arm/monitor.c
> +++ b/target/arm/monitor.c
> @@ -136,7 +136,8 @@ CpuModelExpansionInfo 
> *qmp_query_cpu_model_expansion(CpuModelExpansionType type,
>  }
>
>  if (kvm_enabled()) {
> -const char *cpu_type = current_machine->cpu_type;
> +MachineState *ms = MACHINE(qdev_get_machine());
> +const char *cpu_type = ms->cpu_type;
>  int len = strlen(cpu_type) - strlen(ARM_CPU_TYPE_SUFFIX);
>  bool supported = false;
>
> --
> 2.21.1
>
>

Re: [PATCH 09/15] device_tree: Replace current_machine by qdev_get_machine()

[Alistair Francis]

On Thu, Jan 9, 2020 at 11:34 PM Philippe Mathieu-Daudé
 wrote:
>
> As we want to remove the global current_machine,
> replace 'current_machine' by MACHINE(qdev_get_machine()).
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  device_tree.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/device_tree.c b/device_tree.c
> index f8b46b3c73..665ea2f586 100644
> --- a/device_tree.c
> +++ b/device_tree.c
> @@ -466,7 +466,9 @@ uint32_t qemu_fdt_alloc_phandle(void *fdt)
>   * which phandle id to start allocating phandles.
>   */
>  if (!phandle) {
> -phandle = machine_phandle_start(current_machine);
> +MachineState *ms = MACHINE(qdev_get_machine());
> +
> +phandle = machine_phandle_start(ms);
>  }
>
>  if (!phandle) {
> --
> 2.21.1
>
>

Re: [PATCH 10/15] memory: Replace current_machine by qdev_get_machine()

[Alistair Francis]

On Thu, Jan 9, 2020 at 11:29 PM Philippe Mathieu-Daudé
 wrote:
>
> As we want to remove the global current_machine,
> replace 'current_machine' by MACHINE(qdev_get_machine()).
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  memory.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/memory.c b/memory.c
> index d7b9bb6951..57e38b1f50 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -3004,6 +3004,7 @@ static void mtree_print_flatview(gpointer key, gpointer 
> value,
>  int n = view->nr;
>  int i;
>  AddressSpace *as;
> +MachineState *ms;
>
>  qemu_printf("FlatView #%d\n", fvi->counter);
>  ++fvi->counter;
> @@ -3026,6 +3027,7 @@ static void mtree_print_flatview(gpointer key, gpointer 
> value,
>  return;
>  }
>
> +ms = MACHINE(qdev_get_machine());

Why not set this at the top?

Alistair

>  while (n--) {
>  mr = range->mr;
>  if (range->offset_in_region) {
> @@ -3057,7 +3059,7 @@ static void mtree_print_flatview(gpointer key, gpointer 
> value,
>  if (fvi->ac) {
>  for (i = 0; i < fv_address_spaces->len; ++i) {
>  as = g_array_index(fv_address_spaces, AddressSpace*, i);
> -if (fvi->ac->has_memory(current_machine, as,
> +if (fvi->ac->has_memory(ms, as,
>  int128_get64(range->addr.start),
>  MR_SIZE(range->addr.size) + 1)) {
>  qemu_printf(" %s", fvi->ac->name);
> --
> 2.21.1
>
>

Re: [PATCH V2] vhost-user-test: fix a memory leak

[Thomas Huth]

On 10/01/2020 15.07, Thomas Huth wrote:
> On 20/12/2019 02.26, pannengy...@huawei.com wrote:
>> From: Pan Nengyuan 
>>
>> Spotted by ASAN.
>>
>> Reported-by: Euler Robot 
>> Signed-off-by: Pan Nengyuan 
>> ---
>> Changes V2 to V1:
>> - use a "goto cleanup", instead of duplicating the "free" functions.
>> - free "dest_cmdline" at the end.
>> ---
>>  tests/vhost-user-test.c | 5 -
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
>> index 91ea373..dcb8617 100644
>> --- a/tests/vhost-user-test.c
>> +++ b/tests/vhost-user-test.c
>> @@ -717,7 +717,7 @@ static void test_migrate(void *obj, void *arg, 
>> QGuestAllocator *alloc)
>>  guint64 size;
>>  
>>  if (!wait_for_fds(s)) {
>> -return;
>> +goto cleanup;
>>  }
>>  
>>  size = get_log_size(s);
>> @@ -776,8 +776,11 @@ static void test_migrate(void *obj, void *arg, 
>> QGuestAllocator *alloc)
>>  g_source_unref(source);
>>  
>>  qtest_quit(to);
>> +
>> + cleanup:
>>  test_server_free(dest);
>>  g_free(uri);
>> +g_string_free(dest_cmdline, true);
>>  }
>>  
>>  static void wait_for_rings_started(TestServer *s, size_t count)
>>
> 
> Reviewed-by: Thomas Huth 
> 
> ... and picked up to my qtest-next tree.

... and now I had to unqueue the patch again. It is reproducibly causing
one of the gitlab CI pipelines to fail with a timeout, e.g.:

 https://gitlab.com/huth/qemu/-/jobs/400101552

Not sure what is going on here, though, there is no obvious error
message in the output... this needs some more investigation... do you
have a gitlab account and could have a look?

 Thomas

Re: [PULL 0/8] qtests and docs

[Thomas Huth]

On 10/01/2020 12.19, Peter Maydell wrote:
> On Tue, 7 Jan 2020 at 19:08, Thomas Huth  wrote:
>>
>>  Hi!
>>
>> The following changes since commit f4d8cf148e43d942ef1202071e0cd66ce40322e0:
>>
>>   Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-01-06' 
>> into staging (2020-01-06 17:44:22 +)
>>
>> are available in the Git repository at:
>>
>>   https://gitlab.com/huth/qemu.git tags/pull-request-2020-01-07
>>
>> for you to fetch changes up to 2cf30f8ecb8b64cc5ccaf77244570e7def8075a5:
>>
>>   docs: build an index page for the HTML docs (2020-01-07 19:48:30 +0100)
>>
>> 
>> * Move qtests into a separate directory
>> * Build index.html for docs
>> 
> 
> Conflict in tests/Makefile.include, too big for me to easily
> see the right resolution. Can you fix up and resend, please?

Sure, will do!

 Thomas

[PULL v2 3/8] tests/Makefile: Remove 'tests/' and '$(EXESUF)' from the check-qtest variables

[Thomas Huth]

It's much easier if we simply add the folder prefix and the exe suffix
later via a substitution instead.

Message-Id: <20191218103059.11729-4-th...@redhat.com>
Reviewed-by: Paolo Bonzini 
Signed-off-by: Thomas Huth 
---
 tests/Makefile.include | 256 +
 1 file changed, 130 insertions(+), 126 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 48200d596c..262f334dfc 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -152,156 +152,160 @@ check-block-$(call 
land,$(CONFIG_POSIX),$(CONFIG_SOFTMMU)) += tests/check-block.
 # All QTests for now are POSIX-only, but the dependencies are
 # really in libqtest, not in the testcases themselves.
 
-check-qtest-generic-y += tests/qmp-test$(EXESUF)
-check-qtest-generic-y += tests/qmp-cmd-test$(EXESUF)
-check-qtest-generic-$(CONFIG_MODULES) += tests/modules-test$(EXESUF)
+check-qtest-generic-y += qmp-test
+check-qtest-generic-y += qmp-cmd-test
+check-qtest-generic-$(CONFIG_MODULES) += modules-test
+
+check-qtest-generic-y += device-introspect-test
+check-qtest-generic-y += cdrom-test
 
-check-qtest-generic-y += tests/device-introspect-test$(EXESUF)
-check-qtest-generic-y += tests/cdrom-test$(EXESUF)
 DBUS_DAEMON := $(shell which dbus-daemon 2>/dev/null)
 ifneq ($(GDBUS_CODEGEN),)
 ifneq ($(DBUS_DAEMON),)
-check-qtest-pci-$(CONFIG_GIO) += tests/dbus-vmstate-test$(EXESUF)
+check-qtest-pci-$(CONFIG_GIO) += dbus-vmstate-test
 endif
 endif
 
-check-qtest-pci-$(CONFIG_RTL8139_PCI) += tests/rtl8139-test$(EXESUF)
-check-qtest-pci-$(CONFIG_VGA) += tests/display-vga-test$(EXESUF)
-check-qtest-pci-$(CONFIG_HDA) += tests/intel-hda-test$(EXESUF)
-check-qtest-pci-$(CONFIG_IVSHMEM_DEVICE) += tests/ivshmem-test$(EXESUF)
-check-qtest-i386-$(CONFIG_ISA_TESTDEV) = tests/endianness-test$(EXESUF)
-check-qtest-i386-y += tests/fdc-test$(EXESUF)
-check-qtest-i386-y += tests/ide-test$(EXESUF)
-check-qtest-i386-$(CONFIG_TOOLS) += tests/ahci-test$(EXESUF)
-check-qtest-i386-y += tests/hd-geo-test$(EXESUF)
-check-qtest-i386-y += tests/boot-order-test$(EXESUF)
-check-qtest-i386-y += tests/bios-tables-test$(EXESUF)
-check-qtest-i386-$(CONFIG_SGA) += tests/boot-serial-test$(EXESUF)
-check-qtest-i386-$(CONFIG_SLIRP) += tests/pxe-test$(EXESUF)
-check-qtest-i386-y += tests/rtc-test$(EXESUF)
-check-qtest-i386-$(CONFIG_ISA_IPMI_KCS) += tests/ipmi-kcs-test$(EXESUF)
+check-qtest-pci-$(CONFIG_RTL8139_PCI) += rtl8139-test
+check-qtest-pci-$(CONFIG_VGA) += display-vga-test
+check-qtest-pci-$(CONFIG_HDA) += intel-hda-test
+check-qtest-pci-$(CONFIG_IVSHMEM_DEVICE) += ivshmem-test
+
+check-qtest-i386-$(CONFIG_ISA_TESTDEV) = endianness-test
+check-qtest-i386-y += fdc-test
+check-qtest-i386-y += ide-test
+check-qtest-i386-$(CONFIG_TOOLS) += ahci-test
+check-qtest-i386-y += hd-geo-test
+check-qtest-i386-y += boot-order-test
+check-qtest-i386-y += bios-tables-test
+check-qtest-i386-$(CONFIG_SGA) += boot-serial-test
+check-qtest-i386-$(CONFIG_SLIRP) += pxe-test
+check-qtest-i386-y += rtc-test
+check-qtest-i386-$(CONFIG_ISA_IPMI_KCS) += ipmi-kcs-test
 ifdef CONFIG_LINUX
-check-qtest-i386-$(CONFIG_ISA_IPMI_BT) += tests/ipmi-bt-test$(EXESUF)
+check-qtest-i386-$(CONFIG_ISA_IPMI_BT) += ipmi-bt-test
 endif
-check-qtest-i386-y += tests/i440fx-test$(EXESUF)
-check-qtest-i386-y += tests/fw_cfg-test$(EXESUF)
-check-qtest-i386-y += tests/device-plug-test$(EXESUF)
-check-qtest-i386-y += tests/drive_del-test$(EXESUF)
-check-qtest-i386-$(CONFIG_WDT_IB700) += tests/wdt_ib700-test$(EXESUF)
-check-qtest-i386-y += tests/tco-test$(EXESUF)
+check-qtest-i386-y += i440fx-test
+check-qtest-i386-y += fw_cfg-test
+check-qtest-i386-y += device-plug-test
+check-qtest-i386-y += drive_del-test
+check-qtest-i386-$(CONFIG_WDT_IB700) += wdt_ib700-test
+check-qtest-i386-y += tco-test
 check-qtest-i386-y += $(check-qtest-pci-y)
-check-qtest-i386-$(CONFIG_PVPANIC) += tests/pvpanic-test$(EXESUF)
-check-qtest-i386-$(CONFIG_I82801B11) += tests/i82801b11-test$(EXESUF)
-check-qtest-i386-$(CONFIG_IOH3420) += tests/ioh3420-test$(EXESUF)
-check-qtest-i386-$(CONFIG_USB_UHCI) += tests/usb-hcd-uhci-test$(EXESUF)
-check-qtest-i386-$(call land,$(CONFIG_USB_EHCI),$(CONFIG_USB_UHCI)) += 
tests/usb-hcd-ehci-test$(EXESUF)
-check-qtest-i386-$(CONFIG_USB_XHCI_NEC) += tests/usb-hcd-xhci-test$(EXESUF)
-check-qtest-i386-y += tests/cpu-plug-test$(EXESUF)
-check-qtest-i386-y += tests/q35-test$(EXESUF)
-check-qtest-i386-y += tests/vmgenid-test$(EXESUF)
-check-qtest-i386-$(CONFIG_TPM_CRB) += tests/tpm-crb-swtpm-test$(EXESUF)
-check-qtest-i386-$(CONFIG_TPM_CRB) += tests/tpm-crb-test$(EXESUF)
-check-qtest-i386-$(CONFIG_TPM_TIS) += tests/tpm-tis-swtpm-test$(EXESUF)
-check-qtest-i386-$(CONFIG_TPM_TIS) += tests/tpm-tis-test$(EXESUF)
-check-qtest-i386-$(CONFIG_SLIRP) += tests/test-netfilter$(EXESUF)
-check-qtest-i386-$(CONFIG_POSIX) += tests/test-filter-mirror$(EXESUF)
-check-qtest-i386-$(CONFIG_RTL8139_PCI) += tests/test-filter-redirector$(EXESUF)
-check-qtest-i386-y += tests/migration-test$(EXESUF)
-c

[PULL v2 5/8] test: Move qtests to a separate directory

[Thomas Huth]

The tests directory itself is pretty overcrowded, and it's hard to
see which test belongs to which test subsystem (unit, qtest, ...).
Let's move the qtests to a separate folder for more clarity.

Message-Id: <20191218103059.11729-6-th...@redhat.com>
Reviewed-by: Paolo Bonzini 
Signed-off-by: Thomas Huth 
---
 .gitlab-ci.yml|  11 +-
 MAINTAINERS   |  79 +++
 configure |   4 +-
 tests/Makefile.include| 221 +-
 tests/{ => qtest}/ac97-test.c |   0
 tests/{ => qtest}/acpi-utils.c|   0
 tests/{ => qtest}/acpi-utils.h|   0
 tests/{ => qtest}/ahci-test.c |   0
 tests/{ => qtest}/arm-cpu-features.c  |   0
 .../bios-tables-test-allowed-diff.h   |   0
 tests/{ => qtest}/bios-tables-test.c  |   0
 tests/{ => qtest}/boot-order-test.c   |   0
 tests/{ => qtest}/boot-sector.c   |   0
 tests/{ => qtest}/boot-sector.h   |   0
 tests/{ => qtest}/boot-serial-test.c  |   0
 tests/{ => qtest}/cdrom-test.c|   0
 tests/{ => qtest}/cpu-plug-test.c |   0
 tests/{ => qtest}/dbus-vmstate-test.c |   0
 tests/{ => qtest}/dbus-vmstate1.xml   |   0
 tests/{ => qtest}/device-introspect-test.c|   0
 tests/{ => qtest}/device-plug-test.c  |   0
 tests/{ => qtest}/display-vga-test.c  |   0
 tests/{ => qtest}/drive_del-test.c|   0
 tests/{ => qtest}/ds1338-test.c   |   0
 tests/{ => qtest}/e1000-test.c|   0
 tests/{ => qtest}/e1000e-test.c   |   0
 tests/{ => qtest}/eepro100-test.c |   0
 tests/{ => qtest}/endianness-test.c   |   0
 tests/{ => qtest}/es1370-test.c   |   0
 tests/{ => qtest}/fdc-test.c  |   0
 tests/{ => qtest}/fw_cfg-test.c   |   0
 tests/{ => qtest}/hd-geo-test.c   |   0
 tests/{ => qtest}/hexloader-test.c|   0
 tests/{ => qtest}/i440fx-test.c   |   0
 tests/{ => qtest}/i82801b11-test.c|   0
 tests/{ => qtest}/ide-test.c  |   0
 tests/{ => qtest}/intel-hda-test.c|   0
 tests/{ => qtest}/ioh3420-test.c  |   0
 tests/{ => qtest}/ipmi-bt-test.c  |   0
 tests/{ => qtest}/ipmi-kcs-test.c |   0
 tests/{ => qtest}/ipoctal232-test.c   |   0
 tests/{ => qtest}/ivshmem-test.c  |   0
 tests/{ => qtest}/libqtest-single.h   |   0
 tests/{ => qtest}/libqtest.c  |   0
 tests/{ => qtest}/libqtest.h  |   0
 tests/{ => qtest}/m25p80-test.c   |   0
 tests/{ => qtest}/m48t59-test.c   |   0
 tests/{ => qtest}/machine-none-test.c |   0
 tests/{ => qtest}/megasas-test.c  |   0
 tests/{ => qtest}/microbit-test.c |   0
 tests/{ => qtest}/migration-helpers.c |   0
 tests/{ => qtest}/migration-helpers.h |   0
 tests/{ => qtest}/migration-test.c|   0
 tests/{ => qtest}/modules-test.c  |   0
 tests/{ => qtest}/ne2000-test.c   |   0
 tests/{ => qtest}/numa-test.c |   0
 tests/{ => qtest}/nvme-test.c |   0
 tests/{ => qtest}/pca9552-test.c  |   0
 tests/{ => qtest}/pci-test.c  |   0
 tests/{ => qtest}/pcnet-test.c|   0
 tests/{ => qtest}/pflash-cfi02-test.c |   0
 tests/{ => qtest}/pnv-xscom-test.c|   0
 tests/{ => qtest}/prom-env-test.c |   0
 tests/{ => qtest}/pvpanic-test.c  |   0
 tests/{ => qtest}/pxe-test.c  |   0
 tests/{ => qtest}/q35-test.c  |   0
 tests/{ => qtest}/qmp-cmd-test.c  |   0
 tests/{ => qtest}/qmp-test.c  |   0
 tests/{ => qtest}/qom-test.c  |   0
 tests/{ => qtest}/qos-test.c  |   0
 tests/{ => qtest}/rtas-test.c |   0
 tests/{ => qtest}/rtc-test.c  |   0
 tests/{ => qtest}/rtl8139-test.c  |   0
 tests/{ => qtest}/sdhci-test.c|   0
 tests/{ => qtest}/spapr-phb-test.c|   0
 tests/{ => qtest}/tco-test.c  |   0
 tests/{ => qtest}/test-arm-mptimer.c  |   0
 tests/{ => qtest}/test-filter-mirror.c|   0
 tests/{ => qtest}/test-filter-redirector.c|   0
 tests/{ => qtest}/test-hmp.c  |   0
 tests/{ => qtest}/test-netfilter.c|   0
 tests/{ => qtest}/test-x86-cpuid-compat.c |   0
 tests/{ => qtest}/tmp105-test.c   |   0
 tests/{ => qtest}/tpm-crb-swtpm-test.c|   0
 tests/{ => qtest}/tpm-crb-test.c  |   0
 tests/{ => qtest}/tpm-emu.c   |   0
 tests/{ => qtest}/tpm-emu.h   |   0
 tests/{ => qtest}/tpm-tests.c   

[PULL v2 0/8] qtests and docs

[Thomas Huth]

 Hi Peter!

The following changes since commit dc65a5bdc9fa543690a775b50d4ffbeb22c56d6d:

  Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.0-20200108'
  into staging (2020-01-10 16:15:04 +)

are available in the Git repository at:

  https://gitlab.com/huth/qemu.git tags/pull-request-2020-01-12

for you to fetch changes up to 22108f333d16cbfbd5808bb4f661c394b08fe698:

  docs: build an index page for the HTML docs (2020-01-12 11:42:41 +0100)


* Move qtests into a separate directory
* Build index.html for docs


v2: Rebased and fixed conflicts in tests/Makefile.include

Stefan Hajnoczi (1):
  docs: build an index page for the HTML docs

Thomas Huth (7):
  tests/Makefile: test-char does not need libqtest
  tests/ptimer: Remove unnecessary inclusion of libqtest.h
  tests/Makefile: Remove 'tests/' and '$(EXESUF)' from the check-qtest 
variables
  tests/Makefile: Separate unit test dependencies from qtest dependencies
  test: Move qtests to a separate directory
  tests/Makefile: Move qtest-related settings to a separate Makefile.include
  tests/libqos: Move the libqos files under tests/qtest/

 .gitlab-ci.yml |  11 +-
 MAINTAINERS|  88 +++--
 Makefile   |   6 +
 configure  |   4 +-
 docs/index.html.in |  17 +
 tests/Makefile.include | 356 ++---
 tests/ptimer-test.c|   1 -
 tests/qtest/Makefile.include   | 318 ++
 tests/{ => qtest}/ac97-test.c  |   0
 tests/{ => qtest}/acpi-utils.c |   0
 tests/{ => qtest}/acpi-utils.h |   0
 tests/{ => qtest}/ahci-test.c  |   0
 tests/{ => qtest}/arm-cpu-features.c   |   0
 tests/{ => qtest}/bios-tables-test-allowed-diff.h  |   0
 tests/{ => qtest}/bios-tables-test.c   |   0
 tests/{ => qtest}/boot-order-test.c|   0
 tests/{ => qtest}/boot-sector.c|   0
 tests/{ => qtest}/boot-sector.h|   0
 tests/{ => qtest}/boot-serial-test.c   |   0
 tests/{ => qtest}/cdrom-test.c |   0
 tests/{ => qtest}/cpu-plug-test.c  |   0
 tests/{ => qtest}/dbus-vmstate-test.c  |   0
 tests/{ => qtest}/dbus-vmstate1.xml|   0
 tests/{ => qtest}/device-introspect-test.c |   0
 tests/{ => qtest}/device-plug-test.c   |   0
 tests/{ => qtest}/display-vga-test.c   |   0
 tests/{ => qtest}/drive_del-test.c |   0
 tests/{ => qtest}/ds1338-test.c|   0
 tests/{ => qtest}/e1000-test.c |   0
 tests/{ => qtest}/e1000e-test.c|   0
 tests/{ => qtest}/eepro100-test.c  |   0
 tests/{ => qtest}/endianness-test.c|   0
 tests/{ => qtest}/es1370-test.c|   0
 tests/{ => qtest}/fdc-test.c   |   0
 tests/{ => qtest}/fw_cfg-test.c|   0
 tests/{ => qtest}/hd-geo-test.c|   0
 tests/{ => qtest}/hexloader-test.c |   0
 tests/{ => qtest}/i440fx-test.c|   0
 tests/{ => qtest}/i82801b11-test.c |   0
 tests/{ => qtest}/ide-test.c   |   0
 tests/{ => qtest}/intel-hda-test.c |   0
 tests/{ => qtest}/ioh3420-test.c   |   0
 tests/{ => qtest}/ipmi-bt-test.c   |   0
 tests/{ => qtest}/ipmi-kcs-test.c  |   0
 tests/{ => qtest}/ipoctal232-test.c|   0
 tests/{ => qtest}/ivshmem-test.c   |   0
 .../libqos/aarch64-xlnx-zcu102-machine.c   |   0
 tests/{ => qtest}/libqos/ahci.c|   0
 tests/{ => qtest}/libqos/ahci.h|   0
 tests/{ => qtest}/libqos/arm-imx25-pdk-machine.c   |   0
 tests/{ => qtest}/libqos/arm-n800-machine.c|   0
 tests/{ => qtest}/libqos/arm-raspi2-machine.c  |   0
 tests/{ => qtest}/libqos/arm-sabrelite-machine.c   |   0
 tests/{ => qtest}/libqos/arm-smdkc210-machine.c|   0
 tests/{ => qtest}/libqos/arm-virt-machine.c|   0
 .../libqos/arm-xilinx-zynq-a9-machine.c|   0
 tests/{ => qtest}/libqos/e1000e.c  |   0
 tests/{ => qtest}/libqos/e1000e.h  |   0
 tests/{ => qtest}/libqos/fw_cfg.c  |   0
 tests/{ => qtest}/libqos/fw_cfg.h  |   0
 tests/{ => qtest}/libqos/i2c-imx.c |   0
 tests/{ => qtest}/libqos/i2c-omap.c|   0
 tests/{ => qtest}/libqos/i2c.c |   0
 t

[PULL v2 6/8] tests/Makefile: Move qtest-related settings to a separate Makefile.include

[Thomas Huth]

tests/Makefile.include is pretty much overcrowded. Now that we have a
dedicated folder for the qtests, let's move the related settings
to a Makefile.include file in that directory instead.

Message-Id: <20191218103059.11729-7-th...@redhat.com>
Reviewed-by: Paolo Bonzini 
Signed-off-by: Thomas Huth 
---
 tests/Makefile.include   | 319 +--
 tests/qtest/Makefile.include | 318 ++
 2 files changed, 319 insertions(+), 318 deletions(-)
 create mode 100644 tests/qtest/Makefile.include

diff --git a/tests/Makefile.include b/tests/Makefile.include
index bd2bcd6f1b..065fd09964 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -149,164 +149,6 @@ check-unit-y += tests/test-qapi-util$(EXESUF)
 
 check-block-$(call land,$(CONFIG_POSIX),$(CONFIG_SOFTMMU)) += 
tests/check-block.sh
 
-# All QTests for now are POSIX-only, but the dependencies are
-# really in libqtest, not in the testcases themselves.
-
-check-qtest-generic-y += qmp-test
-check-qtest-generic-y += qmp-cmd-test
-check-qtest-generic-$(CONFIG_MODULES) += modules-test
-
-check-qtest-generic-y += device-introspect-test
-check-qtest-generic-y += cdrom-test
-
-DBUS_DAEMON := $(shell which dbus-daemon 2>/dev/null)
-ifneq ($(GDBUS_CODEGEN),)
-ifneq ($(DBUS_DAEMON),)
-check-qtest-pci-$(CONFIG_GIO) += dbus-vmstate-test
-endif
-endif
-
-check-qtest-pci-$(CONFIG_RTL8139_PCI) += rtl8139-test
-check-qtest-pci-$(CONFIG_VGA) += display-vga-test
-check-qtest-pci-$(CONFIG_HDA) += intel-hda-test
-check-qtest-pci-$(CONFIG_IVSHMEM_DEVICE) += ivshmem-test
-
-check-qtest-i386-$(CONFIG_ISA_TESTDEV) = endianness-test
-check-qtest-i386-y += fdc-test
-check-qtest-i386-y += ide-test
-check-qtest-i386-$(CONFIG_TOOLS) += ahci-test
-check-qtest-i386-y += hd-geo-test
-check-qtest-i386-y += boot-order-test
-check-qtest-i386-y += bios-tables-test
-check-qtest-i386-$(CONFIG_SGA) += boot-serial-test
-check-qtest-i386-$(CONFIG_SLIRP) += pxe-test
-check-qtest-i386-y += rtc-test
-check-qtest-i386-$(CONFIG_ISA_IPMI_KCS) += ipmi-kcs-test
-ifdef CONFIG_LINUX
-check-qtest-i386-$(CONFIG_ISA_IPMI_BT) += ipmi-bt-test
-endif
-check-qtest-i386-y += i440fx-test
-check-qtest-i386-y += fw_cfg-test
-check-qtest-i386-y += device-plug-test
-check-qtest-i386-y += drive_del-test
-check-qtest-i386-$(CONFIG_WDT_IB700) += wdt_ib700-test
-check-qtest-i386-y += tco-test
-check-qtest-i386-y += $(check-qtest-pci-y)
-check-qtest-i386-$(CONFIG_PVPANIC) += pvpanic-test
-check-qtest-i386-$(CONFIG_I82801B11) += i82801b11-test
-check-qtest-i386-$(CONFIG_IOH3420) += ioh3420-test
-check-qtest-i386-$(CONFIG_USB_UHCI) += usb-hcd-uhci-test
-check-qtest-i386-$(call land,$(CONFIG_USB_EHCI),$(CONFIG_USB_UHCI)) += 
usb-hcd-ehci-test
-check-qtest-i386-$(CONFIG_USB_XHCI_NEC) += usb-hcd-xhci-test
-check-qtest-i386-y += cpu-plug-test
-check-qtest-i386-y += q35-test
-check-qtest-i386-y += vmgenid-test
-check-qtest-i386-$(CONFIG_TPM_CRB) += tpm-crb-swtpm-test
-check-qtest-i386-$(CONFIG_TPM_CRB) += tpm-crb-test
-check-qtest-i386-$(CONFIG_TPM_TIS) += tpm-tis-swtpm-test
-check-qtest-i386-$(CONFIG_TPM_TIS) += tpm-tis-test
-check-qtest-i386-$(CONFIG_SLIRP) += test-netfilter
-check-qtest-i386-$(CONFIG_POSIX) += test-filter-mirror
-check-qtest-i386-$(CONFIG_RTL8139_PCI) += test-filter-redirector
-check-qtest-i386-y += migration-test
-check-qtest-i386-y += test-x86-cpuid-compat
-check-qtest-i386-y += numa-test
-
-check-qtest-x86_64-y += $(check-qtest-i386-y)
-
-check-qtest-alpha-y += boot-serial-test
-check-qtest-alpha-$(CONFIG_VGA) += display-vga-test
-
-check-qtest-hppa-y += boot-serial-test
-check-qtest-hppa-$(CONFIG_VGA) += display-vga-test
-
-check-qtest-m68k-y = boot-serial-test
-
-check-qtest-microblaze-y += boot-serial-test
-
-check-qtest-mips-$(CONFIG_ISA_TESTDEV) = endianness-test
-check-qtest-mips-$(CONFIG_VGA) += display-vga-test
-
-check-qtest-mips64-$(CONFIG_ISA_TESTDEV) = endianness-test
-check-qtest-mips64-$(CONFIG_VGA) += display-vga-test
-
-check-qtest-mips64el-$(CONFIG_ISA_TESTDEV) = endianness-test
-check-qtest-mips64el-$(CONFIG_VGA) += display-vga-test
-
-check-qtest-moxie-y += boot-serial-test
-
-check-qtest-ppc-$(CONFIG_ISA_TESTDEV) = endianness-test
-check-qtest-ppc-y += boot-order-test
-check-qtest-ppc-y += prom-env-test
-check-qtest-ppc-y += drive_del-test
-check-qtest-ppc-y += boot-serial-test
-check-qtest-ppc-$(CONFIG_M48T59) += m48t59-test
-
-check-qtest-ppc64-y += $(check-qtest-ppc-y)
-check-qtest-ppc64-$(CONFIG_PSERIES) += device-plug-test
-check-qtest-ppc64-$(CONFIG_POWERNV) += pnv-xscom-test
-check-qtest-ppc64-y += migration-test
-check-qtest-ppc64-$(CONFIG_PSERIES) += rtas-test
-check-qtest-ppc64-$(CONFIG_SLIRP) += pxe-test
-check-qtest-ppc64-$(CONFIG_USB_UHCI) += usb-hcd-uhci-test
-check-qtest-ppc64-$(CONFIG_USB_XHCI_NEC) += usb-hcd-xhci-test
-check-qtest-ppc64-$(CONFIG_SLIRP) += test-netfilter
-check-qtest-ppc64-$(CONFIG_POSIX) += test-filter-mirror
-check-qtest-ppc64-$(CONFIG_RTL8139_PCI) += test-filter-redirector
-check-qtest-pp

[PATCH v28 11/22] target/rx: Emit all disassembly in one prt()

[Yoshinori Sato]

From: Richard Henderson 

Many of the multi-part prints have been eliminated by previous
patches.  Eliminate the rest of them.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-22-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 75 ---
 1 file changed, 39 insertions(+), 36 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index db10385fd0..ebc1a44249 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -228,24 +228,21 @@ static bool trans_MOV_ra(DisasContext *ctx, arg_MOV_ra *a)
 /* mov.[bwl] rs,rd */
 static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 {
-char dspd[8], dsps[8];
+char dspd[8], dsps[8], szc = size[a->sz];
 
-prt("mov.%c\t", size[a->sz]);
 if (a->lds == 3 && a->ldd == 3) {
 /* mov.[bwl] rs,rd */
-prt("r%d, r%d", a->rs, a->rd);
-return true;
-}
-if (a->lds == 3) {
+prt("mov.%c\tr%d, r%d", szc, a->rs, a->rd);
+} else if (a->lds == 3) {
 rx_index_addr(ctx, dspd, a->ldd, a->sz);
-prt("r%d, %s[r%d]", a->rs, dspd, a->rd);
+prt("mov.%c\tr%d, %s[r%d]", szc, a->rs, dspd, a->rd);
 } else if (a->ldd == 3) {
 rx_index_addr(ctx, dsps, a->lds, a->sz);
-prt("%s[r%d], r%d", dsps, a->rs, a->rd);
+prt("mov.%c\t%s[r%d], r%d", szc, dsps, a->rs, a->rd);
 } else {
 rx_index_addr(ctx, dsps, a->lds, a->sz);
 rx_index_addr(ctx, dspd, a->ldd, a->sz);
-prt("%s[r%d], %s[r%d]", dsps, a->rs, dspd, a->rd);
+prt("mov.%c\t%s[r%d], %s[r%d]", szc, dsps, a->rs, dspd, a->rd);
 }
 return true;
 }
@@ -254,8 +251,11 @@ static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 /* mov.[bwl] rs,[-rd] */
 static bool trans_MOV_rp(DisasContext *ctx, arg_MOV_rp *a)
 {
-prt("mov.%c\tr%d, ", size[a->sz], a->rs);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
+if (a->ad) {
+prt("mov.%c\tr%d, [-r%d]", size[a->sz], a->rs, a->rd);
+} else {
+prt("mov.%c\tr%d, [r%d+]", size[a->sz], a->rs, a->rd);
+}
 return true;
 }
 
@@ -263,9 +263,11 @@ static bool trans_MOV_rp(DisasContext *ctx, arg_MOV_rp *a)
 /* mov.[bwl] [-rd],rs */
 static bool trans_MOV_pr(DisasContext *ctx, arg_MOV_pr *a)
 {
-prt("mov.%c\t", size[a->sz]);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
-prt(", r%d", a->rs);
+if (a->ad) {
+prt("mov.%c\t[-r%d], r%d", size[a->sz], a->rd, a->rs);
+} else {
+prt("mov.%c\t[r%d+], r%d", size[a->sz], a->rd, a->rs);
+}
 return true;
 }
 
@@ -299,9 +301,11 @@ static bool trans_MOVU_ar(DisasContext *ctx, arg_MOVU_ar 
*a)
 /* movu.[bw] [-rs],rd */
 static bool trans_MOVU_pr(DisasContext *ctx, arg_MOVU_pr *a)
 {
-prt("movu.%c\t", size[a->sz]);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
-prt(", r%d", a->rs);
+if (a->ad) {
+prt("movu.%c\t[-r%d], r%d", size[a->sz], a->rd, a->rs);
+} else {
+prt("movu.%c\t[r%d+], r%d", size[a->sz], a->rd, a->rs);
+}
 return true;
 }
 
@@ -478,11 +482,11 @@ static bool trans_TST_mr(DisasContext *ctx, arg_TST_mr *a)
 /* not rs, rd */
 static bool trans_NOT_rr(DisasContext *ctx, arg_NOT_rr *a)
 {
-prt("not\t");
 if (a->rs != a->rd) {
-prt("r%d, ", a->rs);
+prt("not\tr%d, r%d", a->rs, a->rd);
+} else {
+prt("not\tr%d", a->rs);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -490,11 +494,11 @@ static bool trans_NOT_rr(DisasContext *ctx, arg_NOT_rr *a)
 /* neg rs, rd */
 static bool trans_NEG_rr(DisasContext *ctx, arg_NEG_rr *a)
 {
-prt("neg\t");
 if (a->rs != a->rd) {
-prt("r%d, ", a->rs);
+prt("neg\tr%d, r%d", a->rs, a->rd);
+} else {
+prt("neg\tr%d", a->rs);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -606,11 +610,10 @@ static bool trans_SBB_mr(DisasContext *ctx, arg_SBB_mr *a)
 /* abs rs, rd */
 static bool trans_ABS_rr(DisasContext *ctx, arg_ABS_rr *a)
 {
-prt("abs\t");
-if (a->rs == a->rd) {
-prt("r%d", a->rd);
+if (a->rs != a->rd) {
+prt("abs\tr%d, r%d", a->rs, a->rd);
 } else {
-prt("r%d, r%d", a->rs, a->rd);
+prt("abs\tr%d", a->rs);
 }
 return true;
 }
@@ -733,11 +736,11 @@ static bool trans_DIVU_mr(DisasContext *ctx, arg_DIVU_mr 
*a)
 /* shll #imm:5, rs, rd */
 static bool trans_SHLL_irr(DisasContext *ctx, arg_SHLL_irr *a)
 {
-prt("shll\t#%d, ", a->imm);
 if (a->rs2 != a->rd) {
-prt("r%d, ", a->rs2);
+prt("shll\t#%d, r%d, r%d", a->imm, a->rs2, a->rd);
+} else {
+prt("shll\t#%d, r%d", a->imm, a->rd);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -752,11 +755,11 @@ static bool trans_SHLL_rr(DisasContext *ctx, arg_SHLL_rr 
*a)
 /* shar #imm:5, rs, rd */
 static bool trans_SHAR_irr(DisasContext *ctx, arg_SHAR_irr

[PATCH v28 10/22] target/rx: Use prt_ldmi for XCHG_mr disassembly

[Yoshinori Sato]

From: Richard Henderson 

Note that the ld == 3 case handled by prt_ldmi is decoded as
XCHG_rr and cannot appear here.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-21-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 8 +---
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 515b365528..db10385fd0 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -366,13 +366,7 @@ static bool trans_XCHG_rr(DisasContext *ctx, arg_XCHG_rr 
*a)
 /* xchg dsp[rs].,rd */
 static bool trans_XCHG_mr(DisasContext *ctx, arg_XCHG_mr *a)
 {
-static const char msize[][4] = {
-"b", "w", "l", "ub", "uw",
-};
-char dsp[8];
-
-rx_index_addr(ctx, dsp, a->ld, a->mi);
-prt("xchg\t%s[r%d].%s, r%d", dsp, a->rs, msize[a->mi], a->rd);
+prt_ldmi(ctx, "xchg", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
-- 
2.20.1

[PATCH v28 01/22] MAINTAINERS: Add RX

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-18-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 MAINTAINERS | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index cd2dc137a3..d28f3ba584 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -272,6 +272,13 @@ F: include/hw/riscv/
 F: linux-user/host/riscv32/
 F: linux-user/host/riscv64/
 
+RENESAS RX CPUs
+M: Yoshinori Sato 
+S: Maintained
+F: target/rx/
+F: hw/rx/
+F: include/hw/rx/
+
 S390 TCG CPUs
 M: Richard Henderson 
 M: David Hildenbrand 
@@ -1137,6 +1144,18 @@ F: pc-bios/canyonlands.dt[sb]
 F: pc-bios/u-boot-sam460ex-20100605.bin
 F: roms/u-boot-sam460ex
 
+RX Machines
+---
+rx-virt
+M: Yoshinori Sato 
+S: Maintained
+F: hw/rx/rxqemu.c
+F: hw/intc/rx_icu.c
+F: hw/timer/renesas_*.c
+F: hw/char/renesas_sci.c
+F: include/hw/timer/renesas_*.h
+F: include/hw/char/renesas_sci.h
+
 SH4 Machines
 
 R2D
-- 
2.20.1

[PATCH v28 02/22] qemu/bitops.h: Add extract8 and extract16

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-10-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/qemu/bitops.h | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/include/qemu/bitops.h b/include/qemu/bitops.h
index 02c1ce6a5d..f55ce8b320 100644
--- a/include/qemu/bitops.h
+++ b/include/qemu/bitops.h
@@ -301,6 +301,44 @@ static inline uint32_t extract32(uint32_t value, int 
start, int length)
 return (value >> start) & (~0U >> (32 - length));
 }
 
+/**
+ * extract8:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 8 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 8 bit word. It is valid to request that
+ * all 8 bits are returned (ie @length 8 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint8_t extract8(uint8_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 8 - start);
+return extract32(value, start, length);
+}
+
+/**
+ * extract16:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 16 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 16 bit word. It is valid to request that
+ * all 16 bits are returned (ie @length 16 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint16_t extract16(uint16_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 16 - start);
+return extract32(value, start, length);
+}
+
 /**
  * extract64:
  * @value: the value to extract the bit field from
-- 
2.20.1

[PATCH v28 22/22] qemu-doc.texi: Add RX section.

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
---
 qemu-doc.texi | 25 +
 1 file changed, 25 insertions(+)

diff --git a/qemu-doc.texi b/qemu-doc.texi
index 39f950471f..81f76074c4 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -1741,6 +1741,7 @@ differences are mentioned in the following sections.
 * Microblaze System emulator::
 * SH4 System emulator::
 * Xtensa System emulator::
+* RX System emulator::
 @end menu
 
 @node PowerPC System emulator
@@ -2514,6 +2515,30 @@ so should only be used with trusted guest OS.
 
 @c man end
 
+@node RX System emulator
+@section RX System emulator
+@cindex system emulation (RX)
+
+Use the executable @file{qemu-system-rx} to simulate a Virtual RX target.
+This target emulated following devices.
+
+@itemize @minus
+@item
+R5F562N8 MCU
+@item
+On-chip memory (ROM 512KB, RAM 96KB)
+@item
+Interrupt Control Unit (ICUa)
+@item
+8Bit Timer x 1CH (TMR0,1)
+@item
+Compare Match Timer x 2CH (CMT0,1)
+@item
+Serial Communication Interface x 1CH (SCI0)
+@item
+External memory 16MByte
+@end itemize
+
 @node QEMU User space emulator
 @chapter QEMU User space emulator
 
-- 
2.20.1

[PATCH v28 00/22] Add RX archtecture support

[Yoshinori Sato]

Hello.
This patch series is added Renesas RX target emulation.

Changes for v27.
Added RX section to qemu-doc.
Rebase for master

Changes for v26.
Rebase for 5.0
Update machine.json for 5.0

Changes for v25.
Update commit message.
Squashed qapi/machine.json changes.

Changes for v24.
Add note for qapi/machine.json.
Added Acked-by for 6/22.
git rebase master.

Changes for v23.
Follow master changes.

Changes for v22.
Added some include.

Changes for v21.
rebase latest master.
Remove unneeded hmp_info_tlb.

Chanegs for v20.
Reorderd patches.
Squashed v19 changes.

Changes for v19.
Follow tcg changes.
Cleanup cpu.c.
simplify rx_cpu_class_by_name and rx_load_image move to rx-virt.

My git repository is bellow.
git://git.pf.osdn.net/gitroot/y/ys/ysato/qemu.git tags/rx-20200112

Testing binaries bellow.
u-boot
Download - https://osdn.net/users/ysato/pf/qemu/dl/u-boot.bin.gz

starting
$ gzip -d u-boot.bin.gz
$ qemu-system-rx -bios u-boot.bin

linux and pico-root (only sash)
Download - https://osdn.net/users/ysato/pf/qemu/dl/zImage (kernel)
   https://osdn.net/users/ysato/pf/qemu/dl/rx-qemu.dtb (DeviceTree)

starting
$ qemu-system-rx -kernel zImage -dtb rx-qemu.dtb -append "earlycon"

Philippe Mathieu-Daudé (3):
  hw/registerfields.h: Add 8bit and 16bit register macros
  hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
  BootLinuxConsoleTest: Test the RX-Virt machine

Richard Henderson (7):
  target/rx: Disassemble rx_index_addr into a string
  target/rx: Replace operand with prt_ldmi in disassembler
  target/rx: Use prt_ldmi for XCHG_mr disassembly
  target/rx: Emit all disassembly in one prt()
  target/rx: Collect all bytes during disassembly
  target/rx: Dump bytes for each insn during disassembly
  hw/rx: Honor -accel qtest

Yoshinori Sato (12):
  MAINTAINERS: Add RX
  qemu/bitops.h: Add extract8 and extract16
  target/rx: TCG translation
  target/rx: TCG helper
  target/rx: CPU definition
  target/rx: RX disassembler
  hw/intc: RX62N interrupt controller (ICUa)
  hw/timer: RX62N internal timer modules
  hw/char: RX62N serial communication interface (SCI)
  hw/rx: RX Target hardware definition
  Add rx-softmmu
  qemu-doc.texi: Add RX section.

 qemu-doc.texi  |   25 +
 configure  |8 +
 default-configs/rx-softmmu.mak |3 +
 qapi/machine.json  |3 +-
 include/disas/dis-asm.h|5 +
 include/exec/poison.h  |1 +
 include/hw/char/renesas_sci.h  |   45 +
 include/hw/intc/rx_icu.h   |   56 +
 include/hw/registerfields.h|   32 +-
 include/hw/rx/rx.h |7 +
 include/hw/rx/rx62n.h  |   91 +
 include/hw/timer/renesas_cmt.h |   38 +
 include/hw/timer/renesas_tmr.h |   53 +
 include/qemu/bitops.h  |   38 +
 include/sysemu/arch_init.h |1 +
 target/rx/cpu-param.h  |   31 +
 target/rx/cpu-qom.h|   42 +
 target/rx/cpu.h|  181 ++
 target/rx/helper.h |   31 +
 arch_init.c|2 +
 hw/char/renesas_sci.c  |  343 
 hw/intc/rx_icu.c   |  379 
 hw/rx/rx-virt.c|  135 ++
 hw/rx/rx62n.c  |  247 +++
 hw/timer/renesas_cmt.c |  278 +++
 hw/timer/renesas_tmr.c |  458 +
 target/rx/cpu.c|  217 +++
 target/rx/disas.c  | 1446 ++
 target/rx/gdbstub.c|  112 ++
 target/rx/helper.c |  149 ++
 target/rx/op_helper.c  |  470 +
 target/rx/translate.c  | 2432 
 tests/machine-none-test.c  |1 +
 MAINTAINERS|   19 +
 hw/Kconfig |1 +
 hw/char/Kconfig|3 +
 hw/char/Makefile.objs  |1 +
 hw/intc/Kconfig|3 +
 hw/intc/Makefile.objs  |1 +
 hw/rx/Kconfig  |   14 +
 hw/rx/Makefile.objs|2 +
 hw/timer/Kconfig   |6 +
 hw/timer/Makefile.objs |3 +
 target/rx/Makefile.objs|   11 +
 target/rx/insns.decode |  621 ++
 tests/acceptance/boot_linux_console.py |   47 +
 46 files changed, 8090 insertions(+), 2 deletions(-)
 create mode 100644 default-configs/rx-softmmu.mak
 create mode 100644 include/hw/char/renesas_sci.h
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 include/hw/timer/renesas_cmt.h
 create mode 100644 include/hw/timer/renesas_tmr.h
 create mode 100644 target/rx/cpu-param.h
 create mode 100644 target/rx/cpu-qom

[PATCH v28 12/22] target/rx: Collect all bytes during disassembly

[Yoshinori Sato]

From: Richard Henderson 

Collected, to be used in the next patch.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-23-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 62 ---
 1 file changed, 42 insertions(+), 20 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index ebc1a44249..5a32a87534 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -25,43 +25,59 @@ typedef struct DisasContext {
 disassemble_info *dis;
 uint32_t addr;
 uint32_t pc;
+uint8_t len;
+uint8_t bytes[8];
 } DisasContext;
 
 
 static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
-   int i, int n)
+  int i, int n)
 {
-bfd_byte buf;
+uint32_t addr = ctx->addr;
+
+g_assert(ctx->len == i);
+g_assert(n <= ARRAY_SIZE(ctx->bytes));
+
 while (++i <= n) {
-ctx->dis->read_memory_func(ctx->addr++, &buf, 1, ctx->dis);
-insn |= buf << (32 - i * 8);
+ctx->dis->read_memory_func(addr++, &ctx->bytes[i - 1], 1, ctx->dis);
+insn |= ctx->bytes[i - 1] << (32 - i * 8);
 }
+ctx->addr = addr;
+ctx->len = n;
+
 return insn;
 }
 
 static int32_t li(DisasContext *ctx, int sz)
 {
-int32_t addr;
-bfd_byte buf[4];
-addr = ctx->addr;
+uint32_t addr = ctx->addr;
+uintptr_t len = ctx->len;
 
 switch (sz) {
 case 1:
+g_assert(len + 1 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 1;
-ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
-return (int8_t)buf[0];
+ctx->len += 1;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 1, ctx->dis);
+return (int8_t)ctx->bytes[len];
 case 2:
+g_assert(len + 2 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 2;
-ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
-return ldsw_le_p(buf);
+ctx->len += 2;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 2, ctx->dis);
+return ldsw_le_p(ctx->bytes + len);
 case 3:
+g_assert(len + 3 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 3;
-ctx->dis->read_memory_func(addr, buf, 3, ctx->dis);
-return (int8_t)buf[2] << 16 | lduw_le_p(buf);
+ctx->len += 3;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 3, ctx->dis);
+return (int8_t)ctx->bytes[len + 2] << 16 | lduw_le_p(ctx->bytes + len);
 case 0:
+g_assert(len + 4 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 4;
-ctx->dis->read_memory_func(addr, buf, 4, ctx->dis);
-return ldl_le_p(buf);
+ctx->len += 4;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 4, ctx->dis);
+return ldl_le_p(ctx->bytes + len);
 default:
 g_assert_not_reached();
 }
@@ -110,7 +126,7 @@ static const char psw[] = {
 static void rx_index_addr(DisasContext *ctx, char out[8], int ld, int mi)
 {
 uint32_t addr = ctx->addr;
-uint8_t buf[2];
+uintptr_t len = ctx->len;
 uint16_t dsp;
 
 switch (ld) {
@@ -119,14 +135,18 @@ static void rx_index_addr(DisasContext *ctx, char out[8], 
int ld, int mi)
 out[0] = '\0';
 return;
 case 1:
+g_assert(len + 1 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 1;
-ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
-dsp = buf[0];
+ctx->len += 1;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 1, ctx->dis);
+dsp = ctx->bytes[len];
 break;
 case 2:
+g_assert(len + 2 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 2;
-ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
-dsp = lduw_le_p(buf);
+ctx->len += 2;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 2, ctx->dis);
+dsp = lduw_le_p(ctx->bytes + len);
 break;
 default:
 g_assert_not_reached();
@@ -1392,8 +1412,10 @@ int print_insn_rx(bfd_vma addr, disassemble_info *dis)
 DisasContext ctx;
 uint32_t insn;
 int i;
+
 ctx.dis = dis;
 ctx.pc = ctx.addr = addr;
+ctx.len = 0;
 
 insn = decode_load(&ctx);
 if (!decode(&ctx, insn)) {
-- 
2.20.1

[PATCH v28 03/22] hw/registerfields.h: Add 8bit and 16bit register macros

[Yoshinori Sato]

From: Philippe Mathieu-Daudé 

Some RX peripheral using 8bit and 16bit registers.
Added 8bit and 16bit APIs.

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-11-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Signed-off-by: Richard Henderson 
---
 include/hw/registerfields.h | 32 +++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h
index 2659a58737..a0bb0654d6 100644
--- a/include/hw/registerfields.h
+++ b/include/hw/registerfields.h
@@ -22,6 +22,14 @@
 enum { A_ ## reg = (addr) };  \
 enum { R_ ## reg = (addr) / 4 };
 
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };
+
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };
+
 /* Define SHIFT, LENGTH and MASK constants for a field within a register */
 
 /* This macro will define R_FOO_BAR_MASK, R_FOO_BAR_SHIFT and R_FOO_BAR_LENGTH
@@ -34,6 +42,12 @@
 MAKE_64BIT_MASK(shift, length)};
 
 /* Extract a field from a register */
+#define FIELD_EX8(storage, reg, field)\
+extract8((storage), R_ ## reg ## _ ## field ## _SHIFT,\
+  R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_EX16(storage, reg, field)   \
+extract16((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH)
 #define FIELD_EX32(storage, reg, field)   \
 extract32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH)
@@ -49,6 +63,22 @@
  * Assigning values larger then the target field will result in
  * compilation warnings.
  */
+#define FIELD_DP8(storage, reg, field, val) ({\
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint8_t d;\
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
+#define FIELD_DP16(storage, reg, field, val) ({   \
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint16_t d;   \
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
 #define FIELD_DP32(storage, reg, field, val) ({   \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
@@ -57,7 +87,7 @@
 d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
 d; })
-#define FIELD_DP64(storage, reg, field, val) ({   \
+#define FIELD_DP64(storage, reg, field, val) ({ \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
 } v = { .v = val };   \
-- 
2.20.1

[PATCH v28 09/22] target/rx: Replace operand with prt_ldmi in disassembler

[Yoshinori Sato]

From: Richard Henderson 

This has consistency with prt_ri().  It loads all data before
beginning output.  It uses exactly one call to prt() to emit
the full instruction.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-20-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 77 +--
 1 file changed, 27 insertions(+), 50 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 64342537ee..515b365528 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -135,18 +135,18 @@ static void rx_index_addr(DisasContext *ctx, char out[8], 
int ld, int mi)
 sprintf(out, "%u", dsp << (mi < 3 ? mi : 4 - mi));
 }
 
-static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
+static void prt_ldmi(DisasContext *ctx, const char *insn,
+ int ld, int mi, int rs, int rd)
 {
 static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
 char dsp[8];
 
 if (ld < 3) {
 rx_index_addr(ctx, dsp, ld, mi);
-prt("%s[r%d]%s", dsp, rs, sizes[mi]);
+prt("%s\t%s[r%d]%s, r%d", insn, dsp, rs, sizes[mi], rd);
 } else {
-prt("r%d", rs);
+prt("%s\tr%d, r%d", insn, rs, rd);
 }
-prt(", r%d", rd);
 }
 
 static void prt_ir(DisasContext *ctx, const char *insn, int imm, int rd)
@@ -416,8 +416,7 @@ static bool trans_AND_ir(DisasContext *ctx, arg_AND_ir *a)
 /* and rs,rd */
 static bool trans_AND_mr(DisasContext *ctx, arg_AND_mr *a)
 {
-prt("and\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "and", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -440,8 +439,7 @@ static bool trans_OR_ir(DisasContext *ctx, arg_OR_ir *a)
 /* or rs,rd */
 static bool trans_OR_mr(DisasContext *ctx, arg_OR_mr *a)
 {
-prt("or\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "or", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -463,8 +461,7 @@ static bool trans_XOR_ir(DisasContext *ctx, arg_XOR_ir *a)
 /* xor rs,rd */
 static bool trans_XOR_mr(DisasContext *ctx, arg_XOR_mr *a)
 {
-prt("xor\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "xor", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -479,8 +476,7 @@ static bool trans_TST_ir(DisasContext *ctx, arg_TST_ir *a)
 /* tst rs, rd */
 static bool trans_TST_mr(DisasContext *ctx, arg_TST_mr *a)
 {
-prt("tst\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "tst", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -548,8 +544,7 @@ static bool trans_ADD_irr(DisasContext *ctx, arg_ADD_irr *a)
 /* add dsp[rs], rd */
 static bool trans_ADD_mr(DisasContext *ctx, arg_ADD_mr *a)
 {
-prt("add\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "add", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -573,8 +568,7 @@ static bool trans_CMP_ir(DisasContext *ctx, arg_CMP_ir *a)
 /* cmp dsp[rs], rs2 */
 static bool trans_CMP_mr(DisasContext *ctx, arg_CMP_mr *a)
 {
-prt("cmp\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "cmp", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -589,8 +583,7 @@ static bool trans_SUB_ir(DisasContext *ctx, arg_SUB_ir *a)
 /* sub dsp[rs], rd */
 static bool trans_SUB_mr(DisasContext *ctx, arg_SUB_mr *a)
 {
-prt("sub\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "sub", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -611,8 +604,7 @@ static bool trans_SBB_rr(DisasContext *ctx, arg_SBB_rr *a)
 /* sbb dsp[rs], rd */
 static bool trans_SBB_mr(DisasContext *ctx, arg_SBB_mr *a)
 {
-prt("sbb\t");
-operand(ctx, a->ld, RX_IM_LONG, a->rs, a->rd);
+prt_ldmi(ctx, "sbb", a->ld, RX_IM_LONG, a->rs, a->rd);
 return true;
 }
 
@@ -640,8 +632,7 @@ static bool trans_MAX_ir(DisasContext *ctx, arg_MAX_ir *a)
 /* max dsp[rs], rd */
 static bool trans_MAX_mr(DisasContext *ctx, arg_MAX_mr *a)
 {
-prt("max\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "max", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -656,8 +647,7 @@ static bool trans_MIN_ir(DisasContext *ctx, arg_MIN_ir *a)
 /* min dsp[rs], rd */
 static bool trans_MIN_mr(DisasContext *ctx, arg_MIN_mr *a)
 {
-prt("max\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "min", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -673,8 +663,7 @@ static bool trans_MUL_ir(DisasContext *ctx, arg_MUL_ir *a)
 /* mul dsp[rs], rd */
 static bool trans_MUL_mr(DisasContext *ctx, arg_MUL_mr *a)
 {
-prt("mul\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "mul", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -696,8 +685,7 @@ static bool trans_EMUL_ir(DisasContext *ctx, arg_EMUL_ir *a)
 /* emul dsp[rs], rd */
 static bool trans_EMUL_mr(DisasContext *ctx

[PATCH v28 08/22] target/rx: Disassemble rx_index_addr into a string

[Yoshinori Sato]

From: Richard Henderson 

We were eliding all zero indexes.  It is only ld==0 that does
not have an index in the instruction.  This also allows us to
avoid breaking the final print into multiple pieces.

Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-19-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 154 +-
 1 file changed, 55 insertions(+), 99 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 8cada4825d..64342537ee 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -107,49 +107,42 @@ static const char psw[] = {
 'i', 'u', 0, 0, 0, 0, 0, 0,
 };
 
-static uint32_t rx_index_addr(int ld, int size, DisasContext *ctx)
+static void rx_index_addr(DisasContext *ctx, char out[8], int ld, int mi)
 {
-bfd_byte buf[2];
+uint32_t addr = ctx->addr;
+uint8_t buf[2];
+uint16_t dsp;
+
 switch (ld) {
 case 0:
-return 0;
+/* No index; return empty string.  */
+out[0] = '\0';
+return;
 case 1:
-ctx->dis->read_memory_func(ctx->addr, buf, 1, ctx->dis);
 ctx->addr += 1;
-return ((uint8_t)buf[0]) << size;
+ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
+dsp = buf[0];
+break;
 case 2:
-ctx->dis->read_memory_func(ctx->addr, buf, 2, ctx->dis);
 ctx->addr += 2;
-return lduw_le_p(buf) << size;
+ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
+dsp = lduw_le_p(buf);
+break;
+default:
+g_assert_not_reached();
 }
-g_assert_not_reached();
+
+sprintf(out, "%u", dsp << (mi < 3 ? mi : 4 - mi));
 }
 
 static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
 {
-int dsp;
 static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
+char dsp[8];
+
 if (ld < 3) {
-switch (mi) {
-case 4:
-/* dsp[rs].ub */
-dsp = rx_index_addr(ld, RX_MEMORY_BYTE, ctx);
-break;
-case 3:
-/* dsp[rs].uw */
-dsp = rx_index_addr(ld, RX_MEMORY_WORD, ctx);
-break;
-default:
-/* dsp[rs].b */
-/* dsp[rs].w */
-/* dsp[rs].l */
-dsp = rx_index_addr(ld, mi, ctx);
-break;
-}
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]%s", rs, sizes[mi]);
+rx_index_addr(ctx, dsp, ld, mi);
+prt("%s[r%d]%s", dsp, rs, sizes[mi]);
 } else {
 prt("r%d", rs);
 }
@@ -235,7 +228,7 @@ static bool trans_MOV_ra(DisasContext *ctx, arg_MOV_ra *a)
 /* mov.[bwl] rs,rd */
 static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 {
-int dsp;
+char dspd[8], dsps[8];
 
 prt("mov.%c\t", size[a->sz]);
 if (a->lds == 3 && a->ldd == 3) {
@@ -244,29 +237,15 @@ static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 return true;
 }
 if (a->lds == 3) {
-prt("r%d, ", a->rd);
-dsp = rx_index_addr(a->ldd, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rs);
+rx_index_addr(ctx, dspd, a->ldd, a->sz);
+prt("r%d, %s[r%d]", a->rs, dspd, a->rd);
 } else if (a->ldd == 3) {
-dsp = rx_index_addr(a->lds, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d], r%d", a->rs, a->rd);
+rx_index_addr(ctx, dsps, a->lds, a->sz);
+prt("%s[r%d], r%d", dsps, a->rs, a->rd);
 } else {
-dsp = rx_index_addr(a->lds, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d], ", a->rs);
-dsp = rx_index_addr(a->ldd, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rd);
+rx_index_addr(ctx, dsps, a->lds, a->sz);
+rx_index_addr(ctx, dspd, a->ldd, a->sz);
+prt("%s[r%d], %s[r%d]", dsps, a->rs, dspd, a->rd);
 }
 return true;
 }
@@ -357,12 +336,10 @@ static bool trans_PUSH_r(DisasContext *ctx, arg_PUSH_r *a)
 /* push dsp[rs] */
 static bool trans_PUSH_m(DisasContext *ctx, arg_PUSH_m *a)
 {
-prt("push\t");
-int dsp = rx_index_addr(a->ld, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rs);
+char dsp[8];
+
+rx_index_addr(ctx, dsp, a->ld, a->sz);
+prt("push\t%s[r%d]", dsp, a->rs);
 return true;
 }
 
@@ -389,17 +366,13 @@ static bool trans_XCHG_rr(DisasContext *ctx, arg_XCHG_rr 
*a)
 /* xchg dsp[rs].,rd */
 static bool trans_XCHG_mr(DisasContext *ctx, arg_XCHG_mr *a)
 {
-int dsp;
 static const char msize[][4] = {
 "b", "w", "l", "ub", "uw",
 };
+char dsp[8];
 
-prt("xchg\t");
-dsp = rx_index_addr(a->ld, a->mi, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]

[PATCH v28 14/22] hw/intc: RX62N interrupt controller (ICUa)

[Yoshinori Sato]

This implementation supported only ICUa.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-6-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/hw/intc/rx_icu.h |  56 ++
 hw/intc/rx_icu.c | 379 +++
 hw/intc/Kconfig  |   3 +
 hw/intc/Makefile.objs|   1 +
 4 files changed, 439 insertions(+)
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 hw/intc/rx_icu.c

diff --git a/include/hw/intc/rx_icu.h b/include/hw/intc/rx_icu.h
new file mode 100644
index 00..acfcf06aef
--- /dev/null
+++ b/include/hw/intc/rx_icu.h
@@ -0,0 +1,56 @@
+#ifndef RX_ICU_H
+#define RX_ICU_H
+
+#include "qemu-common.h"
+#include "hw/irq.h"
+
+enum TRG_MODE {
+TRG_LEVEL = 0,
+TRG_NEDGE = 1,  /* Falling */
+TRG_PEDGE = 2,  /* Raising */
+TRG_BEDGE = 3,  /* Both */
+};
+
+struct IRQSource {
+enum TRG_MODE sense;
+int level;
+};
+
+enum {
+/* Software interrupt request */
+SWI = 27,
+NR_IRQS = 256,
+};
+
+struct RXICUState {
+SysBusDevice parent_obj;
+
+MemoryRegion memory;
+struct IRQSource src[NR_IRQS];
+char *icutype;
+uint32_t nr_irqs;
+uint32_t *map;
+uint32_t nr_sense;
+uint32_t *init_sense;
+
+uint8_t ir[NR_IRQS];
+uint8_t dtcer[NR_IRQS];
+uint8_t ier[NR_IRQS / 8];
+uint8_t ipr[142];
+uint8_t dmasr[4];
+uint16_t fir;
+uint8_t nmisr;
+uint8_t nmier;
+uint8_t nmiclr;
+uint8_t nmicr;
+int req_irq;
+qemu_irq _irq;
+qemu_irq _fir;
+qemu_irq _swi;
+};
+typedef struct RXICUState RXICUState;
+
+#define TYPE_RXICU "rx-icu"
+#define RXICU(obj) OBJECT_CHECK(RXICUState, (obj), TYPE_RXICU)
+
+#endif /* RX_ICU_H */
diff --git a/hw/intc/rx_icu.c b/hw/intc/rx_icu.c
new file mode 100644
index 00..ac4dcbfe37
--- /dev/null
+++ b/hw/intc/rx_icu.c
@@ -0,0 +1,379 @@
+/*
+ * RX Interrupt Control Unit
+ *
+ * Warning: Only ICUa is supported.
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/qdev-properties.h"
+#include "hw/intc/rx_icu.h"
+#include "migration/vmstate.h"
+#include "qemu/error-report.h"
+
+REG8(IR, 0)
+  FIELD(IR, IR,  0, 1)
+REG8(DTCER, 0x100)
+  FIELD(DTCER, DTCE,  0, 1)
+REG8(IER, 0x200)
+REG8(SWINTR, 0x2e0)
+  FIELD(SWINTR, SWINT, 0, 1)
+REG16(FIR, 0x2f0)
+  FIELD(FIR, FVCT, 0, 8)
+  FIELD(FIR, FIEN, 15, 1)
+REG8(IPR, 0x300)
+  FIELD(IPR, IPR, 0, 4)
+REG8(DMRSR, 0x400)
+REG8(IRQCR, 0x500)
+  FIELD(IRQCR, IRQMD, 2, 2)
+REG8(NMISR, 0x580)
+  FIELD(NMISR, NMIST, 0, 1)
+  FIELD(NMISR, LVDST, 1, 1)
+  FIELD(NMISR, OSTST, 2, 1)
+REG8(NMIER, 0x581)
+  FIELD(NMIER, NMIEN, 0, 1)
+  FIELD(NMIER, LVDEN, 1, 1)
+  FIELD(NMIER, OSTEN, 2, 1)
+REG8(NMICLR, 0x582)
+  FIELD(NMICLR, NMICLR, 0, 1)
+  FIELD(NMICLR, OSTCLR, 2, 1)
+REG8(NMICR, 0x583)
+  FIELD(NMICR, NMIMD, 3, 1)
+
+#define request(icu, n) (icu->ipr[icu->map[n]] << 8 | n)
+
+static void set_irq(RXICUState *icu, int n_IRQ, int req)
+{
+if ((icu->fir & R_FIR_FIEN_MASK) &&
+(icu->fir & R_FIR_FVCT_MASK) == n_IRQ) {
+qemu_set_irq(icu->_fir, req);
+} else {
+qemu_set_irq(icu->_irq, req);
+}
+}
+
+static void rxicu_request(RXICUState *icu, int n_IRQ)
+{
+int enable;
+
+enable = icu->ier[n_IRQ / 8] & (1 << (n_IRQ & 7));
+if (n_IRQ > 0 && enable != 0 && atomic_read(&icu->req_irq) < 0) {
+atomic_set(&icu->req_irq, n_IRQ);
+set_irq(icu, n_IRQ, request(icu, n_IRQ));
+}
+}
+
+static void rxicu_set_irq(void *opaque, int n_IRQ, int level)
+{
+RXICUState *icu = opaque;
+struct IRQSource *src;
+int issue;
+
+if (n_IRQ >= NR_IRQS) {
+error_report("%s: IRQ %d out of range", __func__, n_IRQ);
+return;
+}
+
+src = &icu->src[n_IRQ];
+
+level = (level != 0);
+switch (src->sense) {
+case TRG_LEVEL:
+/* level-sen

[PATCH v28 21/22] BootLinuxConsoleTest: Test the RX-Virt machine

[Yoshinori Sato]

From: Philippe Mathieu-Daudé 

Add two tests for the rx-virt machine, based on the recommended test
setup from Yoshinori Sato:
https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg03586.html

- U-Boot prompt
- Linux kernel with Sash shell

These are very quick tests:

  $ avocado run -t arch:rx tests/acceptance/boot_linux_console.py
  JOB ID : 84a6ef01c0b87975ecbfcb31a920afd735753ace
  JOB LOG: 
/home/phil/avocado/job-results/job-2019-05-24T05.02-84a6ef0/job.log
   (1/2) tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_rx_uboot: 
PASS (0.11 s)
   (2/2) tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_rx_linux: 
PASS (0.45 s)
  RESULTS: PASS 2 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | 
CANCEL 0

Tests can also be run with:

  $ avocado --show=console run -t arch:rx tests/acceptance/boot_linux_console.py
  console: U-Boot 2016.05-rc3-23705-ga1ef3c71cb-dirty (Feb 05 2019 - 21:56:06 
+0900)
  console: Linux version 4.19.0+ (yo-satoh@yo-satoh-debian) (gcc version 9.0.0 
20181105 (experimental) (GCC)) #137 Wed Feb 20 23:20:02 JST 2019
  console: Built 1 zonelists, mobility grouping on.  Total pages: 8128
  ...
  console: SuperH (H)SCI(F) driver initialized
  console: 88240.serial: ttySC0 at MMIO 0x88240 (irq = 215, base_baud = 0) is a 
sci
  console: console [ttySC0] enabled
  console: 88248.serial: ttySC1 at MMIO 0x88248 (irq = 219, base_baud = 0) is a 
sci

Signed-off-by: Philippe Mathieu-Daudé 
Based-on: 20190517045136.3509-1-richard.hender...@linaro.org
"RX architecture support"
Signed-off-by: Yoshinori Sato 
---
 tests/acceptance/boot_linux_console.py | 47 ++
 1 file changed, 47 insertions(+)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index 9c6aa2040a..9976227b21 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -483,3 +483,50 @@ class BootLinuxConsole(Test):
 self.wait_for_console_pattern(console_pattern)
 console_pattern = 'No filesystem could mount root'
 self.wait_for_console_pattern(console_pattern)
+
+def test_rx_uboot(self):
+"""
+:avocado: tags=arch:rx
+:avocado: tags=machine:rx-virt
+:avocado: tags=endian:little
+"""
+uboot_url = ('https://acc.dl.osdn.jp/users/23/23888/u-boot.bin.gz')
+uboot_hash = '9b78dbd43b40b2526848c0b1ce9de02c24f4dcdb'
+uboot_path = self.fetch_asset(uboot_url, asset_hash=uboot_hash)
+uboot_path = archive.uncompress(uboot_path, self.workdir)
+
+self.vm.set_machine('rx-virt')
+self.vm.set_console()
+self.vm.add_args('-bios', uboot_path,
+ '-no-reboot')
+self.vm.launch()
+uboot_version = 'U-Boot 2016.05-rc3-23705-ga1ef3c71cb-dirty'
+self.wait_for_console_pattern(uboot_version)
+gcc_version = 'rx-unknown-linux-gcc (GCC) 9.0.0 20181105 
(experimental)'
+# FIXME limit baudrate on chardev, else we type too fast
+#self.exec_command_and_wait_for_pattern('version', gcc_version)
+
+def test_rx_linux(self):
+"""
+:avocado: tags=arch:rx
+:avocado: tags=machine:rx-virt
+:avocado: tags=endian:little
+"""
+dtb_url = ('https://acc.dl.osdn.jp/users/23/23887/rx-qemu.dtb')
+dtb_hash = '7b4e4e2c71905da44e86ce47adee2210b026ac18'
+dtb_path = self.fetch_asset(dtb_url, asset_hash=dtb_hash)
+kernel_url = ('http://acc.dl.osdn.jp/users/23/23845/zImage')
+kernel_hash = '39a81067f8d72faad90866ddfefa19165d68fc99'
+kernel_path = self.fetch_asset(kernel_url, asset_hash=kernel_hash)
+
+self.vm.set_machine('rx-virt')
+self.vm.set_console()
+kernel_command_line = self.KERNEL_COMMON_COMMAND_LINE + 'earlycon'
+self.vm.add_args('-kernel', kernel_path,
+ '-dtb', dtb_path,
+ '-no-reboot')
+self.vm.launch()
+self.wait_for_console_pattern('Sash command shell (version 1.1.1)')
+self.exec_command_and_wait_for_pattern('printenv',
+   'TERM=linux')
+
-- 
2.20.1

[PATCH v28 13/22] target/rx: Dump bytes for each insn during disassembly

[Yoshinori Sato]

From: Richard Henderson 

There are so many different forms of each RX instruction
that it will be very useful to be able to look at the bytes
to see on which path a bug may lie.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-24-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 5a32a87534..d73b53db44 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -102,7 +102,21 @@ static int bdsp_s(DisasContext *ctx, int d)
 /* Include the auto-generated decoder.  */
 #include "decode.inc.c"
 
-#define prt(...) (ctx->dis->fprintf_func)((ctx->dis->stream), __VA_ARGS__)
+static void dump_bytes(DisasContext *ctx)
+{
+int i, len = ctx->len;
+
+for (i = 0; i < len; ++i) {
+ctx->dis->fprintf_func(ctx->dis->stream, "%02x ", ctx->bytes[i]);
+}
+ctx->dis->fprintf_func(ctx->dis->stream, "%*c", (8 - i) * 3, '\t');
+}
+
+#define prt(...) \
+do {\
+dump_bytes(ctx);\
+ctx->dis->fprintf_func(ctx->dis->stream, __VA_ARGS__);  \
+} while (0)
 
 #define RX_MEMORY_BYTE 0
 #define RX_MEMORY_WORD 1
-- 
2.20.1

[PATCH v28 05/22] target/rx: TCG helper

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 

Message-Id: <20190616142836.10614-3-ys...@users.sourceforge.jp>
Reviewed-by: Richard Henderson 
Message-Id: <20190607091116.49044-3-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
[PMD: Removed tlb_fill, extracted from patch of Yoshinori Sato
 'Convert to CPUClass::tlb_fill']
Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
---
 target/rx/helper.h|  31 +++
 target/rx/helper.c| 149 +
 target/rx/op_helper.c | 470 ++
 3 files changed, 650 insertions(+)
 create mode 100644 target/rx/helper.h
 create mode 100644 target/rx/helper.c
 create mode 100644 target/rx/op_helper.c

diff --git a/target/rx/helper.h b/target/rx/helper.h
new file mode 100644
index 00..f0b7ebbbf7
--- /dev/null
+++ b/target/rx/helper.h
@@ -0,0 +1,31 @@
+DEF_HELPER_1(raise_illegal_instruction, noreturn, env)
+DEF_HELPER_1(raise_access_fault, noreturn, env)
+DEF_HELPER_1(raise_privilege_violation, noreturn, env)
+DEF_HELPER_1(wait, noreturn, env)
+DEF_HELPER_1(debug, noreturn, env)
+DEF_HELPER_2(rxint, noreturn, env, i32)
+DEF_HELPER_1(rxbrk, noreturn, env)
+DEF_HELPER_FLAGS_3(fadd, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fsub, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fmul, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fdiv, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fcmp, TCG_CALL_NO_WG, void, env, f32, f32)
+DEF_HELPER_FLAGS_2(ftoi, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(round, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(itof, TCG_CALL_NO_WG, f32, env, i32)
+DEF_HELPER_2(set_fpsw, void, env, i32)
+DEF_HELPER_FLAGS_2(racw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw_rte, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(pack_psw, i32, env)
+DEF_HELPER_FLAGS_3(div, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_3(divu, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_1(scmpu, TCG_CALL_NO_WG, void, env)
+DEF_HELPER_1(smovu, void, env)
+DEF_HELPER_1(smovf, void, env)
+DEF_HELPER_1(smovb, void, env)
+DEF_HELPER_2(sstr, void, env, i32)
+DEF_HELPER_FLAGS_2(swhile, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(suntil, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(rmpa, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(satr, void, env)
diff --git a/target/rx/helper.c b/target/rx/helper.c
new file mode 100644
index 00..a34a40af83
--- /dev/null
+++ b/target/rx/helper.c
@@ -0,0 +1,149 @@
+/*
+ *  RX emulation
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+#include "exec/log.h"
+#include "exec/cpu_ldst.h"
+#include "sysemu/sysemu.h"
+#include "hw/irq.h"
+
+void rx_cpu_unpack_psw(CPURXState *env, uint32_t psw, int rte)
+{
+if (env->psw_pm == 0) {
+env->psw_ipl = FIELD_EX32(psw, PSW, IPL);
+if (rte) {
+/* PSW.PM can write RTE and RTFI */
+env->psw_pm = FIELD_EX32(psw, PSW, PM);
+}
+env->psw_u = FIELD_EX32(psw, PSW, U);
+env->psw_i = FIELD_EX32(psw, PSW, I);
+}
+env->psw_o = FIELD_EX32(psw, PSW, O) << 31;
+env->psw_s = FIELD_EX32(psw, PSW, S) << 31;
+env->psw_z = 1 - FIELD_EX32(psw, PSW, Z);
+env->psw_c = FIELD_EX32(psw, PSW, C);
+}
+
+#define INT_FLAGS (CPU_INTERRUPT_HARD | CPU_INTERRUPT_FIR)
+void rx_cpu_do_interrupt(CPUState *cs)
+{
+RXCPU *cpu = RXCPU(cs);
+CPURXState *env = &cpu->env;
+int do_irq = cs->interrupt_request & INT_FLAGS;
+uint32_t save_psw;
+
+env->in_sleep = 0;
+
+if (env->psw_u) {
+env->usp = env->regs[0];
+} else {
+env->isp = env->regs[0];
+}
+save_psw = rx_cpu_pack_psw(env);
+env->psw_pm = env->psw_i = env->psw_u = 0;
+
+if (do_irq) {
+if (do_irq & CPU_INTERRUPT_FIR) {
+env->bpc = env->pc;
+env->bpsw = save_psw;
+env->pc = env->fintv;
+env->psw_ipl = 15;
+cs->interrupt_request &= ~CPU_INTERRUPT_FIR;
+qemu_set_irq(env->ack, env->ack_irq);
+qemu_log_mask(CPU_LOG_INT, "fast interrupt raised\n");
+} else if (do_irq & CPU_INTERRUPT_HARD) {
+env->isp -= 4;
+cpu_

[PATCH v28 15/22] hw/timer: RX62N internal timer modules

[Yoshinori Sato]

renesas_tmr: 8bit timer modules.
renesas_cmt: 16bit compare match timer modules.
This part use many renesas's CPU.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-7-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/hw/timer/renesas_cmt.h |  38 +++
 include/hw/timer/renesas_tmr.h |  53 
 hw/timer/renesas_cmt.c | 278 
 hw/timer/renesas_tmr.c | 458 +
 hw/timer/Kconfig   |   6 +
 hw/timer/Makefile.objs |   3 +
 6 files changed, 836 insertions(+)
 create mode 100644 include/hw/timer/renesas_cmt.h
 create mode 100644 include/hw/timer/renesas_tmr.h
 create mode 100644 hw/timer/renesas_cmt.c
 create mode 100644 hw/timer/renesas_tmr.c

diff --git a/include/hw/timer/renesas_cmt.h b/include/hw/timer/renesas_cmt.h
new file mode 100644
index 00..acd25c6e0b
--- /dev/null
+++ b/include/hw/timer/renesas_cmt.h
@@ -0,0 +1,38 @@
+/*
+ * Renesas Compare-match timer Object
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#ifndef HW_RENESAS_CMT_H
+#define HW_RENESAS_CMT_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_CMT "renesas-cmt"
+#define RCMT(obj) OBJECT_CHECK(RCMTState, (obj), TYPE_RENESAS_CMT)
+
+enum {
+CMT_CH = 2,
+CMT_NR_IRQ = 1 * CMT_CH,
+};
+
+typedef struct RCMTState {
+SysBusDevice parent_obj;
+
+uint64_t input_freq;
+MemoryRegion memory;
+
+uint16_t cmstr;
+uint16_t cmcr[CMT_CH];
+uint16_t cmcnt[CMT_CH];
+uint16_t cmcor[CMT_CH];
+int64_t tick[CMT_CH];
+qemu_irq cmi[CMT_CH];
+QEMUTimer *timer[CMT_CH];
+} RCMTState;
+
+#endif
diff --git a/include/hw/timer/renesas_tmr.h b/include/hw/timer/renesas_tmr.h
new file mode 100644
index 00..5787004c74
--- /dev/null
+++ b/include/hw/timer/renesas_tmr.h
@@ -0,0 +1,53 @@
+/*
+ * Renesas 8bit timer Object
+ *
+ * Copyright (c) 2018 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#ifndef HW_RENESAS_TMR_H
+#define HW_RENESAS_TMR_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_TMR "renesas-tmr"
+#define RTMR(obj) OBJECT_CHECK(RTMRState, (obj), TYPE_RENESAS_TMR)
+
+enum timer_event {
+cmia = 0,
+cmib = 1,
+ovi = 2,
+none = 3,
+TMR_NR_EVENTS = 4
+};
+
+enum {
+TMR_CH = 2,
+TMR_NR_IRQ = 3 * TMR_CH,
+};
+
+typedef struct RTMRState {
+SysBusDevice parent_obj;
+
+uint64_t input_freq;
+MemoryRegion memory;
+
+uint8_t tcnt[TMR_CH];
+uint8_t tcora[TMR_CH];
+uint8_t tcorb[TMR_CH];
+uint8_t tcr[TMR_CH];
+uint8_t tccr[TMR_CH];
+uint8_t tcor[TMR_CH];
+uint8_t tcsr[TMR_CH];
+int64_t tick;
+int64_t div_round[TMR_CH];
+enum timer_event next[TMR_CH];
+qemu_irq cmia[TMR_CH];
+qemu_irq cmib[TMR_CH];
+qemu_irq ovi[TMR_CH];
+QEMUTimer *timer[TMR_CH];
+} RTMRState;
+
+#endif
diff --git a/hw/timer/renesas_cmt.c b/hw/timer/renesas_cmt.c
new file mode 100644
index 00..5d57c447b8
--- /dev/null
+++ b/hw/timer/renesas_cmt.c
@@ -0,0 +1,278 @@
+/*
+ * Renesas 16bit Compare-match timer
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "qemu/timer.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/qdev-properties.h"
+#include "hw/timer/renesas_cmt.h"
+#include "migration/vmstate.h"
+#include "qemu/error-report.h"
+
+/*
+ *  +0 CMSTR - common control
+ *  +2 CMCR  - ch0
+ *  +4 CMCNT - ch0
+ *  +6 CMCOR - ch0
+ *  +8 CMCR  - ch1
+ * +10 CMCNT - ch1
+ * +12 CMCOR - ch1
+ * If we think that the address of CH 0 has an offset of +2,
+ * we can treat it with the same address as CH 1, so define it like that.
+ */
+REG16(CMSTR, 0)
+  FIELD(CMSTR, STR0, 0, 1)
+  FIELD(CMSTR, STR1, 1, 1)
+  FIELD(CMSTR, STR,  0, 2)
+/* This addeess is channel offset */
+REG16(CMCR, 0)
+  FIELD(CMCR, CKS, 0, 2)
+  FIELD(CMCR, CMIE, 6, 

[PATCH v28 06/22] target/rx: CPU definition

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 

Message-Id: <20190616142836.10614-4-ys...@users.sourceforge.jp>
Reviewed-by: Richard Henderson 
Message-Id: <20190607091116.49044-4-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
[PMD: Use newer QOM style, split cpu-qom.h, restrict access to
 extable array, use rx_cpu_tlb_fill() extracted from patch of
 Yoshinori Sato 'Convert to CPUClass::tlb_fill']
Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Igor Mammedov 
Signed-off-by: Yoshinori Sato 
---
 target/rx/cpu-param.h   |  31 ++
 target/rx/cpu-qom.h |  42 
 target/rx/cpu.h | 181 +
 target/rx/cpu.c | 217 
 target/rx/gdbstub.c | 112 +
 target/rx/Makefile.objs |   1 -
 6 files changed, 583 insertions(+), 1 deletion(-)
 create mode 100644 target/rx/cpu-param.h
 create mode 100644 target/rx/cpu-qom.h
 create mode 100644 target/rx/cpu.h
 create mode 100644 target/rx/cpu.c
 create mode 100644 target/rx/gdbstub.c

diff --git a/target/rx/cpu-param.h b/target/rx/cpu-param.h
new file mode 100644
index 00..5da87fbebe
--- /dev/null
+++ b/target/rx/cpu-param.h
@@ -0,0 +1,31 @@
+/*
+ *  RX cpu parameters
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef RX_CPU_PARAM_H
+#define RX_CPU_PARAM_H
+
+#define TARGET_LONG_BITS 32
+#define TARGET_PAGE_BITS 12
+
+#define TARGET_PHYS_ADDR_SPACE_BITS 32
+#define TARGET_VIRT_ADDR_SPACE_BITS 32
+
+#define NB_MMU_MODES 1
+#define MMU_MODE0_SUFFIX _all
+
+#endif
diff --git a/target/rx/cpu-qom.h b/target/rx/cpu-qom.h
new file mode 100644
index 00..8328900f3f
--- /dev/null
+++ b/target/rx/cpu-qom.h
@@ -0,0 +1,42 @@
+#ifndef QEMU_RX_CPU_QOM_H
+#define QEMU_RX_CPU_QOM_H
+
+#include "hw/core/cpu.h"
+/*
+ * RX CPU
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ * SPDX-License-Identifier: LGPL-2.0+
+ */
+
+#define TYPE_RX_CPU "rx-cpu"
+
+#define TYPE_RX62N_CPU RX_CPU_TYPE_NAME("rx62n")
+
+#define RXCPU_CLASS(klass) \
+OBJECT_CLASS_CHECK(RXCPUClass, (klass), TYPE_RX_CPU)
+#define RXCPU(obj) \
+OBJECT_CHECK(RXCPU, (obj), TYPE_RX_CPU)
+#define RXCPU_GET_CLASS(obj) \
+OBJECT_GET_CLASS(RXCPUClass, (obj), TYPE_RX_CPU)
+
+/*
+ * RXCPUClass:
+ * @parent_realize: The parent class' realize handler.
+ * @parent_reset: The parent class' reset handler.
+ *
+ * A RX CPU model.
+ */
+typedef struct RXCPUClass {
+/*< private >*/
+CPUClass parent_class;
+/*< public >*/
+
+DeviceRealize parent_realize;
+void (*parent_reset)(CPUState *cpu);
+
+} RXCPUClass;
+
+#define CPUArchState struct CPURXState
+
+#endif
diff --git a/target/rx/cpu.h b/target/rx/cpu.h
new file mode 100644
index 00..2d1eb7665c
--- /dev/null
+++ b/target/rx/cpu.h
@@ -0,0 +1,181 @@
+/*
+ *  RX emulation definition
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef RX_CPU_H
+#define RX_CPU_H
+
+#include "qemu/bitops.h"
+#include "qemu-common.h"
+#include "hw/registerfields.h"
+#include "cpu-qom.h"
+
+#include "exec/cpu-defs.h"
+
+/* PSW define */
+REG32(PSW, 0)
+FIELD(PSW, C, 0, 1)
+FIELD(PSW, Z, 1, 1)
+FIELD(PSW, S, 2, 1)
+FIELD(PSW, O, 3, 1)
+FIELD(PSW, I, 16, 1)
+FIELD(PSW, U, 17, 1)
+FIELD(PSW, PM, 20, 1)
+FIELD(PSW, IPL, 24, 4)
+
+/* FPSW define */
+REG32(FPSW, 0)
+FIELD(FPSW, RM, 0, 2)
+FIELD(FPSW, CV, 2, 1)
+FIELD(FPSW, CO, 3, 1)
+FIELD(FPSW, CZ, 4, 1)
+FIELD(FPSW, CU, 5, 1)
+FIELD(FPSW, CX, 6, 1)
+FIELD(FPSW, CE, 7, 1)
+FIELD(FPSW, CAUSE, 2, 6)
+FIELD(FPSW, DN, 8, 1)
+FIELD(FPSW, EV, 10, 1)
+FIELD(FPSW, EO, 11, 1)
+FIELD(FPSW, EZ, 12, 1)
+FIELD(FPSW, EU, 13, 1)
+FIELD(FPSW, EX, 14, 1)
+FIELD(FPSW, ENABLE, 10, 5)
+FIELD(FPSW, FV, 26, 1)
+FIELD(FPSW, FO, 27, 1)
+FIELD(FPSW, FZ, 28, 1)
+FIELD(FPSW, FU, 29, 1)
+FIELD(FPSW, FX, 30, 1)
+FIELD(

[PATCH v28 19/22] hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core

[Yoshinori Sato]

From: Philippe Mathieu-Daudé 

While the VIRT machine can use different microcontrollers,
the RX62N microcontroller is tied to the RX62N CPU core.

Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
---
 hw/rx/rx-virt.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
index 4cfe2e3123..9676a5e7bf 100644
--- a/hw/rx/rx-virt.c
+++ b/hw/rx/rx-virt.c
@@ -17,6 +17,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "cpu.h"
@@ -56,6 +57,7 @@ static void rx_load_image(RXCPU *cpu, const char *filename,
 
 static void rxvirt_init(MachineState *machine)
 {
+MachineClass *mc = MACHINE_GET_CLASS(machine);
 RX62NState *s = g_new(RX62NState, 1);
 MemoryRegion *sysmem = get_system_memory();
 MemoryRegion *sdram = g_new(MemoryRegion, 1);
@@ -64,6 +66,12 @@ static void rxvirt_init(MachineState *machine)
 void *dtb = NULL;
 int dtb_size;
 
+if (strcmp(machine->cpu_type, mc->default_cpu_type) != 0) {
+error_report("This board can only be used with CPU %s",
+ mc->default_cpu_type);
+exit(1);
+}
+
 /* Allocate memory space */
 memory_region_init_ram(sdram, NULL, "sdram", 16 * MiB,
&error_fatal);
-- 
2.20.1

[PATCH v28 20/22] Add rx-softmmu

[Yoshinori Sato]

Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-17-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
pick ed65c02993 target/rx: Add RX to SysEmuTarget
pick 01372568ae tests: Add rx to machine-none-test.c
[PMD: Squashed patches from Richard Henderson modifying
  qapi/common.json and tests/machine-none-test.c]
Signed-off-by: Philippe Mathieu-Daudé 
---
 configure  | 8 
 default-configs/rx-softmmu.mak | 3 +++
 qapi/machine.json  | 3 ++-
 include/exec/poison.h  | 1 +
 include/sysemu/arch_init.h | 1 +
 arch_init.c| 2 ++
 tests/machine-none-test.c  | 1 +
 hw/Kconfig | 1 +
 8 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 default-configs/rx-softmmu.mak

diff --git a/configure b/configure
index 28ee2a254f..d0ec433d72 100755
--- a/configure
+++ b/configure
@@ -7690,6 +7690,11 @@ case "$target_name" in
 mttcg=yes
 gdb_xml_files="riscv-64bit-cpu.xml riscv-64bit-fpu.xml riscv-64bit-csr.xml 
riscv-64bit-virtual.xml"
   ;;
+  rx)
+TARGET_ARCH=rx
+bflt="yes"
+target_compiler=$cross_cc_rx
+  ;;
   sh4|sh4eb)
 TARGET_ARCH=sh4
 bflt="yes"
@@ -7871,6 +7876,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
   riscv*)
 disas_config "RISCV"
   ;;
+  rx)
+disas_config "RX"
+  ;;
   s390*)
 disas_config "S390"
   ;;
diff --git a/default-configs/rx-softmmu.mak b/default-configs/rx-softmmu.mak
new file mode 100644
index 00..a3eecefb11
--- /dev/null
+++ b/default-configs/rx-softmmu.mak
@@ -0,0 +1,3 @@
+# Default configuration for rx-softmmu
+
+CONFIG_RX_VIRT=y
diff --git a/qapi/machine.json b/qapi/machine.json
index b3d30bc816..57703c9696 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -21,6 +21,7 @@
 #is true even for "qemu-system-x86_64".
 #
 # ppcemb: dropped in 3.1
+# rx: added in 5.0
 #
 # Since: 3.0
 ##
@@ -28,7 +29,7 @@
   'data' : [ 'aarch64', 'alpha', 'arm', 'cris', 'hppa', 'i386', 'lm32',
  'm68k', 'microblaze', 'microblazeel', 'mips', 'mips64',
  'mips64el', 'mipsel', 'moxie', 'nios2', 'or1k', 'ppc',
- 'ppc64', 'riscv32', 'riscv64', 's390x', 'sh4',
+ 'ppc64', 'riscv32', 'riscv64', 'rx', 's390x', 'sh4',
  'sh4eb', 'sparc', 'sparc64', 'tricore', 'unicore32',
  'x86_64', 'xtensa', 'xtensaeb' ] }
 
diff --git a/include/exec/poison.h b/include/exec/poison.h
index 955eb863ab..7b9ac361dc 100644
--- a/include/exec/poison.h
+++ b/include/exec/poison.h
@@ -26,6 +26,7 @@
 #pragma GCC poison TARGET_PPC
 #pragma GCC poison TARGET_PPC64
 #pragma GCC poison TARGET_ABI32
+#pragma GCC poison TARGET_RX
 #pragma GCC poison TARGET_S390X
 #pragma GCC poison TARGET_SH4
 #pragma GCC poison TARGET_SPARC
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index 62c6fe4cf1..6c011acc52 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -24,6 +24,7 @@ enum {
 QEMU_ARCH_NIOS2 = (1 << 17),
 QEMU_ARCH_HPPA = (1 << 18),
 QEMU_ARCH_RISCV = (1 << 19),
+QEMU_ARCH_RX = (1 << 20),
 };
 
 extern const uint32_t arch_type;
diff --git a/arch_init.c b/arch_init.c
index 705d0b94ad..d9eb0ec1dd 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -77,6 +77,8 @@ int graphic_depth = 32;
 #define QEMU_ARCH QEMU_ARCH_PPC
 #elif defined(TARGET_RISCV)
 #define QEMU_ARCH QEMU_ARCH_RISCV
+#elif defined(TARGET_RX)
+#define QEMU_ARCH QEMU_ARCH_RX
 #elif defined(TARGET_S390X)
 #define QEMU_ARCH QEMU_ARCH_S390X
 #elif defined(TARGET_SH4)
diff --git a/tests/machine-none-test.c b/tests/machine-none-test.c
index 5953d31755..8bb54a6360 100644
--- a/tests/machine-none-test.c
+++ b/tests/machine-none-test.c
@@ -56,6 +56,7 @@ static struct arch2cpu cpus_map[] = {
 { "hppa", "hppa" },
 { "riscv64", "rv64gcsu-v1.10.0" },
 { "riscv32", "rv32gcsu-v1.9.1" },
+{ "rx", "rx62n" },
 };
 
 static const char *get_cpu_model_by_arch(const char *arch)
diff --git a/hw/Kconfig b/hw/Kconfig
index ecf491bf04..62f9ebdc22 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -55,6 +55,7 @@ source nios2/Kconfig
 source openrisc/Kconfig
 source ppc/Kconfig
 source riscv/Kconfig
+source rx/Kconfig
 source s390x/Kconfig
 source sh4/Kconfig
 source sparc/Kconfig
-- 
2.20.1

[PATCH v28 18/22] hw/rx: Honor -accel qtest

[Yoshinori Sato]

From: Richard Henderson 

Issue an error if no kernel, no bios, and not qtest'ing.
Fixes make check-qtest-rx: test/qom-test.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-16-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
We could squash this with the previous patch
---
 hw/rx/rx62n.c | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/rx/rx62n.c b/hw/rx/rx62n.c
index ac47f2a397..a0986fd15e 100644
--- a/hw/rx/rx62n.c
+++ b/hw/rx/rx62n.c
@@ -21,12 +21,14 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qemu/error-report.h"
 #include "hw/hw.h"
 #include "hw/rx/rx62n.h"
 #include "hw/loader.h"
 #include "hw/sysbus.h"
 #include "hw/qdev-properties.h"
 #include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
 #include "cpu.h"
 
 /*
@@ -191,8 +193,14 @@ static void rx62n_realize(DeviceState *dev, Error **errp)
 memory_region_init_rom(&s->c_flash, NULL, "codeflash",
RX62N_CFLASH_SIZE, errp);
 memory_region_add_subregion(s->sysmem, RX62N_CFLASH_BASE, &s->c_flash);
+
 if (!s->kernel) {
-rom_add_file_fixed(bios_name, RX62N_CFLASH_BASE, 0);
+if (bios_name) {
+rom_add_file_fixed(bios_name, RX62N_CFLASH_BASE, 0);
+}  else if (!qtest_enabled()) {
+error_report("No bios or kernel specified");
+exit(1);
+}
 }
 
 /* Initialize CPU */
-- 
2.20.1

[PATCH v28 16/22] hw/char: RX62N serial communication interface (SCI)

[Yoshinori Sato]

This module supported only non FIFO type.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-8-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/hw/char/renesas_sci.h |  45 +
 hw/char/renesas_sci.c | 343 ++
 hw/char/Kconfig   |   3 +
 hw/char/Makefile.objs |   1 +
 4 files changed, 392 insertions(+)
 create mode 100644 include/hw/char/renesas_sci.h
 create mode 100644 hw/char/renesas_sci.c

diff --git a/include/hw/char/renesas_sci.h b/include/hw/char/renesas_sci.h
new file mode 100644
index 00..50d1336944
--- /dev/null
+++ b/include/hw/char/renesas_sci.h
@@ -0,0 +1,45 @@
+/*
+ * Renesas Serial Communication Interface
+ *
+ * Copyright (c) 2018 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#include "chardev/char-fe.h"
+#include "qemu/timer.h"
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_SCI "renesas-sci"
+#define RSCI(obj) OBJECT_CHECK(RSCIState, (obj), TYPE_RENESAS_SCI)
+
+enum {
+ERI = 0,
+RXI = 1,
+TXI = 2,
+TEI = 3,
+SCI_NR_IRQ = 4,
+};
+
+typedef struct {
+SysBusDevice parent_obj;
+MemoryRegion memory;
+
+uint8_t smr;
+uint8_t brr;
+uint8_t scr;
+uint8_t tdr;
+uint8_t ssr;
+uint8_t rdr;
+uint8_t scmr;
+uint8_t semr;
+
+uint8_t read_ssr;
+int64_t trtime;
+int64_t rx_next;
+QEMUTimer *timer;
+CharBackend chr;
+uint64_t input_freq;
+qemu_irq irq[SCI_NR_IRQ];
+} RSCIState;
diff --git a/hw/char/renesas_sci.c b/hw/char/renesas_sci.c
new file mode 100644
index 00..df63c5292e
--- /dev/null
+++ b/hw/char/renesas_sci.c
@@ -0,0 +1,343 @@
+/*
+ * Renesas Serial Communication Interface
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/qdev-properties.h"
+#include "hw/char/renesas_sci.h"
+#include "migration/vmstate.h"
+#include "qemu/error-report.h"
+
+/* SCI register map */
+REG8(SMR, 0)
+  FIELD(SMR, CKS,  0, 2)
+  FIELD(SMR, MP,   2, 1)
+  FIELD(SMR, STOP, 3, 1)
+  FIELD(SMR, PM,   4, 1)
+  FIELD(SMR, PE,   5, 1)
+  FIELD(SMR, CHR,  6, 1)
+  FIELD(SMR, CM,   7, 1)
+REG8(BRR, 1)
+REG8(SCR, 2)
+  FIELD(SCR, CKE, 0, 2)
+  FIELD(SCR, TEIE, 2, 1)
+  FIELD(SCR, MPIE, 3, 1)
+  FIELD(SCR, RE,   4, 1)
+  FIELD(SCR, TE,   5, 1)
+  FIELD(SCR, RIE,  6, 1)
+  FIELD(SCR, TIE,  7, 1)
+REG8(TDR, 3)
+REG8(SSR, 4)
+  FIELD(SSR, MPBT, 0, 1)
+  FIELD(SSR, MPB,  1, 1)
+  FIELD(SSR, TEND, 2, 1)
+  FIELD(SSR, ERR, 3, 3)
+FIELD(SSR, PER,  3, 1)
+FIELD(SSR, FER,  4, 1)
+FIELD(SSR, ORER, 5, 1)
+  FIELD(SSR, RDRF, 6, 1)
+  FIELD(SSR, TDRE, 7, 1)
+REG8(RDR, 5)
+REG8(SCMR, 6)
+  FIELD(SCMR, SMIF, 0, 1)
+  FIELD(SCMR, SINV, 2, 1)
+  FIELD(SCMR, SDIR, 3, 1)
+  FIELD(SCMR, BCP2, 7, 1)
+REG8(SEMR, 7)
+  FIELD(SEMR, ACS0, 0, 1)
+  FIELD(SEMR, ABCS, 4, 1)
+
+static int can_receive(void *opaque)
+{
+RSCIState *sci = RSCI(opaque);
+if (sci->rx_next > qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)) {
+return 0;
+} else {
+return FIELD_EX8(sci->scr, SCR, RE);
+}
+}
+
+static void receive(void *opaque, const uint8_t *buf, int size)
+{
+RSCIState *sci = RSCI(opaque);
+sci->rx_next = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + sci->trtime;
+if (FIELD_EX8(sci->ssr, SSR, RDRF) || size > 1) {
+sci->ssr = FIELD_DP8(sci->ssr, SSR, ORER, 1);
+if (FIELD_EX8(sci->scr, SCR, RIE)) {
+qemu_set_irq(sci->irq[ERI], 1);
+}
+} else {
+sci->rdr = buf[0];
+sci->ssr = FIELD_DP8(sci->ssr, SSR, RDRF, 1);
+if (FIELD_EX8(sci->scr, SCR, RIE)) {
+qemu_irq_pulse(sci->irq[RXI]);
+}
+}
+}
+
+static void send_byte(RSCIState *sci)
+{
+if (qemu_chr_fe_backend_connected(&sci->chr)) {
+qemu_chr_fe_write_all(&sci->chr, &sci->tdr, 1);
+}
+timer_mod(sci->timer,
+ 

[PATCH v28 17/22] hw/rx: RX Target hardware definition

[Yoshinori Sato]

rx62n - RX62N cpu.
rx-virt - RX QEMU virtual target.

v23 changes.
Add missing includes.

v21 changes.
rx_load_image move to rx-virt.c

Signed-off-by: Yoshinori Sato 

Message-Id: <20190616142836.10614-17-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-9-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
[PMD: Use TYPE_RX62N_CPU, use #define for RX62N_NR_TMR/CMT/SCI,
 renamed CPU -> MCU, device -> microcontroller]
Signed-off-by: Philippe Mathieu-Daudé 
---
v19: Fixed typo (Peter Maydell)
Signed-off-by: Yoshinori Sato 
---
 include/hw/rx/rx.h|   7 ++
 include/hw/rx/rx62n.h |  91 
 hw/rx/rx-virt.c   | 127 ++
 hw/rx/rx62n.c | 239 ++
 hw/rx/Kconfig |  14 +++
 hw/rx/Makefile.objs   |   2 +
 6 files changed, 480 insertions(+)
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 hw/rx/rx-virt.c
 create mode 100644 hw/rx/rx62n.c
 create mode 100644 hw/rx/Kconfig
 create mode 100644 hw/rx/Makefile.objs

diff --git a/include/hw/rx/rx.h b/include/hw/rx/rx.h
new file mode 100644
index 00..ff5924b81f
--- /dev/null
+++ b/include/hw/rx/rx.h
@@ -0,0 +1,7 @@
+#ifndef QEMU_RX_H
+#define QEMU_RX_H
+/* Definitions for RX board emulation.  */
+
+#include "target/rx/cpu-qom.h"
+
+#endif
diff --git a/include/hw/rx/rx62n.h b/include/hw/rx/rx62n.h
new file mode 100644
index 00..97ea8ddb8e
--- /dev/null
+++ b/include/hw/rx/rx62n.h
@@ -0,0 +1,91 @@
+/*
+ * RX62N MCU Object
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_RX_RX62N_H
+#define HW_RX_RX62N_H
+
+#include "hw/sysbus.h"
+#include "hw/intc/rx_icu.h"
+#include "hw/timer/renesas_tmr.h"
+#include "hw/timer/renesas_cmt.h"
+#include "hw/char/renesas_sci.h"
+#include "target/rx/cpu.h"
+#include "qemu/units.h"
+
+#define TYPE_RX62N "rx62n"
+#define RX62N(obj) OBJECT_CHECK(RX62NState, (obj), TYPE_RX62N)
+
+#define RX62N_NR_TMR2
+#define RX62N_NR_CMT2
+#define RX62N_NR_SCI6
+
+typedef struct RX62NState {
+SysBusDevice parent_obj;
+
+RXCPU cpu;
+RXICUState icu;
+RTMRState tmr[RX62N_NR_TMR];
+RCMTState cmt[RX62N_NR_CMT];
+RSCIState sci[RX62N_NR_SCI];
+
+MemoryRegion *sysmem;
+bool kernel;
+
+MemoryRegion iram;
+MemoryRegion iomem1;
+MemoryRegion d_flash;
+MemoryRegion iomem2;
+MemoryRegion iomem3;
+MemoryRegion c_flash;
+qemu_irq irq[NR_IRQS];
+} RX62NState;
+
+/*
+ * RX62N Peripheral Address
+ * See users manual section 5
+ */
+#define RX62N_ICUBASE 0x00087000
+#define RX62N_TMRBASE 0x00088200
+#define RX62N_CMTBASE 0x00088000
+#define RX62N_SCIBASE 0x00088240
+
+/*
+ * RX62N Peripheral IRQ
+ * See users manual section 11
+ */
+#define RX62N_TMR_IRQBASE 174
+#define RX62N_CMT_IRQBASE 28
+#define RX62N_SCI_IRQBASE 214
+
+/*
+ * RX62N Internal Memory
+ * It is the value of R5F562N8.
+ * Please change the size for R5F562N7.
+ */
+#define RX62N_IRAM_BASE 0x
+#define RX62N_IRAM_SIZE (96 * KiB)
+#define RX62N_DFLASH_BASE 0x0010
+#define RX62N_DFLASH_SIZE (32 * KiB)
+#define RX62N_CFLASH_BASE 0xfff8
+#define RX62N_CFLASH_SIZE (512 * KiB)
+
+#define RX62N_PCLK (48 * 1000 * 1000)
+#endif
diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
new file mode 100644
index 00..4cfe2e3123
--- /dev/null
+++ b/hw/rx/rx-virt.c
@@ -0,0 +1,127 @@
+/*
+ * RX QEMU virtual platform
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#i

[PATCH v28 07/22] target/rx: RX disassembler

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-5-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/disas/dis-asm.h |5 +
 target/rx/disas.c   | 1480 +++
 2 files changed, 1485 insertions(+)
 create mode 100644 target/rx/disas.c

diff --git a/include/disas/dis-asm.h b/include/disas/dis-asm.h
index e9c7dd8eb4..a900bd0a27 100644
--- a/include/disas/dis-asm.h
+++ b/include/disas/dis-asm.h
@@ -226,6 +226,10 @@ enum bfd_architecture
 #define bfd_mach_nios2r22
   bfd_arch_lm32,   /* Lattice Mico32 */
 #define bfd_mach_lm32 1
+  bfd_arch_rx,   /* Renesas RX */
+#define bfd_mach_rx0x75
+#define bfd_mach_rx_v2 0x76
+#define bfd_mach_rx_v3 0x77
   bfd_arch_last
   };
 #define bfd_mach_s390_31 31
@@ -433,6 +437,7 @@ int print_insn_little_nios2 (bfd_vma, 
disassemble_info*);
 int print_insn_xtensa   (bfd_vma, disassemble_info*);
 int print_insn_riscv32  (bfd_vma, disassemble_info*);
 int print_insn_riscv64  (bfd_vma, disassemble_info*);
+int print_insn_rx(bfd_vma, disassemble_info *);
 
 #if 0
 /* Fetch the disassembler for a given BFD, if that support is available.  */
diff --git a/target/rx/disas.c b/target/rx/disas.c
new file mode 100644
index 00..8cada4825d
--- /dev/null
+++ b/target/rx/disas.c
@@ -0,0 +1,1480 @@
+/*
+ * Renesas RX Disassembler
+ *
+ * Copyright (c) 2019 Yoshinori Sato 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "disas/dis-asm.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+
+typedef struct DisasContext {
+disassemble_info *dis;
+uint32_t addr;
+uint32_t pc;
+} DisasContext;
+
+
+static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
+   int i, int n)
+{
+bfd_byte buf;
+while (++i <= n) {
+ctx->dis->read_memory_func(ctx->addr++, &buf, 1, ctx->dis);
+insn |= buf << (32 - i * 8);
+}
+return insn;
+}
+
+static int32_t li(DisasContext *ctx, int sz)
+{
+int32_t addr;
+bfd_byte buf[4];
+addr = ctx->addr;
+
+switch (sz) {
+case 1:
+ctx->addr += 1;
+ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
+return (int8_t)buf[0];
+case 2:
+ctx->addr += 2;
+ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
+return ldsw_le_p(buf);
+case 3:
+ctx->addr += 3;
+ctx->dis->read_memory_func(addr, buf, 3, ctx->dis);
+return (int8_t)buf[2] << 16 | lduw_le_p(buf);
+case 0:
+ctx->addr += 4;
+ctx->dis->read_memory_func(addr, buf, 4, ctx->dis);
+return ldl_le_p(buf);
+default:
+g_assert_not_reached();
+}
+}
+
+static int bdsp_s(DisasContext *ctx, int d)
+{
+/*
+ * 0 -> 8
+ * 1 -> 9
+ * 2 -> 10
+ * 3 -> 3
+ * :
+ * 7 -> 7
+ */
+if (d < 3) {
+d += 8;
+}
+return d;
+}
+
+/* Include the auto-generated decoder.  */
+#include "decode.inc.c"
+
+#define prt(...) (ctx->dis->fprintf_func)((ctx->dis->stream), __VA_ARGS__)
+
+#define RX_MEMORY_BYTE 0
+#define RX_MEMORY_WORD 1
+#define RX_MEMORY_LONG 2
+
+#define RX_IM_BYTE 0
+#define RX_IM_WORD 1
+#define RX_IM_LONG 2
+#define RX_IM_UWORD 3
+
+static const char size[] = {'b', 'w', 'l'};
+static const char cond[][4] = {
+"eq", "ne", "c", "nc", "gtu", "leu", "pz", "n",
+"ge", "lt", "gt", "le", "o", "no", "ra", "f"
+};
+static const char psw[] = {
+'c', 'z', 's', 'o', 0, 0, 0, 0,
+'i', 'u', 0, 0, 0, 0, 0, 0,
+};
+
+static uint32_t rx_index_addr(int ld, int size, DisasContext *ctx)
+{
+bfd_byte buf[2];
+switch (ld) {
+case 0:
+return 0;
+case 1:
+ctx->dis->read_memory_func(ctx->addr, buf, 1, ctx->dis);
+ctx->addr += 1;
+return ((uint8_t)buf[0]) << size;
+case 2:
+ctx->dis->read_memory_func(ctx->addr, buf, 2, ctx->dis);
+ctx->addr += 2;
+return lduw_le_p(buf) << size;
+}
+g_assert_not_reached();
+}
+
+static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
+{
+int dsp;
+static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
+if (ld < 3) {
+switch (mi) {
+case 4:
+/* dsp[rs].ub */
+dsp = rx_index_addr(ld, RX_MEMORY

[PATCH v28 04/22] target/rx: TCG translation

[Yoshinori Sato]

This part only supported RXv1 instructions.
Instruction manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01us0032ej0120_rxsm.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-2-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/translate.c   | 2432 +++
 target/rx/Makefile.objs |   12 +
 target/rx/insns.decode  |  621 ++
 3 files changed, 3065 insertions(+)
 create mode 100644 target/rx/translate.c
 create mode 100644 target/rx/Makefile.objs
 create mode 100644 target/rx/insns.decode

diff --git a/target/rx/translate.c b/target/rx/translate.c
new file mode 100644
index 00..21a67db570
--- /dev/null
+++ b/target/rx/translate.c
@@ -0,0 +1,2432 @@
+/*
+ *  RX translation
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bswap.h"
+#include "qemu/qemu-print.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "tcg-op.h"
+#include "exec/cpu_ldst.h"
+#include "exec/helper-proto.h"
+#include "exec/helper-gen.h"
+#include "exec/translator.h"
+#include "trace-tcg.h"
+#include "exec/log.h"
+
+typedef struct DisasContext {
+DisasContextBase base;
+CPURXState *env;
+uint32_t pc;
+} DisasContext;
+
+typedef struct DisasCompare {
+TCGv value;
+TCGv temp;
+TCGCond cond;
+} DisasCompare;
+
+const char rx_crname[][6] = {
+"psw", "pc", "usp", "fpsw", "", "", "", "",
+"bpsw", "bpc", "isp", "fintv", "intb", "", "", "",
+};
+
+/* Target-specific values for dc->base.is_jmp.  */
+#define DISAS_JUMPDISAS_TARGET_0
+#define DISAS_UPDATE  DISAS_TARGET_1
+#define DISAS_EXITDISAS_TARGET_2
+
+/* global register indexes */
+static TCGv cpu_regs[16];
+static TCGv cpu_psw_o, cpu_psw_s, cpu_psw_z, cpu_psw_c;
+static TCGv cpu_psw_i, cpu_psw_pm, cpu_psw_u, cpu_psw_ipl;
+static TCGv cpu_usp, cpu_fpsw, cpu_bpsw, cpu_bpc, cpu_isp;
+static TCGv cpu_fintv, cpu_intb, cpu_pc;
+static TCGv_i64 cpu_acc;
+
+#define cpu_sp cpu_regs[0]
+
+#include "exec/gen-icount.h"
+
+/* decoder helper */
+static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
+   int i, int n)
+{
+while (++i <= n) {
+uint8_t b = cpu_ldub_code(ctx->env, ctx->base.pc_next++);
+insn |= b << (32 - i * 8);
+}
+return insn;
+}
+
+static uint32_t li(DisasContext *ctx, int sz)
+{
+int32_t tmp, addr;
+CPURXState *env = ctx->env;
+addr = ctx->base.pc_next;
+
+tcg_debug_assert(sz < 4);
+switch (sz) {
+case 1:
+ctx->base.pc_next += 1;
+return cpu_ldsb_code(env, addr);
+case 2:
+ctx->base.pc_next += 2;
+return cpu_ldsw_code(env, addr);
+case 3:
+ctx->base.pc_next += 3;
+tmp = cpu_ldsb_code(env, addr + 2) << 16;
+tmp |= cpu_lduw_code(env, addr) & 0x;
+return tmp;
+case 0:
+ctx->base.pc_next += 4;
+return cpu_ldl_code(env, addr);
+}
+return 0;
+}
+
+static int bdsp_s(DisasContext *ctx, int d)
+{
+/*
+ * 0 -> 8
+ * 1 -> 9
+ * 2 -> 10
+ * 3 -> 3
+ * :
+ * 7 -> 7
+ */
+if (d < 3) {
+d += 8;
+}
+return d;
+}
+
+/* Include the auto-generated decoder. */
+#include "decode.inc.c"
+
+void rx_cpu_dump_state(CPUState *cs, FILE *f, int flags)
+{
+RXCPU *cpu = RXCPU(cs);
+CPURXState *env = &cpu->env;
+int i;
+uint32_t psw;
+
+psw = rx_cpu_pack_psw(env);
+qemu_fprintf(f, "pc=0x%08x psw=0x%08x\n",
+ env->pc, psw);
+for (i = 0; i < 16; i += 4) {
+qemu_fprintf(f, "r%d=0x%08x r%d=0x%08x r%d=0x%08x r%d=0x%08x\n",
+ i, env->regs[i], i + 1, env->regs[i + 1],
+ i + 2, env->regs[i + 2], i + 3, env->regs[i + 3]);
+}
+}
+
+static bool use_goto_tb(DisasContext *dc, target_ulong dest)
+{
+if (unlikely(dc->base.singlestep_enabled)) {
+return false;
+} else {
+return true;
+}
+}
+
+static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
+{
+if (use_goto_tb(dc, dest)) {
+tcg_gen_goto_tb(n);
+tcg_gen_movi_i32(cpu_pc, dest);
+tcg_gen_exit_tb(dc->base.tb, n);
+} else {
+tcg_gen_movi_i32(cpu_pc, dest);
+   

Re: [PATCH v28 00/22] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20200112124913.94959-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PATCH v28 00/22] Add RX archtecture support
Type: series
Message-id: 20200112124913.94959-1-ys...@users.sourceforge.jp

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
026424c qemu-doc.texi: Add RX section.
43df918 BootLinuxConsoleTest: Test the RX-Virt machine
a569f77 Add rx-softmmu
8f12a47 hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
02960cc hw/rx: Honor -accel qtest
9d25ce1 hw/rx: RX Target hardware definition
54ad24f hw/char: RX62N serial communication interface (SCI)
3d02ca6 hw/timer: RX62N internal timer modules
e0ba72f hw/intc: RX62N interrupt controller (ICUa)
5620d0b target/rx: Dump bytes for each insn during disassembly
f60e312 target/rx: Collect all bytes during disassembly
a0f74d3 target/rx: Emit all disassembly in one prt()
e652144 target/rx: Use prt_ldmi for XCHG_mr disassembly
7f42d50 target/rx: Replace operand with prt_ldmi in disassembler
bff2d28 target/rx: Disassemble rx_index_addr into a string
7e2a7a9 target/rx: RX disassembler
beab025 target/rx: CPU definition
2ef24ae target/rx: TCG helper
5269786 target/rx: TCG translation
7ef5260 hw/registerfields.h: Add 8bit and 16bit register macros
48a408f qemu/bitops.h: Add extract8 and extract16
940bb87 MAINTAINERS: Add RX

=== OUTPUT BEGIN ===
1/22 Checking commit 940bb8785a47 (MAINTAINERS: Add RX)
2/22 Checking commit 48a408ff9633 (qemu/bitops.h: Add extract8 and extract16)
3/22 Checking commit 7ef5260d756d (hw/registerfields.h: Add 8bit and 16bit 
register macros)
Use of uninitialized value in concatenation (.) or string at 
./scripts/checkpatch.pl line 2484.
ERROR: Macros with multiple statements should be enclosed in a do - while loop
#27: FILE: include/hw/registerfields.h:25:
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#31: FILE: include/hw/registerfields.h:29:
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };

total: 2 errors, 0 warnings, 56 lines checked

Patch 3/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

4/22 Checking commit 52697860d4d7 (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 4/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/22 Checking commit 2ef24aef4583 (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#21: 
new file mode 100644

total: 0 errors, 1 warnings, 650 lines checked

Patch 5/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/22 Checking commit beab0251cc7e (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#32: 
new file mode 100644

total: 0 errors, 1 warnings, 588 lines checked

Patch 6/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/22 Checking commit 7e2a7a9e4f15 (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 7/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/22 Checking commit bff2d286fd76 (target/rx: Disassemble rx_index_addr into a 
string)
9/22 Checking commit 7f42d5046602 (target/rx: Replace operand with prt_ldmi in 
disassembler)
10/22 Checking commit e65214408839 (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
11/22 Checking commit a0f74d308947 (target/rx: Emit all disassembly in one 
prt())
12/22 Checking commit f60e3125f8cf (target/rx: Collect all bytes during 
disassembly)
13/22 Checking commit 5620d0b56a27 (target/rx: Dump bytes for each insn during 
disassembly)
14/22 Checking commit e0ba72f7b818 (hw/intc: RX62N interrupt controller (ICUa))
WARNING: added, moved or deleted file(s

Re: [PATCH 10/15] memory: Replace current_machine by qdev_get_machine()

[Philippe Mathieu-Daudé]

On 1/12/20 10:48 AM, Alistair Francis wrote:

On Thu, Jan 9, 2020 at 11:29 PM Philippe Mathieu-Daudé
 wrote:


As we want to remove the global current_machine,
replace 'current_machine' by MACHINE(qdev_get_machine()).

Signed-off-by: Philippe Mathieu-Daudé 
---
  memory.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/memory.c b/memory.c
index d7b9bb6951..57e38b1f50 100644
--- a/memory.c
+++ b/memory.c
@@ -3004,6 +3004,7 @@ static void mtree_print_flatview(gpointer key, gpointer 
value,
  int n = view->nr;
  int i;
  AddressSpace *as;
+MachineState *ms;

  qemu_printf("FlatView #%d\n", fvi->counter);
  ++fvi->counter;
@@ -3026,6 +3027,7 @@ static void mtree_print_flatview(gpointer key, gpointer 
value,
  return;
  }

+ms = MACHINE(qdev_get_machine());


Why not set this at the top?


Calling qdev_get_machine() is not free as it does some introspection 
checks. Since we can return earlier if there are no rendered FlatView, I 
placed the machinestate initialization just before it we need to access it.



Alistair


  while (n--) {
  mr = range->mr;
  if (range->offset_in_region) {
@@ -3057,7 +3059,7 @@ static void mtree_print_flatview(gpointer key, gpointer 
value,
  if (fvi->ac) {
  for (i = 0; i < fv_address_spaces->len; ++i) {
  as = g_array_index(fv_address_spaces, AddressSpace*, i);
-if (fvi->ac->has_memory(current_machine, as,
+if (fvi->ac->has_memory(ms, as,
  int128_get64(range->addr.start),
  MR_SIZE(range->addr.size) + 1)) {
  qemu_printf(" %s", fvi->ac->name);
--
2.21.1

Re: [PATCH v28 00/22] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20200112124913.94959-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PATCH v28 00/22] Add RX archtecture support
Type: series
Message-id: 20200112124913.94959-1-ys...@users.sourceforge.jp

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
9c8993a qemu-doc.texi: Add RX section.
b31e438 BootLinuxConsoleTest: Test the RX-Virt machine
94d50a2 Add rx-softmmu
5d809ac hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
cfae030 hw/rx: Honor -accel qtest
65c9f90 hw/rx: RX Target hardware definition
5cc9572 hw/char: RX62N serial communication interface (SCI)
56dc57a hw/timer: RX62N internal timer modules
4378db2 hw/intc: RX62N interrupt controller (ICUa)
b692705 target/rx: Dump bytes for each insn during disassembly
32dc7d6 target/rx: Collect all bytes during disassembly
0257d0f target/rx: Emit all disassembly in one prt()
38fc5ec target/rx: Use prt_ldmi for XCHG_mr disassembly
7770d4e target/rx: Replace operand with prt_ldmi in disassembler
04f0e2e target/rx: Disassemble rx_index_addr into a string
60f3f19 target/rx: RX disassembler
a5da94c target/rx: CPU definition
017772d target/rx: TCG helper
9ff83af target/rx: TCG translation
7388b99 hw/registerfields.h: Add 8bit and 16bit register macros
9c71fe7 qemu/bitops.h: Add extract8 and extract16
e31179b MAINTAINERS: Add RX

=== OUTPUT BEGIN ===
1/22 Checking commit e31179b04884 (MAINTAINERS: Add RX)
2/22 Checking commit 9c71fe7faec8 (qemu/bitops.h: Add extract8 and extract16)
3/22 Checking commit 7388b996fcc3 (hw/registerfields.h: Add 8bit and 16bit 
register macros)
Use of uninitialized value in concatenation (.) or string at 
./scripts/checkpatch.pl line 2484.
ERROR: Macros with multiple statements should be enclosed in a do - while loop
#27: FILE: include/hw/registerfields.h:25:
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#31: FILE: include/hw/registerfields.h:29:
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };

total: 2 errors, 0 warnings, 56 lines checked

Patch 3/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

4/22 Checking commit 9ff83afa1af6 (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 4/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/22 Checking commit 017772d3798b (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#21: 
new file mode 100644

total: 0 errors, 1 warnings, 650 lines checked

Patch 5/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/22 Checking commit a5da94c91154 (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#32: 
new file mode 100644

total: 0 errors, 1 warnings, 588 lines checked

Patch 6/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/22 Checking commit 60f3f191676e (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 7/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/22 Checking commit 04f0e2e75777 (target/rx: Disassemble rx_index_addr into a 
string)
9/22 Checking commit 7770d4e19c0d (target/rx: Replace operand with prt_ldmi in 
disassembler)
10/22 Checking commit 38fc5ec9ace5 (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
11/22 Checking commit 0257d0f103e0 (target/rx: Emit all disassembly in one 
prt())
12/22 Checking commit 32dc7d60b331 (target/rx: Collect all bytes during 
disassembly)
13/22 Checking commit b692705e6235 (target/rx: Dump bytes for each insn during 
disassembly)
14/22 Checking commit 4378db2a66e8 (hw/intc: RX62N interrupt controller (ICUa))
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#40: 
new file 

Re: [PATCH v40 00/21] QEMU AVR 8 bit cores

[Michael Rolnik]

Hi all,

any news?

Regards,
Michael Rolnik


On Sun, Dec 29, 2019 at 1:52 PM Michael Rolnik  wrote:

> This series of patches adds 8bit AVR cores to QEMU.
> All instruction, except BREAK/DES/SPM/SPMX, are implemented. Not fully
> tested yet.
> However I was able to execute simple code with functions. e.g fibonacci
> calculation.
> This series of patches include a non real, sample board.
> No fuses support yet. PC is set to 0 at reset.
>
> Following are examples of possible usages, assuming program.elf is
> compiled for AVR cpu
> 1.  Continious non interrupted execution
> run `qemu-system-avr -kernel program.elf`
> 2.  Continious non interrupted execution with serial output into telnet
> window
> run `qemu-system-avr -kernel program.elf -serial
> tcp::5678,server,nowait -nographic `
> run `telent localhost 5678`
> 3.  Continious non interrupted execution with serial output into stdout
> run `qemu-system-avr -kernel program.elf -serial stdio`
> 4.  Debugging wit GDB debugger
> run `qemu-system-avr -kernel program.elf -s -S`
> run `avr-gdb program.elf` and then within GDB shell `target remote
> :1234`
> 5.  Print out executed instructions
> run `qemu-system-avr -kernel program.elf -d in_asm`
>
>
> the patches include the following
> 1. just a basic 8bit AVR CPU, without instruction decoding or translation
> 2. CPU features which allow define the following 8bit AVR cores
>  avr1
>  avr2 avr25
>  avr3 avr31 avr35
>  avr4
>  avr5 avr51
>  avr6
>  xmega2 xmega4 xmega5 xmega6 xmega7
> 3. a definition of sample machine with SRAM, FLASH and CPU which allows to
> execute simple code
> 4. encoding for all AVR instructions
> 5. interrupt handling
> 6. helpers for IN, OUT, SLEEP, WBR & unsupported instructions
> 7. a decoder which given an opcode decides what istruction it is
> 8. translation of AVR instruction into TCG
> 9. all features together
>
> changes since v3
> 1. rampD/X/Y/Z registers are encoded as 0x00ff (instead of 0x00ff)
> for faster address manipulaton
> 2. ffs changed to ctz32
> 3. duplicate code removed at avr_cpu_do_interrupt
> 4. using andc instead of not + and
> 5. fixing V flag calculation in varios instructions
> 6. freeing local variables in PUSH
> 7. tcg_const_local_i32 -> tcg_const_i32
> 8. using sextract32 instead of my implementation
> 9. fixing BLD instruction
> 10.xor(r) instead of 0xff - r at COM
> 11.fixing MULS/MULSU not to modify inputs' content
> 12.using SUB for NEG
> 13.fixing tcg_gen_qemu_ld/st call in XCH
>
> changes since v4
> 1. target is now defined as big endian in order to optimize
> push_ret/pop_ret
> 2. all style warnings are fixed
> 3. adding cpu_set/get_sreg functions
> 4. simplifying gen_goto_tb as there is no real paging
> 5. env->pc -> env->pc_w
> 6. making flag dump more compact
> 7. more spacing
> 8. renaming CODE/DATA_INDEX -> MMU_CODE/DATA_IDX
> 9. removing avr_set_feature
> 10. SPL/SPH set bug fix
> 11. switching stb_phys to cpu_stb_data
> 12. cleaning up avr_decode
> 13. saving sreg, rampD/X/Y/Z, eind in HW format (savevm)
> 14. saving CPU features (savevm)
>
> changes since v5
> 1. BLD bug fix
> 2. decoder generator is added
>
> chages since v6
> 1. using cpu_get_sreg/cpu_set_sreg in
> avr_cpu_gdb_read_register/avr_cpu_gdb_write_register
> 2. configure the target as little endian because otherwise GDB does not
> work
> 3. fixing and testing gen_push_ret/gen_pop_ret
>
> changes since v7
> 1. folding back v6
> 2. logging at helper_outb and helper_inb are done for non supported yet
> registers only
> 3. MAINTAINERS updated
>
> changes since v8
> 1. removing hw/avr from hw/Makefile.obj as it should not be built for all
> 2. making linux compilable
> 3. testing on
> a. Mac, Apple LLVM version 7.0.0
> b. Ubuntu 12.04, gcc 4.9.2
> c. Fedora 23, gcc 5.3.1
> 4. folding back some patches
> 5. translation bug fixes for ORI, CPI, XOR instructions
> 6. propper handling of cpu register writes though memory
>
> changes since v9
> 1. removing forward declarations of static functions
> 2. disabling debug prints
> 3. switching to case range instead of if else if ...
> 4. LD/ST IN/OUT accessing CPU maintainder registers are not routed to any
> device
> 5. commenst about sample board and sample IO device added
> 6. sample board description is more descriptive now
> 7. memory_region_allocate_system_memory is used to create RAM
> 8. now there are helper_fullrd & helper_fullwr when LD/ST try to access
> registers
>
> changes since v10
> 1. movig back fullwr & fullrd into the commit where outb and inb were
> introduced
> 2. changing tlb_fill function signature
> 3. adding empty line between functions
> 4. adding newline on the last line of the file
> 5. using tb->flags to generae full access ST/LD instructions
> 6. fixing SBRC bug
> 7. folding back 10th commit
> 8. whenever a new file is introduced it's added to Makefile.objs
>
> changes since v11
> 1. updating to v2.7.0-rc
> 2. removing assignment to env->fulla

[Bug 1859359] [NEW] xHCI and event ring handling

[Benjamin David Lunt]

Public bug reported:

I believe that the Event Ring handling in QEMU is not correct.  For
example, an Event Ring may have multiple segments.  However, the code in
xhci_write_event() (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb
/hcd-xhci.c;hb=HEAD#l645), starting with line 668, seems to only support
a single segment.

Also, QEMU is sending a spurious interrupt after the Guest writes to the
ERDP register due to the fact that the address written does not match
the current index.  This is because the index is incremented after
sending the event.  The xHCI specification states in section 5.5.2.3.3
"When software finishes processing an Event TRB, it will write the
address of that Event TRB to the ERDP."

Since xhci_write_event() has already incremented the index pointer
(intr->er_ep_idx), the check at line 3098
(https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-
xhci.c;hb=HEAD#l3090) no longer is valid.

I have not studied QEMU's code enough yet to offer a patch.  However,
this should be a simple fix.

intr->er_ep_idx++;
if (intr->er_ep_idx >= intr->er_table[intr->er_segment].er_size) {
  intr->er_ep_idx = 0;
  intr->er_segment++;
  if (intr->er_segment >= intr->er_table_size) {
intr->er_segment = 0;
intr->er_pcs = !intr->er_pcs;
  }
}

Being sure to incorporate this new segment member into the above code
(possibly as shown) as well as change the lines at 665 to use the new
segment member of the structure, and of course in the initialization
portion of the event ring.

As for the spurious interrupt at line 3101, a new member will need to be
added to the code to keep track of the last inserted ED (TRB) into the
Event Ring and then of course checking against this new member, not the
now newly incremented member.

I have sent an email to the author listed at the top of the file as
well, not sure if this is proper bug reporting etiquette or not.

Thank you.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859359

Title:
  xHCI and event ring handling

Status in QEMU:
  New

Bug description:
  I believe that the Event Ring handling in QEMU is not correct.  For
  example, an Event Ring may have multiple segments.  However, the code
  in xhci_write_event()
  (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-
  xhci.c;hb=HEAD#l645), starting with line 668, seems to only support a
  single segment.

  Also, QEMU is sending a spurious interrupt after the Guest writes to
  the ERDP register due to the fact that the address written does not
  match the current index.  This is because the index is incremented
  after sending the event.  The xHCI specification states in section
  5.5.2.3.3 "When software finishes processing an Event TRB, it will
  write the address of that Event TRB to the ERDP."

  Since xhci_write_event() has already incremented the index pointer
  (intr->er_ep_idx), the check at line 3098
  (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-
  xhci.c;hb=HEAD#l3090) no longer is valid.

  I have not studied QEMU's code enough yet to offer a patch.  However,
  this should be a simple fix.

  intr->er_ep_idx++;
  if (intr->er_ep_idx >= intr->er_table[intr->er_segment].er_size) {
intr->er_ep_idx = 0;
intr->er_segment++;
if (intr->er_segment >= intr->er_table_size) {
  intr->er_segment = 0;
  intr->er_pcs = !intr->er_pcs;
}
  }

  Being sure to incorporate this new segment member into the above code
  (possibly as shown) as well as change the lines at 665 to use the new
  segment member of the structure, and of course in the initialization
  portion of the event ring.

  As for the spurious interrupt at line 3101, a new member will need to
  be added to the code to keep track of the last inserted ED (TRB) into
  the Event Ring and then of course checking against this new member,
  not the now newly incremented member.

  I have sent an email to the author listed at the top of the file as
  well, not sure if this is proper bug reporting etiquette or not.

  Thank you.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859359/+subscriptions

Re: plugin order of registration and order of callback

[Peter Maydell]

On Fri, 10 Jan 2020 at 12:15, Alex Bennée  wrote:
> With that in mind we should say instruction callbacks are always before
> the instruction executes. The reason being is some instructions can
> fault and exit the run loop so any instrumentation inserted afterwards
> will never execute.

I suppose in theory we could also have an "instruction retired
successfully" event (by analogy with the h/w perf events that
some architectures have), if it's generally useful; it sounds
like it wouldn't solve the problem here though.

thanks
-- PMM

Ping: [PATCH v2] Implement the Screamer sound chip for the mac99 machine type

[John Arbuckle]

Ping

https://patchwork.kernel.org/patch/11311763/

This patch enables the playback of audio on a Mac OS 9 or Mac OS X guest.

Signed-off-by: John Arbuckle 
---
v2 changes:
- Fixed a bug that prevented the sampling rate from being changed.

 hw/audio/Kconfig  |   3 +
 hw/audio/Makefile.objs|   2 +
 hw/audio/screamer.c   | 993 ++
 hw/misc/macio/macio.c |  35 +-
 hw/ppc/Kconfig|   1 +
 hw/ppc/mac.h  |   5 +
 include/hw/audio/screamer.h   |  42 ++
 include/hw/misc/macio/macio.h |   2 +
 8 files changed, 1082 insertions(+), 1 deletion(-)
 create mode 100644 hw/audio/screamer.c
 create mode 100644 include/hw/audio/screamer.h

diff --git a/hw/audio/Kconfig b/hw/audio/Kconfig
index e9c6fed826..196da6c3fe 100644
--- a/hw/audio/Kconfig
+++ b/hw/audio/Kconfig
@@ -50,3 +50,6 @@ config CS4231
 
 config MARVELL_88W8618
 bool
+
+config SCREAMER
+bool
diff --git a/hw/audio/Makefile.objs b/hw/audio/Makefile.objs
index 63db383709..55906886bc 100644
--- a/hw/audio/Makefile.objs
+++ b/hw/audio/Makefile.objs
@@ -15,4 +15,6 @@ common-obj-$(CONFIG_CS4231) += cs4231.o
 common-obj-$(CONFIG_MARVELL_88W8618) += marvell_88w8618.o
 common-obj-$(CONFIG_MILKYMIST) += milkymist-ac97.o
 
+common-obj-$(CONFIG_SCREAMER) += screamer.o
+
 common-obj-y += soundhw.o
diff --git a/hw/audio/screamer.c b/hw/audio/screamer.c
new file mode 100644
index 00..d3a86d2e67
--- /dev/null
+++ b/hw/audio/screamer.c
@@ -0,0 +1,993 @@
+/*
+ * File: Screamer.c
+ * Description: Implement the Screamer sound chip used in Apple Macintoshes.
+ * It works by filling a buffer, then playing the buffer.
+ */
+
+#include "qemu/osdep.h"
+#include "audio/audio.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include 
+#include "hw/ppc/mac.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+#include "include/hw/audio/screamer.h"
+
+#define DEBUG_SCREAMER 0
+#define DPRINTF(fmt, ...) \
+do { if (DEBUG_SCREAMER) { printf(fmt , ## __VA_ARGS__); } } while (0)
+
+#define SOUND_CONTROL_REG  0
+#define CODEC_CONTROL_REG  1
+#define CODEC_STATUS_REG   2
+#define CLIP_COUNT_REG 3
+#define BYTE_SWAP_REG  4
+#define FRAME_COUNT_REG5
+
+#define AWACS_BUSY 0x0100
+
+/* Used with AWACS register 1 */
+#define RECALIBRATE 0x004
+#define LOOPTHRU0x040
+#define SPEAKER_MUTE0x080
+#define HEADPHONE_MUTE  0x200
+#define OUTPUT_ZERO 0x400
+#define OUTPUT_ONE  0x800
+#define PARALLEL_OUTPUT 0xc00
+
+/* Function prototypes */
+static uint32_t set_busy_bit(uint32_t value, int bit);
+static uint32_t set_part_ready_bit(uint32_t value, int bit_value);
+static uint32_t set_revision(uint32_t input_value);
+static uint32_t set_manufacturer(uint32_t input_value);
+static int get_sampling_rate(ScreamerState *s);
+static uint32_t get_frame_count_reg(ScreamerState *s);
+static void add_to_speaker_buffer(DBDMA_io *io);
+static void dma_request(DBDMA_io *io);
+
+
+/ Getters */
+
+/* Returns the codec control register's encoded AWACS address */
+static uint8_t get_codec_control_address(uint32_t value)
+{
+uint8_t return_value;
+return_value = (value >> 12) & 0x0fff;
+return return_value;
+}
+
+
+static uint32_t get_sound_control_reg(ScreamerState *s)
+{
+DPRINTF("%s() called - returned 0x%x\n", __func__, s->sound_control);
+return s->sound_control;
+}
+
+/* The AWACS registers are accessed thru this register */
+static uint32_t get_codec_control_reg(ScreamerState *s)
+{
+int awacs_register = get_codec_control_address(s->codec_control);
+uint32_t return_value = s->awacs[awacs_register];
+return_value = set_busy_bit(return_value, 0); /* Tell CPU we are ready */
+DPRINTF("%s() called - returned 0x%x\tAWACS register: %d\n", __func__,
+return_value, awacs_register);
+return return_value;
+}
+
+/*
+ * Determines if the readback bit is set.
+ * It is used by the Codec Control register.
+ */
+static bool readback_enabled(ScreamerState *s)
+{
+/* Note: bit zero is the readback enabled bit */
+if (s->awacs[7] & 1) {
+return true;
+} else {
+return false;
+}
+}
+
+static uint32_t get_codec_status_reg(ScreamerState *s)
+{
+uint32_t return_value;
+
+/* if in readback mode - return AWACS register value */
+if (readback_enabled(s)) {
+int awacs_register = (s->awacs[7] & 0xe) >> 1;
+s->awacs[7] = s->awacs[7] & 0xfffe; /* turn off readback mode */
+return_value = s->awacs[awacs_register] << 4;
+DPRINTF("readback enable bit is set, returning AWACS register %d\t"
+"value:0x%x\n", awacs_register, return_value);
+
+return return_value;
+}
+
+/* Tell CPU we are ready */
+return_value = set_part_ready_bit(s->codec_status, 1);
+
+/* Set Revision to Screamer */
+return_value = set_revision(return_valu

[Bug 1859359] Re: xHCI and event ring handling

[Benjamin David Lunt]

I failed to note above that the HCSPARAMS2 register does indeed limit
the count of segments in the Event Ring.  I guess as long as you never
change this value from one (1) you will be okay.

However, the spurious interrupt stuff still stands as a bug.

Thank you,
Ben

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859359

Title:
  xHCI and event ring handling

Status in QEMU:
  New

Bug description:
  I believe that the Event Ring handling in QEMU is not correct.  For
  example, an Event Ring may have multiple segments.  However, the code
  in xhci_write_event()
  (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-
  xhci.c;hb=HEAD#l645), starting with line 668, seems to only support a
  single segment.

  Also, QEMU is sending a spurious interrupt after the Guest writes to
  the ERDP register due to the fact that the address written does not
  match the current index.  This is because the index is incremented
  after sending the event.  The xHCI specification states in section
  5.5.2.3.3 "When software finishes processing an Event TRB, it will
  write the address of that Event TRB to the ERDP."

  Since xhci_write_event() has already incremented the index pointer
  (intr->er_ep_idx), the check at line 3098
  (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-
  xhci.c;hb=HEAD#l3090) no longer is valid.

  I have not studied QEMU's code enough yet to offer a patch.  However,
  this should be a simple fix.

  intr->er_ep_idx++;
  if (intr->er_ep_idx >= intr->er_table[intr->er_segment].er_size) {
intr->er_ep_idx = 0;
intr->er_segment++;
if (intr->er_segment >= intr->er_table_size) {
  intr->er_segment = 0;
  intr->er_pcs = !intr->er_pcs;
}
  }

  Being sure to incorporate this new segment member into the above code
  (possibly as shown) as well as change the lines at 665 to use the new
  segment member of the structure, and of course in the initialization
  portion of the event ring.

  As for the spurious interrupt at line 3101, a new member will need to
  be added to the code to keep track of the last inserted ED (TRB) into
  the Event Ring and then of course checking against this new member,
  not the now newly incremented member.

  I have sent an email to the author listed at the top of the file as
  well, not sure if this is proper bug reporting etiquette or not.

  Thank you.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859359/+subscriptions

Re: [PATCH 2/5] hw/arm: ast2600: Wire up the eMMC controller

[Andrew Jeffery]

On Fri, 10 Jan 2020, at 22:26, Cédric Le Goater wrote:
> >> +
> >> +    sysbus_init_child_obj(obj, "emmc", OBJECT(&s->emmc), sizeof(s->emmc),
> >> +  TYPE_ASPEED_SDHCI);
> >> +
> >> +    object_property_set_int(OBJECT(&s->emmc), 1, "num-slots", 
> >> &error_abort);
> >> +
> >> +    sysbus_init_child_obj(obj, "emmc[*]", OBJECT(&s->emmc.slots[0]),
> > 
> > Single block, so use "emmc" instead.
> 
> Andrew, how should we call the objects in the slots ? "sdhci" ? 

I think that's the right way to go, but maybe we need to rethink the naming at 
the
controller level.

Andrew

[Bug 1859359] Re: xHCI and event ring handling

[Benjamin David Lunt]

Please note that the current code reports zero (0)

https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-xhci.c#l2737

Bits 7:4 is this limit and the current code has these bits as zero.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859359

Title:
  xHCI and event ring handling

Status in QEMU:
  New

Bug description:
  I believe that the Event Ring handling in QEMU is not correct.  For
  example, an Event Ring may have multiple segments.  However, the code
  in xhci_write_event()
  (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-
  xhci.c;hb=HEAD#l645), starting with line 668, seems to only support a
  single segment.

  Also, QEMU is sending a spurious interrupt after the Guest writes to
  the ERDP register due to the fact that the address written does not
  match the current index.  This is because the index is incremented
  after sending the event.  The xHCI specification states in section
  5.5.2.3.3 "When software finishes processing an Event TRB, it will
  write the address of that Event TRB to the ERDP."

  Since xhci_write_event() has already incremented the index pointer
  (intr->er_ep_idx), the check at line 3098
  (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-
  xhci.c;hb=HEAD#l3090) no longer is valid.

  I have not studied QEMU's code enough yet to offer a patch.  However,
  this should be a simple fix.

  intr->er_ep_idx++;
  if (intr->er_ep_idx >= intr->er_table[intr->er_segment].er_size) {
intr->er_ep_idx = 0;
intr->er_segment++;
if (intr->er_segment >= intr->er_table_size) {
  intr->er_segment = 0;
  intr->er_pcs = !intr->er_pcs;
}
  }

  Being sure to incorporate this new segment member into the above code
  (possibly as shown) as well as change the lines at 665 to use the new
  segment member of the structure, and of course in the initialization
  portion of the event ring.

  As for the spurious interrupt at line 3101, a new member will need to
  be added to the code to keep track of the last inserted ED (TRB) into
  the Event Ring and then of course checking against this new member,
  not the now newly incremented member.

  I have sent an email to the author listed at the top of the file as
  well, not sure if this is proper bug reporting etiquette or not.

  Thank you.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859359/+subscriptions

[Bug 1859359] Re: xHCI and event ring handling

[Benjamin David Lunt]

My apologizes.  I forgot that it was 2^ERSTMAX.  I really need to get
some sleep :-)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859359

Title:
  xHCI and event ring handling

Status in QEMU:
  New

Bug description:
  I believe that the Event Ring handling in QEMU is not correct.  For
  example, an Event Ring may have multiple segments.  However, the code
  in xhci_write_event()
  (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-
  xhci.c;hb=HEAD#l645), starting with line 668, seems to only support a
  single segment.

  Also, QEMU is sending a spurious interrupt after the Guest writes to
  the ERDP register due to the fact that the address written does not
  match the current index.  This is because the index is incremented
  after sending the event.  The xHCI specification states in section
  5.5.2.3.3 "When software finishes processing an Event TRB, it will
  write the address of that Event TRB to the ERDP."

  Since xhci_write_event() has already incremented the index pointer
  (intr->er_ep_idx), the check at line 3098
  (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-
  xhci.c;hb=HEAD#l3090) no longer is valid.

  I have not studied QEMU's code enough yet to offer a patch.  However,
  this should be a simple fix.

  intr->er_ep_idx++;
  if (intr->er_ep_idx >= intr->er_table[intr->er_segment].er_size) {
intr->er_ep_idx = 0;
intr->er_segment++;
if (intr->er_segment >= intr->er_table_size) {
  intr->er_segment = 0;
  intr->er_pcs = !intr->er_pcs;
}
  }

  Being sure to incorporate this new segment member into the above code
  (possibly as shown) as well as change the lines at 665 to use the new
  segment member of the structure, and of course in the initialization
  portion of the event ring.

  As for the spurious interrupt at line 3101, a new member will need to
  be added to the code to keep track of the last inserted ED (TRB) into
  the Event Ring and then of course checking against this new member,
  not the now newly incremented member.

  I have sent an email to the author listed at the top of the file as
  well, not sure if this is proper bug reporting etiquette or not.

  Thank you.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859359/+subscriptions

[Bug 1859378] [NEW] xhci Control Transfer requiring a Status TRB before starting transfer

[Benjamin David Lunt]

Public bug reported:

This may not necessarily be a bug, but more of a change.

A little background may need to be in order.

With all USB Control transfers, there is a SETUP transfer, zero or more
DATA transfers, and if successful, a STATUS transfer.  This STATUS
transfer is used to indicate to the recipient that the previous
transfers were successful.  For example, in a CONTROL IN transfer, the
host sends a SETUP packet to the device, receives zero or more DATA
packets, and then on successful transfer, the HOST sends the STATUS
packet indicating to the device that all was received.

If no DATA packets are received, the HOST is not to send a STATUS
packet.  This could be due to a STALL or other error.

With this in mind, the STATUS transfer, in this case an xHCI STATUS TRB,
may not even be on the transfer ring yet.  The HOST software may be
waiting for a successful transfer before it submits the STATUS transfer.

However, if you look at the test at line 1701
(https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-xhci.c#l1701), the
current code will not start the CONTROL transfer at all if it doesn't
see that STATUS TRB on the ring.

In my opinion, this is in error.  It is not required that a STATUS TRB
be on the ring to start the CONTROL transfer.  This STATUS TRB can be
placed on the ring after a successful SETUP and zero or more DATA
transfers followed by a ring to the door bell.  Then after a successful
transfer to this point, placing this STATUS TRB on the ring and another
ring to the door bell.

In my opinion, the check at line 1701 should be removed.

Thank you,
Ben

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859378

Title:
  xhci Control Transfer requiring a Status TRB before starting transfer

Status in QEMU:
  New

Bug description:
  This may not necessarily be a bug, but more of a change.

  A little background may need to be in order.

  With all USB Control transfers, there is a SETUP transfer, zero or
  more DATA transfers, and if successful, a STATUS transfer.  This
  STATUS transfer is used to indicate to the recipient that the previous
  transfers were successful.  For example, in a CONTROL IN transfer, the
  host sends a SETUP packet to the device, receives zero or more DATA
  packets, and then on successful transfer, the HOST sends the STATUS
  packet indicating to the device that all was received.

  If no DATA packets are received, the HOST is not to send a STATUS
  packet.  This could be due to a STALL or other error.

  With this in mind, the STATUS transfer, in this case an xHCI STATUS
  TRB, may not even be on the transfer ring yet.  The HOST software may
  be waiting for a successful transfer before it submits the STATUS
  transfer.

  However, if you look at the test at line 1701
  (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-xhci.c#l1701),
  the current code will not start the CONTROL transfer at all if it
  doesn't see that STATUS TRB on the ring.

  In my opinion, this is in error.  It is not required that a STATUS TRB
  be on the ring to start the CONTROL transfer.  This STATUS TRB can be
  placed on the ring after a successful SETUP and zero or more DATA
  transfers followed by a ring to the door bell.  Then after a
  successful transfer to this point, placing this STATUS TRB on the ring
  and another ring to the door bell.

  In my opinion, the check at line 1701 should be removed.

  Thank you,
  Ben

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859378/+subscriptions

[Bug 1859378] Re: xhci Control Transfer requiring a Status TRB before starting transfer

[Benjamin David Lunt]

Removing this check will indeed require a bit of a re-write.  The way
the code is now, the transfer expects a SETUP packet to be first.  If
you remove the check I ask about above, will the next transfer show that
it is the STATUS packet?  If so, then the check at line 1696 will indeed
catch and not allow the STATUS packet to be accepted.

A little more work might need to be done to remove this check.

It is just a request.

Thank you,
Ben

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859378

Title:
  xhci Control Transfer requiring a Status TRB before starting transfer

Status in QEMU:
  New

Bug description:
  This may not necessarily be a bug, but more of a change.

  A little background may need to be in order.

  With all USB Control transfers, there is a SETUP transfer, zero or
  more DATA transfers, and if successful, a STATUS transfer.  This
  STATUS transfer is used to indicate to the recipient that the previous
  transfers were successful.  For example, in a CONTROL IN transfer, the
  host sends a SETUP packet to the device, receives zero or more DATA
  packets, and then on successful transfer, the HOST sends the STATUS
  packet indicating to the device that all was received.

  If no DATA packets are received, the HOST is not to send a STATUS
  packet.  This could be due to a STALL or other error.

  With this in mind, the STATUS transfer, in this case an xHCI STATUS
  TRB, may not even be on the transfer ring yet.  The HOST software may
  be waiting for a successful transfer before it submits the STATUS
  transfer.

  However, if you look at the test at line 1701
  (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-xhci.c#l1701),
  the current code will not start the CONTROL transfer at all if it
  doesn't see that STATUS TRB on the ring.

  In my opinion, this is in error.  It is not required that a STATUS TRB
  be on the ring to start the CONTROL transfer.  This STATUS TRB can be
  placed on the ring after a successful SETUP and zero or more DATA
  transfers followed by a ring to the door bell.  Then after a
  successful transfer to this point, placing this STATUS TRB on the ring
  and another ring to the door bell.

  In my opinion, the check at line 1701 should be removed.

  Thank you,
  Ben

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859378/+subscriptions

[Bug 1859378] Re: xhci Control Transfer requiring a Status TRB before starting transfer

[Benjamin David Lunt]

Just a little more information.

In section 4.11.2.2, page 159 of version 1.0 of the xHCI specification,
it states:


• The xHC shall NOT check for the following Control transfer error conditions.
  • If a Data Stage TD follows a Setup Stage TD, where wLength = ‘0’.
  • If a Status Stage TD does not follow a Setup Stage TD, where wLength = ‘0’.
  • If a Data Stage TD does not follow a Setup Stage TD, where wLength > ‘0’21.
  • If the total size of the Data Stage TD is not equal to wLength.
  • If the Data Stage TRB Direction (DIR) flag does not correspond to the 
definition in Table 7.
  • If the Status Stage TRB Direction (DIR) flag does not correspond to the 
definition in Table 7.
• The xHC is NOT required to check for the following Control transfer error 
conditions. 
  If system software is properly designed these error conditions will never 
occur. However 
  if the xHC does check for these conditions it shall generate a Transfer Event 
for the TRB
  that the error was detected on with the Completion Code set to TRB Error.
  • If a Status Stage TD does not follow a Data Stage TD.
  • If the Setup Stage TRB defines a Length not = 8.
  • If the Status Stage TRB defines a Length > 0.


I take the first bullet in the second set as it is not required that the
STATUS TRB be on the ring at this point in time.  However, if the
controller (xHC) does check, it must place an event TRB on the Event
ring indicating an error at the SETUP TRB.

Thank you for your time,
Ben

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859378

Title:
  xhci Control Transfer requiring a Status TRB before starting transfer

Status in QEMU:
  New

Bug description:
  This may not necessarily be a bug, but more of a change.

  A little background may need to be in order.

  With all USB Control transfers, there is a SETUP transfer, zero or
  more DATA transfers, and if successful, a STATUS transfer.  This
  STATUS transfer is used to indicate to the recipient that the previous
  transfers were successful.  For example, in a CONTROL IN transfer, the
  host sends a SETUP packet to the device, receives zero or more DATA
  packets, and then on successful transfer, the HOST sends the STATUS
  packet indicating to the device that all was received.

  If no DATA packets are received, the HOST is not to send a STATUS
  packet.  This could be due to a STALL or other error.

  With this in mind, the STATUS transfer, in this case an xHCI STATUS
  TRB, may not even be on the transfer ring yet.  The HOST software may
  be waiting for a successful transfer before it submits the STATUS
  transfer.

  However, if you look at the test at line 1701
  (https://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/hcd-xhci.c#l1701),
  the current code will not start the CONTROL transfer at all if it
  doesn't see that STATUS TRB on the ring.

  In my opinion, this is in error.  It is not required that a STATUS TRB
  be on the ring to start the CONTROL transfer.  This STATUS TRB can be
  placed on the ring after a successful SETUP and zero or more DATA
  transfers followed by a ring to the door bell.  Then after a
  successful transfer to this point, placing this STATUS TRB on the ring
  and another ring to the door bell.

  In my opinion, the check at line 1701 should be removed.

  Thank you,
  Ben

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859378/+subscriptions

[Bug 1859384] [NEW] arm gic: interrupt model never 1 on non-mpcore and race condition in gic_acknowledge_irq

[Alex Longwall]

Public bug reported:

For a 1-N interrupt (any SPI on the GICv2), as mandated by the TRM, only
one CPU can acknowledge the IRQ until it becomes inactive.

The TRM also mandates that SGIs and PPIs follow the N-N model and that
SPIs follow the 1-N model.

However this is not currently the case with QEMU. I have locally (no
minimal test case) seen e.g. uart interrupts being acknowledged twice
before having been deactivated (expected: irqId on one CPU and 1023 on
the other instead).

I have narrowed the issue down to the following:

1) arm_gic_common_reset resets all irq_state[id] fields to 0. This means
all IRQ will use the N-N model, and if s->revision != REV_11MPCORE, then
there's no way to set any interrupt to 1-N.

If ""fixed"" locally with a hackjob, I still have the following trace:

pl011_irq_state 534130.800 pid=2424 level=0x1
gic_set_irq 2.900 pid=2424 irq=0x21 level=0x1 cpumask=0xff target=0xff
gic_update_set_irq 3.300 pid=2424 cpu=0x0 name=irq level=0x1
gic_update_set_irq 4.200 pid=2424 cpu=0x1 name=irq level=0x1
gic_acknowledge_irq 539.400 pid=2424 s=cpu cpu=0x1 irq=0x21
gic_update_set_irq 269.800 pid=2424 cpu=0x0 name=irq level=0x1
gic_cpu_read 4.100 pid=2424 s=cpu cpu=0x1 addr=0xc val=0x21
gic_acknowledge_irq 15.600 pid=2424 s=cpu cpu=0x0 irq=0x21
gic_cpu_read 265.000 pid=2424 s=cpu cpu=0x0 addr=0xc val=0x21
pl011_write 1594.700 pid=2424 addr=0x44 value=0x50
pl011_irq_state 2.000 pid=2424 level=0x0
gic_set_irq 1.300 pid=2424 irq=0x21 level=0x0 cpumask=0xff target=0xff
pl011_write 30.700 pid=2424 addr=0x38 value=0x0
pl011_irq_state 1.200 pid=2424 level=0x0
gic_cpu_write 110.600 pid=2424 s=cpu cpu=0x0 addr=0x10 val=0x21
gic_cpu_write 193.400 pid=2424 s=cpu cpu=0x0 addr=0x1000 val=0x21
pl011_irq_state 1169.500 pid=2424 level=0x0

This is because:

2) gic_acknowledge_irq calls gic_clear_pending which uses
GIC_DIST_CLEAR_PENDING but this usually has no effect on level-sensitive
interrupts.

With this often being a no-op (ie. assuming ispendr was not written to),
any 1-n level-sensitive interrupt is still improperly pending on all the
other cores.

(Also, I don't really know how the qemu thread model works, there might
be race conditions in the acknowledgment logic if gic_acknowledge_irq is
called by multiple threads, too.)

Option used:
-nographic -machine virt,virtualization=on,accel=tcg,gic-version=2 -cpu 
cortex-a57 -smp 4 -m 1024
-kernel whatever.elf -d unimp,guest_errors -semihosting-config 
enable,target=native
-chardev stdio,id=uart -serial chardev:uart -monitor none
-trace gic_update_set_irq -trace gic_acknowledge_irq -trace pl011_irq_state 
-trace pl011_write -trace gic_cpu_read -trace gic_cpu_write
-trace gic_set_irq

Commit used: dc65a5bdc9fa543690a775b50d4ffbeb22c56d6d "Merge remote-
tracking branch 'remotes/dgibson/tags/ppc-for-5.0-20200108' into
staging"

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: arm gic

** Description changed:

  For a 1-N interrupt (any SPI on the GICv2), as mandated by the TRM, only
  one CPU can acknowledge the IRQ until it becomes inactive.
  
  The TRM also mandates that SGIs and PPIs follow the N-N model and that
  SPIs follow the 1-N model.
  
  However this is not currently the case with QEMU. I have locally (no
  minimal test case) seen e.g. uart interrupts being acknowledged twice
  before having been deactivated (expected: irqId on one CPU and 1023 on
  the other instead).
  
  I have narrowed the issue down to the following:
  
  1) arm_gic_common_reset resets all irq_state[id] fields to 0. This means
  all IRQ will use the N-N model, and if s->revision != REV_11MPCORE, then
  there's no way to set any interrupt to 1-N.
  
  **If fixed locally** with a hackjob, I still have the following trace:
  
  pl011_irq_state 534130.800 pid=2424 level=0x1
  gic_set_irq 2.900 pid=2424 irq=0x21 level=0x1 cpumask=0xff target=0xff
  gic_update_set_irq 3.300 pid=2424 cpu=0x0 name=irq level=0x1
  gic_update_set_irq 4.200 pid=2424 cpu=0x1 name=irq level=0x1
  gic_acknowledge_irq 539.400 pid=2424 s=cpu cpu=0x1 irq=0x21
  gic_update_set_irq 269.800 pid=2424 cpu=0x0 name=irq level=0x1
  gic_cpu_read 4.100 pid=2424 s=cpu cpu=0x1 addr=0xc val=0x21
  gic_acknowledge_irq 15.600 pid=2424 s=cpu cpu=0x0 irq=0x21
  gic_cpu_read 265.000 pid=2424 s=cpu cpu=0x0 addr=0xc val=0x21
  pl011_write 1594.700 pid=2424 addr=0x44 value=0x50
  pl011_irq_state 2.000 pid=2424 level=0x0
  gic_set_irq 1.300 pid=2424 irq=0x21 level=0x0 cpumask=0xff target=0xff
  pl011_write 30.700 pid=2424 addr=0x38 value=0x0
  pl011_irq_state 1.200 pid=2424 level=0x0
  gic_cpu_write 110.600 pid=2424 s=cpu cpu=0x0 addr=0x10 val=0x21
  gic_cpu_write 193.400 pid=2424 s=cpu cpu=0x0 addr=0x1000 val=0x21
  pl011_irq_state 1169.500 pid=2424 level=0x0
  
  This is because:
  
  2) gic_acknowledge_irq calls gic_clear_pending which uses
  GIC_DIST_CLEAR_PENDING but this usually has no effect on level-sensitive
  interrupts.
  
  With this often being a no-op (ie. assuming ispendr was not written

[Bug 1859384] Re: arm gic: interrupt model never 1 on non-mpcore and race condition in gic_acknowledge_irq

[Alex Longwall]

** Summary changed:

- arm gicv2: interrupt model never 1 on non-mpcore and race condition in 
gic_acknowledge_irq 
+ arm gic: interrupt model never 1 on non-mpcore and race condition in 
gic_acknowledge_irq

** Tags removed: gicv2
** Tags added: gic

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859384

Title:
  arm gic: interrupt model never 1 on non-mpcore and race condition in
  gic_acknowledge_irq

Status in QEMU:
  New

Bug description:
  For a 1-N interrupt (any SPI on the GICv2), as mandated by the TRM,
  only one CPU can acknowledge the IRQ until it becomes inactive.

  The TRM also mandates that SGIs and PPIs follow the N-N model and that
  SPIs follow the 1-N model.

  However this is not currently the case with QEMU. I have locally (no
  minimal test case) seen e.g. uart interrupts being acknowledged twice
  before having been deactivated (expected: irqId on one CPU and 1023 on
  the other instead).

  I have narrowed the issue down to the following:

  1) arm_gic_common_reset resets all irq_state[id] fields to 0. This
  means all IRQ will use the N-N model, and if s->revision !=
  REV_11MPCORE, then there's no way to set any interrupt to 1-N.

  If ""fixed"" locally with a hackjob, I still have the following trace:

  pl011_irq_state 534130.800 pid=2424 level=0x1
  gic_set_irq 2.900 pid=2424 irq=0x21 level=0x1 cpumask=0xff target=0xff
  gic_update_set_irq 3.300 pid=2424 cpu=0x0 name=irq level=0x1
  gic_update_set_irq 4.200 pid=2424 cpu=0x1 name=irq level=0x1
  gic_acknowledge_irq 539.400 pid=2424 s=cpu cpu=0x1 irq=0x21
  gic_update_set_irq 269.800 pid=2424 cpu=0x0 name=irq level=0x1
  gic_cpu_read 4.100 pid=2424 s=cpu cpu=0x1 addr=0xc val=0x21
  gic_acknowledge_irq 15.600 pid=2424 s=cpu cpu=0x0 irq=0x21
  gic_cpu_read 265.000 pid=2424 s=cpu cpu=0x0 addr=0xc val=0x21
  pl011_write 1594.700 pid=2424 addr=0x44 value=0x50
  pl011_irq_state 2.000 pid=2424 level=0x0
  gic_set_irq 1.300 pid=2424 irq=0x21 level=0x0 cpumask=0xff target=0xff
  pl011_write 30.700 pid=2424 addr=0x38 value=0x0
  pl011_irq_state 1.200 pid=2424 level=0x0
  gic_cpu_write 110.600 pid=2424 s=cpu cpu=0x0 addr=0x10 val=0x21
  gic_cpu_write 193.400 pid=2424 s=cpu cpu=0x0 addr=0x1000 val=0x21
  pl011_irq_state 1169.500 pid=2424 level=0x0

  This is because:

  2) gic_acknowledge_irq calls gic_clear_pending which uses
  GIC_DIST_CLEAR_PENDING but this usually has no effect on level-
  sensitive interrupts.

  With this often being a no-op (ie. assuming ispendr was not written
  to), any 1-n level-sensitive interrupt is still improperly pending on
  all the other cores.

  (Also, I don't really know how the qemu thread model works, there
  might be race conditions in the acknowledgment logic if
  gic_acknowledge_irq is called by multiple threads, too.)

  Option used:
  -nographic -machine virt,virtualization=on,accel=tcg,gic-version=2 -cpu 
cortex-a57 -smp 4 -m 1024
  -kernel whatever.elf -d unimp,guest_errors -semihosting-config 
enable,target=native
  -chardev stdio,id=uart -serial chardev:uart -monitor none
  -trace gic_update_set_irq -trace gic_acknowledge_irq -trace pl011_irq_state 
-trace pl011_write -trace gic_cpu_read -trace gic_cpu_write
  -trace gic_set_irq

  Commit used: dc65a5bdc9fa543690a775b50d4ffbeb22c56d6d "Merge remote-
  tracking branch 'remotes/dgibson/tags/ppc-for-5.0-20200108' into
  staging"

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859384/+subscriptions

Re: [PATCH] migration/postcopy: not necessary to discard all RAM at the beginning

[Wei Yang]

Oops, this one seems to be missed.

On Mon, Oct 07, 2019 at 05:10:08PM +0800, Wei Yang wrote:
>ram_discard_range() unmap page for specific range. To be specific, this
>clears related page table entries so that userfault would be triggered.
>But this step is not necessary at the very beginning.
>
>ram_postcopy_incoming_init() is called when destination gets ADVISE
>command. ADVISE command is sent when migration thread just starts, which
>implies destination is not running yet. This means no page fault
>happened and memory region's page tables entries are empty.
>
>This patch removes the discard at the beginning.
>
>Signed-off-by: Wei Yang 
>---
> migration/postcopy-ram.c | 46 
> migration/postcopy-ram.h |  7 --
> migration/ram.c  | 16 --
> migration/ram.h  |  1 -
> migration/savevm.c   |  4 
> 5 files changed, 74 deletions(-)
>
>diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
>index 5da6de8c8b..459be8e780 100644
>--- a/migration/postcopy-ram.c
>+++ b/migration/postcopy-ram.c
>@@ -443,32 +443,6 @@ out:
> return ret;
> }
> 
>-/*
>- * Setup an area of RAM so that it *can* be used for postcopy later; this
>- * must be done right at the start prior to pre-copy.
>- * opaque should be the MIS.
>- */
>-static int init_range(RAMBlock *rb, void *opaque)
>-{
>-const char *block_name = qemu_ram_get_idstr(rb);
>-void *host_addr = qemu_ram_get_host_addr(rb);
>-ram_addr_t offset = qemu_ram_get_offset(rb);
>-ram_addr_t length = qemu_ram_get_used_length(rb);
>-trace_postcopy_init_range(block_name, host_addr, offset, length);
>-
>-/*
>- * We need the whole of RAM to be truly empty for postcopy, so things
>- * like ROMs and any data tables built during init must be zero'd
>- * - we're going to get the copy from the source anyway.
>- * (Precopy will just overwrite this data, so doesn't need the discard)
>- */
>-if (ram_discard_range(block_name, 0, length)) {
>-return -1;
>-}
>-
>-return 0;
>-}
>-
> /*
>  * At the end of migration, undo the effects of init_range
>  * opaque should be the MIS.
>@@ -506,20 +480,6 @@ static int cleanup_range(RAMBlock *rb, void *opaque)
> return 0;
> }
> 
>-/*
>- * Initialise postcopy-ram, setting the RAM to a state where we can go into
>- * postcopy later; must be called prior to any precopy.
>- * called from arch_init's similarly named ram_postcopy_incoming_init
>- */
>-int postcopy_ram_incoming_init(MigrationIncomingState *mis)
>-{
>-if (foreach_not_ignored_block(init_range, NULL)) {
>-return -1;
>-}
>-
>-return 0;
>-}
>-
> /*
>  * Manage a single vote to the QEMU balloon inhibitor for all postcopy usage,
>  * last caller wins.
>@@ -1282,12 +1242,6 @@ bool 
>postcopy_ram_supported_by_host(MigrationIncomingState *mis)
> return false;
> }
> 
>-int postcopy_ram_incoming_init(MigrationIncomingState *mis)
>-{
>-error_report("postcopy_ram_incoming_init: No OS support");
>-return -1;
>-}
>-
> int postcopy_ram_incoming_cleanup(MigrationIncomingState *mis)
> {
> assert(0);
>diff --git a/migration/postcopy-ram.h b/migration/postcopy-ram.h
>index c0ccf64a96..1c79c6e51f 100644
>--- a/migration/postcopy-ram.h
>+++ b/migration/postcopy-ram.h
>@@ -22,13 +22,6 @@ bool postcopy_ram_supported_by_host(MigrationIncomingState 
>*mis);
>  */
> int postcopy_ram_incoming_setup(MigrationIncomingState *mis);
> 
>-/*
>- * Initialise postcopy-ram, setting the RAM to a state where we can go into
>- * postcopy later; must be called prior to any precopy.
>- * called from ram.c's similarly named ram_postcopy_incoming_init
>- */
>-int postcopy_ram_incoming_init(MigrationIncomingState *mis);
>-
> /*
>  * At the end of a migration where postcopy_ram_incoming_init was called.
>  */
>diff --git a/migration/ram.c b/migration/ram.c
>index dfc50d57d5..9a853703d8 100644
>--- a/migration/ram.c
>+++ b/migration/ram.c
>@@ -4015,22 +4015,6 @@ static int ram_load_cleanup(void *opaque)
> return 0;
> }
> 
>-/**
>- * ram_postcopy_incoming_init: allocate postcopy data structures
>- *
>- * Returns 0 for success and negative if there was one error
>- *
>- * @mis: current migration incoming state
>- *
>- * Allocate data structures etc needed by incoming migration with
>- * postcopy-ram. postcopy-ram's similarly names
>- * postcopy_ram_incoming_init does the work.
>- */
>-int ram_postcopy_incoming_init(MigrationIncomingState *mis)
>-{
>-return postcopy_ram_incoming_init(mis);
>-}
>-
> /**
>  * ram_load_postcopy: load a page in postcopy case
>  *
>diff --git a/migration/ram.h b/migration/ram.h
>index 44fe4753ad..66cbff1d52 100644
>--- a/migration/ram.h
>+++ b/migration/ram.h
>@@ -58,7 +58,6 @@ void ram_postcopy_migrated_memory_release(MigrationState 
>*ms);
> int ram_postcopy_send_discard_bitmap(MigrationState *ms);
> /* For incoming postcopy discard */
> int ram_discard_range(const char *block_name, uint64_t start, size_t length);
>-int 

[Bug 1851972] Re: pc-q35-4.1 and AMD Navi 5700/XT incompatible

[Joey Adams]

Commit 11bc4a13 (Nov 13, 2019, merged after v4.2.0-rc5) moved the
kernel-irqchip parameter to -accel, but I think the default was
inadvertently changed to off.  The documentation was changed to say the
default is on, but the code change seems to have done the opposite.

I found this when I tested my Windows Server 2016 VMs with the last qemu
from git.  Windows boots and runs very slowly unless I add either
 (kernel_irqchip=on) or  to the libvirt config.  Using the qemu installed with
Ubuntu 19.10 (version 4.0.0), I can reproduce the slowness by explicitly
adding kernel_irqchip=off.

Details:
- Host CPU: Ryzen 3950X (16 core, 32 thread)
- Host RAM: 64 GiB
- Host OS: Ubuntu 19.10 64-bit, kernel version 5.5.0-rc4 (commit 738d2902773e + 
ACS override patch)
- Guest CPU: host-passthrough, 16 vcpus (8 cores, 2 threads, topoext).
- Guest RAM: 12 GiB
- Guest machine type: pc-i440fx-4.0 (BIOS boot)
- Guest OS: Windows Server 2016, build 1607

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1851972

Title:
  pc-q35-4.1 and AMD Navi 5700/XT incompatible

Status in QEMU:
  New

Bug description:
  Hello,

  I am not sure if this qualifies as a "bug"; it is be more of an
  unknown issue with default settings. However, since the default value
  of q35 default_kernel_irqchip_split was changed seemingly due to
  similar user feedback, I thought this was important to share..

  AMD Navi 5700/XT vfio-pci passthrough seems incompatible with
  one/multiple settings in pc-q35-3.1 and higher. The workaround for me
  is that pc-q35-3.0 still works fine passing through the GPU and
  official drivers can load/install fine.

  The default/generic GPU drivers in a Fedora 30 or Windows 1903 guest
  do work; the monitor displays the desktop in a 800x600 resolution and
  things are rendered fine.. so the basic functionality of the card
  seems fine with pc-q35-4.1.

  But attempting to use the official open source AMD driver with the
  card resulted in a hung kernel for the Fedora 30 guest.. and a BSOD on
  the Windows 1903 guest immediately during driver install.

  I do not see any errors in Qemu command output.. did not investigate
  other logs or KVM etc, because I am not sure what to look for or how
  to go about it. Also not sure which combination of the latest q35
  default settings are valid combinations to try either, because it
  seems that multiple things have changed related to pcie-root-port
  defaults and other machine options. I am happy to run tests and
  provide feedback if that helps identify the issue.

  I am using "Linux arch 5.4.0-rc6-mainline" kernel on ArchLinux host
  with AMD Navi reset pci quirk patch applied.

  My working Qemu command line is this:

  QEMU_AUDIO_DRV=pa \
  QEMU_PA_SERVER=/run/user/1000/pulse/native \
  /usr/bin/qemu-system-x86_64 \
  -name windows \
  -m 16g \
  -accel kvm \
  -machine pc-q35-3.0,accel=kvm,pflash0=ovmf0,pflash1=ovmf1 \
  -blockdev 
node-name=ovmf0,driver=file,filename=/virt/qemu/roms/OVMF_CODE.fd,read-only=on \
  -blockdev 
node-name=ovmf1,driver=file,filename=/virt/qemu/machines/windows/OVMF_VARS.fd \
  -boot menu=on \
  -global kvm-pit.lost_tick_policy=discard \
  -no-hpet \
  -rtc base=utc,clock=host,driftfix=slew \
  -cpu 
host,kvm=off,hv_vendor_id=RedHatRedHat,hv_spinlocks=0x1fff,hv_vapic,hv_time,hv_reset,hv_vpindex,hv_runtime,hv_relaxed,hv_synic,hv_stimer
 \
  -smp sockets=1,cores=4,threads=1 \
  -nodefaults \
  -netdev bridge,br=br0,id=net0 \
  -device virtio-net-pci,netdev=net0,addr=19.0,mac=52:54:00:12:34:77 \
  -device virtio-scsi-pci \
  -blockdev 
raw,node-name=disk0,cache.direct=off,discard=unmap,file.driver=file,file.aio=threads,file.filename=/virt/qemu/machines/windows/os.raw
 \
  -device scsi-hd,drive=disk0,rotation_rate=1 \
  -blockdev 
raw,node-name=disk1,cache.direct=off,discard=unmap,file.driver=file,file.aio=threads,file.filename=/virt/qemu/machines/windows/data.raw
 \
  -device scsi-hd,drive=disk1,rotation_rate=1 \
  -drive 
index=0,if=ide,media=cdrom,readonly,file=/virt/qemu/isos/Win10_1903_V2_English_x64.iso
 \
  -drive 
index=1,if=ide,media=cdrom,readonly,file=/virt/qemu/isos/virtio-win-0.1.173.iso 
\
  -device ich9-intel-hda,addr=1b.0 \
  -device hda-output \
  -monitor stdio \
  -display none \
  -vga none \
  -device 
pcie-root-port,id=pcierp0,chassis=1,slot=1,addr=1c.0,disable-acs=on,multifunction=on
 \
  -device pcie-root-port,id=pcierp1,chassis=2,slot=2,addr=1c.1,disable-acs=on \
  -device x3130-upstream,bus=pcierp0,id=pcieu0 \
  -device xio3130-downstream,bus=pcieu0,id=pcied0,chassis=11,slot=11 \
  -device vfio-pci,host=03:00.0,bus=pcied0,addr=00.0,multifunction=on \
  -device vfio-pci,host=03:00.1,bus=pcied0,addr=00.1 \
  -device qemu-xhci,addr=1d.0 \
  -device usb-host,vendorid=0x258a,productid=0x0001 \
  -device usb-host,vendorid=0x1bcf,productid=0x0005 ;

  Thank you!

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu

Re: [PATCH V2] vhost-user-test: fix a memory leak

[Pan Nengyuan]

On 1/12/2020 6:39 PM, Thomas Huth wrote:
> On 10/01/2020 15.07, Thomas Huth wrote:
>> On 20/12/2019 02.26, pannengy...@huawei.com wrote:
>>> From: Pan Nengyuan 
>>>
>>> Spotted by ASAN.
>>>
>>> Reported-by: Euler Robot 
>>> Signed-off-by: Pan Nengyuan 
>>> ---
>>> Changes V2 to V1:
>>> - use a "goto cleanup", instead of duplicating the "free" functions.
>>> - free "dest_cmdline" at the end.
>>> ---
>>
>> Reviewed-by: Thomas Huth 
>>
>> ... and picked up to my qtest-next tree.
> 
> ... and now I had to unqueue the patch again. It is reproducibly causing
> one of the gitlab CI pipelines to fail with a timeout, e.g.:
> 
>  https://gitlab.com/huth/qemu/-/jobs/400101552
> 
> Not sure what is going on here, though, there is no obvious error
> message in the output... this needs some more investigation... do you
> have a gitlab account and could have a look?
> 

OK, I will register a account and have a look.

>  Thomas
> 
> .
> 

Re: [PATCH 02/15] hw/ppc/spapr_rtas: Use local MachineState variable

[David Gibson]

On Thu, Jan 09, 2020 at 04:21:20PM +0100, Philippe Mathieu-Daudé wrote:
> Since we have the MachineState already available locally,
> ues it instead of the global current_machine.
> 
> Signed-off-by: Philippe Mathieu-Daudé 

Acked-by: David Gibson 

> ---
>  hw/ppc/spapr_rtas.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index 8d8d8cdfcb..e88bb1930e 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -281,7 +281,7 @@ static void rtas_ibm_get_system_parameter(PowerPCCPU *cpu,
>"DesProcs=%d,"
>"MaxPlatProcs=%d",
>max_cpus,
> -  current_machine->ram_size / MiB,
> +  ms->ram_size / MiB,
>ms->smp.cpus,
>max_cpus);
>  if (pcc->n_host_threads > 0) {

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH 03/15] hw/ppc/spapr_rtas: Access MachineState via SpaprMachineState argument

[David Gibson]

On Thu, Jan 09, 2020 at 04:21:21PM +0100, Philippe Mathieu-Daudé wrote:
> We received a SpaprMachineState argument. Since SpaprMachineState
> inherits of MachineState, use it instead of calling qdev_get_machine.
> 
> Signed-off-by: Philippe Mathieu-Daudé 

Acked-by: David Gibson 

> ---
>  hw/ppc/spapr_rtas.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index e88bb1930e..6f06e9d7fe 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -267,7 +267,7 @@ static void rtas_ibm_get_system_parameter(PowerPCCPU *cpu,
>uint32_t nret, target_ulong rets)
>  {
>  PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
> -MachineState *ms = MACHINE(qdev_get_machine());
> +MachineState *ms = MACHINE(spapr);
>  unsigned int max_cpus = ms->smp.max_cpus;
>  target_ulong parameter = rtas_ld(args, 0);
>  target_ulong buffer = rtas_ld(args, 1);

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v2 05/10] spapr, ppc: Remove VPM0/RMLS hacks for POWER9

[David Gibson]

On Thu, Jan 09, 2020 at 06:33:36PM +1100, Alexey Kardashevskiy wrote:
> 
> 
> On 07/01/2020 15:48, David Gibson wrote:
> > For the "pseries" machine, we use "virtual hypervisor" mode where we only
> > model the CPU in non-hypervisor privileged mode.  This means that we need
> > guest physical addresses within the modelled within the cpu to be treated
> > as absolute physical addresses.
> 
> 
> s/within the modelled within the cpu/within the modelled cpu/ ?
> Thanks,

Thanks.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH qemu v2] spapr: Kill SLOF

[David Gibson]

On Thu, Jan 09, 2020 at 05:31:24PM +1100, Alexey Kardashevskiy wrote:
> 
> 
> On 09/01/2020 15:07, David Gibson wrote:
> > On Wed, Jan 08, 2020 at 03:07:41PM +1100, Alexey Kardashevskiy wrote:
> >>
> >>
> >> On 07/01/2020 16:26, David Gibson wrote:
> >>
>  +static uint32_t client_setprop(SpaprMachineState *sm,
>  +   uint32_t nodeph, uint32_t pname,
>  +   uint32_t valaddr, uint32_t vallen)
>  +{
>  +char propname[64];
>  +uint32_t ret = -1;
>  +int proplen = 0;
>  +const void *prop;
>  +
>  +readstr(pname, propname);
>  +if (vallen == sizeof(uint32_t) &&
>  +((strncmp(propname, "linux,rtas-base", 15) == 0) ||
>  + (strncmp(propname, "linux,rtas-entry", 16) == 0))) {
>  +
>  +sm->rtas_base = readuint32(valaddr);
>  +prop = fdt_getprop_namelen(sm->fdt_blob,
>  +   
>  fdt_node_offset_by_phandle(sm->fdt_blob,
>  +  
>  nodeph),
>  +   propname, strlen(propname), 
>  &proplen);
>  +if (proplen == vallen) {
>  +*(uint32_t *) prop = cpu_to_be32(sm->rtas_base);
>  +ret = proplen;
>  +}
> >>>
> >>> Is there a particular reason to restrict this to the rtas properties,
> >>> rather than just allowing the guest to fdt_setprop() something
> >>> arbitrary?
> >>
> >> The FDT is flatten and I am not quite sure if libfdt can handle 
> >> updating
> >> properties if the length has changed.
> >
> > fdt_setprop() will handle updating properties with changed length (in
> > fact there's a special fdt_setprop_inplace() optimized for the case
> > where you don't need that).  It's not particularly efficient, but it
> > should work fine for the cases we have here.  In fact, I think you're
> > already relying on this for the code that adds the phandles to
> > everything.
> 
>  Well, I used to add phandles before calling fdt_pack() so it is not 
>  exactly the same.
> >>>
> >>> Ah, right, that's why adding the phandles worked.
> >>>
> > One complication is that it can return FDT_ERR_NOSPACE if there isn't
> > enough buffer for the increased thing.  We could either trap that,
> > resize and retry, or we could leave a bunch of extra space.  The
> > latter would be basically equivalent to not doing fdt_pack() on the
> > blob in the nobios case.
> 
> 
>  This is what I ended up doing.
> 
> 
> >> Also, more importantly, potentially property changes like this may have
> >> to be reflected in the QEMU device tree so I allowed only the 
> >> properties
> >> which I know how to deal with.
> >
> > That's a reasonable concern, but the nice thing about not having SLOF
> > is that there's only one copy of the device tree - the blob in qemu.
> > So a setprop() on that is automatically a setprop() everywhere (this
> > is another reason not to write the fdt into guest memory in the nobios
> > case - it will become stale as soon as the client changes anything).
> 
> 
>  True to a degree. It is "setprop" to the current fdt blob which we do not
>  analyze after we build the fdt. We either need to do parse the tree 
>  before
>  we rebuild it as CAS so we do not lose the updates or do selective 
>  changes
>  to the QEMUs objects from the "setprop" handler (this is what I do
>  now).
> >>>
> >>> Hrm.. do those setprops happen before CAS?
> >>
> >> Yes, vmlinux/zimage call "setprop" for "linux,initrd-start",
> >> "linux,initrd-end", "bootargs", "linux,stdout-path"; vmlinux sets
> >> properties if linux,initrd-* came from r3/r4 and zImage sets properties
> >> no matter how it discovered them - from r3/r4 or the device tree.
> > 
> > Ok, and those setprops happen before CAS?
> 
> Yes.
> 
> > In a sense this is kind of a fundamental problem with rebuilding the
> > whole DT at CAS time.  Except that strictly speaking it's a problem
> > even without that: we just get away with it by accident because CAS
> > isn't likely to change the same things that guest setprops do.
> 
> > It's still basically unsynchronized mutations by two parties to a
> > shared data structure.
> 
> True... We may end up not having FDT at all and reuse QOM objects for
> that, can even use hashes of QObject pointers as phandles :)

Hm, interesting idea.  I suspect the QOM hierarchy won't be quite
similar enough to the fdt hierarchy (or at least not guaranteed to be)
to make it work, but it's worth thinking about at least.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id

Re: [PATCH v2 09/10] target/ppc: Correct RMLS table

[David Gibson]

On Thu, Jan 09, 2020 at 06:46:19PM +1100, Alexey Kardashevskiy wrote:
> 
> 
> On 08/01/2020 12:06, David Gibson wrote:
> > On Tue, Jan 07, 2020 at 03:21:42PM +0100, Cédric Le Goater wrote:
> >> On 1/7/20 5:48 AM, David Gibson wrote:
> >>> The table of RMA limits based on the LPCR[RMLS] field is slightly wrong.
> >>> We're missing the RMLS == 0 => 256 GiB RMA option, which is available on
> >>> POWER8, so add that.
> >>
> >> Where is this defined ?
> > 
> > It's in the Book4, so not easily available, unfortunately :(.
> 
> 
> It is in "User’s Manual Single-Chip Module POWER8 Processor" which is
> public.

Oh, excellent!  Looks like it can be downloaded from openpower.org

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[PATCH v1 0/5] vhost-user block device backend implementation

[Coiby Xu]

This patch series is an implementation of vhost-user-backend server, thanks to 
Stefan's guidance after reviewing the draft version and the instructions on 
https://wiki.qemu.org/Google_Summer_of_Code_2019#vhost-user-blk_device_backend,

Vhost-user-backend server is a UserCreatable object and can be started using 
object_add,

 (qemu) object_add 
vhost-user-server,id=ID,unix_socket=/tmp/vhost-user-blk_vhost.socket,name=DRIVE_NAME,writable=off
 (qemu) object_del ID

or appending the "-object" option when starting QEMU,

  $ -object 
vhost-user-server,id=disk,unix_socket=/tmp/vhost-user-blk_vhost.socket,name=disk,writable=off

Then vhost-user client can connect to the server backend. For example, QEMU 
could act as a client,
  $ -m 256 -object memory-backend-memfd,id=mem,size=256M,share=on -numa 
node,memdev=mem -chardev socket,id=char1,path=/tmp/vhost-user-blk_vhost.socket 
-device vhost-user-blk-pci,id=blk0,chardev=char1

And guest OS could access this vhost-user block device after mouting it.

patches are against commit 035eed4c0d257c905a556fa0f4865a0c077b4e7f.

Coiby Xu (5):
  vhost-user block device backend
  extend libvhost to support IOThread
  a standone-alone tool to directly share disk image file via vhost-user
protocol
  new qTest case for the vhost-user-blk device backend
  building configuration files changes

 Makefile  |1 +
 Makefile.objs |2 +-
 Makefile.target   |1 +
 blockdev-vu.c | 1008 +
 configure |2 +-
 contrib/libvhost-user/libvhost-user.c |   64 +-
 contrib/libvhost-user/libvhost-user.h |   36 +-
 include/block/vhost-user.h|   46 ++
 qemu-vu.c |  264 +++
 tests/Makefile.include|5 +-
 tests/libqos/vhost-user-blk.c |  125 +++
 tests/libqos/vhost-user-blk.h |   44 ++
 tests/vhost-user-blk-test.c   |  691 +
 vl.c  |4 +
 14 files changed, 2277 insertions(+), 16 deletions(-)
 create mode 100644 blockdev-vu.c
 create mode 100644 include/block/vhost-user.h
 create mode 100644 qemu-vu.c
 create mode 100644 tests/libqos/vhost-user-blk.c
 create mode 100644 tests/libqos/vhost-user-blk.h
 create mode 100644 tests/vhost-user-blk-test.c

--
2.24.1

[PATCH v1 1/5] vhost-user block device backend

[Coiby Xu]

By making use of libvhost, multiple block device drives can be exported and 
each drive can serve multiple clients simultaneously. Since vhost-user-server 
needs a block drive to be created first, delay the creation of this object.

Signed-off-by: Coiby Xu 
---
 blockdev-vu.c  | 1008 
 include/block/vhost-user.h |   46 ++
 vl.c   |4 +
 3 files changed, 1058 insertions(+)
 create mode 100644 blockdev-vu.c
 create mode 100644 include/block/vhost-user.h

diff --git a/blockdev-vu.c b/blockdev-vu.c
new file mode 100644
index 00..45f0bb43a7
--- /dev/null
+++ b/blockdev-vu.c
@@ -0,0 +1,1008 @@
+#include "qemu/osdep.h"
+#include "block/vhost-user.h"
+#include "qapi/error.h"
+#include "qapi/qapi-types-sockets.h"
+#include "qapi/qapi-commands-block.h"
+
+#include "sysemu/block-backend.h"
+#include "qemu/main-loop.h"
+
+#include "qemu/units.h"
+
+#include "block/block.h"
+
+#include "qom/object_interfaces.h"
+
+#include 
+
+#include "hw/qdev-properties.h"
+enum {
+VHOST_USER_BLK_MAX_QUEUES = 8,
+};
+
+struct virtio_blk_inhdr {
+unsigned char status;
+};
+
+
+static QTAILQ_HEAD(, VubDev) vub_devs = QTAILQ_HEAD_INITIALIZER(vub_devs);
+
+
+typedef struct VubReq {
+VuVirtqElement *elem;
+int64_t sector_num;
+size_t size;
+struct virtio_blk_inhdr *in;
+struct virtio_blk_outhdr out;
+VuClient *client;
+struct VuVirtq *vq;
+} VubReq;
+
+static void
+remove_watch(VuDev *vu_dev, int fd)
+{
+VuClient *client;
+
+g_assert(vu_dev);
+g_assert(fd >= 0);
+
+client = container_of(vu_dev, VuClient, parent);
+aio_set_fd_handler(client->blk->ctx, fd, false, NULL, NULL, NULL, NULL);
+}
+
+static void close_client(VuClient *client)
+{
+vu_deinit(&client->parent);
+/** g_source_destroy(vub_device->parent.src); */
+client->sioc = NULL;
+object_unref(OBJECT(client->ioc));
+client->closed = true;
+
+}
+
+static void vub_panic_cb(VuDev *vu_dev, const char *buf)
+{
+if (buf) {
+g_warning("vu_panic: %s", buf);
+}
+
+VuClient *client = container_of(vu_dev, VuClient, parent);
+if (client->blk->exit_panic) {
+client->blk->close = true;
+}
+if (!client->closed) {
+close_client(client);
+}
+}
+
+
+static void vub_req_complete(VubReq *req)
+{
+VuDev *vu_dev = &req->client->parent;
+
+/* IO size with 1 extra status byte */
+vu_queue_push(vu_dev, req->vq, req->elem,
+  req->size + 1);
+vu_queue_notify(vu_dev, req->vq);
+
+if (req->elem) {
+free(req->elem);
+}
+
+g_free(req);
+}
+
+
+
+static int
+vub_discard_write_zeroes(VubReq *req, struct iovec *iov, uint32_t iovcnt,
+ uint32_t type)
+{
+struct virtio_blk_discard_write_zeroes *desc;
+ssize_t size;
+void *buf;
+
+size = iov_size(iov, iovcnt);
+if (size != sizeof(*desc)) {
+fprintf(stderr, "Invalid size %ld, expect %ld\n", size, sizeof(*desc));
+return -1;
+}
+buf = g_new0(char, size);
+
+iov_to_buf_full(iov, iovcnt, 0, buf, size);
+
+
+#if defined(__linux__) && defined(BLKDISCARD) && defined(BLKZEROOUT)
+VubDev *vdev_blk;
+VuClient *client = container_of(dev, VuClient, parent);
+vdev_blk = client->blk;
+desc = (struct virtio_blk_discard_write_zeroes *)buf;
+uint64_t range[2] = { le64toh(desc->sector) << 9,
+  le32toh(desc->num_sectors) << 9 };
+if (type == VIRTIO_BLK_T_DISCARD) {
+if (blk_pdiscard(vdev_blk->blk, range[0], range[1]) == 0) {
+g_free(buf);
+return 0;
+}
+} else if (type == VIRTIO_BLK_T_WRITE_ZEROES) {
+if (blk_pwrite_zeroes(vdev_blk->blk, range[0], range[1]) == 0) {
+g_free(buf);
+return 0;
+}
+}
+#endif
+
+g_free(buf);
+return -1;
+}
+
+
+static void
+vub_flush(VubReq *req)
+{
+VuClient *client = req->client;
+blk_co_flush(client->blk->backend);
+}
+
+
+#define NOT_DONE 0x7fff /* used while emulated sync operation in progress 
*/
+typedef struct BlkRwCo {
+BlockBackend *blk;
+int64_t offset;
+void *iobuf;
+int ret;
+BdrvRequestFlags flags;
+} BlkRwCo;
+
+static void blk_read_entry(void *opaque)
+{
+BlkRwCo *rwco = opaque;
+QEMUIOVector *qiov = rwco->iobuf;
+
+rwco->ret = blk_co_preadv(rwco->blk, rwco->offset, qiov->size,
+  qiov, rwco->flags);
+aio_wait_kick();
+}
+
+
+static void blk_write_entry(void *opaque)
+{
+BlkRwCo *rwco = opaque;
+QEMUIOVector *qiov = rwco->iobuf;
+
+rwco->ret = blk_co_pwritev(rwco->blk, rwco->offset, qiov->size,
+  qiov, rwco->flags);
+aio_wait_kick();
+}
+
+
+static int blk_prw(BlockBackend *blk, QEMUIOVector *qiov, int64_t offset,
+   CoroutineEntry co_entry, BdrvRequestFlags flags)
+{
+
+BlkRwCo rwco = {
+.blk= blk,
+.offset =

[PATCH v1 2/5] extend libvhost to support IOThread

[Coiby Xu]

Previously libvhost dispatch events in its own GMainContext. Now vhost-user 
client's kick event can be dispatched in block device drive's AioContext thus 
IOThread is supported.

Signed-off-by: Coiby Xu 
---
 contrib/libvhost-user/libvhost-user.c | 64 ++-
 contrib/libvhost-user/libvhost-user.h | 36 ++-
 2 files changed, 87 insertions(+), 13 deletions(-)

diff --git a/contrib/libvhost-user/libvhost-user.c 
b/contrib/libvhost-user/libvhost-user.c
index ec27b78ff1..cd328c1509 100644
--- a/contrib/libvhost-user/libvhost-user.c
+++ b/contrib/libvhost-user/libvhost-user.c
@@ -67,7 +67,6 @@
 /* The version of inflight buffer */
 #define INFLIGHT_VERSION 1

-#define VHOST_USER_HDR_SIZE offsetof(VhostUserMsg, payload.u64)

 /* The version of the protocol we support */
 #define VHOST_USER_VERSION 1
@@ -260,7 +259,7 @@ have_userfault(void)
 }

 static bool
-vu_message_read(VuDev *dev, int conn_fd, VhostUserMsg *vmsg)
+vu_message_read_(VuDev *dev, int conn_fd, VhostUserMsg *vmsg)
 {
 char control[CMSG_SPACE(VHOST_MEMORY_MAX_NREGIONS * sizeof(int))] = { };
 struct iovec iov = {
@@ -286,6 +285,8 @@ vu_message_read(VuDev *dev, int conn_fd, VhostUserMsg *vmsg)
 return false;
 }

+assert(rc == VHOST_USER_HDR_SIZE || rc == 0);
+
 vmsg->fd_num = 0;
 for (cmsg = CMSG_FIRSTHDR(&msg);
  cmsg != NULL;
@@ -328,6 +329,17 @@ fail:
 return false;
 }

+static bool vu_message_read(VuDev *dev, int conn_fd, VhostUserMsg *vmsg)
+{
+vu_read_msg_cb read_msg;
+if (dev->iface->read_msg) {
+read_msg = dev->iface->read_msg;
+} else {
+read_msg = vu_message_read_;
+}
+return read_msg(dev, conn_fd, vmsg);
+}
+
 static bool
 vu_message_write(VuDev *dev, int conn_fd, VhostUserMsg *vmsg)
 {
@@ -400,7 +412,6 @@ vu_process_message_reply(VuDev *dev, const VhostUserMsg 
*vmsg)
 if ((vmsg->flags & VHOST_USER_NEED_REPLY_MASK) == 0) {
 return true;
 }
-
 if (!vu_message_read(dev, dev->slave_fd, &msg_reply)) {
 return false;
 }
@@ -644,7 +655,8 @@ vu_set_mem_table_exec_postcopy(VuDev *dev, VhostUserMsg 
*vmsg)
 "%s: Failed to madvise(DONTNEED) region %d: %s\n",
 __func__, i, strerror(errno));
 }
-/* Turn off transparent hugepages so we dont get lose wakeups
+/*
+ * Turn off transparent hugepages so we don't get lose wakeups
  * in neighbouring pages.
  * TODO: Turn this backon later.
  */
@@ -1047,9 +1059,13 @@ vu_set_vring_kick_exec(VuDev *dev, VhostUserMsg *vmsg)
 }

 if (dev->vq[index].kick_fd != -1 && dev->vq[index].handler) {
-dev->set_watch(dev, dev->vq[index].kick_fd, VU_WATCH_IN,
-   vu_kick_cb, (void *)(long)index);
-
+if (dev->set_watch_packed_data) {
+dev->set_watch_packed_data(dev, dev->vq[index].kick_fd, 
VU_WATCH_IN,
+   dev->iface->kick_callback, (void *)(long)index);
+} else {
+dev->set_watch(dev, dev->vq[index].kick_fd, VU_WATCH_IN,
+   vu_kick_cb, (void *)(long)index);
+}
 DPRINT("Waiting for kicks on fd: %d for vq: %d\n",
dev->vq[index].kick_fd, index);
 }
@@ -1069,8 +1085,13 @@ void vu_set_queue_handler(VuDev *dev, VuVirtq *vq,
 vq->handler = handler;
 if (vq->kick_fd >= 0) {
 if (handler) {
-dev->set_watch(dev, vq->kick_fd, VU_WATCH_IN,
-   vu_kick_cb, (void *)(long)qidx);
+if (dev->set_watch_packed_data) {
+dev->set_watch_packed_data(dev, vq->kick_fd, VU_WATCH_IN,
+dev->iface->kick_callback, (void *)(long)qidx);
+} else {
+dev->set_watch(dev, vq->kick_fd, VU_WATCH_IN,
+vu_kick_cb, (void *)(long)qidx);
+}
 } else {
 dev->remove_watch(dev, vq->kick_fd);
 }
@@ -1596,6 +1617,12 @@ vu_deinit(VuDev *dev)
 }

 if (vq->kick_fd != -1) {
+/* remove watch for kick_fd
+ * When client process is running in gdb and
+ * quit command is run in gdb, QEMU will still dispatch the event
+ * which will cause segment fault in the callback function
+ */
+dev->remove_watch(dev, vq->kick_fd);
 close(vq->kick_fd);
 vq->kick_fd = -1;
 }
@@ -1647,10 +1674,9 @@ vu_init(VuDev *dev,
 const VuDevIface *iface)
 {
 uint16_t i;
-
 assert(max_queues > 0);
 assert(socket >= 0);
-assert(set_watch);
+/* assert(set_watch); */
 assert(remove_watch);
 assert(iface);
 assert(panic);
@@ -1682,6 +1708,22 @@ vu_init(VuDev *dev,
 return true;
 }

+bool
+vu_init_packed_data(VuDev *dev,
+uint16_t max_queues,
+int socket,
+vu_panic_cb panic,
+vu_set_watch_cb_packed_data set_watch_packed_data,
+

[PATCH v1 3/5] a standone-alone tool to directly share disk image file via vhost-user protocol

[Coiby Xu]

vhost-user-blk can have played as vhost-user backend but it only supports raw 
file and don't support VIRTIO_BLK_T_DISCARD and VIRTIO_BLK_T_WRITE_ZEROES 
operations on raw file (ioctl(fd, BLKDISCARD) is only valid for real block 
device).

Signed-off-by: Coiby Xu 
---
 qemu-vu.c | 264 ++
 1 file changed, 264 insertions(+)
 create mode 100644 qemu-vu.c

diff --git a/qemu-vu.c b/qemu-vu.c
new file mode 100644
index 00..25c32c2c6d
--- /dev/null
+++ b/qemu-vu.c
@@ -0,0 +1,264 @@
+/*
+ *  Copyright (C) 2020  Coiby Xu 
+ *
+ *  Vhost-user-blk device backend
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; under version 2 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include 
+#include 
+#include "block/vhost-user.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "qemu/cutils.h"
+#include "sysemu/block-backend.h"
+#include "block/block_int.h"
+#include "qemu/main-loop.h"
+#include "qemu/module.h"
+#include "qemu/option.h"
+#include "qemu/error-report.h"
+#include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qstring.h"
+#include "qom/object_interfaces.h"
+#include "io/net-listener.h"
+#include "qemu-version.h"
+
+#define QEMU_VU_OPT_CACHE 256
+
+#define QEMU_VU_OPT_AIO   257
+
+static char *srcpath;
+
+static void usage(const char *name)
+{
+(printf) (
+"Usage: %s [OPTIONS] FILE\n"
+"  or:  %s -L [OPTIONS]\n"
+"QEMU Vhost-user Server Utility\n"
+"\n"
+"  -h, --helpdisplay this help and exit\n"
+"  -V, --version output version information and exit\n"
+"\n"
+"Connection properties:\n"
+"  -k, --socket=PATH path to the unix socket\n"
+"\n"
+"General purpose options:\n"
+"  -e, -- exit-panic When the panic callback is called, the program\n"
+"will exit. Useful for make check-qtest.\n"
+"\n"
+"Block device options:\n"
+"  -f, --format=FORMAT   set image format (raw, qcow2, ...)\n"
+"  -r, --read-only   export read-only\n"
+"  -n, --nocache disable host cache\n"
+"  --cache=MODE  set cache mode (none, writeback, ...)\n"
+"  --aio=MODEset AIO mode (native or threads)\n"
+"\n"
+QEMU_HELP_BOTTOM "\n"
+, name, name);
+}
+
+static void version(const char *name)
+{
+printf(
+"%s " QEMU_FULL_VERSION "\n"
+"Written by Coiby Xu, based on qemu-nbd by Anthony Liguori\n"
+"\n"
+QEMU_COPYRIGHT "\n"
+"This is free software; see the source for copying conditions.  There is NO\n"
+"warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n"
+, name);
+}
+
+static VubDev *vub_device;
+
+static void vus_shutdown(void)
+{
+job_cancel_sync_all();
+bdrv_close_all();
+vub_free(vub_device, false);
+}
+
+int main(int argc, char **argv)
+{
+BlockBackend *blk;
+BlockDriverState *bs;
+bool readonly = false;
+char *sockpath = NULL;
+int64_t fd_size;
+const char *sopt = "hVrnvek:f:";
+struct option lopt[] = {
+{ "help", no_argument, NULL, 'h' },
+{ "version", no_argument, NULL, 'V' },
+{ "exit-panic", no_argument, NULL, 'e' },
+{ "socket", required_argument, NULL, 'k' },
+{ "read-only", no_argument, NULL, 'r' },
+{ "nocache", no_argument, NULL, 'n' },
+{ "cache", required_argument, NULL, QEMU_VU_OPT_CACHE },
+{ "aio", required_argument, NULL, QEMU_VU_OPT_AIO },
+{ "format", required_argument, NULL, 'f' },
+{ NULL, 0, NULL, 0 }
+};
+int ch;
+int opt_ind = 0;
+int flags = BDRV_O_RDWR;
+bool seen_cache = false;
+bool seen_aio = false;
+const char *fmt = NULL;
+Error *local_err = NULL;
+QDict *options = NULL;
+bool writethrough = true;
+bool exit_panic = false;
+
+error_init(argv[0]);
+
+module_call_init(MODULE_INIT_QOM);
+qemu_init_exec_dir(argv[0]);
+
+while ((ch = getopt_long(argc, argv, sopt, lopt, &opt_ind)) != -1) {
+switch (ch) {
+case 'e':
+exit_panic = true;
+break;
+case 'n':
+optarg = (char *) "none";
+/* fallthrough */
+case QEMU_VU_OPT_CACHE:
+if (seen_cache) {
+error_report("-n and --cache can only be specified once");
+exit(EXIT_FAILURE);
+}
+seen_cache = true;
+if (bdrv_parse_cache_mode(optarg, &flags, &writethrough) == -1) {

[PATCH v1 5/5] building configuration files changes

[Coiby Xu]

Signed-off-by: Coiby Xu 
---
 Makefile   | 1 +
 Makefile.objs  | 2 +-
 Makefile.target| 1 +
 configure  | 2 +-
 tests/Makefile.include | 5 -
 5 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 6b5ad1121b..1b98201d29 100644
--- a/Makefile
+++ b/Makefile
@@ -558,6 +558,7 @@ qemu-img.o: qemu-img-cmds.h

 qemu-img$(EXESUF): qemu-img.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) 
$(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
 qemu-nbd$(EXESUF): qemu-nbd.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) 
$(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
+qemu-vu$(EXESUF): qemu-vu.o blockdev-vu.o $(authz-obj-y) $(block-obj-y) 
$(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS) libvhost-user.a
 qemu-io$(EXESUF): qemu-io.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) 
$(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)

 qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o $(COMMON_LDADDS)
diff --git a/Makefile.objs b/Makefile.objs
index 7c1e50f9d6..f77b110fc9 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -42,7 +42,7 @@ io-obj-y = io/
 # single QEMU executable should support all CPUs and machines.

 ifeq ($(CONFIG_SOFTMMU),y)
-common-obj-y = blockdev.o blockdev-nbd.o block/
+common-obj-y = blockdev.o blockdev-nbd.o blockdev-vu.o block/
 common-obj-y += bootdevice.o iothread.o
 common-obj-y += dump/
 common-obj-y += job-qmp.o
diff --git a/Makefile.target b/Makefile.target
index 6e61f607b1..51a9a9c349 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -159,6 +159,7 @@ obj-y += monitor/
 obj-y += qapi/
 obj-y += memory.o
 obj-y += memory_mapping.o
+obj-y += ../contrib/libvhost-user/libvhost-user.o
 obj-y += migration/ram.o
 LIBS := $(libs_softmmu) $(LIBS)

diff --git a/configure b/configure
index 0ce2c0354a..b13d4a8da7 100755
--- a/configure
+++ b/configure
@@ -6165,7 +6165,7 @@ fi

 tools=""
 if test "$want_tools" = "yes" ; then
-  tools="qemu-img\$(EXESUF) qemu-io\$(EXESUF) qemu-edid\$(EXESUF) $tools"
+  tools="qemu-img\$(EXESUF) qemu-vu\$(EXESUF) qemu-io\$(EXESUF) 
qemu-edid\$(EXESUF) $tools"
   if [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" ] ; then
 tools="qemu-nbd\$(EXESUF) $tools"
   fi
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 49e3b0d319..7d7692734c 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -746,6 +746,7 @@ qos-test-obj-y += tests/libqos/virtio.o
 qos-test-obj-$(CONFIG_VIRTFS) += tests/libqos/virtio-9p.o
 qos-test-obj-y += tests/libqos/virtio-balloon.o
 qos-test-obj-y += tests/libqos/virtio-blk.o
+qos-test-obj-y += tests/libqos/vhost-user-blk.o
 qos-test-obj-y += tests/libqos/virtio-mmio.o
 qos-test-obj-y += tests/libqos/virtio-net.o
 qos-test-obj-y += tests/libqos/virtio-pci.o
@@ -788,6 +789,7 @@ qos-test-obj-$(CONFIG_VHOST_NET_USER) += 
tests/vhost-user-test.o $(chardev-obj-y
 qos-test-obj-y += tests/virtio-test.o
 qos-test-obj-$(CONFIG_VIRTFS) += tests/virtio-9p-test.o
 qos-test-obj-y += tests/virtio-blk-test.o
+qos-test-obj-y += tests/vhost-user-blk-test.o
 qos-test-obj-y += tests/virtio-net-test.o
 qos-test-obj-y += tests/virtio-rng-test.o
 qos-test-obj-y += tests/virtio-scsi-test.o
@@ -935,7 +937,8 @@ endef
 $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: %-softmmu/all 
$(check-qtest-y)
$(call do_test_human,$(check-qtest-$*-y) $(check-qtest-generic-y), \
  QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \
- QTEST_QEMU_IMG=qemu-img$(EXESUF))
+ QTEST_QEMU_IMG=./qemu-img$(EXESUF) \
+ QTEST_QEMU_VU_BINARY=./qemu-vu$(EXESUF))

 check-unit: $(check-unit-y)
$(call do_test_human, $^)
--
2.24.1

[PATCH v1 4/5] new qTest case for the vhost-user-blk device backend

[Coiby Xu]

This test case has the same tests as tests/virtio-blk-test.c except for
tests have block_resize.

Signed-off-by: Coiby Xu 
---
 tests/libqos/vhost-user-blk.c | 125 ++
 tests/libqos/vhost-user-blk.h |  44 +++
 tests/vhost-user-blk-test.c   | 691 ++
 3 files changed, 860 insertions(+)
 create mode 100644 tests/libqos/vhost-user-blk.c
 create mode 100644 tests/libqos/vhost-user-blk.h
 create mode 100644 tests/vhost-user-blk-test.c

diff --git a/tests/libqos/vhost-user-blk.c b/tests/libqos/vhost-user-blk.c
new file mode 100644
index 00..1f8e6eec7e
--- /dev/null
+++ b/tests/libqos/vhost-user-blk.c
@@ -0,0 +1,125 @@
+/*
+ * libqos driver framework
+ *
+ * Copyright (c) 2018 Emanuele Giuseppe Esposito 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see 
+ */
+
+#include "qemu/osdep.h"
+#include "libqtest.h"
+#include "qemu/module.h"
+#include "standard-headers/linux/virtio_blk.h"
+#include "libqos/qgraph.h"
+#include "libqos/vhost-user-blk.h"
+
+#define PCI_SLOT0x04
+#define PCI_FN  0x00
+
+/* virtio-blk-device */
+static void *qvhost_user_blk_get_driver(QVhostUserBlk *v_blk,
+const char *interface)
+{
+if (!g_strcmp0(interface, "vhost-user-blk")) {
+return v_blk;
+}
+if (!g_strcmp0(interface, "virtio")) {
+return v_blk->vdev;
+}
+
+fprintf(stderr, "%s not present in vhost-user-blk-device\n", interface);
+g_assert_not_reached();
+}
+
+static void *qvhost_user_blk_device_get_driver(void *object,
+   const char *interface)
+{
+QVhostUserBlkDevice *v_blk = object;
+return qvhost_user_blk_get_driver(&v_blk->blk, interface);
+}
+
+static void *vhost_user_blk_device_create(void *virtio_dev,
+  QGuestAllocator *t_alloc,
+  void *addr)
+{
+QVhostUserBlkDevice *vhost_user_blk = g_new0(QVhostUserBlkDevice, 1);
+QVhostUserBlk *interface = &vhost_user_blk->blk;
+
+interface->vdev = virtio_dev;
+
+vhost_user_blk->obj.get_driver = qvhost_user_blk_device_get_driver;
+
+return &vhost_user_blk->obj;
+}
+
+/* virtio-blk-pci */
+static void *qvhost_user_blk_pci_get_driver(void *object, const char 
*interface)
+{
+QVhostUserBlkPCI *v_blk = object;
+if (!g_strcmp0(interface, "pci-device")) {
+return v_blk->pci_vdev.pdev;
+}
+return qvhost_user_blk_get_driver(&v_blk->blk, interface);
+}
+
+static void *vhost_user_blk_pci_create(void *pci_bus, QGuestAllocator *t_alloc,
+  void *addr)
+{
+QVhostUserBlkPCI *vhost_user_blk = g_new0(QVhostUserBlkPCI, 1);
+QVhostUserBlk *interface = &vhost_user_blk->blk;
+QOSGraphObject *obj = &vhost_user_blk->pci_vdev.obj;
+
+virtio_pci_init(&vhost_user_blk->pci_vdev, pci_bus, addr);
+interface->vdev = &vhost_user_blk->pci_vdev.vdev;
+
+g_assert_cmphex(interface->vdev->device_type, ==, VIRTIO_ID_BLOCK);
+
+obj->get_driver = qvhost_user_blk_pci_get_driver;
+
+return obj;
+}
+
+static void vhost_user_blk_register_nodes(void)
+{
+/* FIXME: every test using these two nodes needs to setup a
+ * -drive,id=drive0 otherwise QEMU is not going to start.
+ * Therefore, we do not include "produces" edge for virtio
+ * and pci-device yet.
+*/
+
+char *arg = g_strdup_printf("id=drv0,chardev=char1,addr=%x.%x",
+PCI_SLOT, PCI_FN);
+
+QPCIAddress addr = {
+.devfn = QPCI_DEVFN(PCI_SLOT, PCI_FN),
+};
+
+QOSGraphEdgeOptions opts = { };
+
+/* virtio-blk-device */
+/** opts.extra_device_opts = "drive=drive0"; */
+qos_node_create_driver("vhost-user-blk-device", 
vhost_user_blk_device_create);
+qos_node_consumes("vhost-user-blk-device", "virtio-bus", &opts);
+qos_node_produces("vhost-user-blk-device", "vhost-user-blk");
+
+/* virtio-blk-pci */
+opts.extra_device_opts = arg;
+add_qpci_address(&opts, &addr);
+qos_node_create_driver("vhost-user-blk-pci", vhost_user_blk_pci_create);
+qos_node_consumes("vhost-user-blk-pci", "pci-bus", &opts);
+qos_node_produces("vhost-user-blk-pci", "vhost-user-blk");
+
+g_free(arg);
+}
+
+libqos_init(vhost_user_blk_register_nodes);
diff --git a/tests/libqos/vhost-user-blk.h b/tests/libqos/vhost-user-blk.h
new file mode 100644
index 00..ef4ef0

Re: [PATCH v1 0/5] vhost-user block device backend implementation

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200113045704.12318-1-coiby...@gmail.com/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  chardev/char-ringbuf.o
  CC  chardev/char-serial.o
  CC  chardev/char-socket.o
/tmp/qemu-test/src/contrib/libvhost-user/libvhost-user.c:26:10: fatal error: 
sys/socket.h: No such file or directory
 #include 
  ^~
compilation terminated.
make: *** [/tmp/qemu-test/src/rules.mak:69: 
contrib/libvhost-user/libvhost-user.o] Error 1
make: *** Waiting for unfinished jobs
In file included from /tmp/qemu-test/src/include/block/vhost-user.h:3,
 from /tmp/qemu-test/src/blockdev-vu.c:2:
/tmp/qemu-test/src/contrib/libvhost-user/libvhost-user.h:20:10: fatal error: 
sys/poll.h: No such file or directory
 #include 
  ^~~~
compilation terminated.
make: *** [/tmp/qemu-test/src/rules.mak:69: blockdev-vu.o] Error 1
In file included from /tmp/qemu-test/src/include/block/vhost-user.h:3,
 from /tmp/qemu-test/src/qemu-vu.c:22:
/tmp/qemu-test/src/contrib/libvhost-user/libvhost-user.h:20:10: fatal error: 
sys/poll.h: No such file or directory
 #include 
  ^~~~
compilation terminated.
make: *** [/tmp/qemu-test/src/rules.mak:69: qemu-vu.o] Error 1
In file included from 
/tmp/qemu-test/src/contrib/libvhost-user/libvhost-user-glib.h:19,
 from 
/tmp/qemu-test/src/contrib/libvhost-user/libvhost-user-glib.c:17:
/tmp/qemu-test/src/contrib/libvhost-user/libvhost-user.h:20:10: fatal error: 
sys/poll.h: No such file or directory
 #include 
  ^~~~
compilation terminated.
make: *** [/tmp/qemu-test/src/rules.mak:69: 
contrib/libvhost-user/libvhost-user-glib.o] Error 1
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 662, in 
sys.exit(main())
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=5a27a9b1f81649c88588b26500a2460e', '-u', 
'1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-z0m6vw52/src/docker-src.2020-01-13-00.19.17.20483:/var/tmp/qemu:z,ro',
 'qemu:fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=5a27a9b1f81649c88588b26500a2460e
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-z0m6vw52/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real2m1.128s
user0m6.706s


The full log is available at
http://patchew.org/logs/20200113045704.12318-1-coiby...@gmail.com/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[PATCH] scsi-disk: define props in scsi_block_disk to avoid memleaks

[pannengyuan]

From: Pan Nengyuan 

scsi_block_realize() use scsi_realize() to init some props, but
these props is not defined in scsi_block_disk_properties, so they will
not be freed.

This patch defines these prop in scsi_block_disk_properties and aslo
calls scsi_unrealize to avoid memleaks, the leak stack as
follow(it's easy to reproduce by attaching/detaching scsi-block-disks):

=
==qemu-system-x86_64==32195==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 57 byte(s) in 3 object(s) allocated from:
  #0 0x7f19f8bed768 (/lib64/libasan.so.5+0xef768)  ??:?
  #1 0x7f19f64d9445 (/lib64/libglib-2.0.so.0+0x52445)  ??:?
  #2 0x7f19f64f2d92 (/lib64/libglib-2.0.so.0+0x6bd92)  ??:?
  #3 0x55975366e596 (qemu-system-x86_64+0x35c0596)  
/mnt/sdb/qemu/hw/scsi/scsi-disk.c:2399
  #4 0x559753671201 (emu-system-x86_64+0x35c3201)  
/mnt/sdb/qemu/hw/scsi/scsi-disk.c:2681
  #5 0x559753687e3e (qemu-system-x86_64+0x35d9e3e)  
/mnt/sdb/qemu/hw/scsi/scsi-bus.c:58
  #6 0x55975368ac44 (qemu-system-x86_64+0x35dcc44)  
/mnt/sdb/qemu/hw/scsi/scsi-bus.c:216
  #7 0x5597532a7840 (qemu-system-x86_64+0x31f9840)  
/mnt/sdb/qemu/hw/core/qdev.c:876

Direct leak of 15 byte(s) in 3 object(s) allocated from:
  #0 0x7f19f8bed768 (/lib64/libasan.so.5+0xef768)  ??:?
  #1 0x7f19f64d9445 (/lib64/libglib-2.0.so.0+0x52445)  ??:?
  #2 0x7f19f64f2d92 (/lib64/libglib-2.0.so.0+0x6bd92)  ??:?
  #3 0x55975366e06f (qemu-system-x86_64+0x35c006f)  
/mnt/sdb/qemu/hw/scsi/scsi-disk.c:2388
  #4 0x559753671201 (qemu-system-x86_64+0x35c3201)  
/mnt/sdb/qemu/hw/scsi/scsi-disk.c:2681
  #5 0x559753687e3e (qemu-system-x86_64+0x35d9e3e)  
/mnt/sdb/qemu/hw/scsi/scsi-bus.c:58
  #6 0x55975368ac44 (qemu-system-x86_64+0x35dcc44)  
/mnt/sdb/qemu/hw/scsi/scsi-bus.c:216

Reported-by: Euler Robot 
Signed-off-by: Pan Nengyuan 
---
 hw/scsi/scsi-disk.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index e44c61eeb4..caec99ae20 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -2981,7 +2981,6 @@ static const TypeInfo scsi_disk_base_info = {
 };
 
 #define DEFINE_SCSI_DISK_PROPERTIES()   \
-DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk),  \
 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \
 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),\
 DEFINE_PROP_STRING("ver", SCSIDiskState, version),  \
@@ -2993,6 +2992,7 @@ static const TypeInfo scsi_disk_base_info = {
 
 static Property scsi_hd_properties[] = {
 DEFINE_SCSI_DISK_PROPERTIES(),
+DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk),
 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
 SCSI_DISK_F_REMOVABLE, false),
 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
@@ -3048,6 +3048,7 @@ static const TypeInfo scsi_hd_info = {
 
 static Property scsi_cd_properties[] = {
 DEFINE_SCSI_DISK_PROPERTIES(),
+DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk),
 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
@@ -3079,9 +3080,8 @@ static const TypeInfo scsi_cd_info = {
 
 #ifdef __linux__
 static Property scsi_block_properties[] = {
-DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
+DEFINE_SCSI_DISK_PROPERTIES(),
 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
-DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
DEFAULT_MAX_UNMAP_SIZE),
@@ -3099,6 +3099,7 @@ static void scsi_block_class_initfn(ObjectClass *klass, 
void *data)
 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
 
 sc->realize  = scsi_block_realize;
+sc->unrealize= scsi_unrealize;
 sc->alloc_req= scsi_block_new_request;
 sc->parse_cdb= scsi_block_parse_cdb;
 sdc->dma_readv   = scsi_block_dma_readv;
@@ -3119,6 +3120,7 @@ static const TypeInfo scsi_block_info = {
 
 static Property scsi_disk_properties[] = {
 DEFINE_SCSI_DISK_PROPERTIES(),
+DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk),
 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
 SCSI_DISK_F_REMOVABLE, false),
 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
-- 
2.21.0.windows.1

Re: [PATCH 0/4] qmp: Optionally run handlers in coroutines

[Marc-André Lureau]

Hi

On Thu, Jan 9, 2020 at 10:36 PM Kevin Wolf  wrote:
>
> Some QMP command handlers can block the main loop for a relatively long
> time, for example because they perform some I/O. This is quite nasty.
> Allowing such handlers to run in a coroutine where they can yield (and
> therefore release the BQL) while waiting for an event such as I/O
> completion solves the problem.
>
> This series adds the infrastructure to allow this and switches
> block_resize to run in a coroutine as a first example.
>
> This is an alternative solution to Marc-André's "monitor: add
> asynchronous command type" series.
>
> Kevin Wolf (4):
>   qapi: Add a 'coroutine' flag for commands
>   block: Mark 'block_resize' as coroutine
>   vl: Initialise main loop earlier
>   qmp: Move dispatcher to a coroutine
>
>  qapi/block-core.json|  3 +-
>  tests/qapi-schema/qapi-schema-test.json |  1 +
>  docs/devel/qapi-code-gen.txt|  4 ++
>  include/qapi/qmp/dispatch.h |  3 +
>  monitor/monitor-internal.h  |  5 +-
>  monitor/monitor.c   | 24 ---
>  monitor/qmp.c   | 83 -
>  qapi/qmp-dispatch.c | 38 ++-
>  tests/test-qmp-cmds.c   |  4 ++
>  vl.c| 10 +--
>  scripts/qapi/commands.py| 17 +++--
>  scripts/qapi/doc.py |  2 +-
>  scripts/qapi/expr.py|  4 +-
>  scripts/qapi/introspect.py  |  2 +-
>  scripts/qapi/schema.py  |  9 ++-
>  tests/qapi-schema/qapi-schema-test.out  |  2 +
>  tests/qapi-schema/test-qapi.py  |  7 ++-
>  17 files changed, 155 insertions(+), 63 deletions(-)

Series:
Reviewed-by: Marc-André Lureau 



-- 
Marc-André Lureau

Re: [PATCH qemu v4] spapr: Kill SLOF

[David Gibson]

On Fri, Jan 10, 2020 at 11:51:32AM +1100, Alexey Kardashevskiy wrote:
> 
> 
> On 10/01/2020 10:32, Alexey Kardashevskiy wrote:
> > 
> > 
> > On 10/01/2020 10:05, Alexey Kardashevskiy wrote:
> >>
> >>
> >> On 08/01/2020 17:18, Alexey Kardashevskiy wrote:
> >>> The Petitboot bootloader is way more advanced than SLOF is ever going to
> >>> be as Petitboot comes with the full-featured Linux kernel with all
> >>> the drivers, and initramdisk with quite user friendly interface.
> >>> The problem with ditching SLOF is that an unmodified pseries kernel can
> >>> either start via:
> >>> 1. kexec, this requires presence of RTAS and skips
> >>> ibm,client-architecture-support entirely;
> >>> 2. normal boot, this heavily relies on the OF1275 client interface to
> >>> fetch the device tree and do early setup (claim memory).
> >>>
> >>> This adds a new bios-less mode to the pseries machine: "bios=on|off".
> >>> When enabled, QEMU does not load SLOF and jumps to the kernel from
> >>> "-kernel".
> >>>
> >>> The client interface is implemented exactly as RTAS - a 20 bytes blob,
> >>> right next after the RTAS blob. The entry point is passed to the kernel
> >>> via GPR5.
> >>>
> >>> This implements a handful of client interface methods just to get going.
> >>> In particular, this implements the device tree fetching,
> >>> ibm,client-architecture-support and instantiate-rtas.
> >>>
> >>> This implements changing FDT properties for RTAS (for vmlinux and zImage)
> >>> and initramdisk location (for zImage). To make this work, this skips
> >>> fdt_pack() when bios=off as not packing the blob leaves some room for
> >>> appending.
> >>>
> >>> This assigns "phandles" to device tree nodes as there is no more SLOF
> >>> and OF nodes addresses of which served as phandle values.
> >>> This keeps predefined nodes (such as XICS/NVLINK/...) unchanged.
> >>> phandles are regenerated at every FDT rebuild.
> >>>
> >>> This defines phandles for VIO devices to have phandle assigned to
> >>> the default stdout device at the point when we write "/chosen/stdout"
> >>> which an ihandle which the OS uses to write to the console.
> >>
> >>
> >> And I do not really need to preallocate phandles for stdout as it is a
> >> leftover from when I populated /chosen/stdout before populating VIO
> >> nodes, now /chosen/stdout is added at the very end. Thanks,
> > 
> > 
> > Ah noo, I do, to implement "write" to the selected stdout as I need to
> > trace ihandle back to Object* and  object_resolve_path() does not know
> > about FDT path, it is /machine/peripheral/svty0 in QOM. The commit log
> > needs an update, or this needs a fix but I cannot think of a nicer one.
> > Thanks,
> 
> 
> I just might extend instances to do real instances, i.e. associate
> ihandle with phandle _and_ Object*, I just need a helper to find Object
> which matches what qdev_get_fw_dev_path() returns. Fun :)

If you only allow one instance per device, could you just make
ihandles == phandle | CONSTANT?

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH 04/15] hw/ppc/spapr_rtas: Restrict variables scope to single switch case

[David Gibson]

On Fri, Jan 10, 2020 at 10:50:55AM +0100, Greg Kurz wrote:
> On Fri, 10 Jan 2020 10:34:07 +0100
> Philippe Mathieu-Daudé  wrote:
> 
> > On 1/9/20 6:43 PM, Greg Kurz wrote:
> > > On Thu,  9 Jan 2020 16:21:22 +0100
> > > Philippe Mathieu-Daudé  wrote:
> > > 
> > >> We only access these variables in RTAS_SYSPARM_SPLPAR_CHARACTERISTICS
> > >> case, restrict their scope to avoid unnecessary initialization.
> > >>
> > > 
> > > I guess a decent compiler can be smart enough detect that the 
> > > initialization
> > > isn't needed outside of the RTAS_SYSPARM_SPLPAR_CHARACTERISTICS branch...
> > > Anyway, reducing scope isn't bad. The only hitch I could see is that some
> > > people do prefer to have all variables declared upfront, but there's a 
> > > nested
> > > param_val variable already so I guess it's okay.
> > 
> > I don't want to outsmart compilers :)
> > 
> > The MACHINE() macro is not a simple cast, it does object introspection 
> > with OBJECT_CHECK(), thus is not free. Since 
> 
> Sure, I understand the motivation in avoiding an unneeded call
> to calling object_dynamic_cast_assert().
> 
> > object_dynamic_cast_assert() argument is not const, I'm not sure the 
> > compiler can remove the call.
> > 
> 
> Not remove the call, but delay it to the branch that uses it,
> ie. parameter == RTAS_SYSPARM_SPLPAR_CHARACTERISTICS.

I think any performance consideration here is a red herring.  This
particular RTAS call is a handful-of-times-per-boot thing, and only
AFAIK used by AIX guests.

I'm in favour of the change on the grounds of code locality and
readability.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH 0/5] aspeed: extensions and fixes

[Cédric Le Goater]

On 1/7/20 8:34 AM, Cédric Le Goater wrote:
> Hi,
> 
> Here is a short series adding :
> 
>  - a new eMMC controller model for the AST2600 SoC (Andrew)
>  - accessors to control the led state of the pca9552 device (Joel)
>  - a 'execute-in-place' property to boot directly from CE0

There is a naming issue with the eMMC model. I will let Andrew resend.
We can drop this patchset for now.

Thanks,

C.

Re: [PATCH] xhci: Fix memory leak in xhci_kick_epctx when poweroff GuestOS

[Gerd Hoffmann]

> > diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
> > index 80988bb305..0d3d96d05a 100644
> > --- a/hw/usb/hcd-xhci.c
> > +++ b/hw/usb/hcd-xhci.c
> > @@ -2000,6 +2000,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, 
> > unsigned int streamid)
> >   if (xfer != NULL && xfer->running_retry) {
> >   DPRINTF("xhci: xfer nacked, stopping schedule\n");
> >   epctx->retry = xfer;
> > +xhci_xfer_unmap(xfer);
> 
> Shouldn't we use xhci_ep_free_xfer() instead?

No, xhci will try to run the transfer again later.

xhci will re-create the sgl then, so freeing the
sgl here is correct.  Patch added to usb queue.

thanks,
  Gerd