Re: [PATCH] audio/dsound: fix invalid parameters error

[Howard Spoelstra]

On Mon, Feb 3, 2020 at 12:02 AM Kővágó, Zoltán 
wrote:

> Windows (unlike wine) bails out when IDirectSoundBuffer8::Lock is called
> with zero length.  Also, hw->pos_emul handling was incorrect when
> calling this function for the first time.
>
> Signed-off-by: Kővágó, Zoltán 
> Reported-by: KJ Liew 
> ---
>
> I've tested this patch on wine and a borrowed Windows 8.1 laptop, I
> could only test audio playback, not recording.  I've cross-compiled qemu
> using the docker image, for 64-bit.
>
> ---
>  audio/dsound_template.h |  1 +
>  audio/audio.c   |  6 ++
>  audio/dsoundaudio.c | 27 +++
>  3 files changed, 26 insertions(+), 8 deletions(-)
>
> diff --git a/audio/dsound_template.h b/audio/dsound_template.h
> index 7a15f91ce5..9c5ce625ab 100644
> --- a/audio/dsound_template.h
> +++ b/audio/dsound_template.h
> @@ -244,6 +244,7 @@ static int dsound_init_out(HWVoiceOut *hw, struct
> audsettings *as,
>  goto fail0;
>  }
>
> +ds->first_time = true;
>  obt_as.endianness = 0;
>  audio_pcm_init_info (>info, _as);
>
> diff --git a/audio/audio.c b/audio/audio.c
> index f63f39769a..cb1efc6dc5 100644
> --- a/audio/audio.c
> +++ b/audio/audio.c
> @@ -1076,10 +1076,8 @@ static size_t audio_pcm_hw_run_out(HWVoiceOut *hw,
> size_t live)
>  while (live) {
>  size_t size, decr, proc;
>  void *buf = hw->pcm_ops->get_buffer_out(hw, );
> -if (!buf) {
> -/* retrying will likely won't help, drop everything. */
> -hw->mix_buf->pos = (hw->mix_buf->pos + live) %
> hw->mix_buf->size;
> -return clipped + live;
> +if (!buf || size == 0) {
> +break;
>  }
>
>  decr = MIN(size / hw->info.bytes_per_frame, live);
> diff --git a/audio/dsoundaudio.c b/audio/dsoundaudio.c
> index c265c0094b..bd57082a8d 100644
> --- a/audio/dsoundaudio.c
> +++ b/audio/dsoundaudio.c
> @@ -53,12 +53,14 @@ typedef struct {
>  typedef struct {
>  HWVoiceOut hw;
>  LPDIRECTSOUNDBUFFER dsound_buffer;
> +bool first_time;
>  dsound *s;
>  } DSoundVoiceOut;
>
>  typedef struct {
>  HWVoiceIn hw;
>  LPDIRECTSOUNDCAPTUREBUFFER dsound_capture_buffer;
> +bool first_time;
>  dsound *s;
>  } DSoundVoiceIn;
>
> @@ -414,21 +416,32 @@ static void *dsound_get_buffer_out(HWVoiceOut *hw,
> size_t *size)
>  DSoundVoiceOut *ds = (DSoundVoiceOut *) hw;
>  LPDIRECTSOUNDBUFFER dsb = ds->dsound_buffer;
>  HRESULT hr;
> -DWORD ppos, act_size;
> +DWORD ppos, wpos, act_size;
>  size_t req_size;
>  int err;
>  void *ret;
>
> -hr = IDirectSoundBuffer_GetCurrentPosition(dsb, , NULL);
> +hr = IDirectSoundBuffer_GetCurrentPosition(
> +dsb, , ds->first_time ?  : NULL);
>  if (FAILED(hr)) {
>  dsound_logerr(hr, "Could not get playback buffer position\n");
>  *size = 0;
>  return NULL;
>  }
>
> +if (ds->first_time) {
> +hw->pos_emul = wpos;
> +ds->first_time = false;
> +}
> +
>  req_size = audio_ring_dist(ppos, hw->pos_emul, hw->size_emul);
>  req_size = MIN(req_size, hw->size_emul - hw->pos_emul);
>
> +if (req_size == 0) {
> +*size = 0;
> +return NULL;
> +}
> +
>  err = dsound_lock_out(dsb, >info, hw->pos_emul, req_size, ,
> NULL,
>_size, NULL, false, ds->s);
>  if (err) {
> @@ -508,18 +521,24 @@ static void *dsound_get_buffer_in(HWVoiceIn *hw,
> size_t *size)
>  DSoundVoiceIn *ds = (DSoundVoiceIn *) hw;
>  LPDIRECTSOUNDCAPTUREBUFFER dscb = ds->dsound_capture_buffer;
>  HRESULT hr;
> -DWORD cpos, act_size;
> +DWORD cpos, rpos, act_size;
>  size_t req_size;
>  int err;
>  void *ret;
>
> -hr = IDirectSoundCaptureBuffer_GetCurrentPosition(dscb, , NULL);
> +hr = IDirectSoundCaptureBuffer_GetCurrentPosition(
> +dscb, , ds->first_time ?  : NULL);
>  if (FAILED(hr)) {
>  dsound_logerr(hr, "Could not get capture buffer position\n");
>  *size = 0;
>  return NULL;
>  }
>
> +if (ds->first_time) {
> +hw->pos_emul = rpos;
> +ds->first_time = false;
> +}
> +
>  req_size = audio_ring_dist(cpos, hw->pos_emul, hw->size_emul);
>  req_size = MIN(req_size, hw->size_emul - hw->pos_emul);
>
> --
> 2.25.0
>

Hi,

I tested this patch running qemu-system-ppc with MacOS 9.2 and OSX 10.5.
Qemu was cross-compiled on Fedora 31 from
https://github.com/mcayland/qemu/tree/screamer. Host was Windows 10.

The dsound locking errors are gone, so for this test case all seems OK.

Best,
Howard

Re: [PATCH v22 7/9] ACPI: Record Generic Error Status Block(GESB) table

[Igor Mammedov]

On Sun, 2 Feb 2020 21:42:23 +0800
gengdongjiu  wrote:

> On 2020/1/28 23:29, Igor Mammedov wrote:
> > On Wed, 8 Jan 2020 19:32:21 +0800
> > Dongjiu Geng  wrote:
> >   
> >> kvm_arch_on_sigbus_vcpu() error injection uses source_id as
> >> index in etc/hardware_errors to find out Error Status Data
> >> Block entry corresponding to error source. So supported source_id
> >> values should be assigned here and not be changed afterwards to
> >> make sure that guest will write error into expected Error Status
> >> Data Block even if guest was migrated to a newer QEMU.
> >>
> >> Before QEMU writes a new error to ACPI table, it will check whether
> >> previous error has been acknowledged. Otherwise it will ignore the new
> >> error. For the errors section type, QEMU simulate it to memory section
> >> error.
> >>
> >> Signed-off-by: Dongjiu Geng 
> >> Signed-off-by: Xiang Zheng 
> >> Reviewed-by: Michael S. Tsirkin 

btw:
when you are changing patch and it's not a trivial change,
you are supposed to drop Reviewed-by/Acked-by tags.

[...]
> >> diff --git a/include/qemu/uuid.h b/include/qemu/uuid.h
> >> index 129c45f..b35e294 100644
> >> --- a/include/qemu/uuid.h
> >> +++ b/include/qemu/uuid.h
> >> @@ -34,6 +34,11 @@ typedef struct {
> >>  };
> >>  } QemuUUID;
> >>  
> >> +#define UUID_LE(a, b, c, d0, d1, d2, d3, d4, d5, d6, d7) \
> >> +  {{{ (a) & 0xff, ((a) >> 8) & 0xff, ((a) >> 16) & 0xff, ((a) >> 24) & 
> >> 0xff, \
> >> + (b) & 0xff, ((b) >> 8) & 0xff, (c) & 0xff, ((c) >> 8) & 0xff,
> >>   \
> >> + (d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7) } } }  
> > 
> > since you are adding generalizing macro, take of NVDIMM_UUID_LE which 
> > served as model  
> 
> do you mean use this generalizing macro to replace NVDIMM_UUID_LE, right?

yes, and preferably do that in a separate patch

> 
> > 
> >   
> >>  #define UUID_FMT "%02hhx%02hhx%02hhx%02hhx-" \
> >>   "%02hhx%02hhx-%02hhx%02hhx-" \
> >>   "%02hhx%02hhx-" \  
> > 
> > .
> >   
> 

Re: [PATCH] target/mips: Fix ll/sc after 7dd547e5ab6b31e7a0cfc182d3ad131dd55a948f

[Richard Henderson]

On 2/2/20 3:34 PM, James Clarke wrote:
> From: Alex Richardson 
> 
> After 7dd547e5ab6b31e7a0cfc182d3ad131dd55a948f the env->llval value is
> loaded as an unsigned value (instead of sign-extended as before).
> Therefore, the CMPXCHG in gen_st_cond() in translate.c fails if the sign
> bit is set in the loaded value.
> Fix this by sign-extending the llval value for the 32-bit case.
> 
> I discovered this issue because FreeBSD MIPS64 was looping forever in an
> atomic helper function when trying to start /sbin/init.
> 
> Signed-off-by: Alex Richardson 
> Fixes: 7dd547e5ab6b ("target/mips: Use cpu_*_mmuidx_ra instead of 
> MMU_MODE*_SUFFIX")
> Buglink: https://bugs.launchpad.net/qemu/+bug/1861605
> Cc: Aurelien Jarno 
> Cc: Aleksandar Markovic 
> Cc: Aleksandar Rikalo 
> Cc: Richard Henderson 
> Signed-off-by: James Clarke 
> ---
>  target/mips/op_helper.c | 8 
>  1 file changed, 4 insertions(+), 4 deletions(-)

My fault.  Sorry about that.

Reviewed-by: Richard Henderson 


r~

Re: [PATCH v22 5/9] ACPI: Record the Generic Error Status Block address

[Igor Mammedov]

On Sun, 2 Feb 2020 20:44:35 +0800
gengdongjiu  wrote:

> sorry for the late response due to Chinese new year
> 
> On 2020/1/28 22:41, Igor Mammedov wrote:
> > On Wed, 8 Jan 2020 19:32:19 +0800
> > Dongjiu Geng  wrote:
> > 
> > in addition to comments of others:
> >   
> >> Record the GHEB address via fw_cfg file, when recording
> >> a error to CPER, it will use this address to find out
> >> Generic Error Data Entries and write the error.
> >>
> >> Make the HEST GHES to a GED device.  
[...]
> >> @@ -831,7 +832,9 @@ void virt_acpi_build(VirtMachineState *vms, 
> >> AcpiBuildTables *tables)
> >>  acpi_add_table(table_offsets, tables_blob);
> >>  build_spcr(tables_blob, tables->linker, vms);
> >>  
> >> -if (vms->ras) {
> >> +acpi_ged_state = ACPI_GED(object_resolve_path_type("", TYPE_ACPI_GED,
> >> +   NULL));
> >> +if (acpi_ged_state &&  vms->ras) {  
> > 
> > there is vms->acpi_dev which is GED, so you don't need to look it up
> > 
> > suggest:  
>Thanks for the suggestion.
> 
> >  if (ras) {
> > assert(ged)  
>   assert(vms->acpi_dev), right?

yes, something like this.

 
> > do other fun stuff ...
> >  }  
> 
> >   
> >>  acpi_add_table(table_offsets, tables_blob);
> >>  build_ghes_error_table(tables->hardware_errors, tables->linker);
> >>  acpi_build_hest(tables_blob, tables->hardware_errors,
[...]

[PATCH] pl031: add finalize function to avoid memleaks

[pannengyuan]

From: Pan Nengyuan 

There is a memory leak when we call 'device_list_properties' with
typename = pl031. It's easy to reproduce as follow:

  virsh qemu-monitor-command vm1 --pretty '{"execute": 
"device-list-properties", "arguments": {"typename": "pl031"}}'

The memory leak stack:
  Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x7f6e0925a970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970)
#1 0x7f6e06f4d49d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d)
#2 0x564a0f7654ea in timer_new_full /mnt/sdb/qemu/include/qemu/timer.h:530
#3 0x564a0f76555d in timer_new /mnt/sdb/qemu/include/qemu/timer.h:551
#4 0x564a0f765589 in timer_new_ns /mnt/sdb/qemu/include/qemu/timer.h:569
#5 0x564a0f76747d in pl031_init /mnt/sdb/qemu/hw/rtc/pl031.c:198
#6 0x564a0fd4a19d in object_init_with_type /mnt/sdb/qemu/qom/object.c:360
#7 0x564a0fd4b166 in object_initialize_with_type 
/mnt/sdb/qemu/qom/object.c:467
#8 0x564a0fd4c8e6 in object_new_with_type /mnt/sdb/qemu/qom/object.c:636
#9 0x564a0fd4c98e in object_new /mnt/sdb/qemu/qom/object.c:646
#10 0x564a0fc69d43 in qmp_device_list_properties 
/mnt/sdb/qemu/qom/qom-qmp-cmds.c:204
#11 0x564a0ef18e64 in qdev_device_help /mnt/sdb/qemu/qdev-monitor.c:278

Reported-by: Euler Robot 
Signed-off-by: Pan Nengyuan 
---
 hw/rtc/pl031.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/hw/rtc/pl031.c b/hw/rtc/pl031.c
index ae47f09635..50664ca000 100644
--- a/hw/rtc/pl031.c
+++ b/hw/rtc/pl031.c
@@ -194,6 +194,15 @@ static void pl031_init(Object *obj)
 s->timer = timer_new_ns(rtc_clock, pl031_interrupt, s);
 }
 
+static void pl031_finalize(Object *obj)
+{
+PL031State *s = PL031(obj);
+if (s->timer) {
+timer_del(s->timer);
+timer_free(s->timer);
+}
+}
+
 static int pl031_pre_save(void *opaque)
 {
 PL031State *s = opaque;
@@ -329,6 +338,7 @@ static const TypeInfo pl031_info = {
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(PL031State),
 .instance_init = pl031_init,
+.instance_finalize = pl031_finalize,
 .class_init= pl031_class_init,
 };
 
-- 
2.21.0.windows.1

Re: [PATCH 2/4] target/arm: Update MSR access to UAO

[Richard Henderson]

On 2/2/20 1:29 PM, Peter Maydell wrote:
> Yes, but SPSR_ELx isn't started with a clean zero and built up
> the way the new PSTATE is, it gets copied from the AArch32 CPSR
> via cpsr_read(). I forget how carefully we keep the guest from setting
> CPSR bits that aren't really valid for the CPU...

We do an ok job, except...

>> Well, there is no CPSR UAO bit, so there's no aarch32 bit to clear.  But I 
>> did
>> add a clearing of PSTATE UAO on the exception return to aarch64 path, to
>> prevent the guest from playing games with SPSR.
> 
> ...for instance on the aarch64->aarch32 exception return path,

... here.

> I don't think we sanitize the SPSR bits, so the guest could use
> a 64->32 exception return to set a bogus CPSR.UAO bit and
> then enter from 32 to 64 and see SPSR_ELx.UAO set when
> it should not be, unless we sanitize either in all places where
> we let the guest set CPSR bits (including 64->32 return), or
> we sanitize on 32->64 entry.

There is no CPSR.UAO bit, so this chain of logic doesn't hold for that specific
instance.  But plausibly so for CPSR.PAN.

We do sanitize all of the places where CPSR/PSTATE is explicitly set.  I think
we've covered all but one of the exception return paths, sanitizing the
SPSR_ELx values.

We could move some of this logic to internals.h so that it could be shared
between CPSR and exception return.  I'll think about that for v3.


r~

Re: [PATCH v2 0/7] Some cleanup in arm/virt/acpi

[Michael S. Tsirkin]

On Mon, Feb 03, 2020 at 08:14:58AM +0800, Heyi Guo wrote:
> Remove conflict _ADR objects, and fix and refine PCI device definition in
> ACPI/DSDT.
> 
> Cc: Peter Maydell 
> Cc: "Michael S. Tsirkin" 
> Cc: Igor Mammedov 
> Cc: Shannon Zhao 
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel@nongnu.org


Series

Reviewed-by: Michael S. Tsirkin 

merge through ARM tree pls.

> v1 -> v2:
> - flow the work flow in tests/qtest/bios-table-test.c to post ACPI related
>   patches.
> - update commit messages for removing "RP0" and "_ADR".
> - add 3 more cleanup patches.
> 
> Heyi Guo (7):
>   bios-tables-test: prepare to change ARM virt ACPI DSDT
>   arm/virt/acpi: remove meaningless sub device "PR0" from PCI0
>   arm/virt/acpi: remove _ADR from devices identified by _HID
>   arm/acpi: fix PCI _PRT definition
>   arm/acpi: fix duplicated _UID of PCI interrupt link devices
>   arm/acpi: simplify the description of PCI _CRS
>   virt/acpi: update golden masters for DSDT update
> 
>  hw/arm/virt-acpi-build.c  |  25 ++---
>  tests/data/acpi/virt/DSDT | Bin 18462 -> 5307 bytes
>  tests/data/acpi/virt/DSDT.memhp   | Bin 19799 -> 6644 bytes
>  tests/data/acpi/virt/DSDT.numamem | Bin 18462 -> 5307 bytes
>  4 files changed, 6 insertions(+), 19 deletions(-)
> 
> -- 
> 2.19.1

Re: [PATCH] boot-order-test: fix memleaks in boot-order-test

[Thomas Huth]

On 03/02/2020 03.59, pannengy...@huawei.com wrote:
> From: Pan Nengyuan 
> 
> It's not a big deal, but 'check qtest-ppc/ppc64' runs fail if sanitizers is 
> enabled.
> The memory leak stack is as follow:
> 
> Direct leak of 128 byte(s) in 4 object(s) allocated from:
> #0 0x7f11756f5970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970)
> #1 0x7f1174f2549d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d)
> #2 0x556af05aa7da in mm_fw_cfg_init 
> /mnt/sdb/qemu/tests/libqos/fw_cfg.c:119
> #3 0x556af059f4f5 in read_boot_order_pmac 
> /mnt/sdb/qemu/tests/boot-order-test.c:137
> #4 0x556af059efe2 in test_a_boot_order 
> /mnt/sdb/qemu/tests/boot-order-test.c:47
> #5 0x556af059f2c0 in test_boot_orders 
> /mnt/sdb/qemu/tests/boot-order-test.c:59
> #6 0x556af059f52d in test_pmac_oldworld_boot_order 
> /mnt/sdb/qemu/tests/boot-order-test.c:152
> #7 0x7f1174f46cb9  (/lib64/libglib-2.0.so.0+0x73cb9)
> #8 0x7f1174f46b73  (/lib64/libglib-2.0.so.0+0x73b73)
> #9 0x7f1174f46b73  (/lib64/libglib-2.0.so.0+0x73b73)
> #10 0x7f1174f46f71 in g_test_run_suite (/lib64/libglib-2.0.so.0+0x73f71)
> #11 0x7f1174f46f94 in g_test_run (/lib64/libglib-2.0.so.0+0x73f94)
> 
> Reported-by: Euler Robot 
> Signed-off-by: Pan Nengyuan 
> ---
>  tests/qtest/boot-order-test.c | 6 +++---
>  tests/qtest/libqos/fw_cfg.h   | 2 ++
>  2 files changed, 5 insertions(+), 3 deletions(-)

Thanks, queued to my qtest-next branch:

 https://gitlab.com/huth/qemu/commits/qtest-next

Reviewed-by: Thomas Huth 

Re: [PATCH] virtio: add the queue number check

[Michael S. Tsirkin]

On Fri, Jan 31, 2020 at 05:22:47PM +0100, Paolo Bonzini wrote:
> I have just found this email... sorry for the delay.
> 
> On 10/01/20 07:10, Yang Zhong wrote:
> >> No. If virtio-blk works, the bug is in vhost-user-blk; if virtio-blk needs
> >> no check in cpu count, vhost-user-blk also doesn't.
> >>
> >> You need to check first if the bug is in QEMU or the vhost-user-blk server.
> >
> >   (1). Seabios issue
> >   In init_virtio_blk() function, which set VIRTIO_CONFIG_S_DRIVER_OK
> >   status to qemu vhost-user-blk device.
> > 
> >   // the related code
> >   ..
> >   status |= VIRTIO_CONFIG_S_DRIVER_OK;
> >   vp_set_status(>vp, status);
> >   ..
> > 
> >   I think there is no need for seabios to set VIRTIO_CONFIG_S_DRIVER_OK
> >   status to qemu vhost-user-blk device.
> 
> It does so because it cannot know how it will be used.  It could be used
> by the guest boot loader to load a kernel, for example.  SeaBIOS sets
> DRIVER_OK because it has loaded a driver for the disk; that's exactly
> what DRIVER_OK signals.

Right. More specifically DRIVER_OK means driver finished setup and is
going to add buffers and process used ones, so device should start
looking at queues.

> 
> > In fact, this time vhost_user_blk_start almost do nothing because
> > the real guest virtio-blk driver still not started yet. This time,
> > there is only one vq can be used(this vq should be inited in seabios).
> > 
> > When the guest virtio-blk driver really start and complet the
> > probe(), the guest virtio-blk driver will set
> > VIRTIO_CONFIG_S_DRIVER_OK to vhost-user-blk device again. This
> > time, this driver will allocate RIGHT queue num according to
> > MIN(vcpu, num_vqs).
> 
> Doesn't it first reset the status to 0?
> 
> > (2). DPDK issue
> >  DPDK does not know the real queue number used by guest virtio-blk
> >  driver and it only know the queue number from vhost-user-blk
> >  commond line. Once the guest virtio-blk driver change the queue
> >  number according to MIN(vcpu, num_vqs), DPDK still use previous
> >  queue number and it think virtio is never ready by
> >  virtio_is_ready() function.
> 
> What is virtio_is_ready()?  The virtio device should not wait for all
> the queues to be set.  A device is ready when it sets DRIVER_OK, and
> that's it.

Or - if we want to support legacy guests, and due to a bunch of legacy
guest bugs - if a legacy guest kicked a queue before setting DRIVER_OK.

> >  or DPDK can get the real queue number by checking if the vring.desc
> >  is NON-NULL.
> 
> Note that there is no requirement that the driver initializes a
> consecutive number of virtqueues.  It is acceptable for it to initialize
> virtqueues 0, 1 and 57.  It seems like the bug is in DPDK, possibly more
> than one...
> 
> Paolo
> 
> >  By the way, vhost SCSI device has the same issue with
> >  vhost-user-blk device. 
> > 
> >  Yang
> > 
> >> Paolo
> > 

Re: [PULL v3 17/18] i386:acpi: Remove _HID from the SMBus ACPI entry

[Michael S. Tsirkin]

On Thu, Jan 30, 2020 at 07:05:16PM +, Peter Maydell wrote:
> On Thu, 23 Jan 2020 at 07:11, Michael S. Tsirkin  wrote:
> >
> > From: Corey Minyard 
> >
> > Per the ACPI spec (version 6.1, section 6.1.5 _HID) it is not required
> > on enumerated buses (like PCI in this case), _ADR is required (and is
> > already there).  And the _HID value is wrong.  Linux appears to ignore
> > the _HID entry, but Windows 10 detects it as 'Unknown Device' and there
> > is no driver available.  See https://bugs.launchpad.net/qemu/+bug/1856724
> 
> Is this commit in fact a fix for LP:1856724 ? If so, we could
> usefully add a comment to that bug noting the commit which
> fixes it and mark the bug 'fix committed', since it seems
> to affect various users who would like to know the status.
> 
> thanks
> -- PMM

Right. Corey could you do that pls?

[PULL 31/35] target/ppc: Use probe_access for LSW, STSW

[David Gibson]

From: Richard Henderson 

Use a minimum number of mmu lookups for the contiguous bytes
that are accessed.  If the lookup succeeds, we can finish the
operation with host addresses only.

Reported-by: Howard Spoelstra 
Signed-off-by: Richard Henderson 
Message-Id: <20200129235040.24022-2-richard.hender...@linaro.org>
Tested-by: Howard Spoelstra 
Signed-off-by: David Gibson 
---
 target/ppc/mem_helper.c | 148 ++--
 1 file changed, 128 insertions(+), 20 deletions(-)

diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index e8e2a8ac2a..508d472a2f 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -56,6 +56,32 @@ static inline target_ulong addr_add(CPUPPCState *env, 
target_ulong addr,
 }
 }
 
+static void *probe_contiguous(CPUPPCState *env, target_ulong addr, uint32_t nb,
+  MMUAccessType access_type, int mmu_idx,
+  uintptr_t raddr)
+{
+void *host1, *host2;
+uint32_t nb_pg1, nb_pg2;
+
+nb_pg1 = -(addr | TARGET_PAGE_MASK);
+if (likely(nb <= nb_pg1)) {
+/* The entire operation is on a single page.  */
+return probe_access(env, addr, nb, access_type, mmu_idx, raddr);
+}
+
+/* The operation spans two pages.  */
+nb_pg2 = nb - nb_pg1;
+host1 = probe_access(env, addr, nb_pg1, access_type, mmu_idx, raddr);
+addr = addr_add(env, addr, nb_pg1);
+host2 = probe_access(env, addr, nb_pg2, access_type, mmu_idx, raddr);
+
+/* If the two host pages are contiguous, optimize.  */
+if (host2 == host1 + nb_pg1) {
+return host1;
+}
+return NULL;
+}
+
 void helper_lmw(CPUPPCState *env, target_ulong addr, uint32_t reg)
 {
 for (; reg < 32; reg++) {
@@ -84,23 +110,65 @@ void helper_stmw(CPUPPCState *env, target_ulong addr, 
uint32_t reg)
 static void do_lsw(CPUPPCState *env, target_ulong addr, uint32_t nb,
uint32_t reg, uintptr_t raddr)
 {
-int sh;
+int mmu_idx;
+void *host;
+uint32_t val;
 
-for (; nb > 3; nb -= 4) {
-env->gpr[reg] = cpu_ldl_data_ra(env, addr, raddr);
-reg = (reg + 1) % 32;
-addr = addr_add(env, addr, 4);
+if (unlikely(nb == 0)) {
+return;
 }
-if (unlikely(nb > 0)) {
-env->gpr[reg] = 0;
-for (sh = 24; nb > 0; nb--, sh -= 8) {
-env->gpr[reg] |= cpu_ldub_data_ra(env, addr, raddr) << sh;
-addr = addr_add(env, addr, 1);
+
+mmu_idx = cpu_mmu_index(env, false);
+host = probe_contiguous(env, addr, nb, MMU_DATA_LOAD, mmu_idx, raddr);
+
+if (likely(host)) {
+/* Fast path -- the entire operation is in RAM at host.  */
+for (; nb > 3; nb -= 4) {
+env->gpr[reg] = (uint32_t)ldl_be_p(host);
+reg = (reg + 1) % 32;
+host += 4;
+}
+switch (nb) {
+default:
+return;
+case 1:
+val = ldub_p(host) << 24;
+break;
+case 2:
+val = lduw_be_p(host) << 16;
+break;
+case 3:
+val = (lduw_be_p(host) << 16) | (ldub_p(host + 2) << 8);
+break;
+}
+} else {
+/* Slow path -- at least some of the operation requires i/o.  */
+for (; nb > 3; nb -= 4) {
+env->gpr[reg] = cpu_ldl_mmuidx_ra(env, addr, mmu_idx, raddr);
+reg = (reg + 1) % 32;
+addr = addr_add(env, addr, 4);
+}
+switch (nb) {
+default:
+return;
+case 1:
+val = cpu_ldub_mmuidx_ra(env, addr, mmu_idx, raddr) << 24;
+break;
+case 2:
+val = cpu_lduw_mmuidx_ra(env, addr, mmu_idx, raddr) << 16;
+break;
+case 3:
+val = cpu_lduw_mmuidx_ra(env, addr, mmu_idx, raddr) << 16;
+addr = addr_add(env, addr, 2);
+val |= cpu_ldub_mmuidx_ra(env, addr, mmu_idx, raddr) << 8;
+break;
 }
 }
+env->gpr[reg] = val;
 }
 
-void helper_lsw(CPUPPCState *env, target_ulong addr, uint32_t nb, uint32_t reg)
+void helper_lsw(CPUPPCState *env, target_ulong addr,
+uint32_t nb, uint32_t reg)
 {
 do_lsw(env, addr, nb, reg, GETPC());
 }
@@ -130,17 +198,57 @@ void helper_lswx(CPUPPCState *env, target_ulong addr, 
uint32_t reg,
 void helper_stsw(CPUPPCState *env, target_ulong addr, uint32_t nb,
  uint32_t reg)
 {
-int sh;
+uintptr_t raddr = GETPC();
+int mmu_idx;
+void *host;
+uint32_t val;
 
-for (; nb > 3; nb -= 4) {
-cpu_stl_data_ra(env, addr, env->gpr[reg], GETPC());
-reg = (reg + 1) % 32;
-addr = addr_add(env, addr, 4);
+if (unlikely(nb == 0)) {
+return;
 }
-if (unlikely(nb > 0)) {
-for (sh = 24; nb > 0; nb--, sh -= 8) {
-cpu_stb_data_ra(env, addr, (env->gpr[reg] >> sh) & 0xFF, GETPC());
-addr = addr_add(env, addr, 1);
+
+mmu_idx = 

Re: Making QEMU easier for management tools and applications

[Markus Armbruster]

Paolo Bonzini  writes:

> Il dom 2 feb 2020, 10:22 Kevin Wolf  ha scritto:
>
>> Am 31.01.2020 um 13:27 hat Eric Blake geschrieben:
>> > On 1/28/20 6:54 AM, Kevin Wolf wrote:
>> >
>> > > >
>> > > > The arguments as dotted keys:
>> > > >
>> > > >  id=bar,backend.type=file,backend.data.out=/tmp/bar.log
>> > > >
>> > > > Observe there's quite some of nesting.  While that's somewhat
>> cumbersome
>> > > > in JSON, it's a lot worse with dotted keys, because there nesting
>> means
>> > > > repeated key prefixes.  I could give much worse examples, actually.
>> > >
>> > > This is true, but even without the repeated keys (e.g. in a syntax that
>> > > would use brackets), it would still be unnecessarily verbose and
>> > > probably hard to remember:
>> > >
>> > >  id=bar,backend={type=file,data={out=/tmp/bar.log}}
>>
>> [...] I actually think that a syntax like this might make sense for
>> something like qmp-shell. It might even be more convenient on the
>> command line than dotted keys if you get a lot of repetition (despite
>> the required quoting), but it's strictly speaking incompatible because
>> you could use {} in strings today.
>>
>
> If you are willing to feed schema info to the parser, in principle you
> could keep backwards compatibility. There would be limitations such as
> putting the discriminator before the fields, so I am not sure it's a good
> idea.

Problem: the 'any' type, where the schema doesn't provide the necessary
information.

Problem: 'gen': false, where we pass the arguments raw, ignoring the
schema.

If we didn't restrict alternate types so severly, it would also be a
problem.  For instance, with

{ 'alternate': 'Alt',
  'data': { 'one': 'number',
'two': 'str' } }

we don't know what to do for value "on" branch to take for value 42.
Not a problem because we reject this alternate.  See
tests/qapi-schema/alternate-conflict-*json for more examples.

> Better QOM introspection would be a requirement, too.

I guess this is what you believe is needed to solve these problems.

[Bug 1861653] [NEW] CPU of qemu-system-aarch64 always stuck

[zwq]

Public bug reported:

I started qemu with these arguments:
 qemu-system-aarch64 -M virt-2.9 -cpu cortex-a72 -smp 
cores=8,threads=1,sockets=1 -m 2G -device nec-usb-xhci -device usb-kbd -device 
usb-tablet -pflash /sdcard/QEMU_EFI.img -pflash /sdcard/QEMU_VARS.img -device 
virtio-blk-device,drive=Ubuntu -drive if=none,id=Ubuntu,file=Ubuntu.vhd 
-nographic -net user -net nic,model=rtl8139 -kernel linux -initrd initrd.gz
The setup program of Ubuntu devel aarch64 ran normally.But after several 
hours,the CPUs emulated by qemu-system-aarch64 went wrong.
Here are the messages displayed on the tty
[15842.164745] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! 
[ksoftirqd/0:9] 
[15930.163589] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! 
[ksoftirqd/0:9]
[16110.163540] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! 
[ksoftirqd/0:9] 
[16290.162801] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ksoftirqd/0:9]
[16470.163927] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! 
[ksoftirqd/0:9] 
[16650.163246] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! 
[ksoftirqd/0:9] 
[16830.163216] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! 
[ksoftirqd/0:9] 
[17010.164504] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ksoftirqd/0:9]

Then I tried CentOS 7.1908 aarch64 with almost the same arguments.
After several hours,it went wrong too.
[17480 . 201 1 58] rcu : (3 ticks this GP) idle=362/0/0x3 softirq=61631 /61 631 
fqs=10077
[17480 . 204889] (detected by 3 , t=24007 jiffies , g=218453 , q=5285) [1 7480 
. 21 7986] Task dump for CPU 7 :
[17480.222379] swapper/7R running task  0 
0  0x002a [17480.229073] Call trace :
[1 7480.241518] switch t0+0x104/0x1 f8
[17480.249839]  Ox7fff
[17660.232314] rcu : INFO: rcu sched detected stalls on CPUs/ tasks :
[17660.233580] rcu : (3 ticks this GP) idle=362/0/0x3 softirq=61631 /61 631 
fqs=17770
[17660.235837] (detected by 3,t=42012 jiffies , g=218453 , q=7039) 
[17660 . 237955] Task dump for CPU 7 :
[17660.238900] swapper/ 7  R running task  0   0
[17660.242967] Call trace :
[17660.246192]  switch t0+0x104/0x1 f8
[17660.253215]  Ox7fff

Obviously qemu-system-aarch64 caused these bugs.

qemu version: 4.x(I have tested version 4.0 & 4.1.0 & 4.2.0)
host architecture: aarch64(Qualcomm Snapdragon series)
host system:Ubuntu devel 20.04& Debian 10(I have tested on many devices)

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1861653

Title:
  CPU of qemu-system-aarch64 always stuck

Status in QEMU:
  New

Bug description:
  I started qemu with these arguments:
   qemu-system-aarch64 -M virt-2.9 -cpu cortex-a72 -smp 
cores=8,threads=1,sockets=1 -m 2G -device nec-usb-xhci -device usb-kbd -device 
usb-tablet -pflash /sdcard/QEMU_EFI.img -pflash /sdcard/QEMU_VARS.img -device 
virtio-blk-device,drive=Ubuntu -drive if=none,id=Ubuntu,file=Ubuntu.vhd 
-nographic -net user -net nic,model=rtl8139 -kernel linux -initrd initrd.gz
  The setup program of Ubuntu devel aarch64 ran normally.But after several 
hours,the CPUs emulated by qemu-system-aarch64 went wrong.
  Here are the messages displayed on the tty
  [15842.164745] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! 
[ksoftirqd/0:9] 
[15930.163589] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! 
[ksoftirqd/0:9]
  [16110.163540] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! 
[ksoftirqd/0:9] 
  [16290.162801] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! 
[ksoftirqd/0:9]
  [16470.163927] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! 
[ksoftirqd/0:9] 
  [16650.163246] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! 
[ksoftirqd/0:9] 
  [16830.163216] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! 
[ksoftirqd/0:9] 
  [17010.164504] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! 
[ksoftirqd/0:9]

  Then I tried CentOS 7.1908 aarch64 with almost the same arguments.
  After several hours,it went wrong too.
  [17480 . 201 1 58] rcu : (3 ticks this GP) idle=362/0/0x3 softirq=61631 /61 
631 fqs=10077
  [17480 . 204889] (detected by 3 , t=24007 jiffies , g=218453 , q=5285) [1 
7480 . 21 7986] Task dump for CPU 7 :
  [17480.222379] swapper/7R running task0 
  0  0x002a [17480.229073] Call trace :
  [1 7480.241518]   switch t0+0x104/0x1 f8
  [17480.249839]Ox7fff
  [17660.232314] rcu : INFO: rcu sched detected stalls on CPUs/ tasks :
  [17660.233580] rcu : (3 ticks this GP) idle=362/0/0x3 softirq=61631 /61 631 
fqs=17770
  [17660.235837] (detected by 3,t=42012 jiffies , g=218453 , q=7039) 
  [17660 . 237955] Task dump for CPU 7 :
  [17660.238900] swapper/ 7  R running task  0   0
  [17660.242967] Call trace :
  [17660.246192]switch t0+0x104/0x1 f8

[PULL 33/35] target/ppc: Remove redundant mask in DCBZ

[David Gibson]

From: Richard Henderson 

The value of addr has already been masked, just above.

Signed-off-by: Richard Henderson 
Message-Id: <20200129235040.24022-4-richard.hender...@linaro.org>
Tested-by: Howard Spoelstra 
Signed-off-by: David Gibson 
---
 target/ppc/mem_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index e7d3a79d96..0cb78777e7 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -293,7 +293,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong addr,
 addr &= mask;
 
 /* Check reservation */
-if ((env->reserve_addr & mask) == (addr & mask))  {
+if ((env->reserve_addr & mask) == addr)  {
 env->reserve_addr = (target_ulong)-1ULL;
 }
 
-- 
2.24.1

[PULL 19/35] ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge

[David Gibson]

From: Benjamin Herrenschmidt 

These changes introduces models for the PCIe Host Bridge (PHB4) of the
POWER9 processor. It includes the PowerBus logic interface (PBCQ),
IOMMU support, a single PCIe Gen.4 Root Complex, and support for MSI
and LSI interrupt sources as found on a POWER9 system using the XIVE
interrupt controller.

POWER9 processor comes with 3 PHB4 PEC (PCI Express Controller) and
each PEC can have several PHBs. By default,

  * PEC0 provides 1 PHB  (PHB0)
  * PEC1 provides 2 PHBs (PHB1 and PHB2)
  * PEC2 provides 3 PHBs (PHB3, PHB4 and PHB5)

Each PEC has a set  "global" registers and some "per-stack" (per-PHB)
registers. Those are organized in two XSCOM ranges, the "Nest" range
and the "PCI" range, each range contains both some "PEC" registers and
some "per-stack" registers.

No default device layout is provided and PCI devices can be added on
any of the available PCIe Root Port (pcie.0 .. 2 of a Power9 chip)
with address 0x0 as the firwware (skiboot) only accepts a single
device per root port. To run a simple system with a network and a
storage adapters, use a command line options such as :

  -device e1000e,netdev=net0,mac=C0:FF:EE:00:00:02,bus=pcie.0,addr=0x0
  -netdev 
bridge,id=net0,helper=/usr/libexec/qemu-bridge-helper,br=virbr0,id=hostnet0

  -device megasas,id=scsi0,bus=pcie.1,addr=0x0
  -drive file=$disk,if=none,id=drive-scsi0-0-0-0,format=qcow2,cache=none
  -device 
scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=2

If more are needed, include a bridge.

Multi chip is supported, each chip adding its set of PHB4 controllers
and its PCI busses. The model doesn't emulate the EEH error handling.

This model is not ready for hotplug yet.

Signed-off-by: Benjamin Herrenschmidt 
[ clg: - numerous cleanups
   - commit log
   - fix for broken LSI support
   - PHB pic printinfo
   - large QOM rework ]
Signed-off-by: Cédric Le Goater 
Message-Id: <20200127144506.11132-2-...@kaod.org>
[dwg: Use device_class_set_props()]
Signed-off-by: David Gibson 
---
 hw/pci-host/Makefile.objs   |1 +
 hw/pci-host/pnv_phb4.c  | 1438 +++
 hw/pci-host/pnv_phb4_pec.c  |  593 +++
 hw/ppc/Kconfig  |2 +
 hw/ppc/pnv.c|  107 ++
 include/hw/pci-host/pnv_phb4.h  |  230 +
 include/hw/pci-host/pnv_phb4_regs.h |  553 ++
 include/hw/pci/pcie_port.h  |1 +
 include/hw/ppc/pnv.h|7 +
 include/hw/ppc/pnv_xscom.h  |   11 +
 10 files changed, 2943 insertions(+)
 create mode 100644 hw/pci-host/pnv_phb4.c
 create mode 100644 hw/pci-host/pnv_phb4_pec.c
 create mode 100644 include/hw/pci-host/pnv_phb4.h
 create mode 100644 include/hw/pci-host/pnv_phb4_regs.h

diff --git a/hw/pci-host/Makefile.objs b/hw/pci-host/Makefile.objs
index 9c466fab01..8a296e2f93 100644
--- a/hw/pci-host/Makefile.objs
+++ b/hw/pci-host/Makefile.objs
@@ -20,3 +20,4 @@ common-obj-$(CONFIG_PCI_EXPRESS_GENERIC_BRIDGE) += gpex.o
 common-obj-$(CONFIG_PCI_EXPRESS_XILINX) += xilinx-pcie.o
 
 common-obj-$(CONFIG_PCI_EXPRESS_DESIGNWARE) += designware.o
+obj-$(CONFIG_POWERNV) += pnv_phb4.o pnv_phb4_pec.o
diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c
new file mode 100644
index 00..61235d13a6
--- /dev/null
+++ b/hw/pci-host/pnv_phb4.c
@@ -0,0 +1,1438 @@
+/*
+ * QEMU PowerPC PowerNV (POWER9) PHB4 model
+ *
+ * Copyright (c) 2018-2020, IBM Corporation.
+ *
+ * This code is licensed under the GPL version 2 or later. See the
+ * COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qapi/visitor.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "monitor/monitor.h"
+#include "target/ppc/cpu.h"
+#include "hw/pci-host/pnv_phb4_regs.h"
+#include "hw/pci-host/pnv_phb4.h"
+#include "hw/pci/pcie_host.h"
+#include "hw/pci/pcie_port.h"
+#include "hw/ppc/pnv.h"
+#include "hw/ppc/pnv_xscom.h"
+#include "hw/irq.h"
+#include "hw/qdev-properties.h"
+
+#define phb_error(phb, fmt, ...)\
+qemu_log_mask(LOG_GUEST_ERROR, "phb4[%d:%d]: " fmt "\n",\
+  (phb)->chip_id, (phb)->phb_id, ## __VA_ARGS__)
+
+/*
+ * QEMU version of the GETFIELD/SETFIELD macros
+ *
+ * These are common with the PnvXive model.
+ */
+static inline uint64_t GETFIELD(uint64_t mask, uint64_t word)
+{
+return (word & mask) >> ctz64(mask);
+}
+
+static inline uint64_t SETFIELD(uint64_t mask, uint64_t word,
+uint64_t value)
+{
+return (word & ~mask) | ((value << ctz64(mask)) & mask);
+}
+
+static PCIDevice *pnv_phb4_find_cfg_dev(PnvPHB4 *phb)
+{
+PCIHostState *pci = PCI_HOST_BRIDGE(phb);
+uint64_t addr = phb->regs[PHB_CONFIG_ADDRESS >> 3];
+uint8_t bus, devfn;
+
+if (!(addr >> 63)) {
+return NULL;
+}
+bus = (addr >> 52) & 0xff;
+devfn = (addr >> 44) & 0xff;
+
+/* We 

[PULL 34/35] target/ppc: Use probe_write for DCBZ

[David Gibson]

From: Richard Henderson 

Using probe_write instead of tlb_vaddr_to_host means that we
process watchpoints and notdirty pages more efficiently.

Signed-off-by: Richard Henderson 
Message-Id: <20200129235040.24022-5-richard.hender...@linaro.org>
Tested-by: Howard Spoelstra 
Signed-off-by: David Gibson 
---
 target/ppc/mem_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index 0cb78777e7..98f589552b 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -298,7 +298,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong addr,
 }
 
 /* Try fast path translate */
-haddr = tlb_vaddr_to_host(env, addr, MMU_DATA_STORE, mmu_idx);
+haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
 if (haddr) {
 memset(haddr, 0, dcbz_size);
 } else {
-- 
2.24.1

[PULL 27/35] target/ppc: Build rtas error log upon an MCE

[David Gibson]

From: Aravinda Prasad 

Upon a machine check exception (MCE) in a guest address space,
KVM causes a guest exit to enable QEMU to build and pass the
error to the guest in the PAPR defined rtas error log format.

This patch builds the rtas error log, copies it to the rtas_addr
and then invokes the guest registered machine check handler. The
handler in the guest takes suitable action(s) depending on the type
and criticality of the error. For example, if an error is
unrecoverable memory corruption in an application inside the
guest, then the guest kernel sends a SIGBUS to the application.
For recoverable errors, the guest performs recovery actions and
logs the error.

Signed-off-by: Aravinda Prasad 
[Assume SLOF has allocated enough room for rtas error log]
Signed-off-by: Ganesh Goudar 
Reviewed-by: David Gibson 
Message-Id: <20200130184423.20519-5-ganes...@linux.ibm.com>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_events.c  | 220 -
 hw/ppc/spapr_rtas.c|  26 +
 include/hw/ppc/spapr.h |   6 +-
 target/ppc/kvm.c   |   4 +-
 4 files changed, 253 insertions(+), 3 deletions(-)

diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index dfc0de840a..54eaf28a9e 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -214,6 +214,104 @@ struct hp_extended_log {
 struct rtas_event_log_v6_hp hp;
 } QEMU_PACKED;
 
+struct rtas_event_log_v6_mc {
+#define RTAS_LOG_V6_SECTION_ID_MC   0x4D43 /* MC */
+struct rtas_event_log_v6_section_header hdr;
+uint32_t fru_id;
+uint32_t proc_id;
+uint8_t error_type;
+#define RTAS_LOG_V6_MC_TYPE_UE   0
+#define RTAS_LOG_V6_MC_TYPE_SLB  1
+#define RTAS_LOG_V6_MC_TYPE_ERAT 2
+#define RTAS_LOG_V6_MC_TYPE_TLB  4
+#define RTAS_LOG_V6_MC_TYPE_D_CACHE  5
+#define RTAS_LOG_V6_MC_TYPE_I_CACHE  7
+uint8_t sub_err_type;
+#define RTAS_LOG_V6_MC_UE_INDETERMINATE  0
+#define RTAS_LOG_V6_MC_UE_IFETCH 1
+#define RTAS_LOG_V6_MC_UE_PAGE_TABLE_WALK_IFETCH 2
+#define RTAS_LOG_V6_MC_UE_LOAD_STORE 3
+#define RTAS_LOG_V6_MC_UE_PAGE_TABLE_WALK_LOAD_STORE 4
+#define RTAS_LOG_V6_MC_SLB_PARITY0
+#define RTAS_LOG_V6_MC_SLB_MULTIHIT  1
+#define RTAS_LOG_V6_MC_SLB_INDETERMINATE 2
+#define RTAS_LOG_V6_MC_ERAT_PARITY   1
+#define RTAS_LOG_V6_MC_ERAT_MULTIHIT 2
+#define RTAS_LOG_V6_MC_ERAT_INDETERMINATE3
+#define RTAS_LOG_V6_MC_TLB_PARITY1
+#define RTAS_LOG_V6_MC_TLB_MULTIHIT  2
+#define RTAS_LOG_V6_MC_TLB_INDETERMINATE 3
+uint8_t reserved_1[6];
+uint64_t effective_address;
+uint64_t logical_address;
+} QEMU_PACKED;
+
+struct mc_extended_log {
+struct rtas_event_log_v6 v6hdr;
+struct rtas_event_log_v6_mc mc;
+} QEMU_PACKED;
+
+struct MC_ierror_table {
+unsigned long srr1_mask;
+unsigned long srr1_value;
+bool nip_valid; /* nip is a valid indicator of faulting address */
+uint8_t error_type;
+uint8_t error_subtype;
+unsigned int initiator;
+unsigned int severity;
+};
+
+static const struct MC_ierror_table mc_ierror_table[] = {
+{ 0x081c, 0x0004, true,
+  RTAS_LOG_V6_MC_TYPE_UE, RTAS_LOG_V6_MC_UE_IFETCH,
+  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
+{ 0x081c, 0x0008, true,
+  RTAS_LOG_V6_MC_TYPE_SLB, RTAS_LOG_V6_MC_SLB_PARITY,
+  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
+{ 0x081c, 0x000c, true,
+  RTAS_LOG_V6_MC_TYPE_SLB, RTAS_LOG_V6_MC_SLB_MULTIHIT,
+  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
+{ 0x081c, 0x0010, true,
+  RTAS_LOG_V6_MC_TYPE_ERAT, RTAS_LOG_V6_MC_ERAT_MULTIHIT,
+  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
+{ 0x081c, 0x0014, true,
+  RTAS_LOG_V6_MC_TYPE_TLB, RTAS_LOG_V6_MC_TLB_MULTIHIT,
+  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
+{ 0x081c, 0x0018, true,
+  RTAS_LOG_V6_MC_TYPE_UE, RTAS_LOG_V6_MC_UE_PAGE_TABLE_WALK_IFETCH,
+  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, } };
+
+struct MC_derror_table {
+unsigned long dsisr_value;
+bool dar_valid; /* dar is a valid indicator of faulting address */
+uint8_t error_type;
+uint8_t error_subtype;
+unsigned int initiator;
+unsigned int severity;
+};
+
+static const struct MC_derror_table mc_derror_table[] = {
+{ 0x8000, false,
+  RTAS_LOG_V6_MC_TYPE_UE, RTAS_LOG_V6_MC_UE_LOAD_STORE,
+  RTAS_LOG_INITIATOR_CPU, RTAS_LOG_SEVERITY_ERROR_SYNC, },
+{ 0x4000, true,
+  RTAS_LOG_V6_MC_TYPE_UE, RTAS_LOG_V6_MC_UE_PAGE_TABLE_WALK_LOAD_STORE,
+  RTAS_LOG_INITIATOR_CPU, 

[PULL 35/35] tests: Silence various warnings with pseries

[David Gibson]

From: Greg Kurz 

Some default features of the pseries machine are only available with
KVM. Warnings are printed when the pseries machine is used with another
accelerator:

qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-ccf-assist=on
qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
Interrupts(FWNMI) not supported in TCG
qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-ccf-assist=on
qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
Interrupts(FWNMI) not supported in TCG
qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-ccf-assist=on
qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
Interrupts(FWNMI) not supported in TCG

This is annoying for CI since it usually runs without KVM. We already
disable features that emit similar warnings thanks to properties of
the pseries machine, but this is open-coded in various
places. Consolidate the set of properties in a single place. Extend it
to silence the above warnings. And use it in the various tests that
start pseries machines.

Reported-by: Peter Maydell 
Signed-off-by: Greg Kurz 
Message-Id: <158059697130.1820292.7823434132030453110.st...@bahia.lan>
Reviewed-by: Thomas Huth 
[dwg: Correct minor grammatical error]
Signed-off-by: David Gibson 
---
 tests/qtest/boot-serial-test.c| 3 ++-
 tests/qtest/libqos/libqos-spapr.h | 8 
 tests/qtest/prom-env-test.c   | 3 ++-
 tests/qtest/pxe-test.c| 7 ---
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/tests/qtest/boot-serial-test.c b/tests/qtest/boot-serial-test.c
index 8e8c5b0a0f..85a3614286 100644
--- a/tests/qtest/boot-serial-test.c
+++ b/tests/qtest/boot-serial-test.c
@@ -15,6 +15,7 @@
 
 #include "qemu/osdep.h"
 #include "libqtest.h"
+#include "libqos/libqos-spapr.h"
 
 static const uint8_t kernel_mcf5208[] = {
 0x41, 0xf9, 0xfc, 0x06, 0x00, 0x00, /* lea 0xfc06,%a0 */
@@ -112,7 +113,7 @@ static testdef_t tests[] = {
 { "ppc64", "40p", "-m 192", "Memory: 192M" },
 { "ppc64", "mac99", "", "PowerPC,970FX" },
 { "ppc64", "pseries",
-  "-machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken",
+  "-machine " PSERIES_DEFAULT_CAPABILITIES,
   "Open Firmware" },
 { "ppc64", "powernv8", "", "OPAL" },
 { "ppc64", "powernv9", "", "OPAL" },
diff --git a/tests/qtest/libqos/libqos-spapr.h 
b/tests/qtest/libqos/libqos-spapr.h
index dcb5c43ad3..d9c4c22343 100644
--- a/tests/qtest/libqos/libqos-spapr.h
+++ b/tests/qtest/libqos/libqos-spapr.h
@@ -7,4 +7,12 @@ QOSState *qtest_spapr_vboot(const char *cmdline_fmt, va_list 
ap);
 QOSState *qtest_spapr_boot(const char *cmdline_fmt, ...);
 void qtest_spapr_shutdown(QOSState *qs);
 
+/* List of capabilities needed to silence warnings with TCG */
+#define PSERIES_DEFAULT_CAPABILITIES \
+"cap-cfpc=broken,"   \
+"cap-sbbc=broken,"   \
+"cap-ibs=broken,"\
+"cap-ccf-assist=off,"\
+"cap-fwnmi-mce=off"
+
 #endif
diff --git a/tests/qtest/prom-env-test.c b/tests/qtest/prom-env-test.c
index 9be52c766f..60e6ec3153 100644
--- a/tests/qtest/prom-env-test.c
+++ b/tests/qtest/prom-env-test.c
@@ -21,6 +21,7 @@
 
 #include "qemu/osdep.h"
 #include "libqtest.h"
+#include "libqos/libqos-spapr.h"
 
 #define MAGIC   0xcafec0de
 #define ADDRESS 0x4000
@@ -54,7 +55,7 @@ static void test_machine(const void *machine)
  */
 if (strcmp(machine, "pseries") == 0) {
 extra_args = "-nodefaults"
-" -machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken";
+" -machine " PSERIES_DEFAULT_CAPABILITIES;
 }
 
 qts = qtest_initf("-M %s -accel tcg %s -prom-env 'use-nvramrc?=true' "
diff --git a/tests/qtest/pxe-test.c b/tests/qtest/pxe-test.c
index f68d0aadbb..1161a773a4 100644
--- a/tests/qtest/pxe-test.c
+++ b/tests/qtest/pxe-test.c
@@ -17,6 +17,7 @@
 #include "qemu-common.h"
 #include "libqtest.h"
 #include "boot-sector.h"
+#include "libqos/libqos-spapr.h"
 
 #define NETNAME "net0"
 
@@ -46,15 +47,15 @@ static testdef_t x86_tests_slow[] = {
 
 static testdef_t ppc64_tests[] = {
 { "pseries", "spapr-vlan",
-  "-machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken,vsmt=8" },
+  "-machine vsmt=8," PSERIES_DEFAULT_CAPABILITIES },
 { "pseries", "virtio-net-pci",
-  "-machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken,vsmt=8" },
+  "-machine vsmt=8," PSERIES_DEFAULT_CAPABILITIES },
 { NULL },
 };
 
 static testdef_t ppc64_tests_slow[] = {
 { "pseries", "e1000",
-  "-machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken,vsmt=8" },
+  "-machine vsmt=8," PSERIES_DEFAULT_CAPABILITIES },
 { NULL },
 };
 
-- 
2.24.1

[PULL 29/35] migration: Include migration support for machine check handling

[David Gibson]

From: Aravinda Prasad 

This patch includes migration support for machine check
handling. Especially this patch blocks VM migration
requests until the machine check error handling is
complete as these errors are specific to the source
hardware and is irrelevant on the target hardware.

Signed-off-by: Aravinda Prasad 
[Do not set FWNMI cap in post_load, now its done in .apply hook]
Signed-off-by: Ganesh Goudar 
Message-Id: <20200130184423.20519-7-ganes...@linux.ibm.com>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 47 ++
 hw/ppc/spapr_events.c  | 16 +-
 hw/ppc/spapr_rtas.c|  2 ++
 include/hw/ppc/spapr.h |  2 ++
 4 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 06e295cdf1..137f5c9a33 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -46,6 +46,7 @@
 #include "migration/qemu-file-types.h"
 #include "migration/global_state.h"
 #include "migration/register.h"
+#include "migration/blocker.h"
 #include "mmu-hash64.h"
 #include "mmu-book3s-v3.h"
 #include "cpu-models.h"
@@ -1683,6 +1684,8 @@ static void spapr_machine_reset(MachineState *machine)
 
 /* Signal all vCPUs waiting on this condition */
 qemu_cond_broadcast(>mc_delivery_cond);
+
+migrate_del_blocker(spapr->fwnmi_migration_blocker);
 }
 
 static void spapr_create_nvram(SpaprMachineState *spapr)
@@ -1965,6 +1968,42 @@ static const VMStateDescription vmstate_spapr_dtb = {
 },
 };
 
+static bool spapr_fwnmi_needed(void *opaque)
+{
+SpaprMachineState *spapr = (SpaprMachineState *)opaque;
+
+return spapr->guest_machine_check_addr != -1;
+}
+
+static int spapr_fwnmi_pre_save(void *opaque)
+{
+SpaprMachineState *spapr = (SpaprMachineState *)opaque;
+
+/*
+ * Check if machine check handling is in progress and print a
+ * warning message.
+ */
+if (spapr->mc_status != -1) {
+warn_report("A machine check is being handled during migration. The"
+"handler may run and log hardware error on the destination");
+}
+
+return 0;
+}
+
+static const VMStateDescription vmstate_spapr_machine_check = {
+.name = "spapr_machine_check",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_fwnmi_needed,
+.pre_save = spapr_fwnmi_pre_save,
+.fields = (VMStateField[]) {
+VMSTATE_UINT64(guest_machine_check_addr, SpaprMachineState),
+VMSTATE_INT32(mc_status, SpaprMachineState),
+VMSTATE_END_OF_LIST()
+},
+};
+
 static const VMStateDescription vmstate_spapr = {
 .name = "spapr",
 .version_id = 3,
@@ -1999,6 +2038,7 @@ static const VMStateDescription vmstate_spapr = {
 _spapr_cap_large_decr,
 _spapr_cap_ccf_assist,
 _spapr_cap_fwnmi,
+_spapr_machine_check,
 NULL
 }
 };
@@ -2814,6 +2854,13 @@ static void spapr_machine_init(MachineState *machine)
 spapr_create_lmb_dr_connectors(spapr);
 }
 
+if (spapr_get_cap(spapr, SPAPR_CAP_FWNMI_MCE) == SPAPR_CAP_ON) {
+/* Create the error string for live migration blocker */
+error_setg(>fwnmi_migration_blocker,
+"A machine check is being handled during migration. The handler"
+"may run and log hardware error on the destination");
+}
+
 /* Set up RTAS event infrastructure */
 spapr_events_init(spapr);
 
diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 54eaf28a9e..884e455f02 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -43,6 +43,7 @@
 #include "qemu/main-loop.h"
 #include "hw/ppc/spapr_ovec.h"
 #include 
+#include "migration/blocker.h"
 
 #define RTAS_LOG_VERSION_MASK   0xff00
 #define   RTAS_LOG_VERSION_60x0600
@@ -843,6 +844,8 @@ void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
 {
 SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 CPUState *cs = CPU(cpu);
+int ret;
+Error *local_err = NULL;
 
 if (spapr->guest_machine_check_addr == -1) {
 /*
@@ -872,8 +875,19 @@ void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
 return;
 }
 }
-spapr->mc_status = cpu->vcpu_id;
 
+ret = migrate_add_blocker(spapr->fwnmi_migration_blocker, _err);
+if (ret == -EBUSY) {
+/*
+ * We don't want to abort so we let the migration to continue.
+ * In a rare case, the machine check handler will run on the target.
+ * Though this is not preferable, it is better than aborting
+ * the migration or killing the VM.
+ */
+warn_report("Received a fwnmi while migration was in progress");
+}
+
+spapr->mc_status = cpu->vcpu_id;
 spapr_mce_dispatch_elog(cpu, recovered);
 }
 
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 35d91260e6..883fe28465 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -50,6 +50,7 @@
 #include "hw/ppc/fdt.h"
 #include 

[PULL 28/35] ppc: spapr: Handle "ibm, nmi-register" and "ibm, nmi-interlock" RTAS calls

[David Gibson]

From: Aravinda Prasad 

This patch adds support in QEMU to handle "ibm,nmi-register"
and "ibm,nmi-interlock" RTAS calls.

The machine check notification address is saved when the
OS issues "ibm,nmi-register" RTAS call.

This patch also handles the case when multiple processors
experience machine check at or about the same time by
handling "ibm,nmi-interlock" call. In such cases, as per
PAPR, subsequent processors serialize waiting for the first
processor to issue the "ibm,nmi-interlock" call. The second
processor that also received a machine check error waits
till the first processor is done reading the error log.
The first processor issues "ibm,nmi-interlock" call
when the error log is consumed.

Signed-off-by: Aravinda Prasad 
[Register fwnmi RTAS calls in core_rtas_register_types()
 where other RTAS calls are registered]
Signed-off-by: Ganesh Goudar 
Message-Id: <20200130184423.20519-6-ganes...@linux.ibm.com>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_caps.c| 10 +++
 hw/ppc/spapr_rtas.c| 59 ++
 include/hw/ppc/spapr.h |  4 ++-
 3 files changed, 72 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 393ee6845e..8b27d3ac09 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -515,6 +515,16 @@ static void cap_fwnmi_mce_apply(SpaprMachineState *spapr, 
uint8_t val,
 if (!val) {
 return; /* Disabled by default */
 }
+
+if (tcg_enabled()) {
+warn_report("Firmware Assisted Non-Maskable Interrupts(FWNMI) not "
+"supported in TCG");
+} else if (kvm_enabled()) {
+if (kvmppc_set_fwnmi() < 0) {
+error_setg(errp, "Firmware Assisted Non-Maskable Interrupts(FWNMI) 
"
+ "not supported by KVM");
+}
+}
 }
 
 SpaprCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 89b7eb6c54..35d91260e6 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -399,6 +399,61 @@ static void rtas_get_power_level(PowerPCCPU *cpu, 
SpaprMachineState *spapr,
 rtas_st(rets, 1, 100);
 }
 
+static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
+  SpaprMachineState *spapr,
+  uint32_t token, uint32_t nargs,
+  target_ulong args,
+  uint32_t nret, target_ulong rets)
+{
+hwaddr rtas_addr;
+
+if (spapr_get_cap(spapr, SPAPR_CAP_FWNMI_MCE) == SPAPR_CAP_OFF) {
+rtas_st(rets, 0, RTAS_OUT_NOT_SUPPORTED);
+return;
+}
+
+rtas_addr = spapr_get_rtas_addr();
+if (!rtas_addr) {
+rtas_st(rets, 0, RTAS_OUT_NOT_SUPPORTED);
+return;
+}
+
+spapr->guest_machine_check_addr = rtas_ld(args, 1);
+rtas_st(rets, 0, RTAS_OUT_SUCCESS);
+}
+
+static void rtas_ibm_nmi_interlock(PowerPCCPU *cpu,
+   SpaprMachineState *spapr,
+   uint32_t token, uint32_t nargs,
+   target_ulong args,
+   uint32_t nret, target_ulong rets)
+{
+if (spapr_get_cap(spapr, SPAPR_CAP_FWNMI_MCE) == SPAPR_CAP_OFF) {
+rtas_st(rets, 0, RTAS_OUT_NOT_SUPPORTED);
+return;
+}
+
+if (spapr->guest_machine_check_addr == -1) {
+/* NMI register not called */
+rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
+return;
+}
+
+if (spapr->mc_status != cpu->vcpu_id) {
+/* The vCPU that hit the NMI should invoke "ibm,nmi-interlock" */
+rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
+return;
+}
+
+/*
+ * vCPU issuing "ibm,nmi-interlock" is done with NMI handling,
+ * hence unset mc_status.
+ */
+spapr->mc_status = -1;
+qemu_cond_signal(>mc_delivery_cond);
+rtas_st(rets, 0, RTAS_OUT_SUCCESS);
+}
+
 static struct rtas_call {
 const char *name;
 spapr_rtas_fn fn;
@@ -527,6 +582,10 @@ static void core_rtas_register_types(void)
 rtas_set_power_level);
 spapr_rtas_register(RTAS_GET_POWER_LEVEL, "get-power-level",
 rtas_get_power_level);
+spapr_rtas_register(RTAS_IBM_NMI_REGISTER, "ibm,nmi-register",
+rtas_ibm_nmi_register);
+spapr_rtas_register(RTAS_IBM_NMI_INTERLOCK, "ibm,nmi-interlock",
+rtas_ibm_nmi_interlock);
 }
 
 type_init(core_rtas_register_types)
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 652a5514e8..f6f82d88aa 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -656,8 +656,10 @@ target_ulong spapr_hypercall(PowerPCCPU *cpu, target_ulong 
opcode,
 #define RTAS_IBM_REMOVE_PE_DMA_WINDOW   (RTAS_TOKEN_BASE + 0x28)
 #define RTAS_IBM_RESET_PE_DMA_WINDOW(RTAS_TOKEN_BASE + 0x29)
 #define RTAS_IBM_SUSPEND_ME (RTAS_TOKEN_BASE + 0x2A)
+#define 

[PULL 32/35] target/ppc: Use probe_access for LMW, STMW

[David Gibson]

From: Richard Henderson 

Use a minimum number of mmu lookups for the contiguous bytes
that are accessed.  If the lookup succeeds, we can finish the
operation with host addresses only.

Reported-by: Howard Spoelstra 
Signed-off-by: Richard Henderson 
Message-Id: <20200129235040.24022-3-richard.hender...@linaro.org>
Tested-by: Howard Spoelstra 
Signed-off-by: David Gibson 
---
 target/ppc/mem_helper.c | 45 +
 1 file changed, 32 insertions(+), 13 deletions(-)

diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index 508d472a2f..e7d3a79d96 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -84,26 +84,45 @@ static void *probe_contiguous(CPUPPCState *env, 
target_ulong addr, uint32_t nb,
 
 void helper_lmw(CPUPPCState *env, target_ulong addr, uint32_t reg)
 {
-for (; reg < 32; reg++) {
-if (needs_byteswap(env)) {
-env->gpr[reg] = bswap32(cpu_ldl_data_ra(env, addr, GETPC()));
-} else {
-env->gpr[reg] = cpu_ldl_data_ra(env, addr, GETPC());
+uintptr_t raddr = GETPC();
+int mmu_idx = cpu_mmu_index(env, false);
+void *host = probe_contiguous(env, addr, (32 - reg) * 4,
+  MMU_DATA_LOAD, mmu_idx, raddr);
+
+if (likely(host)) {
+/* Fast path -- the entire operation is in RAM at host.  */
+for (; reg < 32; reg++) {
+env->gpr[reg] = (uint32_t)ldl_be_p(host);
+host += 4;
+}
+} else {
+/* Slow path -- at least some of the operation requires i/o.  */
+for (; reg < 32; reg++) {
+env->gpr[reg] = cpu_ldl_mmuidx_ra(env, addr, mmu_idx, raddr);
+addr = addr_add(env, addr, 4);
 }
-addr = addr_add(env, addr, 4);
 }
 }
 
 void helper_stmw(CPUPPCState *env, target_ulong addr, uint32_t reg)
 {
-for (; reg < 32; reg++) {
-if (needs_byteswap(env)) {
-cpu_stl_data_ra(env, addr, bswap32((uint32_t)env->gpr[reg]),
-   GETPC());
-} else {
-cpu_stl_data_ra(env, addr, (uint32_t)env->gpr[reg], GETPC());
+uintptr_t raddr = GETPC();
+int mmu_idx = cpu_mmu_index(env, false);
+void *host = probe_contiguous(env, addr, (32 - reg) * 4,
+  MMU_DATA_STORE, mmu_idx, raddr);
+
+if (likely(host)) {
+/* Fast path -- the entire operation is in RAM at host.  */
+for (; reg < 32; reg++) {
+stl_be_p(host, env->gpr[reg]);
+host += 4;
+}
+} else {
+/* Slow path -- at least some of the operation requires i/o.  */
+for (; reg < 32; reg++) {
+cpu_stl_mmuidx_ra(env, addr, env->gpr[reg], mmu_idx, raddr);
+addr = addr_add(env, addr, 4);
 }
-addr = addr_add(env, addr, 4);
 }
 }
 
-- 
2.24.1

[PULL 23/35] target/ppc/cpu.h: Put macro parameter in parentheses

[David Gibson]

From: BALATON Zoltan 

Fix PPC_INPUT macro to work with more complex expressions by
protecting its argument with parentheses.

Signed-off-by: BALATON Zoltan 
Message-Id: <20200130021619.65fab747...@zero.eik.bme.hu>
Signed-off-by: David Gibson 
---
 target/ppc/cpu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 96aeea1934..3a1eb76004 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -180,7 +180,7 @@ enum {
 POWERPC_EXCP_TRAP  = 0x40,
 };
 
-#define PPC_INPUT(env) (env->bus_model)
+#define PPC_INPUT(env) ((env)->bus_model)
 
 /*/
 typedef struct opc_handler_t opc_handler_t;
-- 
2.24.1

Re: [RFC PATCH] audio: proper support for float samples in mixeng

[Markus Armbruster]

"Kővágó, Zoltán"  writes:

> This adds proper support for float samples in mixeng by adding a new
> audio format for it.
>
> Limitations: only native endianness is supported.
>
> Signed-off-by: Kővágó, Zoltán 
> ---
>
> This patch is meant to be applied on top of "[PATCH] coreaudio: fix coreaudio
> playback" by Volker Rümelin, available at:
> https://lists.nongnu.org/archive/html/qemu-devel/2020-02/msg00114.html
>
> For more information, please refer to that thread.
>
> ---
>  qapi/audio.json|  2 +-
>  audio/audio_int.h  |  3 +-
>  audio/audio_template.h | 41 
>  audio/mixeng.h |  8 ++--
>  audio/alsaaudio.c  | 17 
>  audio/audio.c  | 56 ++-
>  audio/coreaudio.c  |  7 +---
>  audio/mixeng.c | 88 ++
>  audio/paaudio.c|  9 +
>  audio/sdlaudio.c   | 28 ++
>  10 files changed, 180 insertions(+), 79 deletions(-)
>
> diff --git a/qapi/audio.json b/qapi/audio.json
> index 83312b2339..d8c507cced 100644
> --- a/qapi/audio.json
> +++ b/qapi/audio.json
> @@ -276,7 +276,7 @@
>  # Since: 4.0
>  ##
>  { 'enum': 'AudioFormat',
> -  'data': [ 'u8', 's8', 'u16', 's16', 'u32', 's32' ] }
> +  'data': [ 'u8', 's8', 'u16', 's16', 'u32', 's32', 'f32' ] }
>  
>  ##
>  # @AudiodevDriver:

For QAPI:
Acked-by: Markus Armbruster 

[PULL 21/35] ppc/pnv: change the PowerNV machine devices to be non user creatable

[David Gibson]

From: Cédric Le Goater 

The PowerNV machine emulates an OpenPOWER system and the PowerNV chip
devices are models of the internal logic of the POWER processor. They
can not be instantiated by the user on the QEMU command line.

The PHB3/PHB4 devices could be an exception in the future after some
rework on how the device tree is built. For the moment, exclude them
also.

Signed-off-by: Cédric Le Goater 
Message-Id: <20200129113720.7404-1-...@kaod.org>
Tested-by: Thomas Huth 
Reviewed-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/pci-host/pnv_phb3.c  | 2 ++
 hw/pci-host/pnv_phb3_pbcq.c | 1 +
 hw/pci-host/pnv_phb4.c  | 3 ++-
 hw/pci-host/pnv_phb4_pec.c  | 2 ++
 hw/ppc/pnv_core.c   | 2 ++
 hw/ppc/pnv_homer.c  | 1 +
 hw/ppc/pnv_lpc.c| 1 +
 hw/ppc/pnv_occ.c| 1 +
 8 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/hw/pci-host/pnv_phb3.c b/hw/pci-host/pnv_phb3.c
index f03399c406..74618fadf0 100644
--- a/hw/pci-host/pnv_phb3.c
+++ b/hw/pci-host/pnv_phb3.c
@@ -1115,6 +1115,7 @@ static void pnv_phb3_class_init(ObjectClass *klass, void 
*data)
 dc->realize = pnv_phb3_realize;
 device_class_set_props(dc, pnv_phb3_properties);
 set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+dc->user_creatable = false;
 }
 
 static const TypeInfo pnv_phb3_type_info = {
@@ -1168,6 +1169,7 @@ static void pnv_phb3_root_port_class_init(ObjectClass 
*klass, void *data)
 
 device_class_set_parent_realize(dc, pnv_phb3_root_port_realize,
 >parent_realize);
+dc->user_creatable = false;
 
 k->vendor_id = PCI_VENDOR_ID_IBM;
 k->device_id = 0x03dc;
diff --git a/hw/pci-host/pnv_phb3_pbcq.c b/hw/pci-host/pnv_phb3_pbcq.c
index 6f0c05be68..f232228b0e 100644
--- a/hw/pci-host/pnv_phb3_pbcq.c
+++ b/hw/pci-host/pnv_phb3_pbcq.c
@@ -335,6 +335,7 @@ static void pnv_pbcq_class_init(ObjectClass *klass, void 
*data)
 xdc->dt_xscom = pnv_pbcq_dt_xscom;
 
 dc->realize = pnv_pbcq_realize;
+dc->user_creatable = false;
 }
 
 static const TypeInfo pnv_pbcq_type_info = {
diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c
index 61235d13a6..23cf093928 100644
--- a/hw/pci-host/pnv_phb4.c
+++ b/hw/pci-host/pnv_phb4.c
@@ -1290,7 +1290,7 @@ static void pnv_phb4_class_init(ObjectClass *klass, void 
*data)
 dc->realize = pnv_phb4_realize;
 device_class_set_props(dc, pnv_phb4_properties);
 set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
-dc->user_creatable  = true;
+dc->user_creatable  = false;
 dc->reset   = pnv_phb4_reset;
 
 xfc->notify = pnv_phb4_xive_notify;
@@ -1368,6 +1368,7 @@ static void pnv_phb4_root_port_class_init(ObjectClass 
*klass, void *data)
 PCIERootPortClass *rpc = PCIE_ROOT_PORT_CLASS(klass);
 
 dc->desc = "IBM PHB4 PCIE Root Port";
+dc->user_creatable = false;
 
 device_class_set_parent_realize(dc, pnv_phb4_root_port_realize,
 >parent_realize);
diff --git a/hw/pci-host/pnv_phb4_pec.c b/hw/pci-host/pnv_phb4_pec.c
index fd92041d69..68e1db3eac 100644
--- a/hw/pci-host/pnv_phb4_pec.c
+++ b/hw/pci-host/pnv_phb4_pec.c
@@ -490,6 +490,7 @@ static void pnv_pec_class_init(ObjectClass *klass, void 
*data)
 
 dc->realize = pnv_pec_realize;
 device_class_set_props(dc, pnv_pec_properties);
+dc->user_creatable = false;
 
 pecc->xscom_nest_base = pnv_pec_xscom_nest_base;
 pecc->xscom_pci_base  = pnv_pec_xscom_pci_base;
@@ -568,6 +569,7 @@ static void pnv_pec_stk_class_init(ObjectClass *klass, void 
*data)
 
 device_class_set_props(dc, pnv_pec_stk_properties);
 dc->realize = pnv_pec_stk_realize;
+dc->user_creatable = false;
 
 /* TODO: reset regs ? */
 }
diff --git a/hw/ppc/pnv_core.c b/hw/ppc/pnv_core.c
index f7247222bc..234562040d 100644
--- a/hw/ppc/pnv_core.c
+++ b/hw/ppc/pnv_core.c
@@ -325,6 +325,7 @@ static void pnv_core_class_init(ObjectClass *oc, void *data)
 dc->realize = pnv_core_realize;
 dc->unrealize = pnv_core_unrealize;
 device_class_set_props(dc, pnv_core_properties);
+dc->user_creatable = false;
 }
 
 #define DEFINE_PNV_CORE_TYPE(family, cpu_model) \
@@ -423,6 +424,7 @@ static void pnv_quad_class_init(ObjectClass *oc, void *data)
 
 dc->realize = pnv_quad_realize;
 device_class_set_props(dc, pnv_quad_properties);
+dc->user_creatable = false;
 }
 
 static const TypeInfo pnv_quad_info = {
diff --git a/hw/ppc/pnv_homer.c b/hw/ppc/pnv_homer.c
index 93ae42f7e4..9a262629b7 100644
--- a/hw/ppc/pnv_homer.c
+++ b/hw/ppc/pnv_homer.c
@@ -360,6 +360,7 @@ static void pnv_homer_class_init(ObjectClass *klass, void 
*data)
 dc->realize = pnv_homer_realize;
 dc->desc = "PowerNV HOMER Memory";
 device_class_set_props(dc, pnv_homer_properties);
+dc->user_creatable = false;
 }
 
 static const TypeInfo pnv_homer_type_info = {
diff --git a/hw/ppc/pnv_lpc.c b/hw/ppc/pnv_lpc.c
index d1de98f04c..5989d723c5 100644
--- a/hw/ppc/pnv_lpc.c
+++ 

[PULL 24/35] Wrapper function to wait on condition for the main loop mutex

[David Gibson]

From: Aravinda Prasad 

Introduce a wrapper function to wait on condition for
the main loop mutex. This function atomically releases
the main loop mutex and causes the calling thread to
block on the condition. This wrapper is required because
qemu_global_mutex is a static variable.

Signed-off-by: Aravinda Prasad 
Signed-off-by: Ganesh Goudar 
Reviewed-by: David Gibson 
Reviewed-by: Greg Kurz 
Message-Id: <20200130184423.20519-2-ganes...@linux.ibm.com>
Signed-off-by: David Gibson 
---
 cpus.c   | 5 +
 include/qemu/main-loop.h | 8 
 2 files changed, 13 insertions(+)

diff --git a/cpus.c b/cpus.c
index b612116f95..b4f8b84b61 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1839,6 +1839,11 @@ void qemu_mutex_unlock_iothread(void)
 qemu_mutex_unlock(_global_mutex);
 }
 
+void qemu_cond_wait_iothread(QemuCond *cond)
+{
+qemu_cond_wait(cond, _global_mutex);
+}
+
 static bool all_vcpus_paused(void)
 {
 CPUState *cpu;
diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
index f6ba78ea73..a6d20b0719 100644
--- a/include/qemu/main-loop.h
+++ b/include/qemu/main-loop.h
@@ -295,6 +295,14 @@ void qemu_mutex_lock_iothread_impl(const char *file, int 
line);
  */
 void qemu_mutex_unlock_iothread(void);
 
+/*
+ * qemu_cond_wait_iothread: Wait on condition for the main loop mutex
+ *
+ * This function atomically releases the main loop mutex and causes
+ * the calling thread to block on the condition.
+ */
+void qemu_cond_wait_iothread(QemuCond *cond);
+
 /* internal interfaces */
 
 void qemu_fd_register(int fd);
-- 
2.24.1

[PULL 26/35] target/ppc: Handle NMI guest exit

[David Gibson]

From: Aravinda Prasad 

Memory error such as bit flips that cannot be corrected
by hardware are passed on to the kernel for handling.
If the memory address in error belongs to guest then
the guest kernel is responsible for taking suitable action.
Patch [1] enhances KVM to exit guest with exit reason
set to KVM_EXIT_NMI in such cases. This patch handles
KVM_EXIT_NMI exit.

[1] https://www.spinics.net/lists/kvm-ppc/msg12637.html
(e20bbd3d and related commits)

Signed-off-by: Aravinda Prasad 
Signed-off-by: Ganesh Goudar 
Reviewed-by: David Gibson 
Reviewed-by: Greg Kurz 
Message-Id: <20200130184423.20519-4-ganes...@linux.ibm.com>
[dwg: #ifdefs to fix compile for 32-bit target]
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c  |  8 
 hw/ppc/spapr_events.c   | 37 +
 include/hw/ppc/spapr.h  | 10 ++
 target/ppc/kvm.c| 18 ++
 target/ppc/kvm_ppc.h|  2 ++
 target/ppc/trace-events |  1 +
 6 files changed, 76 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index aa739e943f..06e295cdf1 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1677,6 +1677,12 @@ static void spapr_machine_reset(MachineState *machine)
 first_ppc_cpu->env.gpr[5] = 0;
 
 spapr->cas_reboot = false;
+
+spapr->mc_status = -1;
+spapr->guest_machine_check_addr = -1;
+
+/* Signal all vCPUs waiting on this condition */
+qemu_cond_broadcast(>mc_delivery_cond);
 }
 
 static void spapr_create_nvram(SpaprMachineState *spapr)
@@ -2971,6 +2977,8 @@ static void spapr_machine_init(MachineState *machine)
 
 kvmppc_spapr_enable_inkernel_multitce();
 }
+
+qemu_cond_init(>mc_delivery_cond);
 }
 
 static int spapr_kvm_type(MachineState *machine, const char *vm_type)
diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index e355e000d0..dfc0de840a 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -40,6 +40,7 @@
 #include "hw/ppc/spapr_drc.h"
 #include "qemu/help_option.h"
 #include "qemu/bcd.h"
+#include "qemu/main-loop.h"
 #include "hw/ppc/spapr_ovec.h"
 #include 
 
@@ -622,6 +623,42 @@ void 
spapr_hotplug_req_remove_by_count_indexed(SpaprDrcType drc_type,
 RTAS_LOG_V6_HP_ACTION_REMOVE, drc_type, _id);
 }
 
+void spapr_mce_req_event(PowerPCCPU *cpu)
+{
+SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
+CPUState *cs = CPU(cpu);
+
+if (spapr->guest_machine_check_addr == -1) {
+/*
+ * This implies that we have hit a machine check either when the
+ * guest has not registered FWNMI (i.e., "ibm,nmi-register" not
+ * called) or between system reset and "ibm,nmi-register".
+ * Fall back to the old machine check behavior in such cases.
+ */
+cs->exception_index = POWERPC_EXCP_MCHECK;
+ppc_cpu_do_interrupt(cs);
+return;
+}
+
+while (spapr->mc_status != -1) {
+/*
+ * Check whether the same CPU got machine check error
+ * while still handling the mc error (i.e., before
+ * that CPU called "ibm,nmi-interlock")
+ */
+if (spapr->mc_status == cpu->vcpu_id) {
+qemu_system_guest_panicked(NULL);
+return;
+}
+qemu_cond_wait_iothread(>mc_delivery_cond);
+/* Meanwhile if the system is reset, then just return */
+if (spapr->guest_machine_check_addr == -1) {
+return;
+}
+}
+spapr->mc_status = cpu->vcpu_id;
+}
+
 static void check_exception(PowerPCCPU *cpu, SpaprMachineState *spapr,
 uint32_t token, uint32_t nargs,
 target_ulong args,
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 7bc5fc3a9e..909d3976f9 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -191,6 +191,15 @@ struct SpaprMachineState {
  * occurs during the unplug process. */
 QTAILQ_HEAD(, SpaprDimmState) pending_dimm_unplugs;
 
+/* State related to "ibm,nmi-register" and "ibm,nmi-interlock" calls */
+target_ulong guest_machine_check_addr;
+/*
+ * mc_status is set to -1 if mc is not in progress, else is set to the CPU
+ * handling the mc.
+ */
+int mc_status;
+QemuCond mc_delivery_cond;
+
 /*< public >*/
 char *kvm_type;
 char *host_model;
@@ -804,6 +813,7 @@ void spapr_clear_pending_events(SpaprMachineState *spapr);
 int spapr_max_server_number(SpaprMachineState *spapr);
 void spapr_store_hpte(PowerPCCPU *cpu, hwaddr ptex,
   uint64_t pte0, uint64_t pte1);
+void spapr_mce_req_event(PowerPCCPU *cpu);
 
 /* DRC callbacks. */
 void spapr_core_release(DeviceState *dev);
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 4438d0c743..56a6865521 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -1705,6 +1705,13 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run 
*run)
 ret = 0;
 break;
 
+#if defined(TARGET_PPC64)

[PULL 25/35] ppc: spapr: Introduce FWNMI capability

[David Gibson]

From: Aravinda Prasad 

Introduce fwnmi an spapr capability and add a helper function
which tries to enable it, which would be used by following patch
of the series. This patch by itself does not change the existing
behavior.

Signed-off-by: Aravinda Prasad 
[eliminate cap_ppc_fwnmi, add fwnmi cap to migration state
 and reprhase the commit message]
Signed-off-by: Ganesh Goudar 
Reviewed-by: David Gibson 
Message-Id: <20200130184423.20519-3-ganes...@linux.ibm.com>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c |  2 ++
 hw/ppc/spapr_caps.c| 18 ++
 include/hw/ppc/spapr.h |  5 -
 target/ppc/kvm.c   |  8 
 target/ppc/kvm_ppc.h   |  6 ++
 5 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index fe8266a1d1..aa739e943f 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1992,6 +1992,7 @@ static const VMStateDescription vmstate_spapr = {
 _spapr_dtb,
 _spapr_cap_large_decr,
 _spapr_cap_ccf_assist,
+_spapr_cap_fwnmi,
 NULL
 }
 };
@@ -4398,6 +4399,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
 smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
 smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_ON;
+smc->default_caps.caps[SPAPR_CAP_FWNMI_MCE] = SPAPR_CAP_OFF;
 spapr_caps_add_properties(smc, _abort);
 smc->irq = _irq_dual;
 smc->dr_phb_enabled = true;
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 7f933a98ed..393ee6845e 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -509,6 +509,14 @@ static void cap_ccf_assist_apply(SpaprMachineState *spapr, 
uint8_t val,
 }
 }
 
+static void cap_fwnmi_mce_apply(SpaprMachineState *spapr, uint8_t val,
+Error **errp)
+{
+if (!val) {
+return; /* Disabled by default */
+}
+}
+
 SpaprCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
 [SPAPR_CAP_HTM] = {
 .name = "htm",
@@ -608,6 +616,15 @@ SpaprCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
 .type = "bool",
 .apply = cap_ccf_assist_apply,
 },
+[SPAPR_CAP_FWNMI_MCE] = {
+.name = "fwnmi-mce",
+.description = "Handle fwnmi machine check exceptions",
+.index = SPAPR_CAP_FWNMI_MCE,
+.get = spapr_cap_get_bool,
+.set = spapr_cap_set_bool,
+.type = "bool",
+.apply = cap_fwnmi_mce_apply,
+},
 };
 
 static SpaprCapabilities default_caps_with_cpu(SpaprMachineState *spapr,
@@ -747,6 +764,7 @@ SPAPR_CAP_MIG_STATE(hpt_maxpagesize, 
SPAPR_CAP_HPT_MAXPAGESIZE);
 SPAPR_CAP_MIG_STATE(nested_kvm_hv, SPAPR_CAP_NESTED_KVM_HV);
 SPAPR_CAP_MIG_STATE(large_decr, SPAPR_CAP_LARGE_DECREMENTER);
 SPAPR_CAP_MIG_STATE(ccf_assist, SPAPR_CAP_CCF_ASSIST);
+SPAPR_CAP_MIG_STATE(fwnmi, SPAPR_CAP_FWNMI_MCE);
 
 void spapr_caps_init(SpaprMachineState *spapr)
 {
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 61f005c6f6..7bc5fc3a9e 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -79,8 +79,10 @@ typedef enum {
 #define SPAPR_CAP_LARGE_DECREMENTER 0x08
 /* Count Cache Flush Assist HW Instruction */
 #define SPAPR_CAP_CCF_ASSIST0x09
+/* FWNMI machine check handling */
+#define SPAPR_CAP_FWNMI_MCE 0x0A
 /* Num Caps */
-#define SPAPR_CAP_NUM   (SPAPR_CAP_CCF_ASSIST + 1)
+#define SPAPR_CAP_NUM   (SPAPR_CAP_FWNMI_MCE + 1)
 
 /*
  * Capability Values
@@ -869,6 +871,7 @@ extern const VMStateDescription 
vmstate_spapr_cap_hpt_maxpagesize;
 extern const VMStateDescription vmstate_spapr_cap_nested_kvm_hv;
 extern const VMStateDescription vmstate_spapr_cap_large_decr;
 extern const VMStateDescription vmstate_spapr_cap_ccf_assist;
+extern const VMStateDescription vmstate_spapr_cap_fwnmi;
 
 static inline uint8_t spapr_get_cap(SpaprMachineState *spapr, int cap)
 {
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index c05dde5985..4438d0c743 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -2057,6 +2057,14 @@ void kvmppc_set_mpic_proxy(PowerPCCPU *cpu, int 
mpic_proxy)
 }
 }
 
+int kvmppc_set_fwnmi(void)
+{
+PowerPCCPU *cpu = POWERPC_CPU(first_cpu);
+CPUState *cs = CPU(cpu);
+
+return kvm_vcpu_enable_cap(cs, KVM_CAP_PPC_FWNMI, 0);
+}
+
 int kvmppc_smt_threads(void)
 {
 return cap_ppc_smt ? cap_ppc_smt : 1;
diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
index b713097bfb..2c60dedd0d 100644
--- a/target/ppc/kvm_ppc.h
+++ b/target/ppc/kvm_ppc.h
@@ -27,6 +27,7 @@ void kvmppc_enable_h_page_init(void);
 void kvmppc_set_papr(PowerPCCPU *cpu);
 int kvmppc_set_compat(PowerPCCPU *cpu, uint32_t compat_pvr);
 void kvmppc_set_mpic_proxy(PowerPCCPU *cpu, int mpic_proxy);
+int kvmppc_set_fwnmi(void);
 int kvmppc_smt_threads(void);
 void kvmppc_error_append_smt_possible_hint(Error *const *errp);
 int 

[PULL 30/35] ppc: spapr: Activate the FWNMI functionality

[David Gibson]

From: Aravinda Prasad 

This patch sets the default value of SPAPR_CAP_FWNMI_MCE
to SPAPR_CAP_ON for machine type 5.0.

Signed-off-by: Aravinda Prasad 
Signed-off-by: Ganesh Goudar 
Message-Id: <20200130184423.20519-8-ganes...@linux.ibm.com>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 137f5c9a33..c9b2e0a5e0 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -4454,7 +4454,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
 smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
 smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_ON;
-smc->default_caps.caps[SPAPR_CAP_FWNMI_MCE] = SPAPR_CAP_OFF;
+smc->default_caps.caps[SPAPR_CAP_FWNMI_MCE] = SPAPR_CAP_ON;
 spapr_caps_add_properties(smc, _abort);
 smc->irq = _irq_dual;
 smc->dr_phb_enabled = true;
@@ -4527,6 +4527,7 @@ static void spapr_machine_4_2_class_options(MachineClass 
*mc)
 spapr_machine_5_0_class_options(mc);
 compat_props_add(mc->compat_props, hw_compat_4_2, hw_compat_4_2_len);
 smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
+smc->default_caps.caps[SPAPR_CAP_FWNMI_MCE] = SPAPR_CAP_OFF;
 }
 
 DEFINE_SPAPR_MACHINE(4_2, "4.2", false);
-- 
2.24.1

[PULL 20/35] ppc/pnv: Add models for POWER8 PHB3 PCIe Host bridge

[David Gibson]

From: Cédric Le Goater 

This is a model of the PCIe Host Bridge (PHB3) found on a POWER8
processor. It includes the PowerBus logic interface (PBCQ), IOMMU
support, a single PCIe Gen.3 Root Complex, and support for MSI and LSI
interrupt sources as found on a POWER8 system using the XICS interrupt
controller.

The POWER8 processor comes in different flavors: Venice, Murano,
Naple, each having a different number of PHBs. To make things simpler,
the models provides 3 PHB3 per chip. Some platforms, like the
Firestone, can also couple PHBs on the first chip to provide more
bandwidth but this is too specific to model in QEMU.

XICS requires some adjustment to support the PHB3 MSI. The changes are
provided here but they could be decoupled in prereq patches.

Signed-off-by: Benjamin Herrenschmidt 
Signed-off-by: Cédric Le Goater 
Message-Id: <20200127144506.11132-3-...@kaod.org>
[dwg: Use device_class_set_props()]
Signed-off-by: David Gibson 
---
 hw/intc/xics.c  |   14 +-
 hw/pci-host/Makefile.objs   |1 +
 hw/pci-host/pnv_phb3.c  | 1195 +++
 hw/pci-host/pnv_phb3_msi.c  |  349 
 hw/pci-host/pnv_phb3_pbcq.c |  357 
 hw/ppc/pnv.c|   69 +-
 include/hw/pci-host/pnv_phb3.h  |  164 
 include/hw/pci-host/pnv_phb3_regs.h |  450 ++
 include/hw/ppc/pnv.h|4 +
 include/hw/ppc/pnv_xscom.h  |9 +
 include/hw/ppc/xics.h   |5 +
 11 files changed, 2614 insertions(+), 3 deletions(-)
 create mode 100644 hw/pci-host/pnv_phb3.c
 create mode 100644 hw/pci-host/pnv_phb3_msi.c
 create mode 100644 hw/pci-host/pnv_phb3_pbcq.c
 create mode 100644 include/hw/pci-host/pnv_phb3.h
 create mode 100644 include/hw/pci-host/pnv_phb3_regs.h

diff --git a/hw/intc/xics.c b/hw/intc/xics.c
index 785b607528..c5d507e707 100644
--- a/hw/intc/xics.c
+++ b/hw/intc/xics.c
@@ -217,7 +217,7 @@ void icp_eoi(ICPState *icp, uint32_t xirr)
 }
 }
 
-static void icp_irq(ICSState *ics, int server, int nr, uint8_t priority)
+void icp_irq(ICSState *ics, int server, int nr, uint8_t priority)
 {
 ICPState *icp = xics_icp_get(ics->xics, server);
 
@@ -512,8 +512,14 @@ void ics_write_xive(ICSState *ics, int srcno, int server,
 
 static void ics_reject(ICSState *ics, uint32_t nr)
 {
+ICSStateClass *isc = ICS_GET_CLASS(ics);
 ICSIRQState *irq = ics->irqs + nr - ics->offset;
 
+if (isc->reject) {
+isc->reject(ics, nr);
+return;
+}
+
 trace_xics_ics_reject(nr, nr - ics->offset);
 if (irq->flags & XICS_FLAGS_IRQ_MSI) {
 irq->status |= XICS_STATUS_REJECTED;
@@ -524,8 +530,14 @@ static void ics_reject(ICSState *ics, uint32_t nr)
 
 void ics_resend(ICSState *ics)
 {
+ICSStateClass *isc = ICS_GET_CLASS(ics);
 int i;
 
+if (isc->resend) {
+isc->resend(ics);
+return;
+}
+
 for (i = 0; i < ics->nr_irqs; i++) {
 /* FIXME: filter by server#? */
 if (ics->irqs[i].flags & XICS_FLAGS_IRQ_LSI) {
diff --git a/hw/pci-host/Makefile.objs b/hw/pci-host/Makefile.objs
index 8a296e2f93..8c87e8494d 100644
--- a/hw/pci-host/Makefile.objs
+++ b/hw/pci-host/Makefile.objs
@@ -21,3 +21,4 @@ common-obj-$(CONFIG_PCI_EXPRESS_XILINX) += xilinx-pcie.o
 
 common-obj-$(CONFIG_PCI_EXPRESS_DESIGNWARE) += designware.o
 obj-$(CONFIG_POWERNV) += pnv_phb4.o pnv_phb4_pec.o
+obj-$(CONFIG_POWERNV) += pnv_phb3.o pnv_phb3_msi.o pnv_phb3_pbcq.o
diff --git a/hw/pci-host/pnv_phb3.c b/hw/pci-host/pnv_phb3.c
new file mode 100644
index 00..f03399c406
--- /dev/null
+++ b/hw/pci-host/pnv_phb3.c
@@ -0,0 +1,1195 @@
+/*
+ * QEMU PowerPC PowerNV (POWER8) PHB3 model
+ *
+ * Copyright (c) 2014-2020, IBM Corporation.
+ *
+ * This code is licensed under the GPL version 2 or later. See the
+ * COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qapi/visitor.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "hw/pci-host/pnv_phb3_regs.h"
+#include "hw/pci-host/pnv_phb3.h"
+#include "hw/pci/pcie_host.h"
+#include "hw/pci/pcie_port.h"
+#include "hw/ppc/pnv.h"
+#include "hw/irq.h"
+#include "hw/qdev-properties.h"
+
+#define phb3_error(phb, fmt, ...)   \
+qemu_log_mask(LOG_GUEST_ERROR, "phb3[%d:%d]: " fmt "\n",\
+  (phb)->chip_id, (phb)->phb_id, ## __VA_ARGS__)
+
+static PCIDevice *pnv_phb3_find_cfg_dev(PnvPHB3 *phb)
+{
+PCIHostState *pci = PCI_HOST_BRIDGE(phb);
+uint64_t addr = phb->regs[PHB_CONFIG_ADDRESS >> 3];
+uint8_t bus, devfn;
+
+if (!(addr >> 63)) {
+return NULL;
+}
+bus = (addr >> 52) & 0xff;
+devfn = (addr >> 44) & 0xff;
+
+return pci_find_device(pci->bus, bus, devfn);
+}
+
+/*
+ * The CONFIG_DATA register expects little endian accesses, but as the
+ * region is big endian, we have to swap the value.
+ */
+static void pnv_phb3_config_write(PnvPHB3 *phb, unsigned 

[PULL 17/35] hw/ppc/Kconfig: Enable TPM_SPAPR as part of PSERIES config

[David Gibson]

From: Stefan Berger 

Signed-off-by: Stefan Berger 
Reviewed-by: Marc-André Lureau 
Reviewed-by: David Gibson 
Message-Id: <20200121152935.649898-6-stef...@linux.ibm.com>
[dwg: Use default in Kconfig rather than select to avoid breaking
 Windows host build]
Signed-off-by: David Gibson 
---
 hw/tpm/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/tpm/Kconfig b/hw/tpm/Kconfig
index 4d4ab0855c..9e67d990e8 100644
--- a/hw/tpm/Kconfig
+++ b/hw/tpm/Kconfig
@@ -25,6 +25,6 @@ config TPM_EMULATOR
 
 config TPM_SPAPR
 bool
-default n
+default y
 depends on TPM && PSERIES
 select TPMDEV
-- 
2.24.1

[PULL 15/35] tpm_spapr: Support TPM for ppc64 using CRQ based interface

[David Gibson]

From: Stefan Berger 

Implement support for TPM on ppc64 by implementing the vTPM CRQ interface
as a frontend. It can use the tpm_emulator driver backend with the external
swtpm.

The Linux vTPM driver for ppc64 works with this emulation.

This TPM emulator also handles the TPM 2 case.

Signed-off-by: Stefan Berger 
Reviewed-by: David Gibson 
Message-Id: <20200121152935.649898-4-stef...@linux.ibm.com>
[dwg: Use device_class_set_props(), tweak Kconfig]
Signed-off-by: David Gibson 
---
 docs/specs/tpm.txt   |  20 ++-
 hw/tpm/Kconfig   |   6 +
 hw/tpm/Makefile.objs |   1 +
 hw/tpm/tpm_spapr.c   | 379 +++
 hw/tpm/trace-events  |  12 ++
 include/sysemu/tpm.h |   3 +
 qapi/tpm.json|   6 +-
 7 files changed, 423 insertions(+), 4 deletions(-)
 create mode 100644 hw/tpm/tpm_spapr.c

diff --git a/docs/specs/tpm.txt b/docs/specs/tpm.txt
index 9c8cca042d..9c3e67d8a7 100644
--- a/docs/specs/tpm.txt
+++ b/docs/specs/tpm.txt
@@ -34,6 +34,12 @@ The CRB interface makes a memory mapped IO region in the 
area 0xfed4 -
 QEMU files related to TPM CRB interface:
  - hw/tpm/tpm_crb.c
 
+
+pSeries (ppc64) machines offer a tpm-spapr device model.
+
+QEMU files related to the SPAPR interface:
+ - hw/tpm/tpm_spapr.c
+
 = fw_cfg interface =
 
 The bios/firmware may read the "etc/tpm/config" fw_cfg entry for
@@ -281,7 +287,7 @@ swtpm socket --tpmstate dir=/tmp/mytpm1 \
   --log level=20
 
 Command line to start QEMU with the TPM emulator device communicating with
-the swtpm:
+the swtpm (x86):
 
 qemu-system-x86_64 -display sdl -accel kvm \
   -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
@@ -289,6 +295,18 @@ qemu-system-x86_64 -display sdl -accel kvm \
   -tpmdev emulator,id=tpm0,chardev=chrtpm \
   -device tpm-tis,tpmdev=tpm0 test.img
 
+In case a pSeries machine is emulated, use the following command line:
+
+qemu-system-ppc64 -display sdl -machine pseries,accel=kvm \
+  -m 1024 -bios slof.bin -boot menu=on \
+  -nodefaults -device VGA -device pci-ohci -device usb-kbd \
+  -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
+  -tpmdev emulator,id=tpm0,chardev=chrtpm \
+  -device tpm-spapr,tpmdev=tpm0 \
+  -device spapr-vscsi,id=scsi0,reg=0x2000 \
+  -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,id=virtio-disk0
 \
+  -drive file=test.img,format=raw,if=none,id=drive-virtio-disk0
+
 
 In case SeaBIOS is used as firmware, it should show the TPM menu item
 after entering the menu with 'ESC'.
diff --git a/hw/tpm/Kconfig b/hw/tpm/Kconfig
index 4c8ee87d67..4d4ab0855c 100644
--- a/hw/tpm/Kconfig
+++ b/hw/tpm/Kconfig
@@ -22,3 +22,9 @@ config TPM_EMULATOR
 bool
 default y
 depends on TPMDEV
+
+config TPM_SPAPR
+bool
+default n
+depends on TPM && PSERIES
+select TPMDEV
diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs
index de0b85d02a..85eb99ae05 100644
--- a/hw/tpm/Makefile.objs
+++ b/hw/tpm/Makefile.objs
@@ -4,3 +4,4 @@ common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
 common-obj-$(CONFIG_TPM_CRB) += tpm_crb.o
 common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o
 common-obj-$(CONFIG_TPM_EMULATOR) += tpm_emulator.o
+obj-$(CONFIG_TPM_SPAPR) += tpm_spapr.o
diff --git a/hw/tpm/tpm_spapr.c b/hw/tpm/tpm_spapr.c
new file mode 100644
index 00..2ac4cb061c
--- /dev/null
+++ b/hw/tpm/tpm_spapr.c
@@ -0,0 +1,379 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * PAPR Virtual TPM
+ *
+ * Copyright (c) 2015, 2017, 2019 IBM Corporation.
+ *
+ * Authors:
+ *Stefan Berger 
+ *
+ * This code is licensed under the GPL version 2 or later. See the
+ * COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+
+#include "sysemu/tpm_backend.h"
+#include "tpm_int.h"
+#include "tpm_util.h"
+
+#include "hw/ppc/spapr.h"
+#include "hw/ppc/spapr_vio.h"
+#include "trace.h"
+
+#define DEBUG_SPAPR 0
+
+#define VIO_SPAPR_VTPM(obj) \
+ OBJECT_CHECK(SpaprTpmState, (obj), TYPE_TPM_SPAPR)
+
+typedef struct TpmCrq {
+uint8_t valid;  /* 0x80: cmd; 0xc0: init crq */
+/* 0x81-0x83: CRQ message response */
+uint8_t msg;/* see below */
+uint16_t len;   /* len of TPM request; len of TPM response */
+uint32_t data;  /* rtce_dma_handle when sending TPM request */
+uint64_t reserved;
+} TpmCrq;
+
+#define SPAPR_VTPM_VALID_INIT_CRQ_COMMAND  0xC0
+#define SPAPR_VTPM_VALID_COMMAND   0x80
+#define SPAPR_VTPM_MSG_RESULT  0x80
+
+/* msg types for valid = SPAPR_VTPM_VALID_INIT_CRQ */
+#define SPAPR_VTPM_INIT_CRQ_RESULT   0x1
+#define SPAPR_VTPM_INIT_CRQ_COMPLETE_RESULT  0x2
+
+/* msg types for valid = SPAPR_VTPM_VALID_CMD */
+#define SPAPR_VTPM_GET_VERSION   0x1
+#define SPAPR_VTPM_TPM_COMMAND   0x2
+#define SPAPR_VTPM_GET_RTCE_BUFFER_SIZE  0x3
+#define 

[PULL 04/35] hw/ppc/prep: Remove the deprecated "prep" machine and the OpenHackware BIOS

[David Gibson]

From: Thomas Huth 

It's been deprecated since QEMU v3.1. The 40p machine should be
used nowadays instead.

Reviewed-by: Philippe Mathieu-Daudé 
Acked-by: Hervé Poussineau 
Signed-off-by: Thomas Huth 
Message-Id: <20200114114617.28854-1-th...@redhat.com>
Signed-off-by: David Gibson 
---
 .gitmodules   |   3 -
 MAINTAINERS   |   1 -
 Makefile  |   2 +-
 docs/interop/firmware.json|   3 +-
 hw/ppc/ppc.c  |  18 --
 hw/ppc/prep.c | 384 +-
 include/hw/ppc/ppc.h  |   1 -
 pc-bios/README|   3 -
 pc-bios/ppc_rom.bin   | Bin 1048576 -> 0 bytes
 qemu-deprecated.texi  |   6 -
 qemu-doc.texi |  15 +-
 roms/openhackware |   1 -
 tests/qtest/boot-order-test.c |  25 ---
 tests/qtest/cdrom-test.c  |   2 +-
 tests/qtest/endianness-test.c |   2 +-
 15 files changed, 10 insertions(+), 456 deletions(-)
 delete mode 100644 pc-bios/ppc_rom.bin
 delete mode 16 roms/openhackware

diff --git a/.gitmodules b/.gitmodules
index 19792c9a11..9c0501a4d4 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -10,9 +10,6 @@
 [submodule "roms/openbios"]
path = roms/openbios
url = https://git.qemu.org/git/openbios.git
-[submodule "roms/openhackware"]
-   path = roms/openhackware
-   url = https://git.qemu.org/git/openhackware.git
 [submodule "roms/qemu-palcode"]
path = roms/qemu-palcode
url = https://git.qemu.org/git/qemu-palcode.git
diff --git a/MAINTAINERS b/MAINTAINERS
index 4ceb1ad882..faffd447bf 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1103,7 +1103,6 @@ F: hw/dma/i82374.c
 F: hw/rtc/m48t59-isa.c
 F: include/hw/isa/pc87312.h
 F: include/hw/rtc/m48t59.h
-F: pc-bios/ppc_rom.bin
 F: tests/acceptance/ppc_prep_40p.py
 
 sPAPR
diff --git a/Makefile b/Makefile
index 9a5a1e689c..3b21c0ea48 100644
--- a/Makefile
+++ b/Makefile
@@ -784,7 +784,7 @@ ifdef INSTALL_BLOBS
 BLOBS=bios.bin bios-256k.bin bios-microvm.bin sgabios.bin vgabios.bin 
vgabios-cirrus.bin \
 vgabios-stdvga.bin vgabios-vmware.bin vgabios-qxl.bin vgabios-virtio.bin \
 vgabios-ramfb.bin vgabios-bochs-display.bin vgabios-ati.bin \
-ppc_rom.bin openbios-sparc32 openbios-sparc64 openbios-ppc QEMU,tcx.bin 
QEMU,cgthree.bin \
+openbios-sparc32 openbios-sparc64 openbios-ppc QEMU,tcx.bin QEMU,cgthree.bin \
 pxe-e1000.rom pxe-eepro100.rom pxe-ne2k_pci.rom \
 pxe-pcnet.rom pxe-rtl8139.rom pxe-virtio.rom \
 efi-e1000.rom efi-eepro100.rom efi-ne2k_pci.rom \
diff --git a/docs/interop/firmware.json b/docs/interop/firmware.json
index 8ffb7856d2..240f565397 100644
--- a/docs/interop/firmware.json
+++ b/docs/interop/firmware.json
@@ -27,8 +27,7 @@
 #
 # @openfirmware: The interface is defined by the (historical) IEEE
 #1275-1994 standard. Examples for firmware projects that
-#provide this interface are: OpenBIOS, OpenHackWare,
-#SLOF.
+#provide this interface are: OpenBIOS and SLOF.
 #
 # @uboot: Firmware interface defined by the U-Boot project.
 #
diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
index 4c5fa29399..4a11fb1640 100644
--- a/hw/ppc/ppc.c
+++ b/hw/ppc/ppc.c
@@ -1490,24 +1490,6 @@ int ppc_dcr_init (CPUPPCState *env, int 
(*read_error)(int dcrn),
 }
 
 /*/
-/* Debug port */
-void PPC_debug_write (void *opaque, uint32_t addr, uint32_t val)
-{
-addr &= 0xF;
-switch (addr) {
-case 0:
-printf("%c", val);
-break;
-case 1:
-printf("\n");
-fflush(stdout);
-break;
-case 2:
-printf("Set loglevel to %04" PRIx32 "\n", val);
-qemu_set_log(val | 0x100);
-break;
-}
-}
 
 int ppc_cpu_pir(PowerPCCPU *cpu)
 {
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 862345c2ac..111cc80867 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -42,7 +42,7 @@
 #include "hw/loader.h"
 #include "hw/rtc/mc146818rtc.h"
 #include "hw/isa/pc87312.h"
-#include "hw/net/ne2000-isa.h"
+#include "hw/qdev-properties.h"
 #include "sysemu/arch_init.h"
 #include "sysemu/kvm.h"
 #include "sysemu/qtest.h"
@@ -60,178 +60,9 @@
 
 #define CFG_ADDR 0xf510
 
-#define BIOS_SIZE (1 * MiB)
-#define BIOS_FILENAME "ppc_rom.bin"
 #define KERNEL_LOAD_ADDR 0x0100
 #define INITRD_LOAD_ADDR 0x0180
 
-/* Constants for devices init */
-static const int ide_iobase[2] = { 0x1f0, 0x170 };
-static const int ide_iobase2[2] = { 0x3f6, 0x376 };
-static const int ide_irq[2] = { 13, 13 };
-
-#define NE2000_NB_MAX 6
-
-static uint32_t ne2000_io[NE2000_NB_MAX] = { 0x300, 0x320, 0x340, 0x360, 
0x280, 0x380 };
-static int ne2000_irq[NE2000_NB_MAX] = { 9, 10, 11, 3, 4, 5 };
-
-/* ISA IO ports bridge */
-#define PPC_IO_BASE 0x8000
-
-/* Fake super-io ports for PREP platform (Intel 82378ZB) */
-typedef struct sysctrl_t {
-qemu_irq reset_irq;
-Nvram *nvram;
-uint8_t state;
-uint8_t syscontrol;

[PULL 12/35] ppc/pnv: Add support for "hostboot" mode

[David Gibson]

From: Cédric Le Goater 

When the "hb-mode" option is activated on the powernv machine, the
firmware is mapped at 0x800 and the HRMOR of the HW threads are
set to the same address.

The PNOR mapping on the FW address space of the LPC bus is left enabled
to let the firmware load any other images required to boot the host.

Signed-off-by: Cédric Le Goater 
Message-Id: <20200127144154.10170-4-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/ppc/pnv.c  | 28 +++-
 hw/ppc/pnv_core.c |  3 +++
 hw/ppc/pnv_lpc.c  |  5 -
 include/hw/ppc/pnv.h  |  2 ++
 include/hw/ppc/pnv_core.h |  1 +
 5 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index e61994cf5a..9442e5eb63 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -716,7 +716,7 @@ static void pnv_init(MachineState *machine)
 exit(1);
 }
 
-fw_size = load_image_targphys(fw_filename, FW_LOAD_ADDR, FW_MAX_SIZE);
+fw_size = load_image_targphys(fw_filename, pnv->fw_load_addr, FW_MAX_SIZE);
 if (fw_size < 0) {
 error_report("Could not load OPAL firmware '%s'", fw_filename);
 exit(1);
@@ -1533,6 +1533,7 @@ static void pnv_chip_core_realize(PnvChip *chip, Error 
**errp)
 PnvChipClass *pcc = PNV_CHIP_GET_CLASS(chip);
 const char *typename = pnv_chip_core_typename(chip);
 int i, core_hwid;
+PnvMachineState *pnv = PNV_MACHINE(qdev_get_machine());
 
 if (!object_class_by_name(typename)) {
 error_setg(errp, "Unable to find PowerNV CPU Core '%s'", typename);
@@ -1571,6 +1572,8 @@ static void pnv_chip_core_realize(PnvChip *chip, Error 
**errp)
 object_property_set_int(OBJECT(pnv_core),
 pcc->core_pir(chip, core_hwid),
 "pir", _fatal);
+object_property_set_int(OBJECT(pnv_core), pnv->fw_load_addr,
+"hrmor", _fatal);
 object_property_set_link(OBJECT(pnv_core), OBJECT(chip), "chip",
  _abort);
 object_property_set_bool(OBJECT(pnv_core), true, "realized",
@@ -1767,6 +1770,22 @@ static void pnv_machine_power10_class_init(ObjectClass 
*oc, void *data)
 pmc->dt_power_mgt = pnv_dt_power_mgt;
 }
 
+static bool pnv_machine_get_hb(Object *obj, Error **errp)
+{
+PnvMachineState *pnv = PNV_MACHINE(obj);
+
+return !!pnv->fw_load_addr;
+}
+
+static void pnv_machine_set_hb(Object *obj, bool value, Error **errp)
+{
+PnvMachineState *pnv = PNV_MACHINE(obj);
+
+if (value) {
+pnv->fw_load_addr = 0x800;
+}
+}
+
 static void pnv_machine_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
@@ -1786,6 +1805,13 @@ static void pnv_machine_class_init(ObjectClass *oc, void 
*data)
  */
 mc->default_ram_size = INITRD_LOAD_ADDR + INITRD_MAX_SIZE;
 ispc->print_info = pnv_pic_print_info;
+
+object_class_property_add_bool(oc, "hb-mode",
+   pnv_machine_get_hb, pnv_machine_set_hb,
+   _abort);
+object_class_property_set_description(oc, "hb-mode",
+  "Use a hostboot like boot loader",
+  NULL);
 }
 
 #define DEFINE_PNV8_CHIP_TYPE(type, class_initfn) \
diff --git a/hw/ppc/pnv_core.c b/hw/ppc/pnv_core.c
index 5fe3f21e12..f7247222bc 100644
--- a/hw/ppc/pnv_core.c
+++ b/hw/ppc/pnv_core.c
@@ -56,6 +56,8 @@ static void pnv_core_cpu_reset(PnvCore *pc, PowerPCCPU *cpu)
 env->nip = 0x10;
 env->msr |= MSR_HVB; /* Hypervisor mode */
 
+env->spr[SPR_HRMOR] = pc->hrmor;
+
 pcc->intc_reset(pc->chip, cpu);
 }
 
@@ -289,6 +291,7 @@ static void pnv_core_unrealize(DeviceState *dev, Error 
**errp)
 
 static Property pnv_core_properties[] = {
 DEFINE_PROP_UINT32("pir", PnvCore, pir, 0),
+DEFINE_PROP_UINT64("hrmor", PnvCore, hrmor, 0),
 DEFINE_PROP_LINK("chip", PnvCore, chip, TYPE_PNV_CHIP, PnvChip *),
 DEFINE_PROP_END_OF_LIST(),
 };
diff --git a/hw/ppc/pnv_lpc.c b/hw/ppc/pnv_lpc.c
index 22b205532b..d1de98f04c 100644
--- a/hw/ppc/pnv_lpc.c
+++ b/hw/ppc/pnv_lpc.c
@@ -825,6 +825,7 @@ ISABus *pnv_lpc_isa_create(PnvLpcController *lpc, bool 
use_cpld, Error **errp)
 qemu_irq *irqs;
 qemu_irq_handler handler;
 PnvMachineState *pnv = PNV_MACHINE(qdev_get_machine());
+bool hostboot_mode = !!pnv->fw_load_addr;
 
 /* let isa_bus_new() create its own bridge on SysBus otherwise
  * devices speficied on the command line won't find the bus and
@@ -859,7 +860,9 @@ ISABus *pnv_lpc_isa_create(PnvLpcController *lpc, bool 
use_cpld, Error **errp)
  * Start disabled. The HIOMAP protocol will activate the mapping
  * with HIOMAP_C_CREATE_WRITE_WINDOW
  */
-memory_region_set_enabled(>pnor->mmio, false);
+if (!hostboot_mode) {
+memory_region_set_enabled(>pnor->mmio, false);
+}
 
 return isa_bus;
 }
diff --git a/include/hw/ppc/pnv.h 

[PULL 11/35] ppc/pnv: remove useless "core-pir" property alias.

[David Gibson]

From: Cédric Le Goater 

Commit 158e17a65e1a ("ppc/pnv: Link "chip" property to PnvCore::chip
pointer") introduced some cleanups of the PnvCore realize handler.
Let's continue by reworking a bit the interface of the PnvCore
handlers for the CPU threads. These changes make the "core-pir"
property alias unused. Remove it.

Signed-off-by: Cédric Le Goater 
Message-Id: <20200127144154.10170-3-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/ppc/pnv_core.c | 28 +---
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/hw/ppc/pnv_core.c b/hw/ppc/pnv_core.c
index 8ca5fbd1a9..5fe3f21e12 100644
--- a/hw/ppc/pnv_core.c
+++ b/hw/ppc/pnv_core.c
@@ -40,11 +40,11 @@ static const char *pnv_core_cpu_typename(PnvCore *pc)
 return cpu_type;
 }
 
-static void pnv_core_cpu_reset(PowerPCCPU *cpu, PnvChip *chip)
+static void pnv_core_cpu_reset(PnvCore *pc, PowerPCCPU *cpu)
 {
 CPUState *cs = CPU(cpu);
 CPUPPCState *env = >env;
-PnvChipClass *pcc = PNV_CHIP_GET_CLASS(chip);
+PnvChipClass *pcc = PNV_CHIP_GET_CLASS(pc->chip);
 
 cpu_reset(cs);
 
@@ -56,7 +56,7 @@ static void pnv_core_cpu_reset(PowerPCCPU *cpu, PnvChip *chip)
 env->nip = 0x10;
 env->msr |= MSR_HVB; /* Hypervisor mode */
 
-pcc->intc_reset(chip, cpu);
+pcc->intc_reset(pc->chip, cpu);
 }
 
 /*
@@ -162,14 +162,14 @@ static const MemoryRegionOps pnv_core_power9_xscom_ops = {
 .endianness = DEVICE_BIG_ENDIAN,
 };
 
-static void pnv_core_cpu_realize(PowerPCCPU *cpu, PnvChip *chip, Error **errp)
+static void pnv_core_cpu_realize(PnvCore *pc, PowerPCCPU *cpu, Error **errp)
 {
 CPUPPCState *env = >env;
 int core_pir;
 int thread_index = 0; /* TODO: TCG supports only one thread */
 ppc_spr_t *pir = >spr_cb[SPR_PIR];
 Error *local_err = NULL;
-PnvChipClass *pcc = PNV_CHIP_GET_CLASS(chip);
+PnvChipClass *pcc = PNV_CHIP_GET_CLASS(pc->chip);
 
 object_property_set_bool(OBJECT(cpu), true, "realized", _err);
 if (local_err) {
@@ -177,13 +177,13 @@ static void pnv_core_cpu_realize(PowerPCCPU *cpu, PnvChip 
*chip, Error **errp)
 return;
 }
 
-pcc->intc_create(chip, cpu, _err);
+pcc->intc_create(pc->chip, cpu, _err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
 }
 
-core_pir = object_property_get_uint(OBJECT(cpu), "core-pir", _abort);
+core_pir = object_property_get_uint(OBJECT(pc), "pir", _abort);
 
 /*
  * The PIR of a thread is the core PIR + the thread index. We will
@@ -203,7 +203,7 @@ static void pnv_core_reset(void *dev)
 int i;
 
 for (i = 0; i < cc->nr_threads; i++) {
-pnv_core_cpu_reset(pc->threads[i], pc->chip);
+pnv_core_cpu_reset(pc, pc->threads[i]);
 }
 }
 
@@ -231,8 +231,6 @@ static void pnv_core_realize(DeviceState *dev, Error **errp)
 
 snprintf(name, sizeof(name), "thread[%d]", i);
 object_property_add_child(OBJECT(pc), name, obj, _abort);
-object_property_add_alias(obj, "core-pir", OBJECT(pc),
-  "pir", _abort);
 
 cpu->machine_data = g_new0(PnvCPUState, 1);
 
@@ -240,7 +238,7 @@ static void pnv_core_realize(DeviceState *dev, Error **errp)
 }
 
 for (j = 0; j < cc->nr_threads; j++) {
-pnv_core_cpu_realize(pc->threads[j], pc->chip, _err);
+pnv_core_cpu_realize(pc, pc->threads[j], _err);
 if (local_err) {
 goto err;
 }
@@ -263,12 +261,12 @@ err:
 error_propagate(errp, local_err);
 }
 
-static void pnv_core_cpu_unrealize(PowerPCCPU *cpu, PnvChip *chip)
+static void pnv_core_cpu_unrealize(PnvCore *pc, PowerPCCPU *cpu)
 {
 PnvCPUState *pnv_cpu = pnv_cpu_state(cpu);
-PnvChipClass *pcc = PNV_CHIP_GET_CLASS(chip);
+PnvChipClass *pcc = PNV_CHIP_GET_CLASS(pc->chip);
 
-pcc->intc_destroy(chip, cpu);
+pcc->intc_destroy(pc->chip, cpu);
 cpu_remove_sync(CPU(cpu));
 cpu->machine_data = NULL;
 g_free(pnv_cpu);
@@ -284,7 +282,7 @@ static void pnv_core_unrealize(DeviceState *dev, Error 
**errp)
 qemu_unregister_reset(pnv_core_reset, pc);
 
 for (i = 0; i < cc->nr_threads; i++) {
-pnv_core_cpu_unrealize(pc->threads[i], pc->chip);
+pnv_core_cpu_unrealize(pc, pc->threads[i]);
 }
 g_free(pc->threads);
 }
-- 
2.24.1

[PULL 18/35] docs/specs/tpm: reST-ify TPM documentation

[David Gibson]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Message-Id: <20200121152935.649898-7-stef...@linux.ibm.com>
Signed-off-by: David Gibson 
---
 docs/specs/index.rst |   1 +
 docs/specs/tpm.rst   | 503 +++
 docs/specs/tpm.txt   | 445 --
 3 files changed, 504 insertions(+), 445 deletions(-)
 create mode 100644 docs/specs/tpm.rst
 delete mode 100644 docs/specs/tpm.txt

diff --git a/docs/specs/index.rst b/docs/specs/index.rst
index 984ba44029..de46a8b5e7 100644
--- a/docs/specs/index.rst
+++ b/docs/specs/index.rst
@@ -13,3 +13,4 @@ Contents:
ppc-xive
ppc-spapr-xive
acpi_hw_reduced_hotplug
+   tpm
diff --git a/docs/specs/tpm.rst b/docs/specs/tpm.rst
new file mode 100644
index 00..2bdf637f55
--- /dev/null
+++ b/docs/specs/tpm.rst
@@ -0,0 +1,503 @@
+===
+QEMU TPM Device
+===
+
+Guest-side hardware interface
+=
+
+TIS interface
+-
+
+The QEMU TPM emulation implements a TPM TIS hardware interface
+following the Trusted Computing Group's specification "TCG PC Client
+Specific TPM Interface Specification (TIS)", Specification Version
+1.3, 21 March 2013. (see the `TIS specification`_, or a later version
+of it).
+
+The TIS interface makes a memory mapped IO region in the area
+0xfed4-0xfed44fff available to the guest operating system.
+
+QEMU files related to TPM TIS interface:
+ - ``hw/tpm/tpm_tis.c``
+ - ``hw/tpm/tpm_tis.h``
+
+CRB interface
+-
+
+QEMU also implements a TPM CRB interface following the Trusted
+Computing Group's specification "TCG PC Client Platform TPM Profile
+(PTP) Specification", Family "2.0", Level 00 Revision 01.03 v22, May
+22, 2017. (see the `CRB specification`_, or a later version of it)
+
+The CRB interface makes a memory mapped IO region in the area
+0xfed4-0xfed40fff (1 locality) available to the guest
+operating system.
+
+QEMU files related to TPM CRB interface:
+ - ``hw/tpm/tpm_crb.c``
+
+SPAPR interface
+---
+
+pSeries (ppc64) machines offer a tpm-spapr device model.
+
+QEMU files related to the SPAPR interface:
+ - ``hw/tpm/tpm_spapr.c``
+
+fw_cfg interface
+
+
+The bios/firmware may read the ``"etc/tpm/config"`` fw_cfg entry for
+configuring the guest appropriately.
+
+The entry of 6 bytes has the following content, in little-endian:
+
+.. code-block:: c
+
+#define TPM_VERSION_UNSPEC  0
+#define TPM_VERSION_1_2 1
+#define TPM_VERSION_2_0 2
+
+#define TPM_PPI_VERSION_NONE0
+#define TPM_PPI_VERSION_1_301
+
+struct FwCfgTPMConfig {
+uint32_t tpmppi_address; /* PPI memory location */
+uint8_t tpm_version; /* TPM version */
+uint8_t tpmppi_version;  /* PPI version */
+};
+
+ACPI interface
+==
+
+The TPM device is defined with ACPI ID "PNP0C31". QEMU builds a SSDT
+and passes it into the guest through the fw_cfg device. The device
+description contains the base address of the TIS interface 0xfed4
+and the size of the MMIO area (0x5000). In case a TPM2 is used by
+QEMU, a TPM2 ACPI table is also provided.  The device is described to
+be used in polling mode rather than interrupt mode primarily because
+no unused IRQ could be found.
+
+To support measurement logs to be written by the firmware,
+e.g. SeaBIOS, a TCPA table is implemented. This table provides a 64kb
+buffer where the firmware can write its log into. For TPM 2 only a
+more recent version of the TPM2 table provides support for
+measurements logs and a TCPA table does not need to be created.
+
+The TCPA and TPM2 ACPI tables follow the Trusted Computing Group
+specification "TCG ACPI Specification" Family "1.2" and "2.0", Level
+00 Revision 00.37. (see the `ACPI specification`_, or a later version
+of it)
+
+ACPI PPI Interface
+--
+
+QEMU supports the Physical Presence Interface (PPI) for TPM 1.2 and
+TPM 2. This interface requires ACPI and firmware support. (see the
+`PPI specification`_)
+
+PPI enables a system administrator (root) to request a modification to
+the TPM upon reboot. The PPI specification defines the operation
+requests and the actions the firmware has to take. The system
+administrator passes the operation request number to the firmware
+through an ACPI interface which writes this number to a memory
+location that the firmware knows. Upon reboot, the firmware finds the
+number and sends commands to the TPM. The firmware writes the TPM
+result code and the operation request number to a memory location that
+ACPI can read from and pass the result on to the administrator.
+
+The PPI specification defines a set of mandatory and optional
+operations for the firmware to implement. The ACPI interface also
+allows an administrator to list the supported operations. In QEMU the
+ACPI code is generated by QEMU, yet the 

[PULL 07/35] target/ppc: Add privileged message send facilities

[David Gibson]

From: Cédric Le Goater 

The Processor Control facility for POWER8 processors and later
provides a mechanism for the hypervisor to send messages to other
threads in the system (msgsnd instruction) and cause hypervisor-level
exceptions. Privileged non-hypervisor programs can also send messages
(msgsndp instruction) but are restricted to the threads of the same
subprocessor and cause privileged-level exceptions.

The Directed Privileged Doorbell Exception State (DPDES) register
reflects the state of pending privileged doorbell exceptions and can
be used to modify that state. The register can be used to read and
modify the state of privileged doorbell exceptions for all threads of
a subprocessor and thus is a shared facility for that subprocessor.
The register can be read/written by the hypervisor and read by the
supervisor if enabled in the HFSCR, otherwise a hypervisor facility
unavailable exception is generated.

The privileged message send and clear instructions (msgsndp & msgclrp)
are used to generate and clear the presence of a directed privileged
doorbell exception, respectively. The msgsndp instruction can be used
to target any thread of the current subprocessor, msgclrp acts on the
thread issuing the instruction. These instructions are privileged, but
will generate a hypervisor facility unavailable exception if not
enabled in the HFSCR and executed in privileged non-hypervisor
state. The HV facility unavailable exception will be addressed in
other patch.

Add and implement this register and instructions by reading or
modifying the pending interrupt state of the cpu.

Note that TCG only supports one thread per core and so we only need to
worry about the cpu making the access.

Signed-off-by: Suraj Jitindar Singh 
Signed-off-by: Cédric Le Goater 
Message-Id: <20200120104935.24449-2-...@kaod.org>
Signed-off-by: David Gibson 
---
 target/ppc/excp_helper.c| 66 +
 target/ppc/helper.h |  4 ++
 target/ppc/misc_helper.c| 36 ++
 target/ppc/translate.c  | 26 +
 target/ppc/translate_init.inc.c | 20 --
 5 files changed, 132 insertions(+), 20 deletions(-)

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index 5752ed4a4d..1b07c3ed56 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -900,7 +900,11 @@ static void ppc_hw_interrupt(CPUPPCState *env)
 }
 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DOORBELL)) {
 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DOORBELL);
-powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_DOORI);
+if (is_book3s_arch2x(env)) {
+powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_SDOOR);
+} else {
+powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_DOORI);
+}
 return;
 }
 if (env->pending_interrupts & (1 << PPC_INTERRUPT_HDOORBELL)) {
@@ -1221,39 +1225,30 @@ void helper_msgsnd(target_ulong rb)
 }
 
 /* Server Processor Control */
-static int book3s_dbell2irq(target_ulong rb)
-{
-int msg = rb & DBELL_TYPE_MASK;
 
+static bool dbell_type_server(target_ulong rb)
+{
 /*
  * A Directed Hypervisor Doorbell message is sent only if the
  * message type is 5. All other types are reserved and the
  * instruction is a no-op
  */
-return msg == DBELL_TYPE_DBELL_SERVER ? PPC_INTERRUPT_HDOORBELL : -1;
+return (rb & DBELL_TYPE_MASK) == DBELL_TYPE_DBELL_SERVER;
 }
 
 void helper_book3s_msgclr(CPUPPCState *env, target_ulong rb)
 {
-int irq = book3s_dbell2irq(rb);
-
-if (irq < 0) {
+if (!dbell_type_server(rb)) {
 return;
 }
 
-env->pending_interrupts &= ~(1 << irq);
+env->pending_interrupts &= ~(1 << PPC_INTERRUPT_HDOORBELL);
 }
 
-void helper_book3s_msgsnd(target_ulong rb)
+static void book3s_msgsnd_common(int pir, int irq)
 {
-int irq = book3s_dbell2irq(rb);
-int pir = rb & DBELL_PROCIDTAG_MASK;
 CPUState *cs;
 
-if (irq < 0) {
-return;
-}
-
 qemu_mutex_lock_iothread();
 CPU_FOREACH(cs) {
 PowerPCCPU *cpu = POWERPC_CPU(cs);
@@ -1267,6 +1262,45 @@ void helper_book3s_msgsnd(target_ulong rb)
 }
 qemu_mutex_unlock_iothread();
 }
+
+void helper_book3s_msgsnd(target_ulong rb)
+{
+int pir = rb & DBELL_PROCIDTAG_MASK;
+
+if (!dbell_type_server(rb)) {
+return;
+}
+
+book3s_msgsnd_common(pir, PPC_INTERRUPT_HDOORBELL);
+}
+
+#if defined(TARGET_PPC64)
+void helper_book3s_msgclrp(CPUPPCState *env, target_ulong rb)
+{
+if (!dbell_type_server(rb)) {
+return;
+}
+
+env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DOORBELL);
+}
+
+/*
+ * sends a message to other threads that are on the same
+ * multi-threaded processor
+ */
+void helper_book3s_msgsndp(CPUPPCState *env, target_ulong rb)
+{
+int pir = env->spr_cb[SPR_PIR].default_value;
+
+if (!dbell_type_server(rb)) {
+return;
+

[PULL 14/35] spapr: Implement get_dt_compatible() callback

[David Gibson]

From: Stefan Berger 

For devices that cannot be statically initialized, implement a
get_dt_compatible() callback that allows us to ask the device for
the 'compatible' value.

Signed-off-by: Stefan Berger 
Reviewed-by: Marc-André Lureau 
Reviewed-by: David Gibson 
Message-Id: <20200121152935.649898-3-stef...@linux.ibm.com>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_vio.c | 11 +--
 include/hw/ppc/spapr_vio.h |  1 +
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr_vio.c b/hw/ppc/spapr_vio.c
index f14944e900..0b085eabe4 100644
--- a/hw/ppc/spapr_vio.c
+++ b/hw/ppc/spapr_vio.c
@@ -87,6 +87,7 @@ static int vio_make_devnode(SpaprVioDevice *dev,
 SpaprVioDeviceClass *pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
 int vdevice_off, node_off, ret;
 char *dt_name;
+const char *dt_compatible;
 
 vdevice_off = fdt_path_offset(fdt, "/vdevice");
 if (vdevice_off < 0) {
@@ -113,9 +114,15 @@ static int vio_make_devnode(SpaprVioDevice *dev,
 }
 }
 
-if (pc->dt_compatible) {
+if (pc->get_dt_compatible) {
+dt_compatible = pc->get_dt_compatible(dev);
+} else {
+dt_compatible = pc->dt_compatible;
+}
+
+if (dt_compatible) {
 ret = fdt_setprop_string(fdt, node_off, "compatible",
- pc->dt_compatible);
+ dt_compatible);
 if (ret < 0) {
 return ret;
 }
diff --git a/include/hw/ppc/spapr_vio.h b/include/hw/ppc/spapr_vio.h
index ce6d9b0c66..bed7df60e3 100644
--- a/include/hw/ppc/spapr_vio.h
+++ b/include/hw/ppc/spapr_vio.h
@@ -58,6 +58,7 @@ typedef struct SpaprVioDeviceClass {
 void (*realize)(SpaprVioDevice *dev, Error **errp);
 void (*reset)(SpaprVioDevice *dev);
 int (*devnode)(SpaprVioDevice *dev, void *fdt, int node_off);
+const char *(*get_dt_compatible)(SpaprVioDevice *dev);
 } SpaprVioDeviceClass;
 
 struct SpaprVioDevice {
-- 
2.24.1

[PULL 16/35] tpm_spapr: Support suspend and resume

[David Gibson]

From: Stefan Berger 

Extend the tpm_spapr frontend with VM suspend and resume support.

Signed-off-by: Stefan Berger 
Message-Id: <20200121152935.649898-5-stef...@linux.ibm.com>
Reviewed-by: Marc-André Lureau 
Signed-off-by: David Gibson 
---
 hw/tpm/tpm_spapr.c  | 52 -
 hw/tpm/trace-events |  2 ++
 2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/hw/tpm/tpm_spapr.c b/hw/tpm/tpm_spapr.c
index 2ac4cb061c..ce65eb2e45 100644
--- a/hw/tpm/tpm_spapr.c
+++ b/hw/tpm/tpm_spapr.c
@@ -76,6 +76,8 @@ typedef struct {
 
 unsigned char *buffer;
 
+uint32_t numbytes; /* number of bytes to deliver on resume */
+
 TPMBackendCmd cmd;
 
 TPMBackend *be_driver;
@@ -240,6 +242,14 @@ static void tpm_spapr_request_completed(TPMIf *ti, int ret)
 
 /* a max. of be_buffer_size bytes can be transported */
 len = MIN(tpm_cmd_get_size(s->buffer), s->be_buffer_size);
+
+if (runstate_check(RUN_STATE_FINISH_MIGRATE)) {
+trace_tpm_spapr_caught_response(len);
+/* defer delivery of response until .post_load */
+s->numbytes = len;
+return;
+}
+
 rc = spapr_vio_dma_write(>vdev, be32_to_cpu(crq->data),
  s->buffer, len);
 
@@ -288,6 +298,7 @@ static void tpm_spapr_reset(SpaprVioDevice *dev)
 SpaprTpmState *s = VIO_SPAPR_VTPM(dev);
 
 s->state = SPAPR_VTPM_STATE_NONE;
+s->numbytes = 0;
 
 s->be_tpm_version = tpm_backend_get_tpm_version(s->be_driver);
 
@@ -309,9 +320,48 @@ static enum TPMVersion tpm_spapr_get_version(TPMIf *ti)
 return tpm_backend_get_tpm_version(s->be_driver);
 }
 
+/* persistent state handling */
+
+static int tpm_spapr_pre_save(void *opaque)
+{
+SpaprTpmState *s = opaque;
+
+tpm_backend_finish_sync(s->be_driver);
+/*
+ * we cannot deliver the results to the VM since DMA would touch VM memory
+ */
+
+return 0;
+}
+
+static int tpm_spapr_post_load(void *opaque, int version_id)
+{
+SpaprTpmState *s = opaque;
+
+if (s->numbytes) {
+trace_tpm_spapr_post_load();
+/* deliver the results to the VM via DMA */
+tpm_spapr_request_completed(TPM_IF(s), 0);
+s->numbytes = 0;
+}
+
+return 0;
+}
+
 static const VMStateDescription vmstate_spapr_vtpm = {
 .name = "tpm-spapr",
-.unmigratable = 1,
+.pre_save = tpm_spapr_pre_save,
+.post_load = tpm_spapr_post_load,
+.fields = (VMStateField[]) {
+VMSTATE_SPAPR_VIO(vdev, SpaprTpmState),
+
+VMSTATE_UINT8(state, SpaprTpmState),
+VMSTATE_UINT32(numbytes, SpaprTpmState),
+VMSTATE_VBUFFER_UINT32(buffer, SpaprTpmState, 0, NULL, numbytes),
+/* remember DMA address */
+VMSTATE_UINT32(crq.data, SpaprTpmState),
+VMSTATE_END_OF_LIST(),
+}
 };
 
 static Property tpm_spapr_properties[] = {
diff --git a/hw/tpm/trace-events b/hw/tpm/trace-events
index 9143a8eaa3..439e514787 100644
--- a/hw/tpm/trace-events
+++ b/hw/tpm/trace-events
@@ -67,3 +67,5 @@ tpm_spapr_do_crq_get_version(uint32_t version) "response: 
version %u"
 tpm_spapr_do_crq_prepare_to_suspend(void) "response: preparing to suspend"
 tpm_spapr_do_crq_unknown_msg_type(uint8_t type) "Unknown message type 0x%02x"
 tpm_spapr_do_crq_unknown_crq(uint8_t raw1, uint8_t raw2) "unknown CRQ 0x%02x 
0x%02x ..."
+tpm_spapr_post_load(void) "Delivering TPM response after resume"
+tpm_spapr_caught_response(uint32_t v) "Caught response to deliver after 
resume: %u bytes"
-- 
2.24.1

[PULL 09/35] spapr: Don't allow multiple active vCPUs at CAS

[David Gibson]

From: Greg Kurz 

According to the description of "ibm,client-architecture-support" that
can found in LoPAPR "B.6.2.3 Root Node Methods":

If multiple partition processors or threads are active at the time of
the ibm,client-architecture-support method call, or an error is detected
in the format of the ibm,architecture.vec structure, the err? boolean
shall be TRUE; else FALSE.

We certainly don't want to temper with the platform or with the PCR of
the other vCPUs if they happen to be active. Ensure we have only one
active vCPU and fail CAS otherwise. This is just for conformance and
robustness, it doesn't fix any known bugs.

Signed-off-by: Greg Kurz 
Message-Id: <157969867170.571404.12117797348882189656.st...@bahia.lan>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_hcall.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index ffb14641f9..b8bb66b5c0 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1676,6 +1676,18 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 Error *local_err = NULL;
 bool raw_mode_supported = false;
 bool guest_xive;
+CPUState *cs;
+
+/* CAS is supposed to be called early when only the boot vCPU is active. */
+CPU_FOREACH(cs) {
+if (cs == CPU(cpu)) {
+continue;
+}
+if (!cs->halted) {
+warn_report("guest has multiple active vCPUs at CAS, which is not 
allowed");
+return H_MULTI_THREADS_ACTIVE;
+}
+}
 
 cas_pvr = cas_check_pvr(spapr, cpu, , _mode_supported, 
_err);
 if (local_err) {
-- 
2.24.1

[PULL 13/35] tpm: Move tpm_tis_show_buffer to tpm_util.c

[David Gibson]

From: Stefan Berger 

Signed-off-by: Stefan Berger 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: David Gibson 
Message-Id: <20200121152935.649898-2-stef...@linux.ibm.com>
Signed-off-by: David Gibson 
---
 hw/tpm/tpm_tis.c| 32 
 hw/tpm/tpm_util.c   | 25 +
 hw/tpm/tpm_util.h   |  3 +++
 hw/tpm/trace-events |  2 +-
 4 files changed, 33 insertions(+), 29 deletions(-)

diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 5362df2711..31facb896d 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -107,30 +107,6 @@ static uint8_t tpm_tis_locality_from_addr(hwaddr addr)
 return (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7);
 }
 
-static void tpm_tis_show_buffer(const unsigned char *buffer,
-size_t buffer_size, const char *string)
-{
-size_t len, i;
-char *line_buffer, *p;
-
-len = MIN(tpm_cmd_get_size(buffer), buffer_size);
-
-/*
- * allocate enough room for 3 chars per buffer entry plus a
- * newline after every 16 chars and a final null terminator.
- */
-line_buffer = g_malloc(len * 3 + (len / 16) + 1);
-
-for (i = 0, p = line_buffer; i < len; i++) {
-if (i && !(i % 16)) {
-p += sprintf(p, "\n");
-}
-p += sprintf(p, "%.2X ", buffer[i]);
-}
-trace_tpm_tis_show_buffer(string, len, line_buffer);
-
-g_free(line_buffer);
-}
 
 /*
  * Set the given flags in the STS register by clearing the register but
@@ -156,8 +132,8 @@ static void tpm_tis_sts_set(TPMLocality *l, uint32_t flags)
  */
 static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
 {
-if (trace_event_get_state_backends(TRACE_TPM_TIS_SHOW_BUFFER)) {
-tpm_tis_show_buffer(s->buffer, s->be_buffer_size, "To TPM");
+if (trace_event_get_state_backends(TRACE_TPM_UTIL_SHOW_BUFFER)) {
+tpm_util_show_buffer(s->buffer, s->be_buffer_size, "To TPM");
 }
 
 /*
@@ -325,8 +301,8 @@ static void tpm_tis_request_completed(TPMIf *ti, int ret)
 s->loc[locty].state = TPM_TIS_STATE_COMPLETION;
 s->rw_offset = 0;
 
-if (trace_event_get_state_backends(TRACE_TPM_TIS_SHOW_BUFFER)) {
-tpm_tis_show_buffer(s->buffer, s->be_buffer_size, "From TPM");
+if (trace_event_get_state_backends(TRACE_TPM_UTIL_SHOW_BUFFER)) {
+tpm_util_show_buffer(s->buffer, s->be_buffer_size, "From TPM");
 }
 
 if (TPM_TIS_IS_VALID_LOCTY(s->next_locty)) {
diff --git a/hw/tpm/tpm_util.c b/hw/tpm/tpm_util.c
index 62b091f0c0..c0a0f3d71f 100644
--- a/hw/tpm/tpm_util.c
+++ b/hw/tpm/tpm_util.c
@@ -350,3 +350,28 @@ void tpm_sized_buffer_reset(TPMSizedBuffer *tsb)
 tsb->buffer = NULL;
 tsb->size = 0;
 }
+
+void tpm_util_show_buffer(const unsigned char *buffer,
+  size_t buffer_size, const char *string)
+{
+size_t len, i;
+char *line_buffer, *p;
+
+len = MIN(tpm_cmd_get_size(buffer), buffer_size);
+
+/*
+ * allocate enough room for 3 chars per buffer entry plus a
+ * newline after every 16 chars and a final null terminator.
+ */
+line_buffer = g_malloc(len * 3 + (len / 16) + 1);
+
+for (i = 0, p = line_buffer; i < len; i++) {
+if (i && !(i % 16)) {
+p += sprintf(p, "\n");
+}
+p += sprintf(p, "%.2X ", buffer[i]);
+}
+trace_tpm_util_show_buffer(string, len, line_buffer);
+
+g_free(line_buffer);
+}
diff --git a/hw/tpm/tpm_util.h b/hw/tpm/tpm_util.h
index f397ac21b8..7889081fba 100644
--- a/hw/tpm/tpm_util.h
+++ b/hw/tpm/tpm_util.h
@@ -79,4 +79,7 @@ typedef struct TPMSizedBuffer {
 
 void tpm_sized_buffer_reset(TPMSizedBuffer *tsb);
 
+void tpm_util_show_buffer(const unsigned char *buffer,
+  size_t buffer_size, const char *string);
+
 #endif /* TPM_TPM_UTIL_H */
diff --git a/hw/tpm/trace-events b/hw/tpm/trace-events
index 89804bcd64..357c9e9a84 100644
--- a/hw/tpm/trace-events
+++ b/hw/tpm/trace-events
@@ -14,6 +14,7 @@ tpm_util_get_buffer_size_len(uint32_t len, size_t expected) 
"tpm_resp->len = %u,
 tpm_util_get_buffer_size_hdr_len2(uint32_t len, size_t expected) 
"tpm2_resp->hdr.len = %u, expected = %zu"
 tpm_util_get_buffer_size_len2(uint32_t len, size_t expected) "tpm2_resp->len = 
%u, expected = %zu"
 tpm_util_get_buffer_size(size_t len) "buffersize of device: %zu"
+tpm_util_show_buffer(const char *direction, size_t len, const char *buf) 
"direction: %s len: %zu\n%s"
 
 # tpm_emulator.c
 tpm_emulator_set_locality(uint8_t locty) "setting locality to %d"
@@ -36,7 +37,6 @@ tpm_emulator_pre_save(void) ""
 tpm_emulator_inst_init(void) ""
 
 # tpm_tis.c
-tpm_tis_show_buffer(const char *direction, size_t len, const char *buf) 
"direction: %s len: %zu\nbuf: %s"
 tpm_tis_raise_irq(uint32_t irqmask) "Raising IRQ for flag 0x%08x"
 tpm_tis_new_active_locality(uint8_t locty) "Active locality is now %d"
 tpm_tis_abort(uint8_t locty) "New active locality is %d"
-- 
2.24.1

[PULL 22/35] spapr: Enable DD2.3 accelerated count cache flush in pseries-5.0 machine

[David Gibson]

For POWER9 DD2.2 cpus, the best current Spectre v2 indirect branch
mitigation is "count cache disabled", which is configured with:
-machine cap-ibs=fixed-ccd
However, this option isn't available on DD2.3 CPUs with KVM, because they
don't have the count cache disabled.

For POWER9 DD2.3 cpus, it is "count cache flush with assist", configured
with:
-machine cap-ibs=workaround,cap-ccf-assist=on
However this option isn't available on DD2.2 CPUs with KVM, because they
don't have the special CCF assist instruction this relies on.

On current machine types, we default to "count cache flush w/o assist",
that is:
-machine cap-ibs=workaround,cap-ccf-assist=off
This runs, with mitigation on both DD2.2 and DD2.3 host cpus, but has a
fairly significant performance impact.

It turns out we can do better.  The special instruction that CCF assist
uses to trigger a count cache flush is a no-op on earlier CPUs, rather than
trapping or causing other badness.  It doesn't, of itself, implement the
mitigation, but *if* we have count-cache-disabled, then the count cache
flush is unnecessary, and so using the count cache flush mitigation is
harmless.

Therefore for the new pseries-5.0 machine type, enable cap-ccf-assist by
default.  Along with that, suppress throwing an error if cap-ccf-assist
is selected but KVM doesn't support it, as long as KVM *is* giving us
count-cache-disabled.  To allow TCG to work out of the box, even though it
doesn't implement the ccf flush assist, downgrade the error in that case to
a warning.  This matches several Spectre mitigations where we allow TCG
to operate for debugging, since we don't really make guarantees about TCG
security properties anyway.

While we're there, make the TCG warning for this case match that for other
mitigations.

Signed-off-by: David Gibson 
Tested-by: Michael Ellerman 
---
 hw/ppc/spapr.c  |  5 -
 hw/ppc/spapr_caps.c | 21 +
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index a0076e5fbd..fe8266a1d1 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -4397,7 +4397,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 16; /* 64kiB */
 smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
 smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
-smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
+smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_ON;
 spapr_caps_add_properties(smc, _abort);
 smc->irq = _irq_dual;
 smc->dr_phb_enabled = true;
@@ -4465,8 +4465,11 @@ DEFINE_SPAPR_MACHINE(5_0, "5.0", true);
  */
 static void spapr_machine_4_2_class_options(MachineClass *mc)
 {
+SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
+
 spapr_machine_5_0_class_options(mc);
 compat_props_add(mc->compat_props, hw_compat_4_2, hw_compat_4_2_len);
+smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
 }
 
 DEFINE_SPAPR_MACHINE(4_2, "4.2", false);
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 481dfd2a27..7f933a98ed 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -485,11 +485,24 @@ static void cap_ccf_assist_apply(SpaprMachineState 
*spapr, uint8_t val,
 uint8_t kvm_val = kvmppc_get_cap_count_cache_flush_assist();
 
 if (tcg_enabled() && val) {
-/* TODO - for now only allow broken for TCG */
-error_setg(errp,
-"Requested count cache flush assist capability level not supported by tcg,"
-   " try appending -machine cap-ccf-assist=off");
+/* TCG doesn't implement anything here, but allow with a warning */
+warn_report("TCG doesn't support requested feature, 
cap-ccf-assist=on");
 } else if (kvm_enabled() && (val > kvm_val)) {
+uint8_t kvm_ibs = kvmppc_get_cap_safe_indirect_branch();
+
+if (kvm_ibs == SPAPR_CAP_FIXED_CCD) {
+/*
+ * If we don't have CCF assist on the host, the assist
+ * instruction is a harmless no-op.  It won't correctly
+ * implement the cache count flush *but* if we have
+ * count-cache-disabled in the host, that flush is
+ * unnnecessary.  So, specifically allow this case.  This
+ * allows us to have better performance on POWER9 DD2.3,
+ * while still working on POWER9 DD2.2 and POWER8 host
+ * cpus.
+ */
+return;
+}
 error_setg(errp,
 "Requested count cache flush assist capability level not supported by kvm,"
" try appending -machine cap-ccf-assist=off");
-- 
2.24.1

[PULL 05/35] target/ppc: Clarify the meaning of return values in kvm_handle_debug

[David Gibson]

From: Fabiano Rosas 

The kvm_handle_debug function can return 0 to go back into the guest
or return 1 to notify the gdbstub thread and pass control to GDB.

Signed-off-by: Fabiano Rosas 
Message-Id: <20200110151344.278471-2-faro...@linux.ibm.com>
Tested-by: Leonardo Bras 
Signed-off-by: David Gibson 
---
 target/ppc/kvm.c | 15 +--
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 06fd0cc162..c05dde5985 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -53,6 +53,9 @@
 
 #define PROC_DEVTREE_CPU  "/proc/device-tree/cpus/"
 
+#define DEBUG_RETURN_GUEST 0
+#define DEBUG_RETURN_GDB   1
+
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
 };
@@ -1564,7 +1567,7 @@ void kvm_arch_update_guest_debug(CPUState *cs, struct 
kvm_guest_debug *dbg)
 static int kvm_handle_hw_breakpoint(CPUState *cs,
 struct kvm_debug_exit_arch *arch_info)
 {
-int handle = 0;
+int handle = DEBUG_RETURN_GUEST;
 int n;
 int flag = 0;
 
@@ -1572,13 +1575,13 @@ static int kvm_handle_hw_breakpoint(CPUState *cs,
 if (arch_info->status & KVMPPC_DEBUG_BREAKPOINT) {
 n = find_hw_breakpoint(arch_info->address, GDB_BREAKPOINT_HW);
 if (n >= 0) {
-handle = 1;
+handle = DEBUG_RETURN_GDB;
 }
 } else if (arch_info->status & (KVMPPC_DEBUG_WATCH_READ |
 KVMPPC_DEBUG_WATCH_WRITE)) {
 n = find_hw_watchpoint(arch_info->address,  );
 if (n >= 0) {
-handle = 1;
+handle = DEBUG_RETURN_GDB;
 cs->watchpoint_hit = _watchpoint;
 hw_watchpoint.vaddr = hw_debug_points[n].addr;
 hw_watchpoint.flags = flag;
@@ -1590,12 +1593,12 @@ static int kvm_handle_hw_breakpoint(CPUState *cs,
 
 static int kvm_handle_singlestep(void)
 {
-return 1;
+return DEBUG_RETURN_GDB;
 }
 
 static int kvm_handle_sw_breakpoint(void)
 {
-return 1;
+return DEBUG_RETURN_GDB;
 }
 
 static int kvm_handle_debug(PowerPCCPU *cpu, struct kvm_run *run)
@@ -1647,7 +1650,7 @@ static int kvm_handle_debug(PowerPCCPU *cpu, struct 
kvm_run *run)
 env->error_code = POWERPC_EXCP_INVAL;
 ppc_cpu_do_interrupt(cs);
 
-return 0;
+return DEBUG_RETURN_GUEST;
 }
 
 int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
-- 
2.24.1

[PULL 06/35] spapr: Fail CAS if option vector table cannot be parsed

[David Gibson]

From: Greg Kurz 

Most of the option vector helpers have assertions to check their
arguments aren't null. The guest can provide an arbitrary address
for the CAS structure that would result in such null arguments.
Fail CAS with H_PARAMETER and print a warning instead of aborting
QEMU.

Signed-off-by: Greg Kurz 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <157925255250.397143.10855183619366882459.st...@bahia.lan>
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_hcall.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index f1799b1b70..ffb14641f9 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1703,7 +1703,15 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 ov_table = addr;
 
 ov1_guest = spapr_ovec_parse_vector(ov_table, 1);
+if (!ov1_guest) {
+warn_report("guest didn't provide option vector 1");
+return H_PARAMETER;
+}
 ov5_guest = spapr_ovec_parse_vector(ov_table, 5);
+if (!ov5_guest) {
+warn_report("guest didn't provide option vector 5");
+return H_PARAMETER;
+}
 if (spapr_ovec_test(ov5_guest, OV5_MMU_BOTH)) {
 error_report("guest requested hash and radix MMU, which is invalid.");
 exit(EXIT_FAILURE);
-- 
2.24.1

[PULL 08/35] target/ppc: add support for Hypervisor Facility Unavailable Exception

[David Gibson]

From: Cédric Le Goater 

The privileged message send and clear instructions (msgsndp & msgclrp)
are privileged, but will generate a hypervisor facility unavailable
exception if not enabled in the HFSCR and executed in privileged
non-hypervisor state.

Add checks when accessing the DPDES register and when using the
msgsndp and msgclrp isntructions.

Signed-off-by: Suraj Jitindar Singh 
Signed-off-by: Cédric Le Goater 
Message-Id: <20200120104935.24449-3-...@kaod.org>
Signed-off-by: David Gibson 
---
 target/ppc/cpu.h |  6 ++
 target/ppc/excp_helper.c | 13 +
 target/ppc/misc_helper.c | 27 +++
 3 files changed, 46 insertions(+)

diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 8ebeaba649..96aeea1934 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -397,6 +397,10 @@ typedef struct ppc_v3_pate_t {
 #define PSSCR_ESL PPC_BIT(42) /* Enable State Loss */
 #define PSSCR_EC  PPC_BIT(43) /* Exit Criterion */
 
+/* HFSCR bits */
+#define HFSCR_MSGP PPC_BIT(53) /* Privileged Message Send Facilities */
+#define HFSCR_IC_MSGP  0xA
+
 #define msr_sf   ((env->msr >> MSR_SF)   & 1)
 #define msr_isf  ((env->msr >> MSR_ISF)  & 1)
 #define msr_shv  ((env->msr >> MSR_SHV)  & 1)
@@ -1329,6 +1333,8 @@ void cpu_ppc_set_vhyp(PowerPCCPU *cpu, 
PPCVirtualHypervisor *vhyp);
 #endif
 
 void store_fpscr(CPUPPCState *env, uint64_t arg, uint32_t mask);
+void helper_hfscr_facility_check(CPUPPCState *env, uint32_t bit,
+ const char *caller, uint32_t cause);
 
 static inline uint64_t ppc_dump_gpr(CPUPPCState *env, int gprn)
 {
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index 1b07c3ed56..027f54c0ed 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -471,6 +471,15 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 case POWERPC_EXCP_FU: /* Facility unavailable exception  */
 #ifdef TARGET_PPC64
 env->spr[SPR_FSCR] |= ((target_ulong)env->error_code << 56);
+#endif
+break;
+case POWERPC_EXCP_HV_FU: /* Hypervisor Facility Unavailable Exception 
*/
+#ifdef TARGET_PPC64
+env->spr[SPR_HFSCR] |= ((target_ulong)env->error_code << FSCR_IC_POS);
+srr0 = SPR_HSRR0;
+srr1 = SPR_HSRR1;
+new_msr |= (target_ulong)MSR_HVB;
+new_msr |= env->msr & ((target_ulong)1 << MSR_RI);
 #endif
 break;
 case POWERPC_EXCP_PIT:   /* Programmable interval timer interrupt*/
@@ -1277,6 +1286,8 @@ void helper_book3s_msgsnd(target_ulong rb)
 #if defined(TARGET_PPC64)
 void helper_book3s_msgclrp(CPUPPCState *env, target_ulong rb)
 {
+helper_hfscr_facility_check(env, HFSCR_MSGP, "msgclrp", HFSCR_IC_MSGP);
+
 if (!dbell_type_server(rb)) {
 return;
 }
@@ -1292,6 +1303,8 @@ void helper_book3s_msgsndp(CPUPPCState *env, target_ulong 
rb)
 {
 int pir = env->spr_cb[SPR_PIR].default_value;
 
+helper_hfscr_facility_check(env, HFSCR_MSGP, "msgsndp", HFSCR_IC_MSGP);
+
 if (!dbell_type_server(rb)) {
 return;
 }
diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
index 0c5919ff08..55b68d1246 100644
--- a/target/ppc/misc_helper.c
+++ b/target/ppc/misc_helper.c
@@ -41,6 +41,18 @@ void helper_store_dump_spr(CPUPPCState *env, uint32_t sprn)
 }
 
 #ifdef TARGET_PPC64
+static void raise_hv_fu_exception(CPUPPCState *env, uint32_t bit,
+  const char *caller, uint32_t cause,
+  uintptr_t raddr)
+{
+qemu_log_mask(CPU_LOG_INT, "HV Facility %d is unavailable (%s)\n",
+  bit, caller);
+
+env->spr[SPR_HFSCR] &= ~((target_ulong)FSCR_IC_MASK << FSCR_IC_POS);
+
+raise_exception_err_ra(env, POWERPC_EXCP_HV_FU, cause, raddr);
+}
+
 static void raise_fu_exception(CPUPPCState *env, uint32_t bit,
uint32_t sprn, uint32_t cause,
uintptr_t raddr)
@@ -55,6 +67,17 @@ static void raise_fu_exception(CPUPPCState *env, uint32_t 
bit,
 }
 #endif
 
+void helper_hfscr_facility_check(CPUPPCState *env, uint32_t bit,
+ const char *caller, uint32_t cause)
+{
+#ifdef TARGET_PPC64
+if ((env->msr_mask & MSR_HVB) && !msr_hv &&
+ !(env->spr[SPR_HFSCR] & (1UL << bit))) {
+raise_hv_fu_exception(env, bit, caller, cause, GETPC());
+}
+#endif
+}
+
 void helper_fscr_facility_check(CPUPPCState *env, uint32_t bit,
 uint32_t sprn, uint32_t cause)
 {
@@ -114,6 +137,8 @@ target_ulong helper_load_dpdes(CPUPPCState *env)
 {
 target_ulong dpdes = 0;
 
+helper_hfscr_facility_check(env, HFSCR_MSGP, "load DPDES", HFSCR_IC_MSGP);
+
 /* TODO: TCG supports only one thread */
 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DOORBELL)) {
 dpdes = 1;
@@ -127,6 +152,8 @@ void helper_store_dpdes(CPUPPCState *env, target_ulong 

[PULL 10/35] ppc/pnv: Add support for HRMOR on Radix host

[David Gibson]

From: Cédric Le Goater 

When in HV mode, if EA[0] is 0, the Hypervisor Offset Real Mode
Register controls the access.

Signed-off-by: Cédric Le Goater 
Message-Id: <20200127144154.10170-2-...@kaod.org>
Signed-off-by: David Gibson 
---
 target/ppc/mmu-radix64.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
index 066e324464..224e646c50 100644
--- a/target/ppc/mmu-radix64.c
+++ b/target/ppc/mmu-radix64.c
@@ -235,6 +235,12 @@ int ppc_radix64_handle_mmu_fault(PowerPCCPU *cpu, vaddr 
eaddr, int rwx,
 /* In real mode top 4 effective addr bits (mostly) ignored */
 raddr = eaddr & 0x0FFFULL;
 
+/* In HV mode, add HRMOR if top EA bit is clear */
+if (msr_hv || !env->has_hv_mode) {
+if (!(eaddr >> 63)) {
+raddr |= env->spr[SPR_HRMOR];
+   }
+}
 tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
  PAGE_READ | PAGE_WRITE | PAGE_EXEC, mmu_idx,
  TARGET_PAGE_SIZE);
-- 
2.24.1

[PULL 00/35] ppc-for-5.0 queue 20200203

[David Gibson]

The following changes since commit 28db64fce555a03b4ca256d5b6f4290abdfbd9e8:

  Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' 
into staging (2020-01-31 17:37:00 +)

are available in the Git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-5.0-20200203

for you to fetch changes up to 63d57c8f91d0d0e62fc4d91db6340a662b36a3c0:

  tests: Silence various warnings with pseries (2020-02-03 11:33:11 +1100)


ppc patch queue 2020-02093

This pull request supersedes ppc-for-5.0-20200131.  The only changes
are one extra patch to suppress some irritating warnings during tests
under TCG, and an extra Tested-by in one of the other patches.

Here's the next batch of patches for ppc and associated machine types.
Highlights includes:
 * Remove the deprecated "prep" machine type and its OpenHackware
   firmware
 * Add TCG emulation of the msgsndp etc. supervisor privileged
   doorbell instructions
 * Allow "pnv" machine type to run Hostboot style firmwares
 * Add a virtual TPM device for spapr machines
 * Implement devices for POWER8 PHB3 and POWER9 PHB4 host bridges for
   the pnv machine type
 * Use faster Spectre mitigation by default for POWER9 DD2.3 machines
 * Introduce Firmware Assisted NMI dump facility for spapr machines
 * Fix a performance regression with load/store multiple instructions
   in TCG

as well as some other assorted cleanups and fixes.


Aravinda Prasad (7):
  Wrapper function to wait on condition for the main loop mutex
  ppc: spapr: Introduce FWNMI capability
  target/ppc: Handle NMI guest exit
  target/ppc: Build rtas error log upon an MCE
  ppc: spapr: Handle "ibm,nmi-register" and "ibm,nmi-interlock" RTAS calls
  migration: Include migration support for machine check handling
  ppc: spapr: Activate the FWNMI functionality

BALATON Zoltan (1):
  target/ppc/cpu.h: Put macro parameter in parentheses

Benjamin Herrenschmidt (1):
  ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge

Cédric Le Goater (9):
  ppc/pnv: use QEMU unit definition MiB
  ppc/pnv: improve error logging when a PNOR update fails
  target/ppc: Add privileged message send facilities
  target/ppc: add support for Hypervisor Facility Unavailable Exception
  ppc/pnv: Add support for HRMOR on Radix host
  ppc/pnv: remove useless "core-pir" property alias.
  ppc/pnv: Add support for "hostboot" mode
  ppc/pnv: Add models for POWER8 PHB3 PCIe Host bridge
  ppc/pnv: change the PowerNV machine devices to be non user creatable

David Gibson (1):
  spapr: Enable DD2.3 accelerated count cache flush in pseries-5.0 machine

Fabiano Rosas (1):
  target/ppc: Clarify the meaning of return values in kvm_handle_debug

Greg Kurz (3):
  spapr: Fail CAS if option vector table cannot be parsed
  spapr: Don't allow multiple active vCPUs at CAS
  tests: Silence various warnings with pseries

Igor Mammedov (1):
  ppc:virtex_ml507: remove unused arguments

Marc-André Lureau (1):
  docs/specs/tpm: reST-ify TPM documentation

Richard Henderson (4):
  target/ppc: Use probe_access for LSW, STSW
  target/ppc: Use probe_access for LMW, STMW
  target/ppc: Remove redundant mask in DCBZ
  target/ppc: Use probe_write for DCBZ

Stefan Berger (5):
  tpm: Move tpm_tis_show_buffer to tpm_util.c
  spapr: Implement get_dt_compatible() callback
  tpm_spapr: Support TPM for ppc64 using CRQ based interface
  tpm_spapr: Support suspend and resume
  hw/ppc/Kconfig: Enable TPM_SPAPR as part of PSERIES config

Thomas Huth (1):
  hw/ppc/prep: Remove the deprecated "prep" machine and the OpenHackware 
BIOS

 .gitmodules |3 -
 MAINTAINERS |1 -
 Makefile|2 +-
 cpus.c  |5 +
 docs/interop/firmware.json  |3 +-
 docs/specs/index.rst|1 +
 docs/specs/tpm.rst  |  503 
 docs/specs/tpm.txt  |  427 ---
 hw/intc/xics.c  |   14 +-
 hw/pci-host/Makefile.objs   |2 +
 hw/pci-host/pnv_phb3.c  | 1197 +
 hw/pci-host/pnv_phb3_msi.c  |  349 +
 hw/pci-host/pnv_phb3_pbcq.c |  358 +
 hw/pci-host/pnv_phb4.c  | 1439 +++
 hw/pci-host/pnv_phb4_pec.c  |  595 +++
 hw/ppc/Kconfig  |2 +
 hw/ppc/pnv.c|  204 -
 hw/ppc/pnv_core.c   |   33 +-
 hw/ppc/pnv_homer.c  |1 +
 hw/ppc/pnv_lpc.c|6 +-
 hw/ppc/pnv_occ.c|1 +
 hw/ppc/pnv_pnor.c   |6 +-
 hw/ppc/ppc.c|   18 -
 

[PULL 03/35] ppc:virtex_ml507: remove unused arguments

[David Gibson]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Message-Id: <1579100861-73692-71-git-send-email-imamm...@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: David Gibson 
---
 hw/ppc/virtex_ml507.c | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/hw/ppc/virtex_ml507.c b/hw/ppc/virtex_ml507.c
index 7526947ea7..91dd00ee91 100644
--- a/hw/ppc/virtex_ml507.c
+++ b/hw/ppc/virtex_ml507.c
@@ -89,10 +89,7 @@ static void mmubooke_create_initial_mapping(CPUPPCState *env,
 tlb->PID = 0;
 }
 
-static PowerPCCPU *ppc440_init_xilinx(ram_addr_t *ram_size,
-  int do_init,
-  const char *cpu_type,
-  uint32_t sysclk)
+static PowerPCCPU *ppc440_init_xilinx(const char *cpu_type, uint32_t sysclk)
 {
 PowerPCCPU *cpu;
 CPUPPCState *env;
@@ -213,7 +210,7 @@ static void virtex_init(MachineState *machine)
 int i;
 
 /* init CPUs */
-cpu = ppc440_init_xilinx(_size, 1, machine->cpu_type, 4);
+cpu = ppc440_init_xilinx(machine->cpu_type, 4);
 env = >env;
 
 if (env->mmu_model != POWERPC_MMU_BOOKE) {
-- 
2.24.1

[PULL 02/35] ppc/pnv: improve error logging when a PNOR update fails

[David Gibson]

From: Cédric Le Goater 

Print out the offset at which the error occured.

Signed-off-by: Cédric Le Goater 
Message-Id: <20200108090348.21224-3-...@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: David Gibson 
---
 hw/ppc/pnv_pnor.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/pnv_pnor.c b/hw/ppc/pnv_pnor.c
index 060c6e6a31..c365ee58b8 100644
--- a/hw/ppc/pnv_pnor.c
+++ b/hw/ppc/pnv_pnor.c
@@ -47,7 +47,8 @@ static void pnv_pnor_update(PnvPnor *s, int offset, int size)
 ret = blk_pwrite(s->blk, offset, s->storage + offset,
  offset_end - offset, 0);
 if (ret < 0) {
-error_report("Could not update PNOR: %s", strerror(-ret));
+error_report("Could not update PNOR offset=0x%" PRIx32" : %s", offset,
+ strerror(-ret));
 }
 }
 
-- 
2.24.1

[PULL 01/35] ppc/pnv: use QEMU unit definition MiB

[David Gibson]

From: Cédric Le Goater 

Signed-off-by: Cédric Le Goater 
Message-Id: <20200108090348.21224-2-...@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: David Gibson 
---
 hw/ppc/pnv_pnor.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/pnv_pnor.c b/hw/ppc/pnv_pnor.c
index f761d8dc26..060c6e6a31 100644
--- a/hw/ppc/pnv_pnor.c
+++ b/hw/ppc/pnv_pnor.c
@@ -11,6 +11,7 @@
 #include "qapi/error.h"
 #include "qemu/error-report.h"
 #include "qemu/log.h"
+#include "qemu/units.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/blockdev.h"
 #include "hw/loader.h"
@@ -111,7 +112,7 @@ static void pnv_pnor_realize(DeviceState *dev, Error **errp)
 }
 
 static Property pnv_pnor_properties[] = {
-DEFINE_PROP_INT64("size", PnvPnor, size, 128 << 20),
+DEFINE_PROP_INT64("size", PnvPnor, size, 128 * MiB),
 DEFINE_PROP_DRIVE("drive", PnvPnor, blk),
 DEFINE_PROP_END_OF_LIST(),
 };
-- 
2.24.1

Re: [PATCH v2 4/7] arm/acpi: fix PCI _PRT definition

[Michael S. Tsirkin]

On Mon, Feb 03, 2020 at 08:15:02AM +0800, Heyi Guo wrote:
> The address field in each _PRT mapping package should be constructed
> with high word for device# and low word for function#, so it is wrong
> to use bus_no as the high word. Enumerate all possible slots
> (i.e. PCI_SLOT_MAX) instead.
> 
> Signed-off-by: Heyi Guo 


Absolutely matches the spec so

Reviewed-by: Michael S. Tsirkin 

To add to the commit message:
The existing code adds a bunch useless entries with device #s above 31.


> ---
> Cc: Peter Maydell 
> Cc: "Michael S. Tsirkin" 
> Cc: Igor Mammedov 
> Cc: Shannon Zhao 
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel@nongnu.org
> ---
>  hw/arm/virt-acpi-build.c | 10 +-
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> index be752c0ad8..5d157a9dd5 100644
> --- a/hw/arm/virt-acpi-build.c
> +++ b/hw/arm/virt-acpi-build.c
> @@ -151,7 +151,7 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
> MemMapEntry *memmap,
>  {
>  int ecam_id = VIRT_ECAM_ID(highmem_ecam);
>  Aml *method, *crs, *ifctx, *UUID, *ifctx1, *elsectx, *buf;
> -int i, bus_no;
> +int i, slot_no;
>  hwaddr base_mmio = memmap[VIRT_PCIE_MMIO].base;
>  hwaddr size_mmio = memmap[VIRT_PCIE_MMIO].size;
>  hwaddr base_pio = memmap[VIRT_PCIE_PIO].base;
> @@ -170,12 +170,12 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
> MemMapEntry *memmap,
>  aml_append(dev, aml_name_decl("_CCA", aml_int(1)));
>  
>  /* Declare the PCI Routing Table. */
> -Aml *rt_pkg = aml_varpackage(nr_pcie_buses * PCI_NUM_PINS);
> -for (bus_no = 0; bus_no < nr_pcie_buses; bus_no++) {
> +Aml *rt_pkg = aml_varpackage(PCI_SLOT_MAX * PCI_NUM_PINS);
> +for (slot_no = 0; slot_no < PCI_SLOT_MAX; slot_no++) {
>  for (i = 0; i < PCI_NUM_PINS; i++) {
> -int gsi = (i + bus_no) % PCI_NUM_PINS;
> +int gsi = (i + slot_no) % PCI_NUM_PINS;
>  Aml *pkg = aml_package(4);
> -aml_append(pkg, aml_int((bus_no << 16) | 0x));
> +aml_append(pkg, aml_int((slot_no << 16) | 0x));
>  aml_append(pkg, aml_int(i));
>  aml_append(pkg, aml_name("GSI%d", gsi));
>  aml_append(pkg, aml_int(0));
> -- 
> 2.19.1

Re: [PATCH] tests/qtest: update comments about bios-tables-test-allowed-diff.h

[Thomas Huth]

On 02/02/2020 12.00, Heyi Guo wrote:
> Update comments in tests/qtest/bios-tables-test.c to reflect the
> current path of bios-tables-test-allowed-diff.h, which is now under
> tests/qtest/ as well.
> 
> Signed-off-by: Heyi Guo 
> 
> ---
> 
> Cc: "Michael S. Tsirkin" 
> Cc: Igor Mammedov 
> Cc: Thomas Huth 
> Cc: Laurent Vivier 
> Cc: Paolo Bonzini 
> ---
>  tests/qtest/bios-tables-test.c | 10 +-
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
> index 3ab4872bd7..b4752c644c 100644
> --- a/tests/qtest/bios-tables-test.c
> +++ b/tests/qtest/bios-tables-test.c
> @@ -14,14 +14,14 @@
>   * How to add or update the tests:
>   * Contributor:
>   * 1. add empty files for new tables, if any, under tests/data/acpi
> - * 2. list any changed files in tests/bios-tables-test-allowed-diff.h
> + * 2. list any changed files in tests/qtest/bios-tables-test-allowed-diff.h
>   * 3. commit the above *before* making changes that affect the tables
>   *
>   * Contributor or ACPI Maintainer (steps 4-7 need to be redone to resolve 
> conflicts
>   * in binary commit created in step 6):
>   *
>   * After 1-3 above tests will pass but ignore differences with the expected 
> files.
> - * You will also notice that tests/bios-tables-test-allowed-diff.h lists
> + * You will also notice that tests/qtest/bios-tables-test-allowed-diff.h 
> lists
>   * a bunch of files. This is your hint that you need to do the below:
>   * 4. Run
>   *  make check V=1
> @@ -40,14 +40,14 @@
>   *in commit log.
>   * 7. Before sending patches to the list (Contributor)
>   *or before doing a pull request (Maintainer), make sure
> - *tests/bios-tables-test-allowed-diff.h is empty - this will ensure
> + *tests/qtest/bios-tables-test-allowed-diff.h is empty - this will ensure
>   *following changes to ACPI tables will be noticed.
>   *
>   * The resulting patchset/pull request then looks like this:
> - * - patch 1: list changed files in tests/bios-tables-test-allowed-diff.h.
> + * - patch 1: list changed files in 
> tests/qtest/bios-tables-test-allowed-diff.h.
>   * - patches 2 - n: real changes, may contain multiple patches.
>   * - patch n + 1: update golden master binaries and empty
> - *   tests/bios-tables-test-allowed-diff.h
> + *   tests/qtest/bios-tables-test-allowed-diff.h
>   */
>  
>  #include "qemu/osdep.h"
> 

Reviewed-by: Thomas Huth 

Re: [PATCH v2 6/7] arm/acpi: simplify the description of PCI _CRS

[Michael S. Tsirkin]

On Mon, Feb 03, 2020 at 08:15:04AM +0800, Heyi Guo wrote:
> The original code defines a named object for the resource template but
> then returns the resource template object itself; the resulted output
> is like below:
> 
> Method (_CRS, 0, NotSerialized)  // _CRS: Current Resource Settings
> {
> Name (RBUF, ResourceTemplate ()
> {
> WordBusNumber (ResourceProducer, MinFixed, MaxFixed, PosDecode,
> 0x, // Granularity
> 0x, // Range Minimum
> 0x00FF, // Range Maximum
> 0x, // Translation Offset
> 0x0100, // Length
> ,, )
> ..
> })
> Return (ResourceTemplate ()
> {
> WordBusNumber (ResourceProducer, MinFixed, MaxFixed, PosDecode,
> 0x, // Granularity
> 0x, // Range Minimum
> 0x00FF, // Range Maximum
> 0x, // Translation Offset
> 0x0100, // Length
> ,, )
> ..
> })
> }
> 
> So the named object "RBUF" is actually useless. The more natural way
> is to return RBUF instead, or simply drop RBUF definition.
> 
> Choose the latter one to simplify the code.
> 
> Signed-off-by: Heyi Guo 

Reviewed-by: Michael S. Tsirkin 

> ---
> Cc: Peter Maydell 
> Cc: "Michael S. Tsirkin" 
> Cc: Igor Mammedov 
> Cc: Shannon Zhao 
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel@nongnu.org
> ---
>  hw/arm/virt-acpi-build.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> index f3e340b172..fb4b166f82 100644
> --- a/hw/arm/virt-acpi-build.c
> +++ b/hw/arm/virt-acpi-build.c
> @@ -236,7 +236,6 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
> MemMapEntry *memmap,
>   size_mmio_high));
>  }
>  
> -aml_append(method, aml_name_decl("RBUF", rbuf));
>  aml_append(method, aml_return(rbuf));
>  aml_append(dev, method);
>  
> -- 
> 2.19.1

Re: [PATCH v2 5/7] arm/acpi: fix duplicated _UID of PCI interrupt link devices

[Michael S. Tsirkin]

On Mon, Feb 03, 2020 at 08:15:03AM +0800, Heyi Guo wrote:
> Using _UID of 0 for all PCI interrupt link devices absolutely violates
> the spec. Simply increase one by one.
> 
> Signed-off-by: Heyi Guo 


Reviewed-by: Michael S. Tsirkin 

> ---
> Cc: Peter Maydell 
> Cc: "Michael S. Tsirkin" 
> Cc: Igor Mammedov 
> Cc: Shannon Zhao 
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel@nongnu.org
> ---
>  hw/arm/virt-acpi-build.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> index 5d157a9dd5..f3e340b172 100644
> --- a/hw/arm/virt-acpi-build.c
> +++ b/hw/arm/virt-acpi-build.c
> @@ -189,7 +189,7 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
> MemMapEntry *memmap,
>  uint32_t irqs =  irq + i;
>  Aml *dev_gsi = aml_device("GSI%d", i);
>  aml_append(dev_gsi, aml_name_decl("_HID", aml_string("PNP0C0F")));
> -aml_append(dev_gsi, aml_name_decl("_UID", aml_int(0)));
> +aml_append(dev_gsi, aml_name_decl("_UID", aml_int(i)));
>  crs = aml_resource_template();
>  aml_append(crs,
> aml_interrupt(AML_CONSUMER, AML_LEVEL, AML_ACTIVE_HIGH,
> -- 
> 2.19.1

Re: [PATCH v2 7/7] virt/acpi: update golden masters for DSDT update

[Michael S. Tsirkin]

On Mon, Feb 03, 2020 at 08:15:05AM +0800, Heyi Guo wrote:
> Differences between disassembled ASL files:
> 
> diff --git a/DSDT.dsl.orig b/DSDT.dsl
> index ed3e5f0fa9..10cf70c886 100644
> --- a/DSDT.dsl.orig
> +++ b/DSDT.dsl
> @@ -5,13 +5,13 @@
>   *
>   * Disassembling to symbolic ASL+ operators
>   *
> - * Disassembly of DSDT, Thu Jan 23 16:00:04 2020
> + * Disassembly of DSDT.new, Thu Jan 23 16:47:12 2020
>   *
>   * Original Table Header:
>   * Signature"DSDT"
> - * Length   0x481E (18462)
> + * Length   0x14BB (5307)
>   * Revision 0x02
> - * Checksum 0x60
> + * Checksum 0xD1
>   * OEM ID   "BOCHS "
>   * OEM Table ID "BXPCDSDT"
>   * OEM Revision 0x0001 (1)
> @@ -43,7 +43,6 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
> 0x0001)
>  0x0021,
>  }
>  })
> -Name (_ADR, 0x0900)  // _ADR: Address
>  }
> 
>  Device (FLS0)
> @@ -668,11 +667,10 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
> 0x0001)
>  Name (_CID, "PNP0A03" /* PCI Bus */)  // _CID: Compatible ID
>  Name (_SEG, Zero)  // _SEG: PCI Segment
>  Name (_BBN, Zero)  // _BBN: BIOS Bus Number
> -Name (_ADR, Zero)  // _ADR: Address
>  Name (_UID, "PCI0")  // _UID: Unique ID
>  Name (_STR, Unicode ("PCIe 0 Device"))  // _STR: Description 
> String
>  Name (_CCA, One)  // _CCA: Cache Coherency Attribute
> -Name (_PRT, Package (0x0400)  // _PRT: PCI Routing Table
> +Name (_PRT, Package (0x80)  // _PRT: PCI Routing Table
>  {
>  Package (0x04)
>  {
> @@ -1696,7174 +1694,6 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", 
> "BXPCDSDT", 0x0001)
>  0x03,
>  GSI2,
>  Zero
> -},
> -
> -Package (0x04)
> -{
> -0x0020,
> -Zero,
> -GSI0,
> -Zero
> -},
> -
> -*Omit the other (4 * (256 - 32) - 2) packages*
> -
> -Package (0x04)
> -{
> -0x00FF,
> -0x03,
> -GSI2,
> -Zero
>  }
>  })
>  Device (GSI0)
> @@ -8892,7 +1722,7 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
> 0x0001)
>  Device (GSI1)
>  {
>  Name (_HID, "PNP0C0F" /* PCI Interrupt Link Device */)  // 
> _HID: Hardware ID
> -Name (_UID, Zero)  // _UID: Unique ID
> +Name (_UID, One)  // _UID: Unique ID
>  Name (_PRS, ResourceTemplate ()  // _PRS: Possible Resource 
> Settings
>  {
>  Interrupt (ResourceConsumer, Level, ActiveHigh, 
> Exclusive, ,, )
> @@ -8915,7 +1745,7 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
> 0x0001)
>  Device (GSI2)
>  {
>  Name (_HID, "PNP0C0F" /* PCI Interrupt Link Device */)  // 
> _HID: Hardware ID
> -Name (_UID, Zero)  // _UID: Unique ID
> +Name (_UID, 0x02)  // _UID: Unique ID
>  Name (_PRS, ResourceTemplate ()  // _PRS: Possible Resource 
> Settings
>  {
>  Interrupt (ResourceConsumer, Level, ActiveHigh, 
> Exclusive, ,, )
> @@ -8938,7 +1768,7 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
> 0x0001)
>  Device (GSI3)
>  {
>  Name (_HID, "PNP0C0F" /* PCI Interrupt Link Device */)  // 
> _HID: Hardware ID
> -Name (_UID, Zero)  // _UID: Unique ID
> +Name (_UID, 0x03)  // _UID: Unique ID
>  Name (_PRS, ResourceTemplate ()  // _PRS: Possible Resource 
> Settings
>  {
>  Interrupt (ResourceConsumer, Level, ActiveHigh, 
> Exclusive, ,, )
> @@ -8965,37 +1795,6 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
> 0x0001)
> 
>  Method (_CRS, 0, NotSerialized)  // _CRS: Current Resource 
> Settings
>  {
> -Name (RBUF, ResourceTemplate ()
> -{
> -WordBusNumber (ResourceProducer, MinFixed, MaxFixed, 
> PosDecode,
> -0x, // Granularity
> -0x, // Range Minimum
> -0x00FF, // Range Maximum
> -0x, // Translation Offset
> -0x0100, // Length
> -,, )
> -DWordMemory (ResourceProducer, PosDecode, MinFixed, 
> MaxFixed, NonCacheable, 

Re: [PATCH v2 1/7] bios-tables-test: prepare to change ARM virt ACPI DSDT

[Michael S. Tsirkin]

On Mon, Feb 03, 2020 at 08:14:59AM +0800, Heyi Guo wrote:
> We are going to change ARM virt ACPI DSDT table, which will cause make
> check to fail, so temporarily add related golden masters to ignore
> list.
> 
> Signed-off-by: Heyi Guo 


Reviewed-by: Michael S. Tsirkin 

> ---
> Cc: Peter Maydell 
> Cc: "Michael S. Tsirkin" 
> Cc: Igor Mammedov 
> Cc: Shannon Zhao 
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel@nongnu.org
> ---
>  tests/qtest/bios-tables-test-allowed-diff.h | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/tests/qtest/bios-tables-test-allowed-diff.h 
> b/tests/qtest/bios-tables-test-allowed-diff.h
> index dfb8523c8b..32a401ae35 100644
> --- a/tests/qtest/bios-tables-test-allowed-diff.h
> +++ b/tests/qtest/bios-tables-test-allowed-diff.h
> @@ -1 +1,4 @@
>  /* List of comma-separated changed AML files to ignore */
> +"tests/data/acpi/virt/DSDT",
> +"tests/data/acpi/virt/DSDT.memhp",
> +"tests/data/acpi/virt/DSDT.numamem",
> -- 
> 2.19.1

Re: [PATCH v2 3/7] arm/virt/acpi: remove _ADR from devices identified by _HID

[Michael S. Tsirkin]

On Mon, Feb 03, 2020 at 08:15:01AM +0800, Heyi Guo wrote:
> According to ACPI spec, _ADR should be used for device on a bus that
> has a standard enumeration algorithm, but not for device which is on
> system bus and must be enumerated by OSPM. And it is not recommended
> to contain both _HID and _ADR in a single device.
> 
> See ACPI 6.3, section 6.1, top of page 343:
> 
> A device object must contain either an _HID object or an _ADR object,
> but should not contain both.
> 
> (https://uefi.org/sites/default/files/resources/ACPI_6_3_May16.pdf)
> 
> Signed-off-by: Heyi Guo 
> Acked-by: Igor Mammedov 


Acked-by: Michael S. Tsirkin 

> ---
> Cc: Shannon Zhao 
> Cc: Peter Maydell 
> Cc: "Michael S. Tsirkin" 
> Cc: Igor Mammedov 
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel@nongnu.org
> ---
>  hw/arm/virt-acpi-build.c | 8 
>  1 file changed, 8 deletions(-)
> 
> diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> index 9f4c7d1889..be752c0ad8 100644
> --- a/hw/arm/virt-acpi-build.c
> +++ b/hw/arm/virt-acpi-build.c
> @@ -78,11 +78,6 @@ static void acpi_dsdt_add_uart(Aml *scope, const 
> MemMapEntry *uart_memmap,
>   AML_EXCLUSIVE, _irq, 1));
>  aml_append(dev, aml_name_decl("_CRS", crs));
>  
> -/* The _ADR entry is used to link this device to the UART described
> - * in the SPCR table, i.e. SPCR.base_address.address == _ADR.
> - */
> -aml_append(dev, aml_name_decl("_ADR", aml_int(uart_memmap->base)));
> -
>  aml_append(scope, dev);
>  }
>  
> @@ -170,7 +165,6 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
> MemMapEntry *memmap,
>  aml_append(dev, aml_name_decl("_CID", aml_string("PNP0A03")));
>  aml_append(dev, aml_name_decl("_SEG", aml_int(0)));
>  aml_append(dev, aml_name_decl("_BBN", aml_int(0)));
> -aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
>  aml_append(dev, aml_name_decl("_UID", aml_string("PCI0")));
>  aml_append(dev, aml_name_decl("_STR", aml_unicode("PCIe 0 Device")));
>  aml_append(dev, aml_name_decl("_CCA", aml_int(1)));
> @@ -334,7 +328,6 @@ static void acpi_dsdt_add_gpio(Aml *scope, const 
> MemMapEntry *gpio_memmap,
>  {
>  Aml *dev = aml_device("GPO0");
>  aml_append(dev, aml_name_decl("_HID", aml_string("ARMH0061")));
> -aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
>  aml_append(dev, aml_name_decl("_UID", aml_int(0)));
>  
>  Aml *crs = aml_resource_template();
> @@ -364,7 +357,6 @@ static void acpi_dsdt_add_power_button(Aml *scope)
>  {
>  Aml *dev = aml_device(ACPI_POWER_BUTTON_DEVICE);
>  aml_append(dev, aml_name_decl("_HID", aml_string("PNP0C0C")));
> -aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
>  aml_append(dev, aml_name_decl("_UID", aml_int(0)));
>  aml_append(scope, dev);
>  }
> -- 
> 2.19.1

Re: [Bug 1860759] Re: [REGRESSION] option `-snapshot` ignored with blockdev

[Ildar]

this answers the whole question. Thanks a lot. closing


** Changed in: qemu
   Status: New => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1860759

Title:
  [REGRESSION] option `-snapshot` ignored with blockdev

Status in QEMU:
  Invalid

Bug description:
  After upgrade of qemu 3.1.0 → 4.2.0 I found that running with libvirt doesn't 
honor `-snapshot` option anymore. I.e. disk images get modified.
  Using `-hda` option honors `-snapshot`

  So I made a test case without libvirt. Testcase using 4.2.0:

  > qemu -hda tmp-16G.img -cdrom regular-rescue-latest-x86_64.iso -m 2G

  This works fine and tmp-16G.img stays unmodified.

  But:
  > /usr/bin/qemu-system-x86_64 -name guest=test-linux,debug-threads=on -S 
-machine pc-i440fx-3.1,accel=kvm,usb=off,vmport=off,dump-guest-core=off -cpu 
Broadwell-noTSX,vme=on,ss=on,f16c=on,rdrand=on,hypervisor=on,arat=on,tsc-adjust=on,xsaveopt=on,pdpe1gb=on,abm=on
 -m 2048 -overcommit mem-lock=off -smp 3,sockets=3,cores=1,threads=1 -uuid 
d32a9191-f51d-4fae-a419-b73d85b49198 -no-user-config -nodefaults -rtc 
base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet 
-no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot 
strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device 
ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 
-device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 
-device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 
-blockdev 
\{\"driver\":\"file\",\"filename\":\"/tmp/regular-rescue-latest-x86_64.iso\",\"node-name\":\"libvirt-2-storage\",\"auto-read-only\":true,\"discard\":\"unmap\"}
 -blockdev 
\{\"node-name\":\"libvirt-2-format\",\"read-only\":true,\"driver\":\"raw\",\"file\":\"libvirt-2-storage\"}
 -device ide-cd,bus=ide.0,unit=0,drive=libvirt-2-format,id=ide0-0-0,bootindex=1 
-blockdev 
\{\"driver\":\"file\",\"filename\":\"/tmp/tmp-2G.img\",\"node-name\":\"libvirt-1-storage\",\"auto-read-only\":true,\"discard\":\"unmap\"}
 -blockdev 
\{\"node-name\":\"libvirt-1-format\",\"read-only\":false,\"driver\":\"qcow2\",\"file\":\"libvirt-1-storage\",\"backing\":null}
 -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=libvirt-1-format,id=virtio-disk0
 -netdev user,id=hostnet0 -device 
e1000,netdev=hostnet0,id=net0,mac=52:54:00:ab:d8:29,bus=pci.0,addr=0x3 -chardev 
pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device 
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0x2
 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device 
hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device 
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -snapshot -sandbox 
on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg 
timestamp=on

  This modifies tmp-16G.img.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1860759/+subscriptions

[PATCH qemu v6 5/6] spapr: Allow changing offset for -kernel image

[Alexey Kardashevskiy]

This allows moving the kernel in the guest memory. The option is useful
for step debugging (as Linux is linked at 0x0); it also allows loading
grub which is normally linked to run at 0x2.

This uses the existing kernel address by default.

Signed-off-by: Alexey Kardashevskiy 
---
 include/hw/ppc/spapr.h |  1 +
 hw/ppc/spapr.c | 38 +++---
 2 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 3b50f36c338a..32e831a395ae 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -164,6 +164,7 @@ struct SpaprMachineState {
 void *fdt_blob;
 long kernel_size;
 bool kernel_le;
+uint64_t kernel_addr;
 uint32_t initrd_base;
 long initrd_size;
 uint64_t rtc_offset; /* Now used only during incoming migration */
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 60153bf0b771..b59e9dc360fe 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1054,7 +1054,7 @@ static void spapr_dt_chosen(SpaprMachineState *spapr, 
void *fdt)
 }
 
 if (spapr->kernel_size) {
-uint64_t kprop[2] = { cpu_to_be64(KERNEL_LOAD_ADDR),
+uint64_t kprop[2] = { cpu_to_be64(spapr->kernel_addr),
   cpu_to_be64(spapr->kernel_size) };
 
 _FDT(fdt_setprop(fdt, chosen, "qemu,boot-kernel",
@@ -1242,7 +1242,8 @@ void *spapr_build_fdt(SpaprMachineState *spapr, bool 
reset, size_t space)
 /* Build memory reserve map */
 if (reset) {
 if (spapr->kernel_size) {
-_FDT((fdt_add_mem_rsv(fdt, KERNEL_LOAD_ADDR, spapr->kernel_size)));
+_FDT((fdt_add_mem_rsv(fdt, spapr->kernel_addr,
+  spapr->kernel_size)));
 }
 if (spapr->initrd_size) {
 _FDT((fdt_add_mem_rsv(fdt, spapr->initrd_base,
@@ -1270,7 +1271,9 @@ void *spapr_build_fdt(SpaprMachineState *spapr, bool 
reset, size_t space)
 
 static uint64_t translate_kernel_address(void *opaque, uint64_t addr)
 {
-return (addr & 0x0fff) + KERNEL_LOAD_ADDR;
+SpaprMachineState *spapr = opaque;
+
+return (addr & 0x0fff) + spapr->kernel_addr;
 }
 
 static void emulate_spapr_hypercall(PPCVirtualHypervisor *vhyp,
@@ -2947,14 +2950,15 @@ static void spapr_machine_init(MachineState *machine)
 uint64_t lowaddr = 0;
 
 spapr->kernel_size = load_elf(kernel_filename, NULL,
-  translate_kernel_address, NULL,
+  translate_kernel_address, spapr,
   NULL, , NULL, NULL, 1,
   PPC_ELF_MACHINE, 0, 0);
 if (spapr->kernel_size == ELF_LOAD_WRONG_ENDIAN) {
 spapr->kernel_size = load_elf(kernel_filename, NULL,
-  translate_kernel_address, NULL, NULL,
+  translate_kernel_address, spapr, 
NULL,
   , NULL, NULL, 0,
-  PPC_ELF_MACHINE, 0, 0);
+  PPC_ELF_MACHINE,
+  0, 0);
 spapr->kernel_le = spapr->kernel_size > 0;
 }
 if (spapr->kernel_size < 0) {
@@ -2968,7 +2972,7 @@ static void spapr_machine_init(MachineState *machine)
 /* Try to locate the initrd in the gap between the kernel
  * and the firmware. Add a bit of space just in case
  */
-spapr->initrd_base = (KERNEL_LOAD_ADDR + spapr->kernel_size
+spapr->initrd_base = (spapr->kernel_addr + spapr->kernel_size
   + 0x1) & ~0x;
 spapr->initrd_size = load_image_targphys(initrd_filename,
  spapr->initrd_base,
@@ -3214,6 +3218,18 @@ static void spapr_set_vsmt(Object *obj, Visitor *v, 
const char *name,
 visit_type_uint32(v, name, (uint32_t *)opaque, errp);
 }
 
+static void spapr_get_kernel_addr(Object *obj, Visitor *v, const char *name,
+  void *opaque, Error **errp)
+{
+visit_type_uint64(v, name, (uint64_t *)opaque, errp);
+}
+
+static void spapr_set_kernel_addr(Object *obj, Visitor *v, const char *name,
+  void *opaque, Error **errp)
+{
+visit_type_uint64(v, name, (uint64_t *)opaque, errp);
+}
+
 static char *spapr_get_ic_mode(Object *obj, Error **errp)
 {
 SpaprMachineState *spapr = SPAPR_MACHINE(obj);
@@ -3319,6 +3335,14 @@ static void spapr_instance_init(Object *obj)
 object_property_add_bool(obj, "vfio-no-msix-emulation",
  spapr_get_msix_emulation, NULL, NULL);
 
+object_property_add(obj, "kernel-addr", "uint64", spapr_get_kernel_addr,
+spapr_set_kernel_addr, NULL, >kernel_addr,
+_abort);
+

[PATCH qemu v6 2/6] ppc/spapr: Move GPRs setup to one place

[Alexey Kardashevskiy]

At the moment "pseries" starts in SLOF which only expects the FDT blob
pointer in r3. As we are going to introduce a OpenFirmware support in
QEMU, we will be booting OF clients directly and these expect a stack
pointer in r1, the OF entry point in r5 and in addition to this, Linux
looks at r3/r4 for the initramdisk location (although vmlinux can find
this from the device tree but zImage from distro kernels cannot).

This extends spapr_cpu_set_entry_state() to take more registers. This
should cause no behavioral change.

Signed-off-by: Alexey Kardashevskiy 
---
 include/hw/ppc/spapr_cpu_core.h | 4 +++-
 hw/ppc/spapr.c  | 4 ++--
 hw/ppc/spapr_cpu_core.c | 7 ++-
 hw/ppc/spapr_rtas.c | 2 +-
 4 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/include/hw/ppc/spapr_cpu_core.h b/include/hw/ppc/spapr_cpu_core.h
index 1c4cc6559c52..edd7214fafcf 100644
--- a/include/hw/ppc/spapr_cpu_core.h
+++ b/include/hw/ppc/spapr_cpu_core.h
@@ -40,7 +40,9 @@ typedef struct SpaprCpuCoreClass {
 } SpaprCpuCoreClass;
 
 const char *spapr_get_cpu_core_type(const char *cpu_type);
-void spapr_cpu_set_entry_state(PowerPCCPU *cpu, target_ulong nip, target_ulong 
r3);
+void spapr_cpu_set_entry_state(PowerPCCPU *cpu, target_ulong nip,
+   target_ulong r1, target_ulong r3,
+   target_ulong r4, target_ulong r5);
 
 typedef struct SpaprCpuState {
 uint64_t vpa_addr;
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index c9b2e0a5e060..660a4b60e072 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1674,8 +1674,8 @@ static void spapr_machine_reset(MachineState *machine)
 spapr->fdt_blob = fdt;
 
 /* Set up the entry state */
-spapr_cpu_set_entry_state(first_ppc_cpu, SPAPR_ENTRY_POINT, fdt_addr);
-first_ppc_cpu->env.gpr[5] = 0;
+spapr_cpu_set_entry_state(first_ppc_cpu, SPAPR_ENTRY_POINT,
+  0, fdt_addr, 0, 0);
 
 spapr->cas_reboot = false;
 
diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index d09125d9afd4..696b76598dd7 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -84,13 +84,18 @@ static void spapr_reset_vcpu(PowerPCCPU *cpu)
 spapr_irq_cpu_intc_reset(spapr, cpu);
 }
 
-void spapr_cpu_set_entry_state(PowerPCCPU *cpu, target_ulong nip, target_ulong 
r3)
+void spapr_cpu_set_entry_state(PowerPCCPU *cpu, target_ulong nip,
+   target_ulong r1, target_ulong r3,
+   target_ulong r4, target_ulong r5)
 {
 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
 CPUPPCState *env = >env;
 
 env->nip = nip;
+env->gpr[1] = r1;
 env->gpr[3] = r3;
+env->gpr[4] = r4;
+env->gpr[5] = r5;
 kvmppc_set_reg_ppc_online(cpu, 1);
 CPU(cpu)->halted = 0;
 /* Enable Power-saving mode Exit Cause exceptions */
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 656fdd221665..9e3cbd70bbd9 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -190,7 +190,7 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, 
SpaprMachineState *spapr,
  */
 newcpu->env.tb_env->tb_offset = callcpu->env.tb_env->tb_offset;
 
-spapr_cpu_set_entry_state(newcpu, start, r3);
+spapr_cpu_set_entry_state(newcpu, start, 0, r3, 0, 0);
 
 qemu_cpu_kick(CPU(newcpu));
 
-- 
2.17.1

[PATCH qemu v6 3/6] spapr/spapr: Make vty_getchars public

[Alexey Kardashevskiy]

A serial device fetches the data from the chardev backend as soon as
input happens and stores it in its internal device specific buffer, every
char device implements it again. Since there is no unified interface to
read such buffer, we will have to read characters directly from
VIO_SPAPR_VTY_DEVICE. The OF client is going to need this.

Signed-off-by: Alexey Kardashevskiy 
---
 include/hw/ppc/spapr_vio.h | 1 +
 hw/char/spapr_vty.c| 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/hw/ppc/spapr_vio.h b/include/hw/ppc/spapr_vio.h
index bed7df60e35c..77e9b73bdfe0 100644
--- a/include/hw/ppc/spapr_vio.h
+++ b/include/hw/ppc/spapr_vio.h
@@ -130,6 +130,7 @@ int spapr_vio_send_crq(SpaprVioDevice *dev, uint8_t *crq);
 
 SpaprVioDevice *vty_lookup(SpaprMachineState *spapr, target_ulong reg);
 void vty_putchars(SpaprVioDevice *sdev, uint8_t *buf, int len);
+int vty_getchars(SpaprVioDevice *sdev, uint8_t *buf, int max);
 void spapr_vty_create(SpaprVioBus *bus, Chardev *chardev);
 void spapr_vlan_create(SpaprVioBus *bus, NICInfo *nd);
 void spapr_vscsi_create(SpaprVioBus *bus);
diff --git a/hw/char/spapr_vty.c b/hw/char/spapr_vty.c
index ecb94f5673ca..1c00da75b4f1 100644
--- a/hw/char/spapr_vty.c
+++ b/hw/char/spapr_vty.c
@@ -52,7 +52,7 @@ static void vty_receive(void *opaque, const uint8_t *buf, int 
size)
 }
 }
 
-static int vty_getchars(SpaprVioDevice *sdev, uint8_t *buf, int max)
+int vty_getchars(SpaprVioDevice *sdev, uint8_t *buf, int max)
 {
 SpaprVioVty *dev = VIO_SPAPR_VTY_DEVICE(sdev);
 int n = 0;
-- 
2.17.1

[PATCH qemu v6 6/6] spapr: Implement Open Firmware client interface

[Alexey Kardashevskiy]

The PAPR platform which describes an OS environment that's presented by
a combination of a hypervisor and firmware. The features it specifies
require collaboration between the firmware and the hypervisor.

Since the beginning, the runtime component of the firmware (RTAS) has
been implemented as a 20 byte shim which simply forwards it to
a hypercall implemented in qemu. The boottime firmware component is
SLOF - but a build that's specific to qemu, and has always needed to be
updated in sync with it. Even though we've managed to limit the amount
of runtime communication we need between qemu and SLOF, there's some,
and it's become increasingly awkward to handle as we've implemented
new features.

This implements a boot time OF client interface (CI) which is
enabled by a new "vof" pseries machine option (stands for "Virtual Open
Firmware). When enabled, QEMU does not load SLOF, instead it copies
a small RTAS-alike 20-bytes long shim and jumps to the image from
"-kernel"; if no -kernel specified, this tries loading a bootloader from
boot devices.

This adds very basic support to read MBR/GPT to find a PReP partition
which is then loaded as an ELF. spapr-vty and virtio-scsi are supported
(it is basically adding a "disk" node under a SCSI host).

This adds support for a console. For output any serial device can be used,
for stdin the support is limited by spapr-vty only as allowing input from
a serial device requires device-model specific code (output is simpler).

Note that this implements blockdev and chardev support by hooking OF CI
calls to the backends bypassing any devices and drivers in between.

This implements a handful of CI methods just to get Linux and GRUB going;
Linux requires even less. In particular, this implements the device tree
fetching, reading from block device, read-write stdout/stdin,
ibm,client-architecture-support and instantiate-rtas.

This implements changing some device tree properties which we know how
to deal with, the rest is ignored. To allow changes, this skips
fdt_pack() when vof=on as not packing the blob leaves some room for
appending.

In absence of SLOF, this assigns "phandles" to device tree nodes to make
device tree traversing work.

When vof=off, this adds "/chosen" every time QEMU (re)builds a tree.

This implements "claim" (an OF CI memory allocator) and updates
"/memory@0/available" to report the client about available memory.

This adds a machine ready hook which looks for a bootloader as this cannot
be done from:
- machine init: too early, devices and their bootinedxes
are not known yet;
- machine reset: too late, all images must be registered with the image's
"loader.c" before that.

This disables the translate_kernel_address() hack from ELF loader when
vof=on to allow passing GRUB image via -kernel (requires
-kernel-addr=0x20 as this is how GRUB is linked).

This adds basic instances support which are managed by a hashmap
ihandle -> [phandle, DeviceState, CharBackend, BlockBackend].

Before the guest started, the used memory is:
0..8000 - stack (the size is copied from SLOF, tested 4k - too little)
8000..8020 - OF CI blob
20..60 - GRUB

The limitations summary:
1. load_elf only loads from files so this stores a found bootloader in
the current directory and then calls load_elf on it;
2. load_elf does not report used memory;
3. reading serial device is device-model specific;
4. no networking in OF CI at all;
5. no vga;
6. no disk partitions in CI, i.e. no commas to select a partition -
this relies on a bootloader accessing the disk as a whole;
7. "interpret" (executes passed forth expression) does nothing as in this
environment grub only uses it for switching cursor off and similar tasks.


The test command line (basically - requires a boot order in any form and
"vof=on",):

./ppc64-softmmu/qemu-system-ppc64 \
-nodefaults \
-chardev stdio,id=STDIO0,signal=off,mux=on \
-device spapr-vty,id=svty0,reg=0x71000110,chardev=STDIO0 \
-mon id=MON0,chardev=STDIO0,mode=readline \
-nographic \
-vga none \
-machine pseries,vof=on \
-m 4G \
-device spapr-vscsi,id=svscsi0 \
-drive id=DRIVE0,if=none,file=img/f30le.qcow2,format=qcow2 \
-device scsi-hd,id=scsi-hd0,drive=DRIVE0,bootindex=1 \
-snapshot \
-enable-kvm \
-smp 8,threads=8 \
-L /home/aik/t/qemu-ppc64-bios/ \
-trace events=qemu_trace_events \
-d guest_errors \
-chardev socket,id=SOCKET0,server,nowait,path=qemu.mon.ssh55056 \
-mon chardev=SOCKET0,mode=control


Signed-off-by: Alexey Kardashevskiy 
---
Changes:
v6:
* borrowed a big chunk of commit log introduction from David
* fixed initial stack pointer (points to the highest address of stack)
* traces for "interpret" and others
* disabled  translate_kernel_address() hack so grub can load (work in
progress)
* added "milliseconds" for grub
* fixed "claim" allocator again
* moved FDT_MAX_SIZE to spapr.h as spapr_of_client.c wants it too for CAS
* moved the most code possible from spapr.c to spapr_of_client.c, such as
RTAS, prom entry and FDT build/finalize
* 

[PATCH qemu v6 4/6] spapr/cas: Separate CAS handling from rebuilding the FDT

[Alexey Kardashevskiy]

At the moment "ibm,client-architecture-support" ("CAS") is implemented
in SLOF and QEMU assists via the custom H_CAS hypercall which copies
an updated flatten device tree (FDT) blob to the SLOF memory which
it then uses to update its internal tree.

When we enable the OpenFirmware client interface in QEMU, we won't need
to copy the FDT to the guest as the client is expected to fetch
the device tree using the client interface.

This moves FDT rebuild out to a separate helper which is going to be
called from the "ibm,client-architecture-support" handler and leaves
writing FDT to the guest in the H_CAS handler.

This should not cause any behavioral change.

Signed-off-by: Alexey Kardashevskiy 
---
 include/hw/ppc/spapr.h |  7 +
 hw/ppc/spapr.c |  1 -
 hw/ppc/spapr_hcall.c   | 67 ++
 3 files changed, 48 insertions(+), 27 deletions(-)

diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index a1fba95c824b..3b50f36c338a 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -102,6 +102,8 @@ typedef enum {
 #define SPAPR_CAP_FIXED_CCD 0x03
 #define SPAPR_CAP_FIXED_NA  0x10 /* Lets leave a bit of a gap... */
 
+#define FDT_MAX_SIZE0x10
+
 typedef struct SpaprCapabilities SpaprCapabilities;
 struct SpaprCapabilities {
 uint8_t caps[SPAPR_CAP_NUM];
@@ -551,6 +553,11 @@ void spapr_register_hypercall(target_ulong opcode, 
spapr_hcall_fn fn);
 target_ulong spapr_hypercall(PowerPCCPU *cpu, target_ulong opcode,
  target_ulong *args);
 
+target_ulong do_client_architecture_support(PowerPCCPU *cpu,
+SpaprMachineState *spapr,
+target_ulong addr,
+target_ulong fdt_bufsize);
+
 /* Virtual Processor Area structure constants */
 #define VPA_MIN_SIZE   640
 #define VPA_SIZE_OFFSET0x4
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 660a4b60e072..60153bf0b771 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -95,7 +95,6 @@
  *
  * We load our kernel at 4M, leaving space for SLOF initial image
  */
-#define FDT_MAX_SIZE0x10
 #define RTAS_MAX_ADDR   0x8000 /* RTAS must stay below that */
 #define FW_MAX_SIZE 0x40
 #define FW_FILE_NAME"slof.bin"
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index b8bb66b5c0d4..da50d8ee5dd7 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1660,16 +1660,12 @@ static bool spapr_hotplugged_dev_before_cas(void)
 return false;
 }
 
-static target_ulong h_client_architecture_support(PowerPCCPU *cpu,
-  SpaprMachineState *spapr,
-  target_ulong opcode,
-  target_ulong *args)
+target_ulong do_client_architecture_support(PowerPCCPU *cpu,
+SpaprMachineState *spapr,
+target_ulong vec,
+target_ulong fdt_bufsize)
 {
-/* Working address in data buffer */
-target_ulong addr = ppc64_phys_to_real(args[0]);
-target_ulong fdt_buf = args[1];
-target_ulong fdt_bufsize = args[2];
-target_ulong ov_table;
+target_ulong ov_table; /* Working address in data buffer */
 uint32_t cas_pvr;
 SpaprOptionVector *ov1_guest, *ov5_guest, *ov5_cas_old;
 bool guest_radix;
@@ -1689,7 +1685,7 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 }
 }
 
-cas_pvr = cas_check_pvr(spapr, cpu, , _mode_supported, 
_err);
+cas_pvr = cas_check_pvr(spapr, cpu, , _mode_supported, _err);
 if (local_err) {
 error_report_err(local_err);
 return H_HARDWARE;
@@ -1712,7 +1708,7 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 }
 
 /* For the future use: here @ov_table points to the first option vector */
-ov_table = addr;
+ov_table = vec;
 
 ov1_guest = spapr_ovec_parse_vector(ov_table, 1);
 if (!ov1_guest) {
@@ -1836,7 +1832,6 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 
 if (!spapr->cas_reboot) {
 void *fdt;
-SpaprDeviceTreeUpdateHeader hdr = { .version_id = 1 };
 
 /* If spapr_machine_reset() did not set up a HPT but one is necessary
  * (because the guest isn't going to use radix) then set it up here. */
@@ -1845,21 +1840,7 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 spapr_setup_hpt_and_vrma(spapr);
 }
 
-if (fdt_bufsize < sizeof(hdr)) {
-error_report("SLOF provided insufficient CAS buffer "
- TARGET_FMT_lu " (min: %zu)", fdt_bufsize, 
sizeof(hdr));
-exit(EXIT_FAILURE);
-}
-
-

[PATCH qemu v6 1/6] ppc: Start CPU in the default mode which is big-endian 32bit

[Alexey Kardashevskiy]

At the moment we enforce 64bit mode on a CPU when reset. This does not
make difference as SLOF or Linux set the desired mode straight away.
However if we ever boot something other than these two,
this might not work as, for example, GRUB expects the default MSR state
and does not work properly.

This removes setting MSR_SF from the PPC CPU reset.

Signed-off-by: Alexey Kardashevskiy 
---
 target/ppc/translate_init.inc.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/target/ppc/translate_init.inc.c b/target/ppc/translate_init.inc.c
index 53995f62eab2..f6a676cf55e8 100644
--- a/target/ppc/translate_init.inc.c
+++ b/target/ppc/translate_init.inc.c
@@ -10710,12 +10710,6 @@ static void ppc_cpu_reset(CPUState *s)
 #endif
 #endif
 
-#if defined(TARGET_PPC64)
-if (env->mmu_model & POWERPC_MMU_64) {
-msr |= (1ULL << MSR_SF);
-}
-#endif
-
 hreg_store_msr(env, msr, 1);
 
 #if !defined(CONFIG_USER_ONLY)
-- 
2.17.1

[PATCH qemu v6 0/6] spapr: Kill SLOF

[Alexey Kardashevskiy]

This is v6 of an effort to implement Open Firmware Client Interface
in QEMU. The feature is described in 6/6, 1/6..5/6 are small
but necessary preparations.

With this thing, I can boot unmodified Ubuntu 18.04 and Fedora 30
directly from the disk without SLOF.


This is based on sha1
532fe321cf06 Richard Henderson "target/ppc: Use probe_write for DCBZ".

Please comment. Thanks.



Alexey Kardashevskiy (6):
  ppc: Start CPU in the default mode which is big-endian 32bit
  ppc/spapr: Move GPRs setup to one place
  spapr/spapr: Make vty_getchars public
  spapr/cas: Separate CAS handling from rebuilding the FDT
  spapr: Allow changing offset for -kernel image
  spapr: Implement Open Firmware client interface

 hw/ppc/Makefile.objs|1 +
 include/hw/ppc/spapr.h  |   29 +-
 include/hw/ppc/spapr_cpu_core.h |4 +-
 include/hw/ppc/spapr_vio.h  |1 +
 hw/char/spapr_vty.c |2 +-
 hw/ppc/spapr.c  |  139 ++-
 hw/ppc/spapr_cpu_core.c |7 +-
 hw/ppc/spapr_hcall.c|   73 +-
 hw/ppc/spapr_of_client.c| 1526 +++
 hw/ppc/spapr_rtas.c |2 +-
 target/ppc/translate_init.inc.c |6 -
 hw/ppc/trace-events |   24 +
 12 files changed, 1744 insertions(+), 70 deletions(-)
 create mode 100644 hw/ppc/spapr_of_client.c

-- 
2.17.1

Re: [RFC] QEMU Gating CI

[Cleber Rosa]

On Fri, Jan 17, 2020 at 02:33:54PM +, Peter Maydell wrote:
> On Mon, 2 Dec 2019 at 14:06, Cleber Rosa  wrote:
> >
> > RFC: QEMU Gating CI
> > ===
> >
> > This RFC attempts to address most of the issues described in
> > "Requirements/GatinCI"[1].  An also relevant write up is the "State of
> > QEMU CI as we enter 4.0"[2].
> >
> > The general approach is one to minimize the infrastructure maintenance
> > and development burden, leveraging as much as possible "other people's"
> > infrastructure and code.  GitLab's CI/CD platform is the most relevant
> > component dealt with here.
> 
> Happy New Year! Now we're in 2020, any chance of an update on
> plans/progress here? I would very much like to be able to hand
> processing of pull requests over to somebody else after the
> 5.0 cycle, if not before. (I'm quite tempted to make that a
> hard deadline and just say that somebody else will have to
> pick it up for 5.1, regardless...)
> 
> thanks
> -- PMM
> 

Hi Peter,

Last time I believe the take was to be as simplistic as possible, and
try to focus on the bare mininum necessary to implement the workflow
you described[1].  The following lines preceded by ">>>" were
extracted from the Wiki and will be used to explain those points.

   >>> The set of machine I currently test on are:
   >>>
   >>>  * an S390x box (this is provided to the project by IBM's Community
   >>>Cloud so can be used for the new CI setup)
   >>>  * aarch32 (as a chroot on an aarch64 system)
   >>>  * aarch64
   >>>  * ppc64 (on the GCC compile farm)

I've built an updated gitlab-runner version for s390x, aarch64 and
ppc64[2].  I've now tested its behavior with the shell executor
(instead of docker) on aarch64 and ppc64.  I did not get a chance yet
to test this new version and executor with s390x, but I'm planning
to do it soon.

   >>>  * OSX
   >>>  * Windows crossbuilds
   >>>  * NetBSD, FreeBSD and OpenBSD using the tests/vm VMs

gitlab-runner clients are available for Darwin, Windows (native)
and FreeBSD.  I have *not* tested any of those, though.   I've
tried a Windows crossbuild, and with the right packages installed,
and worked like a charm on a Fedora machine.

   >>>  * x86-64 Linux with a variety of different build configs (see the
   >>>'remake-merge-builds' script for how these are set up)

This is of course the more standard setup for gitlab-runner, and the
bulk of the work that I'm posting here is related to those different
build configs.  I assumed those x86-64 machines had some sort version
of Ubuntu, so I used 18.04.3 LTS.  Hopefully it maches most or all of
the current environment.  Please refer to messages on the mailing list
with $SUBJECT:

 [RFC PATCH 1/2] GitLab CI: avoid calling before_scripts on unintended jobs
 [RFC PATCH 2/2] GitLab CI: crude mapping of PMM's scripts to jobs

There are few question in there which I'd appreciate help with.

   >>> Testing process:
   >>>
   >>>  * I get an email which is a pull request, and I run the
   >>>"apply-pullreq" script, which takes the GIT URL and tag/branch name
   >>>to test.
   >>>  * apply-pullreq performs the merge into a 'staging' branch
   >>>  * apply-pullreq also performs some simple local tests:
   >>> * does git verify-tag like the GPG signature?
   >>> * are we trying to apply the pull before reopening the dev tree
   >>>   for a new release?
   >>> * does the pull include commits with bad UTF8 or bogus qemu-devel
   >>>   email addresses?
   >>> * submodule updates are only allowed if the --submodule-ok option
   >>>   was specifically passed

These steps could go unchanged at this point.  One minor remark is
that the repo hosted at gitlab.com would be used instead.  The
'staging' branch can be protected[4] so that only authorized people
can do it (and trigger the pipeline and its jobs).

   >>>  * apply-pullreq then invokes parallel-buildtest to do the actual
   >>>testing

This would be done by GitLab instead.  The dispatching of jobs is
based on the tags given to jobs and machines.  IMO at least the OS
version and architecture should be given as tags, and the machine
needs proper setup to run a job, such as having the right packages
installed.  It can start with a proper documentation for every type of
OS and version (and possibly job type), and evolve into scripts
or other type of automation.

These are usuall identical or very similar to what is defined in
"tests/docker/dockerfiles", but need to be done at the machine level
because of the "shell" executor.

   >>>  * parallel-buildtest is a trivial wrapper around GNU Parallel which
   >>>invokes 'mergebuild' on each of the test machines
   >>>  * if all is OK then the user gets to do the 'git push' to push the
   >>>staging branch to master

The central place to check for success or failure would be the
pipeline page.  Also, there's a configurable notification system that
should (I've not tested it throughly) send failed and/or 

[RFC PATCH 1/2] GitLab CI: avoid calling before_scripts on unintended jobs

[Cleber Rosa]

At this point it seems that all jobs depend on those steps, with
maybe the EDK2 jobs as exceptions.

The jobs that will be added will not want those scripts to be
run, so let's move these steps to the appropriate jobs, while
still trying to avoid repetition.

Signed-off-by: Cleber Rosa 
---
 .gitlab-ci.yml | 17 ++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 228783993e..d2c7d2198e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,11 +1,10 @@
 include:
   - local: '/.gitlab-ci-edk2.yml'
 
-before_script:
+build-system1:
+ before_script: _scr_apt
  - apt-get update -qq
  - apt-get install -y -qq flex bison libglib2.0-dev libpixman-1-dev genisoimage
-
-build-system1:
  script:
  - apt-get install -y -qq libgtk-3-dev libvte-dev nettle-dev libcacard-dev
   libusb-dev libvde-dev libspice-protocol-dev libgl1-mesa-dev 
libvdeplug-dev
@@ -18,6 +17,8 @@ build-system1:
  - make -j2 check
 
 build-system2:
+ before_script:
+  *before_scr_apt
  script:
  - apt-get install -y -qq libsdl2-dev libgcrypt-dev libbrlapi-dev libaio-dev
   libfdt-dev liblzo2-dev librdmacm-dev libibverbs-dev libibumad-dev
@@ -30,6 +31,8 @@ build-system2:
  - make -j2 check
 
 build-disabled:
+ before_script:
+  *before_scr_apt
  script:
  - mkdir build
  - cd build
@@ -44,6 +47,8 @@ build-disabled:
  - make -j2 check-qtest SPEED=slow
 
 build-tcg-disabled:
+ before_script:
+  *before_scr_apt
  script:
  - apt-get install -y -qq clang libgtk-3-dev libusb-dev
  - mkdir build
@@ -62,6 +67,8 @@ build-tcg-disabled:
 248 250 254 255 256
 
 build-user:
+ before_script:
+  *before_scr_apt
  script:
  - mkdir build
  - cd build
@@ -71,6 +78,8 @@ build-user:
  - make run-tcg-tests-i386-linux-user run-tcg-tests-x86_64-linux-user
 
 build-clang:
+ before_script:
+  *before_scr_apt
  script:
  - apt-get install -y -qq clang libsdl2-dev libattr1-dev libcap-ng-dev
   xfslibs-dev libiscsi-dev libnfs-dev libseccomp-dev gnutls-dev librbd-dev
@@ -83,6 +92,8 @@ build-clang:
  - make -j2 check
 
 build-tci:
+ before_script:
+  *before_scr_apt
  script:
  - TARGETS="aarch64 alpha arm hppa m68k microblaze moxie ppc64 s390x x86_64"
  - mkdir build
-- 
2.21.1

[RFC PATCH 2/2] GitLab CI: crude mapping of PMM's scripts to jobs

[Cleber Rosa]

This is a crude and straightforward mapping of Peter's
"remake-merge-builds" and "pull-buildtest" scripts.

Some characteristics were removed for simplicity sake (but eventually
will), including:
 * number of simultaneous make jobs
 * make's synchronous output, not needed because of previous point
 * out-of-tree builds

This covers the "x86-64 Linux with a variety of different build
configs"[1].  I've personally tested all of them, and only had
issues with the "notcg" job[2], but it seems to be a test specific
issue with the nested KVM I was using.

[1] - https://wiki.qemu.org/Requirements/GatingCI#Current_Tests
[2] - https://paste.centos.org/view/1dd43a1c

Signed-off-by: Cleber Rosa 
---
 .gitlab-ci.yml | 116 +
 1 file changed, 116 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d2c7d2198e..eb4077e2ab 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,6 +2,8 @@ include:
   - local: '/.gitlab-ci-edk2.yml'
 
 build-system1:
+ rules:
+ - if: '$CI_COMMIT_REF_NAME != "staging"'
  before_script: _scr_apt
  - apt-get update -qq
  - apt-get install -y -qq flex bison libglib2.0-dev libpixman-1-dev genisoimage
@@ -17,6 +19,8 @@ build-system1:
  - make -j2 check
 
 build-system2:
+ rules:
+ - if: '$CI_COMMIT_REF_NAME != "staging"'
  before_script:
   *before_scr_apt
  script:
@@ -31,6 +35,8 @@ build-system2:
  - make -j2 check
 
 build-disabled:
+ rules:
+ - if: '$CI_COMMIT_REF_NAME != "staging"'
  before_script:
   *before_scr_apt
  script:
@@ -47,6 +53,8 @@ build-disabled:
  - make -j2 check-qtest SPEED=slow
 
 build-tcg-disabled:
+ rules:
+ - if: '$CI_COMMIT_REF_NAME != "staging"'
  before_script:
   *before_scr_apt
  script:
@@ -67,6 +75,8 @@ build-tcg-disabled:
 248 250 254 255 256
 
 build-user:
+ rules:
+ - if: '$CI_COMMIT_REF_NAME != "staging"'
  before_script:
   *before_scr_apt
  script:
@@ -78,6 +88,8 @@ build-user:
  - make run-tcg-tests-i386-linux-user run-tcg-tests-x86_64-linux-user
 
 build-clang:
+ rules:
+ - if: '$CI_COMMIT_REF_NAME != "staging"'
  before_script:
   *before_scr_apt
  script:
@@ -92,6 +104,8 @@ build-clang:
  - make -j2 check
 
 build-tci:
+ rules:
+ - if: '$CI_COMMIT_REF_NAME != "staging"'
  before_script:
   *before_scr_apt
  script:
@@ -111,3 +125,105 @@ build-tci:
  - QTEST_QEMU_BINARY="x86_64-softmmu/qemu-system-x86_64" ./tests/qtest/pxe-test
  - QTEST_QEMU_BINARY="s390x-softmmu/qemu-system-s390x"
./tests/qtest/pxe-test -m slow
+
+ubuntu-18.04.3-x86_64-notools:
+ tags:
+ - ubuntu_18.04.3
+ - x86_64
+ rules:
+ - if: '$CI_COMMIT_REF_NAME == "staging"'
+ script:
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/remake-merge-builds#n22
+ - ./configure --target-list=arm-softmmu --disable-tools --disable-libssh
+ # There is no make / make check in the "pull-buildtest" script for this.
+ # Question: should it at least be built? Or dropped?
+ - make
+
+ubuntu-18.04.3-x86_64-all-linux-static:
+ tags:
+ - ubuntu_18.04.3
+ - x86_64
+ rules:
+ - if: '$CI_COMMIT_REF_NAME == "staging"'
+ script:
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/remake-merge-builds#n25
+ - ./configure --enable-debug --static --disable-system --disable-glusterfs 
--disable-libssh
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/pull-buildtest#n36
+ - make
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/pull-buildtest#n45
+ - make check V=1
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/pull-buildtest#n48
+ - make check-tcg V=1
+
+ubuntu-18.04.3-x86_64-all:
+ tags:
+ - ubuntu_18.04.3
+ - x86_64
+ rules:
+ - if: '$CI_COMMIT_REF_NAME == "staging"'
+ script:
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/remake-merge-builds#n26
+ - ./configure --disable-libssh
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/pull-buildtest#n28
+ - make
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/pull-buildtest#n37
+ - make check V=1
+
+ubuntu-18.04.3-x86_64-alldbg:
+ tags:
+ - ubuntu_18.04.3
+ - x86_64
+ rules:
+ - if: '$CI_COMMIT_REF_NAME == "staging"'
+ script:
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/remake-merge-builds#n27
+ - ./configure --disable-libssh
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/pull-buildtest#n27
+ - make clean
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/pull-buildtest#n29
+ - make
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/pull-buildtest#n37
+ - make check V=1
+
+ubuntu-18.04.3-x86_64-clang:
+ tags:
+ - ubuntu_18.04.3
+ - x86_64
+ rules:
+ - if: '$CI_COMMIT_REF_NAME == "staging"'
+ script:
+ # 
https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/remake-merge-builds#n31
+ - ./configure --disable-libssh --cc=clang --cxx=clang++ --enable-gtk 
--extra-cflags='-fsanitize=undefined -fno-sanitize=shift-base -Werror'
+ # 

[PATCH qemu] spapr/rtas: Print message from "ibm,os-term"

[Alexey Kardashevskiy]

The "ibm,os-term" RTAS call has a single parameter which is a pointer to
a message from the guest kernel about the termination cause; this prints
it.

Signed-off-by: Alexey Kardashevskiy 
---
 hw/ppc/spapr_rtas.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 883fe28465e6..656fdd221665 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -345,6 +345,13 @@ static void rtas_ibm_os_term(PowerPCCPU *cpu,
 target_ulong args,
 uint32_t nret, target_ulong rets)
 {
+target_ulong msgaddr = rtas_ld(args, 0);
+char msg[512];
+
+cpu_physical_memory_read(msgaddr, msg, sizeof(msg) - 1);
+msg[sizeof(msg) - 1] = 0;
+
+error_report("OS terminated: %s", msg);
 qemu_system_guest_panicked(NULL);
 
 rtas_st(rets, 0, RTAS_OUT_SUCCESS);
-- 
2.17.1

[PATCH] boot-order-test: fix memleaks in boot-order-test

[pannengyuan]

From: Pan Nengyuan 

It's not a big deal, but 'check qtest-ppc/ppc64' runs fail if sanitizers is 
enabled.
The memory leak stack is as follow:

Direct leak of 128 byte(s) in 4 object(s) allocated from:
#0 0x7f11756f5970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970)
#1 0x7f1174f2549d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d)
#2 0x556af05aa7da in mm_fw_cfg_init /mnt/sdb/qemu/tests/libqos/fw_cfg.c:119
#3 0x556af059f4f5 in read_boot_order_pmac 
/mnt/sdb/qemu/tests/boot-order-test.c:137
#4 0x556af059efe2 in test_a_boot_order 
/mnt/sdb/qemu/tests/boot-order-test.c:47
#5 0x556af059f2c0 in test_boot_orders 
/mnt/sdb/qemu/tests/boot-order-test.c:59
#6 0x556af059f52d in test_pmac_oldworld_boot_order 
/mnt/sdb/qemu/tests/boot-order-test.c:152
#7 0x7f1174f46cb9  (/lib64/libglib-2.0.so.0+0x73cb9)
#8 0x7f1174f46b73  (/lib64/libglib-2.0.so.0+0x73b73)
#9 0x7f1174f46b73  (/lib64/libglib-2.0.so.0+0x73b73)
#10 0x7f1174f46f71 in g_test_run_suite (/lib64/libglib-2.0.so.0+0x73f71)
#11 0x7f1174f46f94 in g_test_run (/lib64/libglib-2.0.so.0+0x73f94)

Reported-by: Euler Robot 
Signed-off-by: Pan Nengyuan 
---
 tests/qtest/boot-order-test.c | 6 +++---
 tests/qtest/libqos/fw_cfg.h   | 2 ++
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/tests/qtest/boot-order-test.c b/tests/qtest/boot-order-test.c
index a725bce729..4241304ff5 100644
--- a/tests/qtest/boot-order-test.c
+++ b/tests/qtest/boot-order-test.c
@@ -134,7 +134,7 @@ static void test_prep_boot_order(void)
 
 static uint64_t read_boot_order_pmac(QTestState *qts)
 {
-QFWCFG *fw_cfg = mm_fw_cfg_init(qts, 0xf510);
+g_autoptr(QFWCFG) fw_cfg = mm_fw_cfg_init(qts, 0xf510);
 
 return qfw_cfg_get_u16(fw_cfg, FW_CFG_BOOT_DEVICE);
 }
@@ -159,7 +159,7 @@ static void test_pmac_newworld_boot_order(void)
 
 static uint64_t read_boot_order_sun4m(QTestState *qts)
 {
-QFWCFG *fw_cfg = mm_fw_cfg_init(qts, 0xd0510ULL);
+g_autoptr(QFWCFG) fw_cfg = mm_fw_cfg_init(qts, 0xd0510ULL);
 
 return qfw_cfg_get_u16(fw_cfg, FW_CFG_BOOT_DEVICE);
 }
@@ -171,7 +171,7 @@ static void test_sun4m_boot_order(void)
 
 static uint64_t read_boot_order_sun4u(QTestState *qts)
 {
-QFWCFG *fw_cfg = io_fw_cfg_init(qts, 0x510);
+g_autoptr(QFWCFG) fw_cfg = io_fw_cfg_init(qts, 0x510);
 
 return qfw_cfg_get_u16(fw_cfg, FW_CFG_BOOT_DEVICE);
 }
diff --git a/tests/qtest/libqos/fw_cfg.h b/tests/qtest/libqos/fw_cfg.h
index 13325cc4ff..c6a7cf8cf0 100644
--- a/tests/qtest/libqos/fw_cfg.h
+++ b/tests/qtest/libqos/fw_cfg.h
@@ -49,4 +49,6 @@ static inline void pc_fw_cfg_uninit(QFWCFG *fw_cfg)
 io_fw_cfg_uninit(fw_cfg);
 }
 
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(QFWCFG, mm_fw_cfg_uninit)
+
 #endif
-- 
2.21.0.windows.1

Re: VW ELF loader

[David Gibson]

On Sun, Feb 02, 2020 at 06:38:59PM +0100, Paolo Bonzini wrote:
> Il dom 2 feb 2020, 12:51 Alexey Kardashevskiy  ha scritto:
> 
> > > QEMU must not load GRUB from disk, that's the firmware's task.  If you
> > > want to kill SLOF, you can rewrite it, but loading the kernel GRUB from
> > > disk within QEMU is a bad idea: the next feature you'll be requested to
> > > implement will be network boot, and there's no way to do that in QEMU.
> >
> > What is exactly the problem with netboot? I can hook up the OF's "net" to
> > a backend (as I do for serial console and
> > blockdev, in boot order)
> 
> Who provides the OpenFirmware entry point when you remove SLOF and boot
> directly into grub?

We do the same thing as we do for RTAS.  We have a tiny (20 byte) stub
for the client interface entry point which forwards client interface
calls to a hypercall which we implement in qemu.

> Or alternatively it is possible with my patchset to load petitboot (kernel
> > + intramdisk, the default way of booting
> > POWER8/9 baremetal systems) and that thing can do whole lot of things, we
> > can consider it as a replacement for ROMs from
> > devices (or I misunderstood what kind of netboot you meant).
> >
> 
> Why wouldn't that have the same issue as SLOF that you describe below (I
> honestly don't understand anything of it, but that's not your fault :-)).

Because having it's own full understanding of the hardware (via its
linux kernel), petitboot doesn't have to shared data with the
hypervisor to the extent that SLOF needs to.

> 
> Paolo
> 
> 
> > > You should be able to reuse quite a lot of code from both
> > > pc-bios/s390-ccw (for virtio drivers) and kvm-unit-tests (for device
> > > tree parsing).  You'd have to write the glue code for PCI hypercalls,
> > > and adapt virtio.c for virtio-pci instead of virtio-ccw.
> >
> > The reason for killing SLOF is to keep one device tree for the entire boot
> > process including
> > ibm,client-architecture-support with possible (and annoying) configuration
> > reboots. Having another firware won't help
> > with that.
> >
> > Also the OF1275 client interface is the way for the client to get
> > net/block device without need to have drivers, I'd
> > like to do just this and skip the middle man (QEMU device and guest driver
> > in firmware/bootloader).
> >
> > I'll post another RFC tomorrow to give a better idea.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: VW ELF loader

[David Gibson]

On Sat, Feb 01, 2020 at 08:04:25PM +0100, Paolo Bonzini wrote:
> On 01/02/20 14:39, Alexey Kardashevskiy wrote:
> > QEMU needs to load GRUB from the disk. The current workaround is to read
> > it from qcow2, save in a file and then call load_elf(). Not nice.
> > 
> > 2 problems with that.
> > 
> > 1. when load_elf calls address_space_write() - I need to know where and
> > how much RAM was used to mark this memory "used" for the OF client
> > interface (/memory@0/available FDT property). So I'll need "preload()"
> > hook.
> > 
> > 2. (bigger) GRUB comes from PReP partition which is 8MB. load_elf{32|64}
> > consumes filename, not a memory pointer nor a "read_fn" callback - so I
> > thought I need a "read_fn" callback.
> > 
> > And then I discovered that load_elf actually maps the passed file. And
> > here I got lost.
> > 
> > Why does not load_elf just map the entire file and parse the bits? It
> > still reads chunks with seek+read and then it maps the file in a loop
> > potentially multiple times - is this even correct? Passing "fd" around
> > is weird.
> 
> QEMU must not load GRUB from disk, that's the firmware's task.  If you
> want to kill SLOF, you can rewrite it, but loading the kernel GRUB from
> disk within QEMU is a bad idea: the next feature you'll be requested to
> implement will be network boot, and there's no way to do that in QEMU.

So.. I'm going to dispute this.  Or at least dispute that writing "the
firmware" as part of qemu isn't a feasible strategy.  At least in the
case of the "pseries" machine type, and possibly some other explicitly
paravirt machine types.

I do agree that we should leave firmware things to firmware when we're
implementing a real hardware platform and can therefore (at least in
theory) run the same firmware binary under qemu as for the real
hardware.

But "pseries" is different.  We're implementing the PAPR platform,
which describes an OS environment that's presented by a combination of
a hypervisor and firmware.  The features it specifies *require*
collaboration between the firmware and the hypervisor.

In PowerVM the environment is implemented with a substantial firmware
as well as hypervisor.  How those two communicate is in closed code,
it's not documented anywhere public, and I suspect it's not even
documented anywhere internal to IBM.

So, for qemu we've taken a different approach.  Since the beginning,
the runtime component of the firmware (RTAS) has been implemented as a
20 byte shim which simply forwards it to a hypercall implemented in
qemu.  The boottime firmware component is SLOF - but a build that's
specific to qemu, and has always needed to be updated in sync with
it.  Even though we've managed to limit the amount of runtime
communication we need between qemu and SLOF, there's some, and it's
become increasingly awkward to handle as we've implemented new features.

So really, the question isn't whether we implement things in firmware
or in qemu.  It's whether we implement the firmware functionality as
guest cpu code, which needs to be coded to work with a limited
environment, built with a special toolchain, then emulated with TCG.
Or, do we just implement it in normal C code, with a full C library,
and existing device and backend abstractions inside qemu.

That's what killing slof is about.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH] tests: Silent various warnings with pseries

[David Gibson]

On Sat, Feb 01, 2020 at 11:46:16PM +0100, Greg Kurz wrote:
> Some default features of the pseries machine are only available with
> KVM. Warnings are printed when the pseries machine is used with another
> accelerator:
> 
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-ccf-assist=on
> qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
> Interrupts(FWNMI) not supported in TCG
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-ccf-assist=on
> qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
> Interrupts(FWNMI) not supported in TCG
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-ccf-assist=on
> qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
> Interrupts(FWNMI) not supported in TCG
> 
> This is annoying for CI since it usually runs without KVM. We already
> disable features that emit similar warnings thanks to properties of the
> pseries machine, but this is open-coded in various places. Consolidate
> the set of properties in a single place. Extend it to silent the above
> warnings. And use it in the various tests that start pseries machines.
> 
> Signed-off-by: Greg Kurz 

Applied to ppc-for-5.0.

> ---
> 
> This patch fixes the warnings observed with David's latest pull request.
> 
>  tests/qtest/boot-serial-test.c|3 ++-
>  tests/qtest/libqos/libqos-spapr.h |8 
>  tests/qtest/prom-env-test.c   |3 ++-
>  tests/qtest/pxe-test.c|7 ---
>  4 files changed, 16 insertions(+), 5 deletions(-)
> 
> diff --git a/tests/qtest/boot-serial-test.c b/tests/qtest/boot-serial-test.c
> index 8e8c5b0a0f0c..85a361428697 100644
> --- a/tests/qtest/boot-serial-test.c
> +++ b/tests/qtest/boot-serial-test.c
> @@ -15,6 +15,7 @@
>  
>  #include "qemu/osdep.h"
>  #include "libqtest.h"
> +#include "libqos/libqos-spapr.h"
>  
>  static const uint8_t kernel_mcf5208[] = {
>  0x41, 0xf9, 0xfc, 0x06, 0x00, 0x00, /* lea 0xfc06,%a0 */
> @@ -112,7 +113,7 @@ static testdef_t tests[] = {
>  { "ppc64", "40p", "-m 192", "Memory: 192M" },
>  { "ppc64", "mac99", "", "PowerPC,970FX" },
>  { "ppc64", "pseries",
> -  "-machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken",
> +  "-machine " PSERIES_DEFAULT_CAPABILITIES,
>"Open Firmware" },
>  { "ppc64", "powernv8", "", "OPAL" },
>  { "ppc64", "powernv9", "", "OPAL" },
> diff --git a/tests/qtest/libqos/libqos-spapr.h 
> b/tests/qtest/libqos/libqos-spapr.h
> index dcb5c43ad37d..e4460d08ae6e 100644
> --- a/tests/qtest/libqos/libqos-spapr.h
> +++ b/tests/qtest/libqos/libqos-spapr.h
> @@ -7,4 +7,12 @@ QOSState *qtest_spapr_vboot(const char *cmdline_fmt, va_list 
> ap);
>  QOSState *qtest_spapr_boot(const char *cmdline_fmt, ...);
>  void qtest_spapr_shutdown(QOSState *qs);
>  
> +/* List of capabilities needed to silent warnings with TCG */
> +#define PSERIES_DEFAULT_CAPABILITIES \
> +"cap-cfpc=broken,"   \
> +"cap-sbbc=broken,"   \
> +"cap-ibs=broken,"\
> +"cap-ccf-assist=off,"\
> +"cap-fwnmi-mce=off"
> +
>  #endif
> diff --git a/tests/qtest/prom-env-test.c b/tests/qtest/prom-env-test.c
> index 9be52c766fe3..60e6ec315335 100644
> --- a/tests/qtest/prom-env-test.c
> +++ b/tests/qtest/prom-env-test.c
> @@ -21,6 +21,7 @@
>  
>  #include "qemu/osdep.h"
>  #include "libqtest.h"
> +#include "libqos/libqos-spapr.h"
>  
>  #define MAGIC   0xcafec0de
>  #define ADDRESS 0x4000
> @@ -54,7 +55,7 @@ static void test_machine(const void *machine)
>   */
>  if (strcmp(machine, "pseries") == 0) {
>  extra_args = "-nodefaults"
> -" -machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken";
> +" -machine " PSERIES_DEFAULT_CAPABILITIES;
>  }
>  
>  qts = qtest_initf("-M %s -accel tcg %s -prom-env 'use-nvramrc?=true' "
> diff --git a/tests/qtest/pxe-test.c b/tests/qtest/pxe-test.c
> index f68d0aadbb4d..1161a773a4a7 100644
> --- a/tests/qtest/pxe-test.c
> +++ b/tests/qtest/pxe-test.c
> @@ -17,6 +17,7 @@
>  #include "qemu-common.h"
>  #include "libqtest.h"
>  #include "boot-sector.h"
> +#include "libqos/libqos-spapr.h"
>  
>  #define NETNAME "net0"
>  
> @@ -46,15 +47,15 @@ static testdef_t x86_tests_slow[] = {
>  
>  static testdef_t ppc64_tests[] = {
>  { "pseries", "spapr-vlan",
> -  "-machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken,vsmt=8" },
> +  "-machine vsmt=8," PSERIES_DEFAULT_CAPABILITIES },
>  { "pseries", "virtio-net-pci",
> -  "-machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken,vsmt=8" },
> +  "-machine vsmt=8," PSERIES_DEFAULT_CAPABILITIES },
>  { NULL },
>  };
>  
>  static testdef_t ppc64_tests_slow[] = {
>  { "pseries", "e1000",
> -  "-machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken,vsmt=8" },
> +  "-machine vsmt=8," PSERIES_DEFAULT_CAPABILITIES },
>  { NULL },
>  };
>  
> 

Re: [PATCH] tests: Silent various warnings with pseries

[David Gibson]

On Sun, Feb 02, 2020 at 06:31:17PM +0100, BALATON Zoltan wrote:
> On Sun, 2 Feb 2020, BALATON Zoltan wrote:
> > On Sat, 1 Feb 2020, Greg Kurz wrote:
> > > Some default features of the pseries machine are only available with
> > > KVM. Warnings are printed when the pseries machine is used with another
> > > accelerator:
> > > 
> > > qemu-system-ppc64: warning: TCG doesn't support requested feature,
> > > cap-ccf-assist=on
> > > qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
> > > Interrupts(FWNMI) not supported in TCG
> > > qemu-system-ppc64: warning: TCG doesn't support requested feature,
> > > cap-ccf-assist=on
> > > qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
> > > Interrupts(FWNMI) not supported in TCG
> > > qemu-system-ppc64: warning: TCG doesn't support requested feature,
> > > cap-ccf-assist=on
> > > qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
> > > Interrupts(FWNMI) not supported in TCG
> > > 
> > > This is annoying for CI since it usually runs without KVM. We already
> > > disable features that emit similar warnings thanks to properties of the
> > > pseries machine, but this is open-coded in various places. Consolidate
> > > the set of properties in a single place. Extend it to silent the above
> 
> Actually at least 3 places:
> - In commit title,
> - the line in commit message above,
> - and in comment below
> where typo exists.

I've patched those in my tree.

> 
> Regards,
> BALATON Zoltan
> 
> > > warnings. And use it in the various tests that start pseries machines.
> > > 
> > > Signed-off-by: Greg Kurz 
> > > ---
> > > 
> > > This patch fixes the warnings observed with David's latest pull request.
> > > 
> > > tests/qtest/boot-serial-test.c|3 ++-
> > > tests/qtest/libqos/libqos-spapr.h |8 
> > > tests/qtest/prom-env-test.c   |3 ++-
> > > tests/qtest/pxe-test.c|7 ---
> > > 4 files changed, 16 insertions(+), 5 deletions(-)
> > > 
> > > diff --git a/tests/qtest/boot-serial-test.c
> > > b/tests/qtest/boot-serial-test.c
> > > index 8e8c5b0a0f0c..85a361428697 100644
> > > --- a/tests/qtest/boot-serial-test.c
> > > +++ b/tests/qtest/boot-serial-test.c
> > > @@ -15,6 +15,7 @@
> > > 
> > > #include "qemu/osdep.h"
> > > #include "libqtest.h"
> > > +#include "libqos/libqos-spapr.h"
> > > 
> > > static const uint8_t kernel_mcf5208[] = {
> > > 0x41, 0xf9, 0xfc, 0x06, 0x00, 0x00, /* lea 0xfc06,%a0 */
> > > @@ -112,7 +113,7 @@ static testdef_t tests[] = {
> > > { "ppc64", "40p", "-m 192", "Memory: 192M" },
> > > { "ppc64", "mac99", "", "PowerPC,970FX" },
> > > { "ppc64", "pseries",
> > > -  "-machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken",
> > > +  "-machine " PSERIES_DEFAULT_CAPABILITIES,
> > >   "Open Firmware" },
> > > { "ppc64", "powernv8", "", "OPAL" },
> > > { "ppc64", "powernv9", "", "OPAL" },
> > > diff --git a/tests/qtest/libqos/libqos-spapr.h
> > > b/tests/qtest/libqos/libqos-spapr.h
> > > index dcb5c43ad37d..e4460d08ae6e 100644
> > > --- a/tests/qtest/libqos/libqos-spapr.h
> > > +++ b/tests/qtest/libqos/libqos-spapr.h
> > > @@ -7,4 +7,12 @@ QOSState *qtest_spapr_vboot(const char
> > > *cmdline_fmt, va_list ap);
> > > QOSState *qtest_spapr_boot(const char *cmdline_fmt, ...);
> > > void qtest_spapr_shutdown(QOSState *qs);
> > > 
> > > +/* List of capabilities needed to silent warnings with TCG */
> > 
> > Typo: I think it should be "to silence warnings" both here and in commit
> > message.
> > 
> > Regards,
> > BALATON Zoltan
> > 
> > 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[PATCH v2 7/7] virt/acpi: update golden masters for DSDT update

[Heyi Guo]

Differences between disassembled ASL files:

diff --git a/DSDT.dsl.orig b/DSDT.dsl
index ed3e5f0fa9..10cf70c886 100644
--- a/DSDT.dsl.orig
+++ b/DSDT.dsl
@@ -5,13 +5,13 @@
  *
  * Disassembling to symbolic ASL+ operators
  *
- * Disassembly of DSDT, Thu Jan 23 16:00:04 2020
+ * Disassembly of DSDT.new, Thu Jan 23 16:47:12 2020
  *
  * Original Table Header:
  * Signature"DSDT"
- * Length   0x481E (18462)
+ * Length   0x14BB (5307)
  * Revision 0x02
- * Checksum 0x60
+ * Checksum 0xD1
  * OEM ID   "BOCHS "
  * OEM Table ID "BXPCDSDT"
  * OEM Revision 0x0001 (1)
@@ -43,7 +43,6 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
0x0001)
 0x0021,
 }
 })
-Name (_ADR, 0x0900)  // _ADR: Address
 }

 Device (FLS0)
@@ -668,11 +667,10 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
0x0001)
 Name (_CID, "PNP0A03" /* PCI Bus */)  // _CID: Compatible ID
 Name (_SEG, Zero)  // _SEG: PCI Segment
 Name (_BBN, Zero)  // _BBN: BIOS Bus Number
-Name (_ADR, Zero)  // _ADR: Address
 Name (_UID, "PCI0")  // _UID: Unique ID
 Name (_STR, Unicode ("PCIe 0 Device"))  // _STR: Description String
 Name (_CCA, One)  // _CCA: Cache Coherency Attribute
-Name (_PRT, Package (0x0400)  // _PRT: PCI Routing Table
+Name (_PRT, Package (0x80)  // _PRT: PCI Routing Table
 {
 Package (0x04)
 {
@@ -1696,7174 +1694,6 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
0x0001)
 0x03,
 GSI2,
 Zero
-},
-
-Package (0x04)
-{
-0x0020,
-Zero,
-GSI0,
-Zero
-},
-
-*Omit the other (4 * (256 - 32) - 2) packages*
-
-Package (0x04)
-{
-0x00FF,
-0x03,
-GSI2,
-Zero
 }
 })
 Device (GSI0)
@@ -8892,7 +1722,7 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
0x0001)
 Device (GSI1)
 {
 Name (_HID, "PNP0C0F" /* PCI Interrupt Link Device */)  // 
_HID: Hardware ID
-Name (_UID, Zero)  // _UID: Unique ID
+Name (_UID, One)  // _UID: Unique ID
 Name (_PRS, ResourceTemplate ()  // _PRS: Possible Resource 
Settings
 {
 Interrupt (ResourceConsumer, Level, ActiveHigh, Exclusive, 
,, )
@@ -8915,7 +1745,7 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
0x0001)
 Device (GSI2)
 {
 Name (_HID, "PNP0C0F" /* PCI Interrupt Link Device */)  // 
_HID: Hardware ID
-Name (_UID, Zero)  // _UID: Unique ID
+Name (_UID, 0x02)  // _UID: Unique ID
 Name (_PRS, ResourceTemplate ()  // _PRS: Possible Resource 
Settings
 {
 Interrupt (ResourceConsumer, Level, ActiveHigh, Exclusive, 
,, )
@@ -8938,7 +1768,7 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
0x0001)
 Device (GSI3)
 {
 Name (_HID, "PNP0C0F" /* PCI Interrupt Link Device */)  // 
_HID: Hardware ID
-Name (_UID, Zero)  // _UID: Unique ID
+Name (_UID, 0x03)  // _UID: Unique ID
 Name (_PRS, ResourceTemplate ()  // _PRS: Possible Resource 
Settings
 {
 Interrupt (ResourceConsumer, Level, ActiveHigh, Exclusive, 
,, )
@@ -8965,37 +1795,6 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPCDSDT", 
0x0001)

 Method (_CRS, 0, NotSerialized)  // _CRS: Current Resource Settings
 {
-Name (RBUF, ResourceTemplate ()
-{
-WordBusNumber (ResourceProducer, MinFixed, MaxFixed, 
PosDecode,
-0x, // Granularity
-0x, // Range Minimum
-0x00FF, // Range Maximum
-0x, // Translation Offset
-0x0100, // Length
-,, )
-DWordMemory (ResourceProducer, PosDecode, MinFixed, 
MaxFixed, NonCacheable, ReadWrite,
-0x, // Granularity
-0x1000, // Range Minimum
-0x3EFE, // Range Maximum
-0x, // Translation Offset
-0x2EFF, // Length
-   

[PATCH v2 3/7] arm/virt/acpi: remove _ADR from devices identified by _HID

[Heyi Guo]

According to ACPI spec, _ADR should be used for device on a bus that
has a standard enumeration algorithm, but not for device which is on
system bus and must be enumerated by OSPM. And it is not recommended
to contain both _HID and _ADR in a single device.

See ACPI 6.3, section 6.1, top of page 343:

A device object must contain either an _HID object or an _ADR object,
but should not contain both.

(https://uefi.org/sites/default/files/resources/ACPI_6_3_May16.pdf)

Signed-off-by: Heyi Guo 
Acked-by: Igor Mammedov 

---
Cc: Shannon Zhao 
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
 hw/arm/virt-acpi-build.c | 8 
 1 file changed, 8 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 9f4c7d1889..be752c0ad8 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -78,11 +78,6 @@ static void acpi_dsdt_add_uart(Aml *scope, const MemMapEntry 
*uart_memmap,
  AML_EXCLUSIVE, _irq, 1));
 aml_append(dev, aml_name_decl("_CRS", crs));
 
-/* The _ADR entry is used to link this device to the UART described
- * in the SPCR table, i.e. SPCR.base_address.address == _ADR.
- */
-aml_append(dev, aml_name_decl("_ADR", aml_int(uart_memmap->base)));
-
 aml_append(scope, dev);
 }
 
@@ -170,7 +165,6 @@ static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry 
*memmap,
 aml_append(dev, aml_name_decl("_CID", aml_string("PNP0A03")));
 aml_append(dev, aml_name_decl("_SEG", aml_int(0)));
 aml_append(dev, aml_name_decl("_BBN", aml_int(0)));
-aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
 aml_append(dev, aml_name_decl("_UID", aml_string("PCI0")));
 aml_append(dev, aml_name_decl("_STR", aml_unicode("PCIe 0 Device")));
 aml_append(dev, aml_name_decl("_CCA", aml_int(1)));
@@ -334,7 +328,6 @@ static void acpi_dsdt_add_gpio(Aml *scope, const 
MemMapEntry *gpio_memmap,
 {
 Aml *dev = aml_device("GPO0");
 aml_append(dev, aml_name_decl("_HID", aml_string("ARMH0061")));
-aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
 aml_append(dev, aml_name_decl("_UID", aml_int(0)));
 
 Aml *crs = aml_resource_template();
@@ -364,7 +357,6 @@ static void acpi_dsdt_add_power_button(Aml *scope)
 {
 Aml *dev = aml_device(ACPI_POWER_BUTTON_DEVICE);
 aml_append(dev, aml_name_decl("_HID", aml_string("PNP0C0C")));
-aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
 aml_append(dev, aml_name_decl("_UID", aml_int(0)));
 aml_append(scope, dev);
 }
-- 
2.19.1

[PATCH v2 5/7] arm/acpi: fix duplicated _UID of PCI interrupt link devices

[Heyi Guo]

Using _UID of 0 for all PCI interrupt link devices absolutely violates
the spec. Simply increase one by one.

Signed-off-by: Heyi Guo 

---
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Shannon Zhao 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
 hw/arm/virt-acpi-build.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 5d157a9dd5..f3e340b172 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -189,7 +189,7 @@ static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry 
*memmap,
 uint32_t irqs =  irq + i;
 Aml *dev_gsi = aml_device("GSI%d", i);
 aml_append(dev_gsi, aml_name_decl("_HID", aml_string("PNP0C0F")));
-aml_append(dev_gsi, aml_name_decl("_UID", aml_int(0)));
+aml_append(dev_gsi, aml_name_decl("_UID", aml_int(i)));
 crs = aml_resource_template();
 aml_append(crs,
aml_interrupt(AML_CONSUMER, AML_LEVEL, AML_ACTIVE_HIGH,
-- 
2.19.1

[PATCH v2 2/7] arm/virt/acpi: remove meaningless sub device "RP0" from PCI0

[Heyi Guo]

The sub device "RP0" under PCI0 in ACPI/DSDT does not contain any
method or property other than "_ADR", so it is safe to remove it.

Signed-off-by: Heyi Guo 
Acked-by: "Michael S. Tsirkin" 

---
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Shannon Zhao 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
 hw/arm/virt-acpi-build.c | 4 
 1 file changed, 4 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index bd5f771e9b..9f4c7d1889 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -317,10 +317,6 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
MemMapEntry *memmap,
 aml_append(method, aml_return(buf));
 aml_append(dev, method);
 
-Aml *dev_rp0 = aml_device("%s", "RP0");
-aml_append(dev_rp0, aml_name_decl("_ADR", aml_int(0)));
-aml_append(dev, dev_rp0);
-
 Aml *dev_res0 = aml_device("%s", "RES0");
 aml_append(dev_res0, aml_name_decl("_HID", aml_string("PNP0C02")));
 crs = aml_resource_template();
-- 
2.19.1

[PATCH v2 1/7] bios-tables-test: prepare to change ARM virt ACPI DSDT

[Heyi Guo]

We are going to change ARM virt ACPI DSDT table, which will cause make
check to fail, so temporarily add related golden masters to ignore
list.

Signed-off-by: Heyi Guo 

---
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Shannon Zhao 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
 tests/qtest/bios-tables-test-allowed-diff.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/qtest/bios-tables-test-allowed-diff.h 
b/tests/qtest/bios-tables-test-allowed-diff.h
index dfb8523c8b..32a401ae35 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1 +1,4 @@
 /* List of comma-separated changed AML files to ignore */
+"tests/data/acpi/virt/DSDT",
+"tests/data/acpi/virt/DSDT.memhp",
+"tests/data/acpi/virt/DSDT.numamem",
-- 
2.19.1

[PATCH v2 6/7] arm/acpi: simplify the description of PCI _CRS

[Heyi Guo]

The original code defines a named object for the resource template but
then returns the resource template object itself; the resulted output
is like below:

Method (_CRS, 0, NotSerialized)  // _CRS: Current Resource Settings
{
Name (RBUF, ResourceTemplate ()
{
WordBusNumber (ResourceProducer, MinFixed, MaxFixed, PosDecode,
0x, // Granularity
0x, // Range Minimum
0x00FF, // Range Maximum
0x, // Translation Offset
0x0100, // Length
,, )
..
})
Return (ResourceTemplate ()
{
WordBusNumber (ResourceProducer, MinFixed, MaxFixed, PosDecode,
0x, // Granularity
0x, // Range Minimum
0x00FF, // Range Maximum
0x, // Translation Offset
0x0100, // Length
,, )
..
})
}

So the named object "RBUF" is actually useless. The more natural way
is to return RBUF instead, or simply drop RBUF definition.

Choose the latter one to simplify the code.

Signed-off-by: Heyi Guo 

---
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Shannon Zhao 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
 hw/arm/virt-acpi-build.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index f3e340b172..fb4b166f82 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -236,7 +236,6 @@ static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry 
*memmap,
  size_mmio_high));
 }
 
-aml_append(method, aml_name_decl("RBUF", rbuf));
 aml_append(method, aml_return(rbuf));
 aml_append(dev, method);
 
-- 
2.19.1

[PATCH v2 4/7] arm/acpi: fix PCI _PRT definition

[Heyi Guo]

The address field in each _PRT mapping package should be constructed
with high word for device# and low word for function#, so it is wrong
to use bus_no as the high word. Enumerate all possible slots
(i.e. PCI_SLOT_MAX) instead.

Signed-off-by: Heyi Guo 

---
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Shannon Zhao 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
 hw/arm/virt-acpi-build.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index be752c0ad8..5d157a9dd5 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -151,7 +151,7 @@ static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry 
*memmap,
 {
 int ecam_id = VIRT_ECAM_ID(highmem_ecam);
 Aml *method, *crs, *ifctx, *UUID, *ifctx1, *elsectx, *buf;
-int i, bus_no;
+int i, slot_no;
 hwaddr base_mmio = memmap[VIRT_PCIE_MMIO].base;
 hwaddr size_mmio = memmap[VIRT_PCIE_MMIO].size;
 hwaddr base_pio = memmap[VIRT_PCIE_PIO].base;
@@ -170,12 +170,12 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
MemMapEntry *memmap,
 aml_append(dev, aml_name_decl("_CCA", aml_int(1)));
 
 /* Declare the PCI Routing Table. */
-Aml *rt_pkg = aml_varpackage(nr_pcie_buses * PCI_NUM_PINS);
-for (bus_no = 0; bus_no < nr_pcie_buses; bus_no++) {
+Aml *rt_pkg = aml_varpackage(PCI_SLOT_MAX * PCI_NUM_PINS);
+for (slot_no = 0; slot_no < PCI_SLOT_MAX; slot_no++) {
 for (i = 0; i < PCI_NUM_PINS; i++) {
-int gsi = (i + bus_no) % PCI_NUM_PINS;
+int gsi = (i + slot_no) % PCI_NUM_PINS;
 Aml *pkg = aml_package(4);
-aml_append(pkg, aml_int((bus_no << 16) | 0x));
+aml_append(pkg, aml_int((slot_no << 16) | 0x));
 aml_append(pkg, aml_int(i));
 aml_append(pkg, aml_name("GSI%d", gsi));
 aml_append(pkg, aml_int(0));
-- 
2.19.1

[PATCH v2 0/7] Some cleanup in arm/virt/acpi

[Heyi Guo]

Remove conflict _ADR objects, and fix and refine PCI device definition in
ACPI/DSDT.

Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Cc: Shannon Zhao 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org

v1 -> v2:
- flow the work flow in tests/qtest/bios-table-test.c to post ACPI related
  patches.
- update commit messages for removing "RP0" and "_ADR".
- add 3 more cleanup patches.

Heyi Guo (7):
  bios-tables-test: prepare to change ARM virt ACPI DSDT
  arm/virt/acpi: remove meaningless sub device "PR0" from PCI0
  arm/virt/acpi: remove _ADR from devices identified by _HID
  arm/acpi: fix PCI _PRT definition
  arm/acpi: fix duplicated _UID of PCI interrupt link devices
  arm/acpi: simplify the description of PCI _CRS
  virt/acpi: update golden masters for DSDT update

 hw/arm/virt-acpi-build.c  |  25 ++---
 tests/data/acpi/virt/DSDT | Bin 18462 -> 5307 bytes
 tests/data/acpi/virt/DSDT.memhp   | Bin 19799 -> 6644 bytes
 tests/data/acpi/virt/DSDT.numamem | Bin 18462 -> 5307 bytes
 4 files changed, 6 insertions(+), 19 deletions(-)

-- 
2.19.1

[PATCH] audio/dsound: fix invalid parameters error

[Kővágó, Zoltán]

Windows (unlike wine) bails out when IDirectSoundBuffer8::Lock is called
with zero length.  Also, hw->pos_emul handling was incorrect when
calling this function for the first time.

Signed-off-by: Kővágó, Zoltán 
Reported-by: KJ Liew 
---

I've tested this patch on wine and a borrowed Windows 8.1 laptop, I
could only test audio playback, not recording.  I've cross-compiled qemu
using the docker image, for 64-bit.

---
 audio/dsound_template.h |  1 +
 audio/audio.c   |  6 ++
 audio/dsoundaudio.c | 27 +++
 3 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/audio/dsound_template.h b/audio/dsound_template.h
index 7a15f91ce5..9c5ce625ab 100644
--- a/audio/dsound_template.h
+++ b/audio/dsound_template.h
@@ -244,6 +244,7 @@ static int dsound_init_out(HWVoiceOut *hw, struct 
audsettings *as,
 goto fail0;
 }
 
+ds->first_time = true;
 obt_as.endianness = 0;
 audio_pcm_init_info (>info, _as);
 
diff --git a/audio/audio.c b/audio/audio.c
index f63f39769a..cb1efc6dc5 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -1076,10 +1076,8 @@ static size_t audio_pcm_hw_run_out(HWVoiceOut *hw, 
size_t live)
 while (live) {
 size_t size, decr, proc;
 void *buf = hw->pcm_ops->get_buffer_out(hw, );
-if (!buf) {
-/* retrying will likely won't help, drop everything. */
-hw->mix_buf->pos = (hw->mix_buf->pos + live) % hw->mix_buf->size;
-return clipped + live;
+if (!buf || size == 0) {
+break;
 }
 
 decr = MIN(size / hw->info.bytes_per_frame, live);
diff --git a/audio/dsoundaudio.c b/audio/dsoundaudio.c
index c265c0094b..bd57082a8d 100644
--- a/audio/dsoundaudio.c
+++ b/audio/dsoundaudio.c
@@ -53,12 +53,14 @@ typedef struct {
 typedef struct {
 HWVoiceOut hw;
 LPDIRECTSOUNDBUFFER dsound_buffer;
+bool first_time;
 dsound *s;
 } DSoundVoiceOut;
 
 typedef struct {
 HWVoiceIn hw;
 LPDIRECTSOUNDCAPTUREBUFFER dsound_capture_buffer;
+bool first_time;
 dsound *s;
 } DSoundVoiceIn;
 
@@ -414,21 +416,32 @@ static void *dsound_get_buffer_out(HWVoiceOut *hw, size_t 
*size)
 DSoundVoiceOut *ds = (DSoundVoiceOut *) hw;
 LPDIRECTSOUNDBUFFER dsb = ds->dsound_buffer;
 HRESULT hr;
-DWORD ppos, act_size;
+DWORD ppos, wpos, act_size;
 size_t req_size;
 int err;
 void *ret;
 
-hr = IDirectSoundBuffer_GetCurrentPosition(dsb, , NULL);
+hr = IDirectSoundBuffer_GetCurrentPosition(
+dsb, , ds->first_time ?  : NULL);
 if (FAILED(hr)) {
 dsound_logerr(hr, "Could not get playback buffer position\n");
 *size = 0;
 return NULL;
 }
 
+if (ds->first_time) {
+hw->pos_emul = wpos;
+ds->first_time = false;
+}
+
 req_size = audio_ring_dist(ppos, hw->pos_emul, hw->size_emul);
 req_size = MIN(req_size, hw->size_emul - hw->pos_emul);
 
+if (req_size == 0) {
+*size = 0;
+return NULL;
+}
+
 err = dsound_lock_out(dsb, >info, hw->pos_emul, req_size, , NULL,
   _size, NULL, false, ds->s);
 if (err) {
@@ -508,18 +521,24 @@ static void *dsound_get_buffer_in(HWVoiceIn *hw, size_t 
*size)
 DSoundVoiceIn *ds = (DSoundVoiceIn *) hw;
 LPDIRECTSOUNDCAPTUREBUFFER dscb = ds->dsound_capture_buffer;
 HRESULT hr;
-DWORD cpos, act_size;
+DWORD cpos, rpos, act_size;
 size_t req_size;
 int err;
 void *ret;
 
-hr = IDirectSoundCaptureBuffer_GetCurrentPosition(dscb, , NULL);
+hr = IDirectSoundCaptureBuffer_GetCurrentPosition(
+dscb, , ds->first_time ?  : NULL);
 if (FAILED(hr)) {
 dsound_logerr(hr, "Could not get capture buffer position\n");
 *size = 0;
 return NULL;
 }
 
+if (ds->first_time) {
+hw->pos_emul = rpos;
+ds->first_time = false;
+}
+
 req_size = audio_ring_dist(cpos, hw->pos_emul, hw->size_emul);
 req_size = MIN(req_size, hw->size_emul - hw->pos_emul);
 
-- 
2.25.0

Re: [PATCH v4 02/20] hw/arm: add Xunlong Orange Pi PC machine

[Niek Linnenbank]

On Sun, Jan 19, 2020 at 7:04 PM Philippe Mathieu-Daudé 
wrote:

> On 1/19/20 1:50 AM, Niek Linnenbank wrote:
> > The Xunlong Orange Pi PC is an Allwinner H3 System on Chip
> > based embedded computer with mainline support in both U-Boot
> > and Linux. The board comes with a Quad Core Cortex A7 @ 1.3GHz,
> > 1GiB RAM, 100Mbit ethernet, USB, SD/MMC, USB, HDMI and
> > various other I/O. This commit add support for the Xunlong
> > Orange Pi PC machine.
> >
> > Signed-off-by: Niek Linnenbank 
> > Tested-by: KONRAD Frederic 
> > Reviewed-by: Philippe Mathieu-Daudé 
> > ---
> >   hw/arm/orangepi.c| 93 
> >   MAINTAINERS  |  1 +
> >   hw/arm/Makefile.objs |  2 +-
> >   3 files changed, 95 insertions(+), 1 deletion(-)
> >   create mode 100644 hw/arm/orangepi.c
> >
> > diff --git a/hw/arm/orangepi.c b/hw/arm/orangepi.c
> > new file mode 100644
> > index 00..866f5f7cd6
> > --- /dev/null
> > +++ b/hw/arm/orangepi.c
> > @@ -0,0 +1,93 @@
> > +/*
> > + * Orange Pi emulation
> > + *
> > + * Copyright (C) 2019 Niek Linnenbank 
> > + *
> > + * This program is free software: you can redistribute it and/or modify
> > + * it under the terms of the GNU General Public License as published by
> > + * the Free Software Foundation, either version 2 of the License, or
> > + * (at your option) any later version.
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + * GNU General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU General Public License
> > + * along with this program.  If not, see  >.
> > + */
> > +
> > +#include "qemu/osdep.h"
> > +#include "qemu/units.h"
> > +#include "exec/address-spaces.h"
> > +#include "qapi/error.h"
> > +#include "cpu.h"
> > +#include "hw/sysbus.h"
> > +#include "hw/boards.h"
> > +#include "hw/qdev-properties.h"
> > +#include "hw/arm/allwinner-h3.h"
> > +#include "sysemu/sysemu.h"
> > +
> > +static struct arm_boot_info orangepi_binfo = {
> > +.nb_cpus = AW_H3_NUM_CPUS,
> > +};
> > +
> > +typedef struct OrangePiState {
> > +AwH3State *h3;
> > +MemoryRegion sdram;
> > +} OrangePiState;
> > +
> > +static void orangepi_init(MachineState *machine)
> > +{
> > +OrangePiState *s = g_new(OrangePiState, 1);
> > +
> > +/* BIOS is not supported by this board */
> > +if (bios_name) {
> > +error_report("BIOS not supported for this machine");
> > +exit(1);
> > +}
> > +
> > +/* Only allow Cortex-A7 for this board */
> > +if (strcmp(machine->cpu_type, ARM_CPU_TYPE_NAME("cortex-a7")) != 0)
> {
> > +error_report("This board can only be used with cortex-a7 CPU");
> > +exit(1);
> > +}
> > +
> > +s->h3 = AW_H3(object_new(TYPE_AW_H3));
> > +
> > +/* Setup timer properties */
> > +object_property_set_int(OBJECT(s->h3), 32768, "clk0-freq",
> > +_abort);
> > +object_property_set_int(OBJECT(s->h3), 24 * 1000 * 1000,
> "clk1-freq",
> > +_abort);
> > +
> > +/* Mark H3 object realized */
> > +object_property_set_bool(OBJECT(s->h3), true, "realized",
> _abort);
> > +
> > +/* SDRAM */
> > +if (machine->ram_size != 1 * GiB) {
> > +error_report("This machine can only be used with 1GiB of RAM");
> > +exit(1);
> > +}
>
> I'd move this check earlier, eventually between the bios/cpu checks.
>

Sure, I'll move it between the bios/cpu checks.

Regards,
Niek


>
> > +memory_region_allocate_system_memory(>sdram, NULL, "sdram",
> > + machine->ram_size);
> > +memory_region_add_subregion(get_system_memory(),
> s->h3->memmap[AW_H3_SDRAM],
> > +>sdram);
> > +
> > +orangepi_binfo.loader_start = s->h3->memmap[AW_H3_SDRAM];
> > +orangepi_binfo.ram_size = machine->ram_size;
> > +arm_load_kernel(ARM_CPU(first_cpu), machine, _binfo);
> > +}
> > +
> > +static void orangepi_machine_init(MachineClass *mc)
> > +{
> > +mc->desc = "Orange Pi PC";
> > +mc->init = orangepi_init;
> > +mc->min_cpus = AW_H3_NUM_CPUS;
> > +mc->max_cpus = AW_H3_NUM_CPUS;
> > +mc->default_cpus = AW_H3_NUM_CPUS;
> > +mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a7");
> > +mc->default_ram_size = 1 * GiB;
> > +}
> > +
> > +DEFINE_MACHINE("orangepi-pc", orangepi_machine_init)
> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index 225582704d..e99797eec9 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -487,6 +487,7 @@ L: qemu-...@nongnu.org
> >   S: Maintained
> >   F: hw/*/allwinner-h3*
> >   F: include/hw/*/allwinner-h3*
> > +F: hw/arm/orangepi.c
> >
> >   ARM PrimeCell and CMSDK devices
> >   M: Peter Maydell 
> > diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs

Re: [PATCH v4 02/20] hw/arm: add Xunlong Orange Pi PC machine

[Niek Linnenbank]

On Tue, Jan 21, 2020 at 5:39 PM Igor Mammedov  wrote:

> On Sun, 19 Jan 2020 01:50:44 +0100
> Niek Linnenbank  wrote:
>
> > The Xunlong Orange Pi PC is an Allwinner H3 System on Chip
> > based embedded computer with mainline support in both U-Boot
> > and Linux. The board comes with a Quad Core Cortex A7 @ 1.3GHz,
> > 1GiB RAM, 100Mbit ethernet, USB, SD/MMC, USB, HDMI and
> > various other I/O. This commit add support for the Xunlong
> > Orange Pi PC machine.
> >
> > Signed-off-by: Niek Linnenbank 
> > Tested-by: KONRAD Frederic 
> > Reviewed-by: Philippe Mathieu-Daudé 
>
> Acked-by: Igor Mammedov 
>

Thanks for the Acked-by Igor, I'm adding it to the commit message.

Regards,
Niek


>
> > ---
> >  hw/arm/orangepi.c| 93 
> >  MAINTAINERS  |  1 +
> >  hw/arm/Makefile.objs |  2 +-
> >  3 files changed, 95 insertions(+), 1 deletion(-)
> >  create mode 100644 hw/arm/orangepi.c
> >
> > diff --git a/hw/arm/orangepi.c b/hw/arm/orangepi.c
> > new file mode 100644
> > index 00..866f5f7cd6
> > --- /dev/null
> > +++ b/hw/arm/orangepi.c
> > @@ -0,0 +1,93 @@
> > +/*
> > + * Orange Pi emulation
> > + *
> > + * Copyright (C) 2019 Niek Linnenbank 
> > + *
> > + * This program is free software: you can redistribute it and/or modify
> > + * it under the terms of the GNU General Public License as published by
> > + * the Free Software Foundation, either version 2 of the License, or
> > + * (at your option) any later version.
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + * GNU General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU General Public License
> > + * along with this program.  If not, see  >.
> > + */
> > +
> > +#include "qemu/osdep.h"
> > +#include "qemu/units.h"
> > +#include "exec/address-spaces.h"
> > +#include "qapi/error.h"
> > +#include "cpu.h"
> > +#include "hw/sysbus.h"
> > +#include "hw/boards.h"
> > +#include "hw/qdev-properties.h"
> > +#include "hw/arm/allwinner-h3.h"
> > +#include "sysemu/sysemu.h"
> > +
> > +static struct arm_boot_info orangepi_binfo = {
> > +.nb_cpus = AW_H3_NUM_CPUS,
> > +};
> > +
> > +typedef struct OrangePiState {
> > +AwH3State *h3;
> > +MemoryRegion sdram;
> > +} OrangePiState;
> > +
> > +static void orangepi_init(MachineState *machine)
> > +{
> > +OrangePiState *s = g_new(OrangePiState, 1);
> > +
> > +/* BIOS is not supported by this board */
> > +if (bios_name) {
> > +error_report("BIOS not supported for this machine");
> > +exit(1);
> > +}
> > +
> > +/* Only allow Cortex-A7 for this board */
> > +if (strcmp(machine->cpu_type, ARM_CPU_TYPE_NAME("cortex-a7")) != 0)
> {
> > +error_report("This board can only be used with cortex-a7 CPU");
> > +exit(1);
> > +}
> > +
> > +s->h3 = AW_H3(object_new(TYPE_AW_H3));
> > +
> > +/* Setup timer properties */
> > +object_property_set_int(OBJECT(s->h3), 32768, "clk0-freq",
> > +_abort);
> > +object_property_set_int(OBJECT(s->h3), 24 * 1000 * 1000,
> "clk1-freq",
> > +_abort);
> > +
> > +/* Mark H3 object realized */
> > +object_property_set_bool(OBJECT(s->h3), true, "realized",
> _abort);
> > +
> > +/* SDRAM */
> > +if (machine->ram_size != 1 * GiB) {
> > +error_report("This machine can only be used with 1GiB of RAM");
> > +exit(1);
> > +}
> > +memory_region_allocate_system_memory(>sdram, NULL, "sdram",
> > + machine->ram_size);
> > +memory_region_add_subregion(get_system_memory(),
> s->h3->memmap[AW_H3_SDRAM],
> > +>sdram);
> > +
> > +orangepi_binfo.loader_start = s->h3->memmap[AW_H3_SDRAM];
> > +orangepi_binfo.ram_size = machine->ram_size;
> > +arm_load_kernel(ARM_CPU(first_cpu), machine, _binfo);
> > +}
> > +
> > +static void orangepi_machine_init(MachineClass *mc)
> > +{
> > +mc->desc = "Orange Pi PC";
> > +mc->init = orangepi_init;
> > +mc->min_cpus = AW_H3_NUM_CPUS;
> > +mc->max_cpus = AW_H3_NUM_CPUS;
> > +mc->default_cpus = AW_H3_NUM_CPUS;
> > +mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a7");
> > +mc->default_ram_size = 1 * GiB;
> > +}
> > +
> > +DEFINE_MACHINE("orangepi-pc", orangepi_machine_init)
> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index 225582704d..e99797eec9 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -487,6 +487,7 @@ L: qemu-...@nongnu.org
> >  S: Maintained
> >  F: hw/*/allwinner-h3*
> >  F: include/hw/*/allwinner-h3*
> > +F: hw/arm/orangepi.c
> >
> >  ARM PrimeCell and CMSDK devices
> >  M: Peter Maydell 
> > diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
> > index 

Re: [RFC PATCH] audio: proper support for float samples in mixeng

[Howard Spoelstra]

On Sun, Feb 2, 2020 at 8:38 PM Kővágó, Zoltán 
wrote:

> This adds proper support for float samples in mixeng by adding a new
> audio format for it.
>
> Limitations: only native endianness is supported.
>
> Signed-off-by: Kővágó, Zoltán 
> ---
>
> This patch is meant to be applied on top of "[PATCH] coreaudio: fix
> coreaudio
> playback" by Volker Rümelin, available at:
> https://lists.nongnu.org/archive/html/qemu-devel/2020-02/msg00114.html
>
> For more information, please refer to that thread.
>
> ---
>  qapi/audio.json|  2 +-
>  audio/audio_int.h  |  3 +-
>  audio/audio_template.h | 41 
>  audio/mixeng.h |  8 ++--
>  audio/alsaaudio.c  | 17 
>  audio/audio.c  | 56 ++-
>  audio/coreaudio.c  |  7 +---
>  audio/mixeng.c | 88 ++
>  audio/paaudio.c|  9 +
>  audio/sdlaudio.c   | 28 ++
>  10 files changed, 180 insertions(+), 79 deletions(-)
>
> diff --git a/qapi/audio.json b/qapi/audio.json
> index 83312b2339..d8c507cced 100644
> --- a/qapi/audio.json
> +++ b/qapi/audio.json
> @@ -276,7 +276,7 @@
>  # Since: 4.0
>  ##
>  { 'enum': 'AudioFormat',
> -  'data': [ 'u8', 's8', 'u16', 's16', 'u32', 's32' ] }
> +  'data': [ 'u8', 's8', 'u16', 's16', 'u32', 's32', 'f32' ] }
>
>  ##
>  # @AudiodevDriver:
> diff --git a/audio/audio_int.h b/audio/audio_int.h
> index 5ba2078346..cd92e48163 100644
> --- a/audio/audio_int.h
> +++ b/audio/audio_int.h
> @@ -40,7 +40,8 @@ struct audio_callback {
>
>  struct audio_pcm_info {
>  int bits;
> -int sign;
> +bool is_signed;
> +bool is_float;
>  int freq;
>  int nchannels;
>  int bytes_per_frame;
> diff --git a/audio/audio_template.h b/audio/audio_template.h
> index 0336d2670c..7013d3041f 100644
> --- a/audio/audio_template.h
> +++ b/audio/audio_template.h
> @@ -153,15 +153,23 @@ static int glue (audio_pcm_sw_init_, TYPE) (
>  sw->ratio = ((int64_t) sw->info.freq << 32) / sw->hw->info.freq;
>  #endif
>
> +if (sw->info.is_float) {
>  #ifdef DAC
> -sw->conv = mixeng_conv
> +sw->conv = mixeng_conv_float[sw->info.nchannels == 2];
>  #else
> -sw->clip = mixeng_clip
> +sw->clip = mixeng_clip_float[sw->info.nchannels == 2];
>  #endif
> -[sw->info.nchannels == 2]
> -[sw->info.sign]
> -[sw->info.swap_endianness]
> -[audio_bits_to_index (sw->info.bits)];
> +} else {
> +#ifdef DAC
> +sw->conv = mixeng_conv
> +#else
> +sw->clip = mixeng_clip
> +#endif
> +[sw->info.nchannels == 2]
> +[sw->info.is_signed]
> +[sw->info.swap_endianness]
> +[audio_bits_to_index(sw->info.bits)];
> +}
>
>  sw->name = g_strdup (name);
>  err = glue (audio_pcm_sw_alloc_resources_, TYPE) (sw);
> @@ -276,22 +284,23 @@ static HW *glue(audio_pcm_hw_add_new_,
> TYPE)(AudioState *s,
>  goto err1;
>  }
>
> -if (s->dev->driver == AUDIODEV_DRIVER_COREAUDIO) {
> +if (hw->info.is_float) {
>  #ifdef DAC
> -hw->clip = clip_natural_float_from_stereo;
> +hw->clip = mixeng_clip_float[hw->info.nchannels == 2];
>  #else
> -hw->conv = conv_natural_float_to_stereo;
> +hw->conv = mixeng_conv_float[hw->info.nchannels == 2];
>  #endif
> -} else
> +} else {
>  #ifdef DAC
> -hw->clip = mixeng_clip
> +hw->clip = mixeng_clip
>  #else
> -hw->conv = mixeng_conv
> +hw->conv = mixeng_conv
>  #endif
> -[hw->info.nchannels == 2]
> -[hw->info.sign]
> -[hw->info.swap_endianness]
> -[audio_bits_to_index (hw->info.bits)];
> +[hw->info.nchannels == 2]
> +[hw->info.is_signed]
> +[hw->info.swap_endianness]
> +[audio_bits_to_index(hw->info.bits)];
> +}
>
>  glue(audio_pcm_hw_alloc_resources_, TYPE)(hw);
>
> diff --git a/audio/mixeng.h b/audio/mixeng.h
> index 7ef61763e8..2dcd6df245 100644
> --- a/audio/mixeng.h
> +++ b/audio/mixeng.h
> @@ -38,13 +38,13 @@ typedef struct st_sample st_sample;
>  typedef void (t_sample) (struct st_sample *dst, const void *src, int
> samples);
>  typedef void (f_sample) (void *dst, const struct st_sample *src, int
> samples);
>
> +/* indices: [stereo][signed][swap endiannes][8, 16 or 32-bits] */
>  extern t_sample *mixeng_conv[2][2][2][3];
>  extern f_sample *mixeng_clip[2][2][2][3];
>
> -void conv_natural_float_to_stereo(struct st_sample *dst, const void *src,
> -  int samples);
> -void clip_natural_float_from_stereo(void *dst, const struct st_sample
> *src,
> -int samples);
> +/* indices: [stereo] */
> +extern t_sample *mixeng_conv_float[2];
> +extern f_sample *mixeng_clip_float[2];
>
>  void *st_rate_start (int inrate, int outrate);
>  void st_rate_flow(void *opaque, st_sample *ibuf, st_sample *obuf,
> diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
> index 

Re: [PATCH v4 10/20] hw/arm/allwinner-h3: add Boot ROM support

[Niek Linnenbank]

On Sun, Jan 19, 2020 at 8:14 PM Philippe Mathieu-Daudé 
wrote:

> On 1/19/20 1:50 AM, Niek Linnenbank wrote:
> > A real Allwinner H3 SoC contains a Boot ROM which is the
> > first code that runs right after the SoC is powered on.
> > The Boot ROM is responsible for loading user code (e.g. a bootloader)
> > from any of the supported external devices and writing the downloaded
> > code to internal SRAM. After loading the SoC begins executing the code
> > written to SRAM.
> >
> > This commits adds emulation of the Boot ROM firmware setup functionality
> > by loading user code from SD card in the A1 SRAM. While the A1 SRAM is
> > 64KiB, we limit the size to 32KiB because the real H3 Boot ROM also
> rejects
> > sizes larger than 32KiB. For reference, this behaviour is documented
> > by the Linux Sunxi project wiki at:
> >
> >https://linux-sunxi.org/BROM#U-Boot_SPL_limitations
> >
> > Signed-off-by: Niek Linnenbank 
> > ---
> >   include/hw/arm/allwinner-h3.h | 23 +++
> >   hw/arm/allwinner-h3.c | 28 
> >   hw/arm/orangepi.c |  5 +
> >   3 files changed, 56 insertions(+)
> >
> > diff --git a/include/hw/arm/allwinner-h3.h
> b/include/hw/arm/allwinner-h3.h
> > index f9b9a02373..f5e16266cd 100644
> > --- a/include/hw/arm/allwinner-h3.h
> > +++ b/include/hw/arm/allwinner-h3.h
> > @@ -46,6 +46,7 @@
> >   #include "hw/sd/allwinner-sdhost.h"
> >   #include "hw/net/allwinner-sun8i-emac.h"
> >   #include "target/arm/cpu.h"
> > +#include "sysemu/block-backend.h"
> >
> >   /**
> >* Allwinner H3 device list
> > @@ -129,4 +130,26 @@ typedef struct AwH3State {
> >   MemoryRegion sram_c;
> >   } AwH3State;
> >
> > +/**
> > + * Emulate Boot ROM firmware setup functionality.
> > + *
> > + * A real Allwinner H3 SoC contains a Boot ROM
> > + * which is the first code that runs right after
> > + * the SoC is powered on. The Boot ROM is responsible
> > + * for loading user code (e.g. a bootloader) from any
> > + * of the supported external devices and writing the
> > + * downloaded code to internal SRAM. After loading the SoC
> > + * begins executing the code written to SRAM.
> > + *
> > + * This function emulates the Boot ROM by copying 32 KiB
> > + * of data from the given block device and writes it to
> > + * the start of the first internal SRAM memory.
> > + *
> > + * @s: Allwinner H3 state object pointer
> > + * @blk: Block backend device object pointer
> > + * @errp: Error object pointer for raising errors
> > + */
> > +void allwinner_h3_bootrom_setup(AwH3State *s, BlockBackend *blk,
> > +Error **errp);
> > +
> >   #endif /* HW_ARM_ALLWINNER_H3_H */
> > diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
> > index 1085223812..3d0470825a 100644
> > --- a/hw/arm/allwinner-h3.c
> > +++ b/hw/arm/allwinner-h3.c
> > @@ -29,6 +29,7 @@
> >   #include "hw/char/serial.h"
> >   #include "hw/misc/unimp.h"
> >   #include "hw/usb/hcd-ehci.h"
> > +#include "hw/loader.h"
> >   #include "sysemu/sysemu.h"
> >   #include "hw/arm/allwinner-h3.h"
> >
> > @@ -170,6 +171,33 @@ enum {
> >   AW_H3_GIC_NUM_SPI   = 128
> >   };
> >
> > +void allwinner_h3_bootrom_setup(AwH3State *s, BlockBackend *blk, Error
> **errp)
> > +{
> > +uint8_t *buffer;
> > +int64_t rom_size = 32 * KiB;
> > +
> > +int64_t blk_size = blk_getlength(blk);
> > +if (blk_size <= 0) {
> > +error_setg(errp, "%s: failed to get BlockBackend size",
> __func__);
> > +return;
> > +}
> > +
> > +if (rom_size > blk_size) {
> > +rom_size = blk_size;
>
> This doesn't seem correct, have you tried to use a 1MB file?
>
> This can't be bigger than the SRAM size, 64KB.
>

This check was supposed to take into account the possibility that
the BlockBackend is smaller than the rom_size. However, if the rom cannot
be read from the BlockBackend it will return an error code anyway.

So the check can simply be removed. Thanks!


>
> > +}
> > +
> > +buffer = g_new0(uint8_t, rom_size);
> > +if (blk_pread(blk, 8 * KiB, buffer, rom_size) < 0) {
> > +error_setg(errp, "%s: failed to read BlockBackend data",
> __func__);
> > +return;
> > +}
> > +
> > +rom_add_blob("allwinner-h3.bootrom", buffer, rom_size,
> > +  rom_size, s->memmap[AW_H3_SRAM_A1],
> > +  NULL, NULL, NULL, NULL, false);
> > +g_free(buffer);
> > +}
> > +
> >   static void allwinner_h3_init(Object *obj)
> >   {
> >   AwH3State *s = AW_H3(obj);
> > diff --git a/hw/arm/orangepi.c b/hw/arm/orangepi.c
> > index 25bf85f8fc..9d4c79885e 100644
> > --- a/hw/arm/orangepi.c
> > +++ b/hw/arm/orangepi.c
> > @@ -95,6 +95,11 @@ static void orangepi_init(MachineState *machine)
> >   memory_region_add_subregion(get_system_memory(),
> s->h3->memmap[AW_H3_SDRAM],
> >   >sdram);
> >
> > +/* Load target kernel or start using BootROM */
> > +if (!machine->kernel_filename && 

[Bug 1805913] Re: readdir() returns NULL (errno=EOVERFLOW) for 32-bit user-static qemu on 64-bit host

[Marcin Konarski]

This problem affected my virtual environment which I used (via qemu-
static) to build my project for RaspberryPI platform. After I upgraded
my virtual Raspbian to buster release `readdir` stopped working (as
described in this thread) due to mapping of 64 inode numbers to qemu
32bit ARM land. I needed this builder working and I found a workaround
in some obscure (2nd page of google result) blog.

Before the work around my virtual Raspbian was just a directory on one
of my ext4 partitions. To fix the issue I created image file with dd,
formatted with mkfs.ext4 it with `dir_index` option disabled and moved
my virual Raspbian onto that newly created filesystem. This fixed the
issue for me and my builder started again.

I am posting it here so `dir_index` trick can be easier to found for
others in this situation.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1805913

Title:
  readdir() returns NULL (errno=EOVERFLOW) for 32-bit user-static qemu
  on 64-bit host

Status in QEMU:
  New

Bug description:
  This can be simply reproduced by compiling and running the attached C
  code (readdir-bug.c) under 32-bit user-static qemu, such as qemu-arm-
  static:

  # Setup docker for user-static binfmt
  docker run --rm --privileged multiarch/qemu-user-static:register --reset
  # Compile the code and run (readdir for / is fine, so create a new directory 
/test).
  docker run -v /path/to/qemu-arm-static:/usr/bin/qemu-arm-static -v 
/path/to/readdir-bug.c:/tmp/readdir-bug.c -it --rm arm32v7/ubuntu:18.10 bash -c 
'{ apt update && apt install -y gcc; } >&/dev/null && mkdir -p /test && cd 
/test && gcc /tmp/readdir-bug.c && ./a.out'
  dir=0xff5b4150
  readdir(dir)=(nil)
  errno=75: Value too large for defined data type

  Do remember to replace the /path/to/qemu-arm-static and /path/to
  /readdir-bug.c to the actual paths of the files.

  The root cause is in glibc:
  
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/getdents.c;h=6d09a5be7057e2792be9150d3a2c7b293cf6fc34;hb=a5275ba5378c9256d18e582572b4315e8edfcbfb#l87

  By C standard, the return type of readdir() is DIR*, in which the
  inode number and offset are 32-bit integers, therefore, glibc calls
  getdents64() and check if the inode number and offset fits the 32-bit
  range, and reports EOVERFLOW if not.

  The problem here is for 32-bit user-static qemu running on 64-bit
  host, getdents64 simply passing through the inode number and offset
  from underlying getdents64 syscall (from 64-bit kernel), which is very
  likely to not fit into 32-bit range. On real hardware, the 32-bit
  kernel creates 32-bit inode numbers, therefore works properly.

  The glibc code makes sense to do the check to be conformant with C
  standard, therefore ideally it should be a fix on qemu side. I admit
  this is difficult because qemu has to maintain a mapping between
  underlying 64-bit inode numbers and 32-bit inode numbers, which would
  severely hurt the performance. I don't expect this could be fix
  anytime soon (or even there would be a fix), but it would be
  worthwhile to surface this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1805913/+subscriptions

Re: [PATCH v4 08/20] hw/arm/allwinner: add SD/MMC host controller

[Niek Linnenbank]

Hi Philippe,

On Sun, Jan 19, 2020 at 8:02 PM Philippe Mathieu-Daudé 
wrote:

> On 1/19/20 1:50 AM, Niek Linnenbank wrote:
> > The Allwinner System on Chip families sun4i and above contain
> > an integrated storage controller for Secure Digital (SD) and
> > Multi Media Card (MMC) interfaces. This commit adds support
> > for the Allwinner SD/MMC storage controller with the following
> > emulated features:
> >
> >   * DMA transfers
> >   * Direct FIFO I/O
> >   * Short/Long format command responses
> >   * Auto-Stop command (CMD12)
> >   * Insert & remove card detection
> >
> > The following boards are extended with the SD host controller:
> >
> >   * Cubieboard (hw/arm/cubieboard.c)
> >   * Orange Pi PC (hw/arm/orangepi.c)
> >
> > Signed-off-by: Niek Linnenbank 
> > Tested-by: Philippe Mathieu-Daudé 
> > ---
> >   include/hw/arm/allwinner-a10.h   |   2 +
> >   include/hw/arm/allwinner-h3.h|   3 +
> >   include/hw/sd/allwinner-sdhost.h | 135 +
> >   hw/arm/allwinner-a10.c   |  11 +
> >   hw/arm/allwinner-h3.c|  15 +-
> >   hw/arm/cubieboard.c  |  15 +
> >   hw/arm/orangepi.c|  16 +
> >   hw/sd/allwinner-sdhost.c | 848 +++
> >   hw/sd/Makefile.objs  |   1 +
> >   hw/sd/trace-events   |   7 +
> >   10 files changed, 1052 insertions(+), 1 deletion(-)
> >   create mode 100644 include/hw/sd/allwinner-sdhost.h
> >   create mode 100644 hw/sd/allwinner-sdhost.c
>
> Failure at build if configured with --without-default-devices:
>
>CC  arm-softmmu/hw/sd/allwinner-sdhost.o
>CC  arm-softmmu/hw/arm/orangepi.o
>CC  arm-softmmu/hw/arm/allwinner-h3.o
>LINKarm-softmmu/qemu-system-arm
> /usr/bin/ld: hw/sd/allwinner-sdhost.o: in function
> `allwinner_sdhost_send_command':
> hw/sd/allwinner-sdhost.c:239: undefined reference to `sdbus_do_command'
> /usr/bin/ld: hw/sd/allwinner-sdhost.o: in function `allwinner_sdhost_read':
> hw/sd/allwinner-sdhost.c:517: undefined reference to `sdbus_data_ready'
> /usr/bin/ld: hw/sd/allwinner-sdhost.c:518: undefined reference to
> `sdbus_read_data'
> /usr/bin/ld: hw/sd/allwinner-sdhost.c:519: undefined reference to
> `sdbus_read_data'
> /usr/bin/ld: hw/sd/allwinner-sdhost.c:520: undefined reference to
> `sdbus_read_data'
> /usr/bin/ld: hw/sd/allwinner-sdhost.c:521: undefined reference to
> `sdbus_read_data'
> /usr/bin/ld: hw/sd/allwinner-sdhost.o: in function
> `allwinner_sdhost_process_desc':
> hw/sd/allwinner-sdhost.c:340: undefined reference to `sdbus_read_data'
> /usr/bin/ld: hw/sd/allwinner-sdhost.c:334: undefined reference to
> `sdbus_write_data'
> /usr/bin/ld: hw/sd/allwinner-sdhost.o: in function
> `allwinner_sdhost_write':
> hw/sd/allwinner-sdhost.c:651: undefined reference to `sdbus_write_data'
> /usr/bin/ld: hw/sd/allwinner-sdhost.c:652: undefined reference to
> `sdbus_write_data'
> /usr/bin/ld: hw/sd/allwinner-sdhost.c:653: undefined reference to
> `sdbus_write_data'
> /usr/bin/ld: hw/sd/allwinner-sdhost.c:654: undefined reference to
> `sdbus_write_data'
> /usr/bin/ld: hw/sd/allwinner-sdhost.o: in function `allwinner_sdhost_dma':
> hw/sd/allwinner-sdhost.c:372: undefined reference to `sdbus_data_ready'
> collect2: error: ld returned 1 exit status
> make[1]: *** [Makefile:206: qemu-system-arm] Error 1
>
>
Thanks for reporting this Philippe. As you pointed out, I also made the
same mistake in patch #4 for USB support [1].
Here I also tried to re-produce the error here with:

$ ./configure --target-list=arm-softmmu --without-default-devices; make -j5

But again no error. I also see that CONFIG_SD=y is set in
arm-softmmu/config-devices.mak.
Maybe on my laptop  --without-default-devices has no effect or is overriden
somehow, I'll try to debug it further.

[1] https://lists.gnu.org/archive/html/qemu-devel/2020-02/msg00125.html


> Fixed by:
>
> -- >8 --
> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> index bb75c1de17..086241354c 100644
> --- a/hw/arm/Kconfig
> +++ b/hw/arm/Kconfig
> @@ -302,6 +302,9 @@ config ALLWINNER_H3
>   select ARM_TIMER
>   select ARM_GIC
>   select UNIMP
>   select USB_OHCI
>   select USB_EHCI_SYSBUS
> +select SD
>
> Thanks, I'll add this fix.

Regards,
Niek


>   config RASPI
>   bool
> ---
>
>

-- 
Niek Linnenbank

Re: [PATCH v3 07/17] hw/arm/allwinner: add Security Identifier device

[Niek Linnenbank]

Hi Corey,

Thanks for reviewing!

On Mon, Jan 20, 2020 at 6:59 PM Corey Minyard  wrote:

> On Sat, Jan 18, 2020 at 04:25:08PM +0100, Philippe Mathieu-Daudé wrote:
> > Cc'ing Corey/David for good advices about using UUID.
>
> Is there any reason you didn't use the built-in qemu UUID for this?  It
> would simplify things in general.
>

Currently the Allwinner SID device is using the QemuUUID type from
include/qemu/uuid.h.
Is that the build-in UUID you are referring to or should I use something
else?


> Also, in case no one else say, you have tabs in your code that you need
> to get rid of.
>
>
If there are any tabs in the code, it was not intended. I re-checked this
patch and others
again but found no tabs in the code.
Could you please point out where you found the extra tabs?

Regards,
Niek


> -corey
>
> >
> > On 1/8/20 9:00 PM, Niek Linnenbank wrote:
> > > The Security Identifier device found in various Allwinner System on
> Chip
> > > designs gives applications a per-board unique identifier. This commit
> > > adds support for the Allwinner Security Identifier using a 128-bit
> > > UUID value as input.
> > >
> > > Signed-off-by: Niek Linnenbank 
> > > ---
> > >   include/hw/arm/allwinner-h3.h   |   3 +
> > >   include/hw/misc/allwinner-sid.h |  61 
> > >   hw/arm/allwinner-h3.c   |  11 ++-
> > >   hw/arm/orangepi.c   |   4 +
> > >   hw/misc/allwinner-sid.c | 170
> 
> > >   hw/misc/Makefile.objs   |   1 +
> > >   hw/misc/trace-events|   4 +
> > >   7 files changed, 253 insertions(+), 1 deletion(-)
> > >   create mode 100644 include/hw/misc/allwinner-sid.h
> > >   create mode 100644 hw/misc/allwinner-sid.c
> > >
> > > diff --git a/include/hw/arm/allwinner-h3.h
> b/include/hw/arm/allwinner-h3.h
> > > index 5a25a92eae..9ed365507c 100644
> > > --- a/include/hw/arm/allwinner-h3.h
> > > +++ b/include/hw/arm/allwinner-h3.h
> > > @@ -46,6 +46,7 @@
> > >   #include "hw/misc/allwinner-h3-ccu.h"
> > >   #include "hw/misc/allwinner-cpucfg.h"
> > >   #include "hw/misc/allwinner-h3-sysctrl.h"
> > > +#include "hw/misc/allwinner-sid.h"
> > >   #include "target/arm/cpu.h"
> > >   /**
> > > @@ -63,6 +64,7 @@ enum {
> > >   AW_H3_SRAM_A2,
> > >   AW_H3_SRAM_C,
> > >   AW_H3_SYSCTRL,
> > > +AW_H3_SID,
> > >   AW_H3_EHCI0,
> > >   AW_H3_OHCI0,
> > >   AW_H3_EHCI1,
> > > @@ -115,6 +117,7 @@ typedef struct AwH3State {
> > >   AwH3ClockCtlState ccu;
> > >   AwCpuCfgState cpucfg;
> > >   AwH3SysCtrlState sysctrl;
> > > +AwSidState sid;
> > >   GICState gic;
> > >   MemoryRegion sram_a1;
> > >   MemoryRegion sram_a2;
> > > diff --git a/include/hw/misc/allwinner-sid.h
> b/include/hw/misc/allwinner-sid.h
> > > new file mode 100644
> > > index 00..41189967e2
> > > --- /dev/null
> > > +++ b/include/hw/misc/allwinner-sid.h
> > > @@ -0,0 +1,61 @@
> > > +/*
> > > + * Allwinner Security ID emulation
> > > + *
> > > + * Copyright (C) 2019 Niek Linnenbank 
> > > + *
> > > + * This program is free software: you can redistribute it and/or
> modify
> > > + * it under the terms of the GNU General Public License as published
> by
> > > + * the Free Software Foundation, either version 2 of the License, or
> > > + * (at your option) any later version.
> > > + *
> > > + * This program is distributed in the hope that it will be useful,
> > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > > + * GNU General Public License for more details.
> > > + *
> > > + * You should have received a copy of the GNU General Public License
> > > + * along with this program.  If not, see <
> http://www.gnu.org/licenses/>.
> > > + */
> > > +
> > > +#ifndef HW_MISC_ALLWINNER_SID_H
> > > +#define HW_MISC_ALLWINNER_SID_H
> > > +
> > > +#include "qemu/osdep.h"
> > > +#include "qom/object.h"
> > > +#include "hw/sysbus.h"
> > > +#include "qemu/uuid.h"
> > > +
> > > +/**
> > > + * Object model
> > > + * @{
> > > + */
> > > +
> > > +#define TYPE_AW_SID"allwinner-sid"
> > > +#define AW_SID(obj) \
> > > +OBJECT_CHECK(AwSidState, (obj), TYPE_AW_SID)
> > > +
> > > +/** @} */
> > > +
> > > +/**
> > > + * Allwinner Security ID object instance state
> > > + */
> > > +typedef struct AwSidState {
> > > +/*< private >*/
> > > +SysBusDevice parent_obj;
> > > +/*< public >*/
> > > +
> > > +/** Maps I/O registers in physical memory */
> > > +MemoryRegion iomem;
> > > +
> > > +/** Control register defines how and what to read */
> > > +uint32_t control;
> > > +
> > > +/** RdKey register contains the data retrieved by the device */
> > > +uint32_t rdkey;
> > > +
> > > +/** Stores the emulated device identifier */
> > > +QemuUUID identifier;
> > > +
> > > +} AwSidState;
> > > +
> > > +#endif /* HW_MISC_ALLWINNER_SID_H */
> > > diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
> > > 

Re: [PATCH v4 07/20] hw/arm/allwinner: add Security Identifier device

[Niek Linnenbank]

On Sun, Jan 19, 2020 at 7:57 PM Philippe Mathieu-Daudé 
wrote:

> On 1/19/20 1:50 AM, Niek Linnenbank wrote:
> > The Security Identifier device found in various Allwinner System on Chip
> > designs gives applications a per-board unique identifier. This commit
> > adds support for the Allwinner Security Identifier using a 128-bit
> > UUID value as input.
> >
> > Signed-off-by: Niek Linnenbank 
> > ---
> >   include/hw/arm/allwinner-h3.h   |   3 +
> >   include/hw/misc/allwinner-sid.h |  60 +++
> >   hw/arm/allwinner-h3.c   |  11 ++-
> >   hw/arm/orangepi.c   |   4 +
> >   hw/misc/allwinner-sid.c | 170 
> >   hw/misc/Makefile.objs   |   1 +
> >   hw/misc/trace-events|   4 +
> >   7 files changed, 252 insertions(+), 1 deletion(-)
> >   create mode 100644 include/hw/misc/allwinner-sid.h
> >   create mode 100644 hw/misc/allwinner-sid.c
> >
> > diff --git a/include/hw/arm/allwinner-h3.h
> b/include/hw/arm/allwinner-h3.h
> > index dc729176ab..85416d9d64 100644
> > --- a/include/hw/arm/allwinner-h3.h
> > +++ b/include/hw/arm/allwinner-h3.h
> > @@ -42,6 +42,7 @@
> >   #include "hw/misc/allwinner-h3-ccu.h"
> >   #include "hw/misc/allwinner-cpucfg.h"
> >   #include "hw/misc/allwinner-h3-sysctrl.h"
> > +#include "hw/misc/allwinner-sid.h"
> >   #include "target/arm/cpu.h"
> >
> >   /**
> > @@ -59,6 +60,7 @@ enum {
> >   AW_H3_SRAM_A2,
> >   AW_H3_SRAM_C,
> >   AW_H3_SYSCTRL,
> > +AW_H3_SID,
> >   AW_H3_EHCI0,
> >   AW_H3_OHCI0,
> >   AW_H3_EHCI1,
> > @@ -114,6 +116,7 @@ typedef struct AwH3State {
> >   AwH3ClockCtlState ccu;
> >   AwCpuCfgState cpucfg;
> >   AwH3SysCtrlState sysctrl;
> > +AwSidState sid;
> >   GICState gic;
> >   MemoryRegion sram_a1;
> >   MemoryRegion sram_a2;
> > diff --git a/include/hw/misc/allwinner-sid.h
> b/include/hw/misc/allwinner-sid.h
> > new file mode 100644
> > index 00..4c1fa4762b
> > --- /dev/null
> > +++ b/include/hw/misc/allwinner-sid.h
> > @@ -0,0 +1,60 @@
> > +/*
> > + * Allwinner Security ID emulation
> > + *
> > + * Copyright (C) 2019 Niek Linnenbank 
> > + *
> > + * This program is free software: you can redistribute it and/or modify
> > + * it under the terms of the GNU General Public License as published by
> > + * the Free Software Foundation, either version 2 of the License, or
> > + * (at your option) any later version.
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + * GNU General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU General Public License
> > + * along with this program.  If not, see  >.
> > + */
> > +
> > +#ifndef HW_MISC_ALLWINNER_SID_H
> > +#define HW_MISC_ALLWINNER_SID_H
> > +
> > +#include "qom/object.h"
> > +#include "hw/sysbus.h"
> > +#include "qemu/uuid.h"
> > +
> > +/**
> > + * Object model
> > + * @{
> > + */
> > +
> > +#define TYPE_AW_SID"allwinner-sid"
> > +#define AW_SID(obj) \
> > +OBJECT_CHECK(AwSidState, (obj), TYPE_AW_SID)
> > +
> > +/** @} */
> > +
> > +/**
> > + * Allwinner Security ID object instance state
> > + */
> > +typedef struct AwSidState {
> > +/*< private >*/
> > +SysBusDevice parent_obj;
> > +/*< public >*/
> > +
> > +/** Maps I/O registers in physical memory */
> > +MemoryRegion iomem;
> > +
> > +/** Control register defines how and what to read */
> > +uint32_t control;
> > +
> > +/** RdKey register contains the data retrieved by the device */
> > +uint32_t rdkey;
> > +
> > +/** Stores the emulated device identifier */
> > +QemuUUID identifier;
> > +
> > +} AwSidState;
> > +
> > +#endif /* HW_MISC_ALLWINNER_SID_H */
> > diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
> > index daa2d3c819..919fba6cf6 100644
> > --- a/hw/arm/allwinner-h3.c
> > +++ b/hw/arm/allwinner-h3.c
> > @@ -38,6 +38,7 @@ const hwaddr allwinner_h3_memmap[] = {
> >   [AW_H3_SRAM_A2]= 0x00044000,
> >   [AW_H3_SRAM_C] = 0x0001,
> >   [AW_H3_SYSCTRL]= 0x01c0,
> > +[AW_H3_SID]= 0x01c14000,
> >   [AW_H3_EHCI0]  = 0x01c1a000,
> >   [AW_H3_OHCI0]  = 0x01c1a400,
> >   [AW_H3_EHCI1]  = 0x01c1b000,
> > @@ -78,7 +79,6 @@ struct AwH3Unimplemented {
> >   { "mmc0",  0x01c0f000, 4 * KiB },
> >   { "mmc1",  0x01c1, 4 * KiB },
> >   { "mmc2",  0x01c11000, 4 * KiB },
> > -{ "sid",   0x01c14000, 1 * KiB },
> >   { "crypto",0x01c15000, 4 * KiB },
> >   { "msgbox",0x01c17000, 4 * KiB },
> >   { "spinlock",  0x01c18000, 4 * KiB },
> > @@ -198,6 +198,11 @@ static void allwinner_h3_init(Object *obj)
> >
> >   sysbus_init_child_obj(obj, "cpucfg", >cpucfg, sizeof(s->cpucfg),
> >  

Re: [PATCH v4 06/20] hw/arm/allwinner: add CPU Configuration module

[Niek Linnenbank]

On Sun, Jan 19, 2020 at 7:52 PM Philippe Mathieu-Daudé 
wrote:

> On 1/19/20 1:50 AM, Niek Linnenbank wrote:
> > Various Allwinner System on Chip designs contain multiple processors
> > that can be configured and reset using the generic CPU Configuration
> > module interface. This commit adds support for the Allwinner CPU
> > configuration interface which emulates the following features:
> >
> >   * CPU reset
> >   * CPU status
> >
> > Signed-off-by: Niek Linnenbank 
> > ---
> >   include/hw/arm/allwinner-h3.h  |   3 +
> >   include/hw/misc/allwinner-cpucfg.h |  52 ++
> >   hw/arm/allwinner-h3.c  |   9 +-
> >   hw/misc/allwinner-cpucfg.c | 269 +
> >   hw/misc/Makefile.objs  |   1 +
> >   hw/misc/trace-events   |   5 +
> >   6 files changed, 338 insertions(+), 1 deletion(-)
> >   create mode 100644 include/hw/misc/allwinner-cpucfg.h
> >   create mode 100644 hw/misc/allwinner-cpucfg.c
> >
> > diff --git a/include/hw/arm/allwinner-h3.h
> b/include/hw/arm/allwinner-h3.h
> > index 43500c4262..dc729176ab 100644
> > --- a/include/hw/arm/allwinner-h3.h
> > +++ b/include/hw/arm/allwinner-h3.h
> > @@ -40,6 +40,7 @@
> >   #include "hw/timer/allwinner-a10-pit.h"
> >   #include "hw/intc/arm_gic.h"
> >   #include "hw/misc/allwinner-h3-ccu.h"
> > +#include "hw/misc/allwinner-cpucfg.h"
> >   #include "hw/misc/allwinner-h3-sysctrl.h"
> >   #include "target/arm/cpu.h"
> >
> > @@ -76,6 +77,7 @@ enum {
> >   AW_H3_GIC_CPU,
> >   AW_H3_GIC_HYP,
> >   AW_H3_GIC_VCPU,
> > +AW_H3_CPUCFG,
> >   AW_H3_SDRAM
> >   };
> >
> > @@ -110,6 +112,7 @@ typedef struct AwH3State {
> >   const hwaddr *memmap;
> >   AwA10PITState timer;
> >   AwH3ClockCtlState ccu;
> > +AwCpuCfgState cpucfg;
> >   AwH3SysCtrlState sysctrl;
> >   GICState gic;
> >   MemoryRegion sram_a1;
> > diff --git a/include/hw/misc/allwinner-cpucfg.h
> b/include/hw/misc/allwinner-cpucfg.h
> > new file mode 100644
> > index 00..2c3693a8be
> > --- /dev/null
> > +++ b/include/hw/misc/allwinner-cpucfg.h
> > @@ -0,0 +1,52 @@
> > +/*
> > + * Allwinner CPU Configuration Module emulation
> > + *
> > + * Copyright (C) 2019 Niek Linnenbank 
> > + *
> > + * This program is free software: you can redistribute it and/or modify
> > + * it under the terms of the GNU General Public License as published by
> > + * the Free Software Foundation, either version 2 of the License, or
> > + * (at your option) any later version.
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + * GNU General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU General Public License
> > + * along with this program.  If not, see  >.
> > + */
> > +
> > +#ifndef HW_MISC_ALLWINNER_CPUCFG_H
> > +#define HW_MISC_ALLWINNER_CPUCFG_H
> > +
> > +#include "qom/object.h"
> > +#include "hw/sysbus.h"
> > +
> > +/**
> > + * Object model
> > + * @{
> > + */
> > +
> > +#define TYPE_AW_CPUCFG   "allwinner-cpucfg"
> > +#define AW_CPUCFG(obj) \
> > +OBJECT_CHECK(AwCpuCfgState, (obj), TYPE_AW_CPUCFG)
> > +
> > +/** @} */
> > +
> > +/**
> > + * Allwinner CPU Configuration Module instance state
> > + */
> > +typedef struct AwCpuCfgState {
> > +/*< private >*/
> > +SysBusDevice parent_obj;
> > +/*< public >*/
> > +
> > +MemoryRegion iomem;
> > +uint32_t gen_ctrl;
> > +uint32_t super_standby;
> > +uint32_t entry_addr;
> > +
> > +} AwCpuCfgState;
> > +
> > +#endif /* HW_MISC_ALLWINNER_CPUCFG_H */
> > diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
> > index 600cfa2c11..daa2d3c819 100644
> > --- a/hw/arm/allwinner-h3.c
> > +++ b/hw/arm/allwinner-h3.c
> > @@ -56,6 +56,7 @@ const hwaddr allwinner_h3_memmap[] = {
> >   [AW_H3_GIC_CPU]= 0x01c82000,
> >   [AW_H3_GIC_HYP]= 0x01c84000,
> >   [AW_H3_GIC_VCPU]   = 0x01c86000,
> > +[AW_H3_CPUCFG] = 0x01f01c00,
> >   [AW_H3_SDRAM]  = 0x4000
> >   };
> >
> > @@ -122,7 +123,6 @@ struct AwH3Unimplemented {
> >   { "r_wdog",0x01f01000, 1 * KiB },
> >   { "r_prcm",0x01f01400, 1 * KiB },
> >   { "r_twd", 0x01f01800, 1 * KiB },
> > -{ "r_cpucfg",  0x01f01c00, 1 * KiB },
> >   { "r_cir-rx",  0x01f02000, 1 * KiB },
> >   { "r_twi", 0x01f02400, 1 * KiB },
> >   { "r_uart",0x01f02800, 1 * KiB },
> > @@ -195,6 +195,9 @@ static void allwinner_h3_init(Object *obj)
> >
> >   sysbus_init_child_obj(obj, "sysctrl", >sysctrl,
> sizeof(s->sysctrl),
> > TYPE_AW_H3_SYSCTRL);
> > +
> > +sysbus_init_child_obj(obj, "cpucfg", >cpucfg, sizeof(s->cpucfg),
> > +  TYPE_AW_CPUCFG);
> >   }
> >
> >   static void allwinner_h3_realize(DeviceState *dev, Error **errp)
> > 

[Bug 1805913] Re: readdir() returns NULL (errno=EOVERFLOW) for 32-bit user-static qemu on 64-bit host

[Philippe Vaucher]

Ah, great thanks. It looks like there are patches that fix qemu,
although the setup looks a bit complex. I'll report if I get something
going.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1805913

Title:
  readdir() returns NULL (errno=EOVERFLOW) for 32-bit user-static qemu
  on 64-bit host

Status in QEMU:
  New

Bug description:
  This can be simply reproduced by compiling and running the attached C
  code (readdir-bug.c) under 32-bit user-static qemu, such as qemu-arm-
  static:

  # Setup docker for user-static binfmt
  docker run --rm --privileged multiarch/qemu-user-static:register --reset
  # Compile the code and run (readdir for / is fine, so create a new directory 
/test).
  docker run -v /path/to/qemu-arm-static:/usr/bin/qemu-arm-static -v 
/path/to/readdir-bug.c:/tmp/readdir-bug.c -it --rm arm32v7/ubuntu:18.10 bash -c 
'{ apt update && apt install -y gcc; } >&/dev/null && mkdir -p /test && cd 
/test && gcc /tmp/readdir-bug.c && ./a.out'
  dir=0xff5b4150
  readdir(dir)=(nil)
  errno=75: Value too large for defined data type

  Do remember to replace the /path/to/qemu-arm-static and /path/to
  /readdir-bug.c to the actual paths of the files.

  The root cause is in glibc:
  
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/getdents.c;h=6d09a5be7057e2792be9150d3a2c7b293cf6fc34;hb=a5275ba5378c9256d18e582572b4315e8edfcbfb#l87

  By C standard, the return type of readdir() is DIR*, in which the
  inode number and offset are 32-bit integers, therefore, glibc calls
  getdents64() and check if the inode number and offset fits the 32-bit
  range, and reports EOVERFLOW if not.

  The problem here is for 32-bit user-static qemu running on 64-bit
  host, getdents64 simply passing through the inode number and offset
  from underlying getdents64 syscall (from 64-bit kernel), which is very
  likely to not fit into 32-bit range. On real hardware, the 32-bit
  kernel creates 32-bit inode numbers, therefore works properly.

  The glibc code makes sense to do the check to be conformant with C
  standard, therefore ideally it should be a fix on qemu side. I admit
  this is difficult because qemu has to maintain a mapping between
  underlying 64-bit inode numbers and 32-bit inode numbers, which would
  severely hurt the performance. I don't expect this could be fix
  anytime soon (or even there would be a fix), but it would be
  worthwhile to surface this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1805913/+subscriptions

Re: [PATCH v2] Implement the Screamer sound chip for the mac99 machine type

[Zoltán Kővágó]

On 2020-01-28 09:30, Volker Rümelin wrote:

Hi,

Unfortunately it's not that simple to simply revert the patch since the old 
backend api no longer exists.  Also I don't have a Mac so it's almost 
impossible for me to test the results.  I looked at the specified commit and I 
think I found a problem, could you please apply the attached patch on the 
current git master and check whether it solves the problem?  If yes I'll turn 
it into a proper patch.

Regards,
Zoltan



Hi Zoltán,

I also don't have a Mac so I tested your patch with a slightly modified 
sdlaudio version. I found two bugs in your patch. With the bugs fixed I have 
working SDL2 audio playback with float type samples. Now I wonder if the fixed 
patch also fixes coreaudio playback. Depending on how busy you are I can just 
write a review for your patch and let you handle the rest, or may I send a 
modified version of your patch to the mailing list for testing?

With best regards
Volker

Hi,

Maybe I'm a bit late since you already did it, but go ahead, I don't 
have too much time to work on qemu recently.


Regards,
Zoltan

Re: [PATCH] coreaudio: fix coreaudio playback

[Zoltán Kővágó]

On 2020-02-02 15:06, Volker Rümelin wrote:

There are reports that since commit 2ceb8240fa "coreaudio: port
to the new audio backend api" audio playback with CoreAudio is
broken. This patch reverts some parts the commit.

Because of changes in the audio subsystem the audio clip
function in v4.1.0 of coreaudio.c had to be moved to mixeng.c
and the generic buffer management code needed a hint about the
size of the float type.

This patch is based on a patch from Zoltán Kővágó found at
https://lists.nongnu.org/archive/html/qemu-devel/2020-01/msg02142.html.

Fixes: 2ceb8240fa "coreaudio: port to the new audio backend api"

Signed-off-by: Volker Rümelin 
---
  audio/audio_template.h |  7 +++
  audio/coreaudio.c  | 32 +---
  audio/mixeng.c | 48 
  audio/mixeng.h |  5 +
  4 files changed, 69 insertions(+), 23 deletions(-)


Hi,

I started reviewing this patch, but then I realized that I don't really 
like that "if (s->dev->driver == AUDIODEV_DRIVER_COREAUDIO)" hack, so I 
went ahead and added (hopefully proper) float samples support to mixeng. 
 I've submitted that patch to the mailing list.  Unless it causes 
problems I think it would be the best to merge it into this patch.


Regards,
Zoltan



diff --git a/audio/audio_template.h b/audio/audio_template.h
index 3287d7075e..0336d2670c 100644
--- a/audio/audio_template.h
+++ b/audio/audio_template.h
@@ -276,6 +276,13 @@ static HW *glue(audio_pcm_hw_add_new_, TYPE)(AudioState *s,
  goto err1;
  }
  
+if (s->dev->driver == AUDIODEV_DRIVER_COREAUDIO) {

+#ifdef DAC
+hw->clip = clip_natural_float_from_stereo;
+#else
+hw->conv = conv_natural_float_to_stereo;
+#endif
+} else
  #ifdef DAC
  hw->clip = mixeng_clip
  #else
diff --git a/audio/coreaudio.c b/audio/coreaudio.c
index 66f0f459cf..0049db97fa 100644
--- a/audio/coreaudio.c
+++ b/audio/coreaudio.c
@@ -471,20 +471,6 @@ static OSStatus audioDeviceIOProc(
  return 0;
  }
  
-static UInt32 coreaudio_get_flags(struct audio_pcm_info *info,

-  struct audsettings *as)
-{
-UInt32 flags = info->sign ? kAudioFormatFlagIsSignedInteger : 0;
-if (as->endianness) { /* 0 = little, 1 = big */
-flags |= kAudioFormatFlagIsBigEndian;
-}
-
-if (flags == 0) { /* must not be 0 */
-flags = kAudioFormatFlagsAreAllClear;
-}
-return flags;
-}
-
  static int coreaudio_init_out(HWVoiceOut *hw, struct audsettings *as,
void *drv_opaque)
  {
@@ -496,6 +482,7 @@ static int coreaudio_init_out(HWVoiceOut *hw, struct 
audsettings *as,
  Audiodev *dev = drv_opaque;
  AudiodevCoreaudioPerDirectionOptions *cpdo = dev->u.coreaudio.out;
  int frames;
+struct audsettings fake_as;
  
  /* create mutex */

  err = pthread_mutex_init(>mutex, NULL);
@@ -504,6 +491,14 @@ static int coreaudio_init_out(HWVoiceOut *hw, struct 
audsettings *as,
  return -1;
  }
  
+/*

+ * The canonical audio format for CoreAudio on macOS is float. Currently
+ * there is no generic code for AUDIO_FORMAT_F32 in qemu. Here we select
+ * AUDIO_FORMAT_S32 instead because only the sample size has to match.
+ */
+fake_as = *as;
+as = _as;
+as->fmt = AUDIO_FORMAT_S32;
  audio_pcm_init_info (>info, as);
  
  status = coreaudio_get_voice(>outputDeviceID);

@@ -572,15 +567,6 @@ static int coreaudio_init_out(HWVoiceOut *hw, struct 
audsettings *as,
  
  /* set Samplerate */

  core->outputStreamBasicDescription.mSampleRate = (Float64) as->freq;
-core->outputStreamBasicDescription.mFormatID = kAudioFormatLinearPCM;
-core->outputStreamBasicDescription.mFormatFlags =
-coreaudio_get_flags(>info, as);
-core->outputStreamBasicDescription.mBytesPerPacket =
-core->outputStreamBasicDescription.mBytesPerFrame =
-hw->info.nchannels * hw->info.bits / 8;
-core->outputStreamBasicDescription.mFramesPerPacket = 1;
-core->outputStreamBasicDescription.mChannelsPerFrame = hw->info.nchannels;
-core->outputStreamBasicDescription.mBitsPerChannel = hw->info.bits;
  
  status = coreaudio_set_streamformat(core->outputDeviceID,

  >outputStreamBasicDescription);
diff --git a/audio/mixeng.c b/audio/mixeng.c
index 2f5ba71381..16b646d48c 100644
--- a/audio/mixeng.c
+++ b/audio/mixeng.c
@@ -267,6 +267,54 @@ f_sample *mixeng_clip[2][2][2][3] = {
  }
  };
  
+void conv_natural_float_to_stereo(struct st_sample *dst, const void *src,

+  int samples)
+{
+float *in = (float *)src;
+#ifndef FLOAT_MIXENG
+const float scale = UINT_MAX;
+#endif
+
+while (samples--) {
+#ifdef FLOAT_MIXENG
+dst->l = *in++;
+dst->r = *in++;
+#else
+dst->l = *in++ * scale;
+dst->r = *in++ * scale;
+#endif
+dst++;
+}
+}
+
+void 

[RFC PATCH] audio: proper support for float samples in mixeng

[Kővágó, Zoltán]

This adds proper support for float samples in mixeng by adding a new
audio format for it.

Limitations: only native endianness is supported.

Signed-off-by: Kővágó, Zoltán 
---

This patch is meant to be applied on top of "[PATCH] coreaudio: fix coreaudio
playback" by Volker Rümelin, available at:
https://lists.nongnu.org/archive/html/qemu-devel/2020-02/msg00114.html

For more information, please refer to that thread.

---
 qapi/audio.json|  2 +-
 audio/audio_int.h  |  3 +-
 audio/audio_template.h | 41 
 audio/mixeng.h |  8 ++--
 audio/alsaaudio.c  | 17 
 audio/audio.c  | 56 ++-
 audio/coreaudio.c  |  7 +---
 audio/mixeng.c | 88 ++
 audio/paaudio.c|  9 +
 audio/sdlaudio.c   | 28 ++
 10 files changed, 180 insertions(+), 79 deletions(-)

diff --git a/qapi/audio.json b/qapi/audio.json
index 83312b2339..d8c507cced 100644
--- a/qapi/audio.json
+++ b/qapi/audio.json
@@ -276,7 +276,7 @@
 # Since: 4.0
 ##
 { 'enum': 'AudioFormat',
-  'data': [ 'u8', 's8', 'u16', 's16', 'u32', 's32' ] }
+  'data': [ 'u8', 's8', 'u16', 's16', 'u32', 's32', 'f32' ] }
 
 ##
 # @AudiodevDriver:
diff --git a/audio/audio_int.h b/audio/audio_int.h
index 5ba2078346..cd92e48163 100644
--- a/audio/audio_int.h
+++ b/audio/audio_int.h
@@ -40,7 +40,8 @@ struct audio_callback {
 
 struct audio_pcm_info {
 int bits;
-int sign;
+bool is_signed;
+bool is_float;
 int freq;
 int nchannels;
 int bytes_per_frame;
diff --git a/audio/audio_template.h b/audio/audio_template.h
index 0336d2670c..7013d3041f 100644
--- a/audio/audio_template.h
+++ b/audio/audio_template.h
@@ -153,15 +153,23 @@ static int glue (audio_pcm_sw_init_, TYPE) (
 sw->ratio = ((int64_t) sw->info.freq << 32) / sw->hw->info.freq;
 #endif
 
+if (sw->info.is_float) {
 #ifdef DAC
-sw->conv = mixeng_conv
+sw->conv = mixeng_conv_float[sw->info.nchannels == 2];
 #else
-sw->clip = mixeng_clip
+sw->clip = mixeng_clip_float[sw->info.nchannels == 2];
 #endif
-[sw->info.nchannels == 2]
-[sw->info.sign]
-[sw->info.swap_endianness]
-[audio_bits_to_index (sw->info.bits)];
+} else {
+#ifdef DAC
+sw->conv = mixeng_conv
+#else
+sw->clip = mixeng_clip
+#endif
+[sw->info.nchannels == 2]
+[sw->info.is_signed]
+[sw->info.swap_endianness]
+[audio_bits_to_index(sw->info.bits)];
+}
 
 sw->name = g_strdup (name);
 err = glue (audio_pcm_sw_alloc_resources_, TYPE) (sw);
@@ -276,22 +284,23 @@ static HW *glue(audio_pcm_hw_add_new_, TYPE)(AudioState 
*s,
 goto err1;
 }
 
-if (s->dev->driver == AUDIODEV_DRIVER_COREAUDIO) {
+if (hw->info.is_float) {
 #ifdef DAC
-hw->clip = clip_natural_float_from_stereo;
+hw->clip = mixeng_clip_float[hw->info.nchannels == 2];
 #else
-hw->conv = conv_natural_float_to_stereo;
+hw->conv = mixeng_conv_float[hw->info.nchannels == 2];
 #endif
-} else
+} else {
 #ifdef DAC
-hw->clip = mixeng_clip
+hw->clip = mixeng_clip
 #else
-hw->conv = mixeng_conv
+hw->conv = mixeng_conv
 #endif
-[hw->info.nchannels == 2]
-[hw->info.sign]
-[hw->info.swap_endianness]
-[audio_bits_to_index (hw->info.bits)];
+[hw->info.nchannels == 2]
+[hw->info.is_signed]
+[hw->info.swap_endianness]
+[audio_bits_to_index(hw->info.bits)];
+}
 
 glue(audio_pcm_hw_alloc_resources_, TYPE)(hw);
 
diff --git a/audio/mixeng.h b/audio/mixeng.h
index 7ef61763e8..2dcd6df245 100644
--- a/audio/mixeng.h
+++ b/audio/mixeng.h
@@ -38,13 +38,13 @@ typedef struct st_sample st_sample;
 typedef void (t_sample) (struct st_sample *dst, const void *src, int samples);
 typedef void (f_sample) (void *dst, const struct st_sample *src, int samples);
 
+/* indices: [stereo][signed][swap endiannes][8, 16 or 32-bits] */
 extern t_sample *mixeng_conv[2][2][2][3];
 extern f_sample *mixeng_clip[2][2][2][3];
 
-void conv_natural_float_to_stereo(struct st_sample *dst, const void *src,
-  int samples);
-void clip_natural_float_from_stereo(void *dst, const struct st_sample *src,
-int samples);
+/* indices: [stereo] */
+extern t_sample *mixeng_conv_float[2];
+extern f_sample *mixeng_clip_float[2];
 
 void *st_rate_start (int inrate, int outrate);
 void st_rate_flow(void *opaque, st_sample *ibuf, st_sample *obuf,
diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
index f37ce1ce85..768b896a93 100644
--- a/audio/alsaaudio.c
+++ b/audio/alsaaudio.c
@@ -307,6 +307,13 @@ static snd_pcm_format_t aud_to_alsafmt (AudioFormat fmt, 
int endianness)
 return SND_PCM_FORMAT_U32_LE;
 }
 
+case AUDIO_FORMAT_F32:
+if (endianness) {
+return SND_PCM_FORMAT_FLOAT_BE;
+   

Re: [PATCH v4 04/20] hw/arm/allwinner-h3: add USB host controller

[Niek Linnenbank]

On Sun, Jan 19, 2020 at 7:44 PM Philippe Mathieu-Daudé 
wrote:

> On 1/19/20 7:37 PM, Philippe Mathieu-Daudé wrote:
> > On 1/19/20 1:50 AM, Niek Linnenbank wrote:
> >> The Allwinner H3 System on Chip contains multiple USB 2.0 bus
> >> connections which provide software access using the Enhanced
> >> Host Controller Interface (EHCI) and Open Host Controller
> >> Interface (OHCI) interfaces. This commit adds support for
> >> both interfaces in the Allwinner H3 System on Chip.
> >>
> >> Signed-off-by: Niek Linnenbank 
> >> Reviewed-by: Gerd Hoffmann 
> >> ---
> >>   hw/usb/hcd-ehci.h |  1 +
> >>   include/hw/arm/allwinner-h3.h |  8 ++
> >>   hw/arm/allwinner-h3.c | 52 ---
> >>   hw/usb/hcd-ehci-sysbus.c  | 17 
> >>   4 files changed, 74 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/hw/usb/hcd-ehci.h b/hw/usb/hcd-ehci.h
> >> index 0298238f0b..edb59311c4 100644
> >> --- a/hw/usb/hcd-ehci.h
> >> +++ b/hw/usb/hcd-ehci.h
> >> @@ -342,6 +342,7 @@ typedef struct EHCIPCIState {
> >>   #define TYPE_SYS_BUS_EHCI "sysbus-ehci-usb"
> >>   #define TYPE_PLATFORM_EHCI "platform-ehci-usb"
> >>   #define TYPE_EXYNOS4210_EHCI "exynos4210-ehci-usb"
> >> +#define TYPE_AW_H3_EHCI "aw-h3-ehci-usb"
> >>   #define TYPE_TEGRA2_EHCI "tegra2-ehci-usb"
> >>   #define TYPE_PPC4xx_EHCI "ppc4xx-ehci-usb"
> >>   #define TYPE_FUSBH200_EHCI "fusbh200-ehci-usb"
> >> diff --git a/include/hw/arm/allwinner-h3.h
> >> b/include/hw/arm/allwinner-h3.h
> >> index abdc20871a..4f4dcbcd17 100644
> >> --- a/include/hw/arm/allwinner-h3.h
> >> +++ b/include/hw/arm/allwinner-h3.h
> >> @@ -56,6 +56,14 @@ enum {
> >>   AW_H3_SRAM_A1,
> >>   AW_H3_SRAM_A2,
> >>   AW_H3_SRAM_C,
> >> +AW_H3_EHCI0,
> >> +AW_H3_OHCI0,
> >> +AW_H3_EHCI1,
> >> +AW_H3_OHCI1,
> >> +AW_H3_EHCI2,
> >> +AW_H3_OHCI2,
> >> +AW_H3_EHCI3,
> >> +AW_H3_OHCI3,
> >>   AW_H3_CCU,
> >>   AW_H3_PIT,
> >>   AW_H3_UART0,
> >> diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
> >> index 8df8e3e05e..f360625ee9 100644
> >> --- a/hw/arm/allwinner-h3.c
> >> +++ b/hw/arm/allwinner-h3.c
> >> @@ -28,6 +28,7 @@
> >>   #include "hw/sysbus.h"
> >>   #include "hw/char/serial.h"
> >>   #include "hw/misc/unimp.h"
> >> +#include "hw/usb/hcd-ehci.h"
> >>   #include "sysemu/sysemu.h"
> >>   #include "hw/arm/allwinner-h3.h"
> >> @@ -36,6 +37,14 @@ const hwaddr allwinner_h3_memmap[] = {
> >>   [AW_H3_SRAM_A1]= 0x,
> >>   [AW_H3_SRAM_A2]= 0x00044000,
> >>   [AW_H3_SRAM_C] = 0x0001,
> >> +[AW_H3_EHCI0]  = 0x01c1a000,
> >> +[AW_H3_OHCI0]  = 0x01c1a400,
> >> +[AW_H3_EHCI1]  = 0x01c1b000,
> >> +[AW_H3_OHCI1]  = 0x01c1b400,
> >> +[AW_H3_EHCI2]  = 0x01c1c000,
> >> +[AW_H3_OHCI2]  = 0x01c1c400,
> >> +[AW_H3_EHCI3]  = 0x01c1d000,
> >> +[AW_H3_OHCI3]  = 0x01c1d400,
> >>   [AW_H3_CCU]= 0x01c2,
> >>   [AW_H3_PIT]= 0x01c20c00,
> >>   [AW_H3_UART0]  = 0x01c28000,
> >> @@ -73,10 +82,10 @@ struct AwH3Unimplemented {
> >>   { "msgbox",0x01c17000, 4 * KiB },
> >>   { "spinlock",  0x01c18000, 4 * KiB },
> >>   { "usb0-otg",  0x01c19000, 4 * KiB },
> >> -{ "usb0",  0x01c1a000, 4 * KiB },
> >> -{ "usb1",  0x01c1b000, 4 * KiB },
> >> -{ "usb2",  0x01c1c000, 4 * KiB },
> >> -{ "usb3",  0x01c1d000, 4 * KiB },
> >> +{ "usb0-phy",  0x01c1a000, 4 * KiB },
> >> +{ "usb1-phy",  0x01c1b000, 4 * KiB },
> >> +{ "usb2-phy",  0x01c1c000, 4 * KiB },
> >> +{ "usb3-phy",  0x01c1d000, 4 * KiB },
> >
> > As in v3 comment, this can be done in patch #1.
> >
> > Reviewed-by: Philippe Mathieu-Daudé 
> > Tested-by: Philippe Mathieu-Daudé 
>
> Err, this patch is incomplete, when using ./configure
> --without-default-devices:
>
> $ qemu-system-arm -M orangepi-pc
> qemu-system-arm: invalid accelerator kvm
> qemu-system-arm: falling back to tcg
> qemu-system-arm: Unknown device 'aw-h3-ehci-usb' for default sysbus
> qemu-system-arm: Unknown device 'sysbus-ohci' for default sysbus
> Aborted (core dumped)
>

Thanks for pointing this out, I was not aware at all that the
--without-default-devices option existed.
It's not in the configure --help message also.

I tried to re-produce the error by running:
$ ./configure --target-list=arm-softmmu --without-default-devices; make -j5
$ ./arm-softmmu/qemu-system-arm -M orangepi-pc

On my laptop it didn't give the error, I think because somehow the build
system did select
the USB config items (even tho they were missing for the ALLWINNER_H3 item
in hw/arm/Kconfig):

$ grep USB arm-softmmu/config-devices.mak
CONFIG_TUSB6010=y
CONFIG_USB=y
CONFIG_USB_EHCI=y
CONFIG_USB_EHCI_SYSBUS=y
CONFIG_USB_MUSB=y
CONFIG_USB_OHCI=y

Is there any other option you used in addition to --without-default-devices
to trigger the error?
I also searched for something in configure to select/filter on machines to
build, 

Re: [PATCH v4 04/20] hw/arm/allwinner-h3: add USB host controller

[Niek Linnenbank]

On Sun, Jan 19, 2020 at 7:37 PM Philippe Mathieu-Daudé 
wrote:

> On 1/19/20 1:50 AM, Niek Linnenbank wrote:
> > The Allwinner H3 System on Chip contains multiple USB 2.0 bus
> > connections which provide software access using the Enhanced
> > Host Controller Interface (EHCI) and Open Host Controller
> > Interface (OHCI) interfaces. This commit adds support for
> > both interfaces in the Allwinner H3 System on Chip.
> >
> > Signed-off-by: Niek Linnenbank 
> > Reviewed-by: Gerd Hoffmann 
> > ---
> >   hw/usb/hcd-ehci.h |  1 +
> >   include/hw/arm/allwinner-h3.h |  8 ++
> >   hw/arm/allwinner-h3.c | 52 ---
> >   hw/usb/hcd-ehci-sysbus.c  | 17 
> >   4 files changed, 74 insertions(+), 4 deletions(-)
> >
> > diff --git a/hw/usb/hcd-ehci.h b/hw/usb/hcd-ehci.h
> > index 0298238f0b..edb59311c4 100644
> > --- a/hw/usb/hcd-ehci.h
> > +++ b/hw/usb/hcd-ehci.h
> > @@ -342,6 +342,7 @@ typedef struct EHCIPCIState {
> >   #define TYPE_SYS_BUS_EHCI "sysbus-ehci-usb"
> >   #define TYPE_PLATFORM_EHCI "platform-ehci-usb"
> >   #define TYPE_EXYNOS4210_EHCI "exynos4210-ehci-usb"
> > +#define TYPE_AW_H3_EHCI "aw-h3-ehci-usb"
> >   #define TYPE_TEGRA2_EHCI "tegra2-ehci-usb"
> >   #define TYPE_PPC4xx_EHCI "ppc4xx-ehci-usb"
> >   #define TYPE_FUSBH200_EHCI "fusbh200-ehci-usb"
> > diff --git a/include/hw/arm/allwinner-h3.h
> b/include/hw/arm/allwinner-h3.h
> > index abdc20871a..4f4dcbcd17 100644
> > --- a/include/hw/arm/allwinner-h3.h
> > +++ b/include/hw/arm/allwinner-h3.h
> > @@ -56,6 +56,14 @@ enum {
> >   AW_H3_SRAM_A1,
> >   AW_H3_SRAM_A2,
> >   AW_H3_SRAM_C,
> > +AW_H3_EHCI0,
> > +AW_H3_OHCI0,
> > +AW_H3_EHCI1,
> > +AW_H3_OHCI1,
> > +AW_H3_EHCI2,
> > +AW_H3_OHCI2,
> > +AW_H3_EHCI3,
> > +AW_H3_OHCI3,
> >   AW_H3_CCU,
> >   AW_H3_PIT,
> >   AW_H3_UART0,
> > diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
> > index 8df8e3e05e..f360625ee9 100644
> > --- a/hw/arm/allwinner-h3.c
> > +++ b/hw/arm/allwinner-h3.c
> > @@ -28,6 +28,7 @@
> >   #include "hw/sysbus.h"
> >   #include "hw/char/serial.h"
> >   #include "hw/misc/unimp.h"
> > +#include "hw/usb/hcd-ehci.h"
> >   #include "sysemu/sysemu.h"
> >   #include "hw/arm/allwinner-h3.h"
> >
> > @@ -36,6 +37,14 @@ const hwaddr allwinner_h3_memmap[] = {
> >   [AW_H3_SRAM_A1]= 0x,
> >   [AW_H3_SRAM_A2]= 0x00044000,
> >   [AW_H3_SRAM_C] = 0x0001,
> > +[AW_H3_EHCI0]  = 0x01c1a000,
> > +[AW_H3_OHCI0]  = 0x01c1a400,
> > +[AW_H3_EHCI1]  = 0x01c1b000,
> > +[AW_H3_OHCI1]  = 0x01c1b400,
> > +[AW_H3_EHCI2]  = 0x01c1c000,
> > +[AW_H3_OHCI2]  = 0x01c1c400,
> > +[AW_H3_EHCI3]  = 0x01c1d000,
> > +[AW_H3_OHCI3]  = 0x01c1d400,
> >   [AW_H3_CCU]= 0x01c2,
> >   [AW_H3_PIT]= 0x01c20c00,
> >   [AW_H3_UART0]  = 0x01c28000,
> > @@ -73,10 +82,10 @@ struct AwH3Unimplemented {
> >   { "msgbox",0x01c17000, 4 * KiB },
> >   { "spinlock",  0x01c18000, 4 * KiB },
> >   { "usb0-otg",  0x01c19000, 4 * KiB },
> > -{ "usb0",  0x01c1a000, 4 * KiB },
> > -{ "usb1",  0x01c1b000, 4 * KiB },
> > -{ "usb2",  0x01c1c000, 4 * KiB },
> > -{ "usb3",  0x01c1d000, 4 * KiB },
> > +{ "usb0-phy",  0x01c1a000, 4 * KiB },
> > +{ "usb1-phy",  0x01c1b000, 4 * KiB },
> > +{ "usb2-phy",  0x01c1c000, 4 * KiB },
> > +{ "usb3-phy",  0x01c1d000, 4 * KiB },
>
> As in v3 comment, this can be done in patch #1.
>

OK, I'll rename them in patch 1, so it won't show up here.


>
> Reviewed-by: Philippe Mathieu-Daudé 
> Tested-by: Philippe Mathieu-Daudé 
>

Thanks for reviewing and testing Philippe!
Regards,
Niek


>
> >   { "smc",   0x01c1e000, 4 * KiB },
> >   { "pio",   0x01c20800, 1 * KiB },
> >   { "owa",   0x01c21000, 1 * KiB },
> > @@ -144,6 +153,14 @@ enum {
> >   AW_H3_GIC_SPI_UART3 =  3,
> >   AW_H3_GIC_SPI_TIMER0= 18,
> >   AW_H3_GIC_SPI_TIMER1= 19,
> > +AW_H3_GIC_SPI_EHCI0 = 72,
> > +AW_H3_GIC_SPI_OHCI0 = 73,
> > +AW_H3_GIC_SPI_EHCI1 = 74,
> > +AW_H3_GIC_SPI_OHCI1 = 75,
> > +AW_H3_GIC_SPI_EHCI2 = 76,
> > +AW_H3_GIC_SPI_OHCI2 = 77,
> > +AW_H3_GIC_SPI_EHCI3 = 78,
> > +AW_H3_GIC_SPI_OHCI3 = 79,
> >   };
> >
> >   /* Allwinner H3 general constants */
> > @@ -284,6 +301,33 @@ static void allwinner_h3_realize(DeviceState *dev,
> Error **errp)
> >   qdev_init_nofail(DEVICE(>ccu));
> >   sysbus_mmio_map(SYS_BUS_DEVICE(>ccu), 0, s->memmap[AW_H3_CCU]);
> >
> > +/* Universal Serial Bus */
> > +sysbus_create_simple(TYPE_AW_H3_EHCI, s->memmap[AW_H3_EHCI0],
> > + qdev_get_gpio_in(DEVICE(>gic),
> > +  AW_H3_GIC_SPI_EHCI0));
> > +sysbus_create_simple(TYPE_AW_H3_EHCI, s->memmap[AW_H3_EHCI1],
> > + 

Re: [PATCH 0/1] coreaudio: fix coreaudio playback

[Howard Spoelstra]

On Sun, Feb 2, 2020 at 3:03 PM Volker Rümelin  wrote:

> Hi,
>
> here is a new patch for the CoreAudio playback problem. This patch
> is Zoltán's patch from
> https://lists.nongnu.org/archive/html/qemu-devel/2020-01/msg02142.html
> and a improved version of my patch squashed together.
>
> I actually tested the changes in audio/audio_template.h,
> audio/mixeng.c and audio/mixeng.h with all useful permutations of
> FLOAT_MIXENG and RECIPROCAL defined/undefined.
>
> @Howard and John
> Can you please test this patch? Compared to the patches you tested
> this patch is quite different.
>
> @John
> 'git am exported_mail.eml' knows how to handle
> Content-Transfer-Encoding: in a mail file. It's not necessary to
> apply this patch by hand.
>
> Volker Rümelin (1):
>   coreaudio: fix coreaudio playback
>
>  audio/audio_template.h |  7 +++
>  audio/coreaudio.c  | 32 +---
>  audio/mixeng.c | 48
> 
>  audio/mixeng.h |  5 +
>  4 files changed, 69 insertions(+), 23 deletions(-)
>
> --
> 2.16.4
>
> Hi,

This patch restores coreaudio for me.
I applied the patch on top of https://github.com/mcayland/qemu/tree/screamer
to test audio support in qemu-system-ppc running Mac OS 9.2 and OSX 10.5.
Host is OSX Sierra.

Thanks,
Howard

Re: VW ELF loader

[Paolo Bonzini]

Il dom 2 feb 2020, 12:51 Alexey Kardashevskiy  ha scritto:

> > QEMU must not load GRUB from disk, that's the firmware's task.  If you
> > want to kill SLOF, you can rewrite it, but loading the kernel GRUB from
> > disk within QEMU is a bad idea: the next feature you'll be requested to
> > implement will be network boot, and there's no way to do that in QEMU.
>
> What is exactly the problem with netboot? I can hook up the OF's "net" to
> a backend (as I do for serial console and
> blockdev, in boot order)


Who provides the OpenFirmware entry point when you remove SLOF and boot
directly into grub?

Or alternatively it is possible with my patchset to load petitboot (kernel
> + intramdisk, the default way of booting
> POWER8/9 baremetal systems) and that thing can do whole lot of things, we
> can consider it as a replacement for ROMs from
> devices (or I misunderstood what kind of netboot you meant).
>

Why wouldn't that have the same issue as SLOF that you describe below (I
honestly don't understand anything of it, but that's not your fault :-)).

Paolo


> > You should be able to reuse quite a lot of code from both
> > pc-bios/s390-ccw (for virtio drivers) and kvm-unit-tests (for device
> > tree parsing).  You'd have to write the glue code for PCI hypercalls,
> > and adapt virtio.c for virtio-pci instead of virtio-ccw.
>
> The reason for killing SLOF is to keep one device tree for the entire boot
> process including
> ibm,client-architecture-support with possible (and annoying) configuration
> reboots. Having another firware won't help
> with that.
>
> Also the OF1275 client interface is the way for the client to get
> net/block device without need to have drivers, I'd
> like to do just this and skip the middle man (QEMU device and guest driver
> in firmware/bootloader).
>
> I'll post another RFC tomorrow to give a better idea.
>
>
> --
> Alexey
>
>

Re: [PATCH] tests: Silent various warnings with pseries

[BALATON Zoltan]

On Sun, 2 Feb 2020, BALATON Zoltan wrote:

On Sat, 1 Feb 2020, Greg Kurz wrote:

Some default features of the pseries machine are only available with
KVM. Warnings are printed when the pseries machine is used with another
accelerator:

qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-ccf-assist=on
qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
Interrupts(FWNMI) not supported in TCG
qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-ccf-assist=on
qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
Interrupts(FWNMI) not supported in TCG
qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-ccf-assist=on
qemu-system-ppc64: warning: Firmware Assisted Non-Maskable
Interrupts(FWNMI) not supported in TCG

This is annoying for CI since it usually runs without KVM. We already
disable features that emit similar warnings thanks to properties of the
pseries machine, but this is open-coded in various places. Consolidate
the set of properties in a single place. Extend it to silent the above


Actually at least 3 places:
- In commit title,
- the line in commit message above,
- and in comment below
where typo exists.

Regards,
BALATON Zoltan


warnings. And use it in the various tests that start pseries machines.

Signed-off-by: Greg Kurz 
---

This patch fixes the warnings observed with David's latest pull request.

tests/qtest/boot-serial-test.c|3 ++-
tests/qtest/libqos/libqos-spapr.h |8 
tests/qtest/prom-env-test.c   |3 ++-
tests/qtest/pxe-test.c|7 ---
4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/tests/qtest/boot-serial-test.c 
b/tests/qtest/boot-serial-test.c

index 8e8c5b0a0f0c..85a361428697 100644
--- a/tests/qtest/boot-serial-test.c
+++ b/tests/qtest/boot-serial-test.c
@@ -15,6 +15,7 @@

#include "qemu/osdep.h"
#include "libqtest.h"
+#include "libqos/libqos-spapr.h"

static const uint8_t kernel_mcf5208[] = {
0x41, 0xf9, 0xfc, 0x06, 0x00, 0x00, /* lea 0xfc06,%a0 */
@@ -112,7 +113,7 @@ static testdef_t tests[] = {
{ "ppc64", "40p", "-m 192", "Memory: 192M" },
{ "ppc64", "mac99", "", "PowerPC,970FX" },
{ "ppc64", "pseries",
-  "-machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken",
+  "-machine " PSERIES_DEFAULT_CAPABILITIES,
  "Open Firmware" },
{ "ppc64", "powernv8", "", "OPAL" },
{ "ppc64", "powernv9", "", "OPAL" },
diff --git a/tests/qtest/libqos/libqos-spapr.h 
b/tests/qtest/libqos/libqos-spapr.h

index dcb5c43ad37d..e4460d08ae6e 100644
--- a/tests/qtest/libqos/libqos-spapr.h
+++ b/tests/qtest/libqos/libqos-spapr.h
@@ -7,4 +7,12 @@ QOSState *qtest_spapr_vboot(const char *cmdline_fmt, 
va_list ap);

QOSState *qtest_spapr_boot(const char *cmdline_fmt, ...);
void qtest_spapr_shutdown(QOSState *qs);

+/* List of capabilities needed to silent warnings with TCG */


Typo: I think it should be "to silence warnings" both here and in commit 
message.


Regards,
BALATON Zoltan