RE: [RFC v2 1/1] arm: acpi: pci-expender-bus: Make arm to support PXB-PCIE

[miaoyubo]

> -Original Message-
> From: Michael S. Tsirkin [mailto:m...@redhat.com]
> Sent: Monday, February 17, 2020 9:09 PM
> To: miaoyubo 
> Cc: peter.mayd...@linaro.org; shannon.zha...@gmail.com; Xiexiangyou
> ; imamm...@redhat.com; qemu-
> de...@nongnu.org
> Subject: Re: [RFC v2 1/1] arm: acpi: pci-expender-bus: Make arm to support
> PXB-PCIE
> 
> On Mon, Feb 17, 2020 at 07:18:18PM +0800, Yubo Miao wrote:
> > From: miaoyubo 
> >
> > Currently virt machine is not supported by pxb-pcie, and only one main
> > host bridge described in ACPI tables.
> > Under this circumstance, different io numas for differnt devices is
> > not possible, in order to present io numas to the guest, especially
> > for host pssthrough devices. PXB-PCIE is supproted by arm and certain
> > resource is allocated for each pxb-pcie in acpi table.
> >
> > Signed-off-by: miaoyubo 
> 
> A unit test would be nic.
> 

Thanks for replying, I will add the unit test in patch V3.

> > ---
> >  hw/arm/virt-acpi-build.c | 240 +---
> ---
> >  hw/pci-host/gpex.c   |   4 +
> >  include/hw/arm/virt.h|   1 +
> >  3 files changed, 184 insertions(+), 61 deletions(-)
> >
> > diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c index
> > bd5f771e9b..fc11525042 100644
> > --- a/hw/arm/virt-acpi-build.c
> > +++ b/hw/arm/virt-acpi-build.c
> > @@ -49,6 +49,8 @@
> >  #include "kvm_arm.h"
> >  #include "migration/vmstate.h"
> >
> > +#include "hw/arm/virt.h"
> > +#include "hw/pci/pci_bus.h"
> >  #define ARM_SPI_BASE 32
> >
> > +method = aml_method("_CRS", 0, AML_NOTSERIALIZED);
> > +Aml *rbuf = aml_resource_template();
> > +aml_append(rbuf,
> > +aml_word_bus_number(AML_MIN_FIXED, AML_MAX_FIXED,
> AML_POS_DECODE,
> > +0x, 0x, root_bus_limit, 0x,
> > +root_bus_limit + 1));
> > +aml_append(rbuf,
> > +aml_dword_memory(AML_POS_DECODE, AML_MIN_FIXED,
> AML_MAX_FIXED,
> > + AML_NON_CACHEABLE, AML_READ_WRITE, 0x,
> base_mmio,
> > + base_mmio + size_mmio - 1 - size_addr * count,
> > + 0x, size_mmio - size_addr * count));
> > +aml_append(rbuf,
> > +aml_dword_io(AML_MIN_FIXED, AML_MAX_FIXED,
> AML_POS_DECODE,
> > + AML_ENTIRE_RANGE, 0x, 0x,
> > + size_pio / 2 - 1 - size_io * count, base_pio,
> > + size_pio / 2 - size_io * count));
> > +
> > +if (use_highmem) {
> > +hwaddr base_mmio_high = memmap[VIRT_HIGH_PCIE_MMIO].base;
> > +hwaddr size_mmio_high = memmap[VIRT_HIGH_PCIE_MMIO].size;
> > +
> > +aml_append(rbuf,
> > +aml_qword_memory(AML_POS_DECODE, AML_MIN_FIXED,
> AML_MAX_FIXED,
> > + AML_NON_CACHEABLE, AML_READ_WRITE, 0x,
> > + base_mmio_high,
> > + base_mmio_high + size_mmio_high - 1 -
> > + size_addr * count,
> > + 0x, size_mmio_high - size_addr * count));
> > +}
> > +
> > +aml_append(method, aml_name_decl("RBUF", rbuf));
> > +aml_append(method, aml_return(rbuf));
> > +aml_append(dev, method);
> > +
> > +acpi_dsdt_add_pci_osc(dev, scope);
> >
> >  Aml *dev_rp0 = aml_device("%s", "RP0");
> >  aml_append(dev_rp0, aml_name_decl("_ADR", aml_int(0)));
> 
> 
> this will be easier to review if you first refactor existing code, then add 
> pxb
> support on top.
> 

Thanks for the suggestion, the next patch would separate this patch into two 
patches, 
one is to refactor existing code and another one add pxb support.

> > @@ -744,7 +862,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
> VirtMachineState *vms)
> >  acpi_dsdt_add_virtio(scope, [VIRT_MMIO],
> >  (irqmap[VIRT_MMIO] + ARM_SPI_BASE),
> NUM_VIRTIO_TRANSPORTS);
> >  acpi_dsdt_add_pci(scope, memmap, (irqmap[VIRT_PCIE] +
> ARM_SPI_BASE),
> > -  vms->highmem, vms->highmem_ecam);
> > +  vms->highmem, vms->highmem_ecam, vms);
> >  if (vms->acpi_dev) {
> >  build_ged_aml(scope, "\\_SB."GED_DEVICE,
> >HOTPLUG_HANDLER(vms->acpi_dev), diff --git
> > a/hw/pci-host/gpex.c b/hw/pci-host/gpex.c index 0ca604dc62..2c18cdfec4
> > 100644
> > --- a/hw/pci-host/gpex.c
> > +++ b/hw/pci-host/gpex.c
> > @@ -36,6 +36,7 @@
> >  #include "hw/qdev-properties.h"
> >  #include "migration/vmstate.h"
> >  #include "qemu/module.h"
> > +#include "hw/arm/virt.h"
> >
> >
> /**
> **
> >   * GPEX host
> > @@ -98,6 +99,9 @@ static void gpex_host_realize(DeviceState *dev, Error
> **errp)
> >   pci_swizzle_map_irq_fn, s, 
> > >io_mmio,
> >   >io_ioport, 0, 4,
> > TYPE_PCIE_BUS);
> >
> > 

Re: docs: Update vhost-user spec regarding backend program conventions

[Boeuf, Sebastien]

On Fri, 2020-02-14 at 14:21 +, Daniel P. Berrangé wrote:
> On Fri, Feb 14, 2020 at 03:00:34PM +0100, Marc-André Lureau wrote:
> > Hi
> > 
> > On Fri, Feb 14, 2020 at 2:24 PM Boeuf, Sebastien
> >  wrote:
> > > Hi Marc-Andre,
> > > 
> > > On Tue, 2020-02-11 at 22:24 +0100, Marc-André Lureau wrote:
> > > > Hi
> > > > 
> > > > On Tue, Feb 11, 2020 at 4:24 PM Boeuf, Sebastien
> > > >  wrote:
> > > > > From c073d528b8cd7082832fd1825dc33dd65b305aa2 Mon Sep 17
> > > > > 00:00:00
> > > > > 2001
> > > > > From: Sebastien Boeuf 
> > > > > Date: Tue, 11 Feb 2020 16:01:22 +0100
> > > > > Subject: [PATCH] docs: Update vhost-user spec regarding
> > > > > backend
> > > > > program
> > > > >  conventions
> > > > > 
> > > > > The vhost-user specification is not clearly stating the
> > > > > expected
> > > > > behavior from a backend program whenever the client
> > > > > disconnects.
> > > > > 
> > > > > This patch addresses the issue by defining the default
> > > > > behavior and
> > > > > proposing an alternative through a command line option.
> > > > > 
> > > > > By default, a backend program will have to keep listening
> > > > > even if
> > > > > the
> > > > > client disconnects, unless told otherwise through the newly
> > > > > introduced
> > > > > option --exit-on-disconnect.
> > > > > 
> > > > > Signed-off-by: Sebastien Boeuf 
> > > > > Signed-off-by: Stefan Hajnoczi 
> > > > > ---
> > > > >  docs/interop/vhost-user.rst | 10 ++
> > > > >  1 file changed, 10 insertions(+)
> > > > > 
> > > > > diff --git a/docs/interop/vhost-user.rst
> > > > > b/docs/interop/vhost-
> > > > > user.rst
> > > > > index 5f8b3a456b..da9a1ebc4c 100644
> > > > > --- a/docs/interop/vhost-user.rst
> > > > > +++ b/docs/interop/vhost-user.rst
> > > > > @@ -1323,6 +1323,10 @@ The backend program must end (as
> > > > > quickly and
> > > > > cleanly as possible) when
> > > > >  the SIGTERM signal is received. Eventually, it may receive
> > > > > SIGKILL
> > > > > by
> > > > >  the management layer after a few seconds.
> > > > > 
> > > > > +By default, the backend program continues running after the
> > > > > client
> > > > > +disconnects. It accepts only 1 connection at a time on each
> > > > > UNIX
> > > > > domain
> > > > > +socket.
> > > > 
> > > > I don't think that's the most common behaviour. libvhost-user
> > > > will
> > > > panic() on disconnect in general, unless the error/exit is
> > > > handled
> > > > gracefully by the backend.
> > > 
> > > It's not the default behavior from libvhost-user, but that's
> > > exactly
> > > something I'd like to see changing. This should be the normal
> > > case if
> > > you think about a standard client/server connection, where the
> > > server
> > > would simply listen again after the client disconnects.
> > 
> > I disagree, a "normal" lifecycle is a single connection & instance
> > per device.
> > 
> > Having the backend handle multiple connections is needlessly more
> > complicated. You need to correctly handle multiple states, flushed
> > anything private between connections etc. It should be optional.
> > 
> > 
> > > > The most common case is to have 1-1 relation between
> > > > device/qemu
> > > > instance and backend.
> > > 
> > > Yes this part is fine, but that's not a reason why the backend
> > > should
> > > terminates.
> > 
> > It is simpler to ensure it is reset correctly.
> > 
> > > > Why not restart the backend for another instance?
> > > 
> > > Because you need some management tool to do so. And I think that
> > > by
> > > default it could be interesting to have the least amount of extra
> > > management involved.
> > 
> > The management layer should be involved if any side crashes or
> > restart anyway.
> 
> Further, this vhost-user.rst spec document is explicitly describing
> the contract between the vhost-user binaries and the management
> layer. So it doesn't make sense to say update this doc to describe
> desired semantics for usage /without/ a management layer.

Is it? What I call management layer is something like Kata Containers,
spawning both the backend and the VMM. IMO, the document is more about
describing the protocol and how the communication is handled between
the backend and the VMM.

> 
> So I agree, the default behaviour should be that there is one binary
> spawned at time the associated device is initialization, and that
> the lifetime of the binary is 1:1 associated with the lifetime of
> the VM, or until the device is unplugged. 

If you all agree on this, then at least we should make this clear in
the document. I'll update the patch.

Thanks,
Sebastien

> 
> Regards,
> Daniel
-
Intel Corporation SAS (French simplified joint stock company)
Registered headquarters: "Les Montalets"- 2, rue de Paris, 
92196 Meudon Cedex, France
Registration Number:  302 456 199 R.C.S. NANTERRE
Capital: 4,572,000 Euros

This e-mail and any attachments may contain confidential material for
the sole use of the 

Re: docs: Update vhost-user spec regarding backend program conventions

[Boeuf, Sebastien]

On Fri, 2020-02-14 at 15:00 +0100, Marc-André Lureau wrote:
> Hi
> 
> On Fri, Feb 14, 2020 at 2:24 PM Boeuf, Sebastien
>  wrote:
> > Hi Marc-Andre,
> > 
> > On Tue, 2020-02-11 at 22:24 +0100, Marc-André Lureau wrote:
> > > Hi
> > > 
> > > On Tue, Feb 11, 2020 at 4:24 PM Boeuf, Sebastien
> > >  wrote:
> > > > From c073d528b8cd7082832fd1825dc33dd65b305aa2 Mon Sep 17
> > > > 00:00:00
> > > > 2001
> > > > From: Sebastien Boeuf 
> > > > Date: Tue, 11 Feb 2020 16:01:22 +0100
> > > > Subject: [PATCH] docs: Update vhost-user spec regarding backend
> > > > program
> > > >  conventions
> > > > 
> > > > The vhost-user specification is not clearly stating the
> > > > expected
> > > > behavior from a backend program whenever the client
> > > > disconnects.
> > > > 
> > > > This patch addresses the issue by defining the default behavior
> > > > and
> > > > proposing an alternative through a command line option.
> > > > 
> > > > By default, a backend program will have to keep listening even
> > > > if
> > > > the
> > > > client disconnects, unless told otherwise through the newly
> > > > introduced
> > > > option --exit-on-disconnect.
> > > > 
> > > > Signed-off-by: Sebastien Boeuf 
> > > > Signed-off-by: Stefan Hajnoczi 
> > > > ---
> > > >  docs/interop/vhost-user.rst | 10 ++
> > > >  1 file changed, 10 insertions(+)
> > > > 
> > > > diff --git a/docs/interop/vhost-user.rst b/docs/interop/vhost-
> > > > user.rst
> > > > index 5f8b3a456b..da9a1ebc4c 100644
> > > > --- a/docs/interop/vhost-user.rst
> > > > +++ b/docs/interop/vhost-user.rst
> > > > @@ -1323,6 +1323,10 @@ The backend program must end (as quickly
> > > > and
> > > > cleanly as possible) when
> > > >  the SIGTERM signal is received. Eventually, it may receive
> > > > SIGKILL
> > > > by
> > > >  the management layer after a few seconds.
> > > > 
> > > > +By default, the backend program continues running after the
> > > > client
> > > > +disconnects. It accepts only 1 connection at a time on each
> > > > UNIX
> > > > domain
> > > > +socket.
> > > 
> > > I don't think that's the most common behaviour. libvhost-user
> > > will
> > > panic() on disconnect in general, unless the error/exit is
> > > handled
> > > gracefully by the backend.
> > 
> > It's not the default behavior from libvhost-user, but that's
> > exactly
> > something I'd like to see changing. This should be the normal case
> > if
> > you think about a standard client/server connection, where the
> > server
> > would simply listen again after the client disconnects.
> 
> I disagree, a "normal" lifecycle is a single connection & instance
> per device.
> 
> Having the backend handle multiple connections is needlessly more
> complicated. You need to correctly handle multiple states, flushed
> anything private between connections etc. It should be optional.

Ok so you're okay with explicitely stating the default behavior being a
single connection per device, which means the backend terminates after
the client disconnected. But also, that we can add an option to
explicitely ask the backend to continue listening after the client
disconnects. Does that sounds good?

> 
> 
> > > The most common case is to have 1-1 relation between device/qemu
> > > instance and backend.
> > 
> > Yes this part is fine, but that's not a reason why the backend
> > should
> > terminates.
> 
> It is simpler to ensure it is reset correctly.
> 
> > > Why not restart the backend for another instance?
> > 
> > Because you need some management tool to do so. And I think that by
> > default it could be interesting to have the least amount of extra
> > management involved.
> 
> The management layer should be involved if any side crashes or
> restart anyway.
> 
> > > > +
> > > >  The following command line options have an expected behaviour.
> > > > They
> > > >  are mandatory, unless explicitly said differently:
> > > > 
> > > > @@ -1337,6 +1341,12 @@ are mandatory, unless explicitly said
> > > > differently:
> > > >vhost-user socket as file descriptor FDNUM. It is
> > > > incompatible
> > > > with
> > > >--socket-path.
> > > > 
> > > > +--exit-on-disconnect
> > > > +
> > > > +  When this option is provided, the backend program must
> > > > terminate
> > > > when
> > > > +  the client disconnects. This can be used to keep the backend
> > > > program's
> > > > +  lifetime synchronized with its client process.
> > > 
> > > This section list options that are mandatory. It's probably a bit
> > > late
> > > to add more mandatory options (I regret already some of them)
> > 
> > The spec states "They are mandatory, unless explicitly said
> > differently", and in this case I'm explicitely saying "When this
> > option
> > is provided", which means if it's not provided it's fine and we can
> > ignore the fact it's not there.
> 
> Ah ok,  I think we can guard it with a capability too.

Could you elaborate, I'm not sure to understand how to use this
capability that you're referring to.

> 
> > > Do we need to specify the behaviour 

Re: [PULL SUBSYSTEM qemu-pseries] pseries: Update SLOF firmware image

[Cédric Le Goater]

On 2/18/20 1:30 AM, Alexey Kardashevskiy wrote:
> 
> 
> On 17/02/2020 20:48, Cédric Le Goater wrote:
>> On 2/17/20 3:12 AM, Alexey Kardashevskiy wrote:
>>> The following changes since commit 05943fb4ca41f626078014c0327781815c6584c5:
>>>
>>>   ppc: free 'fdt' after reset the machine (2020-02-17 11:27:23 +1100)
>>>
>>> are available in the Git repository at:
>>>
>>>   g...@github.com:aik/qemu.git tags/qemu-slof-20200217
>>>
>>> for you to fetch changes up to ea9a03e5aa023c5391bab5259898475d0298aac2:
>>>
>>>   pseries: Update SLOF firmware image (2020-02-17 13:08:59 +1100)
>>>
>>> 
>>> Alexey Kardashevskiy (1):
>>>   pseries: Update SLOF firmware image
>>>
>>>  pc-bios/README   |   2 +-
>>>  pc-bios/slof.bin | Bin 931032 -> 968560 bytes
>>>  roms/SLOF|   2 +-
>>>  3 files changed, 2 insertions(+), 2 deletions(-)
>>>
>>>
>>> *** Note: this is not for master, this is for pseries
>>>
>>
>> Hello Alexey,
>>
>> QEMU fails to boot from disk. See below.
> 
> 
> It does boot mine (fedora 30, ubuntu 18.04), see below. I believe I
> could have broken something but I need more detail. Thanks,

fedora31 boots but not ubuntu 19.10. Could it be GRUB version 2.04 ? 

C.


> 
> 
> 
> 
> SLOF **
> QEMU Starting
>  Build Date = Feb 17 2020 13:06:47
>  FW Version = git-42228d763f1fdb7b
>  Press "s" to enter Open Firmware.
> 
> Populating /vdevice methods
> Populating /vdevice/nvram@7100
> Populating /vdevice/vty@71000110
> Populating /pci@8002000
>  00  (D) : 1af4 1000virtio [ net ]
>  00 0800 (D) : 1af4 1004virtio [ scsi ]
> Populating /pci@8002000/scsi@1
>SCSI: Looking for devices
>   100 DISK : "QEMU QEMU HARDDISK2.5+"
> No NVRAM common partition, re-initializing...
> Scanning USB
> Using default console: /vdevice/vty@71000110
> 
>   Welcome to Open Firmware
> 
>   Copyright (c) 2004, 2017 IBM Corporation All rights reserved.
>   This program and the accompanying materials are made available
>   under the terms of the BSD License available at
>   http://www.opensource.org/licenses/bsd-license.php
> 
> 
> Trying to load:  from: /pci@8002000/scsi@1/disk@100
> ...   Successfully loaded
> 
> 
> 
> 
> 
> 
>   Fedora (5.5.0-rc5-le-guest_v5.5-rc5_a+fstn1) 30 (Thirty)
> 
>   Fedora (5.0.9-301.fc30.ppc64le) 30 (Thirty)
> 
>   Fedora (0-rescue-8f8bbec520a44fd09da6af8e0d2c6571) 30 (Thirty)
> 
> 
> 
> 
>>
>> Thanks,
>>
>> C.
>>
>>
>> QEMU Starting
>>  Build Date = Feb 17 2020 13:06:47
>>  FW Version = git-42228d763f1fdb7b
>>  Press "s" to enter Open Firmware.
>>
>> Populating /vdevice methods
>> Populating /vdevice/vty@7100
>> Populating /vdevice/nvram@7101
>> Populating /pci@8002000
>>  00 0800 (D) : 1af4 1004virtio [ scsi ]
>> Populating /pci@8002000/scsi@1
>>SCSI: Looking for devices
>>   100 DISK : "QEMU QEMU HARDDISK2.5+"
>>  00 1000 (D) : 1af4 1000virtio [ net ]
>>  00 2000 (D) : 1b36 000dserial bus [ usb-xhci ]
>> No NVRAM common partition, re-initializing...
>> Scanning USB 
>>   XHCI: Initializing
>> Using default console: /vdevice/vty@7100
>>  
>>   Welcome to Open Firmware
>>
>>   Copyright (c) 2004, 2017 IBM Corporation All rights reserved.
>>   This program and the accompanying materials are made available
>>   under the terms of the BSD License available at
>>   http://www.opensource.org/licenses/bsd-license.php
>>
>>
>> Trying to load:  from: /pci@8002000/scsi@1/disk@100 ...  
>> slash SCSI-DISK: Access beyond end of device ! 
>>
>> Out of internal memory.
>> SCSI-DISK: Access beyond end of device ! 
>> SCSI-DISK: Access beyond end of device ! 
>> SCSI-DISK: Access beyond end of device ! 
>> SCSI-DISK: Access beyond end of device ! 
>> SCSI-DISK: Access beyond end of device ! 
>>
> 

Re: [PATCH v5 47/79] m68k/q800: use memdev for RAM

[Philippe Mathieu-Daudé]

On 2/17/20 6:34 PM, Igor Mammedov wrote:

Switch to using generic main RAM allocation. To do this set
MachineClass::default_ram_id to m68k_mac.ram and use
MachineState::ram instead of manually initializing
RAM memory region.

Signed-off-by: Igor Mammedov 
Acked-by: Laurent Vivier 
---
  hw/m68k/q800.c | 6 ++
  1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/hw/m68k/q800.c b/hw/m68k/q800.c
index 1e32363688..a4c4bc14cb 100644
--- a/hw/m68k/q800.c
+++ b/hw/m68k/q800.c
@@ -160,7 +160,6 @@ static void q800_init(MachineState *machine)
  ram_addr_t initrd_base;
  int32_t initrd_size;
  MemoryRegion *rom;
-MemoryRegion *ram;
  MemoryRegion *io;
  const int io_slice_nb = (IO_SIZE / IO_SLICE) - 1;
  int i;
@@ -194,9 +193,7 @@ static void q800_init(MachineState *machine)
  qemu_register_reset(main_cpu_reset, cpu);
  
  /* RAM */

-ram = g_malloc(sizeof(*ram));
-memory_region_init_ram(ram, NULL, "m68k_mac.ram", ram_size, _abort);
-memory_region_add_subregion(get_system_memory(), 0, ram);
+memory_region_add_subregion(get_system_memory(), 0, machine->ram);
  
  /*

   * Memory from IO_BASE to IO_BASE + IO_SLICE is repeated
@@ -443,6 +440,7 @@ static void q800_machine_class_init(ObjectClass *oc, void 
*data)
  mc->max_cpus = 1;
  mc->is_default = 0;
  mc->block_default_type = IF_SCSI;
+mc->default_ram_id = "m68k_mac.ram";
  }
  
  static const TypeInfo q800_machine_typeinfo = {




Reviewed-by: Philippe Mathieu-Daudé 

[Bug 1863710] [NEW] qemu 4.2 does not process discard(trim) commands

[Chris S.]

Public bug reported:

I'm using Arch Linux with qemu 4.2 and blktrace to monitor discard
commands as they are sent to the hardware.  Blktrace shows nothing as
the VM is trimming the SSDs.

I downgraded to qemu 4.1.1 and blktrace shows lots of discard commands
as the VM is trimming.

Kernel version is 5.5.4.

Attached is the libvirt xml.

** Affects: qemu
 Importance: Undecided
 Status: New

** Attachment added: "win10-real.xml"
   
https://bugs.launchpad.net/bugs/1863710/+attachment/5329158/+files/win10-real.xml

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1863710

Title:
  qemu 4.2 does not process discard(trim) commands

Status in QEMU:
  New

Bug description:
  I'm using Arch Linux with qemu 4.2 and blktrace to monitor discard
  commands as they are sent to the hardware.  Blktrace shows nothing as
  the VM is trimming the SSDs.

  I downgraded to qemu 4.1.1 and blktrace shows lots of discard commands
  as the VM is trimming.

  Kernel version is 5.5.4.

  Attached is the libvirt xml.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1863710/+subscriptions

Re: [PATCH v5 49/79] m68k/next-cube: use memdev for RAM

[Philippe Mathieu-Daudé]

On 2/17/20 6:34 PM, Igor Mammedov wrote:

memory_region_allocate_system_memory() API is going away, so
replace it with memdev allocated MemoryRegion. The later is
initialized by generic code, so board only needs to opt in
to memdev scheme by providing
   MachineClass::default_ram_id
and using MachineState::ram instead of manually initializing
RAM memory region.

Signed-off-by: Igor Mammedov 
Acked-by: Thomas Huth 
---
  hw/m68k/next-cube.c | 5 ++---
  1 file changed, 2 insertions(+), 3 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v5 41/79] hppa: use memdev for RAM

[Philippe Mathieu-Daudé]

On 2/17/20 6:34 PM, Igor Mammedov wrote:

memory_region_allocate_system_memory() API is going away, so
replace it with memdev allocated MemoryRegion. The later is
initialized by generic code, so board only needs to opt in
to memdev scheme by providing
   MachineClass::default_ram_id
and using MachineState::ram instead of manually initializing
RAM memory region.

Signed-off-by: Igor Mammedov 
---
CC: r...@twiddle.net
CC: del...@gmx.de
---
  hw/hppa/machine.c | 10 +++---
  1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index d8755ec422..67181e75ba 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -71,14 +71,11 @@ static void machine_hppa_init(MachineState *machine)
  uint64_t kernel_entry = 0, kernel_low, kernel_high;
  MemoryRegion *addr_space = get_system_memory();
  MemoryRegion *rom_region;
-MemoryRegion *ram_region;
  MemoryRegion *cpu_region;
  long i;
  unsigned int smp_cpus = machine->smp.cpus;
  SysBusDevice *s;
  
-ram_size = machine->ram_size;

-
  /* Create CPUs.  */
  for (i = 0; i < smp_cpus; i++) {
  char *name = g_strdup_printf("cpu%ld-io-eir", i);
@@ -97,10 +94,8 @@ static void machine_hppa_init(MachineState *machine)
  error_report("RAM size is currently restricted to 3GB");
  exit(EXIT_FAILURE);
  }
-ram_region = g_new(MemoryRegion, 1);
-memory_region_allocate_system_memory(ram_region, OBJECT(machine),
- "ram", ram_size);
-memory_region_add_subregion_overlap(addr_space, 0, ram_region, -1);
+memory_region_add_subregion_overlap(addr_space, 0, machine->ram, -1);
+
  
  /* Init Lasi chip */

  lasi_init(addr_space);
@@ -298,6 +293,7 @@ static void machine_hppa_machine_init(MachineClass *mc)
  mc->is_default = 1;
  mc->default_ram_size = 512 * MiB;
  mc->default_boot_order = "cd";
+mc->default_ram_id = "ram";
  }
  
  DEFINE_MACHINE("hppa", machine_hppa_machine_init)




Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v5 24/79] arm/musicpal: use memdev for RAM

[Philippe Mathieu-Daudé]

On 2/17/20 8:11 PM, Richard Henderson wrote:

On 2/17/20 9:33 AM, Igor Mammedov wrote:

memory_region_allocate_system_memory() API is going away, so
replace it with memdev allocated MemoryRegion. The later is
initialized by generic code, so board only needs to opt in
to memdev scheme by providing
   MachineClass::default_ram_id
and using MachineState::ram instead of manually initializing
RAM memory region.

PS:
  while at it add check for user supplied RAM size and error
  out if it mismatches board expected value.

Signed-off-by: Igor Mammedov 
Reviewed-by: Andrew Jones 
---


Reviewed-by: Richard Henderson 


@@ -1589,16 +1590,21 @@ static void musicpal_init(MachineState *machine)
  int i;
  unsigned long flash_size;
  DriveInfo *dinfo;
+MachineClass *mc = MACHINE_GET_CLASS(machine);
  MemoryRegion *address_space_mem = get_system_memory();
-MemoryRegion *ram = g_new(MemoryRegion, 1);
  MemoryRegion *sram = g_new(MemoryRegion, 1);
  
+/* For now we use a fixed - the original - RAM size */

+if (machine->ram_size != mc->default_ram_size) {
+char *sz = size_to_str(mc->default_ram_size);
+error_report("Invalid RAM size, should be %s", sz);
+g_free(sz);
+exit(EXIT_FAILURE);
+}


If for some reason you need to re-spin this series again, and considering my
comment re arm/imx25_pdk, I think it would be worthwhile to create a common
helper for this:

void machine_memory_check_fixed_size(MachineState *machine)
{
 MachineClass *mc = MACHINE_GET_CLASS(machine);

 if (machine->ram_size != mc->default_ram_size) {
 char *sz = size_to_str(mc->default_ram_size);
 error_report("Invalid RAM size, should be %s", sz);
 g_free(sz);
 exit(EXIT_FAILURE);
 }
}

That would keep the language consistent across the boards.


Excellent idea.

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v5 23/79] arm/mps2: use memdev for RAM

[Philippe Mathieu-Daudé]

On 2/17/20 6:33 PM, Igor Mammedov wrote:

memory_region_allocate_system_memory() API is going away, so
replace it with memdev allocated MemoryRegion. The later is
initialized by generic code, so board only needs to opt in
to memdev scheme by providing
   MachineClass::default_ram_id
and using MachineState::ram instead of manually initializing
RAM memory region.

PS:
  while at it add check for user supplied RAM size and error
  out if it mismatches board expected value.

Signed-off-by: Igor Mammedov 
Reviewed-by: Andrew Jones 
---
v2:
   * fix format string causing build failure on 32-bit host
 (Philippe Mathieu-Daudé )
---
  hw/arm/mps2.c | 15 +++
  1 file changed, 11 insertions(+), 4 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v5 22/79] arm/mps2-tz: use memdev for RAM

[Philippe Mathieu-Daudé]

On 2/17/20 6:33 PM, Igor Mammedov wrote:

memory_region_allocate_system_memory() API is going away, so
replace it with memdev allocated MemoryRegion. The later is
initialized by generic code, so board only needs to opt in
to memdev scheme by providing
   MachineClass::default_ram_id
and using MachineState::ram instead of manually initializing
RAM memory region.

PS:
  while at it add check for user supplied RAM size and error
  out if it mismatches board expected value.

Signed-off-by: Igor Mammedov 
Reviewed-by: Andrew Jones 
---
v2:
   * fix format string causing build failure on 32-bit host
 (Philippe Mathieu-Daudé )
v4:
   * move default_ram_size to mps2tz_class_init()
 (Andrew Jones )
---
  hw/arm/mps2-tz.c | 15 +++
  1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
index f8b620bcc6..a8dea7dde1 100644
--- a/hw/arm/mps2-tz.c
+++ b/hw/arm/mps2-tz.c
@@ -39,6 +39,7 @@
  
  #include "qemu/osdep.h"

  #include "qemu/units.h"
+#include "qemu/cutils.h"
  #include "qapi/error.h"
  #include "qemu/error-report.h"
  #include "hw/arm/boot.h"
@@ -79,7 +80,6 @@ typedef struct {
  MachineState parent;
  
  ARMSSE iotkit;

-MemoryRegion psram;
  MemoryRegion ssram[3];
  MemoryRegion ssram1_m;
  MPS2SCC scc;
@@ -388,6 +388,13 @@ static void mps2tz_common_init(MachineState *machine)
  exit(1);
  }
  
+if (machine->ram_size != mc->default_ram_size) {

+char *sz = size_to_str(mc->default_ram_size);
+error_report("Invalid RAM size, should be %s", sz);
+g_free(sz);
+exit(EXIT_FAILURE);
+}
+
  sysbus_init_child_obj(OBJECT(machine), "iotkit", >iotkit,
sizeof(mms->iotkit), mmc->armsse_type);
  iotkitdev = DEVICE(>iotkit);
@@ -458,9 +465,7 @@ static void mps2tz_common_init(MachineState *machine)
   * tradeoffs. For QEMU they're all just RAM, though. We arbitrarily
   * call the 16MB our "system memory", as it's the largest lump.
   */
-memory_region_allocate_system_memory(>psram,
- NULL, "mps.ram", 16 * MiB);
-memory_region_add_subregion(system_memory, 0x8000, >psram);
+memory_region_add_subregion(system_memory, 0x8000, machine->ram);
  
  /* The overflow IRQs for all UARTs are ORed together.

   * Tx, Rx and "combined" IRQs are sent to the NVIC separately.
@@ -642,6 +647,8 @@ static void mps2tz_class_init(ObjectClass *oc, void *data)
  
  mc->init = mps2tz_common_init;

  iic->check = mps2_tz_idau_check;
+mc->default_ram_size = 16 * MiB;
+mc->default_ram_id = "mps.ram";
  }
  
  static void mps2tz_an505_class_init(ObjectClass *oc, void *data)




Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v5 17/79] arm/integratorcp: use memdev for RAM

[Philippe Mathieu-Daudé]

On 2/17/20 6:33 PM, Igor Mammedov wrote:

memory_region_allocate_system_memory() API is going away, so
replace it with memdev allocated MemoryRegion. The later is
initialized by generic code, so board only needs to opt in
to memdev scheme by providing
   MachineClass::default_ram_id
and using MachineState::ram instead of manually initializing
RAM memory region.

Signed-off-by: Igor Mammedov 
Reviewed-by: Andrew Jones 
---
CC: peter.ch...@nicta.com.au
---
  hw/arm/integratorcp.c | 9 -
  1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
index 0cd94d9f09..cc845b8534 100644
--- a/hw/arm/integratorcp.c
+++ b/hw/arm/integratorcp.c
@@ -585,7 +585,6 @@ static void integratorcp_init(MachineState *machine)
  Object *cpuobj;
  ARMCPU *cpu;
  MemoryRegion *address_space_mem = get_system_memory();
-MemoryRegion *ram = g_new(MemoryRegion, 1);
  MemoryRegion *ram_alias = g_new(MemoryRegion, 1);
  qemu_irq pic[32];
  DeviceState *dev, *sic, *icp;
@@ -605,14 +604,13 @@ static void integratorcp_init(MachineState *machine)
  
  cpu = ARM_CPU(cpuobj);
  
-memory_region_allocate_system_memory(ram, NULL, "integrator.ram",

- ram_size);
  /* ??? On a real system the first 1Mb is mapped as SSRAM or boot flash.  
*/
  /* ??? RAM should repeat to fill physical memory space.  */
  /* SDRAM at address zero*/
-memory_region_add_subregion(address_space_mem, 0, ram);
+memory_region_add_subregion(address_space_mem, 0, machine->ram);
  /* And again at address 0x8000 */
-memory_region_init_alias(ram_alias, NULL, "ram.alias", ram, 0, ram_size);
+memory_region_init_alias(ram_alias, NULL, "ram.alias", machine->ram,
+ 0, ram_size);
  memory_region_add_subregion(address_space_mem, 0x8000, ram_alias);
  
  dev = qdev_create(NULL, TYPE_INTEGRATOR_CM);

@@ -660,6 +658,7 @@ static void integratorcp_machine_init(MachineClass *mc)
  mc->init = integratorcp_init;
  mc->ignore_memory_transaction_failures = true;
  mc->default_cpu_type = ARM_CPU_TYPE_NAME("arm926");
+mc->default_ram_id = "integrator.ram";
  }
  
  DEFINE_MACHINE("integratorcp", integratorcp_machine_init)




Looking at integratorcm_realize() this machine seems to handle at most 
512MiB.

Re: [PATCH v5 15/79] arm/imx25_pdk: drop RAM size fixup

[Philippe Mathieu-Daudé]

On 2/17/20 7:56 PM, Richard Henderson wrote:

On 2/17/20 9:33 AM, Igor Mammedov wrote:

  /* We need to initialize our memory */
  if (machine->ram_size > (FSL_IMX25_SDRAM0_SIZE + FSL_IMX25_SDRAM1_SIZE)) {
-warn_report("RAM size " RAM_ADDR_FMT " above max supported, "
+error_report("RAM size " RAM_ADDR_FMT " above max supported, "
  "reduced to %x", machine->ram_size,
  FSL_IMX25_SDRAM0_SIZE + FSL_IMX25_SDRAM1_SIZE);
-machine->ram_size = FSL_IMX25_SDRAM0_SIZE + FSL_IMX25_SDRAM1_SIZE;
+exit(EXIT_FAILURE);


The wording here doesn't make sense anymore.
I think it would be better to mirror that used elsewhere:

+char *sz = size_to_str(mc->default_ram_size);
+error_report("Invalid RAM size, should be %s", sz);
+g_free(sz);

With that,
Reviewed-by: Richard Henderson 


Agreed.
Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v4 00/20] Add Allwinner H3 SoC and Orange Pi PC Machine

[Philippe Mathieu-Daudé]

On 2/17/20 9:27 PM, Niek Linnenbank wrote:

Hi Philippe,

On Wed, Feb 12, 2020 at 11:12 PM Philippe Mathieu-Daudé 
mailto:phi...@redhat.com>> wrote:


On 2/12/20 10:47 PM, Niek Linnenbank wrote:
 > Hi all,
 >
 > Short status update regarding this series.
 >
 > Currently I am debugging booting NetBSD 9.0-RC2, which is recently
 > released [1]
 > The problem is that, apparently, RC2 can't mount the rootfs properly:
 >
 > [   3.1871510] vfs_mountroot: can't open root device
 > [   3.2141370] cannot mount root, error = 6
 >
 > This only happens using the RC2 filesystem image. However, the RC2
 > kernel can
 > properly load & boot the RC1 filesystem image, and the RC1 kernel
gives
 > the same error
 > on the RC2 filesystem.  But I dont think its a NetBSD-RC2 issue,
because
 > on a real
 > Orange Pi PC hardware board, this problem does not show.

Linux shows:
    console: mmc0: Problem switching card into high-speed mode!

QEMU MMC support is not in good shape, and high-speed SD card
support is
limited. I keep procrastinating at reviewing your SDHCI patch hm.

So you added:

   * DMA transfers
   * Direct FIFO I/O
   * Short/Long format command responses

I'd start diffing the trace output of the following events:

allwinner_sdhost*
sdcard*

with both kernels.

Thanks for the kind suggestions Philippe.
Indeed, comparing the trace files of both the RC1 and RC2 kernels is one 
of the things I did, and many more.


After extensive low-level debugging, I discovered that the issue is much 
more simple than I thought.
In particular, when using -sd , the emulated device gets the same 
physical size as the file.
Normally this is not a problem, but for the NetBSD RC2 image, the kernel 
reads the MBR partition table,
compares it with the device size and concludes that the NetBSD partition 
in the image is larger than the actual device.


Unfortunately, this root cause is not printed on the NetBSD console, 
only the final  'can't open root device' message.
Also, when running on hardware, obviously the SD card will be larger, 
e.g. 4GB or more, so that is why this issue does not show.


So the fix is to extend the input image by a few megabytes before 
booting it.
And on the positive side, with this search we now have more confidence 
that the

emulated SD/MMC device in Qemu works as expected.


Good news!

IIRC from the specs, cards are block devices and the only alignment 
required is the size of a block (512KiB for your 4GiB card).


That said I never saw a card not pow2 aligned, but the card firmware 
should be able to discard blocks and announce fewer. Maybe FreeBSD is 
incorrect assuming a pow2 alignment?




Kind regards,
Niek

 >
 > I'm comparing traces and adding more low-level debug output to
NetBSD
 > and QEMU to find the issue.
 >
 > Also I processed the review remarks which were send so far.
 >
 > Kind regards,
 > Niek
 >
 > [1] https://www.netbsd.org/releases/formal-9/NetBSD-9.0.html



--
Niek Linnenbank

Re: [PATCH v3 0/3] arm: allwinner: Wire up USB ports

[Philippe Mathieu-Daudé]

Cc'ing Niek.

On 2/17/20 9:48 PM, Guenter Roeck wrote:

Instantiate EHCI and OHCI controllers on Allwinner A10.

The first patch in the series moves the declaration of EHCISysBusState
from hcd-ohci.c to hcd-ohci.h. This lets us add the structure to
AwA10State. Similar, TYPE_SYSBUS_OHCI is moved to be able to use it
outside its driver.

The second patch introduces the ehci-sysbus property "companion-enable".
This lets us use object_property_set_bool() to enable companion mode.

The third patch instantiates EHCI and OHCI ports for Allwinner-A10
and marks the OHCI ports as companions of the respective EHCI ports.

Tested by attaching various high speed and full speed devices, and by
booting from USB drive.

v3: Rebased to master
v2: Add summary
 Rewrite to instantiate OHCI in companion mode; add patch 2/3
 Merge EHCI and OHCI instantiation into a single patch


Guenter Roeck (3):
   hw: usb: hcd-ohci: Move OHCISysBusState and TYPE_SYSBUS_OHCI to include 
file
   hcd-ehci: Introduce "companion-enable" sysbus property
   arm: allwinner: Wire up USB ports

  hw/arm/allwinner-a10.c | 43 ++
  hw/usb/hcd-ehci-sysbus.c   |  2 ++
  hw/usb/hcd-ohci.c  | 15 ---
  hw/usb/hcd-ohci.h  | 16 
  include/hw/arm/allwinner-a10.h |  6 ++
  5 files changed, 67 insertions(+), 15 deletions(-)

Re: [PATCH] mainstone: Make providing flash images non-mandatory

[Philippe Mathieu-Daudé]

On 2/17/20 10:08 PM, Guenter Roeck wrote:

Up to now, the mainstone machine only boots if two flash images are
provided. This is not really necessary; the machine can boot from initrd
or from SD without it. At the same time, having to provide dummy flash
images is a nuisance and does not add any real value. Make it optional.

Signed-off-by: Guenter Roeck 
---
  hw/arm/mainstone.c | 11 +--
  1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/hw/arm/mainstone.c b/hw/arm/mainstone.c
index b01ce3ce08..6e64dfab50 100644
--- a/hw/arm/mainstone.c
+++ b/hw/arm/mainstone.c
@@ -138,19 +138,10 @@ static void mainstone_common_init(MemoryRegion 
*address_space_mem,
  /* There are two 32MiB flash devices on the board */
  for (i = 0; i < 2; i ++) {
  dinfo = drive_get(IF_PFLASH, 0, i);
-if (!dinfo) {
-if (qtest_enabled()) {
-break;
-}
-error_report("Two flash images must be given with the "
- "'pflash' parameter");
-exit(1);
-}
-
  if (!pflash_cfi01_register(mainstone_flash_base[i],
 i ? "mainstone.flash1" : 
"mainstone.flash0",
 MAINSTONE_FLASH,
-   blk_by_legacy_dinfo(dinfo),
+   dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
 sector_len, 4, 0, 0, 0, 0, be)) {
  error_report("Error registering flash memory");
  exit(1);



Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH] z2: Make providing flash images non-mandatory

[Philippe Mathieu-Daudé]

On 2/17/20 10:09 PM, Guenter Roeck wrote:

Up to now, the z2 machine only boots if a flash image is provided.
This is not really necessary; the machine can boot from initrd or from
SD without it. At the same time, having to provide dummy flash images
is a nuisance and does not add any real value. Make it optional.

Signed-off-by: Guenter Roeck 
---
  hw/arm/z2.c | 6 --
  1 file changed, 6 deletions(-)

diff --git a/hw/arm/z2.c b/hw/arm/z2.c
index 34794fe3ae..4bb237f22d 100644
--- a/hw/arm/z2.c
+++ b/hw/arm/z2.c
@@ -314,12 +314,6 @@ static void z2_init(MachineState *machine)
  be = 0;
  #endif
  dinfo = drive_get(IF_PFLASH, 0, 0);
-if (!dinfo && !qtest_enabled()) {
-error_report("Flash image must be given with the "
- "'pflash' parameter");
-exit(1);
-}
-
  if (!pflash_cfi01_register(Z2_FLASH_BASE, "z2.flash0", Z2_FLASH_SIZE,
 dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
 sector_len, 4, 0, 0, 0, 0, be)) {



Reviewed-by: Philippe Mathieu-Daudé 

[PATCH v2 4/4] hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c

[Philippe Mathieu-Daudé]

Register 0x818 is documented as 'undefined', and register
0x82c is not documented. Refuse their access.

Acked-by: Helge Deller 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/hppa/dino.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index be799aad43..2b1b38c58a 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -181,7 +181,9 @@ static bool dino_chip_mem_valid(void *opaque, hwaddr addr,
 case DINO_IO_ADDR_EN:
 case DINO_PCI_IO_DATA:
 case DINO_TOC_ADDR:
-case DINO_GMASK ... DINO_TLTIM:
+case DINO_GMASK ... DINO_PCISTS:
+case DINO_MLTIM ... DINO_PCIWOR:
+case DINO_TLTIM:
 ret = true;
 break;
 case DINO_PCI_IO_DATA + 2:
-- 
2.21.1

[PATCH v2 0/4] hw/hppa/dino: Fix Coverity 1419387 / 1419393 / 1419394

[Philippe Mathieu-Daudé]

Easy fix for the overrun reported by Coverity.

Since v1:
- Fixed description to cover CID 1419387 (reported by Peter)
  (no code change)

Supersedes: <20200213234148.8434-1-f4...@amsat.org>

Philippe Mathieu-Daudé (4):
  hw/hppa/dino: Add comments with register name
  hw/hppa/dino: Fix reg800_keep_bits overrun (CID 1419387 1419393
1419394)
  hw/hppa/dino: Fix bitmask for the PCIROR register
  hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c

 hw/hppa/dino.c | 31 +--
 1 file changed, 17 insertions(+), 14 deletions(-)

-- 
2.21.1

[PATCH v2 3/4] hw/hppa/dino: Fix bitmask for the PCIROR register

[Philippe Mathieu-Daudé]

Only 24 bits of the PCIROR register are documented
(see pp. 37 of datasheet referenced in this file header).

Acked-by: Helge Deller 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/hppa/dino.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index 8868e31793..be799aad43 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -94,7 +94,7 @@ static const uint32_t reg800_keep_bits[DINO800_REGS] = {
 MAKE_64BIT_MASK(0, 32), /* Undefined */
 MAKE_64BIT_MASK(0, 8),  /* MLTIM */
 MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */
-MAKE_64BIT_MASK(0, 25), /* PCIROR */
+MAKE_64BIT_MASK(0, 24), /* PCIROR */
 MAKE_64BIT_MASK(0, 22), /* PCIWOR */
 MAKE_64BIT_MASK(0, 32), /* Undocumented */
 MAKE_64BIT_MASK(0, 9),  /* TLTIM */
-- 
2.21.1

[PATCH v2 1/4] hw/hppa/dino: Add comments with register name

[Philippe Mathieu-Daudé]

Add a comment with the name of each register in the 0x800-0x8ff range.

Acked-by: Helge Deller 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/hppa/dino.c | 24 
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index 9797a7f0d9..c237ad3b1b 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -85,18 +85,18 @@
 
 #define DINO800_REGS ((DINO_TLTIM - DINO_GMASK) / 4)
 static const uint32_t reg800_keep_bits[DINO800_REGS] = {
-MAKE_64BIT_MASK(0, 1),
-MAKE_64BIT_MASK(0, 7),
-MAKE_64BIT_MASK(0, 7),
-MAKE_64BIT_MASK(0, 8),
-MAKE_64BIT_MASK(0, 7),
-MAKE_64BIT_MASK(0, 9),
-MAKE_64BIT_MASK(0, 32),
-MAKE_64BIT_MASK(0, 8),
-MAKE_64BIT_MASK(0, 30),
-MAKE_64BIT_MASK(0, 25),
-MAKE_64BIT_MASK(0, 22),
-MAKE_64BIT_MASK(0, 9),
+MAKE_64BIT_MASK(0, 1),  /* GMASK */
+MAKE_64BIT_MASK(0, 7),  /* PAMR */
+MAKE_64BIT_MASK(0, 7),  /* PAPR */
+MAKE_64BIT_MASK(0, 8),  /* DAMODE */
+MAKE_64BIT_MASK(0, 7),  /* PCICMD */
+MAKE_64BIT_MASK(0, 9),  /* PCISTS */
+MAKE_64BIT_MASK(0, 32), /* Undefined */
+MAKE_64BIT_MASK(0, 8),  /* MLTIM */
+MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */
+MAKE_64BIT_MASK(0, 25), /* PCIROR */
+MAKE_64BIT_MASK(0, 22), /* PCIWOR */
+MAKE_64BIT_MASK(0, 9),  /* TLTIM */
 };
 
 typedef struct DinoState {
-- 
2.21.1

[PATCH v2 2/4] hw/hppa/dino: Fix reg800_keep_bits overrun (CID 1419387 1419393 1419394)

[Philippe Mathieu-Daudé]

Coverity reports:

  *** CID 1419387:  Memory - illegal accesses  (OVERRUN)
  /hw/hppa/dino.c: 267 in dino_chip_read_with_attrs()
  261 val = s->ilr & s->imr & s->icr;
  262 break;
  263 case DINO_TOC_ADDR:
  264 val = s->toc_addr;
  265 break;
  266 case DINO_GMASK ... DINO_TLTIM:
  >>> CID 1419387:  Memory - illegal accesses  (OVERRUN)
  >>> Overrunning array "s->reg800" of 12 4-byte elements at element index 
12 (byte offset 48) using index "(addr - 2048UL) / 4UL" (which evaluates to 12).
  267 val = s->reg800[(addr - DINO_GMASK) / 4];
  268 if (addr == DINO_PAMR) {
  269 val &= ~0x01;  /* LSB is hardwired to 0 */
  270 }
  271 if (addr == DINO_MLTIM) {
  272 val &= ~0x07;  /* 3 LSB are hardwired to 0 */

  *** CID 1419393:  Memory - corruptions  (OVERRUN)
  /hw/hppa/dino.c: 363 in dino_chip_write_with_attrs()
  357 /* These registers are read-only.  */
  358 break;
  359
  360 case DINO_GMASK ... DINO_TLTIM:
  361 i = (addr - DINO_GMASK) / 4;
  362 val &= reg800_keep_bits[i];
  >>> CID 1419393:  Memory - corruptions  (OVERRUN)
  >>> Overrunning array "s->reg800" of 12 4-byte elements at element index 
12 (byte offset 48) using index "i" (which evaluates to 12).
  363 s->reg800[i] = val;
  364 break;
  365
  366 default:
  367 /* Controlled by dino_chip_mem_valid above.  */
  368 g_assert_not_reached();

  *** CID 1419394:  Memory - illegal accesses  (OVERRUN)
  /hw/hppa/dino.c: 362 in dino_chip_write_with_attrs()
  356 case DINO_IRR1:
  357 /* These registers are read-only.  */
  358 break;
  359
  360 case DINO_GMASK ... DINO_TLTIM:
  361 i = (addr - DINO_GMASK) / 4;
  >>> CID 1419394:  Memory - illegal accesses  (OVERRUN)
  >>> Overrunning array "reg800_keep_bits" of 12 4-byte elements at element 
index 12 (byte offset 48) using index "i" (which evaluates to 12).
  362 val &= reg800_keep_bits[i];
  363 s->reg800[i] = val;
  364 break;
  365
  366 default:
  367 /* Controlled by dino_chip_mem_valid above.  */

Indeed the array should contain 13 entries, the undocumented
register 0x82c is missing. Fix by increasing the array size
and adding the missing register.

CID 1419387 can be verified with:

  $ echo x 0xfff80830 | hppa-softmmu/qemu-system-hppa -S -monitor stdio 
-display none
  QEMU 4.2.50 monitor - type 'help' for more information
  (qemu) x 0xfff80830
  qemu/hw/hppa/dino.c:267:15: runtime error: index 12 out of bounds for type 
'uint32_t [12]'
  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior 
/home/phil/source/qemu/hw/hppa/dino.c:267:15 in
  fff80830: 0x

and CID 1419393/1419394 with:

  $ echo writeb 0xfff80830 0x69 \
| hppa-softmmu/qemu-system-hppa -S -accel qtest -qtest stdio -display none
  [I 1581634452.654113] OPENED
  [R +4.105415] writeb 0xfff80830 0x69
  qemu/hw/hppa/dino.c:362:16: runtime error: index 12 out of bounds for type 
'const uint32_t [12]'
  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior 
qemu/hw/hppa/dino.c:362:16 in
  =
  ==29607==ERROR: AddressSanitizer: global-buffer-overflow on address 
0x5577dae32f30 at pc 0x5577d93f2463 bp 0x7ffd97ea11b0 sp 0x7ffd97ea11a8
  READ of size 4 at 0x5577dae32f30 thread T0
  #0 0x5577d93f2462 in dino_chip_write_with_attrs qemu/hw/hppa/dino.c:362:16
  #1 0x5577d9025664 in memory_region_write_with_attrs_accessor 
qemu/memory.c:503:12
  #2 0x5577d9024920 in access_with_adjusted_size qemu/memory.c:539:18
  #3 0x5577d9023608 in memory_region_dispatch_write qemu/memory.c:1482:13
  #4 0x5577d8e3177a in flatview_write_continue qemu/exec.c:3166:23
  #5 0x5577d8e20357 in flatview_write qemu/exec.c:3206:14
  #6 0x5577d8e1fef4 in address_space_write qemu/exec.c:3296:18
  #7 0x5577d8e20693 in address_space_rw qemu/exec.c:3306:16
  #8 0x5577d9011595 in qtest_process_command qemu/qtest.c:432:13
  #9 0x5577d900d19f in qtest_process_inbuf qemu/qtest.c:705:9
  #10 0x5577d900ca22 in qtest_read qemu/qtest.c:717:5
  #11 0x5577da8c4254 in qemu_chr_be_write_impl qemu/chardev/char.c:183:9
  #12 0x5577da8c430c in qemu_chr_be_write qemu/chardev/char.c:195:9
  #13 0x5577da8cf587 in fd_chr_read qemu/chardev/char-fd.c:68:9
  #14 0x5577da9836cd in qio_channel_fd_source_dispatch 
qemu/io/channel-watch.c:84:12
  #15 0x7faf44509ecc in g_main_context_dispatch 
(/lib64/libglib-2.0.so.0+0x4fecc)
  #16 0x5577dab75f96 in glib_pollfds_poll qemu/util/main-loop.c:219:9
  #17 0x5577dab74797 in os_host_main_loop_wait qemu/util/main-loop.c:242:5
  #18 0x5577dab7435a in main_loop_wait qemu/util/main-loop.c:518:11
  #19 

Re: [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394)

[Philippe Mathieu-Daudé]

On Tue, Feb 18, 2020 at 7:19 AM Philippe Mathieu-Daudé  wrote:
> On Mon, Feb 17, 2020 at 6:37 PM Peter Maydell  
> wrote:
> > On Thu, 13 Feb 2020 at 23:44, Philippe Mathieu-Daudé  
> > wrote:
> >
> >
> > > Fixes: Covertiy CID 1419393 and 1419394 (commit 18092598a5)
> > > Signed-off-by: Philippe Mathieu-Daudé 
> >
> > I think this also fixes CID 1419387 ?
>
> Ah I missed this one, indeed it does.

The description is erroneous, I'll respin.

>
> > thanks
> > -- PMM

Re: [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394)

[Philippe Mathieu-Daudé]

On Mon, Feb 17, 2020 at 6:37 PM Peter Maydell  wrote:
> On Thu, 13 Feb 2020 at 23:44, Philippe Mathieu-Daudé  wrote:
>
>
> > Fixes: Covertiy CID 1419393 and 1419394 (commit 18092598a5)
> > Signed-off-by: Philippe Mathieu-Daudé 
>
> I think this also fixes CID 1419387 ?

Ah I missed this one, indeed it does.

> thanks
> -- PMM

Re: [PATCH 00/22] linux-user: generate syscall_nr.sh

[Philippe Mathieu-Daudé]

On 2/17/20 11:35 PM, Laurent Vivier wrote:

This series copies the files syscall.tbl from linux v5.5 and generates
the file syscall_nr.h from them.


[...]

Laurent Vivier (22):
   linux-user: introduce parameters to generate syscall_nr.h
   linux-user,alpha: add syscall table generation support
   linux-user,hppa: add syscall table generation support
   linux-user,m68k: add syscall table generation support
   linux-user,xtensa: add syscall table generation support
   linux-user,sh4: add syscall table generation support
   linux-user,microblaze: add syscall table generation support
   linux-user,arm: add syscall table generation support
   linux-user,ppc: split syscall_nr.h
   linux-user,ppc: add syscall table generation support
   linux-user,s390x: remove syscall definitions for !TARGET_S390X
   linux-user,s390x: add syscall table generation support
   linux-user,sparc,sparc64: add syscall table generation support
   linux-user,i386: add syscall table generation support
   linux-user,x86_64: add syscall table generation support
   linux-user,mips: add syscall table generation support
   linux-user,mips64: split syscall_nr.h
   linux-user,mips64: add syscall table generation support
   linux-user,scripts: add a script to update syscall.tbl
   linux-user: update syscall.tbl from linux 0bf999f9c5e7
   linux-user,mips: move content of mips_syscall_args
   linux-user,mips: update syscall-args-o32.c.inc


I suppose the patch subject was generated and you meant to use 
"linux-user/" instead of "linux-user,". Is that right?

Re: [RFC PATCH v2 3/3] tools/virtiofsd/fuse_lowlevel: Fix fuse_out_header::error value

[Philippe Mathieu-Daudé]

On 2/17/20 9:06 PM, Dr. David Alan Gilbert wrote:

* Philippe Mathieu-Daudé (phi...@redhat.com) wrote:

Fix warning reported by Clang static code analyzer:

 CC  tools/virtiofsd/fuse_lowlevel.o
   tools/virtiofsd/fuse_lowlevel.c:195:9: warning: Value stored to 'error' is 
never read
   error = -ERANGE;
   ^   ~~~

Fixes: 2de121f01e
Reported-by: Clang Static Analyzer
Reviewed-by: Ján Tomko 
Signed-off-by: Philippe Mathieu-Daudé 


Nice, this actually fixes 3db2876


Good catch, so this fix can be applied to QEMU (while patch #1 needs 
backport from upstream libfuse), right?




Reviewed-by: Dr. David Alan Gilbert 


Thanks.




---
RFC because untested
---
  tools/virtiofsd/fuse_lowlevel.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
index 704c0369b2..2dd36ec03b 100644
--- a/tools/virtiofsd/fuse_lowlevel.c
+++ b/tools/virtiofsd/fuse_lowlevel.c
@@ -192,7 +192,7 @@ int fuse_send_reply_iov_nofree(fuse_req_t req, int error, 
struct iovec *iov,
  
  if (error <= -1000 || error > 0) {

  fuse_log(FUSE_LOG_ERR, "fuse: bad error value: %i\n", error);
-error = -ERANGE;
+out.error = -ERANGE;
  }
  
  iov[0].iov_base = 

--
2.21.1


--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [PATCH v12 Kernel 4/7] vfio iommu: Implementation of ioctl to for dirty pages tracking.

[Kirti Wankhede]

   As I understand the above algorithm, we find a vfio_dma
overlapping the request and populate the bitmap for that range.  Then
we go back and put_user() for each byte that we touched.  We could
instead simply work on a one byte buffer as we enumerate the requested
range and do a put_user() ever time we reach the end of it and have bits
set. That would greatly simplify the above example.  But I would expect
that we're a) more likely to get asked for ranges covering a single
vfio_dma


QEMU ask for single vfio_dma during each iteration.

If we restrict this ABI to cover single vfio_dma only, then it
simplifies the logic here. That was my original suggestion. Should we
think about that again?


But we currently allow unmaps that overlap multiple vfio_dmas as long
as no vfio_dma is bisected, so I think that implies that an unmap while
asking for the dirty bitmap has even further restricted semantics.  I'm
also reluctant to design an ABI around what happens to be the current
QEMU implementation.

If we take your example above, ranges {0x,0xa000} and
{0xa000,0x1} ({start,end}), I think you're working with the
following two bitmaps in this implementation:

0011 b
0011b

And we need to combine those into:

 b

Right?

But it seems like that would be easier if the second bitmap was instead:

1100b

Then we wouldn't need to worry about the entire bitmap being shifted by
the bit offset within the byte, which limits our fixes to the boundary
byte and allows us to use copy_to_user() directly for the bulk of the
copy.  So how do we get there?

I think we start with allocating the vfio_dma bitmap to account for
this initial offset, so we calculate bitmap_base_iova as:
(iova & ~((PAGE_SIZE << 3) - 1))
We then use bitmap_base_iova in calculating which bits to set.

The user needs to follow the same rules, and maybe this adds some value
to the user providing the bitmap size rather than the kernel
calculating it.  For example, if the user wanted the dirty bitmap for
the range {0xa000,0x1} above, they'd provide at least a 1 byte
bitmap, but we'd return bit #2 set to indicate 0xa000 is dirty.

Effectively the user can ask for any iova range, but the buffer will be
filled relative to the zeroth bit of the bitmap following the above
bitmap_base_iova formula (and replacing PAGE_SIZE with the user
requested pgsize).  I'm tempted to make this explicit in the user
interface (ie. only allow bitmaps starting on aligned pages), but a
user is able to map and unmap single pages and we need to support
returning a dirty bitmap with an unmap, so I don't think we can do that.
   


Sigh, finding adjacent vfio_dmas within the same byte seems simpler than
this.


How does KVM do this?  My intent was that if all of our bitmaps share
the same alignment then we can merge the intersection and continue to
use copy_to_user() on either side.  However, if QEMU doesn't do the
same, it doesn't really help us.  Is QEMU stuck with an implementation
of only retrieving dirty bits per MemoryRegionSection exactly because
of this issue and therefore we can rely on it in our implementation as
well?  Thanks,



QEMU sync dirty_bitmap per MemoryRegionSection. Within 
MemoryRegionSection there could be multiple KVMSlots. QEMU queries 
dirty_bitmap per KVMSlot and mark dirty for each KVMSlot.
On kernel side, KVM_GET_DIRTY_LOG ioctl calls 
kvm_get_dirty_log_protect(), where it uses copy_to_user() to copy bitmap 
of that memSlot.
vfio_dma is per MemoryRegionSection. We can reply on MemoryRegionSection 
in our implementation. But to get bitmap during unmap, we have to take 
care of concatenating bitmaps.


In QEMU, in function kvm_physical_sync_dirty_bitmap() there is a comment 
where bitmap size is calculated and bitmap is defined as 'void __user 
*dirty_bitmap' which is also the concern you raised and could be handled 
similarly as below.


/* XXX bad kernel interface alert
 * For dirty bitmap, kernel allocates array of size aligned to
 * bits-per-long.  But for case when the kernel is 64bits and
 * the userspace is 32bits, userspace can't align to the same
 * bits-per-long, since sizeof(long) is different between kernel
 * and user space.  This way, userspace will provide buffer which
 * may be 4 bytes less than the kernel will use, resulting in
 * userspace memory corruption (which is not detectable by valgrind
 * too, in most cases).
 * So for now, let's align to 64 instead of HOST_LONG_BITS here, in
 * a hope that sizeof(long) won't become >8 any time soon.
 */
if (!mem->dirty_bmap) {
hwaddr bitmap_size = ALIGN(((mem->memory_size) >> 
TARGET_PAGE_BITS),

/*HOST_LONG_BITS*/ 64) / 8;
/* Allocate on the first log_sync, once and for all */
mem->dirty_bmap = g_malloc0(bitmap_size);
}

Thanks,
Kirti

Re: [PULL SUBSYSTEM qemu-pseries] pseries: Update SLOF firmware image

[Philippe Mathieu-Daudé]

On 2/17/20 11:46 PM, David Gibson wrote:

On Mon, Feb 17, 2020 at 11:24:11AM +0100, Philippe Mathieu-Daudé wrote:

On 2/17/20 10:26 AM, Philippe Mathieu-Daudé wrote:

Hi Alexey,

On 2/17/20 3:12 AM, Alexey Kardashevskiy wrote:

The following changes since commit
05943fb4ca41f626078014c0327781815c6584c5:

    ppc: free 'fdt' after reset the machine (2020-02-17 11:27:23 +1100)

are available in the Git repository at:

    g...@github.com:aik/qemu.git tags/qemu-slof-20200217

for you to fetch changes up to ea9a03e5aa023c5391bab5259898475d0298aac2:

    pseries: Update SLOF firmware image (2020-02-17 13:08:59 +1100)


Alexey Kardashevskiy (1):
    pseries: Update SLOF firmware image

   pc-bios/README   |   2 +-
   pc-bios/slof.bin | Bin 931032 -> 968560 bytes
   roms/SLOF    |   2 +-
   3 files changed, 2 insertions(+), 2 deletions(-)


I only received the cover, not the patch, have you posted it?


OK I see the SLOF binary is almost 1MB. Maybe this got blocked by spam
filter. FYI you can use 'git-format-patch --no-binary' to emit the patch
with the commit description but without the content.


Generally Alexey sends SLOF updates to me just as pull requests
without patches in full, because a huge slab of base64 encoded
firmware isn't particularly illuminating.


I understand, this is why I later suggested Alexey to use 
'git-format-patch --no-binary', because Laszlo uses it for EDK2 
submodule, this allow to quickly review the change on the list (without 
posting the base64), see:


https://www.mail-archive.com/qemu-devel@nongnu.org/msg624429.html
(pull-request cover)

https://www.mail-archive.com/qemu-devel@nongnu.org/msg624432.html
"roms/edk2: update submodule"

https://www.mail-archive.com/qemu-devel@nongnu.org/msg624435.html
"pc-bios: refresh edk2 build artifacts"

[PATCH v4 5/5] new qTest case to test the vhost-user-blk-server

[Coiby Xu]

This test case has the same tests as tests/virtio-blk-test.c except for
tests have block_resize.

Signed-off-by: Coiby Xu 
---
 tests/Makefile.include  |   3 +-
 tests/qtest/Makefile.include|   2 +
 tests/qtest/libqos/vhost-user-blk.c | 126 +
 tests/qtest/libqos/vhost-user-blk.h |  44 ++
 tests/qtest/vhost-user-blk-test.c   | 694 
 5 files changed, 868 insertions(+), 1 deletion(-)
 create mode 100644 tests/qtest/libqos/vhost-user-blk.c
 create mode 100644 tests/qtest/libqos/vhost-user-blk.h
 create mode 100644 tests/qtest/vhost-user-blk-test.c

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 2f1cafed72..4b8637b5d4 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -629,7 +629,8 @@ endef
 $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: %-softmmu/all 
$(check-qtest-y)
$(call do_test_human,$(check-qtest-$*-y:%=tests/qtest/%$(EXESUF)) 
$(check-qtest-generic-y:%=tests/qtest/%$(EXESUF)), \
  QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \
- QTEST_QEMU_IMG=qemu-img$(EXESUF))
+ QTEST_QEMU_IMG=./qemu-img$(EXESUF) \
+ QTEST_QEMU_VU_BINARY=./qemu-vu$(EXESUF))
 
 check-unit: $(check-unit-y)
$(call do_test_human, $^)
diff --git a/tests/qtest/Makefile.include b/tests/qtest/Makefile.include
index eb0f23b108..f587fe9f4d 100644
--- a/tests/qtest/Makefile.include
+++ b/tests/qtest/Makefile.include
@@ -182,6 +182,7 @@ qos-test-obj-y += tests/qtest/libqos/virtio.o
 qos-test-obj-$(CONFIG_VIRTFS) += tests/qtest/libqos/virtio-9p.o
 qos-test-obj-y += tests/qtest/libqos/virtio-balloon.o
 qos-test-obj-y += tests/qtest/libqos/virtio-blk.o
+qos-test-obj-$(CONFIG_LINUX) += tests/qtest/libqos/vhost-user-blk.o
 qos-test-obj-y += tests/qtest/libqos/virtio-mmio.o
 qos-test-obj-y += tests/qtest/libqos/virtio-net.o
 qos-test-obj-y += tests/qtest/libqos/virtio-pci.o
@@ -224,6 +225,7 @@ qos-test-obj-$(CONFIG_VHOST_NET_USER) += 
tests/qtest/vhost-user-test.o $(chardev
 qos-test-obj-y += tests/qtest/virtio-test.o
 qos-test-obj-$(CONFIG_VIRTFS) += tests/qtest/virtio-9p-test.o
 qos-test-obj-y += tests/qtest/virtio-blk-test.o
+qos-test-obj-$(CONFIG_LINUX) += tests/qtest/vhost-user-blk-test.o
 qos-test-obj-y += tests/qtest/virtio-net-test.o
 qos-test-obj-y += tests/qtest/virtio-rng-test.o
 qos-test-obj-y += tests/qtest/virtio-scsi-test.o
diff --git a/tests/qtest/libqos/vhost-user-blk.c 
b/tests/qtest/libqos/vhost-user-blk.c
new file mode 100644
index 00..ec46b7ddb4
--- /dev/null
+++ b/tests/qtest/libqos/vhost-user-blk.c
@@ -0,0 +1,126 @@
+/*
+ * libqos driver framework
+ *
+ * Copyright (c) 2018 Emanuele Giuseppe Esposito 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see 
+ */
+
+#include "qemu/osdep.h"
+#include "libqtest.h"
+#include "qemu/module.h"
+#include "standard-headers/linux/virtio_blk.h"
+#include "libqos/qgraph.h"
+#include "libqos/vhost-user-blk.h"
+
+#define PCI_SLOT0x04
+#define PCI_FN  0x00
+
+/* virtio-blk-device */
+static void *qvhost_user_blk_get_driver(QVhostUserBlk *v_blk,
+const char *interface)
+{
+if (!g_strcmp0(interface, "vhost-user-blk")) {
+return v_blk;
+}
+if (!g_strcmp0(interface, "virtio")) {
+return v_blk->vdev;
+}
+
+fprintf(stderr, "%s not present in vhost-user-blk-device\n", interface);
+g_assert_not_reached();
+}
+
+static void *qvhost_user_blk_device_get_driver(void *object,
+   const char *interface)
+{
+QVhostUserBlkDevice *v_blk = object;
+return qvhost_user_blk_get_driver(_blk->blk, interface);
+}
+
+static void *vhost_user_blk_device_create(void *virtio_dev,
+  QGuestAllocator *t_alloc,
+  void *addr)
+{
+QVhostUserBlkDevice *vhost_user_blk = g_new0(QVhostUserBlkDevice, 1);
+QVhostUserBlk *interface = _user_blk->blk;
+
+interface->vdev = virtio_dev;
+
+vhost_user_blk->obj.get_driver = qvhost_user_blk_device_get_driver;
+
+return _user_blk->obj;
+}
+
+/* virtio-blk-pci */
+static void *qvhost_user_blk_pci_get_driver(void *object, const char 
*interface)
+{
+QVhostUserBlkPCI *v_blk = object;
+if (!g_strcmp0(interface, "pci-device")) {
+return v_blk->pci_vdev.pdev;
+}
+return qvhost_user_blk_get_driver(_blk->blk, interface);
+}
+

[PATCH v4 3/5] vhost-user block device backend server

[Coiby Xu]

By making use of libvhost, multiple block device drives can be exported
and each drive can serve multiple clients simultaneously.
Since vhost-user-server needs a block drive to be created first, delay
the creation of this object.

Signed-off-by: Coiby Xu 
---
 Makefile.target  |   1 +
 backends/Makefile.objs   |   2 +
 backends/vhost-user-blk-server.c | 718 +++
 backends/vhost-user-blk-server.h |  21 +
 vl.c |   4 +
 5 files changed, 746 insertions(+)
 create mode 100644 backends/vhost-user-blk-server.c
 create mode 100644 backends/vhost-user-blk-server.h

diff --git a/Makefile.target b/Makefile.target
index 6e61f607b1..8c6c01eb3a 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -159,6 +159,7 @@ obj-y += monitor/
 obj-y += qapi/
 obj-y += memory.o
 obj-y += memory_mapping.o
+obj-$(CONFIG_LINUX) += ../contrib/libvhost-user/libvhost-user.o
 obj-y += migration/ram.o
 LIBS := $(libs_softmmu) $(LIBS)
 
diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index 28a847cd57..4e7be731e0 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -14,6 +14,8 @@ common-obj-y += cryptodev-vhost.o
 common-obj-$(CONFIG_VHOST_CRYPTO) += cryptodev-vhost-user.o
 endif
 
+common-obj-$(CONFIG_LINUX) += vhost-user-blk-server.o
+
 common-obj-$(call land,$(CONFIG_VHOST_USER),$(CONFIG_VIRTIO)) += vhost-user.o
 
 common-obj-$(CONFIG_LINUX) += hostmem-memfd.o
diff --git a/backends/vhost-user-blk-server.c b/backends/vhost-user-blk-server.c
new file mode 100644
index 00..1bf7f7b544
--- /dev/null
+++ b/backends/vhost-user-blk-server.c
@@ -0,0 +1,718 @@
+/*
+ * Sharing QEMU block devices via vhost-user protocal
+ *
+ * Author: Coiby Xu 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "block/block.h"
+#include "vhost-user-blk-server.h"
+#include "qapi/error.h"
+#include "qom/object_interfaces.h"
+#include "sysemu/block-backend.h"
+
+enum {
+VHOST_USER_BLK_MAX_QUEUES = 1,
+};
+struct virtio_blk_inhdr {
+unsigned char status;
+};
+
+static QTAILQ_HEAD(, VuBlockDev) vu_block_devs =
+ QTAILQ_HEAD_INITIALIZER(vu_block_devs);
+
+
+typedef struct VuBlockReq {
+VuVirtqElement *elem;
+int64_t sector_num;
+size_t size;
+struct virtio_blk_inhdr *in;
+struct virtio_blk_outhdr out;
+VuClient *client;
+struct VuVirtq *vq;
+} VuBlockReq;
+
+
+static void vu_block_req_complete(VuBlockReq *req)
+{
+VuDev *vu_dev = >client->parent;
+
+/* IO size with 1 extra status byte */
+vu_queue_push(vu_dev, req->vq, req->elem, req->size + 1);
+vu_queue_notify(vu_dev, req->vq);
+
+if (req->elem) {
+free(req->elem);
+}
+
+g_free(req);
+}
+
+static VuBlockDev *get_vu_block_device_by_client(VuClient *client)
+{
+return container_of(client->server->ptr_in_device, VuBlockDev, vu_server);
+}
+
+static int coroutine_fn
+vu_block_discard_write_zeroes(VuBlockReq *req, struct iovec *iov,
+  uint32_t iovcnt, uint32_t type)
+{
+struct virtio_blk_discard_write_zeroes desc;
+ssize_t size = iov_to_buf(iov, iovcnt, 0, , sizeof(desc));
+if (unlikely(size != sizeof(desc))) {
+error_report("Invalid size %ld, expect %ld", size, sizeof(desc));
+return -EINVAL;
+}
+
+VuBlockDev *vdev_blk = get_vu_block_device_by_client(req->client);
+uint64_t range[2] = { le64toh(desc.sector) << 9,
+  le32toh(desc.num_sectors) << 9 };
+if (type == VIRTIO_BLK_T_DISCARD) {
+if (blk_co_pdiscard(vdev_blk->backend, range[0], range[1]) == 0) {
+return 0;
+}
+} else if (type == VIRTIO_BLK_T_WRITE_ZEROES) {
+if (blk_co_pwrite_zeroes(vdev_blk->backend,
+ range[0], range[1], 0) == 0) {
+return 0;
+}
+}
+
+return -EINVAL;
+}
+
+
+static void coroutine_fn vu_block_flush(VuBlockReq *req)
+{
+VuBlockDev *vdev_blk = get_vu_block_device_by_client(req->client);
+BlockBackend *backend = vdev_blk->backend;
+blk_co_flush(backend);
+}
+
+
+static int coroutine_fn vu_block_virtio_process_req(VuClient *client,
+VuVirtq *vq)
+{
+VuDev *vu_dev = >parent;
+VuVirtqElement *elem;
+uint32_t type;
+VuBlockReq *req;
+
+VuBlockDev *vdev_blk = get_vu_block_device_by_client(client);
+BlockBackend *backend = vdev_blk->backend;
+elem = vu_queue_pop(vu_dev, vq, sizeof(VuVirtqElement) +
+sizeof(VuBlockReq));
+if (!elem) {
+return -1;
+}
+
+struct iovec *in_iov = elem->in_sg;
+struct iovec *out_iov = elem->out_sg;
+unsigned in_num = elem->in_num;
+unsigned out_num = elem->out_num;
+/* refer to hw/block/virtio_blk.c */
+if (elem->out_num < 1 || 

[PATCH v4 2/5] generic vhost user server

[Coiby Xu]

Sharing QEMU devices via vhost-user protocol

Signed-off-by: Coiby Xu 
---
 util/Makefile.objs   |   3 +
 util/vhost-user-server.c | 427 +++
 util/vhost-user-server.h |  56 +
 3 files changed, 486 insertions(+)
 create mode 100644 util/vhost-user-server.c
 create mode 100644 util/vhost-user-server.h

diff --git a/util/Makefile.objs b/util/Makefile.objs
index 11262aafaf..5e450e501c 100644
--- a/util/Makefile.objs
+++ b/util/Makefile.objs
@@ -36,6 +36,9 @@ util-obj-y += readline.o
 util-obj-y += rcu.o
 util-obj-$(CONFIG_MEMBARRIER) += sys_membarrier.o
 util-obj-y += qemu-coroutine.o qemu-coroutine-lock.o qemu-coroutine-io.o
+ifdef CONFIG_LINUX
+util-obj-y += vhost-user-server.o
+endif
 util-obj-y += qemu-coroutine-sleep.o
 util-obj-y += qemu-co-shared-resource.o
 util-obj-y += coroutine-$(CONFIG_COROUTINE_BACKEND).o
diff --git a/util/vhost-user-server.c b/util/vhost-user-server.c
new file mode 100644
index 00..70ff6d6701
--- /dev/null
+++ b/util/vhost-user-server.c
@@ -0,0 +1,427 @@
+/*
+ * Sharing QEMU devices via vhost-user protocol
+ *
+ * Author: Coiby Xu 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include 
+#include "qemu/main-loop.h"
+#include "vhost-user-server.h"
+
+static void vmsg_close_fds(VhostUserMsg *vmsg)
+{
+int i;
+for (i = 0; i < vmsg->fd_num; i++) {
+close(vmsg->fds[i]);
+}
+}
+
+static void vmsg_unblock_fds(VhostUserMsg *vmsg)
+{
+int i;
+for (i = 0; i < vmsg->fd_num; i++) {
+qemu_set_nonblock(vmsg->fds[i]);
+}
+}
+
+
+static void close_client(VuClient *client)
+{
+vu_deinit(>parent);
+client->sioc = NULL;
+object_unref(OBJECT(client->ioc));
+client->closed = true;
+
+}
+
+static void panic_cb(VuDev *vu_dev, const char *buf)
+{
+if (buf) {
+error_report("vu_panic: %s", buf);
+}
+
+VuClient *client = container_of(vu_dev, VuClient, parent);
+VuServer *server = client->server;
+if (!client->closed) {
+close_client(client);
+QTAILQ_REMOVE(>clients, client, next);
+}
+
+if (server->device_panic_notifier) {
+server->device_panic_notifier(client);
+}
+}
+
+
+
+static bool coroutine_fn
+vu_message_read(VuDev *vu_dev, int conn_fd, VhostUserMsg *vmsg)
+{
+struct iovec iov = {
+.iov_base = (char *)vmsg,
+.iov_len = VHOST_USER_HDR_SIZE,
+};
+int rc, read_bytes = 0;
+/*
+ * VhostUserMsg is a packed structure, gcc will complain about passing
+ * pointer to a packed structure member if we pass _num
+ * and  directly when calling qio_channel_readv_full,
+ * thus two temporary variables nfds and fds are used here.
+ */
+size_t nfds = 0, nfds_t = 0;
+int *fds = NULL, *fds_t = NULL;
+VuClient *client = container_of(vu_dev, VuClient, parent);
+QIOChannel *ioc = client->ioc;
+
+Error *erp;
+assert(qemu_in_coroutine());
+do {
+/*
+ * qio_channel_readv_full may have short reads, keeping calling it
+ * until getting VHOST_USER_HDR_SIZE or 0 bytes in total
+ */
+rc = qio_channel_readv_full(ioc, , 1, _t, _t, );
+if (rc < 0) {
+if (rc == QIO_CHANNEL_ERR_BLOCK) {
+qio_channel_yield(ioc, G_IO_IN);
+continue;
+} else {
+error_report("Error while recvmsg: %s", strerror(errno));
+return false;
+}
+}
+read_bytes += rc;
+fds = g_renew(int, fds_t, nfds + nfds_t);
+memcpy(fds + nfds, fds_t, nfds_t);
+nfds += nfds_t;
+if (read_bytes == VHOST_USER_HDR_SIZE || rc == 0) {
+break;
+}
+} while (true);
+
+vmsg->fd_num = nfds;
+memcpy(vmsg->fds, fds, nfds * sizeof(int));
+g_free(fds);
+/* qio_channel_readv_full will make socket fds blocking, unblock them */
+vmsg_unblock_fds(vmsg);
+if (vmsg->size > sizeof(vmsg->payload)) {
+error_report("Error: too big message request: %d, "
+ "size: vmsg->size: %u, "
+ "while sizeof(vmsg->payload) = %zu",
+ vmsg->request, vmsg->size, sizeof(vmsg->payload));
+goto fail;
+}
+
+struct iovec iov_payload = {
+.iov_base = (char *)>payload,
+.iov_len = vmsg->size,
+};
+if (vmsg->size) {
+rc = qio_channel_readv_all_eof(ioc, _payload, 1, );
+if (rc == -1) {
+error_report("Error while reading: %s", strerror(errno));
+goto fail;
+}
+}
+
+return true;
+
+fail:
+vmsg_close_fds(vmsg);
+
+return false;
+}
+
+
+static coroutine_fn void vu_client_next_trip(VuClient *client);
+
+static coroutine_fn void vu_client_trip(void *opaque)
+{
+VuClient *client = opaque;
+
+vu_dispatch(>parent);
+client->co_trip = NULL;
+if 

[PATCH v4 4/5] a standone-alone tool to directly share disk image file via vhost-user protocol

[Coiby Xu]

vhost-user-blk could have played as vhost-user backend but it only supports raw
file and don't support VIRTIO_BLK_T_DISCARD and VIRTIO_BLK_T_WRITE_ZEROES
operations on raw file (ioctl(fd, BLKDISCARD) is only valid for real
block device).

In the future Kevin's qemu-storage-daemon will be used to replace this
tool.

Signed-off-by: Coiby Xu 
---
 Makefile  |   4 +
 configure |   3 +
 qemu-vu.c | 252 ++
 3 files changed, 259 insertions(+)
 create mode 100644 qemu-vu.c

diff --git a/Makefile b/Makefile
index b5a7377cb1..74fb109675 100644
--- a/Makefile
+++ b/Makefile
@@ -572,6 +572,10 @@ qemu-img.o: qemu-img-cmds.h
 
 qemu-img$(EXESUF): qemu-img.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) 
$(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
 qemu-nbd$(EXESUF): qemu-nbd.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) 
$(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
+
+ifdef CONFIG_LINUX
+qemu-vu$(EXESUF): qemu-vu.o backends/vhost-user-blk-server.o $(authz-obj-y) 
$(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS) 
libvhost-user.a
+endif
 qemu-io$(EXESUF): qemu-io.o $(authz-obj-y) $(block-obj-y) $(crypto-obj-y) 
$(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
 
 qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o $(COMMON_LDADDS)
diff --git a/configure b/configure
index 6f5d850949..2b846cecf0 100755
--- a/configure
+++ b/configure
@@ -6239,6 +6239,9 @@ if test "$want_tools" = "yes" ; then
   if [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" ] ; then
 tools="qemu-nbd\$(EXESUF) $tools"
   fi
+  if [ "$linux" = "yes" ] ; then
+tools="qemu-vu\$(EXESUF) $tools"
+  fi
   if [ "$ivshmem" = "yes" ]; then
 tools="ivshmem-client\$(EXESUF) ivshmem-server\$(EXESUF) $tools"
   fi
diff --git a/qemu-vu.c b/qemu-vu.c
new file mode 100644
index 00..dd1032b205
--- /dev/null
+++ b/qemu-vu.c
@@ -0,0 +1,252 @@
+/*
+ *  Copyright (C) 2020  Coiby Xu 
+ *
+ *  standone-alone vhost-user-blk device server backend
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; under version 2 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include 
+#include 
+#include "backends/vhost-user-blk-server.h"
+#include "block/block_int.h"
+#include "io/net-listener.h"
+#include "qapi/error.h"
+#include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qstring.h"
+#include "qemu/config-file.h"
+#include "qemu/cutils.h"
+#include "qemu/main-loop.h"
+#include "qemu/module.h"
+#include "qemu/option.h"
+#include "qemu-common.h"
+#include "qemu-version.h"
+#include "qom/object_interfaces.h"
+#include "sysemu/block-backend.h"
+#define QEMU_VU_OPT_CACHE 256
+#define QEMU_VU_OPT_AIO   257
+#define QEMU_VU_OBJ_ID   "vu_disk"
+static QemuOptsList qemu_object_opts = {
+.name = "object",
+.implied_opt_name = "qom-type",
+.head = QTAILQ_HEAD_INITIALIZER(qemu_object_opts.head),
+.desc = {
+{ }
+},
+};
+static char *srcpath;
+
+static void usage(const char *name)
+{
+(printf) (
+"Usage: %s [OPTIONS] FILE\n"
+"  or:  %s -L [OPTIONS]\n"
+"QEMU Vhost-user Server Utility\n"
+"\n"
+"  -h, --helpdisplay this help and exit\n"
+"  -V, --version output version information and exit\n"
+"\n"
+"Connection properties:\n"
+"  -k, --socket=PATH path to the unix socket\n"
+"\n"
+"General purpose options:\n"
+"  -e, -- exit-panic When the panic callback is called, the program\n"
+"will exit. Useful for make check-qtest.\n"
+"\n"
+"Block device options:\n"
+"  -f, --format=FORMAT   set image format (raw, qcow2, ...)\n"
+"  -r, --read-only   export read-only\n"
+"  -n, --nocache disable host cache\n"
+"  --cache=MODE  set cache mode (none, writeback, ...)\n"
+"  --aio=MODEset AIO mode (native or threads)\n"
+"\n"
+QEMU_HELP_BOTTOM "\n"
+, name, name);
+}
+
+static void version(const char *name)
+{
+printf(
+"%s " QEMU_FULL_VERSION "\n"
+"Written by Coiby Xu, based on qemu-nbd by Anthony Liguori\n"
+"\n"
+QEMU_COPYRIGHT "\n"
+"This is free software; see the source for copying conditions.  There is NO\n"
+"warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n"
+, name);
+}
+
+static VuBlockDev *vu_block_device;
+
+static void vus_shutdown(void)
+{
+
+Error *local_err = NULL;
+job_cancel_sync_all();
+bdrv_close_all();
+user_creatable_del(QEMU_VU_OBJ_ID, _err);
+}
+

[PATCH v4 1/5] extend libvhost to support IOThread and coroutine

[Coiby Xu]

Previously libvhost dispatch events in its own GMainContext. Now vhost-user
client's kick event can be dispatched in block device drive's AioContext
thus IOThread is supported. And also allow vu_message_read and
vu_kick_cb to be replaced so QEMU can run them as coroutines.

Signed-off-by: Coiby Xu 
---
 contrib/libvhost-user/libvhost-user.c | 54 ---
 contrib/libvhost-user/libvhost-user.h | 38 ++-
 2 files changed, 85 insertions(+), 7 deletions(-)

diff --git a/contrib/libvhost-user/libvhost-user.c 
b/contrib/libvhost-user/libvhost-user.c
index b89bf18501..f95664bb22 100644
--- a/contrib/libvhost-user/libvhost-user.c
+++ b/contrib/libvhost-user/libvhost-user.c
@@ -67,8 +67,6 @@
 /* The version of inflight buffer */
 #define INFLIGHT_VERSION 1
 
-#define VHOST_USER_HDR_SIZE offsetof(VhostUserMsg, payload.u64)
-
 /* The version of the protocol we support */
 #define VHOST_USER_VERSION 1
 #define LIBVHOST_USER_DEBUG 0
@@ -260,7 +258,7 @@ have_userfault(void)
 }
 
 static bool
-vu_message_read(VuDev *dev, int conn_fd, VhostUserMsg *vmsg)
+vu_message_read_(VuDev *dev, int conn_fd, VhostUserMsg *vmsg)
 {
 char control[CMSG_SPACE(VHOST_MEMORY_MAX_NREGIONS * sizeof(int))] = { };
 struct iovec iov = {
@@ -328,6 +326,17 @@ fail:
 return false;
 }
 
+static bool vu_message_read(VuDev *dev, int conn_fd, VhostUserMsg *vmsg)
+{
+vu_read_msg_cb read_msg;
+if (dev->co_iface) {
+read_msg = dev->co_iface->read_msg;
+} else {
+read_msg = vu_message_read_;
+}
+return read_msg(dev, conn_fd, vmsg);
+}
+
 static bool
 vu_message_write(VuDev *dev, int conn_fd, VhostUserMsg *vmsg)
 {
@@ -1075,9 +1084,14 @@ vu_set_vring_kick_exec(VuDev *dev, VhostUserMsg *vmsg)
 }
 
 if (dev->vq[index].kick_fd != -1 && dev->vq[index].handler) {
+if (dev->set_watch_packed_data) {
+dev->set_watch_packed_data(dev, dev->vq[index].kick_fd, 
VU_WATCH_IN,
+   dev->co_iface->kick_callback,
+   (void *)(long)index);
+} else {
 dev->set_watch(dev, dev->vq[index].kick_fd, VU_WATCH_IN,
vu_kick_cb, (void *)(long)index);
-
+}
 DPRINT("Waiting for kicks on fd: %d for vq: %d\n",
dev->vq[index].kick_fd, index);
 }
@@ -1097,8 +,14 @@ void vu_set_queue_handler(VuDev *dev, VuVirtq *vq,
 vq->handler = handler;
 if (vq->kick_fd >= 0) {
 if (handler) {
+if (dev->set_watch_packed_data) {
+dev->set_watch_packed_data(dev, vq->kick_fd, VU_WATCH_IN,
+   dev->co_iface->kick_callback,
+   (void *)(long)qidx);
+} else {
 dev->set_watch(dev, vq->kick_fd, VU_WATCH_IN,
vu_kick_cb, (void *)(long)qidx);
+}
 } else {
 dev->remove_watch(dev, vq->kick_fd);
 }
@@ -1627,6 +1647,12 @@ vu_deinit(VuDev *dev)
 }
 
 if (vq->kick_fd != -1) {
+/* remove watch for kick_fd
+ * When client process is running in gdb and
+ * quit command is run in gdb, QEMU will still dispatch the event
+ * which will cause segment fault in the callback function
+ */
+dev->remove_watch(dev, vq->kick_fd);
 close(vq->kick_fd);
 vq->kick_fd = -1;
 }
@@ -1682,7 +1708,7 @@ vu_init(VuDev *dev,
 
 assert(max_queues > 0);
 assert(socket >= 0);
-assert(set_watch);
+/* assert(set_watch); */
 assert(remove_watch);
 assert(iface);
 assert(panic);
@@ -1715,6 +1741,24 @@ vu_init(VuDev *dev,
 return true;
 }
 
+bool
+vu_init_packed_data(VuDev *dev,
+uint16_t max_queues,
+int socket,
+vu_panic_cb panic,
+vu_set_watch_cb_packed_data set_watch_packed_data,
+vu_remove_watch_cb remove_watch,
+const VuDevIface *iface,
+const CoIface *co_iface)
+{
+if (vu_init(dev, max_queues, socket, panic, NULL, remove_watch, iface)) {
+dev->set_watch_packed_data = set_watch_packed_data;
+dev->co_iface = co_iface;
+return true;
+}
+return false;
+}
+
 VuVirtq *
 vu_get_queue(VuDev *dev, int qidx)
 {
diff --git a/contrib/libvhost-user/libvhost-user.h 
b/contrib/libvhost-user/libvhost-user.h
index 5cb7708559..6aadeaa0f2 100644
--- a/contrib/libvhost-user/libvhost-user.h
+++ b/contrib/libvhost-user/libvhost-user.h
@@ -30,6 +30,8 @@
 
 #define VHOST_MEMORY_MAX_NREGIONS 8
 
+#define VHOST_USER_HDR_SIZE offsetof(VhostUserMsg, payload.u64)
+
 typedef enum VhostSetConfigType {
 VHOST_SET_CONFIG_TYPE_MASTER = 0,
 VHOST_SET_CONFIG_TYPE_MIGRATION = 1,
@@ -201,6 +203,7 @@ typedef uint64_t (*vu_get_features_cb) (VuDev *dev);
 typedef void (*vu_set_features_cb) (VuDev *dev, uint64_t features);
 typedef int (*vu_process_msg_cb) (VuDev *dev, 

[PATCH v4 0/5] vhost-user block device backend implementation

[Coiby Xu]

v4:
 * add object properties in class_init
 * relocate vhost-user-blk-test
 * other changes including using SocketAddress, coding style, etc.

v3:
 * separate generic vhost-user-server code from vhost-user-blk-server
   code
 * re-write vu_message_read and kick hander function as coroutines to
   directly call blk_co_preadv, blk_co_pwritev, etc.
 * add aio_context notifier functions to support multi-threading model
 * other fixes regarding coding style, warning report, etc.

v2:
 * Only enable this feauture for Linux because eventfd is a Linux-specific
   feature


This patch series is an implementation of vhost-user block device
backend server, thanks to Stefan and Kevin's guidance.

Vhost-user block device backend server is a UserCreatable object and can be
started using object_add,

 (qemu) object_add 
vhost-user-blk-server,id=ID,unix-socket=/tmp/vhost-user-blk_vhost.socket,node-name=DRIVE_NAME,writable=off,blk-size=512
 (qemu) object_del ID

or appending the "-object" option when starting QEMU,

  $ -object 
vhost-user-blk-server,id=disk,unix-socket=/tmp/vhost-user-blk_vhost.socket,node-name=DRIVE_NAME,writable=off,blk-size=512

Then vhost-user client can connect to the server backend.
For example, QEMU could act as a client,

  $ -m 256 -object memory-backend-memfd,id=mem,size=256M,share=on -numa 
node,memdev=mem -chardev socket,id=char1,path=/tmp/vhost-user-blk_vhost.socket 
-device vhost-user-blk-pci,id=blk0,chardev=char1

And guest OS could access this vhost-user block device after mouting it.

Coiby Xu (5):
  extend libvhost to support IOThread and coroutine
  generic vhost user server
  vhost-user block device backend server
  a standone-alone tool to directly share disk image file via vhost-user
protocol
  new qTest case to test the vhost-user-blk-server

 Makefile  |   4 +
 Makefile.target   |   1 +
 backends/Makefile.objs|   2 +
 backends/vhost-user-blk-server.c  | 718 ++
 backends/vhost-user-blk-server.h  |  21 +
 configure |   3 +
 contrib/libvhost-user/libvhost-user.c |  54 +-
 contrib/libvhost-user/libvhost-user.h |  38 +-
 qemu-vu.c | 252 +
 tests/Makefile.include|   3 +-
 tests/qtest/Makefile.include  |   2 +
 tests/qtest/libqos/vhost-user-blk.c   | 126 +
 tests/qtest/libqos/vhost-user-blk.h   |  44 ++
 tests/qtest/vhost-user-blk-test.c | 694 +
 util/Makefile.objs|   3 +
 util/vhost-user-server.c  | 427 +++
 util/vhost-user-server.h  |  56 ++
 vl.c  |   4 +
 18 files changed, 2444 insertions(+), 8 deletions(-)
 create mode 100644 backends/vhost-user-blk-server.c
 create mode 100644 backends/vhost-user-blk-server.h
 create mode 100644 qemu-vu.c
 create mode 100644 tests/qtest/libqos/vhost-user-blk.c
 create mode 100644 tests/qtest/libqos/vhost-user-blk.h
 create mode 100644 tests/qtest/vhost-user-blk-test.c
 create mode 100644 util/vhost-user-server.c
 create mode 100644 util/vhost-user-server.h

--
2.25.0

[Bug 1836501] Re: cpu_address_space_init fails with assertion

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1836501

Title:
  cpu_address_space_init fails with assertion

Status in QEMU:
  Expired

Bug description:
  qemu-system-arm does not start with version >= 2.6 and KVM enabled.

cpu_address_space_init: Assertion `asidx == 0 || !kvm_enabled()'
  failed.

  Hardware is Odroid XU4 with Exynos with 4.9.61+ Tested with Debian
  Stretch (9) or Buster (10).

  Without KVM it is running fine but slow. I'm operating Debian Jessie
  with qemu 2.1 for a long time with KVM virtualization working
  flawlessly. When I upgraded to Stretch I ran into the trouble
  described before. I tried Debian Stretch and Buster with all Kernels
  provided by the Board manufacturer (Hardkernel).

  It seems to be related to the feature introduced in Version 2.6:
  https://wiki.qemu.org/ChangeLog/2.6
  - Support for a separate EL3 address space

  KVM is enabled, so I assume the adress space index asidx to be causing
  the assert to fail.

  dmesg | grep -i KVM
  [0.741714] kvm [1]: 8-bit VMID
  [0.741721] kvm [1]: IDMAP page: 40201000
  [0.741729] kvm [1]: HYP VA range: c000:
  [0.742543] kvm [1]: Hyp mode initialized successfully
  [0.742600] kvm [1]: vgic-v2@10484000
  [0.742924] kvm [1]: vgic interrupt IRQ16
  [0.742943] kvm [1]: virtual timer IRQ60

  Full command line is:
  qemu-system-arm -M vexpress-a15 -smp 2 -m 512 -cpu host -enable-kvm -kernel 
vmlinuz -initrd initrd.gz -dtb vexpress-v2p-ca15-tc1.dtb -device 
virtio-blk-device,drive=inst-blk -drive 
file=PATHTOFILE,id=inst-blk,if=none,format=raw -append "vga=normal rw 
console=ttyAMA0" -nographic

  Is there anything to do to understand, if this is a hardware related
  failure or probably just a missing parameter?

  Regards

  Lutz

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1836501/+subscriptions

[PATCH v4 1/3] target/arm: Support SError injection

[Gavin Shan]

This supports SError injection, which will be used by "virt" board to
simulating the behavior of NMI injection in next patch. As Peter Maydell
suggested, this adds a new interrupt (ARM_CPU_SERROR), which is parallel
to CPU_INTERRUPT_HARD. The backend depends on if kvm is enabled or not.
kvm_vcpu_ioctl(cpu, KVM_SET_VCPU_EVENTS) is leveraged to inject SError
or data abort to guest. When TCG is enabled, the behavior is simulated
by injecting SError and data abort to guest.

Signed-off-by: Gavin Shan 
---
 target/arm/cpu.c  | 69 +++
 target/arm/cpu.h  | 20 -
 target/arm/helper.c   | 12 
 target/arm/m_helper.c |  8 +
 target/arm/machine.c  |  3 +-
 5 files changed, 91 insertions(+), 21 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index de733aceeb..e5750080bc 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -78,7 +78,7 @@ static bool arm_cpu_has_work(CPUState *cs)
 && cs->interrupt_request &
 (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD
  | CPU_INTERRUPT_VFIQ | CPU_INTERRUPT_VIRQ
- | CPU_INTERRUPT_EXITTB);
+ | CPU_INTERRUPT_SERROR | CPU_INTERRUPT_EXITTB);
 }
 
 void arm_register_pre_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
@@ -449,6 +449,9 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned 
int excp_idx,
 return false;
 }
 return !(env->daif & PSTATE_I);
+case EXCP_SERROR:
+   pstate_unmasked = !(env->daif & PSTATE_A);
+   break;
 default:
 g_assert_not_reached();
 }
@@ -538,6 +541,15 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 
 /* The prioritization of interrupts is IMPLEMENTATION DEFINED. */
 
+if (interrupt_request & CPU_INTERRUPT_SERROR) {
+excp_idx = EXCP_SERROR;
+target_el = arm_phys_excp_target_el(cs, excp_idx, cur_el, secure);
+if (arm_excp_unmasked(cs, excp_idx, target_el,
+  cur_el, secure, hcr_el2)) {
+goto found;
+}
+}
+
 if (interrupt_request & CPU_INTERRUPT_FIQ) {
 excp_idx = EXCP_FIQ;
 target_el = arm_phys_excp_target_el(cs, excp_idx, cur_el, secure);
@@ -570,6 +582,7 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 goto found;
 }
 }
+
 return false;
 
  found:
@@ -585,7 +598,7 @@ static bool arm_v7m_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 CPUClass *cc = CPU_GET_CLASS(cs);
 ARMCPU *cpu = ARM_CPU(cs);
 CPUARMState *env = >env;
-bool ret = false;
+uint32_t excp_idx;
 
 /* ARMv7-M interrupt masking works differently than -A or -R.
  * There is no FIQ/IRQ distinction. Instead of I and F bits
@@ -594,13 +607,26 @@ static bool arm_v7m_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
  * (which depends on state like BASEPRI, FAULTMASK and the
  * currently active exception).
  */
-if (interrupt_request & CPU_INTERRUPT_HARD
-&& (armv7m_nvic_can_take_pending_exception(env->nvic))) {
-cs->exception_index = EXCP_IRQ;
-cc->do_interrupt(cs);
-ret = true;
+if (!armv7m_nvic_can_take_pending_exception(env->nvic)) {
+return false;
+}
+
+if (interrupt_request & CPU_INTERRUPT_SERROR) {
+excp_idx = EXCP_SERROR;
+goto found;
+}
+
+if (interrupt_request & CPU_INTERRUPT_HARD) {
+excp_idx = EXCP_IRQ;
+goto found;
 }
-return ret;
+
+return false;
+
+found:
+cs->exception_index = excp_idx;
+cc->do_interrupt(cs);
+return true;
 }
 #endif
 
@@ -656,7 +682,8 @@ static void arm_cpu_set_irq(void *opaque, int irq, int 
level)
 [ARM_CPU_IRQ] = CPU_INTERRUPT_HARD,
 [ARM_CPU_FIQ] = CPU_INTERRUPT_FIQ,
 [ARM_CPU_VIRQ] = CPU_INTERRUPT_VIRQ,
-[ARM_CPU_VFIQ] = CPU_INTERRUPT_VFIQ
+[ARM_CPU_VFIQ] = CPU_INTERRUPT_VFIQ,
+[ARM_CPU_SERROR] = CPU_INTERRUPT_SERROR,
 };
 
 if (level) {
@@ -676,6 +703,7 @@ static void arm_cpu_set_irq(void *opaque, int irq, int 
level)
 break;
 case ARM_CPU_IRQ:
 case ARM_CPU_FIQ:
+case ARM_CPU_SERROR:
 if (level) {
 cpu_interrupt(cs, mask[irq]);
 } else {
@@ -693,8 +721,10 @@ static void arm_cpu_kvm_set_irq(void *opaque, int irq, int 
level)
 ARMCPU *cpu = opaque;
 CPUARMState *env = >env;
 CPUState *cs = CPU(cpu);
+struct kvm_vcpu_events events;
 uint32_t linestate_bit;
 int irq_id;
+bool inject_irq = true;
 
 switch (irq) {
 case ARM_CPU_IRQ:
@@ -705,6 +735,14 @@ static void arm_cpu_kvm_set_irq(void *opaque, int irq, int 
level)
 irq_id = KVM_ARM_IRQ_CPU_FIQ;
 linestate_bit = CPU_INTERRUPT_FIQ;
 break;
+case ARM_CPU_SERROR:
+if (!kvm_has_vcpu_events()) {
+return;
+}
+
+inject_irq = false;
+linestate_bit = CPU_INTERRUPT_SERROR;
+

[PATCH v4 3/3] hw/arm/virt: Simulate NMI injection

[Gavin Shan]

This implements the backend to support HMP/QMP "nmi" command, which is
used to inject NMI interrupt to crash guest for debugging purpose. As
ARM architecture doesn't have NMI supported, so we're simulating the
behaviour by injecting SError or data abort to guest for "virt" board.

An additonal IRQ line is introduced for SError on each CPU. The IRQ line
is connected to SError exception handler. The IRQ line on CPU#0 is raised
when HMP/QMP "nmi" is issued to inject SError or data abort to crash guest.
Note the IRQ line can be shared with other devices who want to have the
capability of reporting errors in future.

Signed-off-by: Gavin Shan 
---
 hw/arm/virt.c  | 34 +-
 hw/intc/arm_gic_common.c   |  3 +++
 hw/intc/arm_gicv3_common.c |  3 +++
 include/hw/intc/arm_gic_common.h   |  1 +
 include/hw/intc/arm_gicv3_common.h |  1 +
 5 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index f788fe27d6..78549faa75 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -71,6 +71,8 @@
 #include "hw/mem/pc-dimm.h"
 #include "hw/mem/nvdimm.h"
 #include "hw/acpi/generic_event_device.h"
+#include "sysemu/hw_accel.h"
+#include "hw/nmi.h"
 
 #define DEFINE_VIRT_MACHINE_LATEST(major, minor, latest) \
 static void virt_##major##_##minor##_class_init(ObjectClass *oc, \
@@ -690,7 +692,7 @@ static void create_gic(VirtMachineState *vms)
 } else if (vms->virt) {
 qemu_irq irq = qdev_get_gpio_in(vms->gic,
 ppibase + ARCH_GIC_MAINT_IRQ);
-sysbus_connect_irq(gicbusdev, i + 4 * smp_cpus, irq);
+sysbus_connect_irq(gicbusdev, i + 5 * smp_cpus, irq);
 }
 
 qdev_connect_gpio_out_named(cpudev, "pmu-interrupt", 0,
@@ -704,6 +706,8 @@ static void create_gic(VirtMachineState *vms)
qdev_get_gpio_in(cpudev, ARM_CPU_VIRQ));
 sysbus_connect_irq(gicbusdev, i + 3 * smp_cpus,
qdev_get_gpio_in(cpudev, ARM_CPU_VFIQ));
+sysbus_connect_irq(gicbusdev, i + 4 * smp_cpus,
+   qdev_get_gpio_in(cpudev, ARM_CPU_SERROR));
 }
 
 fdt_add_gic_node(vms);
@@ -2026,10 +2030,36 @@ static int virt_kvm_type(MachineState *ms, const char 
*type_str)
 return requested_pa_size > 40 ? requested_pa_size : 0;
 }
 
+
+static void do_inject_serror(CPUState *cpu, run_on_cpu_data data)
+{
+VirtMachineState *vms = data.host_ptr;
+GICv3State *gicv3;
+GICState *gicv2;
+
+cpu_synchronize_state(cpu);
+
+if (vms->gic_version == 3) {
+gicv3 = ARM_GICV3_COMMON(OBJECT(vms->gic));
+qemu_irq_raise(gicv3->cpu[0].parent_serror);
+} else {
+gicv2 = ARM_GIC_COMMON(OBJECT(vms->gic));
+qemu_irq_raise(gicv2->parent_serror[0]);
+}
+}
+
+static void virt_inject_serror(NMIState *n, int cpu_index, Error **errp)
+{
+VirtMachineState *vms = VIRT_MACHINE(n);
+
+async_run_on_cpu(first_cpu, do_inject_serror, RUN_ON_CPU_HOST_PTR(vms));
+}
+
 static void virt_machine_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
+NMIClass *nc = NMI_CLASS(oc);
 
 mc->init = machvirt_init;
 /* Start with max_cpus set to 512, which is the maximum supported by KVM.
@@ -2058,6 +2088,7 @@ static void virt_machine_class_init(ObjectClass *oc, void 
*data)
 hc->unplug_request = virt_machine_device_unplug_request_cb;
 mc->numa_mem_supported = true;
 mc->auto_enable_numa_with_memhp = true;
+nc->nmi_monitor_handler = virt_inject_serror;
 }
 
 static void virt_instance_init(Object *obj)
@@ -2141,6 +2172,7 @@ static const TypeInfo virt_machine_info = {
 .instance_init = virt_instance_init,
 .interfaces = (InterfaceInfo[]) {
  { TYPE_HOTPLUG_HANDLER },
+ { TYPE_NMI },
  { }
 },
 };
diff --git a/hw/intc/arm_gic_common.c b/hw/intc/arm_gic_common.c
index e6c4fe7a5a..f39cefdeea 100644
--- a/hw/intc/arm_gic_common.c
+++ b/hw/intc/arm_gic_common.c
@@ -155,6 +155,9 @@ void gic_init_irqs_and_mmio(GICState *s, qemu_irq_handler 
handler,
 for (i = 0; i < s->num_cpu; i++) {
 sysbus_init_irq(sbd, >parent_vfiq[i]);
 }
+for (i = 0; i < s->num_cpu; i++) {
+sysbus_init_irq(sbd, >parent_serror[i]);
+}
 if (s->virt_extn) {
 for (i = 0; i < s->num_cpu; i++) {
 sysbus_init_irq(sbd, >maintenance_irq[i]);
diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
index 58ef65f589..19a04449a0 100644
--- a/hw/intc/arm_gicv3_common.c
+++ b/hw/intc/arm_gicv3_common.c
@@ -288,6 +288,9 @@ void gicv3_init_irqs_and_mmio(GICv3State *s, 
qemu_irq_handler handler,
 for (i = 0; i < s->num_cpu; i++) {
 sysbus_init_irq(sbd, >cpu[i].parent_vfiq);
 }
+for (i = 0; i < s->num_cpu; i++) {
+sysbus_init_irq(sbd, >cpu[i].parent_serror);
+}
 
 

[PATCH v4 0/3] hw/arm/virt: Simulate NMI Injection

[Gavin Shan]

This series simulates the behavior of receiving NMI interrupt for "virt"
board. First of all, a new interrupt (SError) is supported for each CPU.
The backend is either sending error events through kvm module or emulating
the bahavior when TCG is enabled. The outcome is SError or data abort is
raised to crash guest. In the mean while, the virtual SError interrupt is
also supported, but there is no users yet.

For GICv2 or GICv3, a new IRQ line is added for each CPU and it's connected
to the (above) introduced SError interrupt. The IRQ line of CPU#0 is raised
when HMP/QMP "nmi" is issued, to crash the guest.

Testing
===

After the HMP/QMP "nmi" is issued in the following 4 environment, the guest is
crashed as expected.

   Accel Mode  CrashedParameter
   
   kvm   aarch64   yes-machine virt -cpu host
   kvm   aarch32(cortex-a15)   yes-machine virt -cpu 
host,aarch64=off
   tcg   aarch64   yes-machine virt -cpu max
   tcg   aarch32(cortex-a15)   yes-machine virt -cpu cortex-a15

Changelog
=
v4:
   * Correct the flag in arm_cpu_has_work()   (Richard Henderson)
   * Check CPU_INTERRUPT_SERROR in arm_cpu_exec_interrupt()
 and arm_v7m_cpu_exec_interrupt() (Richard Henderson)
   * Introduce ARM_CPU_NUM_IRQ to make the code of initializing
 the CPU's inbound IRQ lines atomic   (Richard Henderson)
   * Correct comments about ARM_CPU_IRQ   (Richard Henderson)
   * Update ISR.EL1 with SError state (Gavin Shan)
   * Include SError state during migration(Gavin Shan)
   * Added PATCH[2/3] to support VSError injection(Marc Zyngier)
v3:
   * Support SError injection for aarch32 (Richard Henderson)
   * Export the SError injection through IRQ line (Peter Maydell)
   * Removed RFC tag as it seems in correct track (Gavin Shan)
v2:
   * Redesigned to fully exploit SError interrupt

Gavin Shan (3):
  target/arm: Support SError injection
  target/arm: Support VSError injection
  hw/arm/virt: Simulate NMI injection

 hw/arm/virt.c  |  34 -
 hw/intc/arm_gic_common.c   |   3 +
 hw/intc/arm_gicv3_common.c |   3 +
 include/hw/intc/arm_gic_common.h   |   1 +
 include/hw/intc/arm_gicv3_common.h |   1 +
 target/arm/cpu.c   | 113 ++---
 target/arm/cpu.h   |  23 --
 target/arm/helper.c|  30 
 target/arm/internals.h |  10 +++
 target/arm/m_helper.c  |   8 ++
 target/arm/machine.c   |   3 +-
 11 files changed, 208 insertions(+), 21 deletions(-)

-- 
2.23.0

[PATCH v4 2/3] target/arm: Support VSError injection

[Gavin Shan]

This supports virtual SError injection, which can be used to inject
SError to guest running on the emulated hypervisor. The functionality
is enabled only when we're in non-secured mode and {HCR.TGE, HCR.AMO}
are set to {0, 1}. Also, it can be masked by PState.A bit. Apart from
that, the implementation is similar to VFIQ.

Signed-off-by: Gavin Shan 
---
 target/arm/cpu.c   | 48 +-
 target/arm/cpu.h   | 13 +++-
 target/arm/helper.c| 20 +-
 target/arm/internals.h | 10 +
 target/arm/machine.c   |  2 +-
 5 files changed, 85 insertions(+), 8 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index e5750080bc..5969674941 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -78,7 +78,8 @@ static bool arm_cpu_has_work(CPUState *cs)
 && cs->interrupt_request &
 (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD
  | CPU_INTERRUPT_VFIQ | CPU_INTERRUPT_VIRQ
- | CPU_INTERRUPT_SERROR | CPU_INTERRUPT_EXITTB);
+ | CPU_INTERRUPT_SERROR | CPU_INTERRUPT_VSERROR
+ | CPU_INTERRUPT_EXITTB);
 }
 
 void arm_register_pre_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
@@ -452,6 +453,12 @@ static inline bool arm_excp_unmasked(CPUState *cs, 
unsigned int excp_idx,
 case EXCP_SERROR:
pstate_unmasked = !(env->daif & PSTATE_A);
break;
+case EXCP_VSERROR:
+if (secure || !(hcr_el2 & HCR_AMO) || (hcr_el2 & HCR_TGE)) {
+/* VSError is only taken when hypervized and non-secure.  */
+return false;
+}
+return !(env->daif & PSTATE_A);
 default:
 g_assert_not_reached();
 }
@@ -550,6 +557,15 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 }
 }
 
+if (interrupt_request & CPU_INTERRUPT_VSERROR) {
+excp_idx = EXCP_VSERROR;
+target_el = 1;
+if (arm_excp_unmasked(cs, excp_idx, target_el,
+  cur_el, secure, hcr_el2)) {
+goto found;
+}
+}
+
 if (interrupt_request & CPU_INTERRUPT_FIQ) {
 excp_idx = EXCP_FIQ;
 target_el = arm_phys_excp_target_el(cs, excp_idx, cur_el, secure);
@@ -558,6 +574,7 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 goto found;
 }
 }
+
 if (interrupt_request & CPU_INTERRUPT_HARD) {
 excp_idx = EXCP_IRQ;
 target_el = arm_phys_excp_target_el(cs, excp_idx, cur_el, secure);
@@ -566,6 +583,7 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 goto found;
 }
 }
+
 if (interrupt_request & CPU_INTERRUPT_VIRQ) {
 excp_idx = EXCP_VIRQ;
 target_el = 1;
@@ -574,6 +592,7 @@ bool arm_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 goto found;
 }
 }
+
 if (interrupt_request & CPU_INTERRUPT_VFIQ) {
 excp_idx = EXCP_VFIQ;
 target_el = 1;
@@ -672,6 +691,28 @@ void arm_cpu_update_vfiq(ARMCPU *cpu)
 }
 }
 
+void arm_cpu_update_vserror(ARMCPU *cpu)
+{
+/*
+ * Update the interrupt level for virtual SError, which is the logical
+ * OR of the HCR_EL2.VSE bit and the input line level from the GIC.
+ */
+CPUARMState *env = >env;
+CPUState *cs = CPU(cpu);
+
+bool new_state = (env->cp15.hcr_el2 & HCR_VSE) ||
+(env->irq_line_state & CPU_INTERRUPT_VSERROR);
+
+if (new_state != ((cs->interrupt_request & CPU_INTERRUPT_VSERROR) != 0)) {
+if (new_state) {
+cpu_interrupt(cs, CPU_INTERRUPT_VSERROR);
+} else {
+cpu_reset_interrupt(cs, CPU_INTERRUPT_VSERROR);
+}
+}
+}
+
+
 #ifndef CONFIG_USER_ONLY
 static void arm_cpu_set_irq(void *opaque, int irq, int level)
 {
@@ -684,6 +725,7 @@ static void arm_cpu_set_irq(void *opaque, int irq, int 
level)
 [ARM_CPU_VIRQ] = CPU_INTERRUPT_VIRQ,
 [ARM_CPU_VFIQ] = CPU_INTERRUPT_VFIQ,
 [ARM_CPU_SERROR] = CPU_INTERRUPT_SERROR,
+[ARM_CPU_VSERROR] = CPU_INTERRUPT_VSERROR,
 };
 
 if (level) {
@@ -710,6 +752,10 @@ static void arm_cpu_set_irq(void *opaque, int irq, int 
level)
 cpu_reset_interrupt(cs, mask[irq]);
 }
 break;
+case ARM_CPU_VSERROR:
+assert(arm_feature(env, ARM_FEATURE_EL2));
+arm_cpu_update_vserror(cpu);
+break;
 default:
 g_assert_not_reached();
 }
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 23e9f7ee2d..30056c6dbc 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -50,6 +50,7 @@
 #define EXCP_LSERR  21   /* v8M LSERR SecureFault */
 #define EXCP_UNALIGNED  22   /* v7M UNALIGNED UsageFault */
 #define EXCP_SERROR 23   /* SError Interrupt */
+#define EXCP_VSERROR24   /* Virtual SError Interrupt */
 /* NB: add new EXCP_ defines to the array in arm_log_exception() too */
 
 #define ARMV7M_EXCP_RESET   1
@@ -80,10 +81,11 @@ enum {
 };
 
 /* 

[Bug 1863678] [NEW] qemu and virtio-vga black screen in Android

[matthew]

Public bug reported:

QEMU emulator version 4.2.50

kernel 5.3.0-29-generic
host Ubuntu 19.10
guest: Android 8.1

While trying to compile I get the following error

qemu/slirp/src/misc.c:146: undefined reference to
`g_spawn_async_with_fds'

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: compilation misc.c

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1863678

Title:
  qemu and virtio-vga black screen in Android

Status in QEMU:
  New

Bug description:
  QEMU emulator version 4.2.50

  kernel 5.3.0-29-generic
  host Ubuntu 19.10
  guest: Android 8.1

  While trying to compile I get the following error

  qemu/slirp/src/misc.c:146: undefined reference to
  `g_spawn_async_with_fds'

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1863678/+subscriptions

[PATCH v4] Implement the Screamer sound chip for the mac99 machine type

[John Arbuckle]

This patch enables the playback of audio on a Mac OS 9 or Mac OS X guest.

Signed-off-by: John Arbuckle 
---
v4 changes:
- Switched to using HWADDR_PRIx in several debug statements.

v3 changes:
- Updated the location of patched code in hw/ppc/kconfig.
- Removed setting the props variable in screamer.c.
- Removed the screamer_properties variable in screamer.c.

v2 changes:
- Fixed a bug that prevented the sampling rate from being changed.

 hw/audio/Kconfig  |   3 +
 hw/audio/Makefile.objs|   2 +
 hw/audio/screamer.c   | 985 ++
 hw/misc/macio/macio.c |  35 +-
 hw/ppc/Kconfig|   1 +
 hw/ppc/mac.h  |   5 +
 include/hw/audio/screamer.h   |  42 ++
 include/hw/misc/macio/macio.h |   2 +
 8 files changed, 1074 insertions(+), 1 deletion(-)
 create mode 100644 hw/audio/screamer.c
 create mode 100644 include/hw/audio/screamer.h

diff --git a/hw/audio/Kconfig b/hw/audio/Kconfig
index e9c6fed826..196da6c3fe 100644
--- a/hw/audio/Kconfig
+++ b/hw/audio/Kconfig
@@ -50,3 +50,6 @@ config CS4231
 
 config MARVELL_88W8618
 bool
+
+config SCREAMER
+bool
diff --git a/hw/audio/Makefile.objs b/hw/audio/Makefile.objs
index 63db383709..55906886bc 100644
--- a/hw/audio/Makefile.objs
+++ b/hw/audio/Makefile.objs
@@ -15,4 +15,6 @@ common-obj-$(CONFIG_CS4231) += cs4231.o
 common-obj-$(CONFIG_MARVELL_88W8618) += marvell_88w8618.o
 common-obj-$(CONFIG_MILKYMIST) += milkymist-ac97.o
 
+common-obj-$(CONFIG_SCREAMER) += screamer.o
+
 common-obj-y += soundhw.o
diff --git a/hw/audio/screamer.c b/hw/audio/screamer.c
new file mode 100644
index 00..7de17fe8a6
--- /dev/null
+++ b/hw/audio/screamer.c
@@ -0,0 +1,985 @@
+/*
+ * File: Screamer.c
+ * Description: Implement the Screamer sound chip used in Apple Macintoshes.
+ * It works by filling a buffer, then playing the buffer.
+ */
+
+#include "qemu/osdep.h"
+#include "audio/audio.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include 
+#include "hw/ppc/mac.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+#include "include/hw/audio/screamer.h"
+
+#define DEBUG_SCREAMER 0
+#define DPRINTF(fmt, ...) \
+do { if (DEBUG_SCREAMER) { printf(fmt , ## __VA_ARGS__); } } while (0)
+
+#define SOUND_CONTROL_REG  0
+#define CODEC_CONTROL_REG  1
+#define CODEC_STATUS_REG   2
+#define CLIP_COUNT_REG 3
+#define BYTE_SWAP_REG  4
+#define FRAME_COUNT_REG5
+
+#define AWACS_BUSY 0x0100
+
+/* Used with AWACS register 1 */
+#define RECALIBRATE 0x004
+#define LOOPTHRU0x040
+#define SPEAKER_MUTE0x080
+#define HEADPHONE_MUTE  0x200
+#define OUTPUT_ZERO 0x400
+#define OUTPUT_ONE  0x800
+#define PARALLEL_OUTPUT 0xc00
+
+/* Function prototypes */
+static uint32_t set_busy_bit(uint32_t value, int bit);
+static uint32_t set_part_ready_bit(uint32_t value, int bit_value);
+static uint32_t set_revision(uint32_t input_value);
+static uint32_t set_manufacturer(uint32_t input_value);
+static int get_sampling_rate(ScreamerState *s);
+static uint32_t get_frame_count_reg(ScreamerState *s);
+static void add_to_speaker_buffer(DBDMA_io *io);
+static void dma_request(DBDMA_io *io);
+
+
+/ Getters */
+
+/* Returns the codec control register's encoded AWACS address */
+static uint8_t get_codec_control_address(uint32_t value)
+{
+uint8_t return_value;
+return_value = (value >> 12) & 0x0fff;
+return return_value;
+}
+
+
+static uint32_t get_sound_control_reg(ScreamerState *s)
+{
+DPRINTF("%s() called - returned 0x%x\n", __func__, s->sound_control);
+return s->sound_control;
+}
+
+/* The AWACS registers are accessed thru this register */
+static uint32_t get_codec_control_reg(ScreamerState *s)
+{
+int awacs_register = get_codec_control_address(s->codec_control);
+uint32_t return_value = s->awacs[awacs_register];
+return_value = set_busy_bit(return_value, 0); /* Tell CPU we are ready */
+DPRINTF("%s() called - returned 0x%x\tAWACS register: %d\n", __func__,
+return_value, awacs_register);
+return return_value;
+}
+
+/*
+ * Determines if the readback bit is set.
+ * It is used by the Codec Control register.
+ */
+static bool readback_enabled(ScreamerState *s)
+{
+/* Note: bit zero is the readback enabled bit */
+if (s->awacs[7] & 1) {
+return true;
+} else {
+return false;
+}
+}
+
+static uint32_t get_codec_status_reg(ScreamerState *s)
+{
+uint32_t return_value;
+
+/* if in readback mode - return AWACS register value */
+if (readback_enabled(s)) {
+int awacs_register = (s->awacs[7] & 0xe) >> 1;
+s->awacs[7] = s->awacs[7] & 0xfffe; /* turn off readback mode */
+return_value = s->awacs[awacs_register] << 4;
+DPRINTF("readback enable bit is set, returning AWACS register %d\t"
+"value:0x%x\n", awacs_register, return_value);
+
+

Re: [PATCH v5 16/22] target/arm: Implement data cache set allocation tags

[Richard Henderson]

On 12/5/19 10:17 AM, Peter Maydell wrote:
> On Fri, 11 Oct 2019 at 14:50, Richard Henderson
>  wrote:
>>
>> This is DC GVA and DC GZVA.
>>
>> Signed-off-by: Richard Henderson 
>> ---
>> v2: Use allocation_tag_mem + memset.
>> v3: Require pre-cleaned addresses.
>> ---
> 
>> diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
>> index f1315bae37..e8d8a6bedb 100644
>> --- a/target/arm/mte_helper.c
>> +++ b/target/arm/mte_helper.c
>> @@ -510,3 +510,31 @@ void HELPER(stzgm)(CPUARMState *env, uint64_t ptr, 
>> uint64_t val)
>>  }
>>  }
>>  }
>> +
>> +void HELPER(dc_gva)(CPUARMState *env, uint64_t ptr)
>> +{
>> +ARMCPU *cpu = env_archcpu(env);
>> +size_t blocklen = 4 << cpu->dcz_blocksize;
>> +int el;
>> +uint64_t sctlr;
>> +uint8_t *mem;
>> +int rtag;
>> +
>> +ptr = QEMU_ALIGN_DOWN(ptr, blocklen);
>> +
>> +/* Trap if accessing an invalid page.  */
>> +mem = allocation_tag_mem(env, ptr, true, GETPC());
>> +
>> +/* No action if page does not support tags, or if access is disabled.  
>> */
>> +el = arm_current_el(env);
>> +sctlr = arm_sctlr(env, el);
>> +if (!mem || !allocation_tag_access_enabled(env, el, sctlr)) {
>> +return;
>> +}
>> +
>> +rtag = allocation_tag_from_addr(ptr);
>> +rtag |= rtag << 4;
>> +
>> +assert(QEMU_IS_ALIGNED(blocklen, 2 * TAG_GRANULE));
> 
> Could we assert this on CPU init rather than in this helper?
> That way if anybody tries to create a CPU whose dcz_blocksize
> doesn't work with the TAG_GRANULE they'll realize immediately
> rather than only if they happen to run a guest workload that
> use DC GVA or DC GZVA.

Sure.  I've moved it to realize.

> I also had to think a bit to work out which way round this
> assert is checking: it's testing that the ZVA block length
> (usually 64 bytes) is a multiple of (twice the TAG_GRANULE),
> which is to say a multiple of 32. Given that the blocksize
> is stored as a log2 value, this can only fail for blocksizes
> 16, 8, 4, 2 or 1, which are all fairly unlikely.

Indeed.

>> +case ARM_CP_DC_GVA:
>> +tcg_rt = clean_data_tbi(s, cpu_reg(s, rt), false);
>> +gen_helper_dc_gva(cpu_env, tcg_rt);
>> +return;
>> +case ARM_CP_DC_GZVA:
>> +tcg_rt = clean_data_tbi(s, cpu_reg(s, rt), false);
>> +gen_helper_dc_zva(cpu_env, tcg_rt);
>> +gen_helper_dc_gva(cpu_env, tcg_rt);
> 
> I think this means that if there's a watchpoint set on the memory
> partway through the block we're zeroing then we'll take the
> watchpoint with some of the memory zeroed but without the
> corresponding tags having been updated. But that's probably OK
> (at any rate I wouldn't worry about it for now...)

The relatively new probe_{access,write} functions take care of watchpoints.  On
the next round I'll have another look at what may or may not be missing to use
that here.  It's something that I've been thinking about to get right for SVE
as well.


r~

Re: [PATCH v5 15/22] target/arm: Clean address for DC ZVA

[Richard Henderson]

On 12/5/19 10:58 AM, Peter Maydell wrote:
> On Fri, 11 Oct 2019 at 14:50, Richard Henderson
>  wrote:
>>
>> This data access was forgotten in the previous patch.
>>
>> Fixes: 3a471103ac1823ba
>> Signed-off-by: Richard Henderson 
>> ---
>>  target/arm/translate-a64.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
>> index 4e049bb4aa..49817b96ae 100644
>> --- a/target/arm/translate-a64.c
>> +++ b/target/arm/translate-a64.c
>> @@ -1766,7 +1766,7 @@ static void handle_sys(DisasContext *s, uint32_t insn, 
>> bool isread,
>>  return;
>>  case ARM_CP_DC_ZVA:
>>  /* Writes clear the aligned block of memory which rt points into. */
>> -tcg_rt = cpu_reg(s, rt);
>> +tcg_rt = clean_data_tbi(s, cpu_reg(s, rt), false);
>>  gen_helper_dc_zva(cpu_env, tcg_rt);
>>  return;
> 
> ...doesn't this mean we don't do a tag check for DC ZVA?
> Or is that handled in the helper ? (I guess it has to be,
> the DC ZVA will span multiple tag granules).

It isn't clear to me that DC ZVA does check tags.  There's no pseudocode for
DC_ZVA, which is less helpful than it might be.

I suppose one could infer it from "behaves as a set of stores to each byte
within the block", but considering that stores are both checking or
non-checking depending on addressing mode etc, I'd have preferred an explicit 
note.

So far I'm treating DC_ZVA as unchecked.


r~

Re: [PULL SUBSYSTEM qemu-pseries] pseries: Update SLOF firmware image

[Alexey Kardashevskiy]

On 17/02/2020 20:26, Philippe Mathieu-Daudé wrote:
> Hi Alexey,
> 
> On 2/17/20 3:12 AM, Alexey Kardashevskiy wrote:
>> The following changes since commit
>> 05943fb4ca41f626078014c0327781815c6584c5:
>>
>>    ppc: free 'fdt' after reset the machine (2020-02-17 11:27:23 +1100)
>>
>> are available in the Git repository at:
>>
>>    g...@github.com:aik/qemu.git tags/qemu-slof-20200217
>>
>> for you to fetch changes up to ea9a03e5aa023c5391bab5259898475d0298aac2:
>>
>>    pseries: Update SLOF firmware image (2020-02-17 13:08:59 +1100)
>>
>> 
>> Alexey Kardashevskiy (1):
>>    pseries: Update SLOF firmware image
>>
>>   pc-bios/README   |   2 +-
>>   pc-bios/slof.bin | Bin 931032 -> 968560 bytes
>>   roms/SLOF    |   2 +-
>>   3 files changed, 2 insertions(+), 2 deletions(-)
> 
> I only received the cover, not the patch, have you posted it?

No, for quite some time now - it is too big and does not pass some
filters somewhere so rather than fixing filters, I simply send pull
requests instead.


> 
> I noticed on your repository you included a 'git shortlog' output in the
> commit description, thanks for that detail, much appreciated!

I was asked nicely to do so :)

> 
> Regards,
> 
> Phil.
> 

-- 
Alexey

Re: [PULL SUBSYSTEM qemu-pseries] pseries: Update SLOF firmware image

[Alexey Kardashevskiy]

On 17/02/2020 20:48, Cédric Le Goater wrote:
> On 2/17/20 3:12 AM, Alexey Kardashevskiy wrote:
>> The following changes since commit 05943fb4ca41f626078014c0327781815c6584c5:
>>
>>   ppc: free 'fdt' after reset the machine (2020-02-17 11:27:23 +1100)
>>
>> are available in the Git repository at:
>>
>>   g...@github.com:aik/qemu.git tags/qemu-slof-20200217
>>
>> for you to fetch changes up to ea9a03e5aa023c5391bab5259898475d0298aac2:
>>
>>   pseries: Update SLOF firmware image (2020-02-17 13:08:59 +1100)
>>
>> 
>> Alexey Kardashevskiy (1):
>>   pseries: Update SLOF firmware image
>>
>>  pc-bios/README   |   2 +-
>>  pc-bios/slof.bin | Bin 931032 -> 968560 bytes
>>  roms/SLOF|   2 +-
>>  3 files changed, 2 insertions(+), 2 deletions(-)
>>
>>
>> *** Note: this is not for master, this is for pseries
>>
> 
> Hello Alexey,
> 
> QEMU fails to boot from disk. See below.


It does boot mine (fedora 30, ubuntu 18.04), see below. I believe I
could have broken something but I need more detail. Thanks,




SLOF **
QEMU Starting
 Build Date = Feb 17 2020 13:06:47
 FW Version = git-42228d763f1fdb7b
 Press "s" to enter Open Firmware.

Populating /vdevice methods
Populating /vdevice/nvram@7100
Populating /vdevice/vty@71000110
Populating /pci@8002000
 00  (D) : 1af4 1000virtio [ net ]
 00 0800 (D) : 1af4 1004virtio [ scsi ]
Populating /pci@8002000/scsi@1
   SCSI: Looking for devices
  100 DISK : "QEMU QEMU HARDDISK2.5+"
No NVRAM common partition, re-initializing...
Scanning USB
Using default console: /vdevice/vty@71000110

  Welcome to Open Firmware

  Copyright (c) 2004, 2017 IBM Corporation All rights reserved.
  This program and the accompanying materials are made available
  under the terms of the BSD License available at
  http://www.opensource.org/licenses/bsd-license.php


Trying to load:  from: /pci@8002000/scsi@1/disk@100
...   Successfully loaded






  Fedora (5.5.0-rc5-le-guest_v5.5-rc5_a+fstn1) 30 (Thirty)

  Fedora (5.0.9-301.fc30.ppc64le) 30 (Thirty)

  Fedora (0-rescue-8f8bbec520a44fd09da6af8e0d2c6571) 30 (Thirty)




> 
> Thanks,
> 
> C.
> 
> 
> QEMU Starting
>  Build Date = Feb 17 2020 13:06:47
>  FW Version = git-42228d763f1fdb7b
>  Press "s" to enter Open Firmware.
> 
> Populating /vdevice methods
> Populating /vdevice/vty@7100
> Populating /vdevice/nvram@7101
> Populating /pci@8002000
>  00 0800 (D) : 1af4 1004virtio [ scsi ]
> Populating /pci@8002000/scsi@1
>SCSI: Looking for devices
>   100 DISK : "QEMU QEMU HARDDISK2.5+"
>  00 1000 (D) : 1af4 1000virtio [ net ]
>  00 2000 (D) : 1b36 000dserial bus [ usb-xhci ]
> No NVRAM common partition, re-initializing...
> Scanning USB 
>   XHCI: Initializing
> Using default console: /vdevice/vty@7100
>  
>   Welcome to Open Firmware
> 
>   Copyright (c) 2004, 2017 IBM Corporation All rights reserved.
>   This program and the accompanying materials are made available
>   under the terms of the BSD License available at
>   http://www.opensource.org/licenses/bsd-license.php
> 
> 
> Trying to load:  from: /pci@8002000/scsi@1/disk@100 ...  
> slash SCSI-DISK: Access beyond end of device ! 
> 
> Out of internal memory.
> SCSI-DISK: Access beyond end of device ! 
> SCSI-DISK: Access beyond end of device ! 
> SCSI-DISK: Access beyond end of device ! 
> SCSI-DISK: Access beyond end of device ! 
> SCSI-DISK: Access beyond end of device ! 
> 

-- 
Alexey

[Bug 1863685] [NEW] ARM: HCR.TSW traps are not implemented

[Julien Freche]

Public bug reported:

On 32-bit and 64-bit ARM platforms, setting HCR.TSW is supposed to "Trap
data or unified cache maintenance instructions that operate by Set/Way."
Quoting the ARM manual:

If EL1 is using AArch64 state, accesses to DC ISW, DC CSW, DC CISW are trapped 
to EL2, reported using EC syndrome value 0x18.
If EL1 is using AArch32 state, accesses to DCISW, DCCSW, DCCISW are trapped to 
EL2, reported using EC syndrome value 0x03.

However, QEMU does not trap those instructions/registers. This was
tested on the branch master of the git repo.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1863685

Title:
  ARM: HCR.TSW traps are not implemented

Status in QEMU:
  New

Bug description:
  On 32-bit and 64-bit ARM platforms, setting HCR.TSW is supposed to
  "Trap data or unified cache maintenance instructions that operate by
  Set/Way." Quoting the ARM manual:

  If EL1 is using AArch64 state, accesses to DC ISW, DC CSW, DC CISW are 
trapped to EL2, reported using EC syndrome value 0x18.
  If EL1 is using AArch32 state, accesses to DCISW, DCCSW, DCCISW are trapped 
to EL2, reported using EC syndrome value 0x03.

  However, QEMU does not trap those instructions/registers. This was
  tested on the branch master of the git repo.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1863685/+subscriptions

[Bug 1859920] Re: daemoniz not working on MacOS

[JS]

Anything else I should supply to move status away from incomplete?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1859920

Title:
  daemoniz not working on MacOS

Status in QEMU:
  Incomplete

Bug description:
  OS: MacOS Catalina 10.15.2
  Qemu install via brew: brew install qemu

  qemu-system-x86_64 -version
  QEMU emulator version 4.2.50 (v4.2.0-13-g084a398bf8-dirty)
  Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers

  ---

  Start Ubuntu Desktop 18.04 client as follow:

  IMG_CD=$HOME/Downloads/iso/ubuntu-18.04.3-desktop-amd64.iso
  IMG_FILE=$HOME/code/vm/qemu/u64d01.qcow2
  MAC_ADDR=xx:xx:xx:xx:xx:xx

  qemu-system-x86_64 \
  -no-user-config -nodefaults \
  -show-cursor \
  -name u64d01 \
  -M q35,accel=hvf,usb=off,vmport=off \
  -cpu host -smp 4 -m 2048 \
  -overcommit mem-lock=off \
  -overcommit cpu-pm=off \
  -rtc base=utc,clock=host \
  \
  -device virtio-tablet-pci \
  -device virtio-vga \
  \
  -device virtio-blk-pci,drive=ssd1 \
  -drive id=ssd1,file=$IMG_FILE,if=none,format=qcow2 \
  \
  -device virtio-net-pci,netdev=nic1,mac=$MAC_ADDR \
  -netdev user,id=nic1,ipv4=on,ipv6=on,hostname=u64d01,hostfwd=tcp::-:22 \
  \
  -device ich9-intel-hda,id=snd,msi=on \
  -device hda-output,id=snd-codec0,bus=snd.0,cad=0,audiodev=snd0 \
  -audiodev coreaudio,id=snd0,out.buffer-count=1 \
  \
  -daemonize

  Give following error:

  objc[3432]: +[NSNumber initialize] may have been in progress in another 
thread when fork() was called.
  objc[3432]: +[NSNumber initialize] may have been in progress in another 
thread when fork() was called. We cannot safely call it or ignore it in the 
fork() child process. Crashing instead. Set a breakpoint on 
objc_initializeAfterForkError to debug.

  
  I checked "ps -ef|grep qemu" before and after the command, there was no qemu 
process running.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1859920/+subscriptions

[PATCH v5 18/18] docs: add Orange Pi PC document

[Niek Linnenbank]

The Xunlong Orange Pi PC machine is a functional ARM machine
based on the Allwinner H3 System-on-Chip. It supports mainline
Linux, U-Boot, NetBSD and is covered by acceptance tests.

This commit adds a documentation text file with a description
of the machine and instructions for the user.

Signed-off-by: Niek Linnenbank 
---
 docs/orangepi.rst | 226 ++
 MAINTAINERS   |   1 +
 2 files changed, 227 insertions(+)
 create mode 100644 docs/orangepi.rst

diff --git a/docs/orangepi.rst b/docs/orangepi.rst
new file mode 100644
index 00..a9b46f553c
--- /dev/null
+++ b/docs/orangepi.rst
@@ -0,0 +1,226 @@
+=
+Orange Pi PC Machine Type
+=
+
+The Xunlong Orange Pi PC is an Allwinner H3 System on Chip
+based embedded computer with mainline support in both U-Boot
+and Linux. The board comes with a Quad Core Cortex A7 @ 1.3GHz,
+1GiB RAM, 100Mbit ethernet, USB, SD/MMC, USB, HDMI and
+various other I/O.
+
+Supported devices
+-
+
+The Orange Pi PC machine supports the following devices:
+
+ * SMP (Quad Core Cortex A7)
+ * Generic Interrupt Controller configuration
+ * SRAM mappings
+ * SDRAM controller
+ * Real Time Clock
+ * Timer device (re-used from Allwinner A10)
+ * UART
+ * SD/MMC storage controller
+ * EMAC ethernet
+ * USB 2.0 interfaces
+ * Clock Control Unit
+ * System Control module
+ * Security Identifier device
+
+Limitations
+---
+
+Currently, Orange Pi PC does *not* support the following features:
+
+- Graphical output via HDMI, GPU and/or the Display Engine
+- Audio output
+- Hardware Watchdog
+
+Also see the 'unimplemented' array in the Allwinner H3 SoC module
+for a complete list of unimplemented I/O devices:
+  ./hw/arm/allwinner-h3.c
+
+Using the Orange Pi PC machine type
+---
+
+Boot options
+
+
+The Orange Pi PC machine can start using the standard -kernel functionality
+for loading a Linux kernel or ELF executable. Additionally, the Orange Pi PC
+machine can also emulate the BootROM which is present on an actual Allwinner H3
+based SoC, which loads the bootloader from a SD card, specified via the -sd 
argument
+to qemu-system-arm.
+
+Machine-specific options
+
+
+The following machine-specific options are supported:
+
+- allwinner-rtc.base-year=
+
+  The Allwinner RTC device is automatically created by the Orange Pi PC machine
+  and uses a default base year value which can be overridden using the 
'base-year' property.
+  The base year is the actual represented year when the RTC year value is zero.
+  This option can be used in case the target operating system driver uses a 
different
+  base year value. The minimum value for the base year is 1900.
+
+- allwinner-sid.identifier=abcd1122-a000-b000-c000-12345678
+
+  The Security Identifier value can be read by the guest.
+  For example, U-Boot uses it to determine a unique MAC address.
+
+The above machine-specific options can be specified in qemu-system-arm
+via the '-global' argument, for example:
+
+  $ qemu-system-arm -M orangepi-pc -sd mycard.img \
+   -global allwinner-rtc.base-year=2000
+
+Running mainline Linux
+~~
+
+Mainline Linux kernels from 4.19 up to latest master are known to work.
+To build a Linux mainline kernel that can be booted by the Orange Pi PC 
machine,
+simply configure the kernel using the sunxi_defconfig configuration:
+
+  $ ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- make mrproper
+  $ ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- make sunxi_defconfig
+
+To be able to use USB storage, you need to manually enable the corresponding
+configuration item. Start the kconfig configuration tool:
+
+  $ ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- make menuconfig
+
+Navigate to the following item, enable it and save your configuration:
+
+  Device Drivers > USB support > USB Mass Storage support
+
+Build the Linux kernel with:
+
+  $ ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- make
+
+To boot the newly build linux kernel in QEMU with the Orange Pi PC machine, 
use:
+
+  $ qemu-system-arm -M orangepi-pc -nic user -nographic \
+  -kernel /path/to/linux/arch/arm/boot/zImage \
+  -append 'console=ttyS0,115200' \
+  -dtb /path/to/linux/arch/arm/boot/dts/sun8i-h3-orangepi-pc.dtb
+
+Orange Pi PC images
+~~~
+
+Note that the mainline kernel does not have a root filesystem. You may provide 
it
+with an official Orange Pi PC image from the official website:
+
+  http://www.orangepi.org/downloadresources/
+
+Another possibility is to run an Armbian image for Orange Pi PC which
+can be downloaded from:
+
+   https://www.armbian.com/orange-pi-pc/
+
+Alternatively, you can also choose to build you own image with buildroot
+using the orangepi_pc_defconfig. Also see https://buildroot.org for more 
information.
+
+You can choose to attach the selected image either as an SD card or as USB 
mass storage.

[PATCH v5 08/18] hw/arm/allwinner: add SD/MMC host controller

[Niek Linnenbank]

The Allwinner System on Chip families sun4i and above contain
an integrated storage controller for Secure Digital (SD) and
Multi Media Card (MMC) interfaces. This commit adds support
for the Allwinner SD/MMC storage controller with the following
emulated features:

 * DMA transfers
 * Direct FIFO I/O
 * Short/Long format command responses
 * Auto-Stop command (CMD12)
 * Insert & remove card detection

The following boards are extended with the SD host controller:

 * Cubieboard (hw/arm/cubieboard.c)
 * Orange Pi PC (hw/arm/orangepi.c)

Signed-off-by: Niek Linnenbank 
Tested-by: Philippe Mathieu-Daudé 
---
 include/hw/arm/allwinner-a10.h   |   2 +
 include/hw/arm/allwinner-h3.h|   3 +
 include/hw/sd/allwinner-sdhost.h | 135 +
 hw/arm/allwinner-a10.c   |  11 +
 hw/arm/allwinner-h3.c|  15 +-
 hw/arm/cubieboard.c  |  15 +
 hw/arm/orangepi.c|  16 +
 hw/sd/allwinner-sdhost.c | 854 +++
 hw/arm/Kconfig   |   1 +
 hw/sd/Makefile.objs  |   1 +
 hw/sd/trace-events   |   7 +
 11 files changed, 1059 insertions(+), 1 deletion(-)
 create mode 100644 include/hw/sd/allwinner-sdhost.h
 create mode 100644 hw/sd/allwinner-sdhost.c

diff --git a/include/hw/arm/allwinner-a10.h b/include/hw/arm/allwinner-a10.h
index 40d0b1d9c0..d009616eef 100644
--- a/include/hw/arm/allwinner-a10.h
+++ b/include/hw/arm/allwinner-a10.h
@@ -7,6 +7,7 @@
 #include "hw/timer/allwinner-a10-pit.h"
 #include "hw/intc/allwinner-a10-pic.h"
 #include "hw/net/allwinner_emac.h"
+#include "hw/sd/allwinner-sdhost.h"
 #include "hw/ide/ahci.h"
 
 #include "target/arm/cpu.h"
@@ -27,6 +28,7 @@ typedef struct AwA10State {
 AwA10PICState intc;
 AwEmacState emac;
 AllwinnerAHCIState sata;
+AwSdHostState mmc0;
 MemoryRegion sram_a;
 } AwA10State;
 
diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
index 85416d9d64..d71a4917ab 100644
--- a/include/hw/arm/allwinner-h3.h
+++ b/include/hw/arm/allwinner-h3.h
@@ -43,6 +43,7 @@
 #include "hw/misc/allwinner-cpucfg.h"
 #include "hw/misc/allwinner-h3-sysctrl.h"
 #include "hw/misc/allwinner-sid.h"
+#include "hw/sd/allwinner-sdhost.h"
 #include "target/arm/cpu.h"
 
 /**
@@ -60,6 +61,7 @@ enum {
 AW_H3_SRAM_A2,
 AW_H3_SRAM_C,
 AW_H3_SYSCTRL,
+AW_H3_MMC0,
 AW_H3_SID,
 AW_H3_EHCI0,
 AW_H3_OHCI0,
@@ -117,6 +119,7 @@ typedef struct AwH3State {
 AwCpuCfgState cpucfg;
 AwH3SysCtrlState sysctrl;
 AwSidState sid;
+AwSdHostState mmc0;
 GICState gic;
 MemoryRegion sram_a1;
 MemoryRegion sram_a2;
diff --git a/include/hw/sd/allwinner-sdhost.h b/include/hw/sd/allwinner-sdhost.h
new file mode 100644
index 00..d94606a853
--- /dev/null
+++ b/include/hw/sd/allwinner-sdhost.h
@@ -0,0 +1,135 @@
+/*
+ * Allwinner (sun4i and above) SD Host Controller emulation
+ *
+ * Copyright (C) 2019 Niek Linnenbank 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#ifndef HW_SD_ALLWINNER_SDHOST_H
+#define HW_SD_ALLWINNER_SDHOST_H
+
+#include "qom/object.h"
+#include "hw/sysbus.h"
+#include "hw/sd/sd.h"
+
+/**
+ * Object model types
+ * @{
+ */
+
+/** Generic Allwinner SD Host Controller (abstract) */
+#define TYPE_AW_SDHOST "allwinner-sdhost"
+
+/** Allwinner sun4i family (A10, A12) */
+#define TYPE_AW_SDHOST_SUN4I TYPE_AW_SDHOST "-sun4i"
+
+/** Allwinner sun5i family and newer (A13, H2+, H3, etc) */
+#define TYPE_AW_SDHOST_SUN5I TYPE_AW_SDHOST "-sun5i"
+
+/** @} */
+
+/**
+ * Object model macros
+ * @{
+ */
+
+#define AW_SDHOST(obj) \
+OBJECT_CHECK(AwSdHostState, (obj), TYPE_AW_SDHOST)
+#define AW_SDHOST_CLASS(klass) \
+ OBJECT_CLASS_CHECK(AwSdHostClass, (klass), TYPE_AW_SDHOST)
+#define AW_SDHOST_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(AwSdHostClass, (obj), TYPE_AW_SDHOST)
+
+/** @} */
+
+/**
+ * Allwinner SD Host Controller object instance state.
+ */
+typedef struct AwSdHostState {
+/*< private >*/
+SysBusDevice busdev;
+/*< public >*/
+
+/** Secure Digital (SD) bus, which connects to SD card (if present) */
+SDBus sdbus;
+
+/** Maps I/O registers in physical memory */
+MemoryRegion iomem;
+
+/** Interrupt output signal to notify CPU */
+qemu_irq irq;
+
+/** Number of bytes left in current DMA transfer */
+uint32_t transfer_cnt;
+
+/**
+ * @name Hardware 

[PATCH v5 16/18] tests/boot_linux_console: Add a SLOW test booting Ubuntu on OrangePi PC

[Niek Linnenbank]

From: Philippe Mathieu-Daudé 

This test boots Ubuntu Bionic on a OrangePi PC board.

As it requires 1GB of storage, and is slow, this test is disabled
on automatic CI testing.

It is useful for workstation testing. Currently Avocado timeouts too
quickly, so we can't run userland commands.

The kernel image and DeviceTree blob are built by the Armbian
project (based on Debian):
https://www.armbian.com/orange-pi-pc/

The Ubuntu image is downloaded from:
https://dl.armbian.com/orangepipc/Bionic_current

This test can be run using:

  $ AVOCADO_ALLOW_LARGE_STORAGE=yes \
avocado --show=app,console run -t machine:orangepi-pc \
  tests/acceptance/boot_linux_console.py
  console: U-Boot SPL 2019.04-armbian (Nov 18 2019 - 23:08:35 +0100)
  console: DRAM: 1024 MiB
  console: Failed to set core voltage! Can't set CPU frequency
  console: Trying to boot from MMC1
  console: U-Boot 2019.04-armbian (Nov 18 2019 - 23:08:35 +0100) Allwinner 
Technology
  console: CPU:   Allwinner H3 (SUN8I )
  console: Model: Xunlong Orange Pi PC
  console: DRAM:  1 GiB
  console: MMC:   mmc@1c0f000: 0
  [...]
  console: Uncompressing Linux... done, booting the kernel.
  console: Booting Linux on physical CPU 0x0
  console: Linux version 5.3.9-sunxi (root@builder) (gcc version 8.3.0 (GNU 
Toolchain for the A-profile Architecture 8.3-2019.03 (arm-rel-8.36))) #19.11.3 
SMP Mon Nov 18 18:49:43 CET 2019
  console: CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=50c5387d
  console: CPU: div instructions available: patching division code
  console: CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction 
cache
  console: OF: fdt: Machine model: Xunlong Orange Pi PC
  [...]
  console: EXT4-fs (mmcblk0p1): mounted filesystem with writeback data mode. 
Opts: (null)
  console: done.
  console: Begin: Running /scripts/local-bottom ... done.
  console: Begin: Running /scripts/init-bottom ... done.
  console: systemd[1]: systemd 237 running in system mode. (...)
  console: systemd[1]: Detected architecture arm.
  console: Welcome to Ubuntu 18.04.3 LTS!
  console: systemd[1]: Set hostname to .

Signed-off-by: Philippe Mathieu-Daudé 
[NL: rename in commit message Raspbian to Armbian, remove vm.set_machine()]
[NL: changed test to boot from SD card via BootROM, added check for 7z]
Signed-off-by: Niek Linnenbank 
---
 tests/acceptance/boot_linux_console.py | 48 ++
 1 file changed, 48 insertions(+)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index 7ef69c7bac..a70ac4a6cc 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -19,7 +19,13 @@ from avocado_qemu import exec_command_and_wait_for_pattern
 from avocado_qemu import wait_for_console_pattern
 from avocado.utils import process
 from avocado.utils import archive
+from avocado.utils.path import find_command, CmdNotFoundError
 
+P7ZIP_AVAILABLE = True
+try:
+find_command('7z')
+except CmdNotFoundError:
+P7ZIP_AVAILABLE = False
 
 class BootLinuxConsole(Test):
 """
@@ -613,6 +619,48 @@ class BootLinuxConsole(Test):
 exec_command_and_wait_for_pattern(self, 'reboot',
 'reboot: Restarting system')
 
+@skipUnless(os.getenv('AVOCADO_ALLOW_LARGE_STORAGE'), 'storage limited')
+@skipUnless(P7ZIP_AVAILABLE, '7z not installed')
+def test_arm_orangepi_bionic(self):
+"""
+:avocado: tags=arch:arm
+:avocado: tags=machine:orangepi-pc
+"""
+
+# This test download a 196MB compressed image and expand it to 932MB...
+image_url = ('https://dl.armbian.com/orangepipc/archive/'
+ 'Armbian_19.11.3_Orangepipc_bionic_current_5.3.9.7z')
+image_hash = '196a8ffb72b0123d92cea4a070894813d305c71e'
+image_path_7z = self.fetch_asset(image_url, asset_hash=image_hash)
+image_name = 'Armbian_19.11.3_Orangepipc_bionic_current_5.3.9.img'
+image_path = os.path.join(self.workdir, image_name)
+process.run("7z e -o%s %s" % (self.workdir, image_path_7z))
+
+self.vm.set_console()
+self.vm.add_args('-drive', 'file=' + image_path + ',if=sd,format=raw',
+ '-nic', 'user',
+ '-no-reboot')
+self.vm.launch()
+
+kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE +
+   'console=ttyS0,115200 '
+   'loglevel=7 '
+   'nosmp '
+   'systemd.default_timeout_start_sec=9000 '
+   'systemd.mask=armbian-zram-config.service '
+   'systemd.mask=armbian-ramlog.service')
+
+self.wait_for_console_pattern('U-Boot SPL')
+self.wait_for_console_pattern('Autoboot in ')
+exec_command_and_wait_for_pattern(self, ' ', '=>')
+exec_command_and_wait_for_pattern(self, 

[PATCH v5 09/18] hw/arm/allwinner-h3: add EMAC ethernet device

[Niek Linnenbank]

The Allwinner Sun8i System on Chip family includes an Ethernet MAC (EMAC)
which provides 10M/100M/1000M Ethernet connectivity. This commit
adds support for the Allwinner EMAC from the Sun8i family (H2+, H3, A33, etc),
including emulation for the following functionality:

 * DMA transfers
 * MII interface
 * Transmit CRC calculation

Signed-off-by: Niek Linnenbank 
---
 include/hw/arm/allwinner-h3.h |   3 +
 include/hw/net/allwinner-sun8i-emac.h |  99 +++
 hw/arm/allwinner-h3.c |  16 +-
 hw/arm/orangepi.c |   3 +
 hw/net/allwinner-sun8i-emac.c | 871 ++
 hw/arm/Kconfig|   1 +
 hw/net/Kconfig|   3 +
 hw/net/Makefile.objs  |   1 +
 hw/net/trace-events   |  10 +
 9 files changed, 1006 insertions(+), 1 deletion(-)
 create mode 100644 include/hw/net/allwinner-sun8i-emac.h
 create mode 100644 hw/net/allwinner-sun8i-emac.c

diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
index d71a4917ab..f9b9a02373 100644
--- a/include/hw/arm/allwinner-h3.h
+++ b/include/hw/arm/allwinner-h3.h
@@ -44,6 +44,7 @@
 #include "hw/misc/allwinner-h3-sysctrl.h"
 #include "hw/misc/allwinner-sid.h"
 #include "hw/sd/allwinner-sdhost.h"
+#include "hw/net/allwinner-sun8i-emac.h"
 #include "target/arm/cpu.h"
 
 /**
@@ -77,6 +78,7 @@ enum {
 AW_H3_UART1,
 AW_H3_UART2,
 AW_H3_UART3,
+AW_H3_EMAC,
 AW_H3_GIC_DIST,
 AW_H3_GIC_CPU,
 AW_H3_GIC_HYP,
@@ -120,6 +122,7 @@ typedef struct AwH3State {
 AwH3SysCtrlState sysctrl;
 AwSidState sid;
 AwSdHostState mmc0;
+AwSun8iEmacState emac;
 GICState gic;
 MemoryRegion sram_a1;
 MemoryRegion sram_a2;
diff --git a/include/hw/net/allwinner-sun8i-emac.h 
b/include/hw/net/allwinner-sun8i-emac.h
new file mode 100644
index 00..eda034e96b
--- /dev/null
+++ b/include/hw/net/allwinner-sun8i-emac.h
@@ -0,0 +1,99 @@
+/*
+ * Allwinner Sun8i Ethernet MAC emulation
+ *
+ * Copyright (C) 2019 Niek Linnenbank 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#ifndef HW_NET_ALLWINNER_SUN8I_EMAC_H
+#define HW_NET_ALLWINNER_SUN8I_EMAC_H
+
+#include "qom/object.h"
+#include "net/net.h"
+#include "hw/sysbus.h"
+
+/**
+ * Object model
+ * @{
+ */
+
+#define TYPE_AW_SUN8I_EMAC "allwinner-sun8i-emac"
+#define AW_SUN8I_EMAC(obj) \
+OBJECT_CHECK(AwSun8iEmacState, (obj), TYPE_AW_SUN8I_EMAC)
+
+/** @} */
+
+/**
+ * Allwinner Sun8i EMAC object instance state
+ */
+typedef struct AwSun8iEmacState {
+/*< private >*/
+SysBusDevice  parent_obj;
+/*< public >*/
+
+/** Maps I/O registers in physical memory */
+MemoryRegion iomem;
+
+/** Interrupt output signal to notify CPU */
+qemu_irq irq;
+
+/** Generic Network Interface Controller (NIC) for networking API */
+NICState *nic;
+
+/** Generic Network Interface Controller (NIC) configuration */
+NICConf  conf;
+
+/**
+ * @name Media Independent Interface (MII)
+ * @{
+ */
+
+uint8_t  mii_phy_addr;  /**< PHY address */
+uint32_t mii_cr;/**< Control */
+uint32_t mii_st;/**< Status */
+uint32_t mii_adv;   /**< Advertised Abilities */
+
+/** @} */
+
+/**
+ * @name Hardware Registers
+ * @{
+ */
+
+uint32_t basic_ctl0;/**< Basic Control 0 */
+uint32_t basic_ctl1;/**< Basic Control 1 */
+uint32_t int_en;/**< Interrupt Enable */
+uint32_t int_sta;   /**< Interrupt Status */
+uint32_t frm_flt;   /**< Receive Frame Filter */
+
+uint32_t rx_ctl0;   /**< Receive Control 0 */
+uint32_t rx_ctl1;   /**< Receive Control 1 */
+uint32_t rx_desc_head;  /**< Receive Descriptor List Address */
+uint32_t rx_desc_curr;  /**< Current Receive Descriptor Address */
+
+uint32_t tx_ctl0;   /**< Transmit Control 0 */
+uint32_t tx_ctl1;   /**< Transmit Control 1 */
+uint32_t tx_desc_head;  /**< Transmit Descriptor List Address */
+uint32_t tx_desc_curr;  /**< Current Transmit Descriptor Address */
+uint32_t tx_flowctl;/**< Transmit Flow Control */
+
+uint32_t mii_cmd;   /**< Management Interface Command */
+uint32_t mii_data;  /**< Management 

[PATCH v5 15/18] tests/boot_linux_console: Add a SD card test for the OrangePi PC board

[Niek Linnenbank]

From: Philippe Mathieu-Daudé 

The kernel image and DeviceTree blob are built by the Armbian
project (based on Debian):
https://www.armbian.com/orange-pi-pc/

The SD image is from the kernelci.org project:
https://kernelci.org/faq/#the-code

If ARM is a target being built, "make check-acceptance" will
automatically include this test by the use of the "arch:arm" tags.

Alternatively, this test can be run using:

  $ avocado --show=console run -t machine:orangepi-pc 
tests/acceptance/boot_linux_console.py
  console: Uncompressing Linux... done, booting the kernel.
  console: Booting Linux on physical CPU 0x0
  console: Linux version 4.20.7-sunxi (r...@armbian.com) (gcc version 7.2.1 
20171011 (Linaro GCC 7.2-2017.11)) #5.75 SMP Fri Feb 8 09:02:10 CET 2019
  console: CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=50c5387d
  [...]
  console: sunxi-wdt 1c20ca0.watchdog: Watchdog enabled (timeout=16 sec, 
nowayout=0)
  console: sunxi-mmc 1c0f000.mmc: Linked as a consumer to regulator.2
  console: sunxi-mmc 1c0f000.mmc: Got CD GPIO
  console: ledtrig-cpu: registered to indicate activity on CPUs
  console: hidraw: raw HID events driver (C) Jiri Kosina
  console: usbcore: registered new interface driver usbhid
  console: usbhid: USB HID core driver
  console: Initializing XFRM netlink socket
  console: sunxi-mmc 1c0f000.mmc: initialized, max. request size: 16384 KB
  console: NET: Registered protocol family 10
  console: mmc0: host does not support reading read-only switch, assuming 
write-enable
  console: mmc0: Problem switching card into high-speed mode!
  console: mmc0: new SD card at address 4567
  console: mmcblk0: mmc0:4567 QEMU! 60.0 MiB
  [...]
  console: EXT4-fs (mmcblk0): mounting ext2 file system using the ext4 subsystem
  console: EXT4-fs (mmcblk0): mounted filesystem without journal. Opts: (null)
  console: VFS: Mounted root (ext2 filesystem) on device 179:0.
  console: Run /sbin/init as init process
  console: EXT4-fs (mmcblk0): re-mounted. Opts: 
block_validity,barrier,user_xattr,acl
  console: Starting syslogd: OK
  console: Starting klogd: OK
  console: Populating /dev using udev: udevd[203]: starting version 3.2.7
  console: /bin/sh: can't access tty; job control turned off
  console: cat /proc/partitions
  console: / # cat /proc/partitions
  console: major minor  #blocks  name
  console: 10   4096 ram0
  console: 11   4096 ram1
  console: 12   4096 ram2
  console: 13   4096 ram3
  console: 1790  61440 mmcblk0
  console: reboot
  console: / # reboot
  console: umount: devtmpfs busy - remounted read-only
  console: EXT4-fs (mmcblk0): re-mounted. Opts: (null)
  console: The system is going down NOW!
  console: Sent SIGTERM to all processes
  console: Sent SIGKILL to all processes
  console: Requesting system reboot
  console: reboot: Restarting system
  JOB TIME   : 68.64 s

Signed-off-by: Philippe Mathieu-Daudé 
[NL: rename in commit message Raspbian to Armbian, remove vm.set_machine()]
Signed-off-by: Niek Linnenbank 
---
 tests/acceptance/boot_linux_console.py | 41 ++
 1 file changed, 41 insertions(+)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index dabc8ef2af..7ef69c7bac 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -572,6 +572,47 @@ class BootLinuxConsole(Test):
 exec_command_and_wait_for_pattern(self, 'reboot',
 'reboot: Restarting system')
 
+def test_arm_orangepi_sd(self):
+"""
+:avocado: tags=arch:arm
+:avocado: tags=machine:orangepi-pc
+"""
+deb_url = ('https://apt.armbian.com/pool/main/l/'
+   'linux-4.20.7-sunxi/linux-image-dev-sunxi_5.75_armhf.deb')
+deb_hash = '1334c29c44d984ffa05ed10de8c3361f33d78315'
+deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+kernel_path = self.extract_from_deb(deb_path,
+'/boot/vmlinuz-4.20.7-sunxi')
+dtb_path = '/usr/lib/linux-image-dev-sunxi/sun8i-h3-orangepi-pc.dtb'
+dtb_path = self.extract_from_deb(deb_path, dtb_path)
+rootfs_url = ('http://storage.kernelci.org/images/rootfs/buildroot/'
+  'kci-2019.02/armel/base/rootfs.ext2.xz')
+rootfs_hash = '692510cb625efda31640d1de0a8d60e26040f061'
+rootfs_path_xz = self.fetch_asset(rootfs_url, asset_hash=rootfs_hash)
+rootfs_path = os.path.join(self.workdir, 'rootfs.cpio')
+archive.lzma_uncompress(rootfs_path_xz, rootfs_path)
+
+self.vm.set_console()
+kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE +
+   'console=ttyS0,115200 '
+   'root=/dev/mmcblk0 rootwait rw '
+   'panic=-1 noreboot')
+self.vm.add_args('-kernel', kernel_path,
+ 

[PATCH v5 12/18] hw/arm/allwinner: add RTC device support

[Niek Linnenbank]

Allwinner System-on-Chips usually contain a Real Time Clock (RTC)
for non-volatile system date and time keeping. This commit adds a generic
Allwinner RTC device that supports the RTC devices found in Allwinner SoC
family sun4i (A10), sun7i (A20) and sun6i and newer (A31, H2+, H3, etc).
The following RTC functionality and features are implemented:

 * Year-Month-Day read/write
 * Hour-Minute-Second read/write
 * General Purpose storage

The following boards are extended with the RTC device:

 * Cubieboard (hw/arm/cubieboard.c)
 * Orange Pi PC (hw/arm/orangepi.c)

Signed-off-by: Niek Linnenbank 
---
 include/hw/arm/allwinner-a10.h |   2 +
 include/hw/arm/allwinner-h3.h  |   3 +
 include/hw/rtc/allwinner-rtc.h | 134 +++
 hw/arm/allwinner-a10.c |   8 +
 hw/arm/allwinner-h3.c  |   9 +-
 hw/rtc/allwinner-rtc.c | 411 +
 hw/rtc/Makefile.objs   |   1 +
 hw/rtc/trace-events|   4 +
 8 files changed, 571 insertions(+), 1 deletion(-)
 create mode 100644 include/hw/rtc/allwinner-rtc.h
 create mode 100644 hw/rtc/allwinner-rtc.c

diff --git a/include/hw/arm/allwinner-a10.h b/include/hw/arm/allwinner-a10.h
index d009616eef..fc979985e6 100644
--- a/include/hw/arm/allwinner-a10.h
+++ b/include/hw/arm/allwinner-a10.h
@@ -9,6 +9,7 @@
 #include "hw/net/allwinner_emac.h"
 #include "hw/sd/allwinner-sdhost.h"
 #include "hw/ide/ahci.h"
+#include "hw/rtc/allwinner-rtc.h"
 
 #include "target/arm/cpu.h"
 
@@ -29,6 +30,7 @@ typedef struct AwA10State {
 AwEmacState emac;
 AllwinnerAHCIState sata;
 AwSdHostState mmc0;
+AwRtcState rtc;
 MemoryRegion sram_a;
 } AwA10State;
 
diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
index 065d020c73..82e4e59216 100644
--- a/include/hw/arm/allwinner-h3.h
+++ b/include/hw/arm/allwinner-h3.h
@@ -46,6 +46,7 @@
 #include "hw/misc/allwinner-sid.h"
 #include "hw/sd/allwinner-sdhost.h"
 #include "hw/net/allwinner-sun8i-emac.h"
+#include "hw/rtc/allwinner-rtc.h"
 #include "target/arm/cpu.h"
 #include "sysemu/block-backend.h"
 
@@ -88,6 +89,7 @@ enum {
 AW_H3_GIC_CPU,
 AW_H3_GIC_HYP,
 AW_H3_GIC_VCPU,
+AW_H3_RTC,
 AW_H3_CPUCFG,
 AW_H3_SDRAM
 };
@@ -129,6 +131,7 @@ typedef struct AwH3State {
 AwSidState sid;
 AwSdHostState mmc0;
 AwSun8iEmacState emac;
+AwRtcState rtc;
 GICState gic;
 MemoryRegion sram_a1;
 MemoryRegion sram_a2;
diff --git a/include/hw/rtc/allwinner-rtc.h b/include/hw/rtc/allwinner-rtc.h
new file mode 100644
index 00..7893f74795
--- /dev/null
+++ b/include/hw/rtc/allwinner-rtc.h
@@ -0,0 +1,134 @@
+/*
+ * Allwinner Real Time Clock emulation
+ *
+ * Copyright (C) 2019 Niek Linnenbank 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#ifndef HW_MISC_ALLWINNER_RTC_H
+#define HW_MISC_ALLWINNER_RTC_H
+
+#include "qom/object.h"
+#include "hw/sysbus.h"
+
+/**
+ * Constants
+ * @{
+ */
+
+/** Highest register address used by RTC device */
+#define AW_RTC_REGS_MAXADDR (0x200)
+
+/** Total number of known registers */
+#define AW_RTC_REGS_NUM (AW_RTC_REGS_MAXADDR / sizeof(uint32_t))
+
+/** @} */
+
+/**
+ * Object model types
+ * @{
+ */
+
+/** Generic Allwinner RTC device (abstract) */
+#define TYPE_AW_RTC  "allwinner-rtc"
+
+/** Allwinner RTC sun4i family (A10, A12) */
+#define TYPE_AW_RTC_SUN4ITYPE_AW_RTC "-sun4i"
+
+/** Allwinner RTC sun6i family and newer (A31, H2+, H3, etc) */
+#define TYPE_AW_RTC_SUN6ITYPE_AW_RTC "-sun6i"
+
+/** Allwinner RTC sun7i family (A20) */
+#define TYPE_AW_RTC_SUN7ITYPE_AW_RTC "-sun7i"
+
+/** @} */
+
+/**
+ * Object model macros
+ * @{
+ */
+
+#define AW_RTC(obj) \
+OBJECT_CHECK(AwRtcState, (obj), TYPE_AW_RTC)
+#define AW_RTC_CLASS(klass) \
+ OBJECT_CLASS_CHECK(AwRtcClass, (klass), TYPE_AW_RTC)
+#define AW_RTC_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(AwRtcClass, (obj), TYPE_AW_RTC)
+
+/** @} */
+
+/**
+ * Allwinner RTC per-object instance state.
+ */
+typedef struct AwRtcState {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public >*/
+
+/**
+ * Actual year represented by the device when year counter is zero
+ *
+ * Can be overridden by the user using the corresponding 'base-year'
+ * property. The base year used by the target OS driver can vary, for
+ * example the Linux driver for sun6i uses 1970 

[PATCH v5 07/18] hw/arm/allwinner: add Security Identifier device

[Niek Linnenbank]

The Security Identifier device found in various Allwinner System on Chip
designs gives applications a per-board unique identifier. This commit
adds support for the Allwinner Security Identifier using a 128-bit
UUID value as input.

Signed-off-by: Niek Linnenbank 
---
 include/hw/arm/allwinner-h3.h   |   3 +
 include/hw/misc/allwinner-sid.h |  60 
 hw/arm/allwinner-h3.c   |  11 ++-
 hw/arm/orangepi.c   |   9 ++
 hw/misc/allwinner-sid.c | 168 
 hw/misc/Makefile.objs   |   1 +
 hw/misc/trace-events|   4 +
 7 files changed, 255 insertions(+), 1 deletion(-)
 create mode 100644 include/hw/misc/allwinner-sid.h
 create mode 100644 hw/misc/allwinner-sid.c

diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
index dc729176ab..85416d9d64 100644
--- a/include/hw/arm/allwinner-h3.h
+++ b/include/hw/arm/allwinner-h3.h
@@ -42,6 +42,7 @@
 #include "hw/misc/allwinner-h3-ccu.h"
 #include "hw/misc/allwinner-cpucfg.h"
 #include "hw/misc/allwinner-h3-sysctrl.h"
+#include "hw/misc/allwinner-sid.h"
 #include "target/arm/cpu.h"
 
 /**
@@ -59,6 +60,7 @@ enum {
 AW_H3_SRAM_A2,
 AW_H3_SRAM_C,
 AW_H3_SYSCTRL,
+AW_H3_SID,
 AW_H3_EHCI0,
 AW_H3_OHCI0,
 AW_H3_EHCI1,
@@ -114,6 +116,7 @@ typedef struct AwH3State {
 AwH3ClockCtlState ccu;
 AwCpuCfgState cpucfg;
 AwH3SysCtrlState sysctrl;
+AwSidState sid;
 GICState gic;
 MemoryRegion sram_a1;
 MemoryRegion sram_a2;
diff --git a/include/hw/misc/allwinner-sid.h b/include/hw/misc/allwinner-sid.h
new file mode 100644
index 00..4c1fa4762b
--- /dev/null
+++ b/include/hw/misc/allwinner-sid.h
@@ -0,0 +1,60 @@
+/*
+ * Allwinner Security ID emulation
+ *
+ * Copyright (C) 2019 Niek Linnenbank 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#ifndef HW_MISC_ALLWINNER_SID_H
+#define HW_MISC_ALLWINNER_SID_H
+
+#include "qom/object.h"
+#include "hw/sysbus.h"
+#include "qemu/uuid.h"
+
+/**
+ * Object model
+ * @{
+ */
+
+#define TYPE_AW_SID"allwinner-sid"
+#define AW_SID(obj) \
+OBJECT_CHECK(AwSidState, (obj), TYPE_AW_SID)
+
+/** @} */
+
+/**
+ * Allwinner Security ID object instance state
+ */
+typedef struct AwSidState {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public >*/
+
+/** Maps I/O registers in physical memory */
+MemoryRegion iomem;
+
+/** Control register defines how and what to read */
+uint32_t control;
+
+/** RdKey register contains the data retrieved by the device */
+uint32_t rdkey;
+
+/** Stores the emulated device identifier */
+QemuUUID identifier;
+
+} AwSidState;
+
+#endif /* HW_MISC_ALLWINNER_SID_H */
diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
index b9a5597f2a..deeea63f5f 100644
--- a/hw/arm/allwinner-h3.c
+++ b/hw/arm/allwinner-h3.c
@@ -38,6 +38,7 @@ const hwaddr allwinner_h3_memmap[] = {
 [AW_H3_SRAM_A2]= 0x00044000,
 [AW_H3_SRAM_C] = 0x0001,
 [AW_H3_SYSCTRL]= 0x01c0,
+[AW_H3_SID]= 0x01c14000,
 [AW_H3_EHCI0]  = 0x01c1a000,
 [AW_H3_OHCI0]  = 0x01c1a400,
 [AW_H3_EHCI1]  = 0x01c1b000,
@@ -78,7 +79,6 @@ struct AwH3Unimplemented {
 { "mmc0",  0x01c0f000, 4 * KiB },
 { "mmc1",  0x01c1, 4 * KiB },
 { "mmc2",  0x01c11000, 4 * KiB },
-{ "sid",   0x01c14000, 1 * KiB },
 { "crypto",0x01c15000, 4 * KiB },
 { "msgbox",0x01c17000, 4 * KiB },
 { "spinlock",  0x01c18000, 4 * KiB },
@@ -198,6 +198,11 @@ static void allwinner_h3_init(Object *obj)
 
 sysbus_init_child_obj(obj, "cpucfg", >cpucfg, sizeof(s->cpucfg),
   TYPE_AW_CPUCFG);
+
+sysbus_init_child_obj(obj, "sid", >sid, sizeof(s->sid),
+  TYPE_AW_SID);
+object_property_add_alias(obj, "identifier", OBJECT(>sid),
+  "identifier", _abort);
 }
 
 static void allwinner_h3_realize(DeviceState *dev, Error **errp)
@@ -315,6 +320,10 @@ static void allwinner_h3_realize(DeviceState *dev, Error 
**errp)
 qdev_init_nofail(DEVICE(>cpucfg));
 sysbus_mmio_map(SYS_BUS_DEVICE(>cpucfg), 0, s->memmap[AW_H3_CPUCFG]);
 
+/* Security Identifier */
+qdev_init_nofail(DEVICE(>sid));
+sysbus_mmio_map(SYS_BUS_DEVICE(>sid), 0, s->memmap[AW_H3_SID]);
+
 /* Universal Serial Bus */
 

[PATCH v5 17/18] tests/boot_linux_console: Test booting NetBSD via U-Boot on OrangePi PC

[Niek Linnenbank]

From: Philippe Mathieu-Daudé 

This test boots U-Boot then NetBSD (stored on a SD card) on
a OrangePi PC board.

As it requires ~1.3GB of storage, it is disabled by default.

U-Boot is built by the Debian project [1], and the SD card image
is provided by the NetBSD organization [2].

Once the compressed SD card image is downloaded (304MB) and
extracted, this test is fast:

  $ AVOCADO_ALLOW_LARGE_STORAGE=yes \
avocado --show=app,console run -t machine:orangepi-pc \
  tests/acceptance/boot_linux_console.py
  console: U-Boot SPL 2020.01+dfsg-1 (Jan 08 2020 - 08:19:44 +)
  console: DRAM: 1024 MiB
  console: U-Boot 2020.01+dfsg-1 (Jan 08 2020 - 08:19:44 +) Allwinner 
Technology
  console: CPU:   Allwinner H3 (SUN8I )
  console: scanning bus usb@1c1b000 for devices... 1 USB Device(s) found
  console: scanning bus usb@1c1d000 for devices... 1 USB Device(s) found
  console: scanning usb for storage devices... 0 Storage Device(s) found
  console: Hit any key to stop autoboot:  0
  console: => setenv bootargs root=ld0a
  console: => setenv kernel netbsd-GENERIC.ub
  console: => setenv fdtfile dtb/sun8i-h3-orangepi-pc.dtb
  console: => boot
  console: ## Booting kernel from Legacy Image at 4200 ...
  console: Image Name:   NetBSD/earmv7hf 9.0_RC1
  console: Image Type:   ARM Linux Kernel Image (no loading done) (uncompressed)
  console: XIP Kernel Image (no loading done)
  console: Loading Device Tree to 49ff6000, end 49fffe01 ... OK
  console: Starting kernel ...
  console: [   1.000] NetBSD/evbarm (fdt) booting ...
  console: [   1.000] NetBSD 9.0 (GENERIC) #0: Fri Feb 14 00:06:28 UTC 2020
  console: [   1.000] 
mkre...@mkrepro.netbsd.org:/usr/src/sys/arch/evbarm/compile/GENERIC
  console: [   1.000] total memory = 1024 MB
  console: [   1.000] avail memory = 1003 MB
  console: [   1.000] armfdt0 (root)
  console: [   1.000] simplebus0 at armfdt0: Xunlong Orange Pi PC
  console: [   1.000] cpu0 at cpus0: Cortex-A7 r0p5 (Cortex V7A core)
  console: [   1.000] cpu0: DC enabled IC enabled WB enabled LABT branch 
prediction enabled
  console: [   1.000] cpu0: 32KB/64B 2-way L1 VIPT Instruction cache
  console: [   1.000] cpu0: 32KB/64B 2-way write-back-locking-C L1 PIPT 
Data cache
  console: [   1.000] cpu0: 2304KB/64B 16-way write-through L2 PIPT Unified 
cache
  console: [   1.000] vfp0 at cpu0: NEON MPE (VFP 3.0+), rounding, NaN 
propagation, denormals
  ...
  console: [   2.3812082] sdmmc0: SD card status: 4-bit, C0
  console: [   2.3812082] ld0 at sdmmc0: 
<0xaa:0x5859:QEMU!:0x01:0xdeadbeef:0x062>
  console: [   2.4012856] ld0: 1226 MB, 622 cyl, 64 head, 63 sec, 512 
bytes/sect x 2511872 sectors
  console: [   2.5321222] ld0: 4-bit width, High-Speed/SDR25, 50.000 MHz
  console: [   3.1068718] WARNING: 4 errors while detecting hardware; check 
system log.
  console: [   3.1179868] boot device: ld0
  console: [   3.1470623] root on ld0a dumps on ld0b
  console: [   3.2464436] root file system type: ffs
  console: [   3.2897123] kern.module.path=/stand/evbarm/9.0/modules
  console: Mon Feb 17 20:33:35 UTC 2020
  console: Starting root file system check:
  PASS (35.96 s)
  RESULTS: PASS 1 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | 
CANCEL 0
  JOB TIME   : 36.09 s

Note, this test only took ~65 seconds to run on Travis-CI, see: [3].

This test is based on a description from Niek Linnenbank from [4].

[1] 
https://wiki.debian.org/InstallingDebianOn/Allwinner#Creating_a_bootable_SD_Card_with_u-boot
[2] https://wiki.netbsd.org/ports/evbarm/allwinner/
[3] https://travis-ci.org/philmd/qemu/jobs/638823612#L3778
[4] https://www.mail-archive.com/qemu-devel@nongnu.org/msg669347.html

Signed-off-by: Philippe Mathieu-Daudé 
[NL: changed test to use NetBSD 9.0 final release and -global 
allwinner-rtc.base-year]
Tested-by: Niek Linnenbank 
Signed-off-by: Niek Linnenbank 
---
 tests/acceptance/boot_linux_console.py | 70 ++
 1 file changed, 70 insertions(+)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index a70ac4a6cc..1369354ac2 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -16,6 +16,7 @@ import shutil
 from avocado import skipUnless
 from avocado_qemu import Test
 from avocado_qemu import exec_command_and_wait_for_pattern
+from avocado_qemu import interrupt_interactive_console_until_pattern
 from avocado_qemu import wait_for_console_pattern
 from avocado.utils import process
 from avocado.utils import archive
@@ -661,6 +662,75 @@ class BootLinuxConsole(Test):
   'to ')
 self.wait_for_console_pattern('Starting Load Kernel Modules...')
 
+@skipUnless(os.getenv('AVOCADO_ALLOW_LARGE_STORAGE'), 'storage limited')
+def test_arm_orangepi_uboot_netbsd9(self):
+"""
+:avocado: tags=arch:arm
+:avocado: tags=machine:orangepi-pc
+"""
+   

[PATCH v5 11/18] hw/arm/allwinner-h3: add SDRAM controller device

[Niek Linnenbank]

In the Allwinner H3 SoC the SDRAM controller is responsible
for interfacing with the external Synchronous Dynamic Random
Access Memory (SDRAM). Types of memory that the SDRAM controller
supports are DDR2/DDR3 and capacities of up to 2GiB. This commit
adds emulation support of the Allwinner H3 SDRAM controller.

Signed-off-by: Niek Linnenbank 
---
 include/hw/arm/allwinner-h3.h|   5 +
 include/hw/misc/allwinner-h3-dramc.h | 106 
 hw/arm/allwinner-h3.c|  19 +-
 hw/arm/orangepi.c|   6 +
 hw/misc/allwinner-h3-dramc.c | 358 +++
 hw/misc/Makefile.objs|   1 +
 hw/misc/trace-events |  10 +
 7 files changed, 502 insertions(+), 3 deletions(-)
 create mode 100644 include/hw/misc/allwinner-h3-dramc.h
 create mode 100644 hw/misc/allwinner-h3-dramc.c

diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
index d338003724..065d020c73 100644
--- a/include/hw/arm/allwinner-h3.h
+++ b/include/hw/arm/allwinner-h3.h
@@ -41,6 +41,7 @@
 #include "hw/intc/arm_gic.h"
 #include "hw/misc/allwinner-h3-ccu.h"
 #include "hw/misc/allwinner-cpucfg.h"
+#include "hw/misc/allwinner-h3-dramc.h"
 #include "hw/misc/allwinner-h3-sysctrl.h"
 #include "hw/misc/allwinner-sid.h"
 #include "hw/sd/allwinner-sdhost.h"
@@ -80,6 +81,9 @@ enum {
 AW_H3_UART2,
 AW_H3_UART3,
 AW_H3_EMAC,
+AW_H3_DRAMCOM,
+AW_H3_DRAMCTL,
+AW_H3_DRAMPHY,
 AW_H3_GIC_DIST,
 AW_H3_GIC_CPU,
 AW_H3_GIC_HYP,
@@ -120,6 +124,7 @@ typedef struct AwH3State {
 AwA10PITState timer;
 AwH3ClockCtlState ccu;
 AwCpuCfgState cpucfg;
+AwH3DramCtlState dramc;
 AwH3SysCtrlState sysctrl;
 AwSidState sid;
 AwSdHostState mmc0;
diff --git a/include/hw/misc/allwinner-h3-dramc.h 
b/include/hw/misc/allwinner-h3-dramc.h
new file mode 100644
index 00..bacdf236b7
--- /dev/null
+++ b/include/hw/misc/allwinner-h3-dramc.h
@@ -0,0 +1,106 @@
+/*
+ * Allwinner H3 SDRAM Controller emulation
+ *
+ * Copyright (C) 2019 Niek Linnenbank 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#ifndef HW_MISC_ALLWINNER_H3_DRAMC_H
+#define HW_MISC_ALLWINNER_H3_DRAMC_H
+
+#include "qom/object.h"
+#include "hw/sysbus.h"
+#include "exec/hwaddr.h"
+
+/**
+ * Constants
+ * @{
+ */
+
+/** Highest register address used by DRAMCOM module */
+#define AW_H3_DRAMCOM_REGS_MAXADDR  (0x804)
+
+/** Total number of known DRAMCOM registers */
+#define AW_H3_DRAMCOM_REGS_NUM  (AW_H3_DRAMCOM_REGS_MAXADDR / \
+ sizeof(uint32_t))
+
+/** Highest register address used by DRAMCTL module */
+#define AW_H3_DRAMCTL_REGS_MAXADDR  (0x88c)
+
+/** Total number of known DRAMCTL registers */
+#define AW_H3_DRAMCTL_REGS_NUM  (AW_H3_DRAMCTL_REGS_MAXADDR / \
+ sizeof(uint32_t))
+
+/** Highest register address used by DRAMPHY module */
+#define AW_H3_DRAMPHY_REGS_MAXADDR  (0x4)
+
+/** Total number of known DRAMPHY registers */
+#define AW_H3_DRAMPHY_REGS_NUM  (AW_H3_DRAMPHY_REGS_MAXADDR / \
+ sizeof(uint32_t))
+
+/** @} */
+
+/**
+ * Object model
+ * @{
+ */
+
+#define TYPE_AW_H3_DRAMC "allwinner-h3-dramc"
+#define AW_H3_DRAMC(obj) \
+OBJECT_CHECK(AwH3DramCtlState, (obj), TYPE_AW_H3_DRAMC)
+
+/** @} */
+
+/**
+ * Allwinner H3 SDRAM Controller object instance state.
+ */
+typedef struct AwH3DramCtlState {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public >*/
+
+/** Physical base address for start of RAM */
+hwaddr ram_addr;
+
+/** Total RAM size in megabytes */
+uint32_t ram_size;
+
+/**
+ * @name Memory Regions
+ * @{
+ */
+
+MemoryRegion row_mirror;   /**< Simulates rows for RAM size detection 
*/
+MemoryRegion row_mirror_alias; /**< Alias of the row which is mirrored */
+MemoryRegion dramcom_iomem;/**< DRAMCOM module I/O registers */
+MemoryRegion dramctl_iomem;/**< DRAMCTL module I/O registers */
+MemoryRegion dramphy_iomem;/**< DRAMPHY module I/O registers */
+
+/** @} */
+
+/**
+ * @name Hardware Registers
+ * @{
+ */
+
+uint32_t dramcom[AW_H3_DRAMCOM_REGS_NUM]; /**< Array of DRAMCOM registers 
*/
+uint32_t dramctl[AW_H3_DRAMCTL_REGS_NUM]; /**< Array of DRAMCTL registers 
*/
+uint32_t 

[PATCH v5 14/18] tests/boot_linux_console: Add initrd test for the Orange Pi PC board

[Niek Linnenbank]

From: Philippe Mathieu-Daudé 

This test boots a Linux kernel on a OrangePi PC board and verify
the serial output is working.

The kernel image and DeviceTree blob are built by the Armbian
project (based on Debian):
https://www.armbian.com/orange-pi-pc/

The cpio image used comes from the linux-build-test project:
https://github.com/groeck/linux-build-test

If ARM is a target being built, "make check-acceptance" will
automatically include this test by the use of the "arch:arm" tags.

Alternatively, this test can be run using:

  $ avocado --show=console run -t machine:orangepi-pc 
tests/acceptance/boot_linux_console.py
  console: Uncompressing Linux... done, booting the kernel.
  console: Booting Linux on physical CPU 0x0
  console: Linux version 4.20.7-sunxi (r...@armbian.com) (gcc version 7.2.1 
20171011 (Linaro GCC 7.2-2017.11)) #5.75 SMP Fri Feb 8 09:02:10 CET 2019
  console: CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=50c5387d
  console: CPU: div instructions available: patching division code
  console: CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction 
cache
  console: OF: fdt: Machine model: Xunlong Orange Pi PC
  [...]
  console: Trying to unpack rootfs image as initramfs...
  console: Freeing initrd memory: 3256K
  console: Freeing unused kernel memory: 1024K
  console: Run /init as init process
  console: mount: mounting devtmpfs on /dev failed: Device or resource busy
  console: Starting logging: OK
  console: Initializing random number generator... random: dd: uninitialized 
urandom read (512 bytes read)
  console: done.
  console: Starting network: OK
  console: Found console ttyS0
  console: Linux version 4.20.7-sunxi (r...@armbian.com) (gcc version 7.2.1 
20171011 (Linaro GCC 7.2-2017.11)) #5.75 SMP Fri Feb 8 09:02:10 CET 2019
  console: Boot successful.
  console: cat /proc/cpuinfo
  console: / # cat /proc/cpuinfo
  console: processor  : 0
  console: model name : ARMv7 Processor rev 5 (v7l)
  console: BogoMIPS   : 125.00
  console: Features   : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 
idiva idivt vfpd32 lpae evtstrm
  console: CPU implementer: 0x41
  console: CPU architecture: 7
  console: CPU variant: 0x0
  console: CPU part   : 0xc07
  console: CPU revision   : 5
  [...]
  console: processor  : 3
  console: model name : ARMv7 Processor rev 5 (v7l)
  console: BogoMIPS   : 125.00
  console: Features   : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 
idiva idivt vfpd32 lpae evtstrm
  console: CPU implementer: 0x41
  console: CPU architecture: 7
  console: CPU variant: 0x0
  console: CPU part   : 0xc07
  console: CPU revision   : 5
  console: Hardware   : Allwinner sun8i Family
  console: Revision   : 
  console: Serial : 
  console: cat /proc/iomem
  console: / # cat /proc/iomem
  console: 0100-010f : clock@100
  console: 01c0-01c00fff : system-control@1c0
  console: 01c02000-01c02fff : dma-controller@1c02000
  [...]
  console: reboot
  console: / # reboot
  console: / # Found console ttyS0
  console: Stopping network: OK
  console: hrtimer: interrupt took 21852064 ns
  console: Saving random seed... random: dd: uninitialized urandom read (512 
bytes read)
  console: done.
  console: Stopping logging: OK
  console: umount: devtmpfs busy - remounted read-only
  console: umount: can't unmount /: Invalid argument
  console: The system is going down NOW!
  console: Sent SIGTERM to all processes
  console: Sent SIGKILL to all processes
  console: Requesting system reboot
  console: reboot: Restarting system
  PASS (48.32 s)
  JOB TIME   : 49.16 s

Signed-off-by: Philippe Mathieu-Daudé 
[NL: rename in commit message Raspbian to Armbian, remove vm.set_machine()]
Signed-off-by: Niek Linnenbank 
---
 tests/acceptance/boot_linux_console.py | 40 ++
 1 file changed, 40 insertions(+)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index 6f5af582f3..dabc8ef2af 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -532,6 +532,46 @@ class BootLinuxConsole(Test):
 console_pattern = 'Kernel command line: %s' % kernel_command_line
 self.wait_for_console_pattern(console_pattern)
 
+def test_arm_orangepi_initrd(self):
+"""
+:avocado: tags=arch:arm
+:avocado: tags=machine:orangepi-pc
+"""
+deb_url = ('https://apt.armbian.com/pool/main/l/'
+   'linux-4.20.7-sunxi/linux-image-dev-sunxi_5.75_armhf.deb')
+deb_hash = '1334c29c44d984ffa05ed10de8c3361f33d78315'
+deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+kernel_path = self.extract_from_deb(deb_path,
+'/boot/vmlinuz-4.20.7-sunxi')
+dtb_path = '/usr/lib/linux-image-dev-sunxi/sun8i-h3-orangepi-pc.dtb'
+dtb_path = 

[PATCH v5 05/18] hw/arm/allwinner-h3: add System Control module

[Niek Linnenbank]

The Allwinner H3 System on Chip has an System Control
module that provides system wide generic controls and
device information. This commit adds support for the
Allwinner H3 System Control module.

Signed-off-by: Niek Linnenbank 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 include/hw/arm/allwinner-h3.h  |   3 +
 include/hw/misc/allwinner-h3-sysctrl.h |  67 
 hw/arm/allwinner-h3.c  |   9 +-
 hw/misc/allwinner-h3-sysctrl.c | 140 +
 hw/misc/Makefile.objs  |   1 +
 5 files changed, 219 insertions(+), 1 deletion(-)
 create mode 100644 include/hw/misc/allwinner-h3-sysctrl.h
 create mode 100644 hw/misc/allwinner-h3-sysctrl.c

diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
index 4f4dcbcd17..43500c4262 100644
--- a/include/hw/arm/allwinner-h3.h
+++ b/include/hw/arm/allwinner-h3.h
@@ -40,6 +40,7 @@
 #include "hw/timer/allwinner-a10-pit.h"
 #include "hw/intc/arm_gic.h"
 #include "hw/misc/allwinner-h3-ccu.h"
+#include "hw/misc/allwinner-h3-sysctrl.h"
 #include "target/arm/cpu.h"
 
 /**
@@ -56,6 +57,7 @@ enum {
 AW_H3_SRAM_A1,
 AW_H3_SRAM_A2,
 AW_H3_SRAM_C,
+AW_H3_SYSCTRL,
 AW_H3_EHCI0,
 AW_H3_OHCI0,
 AW_H3_EHCI1,
@@ -108,6 +110,7 @@ typedef struct AwH3State {
 const hwaddr *memmap;
 AwA10PITState timer;
 AwH3ClockCtlState ccu;
+AwH3SysCtrlState sysctrl;
 GICState gic;
 MemoryRegion sram_a1;
 MemoryRegion sram_a2;
diff --git a/include/hw/misc/allwinner-h3-sysctrl.h 
b/include/hw/misc/allwinner-h3-sysctrl.h
new file mode 100644
index 00..af4119e026
--- /dev/null
+++ b/include/hw/misc/allwinner-h3-sysctrl.h
@@ -0,0 +1,67 @@
+/*
+ * Allwinner H3 System Control emulation
+ *
+ * Copyright (C) 2019 Niek Linnenbank 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#ifndef HW_MISC_ALLWINNER_H3_SYSCTRL_H
+#define HW_MISC_ALLWINNER_H3_SYSCTRL_H
+
+#include "qom/object.h"
+#include "hw/sysbus.h"
+
+/**
+ * @name Constants
+ * @{
+ */
+
+/** Highest register address used by System Control device */
+#define AW_H3_SYSCTRL_REGS_MAXADDR   (0x30)
+
+/** Total number of known registers */
+#define AW_H3_SYSCTRL_REGS_NUM   ((AW_H3_SYSCTRL_REGS_MAXADDR / \
+  sizeof(uint32_t)) + 1)
+
+/** @} */
+
+/**
+ * @name Object model
+ * @{
+ */
+
+#define TYPE_AW_H3_SYSCTRL"allwinner-h3-sysctrl"
+#define AW_H3_SYSCTRL(obj) \
+OBJECT_CHECK(AwH3SysCtrlState, (obj), TYPE_AW_H3_SYSCTRL)
+
+/** @} */
+
+/**
+ * Allwinner H3 System Control object instance state
+ */
+typedef struct AwH3SysCtrlState {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public >*/
+
+/** Maps I/O registers in physical memory */
+MemoryRegion iomem;
+
+/** Array of hardware registers */
+uint32_t regs[AW_H3_SYSCTRL_REGS_NUM];
+
+} AwH3SysCtrlState;
+
+#endif /* HW_MISC_ALLWINNER_H3_SYSCTRL_H */
diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
index c205f06738..0aa46712db 100644
--- a/hw/arm/allwinner-h3.c
+++ b/hw/arm/allwinner-h3.c
@@ -37,6 +37,7 @@ const hwaddr allwinner_h3_memmap[] = {
 [AW_H3_SRAM_A1]= 0x,
 [AW_H3_SRAM_A2]= 0x00044000,
 [AW_H3_SRAM_C] = 0x0001,
+[AW_H3_SYSCTRL]= 0x01c0,
 [AW_H3_EHCI0]  = 0x01c1a000,
 [AW_H3_OHCI0]  = 0x01c1a400,
 [AW_H3_EHCI1]  = 0x01c1b000,
@@ -66,7 +67,6 @@ struct AwH3Unimplemented {
 } unimplemented[] = {
 { "d-engine",  0x0100, 4 * MiB },
 { "d-inter",   0x0140, 128 * KiB },
-{ "syscon",0x01c0, 4 * KiB },
 { "dma",   0x01c02000, 4 * KiB },
 { "nfdc",  0x01c03000, 4 * KiB },
 { "ts",0x01c06000, 4 * KiB },
@@ -192,6 +192,9 @@ static void allwinner_h3_init(Object *obj)
 
 sysbus_init_child_obj(obj, "ccu", >ccu, sizeof(s->ccu),
   TYPE_AW_H3_CCU);
+
+sysbus_init_child_obj(obj, "sysctrl", >sysctrl, sizeof(s->sysctrl),
+  TYPE_AW_H3_SYSCTRL);
 }
 
 static void allwinner_h3_realize(DeviceState *dev, Error **errp)
@@ -301,6 +304,10 @@ static void allwinner_h3_realize(DeviceState *dev, Error 
**errp)
 qdev_init_nofail(DEVICE(>ccu));
 sysbus_mmio_map(SYS_BUS_DEVICE(>ccu), 0, s->memmap[AW_H3_CCU]);
 
+/* System Control */
+

[PATCH v5 03/18] hw/arm/allwinner-h3: add Clock Control Unit

[Niek Linnenbank]

The Clock Control Unit is responsible for clock signal generation,
configuration and distribution in the Allwinner H3 System on Chip.
This commit adds support for the Clock Control Unit which emulates
a simple read/write register interface.

Signed-off-by: Niek Linnenbank 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 include/hw/arm/allwinner-h3.h  |   3 +
 include/hw/misc/allwinner-h3-ccu.h |  66 
 hw/arm/allwinner-h3.c  |   9 +-
 hw/misc/allwinner-h3-ccu.c | 242 +
 hw/misc/Makefile.objs  |   1 +
 5 files changed, 320 insertions(+), 1 deletion(-)
 create mode 100644 include/hw/misc/allwinner-h3-ccu.h
 create mode 100644 hw/misc/allwinner-h3-ccu.c

diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
index 2aac9b78ec..abdc20871a 100644
--- a/include/hw/arm/allwinner-h3.h
+++ b/include/hw/arm/allwinner-h3.h
@@ -39,6 +39,7 @@
 #include "hw/arm/boot.h"
 #include "hw/timer/allwinner-a10-pit.h"
 #include "hw/intc/arm_gic.h"
+#include "hw/misc/allwinner-h3-ccu.h"
 #include "target/arm/cpu.h"
 
 /**
@@ -55,6 +56,7 @@ enum {
 AW_H3_SRAM_A1,
 AW_H3_SRAM_A2,
 AW_H3_SRAM_C,
+AW_H3_CCU,
 AW_H3_PIT,
 AW_H3_UART0,
 AW_H3_UART1,
@@ -97,6 +99,7 @@ typedef struct AwH3State {
 ARMCPU cpus[AW_H3_NUM_CPUS];
 const hwaddr *memmap;
 AwA10PITState timer;
+AwH3ClockCtlState ccu;
 GICState gic;
 MemoryRegion sram_a1;
 MemoryRegion sram_a2;
diff --git a/include/hw/misc/allwinner-h3-ccu.h 
b/include/hw/misc/allwinner-h3-ccu.h
new file mode 100644
index 00..eec59649f3
--- /dev/null
+++ b/include/hw/misc/allwinner-h3-ccu.h
@@ -0,0 +1,66 @@
+/*
+ * Allwinner H3 Clock Control Unit emulation
+ *
+ * Copyright (C) 2019 Niek Linnenbank 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#ifndef HW_MISC_ALLWINNER_H3_CCU_H
+#define HW_MISC_ALLWINNER_H3_CCU_H
+
+#include "qom/object.h"
+#include "hw/sysbus.h"
+
+/**
+ * @name Constants
+ * @{
+ */
+
+/** Size of register I/O address space used by CCU device */
+#define AW_H3_CCU_IOSIZE(0x400)
+
+/** Total number of known registers */
+#define AW_H3_CCU_REGS_NUM  (AW_H3_CCU_IOSIZE / sizeof(uint32_t))
+
+/** @} */
+
+/**
+ * @name Object model
+ * @{
+ */
+
+#define TYPE_AW_H3_CCU"allwinner-h3-ccu"
+#define AW_H3_CCU(obj) \
+OBJECT_CHECK(AwH3ClockCtlState, (obj), TYPE_AW_H3_CCU)
+
+/** @} */
+
+/**
+ * Allwinner H3 CCU object instance state.
+ */
+typedef struct AwH3ClockCtlState {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public >*/
+
+/** Maps I/O registers in physical memory */
+MemoryRegion iomem;
+
+/** Array of hardware registers */
+uint32_t regs[AW_H3_CCU_REGS_NUM];
+
+} AwH3ClockCtlState;
+
+#endif /* HW_MISC_ALLWINNER_H3_CCU_H */
diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
index 7958f37685..1fff3c317b 100644
--- a/hw/arm/allwinner-h3.c
+++ b/hw/arm/allwinner-h3.c
@@ -36,6 +36,7 @@ const hwaddr allwinner_h3_memmap[] = {
 [AW_H3_SRAM_A1]= 0x,
 [AW_H3_SRAM_A2]= 0x00044000,
 [AW_H3_SRAM_C] = 0x0001,
+[AW_H3_CCU]= 0x01c2,
 [AW_H3_PIT]= 0x01c20c00,
 [AW_H3_UART0]  = 0x01c28000,
 [AW_H3_UART1]  = 0x01c28400,
@@ -77,7 +78,6 @@ struct AwH3Unimplemented {
 { "usb2-phy",  0x01c1c000, 4 * KiB },
 { "usb3-phy",  0x01c1d000, 4 * KiB },
 { "smc",   0x01c1e000, 4 * KiB },
-{ "ccu",   0x01c2, 1 * KiB },
 { "pio",   0x01c20800, 1 * KiB },
 { "owa",   0x01c21000, 1 * KiB },
 { "pwm",   0x01c21400, 1 * KiB },
@@ -172,6 +172,9 @@ static void allwinner_h3_init(Object *obj)
   "clk0-freq", _abort);
 object_property_add_alias(obj, "clk1-freq", OBJECT(>timer),
   "clk1-freq", _abort);
+
+sysbus_init_child_obj(obj, "ccu", >ccu, sizeof(s->ccu),
+  TYPE_AW_H3_CCU);
 }
 
 static void allwinner_h3_realize(DeviceState *dev, Error **errp)
@@ -277,6 +280,10 @@ static void allwinner_h3_realize(DeviceState *dev, Error 
**errp)
 memory_region_add_subregion(get_system_memory(), s->memmap[AW_H3_SRAM_C],
 >sram_c);
 
+/* Clock Control Unit */
+qdev_init_nofail(DEVICE(>ccu));
+

[PATCH v5 06/18] hw/arm/allwinner: add CPU Configuration module

[Niek Linnenbank]

Various Allwinner System on Chip designs contain multiple processors
that can be configured and reset using the generic CPU Configuration
module interface. This commit adds support for the Allwinner CPU
configuration interface which emulates the following features:

 * CPU reset
 * CPU status

Signed-off-by: Niek Linnenbank 
---
 include/hw/arm/allwinner-h3.h  |   3 +
 include/hw/misc/allwinner-cpucfg.h |  52 ++
 hw/arm/allwinner-h3.c  |   9 +-
 hw/misc/allwinner-cpucfg.c | 270 +
 hw/misc/Makefile.objs  |   1 +
 hw/misc/trace-events   |   5 +
 6 files changed, 339 insertions(+), 1 deletion(-)
 create mode 100644 include/hw/misc/allwinner-cpucfg.h
 create mode 100644 hw/misc/allwinner-cpucfg.c

diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
index 43500c4262..dc729176ab 100644
--- a/include/hw/arm/allwinner-h3.h
+++ b/include/hw/arm/allwinner-h3.h
@@ -40,6 +40,7 @@
 #include "hw/timer/allwinner-a10-pit.h"
 #include "hw/intc/arm_gic.h"
 #include "hw/misc/allwinner-h3-ccu.h"
+#include "hw/misc/allwinner-cpucfg.h"
 #include "hw/misc/allwinner-h3-sysctrl.h"
 #include "target/arm/cpu.h"
 
@@ -76,6 +77,7 @@ enum {
 AW_H3_GIC_CPU,
 AW_H3_GIC_HYP,
 AW_H3_GIC_VCPU,
+AW_H3_CPUCFG,
 AW_H3_SDRAM
 };
 
@@ -110,6 +112,7 @@ typedef struct AwH3State {
 const hwaddr *memmap;
 AwA10PITState timer;
 AwH3ClockCtlState ccu;
+AwCpuCfgState cpucfg;
 AwH3SysCtrlState sysctrl;
 GICState gic;
 MemoryRegion sram_a1;
diff --git a/include/hw/misc/allwinner-cpucfg.h 
b/include/hw/misc/allwinner-cpucfg.h
new file mode 100644
index 00..2c3693a8be
--- /dev/null
+++ b/include/hw/misc/allwinner-cpucfg.h
@@ -0,0 +1,52 @@
+/*
+ * Allwinner CPU Configuration Module emulation
+ *
+ * Copyright (C) 2019 Niek Linnenbank 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#ifndef HW_MISC_ALLWINNER_CPUCFG_H
+#define HW_MISC_ALLWINNER_CPUCFG_H
+
+#include "qom/object.h"
+#include "hw/sysbus.h"
+
+/**
+ * Object model
+ * @{
+ */
+
+#define TYPE_AW_CPUCFG   "allwinner-cpucfg"
+#define AW_CPUCFG(obj) \
+OBJECT_CHECK(AwCpuCfgState, (obj), TYPE_AW_CPUCFG)
+
+/** @} */
+
+/**
+ * Allwinner CPU Configuration Module instance state
+ */
+typedef struct AwCpuCfgState {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public >*/
+
+MemoryRegion iomem;
+uint32_t gen_ctrl;
+uint32_t super_standby;
+uint32_t entry_addr;
+
+} AwCpuCfgState;
+
+#endif /* HW_MISC_ALLWINNER_CPUCFG_H */
diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
index 0aa46712db..b9a5597f2a 100644
--- a/hw/arm/allwinner-h3.c
+++ b/hw/arm/allwinner-h3.c
@@ -56,6 +56,7 @@ const hwaddr allwinner_h3_memmap[] = {
 [AW_H3_GIC_CPU]= 0x01c82000,
 [AW_H3_GIC_HYP]= 0x01c84000,
 [AW_H3_GIC_VCPU]   = 0x01c86000,
+[AW_H3_CPUCFG] = 0x01f01c00,
 [AW_H3_SDRAM]  = 0x4000
 };
 
@@ -122,7 +123,6 @@ struct AwH3Unimplemented {
 { "r_wdog",0x01f01000, 1 * KiB },
 { "r_prcm",0x01f01400, 1 * KiB },
 { "r_twd", 0x01f01800, 1 * KiB },
-{ "r_cpucfg",  0x01f01c00, 1 * KiB },
 { "r_cir-rx",  0x01f02000, 1 * KiB },
 { "r_twi", 0x01f02400, 1 * KiB },
 { "r_uart",0x01f02800, 1 * KiB },
@@ -195,6 +195,9 @@ static void allwinner_h3_init(Object *obj)
 
 sysbus_init_child_obj(obj, "sysctrl", >sysctrl, sizeof(s->sysctrl),
   TYPE_AW_H3_SYSCTRL);
+
+sysbus_init_child_obj(obj, "cpucfg", >cpucfg, sizeof(s->cpucfg),
+  TYPE_AW_CPUCFG);
 }
 
 static void allwinner_h3_realize(DeviceState *dev, Error **errp)
@@ -308,6 +311,10 @@ static void allwinner_h3_realize(DeviceState *dev, Error 
**errp)
 qdev_init_nofail(DEVICE(>sysctrl));
 sysbus_mmio_map(SYS_BUS_DEVICE(>sysctrl), 0, s->memmap[AW_H3_SYSCTRL]);
 
+/* CPU Configuration */
+qdev_init_nofail(DEVICE(>cpucfg));
+sysbus_mmio_map(SYS_BUS_DEVICE(>cpucfg), 0, s->memmap[AW_H3_CPUCFG]);
+
 /* Universal Serial Bus */
 sysbus_create_simple(TYPE_AW_H3_EHCI, s->memmap[AW_H3_EHCI0],
  qdev_get_gpio_in(DEVICE(>gic),
diff --git a/hw/misc/allwinner-cpucfg.c b/hw/misc/allwinner-cpucfg.c
new file mode 100644
index 00..88b1b0bac3
--- /dev/null
+++ b/hw/misc/allwinner-cpucfg.c
@@ -0,0 +1,270 @@

[PATCH v5 13/18] tests/boot_linux_console: Add a quick test for the OrangePi PC board

[Niek Linnenbank]

From: Philippe Mathieu-Daudé 

This test boots a Linux kernel on a OrangePi PC board and verify
the serial output is working.

The kernel image and DeviceTree blob are built by the Armbian
project (based on Debian):
https://www.armbian.com/orange-pi-pc/

If ARM is a target being built, "make check-acceptance" will
automatically include this test by the use of the "arch:arm" tags.

Alternatively, this test can be run using:

  $ make check-venv
  $ ./tests/venv/bin/avocado --show=console,app run -t machine:orangepi-pc 
tests/acceptance/boot_linux_console.py
  JOB ID : 2e4d15eceb13c33672af406f08171e6e9de1414a
  JOB LOG: ~/job-results/job-2019-12-17T05.46-2e4d15e/job.log
  (1/1) 
tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_arm_orangepi:
  console: Uncompressing Linux... done, booting the kernel.
  console: Booting Linux on physical CPU 0x0
  console: Linux version 4.20.7-sunxi (r...@armbian.com) (gcc version 7.2.1 
20171011 (Linaro GCC 7.2-2017.11)) #5.75 SMP Fri Feb 8 09:02:10 CET 2019
  console: CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=50c5387d
  console: CPU: div instructions available: patching division code
  console: CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction 
cache
  console: OF: fdt: Machine model: Xunlong Orange Pi PC
  console: Memory policy: Data cache writealloc
  console: OF: reserved mem: failed to allocate memory for node 'cma@4a00'
  console: cma: Failed to reserve 128 MiB
  console: psci: probing for conduit method from DT.
  console: psci: PSCIv0.2 detected in firmware.
  console: psci: Using standard PSCI v0.2 function IDs
  console: psci: Trusted OS migration not required
  console: random: get_random_bytes called from start_kernel+0x8d/0x3c2 with 
crng_init=0
  console: percpu: Embedded 18 pages/cpu @(ptrval) s41228 r8192 d24308 u73728
  console: Built 1 zonelists, mobility grouping on.  Total pages: 32480
  console: Kernel command line: printk.time=0 console=ttyS0,115200
  PASS (8.59 s)
  JOB TIME   : 8.81 s

Signed-off-by: Philippe Mathieu-Daudé 
[NL: rename in commit message Raspbian to Armbian, remove vm.set_machine()]
Signed-off-by: Niek Linnenbank 
---
 tests/acceptance/boot_linux_console.py | 25 +
 1 file changed, 25 insertions(+)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index 34d37eba3b..6f5af582f3 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -507,6 +507,31 @@ class BootLinuxConsole(Test):
 exec_command_and_wait_for_pattern(self, 'reboot',
 'reboot: Restarting system')
 
+def test_arm_orangepi(self):
+"""
+:avocado: tags=arch:arm
+:avocado: tags=machine:orangepi-pc
+"""
+deb_url = ('https://apt.armbian.com/pool/main/l/'
+   'linux-4.20.7-sunxi/linux-image-dev-sunxi_5.75_armhf.deb')
+deb_hash = '1334c29c44d984ffa05ed10de8c3361f33d78315'
+deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+kernel_path = self.extract_from_deb(deb_path,
+'/boot/vmlinuz-4.20.7-sunxi')
+dtb_path = '/usr/lib/linux-image-dev-sunxi/sun8i-h3-orangepi-pc.dtb'
+dtb_path = self.extract_from_deb(deb_path, dtb_path)
+
+self.vm.set_console()
+kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE +
+   'console=ttyS0,115200n8 '
+   'earlycon=uart,mmio32,0x1c28000')
+self.vm.add_args('-kernel', kernel_path,
+ '-dtb', dtb_path,
+ '-append', kernel_command_line)
+self.vm.launch()
+console_pattern = 'Kernel command line: %s' % kernel_command_line
+self.wait_for_console_pattern(console_pattern)
+
 def test_s390x_s390_ccw_virtio(self):
 """
 :avocado: tags=arch:s390x
-- 
2.17.1

[PATCH v5 02/18] hw/arm: add Xunlong Orange Pi PC machine

[Niek Linnenbank]

The Xunlong Orange Pi PC is an Allwinner H3 System on Chip
based embedded computer with mainline support in both U-Boot
and Linux. The board comes with a Quad Core Cortex A7 @ 1.3GHz,
1GiB RAM, 100Mbit ethernet, USB, SD/MMC, USB, HDMI and
various other I/O. This commit add support for the Xunlong
Orange Pi PC machine.

Signed-off-by: Niek Linnenbank 
Tested-by: KONRAD Frederic 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Acked-by: Igor Mammedov 
---
 hw/arm/orangepi.c| 95 
 MAINTAINERS  |  1 +
 hw/arm/Makefile.objs |  2 +-
 3 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/orangepi.c

diff --git a/hw/arm/orangepi.c b/hw/arm/orangepi.c
new file mode 100644
index 00..839cd4873c
--- /dev/null
+++ b/hw/arm/orangepi.c
@@ -0,0 +1,95 @@
+/*
+ * Orange Pi emulation
+ *
+ * Copyright (C) 2019 Niek Linnenbank 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/units.h"
+#include "exec/address-spaces.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "hw/sysbus.h"
+#include "hw/boards.h"
+#include "hw/qdev-properties.h"
+#include "hw/arm/allwinner-h3.h"
+#include "sysemu/sysemu.h"
+
+static struct arm_boot_info orangepi_binfo = {
+.nb_cpus = AW_H3_NUM_CPUS,
+};
+
+typedef struct OrangePiState {
+AwH3State *h3;
+MemoryRegion sdram;
+} OrangePiState;
+
+static void orangepi_init(MachineState *machine)
+{
+OrangePiState *s = g_new(OrangePiState, 1);
+
+/* BIOS is not supported by this board */
+if (bios_name) {
+error_report("BIOS not supported for this machine");
+exit(1);
+}
+
+/* This board has fixed size RAM */
+if (machine->ram_size != 1 * GiB) {
+error_report("This machine can only be used with 1GiB of RAM");
+exit(1);
+}
+
+/* Only allow Cortex-A7 for this board */
+if (strcmp(machine->cpu_type, ARM_CPU_TYPE_NAME("cortex-a7")) != 0) {
+error_report("This board can only be used with cortex-a7 CPU");
+exit(1);
+}
+
+s->h3 = AW_H3(object_new(TYPE_AW_H3));
+
+/* Setup timer properties */
+object_property_set_int(OBJECT(s->h3), 32768, "clk0-freq",
+_abort);
+object_property_set_int(OBJECT(s->h3), 24 * 1000 * 1000, "clk1-freq",
+_abort);
+
+/* Mark H3 object realized */
+object_property_set_bool(OBJECT(s->h3), true, "realized", _abort);
+
+/* SDRAM */
+memory_region_allocate_system_memory(>sdram, NULL, "sdram",
+ machine->ram_size);
+memory_region_add_subregion(get_system_memory(), 
s->h3->memmap[AW_H3_SDRAM],
+>sdram);
+
+orangepi_binfo.loader_start = s->h3->memmap[AW_H3_SDRAM];
+orangepi_binfo.ram_size = machine->ram_size;
+arm_load_kernel(ARM_CPU(first_cpu), machine, _binfo);
+}
+
+static void orangepi_machine_init(MachineClass *mc)
+{
+mc->desc = "Orange Pi PC";
+mc->init = orangepi_init;
+mc->min_cpus = AW_H3_NUM_CPUS;
+mc->max_cpus = AW_H3_NUM_CPUS;
+mc->default_cpus = AW_H3_NUM_CPUS;
+mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a7");
+mc->default_ram_size = 1 * GiB;
+}
+
+DEFINE_MACHINE("orangepi-pc", orangepi_machine_init)
diff --git a/MAINTAINERS b/MAINTAINERS
index a1ab79bdfb..8a93797b72 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -489,6 +489,7 @@ L: qemu-...@nongnu.org
 S: Maintained
 F: hw/*/allwinner-h3*
 F: include/hw/*/allwinner-h3*
+F: hw/arm/orangepi.c
 
 ARM PrimeCell and CMSDK devices
 M: Peter Maydell 
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index ae577e875f..534a6a119e 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -35,7 +35,7 @@ obj-$(CONFIG_DIGIC) += digic.o
 obj-$(CONFIG_OMAP) += omap1.o omap2.o
 obj-$(CONFIG_STRONGARM) += strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
-obj-$(CONFIG_ALLWINNER_H3) += allwinner-h3.o
+obj-$(CONFIG_ALLWINNER_H3) += allwinner-h3.o orangepi.o
 obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_STM32F405_SOC) += stm32f405_soc.o
-- 
2.17.1

[PATCH v5 10/18] hw/arm/allwinner-h3: add Boot ROM support

[Niek Linnenbank]

A real Allwinner H3 SoC contains a Boot ROM which is the
first code that runs right after the SoC is powered on.
The Boot ROM is responsible for loading user code (e.g. a bootloader)
from any of the supported external devices and writing the downloaded
code to internal SRAM. After loading the SoC begins executing the code
written to SRAM.

This commits adds emulation of the Boot ROM firmware setup functionality
by loading user code from SD card in the A1 SRAM. While the A1 SRAM is
64KiB, we limit the size to 32KiB because the real H3 Boot ROM also rejects
sizes larger than 32KiB. For reference, this behaviour is documented
by the Linux Sunxi project wiki at:

  https://linux-sunxi.org/BROM#U-Boot_SPL_limitations

Signed-off-by: Niek Linnenbank 
---
 include/hw/arm/allwinner-h3.h | 21 +
 hw/arm/allwinner-h3.c | 18 ++
 hw/arm/orangepi.c |  5 +
 3 files changed, 44 insertions(+)

diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
index f9b9a02373..d338003724 100644
--- a/include/hw/arm/allwinner-h3.h
+++ b/include/hw/arm/allwinner-h3.h
@@ -46,6 +46,7 @@
 #include "hw/sd/allwinner-sdhost.h"
 #include "hw/net/allwinner-sun8i-emac.h"
 #include "target/arm/cpu.h"
+#include "sysemu/block-backend.h"
 
 /**
  * Allwinner H3 device list
@@ -129,4 +130,24 @@ typedef struct AwH3State {
 MemoryRegion sram_c;
 } AwH3State;
 
+/**
+ * Emulate Boot ROM firmware setup functionality.
+ *
+ * A real Allwinner H3 SoC contains a Boot ROM
+ * which is the first code that runs right after
+ * the SoC is powered on. The Boot ROM is responsible
+ * for loading user code (e.g. a bootloader) from any
+ * of the supported external devices and writing the
+ * downloaded code to internal SRAM. After loading the SoC
+ * begins executing the code written to SRAM.
+ *
+ * This function emulates the Boot ROM by copying 32 KiB
+ * of data from the given block device and writes it to
+ * the start of the first internal SRAM memory.
+ *
+ * @s: Allwinner H3 state object pointer
+ * @blk: Block backend device object pointer
+ */
+void allwinner_h3_bootrom_setup(AwH3State *s, BlockBackend *blk);
+
 #endif /* HW_ARM_ALLWINNER_H3_H */
diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
index d1245d2b01..56b5c563a8 100644
--- a/hw/arm/allwinner-h3.c
+++ b/hw/arm/allwinner-h3.c
@@ -29,6 +29,7 @@
 #include "hw/char/serial.h"
 #include "hw/misc/unimp.h"
 #include "hw/usb/hcd-ehci.h"
+#include "hw/loader.h"
 #include "sysemu/sysemu.h"
 #include "hw/arm/allwinner-h3.h"
 
@@ -170,6 +171,23 @@ enum {
 AW_H3_GIC_NUM_SPI   = 128
 };
 
+void allwinner_h3_bootrom_setup(AwH3State *s, BlockBackend *blk)
+{
+const int64_t rom_size = 32 * KiB;
+uint8_t *buffer = g_new0(uint8_t, rom_size);
+
+if (blk_pread(blk, 8 * KiB, buffer, rom_size) < 0) {
+error_setg(_fatal, "%s: failed to read BlockBackend data",
+   __func__);
+return;
+}
+
+rom_add_blob("allwinner-h3.bootrom", buffer, rom_size,
+  rom_size, s->memmap[AW_H3_SRAM_A1],
+  NULL, NULL, NULL, NULL, false);
+g_free(buffer);
+}
+
 static void allwinner_h3_init(Object *obj)
 {
 AwH3State *s = AW_H3(obj);
diff --git a/hw/arm/orangepi.c b/hw/arm/orangepi.c
index 6bb49bf2a8..902fcfd11f 100644
--- a/hw/arm/orangepi.c
+++ b/hw/arm/orangepi.c
@@ -102,6 +102,11 @@ static void orangepi_init(MachineState *machine)
 memory_region_add_subregion(get_system_memory(), 
s->h3->memmap[AW_H3_SDRAM],
 >sdram);
 
+/* Load target kernel or start using BootROM */
+if (!machine->kernel_filename && blk_is_available(blk)) {
+/* Use Boot ROM to copy data from SD card to SRAM */
+allwinner_h3_bootrom_setup(s->h3, blk);
+}
 orangepi_binfo.loader_start = s->h3->memmap[AW_H3_SDRAM];
 orangepi_binfo.ram_size = machine->ram_size;
 arm_load_kernel(ARM_CPU(first_cpu), machine, _binfo);
-- 
2.17.1

[PATCH v5 00/18] Add Allwinner H3 SoC and Orange Pi PC Machine

[Niek Linnenbank]

Dear QEMU developers,

Hereby I would like to contribute the following set of patches to QEMU
which add support for the Allwinner H3 System on Chip and the
Orange Pi PC machine. The following features and devices are supported:

 * SMP (Quad Core Cortex A7)
 * Generic Interrupt Controller configuration
 * SRAM mappings
 * SDRAM controller
 * Real Time Clock
 * Timer device (re-used from Allwinner A10)
 * UART
 * SD/MMC storage controller
 * EMAC ethernet connectivity
 * USB 2.0 interfaces
 * Clock Control Unit
 * System Control module
 * Security Identifier device

Functionality related to graphical output such as HDMI, GPU,
Display Engine and audio are not included. Recently released
mainline Linux kernels (4.19 up to latest master), mainline U-Boot
and NetBSD 9.0 are known to work.

For full details on how to use the Orange Pi PC machine, see the file
docs/orangepi.rst which is included as a patch in this series.

The contents of this patch series is available on Github at:

  https://github.com/nieklinnenbank/qemu/tree/allwinner-h3-v5

The followings are currently known issues in this series:

  - RTC date & time is not persistent
  - boot0 custom Allwinner bootloader not yet working
  - Watchdog not yet implemented, affects U-Boot 'reset' and shutdown/reboot
 -> This is part of the existing A10 timer that needs to be generalized 
first

Looking forward to your review comments. I will do my best
to update the patches where needed.

= CHANGELOG =
v5:
 * hw/arm/allwinner-h3.c: correct comment for dc->user_creatable = false
 * hw/arm/allwinner-h3.c: rename usb[0-3] to usb[0-3]-phy in unimplemented array
 * hw/arm/allwinner-h3.c: remove unneeded check for rom_size > blk_size in 
bootrom_setup()
 * hw/arm/allwinner-h3.c: remove errp parameter and directl use error_fatal in 
bootrom_setup()
 * hw/arm/Kconfig: add USB_OHCI, USB_EHCI_SYSBUS, SD to ALLWINNER_H3 item (for 
--without-default-devices)
 * hw/misc/allwinner-cpucfg.c: add entry_addr to VMState for migration
 * hw/misc/allwinner-sid.c: add identifier to VMState for migration
 * hw/misc/allwinner-sid.c: use ldl_be_p() to set rdkey value
 * hw/arm/orangepi.c: add comment about always using a default fixed SID 
identifier
 * hw/arm/orangepi.c: add check for SID identifier override, to allow -global 
override by the user
 * hw/arm/orangepi.c: print warning if SID identifier does not include H3 prefix
 * hw/arm/orangepi.c: move 1GiB RAM check between checks for BIOS and CPU type
 * include/hw/misc/allwinner-h3-ccu.h: rename AW_H3_CCU_REGS_MAXADDR to 
AW_H3_CCU_IOSIZE with value 0x400
 * hw/misc/allwinner-h3-ccu.c: use AW_H3_CCU_IOSIZE with range in 
switch(offset) in read/write
 * hw/rtc/allwinner-rtc.c: add 'base-year' property in AwRtcState (replaces 
previous year_offset)
 * hw/sd/allwinner-sdhost.c: set AUTOCMD interrupt flag in auto_stop() function 
only
 * hw/sd/allwinner-sdhost.c: set SDIO_INTR and INT_SUMMARY interrupt flags in 
dma() function
 * docs/orangepi.rst: add machine options section, which documents available 
machine/device specific properties
 * docs/orangepi.rst: updated NetBSD 9 instructions with new image URL, -global 
options and extend SD image command
 * hw/*/allwinner*.c: use device_class_set_props() to set DeviceClass properties
 * tests/acceptance/boot_linux_console.py: add check for 7z program using 
avocado's find_command()
 * tests/acceptance/boot_linux_console.py: adapt NetBSD test to use NetBSD 9.0 
final release
 * tests/acceptance/boot_linux_console.py: adapt NetBSD test to use -global 
allwinner-rtc.base-year=2000

v4: https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg03960.html
https://github.com/nieklinnenbank/qemu/tree/allwinner-h3-v4

v3: https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg01534.html
https://github.com/nieklinnenbank/qemu/tree/allwinner-h3-v3

v2: https://lists.gnu.org/archive/html/qemu-devel/2019-12/msg03265.html
https://github.com/nieklinnenbank/qemu/tree/allwinner-h3-v2

v1: https://lists.gnu.org/archive/html/qemu-devel/2019-12/msg00320.html
https://github.com/nieklinnenbank/qemu/tree/allwinner-h3-v1

With kind regards,

Niek Linnenbank

Niek Linnenbank (13):
  hw/arm: add Allwinner H3 System-on-Chip
  hw/arm: add Xunlong Orange Pi PC machine
  hw/arm/allwinner-h3: add Clock Control Unit
  hw/arm/allwinner-h3: add USB host controller
  hw/arm/allwinner-h3: add System Control module
  hw/arm/allwinner: add CPU Configuration module
  hw/arm/allwinner: add Security Identifier device
  hw/arm/allwinner: add SD/MMC host controller
  hw/arm/allwinner-h3: add EMAC ethernet device
  hw/arm/allwinner-h3: add Boot ROM support
  hw/arm/allwinner-h3: add SDRAM controller device
  hw/arm/allwinner: add RTC device support
  docs: add Orange Pi PC document

Philippe Mathieu-Daudé (5):
  tests/boot_linux_console: Add a quick test for the OrangePi PC board
  tests/boot_linux_console: Add initrd test for the Orange Pi PC board
  tests/boot_linux_console: Add a SD card test 

[PATCH v5 04/18] hw/arm/allwinner-h3: add USB host controller

[Niek Linnenbank]

The Allwinner H3 System on Chip contains multiple USB 2.0 bus
connections which provide software access using the Enhanced
Host Controller Interface (EHCI) and Open Host Controller
Interface (OHCI) interfaces. This commit adds support for
both interfaces in the Allwinner H3 System on Chip.

Signed-off-by: Niek Linnenbank 
Reviewed-by: Gerd Hoffmann 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 hw/usb/hcd-ehci.h |  1 +
 include/hw/arm/allwinner-h3.h |  8 +++
 hw/arm/allwinner-h3.c | 44 +++
 hw/usb/hcd-ehci-sysbus.c  | 17 ++
 hw/arm/Kconfig|  2 ++
 5 files changed, 72 insertions(+)

diff --git a/hw/usb/hcd-ehci.h b/hw/usb/hcd-ehci.h
index 0298238f0b..edb59311c4 100644
--- a/hw/usb/hcd-ehci.h
+++ b/hw/usb/hcd-ehci.h
@@ -342,6 +342,7 @@ typedef struct EHCIPCIState {
 #define TYPE_SYS_BUS_EHCI "sysbus-ehci-usb"
 #define TYPE_PLATFORM_EHCI "platform-ehci-usb"
 #define TYPE_EXYNOS4210_EHCI "exynos4210-ehci-usb"
+#define TYPE_AW_H3_EHCI "aw-h3-ehci-usb"
 #define TYPE_TEGRA2_EHCI "tegra2-ehci-usb"
 #define TYPE_PPC4xx_EHCI "ppc4xx-ehci-usb"
 #define TYPE_FUSBH200_EHCI "fusbh200-ehci-usb"
diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
index abdc20871a..4f4dcbcd17 100644
--- a/include/hw/arm/allwinner-h3.h
+++ b/include/hw/arm/allwinner-h3.h
@@ -56,6 +56,14 @@ enum {
 AW_H3_SRAM_A1,
 AW_H3_SRAM_A2,
 AW_H3_SRAM_C,
+AW_H3_EHCI0,
+AW_H3_OHCI0,
+AW_H3_EHCI1,
+AW_H3_OHCI1,
+AW_H3_EHCI2,
+AW_H3_OHCI2,
+AW_H3_EHCI3,
+AW_H3_OHCI3,
 AW_H3_CCU,
 AW_H3_PIT,
 AW_H3_UART0,
diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
index 1fff3c317b..c205f06738 100644
--- a/hw/arm/allwinner-h3.c
+++ b/hw/arm/allwinner-h3.c
@@ -28,6 +28,7 @@
 #include "hw/sysbus.h"
 #include "hw/char/serial.h"
 #include "hw/misc/unimp.h"
+#include "hw/usb/hcd-ehci.h"
 #include "sysemu/sysemu.h"
 #include "hw/arm/allwinner-h3.h"
 
@@ -36,6 +37,14 @@ const hwaddr allwinner_h3_memmap[] = {
 [AW_H3_SRAM_A1]= 0x,
 [AW_H3_SRAM_A2]= 0x00044000,
 [AW_H3_SRAM_C] = 0x0001,
+[AW_H3_EHCI0]  = 0x01c1a000,
+[AW_H3_OHCI0]  = 0x01c1a400,
+[AW_H3_EHCI1]  = 0x01c1b000,
+[AW_H3_OHCI1]  = 0x01c1b400,
+[AW_H3_EHCI2]  = 0x01c1c000,
+[AW_H3_OHCI2]  = 0x01c1c400,
+[AW_H3_EHCI3]  = 0x01c1d000,
+[AW_H3_OHCI3]  = 0x01c1d400,
 [AW_H3_CCU]= 0x01c2,
 [AW_H3_PIT]= 0x01c20c00,
 [AW_H3_UART0]  = 0x01c28000,
@@ -144,6 +153,14 @@ enum {
 AW_H3_GIC_SPI_UART3 =  3,
 AW_H3_GIC_SPI_TIMER0= 18,
 AW_H3_GIC_SPI_TIMER1= 19,
+AW_H3_GIC_SPI_EHCI0 = 72,
+AW_H3_GIC_SPI_OHCI0 = 73,
+AW_H3_GIC_SPI_EHCI1 = 74,
+AW_H3_GIC_SPI_OHCI1 = 75,
+AW_H3_GIC_SPI_EHCI2 = 76,
+AW_H3_GIC_SPI_OHCI2 = 77,
+AW_H3_GIC_SPI_EHCI3 = 78,
+AW_H3_GIC_SPI_OHCI3 = 79,
 };
 
 /* Allwinner H3 general constants */
@@ -284,6 +301,33 @@ static void allwinner_h3_realize(DeviceState *dev, Error 
**errp)
 qdev_init_nofail(DEVICE(>ccu));
 sysbus_mmio_map(SYS_BUS_DEVICE(>ccu), 0, s->memmap[AW_H3_CCU]);
 
+/* Universal Serial Bus */
+sysbus_create_simple(TYPE_AW_H3_EHCI, s->memmap[AW_H3_EHCI0],
+ qdev_get_gpio_in(DEVICE(>gic),
+  AW_H3_GIC_SPI_EHCI0));
+sysbus_create_simple(TYPE_AW_H3_EHCI, s->memmap[AW_H3_EHCI1],
+ qdev_get_gpio_in(DEVICE(>gic),
+  AW_H3_GIC_SPI_EHCI1));
+sysbus_create_simple(TYPE_AW_H3_EHCI, s->memmap[AW_H3_EHCI2],
+ qdev_get_gpio_in(DEVICE(>gic),
+  AW_H3_GIC_SPI_EHCI2));
+sysbus_create_simple(TYPE_AW_H3_EHCI, s->memmap[AW_H3_EHCI3],
+ qdev_get_gpio_in(DEVICE(>gic),
+  AW_H3_GIC_SPI_EHCI3));
+
+sysbus_create_simple("sysbus-ohci", s->memmap[AW_H3_OHCI0],
+ qdev_get_gpio_in(DEVICE(>gic),
+  AW_H3_GIC_SPI_OHCI0));
+sysbus_create_simple("sysbus-ohci", s->memmap[AW_H3_OHCI1],
+ qdev_get_gpio_in(DEVICE(>gic),
+  AW_H3_GIC_SPI_OHCI1));
+sysbus_create_simple("sysbus-ohci", s->memmap[AW_H3_OHCI2],
+ qdev_get_gpio_in(DEVICE(>gic),
+  AW_H3_GIC_SPI_OHCI2));
+sysbus_create_simple("sysbus-ohci", s->memmap[AW_H3_OHCI3],
+ qdev_get_gpio_in(DEVICE(>gic),
+  AW_H3_GIC_SPI_OHCI3));
+
 /* UART0. For future clocktree API: All UARTS are connected to APB2_CLK. */
 serial_mm_init(get_system_memory(), s->memmap[AW_H3_UART0], 2,

[PATCH v5 01/18] hw/arm: add Allwinner H3 System-on-Chip

[Niek Linnenbank]

The Allwinner H3 is a System on Chip containing four ARM Cortex A7
processor cores. Features and specifications include DDR2/DDR3 memory,
SD/MMC storage cards, 10/100/1000Mbit Ethernet, USB 2.0, HDMI and
various I/O modules. This commit adds support for the Allwinner H3
System on Chip.

Signed-off-by: Niek Linnenbank 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 default-configs/arm-softmmu.mak |   1 +
 include/hw/arm/allwinner-h3.h   | 106 +++
 hw/arm/allwinner-h3.c   | 327 
 MAINTAINERS |   7 +
 hw/arm/Kconfig  |   8 +
 hw/arm/Makefile.objs|   1 +
 6 files changed, 450 insertions(+)
 create mode 100644 include/hw/arm/allwinner-h3.h
 create mode 100644 hw/arm/allwinner-h3.c

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 645e6201bb..36a0e89daa 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -41,3 +41,4 @@ CONFIG_FSL_IMX25=y
 CONFIG_FSL_IMX7=y
 CONFIG_FSL_IMX6UL=y
 CONFIG_SEMIHOSTING=y
+CONFIG_ALLWINNER_H3=y
diff --git a/include/hw/arm/allwinner-h3.h b/include/hw/arm/allwinner-h3.h
new file mode 100644
index 00..2aac9b78ec
--- /dev/null
+++ b/include/hw/arm/allwinner-h3.h
@@ -0,0 +1,106 @@
+/*
+ * Allwinner H3 System on Chip emulation
+ *
+ * Copyright (C) 2019 Niek Linnenbank 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+/*
+ * The Allwinner H3 is a System on Chip containing four ARM Cortex A7
+ * processor cores. Features and specifications include DDR2/DDR3 memory,
+ * SD/MMC storage cards, 10/100/1000Mbit Ethernet, USB 2.0, HDMI and
+ * various I/O modules.
+ *
+ * This implementation is based on the following datasheet:
+ *
+ *   https://linux-sunxi.org/File:Allwinner_H3_Datasheet_V1.2.pdf
+ *
+ * The latest datasheet and more info can be found on the Linux Sunxi wiki:
+ *
+ *   https://linux-sunxi.org/H3
+ */
+
+#ifndef HW_ARM_ALLWINNER_H3_H
+#define HW_ARM_ALLWINNER_H3_H
+
+#include "qom/object.h"
+#include "hw/arm/boot.h"
+#include "hw/timer/allwinner-a10-pit.h"
+#include "hw/intc/arm_gic.h"
+#include "target/arm/cpu.h"
+
+/**
+ * Allwinner H3 device list
+ *
+ * This enumeration is can be used refer to a particular device in the
+ * Allwinner H3 SoC. For example, the physical memory base address for
+ * each device can be found in the AwH3State object in the memmap member
+ * using the device enum value as index.
+ *
+ * @see AwH3State
+ */
+enum {
+AW_H3_SRAM_A1,
+AW_H3_SRAM_A2,
+AW_H3_SRAM_C,
+AW_H3_PIT,
+AW_H3_UART0,
+AW_H3_UART1,
+AW_H3_UART2,
+AW_H3_UART3,
+AW_H3_GIC_DIST,
+AW_H3_GIC_CPU,
+AW_H3_GIC_HYP,
+AW_H3_GIC_VCPU,
+AW_H3_SDRAM
+};
+
+/** Total number of CPU cores in the H3 SoC */
+#define AW_H3_NUM_CPUS  (4)
+
+/**
+ * Allwinner H3 object model
+ * @{
+ */
+
+/** Object type for the Allwinner H3 SoC */
+#define TYPE_AW_H3 "allwinner-h3"
+
+/** Convert input object to Allwinner H3 state object */
+#define AW_H3(obj) OBJECT_CHECK(AwH3State, (obj), TYPE_AW_H3)
+
+/** @} */
+
+/**
+ * Allwinner H3 object
+ *
+ * This struct contains the state of all the devices
+ * which are currently emulated by the H3 SoC code.
+ */
+typedef struct AwH3State {
+/*< private >*/
+DeviceState parent_obj;
+/*< public >*/
+
+ARMCPU cpus[AW_H3_NUM_CPUS];
+const hwaddr *memmap;
+AwA10PITState timer;
+GICState gic;
+MemoryRegion sram_a1;
+MemoryRegion sram_a2;
+MemoryRegion sram_c;
+} AwH3State;
+
+#endif /* HW_ARM_ALLWINNER_H3_H */
diff --git a/hw/arm/allwinner-h3.c b/hw/arm/allwinner-h3.c
new file mode 100644
index 00..7958f37685
--- /dev/null
+++ b/hw/arm/allwinner-h3.c
@@ -0,0 +1,327 @@
+/*
+ * Allwinner H3 System on Chip emulation
+ *
+ * Copyright (C) 2019 Niek Linnenbank 
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ 

Re: [PATCH v5 10/22] target/arm: Define arm_cpu_do_unaligned_access for CONFIG_USER_ONLY

[Richard Henderson]

On 12/5/19 8:12 AM, Peter Maydell wrote:
> For arm_cpu_tlb_fill() which handles prefetch/data aborts
> we just have a separate much simpler codepath for
> CONFIG_USER_ONLY which doesn't call arm_deliver_fault().
> I think being consistent here about how we handle the
> CONFIG_USER_ONLY case would help avoid having a codepath
> that isn't very well tested because it's only used in
> the odd special case of unaligned-address exceptions.

Fair enough.

It also reminds me that I had failed to add the linux-user changes to go along
with this to raise SIGBUS instead of SIGSEGV.


r~

[PATCH 17/22] linux-user,mips64: split syscall_nr.h

[Laurent Vivier]

Split into syscall32_nr.h (n32) and syscall64_nr.h (n64)

o32 interface is in mips/syscall_nr.h

Signed-off-by: Laurent Vivier 
---
 linux-user/mips64/syscall32_nr.h | 375 
 linux-user/mips64/syscall64_nr.h | 351 +++
 linux-user/mips64/syscall_nr.h   | 719 +--
 3 files changed, 728 insertions(+), 717 deletions(-)
 create mode 100644 linux-user/mips64/syscall32_nr.h
 create mode 100644 linux-user/mips64/syscall64_nr.h

diff --git a/linux-user/mips64/syscall32_nr.h b/linux-user/mips64/syscall32_nr.h
new file mode 100644
index ..3244a543ba76
--- /dev/null
+++ b/linux-user/mips64/syscall32_nr.h
@@ -0,0 +1,375 @@
+#ifndef LINUX_USER_MIPS64_SYSCALL32_NR_H
+#define LINUX_USER_MIPS64_SYSCALL32_NR_H
+
+/*
+ * Linux N32 syscalls are in the range from 6000 to 6999.
+ */
+#define TARGET_NR_Linux 6000
+#define TARGET_NR_read  (TARGET_NR_Linux +   0)
+#define TARGET_NR_write (TARGET_NR_Linux +   1)
+#define TARGET_NR_open  (TARGET_NR_Linux +   2)
+#define TARGET_NR_close (TARGET_NR_Linux +   3)
+#define TARGET_NR_stat  (TARGET_NR_Linux +   4)
+#define TARGET_NR_fstat (TARGET_NR_Linux +   5)
+#define TARGET_NR_lstat (TARGET_NR_Linux +   6)
+#define TARGET_NR_poll  (TARGET_NR_Linux +   7)
+#define TARGET_NR_lseek (TARGET_NR_Linux +   8)
+#define TARGET_NR_mmap  (TARGET_NR_Linux +   9)
+#define TARGET_NR_mprotect  (TARGET_NR_Linux +  10)
+#define TARGET_NR_munmap(TARGET_NR_Linux +  11)
+#define TARGET_NR_brk   (TARGET_NR_Linux +  12)
+#define TARGET_NR_rt_sigaction  (TARGET_NR_Linux +  13)
+#define TARGET_NR_rt_sigprocmask(TARGET_NR_Linux +  14)
+#define TARGET_NR_ioctl (TARGET_NR_Linux +  15)
+#define TARGET_NR_pread64   (TARGET_NR_Linux +  16)
+#define TARGET_NR_pwrite64  (TARGET_NR_Linux +  17)
+#define TARGET_NR_readv (TARGET_NR_Linux +  18)
+#define TARGET_NR_writev(TARGET_NR_Linux +  19)
+#define TARGET_NR_access(TARGET_NR_Linux +  20)
+#define TARGET_NR_pipe  (TARGET_NR_Linux +  21)
+#define TARGET_NR__newselect(TARGET_NR_Linux +  22)
+#define TARGET_NR_sched_yield   (TARGET_NR_Linux +  23)
+#define TARGET_NR_mremap(TARGET_NR_Linux +  24)
+#define TARGET_NR_msync (TARGET_NR_Linux +  25)
+#define TARGET_NR_mincore   (TARGET_NR_Linux +  26)
+#define TARGET_NR_madvise   (TARGET_NR_Linux +  27)
+#define TARGET_NR_shmget(TARGET_NR_Linux +  28)
+#define TARGET_NR_shmat (TARGET_NR_Linux +  29)
+#define TARGET_NR_shmctl(TARGET_NR_Linux +  30)
+#define TARGET_NR_dup   (TARGET_NR_Linux +  31)
+#define TARGET_NR_dup2  (TARGET_NR_Linux +  32)
+#define TARGET_NR_pause (TARGET_NR_Linux +  33)
+#define TARGET_NR_nanosleep (TARGET_NR_Linux +  34)
+#define TARGET_NR_getitimer (TARGET_NR_Linux +  35)
+#define TARGET_NR_setitimer (TARGET_NR_Linux +  36)
+#define TARGET_NR_alarm (TARGET_NR_Linux +  37)
+#define TARGET_NR_getpid(TARGET_NR_Linux +  38)
+#define TARGET_NR_sendfile  (TARGET_NR_Linux +  39)
+#define TARGET_NR_socket(TARGET_NR_Linux +  40)
+#define TARGET_NR_connect   (TARGET_NR_Linux +  41)
+#define TARGET_NR_accept(TARGET_NR_Linux +  42)
+#define TARGET_NR_sendto(TARGET_NR_Linux +  43)
+#define TARGET_NR_recvfrom  (TARGET_NR_Linux +  44)
+#define TARGET_NR_sendmsg   (TARGET_NR_Linux +  45)
+#define TARGET_NR_recvmsg   (TARGET_NR_Linux +  46)
+#define TARGET_NR_shutdown  (TARGET_NR_Linux +  47)
+#define TARGET_NR_bind  (TARGET_NR_Linux +  48)
+#define TARGET_NR_listen(TARGET_NR_Linux +  49)
+#define TARGET_NR_getsockname   (TARGET_NR_Linux +  50)
+#define TARGET_NR_getpeername   (TARGET_NR_Linux +  51)
+#define TARGET_NR_socketpair(TARGET_NR_Linux +  52)
+#define TARGET_NR_setsockopt(TARGET_NR_Linux +  53)
+#define TARGET_NR_getsockopt(TARGET_NR_Linux +  54)
+#define TARGET_NR_clone (TARGET_NR_Linux +  55)
+#define TARGET_NR_fork  (TARGET_NR_Linux +  56)
+#define TARGET_NR_execve(TARGET_NR_Linux +  57)
+#define TARGET_NR_exit  (TARGET_NR_Linux +  58)
+#define TARGET_NR_wait4 (TARGET_NR_Linux +  59)
+#define TARGET_NR_kill  (TARGET_NR_Linux +  60)
+#define TARGET_NR_uname (TARGET_NR_Linux +  61)
+#define TARGET_NR_semget(TARGET_NR_Linux +  62)
+#define 

Re: [PULL SUBSYSTEM qemu-pseries] pseries: Update SLOF firmware image

[David Gibson]

On Mon, Feb 17, 2020 at 11:24:11AM +0100, Philippe Mathieu-Daudé wrote:
> On 2/17/20 10:26 AM, Philippe Mathieu-Daudé wrote:
> > Hi Alexey,
> > 
> > On 2/17/20 3:12 AM, Alexey Kardashevskiy wrote:
> > > The following changes since commit
> > > 05943fb4ca41f626078014c0327781815c6584c5:
> > > 
> > >    ppc: free 'fdt' after reset the machine (2020-02-17 11:27:23 +1100)
> > > 
> > > are available in the Git repository at:
> > > 
> > >    g...@github.com:aik/qemu.git tags/qemu-slof-20200217
> > > 
> > > for you to fetch changes up to ea9a03e5aa023c5391bab5259898475d0298aac2:
> > > 
> > >    pseries: Update SLOF firmware image (2020-02-17 13:08:59 +1100)
> > > 
> > > 
> > > Alexey Kardashevskiy (1):
> > >    pseries: Update SLOF firmware image
> > > 
> > >   pc-bios/README   |   2 +-
> > >   pc-bios/slof.bin | Bin 931032 -> 968560 bytes
> > >   roms/SLOF    |   2 +-
> > >   3 files changed, 2 insertions(+), 2 deletions(-)
> > 
> > I only received the cover, not the patch, have you posted it?
> 
> OK I see the SLOF binary is almost 1MB. Maybe this got blocked by spam
> filter. FYI you can use 'git-format-patch --no-binary' to emit the patch
> with the commit description but without the content.

Generally Alexey sends SLOF updates to me just as pull requests
without patches in full, because a huge slab of base64 encoded
firmware isn't particularly illuminating.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[PATCH 22/22] linux-user,mips: update syscall-args-o32.c.inc

[Laurent Vivier]

Add a script to update the file from strace github and run it

Signed-off-by: Laurent Vivier 
---
 linux-user/mips/syscall-args-o32.c.inc | 874 -
 scripts/update-mips-syscall-args.sh|  57 ++
 2 files changed, 493 insertions(+), 438 deletions(-)
 create mode 100755 scripts/update-mips-syscall-args.sh

diff --git a/linux-user/mips/syscall-args-o32.c.inc 
b/linux-user/mips/syscall-args-o32.c.inc
index f060b061441a..0ad35857b4e4 100644
--- a/linux-user/mips/syscall-args-o32.c.inc
+++ b/linux-user/mips/syscall-args-o32.c.inc
@@ -1,438 +1,436 @@
-#  define MIPS_SYS(name, args) args,
-MIPS_SYS(sys_syscall, 8)/* 4000 */
-MIPS_SYS(sys_exit   , 1)
-MIPS_SYS(sys_fork   , 0)
-MIPS_SYS(sys_read   , 3)
-MIPS_SYS(sys_write  , 3)
-MIPS_SYS(sys_open   , 3)/* 4005 */
-MIPS_SYS(sys_close  , 1)
-MIPS_SYS(sys_waitpid, 3)
-MIPS_SYS(sys_creat  , 2)
-MIPS_SYS(sys_link   , 2)
-MIPS_SYS(sys_unlink , 1)/* 4010 */
-MIPS_SYS(sys_execve , 0)
-MIPS_SYS(sys_chdir  , 1)
-MIPS_SYS(sys_time   , 1)
-MIPS_SYS(sys_mknod  , 3)
-MIPS_SYS(sys_chmod  , 2)/* 4015 */
-MIPS_SYS(sys_lchown , 3)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_ni_syscall , 0)/* was sys_stat */
-MIPS_SYS(sys_lseek  , 3)
-MIPS_SYS(sys_getpid , 0)/* 4020 */
-MIPS_SYS(sys_mount  , 5)
-MIPS_SYS(sys_umount , 1)
-MIPS_SYS(sys_setuid , 1)
-MIPS_SYS(sys_getuid , 0)
-MIPS_SYS(sys_stime  , 1)/* 4025 */
-MIPS_SYS(sys_ptrace , 4)
-MIPS_SYS(sys_alarm  , 1)
-MIPS_SYS(sys_ni_syscall , 0)/* was sys_fstat */
-MIPS_SYS(sys_pause  , 0)
-MIPS_SYS(sys_utime  , 2)/* 4030 */
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_access , 2)
-MIPS_SYS(sys_nice   , 1)
-MIPS_SYS(sys_ni_syscall , 0)/* 4035 */
-MIPS_SYS(sys_sync   , 0)
-MIPS_SYS(sys_kill   , 2)
-MIPS_SYS(sys_rename , 2)
-MIPS_SYS(sys_mkdir  , 2)
-MIPS_SYS(sys_rmdir  , 1)/* 4040 */
-MIPS_SYS(sys_dup, 1)
-MIPS_SYS(sys_pipe   , 0)
-MIPS_SYS(sys_times  , 1)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_brk, 1)/* 4045 */
-MIPS_SYS(sys_setgid , 1)
-MIPS_SYS(sys_getgid , 0)
-MIPS_SYS(sys_ni_syscall , 0)/* was signal(2) */
-MIPS_SYS(sys_geteuid, 0)
-MIPS_SYS(sys_getegid, 0)/* 4050 */
-MIPS_SYS(sys_acct   , 0)
-MIPS_SYS(sys_umount2, 2)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_ioctl  , 3)
-MIPS_SYS(sys_fcntl  , 3)/* 4055 */
-MIPS_SYS(sys_ni_syscall , 2)
-MIPS_SYS(sys_setpgid, 2)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_olduname   , 1)
-MIPS_SYS(sys_umask  , 1)/* 4060 */
-MIPS_SYS(sys_chroot , 1)
-MIPS_SYS(sys_ustat  , 2)
-MIPS_SYS(sys_dup2   , 2)
-MIPS_SYS(sys_getppid, 0)
-MIPS_SYS(sys_getpgrp, 0)/* 4065 */
-MIPS_SYS(sys_setsid , 0)
-MIPS_SYS(sys_sigaction  , 3)
-MIPS_SYS(sys_sgetmask   , 0)
-MIPS_SYS(sys_ssetmask   , 1)
-MIPS_SYS(sys_setreuid   , 2)/* 4070 */
-MIPS_SYS(sys_setregid   , 2)
-MIPS_SYS(sys_sigsuspend , 0)
-MIPS_SYS(sys_sigpending , 1)
-MIPS_SYS(sys_sethostname, 2)
-MIPS_SYS(sys_setrlimit  , 2)/* 4075 */
-MIPS_SYS(sys_getrlimit  , 2)
-MIPS_SYS(sys_getrusage  , 2)
-MIPS_SYS(sys_gettimeofday, 2)
-MIPS_SYS(sys_settimeofday, 2)
-MIPS_SYS(sys_getgroups  , 2)/* 4080 */
-MIPS_SYS(sys_setgroups  , 2)
-MIPS_SYS(sys_ni_syscall , 0)/* old_select */
-MIPS_SYS(sys_symlink, 2)
-MIPS_SYS(sys_ni_syscall , 0)/* was sys_lstat */
-MIPS_SYS(sys_readlink   , 3)/* 4085 */
-MIPS_SYS(sys_uselib , 1)
-MIPS_SYS(sys_swapon , 2)
-MIPS_SYS(sys_reboot , 3)
-MIPS_SYS(old_readdir, 3)
-MIPS_SYS(old_mmap   , 6)/* 4090 */
-MIPS_SYS(sys_munmap , 2)
-MIPS_SYS(sys_truncate   , 2)
-MIPS_SYS(sys_ftruncate  , 2)
-MIPS_SYS(sys_fchmod , 2)
-MIPS_SYS(sys_fchown , 3)/* 4095 */
-MIPS_SYS(sys_getpriority, 2)
-MIPS_SYS(sys_setpriority, 3)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_statfs , 2)
-MIPS_SYS(sys_fstatfs, 2)/* 4100 */
-MIPS_SYS(sys_ni_syscall , 0)/* was ioperm(2) */
-MIPS_SYS(sys_socketcall , 2)
-  

[PATCH 10/22] linux-user,ppc: add syscall table generation support

[Laurent Vivier]

Copy syscall.tbl and syscallhdr.sh from linux/arch/ppc/kernel/syscalls v5.5
Update syscallhdr.sh to generate QEMU syscall32_nr.h and syscall64_nr.h
and to not generate the entry if entry point is sys_ni_syscall.

Fix ppc/signal.c to define do_sigreturn() for TARGET_ABI32.

Signed-off-by: Laurent Vivier 
---
 configure |   4 +
 linux-user/Makefile.objs  |   2 +
 linux-user/ppc/Makefile.objs  |   9 +
 linux-user/ppc/signal.c   |   2 +-
 linux-user/ppc/syscall.tbl| 519 ++
 linux-user/ppc/syscall32_nr.h | 390 -
 linux-user/ppc/syscall64_nr.h | 381 -
 linux-user/ppc/syscallhdr.sh  |  34 +++
 8 files changed, 569 insertions(+), 772 deletions(-)
 create mode 100644 linux-user/ppc/Makefile.objs
 create mode 100644 linux-user/ppc/syscall.tbl
 delete mode 100644 linux-user/ppc/syscall32_nr.h
 delete mode 100644 linux-user/ppc/syscall64_nr.h
 create mode 100644 linux-user/ppc/syscallhdr.sh

diff --git a/configure b/configure
index 6db6a658b355..853951963549 100755
--- a/configure
+++ b/configure
@@ -7745,10 +7745,12 @@ case "$target_name" in
   ;;
   ppc)
 gdb_xml_files="power-core.xml power-fpu.xml power-altivec.xml 
power-spe.xml"
+TARGET_SYSTBL_ABI=common,nospu,32
   ;;
   ppc64)
 TARGET_BASE_ARCH=ppc
 TARGET_ABI_DIR=ppc
+TARGET_SYSTBL_ABI=common,nospu,64
 mttcg=yes
 gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml 
power-spe.xml power-vsx.xml"
   ;;
@@ -7756,6 +7758,7 @@ case "$target_name" in
 TARGET_ARCH=ppc64
 TARGET_BASE_ARCH=ppc
 TARGET_ABI_DIR=ppc
+TARGET_SYSTBL_ABI=common,nospu,64
 mttcg=yes
 gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml 
power-spe.xml power-vsx.xml"
   ;;
@@ -7763,6 +7766,7 @@ case "$target_name" in
 TARGET_ARCH=ppc64
 TARGET_BASE_ARCH=ppc
 TARGET_ABI_DIR=ppc
+TARGET_SYSTBL_ABI=common,nospu,32
 echo "TARGET_ABI32=y" >> $config_target_mak
 gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml 
power-spe.xml power-vsx.xml"
   ;;
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index bc12e38291bc..8b00dad687b2 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -12,5 +12,7 @@ obj-$(TARGET_ARM) += arm/
 obj-$(TARGET_HPPA) += hppa/
 obj-$(TARGET_M68K) += m68k/
 obj-$(TARGET_MICROBLAZE) += microblaze/
+obj-$(TARGET_PPC) += ppc/
+obj-$(TARGET_PPC64) += ppc/
 obj-$(TARGET_SH4) += sh4/
 obj-$(TARGET_XTENSA) += xtensa/
diff --git a/linux-user/ppc/Makefile.objs b/linux-user/ppc/Makefile.objs
new file mode 100644
index ..10b7fa17bf36
--- /dev/null
+++ b/linux-user/ppc/Makefile.objs
@@ -0,0 +1,9 @@
+generated-files-y += linux-user/$(TARGET_ABI_DIR)/syscall32_nr.h
+generated-files-y += linux-user/$(TARGET_ABI_DIR)/syscall64_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/$(TARGET_ABI_DIR)/syscallhdr.sh
+
+%/syscall32_nr.h: $(SRC_PATH)/linux-user/$(TARGET_ABI_DIR)/syscall.tbl 
$(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
+%/syscall64_nr.h: $(SRC_PATH)/linux-user/$(TARGET_ABI_DIR)/syscall.tbl 
$(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/ppc/signal.c b/linux-user/ppc/signal.c
index 5b82af6cb623..0c4e7ba54caf 100644
--- a/linux-user/ppc/signal.c
+++ b/linux-user/ppc/signal.c
@@ -588,7 +588,7 @@ sigsegv:
 
 }
 
-#if !defined(TARGET_PPC64)
+#if !defined(TARGET_PPC64) || defined(TARGET_ABI32)
 long do_sigreturn(CPUPPCState *env)
 {
 struct target_sigcontext *sc = NULL;
diff --git a/linux-user/ppc/syscall.tbl b/linux-user/ppc/syscall.tbl
new file mode 100644
index ..43f736ed47f2
--- /dev/null
+++ b/linux-user/ppc/syscall.tbl
@@ -0,0 +1,519 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# system call numbers and entry vectors for powerpc
+#
+# The format is:
+# 
+#
+# The  can be common, spu, nospu, 64, or 32 for this file.
+#
+0  nospu   restart_syscall sys_restart_syscall
+1  nospu   exitsys_exit
+2  nospu   forkppc_fork
+3  common  readsys_read
+4  common  write   sys_write
+5  common  opensys_open
compat_sys_open
+6  common  close   sys_close
+7  common  waitpid sys_waitpid
+8  common  creat   sys_creat
+9  common  linksys_link
+10 common  unlink  sys_unlink
+11 nospu   execve  sys_execve  
compat_sys_execve
+12 common  chdir   sys_chdir
+13 32  timesys_time32
+13 64  timesys_time
+13 spu 

[PATCH 06/22] linux-user,sh4: add syscall table generation support

[Laurent Vivier]

Copy syscall.tbl and syscallhdr.sh from linux/arch/sh/kernel/syscalls v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h

Signed-off-by: Laurent Vivier 
---
 configure|   1 +
 linux-user/Makefile.objs |   1 +
 linux-user/sh4/Makefile.objs |   5 +
 linux-user/sh4/syscall.tbl   | 440 ++
 linux-user/sh4/syscall_nr.h  | 441 ---
 linux-user/sh4/syscallhdr.sh |  32 +++
 6 files changed, 479 insertions(+), 441 deletions(-)
 create mode 100644 linux-user/sh4/Makefile.objs
 create mode 100644 linux-user/sh4/syscall.tbl
 delete mode 100644 linux-user/sh4/syscall_nr.h
 create mode 100644 linux-user/sh4/syscallhdr.sh

diff --git a/configure b/configure
index 11ef230733fa..4e2ede835dc4 100755
--- a/configure
+++ b/configure
@@ -7778,6 +7778,7 @@ case "$target_name" in
   ;;
   sh4|sh4eb)
 TARGET_ARCH=sh4
+TARGET_SYSTBL_ABI=common
 bflt="yes"
   ;;
   sparc)
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index 13b821baf752..d31f30d75851 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -12,4 +12,5 @@ obj-$(TARGET_AARCH64) += arm/semihost.o
 obj-$(TARGET_ALPHA) += alpha/
 obj-$(TARGET_HPPA) += hppa/
 obj-$(TARGET_M68K) += m68k/
+obj-$(TARGET_SH4) += sh4/
 obj-$(TARGET_XTENSA) += xtensa/
diff --git a/linux-user/sh4/Makefile.objs b/linux-user/sh4/Makefile.objs
new file mode 100644
index ..86def8d77114
--- /dev/null
+++ b/linux-user/sh4/Makefile.objs
@@ -0,0 +1,5 @@
+generated-files-y += linux-user/sh4/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/sh4/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/sh4/syscall.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/sh4/syscall.tbl b/linux-user/sh4/syscall.tbl
new file mode 100644
index ..b5ed26c4c005
--- /dev/null
+++ b/linux-user/sh4/syscall.tbl
@@ -0,0 +1,440 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# system call numbers and entry vectors for sh
+#
+# The format is:
+#
+#
+# The  is always "common" for this file
+#
+0  common  restart_syscall sys_restart_syscall
+1  common  exitsys_exit
+2  common  forksys_fork
+3  common  readsys_read
+4  common  write   sys_write
+5  common  opensys_open
+6  common  close   sys_close
+7  common  waitpid sys_waitpid
+8  common  creat   sys_creat
+9  common  linksys_link
+10 common  unlink  sys_unlink
+11 common  execve  sys_execve
+12 common  chdir   sys_chdir
+13 common  timesys_time32
+14 common  mknod   sys_mknod
+15 common  chmod   sys_chmod
+16 common  lchown  sys_lchown16
+# 17 was break
+18 common  oldstat sys_stat
+19 common  lseek   sys_lseek
+20 common  getpid  sys_getpid
+21 common  mount   sys_mount
+22 common  umount  sys_oldumount
+23 common  setuid  sys_setuid16
+24 common  getuid  sys_getuid16
+25 common  stime   sys_stime32
+26 common  ptrace  sys_ptrace
+27 common  alarm   sys_alarm
+28 common  oldfstatsys_fstat
+29 common  pause   sys_pause
+30 common  utime   sys_utime32
+# 31 was stty
+# 32 was gtty
+33 common  access  sys_access
+34 common  nicesys_nice
+# 35 was ftime
+36 common  syncsys_sync
+37 common  killsys_kill
+38 common  rename  sys_rename
+39 common  mkdir   sys_mkdir
+40 common  rmdir   sys_rmdir
+41 common  dup sys_dup
+42 common  pipesys_sh_pipe
+43 common  times   sys_times
+# 44 was prof
+45 common  brk sys_brk
+46 common  setgid  sys_setgid16
+47 common  getgid  sys_getgid16
+48 common  signal  sys_signal
+49 common  geteuid sys_geteuid16
+50 common  getegid sys_getegid16
+51 common  acctsys_acct

[PATCH 11/22] linux-user, s390x: remove syscall definitions for !TARGET_S390X

[Laurent Vivier]

We don't support other 32bit architecture.
Update file to comply with coding style (TAB).

Signed-off-by: Laurent Vivier 
---
 linux-user/s390x/syscall_nr.h | 313 +-
 1 file changed, 123 insertions(+), 190 deletions(-)

diff --git a/linux-user/s390x/syscall_nr.h b/linux-user/s390x/syscall_nr.h
index b1553a0810c8..261da1b0c30e 100644
--- a/linux-user/s390x/syscall_nr.h
+++ b/linux-user/s390x/syscall_nr.h
@@ -11,7 +11,7 @@
 #define TARGET_NR_write4
 #define TARGET_NR_open 5
 #define TARGET_NR_close6
-#define TARGET_NR_restart_syscall7
+#define TARGET_NR_restart_syscall 7
 #define TARGET_NR_creat8
 #define TARGET_NR_link 9
 #define TARGET_NR_unlink  10
@@ -108,6 +108,7 @@
 #define TARGET_NR_personality136
 #define TARGET_NR_afs_syscall137 /* Syscall for Andrew File System */
 #define TARGET_NR_getdents   141
+#define TARGET_NR_select142
 #define TARGET_NR_flock  143
 #define TARGET_NR_msync  144
 #define TARGET_NR_readv  145
@@ -147,116 +148,137 @@
 #define TARGET_NR_capset 185
 #define TARGET_NR_sigaltstack186
 #define TARGET_NR_sendfile   187
-#define TARGET_NR_getpmsg  188
-#define TARGET_NR_putpmsg  189
-#define TARGET_NR_vfork190
+#define TARGET_NR_getpmsg   188
+#define TARGET_NR_putpmsg   189
+#define TARGET_NR_vfork 190
+#define TARGET_NR_getrlimit 191 /* SuS compliant getrlimit */
+#define TARGET_NR_lchown198
+#define TARGET_NR_getuid199
+#define TARGET_NR_getgid200
+#define TARGET_NR_geteuid   201
+#define TARGET_NR_getegid   202
+#define TARGET_NR_setreuid  203
+#define TARGET_NR_setregid  204
+#define TARGET_NR_getgroups 205
+#define TARGET_NR_setgroups 206
+#define TARGET_NR_fchown207
+#define TARGET_NR_setresuid 208
+#define TARGET_NR_getresuid 209
+#define TARGET_NR_setresgid 210
+#define TARGET_NR_getresgid 211
+#define TARGET_NR_chown 212
+#define TARGET_NR_setuid213
+#define TARGET_NR_setgid214
+#define TARGET_NR_setfsuid  215
+#define TARGET_NR_setfsgid  216
 #define TARGET_NR_pivot_root 217
 #define TARGET_NR_mincore218
 #define TARGET_NR_madvise219
-#define TARGET_NR_getdents64   220
-#define TARGET_NR_readahead222
-#define TARGET_NR_setxattr 224
-#define TARGET_NR_lsetxattr225
-#define TARGET_NR_fsetxattr226
-#define TARGET_NR_getxattr 227
-#define TARGET_NR_lgetxattr228
-#define TARGET_NR_fgetxattr229
-#define TARGET_NR_listxattr230
-#define TARGET_NR_llistxattr   231
-#define TARGET_NR_flistxattr   232
-#define TARGET_NR_removexattr  233
-#define TARGET_NR_lremovexattr 234
-#define TARGET_NR_fremovexattr 235
-#define TARGET_NR_gettid   236
-#define TARGET_NR_tkill237
-#define TARGET_NR_futex238
-#define TARGET_NR_sched_setaffinity239
-#define TARGET_NR_sched_getaffinity240
-#define TARGET_NR_tgkill   241
+#define TARGET_NR_getdents64220
+#define TARGET_NR_readahead 222
+#define TARGET_NR_setxattr  224
+#define TARGET_NR_lsetxattr 225
+#define TARGET_NR_fsetxattr 226
+#define TARGET_NR_getxattr  227
+#define TARGET_NR_lgetxattr 228
+#define TARGET_NR_fgetxattr 229
+#define TARGET_NR_listxattr 230
+#define TARGET_NR_llistxattr231
+#define TARGET_NR_flistxattr232
+#define TARGET_NR_removexattr   233
+#define TARGET_NR_lremovexattr  234
+#define TARGET_NR_fremovexattr  235
+#define TARGET_NR_gettid236
+#define TARGET_NR_tkill 237
+#define TARGET_NR_futex 238
+#define TARGET_NR_sched_setaffinity 239
+#define TARGET_NR_sched_getaffinity 240
+#define TARGET_NR_tgkill241
 /* Number 242 is reserved for tux */
-#define TARGET_NR_io_setup 243
-#define TARGET_NR_io_destroy   244
-#define TARGET_NR_io_getevents 245
-#define TARGET_NR_io_submit246
-#define TARGET_NR_io_cancel247
-#define TARGET_NR_exit_group   248
-#define TARGET_NR_epoll_create 249
-#define TARGET_NR_epoll_ctl250
-#define TARGET_NR_epoll_wait   251
-#define TARGET_NR_set_tid_address  252
-#define TARGET_NR_fadvise64253
-#define TARGET_NR_timer_create 254
-#define TARGET_NR_timer_settime(TARGET_NR_timer_create+1)
-#define TARGET_NR_timer_gettime(TARGET_NR_timer_create+2)
-#define 

[PATCH 20/22] linux-user: update syscall.tbl from linux 0bf999f9c5e7

[Laurent Vivier]

Run scripts/update-syscalltbl.sh with linux commit 0bf999f9c5e7

Signed-off-by: Laurent Vivier 
---
 linux-user/arm/syscall.tbl| 2 ++
 linux-user/hppa/syscall.tbl   | 2 ++
 linux-user/i386/syscall_32.tbl| 2 ++
 linux-user/m68k/syscall.tbl   | 4 +++-
 linux-user/microblaze/syscall.tbl | 2 ++
 linux-user/mips/syscall_o32.tbl   | 2 ++
 linux-user/mips64/syscall_n32.tbl | 2 ++
 linux-user/mips64/syscall_n64.tbl | 2 ++
 linux-user/ppc/syscall.tbl| 2 ++
 linux-user/s390x/syscall.tbl  | 2 ++
 linux-user/sh4/syscall.tbl| 2 ++
 linux-user/sparc/syscall.tbl  | 2 ++
 linux-user/sparc64/syscall.tbl| 2 ++
 linux-user/x86_64/syscall_64.tbl  | 2 ++
 linux-user/xtensa/syscall.tbl | 2 ++
 15 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/linux-user/arm/syscall.tbl b/linux-user/arm/syscall.tbl
index 6da7dc4d79cc..4d1cf74a2caa 100644
--- a/linux-user/arm/syscall.tbl
+++ b/linux-user/arm/syscall.tbl
@@ -449,3 +449,5 @@
 433common  fspick  sys_fspick
 434common  pidfd_open  sys_pidfd_open
 435common  clone3  sys_clone3
+437common  openat2 sys_openat2
+438common  pidfd_getfd sys_pidfd_getfd
diff --git a/linux-user/hppa/syscall.tbl b/linux-user/hppa/syscall.tbl
index 285ff516150c..52a15f5cd130 100644
--- a/linux-user/hppa/syscall.tbl
+++ b/linux-user/hppa/syscall.tbl
@@ -433,3 +433,5 @@
 433common  fspick  sys_fspick
 434common  pidfd_open  sys_pidfd_open
 435common  clone3  sys_clone3_wrapper
+437common  openat2 sys_openat2
+438common  pidfd_getfd sys_pidfd_getfd
diff --git a/linux-user/i386/syscall_32.tbl b/linux-user/i386/syscall_32.tbl
index a2728f45906e..4fea592676c2 100644
--- a/linux-user/i386/syscall_32.tbl
+++ b/linux-user/i386/syscall_32.tbl
@@ -440,3 +440,5 @@
 433i386fspick  sys_fspick  
__ia32_sys_fspick
 434i386pidfd_open  sys_pidfd_open  
__ia32_sys_pidfd_open
 435i386clone3  sys_clone3  
__ia32_sys_clone3
+437i386openat2 sys_openat2 
__ia32_sys_openat2
+438i386pidfd_getfd sys_pidfd_getfd 
__ia32_sys_pidfd_getfd
diff --git a/linux-user/m68k/syscall.tbl b/linux-user/m68k/syscall.tbl
index a88a285a0e5f..f4f49fcb76d0 100644
--- a/linux-user/m68k/syscall.tbl
+++ b/linux-user/m68k/syscall.tbl
@@ -434,4 +434,6 @@
 432common  fsmount sys_fsmount
 433common  fspick  sys_fspick
 434common  pidfd_open  sys_pidfd_open
-# 435 reserved for clone3
+435common  clone3  __sys_clone3
+437common  openat2 sys_openat2
+438common  pidfd_getfd sys_pidfd_getfd
diff --git a/linux-user/microblaze/syscall.tbl 
b/linux-user/microblaze/syscall.tbl
index 09b0cd7dab0a..4c67b11f9c9e 100644
--- a/linux-user/microblaze/syscall.tbl
+++ b/linux-user/microblaze/syscall.tbl
@@ -441,3 +441,5 @@
 433common  fspick  sys_fspick
 434common  pidfd_open  sys_pidfd_open
 435common  clone3  sys_clone3
+437common  openat2 sys_openat2
+438common  pidfd_getfd sys_pidfd_getfd
diff --git a/linux-user/mips/syscall_o32.tbl b/linux-user/mips/syscall_o32.tbl
index 353539ea4140..ac586774c980 100644
--- a/linux-user/mips/syscall_o32.tbl
+++ b/linux-user/mips/syscall_o32.tbl
@@ -423,3 +423,5 @@
 433o32 fspick  sys_fspick
 434o32 pidfd_open  sys_pidfd_open
 435o32 clone3  __sys_clone3
+437o32 openat2 sys_openat2
+438o32 pidfd_getfd sys_pidfd_getfd
diff --git a/linux-user/mips64/syscall_n32.tbl 
b/linux-user/mips64/syscall_n32.tbl
index e7c5ab38e403..1f9e8ad636cc 100644
--- a/linux-user/mips64/syscall_n32.tbl
+++ b/linux-user/mips64/syscall_n32.tbl
@@ -374,3 +374,5 @@
 433n32 fspick  sys_fspick
 434n32 pidfd_open  sys_pidfd_open
 435n32 clone3  __sys_clone3
+437n32 openat2 sys_openat2
+438n32 pidfd_getfd sys_pidfd_getfd
diff --git a/linux-user/mips64/syscall_n64.tbl 
b/linux-user/mips64/syscall_n64.tbl
index 13cd66581f3b..c0b9d802dbf6 100644
--- a/linux-user/mips64/syscall_n64.tbl
+++ b/linux-user/mips64/syscall_n64.tbl
@@ -350,3 +350,5 @@
 433n64 fspick  sys_fspick
 434n64 pidfd_open  sys_pidfd_open
 435  

[PATCH 13/22] linux-user, sparc, sparc64: add syscall table generation support

[Laurent Vivier]

Copy syscall.tbl and syscallhdr.sh from linux/arch/sparc/kernel/syscalls v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h

Signed-off-by: Laurent Vivier 
---
 configure|   3 +
 linux-user/Makefile.objs |   2 +
 linux-user/sparc/Makefile.objs   |   5 +
 linux-user/sparc/syscall.tbl | 483 +++
 linux-user/sparc/syscall_nr.h| 363 ---
 linux-user/sparc/syscallhdr.sh   |  32 ++
 linux-user/sparc64/Makefile.objs |   5 +
 linux-user/sparc64/syscall.tbl   | 483 +++
 linux-user/sparc64/syscall_nr.h  | 366 ---
 linux-user/sparc64/syscallhdr.sh |  32 ++
 10 files changed, 1045 insertions(+), 729 deletions(-)
 create mode 100644 linux-user/sparc/Makefile.objs
 create mode 100644 linux-user/sparc/syscall.tbl
 delete mode 100644 linux-user/sparc/syscall_nr.h
 create mode 100644 linux-user/sparc/syscallhdr.sh
 create mode 100644 linux-user/sparc64/Makefile.objs
 create mode 100644 linux-user/sparc64/syscall.tbl
 delete mode 100644 linux-user/sparc64/syscall_nr.h
 create mode 100644 linux-user/sparc64/syscallhdr.sh

diff --git a/configure b/configure
index 5948ae837f98..529089d8d491 100755
--- a/configure
+++ b/configure
@@ -7788,14 +7788,17 @@ case "$target_name" in
 bflt="yes"
   ;;
   sparc)
+TARGET_SYSTBL_ABI=common,32
   ;;
   sparc64)
 TARGET_BASE_ARCH=sparc
+TARGET_SYSTBL_ABI=common,64
   ;;
   sparc32plus)
 TARGET_ARCH=sparc64
 TARGET_BASE_ARCH=sparc
 TARGET_ABI_DIR=sparc
+TARGET_SYSTBL_ABI=common,32
 echo "TARGET_ABI32=y" >> $config_target_mak
   ;;
   s390x)
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index f4e666e74c91..36f20cad794c 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -16,4 +16,6 @@ obj-$(TARGET_PPC) += ppc/
 obj-$(TARGET_PPC64) += ppc/
 obj-$(TARGET_S390X) += s390x/
 obj-$(TARGET_SH4) += sh4/
+obj-$(TARGET_SPARC) += sparc/
+obj-$(TARGET_SPARC64) += $(TARGET_ABI_DIR)/
 obj-$(TARGET_XTENSA) += xtensa/
diff --git a/linux-user/sparc/Makefile.objs b/linux-user/sparc/Makefile.objs
new file mode 100644
index ..7e58fbf03212
--- /dev/null
+++ b/linux-user/sparc/Makefile.objs
@@ -0,0 +1,5 @@
+generated-files-y += linux-user/sparc/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/sparc/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/sparc/syscall.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/sparc/syscall.tbl b/linux-user/sparc/syscall.tbl
new file mode 100644
index ..8c8cc7537fb2
--- /dev/null
+++ b/linux-user/sparc/syscall.tbl
@@ -0,0 +1,483 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# system call numbers and entry vectors for sparc
+#
+# The format is:
+# 
+#
+# The  can be common, 64, or 32 for this file.
+#
+0  common  restart_syscall sys_restart_syscall
+1  32  exitsys_exit
sparc_exit
+1  64  exitsparc_exit
+2  common  forksys_fork
+3  common  readsys_read
+4  common  write   sys_write
+5  common  opensys_open
compat_sys_open
+6  common  close   sys_close
+7  common  wait4   sys_wait4   
compat_sys_wait4
+8  common  creat   sys_creat
+9  common  linksys_link
+10 common  unlink  sys_unlink
+11 32  execv   sunos_execv
+11 64  execv   sys_nis_syscall
+12 common  chdir   sys_chdir
+13 32  chown   sys_chown16
+13 64  chown   sys_chown
+14 common  mknod   sys_mknod
+15 common  chmod   sys_chmod
+16 32  lchown  sys_lchown16
+16 64  lchown  sys_lchown
+17 common  brk sys_brk
+18 common  perfctr sys_nis_syscall
+19 common  lseek   sys_lseek   
compat_sys_lseek
+20 common  getpid  sys_getpid
+21 common  capget  sys_capget
+22 common  capset  sys_capset
+23 32  setuid  sys_setuid16
+23 64  setuid  sys_setuid
+24 32  getuid  sys_getuid16
+24 64  getuid  sys_getuid
+25 common  vmsplicesys_vmsplice
compat_sys_vmsplice
+26 common  ptrace  sys_ptrace  
compat_sys_ptrace
+27 common  alarm   sys_alarm
+28 common  sigaltstack sys_sigaltstack 
compat_sys_sigaltstack
+29 32  

[PATCH 18/22] linux-user, mips64: add syscall table generation support

[Laurent Vivier]

Copy syscall_n32.tbl, syscall_n64.tbl and syscallhdr.sh from
linux/arch/parisc/kernel/syscalls v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h

Move the offsets (6000 for n32 and 5000 for n64) from the file to
the Makefile.objs to be passed to syscallhdr.sh

Signed-off-by: Laurent Vivier 
---
 configure |   2 +
 linux-user/Makefile.objs  |   1 +
 linux-user/mips64/Makefile.objs   |   9 +
 linux-user/mips64/syscall32_nr.h  | 375 -
 linux-user/mips64/syscall64_nr.h  | 351 
 linux-user/mips64/syscall_n32.tbl | 376 ++
 linux-user/mips64/syscall_n64.tbl | 352 
 linux-user/mips64/syscallhdr.sh   |  33 +++
 8 files changed, 773 insertions(+), 726 deletions(-)
 create mode 100644 linux-user/mips64/Makefile.objs
 delete mode 100644 linux-user/mips64/syscall32_nr.h
 delete mode 100644 linux-user/mips64/syscall64_nr.h
 create mode 100644 linux-user/mips64/syscall_n32.tbl
 create mode 100644 linux-user/mips64/syscall_n64.tbl
 create mode 100644 linux-user/mips64/syscallhdr.sh

diff --git a/configure b/configure
index 24455fb069ac..f9edb30c283e 100755
--- a/configure
+++ b/configure
@@ -7731,12 +7731,14 @@ case "$target_name" in
 TARGET_BASE_ARCH=mips
 echo "TARGET_ABI_MIPSN32=y" >> $config_target_mak
 echo "TARGET_ABI32=y" >> $config_target_mak
+TARGET_SYSTBL_ABI=n32
   ;;
   mips64|mips64el)
 mttcg="yes"
 TARGET_ARCH=mips64
 TARGET_BASE_ARCH=mips
 echo "TARGET_ABI_MIPSN64=y" >> $config_target_mak
+TARGET_SYSTBL_ABI=n64
   ;;
   moxie)
   ;;
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index 0a0715e9e192..1940910a7321 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -14,6 +14,7 @@ obj-$(TARGET_I386) += i386/
 obj-$(TARGET_M68K) += m68k/
 obj-$(TARGET_MICROBLAZE) += microblaze/
 obj-$(TARGET_MIPS) += mips/
+obj-$(TARGET_MIPS64) += mips64/
 obj-$(TARGET_PPC) += ppc/
 obj-$(TARGET_PPC64) += ppc/
 obj-$(TARGET_S390X) += s390x/
diff --git a/linux-user/mips64/Makefile.objs b/linux-user/mips64/Makefile.objs
new file mode 100644
index ..d812a326bba9
--- /dev/null
+++ b/linux-user/mips64/Makefile.objs
@@ -0,0 +1,9 @@
+generated-files-y += linux-user/$(TARGET_ABI_DIR)/syscall32_nr.h
+generated-files-y += linux-user/$(TARGET_ABI_DIR)/syscall64_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/$(TARGET_ABI_DIR)/syscallhdr.sh
+
+%/syscall32_nr.h: $(SRC_PATH)/linux-user/$(TARGET_ABI_DIR)/syscall_n32.tbl 
$(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ $(TARGET_SYSTBL_ABI) "" 
6000,,"GEN","$@")
+%/syscall64_nr.h: $(SRC_PATH)/linux-user/$(TARGET_ABI_DIR)/syscall_n64.tbl 
$(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ $(TARGET_SYSTBL_ABI) "" 
5000,,"GEN","$@")
diff --git a/linux-user/mips64/syscall32_nr.h b/linux-user/mips64/syscall32_nr.h
deleted file mode 100644
index 3244a543ba76..
--- a/linux-user/mips64/syscall32_nr.h
+++ /dev/null
@@ -1,375 +0,0 @@
-#ifndef LINUX_USER_MIPS64_SYSCALL32_NR_H
-#define LINUX_USER_MIPS64_SYSCALL32_NR_H
-
-/*
- * Linux N32 syscalls are in the range from 6000 to 6999.
- */
-#define TARGET_NR_Linux 6000
-#define TARGET_NR_read  (TARGET_NR_Linux +   0)
-#define TARGET_NR_write (TARGET_NR_Linux +   1)
-#define TARGET_NR_open  (TARGET_NR_Linux +   2)
-#define TARGET_NR_close (TARGET_NR_Linux +   3)
-#define TARGET_NR_stat  (TARGET_NR_Linux +   4)
-#define TARGET_NR_fstat (TARGET_NR_Linux +   5)
-#define TARGET_NR_lstat (TARGET_NR_Linux +   6)
-#define TARGET_NR_poll  (TARGET_NR_Linux +   7)
-#define TARGET_NR_lseek (TARGET_NR_Linux +   8)
-#define TARGET_NR_mmap  (TARGET_NR_Linux +   9)
-#define TARGET_NR_mprotect  (TARGET_NR_Linux +  10)
-#define TARGET_NR_munmap(TARGET_NR_Linux +  11)
-#define TARGET_NR_brk   (TARGET_NR_Linux +  12)
-#define TARGET_NR_rt_sigaction  (TARGET_NR_Linux +  13)
-#define TARGET_NR_rt_sigprocmask(TARGET_NR_Linux +  14)
-#define TARGET_NR_ioctl (TARGET_NR_Linux +  15)
-#define TARGET_NR_pread64   (TARGET_NR_Linux +  16)
-#define TARGET_NR_pwrite64  (TARGET_NR_Linux +  17)
-#define TARGET_NR_readv (TARGET_NR_Linux +  18)
-#define TARGET_NR_writev(TARGET_NR_Linux +  19)
-#define TARGET_NR_access(TARGET_NR_Linux +  20)
-#define TARGET_NR_pipe  (TARGET_NR_Linux +  21)
-#define TARGET_NR__newselect(TARGET_NR_Linux +  22)
-#define TARGET_NR_sched_yield   (TARGET_NR_Linux +  23)
-#define TARGET_NR_mremap(TARGET_NR_Linux +  24)
-#define TARGET_NR_msync (TARGET_NR_Linux +  25)
-#define TARGET_NR_mincore   (TARGET_NR_Linux +  

[PATCH 14/22] linux-user,i386: add syscall table generation support

[Laurent Vivier]

Copy syscall_32.tbl and syscallhdr.sh from linux/arch/x86/kernel/syscalls v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h

Disable arch_prctl in syscall_32.tbl because linux-user/syscall.c only
defines do_arch_prctl() with TARGET_ABI32, and TARGET_ABI32 is never
defined for TARGET_I386 (This needs to be fixed).

Signed-off-by: Laurent Vivier 
---
 configure  |   1 +
 linux-user/Makefile.objs   |   1 +
 linux-user/i386/Makefile.objs  |   5 +
 linux-user/i386/syscall_32.tbl | 442 +
 linux-user/i386/syscall_nr.h   | 387 -
 linux-user/i386/syscallhdr.sh  |  28 +++
 6 files changed, 477 insertions(+), 387 deletions(-)
 create mode 100644 linux-user/i386/Makefile.objs
 create mode 100644 linux-user/i386/syscall_32.tbl
 delete mode 100644 linux-user/i386/syscall_nr.h
 create mode 100644 linux-user/i386/syscallhdr.sh

diff --git a/configure b/configure
index 529089d8d491..d6488a7c5871 100755
--- a/configure
+++ b/configure
@@ -7674,6 +7674,7 @@ case "$target_name" in
   i386)
 mttcg="yes"
gdb_xml_files="i386-32bit.xml"
+TARGET_SYSTBL_ABI=i386
   ;;
   x86_64)
 TARGET_BASE_ARCH=i386
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index 36f20cad794c..720d9773b813 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -10,6 +10,7 @@ obj-$(TARGET_AARCH64) += arm/semihost.o
 obj-$(TARGET_ALPHA) += alpha/
 obj-$(TARGET_ARM) += arm/
 obj-$(TARGET_HPPA) += hppa/
+obj-$(TARGET_I386) += i386/
 obj-$(TARGET_M68K) += m68k/
 obj-$(TARGET_MICROBLAZE) += microblaze/
 obj-$(TARGET_PPC) += ppc/
diff --git a/linux-user/i386/Makefile.objs b/linux-user/i386/Makefile.objs
new file mode 100644
index ..0ebec4e16328
--- /dev/null
+++ b/linux-user/i386/Makefile.objs
@@ -0,0 +1,5 @@
+generated-files-y += linux-user/i386/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/i386/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/i386/syscall_32.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/i386/syscall_32.tbl b/linux-user/i386/syscall_32.tbl
new file mode 100644
index ..a2728f45906e
--- /dev/null
+++ b/linux-user/i386/syscall_32.tbl
@@ -0,0 +1,442 @@
+#
+# 32-bit system call numbers and entry vectors
+#
+# The format is:
+# 
+#
+# The __ia32_sys and __ia32_compat_sys stubs are created on-the-fly for
+# sys_*() system calls and compat_sys_*() compat system calls if
+# IA32_EMULATION is defined, and expect struct pt_regs *regs as their only
+# parameter.
+#
+# The abi is always "i386" for this file.
+#
+0  i386restart_syscall sys_restart_syscall 
__ia32_sys_restart_syscall
+1  i386exitsys_exit
__ia32_sys_exit
+2  i386forksys_fork
__ia32_sys_fork
+3  i386readsys_read
__ia32_sys_read
+4  i386write   sys_write   
__ia32_sys_write
+5  i386opensys_open
__ia32_compat_sys_open
+6  i386close   sys_close   
__ia32_sys_close
+7  i386waitpid sys_waitpid 
__ia32_sys_waitpid
+8  i386creat   sys_creat   
__ia32_sys_creat
+9  i386linksys_link
__ia32_sys_link
+10 i386unlink  sys_unlink  
__ia32_sys_unlink
+11 i386execve  sys_execve  
__ia32_compat_sys_execve
+12 i386chdir   sys_chdir   
__ia32_sys_chdir
+13 i386timesys_time32  
__ia32_sys_time32
+14 i386mknod   sys_mknod   
__ia32_sys_mknod
+15 i386chmod   sys_chmod   
__ia32_sys_chmod
+16 i386lchown  sys_lchown16
__ia32_sys_lchown16
+17 i386break
+18 i386oldstat sys_stat
__ia32_sys_stat
+19 i386lseek   sys_lseek   
__ia32_compat_sys_lseek
+20 i386getpid  sys_getpid  
__ia32_sys_getpid
+21 i386mount   sys_mount   
__ia32_compat_sys_mount
+22 i386umount  sys_oldumount   
__ia32_sys_oldumount
+23 i386setuid  sys_setuid16
__ia32_sys_setuid16
+24 i386getuid  sys_getuid16
__ia32_sys_getuid16
+25 i386stime   sys_stime32 
__ia32_sys_stime32
+26 i386

[PATCH 08/22] linux-user,arm: add syscall table generation support

[Laurent Vivier]

Copy syscall.tbl and syscallhdr.sh from linux/arch/arm/tools/syscalls v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h

Signed-off-by: Laurent Vivier 
---
 configure|   1 +
 linux-user/Makefile.objs |   3 +-
 linux-user/arm/Makefile.objs |   8 +
 linux-user/arm/syscall.tbl   | 451 +++
 linux-user/arm/syscall_nr.h  | 447 --
 linux-user/arm/syscallhdr.sh |  31 +++
 6 files changed, 492 insertions(+), 449 deletions(-)
 create mode 100644 linux-user/arm/Makefile.objs
 create mode 100644 linux-user/arm/syscall.tbl
 delete mode 100644 linux-user/arm/syscall_nr.h
 create mode 100644 linux-user/arm/syscallhdr.sh

diff --git a/configure b/configure
index 7873e059e8c4..6db6a658b355 100755
--- a/configure
+++ b/configure
@@ -7686,6 +7686,7 @@ case "$target_name" in
   ;;
   arm|armeb)
 TARGET_ARCH=arm
+TARGET_SYSTBL_ABI=common,oabi
 bflt="yes"
 mttcg="yes"
 gdb_xml_files="arm-core.xml arm-vfp.xml arm-vfp3.xml arm-neon.xml"
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index 5a26281e8867..bc12e38291bc 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -5,11 +5,10 @@ obj-y = main.o syscall.o strace.o mmap.o signal.o \
 
 obj-$(TARGET_HAS_BFLT) += flatload.o
 obj-$(TARGET_I386) += vm86.o
-obj-$(TARGET_ARM) += arm/nwfpe/
-obj-$(TARGET_ARM) += arm/semihost.o
 obj-$(TARGET_AARCH64) += arm/semihost.o
 
 obj-$(TARGET_ALPHA) += alpha/
+obj-$(TARGET_ARM) += arm/
 obj-$(TARGET_HPPA) += hppa/
 obj-$(TARGET_M68K) += m68k/
 obj-$(TARGET_MICROBLAZE) += microblaze/
diff --git a/linux-user/arm/Makefile.objs b/linux-user/arm/Makefile.objs
new file mode 100644
index ..bb763838bf5c
--- /dev/null
+++ b/linux-user/arm/Makefile.objs
@@ -0,0 +1,8 @@
+obj-$(TARGET_ARM) += nwfpe/
+obj-$(TARGET_ARM) += semihost.o
+
+generated-files-y += linux-user/arm/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/arm/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/arm/syscall.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/arm/syscall.tbl b/linux-user/arm/syscall.tbl
new file mode 100644
index ..6da7dc4d79cc
--- /dev/null
+++ b/linux-user/arm/syscall.tbl
@@ -0,0 +1,451 @@
+#
+# Linux system call numbers and entry vectors
+#
+# The format is:
+#  [  
[]]
+#
+# Where abi is:
+#  common - for system calls shared between oabi and eabi (may have compat)
+#  oabi   - for oabi-only system calls (may have compat)
+#  eabi   - for eabi-only system calls
+#
+# For each syscall number, "common" is mutually exclusive with oabi and eabi
+#
+0  common  restart_syscall sys_restart_syscall
+1  common  exitsys_exit
+2  common  forksys_fork
+3  common  readsys_read
+4  common  write   sys_write
+5  common  opensys_open
+6  common  close   sys_close
+# 7 was sys_waitpid
+8  common  creat   sys_creat
+9  common  linksys_link
+10 common  unlink  sys_unlink
+11 common  execve  sys_execve
+12 common  chdir   sys_chdir
+13 oabitimesys_time32
+14 common  mknod   sys_mknod
+15 common  chmod   sys_chmod
+16 common  lchown  sys_lchown16
+# 17 was sys_break
+# 18 was sys_stat
+19 common  lseek   sys_lseek
+20 common  getpid  sys_getpid
+21 common  mount   sys_mount
+22 oabiumount  sys_oldumount
+23 common  setuid  sys_setuid16
+24 common  getuid  sys_getuid16
+25 oabistime   sys_stime32
+26 common  ptrace  sys_ptrace
+27 oabialarm   sys_alarm
+# 28 was sys_fstat
+29 common  pause   sys_pause
+30 oabiutime   sys_utime32
+# 31 was sys_stty
+# 32 was sys_gtty
+33 common  access  sys_access
+34 common  nicesys_nice
+# 35 was sys_ftime
+36 common  syncsys_sync
+37 common  killsys_kill
+38 common  rename  sys_rename
+39 common  mkdir   sys_mkdir
+40 common  rmdir   sys_rmdir
+41 common  dup sys_dup
+42 common  pipesys_pipe
+43 common  times   sys_times
+# 44 was sys_prof
+45 common  brk sys_brk
+46 common  setgid  sys_setgid16
+47 common  getgid  sys_getgid16
+# 48 was sys_signal
+49 common  geteuid sys_geteuid16
+50 common  

[PATCH 15/22] linux-user, x86_64: add syscall table generation support

[Laurent Vivier]

Copy syscall_64.tbl and syscallhdr.sh from linux/arch/x86/kernel/syscalls v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h

Signed-off-by: Laurent Vivier 
---
 configure|   1 +
 linux-user/Makefile.objs |   1 +
 linux-user/x86_64/Makefile.objs  |   5 +
 linux-user/x86_64/syscall_64.tbl | 402 +++
 linux-user/x86_64/syscall_nr.h   | 356 ---
 linux-user/x86_64/syscallhdr.sh  |  28 +++
 6 files changed, 437 insertions(+), 356 deletions(-)
 create mode 100644 linux-user/x86_64/Makefile.objs
 create mode 100644 linux-user/x86_64/syscall_64.tbl
 delete mode 100644 linux-user/x86_64/syscall_nr.h
 create mode 100644 linux-user/x86_64/syscallhdr.sh

diff --git a/configure b/configure
index d6488a7c5871..daed4d84e414 100755
--- a/configure
+++ b/configure
@@ -7678,6 +7678,7 @@ case "$target_name" in
   ;;
   x86_64)
 TARGET_BASE_ARCH=i386
+TARGET_SYSTBL_ABI=common,64
 mttcg="yes"
gdb_xml_files="i386-64bit.xml"
   ;;
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index 720d9773b813..1791bc48cd17 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -19,4 +19,5 @@ obj-$(TARGET_S390X) += s390x/
 obj-$(TARGET_SH4) += sh4/
 obj-$(TARGET_SPARC) += sparc/
 obj-$(TARGET_SPARC64) += $(TARGET_ABI_DIR)/
+obj-$(TARGET_X86_64) += x86_64/
 obj-$(TARGET_XTENSA) += xtensa/
diff --git a/linux-user/x86_64/Makefile.objs b/linux-user/x86_64/Makefile.objs
new file mode 100644
index ..1a1c2b01477c
--- /dev/null
+++ b/linux-user/x86_64/Makefile.objs
@@ -0,0 +1,5 @@
+generated-files-y += linux-user/x86_64/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/x86_64/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/x86_64/syscall_64.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/x86_64/syscall_64.tbl b/linux-user/x86_64/syscall_64.tbl
new file mode 100644
index ..c29976eca4a8
--- /dev/null
+++ b/linux-user/x86_64/syscall_64.tbl
@@ -0,0 +1,402 @@
+#
+# 64-bit system call numbers and entry vectors
+#
+# The format is:
+#
+#
+# The __x64_sys_*() stubs are created on-the-fly for sys_*() system calls
+#
+# The abi is "common", "64" or "x32" for this file.
+#
+0  common  read__x64_sys_read
+1  common  write   __x64_sys_write
+2  common  open__x64_sys_open
+3  common  close   __x64_sys_close
+4  common  stat__x64_sys_newstat
+5  common  fstat   __x64_sys_newfstat
+6  common  lstat   __x64_sys_newlstat
+7  common  poll__x64_sys_poll
+8  common  lseek   __x64_sys_lseek
+9  common  mmap__x64_sys_mmap
+10 common  mprotect__x64_sys_mprotect
+11 common  munmap  __x64_sys_munmap
+12 common  brk __x64_sys_brk
+13 64  rt_sigaction__x64_sys_rt_sigaction
+14 common  rt_sigprocmask  __x64_sys_rt_sigprocmask
+15 64  rt_sigreturn__x64_sys_rt_sigreturn/ptregs
+16 64  ioctl   __x64_sys_ioctl
+17 common  pread64 __x64_sys_pread64
+18 common  pwrite64__x64_sys_pwrite64
+19 64  readv   __x64_sys_readv
+20 64  writev  __x64_sys_writev
+21 common  access  __x64_sys_access
+22 common  pipe__x64_sys_pipe
+23 common  select  __x64_sys_select
+24 common  sched_yield __x64_sys_sched_yield
+25 common  mremap  __x64_sys_mremap
+26 common  msync   __x64_sys_msync
+27 common  mincore __x64_sys_mincore
+28 common  madvise __x64_sys_madvise
+29 common  shmget  __x64_sys_shmget
+30 common  shmat   __x64_sys_shmat
+31 common  shmctl  __x64_sys_shmctl
+32 common  dup __x64_sys_dup
+33 common  dup2__x64_sys_dup2
+34 common  pause   __x64_sys_pause
+35 common  nanosleep   __x64_sys_nanosleep
+36 common  getitimer   __x64_sys_getitimer
+37 common  alarm   __x64_sys_alarm
+38 common  setitimer   __x64_sys_setitimer
+39 common  getpid  __x64_sys_getpid
+40 common  sendfile__x64_sys_sendfile64
+41 common  socket  __x64_sys_socket
+42 common  connect __x64_sys_connect
+43 common  accept  __x64_sys_accept
+44 common  sendto  __x64_sys_sendto
+45 64  recvfrom__x64_sys_recvfrom
+46 64  sendmsg 

[PATCH 16/22] linux-user,mips: add syscall table generation support

[Laurent Vivier]

Copy syscall.tbl and syscallhdr.sh from 
linux/arch/mips/kernel/syscalls/syscall_o32.tbl v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h
Move the offset (4000) from the file to the Makefile.objs to be passed
to syscallhdr.sh
Rename on the fly fadvise64 to fadvise64_64.

Signed-off-by: Laurent Vivier 
---
 configure   |   1 +
 linux-user/Makefile.objs|   1 +
 linux-user/mips/Makefile.objs   |   5 +
 linux-user/mips/syscall_nr.h| 425 
 linux-user/mips/syscall_o32.tbl | 425 
 linux-user/mips/syscallhdr.sh   |  36 +++
 6 files changed, 468 insertions(+), 425 deletions(-)
 create mode 100644 linux-user/mips/Makefile.objs
 delete mode 100644 linux-user/mips/syscall_nr.h
 create mode 100644 linux-user/mips/syscall_o32.tbl
 create mode 100644 linux-user/mips/syscallhdr.sh

diff --git a/configure b/configure
index daed4d84e414..24455fb069ac 100755
--- a/configure
+++ b/configure
@@ -7723,6 +7723,7 @@ case "$target_name" in
 mttcg="yes"
 TARGET_ARCH=mips
 echo "TARGET_ABI_MIPSO32=y" >> $config_target_mak
+TARGET_SYSTBL_ABI=o32
   ;;
   mipsn32|mipsn32el)
 mttcg="yes"
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index 1791bc48cd17..0a0715e9e192 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -13,6 +13,7 @@ obj-$(TARGET_HPPA) += hppa/
 obj-$(TARGET_I386) += i386/
 obj-$(TARGET_M68K) += m68k/
 obj-$(TARGET_MICROBLAZE) += microblaze/
+obj-$(TARGET_MIPS) += mips/
 obj-$(TARGET_PPC) += ppc/
 obj-$(TARGET_PPC64) += ppc/
 obj-$(TARGET_S390X) += s390x/
diff --git a/linux-user/mips/Makefile.objs b/linux-user/mips/Makefile.objs
new file mode 100644
index ..440dba1a5d09
--- /dev/null
+++ b/linux-user/mips/Makefile.objs
@@ -0,0 +1,5 @@
+generated-files-y += linux-user/mips/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/mips/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/mips/syscall_o32.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ $(TARGET_SYSTBL_ABI) "" 
4000,,"GEN","$@")
diff --git a/linux-user/mips/syscall_nr.h b/linux-user/mips/syscall_nr.h
deleted file mode 100644
index 0be3af1c8455..
--- a/linux-user/mips/syscall_nr.h
+++ /dev/null
@@ -1,425 +0,0 @@
-/*
- * Linux o32 style syscalls are in the range from 4000 to 4999.
- */
-
-#ifndef LINUX_USER_MIPS_SYSCALL_NR_H
-#define LINUX_USER_MIPS_SYSCALL_NR_H
-
-#define TARGET_NR_Linux4000
-#define TARGET_NR_syscall  (TARGET_NR_Linux +   0)
-#define TARGET_NR_exit (TARGET_NR_Linux +   1)
-#define TARGET_NR_fork (TARGET_NR_Linux +   2)
-#define TARGET_NR_read (TARGET_NR_Linux +   3)
-#define TARGET_NR_write(TARGET_NR_Linux +   4)
-#define TARGET_NR_open (TARGET_NR_Linux +   5)
-#define TARGET_NR_close(TARGET_NR_Linux +   6)
-#define TARGET_NR_waitpid  (TARGET_NR_Linux +   7)
-#define TARGET_NR_creat(TARGET_NR_Linux +   8)
-#define TARGET_NR_link (TARGET_NR_Linux +   9)
-#define TARGET_NR_unlink   (TARGET_NR_Linux +  10)
-#define TARGET_NR_execve   (TARGET_NR_Linux +  11)
-#define TARGET_NR_chdir(TARGET_NR_Linux +  12)
-#define TARGET_NR_time (TARGET_NR_Linux +  13)
-#define TARGET_NR_mknod(TARGET_NR_Linux +  14)
-#define TARGET_NR_chmod(TARGET_NR_Linux +  15)
-#define TARGET_NR_lchown   (TARGET_NR_Linux +  16)
-#define TARGET_NR_break(TARGET_NR_Linux +  17)
-#define TARGET_NR_unused18 (TARGET_NR_Linux +  18)
-#define TARGET_NR_lseek(TARGET_NR_Linux +  19)
-#define TARGET_NR_getpid   (TARGET_NR_Linux +  20)
-#define TARGET_NR_mount(TARGET_NR_Linux +  21)
-#define TARGET_NR_umount   (TARGET_NR_Linux +  22)
-#define TARGET_NR_setuid   (TARGET_NR_Linux +  23)
-#define TARGET_NR_getuid   (TARGET_NR_Linux +  24)
-#define TARGET_NR_stime(TARGET_NR_Linux +  25)
-#define TARGET_NR_ptrace   (TARGET_NR_Linux +  26)
-#define TARGET_NR_alarm(TARGET_NR_Linux +  27)
-#define TARGET_NR_unused28 (TARGET_NR_Linux +  28)
-#define TARGET_NR_pause(TARGET_NR_Linux +  29)
-#define TARGET_NR_utime(TARGET_NR_Linux +  30)
-#define TARGET_NR_stty (TARGET_NR_Linux +  31)
-#define TARGET_NR_gtty (TARGET_NR_Linux +  32)
-#define TARGET_NR_access   (TARGET_NR_Linux +  33)
-#define TARGET_NR_nice (TARGET_NR_Linux +  34)
-#define TARGET_NR_ftime(TARGET_NR_Linux +  35)
-#define TARGET_NR_sync (TARGET_NR_Linux +  36)
-#define TARGET_NR_kill 

[PATCH 21/22] linux-user,mips: move content of mips_syscall_args

[Laurent Vivier]

Move content of mips_syscall_args to mips-syscall-args-o32.c.inc to
ease automatic update. No functionnal change

Signed-off-by: Laurent Vivier 
---
 linux-user/mips/cpu_loop.c | 440 +
 linux-user/mips/syscall-args-o32.c.inc | 438 
 2 files changed, 439 insertions(+), 439 deletions(-)
 create mode 100644 linux-user/mips/syscall-args-o32.c.inc

diff --git a/linux-user/mips/cpu_loop.c b/linux-user/mips/cpu_loop.c
index 396367d81d8d..553e8ca7f576 100644
--- a/linux-user/mips/cpu_loop.c
+++ b/linux-user/mips/cpu_loop.c
@@ -26,447 +26,9 @@
 
 # ifdef TARGET_ABI_MIPSO32
 #  define MIPS_SYSCALL_NUMBER_UNUSED -1
-#  define MIPS_SYS(name, args) args,
 static const int8_t mips_syscall_args[] = {
-MIPS_SYS(sys_syscall, 8)/* 4000 */
-MIPS_SYS(sys_exit   , 1)
-MIPS_SYS(sys_fork   , 0)
-MIPS_SYS(sys_read   , 3)
-MIPS_SYS(sys_write  , 3)
-MIPS_SYS(sys_open   , 3)/* 4005 */
-MIPS_SYS(sys_close  , 1)
-MIPS_SYS(sys_waitpid, 3)
-MIPS_SYS(sys_creat  , 2)
-MIPS_SYS(sys_link   , 2)
-MIPS_SYS(sys_unlink , 1)/* 4010 */
-MIPS_SYS(sys_execve , 0)
-MIPS_SYS(sys_chdir  , 1)
-MIPS_SYS(sys_time   , 1)
-MIPS_SYS(sys_mknod  , 3)
-MIPS_SYS(sys_chmod  , 2)/* 4015 */
-MIPS_SYS(sys_lchown , 3)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_ni_syscall , 0)/* was sys_stat */
-MIPS_SYS(sys_lseek  , 3)
-MIPS_SYS(sys_getpid , 0)/* 4020 */
-MIPS_SYS(sys_mount  , 5)
-MIPS_SYS(sys_umount , 1)
-MIPS_SYS(sys_setuid , 1)
-MIPS_SYS(sys_getuid , 0)
-MIPS_SYS(sys_stime  , 1)/* 4025 */
-MIPS_SYS(sys_ptrace , 4)
-MIPS_SYS(sys_alarm  , 1)
-MIPS_SYS(sys_ni_syscall , 0)/* was sys_fstat */
-MIPS_SYS(sys_pause  , 0)
-MIPS_SYS(sys_utime  , 2)/* 4030 */
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_access , 2)
-MIPS_SYS(sys_nice   , 1)
-MIPS_SYS(sys_ni_syscall , 0)/* 4035 */
-MIPS_SYS(sys_sync   , 0)
-MIPS_SYS(sys_kill   , 2)
-MIPS_SYS(sys_rename , 2)
-MIPS_SYS(sys_mkdir  , 2)
-MIPS_SYS(sys_rmdir  , 1)/* 4040 */
-MIPS_SYS(sys_dup, 1)
-MIPS_SYS(sys_pipe   , 0)
-MIPS_SYS(sys_times  , 1)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_brk, 1)/* 4045 */
-MIPS_SYS(sys_setgid , 1)
-MIPS_SYS(sys_getgid , 0)
-MIPS_SYS(sys_ni_syscall , 0)/* was signal(2) */
-MIPS_SYS(sys_geteuid, 0)
-MIPS_SYS(sys_getegid, 0)/* 4050 */
-MIPS_SYS(sys_acct   , 0)
-MIPS_SYS(sys_umount2, 2)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_ioctl  , 3)
-MIPS_SYS(sys_fcntl  , 3)/* 4055 */
-MIPS_SYS(sys_ni_syscall , 2)
-MIPS_SYS(sys_setpgid, 2)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_olduname   , 1)
-MIPS_SYS(sys_umask  , 1)/* 4060 */
-MIPS_SYS(sys_chroot , 1)
-MIPS_SYS(sys_ustat  , 2)
-MIPS_SYS(sys_dup2   , 2)
-MIPS_SYS(sys_getppid, 0)
-MIPS_SYS(sys_getpgrp, 0)/* 4065 */
-MIPS_SYS(sys_setsid , 0)
-MIPS_SYS(sys_sigaction  , 3)
-MIPS_SYS(sys_sgetmask   , 0)
-MIPS_SYS(sys_ssetmask   , 1)
-MIPS_SYS(sys_setreuid   , 2)/* 4070 */
-MIPS_SYS(sys_setregid   , 2)
-MIPS_SYS(sys_sigsuspend , 0)
-MIPS_SYS(sys_sigpending , 1)
-MIPS_SYS(sys_sethostname, 2)
-MIPS_SYS(sys_setrlimit  , 2)/* 4075 */
-MIPS_SYS(sys_getrlimit  , 2)
-MIPS_SYS(sys_getrusage  , 2)
-MIPS_SYS(sys_gettimeofday, 2)
-MIPS_SYS(sys_settimeofday, 2)
-MIPS_SYS(sys_getgroups  , 2)/* 4080 */
-MIPS_SYS(sys_setgroups  , 2)
-MIPS_SYS(sys_ni_syscall , 0)/* old_select */
-MIPS_SYS(sys_symlink, 2)
-MIPS_SYS(sys_ni_syscall , 0)/* was sys_lstat */
-MIPS_SYS(sys_readlink   , 3)/* 4085 */
-MIPS_SYS(sys_uselib , 1)
-MIPS_SYS(sys_swapon , 2)
-MIPS_SYS(sys_reboot , 3)
-MIPS_SYS(old_readdir, 3)
-MIPS_SYS(old_mmap   , 6)/* 4090 */
-MIPS_SYS(sys_munmap , 2)
-MIPS_SYS(sys_truncate   , 2)
-MIPS_SYS(sys_ftruncate  , 2)
-MIPS_SYS(sys_fchmod , 2)
-MIPS_SYS(sys_fchown , 3)/* 4095 */
-MIPS_SYS(sys_getpriority, 2)
-MIPS_SYS(sys_setpriority, 3)
-MIPS_SYS(sys_ni_syscall , 0)
-MIPS_SYS(sys_statfs , 2)
-

[PATCH 05/22] linux-user, xtensa: add syscall table generation support

[Laurent Vivier]

Copy syscall.tbl and syscallhdr.sh from linux/arch/xtensa/kernel/syscalls v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h

Signed-off-by: Laurent Vivier 
---
 configure   |   1 +
 linux-user/Makefile.objs|   1 +
 linux-user/xtensa/Makefile.objs |   5 +
 linux-user/xtensa/syscall.tbl   | 408 +++
 linux-user/xtensa/syscall_nr.h  | 469 
 linux-user/xtensa/syscallhdr.sh |  32 +++
 6 files changed, 447 insertions(+), 469 deletions(-)
 create mode 100644 linux-user/xtensa/Makefile.objs
 create mode 100644 linux-user/xtensa/syscall.tbl
 delete mode 100644 linux-user/xtensa/syscall_nr.h
 create mode 100644 linux-user/xtensa/syscallhdr.sh

diff --git a/configure b/configure
index 8d895a906900..11ef230733fa 100755
--- a/configure
+++ b/configure
@@ -7803,6 +7803,7 @@ case "$target_name" in
   ;;
   xtensa|xtensaeb)
 TARGET_ARCH=xtensa
+TARGET_SYSTBL_ABI=common
 bflt="yes"
 mttcg="yes"
   ;;
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index ac74b23683cf..13b821baf752 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -12,3 +12,4 @@ obj-$(TARGET_AARCH64) += arm/semihost.o
 obj-$(TARGET_ALPHA) += alpha/
 obj-$(TARGET_HPPA) += hppa/
 obj-$(TARGET_M68K) += m68k/
+obj-$(TARGET_XTENSA) += xtensa/
diff --git a/linux-user/xtensa/Makefile.objs b/linux-user/xtensa/Makefile.objs
new file mode 100644
index ..de07aca2ec73
--- /dev/null
+++ b/linux-user/xtensa/Makefile.objs
@@ -0,0 +1,5 @@
+generated-files-y += linux-user/xtensa/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/xtensa/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/xtensa/syscall.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/xtensa/syscall.tbl b/linux-user/xtensa/syscall.tbl
new file mode 100644
index ..25f4de729a6d
--- /dev/null
+++ b/linux-user/xtensa/syscall.tbl
@@ -0,0 +1,408 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# system call numbers and entry vectors for xtensa
+#
+# The format is:
+#
+#
+# The  is always "common" for this file
+#
+0  common  spill   sys_ni_syscall
+1  common  xtensa  sys_ni_syscall
+2  common  available4  sys_ni_syscall
+3  common  available5  sys_ni_syscall
+4  common  available6  sys_ni_syscall
+5  common  available7  sys_ni_syscall
+6  common  available8  sys_ni_syscall
+7  common  available9  sys_ni_syscall
+# File Operations
+8  common  opensys_open
+9  common  close   sys_close
+10 common  dup sys_dup
+11 common  dup2sys_dup2
+12 common  readsys_read
+13 common  write   sys_write
+14 common  select  sys_select
+15 common  lseek   sys_lseek
+16 common  pollsys_poll
+17 common  _llseek sys_llseek
+18 common  epoll_wait  sys_epoll_wait
+19 common  epoll_ctl   sys_epoll_ctl
+20 common  epoll_createsys_epoll_create
+21 common  creat   sys_creat
+22 common  truncatesys_truncate
+23 common  ftruncate   sys_ftruncate
+24 common  readv   sys_readv
+25 common  writev  sys_writev
+26 common  fsync   sys_fsync
+27 common  fdatasync   sys_fdatasync
+28 common  truncate64  sys_truncate64
+29 common  ftruncate64 sys_ftruncate64
+30 common  pread64 sys_pread64
+31 common  pwrite64sys_pwrite64
+32 common  linksys_link
+33 common  rename  sys_rename
+34 common  symlink sys_symlink
+35 common  readlinksys_readlink
+36 common  mknod   sys_mknod
+37 common  pipesys_pipe
+38 common  unlink  sys_unlink
+39 common  rmdir   sys_rmdir
+40 common  mkdir   sys_mkdir
+41 common  chdir   sys_chdir
+42 common  fchdir  sys_fchdir
+43 common  getcwd  sys_getcwd
+44 common  chmod   sys_chmod
+45 common  chown   sys_chown
+46 common  stat 

[PATCH 07/22] linux-user, microblaze: add syscall table generation support

[Laurent Vivier]

Copy syscall.tbl and syscallhdr.sh from linux/arch/microblaze/kernel/syscalls 
v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h

Signed-off-by: Laurent Vivier 
---
 configure   |   1 +
 linux-user/Makefile.objs|   1 +
 linux-user/microblaze/Makefile.objs |   5 +
 linux-user/microblaze/syscall.tbl   | 443 
 linux-user/microblaze/syscall_nr.h  | 442 ---
 linux-user/microblaze/syscallhdr.sh |  32 ++
 6 files changed, 482 insertions(+), 442 deletions(-)
 create mode 100644 linux-user/microblaze/Makefile.objs
 create mode 100644 linux-user/microblaze/syscall.tbl
 delete mode 100644 linux-user/microblaze/syscall_nr.h
 create mode 100644 linux-user/microblaze/syscallhdr.sh

diff --git a/configure b/configure
index 4e2ede835dc4..7873e059e8c4 100755
--- a/configure
+++ b/configure
@@ -7712,6 +7712,7 @@ case "$target_name" in
   ;;
   microblaze|microblazeel)
 TARGET_ARCH=microblaze
+TARGET_SYSTBL_ABI=common
 bflt="yes"
 echo "TARGET_ABI32=y" >> $config_target_mak
   ;;
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index d31f30d75851..5a26281e8867 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -12,5 +12,6 @@ obj-$(TARGET_AARCH64) += arm/semihost.o
 obj-$(TARGET_ALPHA) += alpha/
 obj-$(TARGET_HPPA) += hppa/
 obj-$(TARGET_M68K) += m68k/
+obj-$(TARGET_MICROBLAZE) += microblaze/
 obj-$(TARGET_SH4) += sh4/
 obj-$(TARGET_XTENSA) += xtensa/
diff --git a/linux-user/microblaze/Makefile.objs 
b/linux-user/microblaze/Makefile.objs
new file mode 100644
index ..816fa700d96a
--- /dev/null
+++ b/linux-user/microblaze/Makefile.objs
@@ -0,0 +1,5 @@
+generated-files-y += linux-user/microblaze/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/microblaze/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/microblaze/syscall.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/microblaze/syscall.tbl 
b/linux-user/microblaze/syscall.tbl
new file mode 100644
index ..09b0cd7dab0a
--- /dev/null
+++ b/linux-user/microblaze/syscall.tbl
@@ -0,0 +1,443 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# system call numbers and entry vectors for microblaze
+#
+# The format is:
+#
+#
+# The  is always "common" for this file
+#
+0  common  restart_syscall sys_restart_syscall
+1  common  exitsys_exit
+2  common  forksys_fork
+3  common  readsys_read
+4  common  write   sys_write
+5  common  opensys_open
+6  common  close   sys_close
+7  common  waitpid sys_waitpid
+8  common  creat   sys_creat
+9  common  linksys_link
+10 common  unlink  sys_unlink
+11 common  execve  sys_execve
+12 common  chdir   sys_chdir
+13 common  timesys_time32
+14 common  mknod   sys_mknod
+15 common  chmod   sys_chmod
+16 common  lchown  sys_lchown
+17 common  break   sys_ni_syscall
+18 common  oldstat sys_ni_syscall
+19 common  lseek   sys_lseek
+20 common  getpid  sys_getpid
+21 common  mount   sys_mount
+22 common  umount  sys_oldumount
+23 common  setuid  sys_setuid
+24 common  getuid  sys_getuid
+25 common  stime   sys_stime32
+26 common  ptrace  sys_ptrace
+27 common  alarm   sys_alarm
+28 common  oldfstatsys_ni_syscall
+29 common  pause   sys_pause
+30 common  utime   sys_utime32
+31 common  sttysys_ni_syscall
+32 common  gttysys_ni_syscall
+33 common  access  sys_access
+34 common  nicesys_nice
+35 common  ftime   sys_ni_syscall
+36 common  syncsys_sync
+37 common  killsys_kill
+38 common  rename  sys_rename
+39 common  mkdir   sys_mkdir
+40 common  rmdir   sys_rmdir
+41 common  dup sys_dup
+42 common  pipesys_pipe
+43 common  times   sys_times
+44 

[PATCH 09/22] linux-user,ppc: split syscall_nr.h

[Laurent Vivier]

Split into syscall32_nr.h (ppc, ppc64abi32) and syscall64_nr.h (ppc64, ppc64le)

Signed-off-by: Laurent Vivier 
---
 linux-user/ppc/syscall32_nr.h | 390 +
 linux-user/ppc/syscall64_nr.h | 381 
 linux-user/ppc/syscall_nr.h   | 394 +-
 3 files changed, 774 insertions(+), 391 deletions(-)
 create mode 100644 linux-user/ppc/syscall32_nr.h
 create mode 100644 linux-user/ppc/syscall64_nr.h

diff --git a/linux-user/ppc/syscall32_nr.h b/linux-user/ppc/syscall32_nr.h
new file mode 100644
index ..dbad305aef35
--- /dev/null
+++ b/linux-user/ppc/syscall32_nr.h
@@ -0,0 +1,390 @@
+/*
+ * This file contains the system call numbers.
+ */
+
+#ifndef LINUX_USER_PPC_SYSCALL32_NR_H
+#define LINUX_USER_PPC_SYSCALL32_NR_H
+
+#define TARGET_NR_restart_syscall  0
+#define TARGET_NR_exit 1
+#define TARGET_NR_fork 2
+#define TARGET_NR_read 3
+#define TARGET_NR_write4
+#define TARGET_NR_open 5
+#define TARGET_NR_close6
+#define TARGET_NR_waitpid  7
+#define TARGET_NR_creat8
+#define TARGET_NR_link 9
+#define TARGET_NR_unlink  10
+#define TARGET_NR_execve  11
+#define TARGET_NR_chdir   12
+#define TARGET_NR_time13
+#define TARGET_NR_mknod   14
+#define TARGET_NR_chmod   15
+#define TARGET_NR_lchown  16
+#define TARGET_NR_break   17
+#define TARGET_NR_oldstat 18
+#define TARGET_NR_lseek   19
+#define TARGET_NR_getpid  20
+#define TARGET_NR_mount   21
+#define TARGET_NR_umount  22
+#define TARGET_NR_setuid  23
+#define TARGET_NR_getuid  24
+#define TARGET_NR_stime   25
+#define TARGET_NR_ptrace  26
+#define TARGET_NR_alarm   27
+#define TARGET_NR_oldfstat28
+#define TARGET_NR_pause   29
+#define TARGET_NR_utime   30
+#define TARGET_NR_stty31
+#define TARGET_NR_gtty32
+#define TARGET_NR_access  33
+#define TARGET_NR_nice34
+#define TARGET_NR_ftime   35
+#define TARGET_NR_sync36
+#define TARGET_NR_kill37
+#define TARGET_NR_rename  38
+#define TARGET_NR_mkdir   39
+#define TARGET_NR_rmdir   40
+#define TARGET_NR_dup 41
+#define TARGET_NR_pipe42
+#define TARGET_NR_times   43
+#define TARGET_NR_prof44
+#define TARGET_NR_brk 45
+#define TARGET_NR_setgid  46
+#define TARGET_NR_getgid  47
+#define TARGET_NR_signal  48
+#define TARGET_NR_geteuid 49
+#define TARGET_NR_getegid 50
+#define TARGET_NR_acct51
+#define TARGET_NR_umount2 52
+#define TARGET_NR_lock53
+#define TARGET_NR_ioctl   54
+#define TARGET_NR_fcntl   55
+#define TARGET_NR_mpx 56
+#define TARGET_NR_setpgid 57
+#define TARGET_NR_ulimit  58
+#define TARGET_NR_oldolduname 59
+#define TARGET_NR_umask   60
+#define TARGET_NR_chroot  61
+#define TARGET_NR_ustat   62
+#define TARGET_NR_dup263
+#define TARGET_NR_getppid 64
+#define TARGET_NR_getpgrp 65
+#define TARGET_NR_setsid  66
+#define TARGET_NR_sigaction   67
+#define TARGET_NR_sgetmask68
+#define TARGET_NR_ssetmask69
+#define TARGET_NR_setreuid70
+#define TARGET_NR_setregid71
+#define TARGET_NR_sigsuspend  72
+#define TARGET_NR_sigpending  73
+#define TARGET_NR_sethostname 74
+#define TARGET_NR_setrlimit   75
+#define TARGET_NR_getrlimit   76
+#define TARGET_NR_getrusage   77
+#define TARGET_NR_gettimeofday78
+#define TARGET_NR_settimeofday79
+#define TARGET_NR_getgroups   80
+#define TARGET_NR_setgroups   81
+#define TARGET_NR_select  82
+#define TARGET_NR_symlink 83
+#define TARGET_NR_oldlstat84
+#define TARGET_NR_readlink85
+#define TARGET_NR_uselib  86
+#define TARGET_NR_swapon  87
+#define TARGET_NR_reboot  88
+#define TARGET_NR_readdir 89
+#define TARGET_NR_mmap

[PATCH 12/22] linux-user,s390x: add syscall table generation support

[Laurent Vivier]

Copy syscall.tbl from linux/arch/s390x/kernel/syscalls v5.5
Copy syscallhdr.sh from m68k.

Signed-off-by: Laurent Vivier 
---
 configure  |   1 +
 linux-user/Makefile.objs   |   1 +
 linux-user/s390x/Makefile.objs |   5 +
 linux-user/s390x/syscall.tbl   | 440 +
 linux-user/s390x/syscall_nr.h  | 331 -
 linux-user/s390x/syscallhdr.sh |  32 +++
 6 files changed, 479 insertions(+), 331 deletions(-)
 create mode 100644 linux-user/s390x/Makefile.objs
 create mode 100644 linux-user/s390x/syscall.tbl
 delete mode 100644 linux-user/s390x/syscall_nr.h
 create mode 100755 linux-user/s390x/syscallhdr.sh

diff --git a/configure b/configure
index 853951963549..5948ae837f98 100755
--- a/configure
+++ b/configure
@@ -7799,6 +7799,7 @@ case "$target_name" in
 echo "TARGET_ABI32=y" >> $config_target_mak
   ;;
   s390x)
+TARGET_SYSTBL_ABI=common,64
 mttcg=yes
 gdb_xml_files="s390x-core64.xml s390-acr.xml s390-fpr.xml s390-vx.xml 
s390-cr.xml s390-virt.xml s390-gs.xml"
   ;;
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index 8b00dad687b2..f4e666e74c91 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -14,5 +14,6 @@ obj-$(TARGET_M68K) += m68k/
 obj-$(TARGET_MICROBLAZE) += microblaze/
 obj-$(TARGET_PPC) += ppc/
 obj-$(TARGET_PPC64) += ppc/
+obj-$(TARGET_S390X) += s390x/
 obj-$(TARGET_SH4) += sh4/
 obj-$(TARGET_XTENSA) += xtensa/
diff --git a/linux-user/s390x/Makefile.objs b/linux-user/s390x/Makefile.objs
new file mode 100644
index ..c6f9314755ad
--- /dev/null
+++ b/linux-user/s390x/Makefile.objs
@@ -0,0 +1,5 @@
+generated-files-y += linux-user/s390x/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/s390x/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/s390x/syscall.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/s390x/syscall.tbl b/linux-user/s390x/syscall.tbl
new file mode 100644
index ..3054e9c035a3
--- /dev/null
+++ b/linux-user/s390x/syscall.tbl
@@ -0,0 +1,440 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# System call table for s390
+#
+# Format:
+#
+# 
+#
+# where  can be common, 64, or 32
+
+1commonexitsys_exitsys_exit
+2commonforksys_forksys_fork
+3commonreadsys_read
compat_sys_s390_read
+4commonwrite   sys_write   
compat_sys_s390_write
+5commonopensys_open
compat_sys_open
+6commonclose   sys_close   
sys_close
+7commonrestart_syscall sys_restart_syscall 
sys_restart_syscall
+8commoncreat   sys_creat   
sys_creat
+9commonlinksys_linksys_link
+10   commonunlink  sys_unlink  
sys_unlink
+11   commonexecve  sys_execve  
compat_sys_execve
+12   commonchdir   sys_chdir   
sys_chdir
+13   32time-   
sys_time32
+14   commonmknod   sys_mknod   
sys_mknod
+15   commonchmod   sys_chmod   
sys_chmod
+16   32lchown  -   
sys_lchown16
+19   commonlseek   sys_lseek   
compat_sys_lseek
+20   commongetpid  sys_getpid  
sys_getpid
+21   commonmount   sys_mount   
compat_sys_mount
+22   commonumount  sys_oldumount   
sys_oldumount
+23   32setuid  -   
sys_setuid16
+24   32getuid  -   
sys_getuid16
+25   32stime   -   
sys_stime32
+26   commonptrace  sys_ptrace  
compat_sys_ptrace
+27   commonalarm   sys_alarm   
sys_alarm
+29   commonpause   sys_pause   
sys_pause
+30   commonutime   sys_utime   
sys_utime32
+33   commonaccess  sys_access  
sys_access
+34   commonnicesys_nicesys_nice
+36   commonsyncsys_syncsys_sync
+37   commonkillsys_killsys_kill
+38   commonrename 

[PATCH 04/22] linux-user,m68k: add syscall table generation support

[Laurent Vivier]

Copy syscall.tbl and syscallhdr.sh from linux/arch/m68k/kernel/syscalls v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h

Signed-off-by: Laurent Vivier 
---
 configure |   1 +
 linux-user/Makefile.objs  |   1 +
 linux-user/m68k/Makefile.objs |   5 +
 linux-user/m68k/syscall.tbl   | 437 ++
 linux-user/m68k/syscall_nr.h  | 434 -
 linux-user/m68k/syscallhdr.sh |  32 +++
 6 files changed, 476 insertions(+), 434 deletions(-)
 create mode 100644 linux-user/m68k/Makefile.objs
 create mode 100644 linux-user/m68k/syscall.tbl
 delete mode 100644 linux-user/m68k/syscall_nr.h
 create mode 100644 linux-user/m68k/syscallhdr.sh

diff --git a/configure b/configure
index b3b18f2ac728..8d895a906900 100755
--- a/configure
+++ b/configure
@@ -7708,6 +7708,7 @@ case "$target_name" in
   m68k)
 bflt="yes"
 gdb_xml_files="cf-core.xml cf-fp.xml m68k-fp.xml"
+TARGET_SYSTBL_ABI=common
   ;;
   microblaze|microblazeel)
 TARGET_ARCH=microblaze
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index 9f8e001241d5..ac74b23683cf 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -11,3 +11,4 @@ obj-$(TARGET_AARCH64) += arm/semihost.o
 
 obj-$(TARGET_ALPHA) += alpha/
 obj-$(TARGET_HPPA) += hppa/
+obj-$(TARGET_M68K) += m68k/
diff --git a/linux-user/m68k/Makefile.objs b/linux-user/m68k/Makefile.objs
new file mode 100644
index ..ba0761a2b91b
--- /dev/null
+++ b/linux-user/m68k/Makefile.objs
@@ -0,0 +1,5 @@
+generated-files-y += linux-user/m68k/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/m68k/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/m68k/syscall.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/m68k/syscall.tbl b/linux-user/m68k/syscall.tbl
new file mode 100644
index ..a88a285a0e5f
--- /dev/null
+++ b/linux-user/m68k/syscall.tbl
@@ -0,0 +1,437 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# system call numbers and entry vectors for m68k
+#
+# The format is:
+#
+#
+# The  is always "common" for this file
+#
+0  common  restart_syscall sys_restart_syscall
+1  common  exitsys_exit
+2  common  fork__sys_fork
+3  common  readsys_read
+4  common  write   sys_write
+5  common  opensys_open
+6  common  close   sys_close
+7  common  waitpid sys_waitpid
+8  common  creat   sys_creat
+9  common  linksys_link
+10 common  unlink  sys_unlink
+11 common  execve  sys_execve
+12 common  chdir   sys_chdir
+13 common  timesys_time32
+14 common  mknod   sys_mknod
+15 common  chmod   sys_chmod
+16 common  chown   sys_chown16
+# 17 was break
+18 common  oldstat sys_stat
+19 common  lseek   sys_lseek
+20 common  getpid  sys_getpid
+21 common  mount   sys_mount
+22 common  umount  sys_oldumount
+23 common  setuid  sys_setuid16
+24 common  getuid  sys_getuid16
+25 common  stime   sys_stime32
+26 common  ptrace  sys_ptrace
+27 common  alarm   sys_alarm
+28 common  oldfstatsys_fstat
+29 common  pause   sys_pause
+30 common  utime   sys_utime32
+# 31 was stty
+# 32 was gtty
+33 common  access  sys_access
+34 common  nicesys_nice
+# 35 was ftime
+36 common  syncsys_sync
+37 common  killsys_kill
+38 common  rename  sys_rename
+39 common  mkdir   sys_mkdir
+40 common  rmdir   sys_rmdir
+41 common  dup sys_dup
+42 common  pipesys_pipe
+43 common  times   sys_times
+# 44 was prof
+45 common  brk sys_brk
+46 common  setgid  sys_setgid16
+47 common  getgid  sys_getgid16
+48 common  signal  sys_signal
+49 common  geteuid sys_geteuid16
+50 common  getegid sys_getegid16
+51 common  acct

[PATCH 02/22] linux-user,alpha: add syscall table generation support

[Laurent Vivier]

Copy syscall.tbl and syscallhdr.sh from linux/arch/alpha/kernel/syscalls v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h

Signed-off-by: Laurent Vivier 
---
 configure  |   1 +
 linux-user/Makefile.objs   |   2 +
 linux-user/alpha/Makefile.objs |   5 +
 linux-user/alpha/syscall.tbl   | 479 
 linux-user/alpha/syscall_nr.h  | 492 -
 linux-user/alpha/syscallhdr.sh |  32 +++
 6 files changed, 519 insertions(+), 492 deletions(-)
 create mode 100644 linux-user/alpha/Makefile.objs
 create mode 100644 linux-user/alpha/syscall.tbl
 delete mode 100644 linux-user/alpha/syscall_nr.h
 create mode 100644 linux-user/alpha/syscallhdr.sh

diff --git a/configure b/configure
index a6778828e8e1..b59382810dea 100755
--- a/configure
+++ b/configure
@@ -7682,6 +7682,7 @@ case "$target_name" in
   ;;
   alpha)
 mttcg="yes"
+TARGET_SYSTBL_ABI=common
   ;;
   arm|armeb)
 TARGET_ARCH=arm
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index d2f33beb5e52..a1afb4d21f9f 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -8,3 +8,5 @@ obj-$(TARGET_I386) += vm86.o
 obj-$(TARGET_ARM) += arm/nwfpe/
 obj-$(TARGET_ARM) += arm/semihost.o
 obj-$(TARGET_AARCH64) += arm/semihost.o
+
+obj-$(TARGET_ALPHA) += alpha/
diff --git a/linux-user/alpha/Makefile.objs b/linux-user/alpha/Makefile.objs
new file mode 100644
index ..8bfb470c798c
--- /dev/null
+++ b/linux-user/alpha/Makefile.objs
@@ -0,0 +1,5 @@
+generated-files-y += linux-user/alpha/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/alpha/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/alpha/syscall.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/alpha/syscall.tbl b/linux-user/alpha/syscall.tbl
new file mode 100644
index ..36d42da7466a
--- /dev/null
+++ b/linux-user/alpha/syscall.tbl
@@ -0,0 +1,479 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# system call numbers and entry vectors for alpha
+#
+# The format is:
+#
+#
+# The  is always "common" for this file
+#
+0  common  osf_syscall alpha_syscall_zero
+1  common  exitsys_exit
+2  common  forkalpha_fork
+3  common  readsys_read
+4  common  write   sys_write
+5  common  osf_old_opensys_ni_syscall
+6  common  close   sys_close
+7  common  osf_wait4   sys_osf_wait4
+8  common  osf_old_creat   sys_ni_syscall
+9  common  linksys_link
+10 common  unlink  sys_unlink
+11 common  osf_execve  sys_ni_syscall
+12 common  chdir   sys_chdir
+13 common  fchdir  sys_fchdir
+14 common  mknod   sys_mknod
+15 common  chmod   sys_chmod
+16 common  chown   sys_chown
+17 common  brk sys_osf_brk
+18 common  osf_getfsstat   sys_ni_syscall
+19 common  lseek   sys_lseek
+20 common  getxpid sys_getxpid
+21 common  osf_mount   sys_osf_mount
+22 common  umount2 sys_umount
+23 common  setuid  sys_setuid
+24 common  getxuid sys_getxuid
+25 common  exec_with_loadersys_ni_syscall
+26 common  ptrace  sys_ptrace
+27 common  osf_nrecvmsgsys_ni_syscall
+28 common  osf_nsendmsgsys_ni_syscall
+29 common  osf_nrecvfrom   sys_ni_syscall
+30 common  osf_naccept sys_ni_syscall
+31 common  osf_ngetpeernamesys_ni_syscall
+32 common  osf_ngetsocknamesys_ni_syscall
+33 common  access  sys_access
+34 common  osf_chflags sys_ni_syscall
+35 common  osf_fchflagssys_ni_syscall
+36 common  syncsys_sync
+37 common  killsys_kill
+38 common  osf_old_statsys_ni_syscall
+39 common  setpgid sys_setpgid
+40 common  osf_old_lstat   sys_ni_syscall
+41 common  dup sys_dup
+42 common  pipesys_alpha_pipe
+43 common  osf_set_program_attributes  sys_osf_set_program_attributes
+44 common  osf_profil  sys_ni_syscall
+45 common  opensys_open
+46 common  

[PATCH 01/22] linux-user: introduce parameters to generate syscall_nr.h

[Laurent Vivier]

This will be used when we'll import syscall.tbl from the kernel

Signed-off-by: Laurent Vivier 
---
 Makefile.target | 3 ++-
 configure   | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Makefile.target b/Makefile.target
index 6e61f607b14a..9babf2643e0b 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -128,7 +128,8 @@ ifdef CONFIG_LINUX_USER
 
 QEMU_CFLAGS+=-I$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR) \
  -I$(SRC_PATH)/linux-user/host/$(ARCH) \
- -I$(SRC_PATH)/linux-user
+ -I$(SRC_PATH)/linux-user \
+ -Ilinux-user/$(TARGET_ABI_DIR)
 
 obj-y += linux-user/
 obj-y += gdbstub.o thunk.o
diff --git a/configure b/configure
index 6f5d85094965..a6778828e8e1 100755
--- a/configure
+++ b/configure
@@ -7829,6 +7829,9 @@ echo "TARGET_ABI_DIR=$TARGET_ABI_DIR" >> 
$config_target_mak
 if [ "$HOST_VARIANT_DIR" != "" ]; then
 echo "HOST_VARIANT_DIR=$HOST_VARIANT_DIR" >> $config_target_mak
 fi
+if [ "$TARGET_SYSTBL_ABI" != "" ]; then
+echo "TARGET_SYSTBL_ABI=$TARGET_SYSTBL_ABI" >> $config_target_mak
+fi
 
 if supported_xen_target $target; then
 echo "CONFIG_XEN=y" >> $config_target_mak
-- 
2.24.1

[PATCH 19/22] linux-user,scripts: add a script to update syscall.tbl

[Laurent Vivier]

scripts/update-syscalltbl.sh has the list of syscall.tbl to update and
can copy them from the linux source directory

Signed-off-by: Laurent Vivier 
---
 MAINTAINERS  |  1 +
 scripts/update-syscalltbl.sh | 49 
 2 files changed, 50 insertions(+)
 create mode 100755 scripts/update-syscalltbl.sh

diff --git a/MAINTAINERS b/MAINTAINERS
index 1740a4fddc14..dac93f447544 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2422,6 +2422,7 @@ S: Maintained
 F: linux-user/
 F: default-configs/*-linux-user.mak
 F: scripts/qemu-binfmt-conf.sh
+F: scripts/update-syscalltbl.sh
 
 Tiny Code Generator (TCG)
 -
diff --git a/scripts/update-syscalltbl.sh b/scripts/update-syscalltbl.sh
new file mode 100755
index ..2d23e5680075
--- /dev/null
+++ b/scripts/update-syscalltbl.sh
@@ -0,0 +1,49 @@
+TBL_LIST="\
+arch/alpha/kernel/syscalls/syscall.tbl,linux-user/alpha/syscall.tbl \
+arch/arm/tools/syscall.tbl,linux-user/arm/syscall.tbl \
+arch/m68k/kernel/syscalls/syscall.tbl,linux-user/m68k/syscall.tbl \
+arch/microblaze/kernel/syscalls/syscall.tbl,linux-user/microblaze/syscall.tbl \
+arch/mips/kernel/syscalls/syscall_n32.tbl,linux-user/mips64/syscall_n32.tbl \
+arch/mips/kernel/syscalls/syscall_n64.tbl,linux-user/mips64/syscall_n64.tbl \
+arch/mips/kernel/syscalls/syscall_o32.tbl,linux-user/mips/syscall_o32.tbl \
+arch/parisc/kernel/syscalls/syscall.tbl,linux-user/hppa/syscall.tbl \
+arch/powerpc/kernel/syscalls/syscall.tbl,linux-user/ppc/syscall.tbl \
+arch/s390/kernel/syscalls/syscall.tbl,linux-user/s390x/syscall.tbl \
+arch/sh/kernel/syscalls/syscall.tbl,linux-user/sh4/syscall.tbl \
+arch/sparc/kernel/syscalls/syscall.tbl,linux-user/sparc64/syscall.tbl \
+arch/sparc/kernel/syscalls/syscall.tbl,linux-user/sparc/syscall.tbl \
+arch/x86/entry/syscalls/syscall_32.tbl,linux-user/i386/syscall_32.tbl \
+arch/x86/entry/syscalls/syscall_64.tbl,linux-user/x86_64/syscall_64.tbl \
+arch/xtensa/kernel/syscalls/syscall.tbl,linux-user/xtensa/syscall.tbl\
+"
+
+linux="$1"
+output="$2"
+
+if [ -z "$linux" ] || ! [ -d "$linux" ]; then
+cat << EOF
+usage: update-syscalltbl.sh LINUX_PATH [OUTPUT_PATH]
+
+LINUX_PATH  Linux kernel directory to obtain the syscall.tbl from
+OUTPUT_PATH output directory, usually the qemu source tree (default: $PWD)
+EOF
+exit 1
+fi
+
+if [ -z "$output" ]; then
+output="$PWD"
+fi
+
+for entry in $TBL_LIST; do
+OFS="$IFS"
+IFS=,
+set $entry
+src=$1
+dst=$2
+IFS="$OFS"
+if ! cp "$linux/$src" "$output/$dst" ; then
+echo "Cannot copy $linux/$src to $output/$dst" 1>&2
+exit 1
+fi
+done
+
-- 
2.24.1

[PATCH 03/22] linux-user,hppa: add syscall table generation support

[Laurent Vivier]

Copy syscall.tbl and syscallhdr.sh from linux/arch/parisc/kernel/syscalls v5.5
Update syscallhdr.sh to generate QEMU syscall_nr.h

Signed-off-by: Laurent Vivier 
---
 configure |   1 +
 linux-user/Makefile.objs  |   1 +
 linux-user/hppa/Makefile.objs |   5 +
 linux-user/hppa/syscall.tbl   | 435 ++
 linux-user/hppa/syscall_nr.h  | 358 
 linux-user/hppa/syscallhdr.sh |  32 +++
 6 files changed, 474 insertions(+), 358 deletions(-)
 create mode 100644 linux-user/hppa/Makefile.objs
 create mode 100644 linux-user/hppa/syscall.tbl
 delete mode 100644 linux-user/hppa/syscall_nr.h
 create mode 100644 linux-user/hppa/syscallhdr.sh

diff --git a/configure b/configure
index b59382810dea..b3b18f2ac728 100755
--- a/configure
+++ b/configure
@@ -7701,6 +7701,7 @@ case "$target_name" in
   ;;
   hppa)
 mttcg="yes"
+TARGET_SYSTBL_ABI=common,64
   ;;
   lm32)
   ;;
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
index a1afb4d21f9f..9f8e001241d5 100644
--- a/linux-user/Makefile.objs
+++ b/linux-user/Makefile.objs
@@ -10,3 +10,4 @@ obj-$(TARGET_ARM) += arm/semihost.o
 obj-$(TARGET_AARCH64) += arm/semihost.o
 
 obj-$(TARGET_ALPHA) += alpha/
+obj-$(TARGET_HPPA) += hppa/
diff --git a/linux-user/hppa/Makefile.objs b/linux-user/hppa/Makefile.objs
new file mode 100644
index ..3a0f69f39dec
--- /dev/null
+++ b/linux-user/hppa/Makefile.objs
@@ -0,0 +1,5 @@
+generated-files-y += linux-user/hppa/syscall_nr.h
+
+syshdr := $(SRC_PATH)/linux-user/hppa/syscallhdr.sh
+%/syscall_nr.h: $(SRC_PATH)/linux-user/hppa/syscall.tbl $(syshdr)
+   $(call quiet-command, sh $(syshdr) $< $@ 
$(TARGET_SYSTBL_ABI),,"GEN","$@")
diff --git a/linux-user/hppa/syscall.tbl b/linux-user/hppa/syscall.tbl
new file mode 100644
index ..285ff516150c
--- /dev/null
+++ b/linux-user/hppa/syscall.tbl
@@ -0,0 +1,435 @@
+# SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
+#
+# system call numbers and entry vectors for parisc
+#
+# The format is:
+# 
+#
+# The  can be common, 64, or 32 for this file.
+#
+0  common  restart_syscall sys_restart_syscall
+1  common  exitsys_exit
+2  common  forksys_fork_wrapper
+3  common  readsys_read
+4  common  write   sys_write
+5  common  opensys_open
compat_sys_open
+6  common  close   sys_close
+7  common  waitpid sys_waitpid
+8  common  creat   sys_creat
+9  common  linksys_link
+10 common  unlink  sys_unlink
+11 common  execve  sys_execve  
compat_sys_execve
+12 common  chdir   sys_chdir
+13 32  timesys_time32
+13 64  timesys_time
+14 common  mknod   sys_mknod
+15 common  chmod   sys_chmod
+16 common  lchown  sys_lchown
+17 common  socket  sys_socket
+18 common  statsys_newstat 
compat_sys_newstat
+19 common  lseek   sys_lseek   
compat_sys_lseek
+20 common  getpid  sys_getpid
+21 common  mount   sys_mount   
compat_sys_mount
+22 common  bindsys_bind
+23 common  setuid  sys_setuid
+24 common  getuid  sys_getuid
+25 32  stime   sys_stime32
+25 64  stime   sys_stime
+26 common  ptrace  sys_ptrace  
compat_sys_ptrace
+27 common  alarm   sys_alarm
+28 common  fstat   sys_newfstat
compat_sys_newfstat
+29 common  pause   sys_pause
+30 32  utime   sys_utime32
+30 64  utime   sys_utime
+31 common  connect sys_connect
+32 common  listen  sys_listen
+33 common  access  sys_access
+34 common  nicesys_nice
+35 common  accept  sys_accept
+36 common  syncsys_sync
+37 common  killsys_kill
+38 common  rename  sys_rename
+39 common  mkdir   sys_mkdir
+40 common  rmdir   sys_rmdir
+41 common  dup sys_dup
+42 common  pipesys_pipe
+43 common  times   sys_times   
compat_sys_times
+44 common  getsockname sys_getsockname
+45 common  brk sys_brk
+46 common  setgid  sys_setgid
+47 common  getgid

[PATCH 00/22] linux-user: generate syscall_nr.sh

[Laurent Vivier]

This series copies the files syscall.tbl from linux v5.5 and generates
the file syscall_nr.h from them.

This is done for all the QEMU targets that have a syscall.tbl
in the linux source tree: mips, mips64, i386, x86_64, sparc, s390x,
ppc, arm, microblaze, sh4, xtensa, m68k, hppa and alpha.

tilegx and cris are depecrated in linux (tilegx has no maintainer in QEMU)

aarch64, nios2, openrisc and riscv have no syscall.tbl in linux.

It seems there is a bug in QEMU that forces to disable manually arch_prctl
with i386 target: do_arch_prctl() is only defined with TARGET_ABI32 but
TARGET_ABI32 is never defined with TARGET_I386 (nor TARGET_X86_64).

I have also removed all syscalls in s390x/syscall_nr.h defined for
!defined(TARGET_S390X).

I have added a script to copy all these files from linux and updated
them at the end of the series with their latest version for today.

The two last patches manage the special case for mips O32 that needs
to know the number of arguments. We find them in strace sources.

Laurent Vivier (22):
  linux-user: introduce parameters to generate syscall_nr.h
  linux-user,alpha: add syscall table generation support
  linux-user,hppa: add syscall table generation support
  linux-user,m68k: add syscall table generation support
  linux-user,xtensa: add syscall table generation support
  linux-user,sh4: add syscall table generation support
  linux-user,microblaze: add syscall table generation support
  linux-user,arm: add syscall table generation support
  linux-user,ppc: split syscall_nr.h
  linux-user,ppc: add syscall table generation support
  linux-user,s390x: remove syscall definitions for !TARGET_S390X
  linux-user,s390x: add syscall table generation support
  linux-user,sparc,sparc64: add syscall table generation support
  linux-user,i386: add syscall table generation support
  linux-user,x86_64: add syscall table generation support
  linux-user,mips: add syscall table generation support
  linux-user,mips64: split syscall_nr.h
  linux-user,mips64: add syscall table generation support
  linux-user,scripts: add a script to update syscall.tbl
  linux-user: update syscall.tbl from linux 0bf999f9c5e7
  linux-user,mips: move content of mips_syscall_args
  linux-user,mips: update syscall-args-o32.c.inc

 MAINTAINERS|   1 +
 Makefile.target|   3 +-
 configure  |  23 +
 linux-user/Makefile.objs   |  19 +-
 linux-user/alpha/Makefile.objs |   5 +
 linux-user/alpha/syscall.tbl   | 479 
 linux-user/alpha/syscall_nr.h  | 492 -
 linux-user/alpha/syscallhdr.sh |  32 ++
 linux-user/arm/Makefile.objs   |   8 +
 linux-user/arm/syscall.tbl | 453 
 linux-user/arm/syscall_nr.h| 447 ---
 linux-user/arm/syscallhdr.sh   |  31 ++
 linux-user/hppa/Makefile.objs  |   5 +
 linux-user/hppa/syscall.tbl| 437 +++
 linux-user/hppa/syscall_nr.h   | 358 
 linux-user/hppa/syscallhdr.sh  |  32 ++
 linux-user/i386/Makefile.objs  |   5 +
 linux-user/i386/syscall_32.tbl | 444 +++
 linux-user/i386/syscall_nr.h   | 387 -
 linux-user/i386/syscallhdr.sh  |  28 +
 linux-user/m68k/Makefile.objs  |   5 +
 linux-user/m68k/syscall.tbl| 439 +++
 linux-user/m68k/syscall_nr.h   | 434 ---
 linux-user/m68k/syscallhdr.sh  |  32 ++
 linux-user/microblaze/Makefile.objs|   5 +
 linux-user/microblaze/syscall.tbl  | 445 +++
 linux-user/microblaze/syscall_nr.h | 442 ---
 linux-user/microblaze/syscallhdr.sh|  32 ++
 linux-user/mips/Makefile.objs  |   5 +
 linux-user/mips/cpu_loop.c | 440 +--
 linux-user/mips/syscall-args-o32.c.inc | 436 +++
 linux-user/mips/syscall_nr.h   | 425 ---
 linux-user/mips/syscall_o32.tbl| 427 +++
 linux-user/mips/syscallhdr.sh  |  36 ++
 linux-user/mips64/Makefile.objs|   9 +
 linux-user/mips64/syscall_n32.tbl  | 378 +
 linux-user/mips64/syscall_n64.tbl  | 354 
 linux-user/mips64/syscall_nr.h | 719 +
 linux-user/mips64/syscallhdr.sh|  33 ++
 linux-user/ppc/Makefile.objs   |   9 +
 linux-user/ppc/signal.c|   2 +-
 linux-user/ppc/syscall.tbl | 521 ++
 linux-user/ppc/syscall_nr.h| 394 +-
 linux-user/ppc/syscallhdr.sh   |  34 ++
 linux-user/s390x/Makefile.objs |   5 +
 linux-user/s390x/syscall.tbl   | 442 +++
 linux-user/s390x/syscall_nr.h  | 398 --
 linux-user/s390x/syscallhdr.sh |  32 ++
 linux-user/sh4/Makefile.objs   |   5 +
 linux-user/sh4/syscall.tbl | 442 

[Bug 1855072] Re: ARM: HCR.TVM traps are not implemented

[Julien Freche]

I tested in AArch64 mode and it worked for me. Looking at the patch, we
might be missing trapping for "TTBCR"in AA32 though.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1855072

Title:
  ARM: HCR.TVM traps are not implemented

Status in QEMU:
  In Progress

Bug description:
  On AARCH64, setting HCR.TVM to 1 is supposed to trap all writes to
  CTLR_EL1, TTBR0_EL1, TTBR1_EL1, TCR_EL1, ESR_EL1, FAR_EL1, AFSR0_EL1,
  AFSR1_EL1, MAIR_EL1, AMAIR_EL1, and CONTEXTIDR_EL1. However, it
  currently has no effect (QEMU emulator version 4.1.1).

  It is also likely that TRVM will not trap, but, I didn't verify this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1855072/+subscriptions

Re: [PATCH v5 05/22] target/arm: Suppress tag check for sp+offset

[Richard Henderson]

On 12/3/19 6:07 AM, Peter Maydell wrote:
> The load-literal case is implicitly tag-unchecked because
> the address calculation doesn't go via clean_data_tbi(), right?

Yes.


r~

[PATCH] z2: Make providing flash images non-mandatory

[Guenter Roeck]

Up to now, the z2 machine only boots if a flash image is provided.
This is not really necessary; the machine can boot from initrd or from
SD without it. At the same time, having to provide dummy flash images
is a nuisance and does not add any real value. Make it optional.

Signed-off-by: Guenter Roeck 
---
 hw/arm/z2.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/hw/arm/z2.c b/hw/arm/z2.c
index 34794fe3ae..4bb237f22d 100644
--- a/hw/arm/z2.c
+++ b/hw/arm/z2.c
@@ -314,12 +314,6 @@ static void z2_init(MachineState *machine)
 be = 0;
 #endif
 dinfo = drive_get(IF_PFLASH, 0, 0);
-if (!dinfo && !qtest_enabled()) {
-error_report("Flash image must be given with the "
- "'pflash' parameter");
-exit(1);
-}
-
 if (!pflash_cfi01_register(Z2_FLASH_BASE, "z2.flash0", Z2_FLASH_SIZE,
dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
sector_len, 4, 0, 0, 0, 0, be)) {
-- 
2.17.1

[PATCH] mainstone: Make providing flash images non-mandatory

[Guenter Roeck]

Up to now, the mainstone machine only boots if two flash images are
provided. This is not really necessary; the machine can boot from initrd
or from SD without it. At the same time, having to provide dummy flash
images is a nuisance and does not add any real value. Make it optional.

Signed-off-by: Guenter Roeck 
---
 hw/arm/mainstone.c | 11 +--
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/hw/arm/mainstone.c b/hw/arm/mainstone.c
index b01ce3ce08..6e64dfab50 100644
--- a/hw/arm/mainstone.c
+++ b/hw/arm/mainstone.c
@@ -138,19 +138,10 @@ static void mainstone_common_init(MemoryRegion 
*address_space_mem,
 /* There are two 32MiB flash devices on the board */
 for (i = 0; i < 2; i ++) {
 dinfo = drive_get(IF_PFLASH, 0, i);
-if (!dinfo) {
-if (qtest_enabled()) {
-break;
-}
-error_report("Two flash images must be given with the "
- "'pflash' parameter");
-exit(1);
-}
-
 if (!pflash_cfi01_register(mainstone_flash_base[i],
i ? "mainstone.flash1" : "mainstone.flash0",
MAINSTONE_FLASH,
-   blk_by_legacy_dinfo(dinfo),
+   dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
sector_len, 4, 0, 0, 0, 0, be)) {
 error_report("Error registering flash memory");
 exit(1);
-- 
2.17.1

Re: [PATCH v12 Kernel 4/7] vfio iommu: Implementation of ioctl to for dirty pages tracking.

[Alex Williamson]

On Tue, 18 Feb 2020 00:43:48 +0530
Kirti Wankhede  wrote:

> On 2/14/2020 4:50 AM, Alex Williamson wrote:
> > On Fri, 14 Feb 2020 01:41:35 +0530
> > Kirti Wankhede  wrote:
> >   
> >> 
> >>  
> >> 
> >> +static int vfio_iova_dirty_bitmap(struct vfio_iommu *iommu, 
> >> dma_addr_t iova,
> >> +size_t size, uint64_t pgsize,
> >> +unsigned char __user *bitmap)
> >> +{
> >> +  struct vfio_dma *dma;
> >> +  dma_addr_t i = iova, iova_limit;
> >> +  unsigned int bsize, nbits = 0, l = 0;
> >> +  unsigned long pgshift = __ffs(pgsize);
> >> +
> >> +  while ((dma = vfio_find_dma(iommu, i, pgsize))) {
> >> +  int ret, j;
> >> +  unsigned int npages = 0, shift = 0;
> >> +  unsigned char temp = 0;
> >> +
> >> +  /* mark all pages dirty if all pages are pinned and 
> >> mapped. */
> >> +  if (dma->iommu_mapped) {
> >> +  iova_limit = min(dma->iova + dma->size, iova + 
> >> size);
> >> +  npages = iova_limit/pgsize;
> >> +  bitmap_set(dma->bitmap, 0, npages);  
> >
> > npages is derived from iova_limit, which is the number of bits to set
> > dirty relative to the first requested iova, not iova zero, ie. the set
> > of dirty bits is offset from those requested unless iova == dma->iova.
> > 
> 
>  Right, fixing.
>  
> > Also I hope dma->bitmap was actually allocated.  Not only does the
> > START error path potentially leave dirty tracking enabled without all
> > the bitmap allocated, when does the bitmap get allocated for a new
> > vfio_dma when dirty tracking is enabled?  Seems it only occurs if a
> > vpfn gets marked dirty.
> > 
> 
>  Right.
> 
>  Fixing error paths.
> 
>  
> >> +  } else if (dma->bitmap) {
> >> +  struct rb_node *n = rb_first(>pfn_list);
> >> +  bool found = false;
> >> +
> >> +  for (; n; n = rb_next(n)) {
> >> +  struct vfio_pfn *vpfn = rb_entry(n,
> >> +  struct vfio_pfn, node);
> >> +  if (vpfn->iova >= i) {
> >> +  found = true;
> >> +  break;
> >> +  }
> >> +  }
> >> +
> >> +  if (!found) {
> >> +  i += dma->size;
> >> +  continue;
> >> +  }
> >> +
> >> +  for (; n; n = rb_next(n)) {
> >> +  unsigned int s;
> >> +  struct vfio_pfn *vpfn = rb_entry(n,
> >> +  struct vfio_pfn, node);
> >> +
> >> +  if (vpfn->iova >= iova + size)
> >> +  break;
> >> +
> >> +  s = (vpfn->iova - dma->iova) >> pgshift;
> >> +  bitmap_set(dma->bitmap, s, 1);
> >> +
> >> +  iova_limit = vpfn->iova + pgsize;
> >> +  }
> >> +  npages = iova_limit/pgsize;  
> >
> > Isn't iova_limit potentially uninitialized here?  For example, if our
> > vfio_dma covers {0,8192} and we ask for the bitmap of {0,4096} and
> > there's a vpfn at {4096,8192}.  I think that means vpfn->iova >= i
> > (4096 >= 0), so we break with found = true, then we test 4096 >= 0 +
> > 4096 and break, and npages = /pgsize.
> > 
> 
>  Right, Fixing it.
>  
> >> +  }
> >> +
> >> +  bsize = dirty_bitmap_bytes(npages);
> >> +  shift = nbits % BITS_PER_BYTE;
> >> +
> >> +  if (npages && shift) {
> >> +  l--;
> >> +  if (!access_ok((void __user *)bitmap + l,
> >> +  sizeof(unsigned char)))
> >> +  return -EINVAL;
> >> +
> >> +  ret = __get_user(temp, bitmap + l);  
> >
> > I don't understand why we care to get the user's bitmap, are we trying
> > to leave whatever garbage they might have set in it and only also set
> > the dirty bits?  That seems unnecessary.
> > 
> 
>  Suppose dma mapped ranges are {start, size}:
>  {0, 0xa000}, {0xa000, 0x1}
> 
>  Bitmap asked from 0 - 0x1. Say suppose all pages are dirty.
>  Then in first iteration 

[PATCH v3 3/3] arm: allwinner: Wire up USB ports

[Guenter Roeck]

Instantiate EHCI and OHCI controllers on Allwinner A10. OHCI ports are
modeled as companions of the respective EHCI ports.

With this patch applied, USB controllers are discovered and instantiated
when booting the cubieboard machine with a recent Linux kernel.

ehci-platform 1c14000.usb: EHCI Host Controller
ehci-platform 1c14000.usb: new USB bus registered, assigned bus number 1
ehci-platform 1c14000.usb: irq 26, io mem 0x01c14000
ehci-platform 1c14000.usb: USB 2.0 started, EHCI 1.00
ehci-platform 1c1c000.usb: EHCI Host Controller
ehci-platform 1c1c000.usb: new USB bus registered, assigned bus number 2
ehci-platform 1c1c000.usb: irq 31, io mem 0x01c1c000
ehci-platform 1c1c000.usb: USB 2.0 started, EHCI 1.00
ohci-platform 1c14400.usb: Generic Platform OHCI controller
ohci-platform 1c14400.usb: new USB bus registered, assigned bus number 3
ohci-platform 1c14400.usb: irq 27, io mem 0x01c14400
ohci-platform 1c1c400.usb: Generic Platform OHCI controller
ohci-platform 1c1c400.usb: new USB bus registered, assigned bus number 4
ohci-platform 1c1c400.usb: irq 32, io mem 0x01c1c400
usb 2-1: new high-speed USB device number 2 using ehci-platform
usb-storage 2-1:1.0: USB Mass Storage device detected
scsi host1: usb-storage 2-1:1.0
usb 3-1: new full-speed USB device number 2 using ohci-platform
input: QEMU QEMU USB Mouse as 
/devices/platform/soc/1c14400.usb/usb3/3-1/3-1:1.0/0003:0627:0001.0001/input/input0

Reviewed-by: Gerd Hoffmann 
Signed-off-by: Guenter Roeck 
---
v3: Rebased to master
Added Gerd's Reviewed-by: tag
v2: Instantiate EHCI and OHCI in a single patch
Use define instead of ARRAY_SIZE to get the number of USB ports
Instantiate OHCI in companion mode
Use _fatal to handle error conditions

 hw/arm/allwinner-a10.c | 43 ++
 include/hw/arm/allwinner-a10.h |  6 +
 2 files changed, 49 insertions(+)

diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
index 1cde165611..2ae9c15311 100644
--- a/hw/arm/allwinner-a10.c
+++ b/hw/arm/allwinner-a10.c
@@ -24,11 +24,15 @@
 #include "hw/arm/allwinner-a10.h"
 #include "hw/misc/unimp.h"
 #include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/usb/hcd-ohci.h"
 
 #define AW_A10_PIC_REG_BASE 0x01c20400
 #define AW_A10_PIT_REG_BASE 0x01c20c00
 #define AW_A10_UART0_REG_BASE   0x01c28000
 #define AW_A10_EMAC_BASE0x01c0b000
+#define AW_A10_EHCI_BASE0x01c14000
+#define AW_A10_OHCI_BASE0x01c14400
 #define AW_A10_SATA_BASE0x01c18000
 
 static void aw_a10_init(Object *obj)
@@ -49,6 +53,17 @@ static void aw_a10_init(Object *obj)
 
 sysbus_init_child_obj(obj, "sata", >sata, sizeof(s->sata),
   TYPE_ALLWINNER_AHCI);
+
+if (machine_usb(current_machine)) {
+int i;
+
+for (i = 0; i < AW_A10_NUM_USB; i++) {
+sysbus_init_child_obj(obj, "ehci[*]", OBJECT(>ehci[i]),
+  sizeof(s->ehci[i]), TYPE_PLATFORM_EHCI);
+sysbus_init_child_obj(obj, "ohci[*]", OBJECT(>ohci[i]),
+  sizeof(s->ohci[i]), TYPE_SYSBUS_OHCI);
+}
+}
 }
 
 static void aw_a10_realize(DeviceState *dev, Error **errp)
@@ -121,6 +136,34 @@ static void aw_a10_realize(DeviceState *dev, Error **errp)
 serial_mm_init(get_system_memory(), AW_A10_UART0_REG_BASE, 2,
qdev_get_gpio_in(dev, 1),
115200, serial_hd(0), DEVICE_NATIVE_ENDIAN);
+
+if (machine_usb(current_machine)) {
+int i;
+
+for (i = 0; i < AW_A10_NUM_USB; i++) {
+char bus[16];
+
+sprintf(bus, "usb-bus.%d", i);
+
+object_property_set_bool(OBJECT(>ehci[i]), true,
+ "companion-enable", _fatal);
+object_property_set_bool(OBJECT(>ehci[i]), true, "realized",
+ _fatal);
+sysbus_mmio_map(SYS_BUS_DEVICE(>ehci[i]), 0,
+AW_A10_EHCI_BASE + i * 0x8000);
+sysbus_connect_irq(SYS_BUS_DEVICE(>ehci[i]), 0,
+   qdev_get_gpio_in(dev, 39 + i));
+
+object_property_set_str(OBJECT(>ohci[i]), bus, "masterbus",
+_fatal);
+object_property_set_bool(OBJECT(>ohci[i]), true, "realized",
+ _fatal);
+sysbus_mmio_map(SYS_BUS_DEVICE(>ohci[i]), 0,
+AW_A10_OHCI_BASE + i * 0x8000);
+sysbus_connect_irq(SYS_BUS_DEVICE(>ohci[i]), 0,
+   qdev_get_gpio_in(dev, 64 + i));
+}
+}
 }
 
 static void aw_a10_class_init(ObjectClass *oc, void *data)
diff --git a/include/hw/arm/allwinner-a10.h b/include/hw/arm/allwinner-a10.h
index 40d0b1d9c0..8af724548f 100644
--- a/include/hw/arm/allwinner-a10.h
+++ b/include/hw/arm/allwinner-a10.h
@@ -8,12 +8,16 @@
 #include "hw/intc/allwinner-a10-pic.h"
 #include "hw/net/allwinner_emac.h"
 

[PATCH v3 2/3] hcd-ehci: Introduce "companion-enable" sysbus property

[Guenter Roeck]

We'll use this property in a follow-up patch to insantiate an EHCI
bus with companion support.

Reviewed-by: Gerd Hoffmann 
Signed-off-by: Guenter Roeck 
---
v3: Rebased to master
Added Gerd's Reviewed-by: tag
v2: Added patch

 hw/usb/hcd-ehci-sysbus.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/usb/hcd-ehci-sysbus.c b/hw/usb/hcd-ehci-sysbus.c
index 8d4738565e..b22fb258be 100644
--- a/hw/usb/hcd-ehci-sysbus.c
+++ b/hw/usb/hcd-ehci-sysbus.c
@@ -33,6 +33,8 @@ static const VMStateDescription vmstate_ehci_sysbus = {
 
 static Property ehci_sysbus_properties[] = {
 DEFINE_PROP_UINT32("maxframes", EHCISysBusState, ehci.maxframes, 128),
+DEFINE_PROP_BOOL("companion-enable", EHCISysBusState, 
ehci.companion_enable,
+ false),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.17.1

[PATCH v3 1/3] hw: usb: hcd-ohci: Move OHCISysBusState and TYPE_SYSBUS_OHCI to include file

[Guenter Roeck]

We need to be able to use OHCISysBusState outside hcd-ohci.c, so move it
to its include file.

Reviewed-by: Gerd Hoffmann 
Signed-off-by: Guenter Roeck 
---
v3: Rebased to master
Added Gerd's Reviewed-by: tag
v2: no changes

 hw/usb/hcd-ohci.c | 15 ---
 hw/usb/hcd-ohci.h | 16 
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
index 8a94bd004a..1e6e85e86a 100644
--- a/hw/usb/hcd-ohci.c
+++ b/hw/usb/hcd-ohci.c
@@ -1870,21 +1870,6 @@ void ohci_sysbus_die(struct OHCIState *ohci)
 ohci_bus_stop(ohci);
 }
 
-#define TYPE_SYSBUS_OHCI "sysbus-ohci"
-#define SYSBUS_OHCI(obj) OBJECT_CHECK(OHCISysBusState, (obj), TYPE_SYSBUS_OHCI)
-
-typedef struct {
-/*< private >*/
-SysBusDevice parent_obj;
-/*< public >*/
-
-OHCIState ohci;
-char *masterbus;
-uint32_t num_ports;
-uint32_t firstport;
-dma_addr_t dma_offset;
-} OHCISysBusState;
-
 static void ohci_realize_pxa(DeviceState *dev, Error **errp)
 {
 OHCISysBusState *s = SYSBUS_OHCI(dev);
diff --git a/hw/usb/hcd-ohci.h b/hw/usb/hcd-ohci.h
index 16e3f1e13a..5c8819aedf 100644
--- a/hw/usb/hcd-ohci.h
+++ b/hw/usb/hcd-ohci.h
@@ -22,6 +22,7 @@
 #define HCD_OHCI_H
 
 #include "sysemu/dma.h"
+#include "hw/usb.h"
 
 /* Number of Downstream Ports on the root hub: */
 #define OHCI_MAX_PORTS 15
@@ -90,6 +91,21 @@ typedef struct OHCIState {
 void (*ohci_die)(struct OHCIState *ohci);
 } OHCIState;
 
+#define TYPE_SYSBUS_OHCI "sysbus-ohci"
+#define SYSBUS_OHCI(obj) OBJECT_CHECK(OHCISysBusState, (obj), TYPE_SYSBUS_OHCI)
+
+typedef struct {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public >*/
+
+OHCIState ohci;
+char *masterbus;
+uint32_t num_ports;
+uint32_t firstport;
+dma_addr_t dma_offset;
+} OHCISysBusState;
+
 extern const VMStateDescription vmstate_ohci_state;
 
 void usb_ohci_init(OHCIState *ohci, DeviceState *dev, uint32_t num_ports,
-- 
2.17.1

[PATCH v3 0/3] arm: allwinner: Wire up USB ports

[Guenter Roeck]

Instantiate EHCI and OHCI controllers on Allwinner A10.

The first patch in the series moves the declaration of EHCISysBusState
from hcd-ohci.c to hcd-ohci.h. This lets us add the structure to
AwA10State. Similar, TYPE_SYSBUS_OHCI is moved to be able to use it
outside its driver.

The second patch introduces the ehci-sysbus property "companion-enable".
This lets us use object_property_set_bool() to enable companion mode.

The third patch instantiates EHCI and OHCI ports for Allwinner-A10
and marks the OHCI ports as companions of the respective EHCI ports.

Tested by attaching various high speed and full speed devices, and by
booting from USB drive.

v3: Rebased to master
v2: Add summary
Rewrite to instantiate OHCI in companion mode; add patch 2/3
Merge EHCI and OHCI instantiation into a single patch


Guenter Roeck (3):
  hw: usb: hcd-ohci: Move OHCISysBusState and TYPE_SYSBUS_OHCI to include 
file
  hcd-ehci: Introduce "companion-enable" sysbus property
  arm: allwinner: Wire up USB ports

 hw/arm/allwinner-a10.c | 43 ++
 hw/usb/hcd-ehci-sysbus.c   |  2 ++
 hw/usb/hcd-ohci.c  | 15 ---
 hw/usb/hcd-ohci.h  | 16 
 include/hw/arm/allwinner-a10.h |  6 ++
 5 files changed, 67 insertions(+), 15 deletions(-)