Re: [RFC PATCH 0/3] fuzz: add generic fuzzer

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200611055651.13784-1-alx...@bu.edu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20200611055651.13784-1-alx...@bu.edu
Subject: [RFC PATCH 0/3] fuzz: add generic fuzzer
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 * [new tag] patchew/20200611055651.13784-1-alx...@bu.edu -> 
patchew/20200611055651.13784-1-alx...@bu.edu
Switched to a new branch 'test'
581b756 fuzz: Add callbacks for dma-access functions
efcea82 fuzz: add support for fuzzing DMA regions
03d7012 fuzz: add a general fuzzer for any qemu arguments

=== OUTPUT BEGIN ===
1/3 Checking commit 03d701265206 (fuzz: add a general fuzzer for any qemu 
arguments)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#23: 
new file mode 100644

ERROR: "foo* bar" should be "foo *bar"
#366: FILE: tests/qtest/fuzz/general_fuzz.c:339:
+void (*ops[]) (QTestState* s, const unsigned char* , size_t) = {

total: 1 errors, 1 warnings, 461 lines checked

Patch 1/3 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

2/3 Checking commit efcea82301ce (fuzz: add support for fuzzing DMA regions)
ERROR: externs should be avoided in .c files
#35: FILE: tests/qtest/fuzz/general_fuzz.c:71:
+void dma_read_cb(size_t addr, size_t len);

total: 1 errors, 0 warnings, 147 lines checked

Patch 2/3 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

3/3 Checking commit 581b756ff038 (fuzz: Add callbacks for dma-access functions)
ERROR: space required before the open parenthesis '('
#20: FILE: exec.c:3251:
+if(as->root == get_system_memory())

ERROR: space required before the open parenthesis '('
#31: FILE: exec.c:3563:
+if(as->root == get_system_memory() && !is_write)

ERROR: braces {} are necessary for all arms of this statement
#31: FILE: exec.c:3563:
+if(as->root == get_system_memory() && !is_write)
[...]

ERROR: space required before the open parenthesis '('
#42: FILE: exec.c:3574:
+if(as->root == get_system_memory() && !is_write)

ERROR: braces {} are necessary for all arms of this statement
#42: FILE: exec.c:3574:
+if(as->root == get_system_memory() && !is_write)
[...]

ERROR: space required before the open parenthesis '('
#53: FILE: exec.c:3650:
+if(as->root == get_system_memory() && !is_write)

ERROR: braces {} are necessary for all arms of this statement
#53: FILE: exec.c:3650:
+if(as->root == get_system_memory() && !is_write)
[...]

ERROR: braces {} are necessary for all arms of this statement
#128: FILE: include/sysemu/dma.h:109:
+if (dir == DMA_DIRECTION_TO_DEVICE)
[...]

total: 8 errors, 0 warnings, 136 lines checked

Patch 3/3 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20200611055651.13784-1-alx...@bu.edu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[PATCH v3] fuzz: add oss-fuzz build-script

[Alexander Bulekov]

It is neater to keep this in the QEMU repo, since any change that
requires an update to the oss-fuzz build configuration, can make the
necessary changes in the same series.

Suggested-by: Philippe Mathieu-Daudé 
Signed-off-by: Alexander Bulekov 
---

In v3 I tried to make this build outside the oss-fuzz docker
environment. I wasn't able to find a way to use the Makefile to install
the pc-bios and qemu-fuzz binaries per Philippe's suggestion.
Additionally, right now I create a separate build directory within the
the tree for build. I am not sure whether this is a good approach, but
we must rely on some default that will work with both oss-fuzz and on
a developer's machine.

 MAINTAINERS   |  1 +
 scripts/oss-fuzz/build.sh | 99 +++
 2 files changed, 100 insertions(+)
 create mode 100755 scripts/oss-fuzz/build.sh

diff --git a/MAINTAINERS b/MAINTAINERS
index 3abe3faa4e..094a37ebb3 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2336,6 +2336,7 @@ R: Bandan Das 
 R: Stefan Hajnoczi 
 S: Maintained
 F: tests/qtest/fuzz/
+F: scripts/oss-fuzz/
 
 Register API
 M: Alistair Francis 
diff --git a/scripts/oss-fuzz/build.sh b/scripts/oss-fuzz/build.sh
new file mode 100755
index 00..4be6b21caf
--- /dev/null
+++ b/scripts/oss-fuzz/build.sh
@@ -0,0 +1,99 @@
+#!/bin/sh
+#
+# OSS-Fuzz build script. See:
+# https://google.github.io/oss-fuzz/getting-started/new-project-guide/#buildsh
+#
+# The file is consumed by:
+# https://github.com/google/oss-fuzz/blob/master/projects/qemu/Dockerfiles
+#
+# This code is licensed under the GPL version 2 or later.  See
+# the COPYING file in the top-level directory.
+#
+
+# build project
+# e.g.
+# ./autogen.sh
+# ./configure
+# make -j$(nproc) all
+
+# build fuzzers
+# e.g.
+# $CXX $CXXFLAGS -std=c++11 -Iinclude \
+# /path/to/name_of_fuzzer.cc -o $OUT/name_of_fuzzer \
+# $LIB_FUZZING_ENGINE /path/to/library.a
+
+# There seems to be a bug in clang-11 (used for builds on oss-fuzz) :
+#   accel/tcg/cputlb.o: In function `load_memop':
+#   accel/tcg/cputlb.c:1505: undefined reference to `qemu_build_not_reached'
+#
+# When building with optimization, the compiler is expected to prove that the
+# statement cannot be reached, and remove it. For some reason clang-11 doesn't
+# remove it, resulting in an unresolved reference to qemu_build_not_reached
+# Undefine the __OPTIMIZE__ macro which compiler.h relies on to choose whether
+# to " #define qemu_build_not_reached()  g_assert_not_reached() "
+EXTRA_CFLAGS="$CFLAGS -U __OPTIMIZE__"
+
+if ! { [ -e "./COPYING" ] &&
+   [ -e "./MAINTAINERS" ] &&
+   [ -e "./Makefile" ] &&
+   [ -e "./docs" ] &&
+   [ -e "./VERSION" ] &&
+   [ -e "./linux-user" ] &&
+   [ -e "./softmmu" ];} ; then
+echo "Please run the script from the top of the QEMU tree"
+exit
+fi
+
+mkdir -p "./build-oss-fuzz/"
+cd "./build-oss-fuzz/" || exit
+
+
+if [ -z ${LIB_FUZZING_ENGINE+x} ]; then
+LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
+fi
+
+if [ -z ${OUT+x} ]; then
+DEST_DIR=$(realpath "./DEST_DIR")
+else
+DEST_DIR=$OUT
+fi
+
+mkdir -p "$DEST_DIR/lib/"  # Copy the shared libraries here
+
+# Build once to get the list of dynamic lib paths, and copy them over
+../configure --disable-werror --cc="$CC" --cxx="$CXX" \
+--extra-cflags="$EXTRA_CFLAGS"
+
+if ! make CONFIG_FUZZ=y CFLAGS="$LIB_FUZZING_ENGINE" "-j$(nproc)" \
+i386-softmmu/fuzz; then
+echo  "Build failed. Please specify a compiler with fuzzing support"\
+  "using the \$CC and \$CXX environemnt variables, or specify a"\
+  "\$LIB_FUZZING_ENGINE compatible with your compiler"
+echo  "For example: CC=clang CXX=clang++ $0"
+exit 0
+fi
+
+for i in $(ldd ./i386-softmmu/qemu-fuzz-i386 | cut -f3 -d' '); do 
+cp "$i" "$DEST_DIR/lib/"
+done
+rm ./i386-softmmu/qemu-fuzz-i386
+
+# Build a second time to build the final binary with correct rpath
+../configure --bindir="$DEST_DIR" --datadir="$DEST_DIR/data/" --disable-werror 
\
+--cc="$CC" --cxx="$CXX" --extra-cflags="$EXTRA_CFLAGS" \
+--extra-ldflags="-Wl,-rpath,'\$\$ORIGIN/lib'"
+make CONFIG_FUZZ=y CFLAGS="$LIB_FUZZING_ENGINE" "-j$(nproc)" i386-softmmu/fuzz
+
+# Copy over the datadir
+cp  -r ../pc-bios/ "$DEST_DIR/pc-bios"
+
+# Run the fuzzer with no arguments, to print the help-string and get the list
+# of available fuzz-targets. Copy over the qemu-fuzz-i386, naming it according
+# to each available fuzz target (See 05509c8e6d fuzz: select fuzz target using
+# executable name)
+for target in $(./i386-softmmu/qemu-fuzz-i386 | awk '$1 ~ /\*/  {print $2}');
+do
+cp ./i386-softmmu/qemu-fuzz-i386 "$DEST_DIR/qemu-fuzz-i386-target-$target"
+done
+
+echo "Done. The fuzzers are located in $DEST_DIR"
-- 
2.26.2

Re: [PATCH 5/6] hw/arm: Add NPCM730 and NPCM750 SoC models

[Cédric Le Goater]

On 6/10/20 1:06 AM, Havard Skinnemoen wrote:
> On Tue, Jun 9, 2020 at 12:24 AM Cédric Le Goater  > wrote:
> 
> On 5/21/20 9:21 PM, Havard Skinnemoen wrote:
> > +void npcm7xx_write_secondary_boot(ARMCPU *cpu, const struct 
> arm_boot_info *info)
> > +{
> > +    /*
> > +     * The default smpboot stub halts the secondary CPU with a 'wfi'
> > +     * instruction, but the arch/arm/mach-npcm/platsmp.c in the Linux 
> kernel
> > +     * does not send an IPI to wake it up, so the second CPU fails to 
> boot. So
> > +     * we need to provide our own smpboot stub that can not use 'wfi', 
> it has
> > +     * to spin the secondary CPU until the first CPU writes to the 
> SCRPAD reg.
> > +     */
> > +    uint32_t smpboot[] = {
> 
> static const uint32 ?
> 
> 
> I think that would be unsafe due to the byte swapping, but I'll do it if we 
> can get rid of that somehow.
>  
> 
> 
> > +        0xe59f2018,     /* ldr r2, bootreg_addr */
> > +        0xe3a0,     /* mov r0, #0 */
> > +        0xe582,     /* str r0, [r2] */
> > +        0xe320f002,     /* wfe */
> > +        0xe5921000,     /* ldr r1, [r2] */
> > +        0xe1110001,     /* tst r1, r1 */
> > +        0x0afb,     /* beq  */
> > +        0xe12fff11,     /* bx r1 */
> > +        NPCM7XX_SMP_BOOTREG_ADDR,
> > +    };
> > +    int i;
> > +
> > +    for (i = 0; i < ARRAY_SIZE(smpboot); i++) {
> > +        smpboot[i] = tswap32(smpboot[i]);
> 
> ah ! why do we need to swap the instructions ?
> 
> 
> I probably stole this from 
> https://elixir.bootlin.com/qemu/latest/source/hw/arm/exynos4210.c#L134 
> although there are several other examples of this pattern.

Some don't some do. This is a bit confusing. 

Peter, should we fix the boards not doing the tswap in the secondary 
bootloader ? 

I still have access to a PP64 BE host to test.

Thanks, 

C.

[RFC PATCH 0/3] fuzz: add generic fuzzer

[Alexander Bulekov]

These patches add a generic fuzzer for virtual devices. This should
allow us to fuzz devices that accept inputs over MMIO, PIO and DMA
without any device-specific code.

Example:
QEMU_FUZZ_ARGS="-device virtio-net" \
FUZZ_REGION_WHITELIST="virtio pci-" \
./i386-softmmu/qemu-fuzz-i386 --fuzz-target=general-pci-enum-fuzz

The above command will add a virtio-net device to the QEMU arguments and
restrict the fuzzer to only interact with MMIO and PIO regions with
names that contain "virtio" or "pci-". I find these names using the info
mtree monitor command. 

Basically, the fuzzer splits the input into a series of commands, such
as mmio_write, pio_write, etc. Additionally, these patches add "hooks"
to functions that are typically used by virtual-devices to read from RAM
(DMA). These hooks attempt to populate these DMA regions with fuzzed
data, just in time.  There are some differences from my reference code
that seem to result in performance issues that I am still trying to iron
out. I also need to figure out how to add the DMA "hooks" in a neat way.
Maybe I can use -Wl,--wrap for this. I appreciate any feedback.

Alexander Bulekov (3):
  fuzz: add a general fuzzer for any qemu arguments
  fuzz: add support for fuzzing DMA regions
  fuzz: Add callbacks for dma-access functions

 exec.c|  17 +-
 include/exec/memory.h |   8 +
 include/exec/memory_ldst_cached.inc.h |   9 +
 include/sysemu/dma.h  |   5 +-
 memory_ldst.inc.c |  12 +
 tests/qtest/fuzz/Makefile.include |   1 +
 tests/qtest/fuzz/general_fuzz.c   | 556 ++
 7 files changed, 606 insertions(+), 2 deletions(-)
 create mode 100644 tests/qtest/fuzz/general_fuzz.c

-- 
2.26.2

RE: [RFC] hw: nios2: update interrupt_request when STATUS_PIE disabled

[Wu, Wentong]

HI Thomas,
Thanks for the help, I updated the patch in the new thread 
https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03103.html, hoping 
that follows QEMU's working style, Thanks again.

BR,
Wentong
-Original Message-
From: Thomas Huth  
Sent: Wednesday, June 10, 2020 9:29 PM
To: Wu, Wentong ; qemu-devel@nongnu.org
Cc: Chris Wulff ; Marek Vasut 
Subject: Re: [RFC] hw: nios2: update interrupt_request when STATUS_PIE disabled

On 09/06/2020 10.39, Wu, Wentong wrote:
> Hi @Thomas Huth,
> It's my first time to send patch in qemu community, not sure if there is 
> something wrong sending patch like below and I'm happy to receive any 
> suggestions. And by the way, could you please help review the patch? 

 Hi,

it would be good if you could send the patch as plain text e-mail, not as HTML 
mail, otherwise it's impossible to apply it with "git am" or "patch". If you 
can, try to use "git send-email" to send out patches.
Also see https://wiki.qemu.org/Contribute/SubmitAPatch for some more details.

Technically, I don't have a clue about nios2, so sorry, I can't help reviewing 
it. But it's a very small patch, so maybe send the plain-text mail with CC: to 
qemu-triv...@nongnu.org - if Chris or Marek provide an Reviewed-by or Acked-by 
then, it should get merged with the next trivial pull request.

 HTH,
  Thomas


> Thanks
> 
> -Original Message-
> From: Thomas Huth 
> Sent: Friday, June 5, 2020 3:07 PM
> To: Wu, Wentong ; qemu-devel@nongnu.org
> Cc: Chris Wulff ; Marek Vasut 
> Subject: Re: [RFC] hw: nios2: update interrupt_request when STATUS_PIE 
> disabled
> 
> On 05/06/2020 07.59, Wu, Wentong wrote:
>> Hi all,
>>
>> I’m running icount mode on qemu_nios2 with customized  
>> platform(almost same with 10m50_devboard),
>>
>> but cpu abort happened(qemu: fatal: Raised interrupt while not in I/O
>> function) when guest code changes
>>
>> state register with wrctl instruction, add some debug code finding 
>> that it’s caused by the interrupt_request
>>
>> mismatch, so I made a patch as below, not sure if it’s right, hope I 
>> can have some discussion with maintainers
> 
>  Hi,
> 
> please have a look at the MAINTAINERS file in the main directory of the 
> sources, you can find the corresponding maintainers there. Thus if you have 
> questions related to nios2, please make sure to put Chris and Marek into CC: 
> so that your patch gets the right attention!
> 
>  Thanks,
>   Thomas
> 
> 
> 
>> commit efdb3da4e145a7a34ba8b3ab1cdcfc346ae20a11 (HEAD -> master)
>>
>> Author: Wentong Wu 
>>
>> Date:   Fri Jun 5 09:29:43 2020 -0400
>>
>>  
>>
>>     hw: nios2: update interrupt_request when CR_STATUS_PIE disabled
>>
>>  
>>
>>     Update interrupt_request when external interupt pends for 
>> STATUS_PIE
>>
>>     disabled. Otherwise on icount enabled nios2 target there will be 
>> cpu
>>
>>     abort when guest code changes state register with wrctl instruction.
>>
>>  
>>
>>     Signed-off-by: Wentong Wu 
>>
>>  
>>
>> diff --git a/hw/nios2/cpu_pic.c b/hw/nios2/cpu_pic.c
>>
>> index 1c1989d5..b04db4d7 100644
>>
>> --- a/hw/nios2/cpu_pic.c
>>
>> +++ b/hw/nios2/cpu_pic.c
>>
>> @@ -42,7 +42,9 @@ static void nios2_pic_cpu_handler(void *opaque, int 
>> irq, int level)
>>
>>  } else if (!level) {
>>
>>  env->irq_pending = 0;
>>
>>  cpu_reset_interrupt(cs, type);
>>
>> -    }
>>
>> +    } else {
>>
>> +    cs->interrupt_request |= type;
>>
>> +   }
>>
>>  } else {
>>
>>  if (level) {
>>
>>  cpu_interrupt(cs, type);
>>
> 

Re: [PATCH for-5.1 V4 3/4] hw/mips: Add Loongson-3 machine support (with KVM)

[Jiaxun Yang]

在 2020/6/2 10:39, Huacai Chen 写道:

Add Loongson-3 based machine support, it use i8259 as the interrupt
controler and use GPEX as the pci controller. Currently it can only
work with KVM, but we will add TCG support in future.

We already have a full functional Linux kernel (based on Linux-5.4.x LTS
but not upstream yet) here:

https://github.com/chenhuacai/linux

How to use QEMU/Loongson-3?
1, Download kernel source from the above URL;
2, Build a kernel with arch/mips/configs/loongson3_{def,hpc}config;
3, Boot the a Loongson-3A4000 host with this kernel;
4, Build QEMU-5.0.0 with this patchset;
5, modprobe kvm;
6, Use QEMU with TCG (available in future):
qemu-system-mips64el -M loongson3,accel=tcg -cpu Loongson-3A1000 -kernel 
 -append ...
Use QEMU with KVM (available at present):
qemu-system-mips64el -M loongson3,accel=kvm -cpu Loongson-3A4000 -kernel 
 -append ...

The "-cpu" parameter can be omitted here and QEMU will use the correct type 
for TCG/KVM automatically.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
Reviewed-by: Aleksandar Markovic 
---
  default-configs/mips64el-softmmu.mak |   1 +
  hw/mips/Kconfig  |  10 +
  hw/mips/Makefile.objs|   1 +
  hw/mips/loongson3.c  | 901 +++
  4 files changed, 913 insertions(+)
  create mode 100644 hw/mips/loongson3.c


Hi there,

I was working on TCG support based on this machine, and noticed some 
minor issue here.


Huacai, would you mind me to include your machine support in my TCG 
series? As currently KVM support is blocked kernel.





diff --git a/default-configs/mips64el-softmmu.mak 
b/default-configs/mips64el-softmmu.mak
index 9f8a3ef..2a2a3fb 100644
--- a/default-configs/mips64el-softmmu.mak
+++ b/default-configs/mips64el-softmmu.mak
@@ -3,6 +3,7 @@
  include mips-softmmu-common.mak
  CONFIG_IDE_VIA=y
  CONFIG_FULOONG=y
+CONFIG_LOONGSON3=y
  CONFIG_ATI_VGA=y
  CONFIG_RTL8139_PCI=y
  CONFIG_JAZZ=y
diff --git a/hw/mips/Kconfig b/hw/mips/Kconfig
index 67d39c5..42931fd 100644
--- a/hw/mips/Kconfig
+++ b/hw/mips/Kconfig
@@ -45,6 +45,16 @@ config FULOONG
  bool
  select PCI_BONITO
  
+config LOONGSON3

+bool
+select PCKBD
+select SERIAL
+select ISA_BUS
+select PCI_EXPRESS_GENERIC_BRIDGE
+select VIRTIO_VGA
+select QXL if SPICE
+select MSI_NONBROKEN
+
  config MIPS_CPS
  bool
  select PTIMER
diff --git a/hw/mips/Makefile.objs b/hw/mips/Makefile.objs
index 3b3e6ea..31dedcb 100644
--- a/hw/mips/Makefile.objs
+++ b/hw/mips/Makefile.objs
@@ -4,5 +4,6 @@ obj-$(CONFIG_MALTA) += gt64xxx_pci.o malta.o
  obj-$(CONFIG_MIPSSIM) += mipssim.o
  obj-$(CONFIG_JAZZ) += jazz.o
  obj-$(CONFIG_FULOONG) += fuloong2e.o
+obj-$(CONFIG_LOONGSON3) += loongson3.o
  obj-$(CONFIG_MIPS_CPS) += cps.o
  obj-$(CONFIG_MIPS_BOSTON) += boston.o
diff --git a/hw/mips/loongson3.c b/hw/mips/loongson3.c
new file mode 100644
index 000..e4b9538
--- /dev/null
+++ b/hw/mips/loongson3.c
@@ -0,0 +1,901 @@
+/*
+ * Generic Loongson-3 Platform support
+ *
+ * Copyright (c) 2016-2020 Huacai Chen (che...@lemote.com)
+ * This code is licensed under the GNU GPL v2.
+ *
+ * Contributions are licensed under the terms of the GNU GPL,
+ * version 2 or (at your option) any later version.
+ */
+
+/*
+ * Generic PC Platform based on Loongson-3 CPU (MIPS64R2 with extensions,
+ * 800~2000MHz)
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/units.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "elf.h"
+#include "hw/boards.h"
+#include "hw/char/serial.h"
+#include "hw/mips/mips.h"
+#include "hw/mips/cpudevs.h"
+#include "hw/intc/i8259.h"
+#include "hw/loader.h"
+#include "hw/ide.h"
+#include "hw/isa/superio.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "hw/pci-host/gpex.h"
+#include "hw/rtc/mc146818rtc.h"
+#include "net/net.h"
+#include "exec/address-spaces.h"
+#include "sysemu/kvm.h"
+#include "sysemu/qtest.h"
+#include "sysemu/reset.h"
+#include "sysemu/runstate.h"
+#include "qemu/log.h"
+#include "qemu/error-report.h"
+
+#define INITRD_OFFSET 0x0400
+#define BOOTPARAM_ADDR0x8ff0
+#define BOOTPARAM_PHYADDR 0x0ff0
+#define CFG_ADDR  0x0f10
+#define FW_CONF_ADDR  0x0fff
+#define PM_MMIO_ADDR  0x1008
+#define PM_MMIO_SIZE  0x100
+#define PM_CNTL_MODE  0x10


Looks like use an array to manage all these address can be more organized.


+
+#define PHYS_TO_VIRT(x) ((x) | ~(target_ulong)0x7fff)


We've already got cpu_mips_phys_to_kseg0.


+
+/* Loongson-3 has a 2MB flash rom */
+#define BIOS_SIZE   (2 * MiB)
+#define LOONGSON_MAX_VCPUS  16
+
+#define LOONGSON3_BIOSNAME "bios_loongson3.bin"
+
+#define PCIE_IRQ_BASE   3
+
+#define VIRT_PCI_IO_BASE0x1800ul
+#define VIRT_PCI_IO_SIZE0x000cul
+#define VIRT_PCI_MEM_BASE   0x4000ul
+#define VIRT_PCI_MEM

[RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions

[Alexander Bulekov]

Signed-off-by: Alexander Bulekov 
---
 exec.c| 17 -
 include/exec/memory.h |  8 
 include/exec/memory_ldst_cached.inc.h |  9 +
 include/sysemu/dma.h  |  5 -
 memory_ldst.inc.c | 12 
 5 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/exec.c b/exec.c
index be4be2df3a..2ed724ab54 100644
--- a/exec.c
+++ b/exec.c
@@ -3247,7 +3247,10 @@ MemTxResult address_space_read_full(AddressSpace *as, 
hwaddr addr,
 {
 MemTxResult result = MEMTX_OK;
 FlatView *fv;
-
+#ifdef CONFIG_FUZZ
+if(as->root == get_system_memory())
+dma_read_cb(addr, len);
+#endif
 if (len > 0) {
 RCU_READ_LOCK_GUARD();
 fv = address_space_to_flatview(as);
@@ -3556,6 +3559,10 @@ void *address_space_map(AddressSpace *as,
 }
 
 *plen = l;
+#ifdef CONFIG_FUZZ
+if(as->root == get_system_memory() && !is_write)
+dma_read_cb(addr, *plen);
+#endif
 return bounce.buffer;
 }
 
@@ -3563,6 +3570,10 @@ void *address_space_map(AddressSpace *as,
 memory_region_ref(mr);
 *plen = flatview_extend_translation(fv, addr, len, mr, xlat,
 l, is_write, attrs);
+#ifdef CONFIG_FUZZ
+if(as->root == get_system_memory() && !is_write)
+dma_read_cb(addr, *plen);
+#endif
 ptr = qemu_ram_ptr_length(mr->ram_block, xlat, plen, true);
 
 return ptr;
@@ -3635,6 +3646,10 @@ int64_t address_space_cache_init(MemoryRegionCache 
*cache,
 
 assert(len > 0);
 
+#ifdef CONFIG_FUZZ
+if(as->root == get_system_memory() && !is_write)
+dma_read_cb(addr, len);
+#endif
 l = len;
 cache->fv = address_space_get_flatview(as);
 d = flatview_to_dispatch(cache->fv);
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 3e00cdbbfa..e9178b3e0a 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -49,6 +49,10 @@
 
 extern bool global_dirty_log;
 
+#ifdef CONFIG_FUZZ
+extern void dma_read_cb(size_t addr, size_t len);
+#endif
+
 typedef struct MemoryRegionOps MemoryRegionOps;
 typedef struct MemoryRegionMmio MemoryRegionMmio;
 
@@ -2427,6 +2431,10 @@ address_space_read_cached(MemoryRegionCache *cache, 
hwaddr addr,
   void *buf, hwaddr len)
 {
 assert(addr < cache->len && len <= cache->len - addr);
+
+#ifdef CONFIG_FUZZ
+dma_read_cb(addr, len);
+#endif
 if (likely(cache->ptr)) {
 memcpy(buf, cache->ptr + addr, len);
 } else {
diff --git a/include/exec/memory_ldst_cached.inc.h 
b/include/exec/memory_ldst_cached.inc.h
index fd4bbb40e7..dc3ce14a97 100644
--- a/include/exec/memory_ldst_cached.inc.h
+++ b/include/exec/memory_ldst_cached.inc.h
@@ -28,6 +28,9 @@ static inline uint32_t 
ADDRESS_SPACE_LD_CACHED(l)(MemoryRegionCache *cache,
 hwaddr addr, MemTxAttrs attrs, MemTxResult *result)
 {
 assert(addr < cache->len && 4 <= cache->len - addr);
+#ifdef CONFIG_FUZZ
+dma_read_cb(cache->xlat + addr, 4);
+#endif
 if (likely(cache->ptr)) {
 return LD_P(l)(cache->ptr + addr);
 } else {
@@ -39,6 +42,9 @@ static inline uint64_t 
ADDRESS_SPACE_LD_CACHED(q)(MemoryRegionCache *cache,
 hwaddr addr, MemTxAttrs attrs, MemTxResult *result)
 {
 assert(addr < cache->len && 8 <= cache->len - addr);
+#ifdef CONFIG_FUZZ
+dma_read_cb(cache->xlat + addr, 8);
+#endif
 if (likely(cache->ptr)) {
 return LD_P(q)(cache->ptr + addr);
 } else {
@@ -50,6 +56,9 @@ static inline uint32_t 
ADDRESS_SPACE_LD_CACHED(uw)(MemoryRegionCache *cache,
 hwaddr addr, MemTxAttrs attrs, MemTxResult *result)
 {
 assert(addr < cache->len && 2 <= cache->len - addr);
+#ifdef CONFIG_FUZZ
+dma_read_cb(cache->xlat + addr, 2);
+#endif
 if (likely(cache->ptr)) {
 return LD_P(uw)(cache->ptr + addr);
 } else {
diff --git a/include/sysemu/dma.h b/include/sysemu/dma.h
index 80c5bc3e02..f32d7db7aa 100644
--- a/include/sysemu/dma.h
+++ b/include/sysemu/dma.h
@@ -105,8 +105,11 @@ static inline int dma_memory_rw(AddressSpace *as, 
dma_addr_t addr,
 void *buf, dma_addr_t len,
 DMADirection dir)
 {
+#ifdef CONFIG_FUZZ
+if (dir == DMA_DIRECTION_TO_DEVICE)
+dma_read_cb(addr, len);
+#endif
 dma_barrier(as, dir);
-
 return dma_memory_rw_relaxed(as, addr, buf, len, dir);
 }
 
diff --git a/memory_ldst.inc.c b/memory_ldst.inc.c
index c54aee4a95..1935436aff 100644
--- a/memory_ldst.inc.c
+++ b/memory_ldst.inc.c
@@ -42,6 +42,9 @@ static inline uint32_t glue(address_space_ldl_internal, 
SUFFIX)(ARG1_DECL,
 MO_32 | devend_memop(endian), attrs);
 } else {
 /* RAM case */
+#ifdef CONFIG_FUZZ
+dma_read_cb(addr, 4);
+#endif
 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
 switch (endian) {
 case DEVICE_LITTLE_ENDIAN:
@@ -110,6 +113,9 @@ static inline uint

[PATCH] hw/m68k/mcf5206: Replace remaining hw_error()s by qemu_log_mask()

[Thomas Huth]

hw_error() dumps the CPU state and exits QEMU. This is ok during initial
code development (to see where the guest code is currently executing),
but it is certainly not the desired behavior that we want to present to
normal users, and it can also cause trouble when e.g. fuzzing devices.
Thus let's replace these hw_error()s by qemu_log_mask()s instead.

Signed-off-by: Thomas Huth 
---
 hw/m68k/mcf5206.c | 39 ---
 1 file changed, 28 insertions(+), 11 deletions(-)

diff --git a/hw/m68k/mcf5206.c b/hw/m68k/mcf5206.c
index a2fef04f8e..94a37a1a46 100644
--- a/hw/m68k/mcf5206.c
+++ b/hw/m68k/mcf5206.c
@@ -10,7 +10,6 @@
 #include "qemu/error-report.h"
 #include "qemu/log.h"
 #include "cpu.h"
-#include "hw/hw.h"
 #include "hw/irq.h"
 #include "hw/m68k/mcf.h"
 #include "qemu/timer.h"
@@ -69,10 +68,16 @@ static void m5206_timer_recalibrate(m5206_timer_state *s)
 if (mode == 2)
 prescale *= 16;
 
-if (mode == 3 || mode == 0)
-hw_error("m5206_timer: mode %d not implemented\n", mode);
-if ((s->tmr & TMR_FRR) == 0)
-hw_error("m5206_timer: free running mode not implemented\n");
+if (mode == 3 || mode == 0) {
+qemu_log_mask(LOG_UNIMP, "m5206_timer: mode %d not implemented\n",
+  mode);
+goto exit;
+}
+if ((s->tmr & TMR_FRR) == 0) {
+qemu_log_mask(LOG_UNIMP,
+  "m5206_timer: free running mode not implemented\n");
+goto exit;
+}
 
 /* Assume 66MHz system clock.  */
 ptimer_set_freq(s->timer, 6600 / prescale);
@@ -391,7 +396,9 @@ static uint32_t m5206_mbar_readb(void *opaque, hwaddr 
offset)
 m5206_mbar_state *s = (m5206_mbar_state *)opaque;
 offset &= 0x3ff;
 if (offset >= 0x200) {
-hw_error("Bad MBAR read offset 0x%x", (int)offset);
+qemu_log_mask(LOG_GUEST_ERROR, "Bad MBAR read offset 0x%" HWADDR_PRIX,
+  offset);
+return 0;
 }
 if (m5206_mbar_width[offset >> 2] > 1) {
 uint16_t val;
@@ -410,7 +417,9 @@ static uint32_t m5206_mbar_readw(void *opaque, hwaddr 
offset)
 int width;
 offset &= 0x3ff;
 if (offset >= 0x200) {
-hw_error("Bad MBAR read offset 0x%x", (int)offset);
+qemu_log_mask(LOG_GUEST_ERROR, "Bad MBAR read offset 0x%" HWADDR_PRIX,
+  offset);
+return 0;
 }
 width = m5206_mbar_width[offset >> 2];
 if (width > 2) {
@@ -434,7 +443,9 @@ static uint32_t m5206_mbar_readl(void *opaque, hwaddr 
offset)
 int width;
 offset &= 0x3ff;
 if (offset >= 0x200) {
-hw_error("Bad MBAR read offset 0x%x", (int)offset);
+qemu_log_mask(LOG_GUEST_ERROR, "Bad MBAR read offset 0x%" HWADDR_PRIX,
+  offset);
+return 0;
 }
 width = m5206_mbar_width[offset >> 2];
 if (width < 4) {
@@ -458,7 +469,9 @@ static void m5206_mbar_writeb(void *opaque, hwaddr offset,
 int width;
 offset &= 0x3ff;
 if (offset >= 0x200) {
-hw_error("Bad MBAR write offset 0x%x", (int)offset);
+qemu_log_mask(LOG_GUEST_ERROR, "Bad MBAR write offset 0x%" HWADDR_PRIX,
+  offset);
+return;
 }
 width = m5206_mbar_width[offset >> 2];
 if (width > 1) {
@@ -482,7 +495,9 @@ static void m5206_mbar_writew(void *opaque, hwaddr offset,
 int width;
 offset &= 0x3ff;
 if (offset >= 0x200) {
-hw_error("Bad MBAR write offset 0x%x", (int)offset);
+qemu_log_mask(LOG_GUEST_ERROR, "Bad MBAR write offset 0x%" HWADDR_PRIX,
+  offset);
+return;
 }
 width = m5206_mbar_width[offset >> 2];
 if (width > 2) {
@@ -510,7 +525,9 @@ static void m5206_mbar_writel(void *opaque, hwaddr offset,
 int width;
 offset &= 0x3ff;
 if (offset >= 0x200) {
-hw_error("Bad MBAR write offset 0x%x", (int)offset);
+qemu_log_mask(LOG_GUEST_ERROR, "Bad MBAR write offset 0x%" HWADDR_PRIX,
+  offset);
+return;
 }
 width = m5206_mbar_width[offset >> 2];
 if (width < 4) {
-- 
2.26.2

[RFC PATCH 1/3] fuzz: add a general fuzzer for any qemu arguments

[Alexander Bulekov]

Signed-off-by: Alexander Bulekov 
---
 tests/qtest/fuzz/Makefile.include |   1 +
 tests/qtest/fuzz/general_fuzz.c   | 454 ++
 2 files changed, 455 insertions(+)
 create mode 100644 tests/qtest/fuzz/general_fuzz.c

diff --git a/tests/qtest/fuzz/Makefile.include 
b/tests/qtest/fuzz/Makefile.include
index f259d866c9..60f1a448ea 100644
--- a/tests/qtest/fuzz/Makefile.include
+++ b/tests/qtest/fuzz/Makefile.include
@@ -10,6 +10,7 @@ fuzz-obj-y += tests/qtest/fuzz/qos_fuzz.o
 fuzz-obj-$(CONFIG_PCI_I440FX) += tests/qtest/fuzz/i440fx_fuzz.o
 fuzz-obj-$(CONFIG_VIRTIO_NET) += tests/qtest/fuzz/virtio_net_fuzz.o
 fuzz-obj-$(CONFIG_SCSI) += tests/qtest/fuzz/virtio_scsi_fuzz.o
+fuzz-obj-y += tests/qtest/fuzz/general_fuzz.o
 
 FUZZ_CFLAGS += -I$(SRC_PATH)/tests -I$(SRC_PATH)/tests/qtest
 
diff --git a/tests/qtest/fuzz/general_fuzz.c b/tests/qtest/fuzz/general_fuzz.c
new file mode 100644
index 00..5c29306bb6
--- /dev/null
+++ b/tests/qtest/fuzz/general_fuzz.c
@@ -0,0 +1,454 @@
+/*
+ * General Fuzzing Target
+ *
+ * Copyright Red Hat Inc., 2020
+ *
+ * Authors:
+ *  Alexander Bulekov   
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include "cpu.h"
+#include "standard-headers/linux/virtio_config.h"
+#include "tests/qtest/libqtest.h"
+#include "tests/qtest/libqos/virtio-net.h"
+#include "fuzz.h"
+#include "fork_fuzz.h"
+#include "qos_fuzz.h"
+#include "libqos/pci-pc.h"
+#include "string.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+#include "hw/qdev-core.h"
+#include "hw/pci/pci_regs.h"
+#include "hw/boards.h"
+
+/*
+ * CMD_SEP is a random 32-bit value used to separate "commands" in the fuzz
+ * input
+ */
+#define CMD_SEP "\x84\x05\x5C\x5E"
+
+typedef struct {
+size_t addr;
+size_t len; /* The number of bytes until the end of the I/O region */
+} address_range;
+
+/*
+ * A pattern used to populate a DMA region or perform a memwrite. This is
+ * useful for e.g. populating tables of unique addresses.
+ * Example {.index = 1; .stride = 2; .len = 3; .data = "\x00\x01\x02"}
+ * Renders as: 00 01 02   00 03 03   00 05 03   00 07 03 ...
+ */
+typedef struct {
+uint8_t index;  /* Index of a byte to increment by stride */
+uint8_t stride; /* Increment each index'th byte by this amount */
+size_t len;
+const uint8_t *data;
+} pattern;
+
+/*
+ * Only fuzz an IO region if its name contains a word in region_whitelist.
+ * Lazy way to limit the fuzzer to a particular device.
+ */
+char **region_whitelist;
+
+/*
+ * Allocate a block of memory and populate it with a pattern.
+ */
+static void *pattern_alloc(pattern p, size_t len)
+{
+int i;
+uint8_t *buf = g_malloc(len);
+uint8_t sum = 0;
+
+for (i = 0; i < len; ++i) {
+buf[i] = p.data[i % p.len];
+if ((i % p.len) == p.index) {
+buf[i] += sum;
+sum += p.stride;
+}
+}
+return buf;
+}
+
+
+/*
+ * Here we want to convert a fuzzer-provided [io-region-index, offset] to
+ * a physical address.
+ */
+static address_range get_io_address(MemoryRegion *io,  uint8_t index,
+uint16_t offset, bool root) {
+/* The index of the candidate MemoryRegions iterated in preorder */
+static int i;
+MemoryRegion *child, *mr = NULL;
+/*
+ * This loop should run at most twice:
+ * 1.) if index > num regions, to calculate num regions to calculate index
+ * % num_regions.
+ * 2.) to actually select the mr.
+ */
+while (!mr) {
+/* If we are recursing over a subregion, don't reset i */
+if (root) {
+i = 0;
+}
+QTAILQ_FOREACH(child, &io->subregions, subregions_link) {
+int found = *region_whitelist ? 0 : 1;
+char **wl_ptr = region_whitelist;
+while (*wl_ptr != NULL) {
+if (strstr(child->name, *wl_ptr) != NULL) {
+found = 1;
+break;
+}
+wl_ptr++;
+}
+if (found) {
+if (index == i++) {
+mr = child;
+break;
+}
+}
+address_range addr = get_io_address(child, index, offset, false);
+if (addr.addr != -1) {
+return (address_range){child->addr + addr.addr, addr.len};
+}
+}
+if (!mr) {
+if (i == 0 || !root) {
+return (address_range){-1, 0};
+}
+index = index % i;
+}
+}
+if (mr->size == 0) {
+return (address_range){mr->addr, 0};
+} else {
+return (address_range){mr->addr + (offset % mr->size),
+   mr->size - (offset % mr->size)};
+}
+}
+
+static address_range get_pio_address(uint8_t index, uint16_t offset)
+{
+return get

[RFC PATCH 2/3] fuzz: add support for fuzzing DMA regions

[Alexander Bulekov]

Signed-off-by: Alexander Bulekov 
---
 tests/qtest/fuzz/general_fuzz.c | 102 
 1 file changed, 102 insertions(+)

diff --git a/tests/qtest/fuzz/general_fuzz.c b/tests/qtest/fuzz/general_fuzz.c
index 5c29306bb6..9e981e870f 100644
--- a/tests/qtest/fuzz/general_fuzz.c
+++ b/tests/qtest/fuzz/general_fuzz.c
@@ -32,6 +32,7 @@
  * input
  */
 #define CMD_SEP "\x84\x05\x5C\x5E"
+#define MAX_DMA_FILL_SIZE 0x1
 
 typedef struct {
 size_t addr;
@@ -57,6 +58,18 @@ typedef struct {
  */
 char **region_whitelist;
 
+/*
+ * List of dma regions populated since the last fuzzing command. Used to ensure
+ * that we only write to each DMA address once, to avoid race conditions when
+ * building reproducers.
+ */
+static GArray *dma_regions;
+
+static GArray *dma_patterns;
+int dma_pattern_index;
+
+void dma_read_cb(size_t addr, size_t len);
+
 /*
  * Allocate a block of memory and populate it with a pattern.
  */
@@ -76,6 +89,62 @@ static void *pattern_alloc(pattern p, size_t len)
 return buf;
 }
 
+/*
+ * Call-back for functions that perform DMA reads from guest memory. Confirm
+ * that the region has not already been populated since the last loop in
+ * general_fuzz(), avoiding potential race-conditions, which we don't have
+ * a good way for reproducing right now.
+ */
+void dma_read_cb(size_t addr, size_t len)
+{
+int i;
+
+/* Return immediately if we have no data to fill the dma region */
+if (dma_patterns->len == 0) {
+return;
+}
+
+/* Return immediately if the address is greater than the RAM size */
+if (addr > current_machine->ram_size) {
+return;
+}
+
+/* Cap the length of the DMA access to something reasonable */
+len = MIN(len, MAX_DMA_FILL_SIZE);
+
+/*
+ * If we overlap with any existing dma_regions, split the range and only
+ * populate the non-overlapping parts.
+ */
+for (i = 0; i < dma_regions->len; ++i) {
+address_range *region = &g_array_index(dma_regions, address_range, i);
+if (addr < region->addr + region->len && addr + len > region->addr) {
+if (addr < region->addr) {
+dma_read_cb(addr, region->addr - addr);
+}
+if (addr + len > region->addr + region->len) {
+dma_read_cb(region->addr + region->len,
+addr + len - (region->addr + region->len));
+}
+return;
+}
+}
+
+/*
+ * Otherwise, populate the region using address_space_write_rom to avoid
+ * writing to any IO MemoryRegions
+ */
+address_range ar = {addr, len};
+g_array_append_val(dma_regions, ar);
+void *buf = pattern_alloc(g_array_index(dma_patterns, pattern,
+  dma_pattern_index), ar.len);
+address_space_write_rom(first_cpu->as, ar.addr, MEMTXATTRS_UNSPECIFIED,
+buf, ar.len);
+free(buf);
+
+/* Increment the index of the pattern for the next DMA access */
+dma_pattern_index = (dma_pattern_index + 1) % dma_patterns->len;
+}
 
 /*
  * Here we want to convert a fuzzer-provided [io-region-index, offset] to
@@ -269,6 +338,32 @@ static void op_write(QTestState *s, const unsigned char * 
data, size_t len)
 }
 }
 
+static void op_add_dma_pattern(QTestState *s,
+   const unsigned char *data, size_t len)
+{
+struct {
+/*
+ * index and stride can be used to increment the index-th byte of the
+ * pattern by the value stride, for each loop of the pattern.
+ */
+uint8_t index;
+uint8_t stride;
+} a;
+
+if (len < sizeof(a) + 1) {
+return;
+}
+memcpy(&a, data, sizeof(a));
+pattern p = {a.index, a.stride, len - sizeof(a), data + sizeof(a)};
+g_array_append_val(dma_patterns, p);
+return;
+}
+
+static void op_clear_dma_patterns(QTestState *s,
+  const unsigned char *data, size_t len)
+{
+g_array_set_size(dma_patterns, 0);
+}
 
 static void op_write_pattern(QTestState *s, const unsigned char * data,
  size_t len)
@@ -341,6 +436,8 @@ static void general_fuzz(QTestState *s, const unsigned char 
*Data, size_t Size)
 op_out,
 op_read,
 op_write,
+op_add_dma_pattern,
+op_clear_dma_patterns,
 op_write_pattern,
 op_clock_step
 };
@@ -348,9 +445,12 @@ static void general_fuzz(QTestState *s, const unsigned 
char *Data, size_t Size)
 const unsigned char *nextcmd;
 size_t cmd_len;
 uint8_t op;
+g_array_set_size(dma_patterns, 0);
+dma_pattern_index = 0;
 
 if (fork() == 0) {
 while (cmd && Size) {
+g_array_set_size(dma_regions, 0);
 /* Get the length until the next command or end of input */
 nextcmd = memmem(cmd, Size, CMD_SEP, strlen(CMD_SEP));
 cmd_len = nextcmd ? nextcmd - cmd : Size;
@@ -418,6 +518,8 @@ sta

Re: [PATCH v4 0/5] modify CPU model info

[Chenyi Qiang]

Ping for comments.
Ignore the last patch("remove Icelake-Client CPU model").
Robert is working on the CPU model deprecation API in
https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03109.html

On 5/20/2020 10:10 AM, Chenyi Qiang wrote:

Add the missing VMX features in Skylake-Server, Cascadelake-Server and
Icelake-Server CPU models. In Icelake-Server CPU model, it lacks sha_ni,
avx512ifma, rdpid and fsrm. The model number of Icelake-Server also needs
to be fixed.
Remove the Icelake-Client CPU model due to no Icelake Desktop products
in the market.

Changes in v4:
- remove the Icelake-Client CPU model

Changes in v3:
- change the missing features of Icelake-Server from v3 to v4

Changes in v2:
- add missing features as a new version of CPU model
- add the support of FSRM
- add New CPUID of FSRM and RDPID in Icelake-Server CPU model

Chenyi Qiang (5):
   target/i386: add missing vmx features for several CPU models
   target/i386: add fast short REP MOV support
   target/i386: add the missing features for Icelake-Server CPU model
   target/i386: modify Icelake-Server CPU model number
   target/i386: remove Icelake-Client CPU model

  hw/i386/pc.c  |   1 -
  target/i386/cpu.c | 133 ++
  target/i386/cpu.h |   2 +
  3 files changed, 19 insertions(+), 117 deletions(-)

Re: [PATCH V2] virtio-pci: fix queue_enable write

[Jason Wang]

On 2020/6/10 下午5:52, Stefano Garzarella wrote:

On Wed, Jun 10, 2020 at 05:42:54AM -0400, Michael S. Tsirkin wrote:

On Wed, Jun 10, 2020 at 10:57:26AM +0200, Stefano Garzarella wrote:

On Wed, Jun 10, 2020 at 01:43:51PM +0800, Jason Wang wrote:

Spec said: The driver uses this to selectively prevent the device from
executing requests from this virtqueue. 1 - enabled; 0 - disabled.

Though write 0 to queue_enable is forbidden by the spec, we should not
assume that the value is 1.

Fix this by ignore the write value other than 1.

Signed-off-by: Jason Wang 
---
Changes from V1:
- fix typo
- warn wrong value through virtio_error
---
  hw/virtio/virtio-pci.c | 12 
  1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index d028c17c24..7bc8c1c056 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1273,16 +1273,20 @@ static void virtio_pci_common_write(void *opaque, 
hwaddr addr,
  virtio_queue_set_vector(vdev, vdev->queue_sel, val);
  break;
  case VIRTIO_PCI_COMMON_Q_ENABLE:
-virtio_queue_set_num(vdev, vdev->queue_sel,
- proxy->vqs[vdev->queue_sel].num);
-virtio_queue_set_rings(vdev, vdev->queue_sel,
+if (val == 1) {

Does it have to be 1 or can it be any value other than 0?

Thanks,
Stefano

spec says 1

I was confused by "The driver MUST NOT write a 0 to queue_enable.",
interpreting it as "can write anything other than 0".



Yes, the spec is unclear about what happens if we write a value other 
than 0 or 1.


Maybe we should clarify that only 1 is allowed. Or writing value other 
than 1 may cause unexpected result.





But as Jason also wrote in the commit message, the driver should write
1 to enable, so

Reviewed-by: Stefano Garzarella 



Thanks




Thanks,
Stefano

[PATCH v2 2/2] Mark Icelake-Client CPU models deprecated

[Robert Hoo]

Going to obsolete Icelake-Client CPU models in the future.

(No changes in v2)

Signed-off-by: Robert Hoo 
---
 target/i386/cpu.c | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 0d8638a..47a11b5 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3350,7 +3350,12 @@ static X86CPUDefinition builtin_x86_defs[] = {
 .xlevel = 0x8008,
 .model_id = "Intel Core Processor (Icelake)",
 .versions = (X86CPUVersionDefinition[]) {
-{ .version = 1 },
+{
+.version = 1,
+.deprecated = true,
+.note = "Deprecated. Will be obsoleted in v5.1. Please use "
+"'Icelake-Server-v1' CPU model",
+},
 {
 .version = 2,
 .alias = "Icelake-Client-noTSX",
@@ -3359,6 +3364,9 @@ static X86CPUDefinition builtin_x86_defs[] = {
 { "rtm", "off" },
 { /* end of list */ }
 },
+.deprecated = true,
+.note = "Deprecated. Will be obsoleted in v5.1. Please use "
+"'Icelake-Server-v2' CPU model",
 },
 { /* end of list */ }
 }
-- 
1.8.3.1

[PATCH v2 1/2] Introduce (x86) CPU model deprecation API

[Robert Hoo]

Complement versioned CPU model framework with the ability of marking some
versions deprecated. When that CPU model is chosen, get some warning. The
warning message is customized, e.g. telling in which future QEMU version will
it be obsoleted.
The deprecation message will also appear by x86_cpu_list_entry(), e.g. '-cpu
help'.
QMP 'query-cpu-definitions' will also return a bool value indicating the
deprecation status.

Changes in v2:
Move deprecation check from parse_cpu_option() to machine_run_board_init(), so
that it can cover implicit cpu_type assignment cases.
Add qapi new member documentation. Thanks Eric for comment and guidance on qapi.

Signed-off-by: Robert Hoo 
---
 hw/core/machine.c| 11 +--
 include/hw/core/cpu.h|  1 +
 qapi/machine-target.json |  7 ++-
 target/i386/cpu.c| 45 +++--
 4 files changed, 59 insertions(+), 5 deletions(-)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index bb3a7b1..9318964 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -1083,6 +1083,8 @@ MemoryRegion *machine_consume_memdev(MachineState 
*machine,
 void machine_run_board_init(MachineState *machine)
 {
 MachineClass *machine_class = MACHINE_GET_CLASS(machine);
+ObjectClass *oc = object_class_by_name(machine->cpu_type);
+CPUClass *cc;
 
 if (machine->ram_memdev_id) {
 Object *o;
@@ -1102,11 +1104,10 @@ void machine_run_board_init(MachineState *machine)
  * specified a CPU with -cpu check here that the user CPU is supported.
  */
 if (machine_class->valid_cpu_types && machine->cpu_type) {
-ObjectClass *class = object_class_by_name(machine->cpu_type);
 int i;
 
 for (i = 0; machine_class->valid_cpu_types[i]; i++) {
-if (object_class_dynamic_cast(class,
+if (object_class_dynamic_cast(oc,
   machine_class->valid_cpu_types[i])) {
 /* The user specificed CPU is in the valid field, we are
  * good to go.
@@ -1129,6 +1130,12 @@ void machine_run_board_init(MachineState *machine)
 }
 }
 
+/* Check if CPU type is deprecated and warn if so */
+cc = CPU_CLASS(oc);
+if (cc->deprecation_check) {
+cc->deprecation_check(oc);
+}
+
 machine_class->init(machine);
 }
 
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 497600c..1ca47dc 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -218,6 +218,7 @@ typedef struct CPUClass {
 void (*disas_set_info)(CPUState *cpu, disassemble_info *info);
 vaddr (*adjust_watchpoint_address)(CPUState *cpu, vaddr addr, int len);
 void (*tcg_initialize)(void);
+void (*deprecation_check)(ObjectClass *oc);
 
 /* Keep non-pointer data at the end to minimize holes.  */
 int gdb_num_core_regs;
diff --git a/qapi/machine-target.json b/qapi/machine-target.json
index f2c8294..c24f506 100644
--- a/qapi/machine-target.json
+++ b/qapi/machine-target.json
@@ -285,6 +285,10 @@
 #in the VM configuration, because aliases may stop being
 #migration-safe in the future (since 4.1)
 #
+# @deprecated: If true, this CPU model is deprecated and may be removed in
+#  in some future version of QEMU according to the QEMU deprecation
+#  policy. (since 5.1)
+#
 # @unavailable-features is a list of QOM property names that
 # represent CPU model attributes that prevent the CPU from running.
 # If the QOM property is read-only, that means there's no known
@@ -309,7 +313,8 @@
 'static': 'bool',
 '*unavailable-features': [ 'str' ],
 'typename': 'str',
-'*alias-of' : 'str' },
+'*alias-of' : 'str',
+'deprecated' : 'bool' },
   'if': 'defined(TARGET_PPC) || defined(TARGET_ARM) || defined(TARGET_I386) || 
defined(TARGET_S390X) || defined(TARGET_MIPS)' }
 
 ##
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ba05da3..0d8638a 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1599,6 +1599,7 @@ typedef struct X86CPUVersionDefinition {
 const char *alias;
 const char *note;
 PropValue *props;
+bool   deprecated;
 } X86CPUVersionDefinition;
 
 /* Base definition for a CPU model */
@@ -1638,6 +1639,11 @@ struct X86CPUModel {
  * This matters only for "-cpu help" and query-cpu-definitions
  */
 bool is_alias;
+/*
+ * If true, this model is deprecated, and may be removed in the future.
+ * Trying to use it now will cause a warning.
+ */
+bool deprecated;
 };
 
 /* Get full model name for CPU version */
@@ -4128,8 +4134,7 @@ static X86CPUVersion x86_cpu_model_resolve_version(const 
X86CPUModel *model)
 X86CPUVersion v = model->version;
 if (v == CPU_VERSION_AUTO) {
 v = default_cpu_version;
-}
-if (v == CPU_VERSION_LATEST) {
+} else if (v == CPU_VERSION_LATEST) {
 return x86_cpu_model_last_version(model)

Re: [PATCH v9 39/61] target/riscv: vector floating-point compare instructions

[LIU Zhiwei]

On 2020/6/11 1:33, Richard Henderson wrote:

On 6/10/20 4:37 AM, LIU Zhiwei wrote:

Signed-off-by: LIU Zhiwei 
Reviewed-by: Alistair Francis 
Richard Henderson 
---

Missed the actual "Reviewed-by:" :-)

I tried to make a reasonable explanation, but failed:-).

"Reviewed-by: " is really what I mean here.

Zhiwei


r~

[PATCH v2 4/4] riscv: Keep the CPU init routine names consistent

[Bin Meng]

From: Bin Meng 

Adding a _ to keep some consistency among the CPU init routines.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 

---

(no changes since v1)

 target/riscv/cpu.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 35a8c78..e867766 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -153,7 +153,7 @@ static void rvxx_imacu_nommu_cpu_init(Object *obj)
 
 #if defined(TARGET_RISCV32)
 
-static void rv32imcu_nommu_cpu_init(Object *obj)
+static void rv32_imcu_nommu_cpu_init(Object *obj)
 {
 CPURISCVState *env = &RISCV_CPU(obj)->env;
 set_misa(env, RV32 | RVI | RVM | RVC | RVU);
@@ -162,7 +162,7 @@ static void rv32imcu_nommu_cpu_init(Object *obj)
 qdev_prop_set_bit(DEVICE(obj), "mmu", false);
 }
 
-static void rv32imafcu_nommu_cpu_init(Object *obj)
+static void rv32_imafcu_nommu_cpu_init(Object *obj)
 {
 CPURISCVState *env = &RISCV_CPU(obj)->env;
 set_misa(env, RV32 | RVI | RVM | RVA | RVF | RVC | RVU);
@@ -577,9 +577,9 @@ static const TypeInfo riscv_cpu_type_infos[] = {
 DEFINE_CPU(TYPE_RISCV_CPU_ANY,  riscv_any_cpu_init),
 #if defined(TARGET_RISCV32)
 DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   riscv_base_cpu_init),
-DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32imcu_nommu_cpu_init),
+DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32_imcu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rvxx_imacu_nommu_cpu_init),
-DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34,   rv32imafcu_nommu_cpu_init),
+DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34,   rv32_imafcu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   rvxx_gcsu_priv1_10_0_cpu_init),
 #elif defined(TARGET_RISCV64)
 DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base_cpu_init),
-- 
2.7.4

[PATCH v2 3/4] riscv: Generalize CPU init routine for the imacu CPU

[Bin Meng]

From: Bin Meng 

There is no need to have two functions that have almost the same
codes for 32-bit and 64-bit imacu CPUs.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 

---

Changes in v2:
- Change the function names to rvxx_*

 target/riscv/cpu.c | 31 ++-
 1 file changed, 10 insertions(+), 21 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 437e141..35a8c78 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -142,23 +142,23 @@ static void rvxx_gcsu_priv1_10_0_cpu_init(Object *obj)
 set_resetvec(env, DEFAULT_RSTVEC);
 }
 
-#if defined(TARGET_RISCV32)
-
-static void rv32imcu_nommu_cpu_init(Object *obj)
+static void rvxx_imacu_nommu_cpu_init(Object *obj)
 {
 CPURISCVState *env = &RISCV_CPU(obj)->env;
-set_misa(env, RV32 | RVI | RVM | RVC | RVU);
+set_misa(env, RVXLEN | RVI | RVM | RVA | RVC | RVU);
 set_priv_version(env, PRIV_VERSION_1_10_0);
-set_resetvec(env, 0x8090);
+set_resetvec(env, DEFAULT_RSTVEC);
 qdev_prop_set_bit(DEVICE(obj), "mmu", false);
 }
 
-static void rv32imacu_nommu_cpu_init(Object *obj)
+#if defined(TARGET_RISCV32)
+
+static void rv32imcu_nommu_cpu_init(Object *obj)
 {
 CPURISCVState *env = &RISCV_CPU(obj)->env;
-set_misa(env, RV32 | RVI | RVM | RVA | RVC | RVU);
+set_misa(env, RV32 | RVI | RVM | RVC | RVU);
 set_priv_version(env, PRIV_VERSION_1_10_0);
-set_resetvec(env, DEFAULT_RSTVEC);
+set_resetvec(env, 0x8090);
 qdev_prop_set_bit(DEVICE(obj), "mmu", false);
 }
 
@@ -171,17 +171,6 @@ static void rv32imafcu_nommu_cpu_init(Object *obj)
 qdev_prop_set_bit(DEVICE(obj), "mmu", false);
 }
 
-#elif defined(TARGET_RISCV64)
-
-static void rv64imacu_nommu_cpu_init(Object *obj)
-{
-CPURISCVState *env = &RISCV_CPU(obj)->env;
-set_misa(env, RV64 | RVI | RVM | RVA | RVC | RVU);
-set_priv_version(env, PRIV_VERSION_1_10_0);
-set_resetvec(env, DEFAULT_RSTVEC);
-qdev_prop_set_bit(DEVICE(obj), "mmu", false);
-}
-
 #endif
 
 static ObjectClass *riscv_cpu_class_by_name(const char *cpu_model)
@@ -589,12 +578,12 @@ static const TypeInfo riscv_cpu_type_infos[] = {
 #if defined(TARGET_RISCV32)
 DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   riscv_base_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32imcu_nommu_cpu_init),
-DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rv32imacu_nommu_cpu_init),
+DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rvxx_imacu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34,   rv32imafcu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   rvxx_gcsu_priv1_10_0_cpu_init),
 #elif defined(TARGET_RISCV64)
 DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base_cpu_init),
-DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E51,   rv64imacu_nommu_cpu_init),
+DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E51,   rvxx_imacu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U54,   rvxx_gcsu_priv1_10_0_cpu_init),
 #endif
 };
-- 
2.7.4

[PATCH v2 1/4] riscv: Generalize CPU init routine for the base CPU

[Bin Meng]

From: Bin Meng 

There is no need to have two functions that have exactly the same
codes for 32-bit and 64-bit base CPUs.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 
---

(no changes since v1)

 target/riscv/cpu.c | 18 +-
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 3a6d202..81cdea8 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -126,9 +126,7 @@ static void riscv_any_cpu_init(Object *obj)
 set_resetvec(env, DEFAULT_RSTVEC);
 }
 
-#if defined(TARGET_RISCV32)
-
-static void riscv_base32_cpu_init(Object *obj)
+static void riscv_base_cpu_init(Object *obj)
 {
 CPURISCVState *env = &RISCV_CPU(obj)->env;
 /* We set this in the realise function */
@@ -136,6 +134,8 @@ static void riscv_base32_cpu_init(Object *obj)
 set_resetvec(env, DEFAULT_RSTVEC);
 }
 
+#if defined(TARGET_RISCV32)
+
 static void rv32gcsu_priv1_10_0_cpu_init(Object *obj)
 {
 CPURISCVState *env = &RISCV_CPU(obj)->env;
@@ -173,14 +173,6 @@ static void rv32imafcu_nommu_cpu_init(Object *obj)
 
 #elif defined(TARGET_RISCV64)
 
-static void riscv_base64_cpu_init(Object *obj)
-{
-CPURISCVState *env = &RISCV_CPU(obj)->env;
-/* We set this in the realise function */
-set_misa(env, 0);
-set_resetvec(env, DEFAULT_RSTVEC);
-}
-
 static void rv64gcsu_priv1_10_0_cpu_init(Object *obj)
 {
 CPURISCVState *env = &RISCV_CPU(obj)->env;
@@ -603,13 +595,13 @@ static const TypeInfo riscv_cpu_type_infos[] = {
 },
 DEFINE_CPU(TYPE_RISCV_CPU_ANY,  riscv_any_cpu_init),
 #if defined(TARGET_RISCV32)
-DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   riscv_base32_cpu_init),
+DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   riscv_base_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32imcu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rv32imacu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34,   rv32imafcu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   rv32gcsu_priv1_10_0_cpu_init),
 #elif defined(TARGET_RISCV64)
-DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base64_cpu_init),
+DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E51,   rv64imacu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U54,   rv64gcsu_priv1_10_0_cpu_init),
 #endif
-- 
2.7.4

[PATCH v2 2/4] riscv: Generalize CPU init routine for the gcsu CPU

[Bin Meng]

From: Bin Meng 

There is no need to have two functions that have almost the same
codes for 32-bit and 64-bit gcsu CPUs.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 

---

Changes in v2:
- Change the function names to rvxx_*

 target/riscv/cpu.c | 20 ++--
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 81cdea8..437e141 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -134,16 +134,16 @@ static void riscv_base_cpu_init(Object *obj)
 set_resetvec(env, DEFAULT_RSTVEC);
 }
 
-#if defined(TARGET_RISCV32)
-
-static void rv32gcsu_priv1_10_0_cpu_init(Object *obj)
+static void rvxx_gcsu_priv1_10_0_cpu_init(Object *obj)
 {
 CPURISCVState *env = &RISCV_CPU(obj)->env;
-set_misa(env, RV32 | RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
+set_misa(env, RVXLEN | RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
 set_priv_version(env, PRIV_VERSION_1_10_0);
 set_resetvec(env, DEFAULT_RSTVEC);
 }
 
+#if defined(TARGET_RISCV32)
+
 static void rv32imcu_nommu_cpu_init(Object *obj)
 {
 CPURISCVState *env = &RISCV_CPU(obj)->env;
@@ -173,14 +173,6 @@ static void rv32imafcu_nommu_cpu_init(Object *obj)
 
 #elif defined(TARGET_RISCV64)
 
-static void rv64gcsu_priv1_10_0_cpu_init(Object *obj)
-{
-CPURISCVState *env = &RISCV_CPU(obj)->env;
-set_misa(env, RV64 | RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
-set_priv_version(env, PRIV_VERSION_1_10_0);
-set_resetvec(env, DEFAULT_RSTVEC);
-}
-
 static void rv64imacu_nommu_cpu_init(Object *obj)
 {
 CPURISCVState *env = &RISCV_CPU(obj)->env;
@@ -599,11 +591,11 @@ static const TypeInfo riscv_cpu_type_infos[] = {
 DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32imcu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rv32imacu_nommu_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34,   rv32imafcu_nommu_cpu_init),
-DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   rv32gcsu_priv1_10_0_cpu_init),
+DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   rvxx_gcsu_priv1_10_0_cpu_init),
 #elif defined(TARGET_RISCV64)
 DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base_cpu_init),
 DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E51,   rv64imacu_nommu_cpu_init),
-DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U54,   rv64gcsu_priv1_10_0_cpu_init),
+DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U54,   rvxx_gcsu_priv1_10_0_cpu_init),
 #endif
 };
 
-- 
2.7.4

[PATCH] hw/nios2: Update interrupt request when CR_STATUS_PIE disabled

[wentongw]

Update interrupt request when external interupt pends for STATUS_PIE
disabled. Otherwise on icount enabled nios2 target there will be cpu
abort when guest code changes state register with wrctl instruction.

Signed-off-by: Wentong Wu 
---
 hw/nios2/cpu_pic.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/nios2/cpu_pic.c b/hw/nios2/cpu_pic.c
index 1c1989d5..2abc8fa8 100644
--- a/hw/nios2/cpu_pic.c
+++ b/hw/nios2/cpu_pic.c
@@ -42,6 +42,8 @@ static void nios2_pic_cpu_handler(void *opaque, int irq, int 
level)
 } else if (!level) {
 env->irq_pending = 0;
 cpu_reset_interrupt(cs, type);
+} else {
+cs->interrupt_request |= type;
 }
 } else {
 if (level) {
-- 
2.21.3

Re: [PATCH 1/1] MAINTAINERS: Adjust sh4 maintainership

[Aleksandar Markovic]

чет, 11. јун 2020. у 00:51 Philippe Mathieu-Daudé  је
написао/ла:
>
> On 6/11/20 12:17 AM, Aleksandar Markovic wrote:
> > This patch transfers sh4 sections to Yoshinori Sato, who is best
> > positioned in the community to assume their maintainership.
>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg708235.html
>
> "BTW, you also dictate there Yoshimoto that to do and
>  what not to do. Why?"
>
> I suppose you meant Yoshinori? Again I'm didn't want to appear
> as dictating, I spend hours trying to raise the quality of the
> RX hardware model to be sure it'd be merged. You can not say
> otherwise, see the latest series posted:
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg708317.html
>
> We can not say likewise with the AVR port you almost killed,
> asking changes then disappearing, letting other contributors
> stuck.
>
> > He is
> > the maintainer of the related target rx.
> >
> > Further adjustments, reorganizations, and improvements of sh4
> > sections are left to the future maintainer to be devised and
> > executed, as he deems suitable.
> >
> > Aurealien and Magnus are deleted from some sections from the
>
> Typo 'Aurelien'.
>
> > MAINTAINERS file with this patch. However, they will not be
> > deleted from QEMU Hall of Fame, where their names will always
> > be carved in stone as QEMU pioneers and granddadies.
>
> Typo 'granddaddies'.
>
> >
> > Acked-by: Aurelien Jarno 
> > Acked-by: Magnus Damm 
> > Acked-by: Yoshinori Sato 
> > Signed-off-by: Aleksandar Markovic 
> > ---
> >  MAINTAINERS | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index 6e7890ce82..7ddb6db38c 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -296,7 +296,7 @@ F: tests/tcg/s390x/
> >  L: qemu-s3...@nongnu.org
> >
> >  SH4 TCG CPUs
> > -M: Aurelien Jarno 
> > +M: Yoshinori Sato 
> >  S: Odd Fixes
>
> 'Maintained'? See:
>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg710928.html
>
> >  F: target/sh4/
> >  F: hw/sh4/
> > @@ -1251,14 +1251,14 @@ F: include/hw/riscv/opentitan.h
> >  SH4 Machines
> >  
> >  R2D
> > -M: Magnus Damm 
> > +M: Yoshinori Sato 
> >  S: Maintained
> >  F: hw/sh4/r2d.c
> >  F: hw/intc/sh_intc.c
> >  F: hw/timer/sh_timer.c
> >
> >  Shix
> > -M: Magnus Damm 
> > +M: Yoshinori Sato 
> >  S: Odd Fixes
>
> Ditto 'Maintained'?
>
> Whichever status Yoshinori like:
> Reviewed-by: Philippe Mathieu-Daudé 
>

Thank you!

> >  F: hw/sh4/shix.c
> >
> >
>

Re: [PATCH v5 3/5] hw/riscv: Add helpers for RISC-V multi-socket NUMA machines

[Alistair Francis]

On Fri, May 29, 2020 at 4:48 AM Anup Patel  wrote:
>
> We add common helper routines which can be shared by RISC-V
> multi-socket NUMA machines.
>
> We have two types of helpers:
> 1. riscv_socket_xyz() - These helper assist managing multiple
>sockets irrespective whether QEMU NUMA is enabled/disabled
> 2. riscv_numa_xyz() - These helpers assist in providing
>necessary QEMU machine callbacks for QEMU NUMA emulation
>
> Signed-off-by: Anup Patel 
> ---
>  hw/riscv/Makefile.objs  |   1 +
>  hw/riscv/numa.c | 242 
>  include/hw/riscv/numa.h |  51 +
>  3 files changed, 294 insertions(+)
>  create mode 100644 hw/riscv/numa.c
>  create mode 100644 include/hw/riscv/numa.h

I don't love that we have an entire file of functions to help with
NUMA when no other arch seems to have anything this complex.

What about RISC-V requires extra complexity?

>
> diff --git a/hw/riscv/Makefile.objs b/hw/riscv/Makefile.objs
> index fc3c6dd7c8..4483e61879 100644
> --- a/hw/riscv/Makefile.objs
> +++ b/hw/riscv/Makefile.objs
> @@ -1,4 +1,5 @@
>  obj-y += boot.o
> +obj-y += numa.o
>  obj-$(CONFIG_SPIKE) += riscv_htif.o
>  obj-$(CONFIG_HART) += riscv_hart.o
>  obj-$(CONFIG_SIFIVE_E) += sifive_e.o
> diff --git a/hw/riscv/numa.c b/hw/riscv/numa.c
> new file mode 100644
> index 00..4f92307102
> --- /dev/null
> +++ b/hw/riscv/numa.c
> @@ -0,0 +1,242 @@
> +/*
> + * QEMU RISC-V NUMA Helper
> + *
> + * Copyright (c) 2020 Western Digital Corporation or its affiliates.
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along 
> with
> + * this program.  If not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/units.h"
> +#include "qemu/log.h"
> +#include "qemu/error-report.h"
> +#include "qapi/error.h"
> +#include "hw/boards.h"
> +#include "hw/qdev-properties.h"
> +#include "hw/riscv/numa.h"
> +#include "sysemu/device_tree.h"
> +
> +static bool numa_enabled(const MachineState *ms)
> +{
> +return (ms->numa_state && ms->numa_state->num_nodes) ? true : false;
> +}
> +
> +int riscv_socket_count(const MachineState *ms)
> +{
> +return (numa_enabled(ms)) ? ms->numa_state->num_nodes : 1;
> +}
> +
> +int riscv_socket_first_hartid(const MachineState *ms, int socket_id)
> +{
> +int i, first_hartid = ms->smp.cpus;
> +
> +if (!numa_enabled(ms)) {
> +return (!socket_id) ? 0 : -1;
> +}
> +
> +for (i = 0; i < ms->smp.cpus; i++) {
> +if (ms->possible_cpus->cpus[i].props.node_id != socket_id) {
> +continue;
> +}
> +if (i < first_hartid) {
> +first_hartid = i;
> +}
> +}
> +
> +return (first_hartid < ms->smp.cpus) ? first_hartid : -1;
> +}
> +
> +int riscv_socket_last_hartid(const MachineState *ms, int socket_id)
> +{
> +int i, last_hartid = -1;
> +
> +if (!numa_enabled(ms)) {
> +return (!socket_id) ? ms->smp.cpus - 1 : -1;
> +}
> +
> +for (i = 0; i < ms->smp.cpus; i++) {
> +if (ms->possible_cpus->cpus[i].props.node_id != socket_id) {
> +continue;
> +}
> +if (i > last_hartid) {
> +last_hartid = i;
> +}
> +}
> +
> +return (last_hartid < ms->smp.cpus) ? last_hartid : -1;
> +}
> +
> +int riscv_socket_hart_count(const MachineState *ms, int socket_id)
> +{
> +int first_hartid, last_hartid;
> +
> +if (!numa_enabled(ms)) {
> +return (!socket_id) ? ms->smp.cpus : -1;
> +}
> +
> +first_hartid = riscv_socket_first_hartid(ms, socket_id);
> +if (first_hartid < 0) {
> +return -1;
> +}
> +
> +last_hartid = riscv_socket_last_hartid(ms, socket_id);
> +if (last_hartid < 0) {
> +return -1;
> +}
> +
> +if (first_hartid > last_hartid) {
> +return -1;
> +}
> +
> +return last_hartid - first_hartid + 1;
> +}
> +
> +bool riscv_socket_check_hartids(const MachineState *ms, int socket_id)
> +{
> +int i, first_hartid, last_hartid;
> +
> +if (!numa_enabled(ms)) {
> +return (!socket_id) ? true : false;
> +}
> +
> +first_hartid = riscv_socket_first_hartid(ms, socket_id);
> +if (first_hartid < 0) {
> +return false;
> +}
> +
> +last_hartid = riscv_socket_last_hartid(ms, socket_id);
> +if (last_hartid < 0) {
> +return false;
> +}
> +
> +for (i = first_hartid; i <= last_hartid; i++) {
> +if (ms->possible_cpus->cpus[i].props.node_id != socket_id) {
> 

Re: [PATCH v5 5/5] hw/riscv: virt: Allow creating multiple NUMA sockets

[Alistair Francis]

On Fri, May 29, 2020 at 4:49 AM Anup Patel  wrote:
>
> We extend RISC-V virt machine to allow creating a multi-socket
> machine. Each RISC-V virt machine socket is a NUMA node having
> a set of HARTs, a memory instance, a CLINT instance, and a PLIC
> instance. Other devices are shared between all sockets. We also
> update the generated device tree accordingly.
>
> By default, NUMA multi-socket support is disabled for RISC-V virt
> machine. To enable it, users can use "-numa" command-line options
> of QEMU.
>
> Example1: For two NUMA nodes with 2 CPUs each, append following
> to command-line options: "-smp 4 -numa node -numa node"
>
> Example2: For two NUMA nodes with 1 and 3 CPUs, append following
> to command-line options:
> "-smp 4 -numa node -numa node -numa cpu,node-id=0,core-id=0 \
> -numa cpu,node-id=1,core-id=1 -numa cpu,node-id=1,core-id=2 \
> -numa cpu,node-id=1,core-id=3"
>
> The maximum number of sockets in a RISC-V virt machine is 8
> but this limit can be changed in future.
>
> Signed-off-by: Anup Patel 
> ---
>  hw/riscv/virt.c | 530 +++-
>  include/hw/riscv/virt.h |   9 +-
>  2 files changed, 308 insertions(+), 231 deletions(-)
>
> diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> index 421815081d..2863b42cea 100644
> --- a/hw/riscv/virt.c
> +++ b/hw/riscv/virt.c
> @@ -35,6 +35,7 @@
>  #include "hw/riscv/sifive_test.h"
>  #include "hw/riscv/virt.h"
>  #include "hw/riscv/boot.h"
> +#include "hw/riscv/numa.h"
>  #include "chardev/char.h"
>  #include "sysemu/arch_init.h"
>  #include "sysemu/device_tree.h"
> @@ -60,7 +61,7 @@ static const struct MemmapEntry {
>  [VIRT_TEST] ={   0x10,0x1000 },
>  [VIRT_RTC] = {   0x101000,0x1000 },
>  [VIRT_CLINT] =   {  0x200,   0x1 },
> -[VIRT_PLIC] ={  0xc00, 0x400 },
> +[VIRT_PLIC] ={  0xc00, VIRT_PLIC_SIZE(VIRT_CPUS_MAX * 2) },
>  [VIRT_UART0] =   { 0x1000, 0x100 },
>  [VIRT_VIRTIO] =  { 0x10001000,0x1000 },
>  [VIRT_FLASH] =   { 0x2000, 0x400 },
> @@ -182,10 +183,17 @@ static void create_fdt(RISCVVirtState *s, const struct 
> MemmapEntry *memmap,
>  uint64_t mem_size, const char *cmdline)
>  {
>  void *fdt;
> -int cpu, i;
> -uint32_t *cells;
> -char *nodename;
> -uint32_t plic_phandle, test_phandle, phandle = 1;
> +int i, cpu, socket;
> +MachineState *mc = MACHINE(s);
> +uint64_t addr, size;
> +uint32_t *clint_cells, *plic_cells;
> +unsigned long clint_addr, plic_addr;
> +uint32_t plic_phandle[MAX_NODES];
> +uint32_t cpu_phandle, intc_phandle, test_phandle;
> +uint32_t phandle = 1, plic_mmio_phandle = 1;
> +uint32_t plic_pcie_phandle = 1, plic_virtio_phandle = 1;
> +char *mem_name, *cpu_name, *core_name, *intc_name;
> +char *name, *clint_name, *plic_name, *clust_name;
>  hwaddr flashsize = virt_memmap[VIRT_FLASH].size / 2;
>  hwaddr flashbase = virt_memmap[VIRT_FLASH].base;
>
> @@ -206,231 +214,238 @@ static void create_fdt(RISCVVirtState *s, const 
> struct MemmapEntry *memmap,
>  qemu_fdt_setprop_cell(fdt, "/soc", "#size-cells", 0x2);
>  qemu_fdt_setprop_cell(fdt, "/soc", "#address-cells", 0x2);
>
> -nodename = g_strdup_printf("/memory@%lx",
> -(long)memmap[VIRT_DRAM].base);
> -qemu_fdt_add_subnode(fdt, nodename);
> -qemu_fdt_setprop_cells(fdt, nodename, "reg",
> -memmap[VIRT_DRAM].base >> 32, memmap[VIRT_DRAM].base,
> -mem_size >> 32, mem_size);
> -qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory");
> -g_free(nodename);
> -
>  qemu_fdt_add_subnode(fdt, "/cpus");
>  qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency",
>SIFIVE_CLINT_TIMEBASE_FREQ);
>  qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0);
>  qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1);
> +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map");

I'm no expert with cpu-map. Do you mind CCing Atish in the next
version and see if he can Ack these DT changes?

> +
> +for (socket = (riscv_socket_count(mc) - 1); socket >= 0; socket--) {
> +clust_name = g_strdup_printf("/cpus/cpu-map/cluster%d", socket);
> +qemu_fdt_add_subnode(fdt, clust_name);
> +
> +plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
> +clint_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
> +
> +for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) {
> +cpu_phandle = phandle++;
>
> -for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) {
> -int cpu_phandle = phandle++;
> -int intc_phandle;
> -nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
> -char *intc = g_strdup_printf("/cpus/cpu@%d/interrupt-controller", 
> cpu);
> -char *isa = riscv_isa_string(&s->soc.harts[cpu]);
> -qemu_fdt_add_subnode(fdt, nodename);

[Bug 1881645] Re: qemu-system-x86_64 --help (or --version) gives no output

[Adriano Pinaffo]

** Description changed:

- I have Arch Linux with qemu 5.0.0-6 (seen with pacman). Running VMs work just 
fine, but when I run qemu-system-x86_64 --version or qemu-system-x86_64 --help, 
there is no feedback on the screen. This behavior messes up other applications 
(GNS3 in my case that cannot recognize qemu as correctly installed because 
there is no feedback.
+ I have Arch Linux with qemu 5.0.0-6 (seen with pacman). Running VMs work just 
fine, but when I run qemu-system-x86_64 --version or qemu-system-x86_64 --help, 
there is no feedback on the screen. This behavior messes up other applications 
(GNS3 in my case that cannot recognize qemu as correctly installed because 
there is no feedback.)
  My kernel is 5.6.11.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1881645

Title:
  qemu-system-x86_64 --help (or --version) gives no output

Status in QEMU:
  New

Bug description:
  I have Arch Linux with qemu 5.0.0-6 (seen with pacman). Running VMs work just 
fine, but when I run qemu-system-x86_64 --version or qemu-system-x86_64 --help, 
there is no feedback on the screen. This behavior messes up other applications 
(GNS3 in my case that cannot recognize qemu as correctly installed because 
there is no feedback.)
  My kernel is 5.6.11.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1881645/+subscriptions

[Bug 1882671] Re: qemu-system-x86_64 (ver 4.2) stuck at boot with OVMF bios

[Laszlo Ersek (Red Hat)]

Hi Vlad,

the ipxe-qemu package in Ubuntu (1.0.0+git-20190109.133f4c4-0ubuntu3) is
built with DOWNLOAD_PROTO_HTTPS enabled (in "src/config/general.h").
According to the Ubuntu changelog, this is a new feature added in
"1.0.0+git-20190109.133f4c4-0ubuntu1".

With DOWNLOAD_PROTO_HTTPS enabled, I can reproduce the issue locally,
with iPXE built from source at git commit 133f4c4 (which you report the
issue for), and also at current iPXE master (9ee70fb95bc2).

The issue does not reproduce (with DOWNLOAD_PROTO_HTTPS enabled) at
commit fbe8c52d. This suggests the problem should be bisectable.

If I disable DOWNLOAD_PROTO_HTTPS, then the problem goes away even at
133f4c4 (i.e., the issue is masked).

I've used current edk2 master to test with (14c7ed8b51f6).

Viewed at 133f4c4:

The DOWNLOAD_PROTO_HTTPS feature test macro seems to result in iPXE
attempting to gather entropy. (Likely for setting up TLS connections.)
For entropy gathering, iPXE seems to use an EFI timer, and to measure
jitter across one timer tick. In this, iPXE plays some tricks with the
UEFI TPL (Task Priority Level).

In general, iPXE seems to want to run at TPL_CALLBACK most of the time,
to mask the timer interrupt in most code locations, and drops down to
TPL_APPLICATION only when it actively wants a timer callback (for the
jitter collection, see above).

When the iPXE driver is launched, the StartImage() UEFI boot service
takes a note of the current TPL. It is TPL_APPLICATION (value 4). Then
iPXE seems to perform the above trickery with TPL_CALLBACK & entropy
collection. Finally, after installing EfiDriverBindingProtocol and
EfiComponentName2Protocol, the iPXE driver exits (as expected from a
UEFI driver model driver -- the entry point function is only supposed to
perform some setup steps & install some protocol interfaces). At this
point, StartImage() verifies whether the TPL has been restored to the
same as it was before launching the driver.

Unfortunately, something about the TPL manipulations in iPXE is
unbalanced, because I see the following TPL changes:

- raise: APPLICATION (4) -> CALLBACK (8)
- raise: CALLBACK (8) -> NOTIFY (16)
- raise: NOTIFY (16) -> NOTIFY (16)
- restore: NOTIFY (16) -> NOTIFY (16)
- restore: NOTIFY (16) -> CALLBACK (8)

Note that the final "restore: CALLBACK (8) -> APPLICATION (4)"
transition is missing, before iPXE exits. This is what StartImage()
catches and reports with the failed ASSERT().

So, as I mentioned, the problem is bisectable. Here's the bisection log:

> git bisect start
> # bad: [9ee70fb95bc266885ff88be228b044a2bb226eeb] [efi] Attempt to
> # connect our driver directly if ConnectController fails
> git bisect bad 9ee70fb95bc266885ff88be228b044a2bb226eeb
> # bad: [133f4c47baef6002b2ccb4904a035cda2303c6e5] [build] Handle
> # R_X86_64_PLT32 from binutils 2.31
> git bisect bad 133f4c47baef6002b2ccb4904a035cda2303c6e5
> # good: [fbe8c52d0d9cdb3d6f5fe8be8edab54618becc1f] [ena] Fix spurious
> # uninitialised variable warning on older versions of gcc
> git bisect good fbe8c52d0d9cdb3d6f5fe8be8edab54618becc1f
> # bad: [bc85368cdd311fe68ffcf251e7e8e90c14f8a9dc] [librm] Ensure that
> # inline code symbols are unique
> git bisect bad bc85368cdd311fe68ffcf251e7e8e90c14f8a9dc
> # bad: [0778418e29ea16fc897fc5b6e497054f5ba86ebd] [golan] Do not
> # assume all devices are identical
> git bisect bad 0778418e29ea16fc897fc5b6e497054f5ba86ebd
> # good: [f672a27b34220865b403df519593f382859559e0] [efi] Raise TPL
> # within EFI_USB_IO_PROTOCOL entry points
> git bisect good f672a27b34220865b403df519593f382859559e0
> # bad: [d8c500b7945e57023dde5bd0be2b0e40963315d9] [efi] Drop to
> # TPL_APPLICATION when gathering entropy
> git bisect bad d8c500b7945e57023dde5bd0be2b0e40963315d9
> # good: [c84f9d67272beaed98f98bf308471df16340a3be] [iscsi] Parse IPv6
> # address in root path
> git bisect good c84f9d67272beaed98f98bf308471df16340a3be
> # first bad commit: [d8c500b7945e57023dde5bd0be2b0e40963315d9] [efi]
> # Drop to TPL_APPLICATION when gathering entropy

The bisection fingers d8c500b7945e ("[efi] Drop to TPL_APPLICATION when
 gathering entropy", 2018-03-12) as first bad commit.

Feel free to report this problem on the upstream iPXE mailing list.

Regarding Ubuntu downstream, you should be able to work around this
issue by #undef-ing DOWNLOAD_PROTO_HTTPS again, in
"src/config/general.h" -- *minimally* in the CONFIG=qemu build(s). That
is, in the ipxe-qemu subpackage.

That's because in a CONFIG=qemu build, you totally don't need (or even
*use*) the iPXE HTTPS infrastructure (the entropy gathering that trips
the ASSERT seems spurious to me, with CONFIG=qemu). With CONFIG=qemu,
iPXE provides the UEFI SNP (Simple Network Protocol) interface on top of
the e1000 NIC, and the crypto stuff (if any) is done by the platform
firmware (edk2 / OVMF).



** Project changed: qemu => ipxe

** Package changed: qemu (Ubuntu) => ipxe (Ubuntu)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed

Re: [PATCH 4/4] riscv: Keep the CPU init routine names consistent

[Alistair Francis]

On Fri, Jun 5, 2020 at 12:44 AM Bin Meng  wrote:
>
> From: Bin Meng 
>
> Adding a _ to keep some consistency among the CPU init routines.

We now differ from the actual ISA strings, but as these are internal
functions I don't think it matters. This seems clearer.

>
> Signed-off-by: Bin Meng 

Reviewed-by: Alistair Francis 

Alistair

> ---
>
>  target/riscv/cpu.c | 8 
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index c5c2abc..5060534 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -153,7 +153,7 @@ static void rvnn_imacu_nommu_cpu_init(Object *obj)
>
>  #if defined(TARGET_RISCV32)
>
> -static void rv32imcu_nommu_cpu_init(Object *obj)
> +static void rv32_imcu_nommu_cpu_init(Object *obj)
>  {
>  CPURISCVState *env = &RISCV_CPU(obj)->env;
>  set_misa(env, RV32 | RVI | RVM | RVC | RVU);
> @@ -162,7 +162,7 @@ static void rv32imcu_nommu_cpu_init(Object *obj)
>  qdev_prop_set_bit(DEVICE(obj), "mmu", false);
>  }
>
> -static void rv32imafcu_nommu_cpu_init(Object *obj)
> +static void rv32_imafcu_nommu_cpu_init(Object *obj)
>  {
>  CPURISCVState *env = &RISCV_CPU(obj)->env;
>  set_misa(env, RV32 | RVI | RVM | RVA | RVF | RVC | RVU);
> @@ -575,9 +575,9 @@ static const TypeInfo riscv_cpu_type_infos[] = {
>  DEFINE_CPU(TYPE_RISCV_CPU_ANY,  riscv_any_cpu_init),
>  #if defined(TARGET_RISCV32)
>  DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   riscv_base_cpu_init),
> -DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32imcu_nommu_cpu_init),
> +DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32_imcu_nommu_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rvnn_imacu_nommu_cpu_init),
> -DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34,   rv32imafcu_nommu_cpu_init),
> +DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34,   rv32_imafcu_nommu_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   
> rvnn_gcsu_priv1_10_0_cpu_init),
>  #elif defined(TARGET_RISCV64)
>  DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base_cpu_init),
> --
> 2.7.4
>
>

Re: [PATCH 3/4] riscv: Generalize CPU init routine for the imacu CPU

[Alistair Francis]

On Fri, Jun 5, 2020 at 12:40 AM Bin Meng  wrote:
>
> From: Bin Meng 
>
> There is no need to have two functions that have almost the same
> codes for 32-bit and 64-bit imacu CPUs.
>
> Signed-off-by: Bin Meng 
> ---
>
>  target/riscv/cpu.c | 31 ++-
>  1 file changed, 10 insertions(+), 21 deletions(-)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index e66488f..c5c2abc 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -142,23 +142,23 @@ static void rvnn_gcsu_priv1_10_0_cpu_init(Object *obj)
>  set_resetvec(env, DEFAULT_RSTVEC);
>  }
>
> -#if defined(TARGET_RISCV32)
> -
> -static void rv32imcu_nommu_cpu_init(Object *obj)
> +static void rvnn_imacu_nommu_cpu_init(Object *obj)

Same request with rvxx_*

Otherwise:

Reviewed-by: Alistair Francis 

Alistair

>  {
>  CPURISCVState *env = &RISCV_CPU(obj)->env;
> -set_misa(env, RV32 | RVI | RVM | RVC | RVU);
> +set_misa(env, RVXLEN | RVI | RVM | RVA | RVC | RVU);
>  set_priv_version(env, PRIV_VERSION_1_10_0);
> -set_resetvec(env, 0x8090);
> +set_resetvec(env, DEFAULT_RSTVEC);
>  qdev_prop_set_bit(DEVICE(obj), "mmu", false);
>  }
>
> -static void rv32imacu_nommu_cpu_init(Object *obj)
> +#if defined(TARGET_RISCV32)
> +
> +static void rv32imcu_nommu_cpu_init(Object *obj)
>  {
>  CPURISCVState *env = &RISCV_CPU(obj)->env;
> -set_misa(env, RV32 | RVI | RVM | RVA | RVC | RVU);
> +set_misa(env, RV32 | RVI | RVM | RVC | RVU);
>  set_priv_version(env, PRIV_VERSION_1_10_0);
> -set_resetvec(env, DEFAULT_RSTVEC);
> +set_resetvec(env, 0x8090);
>  qdev_prop_set_bit(DEVICE(obj), "mmu", false);
>  }
>
> @@ -171,17 +171,6 @@ static void rv32imafcu_nommu_cpu_init(Object *obj)
>  qdev_prop_set_bit(DEVICE(obj), "mmu", false);
>  }
>
> -#elif defined(TARGET_RISCV64)
> -
> -static void rv64imacu_nommu_cpu_init(Object *obj)
> -{
> -CPURISCVState *env = &RISCV_CPU(obj)->env;
> -set_misa(env, RV64 | RVI | RVM | RVA | RVC | RVU);
> -set_priv_version(env, PRIV_VERSION_1_10_0);
> -set_resetvec(env, DEFAULT_RSTVEC);
> -qdev_prop_set_bit(DEVICE(obj), "mmu", false);
> -}
> -
>  #endif
>
>  static ObjectClass *riscv_cpu_class_by_name(const char *cpu_model)
> @@ -587,12 +576,12 @@ static const TypeInfo riscv_cpu_type_infos[] = {
>  #if defined(TARGET_RISCV32)
>  DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   riscv_base_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32imcu_nommu_cpu_init),
> -DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rv32imacu_nommu_cpu_init),
> +DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rvnn_imacu_nommu_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34,   rv32imafcu_nommu_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   
> rvnn_gcsu_priv1_10_0_cpu_init),
>  #elif defined(TARGET_RISCV64)
>  DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base_cpu_init),
> -DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E51,   rv64imacu_nommu_cpu_init),
> +DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E51,   rvnn_imacu_nommu_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U54,   
> rvnn_gcsu_priv1_10_0_cpu_init),
>  #endif
>  };
> --
> 2.7.4
>
>

Re: [PATCH 2/4] riscv: Generalize CPU init routine for the gcsu CPU

[Alistair Francis]

On Fri, Jun 5, 2020 at 12:42 AM Bin Meng  wrote:
>
> From: Bin Meng 
>
> There is no need to have two functions that have almost the same
> codes for 32-bit and 64-bit gcsu CPUs.
>
> Signed-off-by: Bin Meng 
> ---
>
>  target/riscv/cpu.c | 20 ++--
>  1 file changed, 6 insertions(+), 14 deletions(-)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index d38d829..e66488f 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -134,16 +134,16 @@ static void riscv_base_cpu_init(Object *obj)
>  set_resetvec(env, DEFAULT_RSTVEC);
>  }
>
> -#if defined(TARGET_RISCV32)
> -
> -static void rv32gcsu_priv1_10_0_cpu_init(Object *obj)
> +static void rvnn_gcsu_priv1_10_0_cpu_init(Object *obj)

Could we change the function names to rvxx_*?

Reviewed-by: Alistair Francis 

Alistair

>  {
>  CPURISCVState *env = &RISCV_CPU(obj)->env;
> -set_misa(env, RV32 | RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
> +set_misa(env, RVXLEN | RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
>  set_priv_version(env, PRIV_VERSION_1_10_0);
>  set_resetvec(env, DEFAULT_RSTVEC);
>  }
>
> +#if defined(TARGET_RISCV32)
> +
>  static void rv32imcu_nommu_cpu_init(Object *obj)
>  {
>  CPURISCVState *env = &RISCV_CPU(obj)->env;
> @@ -173,14 +173,6 @@ static void rv32imafcu_nommu_cpu_init(Object *obj)
>
>  #elif defined(TARGET_RISCV64)
>
> -static void rv64gcsu_priv1_10_0_cpu_init(Object *obj)
> -{
> -CPURISCVState *env = &RISCV_CPU(obj)->env;
> -set_misa(env, RV64 | RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
> -set_priv_version(env, PRIV_VERSION_1_10_0);
> -set_resetvec(env, DEFAULT_RSTVEC);
> -}
> -
>  static void rv64imacu_nommu_cpu_init(Object *obj)
>  {
>  CPURISCVState *env = &RISCV_CPU(obj)->env;
> @@ -597,11 +589,11 @@ static const TypeInfo riscv_cpu_type_infos[] = {
>  DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32imcu_nommu_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rv32imacu_nommu_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34,   rv32imafcu_nommu_cpu_init),
> -DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   
> rv32gcsu_priv1_10_0_cpu_init),
> +DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   
> rvnn_gcsu_priv1_10_0_cpu_init),
>  #elif defined(TARGET_RISCV64)
>  DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E51,   rv64imacu_nommu_cpu_init),
> -DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U54,   
> rv64gcsu_priv1_10_0_cpu_init),
> +DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U54,   
> rvnn_gcsu_priv1_10_0_cpu_init),
>  #endif
>  };
>
> --
> 2.7.4
>
>

Re: [PATCH 1/4] riscv: Generalize CPU init routine for the base CPU

[Alistair Francis]

On Fri, Jun 5, 2020 at 12:40 AM Bin Meng  wrote:
>
> From: Bin Meng 
>
> There is no need to have two functions that have exactly the same
> codes for 32-bit and 64-bit base CPUs.
>
> Signed-off-by: Bin Meng 

Reviewed-by: Alistair Francis 

Alistair

> ---
>
>  target/riscv/cpu.c | 18 +-
>  1 file changed, 5 insertions(+), 13 deletions(-)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index 9007a25..d38d829 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -126,9 +126,7 @@ static void riscv_any_cpu_init(Object *obj)
>  set_resetvec(env, DEFAULT_RSTVEC);
>  }
>
> -#if defined(TARGET_RISCV32)
> -
> -static void riscv_base32_cpu_init(Object *obj)
> +static void riscv_base_cpu_init(Object *obj)
>  {
>  CPURISCVState *env = &RISCV_CPU(obj)->env;
>  /* We set this in the realise function */
> @@ -136,6 +134,8 @@ static void riscv_base32_cpu_init(Object *obj)
>  set_resetvec(env, DEFAULT_RSTVEC);
>  }
>
> +#if defined(TARGET_RISCV32)
> +
>  static void rv32gcsu_priv1_10_0_cpu_init(Object *obj)
>  {
>  CPURISCVState *env = &RISCV_CPU(obj)->env;
> @@ -173,14 +173,6 @@ static void rv32imafcu_nommu_cpu_init(Object *obj)
>
>  #elif defined(TARGET_RISCV64)
>
> -static void riscv_base64_cpu_init(Object *obj)
> -{
> -CPURISCVState *env = &RISCV_CPU(obj)->env;
> -/* We set this in the realise function */
> -set_misa(env, 0);
> -set_resetvec(env, DEFAULT_RSTVEC);
> -}
> -
>  static void rv64gcsu_priv1_10_0_cpu_init(Object *obj)
>  {
>  CPURISCVState *env = &RISCV_CPU(obj)->env;
> @@ -601,13 +593,13 @@ static const TypeInfo riscv_cpu_type_infos[] = {
>  },
>  DEFINE_CPU(TYPE_RISCV_CPU_ANY,  riscv_any_cpu_init),
>  #if defined(TARGET_RISCV32)
> -DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   riscv_base32_cpu_init),
> +DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   riscv_base_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_IBEX, rv32imcu_nommu_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rv32imacu_nommu_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E34,   rv32imafcu_nommu_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   
> rv32gcsu_priv1_10_0_cpu_init),
>  #elif defined(TARGET_RISCV64)
> -DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base64_cpu_init),
> +DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E51,   rv64imacu_nommu_cpu_init),
>  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U54,   
> rv64gcsu_priv1_10_0_cpu_init),
>  #endif
> --
> 2.7.4
>
>

Re: [PATCH v8 00/34] Add subcluster allocation to qcow2

[no-reply]

Patchew URL: https://patchew.org/QEMU/cover.1591801197.git.be...@igalia.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  block/blkdebug.o
  CC  block/blkverify.o
/tmp/qemu-test/src/block/qcow2-cluster.c: In function 'qcow2_get_host_offset':
/tmp/qemu-test/src/block/qcow2-cluster.c:473:19: error: 'expected_type' may be 
used uninitialized in this function [-Werror=maybe-uninitialized]
 } else if (type != expected_type) {
   ^
/tmp/qemu-test/src/block/qcow2-cluster.c:449:25: note: 'expected_type' was 
declared here
 QCow2SubclusterType expected_type, type;
 ^
/tmp/qemu-test/src/block/qcow2-cluster.c:475:19: error: 'check_offset' may be 
used uninitialized in this function [-Werror=maybe-uninitialized]
 } else if (check_offset) {
   ^
/tmp/qemu-test/src/block/qcow2-cluster.c:447:10: note: 'check_offset' was 
declared here
 bool check_offset;
  ^
/tmp/qemu-test/src/block/qcow2-cluster.c:476:29: error: 'expected_offset' may 
be used uninitialized in this function [-Werror=maybe-uninitialized]
 expected_offset += s->cluster_size;
 ^
/tmp/qemu-test/src/block/qcow2-cluster.c:448:14: note: 'expected_offset' was 
declared here
 uint64_t expected_offset;
  ^
cc1: all warnings being treated as errors
make: *** [block/qcow2-cluster.o] Error 1
make: *** Waiting for unfinished jobs
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 665, in 
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=c26843e7a1d24a3c860bd5ab2506a33c', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-h2erlgmp/src/docker-src.2020-06-10-18.50.30.7791:/var/tmp/qemu:z,ro',
 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=c26843e7a1d24a3c860bd5ab2506a33c
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-h2erlgmp/src'
make: *** [docker-run-test-quick@centos7] Error 2

real2m20.876s
user0m8.581s


The full log is available at
http://patchew.org/logs/cover.1591801197.git.be...@igalia.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH 1/1] MAINTAINERS: Adjust sh4 maintainership

[Philippe Mathieu-Daudé]

On 6/11/20 12:17 AM, Aleksandar Markovic wrote:
> This patch transfers sh4 sections to Yoshinori Sato, who is best
> positioned in the community to assume their maintainership.

https://www.mail-archive.com/qemu-devel@nongnu.org/msg708235.html

"BTW, you also dictate there Yoshimoto that to do and
 what not to do. Why?"

I suppose you meant Yoshinori? Again I'm didn't want to appear
as dictating, I spend hours trying to raise the quality of the
RX hardware model to be sure it'd be merged. You can not say
otherwise, see the latest series posted:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg708317.html

We can not say likewise with the AVR port you almost killed,
asking changes then disappearing, letting other contributors
stuck.

> He is
> the maintainer of the related target rx.
> 
> Further adjustments, reorganizations, and improvements of sh4
> sections are left to the future maintainer to be devised and
> executed, as he deems suitable.
> 
> Aurealien and Magnus are deleted from some sections from the

Typo 'Aurelien'.

> MAINTAINERS file with this patch. However, they will not be
> deleted from QEMU Hall of Fame, where their names will always
> be carved in stone as QEMU pioneers and granddadies.

Typo 'granddaddies'.

> 
> Acked-by: Aurelien Jarno 
> Acked-by: Magnus Damm 
> Acked-by: Yoshinori Sato 
> Signed-off-by: Aleksandar Markovic 
> ---
>  MAINTAINERS | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 6e7890ce82..7ddb6db38c 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -296,7 +296,7 @@ F: tests/tcg/s390x/
>  L: qemu-s3...@nongnu.org
>  
>  SH4 TCG CPUs
> -M: Aurelien Jarno 
> +M: Yoshinori Sato 
>  S: Odd Fixes

'Maintained'? See:

https://www.mail-archive.com/qemu-devel@nongnu.org/msg710928.html

>  F: target/sh4/
>  F: hw/sh4/
> @@ -1251,14 +1251,14 @@ F: include/hw/riscv/opentitan.h
>  SH4 Machines
>  
>  R2D
> -M: Magnus Damm 
> +M: Yoshinori Sato 
>  S: Maintained
>  F: hw/sh4/r2d.c
>  F: hw/intc/sh_intc.c
>  F: hw/timer/sh_timer.c
>  
>  Shix
> -M: Magnus Damm 
> +M: Yoshinori Sato 
>  S: Odd Fixes

Ditto 'Maintained'?

Whichever status Yoshinori like:
Reviewed-by: Philippe Mathieu-Daudé 

>  F: hw/sh4/shix.c
>  
> 

Re: [PATCH] net: tulip: Set PCI revision to match dec21143

[Marek Vasut]

On 6/11/20 12:27 AM, Philippe Mathieu-Daudé wrote:
> On 6/10/20 11:13 PM, Sven Schnelle wrote:
>> On Mon, Jun 08, 2020 at 12:17:11AM +0200, Philippe Mathieu-Daudé wrote:
>>> Hi Sven, could you review thiw one-line patch?
>>>
>>> On 4/18/20 2:25 AM, Marek Vasut wrote:
 The tulip driver claims to emulate dec21143 and it does not emulate 
 dec21142.
 The dec21142 and dec21143 can be discerned by the PCI revision register,
 where dec21142 reports value < 0x20 and dec21143 value >= 0x20. E.g. the
 U-Boot 'tulip' driver also only supports dec21143 and verifies that the
 PCI revision ID is >= 0x20, otherwise refuses to operate such a card.

 This patch sets the PCI revision ID to 0x20 to match the dec21143 and
 thus also permits e.g. U-Boot to work with the tulip emulation.

 Fixes: 34ea023d4b95 ("net: add tulip (dec21143) driver")
 Signed-off-by: Marek Vasut 
 Cc: Marc-André Lureau 
 Cc: Paolo Bonzini 
 Cc: Peter Maydell 
 Cc: Prasad J Pandit 
 Cc: Sven Schnelle 
 ---
  hw/net/tulip.c | 2 ++
  1 file changed, 2 insertions(+)

 diff --git a/hw/net/tulip.c b/hw/net/tulip.c
 index 1295f51d07..ffb6c2479a 100644
 --- a/hw/net/tulip.c
 +++ b/hw/net/tulip.c
 @@ -962,6 +962,8 @@ static void pci_tulip_realize(PCIDevice *pci_dev, 
 Error **errp)
  
  pci_conf = s->dev.config;
  pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
 +/* Anything with revision < 0x20 is DC21142, anything >= 0x20 is 
 DC21143 */
 +pci_conf[PCI_REVISION_ID] = 0x20;
  
  s->eeprom = eeprom93xx_new(&pci_dev->qdev, 64);
  tulip_fill_eeprom(s);

>>>
>>
>> The intel datasheet for the DEC21143 lists only Rev IDs > 30 for this 
>> particular family:
>>
>> 21143-PB,TB,PC,TC - 0x30
>> 21143-PD,TD - x041
>>
>> but maybe older DEC chips used 0x20 - don't know. The most interesting 
>> question is
>> whether ancient OS' like HP-UX or Windows XP would still work with this 
>> patch, but
>> i don't have test images at hand right now.
> 
> So the question is whether your HP-UX/WinXP images also boot with a
> DEC21142 (you aimed to model a DEC21143, and it is tested anyway).
> 
> Marek, suggestion:
> 
> Make pci_tulip_realize() abstract, add dec21142 and dec21143 models as
> you suggested, making 'tulip' an alias of dec21142 for backward
> compatibility. You can then use the dec21143.

I don't have any way to test dec21142 , I only have dec21143 support in
U-Boot. U-Boot actually checks for this revision field and does not work
with dec21142 , so these older models must be somehow incompatible.
Hence, if we model only the dec21143 anyway, we should set that revision
ID to model it fully.

Re: [PATCH v3 01/11] MAINTAINERS: Mark SH4 section orphan

[Aleksandar Markovic]

чет, 11. јун 2020. у 00:08 Philippe Mathieu-Daudé  је
написао/ла:
>
> Aurelien Jarno expressed his desire to orphan the SH4 section [*]:
>
>   I don't mind being [...] removed from there.
>   I do not really have time to work on that.
>
> Mark the SH4 section orphan.
>
> Many thanks to Aurelien for his substantial contributions to QEMU,
> and for maintaining the SH4 emulation for various years!
>
> [*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg708400.html
>
> Message-Id: <20200601214125.ga1924...@aurel32.net>
> Acked-by: Aurelien Jarno 
> Suggested-by: Aleksandar Markovic 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---

I am sorry if I hurt anybody's feelings with my choice of words, or in
other ways.

As requested by Philippe, I wrote the patch that represent a comprehensive
summary of all needed changes related to sh4 maintainership, that is, I
believe,
simple, effective and productive in both short and long term.

https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03080.html

The patch I wrote supersedes patches 1-2 from v2 of this series, and also
patches
1-6 from v3 (this one) of this series.

Please let me know if you have any objection to such patch.

Sincerely,
Aleksandar


>  MAINTAINERS | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 3abe3faa4e..129517cfb4 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -296,8 +296,7 @@ F: tests/tcg/s390x/
>  L: qemu-s3...@nongnu.org
>
>  SH4 TCG CPUs
> -M: Aurelien Jarno 
> -S: Odd Fixes
> +S: Orphan
>  F: target/sh4/
>  F: hw/sh4/
>  F: disas/sh4.c
> --
> 2.21.3
>

Re: [PATCH] net: tulip: Set PCI revision to match dec21143

[Philippe Mathieu-Daudé]

On 6/10/20 11:13 PM, Sven Schnelle wrote:
> On Mon, Jun 08, 2020 at 12:17:11AM +0200, Philippe Mathieu-Daudé wrote:
>> Hi Sven, could you review thiw one-line patch?
>>
>> On 4/18/20 2:25 AM, Marek Vasut wrote:
>>> The tulip driver claims to emulate dec21143 and it does not emulate 
>>> dec21142.
>>> The dec21142 and dec21143 can be discerned by the PCI revision register,
>>> where dec21142 reports value < 0x20 and dec21143 value >= 0x20. E.g. the
>>> U-Boot 'tulip' driver also only supports dec21143 and verifies that the
>>> PCI revision ID is >= 0x20, otherwise refuses to operate such a card.
>>>
>>> This patch sets the PCI revision ID to 0x20 to match the dec21143 and
>>> thus also permits e.g. U-Boot to work with the tulip emulation.
>>>
>>> Fixes: 34ea023d4b95 ("net: add tulip (dec21143) driver")
>>> Signed-off-by: Marek Vasut 
>>> Cc: Marc-André Lureau 
>>> Cc: Paolo Bonzini 
>>> Cc: Peter Maydell 
>>> Cc: Prasad J Pandit 
>>> Cc: Sven Schnelle 
>>> ---
>>>  hw/net/tulip.c | 2 ++
>>>  1 file changed, 2 insertions(+)
>>>
>>> diff --git a/hw/net/tulip.c b/hw/net/tulip.c
>>> index 1295f51d07..ffb6c2479a 100644
>>> --- a/hw/net/tulip.c
>>> +++ b/hw/net/tulip.c
>>> @@ -962,6 +962,8 @@ static void pci_tulip_realize(PCIDevice *pci_dev, Error 
>>> **errp)
>>>  
>>>  pci_conf = s->dev.config;
>>>  pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
>>> +/* Anything with revision < 0x20 is DC21142, anything >= 0x20 is 
>>> DC21143 */
>>> +pci_conf[PCI_REVISION_ID] = 0x20;
>>>  
>>>  s->eeprom = eeprom93xx_new(&pci_dev->qdev, 64);
>>>  tulip_fill_eeprom(s);
>>>
>>
> 
> The intel datasheet for the DEC21143 lists only Rev IDs > 30 for this 
> particular family:
> 
> 21143-PB,TB,PC,TC - 0x30
> 21143-PD,TD - x041
> 
> but maybe older DEC chips used 0x20 - don't know. The most interesting 
> question is
> whether ancient OS' like HP-UX or Windows XP would still work with this 
> patch, but
> i don't have test images at hand right now.

So the question is whether your HP-UX/WinXP images also boot with a
DEC21142 (you aimed to model a DEC21143, and it is tested anyway).

Marek, suggestion:

Make pci_tulip_realize() abstract, add dec21142 and dec21143 models as
you suggested, making 'tulip' an alias of dec21142 for backward
compatibility. You can then use the dec21143.

Re: [PATCH v1 2/2] sifive_e: Support the revB machine

[Alistair Francis]

On Thu, May 28, 2020 at 11:13 AM Alistair Francis  wrote:
>
> On Thu, May 21, 2020 at 8:57 AM Alistair Francis  wrote:
> >
> > On Wed, May 20, 2020 at 4:08 PM Palmer Dabbelt  wrote:
> > >
> > > On Thu, 14 May 2020 13:47:10 PDT (-0700), Alistair Francis wrote:
> > > > Signed-off-by: Alistair Francis 
> > > > ---
> > > >  hw/riscv/sifive_e.c | 35 +++
> > > >  include/hw/riscv/sifive_e.h |  1 +
> > > >  2 files changed, 32 insertions(+), 4 deletions(-)
> > > >
> > > > diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
> > > > index 472a98970b..cb7818341b 100644
> > > > --- a/hw/riscv/sifive_e.c
> > > > +++ b/hw/riscv/sifive_e.c
> > > > @@ -98,10 +98,14 @@ static void riscv_sifive_e_init(MachineState 
> > > > *machine)
> > > >  memmap[SIFIVE_E_DTIM].base, main_mem);
> > > >
> > > >  /* Mask ROM reset vector */
> > > > -uint32_t reset_vec[2] = {
> > > > -0x204002b7,/* 0x1000: lui t0,0x20400 */
> > > > -0x00028067,/* 0x1004: jr  t0 */
> > > > -};
> > > > +uint32_t reset_vec[2];
> > > > +
> > > > +if (s->revb) {
> > > > +reset_vec[0] = 0x200102b7;/* 0x1000: lui 
> > > > t0,0x20010 */
> > > > +} else {
> > > > +reset_vec[0] = 0x204002b7;/* 0x1000: lui 
> > > > t0,0x20400 */
> > > > +}
> > > > +reset_vec[1] = 0x00028067;/* 0x1004: jr  t0 */
> > > >
> > > >  /* copy in the reset vector in little_endian byte order */
> > > >  for (i = 0; i < sizeof(reset_vec) >> 2; i++) {
> > > > @@ -115,8 +119,31 @@ static void riscv_sifive_e_init(MachineState 
> > > > *machine)
> > > >  }
> > > >  }
> > > >
> > > > +static bool sifive_e_machine_get_revb(Object *obj, Error **errp)
> > > > +{
> > > > +SiFiveEState *s = RISCV_E_MACHINE(obj);
> > > > +
> > > > +return s->revb;
> > > > +}
> > > > +
> > > > +static void sifive_e_machine_set_revb(Object *obj, bool value, Error 
> > > > **errp)
> > > > +{
> > > > +SiFiveEState *s = RISCV_E_MACHINE(obj);
> > > > +
> > > > +s->revb = value;
> > > > +}
> > > > +
> > > >  static void sifive_e_machine_instance_init(Object *obj)
> > > >  {
> > > > +SiFiveEState *s = RISCV_E_MACHINE(obj);
> > > > +
> > > > +s->revb = false;
> > > > +object_property_add_bool(obj, "revb", sifive_e_machine_get_revb,
> > > > + sifive_e_machine_set_revb, NULL);
> > > > +object_property_set_description(obj, "revb",
> > > > +"Set on to tell QEMU that it 
> > > > should model "
> > > > +"the revB HiFive1 board",
> > > > +NULL);
> > > >  }
> > > >
> > > >  static void sifive_e_machine_class_init(ObjectClass *oc, void *data)
> > > > diff --git a/include/hw/riscv/sifive_e.h b/include/hw/riscv/sifive_e.h
> > > > index 414992119e..0d3cd07fcc 100644
> > > > --- a/include/hw/riscv/sifive_e.h
> > > > +++ b/include/hw/riscv/sifive_e.h
> > > > @@ -45,6 +45,7 @@ typedef struct SiFiveEState {
> > > >
> > > >  /*< public >*/
> > > >  SiFiveESoCState soc;
> > > > +bool revb;
> > > >  } SiFiveEState;
> > > >
> > > >  #define TYPE_RISCV_E_MACHINE MACHINE_TYPE_NAME("sifive_e")
> > >
> > > IIRC there are way more differences between the un-suffixed FE310 and the 
> > > Rev
> > > B, specifically the interrupt map is all different.
> >
> > The three IRQs that QEMU uses for the SiFive E (UART0, UART1 and GPIO)
> > all seem to be the same.
>
> Ping!

Ping^2

Applying to RISC-V tree.

Alistair

>
> >
> > Alistair

[PATCH v6 4/6] riscv/opentitan: Connect the PLIC device

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reviewed-by: Bin Meng 
Reviewed-by: Philippe Mathieu-Daudé 
---
 include/hw/riscv/opentitan.h |  3 +++
 hw/riscv/opentitan.c | 19 +--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/include/hw/riscv/opentitan.h b/include/hw/riscv/opentitan.h
index a4b6499444..76f72905a8 100644
--- a/include/hw/riscv/opentitan.h
+++ b/include/hw/riscv/opentitan.h
@@ -20,6 +20,7 @@
 #define HW_OPENTITAN_H
 
 #include "hw/riscv/riscv_hart.h"
+#include "hw/intc/ibex_plic.h"
 
 #define TYPE_RISCV_IBEX_SOC "riscv.lowrisc.ibex.soc"
 #define RISCV_IBEX_SOC(obj) \
@@ -31,6 +32,8 @@ typedef struct LowRISCIbexSoCState {
 
 /*< public >*/
 RISCVHartArrayState cpus;
+IbexPlicState plic;
+
 MemoryRegion flash_mem;
 MemoryRegion rom;
 } LowRISCIbexSoCState;
diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index 6c7359c190..1fc0327cb5 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -25,6 +25,7 @@
 #include "hw/misc/unimp.h"
 #include "hw/riscv/boot.h"
 #include "exec/address-spaces.h"
+#include "sysemu/sysemu.h"
 
 static const struct MemmapEntry {
 hwaddr base;
@@ -97,6 +98,9 @@ static void riscv_lowrisc_ibex_soc_init(Object *obj)
 object_initialize_child(obj, "cpus", &s->cpus,
 sizeof(s->cpus), TYPE_RISCV_HART_ARRAY,
 &error_abort, NULL);
+
+sysbus_init_child_obj(obj, "plic", &s->plic,
+  sizeof(s->plic), TYPE_IBEX_PLIC);
 }
 
 static void riscv_lowrisc_ibex_soc_realize(DeviceState *dev_soc, Error **errp)
@@ -105,6 +109,9 @@ static void riscv_lowrisc_ibex_soc_realize(DeviceState 
*dev_soc, Error **errp)
 MachineState *ms = MACHINE(qdev_get_machine());
 LowRISCIbexSoCState *s = RISCV_IBEX_SOC(dev_soc);
 MemoryRegion *sys_mem = get_system_memory();
+DeviceState *dev;
+SysBusDevice *busdev;
+Error *err = NULL;
 
 object_property_set_str(OBJECT(&s->cpus), ms->cpu_type, "cpu-type",
 &error_abort);
@@ -125,6 +132,16 @@ static void riscv_lowrisc_ibex_soc_realize(DeviceState 
*dev_soc, Error **errp)
 memory_region_add_subregion(sys_mem, memmap[IBEX_FLASH].base,
 &s->flash_mem);
 
+/* PLIC */
+dev = DEVICE(&s->plic);
+object_property_set_bool(OBJECT(&s->plic), true, "realized", &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
+}
+busdev = SYS_BUS_DEVICE(dev);
+sysbus_mmio_map(busdev, 0, memmap[IBEX_PLIC].base);
+
 create_unimplemented_device("riscv.lowrisc.ibex.uart",
 memmap[IBEX_UART].base, memmap[IBEX_UART].size);
 create_unimplemented_device("riscv.lowrisc.ibex.gpio",
@@ -145,8 +162,6 @@ static void riscv_lowrisc_ibex_soc_realize(DeviceState 
*dev_soc, Error **errp)
 memmap[IBEX_AES].base, memmap[IBEX_AES].size);
 create_unimplemented_device("riscv.lowrisc.ibex.hmac",
 memmap[IBEX_HMAC].base, memmap[IBEX_HMAC].size);
-create_unimplemented_device("riscv.lowrisc.ibex.plic",
-memmap[IBEX_PLIC].base, memmap[IBEX_PLIC].size);
 create_unimplemented_device("riscv.lowrisc.ibex.pinmux",
 memmap[IBEX_PINMUX].base, memmap[IBEX_PINMUX].size);
 create_unimplemented_device("riscv.lowrisc.ibex.alert_handler",
-- 
2.26.2

[PATCH v6 1/6] riscv/opentitan: Fix the ROM size

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reported-by: Damien Hedde 
---
 hw/riscv/opentitan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index b4fb836466..6c7359c190 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -30,7 +30,7 @@ static const struct MemmapEntry {
 hwaddr base;
 hwaddr size;
 } ibex_memmap[] = {
-[IBEX_ROM] ={  0x8000,   0xc000 },
+[IBEX_ROM] ={  0x8000, 16 * KiB },
 [IBEX_RAM] ={  0x1000,  0x1 },
 [IBEX_FLASH] =  {  0x2000,  0x8 },
 [IBEX_UART] =   {  0x4000,  0x1 },
-- 
2.26.2

[PATCH v6 6/6] target/riscv: Use a smaller guess size for no-MMU PMP

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reviewed-by: Bin Meng 
---
 target/riscv/pmp.c | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 0e6b640fbd..9418660f1b 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -233,12 +233,16 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong 
addr,
 return true;
 }
 
-/*
- * if size is unknown (0), assume that all bytes
- * from addr to the end of the page will be accessed.
- */
 if (size == 0) {
-pmp_size = -(addr | TARGET_PAGE_MASK);
+if (riscv_feature(env, RISCV_FEATURE_MMU)) {
+/*
+ * If size is unknown (0), assume that all bytes
+ * from addr to the end of the page will be accessed.
+ */
+pmp_size = -(addr | TARGET_PAGE_MASK);
+} else {
+pmp_size = sizeof(target_ulong);
+}
 } else {
 pmp_size = size;
 }
-- 
2.26.2

[PATCH v6 5/6] riscv/opentitan: Connect the UART device

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reviewed-by: Bin Meng 
Reviewed-by: Philippe Mathieu-Daudé 
---
 include/hw/riscv/opentitan.h | 13 +
 hw/riscv/opentitan.c | 24 ++--
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/include/hw/riscv/opentitan.h b/include/hw/riscv/opentitan.h
index 76f72905a8..8f29b9cbbf 100644
--- a/include/hw/riscv/opentitan.h
+++ b/include/hw/riscv/opentitan.h
@@ -21,6 +21,7 @@
 
 #include "hw/riscv/riscv_hart.h"
 #include "hw/intc/ibex_plic.h"
+#include "hw/char/ibex_uart.h"
 
 #define TYPE_RISCV_IBEX_SOC "riscv.lowrisc.ibex.soc"
 #define RISCV_IBEX_SOC(obj) \
@@ -33,6 +34,7 @@ typedef struct LowRISCIbexSoCState {
 /*< public >*/
 RISCVHartArrayState cpus;
 IbexPlicState plic;
+IbexUartState uart;
 
 MemoryRegion flash_mem;
 MemoryRegion rom;
@@ -68,4 +70,15 @@ enum {
 IBEX_PADCTRL,
 };
 
+enum {
+IBEX_UART_RX_PARITY_ERR_IRQ = 0x28,
+IBEX_UART_RX_TIMEOUT_IRQ = 0x27,
+IBEX_UART_RX_BREAK_ERR_IRQ = 0x26,
+IBEX_UART_RX_FRAME_ERR_IRQ = 0x25,
+IBEX_UART_RX_OVERFLOW_IRQ = 0x24,
+IBEX_UART_TX_EMPTY_IRQ = 0x23,
+IBEX_UART_RX_WATERMARK_IRQ = 0x22,
+IBEX_UART_TX_WATERMARK_IRQ = 0x21,
+};
+
 #endif
diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index 1fc0327cb5..c8b6d2e7df 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -101,6 +101,9 @@ static void riscv_lowrisc_ibex_soc_init(Object *obj)
 
 sysbus_init_child_obj(obj, "plic", &s->plic,
   sizeof(s->plic), TYPE_IBEX_PLIC);
+
+sysbus_init_child_obj(obj, "uart", &s->uart,
+  sizeof(s->uart), TYPE_IBEX_UART);
 }
 
 static void riscv_lowrisc_ibex_soc_realize(DeviceState *dev_soc, Error **errp)
@@ -142,8 +145,25 @@ static void riscv_lowrisc_ibex_soc_realize(DeviceState 
*dev_soc, Error **errp)
 busdev = SYS_BUS_DEVICE(dev);
 sysbus_mmio_map(busdev, 0, memmap[IBEX_PLIC].base);
 
-create_unimplemented_device("riscv.lowrisc.ibex.uart",
-memmap[IBEX_UART].base, memmap[IBEX_UART].size);
+/* UART */
+dev = DEVICE(&(s->uart));
+qdev_prop_set_chr(dev, "chardev", serial_hd(0));
+object_property_set_bool(OBJECT(&s->uart), true, "realized", &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
+}
+busdev = SYS_BUS_DEVICE(dev);
+sysbus_mmio_map(busdev, 0, memmap[IBEX_UART].base);
+sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(DEVICE(&s->plic),
+   IBEX_UART_TX_WATERMARK_IRQ));
+sysbus_connect_irq(busdev, 1, qdev_get_gpio_in(DEVICE(&s->plic),
+   IBEX_UART_RX_WATERMARK_IRQ));
+sysbus_connect_irq(busdev, 2, qdev_get_gpio_in(DEVICE(&s->plic),
+   IBEX_UART_TX_EMPTY_IRQ));
+sysbus_connect_irq(busdev, 3, qdev_get_gpio_in(DEVICE(&s->plic),
+   IBEX_UART_RX_OVERFLOW_IRQ));
+
 create_unimplemented_device("riscv.lowrisc.ibex.gpio",
 memmap[IBEX_GPIO].base, memmap[IBEX_GPIO].size);
 create_unimplemented_device("riscv.lowrisc.ibex.spi",
-- 
2.26.2

[PATCH v6 0/6] RISC-V Add the OpenTitan Machine

[Alistair Francis]

OpenTitan is an open source silicon Root of Trust (RoT) project. This
series adds initial support for the OpenTitan machine to QEMU.

This series add the Ibex CPU to the QEMU RISC-V target. It then adds the
OpenTitan machine, the Ibex UART and the Ibex PLIC.

The UART has been tested sending and receiving data.

With this series QEMU can boot the OpenTitan ROM, Tock OS and a Tock
userspace app.

The Ibex PLIC is similar to the RISC-V PLIC (and is based on the QEMU
implementation) with some differences. The hope is that the Ibex PLIC
will converge to follow the RISC-V spec. As that happens I want to
update the QEMU Ibex PLIC and hopefully eventually replace the current
PLIC as the implementation is a little overlay complex.

For more details on OpenTitan, see here: https://docs.opentitan.org/

v6:
 - Rebase on master (some patches applied)
 - Fix the ROM address
v5:
 - Add some of the missing unimplemented devices
 - Don't set PMP feature in init() function
v4:
 - Don't set the reset vector in realise
 - Fix a bug where the MMU is always enabled
 - Fixup the PMP/MMU size logic
v3:
 - Small fixes pointed out in review
v2:
 - Rebase on master
 - Get uart receive working



Alistair Francis (6):
  riscv/opentitan: Fix the ROM size
  hw/char: Initial commit of Ibex UART
  hw/intc: Initial commit of lowRISC Ibex PLIC
  riscv/opentitan: Connect the PLIC device
  riscv/opentitan: Connect the UART device
  target/riscv: Use a smaller guess size for no-MMU PMP

 include/hw/char/ibex_uart.h  | 110 
 include/hw/intc/ibex_plic.h  |  63 +
 include/hw/riscv/opentitan.h |  16 ++
 hw/char/ibex_uart.c  | 492 +++
 hw/intc/ibex_plic.c  | 261 +++
 hw/riscv/opentitan.c |  45 +++-
 target/riscv/pmp.c   |  14 +-
 MAINTAINERS  |   4 +
 hw/char/Makefile.objs|   1 +
 hw/intc/Makefile.objs|   1 +
 hw/riscv/Kconfig |   4 +
 11 files changed, 1001 insertions(+), 10 deletions(-)
 create mode 100644 include/hw/char/ibex_uart.h
 create mode 100644 include/hw/intc/ibex_plic.h
 create mode 100644 hw/char/ibex_uart.c
 create mode 100644 hw/intc/ibex_plic.c

-- 
2.26.2

[PATCH v6 3/6] hw/intc: Initial commit of lowRISC Ibex PLIC

[Alistair Francis]

The Ibex core contains a PLIC that although similar to the RISC-V spec
is not RISC-V spec compliant.

This patch implements a Ibex PLIC in a somewhat generic way.

As the current RISC-V PLIC needs tidying up, my hope is that as the Ibex
PLIC move towards spec compliance this PLIC implementation can be
updated until it can replace the current PLIC.

Signed-off-by: Alistair Francis 
Reviewed-by: Philippe Mathieu-Daudé 
---
 include/hw/intc/ibex_plic.h |  63 +
 hw/intc/ibex_plic.c | 261 
 MAINTAINERS |   2 +
 hw/intc/Makefile.objs   |   1 +
 4 files changed, 327 insertions(+)
 create mode 100644 include/hw/intc/ibex_plic.h
 create mode 100644 hw/intc/ibex_plic.c

diff --git a/include/hw/intc/ibex_plic.h b/include/hw/intc/ibex_plic.h
new file mode 100644
index 00..ddc7909903
--- /dev/null
+++ b/include/hw/intc/ibex_plic.h
@@ -0,0 +1,63 @@
+/*
+ * QEMU RISC-V lowRISC Ibex PLIC
+ *
+ * Copyright (c) 2020 Western Digital
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_IBEX_PLIC_H
+#define HW_IBEX_PLIC_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_IBEX_PLIC "ibex-plic"
+#define IBEX_PLIC(obj) \
+OBJECT_CHECK(IbexPlicState, (obj), TYPE_IBEX_PLIC)
+
+typedef struct IbexPlicState {
+/*< private >*/
+SysBusDevice parent_obj;
+
+/*< public >*/
+MemoryRegion mmio;
+
+uint32_t *pending;
+uint32_t *source;
+uint32_t *priority;
+uint32_t *enable;
+uint32_t threshold;
+uint32_t claim;
+
+/* config */
+uint32_t num_cpus;
+uint32_t num_sources;
+
+uint32_t pending_base;
+uint32_t pending_num;
+
+uint32_t source_base;
+uint32_t source_num;
+
+uint32_t priority_base;
+uint32_t priority_num;
+
+uint32_t enable_base;
+uint32_t enable_num;
+
+uint32_t threshold_base;
+
+uint32_t claim_base;
+} IbexPlicState;
+
+#endif /* HW_IBEX_PLIC_H */
diff --git a/hw/intc/ibex_plic.c b/hw/intc/ibex_plic.c
new file mode 100644
index 00..41079518c6
--- /dev/null
+++ b/hw/intc/ibex_plic.c
@@ -0,0 +1,261 @@
+/*
+ * QEMU RISC-V lowRISC Ibex PLIC
+ *
+ * Copyright (c) 2020 Western Digital
+ *
+ * Documentation avaliable: https://docs.opentitan.org/hw/ip/rv_plic/doc/
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "hw/qdev-properties.h"
+#include "hw/core/cpu.h"
+#include "hw/boards.h"
+#include "hw/pci/msi.h"
+#include "target/riscv/cpu_bits.h"
+#include "target/riscv/cpu.h"
+#include "hw/intc/ibex_plic.h"
+
+static bool addr_between(uint32_t addr, uint32_t base, uint32_t num)
+{
+uint32_t end = base + (num * 0x04);
+
+if (addr >= base && addr < end) {
+return true;
+}
+
+return false;
+}
+
+static void ibex_plic_irqs_set_pending(IbexPlicState *s, int irq, bool level)
+{
+int pending_num = irq / 32;
+
+s->pending[pending_num] |= level << (irq % 32);
+}
+
+static bool ibex_plic_irqs_pending(IbexPlicState *s, uint32_t context)
+{
+int i;
+
+for (i = 0; i < s->pending_num; i++) {
+uint32_t irq_num = ctz64(s->pending[i]) + (i * 32);
+
+if (!(s->pending[i] & s->enable[i])) {
+/* No pending and enabled IRQ */
+continue;
+}
+
+if (s->priority[irq_num] > s->threshold) {
+if (!s->claim) {
+s->claim = irq_num;
+}
+return true;
+}
+}
+
+return false;
+}
+
+static void ibex_plic_update(IbexPlicState *s)
+{
+CPUState *cpu;
+int level, i;
+
+for (i = 0; i < s->num_cpus; i++) {
+cpu = qemu_get_cpu(i);
+
+if (!cpu) {
+continue;
+}
+
+level = ibex_plic_irqs_pending(s, 0);
+
+riscv_cpu_update_mip(RISCV_CPU(cpu), MIP_MEIP, BOOL_TO_MASK(level));
+}
+}
+
+static voi

[PATCH v6 2/6] hw/char: Initial commit of Ibex UART

[Alistair Francis]

This is the initial commit of the Ibex UART device. Serial TX is
working, while RX has been implemeneted but untested.

This is based on the documentation from:
https://docs.opentitan.org/hw/ip/uart/doc/

Signed-off-by: Alistair Francis 
Reviewed-by: LIU Zhiwei
---
 include/hw/char/ibex_uart.h | 110 
 hw/char/ibex_uart.c | 492 
 MAINTAINERS |   2 +
 hw/char/Makefile.objs   |   1 +
 hw/riscv/Kconfig|   4 +
 5 files changed, 609 insertions(+)
 create mode 100644 include/hw/char/ibex_uart.h
 create mode 100644 hw/char/ibex_uart.c

diff --git a/include/hw/char/ibex_uart.h b/include/hw/char/ibex_uart.h
new file mode 100644
index 00..2bec772615
--- /dev/null
+++ b/include/hw/char/ibex_uart.h
@@ -0,0 +1,110 @@
+/*
+ * QEMU lowRISC Ibex UART device
+ *
+ * Copyright (c) 2020 Western Digital
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_IBEX_UART_H
+#define HW_IBEX_UART_H
+
+#include "hw/sysbus.h"
+#include "chardev/char-fe.h"
+#include "qemu/timer.h"
+
+#define IBEX_UART_INTR_STATE   0x00
+#define INTR_STATE_TX_WATERMARK (1 << 0)
+#define INTR_STATE_RX_WATERMARK (1 << 1)
+#define INTR_STATE_TX_EMPTY (1 << 2)
+#define INTR_STATE_RX_OVERFLOW  (1 << 3)
+#define IBEX_UART_INTR_ENABLE  0x04
+#define IBEX_UART_INTR_TEST0x08
+
+#define IBEX_UART_CTRL 0x0c
+#define UART_CTRL_TX_ENABLE (1 << 0)
+#define UART_CTRL_RX_ENABLE (1 << 1)
+#define UART_CTRL_NF(1 << 2)
+#define UART_CTRL_SLPBK (1 << 4)
+#define UART_CTRL_LLPBK (1 << 5)
+#define UART_CTRL_PARITY_EN (1 << 6)
+#define UART_CTRL_PARITY_ODD(1 << 7)
+#define UART_CTRL_RXBLVL(3 << 8)
+#define UART_CTRL_NCO   (0x << 16)
+
+#define IBEX_UART_STATUS   0x10
+#define UART_STATUS_TXFULL  (1 << 0)
+#define UART_STATUS_RXFULL  (1 << 1)
+#define UART_STATUS_TXEMPTY (1 << 2)
+#define UART_STATUS_RXIDLE  (1 << 4)
+#define UART_STATUS_RXEMPTY (1 << 5)
+
+#define IBEX_UART_RDATA0x14
+#define IBEX_UART_WDATA0x18
+
+#define IBEX_UART_FIFO_CTRL0x1c
+#define FIFO_CTRL_RXRST  (1 << 0)
+#define FIFO_CTRL_TXRST  (1 << 1)
+#define FIFO_CTRL_RXILVL (7 << 2)
+#define FIFO_CTRL_RXILVL_SHIFT   (2)
+#define FIFO_CTRL_TXILVL (3 << 5)
+#define FIFO_CTRL_TXILVL_SHIFT   (5)
+
+#define IBEX_UART_FIFO_STATUS  0x20
+#define IBEX_UART_OVRD 0x24
+#define IBEX_UART_VAL  0x28
+#define IBEX_UART_TIMEOUT_CTRL 0x2c
+
+#define IBEX_UART_TX_FIFO_SIZE 16
+
+#define TYPE_IBEX_UART "ibex-uart"
+#define IBEX_UART(obj) \
+OBJECT_CHECK(IbexUartState, (obj), TYPE_IBEX_UART)
+
+typedef struct {
+/*  */
+SysBusDevice parent_obj;
+
+/*  */
+MemoryRegion mmio;
+
+uint8_t tx_fifo[IBEX_UART_TX_FIFO_SIZE];
+uint32_t tx_level;
+
+QEMUTimer *fifo_trigger_handle;
+uint64_t char_tx_time;
+
+uint32_t uart_intr_state;
+uint32_t uart_intr_enable;
+uint32_t uart_ctrl;
+uint32_t uart_status;
+uint32_t uart_rdata;
+uint32_t uart_fifo_ctrl;
+uint32_t uart_fifo_status;
+uint32_t uart_ovrd;
+uint32_t uart_val;
+uint32_t uart_timeout_ctrl;
+
+CharBackend chr;
+qemu_irq tx_watermark;
+qemu_irq rx_watermark;
+qemu_irq tx_empty;
+qemu_irq rx_overflow;
+} IbexUartState;
+#endif /* HW_IBEX_UART_H */
diff --git a/hw/char/ibex_uart.c b/hw/char/ibex_uart.c
new file mode 100644
index 00..3e0dd9968e
--- /dev/null
+++ b/hw/char/ibex_uart.c
@@ -0,0 +1,492 @@
+/*
+ * QEMU lowRISC Ibex UART device
+ *
+ * Copyright (c) 2020 Western Digital
+ *
+ * For details check the documentation here:
+ *https://docs.opentitan.org/hw/ip/uart/doc/
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation 

[PATCH v3 11/11] .travis.yml: Test SH4 QEMU advent calendar image

[Philippe Mathieu-Daudé]

From: Thomas Huth 

Now that we can select the second serial console in the acceptance tests
(see commit 746f244d9720 "Allow to use other serial consoles than default"),
we can also test the sh4 image from the QEMU advent calendar 2018.

Signed-off-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20200515164337.4899-1-th...@redhat.com>
[PMD: Split tests/acceptance/boot_linux_console.py in previous commit]
Signed-off-by: Philippe Mathieu-Daudé 
---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 564be50a3c..e2003565d8 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -293,7 +293,7 @@ jobs:
 - name: "GCC check-acceptance"
   dist: bionic
   env:
-- CONFIG="--enable-tools 
--target-list=aarch64-softmmu,alpha-softmmu,arm-softmmu,m68k-softmmu,microblaze-softmmu,mips-softmmu,mips64el-softmmu,nios2-softmmu,or1k-softmmu,ppc-softmmu,ppc64-softmmu,s390x-softmmu,sparc-softmmu,x86_64-softmmu,xtensa-softmmu"
+- CONFIG="--enable-tools 
--target-list=aarch64-softmmu,alpha-softmmu,arm-softmmu,m68k-softmmu,microblaze-softmmu,mips-softmmu,mips64el-softmmu,nios2-softmmu,or1k-softmmu,ppc-softmmu,ppc64-softmmu,s390x-softmmu,sh4-softmmu,sparc-softmmu,x86_64-softmmu,xtensa-softmmu"
 - TEST_CMD="make check-acceptance"
 - CACHE_NAME="${TRAVIS_BRANCH}-linux-gcc-acceptance"
   after_script:
-- 
2.21.3

[PATCH v3 10/11] tests/acceptance: Add boot tests for sh4 QEMU advent calendar image

[Philippe Mathieu-Daudé]

From: Thomas Huth 

Now that we can select the second serial console in the acceptance tests
(see commit 746f244d9720 "Allow to use other serial consoles than default"),
we can also test the sh4 image from the QEMU advent calendar 2018.

Signed-off-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20200515164337.4899-1-th...@redhat.com>
[PMD: Split .travis.yml change in separate patch]
Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/acceptance/boot_linux_console.py | 13 +++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index 3f3aa0c854..3d02519660 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -858,12 +858,12 @@ def test_m68k_q800(self):
 console_pattern = 'No filesystem could mount root'
 self.wait_for_console_pattern(console_pattern)
 
-def do_test_advcal_2018(self, day, tar_hash, kernel_name):
+def do_test_advcal_2018(self, day, tar_hash, kernel_name, console=0):
 tar_url = ('https://www.qemu-advent-calendar.org'
'/2018/download/day' + day + '.tar.xz')
 file_path = self.fetch_asset(tar_url, asset_hash=tar_hash)
 archive.extract(file_path, self.workdir)
-self.vm.set_console()
+self.vm.set_console(console_index=console)
 self.vm.add_args('-kernel',
  self.workdir + '/day' + day + '/' + kernel_name)
 self.vm.launch()
@@ -937,6 +937,15 @@ def test_ppc_mac99(self):
 self.vm.add_args('-M', 'graphics=off')
 self.do_test_advcal_2018('15', tar_hash, 'invaders.elf')
 
+def test_sh4_r2d(self):
+"""
+:avocado: tags=arch:sh4
+:avocado: tags=machine:r2d
+"""
+tar_hash = 'fe06a4fd8ccbf2e27928d64472939d47829d4c7e'
+self.vm.add_args('-append', 'console=ttySC1')
+self.do_test_advcal_2018('09', tar_hash, 'zImage', console=1)
+
 def test_sparc_ss20(self):
 """
 :avocado: tags=arch:sparc
-- 
2.21.3

[PATCH 0/1] Resolution of sh4 maintainership

[Aleksandar Markovic]

This series consists of a single patch that introduces a new
maintainer for sh4 target.

He may or may not adjust further the details of sh4 sections,
with recent discussions in mind.

The idea is that noone imposes his particular vision on the
new maintainer person, but that we let him organize himself
the way it suites his style, and his code situation, and his
target position.

Three "Acked-by"s were deduced from the content of recent
discussions on the mailing list.

Aleksandar Markovic (1):
  MAINTAINERS: Adjust sh4 maintainership

 MAINTAINERS | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

-- 
2.20.1

[PATCH 1/1] MAINTAINERS: Adjust sh4 maintainership

[Aleksandar Markovic]

This patch transfers sh4 sections to Yoshinori Sato, who is best
positioned in the community to assume their maintainership. He is
the maintainer of the related target rx.

Further adjustments, reorganizations, and improvements of sh4
sections are left to the future maintainer to be devised and
executed, as he deems suitable.

Aurealien and Magnus are deleted from some sections from the
MAINTAINERS file with this patch. However, they will not be
deleted from QEMU Hall of Fame, where their names will always
be carved in stone as QEMU pioneers and granddadies.

Acked-by: Aurelien Jarno 
Acked-by: Magnus Damm 
Acked-by: Yoshinori Sato 
Signed-off-by: Aleksandar Markovic 
---
 MAINTAINERS | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 6e7890ce82..7ddb6db38c 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -296,7 +296,7 @@ F: tests/tcg/s390x/
 L: qemu-s3...@nongnu.org
 
 SH4 TCG CPUs
-M: Aurelien Jarno 
+M: Yoshinori Sato 
 S: Odd Fixes
 F: target/sh4/
 F: hw/sh4/
@@ -1251,14 +1251,14 @@ F: include/hw/riscv/opentitan.h
 SH4 Machines
 
 R2D
-M: Magnus Damm 
+M: Yoshinori Sato 
 S: Maintained
 F: hw/sh4/r2d.c
 F: hw/intc/sh_intc.c
 F: hw/timer/sh_timer.c
 
 Shix
-M: Magnus Damm 
+M: Yoshinori Sato 
 S: Odd Fixes
 F: hw/sh4/shix.c
 
-- 
2.20.1

[PATCH v3 08/11] hw/sh4: Extract timer definitions to 'hw/timer/tmu012.h'

[Philippe Mathieu-Daudé]

Extract timer definitions to 'hw/timer/tmu012.h'.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/sh4/sh.h   |  9 -
 include/hw/timer/tmu012.h | 23 +++
 hw/sh4/sh7750.c   |  1 +
 hw/timer/sh_timer.c   |  2 ++
 4 files changed, 26 insertions(+), 9 deletions(-)
 create mode 100644 include/hw/timer/tmu012.h

diff --git a/include/hw/sh4/sh.h b/include/hw/sh4/sh.h
index fe773cb01d..93f464bf4c 100644
--- a/include/hw/sh4/sh.h
+++ b/include/hw/sh4/sh.h
@@ -27,15 +27,6 @@ typedef struct {
 
 int sh7750_register_io_device(struct SH7750State *s,
  sh7750_io_device * device);
-/* sh_timer.c */
-#define TMU012_FEAT_TOCR   (1 << 0)
-#define TMU012_FEAT_3CHAN  (1 << 1)
-#define TMU012_FEAT_EXTCLK (1 << 2)
-void tmu012_init(MemoryRegion *sysmem, hwaddr base,
- int feat, uint32_t freq,
-qemu_irq ch0_irq, qemu_irq ch1_irq,
-qemu_irq ch2_irq0, qemu_irq ch2_irq1);
-
 
 /* sh_serial.c */
 #define SH_SERIAL_FEAT_SCIF (1 << 0)
diff --git a/include/hw/timer/tmu012.h b/include/hw/timer/tmu012.h
new file mode 100644
index 00..808ed8de1d
--- /dev/null
+++ b/include/hw/timer/tmu012.h
@@ -0,0 +1,23 @@
+/*
+ * SuperH Timer
+ *
+ * Copyright (c) 2007 Magnus Damm
+ *
+ * This code is licensed under the GPL.
+ */
+
+#ifndef HW_TIMER_TMU012_H
+#define HW_TIMER_TMU012_H
+
+#include "exec/hwaddr.h"
+
+#define TMU012_FEAT_TOCR   (1 << 0)
+#define TMU012_FEAT_3CHAN  (1 << 1)
+#define TMU012_FEAT_EXTCLK (1 << 2)
+
+void tmu012_init(MemoryRegion *sysmem, hwaddr base,
+ int feat, uint32_t freq,
+ qemu_irq ch0_irq, qemu_irq ch1_irq,
+ qemu_irq ch2_irq0, qemu_irq ch2_irq1);
+
+#endif
diff --git a/hw/sh4/sh7750.c b/hw/sh4/sh7750.c
index d660714443..f8ac3ec6e3 100644
--- a/hw/sh4/sh7750.c
+++ b/hw/sh4/sh7750.c
@@ -30,6 +30,7 @@
 #include "sh7750_regs.h"
 #include "sh7750_regnames.h"
 #include "hw/sh4/sh_intc.h"
+#include "hw/timer/tmu012.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
 
diff --git a/hw/timer/sh_timer.c b/hw/timer/sh_timer.c
index 13c4051808..b9cbacf5d0 100644
--- a/hw/timer/sh_timer.c
+++ b/hw/timer/sh_timer.c
@@ -9,10 +9,12 @@
  */
 
 #include "qemu/osdep.h"
+#include "exec/memory.h"
 #include "hw/hw.h"
 #include "hw/irq.h"
 #include "hw/sh4/sh.h"
 #include "qemu/timer.h"
+#include "hw/timer/tmu012.h"
 #include "hw/ptimer.h"
 
 //#define DEBUG_TIMER
-- 
2.21.3

[PATCH v3 06/11] MAINTAINERS: Add Yoshinori Sato as maintainer of Renesas peripherals

[Philippe Mathieu-Daudé]

Renesas peripherals are common to SH4/RX based MCUs. Their
datasheets share common sections. It makes sense to maintain
them altogether.

Yoshinori Sato volonteered to maintain them [*].

[*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg710928.html

Cc: Magnus Damm 
Cc: Yoshinori Sato 
Suggested-by: Aleksandar Markovic 
Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 0398634179..967ca378fb 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1953,8 +1953,8 @@ F: include/hw/*/*xive*
 F: docs/*/*xive*
 
 Renesas peripherals
-M: Magnus Damm 
-S: Odd Fixes
+M: Yoshinori Sato 
+S: Maintained
 F: hw/char/sh_serial.c
 F: hw/timer/sh_timer.c
 F: include/hw/sh4/sh.h
-- 
2.21.3

[PATCH v3 04/11] MAINTAINERS: Cover 'hw/sh4/sh_intc.h' with the R2D machine

[Philippe Mathieu-Daudé]

Commit 81527b94ad added hw/intc/sh_intc.c, complete by
adding its corresponding header.

Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index e4e27acd26..653fca1da8 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1255,6 +1255,7 @@ S: Odd Fixes
 F: hw/sh4/r2d.c
 F: hw/intc/sh_intc.c
 F: hw/timer/sh_timer.c
+F: include/hw/sh4/sh_intc.h
 
 Shix
 S: Orphan
-- 
2.21.3

[PATCH v3 05/11] MAINTAINERS: Add an entry for common Renesas peripherals

[Philippe Mathieu-Daudé]

Renesas peripherals are common to SH4/RX based MCUs. Their
datasheets share common sections. It makes sense to maintain
them altogether. The current names are misleading (see the
'sh' prefix). This will be fixed later when RX peripherals
will be added.

Cc: Magnus Damm 
Cc: Yoshinori Sato 
Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 653fca1da8..0398634179 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1254,8 +1254,6 @@ M: Magnus Damm 
 S: Odd Fixes
 F: hw/sh4/r2d.c
 F: hw/intc/sh_intc.c
-F: hw/timer/sh_timer.c
-F: include/hw/sh4/sh_intc.h
 
 Shix
 S: Orphan
@@ -1954,6 +1952,13 @@ F: hw/*/*xive*
 F: include/hw/*/*xive*
 F: docs/*/*xive*
 
+Renesas peripherals
+M: Magnus Damm 
+S: Odd Fixes
+F: hw/char/sh_serial.c
+F: hw/timer/sh_timer.c
+F: include/hw/sh4/sh.h
+
 Subsystems
 --
 Audio
-- 
2.21.3

[PATCH v3 09/11] hw/timer/sh_timer: Remove unused 'qemu/timer.h' include

[Philippe Mathieu-Daudé]

Remove unused "qemu/timer.h" include.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/timer/sh_timer.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/timer/sh_timer.c b/hw/timer/sh_timer.c
index b9cbacf5d0..bb0e1c8ee5 100644
--- a/hw/timer/sh_timer.c
+++ b/hw/timer/sh_timer.c
@@ -13,7 +13,6 @@
 #include "hw/hw.h"
 #include "hw/irq.h"
 #include "hw/sh4/sh.h"
-#include "qemu/timer.h"
 #include "hw/timer/tmu012.h"
 #include "hw/ptimer.h"
 
-- 
2.21.3

[PATCH v3 00/11] sh4: Update MAINTAINERS & trivial fixes

[Philippe Mathieu-Daudé]

Hi,

This series clarifies the situation of the SH4 TCG target
and peripherals.

Since v2:
- Keep Magnus as maintainer:
  https://www.mail-archive.com/qemu-devel@nongnu.org/msg710320.html
Addressed Aleksandar review comments:
- Split the MAINTAINER patch in various atomic units
  https://www.mail-archive.com/qemu-devel@nongnu.org/msg710947.html
- Add Yoshinori Sato as maintainer of SH4/RX peripherals
  https://www.mail-archive.com/qemu-devel@nongnu.org/msg711008.html

Aleksandar, I hope this is now fine for you and you can Ack the
changes. If this is still not perfect enough, I suggest you send
the perfect patches directly, because I can't spend more time on this.

Maybe patches 7 & 8 can go via acceptance-next queue, and
the rest via qemu-trivial@?

Regards,

Phil.

CI report:
https://travis-ci.org/github/philmd/qemu/builds/692828388

Supersedes: <20200608090142.6793-1-f4...@amsat.org>

Philippe Mathieu-Daudé (9):
  MAINTAINERS: Mark SH4 section orphan
  MAINTAINERS: Mark SH4 based Shix machine orphan
  MAINTAINERS: Demote SH4 based R2D machine to 'Odd Fixes'
  MAINTAINERS: Cover 'hw/sh4/sh_intc.h' with the R2D machine
  MAINTAINERS: Add an entry for common Renesas peripherals
  MAINTAINERS: Add Yoshinori Sato as maintainer of Renesas peripherals
  hw/sh4: Use MemoryRegion typedef
  hw/sh4: Extract timer definitions to 'hw/timer/tmu012.h'
  hw/timer/sh_timer: Remove unused 'qemu/timer.h' include

Thomas Huth (2):
  tests/acceptance: Add boot tests for sh4 QEMU advent calendar image
  .travis.yml: Test SH4 QEMU advent calendar image

 include/hw/sh4/sh.h| 12 +---
 include/hw/timer/tmu012.h  | 23 +++
 hw/sh4/sh7750.c|  1 +
 hw/timer/sh_timer.c|  3 ++-
 .travis.yml|  2 +-
 MAINTAINERS| 16 ++--
 tests/acceptance/boot_linux_console.py | 13 +++--
 7 files changed, 49 insertions(+), 21 deletions(-)
 create mode 100644 include/hw/timer/tmu012.h

-- 
2.21.3

[PATCH v3 03/11] MAINTAINERS: Demote SH4 based R2D machine to 'Odd Fixes'

[Philippe Mathieu-Daudé]

Magnus Damm doesn't have much time to maintain the R2D machine,
but want to keep it [*]. Demote its status to 'Odd Fixes' so
contributors won't expect Magnus to take the patches:

Odd Fixes:   It has a maintainer but they don't have time to do
 much other than throw the odd patch in. See below.

[*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg710319.html

Cc: Magnus Damm 
Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index e1d1b0f62d..e4e27acd26 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1251,7 +1251,7 @@ SH4 Machines
 
 R2D
 M: Magnus Damm 
-S: Maintained
+S: Odd Fixes
 F: hw/sh4/r2d.c
 F: hw/intc/sh_intc.c
 F: hw/timer/sh_timer.c
-- 
2.21.3

[PATCH v3 02/11] MAINTAINERS: Mark SH4 based Shix machine orphan

[Philippe Mathieu-Daudé]

Magnus Damm doesn't have time to keep maintaining the Shix
machine [*]. Mark it orphan, so volunteers can step in to
maintain it.

Orphan:  No current maintainer [but maybe you could
 take the role as you write your new code].

Many thanks to Magnus for introducing this SH4 machine!

[*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg710319.html

Cc: Magnus Damm 
Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 129517cfb4..e1d1b0f62d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1257,8 +1257,7 @@ F: hw/intc/sh_intc.c
 F: hw/timer/sh_timer.c
 
 Shix
-M: Magnus Damm 
-S: Odd Fixes
+S: Orphan
 F: hw/sh4/shix.c
 
 SPARC Machines
-- 
2.21.3

[PATCH v3 01/11] MAINTAINERS: Mark SH4 section orphan

[Philippe Mathieu-Daudé]

Aurelien Jarno expressed his desire to orphan the SH4 section [*]:

  I don't mind being [...] removed from there.
  I do not really have time to work on that.

Mark the SH4 section orphan.

Many thanks to Aurelien for his substantial contributions to QEMU,
and for maintaining the SH4 emulation for various years!

[*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg708400.html

Message-Id: <20200601214125.ga1924...@aurel32.net>
Acked-by: Aurelien Jarno 
Suggested-by: Aleksandar Markovic 
Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 3abe3faa4e..129517cfb4 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -296,8 +296,7 @@ F: tests/tcg/s390x/
 L: qemu-s3...@nongnu.org
 
 SH4 TCG CPUs
-M: Aurelien Jarno 
-S: Odd Fixes
+S: Orphan
 F: target/sh4/
 F: hw/sh4/
 F: disas/sh4.c
-- 
2.21.3

[PATCH v3 07/11] hw/sh4: Use MemoryRegion typedef

[Philippe Mathieu-Daudé]

Use the MemoryRegion type defined in "qemu/typedefs.h",
to keep the repository style consistent.

Reviewed-by: Richard Henderson 
Reviewed-by: Thomas Huth 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/sh4/sh.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/include/hw/sh4/sh.h b/include/hw/sh4/sh.h
index 767a2df7e2..fe773cb01d 100644
--- a/include/hw/sh4/sh.h
+++ b/include/hw/sh4/sh.h
@@ -10,9 +10,8 @@
 
 /* sh7750.c */
 struct SH7750State;
-struct MemoryRegion;
 
-struct SH7750State *sh7750_init(SuperHCPU *cpu, struct MemoryRegion *sysmem);
+struct SH7750State *sh7750_init(SuperHCPU *cpu, MemoryRegion *sysmem);
 
 typedef struct {
 /* The callback will be triggered if any of the designated lines change */
@@ -32,7 +31,7 @@ int sh7750_register_io_device(struct SH7750State *s,
 #define TMU012_FEAT_TOCR   (1 << 0)
 #define TMU012_FEAT_3CHAN  (1 << 1)
 #define TMU012_FEAT_EXTCLK (1 << 2)
-void tmu012_init(struct MemoryRegion *sysmem, hwaddr base,
+void tmu012_init(MemoryRegion *sysmem, hwaddr base,
  int feat, uint32_t freq,
 qemu_irq ch0_irq, qemu_irq ch1_irq,
 qemu_irq ch2_irq0, qemu_irq ch2_irq1);
-- 
2.21.3

Re: [PATCH v8 00/34] Add subcluster allocation to qcow2

[no-reply]

Patchew URL: https://patchew.org/QEMU/cover.1591801197.git.be...@igalia.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  block/vhdx.o
  CC  block/vhdx-endian.o
/tmp/qemu-test/src/block/qcow2-cluster.c: In function 'qcow2_get_host_offset':
/tmp/qemu-test/src/block/qcow2-cluster.c:473:19: error: 'expected_type' may be 
used uninitialized in this function [-Werror=maybe-uninitialized]
 } else if (type != expected_type) {
   ^
/tmp/qemu-test/src/block/qcow2-cluster.c:449:25: note: 'expected_type' was 
declared here
 QCow2SubclusterType expected_type, type;
 ^
/tmp/qemu-test/src/block/qcow2-cluster.c:475:19: error: 'check_offset' may be 
used uninitialized in this function [-Werror=maybe-uninitialized]
 } else if (check_offset) {
   ^
/tmp/qemu-test/src/block/qcow2-cluster.c:447:10: note: 'check_offset' was 
declared here
 bool check_offset;
  ^
/tmp/qemu-test/src/block/qcow2-cluster.c:476:29: error: 'expected_offset' may 
be used uninitialized in this function [-Werror=maybe-uninitialized]
 expected_offset += s->cluster_size;
 ^
/tmp/qemu-test/src/block/qcow2-cluster.c:448:14: note: 'expected_offset' was 
declared here
 uint64_t expected_offset;
  ^
cc1: all warnings being treated as errors
make: *** [block/qcow2-cluster.o] Error 1
make: *** Waiting for unfinished jobs
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 665, in 
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=080447e1604744fb934c6e9a0210ed36', '-u', 
'1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-yrq9p6br/src/docker-src.2020-06-10-17.42.20.24850:/var/tmp/qemu:z,ro',
 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=080447e1604744fb934c6e9a0210ed36
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-yrq9p6br/src'
make: *** [docker-run-test-quick@centos7] Error 2

real2m47.601s
user0m8.384s


The full log is available at
http://patchew.org/logs/cover.1591801197.git.be...@igalia.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH v2 1/1] virtio-ccw: auto-manage VIRTIO_F_IOMMU_PLATFORM if PV

[Halil Pasic]

On Wed, 10 Jun 2020 14:25:54 +1000
David Gibson  wrote:

> > > I'm going to definitely have a good look at that. What I think special
> > > about s390 is that F_ACCESS_PLATFORM is hurting us because all IO needs
> > > to go through ZONE_DMA (this is a problem of the implementation that
> > > stemming form a limitation of the DMA API, upstream didn't let me
> > > fix it).   
> > 
> > My understanding is that power runs into similar issues, but I don't
> > know much about power, so I might be entirely wrong :)  
> 
> Sort of, but not to the same extent, I think.

I'm curious what are the ramifications of a misguided hotplug on POWER?
Does using F_ACCESS_PLATFORM when it isn't required have any
significant drawbacks, or are you fine to just go with the safe option?

Regards,
Halil


pgpeGhLpqFuKZ.pgp
Description: OpenPGP digital signature

Re: [PATCH 0/8] tpm: Split hw/ vs backends/

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200610200247.21378-1-phi...@redhat.com/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  x86_64-softmmu/qapi/qapi-visit.o
  CC  x86_64-softmmu/qapi/qapi-events-machine-target.o
  CC  x86_64-softmmu/qapi/qapi-events-misc-target.o
/tmp/qemu-test/src/hw/tpm/tpm_ppi.c:47:49: error: use of undeclared identifier 
'TPM_PPI_ADDR_SIZE'
HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE));
^
/tmp/qemu-test/src/hw/tpm/tpm_ppi.c:47:49: error: use of undeclared identifier 
'TPM_PPI_ADDR_SIZE'
/tmp/qemu-test/src/hw/tpm/tpm_ppi.c:49:39: error: use of undeclared identifier 
'TPM_PPI_ADDR_SIZE'
  TPM_PPI_ADDR_SIZE, tpmppi->buf);
  ^
3 errors generated.
make[1]: *** [/tmp/qemu-test/src/rules.mak:69: hw/tpm/tpm_ppi.o] Error 1
make[1]: *** Waiting for unfinished jobs
make: *** [Makefile:527: x86_64-softmmu/all] Error 2
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 665, in 
sys.exit(main())
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=f66fe6459f56422185999e40bcbe2abb', '-u', 
'1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 
'TARGET_LIST=x86_64-softmmu', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 
'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', 
'-v', '/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-b4vqotdt/src/docker-src.2020-06-10-17.27.35.514:/var/tmp/qemu:z,ro',
 'qemu:fedora', '/var/tmp/qemu/run', 'test-debug']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=f66fe6459f56422185999e40bcbe2abb
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-b4vqotdt/src'
make: *** [docker-run-test-debug@fedora] Error 2

real3m55.750s
user0m7.893s


The full log is available at
http://patchew.org/logs/20200610200247.21378-1-phi...@redhat.com/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH 0/8] tpm: Split hw/ vs backends/

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200610200247.21378-1-phi...@redhat.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  x86_64-softmmu/hw/virtio/vhost-user.o
In file included from /tmp/qemu-test/src/hw/tpm/tpm_ppi.c:14:0:
/tmp/qemu-test/src/hw/tpm/tpm_ppi.c: In function 'tpm_ppi_init':
/tmp/qemu-test/src/hw/tpm/tpm_ppi.c:47:49: error: 'TPM_PPI_ADDR_SIZE' 
undeclared (first use in this function)
 HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE));
 ^
/tmp/qemu-test/src/include/qemu/osdep.h:278:27: note: in definition of macro 
'ROUND_UP'
---
/tmp/qemu-test/src/hw/tpm/tpm_ppi.c:47:33: note: in expansion of macro 
'HOST_PAGE_ALIGN'
 HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE));
 ^
make[1]: *** [hw/tpm/tpm_ppi.o] Error 1
make[1]: *** Waiting for unfinished jobs
  CC  x86_64-softmmu/hw/virtio/virtio-crypto.o
  CC  x86_64-softmmu/hw/virtio/virtio-balloon.o
---
  CC  x86_64-softmmu/hw/virtio/vhost-vsock-pci.o
  CC  x86_64-softmmu/hw/virtio/vhost-vsock.o
  CC  x86_64-softmmu/hw/virtio/vhost-user-blk-pci.o
make: *** [aarch64-softmmu/all] Error 2
make: *** Waiting for unfinished jobs
  CC  x86_64-softmmu/hw/virtio/vhost-user-input-pci.o
  CC  x86_64-softmmu/hw/virtio/vhost-user-scsi-pci.o
---
  CC  x86_64-softmmu/hw/i386/pc_q35.o
In file included from /tmp/qemu-test/src/hw/tpm/tpm_ppi.c:14:0:
/tmp/qemu-test/src/hw/tpm/tpm_ppi.c: In function 'tpm_ppi_init':
/tmp/qemu-test/src/hw/tpm/tpm_ppi.c:47:49: error: 'TPM_PPI_ADDR_SIZE' 
undeclared (first use in this function)
 HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE));
 ^
/tmp/qemu-test/src/include/qemu/osdep.h:278:27: note: in definition of macro 
'ROUND_UP'
---
/tmp/qemu-test/src/hw/tpm/tpm_ppi.c:47:33: note: in expansion of macro 
'HOST_PAGE_ALIGN'
 HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE));
 ^
make[1]: *** [hw/tpm/tpm_ppi.o] Error 1
make[1]: *** Waiting for unfinished jobs
  CC  x86_64-softmmu/hw/i386/microvm.o
  CC  x86_64-softmmu/hw/i386/fw_cfg.o
make: *** [x86_64-softmmu/all] Error 2
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 665, in 
sys.exit(main())
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=1006c01dc5a7450baddc2f02dba11b1d', '-u', 
'1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-4syr9jsb/src/docker-src.2020-06-10-17.23.57.23699:/var/tmp/qemu:z,ro',
 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=1006c01dc5a7450baddc2f02dba11b1d
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-4syr9jsb/src'
make: *** [docker-run-test-quick@centos7] Error 2

real2m46.752s
user0m8.110s


The full log is available at
http://patchew.org/logs/20200610200247.21378-1-phi...@redhat.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH] net: tulip: Set PCI revision to match dec21143

[Sven Schnelle]

On Mon, Jun 08, 2020 at 12:17:11AM +0200, Philippe Mathieu-Daudé wrote:
> Hi Sven, could you review thiw one-line patch?
> 
> On 4/18/20 2:25 AM, Marek Vasut wrote:
> > The tulip driver claims to emulate dec21143 and it does not emulate 
> > dec21142.
> > The dec21142 and dec21143 can be discerned by the PCI revision register,
> > where dec21142 reports value < 0x20 and dec21143 value >= 0x20. E.g. the
> > U-Boot 'tulip' driver also only supports dec21143 and verifies that the
> > PCI revision ID is >= 0x20, otherwise refuses to operate such a card.
> > 
> > This patch sets the PCI revision ID to 0x20 to match the dec21143 and
> > thus also permits e.g. U-Boot to work with the tulip emulation.
> > 
> > Fixes: 34ea023d4b95 ("net: add tulip (dec21143) driver")
> > Signed-off-by: Marek Vasut 
> > Cc: Marc-André Lureau 
> > Cc: Paolo Bonzini 
> > Cc: Peter Maydell 
> > Cc: Prasad J Pandit 
> > Cc: Sven Schnelle 
> > ---
> >  hw/net/tulip.c | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/hw/net/tulip.c b/hw/net/tulip.c
> > index 1295f51d07..ffb6c2479a 100644
> > --- a/hw/net/tulip.c
> > +++ b/hw/net/tulip.c
> > @@ -962,6 +962,8 @@ static void pci_tulip_realize(PCIDevice *pci_dev, Error 
> > **errp)
> >  
> >  pci_conf = s->dev.config;
> >  pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
> > +/* Anything with revision < 0x20 is DC21142, anything >= 0x20 is 
> > DC21143 */
> > +pci_conf[PCI_REVISION_ID] = 0x20;
> >  
> >  s->eeprom = eeprom93xx_new(&pci_dev->qdev, 64);
> >  tulip_fill_eeprom(s);
> > 
> 

The intel datasheet for the DEC21143 lists only Rev IDs > 30 for this 
particular family:

21143-PB,TB,PC,TC - 0x30
21143-PD,TD - x041

but maybe older DEC chips used 0x20 - don't know. The most interesting question 
is
whether ancient OS' like HP-UX or Windows XP would still work with this patch, 
but
i don't have test images at hand right now.

Regards
Sven

Re: [PATCH v2 1/8] MAINTAINERS: Mark SH4 hardware orphan

[Philippe Mathieu-Daudé]

On 6/10/20 1:08 PM, Aleksandar Markovic wrote:
> пон, 8. јун 2020. у 11:05 Philippe Mathieu-Daudé  је
> написао/ла:
>>
>> Aurelien Jarno expressed his desire to orphan the SH4 hardware [*]:
>>
>>   I don't mind being [...] removed from there.
>>   I do not really have time to work on that.
>>
>> Mark the SH4 emulated hardware orphan.
>>
>> Many thanks to Aurelien for his substantial contributions to QEMU,
>> and for maintaining the SH4 hardware for various years!
>>
>> [*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg708400.html
>>
>> Message-Id: <20200601214125.ga1924...@aurel32.net>
>> Acked-by: Aurelien Jarno 
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
> 
> The basic idea of the patch (as read from the title and the commit
> message) is good and positive.
> 
> The problem is that the patch does something different than the commit
> message says - pretending that it just orphans something. Which is not
> good. Actually, very clumsy and bad.
> 
> It creates a whole new subsection in MAINTAINERS file (not said in the
> commit message), without any consistency with the current organization
> in the file. That new subsection looks completely misplaced, living
> with "TCG CPUs" neighbours.

I guess you misread the patch context, pasting it again:

-->8--
diff --git a/MAINTAINERS b/MAINTAINERS
index 6e7890ce82..49d90c70de 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -299,9 +299,7 @@ SH4 TCG CPUs
 M: Aurelien Jarno 
 S: Odd Fixes
 F: target/sh4/
-F: hw/sh4/
 F: disas/sh4.c
-F: include/hw/sh4/

 SPARC TCG CPUs
 M: Mark Cave-Ayland 
@@ -1948,6 +1946,14 @@ F: hw/*/*xive*
 F: include/hw/*/*xive*
 F: docs/*/*xive*

+SH4 Hardware
+S: Orphan
+F: hw/sh4/
+F: hw/char/sh_serial.c
+F: hw/intc/sh_intc.c
+F: hw/timer/sh_timer.c
+F: include/hw/sh4/
+
 Subsystems
 --
 Audio
---

Pasting with more context and lines numbered:

 283 RENESAS RX CPUs
 284 M: Yoshinori Sato 
 285 S: Maintained
 286 F: target/rx/
 287
 288 S390 TCG CPUs
 289 M: Richard Henderson 
 290 M: David Hildenbrand 
 291 S: Maintained
 292 F: target/s390x/
 293 F: hw/s390x/
 294 F: disas/s390.c
 295 F: tests/tcg/s390x/
 296 L: qemu-s3...@nongnu.org
 297
 298 SH4 TCG CPUs
 299 M: Aurelien Jarno 
 300 S: Odd Fixes
 301 F: target/sh4/
 302 F: disas/sh4.c

^ This part is the TCG frontend.

 303
 304 SPARC TCG CPUs
 305 M: Mark Cave-Ayland 
 306 M: Artyom Tarasenko 
 307 S: Maintained
 308 F: target/sparc/
 309 F: hw/sparc/
 310 F: hw/sparc64/
 311 F: include/hw/sparc/sparc64.h
 312 F: disas/sparc.c
 313
 314 UniCore32 TCG CPUs
 315 M: Guan Xuetao 
 316 S: Maintained
 317 F: target/unicore32/
 318 F: hw/unicore32/
 319 F: include/hw/unicore32/
 ...

1240 RISC-V Machines
1241 ---
1242 OpenTitan
1243 M: Alistair Francis 
1244 L: qemu-ri...@nongnu.org
1245 S: Supported
1246 F: hw/riscv/opentitan.c
1247 F: include/hw/riscv/opentitan.h
1248
1249 SH4 Machines
1250 
1251 R2D
1252 M: Magnus Damm 
1253 S: Maintained
1254 F: hw/sh4/r2d.c
1255 F: hw/intc/sh_intc.c
1256 F: hw/timer/sh_timer.c

^ a SH4-based machine

1257
1258 Shix
1259 M: Magnus Damm 
1260 S: Odd Fixes
1261 F: hw/sh4/shix.c
1262
1263 SPARC Machines
1264 --
1265 Sun4m
1266 M: Mark Cave-Ayland 
1267 S: Maintained
1268 F: hw/sparc/sun4m.c
1269 F: hw/sparc/sun4m_iommu.c


1455 Devices
1456 ---
1457 EDU
1458 M: Jiri Slaby 
1459 S: Maintained
1460 F: hw/misc/edu.c
1461
1462 IDE
1463 M: John Snow 
1464 L: qemu-bl...@nongnu.org
1465 S: Supported
1466 F: include/hw/ide.h
1467 F: include/hw/ide/
1468 F: hw/ide/


1919 PIIX4 South Bridge (i82371AB)
1920 M: Hervé Poussineau 
1921 M: Philippe Mathieu-Daudé 
1922 S: Maintained
1923 F: hw/isa/piix4.c
1924 F: include/hw/southbridge/piix.h
1925
1926 Firmware configuration (fw_cfg)
1927 M: Philippe Mathieu-Daudé 
1928 R: Laszlo Ersek 
1929 R: Gerd Hoffmann 
1930 S: Supported
1931 F: docs/specs/fw_cfg.txt
1932 F: hw/nvram/fw_cfg.c
1933 F: stubs/fw_cfg.c
1934 F: include/hw/nvram/fw_cfg.h
1935 F: include/standard-headers/linux/qemu_fw_cfg.h
1936 F: tests/qtest/libqos/fw_cfg.c
1937 F: tests/qtest/fw_cfg-test.c
1938 T: git https://github.com/philmd/qemu.git fw_cfg-next
1939
1940 XIVE
1941 M: David Gibson 
1942 M: Cédric Le Goater 
1943 L: qemu-...@nongnu.org
1944 S: Supported
1945 F: hw/*/*xive*
1946 F: include/hw/*/*xive*
1947 F: docs/*/*xive*
1948
1949 SH4 Hardware
1950 S: Orphan
1951 F: hw/sh4/
1952 F: hw/char/sh_serial.c
1953 F: hw/intc/sh_intc.c
1954 F: hw/timer/sh_timer.c
1955 F: include/hw/sh4/

^ The section is placed under the "Devices" category.

1956
1957 Subsystems
1958 --
1959 Audio
1960 M: Gerd Hoffmann 
1961 S: Maintained
1962 F: audio/


Where do you think this entry should be placed?

> On top of that, it creates a new
> precedent, leaving many unanswered questions, like: Should other
> targets follow the same pattern?
> 
> I personally think that creating a new subsection is just a code
> churn, waste of everybody's time on unimportant things.
> 
> Wouldn't it be simpler that you j

[PATCH v2 5/5] configure: Add -Wno-psabi

[Richard Henderson]

On aarch64, gcc 9.3 is generating

qemu/exec.c: In function ‘address_space_translate_iommu’:
qemu/exec.c:431:28: note: parameter passing for argument of type \
  ‘MemTxAttrs’ {aka ‘struct MemTxAttrs’} changed in GCC 9.1

and many other reptitions.  This structure, and the functions
amongst which it is passed, are not part of a QEMU public API.
Therefore we do not care how the compiler passes the argument,
so long as the compiler is self-consistent.

Cc: Alex Bennée 
Cc: Peter Maydell 
Signed-off-by: Richard Henderson 
---
TODO: The only portion of QEMU which does have a public api,
and so must have a stable abi, is "qemu/plugin.h".  We could
test this by forcing -Wpsabi or -Werror=psabi in tests/plugin.
I can't seem to make that work -- Alex?
---
 configure | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configure b/configure
index 8b33447048..76d32e0f7b 100755
--- a/configure
+++ b/configure
@@ -2036,6 +2036,7 @@ add_to nowarn_flags -Wno-shift-negative-value
 add_to nowarn_flags -Wno-string-plus-int
 add_to nowarn_flags -Wno-typedef-redefinition
 add_to nowarn_flags -Wno-tautological-type-limit-compare
+add_to nowarn_flags -Wno-psabi
 
 gcc_flags="$warn_flags $nowarn_flags"
 
-- 
2.25.1

[PATCH v2 1/5] fpu/softfloat: Silence 'bitwise negation of boolean expression' warning

[Richard Henderson]

From: Philippe Mathieu-Daudé 

When building with clang version 10.0.0-4ubuntu1, we get:

CC  lm32-softmmu/fpu/softfloat.o
  fpu/softfloat.c:3365:13: error: bitwise negation of a boolean expression; did 
you mean logical negation? [-Werror,-Wbool-operation]
  absZ &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
  ^~

  fpu/softfloat.c:3423:18: error: bitwise negation of a boolean expression; did 
you mean logical negation? [-Werror,-Wbool-operation]
  absZ0 &= ~ ( ( (uint64_t) ( absZ1<<1 ) == 0 ) & roundNearestEven );
   ^

  ...

  fpu/softfloat.c:4273:18: error: bitwise negation of a boolean expression; did 
you mean logical negation? [-Werror,-Wbool-operation]
  zSig1 &= ~ ( ( zSig2 + zSig2 == 0 ) & roundNearestEven );
   ^~~

Fix by rewriting the fishy bitwise AND of two bools as an int.

Suggested-by: Eric Blake 
Buglink: https://bugs.launchpad.net/bugs/1881004
Reviewed-by: Thomas Huth 
Reviewed-by: Eric Blake 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20200528155420.9802-1-phi...@redhat.com>
Signed-off-by: Richard Henderson 
---
 fpu/softfloat.c | 33 -
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/fpu/softfloat.c b/fpu/softfloat.c
index 6c8f2d597a..5e9746c287 100644
--- a/fpu/softfloat.c
+++ b/fpu/softfloat.c
@@ -3362,7 +3362,9 @@ static int32_t roundAndPackInt32(bool zSign, uint64_t 
absZ,
 }
 roundBits = absZ & 0x7F;
 absZ = ( absZ + roundIncrement )>>7;
-absZ &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
+if (!(roundBits ^ 0x40) && roundNearestEven) {
+absZ &= ~1;
+}
 z = absZ;
 if ( zSign ) z = - z;
 if ( ( absZ>>32 ) || ( z && ( ( z < 0 ) ^ zSign ) ) ) {
@@ -3420,7 +3422,9 @@ static int64_t roundAndPackInt64(bool zSign, uint64_t 
absZ0, uint64_t absZ1,
 if ( increment ) {
 ++absZ0;
 if ( absZ0 == 0 ) goto overflow;
-absZ0 &= ~ ( ( (uint64_t) ( absZ1<<1 ) == 0 ) & roundNearestEven );
+if (!(absZ1 << 1) && roundNearestEven) {
+absZ0 &= ~1;
+}
 }
 z = absZ0;
 if ( zSign ) z = - z;
@@ -3480,7 +3484,9 @@ static int64_t roundAndPackUint64(bool zSign, uint64_t 
absZ0,
 float_raise(float_flag_invalid, status);
 return UINT64_MAX;
 }
-absZ0 &= ~(((uint64_t)(absZ1<<1) == 0) & roundNearestEven);
+if (!(absZ1 << 1) && roundNearestEven) {
+absZ0 &= ~1;
+}
 }
 
 if (zSign && absZ0) {
@@ -3603,7 +3609,9 @@ static float32 roundAndPackFloat32(bool zSign, int zExp, 
uint32_t zSig,
 status->float_exception_flags |= float_flag_inexact;
 }
 zSig = ( zSig + roundIncrement )>>7;
-zSig &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
+if (!(roundBits ^ 0x40) && roundNearestEven) {
+zSig &= ~1;
+}
 if ( zSig == 0 ) zExp = 0;
 return packFloat32( zSign, zExp, zSig );
 
@@ -3757,7 +3765,9 @@ static float64 roundAndPackFloat64(bool zSign, int zExp, 
uint64_t zSig,
 status->float_exception_flags |= float_flag_inexact;
 }
 zSig = ( zSig + roundIncrement )>>10;
-zSig &= ~ ( ( ( roundBits ^ 0x200 ) == 0 ) & roundNearestEven );
+if (!(roundBits ^ 0x200) && roundNearestEven) {
+zSig &= ~1;
+}
 if ( zSig == 0 ) zExp = 0;
 return packFloat64( zSign, zExp, zSig );
 
@@ -3983,8 +3993,9 @@ floatx80 roundAndPackFloatx80(int8_t roundingPrecision, 
bool zSign,
 }
 if ( increment ) {
 ++zSig0;
-zSig0 &=
-~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven );
+if (!(zSig1 << 1) && roundNearestEven) {
+zSig0 &= ~1;
+}
 if ( (int64_t) zSig0 < 0 ) zExp = 1;
 }
 return packFloatx80( zSign, zExp, zSig0 );
@@ -4000,7 +4011,9 @@ floatx80 roundAndPackFloatx80(int8_t roundingPrecision, 
bool zSign,
 zSig0 = UINT64_C(0x8000);
 }
 else {
-zSig0 &= ~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven );
+if (!(zSig1 << 1) && roundNearestEven) {
+zSig0 &= ~1;
+}
 }
 }
 else {
@@ -4270,7 +4283,9 @@ static float128 roundAndPackFloat128(bool zSign, int32_t 
zExp,
 }
 if ( increment ) {
 add128( zSig0, zSig1, 0, 1, &zSig0, &zSig1 );
-zSig1 &= ~ ( ( zSig2 + zSig2 == 0 ) & roundNearestEven );
+if ((zSig2 + zSig2 == 0) && roundNearestEven) {
+zSig1 &= ~1;
+}
 }
 else {
 if ( ( zSig0 | zSig1 ) == 0 ) zExp = 0;
-- 
2.25.1

[PATCH v2 4/5] configure: Disable -Wtautological-type-limit-compare

[Richard Henderson]

Clang 10 enables this by default with -Wtype-limit.

All of the instances flagged by this Werror so far have been
cases in which we really do want the compiler to optimize away
the test completely.  Disabling the warning will avoid having
to add ifdefs to work around this.

Cc: Eric Blake 
Fixes: https://bugs.launchpad.net/qemu/+bug/1878628
Acked-by: Thomas Huth 
Reviewed-by: Eric Blake 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
v2: Use the new add_to function.
---
 configure | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configure b/configure
index 464202e375..8b33447048 100755
--- a/configure
+++ b/configure
@@ -2035,6 +2035,7 @@ add_to nowarn_flags -Wno-missing-include-dirs
 add_to nowarn_flags -Wno-shift-negative-value
 add_to nowarn_flags -Wno-string-plus-int
 add_to nowarn_flags -Wno-typedef-redefinition
+add_to nowarn_flags -Wno-tautological-type-limit-compare
 
 gcc_flags="$warn_flags $nowarn_flags"
 
-- 
2.25.1

[PATCH v2 3/5] configure: Clean up warning flag lists

[Richard Henderson]

Use a helper function to tidy the assembly of gcc_flags.
Separate flags that disable warnings from those that enable,
and sort the disable warnings to the end.

Suggested-by: Eric Blake 
Signed-off-by: Richard Henderson 
---
 configure | 40 ++--
 1 file changed, 30 insertions(+), 10 deletions(-)

diff --git a/configure b/configure
index 597e909b53..464202e375 100755
--- a/configure
+++ b/configure
@@ -97,6 +97,11 @@ do_cxx() {
 do_compiler "$cxx" "$@"
 }
 
+# Append $2 to the variable named $1, with space separation
+add_to() {
+eval $1=\${$1:+\"\$$1 \"}\$2
+}
+
 update_cxxflags() {
 # Set QEMU_CXXFLAGS from QEMU_CFLAGS by filtering out those
 # options which some versions of GCC's C++ compiler complain about
@@ -2007,16 +2012,31 @@ if ! compile_prog "" "" ; then
 error_exit "You need at least GCC v4.8 or Clang v3.4 (or XCode Clang v5.1)"
 fi
 
-gcc_flags="-Wold-style-declaration -Wold-style-definition -Wtype-limits"
-gcc_flags="-Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers 
$gcc_flags"
-gcc_flags="-Wno-missing-include-dirs -Wempty-body -Wnested-externs $gcc_flags"
-gcc_flags="-Wendif-labels -Wno-shift-negative-value $gcc_flags"
-gcc_flags="-Wno-initializer-overrides -Wexpansion-to-defined $gcc_flags"
-gcc_flags="-Wno-string-plus-int -Wno-typedef-redefinition $gcc_flags"
-# Note that we do not add -Werror to gcc_flags here, because that would
-# enable it for all configure tests. If a configure test failed due
-# to -Werror this would just silently disable some features,
-# so it's too error prone.
+# Accumulate -Wfoo and -Wno-bar separately.
+# We will list all of the enable flags first, and the disable flags second.
+# Note that we do not add -Werror, because that would enable it for all
+# configure tests. If a configure test failed due to -Werror this would
+# just silently disable some features, so it's too error prone.
+
+add_to warn_flags -Wold-style-declaration
+add_to warn_flags -Wold-style-definition
+add_to warn_flags -Wtype-limits
+add_to warn_flags -Wformat-security
+add_to warn_flags -Wformat-y2k
+add_to warn_flags -Winit-self
+add_to warn_flags -Wignored-qualifiers
+add_to warn_flags -Wempty-body
+add_to warn_flags -Wnested-externs
+add_to warn_flags -Wendif-labels
+add_to warn_flags -Wno-initializer-overrides
+add_to warn_flags -Wexpansion-to-defined
+
+add_to nowarn_flags -Wno-missing-include-dirs
+add_to nowarn_flags -Wno-shift-negative-value
+add_to nowarn_flags -Wno-string-plus-int
+add_to nowarn_flags -Wno-typedef-redefinition
+
+gcc_flags="$warn_flags $nowarn_flags"
 
 cc_has_warning_flag() {
 write_c_skeleton;
-- 
2.25.1

[PATCH v2 0/5] Vs clang-10 and gcc-9 warnings

[Richard Henderson]

Three of these patches are for cleaning up warnings vs clang-10.

The -Wtautological-type-limit-compare patch has been improved
as suggested by Eric Blake.

The final patch is for a "new" warning from gcc-9 on aarch64 hosts.
Our build box has been upgraded from bionic, so the warning is new
to me, anyway.


r~


Philippe Mathieu-Daudé (1):
  fpu/softfloat: Silence 'bitwise negation of boolean expression'
warning

Richard Henderson (3):
  configure: Clean up warning flag lists
  configure: Disable -Wtautological-type-limit-compare
  configure: Add -Wno-psabi

Wei Wang (1):
  migration: fix xbzrle encoding rate calculation

 configure   | 42 --
 fpu/softfloat.c | 33 -
 migration/ram.c |  4 +---
 3 files changed, 57 insertions(+), 22 deletions(-)

-- 
2.25.1

[PATCH v2 2/5] migration: fix xbzrle encoding rate calculation

[Richard Henderson]

From: Wei Wang 

It's reported an error of implicit conversion from "unsigned long" to
"double" when compiling with Clang 10. Simply make the encoding rate 0
when the encoded_size is 0.

Fixes: e460a4b1a4
Reviewed-by: Dr. David Alan Gilbert 
Reviewed-by: Richard Henderson 
Reported-by: Richard Henderson 
Signed-off-by: Wei Wang 
Signed-off-by: Richard Henderson 
---
 migration/ram.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index 41cc530d9d..069b6e30bc 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -913,10 +913,8 @@ static void migration_update_rates(RAMState *rs, int64_t 
end_time)
 unencoded_size = (xbzrle_counters.pages - rs->xbzrle_pages_prev) *
  TARGET_PAGE_SIZE;
 encoded_size = xbzrle_counters.bytes - rs->xbzrle_bytes_prev;
-if (xbzrle_counters.pages == rs->xbzrle_pages_prev) {
+if (xbzrle_counters.pages == rs->xbzrle_pages_prev || !encoded_size) {
 xbzrle_counters.encoding_rate = 0;
-} else if (!encoded_size) {
-xbzrle_counters.encoding_rate = UINT64_MAX;
 } else {
 xbzrle_counters.encoding_rate = unencoded_size / encoded_size;
 }
-- 
2.25.1

Re: [PATCH v3 0/4] nbd: reduce max_block restrictions

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20200610182305.3462-1-vsement...@virtuozzo.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

--- /tmp/qemu-test/src/tests/qemu-iotests/251.out   2020-06-10 
18:56:36.0 +
+++ /tmp/qemu-test/build/tests/qemu-iotests/251.out.bad 2020-06-10 
20:24:40.007412790 +
@@ -18,26 +18,16 @@
 qemu-img: warning: error while reading offset read_fail_offset_8: Input/output 
error
 qemu-img: warning: error while reading offset read_fail_offset_9: Input/output 
error
 
-wrote 512/512 bytes at offset read_fail_offset_0
-512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
---
Not run: 259
Failures: 033 034 154 177 251
Failed 5 of 119 iotests
make: *** [check-tests/check-block.sh] Error 1
make: *** Waiting for unfinished jobs
  TESTcheck-qtest-aarch64: tests/qtest/qos-test
Traceback (most recent call last):
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=faa1edfc69684422b314343cf30174a5', '-u', 
'1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-9egury9q/src/docker-src.2020-06-10-16.12.07.11584:/var/tmp/qemu:z,ro',
 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=faa1edfc69684422b314343cf30174a5
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-9egury9q/src'
make: *** [docker-run-test-quick@centos7] Error 2

real13m12.298s
user0m8.670s


The full log is available at
http://patchew.org/logs/20200610182305.3462-1-vsement...@virtuozzo.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH v8 34/34] iotests: Add tests for qcow2 images with extended L2 entries

[Eric Blake]

On 6/10/20 10:03 AM, Alberto Garcia wrote:

Signed-off-by: Alberto Garcia 
---
  tests/qemu-iotests/271 | 801 +
  tests/qemu-iotests/271.out | 676 +++
  tests/qemu-iotests/group   |   1 +
  3 files changed, 1478 insertions(+)
  create mode 100755 tests/qemu-iotests/271
  create mode 100644 tests/qemu-iotests/271.out



Big, but looking rather thorough.

Patch 31 has conflicts on 31, 36, 61, and 291, when compared with my 
pending pull request that improves qcow2.py output:

https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02527.html

although the resolution is obvious enough: regenerate those .out files. 
With that done, I was able to apply the series and test this.


Tested-by: Eric Blake 
Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH 0/8] tpm: Split hw/ vs backends/

[Philippe Mathieu-Daudé]

On 6/10/20 10:09 PM, Marc-André Lureau wrote:
> Hi
> 
> On Thu, Jun 11, 2020 at 12:03 AM Philippe Mathieu-Daudé
> mailto:phi...@redhat.com>> wrote:
> 
> Hi,
> 
> Today I started to review some vTPM patches and got very
> confused by the files under hw/tpm/. In particular after
> running:
> 
>   $ git grep TYPE_TPM_BACKEND
>   backends/tpm.c:188:    .name = TYPE_TPM_BACKEND,
>   hw/tpm/tpm_emulator.c:985:    .parent = TYPE_TPM_BACKEND,
>   hw/tpm/tpm_passthrough.c:393:    .parent = TYPE_TPM_BACKEND,
>   include/sysemu/tpm_backend.h:21:#define TYPE_TPM_BACKEND "tpm-backend"
> 
> As there is no particular reason to keep this mixed, clean it up.
> 
> 
> While at it, why not start to organize backends/ ?  I would move that
> under backends/tpm/

Sure, if the overall of this series looks good, I can do that.
I'll wait for positive/negative feedback first.

> 
> 
> Philippe Mathieu-Daudé (8):
>   hw/tpm: Do not include 'qemu/osdep.h' in header
>   hw/tpm: Include missing 'qemu/option.h' header
>   hw/tpm: Move 'hw/acpi/tpm.h' inclusion from header to sources
>   hw/tpm: Remove unnecessary 'tpm_int.h' header inclusion
>   hw/tpm: Move few declarations from 'tpm_util.h' to 'tpm_int.h'
>   hw/tpm: Move DEFINE_PROP_TPMBE() macro to 'tmp_prop.h' local header
>   hw/tpm: Make 'tpm_util.h' publicly accessible as "sysemu/tpm_util.h"
>   tpm: Move backend code under the 'backends/' directory
> 
>  Makefile                               |  2 +-
>  {hw/tpm => backends}/tpm_int.h         | 19 +++---
>  {hw/tpm => backends}/tpm_ioctl.h       |  0
>  hw/tpm/tpm_ppi.h                       |  1 -
>  hw/tpm/tpm_prop.h                      | 31 +++
>  hw/tpm/tpm_tis.h                       |  1 -
>  {hw/tpm => include/sysemu}/tpm_util.h  | 19 +++---
>  {hw/tpm => backends}/tpm_emulator.c    |  2 +-
>  {hw/tpm => backends}/tpm_passthrough.c |  2 +-
>  {hw/tpm => backends}/tpm_util.c        |  2 +-
>  hw/tpm/tpm_crb.c                       |  4 +--
>  hw/tpm/tpm_spapr.c                     |  4 +--
>  hw/tpm/tpm_tis_common.c                |  4 +--
>  hw/tpm/tpm_tis_isa.c                   |  3 ++-
>  hw/tpm/tpm_tis_sysbus.c                |  3 ++-
>  tests/qtest/tpm-emu.c                  |  2 +-
>  MAINTAINERS                            |  2 +-
>  backends/Kconfig                       | 14 +++
>  backends/Makefile.objs                 |  3 +++
>  backends/trace-events                  | 32 
>  hw/tpm/Kconfig                         | 15 
>  hw/tpm/Makefile.objs                   |  3 ---
>  hw/tpm/trace-events                    | 34 +-
>  23 files changed, 116 insertions(+), 86 deletions(-)
>  rename {hw/tpm => backends}/tpm_int.h (81%)
>  rename {hw/tpm => backends}/tpm_ioctl.h (100%)
>  create mode 100644 hw/tpm/tpm_prop.h
>  rename {hw/tpm => include/sysemu}/tpm_util.h (80%)
>  rename {hw/tpm => backends}/tpm_emulator.c (99%)
>  rename {hw/tpm => backends}/tpm_passthrough.c (99%)
>  rename {hw/tpm => backends}/tpm_util.c (99%)
>  create mode 100644 backends/Kconfig
> 
> -- 
> 2.21.3
> 
> 
> 
> 
> -- 
> Marc-André Lureau

Re: [PATCH 0/8] tpm: Split hw/ vs backends/

[Philippe Mathieu-Daudé]

On 6/10/20 10:02 PM, Philippe Mathieu-Daudé wrote:
> Hi,
> 
> Today I started to review some vTPM patches and got very
> confused by the files under hw/tpm/. In particular after
> running:
> 
>   $ git grep TYPE_TPM_BACKEND
>   backends/tpm.c:188:.name = TYPE_TPM_BACKEND,
>   hw/tpm/tpm_emulator.c:985:.parent = TYPE_TPM_BACKEND,
>   hw/tpm/tpm_passthrough.c:393:.parent = TYPE_TPM_BACKEND,
>   include/sysemu/tpm_backend.h:21:#define TYPE_TPM_BACKEND "tpm-backend"
> 
> As there is no particular reason to keep this mixed, clean it up.
> 
> Philippe Mathieu-Daudé (8):
>   hw/tpm: Do not include 'qemu/osdep.h' in header
>   hw/tpm: Include missing 'qemu/option.h' header
>   hw/tpm: Move 'hw/acpi/tpm.h' inclusion from header to sources
>   hw/tpm: Remove unnecessary 'tpm_int.h' header inclusion
>   hw/tpm: Move few declarations from 'tpm_util.h' to 'tpm_int.h'
>   hw/tpm: Move DEFINE_PROP_TPMBE() macro to 'tmp_prop.h' local header
>   hw/tpm: Make 'tpm_util.h' publicly accessible as "sysemu/tpm_util.h"
>   tpm: Move backend code under the 'backends/' directory
> 
>  Makefile   |  2 +-
>  {hw/tpm => backends}/tpm_int.h | 19 +++---
>  {hw/tpm => backends}/tpm_ioctl.h   |  0
>  hw/tpm/tpm_ppi.h   |  1 -
>  hw/tpm/tpm_prop.h  | 31 +++
>  hw/tpm/tpm_tis.h   |  1 -
>  {hw/tpm => include/sysemu}/tpm_util.h  | 19 +++---
>  {hw/tpm => backends}/tpm_emulator.c|  2 +-
>  {hw/tpm => backends}/tpm_passthrough.c |  2 +-
>  {hw/tpm => backends}/tpm_util.c|  2 +-
>  hw/tpm/tpm_crb.c   |  4 +--
>  hw/tpm/tpm_spapr.c |  4 +--
>  hw/tpm/tpm_tis_common.c|  4 +--
>  hw/tpm/tpm_tis_isa.c   |  3 ++-
>  hw/tpm/tpm_tis_sysbus.c|  3 ++-
>  tests/qtest/tpm-emu.c  |  2 +-
>  MAINTAINERS|  2 +-
>  backends/Kconfig   | 14 +++
>  backends/Makefile.objs |  3 +++
>  backends/trace-events  | 32 
>  hw/tpm/Kconfig | 15 
>  hw/tpm/Makefile.objs   |  3 ---
>  hw/tpm/trace-events| 34 +-
>  23 files changed, 116 insertions(+), 86 deletions(-)
>  rename {hw/tpm => backends}/tpm_int.h (81%)
>  rename {hw/tpm => backends}/tpm_ioctl.h (100%)
>  create mode 100644 hw/tpm/tpm_prop.h
>  rename {hw/tpm => include/sysemu}/tpm_util.h (80%)
>  rename {hw/tpm => backends}/tpm_emulator.c (99%)
>  rename {hw/tpm => backends}/tpm_passthrough.c (99%)
>  rename {hw/tpm => backends}/tpm_util.c (99%)
>  create mode 100644 backends/Kconfig

Beh I forgot to commit the docs/ changes...

-- >8 --
diff --git a/docs/specs/tpm.rst b/docs/specs/tpm.rst
index 5e61238bc5..546109ebf7 100644
--- a/docs/specs/tpm.rst
+++ b/docs/specs/tpm.rst
@@ -199,8 +199,8 @@ to be used with the passthrough backend or the swtpm
backend.

 QEMU files related to TPM backends:
  - ``backends/tpm.c``
+ - ``include/sysemu/tpm.h``
  - ``include/sysemu/tpm_backend.h``
- - ``include/sysemu/tpm_backend_int.h``

 The QEMU TPM passthrough device
 ---
@@ -232,9 +232,9 @@ Integrity Measurement Architecture (IMA), are not
expecting to share
 PCRs.

 QEMU files related to the TPM passthrough device:
- - ``hw/tpm/tpm_passthrough.c``
- - ``hw/tpm/tpm_util.c``
- - ``hw/tpm/tpm_util.h``
+ - ``backends/tpm_passthrough.c``
+ - ``backends/tpm_util.c``
+ - ``include/sysemu/tpm_util.h``


 Command line to start QEMU with the TPM passthrough device using the host's
@@ -292,9 +292,9 @@ instrumented to initialize a TPM 1.2 or TPM 2 device
using this
 command.

 QEMU files related to the TPM emulator device:
- - ``hw/tpm/tpm_emulator.c``
- - ``hw/tpm/tpm_util.c``
- - ``hw/tpm/tpm_util.h``
+ - ``backends/tpm_emulator.c``
+ - ``backends/tpm_util.c``
+ - ``include/sysemu/tpm_util.h``

 The following commands start the swtpm with a UnixIO control channel over
 a socket interface. They do not need to be run as root.

---

I'll wait for some review before respining.

Re: [PATCH 0/8] tpm: Split hw/ vs backends/

[Marc-André Lureau]

Hi

On Thu, Jun 11, 2020 at 12:03 AM Philippe Mathieu-Daudé 
wrote:

> Hi,
>
> Today I started to review some vTPM patches and got very
> confused by the files under hw/tpm/. In particular after
> running:
>
>   $ git grep TYPE_TPM_BACKEND
>   backends/tpm.c:188:.name = TYPE_TPM_BACKEND,
>   hw/tpm/tpm_emulator.c:985:.parent = TYPE_TPM_BACKEND,
>   hw/tpm/tpm_passthrough.c:393:.parent = TYPE_TPM_BACKEND,
>   include/sysemu/tpm_backend.h:21:#define TYPE_TPM_BACKEND "tpm-backend"
>
> As there is no particular reason to keep this mixed, clean it up.
>

While at it, why not start to organize backends/ ?  I would move that under
backends/tpm/


> Philippe Mathieu-Daudé (8):
>   hw/tpm: Do not include 'qemu/osdep.h' in header
>   hw/tpm: Include missing 'qemu/option.h' header
>   hw/tpm: Move 'hw/acpi/tpm.h' inclusion from header to sources
>   hw/tpm: Remove unnecessary 'tpm_int.h' header inclusion
>   hw/tpm: Move few declarations from 'tpm_util.h' to 'tpm_int.h'
>   hw/tpm: Move DEFINE_PROP_TPMBE() macro to 'tmp_prop.h' local header
>   hw/tpm: Make 'tpm_util.h' publicly accessible as "sysemu/tpm_util.h"
>   tpm: Move backend code under the 'backends/' directory
>
>  Makefile   |  2 +-
>  {hw/tpm => backends}/tpm_int.h | 19 +++---
>  {hw/tpm => backends}/tpm_ioctl.h   |  0
>  hw/tpm/tpm_ppi.h   |  1 -
>  hw/tpm/tpm_prop.h  | 31 +++
>  hw/tpm/tpm_tis.h   |  1 -
>  {hw/tpm => include/sysemu}/tpm_util.h  | 19 +++---
>  {hw/tpm => backends}/tpm_emulator.c|  2 +-
>  {hw/tpm => backends}/tpm_passthrough.c |  2 +-
>  {hw/tpm => backends}/tpm_util.c|  2 +-
>  hw/tpm/tpm_crb.c   |  4 +--
>  hw/tpm/tpm_spapr.c |  4 +--
>  hw/tpm/tpm_tis_common.c|  4 +--
>  hw/tpm/tpm_tis_isa.c   |  3 ++-
>  hw/tpm/tpm_tis_sysbus.c|  3 ++-
>  tests/qtest/tpm-emu.c  |  2 +-
>  MAINTAINERS|  2 +-
>  backends/Kconfig   | 14 +++
>  backends/Makefile.objs |  3 +++
>  backends/trace-events  | 32 
>  hw/tpm/Kconfig | 15 
>  hw/tpm/Makefile.objs   |  3 ---
>  hw/tpm/trace-events| 34 +-
>  23 files changed, 116 insertions(+), 86 deletions(-)
>  rename {hw/tpm => backends}/tpm_int.h (81%)
>  rename {hw/tpm => backends}/tpm_ioctl.h (100%)
>  create mode 100644 hw/tpm/tpm_prop.h
>  rename {hw/tpm => include/sysemu}/tpm_util.h (80%)
>  rename {hw/tpm => backends}/tpm_emulator.c (99%)
>  rename {hw/tpm => backends}/tpm_passthrough.c (99%)
>  rename {hw/tpm => backends}/tpm_util.c (99%)
>  create mode 100644 backends/Kconfig
>
> --
> 2.21.3
>
>
>

-- 
Marc-André Lureau

[PATCH 6/8] hw/tpm: Move DEFINE_PROP_TPMBE() macro to 'tmp_prop.h' local header

[Philippe Mathieu-Daudé]

We are going to make "tpm_util.h" publicly accessible by
moving it to the include/ directory in the next commit.
The DEFINE_PROP_TPMBE() macro is only meaningful for the
TPM hardware files (in hw/tpm/), so keep this macro in a
local header.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/tpm/tpm_prop.h   | 31 +++
 hw/tpm/tpm_util.h   |  3 ---
 hw/tpm/tpm_crb.c|  1 +
 hw/tpm/tpm_spapr.c  |  1 +
 hw/tpm/tpm_tis_isa.c|  2 +-
 hw/tpm/tpm_tis_sysbus.c |  2 +-
 6 files changed, 35 insertions(+), 5 deletions(-)
 create mode 100644 hw/tpm/tpm_prop.h

diff --git a/hw/tpm/tpm_prop.h b/hw/tpm/tpm_prop.h
new file mode 100644
index 00..85e1ae5718
--- /dev/null
+++ b/hw/tpm/tpm_prop.h
@@ -0,0 +1,31 @@
+/*
+ * TPM utility functions
+ *
+ *  Copyright (c) 2010 - 2015 IBM Corporation
+ *  Authors:
+ *Stefan Berger 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see 
+ */
+
+#ifndef HW_TPM_PROP_H
+#define HW_TPM_PROP_H
+
+#include "sysemu/tpm_backend.h"
+#include "hw/qdev-properties.h"
+
+#define DEFINE_PROP_TPMBE(_n, _s, _f) \
+DEFINE_PROP(_n, _s, _f, qdev_prop_tpm, TPMBackend *)
+
+#endif /* HW_TPM_PROP_H */
diff --git a/hw/tpm/tpm_util.h b/hw/tpm/tpm_util.h
index d524935576..cf61d830d7 100644
--- a/hw/tpm/tpm_util.h
+++ b/hw/tpm/tpm_util.h
@@ -66,9 +66,6 @@ static inline void tpm_cmd_set_error(void *b, uint32_t error)
 stl_be_p(b + 6, error);
 }
 
-#define DEFINE_PROP_TPMBE(_n, _s, _f) \
-DEFINE_PROP(_n, _s, _f, qdev_prop_tpm, TPMBackend *)
-
 void tpm_util_show_buffer(const unsigned char *buffer,
   size_t buffer_size, const char *string);
 
diff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c
index 664ff70ef9..1cac4d671d 100644
--- a/hw/tpm/tpm_crb.c
+++ b/hw/tpm/tpm_crb.c
@@ -25,6 +25,7 @@
 #include "migration/vmstate.h"
 #include "sysemu/tpm_backend.h"
 #include "sysemu/reset.h"
+#include "tpm_prop.h"
 #include "tpm_util.h"
 #include "tpm_ppi.h"
 #include "trace.h"
diff --git a/hw/tpm/tpm_spapr.c b/hw/tpm/tpm_spapr.c
index ab1a86ad6e..65672048c7 100644
--- a/hw/tpm/tpm_spapr.c
+++ b/hw/tpm/tpm_spapr.c
@@ -21,6 +21,7 @@
 
 #include "sysemu/tpm_backend.h"
 #include "tpm_util.h"
+#include "tpm_prop.h"
 
 #include "hw/ppc/spapr.h"
 #include "hw/ppc/spapr_vio.h"
diff --git a/hw/tpm/tpm_tis_isa.c b/hw/tpm/tpm_tis_isa.c
index 42f909ff1e..5faf6231c0 100644
--- a/hw/tpm/tpm_tis_isa.c
+++ b/hw/tpm/tpm_tis_isa.c
@@ -27,7 +27,7 @@
 #include "hw/qdev-properties.h"
 #include "migration/vmstate.h"
 #include "hw/acpi/tpm.h"
-#include "tpm_util.h"
+#include "tpm_prop.h"
 #include "tpm_tis.h"
 
 typedef struct TPMStateISA {
diff --git a/hw/tpm/tpm_tis_sysbus.c b/hw/tpm/tpm_tis_sysbus.c
index edca1dae0d..4a3bc70625 100644
--- a/hw/tpm/tpm_tis_sysbus.c
+++ b/hw/tpm/tpm_tis_sysbus.c
@@ -26,7 +26,7 @@
 #include "hw/qdev-properties.h"
 #include "migration/vmstate.h"
 #include "hw/acpi/tpm.h"
-#include "tpm_util.h"
+#include "tpm_prop.h"
 #include "hw/sysbus.h"
 #include "tpm_tis.h"
 
-- 
2.21.3

Re: [PATCH v7 0/9] acpi: i386 tweaks

[Michael S. Tsirkin]

On Wed, Jun 10, 2020 at 05:53:46PM +0200, Gerd Hoffmann wrote:
> On Wed, Jun 10, 2020 at 10:54:26AM -0400, Michael S. Tsirkin wrote:
> > On Wed, Jun 10, 2020 at 01:40:02PM +0200, Igor Mammedov wrote:
> > > On Wed, 10 Jun 2020 11:41:22 +0200
> > > Gerd Hoffmann  wrote:
> > > 
> > > > First batch of microvm patches, some generic acpi stuff.
> > > > Split the acpi-build.c monster, specifically split the
> > > > pc and q35 and pci bits into a separate file which we
> > > > can skip building at some point in the future.
> > > > 
> > > It looks like series is missing patch to whitelist changed ACPI tables in
> > > bios-table-test.
> > 
> > Right. Does it pass make check?
> 
> No, but after 'git cherry-pick 9b20a3365d73dad4ad144eab9c5827dbbb2e9f21' it 
> does.


OK pls post a complete series, ok?

> > > Do we already have test case for microvm in bios-table-test,
> > > if not it's probably time to add it.
> > 
> > Separately :)
> 
> Especially as this series is just preparing cleanups and doesn't
> actually add acpi support to microvm yet.
> 
> But, yes, adding a testcase sounds useful.
> 
> take care,
>   Gerd

[RFC PATCH 8/8] tpm: Move backend code under the 'backends/' directory

[Philippe Mathieu-Daudé]

TPM subsytem is split into backends (see commit f4ede81eed2)
and frontends (see i.e. 3676bc69b35). Keep the emulated
hardware 'frontends' under hw/tpm/, but move the backends
in the backends/ directory.

Signed-off-by: Philippe Mathieu-Daudé 
---
RFC due to a FIXME in tpm_tis_common.c, it uses
TRACE_TPM_UTIL_SHOW_BUFFER which is now generated
by backends/trace-events...
---
 Makefile   |  2 +-
 {hw/tpm => backends}/tpm_int.h |  6 ++---
 {hw/tpm => backends}/tpm_ioctl.h   |  0
 {hw/tpm => backends}/tpm_emulator.c|  0
 {hw/tpm => backends}/tpm_passthrough.c |  0
 {hw/tpm => backends}/tpm_util.c|  0
 hw/tpm/tpm_tis_common.c|  1 +
 tests/qtest/tpm-emu.c  |  2 +-
 MAINTAINERS|  2 +-
 backends/Kconfig   | 14 +++
 backends/Makefile.objs |  3 +++
 backends/trace-events  | 32 
 hw/tpm/Kconfig | 15 
 hw/tpm/Makefile.objs   |  3 ---
 hw/tpm/trace-events| 34 +-
 15 files changed, 57 insertions(+), 57 deletions(-)
 rename {hw/tpm => backends}/tpm_int.h (96%)
 rename {hw/tpm => backends}/tpm_ioctl.h (100%)
 rename {hw/tpm => backends}/tpm_emulator.c (100%)
 rename {hw/tpm => backends}/tpm_passthrough.c (100%)
 rename {hw/tpm => backends}/tpm_util.c (100%)
 create mode 100644 backends/Kconfig

diff --git a/Makefile b/Makefile
index d1af126ea1..0ab6e12dd6 100644
--- a/Makefile
+++ b/Makefile
@@ -418,7 +418,7 @@ MINIKCONF_ARGS = \
 CONFIG_LINUX=$(CONFIG_LINUX) \
 CONFIG_PVRDMA=$(CONFIG_PVRDMA)
 
-MINIKCONF_INPUTS = $(SRC_PATH)/Kconfig.host $(SRC_PATH)/hw/Kconfig
+MINIKCONF_INPUTS = $(SRC_PATH)/Kconfig.host $(SRC_PATH)/backends/Kconfig 
$(SRC_PATH)/hw/Kconfig
 MINIKCONF_DEPS = $(MINIKCONF_INPUTS) $(wildcard $(SRC_PATH)/hw/*/Kconfig)
 MINIKCONF = $(PYTHON) $(SRC_PATH)/scripts/minikconf.py \
 
diff --git a/hw/tpm/tpm_int.h b/backends/tpm_int.h
similarity index 96%
rename from hw/tpm/tpm_int.h
rename to backends/tpm_int.h
index 9f72879d89..ba6109306e 100644
--- a/hw/tpm/tpm_int.h
+++ b/backends/tpm_int.h
@@ -9,8 +9,8 @@
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
  */
-#ifndef TPM_TPM_INT_H
-#define TPM_TPM_INT_H
+#ifndef BACKENDS_TPM_INT_H
+#define BACKENDS_TPM_INT_H
 
 #include "qemu/option.h"
 #include "sysemu/tpm.h"
@@ -85,4 +85,4 @@ typedef struct TPMSizedBuffer {
 
 void tpm_sized_buffer_reset(TPMSizedBuffer *tsb);
 
-#endif /* TPM_TPM_INT_H */
+#endif /* BACKENDS_TPM_INT_H */
diff --git a/hw/tpm/tpm_ioctl.h b/backends/tpm_ioctl.h
similarity index 100%
rename from hw/tpm/tpm_ioctl.h
rename to backends/tpm_ioctl.h
diff --git a/hw/tpm/tpm_emulator.c b/backends/tpm_emulator.c
similarity index 100%
rename from hw/tpm/tpm_emulator.c
rename to backends/tpm_emulator.c
diff --git a/hw/tpm/tpm_passthrough.c b/backends/tpm_passthrough.c
similarity index 100%
rename from hw/tpm/tpm_passthrough.c
rename to backends/tpm_passthrough.c
diff --git a/hw/tpm/tpm_util.c b/backends/tpm_util.c
similarity index 100%
rename from hw/tpm/tpm_util.c
rename to backends/tpm_util.c
diff --git a/hw/tpm/tpm_tis_common.c b/hw/tpm/tpm_tis_common.c
index 64206a6a3b..70ca5bc7a9 100644
--- a/hw/tpm/tpm_tis_common.c
+++ b/hw/tpm/tpm_tis_common.c
@@ -36,6 +36,7 @@
 #include "sysemu/tpm_util.h"
 #include "tpm_ppi.h"
 #include "trace.h"
+#include "../backends/trace.h" /* FIXME TRACE_TPM_UTIL_SHOW_BUFFER */
 
 #include "tpm_tis.h"
 
diff --git a/tests/qtest/tpm-emu.c b/tests/qtest/tpm-emu.c
index c43ac4aef8..fd6a2a9aff 100644
--- a/tests/qtest/tpm-emu.c
+++ b/tests/qtest/tpm-emu.c
@@ -13,7 +13,7 @@
 #include "qemu/osdep.h"
 #include 
 
-#include "hw/tpm/tpm_ioctl.h"
+#include "backends/tpm_ioctl.h"
 #include "io/channel-socket.h"
 #include "qapi/error.h"
 #include "tpm-emu.h"
diff --git a/MAINTAINERS b/MAINTAINERS
index 3abe3faa4e..3a9425e3df 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2385,7 +2385,7 @@ F: hw/tpm/*
 F: include/hw/acpi/tpm.h
 F: include/sysemu/tpm*
 F: qapi/tpm.json
-F: backends/tpm.c
+F: backends/tpm*.c
 F: tests/qtest/*tpm*
 T: git https://github.com/stefanberger/qemu-tpm.git tpm-next
 
diff --git a/backends/Kconfig b/backends/Kconfig
new file mode 100644
index 00..4ac943957a
--- /dev/null
+++ b/backends/Kconfig
@@ -0,0 +1,14 @@
+config TPMDEV
+bool
+depends on TPM
+
+config TPM_PASSTHROUGH
+bool
+default y
+# FIXME: should check for x86 host as well
+depends on TPMDEV && LINUX
+
+config TPM_EMULATOR
+bool
+default y
+depends on TPMDEV
diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index 28a847cd57..e3f244808e 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -2,6 +2,9 @@ common-obj-y += rng.o rng-egd.o rng-builtin.o
 common-obj-$(CONFIG_POSIX) += rng-random.o
 
 common-obj-$(CONFIG_TPM

[PATCH 3/8] hw/tpm: Move 'hw/acpi/tpm.h' inclusion from header to sources

[Philippe Mathieu-Daudé]

Nothing in "tpm_ppi.h" require declarations from "hw/acpi/tpm.h".
Reduce dependencies and include it only in the files requiring it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/tpm/tpm_ppi.h| 1 -
 hw/tpm/tpm_tis_isa.c| 1 +
 hw/tpm/tpm_tis_sysbus.c | 1 +
 3 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/tpm/tpm_ppi.h b/hw/tpm/tpm_ppi.h
index d33ef27de6..6f773c25a0 100644
--- a/hw/tpm/tpm_ppi.h
+++ b/hw/tpm/tpm_ppi.h
@@ -12,7 +12,6 @@
 #ifndef TPM_TPM_PPI_H
 #define TPM_TPM_PPI_H
 
-#include "hw/acpi/tpm.h"
 #include "exec/address-spaces.h"
 
 typedef struct TPMPPI {
diff --git a/hw/tpm/tpm_tis_isa.c b/hw/tpm/tpm_tis_isa.c
index 30ba37079d..42f909ff1e 100644
--- a/hw/tpm/tpm_tis_isa.c
+++ b/hw/tpm/tpm_tis_isa.c
@@ -26,6 +26,7 @@
 #include "hw/isa/isa.h"
 #include "hw/qdev-properties.h"
 #include "migration/vmstate.h"
+#include "hw/acpi/tpm.h"
 #include "tpm_util.h"
 #include "tpm_tis.h"
 
diff --git a/hw/tpm/tpm_tis_sysbus.c b/hw/tpm/tpm_tis_sysbus.c
index eced1fc843..edca1dae0d 100644
--- a/hw/tpm/tpm_tis_sysbus.c
+++ b/hw/tpm/tpm_tis_sysbus.c
@@ -25,6 +25,7 @@
 #include "qemu/osdep.h"
 #include "hw/qdev-properties.h"
 #include "migration/vmstate.h"
+#include "hw/acpi/tpm.h"
 #include "tpm_util.h"
 #include "hw/sysbus.h"
 #include "tpm_tis.h"
-- 
2.21.3

Re: [PATCH v8 00/34] Add subcluster allocation to qcow2

[Eric Blake]

On 6/10/20 10:02 AM, Alberto Garcia wrote:

Hi,

here's the new version of the patches to add subcluster allocation
support to qcow2.

Please refer to the cover letter of the first version for a full
description of the patches:

https://lists.gnu.org/archive/html/qemu-block/2019-10/msg00983.html

The big change here is that now when an image is preallocated then the
requested clusters are allocated but the L2 bitmap is left untouched.
This makes it possible to preallocate an image that has a backing
file.

If you want to test this series make sure to apply this patch first:

https://lists.gnu.org/archive/html/qemu-block/2020-06/msg00504.html


Let's spell that the way patchew can recognize:
Based-on: <20200610094600.4029-1-be...@igalia.com>



Berto

v8:
- Patch 30: New patch
- Patch 31: Update test expectations after commit cf2d1203dc
- Patch 32: New patch
- Patch 34: New tests, fixes and general refactoring of the code




--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

[PATCH 2/8] hw/tpm: Include missing 'qemu/option.h' header

[Philippe Mathieu-Daudé]

Files using the TPM_STANDARD_CMDLINE_OPTS macro declared in
"tpm_int.h" will use QEMU_OPT_STRING definition declared in
"qemu/option.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/tpm/tpm_int.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index 3fb28a9d6c..fd5ebc6489 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -12,6 +12,8 @@
 #ifndef TPM_TPM_INT_H
 #define TPM_TPM_INT_H
 
+#include "qemu/option.h"
+
 #define TPM_STANDARD_CMDLINE_OPTS \
 { \
 .name = "type", \
-- 
2.21.3

[PATCH 7/8] hw/tpm: Make 'tpm_util.h' publicly accessible as "sysemu/tpm_util.h"

[Philippe Mathieu-Daudé]

We are going to split the TPM backends from the TPM emulated
hardware in the next commit. Make the TPM util helpers accessible
by moving local "tpm_util.h" to global "sysemu/tpm_util.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 {hw/tpm => include/sysemu}/tpm_util.h | 6 +++---
 hw/tpm/tpm_crb.c  | 2 +-
 hw/tpm/tpm_emulator.c | 2 +-
 hw/tpm/tpm_passthrough.c  | 2 +-
 hw/tpm/tpm_spapr.c| 2 +-
 hw/tpm/tpm_tis_common.c   | 2 +-
 hw/tpm/tpm_util.c | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)
 rename {hw/tpm => include/sysemu}/tpm_util.h (95%)

diff --git a/hw/tpm/tpm_util.h b/include/sysemu/tpm_util.h
similarity index 95%
rename from hw/tpm/tpm_util.h
rename to include/sysemu/tpm_util.h
index cf61d830d7..63e872c3b2 100644
--- a/hw/tpm/tpm_util.h
+++ b/include/sysemu/tpm_util.h
@@ -19,8 +19,8 @@
  * License along with this library; if not, see 
  */
 
-#ifndef TPM_TPM_UTIL_H
-#define TPM_TPM_UTIL_H
+#ifndef SYSEMU_TPM_UTIL_H
+#define SYSEMU_TPM_UTIL_H
 
 #include "sysemu/tpm.h"
 #include "qemu/bswap.h"
@@ -69,4 +69,4 @@ static inline void tpm_cmd_set_error(void *b, uint32_t error)
 void tpm_util_show_buffer(const unsigned char *buffer,
   size_t buffer_size, const char *string);
 
-#endif /* TPM_TPM_UTIL_H */
+#endif /* SYSEMU_TPM_UTIL_H */
diff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c
index 1cac4d671d..60247295d4 100644
--- a/hw/tpm/tpm_crb.c
+++ b/hw/tpm/tpm_crb.c
@@ -24,9 +24,9 @@
 #include "hw/acpi/tpm.h"
 #include "migration/vmstate.h"
 #include "sysemu/tpm_backend.h"
+#include "sysemu/tpm_util.h"
 #include "sysemu/reset.h"
 #include "tpm_prop.h"
-#include "tpm_util.h"
 #include "tpm_ppi.h"
 #include "trace.h"
 
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 3a0fc442f3..9605339f93 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -32,8 +32,8 @@
 #include "qemu/sockets.h"
 #include "io/channel-socket.h"
 #include "sysemu/tpm_backend.h"
+#include "sysemu/tpm_util.h"
 #include "tpm_int.h"
-#include "tpm_util.h"
 #include "tpm_ioctl.h"
 #include "migration/blocker.h"
 #include "migration/vmstate.h"
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index f67244b5d4..7403807ec4 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -28,10 +28,10 @@
 #include "qemu/module.h"
 #include "qemu/sockets.h"
 #include "sysemu/tpm_backend.h"
+#include "sysemu/tpm_util.h"
 #include "tpm_int.h"
 #include "qapi/clone-visitor.h"
 #include "qapi/qapi-visit-tpm.h"
-#include "tpm_util.h"
 #include "trace.h"
 
 #define TYPE_TPM_PASSTHROUGH "tpm-passthrough"
diff --git a/hw/tpm/tpm_spapr.c b/hw/tpm/tpm_spapr.c
index 65672048c7..cb4dfd1e6a 100644
--- a/hw/tpm/tpm_spapr.c
+++ b/hw/tpm/tpm_spapr.c
@@ -20,7 +20,7 @@
 #include "migration/vmstate.h"
 
 #include "sysemu/tpm_backend.h"
-#include "tpm_util.h"
+#include "sysemu/tpm_util.h"
 #include "tpm_prop.h"
 
 #include "hw/ppc/spapr.h"
diff --git a/hw/tpm/tpm_tis_common.c b/hw/tpm/tpm_tis_common.c
index 94704870f6..64206a6a3b 100644
--- a/hw/tpm/tpm_tis_common.c
+++ b/hw/tpm/tpm_tis_common.c
@@ -33,7 +33,7 @@
 #include "hw/qdev-properties.h"
 #include "migration/vmstate.h"
 #include "sysemu/tpm_backend.h"
-#include "tpm_util.h"
+#include "sysemu/tpm_util.h"
 #include "tpm_ppi.h"
 #include "trace.h"
 
diff --git a/hw/tpm/tpm_util.c b/hw/tpm/tpm_util.c
index c0a0f3d71f..d0ec2a8235 100644
--- a/hw/tpm/tpm_util.c
+++ b/hw/tpm/tpm_util.c
@@ -23,11 +23,11 @@
 #include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "qapi/visitor.h"
-#include "tpm_util.h"
 #include "tpm_int.h"
 #include "exec/memory.h"
 #include "hw/qdev-properties.h"
 #include "sysemu/tpm_backend.h"
+#include "sysemu/tpm_util.h"
 #include "trace.h"
 
 /* tpm backend property */
-- 
2.21.3

[PATCH 5/8] hw/tpm: Move few declarations from 'tpm_util.h' to 'tpm_int.h'

[Philippe Mathieu-Daudé]

We are going to make "tpm_util.h" publicly accessible by
moving it to the include/ directory in a pair of commits.
Keep declarations internals to hw/tpm/ in "tpm_int.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/tpm/tpm_int.h  | 11 +++
 hw/tpm/tpm_util.h | 10 --
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index fd5ebc6489..9f72879d89 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -13,6 +13,7 @@
 #define TPM_TPM_INT_H
 
 #include "qemu/option.h"
+#include "sysemu/tpm.h"
 
 #define TPM_STANDARD_CMDLINE_OPTS \
 { \
@@ -74,4 +75,14 @@ struct tpm_resp_hdr {
 #define TPM_RC_FAILURE0x101
 #define TPM_RC_LOCALITY   0x907
 
+int tpm_util_get_buffer_size(int tpm_fd, TPMVersion tpm_version,
+ size_t *buffersize);
+
+typedef struct TPMSizedBuffer {
+uint32_t size;
+uint8_t  *buffer;
+} TPMSizedBuffer;
+
+void tpm_sized_buffer_reset(TPMSizedBuffer *tsb);
+
 #endif /* TPM_TPM_INT_H */
diff --git a/hw/tpm/tpm_util.h b/hw/tpm/tpm_util.h
index 7889081fba..d524935576 100644
--- a/hw/tpm/tpm_util.h
+++ b/hw/tpm/tpm_util.h
@@ -66,19 +66,9 @@ static inline void tpm_cmd_set_error(void *b, uint32_t error)
 stl_be_p(b + 6, error);
 }
 
-int tpm_util_get_buffer_size(int tpm_fd, TPMVersion tpm_version,
- size_t *buffersize);
-
 #define DEFINE_PROP_TPMBE(_n, _s, _f) \
 DEFINE_PROP(_n, _s, _f, qdev_prop_tpm, TPMBackend *)
 
-typedef struct TPMSizedBuffer {
-uint32_t size;
-uint8_t  *buffer;
-} TPMSizedBuffer;
-
-void tpm_sized_buffer_reset(TPMSizedBuffer *tsb);
-
 void tpm_util_show_buffer(const unsigned char *buffer,
   size_t buffer_size, const char *string);
 
-- 
2.21.3

[PATCH 1/8] hw/tpm: Do not include 'qemu/osdep.h' in header

[Philippe Mathieu-Daudé]

>From CODING_STYLE.rst:

  Do not include "qemu/osdep.h" from header files since the .c
  file will have already included it.

Remove "qemu/osdep.h" from "tpm_tis.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/tpm/tpm_tis.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
index 5554989395..f6b5872ba6 100644
--- a/hw/tpm/tpm_tis.h
+++ b/hw/tpm/tpm_tis.h
@@ -24,7 +24,6 @@
 #ifndef TPM_TPM_TIS_H
 #define TPM_TPM_TIS_H
 
-#include "qemu/osdep.h"
 #include "sysemu/tpm_backend.h"
 #include "tpm_ppi.h"
 
-- 
2.21.3

Re: [PATCH] qcow2: Fix preallocation on images with unaligned sizes

[Eric Blake]

On 6/10/20 4:46 AM, Alberto Garcia wrote:

When resizing an image with qcow2_co_truncate() using the falloc or
full preallocation modes the code assumes that both the old and new
sizes are cluster-aligned.

There are two problems with this:

   1) The calculation of how many clusters are involved does not always
  get the right result.

  Example: creating a 60KB image and resizing it (with
  preallocation=full) to 80KB won't allocate the second cluster.

   2) No copy-on-write is performed, so in the previous example if
  there is a backing file then the first 60KB of the first cluster
  won't be filled with data from the backing file.

This patch fixes both issues.

Signed-off-by: Alberto Garcia 
---
  block/qcow2.c  | 17 ++---
  tests/qemu-iotests/125 | 21 +
  tests/qemu-iotests/125.out |  9 +
  3 files changed, 44 insertions(+), 3 deletions(-)



Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

[PATCH 4/8] hw/tpm: Remove unnecessary 'tpm_int.h' header inclusion

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/tpm/tpm_crb.c| 1 -
 hw/tpm/tpm_spapr.c  | 1 -
 hw/tpm/tpm_tis_common.c | 1 -
 3 files changed, 3 deletions(-)

diff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c
index cd004e7f8e..664ff70ef9 100644
--- a/hw/tpm/tpm_crb.c
+++ b/hw/tpm/tpm_crb.c
@@ -25,7 +25,6 @@
 #include "migration/vmstate.h"
 #include "sysemu/tpm_backend.h"
 #include "sysemu/reset.h"
-#include "tpm_int.h"
 #include "tpm_util.h"
 #include "tpm_ppi.h"
 #include "trace.h"
diff --git a/hw/tpm/tpm_spapr.c b/hw/tpm/tpm_spapr.c
index ce65eb2e45..ab1a86ad6e 100644
--- a/hw/tpm/tpm_spapr.c
+++ b/hw/tpm/tpm_spapr.c
@@ -20,7 +20,6 @@
 #include "migration/vmstate.h"
 
 #include "sysemu/tpm_backend.h"
-#include "tpm_int.h"
 #include "tpm_util.h"
 
 #include "hw/ppc/spapr.h"
diff --git a/hw/tpm/tpm_tis_common.c b/hw/tpm/tpm_tis_common.c
index 1af4bce139..94704870f6 100644
--- a/hw/tpm/tpm_tis_common.c
+++ b/hw/tpm/tpm_tis_common.c
@@ -33,7 +33,6 @@
 #include "hw/qdev-properties.h"
 #include "migration/vmstate.h"
 #include "sysemu/tpm_backend.h"
-#include "tpm_int.h"
 #include "tpm_util.h"
 #include "tpm_ppi.h"
 #include "trace.h"
-- 
2.21.3

[PATCH 0/8] tpm: Split hw/ vs backends/

[Philippe Mathieu-Daudé]

Hi,

Today I started to review some vTPM patches and got very
confused by the files under hw/tpm/. In particular after
running:

  $ git grep TYPE_TPM_BACKEND
  backends/tpm.c:188:.name = TYPE_TPM_BACKEND,
  hw/tpm/tpm_emulator.c:985:.parent = TYPE_TPM_BACKEND,
  hw/tpm/tpm_passthrough.c:393:.parent = TYPE_TPM_BACKEND,
  include/sysemu/tpm_backend.h:21:#define TYPE_TPM_BACKEND "tpm-backend"

As there is no particular reason to keep this mixed, clean it up.

Philippe Mathieu-Daudé (8):
  hw/tpm: Do not include 'qemu/osdep.h' in header
  hw/tpm: Include missing 'qemu/option.h' header
  hw/tpm: Move 'hw/acpi/tpm.h' inclusion from header to sources
  hw/tpm: Remove unnecessary 'tpm_int.h' header inclusion
  hw/tpm: Move few declarations from 'tpm_util.h' to 'tpm_int.h'
  hw/tpm: Move DEFINE_PROP_TPMBE() macro to 'tmp_prop.h' local header
  hw/tpm: Make 'tpm_util.h' publicly accessible as "sysemu/tpm_util.h"
  tpm: Move backend code under the 'backends/' directory

 Makefile   |  2 +-
 {hw/tpm => backends}/tpm_int.h | 19 +++---
 {hw/tpm => backends}/tpm_ioctl.h   |  0
 hw/tpm/tpm_ppi.h   |  1 -
 hw/tpm/tpm_prop.h  | 31 +++
 hw/tpm/tpm_tis.h   |  1 -
 {hw/tpm => include/sysemu}/tpm_util.h  | 19 +++---
 {hw/tpm => backends}/tpm_emulator.c|  2 +-
 {hw/tpm => backends}/tpm_passthrough.c |  2 +-
 {hw/tpm => backends}/tpm_util.c|  2 +-
 hw/tpm/tpm_crb.c   |  4 +--
 hw/tpm/tpm_spapr.c |  4 +--
 hw/tpm/tpm_tis_common.c|  4 +--
 hw/tpm/tpm_tis_isa.c   |  3 ++-
 hw/tpm/tpm_tis_sysbus.c|  3 ++-
 tests/qtest/tpm-emu.c  |  2 +-
 MAINTAINERS|  2 +-
 backends/Kconfig   | 14 +++
 backends/Makefile.objs |  3 +++
 backends/trace-events  | 32 
 hw/tpm/Kconfig | 15 
 hw/tpm/Makefile.objs   |  3 ---
 hw/tpm/trace-events| 34 +-
 23 files changed, 116 insertions(+), 86 deletions(-)
 rename {hw/tpm => backends}/tpm_int.h (81%)
 rename {hw/tpm => backends}/tpm_ioctl.h (100%)
 create mode 100644 hw/tpm/tpm_prop.h
 rename {hw/tpm => include/sysemu}/tpm_util.h (80%)
 rename {hw/tpm => backends}/tpm_emulator.c (99%)
 rename {hw/tpm => backends}/tpm_passthrough.c (99%)
 rename {hw/tpm => backends}/tpm_util.c (99%)
 create mode 100644 backends/Kconfig

-- 
2.21.3

Re: [PATCH] travis.yml: Test also the other targets on s390x

[Alex Bennée]

Thomas Huth  writes:

> s390x is our only big endian host in our CI, so building and testing QEMU
> there is quite valuable. Thus let's also test the other targets with
> additional jobs (also using different sets of pre-installed libraries to
> get a better coverage of the things that we test).
>
> Signed-off-by: Thomas Huth 

Queued to testing/next, thanks.

-- 
Alex Bennée

Re: [PATCH v8 33/34] qcow2: Assert that expand_zero_clusters_in_l1() does not support subclusters

[Eric Blake]

On 6/10/20 10:03 AM, Alberto Garcia wrote:

This function is only used by qcow2_expand_zero_clusters() to
downgrade a qcow2 image to a previous version. It is however not
possible to downgrade an image with extended L2 entries because older
versions of qcow2 do not have this feature.


Well, it _is_ possible, but it would involve rewriting the entire L1/L2 
tables (including all internal snapshots), as well as causing I/O to COW 
every cluster where not all subclusters are allocated; and doing that 
conversion while remaining crash-consistent requires some thought and a 
temporary extra load on disk space (we can't discard the old table until 
the new one is completely written).


It would be more accurate to merely state that we are not prepared to 
implement it at this time.




Signed-off-by: Alberto Garcia 
Reviewed-by: Eric Blake 
---
  block/qcow2-cluster.c  | 8 +++-
  tests/qemu-iotests/061 | 6 ++
  tests/qemu-iotests/061.out | 5 +
  3 files changed, 18 insertions(+), 1 deletion(-)



Whether or not we update the commit message, R-b stands for the code.

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v8 32/34] qcow2: Allow preallocation and backing files if extended_l2 is set

[Eric Blake]

On 6/10/20 10:03 AM, Alberto Garcia wrote:

Traditional qcow2 images don't allow preallocation if a backing file
is set. This is because once a cluster is allocated there is no way to
tell that its data should be read from the backing file.

Extended L2 entries have individual allocation bits for each
subcluster, and therefore it is perfectly possible to have an
allocated cluster with all its subclusters unallocated.

Signed-off-by: Alberto Garcia 
---
  block/qcow2.c  | 7 ---
  tests/qemu-iotests/206.out | 2 +-
  2 files changed, 5 insertions(+), 4 deletions(-)


Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH] migration: fix xbzrle encoding rate calculation

[Dr. David Alan Gilbert]

* Richard Henderson (richard.hender...@linaro.org) wrote:
> On 6/7/20 5:53 PM, Wei Wang wrote:
> > It's reported an error of implicit conversion from "unsigned long" to
> > "double" when compiling with Clang 10. Simply make the encoding rate 0
> > when the encoded_size is 0.
> > 
> > Fixes: e460a4b1a4
> > Reported-by: Richard Henderson 
> > Signed-off-by: Wei Wang 
> > ---
> >  migration/ram.c | 4 +---
> >  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> Queuing to a clang 10 fixes branch.

Thanks

Reviewed-by: Dr. David Alan Gilbert 

Dave


> 
> 
> r~
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [PATCH v2 3/6] linux-user: Add strace support for printing argument of syscalls used for extended attributes

[Laurent Vivier]

Le 08/06/2020 à 18:43, Filip Bozuta a écrit :
> From: Filip Bozuta 
> 
> This patch implements strace argument printing functionality for following 
> syscalls:
> 
> *getxattr, lgetxattr, fgetxattr - retrieve an extended attribute value
> 
> ssize_t getxattr(const char *path, const char *name, void *value, 
> size_t size)
> ssize_t lgetxattr(const char *path, const char *name, void *value, 
> size_t size)
> ssize_t fgetxattr(int fd, const char *name, void *value, size_t size)
> man page: https://www.man7.org/linux/man-pages/man2/getxattr.2.html
> 
> *listxattr, llistxattr, flistxattr - list extended attribute names
> 
> ssize_t listxattr(const char *path, char *list, size_t size)
> ssize_t llistxattr(const char *path, char *list, size_t size)
> ssize_t flistxattr(int fd, char *list, size_t size)
> man page: https://www.man7.org/linux/man-pages/man2/listxattr.2.html
> 
> *removexattr, lremovexattr, fremovexattr - remove an extended attribute
> 
>  int removexattr(const char *path, const char *name)
>  int lremovexattr(const char *path, const char *name)
>  int fremovexattr(int fd, const char *name)
>  man page: 
> https://www.man7.org/linux/man-pages/man2/removexattr.2.html
> 
> Implementation notes:
> 
> All of the syscalls have strings as argument types and thus a separate
> printing function was stated in file "strace.list" for every one of them.
> All of these printing functions were defined in "strace.c" using existing
> printing functions for appropriate argument types:
>"print_string()" - for (const char*) type
>"print_pointer()" - for (char*) and (void *) type
>"print_raw_param()" for (int) and (size_t) type
> Syscalls "getxattr()" and "lgetxattr()" have the same number and type of
> arguments and thus their print functions ("print_getxattr", 
> "print_lgetxattr")
> share a same definition. The same statement applies to syscalls 
> "listxattr()"
> and "llistxattr()".
> Function "print_syscall_ret_listxattr()" was added to print the returned 
> list
> of extended attributes for syscalls and was listed as a "result" function 
> in file
> "strace.list" for syscalls: "listxattr(), llistxattr(), flistxattr()".
> 
> Signed-off-by: Filip Bozuta 
> ---
>  linux-user/strace.c| 126 +
>  linux-user/strace.list |  21 ---
>  2 files changed, 138 insertions(+), 9 deletions(-)
> 
> diff --git a/linux-user/strace.c b/linux-user/strace.c
> index f980451e3f..59fdb0a05f 100644
> --- a/linux-user/strace.c
> +++ b/linux-user/strace.c
> @@ -830,6 +830,45 @@ print_syscall_ret_adjtimex(const struct syscallname 
> *name, abi_long ret,
>  }
>  #endif
>  
> +#if defined(TARGET_NR_listxattr) || defined(TARGET_NR_llistxattr) \
> + || defined(TARGGET_NR_flistxattr)
> +static void
> +print_syscall_ret_listxattr(const struct syscallname *name, abi_long ret,
> +abi_long arg0, abi_long arg1, abi_long arg2,
> +abi_long arg3, abi_long arg4, abi_long arg5)
> +{
> +const char *errstr = NULL;
> +
> +qemu_log(" = ");
> +if (ret < 0) {
> +qemu_log("-1 errno=%d", errno);
> +errstr = target_strerror(-ret);
> +if (errstr) {
> +qemu_log(" (%s)", errstr);
> +}

We have several time this kind of code in strace.c
(print_syscall_ret_addr, print_syscall_ret_adjtimex, print_syscall_ret)
perhaps it could be moved  to generic function (in a previous patch)?

> +} else {
> +qemu_log(TARGET_ABI_FMT_ld, ret);
> +qemu_log(" (list = ");
> +if (arg1 != 0) {
> +abi_long attr = arg1;
> +for (;;) {

We should avoid an infinite loop, and it's easy as you now the size of
the buffer (ret).

> +print_string(attr, 1);
> +attr += target_strlen(attr) + 1;
> +if (target_strlen(attr) == 0) {
> +break;
> +}
> +qemu_log(",");
> +}
> +} else {
> +qemu_log("NULL");
> +}
> +qemu_log(")");
> +}
> +
> +qemu_log("\n");
> +}

You should do as for the entry functions, and define the ones for
llistxattr and flistxattr:

#define print_syscall_ret_flistxattr print_syscall_ret_listxattr
#define print_syscall_ret_xlistxattr print_syscall_ret_listxattr

I have no preference on that but it's to be homogeneous with the rest of
the code.

> +#endif
> +
>  UNUSED static struct flags access_flags[] = {
>  FLAG_GENERIC(F_OK),
>  FLAG_GENERIC(R_OK),
> @@ -1637,6 +1676,93 @@ print_fcntl(const struct syscallname *name,
>  #define print_fcntl64   print_fcntl
>  #endif
>  
> +#ifdef TARGET_NR_fgetxattr
> +static void
> +print_fgetxattr(const struct syscallname *name,
> +abi_long arg0, abi_long arg1, abi_long arg2,
> +abi_long arg3, abi_long arg4,

Re: [PATCH 2/2] qcow2: improve savevm performance - please ignore

[Denis V. Lunev]

On 6/10/20 9:58 PM, Denis V. Lunev wrote:
> This patch does 2 standard basic things:
> - it creates intermediate buffer for all writes from QEMU migration code
>   to QCOW2 image,
> - this buffer is sent to disk asynchronously, allowing several writes to
>   run in parallel.
>
> In general, migration code is fantastically inefficent (by observation),
> buffers are not aligned and sent with arbitrary pieces, a lot of time
> less than 100 bytes at a chunk, which results in read-modify-write
> operations with non-cached operations. It should also be noted that all
> operations are performed into unallocated image blocks, which also suffer
> due to partial writes to such new clusters.
>
> Snapshot creation time (2 GB Fedora-31 VM running over NVME storage):
> original fixed
> cached:  1.79s   1.27s
> non-cached:  3.29s   0.81s
>
> The difference over HDD would be more significant :)
>
> Signed-off-by: Denis V. Lunev 
> CC: Kevin Wolf 
> CC: Max Reitz 
> CC: Vladimir Sementsov-Ogievskiy 
> CC: Denis Plotnikov 
> ---
>  block/qcow2.c | 111 +-
>  block/qcow2.h |   4 ++
>  2 files changed, 113 insertions(+), 2 deletions(-)
>
> diff --git a/block/qcow2.c b/block/qcow2.c
> index 0cd2e6757e..e6232f32e2 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -4797,11 +4797,43 @@ static int qcow2_make_empty(BlockDriverState *bs)
>  return ret;
>  }
>  
> +
> +typedef struct Qcow2VMStateTask {
> +AioTask task;
> +
> +BlockDriverState *bs;
> +int64_t offset;
> +void *buf;
> +size_t bytes;
> +} Qcow2VMStateTask;
> +
> +typedef struct Qcow2SaveVMState {
> +AioTaskPool *pool;
> +Qcow2VMStateTask *t;
> +} Qcow2SaveVMState;
> +
>  static coroutine_fn int qcow2_co_flush_to_os(BlockDriverState *bs)
>  {
>  BDRVQcow2State *s = bs->opaque;
> +Qcow2SaveVMState *state = s->savevm_state;
>  int ret;
>  
> +if (state != NULL) {
> +aio_task_pool_start_task(state->pool, &state->t->task);
> +
> +aio_task_pool_wait_all(state->pool);
> +ret = aio_task_pool_status(state->pool);
> +
> +aio_task_pool_free(state->pool);
> +g_free(state);
> +
> +s->savevm_state = NULL;
> +
> +if (ret < 0) {
> +return ret;
> +}
> +}
> +
>  qemu_co_mutex_lock(&s->lock);
>  ret = qcow2_write_caches(bs);
>  qemu_co_mutex_unlock(&s->lock);
> @@ -5098,14 +5130,89 @@ static int qcow2_has_zero_init(BlockDriverState *bs)
>  }
>  }
>  
> +
> +static coroutine_fn int qcow2_co_vmstate_task_entry(AioTask *task)
> +{
> +int err = 0;
> +Qcow2VMStateTask *t = container_of(task, Qcow2VMStateTask, task);
> +
> +if (t->bytes != 0) {
> +QEMUIOVector local_qiov;
> +qemu_iovec_init_buf(&local_qiov, t->buf, t->bytes);
> +err = t->bs->drv->bdrv_co_pwritev_part(t->bs, t->offset, t->bytes,
> +   &local_qiov, 0, 0);
> +}
> +
> +qemu_vfree(t->buf);
> +return err;
> +}
> +
> +static Qcow2VMStateTask *qcow2_vmstate_task_create(BlockDriverState *bs,
> +int64_t pos, size_t size)
> +{
> +BDRVQcow2State *s = bs->opaque;
> +Qcow2VMStateTask *t = g_new(Qcow2VMStateTask, 1);
> +
> +*t = (Qcow2VMStateTask) {
> +.task.func = qcow2_co_vmstate_task_entry,
> +.buf = qemu_blockalign(bs, size),
> +.offset = qcow2_vm_state_offset(s) + pos,
> +.bs = bs,
> +};
> +
> +return t;
> +}
> +
>  static int qcow2_save_vmstate(BlockDriverState *bs, QEMUIOVector *qiov,
>int64_t pos)
>  {
>  BDRVQcow2State *s = bs->opaque;
> +Qcow2SaveVMState *state = s->savevm_state;
> +Qcow2VMStateTask *t;
> +size_t buf_size = MAX(s->cluster_size, 1 * MiB);
> +size_t to_copy;
> +size_t off;
>  
>  BLKDBG_EVENT(bs->file, BLKDBG_VMSTATE_SAVE);
> -return bs->drv->bdrv_co_pwritev_part(bs, qcow2_vm_state_offset(s) + pos,
> - qiov->size, qiov, 0, 0);
> +
> +if (state == NULL) {
> +state = g_new(Qcow2SaveVMState, 1);
> +*state = (Qcow2SaveVMState) {
> +.pool = aio_task_pool_new(QCOW2_MAX_WORKERS),
> +.t = qcow2_vmstate_task_create(bs, pos, buf_size),
> +};
> +
> +s->savevm_state = state;
> +}
> +
> +if (aio_task_pool_status(state->pool) != 0) {
> +return aio_task_pool_status(state->pool);
> +}
> +
> +t = state->t;
> +if (t->offset + t->bytes != qcow2_vm_state_offset(s) + pos) {
> +/* Normally this branch is not reachable from migration */
> +return bs->drv->bdrv_co_pwritev_part(bs,
> +qcow2_vm_state_offset(s) + pos, qiov->size, qiov, 0, 0);
> +}
> +
> +off = 0;
> +while (1) {
> +to_copy = MIN(qiov->size - off, buf_size - t->bytes);
> +qemu_iovec_to_buf(qiov, off, t->buf +

[PATCH v2 0/2] qcow2: seriously improve savevm performance

[Denis V. Lunev]

This series do standard basic things:
- it creates intermediate buffer for all writes from QEMU migration code
  to QCOW2 image,
- this buffer is sent to disk asynchronously, allowing several writes to
  run in parallel.

In general, migration code is fantastically inefficent (by observation),
buffers are not aligned and sent with arbitrary pieces, a lot of time
less than 100 bytes at a chunk, which results in read-modify-write
operations with non-cached operations. It should also be noted that all
operations are performed into unallocated image blocks, which also suffer
due to partial writes to such new clusters.

This patch series is an implementation of idea discussed in the RFC
posted by Denis
https://lists.gnu.org/archive/html/qemu-devel/2020-04/msg01925.html
Results with this series over NVME are better than original code
original rfcthis
cached:  1.79s  2.38s   1.27s
non-cached:  3.29s  1.31s   0.81s

Changes from v1:
- patchew warning fixed
- fixed validation that only 1 waiter is allowed in patch 1

Signed-off-by: Denis V. Lunev 
CC: Kevin Wolf 
CC: Max Reitz 
CC: Vladimir Sementsov-Ogievskiy 
CC: Denis Plotnikov 

[PATCH 1/2] aio: allow to wait for coroutine pool from different coroutine

[Denis V. Lunev]

The patch preserves the constraint that the only waiter is allowed.

The patch renames AioTaskPool->main_co to wake_co and removes
AioTaskPool->waiting flag. wake_co keeps coroutine, which is
waiting for wakeup on worker completion. Thus 'waiting' flag
in this semantics is equivalent to 'wake_co != NULL'.

Signed-off-by: Denis V. Lunev 
CC: Kevin Wolf 
CC: Max Reitz 
CC: Vladimir Sementsov-Ogievskiy 
CC: Denis Plotnikov 
---
 block/aio_task.c | 17 -
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/block/aio_task.c b/block/aio_task.c
index 88989fa248..5183b0729d 100644
--- a/block/aio_task.c
+++ b/block/aio_task.c
@@ -27,11 +27,10 @@
 #include "block/aio_task.h"
 
 struct AioTaskPool {
-Coroutine *main_co;
+Coroutine *wake_co;
 int status;
 int max_busy_tasks;
 int busy_tasks;
-bool waiting;
 };
 
 static void coroutine_fn aio_task_co(void *opaque)
@@ -52,21 +51,21 @@ static void coroutine_fn aio_task_co(void *opaque)
 
 g_free(task);
 
-if (pool->waiting) {
-pool->waiting = false;
-aio_co_wake(pool->main_co);
+if (pool->wake_co != NULL) {
+aio_co_wake(pool->wake_co);
+pool->wake_co = NULL;
 }
 }
 
 void coroutine_fn aio_task_pool_wait_one(AioTaskPool *pool)
 {
 assert(pool->busy_tasks > 0);
-assert(qemu_coroutine_self() == pool->main_co);
+assert(pool->wake_co == NULL);
 
-pool->waiting = true;
+pool->wake_co = qemu_coroutine_self();
 qemu_coroutine_yield();
 
-assert(!pool->waiting);
+assert(pool->wake_co == NULL);
 assert(pool->busy_tasks < pool->max_busy_tasks);
 }
 
@@ -98,7 +97,7 @@ AioTaskPool *coroutine_fn aio_task_pool_new(int 
max_busy_tasks)
 {
 AioTaskPool *pool = g_new0(AioTaskPool, 1);
 
-pool->main_co = qemu_coroutine_self();
+pool->wake_co = NULL;
 pool->max_busy_tasks = max_busy_tasks;
 
 return pool;
-- 
2.17.1

Re: [PATCH 1/2] aio: allow to wait for coroutine pool from different coroutine - please ignore

[Denis V. Lunev]

On 6/10/20 9:58 PM, Denis V. Lunev wrote:
> The patch preserves the constraint that the only waiter is allowed.
>
> The patch renames AioTaskPool->main_co to wake_co and removes
> AioTaskPool->waiting flag. wake_co keeps coroutine, which is
> waiting for wakeup on worker completion. Thus 'waiting' flag
> in this semantics is equivalent to 'wake_co != NULL'.
>
> Signed-off-by: Denis V. Lunev 
> CC: Kevin Wolf 
> CC: Max Reitz 
> CC: Vladimir Sementsov-Ogievskiy 
> CC: Denis Plotnikov 
> ---
>  block/aio_task.c | 17 -
>  1 file changed, 8 insertions(+), 9 deletions(-)
>
> diff --git a/block/aio_task.c b/block/aio_task.c
> index 88989fa248..5183b0729d 100644
> --- a/block/aio_task.c
> +++ b/block/aio_task.c
> @@ -27,11 +27,10 @@
>  #include "block/aio_task.h"
>  
>  struct AioTaskPool {
> -Coroutine *main_co;
> +Coroutine *wake_co;
>  int status;
>  int max_busy_tasks;
>  int busy_tasks;
> -bool waiting;
>  };
>  
>  static void coroutine_fn aio_task_co(void *opaque)
> @@ -52,21 +51,21 @@ static void coroutine_fn aio_task_co(void *opaque)
>  
>  g_free(task);
>  
> -if (pool->waiting) {
> -pool->waiting = false;
> -aio_co_wake(pool->main_co);
> +if (pool->wake_co != NULL) {
> +aio_co_wake(pool->wake_co);
> +pool->wake_co = NULL;
>  }
>  }
>  
>  void coroutine_fn aio_task_pool_wait_one(AioTaskPool *pool)
>  {
>  assert(pool->busy_tasks > 0);
> -assert(qemu_coroutine_self() == pool->main_co);
> +assert(pool->wake_co == NULL);
>  
> -pool->waiting = true;
> +pool->wake_co = qemu_coroutine_self();
>  qemu_coroutine_yield();
>  
> -assert(!pool->waiting);
> +assert(pool->wake_co == NULL);
>  assert(pool->busy_tasks < pool->max_busy_tasks);
>  }
>  
> @@ -98,7 +97,7 @@ AioTaskPool *coroutine_fn aio_task_pool_new(int 
> max_busy_tasks)
>  {
>  AioTaskPool *pool = g_new0(AioTaskPool, 1);
>  
> -pool->main_co = qemu_coroutine_self();
> +pool->wake_co = NULL;
>  pool->max_busy_tasks = max_busy_tasks;
>  
>  return pool;
please ignore

[PATCH 2/2] qcow2: improve savevm performance

[Denis V. Lunev]

This patch does 2 standard basic things:
- it creates intermediate buffer for all writes from QEMU migration code
  to QCOW2 image,
- this buffer is sent to disk asynchronously, allowing several writes to
  run in parallel.

In general, migration code is fantastically inefficent (by observation),
buffers are not aligned and sent with arbitrary pieces, a lot of time
less than 100 bytes at a chunk, which results in read-modify-write
operations with non-cached operations. It should also be noted that all
operations are performed into unallocated image blocks, which also suffer
due to partial writes to such new clusters.

Snapshot creation time (2 GB Fedora-31 VM running over NVME storage):
original fixed
cached:  1.79s   1.27s
non-cached:  3.29s   0.81s

The difference over HDD would be more significant :)

Signed-off-by: Denis V. Lunev 
CC: Kevin Wolf 
CC: Max Reitz 
CC: Vladimir Sementsov-Ogievskiy 
CC: Denis Plotnikov 
---
 block/qcow2.c | 111 +-
 block/qcow2.h |   4 ++
 2 files changed, 113 insertions(+), 2 deletions(-)

diff --git a/block/qcow2.c b/block/qcow2.c
index 0cd2e6757e..e6232f32e2 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -4797,11 +4797,43 @@ static int qcow2_make_empty(BlockDriverState *bs)
 return ret;
 }
 
+
+typedef struct Qcow2VMStateTask {
+AioTask task;
+
+BlockDriverState *bs;
+int64_t offset;
+void *buf;
+size_t bytes;
+} Qcow2VMStateTask;
+
+typedef struct Qcow2SaveVMState {
+AioTaskPool *pool;
+Qcow2VMStateTask *t;
+} Qcow2SaveVMState;
+
 static coroutine_fn int qcow2_co_flush_to_os(BlockDriverState *bs)
 {
 BDRVQcow2State *s = bs->opaque;
+Qcow2SaveVMState *state = s->savevm_state;
 int ret;
 
+if (state != NULL) {
+aio_task_pool_start_task(state->pool, &state->t->task);
+
+aio_task_pool_wait_all(state->pool);
+ret = aio_task_pool_status(state->pool);
+
+aio_task_pool_free(state->pool);
+g_free(state);
+
+s->savevm_state = NULL;
+
+if (ret < 0) {
+return ret;
+}
+}
+
 qemu_co_mutex_lock(&s->lock);
 ret = qcow2_write_caches(bs);
 qemu_co_mutex_unlock(&s->lock);
@@ -5098,14 +5130,89 @@ static int qcow2_has_zero_init(BlockDriverState *bs)
 }
 }
 
+
+static coroutine_fn int qcow2_co_vmstate_task_entry(AioTask *task)
+{
+int err = 0;
+Qcow2VMStateTask *t = container_of(task, Qcow2VMStateTask, task);
+
+if (t->bytes != 0) {
+QEMUIOVector local_qiov;
+qemu_iovec_init_buf(&local_qiov, t->buf, t->bytes);
+err = t->bs->drv->bdrv_co_pwritev_part(t->bs, t->offset, t->bytes,
+   &local_qiov, 0, 0);
+}
+
+qemu_vfree(t->buf);
+return err;
+}
+
+static Qcow2VMStateTask *qcow2_vmstate_task_create(BlockDriverState *bs,
+int64_t pos, size_t size)
+{
+BDRVQcow2State *s = bs->opaque;
+Qcow2VMStateTask *t = g_new(Qcow2VMStateTask, 1);
+
+*t = (Qcow2VMStateTask) {
+.task.func = qcow2_co_vmstate_task_entry,
+.buf = qemu_blockalign(bs, size),
+.offset = qcow2_vm_state_offset(s) + pos,
+.bs = bs,
+};
+
+return t;
+}
+
 static int qcow2_save_vmstate(BlockDriverState *bs, QEMUIOVector *qiov,
   int64_t pos)
 {
 BDRVQcow2State *s = bs->opaque;
+Qcow2SaveVMState *state = s->savevm_state;
+Qcow2VMStateTask *t;
+size_t buf_size = MAX(s->cluster_size, 1 * MiB);
+size_t to_copy;
+size_t off;
 
 BLKDBG_EVENT(bs->file, BLKDBG_VMSTATE_SAVE);
-return bs->drv->bdrv_co_pwritev_part(bs, qcow2_vm_state_offset(s) + pos,
- qiov->size, qiov, 0, 0);
+
+if (state == NULL) {
+state = g_new(Qcow2SaveVMState, 1);
+*state = (Qcow2SaveVMState) {
+.pool = aio_task_pool_new(QCOW2_MAX_WORKERS),
+.t = qcow2_vmstate_task_create(bs, pos, buf_size),
+};
+
+s->savevm_state = state;
+}
+
+if (aio_task_pool_status(state->pool) != 0) {
+return aio_task_pool_status(state->pool);
+}
+
+t = state->t;
+if (t->offset + t->bytes != qcow2_vm_state_offset(s) + pos) {
+/* Normally this branch is not reachable from migration */
+return bs->drv->bdrv_co_pwritev_part(bs,
+qcow2_vm_state_offset(s) + pos, qiov->size, qiov, 0, 0);
+}
+
+off = 0;
+while (1) {
+to_copy = MIN(qiov->size - off, buf_size - t->bytes);
+qemu_iovec_to_buf(qiov, off, t->buf + t->bytes, to_copy);
+t->bytes += to_copy;
+if (t->bytes < buf_size) {
+return 0;
+}
+
+aio_task_pool_start_task(state->pool, &t->task);
+
+pos += to_copy;
+off += to_copy;
+state->t = t = qcow2_vmstate_task_create(bs, pos, buf_size);
+}
+
+return 0;
 }
 
 static int q

[PATCH 1/2] aio: allow to wait for coroutine pool from different coroutine

[Denis V. Lunev]

The patch preserves the constraint that the only waiter is allowed.

The patch renames AioTaskPool->main_co to wake_co and removes
AioTaskPool->waiting flag. wake_co keeps coroutine, which is
waiting for wakeup on worker completion. Thus 'waiting' flag
in this semantics is equivalent to 'wake_co != NULL'.

Signed-off-by: Denis V. Lunev 
CC: Kevin Wolf 
CC: Max Reitz 
CC: Vladimir Sementsov-Ogievskiy 
CC: Denis Plotnikov 
---
 block/aio_task.c | 17 -
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/block/aio_task.c b/block/aio_task.c
index 88989fa248..5183b0729d 100644
--- a/block/aio_task.c
+++ b/block/aio_task.c
@@ -27,11 +27,10 @@
 #include "block/aio_task.h"
 
 struct AioTaskPool {
-Coroutine *main_co;
+Coroutine *wake_co;
 int status;
 int max_busy_tasks;
 int busy_tasks;
-bool waiting;
 };
 
 static void coroutine_fn aio_task_co(void *opaque)
@@ -52,21 +51,21 @@ static void coroutine_fn aio_task_co(void *opaque)
 
 g_free(task);
 
-if (pool->waiting) {
-pool->waiting = false;
-aio_co_wake(pool->main_co);
+if (pool->wake_co != NULL) {
+aio_co_wake(pool->wake_co);
+pool->wake_co = NULL;
 }
 }
 
 void coroutine_fn aio_task_pool_wait_one(AioTaskPool *pool)
 {
 assert(pool->busy_tasks > 0);
-assert(qemu_coroutine_self() == pool->main_co);
+assert(pool->wake_co == NULL);
 
-pool->waiting = true;
+pool->wake_co = qemu_coroutine_self();
 qemu_coroutine_yield();
 
-assert(!pool->waiting);
+assert(pool->wake_co == NULL);
 assert(pool->busy_tasks < pool->max_busy_tasks);
 }
 
@@ -98,7 +97,7 @@ AioTaskPool *coroutine_fn aio_task_pool_new(int 
max_busy_tasks)
 {
 AioTaskPool *pool = g_new0(AioTaskPool, 1);
 
-pool->main_co = qemu_coroutine_self();
+pool->wake_co = NULL;
 pool->max_busy_tasks = max_busy_tasks;
 
 return pool;
-- 
2.17.1

[PATCH 2/2] qcow2: improve savevm performance

[Denis V. Lunev]

This patch does 2 standard basic things:
- it creates intermediate buffer for all writes from QEMU migration code
  to QCOW2 image,
- this buffer is sent to disk asynchronously, allowing several writes to
  run in parallel.

In general, migration code is fantastically inefficent (by observation),
buffers are not aligned and sent with arbitrary pieces, a lot of time
less than 100 bytes at a chunk, which results in read-modify-write
operations with non-cached operations. It should also be noted that all
operations are performed into unallocated image blocks, which also suffer
due to partial writes to such new clusters.

Snapshot creation time (2 GB Fedora-31 VM running over NVME storage):
original fixed
cached:  1.79s   1.27s
non-cached:  3.29s   0.81s

The difference over HDD would be more significant :)

Signed-off-by: Denis V. Lunev 
CC: Kevin Wolf 
CC: Max Reitz 
CC: Vladimir Sementsov-Ogievskiy 
CC: Denis Plotnikov 
---
 block/qcow2.c | 111 +-
 block/qcow2.h |   4 ++
 2 files changed, 113 insertions(+), 2 deletions(-)

diff --git a/block/qcow2.c b/block/qcow2.c
index 0cd2e6757e..e6232f32e2 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -4797,11 +4797,43 @@ static int qcow2_make_empty(BlockDriverState *bs)
 return ret;
 }
 
+
+typedef struct Qcow2VMStateTask {
+AioTask task;
+
+BlockDriverState *bs;
+int64_t offset;
+void *buf;
+size_t bytes;
+} Qcow2VMStateTask;
+
+typedef struct Qcow2SaveVMState {
+AioTaskPool *pool;
+Qcow2VMStateTask *t;
+} Qcow2SaveVMState;
+
 static coroutine_fn int qcow2_co_flush_to_os(BlockDriverState *bs)
 {
 BDRVQcow2State *s = bs->opaque;
+Qcow2SaveVMState *state = s->savevm_state;
 int ret;
 
+if (state != NULL) {
+aio_task_pool_start_task(state->pool, &state->t->task);
+
+aio_task_pool_wait_all(state->pool);
+ret = aio_task_pool_status(state->pool);
+
+aio_task_pool_free(state->pool);
+g_free(state);
+
+s->savevm_state = NULL;
+
+if (ret < 0) {
+return ret;
+}
+}
+
 qemu_co_mutex_lock(&s->lock);
 ret = qcow2_write_caches(bs);
 qemu_co_mutex_unlock(&s->lock);
@@ -5098,14 +5130,89 @@ static int qcow2_has_zero_init(BlockDriverState *bs)
 }
 }
 
+
+static coroutine_fn int qcow2_co_vmstate_task_entry(AioTask *task)
+{
+int err = 0;
+Qcow2VMStateTask *t = container_of(task, Qcow2VMStateTask, task);
+
+if (t->bytes != 0) {
+QEMUIOVector local_qiov;
+qemu_iovec_init_buf(&local_qiov, t->buf, t->bytes);
+err = t->bs->drv->bdrv_co_pwritev_part(t->bs, t->offset, t->bytes,
+   &local_qiov, 0, 0);
+}
+
+qemu_vfree(t->buf);
+return err;
+}
+
+static Qcow2VMStateTask *qcow2_vmstate_task_create(BlockDriverState *bs,
+int64_t pos, size_t size)
+{
+BDRVQcow2State *s = bs->opaque;
+Qcow2VMStateTask *t = g_new(Qcow2VMStateTask, 1);
+
+*t = (Qcow2VMStateTask) {
+.task.func = qcow2_co_vmstate_task_entry,
+.buf = qemu_blockalign(bs, size),
+.offset = qcow2_vm_state_offset(s) + pos,
+.bs = bs,
+};
+
+return t;
+}
+
 static int qcow2_save_vmstate(BlockDriverState *bs, QEMUIOVector *qiov,
   int64_t pos)
 {
 BDRVQcow2State *s = bs->opaque;
+Qcow2SaveVMState *state = s->savevm_state;
+Qcow2VMStateTask *t;
+size_t buf_size = MAX(s->cluster_size, 1 * MiB);
+size_t to_copy;
+size_t off;
 
 BLKDBG_EVENT(bs->file, BLKDBG_VMSTATE_SAVE);
-return bs->drv->bdrv_co_pwritev_part(bs, qcow2_vm_state_offset(s) + pos,
- qiov->size, qiov, 0, 0);
+
+if (state == NULL) {
+state = g_new(Qcow2SaveVMState, 1);
+*state = (Qcow2SaveVMState) {
+.pool = aio_task_pool_new(QCOW2_MAX_WORKERS),
+.t = qcow2_vmstate_task_create(bs, pos, buf_size),
+};
+
+s->savevm_state = state;
+}
+
+if (aio_task_pool_status(state->pool) != 0) {
+return aio_task_pool_status(state->pool);
+}
+
+t = state->t;
+if (t->offset + t->bytes != qcow2_vm_state_offset(s) + pos) {
+/* Normally this branch is not reachable from migration */
+return bs->drv->bdrv_co_pwritev_part(bs,
+qcow2_vm_state_offset(s) + pos, qiov->size, qiov, 0, 0);
+}
+
+off = 0;
+while (1) {
+to_copy = MIN(qiov->size - off, buf_size - t->bytes);
+qemu_iovec_to_buf(qiov, off, t->buf + t->bytes, to_copy);
+t->bytes += to_copy;
+if (t->bytes < buf_size) {
+return 0;
+}
+
+aio_task_pool_start_task(state->pool, &t->task);
+
+pos += to_copy;
+off += to_copy;
+state->t = t = qcow2_vmstate_task_create(bs, pos, buf_size);
+}
+
+return 0;
 }
 
 static int q

[Bug 1882671] Re: qemu-system-x86_64 (ver 4.2) stuck at boot with OVMF bios

[Vladislav K. Valtchev]

Hi Laszlo,
thanks for investigating the problem so rapidly.

So, I downgraded the ipxe-qemu package from
1.0.0+git-20190109.133f4c4-0ubuntu3 (focal) to 1.0.0+git-20180124
.fbe8c52d-0ubuntu2 (bionic) and the problem completely disappeared. Your
theory looks absolutely correct to me.

For what it's worth, I just discovered that, even with the buggy ipxe-
qemu in Focal, the OVMF distributed with QEMU itself
(/usr/share/qemu/OVMF.fd) worked, but ONLY with it. I tried with
multiple other versions of OVMF and all of them caused QEMU to stuck at
boot, probably because of that ASSERT in the 82540em.efi driver.

Vlad

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1882671

Title:
  qemu-system-x86_64 (ver 4.2) stuck at boot with OVMF bios

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  The version of QEMU (4.2.0) packaged for Ubuntu 20.04 hangs
  indefinitely at boot if an OVMF bios is used. This happens ONLY with
  qemu-system-x86_64. qemu-system-i386 works fine with the latest ia32
  OVMF bios.

  NOTE[1]: the same identical OVMF bios works fine on QEMU 2.x packaged with 
Ubuntu 18.04.
  NOTE[2]: reproducing the fatal bug requires *no* operating system:

 qemu-system-x86_64 -bios OVMF-pure-efi.fd

  On its window QEMU gets stuck at the very first stage:
 "Guest has not initialized the display (yet)."

  NOTE[3]: QEMU gets stuck no matter if KVM is used or not.

  NOTE[4]: By adding the `-d int` option it is possible to observe that
  QEMU is, apparently, stuck in an endless loop of interrupts. For the
  first few seconds, registers' values vary quickly, but at some point
  they reach a final value, while the interrupt counter increments:

2568: v=68 e= i=0 cpl=0 IP=0038:07f1d225 pc=07f1d225 
SP=0030:07f0c8d0 env->regs[R_EAX]=
  RAX= RBX=07f0c920 RCX= 
RDX=0001
  RSI=06d18798 RDI=8664 RBP= 
RSP=07f0c8d0
  R8 =0001 R9 =0089 R10= 
R11=07f2c987
  R12= R13= R14=07087901 
R15=
  RIP=07f1d225 RFL=0246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
  ES =0030   00cf9300 DPL=0 DS   [-WA]
  CS =0038   00af9a00 DPL=0 CS64 [-R-]
  SS =0030   00cf9300 DPL=0 DS   [-WA]
  DS =0030   00cf9300 DPL=0 DS   [-WA]
  FS =0030   00cf9300 DPL=0 DS   [-WA]
  GS =0030   00cf9300 DPL=0 DS   [-WA]
  LDT=   8200 DPL=0 LDT
  TR =   8b00 DPL=0 TSS64-busy
  GDT= 079eea98 0047
  IDT= 0758f018 0fff
  CR0=80010033 CR2= CR3=07c01000 CR4=0668
  DR0= DR1= DR2= 
DR3= 
  DR6=0ff0 DR7=0400
  CCS=0044 CCD= CCO=EFLAGS  
  EFER=0d00

  
  NOTE[5]: Just to better help the investigation of the bug, I'd like to remark 
that the issue is NOT caused by an endless loop of triple-faults. I tried with 
-d cpu_reset and there is NO such loop. No triple fault whatsoever.

  NOTE[6]: The OVMF version used for the test has been downloaded from:
  
https://www.kraxel.org/repos/jenkins/edk2/edk2.git-ovmf-x64-0-20200515.1398.g6ff7c838d0.noarch.rpm

  but the issue is the same with older OVMF versions as well.

  
  Please take a look at it, as the bug is NOT a corner case. QEMU 4.2.0 cannot 
boot with an UEFI firmware (OVMF) while virtualizing a x86_64 machine AT ALL.

  Thank you very much,
  Vladislav K. Valtchev

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1882671/+subscriptions

Re: [PATCH 0/2] qcow2: seriously improve savevm performance

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200610144129.27659-1-...@openvz.org/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

  BUNZIP2 pc-bios/edk2-i386-code.fd.bz2
  BUNZIP2 pc-bios/edk2-arm-vars.fd.bz2
/tmp/qemu-test/src/block/qcow2.c: In function 'qcow2_co_vmstate_task_entry':
/tmp/qemu-test/src/block/qcow2.c:5147:12: error: 'err' may be used 
uninitialized in this function [-Werror=maybe-uninitialized]
 return err;
^~~
cc1: all warnings being treated as errors
make: *** [/tmp/qemu-test/src/rules.mak:69: block/qcow2.o] Error 1
make: *** Waiting for unfinished jobs
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 665, in 
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=a0327ae2ef3c4163bdd307b30bc90a7c', '-u', 
'1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-fbvrtr6u/src/docker-src.2020-06-10-14.22.01.21453:/var/tmp/qemu:z,ro',
 'qemu:fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=a0327ae2ef3c4163bdd307b30bc90a7c
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-fbvrtr6u/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real2m20.791s
user0m8.483s


The full log is available at
http://patchew.org/logs/20200610144129.27659-1-...@openvz.org/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH 0/2] qcow2: seriously improve savevm performance

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200610144129.27659-1-...@openvz.org/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  block/gluster.o
  CC  block/ssh.o
  CC  block/dmg-bz2.o
/tmp/qemu-test/src/block/qcow2.c:5139:9: error: variable 'err' is used 
uninitialized whenever 'if' condition is false 
[-Werror,-Wsometimes-uninitialized]
if (t->bytes != 0) {
^
/tmp/qemu-test/src/block/qcow2.c:5147:12: note: uninitialized use occurs here
---
   ^
= 0
1 error generated.
make: *** [/tmp/qemu-test/src/rules.mak:69: block/qcow2.o] Error 1
make: *** Waiting for unfinished jobs
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 665, in 
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=213a8da69081459b91db63888e1cc6a0', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 
'TARGET_LIST=x86_64-softmmu', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 
'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', 
'-v', '/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-v54hgiy2/src/docker-src.2020-06-10-14.20.39.19315:/var/tmp/qemu:z,ro',
 'qemu:fedora', '/var/tmp/qemu/run', 'test-debug']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=213a8da69081459b91db63888e1cc6a0
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-v54hgiy2/src'
make: *** [docker-run-test-debug@fedora] Error 2

real4m8.609s
user0m8.917s


The full log is available at
http://patchew.org/logs/20200610144129.27659-1-...@openvz.org/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com