Re: [PATCH v5 4/5] hw/riscv: spike: Allow creating multiple NUMA sockets

[Atish Patra]

On Fri, May 29, 2020 at 4:48 AM Anup Patel  wrote:
>
> We extend RISC-V spike machine to allow creating a multi-socket
> machine. Each RISC-V spike machine socket is a NUMA node having
> a set of HARTs, a memory instance, and a CLINT instance. Other
> devices are shared between all sockets. We also update the
> generated device tree accordingly.
>
> By default, NUMA multi-socket support is disabled for RISC-V spike
> machine. To enable it, users can use "-numa" command-line options
> of QEMU.
>
> Example1: For two NUMA nodes with 2 CPUs each, append following
> to command-line options: "-smp 4 -numa node -numa node"
>
> Example2: For two NUMA nodes with 1 and 3 CPUs, append following
> to command-line options:
> "-smp 4 -numa node -numa node -numa cpu,node-id=0,core-id=0 \
> -numa cpu,node-id=1,core-id=1 -numa cpu,node-id=1,core-id=2 \
> -numa cpu,node-id=1,core-id=3"
>
> The maximum number of sockets in a RISC-V spike machine is 8
> but this limit can be changed in future.
>
> Signed-off-by: Anup Patel 
> ---
>  hw/riscv/spike.c | 268 ++-
>  include/hw/riscv/spike.h |  11 +-
>  2 files changed, 187 insertions(+), 92 deletions(-)
>
> diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
> index d5e0103d89..b8373eb1eb 100644
> --- a/hw/riscv/spike.c
> +++ b/hw/riscv/spike.c
> @@ -36,6 +36,7 @@
>  #include "hw/riscv/sifive_clint.h"
>  #include "hw/riscv/spike.h"
>  #include "hw/riscv/boot.h"
> +#include "hw/riscv/numa.h"
>  #include "chardev/char.h"
>  #include "sysemu/arch_init.h"
>  #include "sysemu/device_tree.h"
> @@ -64,9 +65,14 @@ static void create_fdt(SpikeState *s, const struct 
> MemmapEntry *memmap,
>  uint64_t mem_size, const char *cmdline)
>  {
>  void *fdt;
> -int cpu;
> -uint32_t *cells;
> -char *nodename;
> +uint64_t addr, size;
> +unsigned long clint_addr;
> +int cpu, socket;
> +MachineState *mc = MACHINE(s);
> +uint32_t *clint_cells;
> +uint32_t cpu_phandle, intc_phandle, phandle = 1;
> +char *name, *mem_name, *clint_name, *clust_name;
> +char *core_name, *cpu_name, *intc_name;
>
>  fdt = s->fdt = create_device_tree(&s->fdt_size);
>  if (!fdt) {
> @@ -88,68 +94,91 @@ static void create_fdt(SpikeState *s, const struct 
> MemmapEntry *memmap,
>  qemu_fdt_setprop_cell(fdt, "/soc", "#size-cells", 0x2);
>  qemu_fdt_setprop_cell(fdt, "/soc", "#address-cells", 0x2);
>
> -nodename = g_strdup_printf("/memory@%lx",
> -(long)memmap[SPIKE_DRAM].base);
> -qemu_fdt_add_subnode(fdt, nodename);
> -qemu_fdt_setprop_cells(fdt, nodename, "reg",
> -memmap[SPIKE_DRAM].base >> 32, memmap[SPIKE_DRAM].base,
> -mem_size >> 32, mem_size);
> -qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory");
> -g_free(nodename);
> -
>  qemu_fdt_add_subnode(fdt, "/cpus");
>  qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency",
>  SIFIVE_CLINT_TIMEBASE_FREQ);
>  qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0);
>  qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1);
> +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map");
> +
> +for (socket = (riscv_socket_count(mc) - 1); socket >= 0; socket--) {
> +clust_name = g_strdup_printf("/cpus/cpu-map/cluster%d", socket);
> +qemu_fdt_add_subnode(fdt, clust_name);
> +
> +clint_cells =  g_new0(uint32_t, s->soc[socket].num_harts * 4);
>
> -for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) {
> -nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
> -char *intc = g_strdup_printf("/cpus/cpu@%d/interrupt-controller", 
> cpu);
> -char *isa = riscv_isa_string(&s->soc.harts[cpu]);
> -qemu_fdt_add_subnode(fdt, nodename);
> +for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) {
> +cpu_phandle = phandle++;
> +
> +cpu_name = g_strdup_printf("/cpus/cpu@%d",
> +s->soc[socket].hartid_base + cpu);
> +qemu_fdt_add_subnode(fdt, cpu_name);
>  #if defined(TARGET_RISCV32)
> -qemu_fdt_setprop_string(fdt, nodename, "mmu-type", "riscv,sv32");
> +qemu_fdt_setprop_string(fdt, cpu_name, "mmu-type", "riscv,sv32");
>  #else
> -qemu_fdt_setprop_string(fdt, nodename, "mmu-type", "riscv,sv48");
> +qemu_fdt_setprop_string(fdt, cpu_name, "mmu-type", "riscv,sv48");
>  #endif
> -qemu_fdt_setprop_string(fdt, nodename, "riscv,isa", isa);
> -qemu_fdt_setprop_string(fdt, nodename, "compatible", "riscv");
> -qemu_fdt_setprop_string(fdt, nodename, "status", "okay");
> -qemu_fdt_setprop_cell(fdt, nodename, "reg", cpu);
> -qemu_fdt_setprop_string(fdt, nodename, "device_type", "cpu");
> -qemu_fdt_add_subnode(fdt, intc);
> -qemu_fdt_setprop_cell(fdt, intc, "phandle", 1);
> -qemu_fdt_setprop_string(fdt, intc, "compatible", "riscv,cpu-intc");
> -qemu_fdt_setprop(fdt, intc, "interrupt-controller", NULL, 0);
> - 

Re: [PATCH v5 5/5] hw/riscv: virt: Allow creating multiple NUMA sockets

[Atish Patra]

On Fri, May 29, 2020 at 4:50 AM Anup Patel  wrote:
>
> We extend RISC-V virt machine to allow creating a multi-socket
> machine. Each RISC-V virt machine socket is a NUMA node having
> a set of HARTs, a memory instance, a CLINT instance, and a PLIC
> instance. Other devices are shared between all sockets. We also
> update the generated device tree accordingly.
>
> By default, NUMA multi-socket support is disabled for RISC-V virt
> machine. To enable it, users can use "-numa" command-line options
> of QEMU.
>
> Example1: For two NUMA nodes with 2 CPUs each, append following
> to command-line options: "-smp 4 -numa node -numa node"
>
> Example2: For two NUMA nodes with 1 and 3 CPUs, append following
> to command-line options:
> "-smp 4 -numa node -numa node -numa cpu,node-id=0,core-id=0 \
> -numa cpu,node-id=1,core-id=1 -numa cpu,node-id=1,core-id=2 \
> -numa cpu,node-id=1,core-id=3"
>
> The maximum number of sockets in a RISC-V virt machine is 8
> but this limit can be changed in future.
>
> Signed-off-by: Anup Patel 
> ---
>  hw/riscv/virt.c | 530 +++-
>  include/hw/riscv/virt.h |   9 +-
>  2 files changed, 308 insertions(+), 231 deletions(-)
>
> diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> index 421815081d..2863b42cea 100644
> --- a/hw/riscv/virt.c
> +++ b/hw/riscv/virt.c
> @@ -35,6 +35,7 @@
>  #include "hw/riscv/sifive_test.h"
>  #include "hw/riscv/virt.h"
>  #include "hw/riscv/boot.h"
> +#include "hw/riscv/numa.h"
>  #include "chardev/char.h"
>  #include "sysemu/arch_init.h"
>  #include "sysemu/device_tree.h"
> @@ -60,7 +61,7 @@ static const struct MemmapEntry {
>  [VIRT_TEST] ={   0x10,0x1000 },
>  [VIRT_RTC] = {   0x101000,0x1000 },
>  [VIRT_CLINT] =   {  0x200,   0x1 },
> -[VIRT_PLIC] ={  0xc00, 0x400 },
> +[VIRT_PLIC] ={  0xc00, VIRT_PLIC_SIZE(VIRT_CPUS_MAX * 2) },
>  [VIRT_UART0] =   { 0x1000, 0x100 },
>  [VIRT_VIRTIO] =  { 0x10001000,0x1000 },
>  [VIRT_FLASH] =   { 0x2000, 0x400 },
> @@ -182,10 +183,17 @@ static void create_fdt(RISCVVirtState *s, const struct 
> MemmapEntry *memmap,
>  uint64_t mem_size, const char *cmdline)
>  {
>  void *fdt;
> -int cpu, i;
> -uint32_t *cells;
> -char *nodename;
> -uint32_t plic_phandle, test_phandle, phandle = 1;
> +int i, cpu, socket;
> +MachineState *mc = MACHINE(s);
> +uint64_t addr, size;
> +uint32_t *clint_cells, *plic_cells;
> +unsigned long clint_addr, plic_addr;
> +uint32_t plic_phandle[MAX_NODES];
> +uint32_t cpu_phandle, intc_phandle, test_phandle;
> +uint32_t phandle = 1, plic_mmio_phandle = 1;
> +uint32_t plic_pcie_phandle = 1, plic_virtio_phandle = 1;
> +char *mem_name, *cpu_name, *core_name, *intc_name;
> +char *name, *clint_name, *plic_name, *clust_name;
>  hwaddr flashsize = virt_memmap[VIRT_FLASH].size / 2;
>  hwaddr flashbase = virt_memmap[VIRT_FLASH].base;
>
> @@ -206,231 +214,238 @@ static void create_fdt(RISCVVirtState *s, const 
> struct MemmapEntry *memmap,
>  qemu_fdt_setprop_cell(fdt, "/soc", "#size-cells", 0x2);
>  qemu_fdt_setprop_cell(fdt, "/soc", "#address-cells", 0x2);
>
> -nodename = g_strdup_printf("/memory@%lx",
> -(long)memmap[VIRT_DRAM].base);
> -qemu_fdt_add_subnode(fdt, nodename);
> -qemu_fdt_setprop_cells(fdt, nodename, "reg",
> -memmap[VIRT_DRAM].base >> 32, memmap[VIRT_DRAM].base,
> -mem_size >> 32, mem_size);
> -qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory");
> -g_free(nodename);
> -
>  qemu_fdt_add_subnode(fdt, "/cpus");
>  qemu_fdt_setprop_cell(fdt, "/cpus", "timebase-frequency",
>SIFIVE_CLINT_TIMEBASE_FREQ);
>  qemu_fdt_setprop_cell(fdt, "/cpus", "#size-cells", 0x0);
>  qemu_fdt_setprop_cell(fdt, "/cpus", "#address-cells", 0x1);
> +qemu_fdt_add_subnode(fdt, "/cpus/cpu-map");
> +
> +for (socket = (riscv_socket_count(mc) - 1); socket >= 0; socket--) {
> +clust_name = g_strdup_printf("/cpus/cpu-map/cluster%d", socket);
> +qemu_fdt_add_subnode(fdt, clust_name);
> +
> +plic_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
> +clint_cells = g_new0(uint32_t, s->soc[socket].num_harts * 4);
> +
> +for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) {
> +cpu_phandle = phandle++;
>
> -for (cpu = s->soc.num_harts - 1; cpu >= 0; cpu--) {
> -int cpu_phandle = phandle++;
> -int intc_phandle;
> -nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
> -char *intc = g_strdup_printf("/cpus/cpu@%d/interrupt-controller", 
> cpu);
> -char *isa = riscv_isa_string(&s->soc.harts[cpu]);
> -qemu_fdt_add_subnode(fdt, nodename);
> +cpu_name = g_strdup_printf("/cpus/cpu@%d",
> +s->soc[socket].hartid_base + cpu);
> 

Re: [PATCH v5 3/5] hw/riscv: Add helpers for RISC-V multi-socket NUMA machines

[Atish Patra]

On Fri, May 29, 2020 at 4:48 AM Anup Patel  wrote:
>
> We add common helper routines which can be shared by RISC-V
> multi-socket NUMA machines.
>
> We have two types of helpers:
> 1. riscv_socket_xyz() - These helper assist managing multiple
>sockets irrespective whether QEMU NUMA is enabled/disabled
> 2. riscv_numa_xyz() - These helpers assist in providing
>necessary QEMU machine callbacks for QEMU NUMA emulation
>
> Signed-off-by: Anup Patel 
> ---
>  hw/riscv/Makefile.objs  |   1 +
>  hw/riscv/numa.c | 242 
>  include/hw/riscv/numa.h |  51 +
>  3 files changed, 294 insertions(+)
>  create mode 100644 hw/riscv/numa.c
>  create mode 100644 include/hw/riscv/numa.h
>
> diff --git a/hw/riscv/Makefile.objs b/hw/riscv/Makefile.objs
> index fc3c6dd7c8..4483e61879 100644
> --- a/hw/riscv/Makefile.objs
> +++ b/hw/riscv/Makefile.objs
> @@ -1,4 +1,5 @@
>  obj-y += boot.o
> +obj-y += numa.o
>  obj-$(CONFIG_SPIKE) += riscv_htif.o
>  obj-$(CONFIG_HART) += riscv_hart.o
>  obj-$(CONFIG_SIFIVE_E) += sifive_e.o
> diff --git a/hw/riscv/numa.c b/hw/riscv/numa.c
> new file mode 100644
> index 00..4f92307102
> --- /dev/null
> +++ b/hw/riscv/numa.c
> @@ -0,0 +1,242 @@
> +/*
> + * QEMU RISC-V NUMA Helper
> + *
> + * Copyright (c) 2020 Western Digital Corporation or its affiliates.
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along 
> with
> + * this program.  If not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/units.h"
> +#include "qemu/log.h"
> +#include "qemu/error-report.h"
> +#include "qapi/error.h"
> +#include "hw/boards.h"
> +#include "hw/qdev-properties.h"
> +#include "hw/riscv/numa.h"
> +#include "sysemu/device_tree.h"
> +
> +static bool numa_enabled(const MachineState *ms)
> +{
> +return (ms->numa_state && ms->numa_state->num_nodes) ? true : false;
> +}
> +
> +int riscv_socket_count(const MachineState *ms)
> +{
> +return (numa_enabled(ms)) ? ms->numa_state->num_nodes : 1;
> +}
> +
> +int riscv_socket_first_hartid(const MachineState *ms, int socket_id)
> +{
> +int i, first_hartid = ms->smp.cpus;
> +
> +if (!numa_enabled(ms)) {
> +return (!socket_id) ? 0 : -1;
> +}
> +
> +for (i = 0; i < ms->smp.cpus; i++) {
> +if (ms->possible_cpus->cpus[i].props.node_id != socket_id) {
> +continue;
> +}
> +if (i < first_hartid) {
> +first_hartid = i;
> +}
> +}
> +
> +return (first_hartid < ms->smp.cpus) ? first_hartid : -1;
> +}
> +
> +int riscv_socket_last_hartid(const MachineState *ms, int socket_id)
> +{
> +int i, last_hartid = -1;
> +
> +if (!numa_enabled(ms)) {
> +return (!socket_id) ? ms->smp.cpus - 1 : -1;
> +}
> +
> +for (i = 0; i < ms->smp.cpus; i++) {
> +if (ms->possible_cpus->cpus[i].props.node_id != socket_id) {
> +continue;
> +}
> +if (i > last_hartid) {
> +last_hartid = i;
> +}
> +}
> +
> +return (last_hartid < ms->smp.cpus) ? last_hartid : -1;
> +}
> +
> +int riscv_socket_hart_count(const MachineState *ms, int socket_id)
> +{
> +int first_hartid, last_hartid;
> +
> +if (!numa_enabled(ms)) {
> +return (!socket_id) ? ms->smp.cpus : -1;
> +}
> +
> +first_hartid = riscv_socket_first_hartid(ms, socket_id);
> +if (first_hartid < 0) {
> +return -1;
> +}
> +
> +last_hartid = riscv_socket_last_hartid(ms, socket_id);
> +if (last_hartid < 0) {
> +return -1;
> +}
> +
> +if (first_hartid > last_hartid) {
> +return -1;
> +}
> +
> +return last_hartid - first_hartid + 1;
> +}
> +
> +bool riscv_socket_check_hartids(const MachineState *ms, int socket_id)
> +{
> +int i, first_hartid, last_hartid;
> +
> +if (!numa_enabled(ms)) {
> +return (!socket_id) ? true : false;
> +}
> +
> +first_hartid = riscv_socket_first_hartid(ms, socket_id);
> +if (first_hartid < 0) {
> +return false;
> +}
> +
> +last_hartid = riscv_socket_last_hartid(ms, socket_id);
> +if (last_hartid < 0) {
> +return false;
> +}
> +
> +for (i = first_hartid; i <= last_hartid; i++) {
> +if (ms->possible_cpus->cpus[i].props.node_id != socket_id) {
> +return false;
> +}
> +}
> +
> +return true;
> +}
> +
> +uint64_t riscv_socket_mem_offset(const MachineState *ms, int socket_id)
> +{
> +int i;

Re: [PATCH 0/6] Add several Power ISA 3.1 32/64-bit vector instructions

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200613042029.22321-1-...@linux.ibm.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20200613042029.22321-1-...@linux.ibm.com
Subject: [PATCH 0/6] Add several Power ISA 3.1 32/64-bit vector instructions
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
d39f30e target/ppc: add vdiv{su}{wd} vmod{su}{wd} instructions
966b641 fix the prototype of muls64/mulu64
42111c5 target/ppc: add vmulh{su}d instructions
c96e996 targetc/ppc: add vmulh{su}w instructions
c52004c target/ppc: add vmulld instruction
1061e4e target/ppc: add byte-reverse br[dwh] instructions

=== OUTPUT BEGIN ===
1/6 Checking commit 1061e4ead5bc (target/ppc: add byte-reverse br[dwh] 
instructions)
ERROR: code indent should never use tabs
#26: FILE: target/ppc/translate.c:6977:
+^ITCGv_i64 temp = tcg_temp_new_i64();$

ERROR: code indent should never use tabs
#28: FILE: target/ppc/translate.c:6979:
+^Itcg_gen_bswap64_i64(temp, cpu_gpr[rS(ctx->opcode)]);$

WARNING: line over 80 characters
#29: FILE: target/ppc/translate.c:6980:
+   tcg_gen_st_i64(temp, cpu_env, offsetof(CPUPPCState, 
gpr[rA(ctx->opcode)]));

ERROR: code indent should never use tabs
#29: FILE: target/ppc/translate.c:6980:
+^Itcg_gen_st_i64(temp, cpu_env, offsetof(CPUPPCState, gpr[rA(ctx->opcode)]));$

ERROR: code indent should never use tabs
#31: FILE: target/ppc/translate.c:6982:
+^Itcg_temp_free_i64(temp);$

ERROR: code indent should never use tabs
#37: FILE: target/ppc/translate.c:6988:
+^ITCGv_i64 temp = tcg_temp_new_i64();$

ERROR: code indent should never use tabs
#38: FILE: target/ppc/translate.c:6989:
+^ITCGv_i64 lsb = tcg_temp_new_i64();$

ERROR: code indent should never use tabs
#39: FILE: target/ppc/translate.c:6990:
+^ITCGv_i64 msb = tcg_temp_new_i64();$

ERROR: code indent should never use tabs
#41: FILE: target/ppc/translate.c:6992:
+^Itcg_gen_movi_i64(lsb, 0xull);$

ERROR: code indent should never use tabs
#42: FILE: target/ppc/translate.c:6993:
+^Itcg_gen_and_i64(temp, lsb, cpu_gpr[rS(ctx->opcode)]);$

ERROR: code indent should never use tabs
#43: FILE: target/ppc/translate.c:6994:
+^Itcg_gen_bswap32_i64(lsb, temp);$

ERROR: trailing whitespace
#44: FILE: target/ppc/translate.c:6995:
+^I$

ERROR: code indent should never use tabs
#44: FILE: target/ppc/translate.c:6995:
+^I$

ERROR: code indent should never use tabs
#45: FILE: target/ppc/translate.c:6996:
+^Itcg_gen_shri_i64(msb, cpu_gpr[rS(ctx->opcode)], 32);$

ERROR: code indent should never use tabs
#46: FILE: target/ppc/translate.c:6997:
+^Itcg_gen_bswap32_i64(temp, msb);$

ERROR: code indent should never use tabs
#47: FILE: target/ppc/translate.c:6998:
+^Itcg_gen_shli_i64(msb, temp, 32);$

ERROR: trailing whitespace
#48: FILE: target/ppc/translate.c:6999:
+^I$

ERROR: code indent should never use tabs
#48: FILE: target/ppc/translate.c:6999:
+^I$

ERROR: code indent should never use tabs
#49: FILE: target/ppc/translate.c:7000:
+^Itcg_gen_or_i64(temp, lsb, msb);$

WARNING: line over 80 characters
#51: FILE: target/ppc/translate.c:7002:
+   tcg_gen_st_i64(temp, cpu_env, offsetof(CPUPPCState, 
gpr[rA(ctx->opcode)]));

ERROR: code indent should never use tabs
#51: FILE: target/ppc/translate.c:7002:
+^Itcg_gen_st_i64(temp, cpu_env, offsetof(CPUPPCState, gpr[rA(ctx->opcode)]));$

ERROR: code indent should never use tabs
#53: FILE: target/ppc/translate.c:7004:
+^Itcg_temp_free_i64(temp);$

ERROR: code indent should never use tabs
#54: FILE: target/ppc/translate.c:7005:
+^Itcg_temp_free_i64(lsb);$

ERROR: code indent should never use tabs
#55: FILE: target/ppc/translate.c:7006:
+^Itcg_temp_free_i64(msb);$

ERROR: code indent should never use tabs
#61: FILE: target/ppc/translate.c:7012:
+^ITCGv_i64 temp = tcg_temp_new_i64();$

ERROR: code indent should never use tabs
#62: FILE: target/ppc/translate.c:7013:
+^ITCGv_i64 t0 = tcg_temp_new_i64();$

ERROR: code indent should never use tabs
#63: FILE: target/ppc/translate.c:7014:
+^ITCGv_i64 t1 = tcg_temp_new_i64();$

ERROR: code indent should never use tabs
#64: FILE: target/ppc/translate.c:7015:
+^ITCGv_i64 t2 = tcg_temp_new_i64();$

ERROR: code indent should never use tabs
#65: FILE: target/ppc/translate.c:7016:
+^ITCGv_i64 t3 = tcg_temp_new_i64();$

ERROR: code indent should never use tabs
#67: FILE: target/ppc/translate.c:7018:
+^Itcg_gen_movi_i64(t0, 0x00ff00ff00ff00ffull);$

ERROR: code indent should never use tabs
#68: FILE: target/ppc/translate.c:7019:
+^Itcg_gen_shri_i64(t1, cpu_gpr[rS(ctx->opcode)], 8);$

ERROR: code indent should never use tabs
#69: FILE: target/ppc/translate.c:7020:
+^Itcg_gen_and_i64(t2, t1, t0);$

ERROR: code indent should never use tabs
#70: FILE: target/ppc/tra

[PATCH 4/6] target/ppc: add vmulh{su}d instructions

[Lijun Pan]

vmulhsd: Vector Multiply High Signed Doubleword
vmulhud: Vector Multiply High Unsigned Doubleword

Signed-off-by: Lijun Pan 
---
 target/ppc/helper.h |  2 ++
 target/ppc/int_helper.c | 24 
 target/ppc/translate/vmx-impl.inc.c |  2 ++
 target/ppc/translate/vmx-ops.inc.c  |  2 ++
 4 files changed, 30 insertions(+)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 6d4a3536eb..1aed2087cf 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -188,6 +188,8 @@ DEF_HELPER_3(vmuluwm, void, avr, avr, avr)
 DEF_HELPER_3(vmulld, void, avr, avr, avr)
 DEF_HELPER_3(vmulhsw, void, avr, avr, avr)
 DEF_HELPER_3(vmulhuw, void, avr, avr, avr)
+DEF_HELPER_3(vmulhsd, void, avr, avr, avr)
+DEF_HELPER_3(vmulhud, void, avr, avr, avr)
 DEF_HELPER_3(vslo, void, avr, avr, avr)
 DEF_HELPER_3(vsro, void, avr, avr, avr)
 DEF_HELPER_3(vsrv, void, avr, avr, avr)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 4bb3b7e928..6c401d41f6 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -523,6 +523,30 @@ void helper_vprtybq(ppc_avr_t *r, ppc_avr_t *b)
 r->VsrD(0) = 0;
 }
 
+void helper_vmulhsd(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)
+{
+   int i;
+   uint64_t h64 = 0;
+   uint64_t l64 = 0;
+
+   for (i = 0; i < 2; i++) {
+   muls64(&l64, &h64, a->s64[i], b->s64[i]);
+   r->s64[i] = h64;
+   }
+}
+
+void helper_vmulhud(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)
+{
+   int i;
+   uint64_t h64 = 0;
+   uint64_t l64 = 0;
+
+   for (i = 0; i < 2; i++) {
+   mulu64(&l64, &h64, a->s64[i], b->s64[i]);
+   r->u64[i] = h64;
+   }
+}
+
 #define VMULH_DO(name, op, element, cast_orig, cast_temp)  \
 void helper_vmulh##name(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)  \
 {  \
diff --git a/target/ppc/translate/vmx-impl.inc.c 
b/target/ppc/translate/vmx-impl.inc.c
index 2c35559c52..a9e7e7c3fe 100644
--- a/target/ppc/translate/vmx-impl.inc.c
+++ b/target/ppc/translate/vmx-impl.inc.c
@@ -812,6 +812,7 @@ GEN_VXFORM(vmuleub, 4, 8);
 GEN_VXFORM(vmuleuh, 4, 9);
 GEN_VXFORM(vmuleuw, 4, 10);
 GEN_VXFORM(vmulhuw, 4, 10);
+GEN_VXFORM(vmulhud, 4, 11);
 GEN_VXFORM_DUAL(vmuleuw, PPC_ALTIVEC, PPC_NONE,
vmulhuw, PPC_NONE, PPC2_ISA300);
 GEN_VXFORM(vmulesb, 4, 12);
@@ -820,6 +821,7 @@ GEN_VXFORM(vmulesw, 4, 14);
 GEN_VXFORM(vmulhsw, 4, 14);
 GEN_VXFORM_DUAL(vmulesw, PPC_ALTIVEC, PPC_NONE,
vmulhsw, PPC_NONE, PPC2_ISA300);
+GEN_VXFORM(vmulhsd, 4, 15);
 GEN_VXFORM_V(vslb, MO_8, tcg_gen_gvec_shlv, 2, 4);
 GEN_VXFORM_V(vslh, MO_16, tcg_gen_gvec_shlv, 2, 5);
 GEN_VXFORM_V(vslw, MO_32, tcg_gen_gvec_shlv, 2, 6);
diff --git a/target/ppc/translate/vmx-ops.inc.c 
b/target/ppc/translate/vmx-ops.inc.c
index 1d8238a718..719fecbaa3 100644
--- a/target/ppc/translate/vmx-ops.inc.c
+++ b/target/ppc/translate/vmx-ops.inc.c
@@ -108,9 +108,11 @@ GEN_VXFORM_300(vmulld, 4, 7),
 GEN_VXFORM(vmuleub, 4, 8),
 GEN_VXFORM(vmuleuh, 4, 9),
 GEN_VXFORM_DUAL(vmuleuw, vmulhuw, 4, 10, PPC_ALTIVEC, PPC_NONE),
+GEN_VXFORM_300(vmulhud, 4, 11),
 GEN_VXFORM(vmulesb, 4, 12),
 GEN_VXFORM(vmulesh, 4, 13),
 GEN_VXFORM_DUAL(vmulesw, vmulhsw, 4, 14, PPC_ALTIVEC, PPC_NONE),
+GEN_VXFORM_300(vmulhsd, 4, 15),
 GEN_VXFORM(vslb, 2, 4),
 GEN_VXFORM(vslh, 2, 5),
 GEN_VXFORM_DUAL(vslw, vrlwnm, 2, 6, PPC_ALTIVEC, PPC_NONE),
-- 
2.23.0

[PATCH 0/6] Add several Power ISA 3.1 32/64-bit vector instructions

[Lijun Pan]

This patch series add several newly introduced 32/64-bit vector
instructions in Power ISA 3.1. The newly added instructions are
flagged as ISA300 temporarily in vmx-ops.inc.c and vmx-impl.inc.c
to make them compile and function since Power ISA 3.1, together
with next generation processor, has not been fully enabled in QEMU
yet. When Power ISA 3.1 and next generation processor are fully
supported, the flags should be changed.

Lijun Pan (6):
  target/ppc: add byte-reverse br[dwh] instructions
  target/ppc: add vmulld instruction
  targetc/ppc: add vmulh{su}w instructions
  target/ppc: add vmulh{su}d instructions
  fix the prototype of muls64/mulu64
  target/ppc: add vdiv{su}{wd} vmod{su}{wd} instructions

 include/qemu/host-utils.h   |  4 +-
 target/ppc/helper.h | 13 ++
 target/ppc/int_helper.c | 58 +
 target/ppc/translate.c  | 65 +
 target/ppc/translate/vmx-impl.inc.c | 24 +++
 target/ppc/translate/vmx-ops.inc.c  | 22 --
 6 files changed, 180 insertions(+), 6 deletions(-)

-- 
2.23.0

[PATCH 3/6] targetc/ppc: add vmulh{su}w instructions

[Lijun Pan]

vmulhsw: Vector Multiply High Signed Word
vmulhuw: Vector Multiply High Unsigned Word

Signed-off-by: Lijun Pan 
---
 target/ppc/helper.h |  2 ++
 target/ppc/int_helper.c | 14 ++
 target/ppc/translate/vmx-impl.inc.c |  6 ++
 target/ppc/translate/vmx-ops.inc.c  |  4 ++--
 4 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index c3f087ccb3..6d4a3536eb 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -186,6 +186,8 @@ DEF_HELPER_3(vmulouh, void, avr, avr, avr)
 DEF_HELPER_3(vmulouw, void, avr, avr, avr)
 DEF_HELPER_3(vmuluwm, void, avr, avr, avr)
 DEF_HELPER_3(vmulld, void, avr, avr, avr)
+DEF_HELPER_3(vmulhsw, void, avr, avr, avr)
+DEF_HELPER_3(vmulhuw, void, avr, avr, avr)
 DEF_HELPER_3(vslo, void, avr, avr, avr)
 DEF_HELPER_3(vsro, void, avr, avr, avr)
 DEF_HELPER_3(vsrv, void, avr, avr, avr)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index afbcdd05b4..4bb3b7e928 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -523,6 +523,20 @@ void helper_vprtybq(ppc_avr_t *r, ppc_avr_t *b)
 r->VsrD(0) = 0;
 }
 
+#define VMULH_DO(name, op, element, cast_orig, cast_temp)  \
+void helper_vmulh##name(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)  \
+{  \
+   int i;  \
+   \
+   for (i = 0; i < ARRAY_SIZE(r->element); i++) {  \
+   r->element[i] = (cast_orig)(((cast_temp)a->element[i] op \
+   (cast_temp)b->element[i]) >> 32);   \
+   }   \
+}
+VMULH_DO(sw, *, s32, int32_t, int64_t)
+VMULH_DO(uw, *, u32, uint32_t, uint64_t)
+#undef VMULH_DO
+
 #define VARITH_DO(name, op, element)\
 void helper_v##name(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)   \
 {   \
diff --git a/target/ppc/translate/vmx-impl.inc.c 
b/target/ppc/translate/vmx-impl.inc.c
index 4ee1df48f2..2c35559c52 100644
--- a/target/ppc/translate/vmx-impl.inc.c
+++ b/target/ppc/translate/vmx-impl.inc.c
@@ -811,9 +811,15 @@ GEN_VXFORM(vmulld,  4, 7);
 GEN_VXFORM(vmuleub, 4, 8);
 GEN_VXFORM(vmuleuh, 4, 9);
 GEN_VXFORM(vmuleuw, 4, 10);
+GEN_VXFORM(vmulhuw, 4, 10);
+GEN_VXFORM_DUAL(vmuleuw, PPC_ALTIVEC, PPC_NONE,
+   vmulhuw, PPC_NONE, PPC2_ISA300);
 GEN_VXFORM(vmulesb, 4, 12);
 GEN_VXFORM(vmulesh, 4, 13);
 GEN_VXFORM(vmulesw, 4, 14);
+GEN_VXFORM(vmulhsw, 4, 14);
+GEN_VXFORM_DUAL(vmulesw, PPC_ALTIVEC, PPC_NONE,
+   vmulhsw, PPC_NONE, PPC2_ISA300);
 GEN_VXFORM_V(vslb, MO_8, tcg_gen_gvec_shlv, 2, 4);
 GEN_VXFORM_V(vslh, MO_16, tcg_gen_gvec_shlv, 2, 5);
 GEN_VXFORM_V(vslw, MO_32, tcg_gen_gvec_shlv, 2, 6);
diff --git a/target/ppc/translate/vmx-ops.inc.c 
b/target/ppc/translate/vmx-ops.inc.c
index 499bed0a44..1d8238a718 100644
--- a/target/ppc/translate/vmx-ops.inc.c
+++ b/target/ppc/translate/vmx-ops.inc.c
@@ -107,10 +107,10 @@ GEN_VXFORM_207(vmulosw, 4, 6),
 GEN_VXFORM_300(vmulld, 4, 7),
 GEN_VXFORM(vmuleub, 4, 8),
 GEN_VXFORM(vmuleuh, 4, 9),
-GEN_VXFORM_207(vmuleuw, 4, 10),
+GEN_VXFORM_DUAL(vmuleuw, vmulhuw, 4, 10, PPC_ALTIVEC, PPC_NONE),
 GEN_VXFORM(vmulesb, 4, 12),
 GEN_VXFORM(vmulesh, 4, 13),
-GEN_VXFORM_207(vmulesw, 4, 14),
+GEN_VXFORM_DUAL(vmulesw, vmulhsw, 4, 14, PPC_ALTIVEC, PPC_NONE),
 GEN_VXFORM(vslb, 2, 4),
 GEN_VXFORM(vslh, 2, 5),
 GEN_VXFORM_DUAL(vslw, vrlwnm, 2, 6, PPC_ALTIVEC, PPC_NONE),
-- 
2.23.0

[PATCH 6/6] target/ppc: add vdiv{su}{wd} vmod{su}{wd} instructions

[Lijun Pan]

vdivsw: Vector Divide Signed Word
vdivuw: Vector Divide Unsigned Word
vdivsd: Vector Divide Signed Doubleword
vdivud: Vector Divide Unsigned Doubleword
vmodsw: Vector Modulo Signed Word
vmoduw: Vector Modulo Unsigned Word
vmodsd: Vector Modulo Signed Doubleword
vmodud: Vector Modulo Unsigned Doubleword

Signed-off-by: Lijun Pan 
---
 target/ppc/helper.h |  8 
 target/ppc/int_helper.c | 19 +++
 target/ppc/translate.c  |  3 +++
 target/ppc/translate/vmx-impl.inc.c | 15 +++
 target/ppc/translate/vmx-ops.inc.c  | 15 +--
 5 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 1aed2087cf..823999a8c2 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -190,6 +190,14 @@ DEF_HELPER_3(vmulhsw, void, avr, avr, avr)
 DEF_HELPER_3(vmulhuw, void, avr, avr, avr)
 DEF_HELPER_3(vmulhsd, void, avr, avr, avr)
 DEF_HELPER_3(vmulhud, void, avr, avr, avr)
+DEF_HELPER_3(vdivsw, void, avr, avr, avr)
+DEF_HELPER_3(vdivuw, void, avr, avr, avr)
+DEF_HELPER_3(vdivsd, void, avr, avr, avr)
+DEF_HELPER_3(vdivud, void, avr, avr, avr)
+DEF_HELPER_3(vmodsw, void, avr, avr, avr)
+DEF_HELPER_3(vmoduw, void, avr, avr, avr)
+DEF_HELPER_3(vmodsd, void, avr, avr, avr)
+DEF_HELPER_3(vmodud, void, avr, avr, avr)
 DEF_HELPER_3(vslo, void, avr, avr, avr)
 DEF_HELPER_3(vsro, void, avr, avr, avr)
 DEF_HELPER_3(vsrv, void, avr, avr, avr)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 6c401d41f6..585533ad53 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -575,6 +575,25 @@ VARITH_DO(mulld, *, s64)
 #undef VARITH_DO
 #undef VARITH
 
+#define VDIV_MOD_DO(name, op, element)  \
+void helper_v##name(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b)   \
+{   \
+int i;  \
+\
+for (i = 0; i < ARRAY_SIZE(r->element); i++) {  \
+r->element[i] = a->element[i] op b->element[i]; \
+}   \
+}
+VDIV_MOD_DO(divsw, /, s32)
+VDIV_MOD_DO(divuw, /, u32)
+VDIV_MOD_DO(divsd, /, s64)
+VDIV_MOD_DO(divud, /, u64)
+VDIV_MOD_DO(modsw, %, s32)
+VDIV_MOD_DO(moduw, %, u32)
+VDIV_MOD_DO(modsd, %, s64)
+VDIV_MOD_DO(modud, %, u64)
+#undef VDIV_MOD_DO
+
 #define VARITHFP(suffix, func)  \
 void helper_v##suffix(CPUPPCState *env, ppc_avr_t *r, ppc_avr_t *a, \
   ppc_avr_t *b) \
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 2d48fbc8db..59183b5c7b 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -388,6 +388,9 @@ GEN_OPCODE3(name, opc1, opc2, opc3, opc4, inval, type, 
type2)
 #define GEN_HANDLER2_E_2(name, onam, opc1, opc2, opc3, opc4, inval, typ, typ2) 
\
 GEN_OPCODE4(name, onam, opc1, opc2, opc3, opc4, inval, typ, typ2)
 
+#define GEN_HANDLER_BOTH(name, opc1, opc2, opc3, inval0, inval1, type0, type1) 
\
+GEN_OPCODE_DUAL(name, opc1, opc2, opc3, inval0, inval1, type0, type1)
+
 typedef struct opcode_t {
 unsigned char opc1, opc2, opc3, opc4;
 #if HOST_LONG_BITS == 64 /* Explicitly align to 64 bits */
diff --git a/target/ppc/translate/vmx-impl.inc.c 
b/target/ppc/translate/vmx-impl.inc.c
index a9e7e7c3fe..97ee7cf5eb 100644
--- a/target/ppc/translate/vmx-impl.inc.c
+++ b/target/ppc/translate/vmx-impl.inc.c
@@ -798,6 +798,9 @@ static void trans_vclzd(DisasContext *ctx)
 tcg_temp_free_i64(avr);
 }
 
+static void gen_vexptefp(DisasContext *ctx);
+static void gen_vlogefp(DisasContext *ctx);
+
 GEN_VXFORM(vmuloub, 4, 0);
 GEN_VXFORM(vmulouh, 4, 1);
 GEN_VXFORM(vmulouw, 4, 2);
@@ -822,6 +825,18 @@ GEN_VXFORM(vmulhsw, 4, 14);
 GEN_VXFORM_DUAL(vmulesw, PPC_ALTIVEC, PPC_NONE,
vmulhsw, PPC_NONE, PPC2_ISA300);
 GEN_VXFORM(vmulhsd, 4, 15);
+GEN_VXFORM(vdivuw, 5, 2);
+GEN_VXFORM(vdivud, 5, 3);
+GEN_VXFORM(vdivsw, 5, 6);
+GEN_VXFORM_DUAL_EXT(vexptefp, PPC_ALTIVEC, PPC_NONE, 0x001f,
+   vdivsw, PPC_NONE, PPC2_ISA300, 0x);
+GEN_VXFORM(vdivsd, 5, 7);
+GEN_VXFORM_DUAL_EXT(vlogefp, PPC_ALTIVEC, PPC_NONE, 0x001f,
+   vdivsd, PPC_NONE, PPC2_ISA300, 0x);
+GEN_VXFORM(vmoduw, 5, 26);
+GEN_VXFORM(vmodud, 5, 27);
+GEN_VXFORM(vmodsw, 5, 30);
+GEN_VXFORM(vmodsd, 5, 31);
 GEN_VXFORM_V(vslb, MO_8, tcg_gen_gvec_shlv, 2, 4);
 GEN_VXFORM_V(vslh, MO_16, tcg_gen_gvec_shlv, 2, 5);
 GEN_VXFORM_V(vslw, MO_32, tcg_gen_gvec_shlv, 2, 6);
diff --git a/target/ppc/translate/vmx-ops.inc.c 
b/target/ppc/translate/vmx-ops.inc.c
index 719fecbaa3..3425c5156c 100644
--- a/target/ppc/translate/vmx-ops.inc.c
+++ b/target/ppc/translate/vmx-ops.inc.c
@@ -51,6 +51,9 @@ GEN_HANDLER_E_2(name, 0x04, 

[PATCH 5/6] fix the prototype of muls64/mulu64

[Lijun Pan]

The prototypes of muls64/mulu64 in host-utils.h should match the
definitions in host-utils.c

Signed-off-by: Lijun Pan 
---
 include/qemu/host-utils.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/qemu/host-utils.h b/include/qemu/host-utils.h
index 4cd170e6cd..cdca2991d8 100644
--- a/include/qemu/host-utils.h
+++ b/include/qemu/host-utils.h
@@ -77,8 +77,8 @@ static inline int divs128(int64_t *plow, int64_t *phigh, 
int64_t divisor)
 }
 }
 #else
-void muls64(uint64_t *phigh, uint64_t *plow, int64_t a, int64_t b);
-void mulu64(uint64_t *phigh, uint64_t *plow, uint64_t a, uint64_t b);
+void muls64(uint64_t *plow, uint64_t *phigh, int64_t a, int64_t b);
+void mulu64(uint64_t *plow, uint64_t *phigh, uint64_t a, uint64_t b);
 int divu128(uint64_t *plow, uint64_t *phigh, uint64_t divisor);
 int divs128(int64_t *plow, int64_t *phigh, int64_t divisor);
 
-- 
2.23.0

[PATCH 2/6] target/ppc: add vmulld instruction

[Lijun Pan]

vmulld: Vector Multiply Low Doubleword.

Signed-off-by: Lijun Pan 
---
 target/ppc/helper.h | 1 +
 target/ppc/int_helper.c | 1 +
 target/ppc/translate/vmx-impl.inc.c | 1 +
 target/ppc/translate/vmx-ops.inc.c  | 1 +
 4 files changed, 4 insertions(+)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 2dfa1c6942..c3f087ccb3 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -185,6 +185,7 @@ DEF_HELPER_3(vmuloub, void, avr, avr, avr)
 DEF_HELPER_3(vmulouh, void, avr, avr, avr)
 DEF_HELPER_3(vmulouw, void, avr, avr, avr)
 DEF_HELPER_3(vmuluwm, void, avr, avr, avr)
+DEF_HELPER_3(vmulld, void, avr, avr, avr)
 DEF_HELPER_3(vslo, void, avr, avr, avr)
 DEF_HELPER_3(vsro, void, avr, avr, avr)
 DEF_HELPER_3(vsrv, void, avr, avr, avr)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index be53cd6f68..afbcdd05b4 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -533,6 +533,7 @@ void helper_vprtybq(ppc_avr_t *r, ppc_avr_t *b)
 }   \
 }
 VARITH_DO(muluwm, *, u32)
+VARITH_DO(mulld, *, s64)
 #undef VARITH_DO
 #undef VARITH
 
diff --git a/target/ppc/translate/vmx-impl.inc.c 
b/target/ppc/translate/vmx-impl.inc.c
index 403ed3a01c..4ee1df48f2 100644
--- a/target/ppc/translate/vmx-impl.inc.c
+++ b/target/ppc/translate/vmx-impl.inc.c
@@ -807,6 +807,7 @@ GEN_VXFORM_DUAL(vmulouw, PPC_ALTIVEC, PPC_NONE,
 GEN_VXFORM(vmulosb, 4, 4);
 GEN_VXFORM(vmulosh, 4, 5);
 GEN_VXFORM(vmulosw, 4, 6);
+GEN_VXFORM(vmulld,  4, 7);
 GEN_VXFORM(vmuleub, 4, 8);
 GEN_VXFORM(vmuleuh, 4, 9);
 GEN_VXFORM(vmuleuw, 4, 10);
diff --git a/target/ppc/translate/vmx-ops.inc.c 
b/target/ppc/translate/vmx-ops.inc.c
index 84e05fb827..499bed0a44 100644
--- a/target/ppc/translate/vmx-ops.inc.c
+++ b/target/ppc/translate/vmx-ops.inc.c
@@ -104,6 +104,7 @@ GEN_VXFORM_DUAL(vmulouw, vmuluwm, 4, 2, PPC_ALTIVEC, 
PPC_NONE),
 GEN_VXFORM(vmulosb, 4, 4),
 GEN_VXFORM(vmulosh, 4, 5),
 GEN_VXFORM_207(vmulosw, 4, 6),
+GEN_VXFORM_300(vmulld, 4, 7),
 GEN_VXFORM(vmuleub, 4, 8),
 GEN_VXFORM(vmuleuh, 4, 9),
 GEN_VXFORM_207(vmuleuw, 4, 10),
-- 
2.23.0

[PATCH 1/6] target/ppc: add byte-reverse br[dwh] instructions

[Lijun Pan]

POWER ISA 3.1 introduces following byte-reverse instructions:
brd: Byte-Reverse Doubleword X-form
brw: Byte-Reverse Word X-form
brh: Byte-Reverse Halfword X-form

Signed-off-by: Lijun Pan 
---
 target/ppc/translate.c | 62 ++
 1 file changed, 62 insertions(+)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 4ce3d664b5..2d48fbc8db 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -6971,7 +6971,69 @@ static void gen_dform3D(DisasContext *ctx)
 return gen_invalid(ctx);
 }
 
+/* brd */
+static void gen_brd(DisasContext *ctx)
+{
+   TCGv_i64 temp = tcg_temp_new_i64();
+
+   tcg_gen_bswap64_i64(temp, cpu_gpr[rS(ctx->opcode)]);
+   tcg_gen_st_i64(temp, cpu_env, offsetof(CPUPPCState, 
gpr[rA(ctx->opcode)]));
+
+   tcg_temp_free_i64(temp);
+}
+
+/* brw */
+static void gen_brw(DisasContext *ctx)
+{
+   TCGv_i64 temp = tcg_temp_new_i64();
+   TCGv_i64 lsb = tcg_temp_new_i64();
+   TCGv_i64 msb = tcg_temp_new_i64();
+
+   tcg_gen_movi_i64(lsb, 0xull);
+   tcg_gen_and_i64(temp, lsb, cpu_gpr[rS(ctx->opcode)]);
+   tcg_gen_bswap32_i64(lsb, temp);
+   
+   tcg_gen_shri_i64(msb, cpu_gpr[rS(ctx->opcode)], 32);
+   tcg_gen_bswap32_i64(temp, msb);
+   tcg_gen_shli_i64(msb, temp, 32);
+   
+   tcg_gen_or_i64(temp, lsb, msb);
+
+   tcg_gen_st_i64(temp, cpu_env, offsetof(CPUPPCState, 
gpr[rA(ctx->opcode)]));
+
+   tcg_temp_free_i64(temp);
+   tcg_temp_free_i64(lsb);
+   tcg_temp_free_i64(msb);
+}
+
+/* brh */
+static void gen_brh(DisasContext *ctx)
+{
+   TCGv_i64 temp = tcg_temp_new_i64();
+   TCGv_i64 t0 = tcg_temp_new_i64();
+   TCGv_i64 t1 = tcg_temp_new_i64();
+   TCGv_i64 t2 = tcg_temp_new_i64();
+   TCGv_i64 t3 = tcg_temp_new_i64();
+
+   tcg_gen_movi_i64(t0, 0x00ff00ff00ff00ffull);
+   tcg_gen_shri_i64(t1, cpu_gpr[rS(ctx->opcode)], 8);
+   tcg_gen_and_i64(t2, t1, t0);
+   tcg_gen_and_i64(t1, cpu_gpr[rS(ctx->opcode)], t0);
+   tcg_gen_shli_i64(t1, t1, 8);
+   tcg_gen_or_i64(temp, t1, t2);
+   tcg_gen_st_i64(temp, cpu_env, offsetof(CPUPPCState, 
gpr[rA(ctx->opcode)]));
+
+   tcg_temp_free_i64(temp);
+   tcg_temp_free_i64(t0);
+   tcg_temp_free_i64(t1);
+   tcg_temp_free_i64(t2);
+   tcg_temp_free_i64(t3);
+}
+
 static opcode_t opcodes[] = {
+GEN_HANDLER_E(brd, 0x1F, 0x1B, 0x05, 0xF801, PPC_NONE, PPC2_ISA300),
+GEN_HANDLER_E(brw, 0x1F, 0x1B, 0x04, 0xF801, PPC_NONE, PPC2_ISA300),
+GEN_HANDLER_E(brh, 0x1F, 0x1B, 0x06, 0xF801, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER(invalid, 0x00, 0x00, 0x00, 0x, PPC_NONE),
 GEN_HANDLER(cmp, 0x1F, 0x00, 0x00, 0x0040, PPC_INTEGER),
 GEN_HANDLER(cmpi, 0x0B, 0xFF, 0xFF, 0x0040, PPC_INTEGER),
-- 
2.23.0

[PATCH v2] target/ppc: add vmsumudm vmsumcud instructions

[Lijun Pan]

vmsumudm (Power ISA 3.0) - Vector Multiply-Sum Unsigned Doubleword Modulo
VA-form.
vmsumcud (Power ISA 3.1) - Vector Multiply-Sum & write Carry-out Unsigned
Doubleword VA-form.

Signed-off-by: Lijun Pan 
---
v2: move vmsumcudm() to qemu/int128.h as Richard Henderson suggested,
also rename addu128() to uint128_add() and include it in qemu/int128.h

 disas/ppc.c |  2 +
 include/qemu/int128.h   | 97 +
 target/ppc/helper.h |  4 +-
 target/ppc/int_helper.c | 19 +-
 target/ppc/translate.c  |  1 -
 target/ppc/translate/vmx-impl.inc.c | 39 ++--
 target/ppc/translate/vmx-ops.inc.c  |  2 +
 7 files changed, 143 insertions(+), 21 deletions(-)

diff --git a/disas/ppc.c b/disas/ppc.c
index 63e97cfe1d..3ed4d23ed3 100644
--- a/disas/ppc.c
+++ b/disas/ppc.c
@@ -2261,7 +2261,9 @@ const struct powerpc_opcode powerpc_opcodes[] = {
 { "vmsumshs",  VXA(4,  41), VXA_MASK,  PPCVEC, { VD, VA, VB, VC } },
 { "vmsumubm",  VXA(4,  36), VXA_MASK,   PPCVEC,{ VD, VA, VB, 
VC } },
 { "vmsumuhm",  VXA(4,  38), VXA_MASK,   PPCVEC,{ VD, VA, VB, 
VC } },
+{ "vmsumudm",  VXA(4,  35), VXA_MASK,   PPCVEC,{ VD, VA, VB, 
VC } },
 { "vmsumuhs",  VXA(4,  39), VXA_MASK,   PPCVEC,{ VD, VA, VB, 
VC } },
+{ "vmsumcud",  VXA(4,  23), VXA_MASK,   PPCVEC,{ VD, VA, VB, 
VC } },
 { "vmulesb",   VX(4,  776), VX_MASK,   PPCVEC, { VD, VA, VB } },
 { "vmulesh",   VX(4,  840), VX_MASK,   PPCVEC, { VD, VA, VB } },
 { "vmuleub",   VX(4,  520), VX_MASK,   PPCVEC, { VD, VA, VB } },
diff --git a/include/qemu/int128.h b/include/qemu/int128.h
index 5c9890db8b..3362973cc5 100644
--- a/include/qemu/int128.h
+++ b/include/qemu/int128.h
@@ -3,6 +3,7 @@
 
 #ifdef CONFIG_INT128
 #include "qemu/bswap.h"
+#include "qemu/host-utils.h"
 
 typedef __int128_t Int128;
 
@@ -143,6 +144,55 @@ static inline Int128 bswap128(Int128 a)
 return int128_make128(bswap64(int128_gethi(a)), bswap64(int128_getlo(a)));
 }
 
+/**
+ * uint128_add - add two 128-bit values (r=a+b, ca=carry-out)
+ * @ah: high 64 bits of a
+ * @al: low 64 bits of a
+ * @bh: high 64 bits of b
+ * @bl: low 64 bits of b
+ * @rh: high 64 bits of r to be returned
+ * @rl: low 64 bits of r to be returned
+ * @ca: carry out to be returned.
+ */
+static inline void uint128_add(uint64_t ah, uint64_t al, uint64_t bh,
+   uint64_t bl, uint64_t *rh, uint64_t *rl, uint64_t *ca)
+{
+   __uint128_t a = (__uint128_t)ah << 64 | (__uint128_t)al;
+   __uint128_t b = (__uint128_t)bh << 64 | (__uint128_t)bl;
+   __uint128_t r = a + b;
+
+   *rh = (uint64_t)(r >> 64);
+   *rl = (uint64_t)r;
+   *ca = (~a < b);
+}
+
+/**
+ * mulsum - (rh, rl) = ah*bh + al*bl + (ch, cl)
+ * @ah: high 64 bits of a
+ * @al: low 64 bits of a
+ * @bh: high 64 bits of b
+ * @bl: low 64 bits of b
+ * @ch: high 64 bits of c
+ * @cl: low 64 bits of c
+ * @rh: high 64 bits of r to be returned
+ * @rl: low 64 bits of r to be returned
+ * @ca: carry-out to be returned.
+ */
+static inline void mulsum(uint64_t ah, uint64_t al, uint64_t bh,
+   uint64_t bl, uint64_t ch, uint64_t cl, uint64_t *rh,
+   uint64_t *rl, uint64_t *ca)
+{
+   __uint128_t prod1, prod2, r;
+   __uint128_t c = (__uint128_t)ch << 64 | (__uint128_t)cl;
+
+   prod1 = (__uint128_t)ah * (__uint128_t)bh;
+   prod2 = (__uint128_t)al * (__uint128_t)bl;
+   r = prod1 + prod2 + c;
+   *rh = (uint64_t)(r >> 64);
+   *rl = (uint64_t)r;
+   *ca = (~prod1 < prod2) + (~c < (prod1 + prod2));
+}
+
 #else /* !CONFIG_INT128 */
 
 typedef struct Int128 Int128;
@@ -301,5 +351,52 @@ static inline void int128_subfrom(Int128 *a, Int128 b)
 *a = int128_sub(*a, b);
 }
 
+/**
+ * uint128_add - add two 128-bit values (r=a+b, ca=carry-out)
+ * @ah: high 64 bits of a
+ * @al: low 64 bits of a
+ * @bh: high 64 bits of b
+ * @bl: low 64 bits of b
+ * @rh: high 64 bits of r to be returned
+ * @rl: low 64 bits of r to be returned
+ * @ca: carry out to be returned.
+ */
+static inline void uint128_add(uint64_t ah, uint64_t al, uint64_t bh,
+   uint64_t bl, uint64_t *rh, uint64_t *rl, uint64_t *ca)
+{
+   uint64_t lo = al + bl;
+   uint64_t hi = ah + bh + (~al < bl);
+   uint64_t hi_t = ah + bh;
+   uint64_t carry = (~ah < bh) + (~hi_t < (~al < bl));
+
+   *rl = lo;
+   *rh = hi;
+   *ca = carry;
+}
+
+/**
+ * mulsum - (rh, rl) = ah*bh + al*bl + (ch, cl)
+ * @ah: high 64 bits of a
+ * @al: low 64 bits of a
+ * @bh: high 64 bits of b
+ * @bl: low 64 bits of b
+ * @ch: high 64 bits of c
+ * @cl: low 64 bits of c
+ * @rh: high 64 bits of r to be returned
+ * @rl: low 64 bits of r to be returned
+ * @ca: carry-out to be returned.
+ */
+static inline void mulsum(uint64_t ah, uint64_t al, uint64_t bh,
+   uint64_t bl, uint64_t ch, uint64_t cl, uint64_t *rh,
+

Re: [PATCH v5 3/5] hw/riscv: Add helpers for RISC-V multi-socket NUMA machines

[Atish Patra]

On Fri, 2020-06-12 at 17:52 -0700, Alistair Francis wrote:
> On Thu, Jun 11, 2020 at 6:11 AM Anup Patel 
> wrote:
> > 
> > 
> > > -Original Message-
> > > From: Qemu-riscv  > > bounces+anup.patel=wdc@nongnu.org> On Behalf Of Alistair
> > > Francis
> > > Sent: 11 June 2020 04:59
> > > To: Anup Patel 
> > > Cc: Peter Maydell ; open list:RISC-V
> > >  > > ri...@nongnu.org>; Sagar Karandikar ;
> > > Anup
> > > Patel ; qemu-devel@nongnu.org Developers
> > >  > > de...@nongnu.org>; Atish Patra ; Alistair
> > > Francis
> > > ; Palmer Dabbelt 
> > > Subject: Re: [PATCH v5 3/5] hw/riscv: Add helpers for RISC-V
> > > multi-socket
> > > NUMA machines
> > > 
> > > On Fri, May 29, 2020 at 4:48 AM Anup Patel 
> > > wrote:
> > > > We add common helper routines which can be shared by RISC-V
> > > > multi-socket NUMA machines.
> > > > 
> > > > We have two types of helpers:
> > > > 1. riscv_socket_xyz() - These helper assist managing multiple
> > > >sockets irrespective whether QEMU NUMA is enabled/disabled
> > > > 2.
> > > > riscv_numa_xyz() - These helpers assist in providing
> > > >necessary QEMU machine callbacks for QEMU NUMA emulation
> > > > 
> > > > Signed-off-by: Anup Patel 
> > > > ---
> > > >  hw/riscv/Makefile.objs  |   1 +
> > > >  hw/riscv/numa.c | 242
> > > 
> > > >  include/hw/riscv/numa.h |  51 +
> > > >  3 files changed, 294 insertions(+)
> > > >  create mode 100644 hw/riscv/numa.c
> > > >  create mode 100644 include/hw/riscv/numa.h
> > > 
> > > I don't love that we have an entire file of functions to help
> > > with NUMA when
> > > no other arch seems to have anything this complex.
> > > 
> > > What about RISC-V requires extra complexity?
> > 
> > Other architectures, generally have one machine supporting NUMA.
> > 
> > In QEMU RISC-V, we are supporting NUMA in two machines (i.e Virt
> > and Spike). Both these machines, are synthetic machines and don't
> > match real-world hardware. The Spike machine is even more unique
> > because it has minimum number of devices and no interrupt
> > controller.
> > 
> > In future, we might have few more machines in QEMU RISC-V having
> > NUMA/multi-socket support.
> > 
> > Comparted to other architectures, the riscv_numa_xyz() callbacks
> > defined here do:
> > 1. Linear mapping of CPU arch_id to CPU logical idx
> > 2. Linear assignment of node_id to CPU idx
> > 
> > The requirement 2) mentioned above is because CLINT and PLIC
> > device emulation require contiguous hard IDs in a socket.
> 
> Ok, fair enough :)
> 
> Do you mind sending a new version, I think the Spike part will need
> to
> be rebased on top of the Spike machine changes.
> 
> Then just pressure Atish to ack the DT changes :P
> 

Since you had comments on v5, I thought I would just defer the review
to the next version ;)

Jokes apart, I will do it tonight either on v5 or v6 whatever is the
latest. I don't think the topology mapping would change in between v5 &
v6.

> Alistair
> 
> > Regards,
> > Anup
> > 
> > > > diff --git a/hw/riscv/Makefile.objs b/hw/riscv/Makefile.objs
> > > > index
> > > > fc3c6dd7c8..4483e61879 100644
> > > > --- a/hw/riscv/Makefile.objs
> > > > +++ b/hw/riscv/Makefile.objs
> > > > @@ -1,4 +1,5 @@
> > > >  obj-y += boot.o
> > > > +obj-y += numa.o
> > > >  obj-$(CONFIG_SPIKE) += riscv_htif.o
> > > >  obj-$(CONFIG_HART) += riscv_hart.o
> > > >  obj-$(CONFIG_SIFIVE_E) += sifive_e.o
> > > > diff --git a/hw/riscv/numa.c b/hw/riscv/numa.c new file mode
> > > > 100644
> > > > index 00..4f92307102
> > > > --- /dev/null
> > > > +++ b/hw/riscv/numa.c
> > > > @@ -0,0 +1,242 @@
> > > > +/*
> > > > + * QEMU RISC-V NUMA Helper
> > > > + *
> > > > + * Copyright (c) 2020 Western Digital Corporation or its
> > > > affiliates.
> > > > + *
> > > > + * This program is free software; you can redistribute it
> > > > and/or
> > > > +modify it
> > > > + * under the terms and conditions of the GNU General Public
> > > > License,
> > > > + * version 2 or later, as published by the Free Software
> > > > Foundation.
> > > > + *
> > > > + * This program is distributed in the hope it will be useful,
> > > > but
> > > > +WITHOUT
> > > > + * ANY WARRANTY; without even the implied warranty of
> > > MERCHANTABILITY
> > > > +or
> > > > + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General
> > > > Public
> > > > +License for
> > > > + * more details.
> > > > + *
> > > > + * You should have received a copy of the GNU General Public
> > > > License
> > > > +along with
> > > > + * this program.  If not, see ;.
> > > > + */
> > > > +
> > > > +#include "qemu/osdep.h"
> > > > +#include "qemu/units.h"
> > > > +#include "qemu/log.h"
> > > > +#include "qemu/error-report.h"
> > > > +#include "qapi/error.h"
> > > > +#include "hw/boards.h"
> > > > +#include "hw/qdev-properties.h"
> > > > +#include "hw/riscv/numa.h"
> > > > +#include "sysemu/device_tree.h"
> > > > +
> > > > +static bool numa_enabled(const MachineS

[PATCH 2/2] mac_oldworld: Add machine ID register

[BALATON Zoltan]

The G3 beige machine has a machine ID register that is accessed by the
firmware to deternine the board config. Add basic emulation of it.

Signed-off-by: BALATON Zoltan 
---
 hw/ppc/mac_oldworld.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 3812adc441..4dd872c1a3 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -80,6 +80,15 @@ static void ppc_heathrow_reset(void *opaque)
 cpu_reset(CPU(cpu));
 }
 
+static uint64_t machine_id_read(void *opaque, hwaddr addr, unsigned size)
+{
+return (addr == 0 && size == 2 ? 0x3d8c : 0);
+}
+
+const MemoryRegionOps machine_id_reg_ops = {
+.read = machine_id_read,
+};
+
 static void ppc_heathrow_init(MachineState *machine)
 {
 ram_addr_t ram_size = machine->ram_size;
@@ -93,6 +102,7 @@ static void ppc_heathrow_init(MachineState *machine)
 char *filename;
 int linux_boot, i;
 MemoryRegion *bios = g_new(MemoryRegion, 1);
+MemoryRegion *machine_id = g_new(MemoryRegion, 1);
 uint32_t kernel_base, initrd_base, cmdline_base = 0;
 int32_t kernel_size, initrd_size;
 PCIBus *pci_bus;
@@ -227,6 +237,10 @@ static void ppc_heathrow_init(MachineState *machine)
 }
 }
 
+memory_region_init_io(machine_id, OBJECT(machine), &machine_id_reg_ops,
+  NULL, "machine_id", 2);
+memory_region_add_subregion(get_system_memory(), 0xff04, machine_id);
+
 /* XXX: we register only 1 output pin for heathrow PIC */
 pic_dev = qdev_create(NULL, TYPE_HEATHROW);
 qdev_init_nofail(pic_dev);
-- 
2.21.3

[PATCH 1/2] mac_oldworld: Allow loading binary ROM image

[BALATON Zoltan]

The G3 beige machine has a 4MB firmware ROM. Fix the size of the rom
region and allow loading a binary image with -bios. This makes it
possible to test emulation with a ROM image from real hardware.

Signed-off-by: BALATON Zoltan 
---
 hw/ppc/mac_oldworld.c | 24 +++-
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 0b4c1c6373..3812adc441 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -59,6 +59,8 @@
 #define NDRV_VGA_FILENAME "qemu_vga.ndrv"
 
 #define GRACKLE_BASE 0xfec0
+#define PROM_BASE 0xffc0
+#define PROM_SIZE (4 * MiB)
 
 static void fw_cfg_boot_set(void *opaque, const char *boot_device,
 Error **errp)
@@ -127,24 +129,28 @@ static void ppc_heathrow_init(MachineState *machine)
 
 memory_region_add_subregion(sysmem, 0, machine->ram);
 
-/* allocate and load BIOS */
-memory_region_init_rom(bios, NULL, "ppc_heathrow.bios", BIOS_SIZE,
+/* allocate and load firmware ROM */
+memory_region_init_rom(bios, NULL, "ppc_heathrow.bios", PROM_SIZE,
&error_fatal);
+memory_region_add_subregion(sysmem, PROM_BASE, bios);
 
-if (bios_name == NULL)
+if (!bios_name) {
 bios_name = PROM_FILENAME;
+}
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
-memory_region_add_subregion(sysmem, PROM_ADDR, bios);
-
-/* Load OpenBIOS (ELF) */
 if (filename) {
-bios_size = load_elf(filename, NULL, 0, NULL, NULL, NULL, NULL, NULL,
- 1, PPC_ELF_MACHINE, 0, 0);
+/* Load OpenBIOS (ELF) */
+bios_size = load_elf(filename, NULL, NULL, NULL, NULL, NULL, NULL,
+ NULL, 1, PPC_ELF_MACHINE, 0, 0);
+if (bios_size <= 0) {
+/* or load binary ROM image */
+bios_size = load_image_targphys(filename, PROM_BASE, PROM_SIZE);
+}
 g_free(filename);
 } else {
 bios_size = -1;
 }
-if (bios_size < 0 || bios_size > BIOS_SIZE) {
+if (bios_size < 0 || bios_size > PROM_SIZE) {
 error_report("could not load PowerPC bios '%s'", bios_name);
 exit(1);
 }
-- 
2.21.3

[PATCH 0/2] Mac Old World ROM experiment

[BALATON Zoltan]

Based on https://github.com/dingusdev/dingusppc this series allows
experimenting with binary ROM image from a G3 beige machine. It does
not get very far though. Running with

-bios 78F57389.rom -d unimp,guest_errors -trace enable="pci*" | uniq -c

I get the logs below and hangs reading the last reg. It seems to
expect macio to be mapped at 0xf300 (also confirmed by comments in
https://github.com/dingusdev/dingusppc/blob/master/devices/macio.h and
some logs I've found on-line) but I don't see where it would set this
up so maybe this needs to be mapped by default there?

Regards,
BALATON Zoltan

  1 pci_cfg_read grackle 00:0 @0x0 -> 0x21057
  1 pci_cfg_read grackle 00:0 @0xa8 -> 0x0
  1 pci_cfg_write grackle 00:0 @0xa8 <- 0x40e0c
  1 pci_cfg_read grackle 00:0 @0xac -> 0x0
  1 pci_cfg_write grackle 00:0 @0xac <- 0x1200
  1 pci_cfg_read grackle 00:0 @0xac -> 0x1200
  1 pci_cfg_write grackle 00:0 @0xac <- 0x200
  1 pci_cfg_read grackle 00:0 @0x70 -> 0x0
  1 pci_cfg_write grackle 00:0 @0x70 <- 0x1100
  1 machine_id_read(0, 2)
  1 pci_cfg_read grackle 00:0 @0x8 -> 0x6000140
  1 pci_cfg_read grackle 00:0 @0xf0 -> 0x0
  1 pci_cfg_write grackle 00:0 @0xf0 <- 0x1290
  1 Unassigned mem write f324 = 0x8000
  1 Unassigned mem write f328 = 0x
  1 Unassigned mem write f338 = 0x33eff3a
  1 Unassigned mem write f338 = 0x1befffa
  1 machine_id_read(0, 2)
  1 Unassigned mem read f338
  1 Unassigned mem write f338 = 0xc10
  1 Unassigned mem write f3017e00 = 0x10
  1 Unassigned mem write f3016600 = 0x58
  1 Unassigned mem write f3016000 = 0x38
  1 Unassigned mem write f3016400 = 0x30
  1 Unassigned mem write f3017800 = 0x0
  1 Unassigned mem write f3017600 = 0x1c
  1 Unassigned mem write f3017c00 = 0x7f
  1 Unassigned mem read f3017600
  1 Unassigned mem write f3017600 = 0x0
  1 Unassigned mem write f3017c00 = 0x84
  1 Unassigned mem read f3016000
  1 Unassigned mem write f3016000 = 0x30
   3138 Unassigned mem read f3016000
   6627 Unassigned mem read f3017a00
  1 Unassigned mem read f3016000
  1 Unassigned mem write f3016000 = 0x10
   6681 Unassigned mem read f3016000
   6710 Unassigned mem read f3017a00
   6710 Unassigned mem read f3016000
   6600 Unassigned mem read f3017a00
   5543 Unassigned mem read f3016000
  1 Unassigned mem read f334
  1 Unassigned mem read f3016000
  1 Unassigned mem write f3016000 = 0x30
   1234 Unassigned mem read f3016000
   1195 Unassigned mem read f3017a00
  1 Unassigned mem read f3017400
  1 Unassigned mem read f3016000
  1 Unassigned mem write f3016000 = 0x0
  1 Unassigned mem read f3016000
   5441 Unassigned mem read f3017a00
   6820 Unassigned mem read f3016000
   6710 Unassigned mem read f3017a00
   5439 Unassigned mem read f3016000
  1 pci_cfg_write grackle 00:0 @0x80 <- 0x
  1 pci_cfg_write grackle 00:0 @0x88 <- 0x
  1 pci_cfg_write grackle 00:0 @0x90 <- 0x
  1 pci_cfg_write grackle 00:0 @0x98 <- 0x
  1 pci_cfg_write grackle 00:0 @0x84 <- 0x
  1 pci_cfg_write grackle 00:0 @0x8c <- 0x
  1 pci_cfg_write grackle 00:0 @0x94 <- 0x
  1 pci_cfg_write grackle 00:0 @0x9c <- 0x
  1 pci_cfg_write grackle 00:0 @0xa0 <- 0x0
  1 pci_cfg_read grackle 00:0 @0xf0 -> 0x1290
  1 pci_cfg_write grackle 00:0 @0xf0 <- 0x1290
  1 machine_id_read(0, 2)
  1 pci_cfg_read grackle 00:0 @0x8 -> 0x6000140
  1 pci_cfg_read grackle 00:0 @0xf0 -> 0x1290
  1 pci_cfg_write grackle 00:0 @0xf0 <- 0x1294
  1 pci_cfg_write grackle 00:0 @0xf0 <- 0x1294
  1 pci_cfg_write grackle 00:0 @0xf4 <- 0x40010fe4
  1 pci_cfg_write grackle 00:0 @0xf8 <- 0x7302293
  1 pci_cfg_write grackle 00:0 @0xfc <- 0x25302220
  1 pci_cfg_read grackle 00:0 @0xa0 -> 0x0
  1 pci_cfg_write grackle 00:0 @0xa0 <- 0x6700
  1 pci_cfg_read grackle 00:0 @0xf0 -> 0x1294
  1 pci_cfg_write grackle 00:0 @0xf0 <- 0x129c
 545701 Unassigned mem read f3014020
  1 Unassigned mem write f30723f0 = 0x1c
  1 Unassigned mem write f30723e0 = 0x42
  1 Unassigned mem write f30723d0 = 0xf0
  1 Unassigned mem write f30723c0 = 0xff
  1 Unassigned mem write f3013020 = 0x9
  1 Unassigned mem write f3013020 = 0xc0
  1 Unassigned mem write f3013020 = 0xd
  1 Unassigned mem write f3013020 = 0x0
  1 Unassigned mem write f3013020 = 0xc
  1 Unassig

Re: [PATCH v5 3/5] hw/riscv: Add helpers for RISC-V multi-socket NUMA machines

[Alistair Francis]

On Thu, Jun 11, 2020 at 6:11 AM Anup Patel  wrote:
>
>
>
> > -Original Message-
> > From: Qemu-riscv  > bounces+anup.patel=wdc@nongnu.org> On Behalf Of Alistair Francis
> > Sent: 11 June 2020 04:59
> > To: Anup Patel 
> > Cc: Peter Maydell ; open list:RISC-V  > ri...@nongnu.org>; Sagar Karandikar ; Anup
> > Patel ; qemu-devel@nongnu.org Developers  > de...@nongnu.org>; Atish Patra ; Alistair Francis
> > ; Palmer Dabbelt 
> > Subject: Re: [PATCH v5 3/5] hw/riscv: Add helpers for RISC-V multi-socket
> > NUMA machines
> >
> > On Fri, May 29, 2020 at 4:48 AM Anup Patel  wrote:
> > >
> > > We add common helper routines which can be shared by RISC-V
> > > multi-socket NUMA machines.
> > >
> > > We have two types of helpers:
> > > 1. riscv_socket_xyz() - These helper assist managing multiple
> > >sockets irrespective whether QEMU NUMA is enabled/disabled 2.
> > > riscv_numa_xyz() - These helpers assist in providing
> > >necessary QEMU machine callbacks for QEMU NUMA emulation
> > >
> > > Signed-off-by: Anup Patel 
> > > ---
> > >  hw/riscv/Makefile.objs  |   1 +
> > >  hw/riscv/numa.c | 242
> > 
> > >  include/hw/riscv/numa.h |  51 +
> > >  3 files changed, 294 insertions(+)
> > >  create mode 100644 hw/riscv/numa.c
> > >  create mode 100644 include/hw/riscv/numa.h
> >
> > I don't love that we have an entire file of functions to help with NUMA when
> > no other arch seems to have anything this complex.
> >
> > What about RISC-V requires extra complexity?
>
> Other architectures, generally have one machine supporting NUMA.
>
> In QEMU RISC-V, we are supporting NUMA in two machines (i.e Virt
> and Spike). Both these machines, are synthetic machines and don't
> match real-world hardware. The Spike machine is even more unique
> because it has minimum number of devices and no interrupt controller.
>
> In future, we might have few more machines in QEMU RISC-V having
> NUMA/multi-socket support.
>
> Comparted to other architectures, the riscv_numa_xyz() callbacks
> defined here do:
> 1. Linear mapping of CPU arch_id to CPU logical idx
> 2. Linear assignment of node_id to CPU idx
>
> The requirement 2) mentioned above is because CLINT and PLIC
> device emulation require contiguous hard IDs in a socket.

Ok, fair enough :)

Do you mind sending a new version, I think the Spike part will need to
be rebased on top of the Spike machine changes.

Then just pressure Atish to ack the DT changes :P

Alistair

>
> Regards,
> Anup
>
> >
> > >
> > > diff --git a/hw/riscv/Makefile.objs b/hw/riscv/Makefile.objs index
> > > fc3c6dd7c8..4483e61879 100644
> > > --- a/hw/riscv/Makefile.objs
> > > +++ b/hw/riscv/Makefile.objs
> > > @@ -1,4 +1,5 @@
> > >  obj-y += boot.o
> > > +obj-y += numa.o
> > >  obj-$(CONFIG_SPIKE) += riscv_htif.o
> > >  obj-$(CONFIG_HART) += riscv_hart.o
> > >  obj-$(CONFIG_SIFIVE_E) += sifive_e.o
> > > diff --git a/hw/riscv/numa.c b/hw/riscv/numa.c new file mode 100644
> > > index 00..4f92307102
> > > --- /dev/null
> > > +++ b/hw/riscv/numa.c
> > > @@ -0,0 +1,242 @@
> > > +/*
> > > + * QEMU RISC-V NUMA Helper
> > > + *
> > > + * Copyright (c) 2020 Western Digital Corporation or its affiliates.
> > > + *
> > > + * This program is free software; you can redistribute it and/or
> > > +modify it
> > > + * under the terms and conditions of the GNU General Public License,
> > > + * version 2 or later, as published by the Free Software Foundation.
> > > + *
> > > + * This program is distributed in the hope it will be useful, but
> > > +WITHOUT
> > > + * ANY WARRANTY; without even the implied warranty of
> > MERCHANTABILITY
> > > +or
> > > + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
> > > +License for
> > > + * more details.
> > > + *
> > > + * You should have received a copy of the GNU General Public License
> > > +along with
> > > + * this program.  If not, see .
> > > + */
> > > +
> > > +#include "qemu/osdep.h"
> > > +#include "qemu/units.h"
> > > +#include "qemu/log.h"
> > > +#include "qemu/error-report.h"
> > > +#include "qapi/error.h"
> > > +#include "hw/boards.h"
> > > +#include "hw/qdev-properties.h"
> > > +#include "hw/riscv/numa.h"
> > > +#include "sysemu/device_tree.h"
> > > +
> > > +static bool numa_enabled(const MachineState *ms) {
> > > +return (ms->numa_state && ms->numa_state->num_nodes) ? true :
> > > +false; }
> > > +
> > > +int riscv_socket_count(const MachineState *ms) {
> > > +return (numa_enabled(ms)) ? ms->numa_state->num_nodes : 1; }
> > > +
> > > +int riscv_socket_first_hartid(const MachineState *ms, int socket_id)
> > > +{
> > > +int i, first_hartid = ms->smp.cpus;
> > > +
> > > +if (!numa_enabled(ms)) {
> > > +return (!socket_id) ? 0 : -1;
> > > +}
> > > +
> > > +for (i = 0; i < ms->smp.cpus; i++) {
> > > +if (ms->possible_cpus->cpus[i].props.node_id != socket_id) {
> > > +continue;
> > > +}
> > > +

Re: [PATCH v2 11/12] hw/arm: Wire up BMC boot flash for npcm750-evb and quanta-gsj

[Havard Skinnemoen]

On Thu, Jun 11, 2020 at 3:30 PM Havard Skinnemoen 
wrote:

> @@ -57,18 +72,30 @@ static NPCM7xxState *npcm7xx_create_soc(MachineState
> *machine)
>  static void npcm750_evb_init(MachineState *machine)
>  {
>  NPCM7xxState *soc;
> +DriveInfo *dinfo;
>
>  soc = npcm7xx_create_soc(machine);
>
> +dinfo = drive_get(IF_MTD, 0, 0);
> +if (dinfo) {
> +npcm7xx_connect_flash(&soc->fiu[0], 0, "w25q256", dinfo);
>

Btw, this does not actually work. I initially tested it with the same flash
chip as gsj, which seems to work, but after switching to the Winbond model
(as per the npcm750 evb schematics) it looks like it reads incorrect data
in DIO mode.

While trying to figure out what's going wrong, I stumbled across this patch:

https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg01586.html

which I don't understand. It looks like the winbond model wants one dummy
cycle after the address, since dummy cycles are modeled as byte transfers.
This doesn't seem to match the data sheet, which specifies 4 dummy cycles
in DIO mode (which is actually a special command byte transferred across
two data lines).

If the "continuous read mode command" is actually modeled as a single byte,
then it makes sense because that works out to 4 dummy cycles in DIO mode.
However, I don't understand how the flash controller model is supposed to
detect this situation, and I don't see any flash controller models that
support sending anything but dummy _bits_ between the address and data
phases.

Could you please clarify how this is supposed to work? Are there any
existing machines that use a w25 chip in DIO mode?

Havard

Re: [PATCH 4/5] linux-user: Support CLONE_VM and extended clone options

[Josh Kunz]

> +child_tid = atomic_fetch_or(&mgr->managed_tid, 0);
> +/*
> + * Check if the child has already terminated by this point. If not, wait
> + * for the child to exit. As long as the trampoline is not killed by
> + * a signal, the kernel guarantees that the memory at &mgr->managed_tid
> + * will be cleared, and a FUTEX_WAKE at that address will triggered.
> + */
> +if (child_tid != 0) {
> +ret = syscall(SYS_futex, &mgr->managed_tid, FUTEX_WAIT,
> +  child_tid, NULL, NULL, 0);
> +assert(ret == 0 && "clone manager futex should always succeed");
> +}

A note for any reviewers/maintainers: While doing some additional
testing today, I discovered there is a bug in this section of the
patch. The child process can exit between the `atomic_fetch` and start
of the `futex(FUTEX_WAIT)` call, causing the kernel to respond with an
`EAGAIN` error, which will be caught by the assert and crash the
program. I have a patch for this. I suspect there will be comments on
this change, so I'm holding off on re-sending the series until initial
reviews have been done. I just wanted to make maintainers aware to
avoid the possibility of this bug being merged in the (very) unlikely
case there are no comments.

Re: [PATCH v1 00/18] testing/next (tsan, dtc warnings, cross-builds)

[Alex Bennée]

Philippe Mathieu-Daudé  writes:

> On 6/12/20 9:44 PM, no-re...@patchew.org wrote:
>> Patchew URL: 
>> https://patchew.org/QEMU/20200612190237.30436-1-alex.ben...@linaro.org/
>>   CC  x86_64-softmmu/fpu/softfloat.o
>>   CC  x86_64-softmmu/disas.o
>> /usr/bin/ld: 
>> /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o):
>>  warning: common of `__interception::real_vfork' overridden by definition 
>> from 
>> /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
>>   GEN x86_64-softmmu/gdbstub-xml.c
>>   CC  x86_64-softmmu/arch_init.o
>>   CC  x86_64-softmmu/cpus.o
>>   CC  x86_64-softmmu/gdbstub.o
>>   CC  x86_64-softmmu/balloon.o
>>   CC  x86_64-softmmu/ioport.o
>> /tmp/qemu-test/src/fpu/softfloat.c:3365:13: error: bitwise negation of a 
>> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
>> absZ &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
>> ^~
>> !
>> /tmp/qemu-test/src/fpu/softfloat.c:3423:18: error: bitwise negation of a 
>> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
>> absZ0 &= ~ ( ( (uint64_t) ( absZ1<<1 ) == 0 ) & roundNearestEven );
>>  ^
>>  !
>> /tmp/qemu-test/src/fpu/softfloat.c:3483:18: error: bitwise negation of a 
>> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
>> absZ0 &= ~(((uint64_t)(absZ1<<1) == 0) & roundNearestEven);
>>  ^
>>  !
>> /tmp/qemu-test/src/fpu/softfloat.c:3606:13: error: bitwise negation of a 
>> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
>> zSig &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
>> ^~
>> !
>> /tmp/qemu-test/src/fpu/softfloat.c:3760:13: error: bitwise negation of a 
>> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
>> zSig &= ~ ( ( ( roundBits ^ 0x200 ) == 0 ) & roundNearestEven );
>> ^~~
>> !
>> /tmp/qemu-test/src/fpu/softfloat.c:3987:21: error: bitwise negation of a 
>> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
>> ~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven 
>> );
>> ^
>> !
>> /tmp/qemu-test/src/fpu/softfloat.c:4003:22: error: bitwise negation of a 
>> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
>> zSig0 &= ~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven 
>> );
>>  
>> ^
>>  !
>> /tmp/qemu-test/src/fpu/softfloat.c:4273:18: error: bitwise negation of a 
>> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
>> zSig1 &= ~ ( ( zSig2 + zSig2 == 0 ) & roundNearestEven );
>>  ^~~
>>  !
>> 8 errors generated.
>> make[1]: *** [/tmp/qemu-test/src/rules.mak:69: fpu/softfloat.o] Error 1
>> make[1]: *** Waiting for unfinished jobs
>> make: *** [Makefile:527: x86_64-softmmu/all] Error 2
>
> The fix for this is in Richard's tcg queue:
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg711229.html

Ahh of course - the fedora bump brought the newer clang.


-- 
Alex Bennée

Re: [PULL v2 00/58] virtio, acpi, pci: features, fixes, cleanups, tests

[Peter Maydell]

On Fri, 12 Jun 2020 at 15:51, Michael S. Tsirkin  wrote:
>
> changes from v1:
> - printf format fixed for 32 bit hosts
> - a couple of bugfixes added
>
> The following changes since commit 49ee11555262a256afec592dfed7c5902d5eefd2:
>
>   Merge remote-tracking branch 
> 'remotes/vivier2/tags/linux-user-for-5.1-pull-request' into staging 
> (2020-06-08 11:04:57 +0100)
>
> are available in the Git repository at:
>
>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>
> for you to fetch changes up to 10d35e581901c09ee3817ac7cddd296d05291a9d:
>
>   virtio-pci: fix queue_enable write (2020-06-12 10:17:06 -0400)
>
> 
> virtio,acpi,pci: features, fixes, cleanups, tests
>
> Max slots negotiation for vhost-user.
> Free page reporting for balloon.
> Partial TPM2 ACPI support for ARM.
> Support for NVDIMMs having their own proximity domains.
> New vhost-user-vsock device.
>
> Fixes, cleanups in ACPI, PCI, virtio.
> New tests for TPM ACPI.
>
> Signed-off-by: Michael S. Tsirkin 
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
for any user-visible changes.

-- PMM

Re: [PATCH v1 00/18] testing/next (tsan, dtc warnings, cross-builds)

[Philippe Mathieu-Daudé]

On 6/12/20 9:44 PM, no-re...@patchew.org wrote:
> Patchew URL: 
> https://patchew.org/QEMU/20200612190237.30436-1-alex.ben...@linaro.org/
>   CC  x86_64-softmmu/fpu/softfloat.o
>   CC  x86_64-softmmu/disas.o
> /usr/bin/ld: 
> /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o):
>  warning: common of `__interception::real_vfork' overridden by definition 
> from 
> /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
>   GEN x86_64-softmmu/gdbstub-xml.c
>   CC  x86_64-softmmu/arch_init.o
>   CC  x86_64-softmmu/cpus.o
>   CC  x86_64-softmmu/gdbstub.o
>   CC  x86_64-softmmu/balloon.o
>   CC  x86_64-softmmu/ioport.o
> /tmp/qemu-test/src/fpu/softfloat.c:3365:13: error: bitwise negation of a 
> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
> absZ &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
> ^~
> !
> /tmp/qemu-test/src/fpu/softfloat.c:3423:18: error: bitwise negation of a 
> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
> absZ0 &= ~ ( ( (uint64_t) ( absZ1<<1 ) == 0 ) & roundNearestEven );
>  ^
>  !
> /tmp/qemu-test/src/fpu/softfloat.c:3483:18: error: bitwise negation of a 
> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
> absZ0 &= ~(((uint64_t)(absZ1<<1) == 0) & roundNearestEven);
>  ^
>  !
> /tmp/qemu-test/src/fpu/softfloat.c:3606:13: error: bitwise negation of a 
> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
> zSig &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
> ^~
> !
> /tmp/qemu-test/src/fpu/softfloat.c:3760:13: error: bitwise negation of a 
> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
> zSig &= ~ ( ( ( roundBits ^ 0x200 ) == 0 ) & roundNearestEven );
> ^~~
> !
> /tmp/qemu-test/src/fpu/softfloat.c:3987:21: error: bitwise negation of a 
> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
> ~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven );
> ^
> !
> /tmp/qemu-test/src/fpu/softfloat.c:4003:22: error: bitwise negation of a 
> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
> zSig0 &= ~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven 
> );
>  ^
>  !
> /tmp/qemu-test/src/fpu/softfloat.c:4273:18: error: bitwise negation of a 
> boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
> zSig1 &= ~ ( ( zSig2 + zSig2 == 0 ) & roundNearestEven );
>  ^~~
>  !
> 8 errors generated.
> make[1]: *** [/tmp/qemu-test/src/rules.mak:69: fpu/softfloat.o] Error 1
> make[1]: *** Waiting for unfinished jobs
> make: *** [Makefile:527: x86_64-softmmu/all] Error 2

The fix for this is in Richard's tcg queue:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg711229.html

[RFC PATCH] plugins: expand the bb plugin to be thread safe and track per-cpu

[Alex Bennée]

While there isn't any easy way to make the inline counts thread safe
we can ensure the callback based ones are. While we are at it we can
reduce introduce a new option ("idle") to dump a report of the current
bb and insn count each time a vCPU enters the idle state.

Signed-off-by: Alex Bennée 
Cc: Dave Bort 
---
 tests/plugin/bb.c | 85 ++-
 1 file changed, 77 insertions(+), 8 deletions(-)

diff --git a/tests/plugin/bb.c b/tests/plugin/bb.c
index df19fd359df..5c08367d3d7 100644
--- a/tests/plugin/bb.c
+++ b/tests/plugin/bb.c
@@ -16,24 +16,68 @@
 
 QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
 
+/* Used by the inline counts */
 static uint64_t bb_count;
 static uint64_t insn_count;
 static bool do_inline;
 
+/* Dump running CPU total on idle? */
+static bool idle_report;
+
+typedef struct {
+GMutex lock;
+int index;
+uint64_t bb_count;
+uint64_t insn_count;
+} CPUCount;
+
+static GPtrArray *counts;
+static int max_cpus;
+
+static void gen_one_cpu_report(CPUCount *count, GString *report)
+{
+if (count->bb_count) {
+g_string_append_printf(report, "CPU%d: "
+   "bb's: %" PRIu64", insns: %" PRIu64 "\n",
+   count->index,
+   count->bb_count, count->insn_count);
+}
+}
+
 static void plugin_exit(qemu_plugin_id_t id, void *p)
 {
-g_autofree gchar *out = g_strdup_printf(
-"bb's: %" PRIu64", insns: %" PRIu64 "\n",
-bb_count, insn_count);
-qemu_plugin_outs(out);
+g_autoptr(GString) report = g_string_new("");
+
+if (do_inline) {
+g_string_printf(report, "bb's: %" PRIu64", insns: %" PRIu64 "\n",
+bb_count, insn_count);
+} else {
+g_ptr_array_foreach(counts, (GFunc) gen_one_cpu_report, report);
+}
+qemu_plugin_outs(report->str);
+}
+
+static void vcpu_idle(qemu_plugin_id_t id, unsigned int cpu_index)
+{
+CPUCount *count = g_ptr_array_index(counts, cpu_index);
+g_autoptr(GString) report = g_string_new("");
+gen_one_cpu_report(count, report);
+
+if (report->len > 0) {
+g_string_prepend(report, "Idling ");
+qemu_plugin_outs(report->str);
+}
 }
 
 static void vcpu_tb_exec(unsigned int cpu_index, void *udata)
 {
+CPUCount *count = g_ptr_array_index(counts, cpu_index);
 unsigned long n_insns = (unsigned long)udata;
 
-insn_count += n_insns;
-bb_count++;
+g_mutex_lock(&count->lock);
+count->insn_count += n_insns;
+count->bb_count++;
+g_mutex_unlock(&count->lock);
 }
 
 static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb)
@@ -56,8 +100,33 @@ QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t 
id,
const qemu_info_t *info,
int argc, char **argv)
 {
-if (argc && strcmp(argv[0], "inline") == 0) {
-do_inline = true;
+int i;
+
+for (i = 0; i < argc; i++) {
+char *opt = argv[i];
+if (g_strcmp0(opt, "inline") == 0) {
+do_inline = true;
+} else if (g_strcmp0(opt, "idle") == 0) {
+idle_report = true;
+} else {
+fprintf(stderr, "option parsing failed: %s\n", opt);
+return -1;
+}
+}
+
+if (!do_inline) {
+max_cpus = info->system.max_vcpus;
+counts = g_ptr_array_new();
+for (i = 0; i < max_cpus; i++) {
+CPUCount *count = g_new0(CPUCount, 1);
+g_mutex_init(&count->lock);
+count->index = i;
+g_ptr_array_add(counts, count);
+}
+}
+
+if (idle_report) {
+qemu_plugin_register_vcpu_idle_cb(id, vcpu_idle);
 }
 
 qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans);
-- 
2.20.1

Re: [PATCH v1 00/18] testing/next (tsan, dtc warnings, cross-builds)

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20200612190237.30436-1-alex.ben...@linaro.org/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

 perl-Encode-devel   x86_64  4:3.06-445.fc32
updates   42 k
 perl-Envnoarch  1.04-440.fc32  
fedora19 k
 perl-Errno  x86_64  1.30-453.fc32  
updates   24 k
 perl-Error  noarch  1:0.17029-1.fc32   
fedora42 k
 perl-Exporter   noarch  5.74-2.fc32
fedora32 k
 perl-Exporter-Tiny  noarch  1.002001-5.fc32
fedora51 k
 perl-ExtUtils-CBuilder  noarch  1:0.280234-2.fc32  
fedora47 k
---
(523/711): perl-Env-1.04-440.fc32.noarch.rpm288 kB/s |  19 kB 00:00
(524/711): perl-Encode-Locale-1.05-15.fc32.noar 154 kB/s |  19 kB 00:00
(525/711): perl-Exporter-5.74-2.fc32.noarch.rpm 466 kB/s |  32 kB 00:00
(526/711): perl-Error-0.17029-1.fc32.noarch.rpm 513 kB/s |  42 kB 00:00
(527/711): perl-Exporter-Tiny-1.002001-5.fc32.n 635 kB/s |  51 kB 00:00
(528/711): perl-ExtUtils-CBuilder-0.280234-2.fc 681 kB/s |  47 kB 00:00
(529/711): perl-ExtUtils-Command-7.44-2.fc32.no 180 kB/s |  14 kB 00:00
---
  Installing   : perl-DB_File-1.853-2.fc32.x86_64   182/725 
  Installing   : perl-Devel-Size-0.83-5.fc32.x86_64 183/725 
  Installing   : perl-Env-1.04-440.fc32.noarch  184/725 
  Installing   : perl-Error-1:0.17029-1.fc32.noarch 185/725 
  Installing   : perl-ExtUtils-MM-Utils-2:7.44-2.fc32.noarch186/725 
  Installing   : perl-IPC-SysV-2.07-442.fc32.x86_64 187/725 
  Installing   : perl-IPC-System-Simple-1.30-1.fc32.noarch  188/725 
---
  Verifying: perl-Digest-SHA-1:6.02-442.fc32.x86_64 522/725 
  Verifying: perl-Encode-Locale-1.05-15.fc32.noarch 523/725 
  Verifying: perl-Env-1.04-440.fc32.noarch  524/725 
  Verifying: perl-Error-1:0.17029-1.fc32.noarch 525/725 
  Verifying: perl-Exporter-5.74-2.fc32.noarch   526/725 
  Verifying: perl-Exporter-Tiny-1.002001-5.fc32.noarch  527/725 
  Verifying: perl-ExtUtils-CBuilder-1:0.280234-2.fc32.noarch528/725 
---
  perl-Encode-devel-4:3.06-445.fc32.x86_64  
  perl-Env-1.04-440.fc32.noarch 
  perl-Errno-1.30-453.fc32.x86_64   
  perl-Error-1:0.17029-1.fc32.noarch
  perl-Exporter-5.74-2.fc32.noarch  
  perl-Exporter-Tiny-1.002001-5.fc32.noarch 
  perl-ExtUtils-CBuilder-1:0.280234-2.fc32.noarch   
---
  CC  contrib/vhost-user-input/main.o
  LINKtests/qemu-iotests/socket_scm_helper
  GEN docs/interop/qemu-qmp-ref.html
/usr/bin/ld: 
/usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o):
 warning: common of `__interception::real_vfork' overridden by definition from 
/usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
  GEN docs/interop/qemu-qmp-ref.txt
  GEN docs/interop/qemu-qmp-ref.7
  CC  qga/commands.o
---
  AR  libvhost-user.a
  GEN docs/interop/qemu-ga-ref.html
  GEN docs/interop/qemu-ga-ref.txt
/usr/bin/ld: 
/usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o):
 warning: common of `__interception::real_vfork' overridden by definition from 
/usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
  GEN docs/interop/qemu-ga-ref.7
  AS  pc-bios/optionrom/kvmvapic.o
  LINKqemu-keymap
  AS  pc-bios/optionrom/pvh.o
  LINKivshmem-client
/usr/bin/ld: 
/usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o):
 warning: common of `__interception::real_vfork' overridden by definition from 
/usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
/usr/bin/ld: 
/usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o):
 warning: common of `__interception::real_vfork' overridden by definition from 
/usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_inte

[PATCH v1 14/18] util: Added tsan annotate for thread name.

[Alex Bennée]

From: Robert Foley 

This allows us to see the name of the thread in tsan
warning reports such as this:

  Thread T7 'CPU 1/TCG' (tid=24317, running) created by main thread at:

Signed-off-by: Robert Foley 
Reviewed-by: Emilio G. Cota 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-12-robert.fo...@linaro.org>
---
 util/qemu-thread-posix.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
index 838980aaa55..b4c2359272a 100644
--- a/util/qemu-thread-posix.c
+++ b/util/qemu-thread-posix.c
@@ -15,6 +15,7 @@
 #include "qemu/atomic.h"
 #include "qemu/notify.h"
 #include "qemu-thread-common.h"
+#include "qemu/tsan.h"
 
 static bool name_threads;
 
@@ -513,6 +514,7 @@ static void *qemu_thread_start(void *args)
 # endif
 }
 #endif
+QEMU_TSAN_ANNOTATE_THREAD_NAME(qemu_thread_args->name);
 g_free(qemu_thread_args->name);
 g_free(qemu_thread_args);
 pthread_cleanup_push(qemu_thread_atexit_notify, NULL);
-- 
2.20.1

[PATCH v1 16/18] tests: Disable select tests under TSan, which hit TSan issue.

[Alex Bennée]

From: Robert Foley 

Disable a few tests under CONFIG_TSAN, which
run into a known TSan issue that results in a hang.
https://github.com/google/sanitizers/issues/1116

The disabled tests under TSan include all the qtests as well as
the test-char, test-qga, and test-qdev-global-props.

Signed-off-by: Robert Foley 
Reviewed-by: Emilio G. Cota 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-14-robert.fo...@linaro.org>
---
 tests/Makefile.include   | 9 +++--
 tests/qtest/Makefile.include | 7 +--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index c2397de8ed6..8d82c24d835 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -55,7 +55,6 @@ SYSEMU_TARGET_LIST := $(subst -softmmu.mak,,$(notdir \
 
 check-unit-y += tests/check-qdict$(EXESUF)
 check-unit-y += tests/check-block-qdict$(EXESUF)
-check-unit-$(CONFIG_SOFTMMU) += tests/test-char$(EXESUF)
 check-unit-y += tests/check-qnum$(EXESUF)
 check-unit-y += tests/check-qstring$(EXESUF)
 check-unit-y += tests/check-qlist$(EXESUF)
@@ -108,7 +107,6 @@ check-unit-y += tests/test-qht$(EXESUF)
 check-unit-y += tests/test-qht-par$(EXESUF)
 check-unit-y += tests/test-bitops$(EXESUF)
 check-unit-y += tests/test-bitcnt$(EXESUF)
-check-unit-$(CONFIG_SOFTMMU) += tests/test-qdev-global-props$(EXESUF)
 check-unit-y += tests/check-qom-interface$(EXESUF)
 check-unit-y += tests/check-qom-proplist$(EXESUF)
 check-unit-y += tests/test-qemu-opts$(EXESUF)
@@ -123,9 +121,16 @@ check-speed-$(CONFIG_BLOCK) += 
tests/benchmark-crypto-cipher$(EXESUF)
 check-unit-$(CONFIG_BLOCK) += tests/test-crypto-secret$(EXESUF)
 check-unit-$(call land,$(CONFIG_BLOCK),$(CONFIG_GNUTLS)) += 
tests/test-crypto-tlscredsx509$(EXESUF)
 check-unit-$(call land,$(CONFIG_BLOCK),$(CONFIG_GNUTLS)) += 
tests/test-crypto-tlssession$(EXESUF)
+ifndef CONFIG_TSAN
+# Some tests: test-char, test-qdev-global-props, and test-qga,
+# are not runnable under TSan due to a known issue.
+# https://github.com/google/sanitizers/issues/1116
+check-unit-$(CONFIG_SOFTMMU) += tests/test-char$(EXESUF)
+check-unit-$(CONFIG_SOFTMMU) += tests/test-qdev-global-props$(EXESUF)
 ifneq (,$(findstring qemu-ga,$(TOOLS)))
 check-unit-$(call land,$(CONFIG_LINUX),$(CONFIG_VIRTIO_SERIAL)) += 
tests/test-qga$(EXESUF)
 endif
+endif
 check-unit-$(CONFIG_SOFTMMU) += tests/test-timed-average$(EXESUF)
 check-unit-$(call land,$(CONFIG_SOFTMMU),$(CONFIG_INOTIFY1)) += 
tests/test-util-filemonitor$(EXESUF)
 check-unit-$(CONFIG_SOFTMMU) += tests/test-util-sockets$(EXESUF)
diff --git a/tests/qtest/Makefile.include b/tests/qtest/Makefile.include
index 9e5a51d033a..71fd714a2a9 100644
--- a/tests/qtest/Makefile.include
+++ b/tests/qtest/Makefile.include
@@ -313,12 +313,15 @@ tests/qtest/tpm-tis-device-test$(EXESUF): 
tests/qtest/tpm-tis-device-test.o test
 # QTest rules
 
 TARGETS=$(patsubst %-softmmu,%, $(filter %-softmmu,$(TARGET_DIRS)))
+QTEST_TARGETS =
+# The qtests are not runnable (yet) under TSan due to a known issue.
+# https://github.com/google/sanitizers/issues/1116
+ifndef CONFIG_TSAN
 ifeq ($(CONFIG_POSIX),y)
 QTEST_TARGETS = $(TARGETS)
 check-qtest-y=$(foreach TARGET,$(TARGETS), 
$(check-qtest-$(TARGET)-y:%=tests/qtest/%$(EXESUF)))
 check-qtest-y += $(check-qtest-generic-y:%=tests/qtest/%$(EXESUF))
-else
-QTEST_TARGETS =
+endif
 endif
 
 qtest-obj-y = tests/qtest/libqtest.o $(test-util-obj-y)
-- 
2.20.1

[PATCH v1 11/18] thread: add tsan annotations to QemuSpin

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-9-robert.fo...@linaro.org>
---
 include/qemu/thread.h | 39 ---
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index e50a0738897..43fc094b963 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -206,6 +206,10 @@ void qemu_thread_atexit_add(struct Notifier *notifier);
  */
 void qemu_thread_atexit_remove(struct Notifier *notifier);
 
+#ifdef CONFIG_TSAN
+#include 
+#endif
+
 struct QemuSpin {
 int value;
 };
@@ -213,23 +217,46 @@ struct QemuSpin {
 static inline void qemu_spin_init(QemuSpin *spin)
 {
 __sync_lock_release(&spin->value);
+#ifdef CONFIG_TSAN
+__tsan_mutex_create(spin, __tsan_mutex_not_static);
+#endif
 }
 
-static inline void qemu_spin_destroy(QemuSpin *spin)
-{ }
+/* const parameter because the only purpose here is the TSAN annotation */
+static inline void qemu_spin_destroy(const QemuSpin *spin)
+{
+#ifdef CONFIG_TSAN
+__tsan_mutex_destroy((void *)spin, __tsan_mutex_not_static);
+#endif
+}
 
 static inline void qemu_spin_lock(QemuSpin *spin)
 {
+#ifdef CONFIG_TSAN
+__tsan_mutex_pre_lock(spin, 0);
+#endif
 while (unlikely(__sync_lock_test_and_set(&spin->value, true))) {
 while (atomic_read(&spin->value)) {
 cpu_relax();
 }
 }
+#ifdef CONFIG_TSAN
+__tsan_mutex_post_lock(spin, 0, 0);
+#endif
 }
 
 static inline bool qemu_spin_trylock(QemuSpin *spin)
 {
-return __sync_lock_test_and_set(&spin->value, true);
+#ifdef CONFIG_TSAN
+__tsan_mutex_pre_lock(spin, __tsan_mutex_try_lock);
+#endif
+bool busy = __sync_lock_test_and_set(&spin->value, true);
+#ifdef CONFIG_TSAN
+unsigned flags = __tsan_mutex_try_lock;
+flags |= busy ? __tsan_mutex_try_lock_failed : 0;
+__tsan_mutex_post_lock(spin, flags, 0);
+#endif
+return busy;
 }
 
 static inline bool qemu_spin_locked(QemuSpin *spin)
@@ -239,7 +266,13 @@ static inline bool qemu_spin_locked(QemuSpin *spin)
 
 static inline void qemu_spin_unlock(QemuSpin *spin)
 {
+#ifdef CONFIG_TSAN
+__tsan_mutex_pre_unlock(spin, 0);
+#endif
 __sync_lock_release(&spin->value);
+#ifdef CONFIG_TSAN
+__tsan_mutex_post_unlock(spin, 0);
+#endif
 }
 
 struct QemuLockCnt {
-- 
2.20.1

[PATCH v1 15/18] docs: Added details on TSan to testing.rst

[Alex Bennée]

From: Robert Foley 

Adds TSan details to testing.rst.
This includes background and reference details on TSan,
and details on how to build and test with TSan
both with and without docker.

Signed-off-by: Robert Foley 
Reviewed-by: Emilio G. Cota 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-13-robert.fo...@linaro.org>
---
 docs/devel/testing.rst | 107 +
 1 file changed, 107 insertions(+)

diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst
index 770a987ea42..c1ff24370bf 100644
--- a/docs/devel/testing.rst
+++ b/docs/devel/testing.rst
@@ -397,6 +397,113 @@ list is in the ``make docker`` help text. The frequently 
used ones are:
 * ``DEBUG=1``: enables debug. See the previous "Debugging a Docker test
   failure" section.
 
+Thread Sanitizer
+
+
+Thread Sanitizer (TSan) is a tool which can detect data races.  QEMU supports
+building and testing with this tool.
+
+For more information on TSan:
+
+https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual
+
+Thread Sanitizer in Docker
+---
+TSan is currently supported in the ubuntu2004 docker.
+
+The test-tsan test will build using TSan and then run make check.
+
+.. code::
+
+  make docker-test-tsan@ubuntu2004
+
+TSan warnings under docker are placed in files located at build/tsan/.
+
+We recommend using DEBUG=1 to allow launching the test from inside the docker,
+and to allow review of the warnings generated by TSan.
+
+Building and Testing with TSan
+--
+
+It is possible to build and test with TSan, with a few additional steps.
+These steps are normally done automatically in the docker.
+
+There is a one time patch needed in clang-9 or clang-10 at this time:
+
+.. code::
+
+  sed -i 's/^const/static const/g' \
+  /usr/lib/llvm-10/lib/clang/10.0.0/include/sanitizer/tsan_interface.h
+
+To configure the build for TSan:
+
+.. code::
+
+  ../configure --enable-tsan --cc=clang-10 --cxx=clang++-10 \
+   --disable-werror --extra-cflags="-O0"
+
+The runtime behavior of TSAN is controlled by the TSAN_OPTIONS environment
+variable.
+
+More information on the TSAN_OPTIONS can be found here:
+
+https://github.com/google/sanitizers/wiki/ThreadSanitizerFlags
+
+For example:
+
+.. code::
+
+  export TSAN_OPTIONS=suppressions=/tests/tsan/suppressions.tsan 
\
+  detect_deadlocks=false history_size=7 exitcode=0 \
+  log_path=/tsan/tsan_warning
+
+The above exitcode=0 has TSan continue without error if any warnings are found.
+This allows for running the test and then checking the warnings afterwards.
+If you want TSan to stop and exit with error on warnings, use exitcode=66.
+
+TSan Suppressions
+-
+Keep in mind that for any data race warning, although there might be a data 
race
+detected by TSan, there might be no actual bug here.  TSan provides several
+different mechanisms for suppressing warnings.  In general it is recommended
+to fix the code if possible to eliminate the data race rather than suppress
+the warning.
+
+A few important files for suppressing warnings are:
+
+tests/tsan/suppressions.tsan - Has TSan warnings we wish to suppress at 
runtime.
+The comment on each supression will typically indicate why we are
+suppressing it.  More information on the file format can be found here:
+
+https://github.com/google/sanitizers/wiki/ThreadSanitizerSuppressions
+
+tests/tsan/blacklist.tsan - Has TSan warnings we wish to disable
+at compile time for test or debug.
+Add flags to configure to enable:
+
+"--extra-cflags=-fsanitize-blacklist=/tests/tsan/blacklist.tsan"
+
+More information on the file format can be found here under "Blacklist Format":
+
+https://github.com/google/sanitizers/wiki/ThreadSanitizerFlags
+
+TSan Annotations
+
+include/qemu/tsan.h defines annotations.  See this file for more descriptions
+of the annotations themselves.  Annotations can be used to suppress
+TSan warnings or give TSan more information so that it can detect proper
+relationships between accesses of data.
+
+Annotation examples can be found here:
+
+https://github.com/llvm/llvm-project/tree/master/compiler-rt/test/tsan/
+
+Good files to start with are: annotate_happens_before.cpp and ignore_race.cpp
+
+The full set of annotations can be found here:
+
+https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/tsan/rtl/tsan_interface_ann.cpp
+
 VM testing
 ==
 
-- 
2.20.1

[PATCH v1 07/18] cputlb: destroy CPUTLB with tlb_destroy

[Alex Bennée]

From: "Emilio G. Cota" 

I was after adding qemu_spin_destroy calls, but while at
it I noticed that we are leaking some memory.

Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-5-robert.fo...@linaro.org>
---
 include/exec/exec-all.h |  8 
 accel/tcg/cputlb.c  | 15 +++
 exec.c  |  1 +
 3 files changed, 24 insertions(+)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 8792bea07ab..3cf88272df9 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -124,6 +124,11 @@ void cpu_address_space_init(CPUState *cpu, int asidx,
  * @cpu: CPU whose TLB should be initialized
  */
 void tlb_init(CPUState *cpu);
+/**
+ * tlb_destroy - destroy a CPU's TLB
+ * @cpu: CPU whose TLB should be destroyed
+ */
+void tlb_destroy(CPUState *cpu);
 /**
  * tlb_flush_page:
  * @cpu: CPU whose TLB should be flushed
@@ -284,6 +289,9 @@ void tlb_set_page(CPUState *cpu, target_ulong vaddr,
 static inline void tlb_init(CPUState *cpu)
 {
 }
+static inline void tlb_destroy(CPUState *cpu)
+{
+}
 static inline void tlb_flush_page(CPUState *cpu, target_ulong addr)
 {
 }
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index eb2cf9de5e6..1e815357c70 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -270,6 +270,21 @@ void tlb_init(CPUState *cpu)
 }
 }
 
+void tlb_destroy(CPUState *cpu)
+{
+CPUArchState *env = cpu->env_ptr;
+int i;
+
+qemu_spin_destroy(&env_tlb(env)->c.lock);
+for (i = 0; i < NB_MMU_MODES; i++) {
+CPUTLBDesc *desc = &env_tlb(env)->d[i];
+CPUTLBDescFast *fast = &env_tlb(env)->f[i];
+
+g_free(fast->table);
+g_free(desc->iotlb);
+}
+}
+
 /* flush_all_helper: run fn across all cpus
  *
  * If the wait flag is set then the src cpu's helper will be queued as
diff --git a/exec.c b/exec.c
index a0bf9d61c87..6d7c312c910 100644
--- a/exec.c
+++ b/exec.c
@@ -892,6 +892,7 @@ void cpu_exec_unrealizefn(CPUState *cpu)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
+tlb_destroy(cpu);
 cpu_list_remove(cpu);
 
 if (cc->vmsd != NULL) {
-- 
2.20.1

[PATCH v1 18/18] cirrus.yml: serialise make check

[Alex Bennée]

We do this on our other platforms to make it easier to see what has
broken.

Signed-off-by: Alex Bennée 
---
 .cirrus.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.cirrus.yml b/.cirrus.yml
index ce7850a320e..69342ae031b 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -14,7 +14,7 @@ freebsd_12_task:
 - cd build
 - ../configure || { cat config.log; exit 1; }
 - gmake -j8
-- gmake -j8 V=1 check
+- gmake V=1 check
 
 macos_task:
   osx_instance:
@@ -26,7 +26,7 @@ macos_task:
 - cd build
 - ../configure --python=/usr/local/bin/python3 || { cat config.log; exit 
1; }
 - gmake -j$(sysctl -n hw.ncpu)
-- gmake check -j$(sysctl -n hw.ncpu)
+- gmake check
 
 macos_xcode_task:
   osx_instance:
@@ -39,4 +39,4 @@ macos_xcode_task:
 - cd build
 - ../configure --cc=clang || { cat config.log; exit 1; }
 - gmake -j$(sysctl -n hw.ncpu)
-- gmake check -j$(sysctl -n hw.ncpu)
+- gmake check
-- 
2.20.1

[PATCH v1 08/18] qht: call qemu_spin_destroy for head buckets

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-6-robert.fo...@linaro.org>
---
 util/qht.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/util/qht.c b/util/qht.c
index aa51be3c52f..67e5d5b9163 100644
--- a/util/qht.c
+++ b/util/qht.c
@@ -348,6 +348,7 @@ static inline void qht_chain_destroy(const struct 
qht_bucket *head)
 struct qht_bucket *curr = head->next;
 struct qht_bucket *prev;
 
+qemu_spin_destroy(&head->lock);
 while (curr) {
 prev = curr;
 curr = curr->next;
-- 
2.20.1

[PATCH v1 17/18] Revert ".shippable: temporaily disable some cross builds"

[Alex Bennée]

This reverts commit 12d43b5ae916809aad9ccf8aa2a0a06260527340.

Signed-off-by: Alex Bennée 
---
 .shippable.yml | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.shippable.yml b/.shippable.yml
index 10cf219bff4..2cce7b56890 100644
--- a/.shippable.yml
+++ b/.shippable.yml
@@ -5,8 +5,8 @@ env:
   global:
 - LC_ALL=C
   matrix:
-# - IMAGE=debian-amd64
-#   TARGET_LIST=x86_64-softmmu,x86_64-linux-user
+- IMAGE=debian-amd64
+  TARGET_LIST=x86_64-softmmu,x86_64-linux-user
 - IMAGE=debian-win32-cross
   TARGET_LIST=arm-softmmu,i386-softmmu,lm32-softmmu
 - IMAGE=debian-win64-cross
@@ -19,10 +19,10 @@ env:
   TARGET_LIST=aarch64-softmmu,aarch64-linux-user
 - IMAGE=debian-s390x-cross
   TARGET_LIST=s390x-softmmu,s390x-linux-user
-# - IMAGE=debian-mips-cross
-#   TARGET_LIST=mips-softmmu,mipsel-linux-user
-# - IMAGE=debian-mips64el-cross
-#   TARGET_LIST=mips64el-softmmu,mips64el-linux-user
+- IMAGE=debian-mips-cross
+  TARGET_LIST=mips-softmmu,mipsel-linux-user
+- IMAGE=debian-mips64el-cross
+  TARGET_LIST=mips64el-softmmu,mips64el-linux-user
 - IMAGE=debian-ppc64el-cross
   TARGET_LIST=ppc64-softmmu,ppc64-linux-user,ppc64abi32-linux-user
 build:
-- 
2.20.1

[PATCH v1 06/18] thread: add qemu_spin_destroy

[Alex Bennée]

From: "Emilio G. Cota" 

It will be used for TSAN annotations.

Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-4-robert.fo...@linaro.org>
---
 include/qemu/thread.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index d22848138ea..e50a0738897 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -215,6 +215,9 @@ static inline void qemu_spin_init(QemuSpin *spin)
 __sync_lock_release(&spin->value);
 }
 
+static inline void qemu_spin_destroy(QemuSpin *spin)
+{ }
+
 static inline void qemu_spin_lock(QemuSpin *spin)
 {
 while (unlikely(__sync_lock_test_and_set(&spin->value, true))) {
-- 
2.20.1

[PATCH v1 13/18] include/qemu: Added tsan.h for annotations.

[Alex Bennée]

From: Robert Foley 

These annotations will allow us to give tsan
additional hints.  For example, we can inform
tsan about reads/writes to ignore to silence certain
classes of warnings.
We can also annotate threads so that the proper thread
naming shows up in tsan warning results.

Signed-off-by: Robert Foley 
Reviewed-by: Emilio G. Cota 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-11-robert.fo...@linaro.org>
---
 include/qemu/tsan.h | 71 +
 1 file changed, 71 insertions(+)
 create mode 100644 include/qemu/tsan.h

diff --git a/include/qemu/tsan.h b/include/qemu/tsan.h
new file mode 100644
index 000..09cc665f91d
--- /dev/null
+++ b/include/qemu/tsan.h
@@ -0,0 +1,71 @@
+#ifndef QEMU_TSAN_H
+#define QEMU_TSAN_H
+/*
+ * tsan.h
+ *
+ * This file defines macros used to give ThreadSanitizer
+ * additional information to help suppress warnings.
+ * This is necessary since TSan does not provide a header file
+ * for these annotations.  The standard way to include these
+ * is via the below macros.
+ *
+ * Annotation examples can be found here:
+ *  https://github.com/llvm/llvm-project/tree/master/compiler-rt/test/tsan
+ * annotate_happens_before.cpp or ignore_race.cpp are good places to start.
+ *
+ * The full set of annotations can be found here in tsan_interface_ann.cpp.
+ *  https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/tsan/rtl/
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifdef CONFIG_TSAN
+/*
+ * Informs TSan of a happens before/after relationship.
+ */
+#define QEMU_TSAN_ANNOTATE_HAPPENS_BEFORE(addr) \
+AnnotateHappensBefore(__FILE__, __LINE__, (void *)(addr))
+#define QEMU_TSAN_ANNOTATE_HAPPENS_AFTER(addr) \
+AnnotateHappensAfter(__FILE__, __LINE__, (void *)(addr))
+/*
+ * Gives TSan more information about thread names it can report the
+ * name of the thread in the warning report.
+ */
+#define QEMU_TSAN_ANNOTATE_THREAD_NAME(name) \
+AnnotateThreadName(__FILE__, __LINE__, (void *)(name))
+/*
+ * Allows defining a region of code on which TSan will not record memory READS.
+ * This has the effect of disabling race detection for this section of code.
+ */
+#define QEMU_TSAN_ANNOTATE_IGNORE_READS_BEGIN() \
+AnnotateIgnoreReadsBegin(__FILE__, __LINE__)
+#define QEMU_TSAN_ANNOTATE_IGNORE_READS_END() \
+AnnotateIgnoreReadsEnd(__FILE__, __LINE__)
+/*
+ * Allows defining a region of code on which TSan will not record memory
+ * WRITES.  This has the effect of disabling race detection for this
+ * section of code.
+ */
+#define QEMU_TSAN_ANNOTATE_IGNORE_WRITES_BEGIN() \
+AnnotateIgnoreWritesBegin(__FILE__, __LINE__)
+#define QEMU_TSAN_ANNOTATE_IGNORE_WRITES_END() \
+AnnotateIgnoreWritesEnd(__FILE__, __LINE__)
+#else
+#define QEMU_TSAN_ANNOTATE_HAPPENS_BEFORE(addr)
+#define QEMU_TSAN_ANNOTATE_HAPPENS_AFTER(addr)
+#define QEMU_TSAN_ANNOTATE_THREAD_NAME(name)
+#define QEMU_TSAN_ANNOTATE_IGNORE_READS_BEGIN()
+#define QEMU_TSAN_ANNOTATE_IGNORE_READS_END()
+#define QEMU_TSAN_ANNOTATE_IGNORE_WRITES_BEGIN()
+#define QEMU_TSAN_ANNOTATE_IGNORE_WRITES_END()
+#endif
+
+void AnnotateHappensBefore(const char *f, int l, void *addr);
+void AnnotateHappensAfter(const char *f, int l, void *addr);
+void AnnotateThreadName(const char *f, int l, char *name);
+void AnnotateIgnoreReadsBegin(const char *f, int l);
+void AnnotateIgnoreReadsEnd(const char *f, int l);
+void AnnotateIgnoreWritesBegin(const char *f, int l);
+void AnnotateIgnoreWritesEnd(const char *f, int l);
+#endif
-- 
2.20.1

[PATCH v1 09/18] tcg: call qemu_spin_destroy for tb->jmp_lock

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Signed-off-by: Alex Bennée 
[RF: minor changes + remove tb_destroy_func]
Message-Id: <20200609200738.445-7-robert.fo...@linaro.org>
---
 include/tcg/tcg.h | 1 +
 accel/tcg/translate-all.c | 8 
 tcg/tcg.c | 9 +
 3 files changed, 18 insertions(+)

diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index 380014ed805..e63450a8936 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -819,6 +819,7 @@ void tcg_pool_reset(TCGContext *s);
 TranslationBlock *tcg_tb_alloc(TCGContext *s);
 
 void tcg_region_init(void);
+void tb_destroy(TranslationBlock *tb);
 void tcg_region_reset_all(void);
 
 size_t tcg_code_size(void);
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 42ce1dfcff7..c937210e217 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -384,6 +384,11 @@ static int cpu_restore_state_from_tb(CPUState *cpu, 
TranslationBlock *tb,
 return 0;
 }
 
+void tb_destroy(TranslationBlock *tb)
+{
+qemu_spin_destroy(&tb->jmp_lock);
+}
+
 bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
 {
 TranslationBlock *tb;
@@ -413,6 +418,7 @@ bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, 
bool will_exit)
 /* one-shot translation, invalidate it immediately */
 tb_phys_invalidate(tb, -1);
 tcg_tb_remove(tb);
+tb_destroy(tb);
 }
 r = true;
 }
@@ -1886,6 +1892,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 
 orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
 atomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
+tb_destroy(tb);
 return existing_tb;
 }
 tcg_tb_insert(tb);
@@ -2235,6 +2242,7 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
 tb_phys_invalidate(tb->orig_tb, -1);
 }
 tcg_tb_remove(tb);
+tb_destroy(tb);
 }
 
 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 1aa6cb47f29..1362bc61017 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -502,6 +502,14 @@ size_t tcg_nb_tbs(void)
 return nb_tbs;
 }
 
+static gboolean tcg_region_tree_traverse(gpointer k, gpointer v, gpointer data)
+{
+TranslationBlock *tb = v;
+
+tb_destroy(tb);
+return FALSE;
+}
+
 static void tcg_region_tree_reset_all(void)
 {
 size_t i;
@@ -510,6 +518,7 @@ static void tcg_region_tree_reset_all(void)
 for (i = 0; i < region.n; i++) {
 struct tcg_region_tree *rt = region_trees + i * tree_size;
 
+g_tree_foreach(rt->tree, tcg_region_tree_traverse, NULL);
 /* Increment the refcount first so that destroy acts as a reset */
 g_tree_ref(rt->tree);
 g_tree_destroy(rt->tree);
-- 
2.20.1

[PATCH v1 04/18] configure: add --enable-tsan flag + fiber annotations for coroutine-ucontext

[Alex Bennée]

From: Lingfeng Yang 

We tried running QEMU under tsan in 2016, but tsan's lack of support for
longjmp-based fibers was a blocker:
  https://groups.google.com/forum/#!topic/thread-sanitizer/se0YuzfWazw

Fortunately, thread sanitizer gained fiber support in early 2019:
  https://reviews.llvm.org/D54889

This patch brings tsan support upstream by importing the patch that annotated
QEMU's coroutines as tsan fibers in Android's QEMU fork:
  https://android-review.googlesource.com/c/platform/external/qemu/+/844675

Tested with '--enable-tsan --cc=clang-9 --cxx=clang++-9 --disable-werror'
configure flags.

Signed-off-by: Lingfeng Yang 
Signed-off-by: Emilio G. Cota 
[cota: minor modifications + configure changes]
Signed-off-by: Robert Foley 
[RF: configure changes, coroutine fix + minor modifications]
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-2-robert.fo...@linaro.org>
---
 configure | 47 +++-
 util/coroutine-ucontext.c | 66 +--
 2 files changed, 103 insertions(+), 10 deletions(-)

diff --git a/configure b/configure
index af5d7aa57a1..860f4c63647 100755
--- a/configure
+++ b/configure
@@ -395,6 +395,7 @@ gprof="no"
 debug_tcg="no"
 debug="no"
 sanitizers="no"
+tsan="no"
 fortify_source=""
 strip_opt="yes"
 tcg_interpreter="no"
@@ -1150,6 +1151,10 @@ for opt do
   ;;
   --disable-sanitizers) sanitizers="no"
   ;;
+  --enable-tsan) tsan="yes"
+  ;;
+  --disable-tsan) tsan="no"
+  ;;
   --enable-sparse) sparse="yes"
   ;;
   --disable-sparse) sparse="no"
@@ -1754,6 +1759,7 @@ Advanced options (experts only):
   --with-pkgversion=VERS   use specified string as sub-version of the package
   --enable-debug   enable common debug build options
   --enable-sanitizers  enable default sanitizers
+  --enable-tsanenable thread sanitizer
   --disable-strip  disable stripping binaries
   --disable-werror disable compilation abort on warning
   --disable-stack-protector disable compiler-provided stack protection
@@ -6195,6 +6201,30 @@ if test "$fuzzing" = "yes" ; then
   fi
 fi
 
+# Thread sanitizer is, for now, much noisier than the other sanitizers;
+# keep it separate until that is not the case.
+if test "$tsan" = "yes" && test "$sanitizers" = "yes"; then
+  error_exit "TSAN is not supported with other sanitiziers."
+fi
+have_tsan=no
+have_tsan_iface_fiber=no
+if test "$tsan" = "yes" ; then
+  write_c_skeleton
+  if compile_prog "$CPU_CFLAGS -Werror -fsanitize=thread" "" ; then
+  have_tsan=yes
+  fi
+  cat > $TMPC << EOF
+#include 
+int main(void) {
+  __tsan_create_fiber(0);
+  return 0;
+}
+EOF
+  if compile_prog "$CPU_CFLAGS -Werror -fsanitize=thread" "" ; then
+  have_tsan_iface_fiber=yes
+  fi
+fi
+
 ##
 # check for libpmem
 
@@ -6296,6 +6326,16 @@ if test "$have_asan" = "yes"; then
"Without code annotation, the report may be inferior."
   fi
 fi
+if test "$have_tsan" = "yes" ; then
+  if test "$have_tsan_iface_fiber" = "yes" ; then
+QEMU_CFLAGS="-fsanitize=thread $QEMU_CFLAGS"
+QEMU_LDFLAGS="-fsanitize=thread $QEMU_LDFLAGS"
+  else
+error_exit "Cannot enable TSAN due to missing fiber annotation interface."
+  fi
+elif test "$tsan" = "yes" ; then
+  error_exit "Cannot enable TSAN due to missing sanitize thread interface."
+fi
 if test "$have_ubsan" = "yes"; then
   QEMU_CFLAGS="-fsanitize=undefined $QEMU_CFLAGS"
   QEMU_LDFLAGS="-fsanitize=undefined $QEMU_LDFLAGS"
@@ -6331,7 +6371,8 @@ if test "$werror" = "yes"; then
 QEMU_CFLAGS="-Werror $QEMU_CFLAGS"
 fi
 
-if test "$solaris" = "no" ; then
+# Exclude --warn-common with TSan to suppress warnings from the TSan libraries.
+if test "$solaris" = "no" && test "$tsan" = "no"; then
 if $ld --version 2>/dev/null | grep "GNU ld" >/dev/null 2>/dev/null ; then
 QEMU_LDFLAGS="-Wl,--warn-common $QEMU_LDFLAGS"
 fi
@@ -7385,6 +7426,10 @@ if test "$have_asan_iface_fiber" = "yes" ; then
 echo "CONFIG_ASAN_IFACE_FIBER=y" >> $config_host_mak
 fi
 
+if test "$have_tsan" = "yes" && test "$have_tsan_iface_fiber" = "yes" ; then
+echo "CONFIG_TSAN=y" >> $config_host_mak
+fi
+
 if test "$has_environ" = "yes" ; then
   echo "CONFIG_HAS_ENVIRON=y" >> $config_host_mak
 fi
diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
index bd593e61bc0..613f4c118e4 100644
--- a/util/coroutine-ucontext.c
+++ b/util/coroutine-ucontext.c
@@ -37,12 +37,19 @@
 #endif
 #endif
 
+#ifdef CONFIG_TSAN
+#include 
+#endif
+
 typedef struct {
 Coroutine base;
 void *stack;
 size_t stack_size;
 sigjmp_buf env;
 
+void *tsan_co_fiber;
+void *tsan_caller_fiber;
+
 #ifdef CONFIG_VALGRIND_H
 unsigned int valgrind_stack_id;
 #endif
@@ -65,7 +72,18 @@ union cc_arg {
 int i[2];
 };
 
-static void finish_switch_fiber(void *fake_stack_save)
+/* QEMU_ALWAYS_INLINE only does so if __OPTIMIZE__, so we cannot use it. */
+static inli

[PATCH v1 10/18] translate-all: call qemu_spin_destroy for PageDesc

[Alex Bennée]

From: "Emilio G. Cota" 

The radix tree is append-only, but we can fail to insert
a PageDesc if the insertion races with another thread.

Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-8-robert.fo...@linaro.org>
---
 accel/tcg/translate-all.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index c937210e217..c3d37058a17 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -547,6 +547,15 @@ static PageDesc *page_find_alloc(tb_page_addr_t index, int 
alloc)
 #endif
 existing = atomic_cmpxchg(lp, NULL, pd);
 if (unlikely(existing)) {
+#ifndef CONFIG_USER_ONLY
+{
+int i;
+
+for (i = 0; i < V_L2_SIZE; i++) {
+qemu_spin_destroy(&pd[i].lock);
+}
+}
+#endif
 g_free(pd);
 pd = existing;
 }
-- 
2.20.1

[PATCH v1 02/18] Makefile: dtc: update, build the libfdt target

[Alex Bennée]

From: Claudio Fontana 

dtc submodule update, now call the libfdt target from the new
dtc Makefile, which has been changed to not require bison, flex, etc.
This removes warnings during the build.

scripts/ symlink and tests directory creation are not necessary,
and neither is calling the clean rule explicitly.

Signed-off-by: Claudio Fontana 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20200518160319.18861-2-cfont...@suse.de>
---
 configure |  1 -
 Makefile  | 10 +-
 dtc   |  2 +-
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/configure b/configure
index 597e909b537..af5d7aa57a1 100755
--- a/configure
+++ b/configure
@@ -4301,7 +4301,6 @@ EOF
   mkdir -p dtc
   if [ "$pwd_is_source_path" != "y" ] ; then
   symlink "$source_path/dtc/Makefile" "dtc/Makefile"
-  symlink "$source_path/dtc/scripts" "dtc/scripts"
   fi
   fdt_cflags="-I\$(SRC_PATH)/dtc/libfdt"
   fdt_ldflags="-L\$(BUILD_DIR)/dtc/libfdt"
diff --git a/Makefile b/Makefile
index d1af126ea19..9385c2e653b 100644
--- a/Makefile
+++ b/Makefile
@@ -526,13 +526,14 @@ $(SOFTMMU_FUZZ_RULES): $(edk2-decompressed)
 $(TARGET_DIRS_RULES):
$(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $(dir $@) V="$(V)" 
TARGET_DIR="$(dir $@)" $(notdir $@),)
 
-DTC_MAKE_ARGS=-I$(SRC_PATH)/dtc VPATH=$(SRC_PATH)/dtc -C dtc V="$(V)" 
LIBFDT_srcdir=$(SRC_PATH)/dtc/libfdt
+# LIBFDT_lib="": avoid breaking existing trees with objects requiring -fPIC
+DTC_MAKE_ARGS=-I$(SRC_PATH)/dtc VPATH=$(SRC_PATH)/dtc -C dtc V="$(V)" 
LIBFDT_lib=""
 DTC_CFLAGS=$(CFLAGS) $(QEMU_CFLAGS)
-DTC_CPPFLAGS=-I$(BUILD_DIR)/dtc -I$(SRC_PATH)/dtc -I$(SRC_PATH)/dtc/libfdt
+DTC_CPPFLAGS=-I$(SRC_PATH)/dtc/libfdt
 
 .PHONY: dtc/all
-dtc/all: .git-submodule-status dtc/libfdt dtc/tests
-   $(call quiet-command,$(MAKE) $(DTC_MAKE_ARGS) 
CPPFLAGS="$(DTC_CPPFLAGS)" CFLAGS="$(DTC_CFLAGS)" LDFLAGS="$(QEMU_LDFLAGS)" 
ARFLAGS="$(ARFLAGS)" CC="$(CC)" AR="$(AR)" LD="$(LD)" $(SUBDIR_MAKEFLAGS) 
libfdt/libfdt.a,)
+dtc/all: .git-submodule-status dtc/libfdt
+   $(call quiet-command,$(MAKE) $(DTC_MAKE_ARGS) 
CPPFLAGS="$(DTC_CPPFLAGS)" CFLAGS="$(DTC_CFLAGS)" LDFLAGS="$(QEMU_LDFLAGS)" 
ARFLAGS="$(ARFLAGS)" CC="$(CC)" AR="$(AR)" LD="$(LD)" $(SUBDIR_MAKEFLAGS) 
libfdt,)
 
 dtc/%: .git-submodule-status
@mkdir -p $@
@@ -820,7 +821,6 @@ distclean: clean
rm -rf $$d || exit 1 ; \
 done
rm -Rf .sdk
-   if test -f dtc/version_gen.h; then $(MAKE) $(DTC_MAKE_ARGS) clean; fi
 
 KEYMAPS=da en-gb  et  fr fr-ch  is  lt  no  pt-br  sv \
 ar  de en-us  fi  fr-be  hr it  lv  nl pl  ru th \
diff --git a/dtc b/dtc
index 88f18909db7..85e5d839847 16
--- a/dtc
+++ b/dtc
@@ -1 +1 @@
-Subproject commit 88f18909db731a627456f26d779445f84e449536
+Subproject commit 85e5d839847af54efab170f2b1331b2a6421e647
-- 
2.20.1

[PATCH v1 12/18] tests/docker: Added docker build support for TSan.

[Alex Bennée]

From: Robert Foley 

Added a new docker for ubuntu 20.04.
This docker has support for Thread Sanitizer
including one patch we need in one of the header files.
https://github.com/llvm/llvm-project/commit/a72dc86cd

This command will build with tsan enabled:
make docker-test-tsan-ubuntu2004 V=1

Also added the TSAN suppresion file to disable certain
cases of TSAN warnings.

Cc: Fam Zheng 
Cc: Philippe Mathieu-Daudé 
Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-10-robert.fo...@linaro.org>
---
 tests/docker/dockerfiles/ubuntu2004.docker | 65 ++
 tests/docker/test-tsan | 44 +++
 tests/tsan/blacklist.tsan  | 10 
 tests/tsan/suppressions.tsan   | 14 +
 4 files changed, 133 insertions(+)
 create mode 100644 tests/docker/dockerfiles/ubuntu2004.docker
 create mode 100755 tests/docker/test-tsan
 create mode 100644 tests/tsan/blacklist.tsan
 create mode 100644 tests/tsan/suppressions.tsan

diff --git a/tests/docker/dockerfiles/ubuntu2004.docker 
b/tests/docker/dockerfiles/ubuntu2004.docker
new file mode 100644
index 000..6050ce7e8a8
--- /dev/null
+++ b/tests/docker/dockerfiles/ubuntu2004.docker
@@ -0,0 +1,65 @@
+FROM ubuntu:20.04
+ENV PACKAGES flex bison \
+ccache \
+clang-10\
+gcc \
+gettext \
+git \
+glusterfs-common \
+libaio-dev \
+libattr1-dev \
+libbrlapi-dev \
+libbz2-dev \
+libcacard-dev \
+libcap-ng-dev \
+libcurl4-gnutls-dev \
+libdrm-dev \
+libepoxy-dev \
+libfdt-dev \
+libgbm-dev \
+libgtk-3-dev \
+libibverbs-dev \
+libiscsi-dev \
+libjemalloc-dev \
+libjpeg-turbo8-dev \
+liblzo2-dev \
+libncurses5-dev \
+libncursesw5-dev \
+libnfs-dev \
+libnss3-dev \
+libnuma-dev \
+libpixman-1-dev \
+librados-dev \
+librbd-dev \
+librdmacm-dev \
+libsasl2-dev \
+libsdl2-dev \
+libseccomp-dev \
+libsnappy-dev \
+libspice-protocol-dev \
+libspice-server-dev \
+libssh-dev \
+libusb-1.0-0-dev \
+libusbredirhost-dev \
+libvdeplug-dev \
+libvte-2.91-dev \
+libxen-dev \
+libzstd-dev \
+make \
+python3-yaml \
+python3-sphinx \
+sparse \
+texinfo \
+xfslibs-dev\
+vim
+RUN apt-get update && \
+DEBIAN_FRONTEND=noninteractive apt-get -y install $PACKAGES
+RUN dpkg -l $PACKAGES | sort > /packages.txt
+ENV FEATURES clang tsan pyyaml sdl2
+
+# https://bugs.launchpad.net/qemu/+bug/1838763
+ENV QEMU_CONFIGURE_OPTS --disable-libssh
+
+# Apply patch https://reviews.llvm.org/D75820
+# This is required for TSan in clang-10 to compile with QEMU.
+RUN sed -i 's/^const/static const/g' 
/usr/lib/llvm-10/lib/clang/10.0.0/include/sanitizer/tsan_interface.h
diff --git a/tests/docker/test-tsan b/tests/docker/test-tsan
new file mode 100755
index 000..eb40ac45b7a
--- /dev/null
+++ b/tests/docker/test-tsan
@@ -0,0 +1,44 @@
+#!/bin/bash -e
+#
+# This test will use TSan as part of a build and a make check.
+#
+# Copyright (c) 2020 Linaro
+# Copyright (c) 2016 Red Hat Inc.
+#
+# Authors:
+#  Robert Foley 
+#  Originally based on test-quick from Fam Zheng 
+#
+# This work is licensed under the terms of the GNU GPL, version 2
+# or (at your option) any later version. See the COPYING file in
+# the top-level directory.
+
+. common.rc
+
+setup_tsan()
+{
+requires clang tsan
+tsan_log_dir="/tmp/qemu-test/build/tsan"
+mkdir -p $tsan_log_dir > /dev/null || true
+EXTRA_CONFIGURE_OPTS="${EXTRA_CONFIGURE_OPTS} --enable-tsan \
+  --cc=clang-10 --cxx=clang++-10 \
+  --disable-werror --extra-cflags=-O0"
+# detect deadlocks is false currently simply because
+# TSan crashes immediately with deadlock detector enabled.
+# We have maxed out the history size to get the best chance of finding
+# warnings during testing.
+# Note, to get TSan to fail on warning, use exitcode=66 below.
+tsan_opts="suppressions=/tmp/qemu-test/src/tests/tsan/suppressions.tsan\
+   detect_deadlocks=false history_size=7\
+   halt_on_error=0 exitcode=0 verbose=5\
+   log_path=$tsan_log_dir/tsan_warning"
+export TSAN_OPTIONS="$tsan_opts"
+}
+
+cd "$BUILD_DIR"
+
+TARGET_LIST=${TARGET_LIST:-$DEF_TARGET_LIST} \
+setup_tsan
+build_qemu
+check_qemu
+install_qemu
diff --git a/tests/tsan/blacklist.tsan b/tests/tsan/blacklist.tsan
new file mode 100644
index 000..75e444f5dc6
--- /dev/null
+++ b/tests/tsan/blacklist.tsan
@@ -0,0 +1,10 @@
+# This is an example blacklist.
+# To enable use of the blacklist add this to configure:
+# "--extra-cflags=-fsanitize-blacklist=/tests/tsan/blacklist.tsan"
+# The eventual goal would be to fix these warnings.
+
+# TSan is not happy about setting/getting of dirty bits,
+# for example, cpu_physical_memory_set_dirty_range,
+# and cpu_physical_memory_get_dirty.
+src

[PATCH v1 01/18] tests/docker: bump fedora to 32

[Alex Bennée]

We should be keeping this up to date as Fedora goes out of support
quite quickly.

Signed-off-by: Alex Bennée 
---
 tests/docker/dockerfiles/fedora.docker | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/docker/dockerfiles/fedora.docker 
b/tests/docker/dockerfiles/fedora.docker
index 92b6e11c8a8..798ddd2c3e0 100644
--- a/tests/docker/dockerfiles/fedora.docker
+++ b/tests/docker/dockerfiles/fedora.docker
@@ -1,4 +1,4 @@
-FROM fedora:30
+FROM fedora:32
 
 # Please keep this list sorted alphabetically
 ENV PACKAGES \
-- 
2.20.1

[PATCH v1 05/18] cpu: convert queued work to a QSIMPLEQ

[Alex Bennée]

From: "Emilio G. Cota" 

We convert queued work to a QSIMPLEQ, instead of
open-coding it.

While at it, make sure that all accesses to the list are
performed while holding the list's lock.

Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Emilio G. Cota 
Signed-off-by: Robert Foley 
Signed-off-by: Alex Bennée 
Message-Id: <20200609200738.445-3-robert.fo...@linaro.org>
---
 include/hw/core/cpu.h |  6 +++---
 cpus-common.c | 25 -
 cpus.c| 14 --
 hw/core/cpu.c |  1 +
 4 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 497600c49ef..b3f4b793182 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -331,8 +331,8 @@ struct qemu_work_item;
  * @opaque: User data.
  * @mem_io_pc: Host Program Counter at which the memory was accessed.
  * @kvm_fd: vCPU file descriptor for KVM.
- * @work_mutex: Lock to prevent multiple access to queued_work_*.
- * @queued_work_first: First asynchronous work pending.
+ * @work_mutex: Lock to prevent multiple access to @work_list.
+ * @work_list: List of pending asynchronous work.
  * @trace_dstate_delayed: Delayed changes to trace_dstate (includes all changes
  *to @trace_dstate).
  * @trace_dstate: Dynamic tracing state of events for this vCPU (bitmask).
@@ -376,7 +376,7 @@ struct CPUState {
 sigjmp_buf jmp_env;
 
 QemuMutex work_mutex;
-struct qemu_work_item *queued_work_first, *queued_work_last;
+QSIMPLEQ_HEAD(, qemu_work_item) work_list;
 
 CPUAddressSpace *cpu_ases;
 int num_ases;
diff --git a/cpus-common.c b/cpus-common.c
index 70a9d12981a..8f5512b3d78 100644
--- a/cpus-common.c
+++ b/cpus-common.c
@@ -97,7 +97,7 @@ void cpu_list_remove(CPUState *cpu)
 }
 
 struct qemu_work_item {
-struct qemu_work_item *next;
+QSIMPLEQ_ENTRY(qemu_work_item) node;
 run_on_cpu_func func;
 run_on_cpu_data data;
 bool free, exclusive, done;
@@ -106,13 +106,7 @@ struct qemu_work_item {
 static void queue_work_on_cpu(CPUState *cpu, struct qemu_work_item *wi)
 {
 qemu_mutex_lock(&cpu->work_mutex);
-if (cpu->queued_work_first == NULL) {
-cpu->queued_work_first = wi;
-} else {
-cpu->queued_work_last->next = wi;
-}
-cpu->queued_work_last = wi;
-wi->next = NULL;
+QSIMPLEQ_INSERT_TAIL(&cpu->work_list, wi, node);
 wi->done = false;
 qemu_mutex_unlock(&cpu->work_mutex);
 
@@ -306,17 +300,14 @@ void process_queued_cpu_work(CPUState *cpu)
 {
 struct qemu_work_item *wi;
 
-if (cpu->queued_work_first == NULL) {
+qemu_mutex_lock(&cpu->work_mutex);
+if (QSIMPLEQ_EMPTY(&cpu->work_list)) {
+qemu_mutex_unlock(&cpu->work_mutex);
 return;
 }
-
-qemu_mutex_lock(&cpu->work_mutex);
-while (cpu->queued_work_first != NULL) {
-wi = cpu->queued_work_first;
-cpu->queued_work_first = wi->next;
-if (!cpu->queued_work_first) {
-cpu->queued_work_last = NULL;
-}
+while (!QSIMPLEQ_EMPTY(&cpu->work_list)) {
+wi = QSIMPLEQ_FIRST(&cpu->work_list);
+QSIMPLEQ_REMOVE_HEAD(&cpu->work_list, node);
 qemu_mutex_unlock(&cpu->work_mutex);
 if (wi->exclusive) {
 /* Running work items outside the BQL avoids the following 
deadlock:
diff --git a/cpus.c b/cpus.c
index 5670c96bcfa..af440275495 100644
--- a/cpus.c
+++ b/cpus.c
@@ -97,9 +97,19 @@ bool cpu_is_stopped(CPUState *cpu)
 return cpu->stopped || !runstate_is_running();
 }
 
+static inline bool cpu_work_list_empty(CPUState *cpu)
+{
+bool ret;
+
+qemu_mutex_lock(&cpu->work_mutex);
+ret = QSIMPLEQ_EMPTY(&cpu->work_list);
+qemu_mutex_unlock(&cpu->work_mutex);
+return ret;
+}
+
 static bool cpu_thread_is_idle(CPUState *cpu)
 {
-if (cpu->stop || cpu->queued_work_first) {
+if (cpu->stop || !cpu_work_list_empty(cpu)) {
 return false;
 }
 if (cpu_is_stopped(cpu)) {
@@ -1498,7 +1508,7 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
 cpu = first_cpu;
 }
 
-while (cpu && !cpu->queued_work_first && !cpu->exit_request) {
+while (cpu && cpu_work_list_empty(cpu) && !cpu->exit_request) {
 
 atomic_mb_set(&tcg_current_rr_cpu, cpu);
 current_cpu = cpu;
diff --git a/hw/core/cpu.c b/hw/core/cpu.c
index f31ec48ee61..80d51c24dd2 100644
--- a/hw/core/cpu.c
+++ b/hw/core/cpu.c
@@ -370,6 +370,7 @@ static void cpu_common_initfn(Object *obj)
 cpu->nr_threads = 1;
 
 qemu_mutex_init(&cpu->work_mutex);
+QSIMPLEQ_INIT(&cpu->work_list);
 QTAILQ_INIT(&cpu->breakpoints);
 QTAILQ_INIT(&cpu->watchpoints);
 
-- 
2.20.1

[PATCH v1 03/18] Makefile: remove old compatibility gunks

[Alex Bennée]

From: Claudio Fontana 

Signed-off-by: Claudio Fontana 
Reviewed-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20200518160319.18861-3-cfont...@suse.de>
---
 Makefile | 6 --
 1 file changed, 6 deletions(-)

diff --git a/Makefile b/Makefile
index 9385c2e653b..57b83521b18 100644
--- a/Makefile
+++ b/Makefile
@@ -562,12 +562,6 @@ slirp/all: .git-submodule-status
CC="$(CC)" AR="$(AR)"   LD="$(LD)" RANLIB="$(RANLIB)"   \
CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(QEMU_LDFLAGS)")
 
-# Compatibility gunk to keep make working across the rename of targets
-# for recursion, to be removed some time after 4.1.
-subdir-dtc: dtc/all
-subdir-capstone: capstone/all
-subdir-slirp: slirp/all
-
 $(filter %/all, $(TARGET_DIRS_RULES)): libqemuutil.a $(common-obj-y) \
$(qom-obj-y)
 
-- 
2.20.1

[PATCH v1 00/18] testing/next (tsan, dtc warnings, cross-builds)

[Alex Bennée]

Hi,

This is the current testing/next queue. Aside from the minor bumps and
updates this returns --enable-tsan to the build.

This can help with debugging race conditions. You need a fairly recent
clang to enable it but configure will bug out if it can't be turned
on. Thanks to Robert Foley for picking up Emilio's work and getting it
through the review process.

There are a couple of minor testing updates including re-enabling the
cross-builds I disabled in the last PR I made as, predictably, Debian
finally pushed through the package update just as I turned the tests
off.

I hope to put together a PR on Tuesday.

The following are still missing reviews:

 - cirrus.yml: serialise make check
 - Revert ".shippable: temporaily disable some cross builds"
 - tests/docker: bump fedora to 32

Alex Bennée (3):
  tests/docker: bump fedora to 32
  Revert ".shippable: temporaily disable some cross builds"
  cirrus.yml: serialise make check

Claudio Fontana (2):
  Makefile: dtc: update, build the libfdt target
  Makefile: remove old compatibility gunks

Emilio G. Cota (7):
  cpu: convert queued work to a QSIMPLEQ
  thread: add qemu_spin_destroy
  cputlb: destroy CPUTLB with tlb_destroy
  qht: call qemu_spin_destroy for head buckets
  tcg: call qemu_spin_destroy for tb->jmp_lock
  translate-all: call qemu_spin_destroy for PageDesc
  thread: add tsan annotations to QemuSpin

Lingfeng Yang (1):
  configure: add --enable-tsan flag + fiber annotations for
coroutine-ucontext

Robert Foley (5):
  tests/docker: Added docker build support for TSan.
  include/qemu: Added tsan.h for annotations.
  util: Added tsan annotate for thread name.
  docs: Added details on TSan to testing.rst
  tests: Disable select tests under TSan, which hit TSan issue.

 docs/devel/testing.rst | 107 +
 configure  |  48 -
 Makefile   |  16 +--
 include/exec/exec-all.h|   8 ++
 include/hw/core/cpu.h  |   6 +-
 include/qemu/thread.h  |  38 +++-
 include/qemu/tsan.h|  71 ++
 include/tcg/tcg.h  |   1 +
 accel/tcg/cputlb.c |  15 +++
 accel/tcg/translate-all.c  |  17 
 cpus-common.c  |  25 ++---
 cpus.c |  14 ++-
 exec.c |   1 +
 hw/core/cpu.c  |   1 +
 tcg/tcg.c  |   9 ++
 util/coroutine-ucontext.c  |  66 +++--
 util/qemu-thread-posix.c   |   2 +
 util/qht.c |   1 +
 .cirrus.yml|   6 +-
 .shippable.yml |  12 +--
 dtc|   2 +-
 tests/Makefile.include |   9 +-
 tests/docker/dockerfiles/fedora.docker |   2 +-
 tests/docker/dockerfiles/ubuntu2004.docker |  65 +
 tests/docker/test-tsan |  44 +
 tests/qtest/Makefile.include   |   7 +-
 tests/tsan/blacklist.tsan  |  10 ++
 tests/tsan/suppressions.tsan   |  14 +++
 28 files changed, 557 insertions(+), 60 deletions(-)
 create mode 100644 include/qemu/tsan.h
 create mode 100644 tests/docker/dockerfiles/ubuntu2004.docker
 create mode 100755 tests/docker/test-tsan
 create mode 100644 tests/tsan/blacklist.tsan
 create mode 100644 tests/tsan/suppressions.tsan

-- 
2.20.1

Re: [RFC PATCH v2 1/5] hw/misc: Add a LED device

[Stefan Weil]

Am 12.06.20 um 19:54 schrieb Philippe Mathieu-Daudé:

> A LED device can be connected to a GPIO output.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/misc/led.h | 30 
>  hw/misc/led.c | 84 +++
>  MAINTAINERS   |  6 
>  hw/misc/Kconfig   |  3 ++
>  hw/misc/Makefile.objs |  1 +
>  hw/misc/trace-events  |  3 ++
>  6 files changed, 127 insertions(+)
>  create mode 100644 include/hw/misc/led.h
>  create mode 100644 hw/misc/led.c
>
> diff --git a/include/hw/misc/led.h b/include/hw/misc/led.h
> new file mode 100644
> index 00..427ca1418e
> --- /dev/null
> +++ b/include/hw/misc/led.h
> @@ -0,0 +1,30 @@
> +/*
> + * QEMU single LED device
> + *
> + * Copyright (C) 2020 Philippe Mathieu-Daudé 
> + *
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + */
> +#ifndef HW_MISC_LED_H
> +#define HW_MISC_LED_H
> +
> +#include "hw/qdev-core.h"
> +#include "hw/sysbus.h" /* FIXME remove */
> +
> +#define TYPE_LED "led"
> +#define LED(obj) OBJECT_CHECK(LEDState, (obj), TYPE_LED)
> +
> +typedef struct LEDState {
> +/* Private */
> +SysBusDevice parent_obj; /* FIXME DeviceState */
> +/* Public */
> +
> +qemu_irq irq;
> +uint8_t current_state;
> +
> +/* Properties */
> +char *name;
> +uint8_t reset_state; /* TODO [GPIO_ACTIVE_LOW, GPIO_ACTIVE_HIGH] */
> +} LEDState;
> +
> +#endif /* HW_MISC_LED_H */


LEDSTate could be made smaller (less holes) by simply re-ordering the
elements: irq, name, current_state, reset_state

Kind regards

Stefan

[RFC PATCH v2 5/5] hw/arm/tosa: Use LED device for the Bluetooth led

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/tosa.c  | 7 +++
 hw/arm/Kconfig | 1 +
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
index 5dee2d76c6..86d7e0283a 100644
--- a/hw/arm/tosa.c
+++ b/hw/arm/tosa.c
@@ -24,6 +24,7 @@
 #include "hw/irq.h"
 #include "hw/ssi/ssi.h"
 #include "hw/sysbus.h"
+#include "hw/misc/led.h"
 #include "exec/address-spaces.h"
 
 #define TOSA_RAM0x0400
@@ -68,9 +69,6 @@ static void tosa_microdrive_attach(PXA2xxState *cpu)
 static void tosa_out_switch(void *opaque, int line, int level)
 {
 switch (line) {
-case 0:
-fprintf(stderr, "blue LED %s.\n", level ? "on" : "off");
-break;
 case 1:
 fprintf(stderr, "green LED %s.\n", level ? "on" : "off");
 break;
@@ -119,7 +117,6 @@ static void tosa_gpio_setup(PXA2xxState *cpu,
 qdev_get_gpio_in(cpu->gpio, TOSA_GPIO_JC_CF_IRQ),
 NULL);
 
-qdev_connect_gpio_out(scp1, TOSA_GPIO_BT_LED, outsignals[0]);
 qdev_connect_gpio_out(scp1, TOSA_GPIO_NOTE_LED, outsignals[1]);
 qdev_connect_gpio_out(scp1, TOSA_GPIO_CHRG_ERR_LED, outsignals[2]);
 qdev_connect_gpio_out(scp1, TOSA_GPIO_WLAN_LED, outsignals[3]);
@@ -234,6 +231,8 @@ static void tosa_init(MachineState *machine)
 
 scp0 = sysbus_create_simple("scoop", 0x0880, NULL);
 scp1 = sysbus_create_simple("scoop", 0x14800040, NULL);
+create_led_by_gpio_id(OBJECT(machine), DEVICE(scp1),
+  TOSA_GPIO_BT_LED, "blue LED");
 
 tosa_gpio_setup(mpu, scp0, scp1, tmio);
 
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 2afaa7c8e9..009336cac8 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -150,6 +150,7 @@ config TOSA
 select ZAURUS  # scoop
 select MICRODRIVE
 select PXA2XX
+select LED
 
 config SPITZ
 bool
-- 
2.21.3

[RFC PATCH v2 4/5] hw/arm/microbit: Add a fake LED to use as proof-of-concept with Zephyr

[Philippe Mathieu-Daudé]

We were using an AVR based Arduino to use this device, but since
the port is not merged, the microbit is the easiest board to use
with Zephyr.
Note the microbit doesn't have a such LED, this is simply a proof
of concept.

How to test:

- Apply this patch on zephyr-v2.3.0

  diff --git a/boards/arm/qemu_cortex_m0/qemu_cortex_m0.dts 
b/boards/arm/qemu_cortex_m0/qemu_cortex_m0.dts
  index a1b3044275..61b39506b1 100644
  --- a/boards/arm/qemu_cortex_m0/qemu_cortex_m0.dts
  +++ b/boards/arm/qemu_cortex_m0/qemu_cortex_m0.dts
  @@ -21,6 +21,18 @@
  zephyr,flash = &flash0;
  zephyr,code-partition = &slot0_partition;
  };
  +
  +   leds {
  +   compatible = "gpio-leds";
  +   led0: led_0 {
  +   gpios = <&gpio0 21 GPIO_ACTIVE_LOW>;
  +   label = "Green LED 0";
  +   };
  +   };
  +
  +   aliases {
  +   led0 = &led0;
  +   };
   };

   &gpiote {

- Build Zephyr blinky:

  $ west build -b qemu_cortex_m0 samples/basic/blinky

- Run QEMU

  $ qemu-system-arm -M microbit -trace led\* \
  -kernel ~/zephyrproject/zephyr/build/zephyr/zephyr.elf -trace led\*
  2953@1591704866.319665:led_set led name:'Green LED #0' state 0 -> 0
  2953@1591704867.329143:led_set led name:'Green LED #0' state 0 -> 1
  2953@1591704868.332590:led_set led name:'Green LED #0' state 1 -> 0

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/microbit.c | 3 +++
 hw/arm/Kconfig| 1 +
 2 files changed, 4 insertions(+)

diff --git a/hw/arm/microbit.c b/hw/arm/microbit.c
index ef213695bd..102661b66a 100644
--- a/hw/arm/microbit.c
+++ b/hw/arm/microbit.c
@@ -18,6 +18,7 @@
 #include "hw/arm/nrf51_soc.h"
 #include "hw/i2c/microbit_i2c.h"
 #include "hw/qdev-properties.h"
+#include "hw/misc/led.h"
 
 typedef struct {
 MachineState parent;
@@ -58,6 +59,8 @@ static void microbit_init(MachineState *machine)
 memory_region_add_subregion_overlap(&s->nrf51.container, NRF51_TWI_BASE,
 mr, -1);
 
+create_led_by_gpio_id(OBJECT(machine), DEVICE(soc), 21, "Green LED #0");
+
 armv7m_load_kernel(ARM_CPU(first_cpu), machine->kernel_filename,
NRF51_SOC(soc)->flash_size);
 }
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 9afa6eee79..2afaa7c8e9 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -436,6 +436,7 @@ config FSL_IMX6UL
 config MICROBIT
 bool
 select NRF51_SOC
+select LED
 
 config NRF51_SOC
 bool
-- 
2.21.3

[RFC PATCH v2 2/5] hw/misc/led: Add LED_STATUS_CHANGED QAPI event

[Philippe Mathieu-Daudé]

Allow LED devices to emit STATUS_CHANGED events on a QMP chardev.

QMP event examples:

{
"timestamp": {
"seconds": 1591704274,
"microseconds": 520850
},
"event": "LED_STATUS_CHANGED",
"data": {
"name": "Green LED #0",
"status": "on"
}
}
{
"timestamp": {
"seconds": 1591704275,
"microseconds": 530912
},
"event": "LED_STATUS_CHANGED",
"data": {
"name": "Green LED #0",
"status": "off"
}
}

Signed-off-by: Philippe Mathieu-Daudé 
---
Since v1: rate limit 4/sec (eblake)
---
 qapi/led.json | 47 +++
 qapi/qapi-schema.json |  1 +
 include/hw/misc/led.h |  1 +
 hw/misc/led.c | 24 +-
 MAINTAINERS   |  1 +
 qapi/Makefile.objs|  2 +-
 6 files changed, 74 insertions(+), 2 deletions(-)
 create mode 100644 qapi/led.json

diff --git a/qapi/led.json b/qapi/led.json
new file mode 100644
index 00..b6cef8a5dd
--- /dev/null
+++ b/qapi/led.json
@@ -0,0 +1,47 @@
+# -*- Mode: Python -*-
+#
+
+##
+# = LED device
+##
+
+##
+# @LedState:
+#
+# Status of a LED
+#
+# @on: device is emitting
+#
+# @off: device is off
+#
+# Since: 5.1
+##
+{ 'enum': 'LedState', 'data': [ 'on', 'off' ] }
+
+##
+# @LED_STATUS_CHANGED:
+#
+# Emitted when LED status changed
+#
+# @name: LED description
+#
+# @status: New status
+#
+# Since: 5.1
+#
+# Example:
+#
+# <- {"timestamp": {"seconds": 1541579657, "microseconds": 986760},
+# "event": "LED_STATUS_CHANGED",
+# "data":
+# {"name": "Blue LED #3",
+#  "status": "on"
+# }
+#}
+#
+##
+{ 'event': 'LED_STATUS_CHANGED',
+  'data': { 'name'  : 'str',
+'status': 'LedState'
+  }
+}
diff --git a/qapi/qapi-schema.json b/qapi/qapi-schema.json
index 43b0ba0dea..6f3ffc0ae1 100644
--- a/qapi/qapi-schema.json
+++ b/qapi/qapi-schema.json
@@ -84,3 +84,4 @@
 { 'include': 'misc.json' }
 { 'include': 'misc-target.json' }
 { 'include': 'audio.json' }
+{ 'include': 'led.json' }
diff --git a/include/hw/misc/led.h b/include/hw/misc/led.h
index 427ca1418e..9300d4db6c 100644
--- a/include/hw/misc/led.h
+++ b/include/hw/misc/led.h
@@ -21,6 +21,7 @@ typedef struct LEDState {
 
 qemu_irq irq;
 uint8_t current_state;
+int64_t last_event_ms;
 
 /* Properties */
 char *name;
diff --git a/hw/misc/led.c b/hw/misc/led.c
index 1bae1a34c0..11c7e8bb89 100644
--- a/hw/misc/led.c
+++ b/hw/misc/led.c
@@ -7,18 +7,40 @@
  */
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qapi/qapi-events-led.h"
+#include "qemu/timer.h"
 #include "migration/vmstate.h"
 #include "hw/qdev-properties.h"
 #include "hw/misc/led.h"
 #include "hw/irq.h"
 #include "trace.h"
 
+#define MAX_QMP_LED_EVENTS_PER_SEC  4 /* TODO shared between LED children? */
+
+static void emit_led_status_changed_event(LEDState *s, int state)
+{
+static const int64_t delay_min_ms = NANOSECONDS_PER_SECOND / SCALE_MS
+/ MAX_QMP_LED_EVENTS_PER_SEC;
+int64_t now = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
+
+if (now - s->last_event_ms > delay_min_ms) {
+qapi_event_send_led_status_changed(s->name, state
+? LED_STATE_ON
+: LED_STATE_OFF);
+} else {
+/* TODO count skipped events? */
+}
+s->last_event_ms = now;
+}
+
 static void led_set(void *opaque, int line, int new_state)
 {
 LEDState *s = LED(opaque);
 
 trace_led_set(s->name, s->current_state, new_state);
-
+if (new_state != s->current_state) {
+emit_led_status_changed_event(s, new_state);
+}
 s->current_state = new_state;
 }
 
diff --git a/MAINTAINERS b/MAINTAINERS
index 10593863dc..266b07c4b4 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1860,6 +1860,7 @@ F: stubs/vmgenid.c
 LED
 M: Philippe Mathieu-Daudé 
 S: Maintained
+F: qapi/led.json
 F: include/hw/misc/led.h
 F: hw/misc/led.c
 
diff --git a/qapi/Makefile.objs b/qapi/Makefile.objs
index 4673ab7490..e9f6570c32 100644
--- a/qapi/Makefile.objs
+++ b/qapi/Makefile.objs
@@ -6,7 +6,7 @@ util-obj-y += qmp-event.o
 util-obj-y += qapi-util.o
 
 QAPI_COMMON_MODULES = audio authz block-core block char common control crypto
-QAPI_COMMON_MODULES += dump error introspect job machine migration misc
+QAPI_COMMON_MODULES += dump error introspect job led machine migration misc
 QAPI_COMMON_MODULES += net pragma qdev qom rdma rocker run-state sockets tpm
 QAPI_COMMON_MODULES += trace transaction ui
 QAPI_TARGET_MODULES = machine-target misc-target
-- 
2.21.3

[RFC PATCH v2 3/5] hw/misc/led: Add create_led_by_gpio_id() helper

[Philippe Mathieu-Daudé]

Add create_led_by_gpio_id() to easily connect a LED to
a GPIO output.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/misc/led.h | 14 ++
 hw/misc/led.c | 20 
 2 files changed, 34 insertions(+)

diff --git a/include/hw/misc/led.h b/include/hw/misc/led.h
index 9300d4db6c..1b2bb96712 100644
--- a/include/hw/misc/led.h
+++ b/include/hw/misc/led.h
@@ -28,4 +28,18 @@ typedef struct LEDState {
 uint8_t reset_state; /* TODO [GPIO_ACTIVE_LOW, GPIO_ACTIVE_HIGH] */
 } LEDState;
 
+/**
+ * create_led_by_gpio_id: create and LED device
+ * @parent: the parent object
+ * @gpio_dev: device exporting GPIOs
+ * @gpio_id: GPIO ID of this LED
+ * @name: name of the LED
+ *
+ * This utility function creates a LED and connects it to a
+ * GPIO exported by another device.
+ */
+DeviceState *create_led_by_gpio_id(Object *parentobj,
+   DeviceState *gpio_dev, unsigned gpio_id,
+   const char *led_name);
+
 #endif /* HW_MISC_LED_H */
diff --git a/hw/misc/led.c b/hw/misc/led.c
index 11c7e8bb89..36de80dd67 100644
--- a/hw/misc/led.c
+++ b/hw/misc/led.c
@@ -104,3 +104,23 @@ static void led_register_types(void)
 }
 
 type_init(led_register_types)
+
+DeviceState *create_led_by_gpio_id(Object *parentobj,
+   DeviceState *gpio_dev, unsigned gpio_id,
+   const char *led_name)
+{
+DeviceState *dev;
+char *name;
+
+dev = qdev_create(NULL, TYPE_LED);
+/* TODO set "reset_state" */
+qdev_prop_set_string(dev, "name", led_name);
+name = g_ascii_strdown(led_name, -1);
+name = g_strdelimit(name, " #", '-');
+object_property_add_child(parentobj, name, OBJECT(dev));
+g_free(name);
+qdev_init_nofail(dev);
+qdev_connect_gpio_out(gpio_dev, gpio_id, qdev_get_gpio_in(dev, 0));
+
+return dev;
+}
-- 
2.21.3

[RFC PATCH v2 0/5] hw/misc: Add LED device

[Philippe Mathieu-Daudé]

Hello,

These patches are part of the GSoC unselected 'QEMU visualizer'
project.  As the AVR port is not merged, I switched to microbit
to keep working on it.

This series presents a proof of concept of LED device that can
be easily connected to a GPIO.
The LED emit QMP events, so an external visualizer can display
the LED events.

Since v1: addressed Eric Blake review comments
- Added QMP rate limit

This is stable enough to be used for the GSoC UI.

Next steps planned:

- integrate Zephyr test

- have a centralized container for all the machine's LEDs, to
track state changes in a single place and send less QMP events
(grouping changes, restricted to what actually changed).
[see to include keyboard LEDs].

- look at LED array/matrix such 7segments.

Regards,

Phil.

$ git backport-diff -u rfc-v1
Key:
[] : patches are identical
[] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively

001/5:[0004] [FC] 'hw/misc: Add a LED device'
002/5:[0027] [FC] 'hw/misc/led: Add LED_STATUS_CHANGED QAPI event'
003/5:[] [--] 'hw/misc/led: Add create_led_by_gpio_id() helper'
004/5:[] [--] 'hw/arm/microbit: Add a fake LED to use as proof-of-concept 
with Zephyr'
005/5:[] [--] 'hw/arm/tosa: Use LED device for the Bluetooth led'

Philippe Mathieu-Daudé (5):
  hw/misc: Add a LED device
  hw/misc/led: Add LED_STATUS_CHANGED QAPI event
  hw/misc/led: Add create_led_by_gpio_id() helper
  hw/arm/microbit: Add a fake LED to use as proof-of-concept with Zephyr
  hw/arm/tosa: Use LED device for the Bluetooth led

 qapi/led.json |  47 
 qapi/qapi-schema.json |   1 +
 include/hw/misc/led.h |  45 +++
 hw/arm/microbit.c |   3 +
 hw/arm/tosa.c |   7 +--
 hw/misc/led.c | 126 ++
 MAINTAINERS   |   7 +++
 hw/arm/Kconfig|   2 +
 hw/misc/Kconfig   |   3 +
 hw/misc/Makefile.objs |   1 +
 hw/misc/trace-events  |   3 +
 qapi/Makefile.objs|   2 +-
 12 files changed, 242 insertions(+), 5 deletions(-)
 create mode 100644 qapi/led.json
 create mode 100644 include/hw/misc/led.h
 create mode 100644 hw/misc/led.c

-- 
2.21.3

[RFC PATCH v2 1/5] hw/misc: Add a LED device

[Philippe Mathieu-Daudé]

A LED device can be connected to a GPIO output.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/misc/led.h | 30 
 hw/misc/led.c | 84 +++
 MAINTAINERS   |  6 
 hw/misc/Kconfig   |  3 ++
 hw/misc/Makefile.objs |  1 +
 hw/misc/trace-events  |  3 ++
 6 files changed, 127 insertions(+)
 create mode 100644 include/hw/misc/led.h
 create mode 100644 hw/misc/led.c

diff --git a/include/hw/misc/led.h b/include/hw/misc/led.h
new file mode 100644
index 00..427ca1418e
--- /dev/null
+++ b/include/hw/misc/led.h
@@ -0,0 +1,30 @@
+/*
+ * QEMU single LED device
+ *
+ * Copyright (C) 2020 Philippe Mathieu-Daudé 
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef HW_MISC_LED_H
+#define HW_MISC_LED_H
+
+#include "hw/qdev-core.h"
+#include "hw/sysbus.h" /* FIXME remove */
+
+#define TYPE_LED "led"
+#define LED(obj) OBJECT_CHECK(LEDState, (obj), TYPE_LED)
+
+typedef struct LEDState {
+/* Private */
+SysBusDevice parent_obj; /* FIXME DeviceState */
+/* Public */
+
+qemu_irq irq;
+uint8_t current_state;
+
+/* Properties */
+char *name;
+uint8_t reset_state; /* TODO [GPIO_ACTIVE_LOW, GPIO_ACTIVE_HIGH] */
+} LEDState;
+
+#endif /* HW_MISC_LED_H */
diff --git a/hw/misc/led.c b/hw/misc/led.c
new file mode 100644
index 00..1bae1a34c0
--- /dev/null
+++ b/hw/misc/led.c
@@ -0,0 +1,84 @@
+/*
+ * QEMU single LED device
+ *
+ * Copyright (C) 2020 Philippe Mathieu-Daudé 
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "migration/vmstate.h"
+#include "hw/qdev-properties.h"
+#include "hw/misc/led.h"
+#include "hw/irq.h"
+#include "trace.h"
+
+static void led_set(void *opaque, int line, int new_state)
+{
+LEDState *s = LED(opaque);
+
+trace_led_set(s->name, s->current_state, new_state);
+
+s->current_state = new_state;
+}
+
+static void led_reset(DeviceState *dev)
+{
+LEDState *s = LED(dev);
+
+led_set(dev, 0, s->reset_state);
+}
+
+static const VMStateDescription vmstate_led = {
+.name = TYPE_LED,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT8(reset_state, LEDState),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static void led_realize(DeviceState *dev, Error **errp)
+{
+LEDState *s = LED(dev);
+
+if (s->name == NULL) {
+error_setg(errp, "property 'name' not specified");
+return;
+}
+
+qdev_init_gpio_in(DEVICE(s), led_set, 1);
+}
+
+static Property led_properties[] = {
+DEFINE_PROP_STRING("name", LEDState, name),
+DEFINE_PROP_UINT8("reset_state", LEDState, reset_state, 0),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static void led_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->desc = "LED";
+dc->vmsd = &vmstate_led;
+dc->reset = led_reset;
+dc->realize = led_realize;
+set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+device_class_set_props(dc, led_properties);
+}
+
+static const TypeInfo led_info = {
+.name = TYPE_LED,
+.parent = TYPE_SYS_BUS_DEVICE, /* FIXME TYPE_DEVICE */
+.instance_size = sizeof(LEDState),
+.class_init = led_class_init
+};
+
+static void led_register_types(void)
+{
+type_register_static(&led_info);
+}
+
+type_init(led_register_types)
diff --git a/MAINTAINERS b/MAINTAINERS
index 3abe3faa4e..10593863dc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1857,6 +1857,12 @@ F: docs/specs/vmgenid.txt
 F: tests/qtest/vmgenid-test.c
 F: stubs/vmgenid.c
 
+LED
+M: Philippe Mathieu-Daudé 
+S: Maintained
+F: include/hw/misc/led.h
+F: hw/misc/led.c
+
 Unimplemented device
 M: Peter Maydell 
 R: Philippe Mathieu-Daudé 
diff --git a/hw/misc/Kconfig b/hw/misc/Kconfig
index bdd77d8020..f60dce694d 100644
--- a/hw/misc/Kconfig
+++ b/hw/misc/Kconfig
@@ -126,6 +126,9 @@ config AUX
 config UNIMP
 bool
 
+config LED
+bool
+
 config MAC_VIA
 bool
 select MOS6522
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 5aaca8a039..9efa3c941c 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -91,3 +91,4 @@ common-obj-$(CONFIG_NRF51_SOC) += nrf51_rng.o
 obj-$(CONFIG_MAC_VIA) += mac_via.o
 
 common-obj-$(CONFIG_GRLIB) += grlib_ahb_apb_pnp.o
+common-obj-$(CONFIG_LED) += led.o
diff --git a/hw/misc/trace-events b/hw/misc/trace-events
index 5561746866..e15b7f7c81 100644
--- a/hw/misc/trace-events
+++ b/hw/misc/trace-events
@@ -206,3 +206,6 @@ via1_rtc_cmd_pram_sect_write(int sector, int offset, int 
addr, int value) "secto
 # grlib_ahb_apb_pnp.c
 grlib_ahb_pnp_read(uint64_t addr, uint32_t value) "AHB PnP read 
addr:0x%03"PRIx64" data:0x%08x"
 grlib_apb_pnp_read(uint64_t addr, uint32_t value) "APB PnP read 
addr:0x%03"PRIx64" data:0x%08x"
+
+# led.c
+led_set(const char *name, uint8_t old_state, uint8_t new_state) "led name:'%s' 
state %d -> %d"
-- 
2.21.3

[Bug 1882851] Re: QEMU video freezes with "Guest disabled display" (virtio driver)

[Diego Viola]

Yeah, I can reproduce the same exact behavior outside of QEMU with sway
and it's consistent to what I observed in QEMU.

> Hmm, happens with xorg only.

I think you were right all along about this, sorry.

Thanks for fixing this bug, feel free to close this bug as fixed.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1882851

Title:
  QEMU video freezes with "Guest disabled display" (virtio driver)

Status in QEMU:
  New

Bug description:
  I am using Arch Linux as my Guest and Host OS, after starting qemu
  with the following command:

$ qemu-system-x86_64 -enable-kvm -hda arch-zoom.qcow2 -m 4G -vga
  virtio

  and waiting for a screen blank, I get this message:

Guest disabled display

  And nothing happens after that, I can move the mouse or hit any key,
  and the message is still there.

  I can still reboot the VM but that's not optimal.

  I can reproduce this with the latest QEMU release (5.0.0) or git master, 
  I also tried this with older releases (4.0.0, 3.0.0) and the issue is still 
there.

  I can't reproduce this with other video drivers (std, qxl).

  With std/qxl the screen will blank a bit and then continue as normal.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1882851/+subscriptions

[Bug 1883268] Re: random errors on aarch64 when executing __aarch64_cas8_acq_rel

[Alex Bennée]

** Tags added: arm testcase

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1883268

Title:
  random errors on aarch64 when executing __aarch64_cas8_acq_rel

Status in QEMU:
  New

Bug description:
  Hello,

  Since I upgraded to qemu-5.0 when executing the GCC testsuite,
  I've noticed random failures of g++.dg/ext/sync-4.C.

  I'm attaching the source of the testcase, the binary executable and
  the qemu traces (huge, 111MB!) starting at main (with qemu-aarch64
  -cpu cortex-a57 -R 0 -d
  in_asm,int,exec,cpu,unimp,guest_errors,nochain)

  The traces where generated by a CI build, I built the executable
  manually but I expect it to be the same as the one executed by CI.

  In seems the problem occurs in f13, which leads to a call to abort()

  The preprocessed version of f13/t13 are as follows:
  static bool f13 (void *p) __attribute__ ((noinline));
  static bool f13 (void *p)
  {
return (__sync_bool_compare_and_swap((ditype*)p, 1, 2));
  }
  static void t13 ()
  {
try {
  f13(0);
}
catch (...) {
  return;
}
abort();
  }

  
  When looking at the execution traces at address 0x00400c9c, main calls f13, 
which in turn calls __aarch64_cas8_acq_rel (at 0x00401084)
  __aarch64_cas8_acq_rel returns to f13 (address 0x0040113c), then f13 returns 
to main (0x0040108c) which then calls abort (0x00400ca0)

  I'm not quite sure what's wrong :-(

  I've not noticed such random problems with native aarch64 hardware.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1883268/+subscriptions

[Bug 1882851] Re: QEMU video freezes with "Guest disabled display" (virtio driver)

[Diego Viola]

It looks like sway requires swayidle to wake up from sleep[1].

This works:

swayidle timeout 2 'swaymsg "output * dpms off"' resume 'swaymsg "output
* dpms on"'

1. https://github.com/swaywm/sway/issues/2914

** Bug watch added: github.com/swaywm/sway/issues #2914
   https://github.com/swaywm/sway/issues/2914

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1882851

Title:
  QEMU video freezes with "Guest disabled display" (virtio driver)

Status in QEMU:
  New

Bug description:
  I am using Arch Linux as my Guest and Host OS, after starting qemu
  with the following command:

$ qemu-system-x86_64 -enable-kvm -hda arch-zoom.qcow2 -m 4G -vga
  virtio

  and waiting for a screen blank, I get this message:

Guest disabled display

  And nothing happens after that, I can move the mouse or hit any key,
  and the message is still there.

  I can still reboot the VM but that's not optimal.

  I can reproduce this with the latest QEMU release (5.0.0) or git master, 
  I also tried this with older releases (4.0.0, 3.0.0) and the issue is still 
there.

  I can't reproduce this with other video drivers (std, qxl).

  With std/qxl the screen will blank a bit and then continue as normal.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1882851/+subscriptions

[PATCH v7 6/8] target/mips: msa: Split helpers for DPSUB_U.

[Aleksandar Markovic]

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  4 ++-
 target/mips/msa_helper.c | 67 
 target/mips/translate.c  | 12 ++-
 3 files changed, 68 insertions(+), 15 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index 2de14542cd..575f4a524c 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -1090,7 +1090,9 @@ DEF_HELPER_4(msa_dpadd_u_d, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpsub_s_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpsub_s_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpsub_s_d, void, env, i32, i32, i32)
-DEF_HELPER_5(msa_dpsub_u_df, void, env, i32, i32, i32, i32)
+DEF_HELPER_4(msa_dpsub_u_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dpsub_u_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dpsub_u_d, void, env, i32, i32, i32)
 DEF_HELPER_5(msa_sld_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_splat_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_vshf_df, void, env, i32, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 934f705c1e..33d5251a6b 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -2398,6 +2398,60 @@ void helper_msa_dpsub_s_d(CPUMIPSState *env,
 }
 
 
+static inline int64_t msa_dpsub_u_df(uint32_t df, int64_t dest, int64_t arg1,
+ int64_t arg2)
+{
+int64_t even_arg1;
+int64_t even_arg2;
+int64_t odd_arg1;
+int64_t odd_arg2;
+UNSIGNED_EXTRACT(even_arg1, odd_arg1, arg1, df);
+UNSIGNED_EXTRACT(even_arg2, odd_arg2, arg2, df);
+return dest - ((even_arg1 * even_arg2) + (odd_arg1 * odd_arg2));
+}
+
+void helper_msa_dpsub_u_h(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_dpsub_u_df(DF_HALF, pwd->h[0],  pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_dpsub_u_df(DF_HALF, pwd->h[1],  pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_dpsub_u_df(DF_HALF, pwd->h[2],  pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_dpsub_u_df(DF_HALF, pwd->h[3],  pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_dpsub_u_df(DF_HALF, pwd->h[4],  pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_dpsub_u_df(DF_HALF, pwd->h[5],  pws->h[5],  pwt->h[5]);
+pwd->h[6]  = msa_dpsub_u_df(DF_HALF, pwd->h[6],  pws->h[6],  pwt->h[6]);
+pwd->h[7]  = msa_dpsub_u_df(DF_HALF, pwd->h[7],  pws->h[7],  pwt->h[7]);
+}
+
+void helper_msa_dpsub_u_w(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->w[0]  = msa_dpsub_u_df(DF_WORD, pwd->w[0],  pws->w[0],  pwt->w[0]);
+pwd->w[1]  = msa_dpsub_u_df(DF_WORD, pwd->w[1],  pws->w[1],  pwt->w[1]);
+pwd->w[2]  = msa_dpsub_u_df(DF_WORD, pwd->w[2],  pws->w[2],  pwt->w[2]);
+pwd->w[3]  = msa_dpsub_u_df(DF_WORD, pwd->w[3],  pws->w[3],  pwt->w[3]);
+}
+
+void helper_msa_dpsub_u_d(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->d[0]  = msa_dpsub_u_df(DF_DOUBLE, pwd->d[0],  pws->d[0],  pwt->d[0]);
+pwd->d[1]  = msa_dpsub_u_df(DF_DOUBLE, pwd->d[1],  pws->d[1],  pwt->d[1]);
+}
+
+
 /*
  * Int Max Min
  * ---
@@ -5117,18 +5171,6 @@ void helper_msa_sld_df(CPUMIPSState *env, uint32_t df, 
uint32_t wd,
 msa_sld_df(df, pwd, pws, env->active_tc.gpr[rt]);
 }
 
-static inline int64_t msa_dpsub_u_df(uint32_t df, int64_t dest, int64_t arg1,
- int64_t arg2)
-{
-int64_t even_arg1;
-int64_t even_arg2;
-int64_t odd_arg1;
-int64_t odd_arg2;
-UNSIGNED_EXTRACT(even_arg1, odd_arg1, arg1, df);
-UNSIGNED_EXTRACT(even_arg2, odd_arg2, arg2, df);
-return dest - ((even_arg1 * even_arg2) + (odd_arg1 * odd_arg2));
-}
-
 static inline int64_t msa_madd_q_df(uint32_t df, int64_t dest, int64_t arg1,
 int64_t arg2)
 {
@@ -5255,7 +5297,6 @@ void helper_msa_ ## func ## _df(CPUMIPSState *env, 
uint32_t df, uint32_t wd,  \
 } \
 }
 
-MSA_TEROP_DF(dpsub_u)
 MSA_TEROP_DF(binsl)
 MSA_TEROP_DF(binsr)
 MSA_TEROP_DF(madd_q)
diff --git a/target/mips/translate.c b/target/mips/translate.c
index 2576905e5b..3dda242643 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -29438,7 +29438,17 @@ static void gen_msa_3r(CPUMIPSState *env, DisasContext 
*ctx)
 }
 break;
 case OPC_DPSUB_U_df:
-gen_helper_msa_dpsub_u_df(cpu_env, tdf, 

[PATCH v7 5/8] target/mips: msa: Split helpers for DPSUB_S.

[Aleksandar Markovic]

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  4 ++-
 target/mips/msa_helper.c | 67 
 target/mips/translate.c  | 12 ++-
 3 files changed, 68 insertions(+), 15 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index 155b6bbe3e..2de14542cd 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -1087,7 +1087,9 @@ DEF_HELPER_4(msa_dpadd_s_d, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpadd_u_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpadd_u_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpadd_u_d, void, env, i32, i32, i32)
-DEF_HELPER_5(msa_dpsub_s_df, void, env, i32, i32, i32, i32)
+DEF_HELPER_4(msa_dpsub_s_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dpsub_s_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dpsub_s_d, void, env, i32, i32, i32)
 DEF_HELPER_5(msa_dpsub_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_sld_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_splat_df, void, env, i32, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 9741c94d27..934f705c1e 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -2344,6 +2344,60 @@ void helper_msa_dpadd_u_d(CPUMIPSState *env,
 }
 
 
+static inline int64_t msa_dpsub_s_df(uint32_t df, int64_t dest, int64_t arg1,
+ int64_t arg2)
+{
+int64_t even_arg1;
+int64_t even_arg2;
+int64_t odd_arg1;
+int64_t odd_arg2;
+SIGNED_EXTRACT(even_arg1, odd_arg1, arg1, df);
+SIGNED_EXTRACT(even_arg2, odd_arg2, arg2, df);
+return dest - ((even_arg1 * even_arg2) + (odd_arg1 * odd_arg2));
+}
+
+void helper_msa_dpsub_s_h(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_dpsub_s_df(DF_HALF, pwd->h[0],  pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_dpsub_s_df(DF_HALF, pwd->h[1],  pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_dpsub_s_df(DF_HALF, pwd->h[2],  pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_dpsub_s_df(DF_HALF, pwd->h[3],  pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_dpsub_s_df(DF_HALF, pwd->h[4],  pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_dpsub_s_df(DF_HALF, pwd->h[5],  pws->h[5],  pwt->h[5]);
+pwd->h[6]  = msa_dpsub_s_df(DF_HALF, pwd->h[6],  pws->h[6],  pwt->h[6]);
+pwd->h[7]  = msa_dpsub_s_df(DF_HALF, pwd->h[7],  pws->h[7],  pwt->h[7]);
+}
+
+void helper_msa_dpsub_s_w(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->w[0]  = msa_dpsub_s_df(DF_WORD, pwd->w[0],  pws->w[0],  pwt->w[0]);
+pwd->w[1]  = msa_dpsub_s_df(DF_WORD, pwd->w[1],  pws->w[1],  pwt->w[1]);
+pwd->w[2]  = msa_dpsub_s_df(DF_WORD, pwd->w[2],  pws->w[2],  pwt->w[2]);
+pwd->w[3]  = msa_dpsub_s_df(DF_WORD, pwd->w[3],  pws->w[3],  pwt->w[3]);
+}
+
+void helper_msa_dpsub_s_d(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->d[0]  = msa_dpsub_s_df(DF_DOUBLE, pwd->d[0],  pws->d[0],  pwt->d[0]);
+pwd->d[1]  = msa_dpsub_s_df(DF_DOUBLE, pwd->d[1],  pws->d[1],  pwt->d[1]);
+}
+
+
 /*
  * Int Max Min
  * ---
@@ -5063,18 +5117,6 @@ void helper_msa_sld_df(CPUMIPSState *env, uint32_t df, 
uint32_t wd,
 msa_sld_df(df, pwd, pws, env->active_tc.gpr[rt]);
 }
 
-static inline int64_t msa_dpsub_s_df(uint32_t df, int64_t dest, int64_t arg1,
- int64_t arg2)
-{
-int64_t even_arg1;
-int64_t even_arg2;
-int64_t odd_arg1;
-int64_t odd_arg2;
-SIGNED_EXTRACT(even_arg1, odd_arg1, arg1, df);
-SIGNED_EXTRACT(even_arg2, odd_arg2, arg2, df);
-return dest - ((even_arg1 * even_arg2) + (odd_arg1 * odd_arg2));
-}
-
 static inline int64_t msa_dpsub_u_df(uint32_t df, int64_t dest, int64_t arg1,
  int64_t arg2)
 {
@@ -5213,7 +5255,6 @@ void helper_msa_ ## func ## _df(CPUMIPSState *env, 
uint32_t df, uint32_t wd,  \
 } \
 }
 
-MSA_TEROP_DF(dpsub_s)
 MSA_TEROP_DF(dpsub_u)
 MSA_TEROP_DF(binsl)
 MSA_TEROP_DF(binsr)
diff --git a/target/mips/translate.c b/target/mips/translate.c
index 009ac5c1fb..2576905e5b 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -29425,7 +29425,17 @@ static void gen_msa_3r(CPUMIPSState *env, DisasContext 
*ctx)
 }
 break;
 case OPC_DPSUB_S_df:
-gen_helper_msa_dpsub_s_df(cpu_env, tdf, tw

[PATCH v7 3/8] target/mips: msa: Split helpers for DPADD_S.

[Aleksandar Markovic]

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  4 +-
 target/mips/msa_helper.c | 90 
 target/mips/translate.c  | 12 +-
 3 files changed, 78 insertions(+), 28 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index 7ca0036807..16f2d53ad0 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -1081,7 +1081,9 @@ DEF_HELPER_5(msa_subsuu_s_df, void, env, i32, i32, i32, 
i32)
 DEF_HELPER_5(msa_mulv_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_dotp_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_dotp_u_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_dpadd_s_df, void, env, i32, i32, i32, i32)
+DEF_HELPER_4(msa_dpadd_s_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dpadd_s_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dpadd_s_d, void, env, i32, i32, i32)
 DEF_HELPER_5(msa_dpadd_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_dpsub_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_dpsub_u_df, void, env, i32, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 2b54de0959..086b56f58c 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -2224,7 +2224,70 @@ void helper_msa_div_u_d(CPUMIPSState *env,
  * +---+--+
  */
 
-/* TODO: insert Int Dot Product group helpers here */
+#define SIGNED_EXTRACT(e, o, a, df) \
+do {\
+e = SIGNED_EVEN(a, df); \
+o = SIGNED_ODD(a, df);  \
+} while (0)
+
+#define UNSIGNED_EXTRACT(e, o, a, df)   \
+do {\
+e = UNSIGNED_EVEN(a, df);   \
+o = UNSIGNED_ODD(a, df);\
+} while (0)
+
+static inline int64_t msa_dpadd_s_df(uint32_t df, int64_t dest, int64_t arg1,
+ int64_t arg2)
+{
+int64_t even_arg1;
+int64_t even_arg2;
+int64_t odd_arg1;
+int64_t odd_arg2;
+SIGNED_EXTRACT(even_arg1, odd_arg1, arg1, df);
+SIGNED_EXTRACT(even_arg2, odd_arg2, arg2, df);
+return dest + (even_arg1 * even_arg2) + (odd_arg1 * odd_arg2);
+}
+
+void helper_msa_dpadd_s_h(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_dpadd_s_df(DF_HALF, pwd->h[0],  pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_dpadd_s_df(DF_HALF, pwd->h[1],  pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_dpadd_s_df(DF_HALF, pwd->h[2],  pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_dpadd_s_df(DF_HALF, pwd->h[3],  pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_dpadd_s_df(DF_HALF, pwd->h[4],  pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_dpadd_s_df(DF_HALF, pwd->h[5],  pws->h[5],  pwt->h[5]);
+pwd->h[6]  = msa_dpadd_s_df(DF_HALF, pwd->h[6],  pws->h[6],  pwt->h[6]);
+pwd->h[7]  = msa_dpadd_s_df(DF_HALF, pwd->h[7],  pws->h[7],  pwt->h[7]);
+}
+
+void helper_msa_dpadd_s_w(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->w[0]  = msa_dpadd_s_df(DF_WORD, pwd->w[0],  pws->w[0],  pwt->w[0]);
+pwd->w[1]  = msa_dpadd_s_df(DF_WORD, pwd->w[1],  pws->w[1],  pwt->w[1]);
+pwd->w[2]  = msa_dpadd_s_df(DF_WORD, pwd->w[2],  pws->w[2],  pwt->w[2]);
+pwd->w[3]  = msa_dpadd_s_df(DF_WORD, pwd->w[3],  pws->w[3],  pwt->w[3]);
+}
+
+void helper_msa_dpadd_s_d(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->d[0]  = msa_dpadd_s_df(DF_DOUBLE, pwd->d[0],  pws->d[0],  pwt->d[0]);
+pwd->d[1]  = msa_dpadd_s_df(DF_DOUBLE, pwd->d[1],  pws->d[1],  pwt->d[1]);
+}
 
 
 /*
@@ -4785,18 +4848,6 @@ static inline int64_t msa_mulv_df(uint32_t df, int64_t 
arg1, int64_t arg2)
 return arg1 * arg2;
 }
 
-#define SIGNED_EXTRACT(e, o, a, df) \
-do {\
-e = SIGNED_EVEN(a, df); \
-o = SIGNED_ODD(a, df);  \
-} while (0)
-
-#define UNSIGNED_EXTRACT(e, o, a, df)   \
-do {\
-e = UNSIGNED_EVEN(a, df);   \
-o = UNSIGNED_ODD(a, df);\
-} while (0)
-
 static inline int64_t msa_dotp_s_df(uint32_t df, int64_t arg1, int64_t arg2)
 {
 int64_t even_arg1;
@@ -4958,18 +5009,6 @@ void helper_msa_sld_df(CPUMIPSState *env, uint32_t df, 
uint32_t wd,
 msa_sld_df(df, pwd, pws, env->active_tc.gpr[rt]);
 }
 
-static inline int64_t msa_dpadd_s_df(uint32_t df, int64_t de

[PATCH v7 7/8] target/mips: msa: Split helpers for DOTP_S.

[Aleksandar Markovic]

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  5 ++-
 target/mips/msa_helper.c | 66 
 target/mips/translate.c  | 12 +++-
 3 files changed, 69 insertions(+), 14 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index 575f4a524c..06df3de744 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -1079,7 +1079,10 @@ DEF_HELPER_5(msa_subs_u_df, void, env, i32, i32, i32, 
i32)
 DEF_HELPER_5(msa_subsus_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_subsuu_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_mulv_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_dotp_s_df, void, env, i32, i32, i32, i32)
+
+DEF_HELPER_4(msa_dotp_s_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dotp_s_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dotp_s_d, void, env, i32, i32, i32)
 DEF_HELPER_5(msa_dotp_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_4(msa_dpadd_s_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpadd_s_w, void, env, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 33d5251a6b..201283fdd9 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -2236,6 +2236,60 @@ void helper_msa_div_u_d(CPUMIPSState *env,
 o = UNSIGNED_ODD(a, df);\
 } while (0)
 
+
+static inline int64_t msa_dotp_s_df(uint32_t df, int64_t arg1, int64_t arg2)
+{
+int64_t even_arg1;
+int64_t even_arg2;
+int64_t odd_arg1;
+int64_t odd_arg2;
+SIGNED_EXTRACT(even_arg1, odd_arg1, arg1, df);
+SIGNED_EXTRACT(even_arg2, odd_arg2, arg2, df);
+return (even_arg1 * even_arg2) + (odd_arg1 * odd_arg2);
+}
+
+void helper_msa_dotp_s_h(CPUMIPSState *env,
+ uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_dotp_s_df(DF_HALF, pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_dotp_s_df(DF_HALF, pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_dotp_s_df(DF_HALF, pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_dotp_s_df(DF_HALF, pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_dotp_s_df(DF_HALF, pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_dotp_s_df(DF_HALF, pws->h[5],  pwt->h[5]);
+pwd->h[6]  = msa_dotp_s_df(DF_HALF, pws->h[6],  pwt->h[6]);
+pwd->h[7]  = msa_dotp_s_df(DF_HALF, pws->h[7],  pwt->h[7]);
+}
+
+void helper_msa_dotp_s_w(CPUMIPSState *env,
+ uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->w[0]  = msa_dotp_s_df(DF_WORD, pws->w[0],  pwt->w[0]);
+pwd->w[1]  = msa_dotp_s_df(DF_WORD, pws->w[1],  pwt->w[1]);
+pwd->w[2]  = msa_dotp_s_df(DF_WORD, pws->w[2],  pwt->w[2]);
+pwd->w[3]  = msa_dotp_s_df(DF_WORD, pws->w[3],  pwt->w[3]);
+}
+
+void helper_msa_dotp_s_d(CPUMIPSState *env,
+ uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->d[0]  = msa_dotp_s_df(DF_DOUBLE, pws->d[0],  pwt->d[0]);
+pwd->d[1]  = msa_dotp_s_df(DF_DOUBLE, pws->d[1],  pwt->d[1]);
+}
+
+
 static inline int64_t msa_dpadd_s_df(uint32_t df, int64_t dest, int64_t arg1,
  int64_t arg2)
 {
@@ -5010,17 +5064,6 @@ static inline int64_t msa_mulv_df(uint32_t df, int64_t 
arg1, int64_t arg2)
 return arg1 * arg2;
 }
 
-static inline int64_t msa_dotp_s_df(uint32_t df, int64_t arg1, int64_t arg2)
-{
-int64_t even_arg1;
-int64_t even_arg2;
-int64_t odd_arg1;
-int64_t odd_arg2;
-SIGNED_EXTRACT(even_arg1, odd_arg1, arg1, df);
-SIGNED_EXTRACT(even_arg2, odd_arg2, arg2, df);
-return (even_arg1 * even_arg2) + (odd_arg1 * odd_arg2);
-}
-
 static inline int64_t msa_dotp_u_df(uint32_t df, int64_t arg1, int64_t arg2)
 {
 int64_t even_arg1;
@@ -5155,7 +5198,6 @@ MSA_BINOP_DF(subs_u)
 MSA_BINOP_DF(subsus_u)
 MSA_BINOP_DF(subsuu_s)
 MSA_BINOP_DF(mulv)
-MSA_BINOP_DF(dotp_s)
 MSA_BINOP_DF(dotp_u)
 
 MSA_BINOP_DF(mul_q)
diff --git a/target/mips/translate.c b/target/mips/translate.c
index 3dda242643..f0bab46378 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -29393,7 +29393,17 @@ static void gen_msa_3r(CPUMIPSState *env, DisasContext 
*ctx)
 }
 break;
 case OPC_DOTP_S_df:
-gen_helper_msa_dotp_s_df(cpu_env, tdf, twd, tws, twt);
+switch (df) {
+case DF_HALF:
+gen_helper_msa_dotp_s_h(cpu_env, twd, tws, twt);
+break;
+case DF_WORD:
+gen_helper_msa_dotp_s_w(cpu_env, twd, tws, twt);
+break;
+case DF_

[PATCH v7 8/8] target/mips: msa: Split helpers for DOTP_U.

[Aleksandar Markovic]

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  4 ++-
 target/mips/msa_helper.c | 65 
 target/mips/translate.c  | 12 +++-
 3 files changed, 67 insertions(+), 14 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index 06df3de744..05d5533dfb 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -1083,7 +1083,9 @@ DEF_HELPER_5(msa_mulv_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_4(msa_dotp_s_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dotp_s_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dotp_s_d, void, env, i32, i32, i32)
-DEF_HELPER_5(msa_dotp_u_df, void, env, i32, i32, i32, i32)
+DEF_HELPER_4(msa_dotp_u_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dotp_u_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dotp_u_d, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpadd_s_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpadd_s_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpadd_s_d, void, env, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 201283fdd9..84d0073918 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -2290,6 +2290,59 @@ void helper_msa_dotp_s_d(CPUMIPSState *env,
 }
 
 
+static inline int64_t msa_dotp_u_df(uint32_t df, int64_t arg1, int64_t arg2)
+{
+int64_t even_arg1;
+int64_t even_arg2;
+int64_t odd_arg1;
+int64_t odd_arg2;
+UNSIGNED_EXTRACT(even_arg1, odd_arg1, arg1, df);
+UNSIGNED_EXTRACT(even_arg2, odd_arg2, arg2, df);
+return (even_arg1 * even_arg2) + (odd_arg1 * odd_arg2);
+}
+
+void helper_msa_dotp_u_h(CPUMIPSState *env,
+ uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_dotp_u_df(DF_HALF, pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_dotp_u_df(DF_HALF, pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_dotp_u_df(DF_HALF, pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_dotp_u_df(DF_HALF, pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_dotp_u_df(DF_HALF, pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_dotp_u_df(DF_HALF, pws->h[5],  pwt->h[5]);
+pwd->h[6]  = msa_dotp_u_df(DF_HALF, pws->h[6],  pwt->h[6]);
+pwd->h[7]  = msa_dotp_u_df(DF_HALF, pws->h[7],  pwt->h[7]);
+}
+
+void helper_msa_dotp_u_w(CPUMIPSState *env,
+ uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->w[0]  = msa_dotp_u_df(DF_WORD, pws->w[0],  pwt->w[0]);
+pwd->w[1]  = msa_dotp_u_df(DF_WORD, pws->w[1],  pwt->w[1]);
+pwd->w[2]  = msa_dotp_u_df(DF_WORD, pws->w[2],  pwt->w[2]);
+pwd->w[3]  = msa_dotp_u_df(DF_WORD, pws->w[3],  pwt->w[3]);
+}
+
+void helper_msa_dotp_u_d(CPUMIPSState *env,
+ uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->d[0]  = msa_dotp_u_df(DF_DOUBLE, pws->d[0],  pwt->d[0]);
+pwd->d[1]  = msa_dotp_u_df(DF_DOUBLE, pws->d[1],  pwt->d[1]);
+}
+
+
 static inline int64_t msa_dpadd_s_df(uint32_t df, int64_t dest, int64_t arg1,
  int64_t arg2)
 {
@@ -5064,17 +5117,6 @@ static inline int64_t msa_mulv_df(uint32_t df, int64_t 
arg1, int64_t arg2)
 return arg1 * arg2;
 }
 
-static inline int64_t msa_dotp_u_df(uint32_t df, int64_t arg1, int64_t arg2)
-{
-int64_t even_arg1;
-int64_t even_arg2;
-int64_t odd_arg1;
-int64_t odd_arg2;
-UNSIGNED_EXTRACT(even_arg1, odd_arg1, arg1, df);
-UNSIGNED_EXTRACT(even_arg2, odd_arg2, arg2, df);
-return (even_arg1 * even_arg2) + (odd_arg1 * odd_arg2);
-}
-
 #define CONCATENATE_AND_SLIDE(s, k) \
 do {\
 for (i = 0; i < s; i++) {   \
@@ -5198,7 +5240,6 @@ MSA_BINOP_DF(subs_u)
 MSA_BINOP_DF(subsus_u)
 MSA_BINOP_DF(subsuu_s)
 MSA_BINOP_DF(mulv)
-MSA_BINOP_DF(dotp_u)
 
 MSA_BINOP_DF(mul_q)
 MSA_BINOP_DF(mulr_q)
diff --git a/target/mips/translate.c b/target/mips/translate.c
index f0bab46378..b56bdf54af 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -29406,7 +29406,17 @@ static void gen_msa_3r(CPUMIPSState *env, DisasContext 
*ctx)
 }
 break;
 case OPC_DOTP_U_df:
-gen_helper_msa_dotp_u_df(cpu_env, tdf, twd, tws, twt);
+switch (df) {
+case DF_HALF:
+gen_helper_msa_dotp_u_h(cpu_env, twd, tws, twt);
+break;
+case DF_WORD:
+gen_helper_msa_dotp_u_w(cpu_env, twd, tws, twt);
+break;
+case DF_DOUBLE:
+gen_he

[PATCH v7 1/8] target/mips: msa: Split helpers for MADDV.

[Aleksandar Markovic]

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  6 ++-
 target/mips/msa_helper.c | 79 
 target/mips/translate.c  | 19 --
 3 files changed, 92 insertions(+), 12 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index 84fdd9fd27..e479a22559 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -950,6 +950,11 @@ DEF_HELPER_4(msa_mod_s_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_mod_s_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_mod_s_d, void, env, i32, i32, i32)
 
+DEF_HELPER_4(msa_maddv_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_maddv_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_maddv_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_maddv_d, void, env, i32, i32, i32)
+
 DEF_HELPER_4(msa_asub_s_b, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_asub_s_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_asub_s_w, void, env, i32, i32, i32)
@@ -1069,7 +1074,6 @@ DEF_HELPER_5(msa_subs_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_subsus_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_subsuu_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_mulv_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_maddv_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_msubv_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_dotp_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_dotp_u_df, void, env, i32, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index c3b271934a..3b75bdc6a4 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -2883,7 +2883,77 @@ void helper_msa_mod_u_d(CPUMIPSState *env,
  * +---+--+
  */
 
-/* TODO: insert Int Multiply group helpers here */
+static inline int64_t msa_maddv_df(uint32_t df, int64_t dest, int64_t arg1,
+   int64_t arg2)
+{
+return dest + arg1 * arg2;
+}
+
+void helper_msa_maddv_b(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->b[0]  = msa_maddv_df(DF_BYTE, pwt->b[0],  pws->b[0],  pwt->b[0]);
+pwd->b[1]  = msa_maddv_df(DF_BYTE, pwt->b[1],  pws->b[1],  pwt->b[1]);
+pwd->b[2]  = msa_maddv_df(DF_BYTE, pwt->b[2],  pws->b[2],  pwt->b[2]);
+pwd->b[3]  = msa_maddv_df(DF_BYTE, pwt->b[3],  pws->b[3],  pwt->b[3]);
+pwd->b[4]  = msa_maddv_df(DF_BYTE, pwt->b[4],  pws->b[4],  pwt->b[4]);
+pwd->b[5]  = msa_maddv_df(DF_BYTE, pwt->b[5],  pws->b[5],  pwt->b[5]);
+pwd->b[6]  = msa_maddv_df(DF_BYTE, pwt->b[6],  pws->b[6],  pwt->b[6]);
+pwd->b[7]  = msa_maddv_df(DF_BYTE, pwt->b[7],  pws->b[7],  pwt->b[7]);
+pwd->b[8]  = msa_maddv_df(DF_BYTE, pwt->b[8],  pws->b[8],  pwt->b[8]);
+pwd->b[9]  = msa_maddv_df(DF_BYTE, pwt->b[9],  pws->b[9],  pwt->b[9]);
+pwd->b[10] = msa_maddv_df(DF_BYTE, pwt->b[10], pws->b[10], pwt->b[10]);
+pwd->b[11] = msa_maddv_df(DF_BYTE, pwt->b[11], pws->b[11], pwt->b[11]);
+pwd->b[12] = msa_maddv_df(DF_BYTE, pwt->b[12], pws->b[12], pwt->b[12]);
+pwd->b[13] = msa_maddv_df(DF_BYTE, pwt->b[13], pws->b[13], pwt->b[13]);
+pwd->b[14] = msa_maddv_df(DF_BYTE, pwt->b[14], pws->b[14], pwt->b[14]);
+pwd->b[15] = msa_maddv_df(DF_BYTE, pwt->b[15], pws->b[15], pwt->b[15]);
+}
+
+void helper_msa_maddv_h(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_maddv_df(DF_HALF, pwd->h[0],  pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_maddv_df(DF_HALF, pwd->h[1],  pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_maddv_df(DF_HALF, pwd->h[2],  pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_maddv_df(DF_HALF, pwd->h[3],  pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_maddv_df(DF_HALF, pwd->h[4],  pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_maddv_df(DF_HALF, pwd->h[5],  pws->h[5],  pwt->h[5]);
+pwd->h[6]  = msa_maddv_df(DF_HALF, pwd->h[6],  pws->h[6],  pwt->h[6]);
+pwd->h[7]  = msa_maddv_df(DF_HALF, pwd->h[7],  pws->h[7],  pwt->h[7]);
+}
+
+void helper_msa_maddv_w(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->w[0]  = msa_maddv_df(DF_WORD, pwd->w[0],  pws->w[0],  pwt->w[0]);
+pwd->w[1]  = msa_maddv_df(DF_WORD, pwd->w[1],  pws->w[1],  pwt->w[1]);
+pwd->w[2]  = msa_maddv_df(DF_WORD, pwd->w[2],  pws->w[2],  pwt->w[2]);
+pwd->w[3]  = msa_maddv_df(DF_WORD, pwd->w[3],  pws->w[3],  pwt->w[3]);
+}
+
+void helper_msa_maddv_d(CPUMIPSState *e

[PATCH v7 4/8] target/mips: msa: Split helpers for DPADD_U.

[Aleksandar Markovic]

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  4 ++-
 target/mips/msa_helper.c | 67 
 target/mips/translate.c  | 12 ++-
 3 files changed, 68 insertions(+), 15 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index 16f2d53ad0..155b6bbe3e 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -1084,7 +1084,9 @@ DEF_HELPER_5(msa_dotp_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_4(msa_dpadd_s_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpadd_s_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_dpadd_s_d, void, env, i32, i32, i32)
-DEF_HELPER_5(msa_dpadd_u_df, void, env, i32, i32, i32, i32)
+DEF_HELPER_4(msa_dpadd_u_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dpadd_u_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_dpadd_u_d, void, env, i32, i32, i32)
 DEF_HELPER_5(msa_dpsub_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_dpsub_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_sld_df, void, env, i32, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 086b56f58c..9741c94d27 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -2290,6 +2290,60 @@ void helper_msa_dpadd_s_d(CPUMIPSState *env,
 }
 
 
+static inline int64_t msa_dpadd_u_df(uint32_t df, int64_t dest, int64_t arg1,
+ int64_t arg2)
+{
+int64_t even_arg1;
+int64_t even_arg2;
+int64_t odd_arg1;
+int64_t odd_arg2;
+UNSIGNED_EXTRACT(even_arg1, odd_arg1, arg1, df);
+UNSIGNED_EXTRACT(even_arg2, odd_arg2, arg2, df);
+return dest + (even_arg1 * even_arg2) + (odd_arg1 * odd_arg2);
+}
+
+void helper_msa_dpadd_u_h(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_dpadd_u_df(DF_HALF, pwd->h[0],  pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_dpadd_u_df(DF_HALF, pwd->h[1],  pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_dpadd_u_df(DF_HALF, pwd->h[2],  pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_dpadd_u_df(DF_HALF, pwd->h[3],  pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_dpadd_u_df(DF_HALF, pwd->h[4],  pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_dpadd_u_df(DF_HALF, pwd->h[5],  pws->h[5],  pwt->h[5]);
+pwd->h[6]  = msa_dpadd_u_df(DF_HALF, pwd->h[6],  pws->h[6],  pwt->h[6]);
+pwd->h[7]  = msa_dpadd_u_df(DF_HALF, pwd->h[7],  pws->h[7],  pwt->h[7]);
+}
+
+void helper_msa_dpadd_u_w(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->w[0]  = msa_dpadd_u_df(DF_WORD, pwd->w[0],  pws->w[0],  pwt->w[0]);
+pwd->w[1]  = msa_dpadd_u_df(DF_WORD, pwd->w[1],  pws->w[1],  pwt->w[1]);
+pwd->w[2]  = msa_dpadd_u_df(DF_WORD, pwd->w[2],  pws->w[2],  pwt->w[2]);
+pwd->w[3]  = msa_dpadd_u_df(DF_WORD, pwd->w[3],  pws->w[3],  pwt->w[3]);
+}
+
+void helper_msa_dpadd_u_d(CPUMIPSState *env,
+  uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->d[0]  = msa_dpadd_u_df(DF_DOUBLE, pwd->d[0],  pws->d[0],  pwt->d[0]);
+pwd->d[1]  = msa_dpadd_u_df(DF_DOUBLE, pwd->d[1],  pws->d[1],  pwt->d[1]);
+}
+
+
 /*
  * Int Max Min
  * ---
@@ -5009,18 +5063,6 @@ void helper_msa_sld_df(CPUMIPSState *env, uint32_t df, 
uint32_t wd,
 msa_sld_df(df, pwd, pws, env->active_tc.gpr[rt]);
 }
 
-static inline int64_t msa_dpadd_u_df(uint32_t df, int64_t dest, int64_t arg1,
- int64_t arg2)
-{
-int64_t even_arg1;
-int64_t even_arg2;
-int64_t odd_arg1;
-int64_t odd_arg2;
-UNSIGNED_EXTRACT(even_arg1, odd_arg1, arg1, df);
-UNSIGNED_EXTRACT(even_arg2, odd_arg2, arg2, df);
-return dest + (even_arg1 * even_arg2) + (odd_arg1 * odd_arg2);
-}
-
 static inline int64_t msa_dpsub_s_df(uint32_t df, int64_t dest, int64_t arg1,
  int64_t arg2)
 {
@@ -5171,7 +5213,6 @@ void helper_msa_ ## func ## _df(CPUMIPSState *env, 
uint32_t df, uint32_t wd,  \
 } \
 }
 
-MSA_TEROP_DF(dpadd_u)
 MSA_TEROP_DF(dpsub_s)
 MSA_TEROP_DF(dpsub_u)
 MSA_TEROP_DF(binsl)
diff --git a/target/mips/translate.c b/target/mips/translate.c
index 94c3d15f2d..009ac5c1fb 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -29412,7 +29412,17 @@ static void gen_msa_3r(CPUMIPSState *env, DisasContext 
*ctx)
 }
 break;
 case OPC_DPADD_U_df:
-gen_helper_msa_dpadd_u_df(cpu

[PATCH v7 0/8] target/mips: MSA, FPU and other cleanups and improvements

[Aleksandar Markovic]

This series contains some patches that split heprers in msa_helper.c.
It will make easier for debugging tools to display involved source
code, and also introduces some modest performance improvements gains
for all involved MSA instructions.

v6->v7:

  - excluded patches that have been already upstreamed
  - added six new demacroing patches

v5->v6:

  - excluded a patch that was included by mistake

v4->v5:

  - corrected some spelling and style mistakes in commit messages
  - added changing MAINTAINERS too while renaming files
  - added two patches on splitting helpers in msa_helper.c

v3->v4:

  - corrected some spelling and style mistakes in commit messages
  - added a patch on renaming some files in hw/mips

v2->v3:

  - changed Malta patch to perform logging
  - added change of Aleksandar Rikalo's email

v1->v2:

  - added more demacroing

Aleksandar Markovic (8):
  target/mips: msa: Split helpers for MADDV.
  target/mips: msa: Split helpers for MSUBV.
  target/mips: msa: Split helpers for DPADD_S.
  target/mips: msa: Split helpers for DPADD_U.
  target/mips: msa: Split helpers for DPSUB_S.
  target/mips: msa: Split helpers for DPSUB_U.
  target/mips: msa: Split helpers for DOTP_S.
  target/mips: msa: Split helpers for DOTP_U.

 target/mips/helper.h |  37 ++-
 target/mips/msa_helper.c | 580 ---
 target/mips/translate.c  | 110 +++-
 3 files changed, 603 insertions(+), 124 deletions(-)

-- 
2.20.1

[PATCH v7 2/8] target/mips: msa: Split helpers for MSUBV.

[Aleksandar Markovic]

Achieves clearer code and slightly better performance.

Signed-off-by: Aleksandar Markovic 
---
 target/mips/helper.h |  6 ++-
 target/mips/msa_helper.c | 79 
 target/mips/translate.c  | 19 --
 3 files changed, 93 insertions(+), 11 deletions(-)

diff --git a/target/mips/helper.h b/target/mips/helper.h
index e479a22559..7ca0036807 100644
--- a/target/mips/helper.h
+++ b/target/mips/helper.h
@@ -955,6 +955,11 @@ DEF_HELPER_4(msa_maddv_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_maddv_w, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_maddv_d, void, env, i32, i32, i32)
 
+DEF_HELPER_4(msa_msubv_b, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_msubv_h, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_msubv_w, void, env, i32, i32, i32)
+DEF_HELPER_4(msa_msubv_d, void, env, i32, i32, i32)
+
 DEF_HELPER_4(msa_asub_s_b, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_asub_s_h, void, env, i32, i32, i32)
 DEF_HELPER_4(msa_asub_s_w, void, env, i32, i32, i32)
@@ -1074,7 +1079,6 @@ DEF_HELPER_5(msa_subs_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_subsus_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_subsuu_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_mulv_df, void, env, i32, i32, i32, i32)
-DEF_HELPER_5(msa_msubv_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_dotp_s_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_dotp_u_df, void, env, i32, i32, i32, i32)
 DEF_HELPER_5(msa_dpadd_s_df, void, env, i32, i32, i32, i32)
diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index 3b75bdc6a4..2b54de0959 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -2955,6 +2955,78 @@ void helper_msa_maddv_d(CPUMIPSState *env,
 pwd->d[1]  = msa_maddv_df(DF_DOUBLE, pwd->d[1],  pws->d[1],  pwt->d[1]);
 }
 
+static inline int64_t msa_msubv_df(uint32_t df, int64_t dest, int64_t arg1,
+   int64_t arg2)
+{
+return dest - arg1 * arg2;
+}
+
+void helper_msa_msubv_b(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->b[0]  = msa_msubv_df(DF_BYTE, pwt->b[0],  pws->b[0],  pwt->b[0]);
+pwd->b[1]  = msa_msubv_df(DF_BYTE, pwt->b[1],  pws->b[1],  pwt->b[1]);
+pwd->b[2]  = msa_msubv_df(DF_BYTE, pwt->b[2],  pws->b[2],  pwt->b[2]);
+pwd->b[3]  = msa_msubv_df(DF_BYTE, pwt->b[3],  pws->b[3],  pwt->b[3]);
+pwd->b[4]  = msa_msubv_df(DF_BYTE, pwt->b[4],  pws->b[4],  pwt->b[4]);
+pwd->b[5]  = msa_msubv_df(DF_BYTE, pwt->b[5],  pws->b[5],  pwt->b[5]);
+pwd->b[6]  = msa_msubv_df(DF_BYTE, pwt->b[6],  pws->b[6],  pwt->b[6]);
+pwd->b[7]  = msa_msubv_df(DF_BYTE, pwt->b[7],  pws->b[7],  pwt->b[7]);
+pwd->b[8]  = msa_msubv_df(DF_BYTE, pwt->b[8],  pws->b[8],  pwt->b[8]);
+pwd->b[9]  = msa_msubv_df(DF_BYTE, pwt->b[9],  pws->b[9],  pwt->b[9]);
+pwd->b[10] = msa_msubv_df(DF_BYTE, pwt->b[10], pws->b[10], pwt->b[10]);
+pwd->b[11] = msa_msubv_df(DF_BYTE, pwt->b[11], pws->b[11], pwt->b[11]);
+pwd->b[12] = msa_msubv_df(DF_BYTE, pwt->b[12], pws->b[12], pwt->b[12]);
+pwd->b[13] = msa_msubv_df(DF_BYTE, pwt->b[13], pws->b[13], pwt->b[13]);
+pwd->b[14] = msa_msubv_df(DF_BYTE, pwt->b[14], pws->b[14], pwt->b[14]);
+pwd->b[15] = msa_msubv_df(DF_BYTE, pwt->b[15], pws->b[15], pwt->b[15]);
+}
+
+void helper_msa_msubv_h(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->h[0]  = msa_msubv_df(DF_HALF, pwd->h[0],  pws->h[0],  pwt->h[0]);
+pwd->h[1]  = msa_msubv_df(DF_HALF, pwd->h[1],  pws->h[1],  pwt->h[1]);
+pwd->h[2]  = msa_msubv_df(DF_HALF, pwd->h[2],  pws->h[2],  pwt->h[2]);
+pwd->h[3]  = msa_msubv_df(DF_HALF, pwd->h[3],  pws->h[3],  pwt->h[3]);
+pwd->h[4]  = msa_msubv_df(DF_HALF, pwd->h[4],  pws->h[4],  pwt->h[4]);
+pwd->h[5]  = msa_msubv_df(DF_HALF, pwd->h[5],  pws->h[5],  pwt->h[5]);
+pwd->h[6]  = msa_msubv_df(DF_HALF, pwd->h[6],  pws->h[6],  pwt->h[6]);
+pwd->h[7]  = msa_msubv_df(DF_HALF, pwd->h[7],  pws->h[7],  pwt->h[7]);
+}
+
+void helper_msa_msubv_w(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, uint32_t wt)
+{
+wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+wr_t *pws = &(env->active_fpu.fpr[ws].wr);
+wr_t *pwt = &(env->active_fpu.fpr[wt].wr);
+
+pwd->w[0]  = msa_msubv_df(DF_WORD, pwd->w[0],  pws->w[0],  pwt->w[0]);
+pwd->w[1]  = msa_msubv_df(DF_WORD, pwd->w[1],  pws->w[1],  pwt->w[1]);
+pwd->w[2]  = msa_msubv_df(DF_WORD, pwd->w[2],  pws->w[2],  pwt->w[2]);
+pwd->w[3]  = msa_msubv_df(DF_WORD, pwd->w[3],  pws->w[3],  pwt->w[3]);
+}
+
+void helper_msa_msubv_d(CPUMIPSState *env,
+uint32_t wd, uint32_t ws, 

[PATCH 0/2] Add strace support for printing arguments for ioctls

[Filip Bozuta]

From: Filip Bozuta 

This series introduces the functionality in strace to print arguments for
ioctls. This is gonna be a useful adittion as it indroduces a good debugging
and diagnostic mechanism for user programs cross compiled for different
architectures.

The first patch in the series introduces missing thunk argument types for ioctls
SIOCGSTAMP and SIOCGSTAMPNS needed for strace argument printing. The second 
patch
introduces the argument printing functionality. The implementation details are
described in the patch commit messages.

Testing method:

Mini test programs were written that run ioctls that are implemented in 
qemu.
These programs covered different varieties of ioctls. Some covered rtc 
ioctls
with both basic argument types (like RTC_IRQP_SET and RTC_IRQP_READ) and
structure types (like RTC_RD_TIME and RTC_SET_TIME). Some covered loop 
ioctls
LOOP_SET_STATUS and LOOP_GET_STATUS that use "struct loop_info" which 
contain
special types olddev_t (in qemu presented as OLDDEV_T). Some covered alsa 
timer
ioctls like SNDRV_TIMER_IOCTL_GSTATUS, SDNRV_TIMER_IOCTL_STATUS which 
contain
complex third argument types (structures that contain other structures and 
strings
as fields).

Programs were compiled (sometimes using cross-compilers) for the following
architectures:

* Intel 64-bit (little endian) (gcc)
* Power pc 32-bit (big endian) (powerpc-linux-gnu-gcc)
* Power pc 64-bit (big endian) (powerpc64-linux-gnu-gcc)
* Mips 32-bit (little endian) (mipsel-linux-gnu-gcc)
* Mips 64-bit (little endian) (mips64el-linux-gnuabi64-gcc)

All applicable compiled programs were in turn executed with "-strace"
through QEMU and the strace printing results obtained were the same
ones gotten for native execution.

Implementation limitation:

The field names of the structure argument types cannot be
printed as there is not enough information in thunk data
(inside StructEntry) to do that.

Filip Bozuta (2):
  linux-user: Add thunk argument types for SIOCGSTAMP and SIOCGSTAMPNS
  linux-user: Add strace support for printing arguments of ioctl()

 include/exec/user/thunk.h  |   1 +
 linux-user/ioctls.h|  12 ++-
 linux-user/qemu.h  |  20 +
 linux-user/strace.c| 120 +
 linux-user/strace.list |   3 +-
 linux-user/syscall.c   |  20 +
 linux-user/syscall_types.h |  12 +++
 thunk.c| 154 +
 8 files changed, 318 insertions(+), 24 deletions(-)

-- 
2.17.1

Re: [PATCH] memory: Revert "memory: accept mismatching sizes in memory_region_access_valid"

[Paolo Bonzini]

On 10/06/20 15:47, Michael S. Tsirkin wrote:
> Memory API documentation documents valid .min_access_size and .max_access_size
> fields and explains that any access outside these boundaries is blocked.
> 
> This is what devices seem to assume.
> 
> However this is not what the implementation does: it simply
> ignores the boundaries unless there's an "accepts" callback.
> 
> Naturally, this breaks a bunch of devices.
> 
> Revert to the documented behaviour.
> 
> Devices that want to allow any access can just drop the valid field,
> or add the impl field to have accesses converted to appropriate
> length.
> 
> Cc: qemu-sta...@nongnu.org
> Reviewed-by: Richard Henderson 
> Fixes: CVE-2020-13754
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1842363
> Fixes: a014ed07bd5a ("memory: accept mismatching sizes in 
> memory_region_access_valid")
> Signed-off-by: Michael S. Tsirkin 
> ---
>  memory.c | 29 +
>  1 file changed, 9 insertions(+), 20 deletions(-)
> 
> diff --git a/memory.c b/memory.c
> index 91ceaf9fcf..3e9388fb74 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -1352,35 +1352,24 @@ bool memory_region_access_valid(MemoryRegion *mr,
>  bool is_write,
>  MemTxAttrs attrs)
>  {
> -int access_size_min, access_size_max;
> -int access_size, i;
> +if (mr->ops->valid.accepts
> +&& !mr->ops->valid.accepts(mr->opaque, addr, size, is_write, attrs)) 
> {
> +return false;
> +}
>  
>  if (!mr->ops->valid.unaligned && (addr & (size - 1))) {
>  return false;
>  }
>  
> -if (!mr->ops->valid.accepts) {
> +/* Treat zero as compatibility all valid */
> +if (!mr->ops->valid.max_access_size) {
>  return true;
>  }
>  
> -access_size_min = mr->ops->valid.min_access_size;
> -if (!mr->ops->valid.min_access_size) {
> -access_size_min = 1;
> +if (size > mr->ops->valid.max_access_size
> +|| size < mr->ops->valid.min_access_size) {
> +return false;
>  }
> -
> -access_size_max = mr->ops->valid.max_access_size;
> -if (!mr->ops->valid.max_access_size) {
> -access_size_max = 4;
> -}
> -
> -access_size = MAX(MIN(size, access_size_max), access_size_min);
> -for (i = 0; i < size; i += access_size) {
> -if (!mr->ops->valid.accepts(mr->opaque, addr + i, access_size,
> -is_write, attrs)) {
> -return false;
> -}
> -}
> -
>  return true;
>  }
>  
> 

Queued, thanks.

Paolo

[PATCH 2/2] linux-user: Add strace support for printing arguments of ioctl()

[Filip Bozuta]

From: Filip Bozuta 

This patch implements functionality for strace argument printing for ioctls.
When running ioctls through qemu with "-strace", they get printed in format:

"ioctl(fd_num,0x*,0x*) = ret_value"

where the request code an the ioctl's third argument get printed in a 
hexadicemal
format. This patch changes that by enabling strace to print both the request 
code
name and the contents of the third argument. For example, when running ioctl
RTC_SET_TIME with "-strace", with changes from this patch, it gets printed in
this way:

"ioctl(3,RTC_SET_TIME,{12,13,15,20,10,119,0,0,0}) = 0"

In case of IOC_R type ioctls, the contents of the third argument get printed
after the return value, and the argument inside the ioctl call gets printed
as pointer in hexadecimal format. For example, when running RTC_RD_TIME with
"-strace", with changes from this patch, it gets printed in this way:

"ioctl(3,RTC_RD_TIME,0x40800374) = 0 ({22,9,13,11,5,120,0,0,0})"

In case of IOC_RW type ioctls, the contents of the third argument get printed
both inside the ioctl call and after the return value.

Implementation notes:

Functions "print_ioctl()" and "print_syscall_ret_ioctl()", that are defined
in "strace.c", are listed in file "strace.list" as "call" and "result"
value for ioctl. Structure definition "IOCTLEntry" as well as predefined
values for IOC_R, IOC_W and IOC_RW were cut and pasted from file "syscall.c"
to file "qemu.h" so that they can be used by these functions to print the
contents of the third ioctl argument. Also, the "static" identifier for 
array
"ioctl_entries[]" was removed and this array was declared as "extern" in 
"qemu.h"
so that it can also be used by these functions. To decode the structure type
of the ioctl third argument, function "thunk_print()" was defined in file
"thunk.c" and its definition is somewhat simillar to that of function
"thunk_convert()".

Signed-off-by: Filip Bozuta 
---
 include/exec/user/thunk.h |   1 +
 linux-user/qemu.h |  20 +
 linux-user/strace.c   | 120 +
 linux-user/strace.list|   3 +-
 linux-user/syscall.c  |  20 +
 thunk.c   | 154 ++
 6 files changed, 298 insertions(+), 20 deletions(-)

diff --git a/include/exec/user/thunk.h b/include/exec/user/thunk.h
index eae2c27f99..7992475c9f 100644
--- a/include/exec/user/thunk.h
+++ b/include/exec/user/thunk.h
@@ -73,6 +73,7 @@ void thunk_register_struct_direct(int id, const char *name,
   const StructEntry *se1);
 const argtype *thunk_convert(void *dst, const void *src,
  const argtype *type_ptr, int to_host);
+const argtype *thunk_print(void *arg, const argtype *type_ptr);
 
 extern StructEntry *struct_entries;
 
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index be67391ba4..5c964389c1 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -184,6 +184,26 @@ struct linux_binprm {
 int (*core_dump)(int, const CPUArchState *); /* coredump routine */
 };
 
+typedef struct IOCTLEntry IOCTLEntry;
+
+typedef abi_long do_ioctl_fn(const IOCTLEntry *ie, uint8_t *buf_temp,
+ int fd, int cmd, abi_long arg);
+
+struct IOCTLEntry {
+int target_cmd;
+unsigned int host_cmd;
+const char *name;
+int access;
+do_ioctl_fn *do_ioctl;
+const argtype arg_type[5];
+};
+
+extern IOCTLEntry ioctl_entries[];
+
+#define IOC_R 0x0001
+#define IOC_W 0x0002
+#define IOC_RW (IOC_R | IOC_W)
+
 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop);
 abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp,
   abi_ulong stringp, int push_ptr);
diff --git a/linux-user/strace.c b/linux-user/strace.c
index 5f370256e3..8de8f242ae 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -869,6 +869,51 @@ print_syscall_ret_listxattr(const struct syscallname 
*name, abi_long ret,
 #define print_syscall_ret_flistxattr print_syscall_ret_listxattr
 #endif
 
+#ifdef TARGET_NR_ioctl
+static void
+print_syscall_ret_ioctl(const struct syscallname *name, abi_long ret,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+const char *errstr = NULL;
+
+qemu_log(" = ");
+if (ret < 0) {
+qemu_log("-1 errno=%d", errno);
+errstr = target_strerror(-ret);
+if (errstr) {
+qemu_log(" (%s)", errstr);
+}
+} else {
+qemu_log(TARGET_ABI_FMT_ld, ret);
+
+const IOCTLEntry *ie;
+const argtype *arg_type;
+void *argptr;
+int target_size;
+
+for (ie = ioctl_entries; ie->target_cmd != 0; ie++) {
+if (ie->target_cmd == arg1) {
+break;
+}
+}
+
+if (ie->target_cmd == arg1 &&
+   (ie->access =

[PATCH 1/2] linux-user: Add thunk argument types for SIOCGSTAMP and SIOCGSTAMPNS

[Filip Bozuta]

From: Filip Bozuta 

Socket ioctls SIOCGSTAMP and SIOCGSTAMPNS, used for timestamping the socket
connection, are defined in file "ioctls.h" differently from other ioctls.
The reason for this difference is explained in the comments above their 
definition.
These ioctls didn't have defined thunk argument types before changes from this
patch. They have special handling functions ("do_ioctl_SIOCGSTAMP" and
"do_ioctl_SIOCGSTAMPNS") that take care of setting values for approppriate 
argument
types (struct timeval and struct timespec) and thus no thunk argument types were
needed for their implementation. But this patch adds those argument type 
definitions
in file "syscall_types.h" and "ioctls.h" as it is needed for printing arguments
of these ioctls with strace.

Implementation notes:

There are two variants of these ioctls: SIOCGSTAMP_OLD/SIOCGSTAM_NEW and
SIOCGSTAMPNS_OLD/SIOCGSTAMPNS_NEW. One is the old existing definition and 
the
other is the 2038 safe variant used for 32-bit architectures. These variants
use types "struct timeval/timeval64" and "struct timespec/timespec64" 
respectively.
That is the reason why corresponding structure definitions were added in 
file
"syscall_types.h". STRUCT_timeval definition was already inside the file as
it is used by another implemented ioctl.

Signed-off-by: Filip Bozuta 
---
 linux-user/ioctls.h| 12 
 linux-user/syscall_types.h | 12 
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 0defa1d8c1..68d43f71cc 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -279,13 +279,17 @@
* FIXME: create a macro to define this kind of entry
*/
   { TARGET_SIOCGSTAMP_OLD, TARGET_SIOCGSTAMP_OLD,
-"SIOCGSTAMP_OLD", IOC_R, do_ioctl_SIOCGSTAMP },
+"SIOCGSTAMP_OLD", IOC_R, do_ioctl_SIOCGSTAMP,
+{ MK_PTR(MK_STRUCT(STRUCT_timeval)) } },
   { TARGET_SIOCGSTAMPNS_OLD, TARGET_SIOCGSTAMPNS_OLD,
-"SIOCGSTAMPNS_OLD", IOC_R, do_ioctl_SIOCGSTAMPNS },
+"SIOCGSTAMPNS_OLD", IOC_R, do_ioctl_SIOCGSTAMPNS,
+{ MK_PTR(MK_STRUCT(STRUCT_timespec)) } },
   { TARGET_SIOCGSTAMP_NEW, TARGET_SIOCGSTAMP_NEW,
-"SIOCGSTAMP_NEW", IOC_R, do_ioctl_SIOCGSTAMP },
+"SIOCGSTAMP_NEW", IOC_R, do_ioctl_SIOCGSTAMP,
+{ MK_PTR(MK_STRUCT(STRUCT_timeval64)) } },
   { TARGET_SIOCGSTAMPNS_NEW, TARGET_SIOCGSTAMPNS_NEW,
-"SIOCGSTAMPNS_NEW", IOC_R, do_ioctl_SIOCGSTAMPNS },
+"SIOCGSTAMPNS_NEW", IOC_R, do_ioctl_SIOCGSTAMPNS,
+{ MK_PTR(MK_STRUCT(STRUCT_timespec64)) } },
 
   IOCTL(RNDGETENTCNT, IOC_R, MK_PTR(TYPE_INT))
   IOCTL(RNDADDTOENTCNT, IOC_W, MK_PTR(TYPE_INT))
diff --git a/linux-user/syscall_types.h b/linux-user/syscall_types.h
index 4e12c1661e..a5ad5a9ddc 100644
--- a/linux-user/syscall_types.h
+++ b/linux-user/syscall_types.h
@@ -137,10 +137,22 @@ STRUCT(snd_timer_params,
TYPE_INT, /* filter */
MK_ARRAY(TYPE_CHAR, 60)) /* reserved */
 
+STRUCT(timeval,
+   TYPE_LONG, /* tv_sec */
+   TYPE_LONG) /* tv_usec */
+
+STRUCT(timeval64,
+   TYPE_LONGLONG, /* tv_sec */
+   TYPE_LONGLONG) /* tv_usec */
+
 STRUCT(timespec,
TYPE_LONG, /* tv_sec */
TYPE_LONG) /* tv_nsec */
 
+STRUCT(timespec64,
+   TYPE_LONGLONG, /* tv_sec */
+   TYPE_LONGLONG) /* tv_nsec */
+
 STRUCT(snd_timer_status,
MK_STRUCT(STRUCT_timespec), /* tstamp */
TYPE_INT, /* resolution */
-- 
2.17.1

Re: [PATCH v2 0/6] softfloat, target/i386: fprem, fprem1 fixes

[Paolo Bonzini]

On 08/06/20 18:54, Joseph Myers wrote:
> The x87 floating-point emulation of the fprem and fprem1 instructions
> works via conversion to and from double.  This is inherently
> unsuitable for a good emulation of any floatx80 operation.  This patch
> series adapts the softfloat floatx80_rem implementation to be suitable
> for these instructions and uses it to reimplement them.
> 
> There is an existing test for these instructions, test-i386-fprem.c,
> based on comparison of output.  It produces 1679695 lines of output,
> and before this patch series 415422 of those lines are different on
> hardware from the output produced by QEMU.  Some of those differences
> are because QEMU's x87 emulation does not yet produce the "denormal
> operand" exception; ignoring such differences (modifying the output
> from a native run not to report that exception), there are still
> 398833 different lines.  This patch series reduces that latter number
> to 1 (that one difference being because of missing checks for
> floating-point stack underflow, another global issue with the x87
> emulation), or 35517 different lines without the correction for lack
> of denormal operand exception support.
> 
> Several fixes to and new features in the softfloat support for this
> operation are needed; floatx80_mod, previously present in the m68k
> code only, is made generic and unified with floatx80_rem in a new
> floatx80_modrem of which floatx80_mod and floatx80_rem are thin
> wrappers.  The only architectures using float*_rem for other formats
> are arm (FPA emulation) and openrisc (instructions that have been
> removed in the latest architecture version); they do not appear to
> need any of the new features, and all the bugs fixed are specific to
> floatx80, so no changes are made to the remainder implementation for
> those formats.
> 
> A new feature added is returning the low bits of the quotient from
> floatx80_modrem, as needed for both x87 and m68k.  The logic used to
> determine the low 7 bits of the quotient for m68k
> (target/m68k/fpu_helper.c:make_quotient) appears completely bogus (it
> looks at the result of converting the remainder to integer, the
> quotient having been discarded by that point); this patch series does
> not change that to use the new interface, but the m68k maintainers may
> wish to do so.
> 
> The Intel instruction set documentation leaves unspecified the exact
> number of bits by which the remainder instructions reduce the operand
> each time.  The AMD documentation gives a specific formula, which
> empirically Intel processors follow as well, and that formula is
> implemented in the code.  The AMD documentation also specifies that
> flags other than C2 are cleared in the partial remainder case, whereas
> the Intel manual is silent on that (but the processors do appear to
> clear those flags); this patch implements that flag clearing, and
> keeps the existing flag clearing in cases where the instructions raise
> "invalid" (although it seems hardware in fact only clears some but not
> all flags in that case, leaving other flags unchanged).
> 
> The Intel manuals include an inaccurate table asserting that (finite
> REM 0) should raise "divide by zero"; actually, in accordance with
> IEEE semantics, it raises "invalid".  The AMD manuals inaccurately say
> for both fprem and fprem1 that if the exponent difference is negative,
> the numerator is returned unchanged, which is correct (apart from
> normalizing pseudo-denormals) for fprem but not for fprem1 (and the
> old QEMU code had an incorrect optimization following the AMD manuals
> for fprem1).
> 
> Changes in version 2 of the patch series: fix comment formatting and
> combine patches 6 and 7.
> 
> Joseph Myers (6):
>   softfloat: merge floatx80_mod and floatx80_rem
>   softfloat: fix floatx80 remainder pseudo-denormal check for zero
>   softfloat: do not return pseudo-denormal from floatx80 remainder
>   softfloat: do not set denominator high bit for floatx80 remainder
>   softfloat: return low bits of quotient from floatx80_modrem
>   target/i386: reimplement fprem, fprem1 using floatx80 operations
> 
>  fpu/softfloat.c  |  87 ++
>  include/fpu/softfloat.h  |   3 +
>  target/i386/fpu_helper.c | 156 ---
>  target/m68k/softfloat.c  |  83 -
>  target/m68k/softfloat.h  |   1 -
>  5 files changed, 122 insertions(+), 208 deletions(-)
> 

Queued, thanks.

Paolo

Re: [PATCH] target/i386: reimplement f2xm1 using floatx80 operations

[Paolo Bonzini]

On 12/06/20 01:45, Joseph Myers wrote:
> The x87 f2xm1 emulation is currently based around conversion to
> double.  This is inherently unsuitable for a good emulation of any
> floatx80 operation, even before considering that it is a particularly
> naive implementation using double (computing with pow and then
> subtracting 1 rather than attempting a better emulation using expm1).
> 
> Reimplement using the soft-float operations, including additions and
> multiplications with higher precision where appropriate to limit
> accumulation of errors.  I considered reusing some of the m68k code
> for transcendental operations, but the instructions don't generally
> correspond exactly to x87 operations (for example, m68k has 2^x and
> e^x - 1, but not 2^x - 1); to avoid possible accumulation of errors
> from applying multiple such operations each rounding to floatx80
> precision, I wrote a direct implementation of 2^x - 1 instead.  It
> would be possible in principle to make the implementation more
> efficient by doing the intermediate operations directly with
> significands, signs and exponents and not packing / unpacking floatx80
> format for each operation, but that would make it significantly more
> complicated and it's not clear that's worthwhile; the m68k emulation
> doesn't try to do that.
> 
> A test is included with many randomly generated inputs.  The
> assumption of the test is that the result in round-to-nearest mode
> should always be one of the two closest floating-point numbers to the
> mathematical value of 2^x - 1; the implementation aims to do somewhat
> better than that (about 70 correct bits before rounding).  I haven't
> investigated how accurate hardware is.
> 
> Signed-off-by: Joseph Myers 
> 
> ---
> 
> This patch depends on at least some of my previous x87 emulation fixes
> being present (probably only the ones in the recent pull request; I
> don't think it depends on any of the most recent series fixing fprem
> and fprem1).  I expect to make similar fixes for fyl2xp1, fyl2x and
> fpatan.  (The other transcendental instructions (fcos, fptan, fsin,
> fsincos) may follow, but as a lower priority, as I'm aiming at getting
> reasonable glibc test results under QEMU and those trigonometric
> instructions - with their documented semantics that they are defined
> to do range reduction using a specific 66-bit approximation to pi -
> aren't used in glibc.)
> 
> checkpatch.pl has its usual false-positive complaints about hex
> floating-point constants in the testcase.  It also complains about
> lines over 80 columns in that test; I can reformat the test if
> desired, but it's not clear line length matters for such a randomly
> generated table of test inputs and expected results.
> 
> ---
>  target/i386/fpu_helper.c |  385 +-
>  tests/tcg/i386/test-i386-f2xm1.c | 1140 ++
>  2 files changed, 1522 insertions(+), 3 deletions(-)
>  create mode 100644 tests/tcg/i386/test-i386-f2xm1.c
> 
> diff --git a/target/i386/fpu_helper.c b/target/i386/fpu_helper.c
> index 0e531e3821..8f34ea9776 100644
> --- a/target/i386/fpu_helper.c
> +++ b/target/i386/fpu_helper.c
> @@ -25,6 +25,7 @@
>  #include "exec/exec-all.h"
>  #include "exec/cpu_ldst.h"
>  #include "fpu/softfloat.h"
> +#include "fpu/softfloat-macros.h"
>  
>  #ifdef CONFIG_SOFTMMU
>  #include "hw/irq.h"
> @@ -836,12 +837,390 @@ void helper_fbst_ST0(CPUX86State *env, target_ulong 
> ptr)
>  merge_exception_flags(env, old_flags);
>  }
>  
> +/* 128-bit significand of log(2).  */
> +#define ln2_sig_high 0xb17217f7d1cf79abULL
> +#define ln2_sig_low 0xc9e3b39803f2f6afULL
> +
> +/*
> + * Polynomial coefficients for an approximation to (2^x - 1) / x, on
> + * the interval [-1/64, 1/64].
> + */
> +#define f2xm1_coeff_0 make_floatx80(0x3ffe, 0xb17217f7d1cf79acULL)
> +#define f2xm1_coeff_0_low make_floatx80(0xbfbc, 0xd87edabf495b3762ULL)
> +#define f2xm1_coeff_1 make_floatx80(0x3ffc, 0xf5fdeffc162c7543ULL)
> +#define f2xm1_coeff_2 make_floatx80(0x3ffa, 0xe35846b82505fcc7ULL)
> +#define f2xm1_coeff_3 make_floatx80(0x3ff8, 0x9d955b7dd273b899ULL)
> +#define f2xm1_coeff_4 make_floatx80(0x3ff5, 0xaec3ff3c4ef4ac0cULL)
> +#define f2xm1_coeff_5 make_floatx80(0x3ff2, 0xa184897c3a7f0de9ULL)
> +#define f2xm1_coeff_6 make_floatx80(0x3fee, 0xffe634d0ec30d504ULL)
> +#define f2xm1_coeff_7 make_floatx80(0x3feb, 0xb160111d2db515e4ULL)
> +
> +struct f2xm1_data {
> +/*
> + * A value very close to a multiple of 1/32, such that 2^t and 2^t - 1
> + * are very close to exact floatx80 values.
> + */
> +floatx80 t;
> +/* The value of 2^t.  */
> +floatx80 exp2;
> +/* The value of 2^t - 1.  */
> +floatx80 exp2m1;
> +};
> +
> +static const struct f2xm1_data f2xm1_table[65] = {
> +{ make_floatx80(0xbfff, 0x8000ULL),
> +  make_floatx80(0x3ffe, 0x8000ULL),
> +  make_floatx80(0xbffe, 0x8000ULL) },
> +{ make_floatx80(0xbffe, 0xf8002e7eULL),
> +  make_floatx

Re: [PATCH v2 01/12] npcm7xx: Add config symbol

[Havard Skinnemoen]

Hi Philippe,

On Fri, Jun 12, 2020 at 6:35 AM Philippe Mathieu-Daudé 
wrote:

> Hi Havard
>
> On 6/12/20 12:30 AM, Havard Skinnemoen wrote:
> > Add a config symbol for the NPCM7xx BMC SoC family that subsequent
> > patches can use in Makefiles.
> >
> > Change-Id: I6e4d5c58716cb6fe4ea5d06f148beeafda55f9a5
>
> What it this Change-Id tag used for?
>

It's used by Gerrit code review, which we use for reviews internally
(between Google and Nuvoton). I meant to remove it before mailing the
patches, sorry.

Re: [PULL v2 00/58] virtio, acpi, pci: features, fixes, cleanups, tests

[Michael S. Tsirkin]

On Fri, Jun 12, 2020 at 08:51:46AM -0700, no-re...@patchew.org wrote:
> Patchew URL: https://patchew.org/QEMU/20200612141917.9446-1-...@redhat.com/
> 
> 
> 
> Hi,
> 
> This series seems to have some coding style problems. See output below for
> more information:
> 
> Message-id: 20200612141917.9446-1-...@redhat.com
> Subject: [PULL v2 00/58] virtio,acpi,pci: features, fixes, cleanups, tests
> Type: series
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> git rev-parse base > /dev/null || exit 0
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> git config --local diff.algorithm histogram
> ./scripts/checkpatch.pl --mailback base..
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> Switched to a new branch 'test'
> 46dd9b7 virtio-pci: fix queue_enable write
> d9d64b5 pci: Display PCI IRQ pin in "info pci"
> d784b45 acpi: ged: rename event memory region
> 31f9185 acpi: fadt: add hw-reduced sleep register support
> 7ea0b6d acpi: madt: skip pci override on pci-less systems.
> c105d68 acpi: create acpi-common.c and move madt code
> e5065df acpi: make build_madt() more generic.
> 984d983 virtio: add vhost-user-vsock-pci device
> 9da4528 virtio: add vhost-user-vsock base device
> 65280b9 vhost-vsock: add vhost-vsock-common abstraction
> 938682f hw/pci: Fix crash when running QEMU with "-nic model=rocker"
> dc89e8a libvhost-user: advertise vring features
> 91ccf2f Lift max ram slots limit in libvhost-user
> 2d95eb8 Support individual region unmap in libvhost-user
> 5965847 Support adding individual regions in libvhost-user
> 4cbf181 Support ram slot configuration in libvhost-user
> df71a7d Refactor out libvhost-user fault generation logic
> c26fd6d Lift max memory slots limit imposed by vhost-user
> 2c027ae Transmit vhost-user memory regions individually
> 31f458e Add VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS
> a498834 Add vhost-user helper to get MemoryRegion data
> 0b879bd Add helper to populate vhost-user message regions
> aeb2dd3 vhost-user-blk: delay vhost_user_blk_disconnect
> 2764cfd char-socket: return -1 in case of disconnect during tcp_chr_write
> 8094f71 hw/pci-host: Use the IEC binary prefix definitions
> 2182c70 hw/pci/pci_bridge: Use the IEC binary prefix definitions
> c2a6ce2 hw/pci/pci_bridge: Correct pci_bridge_io memory region size
> 55e9447 hw/pci-host/prep: Correct RAVEN bus bridge memory region size
> 9b4b0a1 pci: assert configuration access is within bounds
> f5161c8 hw/pci/pcie: Move hot plug capability check to pre_plug callback
> 61e916f MAINTAINERS: Fix the classification of bios-tables-test-allowed-diff.h
> 8c4d9bc virtio-balloon: Provide an interface for free page reporting
> 1f62891 virtio-balloon: Implement support for page poison reporting feature
> a186c69 virtio-balloon: unref the iothread when unrealizing
> f995a73 virtio-balloon: fix free page hinting check on unrealize
> 1ae2534 virtio-balloon: fix free page hinting without an iothread
> 23ca28d bios-tables-test: Generate reference tables for Q35/TPM-TIS
> 681761b bios-tables-test: Add Q35/TPM-TIS test
> 55dc15d tests: tpm-emu: Remove assert on TPM2_ST_NO_SESSIONS
> d156ed4 tests/acpi: Add void tables for Q35/TPM-TIS bios-tables-test
> 1f7f0ed test/tpm-emu: include sockets and channel headers in tpm-emu header
> 1d4ccd1 arm/acpi: TPM2 ACPI table support
> 05d06ef acpi: Move build_tpm2() in the generic part
> b3d7639 acpi: Convert build_tpm2() to build_append* API
> c83165b acpi: tpm: Do not build TCPA table for TPM 2
> d5513c9 tests/acpi: update DSDT expected files
> fd8fce1 acpi: move aml builder code for parallel device
> ef1eb92 acpi: parallel: don't use _STA method
> 7dd4ccf acpi: move aml builder code for serial device
> bae880e acpi: serial: don't use _STA method
> 97466cf acpi: rtc: use a single crs range
> 74ad15b acpi: move aml builder code for rtc device
> 7168264 qtest: allow DSDT acpi table changes
> f0b0e85 tests/acpi: update expected SRAT files
> cc03da0 hw/acpi/nvdimm: add a helper to augment SRAT generation
> c864987 diffs-allowed: add the SRAT AML to diffs-allowed
> 2029ad3 msix: allow qword MSI-X table accesses
> 
> === OUTPUT BEGIN ===
> 1/57 Checking commit 2029ad30a9a4 (msix: allow qword MSI-X table accesses)
> 2/57 Checking commit c8649877f7aa (diffs-allowed: add the SRAT AML to 
> diffs-allowed)
> 3/57 Checking commit cc03da0d8b45 (hw/acpi/nvdimm: add a helper to augment 
> SRAT generation)
> 4/57 Checking commit f0b0e85de3ba (tests/acpi: update expected SRAT files)
> ERROR: Do not add expected files together with tests, follow instructions in 
> tests/qtest/bios-tables-test.c: both tests/data/acpi/virt/SRAT.memhp and 
> tests/qtest/bios-tables-test-allowed-diff.h found
> 
> ERROR: Do not add expected files together with tests, follow instructions in 
> tests/qtest/bios-tables-test.c: both tests/data/acpi/virt/SRAT.memhp and 
> tests/qtest/bios-tables-test-allowed-diff.h found

The checkpatch fix isn't merged yet...

-- 
MST

Re: [PULL 00/56] virtio,acpi,pci: features, fixes, cleanups, tests

[Michael S. Tsirkin]

On Thu, Jun 11, 2020 at 07:13:35PM +0100, Peter Maydell wrote:
> On Wed, 10 Jun 2020 at 05:26, Michael S. Tsirkin  wrote:
> >
> > The following changes since commit 49ee11555262a256afec592dfed7c5902d5eefd2:
> >/tmp/par8snSu.par
> 
> >   Merge remote-tracking branch 
> > 'remotes/vivier2/tags/linux-user-for-5.1-pull-request' into staging 
> > (2020-06-08 11:04:57 +0100)
> >
> > are available in the Git repository at:
> >
> >   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
> >
> > for you to fetch changes up to 23fe04b63b412276c7c2f67c550961af9d0b4e1e:
> >
> >   Fix parameter type in vhost migration log path (2020-06-09 14:18:04 -0400)
> >
> > 
> > virtio,acpi,pci: features, fixes, cleanups, tests
> >
> > Max slots negotiation for vhost-user.
> > Free page reporting for balloon.
> > Partial TPM2 ACPI support for ARM.
> > Support for NVDIMMs having their own proximity domains.
> > New vhost-user-vsock device.
> >
> > Fixes, cleanups in ACPI, PCI, virtio.
> > New tests for TPM ACPI.
> >
> > Signed-off-by: Michael S. Tsirkin 
> 
> Hi; I'm afraid this has format string issues:
> 
> /Users/pm215/src/qemu-for-merges/hw/virtio/vhost-user.c:759:51: error:
> format specifies type 'unsigned long' but the argument has type
> 'uint64_t' (aka 'unsigned long long') [-Werror,-Wformat]
>  "%lX", __func__, reply_gpa,
>   ^
> /Users/pm215/src/qemu-for-merges/hw/virtio/vhost-user.c:760:34: error:
> format specifies type 'unsigned long' but the argument has type
> 'uint64_t' (aka 'unsigned long long') [-Werror,-Wformat]
>  dev->mem->regions[reg_idx].guest_phys_addr);
>  ^~
> /Users/pm215/src/qemu-for-merges/hw/virtio/vhost-user.c:1876:67:
> error: format specifies type 'unsigned long' but the argument has type
> 'uint64_t' (aka 'unsigned long long') [-Werror,-Wformat]
>  "This limit should never decrease.", ram_slots,
>   ^
> 
> (repros on OSX, OpenBSD, and 32-bit hosts)
> 
> thanks
> -- PMM

Fixed and sent v2, thanks!

-- 
MST

[PULL 082/116] target/i386: correct fix for pcmpxstrx substring search

[Paolo Bonzini]

From: Joseph Myers 

This corrects a bug introduced in my previous fix for SSE4.2 pcmpestri
/ pcmpestrm / pcmpistri / pcmpistrm substring search, commit
ae35eea7e4a9f21dd147406dfbcd0c4c6aaf2a60.

That commit fixed a bug that showed up in four GCC tests with one libc
implementation.  The tests in question generate random inputs to the
intrinsics and compare results to a C implementation, but they only
test 1024 possible random inputs, and when the tests use the cases of
those instructions that work with word rather than byte inputs, it's
easy to have problematic cases that show up much less frequently than
that.  Thus, testing with a different libc implementation, and so a
different random number generator, showed up a problem with the
previous patch.

When investigating the previous test failures, I found the description
of these instructions in the Intel manuals (starting from computing a
16x16 or 8x8 set of comparison results) confusing and hard to match up
with the more optimized implementation in QEMU, and referred to AMD
manuals which described the instructions in a different way.  Those
AMD descriptions are very explicit that the whole of the string being
searched for must be found in the other operand, not running off the
end of that operand; they say "If the prototype and the SUT are equal
in length, the two strings must be identical for the comparison to be
TRUE.".  However, that statement is incorrect.

In my previous commit message, I noted:

  The operation in this case is a search for a string (argument d to
  the helper) in another string (argument s to the helper); if a copy
  of d at a particular position would run off the end of s, the
  resulting output bit should be 0 whether or not the strings match in
  the region where they overlap, but the QEMU implementation was
  wrongly comparing only up to the point where s ends and counting it
  as a match if an initial segment of d matched a terminal segment of
  s.  Here, "run off the end of s" means that some byte of d would
  overlap some byte outside of s; thus, if d has zero length, it is
  considered to match everywhere, including after the end of s.

The description "some byte of d would overlap some byte outside of s"
is accurate only when understood to refer to overlapping some byte
*within the 16-byte operand* but at or after the zero terminator; it
is valid to run over the end of s if the end of s is the end of the
16-byte operand.  So the fix in the previous patch for the case of d
being empty was correct, but the other part of that patch was not
correct (as it never allowed partial matches even at the end of the
16-byte operand).  Nor was the code before the previous patch correct
for the case of d nonempty, as it would always have allowed partial
matches at the end of s.

Fix with a partial revert of my previous change, combined with
inserting a check for the special case of s having maximum length to
determine where it is necessary to check for matches.

In the added test, test 1 is for the case of empty strings, which
failed before my 2017 patch, test 2 is for the bug introduced by my
2017 patch and test 3 deals with the case where a match of an initial
segment at the end of the string is not valid when the string ends
before the end of the 16-byte operand (that is, the case that would be
broken by a simple revert of the non-empty-string part of my 2017
patch).

Signed-off-by: Joseph Myers 
Message-Id: 
Signed-off-by: Paolo Bonzini 
---
 target/i386/ops_sse.h|  4 ++--
 tests/tcg/i386/Makefile.target   |  3 +++
 tests/tcg/i386/test-i386-pcmpistri.c | 33 
 3 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 tests/tcg/i386/test-i386-pcmpistri.c

diff --git a/target/i386/ops_sse.h b/target/i386/ops_sse.h
index 01d6017412..14f2b16abd 100644
--- a/target/i386/ops_sse.h
+++ b/target/i386/ops_sse.h
@@ -2089,10 +2089,10 @@ static inline unsigned pcmpxstrx(CPUX86State *env, Reg 
*d, Reg *s,
 res = (2 << upper) - 1;
 break;
 }
-for (j = valids - validd; j >= 0; j--) {
+for (j = valids == upper ? valids : valids - validd; j >= 0; j--) {
 res <<= 1;
 v = 1;
-for (i = validd; i >= 0; i--) {
+for (i = MIN(valids - j, validd); i >= 0; i--) {
 v &= (pcmp_val(s, ctrl, i + j) == pcmp_val(d, ctrl, i));
 }
 res |= v;
diff --git a/tests/tcg/i386/Makefile.target b/tests/tcg/i386/Makefile.target
index 43ee2e181e..53efec0668 100644
--- a/tests/tcg/i386/Makefile.target
+++ b/tests/tcg/i386/Makefile.target
@@ -10,6 +10,9 @@ ALL_X86_TESTS=$(I386_SRCS:.c=)
 SKIP_I386_TESTS=test-i386-ssse3
 X86_64_TESTS:=$(filter test-i386-ssse3, $(ALL_X86_TESTS))
 
+test-i386-pcmpistri: CFLAGS += -msse4.2
+run-test-i386-pcmpistri: QEMU_OPTS += -cpu max
+
 #
 # hello-i386 is a barebones app
 #
diff --git a/tests/tcg/i386/test-i386-pcmpistri.c 
b/tests/tcg/i386/test-i386-pcmpis

[PULL v2 000/116] Huge miscellaneous pull request for 2020-06-11

[Paolo Bonzini]

The following changes since commit 31d321c2b3574dcc74e9f6411af06bca6b5d10f4:

  Merge remote-tracking branch 'remotes/philmd-gitlab/tags/sparc-next-20200609' 
into staging (2020-06-09 17:29:47 +0100)

are available in the Git repository at:

  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to 3575b0aea983ad57804c9af739ed8ff7bc168393:

  target/i386: Remove obsolete TODO file (2020-06-12 11:20:15 -0400)


* Miscellaneous fixes and feature enablement (many)
* SEV refactoring (David)
* Hyper-V initial support (Jon)
* i386 TCG fixes (x87 and SSE, Joseph)
* vmport cleanup and improvements (Philippe, Liran)
* Use-after-free with vCPU hot-unplug (Nengyuan)
* run-coverity-scan improvements (myself)
* Record/replay fixes (Pavel)
* -machine kernel_irqchip=split improvements for INTx (Peter)
* Code cleanups (Philippe)
* Crash and security fixes (PJP)
* HVF cleanups (Roman)


Anthony PERARD (1):
  xen: fix build without pci passthrough

Babu Moger (1):
  target/i386: Fix the CPUID leaf CPUID_Fn8008

Cathy Zhang (1):
  x86/cpu: Enable AVX512_VP2INTERSECT cpu feature

Cédric Le Goater (1):
  qom/object: Fix object_child_foreach_recursive() return value

David Carlier (1):
  util/oslib: Returns the real thread identifier on FreeBSD and NetBSD

David Gibson (9):
  target/i386: sev: Remove unused QSevGuestInfoClass
  target/i386: sev: Move local structure definitions into .c file
  target/i386: sev: Rename QSevGuestInfo
  target/i386: sev: Embed SEVState in SevGuestState
  target/i386: sev: Partial cleanup to sev_state global
  target/i386: sev: Remove redundant cbitpos and reduced_phys_bits fields
  target/i386: sev: Remove redundant policy field
  target/i386: sev: Remove redundant handle field
  target/i386: sev: Unify SEVState and SevGuestState

Edgar E. Iglesias (1):
  tests: machine-none-test: Enable MicroBlaze testing

Igor Mammedov (2):
  vl.c: run preconfig loop before creating default RAM backend
  numa: prevent usage of -M memory-backend and -numa memdev at the same time

Janne Grunau (1):
  target/i386: fix phadd* with identical destination and source register

Jon Doron (6):
  hyperv: expose API to determine if synic is enabled
  vmbus: add vmbus protocol definitions
  vmbus: vmbus implementation
  i386:pc: whitelist dynamic vmbus-bridge
  i386: Hyper-V VMBus ACPI DSDT entry
  vmbus: add infrastructure to save/load vmbus requests

Joseph Myers (12):
  target/i386: implement special cases for fxtract
  target/i386: fix fscale handling of signaling NaN
  target/i386: fix fscale handling of invalid exponent encodings
  target/i386: fix fscale handling of infinite exponents
  target/i386: fix fscale handling of rounding precision
  target/i386: fix floating-point load-constant rounding
  target/i386: fix fxam handling of invalid encodings
  target/i386: fix fbstp handling of negative zero
  target/i386: fix fbstp handling of out-of-range values
  target/i386: fix fisttpl, fisttpll handling of out-of-range values
  target/i386: fix IEEE x87 floating-point exception raising
  target/i386: correct fix for pcmpxstrx substring search

Julio Faracco (1):
  i386: Remove unused define's from hax and hvf

Leonid Bloch (1):
  configure: Do not ignore malloc value

Like Xu (1):
  target/i386: define a new MSR based feature word - FEAT_PERF_CAPABILITIES

Liran Alon (14):
  hw/i386/vmport: Add reference to VMware open-vm-tools
  hw/i386/vmport: Add device properties
  hw/i386/vmport: Propagate IOPort read to vCPU EAX register
  hw/i386/vmport: Set EAX to -1 on failed and unsupported commands
  hw/i386/vmport: Introduce vmware-vmx-version property
  hw/i386/vmport: Report vmware-vmx-type in CMD_GETVERSION
  hw/i386/vmport: Introduce vmport.h
  hw/i386/vmport: Define enum for all commands
  hw/i386/vmport: Add support for CMD_GETBIOSUUID
  hw/i386/vmport: Add support for CMD_GET_VCPU_INFO
  hw/i386/vmport: Allow x2apic without IR
  i386/cpu: Store LAPIC bus frequency in CPU structure
  hw/i386/vmport: Add support for CMD_GETHZ
  hw/i386/vmport: Assert vmport initialized before registering commands

Markus Armbruster (1):
  cpus: Fix botched configure_icount() error API violation fix

Masahiro Yamada (5):
  qom: remove index from object_resolve_abs_path()
  qom/object: factor out the initialization of hash table of properties
  qom/object: simplify type_initialize_interface()
  qom/object: pass (Object *) to object_initialize_with_type()
  qom/container: remove .instance_size initializer from container_info

Michael S. Tsirkin (1):
  checkpatch: reversed logic with acpi test checks

Pan Nengyuan (1):
  i386/kvm: fix a use-after

[PULL 098/116] i386: hvf: Move mmio_buf into CPUX86State

[Paolo Bonzini]

From: Roman Bolshakov 

There's no similar field in CPUX86State, but it's needed for MMIO traps.

Signed-off-by: Roman Bolshakov 
Message-Id: <20200528193758.51454-13-r.bolsha...@yadro.com>
Signed-off-by: Paolo Bonzini 
---
 target/i386/cpu.h |  1 +
 target/i386/hvf/hvf.c |  5 +
 target/i386/hvf/x86.h |  1 -
 target/i386/hvf/x86_emu.c | 12 ++--
 4 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index f742ba933f..25a2f4c0c3 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1603,6 +1603,7 @@ typedef struct CPUX86State {
 #endif
 #if defined(CONFIG_HVF)
 HVFX86LazyFlags hvf_lflags;
+void *hvf_mmio_buf;
 HVFX86EmulatorState *hvf_emul;
 #endif
 
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 4cee496d71..57696c46c7 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -533,7 +533,11 @@ void hvf_reset_vcpu(CPUState *cpu) {
 
 void hvf_vcpu_destroy(CPUState *cpu)
 {
+X86CPU *x86_cpu = X86_CPU(cpu);
+CPUX86State *env = &x86_cpu->env;
+
 hv_return_t ret = hv_vcpu_destroy((hv_vcpuid_t)cpu->hvf_fd);
+g_free(env->hvf_mmio_buf);
 assert_hvf_ok(ret);
 }
 
@@ -563,6 +567,7 @@ int hvf_init_vcpu(CPUState *cpu)
 init_decoder();
 
 hvf_state->hvf_caps = g_new0(struct hvf_vcpu_caps, 1);
+env->hvf_mmio_buf = g_new(char, 4096);
 env->hvf_emul = g_new0(HVFX86EmulatorState, 1);
 
 r = hv_vcpu_create((hv_vcpuid_t *)&cpu->hvf_fd, HV_VCPU_DEFAULT);
diff --git a/target/i386/hvf/x86.h b/target/i386/hvf/x86.h
index 2363616c07..483fcea762 100644
--- a/target/i386/hvf/x86.h
+++ b/target/i386/hvf/x86.h
@@ -230,7 +230,6 @@ typedef struct x68_segment_selector {
 
 /* Definition of hvf_x86_state is here */
 struct HVFX86EmulatorState {
-uint8_t mmio_buf[4096];
 };
 
 /* useful register access  macros */
diff --git a/target/i386/hvf/x86_emu.c b/target/i386/hvf/x86_emu.c
index 1ad2c30e16..d3e289ed87 100644
--- a/target/i386/hvf/x86_emu.c
+++ b/target/i386/hvf/x86_emu.c
@@ -187,8 +187,8 @@ void write_val_ext(struct CPUX86State *env, target_ulong 
ptr, target_ulong val,
 
 uint8_t *read_mmio(struct CPUX86State *env, target_ulong ptr, int bytes)
 {
-vmx_read_mem(env_cpu(env), env->hvf_emul->mmio_buf, ptr, bytes);
-return env->hvf_emul->mmio_buf;
+vmx_read_mem(env_cpu(env), env->hvf_mmio_buf, ptr, bytes);
+return env->hvf_mmio_buf;
 }
 
 
@@ -489,9 +489,9 @@ static void exec_ins_single(struct CPUX86State *env, struct 
x86_decode *decode)
 target_ulong addr = linear_addr_size(env_cpu(env), RDI(env),
  decode->addressing_size, R_ES);
 
-hvf_handle_io(env_cpu(env), DX(env), env->hvf_emul->mmio_buf, 0,
+hvf_handle_io(env_cpu(env), DX(env), env->hvf_mmio_buf, 0,
   decode->operand_size, 1);
-vmx_write_mem(env_cpu(env), addr, env->hvf_emul->mmio_buf,
+vmx_write_mem(env_cpu(env), addr, env->hvf_mmio_buf,
   decode->operand_size);
 
 string_increment_reg(env, R_EDI, decode);
@@ -512,9 +512,9 @@ static void exec_outs_single(struct CPUX86State *env, 
struct x86_decode *decode)
 {
 target_ulong addr = decode_linear_addr(env, decode, RSI(env), R_DS);
 
-vmx_read_mem(env_cpu(env), env->hvf_emul->mmio_buf, addr,
+vmx_read_mem(env_cpu(env), env->hvf_mmio_buf, addr,
  decode->operand_size);
-hvf_handle_io(env_cpu(env), DX(env), env->hvf_emul->mmio_buf, 1,
+hvf_handle_io(env_cpu(env), DX(env), env->hvf_mmio_buf, 1,
   decode->operand_size, 1);
 
 string_increment_reg(env, R_ESI, decode);
-- 
2.26.2

[PULL 097/116] i386: hvf: Move lazy_flags into CPUX86State

[Paolo Bonzini]

From: Roman Bolshakov 

The lazy flags are still needed for instruction decoder.

Signed-off-by: Roman Bolshakov 
Message-Id: <20200528193758.51454-12-r.bolsha...@yadro.com>
[Move struct to target/i386/cpu.h - Paolo]
Signed-off-by: Paolo Bonzini 
---
 target/i386/cpu.h   |  6 
 target/i386/hvf/x86.h   |  6 
 target/i386/hvf/x86_flags.c | 57 ++---
 3 files changed, 34 insertions(+), 35 deletions(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index c2b8bdcbde..f742ba933f 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1366,6 +1366,11 @@ typedef struct CPUCaches {
 CPUCacheInfo *l3_cache;
 } CPUCaches;
 
+typedef struct HVFX86LazyFlags {
+target_ulong result;
+target_ulong auxbits;
+} HVFX86LazyFlags;
+
 typedef struct CPUX86State {
 /* standard registers */
 target_ulong regs[CPU_NB_REGS];
@@ -1597,6 +1602,7 @@ typedef struct CPUX86State {
 struct kvm_nested_state *nested_state;
 #endif
 #if defined(CONFIG_HVF)
+HVFX86LazyFlags hvf_lflags;
 HVFX86EmulatorState *hvf_emul;
 #endif
 
diff --git a/target/i386/hvf/x86.h b/target/i386/hvf/x86.h
index 6048b5cc74..2363616c07 100644
--- a/target/i386/hvf/x86.h
+++ b/target/i386/hvf/x86.h
@@ -228,14 +228,8 @@ typedef struct x68_segment_selector {
 };
 } __attribute__ ((__packed__)) x68_segment_selector;
 
-typedef struct lazy_flags {
-target_ulong result;
-target_ulong auxbits;
-} lazy_flags;
-
 /* Definition of hvf_x86_state is here */
 struct HVFX86EmulatorState {
-struct lazy_flags   lflags;
 uint8_t mmio_buf[4096];
 };
 
diff --git a/target/i386/hvf/x86_flags.c b/target/i386/hvf/x86_flags.c
index 1152cd7234..5ca4f41f5c 100644
--- a/target/i386/hvf/x86_flags.c
+++ b/target/i386/hvf/x86_flags.c
@@ -63,7 +63,7 @@
 #define SET_FLAGS_OSZAPC_SIZE(size, lf_carries, lf_result) { \
 target_ulong temp = ((lf_carries) & (LF_MASK_AF)) | \
 (((lf_carries) >> (size - 2)) << LF_BIT_PO); \
-env->hvf_emul->lflags.result = (target_ulong)(int##size##_t)(lf_result); \
+env->hvf_lflags.result = (target_ulong)(int##size##_t)(lf_result); \
 if ((size) == 32) { \
 temp = ((lf_carries) & ~(LF_MASK_PDB | LF_MASK_SD)); \
 } else if ((size) == 16) { \
@@ -73,7 +73,7 @@
 } else { \
 VM_PANIC("unimplemented");  \
 } \
-env->hvf_emul->lflags.auxbits = (target_ulong)(uint32_t)temp; \
+env->hvf_lflags.auxbits = (target_ulong)(uint32_t)temp; \
 }
 
 /* carries, result */
@@ -100,10 +100,10 @@
 } else { \
 VM_PANIC("unimplemented");  \
 } \
-env->hvf_emul->lflags.result = (target_ulong)(int##size##_t)(lf_result); \
-target_ulong delta_c = (env->hvf_emul->lflags.auxbits ^ temp) & 
LF_MASK_CF; \
+env->hvf_lflags.result = (target_ulong)(int##size##_t)(lf_result); \
+target_ulong delta_c = (env->hvf_lflags.auxbits ^ temp) & LF_MASK_CF; \
 delta_c ^= (delta_c >> 1); \
-env->hvf_emul->lflags.auxbits = (target_ulong)(uint32_t)(temp ^ delta_c); \
+env->hvf_lflags.auxbits = (target_ulong)(uint32_t)(temp ^ delta_c); \
 }
 
 /* carries, result */
@@ -117,9 +117,8 @@
 void SET_FLAGS_OC(CPUX86State *env, uint32_t new_of, uint32_t new_cf)
 {
 uint32_t temp_po = new_of ^ new_cf;
-env->hvf_emul->lflags.auxbits &= ~(LF_MASK_PO | LF_MASK_CF);
-env->hvf_emul->lflags.auxbits |= (temp_po << LF_BIT_PO) |
- (new_cf << LF_BIT_CF);
+env->hvf_lflags.auxbits &= ~(LF_MASK_PO | LF_MASK_CF);
+env->hvf_lflags.auxbits |= (temp_po << LF_BIT_PO) | (new_cf << LF_BIT_CF);
 }
 
 void SET_FLAGS_OSZAPC_SUB32(CPUX86State *env, uint32_t v1, uint32_t v2,
@@ -215,27 +214,27 @@ void SET_FLAGS_OSZAPC_LOGIC8(CPUX86State *env, uint8_t 
v1, uint8_t v2,
 
 bool get_PF(CPUX86State *env)
 {
-uint32_t temp = (255 & env->hvf_emul->lflags.result);
-temp = temp ^ (255 & (env->hvf_emul->lflags.auxbits >> LF_BIT_PDB));
+uint32_t temp = (255 & env->hvf_lflags.result);
+temp = temp ^ (255 & (env->hvf_lflags.auxbits >> LF_BIT_PDB));
 temp = (temp ^ (temp >> 4)) & 0x0F;
 return (0x9669U >> temp) & 1;
 }
 
 void set_PF(CPUX86State *env, bool val)
 {
-uint32_t temp = (255 & env->hvf_emul->lflags.result) ^ (!val);
-env->hvf_emul->lflags.auxbits &= ~(LF_MASK_PDB);
-env->hvf_emul->lflags.auxbits |= (temp << LF_BIT_PDB);
+uint32_t temp = (255 & env->hvf_lflags.result) ^ (!val);
+env->hvf_lflags.auxbits &= ~(LF_MASK_PDB);
+env->hvf_lflags.auxbits |= (temp << LF_BIT_PDB);
 }
 
 bool get_OF(CPUX86State *env)
 {
-return ((env->hvf_emul->lflags.auxbits + (1U << LF_BIT_PO)) >> LF_BIT_CF) 
& 1;
+return ((env->hvf_lflags.auxbits + (1U << LF_BIT_PO)) >> LF_BIT_CF) & 1;
 }
 
 bool get_CF(CPUX86State *env)
 {
-return (env->hvf_emul->lflags.auxbits >> LF_BIT_CF) & 1;
+return (env->hvf_lflags.auxbits >> LF_BIT_CF) & 1;
 }
 
 void set_OF(CPUX86State *env, bool val)
@@ -252,45 +251,45 @@ void set_CF(CPUX86State *env, bool val)
 
 

[PULL 088/116] i386: hvf: Drop useless declarations in sysemu

[Paolo Bonzini]

From: Roman Bolshakov 

They're either declared elsewhere or have no use.

While at it, rename _hvf_cpu_synchronize_post_init() to
do_hvf_cpu_synchronize_post_init().

Signed-off-by: Roman Bolshakov 
Message-Id: <20200528193758.51454-3-r.bolsha...@yadro.com>
Signed-off-by: Paolo Bonzini 
Reviewed-by: Philippe Mathieu-Daudé 
---
 include/sysemu/hvf.h  | 22 --
 target/i386/hvf/hvf.c |  7 ---
 2 files changed, 4 insertions(+), 25 deletions(-)

diff --git a/include/sysemu/hvf.h b/include/sysemu/hvf.h
index 644bdfc722..2af32e505e 100644
--- a/include/sysemu/hvf.h
+++ b/include/sysemu/hvf.h
@@ -30,35 +30,13 @@ extern bool hvf_allowed;
 #define hvf_get_supported_cpuid(func, idx, reg) 0
 #endif /* !CONFIG_HVF */
 
-/* Disable HVF if |disable| is 1, otherwise, enable it iff it is supported by
- * the host CPU. Use hvf_enabled() after this to get the result. */
-void hvf_disable(int disable);
-
-/* Returns non-0 if the host CPU supports the VMX "unrestricted guest" feature
- * which allows the virtual CPU to directly run in "real mode". If true, this
- * allows QEMU to run several vCPU threads in parallel (see cpus.c). Otherwise,
- * only a a single TCG thread can run, and it will call HVF to run the current
- * instructions, except in case of "real mode" (paging disabled, typically at
- * boot time), or MMIO operations. */
-
-int hvf_sync_vcpus(void);
-
 int hvf_init_vcpu(CPUState *);
 int hvf_vcpu_exec(CPUState *);
-int hvf_smp_cpu_exec(CPUState *);
 void hvf_cpu_synchronize_state(CPUState *);
 void hvf_cpu_synchronize_post_reset(CPUState *);
 void hvf_cpu_synchronize_post_init(CPUState *);
-void _hvf_cpu_synchronize_post_init(CPUState *, run_on_cpu_data);
-
 void hvf_vcpu_destroy(CPUState *);
-void hvf_raise_event(CPUState *);
-/* void hvf_reset_vcpu_state(void *opaque); */
 void hvf_reset_vcpu(CPUState *);
-void vmx_update_tpr(CPUState *);
-void update_apic_tpr(CPUState *);
-int hvf_put_registers(CPUState *);
-void vmx_clear_int_window_exiting(CPUState *cpu);
 
 #define TYPE_HVF_ACCEL ACCEL_CLASS_NAME("hvf")
 
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index d72543dc31..9ccdb7e7c7 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -251,7 +251,7 @@ void vmx_update_tpr(CPUState *cpu)
 }
 }
 
-void update_apic_tpr(CPUState *cpu)
+static void update_apic_tpr(CPUState *cpu)
 {
 X86CPU *x86_cpu = X86_CPU(cpu);
 int tpr = rreg(cpu->hvf_fd, HV_X86_TPR) >> 4;
@@ -312,7 +312,8 @@ void hvf_cpu_synchronize_post_reset(CPUState *cpu_state)
 run_on_cpu(cpu_state, do_hvf_cpu_synchronize_post_reset, RUN_ON_CPU_NULL);
 }
 
-void _hvf_cpu_synchronize_post_init(CPUState *cpu, run_on_cpu_data arg)
+static void do_hvf_cpu_synchronize_post_init(CPUState *cpu,
+ run_on_cpu_data arg)
 {
 CPUState *cpu_state = cpu;
 hvf_put_registers(cpu_state);
@@ -321,7 +322,7 @@ void _hvf_cpu_synchronize_post_init(CPUState *cpu, 
run_on_cpu_data arg)
 
 void hvf_cpu_synchronize_post_init(CPUState *cpu_state)
 {
-run_on_cpu(cpu_state, _hvf_cpu_synchronize_post_init, RUN_ON_CPU_NULL);
+run_on_cpu(cpu_state, do_hvf_cpu_synchronize_post_init, RUN_ON_CPU_NULL);
 }
 
 static bool ept_emulation_fault(hvf_slot *slot, uint64_t gpa, uint64_t 
ept_qual)
-- 
2.26.2

Re: [PATCH v8 0/4] vhost-user block device backend implementation

[Coiby Xu]

On Thu, Jun 11, 2020 at 04:27:44PM +0100, Stefan Hajnoczi wrote:

On Fri, Jun 05, 2020 at 07:35:34AM +0800, Coiby Xu wrote:

v8
 - re-try connecting to socket server to fix asan error
 - fix license naming issue


Great, thanks for posting these patches!

I have posted feedback. I'd like to merge this soon. If you are busy I
can send you patches that address the comments I've made, please let me
know.


Thank you for reviewing my work! I'll post v9 to address all the comments this
weekend, does you think it's soon enough?

Best regards,
Coiby

Re: [PULL v2 00/58] virtio, acpi, pci: features, fixes, cleanups, tests

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200612141917.9446-1-...@redhat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20200612141917.9446-1-...@redhat.com
Subject: [PULL v2 00/58] virtio,acpi,pci: features, fixes, cleanups, tests
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
46dd9b7 virtio-pci: fix queue_enable write
d9d64b5 pci: Display PCI IRQ pin in "info pci"
d784b45 acpi: ged: rename event memory region
31f9185 acpi: fadt: add hw-reduced sleep register support
7ea0b6d acpi: madt: skip pci override on pci-less systems.
c105d68 acpi: create acpi-common.c and move madt code
e5065df acpi: make build_madt() more generic.
984d983 virtio: add vhost-user-vsock-pci device
9da4528 virtio: add vhost-user-vsock base device
65280b9 vhost-vsock: add vhost-vsock-common abstraction
938682f hw/pci: Fix crash when running QEMU with "-nic model=rocker"
dc89e8a libvhost-user: advertise vring features
91ccf2f Lift max ram slots limit in libvhost-user
2d95eb8 Support individual region unmap in libvhost-user
5965847 Support adding individual regions in libvhost-user
4cbf181 Support ram slot configuration in libvhost-user
df71a7d Refactor out libvhost-user fault generation logic
c26fd6d Lift max memory slots limit imposed by vhost-user
2c027ae Transmit vhost-user memory regions individually
31f458e Add VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS
a498834 Add vhost-user helper to get MemoryRegion data
0b879bd Add helper to populate vhost-user message regions
aeb2dd3 vhost-user-blk: delay vhost_user_blk_disconnect
2764cfd char-socket: return -1 in case of disconnect during tcp_chr_write
8094f71 hw/pci-host: Use the IEC binary prefix definitions
2182c70 hw/pci/pci_bridge: Use the IEC binary prefix definitions
c2a6ce2 hw/pci/pci_bridge: Correct pci_bridge_io memory region size
55e9447 hw/pci-host/prep: Correct RAVEN bus bridge memory region size
9b4b0a1 pci: assert configuration access is within bounds
f5161c8 hw/pci/pcie: Move hot plug capability check to pre_plug callback
61e916f MAINTAINERS: Fix the classification of bios-tables-test-allowed-diff.h
8c4d9bc virtio-balloon: Provide an interface for free page reporting
1f62891 virtio-balloon: Implement support for page poison reporting feature
a186c69 virtio-balloon: unref the iothread when unrealizing
f995a73 virtio-balloon: fix free page hinting check on unrealize
1ae2534 virtio-balloon: fix free page hinting without an iothread
23ca28d bios-tables-test: Generate reference tables for Q35/TPM-TIS
681761b bios-tables-test: Add Q35/TPM-TIS test
55dc15d tests: tpm-emu: Remove assert on TPM2_ST_NO_SESSIONS
d156ed4 tests/acpi: Add void tables for Q35/TPM-TIS bios-tables-test
1f7f0ed test/tpm-emu: include sockets and channel headers in tpm-emu header
1d4ccd1 arm/acpi: TPM2 ACPI table support
05d06ef acpi: Move build_tpm2() in the generic part
b3d7639 acpi: Convert build_tpm2() to build_append* API
c83165b acpi: tpm: Do not build TCPA table for TPM 2
d5513c9 tests/acpi: update DSDT expected files
fd8fce1 acpi: move aml builder code for parallel device
ef1eb92 acpi: parallel: don't use _STA method
7dd4ccf acpi: move aml builder code for serial device
bae880e acpi: serial: don't use _STA method
97466cf acpi: rtc: use a single crs range
74ad15b acpi: move aml builder code for rtc device
7168264 qtest: allow DSDT acpi table changes
f0b0e85 tests/acpi: update expected SRAT files
cc03da0 hw/acpi/nvdimm: add a helper to augment SRAT generation
c864987 diffs-allowed: add the SRAT AML to diffs-allowed
2029ad3 msix: allow qword MSI-X table accesses

=== OUTPUT BEGIN ===
1/57 Checking commit 2029ad30a9a4 (msix: allow qword MSI-X table accesses)
2/57 Checking commit c8649877f7aa (diffs-allowed: add the SRAT AML to 
diffs-allowed)
3/57 Checking commit cc03da0d8b45 (hw/acpi/nvdimm: add a helper to augment SRAT 
generation)
4/57 Checking commit f0b0e85de3ba (tests/acpi: update expected SRAT files)
ERROR: Do not add expected files together with tests, follow instructions in 
tests/qtest/bios-tables-test.c: both tests/data/acpi/virt/SRAT.memhp and 
tests/qtest/bios-tables-test-allowed-diff.h found

ERROR: Do not add expected files together with tests, follow instructions in 
tests/qtest/bios-tables-test.c: both tests/data/acpi/virt/SRAT.memhp and 
tests/qtest/bios-tables-test-allowed-diff.h found

total: 2 errors, 0 warnings, 1 lines checked

Patch 4/57 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/57 Checking commit 7168264e4915 (qtest: allow DSDT acpi table changes)
6/57 Checking commit 74ad15b54d99 (acpi: move aml builder cod

Re: [RFC PATCH 2/5] hw/misc/led: Add LED_STATUS_CHANGED QAPI event

[Philippe Mathieu-Daudé]

Hi Eric,

On 6/9/20 4:29 PM, Eric Blake wrote:
> On 6/9/20 7:34 AM, Philippe Mathieu-Daudé wrote:
>> Allow LED devices to emit STATUS_CHANGED events on a QMP chardev.
>>
>> QMP event examples:
>>
>> {
>>  "timestamp": {
>>  "seconds": 1591704274,
>>  "microseconds": 520850
>>  },
>>  "event": "LED_STATUS_CHANGED",
>>  "data": {
>>  "name": "Green LED #0",
>>  "status": "on"
>>  }
>> }
>> {
>>  "timestamp": {
>>  "seconds": 1591704275,
>>  "microseconds": 530912
>>  },
>>  "event": "LED_STATUS_CHANGED",
>>  "data": {
>>  "name": "Green LED #0",
>>  "status": "off"
>>  }
>> }
>>
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
> 
> The QAPI addition looks reasonable, however,
> 
>> +++ b/hw/misc/led.c
>> @@ -7,6 +7,7 @@
>>    */
>>   #include "qemu/osdep.h"
>>   #include "qapi/error.h"
>> +#include "qapi/qapi-events-led.h"
>>   #include "hw/qdev-properties.h"
>>   #include "hw/misc/led.h"
>>   #include "hw/irq.h"
>> @@ -19,6 +20,9 @@ static void led_set(void *opaque, int line, int
>> new_state)
>>     trace_led_set(s->name, s->current_state, new_state);
>>   +    /* FIXME QMP rate limite? */
> 
> s/limite/limit/
> 
> Yes, this is under guest control, so you MUST rate limit to avoid the
> guest being able to DoS qemu by changing the LED so frequently as to
> overwhelm the QMP connection with events.

Commits f544d174dfc and 7f1e7b23d5 refers to the qmp-events.txt
for documentation on rate-limiting QMP events, but I can't find
it in the codebase. Two files matches 'qmp-events' but don't have
documentation: qapi/qmp-event.c and include/qapi/qmp-event.h.

Last trace of it is in commit 231aaf3a8217. Apparently it was
somehow split qapi/event.json, then later c09656f1d392 move it
to qapi-schema.json, finally eb815e248f50 moved it to qapi/.

Is the referred documentation now in docs/devel/qapi-code-gen.txt?
There is only one occurence of 'limit' but it is unrelated to
rate-limit.

Thanks,

Phil.

Re: [PATCH] hw/nios2: Update interrupt request when CR_STATUS_PIE disabled

[Philippe Mathieu-Daudé]

Hi,

On 6/12/20 3:43 PM, Wu, Wentong wrote:
> Hi,
> Can any body help review this patch ? Thanks in advance!

You just sent this patch yesterday... Please give reviewers more time.

See:
https://wiki.qemu.org/Contribute/SubmitAPatch#Participating_in_Code_Review
In particular:
https://wiki.qemu.org/Contribute/SubmitAPatch#If_your_patch_seems_to_have_been_ignored

> 
> BR
> 
> -Original Message-
> From: Wu, Wentong  
> Sent: Thursday, June 11, 2020 4:13 PM
> To: qemu-devel@nongnu.org
> Cc: qemu-triv...@nongnu.org; crwu...@gmail.com; ma...@denx.de; 
> th...@redhat.com; Wu, Wentong 
> Subject: [PATCH] hw/nios2: Update interrupt request when CR_STATUS_PIE 
> disabled
> 
> Update interrupt request when external interupt pends for STATUS_PIE 
> disabled. Otherwise on icount enabled nios2 target there will be cpu abort 
> when guest code changes state register with wrctl instruction.

It'd help if you provide more information, what code where you testing,
how you ran QEMU, enough for reviewers to reproduce the issue you had
and test if your patch indeed resolves the issue you described.

Regards,

Phil.

> 
> Signed-off-by: Wentong Wu 
> ---
>  hw/nios2/cpu_pic.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/hw/nios2/cpu_pic.c b/hw/nios2/cpu_pic.c index 1c1989d5..2abc8fa8 
> 100644
> --- a/hw/nios2/cpu_pic.c
> +++ b/hw/nios2/cpu_pic.c
> @@ -42,6 +42,8 @@ static void nios2_pic_cpu_handler(void *opaque, int irq, 
> int level)
>  } else if (!level) {
>  env->irq_pending = 0;
>  cpu_reset_interrupt(cs, type);
> +} else {
> +cs->interrupt_request |= type;
>  }
>  } else {
>  if (level) {
> --
> 2.21.3
> 
> 

[Bug 1882851] Re: QEMU video freezes with "Guest disabled display" (virtio driver)

[Diego Viola]

Sway log after the crash.

** Attachment added: "swaylog.txt"
   
https://bugs.launchpad.net/qemu/+bug/1882851/+attachment/5383276/+files/swaylog.txt

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1882851

Title:
  QEMU video freezes with "Guest disabled display" (virtio driver)

Status in QEMU:
  New

Bug description:
  I am using Arch Linux as my Guest and Host OS, after starting qemu
  with the following command:

$ qemu-system-x86_64 -enable-kvm -hda arch-zoom.qcow2 -m 4G -vga
  virtio

  and waiting for a screen blank, I get this message:

Guest disabled display

  And nothing happens after that, I can move the mouse or hit any key,
  and the message is still there.

  I can still reboot the VM but that's not optimal.

  I can reproduce this with the latest QEMU release (5.0.0) or git master, 
  I also tried this with older releases (4.0.0, 3.0.0) and the issue is still 
there.

  I can't reproduce this with other video drivers (std, qxl).

  With std/qxl the screen will blank a bit and then continue as normal.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1882851/+subscriptions

Re: [PULL 000/115] Huge miscellaneous pull request for 2020-06-11

[Paolo Bonzini]

On 12/06/20 16:53, Roman Bolshakov wrote:
> It seems rebase is not needed. The queue doesn't include the patch:
> https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg08076.html

Thanks, it had a conflict with

commit f291cf54148e5b9e51c55b9056e4be546492a9ca
Author: Philippe Mathieu-Daudé 
Date:   Tue May 26 19:24:23 2020 +0200

sysemu/hvf: Only declare hvf_allowed when HVF is available

When HVF is not available, the hvf_allowed variable does not exist.

Reviewed-by: Edgar E. Iglesias 
Reviewed-by: Cornelia Huck 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Roman Bolshakov 
Message-Id: <20200526172427.17460-4-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 

but I've fixed it up now.  (It wasn't clear from the commit message that
this patch could not simply be dropped.  Unfortunately I didn't have an
OS X installation to test it).

Paolo

Re: [PATCH v3 1/2] PCI: vmd: Filter resource type bits from shadow register

[Derrick, Jonathan]

On Fri, 2020-06-12 at 14:54 +0100, Lorenzo Pieralisi wrote:
> On Thu, Jun 11, 2020 at 09:16:48PM +, Derrick, Jonathan wrote:
> 
> [...]
> 
> > > > > Hi Jon,
> > > > > 
> > > > > it looks like I can take this patch for v5.8 whereas patch 2 depends
> > > > > on the QEMU changes acceptance and should probably wait.
> > > > > 
> > > > > Please let me know your thoughts asap and I will try to at least
> > > > > squeeze this patch in.
> > > > > 
> > > > > Lorenzo
> > > > 
> > > > Hi Lorenzo,
> > > > 
> > > > This is fine. Please take Patch 1.
> > > > Patch 2 is harmless without the QEMU changes, but may always need a
> > > > different approach.
> > > 
> > > Pulled patch 1 into pci/vmd, thanks.
> > > 
> > > Lorenzo
> > 
> > Hi Lorenzo,
> > 
> > Alex has pr-ed the QEMU patch [1]
> > Is it too late to pull patch 2/2 for v5.8?
> 
> I think it is - I don't know if Bjorn planned a second PR for this
> merge window, if not it is v5.9 material I am afraid.
> 
> Thanks,
> Lorenzo
> 
> > [1] 
> > https://github.com/awilliam/qemu-vfio/releases/tag/vfio-update-20200611.0

No problem
Jon

[Bug 1882851] Re: QEMU video freezes with "Guest disabled display" (virtio driver)

[Diego Viola]

Gerd, thanks. I can confirm your patch fixes the problem with X, but
Wayland (sway) is still affected.

I tested X and wayland, and while the "Guest disabled display" no longer
hangs on X, it still does hangs under wayland.

Should I bisect again?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1882851

Title:
  QEMU video freezes with "Guest disabled display" (virtio driver)

Status in QEMU:
  New

Bug description:
  I am using Arch Linux as my Guest and Host OS, after starting qemu
  with the following command:

$ qemu-system-x86_64 -enable-kvm -hda arch-zoom.qcow2 -m 4G -vga
  virtio

  and waiting for a screen blank, I get this message:

Guest disabled display

  And nothing happens after that, I can move the mouse or hit any key,
  and the message is still there.

  I can still reboot the VM but that's not optimal.

  I can reproduce this with the latest QEMU release (5.0.0) or git master, 
  I also tried this with older releases (4.0.0, 3.0.0) and the issue is still 
there.

  I can't reproduce this with other video drivers (std, qxl).

  With std/qxl the screen will blank a bit and then continue as normal.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1882851/+subscriptions

[PULL v2 48/58] vhost-vsock: add vhost-vsock-common abstraction

[Michael S. Tsirkin]

From: Stefano Garzarella 

This patch prepares the introduction of vhost-user-vsock, moving
the common code usable for both vhost-vsock and vhost-user-vsock
devices, in the new vhost-vsock-common parent class.

While moving the code, fixed checkpatch warnings about block comments.

Signed-off-by: Stefano Garzarella 
Message-Id: <20200522122512.87413-2-sgarz...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/vhost-vsock-common.h |  47 
 include/hw/virtio/vhost-vsock.h|  11 +-
 hw/virtio/vhost-vsock-common.c | 258 ++
 hw/virtio/vhost-vsock.c| 283 -
 hw/virtio/Makefile.objs|   2 +-
 5 files changed, 350 insertions(+), 251 deletions(-)
 create mode 100644 include/hw/virtio/vhost-vsock-common.h
 create mode 100644 hw/virtio/vhost-vsock-common.c

diff --git a/include/hw/virtio/vhost-vsock-common.h 
b/include/hw/virtio/vhost-vsock-common.h
new file mode 100644
index 00..f8b4aaae00
--- /dev/null
+++ b/include/hw/virtio/vhost-vsock-common.h
@@ -0,0 +1,47 @@
+/*
+ * Parent class for vhost-vsock devices
+ *
+ * Copyright 2015-2020 Red Hat, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.  See the COPYING file in the
+ * top-level directory.
+ */
+
+#ifndef _QEMU_VHOST_VSOCK_COMMON_H
+#define _QEMU_VHOST_VSOCK_COMMON_H
+
+#include "hw/virtio/virtio.h"
+#include "hw/virtio/vhost.h"
+
+#define TYPE_VHOST_VSOCK_COMMON "vhost-vsock-common"
+#define VHOST_VSOCK_COMMON(obj) \
+OBJECT_CHECK(VHostVSockCommon, (obj), TYPE_VHOST_VSOCK_COMMON)
+
+enum {
+VHOST_VSOCK_SAVEVM_VERSION = 0,
+
+VHOST_VSOCK_QUEUE_SIZE = 128,
+};
+
+typedef struct {
+VirtIODevice parent;
+
+struct vhost_virtqueue vhost_vqs[2];
+struct vhost_dev vhost_dev;
+
+VirtQueue *event_vq;
+VirtQueue *recv_vq;
+VirtQueue *trans_vq;
+
+QEMUTimer *post_load_timer;
+} VHostVSockCommon;
+
+int vhost_vsock_common_start(VirtIODevice *vdev);
+void vhost_vsock_common_stop(VirtIODevice *vdev);
+int vhost_vsock_common_pre_save(void *opaque);
+int vhost_vsock_common_post_load(void *opaque, int version_id);
+void vhost_vsock_common_realize(VirtIODevice *vdev, const char *name);
+void vhost_vsock_common_unrealize(VirtIODevice *vdev);
+
+#endif /* _QEMU_VHOST_VSOCK_COMMON_H */
diff --git a/include/hw/virtio/vhost-vsock.h b/include/hw/virtio/vhost-vsock.h
index bc5a988ee5..8cbb7b90f9 100644
--- a/include/hw/virtio/vhost-vsock.h
+++ b/include/hw/virtio/vhost-vsock.h
@@ -14,8 +14,7 @@
 #ifndef QEMU_VHOST_VSOCK_H
 #define QEMU_VHOST_VSOCK_H
 
-#include "hw/virtio/virtio.h"
-#include "hw/virtio/vhost.h"
+#include "hw/virtio/vhost-vsock-common.h"
 
 #define TYPE_VHOST_VSOCK "vhost-vsock-device"
 #define VHOST_VSOCK(obj) \
@@ -28,14 +27,8 @@ typedef struct {
 
 typedef struct {
 /*< private >*/
-VirtIODevice parent;
+VHostVSockCommon parent;
 VHostVSockConf conf;
-struct vhost_virtqueue vhost_vqs[2];
-struct vhost_dev vhost_dev;
-VirtQueue *event_vq;
-VirtQueue *recv_vq;
-VirtQueue *trans_vq;
-QEMUTimer *post_load_timer;
 
 /*< public >*/
 } VHostVSock;
diff --git a/hw/virtio/vhost-vsock-common.c b/hw/virtio/vhost-vsock-common.c
new file mode 100644
index 00..5b2ebf3496
--- /dev/null
+++ b/hw/virtio/vhost-vsock-common.c
@@ -0,0 +1,258 @@
+/*
+ * Parent class for vhost-vsock devices
+ *
+ * Copyright 2015-2020 Red Hat, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.  See the COPYING file in the
+ * top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "standard-headers/linux/virtio_vsock.h"
+#include "qapi/error.h"
+#include "hw/virtio/virtio-access.h"
+#include "qemu/error-report.h"
+#include "hw/qdev-properties.h"
+#include "hw/virtio/vhost-vsock.h"
+#include "qemu/iov.h"
+#include "monitor/monitor.h"
+
+int vhost_vsock_common_start(VirtIODevice *vdev)
+{
+VHostVSockCommon *vvc = VHOST_VSOCK_COMMON(vdev);
+BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
+VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+int ret;
+int i;
+
+if (!k->set_guest_notifiers) {
+error_report("binding does not support guest notifiers");
+return -ENOSYS;
+}
+
+ret = vhost_dev_enable_notifiers(&vvc->vhost_dev, vdev);
+if (ret < 0) {
+error_report("Error enabling host notifiers: %d", -ret);
+return ret;
+}
+
+ret = k->set_guest_notifiers(qbus->parent, vvc->vhost_dev.nvqs, true);
+if (ret < 0) {
+error_report("Error binding guest notifier: %d", -ret);
+goto err_host_notifiers;
+}
+
+vvc->vhost_dev.acked_features = vdev->guest_features;
+ret = vhost_dev_start(&vvc->vhost_dev, vdev);
+if (ret < 0) {
+error_report("Error starting vhost: %d", -ret);
+goto err_guest_notifiers;
+}
+

[PULL v2 30/58] hw/pci-host/prep: Correct RAVEN bus bridge memory region size

[Michael S. Tsirkin]

From: Philippe Mathieu-Daudé 

memory_region_set_size() handle the 16 Exabytes limit by
special-casing the UINT64_MAX value. This is not a problem
for the 32-bit maximum, 4 GiB.
By using the UINT32_MAX value, the bm-raven MemoryRegion
ends up missing 1 byte:

  $ qemu-system-ppc -M prep -S -monitor stdio -usb
  memory-region: bm-raven
-fffe (prio 0, i/o): bm-raven
  -3eff (prio 0, i/o): alias bm-pci-memory 
@pci-memory -3eff
  8000- (prio 0, i/o): alias bm-system @system 
-7fff

Fix by using the correct value. We now have:

  memory-region: bm-raven
- (prio 0, i/o): bm-raven
  -3eff (prio 0, i/o): alias bm-pci-memory 
@pci-memory -3eff
  8000- (prio 0, i/o): alias bm-system @system 
-7fff

Reviewed-by: Peter Maydell 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20200601142930.29408-3-f4...@amsat.org>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Richard Henderson 
---
 hw/pci-host/prep.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/pci-host/prep.c b/hw/pci-host/prep.c
index 1a02e9a670..88e2fc66a9 100644
--- a/hw/pci-host/prep.c
+++ b/hw/pci-host/prep.c
@@ -294,7 +294,7 @@ static void raven_pcihost_initfn(Object *obj)
  &s->pci_memory, &s->pci_io, 0, TYPE_PCI_BUS);
 
 /* Bus master address space */
-memory_region_init(&s->bm, obj, "bm-raven", UINT32_MAX);
+memory_region_init(&s->bm, obj, "bm-raven", 4 * GiB);
 memory_region_init_alias(&s->bm_pci_memory_alias, obj, "bm-pci-memory",
  &s->pci_memory, 0,
  memory_region_size(&s->pci_memory));
-- 
MST

[PULL v2 50/58] virtio: add vhost-user-vsock-pci device

[Michael S. Tsirkin]

From: Stefano Garzarella 

Add the PCI version of vhost-user-vsock

Launch QEMU like this:

  qemu -chardev socket,path=/tmp/vm.vsock,id=chr0 \
   -device vhost-user-vsock-pci,chardev=chr0

Signed-off-by: Stefano Garzarella 
Message-Id: <20200522122512.87413-4-sgarz...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/vhost-user-vsock-pci.c | 84 
 hw/virtio/Makefile.objs  |  1 +
 2 files changed, 85 insertions(+)
 create mode 100644 hw/virtio/vhost-user-vsock-pci.c

diff --git a/hw/virtio/vhost-user-vsock-pci.c b/hw/virtio/vhost-user-vsock-pci.c
new file mode 100644
index 00..0a6847e6fc
--- /dev/null
+++ b/hw/virtio/vhost-user-vsock-pci.c
@@ -0,0 +1,84 @@
+/*
+ * Vhost-user vsock PCI Bindings
+ *
+ * Copyright 2020 Red Hat, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.  See the COPYING file in the
+ * top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include "virtio-pci.h"
+#include "hw/qdev-properties.h"
+#include "hw/virtio/vhost-user-vsock.h"
+
+typedef struct VHostUserVSockPCI VHostUserVSockPCI;
+
+/*
+ * vhost-user-vsock-pci: This extends VirtioPCIProxy.
+ */
+#define TYPE_VHOST_USER_VSOCK_PCI "vhost-user-vsock-pci-base"
+#define VHOST_USER_VSOCK_PCI(obj) \
+OBJECT_CHECK(VHostUserVSockPCI, (obj), TYPE_VHOST_USER_VSOCK_PCI)
+
+struct VHostUserVSockPCI {
+VirtIOPCIProxy parent_obj;
+VHostUserVSock vdev;
+};
+
+/* vhost-user-vsock-pci */
+
+static Property vhost_user_vsock_pci_properties[] = {
+DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 3),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static void vhost_user_vsock_pci_realize(VirtIOPCIProxy *vpci_dev, Error 
**errp)
+{
+VHostUserVSockPCI *dev = VHOST_USER_VSOCK_PCI(vpci_dev);
+DeviceState *vdev = DEVICE(&dev->vdev);
+
+qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
+object_property_set_bool(OBJECT(vdev), true, "realized", errp);
+}
+
+static void vhost_user_vsock_pci_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
+PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
+k->realize = vhost_user_vsock_pci_realize;
+set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+device_class_set_props(dc, vhost_user_vsock_pci_properties);
+pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_VSOCK;
+pcidev_k->revision = 0x00;
+pcidev_k->class_id = PCI_CLASS_COMMUNICATION_OTHER;
+}
+
+static void vhost_user_vsock_pci_instance_init(Object *obj)
+{
+VHostUserVSockPCI *dev = VHOST_USER_VSOCK_PCI(obj);
+
+virtio_instance_init_common(obj, &dev->vdev, sizeof(dev->vdev),
+TYPE_VHOST_USER_VSOCK);
+}
+
+static const VirtioPCIDeviceTypeInfo vhost_user_vsock_pci_info = {
+.base_name = TYPE_VHOST_USER_VSOCK_PCI,
+.generic_name  = "vhost-user-vsock-pci",
+.transitional_name = "vhost-user-vsock-pci-transitional",
+.non_transitional_name = "vhost-user-vsock-pci-non-transitional",
+.instance_size = sizeof(VHostUserVSockPCI),
+.instance_init = vhost_user_vsock_pci_instance_init,
+.class_init= vhost_user_vsock_pci_class_init,
+};
+
+static void virtio_pci_vhost_register(void)
+{
+virtio_pci_types_register(&vhost_user_vsock_pci_info);
+}
+
+type_init(virtio_pci_vhost_register)
diff --git a/hw/virtio/Makefile.objs b/hw/virtio/Makefile.objs
index dd42daedb1..13e75f171f 100644
--- a/hw/virtio/Makefile.objs
+++ b/hw/virtio/Makefile.objs
@@ -22,6 +22,7 @@ obj-$(CONFIG_VHOST_USER_VSOCK) += vhost-vsock-common.o 
vhost-user-vsock.o
 
 ifeq ($(CONFIG_VIRTIO_PCI),y)
 obj-$(CONFIG_VHOST_VSOCK) += vhost-vsock-pci.o
+obj-$(CONFIG_VHOST_USER_VSOCK) += vhost-user-vsock-pci.o
 obj-$(CONFIG_VHOST_USER_BLK) += vhost-user-blk-pci.o
 obj-$(CONFIG_VHOST_USER_INPUT) += vhost-user-input-pci.o
 obj-$(CONFIG_VHOST_USER_SCSI) += vhost-user-scsi-pci.o
-- 
MST

[PULL v2 32/58] hw/pci/pci_bridge: Use the IEC binary prefix definitions

[Michael S. Tsirkin]

From: Philippe Mathieu-Daudé 

IEC binary prefixes ease code review: the unit is explicit.

Reviewed-by: Peter Maydell 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20200601142930.29408-5-f4...@amsat.org>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Richard Henderson 
---
 hw/pci/pci_bridge.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
index 3ba3203f72..3789c17edc 100644
--- a/hw/pci/pci_bridge.c
+++ b/hw/pci/pci_bridge.c
@@ -423,14 +423,14 @@ int pci_bridge_qemu_reserve_cap_init(PCIDevice *dev, int 
cap_offset,
 }
 
 if (res_reserve.mem_non_pref != (uint64_t)-1 &&
-res_reserve.mem_non_pref >= (1ULL << 32)) {
+res_reserve.mem_non_pref >= 4 * GiB) {
 error_setg(errp,
"PCI resource reserve cap: mem-reserve must be less than 
4G");
 return -EINVAL;
 }
 
 if (res_reserve.mem_pref_32 != (uint64_t)-1 &&
-res_reserve.mem_pref_32 >= (1ULL << 32)) {
+res_reserve.mem_pref_32 >= 4 * GiB) {
 error_setg(errp,
"PCI resource reserve cap: pref32-reserve  must be less 
than 4G");
 return -EINVAL;
-- 
MST

[PULL v2 17/58] test/tpm-emu: include sockets and channel headers in tpm-emu header

[Michael S. Tsirkin]

From: Eric Auger 

Include sockets and channel headers to that the header is
self-contained.

Signed-off-by: Eric Auger 
Reviewed-by: Stefan Berger 
Message-Id: <20200609125409.24179-2-eric.au...@redhat.com>
---
 tests/qtest/tpm-emu.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/qtest/tpm-emu.h b/tests/qtest/tpm-emu.h
index a4f1d64226..73f3bed0c4 100644
--- a/tests/qtest/tpm-emu.h
+++ b/tests/qtest/tpm-emu.h
@@ -16,6 +16,9 @@
 #define TPM_RC_FAILURE 0x101
 #define TPM2_ST_NO_SESSIONS 0x8001
 
+#include "qemu/sockets.h"
+#include "io/channel.h"
+
 struct tpm_hdr {
 uint16_t tag;
 uint32_t len;
-- 
MST

[PULL v2 25/58] virtio-balloon: Implement support for page poison reporting feature

[Michael S. Tsirkin]

From: Alexander Duyck 

We need to make certain to advertise support for page poison reporting if
we want to actually get data on if the guest will be poisoning pages.

Add a value for reporting the poison value being used if page poisoning is
enabled in the guest. With this we can determine if we will need to skip
free page reporting when it is enabled in the future.

The value currently has no impact on existing balloon interfaces. In the
case of existing balloon interfaces the onus is on the guest driver to
reapply whatever poison is in place.

When we add free page reporting the poison value is used to determine if
we can perform in-place page reporting. The expectation is that a reported
page will already contain the value specified by the poison, and the
reporting of the page should not change that value.

Acked-by: David Hildenbrand 
Signed-off-by: Alexander Duyck 
Message-Id: <20200527041400.12700.33251.stgit@localhost.localdomain>
---
 include/hw/virtio/virtio-balloon.h |  1 +
 hw/core/machine.c  |  4 +++-
 hw/virtio/virtio-balloon.c | 29 +
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/include/hw/virtio/virtio-balloon.h 
b/include/hw/virtio/virtio-balloon.h
index d1c968d237..7fe78e5c14 100644
--- a/include/hw/virtio/virtio-balloon.h
+++ b/include/hw/virtio/virtio-balloon.h
@@ -70,6 +70,7 @@ typedef struct VirtIOBalloon {
 uint32_t host_features;
 
 bool qemu_4_0_config_size;
+uint32_t poison_val;
 } VirtIOBalloon;
 
 #endif
diff --git a/hw/core/machine.c b/hw/core/machine.c
index bb3a7b18b1..9eca7d8c9b 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -28,7 +28,9 @@
 #include "hw/mem/nvdimm.h"
 #include "migration/vmstate.h"
 
-GlobalProperty hw_compat_5_0[] = {};
+GlobalProperty hw_compat_5_0[] = {
+{ "virtio-balloon-device", "page-poison", "false" },
+};
 const size_t hw_compat_5_0_len = G_N_ELEMENTS(hw_compat_5_0);
 
 GlobalProperty hw_compat_4_2[] = {
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index cff8eab6a1..31d3c88482 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -634,6 +634,7 @@ static void virtio_balloon_get_config(VirtIODevice *vdev, 
uint8_t *config_data)
 
 config.num_pages = cpu_to_le32(dev->num_pages);
 config.actual = cpu_to_le32(dev->actual);
+config.poison_val = cpu_to_le32(dev->poison_val);
 
 if (dev->free_page_report_status == FREE_PAGE_REPORT_S_REQUESTED) {
 config.free_page_report_cmd_id =
@@ -683,6 +684,14 @@ static ram_addr_t get_current_ram_size(void)
 return size;
 }
 
+static bool virtio_balloon_page_poison_support(void *opaque)
+{
+VirtIOBalloon *s = opaque;
+VirtIODevice *vdev = VIRTIO_DEVICE(s);
+
+return virtio_vdev_has_feature(vdev, VIRTIO_BALLOON_F_PAGE_POISON);
+}
+
 static void virtio_balloon_set_config(VirtIODevice *vdev,
   const uint8_t *config_data)
 {
@@ -697,6 +706,10 @@ static void virtio_balloon_set_config(VirtIODevice *vdev,
 qapi_event_send_balloon_change(vm_ram_size -
 ((ram_addr_t) dev->actual << 
VIRTIO_BALLOON_PFN_SHIFT));
 }
+dev->poison_val = 0;
+if (virtio_balloon_page_poison_support(dev)) {
+dev->poison_val = le32_to_cpu(config.poison_val);
+}
 trace_virtio_balloon_set_config(dev->actual, oldactual);
 }
 
@@ -755,6 +768,17 @@ static const VMStateDescription 
vmstate_virtio_balloon_free_page_report = {
 }
 };
 
+static const VMStateDescription vmstate_virtio_balloon_page_poison = {
+.name = "vitio-balloon-device/page-poison",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = virtio_balloon_page_poison_support,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(poison_val, VirtIOBalloon),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_virtio_balloon_device = {
 .name = "virtio-balloon-device",
 .version_id = 1,
@@ -767,6 +791,7 @@ static const VMStateDescription 
vmstate_virtio_balloon_device = {
 },
 .subsections = (const VMStateDescription * []) {
 &vmstate_virtio_balloon_free_page_report,
+&vmstate_virtio_balloon_page_poison,
 NULL
 }
 };
@@ -849,6 +874,8 @@ static void virtio_balloon_device_reset(VirtIODevice *vdev)
 g_free(s->stats_vq_elem);
 s->stats_vq_elem = NULL;
 }
+
+s->poison_val = 0;
 }
 
 static void virtio_balloon_set_status(VirtIODevice *vdev, uint8_t status)
@@ -916,6 +943,8 @@ static Property virtio_balloon_properties[] = {
 VIRTIO_BALLOON_F_DEFLATE_ON_OOM, false),
 DEFINE_PROP_BIT("free-page-hint", VirtIOBalloon, host_features,
 VIRTIO_BALLOON_F_FREE_PAGE_HINT, false),
+DEFINE_PROP_BIT("page-poison", VirtIOBalloon, host_features,
+VIRTIO_BALLOON_F_PAGE_POISON, true),
 /* QEMU 4.0 accidentally changed the config size even when free-page-hint

[PULL v2 49/58] virtio: add vhost-user-vsock base device

[Michael S. Tsirkin]

From: Stefano Garzarella 

This patch introduces a vhost-user device for vsock, using the
vhost-vsock-common parent class.

The vhost-user-vsock device can be used to implement the virtio-vsock
device emulation in user-space.

Signed-off-by: Stefano Garzarella 
Message-Id: <20200522122512.87413-3-sgarz...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 configure|   3 +
 include/hw/virtio/vhost-user-vsock.h |  36 ++
 hw/virtio/vhost-user-vsock.c | 181 +++
 hw/virtio/Makefile.objs  |   1 +
 4 files changed, 221 insertions(+)
 create mode 100644 include/hw/virtio/vhost-user-vsock.h
 create mode 100644 hw/virtio/vhost-user-vsock.c

diff --git a/configure b/configure
index 597e909b53..7c2adf36e5 100755
--- a/configure
+++ b/configure
@@ -7196,6 +7196,9 @@ if test "$vhost_crypto" = "yes" ; then
 fi
 if test "$vhost_vsock" = "yes" ; then
   echo "CONFIG_VHOST_VSOCK=y" >> $config_host_mak
+  if test "$vhost_user" = "yes" ; then
+echo "CONFIG_VHOST_USER_VSOCK=y" >> $config_host_mak
+  fi
 fi
 if test "$vhost_kernel" = "yes" ; then
   echo "CONFIG_VHOST_KERNEL=y" >> $config_host_mak
diff --git a/include/hw/virtio/vhost-user-vsock.h 
b/include/hw/virtio/vhost-user-vsock.h
new file mode 100644
index 00..4e128a4b9f
--- /dev/null
+++ b/include/hw/virtio/vhost-user-vsock.h
@@ -0,0 +1,36 @@
+/*
+ * Vhost-user vsock virtio device
+ *
+ * Copyright 2020 Red Hat, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.  See the COPYING file in the
+ * top-level directory.
+ */
+
+#ifndef _QEMU_VHOST_USER_VSOCK_H
+#define _QEMU_VHOST_USER_VSOCK_H
+
+#include "hw/virtio/vhost-vsock-common.h"
+#include "hw/virtio/vhost-user.h"
+#include "standard-headers/linux/virtio_vsock.h"
+
+#define TYPE_VHOST_USER_VSOCK "vhost-user-vsock-device"
+#define VHOST_USER_VSOCK(obj) \
+OBJECT_CHECK(VHostUserVSock, (obj), TYPE_VHOST_USER_VSOCK)
+
+typedef struct {
+CharBackend chardev;
+} VHostUserVSockConf;
+
+typedef struct {
+/*< private >*/
+VHostVSockCommon parent;
+VhostUserState vhost_user;
+VHostUserVSockConf conf;
+struct virtio_vsock_config vsockcfg;
+
+/*< public >*/
+} VHostUserVSock;
+
+#endif /* _QEMU_VHOST_USER_VSOCK_H */
diff --git a/hw/virtio/vhost-user-vsock.c b/hw/virtio/vhost-user-vsock.c
new file mode 100644
index 00..3534a39d62
--- /dev/null
+++ b/hw/virtio/vhost-user-vsock.c
@@ -0,0 +1,181 @@
+/*
+ * Vhost-user vsock virtio device
+ *
+ * Copyright 2020 Red Hat, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.  See the COPYING file in the
+ * top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/error-report.h"
+#include "hw/qdev-properties.h"
+#include "hw/virtio/vhost-user-vsock.h"
+
+static const int user_feature_bits[] = {
+VIRTIO_F_VERSION_1,
+VIRTIO_RING_F_INDIRECT_DESC,
+VIRTIO_RING_F_EVENT_IDX,
+VIRTIO_F_NOTIFY_ON_EMPTY,
+VHOST_INVALID_FEATURE_BIT
+};
+
+static void vuv_get_config(VirtIODevice *vdev, uint8_t *config)
+{
+VHostUserVSock *vsock = VHOST_USER_VSOCK(vdev);
+
+memcpy(config, &vsock->vsockcfg, sizeof(struct virtio_vsock_config));
+}
+
+static int vuv_handle_config_change(struct vhost_dev *dev)
+{
+VHostUserVSock *vsock = VHOST_USER_VSOCK(dev->vdev);
+int ret = vhost_dev_get_config(dev, (uint8_t *)&vsock->vsockcfg,
+   sizeof(struct virtio_vsock_config));
+if (ret < 0) {
+error_report("get config space failed");
+return -1;
+}
+
+virtio_notify_config(dev->vdev);
+
+return 0;
+}
+
+const VhostDevConfigOps vsock_ops = {
+.vhost_dev_config_notifier = vuv_handle_config_change,
+};
+
+static void vuv_set_status(VirtIODevice *vdev, uint8_t status)
+{
+VHostVSockCommon *vvc = VHOST_VSOCK_COMMON(vdev);
+bool should_start = status & VIRTIO_CONFIG_S_DRIVER_OK;
+
+if (!vdev->vm_running) {
+should_start = false;
+}
+
+if (vvc->vhost_dev.started == should_start) {
+return;
+}
+
+if (should_start) {
+int ret = vhost_vsock_common_start(vdev);
+if (ret < 0) {
+return;
+}
+} else {
+vhost_vsock_common_stop(vdev);
+}
+}
+
+static uint64_t vuv_get_features(VirtIODevice *vdev,
+ uint64_t features,
+ Error **errp)
+{
+VHostVSockCommon *vvc = VHOST_VSOCK_COMMON(vdev);
+
+return vhost_get_features(&vvc->vhost_dev, user_feature_bits, features);
+}
+
+static const VMStateDescription vuv_vmstate = {
+.name = "vhost-user-vsock",
+.unmigratable = 1,
+};
+
+static void vuv_device_realize(DeviceState *dev, Error **errp)
+{
+VHostVSockCommon *vvc = VHOST_VSOCK_COMMON(dev);
+VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+  

[PULL v2 18/58] tests/acpi: Add void tables for Q35/TPM-TIS bios-tables-test

[Michael S. Tsirkin]

From: Eric Auger 

Add placeholders for TPM and DSDT reference tables for
Q35 TPM-TIS tests and ignore them for the time being.

Signed-off-by: Eric Auger 
Reviewed-by: Stefan Berger 
Reviewed-by: Igor Mammedov 

Message-Id: <20200609125409.24179-3-eric.au...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/qtest/bios-tables-test-allowed-diff.h | 2 ++
 tests/data/acpi/q35/DSDT.tis| 0
 tests/data/acpi/q35/TPM2.tis| 0
 3 files changed, 2 insertions(+)
 create mode 100644 tests/data/acpi/q35/DSDT.tis
 create mode 100644 tests/data/acpi/q35/TPM2.tis

diff --git a/tests/qtest/bios-tables-test-allowed-diff.h 
b/tests/qtest/bios-tables-test-allowed-diff.h
index dfb8523c8b..a2a45d1d31 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1 +1,3 @@
 /* List of comma-separated changed AML files to ignore */
+"tests/data/acpi/q35/DSDT.tis",
+"tests/data/acpi/q35/TPM2.tis",
diff --git a/tests/data/acpi/q35/DSDT.tis b/tests/data/acpi/q35/DSDT.tis
new file mode 100644
index 00..e69de29bb2
diff --git a/tests/data/acpi/q35/TPM2.tis b/tests/data/acpi/q35/TPM2.tis
new file mode 100644
index 00..e69de29bb2
-- 
MST

[PULL v2 58/58] virtio-pci: fix queue_enable write

[Michael S. Tsirkin]

From: Jason Wang 

Spec said: The driver uses this to selectively prevent the device from
executing requests from this virtqueue. 1 - enabled; 0 - disabled.

Though write 0 to queue_enable is forbidden by the spec, we should not
assume that the value is 1.

Fix this by ignore the write value other than 1.

Signed-off-by: Jason Wang 
Message-Id: <20200610054351.15811-1-jasow...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Stefano Garzarella 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-pci.c | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index d028c17c24..7bc8c1c056 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1273,16 +1273,20 @@ static void virtio_pci_common_write(void *opaque, 
hwaddr addr,
 virtio_queue_set_vector(vdev, vdev->queue_sel, val);
 break;
 case VIRTIO_PCI_COMMON_Q_ENABLE:
-virtio_queue_set_num(vdev, vdev->queue_sel,
- proxy->vqs[vdev->queue_sel].num);
-virtio_queue_set_rings(vdev, vdev->queue_sel,
+if (val == 1) {
+virtio_queue_set_num(vdev, vdev->queue_sel,
+ proxy->vqs[vdev->queue_sel].num);
+virtio_queue_set_rings(vdev, vdev->queue_sel,
((uint64_t)proxy->vqs[vdev->queue_sel].desc[1]) << 32 |
proxy->vqs[vdev->queue_sel].desc[0],
((uint64_t)proxy->vqs[vdev->queue_sel].avail[1]) << 32 |
proxy->vqs[vdev->queue_sel].avail[0],
((uint64_t)proxy->vqs[vdev->queue_sel].used[1]) << 32 |
proxy->vqs[vdev->queue_sel].used[0]);
-proxy->vqs[vdev->queue_sel].enabled = 1;
+proxy->vqs[vdev->queue_sel].enabled = 1;
+} else {
+virtio_error(vdev, "wrong value for queue_enable %"PRIx64, val);
+}
 break;
 case VIRTIO_PCI_COMMON_Q_DESCLO:
 proxy->vqs[vdev->queue_sel].desc[0] = val;
-- 
MST

[PULL v2 57/58] pci: Display PCI IRQ pin in "info pci"

[Michael S. Tsirkin]

From: Peter Xu 

Sometimes it would be good to be able to read the pin number along
with the IRQ number allocated.  Since we'll dump the IRQ number, no
reason to not dump the pin information.  For example, the vfio-pci
device will overwrite the pin with the hardware pin number.  It would
be nice to know the pin number of one assigned device from QMP/HMP.

CC: Dr. David Alan Gilbert 
CC: Alex Williamson 
CC: Michael S. Tsirkin 
CC: Marcel Apfelbaum 
CC: Julia Suvorova 
CC: Markus Armbruster 
Signed-off-by: Peter Xu 
Message-Id: <20200317195908.283800-1-pet...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Philippe Mathieu-Daudé 
Acked-by: Dr. David Alan Gilbert 
Acked-by: Markus Armbruster 
---
 qapi/misc.json | 6 --
 hw/pci/pci.c   | 1 +
 monitor/hmp-cmds.c | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/qapi/misc.json b/qapi/misc.json
index 99b90ac80b..a5a0beb902 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -403,6 +403,8 @@
 #
 # @irq: if an IRQ is assigned to the device, the IRQ number
 #
+# @irq_pin: the IRQ pin, zero means no IRQ (since 5.1)
+#
 # @qdev_id: the device name of the PCI device
 #
 # @pci_bridge: if the device is a PCI bridge, the bridge information
@@ -417,8 +419,8 @@
 { 'struct': 'PciDeviceInfo',
   'data': {'bus': 'int', 'slot': 'int', 'function': 'int',
'class_info': 'PciDeviceClass', 'id': 'PciDeviceId',
-   '*irq': 'int', 'qdev_id': 'str', '*pci_bridge': 'PciBridgeInfo',
-   'regions': ['PciMemoryRegion']} }
+   '*irq': 'int', 'irq_pin': 'int', 'qdev_id': 'str',
+   '*pci_bridge': 'PciBridgeInfo', 'regions': ['PciMemoryRegion'] }}
 
 ##
 # @PciInfo:
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 1b88a32cf7..a60cf3ae3b 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -1776,6 +1776,7 @@ static PciDeviceInfo *qmp_query_pci_device(PCIDevice 
*dev, PCIBus *bus,
 info->regions = qmp_query_pci_regions(dev);
 info->qdev_id = g_strdup(dev->qdev.id ? dev->qdev.id : "");
 
+info->irq_pin = dev->config[PCI_INTERRUPT_PIN];
 if (dev->config[PCI_INTERRUPT_PIN] != 0) {
 info->has_irq = true;
 info->irq = dev->config[PCI_INTERRUPT_LINE];
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index 9c61e769ca..e03adf0d4d 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -688,7 +688,8 @@ static void hmp_info_pci_device(Monitor *mon, const 
PciDeviceInfo *dev)
 }
 
 if (dev->has_irq) {
-monitor_printf(mon, "  IRQ %" PRId64 ".\n", dev->irq);
+monitor_printf(mon, "  IRQ %" PRId64 ", pin %c\n",
+   dev->irq, (char)('A' + dev->irq_pin - 1));
 }
 
 if (dev->has_pci_bridge) {
-- 
MST

[PULL v2 02/58] diffs-allowed: add the SRAT AML to diffs-allowed

[Michael S. Tsirkin]

From: Vishal Verma 

In anticipation of a change to the SRAT generation in qemu, add the AML
file to diffs-allowed.

Signed-off-by: Vishal Verma 
Message-Id: <20200606000911.9896-2-vishal.l.ve...@intel.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/qtest/bios-tables-test-allowed-diff.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/qtest/bios-tables-test-allowed-diff.h 
b/tests/qtest/bios-tables-test-allowed-diff.h
index dfb8523c8b..e8f2766a63 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1 +1,4 @@
 /* List of comma-separated changed AML files to ignore */
+"tests/data/acpi/pc/SRAT.dimmpxm",
+"tests/data/acpi/q35/SRAT.dimmpxm",
+"tests/data/acpi/virt/SRAT.memhp",
-- 
MST

Re: [PULL 000/115] Huge miscellaneous pull request for 2020-06-11

[Roman Bolshakov]

On Fri, Jun 12, 2020 at 03:33:38PM +0200, Paolo Bonzini wrote:
> On 12/06/20 15:09, Peter Maydell wrote:
> > Hi; I'm afraid this fails to build on OSX, and has a check-tcg
> > failure on x86-64 Linux.
> > 
> > OSX:
> > 
> > In file included from 
> > /Users/pm215/src/qemu-for-merges/target/i386/hvf/hvf.c:53:
> > In file included from 
> > /Users/pm215/src/qemu-for-merges/include/sysemu/hvf.h:16:
> > /Users/pm215/src/qemu-for-merges/target/i386/cpu.h:1601:5: error:
> > unknown type name 'hvf_lazy_flags'
> > hvf_lazy_flags hvf_lflags;
> > ^
> > In file included from 
> > /Users/pm215/src/qemu-for-merges/target/i386/hvf/hvf.c:53:
> > In file included from 
> > /Users/pm215/src/qemu-for-merges/include/sysemu/hvf.h:16:
> > In file included from 
> > /Users/pm215/src/qemu-for-merges/target/i386/cpu.h:2021:
> > /Users/pm215/src/qemu-for-merges/include/exec/cpu-all.h:442:12: error:
> > returning 'void' from a function with incompatible result type
> > 'ArchCPU *' (aka 'struct X86CPU *')
> > return container_of(env, ArchCPU, env);
> >^~~
> > /Users/pm215/src/qemu-for-merges/include/qemu/compiler.h:56:41: note:
> > expanded from macro 'container_of'
> > #define container_of(ptr, type, member) ({  \
> > ^
> > In file included from 
> > /Users/pm215/src/qemu-for-merges/target/i386/hvf/hvf.c:53:
> > In file included from 
> > /Users/pm215/src/qemu-for-merges/include/sysemu/hvf.h:16:
> > In file included from 
> > /Users/pm215/src/qemu-for-merges/target/i386/cpu.h:2021:
> > /Users/pm215/src/qemu-for-merges/include/exec/cpu-all.h:464:14: error:
> > initializing 'ArchCPU *' (aka 'struct X86CPU *') with an expression of
> > incompatible type 'void'
> > ArchCPU *arch_cpu = container_of(env, ArchCPU, env);
> >  ^  ~~~
> > 3 errors generated.
> > 
> > 
> > On x86-64 Linux host, running the check-tcg tests on the static
> > linux-user build:
> > 
> >   BUILD   i386-linux-user guest-tests with docker qemu:fedora-i386-cross
> > /home/petmay01/linaro/qemu-for-merges/tests/tcg/i386/test-i386-pcmpistri.c:
> > In function 'main':
> > /home/petmay01/linaro/qemu-for-merges/tests/tcg/i386/test-i386-pcmpistri.c:28:15:
> > warning: left-hand operand of comma expression has no effect
> > [-Wunused-value]
> >28 | if ("%d\n", _mm_cmpistri(s1.x, s3.x, 0x4c) != 16) {
> >   |   ^
> > 
> > (only a warning because we don't seem to be using -Werror here?)
> > 
> > and then the test crashed at runtime:
> > 
> >   TESTtest-i386-pcmpistri on i386
> > qemu: uncaught target signal 4 (Illegal instruction) - core dumped
> > timeout: the monitored command dumped core
> > Illegal instruction
> > ../Makefile.target:151: recipe for target 'run-test-i386-pcmpistri' failed
> 
> I'll resend without the offending patch.  Roman, Joseph, please take a
> look and (especially for the OS X) please check if your series need a
> rebase.
> 
> Thanks,
> 
> Paolo
> 

It seems rebase is not needed. The queue doesn't include the patch:
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg08076.html

Regards,
Roman

[PULL v2 14/58] acpi: Convert build_tpm2() to build_append* API

[Michael S. Tsirkin]

From: Eric Auger 

In preparation of its move to the generic acpi code,
let's convert build_tpm2() to use build_append API. This
latter now is prefered in place of direct ACPI struct field
settings with manual endianness conversion.

Signed-off-by: Eric Auger 
Message-Id: <20200601095737.32671-2-eric.au...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/acpi-build.c | 28 +++-
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index d05d010f77..8d93a2d339 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2197,30 +2197,40 @@ build_tpm_tcpa(GArray *table_data, BIOSLinker *linker, 
GArray *tcpalog)
 static void
 build_tpm2(GArray *table_data, BIOSLinker *linker, GArray *tcpalog)
 {
-Acpi20TPM2 *tpm2_ptr = acpi_data_push(table_data, sizeof *tpm2_ptr);
+Acpi20TPM2 *tpm2_ptr = acpi_data_push(table_data, sizeof(AcpiTableHeader));
 unsigned log_addr_size = sizeof(tpm2_ptr->log_area_start_address);
 unsigned log_addr_offset =
 (char *)&tpm2_ptr->log_area_start_address - table_data->data;
+uint8_t start_method_params[12] = {};
 
-tpm2_ptr->platform_class = cpu_to_le16(TPM2_ACPI_CLASS_CLIENT);
+/* platform class */
+build_append_int_noprefix(table_data, TPM2_ACPI_CLASS_CLIENT, 2);
+/* reserved */
+build_append_int_noprefix(table_data, 0, 2);
 if (TPM_IS_TIS_ISA(tpm_find())) {
-tpm2_ptr->control_area_address = cpu_to_le64(0);
-tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO);
+/* address of control area */
+build_append_int_noprefix(table_data, 0, 8);
+/* start method */
+build_append_int_noprefix(table_data, TPM2_START_METHOD_MMIO, 4);
 } else if (TPM_IS_CRB(tpm_find())) {
-tpm2_ptr->control_area_address = cpu_to_le64(TPM_CRB_ADDR_CTRL);
-tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_CRB);
+build_append_int_noprefix(table_data, TPM_CRB_ADDR_CTRL, 8);
+build_append_int_noprefix(table_data, TPM2_START_METHOD_CRB, 4);
 } else {
 g_warn_if_reached();
 }
 
-tpm2_ptr->log_area_minimum_length =
-cpu_to_le32(TPM_LOG_AREA_MINIMUM_SIZE);
+/* platform specific parameters */
+g_array_append_vals(table_data, &start_method_params, 12);
 
-acpi_data_push(tcpalog, le32_to_cpu(tpm2_ptr->log_area_minimum_length));
+/* log area minimum length */
+build_append_int_noprefix(table_data, TPM_LOG_AREA_MINIMUM_SIZE, 4);
+
+acpi_data_push(tcpalog, TPM_LOG_AREA_MINIMUM_SIZE);
 bios_linker_loader_alloc(linker, ACPI_BUILD_TPMLOG_FILE, tcpalog, 1,
  false);
 
 /* log area start address to be filled by Guest linker */
+build_append_int_noprefix(table_data, 0, 8);
 bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
log_addr_offset, log_addr_size,
ACPI_BUILD_TPMLOG_FILE, 0);
-- 
MST

[PULL v2 04/58] tests/acpi: update expected SRAT files

[Michael S. Tsirkin]

From: Vishal Verma 

Update expected SRAT files for the change to account for NVDIMM NUMA
nodes in the SRAT.

AML diffs:

tests/data/acpi/pc/SRAT.dimmpxm:
Message-Id: <20200606000911.9896-4-vishal.l.ve...@intel.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/qtest/bios-tables-test-allowed-diff.h |   3 ---
 tests/data/acpi/pc/SRAT.dimmpxm | Bin 392 -> 392 bytes
 tests/data/acpi/q35/SRAT.dimmpxm| Bin 392 -> 392 bytes
 tests/data/acpi/virt/SRAT.memhp | Bin 186 -> 226 bytes
 4 files changed, 3 deletions(-)

diff --git a/tests/qtest/bios-tables-test-allowed-diff.h 
b/tests/qtest/bios-tables-test-allowed-diff.h
index e8f2766a63..dfb8523c8b 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1,4 +1 @@
 /* List of comma-separated changed AML files to ignore */
-"tests/data/acpi/pc/SRAT.dimmpxm",
-"tests/data/acpi/q35/SRAT.dimmpxm",
-"tests/data/acpi/virt/SRAT.memhp",
diff --git a/tests/data/acpi/pc/SRAT.dimmpxm b/tests/data/acpi/pc/SRAT.dimmpxm
index 
f5c0267ea24bb404b6b4e687390140378fbdc3f1..5a13c61b9041c6045c29643bf93a111fb1c0c76a
 100644
GIT binary patch
delta 51
scmeBR?qKE$4ss0XU}Rum%-G0fz$nec00kUCF%aN@Pz(&LlS3Je0lmQmhyVZp

delta 51
icmeBR?qKE$4ss0XU}RumY}m+Uz$ndt8%z#mGzI{_tp$hx

diff --git a/tests/data/acpi/q35/SRAT.dimmpxm b/tests/data/acpi/q35/SRAT.dimmpxm
index 
f5c0267ea24bb404b6b4e687390140378fbdc3f1..5a13c61b9041c6045c29643bf93a111fb1c0c76a
 100644
GIT binary patch
delta 51
scmeBR?qKE$4ss0XU}Rum%-G0fz$nec00kUCF%aN@Pz(&LlS3Je0lmQmhyVZp

delta 51
icmeBR?qKE$4ss0XU}RumY}m+Uz$ndt8%z#mGzI{_tp$hx

diff --git a/tests/data/acpi/virt/SRAT.memhp b/tests/data/acpi/virt/SRAT.memhp
index 
1b57db2072e7f7e2085c4a427aa31c7383851b71..9a35adb40c6f7cd822e5af37abba8aad033617cb
 100644
GIT binary patch
delta 43
rcmdnR_=u4!ILI;N5d#AQbIe4p$wD1K76@=aC

[PULL v2 53/58] acpi: madt: skip pci override on pci-less systems.

[Michael S. Tsirkin]

From: Gerd Hoffmann 

Needed for microvm.

Signed-off-by: Gerd Hoffmann 
Reviewed-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20200520132003.9492-8-kra...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/acpi-common.h |  3 ++-
 hw/i386/acpi-build.c  |  2 +-
 hw/i386/acpi-common.c | 26 +++---
 3 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/hw/i386/acpi-common.h b/hw/i386/acpi-common.h
index c30e461f18..9cac18dddf 100644
--- a/hw/i386/acpi-common.h
+++ b/hw/i386/acpi-common.h
@@ -9,6 +9,7 @@
 #define ACPI_BUILD_IOAPIC_ID 0x0
 
 void acpi_build_madt(GArray *table_data, BIOSLinker *linker,
- X86MachineState *x86ms, AcpiDeviceIf *adev);
+ X86MachineState *x86ms, AcpiDeviceIf *adev,
+ bool has_pci);
 
 #endif
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 26c0c8aefa..473cbdfffd 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2588,7 +2588,7 @@ void acpi_build(AcpiBuildTables *tables, MachineState 
*machine)
 
 acpi_add_table(table_offsets, tables_blob);
 acpi_build_madt(tables_blob, tables->linker, x86ms,
-ACPI_DEVICE_IF(pcms->acpi_dev));
+ACPI_DEVICE_IF(pcms->acpi_dev), true);
 
 vmgenid_dev = find_vmgenid_dev();
 if (vmgenid_dev) {
diff --git a/hw/i386/acpi-common.c b/hw/i386/acpi-common.c
index 5caca16a0b..ab9b00581a 100644
--- a/hw/i386/acpi-common.c
+++ b/hw/i386/acpi-common.c
@@ -72,7 +72,8 @@ void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid,
 }
 
 void acpi_build_madt(GArray *table_data, BIOSLinker *linker,
- X86MachineState *x86ms, AcpiDeviceIf *adev)
+ X86MachineState *x86ms, AcpiDeviceIf *adev,
+ bool has_pci)
 {
 MachineClass *mc = MACHINE_GET_CLASS(x86ms);
 const CPUArchIdList *apic_ids = mc->possible_cpu_arch_ids(MACHINE(x86ms));
@@ -111,18 +112,21 @@ void acpi_build_madt(GArray *table_data, BIOSLinker 
*linker,
 intsrcovr->gsi= cpu_to_le32(2);
 intsrcovr->flags  = cpu_to_le16(0); /* conforms to bus specifications 
*/
 }
-for (i = 1; i < 16; i++) {
+
+if (has_pci) {
+for (i = 1; i < 16; i++) {
 #define ACPI_BUILD_PCI_IRQS ((1<<5) | (1<<9) | (1<<10) | (1<<11))
-if (!(ACPI_BUILD_PCI_IRQS & (1 << i))) {
-/* No need for a INT source override structure. */
-continue;
+if (!(ACPI_BUILD_PCI_IRQS & (1 << i))) {
+/* No need for a INT source override structure. */
+continue;
+}
+intsrcovr = acpi_data_push(table_data, sizeof *intsrcovr);
+intsrcovr->type   = ACPI_APIC_XRUPT_OVERRIDE;
+intsrcovr->length = sizeof(*intsrcovr);
+intsrcovr->source = i;
+intsrcovr->gsi= cpu_to_le32(i);
+intsrcovr->flags  = cpu_to_le16(0xd); /* active high, level 
triggered */
 }
-intsrcovr = acpi_data_push(table_data, sizeof *intsrcovr);
-intsrcovr->type   = ACPI_APIC_XRUPT_OVERRIDE;
-intsrcovr->length = sizeof(*intsrcovr);
-intsrcovr->source = i;
-intsrcovr->gsi= cpu_to_le32(i);
-intsrcovr->flags  = cpu_to_le16(0xd); /* active high, level triggered 
*/
 }
 
 if (x2apic_mode) {
-- 
MST

[PULL v2 51/58] acpi: make build_madt() more generic.

[Michael S. Tsirkin]

From: Gerd Hoffmann 

Remove PCMachineState dependency from build_madt().
Pass AcpiDeviceIf as separate argument instead of
depending on PCMachineState->acpi_dev.

Signed-off-by: Gerd Hoffmann 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Igor Mammedov 
Message-Id: <20200520132003.9492-6-kra...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/acpi-build.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 1ecb68f45f..d217fc1fe6 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -366,14 +366,13 @@ void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid,
 }
 
 static void
-build_madt(GArray *table_data, BIOSLinker *linker, PCMachineState *pcms)
+build_madt(GArray *table_data, BIOSLinker *linker,
+   X86MachineState *x86ms, AcpiDeviceIf *adev)
 {
-MachineClass *mc = MACHINE_GET_CLASS(pcms);
-X86MachineState *x86ms = X86_MACHINE(pcms);
-const CPUArchIdList *apic_ids = mc->possible_cpu_arch_ids(MACHINE(pcms));
+MachineClass *mc = MACHINE_GET_CLASS(x86ms);
+const CPUArchIdList *apic_ids = mc->possible_cpu_arch_ids(MACHINE(x86ms));
 int madt_start = table_data->len;
-AcpiDeviceIfClass *adevc = ACPI_DEVICE_IF_GET_CLASS(pcms->acpi_dev);
-AcpiDeviceIf *adev = ACPI_DEVICE_IF(pcms->acpi_dev);
+AcpiDeviceIfClass *adevc = ACPI_DEVICE_IF_GET_CLASS(adev);
 bool x2apic_mode = false;
 
 AcpiMultipleApicTable *madt;
@@ -2708,7 +2707,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState 
*machine)
 aml_len += tables_blob->len - fadt;
 
 acpi_add_table(table_offsets, tables_blob);
-build_madt(tables_blob, tables->linker, pcms);
+build_madt(tables_blob, tables->linker, x86ms,
+   ACPI_DEVICE_IF(pcms->acpi_dev));
 
 vmgenid_dev = find_vmgenid_dev();
 if (vmgenid_dev) {
-- 
MST