Re: [PATCH v5 07/10] block: introduce preallocate filter
25.08.2020 18:11, Max Reitz wrote:
On 21.08.20 16:11, Vladimir Sementsov-Ogievskiy wrote:
It's intended to be inserted between format and protocol nodes to
preallocate additional space (expanding protocol file) on writes
crossing EOF. It improves performance for file-systems with slow
allocation.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
docs/system/qemu-block-drivers.rst.inc | 26 +++
qapi/block-core.json | 20 +-
block/preallocate.c| 291 +
block/Makefile.objs| 1 +
4 files changed, 337 insertions(+), 1 deletion(-)
create mode 100644 block/preallocate.c
Looks good to me in essence. Besides minor details, I wonder most about
whether truncating the file on close can be safe, but more about that below.
diff --git a/docs/system/qemu-block-drivers.rst.inc
b/docs/system/qemu-block-drivers.rst.inc
index b052a6d14e..5e8a35c571 100644
--- a/docs/system/qemu-block-drivers.rst.inc
+++ b/docs/system/qemu-block-drivers.rst.inc
@@ -952,3 +952,29 @@ on host and see if there are locks held by the QEMU
process on the image file.
More than one byte could be locked by the QEMU instance, each byte of which
reflects a particular permission that is acquired or protected by the running
block driver.
+
+Filter drivers
+~~
+
+QEMU supports several filter drivers, which don't store any data, but do some
s/do/perform/
+additional tasks, hooking io requests.
+
+.. program:: filter-drivers
+.. option:: preallocate
+
+ Preallocate filter driver is intended to be inserted between format
*The preallocate filter driver
+ and protocol nodes and does preallocation of some additional space
I’d simplify this as s/does preallocation of/preallocates/
+ (expanding the protocol file) on write. It may be used for
I’d complicate this as s/on write/when writing past the file’s end/, or
“when data is written to the file after its end”, or at least “on
post-EOF writes”.
Maybe also s/It may be used for/This can be useful for/?
+ file-systems with slow allocation.
+
+ Supported options:
+
+ .. program:: preallocate
+ .. option:: prealloc-align
+
+On preallocation, align file length to this number, default 1M.
*the file length
As for “number”... Well, it is a number. But “value” might fit better.
Or “length (in bytes)”?
+
+ .. program:: preallocate
+ .. option:: prealloc-size
+
+How much to preallocate, default 128M.
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 197bdc1c36..b40448063b 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2805,7 +2805,7 @@
'cloop', 'compress', 'copy-on-read', 'dmg', 'file', 'ftp', 'ftps',
'gluster', 'host_cdrom', 'host_device', 'http', 'https', 'iscsi',
'luks', 'nbd', 'nfs', 'null-aio', 'null-co', 'nvme', 'parallels',
-'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'rbd',
+'preallocate', 'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'rbd',
{ 'name': 'replication', 'if': 'defined(CONFIG_REPLICATION)' },
'sheepdog',
'ssh', 'throttle', 'vdi', 'vhdx', 'vmdk', 'vpc', 'vvfat' ] }
@@ -3074,6 +3074,23 @@
'data': { 'aes': 'QCryptoBlockOptionsQCow',
'luks': 'QCryptoBlockOptionsLUKS'} }
+##
+# @BlockdevOptionsPreallocate:
+#
+# Filter driver intended to be inserted between format and protocol node
+# and do preallocation in protocol node on write.
+#
+# @prealloc-align: on preallocation, align file length to this number,
+# default 1048576 (1M)
Speaking of alignment, this second line isn’t properly aligned.
+#
+# @prealloc-size: how much to preallocate, default 134217728 (128M)
+#
+# Since: 5.2
+##
+{ 'struct': 'BlockdevOptionsPreallocate',
+ 'base': 'BlockdevOptionsGenericFormat',
+ 'data': { '*prealloc-align': 'int', '*prealloc-size': 'int' } }
+
##
# @BlockdevOptionsQcow2:
#
@@ -3979,6 +3996,7 @@
'null-co':'BlockdevOptionsNull',
'nvme': 'BlockdevOptionsNVMe',
'parallels': 'BlockdevOptionsGenericFormat',
+ 'preallocate':'BlockdevOptionsPreallocate',
'qcow2': 'BlockdevOptionsQcow2',
'qcow': 'BlockdevOptionsQcow',
'qed':'BlockdevOptionsGenericCOWFormat',
diff --git a/block/preallocate.c b/block/preallocate.c
new file mode 100644
index 00..bdf54dbd2f
--- /dev/null
+++ b/block/preallocate.c
@@ -0,0 +1,291 @@
+/*
+ * preallocate filter driver
+ *
+ * The driver performs preallocate operation: it is injected above
+ * some node, and before each write over EOF it does additional preallocating
+ * write-zeroes request.
+ *
+ * Copyright (c) 2020 Virtuozzo International GmbH.
+ *
+ * Author:
+ * Sementsov-Ogievskiy Vladimir
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation;
Re: [PATCH 3/4] meson: Mingw64 gcc doesn't recognize system include_type for sdl2
On Tue, Aug 25, 2020 at 11:38 PM Mark Cave-Ayland wrote: > Marc-André had a query about why this is marked as a system include, however > I can > confirm that it fixes the missing "SDL.h" issue during build. It was marked as a system include in an attempt to work around the SDL 2.0.8 bug that requires -Wno-undef. In general we enable lots of warnings and sometimes they trip dependencies, so using include_type: 'system' in principle makes sense. But if it doesn't work with Windows, it's not a regression to remove it. Paolo
Re: [PATCH 2/4] meson: fixes relpath may fail on win32.
On Tue, Aug 25, 2020 at 11:31 PM Mark Cave-Ayland wrote: > On 25/08/2020 17:53, luoyongg...@gmail.com wrote: > > > From: Yonggang Luo > > > > On win32, os.path.relpath would raise exception when do the following > > relpath: > > C:/msys64/mingw64/x.exe relative to E:/path/qemu-build would fail. > > So we try catch it for stopping it from raise exception on msys2 > I don't think this is relevant in my particular environment, however it > didn't seem > to break the build. I'm curious as to why os.path.relpath throws an exception > in this > particular case on Windows though - can you give us a bit more information > about the > Exception that is being thrown? I think it's because it's impossible to make a relative path between two different drives. The patch is correct but is missing the Signed-off-by line. Paolo
Re: [PATCH 1/4] meson: Fixes the ninjatool issue that E$$: are generated in Makefile.ninja
On Tue, Aug 25, 2020 at 11:26 PM Mark Cave-Ayland wrote: > I've tested this and it changes build.ninja so instead of Windows paths > beginning C$$ > they now begin C$ instead e.g.: > > build qemu-version.h: CUSTOM_COMMAND | > C$:/msys64/home/Mark/qemu/scripts/qemu-version.sh PHONY The patch should not change build.ninja in any way, but indeed it will fix the transformation so that the (correct) ninja quoting is removed. Paolo
Re: device compatibility interface for live migration with assigned devices
On Tue, Aug 25, 2020 at 04:39:25PM +0200, Cornelia Huck wrote:
<...>
> > do you think the bin_attribute I proposed yesterday good?
> > Then we can have a single compatible with a variable in the mdev_type and
> > aggregator.
> >
> >mdev_type=i915-GVTg_V5_{val1:int:2,4,8}
> >aggregator={val1}/2
>
> I'm not really a fan of binary attributes other than in cases where we
> have some kind of binary format to begin with.
>
> IIUC, we basically have:
> - different partitioning (expressed in the mdev_type)
> - different number of partitions (expressed via the aggregator)
> - devices being compatible if the partitioning:aggregator ratio is the
> same
>
> (The multiple mdev_type variants seem to come from avoiding extra
> creation parameters, IIRC?)
>
> Would it be enough to export
> base_type=i915-GVTg_V5
> aggregation_ratio=
>
> to express the various combinations that are compatible without the
> need for multiple sets of attributes?
yes. I agree we need to decouple the mdev type name and aggregator for
compatibility detection purpose.
please allow me to put some words to describe the history and
motivation of introducing aggregator.
initially, we have fixed mdev_type
i915-GVTg_V5_1,
i915-GVTg_V5_2,
i915-GVTg_V5_4,
i915-GVTg_V5_8,
the digital after i915-GVTg_V5 representing the max number of instances
allowed to be created for this type. They also identify how many
resources are to be allocated for each type.
They are so far so good for current intel vgpus, i.e., cutting the
physical GPU into several virtual pieces and sharing them among several
VMs in pure mediation way.
fixed types are provided in advance as we thought it can meet needs from
most users and users can know the hardware capability they acquired
from the type name. the bigger in number, the smaller piece of physical
hardware.
Then, when it comes to scalable IOV in near future, one physical hardware
is able to be cut into a large number of units in hardware layer
The single unit to be assigned into guest can be very small while one to
several units are grouped into an mdev.
The fixed type scheme is then cumbersome.
Therefore, a new attribute aggregator is introduced to specify the number
of resources to be assigned based on the base resource specified in type
name. e.g.
if type name is dsa-1dwq, and aggregator is 30, then the assignable
resources to guest is 30 wqs in a single created mdev.
if type name is dsa-2dwq, and aggregator is 15, then the assignable
resources to guest is also 30wqs in a single created mdev.
(in this example, the rule to define type name is different to the case
in GVT. here 1 wq means wq number is 1. yes, they are current reality.
:) )
previously, we want to regard the two mdevs created with dsa-1dwq x 30 and
dsa-2dwq x 15 as compatible, because the two mdevs consist equal resources.
But, as it's a burden to upper layer, we agree that if this condition
happens, we still treat the two as incompatible.
To fix it, either the driver should expose dsa-1dwq only, or the target
dsa-2dwq needs to be destroyed and reallocated via dsa-1dwq x 30.
Does it make sense?
Thanks
Yan
Re: [PATCH 00/12] fix some error memleaks
ping! On 2020/8/15 0:02, Pan Nengyuan wrote: > This series fix some Error/GError memleaks. > > Pan Nengyuan (12): > qga/channel-posix: Plug memory leak in ga_channel_write_all() > hw/vfio/ap: Plug memleak in vfio_ap_get_group() > elf2dmp/qemu_elf: Plug memleak in QEMU_Elf_init > elf2dmp/pdb: Plug memleak in pdb_init_from_file > target/i386/sev: Plug memleak in sev_read_file_base64 > ui/gtk-gl-area: Plug memleak in gd_gl_area_create_context() > target/i386/cpu: Fix memleak in x86_cpu_class_check_missing_features > migration/colo: Plug memleaks in colo_process_incoming_thread > blockdev: Fix a memleak in drive_backup_prepare() > block/file-posix: fix a possible undefined behavior > vnc-auth-sasl: Plug memleak in vnc_socket_ip_addr_string > test-util-sockets: Fix a memleak in test_socket_unix_abstract_good > > block/file-posix.c | 2 +- > blockdev.c | 1 + > contrib/elf2dmp/pdb.c | 1 + > contrib/elf2dmp/qemu_elf.c | 1 + > hw/vfio/ap.c | 1 + > migration/colo.c | 2 ++ > qga/channel-posix.c| 6 +- > target/i386/cpu.c | 1 + > target/i386/sev.c | 1 + > tests/test-util-sockets.c | 1 + > ui/gtk-gl-area.c | 5 ++--- > ui/vnc-auth-sasl.c | 1 + > 12 files changed, 18 insertions(+), 5 deletions(-) >
Re: [PATCH v5 06/10] block: introduce BDRV_REQ_NO_WAIT flag
25.08.2020 16:10, Max Reitz wrote:
On 21.08.20 16:11, Vladimir Sementsov-Ogievskiy wrote:
Add flag to make serialising request no wait: if there are conflicting
requests, just return error immediately. It's will be used in upcoming
preallocate filter.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
include/block/block.h | 9 -
block/io.c| 11 ++-
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/include/block/block.h b/include/block/block.h
index b8f4e86e8d..877fda06a4 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -67,8 +67,15 @@ typedef enum {
* written to qiov parameter which may be NULL.
*/
BDRV_REQ_PREFETCH = 0x200,
+
+/*
+ * If we need to wait for other requests, just fail immediately. Used
+ * only together with BDRV_REQ_SERIALISING.
+ */
+BDRV_REQ_NO_WAIT = 0x400,
+
/* Mask of valid flags */
-BDRV_REQ_MASK = 0x3ff,
+BDRV_REQ_MASK = 0x7ff,
} BdrvRequestFlags;
typedef struct BlockSizes {
diff --git a/block/io.c b/block/io.c
index dd28befb08..c93b1e98a3 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1912,9 +1912,18 @@ bdrv_co_write_req_prepare(BdrvChild *child, int64_t
offset, uint64_t bytes,
assert(!(bs->open_flags & BDRV_O_INACTIVE));
assert((bs->open_flags & BDRV_O_NO_IO) == 0);
assert(!(flags & ~BDRV_REQ_MASK));
+assert(!((flags & BDRV_REQ_NO_WAIT) && !(flags & BDRV_REQ_SERIALISING)));
if (flags & BDRV_REQ_SERIALISING) {
-bdrv_make_request_serialising(req, bdrv_get_cluster_size(bs));
+QEMU_LOCK_GUARD(&bs->reqs_lock);
+
+tracked_request_set_serialising(req, bdrv_get_cluster_size(bs));
+
+if ((flags & BDRV_REQ_NO_WAIT) && bdrv_find_conflicting_request(req)) {
bdrv_find_conflicting_request() will return NULL even if there are
conflicting requests, but those have a non-NULL waiting_for. Is that
something to consider?
(I would like to think that will never have a real impact because then
we must find some other conflicting request; but isn’t is possible that
we find an overlapping request that waits for another request with which
it overlaps, but our request does not?)
Actually check in bdrv_find_conflicting_request() is the same like in the
following
bdrv_wait_serialising_requests_locked(), so, if bdrv_find_conflicting_request()
returns
NULL, it means that in bdrv_wait_serialising_requests_locked() it will return
NULL
again (as there are no yield points) and we will not wait, so all is OK.
And, why is it OK to ignore already waiting requests in
bdrv_wait_serialising_requests_locked(): just because if we proceed now with
our request,
these waiting requests will have to wait for us, when they wake and go to the
next iteration
of waiting loop.
+return -EBUSY;
+}
+
+bdrv_wait_serialising_requests_locked(req);
} else {
bdrv_wait_serialising_requests(req);
}
--
Best regards,
Vladimir
Re: [PATCH] disas/libvixl: Fix fall-through annotation for GCC >= 7
Patchew URL: https://patchew.org/QEMU/20200824130114.41368-1-th...@redhat.com/ Hi, This series seems to have some coding style problems. See output below for more information: Type: series Message-id: 20200824130114.41368-1-th...@redhat.com Subject: [PATCH] disas/libvixl: Fix fall-through annotation for GCC >= 7 === TEST SCRIPT BEGIN === #!/bin/bash git rev-parse base > /dev/null || exit 0 git config --local diff.renamelimit 0 git config --local diff.renames True git config --local diff.algorithm histogram ./scripts/checkpatch.pl --mailback base.. === TEST SCRIPT END === From https://github.com/patchew-project/qemu * [new tag] patchew/20200824130114.41368-1-th...@redhat.com -> patchew/20200824130114.41368-1-th...@redhat.com Switched to a new branch 'test' eb8ed63 disas/libvixl: Fix fall-through annotation for GCC >= 7 === OUTPUT BEGIN === ERROR: do not use C99 // comments #46: FILE: disas/libvixl/vixl/globals.h:111: +// Fallthrough annotation for Clang and C++11(201103L). ERROR: do not use C99 // comments #49: FILE: disas/libvixl/vixl/globals.h:114: +// Fallthrough annotation for GCC >= 7. total: 2 errors, 0 warnings, 24 lines checked Commit eb8ed63c0cc3 (disas/libvixl: Fix fall-through annotation for GCC >= 7) has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. === OUTPUT END === Test command exited with code: 1 The full log is available at http://patchew.org/logs/20200824130114.41368-1-th...@redhat.com/testing.checkpatch/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-de...@redhat.com
Re: [External] Re: [PATCH 2/2] coroutine: take exactly one batch from global pool at a time
The purpose of this patch is to improve performance without increasing memory consumption. My test case: QEMU command line arguments -drive file=/dev/nvme2n1p1,format=raw,if=none,id=local0,cache=none,aio=native \ -device virtio-blk,id=blk0,drive=local0,iothread=iothread0,num-queues=4 \ -drive file=/dev/nvme3n1p1,format=raw,if=none,id=local1,cache=none,aio=native \ -device virtio-blk,id=blk1,drive=local1,iothread=iothread1,num-queues=4 \ run these two fio jobs at the same time [job-vda] filename=/dev/vda iodepth=64 ioengine=libaio rw=randrw bs=4k size=300G rwmixread=80 direct=1 numjobs=2 runtime=60 [job-vdb] filename=/dev/vdb iodepth=64 ioengine=libaio rw=randrw bs=4k size=300G rwmixread=90 direct=1 numjobs=2 loops=1 runtime=60 without this patch, test 3 times: total iops: 278548.1, 312374.1, 276638.2 with this patch, test 3 times: total iops: 368370.9, 335693.2, 327693.1 18.9% improvement in average. In addition, we are also using a distributed block storage, of which the io latency is much more than local nvme devices because of the network overhead. So it needs higher iodepth(>=256) to reach its max throughput. Without this patch, it has more than 5% chance of calling `qemu_coroutine_new` and the iops is less than 100K, while the iops is about 260K with this patch. On the other hand, there's a simpler way to reduce or eliminate the cost of `qemu_coroutine_new` is to increase POOL_BATCH_SIZE. But it will also bring much more memory consumption which we don't expect. So it's the purpose of this patch. Stefan Hajnoczi 于2020年8月25日周二 下午10:52写道: > > On Mon, Aug 24, 2020 at 12:31:21PM +0800, wanghonghao wrote: > > This patch replace the global coroutine queue with a lock-free stack of > > which > > the elements are coroutine queues. Threads can put coroutine queues into the > > stack or take queues from it and each coroutine queue has exactly > > POOL_BATCH_SIZE coroutines. Note that the stack is not strictly LIFO, but > > it's > > enough for buffer pool. > > > > Coroutines will be put into thread-local pools first while release. Now the > > fast pathes of both allocation and release are atomic-free, and there won't > > be too many coroutines remain in a single thread since POOL_BATCH_SIZE has > > been > > reduced to 16. > > > > In practice, I've run a VM with two block devices binding to two different > > iothreads, and run fio with iodepth 128 on each device. It maintains around > > 400 coroutines and has about 1% chance of calling to `qemu_coroutine_new` > > without this patch. And with this patch, it maintains no more than 273 > > coroutines and doesn't call `qemu_coroutine_new` after initial allocations. > > Does throughput or IOPS change? > > Is the main purpose of this patch to reduce memory consumption? > > Stefan
[PATCH v7 8/8] target/s390x: Use start-powered-off CPUState property
Instead of setting CPUState::halted to 1 in s390_cpu_initfn(), use the start-powered-off property which makes cpu_common_reset() initialize it to 1 in common code. Note that this changes behavior by setting cs->halted to 1 on reset, which didn't happen before. Acked-by: Cornelia Huck Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Thiago Jung Bauermann --- target/s390x/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c index 08eb674d22..73d7d6007e 100644 --- a/target/s390x/cpu.c +++ b/target/s390x/cpu.c @@ -291,7 +291,7 @@ static void s390_cpu_initfn(Object *obj) S390CPU *cpu = S390_CPU(obj); cpu_set_cpustate_pointers(cpu); -cs->halted = 1; +cs->start_powered_off = true; cs->exception_index = EXCP_HLT; #if !defined(CONFIG_USER_ONLY) object_property_add(obj, "crash-information", "GuestPanicInformation",
[PATCH v7 5/8] mips/cps: Use start-powered-off CPUState property
Instead of setting CPUState::halted to 1 in main_cpu_reset(), use the
start-powered-off property which makes cpu_common_reset() initialize it
to 1 in common code.
Also change creation of CPU object from cpu_create() to object_new() and
qdev_realize_and_unref() because cpu_create() realizes the CPU and it's not
possible to set a property after the object is realized.
Signed-off-by: Thiago Jung Bauermann
---
hw/mips/cps.c | 15 +++
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/hw/mips/cps.c b/hw/mips/cps.c
index 615e1a1ad2..23c0f87e41 100644
--- a/hw/mips/cps.c
+++ b/hw/mips/cps.c
@@ -52,9 +52,6 @@ static void main_cpu_reset(void *opaque)
CPUState *cs = CPU(cpu);
cpu_reset(cs);
-
-/* All VPs are halted on reset. Leave powering up to CPC. */
-cs->halted = 1;
}
static bool cpu_mips_itu_supported(CPUMIPSState *env)
@@ -76,7 +73,17 @@ static void mips_cps_realize(DeviceState *dev, Error **errp)
bool saar_present = false;
for (i = 0; i < s->num_vp; i++) {
-cpu = MIPS_CPU(cpu_create(s->cpu_type));
+cpu = MIPS_CPU(object_new(s->cpu_type));
+
+/* All VPs are halted on reset. Leave powering up to CPC. */
+if (!object_property_set_bool(OBJECT(cpu), "start-powered-off", true,
+ errp)) {
+return;
+}
+
+if (!qdev_realize_and_unref(DEVICE(cpu), NULL, errp)) {
+return;
+}
/* Init internal devices */
cpu_mips_irq_init_cpu(cpu);
[PATCH v7 7/8] sparc/sun4m: Use start-powered-off CPUState property
Instead of setting CPUState::halted to 1 in secondary_cpu_reset(), use the
start-powered-off property which makes cpu_common_reset() initialize it
to 1 in common code.
Now secondary_cpu_reset() becomes equivalent to main_cpu_reset() so rename
the function to sun4m_cpu_reset().
Also remove setting of cs->halted from cpu_devinit(), which seems out of
place when compared to similar code in other architectures (e.g.,
ppce500_init() in hw/ppc/e500.c).
Finally, change creation of CPU object from cpu_create() to object_new()
and qdev_realize_and_unref() because cpu_create() realizes the CPU and it's
not possible to set a property after the object is realized.
Suggested-by: Philippe Mathieu-Daudé
Signed-off-by: Thiago Jung Bauermann
---
hw/sparc/sun4m.c | 25 ++---
1 file changed, 6 insertions(+), 19 deletions(-)
diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index 7484aa4438..6bf9d27d8a 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -218,7 +218,7 @@ static void dummy_cpu_set_irq(void *opaque, int irq, int
level)
{
}
-static void main_cpu_reset(void *opaque)
+static void sun4m_cpu_reset(void *opaque)
{
SPARCCPU *cpu = opaque;
CPUState *cs = CPU(cpu);
@@ -226,15 +226,6 @@ static void main_cpu_reset(void *opaque)
cpu_reset(cs);
}
-static void secondary_cpu_reset(void *opaque)
-{
-SPARCCPU *cpu = opaque;
-CPUState *cs = CPU(cpu);
-
-cpu_reset(cs);
-cs->halted = 1;
-}
-
static void cpu_halt_signal(void *opaque, int irq, int level)
{
if (level && current_cpu) {
@@ -818,21 +809,17 @@ static const TypeInfo ram_info = {
static void cpu_devinit(const char *cpu_type, unsigned int id,
uint64_t prom_addr, qemu_irq **cpu_irqs)
{
-CPUState *cs;
SPARCCPU *cpu;
CPUSPARCState *env;
-cpu = SPARC_CPU(cpu_create(cpu_type));
+cpu = SPARC_CPU(object_new(cpu_type));
env = &cpu->env;
cpu_sparc_set_id(env, id);
-if (id == 0) {
-qemu_register_reset(main_cpu_reset, cpu);
-} else {
-qemu_register_reset(secondary_cpu_reset, cpu);
-cs = CPU(cpu);
-cs->halted = 1;
-}
+qemu_register_reset(sun4m_cpu_reset, cpu);
+object_property_set_bool(OBJECT(cpu), "start-powered-off", id != 0,
+ &error_fatal);
+qdev_realize_and_unref(DEVICE(cpu), NULL, &error_fatal);
*cpu_irqs = qemu_allocate_irqs(cpu_set_irq, cpu, MAX_PILS);
env->prom_addr = prom_addr;
}
[PATCH v7 6/8] sparc/sun4m: Don't set cs->halted = 0 in main_cpu_reset()
We rely on cpu_common_reset() to set cs->halted to 0, it's redundant to do it in main_cpu_reset(). Signed-off-by: Thiago Jung Bauermann --- hw/sparc/sun4m.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c index cf7dfa4af5..7484aa4438 100644 --- a/hw/sparc/sun4m.c +++ b/hw/sparc/sun4m.c @@ -224,7 +224,6 @@ static void main_cpu_reset(void *opaque) CPUState *cs = CPU(cpu); cpu_reset(cs); -cs->halted = 0; } static void secondary_cpu_reset(void *opaque)
[PATCH v7 2/8] target/arm: Move setting of CPU halted state to generic code
This change is in a separate patch because it's not so obvious that it
won't cause a regression.
Suggested-by: Eduardo Habkost
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: David Gibson
Reviewed-by: Greg Kurz
Signed-off-by: Thiago Jung Bauermann
---
hw/core/cpu.c| 2 +-
target/arm/cpu.c | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/core/cpu.c b/hw/core/cpu.c
index 594441a150..71bb7859f1 100644
--- a/hw/core/cpu.c
+++ b/hw/core/cpu.c
@@ -258,7 +258,7 @@ static void cpu_common_reset(DeviceState *dev)
}
cpu->interrupt_request = 0;
-cpu->halted = 0;
+cpu->halted = cpu->start_powered_off;
cpu->mem_io_pc = 0;
cpu->icount_extra = 0;
atomic_set(&cpu->icount_decr_ptr->u32, 0);
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index ec65c7653f..b6c65e4df6 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -175,7 +175,6 @@ static void arm_cpu_reset(DeviceState *dev)
env->vfp.xregs[ARM_VFP_MVFR2] = cpu->isar.mvfr2;
cpu->power_state = s->start_powered_off ? PSCI_OFF : PSCI_ON;
-s->halted = s->start_powered_off;
if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
[PATCH v7 4/8] ppc/e500: Use start-powered-off CPUState property
Instead of setting CPUState::halted to 1 in ppce500_cpu_reset_sec(), use
the start-powered-off property which makes cpu_common_reset() initialize it
to 1 in common code.
Also change creation of CPU object from cpu_create() to object_new() and
qdev_realize_and_unref() because cpu_create() realizes the CPU and it's not
possible to set a property after the object is realized.
Signed-off-by: Thiago Jung Bauermann
---
hw/ppc/e500.c | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index ab9884e315..ae39b9358e 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -704,9 +704,6 @@ static void ppce500_cpu_reset_sec(void *opaque)
cpu_reset(cs);
-/* Secondary CPU starts in halted state for now. Needs to change when
- implementing non-kernel boot. */
-cs->halted = 1;
cs->exception_index = EXCP_HLT;
}
@@ -865,7 +862,7 @@ void ppce500_init(MachineState *machine)
CPUState *cs;
qemu_irq *input;
-cpu = POWERPC_CPU(cpu_create(machine->cpu_type));
+cpu = POWERPC_CPU(object_new(machine->cpu_type));
env = &cpu->env;
cs = CPU(cpu);
@@ -875,6 +872,14 @@ void ppce500_init(MachineState *machine)
exit(1);
}
+/*
+ * Secondary CPU starts in halted state for now. Needs to change
+ * when implementing non-kernel boot.
+ */
+object_property_set_bool(OBJECT(cs), "start-powered-off", i != 0,
+ &error_fatal);
+qdev_realize_and_unref(DEVICE(cs), NULL, &error_fatal);
+
if (!firstenv) {
firstenv = env;
}
[PATCH v7 0/8] Generalize start-powered-off property from ARM
This version fixes `make check` failures in ppc/e500.c, mips/cps.c and sparc/sun4m.c. This was done by moving the qdev_realize_and_unref() call as close as possible to the object_new() call, in order to keep the CPU object construction as similar as possible to the earlier version which used cpu_create(). I also had to change the patch which removed the main_cpu_reset() function from sparc/sun4m.c. It was causing a `make check` failure but I can't really explain why. See this message for a few more details: https://lists.nongnu.org/archive/html/qemu-ppc/2020-08/msg00419.html I dropped the Reviewed-by's on the changed patches because of these changes. Original cover letter below, followed by changelog: The ARM code has a start-powered-off property in ARMCPU, which is a subclass of CPUState. This property causes arm_cpu_reset() to set CPUState::halted to 1, signalling that the CPU should start in a halted state. Other architectures also have code which aim to achieve the same effect, but without using a property. The ppc/spapr version has a bug where QEMU does a KVM_RUN on the vcpu before cs->halted is set to 1, causing the vcpu to run while it's still in an unitialized state (more details in patch 3). Peter Maydell mentioned the ARM start-powered-off property and Eduardo Habkost suggested making it generic, so this patch series does that, for all cases which I was able to find via grep in the code. The only problem is that I was only able to test these changes on a ppc64le pseries KVM guest, so except for patches 2 and 3, all others are only build-tested. Also, my grasp of QOM lifecycle is basically non-existant so please be aware of that when reviewing this series. The last patch may be wrong, as pointed out by Eduardo, so I marked it as RFC. It may make sense to drop it. Changes since v6: Patch "ppc/e500: Use start-powered-off CPUState property" Patch "mips/cps: Use start-powered-off CPUState property" - Moved setting of start-powered-off property and qdev_realize_and_unref() to right after object_new(machine->cpu_type). - Dropped Philippe's Reviewed-by due to this change. Patch "sparc/sun4m: Remove main_cpu_reset()" - Dropped. Patch "sparc/sun4m: Don't set cs->halted = 0 in main_cpu_reset()" - New patch. Patch "sparc/sun4m: Use start-powered-off CPUState property" - Merged secondary_cpu_reset() with main_cpu_reset(). - Dropped Philippe's Reviewed-by due to this change. Changes since v5: Patch "ppc/e500: Use start-powered-off CPUState property" Patch "mips/cps: Use start-powered-off CPUState property" Patch "sparc/sun4m: Remove main_cpu_reset()" Patch "target/s390x: Use start-powered-off CPUState property" - Added Philippe's Reviewed-by. Patch "sparc/sun4m: Use start-powered-off CPUState property" - Move call to qdev_realize_and_unref() right after object_property_set_bool(), as suggested by Philippe. Changes since v4: Patch "ppc/e500: Use start-powered-off CPUState property" Patch "sparc/sun4m: Use start-powered-off CPUState property" - Use qdev_realize_and_unref() instead of qdev_realize(), as suggested by Igor. - Pass &error_fatal to qdev_realize_and_unref() instead of manually reporting the error and exiting QEMU, as suggested by Philippe. - Changed object_property_set_bool() to use &error_fatal instead of &error_abort. Patch "mips/cps: Use start-powered-off CPUState property" - Use qdev_realize_and_unref() instead of qdev_realize(), as suggested by Igor. - Use existing errp argument to propagate error back to the caller, as suggested by Philippe. - Changed object_property_set_bool() to use existing errp argument to propagate error back to the caller instead of using &error_abort. Changes since v3: General: - Added David's, Greg's and Cornelia's Reviewed-by and Acked-by to some of the patches. - Rebased on top of dgibson/ppc-for-5.2. Patch "ppc/e500: Use start-powered-off CPUState property" Patch "mips/cps: Use start-powered-off CPUState property" Patch "sparc/sun4m: Use start-powered-off CPUState property" - Initialize CPU object with object_new() and qdev_realize() instead of cpu_create(). - Removed Reviewed-by's and Acked-by's from these patches because of these changes. Changes since v2: General: - Added Philippe's Reviewed-by to some of the patches. Patch "ppc/spapr: Use start-powered-off CPUState property" - Set the CPUState::start_powered_off variable directly rather than using object_property_set_bool(). Suggested by Philippe. Patch "sparc/sun4m: Remove main_cpu_reset()" - New patch. Suggested by Philippe. Patch "sparc/sun4m: Use start-powered-off CPUState property" - Remove secondary_cpu_reset(). Suggested by Philippe. - Remove setting of `cs->halted = 1` from cpu_devinit(). Suggested by Philippe. Patch "Don't set CPUState::halted in cpu_devinit()" - Squashed into previous patch. Suggested by Philippe. Patch "sparc/sun4m: Use one cpu_reset() function for main and secondary CPUs" - Dropped. Patch "target/s390x: Use start-powered-off CPUSta
[PATCH v7 1/8] target/arm: Move start-powered-off property to generic CPUState
There are other platforms which also have CPUs that start powered off, so
generalize the start-powered-off property so that it can be used by them.
Note that ARMv7MState also has a property of the same name but this patch
doesn't change it because that class isn't a subclass of CPUState so it
wouldn't be a trivial change.
This change should not cause any change in behavior.
Suggested-by: Eduardo Habkost
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: David Gibson
Reviewed-by: Greg Kurz
Signed-off-by: Thiago Jung Bauermann
---
exec.c| 1 +
include/hw/core/cpu.h | 4
target/arm/cpu.c | 5 ++---
target/arm/cpu.h | 3 ---
target/arm/kvm32.c| 2 +-
target/arm/kvm64.c| 2 +-
6 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/exec.c b/exec.c
index 6f381f98e2..82e82fab09 100644
--- a/exec.c
+++ b/exec.c
@@ -899,6 +899,7 @@ Property cpu_common_props[] = {
DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
MemoryRegion *),
#endif
+DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
DEFINE_PROP_END_OF_LIST(),
};
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 8f145733ce..9fc2696db5 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -374,6 +374,10 @@ struct CPUState {
bool created;
bool stop;
bool stopped;
+
+/* Should CPU start in powered-off state? */
+bool start_powered_off;
+
bool unplug;
bool crash_occurred;
bool exit_request;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 111579554f..ec65c7653f 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -174,8 +174,8 @@ static void arm_cpu_reset(DeviceState *dev)
env->vfp.xregs[ARM_VFP_MVFR1] = cpu->isar.mvfr1;
env->vfp.xregs[ARM_VFP_MVFR2] = cpu->isar.mvfr2;
-cpu->power_state = cpu->start_powered_off ? PSCI_OFF : PSCI_ON;
-s->halted = cpu->start_powered_off;
+cpu->power_state = s->start_powered_off ? PSCI_OFF : PSCI_ON;
+s->halted = s->start_powered_off;
if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
@@ -2182,7 +2182,6 @@ static const ARMCPUInfo arm_cpus[] = {
};
static Property arm_cpu_properties[] = {
-DEFINE_PROP_BOOL("start-powered-off", ARMCPU, start_powered_off, false),
DEFINE_PROP_UINT32("psci-conduit", ARMCPU, psci_conduit, 0),
DEFINE_PROP_UINT64("midr", ARMCPU, midr, 0),
DEFINE_PROP_UINT64("mp-affinity", ARMCPU,
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 9e8ed423ea..a925d26996 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -810,9 +810,6 @@ struct ARMCPU {
*/
uint32_t psci_version;
-/* Should CPU start in PSCI powered-off state? */
-bool start_powered_off;
-
/* Current power state, access guarded by BQL */
ARMPSCIState power_state;
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index 0af46b41c8..1f2b8f8b7a 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -218,7 +218,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
/* Determine init features for this CPU */
memset(cpu->kvm_init_features, 0, sizeof(cpu->kvm_init_features));
-if (cpu->start_powered_off) {
+if (cs->start_powered_off) {
cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF;
}
if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) {
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index 1169237905..f8a6d905fb 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -775,7 +775,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
/* Determine init features for this CPU */
memset(cpu->kvm_init_features, 0, sizeof(cpu->kvm_init_features));
-if (cpu->start_powered_off) {
+if (cs->start_powered_off) {
cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF;
}
if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) {
[PATCH v7 3/8] ppc/spapr: Use start-powered-off CPUState property
PowerPC sPAPR CPUs start in the halted state, and spapr_reset_vcpu()
attempts to implement this by setting CPUState::halted to 1. But that's too
late for the case of hotplugged CPUs in a machine configure with 2 or more
threads per core.
By then, other parts of QEMU have already caused the vCPU to run in an
unitialized state a couple of times. For example, ppc_cpu_reset() calls
ppc_tlb_invalidate_all(), which ends up calling async_run_on_cpu(). This
kicks the new vCPU while it has CPUState::halted = 0, causing QEMU to issue
a KVM_RUN ioctl on the new vCPU before the guest is able to make the
start-cpu RTAS call to initialize its register state.
This problem doesn't seem to cause visible issues for regular guests, but
on a secure guest running under the Ultravisor it does. The Ultravisor
relies on being able to snoop on the start-cpu RTAS call to map vCPUs to
guests, and this issue causes it to see a stray vCPU that doesn't belong to
any guest.
Fix by setting the start-powered-off CPUState property in
spapr_create_vcpu(), which makes cpu_common_reset() initialize
CPUState::halted to 1 at an earlier moment.
Suggested-by: Eduardo Habkost
Acked-by: David Gibson
Reviewed-by: Greg Kurz
Signed-off-by: Thiago Jung Bauermann
---
hw/ppc/spapr_cpu_core.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index c4f47dcc04..2125fdac34 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -36,11 +36,6 @@ static void spapr_reset_vcpu(PowerPCCPU *cpu)
cpu_reset(cs);
-/* All CPUs start halted. CPU0 is unhalted from the machine level
- * reset code and the rest are explicitly started up by the guest
- * using an RTAS call */
-cs->halted = 1;
-
env->spr[SPR_HIOR] = 0;
lpcr = env->spr[SPR_LPCR];
@@ -274,6 +269,11 @@ static PowerPCCPU *spapr_create_vcpu(SpaprCpuCore *sc, int
i, Error **errp)
cs = CPU(obj);
cpu = POWERPC_CPU(obj);
+/*
+ * All CPUs start halted. CPU0 is unhalted from the machine level reset
code
+ * and the rest are explicitly started up by the guest using an RTAS call.
+ */
+cs->start_powered_off = true;
cs->cpu_index = cc->core_id + i;
spapr_set_vcpu_id(cpu, cs->cpu_index, &local_err);
if (local_err) {
Re: [PULL] nvme updates
On Aug 26 07:28, Keith Busch wrote:
> On Tue, Aug 25, 2020 at 10:43:23PM +0100, Peter Maydell wrote:
> > On Tue, 25 Aug 2020 at 21:12, Keith Busch wrote:
> > >
> > > On Sun, Aug 23, 2020 at 02:56:12PM +0100, Peter Maydell wrote:
> > > > Hi; it looks like this isn't a gpg-signed tag?
> > > >
> > > > error: remotes/nvme/nvme-next: cannot verify a non-tag object of type
> > > > commit.
> > >
> > > Oops, sorry I forgot about that part of the procedure here. The repo
> > > should
> > > have a signed tag now:
> >
> > Thanks; the gpg key setup looks ok.
> >
> > I notice that all the commits in the repo have Klaus's signed-off-by.
> > Usually the expectation is that the person who sends the pull req
> > is the one who's curated the tree and added their signed-off-by,
> > but are you doing a jointly-administered tree here ?
>
> Right, Klaus is the primary committer for our joint repository, and I
> added his info to the MAINTAINERS file in the first commit of this pull.
> Since he's not currently listed upstream, I thought it made sense to
> make the introduction here. We'll coordinate pull requests as you've
> described going forward.
>
> > The build has a format string issue that shows up on OSX, Windows,
> > and 32-bit builds:
>
> Sorry about that, we'll fix it up ASAP.
>
> > In file included from ../../hw/block/trace.h:1:0,
> > from ../../hw/block/fdc.c:48:
> > ./trace/trace-hw_block.h: In function '_nocheck__trace_pci_nvme_err_mdts':
> > ./trace/trace-hw_block.h:2162:18: error: format '%llu' expects
> > argument of type 'long long unsigned int', but argument 6 has type
> > 'size_t {aka unsigned int}' [-Werror=format=]
> > qemu_log("%d@%zu.%06zu:pci_nvme_err_mdts " "cid %"PRIu16" len
> > %"PRIu64"" "\n",
> > ^
> >
That's on me. Keith, fixed in our tree now.
Peter, this doesn't seem to get picked up by, say, `make
docker-test-mingw@fedora`. Should it?
signature.asc
Description: PGP signature
Re: [PATCH v6 4/8] ppc/e500: Use start-powered-off CPUState property
Philippe Mathieu-Daudé writes:
> On 8/22/20 10:59 AM, Cédric Le Goater wrote:
>> Hello,
>>
>> On 8/19/20 6:43 PM, Thiago Jung Bauermann wrote:
>>> Instead of setting CPUState::halted to 1 in ppce500_cpu_reset_sec(), use
>>> the start-powered-off property which makes cpu_common_reset() initialize it
>>> to 1 in common code.
>>>
>>> Also change creation of CPU object from cpu_create() to object_new() and
>>> qdev_realize_and_unref() because cpu_create() realizes the CPU and it's not
>>> possible to set a property after the object is realized.
>>>
>>> Reviewed-by: Philippe Mathieu-Daudé
>>> Signed-off-by: Thiago Jung Bauermann
>>
>>
>> This is breaking make check :
>>
>> tests/qtest/libqtest.c:175: kill_qemu() detected QEMU death from signal
>> 11 (Segmentation fault) (core dumped)
>> ERROR boot-serial-test - too few tests run (expected 7, got 0)
>> make: ***
>> [/home/legoater/work/qemu/qemu-powernv-5.2.git/tests/Makefile.include:650:
>> check-qtest-ppc64] Error 1
>> make: *** Waiting for unfinished jobs
>>
>>
>> gdb --args build/ppc64-softmmu/qemu-system-ppc64 -display none -M
>> ppce500
>> ...
>> Thread 1 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
>> 0x5596ebf2 in ppce500_init (machine=0x567aa6e0)
>> at /home/legoater/work/qemu/qemu-powernv-5.2.git/hw/ppc/e500.c:880
>> 880 irqs[i].irq[OPENPIC_OUTPUT_INT] =
>> input[PPCE500_INPUT_INT];
>>
>>
>> AFAIUI, 'input is not initialized since the CPU is not yet realized.
>
> Thiago, see ad938fc1d53 ("hw/arm/palm.c: Encapsulate misc GPIO handling
> in a device") and eventually f8a865d36dc ("hw/arm/allwinner-a10:
> Simplify by passing IRQs with qdev_pass_gpios") to get an idea how you
> can fix that.
I ended up not following this route. There were other patches in this
series which also caused problems in make check, but in those cases it
wasn't related to IRQ setup.
I started feeling like I had fallen into a rabbit hole so I opted
instead to solve these problems by minimizing the consequences of the
changes made by this patch series.
--
Thiago Jung Bauermann
IBM Linux Technology Center
Re: [PATCH] meson: don't require CONFIG_VTE for the GTK UI
On Tue, Aug 25, 2020 at 11:23:10PM +0100, Mark Cave-Ayland wrote: > Prevously CONFIG_VTE was not required to build QEMU with GTK UI support as not > all platforms have VTE available (in particular Windows). > > Remove this requirement from the meson build system to enable QEMU to be built > with GTK UI support for Windows once again. Reviewed-by: Gerd Hoffmann
Re: [PATCH v3 14/74] hcd-dwc2: Rename USB_*CLASS macros for consistency
On Tue, Aug 25, 2020 at 03:20:10PM -0400, Eduardo Habkost wrote: > Rename the DWC2_CLASS to DWC2_USB_CLASS and DWC2_GET_CLASS to > DWC2_USB_GET_CLASS, for consistency with the DWC2_USB macro. > > Reviewed-by: Philippe Mathieu-Daudé > Reviewed-by: Daniel P. Berrangé > Signed-off-by: Eduardo Habkost Reviewed-by: Gerd Hoffmann
Re: [PATCH] meson: set colorout to auto
On Tue, Aug 25, 2020 at 06:26:33AM -0700, Richard Henderson wrote: > On 8/24/20 11:43 PM, Gerd Hoffmann wrote: > > Dunno why the default is set to "always". IMHO it should be "auto", > > i.e. only colorize in case stdout goes to a terminal. Cluttering > > logfiles and confusing compiler message parsers with terminal control > > sequences is not nice ... > > > > Signed-off-by: Gerd Hoffmann > > --- > > meson.build | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > Yes please. All the color escape codes has broken emacs make next-error. > > Although applying this doesn't seem to have helped... meson remembers the state of the options, so running a build alone doesn't help. rm -rf $builddir and starting over will pick up the new default. You can probably also use "meson configure $something". HTH, Gerd
[Bug 1892978] [NEW] Heap-use-after-free in e1000e_write_packet_to_guest
Public bug reported: Hello, Reproducer: cat << EOF | ./qemu-system-i386 \ -display none -m 64 -netdev user,id=qtest-bn0 \ -device e1000e,netdev=qtest-bn0 -display none \ -nodefaults -accel qtest -qtest stdio outl 0xcf8 0x80001004 outl 0xcfc 0x3b2e84ce outl 0xcf8 0x80001013 outw 0xcfc 0x2499 writew 0x99ff 0x5ea2 writeq 0x99000429 0x133a94188101 outl 0xcfc 0x9b890e04 writeq 0x4000119 0x555ec751c0d write 0x10707 0x1 0x07 write 0x51 0x1 0x04 write 0x53 0x1 0x04 write 0x140 0x1 0x07 write 0x141 0x1 0x07 write 0x142 0x1 0x01 write 0x148 0x1 0x40 write 0x14a 0x1 0x7d write 0x14b 0x1 0xff writeq 0x4000401 0x413001600027d EOF The stacktrace: [S +0.090759] OK [R +0.090767] writeq 0x4000401 0x413001600027d = ==935641==ERROR: AddressSanitizer: heap-use-after-free on address 0x6196cc88 at pc 0x555613393d45 bp 0x7fff92f8b7f0 sp 0x7fff92f8b7e8 READ of size 8 at 0x6196cc88 thread T0 #0 0x555613393d44 in e1000e_write_packet_to_guest /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:1587:41 #1 0x55561338e419 in e1000e_receive_iov /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:1709:9 #2 0x55561319680b in e1000e_nc_receive_iov /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e.c:213:12 #3 0x555612812581 in net_tx_pkt_sendv /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/net_tx_pkt.c:556:9 #4 0x55561280fbc8 in net_tx_pkt_send /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/net_tx_pkt.c:633:9 #5 0x555612813f38 in net_tx_pkt_send_loopback /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/net_tx_pkt.c:646:11 #6 0x5556133f8c07 in e1000e_tx_pkt_send /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:664:16 #7 0x5556133f5359 in e1000e_process_tx_desc /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:743:17 #8 0x5556133f302f in e1000e_start_xmit /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:934:9 #9 0x5556133daba8 in e1000e_set_tctl /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:2431:9 #10 0x55561339901b in e1000e_core_write /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:3265:9 #11 0x555613190f26 in e1000e_mmio_write /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e.c:109:5 #12 0x55561508ade0 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/memory.c:483:5 #13 0x55561508a2bd in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/memory.c:544:18 #14 0x555615087f70 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/memory.c:1466:16 #15 0x555614ce68a6 in flatview_write_continue /home/alxndr/Development/qemu/general-fuzz/build/../exec.c:3176:23 #16 0x555614ccf878 in flatview_write /home/alxndr/Development/qemu/general-fuzz/build/../exec.c:3216:14 #17 0x555614ccf3a8 in address_space_write /home/alxndr/Development/qemu/general-fuzz/build/../exec.c:3308:18 #18 0x555614ccfc40 in address_space_rw /home/alxndr/Development/qemu/general-fuzz/build/../exec.c:3318:16 #19 0x5556133b76c7 in dma_memory_rw_relaxed /home/alxndr/Development/qemu/general-fuzz/include/sysemu/dma.h:87:18 #20 0x5556133b6ff5 in dma_memory_rw /home/alxndr/Development/qemu/general-fuzz/include/sysemu/dma.h:110:12 #21 0x5556133b6f3d in pci_dma_rw /home/alxndr/Development/qemu/general-fuzz/include/hw/pci/pci.h:790:5 #22 0x5556133b526a in pci_dma_write /home/alxndr/Development/qemu/general-fuzz/include/hw/pci/pci.h:803:12 #23 0x5556133b403f in e1000e_write_to_rx_buffers /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:1412:9 #24 0x555613393bae in e1000e_write_packet_to_guest /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:1582:21 #25 0x55561338e419 in e1000e_receive_iov /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:1709:9 #26 0x55561319680b in e1000e_nc_receive_iov /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e.c:213:12 #27 0x555612812581 in net_tx_pkt_sendv /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/net_tx_pkt.c:556:9 #28 0x55561280fbc8 in net_tx_pkt_send /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/net_tx_pkt.c:633:9 #29 0x555612813f38 in net_tx_pkt_send_loopback /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/net_tx_pkt.c:646:11 #30 0x5556133f8c07 in e1000e_tx_pkt_send /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:664:16 #31 0x5556133f5359 in e1000e_process_tx_desc /home/alxndr/Development/qemu/general-fuzz/build/../hw/net/e1000e_core.c:743:17 #32 0x5556133f302f in e1000e_start_xmit /home/alxndr/Development/qemu/general-fu
Re: [PULL 00/18] riscv-to-apply queue
On Wed, Aug 26, 2020 at 6:41 AM Alistair Francis wrote: > > On Tue, Aug 25, 2020 at 2:50 PM Peter Maydell > wrote: > > > > On Tue, 25 Aug 2020 at 22:32, Alistair Francis wrote: > > > > > > On Tue, Aug 25, 2020 at 2:24 PM Peter Maydell > > > wrote: > > > > The hypervisor related patches don't seem to have any > > > > reviewed-by tags, which seems a shame for a fairly significant > > > > chunk of work. Is there really nobody who can review them > > > > for you ? > > > > > > Unfortunately not. They have been on the list since April and haven't > > > received any feedback. > > > > > > There isn't a lot of people reviewing the RISC-V patches unfortunately. > > > > :-( I'd hoped it was a more active target than that. > > There are lots of active contributors, we are just short on reviewers. > > Richard and Philippe review patches and some of the RISC-V patches get > reviewed by the RISC-V community. The main problem (which is a common > problem in open source) is that large technical patch series just get > ignored. Yep, I am only comfortable reviewing patches which I have confidence in. Right now I am not working on any H- or V - extension for RISC-V so I cannot contribute to any review of these large numbers of H- or V- extension related patches. Sorry! Regards, Bin
Re: [PATCH v6 6/8] sparc/sun4m: Remove main_cpu_reset()
Thiago Jung Bauermann writes:
> We rely on cpu_common_reset() to set cs->halted to 0, so main_cpu_reset()
> is pointless.
>
> Suggested-by: Philippe Mathieu-Daudé
> Reviewed-by: Philippe Mathieu-Daudé
> Reviewed-by: David Gibson
> Signed-off-by: Thiago Jung Bauermann
> ---
> hw/sparc/sun4m.c | 13 +
> 1 file changed, 1 insertion(+), 12 deletions(-)
>
> diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
> index cf7dfa4af5..22c51dac8a 100644
> --- a/hw/sparc/sun4m.c
> +++ b/hw/sparc/sun4m.c
> @@ -218,15 +218,6 @@ static void dummy_cpu_set_irq(void *opaque, int irq, int
> level)
> {
> }
>
> -static void main_cpu_reset(void *opaque)
> -{
> -SPARCCPU *cpu = opaque;
> -CPUState *cs = CPU(cpu);
> -
> -cpu_reset(cs);
> -cs->halted = 0;
> -}
> -
> static void secondary_cpu_reset(void *opaque)
> {
> SPARCCPU *cpu = opaque;
> @@ -827,9 +818,7 @@ static void cpu_devinit(const char *cpu_type, unsigned
> int id,
> env = &cpu->env;
>
> cpu_sparc_set_id(env, id);
> -if (id == 0) {
> -qemu_register_reset(main_cpu_reset, cpu);
> -} else {
> +if (id != 0) {
> qemu_register_reset(secondary_cpu_reset, cpu);
> cs = CPU(cpu);
> cs->halted = 1;
Surprisingly, this patch also causes a make check failure:
$ make && make check-qtest
GEN docs/index.html
CC qga/main.o
CC qemu-nbd.o
CC qemu-storage-daemon.o
CC monitor/qmp-cmds-control.o
CC qemu-img.o
CC qemu-io.o
CC sparc-softmmu/hw/sparc/sun4m.o
CC sparc-softmmu/softmmu/vl.o
LINKqemu-ga
LINKqemu-nbd
LINKqemu-storage-daemon
LINKqemu-img
LINKsparc-softmmu/qemu-system-sparc
LINKqemu-io
TESTcheck-qtest-sparc: tests/qtest/prom-env-test
Broken pipe
/home/bauermann/trabalho/src/qemu/tests/qtest/libqtest.c:175: kill_qemu()
detected QEMU death from signal 11 (Segmentation fault) (core dumped)
ERROR prom-env-test - too few tests run (expected 3, got 0)
make: *** [/home/bauermann/trabalho/src/qemu/tests/Makefile.include:650:
check-qtest-sparc] Fehler 1
Here's what I got from the core file:
$ gdb sparc-softmmu/qemu-system-sparc core.645493
Reading symbols from sparc-softmmu/qemu-system-sparc...
[New LWP 645497]
[New LWP 645496]
[New LWP 645493]
[New LWP 645495]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `sparc-softmmu/qemu-system-sparc -qtest
unix:/tmp/qtest-645490.sock -qtest-log /'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x in ?? ()
[Current thread is 1 (Thread 0x7f713ce60700 (LWP 645497))]
(gdb) bt
#0 0x in ()
#1 0x557b3d6155c5 in helper_compute_psr (env=env@entry=0x557b3f444030) at
/home/bauermann/trabalho/src/qemu/target/sparc/cc_helper.c:459
#2 0x557b3d6156e9 in cpu_get_psr (env=env@entry=0x557b3f444030) at
/home/bauermann/trabalho/src/qemu/target/sparc/win_helper.c:56
#3 0x557b3d61779c in sparc_cpu_do_interrupt (cs=0x557b3f43b7f0) at
/home/bauermann/trabalho/src/qemu/target/sparc/int32_helper.c:76
#4 0x557b3d5e29a6 in cpu_handle_exception (ret=,
cpu=0x557b3f43b7f0) at
/home/bauermann/trabalho/src/qemu/accel/tcg/cpu-exec.c:504
#5 cpu_exec (cpu=cpu@entry=0x557b3f43b7f0) at
/home/bauermann/trabalho/src/qemu/accel/tcg/cpu-exec.c:729
#6 0x557b3d5f6c85 in tcg_cpu_exec (cpu=) at
/home/bauermann/trabalho/src/qemu/softmmu/cpus.c:1356
#7 qemu_tcg_rr_cpu_thread_fn (arg=arg@entry=0x557b3f43b7f0) at
/home/bauermann/trabalho/src/qemu/softmmu/cpus.c:1458
#8 0x557b3d81e919 in qemu_thread_start (args=0x7f713ce5e930) at
/home/bauermann/trabalho/src/qemu/util/qemu-thread-posix.c:521
#9 0x7f717dc6b432 in start_thread () at /lib64/libpthread.so.0
#10 0x7f717db99913 in clone () at /lib64/libc.so.6
(gdb) up
#1 0x557b3d6155c5 in helper_compute_psr (env=env@entry=0x557b3f444030) at
/home/bauermann/trabalho/src/qemu/target/sparc/cc_helper.c:459
459 new_psr = icc_table[CC_OP].compute_all(env);
(gdb) list
454
455 void helper_compute_psr(CPUSPARCState *env)
456 {
457 uint32_t new_psr;
458
459 new_psr = icc_table[CC_OP].compute_all(env);
460 env->psr = new_psr;
461 #ifdef TARGET_SPARC64
462 new_psr = xcc_table[CC_OP].compute_all(env);
463 env->xcc = new_psr;
CC_OP is:
#define CC_OP (env->cc_op)
So:
(gdb) p env->cc_op
$1 = 0
0 is CC_OP_DYNAMIC, but the icc_table definition says:
static const CCTable icc_table[CC_OP_NB] = {
/* CC_OP_DYNAMIC should never happen */
I don't know what is going on. So I will change this patch to keep
main_cpu_reset() but drop the line which sets cs->halted to 0 (which
does pass make check).
--
Thiago Jung Bauermann
IBM Linux Technology Center
[Bug 1892966] [NEW] Null-pointer dereference in blk_bs through ide_cancel_dma_sync
Public bug reported: Hello, Reproducer: cat << EOF | ./qemu-system-i386 -M pc \ -drive file=null-co://,if=none,format=raw,id=disk0 \ -device ide-hd,drive=disk0,bus=ide.1,unit=1 \ -display none -nodefaults -display none -qtest stdio -accel qtest outw 0x176 0x35b3 outb 0x376 0x5f outb 0x376 0x40 outl 0xcf8 0x8904 outl 0xcfc 0x5c0525b7 outb 0x176 0x0 outl 0xcf8 0x891e outl 0xcfc 0xd7580584 write 0x187 0x1 0x34 write 0x277 0x1 0x34 write 0x44f 0x1 0x5c write 0x53f 0x1 0x5c write 0x717 0x1 0x34 write 0x807 0x1 0x34 write 0x9df 0x1 0x5c write 0xbb7 0x1 0x34 write 0xca7 0x1 0x34 write 0xe7f 0x1 0x5c write 0xf6f 0x1 0x5c outb 0xd758 0x5f outb 0xd758 0x40 EOF Trace: [S +0.083320] OK [R +0.083328] outb 0xd758 0x5f OK [S +0.084167] OK [R +0.084183] outb 0xd758 0x40 ../block/block-backend.c:714:17: runtime error: member access within null pointer of type 'BlockBackend' (aka 'struct BlockBackend') SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../block/block-backend.c:714:17 in AddressSanitizer:DEADLYSIGNAL = ==843136==ERROR: AddressSanitizer: SEGV on unknown address 0x0010 (pc 0x5593520d8ebc bp 0x7ffc0bb9e0b0 sp 0x7ffc0bb9e010 T0) ==843136==The signal is caused by a READ memory access. ==843136==Hint: address points to the zero page. #0 0x5593520d8ebc in blk_bs /home/alxndr/Development/qemu/general-fuzz/build/../block/block-backend.c:714:12 #1 0x5593520d2d07 in blk_drain /home/alxndr/Development/qemu/general-fuzz/build/../block/block-backend.c:1715:28 #2 0x55935096e9dc in ide_cancel_dma_sync /home/alxndr/Development/qemu/general-fuzz/build/../hw/ide/core.c:723:9 #3 0x55934f96b9ed in bmdma_cmd_writeb /home/alxndr/Development/qemu/general-fuzz/build/../hw/ide/pci.c:298:13 #4 0x55934fea0547 in bmdma_write /home/alxndr/Development/qemu/general-fuzz/build/../hw/ide/piix.c:75:9 #5 0x55935175dde0 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/memory.c:483:5 #6 0x55935175d2bd in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/memory.c:544:18 #7 0x55935175af70 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/memory.c:1466:16 #8 0x5593513b98a6 in flatview_write_continue /home/alxndr/Development/qemu/general-fuzz/build/../exec.c:3176:23 #9 0x5593513a2878 in flatview_write /home/alxndr/Development/qemu/general-fuzz/build/../exec.c:3216:14 #10 0x5593513a23a8 in address_space_write /home/alxndr/Development/qemu/general-fuzz/build/../exec.c:3308:18 #11 0x559351803e07 in cpu_outb /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/ioport.c:60:5 #12 0x5593516c7b6d in qtest_process_command /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/qtest.c:392:13 #13 0x5593516c363e in qtest_process_inbuf /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/qtest.c:710:9 #14 0x5593516c23e3 in qtest_read /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/qtest.c:722:5 #15 0x5593527c8762 in qemu_chr_be_write_impl /home/alxndr/Development/qemu/general-fuzz/build/../chardev/char.c:188:9 #16 0x5593527c88aa in qemu_chr_be_write /home/alxndr/Development/qemu/general-fuzz/build/../chardev/char.c:200:9 #17 0x5593527ee514 in fd_chr_read /home/alxndr/Development/qemu/general-fuzz/build/../chardev/char-fd.c:68:9 #18 0x5593526da736 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/general-fuzz/build/../io/channel-watch.c:84:12 #19 0x7f3be18ef4cd in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x504cd) #20 0x559352c65c67 in glib_pollfds_poll /home/alxndr/Development/qemu/general-fuzz/build/../util/main-loop.c:217:9 #21 0x559352c63567 in os_host_main_loop_wait /home/alxndr/Development/qemu/general-fuzz/build/../util/main-loop.c:240:5 #22 0x559352c62f47 in main_loop_wait /home/alxndr/Development/qemu/general-fuzz/build/../util/main-loop.c:516:11 #23 0x55935144108d in qemu_main_loop /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/vl.c:1676:9 #24 0x55934edd351c in main /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/main.c:50:5 #25 0x7f3be10f8cc9 in __libc_start_main csu/../csu/libc-start.c:308:16 #26 0x55934ed28cf9 in _start (/home/alxndr/Development/qemu/general-fuzz/build/qemu-system-i386+0x2cb0cf9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/alxndr/Development/qemu/general-fuzz/build/../block/block-backend.c:714:12 in blk_bs ==843136==ABORTING -Alex ** Affects: qemu Importance: Undecided Status: New -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1892966 Title: Null-pointer dereference in blk_bs through ide_cancel_dma_sync Status in QEMU: New Bug descrip
Re: [PATCH 2/2] target/i386: Add missed features to Cooperlake CPU model
On 8/25/2020 10:01 PM, Eduardo Habkost wrote:
On Tue, Aug 25, 2020 at 08:20:35AM +0800, Xiaoyao Li wrote:
On 8/25/2020 6:07 AM, Eduardo Habkost wrote:
On Wed, Dec 25, 2019 at 02:30:18PM +0800, Xiaoyao Li wrote:
It lacks VMX features and two security feature bits (disclosed recently) in
MSR_IA32_ARCH_CAPABILITIES in current Cooperlake CPU model, so add them.
Fixes: 22a866b6166d ("i386: Add new CPU model Cooperlake")
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.c | 51 ++-
1 file changed, 50 insertions(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index e1eb9f473989..c9798ac8652b 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3198,7 +3198,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
CPUID_7_0_EDX_SPEC_CTRL_SSBD | CPUID_7_0_EDX_ARCH_CAPABILITIES,
.features[FEAT_ARCH_CAPABILITIES] =
MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_IBRS_ALL |
-MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO,
+MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO |
+MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_TAA_NO,
This seems to break on some Cooperlake hosts, see:
https://bugzilla.redhat.com/show_bug.cgi?id=1860743
Are all Cooperlake hosts supposed to have TAA_NO set? Are there
hosts where this requires a microcode update to be installed?
All the production CPX in market should have IAA_NO bit. We can check it
directly with rdmsr(0x10a).
The problem of this issue is due to commit db616173d787 ("x86/tsx: Add
config options to set tsx=on|off|auto"), which sets the default to "off" for
100% safety. However, default to off may cause noticeable regressions on TSX
safe platform, e.g., CPX.
Maybe we need to set CONFIG_X86_INTEL_TSX_MODE_AUTO=y for OSV released
kernel?
Considering that disabling TSX is a policy decision likely to be
taken by the OS vendor or by the system administrator, we could
at least make the CPU model easier to use on those cases.
Maybe we should provide a version of Cooperlake without TSX, like
we already do for the other CPU models?
sure we can do it.
RE: [PATCH v2 03/10] target/arm/translate-a64:Remove dead assignment in handle_scalar_simd_shli()
> On Tue, 25 Aug 2020 at 12:26, Chen Qun wrote: > > > > Clang static code analyzer show warning: > > target/arm/translate-a64.c:8635:14: warning: Value stored to 'tcg_rn' > > during its initialization is never read > > TCGv_i64 tcg_rn = new_tmp_a64(s); > > ^~ ~~ > > target/arm/translate-a64.c:8636:14: warning: Value stored to 'tcg_rd' > > during its initialization is never read > > TCGv_i64 tcg_rd = new_tmp_a64(s); > > ^~ ~~ > > > > There is a memory leak for the variable new_tmp_a64 "s". > > There is not, because TCG temps allocated via new_tmp_a64() are all freed via > free_tmp_a64() at the end of disas_a64_insn(). > OK, I'll delete that description later. Thanks, ChenQun
RE: [PATCH v2 08/10] usb/bus: Remove dead assignment in usb_get_fw_dev_path()
> > > hw/usb/bus.c | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/hw/usb/bus.c b/hw/usb/bus.c index
> > > b17bda3b29..7bab0499ad
> > > 100644
> > > --- a/hw/usb/bus.c
> > > +++ b/hw/usb/bus.c
> > > @@ -612,8 +612,8 @@ static char *usb_get_fw_dev_path(DeviceState
> > > *qdev)
> >if (in[0] == '.') {
> >/* some hub between root port and device */
> >pos += snprintf(fw_path + pos, fw_len - pos,
> > "hub@%lx/", nr);
> > > in++;
> > > } else {
> > > /* the device itself */
> > > -pos += snprintf(fw_path + pos, fw_len - pos, "%s@%lx",
> > > -qdev_fw_name(qdev), nr);
> > > +snprintf(fw_path + pos, fw_len - pos, "%s@%lx",
> > qdev_fw_name(qdev),
> > > + nr);
> > > break;
> > > }
> > > }
> >
> > I'd prefer to keep the line break where it is:
> >
> > snprintf(fw_path + pos, fw_len - pos, "%s@%lx",
> > qdev_fw_name(qdev), nr);
> >
> > The patch is safe, so
> > Reviewed-by: Markus Armbruster
> >
> > The loss of symmetry betwen the two arms of the if is a bit sad. Up to
> > Gerd.
>
> If symmetry looks better. I should change it later.
Oops, I think I just misunderstood you. I agree with your suggestion to the
formatting of the "snprintf(***)" statement.
If the 'pos' assignment is useless, we delete it avoid warning that are always
detected by some tools.
Thanks,
Chen Qun
[Bug 1892963] [NEW] Heap-use-after-free in put_dwords through ehci_flush_qh
Public bug reported: Hello, Reproducer: cat << EOF | ./qemu-system-i386 -machine q35 \ -device ich9-usb-ehci1,bus=pcie.0,addr=1d.7,\ multifunction=on,id=ich9-ehci-1 \ -drive if=none,id=usbcdrom,media=cdrom \ -device usb-storage,bus=ich9-ehci-1.0,\ port=2,drive=usbcdrom \ -display none -nodefaults -qtest stdio -accel qtest outl 0xcf8 0x8000ef02 outl 0xcfc 0xfbff0061 outl 0xcf8 0x8000ef11 outl 0xcfc 0x60606060 writeq 0x60606065 0xb70560ff847f writeq 0x60606065 0xff0004fe05ff writeq 0x60606020 0xff015e5c057b0039 writeq 0x60606033 0x846c8a020611 write 0x204 0x4 0x4a606060 write 0x8 0x4 0x97a98095 write 0x0 0x4 0x4a606060 write 0x4 0x4 0x97a98095 write 0xc 0x4 0x4a606060 write 0x10 0x4 0x97a98095 write 0x14 0x4 0x4a606060 write 0x18 0x4 0x97a98095 write 0x1c 0x4 0x4a606060 clock_step EOF The trace: 797726@1598407357.169284:usb_port_claim bus 0, port 2 797726@1598407357.169585:usb_port_attach bus 0, port 2, devspeed full+high+super, portspeed high 797726@1598407357.169598:usb_ehci_port_attach attach port #1, owner ehci, device QEMU USB MSD 797726@1598407357.169608:usb_ehci_irq level 0, frindex 0x, sts 0x4, mask 0x0 797726@1598407357.186943:usb_ehci_reset === RESET === 797726@1598407357.186960:usb_ehci_port_detach detach port #1, owner ehci 797726@1598407357.186968:usb_ehci_irq level 0, frindex 0x, sts 0x4, mask 0x0 797726@1598407357.186976:usb_ehci_irq level 0, frindex 0x, sts 0x1000, mask 0x0 797726@1598407357.186984:usb_ehci_port_attach attach port #1, owner ehci, device QEMU USB MSD 797726@1598407357.186989:usb_ehci_irq level 0, frindex 0x, sts 0x1004, mask 0x0 [R +0.073737] outl 0xcf8 0x8000ef02 OK [S +0.073774] OK [R +0.073801] outl 0xcfc 0xfbff0061 OK [S +0.075074] OK [R +0.075108] outl 0xcf8 0x8000ef11 OK [S +0.075126] OK [R +0.075135] outl 0xcfc 0x60606060 OK [S +0.076290] OK [R +0.076317] writeq 0x60606065 0xb70560ff847f 797726@1598407357.194959:usb_ehci_portsc_write wr mmio 0x0048 [port 1] = 0x560ff84 797726@1598407357.194967:usb_ehci_port_reset reset port #1 - 1 797726@1598407357.194971:usb_ehci_port_suspend port #1 797726@1598407357.194975:usb_ehci_portsc_change ch mmio 0x0048 [port 1] = 0x601183 (old: 0x1003) OK [S +0.076363] OK [R +0.076377] writeq 0x60606065 0xff0004fe05ff 797726@1598407357.195005:usb_ehci_portsc_write wr mmio 0x0048 [port 1] = 0x4fe05 797726@1598407357.195011:usb_ehci_port_reset reset port #1 - 0 797726@1598407357.195019:usb_ehci_port_detach detach port #1, owner ehci 797726@1598407357.195026:usb_ehci_irq level 0, frindex 0x, sts 0x1004, mask 0x0 797726@1598407357.195034:usb_ehci_port_attach attach port #1, owner ehci, device QEMU USB MSD 797726@1598407357.195038:usb_ehci_irq level 0, frindex 0x, sts 0x1004, mask 0x0 797726@1598407357.195049:usb_ehci_portsc_change ch mmio 0x0048 [port 1] = 0x1005 (old: 0x601183) OK [S +0.076439] OK [R +0.076457] writeq 0x60606020 0xff015e5c057b0039 797726@1598407357.195087:usb_ehci_opreg_write wr mmio 0x0020 [USBCMD] = 0x57b0039 attempt to set frame list size -- value 8 797726@1598407357.195097:usb_ehci_usbsts usbsts HALT 0 797726@1598407357.195105:usb_ehci_opreg_change ch mmio 0x0020 [USBCMD] = 0x57b0031 (old: 0x8) 797726@1598407357.195111:usb_ehci_opreg_write wr mmio 0x0024 [USBSTS] = 0xff015e5c 797726@1598407357.195117:usb_ehci_usbsts usbsts PCD 0 797726@1598407357.195120:usb_ehci_usbsts usbsts FLR 0 797726@1598407357.195124:usb_ehci_usbsts usbsts HSE 0 797726@1598407357.195127:usb_ehci_irq level 0, frindex 0x, sts 0x0, mask 0x0 797726@1598407357.195132:usb_ehci_opreg_change ch mmio 0x0024 [USBSTS] = 0x0 (old: 0x4) OK [S +0.076519] OK [R +0.076534] writeq 0x60606033 0x846c8a020611 797726@1598407357.195164:usb_ehci_opreg_write wr mmio 0x0034 [P-LIST BASE] = 0x206 ehci: PERIODIC list base register set while periodic schedule is enabled and HC is enabled 797726@1598407357.195174:usb_ehci_opreg_change ch mmio 0x0034 [P-LIST BASE] = 0x206 (old: 0x0) OK [S +0.076562] OK [R +0.076574] write 0x204 0x4 0x4a606060 OK [S +0.076855] OK [R +0.076869] write 0x8 0x4 0x97a98095 OK [S +0.077214] OK [R +0.077225] write 0x0 0x4 0x4a606060 OK [S +0.077233] OK [R +0.077242] write 0x4 0x4 0x97a98095 OK [S +0.077250] OK [R +0.077258] write 0xc 0x4 0x4a606060 OK [S +0.077266] OK [R +0.077274] write 0x10 0x4 0x97a98095 OK [S +0.077281] OK [R +0.077289] write 0x14 0x4 0x4a606060 OK [S +0.077295] OK [R +0.077304] write 0x18 0x4 0x97a98095 OK [S +0.077310] OK [R +0.077325] write 0x1c 0x4 0x4a606060 OK [S +0.077333] OK [R +0.077340] clock_step OK 27462700 [S +0.077415] OK 27462700 797726@1598407357.196115:usb_ehci_state periodic schedule ACTIVE 797726@1598407357.196123:usb_ehci_usbsts usbsts PSS 1 797726@1598407357.196137:usb_ehci_state periodic schedule FETCH ENTRY 797726@1598407357.196145:usb_ehci_state periodic schedule FETCH QH 797726@1598407357.196154:usb_ehci_queue_action q 0x60d050b0: alloc 797726@1598407357.196168:usb_ehci_opreg_read rd mmio 0x0040 [unknown] = 0x0
Re: [RFC PATCH v3 02/34] Hexagon (target/hexagon) README
On 8/18/20 8:50 AM, Taylor Simpson wrote:
> +#ifdef fGEN_TCG_A2_add
> +fGEN_TCG_A2_add({ RdV=RsV+RtV;});
> +#else
> +do {
> +gen_helper_A2_add(RdV, cpu_env, RsV, RtV);
> +} while (0);
I don't understand the benefit of passing the SHORTCODE to fGEN_TCG_*. Is this
file included for helper generation?
It seems to contradict what you have a few lines lower
> +The gen_tcg.h file has any overrides. For example,
> +#define fGEN_TCG_A2_add(GENHLPR, SHORTCODE) \
> +tcg_gen_add_tl(RdV, RsV, RtV)
which has two arguments not one.
Is this README out of date?
r~
Re: [RFC PATCH v3 03/34] Hexagon (include/elf.h) ELF machine definition
On 8/18/20 8:50 AM, Taylor Simpson wrote: > Define EM_HEXAGON 164 > > Signed-off-by: Taylor Simpson > Reviewed-by: Philippe Mathieu-Daudé > Tested-by: Philippe Mathieu-Daudé > --- > include/elf.h | 2 ++ > 1 file changed, 2 insertions(+) Reviewed-by: Richard Henderson r~
[Bug 1892962] [NEW] Segfault in usb_bus_from_device
Public bug reported: Hello, Reproducer: cat << EOF | ./qemu-system-i386 -machine q35 \ -device ich9-usb-ehci1,bus=pcie.0,addr=1d.7,\ multifunction=on,id=ich9-ehci-1 \ -device ich9-usb-uhci1,bus=pcie.0,addr=1d.0,\ multifunction=on,masterbus=ich9-ehci-1.0,firstport=0 \ -device usb-tablet,bus=ich9-ehci-1.0,port=1,usb_version=1 \ -display none -nodefaults -qtest stdio -accel qtest outl 0xcf8 0x8000e803 outl 0xcfc 0xff00ff00 outl 0xcf8 0x8000e821 outb 0xcfc 0xff outl 0xff10 0x8500057e clock_step clock_step outb 0xff00 0x49 write 0x2 0x1 0x40 write 0x46 0x1 0xfb write 0x48 0x1 0x2d write 0x4a 0x1 0xe0 write 0x4c 0x1 0x16 write 0x4e 0x1 0xfa write 0xfa001c 0x1 0x04 clock_step write 0x46 0x1 0xfb write 0xfa001d 0x1 0xff clock_step write 0x8 0x1 0xe0 write 0xa 0x1 0x16 write 0x1600e6 0x1 0x9c write 0x1600e8 0x1 0xe1 write 0x1600eb 0x1 0x30 clock_step clock_step write 0x10 0x1 0xe0 write 0x12 0x1 0x16 write 0x1600e6 0x1 0x9c write 0x6 0x1 0x9c write 0x8 0x1 0xe1 write 0xa 0x1 0x40 write 0xb 0x1 0x30 clock_step write 0x14 0x1 0xe0 write 0x16 0x1 0x16 write 0x1600e6 0x1 0x9c write 0x6 0x1 0x9c clock_step write 0x18 0x1 0xe0 write 0x1a 0x1 0x16 write 0x1600e6 0x1 0x9c write 0x6 0x1 0x9c clock_step write 0x1c 0x1 0xe0 write 0x1e 0x1 0x16 write 0x1600e6 0x1 0x9c write 0x6 0x1 0x9c clock_step write 0x20 0x1 0xe0 write 0x22 0x1 0x16 write 0x1600e6 0x1 0x9c write 0x6 0x1 0x9c clock_step EOF The trace: ... [S +0.087589] OK [R +0.087596] write 0x1600e6 0x1 0x9c OK [S +0.087603] OK [R +0.087655] write 0x6 0x1 0x9c OK [S +0.087667] OK [R +0.087675] clock_step 784168@1598406646.189133:usb_uhci_frame_start nr 8 784168@1598406646.189141:usb_uhci_td_load qh 0x0, td 0x1600e0, ctrl 0x9c0180, token 0x30e1 784168@1598406646.189147:usb_uhci_packet_add token 0x0, td 0x1600e0 784168@1598406646.189151:usb_packet_state_change bus 0, port 1, ep 0, packet 0x61143c00, state undef -> setup 784168@1598406646.189161:usb_packet_state_change bus 0, port 1, ep 0, packet 0x61143c00, state setup -> complete 784168@1598406646.189165:usb_uhci_packet_complete_success token 0x0, td 0x1600e0 784168@1598406646.189168:usb_uhci_packet_del token 0x0, td 0x1600e0 784168@1598406646.189174:usb_uhci_td_complete qh 0x0, td 0x1600e0 784168@1598406646.189179:usb_uhci_td_load qh 0x0, td 0x0, ctrl 0x9c0182, token 0x304000e1 784168@1598406646.189183:usb_uhci_packet_add token 0x0, td 0x0 784168@1598406646.189187:usb_packet_state_change bus 0, port 1, ep 0, packet 0x61143d40, state undef -> setup /home/alxndr/Development/qemu/general-fuzz/include/hw/usb.h:526:12: runtime error: member access within null pointer of type 'USBDevice' (aka 'struct USBDevice') SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/alxndr/Development/qemu/general-fuzz/include/hw/usb.h:526:12 in /home/alxndr/Development/qemu/general-fuzz/include/hw/usb.h:526:12: runtime error: member access within null pointer of type 'DeviceState' (aka 'struct DeviceState') SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/alxndr/Development/qemu/general-fuzz/include/hw/usb.h:526:12 in AddressSanitizer:DEADLYSIGNAL = ==784168==ERROR: AddressSanitizer: SEGV on unknown address 0x0050 (pc 0x5599c43df445 bp 0x7ffec2833e50 sp 0x7ffec2833dc0 T0) ==784168==The signal is caused by a READ memory access. ==784168==Hint: address points to the zero page. #0 0x5599c43df445 in usb_bus_from_device /home/alxndr/Development/qemu/general-fuzz/include/hw/usb.h:526:12 #1 0x5599c43ea95c in usb_packet_set_state /home/alxndr/Development/qemu/general-fuzz/build/../hw/usb/core.c:549:23 #2 0x5599c43e8abd in usb_handle_packet /home/alxndr/Development/qemu/general-fuzz/build/../hw/usb/core.c:438:17 #3 0x5599c4b02497 in uhci_handle_td /home/alxndr/Development/qemu/general-fuzz/build/../hw/usb/hcd-uhci.c:892:9 #4 0x5599c4afbd26 in uhci_process_frame /home/alxndr/Development/qemu/general-fuzz/build/../hw/usb/hcd-uhci.c:1075:15 #5 0x5599c4aed2e3 in uhci_frame_timer /home/alxndr/Development/qemu/general-fuzz/build/../hw/usb/hcd-uhci.c:1174:9 #6 0x5599c7620917 in timerlist_run_timers /home/alxndr/Development/qemu/general-fuzz/build/../util/qemu-timer.c:572:9 #7 0x5599c7620e51 in qemu_clock_run_timers /home/alxndr/Development/qemu/general-fuzz/build/../util/qemu-timer.c:586:12 #8 0x5599c5f35a13 in qtest_clock_warp /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/cpus.c:507:9 #9 0x5599c61225d8 in qtest_process_command /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/qtest.c:665:9 #10 0x5599c611063e in qtest_process_inbuf /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/qtest.c:710:9 #11 0x5599c610f3e3 in qtest_read /home/alxndr/Development/qemu/general-fuzz/build/../softmmu/qtest.c:722:5 #12 0x5599c7215762 in qemu_chr_be_write_impl /home/alxndr/Development/qemu/general-fuzz/build/../chardev/char.c:188:9
RE: [PATCH v2 08/10] usb/bus: Remove dead assignment in usb_get_fw_dev_path()
> > hw/usb/bus.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/hw/usb/bus.c b/hw/usb/bus.c index b17bda3b29..7bab0499ad
> > 100644
> > --- a/hw/usb/bus.c
> > +++ b/hw/usb/bus.c
> > @@ -612,8 +612,8 @@ static char *usb_get_fw_dev_path(DeviceState
> > *qdev)
>if (in[0] == '.') {
>/* some hub between root port and device */
>pos += snprintf(fw_path + pos, fw_len - pos, "hub@%lx/",
> nr);
> > in++;
> > } else {
> > /* the device itself */
> > -pos += snprintf(fw_path + pos, fw_len - pos, "%s@%lx",
> > -qdev_fw_name(qdev), nr);
> > +snprintf(fw_path + pos, fw_len - pos, "%s@%lx",
> qdev_fw_name(qdev),
> > + nr);
> > break;
> > }
> > }
>
> I'd prefer to keep the line break where it is:
>
> snprintf(fw_path + pos, fw_len - pos, "%s@%lx",
> qdev_fw_name(qdev), nr);
>
> The patch is safe, so
> Reviewed-by: Markus Armbruster
>
> The loss of symmetry betwen the two arms of the if is a bit sad. Up to Gerd.
If symmetry looks better. I should change it later.
Thanks,
Chen Qun
Re: [RFC PATCH v3 01/34] Hexagon Update MAINTAINERS file
On 8/18/20 8:50 AM, Taylor Simpson wrote: > Add Taylor Simpson as the Hexagon target maintainer > > Signed-off-by: Taylor Simpson > --- > MAINTAINERS | 8 > 1 file changed, 8 insertions(+) Reviewed-by: Richard Henderson r~
Re: [PATCH v2 10/10] hw/display/vga:Remove redundant statement in vga_draw_graphic()
Chen Qun 于2020年8月25日周二 下午7:33写道:
>
> Clang static code analyzer show warning:
> hw/display/vga.c:1677:9: warning: Value stored to 'update' is never read
> update = full_update;
> ^~~~
>
> Reported-by: Euler Robot
> Signed-off-by: Chen Qun
> Reviewed-by: Gerd Hoffmann
Reviewed-by: Li Qiang
> ---
> Cc: Gerd Hoffmann
> ---
> hw/display/vga.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/hw/display/vga.c b/hw/display/vga.c
> index 061fd9ab8f..836ad50c7b 100644
> --- a/hw/display/vga.c
> +++ b/hw/display/vga.c
> @@ -1674,7 +1674,6 @@ static void vga_draw_graphic(VGACommonState *s, int
> full_update)
> if (!(s->cr[VGA_CRTC_MODE] & 2)) {
> addr = (addr & ~0x8000) | ((y1 & 2) << 14);
> }
> -update = full_update;
> page0 = addr & s->vbe_size_mask;
> page1 = (addr + bwidth - 1) & s->vbe_size_mask;
> if (full_update) {
> --
> 2.23.0
>
>
RE: [PATCH v2 07/10] vfio/platform: Remove dead assignment in vfio_intp_interrupt()
> > Clang static code analyzer show warning: > > hw/vfio/platform.c:239:9: warning: Value stored to 'ret' is never read > > ret = event_notifier_test_and_clear(intp->interrupt); > > ^ ~~ > > > > Reported-by: Euler Robot > > Signed-off-by: Chen Qun > > Reviewed-by: Eric Auger > > --- > > Cc: Alex Williamson > > Cc: Eric Auger > > Cc: Stefan Hajnoczi > > --- > > hw/vfio/platform.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c index > > ac2cefc9b1..869ed2c39d 100644 > > --- a/hw/vfio/platform.c > > +++ b/hw/vfio/platform.c > > @@ -236,7 +236,7 @@ static void vfio_intp_interrupt(VFIOINTp *intp) > > trace_vfio_intp_interrupt_set_pending(intp->pin); > > QSIMPLEQ_INSERT_TAIL(&vdev->pending_intp_queue, > > intp, pqnext); > > -ret = event_notifier_test_and_clear(intp->interrupt); > > Shouldn't we check the 'ret' like the other place in this function? Hi, Li Qiang, Eric、Alex、Stefan has already discussed this point in the V1 version. https://patchwork.kernel.org/patch/11711897/ Thanks.
Re: [PATCH v2 07/10] vfio/platform: Remove dead assignment in vfio_intp_interrupt()
Chen Qun 于2020年8月25日周二 下午7:31写道: > > Clang static code analyzer show warning: > hw/vfio/platform.c:239:9: warning: Value stored to 'ret' is never read > ret = event_notifier_test_and_clear(intp->interrupt); > ^ ~~ > > Reported-by: Euler Robot > Signed-off-by: Chen Qun > Reviewed-by: Eric Auger > --- > Cc: Alex Williamson > Cc: Eric Auger > Cc: Stefan Hajnoczi > --- > hw/vfio/platform.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c > index ac2cefc9b1..869ed2c39d 100644 > --- a/hw/vfio/platform.c > +++ b/hw/vfio/platform.c > @@ -236,7 +236,7 @@ static void vfio_intp_interrupt(VFIOINTp *intp) > trace_vfio_intp_interrupt_set_pending(intp->pin); > QSIMPLEQ_INSERT_TAIL(&vdev->pending_intp_queue, > intp, pqnext); > -ret = event_notifier_test_and_clear(intp->interrupt); Shouldn't we check the 'ret' like the other place in this function? Thanks, Li Qiang > +event_notifier_test_and_clear(intp->interrupt); > return; > } > > -- > 2.23.0 > >
Re: [PATCH v2 06/10] hw/net/virtio-net:Remove redundant statement in virtio_net_rsc_tcp_ctrl_check()
Chen Qun 于2020年8月25日周二 下午7:32写道:
>
> Clang static code analyzer show warning:
> hw/net/virtio-net.c:2077:5: warning: Value stored to 'tcp_flag' is never read
> tcp_flag &= VIRTIO_NET_TCP_FLAG;
> ^ ~~~
>
> The 'VIRTIO_NET_TCP_FLAG' is '0x3F'. The last ‘tcp_flag’ assignment statement
> is
> the same as that of the first two statements.
>
> Reported-by: Euler Robot
> Signed-off-by: Chen Qun
> Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> Cc: "Michael S. Tsirkin"
> Cc: Jason Wang
> ---
> hw/net/virtio-net.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index a1fe9e9285..cb0d27084c 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -2075,7 +2075,6 @@ static int
> virtio_net_rsc_tcp_ctrl_check(VirtioNetRscChain *chain,
> tcp_flag = htons(tcp->th_offset_flags);
> tcp_hdr = (tcp_flag & VIRTIO_NET_TCP_HDR_LENGTH) >> 10;
> tcp_flag &= VIRTIO_NET_TCP_FLAG;
> -tcp_flag = htons(tcp->th_offset_flags) & 0x3F;
> if (tcp_flag & TH_SYN) {
> chain->stat.tcp_syn++;
> return RSC_BYPASS;
> --
> 2.23.0
>
>
[Bug 1892960] [NEW] Heap-overflow in flatview_read through sdhci_data_transfer
Public bug reported: Hello, Reproducer: cat << EOF | ./qemu-system-i386 -nodefaults \ -device sdhci-pci,sd-spec-version=3 \ -device sd-card,drive=mydrive \ -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ -nographic -qtest stdio -accel qtest outl 0xcf8 0x80001010 outl 0xcfc 0xd7055dba outl 0xcf8 0x80001003 outl 0xcfc 0x86b1d733 writeq 0xd7055d2b 0x84126e0ed7d7355e writeq 0xd7055d23 0x13bd7d7346e0129 writeq 0xd7055d05 0x615bfb845e05c42c write 0x0 0x1 0x39 write 0x5 0x1 0x06 write 0x6 0x1 0x35 write 0x7 0x1 0x01 write 0x1350600 0x1 0x39 writew 0xd7055d0e 0x846e write 0x1350600 0x1 0x29 write 0x1350602 0x1 0x1a write 0x1350608 0x1 0x39 clock_step writeq 0xd7055d03 0x6d002600 clock_step EOF The trace: [R +0.077745] outl 0xcf8 0x80001010 OK [S +0.03] OK [R +0.077792] outl 0xcfc 0xd7055dba OK [S +0.077813] OK [R +0.077826] outl 0xcf8 0x80001003 OK [S +0.077835] OK [R +0.077846] outl 0xcfc 0x86b1d733 OK [S +0.080186] OK [R +0.080204] writeq 0xd7055d2b 0x84126e0ed7d7355e 752161@1598405049.572123:sdhci_access wr8: addr[0x002b] <- 0x005e (94) 752161@1598405049.572133:sdhci_access wr32: addr[0x002c] <- 0x0ed7d735 (249026357) 752161@1598405049.572142:sdhci_access wr16: addr[0x0030] <- 0x126e (4718) 752161@1598405049.572150:sdhci_access wr8: addr[0x0032] <- 0x0084 (132) OK [S +0.080255] OK [R +0.080267] writeq 0xd7055d23 0x13bd7d7346e0129 752161@1598405049.572176:sdhci_error Non-sequential access to Buffer Data Port registeris prohibited 752161@1598405049.572181:sdhci_access wr8: addr[0x0023] <- 0x0029 (41) 752161@1598405049.572187:sdhci_access wr32: addr[0x0024] <- 0xd7346e01 (3610537473) 752161@1598405049.572193:sdhci_access wr16: addr[0x0028] <- 0x3bd7 (15319) 752161@1598405049.572200:sdhci_access wr8: addr[0x002a] <- 0x0001 (1) OK [S +0.080303] OK [R +0.080316] writeq 0xd7055d05 0x615bfb845e05c42c 752161@1598405049.572226:sdhci_access wr8: addr[0x0005] <- 0x002c (44) 752161@1598405049.572233:sdhci_access wr16: addr[0x0006] <- 0x05c4 (1476) 752161@1598405049.572240:sdhci_access wr32: addr[0x0008] <- 0x5bfb845e (1543210078) 752161@1598405049.572247:sdhci_access wr8: addr[0x000c] <- 0x0061 (97) OK [S +0.080350] OK [R +0.080362] write 0x0 0x1 0x39 OK [S +0.080606] OK [R +0.080617] write 0x5 0x1 0x06 OK [S +0.080629] OK [R +0.080639] write 0x6 0x1 0x35 OK [S +0.080648] OK [R +0.080657] write 0x7 0x1 0x01 OK [S +0.080665] OK [R +0.080675] write 0x1350600 0x1 0x39 OK [S +0.080863] OK [R +0.080875] writew 0xd7055d0e 0x846e 752161@1598405049.572786:sdhci_send_command CMD132 ARG[0x5bfb845e] 752161@1598405049.572810:sdhci_error timeout waiting for command response 752161@1598405049.572822:sdhci_adma_loop addr=0x01350600, len=0, attr=0x39 752161@1598405049.572827:sdhci_adma link: admasysaddr=0x1350600 752161@1598405049.572833:sdhci_adma_loop addr=0x, len=0, attr=0x39 752161@1598405049.572837:sdhci_adma link: admasysaddr=0x0 752161@1598405049.572842:sdhci_adma_loop addr=0x01350600, len=0, attr=0x39 752161@1598405049.572845:sdhci_adma link: admasysaddr=0x1350600 752161@1598405049.572851:sdhci_adma_loop addr=0x, len=0, attr=0x39 752161@1598405049.572854:sdhci_adma link: admasysaddr=0x0 752161@1598405049.572859:sdhci_adma_loop addr=0x01350600, len=0, attr=0x39 752161@1598405049.572862:sdhci_adma link: admasysaddr=0x1350600 752161@1598405049.572875:sdhci_access wr16: addr[0x000e] <- 0x846e (33902) OK [S +0.080979] OK [R +0.080991] write 0x1350600 0x1 0x29 OK [S +0.081001] OK [R +0.081011] write 0x1350602 0x1 0x1a OK [S +0.081019] OK [R +0.081029] write 0x1350608 0x1 0x39 OK [S +0.081037] OK [R +0.081045] clock_step 752161@1598405049.572962:sdhci_adma_loop addr=0x, len=26, attr=0x29 752161@1598405049.572972:sdhci_adma_loop addr=0x, len=0, attr=0x39 752161@1598405049.572977:sdhci_adma link: admasysaddr=0x0 752161@1598405049.572981:sdhci_adma_loop addr=0x01350600, len=0, attr=0x39 752161@1598405049.572985:sdhci_adma link: admasysaddr=0x1350600 752161@1598405049.572989:sdhci_adma_loop addr=0x, len=26, attr=0x29 752161@1598405049.572997:sdhci_adma_loop addr=0x, len=0, attr=0x39 752161@1598405049.573001:sdhci_adma link: admasysaddr=0x0 OK 100 [S +0.081112] OK 100 [R +0.081126] writeq 0xd7055d03 0x6d002600 752161@1598405049.573038:sdhci_access wr8: addr[0x0003] <- 0x (0) 752161@1598405049.573045:sdhci_access wr32: addr[0x0004] <- 0x0026 (2490368) 752161@1598405049.573051:sdhci_access wr16: addr[0x0008] <- 0x (0) 752161@1598405049.573057:sdhci_access wr8: addr[0x000a] <- 0x006d (109) OK [S +0.081162] OK [R +0.081171] clock_step 752161@1598405049.573085:sdhci_adma_loop addr=0x01350600, len=0, attr=0x39 752161@1598405049.573090:sdhci_adma link: admasysaddr=0x1350600 752161@1598405049.573096:sdhci_adma_loop addr=0x, len=26, attr=0x29 = ==752161==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6151e500 at p
Re: [PATCH v2 02/10] hw/arm/omap1:Remove redundant statement in omap_clkdsp_read()
Chen Qun 于2020年8月25日周二 下午7:30写道: > > Clang static code analyzer show warning: > hw/arm/omap1.c:1760:15: warning: Value stored to 'cpu' during its > initialization is never read > CPUState *cpu = CPU(s->cpu); > ^~~ ~~~ > > Reported-by: Euler Robot > Signed-off-by: Chen Qun Reviewed-by: Li Qiang > --- > Cc: Peter Maydell > Cc: qemu-...@nongnu.org > --- > hw/arm/omap1.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c > index 6ba0df6b6d..02c0f66431 100644 > --- a/hw/arm/omap1.c > +++ b/hw/arm/omap1.c > @@ -1774,7 +1774,6 @@ static uint64_t omap_clkdsp_read(void *opaque, hwaddr > addr, > return s->clkm.dsp_rstct2; > > case 0x18: /* DSP_SYSST */ > -cpu = CPU(s->cpu); > return (s->clkm.clocking_scheme << 11) | s->clkm.cold_start | > (cpu->halted << 6); /* Quite useless... */ > } > -- > 2.23.0 > >
Re: [PATCH v2 01/10] hw/arm/virt-acpi-build:Remove dead assignment in build_madt()
Chen Qun 于2020年8月25日周二 下午7:26写道: > > Clang static code analyzer show warning: > hw/arm/virt-acpi-build.c:641:5: warning: Value stored to 'madt' is never read > madt = acpi_data_push(table_data, sizeof *madt); > ^ > > Reported-by: Euler Robot > Signed-off-by: Chen Qun > Reviewed-by: Igor Mammedov Reviewed-by: Li Qiang > --- > Cc: Shannon Zhao > Cc: Peter Maydell > Cc: "Michael S. Tsirkin" > Cc: Igor Mammedov > Cc: qemu-...@nongnu.org > --- > hw/arm/virt-acpi-build.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c > index 91f0df7b13..f830f9b779 100644 > --- a/hw/arm/virt-acpi-build.c > +++ b/hw/arm/virt-acpi-build.c > @@ -633,12 +633,11 @@ build_madt(GArray *table_data, BIOSLinker *linker, > VirtMachineState *vms) > int madt_start = table_data->len; > const MemMapEntry *memmap = vms->memmap; > const int *irqmap = vms->irqmap; > -AcpiMultipleApicTable *madt; > AcpiMadtGenericDistributor *gicd; > AcpiMadtGenericMsiFrame *gic_msi; > int i; > > -madt = acpi_data_push(table_data, sizeof *madt); > +acpi_data_push(table_data, sizeof(AcpiMultipleApicTable)); > > gicd = acpi_data_push(table_data, sizeof *gicd); > gicd->type = ACPI_APIC_GENERIC_DISTRIBUTOR; > -- > 2.23.0 > >
[Bug 1892604] Re: qemu-system-arm: ../hw/usb/hcd-dwc2.c:666: dwc2_glbreg_read: Assertion `addr <= GINTSTS2' failed.
Yep, it looks like that works! Sorry for the bogus report, I didn't think to check the Changelog. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1892604 Title: qemu-system-arm: ../hw/usb/hcd-dwc2.c:666: dwc2_glbreg_read: Assertion `addr <= GINTSTS2' failed. Status in QEMU: New Bug description: When trying to run the 2016-05-27 Raspbian image on the emulated raspi2 platform, the system boots but shortly after the login prompt QEMU (master; commit ID ca489cd037e4d50dc6c40570a167504ad7e5a521) dies with: qemu-system-arm: ../hw/usb/hcd-dwc2.c:666: dwc2_glbreg_read: Assertion `addr <= GINTSTS2' failed. Steps to reproduce: 1. Get the image: wget http://downloads.raspberrypi.org/raspbian/images/raspbian-2016-05-31/2016-05-27 -raspbian-jessie.zip 2. Extract the kernel image and DTB: sudo losetup -f --show -P 2016-05-27-raspbian-jessie.img sudo mkdir /mnt/rpi sudo mount /dev/loop11p1 /mnt/rpi/ cp /mnt/rpi/kernel7.img . cp /mnt/rpi/bcm2709-rpi-2-b.dtb . sudo umount /mnt/rpi sudo losetup -d /dev/loop11 3. Run QEMU: qemu-system-arm -M raspi2 -m 1G -dtb bcm2709-rpi-2-b.dtb -kernel kernel7.img -append "rw earlyprintk loglevel=8 console=ttyAMA0,115200 dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2" -sd 2016-05-27-raspbian-jessie.img -smp 4 -serial stdio -display none A few seconds after the login prompt is displayed, QEMU will exit with the assertion failure. I also tried changing all of the asserts to if statements that (for MMIO reads) returned 0 and (for writes) just returned, but this resulted in a non-responsive system. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1892604/+subscriptions
Re: [PATCH v2 1/4] Define ePMP mseccfg
On Mon, Aug 10, 2020 at 5:25 PM Hou Weiying wrote:
>
> Currently using 0x390 and 0x391 for x-epmp (experimental). This may change in
> the future spec.
>
> Signed-off-by: Hongzheng-Li
> Signed-off-by: Hou Weiying
> Signed-off-by: Myriad-Dreamin
> ---
> target/riscv/cpu_bits.h | 3 +++
> target/riscv/gdbstub.c | 2 ++
> 2 files changed, 5 insertions(+)
>
> diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
> index 8117e8b5a7..9c35179983 100644
> --- a/target/riscv/cpu_bits.h
> +++ b/target/riscv/cpu_bits.h
> @@ -229,6 +229,9 @@
> #define CSR_MTINST 0x34a
> #define CSR_MTVAL2 0x34b
>
> +/* Enhanced PMP */
> +#define CSR_MSECCFG 0x390
> +#define CSR_MSECCFGH0x391
I was hoping that this address would be set by this time, but that
doesn't seem to have happened. I'll try and get this going.
I think we will have to wait for the address to be finalised before
this can be merged.
Alistair
> /* Physical Memory Protection */
> #define CSR_PMPCFG0 0x3a0
> #define CSR_PMPCFG1 0x3a1
> diff --git a/target/riscv/gdbstub.c b/target/riscv/gdbstub.c
> index eba12a86f2..de5551604a 100644
> --- a/target/riscv/gdbstub.c
> +++ b/target/riscv/gdbstub.c
> @@ -132,6 +132,8 @@ static int csr_register_map[] = {
> CSR_MIP,
> CSR_MTINST,
> CSR_MTVAL2,
> +CSR_MSECCFG,
> +CSR_MSECCFGH,
> CSR_PMPCFG0,
> CSR_PMPCFG1,
> CSR_PMPCFG2,
> --
> 2.20.1
>
>
Re: [PULL 00/18] riscv-to-apply queue
On Tue, Aug 25, 2020 at 2:50 PM Peter Maydell wrote: > > On Tue, 25 Aug 2020 at 22:32, Alistair Francis wrote: > > > > On Tue, Aug 25, 2020 at 2:24 PM Peter Maydell > > wrote: > > > The hypervisor related patches don't seem to have any > > > reviewed-by tags, which seems a shame for a fairly significant > > > chunk of work. Is there really nobody who can review them > > > for you ? > > > > Unfortunately not. They have been on the list since April and haven't > > received any feedback. > > > > There isn't a lot of people reviewing the RISC-V patches unfortunately. > > :-( I'd hoped it was a more active target than that. There are lots of active contributors, we are just short on reviewers. Richard and Philippe review patches and some of the RISC-V patches get reviewed by the RISC-V community. The main problem (which is a common problem in open source) is that large technical patch series just get ignored. Alistair > > -- PMM
Re: [PULL] nvme updates
On Tue, Aug 25, 2020 at 10:43:23PM +0100, Peter Maydell wrote:
> On Tue, 25 Aug 2020 at 21:12, Keith Busch wrote:
> >
> > On Sun, Aug 23, 2020 at 02:56:12PM +0100, Peter Maydell wrote:
> > > Hi; it looks like this isn't a gpg-signed tag?
> > >
> > > error: remotes/nvme/nvme-next: cannot verify a non-tag object of type
> > > commit.
> >
> > Oops, sorry I forgot about that part of the procedure here. The repo should
> > have a signed tag now:
>
> Thanks; the gpg key setup looks ok.
>
> I notice that all the commits in the repo have Klaus's signed-off-by.
> Usually the expectation is that the person who sends the pull req
> is the one who's curated the tree and added their signed-off-by,
> but are you doing a jointly-administered tree here ?
Right, Klaus is the primary committer for our joint repository, and I
added his info to the MAINTAINERS file in the first commit of this pull.
Since he's not currently listed upstream, I thought it made sense to
make the introduction here. We'll coordinate pull requests as you've
described going forward.
> The build has a format string issue that shows up on OSX, Windows,
> and 32-bit builds:
Sorry about that, we'll fix it up ASAP.
> In file included from ../../hw/block/trace.h:1:0,
> from ../../hw/block/fdc.c:48:
> ./trace/trace-hw_block.h: In function '_nocheck__trace_pci_nvme_err_mdts':
> ./trace/trace-hw_block.h:2162:18: error: format '%llu' expects
> argument of type 'long long unsigned int', but argument 6 has type
> 'size_t {aka unsigned int}' [-Werror=format=]
> qemu_log("%d@%zu.%06zu:pci_nvme_err_mdts " "cid %"PRIu16" len
> %"PRIu64"" "\n",
> ^
>
> thanks
> -- PMM
[PATCH] meson: don't require CONFIG_VTE for the GTK UI
Prevously CONFIG_VTE was not required to build QEMU with GTK UI support as not
all platforms have VTE available (in particular Windows).
Remove this requirement from the meson build system to enable QEMU to be built
with GTK UI support for Windows once again.
Signed-off-by: Mark Cave-Ayland
---
ui/meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ui/meson.build b/ui/meson.build
index 018c5698bf..a81d5c259c 100644
--- a/ui/meson.build
+++ b/ui/meson.build
@@ -42,7 +42,7 @@ if config_host.has_key('CONFIG_CURSES')
ui_modules += {'curses' : curses_ss}
endif
-if config_host.has_key('CONFIG_GTK') and config_host.has_key('CONFIG_VTE')
+if config_host.has_key('CONFIG_GTK')
softmmu_ss.add(when: 'CONFIG_WIN32', if_true: files('win32-kbd-hook.c'))
gtk_ss = ss.source_set()
--
2.20.1
Re: meson: problems building under msys2/mingw-w64 native
On 25/08/2020 09:34, Paolo Bonzini wrote: > I saw it, thanks. I would like to have someone else (like Mark) test it and > then I > will include it. > > Paolo Yonggang Luo, thank you for this patchset which helped enable me to build QEMU on Windows with the new meson build. I've replied to individual patches on the basis of my tests - there are some minor issues with the patches themselves, a couple of things that need to be clarified, and also a cover letter and SoB tags are missing as pointed out by Eric. There is one more thing I noticed - in my tests I passed --prefix=/home/Mark/rel-qemu-git into configure and ran "make install". This worked, but it flattened the output directory tree i.e. /home/Mark/rel-qemu-git in MSYS2 looked like this: $ ls -l /home/Mark/rel-qemu-git/ total 40440 drwxr-xr-x 1 Mark None0 Aug 25 20:43 applications -rw-r--r-- 1 Mark None 3211 Aug 25 20:43 bamboo.dtb -rw-r--r-- 1 Mark None 131072 Aug 25 20:43 bios.bin -rw-r--r-- 1 Mark None 262144 Aug 25 20:43 bios-256k.bin -rw-r--r-- 1 Mark None65536 Aug 25 20:43 bios-microvm.bin -rw-r--r-- 1 Mark None 9779 Aug 25 20:43 canyonlands.dtb -rw-r--r-- 1 Mark None42903 Aug 25 20:43 edk2-licenses.txt -rw-r--r-- 1 Mark None 240128 Aug 25 20:43 efi-e1000.rom -rw-r--r-- 1 Mark None 240128 Aug 25 20:43 efi-e1000e.rom -rw-r--r-- 1 Mark None 240128 Aug 25 20:43 efi-eepro100.rom -rw-r--r-- 1 Mark None 238592 Aug 25 20:43 efi-ne2k_pci.rom -rw-r--r-- 1 Mark None 238592 Aug 25 20:43 efi-pcnet.rom -rw-r--r-- 1 Mark None 242688 Aug 25 20:43 efi-rtl8139.rom -rw-r--r-- 1 Mark None 242688 Aug 25 20:43 efi-virtio.rom -rw-r--r-- 1 Mark None 236032 Aug 25 20:43 efi-vmxnet3.rom -rw-r--r-- 1 Mark None 766136 Aug 25 20:43 hppa-firmware.img drwxr-xr-x 1 Mark None0 Aug 25 20:43 icons drwxr-xr-x 1 Mark None0 Aug 25 20:43 keymaps -rw-r--r-- 1 Mark None 9216 Aug 25 20:43 kvmvapic.bin -rw-r--r-- 1 Mark None 1024 Aug 25 20:43 linuxboot.bin -rw-r--r-- 1 Mark None 1536 Aug 25 20:43 linuxboot_dma.bin -rw-r--r-- 1 Mark None 1024 Aug 25 20:43 multiboot.bin -rw-r--r-- 1 Mark None 696912 Aug 25 20:43 openbios-ppc -rw-r--r-- 1 Mark None 382048 Aug 25 20:43 openbios-sparc32 -rw-r--r-- 1 Mark None 1593408 Aug 25 20:43 openbios-sparc64 -rw-r--r-- 1 Mark None62144 Aug 25 20:43 opensbi-riscv32-generic-fw_dynamic.bin -rw-r--r-- 1 Mark None 558668 Aug 25 20:43 opensbi-riscv32-generic-fw_dynamic.elf -rw-r--r-- 1 Mark None70792 Aug 25 20:43 opensbi-riscv64-generic-fw_dynamic.bin -rw-r--r-- 1 Mark None 620424 Aug 25 20:43 opensbi-riscv64-generic-fw_dynamic.elf -rw-r--r-- 1 Mark None 156328 Aug 25 20:43 palcode-clipper -rw-r--r-- 1 Mark None 9882 Aug 25 20:43 petalogix-ml605.dtb -rw-r--r-- 1 Mark None 8161 Aug 25 20:43 petalogix-s3adsp1800.dtb -rw-r--r-- 1 Mark None 1536 Aug 25 20:43 pvh.bin -rw-r--r-- 1 Mark None67072 Aug 25 20:43 pxe-e1000.rom -rw-r--r-- 1 Mark None61440 Aug 25 20:43 pxe-eepro100.rom -rw-r--r-- 1 Mark None61440 Aug 25 20:43 pxe-ne2k_pci.rom -rw-r--r-- 1 Mark None61440 Aug 25 20:43 pxe-pcnet.rom -rw-r--r-- 1 Mark None61440 Aug 25 20:43 pxe-rtl8139.rom -rw-r--r-- 1 Mark None60416 Aug 25 20:43 pxe-virtio.rom -rw-r--r-- 1 Mark None 850 Aug 25 20:43 QEMU,cgthree.bin -rw-r--r-- 1 Mark None 1402 Aug 25 20:43 QEMU,tcx.bin -rw-r--r-- 1 Mark None18752 Aug 25 20:43 qemu_vga.ndrv -rwxr-xr-x 1 Mark None84992 Aug 25 20:43 qemu-edid.exe -rwxr-xr-x 1 Mark None 468480 Aug 25 20:43 qemu-ga.exe -rwxr-xr-x 1 Mark None 1643520 Aug 25 20:43 qemu-img.exe -rwxr-xr-x 1 Mark None 1590272 Aug 25 20:43 qemu-io.exe -rw-r--r-- 1 Mark None 154542 Aug 25 20:43 qemu-nsis.bmp -rwxr-xr-x 1 Mark None 1994240 Aug 25 20:43 qemu-storage-daemon.exe -rwxr-xr-x 1 Mark None 11815424 Aug 25 20:43 qemu-system-ppc.exe -rwxr-xr-x 1 Mark None 11815424 Aug 25 20:43 qemu-system-ppcw.exe -rw-r--r-- 1 Mark None42608 Aug 25 20:43 s390-ccw.img -rw-r--r-- 1 Mark None67232 Aug 25 20:43 s390-netboot.img -rw-r--r-- 1 Mark None 4096 Aug 25 20:43 sgabios.bin drwxr-xr-x 1 Mark None0 Aug 25 20:43 share -rw-r--r-- 1 Mark None 1667280 Aug 25 20:43 skiboot.lid -rw-r--r-- 1 Mark None 968368 Aug 25 20:43 slof.bin -rw-r--r-- 1 Mark None 349148 Aug 25 20:43 u-boot.e500 -rw-r--r-- 1 Mark None 524288 Aug 25 20:43 u-boot-sam460-20100605.bin -rw-r--r-- 1 Mark None38912 Aug 25 20:43 vgabios.bin -rw-r--r-- 1 Mark None39424 Aug 25 20:43 vgabios-ati.bin -rw-r--r-- 1 Mark None28672 Aug 25 20:43 vgabios-bochs-display.bin -rw-r--r-- 1 Mark None38912 Aug 25 20:43 vgabios-cirrus.bin -rw-r--r-- 1 Mark None39424 Aug 25 20:43 vgabios-qxl.bin -rw-r--r-- 1 Mark None28672 Aug 25 20:43 vgabios-ramfb.bin -rw-r--r-- 1 Mark None39424 Aug 25 20:43 vgabios-stdvga.bin -rw-r--r-- 1 Mark None39424 Aug 25 20:43 vgabios-virtio.bin -rw-r--r-- 1 Mark None39424 Aug 25 20:43 vgabios-vmware.bin I would expect the majority of these files to
[Bug 1882851] [PATCH] drm/virtio: fix unblank
From: Gerd Hoffmann
When going through a disable/enable cycle without changing the
framebuffer the optimization added by commit 3954ff10e06e ("drm/virtio:
skip set_scanout if framebuffer didn't change") causes the screen stay
blank. Add a bool to force an update to fix that.
v2: use drm_atomic_crtc_needs_modeset() (Daniel).
Cc: 1882...@bugs.launchpad.net
Fixes: 3954ff10e06e ("drm/virtio: skip set_scanout if framebuffer didn't
change")
Signed-off-by: Gerd Hoffmann
Tested-by: Jiri Slaby
Tested-by: Diego Viola
---
drivers/gpu/drm/virtio/virtgpu_display.c | 11 +++
drivers/gpu/drm/virtio/virtgpu_drv.h | 1 +
drivers/gpu/drm/virtio/virtgpu_plane.c | 4 +++-
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_display.c
b/drivers/gpu/drm/virtio/virtgpu_display.c
index af55b334be2f..35b5c80f5d85 100644
--- a/drivers/gpu/drm/virtio/virtgpu_display.c
+++ b/drivers/gpu/drm/virtio/virtgpu_display.c
@@ -123,6 +123,17 @@ static int virtio_gpu_crtc_atomic_check(struct drm_crtc
*crtc,
static void virtio_gpu_crtc_atomic_flush(struct drm_crtc *crtc,
struct drm_crtc_state *old_state)
{
+ struct virtio_gpu_output *output = drm_crtc_to_virtio_gpu_output(crtc);
+
+ /*
+* virtio-gpu can't do modeset and plane update operations
+* independant from each other. So the actual modeset happens
+* in the plane update callback, and here we just check
+* whenever we must force the modeset.
+*/
+ if (drm_atomic_crtc_needs_modeset(crtc->state)) {
+ output->needs_modeset = true;
+ }
}
static const struct drm_crtc_helper_funcs virtio_gpu_crtc_helper_funcs = {
diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.h
b/drivers/gpu/drm/virtio/virtgpu_drv.h
index 9ff9f4ac0522..4ab1b0ba2925 100644
--- a/drivers/gpu/drm/virtio/virtgpu_drv.h
+++ b/drivers/gpu/drm/virtio/virtgpu_drv.h
@@ -138,6 +138,7 @@ struct virtio_gpu_output {
int cur_x;
int cur_y;
bool enabled;
+ bool needs_modeset;
};
#define drm_crtc_to_virtio_gpu_output(x) \
container_of(x, struct virtio_gpu_output, crtc)
diff --git a/drivers/gpu/drm/virtio/virtgpu_plane.c
b/drivers/gpu/drm/virtio/virtgpu_plane.c
index 52d24179bcec..65757409d9ed 100644
--- a/drivers/gpu/drm/virtio/virtgpu_plane.c
+++ b/drivers/gpu/drm/virtio/virtgpu_plane.c
@@ -163,7 +163,9 @@ static void virtio_gpu_primary_plane_update(struct
drm_plane *plane,
plane->state->src_w != old_state->src_w ||
plane->state->src_h != old_state->src_h ||
plane->state->src_x != old_state->src_x ||
- plane->state->src_y != old_state->src_y) {
+ plane->state->src_y != old_state->src_y ||
+ output->needs_modeset) {
+ output->needs_modeset = false;
DRM_DEBUG("handle 0x%x, crtc %dx%d+%d+%d, src %dx%d+%d+%d\n",
bo->hw_res_handle,
plane->state->crtc_w, plane->state->crtc_h,
--
2.28.0
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1882851
Title:
QEMU video freezes with "Guest disabled display" (virtio driver)
Status in QEMU:
New
Bug description:
I am using Arch Linux as my Guest and Host OS, after starting qemu
with the following command:
$ qemu-system-x86_64 -enable-kvm -hda arch-zoom.qcow2 -m 4G -vga
virtio
and waiting for a screen blank, I get this message:
Guest disabled display
And nothing happens after that, I can move the mouse or hit any key,
and the message is still there.
I can still reboot the VM but that's not optimal.
I can reproduce this with the latest QEMU release (5.0.0) or git master,
I also tried this with older releases (4.0.0, 3.0.0) and the issue is still
there.
I can't reproduce this with other video drivers (std, qxl).
With std/qxl the screen will blank a bit and then continue as normal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1882851/+subscriptions
[REPORT] Nightly Performance Tests - Tuesday, August 25, 2020
Host CPU : Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz Host Memory : 15.49 GB Start Time (UTC) : 2020-08-25 21:30:01 End Time (UTC) : 2020-08-25 22:02:37 Execution Time : 0:32:35.896990 Status : SUCCESS Note: Changes denoted by '-' are less than 0.01%. SUMMARY REPORT - COMMIT d1a2b51f AVERAGE RESULTS Target Instructions Latest v5.1.0 -- -- -- aarch642 158 355 274 - +1.693% alpha 1 914 967 171 - +3.524% arm8 076 402 940 - +2.304% hppa 4 261 685 987 -0.182% +3.164% m68k 2 690 273 044 - +7.131% mips 1 862 033 667 - +2.494% mipsel 2 008 211 069 - +2.674% mips64 1 918 635 565 - +2.818% mips64el 2 051 565 677 - +3.026% ppc2 480 141 217 - +3.107% ppc64 2 576 713 959 - +3.143% ppc64le2 558 853 539 - +3.173% riscv641 406 704 050 - +2.65% s390x 3 158 140 046 - +3.118% sh42 364 449 748 - +3.33% sparc643 318 544 783 - +3.851% x86_64 1 775 844 158 - +2.156% DETAILED RESULTS Test Program: dijkstra_double Target Instructions Latest v5.1.0 -- -- -- aarch643 062 583 464 - +1.424% alpha 3 191 864 698 - +3.696% arm 16 357 157 526 - +2.347% hppa 7 228 376 315 -0.139% +3.086% m68k 4 294 016 587 - +9.692% mips 3 051 419 166 - +2.427% mipsel 3 231 509 618 - +2.869% mips64 3 245 837 754 - +2.596% mips64el 3 414 195 796 - +3.021% ppc4 914 520 972 -0.041% +4.74% ppc64 5 098 154 311 - +4.565% ppc64le5 082 419 054 - +4.58% riscv642 192 294 915 - +1.955% s390x 4 584 503 977 - +2.896% sh43 949 036 447 - +3.464% sparc644 586 203 546 - +4.237% x86_64 2 484 092 105 - +1.75% Test Program: dijkstra_int32 Target Instructions Latest v5.1.0 -- -- -- aarch642 210 194 577 - +1.493% alpha 1 494 133 274 - +2.15% arm8 262 935 967 - +2.665% hppa 5 207 318 306 - +3.047% m68k 1 725 856 962 - +2.527% mips 1 495 227 032 - +1.492% mipsel 1 497 147 869 - +1.479% mips64 1 715 388 570 - +1.892% mips64el 1 695 276 864 - +1.913% ppc2 014 557 389 - +1.819% ppc64 2 206 267 901 - +2.139% ppc64le2 197 998 781 - +2.146% riscv641 354 912 745 - +2.396% s390x 2 916 247 062 - +1.241% sh41 990 532 533 - +2.669% sparc642 872 231 051 - +3.758% x86_64 1 553 981 241 - +2.12% Test Program: matmult_double Target Instructions Latest v5.1.0 -- -- -- aarch641 412 273 223 - +0.302% alpha 3 233 991 649 - +7.473% arm8 545 173 979 - +1.088% hppa 3 483 597 802 -1.267% +4.468% m68k 3 919 065 529 -+18.431% mips 2 344 774 894 - +4.091% mipsel 3 329 886 464 - +5.177% mips64 2 359 046 988 - +4.076% mips
[PATCH 3/3] ppc/spapr_nvdimm: do not enable support with 'nvdimm=off'
The NVDIMM support for pSeries was introduced in 5.1, but it
didn't contemplate the 'nvdimm' machine option that other
archs uses. For every other arch, if no '-machine nvdimm(=on)'
is present, it is assumed that the NVDIMM support is disabled.
The user must explictly inform that the machine supports
NVDIMM. For pseries-5.1 the 'nvdimm' option is completely
ignored, and support is always assumed to exist. This
leads to situations where the user is able to set 'nvdimm=off'
but the guest boots up with the NVDIMMs anyway.
Fixing this now, after 5.1 launch, can put the overall NVDIMM
support for pseries in a strange place regarding this 'nvdimm'
machine option. If we force everything to be like other archs,
existing pseries-5.1 guests that didn't use 'nvdimm' to use NVDIMM
devices will break. If we attempt to make the newer pseries
machines (5.2+) behave like everyone else, but keep pseries-5.1
untouched, we'll have consistency problems on machine upgrade
(5.1 will have different default values for NVDIMM support than
5.2).
The common ground here is, if the user sets 'nvdimm=off', we
must comply regardless of being 5.1 or 5.2+. This patch
changes spapr_nvdimm_validate() to verify if the user set
NVDIMM support off in the machine options and, in that
case, error out if we have a NVDIMM device. The default
value for 5.2+ pseries machines will still be 'nvdimm=on'
when there is no 'nvdimm' option declared, just like it is today
with pseries-5.1. In the end we'll have different default
semantics from everyone else in the absence of the 'nvdimm'
machine option, but this boat has sailed.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1848887
Signed-off-by: Daniel Henrique Barboza
---
hw/ppc/spapr_nvdimm.c | 18 ++
1 file changed, 18 insertions(+)
diff --git a/hw/ppc/spapr_nvdimm.c b/hw/ppc/spapr_nvdimm.c
index bc2b65420c..95cbc30528 100644
--- a/hw/ppc/spapr_nvdimm.c
+++ b/hw/ppc/spapr_nvdimm.c
@@ -27,13 +27,17 @@
#include "hw/ppc/spapr_nvdimm.h"
#include "hw/mem/nvdimm.h"
#include "qemu/nvdimm-utils.h"
+#include "qemu/option.h"
#include "hw/ppc/fdt.h"
#include "qemu/range.h"
+#include "sysemu/sysemu.h"
void spapr_nvdimm_validate(HotplugHandler *hotplug_dev, NVDIMMDevice *nvdimm,
uint64_t size, Error **errp)
{
const MachineClass *mc = MACHINE_GET_CLASS(hotplug_dev);
+const MachineState *ms = MACHINE(hotplug_dev);
+const char *nvdimm_opt = qemu_opt_get(qemu_get_machine_opts(), "nvdimm");
g_autofree char *uuidstr = NULL;
QemuUUID uuid;
int ret;
@@ -43,6 +47,20 @@ void spapr_nvdimm_validate(HotplugHandler *hotplug_dev,
NVDIMMDevice *nvdimm,
return;
}
+/*
+ * NVDIMM support went live in 5.1 without considering that, in
+ * other archs, the user needs to enable NVDIMM support with the
+ * 'nvdimm' machine option and the default behavior is NVDIMM
+ * support disabled. It is too late to roll back to the standard
+ * behavior without breaking 5.1 guests. What we can do is to
+ * ensure that, if the user sets nvdimm=off, we error out
+ * regardless of being 5.1 or newer.
+ */
+if (!ms->nvdimms_state->is_enabled && nvdimm_opt) {
+error_setg(errp, "nvdimm device found but 'nvdimm=off' was set");
+return;
+}
+
if (object_property_get_int(OBJECT(nvdimm), NVDIMM_LABEL_SIZE_PROP,
&error_abort) == 0) {
error_setg(errp, "PAPR requires NVDIMM devices to have label-size
set");
--
2.26.2
[PATCH 2/3] spapr, spapr_nvdimm: fold NVDIMM validation in the same place
NVDIMM has different contraints and conditions than the regular
DIMM and we'll need to add at least one more.
Instead of relying on 'if (nvdimm)' conditionals in the body of
spapr_memory_pre_plug(), use the existing spapr_nvdimm_validate_opts()
and put all NVDIMM handling code there. Rename it to
spapr_nvdimm_validate() to reflect that the function is now checking
more than the nvdimm device options. This makes spapr_memory_pre_plug()
a bit easier to follow, and we can tune in NVDIMM parameters
and validation in the same place.
Signed-off-by: Daniel Henrique Barboza
---
hw/ppc/spapr.c| 18 ++
hw/ppc/spapr_nvdimm.c | 10 --
include/hw/ppc/spapr_nvdimm.h | 4 ++--
3 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index dd2fa4826b..b0a04443fb 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -3520,7 +3520,6 @@ static void spapr_memory_pre_plug(HotplugHandler
*hotplug_dev, DeviceState *dev,
{
const SpaprMachineClass *smc = SPAPR_MACHINE_GET_CLASS(hotplug_dev);
SpaprMachineState *spapr = SPAPR_MACHINE(hotplug_dev);
-const MachineClass *mc = MACHINE_CLASS(smc);
bool is_nvdimm = object_dynamic_cast(OBJECT(dev), TYPE_NVDIMM);
PCDIMMDevice *dimm = PC_DIMM(dev);
Error *local_err = NULL;
@@ -3533,27 +3532,22 @@ static void spapr_memory_pre_plug(HotplugHandler
*hotplug_dev, DeviceState *dev,
return;
}
-if (is_nvdimm && !mc->nvdimm_supported) {
-error_setg(errp, "NVDIMM hotplug not supported for this machine");
-return;
-}
-
size = memory_device_get_region_size(MEMORY_DEVICE(dimm), &local_err);
if (local_err) {
error_propagate(errp, local_err);
return;
}
-if (!is_nvdimm && size % SPAPR_MEMORY_BLOCK_SIZE) {
-error_setg(errp, "Hotplugged memory size must be a multiple of "
- "%" PRIu64 " MB", SPAPR_MEMORY_BLOCK_SIZE / MiB);
-return;
-} else if (is_nvdimm) {
-spapr_nvdimm_validate_opts(NVDIMM(dev), size, &local_err);
+if (is_nvdimm) {
+spapr_nvdimm_validate(hotplug_dev, NVDIMM(dev), size, &local_err);
if (local_err) {
error_propagate(errp, local_err);
return;
}
+} else if (size % SPAPR_MEMORY_BLOCK_SIZE) {
+error_setg(errp, "Hotplugged memory size must be a multiple of "
+ "%" PRIu64 " MB", SPAPR_MEMORY_BLOCK_SIZE / MiB);
+return;
}
memdev = object_property_get_link(OBJECT(dimm), PC_DIMM_MEMDEV_PROP,
diff --git a/hw/ppc/spapr_nvdimm.c b/hw/ppc/spapr_nvdimm.c
index 9a20a65640..bc2b65420c 100644
--- a/hw/ppc/spapr_nvdimm.c
+++ b/hw/ppc/spapr_nvdimm.c
@@ -30,13 +30,19 @@
#include "hw/ppc/fdt.h"
#include "qemu/range.h"
-void spapr_nvdimm_validate_opts(NVDIMMDevice *nvdimm, uint64_t size,
-Error **errp)
+void spapr_nvdimm_validate(HotplugHandler *hotplug_dev, NVDIMMDevice *nvdimm,
+ uint64_t size, Error **errp)
{
+const MachineClass *mc = MACHINE_GET_CLASS(hotplug_dev);
g_autofree char *uuidstr = NULL;
QemuUUID uuid;
int ret;
+if (!mc->nvdimm_supported) {
+error_setg(errp, "NVDIMM hotplug not supported for this machine");
+return;
+}
+
if (object_property_get_int(OBJECT(nvdimm), NVDIMM_LABEL_SIZE_PROP,
&error_abort) == 0) {
error_setg(errp, "PAPR requires NVDIMM devices to have label-size
set");
diff --git a/include/hw/ppc/spapr_nvdimm.h b/include/hw/ppc/spapr_nvdimm.h
index b3330cc485..fd1736634c 100644
--- a/include/hw/ppc/spapr_nvdimm.h
+++ b/include/hw/ppc/spapr_nvdimm.h
@@ -29,8 +29,8 @@ int spapr_pmem_dt_populate(SpaprDrc *drc, SpaprMachineState
*spapr,
void *fdt, int *fdt_start_offset, Error **errp);
int spapr_dt_nvdimm(void *fdt, int parent_offset, NVDIMMDevice *nvdimm);
void spapr_dt_persistent_memory(void *fdt);
-void spapr_nvdimm_validate_opts(NVDIMMDevice *nvdimm, uint64_t size,
-Error **errp);
+void spapr_nvdimm_validate(HotplugHandler *hotplug_dev, NVDIMMDevice *nvdimm,
+ uint64_t size, Error **errp);
void spapr_add_nvdimm(DeviceState *dev, uint64_t slot, Error **errp);
void spapr_create_nvdimm_dr_connectors(SpaprMachineState *spapr);
--
2.26.2
[PATCH 1/3] ppc/spapr_nvdimm: use g_autofree in spapr_nvdimm_validate_opts()
Since we're using the string just once, just use g_autofree and
avoid leaking it without calling g_free().
Signed-off-by: Daniel Henrique Barboza
---
hw/ppc/spapr_nvdimm.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/ppc/spapr_nvdimm.c b/hw/ppc/spapr_nvdimm.c
index 81410aa63f..9a20a65640 100644
--- a/hw/ppc/spapr_nvdimm.c
+++ b/hw/ppc/spapr_nvdimm.c
@@ -33,7 +33,7 @@
void spapr_nvdimm_validate_opts(NVDIMMDevice *nvdimm, uint64_t size,
Error **errp)
{
-char *uuidstr = NULL;
+g_autofree char *uuidstr = NULL;
QemuUUID uuid;
int ret;
@@ -54,7 +54,6 @@ void spapr_nvdimm_validate_opts(NVDIMMDevice *nvdimm,
uint64_t size,
&error_abort);
ret = qemu_uuid_parse(uuidstr, &uuid);
g_assert(!ret);
-g_free(uuidstr);
if (qemu_uuid_is_null(&uuid)) {
error_setg(errp, "NVDIMM device requires the uuid to be set");
--
2.26.2
Re: [PATCH v3] block: Raise an error when backing file parameter is an empty string
On 8/13/20 8:47 AM, Connor Kuehl wrote: Providing an empty string for the backing file parameter like so: qemu-img create -f qcow2 -b '' /tmp/foo allows the flow of control to reach and subsequently fail an assert statement because passing an empty string to bdrv_get_full_backing_filename_from_filename() simply results in NULL being returned without an error being raised. To fix this, let's check for an empty string when getting the value from the opts list. Reported-by: Attila Fazekas Fixes: https://bugzilla.redhat.com/1809553 Signed-off-by: Connor Kuehl --- v3: - Moved test case into 049 instead of taking up 298. v2: - Removed 4 spaces to resolve pylint warning - Updated format to be 'iotests.imgfmt' instead of hardcoding 'qcow2' - Use temporary file instead of '/tmp/foo' - Give a size parameter to qemu-img - Run test for qcow2, qcow, qed and *not* raw Ping
[PATCH 0/3] spapr NVDIMM: consider 'nvdimm' machine option
This series aims to solve bug [1]. First patch is a trivial cleanup, feel free to squash into patch 02. Patch 02 attempts a code simplification to put all NVDIMM related logic in the same function. Patch 03 is where the actual fix is implemented. My initial approach here was to make the handling of '-machine nvdimm' for pSeries similar to how it is handled elsewhere, but I wasn't able to accomplish that without either (1) breaking up existing pseries-5.1 guests that didn't care about this option or (2) make pseries-5.1 and pseries-5.2+ machines to have different semantics for it. I ended up doing what I was sure was sensible: if the user puts '-machine nvdimm=off', we must comply to that. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1848887 Daniel Henrique Barboza (3): ppc/spapr_nvdimm: use g_autofree in spapr_nvdimm_validate_opts() spapr, spapr_nvdimm: fold NVDIMM validation in the same place ppc/spapr_nvdimm: do not enable support with 'nvdimm=off' hw/ppc/spapr.c| 18 ++ hw/ppc/spapr_nvdimm.c | 31 +++ include/hw/ppc/spapr_nvdimm.h | 4 ++-- 3 files changed, 35 insertions(+), 18 deletions(-) -- 2.26.2
Re: [PATCH 4/4] configure: Fix include and linkage issue on msys2
On 25/08/2020 17:53, luoyongg...@gmail.com wrote:
> From: Yonggang Luo
>
> On msys2, the -I/e/path/to/qemu -L/e/path/to/qemu are not recognized by the
> compiler
> Cause $PWD are result posix style path such as /e/path/to/qemu that can not
> be recognized
> by mingw gcc, and `pwd -W` are result Windows style path such as
> E:/path/to/qemu that can
> be recognized by the mingw gcc. So we replace all $PWD with $build_path that
> can
> building qemu under msys2/mingw environment.
>
> Signed-off-by: Yonggang Luo
> ---
> configure | 28 +++-
> 1 file changed, 19 insertions(+), 9 deletions(-)
>
> diff --git a/configure b/configure
> index b1e11397a8..3b9e79923d 100755
> --- a/configure
> +++ b/configure
> @@ -13,8 +13,13 @@ export CCACHE_RECACHE=yes
>
> # make source path absolute
> source_path=$(cd "$(dirname -- "$0")"; pwd)
> +build_path=$PWD
> +if [ "$MSYSTEM" = "MINGW64" -o "$MSYSTEM" = "MINGW32" ]; then
> +source_path=$(cd "$(dirname -- "$0")"; pwd -W)
> +build_path=`pwd -W`
> +fi
This is missing some indentation here, and also for other if statements
introduced below.
I'm wondering if build_path is the right name for this variable, since it looks
like
it returns another variant of the source directory?
> -if test "$PWD" = "$source_path"
> +if test "$build_path" = "$source_path"
> then
> echo "Using './build' as the directory for build output"
>
> @@ -346,7 +351,12 @@ ld_has() {
> $ld --help 2>/dev/null | grep ".$1" >/dev/null 2>&1
> }
>
> -if printf %s\\n "$source_path" "$PWD" | grep -q "[[:space:]:]";
> +check_valid_build_path="[[:space:]:]"
> +if [ "$MSYSTEM" = "MINGW64" -o "$MSYSTEM" = "MINGW32" ]; then
> +check_valid_build_path="[[:space:]]"
> +fi
> +
> +if printf %s\\n "$source_path" "$build_path" | grep -q
> "$check_valid_build_path";
> then
>error_exit "main directory cannot contain spaces nor colons"
> fi
> @@ -942,7 +952,7 @@ Linux)
>linux="yes"
>linux_user="yes"
>kvm="yes"
> - QEMU_INCLUDES="-isystem ${source_path}/linux-headers -I$PWD/linux-headers
> $QEMU_INCLUDES"
> + QEMU_INCLUDES="-isystem ${source_path}/linux-headers
> -I${build_path}/linux-headers $QEMU_INCLUDES"
>libudev="yes"
> ;;
> esac
> @@ -4283,7 +4293,7 @@ EOF
>symlink "$source_path/dtc/Makefile" "dtc/Makefile"
>fi
>fdt_cflags="-I${source_path}/dtc/libfdt"
> - fdt_ldflags="-L$PWD/dtc/libfdt"
> + fdt_ldflags="-L${build_path}/dtc/libfdt"
>fdt_libs="$fdt_libs"
>elif test "$fdt" = "yes" ; then
># Not a git build & no libfdt found, prompt for system install
> @@ -5268,7 +5278,7 @@ case "$capstone" in
> else
>LIBCAPSTONE=libcapstone.a
> fi
> -capstone_libs="-L$PWD/capstone -lcapstone"
> +capstone_libs="-L${build_path}/capstone -lcapstone"
> capstone_cflags="-I${source_path}/capstone/include"
> ;;
>
> @@ -6268,8 +6278,8 @@ case "$slirp" in
>git_submodules="${git_submodules} slirp"
> fi
> mkdir -p slirp
> -slirp_cflags="-I${source_path}/slirp/src -I$PWD/slirp/src"
> -slirp_libs="-L$PWD/slirp -lslirp"
> +slirp_cflags="-I${source_path}/slirp/src -I${build_path}/slirp/src"
> +slirp_libs="-L${build_path}/slirp -lslirp"
> if test "$mingw32" = "yes" ; then
>slirp_libs="$slirp_libs -lws2_32 -liphlpapi"
> fi
> @@ -8212,7 +8222,7 @@ fi
> mv $cross config-meson.cross
>
> rm -rf meson-private meson-info meson-logs
> -NINJA=$PWD/ninjatool $meson setup \
> +NINJA="${build_path}/ninjatool" $meson setup \
> --prefix "${pre_prefix}$prefix" \
> --libdir "${pre_prefix}$libdir" \
> --libexecdir "${pre_prefix}$libexecdir" \
> @@ -8232,7 +8242,7 @@ NINJA=$PWD/ninjatool $meson setup \
> -Dvnc=$vnc -Dvnc_sasl=$vnc_sasl -Dvnc_jpeg=$vnc_jpeg -Dvnc_png=$vnc_png
> \
> -Dgettext=$gettext -Dxkbcommon=$xkbcommon \
> $cross_arg \
> -"$PWD" "$source_path"
> +"$build_path" "$source_path"
>
> if test "$?" -ne 0 ; then
> error_exit "meson setup failed"
As I don't have your meson MR applied here, instead of this change to NINJA I
have
installed ninja via pacman and use the following diff instead:
diff --git a/configure b/configure
index 67832e3bab..58d76ae15a 100755
--- a/configure
+++ b/configure
@@ -8232,7 +8232,7 @@ fi
mv $cross config-meson.cross
rm -rf meson-private meson-info meson-logs
-NINJA=$PWD/ninjatool $meson setup \
+NINJA=ninja $meson setup \
--prefix "${pre_prefix}$prefix" \
--libdir "${pre_prefix}$libdir" \
--libexecdir "${pre_prefix}$libexecdir" \
I can confirm that this patch solves the linking issue and produces a working
qemu-system-ppc.exe which I was using as a quick test.
ATB,
Mark.
[PATCH 77/77] target/microblaze: Reduce linux-user address space to 32-bit
User-space programs cannot use the 64-bit lwea/swea instructions.
We can improve code generation and runtime by restricting the
user-only address space to 32-bit.
Signed-off-by: Richard Henderson
---
target/microblaze/cpu-param.h | 15 +++
target/microblaze/cpu.h | 2 +-
target/microblaze/helper.c| 4 ++--
target/microblaze/translate.c | 28 +++-
4 files changed, 45 insertions(+), 4 deletions(-)
diff --git a/target/microblaze/cpu-param.h b/target/microblaze/cpu-param.h
index 4abbc62d50..4d8297fa94 100644
--- a/target/microblaze/cpu-param.h
+++ b/target/microblaze/cpu-param.h
@@ -8,9 +8,24 @@
#ifndef MICROBLAZE_CPU_PARAM_H
#define MICROBLAZE_CPU_PARAM_H 1
+/*
+ * While system mode can address up to 64 bits of address space,
+ * this is done via the lea/sea instructions, which are system-only
+ * (as they also bypass the mmu).
+ *
+ * We can improve the user-only experience by only exposing 32 bits
+ * of address space.
+ */
+#ifdef CONFIG_USER_ONLY
+#define TARGET_LONG_BITS 32
+#define TARGET_PHYS_ADDR_SPACE_BITS 32
+#define TARGET_VIRT_ADDR_SPACE_BITS 32
+#else
#define TARGET_LONG_BITS 64
#define TARGET_PHYS_ADDR_SPACE_BITS 64
#define TARGET_VIRT_ADDR_SPACE_BITS 64
+#endif
+
/* FIXME: MB uses variable pages down to 1K but linux only uses 4k. */
#define TARGET_PAGE_BITS 12
#define NB_MMU_MODES 3
diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index 4298f242a6..d11b6fa995 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -242,7 +242,7 @@ struct CPUMBState {
uint32_t pc;
uint32_t msr;/* All bits of MSR except MSR[C] and MSR[CC] */
uint32_t msr_c; /* MSR[C], in low bit; other bits must be 0 */
-uint64_t ear;
+target_ulong ear;
uint32_t esr;
uint32_t fsr;
uint32_t btr;
diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
index 1667822fb7..48547385b0 100644
--- a/target/microblaze/helper.c
+++ b/target/microblaze/helper.c
@@ -303,8 +303,8 @@ void mb_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
iflags = cpu->env.iflags;
qemu_log_mask(CPU_LOG_INT,
- "Unaligned access addr=" TARGET_FMT_lx
- " pc=%x iflags=%x\n", addr, cpu->env.pc, iflags);
+ "Unaligned access addr=" TARGET_FMT_lx " pc=%x iflags=%x\n",
+ (target_ulong)addr, cpu->env.pc, iflags);
esr = ESR_EC_UNALIGNED_DATA;
if (likely(iflags & ESR_ESS_FLAG)) {
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index c8eb68ce4b..f6e16b7f5a 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -729,6 +729,7 @@ static TCGv compute_ldst_addr_typeb(DisasContext *dc, int
ra, int imm)
return ret;
}
+#ifndef CONFIG_USER_ONLY
static TCGv compute_ldst_addr_ea(DisasContext *dc, int ra, int rb)
{
int addr_size = dc->cpu->cfg.addr_size;
@@ -754,6 +755,7 @@ static TCGv compute_ldst_addr_ea(DisasContext *dc, int ra,
int rb)
}
return ret;
}
+#endif
static void record_unaligned_ess(DisasContext *dc, int rd,
MemOp size, bool store)
@@ -818,8 +820,12 @@ static bool trans_lbuea(DisasContext *dc, arg_typea *arg)
if (trap_userspace(dc, true)) {
return true;
}
+#ifdef CONFIG_USER_ONLY
+return true;
+#else
TCGv addr = compute_ldst_addr_ea(dc, arg->ra, arg->rb);
return do_load(dc, arg->rd, addr, MO_UB, MMU_NOMMU_IDX, false);
+#endif
}
static bool trans_lbui(DisasContext *dc, arg_typeb *arg)
@@ -845,8 +851,12 @@ static bool trans_lhuea(DisasContext *dc, arg_typea *arg)
if (trap_userspace(dc, true)) {
return true;
}
+#ifdef CONFIG_USER_ONLY
+return true;
+#else
TCGv addr = compute_ldst_addr_ea(dc, arg->ra, arg->rb);
return do_load(dc, arg->rd, addr, MO_TEUW, MMU_NOMMU_IDX, false);
+#endif
}
static bool trans_lhui(DisasContext *dc, arg_typeb *arg)
@@ -872,8 +882,12 @@ static bool trans_lwea(DisasContext *dc, arg_typea *arg)
if (trap_userspace(dc, true)) {
return true;
}
+#ifdef CONFIG_USER_ONLY
+return true;
+#else
TCGv addr = compute_ldst_addr_ea(dc, arg->ra, arg->rb);
return do_load(dc, arg->rd, addr, MO_TEUL, MMU_NOMMU_IDX, false);
+#endif
}
static bool trans_lwi(DisasContext *dc, arg_typeb *arg)
@@ -952,8 +966,12 @@ static bool trans_sbea(DisasContext *dc, arg_typea *arg)
if (trap_userspace(dc, true)) {
return true;
}
+#ifdef CONFIG_USER_ONLY
+return true;
+#else
TCGv addr = compute_ldst_addr_ea(dc, arg->ra, arg->rb);
return do_store(dc, arg->rd, addr, MO_UB, MMU_NOMMU_IDX, false);
+#endif
}
static bool trans_sbi(DisasContext *dc, arg_typeb *arg)
@@ -979,8 +997,12 @@ static bool trans_shea(DisasContext *dc, arg_typea *arg)
if (trap_userspace(dc, true)) {
return true;
}
+#ifdef CONFIG_USER_ONLY
+return true;
+#else
TCGv addr = compute_ldst_addr_ea(dc, ar
Re: [PULL 00/18] riscv-to-apply queue
On Tue, 25 Aug 2020 at 22:32, Alistair Francis wrote: > > On Tue, Aug 25, 2020 at 2:24 PM Peter Maydell > wrote: > > The hypervisor related patches don't seem to have any > > reviewed-by tags, which seems a shame for a fairly significant > > chunk of work. Is there really nobody who can review them > > for you ? > > Unfortunately not. They have been on the list since April and haven't > received any feedback. > > There isn't a lot of people reviewing the RISC-V patches unfortunately. :-( I'd hoped it was a more active target than that. -- PMM
better file/line info for format string errors in trace events
If you have a format string error in a trace event it fails
like this:
In file included from ../../hw/block/trace.h:1:0,
from ../../hw/block/fdc.c:48:
./trace/trace-hw_block.h: In function '_nocheck__trace_pci_nvme_err_mdts':
./trace/trace-hw_block.h:2162:18: error: format '%llu' expects
argument of type 'long long unsigned int', but argument 6 has type
'size_t {aka unsigned int}' [-Werror=format=]
qemu_log("%d@%zu.%06zu:pci_nvme_err_mdts " "cid %"PRIu16" len
%"PRIu64"" "\n",
^
In file included from /home/peter.maydell/qemu/include/qemu/osdep.h:89:0,
from ../../hw/block/fdc.c:30:
/usr/include/inttypes.h:105:34: note: format string is defined here
# define PRIu64 __PRI64_PREFIX "u"
which doesn't anywhere give the filename where the format
string is actually defined (hw/block/trace-events in this case),
let alone the line number in that file of the trace event.
Bit of a long shot, but I don't suppose it's possible for the
tracing subsystem to give more targeted error messages in this
situation ?
thanks
-- PMM
[PATCH 75/77] target/microblaze: Remove cpu_R[0]
Do not initialize cpu_R[0], as this should be totally unused.
The cpu_for_read and cpu_for_write functions use a local temp.
Signed-off-by: Richard Henderson
---
target/microblaze/translate.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 2df22e8c2a..c8eb68ce4b 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -1875,7 +1875,13 @@ void mb_tcg_init(void)
static const struct {
TCGv_i32 *var; int ofs; char name[8];
} i32s[] = {
-R(0), R(1), R(2), R(3), R(4), R(5), R(6), R(7),
+/*
+ * Note that r0 is handled specially in reg_for_read
+ * and reg_for_write. Nothing should touch cpu_R[0].
+ * Leave that element NULL, which will assert quickly
+ * inside the tcg generator functions.
+ */
+ R(1), R(2), R(3), R(4), R(5), R(6), R(7),
R(8), R(9), R(10), R(11), R(12), R(13), R(14), R(15),
R(16), R(17), R(18), R(19), R(20), R(21), R(22), R(23),
R(24), R(25), R(26), R(27), R(28), R(29), R(30), R(31),
--
2.25.1
Re: linux-user static build broken
On Tue, 25 Aug 2020 at 21:37, Laurent Vivier wrote: > > Hi, > > since we have switched to meson, the statically linked binaries of qemu > linux-user are broken: > > cd $OBJ > $SRC/configure --static --target-list=m68k-linux-user > make > ./qemu-m68k > Segmentation fault (core dumped) It can't be all static binaries, because part of my merge tests is a config with '../../configure' '--cc=ccache gcc' '--enable-debug' '--static' '--disable-system' '--disable-gnutls' and that works: $ ./build/all-linux-static/qemu-m68k qemu: no user program specified So it must be something more specific, though I don't know what. thanks -- PMM
[PATCH 73/77] target/microblaze: Convert dec_stream to decodetree
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 6
target/microblaze/translate.c | 64 ++
2 files changed, 55 insertions(+), 15 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index 48c60082e0..79d32c826c 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -156,6 +156,9 @@ flt 010110 . . - 0101 000
@typea0
fint010110 . . - 0110 000 @typea0
fsqrt 010110 . . 0 0111 000 @typea0
+get 011011 rd:5 0 0 ctrl:5 00 imm:4
+getd010011 rd:5 0 rb:5 0 ctrl:5 0
+
idiv010010 . . . 000 @typea
idivu 010010 . . . 000 0010 @typea
@@ -198,6 +201,9 @@ pcmpbf 10 . . . 100
@typea
pcmpeq 100010 . . . 100 @typea
pcmpne 100011 . . . 100 @typea
+put 011011 0 ra:5 1 ctrl:5 00 imm:4
+putd010011 0 ra:5 rb:5 1 ctrl:5 0
+
rsub01 . . . 000 @typea
rsubc 11 . . . 000 @typea
rsubk 000101 . . . 000 @typea
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index e9e4a0e1db..0a05b49f8e 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -1587,33 +1587,68 @@ static void dec_null(DisasContext *dc)
}
/* Insns connected to FSL or AXI stream attached devices. */
-static void dec_stream(DisasContext *dc)
+static bool do_get(DisasContext *dc, int rd, int rb, int imm, int ctrl)
{
TCGv_i32 t_id, t_ctrl;
-int ctrl;
if (trap_userspace(dc, true)) {
-return;
+return true;
}
t_id = tcg_temp_new_i32();
-if (dc->type_b) {
-tcg_gen_movi_i32(t_id, dc->imm & 0xf);
-ctrl = dc->imm >> 10;
+if (rb) {
+tcg_gen_andi_i32(t_id, cpu_R[rb], 0xf);
} else {
-tcg_gen_andi_i32(t_id, cpu_R[dc->rb], 0xf);
-ctrl = dc->imm >> 5;
+tcg_gen_movi_i32(t_id, imm);
}
t_ctrl = tcg_const_i32(ctrl);
-
-if (dc->rd == 0) {
-gen_helper_put(t_id, t_ctrl, cpu_R[dc->ra]);
-} else {
-gen_helper_get(cpu_R[dc->rd], t_id, t_ctrl);
-}
+gen_helper_get(reg_for_write(dc, rd), t_id, t_ctrl);
tcg_temp_free_i32(t_id);
tcg_temp_free_i32(t_ctrl);
+return true;
+}
+
+static bool trans_get(DisasContext *dc, arg_get *arg)
+{
+return do_get(dc, arg->rd, 0, arg->imm, arg->ctrl);
+}
+
+static bool trans_getd(DisasContext *dc, arg_getd *arg)
+{
+return do_get(dc, arg->rd, arg->rb, 0, arg->ctrl);
+}
+
+static bool do_put(DisasContext *dc, int ra, int rb, int imm, int ctrl)
+{
+TCGv_i32 t_id, t_ctrl;
+
+if (trap_userspace(dc, true)) {
+return true;
+}
+
+t_id = tcg_temp_new_i32();
+if (rb) {
+tcg_gen_andi_i32(t_id, cpu_R[rb], 0xf);
+} else {
+tcg_gen_movi_i32(t_id, imm);
+}
+
+t_ctrl = tcg_const_i32(ctrl);
+gen_helper_get(t_id, t_ctrl, reg_for_read(dc, ra));
+tcg_temp_free_i32(t_id);
+tcg_temp_free_i32(t_ctrl);
+return true;
+}
+
+static bool trans_put(DisasContext *dc, arg_put *arg)
+{
+return do_put(dc, arg->ra, 0, arg->imm, arg->ctrl);
+}
+
+static bool trans_putd(DisasContext *dc, arg_putd *arg)
+{
+return do_put(dc, arg->ra, arg->rb, 0, arg->ctrl);
}
static struct decoder_info {
@@ -1623,7 +1658,6 @@ static struct decoder_info {
};
void (*dec)(DisasContext *dc);
} decinfo[] = {
-{DEC_STREAM, dec_stream},
{{0, 0}, dec_null}
};
--
2.25.1
ANNOUNCE: libnbd 1.4 - high performance NBD client library
I'm pleased to announce the release of libnbd 1.4.0, a high performance Network Block Device (NBD) client library. Key features of libnbd: * Synchronous API for ease of use. * Asynchronous API for writing non-blocking, multithreaded clients. You can mix both APIs freely. * High performance. * Minimal dependencies for the basic library. * Well-documented, stable API. * Bindings in several programming languages. * Shell (nbdsh) for command line and scripting. Git: https://github.com/libguestfs/libnbd Download: https://download.libguestfs.org/libnbd/1.4-stable/ Release notes: https://libguestfs.org/libnbd-release-notes-1.4.1.html Fedora: https://koji.fedoraproject.org/koji/packageinfo?packageID=28807 Debian: https://packages.debian.org/libnbd *** Release notes for libnbd 1.4 *** These are the release notes for libnbd stable release 1.4. This describes the major changes since 1.2. libnbd 1.4.0 was released on 25 August 2020. Security There were no security issues found in this release. If you find a security issue, please read SECURITY in the source (online here: https://github.com/libguestfs/libnbd/blob/master/SECURITY). To find out about previous security issues in libnbd, see libnbd-security(3). New APIs nbd_set_opt_mode(3) nbd_get_opt_mode(3) nbd_aio_is_negotiating(3) libnbd 1.4 adds a new “negotiating” state during NBD handshaking. For backwards compatibility programs must request this before starting the connection by calling nbd_set_opt_mode(3). You can find out if the connection is in this state by calling nbd_aio_is_negotiating(3). For an in-depth description of how this extra state can be used to negotiate server options, see "CONTROLLING NEGOTIATION" in libnbd(3). nbd_aio_opt_abort(3) nbd_opt_abort(3) During the negotiating state, abort the connection. nbd_aio_opt_go(3) nbd_opt_go(3) During the negotiating state, complete the handshake. nbd_aio_opt_info(3) nbd_opt_info(3) During the negotiating state, request full information about the server export. nbd_aio_opt_list(3) nbd_opt_list(3) During the negotiating state, request the list of exports that the server provides. nbd_get_block_size(3) Return the minimum, preferred or maximum block size constraints for requests sent to the server. nbd_get_canonical_export_name(3) Return the canonical export name that the server defaults to. This information may only be available if you call nbd_set_full_info(3) before connecting. nbd_get_export_description(3) Return the optional text description of the current export. This information may only be available if you call nbd_set_full_info(3) before connecting. nbd_set_full_info(3) nbd_get_full_info(3) Enable extended information about exports from the server. Thanks: Eric Blake for all of the new APIs. New features Bindings are now available in the Go programming language. FreeBSD and OpenBSD are now fully supported platforms. Bash tab completion is available for all of the command line tools. Documentation Verbatim text in man pages that wrapped over several lines is now typeset correctly. Links within the documentation have been enhanced, and are now checked for correctness. Tools New nbdcopy(1) tool lets you copy between an NBD server and a local file, or stream to and from an NBD server. New nbdinfo(1) tool lets you print extended information about an NBD server’s exports (Eric Blake). Tests Test sockets are created in /tmp (instead of the local directory). This stops the test suite from failing if the local directory path is longer than the Unix domain socket maximum path length. Other improvements and bug fixes Trace messages have been improved: long strings are truncated, strings with non-printable characters are escaped, and lists of strings are printed. The generator was split from a large single script into several small files. To build from git the OCaml bytecode compiler (ocamlc(1)) is now required instead of the interpreter (ocaml(1)). Long login names are supported in nbd_get_tls_username(3). The handle name in nbdsh(1) is now set to "nbdsh" (instead of a randomly generated name). Compatibility with OCaml 4.10.0 and 4.11.0. Python AIO buffer adds a new "is_zero" method allowing Python clients to do sparsification when copying. Compatibility with Python 3.9. External C programs can now be compiled
[PATCH 67/77] target/microblaze: Convert dec_br to decodetree
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 14 +
target/microblaze/translate.c | 98 +++---
2 files changed, 68 insertions(+), 44 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index 77b073be9e..94520e92dd 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -65,6 +65,20 @@ andi101001 . .
@typeb
andn100011 . . . 000 @typea
andni 101011 . . @typeb
+br 100110 . 0 . 000 @typea_br
+bra 100110 . 01000 . 000 @typea_br
+brd 100110 . 1 . 000 @typea_br
+brad100110 . 11000 . 000 @typea_br
+brld100110 . 10100 . 000 @typea_br
+brald 100110 . 11100 . 000 @typea_br
+
+bri 101110 . 0 @typeb_br
+brai101110 . 01000 @typeb_br
+brid101110 . 1 @typeb_br
+braid 101110 . 11000 @typeb_br
+brlid 101110 . 10100 @typeb_br
+bralid 101110 . 11100 @typeb_br
+
brk 100110 . 01100 . 000 @typea_br
brki101110 . 01100 @typeb_br
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 5bd771671b..73c956cd76 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -1087,6 +1087,58 @@ static bool trans_swx(DisasContext *dc, arg_typea *arg)
return true;
}
+static bool setup_dslot(DisasContext *dc)
+{
+if (wait_for_next_tb(dc)) {
+return true;
+}
+
+dc->tb_flags_to_set |= D_FLAG;
+if (dc->type_b && (dc->tb_flags & IMM_FLAG)) {
+dc->tb_flags_to_set |= BIMM_FLAG;
+}
+return false;
+}
+
+static bool do_branch(DisasContext *dc, int dest_rb, int dest_imm,
+ bool delay, bool abs, int link)
+{
+uint32_t add_pc;
+
+if (delay && setup_dslot(dc)) {
+return true;
+}
+
+if (link) {
+tcg_gen_movi_i32(cpu_R[link], dc->base.pc_next);
+}
+
+/* Store the branch taken destination into btarget. */
+add_pc = abs ? 0 : dc->base.pc_next;
+if (dest_rb) {
+dc->jmp_dest = -1;
+tcg_gen_addi_i32(cpu_btarget, cpu_R[dest_rb], add_pc);
+} else {
+dc->jmp_dest = add_pc + dest_imm;
+tcg_gen_movi_i32(cpu_btarget, dc->jmp_dest);
+}
+dc->jmp_cond = TCG_COND_ALWAYS;
+return true;
+}
+
+#define DO_BR(NAME, NAMEI, DELAY, ABS, LINK) \
+static bool trans_##NAME(DisasContext *dc, arg_typea_br *arg) \
+{ return do_branch(dc, arg->rb, 0, DELAY, ABS, LINK ? arg->rd : 0); } \
+static bool trans_##NAMEI(DisasContext *dc, arg_typeb_br *arg) \
+{ return do_branch(dc, 0, arg->imm, DELAY, ABS, LINK ? arg->rd : 0); }
+
+DO_BR(br, bri, false, false, false)
+DO_BR(bra, brai, false, true, false)
+DO_BR(brd, brid, true, false, false)
+DO_BR(brad, braid, true, true, false)
+DO_BR(brld, brlid, true, false, true)
+DO_BR(brald, bralid, true, true, true)
+
static bool trans_brk(DisasContext *dc, arg_typea_br *arg)
{
if (trap_userspace(dc, true)) {
@@ -1393,19 +1445,6 @@ static void dec_msr(DisasContext *dc)
}
}
-static bool dec_setup_dslot(DisasContext *dc)
-{
-if (wait_for_next_tb(dc)) {
-return true;
-}
-
-dc->tb_flags_to_set |= D_FLAG;
-if (dc->type_b && (dc->tb_flags & IMM_FLAG)) {
-dc->tb_flags_to_set |= BIMM_FLAG;
-}
-return false;
-}
-
static void dec_bcc(DisasContext *dc)
{
static const TCGCond mb_to_tcg_cc[] = {
@@ -1423,7 +1462,7 @@ static void dec_bcc(DisasContext *dc)
cc = EXTRACT_FIELD(dc->ir, 21, 23);
dslot = dc->ir & (1 << 25);
-if (dslot && dec_setup_dslot(dc)) {
+if (dslot && setup_dslot(dc)) {
return;
}
@@ -1452,34 +1491,6 @@ static void dec_bcc(DisasContext *dc)
tcg_temp_free_i32(next);
}
-static void dec_br(DisasContext *dc)
-{
-unsigned int dslot, link, abs;
-uint32_t add_pc;
-
-dslot = dc->ir & (1 << 20);
-abs = dc->ir & (1 << 19);
-link = dc->ir & (1 << 18);
-
-if (dslot && dec_setup_dslot(dc)) {
-return;
-}
-
-if (link && dc->rd) {
-tcg_gen_movi_i32(cpu_R[dc->rd], dc->base.pc_next);
-}
-
-add_pc = abs ? 0 : dc->base.pc_next;
-if (dc->type_b) {
-dc->jmp_dest = add_pc + dec_alu_typeb_imm(dc);
-tcg_gen_movi_i32(cpu_btarget, dc->jmp_dest);
-} else {
-dc->jmp_dest = -1;
-tcg_gen_addi_i32(cpu_btarget, cpu_R[dc->rb], add_pc);
-}
-dc->jmp_cond = TCG_COND_ALWAYS;
-}
-
static inl
[PATCH 65/77] target/microblaze: Reorganize branching
Remove the btaken variable, and simplify things by always computing
the full branch destination into btarget. This avoids all need for
sync_jmpstate().
Retain the direct branch behaviour by remembering the jump destination
in jmp_dest, discarding btarget. In the normal case, where the branch
delay slot cannot trap (e.g. arithmetic not memory operation), tcg will
remove the computation into btarget, leaving us with just the tcg
direct branching at the end.
Signed-off-by: Richard Henderson
---
target/microblaze/cpu.h | 4 +-
target/microblaze/translate.c | 192 ++
2 files changed, 79 insertions(+), 117 deletions(-)
diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index 1528749a0b..4298f242a6 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -234,8 +234,8 @@ typedef struct CPUMBState CPUMBState;
#define TARGET_INSN_START_EXTRA_WORDS 1
struct CPUMBState {
-uint32_t btaken;
-uint32_t btarget;
+uint32_t bvalue; /* TCG temporary, only valid during a TB */
+uint32_t btarget; /* Full resolved branch destination */
uint32_t imm;
uint32_t regs[32];
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index a391e80fb9..6f9b20d391 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -45,7 +45,7 @@ static TCGv_i32 cpu_pc;
static TCGv_i32 cpu_msr;
static TCGv_i32 cpu_msr_c;
static TCGv_i32 cpu_imm;
-static TCGv_i32 cpu_btaken;
+static TCGv_i32 cpu_bvalue;
static TCGv_i32 cpu_btarget;
static TCGv_i32 cpu_iflags;
static TCGv cpu_res_addr;
@@ -77,12 +77,11 @@ typedef struct DisasContext {
unsigned int tb_flags_to_set;
int mem_index;
-#define JMP_NOJMP 0
-#define JMP_DIRECT1
-#define JMP_DIRECT_CC 2
-#define JMP_INDIRECT 3
-unsigned int jmp;
-uint32_t jmp_pc;
+/* Condition under which to jump, including NEVER and ALWAYS. */
+TCGCond jmp_cond;
+
+/* Immediate branch-taken destination, or -1 for indirect. */
+uint32_t jmp_dest;
int abort_at_next_insn;
} DisasContext;
@@ -106,17 +105,6 @@ static void t_sync_flags(DisasContext *dc)
}
}
-static inline void sync_jmpstate(DisasContext *dc)
-{
-if (dc->jmp == JMP_DIRECT || dc->jmp == JMP_DIRECT_CC) {
-if (dc->jmp == JMP_DIRECT) {
-tcg_gen_movi_i32(cpu_btaken, 1);
-}
-dc->jmp = JMP_INDIRECT;
-tcg_gen_movi_i32(cpu_btarget, dc->jmp_pc);
-}
-}
-
static void gen_raise_exception(DisasContext *dc, uint32_t index)
{
TCGv_i32 tmp = tcg_const_i32(index);
@@ -821,8 +809,6 @@ static bool do_load(DisasContext *dc, int rd, TCGv addr,
MemOp mop,
}
}
-sync_jmpstate(dc);
-
if (size > MO_8 &&
(dc->tb_flags & MSR_EE) &&
dc->cpu->cfg.unaligned_exceptions) {
@@ -924,8 +910,6 @@ static bool trans_lwx(DisasContext *dc, arg_typea *arg)
/* lwx does not throw unaligned access errors, so force alignment */
tcg_gen_andi_tl(addr, addr, ~3);
-sync_jmpstate(dc);
-
tcg_gen_qemu_ld_i32(cpu_res_val, addr, dc->mem_index, MO_TEUL);
tcg_gen_mov_tl(cpu_res_addr, addr);
tcg_temp_free(addr);
@@ -959,8 +943,6 @@ static bool do_store(DisasContext *dc, int rd, TCGv addr,
MemOp mop,
}
}
-sync_jmpstate(dc);
-
if (size > MO_8 &&
(dc->tb_flags & MSR_EE) &&
dc->cpu->cfg.unaligned_exceptions) {
@@ -1062,8 +1044,6 @@ static bool trans_swx(DisasContext *dc, arg_typea *arg)
TCGLabel *swx_fail = gen_new_label();
TCGv_i32 tval;
-sync_jmpstate(dc);
-
/* swx does not throw unaligned access errors, so force alignment */
tcg_gen_andi_tl(addr, addr, ~3);
@@ -1413,44 +1393,6 @@ static void dec_msr(DisasContext *dc)
}
}
-static inline void eval_cc(DisasContext *dc, unsigned int cc,
- TCGv_i32 d, TCGv_i32 a)
-{
-static const int mb_to_tcg_cc[] = {
-[CC_EQ] = TCG_COND_EQ,
-[CC_NE] = TCG_COND_NE,
-[CC_LT] = TCG_COND_LT,
-[CC_LE] = TCG_COND_LE,
-[CC_GE] = TCG_COND_GE,
-[CC_GT] = TCG_COND_GT,
-};
-
-switch (cc) {
-case CC_EQ:
-case CC_NE:
-case CC_LT:
-case CC_LE:
-case CC_GE:
-case CC_GT:
-tcg_gen_setcondi_i32(mb_to_tcg_cc[cc], d, a, 0);
-break;
-default:
-cpu_abort(CPU(dc->cpu), "Unknown condition code %x.\n", cc);
-break;
-}
-}
-
-static void eval_cond_jmp(DisasContext *dc, TCGv_i32 pc_true, TCGv_i32
pc_false)
-{
-TCGv_i32 zero = tcg_const_i32(0);
-
-tcg_gen_movcond_i32(TCG_COND_NE, cpu_pc,
-cpu_btaken, zero,
-pc_true, pc_false);
-
-tcg_temp_free_i32(zero);
-}
-
static bool dec_setup_dslot(DisasContext *dc)
{
if (wait_for_next_tb(dc)) {
@@ -1466,8 +1408,17 @@ static bool dec_setup_dslot(DisasContext *dc)
static void dec_bcc(DisasContext *dc)
{
+static const TCGCond mb_to_tcg_cc[] = {
Re: [PULL] nvme updates
On Tue, 25 Aug 2020 at 21:12, Keith Busch wrote:
>
> On Sun, Aug 23, 2020 at 02:56:12PM +0100, Peter Maydell wrote:
> > Hi; it looks like this isn't a gpg-signed tag?
> >
> > error: remotes/nvme/nvme-next: cannot verify a non-tag object of type
> > commit.
>
> Oops, sorry I forgot about that part of the procedure here. The repo should
> have a signed tag now:
Thanks; the gpg key setup looks ok.
I notice that all the commits in the repo have Klaus's signed-off-by.
Usually the expectation is that the person who sends the pull req
is the one who's curated the tree and added their signed-off-by,
but are you doing a jointly-administered tree here ?
The build has a format string issue that shows up on OSX, Windows,
and 32-bit builds:
In file included from ../../hw/block/trace.h:1:0,
from ../../hw/block/fdc.c:48:
./trace/trace-hw_block.h: In function '_nocheck__trace_pci_nvme_err_mdts':
./trace/trace-hw_block.h:2162:18: error: format '%llu' expects
argument of type 'long long unsigned int', but argument 6 has type
'size_t {aka unsigned int}' [-Werror=format=]
qemu_log("%d@%zu.%06zu:pci_nvme_err_mdts " "cid %"PRIu16" len
%"PRIu64"" "\n",
^
thanks
-- PMM
[PATCH 64/77] target/microblaze: Convert mbar to decodetree
Split this out of the normal branch instructions, as it requires
special handling. End the TB only for an instruction barrier.
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 2 +
target/microblaze/translate.c | 81 ++
2 files changed, 45 insertions(+), 38 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index 53da2b75aa..77b073be9e 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -124,6 +124,8 @@ lwea110010 . . . 0001 000
@typea
lwx 110010 . . . 1000 000 @typea
lwi 111010 . . @typeb
+mbar101110 imm:5 00010 0100
+
mul 01 . . . 000 @typea
mulh01 . . . 000 0001 @typea
mulhu 01 . . . 000 0011 @typea
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index fc1c661368..a391e80fb9 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -1166,6 +1166,48 @@ static bool trans_brki(DisasContext *dc, arg_typeb_br
*arg)
return true;
}
+static bool trans_mbar(DisasContext *dc, arg_mbar *arg)
+{
+int mbar_imm = arg->imm;
+
+/*
+ * Instruction access memory barrier.
+ * End the TB so that we recognize self-modified code immediately.
+ */
+if (mbar_imm & 1) {
+dc->cpustate_changed = 1;
+}
+
+/* Data access memory barrier. */
+if (mbar_imm & 2) {
+tcg_gen_mb(TCG_BAR_SC | TCG_MO_ALL);
+}
+
+/* Sleep. */
+if (mbar_imm & 16) {
+TCGv_i32 tmp_1;
+
+if (trap_userspace(dc, true)) {
+/* Sleep is a privileged instruction. */
+return true;
+}
+
+t_sync_flags(dc);
+
+tmp_1 = tcg_const_i32(1);
+tcg_gen_st_i32(tmp_1, cpu_env,
+ -offsetof(MicroBlazeCPU, env)
+ +offsetof(CPUState, halted));
+tcg_temp_free_i32(tmp_1);
+
+tcg_gen_movi_i32(cpu_pc, dc->base.pc_next + 4);
+
+gen_raise_exception(dc, EXCP_HLT);
+}
+return true;
+}
+
+
static void msr_read(DisasContext *dc, TCGv_i32 d)
{
TCGv_i32 t;
@@ -1447,50 +1489,13 @@ static void dec_bcc(DisasContext *dc)
static void dec_br(DisasContext *dc)
{
-unsigned int dslot, link, abs, mbar;
+unsigned int dslot, link, abs;
uint32_t add_pc;
dslot = dc->ir & (1 << 20);
abs = dc->ir & (1 << 19);
link = dc->ir & (1 << 18);
-/* Memory barrier. */
-mbar = (dc->ir >> 16) & 31;
-if (mbar == 2 && dc->imm == 4) {
-uint16_t mbar_imm = dc->rd;
-
-/* Data access memory barrier. */
-if ((mbar_imm & 2) == 0) {
-tcg_gen_mb(TCG_BAR_SC | TCG_MO_ALL);
-}
-
-/* mbar IMM & 16 decodes to sleep. */
-if (mbar_imm & 16) {
-TCGv_i32 tmp_1;
-
-if (trap_userspace(dc, true)) {
-/* Sleep is a privileged instruction. */
-return;
-}
-
-t_sync_flags(dc);
-
-tmp_1 = tcg_const_i32(1);
-tcg_gen_st_i32(tmp_1, cpu_env,
- -offsetof(MicroBlazeCPU, env)
- +offsetof(CPUState, halted));
-tcg_temp_free_i32(tmp_1);
-
-tcg_gen_movi_i32(cpu_pc, dc->base.pc_next + 4);
-
-gen_raise_exception(dc, EXCP_HLT);
-return;
-}
-/* Break the TB. */
-dc->cpustate_changed = 1;
-return;
-}
-
if (dslot && dec_setup_dslot(dc)) {
return;
}
--
2.25.1
Re: [PATCH 1/4] meson: Fixes the ninjatool issue that E$$: are generated in Makefile.ninja
On 8/25/20 11:53 AM, luoyongg...@gmail.com wrote: From: Yonggang Luo SIMPLE_PATH_RE should match the full path token. Or the $ and : contained in path would not matched if the path are start with C:/ and E:/ --- Missing a Signed-off-by tag. Without that, we cannot apply it. Also missing a 0/4 cover letter; less essential, but useful for continuous integration tools and for replying to the series as a whole. More patch submission hints can be found at https://wiki.qemu.org/Contribute/SubmitAPatch -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
[PATCH 61/77] target/microblaze: Tidy mb_cpu_dump_state
Using lookup_symbol is quite slow; remove that. Decode the
various bits of iflags; only show imm, btaken, btarget when
they are relevant to iflags. Improve formatting.
Signed-off-by: Richard Henderson
---
target/microblaze/translate.c | 67 +--
1 file changed, 41 insertions(+), 26 deletions(-)
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 3ba2dc1800..4675326083 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -1810,41 +1810,56 @@ void mb_cpu_dump_state(CPUState *cs, FILE *f, int flags)
{
MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
CPUMBState *env = &cpu->env;
+uint32_t iflags;
int i;
-if (!env) {
-return;
-}
-
-qemu_fprintf(f, "IN: PC=%x %s\n",
- env->pc, lookup_symbol(env->pc));
-qemu_fprintf(f, "rmsr=%x resr=%x rear=%" PRIx64 " "
- "imm=%x iflags=%x fsr=%x rbtr=%x\n",
- env->msr, env->esr, env->ear,
- env->imm, env->iflags, env->fsr, env->btr);
-qemu_fprintf(f, "btaken=%d btarget=%x mode=%s(saved=%s) eip=%d ie=%d\n",
- env->btaken, env->btarget,
+qemu_fprintf(f, "pc=0x%08x msr=0x%05x mode=%s(saved=%s) eip=%d ie=%d\n",
+ env->pc, env->msr,
(env->msr & MSR_UM) ? "user" : "kernel",
(env->msr & MSR_UMS) ? "user" : "kernel",
(bool)(env->msr & MSR_EIP),
(bool)(env->msr & MSR_IE));
-for (i = 0; i < 12; i++) {
-qemu_fprintf(f, "rpvr%2.2d=%8.8x ", i, env->pvr.regs[i]);
-if ((i + 1) % 4 == 0) {
-qemu_fprintf(f, "\n");
-}
+
+iflags = env->iflags;
+qemu_fprintf(f, "iflags: 0x%08x", iflags);
+if (iflags & IMM_FLAG) {
+qemu_fprintf(f, " IMM(0x%08x)", env->imm);
+}
+if (iflags & BIMM_FLAG) {
+qemu_fprintf(f, " BIMM");
+}
+if (iflags & D_FLAG) {
+qemu_fprintf(f, " D(btaken=%d btarget=0x%08x)",
+ env->btaken, env->btarget);
+}
+if (iflags & DRTI_FLAG) {
+qemu_fprintf(f, " DRTI");
+}
+if (iflags & DRTE_FLAG) {
+qemu_fprintf(f, " DRTE");
+}
+if (iflags & DRTB_FLAG) {
+qemu_fprintf(f, " DRTB");
+}
+if (iflags & ESR_ESS_FLAG) {
+qemu_fprintf(f, " ESR_ESS(0x%04x)", iflags & ESR_ESS_MASK);
+}
+
+qemu_fprintf(f, "\nesr=0x%04x fsr=0x%02x btr=0x%08x edr=0x%x\n"
+ "ear=0x%016" PRIx64 " slr=0x%x shr=0x%x\n",
+ env->esr, env->fsr, env->btr, env->edr,
+ env->ear, env->slr, env->shr);
+
+for (i = 0; i < 12; i++) {
+qemu_fprintf(f, "rpvr%-2d=%08x%c",
+ i, env->pvr.regs[i], i % 4 == 3 ? '\n' : ' ');
}
-/* Registers that aren't modeled are reported as 0 */
-qemu_fprintf(f, "redr=%x rpid=0 rzpr=0 rtlbx=0 rtlbsx=0 "
-"rtlblo=0 rtlbhi=0\n", env->edr);
-qemu_fprintf(f, "slr=%x shr=%x\n", env->slr, env->shr);
for (i = 0; i < 32; i++) {
-qemu_fprintf(f, "r%2.2d=%8.8x ", i, env->regs[i]);
-if ((i + 1) % 4 == 0)
-qemu_fprintf(f, "\n");
-}
-qemu_fprintf(f, "\n\n");
+qemu_fprintf(f, "r%2.2d=%08x%c",
+ i, env->regs[i], i % 4 == 3 ? '\n' : ' ');
+}
+qemu_fprintf(f, "\n");
}
void mb_tcg_init(void)
--
2.25.1
[PATCH 76/77] target/microblaze: Add flags markup to some helpers
The mmu_read, mmu_write, get, and put helpers do not touch the general registers, or any of the other variables managed by tcg. Signed-off-by: Richard Henderson --- target/microblaze/helper.h | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/target/microblaze/helper.h b/target/microblaze/helper.h index 3980fba797..f740835fcb 100644 --- a/target/microblaze/helper.h +++ b/target/microblaze/helper.h @@ -21,11 +21,11 @@ DEF_HELPER_FLAGS_3(fcmp_ge, TCG_CALL_NO_WG, i32, env, i32, i32) DEF_HELPER_FLAGS_2(pcmpbf, TCG_CALL_NO_RWG_SE, i32, i32, i32) #if !defined(CONFIG_USER_ONLY) -DEF_HELPER_3(mmu_read, i32, env, i32, i32) -DEF_HELPER_4(mmu_write, void, env, i32, i32, i32) +DEF_HELPER_FLAGS_3(mmu_read, TCG_CALL_NO_RWG, i32, env, i32, i32) +DEF_HELPER_FLAGS_4(mmu_write, TCG_CALL_NO_RWG, void, env, i32, i32, i32) #endif DEF_HELPER_FLAGS_2(stackprot, TCG_CALL_NO_WG, void, env, tl) -DEF_HELPER_2(get, i32, i32, i32) -DEF_HELPER_3(put, void, i32, i32, i32) +DEF_HELPER_FLAGS_2(get, TCG_CALL_NO_RWG, i32, i32, i32) +DEF_HELPER_FLAGS_3(put, TCG_CALL_NO_RWG, void, i32, i32, i32) -- 2.25.1
[PATCH 56/77] target/microblaze: Store "current" iflags in insn_start
This data is available during exception unwinding, thus
we can restore it from there directly, rather than saving
it during the TB. Thus we may remove the t_sync_flags()
calls in the load/store operations.
Note that these calls were missing from the other places
where runtime exceptions may be raised, such as idiv and
the floating point operations.
Signed-off-by: Richard Henderson
---
target/microblaze/cpu.h | 2 ++
target/microblaze/translate.c | 24 +---
2 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index a5df1fa28f..83fadd36a5 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -228,6 +228,8 @@ typedef struct CPUMBState CPUMBState;
#define STREAM_CONTROL (1 << 3)
#define STREAM_NONBLOCK (1 << 4)
+#define TARGET_INSN_START_EXTRA_WORDS 1
+
struct CPUMBState {
uint32_t btaken;
uint32_t btarget;
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 7fd1efd3fb..930b8a9600 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -58,6 +58,9 @@ typedef struct DisasContext {
DisasContextBase base;
MicroBlazeCPU *cpu;
+/* TCG op of the current insn_start. */
+TCGOp *insn_start;
+
TCGv_i32 r0;
bool r0_set;
@@ -71,7 +74,7 @@ typedef struct DisasContext {
unsigned int cpustate_changed;
unsigned int delayed_branch;
-unsigned int tb_flags, synced_flags; /* tb dependent flags. */
+unsigned int tb_flags;
unsigned int clear_imm;
int mem_index;
@@ -96,12 +99,11 @@ static int typeb_imm(DisasContext *dc, int x)
/* Include the auto-generated decoder. */
#include "decode-insns.c.inc"
-static inline void t_sync_flags(DisasContext *dc)
+static void t_sync_flags(DisasContext *dc)
{
/* Synch the tb dependent flags between translator and runtime. */
-if (dc->tb_flags != dc->synced_flags) {
-tcg_gen_movi_i32(cpu_iflags, dc->tb_flags);
-dc->synced_flags = dc->tb_flags;
+if ((dc->tb_flags ^ dc->base.tb->flags) & ~MSR_TB_MASK) {
+tcg_gen_movi_i32(cpu_iflags, dc->tb_flags & ~MSR_TB_MASK);
}
}
@@ -770,7 +772,6 @@ static bool do_load(DisasContext *dc, int rd, TCGv addr,
MemOp mop,
}
}
-t_sync_flags(dc);
sync_jmpstate(dc);
/*
@@ -893,7 +894,6 @@ static bool trans_lwx(DisasContext *dc, arg_typea *arg)
/* lwx does not throw unaligned access errors, so force alignment */
tcg_gen_andi_tl(addr, addr, ~3);
-t_sync_flags(dc);
sync_jmpstate(dc);
tcg_gen_qemu_ld_i32(cpu_res_val, addr, dc->mem_index, MO_TEUL);
@@ -929,7 +929,6 @@ static bool do_store(DisasContext *dc, int rd, TCGv addr,
MemOp mop,
}
}
-t_sync_flags(dc);
sync_jmpstate(dc);
tcg_gen_qemu_st_i32(reg_for_read(dc, rd), addr, mem_index, mop);
@@ -1046,7 +1045,6 @@ static bool trans_swx(DisasContext *dc, arg_typea *arg)
TCGLabel *swx_fail = gen_new_label();
TCGv_i32 tval;
-t_sync_flags(dc);
sync_jmpstate(dc);
/* swx does not throw unaligned access errors, so force alignment */
@@ -1647,7 +1645,7 @@ static void mb_tr_init_disas_context(DisasContextBase
*dcb, CPUState *cs)
int bound;
dc->cpu = cpu;
-dc->synced_flags = dc->tb_flags = dc->base.tb->flags;
+dc->tb_flags = dc->base.tb->flags;
dc->delayed_branch = !!(dc->tb_flags & D_FLAG);
dc->jmp = dc->delayed_branch ? JMP_INDIRECT : JMP_NOJMP;
dc->cpustate_changed = 0;
@@ -1667,7 +1665,10 @@ static void mb_tr_tb_start(DisasContextBase *dcb,
CPUState *cs)
static void mb_tr_insn_start(DisasContextBase *dcb, CPUState *cs)
{
-tcg_gen_insn_start(dcb->pc_next);
+DisasContext *dc = container_of(dcb, DisasContext, base);
+
+tcg_gen_insn_start(dc->base.pc_next, dc->tb_flags & ~MSR_TB_MASK);
+dc->insn_start = tcg_last_op();
}
static bool mb_tr_breakpoint_check(DisasContextBase *dcb, CPUState *cs,
@@ -1909,4 +1910,5 @@ void restore_state_to_opc(CPUMBState *env,
TranslationBlock *tb,
target_ulong *data)
{
env->pc = data[0];
+env->iflags = data[1];
}
--
2.25.1
[PATCH 71/77] target/microblaze: Convert msrclr, msrset to decodetree
Split this out of dec_msr.
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 6 +++
target/microblaze/translate.c | 85 +++---
2 files changed, 54 insertions(+), 37 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index f12e85b492..e80283cce6 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -24,6 +24,7 @@
&typeb rd ra imm
&typeb_br rd imm
&typeb_bc ra imm
+&type_msr rd imm
# Include any IMM prefix in the value reported.
%extimm 0:s16 !function=typeb_imm
@@ -55,6 +56,8 @@
%ieimm 6:5 0:5
@typeb_ie .. rd:5 ra:5 . . . .&typeb imm=%ieimm
+@type_msr .. rd:5 .. imm:15 &type_msr
+
###
add 00 . . . 000 @typea
@@ -176,6 +179,9 @@ lwi 111010 . .
@typeb
mbar101110 imm:5 00010 0100
+msrclr 100101 . 100010 ... @type_msr
+msrset 100101 . 10 ... @type_msr
+
mul 01 . . . 000 @typea
mulh01 . . . 000 0001 @typea
mulhu 01 . . . 000 0011 @typea
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 71ceabfffd..e05523bd5b 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -1338,16 +1338,61 @@ static void msr_write(DisasContext *dc, TCGv_i32 v)
tcg_gen_andi_i32(cpu_msr, v, ~(MSR_C | MSR_CC | MSR_PVR));
}
+static bool do_msrclrset(DisasContext *dc, arg_type_msr *arg, bool set)
+{
+uint32_t imm = arg->imm;
+
+if (trap_userspace(dc, imm != MSR_C)) {
+return true;
+}
+
+if (arg->rd) {
+msr_read(dc, cpu_R[arg->rd]);
+}
+
+/*
+ * Handle the carry bit separately.
+ * This is the only bit that userspace can modify.
+ */
+if (imm & MSR_C) {
+tcg_gen_movi_i32(cpu_msr_c, set);
+}
+
+/*
+ * MSR_C and MSR_CC set above.
+ * MSR_PVR is not writable, and is always clear.
+ */
+imm &= ~(MSR_C | MSR_CC | MSR_PVR);
+
+if (imm != 0) {
+if (set) {
+tcg_gen_ori_i32(cpu_msr, cpu_msr, imm);
+} else {
+tcg_gen_andi_i32(cpu_msr, cpu_msr, ~imm);
+}
+dc->cpustate_changed = 1;
+}
+return true;
+}
+
+static bool trans_msrclr(DisasContext *dc, arg_type_msr *arg)
+{
+return do_msrclrset(dc, arg, false);
+}
+
+static bool trans_msrset(DisasContext *dc, arg_type_msr *arg)
+{
+return do_msrclrset(dc, arg, true);
+}
+
static void dec_msr(DisasContext *dc)
{
CPUState *cs = CPU(dc->cpu);
-TCGv_i32 t0, t1;
unsigned int sr, rn;
-bool to, clrset, extended = false;
+bool to, extended = false;
sr = extract32(dc->imm, 0, 14);
to = extract32(dc->imm, 14, 1);
-clrset = extract32(dc->imm, 15, 1) == 0;
dc->type_b = 1;
if (to) {
dc->cpustate_changed = 1;
@@ -1361,40 +1406,6 @@ static void dec_msr(DisasContext *dc)
extended = extract32(dc->imm, e_bit[to], 1);
}
-/* msrclr and msrset. */
-if (clrset) {
-bool clr = extract32(dc->ir, 16, 1);
-
-if (!dc->cpu->cfg.use_msr_instr) {
-/* nop??? */
-return;
-}
-
-if (trap_userspace(dc, dc->imm != 4 && dc->imm != 0)) {
-return;
-}
-
-if (dc->rd)
-msr_read(dc, cpu_R[dc->rd]);
-
-t0 = tcg_temp_new_i32();
-t1 = tcg_temp_new_i32();
-msr_read(dc, t0);
-tcg_gen_mov_i32(t1, *(dec_alu_op_b(dc)));
-
-if (clr) {
-tcg_gen_not_i32(t1, t1);
-tcg_gen_and_i32(t0, t0, t1);
-} else
-tcg_gen_or_i32(t0, t0, t1);
-msr_write(dc, t0);
-tcg_temp_free_i32(t0);
-tcg_temp_free_i32(t1);
-tcg_gen_movi_i32(cpu_pc, dc->base.pc_next + 4);
-dc->base.is_jmp = DISAS_UPDATE;
-return;
-}
-
if (trap_userspace(dc, to)) {
return;
}
--
2.25.1
[PATCH 53/77] target/microblaze: Convert dec_load and dec_store to decodetree
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 32 ++
target/microblaze/translate.c | 723 +++--
2 files changed, 456 insertions(+), 299 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index ea6743c7e5..998f997adc 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -97,6 +97,22 @@ idivu 010010 . . . 000 0010
@typea
imm 101100 0 0 imm:16
+lbu 11 . . . 000 @typea
+lbur11 . . . 0100 000 @typea
+lbuea 11 . . . 0001 000 @typea
+lbui111000 . . @typeb
+
+lhu 110001 . . . 000 @typea
+lhur110001 . . . 0100 000 @typea
+lhuea 110001 . . . 0001 000 @typea
+lhui111001 . . @typeb
+
+lw 110010 . . . 000 @typea
+lwr 110010 . . . 0100 000 @typea
+lwea110010 . . . 0001 000 @typea
+lwx 110010 . . . 1000 000 @typea
+lwi 111010 . . @typeb
+
mul 01 . . . 000 @typea
mulh01 . . . 000 0001 @typea
mulhu 01 . . . 000 0011 @typea
@@ -120,6 +136,22 @@ rsubic 001011 . .
@typeb
rsubik 001101 . . @typeb
rsubikc 00 . . @typeb
+sb 110100 . . . 000 @typea
+sbr 110100 . . . 0100 000 @typea
+sbea110100 . . . 0001 000 @typea
+sbi 00 . . @typeb
+
+sh 110101 . . . 000 @typea
+shr 110101 . . . 0100 000 @typea
+shea110101 . . . 0001 000 @typea
+shi 01 . . @typeb
+
+sw 110110 . . . 000 @typea
+swr 110110 . . . 0100 000 @typea
+swea110110 . . . 0001 000 @typea
+swx 110110 . . . 1000 000 @typea
+swi 10 . . @typeb
+
sext8 100100 . . 0 000 0110 @typea0
sext16 100100 . . 0 000 0110 0001 @typea0
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 8a251b35d9..42d6d2a593 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -105,6 +105,17 @@ static inline void t_sync_flags(DisasContext *dc)
}
}
+static inline void sync_jmpstate(DisasContext *dc)
+{
+if (dc->jmp == JMP_DIRECT || dc->jmp == JMP_DIRECT_CC) {
+if (dc->jmp == JMP_DIRECT) {
+tcg_gen_movi_i32(cpu_btaken, 1);
+}
+dc->jmp = JMP_INDIRECT;
+tcg_gen_movi_i32(cpu_btarget, dc->jmp_pc);
+}
+}
+
static void gen_raise_exception(DisasContext *dc, uint32_t index)
{
TCGv_i32 tmp = tcg_const_i32(index);
@@ -668,6 +679,419 @@ static bool trans_wdic(DisasContext *dc, arg_wdic *a)
DO_TYPEA(xor, false, tcg_gen_xor_i32)
DO_TYPEBI(xori, false, tcg_gen_xori_i32)
+static TCGv compute_ldst_addr_typea(DisasContext *dc, int ra, int rb)
+{
+TCGv ret = tcg_temp_new();
+
+/* If any of the regs is r0, set t to the value of the other reg. */
+if (ra && rb) {
+TCGv_i32 tmp = tcg_temp_new_i32();
+tcg_gen_add_i32(tmp, cpu_R[ra], cpu_R[rb]);
+tcg_gen_extu_i32_tl(ret, tmp);
+tcg_temp_free_i32(tmp);
+} else if (ra) {
+tcg_gen_extu_i32_tl(ret, cpu_R[ra]);
+} else if (rb) {
+tcg_gen_extu_i32_tl(ret, cpu_R[rb]);
+} else {
+tcg_gen_movi_tl(ret, 0);
+}
+
+if ((ra == 1 || rb == 1) && dc->cpu->cfg.stackprot) {
+gen_helper_stackprot(cpu_env, ret);
+}
+return ret;
+}
+
+static TCGv compute_ldst_addr_typeb(DisasContext *dc, int ra, int imm)
+{
+TCGv ret = tcg_temp_new();
+
+/* If any of the regs is r0, set t to the value of the other reg. */
+if (ra) {
+TCGv_i32 tmp = tcg_temp_new_i32();
+tcg_gen_addi_i32(tmp, cpu_R[ra], imm);
+tcg_gen_extu_i32_tl(ret, tmp);
+tcg_temp_free_i32(tmp);
+} else {
+tcg_gen_movi_tl(ret, (uint32_t)imm);
+}
+
+if (ra == 1 && dc->cpu->cfg.stackprot) {
+gen_helper_stackprot(cpu_env, ret);
+}
+return ret;
+}
+
+static TCGv compute_ldst_addr_ea(DisasContext *dc, int ra, int rb)
+{
+int addr_size = dc->cpu->cfg.addr_size;
+TCGv ret = tcg_temp_new();
+
+if (add
[PATCH 66/77] target/microblaze: Use tcg_gen_lookup_and_goto_ptr
When goto_tb cannot be used due to branch page crossing,
or due to indirect jumping, tcg_gen_lookup_and_goto_ptr
can be used instead.
Signed-off-by: Richard Henderson
---
target/microblaze/translate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 6f9b20d391..5bd771671b 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -152,7 +152,7 @@ static void gen_goto_tb(DisasContext *dc, int n,
target_ulong dest)
tcg_gen_exit_tb(dc->base.tb, n);
} else {
tcg_gen_movi_i32(cpu_pc, dest);
-tcg_gen_exit_tb(NULL, 0);
+tcg_gen_lookup_and_goto_ptr();
}
dc->base.is_jmp = DISAS_NORETURN;
}
@@ -1811,7 +1811,7 @@ static void mb_tr_tb_stop(DisasContextBase *dcb, CPUState
*cs)
if (unlikely(cs->singlestep_enabled)) {
gen_raise_exception(dc, EXCP_DEBUG);
} else {
-tcg_gen_exit_tb(NULL, 0);
+tcg_gen_lookup_and_goto_ptr();
}
return;
--
2.25.1
Re: [PATCH 3/4] meson: Mingw64 gcc doesn't recognize system include_type for sdl2
On 25/08/2020 17:53, luoyongg...@gmail.com wrote:
> From: Yonggang Luo
>
> Fixes this for msys2/mingw64 by remove the include_type for sdl2 discovery in
> meson
> ---
> meson.build | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/meson.build b/meson.build
> index f0fe5f8799..1644bbd83c 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -224,8 +224,7 @@ if 'CONFIG_BRLAPI' in config_host
>brlapi = declare_dependency(link_args: config_host['BRLAPI_LIBS'].split())
> endif
>
> -sdl = dependency('sdl2', required: get_option('sdl'), static: enable_static,
> - include_type: 'system')
> +sdl = dependency('sdl2', required: get_option('sdl'), static: enable_static)
> sdl_image = not_found
> if sdl.found()
># work around 2.0.8 bug
This gets around the issue whereby "-isystem" paths are not escaped correctly on
Windows, presumably by changing them to "-iquote" instead.
Marc-André had a query about why this is marked as a system include, however I
can
confirm that it fixes the missing "SDL.h" issue during build.
ATB,
Mark.
[PATCH 51/77] target/microblaze: Cache mem_index in DisasContext
Ideally, nothing outside the top-level of translation even
has access to env. Cache the value in init_disas_context.
Signed-off-by: Richard Henderson
---
target/microblaze/translate.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index cb490488a6..8a251b35d9 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -73,6 +73,7 @@ typedef struct DisasContext {
unsigned int delayed_branch;
unsigned int tb_flags, synced_flags; /* tb dependent flags. */
unsigned int clear_imm;
+int mem_index;
#define JMP_NOJMP 0
#define JMP_DIRECT1
@@ -175,8 +176,7 @@ static bool trap_illegal(DisasContext *dc, bool cond)
*/
static bool trap_userspace(DisasContext *dc, bool cond)
{
-int mem_index = cpu_mmu_index(&dc->cpu->env, false);
-bool cond_user = cond && mem_index == MMU_USER_IDX;
+bool cond_user = cond && dc->mem_index == MMU_USER_IDX;
if (cond_user && (dc->tb_flags & MSR_EE)) {
gen_raise_hw_excp(dc, ESR_EC_PRIVINSN);
@@ -954,7 +954,7 @@ static void dec_load(DisasContext *dc)
TCGv addr;
unsigned int size;
bool rev = false, ex = false, ea = false;
-int mem_index = cpu_mmu_index(&dc->cpu->env, false);
+int mem_index = dc->mem_index;
MemOp mop;
mop = dc->opcode & 3;
@@ -1063,7 +1063,7 @@ static void dec_store(DisasContext *dc)
TCGLabel *swx_skip = NULL;
unsigned int size;
bool rev = false, ex = false, ea = false;
-int mem_index = cpu_mmu_index(&dc->cpu->env, false);
+int mem_index = dc->mem_index;
MemOp mop;
mop = dc->opcode & 3;
@@ -1532,6 +1532,7 @@ static void mb_tr_init_disas_context(DisasContextBase
*dcb, CPUState *cs)
dc->ext_imm = dc->base.tb->cs_base;
dc->r0 = NULL;
dc->r0_set = false;
+dc->mem_index = cpu_mmu_index(&cpu->env, false);
bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
dc->base.max_insns = MIN(dc->base.max_insns, bound);
--
2.25.1
[PATCH 60/77] target/microblaze: Replace delayed_branch with tb_flags_to_set
The multi-stage counter can be replaced by clearing D_FLAG,
the or'ing in tb_flags_to_set. The jump then happens when
D_FLAG is finally cleared.
Signed-off-by: Richard Henderson
---
target/microblaze/translate.c | 17 +
1 file changed, 5 insertions(+), 12 deletions(-)
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 18009103c7..3ba2dc1800 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -73,7 +73,6 @@ typedef struct DisasContext {
uint16_t imm;
unsigned int cpustate_changed;
-unsigned int delayed_branch;
unsigned int tb_flags;
unsigned int tb_flags_to_set;
int mem_index;
@@ -1314,10 +1313,9 @@ static void eval_cond_jmp(DisasContext *dc, TCGv_i32
pc_true, TCGv_i32 pc_false)
static void dec_setup_dslot(DisasContext *dc)
{
-dc->delayed_branch = 2;
-dc->tb_flags |= D_FLAG;
+dc->tb_flags_to_set |= D_FLAG;
if (dc->type_b && (dc->tb_flags & IMM_FLAG)) {
-dc->tb_flags |= BIMM_FLAG;
+dc->tb_flags_to_set |= BIMM_FLAG;
}
}
@@ -1329,7 +1327,6 @@ static void dec_bcc(DisasContext *dc)
cc = EXTRACT_FIELD(dc->ir, 21, 23);
dslot = dc->ir & (1 << 25);
-dc->delayed_branch = 1;
if (dslot) {
dec_setup_dslot(dc);
}
@@ -1405,7 +1402,6 @@ static void dec_br(DisasContext *dc)
}
}
-dc->delayed_branch = 1;
if (dslot) {
dec_setup_dslot(dc);
}
@@ -1625,8 +1621,7 @@ static void mb_tr_init_disas_context(DisasContextBase
*dcb, CPUState *cs)
dc->cpu = cpu;
dc->tb_flags = dc->base.tb->flags;
-dc->delayed_branch = !!(dc->tb_flags & D_FLAG);
-dc->jmp = dc->delayed_branch ? JMP_INDIRECT : JMP_NOJMP;
+dc->jmp = dc->tb_flags & D_FLAG ? JMP_INDIRECT : JMP_NOJMP;
dc->cpustate_changed = 0;
dc->abort_at_next_insn = 0;
dc->ext_imm = dc->base.tb->cs_base;
@@ -1697,11 +1692,11 @@ static void mb_tr_translate_insn(DisasContextBase *dcb,
CPUState *cs)
tcg_gen_discard_i32(cpu_imm);
}
-dc->tb_flags &= ~IMM_FLAG;
+dc->tb_flags &= ~(IMM_FLAG | BIMM_FLAG | D_FLAG);
dc->tb_flags |= dc->tb_flags_to_set;
dc->base.pc_next += 4;
-if (dc->delayed_branch && --dc->delayed_branch == 0) {
+if (dc->jmp != JMP_NOJMP && !(dc->tb_flags & D_FLAG)) {
if (dc->tb_flags & DRTI_FLAG) {
do_rti(dc);
}
@@ -1711,8 +1706,6 @@ static void mb_tr_translate_insn(DisasContextBase *dcb,
CPUState *cs)
if (dc->tb_flags & DRTE_FLAG) {
do_rte(dc);
}
-/* Clear the delay slot flag. */
-dc->tb_flags &= ~D_FLAG;
dc->base.is_jmp = DISAS_JUMP;
}
--
2.25.1
Re: [PULL 00/18] riscv-to-apply queue
On Tue, Aug 25, 2020 at 2:24 PM Peter Maydell wrote: > > On Tue, 25 Aug 2020 at 20:01, Alistair Francis > wrote: > > > > The following changes since commit 7774e403f2ac58b3e87bfe8d2f77676501ba893e: > > > > Merge remote-tracking branch > > 'remotes/kraxel/tags/fixes-20200825-pull-request' into staging (2020-08-25 > > 10:54:51 +0100) > > > > are available in the Git repository at: > > > > g...@github.com:alistair23/qemu.git tags/pull-riscv-to-apply-20200825 > > > > for you to fetch changes up to e39a8320b088dd5efc9ebaafe387e52b3d962665: > > > > target/riscv: Support the Virtual Instruction fault (2020-08-25 09:11:36 > > -0700) > > > > > > This pull request first adds support for multi-socket NUMA RISC-V > > machines. The Spike and Virt machines both support NUMA sockets. > > > > This PR also updates the current experimental Hypervisor support to the > > v0.6.1 spec. > > > > > > The hypervisor related patches don't seem to have any > reviewed-by tags, which seems a shame for a fairly significant > chunk of work. Is there really nobody who can review them > for you ? Unfortunately not. They have been on the list since April and haven't received any feedback. There isn't a lot of people reviewing the RISC-V patches unfortunately. Alistair > > thanks > -- PMM
Re: [PATCH 1/4] meson: Fixes the ninjatool issue that E$$: are generated in Makefile.ninja
On 25/08/2020 17:53, luoyongg...@gmail.com wrote:
> From: Yonggang Luo
>
> SIMPLE_PATH_RE should match the full path token.
> Or the $ and : contained in path would not matched if the path are start with
> C:/ and E:/
> ---
> scripts/ninjatool.py | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scripts/ninjatool.py b/scripts/ninjatool.py
> index cc77d51aa8..6ca8be6f10 100755
> --- a/scripts/ninjatool.py
> +++ b/scripts/ninjatool.py
> @@ -55,7 +55,7 @@ else:
>
> PATH_RE = r"[^$\s:|]+|\$[$ :]|\$[a-zA-Z0-9_-]+|\$\{[a-zA-Z0-9_.-]+\}"
>
> -SIMPLE_PATH_RE = re.compile(r"[^$\s:|]+")
> +SIMPLE_PATH_RE = re.compile(r"^[^$\s:|]+$")
> IDENT_RE = re.compile(r"[a-zA-Z0-9_.-]+$")
> STRING_RE = re.compile(r"(" + PATH_RE + r"|[\s:|])(?:\r?\n)?|.")
> TOPLEVEL_RE = re.compile(r"([=:#]|\|\|?|^ +|(?:" + PATH_RE + r")+)\s*|.")
I've tested this and it changes build.ninja so instead of Windows paths
beginning C$$
they now begin C$ instead e.g.:
build qemu-version.h: CUSTOM_COMMAND |
C$:/msys64/home/Mark/qemu/scripts/qemu-version.sh PHONY
I was expecting this not to work, however it seems in the next stage of
transformation from build.ninja to Makefile.ninja the extra $ is removed
correctly:
qemu-version.h: qemu-version.h.stamp; @:
qemu-version.h.stamp: C:/msys64/home/Mark/qemu/scripts/qemu-version.sh PHONY | ;
${ninja-command-restat}
It feels like the extra $ shouldn't be present in build.ninja, but the patch
does
generate a Makefile.ninja that works.
ATB,
Mark.
Re: [PATCH 2/4] meson: fixes relpath may fail on win32.
On 25/08/2020 17:53, luoyongg...@gmail.com wrote:
> From: Yonggang Luo
>
> On win32, os.path.relpath would raise exception when do the following relpath:
> C:/msys64/mingw64/x.exe relative to E:/path/qemu-build would fail.
> So we try catch it for stopping it from raise exception on msys2
> ---
> scripts/mtest2make.py | 11 +--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/mtest2make.py b/scripts/mtest2make.py
> index bdb257bbd9..d7a51bf97e 100644
> --- a/scripts/mtest2make.py
> +++ b/scripts/mtest2make.py
> @@ -53,9 +53,16 @@ i = 0
> for test in json.load(sys.stdin):
> env = ' '.join(('%s=%s' % (shlex.quote(k), shlex.quote(v))
> for k, v in test['env'].items()))
> -executable = os.path.relpath(test['cmd'][0])
> +executable = test['cmd'][0]
> +try:
> +executable = os.path.relpath(executable)
> +except:
> +pass
> if test['workdir'] is not None:
> -test['cmd'][0] = os.path.relpath(test['cmd'][0], test['workdir'])
> +try:
> +test['cmd'][0] = os.path.relpath(executable, test['workdir'])
> +except:
> +test['cmd'][0] = executable
> else:
> test['cmd'][0] = executable
> cmd = '$(.test.env) %s %s' % (env, ' '.join((shlex.quote(x) for x in
> test['cmd'])))
I don't think this is relevant in my particular environment, however it didn't
seem
to break the build. I'm curious as to why os.path.relpath throws an exception
in this
particular case on Windows though - can you give us a bit more information
about the
Exception that is being thrown?
ATB,
Mark.
[PATCH 59/77] target/microblaze: Replace clear_imm with tb_flags_to_set
This more general update variable will be able to handle
delay slots as well.
Signed-off-by: Richard Henderson
---
target/microblaze/translate.c | 15 +--
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 6e7087..18009103c7 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -75,7 +75,7 @@ typedef struct DisasContext {
unsigned int cpustate_changed;
unsigned int delayed_branch;
unsigned int tb_flags;
-unsigned int clear_imm;
+unsigned int tb_flags_to_set;
int mem_index;
#define JMP_NOJMP 0
@@ -535,8 +535,7 @@ static bool trans_imm(DisasContext *dc, arg_imm *arg)
{
dc->ext_imm = arg->imm << 16;
tcg_gen_movi_i32(cpu_imm, dc->ext_imm);
-dc->tb_flags |= IMM_FLAG;
-dc->clear_imm = 0;
+dc->tb_flags_to_set = IMM_FLAG;
return true;
}
@@ -1680,7 +1679,8 @@ static void mb_tr_translate_insn(DisasContextBase *dcb,
CPUState *cs)
(uint32_t)dc->base.pc_next);
}
-dc->clear_imm = 1;
+dc->tb_flags_to_set = 0;
+
ir = cpu_ldl_code(env, dc->base.pc_next);
if (!decode(dc, ir)) {
old_decode(dc, ir);
@@ -1692,10 +1692,13 @@ static void mb_tr_translate_insn(DisasContextBase *dcb,
CPUState *cs)
dc->r0_set = false;
}
-if (dc->clear_imm && (dc->tb_flags & IMM_FLAG)) {
-dc->tb_flags &= ~IMM_FLAG;
+/* Discard the imm global when its contents cannot be used. */
+if ((dc->tb_flags & ~dc->tb_flags_to_set) & IMM_FLAG) {
tcg_gen_discard_i32(cpu_imm);
}
+
+dc->tb_flags &= ~IMM_FLAG;
+dc->tb_flags |= dc->tb_flags_to_set;
dc->base.pc_next += 4;
if (dc->delayed_branch && --dc->delayed_branch == 0) {
--
2.25.1
Re: [PULL 00/18] riscv-to-apply queue
On Tue, 25 Aug 2020 at 20:01, Alistair Francis wrote: > > The following changes since commit 7774e403f2ac58b3e87bfe8d2f77676501ba893e: > > Merge remote-tracking branch > 'remotes/kraxel/tags/fixes-20200825-pull-request' into staging (2020-08-25 > 10:54:51 +0100) > > are available in the Git repository at: > > g...@github.com:alistair23/qemu.git tags/pull-riscv-to-apply-20200825 > > for you to fetch changes up to e39a8320b088dd5efc9ebaafe387e52b3d962665: > > target/riscv: Support the Virtual Instruction fault (2020-08-25 09:11:36 > -0700) > > > This pull request first adds support for multi-socket NUMA RISC-V > machines. The Spike and Virt machines both support NUMA sockets. > > This PR also updates the current experimental Hypervisor support to the > v0.6.1 spec. > > The hypervisor related patches don't seem to have any reviewed-by tags, which seems a shame for a fairly significant chunk of work. Is there really nobody who can review them for you ? thanks -- PMM
[PATCH 49/77] target/microblaze: Mark fpu helpers TCG_CALL_NO_WG
Now that FSR is no longer a tcg global temp, we can say that the fpu helpers do not write to tcg temps. All temps are read implicitly by the fpu exception path. Signed-off-by: Richard Henderson --- target/microblaze/helper.h | 28 ++-- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/target/microblaze/helper.h b/target/microblaze/helper.h index 79e1e8ecc7..64816c89e1 100644 --- a/target/microblaze/helper.h +++ b/target/microblaze/helper.h @@ -3,21 +3,21 @@ DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_WG, noreturn, env, i32) DEF_HELPER_FLAGS_3(divs, TCG_CALL_NO_WG, i32, env, i32, i32) DEF_HELPER_FLAGS_3(divu, TCG_CALL_NO_WG, i32, env, i32, i32) -DEF_HELPER_3(fadd, i32, env, i32, i32) -DEF_HELPER_3(frsub, i32, env, i32, i32) -DEF_HELPER_3(fmul, i32, env, i32, i32) -DEF_HELPER_3(fdiv, i32, env, i32, i32) -DEF_HELPER_2(flt, i32, env, i32) -DEF_HELPER_2(fint, i32, env, i32) -DEF_HELPER_2(fsqrt, i32, env, i32) +DEF_HELPER_FLAGS_3(fadd, TCG_CALL_NO_WG, i32, env, i32, i32) +DEF_HELPER_FLAGS_3(frsub, TCG_CALL_NO_WG, i32, env, i32, i32) +DEF_HELPER_FLAGS_3(fmul, TCG_CALL_NO_WG, i32, env, i32, i32) +DEF_HELPER_FLAGS_3(fdiv, TCG_CALL_NO_WG, i32, env, i32, i32) +DEF_HELPER_FLAGS_2(flt, TCG_CALL_NO_WG, i32, env, i32) +DEF_HELPER_FLAGS_2(fint, TCG_CALL_NO_WG, i32, env, i32) +DEF_HELPER_FLAGS_2(fsqrt, TCG_CALL_NO_WG, i32, env, i32) -DEF_HELPER_3(fcmp_un, i32, env, i32, i32) -DEF_HELPER_3(fcmp_lt, i32, env, i32, i32) -DEF_HELPER_3(fcmp_eq, i32, env, i32, i32) -DEF_HELPER_3(fcmp_le, i32, env, i32, i32) -DEF_HELPER_3(fcmp_gt, i32, env, i32, i32) -DEF_HELPER_3(fcmp_ne, i32, env, i32, i32) -DEF_HELPER_3(fcmp_ge, i32, env, i32, i32) +DEF_HELPER_FLAGS_3(fcmp_un, TCG_CALL_NO_WG, i32, env, i32, i32) +DEF_HELPER_FLAGS_3(fcmp_lt, TCG_CALL_NO_WG, i32, env, i32, i32) +DEF_HELPER_FLAGS_3(fcmp_eq, TCG_CALL_NO_WG, i32, env, i32, i32) +DEF_HELPER_FLAGS_3(fcmp_le, TCG_CALL_NO_WG, i32, env, i32, i32) +DEF_HELPER_FLAGS_3(fcmp_gt, TCG_CALL_NO_WG, i32, env, i32, i32) +DEF_HELPER_FLAGS_3(fcmp_ne, TCG_CALL_NO_WG, i32, env, i32, i32) +DEF_HELPER_FLAGS_3(fcmp_ge, TCG_CALL_NO_WG, i32, env, i32, i32) DEF_HELPER_FLAGS_2(pcmpbf, TCG_CALL_NO_RWG_SE, i32, i32, i32) #if !defined(CONFIG_USER_ONLY) -- 2.25.1
[PATCH v2 1/2] linux-user: Modify 'recvmmsg()' implementation
Implementation of syscall 'recvmmsg()' in file 'syscall.c' uses
a loop over 'recvmsg()' to receive each individual message from
a socket. However, the implementation ignores the timeout argument.
This patch changes that by introducing a timeout check after
each received message.
Implementation notes:
Function 'clock_gettime()' is used to check the time before
messages start getting received. After each message is received,
'clock_gettime()' is called and used to check whether the timeout
is expired.
Signed-off-by: Filip Bozuta
---
linux-user/syscall.c | 45
1 file changed, 37 insertions(+), 8 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 05f03919ff..dc89bfacca 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3197,21 +3197,36 @@ static abi_long do_sendrecvmsg(int fd, abi_ulong
target_msg,
static abi_long do_sendrecvmmsg(int fd, abi_ulong target_msgvec,
unsigned int vlen, unsigned int flags,
-int send)
+abi_ulong timeout, int send)
{
struct target_mmsghdr *mmsgp;
+struct timespec ts, end_time, curr_time;
abi_long ret = 0;
int i;
if (vlen > UIO_MAXIOV) {
vlen = UIO_MAXIOV;
}
-
mmsgp = lock_user(VERIFY_WRITE, target_msgvec, sizeof(*mmsgp) * vlen, 1);
if (!mmsgp) {
return -TARGET_EFAULT;
}
+if (timeout) {
+if (target_to_host_timespec(&ts, timeout)) {
+return -TARGET_EFAULT;
+}
+if (ts.tv_sec < 0 || ts.tv_nsec < 0 || ts.tv_nsec > 10) {
+return -TARGET_EINVAL;
+}
+clock_gettime(CLOCK_REALTIME, &curr_time);
+end_time.tv_sec = curr_time.tv_sec + ts.tv_sec;
+end_time.tv_nsec = curr_time.tv_nsec + ts.tv_nsec;
+if (end_time.tv_nsec > 10) {
+end_time.tv_nsec -= 10;
+end_time.tv_sec++;
+}
+}
for (i = 0; i < vlen; i++) {
ret = do_sendrecvmsg_locked(fd, &mmsgp[i].msg_hdr, flags, send);
if (is_error(ret)) {
@@ -3222,6 +3237,20 @@ static abi_long do_sendrecvmmsg(int fd, abi_ulong
target_msgvec,
if (flags & MSG_WAITFORONE) {
flags |= MSG_DONTWAIT;
}
+/*
+ * For recvmmsg() the timeout is checked only after a datagram is
+ * received.This is an existing bug in the kernel for this syscall:
+ * https://man7.org/linux/man-pages/man2/recvmmsg.2.html#BUGS
+ */
+if (timeout) {
+clock_gettime(CLOCK_REALTIME, &curr_time);
+if (curr_time.tv_sec > end_time.tv_sec ||
+(curr_time.tv_sec == end_time.tv_sec &&
+curr_time.tv_nsec >= end_time.tv_nsec)) {
+i++;
+break;
+}
+}
}
unlock_user(mmsgp, target_msgvec, sizeof(*mmsgp) * i);
@@ -3477,7 +3506,7 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
[TARGET_SYS_SENDMSG] = 3, /* fd, msg, flags */
[TARGET_SYS_RECVMSG] = 3, /* fd, msg, flags */
[TARGET_SYS_ACCEPT4] = 4, /* fd, addr, addrlen, flags */
-[TARGET_SYS_RECVMMSG] = 4,/* fd, msgvec, vlen, flags */
+[TARGET_SYS_RECVMMSG] = 5,/* fd, msgvec, vlen, flags, timeout */
[TARGET_SYS_SENDMMSG] = 4,/* fd, msgvec, vlen, flags */
};
abi_long a[6]; /* max 6 args */
@@ -3536,10 +3565,10 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
return do_sendrecvmsg(a[0], a[1], a[2], 0);
case TARGET_SYS_ACCEPT4: /* sockfd, addr, addrlen, flags */
return do_accept4(a[0], a[1], a[2], a[3]);
-case TARGET_SYS_RECVMMSG: /* sockfd, msgvec, vlen, flags */
-return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 0);
+case TARGET_SYS_RECVMMSG: /* sockfd, msgvec, vlen, flags, timeout */
+return do_sendrecvmmsg(a[0], a[1], a[2], a[3], a[4], 0);
case TARGET_SYS_SENDMMSG: /* sockfd, msgvec, vlen, flags */
-return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 1);
+return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 0, 1);
default:
qemu_log_mask(LOG_UNIMP, "Unsupported socketcall: %d\n", num);
return -TARGET_EINVAL;
@@ -9343,11 +9372,11 @@ static abi_long do_syscall1(void *cpu_env, int num,
abi_long arg1,
#endif
#ifdef TARGET_NR_sendmmsg
case TARGET_NR_sendmmsg:
-return do_sendrecvmmsg(arg1, arg2, arg3, arg4, 1);
+return do_sendrecvmmsg(arg1, arg2, arg3, arg4, 0, 1);
#endif
#ifdef TARGET_NR_recvmmsg
case TARGET_NR_recvmmsg:
-return do_sendrecvmmsg(arg1, arg2, arg3, arg4, 0);
+return do_sendrecvmmsg(arg1, arg2, arg3, arg4, arg5, 0);
#endif
#ifdef TARGET_NR_sendto
case TARGET_NR_sendto:
--
2.25.1
[PATCH 58/77] target/microblaze: Use cc->do_unaligned_access
This fixes the problem in which unaligned stores succeeded,
but then we raised the exception after modifying memory.
Store the ESS for the unaligned data access in the iflags
for the insn, so that it can be found during unwind.
Signed-off-by: Richard Henderson
---
target/microblaze/cpu.h | 10 -
target/microblaze/helper.h| 1 -
target/microblaze/cpu.c | 1 +
target/microblaze/helper.c| 28 ++
target/microblaze/op_helper.c | 21 --
target/microblaze/translate.c | 72 +--
6 files changed, 64 insertions(+), 69 deletions(-)
diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index 83fadd36a5..63b8d93d41 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -79,10 +79,13 @@ typedef struct CPUMBState CPUMBState;
/* Exception State Register (ESR) Fields */
#define ESR_DIZ (1<<11) /* Zone Protection */
+#define ESR_W (1<<11) /* Unaligned word access */
#define ESR_S (1<<10) /* Store instruction */
#define ESR_ESS_FSL_OFFSET 5
+#define ESR_ESS_MASK (0x7f << 5)
+
#define ESR_EC_FSL 0
#define ESR_EC_UNALIGNED_DATA 1
#define ESR_EC_ILLEGAL_OP 2
@@ -256,9 +259,11 @@ struct CPUMBState {
/* Internal flags. */
#define IMM_FLAG(1 << 0)
#define BIMM_FLAG (1 << 1)
-/* MSR_EE (1 << 8) */
+#define ESR_ESS_FLAG(1 << 2) /* indicates ESR_ESS_MASK is present */
+/* MSR_EE (1 << 8) -- these 3 are not in iflags but tb_flags */
/* MSR_UM (1 << 11) */
/* MSR_VM (1 << 13) */
+/* ESR_ESS_MASK [11:5]-- unwind into iflags for unaligned excp */
#define DRTI_FLAG (1 << 16)
#define DRTE_FLAG (1 << 17)
#define DRTB_FLAG (1 << 18)
@@ -330,6 +335,9 @@ struct MicroBlazeCPU {
void mb_cpu_do_interrupt(CPUState *cs);
bool mb_cpu_exec_interrupt(CPUState *cs, int int_req);
+void mb_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
+MMUAccessType access_type,
+int mmu_idx, uintptr_t retaddr);
void mb_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
hwaddr mb_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
int mb_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
diff --git a/target/microblaze/helper.h b/target/microblaze/helper.h
index a473c1867b..3980fba797 100644
--- a/target/microblaze/helper.h
+++ b/target/microblaze/helper.h
@@ -25,7 +25,6 @@ DEF_HELPER_3(mmu_read, i32, env, i32, i32)
DEF_HELPER_4(mmu_write, void, env, i32, i32, i32)
#endif
-DEF_HELPER_5(memalign, void, env, tl, i32, i32, i32)
DEF_HELPER_FLAGS_2(stackprot, TCG_CALL_NO_WG, void, env, tl)
DEF_HELPER_2(get, i32, i32, i32)
diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
index 1eabf5cc3f..67017ecc33 100644
--- a/target/microblaze/cpu.c
+++ b/target/microblaze/cpu.c
@@ -317,6 +317,7 @@ static void mb_cpu_class_init(ObjectClass *oc, void *data)
cc->class_by_name = mb_cpu_class_by_name;
cc->has_work = mb_cpu_has_work;
cc->do_interrupt = mb_cpu_do_interrupt;
+cc->do_unaligned_access = mb_cpu_do_unaligned_access;
cc->cpu_exec_interrupt = mb_cpu_exec_interrupt;
cc->dump_state = mb_cpu_dump_state;
cc->set_pc = mb_cpu_set_pc;
diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
index 06f4322e09..0e3be251a7 100644
--- a/target/microblaze/helper.c
+++ b/target/microblaze/helper.c
@@ -296,3 +296,31 @@ bool mb_cpu_exec_interrupt(CPUState *cs, int
interrupt_request)
}
return false;
}
+
+void mb_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
+MMUAccessType access_type,
+int mmu_idx, uintptr_t retaddr)
+{
+MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
+uint32_t esr, iflags;
+
+/* Recover the pc and iflags from the corresponding insn_start. */
+cpu_restore_state(cs, retaddr, true);
+iflags = cpu->env.iflags;
+
+qemu_log_mask(CPU_LOG_INT,
+ "Unaligned access addr=" TARGET_FMT_lx
+ " pc=%x iflags=%x\n", addr, cpu->env.pc, iflags);
+
+esr = ESR_EC_UNALIGNED_DATA;
+if (likely(iflags & ESR_ESS_FLAG)) {
+esr |= iflags & ESR_ESS_MASK;
+} else {
+qemu_log_mask(LOG_UNIMP, "Unaligned access without ESR_ESS_FLAG\n");
+}
+
+cpu->env.ear = addr;
+cpu->env.esr = esr;
+cs->exception_index = EXCP_HW_EXCP;
+cpu_loop_exit(cs);
+}
diff --git a/target/microblaze/op_helper.c b/target/microblaze/op_helper.c
index a99c467364..4a07d0ce3c 100644
--- a/target/microblaze/op_helper.c
+++ b/target/microblaze/op_helper.c
@@ -365,27 +365,6 @@ uint32_t helper_pcmpbf(uint32_t a, uint32_t b)
return 0;
}
-void helper_memalign(CPUMBState *env, target_ulong addr,
- uint32_t dr, uint32_t wr,
- uint32_t
[PATCH v2 2/2] linux-user: Add support for 'recvmmsg_time64()'
This patch introduces functionality for syscall:
*recvmmsg_time64
This syscall is a 2038 safe variant for syscall:
int recvmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen,
int flags, struct timespec *timeout)
--receive multiple messages on a socket--
man page: https://man7.org/linux/man-pages/man2/recvmmsg.2.html
Implementation notes:
Function 'do_sendrecvmmsg()' in 'syscall.c' was changed with the
addition of a new argument 'time64' which represents a flag by
which the function knows what kind of 'struct timespec' converting
function to call ('target_to_host_timespec() or
'target_to_host_timespec64()'). It is false in case of
'TARGET_NR_recvmmsg' and true in case of 'TARGET_NR_recvmmsg_time64'.
In 'do_socketcall()', the 'TARGET_ABI_BITS' was checked to know
what value for 'time64' argument to pass.
Signed-off-by: Filip Bozuta
---
linux-user/syscall.c | 27 +++
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index dc89bfacca..762eea0e5b 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3197,7 +3197,7 @@ static abi_long do_sendrecvmsg(int fd, abi_ulong
target_msg,
static abi_long do_sendrecvmmsg(int fd, abi_ulong target_msgvec,
unsigned int vlen, unsigned int flags,
-abi_ulong timeout, int send)
+abi_ulong timeout, bool time64, int send)
{
struct target_mmsghdr *mmsgp;
struct timespec ts, end_time, curr_time;
@@ -3212,8 +3212,14 @@ static abi_long do_sendrecvmmsg(int fd, abi_ulong
target_msgvec,
return -TARGET_EFAULT;
}
if (timeout) {
-if (target_to_host_timespec(&ts, timeout)) {
-return -TARGET_EFAULT;
+if (time64) {
+if (target_to_host_timespec64(&ts, timeout)) {
+return -TARGET_EFAULT;
+}
+} else {
+if (target_to_host_timespec(&ts, timeout)) {
+return -TARGET_EFAULT;
+}
}
if (ts.tv_sec < 0 || ts.tv_nsec < 0 || ts.tv_nsec > 10) {
return -TARGET_EINVAL;
@@ -3506,7 +3512,7 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
[TARGET_SYS_SENDMSG] = 3, /* fd, msg, flags */
[TARGET_SYS_RECVMSG] = 3, /* fd, msg, flags */
[TARGET_SYS_ACCEPT4] = 4, /* fd, addr, addrlen, flags */
-[TARGET_SYS_RECVMMSG] = 5,/* fd, msgvec, vlen, flags, timeout */
+[TARGET_SYS_RECVMMSG] = 6,/* fd, msgvec, vlen, flags, timeout */
[TARGET_SYS_SENDMMSG] = 4,/* fd, msgvec, vlen, flags */
};
abi_long a[6]; /* max 6 args */
@@ -3566,9 +3572,10 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
case TARGET_SYS_ACCEPT4: /* sockfd, addr, addrlen, flags */
return do_accept4(a[0], a[1], a[2], a[3]);
case TARGET_SYS_RECVMMSG: /* sockfd, msgvec, vlen, flags, timeout */
-return do_sendrecvmmsg(a[0], a[1], a[2], a[3], a[4], 0);
+return do_sendrecvmmsg(a[0], a[1], a[2], a[3], a[4],
+ TARGET_ABI_BITS == 64, 0);
case TARGET_SYS_SENDMMSG: /* sockfd, msgvec, vlen, flags */
-return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 0, 1);
+return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 0, false, 1);
default:
qemu_log_mask(LOG_UNIMP, "Unsupported socketcall: %d\n", num);
return -TARGET_EINVAL;
@@ -9372,11 +9379,15 @@ static abi_long do_syscall1(void *cpu_env, int num,
abi_long arg1,
#endif
#ifdef TARGET_NR_sendmmsg
case TARGET_NR_sendmmsg:
-return do_sendrecvmmsg(arg1, arg2, arg3, arg4, 0, 1);
+return do_sendrecvmmsg(arg1, arg2, arg3, arg4, 0, false, 1);
#endif
#ifdef TARGET_NR_recvmmsg
case TARGET_NR_recvmmsg:
-return do_sendrecvmmsg(arg1, arg2, arg3, arg4, arg5, 0);
+return do_sendrecvmmsg(arg1, arg2, arg3, arg4, arg5, false, 0);
+#endif
+#ifdef TARGET_NR_recvmmsg_time64
+case TARGET_NR_recvmmsg_time64:
+return do_sendrecvmmsg(arg1, arg2, arg3, arg4, arg5, true, 0);
#endif
#ifdef TARGET_NR_sendto
case TARGET_NR_sendto:
--
2.25.1
[PATCH 48/77] target/microblaze: Fix cpu unwind for fpu exceptions
Restore the correct PC when an exception must be raised.
Signed-off-by: Richard Henderson
---
target/microblaze/op_helper.c | 37 +++
1 file changed, 20 insertions(+), 17 deletions(-)
diff --git a/target/microblaze/op_helper.c b/target/microblaze/op_helper.c
index d99d98051a..2c59d4492d 100644
--- a/target/microblaze/op_helper.c
+++ b/target/microblaze/op_helper.c
@@ -104,13 +104,16 @@ uint32_t helper_divu(CPUMBState *env, uint32_t a,
uint32_t b)
}
/* raise FPU exception. */
-static void raise_fpu_exception(CPUMBState *env)
+static void raise_fpu_exception(CPUMBState *env, uintptr_t ra)
{
+CPUState *cs = env_cpu(env);
+
env->esr = ESR_EC_FPU;
-helper_raise_exception(env, EXCP_HW_EXCP);
+cs->exception_index = EXCP_HW_EXCP;
+cpu_loop_exit_restore(cs, ra);
}
-static void update_fpu_flags(CPUMBState *env, int flags)
+static void update_fpu_flags(CPUMBState *env, int flags, uintptr_t ra)
{
int raise = 0;
@@ -133,7 +136,7 @@ static void update_fpu_flags(CPUMBState *env, int flags)
if (raise
&& (env->pvr.regs[2] & PVR2_FPU_EXC_MASK)
&& (env->msr & MSR_EE)) {
-raise_fpu_exception(env);
+raise_fpu_exception(env, ra);
}
}
@@ -148,7 +151,7 @@ uint32_t helper_fadd(CPUMBState *env, uint32_t a, uint32_t
b)
fd.f = float32_add(fa.f, fb.f, &env->fp_status);
flags = get_float_exception_flags(&env->fp_status);
-update_fpu_flags(env, flags);
+update_fpu_flags(env, flags, GETPC());
return fd.l;
}
@@ -162,7 +165,7 @@ uint32_t helper_frsub(CPUMBState *env, uint32_t a, uint32_t
b)
fb.l = b;
fd.f = float32_sub(fb.f, fa.f, &env->fp_status);
flags = get_float_exception_flags(&env->fp_status);
-update_fpu_flags(env, flags);
+update_fpu_flags(env, flags, GETPC());
return fd.l;
}
@@ -176,7 +179,7 @@ uint32_t helper_fmul(CPUMBState *env, uint32_t a, uint32_t
b)
fb.l = b;
fd.f = float32_mul(fa.f, fb.f, &env->fp_status);
flags = get_float_exception_flags(&env->fp_status);
-update_fpu_flags(env, flags);
+update_fpu_flags(env, flags, GETPC());
return fd.l;
}
@@ -191,7 +194,7 @@ uint32_t helper_fdiv(CPUMBState *env, uint32_t a, uint32_t
b)
fb.l = b;
fd.f = float32_div(fb.f, fa.f, &env->fp_status);
flags = get_float_exception_flags(&env->fp_status);
-update_fpu_flags(env, flags);
+update_fpu_flags(env, flags, GETPC());
return fd.l;
}
@@ -206,7 +209,7 @@ uint32_t helper_fcmp_un(CPUMBState *env, uint32_t a,
uint32_t b)
if (float32_is_signaling_nan(fa.f, &env->fp_status) ||
float32_is_signaling_nan(fb.f, &env->fp_status)) {
-update_fpu_flags(env, float_flag_invalid);
+update_fpu_flags(env, float_flag_invalid, GETPC());
r = 1;
}
@@ -229,7 +232,7 @@ uint32_t helper_fcmp_lt(CPUMBState *env, uint32_t a,
uint32_t b)
fb.l = b;
r = float32_lt(fb.f, fa.f, &env->fp_status);
flags = get_float_exception_flags(&env->fp_status);
-update_fpu_flags(env, flags & float_flag_invalid);
+update_fpu_flags(env, flags & float_flag_invalid, GETPC());
return r;
}
@@ -245,7 +248,7 @@ uint32_t helper_fcmp_eq(CPUMBState *env, uint32_t a,
uint32_t b)
fb.l = b;
r = float32_eq_quiet(fa.f, fb.f, &env->fp_status);
flags = get_float_exception_flags(&env->fp_status);
-update_fpu_flags(env, flags & float_flag_invalid);
+update_fpu_flags(env, flags & float_flag_invalid, GETPC());
return r;
}
@@ -261,7 +264,7 @@ uint32_t helper_fcmp_le(CPUMBState *env, uint32_t a,
uint32_t b)
set_float_exception_flags(0, &env->fp_status);
r = float32_le(fa.f, fb.f, &env->fp_status);
flags = get_float_exception_flags(&env->fp_status);
-update_fpu_flags(env, flags & float_flag_invalid);
+update_fpu_flags(env, flags & float_flag_invalid, GETPC());
return r;
@@ -277,7 +280,7 @@ uint32_t helper_fcmp_gt(CPUMBState *env, uint32_t a,
uint32_t b)
set_float_exception_flags(0, &env->fp_status);
r = float32_lt(fa.f, fb.f, &env->fp_status);
flags = get_float_exception_flags(&env->fp_status);
-update_fpu_flags(env, flags & float_flag_invalid);
+update_fpu_flags(env, flags & float_flag_invalid, GETPC());
return r;
}
@@ -291,7 +294,7 @@ uint32_t helper_fcmp_ne(CPUMBState *env, uint32_t a,
uint32_t b)
set_float_exception_flags(0, &env->fp_status);
r = !float32_eq_quiet(fa.f, fb.f, &env->fp_status);
flags = get_float_exception_flags(&env->fp_status);
-update_fpu_flags(env, flags & float_flag_invalid);
+update_fpu_flags(env, flags & float_flag_invalid, GETPC());
return r;
}
@@ -306,7 +309,7 @@ uint32_t helper_fcmp_ge(CPUMBState *env, uint32_t a,
uint32_t b)
set_float_exception_flags(0, &env->fp_status);
r = !float32_lt(fa.f, fb.f, &env->fp_status);
flags = get_float_exception_flags(&env->fp_status);
-update_fpu_flags(env, flags & float_flag_invalid);
[PATCH 46/77] target/microblaze: Convert dec_imm to decodetree
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 2 ++
target/microblaze/translate.c | 18 +-
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index 31e50549ea..a7eb7d4e6f 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -76,6 +76,8 @@ cmpu000101 . . . 000 0011 @typea
idiv010010 . . . 000 @typea
idivu 010010 . . . 000 0010 @typea
+imm 101100 0 0 imm:16
+
mul 01 . . . 000 @typea
mulh01 . . . 000 0001 @typea
mulhu 01 . . . 000 0011 @typea
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 8fdd03fb5a..c1d19f4678 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -477,6 +477,15 @@ static void gen_idivu(TCGv_i32 out, TCGv_i32 ina, TCGv_i32
inb)
DO_TYPEA_CFG(idiv, use_div, true, gen_idiv)
DO_TYPEA_CFG(idivu, use_div, true, gen_idivu)
+static bool trans_imm(DisasContext *dc, arg_imm *arg)
+{
+dc->ext_imm = arg->imm << 16;
+tcg_gen_movi_i32(cpu_imm, dc->ext_imm);
+dc->tb_flags |= IMM_FLAG;
+dc->clear_imm = 0;
+return true;
+}
+
static void gen_mulh(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
{
TCGv_i32 tmp = tcg_temp_new_i32();
@@ -834,14 +843,6 @@ static inline void sync_jmpstate(DisasContext *dc)
}
}
-static void dec_imm(DisasContext *dc)
-{
-dc->ext_imm = dc->imm << 16;
-tcg_gen_movi_i32(cpu_imm, dc->ext_imm);
-dc->tb_flags |= IMM_FLAG;
-dc->clear_imm = 0;
-}
-
static inline void compute_ldst_addr(DisasContext *dc, bool ea, TCGv t)
{
/* Should be set to true if r1 is used by loadstores. */
@@ -1547,7 +1548,6 @@ static struct decoder_info {
} decinfo[] = {
{DEC_LD, dec_load},
{DEC_ST, dec_store},
-{DEC_IMM, dec_imm},
{DEC_BR, dec_br},
{DEC_BCC, dec_bcc},
{DEC_RTS, dec_rts},
--
2.25.1
[PATCH v2 0/2] linux-user: Introducing support for 'recvmmsg_time64()'
This patch introduces functionality for 'recvmmsg_time64()' which is a year 2038 safe variant of 'recvmmsg()'. This new time64 syscall is introduced in series of two patches rather than in one patch because a little modification was needed before the syscall could be introduced properly. The first patch in the series introduces a little fix in the implementation of 'recvmmsg()' that introduces the timeout argument which is of type 'struct timespec' for which the separate time64 variant is added. The second patch in the series introduces the implementation of 'recvmmsg_time64()'. Testing method: The implementation was tested using existing tests from the LTP test suite which was build inside a chroot. Filip Bozuta (2): linux-user: Modify 'recvmmsg()' implementation linux-user: Add support for 'recvmmsg_time64()' linux-user/syscall.c | 56 +--- 1 file changed, 48 insertions(+), 8 deletions(-) -- 2.25.1
[PATCH 57/77] tcg: Add tcg_get_insn_start_param
MicroBlaze will shortly need to update a parameter in place.
Add an interface to read to match that for write.
Signed-off-by: Richard Henderson
---
include/tcg/tcg.h | 15 +++
1 file changed, 15 insertions(+)
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index d40c925d04..15da46131b 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -777,11 +777,26 @@ static inline TCGv_i32 TCGV_HIGH(TCGv_i64 t)
}
#endif
+static inline TCGArg tcg_get_insn_param(TCGOp *op, int arg)
+{
+return op->args[arg];
+}
+
static inline void tcg_set_insn_param(TCGOp *op, int arg, TCGArg v)
{
op->args[arg] = v;
}
+static inline target_ulong tcg_get_insn_start_param(TCGOp *op, int arg)
+{
+#if TARGET_LONG_BITS <= TCG_TARGET_REG_BITS
+return tcg_get_insn_param(op, arg);
+#else
+return tcg_get_insn_param(op, arg * 2) |
+ (tcg_get_insn_param(op, arg * 2 + 1) << 32);
+#endif
+}
+
static inline void tcg_set_insn_start_param(TCGOp *op, int arg, target_ulong v)
{
#if TARGET_LONG_BITS <= TCG_TARGET_REG_BITS
--
2.25.1
[PATCH 74/77] target/microblaze: Remove last of old decoder
All instructions have been convered. Issue sigill if decodetree
does not match. Remove argument decode from DisasContext.
Signed-off-by: Richard Henderson
---
target/microblaze/translate.c | 75 +--
1 file changed, 2 insertions(+), 73 deletions(-)
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 0a05b49f8e..2df22e8c2a 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -65,13 +65,7 @@ typedef struct DisasContext {
bool r0_set;
/* Decoder. */
-int type_b;
-uint32_t ir;
uint32_t ext_imm;
-uint8_t opcode;
-uint8_t rd, ra, rb;
-uint16_t imm;
-
unsigned int cpustate_changed;
unsigned int tb_flags;
unsigned int tb_flags_to_set;
@@ -184,21 +178,6 @@ static bool trap_userspace(DisasContext *dc, bool cond)
return cond_user;
}
-static int32_t dec_alu_typeb_imm(DisasContext *dc)
-{
-tcg_debug_assert(dc->type_b);
-return typeb_imm(dc, (int16_t)dc->imm);
-}
-
-static inline TCGv_i32 *dec_alu_op_b(DisasContext *dc)
-{
-if (dc->type_b) {
-tcg_gen_movi_i32(cpu_imm, dec_alu_typeb_imm(dc));
-return &cpu_imm;
-}
-return &cpu_R[dc->rb];
-}
-
static TCGv_i32 reg_for_read(DisasContext *dc, int reg)
{
if (likely(reg != 0)) {
@@ -1094,7 +1073,7 @@ static bool setup_dslot(DisasContext *dc)
}
dc->tb_flags_to_set |= D_FLAG;
-if (dc->type_b && (dc->tb_flags & IMM_FLAG)) {
+if (dc->tb_flags & IMM_FLAG) {
dc->tb_flags_to_set |= BIMM_FLAG;
}
return false;
@@ -1576,16 +1555,6 @@ static void do_rte(DisasContext *dc)
dc->tb_flags &= ~DRTE_FLAG;
}
-static void dec_null(DisasContext *dc)
-{
-if (trap_illegal(dc, true)) {
-return;
-}
-qemu_log_mask(LOG_GUEST_ERROR, "unknown insn pc=%x opc=%x\n",
- (uint32_t)dc->base.pc_next, dc->opcode);
-dc->abort_at_next_insn = 1;
-}
-
/* Insns connected to FSL or AXI stream attached devices. */
static bool do_get(DisasContext *dc, int rd, int rb, int imm, int ctrl)
{
@@ -1651,46 +1620,6 @@ static bool trans_putd(DisasContext *dc, arg_putd *arg)
return do_put(dc, arg->ra, arg->rb, 0, arg->ctrl);
}
-static struct decoder_info {
-struct {
-uint32_t bits;
-uint32_t mask;
-};
-void (*dec)(DisasContext *dc);
-} decinfo[] = {
-{{0, 0}, dec_null}
-};
-
-static void old_decode(DisasContext *dc, uint32_t ir)
-{
-int i;
-
-dc->ir = ir;
-
-if (ir == 0) {
-trap_illegal(dc, dc->cpu->cfg.opcode_0_illegal);
-/* Don't decode nop/zero instructions any further. */
-return;
-}
-
-/* bit 2 seems to indicate insn type. */
-dc->type_b = ir & (1 << 29);
-
-dc->opcode = EXTRACT_FIELD(ir, 26, 31);
-dc->rd = EXTRACT_FIELD(ir, 21, 25);
-dc->ra = EXTRACT_FIELD(ir, 16, 20);
-dc->rb = EXTRACT_FIELD(ir, 11, 15);
-dc->imm = EXTRACT_FIELD(ir, 0, 15);
-
-/* Large switch for all insns. */
-for (i = 0; i < ARRAY_SIZE(decinfo); i++) {
-if ((dc->opcode & decinfo[i].mask) == decinfo[i].bits) {
-decinfo[i].dec(dc);
-break;
-}
-}
-}
-
static void mb_tr_init_disas_context(DisasContextBase *dcb, CPUState *cs)
{
DisasContext *dc = container_of(dcb, DisasContext, base);
@@ -1757,7 +1686,7 @@ static void mb_tr_translate_insn(DisasContextBase *dcb,
CPUState *cs)
ir = cpu_ldl_code(env, dc->base.pc_next);
if (!decode(dc, ir)) {
-old_decode(dc, ir);
+trap_illegal(dc, true);
}
if (dc->r0) {
--
2.25.1
[PATCH 45/77] target/microblaze: Convert dec_barrel to decodetree
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 20 ++
target/microblaze/translate.c | 125 +
2 files changed, 86 insertions(+), 59 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index 5666b381b9..31e50549ea 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -30,6 +30,15 @@
# Officially typea, but with rb==0, which is not used.
@typea0 .. rd:5 ra:5 &typea0
+# Officially typeb, but any immediate extension is unused.
+@typeb_bs .. rd:5 ra:5 . .. imm:5 &typeb
+
+# For convenience, extract the two imm_w/imm_s fields, then pack
+# them back together as "imm". Doing this makes it easiest to
+# match the required zero at bit 5.
+%ieimm 6:5 0:5
+@typeb_ie .. rd:5 ra:5 . . . .&typeb imm=%ieimm
+
###
add 00 . . . 000 @typea
@@ -48,6 +57,17 @@ andi101001 . .
@typeb
andn100011 . . . 000 @typea
andni 101011 . . @typeb
+bsrl010001 . . . 000 @typea
+bsra010001 . . . 010 @typea
+bsll010001 . . . 100 @typea
+
+bsrli 011001 . . 0 00 . @typeb_bs
+bsrai 011001 . . 0 01 . @typeb_bs
+bslli 011001 . . 0 10 . @typeb_bs
+
+bsefi 011001 . . 01000 .0 . @typeb_ie
+bsifi 011001 . . 1 .0 . @typeb_ie
+
clz 100100 . . 0 000 1110 @typea0
cmp 000101 . . . 000 0001 @typea
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 10ae369cb0..8fdd03fb5a 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -368,6 +368,72 @@ DO_TYPEBI(andi, false, tcg_gen_andi_i32)
DO_TYPEA(andn, false, tcg_gen_andc_i32)
DO_TYPEBI(andni, false, gen_andni)
+static void gen_bsra(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
+{
+TCGv_i32 tmp = tcg_temp_new_i32();
+tcg_gen_andi_i32(tmp, inb, 31);
+tcg_gen_sar_i32(out, ina, tmp);
+tcg_temp_free_i32(tmp);
+}
+
+static void gen_bsrl(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
+{
+TCGv_i32 tmp = tcg_temp_new_i32();
+tcg_gen_andi_i32(tmp, inb, 31);
+tcg_gen_shr_i32(out, ina, tmp);
+tcg_temp_free_i32(tmp);
+}
+
+static void gen_bsll(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
+{
+TCGv_i32 tmp = tcg_temp_new_i32();
+tcg_gen_andi_i32(tmp, inb, 31);
+tcg_gen_shl_i32(out, ina, tmp);
+tcg_temp_free_i32(tmp);
+}
+
+static void gen_bsefi(TCGv_i32 out, TCGv_i32 ina, int32_t imm)
+{
+/* Note that decodetree has extracted and reassembled imm_w/imm_s. */
+int imm_w = extract32(imm, 5, 5);
+int imm_s = extract32(imm, 0, 5);
+
+if (imm_w + imm_s > 32 || imm_w == 0) {
+/* These inputs have an undefined behavior. */
+qemu_log_mask(LOG_GUEST_ERROR, "bsefi: Bad input w=%d s=%d\n",
+ imm_w, imm_s);
+} else {
+tcg_gen_extract_i32(out, ina, imm_s, imm_w);
+}
+}
+
+static void gen_bsifi(TCGv_i32 out, TCGv_i32 ina, int32_t imm)
+{
+/* Note that decodetree has extracted and reassembled imm_w/imm_s. */
+int imm_w = extract32(imm, 5, 5);
+int imm_s = extract32(imm, 0, 5);
+int width = imm_w - imm_s + 1;
+
+if (imm_w < imm_s) {
+/* These inputs have an undefined behavior. */
+qemu_log_mask(LOG_GUEST_ERROR, "bsifi: Bad input w=%d s=%d\n",
+ imm_w, imm_s);
+} else {
+tcg_gen_deposit_i32(out, out, ina, imm_s, width);
+}
+}
+
+DO_TYPEA_CFG(bsra, use_barrel, false, gen_bsra)
+DO_TYPEA_CFG(bsrl, use_barrel, false, gen_bsrl)
+DO_TYPEA_CFG(bsll, use_barrel, false, gen_bsll)
+
+DO_TYPEBI_CFG(bsrai, use_barrel, false, tcg_gen_sari_i32)
+DO_TYPEBI_CFG(bsrli, use_barrel, false, tcg_gen_shri_i32)
+DO_TYPEBI_CFG(bslli, use_barrel, false, tcg_gen_shli_i32)
+
+DO_TYPEBI_CFG(bsefi, use_barrel, false, gen_bsefi)
+DO_TYPEBI_CFG(bsifi, use_barrel, false, gen_bsifi)
+
static void gen_clz(TCGv_i32 out, TCGv_i32 ina)
{
tcg_gen_clzi_i32(out, ina, 32);
@@ -757,64 +823,6 @@ static void dec_msr(DisasContext *dc)
}
}
-static void dec_barrel(DisasContext *dc)
-{
-TCGv_i32 t0;
-unsigned int imm_w, imm_s;
-bool s, t, e = false, i = false;
-
-if (trap_illegal(dc, !dc->cpu->cfg.use_barrel)) {
-return;
-}
-
-if (dc->type_b) {
-/* Insert and extract are only available in immediate mode. */
-i = extract32(dc->imm, 15, 1);
-e = extract32(dc->imm, 14, 1);
-}
-s = extract32(dc->imm, 10, 1);
-t = extract32(dc->imm, 9, 1);
-imm_w = extract32(dc->imm, 6, 5
[PATCH 42/77] target/microblaze: Convert dec_div to decodetree
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 3 +++
target/microblaze/translate.c | 35 +-
2 files changed, 16 insertions(+), 22 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index 65a8a53b54..18619e923e 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -47,6 +47,9 @@ andni 101011 . . @typeb
cmp 000101 . . . 000 0001 @typea
cmpu000101 . . . 000 0011 @typea
+idiv010010 . . . 000 @typea
+idivu 010010 . . . 000 0010 @typea
+
mul 01 . . . 000 @typea
mulh01 . . . 000 0001 @typea
mulhu 01 . . . 000 0011 @typea
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index dc6ea523b5..1d54ea02f0 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -368,6 +368,19 @@ static void gen_cmpu(TCGv_i32 out, TCGv_i32 ina, TCGv_i32
inb)
DO_TYPEA(cmp, false, gen_cmp)
DO_TYPEA(cmpu, false, gen_cmpu)
+static void gen_idiv(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
+{
+gen_helper_divs(out, cpu_env, inb, ina);
+}
+
+static void gen_idivu(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
+{
+gen_helper_divu(out, cpu_env, inb, ina);
+}
+
+DO_TYPEA_CFG(idiv, use_div, true, gen_idiv)
+DO_TYPEA_CFG(idivu, use_div, true, gen_idivu)
+
static void gen_mulh(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
{
TCGv_i32 tmp = tcg_temp_new_i32();
@@ -669,27 +682,6 @@ static void dec_msr(DisasContext *dc)
}
}
-/* Div unit. */
-static void dec_div(DisasContext *dc)
-{
-unsigned int u;
-
-u = dc->imm & 2;
-
-if (trap_illegal(dc, !dc->cpu->cfg.use_div)) {
-return;
-}
-
-if (u)
-gen_helper_divu(cpu_R[dc->rd], cpu_env, *(dec_alu_op_b(dc)),
-cpu_R[dc->ra]);
-else
-gen_helper_divs(cpu_R[dc->rd], cpu_env, *(dec_alu_op_b(dc)),
-cpu_R[dc->ra]);
-if (!dc->rd)
-tcg_gen_movi_i32(cpu_R[dc->rd], 0);
-}
-
static void dec_barrel(DisasContext *dc)
{
TCGv_i32 t0;
@@ -1551,7 +1543,6 @@ static struct decoder_info {
{DEC_BCC, dec_bcc},
{DEC_RTS, dec_rts},
{DEC_FPU, dec_fpu},
-{DEC_DIV, dec_div},
{DEC_MSR, dec_msr},
{DEC_STREAM, dec_stream},
{{0, 0}, dec_null}
--
2.25.1
[PATCH 68/77] target/microblaze: Convert dec_bcc to decodetree
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 36 +
target/microblaze/translate.c | 99 ++
2 files changed, 88 insertions(+), 47 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index 94520e92dd..21d08289f7 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -20,8 +20,10 @@
&typea0 rd ra
&typea rd ra rb
&typea_br rd rb
+&typea_bc ra rb
&typeb rd ra imm
&typeb_br rd imm
+&typeb_bc ra imm
# Include any IMM prefix in the value reported.
%extimm 0:s16 !function=typeb_imm
@@ -35,12 +37,18 @@
# Officially typea, but with ra as opcode.
@typea_br .. rd:5 . rb:5 ... &typea_br
+# Officially typea, but with rd as opcode.
+@typea_bc .. . ra:5 rb:5 ... &typea_bc
+
# Officially typeb, but any immediate extension is unused.
@typeb_bs .. rd:5 ra:5 . .. imm:5 &typeb
# Officially typeb, but with ra as opcode.
@typeb_br .. rd:5 . &typeb_br imm=%extimm
+# Officially typeb, but with rd as opcode.
+@typeb_bc .. . ra:5 &typeb_bc imm=%extimm
+
# For convenience, extract the two imm_w/imm_s fields, then pack
# them back together as "imm". Doing this makes it easiest to
# match the required zero at bit 5.
@@ -65,6 +73,34 @@ andi101001 . .
@typeb
andn100011 . . . 000 @typea
andni 101011 . . @typeb
+beq 100111 0 . . 000 @typea_bc
+bge 100111 00101 . . 000 @typea_bc
+bgt 100111 00100 . . 000 @typea_bc
+ble 100111 00011 . . 000 @typea_bc
+blt 100111 00010 . . 000 @typea_bc
+bne 100111 1 . . 000 @typea_bc
+
+beqd100111 1 . . 000 @typea_bc
+bged100111 10101 . . 000 @typea_bc
+bgtd100111 10100 . . 000 @typea_bc
+bled100111 10011 . . 000 @typea_bc
+bltd100111 10010 . . 000 @typea_bc
+bned100111 10001 . . 000 @typea_bc
+
+beqi10 0 . @typeb_bc
+bgei10 00101 . @typeb_bc
+bgti10 00100 . @typeb_bc
+blei10 00011 . @typeb_bc
+blti10 00010 . @typeb_bc
+bnei10 1 . @typeb_bc
+
+beqid 10 1 . @typeb_bc
+bgeid 10 10101 . @typeb_bc
+bgtid 10 10100 . @typeb_bc
+bleid 10 10011 . @typeb_bc
+bltid 10 10010 . @typeb_bc
+bneid 10 10001 . @typeb_bc
+
br 100110 . 0 . 000 @typea_br
bra 100110 . 01000 . 000 @typea_br
brd 100110 . 1 . 000 @typea_br
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 73c956cd76..f79b02e987 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -1139,6 +1139,58 @@ DO_BR(brad, braid, true, true, false)
DO_BR(brld, brlid, true, false, true)
DO_BR(brald, bralid, true, true, true)
+static bool do_bcc(DisasContext *dc, int dest_rb, int dest_imm,
+ TCGCond cond, int ra, bool delay)
+{
+TCGv_i32 zero, next;
+
+if (delay && setup_dslot(dc)) {
+return true;
+}
+
+dc->jmp_cond = cond;
+
+/* Cache the condition register in cpu_bvalue across any delay slot. */
+tcg_gen_mov_i32(cpu_bvalue, reg_for_read(dc, ra));
+
+/* Store the branch taken destination into btarget. */
+if (dest_rb) {
+dc->jmp_dest = -1;
+tcg_gen_addi_i32(cpu_btarget, cpu_R[dest_rb], dc->base.pc_next);
+} else {
+dc->jmp_dest = dc->base.pc_next + dest_imm;
+tcg_gen_movi_i32(cpu_btarget, dc->jmp_dest);
+}
+
+/* Compute the final destination into btarget. */
+zero = tcg_const_i32(0);
+next = tcg_const_i32(dc->base.pc_next + (delay + 1) * 4);
+tcg_gen_movcond_i32(dc->jmp_cond, cpu_btarget,
+reg_for_read(dc, ra), zero,
+cpu_btarget, next);
+tcg_temp_free_i32(zero);
+tcg_temp_free_i32(next);
+
+return true;
+}
+
+#define DO_BCC(NAME, COND) \
+static bool
[PATCH 40/77] target/microblaze: Convert dec_and, dec_or, dec_xor to decodetree
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 12 ++
target/microblaze/translate.c | 44 --
2 files changed, 27 insertions(+), 29 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index 8d3de039fb..6b3cc9a182 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -38,9 +38,18 @@ addic 001010 . .
@typeb
addik 001100 . . @typeb
addikc 001110 . . @typeb
+and 11 . . . 000 @typea
+andi101001 . . @typeb
+
+andn100011 . . . 000 @typea
+andni 101011 . . @typeb
+
cmp 000101 . . . 000 0001 @typea
cmpu000101 . . . 000 0011 @typea
+or 10 . . . 000 @typea
+ori 101000 . . @typeb
+
pcmpbf 10 . . . 100 @typea
pcmpeq 100010 . . . 100 @typea
pcmpne 100011 . . . 100 @typea
@@ -54,3 +63,6 @@ rsubi 001001 . . @typeb
rsubic 001011 . . @typeb
rsubik 001101 . . @typeb
rsubikc 00 . . @typeb
+
+xor 100010 . . . 000 @typea
+xori101010 . . @typeb
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index de2cf5b153..5252790b09 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -331,6 +331,16 @@ DO_TYPEBV(addic, true, gen_addc)
DO_TYPEBI(addik, false, tcg_gen_addi_i32)
DO_TYPEBV(addikc, true, gen_addkc)
+static void gen_andni(TCGv_i32 out, TCGv_i32 ina, int32_t imm)
+{
+tcg_gen_andi_i32(out, ina, ~imm);
+}
+
+DO_TYPEA(and, false, tcg_gen_and_i32)
+DO_TYPEBI(andi, false, tcg_gen_andi_i32)
+DO_TYPEA(andn, false, tcg_gen_andc_i32)
+DO_TYPEBI(andni, false, gen_andni)
+
static void gen_cmp(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
{
TCGv_i32 lt = tcg_temp_new_i32();
@@ -354,6 +364,9 @@ static void gen_cmpu(TCGv_i32 out, TCGv_i32 ina, TCGv_i32
inb)
DO_TYPEA(cmp, false, gen_cmp)
DO_TYPEA(cmpu, false, gen_cmpu)
+DO_TYPEA(or, false, tcg_gen_or_i32)
+DO_TYPEBI(ori, false, tcg_gen_ori_i32)
+
static void gen_pcmpeq(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
{
tcg_gen_setcond_i32(TCG_COND_EQ, out, ina, inb);
@@ -417,32 +430,8 @@ DO_TYPEBV(rsubic, true, gen_rsubc)
DO_TYPEBV(rsubik, false, gen_rsubk)
DO_TYPEBV(rsubikc, true, gen_rsubkc)
-static void dec_and(DisasContext *dc)
-{
-unsigned int not;
-
-not = dc->opcode & (1 << 1);
-
-if (!dc->rd)
-return;
-
-if (not) {
-tcg_gen_andc_i32(cpu_R[dc->rd], cpu_R[dc->ra], *(dec_alu_op_b(dc)));
-} else
-tcg_gen_and_i32(cpu_R[dc->rd], cpu_R[dc->ra], *(dec_alu_op_b(dc)));
-}
-
-static void dec_or(DisasContext *dc)
-{
-if (dc->rd)
-tcg_gen_or_i32(cpu_R[dc->rd], cpu_R[dc->ra], *(dec_alu_op_b(dc)));
-}
-
-static void dec_xor(DisasContext *dc)
-{
-if (dc->rd)
-tcg_gen_xor_i32(cpu_R[dc->rd], cpu_R[dc->ra], *(dec_alu_op_b(dc)));
-}
+DO_TYPEA(xor, false, tcg_gen_xor_i32)
+DO_TYPEBI(xori, false, tcg_gen_xori_i32)
static void msr_read(DisasContext *dc, TCGv_i32 d)
{
@@ -1567,9 +1556,6 @@ static struct decoder_info {
};
void (*dec)(DisasContext *dc);
} decinfo[] = {
-{DEC_AND, dec_and},
-{DEC_XOR, dec_xor},
-{DEC_OR, dec_or},
{DEC_BIT, dec_bit},
{DEC_BARREL, dec_barrel},
{DEC_LD, dec_load},
--
2.25.1
[PATCH 39/77] target/microblaze: Convert dec_pattern to decodetree
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 4 ++
target/microblaze/translate.c | 67 +-
2 files changed, 22 insertions(+), 49 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index 3f5f7b1852..8d3de039fb 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -41,6 +41,10 @@ addikc 001110 . .
@typeb
cmp 000101 . . . 000 0001 @typea
cmpu000101 . . . 000 0011 @typea
+pcmpbf 10 . . . 100 @typea
+pcmpeq 100010 . . . 100 @typea
+pcmpne 100011 . . . 100 @typea
+
rsub01 . . . 000 @typea
rsubc 11 . . . 000 @typea
rsubk 000101 . . . 000 @typea
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index ce91645f05..de2cf5b153 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -279,6 +279,10 @@ static bool do_typeb_val(DisasContext *dc, arg_typeb *arg,
bool side_effects,
static bool trans_##NAME(DisasContext *dc, arg_typea *a) \
{ return do_typea(dc, a, SE, FN); }
+#define DO_TYPEA_CFG(NAME, CFG, SE, FN) \
+static bool trans_##NAME(DisasContext *dc, arg_typea *a) \
+{ return dc->cpu->cfg.CFG && do_typea(dc, a, SE, FN); }
+
#define DO_TYPEBI(NAME, SE, FNI) \
static bool trans_##NAME(DisasContext *dc, arg_typeb *a) \
{ return do_typeb_imm(dc, a, SE, FNI); }
@@ -350,6 +354,20 @@ static void gen_cmpu(TCGv_i32 out, TCGv_i32 ina, TCGv_i32
inb)
DO_TYPEA(cmp, false, gen_cmp)
DO_TYPEA(cmpu, false, gen_cmpu)
+static void gen_pcmpeq(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
+{
+tcg_gen_setcond_i32(TCG_COND_EQ, out, ina, inb);
+}
+
+static void gen_pcmpne(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
+{
+tcg_gen_setcond_i32(TCG_COND_NE, out, ina, inb);
+}
+
+DO_TYPEA_CFG(pcmpbf, use_pcmp_instr, false, gen_helper_pcmpbf)
+DO_TYPEA_CFG(pcmpeq, use_pcmp_instr, false, gen_pcmpeq)
+DO_TYPEA_CFG(pcmpne, use_pcmp_instr, false, gen_pcmpne)
+
/* No input carry, but output carry. */
static void gen_rsub(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
{
@@ -399,49 +417,10 @@ DO_TYPEBV(rsubic, true, gen_rsubc)
DO_TYPEBV(rsubik, false, gen_rsubk)
DO_TYPEBV(rsubikc, true, gen_rsubkc)
-static void dec_pattern(DisasContext *dc)
-{
-unsigned int mode;
-
-if (trap_illegal(dc, !dc->cpu->cfg.use_pcmp_instr)) {
-return;
-}
-
-mode = dc->opcode & 3;
-switch (mode) {
-case 0:
-/* pcmpbf. */
-if (dc->rd)
-gen_helper_pcmpbf(cpu_R[dc->rd], cpu_R[dc->ra], cpu_R[dc->rb]);
-break;
-case 2:
-if (dc->rd) {
-tcg_gen_setcond_i32(TCG_COND_EQ, cpu_R[dc->rd],
- cpu_R[dc->ra], cpu_R[dc->rb]);
-}
-break;
-case 3:
-if (dc->rd) {
-tcg_gen_setcond_i32(TCG_COND_NE, cpu_R[dc->rd],
- cpu_R[dc->ra], cpu_R[dc->rb]);
-}
-break;
-default:
-cpu_abort(CPU(dc->cpu),
- "unsupported pattern insn opcode=%x\n", dc->opcode);
-break;
-}
-}
-
static void dec_and(DisasContext *dc)
{
unsigned int not;
-if (!dc->type_b && (dc->imm & (1 << 10))) {
-dec_pattern(dc);
-return;
-}
-
not = dc->opcode & (1 << 1);
if (!dc->rd)
@@ -455,22 +434,12 @@ static void dec_and(DisasContext *dc)
static void dec_or(DisasContext *dc)
{
-if (!dc->type_b && (dc->imm & (1 << 10))) {
-dec_pattern(dc);
-return;
-}
-
if (dc->rd)
tcg_gen_or_i32(cpu_R[dc->rd], cpu_R[dc->ra], *(dec_alu_op_b(dc)));
}
static void dec_xor(DisasContext *dc)
{
-if (!dc->type_b && (dc->imm & (1 << 10))) {
-dec_pattern(dc);
-return;
-}
-
if (dc->rd)
tcg_gen_xor_i32(cpu_R[dc->rd], cpu_R[dc->ra], *(dec_alu_op_b(dc)));
}
--
2.25.1
[PATCH 72/77] target/microblaze: Convert dec_msr to decodetree
Signed-off-by: Richard Henderson
---
target/microblaze/insns.decode | 3 +
target/microblaze/translate.c | 270 +
2 files changed, 139 insertions(+), 134 deletions(-)
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index e80283cce6..48c60082e0 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -179,6 +179,9 @@ lwi 111010 . .
@typeb
mbar101110 imm:5 00010 0100
+mfs 100101 rd:5 0 e:1 000 10 rs:14
+mts 100101 0 e:1 000 ra:5 11 rs:14
+
msrclr 100101 . 100010 ... @type_msr
msrset 100101 . 10 ... @type_msr
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index e05523bd5b..e9e4a0e1db 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -1327,6 +1327,7 @@ static void msr_read(DisasContext *dc, TCGv_i32 d)
tcg_temp_free_i32(t);
}
+#ifndef CONFIG_USER_ONLY
static void msr_write(DisasContext *dc, TCGv_i32 v)
{
dc->cpustate_changed = 1;
@@ -1337,6 +1338,7 @@ static void msr_write(DisasContext *dc, TCGv_i32 v)
/* Clear MSR_C and MSR_CC; MSR_PVR is not writable, and is always clear. */
tcg_gen_andi_i32(cpu_msr, v, ~(MSR_C | MSR_CC | MSR_PVR));
}
+#endif
static bool do_msrclrset(DisasContext *dc, arg_type_msr *arg, bool set)
{
@@ -1385,151 +1387,152 @@ static bool trans_msrset(DisasContext *dc,
arg_type_msr *arg)
return do_msrclrset(dc, arg, true);
}
-static void dec_msr(DisasContext *dc)
+static bool trans_mts(DisasContext *dc, arg_mts *arg)
{
-CPUState *cs = CPU(dc->cpu);
-unsigned int sr, rn;
-bool to, extended = false;
-
-sr = extract32(dc->imm, 0, 14);
-to = extract32(dc->imm, 14, 1);
-dc->type_b = 1;
-if (to) {
-dc->cpustate_changed = 1;
+if (trap_userspace(dc, true)) {
+return true;
}
-/* Extended MSRs are only available if addr_size > 32. */
-if (dc->cpu->cfg.addr_size > 32) {
-/* The E-bit is encoded differently for To/From MSR. */
-static const unsigned int e_bit[] = { 19, 24 };
-
-extended = extract32(dc->imm, e_bit[to], 1);
+#ifdef CONFIG_USER_ONLY
+g_assert_not_reached();
+#else
+if (arg->e && arg->rs != 0x1003) {
+qemu_log_mask(LOG_GUEST_ERROR,
+ "Invalid extended mts reg 0x%x\n", arg->rs);
+return true;
}
-if (trap_userspace(dc, to)) {
-return;
-}
+TCGv_i32 src = reg_for_read(dc, arg->ra);
+switch (arg->rs) {
+case SR_MSR:
+msr_write(dc, src);
+break;
+case SR_FSR:
+tcg_gen_st_i32(src, cpu_env, offsetof(CPUMBState, fsr));
+break;
+case 0x800:
+tcg_gen_st_i32(src, cpu_env, offsetof(CPUMBState, slr));
+break;
+case 0x802:
+tcg_gen_st_i32(src, cpu_env, offsetof(CPUMBState, shr));
+break;
-#if !defined(CONFIG_USER_ONLY)
-/* Catch read/writes to the mmu block. */
-if ((sr & ~0xff) == 0x1000) {
-TCGv_i32 tmp_ext = tcg_const_i32(extended);
-TCGv_i32 tmp_sr;
+case 0x1000: /* PID */
+case 0x1001: /* ZPR */
+case 0x1002: /* TLBX */
+case 0x1003: /* TLBLO */
+case 0x1004: /* TLBHI */
+case 0x1005: /* TLBSX */
+{
+TCGv_i32 tmp_ext = tcg_const_i32(arg->e);
+TCGv_i32 tmp_reg = tcg_const_i32(arg->rs & 7);
-sr &= 7;
-tmp_sr = tcg_const_i32(sr);
-if (to) {
-gen_helper_mmu_write(cpu_env, tmp_ext, tmp_sr, cpu_R[dc->ra]);
-} else {
-gen_helper_mmu_read(cpu_R[dc->rd], cpu_env, tmp_ext, tmp_sr);
+gen_helper_mmu_write(cpu_env, tmp_ext, tmp_reg, src);
+tcg_temp_free_i32(tmp_reg);
+tcg_temp_free_i32(tmp_ext);
}
-tcg_temp_free_i32(tmp_sr);
-tcg_temp_free_i32(tmp_ext);
-return;
+break;
+
+default:
+qemu_log_mask(LOG_GUEST_ERROR, "Invalid mts reg 0x%x\n", arg->rs);
+return true;
}
+dc->cpustate_changed = 1;
+return true;
+#endif
+}
+
+static bool trans_mfs(DisasContext *dc, arg_mfs *arg)
+{
+TCGv_i32 dest = reg_for_write(dc, arg->rd);
+
+if (arg->e) {
+switch (arg->rs) {
+case SR_EAR:
+{
+TCGv_i64 t64 = tcg_temp_new_i64();
+tcg_gen_ld_i64(t64, cpu_env, offsetof(CPUMBState, ear));
+tcg_gen_extrh_i64_i32(dest, t64);
+tcg_temp_free_i64(t64);
+}
+return true;
+#ifndef CONFIG_USER_ONLY
+case 0x1003: /* TLBLO */
+/* Handled below. */
+break;
+#endif
+case 0x2006 ... 0x2009:
+/* High bits of PVR6-9 not implemented. */
+tcg_gen_movi_i32(dest, 0);
+return true;
+default:
+qemu_log_mask(
[PATCH 63/77] target/microblaze: Convert brk and brki to decodetree
Split these out of the normal branch instructions, as they require
special handling. Perform the entire operation inline, instead of
raising EXCP_BREAK to do the work in mb_cpu_do_interrupt.
This fixes a bug in that brki rd, imm, for imm != 0x18 is not
supposed to set MSR_BIP. This fixes a bug in that imm == 0 is
the reset vector and 0x18 is the debug vector, and neither should
raise a tcg exception in system mode.
Introduce EXCP_SYSCALL for microblaze-linux-user.
Signed-off-by: Richard Henderson
---
target/microblaze/cpu.h | 2 +-
target/microblaze/insns.decode | 11
linux-user/microblaze/cpu_loop.c | 2 +-
target/microblaze/helper.c | 10 +--
target/microblaze/translate.c| 107 ++-
5 files changed, 79 insertions(+), 53 deletions(-)
diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index 63b8d93d41..1528749a0b 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -31,7 +31,7 @@ typedef struct CPUMBState CPUMBState;
#define EXCP_MMU1
#define EXCP_IRQ2
-#define EXCP_BREAK 3
+#define EXCP_SYSCALL3 /* user-only */
#define EXCP_HW_BREAK 4
#define EXCP_HW_EXCP5
diff --git a/target/microblaze/insns.decode b/target/microblaze/insns.decode
index 998f997adc..53da2b75aa 100644
--- a/target/microblaze/insns.decode
+++ b/target/microblaze/insns.decode
@@ -19,7 +19,9 @@
&typea0 rd ra
&typea rd ra rb
+&typea_br rd rb
&typeb rd ra imm
+&typeb_br rd imm
# Include any IMM prefix in the value reported.
%extimm 0:s16 !function=typeb_imm
@@ -30,9 +32,15 @@
# Officially typea, but with rb==0, which is not used.
@typea0 .. rd:5 ra:5 &typea0
+# Officially typea, but with ra as opcode.
+@typea_br .. rd:5 . rb:5 ... &typea_br
+
# Officially typeb, but any immediate extension is unused.
@typeb_bs .. rd:5 ra:5 . .. imm:5 &typeb
+# Officially typeb, but with ra as opcode.
+@typeb_br .. rd:5 . &typeb_br imm=%extimm
+
# For convenience, extract the two imm_w/imm_s fields, then pack
# them back together as "imm". Doing this makes it easiest to
# match the required zero at bit 5.
@@ -57,6 +65,9 @@ andi101001 . . @typeb
andn100011 . . . 000 @typea
andni 101011 . . @typeb
+brk 100110 . 01100 . 000 @typea_br
+brki101110 . 01100 @typeb_br
+
bsrl010001 . . . 000 @typea
bsra010001 . . . 010 @typea
bsll010001 . . . 100 @typea
diff --git a/linux-user/microblaze/cpu_loop.c b/linux-user/microblaze/cpu_loop.c
index 3de99ea311..c3396a6e09 100644
--- a/linux-user/microblaze/cpu_loop.c
+++ b/linux-user/microblaze/cpu_loop.c
@@ -48,7 +48,7 @@ void cpu_loop(CPUMBState *env)
case EXCP_INTERRUPT:
/* just indicate that signals should be handled asap */
break;
-case EXCP_BREAK:
+case EXCP_SYSCALL:
/* Return address is 4 bytes after the call. */
env->regs[14] += 4;
env->pc = env->regs[14];
diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
index 0e3be251a7..1667822fb7 100644
--- a/target/microblaze/helper.c
+++ b/target/microblaze/helper.c
@@ -230,7 +230,6 @@ void mb_cpu_do_interrupt(CPUState *cs)
//log_cpu_state_mask(CPU_LOG_INT, cs, 0);
break;
-case EXCP_BREAK:
case EXCP_HW_BREAK:
assert(!(env->iflags & IMM_FLAG));
assert(!(env->iflags & D_FLAG));
@@ -242,13 +241,8 @@ void mb_cpu_do_interrupt(CPUState *cs)
msr &= ~(MSR_VMS | MSR_UMS | MSR_VM | MSR_UM);
msr |= t;
msr |= MSR_BIP;
-if (cs->exception_index == EXCP_HW_BREAK) {
-env->regs[16] = env->pc;
-msr |= MSR_BIP;
-env->pc = cpu->cfg.base_vectors + 0x18;
-} else {
-env->pc = env->btarget;
-}
+env->regs[16] = env->pc;
+env->pc = cpu->cfg.base_vectors + 0x18;
mb_cpu_write_msr(env, msr);
break;
default:
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index fcfc1ac184..fc1c661368 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -1107,6 +1107,65 @@ static bool trans_swx(DisasContext *dc, arg_typea *arg)
return true;
}
+static bool trans_brk(DisasContext *dc, arg_typea_br *arg)
+{
+if (trap_userspace(dc, true)) {
+return true;
+}
+tcg_gen_mov_i32(cpu_pc, reg_for_read(dc, arg->rb));
+if (arg->rd) {
+tcg_gen_movi_i32(cpu_R[arg->rd], dc->base.
[PATCH 38/77] target/microblaze: Implement cmp and cmpu inline
These are simple enough operations; we do not need to
call an out-of-line helper.
Signed-off-by: Richard Henderson
---
target/microblaze/helper.h| 2 --
target/microblaze/op_helper.c | 20
target/microblaze/translate.c | 24 ++--
3 files changed, 22 insertions(+), 24 deletions(-)
diff --git a/target/microblaze/helper.h b/target/microblaze/helper.h
index 988abf7661..6f7f96421f 100644
--- a/target/microblaze/helper.h
+++ b/target/microblaze/helper.h
@@ -1,6 +1,4 @@
DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_WG, noreturn, env, i32)
-DEF_HELPER_2(cmp, i32, i32, i32)
-DEF_HELPER_2(cmpu, i32, i32, i32)
DEF_HELPER_3(divs, i32, env, i32, i32)
DEF_HELPER_3(divu, i32, env, i32, i32)
diff --git a/target/microblaze/op_helper.c b/target/microblaze/op_helper.c
index 9bb6a2ad76..f976d112eb 100644
--- a/target/microblaze/op_helper.c
+++ b/target/microblaze/op_helper.c
@@ -69,26 +69,6 @@ void helper_raise_exception(CPUMBState *env, uint32_t index)
cpu_loop_exit(cs);
}
-uint32_t helper_cmp(uint32_t a, uint32_t b)
-{
-uint32_t t;
-
-t = b + ~a + 1;
-if ((b & 0x8000) ^ (a & 0x8000))
-t = (t & 0x7fff) | (b & 0x8000);
-return t;
-}
-
-uint32_t helper_cmpu(uint32_t a, uint32_t b)
-{
-uint32_t t;
-
-t = b + ~a + 1;
-if ((b & 0x8000) ^ (a & 0x8000))
-t = (t & 0x7fff) | (a & 0x8000);
-return t;
-}
-
static inline int div_prepare(CPUMBState *env, uint32_t a, uint32_t b)
{
MicroBlazeCPU *cpu = env_archcpu(env);
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 98050f64b7..ce91645f05 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -327,8 +327,28 @@ DO_TYPEBV(addic, true, gen_addc)
DO_TYPEBI(addik, false, tcg_gen_addi_i32)
DO_TYPEBV(addikc, true, gen_addkc)
-DO_TYPEA(cmp, false, gen_helper_cmp)
-DO_TYPEA(cmpu, false, gen_helper_cmpu)
+static void gen_cmp(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
+{
+TCGv_i32 lt = tcg_temp_new_i32();
+
+tcg_gen_setcond_i32(TCG_COND_LT, lt, inb, ina);
+tcg_gen_sub_i32(out, inb, ina);
+tcg_gen_deposit_i32(out, out, lt, 31, 1);
+tcg_temp_free_i32(lt);
+}
+
+static void gen_cmpu(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
+{
+TCGv_i32 lt = tcg_temp_new_i32();
+
+tcg_gen_setcond_i32(TCG_COND_LTU, lt, inb, ina);
+tcg_gen_sub_i32(out, inb, ina);
+tcg_gen_deposit_i32(out, out, lt, 31, 1);
+tcg_temp_free_i32(lt);
+}
+
+DO_TYPEA(cmp, false, gen_cmp)
+DO_TYPEA(cmpu, false, gen_cmpu)
/* No input carry, but output carry. */
static void gen_rsub(TCGv_i32 out, TCGv_i32 ina, TCGv_i32 inb)
--
2.25.1
