Re: [PATCH 0/3] Bypass specific network traffic in COLO

[Jason Wang]

On 2020/12/24 上午9:09, Zhang Chen wrote:

From: Zhang Chen 

Since the real user scenario does not need to monitor all traffic.



Hi Chen:

It would be better to elaborate more on this. E.g what scenario and who 
will use those new QMP/HMP commands.


Thanks



This series give user ability to bypass kinds of network stream.

Zhang Chen (3):
   qapi/net: Add new QMP command for COLO passthrough
   hmp-commands: Add new HMP command for COLO passthrough
   net/colo-compare: Add handler for passthrough connection

  hmp-commands.hx   | 26 +++
  include/monitor/hmp.h |  2 ++
  monitor/hmp-cmds.c| 20 ++
  net/colo-compare.c| 49 +++
  net/colo-compare.h|  2 ++
  net/net.c | 39 ++
  qapi/net.json | 46 
  7 files changed, 184 insertions(+)

Re: [PATCH 1/3] qapi/net: Add new QMP command for COLO passthrough

[Jason Wang]

On 2020/12/24 上午9:09, Zhang Chen wrote:

From: Zhang Chen 

Since the real user scenario does not need to monitor all traffic.
Add colo-passthrough-add and colo-passthrough-del to maintain
a COLO network passthrough list.

Signed-off-by: Zhang Chen 
---
  net/net.c | 12 
  qapi/net.json | 46 ++
  2 files changed, 58 insertions(+)

diff --git a/net/net.c b/net/net.c
index e1035f21d1..eac7a92618 100644
--- a/net/net.c
+++ b/net/net.c
@@ -1151,6 +1151,18 @@ void qmp_netdev_del(const char *id, Error **errp)
  qemu_del_net_client(nc);
  }
  
+void qmp_colo_passthrough_add(const char *prot, const uint32_t port,

+  Error **errp)
+{
+/* Setup passthrough connection */
+}
+
+void qmp_colo_passthrough_del(const char *prot, const uint32_t port,
+  Error **errp)
+{
+/* Delete passthrough connection */
+}
+
  static void netfilter_print_info(Monitor *mon, NetFilterState *nf)
  {
  char *str;
diff --git a/qapi/net.json b/qapi/net.json
index c31748c87f..466c29714e 100644
--- a/qapi/net.json
+++ b/qapi/net.json
@@ -714,3 +714,49 @@
  ##
  { 'event': 'FAILOVER_NEGOTIATED',
'data': {'device-id': 'str'} }
+
+##
+# @colo-passthrough-add:
+#
+# Add passthrough entry according to customer's needs in COLO-compare.
+#
+# @protocol: COLO passthrough just support TCP and UDP.
+#
+# @port: TCP or UDP port number.
+#
+# Returns: Nothing on success
+#
+# Since: 5.3
+#
+# Example:
+#
+# -> { "execute": "colo-passthrough-add",
+#  "arguments": { "protocol": "tcp", "port": 3389 } }
+# <- { "return": {} }
+#
+##
+{ 'command': 'colo-passthrough-add',
+ 'data': {'protocol': 'str', 'port': 'uint32'} }



Do we plan to support 4-tuple (src ip,src port, dst ip, dst port) in the 
future? If yes, let's add them now.


And do we plan to support wildcard here?

Thanks



+
+##
+# @colo-passthrough-del:
+#
+# Delete passthrough entry according to customer's needs in COLO-compare.
+#
+# @protocol: COLO passthrough just support TCP and UDP.
+#
+# @port: TCP or UDP port number.
+#
+# Returns: Nothing on success
+#
+# Since: 5.3
+#
+# Example:
+#
+# -> { "execute": "colo-passthrough-del",
+#  "arguments": { "protocol": "tcp", "port": 3389 } }
+# <- { "return": {} }
+#
+##
+{ 'command': 'colo-passthrough-del',
+ 'data': {'protocol': 'str', 'port': 'uint32'} }

Re: [PATCH v3 3/8] hw/pci-host/bonito: Fixup IRQ mapping

[Jiaxun Yang]

在 2020/12/24 16:40, BALATON Zoltan 写道:

On Thu, 24 Dec 2020, BALATON Zoltan via wrote:

On Thu, 24 Dec 2020, Jiaxun Yang wrote:

Accroading to arch/mips/pci/fixup-fuloong2e.c in kernel,


Typo: According

How come, you say you can boot to Debian installer but don't need any 
IDE changes when the kernel you submitted as test was shown not 
working with current IDE emulation? Which installer do you use and 
what kernel does that have? (The references to the installer and PMON 
are now missing in your cover letter.)


Got the reference from v2 cover letter and it's a netboot kernel with 
an initrd so maybe you did boot into that but did not yet test with CD 
image or HDD so did not get to the IDE problem yet.


Yes, I found this IRQ issue when I was trying to connect to ethernet.

Sorry for other stupid mistakes in ther series :-(
Needs coffee at the moment.

Thanks.

- Jiaxun



Regards,
BALATON Zoltan


despites south bridge IRQs needs special care, all other
IRQ pins are mapped by 'LOONGSON_IRQ_BASE + 25 + pin'.

As south bridge IRQs are all handled by ISA bus, we can
make a simple direct mapping.

Signed-off-by: Jiaxun Yang 
---
v3: Define BONITO_PCI_IRQ_BASE for readability (f4bug)
---
hw/pci-host/bonito.c | 30 +++---
1 file changed, 7 insertions(+), 23 deletions(-)

diff --git a/hw/pci-host/bonito.c b/hw/pci-host/bonito.c
index a99eced065..3fad470fc6 100644
--- a/hw/pci-host/bonito.c
+++ b/hw/pci-host/bonito.c
@@ -62,6 +62,9 @@
#define DPRINTF(fmt, ...)
#endif

+/* PCI slots IRQ pins start position */
+#define BONITO_PCI_IRQ_BASE 25
+
/* from linux soure code. include/asm-mips/mips-boards/bonito64.h*/
#define BONITO_BOOT_BASE    0x1fc0
#define BONITO_BOOT_SIZE    0x0010
@@ -546,19 +549,16 @@ static const MemoryRegionOps 
bonito_spciconf_ops = {

    .endianness = DEVICE_NATIVE_ENDIAN,
};

-#define BONITO_IRQ_BASE 32
-
static void pci_bonito_set_irq(void *opaque, int irq_num, int level)
{
    BonitoState *s = opaque;
    qemu_irq *pic = s->pic;
    PCIBonitoState *bonito_state = s->pci_dev;
-    int internal_irq = irq_num - BONITO_IRQ_BASE;

-    if (bonito_state->regs[BONITO_INTEDGE] & (1 << internal_irq)) {
+    if (bonito_state->regs[BONITO_INTEDGE] & (1 << irq_num)) {
    qemu_irq_pulse(*pic);
    } else {   /* level triggered */
-    if (bonito_state->regs[BONITO_INTPOL] & (1 << internal_irq)) {
+    if (bonito_state->regs[BONITO_INTPOL] & (1 << irq_num)) {
    qemu_irq_raise(*pic);
    } else {
    qemu_irq_lower(*pic);
@@ -566,25 +566,9 @@ static void pci_bonito_set_irq(void *opaque, 
int irq_num, int level)

    }
}

-/* map the original irq (0~3) to bonito irq (16~47, but 16~31 are 
unused) */

-static int pci_bonito_map_irq(PCIDevice *pci_dev, int irq_num)
+static int pci_bonito_map_irq(PCIDevice *pci_dev, int pin)
{
-    int slot;
-
-    slot = (pci_dev->devfn >> 3);
-
-    switch (slot) {
-    case 5:   /* FULOONG2E_VIA_SLOT, SouthBridge, IDE, USB, ACPI, 
AC97, MC97 */

-    return irq_num % 4 + BONITO_IRQ_BASE;
-    case 6:   /* FULOONG2E_ATI_SLOT, VGA */
-    return 4 + BONITO_IRQ_BASE;
-    case 7:   /* FULOONG2E_RTL_SLOT, RTL8139 */
-    return 5 + BONITO_IRQ_BASE;
-    case 8 ... 12: /* PCI slot 1 to 4 */
-    return (slot - 8 + irq_num) + 6 + BONITO_IRQ_BASE;
-    default:  /* Unknown device, don't do any translation */
-    return irq_num;
-    }
+    return BONITO_PCI_IRQ_BASE + pin;
}

static void bonito_reset(void *opaque)

Re: [PATCH 2/2] via-ide: Fix fuloong2e support

[Guenter Roeck]

On Fri, Dec 25, 2020 at 12:23:37AM +0100, BALATON Zoltan wrote:
> From: Guenter Roeck 
> 
> Fuloong2e needs to use legacy mode for IDE support to work with Linux.
> Add property to via-ide driver to make the mode configurable, and set
> legacy mode for Fuloong2e.
> 
> Signed-off-by: Guenter Roeck 
> [balaton: Use bit in flags for property, add comment for missing BAR4]
> Signed-off-by: BALATON Zoltan 

Tested-by: Guenter Roeck 

> ---
>  hw/ide/via.c| 19 +--
>  hw/mips/fuloong2e.c |  4 +++-
>  2 files changed, 20 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/ide/via.c b/hw/ide/via.c
> index be09912b33..7d54d7e829 100644
> --- a/hw/ide/via.c
> +++ b/hw/ide/via.c
> @@ -26,6 +26,7 @@
>  
>  #include "qemu/osdep.h"
>  #include "hw/pci/pci.h"
> +#include "hw/qdev-properties.h"
>  #include "migration/vmstate.h"
>  #include "qemu/module.h"
>  #include "sysemu/dma.h"
> @@ -185,12 +186,19 @@ static void via_ide_realize(PCIDevice *dev, Error 
> **errp)
>&d->bus[1], "via-ide1-cmd", 4);
>  pci_register_bar(dev, 3, PCI_BASE_ADDRESS_SPACE_IO, &d->cmd_bar[1]);
>  
> -bmdma_setup_bar(d);
> -pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
> +if (!(d->flags & BIT(PCI_IDE_LEGACY_MODE))) {
> +/* Missing BAR4 will make Linux driver fall back to legacy PIO mode 
> */
> +bmdma_setup_bar(d);
> +pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
> +}
>  
>  qdev_init_gpio_in(ds, via_ide_set_irq, 2);
>  for (i = 0; i < 2; i++) {
>  ide_bus_new(&d->bus[i], sizeof(d->bus[i]), ds, i, 2);
> +if (d->flags & BIT(PCI_IDE_LEGACY_MODE)) {
> +ide_init_ioport(&d->bus[i], NULL, i ? 0x170 : 0x1f0,
> +i ? 0x376 : 0x3f6);
> +}
>  ide_init2(&d->bus[i], qdev_get_gpio_in(ds, i));
>  
>  bmdma_init(&d->bus[i], &d->bmdma[i], d);
> @@ -210,6 +218,12 @@ static void via_ide_exitfn(PCIDevice *dev)
>  }
>  }
>  
> +static Property via_ide_properties[] = {
> +DEFINE_PROP_BIT("legacy_mode", PCIIDEState, flags, PCI_IDE_LEGACY_MODE,
> +false),
> +DEFINE_PROP_END_OF_LIST(),
> +};
> +
>  static void via_ide_class_init(ObjectClass *klass, void *data)
>  {
>  DeviceClass *dc = DEVICE_CLASS(klass);
> @@ -223,6 +237,7 @@ static void via_ide_class_init(ObjectClass *klass, void 
> *data)
>  k->device_id = PCI_DEVICE_ID_VIA_IDE;
>  k->revision = 0x06;
>  k->class_id = PCI_CLASS_STORAGE_IDE;
> +device_class_set_props(dc, via_ide_properties);
>  set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
>  }
>  
> diff --git a/hw/mips/fuloong2e.c b/hw/mips/fuloong2e.c
> index 45c596f4fe..f0733e87b7 100644
> --- a/hw/mips/fuloong2e.c
> +++ b/hw/mips/fuloong2e.c
> @@ -253,7 +253,9 @@ static void vt82c686b_southbridge_init(PCIBus *pci_bus, 
> int slot, qemu_irq intc,
>  /* Super I/O */
>  isa_create_simple(isa_bus, TYPE_VT82C686B_SUPERIO);
>  
> -dev = pci_create_simple(pci_bus, PCI_DEVFN(slot, 1), "via-ide");
> +dev = pci_new(PCI_DEVFN(slot, 1), "via-ide");
> +qdev_prop_set_bit(&dev->qdev, "legacy_mode", true);
> +pci_realize_and_unref(dev, pci_bus, &error_fatal);
>  pci_ide_create_devs(dev);
>  
>  pci_create_simple(pci_bus, PCI_DEVFN(slot, 2), "vt82c686b-usb-uhci");
> -- 
> 2.21.3
> 

Re: [PATCH 1/2] ide: Make room for flags in PCIIDEState and add one for legacy mode

[Guenter Roeck]

On Fri, Dec 25, 2020 at 12:23:37AM +0100, BALATON Zoltan wrote:
> We'll need a flag for implementing some device specific behaviour in
> via-ide but we already have a currently CMD646 specific field that can
> be repurposed for this and leave room for furhter flags if needed in

further

> the future. This patch changes the "secondary" field to "flags" and
> change CMD646 and its users accordingly and define a new flag for
> forcing legacy mode that will be used by via-ide for now.
> 
> Signed-off-by: BALATON Zoltan 

Reviewed-and-tested-by: Guenter Roeck 

> ---
>  hw/ide/cmd646.c  | 4 ++--
>  hw/sparc64/sun4u.c   | 2 +-
>  include/hw/ide/pci.h | 7 ++-
>  3 files changed, 9 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
> index c254631485..7a96016116 100644
> --- a/hw/ide/cmd646.c
> +++ b/hw/ide/cmd646.c
> @@ -256,7 +256,7 @@ static void pci_cmd646_ide_realize(PCIDevice *dev, Error 
> **errp)
>  pci_conf[PCI_CLASS_PROG] = 0x8f;
>  
>  pci_conf[CNTRL] = CNTRL_EN_CH0; // enable IDE0
> -if (d->secondary) {
> +if (d->flags & BIT(PCI_IDE_SECONDARY)) {
>  /* XXX: if not enabled, really disable the seconday IDE controller */
>  pci_conf[CNTRL] |= CNTRL_EN_CH1; /* enable IDE1 */
>  }
> @@ -314,7 +314,7 @@ static void pci_cmd646_ide_exitfn(PCIDevice *dev)
>  }
>  
>  static Property cmd646_ide_properties[] = {
> -DEFINE_PROP_UINT32("secondary", PCIIDEState, secondary, 0),
> +DEFINE_PROP_BIT("secondary", PCIIDEState, flags, PCI_IDE_SECONDARY, 
> false),
>  DEFINE_PROP_END_OF_LIST(),
>  };
>  
> diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
> index 0fa13a7330..c46baa9f48 100644
> --- a/hw/sparc64/sun4u.c
> +++ b/hw/sparc64/sun4u.c
> @@ -674,7 +674,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
>  }
>  
>  pci_dev = pci_new(PCI_DEVFN(3, 0), "cmd646-ide");
> -qdev_prop_set_uint32(&pci_dev->qdev, "secondary", 1);
> +qdev_prop_set_bit(&pci_dev->qdev, "secondary", true);
>  pci_realize_and_unref(pci_dev, pci_busA, &error_fatal);
>  pci_ide_create_devs(pci_dev);
>  
> diff --git a/include/hw/ide/pci.h b/include/hw/ide/pci.h
> index d8384e1c42..75d1a32f6d 100644
> --- a/include/hw/ide/pci.h
> +++ b/include/hw/ide/pci.h
> @@ -42,6 +42,11 @@ typedef struct BMDMAState {
>  #define TYPE_PCI_IDE "pci-ide"
>  OBJECT_DECLARE_SIMPLE_TYPE(PCIIDEState, PCI_IDE)
>  
> +enum {
> +PCI_IDE_SECONDARY, /* used only for cmd646 */
> +PCI_IDE_LEGACY_MODE
> +};
> +
>  struct PCIIDEState {
>  /*< private >*/
>  PCIDevice parent_obj;
> @@ -49,7 +54,7 @@ struct PCIIDEState {
>  
>  IDEBus bus[2];
>  BMDMAState bmdma[2];
> -uint32_t secondary; /* used only for cmd646 */
> +uint32_t flags;
>  MemoryRegion bmdma_bar;
>  MemoryRegion cmd_bar[2];
>  MemoryRegion data_bar[2];
> -- 
> 2.21.3
> 

Re: [PATCH 4/4] fuzz: delay IO until they can't trigger the crash

[Alexander Bulekov]

On 201223 0920, Qiuhao Li wrote:
> On Tue, 2020-12-22 at 13:30 -0500, Alexander Bulekov wrote:
> > On 201222 1922, Qiuhao Li wrote:
> > > On Mon, 2020-12-21 at 16:17 -0500, Alexander Bulekov wrote:
> > > > On 201220 0256, Qiuhao Li wrote:
> > > > > Since programmers usually trigger an IO just before they need
> > > > > it.
> > > > > Try to
> > > > > delay some IO instructions may help us better understanding the
> > > > > timing
> > > > > context when debug.
> > > > >
> > > > > Tested with Bug 1908062. Refined vs. Original result:
> > > > >
> > > > > outl 0xcf8 0x881coutl 0xcf8 0x0
> > > > > outb 0xcfc 0xc3| outl 0xcf8 0x881c
> > > > > outl 0xcf8 0x8804  | outb 0xcfc 0xc3
> > > > > outl 0xcfc 0x1006  | outl 0xcf8 0x8804
> > > > > write 0xc31028 0x1 0x5a| outl 0xcfc 0x1006
> > > > > write 0xc31024 0x2 0x10| write 0xc31028 0x1 0x5a
> > > > > write 0xc3101c 0x1 0x01| writel 0xc3100c 0x2a6f6c63
> > > > > write 0xc33002 0x1 0x0 v write 0xc31024 0x2 0x10
> > > > > write 0x5c 0x1 0x10  write 0xc3101c 0x1 0x01
> > > > > writel 0xc3100c 0x2a6f6c63   write 0xc31018 0x1 0x80
> > > > > write 0xc31018 0x1 0x80  write 0x5c 0x1 0x10
> > > > > outl 0xcf8 0x0   write 0xc33002 0x1 0x0
> > > > >
> > > >
> > > > In this example, I can remove the outl 0xcf8 0x0, and I still see
> > > > the
> > > > crash, so maybe the 1st step in the minimizer is failing
> > > > somewhere..
> > >
> > > I think it might because of our one-time scan and remove strategy,
> > > which is not suitable for timing dependent instructions.
> > >
> > > For example, instruction A will indicate an address where the
> > > config
> > > chunk locates, and instruction B will make the configuration
> > > active. If
> > > we have the following instruction sequence:
> > >
> > > ...
> > > A1
> > > B1
> > > A2
> > > B2
> > > ...
> > >
> > > A2 and B2 are the actual instructions that trigger the bug.
> > >
> > > If we scan from top to bottom, after we remove A1, the behavior of
> > > B1
> > > might be unknowable, including not to crash the program. But we
> > > will
> > > successfully remove B1 later cause A2 and B2 will crash the process
> > > anyway:
> > >
> > > ...
> > > A1
> > > A2
> > > B2
> > > ...
> > >
> > > Now one more trimming will remove A1.
> > >
> > > As for the example I gave, the instructions before the delaying
> > > minimizer are like this:
> > >
> > > outl 0xcf8 0x881c
> > > outb 0xcfc 0xc3
> > > outl 0xcf8 0x0<--- The A instruction, didn't be
> > > removed
> > > (outl 0xcfc 0x0)  <--- The B instruction, removed
> > > outl 0xcf8 0x8804
> > > outl 0xcfc 0x1006
> > > write 0xc31024 0x2 0x10
> > > write 0xc31028 0x1 0x5a
> > > write 0xc3101c 0x1 0x01
> > > writel 0xc3100c 0x2a6f6c63
> > > write 0xc31018 0x1 0x80
> > > write 0x5c 0x1 0x10
> > > write 0xc33002 0x1 0x0
> > >
> > > If we run the remove minimizer again, The A instruction outl 0xcf8
> > > 0x0
> > > will be removed.
> > >
> > > Since we only remove instructions, this iterative algorithm is
> > > converging. Maybe we can keep removing the trace until the
> > > len(newtrace) become unchanged.
> > >
> >
> > I found a bunch of work related to this "test-case minimization".
> > There
> > are algorithms such as "ddmin" that try to tackle this. There might
> > be
> > some interesting ideas there.
> 
> Thanks, I will have a look.
> 
> > I think in the perfect case, we would need to be able to remove A and
> > B
> > at the same time. You described the situation where B1 might lead to
> > a
> > bad state without A1, but there is also the possibility that A1 might
> > leave bad state around, without B1. And both of these might be true
> > at
> > the same time :) Probably not something we encounter very often,
> > though.
> 
> You are right, and even there can be three instructions which must be removed 
> together ;) But for now, how about we just add a if(len(newtrace) == old_len) 
> loop  around remove minimizer? No harm.
> 
Sounds good to me. Certainly an improvement over what we have now.

> Do you think this kind of dependence will exist in bits of the write/out 
> commands? How about adding if(num_bits(data) == old_num) loop around the 
> setting zero minimizer?
> 

It may be, however, I am worried about the peformance penalty of
bit-wise minimization. If the penalty is too great, it might make sense
to make bit-wise minimzation optional (argv or env variable).

As a side note, I think I just minimized one of the largest reproducers
reported by OSS-Fuzz so-far (by qtest command count):
https://bugs.launchpad.net/qemu/+bug/1909261/comments/2

It's 320k bytes (6500 QTest instructions). The current script got it
down to 61k (2846 instructions), and it probably took 2+ hours.
This might be a good benchmark for testing improvements to the script
both in terms of time to minimiz

[Bug 1909261] Re: [OSS-Fuzz] Issue 28929 xhci: ASSERT: xfer->packet.status != USB_RET_NAK

[Alexander Bulekov]

Full reproducer:
./qemu-system-i386 -m 512M -machine q35,accel=qtest \
 -drive file=null-co://,if=none,format=raw,id=disk0 \
-device qemu-xhci,id=xhci -device usb-tablet,bus=xhci.0 \
-device usb-bot -device usb-storage,drive=disk0 \
-chardev null,id=cd0 -chardev null,id=cd1 \
-device usb-braille,chardev=cd0 -device usb-ccid \
-device usb-ccid -device usb-kbd -device usb-mouse \
-device usb-serial,chardev=cd1 -device usb-tablet \
-device usb-wacom-tablet -device usb-audio \
-qtest stdio -nographic -nodefaults < full_reproducer

** Attachment added: "full_reproducer"
   
https://bugs.launchpad.net/qemu/+bug/1909261/+attachment/5446641/+files/full_reproducer

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1909261

Title:
  [OSS-Fuzz]  Issue 28929 xhci: ASSERT: xfer->packet.status !=
  USB_RET_NAK

Status in QEMU:
  New

Bug description:
  === Reproducer ===

  ./qemu-system-i386 -m 512M -machine q35,accel=qtest \
   -drive file=null-co://,if=none,format=raw,id=disk0 \
  -device qemu-xhci,id=xhci -device usb-tablet,bus=xhci.0 \
  -device usb-bot -device usb-storage,drive=disk0 \
  -chardev null,id=cd0 -chardev null,id=cd1 \
  -device usb-braille,chardev=cd0 -device usb-ccid \
  -device usb-ccid -device usb-kbd -device usb-mouse \
  -device usb-serial,chardev=cd1 -device usb-tablet \
  -device usb-wacom-tablet -device usb-audio \
  -qtest stdio -nographic -nodefaults < attachment

  === Stack Trace ===
  #0 raise
  #1 abort
  #2 libc.so.6
  #3 __assert_fail
  #4 xhci_kick_epctx /src/qemu/hw/usb/hcd-xhci.c:1865:13
  #5 xhci_ep_kick_timer /src/qemu/hw/usb/hcd-xhci.c:1034:5
  #6 timerlist_run_timers /src/qemu/util/qemu-timer.c:574:9
  #7 qemu_clock_run_timers /src/qemu/util/qemu-timer.c:588:12
  #8 qtest_clock_warp /src/qemu/softmmu/qtest.c:356:9
  #9 qtest_process_command /src/qemu/softmmu/qtest.c:752:9
  #10 qtest_process_inbuf /src/qemu/softmmu/qtest.c:797:9
  #11 qtest_server_inproc_recv /src/qemu/softmmu/qtest.c:904:9
  #12 send_wrapper /src/qemu/tests/qtest/libqtest.c:1390:5
  #13 qtest_sendf /src/qemu/tests/qtest/libqtest.c:438:5
  #14 qtest_clock_step_next /src/qemu/tests/qtest/libqtest.c:912:5
  #15 op_clock_step /src/qemu/tests/qtest/fuzz/generic_fuzz.c:574:5

  OSS-Fuzz Report:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28929

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1909261/+subscriptions

[Bug 1909261] [NEW] [OSS-Fuzz] Issue 28929 xhci: ASSERT: xfer->packet.status != USB_RET_NAK

[Alexander Bulekov]

Public bug reported:

=== Reproducer ===

./qemu-system-i386 -m 512M -machine q35,accel=qtest \
 -drive file=null-co://,if=none,format=raw,id=disk0 \
-device qemu-xhci,id=xhci -device usb-tablet,bus=xhci.0 \
-device usb-bot -device usb-storage,drive=disk0 \
-chardev null,id=cd0 -chardev null,id=cd1 \
-device usb-braille,chardev=cd0 -device usb-ccid \
-device usb-ccid -device usb-kbd -device usb-mouse \
-device usb-serial,chardev=cd1 -device usb-tablet \
-device usb-wacom-tablet -device usb-audio \
-qtest stdio -nographic -nodefaults < attachment

=== Stack Trace ===
#0 raise
#1 abort
#2 libc.so.6
#3 __assert_fail
#4 xhci_kick_epctx /src/qemu/hw/usb/hcd-xhci.c:1865:13
#5 xhci_ep_kick_timer /src/qemu/hw/usb/hcd-xhci.c:1034:5
#6 timerlist_run_timers /src/qemu/util/qemu-timer.c:574:9
#7 qemu_clock_run_timers /src/qemu/util/qemu-timer.c:588:12
#8 qtest_clock_warp /src/qemu/softmmu/qtest.c:356:9
#9 qtest_process_command /src/qemu/softmmu/qtest.c:752:9
#10 qtest_process_inbuf /src/qemu/softmmu/qtest.c:797:9
#11 qtest_server_inproc_recv /src/qemu/softmmu/qtest.c:904:9
#12 send_wrapper /src/qemu/tests/qtest/libqtest.c:1390:5
#13 qtest_sendf /src/qemu/tests/qtest/libqtest.c:438:5
#14 qtest_clock_step_next /src/qemu/tests/qtest/libqtest.c:912:5
#15 op_clock_step /src/qemu/tests/qtest/fuzz/generic_fuzz.c:574:5

OSS-Fuzz Report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28929

** Affects: qemu
 Importance: Undecided
 Status: New

** Attachment added: "reproducer"
   https://bugs.launchpad.net/bugs/1909261/+attachment/5446640/+files/attachment

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1909261

Title:
  [OSS-Fuzz]  Issue 28929 xhci: ASSERT: xfer->packet.status !=
  USB_RET_NAK

Status in QEMU:
  New

Bug description:
  === Reproducer ===

  ./qemu-system-i386 -m 512M -machine q35,accel=qtest \
   -drive file=null-co://,if=none,format=raw,id=disk0 \
  -device qemu-xhci,id=xhci -device usb-tablet,bus=xhci.0 \
  -device usb-bot -device usb-storage,drive=disk0 \
  -chardev null,id=cd0 -chardev null,id=cd1 \
  -device usb-braille,chardev=cd0 -device usb-ccid \
  -device usb-ccid -device usb-kbd -device usb-mouse \
  -device usb-serial,chardev=cd1 -device usb-tablet \
  -device usb-wacom-tablet -device usb-audio \
  -qtest stdio -nographic -nodefaults < attachment

  === Stack Trace ===
  #0 raise
  #1 abort
  #2 libc.so.6
  #3 __assert_fail
  #4 xhci_kick_epctx /src/qemu/hw/usb/hcd-xhci.c:1865:13
  #5 xhci_ep_kick_timer /src/qemu/hw/usb/hcd-xhci.c:1034:5
  #6 timerlist_run_timers /src/qemu/util/qemu-timer.c:574:9
  #7 qemu_clock_run_timers /src/qemu/util/qemu-timer.c:588:12
  #8 qtest_clock_warp /src/qemu/softmmu/qtest.c:356:9
  #9 qtest_process_command /src/qemu/softmmu/qtest.c:752:9
  #10 qtest_process_inbuf /src/qemu/softmmu/qtest.c:797:9
  #11 qtest_server_inproc_recv /src/qemu/softmmu/qtest.c:904:9
  #12 send_wrapper /src/qemu/tests/qtest/libqtest.c:1390:5
  #13 qtest_sendf /src/qemu/tests/qtest/libqtest.c:438:5
  #14 qtest_clock_step_next /src/qemu/tests/qtest/libqtest.c:912:5
  #15 op_clock_step /src/qemu/tests/qtest/fuzz/generic_fuzz.c:574:5

  OSS-Fuzz Report:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28929

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1909261/+subscriptions

[PATCH 1/2] ide: Make room for flags in PCIIDEState and add one for legacy mode

[BALATON Zoltan via]

We'll need a flag for implementing some device specific behaviour in
via-ide but we already have a currently CMD646 specific field that can
be repurposed for this and leave room for furhter flags if needed in
the future. This patch changes the "secondary" field to "flags" and
change CMD646 and its users accordingly and define a new flag for
forcing legacy mode that will be used by via-ide for now.

Signed-off-by: BALATON Zoltan 
---
 hw/ide/cmd646.c  | 4 ++--
 hw/sparc64/sun4u.c   | 2 +-
 include/hw/ide/pci.h | 7 ++-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index c254631485..7a96016116 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -256,7 +256,7 @@ static void pci_cmd646_ide_realize(PCIDevice *dev, Error 
**errp)
 pci_conf[PCI_CLASS_PROG] = 0x8f;
 
 pci_conf[CNTRL] = CNTRL_EN_CH0; // enable IDE0
-if (d->secondary) {
+if (d->flags & BIT(PCI_IDE_SECONDARY)) {
 /* XXX: if not enabled, really disable the seconday IDE controller */
 pci_conf[CNTRL] |= CNTRL_EN_CH1; /* enable IDE1 */
 }
@@ -314,7 +314,7 @@ static void pci_cmd646_ide_exitfn(PCIDevice *dev)
 }
 
 static Property cmd646_ide_properties[] = {
-DEFINE_PROP_UINT32("secondary", PCIIDEState, secondary, 0),
+DEFINE_PROP_BIT("secondary", PCIIDEState, flags, PCI_IDE_SECONDARY, false),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 0fa13a7330..c46baa9f48 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -674,7 +674,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 }
 
 pci_dev = pci_new(PCI_DEVFN(3, 0), "cmd646-ide");
-qdev_prop_set_uint32(&pci_dev->qdev, "secondary", 1);
+qdev_prop_set_bit(&pci_dev->qdev, "secondary", true);
 pci_realize_and_unref(pci_dev, pci_busA, &error_fatal);
 pci_ide_create_devs(pci_dev);
 
diff --git a/include/hw/ide/pci.h b/include/hw/ide/pci.h
index d8384e1c42..75d1a32f6d 100644
--- a/include/hw/ide/pci.h
+++ b/include/hw/ide/pci.h
@@ -42,6 +42,11 @@ typedef struct BMDMAState {
 #define TYPE_PCI_IDE "pci-ide"
 OBJECT_DECLARE_SIMPLE_TYPE(PCIIDEState, PCI_IDE)
 
+enum {
+PCI_IDE_SECONDARY, /* used only for cmd646 */
+PCI_IDE_LEGACY_MODE
+};
+
 struct PCIIDEState {
 /*< private >*/
 PCIDevice parent_obj;
@@ -49,7 +54,7 @@ struct PCIIDEState {
 
 IDEBus bus[2];
 BMDMAState bmdma[2];
-uint32_t secondary; /* used only for cmd646 */
+uint32_t flags;
 MemoryRegion bmdma_bar;
 MemoryRegion cmd_bar[2];
 MemoryRegion data_bar[2];
-- 
2.21.3

[PATCH 2/2] via-ide: Fix fuloong2e support

[BALATON Zoltan via]

From: Guenter Roeck 

Fuloong2e needs to use legacy mode for IDE support to work with Linux.
Add property to via-ide driver to make the mode configurable, and set
legacy mode for Fuloong2e.

Signed-off-by: Guenter Roeck 
[balaton: Use bit in flags for property, add comment for missing BAR4]
Signed-off-by: BALATON Zoltan 
---
 hw/ide/via.c| 19 +--
 hw/mips/fuloong2e.c |  4 +++-
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/hw/ide/via.c b/hw/ide/via.c
index be09912b33..7d54d7e829 100644
--- a/hw/ide/via.c
+++ b/hw/ide/via.c
@@ -26,6 +26,7 @@
 
 #include "qemu/osdep.h"
 #include "hw/pci/pci.h"
+#include "hw/qdev-properties.h"
 #include "migration/vmstate.h"
 #include "qemu/module.h"
 #include "sysemu/dma.h"
@@ -185,12 +186,19 @@ static void via_ide_realize(PCIDevice *dev, Error **errp)
   &d->bus[1], "via-ide1-cmd", 4);
 pci_register_bar(dev, 3, PCI_BASE_ADDRESS_SPACE_IO, &d->cmd_bar[1]);
 
-bmdma_setup_bar(d);
-pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
+if (!(d->flags & BIT(PCI_IDE_LEGACY_MODE))) {
+/* Missing BAR4 will make Linux driver fall back to legacy PIO mode */
+bmdma_setup_bar(d);
+pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
+}
 
 qdev_init_gpio_in(ds, via_ide_set_irq, 2);
 for (i = 0; i < 2; i++) {
 ide_bus_new(&d->bus[i], sizeof(d->bus[i]), ds, i, 2);
+if (d->flags & BIT(PCI_IDE_LEGACY_MODE)) {
+ide_init_ioport(&d->bus[i], NULL, i ? 0x170 : 0x1f0,
+i ? 0x376 : 0x3f6);
+}
 ide_init2(&d->bus[i], qdev_get_gpio_in(ds, i));
 
 bmdma_init(&d->bus[i], &d->bmdma[i], d);
@@ -210,6 +218,12 @@ static void via_ide_exitfn(PCIDevice *dev)
 }
 }
 
+static Property via_ide_properties[] = {
+DEFINE_PROP_BIT("legacy_mode", PCIIDEState, flags, PCI_IDE_LEGACY_MODE,
+false),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void via_ide_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -223,6 +237,7 @@ static void via_ide_class_init(ObjectClass *klass, void 
*data)
 k->device_id = PCI_DEVICE_ID_VIA_IDE;
 k->revision = 0x06;
 k->class_id = PCI_CLASS_STORAGE_IDE;
+device_class_set_props(dc, via_ide_properties);
 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
 }
 
diff --git a/hw/mips/fuloong2e.c b/hw/mips/fuloong2e.c
index 45c596f4fe..f0733e87b7 100644
--- a/hw/mips/fuloong2e.c
+++ b/hw/mips/fuloong2e.c
@@ -253,7 +253,9 @@ static void vt82c686b_southbridge_init(PCIBus *pci_bus, int 
slot, qemu_irq intc,
 /* Super I/O */
 isa_create_simple(isa_bus, TYPE_VT82C686B_SUPERIO);
 
-dev = pci_create_simple(pci_bus, PCI_DEVFN(slot, 1), "via-ide");
+dev = pci_new(PCI_DEVFN(slot, 1), "via-ide");
+qdev_prop_set_bit(&dev->qdev, "legacy_mode", true);
+pci_realize_and_unref(dev, pci_bus, &error_fatal);
 pci_ide_create_devs(dev);
 
 pci_create_simple(pci_bus, PCI_DEVFN(slot, 2), "vt82c686b-usb-uhci");
-- 
2.21.3

[PATCH 0/2] Fix via-ide for fuloong2e

[BALATON Zoltan via]

This implements the legacy-mode emulation option for via-ide which is
needed for Linux on fuloong2e. I've tested that the Debian kernel now
finds CD ROM and MorphOS on pegasos2 is not affected by this.

BALATON Zoltan (1):
  ide: Make room for flags in PCIIDEState and add one for legacy mode

Guenter Roeck (1):
  via-ide: Fix fuloong2e support

 hw/ide/cmd646.c  |  4 ++--
 hw/ide/via.c | 19 +--
 hw/mips/fuloong2e.c  |  4 +++-
 hw/sparc64/sun4u.c   |  2 +-
 include/hw/ide/pci.h |  7 ++-
 5 files changed, 29 insertions(+), 7 deletions(-)

-- 
2.21.3

[PATCH 15/15] tcg/arm: Implement TCG_TARGET_HAS_rotv_vec

[Richard Henderson]

Implement via expansion, so don't actually set TCG_TARGET_HAS_rotv_vec.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.c.inc | 33 -
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 5cae6b2749..f107478877 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -2950,6 +2950,8 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 case INDEX_op_shrv_vec:
 case INDEX_op_sarv_vec:
 case INDEX_op_rotli_vec:
+case INDEX_op_rotlv_vec:
+case INDEX_op_rotrv_vec:
 return -1;
 default:
 return 0;
@@ -2960,7 +2962,7 @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece,
TCGArg a0, ...)
 {
 va_list va;
-TCGv_vec v0, v1, v2, t1;
+TCGv_vec v0, v1, v2, t1, t2, t3;
 TCGArg a2;
 
 va_start(va, a0);
@@ -3003,6 +3005,35 @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece,
 tcg_temp_free_vec(t1);
 break;
 
+case INDEX_op_rotlv_vec:
+t1 = tcg_temp_new_vec(type);
+t2 = tcg_constant_vec(type, vece, 8 << vece);
+tcg_gen_sub_vec(vece, t1, v2, t2);
+/* Right shifts are negative left shifts for AArch64.  */
+vec_gen_3(INDEX_op_arm_ushl_vec, type, vece, tcgv_vec_arg(t1),
+  tcgv_vec_arg(v1), tcgv_vec_arg(t1));
+vec_gen_3(INDEX_op_arm_ushl_vec, type, vece, tcgv_vec_arg(v0),
+  tcgv_vec_arg(v1), tcgv_vec_arg(v2));
+tcg_gen_or_vec(vece, v0, v0, t1);
+tcg_temp_free_vec(t1);
+break;
+
+case INDEX_op_rotrv_vec:
+t1 = tcg_temp_new_vec(type);
+t2 = tcg_temp_new_vec(type);
+t3 = tcg_constant_vec(type, vece, 8 << vece);
+tcg_gen_neg_vec(vece, t1, v2);
+tcg_gen_sub_vec(vece, t2, t3, v2);
+/* Right shifts are negative left shifts for AArch64.  */
+vec_gen_3(INDEX_op_arm_ushl_vec, type, vece, tcgv_vec_arg(t1),
+  tcgv_vec_arg(v1), tcgv_vec_arg(t1));
+vec_gen_3(INDEX_op_arm_ushl_vec, type, vece, tcgv_vec_arg(t2),
+  tcgv_vec_arg(v1), tcgv_vec_arg(t2));
+tcg_gen_or_vec(vece, v0, t1, t2);
+tcg_temp_free_vec(t1);
+tcg_temp_free_vec(t2);
+break;
+
 default:
 g_assert_not_reached();
 }
-- 
2.25.1

[PATCH 14/15] tcg/arm: Implement TCG_TARGET_HAS_roti_vec

[Richard Henderson]

Implement via expansion, so don't actually set TCG_TARGET_HAS_roti_vec.
For NEON, this is shift-right followed by shift-left-and-insert.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target-conset.h |  1 +
 tcg/arm/tcg-target.opc.h|  1 +
 tcg/arm/tcg-target.c.inc| 15 +++
 3 files changed, 17 insertions(+)

diff --git a/tcg/arm/tcg-target-conset.h b/tcg/arm/tcg-target-conset.h
index 30a5953621..efb63396de 100644
--- a/tcg/arm/tcg-target-conset.h
+++ b/tcg/arm/tcg-target-conset.h
@@ -25,6 +25,7 @@ C_O1_I2(r, r, rIK)
 C_O1_I2(r, r, rIN)
 C_O1_I2(r, r, ri)
 C_O1_I2(r, rZ, rZ)
+C_O1_I2(w, 0, w)
 C_O1_I2(w, w, w)
 C_O1_I2(w, w, wO)
 C_O1_I2(w, w, wV)
diff --git a/tcg/arm/tcg-target.opc.h b/tcg/arm/tcg-target.opc.h
index d19153dcb9..d38af9a808 100644
--- a/tcg/arm/tcg-target.opc.h
+++ b/tcg/arm/tcg-target.opc.h
@@ -11,5 +11,6 @@
  * consider these to be UNSPEC with names.
  */
 
+DEF(arm_sli_vec, 1, 2, 1, IMPLVEC)
 DEF(arm_sshl_vec, 1, 2, 0, IMPLVEC)
 DEF(arm_ushl_vec, 1, 2, 0, IMPLVEC)
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 2a664a750d..5cae6b2749 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -215,6 +215,7 @@ typedef enum {
 INSN_VSHLI = 0xf2800510,  /* VSHL (immediate) */
 INSN_VSARI = 0xf2800010,  /* VSHR.S */
 INSN_VSHRI = 0xf3800010,  /* VSHR.U */
+INSN_VSLI  = 0xf3800510,
 INSN_VSHL_S= 0xf2000400,  /* VSHL.S (register) */
 INSN_VSHL_U= 0xf3000400,  /* VSHL.U (register) */
 
@@ -2400,6 +2401,8 @@ static int tcg_target_op_def(TCGOpcode op)
 case INDEX_op_arm_sshl_vec:
 case INDEX_op_arm_ushl_vec:
 return C_O1_I2(w, w, w);
+case INDEX_op_arm_sli_vec:
+return C_O1_I2(w, 0, w);
 case INDEX_op_or_vec:
 case INDEX_op_andc_vec:
 return C_O1_I2(w, w, wO);
@@ -2815,6 +2818,9 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 case INDEX_op_sari_vec:
 tcg_out_vshifti(s, INSN_VSARI, q, a0, a1, (16 << vece) - a2);
 return;
+case INDEX_op_arm_sli_vec:
+tcg_out_vshifti(s, INSN_VSLI, q, a0, a2, args[3] + (8 << vece));
+return;
 
 case INDEX_op_andc_vec:
 if (!const_args[2]) {
@@ -2943,6 +2949,7 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 case INDEX_op_shlv_vec:
 case INDEX_op_shrv_vec:
 case INDEX_op_sarv_vec:
+case INDEX_op_rotli_vec:
 return -1;
 default:
 return 0;
@@ -2988,6 +2995,14 @@ void tcg_expand_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece,
 tcg_temp_free_vec(t1);
 break;
 
+case INDEX_op_rotli_vec:
+t1 = tcg_temp_new_vec(type);
+tcg_gen_shri_vec(vece, t1, v1, -a2 & ((8 << vece) - 1));
+vec_gen_4(INDEX_op_arm_sli_vec, type, vece,
+  tcgv_vec_arg(v0), tcgv_vec_arg(t1), tcgv_vec_arg(v1), a2);
+tcg_temp_free_vec(t1);
+break;
+
 default:
 g_assert_not_reached();
 }
-- 
2.25.1

[PATCH 13/15] tcg/arm: Implement TCG_TARGET_HAS_shv_vec

[Richard Henderson]

The three vector shift by vector operations are all implemented via
expansion.  Therefore do not actually set TCG_TARGET_HAS_shv_vec,
as none of shlv_vec, shrv_vec, sarv_vec may actually appear in the
instruction stream, and therefore also do not appear in tcg_target_op_def.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.opc.h |  3 ++
 tcg/arm/tcg-target.c.inc | 60 +++-
 2 files changed, 62 insertions(+), 1 deletion(-)

diff --git a/tcg/arm/tcg-target.opc.h b/tcg/arm/tcg-target.opc.h
index 7a4578e9b4..d19153dcb9 100644
--- a/tcg/arm/tcg-target.opc.h
+++ b/tcg/arm/tcg-target.opc.h
@@ -10,3 +10,6 @@
  * emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
  * consider these to be UNSPEC with names.
  */
+
+DEF(arm_sshl_vec, 1, 2, 0, IMPLVEC)
+DEF(arm_ushl_vec, 1, 2, 0, IMPLVEC)
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index aea3d2cf8f..2a664a750d 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -215,6 +215,8 @@ typedef enum {
 INSN_VSHLI = 0xf2800510,  /* VSHL (immediate) */
 INSN_VSARI = 0xf2800010,  /* VSHR.S */
 INSN_VSHRI = 0xf3800010,  /* VSHR.U */
+INSN_VSHL_S= 0xf2000400,  /* VSHL.S (register) */
+INSN_VSHL_U= 0xf3000400,  /* VSHL.U (register) */
 
 INSN_VBSL  = 0xf3100110,
 INSN_VBIT  = 0xf3200110,
@@ -2395,6 +2397,8 @@ static int tcg_target_op_def(TCGOpcode op)
 case INDEX_op_usadd_vec:
 case INDEX_op_ussub_vec:
 case INDEX_op_xor_vec:
+case INDEX_op_arm_sshl_vec:
+case INDEX_op_arm_ushl_vec:
 return C_O1_I2(w, w, w);
 case INDEX_op_or_vec:
 case INDEX_op_andc_vec:
@@ -2791,6 +2795,17 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 case INDEX_op_xor_vec:
 tcg_out_vreg3(s, INSN_VEOR, q, 0, a0, a1, a2);
 return;
+case INDEX_op_arm_sshl_vec:
+/*
+ * Note that Vm is the data and Vn is the shift count,
+ * therefore the arguments appear reversed.
+ */
+tcg_out_vreg3(s, INSN_VSHL_S, q, vece, a0, a2, a1);
+return;
+case INDEX_op_arm_ushl_vec:
+/* See above. */
+tcg_out_vreg3(s, INSN_VSHL_U, q, vece, a0, a2, a1);
+return;
 case INDEX_op_shli_vec:
 tcg_out_vshifti(s, INSN_VSHLI, q, a0, a1, a2 + (8 << vece));
 return;
@@ -2925,6 +2940,10 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 case INDEX_op_umax_vec:
 case INDEX_op_umin_vec:
 return vece < MO_64;
+case INDEX_op_shlv_vec:
+case INDEX_op_shrv_vec:
+case INDEX_op_sarv_vec:
+return -1;
 default:
 return 0;
 }
@@ -2933,7 +2952,46 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 void tcg_expand_vec_op(TCGOpcode opc, TCGType type, unsigned vece,
TCGArg a0, ...)
 {
-g_assert_not_reached();
+va_list va;
+TCGv_vec v0, v1, v2, t1;
+TCGArg a2;
+
+va_start(va, a0);
+v0 = temp_tcgv_vec(arg_temp(a0));
+v1 = temp_tcgv_vec(arg_temp(va_arg(va, TCGArg)));
+a2 = va_arg(va, TCGArg);
+v2 = temp_tcgv_vec(arg_temp(a2));
+
+switch (opc) {
+case INDEX_op_shlv_vec:
+/*
+ * Merely propagate shlv_vec to arm_ushl_vec.
+ * In this way we don't set TCG_TARGET_HAS_shv_vec
+ * because everything is done via expansion.
+ */
+vec_gen_3(INDEX_op_arm_ushl_vec, type, vece, tcgv_vec_arg(v0),
+  tcgv_vec_arg(v1), tcgv_vec_arg(v2));
+break;
+
+case INDEX_op_shrv_vec:
+case INDEX_op_sarv_vec:
+/* Right shifts are negative left shifts for NEON.  */
+t1 = tcg_temp_new_vec(type);
+tcg_gen_neg_vec(vece, t1, v2);
+if (opc == INDEX_op_shrv_vec) {
+opc = INDEX_op_arm_ushl_vec;
+} else {
+opc = INDEX_op_arm_sshl_vec;
+}
+vec_gen_3(opc, type, vece, tcgv_vec_arg(v0),
+  tcgv_vec_arg(v1), tcgv_vec_arg(t1));
+tcg_temp_free_vec(t1);
+break;
+
+default:
+g_assert_not_reached();
+}
+va_end(va);
 }
 
 static void tcg_out_nop_fill(tcg_insn_unit *p, int count)
-- 
2.25.1

[PATCH 12/15] tcg/arm: Implement TCG_TARGET_HAS_bitsel_vec

[Richard Henderson]

NEON has 3 instructions implementing this 4 argument operation,
with each insn overlapping a different logical input onto the
destination register.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target-conset.h |  1 +
 tcg/arm/tcg-target.h|  2 +-
 tcg/arm/tcg-target.c.inc| 22 --
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/tcg/arm/tcg-target-conset.h b/tcg/arm/tcg-target-conset.h
index f32bf44f8b..30a5953621 100644
--- a/tcg/arm/tcg-target-conset.h
+++ b/tcg/arm/tcg-target-conset.h
@@ -29,6 +29,7 @@ C_O1_I2(w, w, w)
 C_O1_I2(w, w, wO)
 C_O1_I2(w, w, wV)
 C_O1_I2(w, w, wZ)
+C_O1_I3(w, w, w, w)
 C_O1_I4(r, r, r, rI, rI)
 C_O1_I4(r, r, rIN, rIK, 0)
 C_O2_I1(r, r, l)
diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index e3c533f00f..7463be8f27 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -168,7 +168,7 @@ extern bool use_neon_instructions;
 #define TCG_TARGET_HAS_mul_vec  1
 #define TCG_TARGET_HAS_sat_vec  1
 #define TCG_TARGET_HAS_minmax_vec   1
-#define TCG_TARGET_HAS_bitsel_vec   0
+#define TCG_TARGET_HAS_bitsel_vec   1
 #define TCG_TARGET_HAS_cmpsel_vec   0
 
 #define TCG_TARGET_DEFAULT_MO (0)
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 6e17082df2..aea3d2cf8f 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -216,6 +216,10 @@ typedef enum {
 INSN_VSARI = 0xf2800010,  /* VSHR.S */
 INSN_VSHRI = 0xf3800010,  /* VSHR.U */
 
+INSN_VBSL  = 0xf3100110,
+INSN_VBIT  = 0xf3200110,
+INSN_VBIF  = 0xf3300110,
+
 INSN_VTST  = 0xf2000810,
 
 INSN_VDUP_G= 0xee800b10,  /* VDUP (ARM core register) */
@@ -2400,7 +2404,8 @@ static int tcg_target_op_def(TCGOpcode op)
 return C_O1_I2(w, w, wV);
 case INDEX_op_cmp_vec:
 return C_O1_I2(w, w, wZ);
-
+case INDEX_op_bitsel_vec:
+return C_O1_I3(w, w, w, w);
 default:
 g_assert_not_reached();
 }
@@ -2721,7 +2726,7 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 {
 TCGType type = vecl + TCG_TYPE_V64;
 unsigned q = vecl;
-TCGArg a0, a1, a2;
+TCGArg a0, a1, a2, a3;
 int cmode, imm8;
 
 a0 = args[0];
@@ -2872,6 +2877,18 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 }
 return;
 
+case INDEX_op_bitsel_vec:
+a3 = args[3];
+if (a0 == a3) {
+tcg_out_vreg3(s, INSN_VBIT, q, 0, a0, a2, a1);
+} else if (a0 == a2) {
+tcg_out_vreg3(s, INSN_VBIF, q, 0, a0, a3, a1);
+} else {
+tcg_out_mov(s, type, a0, a1);
+tcg_out_vreg3(s, INSN_VBSL, q, 0, a0, a2, a3);
+}
+return;
+
 case INDEX_op_mov_vec:  /* Always emitted via tcg_out_mov.  */
 case INDEX_op_dup_vec:  /* Always emitted via tcg_out_dup_vec.  */
 default:
@@ -2897,6 +2914,7 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 case INDEX_op_sssub_vec:
 case INDEX_op_usadd_vec:
 case INDEX_op_ussub_vec:
+case INDEX_op_bitsel_vec:
 return 1;
 case INDEX_op_abs_vec:
 case INDEX_op_cmp_vec:
-- 
2.25.1

[PATCH 11/15] tcg/arm: Implement TCG_TARGET_HAS_minmax_vec

[Richard Henderson]

This is minimum and maximu, signed and unsigned.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.h |  2 +-
 tcg/arm/tcg-target.c.inc | 24 
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index c41dea2b03..e3c533f00f 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -167,7 +167,7 @@ extern bool use_neon_instructions;
 #define TCG_TARGET_HAS_shv_vec  0
 #define TCG_TARGET_HAS_mul_vec  1
 #define TCG_TARGET_HAS_sat_vec  1
-#define TCG_TARGET_HAS_minmax_vec   0
+#define TCG_TARGET_HAS_minmax_vec   1
 #define TCG_TARGET_HAS_bitsel_vec   0
 #define TCG_TARGET_HAS_cmpsel_vec   0
 
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index a6d9ee929b..6e17082df2 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -191,6 +191,10 @@ typedef enum {
 INSN_VQADD_U   = 0xf310,
 INSN_VQSUB = 0xf2000210,
 INSN_VQSUB_U   = 0xf3000210,
+INSN_VMAX  = 0xf2000600,
+INSN_VMAX_U= 0xf3000600,
+INSN_VMIN  = 0xf2000610,
+INSN_VMIN_U= 0xf3000610,
 
 INSN_VABS  = 0xf3b10300,
 INSN_VMVN  = 0xf3b00580,
@@ -2377,9 +2381,13 @@ static int tcg_target_op_def(TCGOpcode op)
 case INDEX_op_dup2_vec:
 case INDEX_op_add_vec:
 case INDEX_op_mul_vec:
+case INDEX_op_smax_vec:
+case INDEX_op_smin_vec:
 case INDEX_op_ssadd_vec:
 case INDEX_op_sssub_vec:
 case INDEX_op_sub_vec:
+case INDEX_op_umax_vec:
+case INDEX_op_umin_vec:
 case INDEX_op_usadd_vec:
 case INDEX_op_ussub_vec:
 case INDEX_op_xor_vec:
@@ -2748,6 +2756,12 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 case INDEX_op_mul_vec:
 tcg_out_vreg3(s, INSN_VMUL, q, vece, a0, a1, a2);
 return;
+case INDEX_op_smax_vec:
+tcg_out_vreg3(s, INSN_VMAX, q, vece, a0, a1, a2);
+return;
+case INDEX_op_smin_vec:
+tcg_out_vreg3(s, INSN_VMIN, q, vece, a0, a1, a2);
+return;
 case INDEX_op_sub_vec:
 tcg_out_vreg3(s, INSN_VSUB, q, vece, a0, a1, a2);
 return;
@@ -2757,6 +2771,12 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 case INDEX_op_sssub_vec:
 tcg_out_vreg3(s, INSN_VQSUB, q, vece, a0, a1, a2);
 return;
+case INDEX_op_umax_vec:
+tcg_out_vreg3(s, INSN_VMAX_U, q, vece, a0, a1, a2);
+return;
+case INDEX_op_umin_vec:
+tcg_out_vreg3(s, INSN_VMIN_U, q, vece, a0, a1, a2);
+return;
 case INDEX_op_usadd_vec:
 tcg_out_vreg3(s, INSN_VQADD_U, q, vece, a0, a1, a2);
 return;
@@ -2882,6 +2902,10 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 case INDEX_op_cmp_vec:
 case INDEX_op_mul_vec:
 case INDEX_op_neg_vec:
+case INDEX_op_smax_vec:
+case INDEX_op_smin_vec:
+case INDEX_op_umax_vec:
+case INDEX_op_umin_vec:
 return vece < MO_64;
 default:
 return 0;
-- 
2.25.1

[PATCH 10/15] tcg/arm: Implement TCG_TARGET_HAS_sat_vec

[Richard Henderson]

This is saturating add and subtract, signed and unsigned.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.h |  2 +-
 tcg/arm/tcg-target.c.inc | 24 
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index 8e5b304a5a..c41dea2b03 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -166,7 +166,7 @@ extern bool use_neon_instructions;
 #define TCG_TARGET_HAS_shs_vec  0
 #define TCG_TARGET_HAS_shv_vec  0
 #define TCG_TARGET_HAS_mul_vec  1
-#define TCG_TARGET_HAS_sat_vec  0
+#define TCG_TARGET_HAS_sat_vec  1
 #define TCG_TARGET_HAS_minmax_vec   0
 #define TCG_TARGET_HAS_bitsel_vec   0
 #define TCG_TARGET_HAS_cmpsel_vec   0
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index d11efc553a..a6d9ee929b 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -187,6 +187,10 @@ typedef enum {
 INSN_VORR  = 0xf2200110,
 INSN_VSUB  = 0xf3000800,
 INSN_VMUL  = 0xf2000910,
+INSN_VQADD = 0xf210,
+INSN_VQADD_U   = 0xf310,
+INSN_VQSUB = 0xf2000210,
+INSN_VQSUB_U   = 0xf3000210,
 
 INSN_VABS  = 0xf3b10300,
 INSN_VMVN  = 0xf3b00580,
@@ -2373,7 +2377,11 @@ static int tcg_target_op_def(TCGOpcode op)
 case INDEX_op_dup2_vec:
 case INDEX_op_add_vec:
 case INDEX_op_mul_vec:
+case INDEX_op_ssadd_vec:
+case INDEX_op_sssub_vec:
 case INDEX_op_sub_vec:
+case INDEX_op_usadd_vec:
+case INDEX_op_ussub_vec:
 case INDEX_op_xor_vec:
 return C_O1_I2(w, w, w);
 case INDEX_op_or_vec:
@@ -2743,6 +2751,18 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 case INDEX_op_sub_vec:
 tcg_out_vreg3(s, INSN_VSUB, q, vece, a0, a1, a2);
 return;
+case INDEX_op_ssadd_vec:
+tcg_out_vreg3(s, INSN_VQADD, q, vece, a0, a1, a2);
+return;
+case INDEX_op_sssub_vec:
+tcg_out_vreg3(s, INSN_VQSUB, q, vece, a0, a1, a2);
+return;
+case INDEX_op_usadd_vec:
+tcg_out_vreg3(s, INSN_VQADD_U, q, vece, a0, a1, a2);
+return;
+case INDEX_op_ussub_vec:
+tcg_out_vreg3(s, INSN_VQSUB_U, q, vece, a0, a1, a2);
+return;
 case INDEX_op_xor_vec:
 tcg_out_vreg3(s, INSN_VEOR, q, 0, a0, a1, a2);
 return;
@@ -2853,6 +2873,10 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 case INDEX_op_shli_vec:
 case INDEX_op_shri_vec:
 case INDEX_op_sari_vec:
+case INDEX_op_ssadd_vec:
+case INDEX_op_sssub_vec:
+case INDEX_op_usadd_vec:
+case INDEX_op_ussub_vec:
 return 1;
 case INDEX_op_abs_vec:
 case INDEX_op_cmp_vec:
-- 
2.25.1

[PATCH 09/15] tcg/arm: Implement TCG_TARGET_HAS_mul_vec

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.h | 2 +-
 tcg/arm/tcg-target.c.inc | 6 ++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index 344b0d3199..8e5b304a5a 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -165,7 +165,7 @@ extern bool use_neon_instructions;
 #define TCG_TARGET_HAS_shi_vec  1
 #define TCG_TARGET_HAS_shs_vec  0
 #define TCG_TARGET_HAS_shv_vec  0
-#define TCG_TARGET_HAS_mul_vec  0
+#define TCG_TARGET_HAS_mul_vec  1
 #define TCG_TARGET_HAS_sat_vec  0
 #define TCG_TARGET_HAS_minmax_vec   0
 #define TCG_TARGET_HAS_bitsel_vec   0
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index f5d10e262a..d11efc553a 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -186,6 +186,7 @@ typedef enum {
 INSN_VORN  = 0xf2300110,
 INSN_VORR  = 0xf2200110,
 INSN_VSUB  = 0xf3000800,
+INSN_VMUL  = 0xf2000910,
 
 INSN_VABS  = 0xf3b10300,
 INSN_VMVN  = 0xf3b00580,
@@ -2371,6 +2372,7 @@ static int tcg_target_op_def(TCGOpcode op)
 return C_O1_I1(w, w);
 case INDEX_op_dup2_vec:
 case INDEX_op_add_vec:
+case INDEX_op_mul_vec:
 case INDEX_op_sub_vec:
 case INDEX_op_xor_vec:
 return C_O1_I2(w, w, w);
@@ -2735,6 +2737,9 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 case INDEX_op_add_vec:
 tcg_out_vreg3(s, INSN_VADD, q, vece, a0, a1, a2);
 return;
+case INDEX_op_mul_vec:
+tcg_out_vreg3(s, INSN_VMUL, q, vece, a0, a1, a2);
+return;
 case INDEX_op_sub_vec:
 tcg_out_vreg3(s, INSN_VSUB, q, vece, a0, a1, a2);
 return;
@@ -2851,6 +2856,7 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 return 1;
 case INDEX_op_abs_vec:
 case INDEX_op_cmp_vec:
+case INDEX_op_mul_vec:
 case INDEX_op_neg_vec:
 return vece < MO_64;
 default:
-- 
2.25.1

[PATCH 08/15] tcg/arm: Implement TCG_TARGET_HAS_shi_vec

[Richard Henderson]

This consists of the three immediate shifts: shli, shri, sari.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.h |  2 +-
 tcg/arm/tcg-target.c.inc | 27 +++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index bb9302c616..344b0d3199 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -162,7 +162,7 @@ extern bool use_neon_instructions;
 #define TCG_TARGET_HAS_roti_vec 0
 #define TCG_TARGET_HAS_rots_vec 0
 #define TCG_TARGET_HAS_rotv_vec 0
-#define TCG_TARGET_HAS_shi_vec  0
+#define TCG_TARGET_HAS_shi_vec  1
 #define TCG_TARGET_HAS_shs_vec  0
 #define TCG_TARGET_HAS_shv_vec  0
 #define TCG_TARGET_HAS_mul_vec  0
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 88814c6836..f5d10e262a 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -203,6 +203,10 @@ typedef enum {
 INSN_VCGE_U= 0xf3000310,
 INSN_VCGT_U= 0xf3000300,
 
+INSN_VSHLI = 0xf2800510,  /* VSHL (immediate) */
+INSN_VSARI = 0xf2800010,  /* VSHR.S */
+INSN_VSHRI = 0xf3800010,  /* VSHR.U */
+
 INSN_VTST  = 0xf2000810,
 
 INSN_VDUP_G= 0xee800b10,  /* VDUP (ARM core register) */
@@ -1298,6 +1302,14 @@ static void tcg_out_vmovi(TCGContext *s, TCGReg rd,
   | (extract32(imm8, 7, 1) << 24));
 }
 
+static void tcg_out_vshifti(TCGContext *s, ARMInsn insn, int q,
+TCGReg rd, TCGReg rm, int l_imm6)
+{
+tcg_out32(s, insn | (q << 6) | encode_vd(rd) | encode_vm(rm) |
+  (extract32(l_imm6, 6, 1) << 7) |
+  (extract32(l_imm6, 0, 6) << 16));
+}
+
 static void tcg_out_vldst(TCGContext *s, ARMInsn insn,
   TCGReg rd, TCGReg rn, int offset)
 {
@@ -2353,6 +2365,9 @@ static int tcg_target_op_def(TCGOpcode op)
 case INDEX_op_abs_vec:
 case INDEX_op_neg_vec:
 case INDEX_op_not_vec:
+case INDEX_op_shli_vec:
+case INDEX_op_shri_vec:
+case INDEX_op_sari_vec:
 return C_O1_I1(w, w);
 case INDEX_op_dup2_vec:
 case INDEX_op_add_vec:
@@ -2726,6 +2741,15 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 case INDEX_op_xor_vec:
 tcg_out_vreg3(s, INSN_VEOR, q, 0, a0, a1, a2);
 return;
+case INDEX_op_shli_vec:
+tcg_out_vshifti(s, INSN_VSHLI, q, a0, a1, a2 + (8 << vece));
+return;
+case INDEX_op_shri_vec:
+tcg_out_vshifti(s, INSN_VSHRI, q, a0, a1, (16 << vece) - a2);
+return;
+case INDEX_op_sari_vec:
+tcg_out_vshifti(s, INSN_VSARI, q, a0, a1, (16 << vece) - a2);
+return;
 
 case INDEX_op_andc_vec:
 if (!const_args[2]) {
@@ -2821,6 +2845,9 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 case INDEX_op_orc_vec:
 case INDEX_op_xor_vec:
 case INDEX_op_not_vec:
+case INDEX_op_shli_vec:
+case INDEX_op_shri_vec:
+case INDEX_op_sari_vec:
 return 1;
 case INDEX_op_abs_vec:
 case INDEX_op_cmp_vec:
-- 
2.25.1

[PATCH 04/15] tcg/arm: Implement tcg_out_dup*_vec

[Richard Henderson]

Most of dupi is copied from tcg/aarch64, which has the same
encoding for AdvSimdExpandImm.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.c.inc | 282 +--
 1 file changed, 274 insertions(+), 8 deletions(-)

diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index acc8f2c44a..6e9d72289a 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -176,9 +176,14 @@ typedef enum {
 /* Otherwise the assembler uses mov r0,r0 */
 INSN_NOP_v4= (COND_AL << 28) | ARITH_MOV,
 
+INSN_VDUP_G= 0xee800b10,  /* VDUP (ARM core register) */
+INSN_VDUP_S= 0xf3b00c00,  /* VDUP (scalar) */
+INSN_VLDR_D= 0xed100b00,  /* VLDR.64 */
 INSN_VLD1  = 0xf420,  /* VLD1 (multiple single elements) */
+INSN_VLD1R = 0xf4a00c00,  /* VLD1 (single element to all lanes) */
 INSN_VST1  = 0xf400,  /* VST1 (multiple single elements) */
 INSN_VMOV  = 0xf2200110,  /* VMOV (register) */
+INSN_VMOVI = 0xf2800010,  /* VMOV (immediate) */
 } ARMInsn;
 
 #define INSN_NOP   (use_armv7_instructions ? INSN_NOP_v6k : INSN_NOP_v4)
@@ -197,6 +202,14 @@ static const uint8_t tcg_cond_to_arm_cond[] = {
 [TCG_COND_GTU] = COND_HI,
 };
 
+static int encode_imm(uint32_t imm);
+
+/* TCG private relocation type: add with pc+imm8 */
+#define R_ARM_PC8  11
+
+/* TCG private relocation type: vldr with imm8 << 2 */
+#define R_ARM_PC11 12
+
 static inline bool reloc_pc24(tcg_insn_unit *code_ptr, tcg_insn_unit *target)
 {
 ptrdiff_t offset = (tcg_ptr_byte_diff(target, code_ptr) - 8) >> 2;
@@ -225,16 +238,51 @@ static inline bool reloc_pc13(tcg_insn_unit *code_ptr, 
tcg_insn_unit *target)
 return false;
 }
 
+static bool reloc_pc11(tcg_insn_unit *code_ptr, tcg_insn_unit *target)
+{
+ptrdiff_t offset = (tcg_ptr_byte_diff(target, code_ptr) - 8) / 4;
+
+if (offset >= -0xff && offset <= 0xff) {
+tcg_insn_unit insn = *code_ptr;
+bool u = (offset >= 0);
+if (!u) {
+offset = -offset;
+}
+insn = deposit32(insn, 23, 1, u);
+insn = deposit32(insn, 0, 8, offset);
+*code_ptr = insn;
+return true;
+}
+return false;
+}
+
+static bool reloc_pc8(tcg_insn_unit *code_ptr, tcg_insn_unit *target)
+{
+ptrdiff_t offset = tcg_ptr_byte_diff(target, code_ptr) - 8;
+int rot = encode_imm(offset);
+
+if (rot >= 0) {
+*code_ptr = deposit32(*code_ptr, 0, 12,
+  rol32(offset, rot) | (rot << 7));
+return true;
+}
+return false;
+}
+
 static bool patch_reloc(tcg_insn_unit *code_ptr, int type,
 intptr_t value, intptr_t addend)
 {
 tcg_debug_assert(addend == 0);
-
-if (type == R_ARM_PC24) {
+switch (type) {
+case R_ARM_PC24:
 return reloc_pc24(code_ptr, (tcg_insn_unit *)value);
-} else if (type == R_ARM_PC13) {
+case R_ARM_PC13:
 return reloc_pc13(code_ptr, (tcg_insn_unit *)value);
-} else {
+case R_ARM_PC11:
+return reloc_pc11(code_ptr, (tcg_insn_unit *)value);
+case R_ARM_PC8:
+return reloc_pc8(code_ptr, (tcg_insn_unit *)value);
+default:
 g_assert_not_reached();
 }
 }
@@ -251,7 +299,7 @@ static inline uint32_t rotl(uint32_t val, int n)
 
 /* ARM immediates for ALU instructions are made of an unsigned 8-bit
right-rotated by an even amount between 0 and 30. */
-static inline int encode_imm(uint32_t imm)
+static int encode_imm(uint32_t imm)
 {
 int shift;
 
@@ -278,6 +326,79 @@ static inline int check_fit_imm(uint32_t imm)
 return encode_imm(imm) >= 0;
 }
 
+/* Return true if v16 is a valid 16-bit shifted immediate.  */
+static bool is_shimm16(uint16_t v16, int *cmode, int *imm8)
+{
+if (v16 == (v16 & 0xff)) {
+*cmode = 0x8;
+*imm8 = v16 & 0xff;
+return true;
+} else if (v16 == (v16 & 0xff00)) {
+*cmode = 0xa;
+*imm8 = v16 >> 8;
+return true;
+}
+return false;
+}
+
+/* Return true if v32 is a valid 32-bit shifted immediate.  */
+static bool is_shimm32(uint32_t v32, int *cmode, int *imm8)
+{
+if (v32 == (v32 & 0xff)) {
+*cmode = 0x0;
+*imm8 = v32 & 0xff;
+return true;
+} else if (v32 == (v32 & 0xff00)) {
+*cmode = 0x2;
+*imm8 = (v32 >> 8) & 0xff;
+return true;
+} else if (v32 == (v32 & 0xff)) {
+*cmode = 0x4;
+*imm8 = (v32 >> 16) & 0xff;
+return true;
+} else if (v32 == (v32 & 0xff00)) {
+*cmode = 0x6;
+*imm8 = v32 >> 24;
+return true;
+}
+return false;
+}
+
+/* Return true if v32 is a valid 32-bit shifting ones immediate.  */
+static bool is_soimm32(uint32_t v32, int *cmode, int *imm8)
+{
+if ((v32 & 0x00ff) == 0xff) {
+*cmode = 0xc;
+*imm8 = (v32 >> 8) & 0xff;
+return true;
+} else if ((v32 & 0xff00) == 0x) {
+*cmode = 0xd;
+   

[PATCH 07/15] tcg/arm: Implement andc, orc, abs, neg, not vector operations

[Richard Henderson]

These logical and arithmetic operations are optional, but are
trivial to accomplish with the existing infrastructure.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target-conset.h |  1 +
 tcg/arm/tcg-target.h| 10 +-
 tcg/arm/tcg-target.c.inc| 38 +
 3 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/tcg/arm/tcg-target-conset.h b/tcg/arm/tcg-target-conset.h
index ffcac7c6aa..f32bf44f8b 100644
--- a/tcg/arm/tcg-target-conset.h
+++ b/tcg/arm/tcg-target-conset.h
@@ -15,6 +15,7 @@ C_O0_I4(s, s, s, s)
 C_O1_I1(r, l)
 C_O1_I1(r, r)
 C_O1_I1(w, r)
+C_O1_I1(w, w)
 C_O1_I1(w, wr)
 C_O1_I2(r, 0, rZ)
 C_O1_I2(r, l, l)
diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index d87493364f..bb9302c616 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -154,11 +154,11 @@ extern bool use_neon_instructions;
 #define TCG_TARGET_HAS_v128 use_neon_instructions
 #define TCG_TARGET_HAS_v256 0
 
-#define TCG_TARGET_HAS_andc_vec 0
-#define TCG_TARGET_HAS_orc_vec  0
-#define TCG_TARGET_HAS_not_vec  0
-#define TCG_TARGET_HAS_neg_vec  0
-#define TCG_TARGET_HAS_abs_vec  0
+#define TCG_TARGET_HAS_andc_vec 1
+#define TCG_TARGET_HAS_orc_vec  1
+#define TCG_TARGET_HAS_not_vec  1
+#define TCG_TARGET_HAS_neg_vec  1
+#define TCG_TARGET_HAS_abs_vec  1
 #define TCG_TARGET_HAS_roti_vec 0
 #define TCG_TARGET_HAS_rots_vec 0
 #define TCG_TARGET_HAS_rotv_vec 0
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 91243b641c..88814c6836 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -181,11 +181,15 @@ typedef enum {
 
 INSN_VADD  = 0xf2000800,
 INSN_VAND  = 0xf2000110,
+INSN_VBIC  = 0xf2100110,
 INSN_VEOR  = 0xf3000110,
+INSN_VORN  = 0xf2300110,
 INSN_VORR  = 0xf2200110,
 INSN_VSUB  = 0xf3000800,
 
+INSN_VABS  = 0xf3b10300,
 INSN_VMVN  = 0xf3b00580,
+INSN_VNEG  = 0xf3b10380,
 
 INSN_VCEQ0 = 0xf3b10100,
 INSN_VCGT0 = 0xf3b1,
@@ -2346,14 +2350,20 @@ static int tcg_target_op_def(TCGOpcode op)
 return C_O1_I1(w, r);
 case INDEX_op_dup_vec:
 return C_O1_I1(w, wr);
+case INDEX_op_abs_vec:
+case INDEX_op_neg_vec:
+case INDEX_op_not_vec:
+return C_O1_I1(w, w);
 case INDEX_op_dup2_vec:
 case INDEX_op_add_vec:
 case INDEX_op_sub_vec:
 case INDEX_op_xor_vec:
 return C_O1_I2(w, w, w);
 case INDEX_op_or_vec:
+case INDEX_op_andc_vec:
 return C_O1_I2(w, w, wO);
 case INDEX_op_and_vec:
+case INDEX_op_orc_vec:
 return C_O1_I2(w, w, wV);
 case INDEX_op_cmp_vec:
 return C_O1_I2(w, w, wZ);
@@ -2698,6 +2708,15 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 case INDEX_op_dup2_vec:
 tcg_out_dup2_vec(s, a0, a1, a2);
 return;
+case INDEX_op_abs_vec:
+tcg_out_vreg2(s, INSN_VABS, q, vece, a0, a1);
+return;
+case INDEX_op_neg_vec:
+tcg_out_vreg2(s, INSN_VNEG, q, vece, a0, a1);
+return;
+case INDEX_op_not_vec:
+tcg_out_vreg2(s, INSN_VMVN, q, 0, a0, a1);
+return;
 case INDEX_op_add_vec:
 tcg_out_vreg3(s, INSN_VADD, q, vece, a0, a1, a2);
 return;
@@ -2708,6 +2727,13 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 tcg_out_vreg3(s, INSN_VEOR, q, 0, a0, a1, a2);
 return;
 
+case INDEX_op_andc_vec:
+if (!const_args[2]) {
+tcg_out_vreg3(s, INSN_VBIC, q, 0, a0, a1, a2);
+return;
+}
+a2 = ~a2;
+/* fall through */
 case INDEX_op_and_vec:
 if (const_args[2]) {
 is_shimm1632(~a2, &cmode, &imm8);
@@ -2721,6 +2747,13 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
 tcg_out_vreg3(s, INSN_VAND, q, 0, a0, a1, a2);
 return;
 
+case INDEX_op_orc_vec:
+if (!const_args[2]) {
+tcg_out_vreg3(s, INSN_VORN, q, 0, a0, a1, a2);
+return;
+}
+a2 = ~a2;
+/* fall through */
 case INDEX_op_or_vec:
 if (const_args[2]) {
 is_shimm1632(a2, &cmode, &imm8);
@@ -2783,10 +2816,15 @@ int tcg_can_emit_vec_op(TCGOpcode opc, TCGType type, 
unsigned vece)
 case INDEX_op_add_vec:
 case INDEX_op_sub_vec:
 case INDEX_op_and_vec:
+case INDEX_op_andc_vec:
 case INDEX_op_or_vec:
+case INDEX_op_orc_vec:
 case INDEX_op_xor_vec:
+case INDEX_op_not_vec:
 return 1;
+case INDEX_op_abs_vec:
 case INDEX_op_cmp_vec:
+case INDEX_op_neg_vec:
 return vece < MO_64;
 default:
 return 0;
-- 
2.25.1

[PATCH 06/15] tcg/arm: Implement minimal vector operations

[Richard Henderson]

Implementing dup2, add, sub, and, or, xor as the minimal set.
This allows us to actually enable neon in the header file.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target-conset.h |   3 +
 tcg/arm/tcg-target-constr.h |   2 +
 tcg/arm/tcg-target.h|   6 +-
 tcg/arm/tcg-target.c.inc| 203 ++--
 4 files changed, 206 insertions(+), 8 deletions(-)

diff --git a/tcg/arm/tcg-target-conset.h b/tcg/arm/tcg-target-conset.h
index dbcae51c4b..ffcac7c6aa 100644
--- a/tcg/arm/tcg-target-conset.h
+++ b/tcg/arm/tcg-target-conset.h
@@ -25,6 +25,9 @@ C_O1_I2(r, r, rIN)
 C_O1_I2(r, r, ri)
 C_O1_I2(r, rZ, rZ)
 C_O1_I2(w, w, w)
+C_O1_I2(w, w, wO)
+C_O1_I2(w, w, wV)
+C_O1_I2(w, w, wZ)
 C_O1_I4(r, r, r, rI, rI)
 C_O1_I4(r, r, rIN, rIK, 0)
 C_O2_I1(r, r, l)
diff --git a/tcg/arm/tcg-target-constr.h b/tcg/arm/tcg-target-constr.h
index 5f2780decd..f2c8f3dfce 100644
--- a/tcg/arm/tcg-target-constr.h
+++ b/tcg/arm/tcg-target-constr.h
@@ -29,4 +29,6 @@ REGS('w', 0xu)
 CONST('I', TCG_CT_CONST_ARM)
 CONST('K', TCG_CT_CONST_INV)
 CONST('N', TCG_CT_CONST_NEG)
+CONST('O', TCG_CT_CONST_ORRI)
+CONST('V', TCG_CT_CONST_ANDI)
 CONST('Z', TCG_CT_CONST_ZERO)
diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index b40419971e..d87493364f 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -107,7 +107,11 @@ typedef enum {
 #else
 extern bool use_idiv_instructions;
 #endif
-#define use_neon_instructions  0
+#ifdef __ARM_NEON__
+#define use_neon_instructions  1
+#else
+extern bool use_neon_instructions;
+#endif
 
 /* used for function call generation */
 #define TCG_TARGET_STACK_ALIGN 8
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 3eb4456dce..91243b641c 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -30,6 +30,9 @@ int arm_arch = __ARM_ARCH;
 #ifndef use_idiv_instructions
 bool use_idiv_instructions;
 #endif
+#ifndef use_neon_instructions
+bool use_neon_instructions;
+#endif
 
 /* ??? Ought to think about changing CONFIG_SOFTMMU to always defined.  */
 #ifdef CONFIG_SOFTMMU
@@ -176,6 +179,28 @@ typedef enum {
 /* Otherwise the assembler uses mov r0,r0 */
 INSN_NOP_v4= (COND_AL << 28) | ARITH_MOV,
 
+INSN_VADD  = 0xf2000800,
+INSN_VAND  = 0xf2000110,
+INSN_VEOR  = 0xf3000110,
+INSN_VORR  = 0xf2200110,
+INSN_VSUB  = 0xf3000800,
+
+INSN_VMVN  = 0xf3b00580,
+
+INSN_VCEQ0 = 0xf3b10100,
+INSN_VCGT0 = 0xf3b1,
+INSN_VCGE0 = 0xf3b10080,
+INSN_VCLE0 = 0xf3b10180,
+INSN_VCLT0 = 0xf3b10200,
+
+INSN_VCEQ  = 0xf3000810,
+INSN_VCGE  = 0xf2000310,
+INSN_VCGT  = 0xf2000300,
+INSN_VCGE_U= 0xf3000310,
+INSN_VCGT_U= 0xf3000300,
+
+INSN_VTST  = 0xf2000810,
+
 INSN_VDUP_G= 0xee800b10,  /* VDUP (ARM core register) */
 INSN_VDUP_S= 0xf3b00c00,  /* VDUP (scalar) */
 INSN_VLDR_D= 0xed100b00,  /* VLDR.64 */
@@ -291,6 +316,8 @@ static bool patch_reloc(tcg_insn_unit *code_ptr, int type,
 #define TCG_CT_CONST_INV  0x200
 #define TCG_CT_CONST_NEG  0x400
 #define TCG_CT_CONST_ZERO 0x800
+#define TCG_CT_CONST_ORRI 0x1000
+#define TCG_CT_CONST_ANDI 0x2000
 
 static inline uint32_t rotl(uint32_t val, int n)
 {
@@ -399,6 +426,16 @@ static int is_shimm32_pair(uint32_t v32, int *cmode, int 
*imm8)
 return i;
 }
 
+/* Return true if V is a valid 16-bit or 32-bit shifted immediate.  */
+static bool is_shimm1632(uint32_t v32, int *cmode, int *imm8)
+{
+if (v32 == deposit32(v32, 16, 16, v32)) {
+return is_shimm16(v32, cmode, imm8);
+} else {
+return is_shimm32(v32, cmode, imm8);
+}
+}
+
 /* Test if a constant matches the constraint.
  * TODO: define constraints for:
  *
@@ -419,9 +456,26 @@ static bool tcg_target_const_match(int64_t val, TCGType 
type, int ct)
 return 1;
 } else if ((ct & TCG_CT_CONST_ZERO) && val == 0) {
 return 1;
-} else {
-return 0;
 }
+
+switch (ct & (TCG_CT_CONST_ORRI | TCG_CT_CONST_ANDI)) {
+case 0:
+break;
+case TCG_CT_CONST_ANDI:
+val = ~val;
+/* fallthru */
+case TCG_CT_CONST_ORRI:
+if (val == deposit64(val, 32, 32, val)) {
+int cmode, imm8;
+return is_shimm1632(val, &cmode, &imm8);
+}
+break;
+default:
+/* Both bits should not be set for the same insn.  */
+g_assert_not_reached();
+}
+
+return 0;
 }
 
 static inline void tcg_out_b(TCGContext *s, int cond, int32_t offset)
@@ -1217,6 +1271,13 @@ static uint32_t encode_vm(TCGReg rm)
 return (extract32(rm, 3, 1) << 5) | (extract32(rm, 0, 3) << 1);
 }
 
+static void tcg_out_vreg2(TCGContext *s, ARMInsn insn, int q, int vece,
+  TCGReg d, TCGReg m)
+{
+tcg_out32(s, insn | (vece << 18) | (q << 6) |
+  encode_vd(d) | encode_vm(m));
+}
+
 static void tcg_out_vreg3(TCGContext *s, ARMInsn insn, in

[PATCH 03/15] tcg/arm: Implement tcg_out_mov for vector types

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.c.inc | 50 +++-
 1 file changed, 44 insertions(+), 6 deletions(-)

diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 7122d5f390..acc8f2c44a 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -178,6 +178,7 @@ typedef enum {
 
 INSN_VLD1  = 0xf420,  /* VLD1 (multiple single elements) */
 INSN_VST1  = 0xf400,  /* VST1 (multiple single elements) */
+INSN_VMOV  = 0xf2200110,  /* VMOV (register) */
 } ARMInsn;
 
 #define INSN_NOP   (use_armv7_instructions ? INSN_NOP_v6k : INSN_NOP_v4)
@@ -1086,6 +1087,25 @@ static uint32_t encode_vd(TCGReg rd)
 return (extract32(rd, 3, 1) << 22) | (extract32(rd, 0, 3) << 13);
 }
 
+static uint32_t encode_vn(TCGReg rn)
+{
+tcg_debug_assert(rn >= TCG_REG_Q0);
+return (extract32(rn, 3, 1) << 7) | (extract32(rn, 0, 3) << 17);
+}
+
+static uint32_t encode_vm(TCGReg rm)
+{
+tcg_debug_assert(rm >= TCG_REG_Q0);
+return (extract32(rm, 3, 1) << 5) | (extract32(rm, 0, 3) << 1);
+}
+
+static void tcg_out_vreg3(TCGContext *s, ARMInsn insn, int q, int vece,
+  TCGReg d, TCGReg n, TCGReg m)
+{
+tcg_out32(s, insn | (vece << 20) | (q << 6) |
+  encode_vd(d) | encode_vn(n) | encode_vm(m));
+}
+
 static void tcg_out_vldst(TCGContext *s, ARMInsn insn,
   TCGReg rd, TCGReg rn, int offset)
 {
@@ -2260,16 +2280,34 @@ static inline bool tcg_out_sti(TCGContext *s, TCGType 
type, TCGArg val,
 return false;
 }
 
-static inline bool tcg_out_mov(TCGContext *s, TCGType type,
-   TCGReg ret, TCGReg arg)
+static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg)
 {
-tcg_out_mov_reg(s, COND_AL, ret, arg);
-return true;
+if (ret == arg) {
+return true;
+}
+switch (type) {
+case TCG_TYPE_I32:
+if (ret < TCG_REG_Q0 && arg < TCG_REG_Q0) {
+tcg_out_mov_reg(s, COND_AL, ret, arg);
+return true;
+}
+return false;
+
+case TCG_TYPE_V64:
+case TCG_TYPE_V128:
+tcg_out_vreg3(s, INSN_VMOV, type - TCG_TYPE_V64, 0, ret, arg, arg);
+return true;
+
+default:
+g_assert_not_reached();
+}
 }
 
-static inline void tcg_out_movi(TCGContext *s, TCGType type,
-TCGReg ret, tcg_target_long arg)
+static void tcg_out_movi(TCGContext *s, TCGType type,
+ TCGReg ret, tcg_target_long arg)
 {
+tcg_debug_assert(type == TCG_TYPE_I32);
+tcg_debug_assert(ret < TCG_REG_Q0);
 tcg_out_movi32(s, COND_AL, ret, arg);
 }
 
-- 
2.25.1

[PATCH 01/15] tcg/arm: Add host vector framework

[Richard Henderson]

Add registers and function stubs.  The functionality
is disabled via use_neon_instructions defined to 0.

We must still include results for the mandatory opcodes in
tcg_target_op_def, as all opcodes are checked during tcg init.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target-conset.h |   4 ++
 tcg/arm/tcg-target-constr.h |   1 +
 tcg/arm/tcg-target.h|  48 --
 tcg/arm/tcg-target.opc.h|  12 
 tcg/arm/tcg-target.c.inc| 121 +++-
 5 files changed, 163 insertions(+), 23 deletions(-)
 create mode 100644 tcg/arm/tcg-target.opc.h

diff --git a/tcg/arm/tcg-target-conset.h b/tcg/arm/tcg-target-conset.h
index 7e972e70e0..dbcae51c4b 100644
--- a/tcg/arm/tcg-target-conset.h
+++ b/tcg/arm/tcg-target-conset.h
@@ -8,11 +8,14 @@ C_O0_I1(r)
 C_O0_I2(r, r)
 C_O0_I2(r, rIN)
 C_O0_I2(s, s)
+C_O0_I2(w, r)
 C_O0_I3(s, s, s)
 C_O0_I4(r, r, rI, rI)
 C_O0_I4(s, s, s, s)
 C_O1_I1(r, l)
 C_O1_I1(r, r)
+C_O1_I1(w, r)
+C_O1_I1(w, wr)
 C_O1_I2(r, 0, rZ)
 C_O1_I2(r, l, l)
 C_O1_I2(r, r, r)
@@ -21,6 +24,7 @@ C_O1_I2(r, r, rIK)
 C_O1_I2(r, r, rIN)
 C_O1_I2(r, r, ri)
 C_O1_I2(r, rZ, rZ)
+C_O1_I2(w, w, w)
 C_O1_I4(r, r, r, rI, rI)
 C_O1_I4(r, r, rIN, rIK, 0)
 C_O2_I1(r, r, l)
diff --git a/tcg/arm/tcg-target-constr.h b/tcg/arm/tcg-target-constr.h
index 15c5e53406..5f2780decd 100644
--- a/tcg/arm/tcg-target-constr.h
+++ b/tcg/arm/tcg-target-constr.h
@@ -24,6 +24,7 @@
 REGS('r', ALL_GENERAL_REGS)
 REGS('l', ALL_QLOAD_REGS)
 REGS('s', ALL_QSTORE_REGS)
+REGS('w', 0xu)
 
 CONST('I', TCG_CT_CONST_ARM)
 CONST('K', TCG_CT_CONST_INV)
diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index 17e771374d..b40419971e 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -78,19 +78,38 @@ typedef enum {
 TCG_REG_R13,
 TCG_REG_R14,
 TCG_REG_PC,
+
+TCG_REG_Q0,
+TCG_REG_Q1,
+TCG_REG_Q2,
+TCG_REG_Q3,
+TCG_REG_Q4,
+TCG_REG_Q5,
+TCG_REG_Q6,
+TCG_REG_Q7,
+TCG_REG_Q8,
+TCG_REG_Q9,
+TCG_REG_Q10,
+TCG_REG_Q11,
+TCG_REG_Q12,
+TCG_REG_Q13,
+TCG_REG_Q14,
+TCG_REG_Q15,
+
+TCG_AREG0 = TCG_REG_R6,
+TCG_REG_CALL_STACK = TCG_REG_R13,
 } TCGReg;
 
-#define TCG_TARGET_NB_REGS 16
+#define TCG_TARGET_NB_REGS 32
 
 #ifdef __ARM_ARCH_EXT_IDIV__
 #define use_idiv_instructions  1
 #else
 extern bool use_idiv_instructions;
 #endif
-
+#define use_neon_instructions  0
 
 /* used for function call generation */
-#define TCG_REG_CALL_STACK TCG_REG_R13
 #define TCG_TARGET_STACK_ALIGN 8
 #define TCG_TARGET_CALL_ALIGN_ARGS 1
 #define TCG_TARGET_CALL_STACK_OFFSET   0
@@ -127,9 +146,26 @@ extern bool use_idiv_instructions;
 #define TCG_TARGET_HAS_goto_ptr 1
 #define TCG_TARGET_HAS_direct_jump  0
 
-enum {
-TCG_AREG0 = TCG_REG_R6,
-};
+#define TCG_TARGET_HAS_v64  use_neon_instructions
+#define TCG_TARGET_HAS_v128 use_neon_instructions
+#define TCG_TARGET_HAS_v256 0
+
+#define TCG_TARGET_HAS_andc_vec 0
+#define TCG_TARGET_HAS_orc_vec  0
+#define TCG_TARGET_HAS_not_vec  0
+#define TCG_TARGET_HAS_neg_vec  0
+#define TCG_TARGET_HAS_abs_vec  0
+#define TCG_TARGET_HAS_roti_vec 0
+#define TCG_TARGET_HAS_rots_vec 0
+#define TCG_TARGET_HAS_rotv_vec 0
+#define TCG_TARGET_HAS_shi_vec  0
+#define TCG_TARGET_HAS_shs_vec  0
+#define TCG_TARGET_HAS_shv_vec  0
+#define TCG_TARGET_HAS_mul_vec  0
+#define TCG_TARGET_HAS_sat_vec  0
+#define TCG_TARGET_HAS_minmax_vec   0
+#define TCG_TARGET_HAS_bitsel_vec   0
+#define TCG_TARGET_HAS_cmpsel_vec   0
 
 #define TCG_TARGET_DEFAULT_MO (0)
 #define TCG_TARGET_HAS_MEMORY_BSWAP 1
diff --git a/tcg/arm/tcg-target.opc.h b/tcg/arm/tcg-target.opc.h
new file mode 100644
index 00..7a4578e9b4
--- /dev/null
+++ b/tcg/arm/tcg-target.opc.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright (c) 2019 Linaro
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.
+ *
+ * See the COPYING file in the top-level directory for details.
+ *
+ * Target-specific opcodes for host vector expansion.  These will be
+ * emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
+ * consider these to be UNSPEC with names.
+ */
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 28a31d5339..48966da12f 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -40,22 +40,10 @@ bool use_idiv_instructions;
 
 #ifdef CONFIG_DEBUG_TCG
 static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
-"%r0",
-"%r1",
-"%r2",
-"%r3",
-"%r4",
-"%r5",
-"%r6",
-"%r7",
-"%r8",
-"%r9",
-"%r10",
-"%r11",
-"%r12",
-"%r13",
-"%r14",
-"%pc",
+"%r0",  "%r1",  "%r2",  "%r3",  "%r4",  "%r5",  "%r6",  "%r7",
+"%r8",  "%r9",  "%r10", "%r11", "%r12", "%sp",  "%r14", "%pc",
+"%q0"

[PATCH 05/15] tcg: Change parameters for tcg_target_const_match

[Richard Henderson]

Change the return value to bool, because that's what is should
have been from the start.  Pass the ct mask instead of the whole
TCGArgConstraint, as that's the only part that's relevant.

Change the value argument to int64_t.  We will need the extra
width for 32-bit hosts wanting to match vector constants.

Signed-off-by: Richard Henderson 
---
 tcg/tcg.c| 5 ++---
 tcg/aarch64/tcg-target.c.inc | 5 +
 tcg/arm/tcg-target.c.inc | 5 +
 tcg/i386/tcg-target.c.inc| 4 +---
 tcg/mips/tcg-target.c.inc| 5 +
 tcg/ppc/tcg-target.c.inc | 4 +---
 tcg/riscv/tcg-target.c.inc   | 4 +---
 tcg/s390/tcg-target.c.inc| 5 +
 tcg/sparc/tcg-target.c.inc   | 5 +
 tcg/tci/tcg-target.c.inc | 6 ++
 10 files changed, 12 insertions(+), 36 deletions(-)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index 3c0e494a08..73d22ecb26 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -147,8 +147,7 @@ static void tcg_out_st(TCGContext *s, TCGType type, TCGReg 
arg, TCGReg arg1,
 static bool tcg_out_sti(TCGContext *s, TCGType type, TCGArg val,
 TCGReg base, intptr_t ofs);
 static void tcg_out_call(TCGContext *s, tcg_insn_unit *target);
-static int tcg_target_const_match(tcg_target_long val, TCGType type,
-  const TCGArgConstraint *arg_ct);
+static bool tcg_target_const_match(int64_t val, TCGType type, int ct);
 #ifdef TCG_TARGET_NEED_LDST_LABELS
 static int tcg_out_ldst_finalize(TCGContext *s);
 #endif
@@ -4000,7 +3999,7 @@ static void tcg_reg_alloc_op(TCGContext *s, const TCGOp 
*op)
 ts = arg_temp(arg);
 
 if (ts->val_type == TEMP_VAL_CONST
-&& tcg_target_const_match(ts->val, ts->type, arg_ct)) {
+&& tcg_target_const_match(ts->val, ts->type, arg_ct->ct)) {
 /* constant is OK for instruction */
 const_args[i] = 1;
 new_args[i] = ts->val;
diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
index e52db4a881..84971a285f 100644
--- a/tcg/aarch64/tcg-target.c.inc
+++ b/tcg/aarch64/tcg-target.c.inc
@@ -262,11 +262,8 @@ static bool is_shimm1632(uint32_t v32, int *cmode, int 
*imm8)
 }
 }
 
-static int tcg_target_const_match(tcg_target_long val, TCGType type,
-  const TCGArgConstraint *arg_ct)
+static bool tcg_target_const_match(int64_t val, TCGType type, int ct)
 {
-int ct = arg_ct->ct;
-
 if (ct & TCG_CT_CONST) {
 return 1;
 }
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 6e9d72289a..3eb4456dce 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -407,11 +407,8 @@ static int is_shimm32_pair(uint32_t v32, int *cmode, int 
*imm8)
  * mov operand2: values represented with x << (2 * y), x < 0x100
  * add, sub, eor...: ditto
  */
-static inline int tcg_target_const_match(tcg_target_long val, TCGType type,
- const TCGArgConstraint *arg_ct)
+static bool tcg_target_const_match(int64_t val, TCGType type, int ct)
 {
-int ct;
-ct = arg_ct->ct;
 if (ct & TCG_CT_CONST) {
 return 1;
 } else if ((ct & TCG_CT_CONST_ARM) && check_fit_imm(val)) {
diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
index 9c16c5cc70..96a296d92e 100644
--- a/tcg/i386/tcg-target.c.inc
+++ b/tcg/i386/tcg-target.c.inc
@@ -206,10 +206,8 @@ static bool patch_reloc(tcg_insn_unit *code_ptr, int type,
 #endif
 
 /* test if a constant matches the constraint */
-static inline int tcg_target_const_match(tcg_target_long val, TCGType type,
- const TCGArgConstraint *arg_ct)
+static bool tcg_target_const_match(int64_t val, TCGType type, int ct)
 {
-int ct = arg_ct->ct;
 if (ct & TCG_CT_CONST) {
 return 1;
 }
diff --git a/tcg/mips/tcg-target.c.inc b/tcg/mips/tcg-target.c.inc
index 3542fce752..8fb2d4f422 100644
--- a/tcg/mips/tcg-target.c.inc
+++ b/tcg/mips/tcg-target.c.inc
@@ -190,11 +190,8 @@ static inline bool is_p2m1(tcg_target_long val)
 }
 
 /* test if a constant matches the constraint */
-static inline int tcg_target_const_match(tcg_target_long val, TCGType type,
- const TCGArgConstraint *arg_ct)
+static bool tcg_target_const_match(int64_t val, TCGType type, int ct)
 {
-int ct;
-ct = arg_ct->ct;
 if (ct & TCG_CT_CONST) {
 return 1;
 } else if ((ct & TCG_CT_CONST_ZERO) && val == 0) {
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index 238743f135..aded09315d 100644
--- a/tcg/ppc/tcg-target.c.inc
+++ b/tcg/ppc/tcg-target.c.inc
@@ -219,10 +219,8 @@ static bool reloc_pc14(tcg_insn_unit *pc, tcg_insn_unit 
*target)
 }
 
 /* test if a constant matches the constraint */
-static int tcg_target_const_match(tcg_target_long val, TCGType type,
-  const TCGArgConstraint *arg_ct)
+static bool tcg_target_const_match(int64_t val, TCGType type, int ct)
 {
-int ct =

[PATCH 00/15] tcg/arm: host neon support

[Richard Henderson]

Based-on: 20201217145215.534637-1-richard.hender...@linaro.org
("tcg: Better handling of constants")
Based-on: 20201223060204.576856-1-richard.hender...@linaro.org
("tcg: backend constraints cleanup")

Generate NEON instructions for tcg vector operations.


r~


Richard Henderson (15):
  tcg/arm: Add host vector framework
  tcg/arm: Implement tcg_out_ld/st for vector types
  tcg/arm: Implement tcg_out_mov for vector types
  tcg/arm: Implement tcg_out_dup*_vec
  tcg: Change parameters for tcg_target_const_match
  tcg/arm: Implement minimal vector operations
  tcg/arm: Implement andc, orc, abs, neg, not vector operations
  tcg/arm: Implement TCG_TARGET_HAS_shi_vec
  tcg/arm: Implement TCG_TARGET_HAS_mul_vec
  tcg/arm: Implement TCG_TARGET_HAS_sat_vec
  tcg/arm: Implement TCG_TARGET_HAS_minmax_vec
  tcg/arm: Implement TCG_TARGET_HAS_bitsel_vec
  tcg/arm: Implement TCG_TARGET_HAS_shv_vec
  tcg/arm: Implement TCG_TARGET_HAS_roti_vec
  tcg/arm: Implement TCG_TARGET_HAS_rotv_vec

 tcg/arm/tcg-target-conset.h  |  10 +
 tcg/arm/tcg-target-constr.h  |   3 +
 tcg/arm/tcg-target.h |  52 +-
 tcg/arm/tcg-target.opc.h |  16 +
 tcg/tcg.c|   5 +-
 tcg/aarch64/tcg-target.c.inc |   5 +-
 tcg/arm/tcg-target.c.inc | 956 +--
 tcg/i386/tcg-target.c.inc|   4 +-
 tcg/mips/tcg-target.c.inc|   5 +-
 tcg/ppc/tcg-target.c.inc |   4 +-
 tcg/riscv/tcg-target.c.inc   |   4 +-
 tcg/s390/tcg-target.c.inc|   5 +-
 tcg/sparc/tcg-target.c.inc   |   5 +-
 tcg/tci/tcg-target.c.inc |   6 +-
 14 files changed, 1002 insertions(+), 78 deletions(-)
 create mode 100644 tcg/arm/tcg-target.opc.h

-- 
2.25.1

[PATCH 02/15] tcg/arm: Implement tcg_out_ld/st for vector types

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.c.inc | 70 
 1 file changed, 64 insertions(+), 6 deletions(-)

diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 48966da12f..7122d5f390 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -175,6 +175,9 @@ typedef enum {
 INSN_NOP_v6k   = 0xe320f000,
 /* Otherwise the assembler uses mov r0,r0 */
 INSN_NOP_v4= (COND_AL << 28) | ARITH_MOV,
+
+INSN_VLD1  = 0xf420,  /* VLD1 (multiple single elements) */
+INSN_VST1  = 0xf400,  /* VST1 (multiple single elements) */
 } ARMInsn;
 
 #define INSN_NOP   (use_armv7_instructions ? INSN_NOP_v6k : INSN_NOP_v4)
@@ -1073,6 +1076,33 @@ static TCGCond tcg_out_cmp2(TCGContext *s, const TCGArg 
*args,
 }
 }
 
+/*
+ * Note that TCGReg references Q-registers.
+ * Q-regno = 2 * D-regno, so shift left by 1 whlie inserting.
+ */
+static uint32_t encode_vd(TCGReg rd)
+{
+tcg_debug_assert(rd >= TCG_REG_Q0);
+return (extract32(rd, 3, 1) << 22) | (extract32(rd, 0, 3) << 13);
+}
+
+static void tcg_out_vldst(TCGContext *s, ARMInsn insn,
+  TCGReg rd, TCGReg rn, int offset)
+{
+if (offset != 0) {
+if (check_fit_imm(offset) || check_fit_imm(-offset)) {
+tcg_out_dat_rIN(s, COND_AL, ARITH_ADD, ARITH_SUB,
+TCG_REG_TMP, rn, offset, true);
+} else {
+tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_TMP, offset);
+tcg_out_dat_reg(s, COND_AL, ARITH_ADD,
+TCG_REG_TMP, TCG_REG_TMP, rn, 0);
+}
+rn = TCG_REG_TMP;
+}
+tcg_out32(s, insn | (rn << 16) | encode_vd(rd) | 0xf);
+}
+
 #ifdef CONFIG_SOFTMMU
 #include "../tcg-ldst.c.inc"
 
@@ -2184,16 +2214,44 @@ static void tcg_target_init(TCGContext *s)
 tcg_regset_set_reg(s->reserved_regs, TCG_VEC_TMP);
 }
 
-static inline void tcg_out_ld(TCGContext *s, TCGType type, TCGReg arg,
-  TCGReg arg1, intptr_t arg2)
+static void tcg_out_ld(TCGContext *s, TCGType type, TCGReg arg,
+   TCGReg arg1, intptr_t arg2)
 {
-tcg_out_ld32u(s, COND_AL, arg, arg1, arg2);
+switch (type) {
+case TCG_TYPE_I32:
+tcg_out_ld32u(s, COND_AL, arg, arg1, arg2);
+return;
+case TCG_TYPE_V64:
+/* regs 1; size 8; align 8 */
+tcg_out_vldst(s, INSN_VLD1 | 0x7d0, arg, arg1, arg2);
+return;
+case TCG_TYPE_V128:
+/* regs 2; size 8; align 16 */
+tcg_out_vldst(s, INSN_VLD1 | 0xae0, arg, arg1, arg2);
+return;
+default:
+g_assert_not_reached();
+}
 }
 
-static inline void tcg_out_st(TCGContext *s, TCGType type, TCGReg arg,
-  TCGReg arg1, intptr_t arg2)
+static void tcg_out_st(TCGContext *s, TCGType type, TCGReg arg,
+   TCGReg arg1, intptr_t arg2)
 {
-tcg_out_st32(s, COND_AL, arg, arg1, arg2);
+switch (type) {
+case TCG_TYPE_I32:
+tcg_out_st32(s, COND_AL, arg, arg1, arg2);
+return;
+case TCG_TYPE_V64:
+/* regs 1; size 8; align 8 */
+tcg_out_vldst(s, INSN_VST1 | 0x7d0, arg, arg1, arg2);
+return;
+case TCG_TYPE_V128:
+/* regs 2; size 8; align 16 */
+tcg_out_vldst(s, INSN_VST1 | 0xae0, arg, arg1, arg2);
+return;
+default:
+g_assert_not_reached();
+}
 }
 
 static inline bool tcg_out_sti(TCGContext *s, TCGType type, TCGArg val,
-- 
2.25.1

[Bug 1909256] [NEW] compile failure if gnutls headers not on default include path

[Peter Maydell]

Public bug reported:

If the gnutls headers are not on the default compiler include path, then
configure correctly finds them and config-host.mak sets up the
variables:

GNUTLS_CFLAGS=-I/opt/homebrew/Cellar/gnutls/3.6.15/include 
-I/opt/homebrew/Cellar/nettle/3.6/include 
-I/opt/homebrew/Cellar/libtasn1/4.16.0/include 
-I/opt/homebrew/Cellar/libidn2/2.3.0/include 
-I/opt/homebrew/Cellar/p11-kit/0.23.22/include/p11-kit-1
GNUTLS_LIBS=-L/opt/homebrew/Cellar/gnutls/3.6.15/lib -lgnutls

but meson fails to put GNUTLS_CFLAGS in the compiler arguments and so
you get compile failures like:

[2/1865] Compiling C object qemu-nbd.p/qemu-nbd.c.o
FAILED: qemu-nbd.p/qemu-nbd.c.o 
cc -Iqemu-nbd.p -I. -I../.. -Iqapi -Itrace -Iui -Iui/shader 
-I/opt/homebrew/Cellar/glib/2.66.4/include 
-I/opt/homebrew/Cellar/glib/2.66.4/include/glib-2.0 
-I/opt/homebrew/Cellar/glib/2.66.4/lib/glib-2.0/include 
-I/opt/homebrew/opt/gettext/include -I/opt/homebrew/Cellar/pcre/8.44/include 
-Xclang -fcolor-diagnostics -pipe -Wall -Winvalid-pch -std=gnu99 -g 
-DOS_OBJECT_USE_OBJC=0 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv 
-Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels 
-Wexpansion-to-defined -Wno-initializer-overrides -Wno-missing-include-dirs 
-Wno-shift-negative-value -Wno-string-plus-int -Wno-typedef-redefinition 
-Wno-tautological-type-limit-compare -fstack-protector-strong -iquote 
/Users/pm215/qemu/tcg/aarch64 -iquote . -iquote /Users/pm215/qemu -iquote 
/Users/pm215/qemu/accel/tcg -iquote /Users/pm215/qemu/include -iquote 
/Users/pm215/qemu/disas/libvixl -MD -MQ qemu-nbd.p/qemu-nbd.c.o -MF 
qemu-nbd.p/qemu-nbd.c.o.d -o qemu-nbd.p/qemu-nbd.c.o -c ../../qemu-nbd.c
In file included from ../../qemu-nbd.c:30:
In file included from /Users/pm215/qemu/include/block/nbd.h:25:
/Users/pm215/qemu/include/crypto/tlscreds.h:28:10: fatal error: 
'gnutls/gnutls.h' file not found
#include 
 ^
1 error generated.


The compiler errors happen for any .c file that includes block/nbd.h and also 
for files in tests that include gnutls.h directly, and for files that directly 
or indirectly include crypto/tlssession.c.

My meson-foo is insufficient to suggest the correct fix...

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1909256

Title:
  compile failure if gnutls headers not on default include path

Status in QEMU:
  New

Bug description:
  If the gnutls headers are not on the default compiler include path,
  then configure correctly finds them and config-host.mak sets up the
  variables:

  GNUTLS_CFLAGS=-I/opt/homebrew/Cellar/gnutls/3.6.15/include 
-I/opt/homebrew/Cellar/nettle/3.6/include 
-I/opt/homebrew/Cellar/libtasn1/4.16.0/include 
-I/opt/homebrew/Cellar/libidn2/2.3.0/include 
-I/opt/homebrew/Cellar/p11-kit/0.23.22/include/p11-kit-1
  GNUTLS_LIBS=-L/opt/homebrew/Cellar/gnutls/3.6.15/lib -lgnutls

  but meson fails to put GNUTLS_CFLAGS in the compiler arguments and so
  you get compile failures like:

  [2/1865] Compiling C object qemu-nbd.p/qemu-nbd.c.o
  FAILED: qemu-nbd.p/qemu-nbd.c.o 
  cc -Iqemu-nbd.p -I. -I../.. -Iqapi -Itrace -Iui -Iui/shader 
-I/opt/homebrew/Cellar/glib/2.66.4/include 
-I/opt/homebrew/Cellar/glib/2.66.4/include/glib-2.0 
-I/opt/homebrew/Cellar/glib/2.66.4/lib/glib-2.0/include 
-I/opt/homebrew/opt/gettext/include -I/opt/homebrew/Cellar/pcre/8.44/include 
-Xclang -fcolor-diagnostics -pipe -Wall -Winvalid-pch -std=gnu99 -g 
-DOS_OBJECT_USE_OBJC=0 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-Wstrict-prototypes -Wredundant-decls -Wundef -Wwrite-strings 
-Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv 
-Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels 
-Wexpansion-to-defined -Wno-initializer-overrides -Wno-missing-include-dirs 
-Wno-shift-negative-value -Wno-string-plus-int -Wno-typedef-redefinition 
-Wno-tautological-type-limit-compare -fstack-protector-strong -iquote 
/Users/pm215/qemu/tcg/aarch64 -iquote . -iquote /Users/pm215/qemu -iquote 
/Users/pm215/qemu/accel/tcg -iquote /Users/pm215/qemu/include -iquote 
/Users/pm215/qemu/disas/libvixl -MD -MQ qemu-nbd.p/qemu-nbd.c.o -MF 
qemu-nbd.p/qemu-nbd.c.o.d -o qemu-nbd.p/qemu-nbd.c.o -c ../../qemu-nbd.c
  In file included from ../../qemu-nbd.c:30:
  In file included from /Users/pm215/qemu/include/block/nbd.h:25:
  /Users/pm215/qemu/include/crypto/tlscreds.h:28:10: fatal error: 
'gnutls/gnutls.h' file not found
  #include 
   ^
  1 error generated.

  
  The compiler errors happen for any .c file that includes block/

Re: [RFC PATCH v2] x86/cpu: initialize the CPU concurrently

[Eduardo Habkost]

On Thu, Dec 24, 2020 at 09:41:10PM +0800, Zhenyu Ye wrote:
> Hi Eduardo,
> 
> Sorry for the delay.
> 
> On 2020/12/22 5:36, Eduardo Habkost wrote:
> > On Mon, Dec 21, 2020 at 07:36:18PM +0800, Zhenyu Ye wrote:
> >> Providing a optional mechanism to wait for all VCPU threads be
> >> created out of qemu_init_vcpu(), then we can initialize the cpu
> >> concurrently on the x86 architecture.
> >>
> >> This reduces the time of creating virtual machines. For example, when
> >> the haxm is used as the accelerator, cpus_accel->create_vcpu_thread()
> >> will cause at least 200ms for each cpu, extremely prolong the boot
> >> time.
> >>

I have just realized one thing: all VCPU thread function
(including hax) keeps holding qemu_global_mutex most of the time.
Are you sure your patch is really making VCPU initialization run
in parallel?  Do you have numbers showing this patch really
improves boot time?


> >> Signed-off-by: Eduardo Habkost 
> >> Signed-off-by: eillon 
> > 
> > The patch is easier to follow now, but I have a question that may
> > be difficult to answer:
> > 
> > What exactly is the meaning of cpu->created=true, and what
> > exactly would break if we never wait for cpu->created==true at all?
> > 
> > I'm asking that because we might be introducing subtle races
> > here, if some of the remaining CPU initialization code in
> > x86_cpu_realizefn() [1] expects the VCPU thread to be already
> > initialized.
> > 
> > The cpu_reset() call below is one such example (but probably not
> > the only one).  cpu_reset() ends up calling
> > kvm_arch_reset_vcpu(), which seems to assume kvm_init_vcpu() was
> > already called.  With your patch, kvm_init_vcpu() might end up
> > being called after kvm_arch_reset_vcpu().
> > 
> 
> There's a chance that this happens.
> Could we move these (after qemu_init_vcpu()) out of x86_cpu_realizefn()
> to the x86_cpus_init(), after qemu_wait_all_vcpu_threads_init()?
> Such as:
> 
> void x86_cpus_init()
> {
>   foreach (cpu) {
>   x86_cpu_new();
>   }
> 
>   qemu_wait_all_vcpu_threads_init();
> 
>   foreach (cpu) {
>   x86_cpu_new_post();
>   }
> }

Maybe that would work, if the caveats are clearly documented.
I'm worried about bugs being introduced if people assume the VCPU
will always be fully initialized and ready to run after
qemu_init_vcpu() is called and qdev_realize() returns.

> 
> > Maybe a simpler alternative is to keep the existing thread
> > creation logic, but changing hax_cpu_thread_fn() to do less work
> > before calling cpu_thread_signal_created()?
> > 
> > In my testing (without this patch), creation of 8 KVM VCPU
> > threads in a 4 core machine takes less than 3 ms.  Why is
> > qemu_init_vcpu() taking so long on haxm?  Which parts of haxm
> > initialization can be moved after cpu_thread_signal_created(), to
> > make this better?
> > 
> 
> The most time-consuming operation in haxm is ioctl(HAX_VM_IOCTL_VCPU_CREATE).
> Saddly this can not be split.
> 
> Even if we fix the problem in haxm, other accelerators may also have
> this problem.  So I think if we can make the x86_cpu_new() concurrently,
> we should try to do it.

Changing the code to run all VCPU initialization actions for all
accelerators concurrently would require carefully reviewing the
VCPU thread code for all accelerators, looking for races.  Sounds
like a challenging task.  We could avoid that if we do something
that will parallelize only what we really need (and know to be
safe).

-- 
Eduardo

[PATCH] hw/scsi/megasas: check for NULL frame in megasas_command_cancelled()

[Mauro Matteo Cascella]

Ensure that 'cmd->frame' is not NULL before accessing the 'header' field.
This check prevents a potential NULL pointer dereference issue.

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
Signed-off-by: Mauro Matteo Cascella 
Reported-by: Cheolwoo Myung 
---
 hw/scsi/megasas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 1a5fc5857d..77510e120c 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -1893,7 +1893,7 @@ static void megasas_command_cancelled(SCSIRequest *req)
 {
 MegasasCmd *cmd = req->hba_private;
 
-if (!cmd) {
+if (!cmd || !cmd->frame) {
 return;
 }
 cmd->frame->header.cmd_status = MFI_STAT_SCSI_IO_FAILED;
-- 
2.29.2

[PATCH v3 3/3] pnv: Fix reverse dependency on PCI express root ports

[Greg Kurz]

qemu-system-ppc64 built with --without-default-devices crashes:

Type 'pnv-phb4-root-port' is missing its parent 'pcie-root-port-base'
Aborted (core dumped)

Have POWERNV to select PCIE_PORT. This is done through a
new PCI_POWERNV config in hw/pci-host/Kconfig since POWERNV
doesn't have a direct dependency on PCI. For this reason,
PCI_EXPRESS and MSI_NONBROKEN are also moved under
PCI_POWERNV.

Signed-off-by: Greg Kurz 
Reviewed-by: Cédric Le Goater 
---
 hw/pci-host/Kconfig |5 +
 hw/pci-host/meson.build |2 +-
 hw/ppc/Kconfig  |3 +--
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/hw/pci-host/Kconfig b/hw/pci-host/Kconfig
index 036a61877a73..eb03f0489d08 100644
--- a/hw/pci-host/Kconfig
+++ b/hw/pci-host/Kconfig
@@ -60,3 +60,8 @@ config PCI_BONITO
 select PCI
 select UNIMP
 bool
+
+config PCI_POWERNV
+select PCI_EXPRESS
+select MSI_NONBROKEN
+select PCIE_PORT
diff --git a/hw/pci-host/meson.build b/hw/pci-host/meson.build
index e6d1b896848c..da9d1a9964a8 100644
--- a/hw/pci-host/meson.build
+++ b/hw/pci-host/meson.build
@@ -23,7 +23,7 @@ pci_ss.add(when: 'CONFIG_VERSATILE_PCI', if_true: 
files('versatile.c'))
 
 softmmu_ss.add_all(when: 'CONFIG_PCI', if_true: pci_ss)
 
-specific_ss.add(when: 'CONFIG_POWERNV', if_true: files(
+specific_ss.add(when: 'CONFIG_PCI_POWERNV', if_true: files(
   'pnv_phb3.c',
   'pnv_phb3_msi.c',
   'pnv_phb3_pbcq.c',
diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index a213994ebf5d..d11dc30509df 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -29,8 +29,7 @@ config POWERNV
 select XICS
 select XIVE
 select FDT_PPC
-select PCI_EXPRESS
-select MSI_NONBROKEN
+select PCI_POWERNV
 
 config PPC405
 bool

[PATCH v3 1/3] ppc: Fix build with --without-default-devices

[Greg Kurz]

Linking of the qemu-system-ppc64 fails on a POWER9 host when
--without-default-devices is passed to configure:

$ ./configure --without-default-devices \
  --target-list=ppc64-softmmu && make

...

libqemu-ppc64-softmmu.fa.p/hw_ppc_e500.c.o: In function `ppce500_init_mpic_kvm':
/home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/e500.c:777: undefined reference 
to `kvm_openpic_connect_vcpu'
libqemu-ppc64-softmmu.fa.p/hw_ppc_spapr_irq.c.o: In function `spapr_irq_check':
/home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/spapr_irq.c:189: undefined 
reference to `xics_kvm_has_broken_disconnect'
libqemu-ppc64-softmmu.fa.p/hw_intc_spapr_xive.c.o: In function 
`spapr_xive_post_load':
/home/greg/Work/qemu/qemu-ppc/build/../hw/intc/spapr_xive.c:530: undefined 
reference to `kvmppc_xive_post_load'

... and tons of other symbols belonging to the KVM backend of the
openpic, XICS and XIVE interrupt controllers.

It turns out that OPENPIC_KVM, XICS_KVM and XIVE_KVM are marked
to depend on KVM but this has no effect when minikconf runs in
allnoconfig mode. Such reverse dependencies should rather be
handled with a 'select' statement, eg.

config OPENPIC
select OPENPIC_KVM if KVM

or even better by getting rid of the intermediate _KVM config
and directly checking CONFIG_KVM in the meson.build file:

specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_OPENPIC'],
if_true: files('openpic_kvm.c'))

Go for the latter with OPENPIC, XICS and XIVE.

This went unnoticed so far because CI doesn't test the build with
--without-default-devices and KVM enabled on a POWER host.

Signed-off-by: Greg Kurz 
---

The various comments motivated me enough for another round,
which is basically to split the cleanup out to a separate
patch and use CONFIG_PSERIES in hw/intc/meson.build as
suggested by Cedric.

v3: - move cleanup to a separate patch

v2: - check CONFIG_KVM in the meson.build as suggested by Paolo
---
 hw/intc/Kconfig |   10 --
 hw/intc/meson.build |9 ++---
 hw/ppc/Kconfig  |5 -
 3 files changed, 6 insertions(+), 18 deletions(-)

diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig
index 468d548ca771..fa2695e58d56 100644
--- a/hw/intc/Kconfig
+++ b/hw/intc/Kconfig
@@ -30,11 +30,6 @@ config ARM_GIC_KVM
 default y
 depends on ARM_GIC && KVM
 
-config OPENPIC_KVM
-bool
-default y
-depends on OPENPIC && KVM
-
 config XICS
 bool
 depends on POWERNV || PSERIES
@@ -43,11 +38,6 @@ config XICS_SPAPR
 bool
 select XICS
 
-config XICS_KVM
-bool
-default y
-depends on XICS && KVM
-
 config ALLWINNER_A10_PIC
 bool
 
diff --git a/hw/intc/meson.build b/hw/intc/meson.build
index 68da782ad2c5..b6c9218908e3 100644
--- a/hw/intc/meson.build
+++ b/hw/intc/meson.build
@@ -39,7 +39,8 @@ specific_ss.add(when: 'CONFIG_LOONGSON_LIOINTC', if_true: 
files('loongson_lioint
 specific_ss.add(when: 'CONFIG_MIPS_CPS', if_true: files('mips_gic.c'))
 specific_ss.add(when: 'CONFIG_OMAP', if_true: files('omap_intc.c'))
 specific_ss.add(when: 'CONFIG_OMPIC', if_true: files('ompic.c'))
-specific_ss.add(when: 'CONFIG_OPENPIC_KVM', if_true: files('openpic_kvm.c'))
+specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_OPENPIC'],
+   if_true: files('openpic_kvm.c'))
 specific_ss.add(when: 'CONFIG_POWERNV', if_true: files('xics_pnv.c', 
'pnv_xive.c'))
 specific_ss.add(when: 'CONFIG_PPC_UIC', if_true: files('ppc-uic.c'))
 specific_ss.add(when: 'CONFIG_RASPI', if_true: files('bcm2835_ic.c', 
'bcm2836_control.c'))
@@ -50,8 +51,10 @@ specific_ss.add(when: 'CONFIG_SH4', if_true: 
files('sh_intc.c'))
 specific_ss.add(when: 'CONFIG_SIFIVE_CLINT', if_true: files('sifive_clint.c'))
 specific_ss.add(when: 'CONFIG_SIFIVE_PLIC', if_true: files('sifive_plic.c'))
 specific_ss.add(when: 'CONFIG_XICS', if_true: files('xics.c'))
-specific_ss.add(when: 'CONFIG_XICS_KVM', if_true: files('xics_kvm.c'))
+specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_XICS'],
+   if_true: files('xics_kvm.c'))
 specific_ss.add(when: 'CONFIG_XICS_SPAPR', if_true: files('xics_spapr.c'))
 specific_ss.add(when: 'CONFIG_XIVE', if_true: files('xive.c'))
-specific_ss.add(when: 'CONFIG_XIVE_KVM', if_true: files('spapr_xive_kvm.c'))
+specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_XIVE'],
+   if_true: files('spapr_xive_kvm.c'))
 specific_ss.add(when: 'CONFIG_XIVE_SPAPR', if_true: files('spapr_xive.c'))
diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index 982d55f5875c..e35710c7c368 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -139,11 +139,6 @@ config XIVE_SPAPR
 depends on PSERIES
 select XIVE
 
-config XIVE_KVM
-bool
-default y
-depends on XIVE_SPAPR && KVM
-
 # Only used by 64-bit targets
 config FW_CFG_PPC
 bool

[PATCH v3 2/3] ppc: Simplify reverse dependencies of POWERNV and PSERIES on XICS and XIVE

[Greg Kurz]

Have PSERIES to select XICS and XIVE, and directly check PSERIES
in hw/intc/meson.build to enable build of the XICS and XIVE sPAPR
backends, like POWERNV already does. This allows to get rid of the
intermediate XICS_SPAPR and XIVE_SPAPR.

Signed-off-by: Greg Kurz 
---
 hw/intc/Kconfig |4 +---
 hw/intc/meson.build |3 +--
 hw/ppc/Kconfig  |   14 ++
 3 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig
index fa2695e58d56..c18d11142a8f 100644
--- a/hw/intc/Kconfig
+++ b/hw/intc/Kconfig
@@ -32,11 +32,9 @@ config ARM_GIC_KVM
 
 config XICS
 bool
-depends on POWERNV || PSERIES
 
-config XICS_SPAPR
+config XIVE
 bool
-select XICS
 
 config ALLWINNER_A10_PIC
 bool
diff --git a/hw/intc/meson.build b/hw/intc/meson.build
index b6c9218908e3..53cba115690f 100644
--- a/hw/intc/meson.build
+++ b/hw/intc/meson.build
@@ -53,8 +53,7 @@ specific_ss.add(when: 'CONFIG_SIFIVE_PLIC', if_true: 
files('sifive_plic.c'))
 specific_ss.add(when: 'CONFIG_XICS', if_true: files('xics.c'))
 specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_XICS'],
if_true: files('xics_kvm.c'))
-specific_ss.add(when: 'CONFIG_XICS_SPAPR', if_true: files('xics_spapr.c'))
+specific_ss.add(when: 'CONFIG_PSERIES', if_true: files('xics_spapr.c', 
'spapr_xive.c'))
 specific_ss.add(when: 'CONFIG_XIVE', if_true: files('xive.c'))
 specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_XIVE'],
if_true: files('spapr_xive_kvm.c'))
-specific_ss.add(when: 'CONFIG_XIVE_SPAPR', if_true: files('spapr_xive.c'))
diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index e35710c7c368..a213994ebf5d 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -7,8 +7,8 @@ config PSERIES
 select PCI
 select SPAPR_VSCSI
 select VFIO if LINUX   # needed by spapr_pci_vfio.c
-select XICS_SPAPR
-select XIVE_SPAPR
+select XICS
+select XIVE
 select MSI_NONBROKEN
 select FDT_PPC
 select CHRP_NVRAM
@@ -129,16 +129,6 @@ config VIRTEX
 select XILINX_ETHLITE
 select FDT_PPC
 
-config XIVE
-bool
-depends on POWERNV || PSERIES
-
-config XIVE_SPAPR
-bool
-default y
-depends on PSERIES
-select XIVE
-
 # Only used by 64-bit targets
 config FW_CFG_PPC
 bool

[Bug 1909247] [NEW] QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c

[Mauro Matteo Cascella]

*** This bug is a security vulnerability ***

Public security bug reported:

A use-after-free vulnerability was found in the am53c974 SCSI host bus
adapter emulation of QEMU. It could occur in the esp_do_dma() function
in hw/scsi/esp.c while handling the 'Information Transfer' command
(CMD_TI). A privileged guest user may abuse this flaw to crash the QEMU
process on the host, resulting in a denial of service or potential code
execution with the privileges of the QEMU process.

This issue was reported by Cheolwoo Myung (Seoul National University).

Original report:
Using hypervisor fuzzer, hyfuzz, I found a use-after-free issue in
am53c974 emulator of QEMU enabled ASan.

It occurs while transferring information, as it does not check the
buffer to be transferred.

A malicious guest user/process could use this flaw to crash the QEMU
process resulting in DoS scenario.

To reproduce this issue, please run the QEMU with the following command
line.

# To enable ASan option, please set configuration with the following
$ ./configure --target-list=i386-softmmu --disable-werror --enable-sanitizers
$ make

# To reproduce this issue, please run the QEMU process with the following 
command line
$ ./qemu-system-i386 -m 512 -drive 
file=./hyfuzz.img,index=0,media=disk,format=raw \
-device am53c974,id=scsi -device scsi-hd,drive=SysDisk \
-drive id=SysDisk,if=none,file=./disk.img

Please find attached the disk images to reproduce this issue.

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: cve qemu security

** Attachment added: "uaf-am53c974.tar.xz"
   
https://bugs.launchpad.net/bugs/1909247/+attachment/5446614/+files/uaf-am53c974.tar.xz

** Information type changed from Private Security to Public Security

** Bug watch added: Red Hat Bugzilla #1909996
   https://bugzilla.redhat.com/show_bug.cgi?id=1909996

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1909247

Title:
  QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c

Status in QEMU:
  New

Bug description:
  A use-after-free vulnerability was found in the am53c974 SCSI host bus
  adapter emulation of QEMU. It could occur in the esp_do_dma() function
  in hw/scsi/esp.c while handling the 'Information Transfer' command
  (CMD_TI). A privileged guest user may abuse this flaw to crash the
  QEMU process on the host, resulting in a denial of service or
  potential code execution with the privileges of the QEMU process.

  This issue was reported by Cheolwoo Myung (Seoul National University).

  Original report:
  Using hypervisor fuzzer, hyfuzz, I found a use-after-free issue in
  am53c974 emulator of QEMU enabled ASan.

  It occurs while transferring information, as it does not check the
  buffer to be transferred.

  A malicious guest user/process could use this flaw to crash the QEMU
  process resulting in DoS scenario.

  To reproduce this issue, please run the QEMU with the following command
  line.

  # To enable ASan option, please set configuration with the following
  $ ./configure --target-list=i386-softmmu --disable-werror --enable-sanitizers
  $ make

  # To reproduce this issue, please run the QEMU process with the following 
command line
  $ ./qemu-system-i386 -m 512 -drive 
file=./hyfuzz.img,index=0,media=disk,format=raw \
  -device am53c974,id=scsi -device scsi-hd,drive=SysDisk \
  -drive id=SysDisk,if=none,file=./disk.img

  Please find attached the disk images to reproduce this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1909247/+subscriptions

[Bug 1909247] Re: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c

[Mauro Matteo Cascella]

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1909996

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1909247

Title:
  QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c

Status in QEMU:
  New

Bug description:
  A use-after-free vulnerability was found in the am53c974 SCSI host bus
  adapter emulation of QEMU. It could occur in the esp_do_dma() function
  in hw/scsi/esp.c while handling the 'Information Transfer' command
  (CMD_TI). A privileged guest user may abuse this flaw to crash the
  QEMU process on the host, resulting in a denial of service or
  potential code execution with the privileges of the QEMU process.

  This issue was reported by Cheolwoo Myung (Seoul National University).

  Original report:
  Using hypervisor fuzzer, hyfuzz, I found a use-after-free issue in
  am53c974 emulator of QEMU enabled ASan.

  It occurs while transferring information, as it does not check the
  buffer to be transferred.

  A malicious guest user/process could use this flaw to crash the QEMU
  process resulting in DoS scenario.

  To reproduce this issue, please run the QEMU with the following command
  line.

  # To enable ASan option, please set configuration with the following
  $ ./configure --target-list=i386-softmmu --disable-werror --enable-sanitizers
  $ make

  # To reproduce this issue, please run the QEMU process with the following 
command line
  $ ./qemu-system-i386 -m 512 -drive 
file=./hyfuzz.img,index=0,media=disk,format=raw \
  -device am53c974,id=scsi -device scsi-hd,drive=SysDisk \
  -drive id=SysDisk,if=none,file=./disk.img

  Please find attached the disk images to reproduce this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1909247/+subscriptions

Re: Problems with irq mapping in qemu v5.2

[BALATON Zoltan via]

On Thu, 24 Dec 2020, Philippe Mathieu-Daudé wrote:

On Thu, Dec 24, 2020 at 9:11 AM BALATON Zoltan  wrote:

On Wed, 23 Dec 2020, Guenter Roeck wrote:

On Thu, Dec 24, 2020 at 02:34:07AM +0100, BALATON Zoltan wrote:
[ ... ]


If we need legacy mode then we may be able to emulate that by setting BARs
to legacy ports ignoring what values are written to them if legacy mode
config is set (which may be what the real chip does) and we already have
IRQs hard wired to legacy values so that would give us legacy and
half-native mode which is enough for both fuloong2e and pegasos2 but I'm not
sure how can we fix BARs in QEMU because that's also handled by generic PCI
code which I also don't want to break.


The code below works for booting Linux while at the same time not affecting
any other emulation. I don't claim it to be a perfect fix, and overloading
the existing property is a bit hackish, but it does work.

[...]

I think we don't need more complete
emulation of this chip than this for now but if somebody wants to attempt
that I don't mind as long as it does not break pegasos2.


Fine by me as long as pegasos2 doesn't break other OSes :)


Sure, I did try to avoid breaking fuloong2e last time too and tested with 
the kernel I could dig up. Unfortunately that does not seem to be the 
right test for that machine. The fuloong2e model wasn't in very good shape 
back then. Now we have better test cases for it.



Can we have integration tests of pegasos2 so we can modify the device models
without introducing regressions?
If it is not open-source, you could still contribute tests with hash
of tested binary
and provide the binary file to test on demand off-list.


We're not there yet when I can submit pegasos2 patches for merging because 
I'll need to make more clean ups to via model and also have a replacement 
for the firmware binary that I plan to do as time permits. For OS there 
may be some older PPC Linux distros that used to work with pegasos2 and 
MorphOS demo is freely downloadable but not redistributable so maybe 
possible to use as test but I'll need some help with the python module to 
integrate it in QEMU tests. I'll keep you cc-d about this anyway as the 
MIPS maintainer.


Regards,
BALATON Zoltan

Re: [PATCH v2 1/2] ppc: Fix build with --without-default-devices

[Philippe Mathieu-Daudé]

On 12/24/20 3:42 PM, Paolo Bonzini wrote:
> Why? It's all KVM.

I find it not obvious to figure out by simply looking at this diff.
I'm probably too tired. Anyway Cédric already reviewed it.

> 
> Paolo
> 
> Il gio 24 dic 2020, 11:58 Philippe Mathieu-Daudé  > ha scritto:
> 
> On 12/23/20 8:26 PM, Greg Kurz wrote:
> > Linking of the qemu-system-ppc64 fails on a POWER9 host when
> > --without-default-devices is passed to configure:
> >
> > $ ./configure --without-default-devices \
> >               --target-list=ppc64-softmmu && make
> >
> > ...
> >
> > libqemu-ppc64-softmmu.fa.p/hw_ppc_e500.c.o: In function
> `ppce500_init_mpic_kvm':
> > /home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/e500.c:777:
> undefined reference to `kvm_openpic_connect_vcpu'
> > libqemu-ppc64-softmmu.fa.p/hw_ppc_spapr_irq.c.o: In function
> `spapr_irq_check':
> > /home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/spapr_irq.c:189:
> undefined reference to `xics_kvm_has_broken_disconnect'
> > libqemu-ppc64-softmmu.fa.p/hw_intc_spapr_xive.c.o: In function
> `spapr_xive_post_load':
> > /home/greg/Work/qemu/qemu-ppc/build/../hw/intc/spapr_xive.c:530:
> undefined reference to `kvmppc_xive_post_load'
> >
> > ... and tons of other symbols belonging to the KVM backend of the
> > openpic, XICS and XIVE interrupt controllers.
> >
> > It turns out that OPENPIC_KVM, XICS_KVM and XIVE_KVM are marked
> > to depend on KVM but this has no effect when minikconf runs in
> > allnoconfig mode. Such reverse dependencies should rather be
> > handled with a 'select' statement, eg.
> >
> > config OPENPIC
> >     select OPENPIC_KVM if KVM
> >
> > or even better by getting rid of the intermediate _KVM config
> > and directly checking CONFIG_KVM in the meson.build file:
> >
> > specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_OPENPIC'],
> >               if_true: files('openpic_kvm.c'))
> >
> > Go for the latter with OPENPIC, XICS and XIVE. While here also move
> > XIVE_SPAPR to hw/intc/Kconfig where it belongs.
> >
> > This went unnoticed so far because CI doesn't test the build with
> > --without-default-devices and KVM enabled on a POWER host.
> >
> > Signed-off-by: Greg Kurz mailto:gr...@kaod.org>>
> > ---
> > v2: - check CONFIG_KVM in the meson.build as suggested by Paolo
> > ---
> >  hw/intc/Kconfig     |   14 +-
> >  hw/intc/meson.build |    9 ++---
> >  hw/ppc/Kconfig      |   15 ---
> >  3 files changed, 11 insertions(+), 27 deletions(-)

Re: [PATCH v2 1/2] ppc: Fix build with --without-default-devices

[Paolo Bonzini]

Why? It's all KVM.

Paolo

Il gio 24 dic 2020, 11:58 Philippe Mathieu-Daudé  ha
scritto:

> On 12/23/20 8:26 PM, Greg Kurz wrote:
> > Linking of the qemu-system-ppc64 fails on a POWER9 host when
> > --without-default-devices is passed to configure:
> >
> > $ ./configure --without-default-devices \
> >   --target-list=ppc64-softmmu && make
> >
> > ...
> >
> > libqemu-ppc64-softmmu.fa.p/hw_ppc_e500.c.o: In function
> `ppce500_init_mpic_kvm':
> > /home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/e500.c:777: undefined
> reference to `kvm_openpic_connect_vcpu'
> > libqemu-ppc64-softmmu.fa.p/hw_ppc_spapr_irq.c.o: In function
> `spapr_irq_check':
> > /home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/spapr_irq.c:189: undefined
> reference to `xics_kvm_has_broken_disconnect'
> > libqemu-ppc64-softmmu.fa.p/hw_intc_spapr_xive.c.o: In function
> `spapr_xive_post_load':
> > /home/greg/Work/qemu/qemu-ppc/build/../hw/intc/spapr_xive.c:530:
> undefined reference to `kvmppc_xive_post_load'
> >
> > ... and tons of other symbols belonging to the KVM backend of the
> > openpic, XICS and XIVE interrupt controllers.
> >
> > It turns out that OPENPIC_KVM, XICS_KVM and XIVE_KVM are marked
> > to depend on KVM but this has no effect when minikconf runs in
> > allnoconfig mode. Such reverse dependencies should rather be
> > handled with a 'select' statement, eg.
> >
> > config OPENPIC
> > select OPENPIC_KVM if KVM
> >
> > or even better by getting rid of the intermediate _KVM config
> > and directly checking CONFIG_KVM in the meson.build file:
> >
> > specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_OPENPIC'],
> >   if_true: files('openpic_kvm.c'))
> >
> > Go for the latter with OPENPIC, XICS and XIVE. While here also move
> > XIVE_SPAPR to hw/intc/Kconfig where it belongs.
> >
> > This went unnoticed so far because CI doesn't test the build with
> > --without-default-devices and KVM enabled on a POWER host.
> >
> > Signed-off-by: Greg Kurz 
> > ---
> > v2: - check CONFIG_KVM in the meson.build as suggested by Paolo
> > ---
> >  hw/intc/Kconfig |   14 +-
> >  hw/intc/meson.build |9 ++---
> >  hw/ppc/Kconfig  |   15 ---
> >  3 files changed, 11 insertions(+), 27 deletions(-)
> >
> > diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig
> > index 468d548ca771..ee60d4bf7857 100644
> > --- a/hw/intc/Kconfig
> > +++ b/hw/intc/Kconfig
> > @@ -30,23 +30,19 @@ config ARM_GIC_KVM
> >  default y
> >  depends on ARM_GIC && KVM
> >
> > -config OPENPIC_KVM
> > -bool
> > -default y
> > -depends on OPENPIC && KVM
> > -
> >  config XICS
> >  bool
> > -depends on POWERNV || PSERIES
> >
> >  config XICS_SPAPR
> >  bool
> >  select XICS
> >
> > -config XICS_KVM
> > +config XIVE
> >  bool
> > -default y
> > -depends on XICS && KVM
> > +
> > +config XIVE_SPAPR
> > +bool
> > +select XIVE
> >
> >  config ALLWINNER_A10_PIC
> >  bool
> > diff --git a/hw/intc/meson.build b/hw/intc/meson.build
> > index 68da782ad2c5..b6c9218908e3 100644
> > --- a/hw/intc/meson.build
> > +++ b/hw/intc/meson.build
> > @@ -39,7 +39,8 @@ specific_ss.add(when: 'CONFIG_LOONGSON_LIOINTC',
> if_true: files('loongson_lioint
> >  specific_ss.add(when: 'CONFIG_MIPS_CPS', if_true: files('mips_gic.c'))
> >  specific_ss.add(when: 'CONFIG_OMAP', if_true: files('omap_intc.c'))
> >  specific_ss.add(when: 'CONFIG_OMPIC', if_true: files('ompic.c'))
> > -specific_ss.add(when: 'CONFIG_OPENPIC_KVM', if_true:
> files('openpic_kvm.c'))
> > +specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_OPENPIC'],
> > + if_true: files('openpic_kvm.c'))
> >  specific_ss.add(when: 'CONFIG_POWERNV', if_true: files('xics_pnv.c',
> 'pnv_xive.c'))
> >  specific_ss.add(when: 'CONFIG_PPC_UIC', if_true: files('ppc-uic.c'))
> >  specific_ss.add(when: 'CONFIG_RASPI', if_true: files('bcm2835_ic.c',
> 'bcm2836_control.c'))
> > @@ -50,8 +51,10 @@ specific_ss.add(when: 'CONFIG_SH4', if_true:
> files('sh_intc.c'))
> >  specific_ss.add(when: 'CONFIG_SIFIVE_CLINT', if_true:
> files('sifive_clint.c'))
> >  specific_ss.add(when: 'CONFIG_SIFIVE_PLIC', if_true:
> files('sifive_plic.c'))
> >  specific_ss.add(when: 'CONFIG_XICS', if_true: files('xics.c'))
> > -specific_ss.add(when: 'CONFIG_XICS_KVM', if_true: files('xics_kvm.c'))
> > +specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_XICS'],
> > + if_true: files('xics_kvm.c'))
> >  specific_ss.add(when: 'CONFIG_XICS_SPAPR', if_true:
> files('xics_spapr.c'))
> >  specific_ss.add(when: 'CONFIG_XIVE', if_true: files('xive.c'))
> > -specific_ss.add(when: 'CONFIG_XIVE_KVM', if_true:
> files('spapr_xive_kvm.c'))
> > +specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_XIVE'],
> > + if_true: files('spapr_xive_kvm.c'))
> >  specific_ss.add(when: 'CONFIG_XIVE_SPAPR', if_true:
> files('spapr_xive.c'))
> > diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
> > index 982d55f5875c..064bd6edd83d 100644
> > --- a/hw/ppc/Kconfig
> > +++ b/hw/ppc/Kconfig
> > @@ -129,21 +129,6 @@ con

Re: [RFC PATCH v2] x86/cpu: initialize the CPU concurrently

[Zhenyu Ye]

Hi Eduardo,

Sorry for the delay.

On 2020/12/22 5:36, Eduardo Habkost wrote:
> On Mon, Dec 21, 2020 at 07:36:18PM +0800, Zhenyu Ye wrote:
>> Providing a optional mechanism to wait for all VCPU threads be
>> created out of qemu_init_vcpu(), then we can initialize the cpu
>> concurrently on the x86 architecture.
>>
>> This reduces the time of creating virtual machines. For example, when
>> the haxm is used as the accelerator, cpus_accel->create_vcpu_thread()
>> will cause at least 200ms for each cpu, extremely prolong the boot
>> time.
>>
>> Signed-off-by: Eduardo Habkost 
>> Signed-off-by: eillon 
> 
> The patch is easier to follow now, but I have a question that may
> be difficult to answer:
> 
> What exactly is the meaning of cpu->created=true, and what
> exactly would break if we never wait for cpu->created==true at all?
> 
> I'm asking that because we might be introducing subtle races
> here, if some of the remaining CPU initialization code in
> x86_cpu_realizefn() [1] expects the VCPU thread to be already
> initialized.
> 
> The cpu_reset() call below is one such example (but probably not
> the only one).  cpu_reset() ends up calling
> kvm_arch_reset_vcpu(), which seems to assume kvm_init_vcpu() was
> already called.  With your patch, kvm_init_vcpu() might end up
> being called after kvm_arch_reset_vcpu().
> 

There's a chance that this happens.
Could we move these (after qemu_init_vcpu()) out of x86_cpu_realizefn()
to the x86_cpus_init(), after qemu_wait_all_vcpu_threads_init()?
Such as:

void x86_cpus_init()
{
foreach (cpu) {
x86_cpu_new();
}

qemu_wait_all_vcpu_threads_init();

foreach (cpu) {
x86_cpu_new_post();
}
}

> Maybe a simpler alternative is to keep the existing thread
> creation logic, but changing hax_cpu_thread_fn() to do less work
> before calling cpu_thread_signal_created()?
> 
> In my testing (without this patch), creation of 8 KVM VCPU
> threads in a 4 core machine takes less than 3 ms.  Why is
> qemu_init_vcpu() taking so long on haxm?  Which parts of haxm
> initialization can be moved after cpu_thread_signal_created(), to
> make this better?
> 

The most time-consuming operation in haxm is ioctl(HAX_VM_IOCTL_VCPU_CREATE).
Saddly this can not be split.

Even if we fix the problem in haxm, other accelerators may also have
this problem.  So I think if we can make the x86_cpu_new() concurrently,
we should try to do it.

Thanks,
Zhenyu

Re: [PATCH v3 7/7] qapi: More complex uses of QAPI_LIST_APPEND

[Vladimir Sementsov-Ogievskiy]

24.12.2020 01:11, Eric Blake wrote:

These cases require a bit more thought to review; in each case, the
code was appending to a list, but not with a FOOList **tail variable.

Signed-off-by: Eric Blake 
---


[..]


diff --git a/migration/migration.c b/migration/migration.c
index 805712488e4d..a676405019d1 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -784,29 +784,21 @@ void migrate_send_rp_resume_ack(MigrationIncomingState 
*mis, uint32_t value)

  MigrationCapabilityStatusList *qmp_query_migrate_capabilities(Error **errp)
  {
-MigrationCapabilityStatusList *head = NULL;
-MigrationCapabilityStatusList *caps;
+MigrationCapabilityStatusList *head = NULL, **tail = &head;
+MigrationCapabilityStatus *caps;
  MigrationState *s = migrate_get_current();
  int i;

-caps = NULL; /* silence compiler warning */
  for (i = 0; i < MIGRATION_CAPABILITY__MAX; i++) {
  #ifndef CONFIG_LIVE_BLOCK_MIGRATION
  if (i == MIGRATION_CAPABILITY_BLOCK) {
  continue;
  }
  #endif
-if (head == NULL) {
-head = g_malloc0(sizeof(*caps));
-caps = head;
-} else {
-caps->next = g_malloc0(sizeof(*caps));
-caps = caps->next;
-}
-caps->value =
-g_malloc(sizeof(*caps->value));
-caps->value->capability = i;
-caps->value->state = s->enabled_capabilities[i];
+caps = g_malloc(sizeof(*caps));


While being here, probably better use g_malloc0, for safety in future


+caps->capability = i;
+caps->state = s->enabled_capabilities[i];
+QAPI_LIST_APPEND(tail, caps);
  }

  return head;
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index ed4131efbca6..a9643ff41961 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -1705,7 +1705,8 @@ void hmp_closefd(Monitor *mon, const QDict *qdict)
  void hmp_sendkey(Monitor *mon, const QDict *qdict)
  {
  const char *keys = qdict_get_str(qdict, "keys");
-KeyValueList *keylist, *head = NULL, *tmp = NULL;
+KeyValue *v = NULL;
+KeyValueList *head = NULL, **tail = &head;
  int has_hold_time = qdict_haskey(qdict, "hold-time");
  int hold_time = qdict_get_try_int(qdict, "hold-time", -1);
  Error *err = NULL;
@@ -1722,16 +1723,7 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
  keyname_len = 4;
  }

-keylist = g_malloc0(sizeof(*keylist));
-keylist->value = g_malloc0(sizeof(*keylist->value));
-
-if (!head) {
-head = keylist;
-}
-if (tmp) {
-tmp->next = keylist;
-}
-tmp = keylist;
+v = g_malloc0(sizeof(*v));

  if (strstart(keys, "0x", NULL)) {
  char *endp;
@@ -1740,16 +1732,18 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
  if (endp != keys + keyname_len) {
  goto err_out;
  }
-keylist->value->type = KEY_VALUE_KIND_NUMBER;
-keylist->value->u.number.data = value;
+v->type = KEY_VALUE_KIND_NUMBER;
+v->u.number.data = value;
  } else {
  int idx = index_from_key(keys, keyname_len);
  if (idx == Q_KEY_CODE__MAX) {
  goto err_out;
  }
-keylist->value->type = KEY_VALUE_KIND_QCODE;
-keylist->value->u.qcode.data = idx;
+v->type = KEY_VALUE_KIND_QCODE;
+v->u.qcode.data = idx;
  }
+QAPI_LIST_APPEND(tail, v);
+v = NULL;

  if (!*separator) {
  break;
@@ -1761,6 +1755,7 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
  hmp_handle_error(mon, err);

  out:
+qapi_free_KeyValue(v);


alternative would be to define v as g_autoptr inside while-loop body and use 
g_steal_pointer() for QAPI_LIST_APPEND().


  qapi_free_KeyValueList(head);
  return;


[..]


diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index a5058a3bd15e..10ee740eee1b 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -2119,17 +2119,17 @@ void qmp_guest_suspend_hybrid(Error **errp)
  guest_suspend(SUSPEND_MODE_HYBRID, errp);
  }

-static GuestNetworkInterfaceList *
+static GuestNetworkInterface *
  guest_find_interface(GuestNetworkInterfaceList *head,
   const char *name)
  {
  for (; head; head = head->next) {
  if (strcmp(head->value->name, name) == 0) {
-break;
+return head->value;
  }
  }

-return head;
+return NULL;
  }

  static int guest_get_network_stats(const char *name,
@@ -2198,7 +2198,7 @@ static int guest_get_network_stats(const char *name,
   */
  GuestNetworkInterfaceList *qmp_guest_network_get_interfaces(Error **errp)
  {
-GuestNetworkInterfaceList *head = NULL, *cur_item = NULL;
+GuestNetworkInterfaceList *head = NULL, **tail = &head;
  struct ifaddrs *ifap, *ifa;

  if (getifaddrs

Re: [PATCH v2 1/2] ppc: Fix build with --without-default-devices

[Philippe Mathieu-Daudé]

On 12/23/20 8:26 PM, Greg Kurz wrote:
> Linking of the qemu-system-ppc64 fails on a POWER9 host when
> --without-default-devices is passed to configure:
> 
> $ ./configure --without-default-devices \
>   --target-list=ppc64-softmmu && make
> 
> ...
> 
> libqemu-ppc64-softmmu.fa.p/hw_ppc_e500.c.o: In function 
> `ppce500_init_mpic_kvm':
> /home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/e500.c:777: undefined reference 
> to `kvm_openpic_connect_vcpu'
> libqemu-ppc64-softmmu.fa.p/hw_ppc_spapr_irq.c.o: In function 
> `spapr_irq_check':
> /home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/spapr_irq.c:189: undefined 
> reference to `xics_kvm_has_broken_disconnect'
> libqemu-ppc64-softmmu.fa.p/hw_intc_spapr_xive.c.o: In function 
> `spapr_xive_post_load':
> /home/greg/Work/qemu/qemu-ppc/build/../hw/intc/spapr_xive.c:530: undefined 
> reference to `kvmppc_xive_post_load'
> 
> ... and tons of other symbols belonging to the KVM backend of the
> openpic, XICS and XIVE interrupt controllers.
> 
> It turns out that OPENPIC_KVM, XICS_KVM and XIVE_KVM are marked
> to depend on KVM but this has no effect when minikconf runs in
> allnoconfig mode. Such reverse dependencies should rather be
> handled with a 'select' statement, eg.
> 
> config OPENPIC
> select OPENPIC_KVM if KVM
> 
> or even better by getting rid of the intermediate _KVM config
> and directly checking CONFIG_KVM in the meson.build file:
> 
> specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_OPENPIC'],
>   if_true: files('openpic_kvm.c'))
> 
> Go for the latter with OPENPIC, XICS and XIVE. While here also move
> XIVE_SPAPR to hw/intc/Kconfig where it belongs.
> 
> This went unnoticed so far because CI doesn't test the build with
> --without-default-devices and KVM enabled on a POWER host.
> 
> Signed-off-by: Greg Kurz 
> ---
> v2: - check CONFIG_KVM in the meson.build as suggested by Paolo
> ---
>  hw/intc/Kconfig |   14 +-
>  hw/intc/meson.build |9 ++---
>  hw/ppc/Kconfig  |   15 ---
>  3 files changed, 11 insertions(+), 27 deletions(-)
> 
> diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig
> index 468d548ca771..ee60d4bf7857 100644
> --- a/hw/intc/Kconfig
> +++ b/hw/intc/Kconfig
> @@ -30,23 +30,19 @@ config ARM_GIC_KVM
>  default y
>  depends on ARM_GIC && KVM
>  
> -config OPENPIC_KVM
> -bool
> -default y
> -depends on OPENPIC && KVM
> -
>  config XICS
>  bool
> -depends on POWERNV || PSERIES
>  
>  config XICS_SPAPR
>  bool
>  select XICS
>  
> -config XICS_KVM
> +config XIVE
>  bool
> -default y
> -depends on XICS && KVM
> +
> +config XIVE_SPAPR
> +bool
> +select XIVE
>  
>  config ALLWINNER_A10_PIC
>  bool
> diff --git a/hw/intc/meson.build b/hw/intc/meson.build
> index 68da782ad2c5..b6c9218908e3 100644
> --- a/hw/intc/meson.build
> +++ b/hw/intc/meson.build
> @@ -39,7 +39,8 @@ specific_ss.add(when: 'CONFIG_LOONGSON_LIOINTC', if_true: 
> files('loongson_lioint
>  specific_ss.add(when: 'CONFIG_MIPS_CPS', if_true: files('mips_gic.c'))
>  specific_ss.add(when: 'CONFIG_OMAP', if_true: files('omap_intc.c'))
>  specific_ss.add(when: 'CONFIG_OMPIC', if_true: files('ompic.c'))
> -specific_ss.add(when: 'CONFIG_OPENPIC_KVM', if_true: files('openpic_kvm.c'))
> +specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_OPENPIC'],
> + if_true: files('openpic_kvm.c'))
>  specific_ss.add(when: 'CONFIG_POWERNV', if_true: files('xics_pnv.c', 
> 'pnv_xive.c'))
>  specific_ss.add(when: 'CONFIG_PPC_UIC', if_true: files('ppc-uic.c'))
>  specific_ss.add(when: 'CONFIG_RASPI', if_true: files('bcm2835_ic.c', 
> 'bcm2836_control.c'))
> @@ -50,8 +51,10 @@ specific_ss.add(when: 'CONFIG_SH4', if_true: 
> files('sh_intc.c'))
>  specific_ss.add(when: 'CONFIG_SIFIVE_CLINT', if_true: 
> files('sifive_clint.c'))
>  specific_ss.add(when: 'CONFIG_SIFIVE_PLIC', if_true: files('sifive_plic.c'))
>  specific_ss.add(when: 'CONFIG_XICS', if_true: files('xics.c'))
> -specific_ss.add(when: 'CONFIG_XICS_KVM', if_true: files('xics_kvm.c'))
> +specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_XICS'],
> + if_true: files('xics_kvm.c'))
>  specific_ss.add(when: 'CONFIG_XICS_SPAPR', if_true: files('xics_spapr.c'))
>  specific_ss.add(when: 'CONFIG_XIVE', if_true: files('xive.c'))
> -specific_ss.add(when: 'CONFIG_XIVE_KVM', if_true: files('spapr_xive_kvm.c'))
> +specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_XIVE'],
> + if_true: files('spapr_xive_kvm.c'))
>  specific_ss.add(when: 'CONFIG_XIVE_SPAPR', if_true: files('spapr_xive.c'))
> diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
> index 982d55f5875c..064bd6edd83d 100644
> --- a/hw/ppc/Kconfig
> +++ b/hw/ppc/Kconfig
> @@ -129,21 +129,6 @@ config VIRTEX
>  select XILINX_ETHLITE
>  select FDT_PPC
>  
> -config XIVE
> -bool
> -depends on POWERNV || PSERIES
> -
> -config XIVE_SPAPR
> -bool
> -default y
> -depends on PSERIES
> -select XIVE
> -
> -config XIVE_KVM
> -bool
> -default y
> -depends

Re: Problems with irq mapping in qemu v5.2

[Philippe Mathieu-Daudé]

On Thu, Dec 24, 2020 at 9:11 AM BALATON Zoltan  wrote:
> On Wed, 23 Dec 2020, Guenter Roeck wrote:
> > On Thu, Dec 24, 2020 at 02:34:07AM +0100, BALATON Zoltan wrote:
> > [ ... ]
> >>
> >> If we need legacy mode then we may be able to emulate that by setting BARs
> >> to legacy ports ignoring what values are written to them if legacy mode
> >> config is set (which may be what the real chip does) and we already have
> >> IRQs hard wired to legacy values so that would give us legacy and
> >> half-native mode which is enough for both fuloong2e and pegasos2 but I'm 
> >> not
> >> sure how can we fix BARs in QEMU because that's also handled by generic PCI
> >> code which I also don't want to break.
> >
> > The code below works for booting Linux while at the same time not affecting
> > any other emulation. I don't claim it to be a perfect fix, and overloading
> > the existing property is a bit hackish, but it does work.
[...]
> I think we don't need more complete
> emulation of this chip than this for now but if somebody wants to attempt
> that I don't mind as long as it does not break pegasos2.

Fine by me as long as pegasos2 doesn't break other OSes :)

Can we have integration tests of pegasos2 so we can modify the device models
without introducing regressions?
If it is not open-source, you could still contribute tests with hash
of tested binary
and provide the binary file to test on demand off-list.

Regards,

Phil.

Re: [PATCH v2 2/2] pnv: Fix reverse dependency on PCI express root ports

[Cédric Le Goater]

On 12/23/20 8:26 PM, Greg Kurz wrote:
> qemu-system-ppc64 built with --without-default-devices crashes:
> 
> Type 'pnv-phb4-root-port' is missing its parent 'pcie-root-port-base'
> Aborted (core dumped)
> 
> Have POWERNV to select PCIE_PORT. This is done through a
> new PCI_POWERNV config in hw/pci-host/Kconfig since POWERNV
> doesn't have a direct dependency on PCI. For this reason,
> PCI_EXPRESS and MSI_NONBROKEN are also moved under
> PCI_POWERNV.
> 
> Signed-off-by: Greg Kurz 

Reviewed-by: Cédric Le Goater 

Thanks,

C. 

> ---
>  hw/pci-host/Kconfig |5 +
>  hw/pci-host/meson.build |2 +-
>  hw/ppc/Kconfig  |3 +--
>  3 files changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/pci-host/Kconfig b/hw/pci-host/Kconfig
> index 036a61877a73..eb03f0489d08 100644
> --- a/hw/pci-host/Kconfig
> +++ b/hw/pci-host/Kconfig
> @@ -60,3 +60,8 @@ config PCI_BONITO
>  select PCI
>  select UNIMP
>  bool
> +
> +config PCI_POWERNV
> +select PCI_EXPRESS
> +select MSI_NONBROKEN
> +select PCIE_PORT
> diff --git a/hw/pci-host/meson.build b/hw/pci-host/meson.build
> index e6d1b896848c..da9d1a9964a8 100644
> --- a/hw/pci-host/meson.build
> +++ b/hw/pci-host/meson.build
> @@ -23,7 +23,7 @@ pci_ss.add(when: 'CONFIG_VERSATILE_PCI', if_true: 
> files('versatile.c'))
>  
>  softmmu_ss.add_all(when: 'CONFIG_PCI', if_true: pci_ss)
>  
> -specific_ss.add(when: 'CONFIG_POWERNV', if_true: files(
> +specific_ss.add(when: 'CONFIG_PCI_POWERNV', if_true: files(
>'pnv_phb3.c',
>'pnv_phb3_msi.c',
>'pnv_phb3_pbcq.c',
> diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
> index 064bd6edd83d..501b9868568e 100644
> --- a/hw/ppc/Kconfig
> +++ b/hw/ppc/Kconfig
> @@ -29,8 +29,7 @@ config POWERNV
>  select XICS
>  select XIVE
>  select FDT_PPC
> -select PCI_EXPRESS
> -select MSI_NONBROKEN
> +select PCI_POWERNV
>  
>  config PPC405
>  bool
> 
> 

Re: [PATCH v2 1/2] ppc: Fix build with --without-default-devices

[Cédric Le Goater]

On 12/24/20 11:29 AM, Paolo Bonzini wrote:
> On 24/12/20 09:26, Cédric Le Goater wrote:
>> In hw/ppc/Kconfig :
>>
>>    config POWERNV
>>    ...
>>    select XICS
>>    select XIVE
>>
>>    config PSERIES
>>    ...
>>    select XICS_SPAPR
>>    select XIVE_SPAPR
>>
>> and in hw/intc/meson.build :
>>
>>    specific_ss.add(when: 'CONFIG_POWERNV', if_true: files('xics_pnv.c', 
>> 'pnv_xive.c'))
>>    ...
>>    specific_ss.add(when: 'CONFIG_XICS_SPAPR', if_true: files('xics_spapr.c'))
>>    specific_ss.add(when: 'CONFIG_XIVE_SPAPR', if_true: files('spapr_xive.c'))
>>    ...
>>
>>
>> Couldn't we simply select XICS and XIVE in the PSERIES machine and
>> compile 'xics_spapr.c' and 'spapr_xive.c'  when CONFIG_PSERIES is
>> defined ? This to be in sync with the POWERNV machine.
>> or introduce 'CONFIG_XICS_PNV 'CONFIG_XIVE_PNV' ?
> 
> I think just using CONFIG_PSERIES is the simplest.  But it's just a cleanup, 
> not a bugfix.


yes. No big deal and it can come later.

Reviewed-by: Cédric Le Goater 

Cheers,

C. 

Re: [PATCH v2 1/2] ppc: Fix build with --without-default-devices

[Paolo Bonzini]

On 24/12/20 09:26, Cédric Le Goater wrote:

In hw/ppc/Kconfig :

   config POWERNV
   ...
   select XICS
   select XIVE

   config PSERIES
   ...
   select XICS_SPAPR
   select XIVE_SPAPR

and in hw/intc/meson.build :

   specific_ss.add(when: 'CONFIG_POWERNV', if_true: files('xics_pnv.c', 
'pnv_xive.c'))
   ...
   specific_ss.add(when: 'CONFIG_XICS_SPAPR', if_true: files('xics_spapr.c'))
   specific_ss.add(when: 'CONFIG_XIVE_SPAPR', if_true: files('spapr_xive.c'))
   ...


Couldn't we simply select XICS and XIVE in the PSERIES machine and
compile 'xics_spapr.c' and 'spapr_xive.c'  when CONFIG_PSERIES is
defined ? This to be in sync with the POWERNV machine.
or introduce 'CONFIG_XICS_PNV 'CONFIG_XIVE_PNV' ?


I think just using CONFIG_PSERIES is the simplest.  But it's just a 
cleanup, not a bugfix.


Paolo

Re: [PATCH v2 2/2] pnv: Fix reverse dependency on PCI express root ports

[Paolo Bonzini]

On 23/12/20 20:26, Greg Kurz wrote:

This is done through a
new PCI_POWERNV config in hw/pci-host/Kconfig


Yes, this is cleaner. Thanks!

Paolo

Re: [PATCH v3 6/7] qapi: Use QAPI_LIST_APPEND in trivial cases

[Vladimir Sementsov-Ogievskiy]

24.12.2020 01:11, Eric Blake wrote:

The easiest spots to use QAPI_LIST_APPEND are where we already have an
obvious pointer to the tail of a list.  While at it, consistently use
the variable name 'tail' for that purpose.

Signed-off-by: Eric Blake 
---


[..]


--- a/monitor/qmp-cmds-control.c
+++ b/monitor/qmp-cmds-control.c
@@ -104,17 +104,16 @@ VersionInfo *qmp_query_version(Error **errp)

  static void query_commands_cb(const QmpCommand *cmd, void *opaque)
  {
-CommandInfoList *info, **list = opaque;
+CommandInfo *info;
+CommandInfoList **tail = opaque;

  if (!cmd->enabled) {
  return;
  }

  info = g_malloc0(sizeof(*info));
-info->value = g_malloc0(sizeof(*info->value));
-info->value->name = g_strdup(cmd->name);
-info->next = *list;
-*list = info;
+info->name = g_strdup(cmd->name);
+QAPI_LIST_APPEND(tail, info);


Original logic is prepend in this hunk.

Without this hunk:
Reviewed-by: Vladimir Sementsov-Ogievskiy 


  }

  CommandInfoList *qmp_query_commands(Error **errp)


[..]


--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4817,20 +4817,17 @@ static void x86_cpu_filter_features(X86CPU *cpu, bool 
verbose);

  /* Build a list with the name of all features on a feature word array */
  static void x86_cpu_list_feature_names(FeatureWordArray features,
-   strList **feat_names)
+   strList **tail)
  {
  FeatureWord w;
-strList **next = feat_names;

  for (w = 0; w < FEATURE_WORDS; w++) {
  uint64_t filtered = features[w];
  int i;
  for (i = 0; i < 64; i++) {
  if (filtered & (1ULL << i)) {
-strList *new = g_new0(strList, 1);
-new->value = g_strdup(x86_cpu_feature_name(w, i));
-*next = new;
-next = &new->next;
+QAPI_LIST_APPEND(tail,
+ g_strdup(x86_cpu_feature_name(w, i)));


actually, fit in one line...


  }
  }
  }


[..]

--
Best regards,
Vladimir

Deprecation of the LM32 target

[John Paul Adrian Glaubitz]

Hello!

I was just browsing through the QEMU Christmas Calendar [1] and noticed
the announcement for the deprecation of the LM32 target.

I'm not sure what the motivation of the deprecation is, but isn't one of
the big selling points of QEMU to support deprecated targets?

If QEMU eventually ends up supporting commercially available targets only
and kicking out everything that is obsolete, I'm not sure what the point
of QEMU would be in the first place as products like VMWare and VirtualBox
already provide virtualization functionality.

Please don't deprecate targets just because they're old.

Thanks,
Adrian

> [1] https://www.qemu-advent-calendar.org/2020/

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

[PATCH v3] gitlab-ci.yml: Add openSUSE Leap 15.2 for gitlab CI/CD

[Cho, Yu-Chen]

Add build-system-opensuse jobs and opensuse-leap.docker dockerfile.
Use openSUSE Leap 15.2 container image in the gitlab-CI.

Signed-off-by: Cho, Yu-Chen 
---
v3:
Drop the "acceptance-system-opensuse" job part of the
patch for now to get at least the basic compile-coverage

v2:
Drop some package from dockerfile to make docker image more light.

v1:
Add build-system-opensuse jobs and opensuse-leap.docker dockerfile.
Use openSUSE Leap 15.2 container image in the gitlab-CI.
---
 .gitlab-ci.d/containers.yml   |  5 ++
 .gitlab-ci.yml| 20 +++
 tests/docker/dockerfiles/opensuse-leap.docker | 54 +++
 3 files changed, 79 insertions(+)
 create mode 100644 tests/docker/dockerfiles/opensuse-leap.docker

diff --git a/.gitlab-ci.d/containers.yml b/.gitlab-ci.d/containers.yml
index 892ca8d838..910754a699 100644
--- a/.gitlab-ci.d/containers.yml
+++ b/.gitlab-ci.d/containers.yml
@@ -246,3 +246,8 @@ amd64-ubuntu-container:
   <<: *container_job_definition
   variables:
 NAME: ubuntu
+
+amd64-opensuse-leap-container:
+  <<: *container_job_definition
+  variables:
+NAME: opensuse-leap
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 98bff03b47..a1df981c9a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -195,6 +195,26 @@ acceptance-system-centos:
 MAKE_CHECK_ARGS: check-acceptance
   <<: *acceptance_definition
 
+build-system-opensuse:
+  <<: *native_build_job_definition
+  variables:
+IMAGE: opensuse-leap
+TARGETS: s390x-softmmu x86_64-softmmu aarch64-softmmu
+MAKE_CHECK_ARGS: check-build
+  artifacts:
+expire_in: 2 days
+paths:
+  - build
+
+check-system-opensuse:
+  <<: *native_test_job_definition
+  needs:
+- job: build-system-opensuse
+  artifacts: true
+  variables:
+IMAGE: opensuse-leap
+MAKE_CHECK_ARGS: check
+
 build-disabled:
   <<: *native_build_job_definition
   variables:
diff --git a/tests/docker/dockerfiles/opensuse-leap.docker 
b/tests/docker/dockerfiles/opensuse-leap.docker
new file mode 100644
index 00..8b0d915bff
--- /dev/null
+++ b/tests/docker/dockerfiles/opensuse-leap.docker
@@ -0,0 +1,54 @@
+FROM opensuse/leap:15.2
+
+# Please keep this list sorted alphabetically
+ENV PACKAGES \
+bc \
+brlapi-devel \
+bzip2 \
+cyrus-sasl-devel \
+gcc \
+gcc-c++ \
+mkisofs \
+gettext-runtime \
+git \
+glib2-devel \
+glusterfs-devel \
+libgnutls-devel \
+gtk3-devel \
+libaio-devel \
+libattr-devel \
+libcap-ng-devel \
+libepoxy-devel \
+libfdt-devel \
+libiscsi-devel \
+libjpeg8-devel \
+libpmem-devel \
+libpng16-devel \
+librbd-devel \
+libseccomp-devel \
+libssh-devel \
+lzo-devel \
+make \
+libSDL2_image-devel \
+ncurses-devel \
+ninja \
+libnuma-devel \
+perl \
+libpixman-1-0-devel \
+python3-base \
+python3-virtualenv \
+rdma-core-devel \
+libSDL2-devel \
+snappy-devel \
+libspice-server-devel \
+systemd-devel \
+systemtap-sdt-devel \
+usbredir-devel \
+virglrenderer-devel \
+xen-devel \
+vte-devel \
+zlib-devel
+ENV QEMU_CONFIGURE_OPTS --python=/usr/bin/python3.8
+
+RUN zypper update -y && zypper --non-interactive install -y $PACKAGES
+RUN rpm -q $PACKAGES | sort > /packages.txt
-- 
2.29.2

Re: [PATCH v2] gitlab-ci.yml: Add openSUSE Leap 15.2 for gitlab CI/CD

[Cho Yu-Chen]

Hi Thomas,

Sorry for late reply,

Thomas Huth  於 2020年12月18日 週五 下午7:14寫道：
>
> On 11/12/2020 14.09, Thomas Huth wrote:
> > On 10/12/2020 10.32, AL Yu-Chen Cho wrote:
> >> Hi Thomas,
> >>
> >> I try to reproduce this failed in my repo, but it seems works fine.
> >> Would you please give it a try again? I think you maybe just hit a bad
> >> point in time...
> >
> > I just re-tried, but it still fails for me:
> >
> >  https://gitlab.com/huth/qemu/-/jobs/905376471
> >
> > Did you also rebase your branch to the latest master version?
>
> I just gave it yet another try to really rule out that it was not a
> temporary problem, but the "acceptance" job still fails for me:
>
> https://gitlab.com/huth/qemu/-/jobs/920543768
>
> Would it make sense to drop the "acceptance-system-opensuse" job part of the
> patch for now to get at least the basic compile-coverage in?
>

Yes,  I tried to fix the "acceptance-system-opensuse" error but still
got weird error in:
VENV /builds/huth/qemu/build/tests/venv
57Error: Command '['/builds/huth/qemu/build/tests/venv/bin/python3',
'-Im', 'ensurepip', '--upgrade', '--default-pip']' returned non-zero
exit status 1.

So I will submit the v3 to drop it for now, thanks a lot.

Cheers,
AL


>  Thomas
>
>

Re: [RFC v7 12/26] vfio: Set up nested stage mappings

[Zenghui Yu]

Hi Eric,

On 2020/11/17 2:13, Eric Auger wrote:

In nested mode, legacy vfio_iommu_map_notify cannot be used as
there is no "caching" mode and we do not trap on map.

On Intel, vfio_iommu_map_notify was used to DMA map the RAM
through the host single stage.

With nested mode, we need to setup the stage 2 and the stage 1
separately. This patch introduces a prereg_listener to setup
the stage 2 mapping.

The stage 1 mapping, owned by the guest, is passed to the host
when the guest invalidates the stage 1 configuration, through
a dedicated PCIPASIDOps callback. Guest IOTLB invalidations
are cascaded downto the host through another IOMMU MR UNMAP
notifier.

Signed-off-by: Eric Auger 

---

v6 -> v7:
- remove PASID based invalidation

v5 -> v6:
- add error_report_err()
- remove the abort in case of nested stage case

v4 -> v5:
- use VFIO_IOMMU_SET_PASID_TABLE
- use PCIPASIDOps for config notification

v3 -> v4:
- use iommu_inv_pasid_info for ASID invalidation

v2 -> v3:
- use VFIO_IOMMU_ATTACH_PASID_TABLE
- new user API
- handle leaf

v1 -> v2:
- adapt to uapi changes
- pass the asid
- pass IOMMU_NOTIFIER_S1_CFG when initializing the config notifier
---
  hw/vfio/common.c | 111 +--
  hw/vfio/pci.c|  21 
  hw/vfio/trace-events |   2 +
  3 files changed, 129 insertions(+), 5 deletions(-)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index a9e3c77863..6b3bba7ff9 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -597,6 +597,45 @@ static bool vfio_get_xlat_addr(IOMMUTLBEntry *iotlb, void 
**vaddr,
  return true;
  }
  
+/* Propagate a guest IOTLB invalidation to the host (nested mode) */

+static void vfio_iommu_unmap_notify(IOMMUNotifier *n, IOMMUTLBEntry *iotlb)
+{
+VFIOGuestIOMMU *giommu = container_of(n, VFIOGuestIOMMU, n);
+hwaddr start = iotlb->iova + giommu->iommu_offset;
+VFIOContainer *container = giommu->container;
+struct vfio_iommu_type1_cache_invalidate ustruct = {};
+struct iommu_inv_addr_info *addr_info = &ustruct.info.granu.addr_info;
+size_t size = iotlb->addr_mask + 1;
+int ret;
+
+assert(iotlb->perm == IOMMU_NONE);
+
+ustruct.argsz = sizeof(ustruct);
+ustruct.flags = 0;
+ustruct.info.argsz = sizeof(struct iommu_cache_invalidate_info);
+ustruct.info.version = IOMMU_CACHE_INVALIDATE_INFO_VERSION_1;
+
+ustruct.info.cache = IOMMU_CACHE_INV_TYPE_IOTLB;
+ustruct.info.granularity = IOMMU_INV_GRANU_ADDR;


It seems that all guest IOTLB invalidation will be propagated to host
using the ADDR granularity. I'm afraid that TLBI_{NS}NH_ALL command
emulating will be a time consuming process...


+addr_info->flags = IOMMU_INV_ADDR_FLAGS_ARCHID;
+if (iotlb->leaf) {
+addr_info->flags |= IOMMU_INV_ADDR_FLAGS_LEAF;
+}
+addr_info->archid = iotlb->arch_id;


...and looks like both @arch_id and @leaf are not properly set in that
case. The same for TLBI_NH_ASID command.

(Or maybe I've missed something in the vsmmu code?)


Thanks,
Zenghui


+addr_info->addr = start;
+addr_info->granule_size = size;
+addr_info->nb_granules = 1;
+trace_vfio_iommu_addr_inv_iotlb(iotlb->arch_id, start, size, 1,
+iotlb->leaf);
+
+ret = ioctl(container->fd, VFIO_IOMMU_CACHE_INVALIDATE, &ustruct);
+if (ret) {
+error_report("%p: failed to invalidate CACHE for 0x%"PRIx64
+ " mask=0x%"PRIx64" (%d)",
+ container, start, iotlb->addr_mask, ret);
+}
+}

Re: [PATCH v3 3/8] hw/pci-host/bonito: Fixup IRQ mapping

[BALATON Zoltan via]

On Thu, 24 Dec 2020, BALATON Zoltan via wrote:

On Thu, 24 Dec 2020, Jiaxun Yang wrote:

Accroading to arch/mips/pci/fixup-fuloong2e.c in kernel,


Typo: According

How come, you say you can boot to Debian installer but don't need any IDE 
changes when the kernel you submitted as test was shown not working with 
current IDE emulation? Which installer do you use and what kernel does that 
have? (The references to the installer and PMON are now missing in your cover 
letter.)


Got the reference from v2 cover letter and it's a netboot kernel with an 
initrd so maybe you did boot into that but did not yet test with CD image 
or HDD so did not get to the IDE problem yet.


Regards,
BALATON Zoltan


despites south bridge IRQs needs special care, all other
IRQ pins are mapped by 'LOONGSON_IRQ_BASE + 25 + pin'.

As south bridge IRQs are all handled by ISA bus, we can
make a simple direct mapping.

Signed-off-by: Jiaxun Yang 
---
v3: Define BONITO_PCI_IRQ_BASE for readability (f4bug)
---
hw/pci-host/bonito.c | 30 +++---
1 file changed, 7 insertions(+), 23 deletions(-)

diff --git a/hw/pci-host/bonito.c b/hw/pci-host/bonito.c
index a99eced065..3fad470fc6 100644
--- a/hw/pci-host/bonito.c
+++ b/hw/pci-host/bonito.c
@@ -62,6 +62,9 @@
#define DPRINTF(fmt, ...)
#endif

+/* PCI slots IRQ pins start position */
+#define BONITO_PCI_IRQ_BASE 25
+
/* from linux soure code. include/asm-mips/mips-boards/bonito64.h*/
#define BONITO_BOOT_BASE0x1fc0
#define BONITO_BOOT_SIZE0x0010
@@ -546,19 +549,16 @@ static const MemoryRegionOps bonito_spciconf_ops = {
.endianness = DEVICE_NATIVE_ENDIAN,
};

-#define BONITO_IRQ_BASE 32
-
static void pci_bonito_set_irq(void *opaque, int irq_num, int level)
{
BonitoState *s = opaque;
qemu_irq *pic = s->pic;
PCIBonitoState *bonito_state = s->pci_dev;
-int internal_irq = irq_num - BONITO_IRQ_BASE;

-if (bonito_state->regs[BONITO_INTEDGE] & (1 << internal_irq)) {
+if (bonito_state->regs[BONITO_INTEDGE] & (1 << irq_num)) {
qemu_irq_pulse(*pic);
} else {   /* level triggered */
-if (bonito_state->regs[BONITO_INTPOL] & (1 << internal_irq)) {
+if (bonito_state->regs[BONITO_INTPOL] & (1 << irq_num)) {
qemu_irq_raise(*pic);
} else {
qemu_irq_lower(*pic);
@@ -566,25 +566,9 @@ static void pci_bonito_set_irq(void *opaque, int 
irq_num, int level)

}
}

-/* map the original irq (0~3) to bonito irq (16~47, but 16~31 are unused) 
*/

-static int pci_bonito_map_irq(PCIDevice *pci_dev, int irq_num)
+static int pci_bonito_map_irq(PCIDevice *pci_dev, int pin)
{
-int slot;
-
-slot = (pci_dev->devfn >> 3);
-
-switch (slot) {
-case 5:   /* FULOONG2E_VIA_SLOT, SouthBridge, IDE, USB, ACPI, AC97, 
MC97 */

-return irq_num % 4 + BONITO_IRQ_BASE;
-case 6:   /* FULOONG2E_ATI_SLOT, VGA */
-return 4 + BONITO_IRQ_BASE;
-case 7:   /* FULOONG2E_RTL_SLOT, RTL8139 */
-return 5 + BONITO_IRQ_BASE;
-case 8 ... 12: /* PCI slot 1 to 4 */
-return (slot - 8 + irq_num) + 6 + BONITO_IRQ_BASE;
-default:  /* Unknown device, don't do any translation */
-return irq_num;
-}
+return BONITO_PCI_IRQ_BASE + pin;
}

static void bonito_reset(void *opaque)

Re: [PATCH v3 3/8] hw/pci-host/bonito: Fixup IRQ mapping

[BALATON Zoltan via]

On Thu, 24 Dec 2020, Jiaxun Yang wrote:

Accroading to arch/mips/pci/fixup-fuloong2e.c in kernel,


Typo: According

How come, you say you can boot to Debian installer but don't need any IDE 
changes when the kernel you submitted as test was shown not working with 
current IDE emulation? Which installer do you use and what kernel does 
that have? (The references to the installer and PMON are now missing in 
your cover letter.)


Regards,
BALATON Zoltan


despites south bridge IRQs needs special care, all other
IRQ pins are mapped by 'LOONGSON_IRQ_BASE + 25 + pin'.

As south bridge IRQs are all handled by ISA bus, we can
make a simple direct mapping.

Signed-off-by: Jiaxun Yang 
---
v3: Define BONITO_PCI_IRQ_BASE for readability (f4bug)
---
hw/pci-host/bonito.c | 30 +++---
1 file changed, 7 insertions(+), 23 deletions(-)

diff --git a/hw/pci-host/bonito.c b/hw/pci-host/bonito.c
index a99eced065..3fad470fc6 100644
--- a/hw/pci-host/bonito.c
+++ b/hw/pci-host/bonito.c
@@ -62,6 +62,9 @@
#define DPRINTF(fmt, ...)
#endif

+/* PCI slots IRQ pins start position */
+#define BONITO_PCI_IRQ_BASE 25
+
/* from linux soure code. include/asm-mips/mips-boards/bonito64.h*/
#define BONITO_BOOT_BASE0x1fc0
#define BONITO_BOOT_SIZE0x0010
@@ -546,19 +549,16 @@ static const MemoryRegionOps bonito_spciconf_ops = {
.endianness = DEVICE_NATIVE_ENDIAN,
};

-#define BONITO_IRQ_BASE 32
-
static void pci_bonito_set_irq(void *opaque, int irq_num, int level)
{
BonitoState *s = opaque;
qemu_irq *pic = s->pic;
PCIBonitoState *bonito_state = s->pci_dev;
-int internal_irq = irq_num - BONITO_IRQ_BASE;

-if (bonito_state->regs[BONITO_INTEDGE] & (1 << internal_irq)) {
+if (bonito_state->regs[BONITO_INTEDGE] & (1 << irq_num)) {
qemu_irq_pulse(*pic);
} else {   /* level triggered */
-if (bonito_state->regs[BONITO_INTPOL] & (1 << internal_irq)) {
+if (bonito_state->regs[BONITO_INTPOL] & (1 << irq_num)) {
qemu_irq_raise(*pic);
} else {
qemu_irq_lower(*pic);
@@ -566,25 +566,9 @@ static void pci_bonito_set_irq(void *opaque, int irq_num, 
int level)
}
}

-/* map the original irq (0~3) to bonito irq (16~47, but 16~31 are unused) */
-static int pci_bonito_map_irq(PCIDevice *pci_dev, int irq_num)
+static int pci_bonito_map_irq(PCIDevice *pci_dev, int pin)
{
-int slot;
-
-slot = (pci_dev->devfn >> 3);
-
-switch (slot) {
-case 5:   /* FULOONG2E_VIA_SLOT, SouthBridge, IDE, USB, ACPI, AC97, MC97 */
-return irq_num % 4 + BONITO_IRQ_BASE;
-case 6:   /* FULOONG2E_ATI_SLOT, VGA */
-return 4 + BONITO_IRQ_BASE;
-case 7:   /* FULOONG2E_RTL_SLOT, RTL8139 */
-return 5 + BONITO_IRQ_BASE;
-case 8 ... 12: /* PCI slot 1 to 4 */
-return (slot - 8 + irq_num) + 6 + BONITO_IRQ_BASE;
-default:  /* Unknown device, don't do any translation */
-return irq_num;
-}
+return BONITO_PCI_IRQ_BASE + pin;
}

static void bonito_reset(void *opaque)

Re: [PATCH v2 1/2] ppc: Fix build with --without-default-devices

[Cédric Le Goater]

On 12/23/20 8:26 PM, Greg Kurz wrote:
> Linking of the qemu-system-ppc64 fails on a POWER9 host when
> --without-default-devices is passed to configure:
> 
> $ ./configure --without-default-devices \
>   --target-list=ppc64-softmmu && make
> 
> ...
> 
> libqemu-ppc64-softmmu.fa.p/hw_ppc_e500.c.o: In function 
> `ppce500_init_mpic_kvm':
> /home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/e500.c:777: undefined reference 
> to `kvm_openpic_connect_vcpu'
> libqemu-ppc64-softmmu.fa.p/hw_ppc_spapr_irq.c.o: In function 
> `spapr_irq_check':
> /home/greg/Work/qemu/qemu-ppc/build/../hw/ppc/spapr_irq.c:189: undefined 
> reference to `xics_kvm_has_broken_disconnect'
> libqemu-ppc64-softmmu.fa.p/hw_intc_spapr_xive.c.o: In function 
> `spapr_xive_post_load':
> /home/greg/Work/qemu/qemu-ppc/build/../hw/intc/spapr_xive.c:530: undefined 
> reference to `kvmppc_xive_post_load'
> 
> ... and tons of other symbols belonging to the KVM backend of the
> openpic, XICS and XIVE interrupt controllers.
> 
> It turns out that OPENPIC_KVM, XICS_KVM and XIVE_KVM are marked
> to depend on KVM but this has no effect when minikconf runs in
> allnoconfig mode. Such reverse dependencies should rather be
> handled with a 'select' statement, eg.
> 
> config OPENPIC
> select OPENPIC_KVM if KVM
> 
> or even better by getting rid of the intermediate _KVM config
> and directly checking CONFIG_KVM in the meson.build file:
> 
> specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_OPENPIC'],
>   if_true: files('openpic_kvm.c'))
> 
> Go for the latter with OPENPIC, XICS and XIVE. While here also move
> XIVE_SPAPR to hw/intc/Kconfig where it belongs.
> 
> This went unnoticed so far because CI doesn't test the build with
> --without-default-devices and KVM enabled on a POWER host.
> 
> Signed-off-by: Greg Kurz 
> ---
> v2: - check CONFIG_KVM in the meson.build as suggested by Paolo
> ---
>  hw/intc/Kconfig |   14 +-
>  hw/intc/meson.build |9 ++---
>  hw/ppc/Kconfig  |   15 ---
>  3 files changed, 11 insertions(+), 27 deletions(-)
> 
> diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig
> index 468d548ca771..ee60d4bf7857 100644
> --- a/hw/intc/Kconfig
> +++ b/hw/intc/Kconfig
> @@ -30,23 +30,19 @@ config ARM_GIC_KVM
>  default y
>  depends on ARM_GIC && KVM
>  
> -config OPENPIC_KVM
> -bool
> -default y
> -depends on OPENPIC && KVM
> -
>  config XICS
>  bool
> -depends on POWERNV || PSERIES
>  
>  config XICS_SPAPR
>  bool
>  select XICS
>  
> -config XICS_KVM
> +config XIVE
>  bool
> -default y
> -depends on XICS && KVM
> +
> +config XIVE_SPAPR
> +bool
> +select XIVE
>  
>  config ALLWINNER_A10_PIC
>  bool
> diff --git a/hw/intc/meson.build b/hw/intc/meson.build
> index 68da782ad2c5..b6c9218908e3 100644
> --- a/hw/intc/meson.build
> +++ b/hw/intc/meson.build
> @@ -39,7 +39,8 @@ specific_ss.add(when: 'CONFIG_LOONGSON_LIOINTC', if_true: 
> files('loongson_lioint
>  specific_ss.add(when: 'CONFIG_MIPS_CPS', if_true: files('mips_gic.c'))
>  specific_ss.add(when: 'CONFIG_OMAP', if_true: files('omap_intc.c'))
>  specific_ss.add(when: 'CONFIG_OMPIC', if_true: files('ompic.c'))
> -specific_ss.add(when: 'CONFIG_OPENPIC_KVM', if_true: files('openpic_kvm.c'))
> +specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_OPENPIC'],
> + if_true: files('openpic_kvm.c'))
>  specific_ss.add(when: 'CONFIG_POWERNV', if_true: files('xics_pnv.c', 
> 'pnv_xive.c'))
>  specific_ss.add(when: 'CONFIG_PPC_UIC', if_true: files('ppc-uic.c'))
>  specific_ss.add(when: 'CONFIG_RASPI', if_true: files('bcm2835_ic.c', 
> 'bcm2836_control.c'))
> @@ -50,8 +51,10 @@ specific_ss.add(when: 'CONFIG_SH4', if_true: 
> files('sh_intc.c'))
>  specific_ss.add(when: 'CONFIG_SIFIVE_CLINT', if_true: 
> files('sifive_clint.c'))
>  specific_ss.add(when: 'CONFIG_SIFIVE_PLIC', if_true: files('sifive_plic.c'))
>  specific_ss.add(when: 'CONFIG_XICS', if_true: files('xics.c'))
> -specific_ss.add(when: 'CONFIG_XICS_KVM', if_true: files('xics_kvm.c'))
> +specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_XICS'],
> + if_true: files('xics_kvm.c'))
>  specific_ss.add(when: 'CONFIG_XICS_SPAPR', if_true: files('xics_spapr.c'))
>  specific_ss.add(when: 'CONFIG_XIVE', if_true: files('xive.c'))
> -specific_ss.add(when: 'CONFIG_XIVE_KVM', if_true: files('spapr_xive_kvm.c'))
> +specific_ss.add(when: ['CONFIG_KVM', 'CONFIG_XIVE'],
> + if_true: files('spapr_xive_kvm.c'))
>  specific_ss.add(when: 'CONFIG_XIVE_SPAPR', if_true: files('spapr_xive.c'))
> diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
> index 982d55f5875c..064bd6edd83d 100644
> --- a/hw/ppc/Kconfig
> +++ b/hw/ppc/Kconfig
> @@ -129,21 +129,6 @@ config VIRTEX
>  select XILINX_ETHLITE
>  select FDT_PPC
>  
> -config XIVE
> -bool
> -depends on POWERNV || PSERIES
> -
> -config XIVE_SPAPR
> -bool
> -default y
> -depends on PSERIES
> -select XIVE
> -
> -config XIVE_KVM
> -bool
> -default y
> -depends

Re: [PATCH v3 5/8] hw/mips/fuloong2e: Remove unused env entry

[BALATON Zoltan via]

On Thu, 24 Dec 2020, Jiaxun Yang wrote:

modetty is not handled by kernel and the parameter
here seems unreasonable.

Signed-off-by: Jiaxun Yang 
---
v3: Bring busclock back
---
hw/mips/fuloong2e.c | 2 --
1 file changed, 2 deletions(-)

diff --git a/hw/mips/fuloong2e.c b/hw/mips/fuloong2e.c
index d846ef7b00..c4843dd15e 100644
--- a/hw/mips/fuloong2e.c
+++ b/hw/mips/fuloong2e.c
@@ -159,10 +159,8 @@ static uint64_t load_kernel(CPUMIPSState *env)
}

/* Setup minimum environment variables */
-prom_set(prom_buf, index++, "busclock=3300");


Commit message does not mention removing this as well. Was this 
unintentionally left here?


Regards,
BALATON Zoltan


prom_set(prom_buf, index++, "cpuclock=1");
prom_set(prom_buf, index++, "memsize=%"PRIi64, loaderparams.ram_size / MiB);
-prom_set(prom_buf, index++, "modetty0=38400n8r");
prom_set(prom_buf, index++, NULL);

rom_add_blob_fixed("prom", prom_buf, prom_size, ENVP_PADDR);

Re: Problems with irq mapping in qemu v5.2

[BALATON Zoltan via]

On Wed, 23 Dec 2020, Guenter Roeck wrote:

On Thu, Dec 24, 2020 at 02:34:07AM +0100, BALATON Zoltan wrote:
[ ... ]


If we need legacy mode then we may be able to emulate that by setting BARs
to legacy ports ignoring what values are written to them if legacy mode
config is set (which may be what the real chip does) and we already have
IRQs hard wired to legacy values so that would give us legacy and
half-native mode which is enough for both fuloong2e and pegasos2 but I'm not
sure how can we fix BARs in QEMU because that's also handled by generic PCI
code which I also don't want to break.


The code below works for booting Linux while at the same time not affecting
any other emulation. I don't claim it to be a perfect fix, and overloading
the existing property is a bit hackish, but it does work.


Yes, maybe combining it with my original patch 1 to change secondary to 
flags to make it a bit cleaner would work for me. Then we would either 
only emulate legacy or half-native mode which is sufficient for these two 
machines we have. If Mark or others do not object it this time, I can 
update my patch and resubmit with this one to fix this issue, otherwise 
let's wait what idea do they have because I hate to spend time with 
something only to be discarded again. I think we don't need more complete 
emulation of this chip than this for now but if somebody wants to attempt 
that I don't mind as long as it does not break pegasos2.


Regards,
BALATON Zoltan


Guenter

---
From cf2d1d655f3fe4f88dc435a3ac4e1e6b6040d08b Mon Sep 17 00:00:00 2001
From: Guenter Roeck 
Date: Wed, 23 Dec 2020 09:12:37 -0800
Subject: [PATCH] via-ide: Fix fuloong2 support

Fuloong2 needs to use legacy mode for IDE support to work with Linux.
Add property to via-ide driver to make the mode configurable, and set
legacy mode for Fuloong2.

Signed-off-by: Guenter Roeck 
---
hw/ide/via.c| 16 ++--
hw/mips/fuloong2e.c |  4 +++-
2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/hw/ide/via.c b/hw/ide/via.c
index be09912b33..9e55e717e8 100644
--- a/hw/ide/via.c
+++ b/hw/ide/via.c
@@ -26,6 +26,7 @@

#include "qemu/osdep.h"
#include "hw/pci/pci.h"
+#include "hw/qdev-properties.h"
#include "migration/vmstate.h"
#include "qemu/module.h"
#include "sysemu/dma.h"
@@ -185,12 +186,17 @@ static void via_ide_realize(PCIDevice *dev, Error **errp)
  &d->bus[1], "via-ide1-cmd", 4);
pci_register_bar(dev, 3, PCI_BASE_ADDRESS_SPACE_IO, &d->cmd_bar[1]);

-bmdma_setup_bar(d);
-pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
+if (!d->secondary) {
+bmdma_setup_bar(d);
+pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
+}

qdev_init_gpio_in(ds, via_ide_set_irq, 2);
for (i = 0; i < 2; i++) {
ide_bus_new(&d->bus[i], sizeof(d->bus[i]), ds, i, 2);
+if (d->secondary) {
+ide_init_ioport(&d->bus[i], NULL, i ? 0x170 : 0x1f0, i ? 0x376 : 
0x3f6);
+}
ide_init2(&d->bus[i], qdev_get_gpio_in(ds, i));

bmdma_init(&d->bus[i], &d->bmdma[i], d);
@@ -210,6 +216,11 @@ static void via_ide_exitfn(PCIDevice *dev)
}
}

+static Property via_ide_properties[] = {
+DEFINE_PROP_UINT32("legacy_mode", PCIIDEState, secondary, 0), /* hijacked 
*/
+DEFINE_PROP_END_OF_LIST(),
+};
+
static void via_ide_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
@@ -223,6 +234,7 @@ static void via_ide_class_init(ObjectClass *klass, void 
*data)
k->device_id = PCI_DEVICE_ID_VIA_IDE;
k->revision = 0x06;
k->class_id = PCI_CLASS_STORAGE_IDE;
+device_class_set_props(dc, via_ide_properties);
set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
}

diff --git a/hw/mips/fuloong2e.c b/hw/mips/fuloong2e.c
index 23c526c69d..d0398d6266 100644
--- a/hw/mips/fuloong2e.c
+++ b/hw/mips/fuloong2e.c
@@ -245,7 +245,9 @@ static void vt82c686b_southbridge_init(PCIBus *pci_bus, int 
slot, qemu_irq intc,
/* Super I/O */
isa_create_simple(isa_bus, TYPE_VT82C686B_SUPERIO);

-dev = pci_create_simple(pci_bus, PCI_DEVFN(slot, 1), "via-ide");
+dev = pci_new(PCI_DEVFN(slot, 1), "via-ide");
+qdev_prop_set_uint32(&dev->qdev, "legacy_mode", 1);
+pci_realize_and_unref(dev, pci_bus, &error_fatal);
pci_ide_create_devs(dev);

pci_create_simple(pci_bus, PCI_DEVFN(slot, 2), "vt82c686b-usb-uhci");