Re: [PATCH] ui/cocoa: Update path to docs in build tree

2021-01-08 Thread Roman Bolshakov 
On Sat, Jan 09, 2021 at 12:38:15AM +0300, Roman Bolshakov wrote:
> QEMU documentation can't be opened if QEMU is run from build tree
> because executables are placed in the top of build tree after conversion
> to meson.
> 
> Signed-off-by: Roman Bolshakov 
> ---
>  ui/cocoa.m | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ui/cocoa.m b/ui/cocoa.m
> index ea3b845b53..13fba8103e 100644
> --- a/ui/cocoa.m
> +++ b/ui/cocoa.m
> @@ -1176,7 +1176,7 @@ QemuCocoaView *cocoaView;
>  - (void) openDocumentation: (NSString *) filename
>  {
>  /* Where to look for local files */
> -NSString *path_array[] = {@"../share/doc/qemu/", @"../doc/qemu/", 
> @"../docs/"};
> +NSString *path_array[] = {@"../share/doc/qemu/", @"../doc/qemu/", 
> @"docs/"};
>  NSString *full_file_path;
>  NSURL *full_file_url;
>  
> -- 
> 2.29.2
> 

Forgot to add:

Reported-by: Peter Maydell 

-Roman

Re: [PATCH] hvf: guard xgetbv call.

2021-01-08 Thread Roman Bolshakov 
On Fri, Dec 18, 2020 at 06:13:47PM -0800, Hill Ma wrote:
> This prevents illegal instruction on cpus do not support xgetbv.
> 
> Buglink: https://bugs.launchpad.net/qemu/+bug/1758819
> Signed-off-by: Hill Ma 
> ---
>  target/i386/hvf/x86_cpuid.c | 11 ---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 

Hi Hill,

I'm sorry for delay with the review.

> diff --git a/target/i386/hvf/x86_cpuid.c b/target/i386/hvf/x86_cpuid.c
> index a6842912f5..b4b7111fc3 100644
> --- a/target/i386/hvf/x86_cpuid.c
> +++ b/target/i386/hvf/x86_cpuid.c
> @@ -100,11 +100,16 @@ uint32_t hvf_get_supported_cpuid(uint32_t func, 
> uint32_t idx,
>  break;
>  case 0xD:
>  if (idx == 0) {
> -uint64_t host_xcr0 = xgetbv(0);
> -uint64_t supp_xcr0 = host_xcr0 & (XSTATE_FP_MASK | 
> XSTATE_SSE_MASK |
> +uint64_t supp_xcr0 = XSTATE_FP_MASK | XSTATE_SSE_MASK |
>XSTATE_YMM_MASK | XSTATE_BNDREGS_MASK |
>XSTATE_BNDCSR_MASK | XSTATE_OPMASK_MASK |
> -  XSTATE_ZMM_Hi256_MASK | 
> XSTATE_Hi16_ZMM_MASK);
> +  XSTATE_ZMM_Hi256_MASK | 
> XSTATE_Hi16_ZMM_MASK;


> +if ((ecx & CPUID_EXT_AVX) &&
> +(ecx & CPUID_EXT_XSAVE) &&
> +(ecx & CPUID_EXT_OSXSAVE)) {

It's sufficient to check only CPUID_EXT_OSXSAVE to ensure xgetbv
presence (per SDM Vol. 1 13-5):

  Software operating with CPL > 0 may need to determine whether the
  XSAVE feature set and certain XSAVE-enabled features have been
  enabled. If CPL > 0, execution of the MOV from CR4 instruction causes
  a general-protection fault (#GP). The following alternative mechanisms
  allow software to discover the enabling of the XSAVE feature set
  regardless of CPL:

  * The value of CR4.OSXSAVE is returned in CPUID.1:ECX.OSXSAVE[bit 27].
If software determines that CPUID.1:ECX.OSXSAVE = 1, the processor
supports the XSAVE feature set and the feature set has been enabled in
CR4.

  * Executing the XGETBV instruction with ECX = 0 returns the value of
XCR0 in EDX:EAX. XGETBV can be executed if CR4.OSXSAVE = 1 (if
CPUID.1:ECX.OSXSAVE = 1), regardless of CPL.

> +uint64_t host_xcr0 = xgetbv(0);
> +supp_xcr0 &= host_xcr0;
> +}
>  eax &= supp_xcr0;

I think instead of the patch you can do:
-  if (idx == 0) {
+  if (idx == 0 && (ecx & CPUID_EXT_OSXSAVE)) {

That'd keep host values returned from CPUID on platforms that don't
support XSAVE.

Thanks,
Roman

>  } else if (idx == 1) {
>  hv_vmx_read_capability(HV_VMX_CAP_PROCBASED2, );
> -- 
> 2.20.1 (Apple Git-117)
>

Re: [PATCH v2] decodetree: Open files with encoding='utf-8'

2021-01-08 Thread Yonggang Luo 
On Fri, Jan 8, 2021 at 10:58 AM Eduardo Habkost  wrote:
>
> On Fri, Jan 08, 2021 at 07:09:52PM +0100, Philippe Mathieu-Daudé wrote:
> > When decodetree.py was added in commit 568ae7efae7, QEMU was
> > using Python 2 which happily reads UTF-8 files in text mode.
> > Python 3 requires either UTF-8 locale or an explicit encoding
> > passed to open(). Now that Python 3 is required, explicit
> > UTF-8 encoding for decodetree source files.
> >
> > To avoid further problems with the user locale, also explicit
> > UTF-8 encoding for the generated C files.
> >
> > Explicit both input/output are plain text by using the 't' mode.
>
> I believe the 't' is unnecessary.  But it's harmless and makes it
> more explicit.
>
> >
> > This fixes:
> >
> >   $ /usr/bin/python3 scripts/decodetree.py test.decode
> >   Traceback (most recent call last):
> > File "scripts/decodetree.py", line 1397, in 
> >   main()
> > File "scripts/decodetree.py", line 1308, in main
> >   parse_file(f, toppat)
> > File "scripts/decodetree.py", line 994, in parse_file
> >   for line in f:
> > File "/usr/lib/python3.6/encodings/ascii.py", line 26, in decode
> >   return codecs.ascii_decode(input, self.errors)[0]
> >   UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position
80:
> >   ordinal not in range(128)
> >
> > Reported-by: Peter Maydell 
> > Signed-off-by: Philippe Mathieu-Daudé 
>
> Reviewed-by: Eduardo Habkost 
>
> However:
>
> > ---
> > v2: utf-8 output too (Peter)
> > explicit default text mode.
> > ---
> >  scripts/decodetree.py | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/scripts/decodetree.py b/scripts/decodetree.py
> > index 47aa9caf6d1..d3857066cfc 100644
> > --- a/scripts/decodetree.py
> > +++ b/scripts/decodetree.py
> > @@ -1304,7 +1304,7 @@ def main():
> >
> >  for filename in args:
> >  input_file = filename
> > -f = open(filename, 'r')
> > +f = open(filename, 'rt', encoding='utf-8')
> >  parse_file(f, toppat)
> >  f.close()
> >
> > @@ -1324,7 +1324,7 @@ def main():
> >  prop_size(stree)
> >
> >  if output_file:
> > -output_fd = open(output_file, 'w')
> > +output_fd = open(output_file, 'wt', encoding='utf-8')

I misunderstand the cause, this is a better way

> >  else:
> >  output_fd = sys.stdout
>
> This will still use the user locale encoding for sys.stdout.  Can
> be solved with:
>
> output_fd = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')

For output to console/terminal. I suggest to use
   sys.stdout = io.TextIOWrapper(sys.stdout.buffer,
encoding=sys.stdout.encoding, errors="ignore")
When the console/terminal encoding still can not represent the char in the
decodetree, still won't
cause script failure. And that failure can not be fixed by other means.
  errors="ignore" are important, from my experince, even there is `char`
can not represent
in utf8


>
> (Based on a suggestion from Yonggang Luo)
>
> --
> Eduardo
>


--
 此致
礼
罗勇刚
Yours
sincerely,
Yonggang Luo

[Bug 1687270] Re: Can't write to 9p shared folder with qemu 2.9.0

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1687270

Title:
  Can't write to 9p shared folder with qemu 2.9.0

Status in QEMU:
  Expired

Bug description:
  When running a virtual machine with qemu 2.9.0 with this parameter for
  sharing a folder:

  -virtfs
  local,id=fsdev1,path=$HOME/git,security_model=none,mount_tag=git

  then the folder is shared to the VM but in some subfolders I can't
  delete files. The guest system then reports that the file, I want to
  delete, is "no file or folder".

  I've downgraded to 2.8.0 now, which re-enables deleting my files.

  Is this a known bug which will be fixed with a future version?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1687270/+subscriptions

[Bug 1687309] Re: Assertion !usb_packet_is_inflight(p) fails in OHCI

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1687309

Title:
  Assertion !usb_packet_is_inflight(p) fails in OHCI

Status in QEMU:
  Expired

Bug description:
  I'm trying to get a USB web camera working in Qemu & Raspbian. USB
  works and V4L shows device info correctly and capturing frames from
  the camera works sometimes, but mostly it crashes with error message:

  qemu-system-arm: hw/usb/core.c:558: usb_packet_setup: Assertion
  `!usb_packet_is_inflight(p)' failed.

  This looks similar to the previous bug which also caused a crash on
  the same kind of assertion but the culprit was XHCI:
  https://bugs.launchpad.net/qemu/+bug/1653384

  == Versions ==

  QEMU emulator version 2.9.50 (v2.9.0-303-g81b2d5c-dirty),
  configured with
  ./configure --target-list=arm-softmmu,arm-linux-user,armeb-linux-user 
--enable-libusb --enable-libssh2 --enable-debug

  libusb: 1.0.21

  Guest: 2017-04-10-raspbian-jessie-lite.img with kernel 4.4.34 for
  Raspbian on Qemu

  Host: Ubuntu 16.04.2 LTS, kernel 4.4.0-72-generic

  Command: /usr/local/bin/qemu-system-arm -kernel qemu-rpi-kernel
  /kernel-qemu-4.4.34-v4lm-jessie -cpu arm1176 -m 256 -M versatilepb
  -no-reboot -append "root=/dev/sda2 panic=1" -drive
  format=raw,file=2017-04-10-raspbian-jessie-lite.img -usb -usbdevice
  host:046d:0928 -net nic,model=virtio -net user,hostfwd=tcp::-:22

  Web camera is an old Logitech QuickCam Express Etch2 (046d:0928). It
  works otherwise without problems.

  == GDB Backtrace ==

  qemu-system-arm: hw/usb/core.c:558: usb_packet_setup: Assertion
  `!usb_packet_is_inflight(p)' failed.

  Thread 1 "qemu-system-arm" received signal SIGABRT, Aborted.
  0x7fffdea6f428 in __GI_raise (sig=sig@entry=6) at 
../sysdeps/unix/sysv/linux/raise.c:54
  54  ../sysdeps/unix/sysv/linux/raise.c: Tiedostoa tai hakemistoa ei ole.
  (gdb) bt full
  #0  0x7fffdea6f428 in __GI_raise (sig=sig@entry=6) at 
../sysdeps/unix/sysv/linux/raise.c:54
  resultvar = 0
  pid = 16526
  selftid = 16526
  #1  0x7fffdea7102a in __GI_abort () at abort.c:89
  save_stage = 2
  act = {__sigaction_handler = {sa_handler = 0x4, sa_sigaction = 0x4}, 
sa_mask = {__val = {140737488345776,
    140737488351076, 140737488345856, 48702688480, 140737352876032, 
93825001457954, 558, 93825001458576, 0, 0,
    140736929192332, 140736930289240, 140736930302896, 260615966, 
140736930289240, 93825001457954}},
    sa_flags = -135479296, sa_restorer = 0x55e20922}
  sigs = {__val = {32, 0 }}
  #2  0x7fffdea67bd7 in __assert_fail_base (fmt=,
  assertion=assertion@entry=0x55e20922 "!usb_packet_is_inflight(p)",
  file=file@entry=0x55e20686 "hw/usb/core.c", line=line@entry=558,
  function=function@entry=0x55e20b90 <__PRETTY_FUNCTION__.27044> 
"usb_packet_setup") at assert.c:92
  str = 0x573e0800 ""
  total = 4096
  #3  0x7fffdea67c82 in __GI___assert_fail (assertion=0x55e20922 
"!usb_packet_is_inflight(p)",
  file=0x55e20686 "hw/usb/core.c", line=558,
  function=0x55e20b90 <__PRETTY_FUNCTION__.27044> "usb_packet_setup") 
at assert.c:101
  No locals.
  #4  0x55b4015a in usb_packet_setup (p=0x56e81bc8, pid=105, 
ep=0x5733e180, stream=0, id=260615936,
  short_not_ok=false, int_req=false) at hw/usb/core.c:558
  __PRETTY_FUNCTION__ = "usb_packet_setup"
  #5  0x55b4f2ee in ohci_service_iso_td (ohci=0x56e814c0, 
ed=0x7fffdda0, completion=0)
  at hw/usb/hcd-ohci.c:852
  int_req = false
  dir = 2
  len = 1023
  str = 0x55e233cf "in"
  pid = 105
  ret = -8788
  i = -8912
  dev = 0x5733d070
  ep = 0x5733e180
  iso_td = {flags = 4039218540, bp = 251170816, next = 260615872, be = 
251173880, offset = {59386, 0, 6, 0, 53328,
  53376, 0, 0}}
  addr = 260615936
  starting_frame = 38252
  relative_frame_number = 0
  frame_count = 0
  start_offset = 59386
  next_offset = 0
  end_offset = 0
  start_addr = 251172858
  end_addr = 251173880
  #6  0x55b5055c in ohci_service_ed_list (ohci=0x56e814c0, 
head=260608080, completion=0)
  at hw/usb/hcd-ohci.c:1239
  ed = {flags = 67080322, tail = 260614272, head = 260615936, next = 0}
  next_ed = 0
  cur = 260608080
  active = 1
  link_cnt = 1
  #7  0x55b50857 in ohci_frame_boundary (opaque=0x56e814c0) at 
hw/usb/hcd-ohci.c:1304
  n = 12
  ohci = 0x56e814c0
  hcca = {intr = {260608080 }, frame = 38252, pad = 
0, done = 0}
  #8  0x55d12050 in

[Bug 1689003] Re: USB passthrough should not fail if SET CONFIGURATION fails

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1689003

Title:
  USB passthrough should not fail if SET CONFIGURATION fails

Status in QEMU:
  Expired

Bug description:
  QEMU's USB passthrough was not working for my new smartphone.

  While analyzing the problem, I found out that a SET CONFIGURATION
  Request was NACKed by the USB device (probably because a SET
  CONFIGURATION request was already sent from the host to the device).

  So I wrote a simple program to fake a successful call to
  libusb_set_configuration and did an LD_PRELOAD on this program before
  starting qemu, and it worked.

  Looking at QEMU's code in host-libusb.c, I can see that QEMU does not
  try to claim the interface if its call to libusb_set_configuration
  fails.

  I think QEMU should try to claim the device anyway even if
  libusb_set_configuration fails.

  I did my tests against QEMU 2.6.2, but as I can see from the source
  code, this problem should happen on all versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1689003/+subscriptions

[Bug 1687599] Re: Bind 2nd VM to same OVS vhost-user port caused 1st vm traffic broken

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1687599

Title:
  Bind 2nd VM to same OVS vhost-user port caused 1st vm traffic broken

Status in QEMU:
  Expired

Bug description:
  Binding 2nd VM to same OVS vhost-user port caused 1st vm traffic
  broken. If it illegal to share same vhost port, how about the first VM
  open the path exclusively?

  #OVS side to create the vhost-user port:
  ovs-vsctl add-br br0 -- set bridge br0 datapath_type=netdev
  ovs-vsctl add-port br0 phy0 -- set Interface phy0 type=dpdk 
options:dpdk-devargs=:0a:00.0
  ovs-vsctl add-port br0 dpdkvhostuser0 -- set Interface dpdkvhostuser0 
type=dpdkvhostuser

  #QEMU VM1
  qemu-system-x86_64 -name vm1 -cpu host -enable-kvm -m 3072 -drive 
file=/opt/ubuntu1.qcow2 -numa node,memdev=mem -mem-prealloc -smp 
sockets=1,cores=2 -object 
memory-backend-file,id=mem,size=3072m,mem-path=/dev/hugepages,share=on -chardev 
socket,id=char0,path=/usr/local/var/run/openvswitch/dpdkvhostuser0 -netdev 
type=vhost-user,id=mynet1,chardev=char0,vhostforce -device 
virtio-net-pci,mac=00:00:00:00:00:01,netdev=mynet1,mrg_rxbuf=off

  #VM2
  qemu-system-x86_64 -name vm2 -cpu host -enable-kvm -m 3072 -drive 
file=/opt/ubuntu2.qcow2 -numa node,memdev=mem -mem-prealloc -smp 
sockets=1,cores=2 -object 
memory-backend-file,id=mem,size=3072m,mem-path=/dev/hugepages,share=on -chardev 
socket,id=char0,path=/usr/local/var/run/openvswitch/dpdkvhostuser0 -netdev 
type=vhost-user,id=mynet1,chardev=char0,vhostforce -device 
virtio-net-pci,mac=00:00:00:00:00:01,netdev=mynet1,mrg_rxbuf=off

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1687599/+subscriptions

[Bug 1687578] Re: when migrate vm, reboot in guest os, the guest os sometime hang

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1687578

Title:
  when migrate vm, reboot in guest os, the guest os sometime hang

Status in QEMU:
  Expired

Bug description:
  qemu version:v2.9.0-rc5 release

  1.virsh migrate --live 165cf436-312f-47e7-90f2-f8aa63f34893 
--copy-storage-inc qemu+ssh://10.59.163.38/system
  2.run reboot in guest os, add reboot in /etc/rc.local
  3.guest os hang sometime.

  strace output of qemu:

  ppoll([{fd=9, events=POLLIN}, {fd=8, events=POLLIN}, {fd=4, events=POLLIN}, 
{fd=6, events=POLLIN}, {fd=30, events=POLLIN}, {fd=31, events=POLLIN}], 6, {0, 
0}, NULL, 8) = 0 (Timeout)
  ppoll([{fd=9, events=POLLIN}, {fd=8, events=POLLIN}, {fd=4, events=POLLIN}, 
{fd=6, events=POLLIN}, {fd=30, events=POLLIN}, {fd=31, events=POLLIN}], 6, {0, 
69800}, NULL, 8) = 0 (Timeout)
  poll([{fd=20, events=POLLOUT}], 1, 0)   = 1 ([{fd=20, 
revents=POLLOUT|POLLHUP}])
  ppoll([{fd=9, events=POLLIN}, {fd=8, events=POLLIN}, {fd=4, events=POLLIN}, 
{fd=6, events=POLLIN}, {fd=30, events=POLLIN}, {fd=31, events=POLLIN}], 6, {0, 
99900}, NULL, 8^C 

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1687578/+subscriptions

[Bug 1695169] Re: qga fail to start when pidfile path is missing

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1695169

Title:
  qga fail to start when pidfile path is missing

Status in QEMU:
  Expired

Bug description:
  The qga main program has two parameters: "--logfile" and "--pidfile"
  which specifies the paths to the logfile and pidfile. It assumes that
  the paths exit in the running OS but if not, the qga will fail to
  start.I think qga should create the missing paths.

  I found this bug exits in several Linux distributions including Ubuntu
  14, Cent-OS 6 and 7 when the original and the latest master qga
  applies. I have a patch which can fix it. Should I patch it to the
  QEMU master branch?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1695169/+subscriptions

[Bug 1706825] Re: qemu-user fails to run wineserver on ppc64el host

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1706825

Title:
  qemu-user fails to run wineserver on ppc64el host

Status in QEMU:
  Expired

Bug description:
  When attempting to run wineserver on a 64-bit ppc64el host via QEMU's
  user-mode i386 emulation, a file locking operation fails.

  Command line:
  qemu-i386-static /usr/lib/wine-development/wineserver32

  Output:
  wineserver: fcntl /tmp/.wine-0/server-17-14d21bf/lock: Invalid argument

  Relevant portion of strace:
  fcntl(6, F_SETLK64, 0x3fffe8802218) = -1 EINVAL (Invalid argument)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1706825/+subscriptions

[Bug 1702621] Re: colo: secondary vm crash during loadvm

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1702621

Title:
  colo: secondary vm crash during loadvm

Status in QEMU:
  Expired

Bug description:
  Following document 'COLO-FT.txt', I test colo feature on my hosts. It seems 
goes well. But after a while the secondary vm crash.  The stack is as follows:
  #0  0x7f191456dc37 in raise () from /lib/x86_64-linux-gnu/libc.so.6
  #1  0x7f1914571028 in abort () from /lib/x86_64-linux-gnu/libc.so.6
  #2  0x7f1914566bf6 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
  #3  0x7f1914566ca2 in __assert_fail () from 
/lib/x86_64-linux-gnu/libc.so.6
  #4  0x564154ad9147 in pcibus_reset (qbus=0x564156760d10) at 
../hw/pci/pci.c:311
  #5  0x564154a07cdb in qbus_reset_one (bus=0x564156760d10, opaque=0x0) at 
hw/core/qdev.c:319
  #6  0x564154a0d721 in qbus_walk_children (bus=0x564156760d10, 
pre_devfn=0, pre_busfn=0, 
  post_devfn=0x564154a07c26 , post_busfn=0x564154a07c6c 
, opaque=0x0)
  at hw/core/bus.c:68
  #7  0x564154a08b4d in qdev_walk_children (dev=0x56415675f2b0, 
pre_devfn=0, pre_busfn=0, 
  post_devfn=0x564154a07c26 , post_busfn=0x564154a07c6c 
, opaque=0x0)
  at hw/core/qdev.c:617
  #8  0x564154a0d6e5 in qbus_walk_children (bus=0x564156594d30, 
pre_devfn=0, pre_busfn=0, 
  post_devfn=0x564154a07c26 , post_busfn=0x564154a07c6c 
, opaque=0x0)
  at hw/core/bus.c:59
  #9  0x564154a07df5 in qbus_reset_all (bus=0x564156594d30) at 
hw/core/qdev.c:336
  #10 0x564154a07e3a in qbus_reset_all_fn (opaque=0x564156594d30) at 
hw/core/qdev.c:342
  #11 0x564154a0e222 in qemu_devices_reset () at hw/core/reset.c:69
  #12 0x5641548b3b47 in pc_machine_reset () at 
/vms/git/qemu/hw/i386/pc.c:2234
  #13 0x564154972ca7 in qemu_system_reset (report=false) at vl.c:1697
  #14 0x564154b9d007 in colo_process_incoming_thread 
(opaque=0x5641553c1280) at migration/colo.c:617
  #15 0x7f1914907184 in start_thread () from 
/lib/x86_64-linux-gnu/libpthread.so.0
  #16 0x7f1914634bed in clone () from /lib/x86_64-linux-gnu/libc.so.6

  (gdb) frame 4
  #4  0x564154ad9147 in pcibus_reset (qbus=0x564156760d10) at 
../hw/pci/pci.c:311
  warning: Source file is more recent than executable.
  311 assert(bus->irq_count[i] == 0);
  (gdb) ^CQuit
  (gdb) p bus->irq_count[i]
  $1 = -1

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1702621/+subscriptions

[Bug 1687569] Re: when migration cancel, qemu main thread hung

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1687569

Title:
  when migration cancel, qemu main thread hung

Status in QEMU:
  Expired

Bug description:
  qemu version:v2.9.0-rc5 release

  1.virsh migrate --live 165cf436-312f-47e7-90f2-f8aa63f34893 
--copy-storage-all qemu+ssh://10.59.163.38/system
  2.press Ctrl+C cancel migrate

   qemu main thread hung

  (gdb) bt
  #0  0x7fca9f4574b7 in ppoll () from /lib64/libc.so.6
  #1  0x00944970 in qemu_poll_ns (fds=0x293e6e0, nfds=1, timeout=-1) at 
util/qemu-timer.c:322
  #2  0x00947e16 in aio_poll (ctx=0x291d4b0, blocking=true) at 
util/aio-posix.c:622
  #3  0x008b6094 in nbd_teardown_connection (bs=0x29ccdc0) at 
block/nbd-client.c:59
  #4  0x008b6df1 in nbd_client_close (bs=0x29ccdc0) at 
block/nbd-client.c:377
  #5  0x008b5988 in nbd_close (bs=0x29ccdc0) at block/nbd.c:488
  #6  0x008435de in bdrv_close (bs=0x29ccdc0) at block.c:2919
  #7  0x00843c86 in bdrv_delete (bs=0x29ccdc0) at block.c:3100
  #8  0x0084620b in bdrv_unref (bs=0x29ccdc0) at block.c:4087
  #9  0x008411d1 in bdrv_root_unref_child (child=0x30e4800) at 
block.c:1891
  #10 0x0084128a in bdrv_unref_child (parent=0x29c0660, 
child=0x30e4800) at block.c:1915
  #11 0x0084362a in bdrv_close (bs=0x29c0660) at block.c:2925
  #12 0x00843c86 in bdrv_delete (bs=0x29c0660) at block.c:3100
  #13 0x0084620b in bdrv_unref (bs=0x29c0660) at block.c:4087
  #14 0x008411d1 in bdrv_root_unref_child (child=0x3013910) at 
block.c:1891
  #15 0x00848149 in block_job_remove_all_bdrv (job=0x3fa7800) at 
blockjob.c:154
  #16 0x008a8dd8 in mirror_exit (job=0x3fa7800, opaque=0x7fca9bf0) 
at block/mirror.c:576
  #17 0x00849e22 in block_job_defer_to_main_loop_bh 
(opaque=0x7fca9d90) at blockjob.c:794
  #18 0x009420c4 in aio_bh_call (bh=0x7fca9dc0) at util/async.c:90
  #19 0x0094216f in aio_bh_poll (ctx=0x291d4b0) at util/async.c:118
  #20 0x009480d9 in aio_poll (ctx=0x291d4b0, blocking=true) at 
util/aio-posix.c:682
  #21 0x008b6094 in nbd_teardown_connection (bs=0x2921350) at 
block/nbd-client.c:59
  #22 0x008b6df1 in nbd_client_close (bs=0x2921350) at 
block/nbd-client.c:377
  #23 0x008b5988 in nbd_close (bs=0x2921350) at block/nbd.c:488
  #24 0x008435de in bdrv_close (bs=0x2921350) at block.c:2919
  #25 0x00843c86 in bdrv_delete (bs=0x2921350) at block.c:3100
  #26 0x0084620b in bdrv_unref (bs=0x2921350) at block.c:4087
  #27 0x008411d1 in bdrv_root_unref_child (child=0x390d180) at 
block.c:1891
  #28 0x0084128a in bdrv_unref_child (parent=0x4eba200, 
child=0x390d180) at block.c:1915
  #29 0x0084362a in bdrv_close (bs=0x4eba200) at block.c:2925
  #30 0x00843c86 in bdrv_delete (bs=0x4eba200) at block.c:3100
  #31 0x0084620b in bdrv_unref (bs=0x4eba200) at block.c:4087
  #32 0x008411d1 in bdrv_root_unref_child (child=0x4ebf990) at 
block.c:1891
  #33 0x00848149 in block_job_remove_all_bdrv (job=0x4ea85b0) at 
blockjob.c:154
  #34 0x008a8dd8 in mirror_exit (job=0x4ea85b0, opaque=0x7fca98000bf0) 
at block/mirror.c:576
  #35 0x00849e22 in block_job_defer_to_main_loop_bh 
(opaque=0x7fca980013d0) at blockjob.c:794
  #36 0x009420c4 in aio_bh_call (bh=0x7fca9801e0c0) at util/async.c:90
  #37 0x0094216f in aio_bh_poll (ctx=0x291d4b0) at util/async.c:118
  ---Type  to continue, or q  to quit---  
  #38 0x009476ae in aio_dispatch (ctx=0x291d4b0) at util/aio-posix.c:429
  #39 0x009425e4 in aio_ctx_dispatch (source=0x291d4b0, callback=0, 
user_data=0x0) at util/async.c:261
  #40 0x7fcaa0101f0e in g_main_context_dispatch () from 
/lib64/libglib-2.0.so.0
  #41 0x00945d86 in glib_pollfds_poll () at util/main-loop.c:213
  #42 0x00945ea7 in os_host_main_loop_wait (timeout=124777230) at 
util/main-loop.c:261
  #43 0x00945f72 in main_loop_wait (nonblocking=0) at 
util/main-loop.c:517
  #44 0x005c7794 in main_loop () at vl.c:1898
  #45 0x005cec57 in main (argc=64, argv=0x7fffe7020c58, 
envp=0x7fffe7020e60) at vl.c:4709

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1687569/+subscriptions

[Bug 1723731] Re: Qemu turns to black screen while starting to copy installation files of Windows 7

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1723731

Title:
  Qemu turns to black screen while starting to copy installation files
  of Windows 7

Status in QEMU:
  Expired

Bug description:
  Distribution: Arch Linux, Kernel: linux-4.13.5, Qemu: 2.10.1, OVMF: git 
(built 06.10.17).
  Steps to reproduce: create Qemu VM with such config:

  QEMU_VM_NAME=$(basename $(dirname "$0")) #Qemu virtual machine name (taken 
from working directory)
  QEMU_WORKING_DIR="$(dirname "$0")" #Qemu current working directory
  DIF=12 #set 2-digit number here
  QEMU_MONITOR_PORT=370${DIF} #Qemu monitor port
  QEMU_SERIAL_PORT=371${DIF} #Qemu serial port
  QEMU_PARALLEL_PORT=372${DIF} #Qemu parallel port

  qemu-system-x86_64 -daemonize -display gtk -boot menu=on -monitor 
telnet:127.0.0.1:${QEMU_MONITOR_PORT},server,nowait -serial 
telnet:127.0.0.1:${QEMU_SERIAL_PORT},server,nowait -uuid 
fafafafa-1234-bcbc-5678-ff${DIF} -name 
${QEMU_VM_NAME},process=QEMU-${QEMU_VM_NAME} -parallel none -net none 
-nodefconfig -nodefaults -no-user-config -rtc 
base=localtime,clock=vm,driftfix=slew -realtime mlock=off -machine 
type=q35,accel=kvm,usb=off,dump-guest-core=off -smp 
2,sockets=1,cores=2,threads=1 -object iothread,id=iothread1 -object 
iothread,id=iothread2 -cpu Penryn,kvm=off,check,vendor=GenuineIntel,+vmx -m 2G 
-device 
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,addr=0x1b.0x0
 -global qxl-vga.revision=4 -device ich9-intel-hda,addr=0x11.0x0,id=sound0 
-device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device 
ich9-usb-ehci1,id=ehci1,addr=0x12.0x7 -device 
ich9-usb-uhci1,id=uhci1,masterbus=ehci1.0,firstport=0,multifunction=on,addr=0x12.0x0
 -device ich9-usb-uhci2,id=uhci2,masterbus=ehci1.0,firstport=2,addr=0x12.0x1 
-device ich9-usb-uhci3,id=uhci3,masterbus=ehci1.0,firstport=4,addr=0x12.0x2 
-device ide-hd,bus=ide.0,drive=drive-sata0-0-0,id=sata0-0-0 -drive 
file="${QEMU_WORKING_DIR}"/${QEMU_VM_NAME}.qcow2,if=none,media=disk,id=drive-sata0-0-0,format=qcow2
 -device ide-cd,bus=ide.1,drive=drive-sata0-0-1,id=sata0-0-1 -drive 
if=none,media=cdrom,readonly=on,id=drive-sata0-0-1 -device 
usb-tablet,id=tbl0,bus=ehci1.0,port=2,usb_version=2,serial=1123,display=tbl0
  -device 
usb-kbd,id=kbd0,bus=ehci1.0,port=1,usb_version=1,serial=1122,display=kbd0 
-drive if=pflash,format=raw,unit=1,file=${QEMU_WORKING_DIR}/ovmf_vars_x64.bin 
-drive 
if=pflash,format=raw,unit=0,readonly,file=${QEMU_WORKING_DIR}/ovmf_code_x64.bin

  After that connect to Qemu console, insert Windows 7 installation
  media and start installation. You can successfully choose language,
  keyboard layout and partition your harddrive but after 2-3 seconds
  after beginning of copying installation files the graphical console
  screen turns to black and 1 CPU core on the host raises to 100%
  permanently and nothing happens. But if you installed Windows 7 before
  - there is no problems with VM. Tested on GTK, SDL types of screen.

  Qemu was installed from official repo and also I tried with built by
  myself version. Other OSes: Windows 8, 8.1, 10, Arch Linux, Debian,
  FreeBSD installed successfully.

  It happens only in OVMF-mode. I've just tested BIOS mode with no
  problems.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1723731/+subscriptions

[Bug 1728635] Re: qemu-io crashes with SIGSEGV when did -c aio_write 9233408 28160 on a image_fuzzer image

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1728635

Title:
  qemu-io crashes with SIGSEGV when did  -c aio_write 9233408 28160 on a
  image_fuzzer image

Status in QEMU:
  Expired

Bug description:
  git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
  This is on ppc64le architecture.

  Re-production steps:

  1. Copy the attached file named test.img to a directory
  2. And customize the following command to point to the above directory and 
run the same.
  # cp test.img copy.img
  # qemu/qemu-io /copy.img -c "aio_write 9233408 28160"

  from gdb:
  Program terminated with signal 11, Segmentation fault.
  #0  0x3fffa0077644 in __memcpy_power7 () from /lib64/libc.so.6
  Missing separate debuginfos, use: debuginfo-install 
cyrus-sasl-lib-2.1.26-21.el7.ppc64le glib2-2.50.3-3.el7.ppc64le 
glibc-2.17-196.el7.ppc64le gmp-6.0.0-15.el7.ppc64le gnutls-3.3.26-9.el7.ppc64le 
keyutils-libs-1.5.8-3.el7.ppc64le krb5-libs-1.15.1-8.el7.ppc64le 
libaio-0.3.109-13.el7.ppc64le libcom_err-1.42.9-10.el7.ppc64le 
libcurl-7.29.0-42.el7.ppc64le libffi-3.0.13-18.el7.ppc64le 
libgcc-4.8.5-16.el7_4.1.ppc64le libidn-1.28-4.el7.ppc64le 
libselinux-2.5-11.el7.ppc64le libssh2-1.4.3-10.el7_2.1.ppc64le 
libstdc++-4.8.5-16.el7_4.1.ppc64le libtasn1-4.10-1.el7.ppc64le 
nettle-2.7.1-8.el7.ppc64le nspr-4.13.1-1.0.el7_3.ppc64le 
nss-3.28.4-15.el7_4.ppc64le nss-softokn-freebl-3.28.3-8.el7_4.ppc64le 
nss-util-3.28.4-3.el7.ppc64le openldap-2.4.44-5.el7.ppc64le 
openssl-libs-1.0.2k-8.el7.ppc64le p11-kit-0.23.5-3.el7.ppc64le 
pcre-8.32-17.el7.ppc64le zlib-1.2.7-17.el7.ppc64le
  (gdb) bt
  #0  0x3fffa0077644 in __memcpy_power7 () from /lib64/libc.so.6
  #1  0x10056738 in qcow2_refcount_area (bs=0x25f56f60, 
start_offset=137438953472, additional_clusters=0, exact_size=false, 
new_refblock_index=0,
  new_refblock_offset=524288) at block/qcow2-refcount.c:573
  #2  0x10056374 in alloc_refcount_block (bs=0x25f56f60, 
cluster_index=0, refcount_block=0x3fff9dadf838) at block/qcow2-refcount.c:479
  #3  0x10057520 in update_refcount (bs=0x25f56f60, offset=0, 
length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
  at block/qcow2-refcount.c:834
  #4  0x10057c24 in qcow2_alloc_clusters (bs=0x25f56f60, size=524288) 
at block/qcow2-refcount.c:996
  #5  0x10063684 in do_alloc_cluster_offset (bs=0x25f56f60, 
guest_offset=9233408, host_offset=0x3fff9dadf9e0, nb_clusters=0x3fff9dadf9d8)
  at block/qcow2-cluster.c:1213
  #6  0x10063afc in handle_alloc (bs=0x25f56f60, guest_offset=9233408, 
host_offset=0x3fff9dadfab0, bytes=0x3fff9dadfab8, m=0x3fff9dadfb60)
  at block/qcow2-cluster.c:1324
  #7  0x10064178 in qcow2_alloc_cluster_offset (bs=0x25f56f60, 
offset=9233408, bytes=0x3fff9dadfb4c, host_offset=0x3fff9dadfb58, 
m=0x3fff9dadfb60)
  at block/qcow2-cluster.c:1511
  #8  0x1004d3f4 in qcow2_co_pwritev (bs=0x25f56f60, offset=9233408, 
bytes=28160, qiov=0x25f6fa08, flags=0) at block/qcow2.c:1919
  #9  0x100a9648 in bdrv_driver_pwritev (bs=0x25f56f60, offset=9233408, 
bytes=28160, qiov=0x25f6fa08, flags=16) at block/io.c:898
  #10 0x100ab630 in bdrv_aligned_pwritev (child=0x25f627f0, 
req=0x3fff9dadfdd8, offset=9233408, bytes=28160, align=1, qiov=0x25f6fa08, 
flags=16)
  at block/io.c:1440
  #11 0x100ac4ac in bdrv_co_pwritev (child=0x25f627f0, offset=9233408, 
bytes=28160, qiov=0x25f6fa08, flags=BDRV_REQ_FUA) at block/io.c:1691
  #12 0x1008da0c in blk_co_pwritev (blk=0x25f49410, offset=9233408, 
bytes=28160, qiov=0x25f6fa08, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
  #13 0x1008e718 in blk_aio_write_entry (opaque=0x25f6fa70) at 
block/block-backend.c:1276
  #14 0x101aa444 in coroutine_trampoline (i0=636902032, i1=0) at 
util/coroutine-ucontext.c:79
  #15 0x3fffa0022b9c in makecontext () from /lib64/libc.so.6
  #16 0x in ?? ()
  (gdb) bt full
  #0  0x3fffa0077644 in __memcpy_power7 () from /lib64/libc.so.6
  No symbol table info available.
  #1  0x10056738 in qcow2_refcount_area (bs=0x25f56f60, 
start_offset=137438953472, additional_clusters=0, exact_size=false, 
new_refblock_index=0,
  new_refblock_offset=524288) at block/qcow2-refcount.c:573
  s = 0x25f63210
  total_refblock_count_u64 = 2
  additional_refblock_count = 0
  total_refblock_count = 2
  table_size = 65536
  area_reftable_index = 1
  table_clusters = 1
  i = 0
  table_offset = 268870620
  block_offset = 70367094634128
  end_offset = 636891296
  ret = 636786432
  new_table = 0x3fff9d940010
  __PRETTY_FUNCTION__ = "qcow2_refcount_area"
  data = {d64 = 636841824, d32

[Bug 1698574] Re: slow boot windows 7

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1698574

Title:
  slow boot windows 7

Status in QEMU:
  Expired

Bug description:
  Hello,
  I have a nice working qemu with gpu passthrough setup.
  I pass through my nvidia gtx 880m.
  It boots in 4mins 18secs.

  If I remove the "-vga none" switch and allow qemu to create a vga
  adapter I can boot in 1min.

  Why does a normal boot with the nvidia card hang for 3mins (yes, the
  hd light just flickers for that long)?

  Nothing major but I'd like to know, especially if it can be fixed.

  I cannot leave -vga none turned on as the vga adapter grabs up
  resources and the nvidia card complains it cannot start due to lack of
  resources. I'd love to just add resources if possible and keep both
  cards running to get the 1min boot time.

  Here is my script:

  qemu-system-x86_64 -machine type=q35,accel=kvm -cpu host,kvm=off \
  -smp 8,sockets=1,cores=4,threads=2 \
  -bios /usr/share/seabios/bios.bin \
  -serial none \
  -parallel none \
  -vga none \
  -m 7G \
  -mem-prealloc \
  -balloon none \
  -rtc clock=host,base=localtime \
  -device 
ioh3420,bus=pcie.0,addr=1c.0,multifunction=on,port=1,chassis=1,id=root.1 \
  -device vfio-pci,host=01:00.0,bus=root.1,addr=00.0,multifunction=on,x-vga=on \
  -device virtio-scsi-pci,id=scsi \
  -drive 
id=disk0,if=virtio,cache=none,format=raw,file=/home/bob/qemu/windows7.img \
  -drive 
file=/home/bob/qemu/qemu2/virtio-win-0.1.126.iso,id=isocd,format=raw,if=none 
-device scsi-cd,drive=isocd \
  -netdev type=tap,id=net0,ifname=tap0 \
  -device virtio-net-pci,netdev=net0,mac=00:16:3e:00:01:01 \
  -usbdevice host:413c:a503 \
  -usbdevice host:13fe:3100 \
  -usbdevice host:0bc2:ab21 \
  -boot menu=on \
  -boot order=c


  Here are my specs:

  System:Host: MSI-GT70-2PE Kernel: 4.8.0-51-generic x86_64 (64 bit gcc: 
5.4.0)
 Desktop: Cinnamon 3.2.7 (Gtk 3.18.9) Distro: Linux Mint 18.1 Serena
  Machine:   Mobo: Micro-Star model: MS-1763 v: REV:0.C Bios: American 
Megatrends v: E1763IMS.51B date: 01/29/2015
  CPU:   Quad core Intel Core i7-4810MQ (-HT-MCP-) cache: 6144 KB
 flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 22348
 clock speeds: max: 2801 MHz 1: 2801 MHz 2: 800 MHz 3: 900 MHz 4: 
900 MHz 5: 900 MHz 6: 1700 MHz
 7: 800 MHz 8: 900 MHz
  Graphics:  Card-1: Intel 4th Gen Core Processor Integrated Graphics 
Controller bus-ID: 00:02.0
 Card-2: NVIDIA GK104M [GeForce GTX 880M] bus-ID: 01:00.0
 Display Server: X.Org 1.18.4 driver: nvidia Resolution: 
1920x1080@60.00hz
 GLX Renderer: GeForce GTX 880M/PCIe/SSE2 GLX Version: 4.5.0 NVIDIA 
375.66
  Direct Rendering: Yes

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1698574/+subscriptions

[Bug 1687214] Re: Rapid tremendous memory hog when using -net nic, vlan=0 -net user, vlan=0

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1687214

Title:
  Rapid tremendous memory hog when using -net nic,vlan=0 -net
  user,vlan=0

Status in QEMU:
  Expired

Bug description:
  A rapid tremendous memory hog is occuring when I use -net nic,vlan=0
  -net user,vlan=0. Tested with QEMU 2.8.0 & 2.9.0 in Gentoo. All
  available memory (8GB) + swap (over 20GB) is exhausted very rapidly.

  This bug is possibly related to 
  https://bugs.launchpad.net/qemu/+bug/1310714 
  and maybe to
  https://bugs.launchpad.net/qemu/+bug/1288620

  The bug IS present wheh I use -net nic,vlan=0 -net user,vlan=0 (tested
  with no model and model=e1000 and model=virtio, with all these the bug
  is present)

  The bug is NOT present with I use this:
  -netdev type=user,id=mynet0 -device virtio-net-pci,netdev=mynet0

  I tested this bug only using windows guests (Windows XP & Windows 8).

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1687214/+subscriptions

[Bug 1702798] Re: colo: secondary vm can't receive any packet

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1702798

Title:
  colo: secondary vm can't receive any packet

Status in QEMU:
  Expired

Bug description:
  Following document 'COLO-FT.txt', I test colo feature on my hosts. It seems 
goes well,but I found the secondary vm can't receive any packets. I attached 
the process and find out the reason as follow, the filter-redirector(red0) 
didn't flush it's queue because the secondary vm in migrate 
state(RUN_STATE_INMIGRATE) :
  int qemu_can_send_packet(NetClientState *sender)
  {
  int vm_running = runstate_is_running():

  if (!vm_running) { // it will return false on the secondary vm
  return 0;
  }
  --
  }

  How does it produce outbound packets in the secondary vm as it in migrate 
state?
  static void *qemu_kvm_cpu_thread_fn(void *arg)
  {
  --
  do {
  if (cpu_can_run(cpu)) {  // it will return false on the secondary 
vm
  r = kvm_cpu_exec(cpu);
  --
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1702798/+subscriptions

[Bug 1689245] Re: qcow2 image converted from Photon OS can't be started

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1689245

Title:
  qcow2 image converted from Photon OS can't be started

Status in QEMU:
  Expired

Bug description:
  Steps to reproduce the issue:
  1. Download the ovf from this place:
  
https://bintray.com/vmware/photon/download_file?file_path=photon-custom-hw10-1.0-62c543d.ova
  2. Extract vmdk from ova file.
  3. Convert from vmdk fromat to qcow2 via qeum-img
  4. Launch the qcow2 image. The VM is started. But there is no any output. CPU 
usage is 100%

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1689245/+subscriptions

[Bug 1716132] Re: Win 10 bitlocker won't initialise pass-through TPM

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716132

Title:
  Win 10 bitlocker won't initialise pass-through TPM

Status in QEMU:
  Expired

Bug description:
  All stock Ubuntu Zesty, Win10Pro KVM guest configured with OVMF and
  Q35.  My host has an ASRock Z97 Extreme 6 board with a TPM header
  which is populated with v1.2 complaint device.

  Testing in my host the TPM device is function, I can tpm_takeownership
  and tpm_clear successfully and similar testing by passing the device
  through to a linux guest also succeeds.

  However using Bitlocker in Windows 10 Pro release 1703 Windows advises
  it cannot "Prepare" the device which I take to mean it cannot take
  ownership of it.  I believe this to be related to Windows inability to
  view the TCG Event Log which is evidenced in the below 2 screencaps,
  however I'm no expert.

  https://s26.postimg.org/vter35eh5/Screenshot_20170907_114644.png
  https://s26.postimg.org/klo854qyx/Screenshot_20170909_143841.png

  I've also tested the scenario with qemu 2.10 which provided the exact
  same results.  The only difference in the test setup is that I had to
  make the guest boot with SeaBios instead of OVMF.  (Windows wouldn't
  boot with OVMF with the boot manager giving me an error pointing to a
  BCD issue.  Researching this it seemed related to an old ACPI problem,
  I believe this unrelated to my TPM issue so will do more research and
  raise a separate bug for this if needed.)

  Happy to provide further configurations and build logs as necessary so
  please advise me what is needed.

  Lastly for background reading.  I've been trying to get TPM
  passthrough working with Windows for a long time now and have hit
  several different issues which I believe have been addressed by both
  code maturity in Qemu but also in Windows releases.  An earlier bug
  report can be found here
  (https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1615722) which
  concludes advising me to raise this new/separate issue.

  Thanks in advance,

  Kelvin

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716132/+subscriptions

[Bug 1728325] Re: POWER8: Wrong behaviour with float-to-int punning

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1728325

Title:
  POWER8: Wrong behaviour with float-to-int punning

Status in QEMU:
  Expired

Bug description:
  Building a reduced test program with 'gcc -O2 -fno-inline
  -mcpu=power8' produces wrong results at runtime. I don't think gcc is
  at fault here.

  ---
  #include 

  int getWord(const float x)
  {
return *(int*)
  }

  void main()
  {
  int foo = getWord(+123.456f);
  int bar = getWord(-123.456f);

  printf("%d\n", foo);
  printf("%d\n", bar);
  return;
  }
  ---

  This prints:
  ---
  0
  0
  ---

  Compiling with 'gcc -O2 -fno-inline -mcpu=power7' and you instead get the 
expected result:
  ---
  1123477881
  -1024005767
  ---

  
  The different between the two programs is:

  --- power7.s
  +++ power8.s
  @@ -6,9 +6,9 @@
.globl getWord
.type   getWord, @function
   getWord:
  - stfs 1,-16(1)
  - ori 2,2,0
  - lwa 3,-16(1)
  + xscvdpspn 0,1
  + mfvsrwz 3,0
  + extsw 3,3
blr
.long 0
.byte 0,0,0,0,0,0,0,0
  .size   getWord,.-getWord

  
  Seems like qemu doesn't handle xscvdpspn/mfvsrwz correctly.

  https://github.com/qemu/qemu/commit/7ee19fb9d682689d36c849576c808cf92e3bae40
  https://github.com/qemu/qemu/commit/f5c0f7f981333da59cc35c3210d05ec1775c97c1

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1728325/+subscriptions

[Bug 1707587] Re: Read certificate from USB key failed

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1707587

Title:
  Read certificate from USB key failed

Status in QEMU:
  Expired

Bug description:
  QEMU release version: qemu-2.9.0
  VM operation system: win7 32bit

  I have an usb key which can be redirected and recognized in VM.
  However, it is failed to get the certificate when using the official
  application for this usb key. What's more, the whole app is stalled
  untill this usb key detached from VM.

  As I researched, this usb key uses interrupt transfers when
  application trying to read certificate from it. Problem is that some
  certificate data abandoned by "usbredir_stop_interrupt_receiving" and
  "usbredir_stop_ep". The two functions use "usbredir_free_bufpq" to
  clear the buffered usb packets, even the certificate remain in the
  bufpq.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1707587/+subscriptions

[Bug 1731347] Re: VFIO Passthrough of SAS2008-based HBA card fails on E3-1225v3 due to failed DMA mapping (-14)

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1731347

Title:
  VFIO Passthrough of SAS2008-based HBA card fails on E3-1225v3 due to
  failed DMA mapping (-14)

Status in QEMU:
  Expired

Bug description:
  There is a bug preventing multiple people with my combination of
  hardware from using PCI passthrough. I am not actually sure whether
  the bug is in kernel/kvm, vfio or qemu, however, as qemu is the
  highest-level of these, I am reporting the bug here as you will likely
  know better where the origin of the bug may be found.

  When attempting to pass through this device to a KVM using VFIO, this
  results in error -14 (Bad Address):

  # qemu-system-x86_64 -enable-kvm -m 10G -net none -monitor stdio -serial
  # none -parallel none -vnc :1 -device vfio-pci,host=1:00.0 -S
  QEMU 2.9.1 monitor - type 'help' for more information
  (qemu) c
  (qemu) qemu-system-x86_64: VFIO_MAP_DMA: -14
  qemu-system-x86_64: vfio_dma_map(0x7f548f0a1fc0, 0xfebd, 0x2000, 
0x7f54a909d000) = -14 (Bad address)
  qemu: hardware error: vfio: DMA mapping failed, unable to continue

  See also:
  https://bugzilla.proxmox.com/show_bug.cgi?id=1556
  https://www.redhat.com/archives/vfio-users/2016-May/msg00088.html

  This has occurred on Proxmox (Proxmox and Debian packages, Ubuntu kernel), 
Ubuntu,
  and pure Debian packages and kernel on Proxmox. However, this error
  reportedly does NOT occur for:

  - different distributions(!) (Fedora 24, 25)
  - different HBA cards (SAS2308, SAS3008)
  - different CPU (E3-1220v5)

  I would be thankful for any input and I'll be happy to provide any
  further info necessary. This is my first time delving this deep into
  anything close to the kernel.

  Thanks and best regards,
  Johannes Falke

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1731347/+subscriptions

[Bug 1712027] Re: qemu: Cryptography adding encrypted disk with luks format failed

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1712027

Title:
  qemu: Cryptography adding encrypted disk with luks format failed

Status in QEMU:
  Expired

Bug description:
  I'm using libvirt to attach luks encrypted disk to a running VM. The
  qemu-monitor-command like the

  following:

  {"execute":"object-add","arguments":{"qom-type":"secret","id":"virtio-
  disk11-luks-
  
secret0","props":{"data":"El7jOYLCZwrij2Mue0q2tA==","keyid":"masterKey0","iv":"J2je0WJjCa89L3iKc1lceg==","format":"base64"}}

  the masterKey0 specify the secret which has been created before.

  command above return with error message "Incorrect number of padding
  bytes XXX found on decrypted

  data". This is triggered by the following code snippets in 
qemu/crypto/secret.c:
   
  if (plaintext[ciphertextlen - 1] > 16 ||
   plaintext[ciphertextlen - 1] > ciphertextlen) {
   error_setg(errp, "Incorrect number of padding bytes (%d) "
   "found on decrypted data",
   (int)plaintext[ciphertextlen - 1]); 
 …
   }

  The bug is: There is on padding in plaintext if the actual length of
  the plaintext  decrypted is

  equal to ciphertext.

  In this case, the last element in plaintext array may be one of the
  character in base64 code table

  or other.

  I would like to know why length of padding bytes cannot exceed 16 and
  whether i can remove

  judement: “plaintext[ciphertextlen - 1] > 16” so that I can eliminate
  the error above.

  Much appreciate it if doubts above is cleared up.

  libvirt/qemu version:

  # virsh version
  Compiled against library: libvirt 3.0.0
  Using library: libvirt 3.0.0
  Using API: QEMU 3.0.0
  Running hypervisor: QEMU 2.7.1

  OS: Ubuntu 12.04 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1712027/+subscriptions

[Bug 1719339] Re: serial8250: too much work for irq3

2021-01-08 Thread Launchpad Bug Tracker 
[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1719339

Title:
  serial8250: too much work for irq3

Status in QEMU:
  Expired

Bug description:
  It's know issue and sometimes mentioned since 2007. But it seems not
  fixed.

  http://lists.gnu.org/archive/html/qemu-devel/2008-02/msg00140.html
  https://bugzilla.redhat.com/show_bug.cgi?id=986761
  
http://old-list-archives.xenproject.org/archives/html/xen-devel/2009-02/msg00696.html

  I don't think fixes like increases PASS_LIMIT
  (/drivers/tty/serial/8250.c) or remove this annoying message
  (https://patchwork.kernel.org/patch/3920801/) is real fix. Some fix
  was proposed by H. Peter Anvin  https://lkml.org/lkml/2008/2/7/485.

  Can reproduce on Debian Strech host (Qemu 1:2.8+dfsg-6+deb9u2), Ubuntu
  16.04.2 LTS (Qemu 1:2.5+dfsg-5ubuntu10.15) also tried to use master
  branch (QEMU emulator version 2.10.50 (v2.10.0-766-ga43415ebfd-dirty))
  if we write a lot of message into console (dmesg or dd if=/dev/zero
  of=/dev/ttyS1).

  /usr/local/bin/qemu-system-x86_64 -name guest=ultra1,debug-threads=on
  -S -object
  secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-27-ultra1
  /master-key.aes -machine pc-i440fx-2.8,accel=kvm,usb=off,dump-guest-
  core=off -cpu Skylake-
  
Client,ds=on,acpi=on,ss=on,ht=on,tm=on,pbe=on,dtes64=on,monitor=on,ds_cpl=on,vmx=on,smx=on,est=on,tm2=on,xtpr=on,pdcm=on,osxsave=on,tsc_adjust=on,clflushopt=on,pdpe1gb=on
  -m 4096 -realtime mlock=off -smp 4,sockets=1,cores=4,threads=1 -uuid
  4537ca29-73b2-40c3-9b43-666de182ba5f -display none -no-user-config
  -nodefaults -chardev
  
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-27-ultra1/monitor.sock,server,nowait
  -mon chardev=charmonitor,id=monitor,mode=control -rtc
  base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet
  -no-shutdown -global PIIX4_PM.disable_s3=1 -global
  PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-
  ehci1,id=usb,bus=pci.0,addr=0x8.0x7 -drive
  file=/home/dzagorui/csr/csr_disk.qcow2,format=qcow2,if=none,id=drive-
  ide0-0-0 -device ide-hd,bus=ide.0,unit=0,drive=drive-
  ide0-0-0,id=ide0-0-0,bootindex=1 -netdev tap,fd=26,id=hostnet0 -device
  e1000,netdev=hostnet0,id=net0,mac=52:54:00:a9:4c:86,bus=pci.0,addr=0x3
  -chardev
  socket,id=charserial0,host=127.0.0.1,port=4000,telnet,server,nowait
  -device isa-serial,chardev=charserial0,id=serial0 -chardev
  socket,id=charserial1,host=127.0.0.1,port=4001,telnet,server,nowait
  -device isa-serial,chardev=charserial1,id=serial1 -device virtio-
  balloon-pci,id=balloon0,bus=pci.0,addr=0x2 -msg timestamp=on

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1719339/+subscriptions

Re: [PATCH 2/2] hw/ssi: imx_spi: Correct tx and rx fifo endianness

2021-01-08 Thread Bin Meng 
Hi Peter,

On Fri, Jan 8, 2021 at 10:49 PM Peter Maydell  wrote:
>
> On Thu, 17 Dec 2020 at 05:28, Bin Meng  wrote:
> >
> > From: Bin Meng 
> >
> > The endianness of data exchange between tx and rx fifo is incorrect.
> > Earlier bytes are supposed to show up on MSB and later bytes on LSB,
> > ie: in big endian. The manual does not explicitly say this, but the
> > U-Boot and Linux driver codes have a swap on the data transferred
> > to tx fifo and from rx fifo.
>
> To check my understanding, if we have a burst length of 16 bits, say,
> when we do the fifo32_pop() of a 32 bit word, where in that
> word and which way round are the 2 bytes we are going to transfer ?

Say the fifo was written with a value of 0x1234 when the burst
length is 16 bits, 0x12 will be transferred first then followed by
0x34.

>
> > With this change, U-Boot read from / write to SPI flash tests pass.
> >
> >   => sf test 1ff000 1000
> >   SPI flash test:
> >   0 erase: 0 ticks, 4096000 KiB/s 32768.000 Mbps
> >   1 check: 3 ticks, 1333 KiB/s 10.664 Mbps
> >   2 write: 235 ticks, 17 KiB/s 0.136 Mbps
> >   3 read: 2 ticks, 2000 KiB/s 16.000 Mbps
> >   Test passed
> >   0 erase: 0 ticks, 4096000 KiB/s 32768.000 Mbps
> >   1 check: 3 ticks, 1333 KiB/s 10.664 Mbps
> >   2 write: 235 ticks, 17 KiB/s 0.136 Mbps
> >   3 read: 2 ticks, 2000 KiB/s 16.000 Mbps
> >
> > Fixes: c906a3a01582 ("i.MX: Add the Freescale SPI Controller")
> > Signed-off-by: Bin Meng 
> >
> > ---
> >
> >  hw/ssi/imx_spi.c | 16 
> >  1 file changed, 12 insertions(+), 4 deletions(-)
> >
> > diff --git a/hw/ssi/imx_spi.c b/hw/ssi/imx_spi.c
> > index 509fb9f..71f0902 100644
> > --- a/hw/ssi/imx_spi.c
> > +++ b/hw/ssi/imx_spi.c
> > @@ -156,13 +156,14 @@ static void imx_spi_flush_txfifo(IMXSPIState *s)
> >  {
> >  uint32_t tx;
> >  uint32_t rx;
> > +uint32_t data;
> > +uint8_t byte;
> >
> >  DPRINTF("Begin: TX Fifo Size = %d, RX Fifo Size = %d\n",
> >  fifo32_num_used(>tx_fifo), fifo32_num_used(>rx_fifo));
> >
> >  while (!fifo32_is_empty(>tx_fifo)) {
> >  int tx_burst = 0;
> > -int index = 0;
> >
> >  if (s->burst_length <= 0) {
> >  s->burst_length = imx_spi_burst_length(s);
> > @@ -183,10 +184,18 @@ static void imx_spi_flush_txfifo(IMXSPIState *s)
> >  tx_burst = 32;
> >  }
> >
> > +data = 0;
> > +for (int i = 0; i < tx_burst / 8; i++) {
> > +byte = tx & 0xff;
> > +tx = tx >> 8;
> > +data = (data << 8) | byte;
> > +}
> > +tx = data;
> > +
>
> Why carefully reverse the order of bytes in the word and then
> take a byte at a time from the bottom of the word in the loop below,
> when you could change the loop to take bytes from the top of the word
> instead ?

Ah, yes, this can be rewritten to simplify a little.

>
> >  rx = 0;
> >
> >  while (tx_burst > 0) {
> > -uint8_t byte = tx & 0xff;
> > +byte = tx & 0xff;
> >
> >  DPRINTF("writing 0x%02x\n", (uint32_t)byte);
> >
> > @@ -196,12 +205,11 @@ static void imx_spi_flush_txfifo(IMXSPIState *s)
> >  DPRINTF("0x%02x read\n", (uint32_t)byte);
> >
> >  tx = tx >> 8;
> > -rx |= (byte << (index * 8));
> > +rx = (rx << 8) | byte;
> >
> >  /* Remove 8 bits from the actual burst */
> >  tx_burst -= 8;
> >  s->burst_length -= 8;
> > -index++;
> >  }
> >
> >  DPRINTF("data rx:0x%08x\n", rx);
> > --

Regards,
Bin

Re: [PATCH v1 16/20] riscv: Add semihosting support

2021-01-08 Thread Keith Packard via 
Alistair Francis  writes:

> Whoops, I thought I had already reviewed this commit.

You had provided quite extensive review with lots of useful comments,
but never added the magic tag for this commit :-)

-- 
-keith


signature.asc
Description: PGP signature

Re: [PATCH] spapr: Improve handling of memory unplug with old guests

2021-01-08 Thread Daniel Henrique Barboza 




On 1/8/21 2:31 PM, Greg Kurz wrote:

Since commit 1e8b5b1aa16b ("spapr: Allow memory unplug to always succeed")
trying to unplug memory from a guest that doesn't support it (eg. rhel6)
no longer generates an error like it used to. Instead, it leaves the
memory around : only a subsequent reboot or manual use of drmgr within
the guest can complete the hot-unplug sequence. A flag was added to
SpaprMachineClass so that this new behavior only applies to the default
machine type.

We can do better. CAS processes all pending hot-unplug requests. This
means that we don't really care about what the guest supports if
the hot-unplug request happens before CAS.

All guests that we care for, even old ones, set enough bits in OV5
that lead to a non-empty bitmap in spapr->ov5_cas. Use that as a
heuristic to decide if CAS has already occured or not.

Always accept unplug requests that happen before CAS since CAS will
process them. Restore the previous behavior of rejecting them after
CAS when we know that the guest doesn't support memory hot-unplug.

This behavior is suitable for all machine types : this allows to
drop the pre_6_0_memory_unplug flag.

Fixes: 1e8b5b1aa16b ("spapr: Allow memory unplug to always succeed")
Signed-off-by: Greg Kurz 
---


Reviewed-by: Daniel Henrique Barboza 


  hw/ppc/spapr.c  |   24 +---
  hw/ppc/spapr_events.c   |3 +--
  hw/ppc/spapr_ovec.c |7 +++
  include/hw/ppc/spapr.h  |2 +-
  include/hw/ppc/spapr_ovec.h |1 +
  5 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 2c403b574e37..6c47466fc2f1 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -4048,6 +4048,18 @@ static void spapr_machine_device_unplug(HotplugHandler 
*hotplug_dev,
  }
  }
  
+bool spapr_memory_hot_unplug_supported(SpaprMachineState *spapr)

+{
+return spapr_ovec_test(spapr->ov5_cas, OV5_HP_EVT) ||
+/*
+ * CAS will process all pending unplug requests.
+ *
+ * HACK: a guest could theoretically have cleared all bits in OV5,
+ * but none of the guests we care for do.
+ */
+spapr_ovec_empty(spapr->ov5_cas);
+}
+
  static void spapr_machine_device_unplug_request(HotplugHandler *hotplug_dev,
  DeviceState *dev, Error 
**errp)
  {
@@ -4056,16 +4068,9 @@ static void 
spapr_machine_device_unplug_request(HotplugHandler *hotplug_dev,
  SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
  
  if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {

-if (!smc->pre_6_0_memory_unplug ||
-spapr_ovec_test(sms->ov5_cas, OV5_HP_EVT)) {
+if (spapr_memory_hot_unplug_supported(sms)) {
  spapr_memory_unplug_request(hotplug_dev, dev, errp);
  } else {
-/* NOTE: this means there is a window after guest reset, prior to
- * CAS negotiation, where unplug requests will fail due to the
- * capability not being detected yet. This is a bit different than
- * the case with PCI unplug, where the events will be queued and
- * eventually handled by the guest after boot
- */
  error_setg(errp, "Memory hot unplug not supported for this 
guest");
  }
  } else if (object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_CPU_CORE)) {
@@ -4543,11 +4548,8 @@ DEFINE_SPAPR_MACHINE(6_0, "6.0", true);
   */
  static void spapr_machine_5_2_class_options(MachineClass *mc)
  {
-SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
-
  spapr_machine_6_0_class_options(mc);
  compat_props_add(mc->compat_props, hw_compat_5_2, hw_compat_5_2_len);
-smc->pre_6_0_memory_unplug = true;
  }
  
  DEFINE_SPAPR_MACHINE(5_2, "5.2", false);

diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 6aedd988b3d0..d51daedfa6e0 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -658,8 +658,7 @@ static void spapr_hotplug_req_event(uint8_t hp_id, uint8_t 
hp_action,
  /* we should not be using count_indexed value unless the guest
   * supports dedicated hotplug event source
   */
-g_assert(!SPAPR_MACHINE_GET_CLASS(spapr)->pre_6_0_memory_unplug ||
- spapr_ovec_test(spapr->ov5_cas, OV5_HP_EVT));
+g_assert(spapr_memory_hot_unplug_supported(spapr));
  hp->drc_id.count_indexed.count =
  cpu_to_be32(drc_id->count_indexed.count);
  hp->drc_id.count_indexed.index =
diff --git a/hw/ppc/spapr_ovec.c b/hw/ppc/spapr_ovec.c
index dd003f1763fd..b2567caa5cf4 100644
--- a/hw/ppc/spapr_ovec.c
+++ b/hw/ppc/spapr_ovec.c
@@ -125,6 +125,13 @@ bool spapr_ovec_test(SpaprOptionVector *ov, long bitnr)
  return test_bit(bitnr, ov->bitmap) ? true : false;
  }
  
+bool spapr_ovec_empty(SpaprOptionVector *ov)

+{
+g_assert(ov);
+
+return bitmap_empty(ov->bitmap, OV_MAXBITS);
+}
+
  static void guest_byte_to_bitmap(uint8_t entry,

[Bug 1904954] Re: lan9118 bug peeked received message size not equal to actual received message size

2021-01-08 Thread alfred gedeon 
We do have some code, that is giving different results, between the
peeked and the actual:

https://github.com/FreeRTOS/FreeRTOS-Plus-
TCP/blob/9a25860e761036a9eb780799c9db632e3eff60c9/portable/NetworkInterface/MPS2_AN385/NetworkInterface.c#L237

We also have a fix to circumvent the problem by just reading the actual
size and omit the peeked bytes.

https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/pull/142

changing the code i pointed locally worked fine, but we can't expect all
our users to compile qemu from scratch and apply a patch

Alfred

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1904954

Title:
  lan9118 bug peeked received message size not equal to actual received
  message size

Status in QEMU:
  In Progress

Bug description:
  peeked message size is not equal to read message size

  Bug in the code at line:
  https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209

  s->tx_status_fifo_head should be s->rx_status_fifo_head

  Could also be a security bug, as the user could allocate a buffer of
  size peeked data smaller than the actual packet received, which could
  cause a buffer overflow.

  Thanks,

  Alfred

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1904954/+subscriptions

Re: [PATCH v2] target/riscv/pmp: Raise exception if no PMP entry is configured

2021-01-08 Thread Alistair Francis 
On Thu, Jan 7, 2021 at 11:02 AM Atish Patra  wrote:
>
> On Thu, 2021-01-07 at 09:19 -0800, Alistair Francis wrote:
> > On Wed, Dec 23, 2020 at 11:26 AM Atish Patra 
> > wrote:
> > >
> > > As per the privilege specification, any access from S/U mode should
> > > fail
> > > if no pmp region is configured.
> >
> > This doesn't sound right, the spec says:
> >
> > "If no PMP entry matches an S-mode or U-mode access, but at least one
> > PMP entry is implemented, the access fails."
> >
> > I don't see anything saying that an access will fail if there are no
> > PMP regions configred.
> >
>
> It also says
>
> If at least one PMP entry is implemented, but all PMP entries’ A fields
> are set to OFF, then all S-mode and U-mode memory accesses will fail.
>
> My understanding is that if PMP is implemented in hardware, but not
> configured, S/U-mode memory access should fail. At least that's how
> hardware behave.

Ah, I misinterpreted what implemented means.

Reviewed-by: Alistair Francis 

Applied to riscv-to-apply.next

Alistair

>
> > Alistair
> >
> > >
> > > Signed-off-by: Atish Patra 
> > > ---
> > > Changes from v2->v1
> > > 1. Removed the static from the function definition
> > > ---
> > >  target/riscv/op_helper.c | 5 +
> > >  target/riscv/pmp.c   | 4 ++--
> > >  target/riscv/pmp.h   | 1 +
> > >  3 files changed, 8 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
> > > index d55def76cffd..1eddcb94de7e 100644
> > > --- a/target/riscv/op_helper.c
> > > +++ b/target/riscv/op_helper.c
> > > @@ -150,6 +150,11 @@ target_ulong helper_mret(CPURISCVState *env,
> > > target_ulong cpu_pc_deb)
> > >
> > >  uint64_t mstatus = env->mstatus;
> > >  target_ulong prev_priv = get_field(mstatus, MSTATUS_MPP);
> > > +
> > > +if (!pmp_get_num_rules(env) && (prev_priv != PRV_M)) {
> > > +riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST,
> > > GETPC());
> > > +}
> > > +
> > >  target_ulong prev_virt = get_field(env->mstatus, MSTATUS_MPV);
> > >  mstatus = set_field(mstatus, MSTATUS_MIE,
> > >  get_field(mstatus, MSTATUS_MPIE));
> > > diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
> > > index 2eda8e1e2f07..80d0334e1bfc 100644
> > > --- a/target/riscv/pmp.c
> > > +++ b/target/riscv/pmp.c
> > > @@ -74,7 +74,7 @@ static inline int pmp_is_locked(CPURISCVState
> > > *env, uint32_t pmp_index)
> > >  /*
> > >   * Count the number of active rules.
> > >   */
> > > -static inline uint32_t pmp_get_num_rules(CPURISCVState *env)
> > > +uint32_t pmp_get_num_rules(CPURISCVState *env)
> > >  {
> > >   return env->pmp_state.num_rules;
> > >  }
> > > @@ -237,7 +237,7 @@ bool pmp_hart_has_privs(CPURISCVState *env,
> > > target_ulong addr,
> > >
> > >  /* Short cut if no rules */
> > >  if (0 == pmp_get_num_rules(env)) {
> > > -return true;
> > > +return (env->priv == PRV_M) ? true : false;
> > >  }
> > >
> > >  if (size == 0) {
> > > diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h
> > > index 6c6b4c9befe8..c8d5ef4a694e 100644
> > > --- a/target/riscv/pmp.h
> > > +++ b/target/riscv/pmp.h
> > > @@ -64,5 +64,6 @@ bool pmp_is_range_in_tlb(CPURISCVState *env,
> > > hwaddr tlb_sa,
> > >   target_ulong *tlb_size);
> > >  void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index);
> > >  void pmp_update_rule_nums(CPURISCVState *env);
> > > +uint32_t pmp_get_num_rules(CPURISCVState *env);
> > >
> > >  #endif
> > > --
> > > 2.25.1
> > >
> > >
>
> --
> Regards,
> Atish

Re: [PATCH v1 17/20] riscv: Add semihosting support for user mode

2021-01-08 Thread Alistair Francis 
On Fri, Jan 8, 2021 at 3:05 PM Alex Bennée  wrote:
>
> From: Kito Cheng 
>
> This could made testing more easier and ARM/AArch64 has supported on
> their linux user mode too, so I think it should be reasonable.
>
> Verified GCC testsuite with newlib/semihosting.
>
> Signed-off-by: Kito Cheng 
> Reviewed-by: Keith Packard 
> Message-Id: <20210107170717.2098982-7-kei...@keithp.com>
> Signed-off-by: Alex Bennée 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  linux-user/riscv/cpu_loop.c | 5 +
>  1 file changed, 5 insertions(+)
>
> diff --git a/linux-user/riscv/cpu_loop.c b/linux-user/riscv/cpu_loop.c
> index aa9e437875..9665dabb09 100644
> --- a/linux-user/riscv/cpu_loop.c
> +++ b/linux-user/riscv/cpu_loop.c
> @@ -23,6 +23,7 @@
>  #include "qemu.h"
>  #include "cpu_loop-common.h"
>  #include "elf.h"
> +#include "hw/semihosting/common-semi.h"
>
>  void cpu_loop(CPURISCVState *env)
>  {
> @@ -91,6 +92,10 @@ void cpu_loop(CPURISCVState *env)
>  sigcode = TARGET_SEGV_MAPERR;
>  sigaddr = env->badaddr;
>  break;
> +case RISCV_EXCP_SEMIHOST:
> +env->gpr[xA0] = do_common_semihosting(cs);
> +env->pc += 4;
> +break;
>  case EXCP_DEBUG:
>  gdbstep:
>  signum = TARGET_SIGTRAP;
> --
> 2.20.1
>
>

Re: [PATCH v1 16/20] riscv: Add semihosting support

2021-01-08 Thread Alistair Francis 
On Fri, Jan 8, 2021 at 3:06 PM Alex Bennée  wrote:
>
> From: Keith Packard 
>
> Adapt the arm semihosting support code for RISCV. This implementation
> is based on the standard for RISC-V semihosting version 0.2 as
> documented in
>
>https://github.com/riscv/riscv-semihosting-spec/releases/tag/0.2
>
> Signed-off-by: Keith Packard 
> Message-Id: <20210107170717.2098982-6-kei...@keithp.com>
> Signed-off-by: Alex Bennée 

Whoops, I thought I had already reviewed this commit.

Reviewed-by: Alistair Francis 

Alistair

> ---
>  default-configs/devices/riscv32-softmmu.mak   |  2 +
>  default-configs/devices/riscv64-softmmu.mak   |  2 +
>  .../targets/riscv32-linux-user.mak|  1 +
>  .../targets/riscv64-linux-user.mak|  1 +
>  hw/semihosting/common-semi.h  |  5 +-
>  linux-user/qemu.h |  4 +-
>  target/riscv/cpu_bits.h   |  1 +
>  hw/semihosting/common-semi.c  | 82 ++-
>  linux-user/semihost.c |  8 +-
>  target/riscv/cpu_helper.c | 10 +++
>  target/riscv/translate.c  | 11 +++
>  .../riscv/insn_trans/trans_privileged.c.inc   | 37 -
>  qemu-options.hx   | 10 ++-
>  13 files changed, 162 insertions(+), 12 deletions(-)
>
> diff --git a/default-configs/devices/riscv32-softmmu.mak 
> b/default-configs/devices/riscv32-softmmu.mak
> index 94a236c9c2..d847bd5692 100644
> --- a/default-configs/devices/riscv32-softmmu.mak
> +++ b/default-configs/devices/riscv32-softmmu.mak
> @@ -3,6 +3,8 @@
>  # Uncomment the following lines to disable these optional devices:
>  #
>  #CONFIG_PCI_DEVICES=n
> +CONFIG_SEMIHOSTING=y
> +CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
>
>  # Boards:
>  #
> diff --git a/default-configs/devices/riscv64-softmmu.mak 
> b/default-configs/devices/riscv64-softmmu.mak
> index 76b6195648..d5eec75f05 100644
> --- a/default-configs/devices/riscv64-softmmu.mak
> +++ b/default-configs/devices/riscv64-softmmu.mak
> @@ -3,6 +3,8 @@
>  # Uncomment the following lines to disable these optional devices:
>  #
>  #CONFIG_PCI_DEVICES=n
> +CONFIG_SEMIHOSTING=y
> +CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
>
>  # Boards:
>  #
> diff --git a/default-configs/targets/riscv32-linux-user.mak 
> b/default-configs/targets/riscv32-linux-user.mak
> index dfb259e8aa..6a9d1b1bc1 100644
> --- a/default-configs/targets/riscv32-linux-user.mak
> +++ b/default-configs/targets/riscv32-linux-user.mak
> @@ -2,3 +2,4 @@ TARGET_ARCH=riscv32
>  TARGET_BASE_ARCH=riscv
>  TARGET_ABI_DIR=riscv
>  TARGET_XML_FILES= gdb-xml/riscv-32bit-cpu.xml gdb-xml/riscv-32bit-fpu.xml 
> gdb-xml/riscv-64bit-fpu.xml gdb-xml/riscv-32bit-csr.xml 
> gdb-xml/riscv-32bit-virtual.xml
> +CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
> diff --git a/default-configs/targets/riscv64-linux-user.mak 
> b/default-configs/targets/riscv64-linux-user.mak
> index b13895f3b0..0a92849a1b 100644
> --- a/default-configs/targets/riscv64-linux-user.mak
> +++ b/default-configs/targets/riscv64-linux-user.mak
> @@ -2,3 +2,4 @@ TARGET_ARCH=riscv64
>  TARGET_BASE_ARCH=riscv
>  TARGET_ABI_DIR=riscv
>  TARGET_XML_FILES= gdb-xml/riscv-64bit-cpu.xml gdb-xml/riscv-32bit-fpu.xml 
> gdb-xml/riscv-64bit-fpu.xml gdb-xml/riscv-64bit-csr.xml 
> gdb-xml/riscv-64bit-virtual.xml
> +CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
> diff --git a/hw/semihosting/common-semi.h b/hw/semihosting/common-semi.h
> index bc53e92c79..0bfab1c669 100644
> --- a/hw/semihosting/common-semi.h
> +++ b/hw/semihosting/common-semi.h
> @@ -1,6 +1,6 @@
>  /*
>   *  Semihosting support for systems modeled on the Arm "Angel"
> - *  semihosting syscalls design.
> + *  semihosting syscalls design. This includes Arm and RISC-V processors
>   *
>   *  Copyright (c) 2005, 2007 CodeSourcery.
>   *  Copyright (c) 2019 Linaro
> @@ -26,6 +26,9 @@
>   * Semihosting for AArch32 and AArch64 Release 2.0
>   * https://static.docs.arm.com/100863/0200/semihosting.pdf
>   *
> + *  RISC-V Semihosting is documented in:
> + * RISC-V Semihosting
> + * 
> https://github.com/riscv/riscv-semihosting-spec/blob/main/riscv-semihosting-spec.adoc
>   */
>
>  #ifndef COMMON_SEMI_H
> diff --git a/linux-user/qemu.h b/linux-user/qemu.h
> index 534753ca12..17aa992165 100644
> --- a/linux-user/qemu.h
> +++ b/linux-user/qemu.h
> @@ -109,6 +109,8 @@ typedef struct TaskState {
>  /* FPA state */
>  FPA11 fpa;
>  # endif
> +#endif
> +#if defined(TARGET_ARM) || defined(TARGET_RISCV)
>  int swi_errno;
>  #endif
>  #if defined(TARGET_I386) && !defined(TARGET_X86_64)
> @@ -122,7 +124,7 @@ typedef struct TaskState {
>  #ifdef TARGET_M68K
>  abi_ulong tp_value;
>  #endif
> -#if defined(TARGET_ARM) || defined(TARGET_M68K)
> +#if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_RISCV)
>  /* Extra fields for semihosted binaries.  */
>  abi_ulong heap_base;
>  abi_ulong heap_limit;
> diff --git a/target/riscv/cpu_bits.h

Re: [PATCH v2] ui/cocoa: Fix openFile: deprecation on Big Sur

2021-01-08 Thread BALATON Zoltan 

On Sat, 9 Jan 2021, Roman Bolshakov wrote:

On Fri, Jan 08, 2021 at 03:00:07PM +, Peter Maydell wrote:

On Fri, 8 Jan 2021 at 13:50, Peter Maydell  wrote:


On Sat, 2 Jan 2021 at 15:14, Roman Bolshakov  wrote:


ui/cocoa.m:1188:44: warning: 'openFile:' is deprecated: first deprecated in 
macOS 11.0 - Use -[NSWorkspace openURL:] instead.
  [-Wdeprecated-declarations]
if ([[NSWorkspace sharedWorkspace] openFile: full_file_path] == YES) {
   ^
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/System/Library/Frameworks/AppKit.framework/Headers/NSWorkspace.h:350:1:
 note:
  'openFile:' has been explicitly marked deprecated here
- (BOOL)openFile:(NSString *)fullPath API_DEPRECATED("Use -[NSWorkspace openURL:] 
instead.", macos(10.0, 11.0));
^

Signed-off-by: Roman Bolshakov 
---


Reviewed-by: Peter Maydell 



So I was just trying to test this patch, and I found that at least
for me the osx menu bar has stopped working in QEMU -- keyboard
shortcuts to it still work but none of the menu buttons respond
to the mouse. Does that happen for anybody else?



There's an old bug when QEMU menu bar is not responsive because it's not
properly activated. If you click off qemu and click on the qemu dock
icon then it "gets fixed" (cmd-tab works too). Do you hit the issue as
described in the article [1]? The code in the article does exactly the
same what I'm doing manually. I wanted to fix it but somehow it got
postponed for like a whole year :) I might try to make a fix this but
note, the issue is not related to the patch.


This does not sound like the best solution to the problem. There's some 
info on this here (and blog post linked from it):


https://stackoverflow.com/questions/7460092/nswindow-makekeyandorderfront-makes-window-appear-but-not-key-or-front

Maybe we call makeKeyAndOrderFront: too early before the app is active and 
that's causing the problem? Would it work better if that's moved after 
[NSApp run]? (Maybe we also need canBecomeKey: somewhere but I don't see 
why would that be needed for normal windows.)


Regards,
BALATON Zoltan


Also, the "bring up the docs" help option (which is what this
patch is changing) doesn't seem to work when QEMU is run from
the source tree and the docs haven't been installed to the
locations where it expects it might find them. Probably the
code needs updating to work with qemu_find_file() or some
variant on it.



If I add:
diff --git a/ui/cocoa.m b/ui/cocoa.m
index ea3b845b53..4772b7f981 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -1189,6 +1189,7 @@ - (void) openDocumentation: (NSString *) filename
  path_array[index], filename];
full_file_url = [NSURL fileURLWithPath: full_file_path
   isDirectory: false];
+NSLog(@"%@", full_file_url);
if ([[NSWorkspace sharedWorkspace] openURL: full_file_url] == YES) {
return;
}

And click "Help"->"QEMU Documentation". I get the following logs:
2021-01-08 23:14:15.288 qemu-system-x86_64[46165:12969383] 
file:///Users/roolebo/dev/qemu/apple-silicon/build/../share/doc/qemu/index.html
2021-01-08 23:14:15.288 qemu-system-x86_64[46165:12969383] 
file:///Users/roolebo/dev/qemu/apple-silicon/build/../doc/qemu/index.html
2021-01-08 23:14:15.288 qemu-system-x86_64[46165:12969383] 
file:///Users/roolebo/dev/qemu/apple-silicon/build/../docs/index.html

In order to get documentation on macOS. sphinx-doc has to be installed
from homebrew. The package is keg-only so sphinx-build has to be added
to PATH.

Then you can build with --enable-docs. Generated documentation resides
in the build tree after the QEMU has been switched to meson:

find . -name index.html
./build/meson-private/temp/sphinx/out/index.html
./build/docs/devel/index.html
./build/docs/tools/index.html
./build/docs/index.html
./build/docs/specs/index.html
./build/docs/interop/index.html
./build/docs/user/index.html
./build/docs/system/index.html

The problem is that the paths above don't point to docs in build tree.
The patch only fixes a warning and doesn't break existing path
resolution. The fix for out-of-tree docs is trivial:
diff --git a/ui/cocoa.m b/ui/cocoa.m
index ea3b845b53..13fba8103e 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -1176,7 +1176,7 @@ - (void)toggleFullScreen:(id)sender
- (void) openDocumentation: (NSString *) filename
{
/* Where to look for local files */
-NSString *path_array[] = {@"../share/doc/qemu/", @"../doc/qemu/", 
@"../docs/"};
+NSString *path_array[] = {@"../share/doc/qemu/", @"../doc/qemu/", 
@"docs/"};
NSString *full_file_path;
NSURL *full_file_url;

I'll add it as a separate patch to v2.

1. 
https://ar.al/2018/09/17/workaround-for-unclickable-app-menu-bug-with-window.makekeyandorderfront-and-nsapp.activate-on-macos/

Regards,
Roman

[PATCH v1 16/20] riscv: Add semihosting support

2021-01-08 Thread Alex Bennée 
From: Keith Packard 

Adapt the arm semihosting support code for RISCV. This implementation
is based on the standard for RISC-V semihosting version 0.2 as
documented in

   https://github.com/riscv/riscv-semihosting-spec/releases/tag/0.2

Signed-off-by: Keith Packard 
Message-Id: <20210107170717.2098982-6-kei...@keithp.com>
Signed-off-by: Alex Bennée 
---
 default-configs/devices/riscv32-softmmu.mak   |  2 +
 default-configs/devices/riscv64-softmmu.mak   |  2 +
 .../targets/riscv32-linux-user.mak|  1 +
 .../targets/riscv64-linux-user.mak|  1 +
 hw/semihosting/common-semi.h  |  5 +-
 linux-user/qemu.h |  4 +-
 target/riscv/cpu_bits.h   |  1 +
 hw/semihosting/common-semi.c  | 82 ++-
 linux-user/semihost.c |  8 +-
 target/riscv/cpu_helper.c | 10 +++
 target/riscv/translate.c  | 11 +++
 .../riscv/insn_trans/trans_privileged.c.inc   | 37 -
 qemu-options.hx   | 10 ++-
 13 files changed, 162 insertions(+), 12 deletions(-)

diff --git a/default-configs/devices/riscv32-softmmu.mak 
b/default-configs/devices/riscv32-softmmu.mak
index 94a236c9c2..d847bd5692 100644
--- a/default-configs/devices/riscv32-softmmu.mak
+++ b/default-configs/devices/riscv32-softmmu.mak
@@ -3,6 +3,8 @@
 # Uncomment the following lines to disable these optional devices:
 #
 #CONFIG_PCI_DEVICES=n
+CONFIG_SEMIHOSTING=y
+CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
 
 # Boards:
 #
diff --git a/default-configs/devices/riscv64-softmmu.mak 
b/default-configs/devices/riscv64-softmmu.mak
index 76b6195648..d5eec75f05 100644
--- a/default-configs/devices/riscv64-softmmu.mak
+++ b/default-configs/devices/riscv64-softmmu.mak
@@ -3,6 +3,8 @@
 # Uncomment the following lines to disable these optional devices:
 #
 #CONFIG_PCI_DEVICES=n
+CONFIG_SEMIHOSTING=y
+CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
 
 # Boards:
 #
diff --git a/default-configs/targets/riscv32-linux-user.mak 
b/default-configs/targets/riscv32-linux-user.mak
index dfb259e8aa..6a9d1b1bc1 100644
--- a/default-configs/targets/riscv32-linux-user.mak
+++ b/default-configs/targets/riscv32-linux-user.mak
@@ -2,3 +2,4 @@ TARGET_ARCH=riscv32
 TARGET_BASE_ARCH=riscv
 TARGET_ABI_DIR=riscv
 TARGET_XML_FILES= gdb-xml/riscv-32bit-cpu.xml gdb-xml/riscv-32bit-fpu.xml 
gdb-xml/riscv-64bit-fpu.xml gdb-xml/riscv-32bit-csr.xml 
gdb-xml/riscv-32bit-virtual.xml
+CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
diff --git a/default-configs/targets/riscv64-linux-user.mak 
b/default-configs/targets/riscv64-linux-user.mak
index b13895f3b0..0a92849a1b 100644
--- a/default-configs/targets/riscv64-linux-user.mak
+++ b/default-configs/targets/riscv64-linux-user.mak
@@ -2,3 +2,4 @@ TARGET_ARCH=riscv64
 TARGET_BASE_ARCH=riscv
 TARGET_ABI_DIR=riscv
 TARGET_XML_FILES= gdb-xml/riscv-64bit-cpu.xml gdb-xml/riscv-32bit-fpu.xml 
gdb-xml/riscv-64bit-fpu.xml gdb-xml/riscv-64bit-csr.xml 
gdb-xml/riscv-64bit-virtual.xml
+CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
diff --git a/hw/semihosting/common-semi.h b/hw/semihosting/common-semi.h
index bc53e92c79..0bfab1c669 100644
--- a/hw/semihosting/common-semi.h
+++ b/hw/semihosting/common-semi.h
@@ -1,6 +1,6 @@
 /*
  *  Semihosting support for systems modeled on the Arm "Angel"
- *  semihosting syscalls design.
+ *  semihosting syscalls design. This includes Arm and RISC-V processors
  *
  *  Copyright (c) 2005, 2007 CodeSourcery.
  *  Copyright (c) 2019 Linaro
@@ -26,6 +26,9 @@
  * Semihosting for AArch32 and AArch64 Release 2.0
  * https://static.docs.arm.com/100863/0200/semihosting.pdf
  *
+ *  RISC-V Semihosting is documented in:
+ * RISC-V Semihosting
+ * 
https://github.com/riscv/riscv-semihosting-spec/blob/main/riscv-semihosting-spec.adoc
  */
 
 #ifndef COMMON_SEMI_H
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 534753ca12..17aa992165 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -109,6 +109,8 @@ typedef struct TaskState {
 /* FPA state */
 FPA11 fpa;
 # endif
+#endif
+#if defined(TARGET_ARM) || defined(TARGET_RISCV)
 int swi_errno;
 #endif
 #if defined(TARGET_I386) && !defined(TARGET_X86_64)
@@ -122,7 +124,7 @@ typedef struct TaskState {
 #ifdef TARGET_M68K
 abi_ulong tp_value;
 #endif
-#if defined(TARGET_ARM) || defined(TARGET_M68K)
+#if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_RISCV)
 /* Extra fields for semihosted binaries.  */
 abi_ulong heap_base;
 abi_ulong heap_limit;
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index b41e8836c3..4196ef8b69 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -542,6 +542,7 @@
 #define RISCV_EXCP_INST_PAGE_FAULT   0xc /* since: priv-1.10.0 */
 #define RISCV_EXCP_LOAD_PAGE_FAULT   0xd /* since: priv-1.10.0 */
 #define RISCV_EXCP_STORE_PAGE_FAULT  0xf /* since: priv-1.10.0 */
+#define RISCV_EXCP_SEMIHOST

[PATCH v1 17/20] riscv: Add semihosting support for user mode

2021-01-08 Thread Alex Bennée 
From: Kito Cheng 

This could made testing more easier and ARM/AArch64 has supported on
their linux user mode too, so I think it should be reasonable.

Verified GCC testsuite with newlib/semihosting.

Signed-off-by: Kito Cheng 
Reviewed-by: Keith Packard 
Message-Id: <20210107170717.2098982-7-kei...@keithp.com>
Signed-off-by: Alex Bennée 
---
 linux-user/riscv/cpu_loop.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/linux-user/riscv/cpu_loop.c b/linux-user/riscv/cpu_loop.c
index aa9e437875..9665dabb09 100644
--- a/linux-user/riscv/cpu_loop.c
+++ b/linux-user/riscv/cpu_loop.c
@@ -23,6 +23,7 @@
 #include "qemu.h"
 #include "cpu_loop-common.h"
 #include "elf.h"
+#include "hw/semihosting/common-semi.h"
 
 void cpu_loop(CPURISCVState *env)
 {
@@ -91,6 +92,10 @@ void cpu_loop(CPURISCVState *env)
 sigcode = TARGET_SEGV_MAPERR;
 sigaddr = env->badaddr;
 break;
+case RISCV_EXCP_SEMIHOST:
+env->gpr[xA0] = do_common_semihosting(cs);
+env->pc += 4;
+break;
 case EXCP_DEBUG:
 gdbstep:
 signum = TARGET_SIGTRAP;
-- 
2.20.1

[PATCH] floppy: remove unused function fdctrl_format_sector

2021-01-08 Thread Alexander Bulekov 
fdctrl_format_sector was added in
baca51faff ("updated floppy driver: formatting code, disk geometry auto detect 
(Jocelyn Mayer)")

The single callsite is guarded by a check:
fdctrl->data_state & FD_STATE_FORMAT

However, the only place where the FD_STATE_FORMAT flag is set (in
fdctrl_handle_format_track) is closely followed by the same flag being
unset, with no possibility to call fdctrl_format_sector in between.

This removes fdctrl_format_sector and the unncessary setting/unsetting
of the FD_STATE_FORMAT flag.

Signed-off-by: Alexander Bulekov 
---
 hw/block/fdc.c | 68 --
 1 file changed, 68 deletions(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 3636874432..837dd819ea 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -1952,67 +1952,6 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
 return retval;
 }
 
-static void fdctrl_format_sector(FDCtrl *fdctrl)
-{
-FDrive *cur_drv;
-uint8_t kh, kt, ks;
-
-SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
-cur_drv = get_cur_drv(fdctrl);
-kt = fdctrl->fifo[6];
-kh = fdctrl->fifo[7];
-ks = fdctrl->fifo[8];
-FLOPPY_DPRINTF("format sector at %d %d %02x %02x (%d)\n",
-   GET_CUR_DRV(fdctrl), kh, kt, ks,
-   fd_sector_calc(kh, kt, ks, cur_drv->last_sect,
-  NUM_SIDES(cur_drv)));
-switch (fd_seek(cur_drv, kh, kt, ks, fdctrl->config & FD_CONFIG_EIS)) {
-case 2:
-/* sect too big */
-fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
-fdctrl->fifo[3] = kt;
-fdctrl->fifo[4] = kh;
-fdctrl->fifo[5] = ks;
-return;
-case 3:
-/* track too big */
-fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_EC, 0x00);
-fdctrl->fifo[3] = kt;
-fdctrl->fifo[4] = kh;
-fdctrl->fifo[5] = ks;
-return;
-case 4:
-/* No seek enabled */
-fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
-fdctrl->fifo[3] = kt;
-fdctrl->fifo[4] = kh;
-fdctrl->fifo[5] = ks;
-return;
-case 1:
-fdctrl->status0 |= FD_SR0_SEEK;
-break;
-default:
-break;
-}
-memset(fdctrl->fifo, 0, FD_SECTOR_LEN);
-if (cur_drv->blk == NULL ||
-blk_pwrite(cur_drv->blk, fd_offset(cur_drv), fdctrl->fifo,
-   BDRV_SECTOR_SIZE, 0) < 0) {
-FLOPPY_DPRINTF("error formatting sector %d\n", fd_sector(cur_drv));
-fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK, 0x00, 0x00);
-} else {
-if (cur_drv->sect == cur_drv->last_sect) {
-fdctrl->data_state &= ~FD_STATE_FORMAT;
-/* Last sector done */
-fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
-} else {
-/* More to do */
-fdctrl->data_pos = 0;
-fdctrl->data_len = 4;
-}
-}
-}
-
 static void fdctrl_handle_lock(FDCtrl *fdctrl, int direction)
 {
 fdctrl->lock = (fdctrl->fifo[0] & 0x80) ? 1 : 0;
@@ -2126,7 +2065,6 @@ static void fdctrl_handle_format_track(FDCtrl *fdctrl, 
int direction)
 
 SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
 cur_drv = get_cur_drv(fdctrl);
-fdctrl->data_state |= FD_STATE_FORMAT;
 if (fdctrl->fifo[0] & 0x80)
 fdctrl->data_state |= FD_STATE_MULTI;
 else
@@ -2144,7 +2082,6 @@ static void fdctrl_handle_format_track(FDCtrl *fdctrl, 
int direction)
  * and Linux fdformat (read 3 bytes per sector via DMA and fill
  * the sector with the specified fill byte
  */
-fdctrl->data_state &= ~FD_STATE_FORMAT;
 fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
 }
 
@@ -2458,11 +2395,6 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t 
value)
 /* We have all parameters now, execute the command */
 fdctrl->phase = FD_PHASE_EXECUTION;
 
-if (fdctrl->data_state & FD_STATE_FORMAT) {
-fdctrl_format_sector(fdctrl);
-break;
-}
-
 cmd = get_command(fdctrl->fifo[0]);
 FLOPPY_DPRINTF("Calling handler for '%s'\n", cmd->name);
 cmd->handler(fdctrl, cmd->direction);
-- 
2.27.0

[PATCH v1 14/20] semihosting: Change internal common-semi interfaces to use CPUState *

2021-01-08 Thread Alex Bennée 
From: Keith Packard 

This makes all of the internal interfaces architecture-independent and
renames the internal functions to use the 'common_semi' prefix instead
of 'arm' or 'arm_semi'.

To do this, some new architecture-specific internal helper functions
were created:

static inline target_ulong
common_semi_arg(CPUState *cs, int argno)

Returns the argno'th semihosting argument, where argno can be
either 0 or 1.

static inline void
common_semi_set_ret(CPUState *cs, target_ulong ret)

Sets the semihosting return value.

static inline bool
common_semi_sys_exit_extended(CPUState *cs, int nr)

This detects whether the specified semihosting call, which
is either TARGET_SYS_EXIT or TARGET_SYS_EXIT_EXTENDED should
be executed using the TARGET_SYS_EXIT_EXTENDED semantics.

static inline target_ulong
common_semi_rambase(CPUState *cs)

Returns the base of RAM region used for heap and stack. This
is used to construct plausible values for the SYS_HEAPINFO
call.

In addition, several existing functions have been changed to flag
areas of code which are architecture specific:

static target_ulong
common_semi_flen_buf(CPUState *cs)

Returns the current stack pointer minus 64, which is
where a stat structure will be placed on the stack

#define GET_ARG(n)

This fetches arguments from the semihosting command's argument
block. The address of this is available implicitly through the
local 'args' variable. This is *mostly* architecture
independent, but does depend on the current ABI's notion of
the size of a 'long' parameter, which may need run-time checks
(as it does on AARCH64)

#define SET_ARG(n, val)

This mirrors GET_ARG and stores data back into the argument
block.

Signed-off-by: Keith Packard 
Reviewed-by: Alistair Francis 
Message-Id: <20210107170717.2098982-4-kei...@keithp.com>
Signed-off-by: Alex Bennée 
---
 hw/semihosting/common-semi.c | 349 +++
 1 file changed, 186 insertions(+), 163 deletions(-)

diff --git a/hw/semihosting/common-semi.c b/hw/semihosting/common-semi.c
index 2e959aba08..ac1271545e 100644
--- a/hw/semihosting/common-semi.c
+++ b/hw/semihosting/common-semi.c
@@ -32,15 +32,18 @@
 #include "cpu.h"
 #include "hw/semihosting/semihost.h"
 #include "hw/semihosting/console.h"
+#include "hw/semihosting/common-semi.h"
 #include "qemu/log.h"
 #ifdef CONFIG_USER_ONLY
 #include "qemu.h"
 
-#define ARM_ANGEL_HEAP_SIZE (128 * 1024 * 1024)
+#define COMMON_SEMI_HEAP_SIZE (128 * 1024 * 1024)
 #else
 #include "exec/gdbstub.h"
 #include "qemu/cutils.h"
+#ifdef TARGET_ARM
 #include "hw/arm/boot.h"
+#endif
 #include "hw/boards.h"
 #endif
 
@@ -134,6 +137,50 @@ typedef struct GuestFD {
 
 static GArray *guestfd_array;
 
+#ifdef TARGET_ARM
+static inline target_ulong
+common_semi_arg(CPUState *cs, int argno)
+{
+ARMCPU *cpu = ARM_CPU(cs);
+CPUARMState *env = >env;
+if (is_a64(env)) {
+return env->xregs[argno];
+} else {
+return env->regs[argno];
+}
+}
+
+static inline void
+common_semi_set_ret(CPUState *cs, target_ulong ret)
+{
+ARMCPU *cpu = ARM_CPU(cs);
+CPUARMState *env = >env;
+if (is_a64(env)) {
+env->xregs[0] = ret;
+} else {
+env->regs[0] = ret;
+}
+}
+
+static inline bool
+common_semi_sys_exit_extended(CPUState *cs, int nr)
+{
+return (nr == TARGET_SYS_EXIT_EXTENDED || is_a64(cs->env_ptr));
+}
+
+#ifndef CONFIG_USER_ONLY
+#include "hw/arm/boot.h"
+static inline target_ulong
+common_semi_rambase(CPUState *cs)
+{
+CPUArchState *env = cs->env_ptr;
+const struct arm_boot_info *info = env->boot_info;
+return info->loader_start;
+}
+#endif
+
+#endif /* TARGET_ARM */
+
 /*
  * Allocate a new guest file descriptor and return it; if we
  * couldn't allocate a new fd then return -1.
@@ -239,11 +286,10 @@ static target_ulong syscall_err;
 #include "exec/softmmu-semi.h"
 #endif
 
-static inline uint32_t set_swi_errno(CPUARMState *env, uint32_t code)
+static inline uint32_t set_swi_errno(CPUState *cs, uint32_t code)
 {
 if (code == (uint32_t)-1) {
 #ifdef CONFIG_USER_ONLY
-CPUState *cs = env_cpu(env);
 TaskState *ts = cs->opaque;
 
 ts->swi_errno = errno;
@@ -254,10 +300,9 @@ static inline uint32_t set_swi_errno(CPUARMState *env, 
uint32_t code)
 return code;
 }
 
-static inline uint32_t get_swi_errno(CPUARMState *env)
+static inline uint32_t get_swi_errno(CPUState *cs)
 {
 #ifdef CONFIG_USER_ONLY
-CPUState *cs = env_cpu(env);
 TaskState *ts = cs->opaque;
 
 return ts->swi_errno;
@@ -266,24 +311,22 @@ static inline uint32_t get_swi_errno(CPUARMState *env)
 #endif
 }
 
-static target_ulong arm_semi_syscall_len;
+static target_ulong common_semi_syscall_len;
 
-static void arm_semi_cb(CPUState *cs, target_ulong ret, target_ulong err)
+static void

[PATCH v1 20/20] semihosting: Implement SYS_ISERROR

2021-01-08 Thread Alex Bennée 
From: Keith Packard 

Part of Semihosting for AArch32 and AArch64 Release 2.0

Signed-off-by: Keith Packard 
Message-Id: <20210107170717.2098982-10-kei...@keithp.com>
Signed-off-by: Alex Bennée 
---
 hw/semihosting/common-semi.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/hw/semihosting/common-semi.c b/hw/semihosting/common-semi.c
index a631904fb0..23c6e3edcb 100644
--- a/hw/semihosting/common-semi.c
+++ b/hw/semihosting/common-semi.c
@@ -59,6 +59,7 @@
 #define TARGET_SYS_WRITE   0x05
 #define TARGET_SYS_READ0x06
 #define TARGET_SYS_READC   0x07
+#define TARGET_SYS_ISERROR 0x08
 #define TARGET_SYS_ISTTY   0x09
 #define TARGET_SYS_SEEK0x0a
 #define TARGET_SYS_FLEN0x0c
@@ -967,6 +968,9 @@ target_ulong do_common_semihosting(CPUState *cs)
 return guestfd_fns[gf->type].readfn(cs, gf, arg1, len);
 case TARGET_SYS_READC:
 return qemu_semihosting_console_inc(cs->env_ptr);
+case TARGET_SYS_ISERROR:
+GET_ARG(0);
+return (target_long) arg0 < 0 ? 1 : 0;
 case TARGET_SYS_ISTTY:
 GET_ARG(0);
 
-- 
2.20.1

[PATCH v1 13/20] semihosting: Change common-semi API to be architecture-independent

2021-01-08 Thread Alex Bennée 
From: Keith Packard 

The public API is now defined in
hw/semihosting/common-semi.h. do_common_semihosting takes CPUState *
instead of CPUARMState *. All internal functions have been renamed
common_semi_ instead of arm_semi_ or arm_. Aside from the API change,
there are no functional changes in this patch.

Signed-off-by: Keith Packard 
Reviewed-by: Alistair Francis 
Message-Id: <20210107170717.2098982-3-kei...@keithp.com>
Signed-off-by: Alex Bennée 
---
 hw/semihosting/common-semi.h  | 36 +++
 target/arm/cpu.h  |  8 
 hw/semihosting/common-semi.c  | 16 ++--
 linux-user/aarch64/cpu_loop.c |  3 ++-
 linux-user/arm/cpu_loop.c |  3 ++-
 target/arm/helper.c   |  5 +++--
 target/arm/m_helper.c |  7 ++-
 7 files changed, 59 insertions(+), 19 deletions(-)
 create mode 100644 hw/semihosting/common-semi.h

diff --git a/hw/semihosting/common-semi.h b/hw/semihosting/common-semi.h
new file mode 100644
index 00..bc53e92c79
--- /dev/null
+++ b/hw/semihosting/common-semi.h
@@ -0,0 +1,36 @@
+/*
+ *  Semihosting support for systems modeled on the Arm "Angel"
+ *  semihosting syscalls design.
+ *
+ *  Copyright (c) 2005, 2007 CodeSourcery.
+ *  Copyright (c) 2019 Linaro
+ *  Written by Paul Brook.
+ *
+ *  Copyright © 2020 by Keith Packard 
+ *  Adapted for systems other than ARM, including RISC-V, by Keith Packard
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ *
+ *  ARM Semihosting is documented in:
+ * Semihosting for AArch32 and AArch64 Release 2.0
+ * https://static.docs.arm.com/100863/0200/semihosting.pdf
+ *
+ */
+
+#ifndef COMMON_SEMI_H
+#define COMMON_SEMI_H
+
+target_ulong do_common_semihosting(CPUState *cs);
+
+#endif /* COMMON_SEMI_H */
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 7e6c881a7e..49d9a314db 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1068,14 +1068,6 @@ static inline void aarch64_sve_change_el(CPUARMState 
*env, int o,
 static inline void aarch64_add_sve_properties(Object *obj) { }
 #endif
 
-#if !defined(CONFIG_TCG)
-static inline target_ulong do_arm_semihosting(CPUARMState *env)
-{
-g_assert_not_reached();
-}
-#else
-target_ulong do_arm_semihosting(CPUARMState *env);
-#endif
 void aarch64_sync_32_to_64(CPUARMState *env);
 void aarch64_sync_64_to_32(CPUARMState *env);
 
diff --git a/hw/semihosting/common-semi.c b/hw/semihosting/common-semi.c
index 93360e28c7..2e959aba08 100644
--- a/hw/semihosting/common-semi.c
+++ b/hw/semihosting/common-semi.c
@@ -1,10 +1,14 @@
 /*
- *  Arm "Angel" semihosting syscalls
+ *  Semihosting support for systems modeled on the Arm "Angel"
+ *  semihosting syscalls design.
  *
  *  Copyright (c) 2005, 2007 CodeSourcery.
  *  Copyright (c) 2019 Linaro
  *  Written by Paul Brook.
  *
+ *  Copyright © 2020 by Keith Packard 
+ *  Adapted for systems other than ARM, including RISC-V, by Keith Packard
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
@@ -373,12 +377,12 @@ static target_ulong arm_gdb_syscall(ARMCPU *cpu, 
gdb_syscall_complete_cb cb,
  * do anything with its return value, because it is not necessarily
  * the result of the syscall, but could just be the old value of X0.
  * The only thing safe to do with this is that the callers of
- * do_arm_semihosting() will write it straight back into X0.
+ * do_common_semihosting() will write it straight back into X0.
  * (In linux-user mode, the callback will have happened before
  * gdb_do_syscallv() returns.)
  *
  * We should tidy this up so neither this function nor
- * do_arm_semihosting() return a value, so the mistake of
+ * do_common_semihosting() return a value, so the mistake of
  * doing something with the return value is not possible to make.
  */
 
@@ -675,10 +679,10 @@ static const GuestFDFunctions guestfd_fns[] = {
  * leave the register unchanged. We use 0xdeadbeef as the return value
  * when there isn't a defined return value for the call.
  */
-target_ulong do_arm_semihosting(CPUARMState *env)
+target_ulong do_common_semihosting(CPUState *cs)
 {
-ARMCPU *cpu = env_archcpu(env);
-CPUState *cs = env_cpu(env);
+ARMCPU *cpu =

Re: [PATCH] decodetree: Open files with encoding='utf-8'

2021-01-08 Thread Daniele Buono 

I had a similar issue in the past with the acceptance tests.
Some VMs send UTF-8 output in their console and the acceptance test
script would bail out if the locale was not UTF-8.

I sent a patch on the ml but it probably got lost:
https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg06086.html

I can re-spin it if you guys are interested


On 1/8/2021 10:16 AM, Philippe Mathieu-Daudé wrote:

When decodetree.py was added in commit 568ae7efae7, QEMU was
using Python 2 which happily reads UTF-8 files in text mode.
Python 3 requires either UTF-8 locale or an explicit encoding
passed to open(). Now that Python 3 is required, explicit
UTF-8 encoding for decodetree sources.

This fixes:

   $ /usr/bin/python3 scripts/decodetree.py test.decode
   Traceback (most recent call last):
 File "scripts/decodetree.py", line 1397, in 
   main()
 File "scripts/decodetree.py", line 1308, in main
   parse_file(f, toppat)
 File "scripts/decodetree.py", line 994, in parse_file
   for line in f:
 File "/usr/lib/python3.6/encodings/ascii.py", line 26, in decode
   return codecs.ascii_decode(input, self.errors)[0]
   UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 80:
   ordinal not in range(128)

Reported-by: Peter Maydell 
Signed-off-by: Philippe Mathieu-Daudé 
---
  scripts/decodetree.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/decodetree.py b/scripts/decodetree.py
index 47aa9caf6d1..fa40903cff1 100644
--- a/scripts/decodetree.py
+++ b/scripts/decodetree.py
@@ -1304,7 +1304,7 @@ def main():

  for filename in args:
  input_file = filename
-f = open(filename, 'r')
+f = open(filename, 'r', encoding='utf-8')
  parse_file(f, toppat)
  f.close()

[PATCH v1 12/20] semihosting: Move ARM semihosting code to shared directories

2021-01-08 Thread Alex Bennée 
From: Keith Packard 

This commit renames two files which provide ARM semihosting support so
that they can be shared by other architectures:

 1. target/arm/arm-semi.c -> hw/semihosting/common-semi.c
 2. linux-user/arm/semihost.c -> linux-user/semihost.c

The build system was modified use a new config variable,
CONFIG_ARM_COMPATIBLE_SEMIHOSTING, which has been added to the ARM
softmmu and linux-user default configs. The contents of the source
files has not been changed in this patch.

Signed-off-by: Keith Packard 
Reviewed-by: Alistair Francis 
Signed-off-by: Alex Bennée 
Message-Id: <20210107170717.2098982-2-kei...@keithp.com>
---
 default-configs/devices/arm-softmmu.mak   | 1 +
 default-configs/targets/aarch64-linux-user.mak| 1 +
 default-configs/targets/aarch64_be-linux-user.mak | 1 +
 default-configs/targets/arm-linux-user.mak| 1 +
 default-configs/targets/armeb-linux-user.mak  | 1 +
 target/arm/arm-semi.c => hw/semihosting/common-semi.c | 0
 linux-user/{arm => }/semihost.c   | 0
 hw/semihosting/Kconfig| 3 +++
 hw/semihosting/meson.build| 3 +++
 linux-user/arm/meson.build| 3 ---
 linux-user/meson.build| 1 +
 target/arm/meson.build| 2 --
 12 files changed, 12 insertions(+), 5 deletions(-)
 rename target/arm/arm-semi.c => hw/semihosting/common-semi.c (100%)
 rename linux-user/{arm => }/semihost.c (100%)

diff --git a/default-configs/devices/arm-softmmu.mak 
b/default-configs/devices/arm-softmmu.mak
index 08a32123b4..0500156a0c 100644
--- a/default-configs/devices/arm-softmmu.mak
+++ b/default-configs/devices/arm-softmmu.mak
@@ -42,4 +42,5 @@ CONFIG_FSL_IMX25=y
 CONFIG_FSL_IMX7=y
 CONFIG_FSL_IMX6UL=y
 CONFIG_SEMIHOSTING=y
+CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
 CONFIG_ALLWINNER_H3=y
diff --git a/default-configs/targets/aarch64-linux-user.mak 
b/default-configs/targets/aarch64-linux-user.mak
index 163c9209f4..4713253709 100644
--- a/default-configs/targets/aarch64-linux-user.mak
+++ b/default-configs/targets/aarch64-linux-user.mak
@@ -2,3 +2,4 @@ TARGET_ARCH=aarch64
 TARGET_BASE_ARCH=arm
 TARGET_XML_FILES= gdb-xml/aarch64-core.xml gdb-xml/aarch64-fpu.xml 
gdb-xml/arm-core.xml gdb-xml/arm-vfp.xml gdb-xml/arm-vfp3.xml 
gdb-xml/arm-neon.xml gdb-xml/arm-m-profile.xml
 TARGET_HAS_BFLT=y
+CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
diff --git a/default-configs/targets/aarch64_be-linux-user.mak 
b/default-configs/targets/aarch64_be-linux-user.mak
index 4c953cf8c5..fae831558d 100644
--- a/default-configs/targets/aarch64_be-linux-user.mak
+++ b/default-configs/targets/aarch64_be-linux-user.mak
@@ -3,3 +3,4 @@ TARGET_BASE_ARCH=arm
 TARGET_WORDS_BIGENDIAN=y
 TARGET_XML_FILES= gdb-xml/aarch64-core.xml gdb-xml/aarch64-fpu.xml 
gdb-xml/arm-core.xml gdb-xml/arm-vfp.xml gdb-xml/arm-vfp3.xml 
gdb-xml/arm-neon.xml gdb-xml/arm-m-profile.xml
 TARGET_HAS_BFLT=y
+CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
diff --git a/default-configs/targets/arm-linux-user.mak 
b/default-configs/targets/arm-linux-user.mak
index c7cd872e86..e741ffd4d3 100644
--- a/default-configs/targets/arm-linux-user.mak
+++ b/default-configs/targets/arm-linux-user.mak
@@ -3,3 +3,4 @@ TARGET_SYSTBL_ABI=common,oabi
 TARGET_SYSTBL=syscall.tbl
 TARGET_XML_FILES= gdb-xml/arm-core.xml gdb-xml/arm-vfp.xml 
gdb-xml/arm-vfp3.xml gdb-xml/arm-neon.xml gdb-xml/arm-m-profile.xml
 TARGET_HAS_BFLT=y
+CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
diff --git a/default-configs/targets/armeb-linux-user.mak 
b/default-configs/targets/armeb-linux-user.mak
index 79bf10e99b..255e44e8b0 100644
--- a/default-configs/targets/armeb-linux-user.mak
+++ b/default-configs/targets/armeb-linux-user.mak
@@ -4,3 +4,4 @@ TARGET_SYSTBL=syscall.tbl
 TARGET_WORDS_BIGENDIAN=y
 TARGET_XML_FILES= gdb-xml/arm-core.xml gdb-xml/arm-vfp.xml 
gdb-xml/arm-vfp3.xml gdb-xml/arm-neon.xml gdb-xml/arm-m-profile.xml
 TARGET_HAS_BFLT=y
+CONFIG_ARM_COMPATIBLE_SEMIHOSTING=y
diff --git a/target/arm/arm-semi.c b/hw/semihosting/common-semi.c
similarity index 100%
rename from target/arm/arm-semi.c
rename to hw/semihosting/common-semi.c
diff --git a/linux-user/arm/semihost.c b/linux-user/semihost.c
similarity index 100%
rename from linux-user/arm/semihost.c
rename to linux-user/semihost.c
diff --git a/hw/semihosting/Kconfig b/hw/semihosting/Kconfig
index efe0a30734..4c30dc6b16 100644
--- a/hw/semihosting/Kconfig
+++ b/hw/semihosting/Kconfig
@@ -1,3 +1,6 @@
 
 config SEMIHOSTING
bool
+
+config ARM_COMPATIBLE_SEMIHOSTING
+   bool
diff --git a/hw/semihosting/meson.build b/hw/semihosting/meson.build
index f40ac574c4..5b4a170270 100644
--- a/hw/semihosting/meson.build
+++ b/hw/semihosting/meson.build
@@ -2,3 +2,6 @@ specific_ss.add(when: 'CONFIG_SEMIHOSTING', if_true: files(
   'config.c',
   'console.c',
 ))
+
+specific_ss.add(when: ['CONFIG_ARM_COMPATIBLE_SEMIHOSTING'],
+   if_true: files('common-semi.c'))

[PATCH v1 15/20] semihosting: Support SYS_HEAPINFO when env->boot_info is not set

2021-01-08 Thread Alex Bennée 
From: Keith Packard 

env->boot_info is only set in some ARM startup paths, so we cannot
rely on it to support the SYS_HEAPINFO semihosting function. When not
available, fallback to finding a RAM memory region containing the
current stack and use the base of that.

Signed-off-by: Keith Packard 
Message-Id: <20210107170717.2098982-5-kei...@keithp.com>
Signed-off-by: Alex Bennée 
---
 hw/semihosting/common-semi.c | 43 +++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/hw/semihosting/common-semi.c b/hw/semihosting/common-semi.c
index ac1271545e..293791f721 100644
--- a/hw/semihosting/common-semi.c
+++ b/hw/semihosting/common-semi.c
@@ -137,6 +137,36 @@ typedef struct GuestFD {
 
 static GArray *guestfd_array;
 
+#ifndef CONFIG_USER_ONLY
+#include "exec/address-spaces.h"
+/*
+ * Find the base of a RAM region containing the specified address
+ */
+static inline hwaddr
+common_semi_find_region_base(hwaddr addr)
+{
+MemoryRegion *subregion;
+
+/*
+ * Find the chunk of R/W memory containing the address.  This is
+ * used for the SYS_HEAPINFO semihosting call, which should
+ * probably be using information from the loaded application.
+ */
+QTAILQ_FOREACH(subregion, _system_memory()->subregions,
+   subregions_link) {
+if (subregion->ram && !subregion->readonly) {
+Int128 top128 = int128_add(int128_make64(subregion->addr),
+   subregion->size);
+Int128 addr128 = int128_make64(addr);
+if (subregion->addr <= addr && int128_lt(addr128, top128)) {
+return subregion->addr;
+}
+}
+}
+return 0;
+}
+#endif
+
 #ifdef TARGET_ARM
 static inline target_ulong
 common_semi_arg(CPUState *cs, int argno)
@@ -175,7 +205,18 @@ common_semi_rambase(CPUState *cs)
 {
 CPUArchState *env = cs->env_ptr;
 const struct arm_boot_info *info = env->boot_info;
-return info->loader_start;
+target_ulong sp;
+
+if (info) {
+return info->loader_start;
+}
+
+if (is_a64(env)) {
+sp = env->xregs[31];
+} else {
+sp = env->regs[13];
+}
+return common_semi_find_region_base(sp);
 }
 #endif
 
-- 
2.20.1

[PATCH v1 10/20] target/arm: use official org.gnu.gdb.aarch64.sve layout for registers

2021-01-08 Thread Alex Bennée 
While GDB can work with any XML description given to it there is
special handling for SVE registers on the GDB side which makes the
users life a little better. The changes aren't that major and all the
registers save the $vg reported the same. All that changes is:

  - report org.gnu.gdb.aarch64.sve
  - use gdb nomenclature for names and types
  - minor re-ordering of the types to match reference
  - re-enable ieee_half (as we know gdb supports it now)
  - $vg is now a 64 bit int
  - check $vN and $zN aliasing in test

Signed-off-by: Alex Bennée 
Cc: Luis Machado 
Message-Id: <20201218112707.28348-10-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
---
 target/arm/gdbstub.c| 75 -
 target/arm/helper.c |  2 +-
 tests/tcg/aarch64/gdbstub/test-sve-ioctl.py | 11 +++
 3 files changed, 41 insertions(+), 47 deletions(-)

diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
index 866595b4f1..a8fff2a3d0 100644
--- a/target/arm/gdbstub.c
+++ b/target/arm/gdbstub.c
@@ -195,22 +195,17 @@ static const struct TypeSize vec_lanes[] = {
 { "uint128", 128, 'q', 'u' },
 { "int128", 128, 'q', 's' },
 /* 64 bit */
+{ "ieee_double", 64, 'd', 'f' },
 { "uint64", 64, 'd', 'u' },
 { "int64", 64, 'd', 's' },
-{ "ieee_double", 64, 'd', 'f' },
 /* 32 bit */
+{ "ieee_single", 32, 's', 'f' },
 { "uint32", 32, 's', 'u' },
 { "int32", 32, 's', 's' },
-{ "ieee_single", 32, 's', 'f' },
 /* 16 bit */
+{ "ieee_half", 16, 'h', 'f' },
 { "uint16", 16, 'h', 'u' },
 { "int16", 16, 'h', 's' },
-/*
- * TODO: currently there is no reliable way of telling
- * if the remote gdb actually understands ieee_half so
- * we don't expose it in the target description for now.
- * { "ieee_half", 16, 'h', 'f' },
- */
 /* bytes */
 { "uint8", 8, 'b', 'u' },
 { "int8", 8, 'b', 's' },
@@ -223,17 +218,16 @@ int arm_gen_dynamic_svereg_xml(CPUState *cs, int base_reg)
 GString *s = g_string_new(NULL);
 DynamicGDBXMLInfo *info = >dyn_svereg_xml;
 g_autoptr(GString) ts = g_string_new("");
-int i, bits, reg_width = (cpu->sve_max_vq * 128);
+int i, j, bits, reg_width = (cpu->sve_max_vq * 128);
 info->num = 0;
 g_string_printf(s, "");
 g_string_append_printf(s, "");
-g_string_append_printf(s, "");
+g_string_append_printf(s, "");
 
 /* First define types and totals in a whole VL */
 for (i = 0; i < ARRAY_SIZE(vec_lanes); i++) {
 int count = reg_width / vec_lanes[i].size;
-g_string_printf(ts, "vq%d%c%c", count,
-vec_lanes[i].sz, vec_lanes[i].suffix);
+g_string_printf(ts, "svev%c%c", vec_lanes[i].sz, vec_lanes[i].suffix);
 g_string_append_printf(s,
"",
ts->str, vec_lanes[i].gdb_type, count);
@@ -243,39 +237,37 @@ int arm_gen_dynamic_svereg_xml(CPUState *cs, int base_reg)
  * signed and potentially float versions of each size from 128 to
  * 8 bits.
  */
-for (bits = 128; bits >= 8; bits /= 2) {
-int count = reg_width / bits;
-g_string_append_printf(s, "", count);
-for (i = 0; i < ARRAY_SIZE(vec_lanes); i++) {
-if (vec_lanes[i].size == bits) {
-g_string_append_printf(s, "",
-   vec_lanes[i].suffix,
-   count,
-   vec_lanes[i].sz, vec_lanes[i].suffix);
+for (bits = 128, i = 0; bits >= 8; bits /= 2, i++) {
+const char suf[] = { 'q', 'd', 's', 'h', 'b' };
+g_string_append_printf(s, "", suf[i]);
+for (j = 0; j < ARRAY_SIZE(vec_lanes); j++) {
+if (vec_lanes[j].size == bits) {
+g_string_append_printf(s, "",
+   vec_lanes[j].suffix,
+   vec_lanes[j].sz, vec_lanes[j].suffix);
 }
 }
 g_string_append(s, "");
 }
 /* And now the final union of unions */
-g_string_append(s, "");
-for (bits = 128; bits >= 8; bits /= 2) {
-int count = reg_width / bits;
-for (i = 0; i < ARRAY_SIZE(vec_lanes); i++) {
-if (vec_lanes[i].size == bits) {
-g_string_append_printf(s, "",
-   vec_lanes[i].sz, count);
-break;
-}
-}
+g_string_append(s, "");
+for (bits = 128, i = 0; bits >= 8; bits /= 2, i++) {
+const char suf[] = { 'q', 'd', 's', 'h', 'b' };
+g_string_append_printf(s, "",
+   suf[i], suf[i]);
 }
 g_string_append(s, "");
 
+/* Finally the sve prefix type */
+g_string_append_printf(s,
+   "",
+   reg_width / 8);
+
 /* Then define each register in parts for each vq */
 for (i = 0; i < 32;

Re: [PATCH] target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns

2021-01-08 Thread Guenter Roeck 
On 1/8/21 11:51 AM, Peter Maydell wrote:
> In commit cd8be50e58f63413c0 we converted the A32 coprocessor
> insns to decodetree. This accidentally broke XScale/iWMMXt insns,
> because it moved the handling of "cp insns which are handled
> by looking up the cp register in the hashtable" from after the
> call to the legacy disas_xscale_insn() decode to before it,
> with the result that all XScale/iWMMXt insns now UNDEF.
> 
> Update valid_cp() so that it knows that on XScale cp 0 and 1
> are not standard coprocessor instructions; this will cause
> the decodetree trans_ functions to ignore them, so that
> execution will correctly get through to the legacy decode again.
> 
> Cc: qemu-sta...@nongnu.org
> Reported-by: Guenter Roeck 
> Signed-off-by: Peter Maydell 
> ---
> With this Guenter's test image now successfully boots
> and shuts down again.
> ---

Thanks a lot for the fix!

Tested-by: Guenter Roeck 

>  target/arm/translate.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index f5acd32e76a..528b93dffa2 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -5282,7 +5282,14 @@ static bool valid_cp(DisasContext *s, int cp)
>   * only cp14 and cp15 are valid, and other values aren't considered
>   * to be in the coprocessor-instruction space at all. v8M still
>   * permits coprocessors 0..7.
> + * For XScale, we must not decode the XScale cp0, cp1 space as
> + * a standard coprocessor insn, because we want to fall through to
> + * the legacy disas_xscale_insn() decoder after decodetree is done.
>   */
> +if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cp == 0 || cp == 1)) {
> +return false;
> +}
> +
>  if (arm_dc_feature(s, ARM_FEATURE_V8) &&
>  !arm_dc_feature(s, ARM_FEATURE_M)) {
>  return cp >= 14;
>

[PATCH v1 19/20] semihosting: Implement SYS_TMPNAM

2021-01-08 Thread Alex Bennée 
From: Keith Packard 

Part of Semihosting for AArch32 and AArch64 Release 2.0

Signed-off-by: Keith Packard 
Message-Id: <20210107170717.2098982-9-kei...@keithp.com>
Signed-off-by: Alex Bennée 
---
 hw/semihosting/common-semi.c | 21 +++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/hw/semihosting/common-semi.c b/hw/semihosting/common-semi.c
index 3d6604dcdd..a631904fb0 100644
--- a/hw/semihosting/common-semi.c
+++ b/hw/semihosting/common-semi.c
@@ -835,6 +835,7 @@ target_ulong do_common_semihosting(CPUState *cs)
 CPUArchState *env = cs->env_ptr;
 target_ulong args;
 target_ulong arg0, arg1, arg2, arg3;
+target_ulong ul_ret;
 char * s;
 int nr;
 uint32_t ret;
@@ -998,8 +999,24 @@ target_ulong do_common_semihosting(CPUState *cs)
 
 return guestfd_fns[gf->type].flenfn(cs, gf);
 case TARGET_SYS_TMPNAM:
-qemu_log_mask(LOG_UNIMP, "%s: SYS_TMPNAM not implemented", __func__);
-return -1;
+GET_ARG(0);
+GET_ARG(1);
+GET_ARG(2);
+if (asprintf(, "/tmp/qemu-%x%02x", getpid(),
+ (int) (arg1 & 0xff)) < 0) {
+return -1;
+}
+ul_ret = (target_ulong) -1;
+
+/* Make sure there's enough space in the buffer */
+if (strlen(s) < arg2) {
+char *output = lock_user(VERIFY_WRITE, arg0, arg2, 0);
+strcpy(output, s);
+unlock_user(output, arg0, arg2);
+ul_ret = 0;
+}
+free(s);
+return ul_ret;
 case TARGET_SYS_REMOVE:
 GET_ARG(0);
 GET_ARG(1);
-- 
2.20.1

[PATCH v1 18/20] semihosting: Implement SYS_ELAPSED and SYS_TICKFREQ

2021-01-08 Thread Alex Bennée 
From: Keith Packard 

These are part of Semihosting for AArch32 and AArch64 Release 2.0

Signed-off-by: Keith Packard 
Message-Id: <20210107170717.2098982-8-kei...@keithp.com>
Signed-off-by: Alex Bennée 
---
 include/qemu/timer.h |  2 ++
 hw/semihosting/common-semi.c | 16 
 util/qemu-timer-common.c |  4 
 3 files changed, 22 insertions(+)

diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index 61296ea980..1678238384 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -808,6 +808,8 @@ static inline int64_t get_clock_realtime(void)
 return tv.tv_sec * 10LL + (tv.tv_usec * 1000);
 }
 
+extern int64_t clock_start;
+
 /* Warning: don't insert tracepoints into these functions, they are
also used by simpletrace backend and tracepoints would cause
an infinite recursion! */
diff --git a/hw/semihosting/common-semi.c b/hw/semihosting/common-semi.c
index 5fcb8663c6..3d6604dcdd 100644
--- a/hw/semihosting/common-semi.c
+++ b/hw/semihosting/common-semi.c
@@ -38,6 +38,7 @@
 #include "hw/semihosting/console.h"
 #include "hw/semihosting/common-semi.h"
 #include "qemu/log.h"
+#include "qemu/timer.h"
 #ifdef CONFIG_USER_ONLY
 #include "qemu.h"
 
@@ -73,6 +74,8 @@
 #define TARGET_SYS_EXIT0x18
 #define TARGET_SYS_SYNCCACHE   0x19
 #define TARGET_SYS_EXIT_EXTENDED 0x20
+#define TARGET_SYS_ELAPSED 0x30
+#define TARGET_SYS_TICKFREQ0x31
 
 /* ADP_Stopped_ApplicationExit is used for exit(0),
  * anything else is implemented as exit(1) */
@@ -837,6 +840,7 @@ target_ulong do_common_semihosting(CPUState *cs)
 uint32_t ret;
 uint32_t len;
 GuestFD *gf;
+int64_t elapsed;
 
 (void) env; /* Used implicitly by arm lock_user macro */
 nr = common_semi_arg(cs, 0) & 0xU;
@@ -1246,6 +1250,18 @@ target_ulong do_common_semihosting(CPUState *cs)
 }
 gdb_exit(ret);
 exit(ret);
+case TARGET_SYS_ELAPSED:
+elapsed = get_clock() - clock_start;
+if (sizeof(target_ulong) == 8) {
+SET_ARG(0, elapsed);
+} else {
+SET_ARG(0, (uint32_t) elapsed);
+SET_ARG(1, (uint32_t) (elapsed >> 32));
+}
+return 0;
+case TARGET_SYS_TICKFREQ:
+/* qemu always uses nsec */
+return 10;
 case TARGET_SYS_SYNCCACHE:
 /*
  * Clean the D-cache and invalidate the I-cache for the specified
diff --git a/util/qemu-timer-common.c b/util/qemu-timer-common.c
index baf3317f74..cc1326f726 100644
--- a/util/qemu-timer-common.c
+++ b/util/qemu-timer-common.c
@@ -27,6 +27,8 @@
 /***/
 /* real time host monotonic timer */
 
+int64_t clock_start;
+
 #ifdef _WIN32
 
 int64_t clock_freq;
@@ -41,6 +43,7 @@ static void __attribute__((constructor)) init_get_clock(void)
 exit(1);
 }
 clock_freq = freq.QuadPart;
+clock_start = get_clock();
 }
 
 #else
@@ -55,5 +58,6 @@ static void __attribute__((constructor)) init_get_clock(void)
 if (clock_gettime(CLOCK_MONOTONIC, ) == 0) {
 use_rt_clock = 1;
 }
+clock_start = get_clock();
 }
 #endif
-- 
2.20.1

[PATCH v1 05/20] gdbstub: implement a softmmu based test

2021-01-08 Thread Alex Bennée 
This adds a new tests that allows us to test softmmu only features
including watchpoints. To do achieve this we need to:

  - add _exit: labels to the boot codes
  - write a memory.py test case
  - plumb the test case into the build system
  - tweak the run_test script to:
- re-direct output when asked
- use socket based connection for all tests
- add a small pause before connection

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20201218112707.28348-5-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
---
 tests/guest-debug/run-test.py |  36 +++--
 tests/tcg/aarch64/Makefile.softmmu-target |   1 +
 tests/tcg/aarch64/system/boot.S   |   1 +
 tests/tcg/i386/Makefile.softmmu-target|   1 +
 tests/tcg/i386/system/boot.S  |   2 +-
 tests/tcg/multiarch/gdbstub/memory.py | 130 ++
 .../multiarch/system/Makefile.softmmu-target  |  19 ++-
 tests/tcg/x86_64/Makefile.softmmu-target  |   1 +
 tests/tcg/x86_64/system/boot.S|   2 +-
 9 files changed, 181 insertions(+), 12 deletions(-)
 create mode 100644 tests/tcg/multiarch/gdbstub/memory.py

diff --git a/tests/guest-debug/run-test.py b/tests/guest-debug/run-test.py
index 0c4f5c3808..8b91ff95af 100755
--- a/tests/guest-debug/run-test.py
+++ b/tests/guest-debug/run-test.py
@@ -16,6 +16,7 @@ import subprocess
 import shutil
 import shlex
 import os
+from time import sleep
 from tempfile import TemporaryDirectory
 
 def get_args():
@@ -27,10 +28,21 @@ def get_args():
 required=True)
 parser.add_argument("--test", help="GDB test script",
 required=True)
-parser.add_argument("--gdb", help="The gdb binary to use", default=None)
+parser.add_argument("--gdb", help="The gdb binary to use",
+default=None)
+parser.add_argument("--output", help="A file to redirect output to")
 
 return parser.parse_args()
 
+
+def log(output, msg):
+if output:
+output.write(msg + "\n")
+output.flush()
+else:
+print(msg)
+
+
 if __name__ == '__main__':
 args = get_args()
 
@@ -42,18 +54,25 @@ if __name__ == '__main__':
 if not args.gdb:
 print("We need gdb to run the test")
 exit(-1)
+if args.output:
+output = open(args.output, "w")
+else:
+output = None
 
 socket_dir = TemporaryDirectory("qemu-gdbstub")
 socket_name = os.path.join(socket_dir.name, "gdbstub.socket")
 
 # Launch QEMU with binary
 if "system" in args.qemu:
-cmd = "%s %s %s -s -S" % (args.qemu, args.qargs, args.binary)
+cmd = "%s %s %s -gdb unix:path=%s,server" % (args.qemu,
+ args.qargs,
+ args.binary,
+ socket_name)
 else:
 cmd = "%s %s -g %s %s" % (args.qemu, args.qargs, socket_name,
   args.binary)
 
-print("QEMU CMD: %s" % (cmd))
+log(output, "QEMU CMD: %s" % (cmd))
 inferior = subprocess.Popen(shlex.split(cmd))
 
 # Now launch gdb with our test and collect the result
@@ -63,16 +82,15 @@ if __name__ == '__main__':
 # disable prompts in case of crash
 gdb_cmd += " -ex 'set confirm off'"
 # connect to remote
-if "system" in args.qemu:
-gdb_cmd += " -ex 'target remote localhost:1234'"
-else:
-gdb_cmd += " -ex 'target remote %s'" % (socket_name)
+gdb_cmd += " -ex 'target remote %s'" % (socket_name)
 # finally the test script itself
 gdb_cmd += " -x %s" % (args.test)
 
-print("GDB CMD: %s" % (gdb_cmd))
 
-result = subprocess.call(gdb_cmd, shell=True);
+sleep(1)
+log(output, "GDB CMD: %s" % (gdb_cmd))
+
+result = subprocess.call(gdb_cmd, shell=True, stdout=output)
 
 # A negative result is the result of an internal gdb failure like
 # a crash. We force a return of 0 so we don't fail the test on
diff --git a/tests/tcg/aarch64/Makefile.softmmu-target 
b/tests/tcg/aarch64/Makefile.softmmu-target
index 1057a8ac49..a7286ac295 100644
--- a/tests/tcg/aarch64/Makefile.softmmu-target
+++ b/tests/tcg/aarch64/Makefile.softmmu-target
@@ -15,6 +15,7 @@ CRT_PATH=$(AARCH64_SYSTEM_SRC)
 LINK_SCRIPT=$(AARCH64_SYSTEM_SRC)/kernel.ld
 LDFLAGS=-Wl,-T$(LINK_SCRIPT)
 TESTS+=$(AARCH64_TESTS) $(MULTIARCH_TESTS)
+EXTRA_RUNS+=$(MULTIARCH_RUNS)
 CFLAGS+=-nostdlib -ggdb -O0 $(MINILIB_INC)
 LDFLAGS+=-static -nostdlib $(CRT_OBJS) $(MINILIB_OBJS) -lgcc
 
diff --git a/tests/tcg/aarch64/system/boot.S b/tests/tcg/aarch64/system/boot.S
index b14e94f332..e190b1efa6 100644
--- a/tests/tcg/aarch64/system/boot.S
+++ b/tests/tcg/aarch64/system/boot.S
@@ -197,6 +197,7 @@ __start:
bl  main
 
/* pass return value to sys exit */
+_exit:
movx1, x0
ldrx0, =0x20026 /* ADP_Stopped_ApplicationExit */
stp

[PATCH v1 11/20] Makefile: add GNU global tags support

2021-01-08 Thread Alex Bennée 
GNU Global is another tags engine which is more like cscope in being
able to support finding both references and definitions. You will be
un-surprised to know it also integrates well with Emacs.

The main benefit of integrating it into find-src-path is it takes less
time to rebuild the database from scratch when you have a lot of build
directories under your source tree.

Signed-off-by: Alex Bennée 
---
 Makefile   | 9 -
 .gitignore | 3 +++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index fb9923ff22..66eec99685 100644
--- a/Makefile
+++ b/Makefile
@@ -253,6 +253,13 @@ ctags:
rm -f "$(SRC_PATH)/"tags
$(find-src-path) -exec ctags -f "$(SRC_PATH)/"tags --append {} +
 
+.PHONY: gtags
+gtags:
+   rm -f "$(SRC_PATH)/"GTAGS
+   rm -f "$(SRC_PATH)/"GRTAGS
+   rm -f "$(SRC_PATH)/"GPATH
+   $(find-src-path) | gtags -f -
+
 .PHONY: TAGS
 TAGS:
rm -f "$(SRC_PATH)/"TAGS
@@ -279,7 +286,7 @@ help:
$(call print-help,all,Build all)
$(call print-help,dir/file.o,Build specified target only)
$(call print-help,install,Install QEMU, documentation and tools)
-   $(call print-help,ctags/TAGS,Generate tags file for editors)
+   $(call print-help,ctags/gtags/TAGS,Generate tags file for editors)
$(call print-help,cscope,Generate cscope index)
$(call print-help,sparse,Run sparse on the QEMU source)
@echo  ''
diff --git a/.gitignore b/.gitignore
index b32bca1315..75a4be0724 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,9 @@
 cscope.*
 tags
 TAGS
+GPATH
+GRTAGS
+GTAGS
 *~
 *.ast_raw
 *.depend_raw
-- 
2.20.1

[PATCH v1 02/20] test/guest-debug: echo QEMU command as well

2021-01-08 Thread Alex Bennée 
This helps with debugging.

Signed-off-by: Alex Bennée 
Message-Id: <20201214153012.12723-2-alex.ben...@linaro.org>
Message-Id: <20201218112707.28348-2-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
---
 tests/guest-debug/run-test.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/guest-debug/run-test.py b/tests/guest-debug/run-test.py
index 71c5569054..0c4f5c3808 100755
--- a/tests/guest-debug/run-test.py
+++ b/tests/guest-debug/run-test.py
@@ -53,6 +53,7 @@ if __name__ == '__main__':
 cmd = "%s %s -g %s %s" % (args.qemu, args.qargs, socket_name,
   args.binary)
 
+print("QEMU CMD: %s" % (cmd))
 inferior = subprocess.Popen(shlex.split(cmd))
 
 # Now launch gdb with our test and collect the result
-- 
2.20.1

[PATCH v1 04/20] Revert "tests/tcg/multiarch/Makefile.target: Disable run-gdbstub-sha1 test"

2021-01-08 Thread Alex Bennée 
We won't attempt to run the test now it's gated on a newer version of
gdb.

This reverts commit a930cadd83b4681a98ce72abf530a791ee2e42a6.

Signed-off-by: Alex Bennée 
Message-Id: <20201218112707.28348-4-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
---
 tests/tcg/multiarch/Makefile.target | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/tests/tcg/multiarch/Makefile.target 
b/tests/tcg/multiarch/Makefile.target
index 230eb9a95e..cb49cc9ccb 100644
--- a/tests/tcg/multiarch/Makefile.target
+++ b/tests/tcg/multiarch/Makefile.target
@@ -54,9 +54,7 @@ run-gdbstub-sha1: sha1
--bin $< --test $(MULTIARCH_SRC)/gdbstub/sha1.py, \
"basic gdbstub support")
 
-# Disable this for now -- it provokes a gdb internal-error on
-# Ubuntu gdb 8.1.1-0ubuntu1.
-# EXTRA_RUNS += run-gdbstub-sha1
+EXTRA_RUNS += run-gdbstub-sha1
 endif
 
 
-- 
2.20.1

[PATCH v1 09/20] gdbstub: ensure we clean-up when terminated

2021-01-08 Thread Alex Bennée 
If you kill the inferior from GDB we end up leaving our socket lying
around. Fix this by calling gdb_exit() first.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20201214153012.12723-7-alex.ben...@linaro.org>
Message-Id: <20201218112707.28348-9-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
---
 gdbstub.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gdbstub.c b/gdbstub.c
index bab8476357..8c301edf32 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1978,6 +1978,7 @@ static void handle_v_kill(GdbCmdContext *gdb_ctx, void 
*user_ctx)
 /* Kill the target */
 put_packet("OK");
 error_report("QEMU: Terminated via GDBstub");
+gdb_exit(0);
 exit(0);
 }
 
@@ -2539,6 +2540,7 @@ static int gdb_handle_packet(const char *line_buf)
 case 'k':
 /* Kill the target */
 error_report("QEMU: Terminated via GDBstub");
+gdb_exit(0);
 exit(0);
 case 'D':
 {
-- 
2.20.1

[PATCH v1 01/20] tests/docker: Remove Debian 9 remnant lines

2021-01-08 Thread Alex Bennée 
From: Philippe Mathieu-Daudé 

Debian 9 base container has been removed in commits
e3755276d1f and c9d78b06c06. Remove the last remnants.

Fixes: e3755276d1f ("tests/docker: Remove old Debian 9 containers")
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20210107072933.3828450-1-f4...@amsat.org>
Signed-off-by: Alex Bennée 
Reviewed-by: Thomas Huth 
---
 tests/docker/Makefile.include | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index c254ac38d0..0779dab5b9 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -108,7 +108,6 @@ ifneq ($(HOST_ARCH),x86_64)
 DOCKER_PARTIAL_IMAGES += debian-mips-cross debian-mipsel-cross 
debian-mips64el-cross
 DOCKER_PARTIAL_IMAGES += debian-ppc64el-cross
 DOCKER_PARTIAL_IMAGES += debian-s390x-cross
-DOCKER_PARTIAL_IMAGES += debian-win32-cross debian-win64-cross
 DOCKER_PARTIAL_IMAGES += fedora travis
 endif
 
-- 
2.20.1

[PATCH v1 07/20] gdbstub: drop CPUEnv from gdb_exit()

2021-01-08 Thread Alex Bennée 
gdb_exit() has never needed anything from env and I doubt we are going
to start now.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20201214153012.12723-5-alex.ben...@linaro.org>
Message-Id: <20201218112707.28348-7-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
---
 include/exec/gdbstub.h| 2 +-
 bsd-user/syscall.c| 6 +++---
 gdbstub.c | 2 +-
 linux-user/exit.c | 2 +-
 target/arm/arm-semi.c | 2 +-
 target/m68k/m68k-semi.c   | 2 +-
 target/nios2/nios2-semi.c | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
index 94d8f83e92..492db0f512 100644
--- a/include/exec/gdbstub.h
+++ b/include/exec/gdbstub.h
@@ -46,7 +46,7 @@ void gdb_do_syscall(gdb_syscall_complete_cb cb, const char 
*fmt, ...);
 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va);
 int use_gdb_syscalls(void);
 void gdb_set_stop_cpu(CPUState *cpu);
-void gdb_exit(CPUArchState *, int);
+void gdb_exit(int);
 #ifdef CONFIG_USER_ONLY
 /**
  * gdb_handlesig: yield control to gdb
diff --git a/bsd-user/syscall.c b/bsd-user/syscall.c
index d38ec7a162..adc3d21b54 100644
--- a/bsd-user/syscall.c
+++ b/bsd-user/syscall.c
@@ -333,7 +333,7 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 #ifdef CONFIG_GPROF
 _mcleanup();
 #endif
-gdb_exit(cpu_env, arg1);
+gdb_exit(arg1);
 qemu_plugin_atexit_cb();
 /* XXX: should free thread stack and CPU env */
 _exit(arg1);
@@ -435,7 +435,7 @@ abi_long do_netbsd_syscall(void *cpu_env, int num, abi_long 
arg1,
 #ifdef CONFIG_GPROF
 _mcleanup();
 #endif
-gdb_exit(cpu_env, arg1);
+gdb_exit(arg1);
 qemu_plugin_atexit_cb();
 /* XXX: should free thread stack and CPU env */
 _exit(arg1);
@@ -514,7 +514,7 @@ abi_long do_openbsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 #ifdef CONFIG_GPROF
 _mcleanup();
 #endif
-gdb_exit(cpu_env, arg1);
+gdb_exit(arg1);
 qemu_plugin_atexit_cb();
 /* XXX: should free thread stack and CPU env */
 _exit(arg1);
diff --git a/gdbstub.c b/gdbstub.c
index 15d3a8e1f5..afa553e8fc 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -3068,7 +3068,7 @@ static void gdb_read_byte(uint8_t ch)
 }
 
 /* Tell the remote gdb that the process has exited.  */
-void gdb_exit(CPUArchState *env, int code)
+void gdb_exit(int code)
 {
   char buf[4];
 
diff --git a/linux-user/exit.c b/linux-user/exit.c
index 1594015444..70b344048c 100644
--- a/linux-user/exit.c
+++ b/linux-user/exit.c
@@ -34,6 +34,6 @@ void preexit_cleanup(CPUArchState *env, int code)
 #ifdef CONFIG_GCOV
 __gcov_dump();
 #endif
-gdb_exit(env, code);
+gdb_exit(code);
 qemu_plugin_atexit_cb();
 }
diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
index f7b7bff522..93360e28c7 100644
--- a/target/arm/arm-semi.c
+++ b/target/arm/arm-semi.c
@@ -1101,7 +1101,7 @@ target_ulong do_arm_semihosting(CPUARMState *env)
  */
 ret = (args == ADP_Stopped_ApplicationExit) ? 0 : 1;
 }
-gdb_exit(env, ret);
+gdb_exit(ret);
 exit(ret);
 case TARGET_SYS_SYNCCACHE:
 /*
diff --git a/target/m68k/m68k-semi.c b/target/m68k/m68k-semi.c
index 27600e0cc0..d919245e4f 100644
--- a/target/m68k/m68k-semi.c
+++ b/target/m68k/m68k-semi.c
@@ -195,7 +195,7 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
 args = env->dregs[1];
 switch (nr) {
 case HOSTED_EXIT:
-gdb_exit(env, env->dregs[0]);
+gdb_exit(env->dregs[0]);
 exit(env->dregs[0]);
 case HOSTED_OPEN:
 GET_ARG(0);
diff --git a/target/nios2/nios2-semi.c b/target/nios2/nios2-semi.c
index d7a80dd303..e508b2fafc 100644
--- a/target/nios2/nios2-semi.c
+++ b/target/nios2/nios2-semi.c
@@ -215,7 +215,7 @@ void do_nios2_semihosting(CPUNios2State *env)
 args = env->regs[R_ARG1];
 switch (nr) {
 case HOSTED_EXIT:
-gdb_exit(env, env->regs[R_ARG0]);
+gdb_exit(env->regs[R_ARG0]);
 exit(env->regs[R_ARG0]);
 case HOSTED_OPEN:
 GET_ARG(0);
-- 
2.20.1

[PATCH v1 03/20] configure: gate our use of GDB to 8.3.1 or above

2021-01-08 Thread Alex Bennée 
The support of socket based debugging which we need for linux-user
testing is only really stable as of 8.3.1 so lets gate our use of GDB
on having a relatively modern version.

For direct testing you can just point to a locally compiled version of
gdb via configure, e.g.:

  ../../configure --gdb=$HOME/src/binutils-gdb.git/builds/all/install/bin/gdb

Signed-off-by: Alex Bennée 
Message-Id: <20201214153012.12723-3-alex.ben...@linaro.org>
Message-Id: <20201218112707.28348-3-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
---
 configure | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 5860bdb77b..96cc7d9b9f 100755
--- a/configure
+++ b/configure
@@ -6239,8 +6239,11 @@ if test "$plugins" = "yes" ; then
 fi
 fi
 
-if test -n "$gdb_bin" ; then
-echo "HAVE_GDB_BIN=$gdb_bin" >> $config_host_mak
+if test -n "$gdb_bin"; then
+gdb_version=$($gdb_bin --version | head -n 1)
+if version_ge ${gdb_version##* } 8.3.1; then
+echo "HAVE_GDB_BIN=$gdb_bin" >> $config_host_mak
+fi
 fi
 
 if test "$secret_keyring" = "yes" ; then
-- 
2.20.1

[PATCH v1 08/20] gdbstub: drop gdbserver_cleanup in favour of gdb_exit

2021-01-08 Thread Alex Bennée 
Despite it's name it didn't actually clean-up so let us document
gdb_exit() better and use that.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20201214153012.12723-6-alex.ben...@linaro.org>
Message-Id: <20201218112707.28348-8-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
---
 include/exec/gdbstub.h | 14 +++---
 gdbstub.c  |  7 ---
 softmmu/runstate.c |  2 +-
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
index 492db0f512..ff0b7bc45e 100644
--- a/include/exec/gdbstub.h
+++ b/include/exec/gdbstub.h
@@ -46,7 +46,17 @@ void gdb_do_syscall(gdb_syscall_complete_cb cb, const char 
*fmt, ...);
 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va);
 int use_gdb_syscalls(void);
 void gdb_set_stop_cpu(CPUState *cpu);
-void gdb_exit(int);
+
+/**
+ * gdb_exit: exit gdb session, reporting inferior status
+ * @code: exit code reported
+ *
+ * This closes the session and sends a final packet to GDB reporting
+ * the exit status of the program. It also cleans up any connections
+ * detritus before returning.
+ */
+void gdb_exit(int code);
+
 #ifdef CONFIG_USER_ONLY
 /**
  * gdb_handlesig: yield control to gdb
@@ -187,8 +197,6 @@ static inline uint8_t * gdb_get_reg_ptr(GByteArray *buf, 
int len)
  */
 int gdbserver_start(const char *port_or_device);
 
-void gdbserver_cleanup(void);
-
 /**
  * gdb_has_xml:
  * This is an ugly hack to cope with both new and old gdb.
diff --git a/gdbstub.c b/gdbstub.c
index afa553e8fc..bab8476357 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -3547,13 +3547,6 @@ int gdbserver_start(const char *device)
 return 0;
 }
 
-void gdbserver_cleanup(void)
-{
-if (gdbserver_state.init) {
-put_packet("W00");
-}
-}
-
 static void register_types(void)
 {
 type_register_static(_gdb_type_info);
diff --git a/softmmu/runstate.c b/softmmu/runstate.c
index 636aab0add..6177693a30 100644
--- a/softmmu/runstate.c
+++ b/softmmu/runstate.c
@@ -775,7 +775,7 @@ void qemu_init_subsystems(void)
 
 void qemu_cleanup(void)
 {
-gdbserver_cleanup();
+gdb_exit(0);
 
 /*
  * cleaning up the migration object cancels any existing migration
-- 
2.20.1

[PATCH v1 06/20] gdbstub: add support to Xfer:auxv:read: packet

2021-01-08 Thread Alex Bennée 
From: Lirong Yuan 

This allows gdb to access the target’s auxiliary vector,
which can be helpful for telling system libraries important details
about the hardware, operating system, and process.

[AJB: minor tweaks to test case, update MAINTAINERS]

Signed-off-by: Lirong Yuan 
Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Message-Id: <20200730193932.3654677-1-yua...@google.com>
Message-Id: <20201214153012.12723-4-alex.ben...@linaro.org>
Message-Id: <20201218112707.28348-6-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
---
 gdbstub.c | 54 ++
 MAINTAINERS   |  1 +
 tests/tcg/multiarch/Makefile.target   |  9 +++
 .../multiarch/gdbstub/test-qxfer-auxv-read.py | 57 +++
 4 files changed, 121 insertions(+)
 create mode 100644 tests/tcg/multiarch/gdbstub/test-qxfer-auxv-read.py

diff --git a/gdbstub.c b/gdbstub.c
index d99bc0bf2e..15d3a8e1f5 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -2172,6 +2172,12 @@ static void handle_query_supported(GdbCmdContext 
*gdb_ctx, void *user_ctx)
 ";ReverseStep+;ReverseContinue+");
 }
 
+#ifdef CONFIG_USER_ONLY
+if (gdbserver_state.c_cpu->opaque) {
+g_string_append(gdbserver_state.str_buf, ";qXfer:auxv:read+");
+}
+#endif
+
 if (gdb_ctx->num_params &&
 strstr(gdb_ctx->params[0].data, "multiprocess+")) {
 gdbserver_state.multiprocess = true;
@@ -2233,6 +2239,46 @@ static void handle_query_xfer_features(GdbCmdContext 
*gdb_ctx, void *user_ctx)
   gdbserver_state.str_buf->len, true);
 }
 
+#ifdef CONFIG_USER_ONLY
+static void handle_query_xfer_auxv(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+TaskState *ts;
+unsigned long offset, len, saved_auxv, auxv_len;
+const char *mem;
+
+if (gdb_ctx->num_params < 2) {
+put_packet("E22");
+return;
+}
+
+offset = gdb_ctx->params[0].val_ul;
+len = gdb_ctx->params[1].val_ul;
+ts = gdbserver_state.c_cpu->opaque;
+saved_auxv = ts->info->saved_auxv;
+auxv_len = ts->info->auxv_len;
+mem = (const char *)(saved_auxv + offset);
+if (offset > auxv_len) {
+put_packet("E00");
+return;
+}
+
+if (len > (MAX_PACKET_LENGTH - 5) / 2) {
+len = (MAX_PACKET_LENGTH - 5) / 2;
+}
+
+if (len < auxv_len - offset) {
+g_string_assign(gdbserver_state.str_buf, "m");
+memtox(gdbserver_state.str_buf, mem, len);
+} else {
+g_string_assign(gdbserver_state.str_buf, "l");
+memtox(gdbserver_state.str_buf, mem, auxv_len - offset);
+}
+
+put_packet_binary(gdbserver_state.str_buf->str,
+  gdbserver_state.str_buf->len, true);
+}
+#endif
+
 static void handle_query_attached(GdbCmdContext *gdb_ctx, void *user_ctx)
 {
 put_packet(GDB_ATTACHED);
@@ -2338,6 +2384,14 @@ static GdbCmdParseEntry gdb_gen_query_table[] = {
 .cmd_startswith = 1,
 .schema = "s:l,l0"
 },
+#ifdef CONFIG_USER_ONLY
+{
+.handler = handle_query_xfer_auxv,
+.cmd = "Xfer:auxv:read::",
+.cmd_startswith = 1,
+.schema = "l,l0"
+},
+#endif
 {
 .handler = handle_query_attached,
 .cmd = "Attached:",
diff --git a/MAINTAINERS b/MAINTAINERS
index 4be087b88e..990554cda1 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2322,6 +2322,7 @@ R: Philippe Mathieu-Daudé 
 S: Maintained
 F: gdbstub*
 F: gdb-xml/
+F: tests/tcg/multiarch/gdbstub/
 
 Memory API
 M: Paolo Bonzini 
diff --git a/tests/tcg/multiarch/Makefile.target 
b/tests/tcg/multiarch/Makefile.target
index cb49cc9ccb..1dd0f64d23 100644
--- a/tests/tcg/multiarch/Makefile.target
+++ b/tests/tcg/multiarch/Makefile.target
@@ -55,6 +55,15 @@ run-gdbstub-sha1: sha1
"basic gdbstub support")
 
 EXTRA_RUNS += run-gdbstub-sha1
+
+run-gdbstub-qxfer-auxv-read: sha1
+   $(call run-test, $@, $(GDB_SCRIPT) \
+   --gdb $(HAVE_GDB_BIN) \
+   --qemu $(QEMU) --qargs "$(QEMU_OPTS)" \
+   --bin $< --test 
$(MULTIARCH_SRC)/gdbstub/test-qxfer-auxv-read.py, \
+   "basic gdbstub qXfer:auxv:read support")
+
+EXTRA_RUNS += run-gdbstub-sha1 run-gdbstub-qxfer-auxv-read
 endif
 
 
diff --git a/tests/tcg/multiarch/gdbstub/test-qxfer-auxv-read.py 
b/tests/tcg/multiarch/gdbstub/test-qxfer-auxv-read.py
new file mode 100644
index 00..d91e8fdf19
--- /dev/null
+++ b/tests/tcg/multiarch/gdbstub/test-qxfer-auxv-read.py
@@ -0,0 +1,57 @@
+from __future__ import print_function
+#
+# Test auxiliary vector is loaded via gdbstub
+#
+# This is launched via tests/guest-debug/run-test.py
+#
+
+import gdb
+import sys
+
+failcount = 0
+
+def report(cond, msg):
+"Report success/fail of test"
+if cond:
+print ("PASS: %s" % (msg))
+else:
+print ("FAIL: %s" % (msg))
+global failcount
+failcount += 1
+
+def run_test():
+"Run through the tests one by one"
+
+auxv = gdb.execute("info

[PATCH v1 00/20] gdbstub, semihosting and test/tool updates (pre PR)

2021-01-08 Thread Alex Bennée 
Hi,

This is gathering together my maintainer trees into one place in
advance of putting together a pull request next week. There are:

  - gdbstub: more tests and tweaks to SVE handling for ARM
  - semihosting: common code and enabling for RiscV
  - some minor test and devtool tweaks

Last chance to object to any of the changes ;-)

Alex Bennée (9):
  test/guest-debug: echo QEMU command as well
  configure: gate our use of GDB to 8.3.1 or above
  Revert "tests/tcg/multiarch/Makefile.target: Disable run-gdbstub-sha1
test"
  gdbstub: implement a softmmu based test
  gdbstub: drop CPUEnv from gdb_exit()
  gdbstub: drop gdbserver_cleanup in favour of gdb_exit
  gdbstub: ensure we clean-up when terminated
  target/arm: use official org.gnu.gdb.aarch64.sve layout for registers
  Makefile: add GNU global tags support

Keith Packard (8):
  semihosting: Move ARM semihosting code to shared directories
  semihosting: Change common-semi API to be architecture-independent
  semihosting: Change internal common-semi interfaces to use CPUState *
  semihosting: Support SYS_HEAPINFO when env->boot_info is not set
  riscv: Add semihosting support
  semihosting: Implement SYS_ELAPSED and SYS_TICKFREQ
  semihosting: Implement SYS_TMPNAM
  semihosting: Implement SYS_ISERROR

Kito Cheng (1):
  riscv: Add semihosting support for user mode

Lirong Yuan (1):
  gdbstub: add support to Xfer:auxv:read: packet

Philippe Mathieu-Daudé (1):
  tests/docker: Remove Debian 9 remnant lines

 configure |   7 +-
 Makefile  |   9 +-
 default-configs/devices/arm-softmmu.mak   |   1 +
 default-configs/devices/riscv32-softmmu.mak   |   2 +
 default-configs/devices/riscv64-softmmu.mak   |   2 +
 .../targets/aarch64-linux-user.mak|   1 +
 .../targets/aarch64_be-linux-user.mak |   1 +
 default-configs/targets/arm-linux-user.mak|   1 +
 default-configs/targets/armeb-linux-user.mak  |   1 +
 .../targets/riscv32-linux-user.mak|   1 +
 .../targets/riscv64-linux-user.mak|   1 +
 hw/semihosting/common-semi.h  |  39 ++
 include/exec/gdbstub.h|  14 +-
 include/qemu/timer.h  |   2 +
 linux-user/qemu.h |   4 +-
 target/arm/cpu.h  |   8 -
 target/riscv/cpu_bits.h   |   1 +
 bsd-user/syscall.c|   6 +-
 gdbstub.c |  65 ++-
 .../semihosting/common-semi.c | 525 --
 linux-user/aarch64/cpu_loop.c |   3 +-
 linux-user/arm/cpu_loop.c |   3 +-
 linux-user/exit.c |   2 +-
 linux-user/riscv/cpu_loop.c   |   5 +
 linux-user/{arm => }/semihost.c   |   8 +-
 softmmu/runstate.c|   2 +-
 target/arm/gdbstub.c  |  75 +--
 target/arm/helper.c   |   7 +-
 target/arm/m_helper.c |   7 +-
 target/m68k/m68k-semi.c   |   2 +-
 target/nios2/nios2-semi.c |   2 +-
 target/riscv/cpu_helper.c |  10 +
 target/riscv/translate.c  |  11 +
 util/qemu-timer-common.c  |   4 +
 .../riscv/insn_trans/trans_privileged.c.inc   |  37 +-
 .gitignore|   3 +
 MAINTAINERS   |   1 +
 hw/semihosting/Kconfig|   3 +
 hw/semihosting/meson.build|   3 +
 linux-user/arm/meson.build|   3 -
 linux-user/meson.build|   1 +
 qemu-options.hx   |  10 +-
 target/arm/meson.build|   2 -
 tests/docker/Makefile.include |   1 -
 tests/guest-debug/run-test.py |  35 +-
 tests/tcg/aarch64/Makefile.softmmu-target |   1 +
 tests/tcg/aarch64/gdbstub/test-sve-ioctl.py   |  11 +
 tests/tcg/aarch64/system/boot.S   |   1 +
 tests/tcg/i386/Makefile.softmmu-target|   1 +
 tests/tcg/i386/system/boot.S  |   2 +-
 tests/tcg/multiarch/Makefile.target   |  13 +-
 tests/tcg/multiarch/gdbstub/memory.py | 130 +
 .../multiarch/gdbstub/test-qxfer-auxv-read.py |  57 ++
 .../multiarch/system/Makefile.softmmu-target  |  19 +-
 tests/tcg/x86_64/Makefile.softmmu-target  |   1 +
 tests/tcg/x86_64/system/boot.S|   2 +-
 56 files changed, 888 insertions(+), 281 deletions(-)
 create mode 100644 hw/semihosting/common-semi.h
 rename target/arm/arm-semi.c => hw/semihosting/common-semi.c (66%)
 rename linux-user/{arm => }/semihost.c (89%)
 create mode 100644 tests/tcg/multiarch/gdbstub/memory.py
 create mode 100644 tests/tcg/multiarch/gdbstub/test-qxfer-auxv-read.py

-- 
2.20.1

Re: [RFC PATCH] Makefile: add GNU global tags support

2021-01-08 Thread Ben Widawsky 
On 21-01-08 22:30:59, Alex Bennée wrote:
> 
> Ben Widawsky  writes:
> 
> > On 21-01-08 12:19:35, Alex Bennée wrote:
> >> GNU Global is another tags engine which is more like cscope in being
> >> able to support finding both references and definitions. You will be
> >> un-surprised to know it also integrates well with Emacs.
> >> 
> >> The main benefit of integrating it into find-src-path is it takes less
> >> time to rebuild the database from scratch when you have a lot of build
> >> directories under your source tree.
> >> 
> >> Signed-off-by: Alex Bennée 
> >
> > It might be worth mentioning that the Linux kernel has supported this for a 
> > long
> > time now (10+ years).
> >
> > Having switched to gtags about 3 years ago, I think it's summarily better 
> > and
> > would really like this to get merged.
> 
> So I take it that's a reviewed-by and a tested-by tag from you?
> 

It doesn't actually work correctly for me, I just like the idea :-)

make gtags 2>&1  | grep ignored | wc -l
6266

Warning: '/home/bwidawsk/work/clk/qemu/accel/qtest/qtest.c' is out of source 
tree. ignored.

> >
> >> ---
> >>  Makefile   | 9 -
> >>  .gitignore | 3 +++
> >>  2 files changed, 11 insertions(+), 1 deletion(-)
> >> 
> >> diff --git a/Makefile b/Makefile
> >> index fb9923ff22..66eec99685 100644
> >> --- a/Makefile
> >> +++ b/Makefile
> >> @@ -253,6 +253,13 @@ ctags:
> >>rm -f "$(SRC_PATH)/"tags
> >>$(find-src-path) -exec ctags -f "$(SRC_PATH)/"tags --append {} +
> >>  
> >> +.PHONY: gtags
> >> +gtags:
> >> +  rm -f "$(SRC_PATH)/"GTAGS
> >> +  rm -f "$(SRC_PATH)/"GRTAGS
> >> +  rm -f "$(SRC_PATH)/"GPATH
> >> +  $(find-src-path) | gtags -f -
> >> +
> >>  .PHONY: TAGS
> >>  TAGS:
> >>rm -f "$(SRC_PATH)/"TAGS
> >> @@ -279,7 +286,7 @@ help:
> >>$(call print-help,all,Build all)
> >>$(call print-help,dir/file.o,Build specified target only)
> >>$(call print-help,install,Install QEMU, documentation and tools)
> >> -  $(call print-help,ctags/TAGS,Generate tags file for editors)
> >> +  $(call print-help,ctags/gtags/TAGS,Generate tags file for editors)
> >>$(call print-help,cscope,Generate cscope index)
> >>$(call print-help,sparse,Run sparse on the QEMU source)
> >>@echo  ''
> >> diff --git a/.gitignore b/.gitignore
> >> index b32bca1315..75a4be0724 100644
> >> --- a/.gitignore
> >> +++ b/.gitignore
> >> @@ -7,6 +7,9 @@
> >>  cscope.*
> >>  tags
> >>  TAGS
> >> +GPATH
> >> +GRTAGS
> >> +GTAGS
> >>  *~
> >>  *.ast_raw
> >>  *.depend_raw
> >> -- 
> >> 2.20.1
> >> 
> >> 
> 
> 
> -- 
> Alex Bennée

[Bug 1910826] [NEW] [OSS-Fuzz] Issue 29224 rtl8139: Stack-overflow in rtlNUMBER_transmit_one

2021-01-08 Thread Alexander Bulekov 
Public bug reported:

=== Reproducer ===
cat << EOF | ../build/qemu-system-i386 -machine q35 \
-nodefaults  -device rtl8139,netdev=net0 \
-netdev user,id=net0 -display none -qtest stdio
outl 0xcf8 0x8804
outb 0xcfc 0x26
outl 0xcf8 0x8817
outb 0xcfc 0xff
write 0x1 0x1 0x42
write 0x5 0x1 0x42
write 0x9 0x1 0x42
write 0xd 0x1 0x42
write 0xff44 0x4 0x11
write 0xff37 0x1 0x1c
writel 0xff30 0xff00
write 0xff40 0x4 0x16
write 0xff10 0x4 0x01020
EOF

=== Stack Trace ===
==2819215==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd2c714040 
(pc 0x5639b3a933d9 bp 0x7ffd2c716210 sp 0x7ffd2c714040 T0)
#0 rtl8139_transmit_one /src/qemu/hw/net/rtl8139.c:1815
#1 rtl8139_transmit /src/qemu/hw/net/rtl8139.c:2388:9
#2 rtl8139_TxStatus_write /src/qemu/hw/net/rtl8139.c:2442:5
#3 rtl8139_io_writel /src/qemu/hw/net/rtl8139.c:2865:13
#4 rtl8139_ioport_write /src/qemu/hw/net/rtl8139.c:3290:9
#5 memory_region_write_accessor /src/qemu/softmmu/memory.c:491:5
#6 access_with_adjusted_size /src/qemu/softmmu/memory.c:552:18
#7 memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
#8 flatview_write_continue /src/qemu/softmmu/physmem.c:2759:23
#9 flatview_write /src/qemu/softmmu/physmem.c:2799:14
#10 address_space_write /src/qemu/softmmu/physmem.c:2891:18
#11 address_space_rw /src/qemu/softmmu/physmem.c:2901:16
#12 dma_memory_rw_relaxed /src/qemu/include/sysemu/dma.h:88:12
#13 dma_memory_rw /src/qemu/include/sysemu/dma.h:127:12
#14 pci_dma_rw /src/qemu/include/hw/pci/pci.h:801:12
#15 pci_dma_write /src/qemu/include/hw/pci/pci.h:837:12
#16 rtl8139_write_buffer /src/qemu/hw/net/rtl8139.c:778:5
#17 rtl8139_do_receive /src/qemu/hw/net/rtl8139.c:1172:9
#18 rtl8139_transfer_frame /src/qemu/hw/net/rtl8139.c:1798:9
#19 rtl8139_transmit_one /src/qemu/hw/net/rtl8139.c:1845:5
#20 rtl8139_transmit /src/qemu/hw/net/rtl8139.c:2388:9
#21 rtl8139_TxStatus_write /src/qemu/hw/net/rtl8139.c:2442:5
#22 rtl8139_io_writel /src/qemu/hw/net/rtl8139.c:2865:13
#23 rtl8139_ioport_write /src/qemu/hw/net/rtl8139.c:3290:9
#24 memory_region_write_accessor /src/qemu/softmmu/memory.c:491:5
#25 access_with_adjusted_size /src/qemu/softmmu/memory.c:552:18
#26 memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
#27 flatview_write_continue /src/qemu/softmmu/physmem.c:2759:23
#28 flatview_write /src/qemu/softmmu/physmem.c:2799:14
#29 address_space_write /src/qemu/softmmu/physmem.c:2891:18
#30 address_space_rw /src/qemu/softmmu/physmem.c:2901:16
#31 dma_memory_rw_relaxed /src/qemu/include/sysemu/dma.h:88:12
#32 dma_memory_rw /src/qemu/include/sysemu/dma.h:127:12
#33 pci_dma_rw /src/qemu/include/hw/pci/pci.h:801:12
#34 pci_dma_write /src/qemu/include/hw/pci/pci.h:837:12
#35 rtl8139_write_buffer /src/qemu/hw/net/rtl8139.c:778:5
#36 rtl8139_do_receive /src/qemu/hw/net/rtl8139.c:1172:9
#37 rtl8139_transfer_frame /src/qemu/hw/net/rtl8139.c:1798:9
Repeat until we run out of stack

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29224

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1910826

Title:
  [OSS-Fuzz] Issue 29224 rtl8139: Stack-overflow in
  rtlNUMBER_transmit_one

Status in QEMU:
  New

Bug description:
  === Reproducer ===
  cat << EOF | ../build/qemu-system-i386 -machine q35 \
  -nodefaults  -device rtl8139,netdev=net0 \
  -netdev user,id=net0 -display none -qtest stdio
  outl 0xcf8 0x8804
  outb 0xcfc 0x26
  outl 0xcf8 0x8817
  outb 0xcfc 0xff
  write 0x1 0x1 0x42
  write 0x5 0x1 0x42
  write 0x9 0x1 0x42
  write 0xd 0x1 0x42
  write 0xff44 0x4 0x11
  write 0xff37 0x1 0x1c
  writel 0xff30 0xff00
  write 0xff40 0x4 0x16
  write 0xff10 0x4 0x01020
  EOF

  === Stack Trace ===
  ==2819215==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd2c714040 
(pc 0x5639b3a933d9 bp 0x7ffd2c716210 sp 0x7ffd2c714040 T0)
  #0 rtl8139_transmit_one /src/qemu/hw/net/rtl8139.c:1815
  #1 rtl8139_transmit /src/qemu/hw/net/rtl8139.c:2388:9
  #2 rtl8139_TxStatus_write /src/qemu/hw/net/rtl8139.c:2442:5
  #3 rtl8139_io_writel /src/qemu/hw/net/rtl8139.c:2865:13
  #4 rtl8139_ioport_write /src/qemu/hw/net/rtl8139.c:3290:9
  #5 memory_region_write_accessor /src/qemu/softmmu/memory.c:491:5
  #6 access_with_adjusted_size /src/qemu/softmmu/memory.c:552:18
  #7 memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
  #8 flatview_write_continue /src/qemu/softmmu/physmem.c:2759:23
  #9 flatview_write /src/qemu/softmmu/physmem.c:2799:14
  #10 address_space_write /src/qemu/softmmu/physmem.c:2891:18
  #11 address_space_rw /src/qemu/softmmu/physmem.c:2901:16
  #12 dma_memory_rw_relaxed /src/qemu/include/sysemu/dma.h:88:12
  #13 dma_memory_rw /src/qemu/include/sysemu/dma.h:127:12
  #14 pci_dma_rw /src/qemu/include/hw/pci/pci.h:801:12
  #15 pci_dma_write /src/qemu/include/hw/pci/pci.h:837:12
  #16 rtl8139_write_buffer

Re: [PATCH v3 3/6] target/arm: make ARMCPU.ctr 64-bit

2021-01-08 Thread Richard Henderson 
On 1/8/21 8:51 AM, Leif Lindholm wrote:
> When FEAT_MTE is implemented, the AArch64 view of CTR_EL0 adds the
> TminLine field in bits [37:32].
> Extend the ctr field to be able to hold this context.
> 
> Signed-off-by: Leif Lindholm 
> ---
>  target/arm/cpu.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson 

r~

Re: [PATCH 0/9] Add RISC-V semihosting 0.2. Finish ARM semihosting 2.0

2021-01-08 Thread Alex Bennée 


Keith Packard  writes:

> This series adds support for RISC-V Semihosting, version 0.2 as
> specified here:
>
>   https://github.com/riscv/riscv-semihosting-spec/releases/tag/0.2
>
> This specification references the ARM semihosting release 2.0 as
> specified here:
>
>   https://static.docs.arm.com/100863/0200/semihosting.pdf
>
> That specification includes several semihosting calls which were not
> previously implemented. This series includes implementations for the
> remaining calls so that both RISC-V and ARM versions are now complete.
>
> Tests for release 2.0 can be found in picolibc on the semihost-2.0-all
> branch:
>
>   https://github.com/picolibc/picolibc/tree/semihost-2.0-all
>
> These tests uncovered a bug in the SYS_HEAPINFO implementation for
> ARM, which has been fixed in this series as well.
>
> The series is structured as follows:
>
>  1. Move shared semihosting files
>  2. Change public common semihosting APIs
>  3. Change internal semihosting interfaces
>  4. Fix SYS_HEAPINFO crash on ARM
>  5-6. Add RISC-V semihosting implementation
>  7-9. Add missing semihosting operations from release 2.0

Queued to semihosting/next, thanks.

-- 
Alex Bennée

Re: [RFC PATCH] Makefile: add GNU global tags support

2021-01-08 Thread Alex Bennée 


Ben Widawsky  writes:

> On 21-01-08 12:19:35, Alex Bennée wrote:
>> GNU Global is another tags engine which is more like cscope in being
>> able to support finding both references and definitions. You will be
>> un-surprised to know it also integrates well with Emacs.
>> 
>> The main benefit of integrating it into find-src-path is it takes less
>> time to rebuild the database from scratch when you have a lot of build
>> directories under your source tree.
>> 
>> Signed-off-by: Alex Bennée 
>
> It might be worth mentioning that the Linux kernel has supported this for a 
> long
> time now (10+ years).
>
> Having switched to gtags about 3 years ago, I think it's summarily better and
> would really like this to get merged.

So I take it that's a reviewed-by and a tested-by tag from you?

>
>> ---
>>  Makefile   | 9 -
>>  .gitignore | 3 +++
>>  2 files changed, 11 insertions(+), 1 deletion(-)
>> 
>> diff --git a/Makefile b/Makefile
>> index fb9923ff22..66eec99685 100644
>> --- a/Makefile
>> +++ b/Makefile
>> @@ -253,6 +253,13 @@ ctags:
>>  rm -f "$(SRC_PATH)/"tags
>>  $(find-src-path) -exec ctags -f "$(SRC_PATH)/"tags --append {} +
>>  
>> +.PHONY: gtags
>> +gtags:
>> +rm -f "$(SRC_PATH)/"GTAGS
>> +rm -f "$(SRC_PATH)/"GRTAGS
>> +rm -f "$(SRC_PATH)/"GPATH
>> +$(find-src-path) | gtags -f -
>> +
>>  .PHONY: TAGS
>>  TAGS:
>>  rm -f "$(SRC_PATH)/"TAGS
>> @@ -279,7 +286,7 @@ help:
>>  $(call print-help,all,Build all)
>>  $(call print-help,dir/file.o,Build specified target only)
>>  $(call print-help,install,Install QEMU, documentation and tools)
>> -$(call print-help,ctags/TAGS,Generate tags file for editors)
>> +$(call print-help,ctags/gtags/TAGS,Generate tags file for editors)
>>  $(call print-help,cscope,Generate cscope index)
>>  $(call print-help,sparse,Run sparse on the QEMU source)
>>  @echo  ''
>> diff --git a/.gitignore b/.gitignore
>> index b32bca1315..75a4be0724 100644
>> --- a/.gitignore
>> +++ b/.gitignore
>> @@ -7,6 +7,9 @@
>>  cscope.*
>>  tags
>>  TAGS
>> +GPATH
>> +GRTAGS
>> +GTAGS
>>  *~
>>  *.ast_raw
>>  *.depend_raw
>> -- 
>> 2.20.1
>> 
>> 


-- 
Alex Bennée

Re: [PATCH v2 3/3] sam460ex: Use type cast macro instead of simple cast

2021-01-08 Thread Peter Maydell 
On Fri, 8 Jan 2021 at 22:17, BALATON Zoltan  wrote:
>
> Use the PCI_BUS type cast macro to convert result of qdev_get_child_bus().
> Also remove the check for NULL afterwards which should not be needed
> because sysbus_create_simple() uses error_abort and we create the PCI
> host object here that's expected to have a PCI bus so this shouldn't
> fail. Even if it would fail that would be due to a programmer error so
> an error message is not necessary.
>
> Signed-off-by: BALATON Zoltan 

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH v2 2/3] Revert "ppc4xx: Move common dependency on serial to common option"

2021-01-08 Thread Peter Maydell 
On Fri, 8 Jan 2021 at 22:17, BALATON Zoltan  wrote:
>
> This reverts commit e6d5106786 which was added mistakenly. While this
> change works it was suggested during review that keeping dependencies
> explicit for each board may be better than listing them in a common
> option so keep the previous version and revert this change.
>
> Signed-off-by: BALATON Zoltan 
> ---
>  hw/ppc/Kconfig | 5 -
>  1 file changed, 4 insertions(+), 1 deletion(-)

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH v2 1/3] Revert "sam460ex: Remove FDT_PPC dependency from KConfig"

2021-01-08 Thread Peter Maydell 
On Fri, 8 Jan 2021 at 22:17, BALATON Zoltan  wrote:
>
> This reverts commit 038da2adf that was mistakenly added, this
> dependency is still needed to get libfdt dependencies even if fdt.o is
> not needed by sam460ex.
>
> Signed-off-by: BALATON Zoltan 
> ---
>  hw/ppc/Kconfig | 1 +
>  1 file changed, 1 insertion(+)

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH v2] ui/cocoa: Fix openFile: deprecation on Big Sur

2021-01-08 Thread Peter Maydell 
On Fri, 8 Jan 2021 at 21:47, Roman Bolshakov  wrote:
>
> On Fri, Jan 08, 2021 at 03:05:55PM +, Peter Maydell wrote:
> > This menu bar breakage appears to be caused by this patch. I have
> > no idea why, because the patch looks pretty harmless. Nonetheless,
> > I'm going to have to drop it from my queue.
> >
>
> I think the patch is valid per-se and doubt the patch would cause menu
> bar breakage. I had unresponsive menu bar on Catalina even without the
> patch.

Well, for me it seemed to be consistent that with this patch the
menu bar didn't work, and without it it did work. I'll have
another look later.

-- PMM

[PATCH v2 1/3] Revert "sam460ex: Remove FDT_PPC dependency from KConfig"

2021-01-08 Thread BALATON Zoltan 
This reverts commit 038da2adf that was mistakenly added, this
dependency is still needed to get libfdt dependencies even if fdt.o is
not needed by sam460ex.

Signed-off-by: BALATON Zoltan 
---
 hw/ppc/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index 7e267d94a1..d2329edbab 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -64,6 +64,7 @@ config SAM460EX
 select SMBUS_EEPROM
 select USB_EHCI_SYSBUS
 select USB_OHCI
+select FDT_PPC
 
 config PREP
 bool
-- 
2.21.3

[PATCH v2 3/3] sam460ex: Use type cast macro instead of simple cast

2021-01-08 Thread BALATON Zoltan 
Use the PCI_BUS type cast macro to convert result of qdev_get_child_bus().
Also remove the check for NULL afterwards which should not be needed
because sysbus_create_simple() uses error_abort and we create the PCI
host object here that's expected to have a PCI bus so this shouldn't
fail. Even if it would fail that would be due to a programmer error so
an error message is not necessary.

Signed-off-by: BALATON Zoltan 
---
 hw/ppc/sam460ex.c | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c
index 45721ad6c7..e459b43065 100644
--- a/hw/ppc/sam460ex.c
+++ b/hw/ppc/sam460ex.c
@@ -419,11 +419,8 @@ static void sam460ex_init(MachineState *machine)
 /* All PCI irqs are connected to the same UIC pin (cf. UBoot source) */
 dev = sysbus_create_simple("ppc440-pcix-host", 0xc0ec0,
qdev_get_gpio_in(uic[1], 0));
-pci_bus = (PCIBus *)qdev_get_child_bus(dev, "pci.0");
-if (!pci_bus) {
-error_report("couldn't create PCI controller!");
-exit(1);
-}
+pci_bus = PCI_BUS(qdev_get_child_bus(dev, "pci.0"));
+
 memory_region_init_alias(isa, NULL, "isa_mmio", get_system_io(),
  0, 0x1);
 memory_region_add_subregion(get_system_memory(), 0xc0800, isa);
-- 
2.21.3

[PATCH v2 0/3] Fix up sam460ex fixes

2021-01-08 Thread BALATON Zoltan 
Accidentally the wrong version of this series was committed, this
series fixes that up to the last version that was meant to be merged.
This v2 is rebased on Peter's UIC series and clarifies commit message
of last patch.

Based-on: <20210108171212.16500-1-peter.mayd...@linaro.org>

BALATON Zoltan (3):
  Revert "sam460ex: Remove FDT_PPC dependency from KConfig"
  Revert "ppc4xx: Move common dependency on serial to common option"
  sam460ex: Use type cast macro instead of simple cast

 hw/ppc/Kconfig| 6 +-
 hw/ppc/sam460ex.c | 7 ++-
 2 files changed, 7 insertions(+), 6 deletions(-)

-- 
2.21.3

[PATCH v2 2/3] Revert "ppc4xx: Move common dependency on serial to common option"

2021-01-08 Thread BALATON Zoltan 
This reverts commit e6d5106786 which was added mistakenly. While this
change works it was suggested during review that keeping dependencies
explicit for each board may be better than listing them in a common
option so keep the previous version and revert this change.

Signed-off-by: BALATON Zoltan 
---
 hw/ppc/Kconfig | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index d2329edbab..d11dc30509 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -36,6 +36,7 @@ config PPC405
 select M48T59
 select PFLASH_CFI02
 select PPC4XX
+select SERIAL
 
 config PPC440
 bool
@@ -44,6 +45,7 @@ config PPC440
 imply E1000_PCI
 select PCI_EXPRESS
 select PPC4XX
+select SERIAL
 select FDT_PPC
 
 config PPC4XX
@@ -51,7 +53,6 @@ config PPC4XX
 select BITBANG_I2C
 select PCI
 select PPC_UIC
-select SERIAL
 
 config SAM460EX
 bool
@@ -60,6 +61,7 @@ config SAM460EX
 select IDE_SII3112
 select M41T80
 select PPC440
+select SERIAL
 select SM501
 select SMBUS_EEPROM
 select USB_EHCI_SYSBUS
@@ -121,6 +123,7 @@ config VIRTEX
 bool
 select PPC4XX
 select PFLASH_CFI01
+select SERIAL
 select XILINX
 select XILINX_ETHLITE
 select FDT_PPC
-- 
2.21.3

Re: [PATCH v2 1/4] hw/ppc/sam460ex: Drop use of ppcuic_init()

2021-01-08 Thread BALATON Zoltan 

On Fri, 8 Jan 2021, Peter Maydell wrote:

Switch the sam460ex board to directly creating and configuring the
UIC, rather than doing it via the old ppcuic_init() helper function.

Signed-off-by: Peter Maydell 


Reviewed-by: BALATON Zoltan 

Regards,
BALATON Zoltan


---
v1->v2 changes:
* fix typo in UIC 0 CINT wiring
* move local var declarations up
* drop unnecessary TODO comment
* improve comment about what the input_ints[] array is doing
---
hw/ppc/sam460ex.c | 69 ---
1 file changed, 53 insertions(+), 16 deletions(-)

diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c
index 14e6583eb0d..45721ad6c73 100644
--- a/hw/ppc/sam460ex.c
+++ b/hw/ppc/sam460ex.c
@@ -39,6 +39,7 @@
#include "hw/usb/hcd-ehci.h"
#include "hw/ppc/fdt.h"
#include "hw/qdev-properties.h"
+#include "hw/intc/ppc-uic.h"

#include 

@@ -281,7 +282,9 @@ static void sam460ex_init(MachineState *machine)
hwaddr ram_bases[SDRAM_NR_BANKS] = {0};
hwaddr ram_sizes[SDRAM_NR_BANKS] = {0};
MemoryRegion *l2cache_ram = g_new(MemoryRegion, 1);
-qemu_irq *irqs, *uic[4];
+DeviceState *uic[4];
+qemu_irq mal_irqs[4];
+int i;
PCIBus *pci_bus;
PowerPCCPU *cpu;
CPUPPCState *env;
@@ -312,13 +315,38 @@ static void sam460ex_init(MachineState *machine)
ppc4xx_plb_init(env);

/* interrupt controllers */
-irqs = g_new0(qemu_irq, PPCUIC_OUTPUT_NB);
-irqs[PPCUIC_OUTPUT_INT] = ((qemu_irq *)env->irq_inputs)[PPC40x_INPUT_INT];
-irqs[PPCUIC_OUTPUT_CINT] = ((qemu_irq 
*)env->irq_inputs)[PPC40x_INPUT_CINT];
-uic[0] = ppcuic_init(env, irqs, 0xc0, 0, 1);
-uic[1] = ppcuic_init(env, [0][30], 0xd0, 0, 1);
-uic[2] = ppcuic_init(env, [0][10], 0xe0, 0, 1);
-uic[3] = ppcuic_init(env, [0][16], 0xf0, 0, 1);
+for (i = 0; i < ARRAY_SIZE(uic); i++) {
+SysBusDevice *sbd;
+/*
+ * UICs 1, 2 and 3 are cascaded through UIC 0.
+ * input_ints[n] is the interrupt number on UIC 0 which
+ * the INT output of UIC n is connected to. The CINT output
+ * of UIC n connects to input_ints[n] + 1.
+ * The entry in input_ints[] for UIC 0 is ignored, because UIC 0's
+ * INT and CINT outputs are connected to the CPU.
+ */
+const int input_ints[] = { -1, 30, 10, 16 };
+
+uic[i] = qdev_new(TYPE_PPC_UIC);
+sbd = SYS_BUS_DEVICE(uic[i]);
+
+qdev_prop_set_uint32(uic[i], "dcr-base", 0xc0 + i * 0x10);
+object_property_set_link(OBJECT(uic[i]), "cpu", OBJECT(cpu),
+ _fatal);
+sysbus_realize_and_unref(sbd, _fatal);
+
+if (i == 0) {
+sysbus_connect_irq(sbd, PPCUIC_OUTPUT_INT,
+   ((qemu_irq 
*)env->irq_inputs)[PPC40x_INPUT_INT]);
+sysbus_connect_irq(sbd, PPCUIC_OUTPUT_CINT,
+   ((qemu_irq 
*)env->irq_inputs)[PPC40x_INPUT_CINT]);
+} else {
+sysbus_connect_irq(sbd, PPCUIC_OUTPUT_INT,
+   qdev_get_gpio_in(uic[0], input_ints[i]));
+sysbus_connect_irq(sbd, PPCUIC_OUTPUT_CINT,
+   qdev_get_gpio_in(uic[0], input_ints[i] + 1));
+}
+}

/* SDRAM controller */
/* put all RAM on first bank because board has one slot
@@ -331,7 +359,8 @@ static void sam460ex_init(MachineState *machine)
  ram_bases, ram_sizes, 1);

/* IIC controllers and devices */
-dev = sysbus_create_simple(TYPE_PPC4xx_I2C, 0x4ef600700, uic[0][2]);
+dev = sysbus_create_simple(TYPE_PPC4xx_I2C, 0x4ef600700,
+   qdev_get_gpio_in(uic[0], 2));
i2c = PPC4xx_I2C(dev)->bus;
/* SPD EEPROM on RAM module */
spd_data = spd_data_generate(ram_sizes[0] < 128 * MiB ? DDR : DDR2,
@@ -341,7 +370,8 @@ static void sam460ex_init(MachineState *machine)
/* RTC */
i2c_slave_create_simple(i2c, "m41t80", 0x68);

-dev = sysbus_create_simple(TYPE_PPC4xx_I2C, 0x4ef600800, uic[0][3]);
+dev = sysbus_create_simple(TYPE_PPC4xx_I2C, 0x4ef600800,
+   qdev_get_gpio_in(uic[0], 3));

/* External bus controller */
ppc405_ebc_init(env);
@@ -356,7 +386,10 @@ static void sam460ex_init(MachineState *machine)
ppc4xx_sdr_init(env);

/* MAL */
-ppc4xx_mal_init(env, 4, 16, [2][3]);
+for (i = 0; i < ARRAY_SIZE(mal_irqs); i++) {
+mal_irqs[0] = qdev_get_gpio_in(uic[2], 3 + i);
+}
+ppc4xx_mal_init(env, 4, 16, mal_irqs);

/* DMA */
ppc4xx_dma_init(env, 0x200);
@@ -369,21 +402,23 @@ static void sam460ex_init(MachineState *machine)
memory_region_add_subregion(address_space_mem, 0x4LL, l2cache_ram);

/* USB */
-sysbus_create_simple(TYPE_PPC4xx_EHCI, 0x4bffd0400, uic[2][29]);
+sysbus_create_simple(TYPE_PPC4xx_EHCI, 0x4bffd0400,
+ qdev_get_gpio_in(uic[2], 29));
dev = qdev_new("sysbus-ohci");
qdev_prop_set_string(dev, "masterbus", "usb-bus.0");

Re: [PATCH v2] ui/cocoa: Fix openFile: deprecation on Big Sur

2021-01-08 Thread Roman Bolshakov 
On Fri, Jan 08, 2021 at 03:05:55PM +, Peter Maydell wrote:
> On Fri, 8 Jan 2021 at 15:00, Peter Maydell  wrote:
> >
> > On Fri, 8 Jan 2021 at 13:50, Peter Maydell  wrote:
> > >
> > > On Sat, 2 Jan 2021 at 15:14, Roman Bolshakov  
> > > wrote:
> > > >
> > > > ui/cocoa.m:1188:44: warning: 'openFile:' is deprecated: first 
> > > > deprecated in macOS 11.0 - Use -[NSWorkspace openURL:] instead.
> > > >   [-Wdeprecated-declarations]
> > > > if ([[NSWorkspace sharedWorkspace] openFile: full_file_path] == 
> > > > YES) {
> > > >^
> > > > /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/System/Library/Frameworks/AppKit.framework/Headers/NSWorkspace.h:350:1:
> > > >  note:
> > > >   'openFile:' has been explicitly marked deprecated here
> > > > - (BOOL)openFile:(NSString *)fullPath API_DEPRECATED("Use -[NSWorkspace 
> > > > openURL:] instead.", macos(10.0, 11.0));
> > > > ^
> > > >
> > > > Signed-off-by: Roman Bolshakov 
> > > > ---
> > >
> > > Reviewed-by: Peter Maydell 
> >
> >
> > So I was just trying to test this patch, and I found that at least
> > for me the osx menu bar has stopped working in QEMU -- keyboard
> > shortcuts to it still work but none of the menu buttons respond
> > to the mouse. Does that happen for anybody else?
> 
> This menu bar breakage appears to be caused by this patch. I have
> no idea why, because the patch looks pretty harmless. Nonetheless,
> I'm going to have to drop it from my queue.
> 

I think the patch is valid per-se and doubt the patch would cause menu
bar breakage. I had unresponsive menu bar on Catalina even without the
patch.

And I've checked the pre-exesting menu bar issue is resolved in Big Sur
(I assume it was a bug in macOS). As a workaround you might use cmd-tab
or switch focus to another window using mouse and then return it back.

Thanks,
Roman

[PATCH] ui/cocoa: Update path to docs in build tree

2021-01-08 Thread Roman Bolshakov 
QEMU documentation can't be opened if QEMU is run from build tree
because executables are placed in the top of build tree after conversion
to meson.

Signed-off-by: Roman Bolshakov 
---
 ui/cocoa.m | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/cocoa.m b/ui/cocoa.m
index ea3b845b53..13fba8103e 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -1176,7 +1176,7 @@ QemuCocoaView *cocoaView;
 - (void) openDocumentation: (NSString *) filename
 {
 /* Where to look for local files */
-NSString *path_array[] = {@"../share/doc/qemu/", @"../doc/qemu/", 
@"../docs/"};
+NSString *path_array[] = {@"../share/doc/qemu/", @"../doc/qemu/", 
@"docs/"};
 NSString *full_file_path;
 NSURL *full_file_url;
 
-- 
2.29.2

Re: [PATCH] tests/acceptance: Fix race conditions in s390x tests & skip fedora on gitlab-CI

2021-01-08 Thread Willian Rampazzo 
On Fri, Jan 8, 2021 at 3:59 PM Thomas Huth  wrote:
>
> There was a race condition in the first test where there was already the
> "crw" output in the dmesg, but the "0.0.4711" entry has not been created
> in the /sys fs yet. Fix it by waiting until it is there.
>
> The second test has even more problems on gitlab-CI. Even after adding some
> more synchronization points (that wait for some messages in the "dmesg"
> output to make sure that the modules got loaded correctly), there are still
> occasionally some hangs in this test when it is running in the gitlab-CI.
> So far I was unable to reproduce these hangs locally on my computer, so
> this issue might take a while to debug. Thus disable the 2nd test in the
> gitlab-CI until the problems are better understood and fixed.
>
> Signed-off-by: Thomas Huth 
> ---
>  tests/acceptance/machine_s390_ccw_virtio.py | 14 --
>  1 file changed, 12 insertions(+), 2 deletions(-)
>

Reviewed-by: Willian Rampazzo 
Tested-by: Willian Rampazzo 

JOB ID : 6b2b3c1f6f6b0c4c2e9fd694b475bd12c193adbd
JOB LOG: 
/home/linux1/src/qemu.dev/build/tests/results/job-2021-01-08T16.24-6b2b3c1/job.log
 (1/2) 
tests/acceptance/machine_s390_ccw_virtio.py:S390CCWVirtioMachine.test_s390x_devices:
PASS (8.78 s)
 (2/2) 
tests/acceptance/machine_s390_ccw_virtio.py:S390CCWVirtioMachine.test_s390x_fedora:
PASS (23.86 s)
RESULTS: PASS 2 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0
| CANCEL 0
JOB TIME   : 33.02 s

Re: [PATCH v2] ui/cocoa: Fix openFile: deprecation on Big Sur

2021-01-08 Thread Roman Bolshakov 
On Fri, Jan 08, 2021 at 03:00:07PM +, Peter Maydell wrote:
> On Fri, 8 Jan 2021 at 13:50, Peter Maydell  wrote:
> >
> > On Sat, 2 Jan 2021 at 15:14, Roman Bolshakov  wrote:
> > >
> > > ui/cocoa.m:1188:44: warning: 'openFile:' is deprecated: first deprecated 
> > > in macOS 11.0 - Use -[NSWorkspace openURL:] instead.
> > >   [-Wdeprecated-declarations]
> > > if ([[NSWorkspace sharedWorkspace] openFile: full_file_path] == 
> > > YES) {
> > >^
> > > /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/System/Library/Frameworks/AppKit.framework/Headers/NSWorkspace.h:350:1:
> > >  note:
> > >   'openFile:' has been explicitly marked deprecated here
> > > - (BOOL)openFile:(NSString *)fullPath API_DEPRECATED("Use -[NSWorkspace 
> > > openURL:] instead.", macos(10.0, 11.0));
> > > ^
> > >
> > > Signed-off-by: Roman Bolshakov 
> > > ---
> >
> > Reviewed-by: Peter Maydell 
> 
> 
> So I was just trying to test this patch, and I found that at least
> for me the osx menu bar has stopped working in QEMU -- keyboard
> shortcuts to it still work but none of the menu buttons respond
> to the mouse. Does that happen for anybody else?
> 

There's an old bug when QEMU menu bar is not responsive because it's not
properly activated. If you click off qemu and click on the qemu dock
icon then it "gets fixed" (cmd-tab works too). Do you hit the issue as
described in the article [1]? The code in the article does exactly the
same what I'm doing manually. I wanted to fix it but somehow it got
postponed for like a whole year :) I might try to make a fix this but
note, the issue is not related to the patch.


> Also, the "bring up the docs" help option (which is what this
> patch is changing) doesn't seem to work when QEMU is run from
> the source tree and the docs haven't been installed to the
> locations where it expects it might find them. Probably the
> code needs updating to work with qemu_find_file() or some
> variant on it.
> 

If I add:
diff --git a/ui/cocoa.m b/ui/cocoa.m
index ea3b845b53..4772b7f981 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -1189,6 +1189,7 @@ - (void) openDocumentation: (NSString *) filename
   path_array[index], filename];
 full_file_url = [NSURL fileURLWithPath: full_file_path
isDirectory: false];
+NSLog(@"%@", full_file_url);
 if ([[NSWorkspace sharedWorkspace] openURL: full_file_url] == YES) {
 return;
 }

And click "Help"->"QEMU Documentation". I get the following logs:
2021-01-08 23:14:15.288 qemu-system-x86_64[46165:12969383] 
file:///Users/roolebo/dev/qemu/apple-silicon/build/../share/doc/qemu/index.html
2021-01-08 23:14:15.288 qemu-system-x86_64[46165:12969383] 
file:///Users/roolebo/dev/qemu/apple-silicon/build/../doc/qemu/index.html
2021-01-08 23:14:15.288 qemu-system-x86_64[46165:12969383] 
file:///Users/roolebo/dev/qemu/apple-silicon/build/../docs/index.html

In order to get documentation on macOS. sphinx-doc has to be installed
from homebrew. The package is keg-only so sphinx-build has to be added
to PATH.

Then you can build with --enable-docs. Generated documentation resides
in the build tree after the QEMU has been switched to meson:

find . -name index.html
./build/meson-private/temp/sphinx/out/index.html
./build/docs/devel/index.html
./build/docs/tools/index.html
./build/docs/index.html
./build/docs/specs/index.html
./build/docs/interop/index.html
./build/docs/user/index.html
./build/docs/system/index.html

The problem is that the paths above don't point to docs in build tree.
The patch only fixes a warning and doesn't break existing path
resolution. The fix for out-of-tree docs is trivial:
diff --git a/ui/cocoa.m b/ui/cocoa.m
index ea3b845b53..13fba8103e 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -1176,7 +1176,7 @@ - (void)toggleFullScreen:(id)sender
 - (void) openDocumentation: (NSString *) filename
 {
 /* Where to look for local files */
-NSString *path_array[] = {@"../share/doc/qemu/", @"../doc/qemu/", 
@"../docs/"};
+NSString *path_array[] = {@"../share/doc/qemu/", @"../doc/qemu/", 
@"docs/"};
 NSString *full_file_path;
 NSURL *full_file_url;

I'll add it as a separate patch to v2.

1. 
https://ar.al/2018/09/17/workaround-for-unclickable-app-menu-bug-with-window.makekeyandorderfront-and-nsapp.activate-on-macos/

Regards,
Roman

Re: [PATCH] kvm: mirror "-machine dirty_gfn_count" to the accelerator property

2021-01-08 Thread Paolo Bonzini 

On 08/01/21 20:08, huang...@chinatelecom.cn wrote:

QEMU enable the dirty ring feature by specifing the "-accel" sub-parameter.
https://lore.kernel.org/qemu-devel/20210108165050.406906-10-pet...@redhat.com/
Libvirt use "-machine accel=kvm" option to specify the accelerator by default,
which is incompatible with above option.

This patch introduce the "dirty_gfn_count" sub-parameter of the "-machine"
in the way that the commit "23b089" has done. So that Libvirt can enable this
feature by adding "-machine dirty_gfn_count=xxx" to the QEMU command line.

Signed-off-by: Hyman 


Libvirt should switch to "-accel kvm" instead.  The "-machine" options 
for accelerators are legacy and now there is a better mechanism.  There 
will never be a version of QEMU that supports dirty ring and doesn't 
support "-accel kvm", so it's easy for Libvirt to detect when to use 
"-accel".


Paolo


---
  softmmu/vl.c   | 3 ++-
  util/qemu-config.c | 4 
  2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/softmmu/vl.c b/softmmu/vl.c
index 7ddf405..d8e3dec 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -1666,7 +1666,8 @@ static int machine_set_property(void *opaque,
  object_register_sugar_prop(ACCEL_CLASS_NAME("xen"), qom_name, value);
  return 0;
  }
-if (g_str_equal(qom_name, "kvm-shadow-mem")) {
+if (g_str_equal(qom_name, "kvm-shadow-mem") ||
+g_str_equal(qom_name, "dirty-gfn-count")) {
  object_register_sugar_prop(ACCEL_CLASS_NAME("kvm"), qom_name, value);
  return 0;
  }
diff --git a/util/qemu-config.c b/util/qemu-config.c
index e2a700b..70f1b50 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -234,6 +234,10 @@ static QemuOptsList machine_opts = {
  .help = "Up to 8 chars in set of [A-Za-z0-9. ](lower case chars"
  " converted to upper case) to pass to machine"
  " loader, boot manager, and guest kernel",
+},{
+.name = "dirty_gfn_count",
+.type = QEMU_OPT_NUMBER,
+.help = "KVM dirty ring GFN count",
  },
  { /* End of list */ }
  }

Re: qemu bsd-user plans

2021-01-08 Thread Warner Losh 
And add a couple of FreeBSD people I also forgot to CC.

Warner

On Fri, Jan 8, 2021 at 12:56 PM Peter Maydell 
wrote:

> Adding the people to the CC list who were on the previous discussion
> thread...
>
> -- PMM
>
>
> On Fri, 8 Jan 2021 at 19:43, Warner Losh  wrote:
> >
> > The FreeBSD project has rewritten bsd-user. We've been working on this
> for quite some time (the earliest commits date from 2013). Maybe a dozen
> people have worked on this over time, and there's 3 or 4 active developers
> focused on FreeBSD changes at the moment.
> >
> > For a while, we'd merge in upstream changes from qemu. This worked great
> for us, but left us with a big backlog that was hard to upstream. Each of
> the updates took some time, so we got a little behind.
> >
> > So, a few years ago, I spent several weeks converting the tangled merge
> mess into a set of linear patches and started moving that forward. This was
> around the time 4.0 was released. I only managed to get the rebase forward
> to 3.1 release at the time before I hit problems related to poor testing
> environment making it hard to verify newer versions were still working.
> Plus, we found a few bugs that took a while to resolve for a number of
> reasons. Now that they are resolved, we're able to use qemu-bsd-user to
> build ~30k packages for arm, and ~20k for different types of mips in
> FreeBSD "ports" system. We now have great confidence that it's working well
> again.
> >
> > Now that those bugs are resolved, I started trying to forward-port the
> two-year-old base and immediately found myself hitting a number of
> problems. A big problem was that I was re-doing a lot of work that was due
> to innoculous changes upstream that I wouldn't have to do if the bsd-user
> changes were upstream. These changes get in the way of dealing with the
> more substantial structural changes in qemu that have happened.
> >
> > There had been talk of doing a remove and replace update of bsd-user.
> This talk was before I managed to rebase things as far forward as 3.1 even.
> This appealed to me because we've accumulated about 150 patches to date,
> many quite large, and curating them into a set of maybe 400 or 500 changes
> to match the size and scope of most patches I've seen posted to qemu-devel
> seemed overwhelming.
> >
> > However, it's been another year since that plan was hatched, and it's
> become clear to me that plan won't end in success. The closest I've been
> able to get is 3.1 when 4.1 was current (about 6 months behind). It's time
> for a new plan.
> >
> > So, my new plan is to rebase what changes I can to the tip of master and
> submit those for review. I'll work with the developers on the FreeBSD side
> to ensure they are included in reviews in addition to the normal qemu-devel
> list. This will allow us to pare down the deltas between our code and
> upstream to allow us to make progress. The changes will be held to the
> standard 'makes things better'. Given how broken bsd-user is today in qemu
> upstream, at first that will a very easy standard to make.
> >
> > The first patch I'll submit will be changing MAINTAINERS to point to me,
> since I'm acting as the point person in this effort. I'll then re-submit
> some other changes that I've submitted in the past, but CC the FreeBSD
> folks that are currently active (they were only CC'd to former developers
> who lack the time to review).
> >
> > But before I get too far down this path, I thought I'd send out what's
> going on to qemu-devel so I can get feedback and adjust the plan into
> something that's mutually agreeable so time I put towards this is not
> wasted.
> >
> > So, what do people think of these plans?
> >
> > Warner
>

[Bug 1909921] Re: Raspberry Pi 4 qemu:handle_cpu_signal received signal outside vCPU context @ pc=0xffff87709b0e

2021-01-08 Thread Snoobz 
Hello,

I would really appreciate if anyone could confirm that someone is
actually taking a look at this case.

If you need more information / test, again feel free to ask!

Regards,

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1909921

Title:
   Raspberry Pi 4 qemu:handle_cpu_signal received signal outside vCPU
  context @ pc=0x87709b0e

Status in QEMU:
  New

Bug description:
  Hello,

  I have a Raspberry Pi 4 with an ESXi hypervisor installed on it (ESXi ARM 
Edition).
  I created a CentOS 7 VM on it and I'm using a Docker container which is 
running qemu inside it.

  This container is a Debian Bullseye OS and I'm using qemu-i386 to start my 
application inside it.
  The error given by qemu is the following :

  qemu:handle_cpu_signal received signal outside vCPU context @ 
pc=0x9d5f9b0e
  qemu:handle_cpu_signal received signal outside vCPU context @ 
pc=0x82f29b0e

  (The pc= value is always different, I guess it is randomly generated).

  My qemu version is : qemu-i386 version 5.1.0 (Debian 1:5.1+dfsg-4+b1)

  Could you please help me? Why am I facing this error?

  Feel free to ask any questions regarding this matter in order to find
  a solution to it!

  Regards

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1909921/+subscriptions

Re: [PATCH] target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns

2021-01-08 Thread Richard Henderson 
On 1/8/21 9:51 AM, Peter Maydell wrote:
> In commit cd8be50e58f63413c0 we converted the A32 coprocessor
> insns to decodetree. This accidentally broke XScale/iWMMXt insns,
> because it moved the handling of "cp insns which are handled
> by looking up the cp register in the hashtable" from after the
> call to the legacy disas_xscale_insn() decode to before it,
> with the result that all XScale/iWMMXt insns now UNDEF.
> 
> Update valid_cp() so that it knows that on XScale cp 0 and 1
> are not standard coprocessor instructions; this will cause
> the decodetree trans_ functions to ignore them, so that
> execution will correctly get through to the legacy decode again.
> 
> Cc: qemu-sta...@nongnu.org
> Reported-by: Guenter Roeck 
> Signed-off-by: Peter Maydell 
> ---
> With this Guenter's test image now successfully boots
> and shuts down again.
> ---

Reviewed-by: Richard Henderson 

r~

Re: [PATCH] meson: Propagate gnutls dependency

2021-01-08 Thread Paolo Bonzini 

On 08/01/21 20:29, Roman Bolshakov wrote:

Paolo,

I tried to use extract_all_objects() to get all object files directly
but it doesn't work on dependency objects defined via
declare_dependency(). It works only on regular targets (libs and
executables). And as far as I understand the intention to have
declare_dependency() in QEMU was to specify public interface to avoid
some duplication. But meson doesn't have public/private notion for build
targets so if we drop declare_dependency we need to specify link_whole
in every user of a library that's had link_whole: declare_dependency()
and build files would become less lean. So I'm not sure how to proceed.


Yes, that was just saying that the code was _in Meson_ but it still 
needs a change to the ninja backend.



The proposed patch (in the subject) is the still the best we've got so
far that fixes macOS build immediately without much bigger wrestling
with meson.


Yes, I'm going to queue it.

Paolo

Re: pxa crashes with qemu v5.2 when executing xscale operations

2021-01-08 Thread Peter Maydell 
On Mon, 21 Dec 2020 at 15:24, Philippe Mathieu-Daudé  wrote:
> On 12/21/20 6:28 AM, Guenter Roeck wrote:
> >   84: ec432000mar acc0, r2, r3
> > 
> >
> > This is supposed to be a DSP or iWMMXt coprocessor instruction.
> > I did notice that the code to support xscale instructions has changed 
> > significantly
> > in qemu v5.2.
>
> Indeed a lot changed...
>
> I had a quick look. The instruction is decoded in aa32 as LDR_ri.

It isn't, incidentally. LDR_ri has 010 in bits [27:25], and this
insn has 110.

thanks
-- PMM

Re: qemu bsd-user plans

2021-01-08 Thread Peter Maydell 
Adding the people to the CC list who were on the previous discussion thread...

-- PMM


On Fri, 8 Jan 2021 at 19:43, Warner Losh  wrote:
>
> The FreeBSD project has rewritten bsd-user. We've been working on this for 
> quite some time (the earliest commits date from 2013). Maybe a dozen people 
> have worked on this over time, and there's 3 or 4 active developers focused 
> on FreeBSD changes at the moment.
>
> For a while, we'd merge in upstream changes from qemu. This worked great for 
> us, but left us with a big backlog that was hard to upstream. Each of the 
> updates took some time, so we got a little behind.
>
> So, a few years ago, I spent several weeks converting the tangled merge mess 
> into a set of linear patches and started moving that forward. This was around 
> the time 4.0 was released. I only managed to get the rebase forward to 3.1 
> release at the time before I hit problems related to poor testing environment 
> making it hard to verify newer versions were still working. Plus, we found a 
> few bugs that took a while to resolve for a number of reasons. Now that they 
> are resolved, we're able to use qemu-bsd-user to build ~30k packages for arm, 
> and ~20k for different types of mips in FreeBSD "ports" system. We now have 
> great confidence that it's working well again.
>
> Now that those bugs are resolved, I started trying to forward-port the 
> two-year-old base and immediately found myself hitting a number of problems. 
> A big problem was that I was re-doing a lot of work that was due to 
> innoculous changes upstream that I wouldn't have to do if the bsd-user 
> changes were upstream. These changes get in the way of dealing with the more 
> substantial structural changes in qemu that have happened.
>
> There had been talk of doing a remove and replace update of bsd-user. This 
> talk was before I managed to rebase things as far forward as 3.1 even. This 
> appealed to me because we've accumulated about 150 patches to date, many 
> quite large, and curating them into a set of maybe 400 or 500 changes to 
> match the size and scope of most patches I've seen posted to qemu-devel 
> seemed overwhelming.
>
> However, it's been another year since that plan was hatched, and it's become 
> clear to me that plan won't end in success. The closest I've been able to get 
> is 3.1 when 4.1 was current (about 6 months behind). It's time for a new plan.
>
> So, my new plan is to rebase what changes I can to the tip of master and 
> submit those for review. I'll work with the developers on the FreeBSD side to 
> ensure they are included in reviews in addition to the normal qemu-devel 
> list. This will allow us to pare down the deltas between our code and 
> upstream to allow us to make progress. The changes will be held to the 
> standard 'makes things better'. Given how broken bsd-user is today in qemu 
> upstream, at first that will a very easy standard to make.
>
> The first patch I'll submit will be changing MAINTAINERS to point to me, 
> since I'm acting as the point person in this effort. I'll then re-submit some 
> other changes that I've submitted in the past, but CC the FreeBSD folks that 
> are currently active (they were only CC'd to former developers who lack the 
> time to review).
>
> But before I get too far down this path, I thought I'd send out what's going 
> on to qemu-devel so I can get feedback and adjust the plan into something 
> that's mutually agreeable so time I put towards this is not wasted.
>
> So, what do people think of these plans?
>
> Warner

Re: pxa crashes with qemu v5.2 when executing xscale operations

2021-01-08 Thread Peter Maydell 
On Fri, 8 Jan 2021 at 18:56, Guenter Roeck  wrote:
>
> On 1/8/21 9:25 AM, Peter Maydell wrote:
> > On Mon, 21 Dec 2020 at 16:01, Guenter Roeck  wrote:
> >> Something like the following should do.
> >>
> >> qemu-system-arm -M z2 -kernel arch/arm/boot/zImage -no-reboot \
> >> -initrd rootfs-armv5.cpio \
> >> --append "rdinit=/sbin/init console=ttyS0" \
> >> -nographic -monitor null -serial stdio
> >>
> >> where the kernel is built with pxa_defconfig.
> >> Machine name can be any of the pxa machines (akita, borzoi, spitz,
> >> tosa, terrier, z2, or mainstone). The initrd is from:
> >> https://github.com/groeck/linux-build-test/blob/master/rootfs/arm/rootfs-armv5.cpio.gz
> >
> > Do you have a zImage that exhibits this so I don't have to build
> > my own, please?
> >
>
> Attached.

Thanks. Yeah, this is a bug in my refactoring of the coprocessor
insn handling :-(  I've just sent a patch which fixes it.

-- PMM

[PATCH] target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns

2021-01-08 Thread Peter Maydell 
In commit cd8be50e58f63413c0 we converted the A32 coprocessor
insns to decodetree. This accidentally broke XScale/iWMMXt insns,
because it moved the handling of "cp insns which are handled
by looking up the cp register in the hashtable" from after the
call to the legacy disas_xscale_insn() decode to before it,
with the result that all XScale/iWMMXt insns now UNDEF.

Update valid_cp() so that it knows that on XScale cp 0 and 1
are not standard coprocessor instructions; this will cause
the decodetree trans_ functions to ignore them, so that
execution will correctly get through to the legacy decode again.

Cc: qemu-sta...@nongnu.org
Reported-by: Guenter Roeck 
Signed-off-by: Peter Maydell 
---
With this Guenter's test image now successfully boots
and shuts down again.
---
 target/arm/translate.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index f5acd32e76a..528b93dffa2 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -5282,7 +5282,14 @@ static bool valid_cp(DisasContext *s, int cp)
  * only cp14 and cp15 are valid, and other values aren't considered
  * to be in the coprocessor-instruction space at all. v8M still
  * permits coprocessors 0..7.
+ * For XScale, we must not decode the XScale cp0, cp1 space as
+ * a standard coprocessor insn, because we want to fall through to
+ * the legacy disas_xscale_insn() decoder after decodetree is done.
  */
+if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cp == 0 || cp == 1)) {
+return false;
+}
+
 if (arm_dc_feature(s, ARM_FEATURE_V8) &&
 !arm_dc_feature(s, ARM_FEATURE_M)) {
 return cp >= 14;
-- 
2.20.1

Re: [PATCH] meson: Propagate gnutls dependency

2021-01-08 Thread Roman Bolshakov 
On Thu, Jan 07, 2021 at 08:41:50PM +0100, Paolo Bonzini wrote:
> Il gio 7 gen 2021, 20:36 Roman Bolshakov  ha scritto:
> 
> > > No I think that Meson should simply explode link_whole libraries to their
> > > constituent objects.  This way duplicates are avoided.
> > >
> >
> > Ok. I've looked through related changes in meson and it flattens object
> > files implicitly for link_with/link_whole parameters of static_library:
> >
> >   https://github.com/mesonbuild/meson/pull/6030/files
> >
> > But qemu adds dependencies to source set and populates dependencies
> > parameter of static_library and declare_dependency and we get duplicate
> > symbols:
> >
> >   https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg00411.html
> >
> > Perhaps it's a bug then.
> >
> 
> No, the same deduplication is not done for executables, because executables
> use libraries directly and not their object files.
> 

Paolo,

I tried to use extract_all_objects() to get all object files directly
but it doesn't work on dependency objects defined via
declare_dependency(). It works only on regular targets (libs and
executables). And as far as I understand the intention to have
declare_dependency() in QEMU was to specify public interface to avoid
some duplication. But meson doesn't have public/private notion for build
targets so if we drop declare_dependency we need to specify link_whole
in every user of a library that's had link_whole: declare_dependency()
and build files would become less lean. So I'm not sure how to proceed.

The proposed patch (in the subject) is the still the best we've got so
far that fixes macOS build immediately without much bigger wrestling
with meson.

-Roman

Re: [PATCH v2 0/4] s390x/tcg: fix booting Linux kernels compiled with clang-11 and clang-12

2021-01-08 Thread Guenter Roeck 
On 1/8/21 5:20 AM, David Hildenbrand wrote:
> This series fixes booting current upstream Linux kernel compiled by
> clang-11 and clang-12 under TCG.
> 
> Decided to pull in already separatly sent patches. The last patch is
> not required to fix the boot issues, but related to patch #3.
> 
> Latest version of the patches available at:
> g...@github.com:davidhildenbrand/qemu.git clang
> 
> v1 -> v2:
> - Add 's390x/tcg: Don't ignore content in r0 when not specified via "b" or
>   "x"'
> - Add 's390x/tcg: Ignore register content if b1/b2 is zero when handling
>   EXEUTE'
> - "s390x/tcg: Fix ALGSI"
> -- Fixup subject
> - "s390x/tcg: Fix RISBHG"
> -- Rephrase description, stating that it fixes clang-11
> 
> David Hildenbrand (4):
>   s390x/tcg: Fix ALGSI
>   s390x/tcg: Fix RISBHG
>   s390x/tcg: Only ignore content in r0 when specified via "b" or "x"
>   s390x/tcg: Ignore register content if b1/b2 is zero when handling
> EXECUTE
> 
>  target/s390x/insn-data.def | 10 +-
>  target/s390x/mem_helper.c  |  4 ++--
>  target/s390x/translate.c   | 33 +
>  3 files changed, 24 insertions(+), 23 deletions(-)
> 

FWIW, for the series, with gcc 8.3.0 and 10.2.0, booting Linux kernel
v5.11-rc2-178-gf5e6c330254a:

Tested-by: Guenter Roeck 

Guenter

Re: [PATCH v2 4/4] s390x/tcg: Ignore register content if b1/b2 is zero when handling EXECUTE

2021-01-08 Thread Richard Henderson 
On 1/8/21 3:20 AM, David Hildenbrand wrote:
> In our EXECUTE fast path, we have to ignore the content of r0, if
> specified by b1 or b2.
> 
> Fixes: d376f123c7de ("target/s390x: Re-implement a few EXECUTE target insns 
> directly")
> Signed-off-by: David Hildenbrand 
> ---
>  target/s390x/mem_helper.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 3/4] s390x/tcg: Only ignore content in r0 when specified via "b" or "x"

2021-01-08 Thread Richard Henderson 
On 1/8/21 3:20 AM, David Hildenbrand wrote:
> Using get_address() with register identifiers comming from an "r" field
> is wrong: if the "r" field designates "r0", we don't read the content
> and instead assume 0 - which should only be applied when the register
> was specified via "b" or "x".
> 
> PoP 5-11 "Operand-Address Generation":
>   "A zero in any of the B1, B2, X2, B3, or B4 fields indicates the absence
>of the corresponding address component. For the absent component, a zero
>is used in forming the intermediate sum, regardless of the contents of
>general register 0. A displacement of zero has no special significance."
> 
> This BUG became visible for CSPG as generated by LLVM-12 in the upstream
> Linux kernel (v5.11-rc2), used while creating the linear mapping in
> vmem_map_init(): Trying to store to address 0 results in a Low Address
> Protection exception.
> 
> Debugging this was more complicated than it could have been: The program
> interrupt handler in the kernel will try to crash the kernel: doing so, it
> will enable DAT. As the linear mapping is not created yet (asce=0), we run
> into an addressing exception while tring to walk non-existant DAT tables,
> resulting in a program exception loop.
> 
> This allows for booting upstream Linux kernels compiled by clang-12. Most
> of these cases seem to be broken forever.
> 
> Reported-by: Nick Desaulniers 
> Cc: Guenter Roeck 
> Cc: Christian Borntraeger 
> Cc: Heiko Carstens 
> Signed-off-by: David Hildenbrand 
> ---
>  target/s390x/insn-data.def |  8 
>  target/s390x/translate.c   | 15 +--
>  2 files changed, 13 insertions(+), 10 deletions(-)

Reviewed-by: Richard Henderson 

r~

qemu bsd-user plans

2021-01-08 Thread Warner Losh 
The FreeBSD project has rewritten bsd-user. We've been working on this for
quite some time (the earliest commits date from 2013). Maybe a dozen people
have worked on this over time, and there's 3 or 4 active developers focused
on FreeBSD changes at the moment.

For a while, we'd merge in upstream changes from qemu. This worked great
for us, but left us with a big backlog that was hard to upstream. Each of
the updates took some time, so we got a little behind.

So, a few years ago, I spent several weeks converting the tangled merge
mess into a set of linear patches and started moving that forward. This was
around the time 4.0 was released. I only managed to get the rebase forward
to 3.1 release at the time before I hit problems related to poor testing
environment making it hard to verify newer versions were still working.
Plus, we found a few bugs that took a while to resolve for a number of
reasons. Now that they are resolved, we're able to use qemu-bsd-user to
build ~30k packages for arm, and ~20k for different types of mips in
FreeBSD "ports" system. We now have great confidence that it's working well
again.

Now that those bugs are resolved, I started trying to forward-port the
two-year-old base and immediately found myself hitting a number of
problems. A big problem was that I was re-doing a lot of work that was due
to innoculous changes upstream that I wouldn't have to do if the bsd-user
changes were upstream. These changes get in the way of dealing with the
more substantial structural changes in qemu that have happened.

There had been talk of doing a remove and replace update of bsd-user. This
talk was before I managed to rebase things as far forward as 3.1 even. This
appealed to me because we've accumulated about 150 patches to date, many
quite large, and curating them into a set of maybe 400 or 500 changes to
match the size and scope of most patches I've seen posted to qemu-devel
seemed overwhelming.

However, it's been another year since that plan was hatched, and it's
become clear to me that plan won't end in success. The closest I've been
able to get is 3.1 when 4.1 was current (about 6 months behind). It's time
for a new plan.

So, my new plan is to rebase what changes I can to the tip of master and
submit those for review. I'll work with the developers on the FreeBSD side
to ensure they are included in reviews in addition to the normal qemu-devel
list. This will allow us to pare down the deltas between our code and
upstream to allow us to make progress. The changes will be held to the
standard 'makes things better'. Given how broken bsd-user is today in qemu
upstream, at first that will a very easy standard to make.

The first patch I'll submit will be changing MAINTAINERS to point to me,
since I'm acting as the point person in this effort. I'll then re-submit
some other changes that I've submitted in the past, but CC the FreeBSD
folks that are currently active (they were only CC'd to former developers
who lack the time to review).

But before I get too far down this path, I thought I'd send out what's
going on to qemu-devel so I can get feedback and adjust the plan into
something that's mutually agreeable so time I put towards this is not
wasted.

So, what do people think of these plans?

Warner

Re: [PATCH v2 2/4] s390x/tcg: Fix RISBHG

2021-01-08 Thread Richard Henderson 
On 1/8/21 3:20 AM, David Hildenbrand wrote:
> RISBHG is broken and currently hinders clang-11 builds of upstream kernels
> from booting: the kernel crashes early, while decompressing the image.
> 
>   [...]
>Kernel fault: interruption code 0005 ilc:2
>Kernel random base: 
>PSW : 20018000 00017a1e
>  R:0 T:0 IO:0 EX:0 Key:0 M:0 W:0 P:0 AS:0 CC:2 PM:0 RI:0 EA:3
>GPRS: 0001 000c 0003fff4 fff0
>   fff4 000c fff0
>  fffc  fff8 008e25a8
>  0009 0002 0008 bce0
> 
> One example of a buggy instruction is:
> 
> 17dde:   ec 1e 00 9f 20 5d   risbhg  %r1,%r14,0,159,32
> 
> With %r14 = 0x9 and %r1 = 0x7 should result in %r1 = 0x90007, however,
> results in %r1 = 0.
> 
> Let's interpret values of i3/i4 as documented in the PoP and make
> computation of "mask" only based on i3 and i4 and use "pmask" only at the
> very end to make sure wrapping is only applied to the high/low doubleword.
> 
> With this patch, I can successfully boot a v5.11-rc2 kernel built with
> clang-11, and gcc builds keep on working.
> 
> Fixes: 2d6a869833d9 ("target-s390: Implement RISBG")
> Reported-by: Nick Desaulniers 
> Cc: Guenter Roeck 
> Cc: Christian Borntraeger 
> Signed-off-by: David Hildenbrand 
> ---
>  target/s390x/translate.c | 18 --
>  1 file changed, 8 insertions(+), 10 deletions(-)

Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 1/4] s390x/tcg: Fix ALGSI

2021-01-08 Thread Richard Henderson 
On 1/8/21 3:20 AM, David Hildenbrand wrote:
> Looks like something went wrong whiel touching that line. Instead of "r1"
> we need a new temporary. Also, we have to pass MO_TEQ, to indicate that
> we are working with 64-bit values. Let's revert these changes.
> 
> Fixes: ff26d287bddc ("target/s390x: Improve cc computation for ADD LOGICAL")
> Signed-off-by: David Hildenbrand 
> ---
>  target/s390x/insn-data.def | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Oops.  Sorry about that.

Reviewed-by: Richard Henderson 

r~

[Bug 1904954] Re: lan9118 bug peeked received message size not equal to actual received message size

2021-01-08 Thread Peter Maydell 
** Changed in: qemu
   Status: New => In Progress

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1904954

Title:
  lan9118 bug peeked received message size not equal to actual received
  message size

Status in QEMU:
  In Progress

Bug description:
  peeked message size is not equal to read message size

  Bug in the code at line:
  https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209

  s->tx_status_fifo_head should be s->rx_status_fifo_head

  Could also be a security bug, as the user could allocate a buffer of
  size peeked data smaller than the actual packet received, which could
  cause a buffer overflow.

  Thanks,

  Alfred

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1904954/+subscriptions

[PATCH v5 4/6] hw/misc: Add a PWM module for NPCM7XX

2021-01-08 Thread Hao Wu via 
The PWM module is part of NPCM7XX module. Each NPCM7XX module has two
identical PWM modules. Each module contains 4 PWM entries. Each PWM has
two outputs: frequency and duty_cycle. Both are computed using inputs
from software side.

This module does not model detail pulse signals since it is expensive.
It also does not model interrupts and watchdogs that are dependant on
the detail models. The interfaces for these are left in the module so
that anyone in need for these functionalities can implement on their
own.

The user can read the duty cycle and frequency using qom-get command.

Reviewed-by: Havard Skinnemoen 
Reviewed-by: Tyrone Ting 
Signed-off-by: Hao Wu 
---
 docs/system/arm/nuvoton.rst   |   2 +-
 hw/arm/npcm7xx.c  |  26 +-
 hw/misc/meson.build   |   1 +
 hw/misc/npcm7xx_pwm.c | 550 ++
 hw/misc/trace-events  |   6 +
 include/hw/arm/npcm7xx.h  |   2 +
 include/hw/misc/npcm7xx_pwm.h | 105 +++
 7 files changed, 689 insertions(+), 3 deletions(-)
 create mode 100644 hw/misc/npcm7xx_pwm.c
 create mode 100644 include/hw/misc/npcm7xx_pwm.h

diff --git a/docs/system/arm/nuvoton.rst b/docs/system/arm/nuvoton.rst
index 35829f8d0b..a1786342e2 100644
--- a/docs/system/arm/nuvoton.rst
+++ b/docs/system/arm/nuvoton.rst
@@ -42,6 +42,7 @@ Supported devices
  * USB host (USBH)
  * GPIO controller
  * Analog to Digital Converter (ADC)
+ * Pulse Width Modulation (PWM)
 
 Missing devices
 ---
@@ -61,7 +62,6 @@ Missing devices
  * Peripheral SPI controller (PSPI)
  * SD/MMC host
  * PECI interface
- * Pulse Width Modulation (PWM)
  * Tachometer
  * PCI and PCIe root complex and bridges
  * VDM and MCTP support
diff --git a/hw/arm/npcm7xx.c b/hw/arm/npcm7xx.c
index b22a8c966d..72040d4079 100644
--- a/hw/arm/npcm7xx.c
+++ b/hw/arm/npcm7xx.c
@@ -102,6 +102,8 @@ enum NPCM7xxInterrupt {
 NPCM7XX_WDG2_IRQ,   /* Timer Module 2 Watchdog */
 NPCM7XX_EHCI_IRQ= 61,
 NPCM7XX_OHCI_IRQ= 62,
+NPCM7XX_PWM0_IRQ= 93,   /* PWM module 0 */
+NPCM7XX_PWM1_IRQ,   /* PWM module 1 */
 NPCM7XX_GPIO0_IRQ   = 116,
 NPCM7XX_GPIO1_IRQ,
 NPCM7XX_GPIO2_IRQ,
@@ -144,6 +146,12 @@ static const hwaddr npcm7xx_fiu3_flash_addr[] = {
 0xb800, /* CS3 */
 };
 
+/* Register base address for each PWM Module */
+static const hwaddr npcm7xx_pwm_addr[] = {
+0xf0103000,
+0xf0104000,
+};
+
 static const struct {
 hwaddr regs_addr;
 uint32_t unconnected_pins;
@@ -353,6 +361,10 @@ static void npcm7xx_init(Object *obj)
 object_initialize_child(obj, npcm7xx_fiu[i].name, >fiu[i],
 TYPE_NPCM7XX_FIU);
 }
+
+for (i = 0; i < ARRAY_SIZE(s->pwm); i++) {
+object_initialize_child(obj, "pwm[*]", >pwm[i], TYPE_NPCM7XX_PWM);
+}
 }
 
 static void npcm7xx_realize(DeviceState *dev, Error **errp)
@@ -513,6 +525,18 @@ static void npcm7xx_realize(DeviceState *dev, Error **errp)
 sysbus_connect_irq(SYS_BUS_DEVICE(>ohci), 0,
npcm7xx_irq(s, NPCM7XX_OHCI_IRQ));
 
+/* PWM Modules. Cannot fail. */
+QEMU_BUILD_BUG_ON(ARRAY_SIZE(npcm7xx_pwm_addr) != ARRAY_SIZE(s->pwm));
+for (i = 0; i < ARRAY_SIZE(s->pwm); i++) {
+SysBusDevice *sbd = SYS_BUS_DEVICE(>pwm[i]);
+
+qdev_connect_clock_in(DEVICE(>pwm[i]), "clock", qdev_get_clock_out(
+DEVICE(>clk), "apb3-clock"));
+sysbus_realize(sbd, _abort);
+sysbus_mmio_map(sbd, 0, npcm7xx_pwm_addr[i]);
+sysbus_connect_irq(sbd, i, npcm7xx_irq(s, NPCM7XX_PWM0_IRQ + i));
+}
+
 /*
  * Flash Interface Unit (FIU). Can fail if incorrect number of chip selects
  * specified, but this is a programming error.
@@ -580,8 +604,6 @@ static void npcm7xx_realize(DeviceState *dev, Error **errp)
 create_unimplemented_device("npcm7xx.peci", 0xf010,   4 * KiB);
 create_unimplemented_device("npcm7xx.siox[1]",  0xf0101000,   4 * KiB);
 create_unimplemented_device("npcm7xx.siox[2]",  0xf0102000,   4 * KiB);
-create_unimplemented_device("npcm7xx.pwm[0]",   0xf0103000,   4 * KiB);
-create_unimplemented_device("npcm7xx.pwm[1]",   0xf0104000,   4 * KiB);
 create_unimplemented_device("npcm7xx.mft[0]",   0xf018,   4 * KiB);
 create_unimplemented_device("npcm7xx.mft[1]",   0xf0181000,   4 * KiB);
 create_unimplemented_device("npcm7xx.mft[2]",   0xf0182000,   4 * KiB);
diff --git a/hw/misc/meson.build b/hw/misc/meson.build
index ce15ffceb9..607cd38a21 100644
--- a/hw/misc/meson.build
+++ b/hw/misc/meson.build
@@ -64,6 +64,7 @@ softmmu_ss.add(when: 'CONFIG_MAINSTONE', if_true: 
files('mst_fpga.c'))
 softmmu_ss.add(when: 'CONFIG_NPCM7XX', if_true: files(
   'npcm7xx_clk.c',
   'npcm7xx_gcr.c',
+  'npcm7xx_pwm.c',
   'npcm7xx_rng.c',
 ))
 softmmu_ss.add(when: 'CONFIG_OMAP', if_true: files(
diff --git a/hw/misc/npcm7xx_pwm.c

Re: [PATCH v1] s390x/tcg: Fix RISBHG

2021-01-08 Thread Nick Desaulniers via 
On Fri, Jan 8, 2021 at 1:45 AM David Hildenbrand  wrote:
>
> On 08.01.21 03:20, Nick Desaulniers wrote:
> > On Thu, Jan 7, 2021 at 3:27 PM David Hildenbrand  
> > wrote:
> >>
> >>
> >>> Am 08.01.2021 um 00:21 schrieb Nick Desaulniers :
> >>>
> >>> On Thu, Jan 7, 2021 at 3:13 PM David Hildenbrand  
> >>> wrote:
> 
>  RISBHG is broken and currently hinders clang builds of upstream kernels
>  from booting: the kernel crashes early, while decompressing the image.
> 
>   [...]
>    Kernel fault: interruption code 0005 ilc:2
>    Kernel random base: 
>    PSW : 20018000 00017a1e
>  R:0 T:0 IO:0 EX:0 Key:0 M:0 W:0 P:0 AS:0 CC:2 PM:0 RI:0 EA:3
>    GPRS: 0001 000c 0003fff4 
>  fff0
>   fff4 000c 
>  fff0
>  fffc  fff8 
>  008e25a8
>  0009 0002 0008 
>  bce0
> 
>  One example of a buggy instruction is:
> 
> 17dde:   ec 1e 00 9f 20 5d   risbhg  %r1,%r14,0,159,32
> 
>  With %r14 = 0x9 and %r1 = 0x7 should result in %r1 = 0x90007, 
>  however,
>  results in %r1 = 0.
> 
>  Let's interpret values of i3/i4 as documented in the PoP and make
>  computation of "mask" only based on i3 and i4 and use "pmask" only at the
>  very end to make sure wrapping is only applied to the high/low 
>  doubleword.
> 
>  With this patch, I can successfully boot a v5.10 kernel built with
>  clang, and gcc builds keep on working.
> 
>  Fixes: 2d6a869833d9 ("target-s390: Implement RISBG")
>  Reported-by: Nick Desaulniers 
>  Cc: Guenter Roeck 
>  Cc: Christian Borntraeger 
>  Signed-off-by: David Hildenbrand 
>  ---
> 
>  This BUG was a nightmare to debug and the code a nightmare to understand.
> 
>  To make clang/gcc builds boot, the following fix is required as well on
>  top of current master: "[PATCH] target/s390x: Fix ALGSI"
>  https://lkml.kernel.org/r/20210107202135.52379-1-da...@redhat.com
> >>>
> >>> In that case, a huge thank you!!! for this work! ++beers_owed.
> >>>
> >>
> >> :) a kernel build for z13 should work with the (default) „-cpu qemu“ cpu 
> >> type.
> >
> > Hmm...so I don't think clang can build a Linux kernel image with
> > CONFIG_MARCH_Z13=y just yet; just defconfig.  Otherwise looks like
> > clang barfs on some of the inline asm constraints.
> >
>
> Ah, right. I overwrote my manual config by a temporary defconfig :)
>
>
> So, I'm on x86-64 F33.
>
> clang version 11.0.0 (Fedora 11.0.0-2.fc33)
> LLVM version 11.0.0
>
> I cannot directly use "LLVM=1" for cross-compilation, as I keep getting
> "error: unknown emulation: elf64_s390" from ld.lld and "error: invalid
> output format: 'elf64-s390'" from llvm-objcopy. I assume that's fixed in
> llvm12?

Right, I suspect that even if ld.lld understood that emulation mode
target, it would still fail due to lack of big endian support.  We've
been building with simply `CC=clang` for s390 linux kernels.
Via: https://www.kernel.org/doc/html/latest/kbuild/llvm.html#llvm-utilities
we usually start with `make CC=clang` then work our way up to `make
LLVM=1`.  So you shouldn't need the below patching, just use
`CC=clang`.

>
> 1. I patch around it (strange, I remember CC= .. used to work, but it no
> longer does)
>
> ---
>
> index e30cf02da8b8..89c57062ed5d 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -427,13 +427,13 @@ KBUILD_HOSTLDLIBS   := $(HOST_LFS_LIBS) $(HOSTLDLIBS)
>  CPP= $(CC) -E
>  ifneq ($(LLVM),)
>  CC = clang
> -LD = ld.lld
> -AR = llvm-ar
> -NM = llvm-nm
> -OBJCOPY= llvm-objcopy
> -OBJDUMP= llvm-objdump
> -READELF= llvm-readelf
> -STRIP  = llvm-strip
> +LD = $(CROSS_COMPILE)ld
> +AR = $(CROSS_COMPILE)ar
> +NM = $(CROSS_COMPILE)nm
> +OBJCOPY= $(CROSS_COMPILE)objcopy
> +OBJDUMP= $(CROSS_COMPILE)objdump
> +READELF= $(CROSS_COMPILE)readelf
> +STRIP  = $(CROSS_COMPILE)strip
>  else
>  CC = $(CROSS_COMPILE)gcc
>  LD = $(CROSS_COMPILE)ld
>
> ---

Pulling from your github branch, everything looks good; buildroot
support looks good. I'll wire this up to our CI so that we can help
report regressions!
-- 
Thanks,
~Nick Desaulniers

[PATCH] kvm: mirror "-machine dirty_gfn_count" to the accelerator property

2021-01-08 Thread huangy81 
QEMU enable the dirty ring feature by specifing the "-accel" sub-parameter.
https://lore.kernel.org/qemu-devel/20210108165050.406906-10-pet...@redhat.com/
Libvirt use "-machine accel=kvm" option to specify the accelerator by default,
which is incompatible with above option.

This patch introduce the "dirty_gfn_count" sub-parameter of the "-machine"
in the way that the commit "23b089" has done. So that Libvirt can enable this
feature by adding "-machine dirty_gfn_count=xxx" to the QEMU command line.

Signed-off-by: Hyman 
---
 softmmu/vl.c   | 3 ++-
 util/qemu-config.c | 4 
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/softmmu/vl.c b/softmmu/vl.c
index 7ddf405..d8e3dec 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -1666,7 +1666,8 @@ static int machine_set_property(void *opaque,
 object_register_sugar_prop(ACCEL_CLASS_NAME("xen"), qom_name, value);
 return 0;
 }
-if (g_str_equal(qom_name, "kvm-shadow-mem")) {
+if (g_str_equal(qom_name, "kvm-shadow-mem") ||
+g_str_equal(qom_name, "dirty-gfn-count")) {
 object_register_sugar_prop(ACCEL_CLASS_NAME("kvm"), qom_name, value);
 return 0;
 }
diff --git a/util/qemu-config.c b/util/qemu-config.c
index e2a700b..70f1b50 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -234,6 +234,10 @@ static QemuOptsList machine_opts = {
 .help = "Up to 8 chars in set of [A-Za-z0-9. ](lower case chars"
 " converted to upper case) to pass to machine"
 " loader, boot manager, and guest kernel",
+},{
+.name = "dirty_gfn_count",
+.type = QEMU_OPT_NUMBER,
+.help = "KVM dirty ring GFN count",
 },
 { /* End of list */ }
 }
-- 
1.8.3.1

[PATCH v5 5/6] hw/misc: Add QTest for NPCM7XX PWM Module

2021-01-08 Thread Hao Wu via 
We add a qtest for the PWM in the previous patch. It proves it works as
expected.

Reviewed-by: Havard Skinnemoen 
Reviewed-by: Tyrone Ting 
Signed-off-by: Hao Wu 
Reviewed-by: Peter Maydell 
---
 tests/qtest/meson.build|   1 +
 tests/qtest/npcm7xx_pwm-test.c | 490 +
 2 files changed, 491 insertions(+)
 create mode 100644 tests/qtest/npcm7xx_pwm-test.c

diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index 955710d1c5..0b5467f084 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -136,6 +136,7 @@ qtests_sparc64 = \
 qtests_npcm7xx = \
   ['npcm7xx_adc-test',
'npcm7xx_gpio-test',
+   'npcm7xx_pwm-test',
'npcm7xx_rng-test',
'npcm7xx_timer-test',
'npcm7xx_watchdog_timer-test']
diff --git a/tests/qtest/npcm7xx_pwm-test.c b/tests/qtest/npcm7xx_pwm-test.c
new file mode 100644
index 00..33fbdf5f54
--- /dev/null
+++ b/tests/qtest/npcm7xx_pwm-test.c
@@ -0,0 +1,490 @@
+/*
+ * QTests for Nuvoton NPCM7xx PWM Modules.
+ *
+ * Copyright 2020 Google LLC
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bitops.h"
+#include "libqos/libqtest.h"
+#include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qnum.h"
+
+#define REF_HZ  2500
+
+/* Register field definitions. */
+#define CH_EN   BIT(0)
+#define CH_INV  BIT(2)
+#define CH_MOD  BIT(3)
+
+/* Registers shared between all PWMs in a module */
+#define PPR 0x00
+#define CSR 0x04
+#define PCR 0x08
+#define PIER0x3c
+#define PIIR0x40
+
+/* CLK module related */
+#define CLK_BA  0xf0801000
+#define CLKSEL  0x04
+#define CLKDIV1 0x08
+#define CLKDIV2 0x2c
+#define PLLCON0 0x0c
+#define PLLCON1 0x10
+#define PLL_INDV(rv)extract32((rv), 0, 6)
+#define PLL_FBDV(rv)extract32((rv), 16, 12)
+#define PLL_OTDV1(rv)   extract32((rv), 8, 3)
+#define PLL_OTDV2(rv)   extract32((rv), 13, 3)
+#define APB3CKDIV(rv)   extract32((rv), 28, 2)
+#define CLK2CKDIV(rv)   extract32((rv), 0, 1)
+#define CLK4CKDIV(rv)   extract32((rv), 26, 2)
+#define CPUCKSEL(rv)extract32((rv), 0, 2)
+
+#define MAX_DUTY100
+
+typedef struct PWMModule {
+int irq;
+uint64_t base_addr;
+} PWMModule;
+
+typedef struct PWM {
+uint32_t cnr_offset;
+uint32_t cmr_offset;
+uint32_t pdr_offset;
+uint32_t pwdr_offset;
+} PWM;
+
+typedef struct TestData {
+const PWMModule *module;
+const PWM *pwm;
+} TestData;
+
+static const PWMModule pwm_module_list[] = {
+{
+.irq= 93,
+.base_addr  = 0xf0103000
+},
+{
+.irq= 94,
+.base_addr  = 0xf0104000
+}
+};
+
+static const PWM pwm_list[] = {
+{
+.cnr_offset = 0x0c,
+.cmr_offset = 0x10,
+.pdr_offset = 0x14,
+.pwdr_offset= 0x44,
+},
+{
+.cnr_offset = 0x18,
+.cmr_offset = 0x1c,
+.pdr_offset = 0x20,
+.pwdr_offset= 0x48,
+},
+{
+.cnr_offset = 0x24,
+.cmr_offset = 0x28,
+.pdr_offset = 0x2c,
+.pwdr_offset= 0x4c,
+},
+{
+.cnr_offset = 0x30,
+.cmr_offset = 0x34,
+.pdr_offset = 0x38,
+.pwdr_offset= 0x50,
+},
+};
+
+static const int ppr_base[] = { 0, 0, 8, 8 };
+static const int csr_base[] = { 0, 4, 8, 12 };
+static const int pcr_base[] = { 0, 8, 12, 16 };
+
+static const uint32_t ppr_list[] = {
+0,
+1,
+10,
+100,
+255, /* Max possible value. */
+};
+
+static const uint32_t csr_list[] = {
+0,
+1,
+2,
+3,
+4, /* Max possible value. */
+};
+
+static const uint32_t cnr_list[] = {
+0,
+1,
+50,
+100,
+150,
+200,
+1000,
+1,
+65535, /* Max possible value. */
+};
+
+static const uint32_t cmr_list[] = {
+0,
+1,
+10,
+50,
+100,
+150,
+200,
+1000,
+1,
+65535, /* Max possible value. */
+};
+
+/* Returns the index of the PWM module. */
+static int pwm_module_index(const PWMModule *module)
+{
+ptrdiff_t diff = module - pwm_module_list;
+
+g_assert_true(diff >= 0 && diff < ARRAY_SIZE(pwm_module_list));
+
+return diff;
+}
+
+/* Returns the index of the PWM entry. */
+static int pwm_index(const PWM *pwm)
+{
+ptrdiff_t diff = pwm - pwm_list;
+
+g_assert_true(diff >= 0 && diff < ARRAY_SIZE(pwm_list));
+
+

[PATCH v5 6/6] hw/*: Use type casting for SysBusDevice in NPCM7XX

2021-01-08 Thread Hao Wu via 
A device shouldn't access its parent object which is QOM internal.
Instead it should use type cast for this purporse. This patch fixes this
issue for all NPCM7XX Devices.

Signed-off-by: Hao Wu 
Reviewed-by: Peter Maydell 
---
 hw/arm/npcm7xx_boards.c | 2 +-
 hw/mem/npcm7xx_mc.c | 2 +-
 hw/misc/npcm7xx_clk.c   | 2 +-
 hw/misc/npcm7xx_gcr.c   | 2 +-
 hw/misc/npcm7xx_rng.c   | 2 +-
 hw/nvram/npcm7xx_otp.c  | 2 +-
 hw/ssi/npcm7xx_fiu.c| 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/arm/npcm7xx_boards.c b/hw/arm/npcm7xx_boards.c
index 306260fa67..3fdd5cab01 100644
--- a/hw/arm/npcm7xx_boards.c
+++ b/hw/arm/npcm7xx_boards.c
@@ -82,7 +82,7 @@ static NPCM7xxState *npcm7xx_create_soc(MachineState *machine,
 uint32_t hw_straps)
 {
 NPCM7xxMachineClass *nmc = NPCM7XX_MACHINE_GET_CLASS(machine);
-MachineClass *mc = >parent;
+MachineClass *mc = MACHINE_CLASS(nmc);
 Object *obj;
 
 if (strcmp(machine->cpu_type, mc->default_cpu_type) != 0) {
diff --git a/hw/mem/npcm7xx_mc.c b/hw/mem/npcm7xx_mc.c
index 0435d06ab4..abc5af5620 100644
--- a/hw/mem/npcm7xx_mc.c
+++ b/hw/mem/npcm7xx_mc.c
@@ -62,7 +62,7 @@ static void npcm7xx_mc_realize(DeviceState *dev, Error **errp)
 
 memory_region_init_io(>mmio, OBJECT(s), _mc_ops, s, "regs",
   NPCM7XX_MC_REGS_SIZE);
-sysbus_init_mmio(>parent, >mmio);
+sysbus_init_mmio(SYS_BUS_DEVICE(s), >mmio);
 }
 
 static void npcm7xx_mc_class_init(ObjectClass *klass, void *data)
diff --git a/hw/misc/npcm7xx_clk.c b/hw/misc/npcm7xx_clk.c
index 48bc9bdda5..0bcae9ce95 100644
--- a/hw/misc/npcm7xx_clk.c
+++ b/hw/misc/npcm7xx_clk.c
@@ -913,7 +913,7 @@ static void npcm7xx_clk_init(Object *obj)
 
 memory_region_init_io(>iomem, obj, _clk_ops, s,
   TYPE_NPCM7XX_CLK, 4 * KiB);
-sysbus_init_mmio(>parent, >iomem);
+sysbus_init_mmio(SYS_BUS_DEVICE(s), >iomem);
 }
 
 static int npcm7xx_clk_post_load(void *opaque, int version_id)
diff --git a/hw/misc/npcm7xx_gcr.c b/hw/misc/npcm7xx_gcr.c
index 745f690809..eace9e1967 100644
--- a/hw/misc/npcm7xx_gcr.c
+++ b/hw/misc/npcm7xx_gcr.c
@@ -220,7 +220,7 @@ static void npcm7xx_gcr_init(Object *obj)
 
 memory_region_init_io(>iomem, obj, _gcr_ops, s,
   TYPE_NPCM7XX_GCR, 4 * KiB);
-sysbus_init_mmio(>parent, >iomem);
+sysbus_init_mmio(SYS_BUS_DEVICE(s), >iomem);
 }
 
 static const VMStateDescription vmstate_npcm7xx_gcr = {
diff --git a/hw/misc/npcm7xx_rng.c b/hw/misc/npcm7xx_rng.c
index f650f3401f..b01df7cdb2 100644
--- a/hw/misc/npcm7xx_rng.c
+++ b/hw/misc/npcm7xx_rng.c
@@ -143,7 +143,7 @@ static void npcm7xx_rng_init(Object *obj)
 
 memory_region_init_io(>iomem, obj, _rng_ops, s, "regs",
   NPCM7XX_RNG_REGS_SIZE);
-sysbus_init_mmio(>parent, >iomem);
+sysbus_init_mmio(SYS_BUS_DEVICE(s), >iomem);
 }
 
 static const VMStateDescription vmstate_npcm7xx_rng = {
diff --git a/hw/nvram/npcm7xx_otp.c b/hw/nvram/npcm7xx_otp.c
index b16ca530ba..c61f2fc1aa 100644
--- a/hw/nvram/npcm7xx_otp.c
+++ b/hw/nvram/npcm7xx_otp.c
@@ -371,7 +371,7 @@ static void npcm7xx_otp_realize(DeviceState *dev, Error 
**errp)
 {
 NPCM7xxOTPClass *oc = NPCM7XX_OTP_GET_CLASS(dev);
 NPCM7xxOTPState *s = NPCM7XX_OTP(dev);
-SysBusDevice *sbd = >parent;
+SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 
 memset(s->array, 0, sizeof(s->array));
 
diff --git a/hw/ssi/npcm7xx_fiu.c b/hw/ssi/npcm7xx_fiu.c
index 5040132b07..4eedb2927e 100644
--- a/hw/ssi/npcm7xx_fiu.c
+++ b/hw/ssi/npcm7xx_fiu.c
@@ -498,7 +498,7 @@ static void npcm7xx_fiu_hold_reset(Object *obj)
 static void npcm7xx_fiu_realize(DeviceState *dev, Error **errp)
 {
 NPCM7xxFIUState *s = NPCM7XX_FIU(dev);
-SysBusDevice *sbd = >parent;
+SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 int i;
 
 if (s->cs_count <= 0) {
-- 
2.29.2.729.g45daf8777d-goog

[PATCH v5 3/6] hw/adc: Add an ADC module for NPCM7XX

2021-01-08 Thread Hao Wu via 
The ADC is part of NPCM7XX Module. Its behavior is controled by the
ADC_CON register. It converts one of the eight analog inputs into a
digital input and stores it in the ADC_DATA register when enabled.

Users can alter input value by using qom-set QMP command.

Reviewed-by: Havard Skinnemoen 
Reviewed-by: Tyrone Ting 
Signed-off-by: Hao Wu 
---
 docs/system/arm/nuvoton.rst|   2 +-
 hw/adc/meson.build |   1 +
 hw/adc/npcm7xx_adc.c   | 301 ++
 hw/adc/trace-events|   5 +
 hw/arm/npcm7xx.c   |  24 ++-
 include/hw/adc/npcm7xx_adc.h   |  69 ++
 include/hw/arm/npcm7xx.h   |   2 +
 meson.build|   1 +
 tests/qtest/meson.build|   3 +-
 tests/qtest/npcm7xx_adc-test.c | 377 +
 10 files changed, 782 insertions(+), 3 deletions(-)
 create mode 100644 hw/adc/npcm7xx_adc.c
 create mode 100644 hw/adc/trace-events
 create mode 100644 include/hw/adc/npcm7xx_adc.h
 create mode 100644 tests/qtest/npcm7xx_adc-test.c

diff --git a/docs/system/arm/nuvoton.rst b/docs/system/arm/nuvoton.rst
index b00d405d52..35829f8d0b 100644
--- a/docs/system/arm/nuvoton.rst
+++ b/docs/system/arm/nuvoton.rst
@@ -41,6 +41,7 @@ Supported devices
  * Random Number Generator (RNG)
  * USB host (USBH)
  * GPIO controller
+ * Analog to Digital Converter (ADC)
 
 Missing devices
 ---
@@ -58,7 +59,6 @@ Missing devices
  * USB device (USBD)
  * SMBus controller (SMBF)
  * Peripheral SPI controller (PSPI)
- * Analog to Digital Converter (ADC)
  * SD/MMC host
  * PECI interface
  * Pulse Width Modulation (PWM)
diff --git a/hw/adc/meson.build b/hw/adc/meson.build
index 0d62ae96ae..6ddee23813 100644
--- a/hw/adc/meson.build
+++ b/hw/adc/meson.build
@@ -1 +1,2 @@
 softmmu_ss.add(when: 'CONFIG_STM32F2XX_ADC', if_true: files('stm32f2xx_adc.c'))
+softmmu_ss.add(when: 'CONFIG_NPCM7XX', if_true: files('npcm7xx_adc.c'))
diff --git a/hw/adc/npcm7xx_adc.c b/hw/adc/npcm7xx_adc.c
new file mode 100644
index 00..870a6d50c2
--- /dev/null
+++ b/hw/adc/npcm7xx_adc.c
@@ -0,0 +1,301 @@
+/*
+ * Nuvoton NPCM7xx ADC Module
+ *
+ * Copyright 2020 Google LLC
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/adc/npcm7xx_adc.h"
+#include "hw/qdev-clock.h"
+#include "hw/qdev-properties.h"
+#include "hw/registerfields.h"
+#include "migration/vmstate.h"
+#include "qemu/log.h"
+#include "qemu/module.h"
+#include "qemu/timer.h"
+#include "qemu/units.h"
+#include "trace.h"
+
+REG32(NPCM7XX_ADC_CON, 0x0)
+REG32(NPCM7XX_ADC_DATA, 0x4)
+
+/* Register field definitions. */
+#define NPCM7XX_ADC_CON_MUX(rv) extract32(rv, 24, 4)
+#define NPCM7XX_ADC_CON_INT_EN  BIT(21)
+#define NPCM7XX_ADC_CON_REFSEL  BIT(19)
+#define NPCM7XX_ADC_CON_INT BIT(18)
+#define NPCM7XX_ADC_CON_EN  BIT(17)
+#define NPCM7XX_ADC_CON_RST BIT(16)
+#define NPCM7XX_ADC_CON_CONVBIT(14)
+#define NPCM7XX_ADC_CON_DIV(rv) extract32(rv, 1, 8)
+
+#define NPCM7XX_ADC_MAX_RESULT  1023
+#define NPCM7XX_ADC_DEFAULT_IREF200
+#define NPCM7XX_ADC_CONV_CYCLES 20
+#define NPCM7XX_ADC_RESET_CYCLES10
+#define NPCM7XX_ADC_R0_INPUT50
+#define NPCM7XX_ADC_R1_INPUT150
+
+static void npcm7xx_adc_reset(NPCM7xxADCState *s)
+{
+timer_del(>conv_timer);
+s->con = 0x000c0001;
+s->data = 0x;
+}
+
+static uint32_t npcm7xx_adc_convert(uint32_t input, uint32_t ref)
+{
+uint32_t result;
+
+result = input * (NPCM7XX_ADC_MAX_RESULT + 1) / ref;
+if (result > NPCM7XX_ADC_MAX_RESULT) {
+result = NPCM7XX_ADC_MAX_RESULT;
+}
+
+return result;
+}
+
+static uint32_t npcm7xx_adc_prescaler(NPCM7xxADCState *s)
+{
+return 2 * (NPCM7XX_ADC_CON_DIV(s->con) + 1);
+}
+
+static void npcm7xx_adc_start_timer(Clock *clk, QEMUTimer *timer,
+uint32_t cycles, uint32_t prescaler)
+{
+int64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+int64_t ticks = cycles;
+int64_t ns;
+
+ticks *= prescaler;
+ns = clock_ticks_to_ns(clk, ticks);
+ns += now;
+timer_mod(timer, ns);
+}
+
+static void npcm7xx_adc_start_convert(NPCM7xxADCState *s)
+{
+uint32_t prescaler = npcm7xx_adc_prescaler(s);
+
+npcm7xx_adc_start_timer(s->clock, >conv_timer, NPCM7XX_ADC_CONV_CYCLES,
+prescaler);
+}
+
+static void npcm7xx_adc_convert_done(void *opaque)
+{
+NPCM7xxADCState *s = opaque;
+uint32_t input = NPCM7XX_ADC_CON_MUX(s->con);
+uint32_t ref = (s->con & NPCM7XX_ADC_CON_REFSEL)
+

[PATCH v5 1/6] hw/misc: Add clock converter in NPCM7XX CLK module

2021-01-08 Thread Hao Wu via 
This patch allows NPCM7XX CLK module to compute clocks that are used by
other NPCM7XX modules.

Add a new struct NPCM7xxClockConverterState which represents a
single converter.  Each clock converter in CLK module represents one
converter in NPCM7XX CLK Module(PLL, SEL or Divider). Each converter
takes one or more input clocks and converts them into one output clock.
They form a clock hierarchy in the CLK module and are responsible for
outputing clocks for various other modules in an NPCM7XX SoC.

Each converter has a function pointer called "convert" which represents
the unique logic for that converter.

The clock contains two initialization information: ConverterInitInfo and
ConverterConnectionInfo. They represent the vertices and edges in the
clock diagram respectively.

Reviewed-by: Havard Skinnemoen 
Reviewed-by: Tyrone Ting 
Signed-off-by: Hao Wu 
Reviewed-by: Peter Maydell 
---
 hw/misc/npcm7xx_clk.c | 795 +-
 include/hw/misc/npcm7xx_clk.h | 140 +-
 2 files changed, 927 insertions(+), 8 deletions(-)

diff --git a/hw/misc/npcm7xx_clk.c b/hw/misc/npcm7xx_clk.c
index 6732437fe2..48bc9bdda5 100644
--- a/hw/misc/npcm7xx_clk.c
+++ b/hw/misc/npcm7xx_clk.c
@@ -18,6 +18,7 @@
 
 #include "hw/misc/npcm7xx_clk.h"
 #include "hw/timer/npcm7xx_timer.h"
+#include "hw/qdev-clock.h"
 #include "migration/vmstate.h"
 #include "qemu/error-report.h"
 #include "qemu/log.h"
@@ -27,9 +28,22 @@
 #include "trace.h"
 #include "sysemu/watchdog.h"
 
+/*
+ * The reference clock hz, and the SECCNT and CNTR25M registers in this module,
+ * is always 25 MHz.
+ */
+#define NPCM7XX_CLOCK_REF_HZ(2500)
+
+/* Register Field Definitions */
+#define NPCM7XX_CLK_WDRCR_CA9C  BIT(0) /* Cortex A9 Cores */
+
 #define PLLCON_LOKI BIT(31)
 #define PLLCON_LOKS BIT(30)
 #define PLLCON_PWDENBIT(12)
+#define PLLCON_FBDV(con) extract32((con), 16, 12)
+#define PLLCON_OTDV2(con) extract32((con), 13, 3)
+#define PLLCON_OTDV1(con) extract32((con), 8, 3)
+#define PLLCON_INDV(con) extract32((con), 0, 6)
 
 enum NPCM7xxCLKRegisters {
 NPCM7XX_CLK_CLKEN1,
@@ -89,12 +103,609 @@ static const uint32_t 
cold_reset_values[NPCM7XX_CLK_NR_REGS] = {
 [NPCM7XX_CLK_AHBCKFI]   = 0x00c8,
 };
 
-/* Register Field Definitions */
-#define NPCM7XX_CLK_WDRCR_CA9C  BIT(0) /* Cortex A9 Cores */
-
 /* The number of watchdogs that can trigger a reset. */
 #define NPCM7XX_NR_WATCHDOGS(3)
 
+/* Clock converter functions */
+
+#define TYPE_NPCM7XX_CLOCK_PLL "npcm7xx-clock-pll"
+#define NPCM7XX_CLOCK_PLL(obj) OBJECT_CHECK(NPCM7xxClockPLLState, \
+(obj), TYPE_NPCM7XX_CLOCK_PLL)
+#define TYPE_NPCM7XX_CLOCK_SEL "npcm7xx-clock-sel"
+#define NPCM7XX_CLOCK_SEL(obj) OBJECT_CHECK(NPCM7xxClockSELState, \
+(obj), TYPE_NPCM7XX_CLOCK_SEL)
+#define TYPE_NPCM7XX_CLOCK_DIVIDER "npcm7xx-clock-divider"
+#define NPCM7XX_CLOCK_DIVIDER(obj) OBJECT_CHECK(NPCM7xxClockDividerState, \
+(obj), TYPE_NPCM7XX_CLOCK_DIVIDER)
+
+static void npcm7xx_clk_update_pll(void *opaque)
+{
+NPCM7xxClockPLLState *s = opaque;
+uint32_t con = s->clk->regs[s->reg];
+uint64_t freq;
+
+/* The PLL is grounded if it is not locked yet. */
+if (con & PLLCON_LOKI) {
+freq = clock_get_hz(s->clock_in);
+freq *= PLLCON_FBDV(con);
+freq /= PLLCON_INDV(con) * PLLCON_OTDV1(con) * PLLCON_OTDV2(con);
+} else {
+freq = 0;
+}
+
+clock_update_hz(s->clock_out, freq);
+}
+
+static void npcm7xx_clk_update_sel(void *opaque)
+{
+NPCM7xxClockSELState *s = opaque;
+uint32_t index = extract32(s->clk->regs[NPCM7XX_CLK_CLKSEL], s->offset,
+s->len);
+
+if (index >= s->input_size) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: SEL index: %u out of range\n",
+  __func__, index);
+index = 0;
+}
+clock_update_hz(s->clock_out, clock_get_hz(s->clock_in[index]));
+}
+
+static void npcm7xx_clk_update_divider(void *opaque)
+{
+NPCM7xxClockDividerState *s = opaque;
+uint32_t freq;
+
+freq = s->divide(s);
+clock_update_hz(s->clock_out, freq);
+}
+
+static uint32_t divide_by_constant(NPCM7xxClockDividerState *s)
+{
+return clock_get_hz(s->clock_in) / s->divisor;
+}
+
+static uint32_t divide_by_reg_divisor(NPCM7xxClockDividerState *s)
+{
+return clock_get_hz(s->clock_in) /
+(extract32(s->clk->regs[s->reg], s->offset, s->len) + 1);
+}
+
+static uint32_t divide_by_reg_divisor_times_2(NPCM7xxClockDividerState *s)
+{
+return divide_by_reg_divisor(s) / 2;
+}
+
+static uint32_t shift_by_reg_divisor(NPCM7xxClockDividerState *s)
+{
+return clock_get_hz(s->clock_in) >>
+extract32(s->clk->regs[s->reg], s->offset, s->len);
+}
+
+static NPCM7xxClockPLL find_pll_by_reg(enum NPCM7xxCLKRegisters reg)
+{
+switch (reg) {
+case NPCM7XX_CLK_PLLCON0:
+return NPCM7XX_CLOCK_PLL0;
+case NPCM7XX_CLK_PLLCON1:
+return NPCM7XX_CLOCK_PLL1;
+case

[PATCH v5 2/6] hw/timer: Refactor NPCM7XX Timer to use CLK clock

2021-01-08 Thread Hao Wu via 
This patch makes NPCM7XX Timer to use a the timer clock generated by the
CLK module instead of the magic number TIMER_REF_HZ.

Reviewed-by: Havard Skinnemoen 
Reviewed-by: Tyrone Ting 
Signed-off-by: Hao Wu 
---
 hw/arm/npcm7xx.c |  5 
 hw/timer/npcm7xx_timer.c | 39 +++-
 include/hw/misc/npcm7xx_clk.h|  6 -
 include/hw/timer/npcm7xx_timer.h |  1 +
 4 files changed, 24 insertions(+), 27 deletions(-)

diff --git a/hw/arm/npcm7xx.c b/hw/arm/npcm7xx.c
index 47e2b6fc40..fabfb1697b 100644
--- a/hw/arm/npcm7xx.c
+++ b/hw/arm/npcm7xx.c
@@ -22,6 +22,7 @@
 #include "hw/char/serial.h"
 #include "hw/loader.h"
 #include "hw/misc/unimp.h"
+#include "hw/qdev-clock.h"
 #include "hw/qdev-properties.h"
 #include "qapi/error.h"
 #include "qemu/units.h"
@@ -420,6 +421,10 @@ static void npcm7xx_realize(DeviceState *dev, Error **errp)
 int first_irq;
 int j;
 
+/* Connect the timer clock. */
+qdev_connect_clock_in(DEVICE(>tim[i]), "clock", qdev_get_clock_out(
+DEVICE(>clk), "timer-clock"));
+
 sysbus_realize(sbd, _abort);
 sysbus_mmio_map(sbd, 0, npcm7xx_tim_addr[i]);
 
diff --git a/hw/timer/npcm7xx_timer.c b/hw/timer/npcm7xx_timer.c
index d24445bd6e..36e2c07db2 100644
--- a/hw/timer/npcm7xx_timer.c
+++ b/hw/timer/npcm7xx_timer.c
@@ -17,8 +17,8 @@
 #include "qemu/osdep.h"
 
 #include "hw/irq.h"
+#include "hw/qdev-clock.h"
 #include "hw/qdev-properties.h"
-#include "hw/misc/npcm7xx_clk.h"
 #include "hw/timer/npcm7xx_timer.h"
 #include "migration/vmstate.h"
 #include "qemu/bitops.h"
@@ -128,23 +128,18 @@ static uint32_t npcm7xx_tcsr_prescaler(uint32_t tcsr)
 /* Convert a timer cycle count to a time interval in nanoseconds. */
 static int64_t npcm7xx_timer_count_to_ns(NPCM7xxTimer *t, uint32_t count)
 {
-int64_t ns = count;
+int64_t ticks = count;
 
-ns *= NANOSECONDS_PER_SECOND / NPCM7XX_TIMER_REF_HZ;
-ns *= npcm7xx_tcsr_prescaler(t->tcsr);
+ticks *= npcm7xx_tcsr_prescaler(t->tcsr);
 
-return ns;
+return clock_ticks_to_ns(t->ctrl->clock, ticks);
 }
 
 /* Convert a time interval in nanoseconds to a timer cycle count. */
 static uint32_t npcm7xx_timer_ns_to_count(NPCM7xxTimer *t, int64_t ns)
 {
-int64_t count;
-
-count = ns / (NANOSECONDS_PER_SECOND / NPCM7XX_TIMER_REF_HZ);
-count /= npcm7xx_tcsr_prescaler(t->tcsr);
-
-return count;
+return ns / clock_ticks_to_ns(t->ctrl->clock,
+  npcm7xx_tcsr_prescaler(t->tcsr));
 }
 
 static uint32_t npcm7xx_watchdog_timer_prescaler(const NPCM7xxWatchdogTimer *t)
@@ -166,8 +161,8 @@ static uint32_t npcm7xx_watchdog_timer_prescaler(const 
NPCM7xxWatchdogTimer *t)
 static void npcm7xx_watchdog_timer_reset_cycles(NPCM7xxWatchdogTimer *t,
 int64_t cycles)
 {
-uint32_t prescaler = npcm7xx_watchdog_timer_prescaler(t);
-int64_t ns = (NANOSECONDS_PER_SECOND / NPCM7XX_TIMER_REF_HZ) * cycles;
+int64_t ticks = cycles * npcm7xx_watchdog_timer_prescaler(t);
+int64_t ns = clock_ticks_to_ns(t->ctrl->clock, ticks);
 
 /*
  * The reset function always clears the current timer. The caller of the
@@ -176,7 +171,6 @@ static void 
npcm7xx_watchdog_timer_reset_cycles(NPCM7xxWatchdogTimer *t,
  */
 npcm7xx_timer_clear(>base_timer);
 
-ns *= prescaler;
 t->base_timer.remaining_ns = ns;
 }
 
@@ -606,10 +600,11 @@ static void npcm7xx_timer_hold_reset(Object *obj)
 qemu_irq_lower(s->watchdog_timer.irq);
 }
 
-static void npcm7xx_timer_realize(DeviceState *dev, Error **errp)
+static void npcm7xx_timer_init(Object *obj)
 {
-NPCM7xxTimerCtrlState *s = NPCM7XX_TIMER(dev);
-SysBusDevice *sbd = >parent;
+NPCM7xxTimerCtrlState *s = NPCM7XX_TIMER(obj);
+DeviceState *dev = DEVICE(obj);
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
 int i;
 NPCM7xxWatchdogTimer *w;
 
@@ -627,11 +622,12 @@ static void npcm7xx_timer_realize(DeviceState *dev, Error 
**errp)
 npcm7xx_watchdog_timer_expired, w);
 sysbus_init_irq(sbd, >irq);
 
-memory_region_init_io(>iomem, OBJECT(s), _timer_ops, s,
+memory_region_init_io(>iomem, obj, _timer_ops, s,
   TYPE_NPCM7XX_TIMER, 4 * KiB);
 sysbus_init_mmio(sbd, >iomem);
 qdev_init_gpio_out_named(dev, >reset_signal,
 NPCM7XX_WATCHDOG_RESET_GPIO_OUT, 1);
+s->clock = qdev_init_clock_in(dev, "clock", NULL, NULL);
 }
 
 static const VMStateDescription vmstate_npcm7xx_base_timer = {
@@ -675,10 +671,11 @@ static const VMStateDescription 
vmstate_npcm7xx_watchdog_timer = {
 
 static const VMStateDescription vmstate_npcm7xx_timer_ctrl = {
 .name = "npcm7xx-timer-ctrl",
-.version_id = 1,
-.minimum_version_id = 1,
+.version_id = 2,
+.minimum_version_id = 2,
 .fields = (VMStateField[]) {
 VMSTATE_UINT32(tisr, NPCM7xxTimerCtrlState),
+VMSTATE_CLOCK(clock, NPCM7xxTimerCtrlState),
 VMSTATE_STRUCT_ARRAY(timer,

[PATCH v5 0/6] Additional NPCM7xx devices

2021-01-08 Thread Hao Wu via 
This patch series include a few more NPCM7XX devices including

- Analog Digital Converter (ADC)
- Pulse Width Modulation (PWM)

We also modified the CLK module to generate clock values using qdev_clock.
These clocks are used to determine various clocks in NPCM7XX devices.

Thank you for your review.

Changes since v4:
- Use clock_ticks_to_ns to compute clock time in nanoseconds.
(Didn't apply to PWM patch since it requires a frequency as output.)
- Removed reset_timer and resets immediately in ADC patch.
- Removed "qemu/osdep.h" from headers and include them in .c files.
- Use REG32 for register fields.
- Fix a g_assert that a guest can trigger with incorrect input.

Changes since v3:
- Use type casting instead of accessing parent object in all devices.

Changes since v2:
- Split PWM test into a separate patch in the patch set
- Add trace events for PWM's update_freq/update_duty
- Add trace events for ioread/iowrite in ADC and PWM
- Use timer_get_ns in hw/timer/npcm7xx_timer.c
- Update commit message in ADC/PWM to mention qom-get/set method for usage
- Fix typos

Changes since v1:
- We removed the IPMI and KCS related code from this patch set.

Hao Wu (6):
  hw/misc: Add clock converter in NPCM7XX CLK module
  hw/timer: Refactor NPCM7XX Timer to use CLK clock
  hw/adc: Add an ADC module for NPCM7XX
  hw/misc: Add a PWM module for NPCM7XX
  hw/misc: Add QTest for NPCM7XX PWM Module
  hw/*: Use type casting for SysBusDevice in NPCM7XX

 docs/system/arm/nuvoton.rst  |   4 +-
 hw/adc/meson.build   |   1 +
 hw/adc/npcm7xx_adc.c | 301 
 hw/adc/trace-events  |   5 +
 hw/arm/npcm7xx.c |  55 ++-
 hw/arm/npcm7xx_boards.c  |   2 +-
 hw/mem/npcm7xx_mc.c  |   2 +-
 hw/misc/meson.build  |   1 +
 hw/misc/npcm7xx_clk.c| 797 ++-
 hw/misc/npcm7xx_gcr.c|   2 +-
 hw/misc/npcm7xx_pwm.c| 550 +
 hw/misc/npcm7xx_rng.c|   2 +-
 hw/misc/trace-events |   6 +
 hw/nvram/npcm7xx_otp.c   |   2 +-
 hw/ssi/npcm7xx_fiu.c |   2 +-
 hw/timer/npcm7xx_timer.c |  39 +-
 include/hw/adc/npcm7xx_adc.h |  69 +++
 include/hw/arm/npcm7xx.h |   4 +
 include/hw/misc/npcm7xx_clk.h| 146 +-
 include/hw/misc/npcm7xx_pwm.h| 105 
 include/hw/timer/npcm7xx_timer.h |   1 +
 meson.build  |   1 +
 tests/qtest/meson.build  |   4 +-
 tests/qtest/npcm7xx_adc-test.c   | 377 +++
 tests/qtest/npcm7xx_pwm-test.c   | 490 +++
 25 files changed, 2920 insertions(+), 48 deletions(-)
 create mode 100644 hw/adc/npcm7xx_adc.c
 create mode 100644 hw/adc/trace-events
 create mode 100644 hw/misc/npcm7xx_pwm.c
 create mode 100644 include/hw/adc/npcm7xx_adc.h
 create mode 100644 include/hw/misc/npcm7xx_pwm.h
 create mode 100644 tests/qtest/npcm7xx_adc-test.c
 create mode 100644 tests/qtest/npcm7xx_pwm-test.c

-- 
2.29.2.729.g45daf8777d-goog

  1   2   3   >