date:20210119

Re: Ask for suggestions for CVE-2019-12928

2021-01-19 Thread Markus Armbruster

"Dr. David Alan Gilbert"  writes:

> * 江芳杰 (18401698...@126.com) wrote:
>> Hi:
>> Sorry to bother you~
>> I have read the discussions about CVE--2019-12928 ( 
>> https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg01153.html).
>> But, for the scenario of PC users, which is no requirement of network access 
>> to QMP, there are some mitigating proposes.
>> 1. Modify the compilation options to disable QMP.
>> 2. Modify command line parsing function to discard the QMP parameters with 
>> network configurations.
>> 3. PC manager or other manage software make sure only the trusted user can 
>> use QMP.
>> 4. Other ideas?
>
> QMP is a useful part of QEMU - so we don't want to do 1 - we need it to
> let things control QEMU; including configuring complex setups.

Compiling out QMP gains you exactly nothing unless you also compile out
HMP.  And then you're left without a way to monitor a running QEMU.
Similarly useful (but not nearly as secure) as not running QEMU at all
;)

> The important part is (3) - anything that runs a qemu must make sure it
> wires the QMP up securely; e.g. using unix sockets with appropriate
> permissions or something like that.
>
> As long as they do that, then we're fine.

Yup.

Regarding 4.: making insecure misconfiguration harder might be worth
exploring.

Re: [RFC PATCH V3 0/8] hw/block/nvme: support multi-path for ctrl/ns

2021-01-19 Thread Klaus Jensen

On Jan 20 09:44, Minwoo Im wrote:
> On 21-01-19 19:18:16, Klaus Jensen wrote:
> > On Jan 20 02:01, Minwoo Im wrote:
> > > Hello,
> > > 
> > > This patch series is third one to support multi-controller and namespace
> > > sharing in multi-path.  This series introduced subsystem scheme to
> > > manage controller(s) and namespace(s) in the subsystem.
> > > 
> > > This series has new patches from the V2:  'detached' parameter has been
> > > added to the nvme-ns device.  This will decide whether to attach the
> > > namespace to controller(s) in the current subsystem or not.  If it's
> > > given with true, then it will be just allocated in the subsystem, but
> > > not attaching to any controllers in the subsystem.  Otherwise, it will
> > > automatically attach to all the controllers in the subsystem.  The other
> > > t hing is that the last patch implemented Identify Active Namespace ID
> > > List command handler apart from the Allocated Namespace ID List.
> > > 
> > > Run with:
> > >   -device nvme,serial=qux,id=nvme3
> > >   -device nvme-ns,id=ns3,drive=drv12,nsid=3,bus=nvme3
> > > 
> > >   -device nvme-subsys,id=subsys0
> > >   -device nvme,serial=foo,id=nvme0,subsys=subsys0
> > >   -device nvme,serial=bar,id=nvme1,subsys=subsys0
> > >   -device nvme,serial=baz,id=nvme2,subsys=subsys0
> > >   -device nvme-ns,id=ns1,drive=drv10,nsid=1,subsys=subsys0,detached=true
> > >   -device nvme-ns,id=ns2,drive=drv11,nsid=2,bus=nvme2
> > > 
> > > nvme-cli:
> > >   root@vm:~/work# nvme list -v
> > >   
> > >   NVM Express Subsystems  
> > >
> > >   
> > >
> > >   SubsystemSubsystem-NQN  
> > >   Controllers
> > >    
> > > 
> > >  
> > >   nvme-subsys0 nqn.2019-08.org.qemu:qux   
> > >   nvme0
> > >   nvme-subsys1 nqn.2019-08.org.qemu:subsys0   
> > >   nvme1, nvme2, nvme3
> > >   
> > >  
> > >   NVM Express Controllers 
> > >   
> > >   
> > > 
> > >   Device   SN   MN   
> > > FR   TxPort AddressSubsystemNamespaces
> > >      
> > >  -- --  
> > >   nvme0qux  QEMU NVMe Ctrl   
> > > 1.0  pcie   :00:06.0   nvme-subsys0
> > 
> > Shouldn't nvme0n1 be listed under Namespaces for nvme0?
> 
> Oh, I missed that one from the output.  As Keith mentioned, I ran the
> list command again based on the latest nvme-cli.git:
> 
> Please refer the following result.  I think it's okay not to send the
> cover letter again :)
> 
> # nvme --version
> nvme version 1.13.48.g33c6
> 
> # nvme list -v
> NVM Express Subsystems
> 
> SubsystemSubsystem-NQN
> Controllers
>  
> 
>  
> nvme-subsys0 nqn.2019-08.org.qemu:qux 
> nvme0
> nvme-subsys1 nqn.2019-08.org.qemu:subsys0 
> nvme1, nvme2, nvme3
> 
> NVM Express Controllers
> 
> Device   SN   MN   FR 
>   TxPort AddressSubsystemNamespaces  
>    
>  -- --  
> nvme0qux  QEMU NVMe Ctrl   1.0
>   pcie   :00:06.0   nvme-subsys0 nvme0n1
> nvme1foo  QEMU NVMe Ctrl   1.0
>   pcie   :00:07.0   nvme-subsys1 
> nvme2bar  QEMU NVMe Ctrl   1.0
>   pcie   :00:08.0   nvme-subsys1 
> nvme3baz  QEMU NVMe Ctrl   1.0
>   pcie   :00:09.0

Re: [PATCH v2] RFC: sphinx: adopt kernel readthedoc theme

2021-01-19 Thread no-reply

Patchew URL: 
https://patchew.org/QEMU/20210120074102.51534-1-marcandre.lur...@redhat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20210120074102.51534-1-marcandre.lur...@redhat.com
Subject: [PATCH v2] RFC: sphinx: adopt kernel readthedoc theme

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20210120074102.51534-1-marcandre.lur...@redhat.com 
-> patchew/20210120074102.51534-1-marcandre.lur...@redhat.com
Switched to a new branch 'test'
29128c8 RFC: sphinx: adopt kernel readthedoc theme

=== OUTPUT BEGIN ===
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#37: 
deleted file mode 100644

ERROR: line over 90 characters
#60: FILE: docs/conf.py:157:
+sys.stderr.write('Warning: The Sphinx \'sphinx_rtd_theme\' HTML theme was 
not found. Make sure you have the theme installed to produce pretty HTML 
output. Falling back to the default theme.\n')

ERROR: trailing whitespace
#91: FILE: docs/conf.py:181:
+"gitlab_user": "qemu-project", $

total: 2 errors, 1 warnings, 219 lines checked

Commit 29128c85ea57 (RFC: sphinx: adopt kernel readthedoc theme) has style 
problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20210120074102.51534-1-marcandre.lur...@redhat.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[PATCH v2] RFC: sphinx: adopt kernel readthedoc theme

2021-01-19 Thread marcandre . lureau

From: Marc-André Lureau 

The default "alabaster" sphinx theme has a couple shortcomings:
- the navbar moves along the page
- the search bar is not always at the same place
- it lacks some contrast and colours

The "rtd" theme from readthedocs.org is a popular third party theme used
notably by the kernel, with a custom style sheet. I like it better,
perhaps others do too. It also simplify "Edit on Gitlab" links.

Tweak a bit the custom theme to match qemu.org style, use the
QEMU logo, and favicon etc.

Screenshot:
https://i.ibb.co/XWwG1bZ/Screenshot-2021-01-20-Welcome-to-QEMU-s-documentation-QEMU-documentation.png

Signed-off-by: Marc-André Lureau 
---
 docs/_templates/editpage.html  |   5 -
 docs/conf.py   |  43 ---
 docs/devel/_templates/editpage.html|   5 -
 docs/interop/_templates/editpage.html  |   5 -
 docs/specs/_templates/editpage.html|   5 -
 docs/sphinx-static/theme_overrides.css | 157 +
 docs/system/_templates/editpage.html   |   5 -
 docs/tools/_templates/editpage.html|   5 -
 docs/user/_templates/editpage.html |   5 -
 9 files changed, 181 insertions(+), 54 deletions(-)
 delete mode 100644 docs/_templates/editpage.html
 delete mode 100644 docs/devel/_templates/editpage.html
 delete mode 100644 docs/interop/_templates/editpage.html
 delete mode 100644 docs/specs/_templates/editpage.html
 create mode 100644 docs/sphinx-static/theme_overrides.css
 delete mode 100644 docs/system/_templates/editpage.html
 delete mode 100644 docs/tools/_templates/editpage.html
 delete mode 100644 docs/user/_templates/editpage.html

diff --git a/docs/_templates/editpage.html b/docs/_templates/editpage.html
deleted file mode 100644
index 4319b0f5ac..00
--- a/docs/_templates/editpage.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-  
-https://gitlab.com/qemu-project/qemu/-/blob/master/docs/{{pagename}}.rst";>Page
 source
-  
-
diff --git a/docs/conf.py b/docs/conf.py
index 2ee6111872..2d9e8148a9 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -150,38 +150,43 @@ with open(os.path.join(qemu_docdir, 'defs.rst.inc')) as f:
 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
 #
-html_theme = 'alabaster'
+try:
+import sphinx_rtd_theme
+html_theme = 'sphinx_rtd_theme'
+except ImportError:
+sys.stderr.write('Warning: The Sphinx \'sphinx_rtd_theme\' HTML theme was 
not found. Make sure you have the theme installed to produce pretty HTML 
output. Falling back to the default theme.\n')
 
 # Theme options are theme-specific and customize the look and feel of a theme
 # further.  For a list of options available for each theme, see the
 # documentation.
-# We initialize this to empty here, so the per-manual conf.py can just
-# add individual key/value entries.
 html_theme_options = {
+"style_nav_header_background": "#802400",
 }
 
+html_logo = os.path.join(qemu_docdir, "../ui/icons/qemu_128x128.png")
+
+html_favicon = os.path.join(qemu_docdir, "../ui/icons/qemu_32x32.png")
+
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
-# QEMU doesn't yet have any static files, so comment this out so we don't
-# get a warning about a missing directory.
-# If we do ever add this then it would probably be better to call the
-# subdirectory sphinx_static, as the Linux kernel does.
-# html_static_path = ['_static']
+html_static_path = [os.path.join(qemu_docdir, "sphinx-static")]
+
+html_css_files = [
+'theme_overrides.css',
+]
+
+html_context = {
+"display_gitlab": True,
+"gitlab_user": "qemu-project", 
+"gitlab_repo": "qemu",
+"gitlab_version": "master",
+"conf_py_path": "/docs/", # Path in the checkout to the docs root
+}
 
 # Custom sidebar templates, must be a dictionary that maps document names
 # to template names.
-#
-# This is required for the alabaster theme
-# refs: http://alabaster.readthedocs.io/en/latest/installation.html#sidebars
-html_sidebars = {
-'**': [
-'about.html',
-'editpage.html',
-'navigation.html',
-'searchbox.html',
-]
-}
+#html_sidebars = {}
 
 # Don't copy the rST source files to the HTML output directory,
 # and don't put links to the sources into the output HTML.
diff --git a/docs/devel/_templates/editpage.html 
b/docs/devel/_templates/editpage.html
deleted file mode 100644
index a86d22bca8..00
--- a/docs/devel/_templates/editpage.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-  
-https://gitlab.com/qemu-project/qemu/-/blob/master/docs/devel/{{pagename}}.rst";>Page
 source
-  
-
diff --git a/docs/interop/_templates/editpage.html 
b/docs/interop/_templates/editpage.html
deleted file mode 100644
index 215e562681..00
--- a/docs/interop/_templates/editpage.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-  
-https://gitlab.com/qemu

Re: [PATCH v3 02/25] qapi: backup: add perf.use-copy-range parameter

2021-01-19 Thread Vladimir Sementsov-Ogievskiy


19.01.2021 23:21, Eric Blake wrote:

On 10/26/20 12:17 PM, Vladimir Sementsov-Ogievskiy wrote:

Experiments show, that copy_range is not always making things faster.
So, to make experimentation simpler, let's add a parameter. Some more
perf parameters will be added soon, so here is a new struct.

For now, add new backup qmp parameter with x- prefix for the following
reasons:

  - We are going to add more performance parameters, some will be
related to the whole block-copy process, some only to background
copying in backup (ignored for copy-before-write operations).
  - On the other hand, we are going to use block-copy interface in other
block jobs, which will need performance options as well.. And it
should be the same structure or at least somehow related.

So, there are too much unclean things about how the interface and now
we need the new options mostly for testing. Let's keep them
experimental for a while.

In do_backup_common() new x-perf parameter handled in a way to
make further options addition simpler.

We add use-copy-range with default=true, and we'll change the default
in further patch, after moving backup to use block-copy.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---



+++ b/qapi/block-core.json
@@ -1370,6 +1370,19 @@
  { 'struct': 'BlockdevSnapshot',
'data': { 'node': 'str', 'overlay': 'str' } }
  
+##

+# @BackupPerf:
+#
+# Optional parameters for backup. These parameters don't affect
+# functionality, but may significantly affect performance.
+#
+# @use-copy-range: Use copy offloading. Default true.
+#
+# Since: 5.2


We've missed 5.2; this will need to be updated to 6.0


+##
+{ 'struct': 'BackupPerf',
+  'data': { '*use-copy-range': 'bool' }}
+
  ##
  # @BackupCommon:
  #
@@ -1425,6 +1438,8 @@
  #above node specified by @drive. If this option is not 
given,
  #a node name is autogenerated. (Since: 4.2)
  #
+# @x-perf: Performance options. (Since 5.2)


and here



I wanted to say that it's fixed in v4 (which is already in Max's tree), but... 
It's not fixed. Max, could you touch this up?


--
Best regards,
Vladimir

[PATCH] fuzz: refine the ide/ahci fuzzer configs

2021-01-19 Thread Alexander Bulekov

Disks work differently depending on the x86 machine type (SATA vs PATA).
Additionally, we should fuzz the atapi code paths, which might contain
vulnerabilities such as CVE-2020-29443. This patch adds hard-disk and
cdrom generic-fuzzer configs for both the pc (PATA) and q35 (SATA)
machine types.

Signed-off-by: Alexander Bulekov 
---
 tests/qtest/fuzz/generic_fuzz_configs.h | 20 +++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h 
b/tests/qtest/fuzz/generic_fuzz_configs.h
index 7fed035345..2ec52fbb63 100644
--- a/tests/qtest/fuzz/generic_fuzz_configs.h
+++ b/tests/qtest/fuzz/generic_fuzz_configs.h
@@ -85,10 +85,28 @@ const generic_fuzz_config predefined_configs[] = {
 .objects = "intel-hda",
 },{
 .name = "ide-hd",
+.args = "-machine pc -nodefaults "
+"-drive file=null-co://,if=none,format=raw,id=disk0 "
+"-device ide-hd,drive=disk0",
+.objects = "*ide*",
+},{
+.name = "ide-atapi",
+.args = "-machine pc -nodefaults "
+"-drive file=null-co://,if=none,format=raw,id=disk0 "
+"-device ide-cd,drive=disk0",
+.objects = "*ide*",
+},{
+.name = "ahci-hd",
+.args = "-machine q35 -nodefaults "
+"-drive file=null-co://,if=none,format=raw,id=disk0 "
+"-device ide-hd,drive=disk0",
+.objects = "*ahci*",
+},{
+.name = "ahci-atapi",
 .args = "-machine q35 -nodefaults "
 "-drive file=null-co://,if=none,format=raw,id=disk0 "
 "-device ide-hd,drive=disk0",
-.objects = "ahci*",
+.objects = "*ahci*",
 },{
 .name = "floppy",
 .args = "-machine pc -nodefaults -device floppy,id=floppy0 "
-- 
2.28.0

[PATCH] fuzz: ignore address_space_map is_write flag

2021-01-19 Thread Alexander Bulekov

We passed an is_write flag to the fuzz_dma_read_cb function to
differentiate between the mapped DMA regions that need to be populated
with fuzzed data, and those that don't. We simply passed through the
address_space_map is_write parameter. The goal was to cut down on
unnecessarily populating mapped DMA regions, when they are not read
from.

Unfortunately, nothing precludes code from reading from regions mapped
with is_write=true. For example, see:
https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04729.html

This patch removes the is_write parameter to fuzz_dma_read_cb. As a
result, we will fill all mapped DMA regions with fuzzed data, ignoring
the specified transfer direction.

Signed-off-by: Alexander Bulekov 
---
 include/exec/memory.h | 8 +++-
 include/exec/memory_ldst_cached.h.inc | 6 +++---
 memory_ldst.c.inc | 8 
 softmmu/memory.c  | 5 ++---
 softmmu/physmem.c | 4 ++--
 tests/qtest/fuzz/generic_fuzz.c   | 9 +++--
 6 files changed, 17 insertions(+), 23 deletions(-)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 521d9901d7..0f89787de2 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -45,13 +45,11 @@ DECLARE_OBJ_CHECKERS(IOMMUMemoryRegion, 
IOMMUMemoryRegionClass,
 #ifdef CONFIG_FUZZ
 void fuzz_dma_read_cb(size_t addr,
   size_t len,
-  MemoryRegion *mr,
-  bool is_write);
+  MemoryRegion *mr);
 #else
 static inline void fuzz_dma_read_cb(size_t addr,
 size_t len,
-MemoryRegion *mr,
-bool is_write)
+MemoryRegion *mr)
 {
 /* Do Nothing */
 }
@@ -2504,7 +2502,7 @@ address_space_read_cached(MemoryRegionCache *cache, 
hwaddr addr,
   void *buf, hwaddr len)
 {
 assert(addr < cache->len && len <= cache->len - addr);
-fuzz_dma_read_cb(cache->xlat + addr, len, cache->mrs.mr, false);
+fuzz_dma_read_cb(cache->xlat + addr, len, cache->mrs.mr);
 if (likely(cache->ptr)) {
 memcpy(buf, cache->ptr + addr, len);
 return MEMTX_OK;
diff --git a/include/exec/memory_ldst_cached.h.inc 
b/include/exec/memory_ldst_cached.h.inc
index 01efad62de..7bc8790d34 100644
--- a/include/exec/memory_ldst_cached.h.inc
+++ b/include/exec/memory_ldst_cached.h.inc
@@ -28,7 +28,7 @@ static inline uint32_t 
ADDRESS_SPACE_LD_CACHED(l)(MemoryRegionCache *cache,
 hwaddr addr, MemTxAttrs attrs, MemTxResult *result)
 {
 assert(addr < cache->len && 4 <= cache->len - addr);
-fuzz_dma_read_cb(cache->xlat + addr, 4, cache->mrs.mr, false);
+fuzz_dma_read_cb(cache->xlat + addr, 4, cache->mrs.mr);
 if (likely(cache->ptr)) {
 return LD_P(l)(cache->ptr + addr);
 } else {
@@ -40,7 +40,7 @@ static inline uint64_t 
ADDRESS_SPACE_LD_CACHED(q)(MemoryRegionCache *cache,
 hwaddr addr, MemTxAttrs attrs, MemTxResult *result)
 {
 assert(addr < cache->len && 8 <= cache->len - addr);
-fuzz_dma_read_cb(cache->xlat + addr, 8, cache->mrs.mr, false);
+fuzz_dma_read_cb(cache->xlat + addr, 8, cache->mrs.mr);
 if (likely(cache->ptr)) {
 return LD_P(q)(cache->ptr + addr);
 } else {
@@ -52,7 +52,7 @@ static inline uint32_t 
ADDRESS_SPACE_LD_CACHED(uw)(MemoryRegionCache *cache,
 hwaddr addr, MemTxAttrs attrs, MemTxResult *result)
 {
 assert(addr < cache->len && 2 <= cache->len - addr);
-fuzz_dma_read_cb(cache->xlat + addr, 2, cache->mrs.mr, false);
+fuzz_dma_read_cb(cache->xlat + addr, 2, cache->mrs.mr);
 if (likely(cache->ptr)) {
 return LD_P(uw)(cache->ptr + addr);
 } else {
diff --git a/memory_ldst.c.inc b/memory_ldst.c.inc
index 2fed2de18e..b56e961967 100644
--- a/memory_ldst.c.inc
+++ b/memory_ldst.c.inc
@@ -42,7 +42,7 @@ static inline uint32_t glue(address_space_ldl_internal, 
SUFFIX)(ARG1_DECL,
 MO_32 | devend_memop(endian), attrs);
 } else {
 /* RAM case */
-fuzz_dma_read_cb(addr, 4, mr, false);
+fuzz_dma_read_cb(addr, 4, mr);
 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
 switch (endian) {
 case DEVICE_LITTLE_ENDIAN:
@@ -111,7 +111,7 @@ static inline uint64_t glue(address_space_ldq_internal, 
SUFFIX)(ARG1_DECL,
 MO_64 | devend_memop(endian), attrs);
 } else {
 /* RAM case */
-fuzz_dma_read_cb(addr, 8, mr, false);
+fuzz_dma_read_cb(addr, 8, mr);
 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
 switch (endian) {
 case DEVICE_LITTLE_ENDIAN:
@@ -177,7 +177,7 @@ uint32_t glue(address_space_ldub, SUFFIX)(ARG1_DECL,
 r = memory_region_dispatch_read(mr, addr1, &val, MO_8, attrs);
 } else {
 /* RAM case */
-fuzz_dma_read_cb(addr, 1, mr, false);
+fuzz_dm

Re: [PULL 16/45] vl: Add option to avoid stopping VM upon guest panic

2021-01-19 Thread Alejandro Jimenez





On 1/19/2021 4:34 PM, Peter Maydell wrote:

On Tue, 15 Dec 2020 at 18:11, Paolo Bonzini  wrote:

From: Alejandro Jimenez 

The current default action of pausing a guest after a panic event
is received leaves the responsibility to resume guest execution to the
management layer. The reasons for this behavior are discussed here:
https://lore.kernel.org/qemu-devel/52148f88.5000...@redhat.com/

However, in instances like the case of older guests (Linux and
Windows) using a pvpanic device but missing support for the
PVPANIC_CRASHLOADED event, and Windows guests using the hv-crash
enlightenment, it is desirable to allow the guests to continue
running after sending a PVPANIC_PANICKED event. This allows such
guests to proceed to capture a crash dump and automatically reboot
without intervention of a management layer.

Add an option to avoid stopping a VM after a panic event is received,
by passing:

-action panic=none

in the command line arguments, or during runtime by using an upcoming
QMP command.

Hi. This commit message doesn't say it's changing the default
action, but the change does:


@@ -3899,6 +3899,8 @@ DEF("action", HAS_ARG, QEMU_OPTION_action,
  "   action when guest reboots [default=none]\n"
  "-action shutdown=poweroff|pause\n"
  "   action when guest shuts down [default=poweroff]\n"
+"-action panic=poweroff|pause|none\n"
+"   action when guest panics [default=poweroff]\n"
  "-action watchdog=reset|shutdown|poweroff|inject-nmi|pause|debug|none\n"
  "   action when watchdog fires [default=reset]\n",
  QEMU_ARCH_ALL)
  RebootAction reboot_action = REBOOT_ACTION_NONE;
  ShutdownAction shutdown_action = SHUTDOWN_ACTION_POWEROFF;
+PanicAction panic_action = PANIC_ACTION_POWEROFF;

We used to default to 'pause' and now we default to 'poweroff'.

Hi Peter.

My rationale for setting the panic action to 'poweroff' was to keep the 
default behavior of QEMU when '-no-shutdown' is not specified, and a 
panic occurs. I believe that in order to accomplish that, the default 
panic action should still be 'poweroff', but as you point out there is 
an instance where the behavior changes. Specifically, when 
'-no-shutdown' is not used there is now one fewer QMP event issued when 
a guest panic is detected, before stopping the VM and powering off.


I tried to account for this scenario in the original patches, but I 
failed to catch the problem after the rebase when the changes were 
merged. I'll test and send a fix for this issue in the next few days.




We noticed this because it broke an in-flight test case for
the pvpanic-pci device from Mihai (which was expecting to see
the device in 'pause' state and found it was now in 'poweroff').
The test is just checking for the arrival of the QMP event, and not 
actually expecting the VM to be paused, correct? I see that if a 
test/management app is expecting to receive a GUEST_PANICKED event with 
the specific 'pause' action, then it might be confused. But any such 
tests would only be able to check for the arrival of the QMP event, and 
not actually expect to issue any commands to a paused VM, since the next 
block of code in QEMU immediately powers off and shutdowns when 
'-no-shutdown' is not requested. This was the typical behavior before 
the patches.



Test cases aren't very exciting, but was it really intentional
to change the default behaviour?
My intention was to preserve the default behavior. Perhaps Paolo wanted 
to reduce the number of GUEST_PANICKED events by removing the one with 
'pause' action? You could consider it superfluous since it is 
immediately followed by another indicating the 'poweroff' action... 
Unless I hear otherwise from either of you, I'll work on a fix to keep 
the same number and type of events sent.


Thank you,
Alejandro


  It's part of the user-facing
surface of QEMU, so if we did intend a default change that ought
really to be more clearly stated (and noted in the Changelog) I think.

thanks
-- PMM

[Bug 1214884] Re: Support VDI (Virtualbox) snapshots

2021-01-19 Thread Launchpad Bug Tracker

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1214884

Title:
  Support VDI (Virtualbox) snapshots

Status in QEMU:
  Expired

Bug description:
  Please support Snapshots in VDI images.

  It seems that VirtualBox uses a snapshot for any changes to the main
  system disc. Even when the user does not create a snapshot.

  So if I want to mount a VDI disc with the recent system changes, I
  have to mount the Snapshot.

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1214884/+subscriptions

[Bug 1284090] Re: RFE: QMP: report error reason in BLOCK_IO_ERROR message

2021-01-19 Thread Launchpad Bug Tracker

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1284090

Title:
  RFE: QMP: report error reason in BLOCK_IO_ERROR message

Status in QEMU:
  Expired

Bug description:
  when a disk drive is configured with the error policy enospc for write 
errors, the monitoring client needs a way to distinguish
  betwwen generic I/O error and the I/O error for space exausted.

  The JSON QMP protocol lacks this information: the BLOCK_IO_ERROR
  message does not provide a reason or code for the error verified, so
  the monitoring client cannot distinguish the source of the errors.

  verified against git 105a060188dc6fdd4551571a966514d1a5f6815a

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1284090/+subscriptions

[Bug 1619991] Re: Concurrent VMs crash w/ GPU passthrough and multiple disks

2021-01-19 Thread Launchpad Bug Tracker

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1619991

Title:
  Concurrent VMs crash w/ GPU passthrough and multiple disks

Status in QEMU:
  Expired

Bug description:
  When running multiple VMs with GPU passthrugh, both VMs will crash
  unless all virtual disks are on the same physical volume as root,
  likely on all X58 chipset motherboards.  I've tested with 3.

  Expected Behavior:  No Crash
  Result:  Both VMs GPU drivers fail and the guest OS are unrecoverable, 
usually within seconds, though the degree of "fickleness" of it depends on the 
multidisk setup.
  Reproducibility:  100%

  Steps to reproduce:

  *  Install OS (In my case Debian Jessie/Proxmox), and update to latest
  *  Setup VMs
  *  Setup up GPU passthrough with 1 GPU per VM, and one for host, as per 
https://pve.proxmox.com/wiki/Pci_passthrough
  *  Setup up USB passthrough
  *  Launch both VM
  *  Observe "everything is working"
  *  Stop VMs
  *  Add a second disk to one of the VMs, which exists on a separate physical 
disk from Host OS /
  *  Observe both VMs crash when the virtual disk which exists on separate 
physical media is used (i.e. copy files to the disk)
  *  Stop VMs
  *  Remove new disk, and move Guest OS virtual root disk to separate physical 
media.
  *  Observe both VMs crash around the time GPU driver is loaded on one

  As I mentioned earlier, there is some degree of difference in how
  difficult it is to trigger a crash, depending on the multidisk setup.
  For instance, when / is ZFS, and the virtual disks exist on a separate
  ZFS raid-z volume, both VMs must be doing some relatively intensive HW
  3d acceleration in order to trigger the crash.

  Passing two GPU to one VM works fine all the time, and running either
  VM on its in general will not trigger a crash.

  There are many variables I have yet to test, such as using sata
  instead of virtio for the virtual disks, however unfortunately I do
  not have anything from std err or logs to indicate what the problem
  could be.

  kernel verion:  Linux test-ve 4.4.15-1-pve  (other versions >= 4.2.1 and <= 
4.7.? tested)
  qemu version:  2.6.0 pve-qemu-kvm_2.6-1
  motherboards tested:  rampage iii, ga-ex58-ud5, asus Psomething
  CPUs tested:  i7 920, X5670

  KVM invocation 1:

  /usr/bin/kvm \
  -id 101 \
  -chardev socket,id=qmp,path=/var/run/qemu-server/101.qmp,server,nowait \
  -mon chardev=qmp,mode=control \
  -pidfile /var/run/qemu-server/101.pid \
  -daemonize \
  -smbios type=1,uuid=450e337e-244c-429b-9aa8-afb7aee037e8 \
  -drive if=pflash,format=raw,readonly,file=/usr/share/kvm/OVMF-pure-efi.fd \
  -drive if=pflash,format=raw,file=/root/101-OVMF_VARS-pure-efi.fd \
  -name Madzia-PC \
  -smp 12,sockets=1,cores=12,maxcpus=12 \
  -nodefaults \
  -boot menu=on,strict=on,reboot-timeout=1000 \
  -vga none \
  -nographic \
  -no-hpet \
  -cpu 
host,hv_vendor_id=Nvidia43FIX,hv_spinlocks=0x1fff,hv_vapic,hv_time,hv_reset,hv_vpindex,hv_runtime,hv_relaxed,+kvm_pv_unhalt,+kvm_pv_eoi,kvm=off
 \
  -m 8192 \
  -object memory-backend-ram,id=ram-node0,size=8192M \
  -numa node,nodeid=0,cpus=0-11,memdev=ram-node0 \
  -k en-us -readconfig /usr/share/qemu-server/pve-q35.cfg \
  -device usb-tablet,id=tablet,bus=ehci.0,port=1 \
  -device vfio-pci,host=04:00.0,id=hostpci0,bus=ich9-pcie-port-1,addr=0x0 \
  -device vfio-pci,host=04:00.1,id=hostpci1,bus=ich9-pcie-port-2,addr=0x0 \
  -device usb-host,hostbus=1,hostport=6.1,id=usb0 \
  -device usb-host,hostbus=1,hostport=6.2.1,id=usb1 \
  -device usb-host,hostbus=1,hostport=6.2.2,id=usb2 \
  -device usb-host,hostbus=1,hostport=6.2.3,id=usb3 \
  -device usb-host,hostbus=1,hostport=6.2,id=usb4 \
  -device usb-host,hostbus=1,hostport=6.3,id=usb5 \
  -device usb-host,hostbus=1,hostport=6.4,id=usb6 \
  -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 \
  -iscsi initiator-name=iqn.1993-08.org.debian:01:3f3df5515b13 \
  -drive 
file=/dev/pve/vm-101-disk-1,if=none,id=drive-virtio0,cache=writeback,format=raw,aio=threads,detect-zeroes=on
 \
  -device 
virtio-blk-pci,drive=drive-virtio0,id=virtio0,bus=pci.0,addr=0xa,bootindex=100 \
  -netdev 
type=tap,id=net0,ifname=tap101i0,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown,vhost=on
 \
  -device 
virtio-net-pci,mac=4E:DD:47:D7:DF:C9,netdev=net0,bus=pci.0,addr=0x12,id=net0 \
  -rtc driftfix=slew,base=localtime \
  -machine type=q35 \
  -global kvm-pit.lost_tick_policy=discard

  KVM invocation 2:

  /usr/bin/kvm \
  -id 102 \
  -chardev socket,id=qmp,path=/var/run/qemu-server/102.qmp,server,nowait \
  -mon chardev=qmp,mode=control \
  -pidfile /var/run/qemu-server/102.pid \
  -daemonize \
  -smbios type=1,uuid=450e337e-244c-429b-9aa8-afb7aee037e8 \
  -drive if=pflash,format=raw,readonly,file=/usr/share/kvm/OVMF-pure-efi.fd \
  -dr

[Bug 824074] Re: Provide runtime option to expose the supported list of keymaps for vnc

2021-01-19 Thread Launchpad Bug Tracker

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824074

Title:
  Provide runtime option to expose the supported list of keymaps for vnc

Status in QEMU:
  Expired

Bug description:
  As discussed in the ganeti group[1], I'm opening this bug to request
  that qemu provides a runtime command or switch to list the supported
  keymaps for vnc.

   [1] -
  http://groups.google.com/group/ganeti/browse_thread/thread/dd524f5311d8d79e

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824074/+subscriptions

[Bug 1674925] Re: Qemu PPC64 kvm no display if --device virtio-gpu-pci is selected

2021-01-19 Thread Launchpad Bug Tracker

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1674925

Title:
  Qemu PPC64 kvm no display if  --device virtio-gpu-pci is selected

Status in QEMU:
  Expired

Bug description:
  Hi,
  i did many tests on qemu 2.8 on my BE machines and i found an issue that i 
think was need to be reported

  Test Machines BE 970MP

  if i setup qemu with

  qemu-system-ppc64 -M 1024 --display sdl(or gtk),gl=on --device virtio-
  gpu-pci,virgl --enable-kvm and so and so

  result is doubled window one is vga other is virtio-gpu-pci without
  any start of the VM . pratically i dont have any output of openbios
  and on the virtual serial output

  the same issue i found is if i select:
  qemu-system-ppc64 -M 1024 --display gtk(or sdl) --device virtio-gpu-pci 
--enable-kvm and so and so

  
  i had been try to change all the -M types of all kind of pseries without any 
positive result.

  Ciao 
  Luigi

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1674925/+subscriptions

Re: [PATCH v7 00/35] Hexagon patch series

2021-01-19 Thread no-reply

Patchew URL: 
https://patchew.org/QEMU/163349-24906-1-git-send-email-tsimp...@quicinc.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 163349-24906-1-git-send-email-tsimp...@quicinc.com
Subject: [PATCH v7 00/35] Hexagon patch series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] 
patchew/163349-24906-1-git-send-email-tsimp...@quicinc.com -> 
patchew/163349-24906-1-git-send-email-tsimp...@quicinc.com
Switched to a new branch 'test'
c335702 Add Dockerfile for hexagon
8661b0b Hexagon build infrastructure
ccb9289 Hexagon (tests/tcg/hexagon) TCG tests - floating point
59a4aa2 Hexagon (tests/tcg/hexagon) TCG tests - atomics/load/store/misc
df41b51 Hexagon (tests/tcg/hexagon) TCG tests - multiarch
24e4a9b Hexagon (linux-user/hexagon) Linux user emulation
ba53aef Hexagon (target/hexagon) translation
d73903b Hexagon (target/hexagon) TCG for floating point instructions
e1b871e Hexagon (target/hexagon) TCG for instructions with multiple definitions
785ab07 Hexagon (target/hexagon) TCG generation
e2a6bd3 Hexagon (target/hexagon) instruction classes
f7caea3 Hexagon (target/hexagon) macros
3602875 Hexagon (target/hexagon) opcode data structures
0aff0a5 Hexagon (target/hexagon) generater phase 4 - decode tree
8ce6152 Hexagon (target/hexagon) generator phase 3 - C preprocessor for decode 
tree
5282602 Hexagon (target/hexagon) generator phase 2 - generate header files
ddb1ab6 Hexagon (target/hexagon) generator phase 1 - C preprocessor for 
semantics
cec03ae Hexagon (target/hexagon/imported) arch import
0a394da Hexagon (target/hexagon/fma_emu.[ch]) utility functions
a52a115 Hexagon (target/hexagon/conv_emu.[ch]) utility functions
ea5667d Hexagon (target/hexagon/arch.[ch]) utility functions
d9071c2 Hexagon (target/hexagon) instruction printing
fedaa51 Hexagon (target/hexagon) instruction/packet decode
0eeb24a Hexagon (target/hexagon) instruction attributes
132ac36 Hexagon (target/hexagon) register fields
d4dd36b Hexagon (target/hexagon) instruction and packet types
0349f20 Hexagon (target/hexagon) architecture types
09e562e Hexagon (target/hexagon) GDB Stub
a6c4da7 Hexagon (target/hexagon) scalar core helpers
acea93d Hexagon (target/hexagon) register names
e7ad833 Hexagon (disas) disassembler
499c323 Hexagon (target/hexagon) scalar core definition
03a6080 Hexagon (include/elf.h) ELF machine definition
119b184 Hexagon (target/hexagon) README
41b2cc4 Hexagon Update MAINTAINERS file

=== OUTPUT BEGIN ===
1/35 Checking commit 41b2cc46bddd (Hexagon Update MAINTAINERS file)
2/35 Checking commit 119b184919b0 (Hexagon (target/hexagon) README)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#16: 
new file mode 100644

total: 0 errors, 1 warnings, 235 lines checked

Patch 2/35 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/35 Checking commit 03a6080a087d (Hexagon (include/elf.h) ELF machine 
definition)
4/35 Checking commit 499c32330043 (Hexagon (target/hexagon) scalar core 
definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 595 lines checked

Patch 4/35 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/35 Checking commit e7ad833e1ae3 (Hexagon (disas) disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#22: 
new file mode 100644

total: 0 errors, 1 warnings, 79 lines checked

Patch 5/35 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/35 Checking commit acea93de4673 (Hexagon (target/hexagon) register names)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#15: 
new file mode 100644

total: 0 errors, 1 warnings, 83 lines checked

Patch 6/35 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/35 Checking commit a6c4da758966 (Hexagon (target/hexagon) scalar core helpers)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#18: 
new file mode 100644

total: 0 errors, 1 warnings, 1151 lines checked

Patch 7/35 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/35 Checking commit 09e562e6ea3f (Hexagon (target/hexagon) GDB Stub)
WARNING: added, moved or deleted

[PATCH v7 31/35] Hexagon (tests/tcg/hexagon) TCG tests - multiarch

2021-01-19 Thread Taylor Simpson

Enable multiarch tests for Hexagon
Modify tests/tcg/configure.sh
Add reference files to tests/tcg/hexagon
---
 tests/tcg/configure.sh|   4 +-
 tests/tcg/hexagon/Makefile.target |  30 ++
 tests/tcg/hexagon/float_convs.ref | 748 +
 tests/tcg/hexagon/float_madds.ref | 768 ++
 4 files changed, 1549 insertions(+), 1 deletion(-)
 create mode 100644 tests/tcg/hexagon/Makefile.target
 create mode 100644 tests/tcg/hexagon/float_convs.ref
 create mode 100644 tests/tcg/hexagon/float_madds.ref

diff --git a/tests/tcg/configure.sh b/tests/tcg/configure.sh
index e1b70e2..35f1a77 100755
--- a/tests/tcg/configure.sh
+++ b/tests/tcg/configure.sh
@@ -49,6 +49,8 @@ fi
 : $(cross_cc_alpha="alpha-linux-gnu-gcc")
 : ${cross_cc_arm="arm-linux-gnueabihf-gcc"}
 : ${cross_cc_cflags_armeb="-mbig-endian"}
+: ${cross_cc_hexagon="hexagon-unknown-linux-musl-clang"}
+: ${cross_cc_cflags_hexagon="-mv67 -O2 -static"}
 : ${cross_cc_hppa="hppa-linux-gnu-gcc"}
 : ${cross_cc_i386="i386-pc-linux-gnu-gcc"}
 : ${cross_cc_cflags_i386="-m32"}
@@ -94,7 +96,7 @@ for target in $target_list; do
 xtensa|xtensaeb)
   arches=xtensa
   ;;
-
alpha|cris|hppa|i386|lm32|microblaze|microblazeel|m68k|openrisc|riscv64|s390x|sh4|sparc64)
+
alpha|cris|hexagon|hppa|i386|lm32|microblaze|microblazeel|m68k|openrisc|riscv64|s390x|sh4|sparc64)
   arches=$target
   ;;
 *)
diff --git a/tests/tcg/hexagon/Makefile.target 
b/tests/tcg/hexagon/Makefile.target
new file mode 100644
index 000..10b7c84
--- /dev/null
+++ b/tests/tcg/hexagon/Makefile.target
@@ -0,0 +1,30 @@
+##
+##  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+##
+##  This program is free software; you can redistribute it and/or modify
+##  it under the terms of the GNU General Public License as published by
+##  the Free Software Foundation; either version 2 of the License, or
+##  (at your option) any later version.
+##
+##  This program is distributed in the hope that it will be useful,
+##  but WITHOUT ANY WARRANTY; without even the implied warranty of
+##  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+##  GNU General Public License for more details.
+##
+##  You should have received a copy of the GNU General Public License
+##  along with this program; if not, see .
+##
+
+# Hexagon doesn't support gdb, so skip the EXTRA_RUNS
+EXTRA_RUNS =
+
+# Hexagon has 64K pages, so increase the timeout to keep
+# test-mmap from timing out
+ifeq ($(CONFIG_DEBUG_TCG),y)
+TIMEOUT=800
+else
+TIMEOUT=500
+endif
+
+
+CFLAGS += -Wno-incompatible-pointer-types -Wno-undefined-internal
diff --git a/tests/tcg/hexagon/float_convs.ref 
b/tests/tcg/hexagon/float_convs.ref
new file mode 100644
index 000..9ec9ffc
--- /dev/null
+++ b/tests/tcg/hexagon/float_convs.ref
@@ -0,0 +1,748 @@
+### Rounding to nearest
+from single: f32(-nan:0xffa0)
+  to double: f64(-nan:0x00) (INVALID)
+   to int32: -1 (INVALID)
+   to int64: -1 (INVALID)
+  to uint32: -1 (INVALID)
+  to uint64: -1 (INVALID)
+from single: f32(-nan:0xffc0)
+  to double: f64(-nan:0x00) (OK)
+   to int32: -1 (INVALID)
+   to int64: -1 (INVALID)
+  to uint32: -1 (INVALID)
+  to uint64: -1 (INVALID)
+from single: f32(-inf:0xff80)
+  to double: f64(-inf:0x00fff0) (OK)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-0x1.fe00p+127:0xff7f)
+  to double: f64(-0x1.fe00p+127:0x00c7efe000) (INEXACT 
)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-0x1.1874b200p+103:0xf30c3a59)
+  to double: f64(-0x1.1874b200p+103:0x00c661874b2000) (INEXACT 
)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-0x1.c0bab600p+99:0xf1605d5b)
+  to double: f64(-0x1.c0bab600p+99:0x00c62c0bab6000) (INEXACT )
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-0x1.31f75000p-40:0xab98fba8)
+  to double: f64(-0x1.31f75000p-40:0x00bd731f75) (INEXACT )
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-0x1.50544400p-66:0x9ea82a22)
+  to double: f64(-0x1.50544400p-66:0x00bbd505444000) (INEXACT )
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from single: f32(-0x1.p-126:0x8080)
+  to double: f64(-0x1.p-126:0x00b810) (OK)
+

[PATCH v7 33/35] Hexagon (tests/tcg/hexagon) TCG tests - floating point

2021-01-19 Thread Taylor Simpson

---
 tests/tcg/hexagon/fpstuff.c   | 370 ++
 tests/tcg/hexagon/Makefile.target |   1 +
 2 files changed, 371 insertions(+)
 create mode 100644 tests/tcg/hexagon/fpstuff.c

diff --git a/tests/tcg/hexagon/fpstuff.c b/tests/tcg/hexagon/fpstuff.c
new file mode 100644
index 000..e4f1a0e
--- /dev/null
+++ b/tests/tcg/hexagon/fpstuff.c
@@ -0,0 +1,370 @@
+/*
+ *  Copyright(c) 2020-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+/*
+ * This test checks various FP operations performed on Hexagon
+ */
+
+#include 
+
+const int FPINVF_BIT = 1; /* Invalid */
+const int FPINVF = 1 << FPINVF_BIT;
+const int FPDBZF_BIT = 2; /* Divide by zero */
+const int FPDBZF = 1 << FPDBZF_BIT;
+const int FPOVFF_BIT = 3; /* Overflow */
+const int FPOVFF = 1 << FPOVFF_BIT;
+const int FPUNFF_BIT = 4; /* Underflow */
+const int FPUNFF = 1 << FPUNFF_BIT;
+const int FPINPF_BIT = 5; /* Inexact */
+const int FPINPF = 1 << FPINPF_BIT;
+
+const int SF_ZERO =   0x;
+const int SF_NaN =0x7fc0;
+const int SF_NaN_special =0x7f81;
+const int SF_ANY =0x3f80;
+const int SF_HEX_NAN =0x;
+
+const long long DF_NaN =  0x7ff8ULL;
+const long long DF_ANY =  0x3f80ULL;
+const long long DF_HEX_NAN =  0xULL;
+
+int err;
+
+#define CLEAR_FPSTATUS \
+"r2 = usr\n\t" \
+"r2 = clrbit(r2, #1)\n\t" \
+"r2 = clrbit(r2, #2)\n\t" \
+"r2 = clrbit(r2, #3)\n\t" \
+"r2 = clrbit(r2, #4)\n\t" \
+"r2 = clrbit(r2, #5)\n\t" \
+"usr = r2\n\t"
+
+static void check_fpstatus_bit(int usr, int expect, int flag, const char *n)
+{
+int bit = 1 << flag;
+if ((usr & bit) != (expect & bit)) {
+printf("ERROR %s: usr = %d, expect = %d\n", n,
+   (usr >> flag) & 1, (expect >> flag) & 1);
+err++;
+}
+}
+
+static void check_fpstatus(int usr, int expect)
+{
+check_fpstatus_bit(usr, expect, FPINVF_BIT, "Invalid");
+check_fpstatus_bit(usr, expect, FPDBZF_BIT, "Div by zero");
+check_fpstatus_bit(usr, expect, FPOVFF_BIT, "Overflow");
+check_fpstatus_bit(usr, expect, FPUNFF_BIT, "Underflow");
+check_fpstatus_bit(usr, expect, FPINPF_BIT, "Inexact");
+}
+
+static void check32(int val, int expect)
+{
+if (val != expect) {
+printf("ERROR: 0x%x != 0x%x\n", val, expect);
+err++;
+}
+}
+static void check64(unsigned long long val, unsigned long long expect)
+{
+if (val != expect) {
+printf("ERROR: 0x%llx != 0x%llx\n", val, expect);
+err++;
+}
+}
+
+static void check_compare_exception(void)
+{
+int cmp;
+int usr;
+
+/* Check that FP compares are quiet (don't raise any execptions) */
+asm (CLEAR_FPSTATUS
+ "p0 = sfcmp.eq(%2, %3)\n\t"
+ "%0 = p0\n\t"
+ "%1 = usr\n\t"
+ : "=r"(cmp), "=r"(usr) : "r"(SF_NaN), "r"(SF_ANY)
+ : "r2", "p0", "usr");
+check32(cmp, 0);
+check_fpstatus(usr, 0);
+
+asm (CLEAR_FPSTATUS
+ "p0 = sfcmp.gt(%2, %3)\n\t"
+ "%0 = p0\n\t"
+ "%1 = usr\n\t"
+ : "=r"(cmp), "=r"(usr) : "r"(SF_NaN), "r"(SF_ANY)
+ : "r2", "p0", "usr");
+check32(cmp, 0);
+check_fpstatus(usr, 0);
+
+asm (CLEAR_FPSTATUS
+ "p0 = sfcmp.ge(%2, %3)\n\t"
+ "%0 = p0\n\t"
+ "%1 = usr\n\t"
+ : "=r"(cmp), "=r"(usr) : "r"(SF_NaN), "r"(SF_ANY)
+ : "r2", "p0", "usr");
+check32(cmp, 0);
+check_fpstatus(usr, 0);
+
+asm (CLEAR_FPSTATUS
+ "p0 = dfcmp.eq(%2, %3)\n\t"
+ "%0 = p0\n\t"
+ "%1 = usr\n\t"
+ : "=r"(cmp), "=r"(usr) : "r"(DF_NaN), "r"(DF_ANY)
+ : "r2", "p0", "usr");
+check32(cmp, 0);
+check_fpstatus(usr, 0);
+
+asm (CLEAR_FPSTATUS
+ "p0 = dfcmp.gt(%2, %3)\n\t"
+ "%0 = p0\n\t"
+ "%1 = usr\n\t"
+ : "=r"(cmp), "=r"(usr) : "r"(DF_NaN), "r"(DF_ANY)
+ : "r2", "p0", "usr");
+check32(cmp, 0);
+check_fpstatus(usr, 0);
+
+asm (CLEAR_FPSTATUS
+ "p0 = dfcmp.ge(%2, %3)\n\t"
+ "%0 = p0\n\t"
+ "%1 = usr\n\t"
+

[PATCH v7 26/35] Hexagon (target/hexagon) TCG generation

2021-01-19 Thread Taylor Simpson

Include the generated files and set up the data structures

Signed-off-by: Taylor Simpson 
---
 target/hexagon/genptr.h |  25 +
 target/hexagon/genptr.c | 236 
 2 files changed, 261 insertions(+)
 create mode 100644 target/hexagon/genptr.h
 create mode 100644 target/hexagon/genptr.c

diff --git a/target/hexagon/genptr.h b/target/hexagon/genptr.h
new file mode 100644
index 000..c158005
--- /dev/null
+++ b/target/hexagon/genptr.h
@@ -0,0 +1,25 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_GENPTR_H
+#define HEXAGON_GENPTR_H
+
+#include "insn.h"
+
+extern const SemanticInsn opcode_genptr[];
+
+#endif
diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
new file mode 100644
index 000..f417bfa
--- /dev/null
+++ b/target/hexagon/genptr.c
@@ -0,0 +1,236 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#define QEMU_GENERATE
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "cpu.h"
+#include "internal.h"
+#include "tcg/tcg-op.h"
+#include "insn.h"
+#include "opcodes.h"
+#include "translate.h"
+#include "macros.h"
+#include "gen_tcg.h"
+
+static inline TCGv gen_read_reg(TCGv result, int num)
+{
+tcg_gen_mov_tl(result, hex_gpr[num]);
+return result;
+}
+
+static inline TCGv gen_read_preg(TCGv pred, uint8_t num)
+{
+tcg_gen_mov_tl(pred, hex_pred[num]);
+return pred;
+}
+
+static inline void gen_log_predicated_reg_write(int rnum, TCGv val, int slot)
+{
+TCGv one = tcg_const_tl(1);
+TCGv zero = tcg_const_tl(0);
+TCGv slot_mask = tcg_temp_new();
+
+tcg_gen_andi_tl(slot_mask, hex_slot_cancelled, 1 << slot);
+tcg_gen_movcond_tl(TCG_COND_EQ, hex_new_value[rnum], slot_mask, zero,
+   val, hex_new_value[rnum]);
+#if HEX_DEBUG
+/* Do this so HELPER(debug_commit_end) will know */
+tcg_gen_movcond_tl(TCG_COND_EQ, hex_reg_written[rnum], slot_mask, zero,
+   one, hex_reg_written[rnum]);
+#endif
+
+tcg_temp_free(one);
+tcg_temp_free(zero);
+tcg_temp_free(slot_mask);
+}
+
+static inline void gen_log_reg_write(int rnum, TCGv val)
+{
+tcg_gen_mov_tl(hex_new_value[rnum], val);
+#if HEX_DEBUG
+/* Do this so HELPER(debug_commit_end) will know */
+tcg_gen_movi_tl(hex_reg_written[rnum], 1);
+#endif
+}
+
+static void gen_log_predicated_reg_write_pair(int rnum, TCGv_i64 val, int slot)
+{
+TCGv val32 = tcg_temp_new();
+TCGv one = tcg_const_tl(1);
+TCGv zero = tcg_const_tl(0);
+TCGv slot_mask = tcg_temp_new();
+
+tcg_gen_andi_tl(slot_mask, hex_slot_cancelled, 1 << slot);
+/* Low word */
+tcg_gen_extrl_i64_i32(val32, val);
+tcg_gen_movcond_tl(TCG_COND_EQ, hex_new_value[rnum], slot_mask, zero,
+   val32, hex_new_value[rnum]);
+#if HEX_DEBUG
+/* Do this so HELPER(debug_commit_end) will know */
+tcg_gen_movcond_tl(TCG_COND_EQ, hex_reg_written[rnum],
+   slot_mask, zero,
+   one, hex_reg_written[rnum]);
+#endif
+
+/* High word */
+tcg_gen_extrh_i64_i32(val32, val);
+tcg_gen_movcond_tl(TCG_COND_EQ, hex_new_value[rnum + 1],
+   slot_mask, zero,
+   val32, hex_new_value[rnum + 1]);
+#if HEX_DEBUG
+/* Do this so HELPER(debug_commit_end) will know */
+tcg_gen_movcond_tl(TCG_COND_EQ, hex_reg_written[rnum + 1],
+   slot_mask, zero,
+   one, hex_reg_written[rnum + 1]);
+#endif
+
+tcg_temp_free(val32);
+tcg_temp_free(one);
+tcg_temp_

[PATCH] target/arm: Implement ID_PFR2

2021-01-19 Thread Richard Henderson

This was defined at some point before ARMv8.4, and will
shortly be used by new processor descriptions.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---

I've pulled this out of a largely defunct 2019 branch.  This will
be required for the cortex-a76.  Aside from simplistic isar changes,
this is unchanged from its April 2019 review, so I did keep the r-b.


r~
---
 target/arm/cpu.h| 1 +
 target/arm/helper.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index df0d677833..d080239863 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -922,6 +922,7 @@ struct ARMCPU {
 uint32_t id_mmfr4;
 uint32_t id_pfr0;
 uint32_t id_pfr1;
+uint32_t id_pfr2;
 uint32_t mvfr0;
 uint32_t mvfr1;
 uint32_t mvfr2;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 10102aab3c..677a4aa79e 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -7671,11 +7671,11 @@ void register_cp_regs_for_features(ARMCPU *cpu)
   .access = PL1_R, .type = ARM_CP_CONST,
   .accessfn = access_aa64_tid3,
   .resetvalue = 0 },
-{ .name = "MVFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
+{ .name = "ID_PFR2", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 4,
   .access = PL1_R, .type = ARM_CP_CONST,
   .accessfn = access_aa64_tid3,
-  .resetvalue = 0 },
+  .resetvalue = cpu->isar.id_pfr2 },
 { .name = "MVFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 5,
   .access = PL1_R, .type = ARM_CP_CONST,
-- 
2.25.1

[PATCH v7 30/35] Hexagon (linux-user/hexagon) Linux user emulation

2021-01-19 Thread Taylor Simpson

Implementation of Linux user emulation for Hexagon
Some common files modified in addition to new files in linux-user/hexagon

Signed-off-by: Taylor Simpson 
Reviewed-by: Richard Henderson 
---
 linux-user/hexagon/sockbits.h   |  18 ++
 linux-user/hexagon/syscall_nr.h | 322 
 linux-user/hexagon/target_cpu.h |  44 +
 linux-user/hexagon/target_elf.h |  40 +
 linux-user/hexagon/target_fcntl.h   |  18 ++
 linux-user/hexagon/target_signal.h  |  34 
 linux-user/hexagon/target_structs.h |  54 ++
 linux-user/hexagon/target_syscall.h |  36 
 linux-user/hexagon/termbits.h   |  18 ++
 linux-user/qemu.h   |   2 +
 linux-user/syscall_defs.h   |  33 
 linux-user/elfload.c|  16 ++
 linux-user/hexagon/cpu_loop.c   |  99 +++
 linux-user/hexagon/signal.c | 276 +++
 scripts/gensyscalls.sh  |   1 +
 15 files changed, 1011 insertions(+)
 create mode 100644 linux-user/hexagon/sockbits.h
 create mode 100644 linux-user/hexagon/syscall_nr.h
 create mode 100644 linux-user/hexagon/target_cpu.h
 create mode 100644 linux-user/hexagon/target_elf.h
 create mode 100644 linux-user/hexagon/target_fcntl.h
 create mode 100644 linux-user/hexagon/target_signal.h
 create mode 100644 linux-user/hexagon/target_structs.h
 create mode 100644 linux-user/hexagon/target_syscall.h
 create mode 100644 linux-user/hexagon/termbits.h
 create mode 100644 linux-user/hexagon/cpu_loop.c
 create mode 100644 linux-user/hexagon/signal.c

diff --git a/linux-user/hexagon/sockbits.h b/linux-user/hexagon/sockbits.h
new file mode 100644
index 000..b7ad5dc
--- /dev/null
+++ b/linux-user/hexagon/sockbits.h
@@ -0,0 +1,18 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "../generic/sockbits.h"
diff --git a/linux-user/hexagon/syscall_nr.h b/linux-user/hexagon/syscall_nr.h
new file mode 100644
index 000..da1314f
--- /dev/null
+++ b/linux-user/hexagon/syscall_nr.h
@@ -0,0 +1,322 @@
+/*
+ * This file contains the system call numbers.
+ * Do not modify.
+ * This file is generated by scripts/gensyscalls.sh
+ */
+#ifndef LINUX_USER_HEXAGON_SYSCALL_NR_H
+#define LINUX_USER_HEXAGON_SYSCALL_NR_H
+
+#define TARGET_NR_io_setup 0
+#define TARGET_NR_io_destroy 1
+#define TARGET_NR_io_submit 2
+#define TARGET_NR_io_cancel 3
+#define TARGET_NR_io_getevents 4
+#define TARGET_NR_setxattr 5
+#define TARGET_NR_lsetxattr 6
+#define TARGET_NR_fsetxattr 7
+#define TARGET_NR_getxattr 8
+#define TARGET_NR_lgetxattr 9
+#define TARGET_NR_fgetxattr 10
+#define TARGET_NR_listxattr 11
+#define TARGET_NR_llistxattr 12
+#define TARGET_NR_flistxattr 13
+#define TARGET_NR_removexattr 14
+#define TARGET_NR_lremovexattr 15
+#define TARGET_NR_fremovexattr 16
+#define TARGET_NR_getcwd 17
+#define TARGET_NR_lookup_dcookie 18
+#define TARGET_NR_eventfd2 19
+#define TARGET_NR_epoll_create1 20
+#define TARGET_NR_epoll_ctl 21
+#define TARGET_NR_epoll_pwait 22
+#define TARGET_NR_dup 23
+#define TARGET_NR_dup3 24
+#define TARGET_NR_fcntl64 25
+#define TARGET_NR_inotify_init1 26
+#define TARGET_NR_inotify_add_watch 27
+#define TARGET_NR_inotify_rm_watch 28
+#define TARGET_NR_ioctl 29
+#define TARGET_NR_ioprio_set 30
+#define TARGET_NR_ioprio_get 31
+#define TARGET_NR_flock 32
+#define TARGET_NR_mknodat 33
+#define TARGET_NR_mkdirat 34
+#define TARGET_NR_unlinkat 35
+#define TARGET_NR_symlinkat 36
+#define TARGET_NR_linkat 37
+#define TARGET_NR_renameat 38
+#define TARGET_NR_umount2 39
+#define TARGET_NR_mount 40
+#define TARGET_NR_pivot_root 41
+#define TARGET_NR_nfsservctl 42
+#define TARGET_NR_statfs64 43
+#define TARGET_NR_fstatfs64 44
+#define TARGET_NR_truncate64 45
+#define TARGET_NR_ftruncate64 46
+#define TARGET_NR_fallocate 47
+#define TARGET_NR_faccessat 48
+#define TARGET_NR_chdir 49
+#define TARGET_NR_fchdir 50
+#define TARGET_NR_chroot 51
+#define TARGET_NR_fchmod 52
+#define TARGET_NR_fchmodat 53
+#define TARGET_NR_fchownat 54
+#define TARGET_NR_fchown 55
+#define TARGET_NR_openat 56
+#define TARGET_NR_close 57
+#define TARGET_NR_vhangup 58
+#define TARGET_NR_pipe2 59
+#define TARGET_NR_quotactl 60
+#define TARGET_NR_getdents64 61
+#define TARGET_NR_llseek 62
+#define TARGET_NR_read 63
+#define TARGET_NR_

[PATCH v7 15/35] Hexagon (target/hexagon/arch.[ch]) utility functions

2021-01-19 Thread Taylor Simpson

Signed-off-by: Taylor Simpson 
---
 target/hexagon/arch.h |  35 ++
 target/hexagon/arch.c | 294 ++
 2 files changed, 329 insertions(+)
 create mode 100644 target/hexagon/arch.h
 create mode 100644 target/hexagon/arch.c

diff --git a/target/hexagon/arch.h b/target/hexagon/arch.h
new file mode 100644
index 000..a8374a3
--- /dev/null
+++ b/target/hexagon/arch.h
@@ -0,0 +1,35 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_ARCH_H
+#define HEXAGON_ARCH_H
+
+#include "qemu/osdep.h"
+#include "qemu/int128.h"
+
+extern uint64_t interleave(uint32_t odd, uint32_t even);
+extern uint64_t deinterleave(uint64_t src);
+extern uint32_t carry_from_add64(uint64_t a, uint64_t b, uint32_t c);
+extern int32_t conv_round(int32_t a, int n);
+extern void arch_fpop_start(CPUHexagonState *env);
+extern void arch_fpop_end(CPUHexagonState *env);
+extern int arch_sf_recip_common(float32 *Rs, float32 *Rt, float32 *Rd,
+int *adjust, float_status *fp_status);
+extern int arch_sf_invsqrt_common(float32 *Rs, float32 *Rd, int *adjust,
+  float_status *fp_status);
+
+#endif
diff --git a/target/hexagon/arch.c b/target/hexagon/arch.c
new file mode 100644
index 000..c59cad5
--- /dev/null
+++ b/target/hexagon/arch.c
@@ -0,0 +1,294 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "fpu/softfloat.h"
+#include "cpu.h"
+#include "fma_emu.h"
+#include "arch.h"
+#include "macros.h"
+
+#define SF_BIAS127
+#define SF_MAXEXP  254
+#define SF_MANTBITS23
+#define float32_nanmake_float32(0x)
+
+#define BITS_MASK_8 0xULL
+#define PAIR_MASK_8 0xULL
+#define NYBL_MASK_8 0x0f0f0f0f0f0f0f0fULL
+#define BYTE_MASK_8 0x00ff00ff00ff00ffULL
+#define HALF_MASK_8 0xULL
+#define WORD_MASK_8 0xULL
+
+uint64_t interleave(uint32_t odd, uint32_t even)
+{
+/* Convert to long long */
+uint64_t myodd = odd;
+uint64_t myeven = even;
+/* First, spread bits out */
+myodd = (myodd | (myodd << 16)) & HALF_MASK_8;
+myeven = (myeven | (myeven << 16)) & HALF_MASK_8;
+myodd = (myodd | (myodd << 8)) & BYTE_MASK_8;
+myeven = (myeven | (myeven << 8)) & BYTE_MASK_8;
+myodd = (myodd | (myodd << 4)) & NYBL_MASK_8;
+myeven = (myeven | (myeven << 4)) & NYBL_MASK_8;
+myodd = (myodd | (myodd << 2)) & PAIR_MASK_8;
+myeven = (myeven | (myeven << 2)) & PAIR_MASK_8;
+myodd = (myodd | (myodd << 1)) & BITS_MASK_8;
+myeven = (myeven | (myeven << 1)) & BITS_MASK_8;
+/* Now OR together */
+return myeven | (myodd << 1);
+}
+
+uint64_t deinterleave(uint64_t src)
+{
+/* Get odd and even bits */
+uint64_t myodd = ((src >> 1) & BITS_MASK_8);
+uint64_t myeven = (src & BITS_MASK_8);
+
+/* Unspread bits */
+myeven = (myeven | (myeven >> 1)) & PAIR_MASK_8;
+myodd = (myodd | (myodd >> 1)) & PAIR_MASK_8;
+myeven = (myeven | (myeven >> 2)) & NYBL_MASK_8;
+myodd = (myodd | (myodd >> 2)) & NYBL_MASK_8;
+myeven = (myeven | (myeven >> 4)) & BYTE_MASK_8;
+myodd = (myodd | (myodd >> 4)) & BYTE_MASK_8;
+myeven = (myeven | (myeven >> 8)) & HALF_MASK_8;
+myodd = (myodd | (myodd >> 8)) & HALF_MASK_8;
+myeven = (myeven | (myeven >> 16)) & WORD_MASK_8;
+myodd = (myodd | (myodd >> 16)) & WORD_MASK_8;
+
+/* Return odd bits in upper half */
+return myeven | (myodd << 32);
+}
+
+uint32_t carry_from_add64(uint64_t a, uint64_t b, uint

[PATCH v7 29/35] Hexagon (target/hexagon) translation

2021-01-19 Thread Taylor Simpson

Read the instruction memory
Create a packet data structure
Generate TCG code for the start of the packet
Invoke the generate function for each instruction
Generate TCG code for the end of the packet

Signed-off-by: Taylor Simpson 
---
 target/hexagon/translate.h |  91 ++
 target/hexagon/translate.c | 693 +
 2 files changed, 784 insertions(+)
 create mode 100644 target/hexagon/translate.h
 create mode 100644 target/hexagon/translate.c

diff --git a/target/hexagon/translate.h b/target/hexagon/translate.h
new file mode 100644
index 000..504490e
--- /dev/null
+++ b/target/hexagon/translate.h
@@ -0,0 +1,91 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_TRANSLATE_H
+#define HEXAGON_TRANSLATE_H
+
+#include "qemu/bitmap.h"
+#include "cpu.h"
+#include "exec/translator.h"
+#include "tcg/tcg-op.h"
+#include "internal.h"
+
+typedef struct DisasContext {
+DisasContextBase base;
+uint32_t mem_idx;
+int reg_log[REG_WRITES_MAX];
+int reg_log_idx;
+DECLARE_BITMAP(regs_written, TOTAL_PER_THREAD_REGS);
+int preg_log[PRED_WRITES_MAX];
+int preg_log_idx;
+uint8_t store_width[STORES_MAX];
+uint8_t s1_store_processed;
+} DisasContext;
+
+static inline void ctx_log_reg_write(DisasContext *ctx, int rnum)
+{
+#if HEX_DEBUG
+if (test_bit(rnum, ctx->regs_written)) {
+HEX_DEBUG_LOG("WARNING: Multiple writes to r%d\n", rnum);
+}
+#endif
+ctx->reg_log[ctx->reg_log_idx] = rnum;
+ctx->reg_log_idx++;
+set_bit(rnum, ctx->regs_written);
+}
+
+static inline void ctx_log_reg_write_pair(DisasContext *ctx, int rnum)
+{
+ctx_log_reg_write(ctx, rnum);
+ctx_log_reg_write(ctx, rnum + 1);
+}
+
+static inline void ctx_log_pred_write(DisasContext *ctx, int pnum)
+{
+ctx->preg_log[ctx->preg_log_idx] = pnum;
+ctx->preg_log_idx++;
+}
+
+static inline bool is_preloaded(DisasContext *ctx, int num)
+{
+return test_bit(num, ctx->regs_written);
+}
+
+extern TCGv hex_gpr[TOTAL_PER_THREAD_REGS];
+extern TCGv hex_pred[NUM_PREGS];
+extern TCGv hex_next_PC;
+extern TCGv hex_this_PC;
+extern TCGv hex_slot_cancelled;
+extern TCGv hex_branch_taken;
+extern TCGv hex_new_value[TOTAL_PER_THREAD_REGS];
+extern TCGv hex_reg_written[TOTAL_PER_THREAD_REGS];
+extern TCGv hex_new_pred_value[NUM_PREGS];
+extern TCGv hex_pred_written;
+extern TCGv hex_store_addr[STORES_MAX];
+extern TCGv hex_store_width[STORES_MAX];
+extern TCGv hex_store_val32[STORES_MAX];
+extern TCGv_i64 hex_store_val64[STORES_MAX];
+extern TCGv hex_dczero_addr;
+extern TCGv hex_llsc_addr;
+extern TCGv hex_llsc_val;
+extern TCGv_i64 hex_llsc_val_i64;
+
+extern void gen_exception(int excp);
+extern void gen_exception_debug(void);
+
+extern void process_store(DisasContext *ctx, int slot_num);
+#endif
diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c
new file mode 100644
index 000..b67f9c8
--- /dev/null
+++ b/target/hexagon/translate.c
@@ -0,0 +1,693 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#define QEMU_GENERATE
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "tcg/tcg-op.h"
+#include "exec/cpu_ldst.h"
+#include "exec/log.h"
+#include "internal.h"
+#include "attribs.h"
+#include "insn.h"
+#include "decode.h"
+#include "translate.h"
+#include "printinsn.h"
+
+TCGv hex_gpr[TOTAL_PER_THREAD_REGS];
+TCGv hex_pred[NUM_PREGS];
+TCGv hex_next_PC;
+TCGv hex_this_PC;
+TCGv hex_slot_cancelled;
+TCGv hex_branch_taken;
+TCGv hex_new_value[TOTAL_PER_THREAD_REGS];
+#if HEX_DEBUG
+TCGv hex_reg_written[TOTAL_PER_THREAD_REGS];
+#en

[PATCH v7 08/35] Hexagon (target/hexagon) GDB Stub

2021-01-19 Thread Taylor Simpson

GDB register read and write routines

Signed-off-by: Taylor Simpson 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé dump_state = hexagon_dump_state;
 cc->set_pc = hexagon_cpu_set_pc;
 cc->synchronize_from_tb = hexagon_cpu_synchronize_from_tb;
+cc->gdb_read_register = hexagon_gdb_read_register;
+cc->gdb_write_register = hexagon_gdb_write_register;
 cc->gdb_num_core_regs = TOTAL_PER_THREAD_REGS;
 cc->gdb_stop_before_watchpoint = true;
 cc->disas_set_info = hexagon_cpu_disas_set_info;
diff --git a/target/hexagon/gdbstub.c b/target/hexagon/gdbstub.c
new file mode 100644
index 000..9c8c04c
--- /dev/null
+++ b/target/hexagon/gdbstub.c
@@ -0,0 +1,47 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "exec/gdbstub.h"
+#include "cpu.h"
+#include "internal.h"
+
+int hexagon_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n)
+{
+HexagonCPU *cpu = HEXAGON_CPU(cs);
+CPUHexagonState *env = &cpu->env;
+
+if (n < TOTAL_PER_THREAD_REGS) {
+return gdb_get_regl(mem_buf, env->gpr[n]);
+}
+
+g_assert_not_reached();
+}
+
+int hexagon_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
+{
+HexagonCPU *cpu = HEXAGON_CPU(cs);
+CPUHexagonState *env = &cpu->env;
+
+if (n < TOTAL_PER_THREAD_REGS) {
+env->gpr[n] = ldtul_p(mem_buf);
+return sizeof(target_ulong);
+}
+
+g_assert_not_reached();
+}
-- 
2.7.4

[PATCH v7 27/35] Hexagon (target/hexagon) TCG for instructions with multiple definitions

2021-01-19 Thread Taylor Simpson

Helpers won't work if there are multiple definitions, so we override these
instructions using #define fGEN_TCG_.

Signed-off-by: Taylor Simpson 
---
 target/hexagon/gen_tcg.h | 198 +++
 1 file changed, 198 insertions(+)
 create mode 100644 target/hexagon/gen_tcg.h

diff --git a/target/hexagon/gen_tcg.h b/target/hexagon/gen_tcg.h
new file mode 100644
index 000..a8d9321
--- /dev/null
+++ b/target/hexagon/gen_tcg.h
@@ -0,0 +1,198 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_GEN_TCG_H
+#define HEXAGON_GEN_TCG_H
+
+/*
+ * Here is a primer to understand the tag names for load/store instructions
+ *
+ * Data types
+ *  bsigned byte   r0 = memb(r2+#0)
+ * ubunsigned byte r0 = memub(r2+#0)
+ *  hsigned half word (16 bits)r0 = memh(r2+#0)
+ * uhunsigned half wordr0 = memuh(r2+#0)
+ *  iinteger (32 bits) r0 = memw(r2+#0)
+ *  ddouble word (64 bits) r1:0 = memd(r2+#0)
+ *
+ * Addressing modes
+ * _io   indirect with offset  r0 = memw(r1+#4)
+ * _ur   absolute with register offset r0 = memw(r1<<#4+##variable)
+ * _rr   indirect with register offset r0 = memw(r1+r4<<#2)
+ * gpglobal pointer relative   r0 = memw(gp+#200)
+ * _sp   stack pointer relativer0 = memw(r29+#12)
+ * _ap   absolute set  r0 = memw(r1=##variable)
+ * _pr   post increment register   r0 = memw(r1++m1)
+ * _pi   post increment immediate  r0 = memb(r1++#1)
+ */
+
+/* Macros for complex addressing modes */
+#define GET_EA_ap \
+do { \
+fEA_IMM(UiV); \
+tcg_gen_movi_tl(ReV, UiV); \
+} while (0)
+#define GET_EA_pr \
+do { \
+fEA_REG(RxV); \
+fPM_M(RxV, MuV); \
+} while (0)
+#define GET_EA_pi \
+do { \
+fEA_REG(RxV); \
+fPM_I(RxV, siV); \
+} while (0)
+
+
+/* Instructions with multiple definitions */
+#define fGEN_TCG_LOAD_AP(RES, SIZE, SIGN) \
+do { \
+fMUST_IMMEXT(UiV); \
+fEA_IMM(UiV); \
+fLOAD(1, SIZE, SIGN, EA, RES); \
+tcg_gen_movi_tl(ReV, UiV); \
+} while (0)
+
+#define fGEN_TCG_L4_loadrub_ap(SHORTCODE) \
+fGEN_TCG_LOAD_AP(RdV, 1, u)
+#define fGEN_TCG_L4_loadrb_ap(SHORTCODE) \
+fGEN_TCG_LOAD_AP(RdV, 1, s)
+#define fGEN_TCG_L4_loadruh_ap(SHORTCODE) \
+fGEN_TCG_LOAD_AP(RdV, 2, u)
+#define fGEN_TCG_L4_loadrh_ap(SHORTCODE) \
+fGEN_TCG_LOAD_AP(RdV, 2, s)
+#define fGEN_TCG_L4_loadri_ap(SHORTCODE) \
+fGEN_TCG_LOAD_AP(RdV, 4, u)
+#define fGEN_TCG_L4_loadrd_ap(SHORTCODE) \
+fGEN_TCG_LOAD_AP(RddV, 8, u)
+
+#define fGEN_TCG_L2_loadrub_pr(SHORTCODE)  SHORTCODE
+#define fGEN_TCG_L2_loadrub_pi(SHORTCODE)  SHORTCODE
+#define fGEN_TCG_L2_loadrb_pr(SHORTCODE)   SHORTCODE
+#define fGEN_TCG_L2_loadrb_pi(SHORTCODE)   SHORTCODE;
+#define fGEN_TCG_L2_loadruh_pr(SHORTCODE)  SHORTCODE
+#define fGEN_TCG_L2_loadruh_pi(SHORTCODE)  SHORTCODE;
+#define fGEN_TCG_L2_loadrh_pr(SHORTCODE)   SHORTCODE
+#define fGEN_TCG_L2_loadrh_pi(SHORTCODE)   SHORTCODE
+#define fGEN_TCG_L2_loadri_pr(SHORTCODE)   SHORTCODE
+#define fGEN_TCG_L2_loadri_pi(SHORTCODE)   SHORTCODE
+#define fGEN_TCG_L2_loadrd_pr(SHORTCODE)   SHORTCODE
+#define fGEN_TCG_L2_loadrd_pi(SHORTCODE)   SHORTCODE
+
+/*
+ * Predicated loads
+ * Here is a primer to understand the tag names
+ *
+ * Predicate used
+ *  ttrue "old" value  if (p0) r0 = memb(r2+#0)
+ *  ffalse "old" value if (!p0) r0 = memb(r2+#0)
+ *  tnew true "new" value  if (p0.new) r0 = memb(r2+#0)
+ *  fnew false "new" value if (!p0.new) r0 = 
memb(r2+#0)
+ */
+#define fGEN_TCG_PRED_LOAD(GET_EA, PRED, SIZE, SIGN) \
+do { \
+TCGv LSB = tcg_temp_local_new(); \
+TCGLabel *label = gen_new_label(); \
+GET_EA; \
+PRED;  \
+PRED_LOAD_CANCEL(LSB, EA); \
+tcg_gen_movi_tl(RdV, 0); \
+tcg_gen_brcondi_tl(TCG_COND_EQ, LSB, 0, label); \
+fLOAD(1, SIZ

[PATCH v7 28/35] Hexagon (target/hexagon) TCG for floating point instructions

2021-01-19 Thread Taylor Simpson

The imported code uses host floating point.  We override them
to use qemu softfloat

Signed-off-by: Taylor Simpson 
---
 target/hexagon/gen_tcg.h | 121 +++
 1 file changed, 121 insertions(+)

diff --git a/target/hexagon/gen_tcg.h b/target/hexagon/gen_tcg.h
index a8d9321..e044dea 100644
--- a/target/hexagon/gen_tcg.h
+++ b/target/hexagon/gen_tcg.h
@@ -195,4 +195,125 @@
 #define fGEN_TCG_S4_stored_locked(SHORTCODE) \
 do { SHORTCODE; READ_PREG(PdV, PdN); } while (0)
 
+/* Floating point */
+#define fGEN_TCG_F2_conv_sf2df(SHORTCODE) \
+gen_helper_conv_sf2df(RddV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_df2sf(SHORTCODE) \
+gen_helper_conv_df2sf(RdV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_uw2sf(SHORTCODE) \
+gen_helper_conv_uw2sf(RdV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_uw2df(SHORTCODE) \
+gen_helper_conv_uw2df(RddV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_w2sf(SHORTCODE) \
+gen_helper_conv_w2sf(RdV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_w2df(SHORTCODE) \
+gen_helper_conv_w2df(RddV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_ud2sf(SHORTCODE) \
+gen_helper_conv_ud2sf(RdV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_ud2df(SHORTCODE) \
+gen_helper_conv_ud2df(RddV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_d2sf(SHORTCODE) \
+gen_helper_conv_d2sf(RdV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_d2df(SHORTCODE) \
+gen_helper_conv_d2df(RddV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_sf2uw(SHORTCODE) \
+gen_helper_conv_sf2uw(RdV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_sf2w(SHORTCODE) \
+gen_helper_conv_sf2w(RdV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_sf2ud(SHORTCODE) \
+gen_helper_conv_sf2ud(RddV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_sf2d(SHORTCODE) \
+gen_helper_conv_sf2d(RddV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_df2uw(SHORTCODE) \
+gen_helper_conv_df2uw(RdV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_df2w(SHORTCODE) \
+gen_helper_conv_df2w(RdV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_df2ud(SHORTCODE) \
+gen_helper_conv_df2ud(RddV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_df2d(SHORTCODE) \
+gen_helper_conv_df2d(RddV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_sf2uw_chop(SHORTCODE) \
+gen_helper_conv_sf2uw_chop(RdV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_sf2w_chop(SHORTCODE) \
+gen_helper_conv_sf2w_chop(RdV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_sf2ud_chop(SHORTCODE) \
+gen_helper_conv_sf2ud_chop(RddV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_sf2d_chop(SHORTCODE) \
+gen_helper_conv_sf2d_chop(RddV, cpu_env, RsV)
+#define fGEN_TCG_F2_conv_df2uw_chop(SHORTCODE) \
+gen_helper_conv_df2uw_chop(RdV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_df2w_chop(SHORTCODE) \
+gen_helper_conv_df2w_chop(RdV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_df2ud_chop(SHORTCODE) \
+gen_helper_conv_df2ud_chop(RddV, cpu_env, RssV)
+#define fGEN_TCG_F2_conv_df2d_chop(SHORTCODE) \
+gen_helper_conv_df2d_chop(RddV, cpu_env, RssV)
+#define fGEN_TCG_F2_sfadd(SHORTCODE) \
+gen_helper_sfadd(RdV, cpu_env, RsV, RtV)
+#define fGEN_TCG_F2_sfsub(SHORTCODE) \
+gen_helper_sfsub(RdV, cpu_env, RsV, RtV)
+#define fGEN_TCG_F2_sfcmpeq(SHORTCODE) \
+gen_helper_sfcmpeq(PdV, cpu_env, RsV, RtV)
+#define fGEN_TCG_F2_sfcmpgt(SHORTCODE) \
+gen_helper_sfcmpgt(PdV, cpu_env, RsV, RtV)
+#define fGEN_TCG_F2_sfcmpge(SHORTCODE) \
+gen_helper_sfcmpge(PdV, cpu_env, RsV, RtV)
+#define fGEN_TCG_F2_sfcmpuo(SHORTCODE) \
+gen_helper_sfcmpuo(PdV, cpu_env, RsV, RtV)
+#define fGEN_TCG_F2_sfmax(SHORTCODE) \
+gen_helper_sfmax(RdV, cpu_env, RsV, RtV)
+#define fGEN_TCG_F2_sfmin(SHORTCODE) \
+gen_helper_sfmin(RdV, cpu_env, RsV, RtV)
+#define fGEN_TCG_F2_sfclass(SHORTCODE) \
+do { \
+TCGv imm = tcg_const_tl(uiV); \
+gen_helper_sfclass(PdV, cpu_env, RsV, imm); \
+tcg_temp_free(imm); \
+} while (0)
+#define fGEN_TCG_F2_sffixupn(SHORTCODE) \
+gen_helper_sffixupn(RdV, cpu_env, RsV, RtV)
+#define fGEN_TCG_F2_sffixupd(SHORTCODE) \
+gen_helper_sffixupd(RdV, cpu_env, RsV, RtV)
+#define fGEN_TCG_F2_sffixupr(SHORTCODE) \
+gen_helper_sffixupr(RdV, cpu_env, RsV)
+#define fGEN_TCG_F2_dfadd(SHORTCODE) \
+gen_helper_dfadd(RddV, cpu_env, RssV, RttV)
+#define fGEN_TCG_F2_dfsub(SHORTCODE) \
+gen_helper_dfsub(RddV, cpu_env, RssV, RttV)
+#define fGEN_TCG_F2_dfmax(SHORTCODE) \
+gen_helper_dfmax(RddV, cpu_env, RssV, RttV)
+#define fGEN_TCG_F2_dfmin(SHORTCODE) \
+gen_helper_dfmin(RddV, cpu_env, RssV, RttV)
+#define fGEN_TCG_F2_dfcmpeq(SHORTCODE) \
+gen_helper_dfcmpeq(PdV, cpu_env, RssV, RttV)
+#define fGEN_TCG_F2_dfcmpgt(SHORTCODE) \
+gen_helper_dfcmpgt(PdV, cpu_env, RssV, RttV)
+#define fGEN_TCG_F2_dfcmpge(SHORTCODE) \
+gen_helper_dfcmpge(PdV, cpu_env, RssV, RttV)
+#define fGEN_TCG_F2_dfcmpuo(SHORTCODE) \
+gen_helper_dfcmpuo(PdV, cpu_env, RssV, RttV)
+#define fGEN_TCG_F2_dfclass(SHORTCODE) \
+do { \
+TCGv imm = tcg_const_tl(uiV); \
+gen_helpe

[PATCH v7 35/35] Add Dockerfile for hexagon

2021-01-19 Thread Taylor Simpson

From: Alessandro Di Federico 

Signed-off-by: Alessandro Di Federico 
Tested-by: Taylor Simpson 
---
 .../debian-hexagon-cross-build-local.docker|  18 +++
 .../debian-hexagon-cross.build-toolchain.sh| 141 +
 .../docker/dockerfiles/debian-hexagon-cross.docker |   1 +
 tests/tcg/configure.sh |   4 +
 4 files changed, 164 insertions(+)
 create mode 100644 
tests/docker/dockerfiles/debian-hexagon-cross-build-local.docker
 create mode 100755 
tests/docker/dockerfiles/debian-hexagon-cross.build-toolchain.sh
 create mode 100644 tests/docker/dockerfiles/debian-hexagon-cross.docker

diff --git a/tests/docker/dockerfiles/debian-hexagon-cross-build-local.docker 
b/tests/docker/dockerfiles/debian-hexagon-cross-build-local.docker
new file mode 100644
index 000..355adbf
--- /dev/null
+++ b/tests/docker/dockerfiles/debian-hexagon-cross-build-local.docker
@@ -0,0 +1,18 @@
+FROM debian:10
+
+RUN apt update && \
+DEBIAN_FRONTEND=noninteractive \
+apt install -y --no-install-recommends \
+ca-certificates build-essential cmake clang lld ninja-build \
+   flex bison pkg-config wget python3 rsync
+
+ENV TOOLCHAIN_INSTALL /usr
+ENV ROOTFS /usr
+
+ENV LLVM_URL 
https://github.com/llvm/llvm-project/archive/3d8149c2a1228609fd7d7c91a04681304a2f0ca9.tar.gz
+ENV MUSL_URL 
https://github.com/quic/musl/archive/aff74b395fbf59cd7e93b3691905aa1af6c0778c.tar.gz
+ENV LINUX_URL https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.6.18.tar.xz
+
+COPY debian-hexagon-cross.build-toolchain.sh /root/hexagon-toolchain/
+
+RUN cd /root/hexagon-toolchain/ && ./debian-hexagon-cross.build-toolchain.sh 
&& cd / && rm -rf /root/hexagon-toolchain/
diff --git a/tests/docker/dockerfiles/debian-hexagon-cross.build-toolchain.sh 
b/tests/docker/dockerfiles/debian-hexagon-cross.build-toolchain.sh
new file mode 100755
index 000..a08c6cd
--- /dev/null
+++ b/tests/docker/dockerfiles/debian-hexagon-cross.build-toolchain.sh
@@ -0,0 +1,141 @@
+#!/bin/bash
+
+set -e
+
+BASE=$(readlink -f ${PWD})
+
+TOOLCHAIN_INSTALL=$(readlink -f "$TOOLCHAIN_INSTALL")
+ROOTFS=$(readlink -f "$ROOTFS")
+
+TOOLCHAIN_BIN=${TOOLCHAIN_INSTALL}/bin
+HEX_SYSROOT=${TOOLCHAIN_INSTALL}/hexagon-unknown-linux-musl
+HEX_TOOLS_TARGET_BASE=${HEX_SYSROOT}/usr
+
+function cdp() {
+  DIR="$1"
+  mkdir -p "$DIR"
+  cd "$DIR"
+}
+
+function fetch() {
+  DIR="$1"
+  URL="$2"
+  TEMP="$(readlink -f "$PWD/tmp.tar.gz")"
+  wget --quiet "$URL" -O "$TEMP"
+  cdp "$DIR"
+  tar xaf "$TEMP" --strip-components=1
+  rm "$TEMP"
+  cd -
+}
+
+build_llvm_clang() {
+  fetch "$BASE/llvm-project" "$LLVM_URL"
+  cdp "$BASE/build-llvm"
+
+  cmake -G Ninja \
+-DCMAKE_BUILD_TYPE=Release \
+-DCMAKE_INSTALL_PREFIX=${TOOLCHAIN_INSTALL} \
+-DLLVM_ENABLE_LLD=ON \
+-DLLVM_TARGETS_TO_BUILD="X86;Hexagon" \
+-DLLVM_ENABLE_PROJECTS="clang;lld" \
+"$BASE/llvm-project/llvm"
+  ninja all install
+  cd ${TOOLCHAIN_BIN}
+  ln -sf clang hexagon-unknown-linux-musl-clang
+  ln -sf clang++ hexagon-unknown-linux-musl-clang++
+  ln -sf llvm-ar hexagon-unknown-linux-musl-ar
+  ln -sf llvm-objdump hexagon-unknown-linux-musl-objdump
+  ln -sf llvm-objcopy hexagon-unknown-linux-musl-objcopy
+  ln -sf llvm-readelf hexagon-unknown-linux-musl-readelf
+  ln -sf llvm-ranlib hexagon-unknown-linux-musl-ranlib
+
+  # workaround for now:
+  cat < hexagon-unknown-linux-musl.cfg
+-G0 --sysroot=${HEX_SYSROOT}
+EOF
+}
+
+build_clang_rt() {
+  cdp "$BASE/build-clang_rt"
+  cmake -G Ninja \
+-DCMAKE_BUILD_TYPE=Release \
+-DLLVM_CONFIG_PATH="$BASE/build-llvm/bin/llvm-config" \
+-DCMAKE_ASM_FLAGS="-G0 -mlong-calls -fno-pic 
--target=hexagon-unknown-linux-musl " \
+-DCMAKE_SYSTEM_NAME=Linux \
+-DCMAKE_C_COMPILER="${TOOLCHAIN_BIN}/hexagon-unknown-linux-musl-clang" \
+-DCMAKE_ASM_COMPILER="${TOOLCHAIN_BIN}/hexagon-unknown-linux-musl-clang" \
+-DCMAKE_INSTALL_PREFIX=${HEX_TOOLS_TARGET_BASE} \
+-DCMAKE_CROSSCOMPILING=ON \
+-DCMAKE_C_COMPILER_FORCED=ON \
+-DCMAKE_CXX_COMPILER_FORCED=ON \
+-DCOMPILER_RT_BUILD_BUILTINS=ON \
+-DCOMPILER_RT_BUILTINS_ENABLE_PIC=OFF \
+-DCMAKE_SIZEOF_VOID_P=4 \
+-DCOMPILER_RT_OS_DIR= \
+-DCAN_TARGET_hexagon=1 \
+-DCAN_TARGET_x86_64=0 \
+-DCOMPILER_RT_SUPPORTED_ARCH=hexagon \
+-DLLVM_ENABLE_PROJECTS="compiler-rt" \
+"$BASE/llvm-project/compiler-rt"
+  ninja install-compiler-rt
+}
+
+build_musl_headers() {
+  fetch "$BASE/musl" "$MUSL_URL"
+  cd "$BASE/musl"
+  make clean
+  CC=${TOOLCHAIN_BIN}/hexagon-unknown-linux-musl-clang \
+CROSS_COMPILE=hexagon-unknown-linux-musl \
+LIBCC=${HEX_TOOLS_TARGET_BASE}/lib/libclang_rt.builtins-hexagon.a \
+CROSS_CFLAGS="-G0 -O0 -mv65 -fno-builtin -fno-rounding-math 
--target=hexagon-unknown-linux-musl" \
+./configure --target=hexagon --prefix=${HEX_TOOLS_TARGET_BASE}
+  PATH=${TOOLCHAIN_BIN}:$PATH make CROSS_COMPILE= install-headers
+
+  cd ${HEX_SYSROOT}/..
+  ln -sf hexagon-unknown-linux-musl hexagon
+}
+
+

[PATCH v7 20/35] Hexagon (target/hexagon) generator phase 2 - generate header files

2021-01-19 Thread Taylor Simpson

Python scripts generate the following files
helper_protos_generated.h
For each instruction we create DEF_HELPER function prototype
helper_funcs_generated.h
For each instruction we create the helper function definition
tcg_funcs_generated.h
For each instruction we create TCG code to generate call to helper
tcg_func_table_generated.h
Table of function pointers indexed by opcode
shortcode_generated.h
Generate a table of instruction "shortcode" semantics
opcodes_def_generated.h
Gives a list of all the opcodes
op_attribs_generated.h
Lists all the attributes associated with each instruction
op_regs_generated.h
Lists the register and immediate operands for each instruction
printinsn_generated.h
Data for printing (disassembling) each instruction (format
string + operands)

Signed-off-by: Taylor Simpson 
---
 target/hexagon/gen_helper_funcs.py   | 220 +++
 target/hexagon/gen_helper_protos.py  | 150 ++
 target/hexagon/gen_op_attribs.py |  40 +++
 target/hexagon/gen_op_regs.py| 111 
 target/hexagon/gen_opcodes_def.py|  37 +++
 target/hexagon/gen_printinsn.py  | 174 
 target/hexagon/gen_shortcode.py  |  63 +
 target/hexagon/gen_tcg_func_table.py |  58 
 target/hexagon/gen_tcg_funcs.py  | 532 +++
 target/hexagon/hex_common.py | 215 ++
 10 files changed, 1600 insertions(+)
 create mode 100755 target/hexagon/gen_helper_funcs.py
 create mode 100755 target/hexagon/gen_helper_protos.py
 create mode 100755 target/hexagon/gen_op_attribs.py
 create mode 100755 target/hexagon/gen_op_regs.py
 create mode 100755 target/hexagon/gen_opcodes_def.py
 create mode 100755 target/hexagon/gen_printinsn.py
 create mode 100755 target/hexagon/gen_shortcode.py
 create mode 100755 target/hexagon/gen_tcg_func_table.py
 create mode 100755 target/hexagon/gen_tcg_funcs.py
 create mode 100755 target/hexagon/hex_common.py

diff --git a/target/hexagon/gen_helper_funcs.py 
b/target/hexagon/gen_helper_funcs.py
new file mode 100755
index 000..2b1c5d8
--- /dev/null
+++ b/target/hexagon/gen_helper_funcs.py
@@ -0,0 +1,220 @@
+#!/usr/bin/env python3
+
+##
+##  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+##
+##  This program is free software; you can redistribute it and/or modify
+##  it under the terms of the GNU General Public License as published by
+##  the Free Software Foundation; either version 2 of the License, or
+##  (at your option) any later version.
+##
+##  This program is distributed in the hope that it will be useful,
+##  but WITHOUT ANY WARRANTY; without even the implied warranty of
+##  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+##  GNU General Public License for more details.
+##
+##  You should have received a copy of the GNU General Public License
+##  along with this program; if not, see .
+##
+
+import sys
+import re
+import string
+import hex_common
+
+##
+## Helpers for gen_helper_function
+##
+def gen_decl_ea(f):
+f.write("uint32_t EA;\n")
+
+def gen_helper_return_type(f,regtype,regid,regno):
+if regno > 1 : f.write(", ")
+f.write("int32_t")
+
+def gen_helper_return_type_pair(f,regtype,regid,regno):
+if regno > 1 : f.write(", ")
+f.write("int64_t")
+
+def gen_helper_arg(f,regtype,regid,regno):
+if regno > 0 : f.write(", " )
+f.write("int32_t %s%sV" % (regtype,regid))
+
+def gen_helper_arg_new(f,regtype,regid,regno):
+if regno >= 0 : f.write(", " )
+f.write("int32_t %s%sN" % (regtype,regid))
+
+def gen_helper_arg_pair(f,regtype,regid,regno):
+if regno >= 0 : f.write(", ")
+f.write("int64_t %s%sV" % (regtype,regid))
+
+def gen_helper_arg_opn(f,regtype,regid,i,tag):
+if (hex_common.is_pair(regid)):
+gen_helper_arg_pair(f,regtype,regid,i)
+elif (hex_common.is_single(regid)):
+if hex_common.is_old_val(regtype, regid, tag):
+gen_helper_arg(f,regtype,regid,i)
+elif hex_common.is_new_val(regtype, regid, tag):
+gen_helper_arg_new(f,regtype,regid,i)
+else:
+print("Bad register parse: ",regtype,regid,toss,numregs)
+else:
+print("Bad register parse: ",regtype,regid,toss,numregs)
+
+def gen_helper_arg_imm(f,immlett):
+f.write(", int32_t %s" % (hex_common.imm_name(immlett)))
+
+def gen_helper_dest_decl(f,regtype,regid,regno,subfield=""):
+f.write("int32_t %s%sV%s = 0;\n" % \
+(regtype,regid,subfield))
+
+def gen_helper_dest_decl_pair(f,regtype,regid,regno,subfield=""):
+f.write("int64_t %s%sV%s = 0;\n" % \
+(regtype,regid,subfield))
+
+def gen_helper_dest_decl_opn(f,regtype,regid,i):
+if (hex_common.is_pair(regid)):
+gen_helper_dest_decl_pair(f,regtype,regid,i)
+elif (hex_common.is_single(regid)):
+gen_helper_dest_decl(f,regty

[PATCH v7 24/35] Hexagon (target/hexagon) macros

2021-01-19 Thread Taylor Simpson

macros to interface with the generator
macros referenced in instruction semantics

Signed-off-by: Taylor Simpson 
---
 target/hexagon/macros.h | 591 
 1 file changed, 591 insertions(+)
 create mode 100644 target/hexagon/macros.h

diff --git a/target/hexagon/macros.h b/target/hexagon/macros.h
new file mode 100644
index 000..8cadc12
--- /dev/null
+++ b/target/hexagon/macros.h
@@ -0,0 +1,591 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_MACROS_H
+#define HEXAGON_MACROS_H
+
+#include "cpu.h"
+#include "hex_regs.h"
+#include "reg_fields.h"
+
+#ifdef QEMU_GENERATE
+#define READ_REG(dest, NUM)  gen_read_reg(dest, NUM)
+#define READ_PREG(dest, NUM) gen_read_preg(dest, (NUM))
+#else
+#define READ_REG(NUM)(env->gpr[(NUM)])
+#define READ_PREG(NUM)   (env->pred[NUM])
+
+#define WRITE_RREG(NUM, VAL) log_reg_write(env, NUM, VAL, slot)
+#define WRITE_PREG(NUM, VAL) log_pred_write(env, NUM, VAL)
+#endif
+
+#define PCALIGN 4
+#define PCALIGN_MASK (PCALIGN - 1)
+
+#define GET_FIELD(FIELD, REGIN) \
+fEXTRACTU_BITS(REGIN, reg_field_info[FIELD].width, \
+   reg_field_info[FIELD].offset)
+
+#ifdef QEMU_GENERATE
+#define GET_USR_FIELD(FIELD, DST) \
+tcg_gen_extract_tl(DST, hex_gpr[HEX_REG_USR], \
+   reg_field_info[FIELD].offset, \
+   reg_field_info[FIELD].width)
+
+#define TYPE_INT(X)  __builtin_types_compatible_p(typeof(X), int)
+#define TYPE_TCGV(X) __builtin_types_compatible_p(typeof(X), TCGv)
+#define TYPE_TCGV_I64(X) __builtin_types_compatible_p(typeof(X), TCGv_i64)
+
+#define SET_USR_FIELD_FUNC(X) \
+__builtin_choose_expr(TYPE_INT(X), \
+gen_set_usr_fieldi, \
+__builtin_choose_expr(TYPE_TCGV(X), \
+gen_set_usr_field, (void)0))
+#define SET_USR_FIELD(FIELD, VAL) \
+SET_USR_FIELD_FUNC(VAL)(FIELD, VAL)
+#else
+#define GET_USR_FIELD(FIELD) \
+fEXTRACTU_BITS(env->gpr[HEX_REG_USR], reg_field_info[FIELD].width, \
+   reg_field_info[FIELD].offset)
+
+#define SET_USR_FIELD(FIELD, VAL) \
+fINSERT_BITS(env->gpr[HEX_REG_USR], reg_field_info[FIELD].width, \
+ reg_field_info[FIELD].offset, (VAL))
+#endif
+
+#ifdef QEMU_GENERATE
+/*
+ * Section 5.5 of the Hexagon V67 Programmer's Reference Manual
+ *
+ * Slot 1 store with slot 0 load
+ * A slot 1 store operation with a slot 0 load operation can appear in a 
packet.
+ * The packet attribute :mem_noshuf inhibits the instruction reordering that
+ * would otherwise be done by the assembler. For example:
+ * {
+ * memw(R5) = R2 // slot 1 store
+ * R3 = memh(R6) // slot 0 load
+ * }:mem_noshuf
+ * Unlike most packetized operations, these memory operations are not executed
+ * in parallel (Section 3.3.1). Instead, the store instruction in Slot 1
+ * effectively executes first, followed by the load instruction in Slot 0. If
+ * the addresses of the two operations are overlapping, the load will receive
+ * the newly stored data. This feature is supported in processor versions
+ * V65 or greater.
+ *
+ *
+ * For qemu, we look for a load in slot 0 when there is  a store in slot 1
+ * in the same packet.  When we see this, we call a helper that merges the
+ * bytes from the store buffer with the value loaded from memory.
+ */
+#define CHECK_NOSHUF \
+do { \
+if (insn->slot == 0 && pkt->pkt_has_store_s1) { \
+process_store(ctx, 1); \
+} \
+} while (0)
+
+#define MEM_LOAD1s(DST, VA) \
+do { \
+CHECK_NOSHUF; \
+tcg_gen_qemu_ld8s(DST, VA, ctx->mem_idx); \
+} while (0)
+#define MEM_LOAD1u(DST, VA) \
+do { \
+CHECK_NOSHUF; \
+tcg_gen_qemu_ld8u(DST, VA, ctx->mem_idx); \
+} while (0)
+#define MEM_LOAD2s(DST, VA) \
+do { \
+CHECK_NOSHUF; \
+tcg_gen_qemu_ld16s(DST, VA, ctx->mem_idx); \
+} while (0)
+#define MEM_LOAD2u(DST, VA) \
+do { \
+CHECK_NOSHUF; \
+tcg_gen_qemu_ld16u(DST, VA, ctx->mem_idx); \
+} while (0)
+#define MEM_LOAD4s(DST, VA) \
+do { \
+CHECK_NOSHUF; \
+tcg_gen_qemu_ld32s(DST, VA, ctx->mem_idx); \
+} w

[PATCH v7 19/35] Hexagon (target/hexagon) generator phase 1 - C preprocessor for semantics

2021-01-19 Thread Taylor Simpson

Run the C preprocessor across the instruction definition files and macro
definition file to expand macros and prepare the semantics_generated.pyinc
file.  The resulting file contains one entry with the semantics for each
instruction and one line with the instruction attributes associated with
each macro.

Signed-off-by: Taylor Simpson 
Reviewed-by: Philippe Mathieu-Daudé http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * This program generates the semantics file that is processed by
+ * the do_qemu.py script.  We use the C preporcessor to manipulate the
+ * files imported from the Hexagon architecture library.
+ */
+
+#include 
+#define STRINGIZE(X) #X
+
+int main(int argc, char *argv[])
+{
+FILE *outfile;
+
+if (argc != 2) {
+fprintf(stderr, "Usage: gen_semantics ouptputfile\n");
+return 1;
+}
+outfile = fopen(argv[1], "w");
+if (outfile == NULL) {
+fprintf(stderr, "Cannot open %s for writing\n", argv[1]);
+return 1;
+}
+
+/*
+ * Process the instruction definitions
+ * Scalar core instructions have the following form
+ * Q6INSN(A2_add,"Rd32=add(Rs32,Rt32)",ATTRIBS(),
+ * "Add 32-bit registers",
+ * { RdV=RsV+RtV;})
+ */
+#define Q6INSN(TAG, BEH, ATTRIBS, DESCR, SEM) \
+do { \
+fprintf(outfile, "SEMANTICS( \\\n" \
+ "\"%s\", \\\n" \
+ "%s, \\\n" \
+ "\"\"\"%s\"\"\" \\\n" \
+ ")\n", \
+#TAG, STRINGIZE(BEH), STRINGIZE(SEM)); \
+fprintf(outfile, "ATTRIBUTES( \\\n" \
+ "\"%s\", \\\n" \
+ "\"%s\" \\\n" \
+ ")\n", \
+#TAG, STRINGIZE(ATTRIBS)); \
+} while (0);
+#include "imported/allidefs.def"
+#undef Q6INSN
+
+/*
+ * Process the macro definitions
+ * Macros definitions have the following form
+ * DEF_MACRO(
+ * fLSBNEW0,
+ * predlog_read(thread,0),
+ * ()
+ * )
+ * The important part here is the attributes.  Whenever an instruction
+ * invokes a macro, we add the macro's attributes to the instruction.
+ */
+#define DEF_MACRO(MNAME, BEH, ATTRS) \
+fprintf(outfile, "MACROATTRIB( \\\n" \
+ "\"%s\", \\\n" \
+ "\"\"\"%s\"\"\", \\\n" \
+ "\"%s\" \\\n" \
+ ")\n", \
+#MNAME, STRINGIZE(BEH), STRINGIZE(ATTRS));
+#include "imported/macros.def"
+#undef DEF_MACRO
+
+fclose(outfile);
+return 0;
+}
-- 
2.7.4

[PATCH v7 05/35] Hexagon (disas) disassembler

2021-01-19 Thread Taylor Simpson

Add hexagon to disas/meson.build
Add disas/hexagon.c
Add hexagon to include/disas/dis-asm.h

Signed-off-by: Taylor Simpson 
Tested-by: Philippe Mathieu-Daudé http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * QEMU Hexagon Disassembler
+ */
+
+#include "qemu/osdep.h"
+#include "disas/dis-asm.h"
+#include "target/hexagon/cpu_bits.h"
+
+/*
+ * We will disassemble a packet with up to 4 instructions, so we need
+ * a hefty size buffer.
+ */
+#define PACKET_BUFFER_LEN   1028
+
+int print_insn_hexagon(bfd_vma memaddr, struct disassemble_info *info)
+{
+uint32_t words[PACKET_WORDS_MAX];
+bool found_end = false;
+GString *buf = g_string_sized_new(PACKET_BUFFER_LEN);
+int i, len;
+
+for (i = 0; i < PACKET_WORDS_MAX && !found_end; i++) {
+int status = (*info->read_memory_func)(memaddr + i * sizeof(uint32_t),
+   (bfd_byte *)&words[i],
+   sizeof(uint32_t), info);
+if (status) {
+if (i > 0) {
+break;
+}
+(*info->memory_error_func)(status, memaddr, info);
+return status;
+}
+if (is_packet_end(words[i])) {
+found_end = true;
+}
+}
+
+if (!found_end) {
+(*info->fprintf_func)(info->stream, "");
+return PACKET_WORDS_MAX * sizeof(uint32_t);
+}
+
+len = disassemble_hexagon(words, i, memaddr, buf);
+(*info->fprintf_func)(info->stream, "%s", buf->str);
+g_string_free(buf, true);
+
+return len;
+}
diff --git a/disas/meson.build b/disas/meson.build
index 09a8527..b7b659b 100644
--- a/disas/meson.build
+++ b/disas/meson.build
@@ -6,6 +6,7 @@ common_ss.add(when: 'CONFIG_ARM_A64_DIS', if_true: 
files('arm-a64.cc'))
 common_ss.add_all(when: 'CONFIG_ARM_A64_DIS', if_true: libvixl_ss)
 common_ss.add(when: 'CONFIG_ARM_DIS', if_true: files('arm.c'))
 common_ss.add(when: 'CONFIG_CRIS_DIS', if_true: files('cris.c'))
+common_ss.add(when: 'CONFIG_HEXAGON_DIS', if_true: files('hexagon.c'))
 common_ss.add(when: 'CONFIG_HPPA_DIS', if_true: files('hppa.c'))
 common_ss.add(when: 'CONFIG_I386_DIS', if_true: files('i386.c'))
 common_ss.add(when: 'CONFIG_LM32_DIS', if_true: files('lm32.c'))
-- 
2.7.4

[PATCH v7 17/35] Hexagon (target/hexagon/fma_emu.[ch]) utility functions

2021-01-19 Thread Taylor Simpson

Signed-off-by: Taylor Simpson 
---
 target/hexagon/fma_emu.h |  37 +++
 target/hexagon/fma_emu.c | 702 +++
 2 files changed, 739 insertions(+)
 create mode 100644 target/hexagon/fma_emu.h
 create mode 100644 target/hexagon/fma_emu.c

diff --git a/target/hexagon/fma_emu.h b/target/hexagon/fma_emu.h
new file mode 100644
index 000..c3896c9
--- /dev/null
+++ b/target/hexagon/fma_emu.h
@@ -0,0 +1,37 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_FMA_EMU_H
+#define HEXAGON_FMA_EMU_H
+
+static inline bool is_finite(float64 x)
+{
+return !float64_is_any_nan(x) && !float64_is_infinity(x);
+}
+
+extern int32_t float64_getexp(float64 f64);
+extern int32_t float32_getexp(float32 f32);
+extern float32 infinite_float32(uint8_t sign);
+extern float32 internal_fmafx(float32 a, float32 b, float32 c,
+  int scale, float_status *fp_status);
+extern float32 internal_mpyf(float32 a, float32 b,
+ float_status *fp_status);
+extern float64 internal_mpyhh(float64 a, float64 b,
+  unsigned long long int accumulated,
+  float_status *fp_status);
+
+#endif
diff --git a/target/hexagon/fma_emu.c b/target/hexagon/fma_emu.c
new file mode 100644
index 000..842d903
--- /dev/null
+++ b/target/hexagon/fma_emu.c
@@ -0,0 +1,702 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/int128.h"
+#include "fpu/softfloat.h"
+#include "macros.h"
+#include "conv_emu.h"
+#include "fma_emu.h"
+
+#define DF_INF_EXP 0x7ff
+#define DF_BIAS1023
+#define DF_MANTBITS52
+#define DF_NAN 0xULL
+#define DF_INF 0x7ff0ULL
+#define DF_MINUS_INF   0xfff0ULL
+#define DF_MAXF0x7fefULL
+#define DF_MINUS_MAXF  0xffefULL
+
+#define SF_INF_EXP 0xff
+#define SF_BIAS127
+#define SF_MANTBITS23
+#define SF_INF 0x7f80
+#define SF_MINUS_INF   0xff80
+#define SF_MAXF0x7f7f
+#define SF_MINUS_MAXF  0xff7f
+
+#define HF_INF_EXP 0x1f
+#define HF_BIAS 15
+
+#define WAY_BIG_EXP 4096
+
+typedef union {
+double f;
+uint64_t i;
+struct {
+uint64_t mant:52;
+uint64_t exp:11;
+uint64_t sign:1;
+};
+} Double;
+
+typedef union {
+float f;
+uint32_t i;
+struct {
+uint32_t mant:23;
+uint32_t exp:8;
+uint32_t sign:1;
+};
+} Float;
+
+static inline uint64_t float64_getmant(float64 f64)
+{
+Double a = { .i = f64 };
+if (float64_is_normal(f64)) {
+return a.mant | 1ULL << 52;
+}
+if (float64_is_zero(f64)) {
+return 0;
+}
+if (float64_is_denormal(f64)) {
+return a.mant;
+}
+return ~0ULL;
+}
+
+int32_t float64_getexp(float64 f64)
+{
+Double a = { .i = f64 };
+if (float64_is_normal(f64)) {
+return a.exp;
+}
+if (float64_is_denormal(f64)) {
+return a.exp + 1;
+}
+return -1;
+}
+
+static inline uint64_t float32_getmant(float32 f32)
+{
+Float a = { .i = f32 };
+if (float32_is_normal(f32)) {
+return a.mant | 1ULL << 23;
+}
+if (float32_is_zero(f32)) {
+return 0;
+}
+if (float32_is_denormal(f32)) {
+return a.mant;
+}
+return ~0ULL;
+}
+
+int32_t float32_getexp(float32 f32)
+{
+Float a = { .i = f32 };
+if (float32_is_normal(f32)) {
+return a.exp;
+}
+if (float32_is_denormal(f32))

[PATCH v7 22/35] Hexagon (target/hexagon) generater phase 4 - decode tree

2021-01-19 Thread Taylor Simpson

Python script that emits the decode tree in dectree_generated.h.

Signed-off-by: Taylor Simpson 
---
 target/hexagon/dectree.py | 351 ++
 1 file changed, 351 insertions(+)
 create mode 100755 target/hexagon/dectree.py

diff --git a/target/hexagon/dectree.py b/target/hexagon/dectree.py
new file mode 100755
index 000..29467ec
--- /dev/null
+++ b/target/hexagon/dectree.py
@@ -0,0 +1,351 @@
+#!/usr/bin/env python3
+
+##
+##  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+##
+##  This program is free software; you can redistribute it and/or modify
+##  it under the terms of the GNU General Public License as published by
+##  the Free Software Foundation; either version 2 of the License, or
+##  (at your option) any later version.
+##
+##  This program is distributed in the hope that it will be useful,
+##  but WITHOUT ANY WARRANTY; without even the implied warranty of
+##  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+##  GNU General Public License for more details.
+##
+##  You should have received a copy of the GNU General Public License
+##  along with this program; if not, see .
+##
+
+import io
+import re
+
+import sys
+import iset
+
+encs = {tag : ''.join(reversed(iset.iset[tag]['enc'].replace(' ', '')))
+for tag in iset.tags if iset.iset[tag]['enc'] != 'MISSING ENCODING'}
+
+enc_classes = set([iset.iset[tag]['enc_class'] for tag in encs.keys()])
+subinsn_enc_classes = \
+set([enc_class for enc_class in enc_classes \
+if enc_class.startswith('SUBINSN_')])
+ext_enc_classes = \
+set([enc_class for enc_class in enc_classes \
+if enc_class not in ('NORMAL', '16BIT') and \
+   not enc_class.startswith('SUBINSN_')])
+
+try:
+subinsn_groupings = iset.subinsn_groupings
+except AttributeError:
+subinsn_groupings = {}
+
+for (tag, subinsn_grouping) in subinsn_groupings.items():
+encs[tag] = ''.join(reversed(subinsn_grouping['enc'].replace(' ', '')))
+
+dectree_normal = {'leaves' : set()}
+dectree_16bit = {'leaves' : set()}
+dectree_subinsn_groupings = {'leaves' : set()}
+dectree_subinsns = {name : {'leaves' : set()} for name in subinsn_enc_classes}
+dectree_extensions = {name : {'leaves' : set()} for name in ext_enc_classes}
+
+for tag in encs.keys():
+if tag in subinsn_groupings:
+dectree_subinsn_groupings['leaves'].add(tag)
+continue
+enc_class = iset.iset[tag]['enc_class']
+if enc_class.startswith('SUBINSN_'):
+if len(encs[tag]) != 32:
+encs[tag] = encs[tag] + '0' * (32 - len(encs[tag]))
+dectree_subinsns[enc_class]['leaves'].add(tag)
+elif  enc_class == '16BIT':
+if len(encs[tag]) != 16:
+raise Exception('Tag "{}" has enc_class "{}" and not an encoding ' 
+
+'width of 16 bits!'.format(tag, enc_class))
+dectree_16bit['leaves'].add(tag)
+else:
+if len(encs[tag]) != 32:
+raise Exception('Tag "{}" has enc_class "{}" and not an encoding ' 
+
+'width of 32 bits!'.format(tag, enc_class))
+if enc_class == 'NORMAL':
+dectree_normal['leaves'].add(tag)
+else:
+dectree_extensions[enc_class]['leaves'].add(tag)
+
+faketags = set()
+for (tag, enc) in iset.enc_ext_spaces.items():
+faketags.add(tag)
+encs[tag] = ''.join(reversed(enc.replace(' ', '')))
+dectree_normal['leaves'].add(tag)
+
+faketags |= set(subinsn_groupings.keys())
+
+def every_bit_counts(bitset):
+for i in range(1, len(next(iter(bitset:
+if len(set([bits[:i] + bits[i+1:] for bits in bitset])) == len(bitset):
+return False
+return True
+
+def auto_separate(node):
+tags = node['leaves']
+if len(tags) <= 1:
+return
+enc_width = len(encs[next(iter(tags))])
+opcode_bit_for_all = \
+[all([encs[tag][i] in '01' \
+for tag in tags]) for i in range(enc_width)]
+opcode_bit_is_0_for_all = \
+[opcode_bit_for_all[i] and all([encs[tag][i] == '0' \
+for tag in tags]) for i in range(enc_width)]
+opcode_bit_is_1_for_all = \
+[opcode_bit_for_all[i] and all([encs[tag][i] == '1' \
+for tag in tags]) for i in range(enc_width)]
+differentiator_opcode_bit = \
+[opcode_bit_for_all[i] and \
+ not (opcode_bit_is_0_for_all[i] or \
+ opcode_bit_is_1_for_all[i]) \
+for i in range(enc_width)]
+best_width = 0
+for width in range(4, 0, -1):
+for lsb in range(enc_width - width, -1, -1):
+bitset = set([encs[tag][lsb:lsb+width] for tag in tags])
+if all(differentiator_opcode_bit[lsb:lsb+width]) and \
+(len(bitset) == len(tags) or every_bit_counts(bitset)):
+best_width = width
+best_lsb = lsb
+caught_all_tags = len(bitset) == len(tags)
+

[PATCH v7 12/35] Hexagon (target/hexagon) instruction attributes

2021-01-19 Thread Taylor Simpson

Signed-off-by: Taylor Simpson 
---
 target/hexagon/attribs.h | 30 ++
 target/hexagon/attribs_def.h | 95 
 2 files changed, 125 insertions(+)
 create mode 100644 target/hexagon/attribs.h
 create mode 100644 target/hexagon/attribs_def.h

diff --git a/target/hexagon/attribs.h b/target/hexagon/attribs.h
new file mode 100644
index 000..e88e5eb
--- /dev/null
+++ b/target/hexagon/attribs.h
@@ -0,0 +1,30 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_ATTRIBS_H
+#define HEXAGON_ATTRIBS_H
+
+enum {
+#define DEF_ATTRIB(NAME, ...) A_##NAME,
+#include "attribs_def.h"
+#undef DEF_ATTRIB
+};
+
+#define GET_ATTRIB(opcode, attrib) \
+test_bit(attrib, opcode_attribs[opcode])
+
+#endif /* ATTRIBS_H */
diff --git a/target/hexagon/attribs_def.h b/target/hexagon/attribs_def.h
new file mode 100644
index 000..f4fcd20
--- /dev/null
+++ b/target/hexagon/attribs_def.h
@@ -0,0 +1,95 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+/* Keep this as the first attribute: */
+DEF_ATTRIB(AA_DUMMY, "Dummy Zeroth Attribute", "", "")
+
+/* Misc */
+DEF_ATTRIB(EXTENSION, "Extension instruction", "", "")
+
+DEF_ATTRIB(PRIV, "Not available in user or guest mode", "", "")
+DEF_ATTRIB(GUEST, "Not available in user mode", "", "")
+
+DEF_ATTRIB(FPOP, "Floating Point Operation", "", "")
+
+DEF_ATTRIB(EXTENDABLE, "Immediate may be extended", "", "")
+
+DEF_ATTRIB(ARCHV2, "V2 architecture", "", "")
+DEF_ATTRIB(ARCHV3, "V3 architecture", "", "")
+DEF_ATTRIB(ARCHV4, "V4 architecture", "", "")
+DEF_ATTRIB(ARCHV5, "V5 architecture", "", "")
+
+DEF_ATTRIB(SUBINSN, "sub-instruction", "", "")
+
+/* Load and Store attributes */
+DEF_ATTRIB(LOAD, "Loads from memory", "", "")
+DEF_ATTRIB(STORE, "Stores to memory", "", "")
+DEF_ATTRIB(MEMLIKE, "Memory-like instruction", "", "")
+DEF_ATTRIB(MEMLIKE_PACKET_RULES, "follows Memory-like packet rules", "", "")
+
+
+/* Change-of-flow attributes */
+DEF_ATTRIB(JUMP, "Jump-type instruction", "", "")
+DEF_ATTRIB(INDIRECT, "Absolute register jump", "", "")
+DEF_ATTRIB(CALL, "Function call instruction", "", "")
+DEF_ATTRIB(COF, "Change-of-flow instruction", "", "")
+DEF_ATTRIB(CONDEXEC, "May be cancelled by a predicate", "", "")
+DEF_ATTRIB(DOTNEWVALUE, "Uses a register value generated in this pkt", "", "")
+DEF_ATTRIB(NEWCMPJUMP, "Compound compare and jump", "", "")
+
+/* access to implicit registers */
+DEF_ATTRIB(IMPLICIT_WRITES_LR, "Writes the link register", "", "UREG.LR")
+DEF_ATTRIB(IMPLICIT_WRITES_SP, "Writes the stack pointer", "", "UREG.SP")
+DEF_ATTRIB(IMPLICIT_WRITES_FP, "Writes the frame pointer", "", "UREG.FP")
+DEF_ATTRIB(IMPLICIT_WRITES_LC0, "Writes loop count for loop 0", "", "UREG.LC0")
+DEF_ATTRIB(IMPLICIT_WRITES_LC1, "Writes loop count for loop 1", "", "UREG.LC1")
+DEF_ATTRIB(IMPLICIT_WRITES_SA0, "Writes start addr for loop 0", "", "UREG.SA0")
+DEF_ATTRIB(IMPLICIT_WRITES_SA1, "Writes start addr for loop 1", "", "UREG.SA1")
+DEF_ATTRIB(IMPLICIT_WRITES_P0, "Writes Predicate 0", "", "UREG.P0")
+DEF_ATTRIB(IMPLICIT_WRITES_P1, "Writes Predicate 1", "", "UREG.P1")
+DEF_ATTRIB(IMPLICIT_WRITES_P2, "Writes Predicate 1", "", "UREG.P2")
+DEF_ATTRIB(IMPLICIT_WRITES_P3, "May write Predicate 3", "", "UREG.P3")
+
+DEF_ATTRIB(CRSLOT23, "Can execute in slot 2 or slot 3 (CR)", "", "")
+DEF_ATTRIB(IT_NOP, "nop instruction", "", "")
+DEF_ATTRIB(IT_EXTENDER, "constant extender instruction", "", "")
+
+
+/* Restrictions to make note of */
+DEF_ATTRIB(RESTRICT_SLOT0ONLY, "Must execute on slot0", "", "")
+DEF_ATTRIB(RESTRICT_SLO

[PATCH v7 32/35] Hexagon (tests/tcg/hexagon) TCG tests - atomics/load/store/misc

2021-01-19 Thread Taylor Simpson

---
 tests/tcg/hexagon/atomics.c   | 139 ++
 tests/tcg/hexagon/dual_stores.c   |  60 ++
 tests/tcg/hexagon/mem_noshuf.c| 328 
 tests/tcg/hexagon/misc.c  | 380 ++
 tests/tcg/hexagon/preg_alias.c| 169 +
 tests/tcg/hexagon/Makefile.target |  15 ++
 tests/tcg/hexagon/first.S |  56 ++
 7 files changed, 1147 insertions(+)
 create mode 100644 tests/tcg/hexagon/atomics.c
 create mode 100644 tests/tcg/hexagon/dual_stores.c
 create mode 100644 tests/tcg/hexagon/mem_noshuf.c
 create mode 100644 tests/tcg/hexagon/misc.c
 create mode 100644 tests/tcg/hexagon/preg_alias.c
 create mode 100644 tests/tcg/hexagon/first.S

diff --git a/tests/tcg/hexagon/atomics.c b/tests/tcg/hexagon/atomics.c
new file mode 100644
index 000..ff1ceee
--- /dev/null
+++ b/tests/tcg/hexagon/atomics.c
@@ -0,0 +1,139 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* Using volatile because we are testing atomics */
+static inline int atomic_inc32(volatile int *x)
+{
+int old, dummy;
+__asm__ __volatile__(
+"1: %0 = memw_locked(%2)\n\t"
+"   %1 = add(%0, #1)\n\t"
+"   memw_locked(%2, p0) = %1\n\t"
+"   if (!p0) jump 1b\n\t"
+: "=&r"(old), "=&r"(dummy)
+: "r"(x)
+: "p0", "memory");
+return old;
+}
+
+/* Using volatile because we are testing atomics */
+static inline long long atomic_inc64(volatile long long *x)
+{
+long long old, dummy;
+__asm__ __volatile__(
+"1: %0 = memd_locked(%2)\n\t"
+"   %1 = #1\n\t"
+"   %1 = add(%0, %1)\n\t"
+"   memd_locked(%2, p0) = %1\n\t"
+"   if (!p0) jump 1b\n\t"
+: "=&r"(old), "=&r"(dummy)
+: "r"(x)
+: "p0", "memory");
+return old;
+}
+
+/* Using volatile because we are testing atomics */
+static inline int atomic_dec32(volatile int *x)
+{
+int old, dummy;
+__asm__ __volatile__(
+"1: %0 = memw_locked(%2)\n\t"
+"   %1 = add(%0, #-1)\n\t"
+"   memw_locked(%2, p0) = %1\n\t"
+"   if (!p0) jump 1b\n\t"
+: "=&r"(old), "=&r"(dummy)
+: "r"(x)
+: "p0", "memory");
+return old;
+}
+
+/* Using volatile because we are testing atomics */
+static inline long long atomic_dec64(volatile long long *x)
+{
+long long old, dummy;
+__asm__ __volatile__(
+"1: %0 = memd_locked(%2)\n\t"
+"   %1 = #-1\n\t"
+"   %1 = add(%0, %1)\n\t"
+"   memd_locked(%2, p0) = %1\n\t"
+"   if (!p0) jump 1b\n\t"
+: "=&r"(old), "=&r"(dummy)
+: "r"(x)
+: "p0", "memory");
+return old;
+}
+
+#define LOOP_CNT 1000
+/* Using volatile because we are testing atomics */
+volatile int tick32 = 1;
+/* Using volatile because we are testing atomics */
+volatile long long tick64 = 1;
+int err;
+
+void *thread1_func(void *arg)
+{
+int i;
+
+for (i = 0; i < LOOP_CNT; i++) {
+atomic_inc32(&tick32);
+atomic_dec64(&tick64);
+}
+return NULL;
+}
+
+void *thread2_func(void *arg)
+{
+int i;
+for (i = 0; i < LOOP_CNT; i++) {
+atomic_dec32(&tick32);
+atomic_inc64(&tick64);
+}
+return NULL;
+}
+
+void test_pthread(void)
+{
+pthread_t tid1, tid2;
+
+pthread_create(&tid1, NULL, thread1_func, "hello1");
+pthread_create(&tid2, NULL, thread2_func, "hello2");
+pthread_join(tid1, NULL);
+pthread_join(tid2, NULL);
+
+if (tick32 != 1) {
+printf("ERROR: tick32 %d != 1\n", tick32);
+err++;
+}
+if (tick64 != 1) {
+printf("ERROR: tick64 %lld != 1\n", tick64);
+err++;
+}
+}
+
+int main(int argc, char **argv)
+{
+test_pthread();
+puts(err ? "FAIL" : "PASS");
+return err;
+}
diff --git a/tests/tcg/hexagon/dual_stores.c b/tests/tcg/hexagon/dual_stores.c
new file mode 100644
index 000..a86a381
--- /dev/null
+++ b/tests/tcg/hexagon/dual_stores.c
@@ -0,0 +1,60 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Publi

[PATCH v7 10/35] Hexagon (target/hexagon) instruction and packet types

2021-01-19 Thread Taylor Simpson

The insn_t and packet_t are the interface between instruction decoding and
TCG code generation

Signed-off-by: Taylor Simpson 
---
 target/hexagon/insn.h | 74 +++
 1 file changed, 74 insertions(+)
 create mode 100644 target/hexagon/insn.h

diff --git a/target/hexagon/insn.h b/target/hexagon/insn.h
new file mode 100644
index 000..5756a1d
--- /dev/null
+++ b/target/hexagon/insn.h
@@ -0,0 +1,74 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_INSN_H
+#define HEXAGON_INSN_H
+
+#include "cpu.h"
+
+#define INSTRUCTIONS_MAX 7/* 2 pairs + loopend */
+#define REG_OPERANDS_MAX 5
+#define IMMEDS_MAX 2
+
+struct Instruction;
+struct Packet;
+struct DisasContext;
+
+typedef void (*SemanticInsn)(CPUHexagonState *env,
+ struct DisasContext *ctx,
+ struct Instruction *insn,
+ struct Packet *pkt);
+
+struct Instruction {
+SemanticInsn generate;/* pointer to genptr routine */
+uint8_t regno[REG_OPERANDS_MAX];/* reg operands including predicates */
+uint16_t opcode;
+
+uint32_t iclass:6;
+uint32_t slot:3;
+uint32_t part1:1;/*
+  * cmp-jumps are split into two insns.
+  * set for the compare and clear for the jump
+  */
+uint32_t extension_valid:1;   /* Has a constant extender attached */
+uint32_t which_extended:1;/* If has an extender, which immediate */
+uint32_t is_endloop:1;   /* This is an end of loop */
+uint32_t new_value_producer_slot:4;
+int32_t immed[IMMEDS_MAX];/* immediate field */
+};
+
+typedef struct Instruction Insn;
+
+struct Packet {
+uint16_t num_insns;
+uint16_t encod_pkt_size_in_bytes;
+
+/* Pre-decodes about COF */
+uint32_t pkt_has_cof:1;  /* Has any change-of-flow */
+uint32_t pkt_has_endloop:1;
+
+uint32_t pkt_has_dczeroa:1;
+
+uint32_t pkt_has_store_s0:1;
+uint32_t pkt_has_store_s1:1;
+
+Insn insn[INSTRUCTIONS_MAX];
+};
+
+typedef struct Packet Packet;
+
+#endif
-- 
2.7.4

[PATCH v7 09/35] Hexagon (target/hexagon) architecture types

2021-01-19 Thread Taylor Simpson

Define types used in files imported from the Hexagon architecture library

Signed-off-by: Taylor Simpson 
---
 target/hexagon/hex_arch_types.h | 38 ++
 1 file changed, 38 insertions(+)
 create mode 100644 target/hexagon/hex_arch_types.h

diff --git a/target/hexagon/hex_arch_types.h b/target/hexagon/hex_arch_types.h
new file mode 100644
index 000..d721e1f
--- /dev/null
+++ b/target/hexagon/hex_arch_types.h
@@ -0,0 +1,38 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_ARCH_TYPES_H
+#define HEXAGON_ARCH_TYPES_H
+
+#include "qemu/osdep.h"
+#include "qemu/int128.h"
+
+/*
+ * These types are used by the code imported from the Hexagon
+ * architecture library.
+ */
+typedef uint8_t size1u_t;
+typedef int8_t  size1s_t;
+typedef uint16_tsize2u_t;
+typedef int16_t size2s_t;
+typedef uint32_tsize4u_t;
+typedef int32_t size4s_t;
+typedef uint64_tsize8u_t;
+typedef int64_t size8s_t;
+typedef Int128  size16s_t;
+
+#endif
-- 
2.7.4

[PATCH v7 23/35] Hexagon (target/hexagon) opcode data structures

2021-01-19 Thread Taylor Simpson

Signed-off-by: Taylor Simpson 
---
 target/hexagon/opcodes.h |  63 +
 target/hexagon/opcodes.c | 142 +++
 2 files changed, 205 insertions(+)
 create mode 100644 target/hexagon/opcodes.h
 create mode 100644 target/hexagon/opcodes.c

diff --git a/target/hexagon/opcodes.h b/target/hexagon/opcodes.h
new file mode 100644
index 000..9d38687
--- /dev/null
+++ b/target/hexagon/opcodes.h
@@ -0,0 +1,63 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_OPCODES_H
+#define HEXAGON_OPCODES_H
+
+#include "qemu/bitmap.h"
+#include "attribs.h"
+
+typedef enum {
+#define OPCODE(IID) IID
+#include "opcodes_def_generated.h"
+XX_LAST_OPCODE
+#undef OPCODE
+} Opcode;
+
+typedef enum {
+NORMAL,
+HALF,
+SUBINSN_A,
+SUBINSN_L1,
+SUBINSN_L2,
+SUBINSN_S1,
+SUBINSN_S2,
+EXT_noext,
+EXT_mmvec,
+XX_LAST_ENC_CLASS
+} EncClass;
+
+extern const char * const opcode_names[];
+
+extern const char * const opcode_reginfo[];
+extern const char * const opcode_rregs[];
+extern const char * const opcode_wregs[];
+
+typedef struct {
+const char * const encoding;
+const EncClass enc_class;
+} OpcodeEncoding;
+
+extern const OpcodeEncoding opcode_encodings[XX_LAST_OPCODE];
+
+extern DECLARE_BITMAP(opcode_attribs[XX_LAST_OPCODE], A_ZZ_LASTATTRIB);
+
+extern void opcode_init(void);
+
+extern int opcode_which_immediate_is_extended(Opcode opcode);
+
+#endif
diff --git a/target/hexagon/opcodes.c b/target/hexagon/opcodes.c
new file mode 100644
index 000..ba41450
--- /dev/null
+++ b/target/hexagon/opcodes.c
@@ -0,0 +1,142 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+/*
+ * opcodes.c
+ *
+ * data tables generated automatically
+ * Maybe some functions too
+ */
+
+#include "qemu/osdep.h"
+#include "opcodes.h"
+#include "decode.h"
+
+#define VEC_DESCR(A, B, C) DESCR(A, B, C)
+#define DONAME(X) #X
+
+const char * const opcode_names[] = {
+#define OPCODE(IID) DONAME(IID)
+#include "opcodes_def_generated.h"
+NULL
+#undef OPCODE
+};
+
+const char * const opcode_reginfo[] = {
+#define IMMINFO(TAG, SIGN, SIZE, SHAMT, SIGN2, SIZE2, SHAMT2)/* nothing */
+#define REGINFO(TAG, REGINFO, RREGS, WREGS) REGINFO,
+#include "op_regs_generated.h"
+NULL
+#undef REGINFO
+#undef IMMINFO
+};
+
+
+const char * const opcode_rregs[] = {
+#define IMMINFO(TAG, SIGN, SIZE, SHAMT, SIGN2, SIZE2, SHAMT2)/* nothing */
+#define REGINFO(TAG, REGINFO, RREGS, WREGS) RREGS,
+#include "op_regs_generated.h"
+NULL
+#undef REGINFO
+#undef IMMINFO
+};
+
+
+const char * const opcode_wregs[] = {
+#define IMMINFO(TAG, SIGN, SIZE, SHAMT, SIGN2, SIZE2, SHAMT2)/* nothing */
+#define REGINFO(TAG, REGINFO, RREGS, WREGS) WREGS,
+#include "op_regs_generated.h"
+NULL
+#undef REGINFO
+#undef IMMINFO
+};
+
+const char * const opcode_short_semantics[] = {
+#define DEF_SHORTCODE(TAG, SHORTCODE)  [TAG] = #SHORTCODE,
+#include "shortcode_generated.h"
+#undef DEF_SHORTCODE
+NULL
+};
+
+DECLARE_BITMAP(opcode_attribs[XX_LAST_OPCODE], A_ZZ_LASTATTRIB);
+
+static void init_attribs(int tag, ...)
+{
+va_list ap;
+int attr;
+va_start(ap, tag);
+while ((attr = va_arg(ap, int)) != 0) {
+set_bit(attr, opcode_attribs[tag]);
+}
+}
+
+const OpcodeEncoding opcode_encodings[] = {
+#define DEF_ENC32(OPCODE, ENCSTR) \
+[OPCODE] = { .encoding = ENCSTR },
+
+#define DEF_ENC_SUBINSN(OPCODE, CLASS, ENCSTR) \
+[OPCODE] = { .encoding = ENCSTR, .enc_class = CLASS },
+
+#define DEF_EXT_ENC(OPCODE, CLASS, ENCSTR)

[PATCH v7 21/35] Hexagon (target/hexagon) generator phase 3 - C preprocessor for decode tree

2021-01-19 Thread Taylor Simpson

Run the C preprocessor across the instruction definition and encoding
files to expand macros and prepare the iset.py file.  The resulting
fill contains python data structures used to build the decode tree.

Signed-off-by: Taylor Simpson 
Reviewed-by: Philippe Mathieu-Daudé http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * This program generates the encodings file that is processed by
+ * the dectree.py script to produce the decoding tree.  We use the C
+ * preprocessor to manipulate the files imported from the Hexagon
+ * architecture library.
+ */
+#include "qemu/osdep.h"
+#include "opcodes.h"
+
+#define STRINGIZE(X)#X
+
+const char * const opcode_names[] = {
+#define OPCODE(IID) STRINGIZE(IID)
+#include "opcodes_def_generated.h"
+NULL
+#undef OPCODE
+};
+
+/*
+ * Process the instruction definitions
+ * Scalar core instructions have the following form
+ * Q6INSN(A2_add,"Rd32=add(Rs32,Rt32)",ATTRIBS(),
+ * "Add 32-bit registers",
+ * { RdV=RsV+RtV;})
+ */
+const char * const opcode_syntax[XX_LAST_OPCODE] = {
+#define Q6INSN(TAG, BEH, ATTRIBS, DESCR, SEM) \
+   [TAG] = BEH,
+#define EXTINSN(TAG, BEH, ATTRIBS, DESCR, SEM) \
+   [TAG] = BEH,
+#include "imported/allidefs.def"
+#undef Q6INSN
+#undef EXTINSN
+};
+
+const char * const opcode_rregs[] = {
+#define REGINFO(TAG, REGINFO, RREGS, WREGS) RREGS,
+#define IMMINFO(TAG, SIGN, SIZE, SHAMT, SIGN2, SIZE2, SHAMT2)  /* nothing */
+#include "op_regs_generated.h"
+NULL
+#undef REGINFO
+#undef IMMINFO
+};
+
+const char * const opcode_wregs[] = {
+#define REGINFO(TAG, REGINFO, RREGS, WREGS) WREGS,
+#define IMMINFO(TAG, SIGN, SIZE, SHAMT, SIGN2, SIZE2, SHAMT2)  /* nothing */
+#include "op_regs_generated.h"
+NULL
+#undef REGINFO
+#undef IMMINFO
+};
+
+const OpcodeEncoding opcode_encodings[] = {
+#define DEF_ENC32(TAG, ENCSTR) \
+[TAG] = { .encoding = ENCSTR },
+#define DEF_ENC_SUBINSN(TAG, CLASS, ENCSTR) \
+[TAG] = { .encoding = ENCSTR, .enc_class = CLASS },
+#define DEF_EXT_ENC(TAG, CLASS, ENCSTR) \
+[TAG] = { .encoding = ENCSTR, .enc_class = CLASS },
+#include "imported/encode.def"
+#undef DEF_ENC32
+#undef DEF_ENC_SUBINSN
+#undef DEF_EXT_ENC
+};
+
+static const char * const opcode_enc_class_names[XX_LAST_ENC_CLASS] = {
+"NORMAL",
+"16BIT",
+"SUBINSN_A",
+"SUBINSN_L1",
+"SUBINSN_L2",
+"SUBINSN_S1",
+"SUBINSN_S2",
+"EXT_noext",
+"EXT_mmvec",
+};
+
+static const char *get_opcode_enc(int opcode)
+{
+const char *tmp = opcode_encodings[opcode].encoding;
+if (tmp == NULL) {
+tmp = "MISSING ENCODING";
+}
+return tmp;
+}
+
+static const char *get_opcode_enc_class(int opcode)
+{
+return opcode_enc_class_names[opcode_encodings[opcode].enc_class];
+}
+
+static void gen_iset_table(FILE *out)
+{
+int i;
+
+fprintf(out, "iset = {\n");
+for (i = 0; i < XX_LAST_OPCODE; i++) {
+fprintf(out, "\t\'%s\' : {\n", opcode_names[i]);
+fprintf(out, "\t\t\'tag\' : \'%s\',\n", opcode_names[i]);
+fprintf(out, "\t\t\'syntax\' : \'%s\',\n", opcode_syntax[i]);
+fprintf(out, "\t\t\'rregs\' : \'%s\',\n", opcode_rregs[i]);
+fprintf(out, "\t\t\'wregs\' : \'%s\',\n", opcode_wregs[i]);
+fprintf(out, "\t\t\'enc\' : \'%s\',\n", get_opcode_enc(i));
+fprintf(out, "\t\t\'enc_class\' : \'%s\',\n", get_opcode_enc_class(i));
+fprintf(out, "\t},\n");
+}
+fprintf(out, "};\n\n");
+}
+
+static void gen_tags_list(FILE *out)
+{
+int i;
+
+fprintf(out, "tags = [\n");
+for (i = 0; i < XX_LAST_OPCODE; i++) {
+fprintf(out, "\t\'%s\',\n", opcode_names[i]);
+}
+fprintf(out, "];\n\n");
+}
+
+static void gen_enc_ext_spaces_table(FILE *out)
+{
+fprintf(out, "enc_ext_spaces = {\n");
+#define DEF_EXT_SPACE(SPACEID, ENCSTR) \
+fprintf(out, "\t\'%s\' : \'%s\',\n", #SPACEID, ENCSTR);
+#include "imported/encode.def"
+#undef DEF_EXT_SPACE
+fprintf(out, "};\n\n");
+}
+
+static void gen_subinsn_groupings_table(FILE *out)
+{
+fprintf(out, "subinsn_groupings = {\n");
+#define DEF_PACKED32(TAG, TYPEA, TYPEB, ENCSTR) \
+do { \
+fprintf(out, "\t\'%s\' : {\n", #TAG); \
+fprintf(out, "\t\t\'name\' : \'%s\',\n", #TAG); \
+fprintf(out, "\t\t\'class_a\' : \'%s\',\n", #TYPEA); \
+fprintf(out, "\t\t\'class_b\' : \'%s\',\n", #TYPEB); \
+fprintf(out, "\t\t\'enc\' : \'%s\',\n", ENCSTR); \
+fprintf(out, "\t},\n"); \
+} while (0);
+#include "imported/encode.def"
+#undef DEF_PACKED32
+fprintf(out, "};\n\n");
+}
+
+int main(int argc, char *argv[])
+{
+FILE *outfile;
+
+if (argc != 2) {
+fprintf(stderr, "Usage: gen_dectree_import ouptputfile\n");
+return 1;
+}
+outfile = fopen(argv[1], "w");
+if (outfile == NULL) {
+fprintf(stderr, "Cannot open %s for writing\n", argv[1]);
+return 1;
+}
+
+gen_iset_table(outfile);
+gen_tags_list(outfile);
+gen_enc_ext_spaces_table(outfile);
+gen_subins

[PATCH v7 14/35] Hexagon (target/hexagon) instruction printing

2021-01-19 Thread Taylor Simpson

Signed-off-by: Taylor Simpson 
Reviewed-by: Philippe Mathieu-Daudé http://www.gnu.org/licenses/>.
+ */
+
+#ifndef HEXAGON_PRINTINSN_H
+#define HEXAGON_PRINTINSN_H
+
+#include "qemu/osdep.h"
+#include "insn.h"
+
+extern void snprint_a_pkt_disas(GString *buf, Packet *pkt, uint32_t *words,
+target_ulong pc);
+extern void snprint_a_pkt_debug(GString *buf, Packet *pkt);
+
+#endif
diff --git a/target/hexagon/printinsn.c b/target/hexagon/printinsn.c
new file mode 100644
index 000..9a716b1
--- /dev/null
+++ b/target/hexagon/printinsn.c
@@ -0,0 +1,146 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "opcodes.h"
+#include "printinsn.h"
+#include "insn.h"
+#include "reg_fields.h"
+#include "internal.h"
+
+static const char *sreg2str(unsigned int reg)
+{
+if (reg < TOTAL_PER_THREAD_REGS) {
+return hexagon_regnames[reg];
+} else {
+return "???";
+}
+}
+
+static const char *creg2str(unsigned int reg)
+{
+return sreg2str(reg + HEX_REG_SA0);
+}
+
+static void snprintinsn(GString *buf, Insn *insn)
+{
+switch (insn->opcode) {
+#define DEF_VECX_PRINTINFO(TAG, FMT, ...) DEF_PRINTINFO(TAG, FMT, __VA_ARGS__)
+#define DEF_PRINTINFO(TAG, FMT, ...) \
+case TAG: \
+g_string_append_printf(buf, FMT, __VA_ARGS__); \
+break;
+#include "printinsn_generated.h"
+#undef DEF_VECX_PRINTINFO
+#undef DEF_PRINTINFO
+}
+}
+
+void snprint_a_pkt_disas(GString *buf, Packet *pkt, uint32_t *words,
+ target_ulong pc)
+{
+bool has_endloop0 = false;
+bool has_endloop1 = false;
+bool has_endloop01 = false;
+
+for (int i = 0; i < pkt->num_insns; i++) {
+if (pkt->insn[i].part1) {
+continue;
+}
+
+/* We'll print the endloop's at the end of the packet */
+if (pkt->insn[i].opcode == J2_endloop0) {
+has_endloop0 = true;
+continue;
+}
+if (pkt->insn[i].opcode == J2_endloop1) {
+has_endloop1 = true;
+continue;
+}
+if (pkt->insn[i].opcode == J2_endloop01) {
+has_endloop01 = true;
+continue;
+}
+
+g_string_append_printf(buf, "0x" TARGET_FMT_lx "\t", words[i]);
+
+if (i == 0) {
+g_string_append(buf, "{");
+}
+
+g_string_append(buf, "\t");
+snprintinsn(buf, &(pkt->insn[i]));
+
+if (i < pkt->num_insns - 1) {
+/*
+ * Subinstructions are two instructions encoded
+ * in the same word. Print them on the same line.
+ */
+if (GET_ATTRIB(pkt->insn[i].opcode, A_SUBINSN)) {
+g_string_append(buf, "; ");
+snprintinsn(buf, &(pkt->insn[i + 1]));
+i++;
+} else if (pkt->insn[i + 1].opcode != J2_endloop0 &&
+   pkt->insn[i + 1].opcode != J2_endloop1 &&
+   pkt->insn[i + 1].opcode != J2_endloop01) {
+pc += 4;
+g_string_append_printf(buf, "\n0x" TARGET_FMT_lx ":  ", pc);
+}
+}
+}
+g_string_append(buf, " }");
+if (has_endloop0) {
+g_string_append(buf, "  :endloop0");
+}
+if (has_endloop1) {
+g_string_append(buf, "  :endloop1");
+}
+if (has_endloop01) {
+g_string_append(buf, "  :endloop01");
+}
+}
+
+void snprint_a_pkt_debug(GString *buf, Packet *pkt)
+{
+int slot, opcode;
+
+if (pkt->num_insns > 1) {
+g_string_append(buf, "\n{\n");
+}
+
+for (int i = 0; i < pkt->num_insns; i++) {
+if (pkt->insn[i].part1) {
+continue;
+}
+g_string_append(buf, "\t");
+snprintinsn(buf, &(pkt->insn[i]));
+
+if (GET_ATTRIB(pkt->insn[i].opcode, A_SUBINSN)) {
+g_string_append(buf, " //subinsn");
+}
+if (pkt->insn[i].extension_valid) {
+g_string_append(buf, " //constant extended");
+}
+slot = pkt->insn[i].slot;
+opcode = pkt->insn[i].opcode;
+g_string_append_printf(buf, " //slot=%d:tag=%s\n",
+   slot, opcode_names[opcode]);
+}
+if (pkt->num_insns > 1) {
+g_string_append(buf

[PATCH v7 34/35] Hexagon build infrastructure

2021-01-19 Thread Taylor Simpson

Add file to default-configs
Add hexagon to meson.build
Add hexagon to target/meson.build
Add target/hexagon/meson.build
Change scripts/qemu-binfmt-conf.sh

We can build a hexagon-linux-user target and run programs on the Hexagon
scalar core.  With hexagon-linux-clang installed, "make check-tcg" will
pass.

Signed-off-by: Taylor Simpson 
---
 default-configs/targets/hexagon-linux-user.mak |   1 +
 meson.build|   1 +
 scripts/qemu-binfmt-conf.sh|   6 +-
 target/hexagon/meson.build | 187 +
 target/meson.build |   1 +
 5 files changed, 195 insertions(+), 1 deletion(-)
 create mode 100644 default-configs/targets/hexagon-linux-user.mak
 create mode 100644 target/hexagon/meson.build

diff --git a/default-configs/targets/hexagon-linux-user.mak 
b/default-configs/targets/hexagon-linux-user.mak
new file mode 100644
index 000..003ed0a
--- /dev/null
+++ b/default-configs/targets/hexagon-linux-user.mak
@@ -0,0 +1 @@
+TARGET_ARCH=hexagon
diff --git a/meson.build b/meson.build
index 3d88985..1cc6823 100644
--- a/meson.build
+++ b/meson.build
@@ -1156,6 +1156,7 @@ disassemblers = {
   'arm' : ['CONFIG_ARM_DIS'],
   'avr' : ['CONFIG_AVR_DIS'],
   'cris' : ['CONFIG_CRIS_DIS'],
+  'hexagon' : ['CONFIG_HEXAGON_DIS'],
   'hppa' : ['CONFIG_HPPA_DIS'],
   'i386' : ['CONFIG_I386_DIS'],
   'x86_64' : ['CONFIG_I386_DIS'],
diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
index 9f1580a..7b5d54b 100755
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -4,7 +4,7 @@
 qemu_target_list="i386 i486 alpha arm armeb sparc sparc32plus sparc64 \
 ppc ppc64 ppc64le m68k mips mipsel mipsn32 mipsn32el mips64 mips64el \
 sh4 sh4eb s390x aarch64 aarch64_be hppa riscv32 riscv64 xtensa xtensaeb \
-microblaze microblazeel or1k x86_64"
+microblaze microblazeel or1k x86_64 hexagon"
 
 
i386_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00'
 
i386_mask='\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
@@ -136,6 +136,10 @@ 
or1k_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\
 
or1k_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
 or1k_family=or1k
 
+hexagon_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xa4\x00'
+hexagon_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
+hexagon_family=hexagon
+
 qemu_get_family() {
 cpu=${HOST_ARCH:-$(uname -m)}
 case "$cpu" in
diff --git a/target/hexagon/meson.build b/target/hexagon/meson.build
new file mode 100644
index 000..48adab5
--- /dev/null
+++ b/target/hexagon/meson.build
@@ -0,0 +1,187 @@
+##
+##  Copyright(c) 2020-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+##
+##  This program is free software; you can redistribute it and/or modify
+##  it under the terms of the GNU General Public License as published by
+##  the Free Software Foundation; either version 2 of the License, or
+##  (at your option) any later version.
+##
+##  This program is distributed in the hope that it will be useful,
+##  but WITHOUT ANY WARRANTY; without even the implied warranty of
+##  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+##  GNU General Public License for more details.
+##
+##  You should have received a copy of the GNU General Public License
+##  along with this program; if not, see .
+##
+
+hexagon_ss = ss.source_set()
+
+prog_python = import('python').find_installation('python3')
+
+hex_common_py = 'hex_common.py'
+attribs_def_h = meson.current_source_dir() / 'attribs_def.h'
+gen_tcg_h = meson.current_source_dir() / 'gen_tcg.h'
+
+#
+#  Step 1
+#  We use a C program to create semantics_generated.pyinc
+#
+gen_semantics = executable('gen_semantics', 'gen_semantics.c')
+
+semantics = custom_target(
+'semantics_generated.pyinc',
+output: 'semantics_generated.pyinc',
+input: gen_semantics,
+command: ['@INPUT@', '@OUTPUT@'],
+)
+hexagon_ss.add(semantics)
+
+#
+# Step 2
+# We use Python scripts to generate the following files
+# shortcode_generated.h
+# helper_protos_generated.h
+# tcg_funcs_generated.h
+# tcg_func_table_generated.h
+# helper_funcs_generated.h
+# printinsn_generated.h
+# op_regs_generated.h
+# op_attribs_generated.h
+# opcodes_def_generated.h
+#
+shortcode_h = custom_target(
+'shortcode_generated.h',
+output: 'shortcode_generated.h',
+input: 'gen_shortcode.py',
+depends: [semantics],
+depend_files: [hex_common_py, attribs_def_h],
+command: [prog_python, '@INPUT@', semantics, attribs_def_h, '@OUTPUT@'],
+)
+hexagon_ss.add(shortcode_h)
+
+helper_protos_h = custom_target(
+'helper_protos_generated.h',
+output: 'helper_protos_generated.h',
+input: 'gen_helper_protos.py',
+depends: [semantics]

[PATCH v7 07/35] Hexagon (target/hexagon) scalar core helpers

2021-01-19 Thread Taylor Simpson

The majority of helpers are generated.  Define the helper functions needed
then include the generated file

Signed-off-by: Taylor Simpson 
---
 target/hexagon/helper.h|   85 
 target/hexagon/op_helper.c | 1066 
 2 files changed, 1151 insertions(+)
 create mode 100644 target/hexagon/helper.h
 create mode 100644 target/hexagon/op_helper.c

diff --git a/target/hexagon/helper.h b/target/hexagon/helper.h
new file mode 100644
index 000..a3ed06d
--- /dev/null
+++ b/target/hexagon/helper.h
@@ -0,0 +1,85 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_RETURN, noreturn, env, i32)
+DEF_HELPER_1(debug_start_packet, void, env)
+DEF_HELPER_FLAGS_3(debug_check_store_width, TCG_CALL_NO_WG, void, env, int, 
int)
+DEF_HELPER_2(commit_store, void, env, int)
+DEF_HELPER_FLAGS_3(debug_commit_end, TCG_CALL_NO_WG, void, env, int, int)
+DEF_HELPER_FLAGS_4(fcircadd, TCG_CALL_NO_RWG_SE, s32, s32, s32, s32, s32)
+
+/* Floating point */
+DEF_HELPER_2(conv_sf2df, f64, env, f32)
+DEF_HELPER_2(conv_df2sf, f32, env, f64)
+DEF_HELPER_2(conv_uw2sf, f32, env, s32)
+DEF_HELPER_2(conv_uw2df, f64, env, s32)
+DEF_HELPER_2(conv_w2sf, f32, env, s32)
+DEF_HELPER_2(conv_w2df, f64, env, s32)
+DEF_HELPER_2(conv_ud2sf, f32, env, s64)
+DEF_HELPER_2(conv_ud2df, f64, env, s64)
+DEF_HELPER_2(conv_d2sf, f32, env, s64)
+DEF_HELPER_2(conv_d2df, f64, env, s64)
+DEF_HELPER_2(conv_sf2uw, s32, env, f32)
+DEF_HELPER_2(conv_sf2w, s32, env, f32)
+DEF_HELPER_2(conv_sf2ud, s64, env, f32)
+DEF_HELPER_2(conv_sf2d, s64, env, f32)
+DEF_HELPER_2(conv_df2uw, s32, env, f64)
+DEF_HELPER_2(conv_df2w, s32, env, f64)
+DEF_HELPER_2(conv_df2ud, s64, env, f64)
+DEF_HELPER_2(conv_df2d, s64, env, f64)
+DEF_HELPER_2(conv_sf2uw_chop, s32, env, f32)
+DEF_HELPER_2(conv_sf2w_chop, s32, env, f32)
+DEF_HELPER_2(conv_sf2ud_chop, s64, env, f32)
+DEF_HELPER_2(conv_sf2d_chop, s64, env, f32)
+DEF_HELPER_2(conv_df2uw_chop, s32, env, f64)
+DEF_HELPER_2(conv_df2w_chop, s32, env, f64)
+DEF_HELPER_2(conv_df2ud_chop, s64, env, f64)
+DEF_HELPER_2(conv_df2d_chop, s64, env, f64)
+DEF_HELPER_3(sfadd, f32, env, f32, f32)
+DEF_HELPER_3(sfsub, f32, env, f32, f32)
+DEF_HELPER_3(sfcmpeq, s32, env, f32, f32)
+DEF_HELPER_3(sfcmpgt, s32, env, f32, f32)
+DEF_HELPER_3(sfcmpge, s32, env, f32, f32)
+DEF_HELPER_3(sfcmpuo, s32, env, f32, f32)
+DEF_HELPER_3(sfmax, f32, env, f32, f32)
+DEF_HELPER_3(sfmin, f32, env, f32, f32)
+DEF_HELPER_3(sfclass, s32, env, f32, s32)
+DEF_HELPER_3(sffixupn, f32, env, f32, f32)
+DEF_HELPER_3(sffixupd, f32, env, f32, f32)
+DEF_HELPER_2(sffixupr, f32, env, f32)
+
+DEF_HELPER_3(dfadd, f64, env, f64, f64)
+DEF_HELPER_3(dfsub, f64, env, f64, f64)
+DEF_HELPER_3(dfmax, f64, env, f64, f64)
+DEF_HELPER_3(dfmin, f64, env, f64, f64)
+DEF_HELPER_3(dfcmpeq, s32, env, f64, f64)
+DEF_HELPER_3(dfcmpgt, s32, env, f64, f64)
+DEF_HELPER_3(dfcmpge, s32, env, f64, f64)
+DEF_HELPER_3(dfcmpuo, s32, env, f64, f64)
+DEF_HELPER_3(dfclass, s32, env, f64, s32)
+
+DEF_HELPER_3(sfmpy, f32, env, f32, f32)
+DEF_HELPER_4(sffma, f32, env, f32, f32, f32)
+DEF_HELPER_5(sffma_sc, f32, env, f32, f32, f32, f32)
+DEF_HELPER_4(sffms, f32, env, f32, f32, f32)
+DEF_HELPER_4(sffma_lib, f32, env, f32, f32, f32)
+DEF_HELPER_4(sffms_lib, f32, env, f32, f32, f32)
+
+DEF_HELPER_3(dfmpyfix, f64, env, f64, f64)
+DEF_HELPER_4(dfmpyhh, f64, env, f64, f64, f64)
+
+#include "helper_protos_generated.h"
diff --git a/target/hexagon/op_helper.c b/target/hexagon/op_helper.c
new file mode 100644
index 000..5186dd1
--- /dev/null
+++ b/target/hexagon/op_helper.c
@@ -0,0 +1,1066 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General

[PATCH v7 11/35] Hexagon (target/hexagon) register fields

2021-01-19 Thread Taylor Simpson

Declare bitfields within registers such as user status register (USR)

Signed-off-by: Taylor Simpson 
---
 target/hexagon/reg_fields.h | 36 
 target/hexagon/reg_fields_def.h | 41 +
 target/hexagon/reg_fields.c | 27 +++
 3 files changed, 104 insertions(+)
 create mode 100644 target/hexagon/reg_fields.h
 create mode 100644 target/hexagon/reg_fields_def.h
 create mode 100644 target/hexagon/reg_fields.c

diff --git a/target/hexagon/reg_fields.h b/target/hexagon/reg_fields.h
new file mode 100644
index 000..34c8010
--- /dev/null
+++ b/target/hexagon/reg_fields.h
@@ -0,0 +1,36 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_REG_FIELDS_H
+#define HEXAGON_REG_FIELDS_H
+
+typedef struct {
+int offset;
+int width;
+} RegField;
+
+extern const RegField reg_field_info[];
+
+enum {
+#define DEF_REG_FIELD(TAG, START, WIDTH) \
+TAG,
+#include "reg_fields_def.h"
+NUM_REG_FIELDS
+#undef DEF_REG_FIELD
+};
+
+#endif
diff --git a/target/hexagon/reg_fields_def.h b/target/hexagon/reg_fields_def.h
new file mode 100644
index 000..f2a58d4
--- /dev/null
+++ b/target/hexagon/reg_fields_def.h
@@ -0,0 +1,41 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+/*
+ * For registers that have individual fields, explain them here
+ *   DEF_REG_FIELD(tag,
+ * bit start offset,
+ * width
+ */
+
+/* USR fields */
+DEF_REG_FIELD(USR_OVF,0, 1)
+DEF_REG_FIELD(USR_FPINVF, 1, 1)
+DEF_REG_FIELD(USR_FPDBZF, 2, 1)
+DEF_REG_FIELD(USR_FPOVFF, 3, 1)
+DEF_REG_FIELD(USR_FPUNFF, 4, 1)
+DEF_REG_FIELD(USR_FPINPF, 5, 1)
+
+DEF_REG_FIELD(USR_LPCFG,  8, 2)
+
+DEF_REG_FIELD(USR_FPRND, 22, 2)
+
+DEF_REG_FIELD(USR_FPINVE,25, 1)
+DEF_REG_FIELD(USR_FPDBZE,26, 1)
+DEF_REG_FIELD(USR_FPOVFE,27, 1)
+DEF_REG_FIELD(USR_FPUNFE,28, 1)
+DEF_REG_FIELD(USR_FPINPE,29, 1)
diff --git a/target/hexagon/reg_fields.c b/target/hexagon/reg_fields.c
new file mode 100644
index 000..1819b5a
--- /dev/null
+++ b/target/hexagon/reg_fields.c
@@ -0,0 +1,27 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "reg_fields.h"
+
+const RegField reg_field_info[] = {
+#define DEF_REG_FIELD(TAG, START, WIDTH)\
+  { START, WIDTH },
+#include "reg_fields_def.h"
+  { 0, 0 }
+#undef DEF_REG_FIELD
+};
-- 
2.7.4

[PATCH v7 13/35] Hexagon (target/hexagon) instruction/packet decode

2021-01-19 Thread Taylor Simpson

Take the words from instruction memory and build a packet_t for TCG code
generation

The following operations are performed
Convert the .new encoded offset to the register number of the producer
Reorder the packet so .new producer is before consumer
Apply constant extenders
Separate subinsn's into two instructions
Break compare-jumps into two instructions
Create instructions for :endloop

Signed-off-by: Taylor Simpson 
---
 target/hexagon/decode.h |  32 +++
 target/hexagon/decode.c | 588 
 target/hexagon/q6v_decode.c | 385 +
 3 files changed, 1005 insertions(+)
 create mode 100644 target/hexagon/decode.h
 create mode 100644 target/hexagon/decode.c
 create mode 100644 target/hexagon/q6v_decode.c

diff --git a/target/hexagon/decode.h b/target/hexagon/decode.h
new file mode 100644
index 000..16028a9
--- /dev/null
+++ b/target/hexagon/decode.h
@@ -0,0 +1,32 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_DECODE_H
+#define HEXAGON_DECODE_H
+
+#include "cpu.h"
+#include "opcodes.h"
+#include "insn.h"
+
+extern void decode_init(void);
+
+extern void decode_send_insn_to(Packet *packet, int start, int newloc);
+
+extern int decode_packet(int max_words, const uint32_t *words, Packet *pkt,
+ bool disas_only);
+
+#endif
diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c
new file mode 100644
index 000..1de6a6e
--- /dev/null
+++ b/target/hexagon/decode.c
@@ -0,0 +1,588 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "iclass.h"
+#include "opcodes.h"
+#include "genptr.h"
+#include "decode.h"
+#include "insn.h"
+#include "printinsn.h"
+
+#define fZXTN(N, M, VAL) ((VAL) & ((1LL << (N)) - 1))
+
+enum {
+EXT_IDX_noext = 0,
+EXT_IDX_noext_AFTER = 4,
+EXT_IDX_mmvec = 4,
+EXT_IDX_mmvec_AFTER = 8,
+XX_LAST_EXT_IDX
+};
+
+/*
+ *  Certain operand types represent a non-contiguous set of values.
+ *  For example, the compound compare-and-jump instruction can only access
+ *  registers R0-R7 and R16-23.
+ *  This table represents the mapping from the encoding to the actual values.
+ */
+
+#define DEF_REGMAP(NAME, ELEMENTS, ...) \
+static const unsigned int DECODE_REGISTER_##NAME[ELEMENTS] = \
+{ __VA_ARGS__ };
+/* Name   Num Table */
+DEF_REGMAP(R_16,  16, 0, 1, 2, 3, 4, 5, 6, 7, 16, 17, 18, 19, 20, 21, 22, 23)
+DEF_REGMAP(R__8,  8,  0, 2, 4, 6, 16, 18, 20, 22)
+
+#define DECODE_MAPPED_REG(REGNO, NAME) \
+insn->regno[REGNO] = DECODE_REGISTER_##NAME[insn->regno[REGNO]];
+
+typedef struct {
+const struct DectreeTable *table_link;
+const struct DectreeTable *table_link_b;
+Opcode opcode;
+enum {
+DECTREE_ENTRY_INVALID,
+DECTREE_TABLE_LINK,
+DECTREE_SUBINSNS,
+DECTREE_EXTSPACE,
+DECTREE_TERMINAL
+} type;
+} DectreeEntry;
+
+typedef struct DectreeTable {
+unsigned int (*lookup_function)(int startbit, int width, uint32_t opcode);
+unsigned int size;
+unsigned int startbit;
+unsigned int width;
+const DectreeEntry table[];
+} DectreeTable;
+
+#define DECODE_NEW_TABLE(TAG, SIZE, WHATNOT) \
+static const DectreeTable dectree_table_##TAG;
+#define TABLE_LINK(TABLE) /* NOTHING */
+#define TERMINAL(TAG, ENC)/* NOTHING */
+#define SUBINSNS(TAG, CLASSA, CLASSB, ENC)/* NOTHING */
+#define EXTSPACE(TAG, ENC)/* NOTHING */
+#define INVAL

[PATCH v7 04/35] Hexagon (target/hexagon) scalar core definition

2021-01-19 Thread Taylor Simpson

Add target state header, target definitions and initialization routines

Signed-off-by: Taylor Simpson 
---
 target/hexagon/cpu-param.h |  29 +
 target/hexagon/cpu.h   | 159 +++
 target/hexagon/cpu_bits.h  |  59 +
 target/hexagon/internal.h  |  36 ++
 target/hexagon/cpu.c   | 312 +
 5 files changed, 595 insertions(+)
 create mode 100644 target/hexagon/cpu-param.h
 create mode 100644 target/hexagon/cpu.h
 create mode 100644 target/hexagon/cpu_bits.h
 create mode 100644 target/hexagon/internal.h
 create mode 100644 target/hexagon/cpu.c

diff --git a/target/hexagon/cpu-param.h b/target/hexagon/cpu-param.h
new file mode 100644
index 000..e8ed546
--- /dev/null
+++ b/target/hexagon/cpu-param.h
@@ -0,0 +1,29 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_CPU_PARAM_H
+#define HEXAGON_CPU_PARAM_H
+
+#define TARGET_PAGE_BITS 16 /* 64K pages */
+#define TARGET_LONG_BITS 32
+
+#define TARGET_PHYS_ADDR_SPACE_BITS 36
+#define TARGET_VIRT_ADDR_SPACE_BITS 32
+
+#define NB_MMU_MODES 1
+
+#endif
diff --git a/target/hexagon/cpu.h b/target/hexagon/cpu.h
new file mode 100644
index 000..839db6b
--- /dev/null
+++ b/target/hexagon/cpu.h
@@ -0,0 +1,159 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_CPU_H
+#define HEXAGON_CPU_H
+
+/* Forward declaration needed by some of the header files */
+typedef struct CPUHexagonState CPUHexagonState;
+
+#include "fpu/softfloat-types.h"
+
+#include "qemu-common.h"
+#include "exec/cpu-defs.h"
+#include "hex_regs.h"
+
+#define NUM_PREGS 4
+#define TOTAL_PER_THREAD_REGS 64
+
+#define SLOTS_MAX 4
+#define STORES_MAX 2
+#define REG_WRITES_MAX 32
+#define PRED_WRITES_MAX 5   /* 4 insns + endloop */
+
+#define TYPE_HEXAGON_CPU "hexagon-cpu"
+
+#define HEXAGON_CPU_TYPE_SUFFIX "-" TYPE_HEXAGON_CPU
+#define HEXAGON_CPU_TYPE_NAME(name) (name HEXAGON_CPU_TYPE_SUFFIX)
+#define CPU_RESOLVING_TYPE TYPE_HEXAGON_CPU
+
+#define TYPE_HEXAGON_CPU_V67 HEXAGON_CPU_TYPE_NAME("v67")
+
+#define MMU_USER_IDX 0
+
+typedef struct {
+target_ulong va;
+uint8_t width;
+uint32_t data32;
+uint64_t data64;
+} MemLog;
+
+#define EXEC_STATUS_OK  0x
+#define EXEC_STATUS_STOP0x0002
+#define EXEC_STATUS_REPLAY  0x0010
+#define EXEC_STATUS_LOCKED  0x0020
+#define EXEC_STATUS_EXCEPTION   0x0100
+
+
+#define EXCEPTION_DETECTED  (env->status & EXEC_STATUS_EXCEPTION)
+#define REPLAY_DETECTED (env->status & EXEC_STATUS_REPLAY)
+#define CLEAR_EXCEPTION (env->status &= (~EXEC_STATUS_EXCEPTION))
+#define SET_EXCEPTION   (env->status |= EXEC_STATUS_EXCEPTION)
+
+struct CPUHexagonState {
+target_ulong gpr[TOTAL_PER_THREAD_REGS];
+target_ulong pred[NUM_PREGS];
+target_ulong branch_taken;
+target_ulong next_PC;
+
+/* For comparing with LLDB on target - see adjust_stack_ptrs function */
+target_ulong last_pc_dumped;
+target_ulong stack_start;
+
+uint8_t slot_cancelled;
+target_ulong new_value[TOTAL_PER_THREAD_REGS];
+
+/*
+ * Only used when HEX_DEBUG is on, but unconditionally included
+ * to reduce recompile time when turning HEX_DEBUG on/off.
+ */
+target_ulong this_PC;
+target_ulong reg_written[TOTAL_PER_THREAD_REGS];
+
+target_ulong new_pred_value[NUM_PREGS];
+target_ulong pred_written;
+
+MemLog mem_log_stores[STORES_MAX];
+target_ulong pkt_has_store_s1;
+target_ulong dczero_addr;
+
+float_status fp_status;
+
+target_ulong

[PATCH v7 25/35] Hexagon (target/hexagon) instruction classes

2021-01-19 Thread Taylor Simpson

Determine legal VLIW slots for each instruction

Signed-off-by: Taylor Simpson 
---
 target/hexagon/iclass.h| 50 ++
 target/hexagon/iclass.c| 73 ++
 target/hexagon/imported/iclass.def | 51 ++
 3 files changed, 174 insertions(+)
 create mode 100644 target/hexagon/iclass.h
 create mode 100644 target/hexagon/iclass.c
 create mode 100644 target/hexagon/imported/iclass.def

diff --git a/target/hexagon/iclass.h b/target/hexagon/iclass.h
new file mode 100644
index 000..1b625fa
--- /dev/null
+++ b/target/hexagon/iclass.h
@@ -0,0 +1,50 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_ICLASS_H
+#define HEXAGON_ICLASS_H
+
+#include "opcodes.h"
+
+#define ICLASS_FROM_TYPE(TYPE) ICLASS_##TYPE
+
+enum {
+
+#define DEF_PP_ICLASS32(TYPE, SLOTS, UNITS)ICLASS_FROM_TYPE(TYPE),
+#define DEF_EE_ICLASS32(TYPE, SLOTS, UNITS)ICLASS_FROM_TYPE(TYPE),
+#include "imported/iclass.def"
+#undef DEF_PP_ICLASS32
+#undef DEF_EE_ICLASS32
+
+ICLASS_FROM_TYPE(COPROC_VX),
+ICLASS_FROM_TYPE(COPROC_VMEM),
+NUM_ICLASSES
+};
+
+typedef enum {
+SLOTS_0  = (1 << 0),
+SLOTS_1  = (1 << 1),
+SLOTS_2  = (1 << 2),
+SLOTS_3  = (1 << 3),
+SLOTS_01 = SLOTS_0 | SLOTS_1,
+SLOTS_23 = SLOTS_2 | SLOTS_3,
+SLOTS_0123   = SLOTS_0 | SLOTS_1 | SLOTS_2 | SLOTS_3,
+} SlotMask;
+
+extern SlotMask find_iclass_slots(Opcode opcode, int itype);
+
+#endif
diff --git a/target/hexagon/iclass.c b/target/hexagon/iclass.c
new file mode 100644
index 000..80fd5b8
--- /dev/null
+++ b/target/hexagon/iclass.c
@@ -0,0 +1,73 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "iclass.h"
+
+static const SlotMask iclass_info[] = {
+
+#define DEF_PP_ICLASS32(TYPE, SLOTS, UNITS) \
+[ICLASS_FROM_TYPE(TYPE)] = SLOTS_##SLOTS,
+#define DEF_EE_ICLASS32(TYPE, SLOTS, UNITS) \
+[ICLASS_FROM_TYPE(TYPE)] = SLOTS_##SLOTS,
+#include "imported/iclass.def"
+#undef DEF_PP_ICLASS32
+#undef DEF_EE_ICLASS32
+};
+
+SlotMask find_iclass_slots(Opcode opcode, int itype)
+{
+/* There are some exceptions to what the iclass dictates */
+if (GET_ATTRIB(opcode, A_ICOP)) {
+return SLOTS_2;
+} else if (GET_ATTRIB(opcode, A_RESTRICT_SLOT0ONLY)) {
+return SLOTS_0;
+} else if (GET_ATTRIB(opcode, A_RESTRICT_SLOT1ONLY)) {
+return SLOTS_1;
+} else if (GET_ATTRIB(opcode, A_RESTRICT_SLOT2ONLY)) {
+return SLOTS_2;
+} else if (GET_ATTRIB(opcode, A_RESTRICT_SLOT3ONLY)) {
+return SLOTS_3;
+} else if (GET_ATTRIB(opcode, A_COF) &&
+   GET_ATTRIB(opcode, A_INDIRECT) &&
+   !GET_ATTRIB(opcode, A_MEMLIKE) &&
+   !GET_ATTRIB(opcode, A_MEMLIKE_PACKET_RULES)) {
+return SLOTS_2;
+} else if (GET_ATTRIB(opcode, A_RESTRICT_NOSLOT1)) {
+return SLOTS_0;
+} else if ((opcode == J2_trap0) ||
+   (opcode == Y2_isync) ||
+   (opcode == J4_hintjumpr)) {
+return SLOTS_2;
+} else if ((itype == ICLASS_V2LDST) && (GET_ATTRIB(opcode, A_STORE))) {
+return SLOTS_01;
+} else if ((itype == ICLASS_V2LDST) && (!GET_ATTRIB(opcode, A_STORE))) {
+return SLOTS_01;
+} else if (GET_ATTRIB(opcode, A_CRSLOT23)) {
+return SLOTS_23;
+} else if (GET_ATTRIB(opcode, A_RESTRICT_PREFERSLOT0)) {
+return SLOTS_0;
+} else if (GET_ATTRIB(opcode, A_SUBINSN)) {
+return SLOTS_01;
+} e

[PATCH v7 02/35] Hexagon (target/hexagon) README

2021-01-19 Thread Taylor Simpson

Gives an introduction and overview to the Hexagon target

Signed-off-by: Taylor Simpson 
---
 target/hexagon/README | 235 ++
 1 file changed, 235 insertions(+)
 create mode 100644 target/hexagon/README

diff --git a/target/hexagon/README b/target/hexagon/README
new file mode 100644
index 000..1d48eee
--- /dev/null
+++ b/target/hexagon/README
@@ -0,0 +1,235 @@
+Hexagon is Qualcomm's very long instruction word (VLIW) digital signal
+processor(DSP).
+
+The following versions of the Hexagon core are supported
+Scalar core: v67
+
https://developer.qualcomm.com/downloads/qualcomm-hexagon-v67-programmer-s-reference-manual
+
+We presented an overview of the project at the 2019 KVM Forum.
+
https://kvmforum2019.sched.com/event/Tmwc/qemu-hexagon-automatic-translation-of-the-isa-manual-pseudcode-to-tiny-code-instructions-of-a-vliw-architecture-niccolo-izzo-revng-taylor-simpson-qualcomm-innovation-center
+
+*** Tour of the code ***
+
+The qemu-hexagon implementation is a combination of qemu and the Hexagon
+architecture library (aka archlib).  The three primary directories with
+Hexagon-specific code are
+
+qemu/target/hexagon
+This has all the instruction and packet semantics
+qemu/target/hexagon/imported
+These files are imported with very little modification from archlib
+*.idef  Instruction semantics definition
+macros.def  Mapping of macros to instruction attributes
+encode*.def Encoding patterns for each instruction
+iclass.def  Instruction class definitions used to determine
+legal VLIW slots for each instruction
+qemu/linux-user/hexagon
+Helpers for loading the ELF file and making Linux system calls,
+signals, etc
+
+We start with scripts that generate a bunch of include files.  This
+is a two step process.  The first step is to use the C preprocessor to expand
+macros inside the architecture definition files.  This is done in
+target/hexagon/gen_semantics.c.  This step produces
+/target/hexagon/semantics_generated.pyinc.
+That file is consumed by the following python scripts to produce the indicated
+header files in /target/hexagon
+gen_opcodes_def.py  -> opcodes_def_generated.h
+gen_op_regs.py  -> op_regs_generated.h
+gen_printinsn.py-> printinsn_generated.h
+gen_op_attribs.py   -> op_attribs_generated.h
+gen_helper_protos.py-> helper_protos_generated.h
+gen_shortcode.py-> shortcode_generated.h
+gen_tcg_funcs.py-> tcg_funcs_generated.h
+gen_tcg_func_table.py   -> tcg_func_table_generated.h
+gen_helper_funcs.py -> helper_funcs_generated.h
+
+Qemu helper functions have 3 parts
+DEF_HELPER declaration indicates the signature of the helper
+gen_helper_ will generate a TCG call to the helper function
+The helper implementation
+
+Here's an example of the A2_add instruction.
+Instruction tagA2_add
+Assembly syntax"Rd32=add(Rs32,Rt32)"
+Instruction semantics  "{ RdV=RsV+RtV;}"
+
+By convention, the operands are identified by letter
+RdV is the destination register
+RsV, RtV are source registers
+
+The generator uses the operand naming conventions (see large comment in
+hex_common.py) to determine the signature of the helper function.  Here are the
+results for A2_add
+
+helper_protos_generated.h
+DEF_HELPER_3(A2_add, s32, env, s32, s32)
+
+tcg_funcs_generated.h
+static void generate_A2_add(
+CPUHexagonState *env,
+DisasContext *ctx,
+Insn *insn,
+Packet *pkt)
+{
+TCGv RdV = tcg_temp_local_new();
+const int RdN = insn->regno[0];
+TCGv RsV = hex_gpr[insn->regno[1]];
+TCGv RtV = hex_gpr[insn->regno[2]];
+gen_helper_A2_add(RdV, cpu_env, RsV, RtV);
+gen_log_reg_write(RdN, RdV);
+ctx_log_reg_write(ctx, RdN);
+tcg_temp_free(RdV);
+}
+
+helper_funcs_generated.h
+int32_t HELPER(A2_add)(CPUHexagonState *env, int32_t RsV, int32_t RtV)
+{
+uint32_t slot __attribute__((unused)) = 4;
+int32_t RdV = 0;
+{ RdV=RsV+RtV;}
+return RdV;
+}
+
+Note that generate_A2_add updates the disassembly context to be processed
+when the packet commits (see "Packet Semantics" below).
+
+The generator checks for fGEN_TCG_ macro.  This allows us to generate
+TCG code instead of a call to the helper.  If defined, the macro takes 1
+argument.
+C semantics (aka short code)
+
+This allows the code generator to override the auto-generated code.  In some
+cases this is necessary for correct execution.  We can also override for
+faster emulation.  For example, calling a helper for add is more

[PATCH v7 16/35] Hexagon (target/hexagon/conv_emu.[ch]) utility functions

2021-01-19 Thread Taylor Simpson

Signed-off-by: Taylor Simpson 
---
 target/hexagon/conv_emu.h |  31 
 target/hexagon/conv_emu.c | 177 ++
 2 files changed, 208 insertions(+)
 create mode 100644 target/hexagon/conv_emu.h
 create mode 100644 target/hexagon/conv_emu.c

diff --git a/target/hexagon/conv_emu.h b/target/hexagon/conv_emu.h
new file mode 100644
index 000..1b23c75
--- /dev/null
+++ b/target/hexagon/conv_emu.h
@@ -0,0 +1,31 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_CONV_EMU_H
+#define HEXAGON_CONV_EMU_H
+
+extern uint64_t conv_sf_to_8u(float32 in, float_status *fp_status);
+extern uint32_t conv_sf_to_4u(float32 in, float_status *fp_status);
+extern int64_t conv_sf_to_8s(float32 in, float_status *fp_status);
+extern int32_t conv_sf_to_4s(float32 in, float_status *fp_status);
+
+extern uint64_t conv_df_to_8u(float64 in, float_status *fp_status);
+extern uint32_t conv_df_to_4u(float64 in, float_status *fp_status);
+extern int64_t conv_df_to_8s(float64 in, float_status *fp_status);
+extern int32_t conv_df_to_4s(float64 in, float_status *fp_status);
+
+#endif
diff --git a/target/hexagon/conv_emu.c b/target/hexagon/conv_emu.c
new file mode 100644
index 000..3985b10
--- /dev/null
+++ b/target/hexagon/conv_emu.c
@@ -0,0 +1,177 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/host-utils.h"
+#include "fpu/softfloat.h"
+#include "macros.h"
+#include "conv_emu.h"
+
+#define LL_MAX_POS 0x7fffULL
+#define MAX_POS 0x7fffU
+
+static uint64_t conv_f64_to_8u_n(float64 in, int will_negate,
+ float_status *fp_status)
+{
+uint8_t sign = float64_is_neg(in);
+if (float64_is_infinity(in)) {
+float_raise(float_flag_invalid, fp_status);
+if (float64_is_neg(in)) {
+return 0ULL;
+} else {
+return ~0ULL;
+}
+}
+if (float64_is_any_nan(in)) {
+float_raise(float_flag_invalid, fp_status);
+return ~0ULL;
+}
+if (float64_is_zero(in)) {
+return 0;
+}
+if (sign) {
+float_raise(float_flag_invalid, fp_status);
+return 0;
+}
+if (float64_lt(in, float64_half, fp_status)) {
+/* Near zero, captures large fracshifts, denorms, etc */
+float_raise(float_flag_inexact, fp_status);
+switch (get_float_rounding_mode(fp_status)) {
+case float_round_down:
+if (will_negate) {
+return 1;
+} else {
+return 0;
+}
+case float_round_up:
+if (!will_negate) {
+return 1;
+} else {
+return 0;
+}
+default:
+return 0;/* nearest or towards zero */
+}
+}
+return float64_to_uint64(in, fp_status);
+}
+
+static void clr_float_exception_flags(uint8_t flag, float_status *fp_status)
+{
+uint8_t flags = fp_status->float_exception_flags;
+flags &= ~flag;
+set_float_exception_flags(flags, fp_status);
+}
+
+static uint32_t conv_df_to_4u_n(float64 fp64, int will_negate,
+float_status *fp_status)
+{
+uint64_t tmp;
+tmp = conv_f64_to_8u_n(fp64, will_negate, fp_status);
+if (tmp > 0xULL) {
+clr_float_exception_flags(float_flag_inexact, fp_status);
+float_raise(float_flag_invalid, fp_status);
+return ~0U;
+}
+return (uint32_t)tmp;
+}
+
+uint64_t conv_df_to_8u(float64 in, float_status *f

[PATCH v7 06/35] Hexagon (target/hexagon) register names

2021-01-19 Thread Taylor Simpson

Signed-off-by: Taylor Simpson 
Reviewed-by: Richard Henderson 
---
 target/hexagon/hex_regs.h | 83 +++
 1 file changed, 83 insertions(+)
 create mode 100644 target/hexagon/hex_regs.h

diff --git a/target/hexagon/hex_regs.h b/target/hexagon/hex_regs.h
new file mode 100644
index 000..f291911
--- /dev/null
+++ b/target/hexagon/hex_regs.h
@@ -0,0 +1,83 @@
+/*
+ *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef HEXAGON_REGS_H
+#define HEXAGON_REGS_H
+
+enum {
+HEX_REG_R00  = 0,
+HEX_REG_R01  = 1,
+HEX_REG_R02  = 2,
+HEX_REG_R03  = 3,
+HEX_REG_R04  = 4,
+HEX_REG_R05  = 5,
+HEX_REG_R06  = 6,
+HEX_REG_R07  = 7,
+HEX_REG_R08  = 8,
+HEX_REG_R09  = 9,
+HEX_REG_R10  = 10,
+HEX_REG_R11  = 11,
+HEX_REG_R12  = 12,
+HEX_REG_R13  = 13,
+HEX_REG_R14  = 14,
+HEX_REG_R15  = 15,
+HEX_REG_R16  = 16,
+HEX_REG_R17  = 17,
+HEX_REG_R18  = 18,
+HEX_REG_R19  = 19,
+HEX_REG_R20  = 20,
+HEX_REG_R21  = 21,
+HEX_REG_R22  = 22,
+HEX_REG_R23  = 23,
+HEX_REG_R24  = 24,
+HEX_REG_R25  = 25,
+HEX_REG_R26  = 26,
+HEX_REG_R27  = 27,
+HEX_REG_R28  = 28,
+HEX_REG_R29  = 29,
+HEX_REG_SP   = 29,
+HEX_REG_FP   = 30,
+HEX_REG_R30  = 30,
+HEX_REG_LR   = 31,
+HEX_REG_R31  = 31,
+HEX_REG_SA0  = 32,
+HEX_REG_LC0  = 33,
+HEX_REG_SA1  = 34,
+HEX_REG_LC1  = 35,
+HEX_REG_P3_0 = 36,
+HEX_REG_M0   = 38,
+HEX_REG_M1   = 39,
+HEX_REG_USR  = 40,
+HEX_REG_PC   = 41,
+HEX_REG_UGP  = 42,
+HEX_REG_GP   = 43,
+HEX_REG_CS0  = 44,
+HEX_REG_CS1  = 45,
+HEX_REG_UPCYCLELO= 46,
+HEX_REG_UPCYCLEHI= 47,
+HEX_REG_FRAMELIMIT   = 48,
+HEX_REG_FRAMEKEY = 49,
+HEX_REG_PKTCNTLO = 50,
+HEX_REG_PKTCNTHI = 51,
+/* Use reserved control registers for qemu execution counts */
+HEX_REG_QEMU_PKT_CNT  = 52,
+HEX_REG_QEMU_INSN_CNT = 53,
+HEX_REG_UTIMERLO  = 62,
+HEX_REG_UTIMERHI  = 63,
+};
+
+#endif
-- 
2.7.4

[PATCH v7 03/35] Hexagon (include/elf.h) ELF machine definition

2021-01-19 Thread Taylor Simpson

Define EM_HEXAGON 164

Signed-off-by: Taylor Simpson 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 include/elf.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/elf.h b/include/elf.h
index 7a418ee..f4fa3c1 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -176,6 +176,7 @@ typedef struct mips_elf_abiflags_v0 {
 
 #define EM_UNICORE32110 /* UniCore32 */
 
+#define EM_HEXAGON  164 /* Qualcomm Hexagon */
 #define EM_RX   173 /* Renesas RX family */
 
 #define EM_RISCV243 /* RISC-V */
-- 
2.7.4

[PATCH v7 00/35] Hexagon patch series

2021-01-19 Thread Taylor Simpson

This series adds support for the Hexagon processor with Linux user support

See patch 02/33 Hexagon README for detailed information.

This series assumes int128_or() is implemented.
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06004.html

The series is also available at https://github.com/quic/qemu on branch
small_series_v7.


Once the series is applied, the Hexagon port will pass "make check-tcg".
The series also includes Hexagon-specific tests in tcg/tests/hexagon.

The final patch in the series add docker support.  Thanks to Alessandro
Di Federico  and Brian Cain  for making this
happen.  The default container (debian-hexagon-cross) uses a toolchain built
by rev.ng.  Alternatively, there is a container that will build the toolchain
locally (debian-hexagon-cross-build-local).

Here are the commands to verify the code:
mkdir build
cd build
../configure --target-list=hexagon-linux-user
make
make check-tcg


*** Known checkpatch issues ***

The following are known checkpatch errors in the series
target/hexagon/reg_fields.h Complex macro
target/hexagon/attribs.hComplex macro
target/hexagon/decode.c Complex macro
target/hexagon/q6v_decode.c Macro needs do - while
target/hexagon/printinsn.c  Macro needs do - while
target/hexagon/gen_semantics.c  Suspicious ; after while (0)
target/hexagon/gen_dectree_import.c Complex macro
target/hexagon/gen_dectree_import.c Suspicious ; after while (0)
target/hexagon/opcodes.cComplex macro
target/hexagon/iclass.h Complex macro
configure.shLine over 90 characters
tests/tcg/configure.sh  Line over 90 characters
scripts/qemu-binfmt-conf.sh Line over 90 characters

The following are known checkpatch warnings in the series
target/hexagon/fma_emu.cComments inside macro definition
target/hexagon/gen_tcg_funcs.py Line over 80 characters
scripts/qemu-binfmt-conf.sh Line over 80 characters

*** Changes in v7 ***
Address feedback from  Philippe Mathieu-Daud� 
Use GString instead of  for disassembly
Remove mixed declarations (interleaving statements and declarations)
Change 4 to sizeof(uint32_t)

Address feedback from  Alex Benn�e 
Break TCG tests patch into multiple patches
Remove pthread_cancel test (submitted as a standalone patch)

*** Changes in v6 ***
Correct QEMU_GENERATE implementations for fLSBNEW0/fLSBNEW1
Change Python file handling to use with statement
Change import hex_common to be explicit
Generator cleanup
Change N?N (new value) to value instead of register number for consistency
Fixed bud in reading control register pair
Add ctx_log_reg_write_pair
Clean up control reg offset from HEX_REG_SA0
Fix errors in FP instructions uncovered by musl libc-tests
Added unit tests

*** Changes in v5 ***
Bug fixes
Properly implement circular addressing
memw(r1++I:circ(m0)) = r2
Make gen_cmpnd_cmp_jmp execute in 2 parts

Address remaining blocker items from Richard Henderson's review.
Use qemu softfloat
Use const where appropriate
Break tcg_funcs_generated.h into two files - functions and table
Change struct and enum type names to CamelCase
Include packet in raw bytes in assembly
Use DEF_HELPER_FLAGS where possible
Fix merge_bytes endianness and overlap test by doing the store before load
Use bitmask instead of string in decoding
Add comments to decoder
Use qemu/int128.h
Use qemu/bitops.h for instruction attributes
Add bitmask for ctx->reg_log
Note we still have the array/idx for iteration during gen_commit_packet
Change opcode_syntax to be created at compile time in gen_dectree_import.c
Remove unused tmp variables
Isolate hex_arch_types to imported files
Fix git am whitespace warnings

Address items from Philippe Mathieu-Daud�'s review
Split utility functions patch into 3 digestable patches
Fixed type "definition"
Change all exit codes to be either 0 or 1
Validated build with gcc 4.8, 5.5, and *
Removed qemu/osdep.h and qemu/host-utils.h from macros.h

Address items from Laurent Vivier's review
Don't filter out __NR_syscalls
Remove syscall_nr_generators from linux-user/hexagon/meson.build
Remove subdir('hexagon') from linux-user/meson.build
Generate syscall_nr.h from 5.5 Linux kernel


*** Changes in v4 ***
Convert target/hexagon/Makefile.objs to meson.build

Address portions of feedback from Richard Henderson.  Here is the table
of items from Richard's review.
Patch   Item Blocker Status
Use qemu softfloat   Yes
Use qemu decodetree.py   No
Several Use const when appropriate   Yes
Several Remove anything after g_assert_not_reached

[PATCH v7 01/35] Hexagon Update MAINTAINERS file

2021-01-19 Thread Taylor Simpson

Add Taylor Simpson as the Hexagon target maintainer

Signed-off-by: Taylor Simpson 
Reviewed-by: Richard Henderson 
---
 MAINTAINERS | 9 +
 1 file changed, 9 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 3216387..b07ceb4 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -187,6 +187,15 @@ F: include/hw/cris/
 F: tests/tcg/cris/
 F: disas/cris.c
 
+Hexagon TCG CPUs
+M: Taylor Simpson 
+S: Supported
+F: target/hexagon/
+F: linux-user/hexagon/
+F: tests/tcg/hexagon/
+F: disas/hexagon.c
+F: default-configs/targets/hexagon-linux-user.mak
+
 HPPA (PA-RISC) TCG CPUs
 M: Richard Henderson 
 S: Maintained
-- 
2.7.4

[PATCH] target/arm: Conditionalize DBGDIDR

2021-01-19 Thread Richard Henderson

Only define the register if it exists for the cpu.

Signed-off-by: Richard Henderson 
---

I've pulled this out of a largely defunct 2019 branch.  This will
be required for the cortex-a76, which only implements aa32 at el0.

This did get some review, back in the day,
https://lists.gnu.org/archive/html/qemu-devel/2019-04/msg05171.html

but it has changed enough that I didn't include the proffered r-b.


r~
---
 target/arm/helper.c | 21 +++--
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index d2ead3fcbd..10102aab3c 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6567,11 +6567,21 @@ static void define_debug_regs(ARMCPU *cpu)
  */
 int i;
 int wrps, brps, ctx_cmps;
-ARMCPRegInfo dbgdidr = {
-.name = "DBGDIDR", .cp = 14, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 0,
-.access = PL0_R, .accessfn = access_tda,
-.type = ARM_CP_CONST, .resetvalue = cpu->isar.dbgdidr,
-};
+
+/*
+ * The Arm ARM says DBGDIDR is optional and deprecated if EL1 cannot
+ * use AArch32.  Given that bit 15 is RES1, if the value is 0 then
+ * the register must not exist for this cpu.
+ */
+if (cpu->isar.dbgdidr != 0) {
+ARMCPRegInfo dbgdidr = {
+.name = "DBGDIDR", .cp = 14, .crn = 0, .crm = 0,
+.opc1 = 0, .opc2 = 0,
+.access = PL0_R, .accessfn = access_tda,
+.type = ARM_CP_CONST, .resetvalue = cpu->isar.dbgdidr,
+};
+define_one_arm_cp_reg(cpu, &dbgdidr);
+}
 
 /* Note that all these register fields hold "number of Xs minus 1". */
 brps = arm_num_brps(cpu);
@@ -6580,7 +6590,6 @@ static void define_debug_regs(ARMCPU *cpu)
 
 assert(ctx_cmps <= brps);
 
-define_one_arm_cp_reg(cpu, &dbgdidr);
 define_arm_cp_regs(cpu, debug_cp_reginfo);
 
 if (arm_feature(&cpu->env, ARM_FEATURE_LPAE)) {
-- 
2.25.1

Re: [PATCH v3] hvf: guard xgetbv call.

2021-01-19 Thread Cameron Esfahani

Reviewed-by: Cameron Esfahani mailto:di...@apple.com>>

Cameron Esfahani
di...@apple.com

> On Jan 12, 2021, at 10:07 PM, Hill Ma  wrote:
> 
> This prevents illegal instruction on cpus do not support xgetbv.
> 
> Buglink: https://bugs.launchpad.net/qemu/+bug/1758819
> Signed-off-by: Hill Ma 
> ---
> v3: addressed feedback.
> v2: xgetbv() modified based on feedback.
> 
> target/i386/hvf/x86_cpuid.c | 34 ++
> 1 file changed, 22 insertions(+), 12 deletions(-)
> 
> diff --git a/target/i386/hvf/x86_cpuid.c b/target/i386/hvf/x86_cpuid.c
> index a6842912f5..32b0d131df 100644
> --- a/target/i386/hvf/x86_cpuid.c
> +++ b/target/i386/hvf/x86_cpuid.c
> @@ -27,15 +27,22 @@
> #include "vmx.h"
> #include "sysemu/hvf.h"
> 
> -static uint64_t xgetbv(uint32_t xcr)
> +static bool xgetbv(uint32_t cpuid_ecx, uint32_t idx, uint64_t *xcr)
> {
> -uint32_t eax, edx;
> +uint32_t xcrl, xcrh;
> 
> -__asm__ volatile ("xgetbv"
> -  : "=a" (eax), "=d" (edx)
> -  : "c" (xcr));
> +if (cpuid_ecx & CPUID_EXT_OSXSAVE) {
> +/*
> + * The xgetbv instruction is not available to older versions of
> + * the assembler, so we encode the instruction manually.
> + */
> +asm(".byte 0x0f, 0x01, 0xd0" : "=a" (xcrl), "=d" (xcrh) : "c" (idx));
> 
> -return (((uint64_t)edx) << 32) | eax;
> +*xcr = (((uint64_t)xcrh) << 32) | xcrl;
> +return true;
> +}
> +
> +return false;
> }
> 
> uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx,
> @@ -100,12 +107,15 @@ uint32_t hvf_get_supported_cpuid(uint32_t func, 
> uint32_t idx,
> break;
> case 0xD:
> if (idx == 0) {
> -uint64_t host_xcr0 = xgetbv(0);
> -uint64_t supp_xcr0 = host_xcr0 & (XSTATE_FP_MASK | 
> XSTATE_SSE_MASK |
> -  XSTATE_YMM_MASK | XSTATE_BNDREGS_MASK |
> -  XSTATE_BNDCSR_MASK | XSTATE_OPMASK_MASK |
> -  XSTATE_ZMM_Hi256_MASK | 
> XSTATE_Hi16_ZMM_MASK);
> -eax &= supp_xcr0;
> +uint64_t host_xcr0;
> +if (xgetbv(ecx, 0, &host_xcr0)) {
> +uint64_t supp_xcr0 = host_xcr0 & (XSTATE_FP_MASK |
> +  XSTATE_SSE_MASK | XSTATE_YMM_MASK |
> +  XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK |
> +  XSTATE_OPMASK_MASK | XSTATE_ZMM_Hi256_MASK 
> |
> +  XSTATE_Hi16_ZMM_MASK);
> +eax &= supp_xcr0;
> +}
> } else if (idx == 1) {
> hv_vmx_read_capability(HV_VMX_CAP_PROCBASED2, &cap);
> eax &= CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XGETBV1;
> -- 
> 2.20.1 (Apple Git-117)
>

Re: [PATCH v2 21/22] tcg/tci: Split out constraint sets to tcg-target-con-set.h

2021-01-19 Thread Richard Henderson

On 1/19/21 6:09 AM, Peter Maydell wrote:
> On Fri, 15 Jan 2021 at 21:23, Richard Henderson
>  wrote:
>>
>> This requires finishing the conversion to tcg_target_op_def.
>> Remove quite a lot of ifdefs, since we can reference opcodes
>> even if they are not implemented.
>>
>> Signed-off-by: Richard Henderson 
> 
> This one's a lot more painful to review than the native targets :-(
> 
>> ---
> 
>> -/* TODO: documentation. */
>> -static const TCGTargetOpDef tcg_target_op_defs[] = {
>> -{ INDEX_op_exit_tb, { NULL } },
>> -{ INDEX_op_goto_tb, { NULL } },
>> -{ INDEX_op_br, { NULL } },
> 
> I don't see any cases in the new code for these ops,
> or for INDEX_op_mb which has {}. Is the function in fact
> never called for those ops ?

Correct.  Just before tcg_target_op_def() is called:

if (nb_args == 0) {
continue;
}

>> -#if TCG_TARGET_HAS_div_i32
>> -{ INDEX_op_div_i32, { R, R, R } },
>> -{ INDEX_op_divu_i32, { R, R, R } },
>> -{ INDEX_op_rem_i32, { R, R, R } },
>> -{ INDEX_op_remu_i32, { R, R, R } },
>> -#elif TCG_TARGET_HAS_div2_i32
>> -{ INDEX_op_div2_i32, { R, R, "0", "1", R } },
>> -{ INDEX_op_divu2_i32, { R, R, "0", "1", R } },
>> -#endif
> 
> Why don't we need all the ifdeffery the old code has ? Is
> it because we know the ifdefs are always true (or always false) ?
> If so, can we do the "drop ifdefs" in a separate patch beforehand?
> I think that might help make the patch a bit easier to review.

Ok, I've split this up a bit.


r~

Re: [PATCH] roms/opensbi: Upgrade from v0.8 to v0.9

2021-01-19 Thread Alistair Francis

On Tue, Jan 19, 2021 at 3:46 PM Bin Meng  wrote:
>
> From: Bin Meng 
>
> Upgrade OpenSBI from v0.8 to v0.9 and the pre-built bios images.
>
> The v0.9 release includes the following commits:
>
> 35bc810 docs/platform: Update QEMU parameter for fw_payload
> 78afe11 config.mk: Update QEMU run command for generic and sifive fu540 
> platforms
> ec3e5b1 docs/platform: sifive_fu540: Update U-Boot instructions
> 7d61a68 README.md: fix markdown link formatting
> a5f9104 lib/utils: fdt: Update FDT expand size to 1024 for reserved memory 
> node
> ec1abf6 include: sbi_bitops: Remove dead shift assignment in ffs/fls
> 8e47649 lib: Add sbi_strncmp implementation
> 2845d2d lib: utils: Add a macro in libfdt_env.h for strncmp
> 2cfd2fc lib: utils: Use strncmp in fdt_parse_hart_id()
> 937caee lib: sbi_misaligned_ldst: Determine transformed instruction length 
> correctly
> 4b18a2a firmware: fw_base: Improve exception stack setup in trap handler
> 9d56961 lib: sbi_trap: Fix hstatus.SPVP update in sbi_trap_redirect()
> d7f87d9 platform: kendryte/k210: fixup FDT
> e435ba0 lib: sbi_init: Avoid thundering hurd problem with coldboot_lock
> 4f3bad6 lib: sbi: Handle the case where MTVAL has illegal instruction address
> 7b0b289 lib: sbi: Remove redundant SBI_HART_HAS_PMP feature
> 74d1db7 lib: sbi: Improve PMP CSR detection and progamming
> 2c341f7 lib: sbi: Detect and print MHPM counters at boot-time
> 162d453 include: sbi: Few cosmetic changes in riscv_encoding.h
> ebc8ebc lib: sbi: Improve HPM CSR read/write emulation
> dcb10c0 lib: sbi: Don't handle VS-mode ecall in sbi_trap_handler()
> bef63d6 include: Rename ECALL defines to match latest RISC-V spec
> c1c7c3e lib: sbi_trap: Allow M-mode to M-mode ECALLs
> 6734304 lib: sbi: Allow specifying start mode to sbi_hsm_hart_start() API
> 7ccf6bf lib: sbi: Allow specifying mode in sbi_hart_pmp_check_addr() API
> 9f935a4 lib: utils: Improve fdt_cpu_fixup() implementation
> 172fa16 lib: sbi: Ensure coldboot HART supports next privilege mode
> aaeca7e platform: generic: Don't mark non-MMU HARTs as invalid
> 7701ea1 lib: sbi: Fix PMP CSR detection
> 79bf80b lib: sbi_scratch: typo scatch
> a04c465 makefile: fix clean directive
> af4b50f Makefile: Build ELF, BIN and LD script in platform build directory
> 6ca0969 firmware: Add common FW_FDT_PATH compile-time option
> 9c07c51 firmware: Remove FW_PAYLOAD_FDT_PATH compile-time option
> e9a4bfb Makefile: Allow padding zeros when converting DTB to C source
> a0f2d4a platform: kendryte/k210: Add some padding for FDT fixups
> dbeeacb include: sbi: Remove redundant includes from sbi_platform.h
> a12d46a include: sbi: Remove pmp_region callbacks from sbi_platform_operations
> a126886 lib: sbi: Configure PMP late in coldboot and warmboot path
> f81d6f6 lib: sbi: Remove redundant hartid parameter from sbi_hart_init()
> 8b65005 include: sbi: Make hartmask pointer const in sbi_hartmask_test_hart()
> b1678af lib: sbi: Add initial domain support
> e73b92d lib: sbi: Extend sbi_hsm_hart_started_mask() for domains
> 3a30d2c lib: sbi: Extend sbi_hsm_hart_start() for domains
> 530e95b lib: sbi: Optimize sbi_hsm_hart_started_mask() implementation
> 3e20037 lib: sbi: Extend sbi_system_reset() for domains
> 5edbb7c lib: utils: Update fdt_reserved_memory_fixup() to use current domain
> 5fd99db lib: utils: Update fdt_cpu_fixup() to use current domain
> e856462 lib: sbi: Remove redundant sbi_hart_pmp_xyz() functions
> c10c30b lib: sbi: Configure PMP based on domain memory regions
> c347408 lib: sbi: Display domain details in boot prints
> fdf5d5c docs: Add initial documentation for domain support
> 74c0ea1 lib: utils: Implement "ranges" property parsing
> bf21632 lib: sbi: Detect PMP granularity and number of address bits
> a809f40 lib: sbi: Improve boot time print with additional PMP information
> 914f81f Makefile: Add option to use toolchain default ABI and ISA string
> 48616b3 lib: sbi: Improve boot prints in cold boot sequence
> 781cafd docs: fix a typo error
> 54a7734 include: sbi: Add SBI SRST extension related defines
> c4acc60 include: sbi: Remove opensbi specific reset type defines
> da07479 platform: Remove dummy system reset functions
> 5c429ae lib: sbi: Improve system reset platform operations
> 548d03e lib: sbi: Implement System Reset (SRST) SBI extension
> 2677324 firmware: fw_base: Optimize trap handler for RV32 systems
> 8d2edc4 lib: sbi: Fix sbi_hart_switch_mode() for u-mode
> 3d921fa lib: sbi: Fix typo in sbi_domain_finalize()
> 4e37022 lib: sbi: Fix domain_count check in sbi_domain_finalize()
> c709d40 lib: sbi: Auto start domain only if boot HART within limits
> c1f6d89 include: sbi: Use lower bits for domain memory region permissions
> 62ea4f4 lib: sbi: Override domain boot HART when coldboot HART assigned to it
> 555e737 lib: sbi: Add error prints in sbi_domain_finalize()
> 9b65dca include: sbi: Add domains_init() platform operation
> c0d2baa docs: Add domain device tree binding documentation
> ba741ea lib: utils: Add helper routines to popu

Re: [RFC PATCH V3 7/8] hw/block/nvme: add 'detached' param not to attach namespace

2021-01-19 Thread Minwoo Im

> Isn't the HBitmap slightly overkill? Can qemu/bitmap.h suffice?

Definitely, yes, I think.  Current patch series supoprt up to 32
controllers so I think qemu/bitmap.h is enough for us.

Will update the bitmap operations in the next series.

Re: [RFC PATCH V3 0/8] hw/block/nvme: support multi-path for ctrl/ns

2021-01-19 Thread Minwoo Im

> Minwoo, try pulling the most current nvme-cli. There was a sysfs
> scanning bug for non-mpath drives that should be fixed now.

Thank you, Keith!  I've posted list result based on the latest one :)

Re: [RFC PATCH V3 0/8] hw/block/nvme: support multi-path for ctrl/ns

2021-01-19 Thread Minwoo Im

On 21-01-19 19:18:16, Klaus Jensen wrote:
> On Jan 20 02:01, Minwoo Im wrote:
> > Hello,
> > 
> > This patch series is third one to support multi-controller and namespace
> > sharing in multi-path.  This series introduced subsystem scheme to
> > manage controller(s) and namespace(s) in the subsystem.
> > 
> > This series has new patches from the V2:  'detached' parameter has been
> > added to the nvme-ns device.  This will decide whether to attach the
> > namespace to controller(s) in the current subsystem or not.  If it's
> > given with true, then it will be just allocated in the subsystem, but
> > not attaching to any controllers in the subsystem.  Otherwise, it will
> > automatically attach to all the controllers in the subsystem.  The other
> > t hing is that the last patch implemented Identify Active Namespace ID
> > List command handler apart from the Allocated Namespace ID List.
> > 
> > Run with:
> >   -device nvme,serial=qux,id=nvme3
> >   -device nvme-ns,id=ns3,drive=drv12,nsid=3,bus=nvme3
> > 
> >   -device nvme-subsys,id=subsys0
> >   -device nvme,serial=foo,id=nvme0,subsys=subsys0
> >   -device nvme,serial=bar,id=nvme1,subsys=subsys0
> >   -device nvme,serial=baz,id=nvme2,subsys=subsys0
> >   -device nvme-ns,id=ns1,drive=drv10,nsid=1,subsys=subsys0,detached=true
> >   -device nvme-ns,id=ns2,drive=drv11,nsid=2,bus=nvme2
> > 
> > nvme-cli:
> >   root@vm:~/work# nvme list -v  
> > 
> >   NVM Express Subsystems
> >  
> > 
> >  
> >   SubsystemSubsystem-NQN
> > Controllers
> >    
> > 
> >  
> >   nvme-subsys0 nqn.2019-08.org.qemu:qux 
> > nvme0
> >   nvme-subsys1 nqn.2019-08.org.qemu:subsys0 
> > nvme1, nvme2, nvme3
> > 
> >
> >   NVM Express Controllers   
> > 
> > 
> >   
> >   Device   SN   MN   FR 
> >   TxPort AddressSubsystemNamespaces
> >      
> >  -- --  
> >   nvme0qux  QEMU NVMe Ctrl   
> > 1.0  pcie   :00:06.0   nvme-subsys0
> 
> Shouldn't nvme0n1 be listed under Namespaces for nvme0?

Oh, I missed that one from the output.  As Keith mentioned, I ran the
list command again based on the latest nvme-cli.git:

Please refer the following result.  I think it's okay not to send the
cover letter again :)

# nvme --version
nvme version 1.13.48.g33c6

# nvme list -v
NVM Express Subsystems

SubsystemSubsystem-NQN  
  Controllers
 

 
nvme-subsys0 nqn.2019-08.org.qemu:qux   
  nvme0
nvme-subsys1 nqn.2019-08.org.qemu:subsys0   
  nvme1, nvme2, nvme3

NVM Express Controllers

Device   SN   MN   FR   
TxPort AddressSubsystemNamespaces  
    
-- --  
nvme0qux  QEMU NVMe Ctrl   1.0  
pcie   :00:06.0   nvme-subsys0 nvme0n1
nvme1foo  QEMU NVMe Ctrl   1.0  
pcie   :00:07.0   nvme-subsys1 
nvme2bar  QEMU NVMe Ctrl   1.0  
pcie   :00:08.0   nvme-subsys1 
nvme3baz  QEMU NVMe Ctrl   1.0  
pcie   :00:09.0   nvme-subsys1 nvme1c3n1

NVM Express Namespaces

Device   NSID Usage  Format   Controllers   
  
  --  

nvme0

Re: [PATCH 1/1] spapr_caps.c: disable KVM specific caps when running with TCG

2021-01-19 Thread David Gibson

On Tue, Jan 19, 2021 at 05:58:24PM -0300, Daniel Henrique Barboza wrote:
> Commit 006e9d361869 added warning messages for cap-cfpc, cap-ibs and
> cap-sbbc when enabled under TCG. Commit 8ff43ee404d3 did the same thing
> when introducing cap-ccf-assist.
> 
> These warning messages, although benign to the machine launch, can make
> users a bit confused. E.g:
> 
> $ sudo ./ppc64-softmmu/qemu-system-ppc64
> qemu-system-ppc64: warning: TCG doesn't support requested feature, 
> cap-cfpc=workaround
> qemu-system-ppc64: warning: TCG doesn't support requested feature, 
> cap-sbbc=workaround
> qemu-system-ppc64: warning: TCG doesn't support requested feature, 
> cap-ibs=workaround
> qemu-system-ppc64: warning: TCG doesn't support requested feature, 
> cap-ccf-assist=on
> 
> We're complaining about "TCG doesn't support requested feature" when the
> user didn't request any of those caps in the command line.
> 
> Check if we're running with TCG and change the defaults in spapr_caps_init().
> Note that this change doesn't impact backward compatibility or migration
> to older QEMU versions because we never activated these caps with TCG
> in the first place.

Nack.  Changing those capabilities changes guest visible properties of
the guest environment.  Silently altering guest visible
characteristics based on whether or not we're running with KVM is not
acceptable (we did it in the past and it caused a lot of grief).

> 
> Signed-off-by: Daniel Henrique Barboza 
> ---
>  hw/ppc/spapr_caps.c | 15 +++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
> index 9341e9782a..53eea2b11e 100644
> --- a/hw/ppc/spapr_caps.c
> +++ b/hw/ppc/spapr_caps.c
> @@ -781,6 +781,21 @@ void spapr_caps_init(SpaprMachineState *spapr)
>  /* Compute the actual set of caps we should run with */
>  default_caps = default_caps_with_cpu(spapr, MACHINE(spapr)->cpu_type);
>  
> +   /*
> +* These are KVM specific caps that TCG doesn't support, but will
> +* throw an warning if enabled by default (see 006e9d361869 and
> +* 8ff43ee404d3). This behavior can make the user wonder why a warning
> +* is being shown for caps that the user didn't enable in the
> +* command line.
> +*
> +* Disable them for TCG. */
> +if (tcg_enabled()) {
> +default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
> +default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
> +default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
> +default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_BROKEN;
> +}
> +
>  for (i = 0; i < SPAPR_CAP_NUM; i++) {
>  /* Store the defaults */
>  spapr->def.caps[i] = default_caps.caps[i];

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v3 00/12] hw/block/nvme: misc cmb/pmr patches and bump to v1.4

2021-01-19 Thread Keith Busch

On Tue, Jan 19, 2021 at 11:14:52AM +0100, Klaus Jensen wrote:
> From: Klaus Jensen 
> 
> This is a resend of "hw/block/nvme: allow cmb and pmr to coexist" with
> some more PMR work added (PMR RDS/WDS support).
> 
> This includes a resurrection of Andrzej's series[1] from back July.
> 
> Andrzej's main patch basically moved the CMB from BAR 2 into an offset
> in BAR 4 (located after the MSI-X table and PBA). Having an offset on
> the CMB causes a bunch of calculations related to address mapping to
> change.
> 
> So, since I couldn't get the patch to apply cleanly I took a stab at
> implementing the suggestion I originally came up with: simply move the
> MSI-X table and PBA from BAR 4 into BAR 0 (up-aligned to a 4 KiB
> boundary after the main NVMe controller registers). This way we can keep
> the CMB at offset zero in its own BAR and free up BAR 4 for use by PMR.
> This makes the patch simpler and does not impact any of the existing
> address mapping code.
> 
>   [1]: 
> https://lore.kernel.org/qemu-devel/20200729220107.37758-1-andrzej.jakow...@linux.intel.com/

Klaus,

Series looks good to me.

Reviewed-by: Keith Busch

Re: [PATCH] RFC: sphinx: adopt kernel readthedoc theme

2021-01-19 Thread Bin Meng

On Mon, Nov 16, 2020 at 6:57 PM Marc-André Lureau
 wrote:
>
> Hi,
>
> On Thu, Nov 5, 2020 at 8:03 PM  wrote:
> >
> > From: Marc-André Lureau 
> >
> > The default "alabaster" sphinx theme has a couple shortcomings:
> > - the navbar moves along the page
> > - the search bar is not always at the same place
> > - it lacks some contrast and colours
> >
> > The "rtd" theme from readthedocs.org is a popular third party theme used
> > notably by the kernel, with a custom style sheet. I like it better,
> > perhaps others do too. It also has features that may come handy, such as
> > "Edit on Gitlab".
> >
> > Tweak the nav header background to match qemu.org style, use the
> > QEMU logo, and favicon.
> >
> > The html_theme_options['description'] workaround doesn't seem necessary.
> >
> > Signed-off-by: Marc-André Lureau 
> > ---
> >  docs/conf.py   |  36 +++
> >  docs/devel/conf.py |   4 -
> >  docs/interop/conf.py   |   4 -
> >  docs/specs/conf.py |   5 -
> >  docs/sphinx-static/theme_overrides.css | 137 +
> >  docs/system/conf.py|   4 -
> >  docs/tools/conf.py |   5 -
> >  docs/user/conf.py  |   4 -
> >  8 files changed, 155 insertions(+), 44 deletions(-)
> >  create mode 100644 docs/sphinx-static/theme_overrides.css
> >
>
> Am I the only one finding the default sphinx theme inferior to rtd ?

Of course not!

This patch does not apply on top of current HEAD. Could you please rebase?

Regards,
Bin

Re: [PATCH v2 13/22] tcg/i386: Split out constraint sets to tcg-target-con-set.h

2021-01-19 Thread Richard Henderson

On 1/19/21 5:27 AM, Peter Maydell wrote:
> On Fri, 15 Jan 2021 at 21:20, Richard Henderson
>  wrote:
>>
>> This exports the constraint sets from tcg_target_op_def to
>> a place we will be able to manipulate more in future.
>>
>> Signed-off-by: Richard Henderson 
>> ---
>>  tcg/i386/tcg-target-con-set.h |  54 ++
>>  tcg/i386/tcg-target.h |   1 +
>>  tcg/tcg.c | 122 +
>>  tcg/i386/tcg-target.c.inc | 194 --
>>  4 files changed, 244 insertions(+), 127 deletions(-)
>>  create mode 100644 tcg/i386/tcg-target-con-set.h
> 
>> +#define C_O2_I1(O1, O2, I1) C_PFX3(c_o2_i1_, O1, O2, I1),
>> +#define C_O2_I2(O1, O2, I1, I2) C_PFX4(c_o2_i2_, O1, O2, I1, I2),
>> +#define C_O2_I3(O1, O2, I1, I2, I3) C_PFX5(c_o2_i3_, O1, O2, I1, I2, 
>> I3),
>> +#define C_O2_I4(O1, O2, I1, I2, I3, I4) \
>> +C_PFX6(c_o2_i4_, O1, O2, I1, I2, I3, I4),
> 
> Personally this is the kind of code where I would follow
> CODING_STYLE.rst's suggestion of "If wrapping the line at 80
> columns is obviously less readable and more awkward, prefer not
> to wrap it; better to have an 85 character line than one which
> is awkwardly wrapped.". The parallelism between the lines
> is much easier to see without the linebreak.

The maximum within this section is column 92.
Still ok with that?

> I know the macro magic should make it impossible, but maybe
> we should have an assert that we definitely have a valid
> array index here ?

Ok.

>>  case INDEX_op_andc_i32:
>>  case INDEX_op_andc_i64:
>> -{
>> -static const TCGTargetOpDef andc
>> -= { .args_ct_str = { "r", "r", "rI" } };
>> -return &andc;
>> -}
>> -break;
>> +return C_O1_I2(r, 0, rI);
> 
> Old constraint was r r rI; new one is r 0 rI  ?

Oops, good catch.  And of course the error would have worked in testing.


r~

[PATCH] roms/opensbi: Upgrade from v0.8 to v0.9

2021-01-19 Thread Bin Meng

From: Bin Meng 

Upgrade OpenSBI from v0.8 to v0.9 and the pre-built bios images.

The v0.9 release includes the following commits:

35bc810 docs/platform: Update QEMU parameter for fw_payload
78afe11 config.mk: Update QEMU run command for generic and sifive fu540 
platforms
ec3e5b1 docs/platform: sifive_fu540: Update U-Boot instructions
7d61a68 README.md: fix markdown link formatting
a5f9104 lib/utils: fdt: Update FDT expand size to 1024 for reserved memory node
ec1abf6 include: sbi_bitops: Remove dead shift assignment in ffs/fls
8e47649 lib: Add sbi_strncmp implementation
2845d2d lib: utils: Add a macro in libfdt_env.h for strncmp
2cfd2fc lib: utils: Use strncmp in fdt_parse_hart_id()
937caee lib: sbi_misaligned_ldst: Determine transformed instruction length 
correctly
4b18a2a firmware: fw_base: Improve exception stack setup in trap handler
9d56961 lib: sbi_trap: Fix hstatus.SPVP update in sbi_trap_redirect()
d7f87d9 platform: kendryte/k210: fixup FDT
e435ba0 lib: sbi_init: Avoid thundering hurd problem with coldboot_lock
4f3bad6 lib: sbi: Handle the case where MTVAL has illegal instruction address
7b0b289 lib: sbi: Remove redundant SBI_HART_HAS_PMP feature
74d1db7 lib: sbi: Improve PMP CSR detection and progamming
2c341f7 lib: sbi: Detect and print MHPM counters at boot-time
162d453 include: sbi: Few cosmetic changes in riscv_encoding.h
ebc8ebc lib: sbi: Improve HPM CSR read/write emulation
dcb10c0 lib: sbi: Don't handle VS-mode ecall in sbi_trap_handler()
bef63d6 include: Rename ECALL defines to match latest RISC-V spec
c1c7c3e lib: sbi_trap: Allow M-mode to M-mode ECALLs
6734304 lib: sbi: Allow specifying start mode to sbi_hsm_hart_start() API
7ccf6bf lib: sbi: Allow specifying mode in sbi_hart_pmp_check_addr() API
9f935a4 lib: utils: Improve fdt_cpu_fixup() implementation
172fa16 lib: sbi: Ensure coldboot HART supports next privilege mode
aaeca7e platform: generic: Don't mark non-MMU HARTs as invalid
7701ea1 lib: sbi: Fix PMP CSR detection
79bf80b lib: sbi_scratch: typo scatch
a04c465 makefile: fix clean directive
af4b50f Makefile: Build ELF, BIN and LD script in platform build directory
6ca0969 firmware: Add common FW_FDT_PATH compile-time option
9c07c51 firmware: Remove FW_PAYLOAD_FDT_PATH compile-time option
e9a4bfb Makefile: Allow padding zeros when converting DTB to C source
a0f2d4a platform: kendryte/k210: Add some padding for FDT fixups
dbeeacb include: sbi: Remove redundant includes from sbi_platform.h
a12d46a include: sbi: Remove pmp_region callbacks from sbi_platform_operations
a126886 lib: sbi: Configure PMP late in coldboot and warmboot path
f81d6f6 lib: sbi: Remove redundant hartid parameter from sbi_hart_init()
8b65005 include: sbi: Make hartmask pointer const in sbi_hartmask_test_hart()
b1678af lib: sbi: Add initial domain support
e73b92d lib: sbi: Extend sbi_hsm_hart_started_mask() for domains
3a30d2c lib: sbi: Extend sbi_hsm_hart_start() for domains
530e95b lib: sbi: Optimize sbi_hsm_hart_started_mask() implementation
3e20037 lib: sbi: Extend sbi_system_reset() for domains
5edbb7c lib: utils: Update fdt_reserved_memory_fixup() to use current domain
5fd99db lib: utils: Update fdt_cpu_fixup() to use current domain
e856462 lib: sbi: Remove redundant sbi_hart_pmp_xyz() functions
c10c30b lib: sbi: Configure PMP based on domain memory regions
c347408 lib: sbi: Display domain details in boot prints
fdf5d5c docs: Add initial documentation for domain support
74c0ea1 lib: utils: Implement "ranges" property parsing
bf21632 lib: sbi: Detect PMP granularity and number of address bits
a809f40 lib: sbi: Improve boot time print with additional PMP information
914f81f Makefile: Add option to use toolchain default ABI and ISA string
48616b3 lib: sbi: Improve boot prints in cold boot sequence
781cafd docs: fix a typo error
54a7734 include: sbi: Add SBI SRST extension related defines
c4acc60 include: sbi: Remove opensbi specific reset type defines
da07479 platform: Remove dummy system reset functions
5c429ae lib: sbi: Improve system reset platform operations
548d03e lib: sbi: Implement System Reset (SRST) SBI extension
2677324 firmware: fw_base: Optimize trap handler for RV32 systems
8d2edc4 lib: sbi: Fix sbi_hart_switch_mode() for u-mode
3d921fa lib: sbi: Fix typo in sbi_domain_finalize()
4e37022 lib: sbi: Fix domain_count check in sbi_domain_finalize()
c709d40 lib: sbi: Auto start domain only if boot HART within limits
c1f6d89 include: sbi: Use lower bits for domain memory region permissions
62ea4f4 lib: sbi: Override domain boot HART when coldboot HART assigned to it
555e737 lib: sbi: Add error prints in sbi_domain_finalize()
9b65dca include: sbi: Add domains_init() platform operation
c0d2baa docs: Add domain device tree binding documentation
ba741ea lib: utils: Add helper routines to populate domains from FDT
4fffb53 platform: generic: Populate domains from FDT
e7da0b4 lib: utils/libfdt: Upgrade to v1.6.0 release
2179777 lib: utils: Allow FDT domain iteration functions to fail
7baccfc lib: sbi: Add

Re: [PATCH 0/5] tcg: Dynamically allocate temporaries

2021-01-19 Thread Philippe Mathieu-Daudé

On 1/20/21 12:06 AM, BALATON Zoltan wrote:
> On Tue, 19 Jan 2021, Richard Henderson wrote:
>> My recent change for caching tcg constants has, in a number of cases,
>> overflowed the statically allocated array of temporaries.  Change to
>> dynamic allocation.
> 
> This seems to work for me so
> 
> Tested-by: BALATON Zoltan 
> 
> but have you done any performance tests to check that this actually
> improves emulation speed? To mee it seems slower. Booting AmigaOS on
> sam460ex with c0dd6654f207 (just before your TCG series) takes:
> 
> real    0m33.829s
> user    0m34.432s
> sys    0m0.296s
> 
> but on HEAD with this series:
> 
> real    0m44.381s
> user    0m46.058s
> sys    0m0.532s
> 
> This is noticable decrease in speed also without measuring it. With just
> increasing the TCG_MAX_TEMPS to 2048 on 7c79721606be without this series
> I get:
> 
> real    0m42.681s
> user    0m44.208s
> sys    0m0.435s
> 
> So the performance regression is somewhere in the original series not in
> this fix up series.

Cc'ing Lukas for the performance part, as he is investigating
how to catch such regressions.

>> I'll note that nothing in check-acceptance triggers this overflow.
>> Anyone care to add some more test cases there?
> 
> The proposed test for the upcoming pegasos2 machine may also catch this
> (when that will be merged, its dependencies are still under review)

What are your running on pegasos2?

> or
> the sam460ex test that currently only checks the firmware could be
> enhanced to try to boot AROS if somebody wants to do that. The drawback
> is that it needs an external iso whereas the current test doesn't need
> any additional images but it did not catch problems with IRQ and neither
> this problem with TCG temps.

So this other option is not very useful, right?

Re: [PATCH v2 11/22] tcg/sparc: Split out target constraints to tcg-target-con-str.h

2021-01-19 Thread Richard Henderson

On 1/19/21 4:58 AM, Peter Maydell wrote:
> On Fri, 15 Jan 2021 at 21:14, Richard Henderson
>  wrote:
>>
>> Signed-off-by: Richard Henderson 
>> ---
>>  tcg/sparc/tcg-target-con-str.h | 22 +
>>  tcg/sparc/tcg-target.h |  5 +---
>>  tcg/sparc/tcg-target.c.inc | 45 +-
>>  3 files changed, 29 insertions(+), 43 deletions(-)
>>  create mode 100644 tcg/sparc/tcg-target-con-str.h
>>
>> diff --git a/tcg/sparc/tcg-target-con-str.h b/tcg/sparc/tcg-target-con-str.h
>> new file mode 100644
>> index 00..6dc5b95f33
>> --- /dev/null
>> +++ b/tcg/sparc/tcg-target-con-str.h
>> @@ -0,0 +1,22 @@
>> +/* SPDX-License-Identifier: MIT */
>> +/*
>> + * Define Sparc target-specific operand constraints.
>> + * Copyright (c) 2021 Linaro
>> + */
>> +
>> +/*
>> + * Define constraint letters for register sets:
>> + * REGS(letter, register_mask)
>> + */
>> +REGS('r', 0x)
>> +REGS('R', ALL_64)
>> +REGS('s', 0x & ~RESERVE_QLDST)
>> +REGS('S', ALL_64 & ~RESERVE_QLDST)
> 
> As with s390, I think an ALL_GENERAL_REGS constant would help here.
> 
> 
>> +
>> +/*
>> + * Define constraint letters for constants:
>> + * CONST(letter, TCG_CT_CONST_* bit set)
>> + */
>> +CONST('I', TCG_CT_CONST_S11)
>> +CONST('J', TCG_CT_CONST_S13)
>> +CONST('Z', TCG_CT_CONST_ZERO)
> 
> 
>> -static const char *target_parse_constraint(TCGArgConstraint *ct,
>> -   const char *ct_str, TCGType type)
>> -{
>> -switch (*ct_str++) {
>> -case 'r':
>> -ct->regs = 0x;
>> -break;
>> -case 'R':
>> -ct->regs = ALL_64;
>> -break;
>> -case 'A': /* qemu_ld/st address constraint */
>> -ct->regs = TARGET_LONG_BITS == 64 ? ALL_64 : 0x;
>> -reserve_helpers:
>> -tcg_regset_reset_reg(ct->regs, TCG_REG_O0);
>> -tcg_regset_reset_reg(ct->regs, TCG_REG_O1);
>> -tcg_regset_reset_reg(ct->regs, TCG_REG_O2);
>> -break;
> 
> The "A" constraint seems to have vanished in the conversion...

Argh.  Something that would have been found eventually, but I really want to
turn into a build-time error.


r~

Re: [RFC PATCH 2/2] hw/usb/dev-uas: Report command additional adb length as unsupported

2021-01-19 Thread Philippe Mathieu-Daudé

On 1/18/21 6:03 PM, Philippe Mathieu-Daudé wrote:
> We are not ready to handle additional CDB data.
> 
> If a guest send a packet with such additional data,
> report the command parameter as not supported.
> 
> We can then explicit there is nothing in this additional
> buffer, by fixing its size to zero.
> 
> This fixes an error when building with Clang 11:
> 
>   usb/dev-uas.c:157:31: error: field 'status' with variable sized type 
> 'uas_iu' not at the end of a struct or class is a GNU extension 
> [-Werror,-Wgnu-variable-sized-type-not-at-end]
>   uas_iustatus;
> ^
> 
> Reported-by: Daniele Buono 

TBH this should be (chronological order):
Reported-by: Ed Maste 
Reported-by: Daniele Buono 
Reported-by: Han Han 

> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> Cc: Ed Maste 
> Cc: Han Han 
> Cc: Marc-André Lureau 
> Cc: Paolo Bonzini 
> Cc: Gustavo A. R. Silva 
> ---
>  hw/usb/dev-uas.c | 12 +++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c
> index cec071d96c4..b6434ad4b9c 100644
> --- a/hw/usb/dev-uas.c
> +++ b/hw/usb/dev-uas.c
> @@ -16,6 +16,7 @@
>  #include "qemu/error-report.h"
>  #include "qemu/main-loop.h"
>  #include "qemu/module.h"
> +#include "qemu/log.h"
>  
>  #include "hw/usb.h"
>  #include "migration/vmstate.h"
> @@ -70,7 +71,7 @@ typedef struct {
>  uint8_treserved_2;
>  uint64_t   lun;
>  uint8_tcdb[16];
> -uint8_tadd_cdb[];
> +uint8_tadd_cdb[0];  /* not supported by QEMU */
>  } QEMU_PACKED  uas_iu_command;
>  
>  typedef struct {
> @@ -700,6 +701,11 @@ static void usb_uas_command(UASDevice *uas, uas_iu *iu)
>  uint32_t len;
>  uint16_t tag = be16_to_cpu(iu->hdr.tag);
>  
> +if (iu->command.add_cdb_length > 0) {
> +qemu_log_mask(LOG_UNIMP, "additional adb length not yet 
> supported\n");
> +goto unsupported_len;
> +}
> +
>  if (uas_using_streams(uas) && tag > UAS_MAX_STREAMS) {
>  goto invalid_tag;
>  }
> @@ -735,6 +741,10 @@ static void usb_uas_command(UASDevice *uas, uas_iu *iu)
>  }
>  return;
>  
> +unsupported_len:
> +usb_uas_queue_fake_sense(uas, tag, sense_code_INVALID_PARAM_VALUE);
> +return;
> +
>  invalid_tag:
>  usb_uas_queue_fake_sense(uas, tag, sense_code_INVALID_TAG);
>  return;
>

Re: [PATCH] usb: Fix clang build

2021-01-19 Thread Philippe Mathieu-Daudé

On 1/20/21 12:20 AM, Philippe Mathieu-Daudé wrote:
> Hi Eric,
> 
> On 1/20/21 12:07 AM, Eric Blake wrote:
>> ../hw/usb/dev-uas.c:157:31: error: field 'status' with variable sized type 
>> 'uas_iu' not at the end of a struct or class is a GNU extension 
>> [-Werror,-Wgnu-variable-sized-type-not-at-end]
>> uas_iustatus;
>>   ^
>>
>> Fix this by specifying a size for the add_cdb member; and at present,
>> the code does not actually use that field other than for the size
>> chosen for the packed uas_iu_command struct, and the choice of one
>> byte does not change the size of the uas_iu union.
> 
> I sent a maybe safer approach (from the bus PoV):
> https://www.mail-archive.com/qemu-block@nongnu.org/msg79192.html
> 
> Do you mind reviewing it?
> 
>>
>> Signed-off-by: Eric Blake 
>> ---
>>
>> I'm not sure why none of our CI tools pick up this particular clang
>> build failure; I hit it on Fedora 33 when configuring to build the
>> entire tree with clang.

BTW first report is from 28 Sep 2020 (Ed):
https://www.mail-archive.com/qemu-devel@nongnu.org/msg745525.html

Then on 23 Oct 2020 (Daniele):
https://www.mail-archive.com/qemu-devel@nongnu.org/msg753674.html

Then on 10 Nov 2020 (Han):
https://www.mail-archive.com/qemu-devel@nongnu.org/msg759108.html

> Same issue after upgrading to f33. I sent a patch to bump our CI:
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg774117.html
> 
> To track Fedora releases I was thinking about a gitlab job checking
> if we are using the latest, else failing; smth as:
> 
>  $ curl https://getfedora.org/ | grep -q 'Fedora 33 released'
>

Re: [PATCH] usb: Fix clang build

2021-01-19 Thread Philippe Mathieu-Daudé

Hi Eric,

On 1/20/21 12:07 AM, Eric Blake wrote:
> ../hw/usb/dev-uas.c:157:31: error: field 'status' with variable sized type 
> 'uas_iu' not at the end of a struct or class is a GNU extension 
> [-Werror,-Wgnu-variable-sized-type-not-at-end]
> uas_iustatus;
>   ^
> 
> Fix this by specifying a size for the add_cdb member; and at present,
> the code does not actually use that field other than for the size
> chosen for the packed uas_iu_command struct, and the choice of one
> byte does not change the size of the uas_iu union.

I sent a maybe safer approach (from the bus PoV):
https://www.mail-archive.com/qemu-block@nongnu.org/msg79192.html

Do you mind reviewing it?

> 
> Signed-off-by: Eric Blake 
> ---
> 
> I'm not sure why none of our CI tools pick up this particular clang
> build failure; I hit it on Fedora 33 when configuring to build the
> entire tree with clang.

Same issue after upgrading to f33. I sent a patch to bump our CI:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg774117.html

To track Fedora releases I was thinking about a gitlab job checking
if we are using the latest, else failing; smth as:

 $ curl https://getfedora.org/ | grep -q 'Fedora 33 released'

[PATCH] usb: Fix clang build

2021-01-19 Thread Eric Blake

../hw/usb/dev-uas.c:157:31: error: field 'status' with variable sized type 
'uas_iu' not at the end of a struct or class is a GNU extension 
[-Werror,-Wgnu-variable-sized-type-not-at-end]
uas_iustatus;
  ^

Fix this by specifying a size for the add_cdb member; and at present,
the code does not actually use that field other than for the size
chosen for the packed uas_iu_command struct, and the choice of one
byte does not change the size of the uas_iu union.

Signed-off-by: Eric Blake 
---

I'm not sure why none of our CI tools pick up this particular clang
build failure; I hit it on Fedora 33 when configuring to build the
entire tree with clang.

 hw/usb/dev-uas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c
index cec071d96c49..904d6ffa2938 100644
--- a/hw/usb/dev-uas.c
+++ b/hw/usb/dev-uas.c
@@ -70,7 +70,7 @@ typedef struct {
 uint8_treserved_2;
 uint64_t   lun;
 uint8_tcdb[16];
-uint8_tadd_cdb[];
+uint8_tadd_cdb[1];
 } QEMU_PACKED  uas_iu_command;

 typedef struct {
-- 
2.30.0

Re: [PATCH 0/5] tcg: Dynamically allocate temporaries

2021-01-19 Thread BALATON Zoltan


On Tue, 19 Jan 2021, Richard Henderson wrote:

My recent change for caching tcg constants has, in a number of cases,
overflowed the statically allocated array of temporaries.  Change to
dynamic allocation.


This seems to work for me so

Tested-by: BALATON Zoltan 

but have you done any performance tests to check that this actually 
improves emulation speed? To mee it seems slower. Booting AmigaOS on 
sam460ex with c0dd6654f207 (just before your TCG series) takes:


real0m33.829s
user0m34.432s
sys 0m0.296s

but on HEAD with this series:

real0m44.381s
user0m46.058s
sys 0m0.532s

This is noticable decrease in speed also without measuring it. With just 
increasing the TCG_MAX_TEMPS to 2048 on 7c79721606be without this series I 
get:


real0m42.681s
user0m44.208s
sys 0m0.435s

So the performance regression is somewhere in the original series not in 
this fix up series.



I'll note that nothing in check-acceptance triggers this overflow.
Anyone care to add some more test cases there?


The proposed test for the upcoming pegasos2 machine may also catch this 
(when that will be merged, its dependencies are still under review) or the 
sam460ex test that currently only checks the firmware could be enhanced to 
try to boot AROS if somebody wants to do that. The drawback is that it 
needs an external iso whereas the current test doesn't need any additional 
images but it did not catch problems with IRQ and neither this problem 
with TCG temps. This problem was also found with riscv and mips I think 
but don't know if those would be easier to test.


Regards,
BALATON Zoltan

Re: [PATCH v2 09/22] tcg/riscv: Split out target constraints to tcg-target-con-str.h

2021-01-19 Thread Richard Henderson

On 1/15/21 12:13 PM, Alistair Francis wrote:
>> +#define ALL_GENERAL_REGS  0xu
>> +#ifdef CONFIG_SOFTMMU
>> +#define ALL_QLDST_REGS \
>> +(ALL_GENERAL_REGS & ~((1 << TCG_REG_A0) | (1 << TCG_REG_A1) | \
>> +  (1 << TCG_REG_A2) | (1 << TCG_REG_A3) | \
>> +  (1 << TCG_REG_A5)))
> 
> Why is this not TCG_REG_A4?

I've changed this to

#define ALL_GENERAL_REGS  MAKE_64BIT_MASK(0, 32)
/*
 * For softmmu, we need to avoid conflicts with the first 5
 * argument registers to call the helper.  Some of these are
 * also used for the tlb lookup.
 */
#ifdef CONFIG_SOFTMMU
#define SOFTMMU_RESERVE_REGS  MAKE_64BIT_MASK(TCG_REG_A0, 5)
#else
#define SOFTMMU_RESERVE_REGS  0
#endif

r~

Re: [PATCH v2 08/22] tcg/mips: Split out target constraints to tcg-target-con-str.h

2021-01-19 Thread Richard Henderson

On 1/19/21 4:50 AM, Peter Maydell wrote:
> On Fri, 15 Jan 2021 at 21:14, Richard Henderson
>  wrote:
>>
>> Signed-off-by: Richard Henderson 
>> ---
>>  tcg/mips/tcg-target-con-str.h | 24 
>>  tcg/mips/tcg-target.h |  1 +
>>  tcg/mips/tcg-target.c.inc | 72 ---
>>  3 files changed, 41 insertions(+), 56 deletions(-)
>>  create mode 100644 tcg/mips/tcg-target-con-str.h
> 
>> -case 'Z':
>> -/* We are cheating a bit here, using the fact that the register
>> -   ZERO is also the register number 0. Hence there is no need
>> -   to check for const_args in each instruction. */
>> -ct->ct |= TCG_CT_CONST_ZERO;
> 
> This comment seems like it's worth retaining somewhere.

I moved it to the start of tcg_out_op, which is where we do the operand
checking, and therefore perhaps more usefully placed.


r~

Re: [PATCH] RFC: sphinx: adopt kernel readthedoc theme

2021-01-19 Thread John Snow


On 11/16/20 5:56 AM, Marc-André Lureau wrote:

Hi,

On Thu, Nov 5, 2020 at 8:03 PM  wrote:


From: Marc-André Lureau 

The default "alabaster" sphinx theme has a couple shortcomings:
- the navbar moves along the page
- the search bar is not always at the same place
- it lacks some contrast and colours

The "rtd" theme from readthedocs.org is a popular third party theme used
notably by the kernel, with a custom style sheet. I like it better,
perhaps others do too. It also has features that may come handy, such as
"Edit on Gitlab".

Tweak the nav header background to match qemu.org style, use the
QEMU logo, and favicon.

The html_theme_options['description'] workaround doesn't seem necessary.

Signed-off-by: Marc-André Lureau 
---
  docs/conf.py   |  36 +++
  docs/devel/conf.py |   4 -
  docs/interop/conf.py   |   4 -
  docs/specs/conf.py |   5 -
  docs/sphinx-static/theme_overrides.css | 137 +
  docs/system/conf.py|   4 -
  docs/tools/conf.py |   5 -
  docs/user/conf.py  |   4 -
  8 files changed, 155 insertions(+), 44 deletions(-)
  create mode 100644 docs/sphinx-static/theme_overrides.css



Am I the only one finding the default sphinx theme inferior to rtd ?

thanks




Probably not, but do you have some screenshots or examples of before/after?

--js

Re: [PATCH v2] target/i386/hvf: add vmware-cpuid-freq cpu feature

2021-01-19 Thread dirty--- via




> On Jan 14, 2021, at 11:47 AM, yaroshchuk2...@gmail.com wrote:
> 
> From: Vladislav Yaroshchuk 
> 
> For `-accel hvf` cpu_x86_cpuid() is wrapped with hvf_cpu_x86_cpuid() to
> add paravirtualization cpuid leaf 0x4010
> https://lkml.org/lkml/2008/10/1/246
> 
> Leaf 0x4010, Timing Information:
> EAX: (Virtual) TSC frequency in kHz.
> EBX: (Virtual) Bus (local apic timer) frequency in kHz.
> ECX, EDX: RESERVED (Per above, reserved fields are set to zero).
> 
> On macOS TSC and APIC Bus frequencies can be readed by sysctl call with
> names `machdep.tsc.frequency` and `hw.busfrequency`
> 
> This options is required for Darwin-XNU guest to be synchronized with
> host
> 
> Signed-off-by: Vladislav Yaroshchuk 
> ---
> target/i386/hvf/hvf.c | 90 ++-
> 1 file changed, 89 insertions(+), 1 deletion(-)
> 
> diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
> index ed9356565c..a5daafe202 100644
> --- a/target/i386/hvf/hvf.c
> +++ b/target/i386/hvf/hvf.c
> @@ -65,6 +65,7 @@
> 
> #include 
> #include 
> +#include 
> 
> #include "exec/address-spaces.h"
> #include "hw/i386/apic_internal.h"
> @@ -456,6 +457,48 @@ static void dummy_signal(int sig)
> {
> }
> 
> +static void init_tsc_freq(CPUX86State *env)
> +{
> +size_t length;
> +uint64_t tsc_freq;
> +
> +if (env->tsc_khz != 0) {
> +return;
> +}
> +
> +length = sizeof(uint64_t);
> +if (sysctlbyname("machdep.tsc.frequency", &tsc_freq, &length, NULL, 0)) {
> +return;
> +}
> +env->tsc_khz = tsc_freq / 1000;  /* Hz to KHz */
> +}
> +
> +static void init_apic_bus_freq(CPUX86State *env)
> +{
> +size_t length;
> +uint64_t bus_freq;
> +
> +if (env->apic_bus_freq != 0) {
> +return;
> +}
> +
> +length = sizeof(uint64_t);
> +if (sysctlbyname("hw.busfrequency", &bus_freq, &length, NULL, 0)) {
> +return;
> +}
> +env->apic_bus_freq = bus_freq;
> +}
> +
> +static inline bool tsc_is_known(CPUX86State *env)
> +{
> +return env->tsc_khz != 0;
> +}
> +
> +static inline bool apic_bus_freq_is_known(CPUX86State *env)
> +{
> +return env->apic_bus_freq != 0;
> +}
> +
> int hvf_init_vcpu(CPUState *cpu)
> {
> 
> @@ -480,6 +523,15 @@ int hvf_init_vcpu(CPUState *cpu)
> hvf_state->hvf_caps = g_new0(struct hvf_vcpu_caps, 1);
> env->hvf_mmio_buf = g_new(char, 4096);
> 
> +if (x86cpu->vmware_cpuid_freq) {
> +init_tsc_freq(env);
> +init_apic_bus_freq(env);
> +
> +if (!tsc_is_known(env) || !apic_bus_freq_is_known(env)) {
> +error_report("vmware-cpuid-freq: feature couldn't be enabled");
> +}
> +}
> +
> r = hv_vcpu_create((hv_vcpuid_t *)&cpu->hvf_fd, HV_VCPU_DEFAULT);
> cpu->vcpu_dirty = 1;
> assert_hvf_ok(r);
> @@ -597,6 +649,42 @@ static void hvf_store_events(CPUState *cpu, uint32_t 
> ins_len, uint64_t idtvec_in
> }
> }
> 

We already have hvf/x86_cpuid.c.  Can we put hvf_cpu_x86_cpuid() in there?

> +static void hvf_cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t 
> count,
> +  uint32_t *eax, uint32_t *ebx,
> +  uint32_t *ecx, uint32_t *edx)
> +{
> +/*
> + * A wrapper extends cpu_x86_cpuid with 0x4000 and 0x4010 leafs
> + * Provides vmware-cpuid-freq support to hvf
> + */
> +
> +uint32_t signature[3];
> +
> +if (!tsc_is_known(env) || !apic_bus_freq_is_known(env)) {
> +cpu_x86_cpuid(env, index, count, eax, ebx, ecx, edx);
> +return;
> +}
> +
> +switch (index) {
> +case 0x4000:
> +memcpy(signature, "TCGTCGTCGTCG", 12); /* QEMU Signature */

I agree with Roman, using "HVFHVFHVFHVF" is better.

> +*eax = 0x4010; /* Max available cpuid leaf */
> +*ebx = signature[0];
> +*ecx = signature[1];
> +*edx = signature[2];
> +break;
> +case 0x4010:
> +*eax = env->tsc_khz;
> +*ebx = env->apic_bus_freq / 1000; /* Hz to KHz */
> +*ecx = 0;
> +*edx = 0;
> +break;
> +default:
> +cpu_x86_cpuid(env, index, count, eax, ebx, ecx, edx);
> +break;
> +}
> +}
> +
> int hvf_vcpu_exec(CPUState *cpu)
> {
> X86CPU *x86_cpu = X86_CPU(cpu);
> @@ -734,7 +822,7 @@ int hvf_vcpu_exec(CPUState *cpu)
> uint32_t rcx = (uint32_t)rreg(cpu->hvf_fd, HV_X86_RCX);
> uint32_t rdx = (uint32_t)rreg(cpu->hvf_fd, HV_X86_RDX);
> 
> -cpu_x86_cpuid(env, rax, rcx, &rax, &rbx, &rcx, &rdx);
> +hvf_cpu_x86_cpuid(env, rax, rcx, &rax, &rbx, &rcx, &rdx);
> 
> wreg(cpu->hvf_fd, HV_X86_RAX, rax);
> wreg(cpu->hvf_fd, HV_X86_RBX, rbx);
> -- 
> 2.28.0
> 
> 

Looks good.

Cameron Esfahani
di...@apple.com

Re: [PATCH v4 1/2] drivers/misc: sysgenid: add system generation id driver

2021-01-19 Thread Randy Dunlap

Hi--

On 1/12/21 4:15 AM, Adrian Catangiu wrote:
> - Background and problem
> 

> ---
>  Documentation/misc-devices/sysgenid.rst | 240 +
>  drivers/misc/Kconfig|  16 ++
>  drivers/misc/Makefile   |   1 +
>  drivers/misc/sysgenid.c | 298 
> 
>  include/uapi/linux/sysgenid.h   |  18 ++
>  5 files changed, 573 insertions(+)
>  create mode 100644 Documentation/misc-devices/sysgenid.rst
>  create mode 100644 drivers/misc/sysgenid.c
>  create mode 100644 include/uapi/linux/sysgenid.h
> 
> diff --git a/Documentation/misc-devices/sysgenid.rst 
> b/Documentation/misc-devices/sysgenid.rst
> new file mode 100644
> index 000..0b31ccf
> --- /dev/null
> +++ b/Documentation/misc-devices/sysgenid.rst
> @@ -0,0 +1,240 @@
> +.. SPDX-License-Identifier: GPL-2.0
> +
> +
> +SYSGENID
> +
> +
> +The System Generation ID feature is required in virtualized or
> +containerized environments by applications that work with local copies
> +or caches of world-unique data such as random values, UUIDs,
> +monotonically increasing counters, etc.
> +Such applications can be negatively affected by VM or container
> +snapshotting when the VM or container is either cloned or returned to
> +an earlier point in time.
> +
> +The System Generation ID is a simple concept meant to alleviate the
> +issue by providing a monotonically increasing counter that changes
> +each time the VM or container is restored from a snapshot.
> +The driver for it lives at ``drivers/misc/sysgenid.c``.
> +
> +The ``sysgenid`` driver exposes a monotonic incremental System
> +Generation u32 counter via a char-dev FS interface accessible through
> +``/dev/sysgenid`` that provides sync and async SysGen counter updates

 update

> +notifications. It also provides SysGen counter retrieval and
> +confirmation mechanisms.
> +
> +The counter starts from zero when the driver is initialized and
> +monotonically increments every time the system generation changes.
> +
> +The ``sysgenid`` driver exports the ``void sysgenid_bump_generation()``
> +symbol which can be used by backend drivers to drive system generation
> +changes based on hardware events.
> +System generation changes can also be driven by userspace software
> +through a dedicated driver ioctl.
> +
> +Userspace applications or libraries can (a)synchronously consume the
> +system generation counter through the provided FS interface, to make
> +any necessary internal adjustments following a system generation update.
> +
> +Driver FS interface:
> +
> +``open()``:
> +  When the device is opened, a copy of the current Sys-Gen-Id (counter)
> +  is associated with the open file descriptor. The driver now tracks
> +  this file as an independent *watcher*. The driver tracks how many
> +  watchers are aware of the latest Sys-Gen-Id counter and how many of
> +  them are *outdated*; outdated being those that have lived through
> +  a Sys-Gen-Id change but not yet confirmed the new generation counter.
> +
> +``read()``:
> +  Read is meant to provide the *new* system generation counter when a
> +  generation change takes place. The read operation blocks until the
> +  associated counter is no longer up to date, at which point the new
> +  counter is provided/returned.
> +  Nonblocking ``read()`` uses ``EAGAIN`` to signal that there is no
> +  *new* counter value available. The generation counter is considered
> +  *new* for each open file descriptor that hasn't confirmed the new
> +  value following a generation change. Therefore, once a generation
> +  change takes place, all ``read()`` calls will immediately return the
> +  new generation counter and will continue to do so until the
> +  new value is confirmed back to the driver through ``write()``.
> +  Partial reads are not allowed - read buffer needs to be at least
> +  ``sizeof(unsigned)`` in size.

Please use (unsigned int), not just (unsigned).
(Linux style)

> +
> +``write()``:
> +  Write is used to confirm the up-to-date Sys Gen counter back to the
> +  driver.
> +  Following a VM generation change, all existing watchers are marked
> +  as *outdated*. Each file descriptor will maintain the *outdated*
> +  status until a ``write()`` confirms the up-to-date counter back to
> +  the driver.
> +  Partial writes are not allowed - write buffer should be exactly
> +  ``sizeof(unsigned)`` in size.

ditto.

> +
> +``poll()``:
> +  Poll is implemented to allow polling for generation counter updates.
> +  Such updates result in ``EPOLLIN`` polling status until the new
> +  up-to-date counter is confirmed back to the driver through a
> +  ``write()``.
> +
> +``ioctl()``:
> +  The driver also adds support for tracking count of open file
> +  descriptors that haven't acknowledged a generation counter update,
> +  as well as a mechanism for userspace to *force* a generation update:
> +
> +  -

Re: [PATCH v2 08/22] tcg/mips: Split out target constraints to tcg-target-con-str.h

2021-01-19 Thread Philippe Mathieu-Daudé

On 1/15/21 10:04 PM, Richard Henderson wrote:
> Signed-off-by: Richard Henderson 
> ---
>  tcg/mips/tcg-target-con-str.h | 24 
>  tcg/mips/tcg-target.h |  1 +
>  tcg/mips/tcg-target.c.inc | 72 ---
>  3 files changed, 41 insertions(+), 56 deletions(-)
>  create mode 100644 tcg/mips/tcg-target-con-str.h
> 
> diff --git a/tcg/mips/tcg-target-con-str.h b/tcg/mips/tcg-target-con-str.h
> new file mode 100644
> index 00..e4b2965c72
> --- /dev/null
> +++ b/tcg/mips/tcg-target-con-str.h
> @@ -0,0 +1,24 @@
> +/* SPDX-License-Identifier: MIT */
> +/*
> + * Define MIPS target-specific operand constraints.
> + * Copyright (c) 2021 Linaro
> + */
> +
> +/*
> + * Define constraint letters for register sets:
> + * REGS(letter, register_mask)
> + */
> +REGS('r', ALL_GENERAL_REGS)
> +REGS('L', ALL_QLOAD_REGS)
> +REGS('S', ALL_QSTORE_REGS)
> +
> +/*
> + * Define constraint letters for constants:
> + * CONST(letter, TCG_CT_CONST_* bit set)
> + */
> +CONST('I', TCG_CT_CONST_U16)
> +CONST('J', TCG_CT_CONST_S16)
> +CONST('K', TCG_CT_CONST_P2M1)
> +CONST('N', TCG_CT_CONST_N16)
> +CONST('W', TCG_CT_CONST_WSZ)
> +CONST('Z', TCG_CT_CONST_ZERO)

With the cheating comment Peter requested:
Reviewed-by: Philippe Mathieu-Daudé

Re: [PATCH RFC 1/2] qdev: add debug interface to kick/call eventfd

2021-01-19 Thread Eric Blake

On 1/14/21 6:27 PM, Dongli Zhang wrote:
> The virtio device/driver (e.g., vhost-scsi) may hang due to the lost of IRQ

s/lost/loss/

> or the lost of doorbell register kick, e.g.,

and again

> 
> https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg01711.html
> 
> This patch adds a new debug interface 'DeviceEvent' to DeviceClass to help
> narrow down if the issue is due to lost of irq/kick. So far the new

and again

> interface handles only two events: 'call' and 'kick'. Any device (e.g.,
> e1000e or vhost-scsi) may implement (e.g., via eventfd, MSI-X or legacy
> IRQ).
> 
> The 'call' is to inject irq on purpose by admin for a specific device (e.g.,
> vhost-scsi) from QEMU/host to VM, while the 'kick' is to kick the doorbell
> on purpose by admin at QEMU/host side for a specific device.
> 
> Signed-off-by: Dongli Zhang 
> ---

> +++ b/qapi/qdev.json
> @@ -124,3 +124,33 @@
>  ##
>  { 'event': 'DEVICE_DELETED',
>'data': { '*device': 'str', 'path': 'str' } }
> +
> +##
> +# @x-debug-device-event:
> +#
> +# Generate device event for a specific device queue
> +#
> +# @dev: device path
> +#
> +# @event: event (e.g., kick or call) to trigger
> +#
> +# @queue: queue id
> +#
> +# Returns: Nothing on success
> +#
> +# Since: 5.3

The next release is named 6.0, not 5.3.

> +#
> +# Notes: This is used to debug VM driver hang issue. The 'kick' event is to
> +#send notification to QEMU/vhost while the 'call' event is to
> +#interrupt VM on purpose.
> +#
> +# Example:
> +#
> +# -> { "execute": "x-debug-device_event",
> +#  "arguments": { "dev": "/machine/peripheral/vscsi0", "event": "kick",
> +# "queue": "1" } }

Your example has queue typed as a string...

> +# <- { "return": {} }
> +#
> +##
> +{ 'command': 'x-debug-device-event',
> +  'data': {'dev': 'str', 'event': 'str', 'queue': 'int'} }

...which does not match its actual type as an integer.

event should be an enum type (the finite choice of 'kick' or 'call', and
introspectible if we add new choices in the future) rather than an
open-coded str.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v2 07/22] tcg/tci: Split out target constraints to tcg-target-con-str.h

2021-01-19 Thread Philippe Mathieu-Daudé

On 1/15/21 10:04 PM, Richard Henderson wrote:
> Signed-off-by: Richard Henderson 
> ---
>  tcg/tci/tcg-target-con-str.h | 11 +++
>  tcg/tci/tcg-target.h |  2 ++
>  tcg/tci/tcg-target.c.inc | 14 --
>  3 files changed, 13 insertions(+), 14 deletions(-)
>  create mode 100644 tcg/tci/tcg-target-con-str.h
> 
> diff --git a/tcg/tci/tcg-target-con-str.h b/tcg/tci/tcg-target-con-str.h
> new file mode 100644
> index 00..87c0f19e9c
> --- /dev/null
> +++ b/tcg/tci/tcg-target-con-str.h
> @@ -0,0 +1,11 @@
> +/* SPDX-License-Identifier: MIT */
> +/*
> + * Define TCI target-specific operand constraints.
> + * Copyright (c) 2021 Linaro
> + */
> +
> +/*
> + * Define constraint letters for register sets:
> + * REGS(letter, register_mask)
> + */
> +REGS('r', MAKE_64BIT_MASK(0, TCG_TARGET_NB_REGS))
> diff --git a/tcg/tci/tcg-target.h b/tcg/tci/tcg-target.h
> index bb784e018e..ab832aecc3 100644
> --- a/tcg/tci/tcg-target.h
> +++ b/tcg/tci/tcg-target.h
> @@ -207,4 +207,6 @@ static inline void tb_target_set_jmp_target(uintptr_t 
> tc_ptr, uintptr_t jmp_rx,
>  /* no need to flush icache explicitly */
>  }
>  
> +#define TCG_TARGET_CON_STR_H
> +
>  #endif /* TCG_TARGET_H */
> diff --git a/tcg/tci/tcg-target.c.inc b/tcg/tci/tcg-target.c.inc
> index 9c45f5f88f..c913d85c37 100644
> --- a/tcg/tci/tcg-target.c.inc
> +++ b/tcg/tci/tcg-target.c.inc
> @@ -384,20 +384,6 @@ static bool patch_reloc(tcg_insn_unit *code_ptr, int 
> type,
>  return true;
>  }
>  
> -/* Parse target specific constraints. */
> -static const char *target_parse_constraint(TCGArgConstraint *ct,
> -   const char *ct_str, TCGType type)
> -{
> -switch (*ct_str++) {
> -case 'r':
> -ct->regs = BIT(TCG_TARGET_NB_REGS) - 1;
> -break;

Easy one :)
Reviewed-by: Philippe Mathieu-Daudé 

> -default:
> -return NULL;
> -}
> -return ct_str;
> -}

What are libvhost-user locking requirements

2021-01-19 Thread Vivek Goyal

Hi,

Current virtiofsd code uses libvhost-user and I am assuming virtiofsd-rs
uses it too. I am wondering what are the locking requirements for
this library.

Looking at it it does not look like thread safe. Well parts of of kind
of look thread safe. For example, David Gilbert introduced a slave_mutex
to control reading/writeing on slave_fd. But dev->slave_fd can be modified
vu_set_slave_req_fd() without any locks. Similiarly _vu_queue_notify()
uses dev->slave_fd but  does not take any lock. May be these are just
bugs and we can take slave_mutex in those paths so not a big deal.

But this library does not talk about locking at all. Of course there
are many shared data structures like "struct VuDev" and helpers which
access this structure. Is client supposed to provide locking and
make sure not more than one thread is calling into the library
at one point of time.

But in virtiofsd I see that we seem to be in mixed mode. In some cases
we are holding ->vu_dispatch_rwlock in read-only mode. So that will
allow multipler threads to call into library for one queue.

In other places like lo_setupmapping() and lo_removemapping(), we are
not holding ->vu_dispatch_rwlock() at all and simply call into
library vu_fs_cache_request(VHOST_USER_SLAVE_FS_MAP/...). So multiple
threads can call in. I think precisely for this use case dev->slave_mutex
has been introduced in library.

So few queries.

- what's the locking model needed to use libvhost-user. Is there one? 

- Is it ok to selectively add locking for some data structures in
  libvhost-user. As slave_mutex has been added. So user will have to
  go through the code to figure out which paths can be called without
  locks and which paths can't be.

/me is confused and trying to wrap my head around the locking requirements
while using libvhost-user.

Vivek

Re: [PATCH 1/2] qemu/compiler: Split out qemu_build_not_reached_always

2021-01-19 Thread Philippe Mathieu-Daudé

On 1/19/21 7:55 PM, Richard Henderson wrote:
> Provide a symbol that can always be used to signal an error,
> regardless of optimization.  Usage of this should be protected
> by e.g. __builtin_constant_p, which guards for optimization.
> 
> Signed-off-by: Richard Henderson 
> ---
>  include/qemu/compiler.h | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé

Re: [PATCH RFC 0/2] Add debug interface to kick/call on purpose

2021-01-19 Thread Dongli Zhang




On 1/18/21 8:59 AM, Dr. David Alan Gilbert wrote:
> * Daniel P. BerrangÃ© (berra...@redhat.com) wrote:
>> On Thu, Jan 14, 2021 at 04:27:28PM -0800, Dongli Zhang wrote:
>>> The virtio device/driver (e.g., vhost-scsi and indeed any device including
>>> e1000e) may hang due to the lost of IRQ or the lost of doorbell register
>>> kick, e.g.,
>>>
>>> https://urldefense.com/v3/__https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg01711.html__;!!GqivPVa7Brio!K_zaQzJhlvPjRZe9efEtyX8vB6fMlKQeNy_RGz7oPp9k76pC8zarG1nSs1SFSL2xI1g$
>>>  
>>>
>>> The virtio-net was in trouble in above link because the 'kick' was not
>>> taking effect (missed).
>>>
>>> This RFC adds a new debug interface 'DeviceEvent' to DeviceClass to help
>>> narrow down if the issue is due to lost of irq/kick. So far the new
>>> interface handles only two events: 'call' and 'kick'. Any device (e.g.,
>>> e1000e or vhost-scsi) may implement (e.g., via eventfd, MSI-X or legacy
>>> IRQ).
>>>
>>> The 'call' is to inject irq on purpose by admin for a specific device (e.g.,
>>> vhost-scsi) from QEMU/host to VM, while the 'kick' is to kick the doorbell
>>> on purpose by admin at QEMU/host side for a specific device.
>>
>> I'm really not convinced that we want to give admins the direct ability to
>> poke at internals of devices in a running QEMU. It feels like there is way
>> too much potential for the admin to make a situation far worse by doing
>> the wrong thing here,
> 
> We already do have commands to write to an iport, and to inject MCEs for
> example; is this that much different?
> 
>> and people dealing with support tickets will have
>> no idea that the admin has been poking internals of the device and broken
>> it by doing something wrong.
> 
> You could add a one time log entry to say that this mischeivous command
> had been used.
> 
>> You pointed to bug that hit where this could conceivably be useful, but
>> that's a one time issue and should not a common occurrance that justifies
>> making an official public API to poke at devices forever more IMHO.
> 
> I think where it might be practically useful is if you were debugging a
> hung customers VM and need to find a way to get it to move again.
> THat's something I'm not familiar with on the virtio side;
> mst - is this useful from a virtio side?

BTW, the linux kernel blk-mq has similar idea/interface. To run the below will
be able to 'run' the block IO queue on purpose.

echo "kick" > /sys/kernel/debug/block/sda/state

It is helpful for diagnostic if we assume the IO stall is due to an unknown race
that a 'run' of queue is missing.

Dongli Zhang

> 
> Dave
> 
>> Regards,
>> Daniel
>> --

Re: [PATCH v1 1/1] riscv: Pass RISCVHartArrayState by pointer

2021-01-19 Thread Eric Blake

On 1/17/21 10:52 AM, Philippe Mathieu-Daudé wrote:
> On 1/16/21 11:38 PM, Alistair Francis wrote:
>> On Sat, Jan 16, 2021 at 2:32 PM Philippe Mathieu-Daudé  
>> wrote:
>>>
>>> On 1/16/21 12:00 AM, Alistair Francis wrote:
 We were accidently passing RISCVHartArrayState by value instead of

accidentally

 pointer. The type is 824 bytes long so let's correct that and pass it by
 pointer instead.

 -bool riscv_is_32bit(RISCVHartArrayState harts)
 +bool riscv_is_32bit(RISCVHartArrayState *harts)

Definitely better,

  {
 -RISCVCPU hart = harts.harts[0];
 +RISCVCPU hart = harts->harts[0];

but yeah, this still results in a copy (unless the compiler optimizes it).

>>>
>>> This doesn't look improved. Maybe you want:
>>>
>>>return riscv_cpu_is_32bit(&harts->harts[0].env);

Whereas this is obviously a pointer into the original without relying on
the compiler to elide a copy.

>>
>> I suspect this ends up generating the same code.
> 
> If the compiler is smart enough, but I'm not sure it can figure out
> only 1 element from the structure is accessed...
> My understanding is "first copy the content pointed at '*harts' in
> 'hart' on the stack", then only use "env".
> 
> Cc'ing Eric/Richard to double check.

I agree that relying on the compiler optimization is not as
straightforward as writing the code to directly access the correct
pointer from the get-go.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PULL 16/45] vl: Add option to avoid stopping VM upon guest panic

2021-01-19 Thread Peter Maydell

On Tue, 15 Dec 2020 at 18:11, Paolo Bonzini  wrote:
>
> From: Alejandro Jimenez 
>
> The current default action of pausing a guest after a panic event
> is received leaves the responsibility to resume guest execution to the
> management layer. The reasons for this behavior are discussed here:
> https://lore.kernel.org/qemu-devel/52148f88.5000...@redhat.com/
>
> However, in instances like the case of older guests (Linux and
> Windows) using a pvpanic device but missing support for the
> PVPANIC_CRASHLOADED event, and Windows guests using the hv-crash
> enlightenment, it is desirable to allow the guests to continue
> running after sending a PVPANIC_PANICKED event. This allows such
> guests to proceed to capture a crash dump and automatically reboot
> without intervention of a management layer.
>
> Add an option to avoid stopping a VM after a panic event is received,
> by passing:
>
> -action panic=none
>
> in the command line arguments, or during runtime by using an upcoming
> QMP command.

Hi. This commit message doesn't say it's changing the default
action, but the change does:

> @@ -3899,6 +3899,8 @@ DEF("action", HAS_ARG, QEMU_OPTION_action,
>  "   action when guest reboots [default=none]\n"
>  "-action shutdown=poweroff|pause\n"
>  "   action when guest shuts down [default=poweroff]\n"
> +"-action panic=poweroff|pause|none\n"
> +"   action when guest panics [default=poweroff]\n"
>  "-action watchdog=reset|shutdown|poweroff|inject-nmi|pause|debug|none\n"
>  "   action when watchdog fires [default=reset]\n",
>  QEMU_ARCH_ALL)

>  RebootAction reboot_action = REBOOT_ACTION_NONE;
>  ShutdownAction shutdown_action = SHUTDOWN_ACTION_POWEROFF;
> +PanicAction panic_action = PANIC_ACTION_POWEROFF;

We used to default to 'pause' and now we default to 'poweroff'.

We noticed this because it broke an in-flight test case for
the pvpanic-pci device from Mihai (which was expecting to see
the device in 'pause' state and found it was now in 'poweroff').
Test cases aren't very exciting, but was it really intentional
to change the default behaviour? It's part of the user-facing
surface of QEMU, so if we did intend a default change that ought
really to be more clearly stated (and noted in the Changelog) I think.

thanks
-- PMM

Re: [PATCH v11 5/5] migration: introduce 'userfaultfd-wrlat.py' script

2021-01-19 Thread Peter Xu

On Wed, Jan 06, 2021 at 06:21:20PM +0300, Andrey Gruzdev wrote:
> Add BCC/eBPF script to analyze userfaultfd write fault latency distribution.
> 
> Signed-off-by: Andrey Gruzdev 
> Acked-by: Peter Xu 

(This seems to be the last patch that lacks a r-b ... Let's see whether I could
 convert my a-b into an r-b... :)

> +BPF_HASH(ev_start, struct ev_desc, u64);
> +BPF_HASH(ctx_handle_userfault, u64, u64);

IMHO we only need one hash here instead of two:

  BPF_HASH(ev_start, u32, u64);

Where we use the tid as the key (u32), and timestamp as the value (u64).  The
thing is we don't really need the address for current statistics, IMHO.

> +/* KPROBE for handle_userfault(). */
> +int probe_handle_userfault(struct pt_regs *ctx, struct vm_fault *vmf,
> +unsigned long reason)
> +{
> +/* Trace only UFFD write faults. */
> +if (reason & VM_UFFD_WP) {

Better with comment:

   /* Using "(u32)" to drop group ID which is upper 32 bits */

If even better, we'd want a get_current_tid() helper and call it here and below
(bpf_get_current_pid_tgid() will return tid|gid<<32 I think, so I'm a bit
confused why bcc people called it pid at the first place...).

> +u64 pid = (u32) bpf_get_current_pid_tgid();
> +u64 addr = vmf->address;
> +
> +do_event_start(pid, addr);
> +ctx_handle_userfault.update(&pid, &addr);
> +}
> +return 0;
> +}
> +
> +/* KRETPROBE for handle_userfault(). */
> +int retprobe_handle_userfault(struct pt_regs *ctx)
> +{
> +u64 pid = (u32) bpf_get_current_pid_tgid();
> +u64 *addr_p;
> +
> +/*
> + * Here we just ignore the return value. In case of spurious wakeup
> + * or pending signal we'll still get (at least for v5.8.0 kernel)
> + * VM_FAULT_RETRY or (VM_FAULT_RETRY | VM_FAULT_MAJOR) here.
> + * Anyhow, handle_userfault() would be re-entered if such case happens,
> + * keeping initial timestamp unchanged for the faulting thread.

AFAIU this comment is not matching what the code does.  But I agree it's not a
big problem because we won't miss any long delays (because the one long delayed
sample will just be split into two or multiple delays, which will still be
reflected in the histogram at last).  Or am I wrong?

> + */
> +addr_p = ctx_handle_userfault.lookup(&pid);
> +if (addr_p) {
> +do_event_end(pid, *addr_p);
> +ctx_handle_userfault.delete(&pid);
> +}
> +return 0;
> +}
> +"""

Other than that, the rest looks good to me.

I'd think it's fine to even merge the current version since it actually works
nicely.  Andrey, if you agree with any of my above comments, feel free to
repost this patch (since I see Dave provided the rest r-bs).  Then I think I
can r-b this one too.  Thanks!

-- 
Peter Xu

[PATCH 7/8] s390x/pci: PCILG via the vfio zPCI I/O region

2021-01-19 Thread Matthew Rosato

For ISM devices, use the vfio region to handle intercepted PCILG
instructions.  This will allow read I/Os intercepted from the guest to be
performed as single operations that ensure the same non-MIO PCI instruction
is used on the host as specified in the guest.

Signed-off-by: Matthew Rosato 
---
 hw/s390x/s390-pci-inst.c |  3 ++-
 hw/s390x/s390-pci-vfio.c | 53 
 include/hw/s390x/s390-pci-inst.h |  1 +
 include/hw/s390x/s390-pci-vfio.h |  8 ++
 4 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
index 18a701f..97e9a7a 100644
--- a/hw/s390x/s390-pci-inst.c
+++ b/hw/s390x/s390-pci-inst.c
@@ -352,7 +352,7 @@ out:
  * @ptr: a pointer to a uint64_t data field
  * @len: the length of the valid data, must be 1,2,4 or 8
  */
-static int zpci_endian_swap(uint64_t *ptr, uint8_t len)
+int zpci_endian_swap(uint64_t *ptr, uint8_t len)
 {
 uint64_t data = *ptr;
 
@@ -1494,5 +1494,6 @@ void zpci_assign_default_ops(S390PCIBusDevice *pbdev)
 
 void zpci_assign_ops_vfio_io_region(S390PCIBusDevice *pbdev)
 {
+pbdev->ops.pcilg = s390_pci_vfio_pcilg;
 pbdev->ops.pcistb = s390_pci_vfio_pcistb;
 }
diff --git a/hw/s390x/s390-pci-vfio.c b/hw/s390x/s390-pci-vfio.c
index 33b24d4..6778ba4 100644
--- a/hw/s390x/s390-pci-vfio.c
+++ b/hw/s390x/s390-pci-vfio.c
@@ -339,6 +339,59 @@ int s390_pci_get_zpci_io_region(S390PCIBusDevice *pbdev)
 return ret;
 }
 
+int s390_pci_vfio_pcilg(S390PCIBusDevice *pbdev, uint64_t *data, uint8_t pcias,
+uint16_t len, uint64_t offset)
+{
+struct vfio_region_zpci_io *region = pbdev->io_region;
+VFIOPCIDevice *vfio_pci;
+int ret;
+
+if (region == NULL) {
+return -EIO;
+}
+
+vfio_pci = container_of(pbdev->pdev, VFIOPCIDevice, pdev);
+
+/* Perform Length/Alignment checks */
+switch (pcias) {
+case ZPCI_IO_BAR_MIN...ZPCI_IO_BAR_MAX:
+if (!len || (len > (8 - (offset & 0x7 {
+return -EINVAL;
+}
+region->req.gaddr = (uint64_t)data;
+region->req.offset = offset;
+region->req.len = len;
+region->req.pcias = pcias;
+region->req.flags = VFIO_ZPCI_IO_FLAG_READ;
+
+ret = pwrite(vfio_pci->vbasedev.fd, ®ion->req,
+ sizeof(struct vfio_zpci_io_req),
+ pbdev->io_region_op_offset);
+if (ret != sizeof(struct vfio_zpci_io_req)) {
+ret = -EIO;
+} else {
+ret = 0;
+}
+break;
+case ZPCI_CONFIG_BAR:
+if (!len || (len > (4 - (offset & 0x3))) || len == 3) {
+return -EINVAL;
+}
+*data = pci_host_config_read_common(
+   pbdev->pdev, offset, pci_config_size(pbdev->pdev), len);
+
+if (zpci_endian_swap(data, len)) {
+ret = -EINVAL;
+}
+ret = 0;
+break;
+default:
+return -EFAULT;
+}
+
+return ret;
+}
+
 int s390_pci_vfio_pcistb(S390PCIBusDevice *pbdev, S390CPU *cpu, uint64_t gaddr,
  uint8_t ar, uint8_t pcias, uint16_t len,
  uint64_t offset)
diff --git a/include/hw/s390x/s390-pci-inst.h b/include/hw/s390x/s390-pci-inst.h
index 7ed6175..fe368fb 100644
--- a/include/hw/s390x/s390-pci-inst.h
+++ b/include/hw/s390x/s390-pci-inst.h
@@ -101,6 +101,7 @@ typedef struct ZpciFib {
 int pci_dereg_irqs(S390PCIBusDevice *pbdev);
 void pci_dereg_ioat(S390PCIIOMMU *iommu);
 int clp_service_call(S390CPU *cpu, uint8_t r2, uintptr_t ra);
+int zpci_endian_swap(uint64_t *ptr, uint8_t len);
 int pcilg_service_call(S390CPU *cpu, uint8_t r1, uint8_t r2, uintptr_t ra);
 int pcistg_service_call(S390CPU *cpu, uint8_t r1, uint8_t r2, uintptr_t ra);
 int rpcit_service_call(S390CPU *cpu, uint8_t r1, uint8_t r2, uintptr_t ra);
diff --git a/include/hw/s390x/s390-pci-vfio.h b/include/hw/s390x/s390-pci-vfio.h
index f0a994f..d9fb3a4 100644
--- a/include/hw/s390x/s390-pci-vfio.h
+++ b/include/hw/s390x/s390-pci-vfio.h
@@ -22,6 +22,8 @@ S390PCIDMACount *s390_pci_start_dma_count(S390pciState *s,
 void s390_pci_end_dma_count(S390pciState *s, S390PCIDMACount *cnt);
 void s390_pci_get_clp_info(S390PCIBusDevice *pbdev);
 int s390_pci_get_zpci_io_region(S390PCIBusDevice *pbdev);
+int s390_pci_vfio_pcilg(S390PCIBusDevice *pbdev, uint64_t *data, uint8_t pcias,
+uint16_t len, uint64_t offset);
 int s390_pci_vfio_pcistb(S390PCIBusDevice *pbdev, S390CPU *cpu, uint64_t gaddr,
  uint8_t ar, uint8_t pcias, uint16_t len,
  uint64_t offset);
@@ -42,6 +44,12 @@ static inline int 
s390_pci_get_zpci_io_region(S390PCIBusDevice *pbdev)
 {
 return -EINVAL;
 }
+static inline int s390_pci_vfio_pcilg(S390PCIBusDevice *pbdev, uint64_t *data,
+  uint8_t pcias, uint16_t len,
+  uint64_t offset)
+{
+return -EIO

[PATCH 5/8] s390x/pci: Handle devices that support relaxed alignment

2021-01-19 Thread Matthew Rosato

Certain zPCI device types (e.g. ISM) allow for a different set of address
alignment rules for PCISTB instructions.  Recognize this distinction and
perform only a subset of alignment checks for intercepted PCISTB
instructions.  Furthermore for the default path, handle the potential for
writes that are not aligned and sized to 8B chunks.

Signed-off-by: Matthew Rosato 
---
 hw/s390x/s390-pci-inst.c| 152 +---
 hw/s390x/s390-pci-vfio.c|   3 +
 include/hw/s390x/s390-pci-clp.h |   1 +
 3 files changed, 132 insertions(+), 24 deletions(-)

diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
index 2d440a3..67eb4a4 100644
--- a/hw/s390x/s390-pci-inst.c
+++ b/hw/s390x/s390-pci-inst.c
@@ -784,6 +784,92 @@ err:
 return 0;
 }
 
+static int pcistb_write_validate(MemoryRegion *mr, uint64_t offset,
+ uint16_t len)
+{
+uint8_t size;
+
+switch (offset & 0x07UL) {
+case 0:
+size = 8;
+if (size <= len) {
+break;
+}
+/* fall through */
+case 4:
+size = 4;
+if (size <= len) {
+break;
+}
+/* fall through */
+case 6:
+case 2:
+size = 2;
+if (size <= len) {
+break;
+}
+/* fall through */
+default:
+size = 1;
+}
+
+if (!memory_region_access_valid(mr, offset, size, true,
+MEMTXATTRS_UNSPECIFIED)) {
+return -EINVAL;
+}
+
+return size;
+}
+
+static int pcistb_write(MemoryRegion *mr, uint8_t *buffer, uint64_t offset,
+uint16_t len)
+{
+MemTxResult result;
+uint64_t size;
+uint64_t data;
+MemOp opsize;
+
+switch (offset & 0x07UL) {
+case 0:
+size = 8;
+if (size <= len) {
+opsize = MO_64;
+data = ldq_p(buffer);
+break;
+}
+/* fall through */
+case 4:
+size = 4;
+if (size <= len) {
+opsize = MO_32;
+data = ldl_p(buffer);
+break;
+}
+/* fall through */
+case 6:
+case 2:
+size = 2;
+if (size <= len) {
+opsize = MO_16;
+data = lduw_p(buffer);
+break;
+}
+/* fall through */
+default:
+size = 1;
+opsize = MO_8;
+data = ldub_p(buffer);
+}
+
+result = memory_region_dispatch_write(mr, offset, data, opsize,
+  MEMTXATTRS_UNSPECIFIED);
+if (result != MEMTX_OK) {
+return -EINVAL;
+}
+
+return size;
+}
+
 /*
  * The default PCISTB handler will break PCISTB instructions into a series of
  * 8B memory operations.
@@ -792,32 +878,44 @@ static int pcistb_default(S390PCIBusDevice *pbdev, 
S390CPU *cpu,
uint64_t gaddr, uint8_t ar, uint8_t pcias,
uint16_t len, uint64_t offset)
 {
-MemTxResult result;
 MemoryRegion *mr;
-int i;
+uint64_t curroff;
+uint16_t currlen;
+uint8_t *currbuff;
+int size;
 
 mr = pbdev->pdev->io_regions[pcias].memory;
 mr = s390_get_subregion(mr, offset, len);
 offset -= mr->addr;
 
-for (i = 0; i < len; i += 8) {
-if (!memory_region_access_valid(mr, offset + i, 8, true,
-MEMTXATTRS_UNSPECIFIED)) {
+/* Loop over the proposed area and validate that writes will work. */
+curroff = offset;
+currlen = len;
+while (currlen > 0) {
+size = pcistb_write_validate(mr, curroff, currlen);
+if (size <= 0) {
 return -EINVAL;
 }
+curroff += size;
+currlen -= size;
 }
 
 if (s390_cpu_virt_mem_read(cpu, gaddr, ar, pbdev->pcistb_buf, len)) {
 return -EACCES;
 }
 
-for (i = 0; i < len; i += 8) {
-result = memory_region_dispatch_write(mr, offset + i,
-  ldq_p(pbdev->pcistb_buf + i),
-  MO_64, MEMTXATTRS_UNSPECIFIED);
-if (result != MEMTX_OK) {
+/* Perform the chain of previously-validated writes */
+currbuff = pbdev->pcistb_buf;
+curroff = offset;
+currlen = len;
+while (currlen > 0) {
+size = pcistb_write(mr, currbuff, curroff, currlen);
+if (size < 0) {
 return -EINVAL;
 }
+currbuff += size;
+curroff += size;
+currlen -= size;
 }
 
 return 0;
@@ -873,25 +971,31 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uint8_t 
r3, uint64_t gaddr,
 return 0;
 }
 
-/* Verify the address, offset and length */
-/* offset must be a multiple of 8 */
-if (offset % 8) {
-goto specification_error;
-}
-/* Length must be greater than 8, a multiple of 8 */
-/* and not greater than maxstbl */
-if ((len <= 8) || (len % 8) ||

[PATCH 4/8] s390x/pci: Introduce the ZpciOps structure

2021-01-19 Thread Matthew Rosato

As inftrastructure to introduce different PCI instruction handlers,
introduce the ZpciOps structure to contain function pointers for the
handlers.  Add default handlers for the PCISTG, PCILG and PCISTB
instructions.

Signed-off-by: Matthew Rosato 
---
 hw/s390x/s390-pci-bus.c  |   3 +
 hw/s390x/s390-pci-inst.c | 246 ++-
 include/hw/s390x/s390-pci-bus.h  |  22 
 include/hw/s390x/s390-pci-inst.h |   1 +
 4 files changed, 189 insertions(+), 83 deletions(-)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index dc732e2..784ca65 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -1020,6 +1020,7 @@ static void s390_pcihost_plug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 pbdev->iommu->pbdev = pbdev;
 pbdev->state = ZPCI_FS_DISABLED;
 set_pbdev_info(pbdev);
+zpci_assign_default_ops(pbdev);
 
 if (object_dynamic_cast(OBJECT(dev), "vfio-pci")) {
 pbdev->fh |= FH_SHM_VFIO;
@@ -1079,6 +1080,8 @@ static void s390_pcihost_unplug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 s390_pci_iommu_free(s, bus, devfn);
 pbdev->pdev = NULL;
 pbdev->state = ZPCI_FS_RESERVED;
+if (pbdev->pcistb_buf)
+qemu_vfree(pbdev->pcistb_buf);
 } else if (object_dynamic_cast(OBJECT(dev), TYPE_S390_PCI_DEVICE)) {
 pbdev = S390_PCI_DEVICE(dev);
 pbdev->fid = 0;
diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
index 654fac6..2d440a3 100644
--- a/hw/s390x/s390-pci-inst.c
+++ b/hw/s390x/s390-pci-inst.c
@@ -404,16 +404,49 @@ static MemTxResult zpci_read_bar(S390PCIBusDevice *pbdev, 
uint8_t pcias,
MEMTXATTRS_UNSPECIFIED);
 }
 
+static int pcilg_default(S390PCIBusDevice *pbdev, uint64_t *data, uint8_t 
pcias,
+ uint16_t len, uint64_t offset)
+{
+MemTxResult result;
+
+switch (pcias) {
+case ZPCI_IO_BAR_MIN...ZPCI_IO_BAR_MAX:
+if (!len || (len > (8 - (offset & 0x7 {
+return -EINVAL;
+}
+result = zpci_read_bar(pbdev, pcias, offset, data, len);
+if (result != MEMTX_OK) {
+return -EINVAL;
+}
+break;
+case ZPCI_CONFIG_BAR:
+if (!len || (len > (4 - (offset & 0x3))) || len == 3) {
+return -EINVAL;
+}
+*data =  pci_host_config_read_common(
+   pbdev->pdev, offset, pci_config_size(pbdev->pdev), len);
+
+if (zpci_endian_swap(data, len)) {
+return -EINVAL;
+}
+break;
+default:
+return -EFAULT;
+}
+
+return 0;
+}
+
 int pcilg_service_call(S390CPU *cpu, uint8_t r1, uint8_t r2, uintptr_t ra)
 {
 CPUS390XState *env = &cpu->env;
 S390PCIBusDevice *pbdev;
 uint64_t offset;
 uint64_t data;
-MemTxResult result;
 uint8_t len;
 uint32_t fh;
 uint8_t pcias;
+int ret;
 
 if (env->psw.mask & PSW_MASK_PSTATE) {
 s390_program_interrupt(env, PGM_PRIVILEGED, ra);
@@ -452,35 +485,21 @@ int pcilg_service_call(S390CPU *cpu, uint8_t r1, uint8_t 
r2, uintptr_t ra)
 break;
 }
 
-switch (pcias) {
-case ZPCI_IO_BAR_MIN...ZPCI_IO_BAR_MAX:
-if (!len || (len > (8 - (offset & 0x7 {
-s390_program_interrupt(env, PGM_OPERAND, ra);
-return 0;
-}
-result = zpci_read_bar(pbdev, pcias, offset, &data, len);
-if (result != MEMTX_OK) {
-s390_program_interrupt(env, PGM_OPERAND, ra);
-return 0;
-}
-break;
-case ZPCI_CONFIG_BAR:
-if (!len || (len > (4 - (offset & 0x3))) || len == 3) {
-s390_program_interrupt(env, PGM_OPERAND, ra);
-return 0;
-}
-data =  pci_host_config_read_common(
-   pbdev->pdev, offset, pci_config_size(pbdev->pdev), len);
+ret = pbdev->ops.pcilg(pbdev, &data, pcias, len, offset);
 
-if (zpci_endian_swap(&data, len)) {
-s390_program_interrupt(env, PGM_OPERAND, ra);
-return 0;
-}
-break;
-default:
+switch (ret) {
+case -EINVAL:
+s390_program_interrupt(env, PGM_OPERAND, ra);
+return 0;
+case -EFAULT:
 DPRINTF("pcilg invalid space\n");
 setcc(cpu, ZPCI_PCI_LS_ERR);
 s390_set_status_code(env, r2, ZPCI_PCI_ST_INVAL_AS);
+case 0:
+break;
+default:
+DPRINTF("pcilg unexpected return %d from op\n", ret);
+s390_program_interrupt(env, PGM_OPERAND, ra);
 return 0;
 }
 
@@ -504,15 +523,55 @@ static MemTxResult zpci_write_bar(S390PCIBusDevice 
*pbdev, uint8_t pcias,
 MEMTXATTRS_UNSPECIFIED);
 }
 
+static int pcistg_default(S390PCIBusDevice *pbdev, uint64_t data, uint8_t 
pcias,
+  uint16_t len, uint64_t offset)
+{
+MemTxResult result;
+
+switch (pcias) {
+

[PATCH 3/8] s390x/pci: MSI-X isn't strictly required for passthrough

2021-01-19 Thread Matthew Rosato

s390 PCI currently disallows PCI devices without the MSI-X capability.
However, this fence doesn't make sense for passthrough devices.  Move
the check to only fence emulated devices (e.g., virtio).

Signed-off-by: Matthew Rosato 
Reviewed-by: Pierre Morel 
---
 hw/s390x/s390-pci-bus.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index dd138da..dc732e2 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -1028,12 +1028,12 @@ static void s390_pcihost_plug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 s390_pci_get_clp_info(pbdev);
 } else {
 pbdev->fh |= FH_SHM_EMUL;
-}
 
-if (s390_pci_msix_init(pbdev)) {
-error_setg(errp, "MSI-X support is mandatory "
-   "in the S390 architecture");
-return;
+if (s390_pci_msix_init(pbdev)) {
+error_setg(errp, "MSI-X support is mandatory "
+   "in the S390 architecture");
+return;
+}
 }
 
 if (dev->hotplugged) {
@@ -1073,7 +1073,9 @@ static void s390_pcihost_unplug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 devfn = pci_dev->devfn;
 qdev_unrealize(dev);
 
-s390_pci_msix_free(pbdev);
+if (pbdev->fh & FH_SHM_EMUL) {
+s390_pci_msix_free(pbdev);
+}
 s390_pci_iommu_free(s, bus, devfn);
 pbdev->pdev = NULL;
 pbdev->state = ZPCI_FS_RESERVED;
-- 
1.8.3.1

[PATCH v20 00/20] Initial support for multi-process Qemu

2021-01-19 Thread Jagannathan Raman

Hi,

This is the v20 of the patchset. This version has the following changes:

[PATCH v18 08/20] io: add qio_channel_readv_full_all_eof &
qio_channel_readv_full_all helpers
  - Considers fds as part of the "data" for both
qio_channel_readv_full_all_eof() &
qio_channel_readv_full_all().
  - Addresses some of the error scenarios
which were not addressed in the previous revisions

To touch upon the history of this project, we posted the Proof Of Concept
patches before the BoF session in 2018. Subsequently, we have posted 19
versions on the qemu-devel mailing list. You can find them by following
the links below ([1] - [19]). Following people contributed to the design and
implementation of this project:
Jagannathan Raman 
Elena Ufimtseva 
John G Johnson 
Stefan Hajnoczi 
Konrad Wilk 
Kanth Ghatraju 

We would like to thank you for your feedback in the
design and implementation of this project. Qemu wiki page:
https://wiki.qemu.org/Features/MultiProcessQEMU

For the full concept writeup about QEMU multi-process, please
refer to docs/devel/qemu-multiprocess.rst. Also, see
docs/qemu-multiprocess.txt for usage information.

Thank you for reviewing this series!

[POC]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg566538.html
[1]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg602285.html
[2]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg624877.html
[3]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg642000.html
[4]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg655118.html
[5]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg682429.html
[6]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg697484.html
[7]: https://patchew.org/QEMU/cover.1593273671.git.elena.ufimts...@oracle.com/
[8]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg727007.html
[9]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg734275.html
[10]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg747638.html
[11]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg750972.html
[12]: https://patchew.org/QEMU/cover.1606853298.git.jag.ra...@oracle.com/
[13]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg766825.html
[14]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg768376.html
[15]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg769178.html
[16]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg771455.html
[17]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg772512.html
[18]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg772602.html
[19]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg772980.html

Elena Ufimtseva (8):
  multi-process: add configure and usage information
  io: add qio_channel_writev_full_all helper
  io: add qio_channel_readv_full_all_eof & qio_channel_readv_full_all
helpers
  multi-process: define MPQemuMsg format and transmission functions
  multi-process: introduce proxy object
  multi-process: add proxy communication functions
  multi-process: Forward PCI config space acceses to the remote process
  multi-process: perform device reset in the remote process

Jagannathan Raman (11):
  memory: alloc RAM from file at offset
  multi-process: Add config option for multi-process QEMU
  multi-process: setup PCI host bridge for remote device
  multi-process: setup a machine object for remote device process
  multi-process: Initialize message handler in remote device
  multi-process: Associate fd of a PCIDevice with its object
  multi-process: setup memory manager for remote device
  multi-process: PCI BAR read/write handling for proxy & remote
endpoints
  multi-process: Synchronize remote memory
  multi-process: create IOHUB object to handle irq
  multi-process: Retrieve PCI info from remote process

John G Johnson (1):
  multi-process: add the concept description to
docs/devel/qemu-multiprocess

 docs/devel/index.rst  |   1 +
 docs/devel/multi-process.rst  | 966 ++
 docs/multi-process.rst|  64 ++
 configure |  10 +
 meson.build   |   5 +-
 hw/remote/trace.h |   1 +
 include/exec/memory.h |   2 +
 include/exec/ram_addr.h   |   2 +-
 include/hw/pci-host/remote.h  |  30 +
 include/hw/pci/pci_ids.h  |   3 +
 include/hw/remote/iohub.h |  42 ++
 include/hw/remote/machine.h   |  38 ++
 include/hw/remote/memory.h|  19 +
 include/hw/remote/mpqemu-link.h   |  99 +++
 include/hw/remote/proxy-memory-listener.h |  28 +
 include/hw/remote/proxy.h |  48 ++
 include/io/channel.h  |  78 +++
 include/qemu/mmap-alloc.h |   4 +-
 include/sysemu/iothread.h |   6 +
 backends/hostmem-memfd.c  |   2 +-
 hw/misc/ivshmem.c |   3 +

[PATCH v20 17/20] multi-process: Synchronize remote memory

2021-01-19 Thread Jagannathan Raman

Add ProxyMemoryListener object which is used to keep the view of the RAM
in sync between QEMU and remote process.
A MemoryListener is registered for system-memory AddressSpace. The
listener sends SYNC_SYSMEM message to the remote process when memory
listener commits the changes to memory, the remote process receives
the message and processes it in the handler for SYNC_SYSMEM message.

Signed-off-by: Jagannathan Raman 
Signed-off-by: John G Johnson 
Signed-off-by: Elena Ufimtseva 
Reviewed-by: Stefan Hajnoczi 
---
 include/hw/remote/proxy-memory-listener.h |  28 
 include/hw/remote/proxy.h |   2 +
 hw/remote/message.c   |   4 +
 hw/remote/proxy-memory-listener.c | 227 ++
 hw/remote/proxy.c |   6 +
 MAINTAINERS   |   2 +
 hw/remote/meson.build |   1 +
 7 files changed, 270 insertions(+)
 create mode 100644 include/hw/remote/proxy-memory-listener.h
 create mode 100644 hw/remote/proxy-memory-listener.c

diff --git a/include/hw/remote/proxy-memory-listener.h 
b/include/hw/remote/proxy-memory-listener.h
new file mode 100644
index 000..c4f3efb
--- /dev/null
+++ b/include/hw/remote/proxy-memory-listener.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef PROXY_MEMORY_LISTENER_H
+#define PROXY_MEMORY_LISTENER_H
+
+#include "exec/memory.h"
+#include "io/channel.h"
+
+typedef struct ProxyMemoryListener {
+MemoryListener listener;
+
+int n_mr_sections;
+MemoryRegionSection *mr_sections;
+
+QIOChannel *ioc;
+} ProxyMemoryListener;
+
+void proxy_memory_listener_configure(ProxyMemoryListener *proxy_listener,
+ QIOChannel *ioc);
+void proxy_memory_listener_deconfigure(ProxyMemoryListener *proxy_listener);
+
+#endif
diff --git a/include/hw/remote/proxy.h b/include/hw/remote/proxy.h
index ea7fa4f..12888b4 100644
--- a/include/hw/remote/proxy.h
+++ b/include/hw/remote/proxy.h
@@ -11,6 +11,7 @@
 
 #include "hw/pci/pci.h"
 #include "io/channel.h"
+#include "hw/remote/proxy-memory-listener.h"
 
 #define TYPE_PCI_PROXY_DEV "x-pci-proxy-dev"
 OBJECT_DECLARE_SIMPLE_TYPE(PCIProxyDev, PCI_PROXY_DEV)
@@ -36,6 +37,7 @@ struct PCIProxyDev {
 QemuMutex io_mutex;
 QIOChannel *ioc;
 Error *migration_blocker;
+ProxyMemoryListener proxy_listener;
 ProxyMemoryRegion region[PCI_NUM_REGIONS];
 };
 
diff --git a/hw/remote/message.c b/hw/remote/message.c
index f2e8445..25341d8 100644
--- a/hw/remote/message.c
+++ b/hw/remote/message.c
@@ -17,6 +17,7 @@
 #include "sysemu/runstate.h"
 #include "hw/pci/pci.h"
 #include "exec/memattrs.h"
+#include "hw/remote/memory.h"
 
 static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
  MPQemuMsg *msg, Error **errp);
@@ -61,6 +62,9 @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
 case MPQEMU_CMD_BAR_READ:
 process_bar_read(com->ioc, &msg, &local_err);
 break;
+case MPQEMU_CMD_SYNC_SYSMEM:
+remote_sysmem_reconfig(&msg, &local_err);
+break;
 default:
 error_setg(&local_err,
"Unknown command (%d) received for device %s"
diff --git a/hw/remote/proxy-memory-listener.c 
b/hw/remote/proxy-memory-listener.c
new file mode 100644
index 000..af1fa6f
--- /dev/null
+++ b/hw/remote/proxy-memory-listener.c
@@ -0,0 +1,227 @@
+/*
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "qemu/compiler.h"
+#include "qemu/int128.h"
+#include "qemu/range.h"
+#include "exec/memory.h"
+#include "exec/cpu-common.h"
+#include "cpu.h"
+#include "exec/ram_addr.h"
+#include "exec/address-spaces.h"
+#include "qapi/error.h"
+#include "hw/remote/mpqemu-link.h"
+#include "hw/remote/proxy-memory-listener.h"
+
+/*
+ * TODO: get_fd_from_hostaddr(), proxy_mrs_can_merge() and
+ * proxy_memory_listener_commit() defined below perform tasks similar to the
+ * functions defined in vhost-user.c. These functions are good candidates
+ * for refactoring.
+ *
+ */
+
+static void proxy_memory_listener_reset(MemoryListener *listener)
+{
+ProxyMemoryListener *proxy_listener = container_of(listener,
+   ProxyMemoryListener,
+   listener);
+int mrs;
+
+for (mrs = 0; mrs < proxy_listener->n_mr_sections; mrs++) {
+memory_region_unref(proxy_listener->mr_sections[mrs].mr);
+}
+
+g_free(proxy_listener->mr_sections);
+proxy_listener->mr_sections = NULL;
+proxy_

[PATCH 1/1] spapr_caps.c: disable KVM specific caps when running with TCG

2021-01-19 Thread Daniel Henrique Barboza

Commit 006e9d361869 added warning messages for cap-cfpc, cap-ibs and
cap-sbbc when enabled under TCG. Commit 8ff43ee404d3 did the same thing
when introducing cap-ccf-assist.

These warning messages, although benign to the machine launch, can make
users a bit confused. E.g:

$ sudo ./ppc64-softmmu/qemu-system-ppc64
qemu-system-ppc64: warning: TCG doesn't support requested feature, 
cap-cfpc=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature, 
cap-sbbc=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature, 
cap-ibs=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature, 
cap-ccf-assist=on

We're complaining about "TCG doesn't support requested feature" when the
user didn't request any of those caps in the command line.

Check if we're running with TCG and change the defaults in spapr_caps_init().
Note that this change doesn't impact backward compatibility or migration
to older QEMU versions because we never activated these caps with TCG
in the first place.

Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr_caps.c | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 9341e9782a..53eea2b11e 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -781,6 +781,21 @@ void spapr_caps_init(SpaprMachineState *spapr)
 /* Compute the actual set of caps we should run with */
 default_caps = default_caps_with_cpu(spapr, MACHINE(spapr)->cpu_type);
 
+   /*
+* These are KVM specific caps that TCG doesn't support, but will
+* throw an warning if enabled by default (see 006e9d361869 and
+* 8ff43ee404d3). This behavior can make the user wonder why a warning
+* is being shown for caps that the user didn't enable in the
+* command line.
+*
+* Disable them for TCG. */
+if (tcg_enabled()) {
+default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
+default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
+default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
+default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_BROKEN;
+}
+
 for (i = 0; i < SPAPR_CAP_NUM; i++) {
 /* Store the defaults */
 spapr->def.caps[i] = default_caps.caps[i];
-- 
2.26.2

[PATCH v20 09/20] multi-process: define MPQemuMsg format and transmission functions

2021-01-19 Thread Jagannathan Raman

From: Elena Ufimtseva 

Defines MPQemuMsg, which is the message that is sent to the remote
process. This message is sent over QIOChannel and is used to
command the remote process to perform various tasks.
Define transmission functions used by proxy and by remote.

Signed-off-by: Jagannathan Raman 
Signed-off-by: John G Johnson 
Signed-off-by: Elena Ufimtseva 
Reviewed-by: Stefan Hajnoczi 
---
 meson.build |   1 +
 hw/remote/trace.h   |   1 +
 include/hw/remote/mpqemu-link.h |  63 
 include/sysemu/iothread.h   |   6 ++
 hw/remote/mpqemu-link.c | 205 
 iothread.c  |   6 ++
 MAINTAINERS |   2 +
 hw/remote/meson.build   |   1 +
 hw/remote/trace-events  |   4 +
 9 files changed, 289 insertions(+)
 create mode 100644 hw/remote/trace.h
 create mode 100644 include/hw/remote/mpqemu-link.h
 create mode 100644 hw/remote/mpqemu-link.c
 create mode 100644 hw/remote/trace-events

diff --git a/meson.build b/meson.build
index 01e25bc..0b353a6 100644
--- a/meson.build
+++ b/meson.build
@@ -1754,6 +1754,7 @@ if have_system
 'net',
 'softmmu',
 'ui',
+'hw/remote',
   ]
 endif
 trace_events_subdirs += [
diff --git a/hw/remote/trace.h b/hw/remote/trace.h
new file mode 100644
index 000..5d5e3ac
--- /dev/null
+++ b/hw/remote/trace.h
@@ -0,0 +1 @@
+#include "trace/trace-hw_remote.h"
diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
new file mode 100644
index 000..cac699c
--- /dev/null
+++ b/include/hw/remote/mpqemu-link.h
@@ -0,0 +1,63 @@
+/*
+ * Communication channel between QEMU and remote device process
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef MPQEMU_LINK_H
+#define MPQEMU_LINK_H
+
+#include "qom/object.h"
+#include "qemu/thread.h"
+#include "io/channel.h"
+
+#define REMOTE_MAX_FDS 8
+
+#define MPQEMU_MSG_HDR_SIZE offsetof(MPQemuMsg, data.u64)
+
+/**
+ * MPQemuCmd:
+ *
+ * MPQemuCmd enum type to specify the command to be executed on the remote
+ * device.
+ *
+ * This uses a private protocol between QEMU and the remote process. vfio-user
+ * protocol would supersede this in the future.
+ *
+ */
+typedef enum {
+MPQEMU_CMD_MAX,
+} MPQemuCmd;
+
+/**
+ * MPQemuMsg:
+ * @cmd: The remote command
+ * @size: Size of the data to be shared
+ * @data: Structured data
+ * @fds: File descriptors to be shared with remote device
+ *
+ * MPQemuMsg Format of the message sent to the remote device from QEMU.
+ *
+ */
+typedef struct {
+int cmd;
+size_t size;
+
+union {
+uint64_t u64;
+} data;
+
+int fds[REMOTE_MAX_FDS];
+int num_fds;
+} MPQemuMsg;
+
+bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
+bool mpqemu_msg_recv(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
+
+bool mpqemu_msg_valid(MPQemuMsg *msg);
+
+#endif
diff --git a/include/sysemu/iothread.h b/include/sysemu/iothread.h
index 0c5284d..f177142 100644
--- a/include/sysemu/iothread.h
+++ b/include/sysemu/iothread.h
@@ -57,4 +57,10 @@ IOThread *iothread_create(const char *id, Error **errp);
 void iothread_stop(IOThread *iothread);
 void iothread_destroy(IOThread *iothread);
 
+/*
+ * Returns true if executing withing IOThread context,
+ * false otherwise.
+ */
+bool qemu_in_iothread(void);
+
 #endif /* IOTHREAD_H */
diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
new file mode 100644
index 000..b3d380e
--- /dev/null
+++ b/hw/remote/mpqemu-link.c
@@ -0,0 +1,205 @@
+/*
+ * Communication channel between QEMU and remote device process
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "qemu/module.h"
+#include "hw/remote/mpqemu-link.h"
+#include "qapi/error.h"
+#include "qemu/iov.h"
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+#include "io/channel.h"
+#include "sysemu/iothread.h"
+#include "trace.h"
+
+/*
+ * Send message over the ioc QIOChannel.
+ * This function is safe to call from:
+ * - main loop in co-routine context. Will block the main loop if not in
+ *   co-routine context;
+ * - vCPU thread with no co-routine context and if the channel is not part
+ *   of the main loop handling;
+ * - IOThread within co-routine context, outside of co-routine context
+ *   will block IOThread;
+ * Returns true if no errors were encountered, false otherwise.
+ */
+bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
+{
+ERRP_GUARD();
+bool iolock = qemu_mutex_iothread_locked();
+bool iothread = qemu_in_iothread();
+struct iovec send[2] = {0};
+int *fds = NULL;
+size_t nfds = 0;
+

[PATCH v20 07/20] io: add qio_channel_writev_full_all helper

2021-01-19 Thread Jagannathan Raman

From: Elena Ufimtseva 

Adds qio_channel_writev_full_all() to transmit both data and FDs.
Refactors existing code to use this helper.

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
Acked-by: Daniel P. Berrangé 
---
 include/io/channel.h | 25 +
 io/channel.c | 15 ++-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/include/io/channel.h b/include/io/channel.h
index ab9ea77..19e76fc 100644
--- a/include/io/channel.h
+++ b/include/io/channel.h
@@ -777,4 +777,29 @@ void qio_channel_set_aio_fd_handler(QIOChannel *ioc,
 IOHandler *io_write,
 void *opaque);
 
+/**
+ * qio_channel_writev_full_all:
+ * @ioc: the channel object
+ * @iov: the array of memory regions to write data from
+ * @niov: the length of the @iov array
+ * @fds: an array of file handles to send
+ * @nfds: number of file handles in @fds
+ * @errp: pointer to a NULL-initialized error object
+ *
+ *
+ * Behaves like qio_channel_writev_full but will attempt
+ * to send all data passed (file handles and memory regions).
+ * The function will wait for all requested data
+ * to be written, yielding from the current coroutine
+ * if required.
+ *
+ * Returns: 0 if all bytes were written, or -1 on error
+ */
+
+int qio_channel_writev_full_all(QIOChannel *ioc,
+const struct iovec *iov,
+size_t niov,
+int *fds, size_t nfds,
+Error **errp);
+
 #endif /* QIO_CHANNEL_H */
diff --git a/io/channel.c b/io/channel.c
index 93d449d..0d4b8b5 100644
--- a/io/channel.c
+++ b/io/channel.c
@@ -157,6 +157,15 @@ int qio_channel_writev_all(QIOChannel *ioc,
size_t niov,
Error **errp)
 {
+return qio_channel_writev_full_all(ioc, iov, niov, NULL, 0, errp);
+}
+
+int qio_channel_writev_full_all(QIOChannel *ioc,
+const struct iovec *iov,
+size_t niov,
+int *fds, size_t nfds,
+Error **errp)
+{
 int ret = -1;
 struct iovec *local_iov = g_new(struct iovec, niov);
 struct iovec *local_iov_head = local_iov;
@@ -168,7 +177,8 @@ int qio_channel_writev_all(QIOChannel *ioc,
 
 while (nlocal_iov > 0) {
 ssize_t len;
-len = qio_channel_writev(ioc, local_iov, nlocal_iov, errp);
+len = qio_channel_writev_full(ioc, local_iov, nlocal_iov, fds, nfds,
+  errp);
 if (len == QIO_CHANNEL_ERR_BLOCK) {
 if (qemu_in_coroutine()) {
 qio_channel_yield(ioc, G_IO_OUT);
@@ -182,6 +192,9 @@ int qio_channel_writev_all(QIOChannel *ioc,
 }
 
 iov_discard_front(&local_iov, &nlocal_iov, len);
+
+fds = NULL;
+nfds = 0;
 }
 
 ret = 0;
-- 
1.8.3.1

[PATCH 1/8] linux-headers: update against 5.11-rc4

2021-01-19 Thread Matthew Rosato

Placeholder commit to pull in changes from "vfio-pci/zdev: Pass the relaxed
alignment flag" and "vfio-pci/zdev: Introduce the PCISTB vfio region"

Signed-off-by: Matthew Rosato 
---
 .../infiniband/hw/vmw_pvrdma/pvrdma_verbs.h|   2 +-
 include/standard-headers/drm/drm_fourcc.h  | 175 -
 include/standard-headers/linux/ethtool.h   |   2 +-
 include/standard-headers/linux/fuse.h  |  30 +++-
 include/standard-headers/linux/kernel.h|   9 +-
 include/standard-headers/linux/pci_regs.h  |  16 ++
 include/standard-headers/linux/vhost_types.h   |   9 ++
 include/standard-headers/linux/virtio_gpu.h|  82 ++
 include/standard-headers/linux/virtio_ids.h|  44 +++---
 linux-headers/asm-arm64/kvm.h  |   3 -
 linux-headers/asm-generic/unistd.h |   6 +-
 linux-headers/asm-mips/unistd_n32.h|   1 +
 linux-headers/asm-mips/unistd_n64.h|   1 +
 linux-headers/asm-mips/unistd_o32.h|   1 +
 linux-headers/asm-powerpc/unistd_32.h  |   1 +
 linux-headers/asm-powerpc/unistd_64.h  |   1 +
 linux-headers/asm-s390/unistd_32.h |   1 +
 linux-headers/asm-s390/unistd_64.h |   1 +
 linux-headers/asm-x86/kvm.h|   1 +
 linux-headers/asm-x86/unistd_32.h  |   1 +
 linux-headers/asm-x86/unistd_64.h  |   1 +
 linux-headers/asm-x86/unistd_x32.h |   1 +
 linux-headers/linux/kvm.h  |  58 ++-
 linux-headers/linux/userfaultfd.h  |   9 ++
 linux-headers/linux/vfio.h |   5 +
 linux-headers/linux/vfio_zdev.h|  34 
 linux-headers/linux/vhost.h|   4 +
 27 files changed, 458 insertions(+), 41 deletions(-)

diff --git 
a/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.h 
b/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.h
index 0a8c7c9..1677208 100644
--- a/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.h
+++ b/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.h
@@ -176,7 +176,7 @@ struct pvrdma_port_attr {
uint8_t subnet_timeout;
uint8_t init_type_reply;
uint8_t active_width;
-   uint16_tactive_speed;
+   uint8_t active_speed;
uint8_t phys_state;
uint8_t reserved[2];
 };
diff --git a/include/standard-headers/drm/drm_fourcc.h 
b/include/standard-headers/drm/drm_fourcc.h
index 0de1a55..c47e198 100644
--- a/include/standard-headers/drm/drm_fourcc.h
+++ b/include/standard-headers/drm/drm_fourcc.h
@@ -57,6 +57,30 @@ extern "C" {
  * may preserve meaning - such as number of planes - from the fourcc code,
  * whereas others may not.
  *
+ * Modifiers must uniquely encode buffer layout. In other words, a buffer must
+ * match only a single modifier. A modifier must not be a subset of layouts of
+ * another modifier. For instance, it's incorrect to encode pitch alignment in
+ * a modifier: a buffer may match a 64-pixel aligned modifier and a 32-pixel
+ * aligned modifier. That said, modifiers can have implicit minimal
+ * requirements.
+ *
+ * For modifiers where the combination of fourcc code and modifier can alias,
+ * a canonical pair needs to be defined and used by all drivers. Preferred
+ * combinations are also encouraged where all combinations might lead to
+ * confusion and unnecessarily reduced interoperability. An example for the
+ * latter is AFBC, where the ABGR layouts are preferred over ARGB layouts.
+ *
+ * There are two kinds of modifier users:
+ *
+ * - Kernel and user-space drivers: for drivers it's important that modifiers
+ *   don't alias, otherwise two drivers might support the same format but use
+ *   different aliases, preventing them from sharing buffers in an efficient
+ *   format.
+ * - Higher-level programs interfacing with KMS/GBM/EGL/Vulkan/etc: these users
+ *   see modifiers as opaque tokens they can check for equality and intersect.
+ *   These users musn't need to know to reason about the modifier value
+ *   (i.e. they are not expected to extract information out of the modifier).
+ *
  * Vendors should document their modifier usage in as much detail as
  * possible, to ensure maximum compatibility across devices, drivers and
  * applications.
@@ -154,6 +178,12 @@ extern "C" {
 #define DRM_FORMAT_ARGB16161616F fourcc_code('A', 'R', '4', 'H') /* [63:0] 
A:R:G:B 16:16:16:16 little endian */
 #define DRM_FORMAT_ABGR16161616F fourcc_code('A', 'B', '4', 'H') /* [63:0] 
A:B:G:R 16:16:16:16 little endian */
 
+/*
+ * RGBA format with 10-bit components packed in 64-bit per pixel, with 6 bits
+ * of unused padding per component:
+ */
+#define DRM_FORMAT_AXBXGXRX10

[PATCH 0/8] s390x/pci: Fixing s390 vfio-pci ISM support

2021-01-19 Thread Matthew Rosato

Today, ISM devices are completely disallowed for vfio-pci passthrough as
QEMU rejects the device due to an (inappropriate) MSI-X check.  Removing
this fence, however, reveals additional deficiencies in the s390x PCI
interception layer that prevent ISM devices from working correctly.
Namely, ISM block write operations have particular requirements in regards
to the alignment, size and order of writes performed that cannot be
guaranteed when breaking up write operations through the typical
vfio_pci_bar_rw paths. Furthermore, ISM requires that legacy/non-MIO
s390 PCI instructions are used, which is also not guaranteed when the I/O
is passed through the typical userspace channels.

This patchset provides a set of fixes related to enabling ISM device
passthrough and includes patches to enable use of a new vfio region that
will allow s390x PCI pass-through devices to perform s390 PCI instructions
in such a way that the same instruction issued on the guest is re-issued
on the host.

Associated kernel patchset:
https://lkml.org/lkml/2021/1/19/874

Changes from RFC -> v1:
- Refresh the header sync (built using Eric's 'update-linux-headers:
Include const.h' + manually removed pvrdma_ring.h again)
- Remove s390x/pci: fix pcistb length (already merged)
- Remove s390x/pci: Fix memory_region_access_valid call (already merged)
- Fix bug: s390_pci_vfio_pcistb should use the pre-allocated PCISTB
buffer pcistb_buf rather than allocating/freeing its own.
- New patch: track the PFT (PCI Function Type) separately from guest CLP
response data -- we tell the guest '0' for now due to limitations in
measurement block support, but we can still use the real value provided via
the vfio CLP capabilities to make decisions.
- Use the PFT (pci function type) to determine when to use the region
for PCISTB/PCILG (only for ISM), rather than using the relaxed alignment
bit.
- As a result, the pcistb_default is now updated to also handle the
possibility of relaxed alignment via 2 new functions, pcistb_validate_write
and pcistb_write, which serve as wrappers to the memory_region calls.
- New patch, which partially restores the MSI-X fence for passthrough
devices...  Could potentially be squashed with 's390x/pci: MSI-X isn't
strictly required for passthrough' but left separately for now as I felt it
needed a clear commit description of why we should still fence this case.

Matthew Rosato (8):
  linux-headers: update against 5.11-rc4
  s390x/pci: Keep track of the PCI Function type
  s390x/pci: MSI-X isn't strictly required for passthrough
  s390x/pci: Introduce the ZpciOps structure
  s390x/pci: Handle devices that support relaxed alignment
  s390x/pci: PCISTB via the vfio zPCI I/O region
  s390x/pci: PCILG via the vfio zPCI I/O region
  s390x/pci: Prevent ISM device passthrough on older host kernels

 hw/s390x/s390-pci-bus.c|  45 ++-
 hw/s390x/s390-pci-inst.c   | 389 +++--
 hw/s390x/s390-pci-vfio.c   | 152 
 include/hw/s390x/s390-pci-bus.h|  29 ++
 include/hw/s390x/s390-pci-clp.h|   1 +
 include/hw/s390x/s390-pci-inst.h   |   3 +
 include/hw/s390x/s390-pci-vfio.h   |  23 ++
 .../infiniband/hw/vmw_pvrdma/pvrdma_verbs.h|   2 +-
 include/standard-headers/drm/drm_fourcc.h  | 175 -
 include/standard-headers/linux/ethtool.h   |   2 +-
 include/standard-headers/linux/fuse.h  |  30 +-
 include/standard-headers/linux/kernel.h|   9 +-
 include/standard-headers/linux/pci_regs.h  |  16 +
 include/standard-headers/linux/vhost_types.h   |   9 +
 include/standard-headers/linux/virtio_gpu.h|  82 +
 include/standard-headers/linux/virtio_ids.h|  44 ++-
 linux-headers/asm-arm64/kvm.h  |   3 -
 linux-headers/asm-generic/unistd.h |   6 +-
 linux-headers/asm-mips/unistd_n32.h|   1 +
 linux-headers/asm-mips/unistd_n64.h|   1 +
 linux-headers/asm-mips/unistd_o32.h|   1 +
 linux-headers/asm-powerpc/unistd_32.h  |   1 +
 linux-headers/asm-powerpc/unistd_64.h  |   1 +
 linux-headers/asm-s390/unistd_32.h |   1 +
 linux-headers/asm-s390/unistd_64.h |   1 +
 linux-headers/asm-x86/kvm.h|   1 +
 linux-headers/asm-x86/unistd_32.h  |   1 +
 linux-headers/asm-x86/unistd_64.h  |   1 +
 linux-headers/asm-x86/unistd_x32.h |   1 +
 linux-headers/linux/kvm.h  |  58 ++-
 linux-headers/linux/userfaultfd.h  |   9 +
 linux-headers/linux/vfio.h |   5 +
 linux-headers/linux/vfio_zdev.h|  34 ++
 linux-headers/linux/vhost.h|   4 +
 34 files changed, 996 insertions(+), 145 deletions(-)

-- 
1.8.3.1

Re: [PATCH] usb: add pcap support.

2021-01-19 Thread Philippe Mathieu-Daudé

On 1/19/21 8:44 PM, Gerd Hoffmann wrote:
> Log all traffic of a specific usb device to a pcap file for later
> inspection.  File format is compatible with linux usb monitor.
> 
> Usage:
>   qemu -device usb-${somedevice},pcap=file.pcap
>   wireshark file.pcap

Great!

> Signed-off-by: Gerd Hoffmann 
> ---
>  include/hw/usb.h   |   8 ++
>  hw/usb/bus.c   |  16 +++
>  hw/usb/core.c  |  17 
>  hw/usb/pcap.c  | 242 +
>  hw/usb/meson.build |   1 +
>  5 files changed, 284 insertions(+)
>  create mode 100644 hw/usb/pcap.c
...

> diff --git a/hw/usb/pcap.c b/hw/usb/pcap.c
> new file mode 100644
> index ..d3162d65e5fe
> --- /dev/null
> +++ b/hw/usb/pcap.c
> @@ -0,0 +1,242 @@

Missing license.

> +#include "qemu/osdep.h"
> +#include "hw/usb.h"
> +
> +#define PCAP_MAGIC   0xa1b2c3d4
> +#define PCAP_MAJOR   2
> +#define PCAP_MINOR   4
> +
> +/* https://wiki.wireshark.org/Development/LibpcapFileFormat */
> +
> +struct pcap_hdr {
> +uint32_t magic_number;   /* magic number */
> +uint16_t version_major;  /* major version number */
> +uint16_t version_minor;  /* minor version number */
> +int32_t  thiszone;   /* GMT to local correction */
> +uint32_t sigfigs;/* accuracy of timestamps */
> +uint32_t snaplen;/* max length of captured packets, in octets */
> +uint32_t network;/* data link type */
> +};

QEMU_PACKED?

> +
> +struct pcaprec_hdr {
> +uint32_t ts_sec; /* timestamp seconds */
> +uint32_t ts_usec;/* timestamp microseconds */
> +uint32_t incl_len;   /* number of octets of packet saved in file */
> +uint32_t orig_len;   /* actual length of packet */
> +};

QEMU_PACKED?

> +
> +/* https://www.tcpdump.org/linktypes.html */
> +/* linux: Documentation/usb/usbmon.rst */
> +/* linux: drivers/usb/mon/mon_bin.c */
> +
> +#define LINKTYPE_USB_LINUX   189  /* first 48 bytes only */
> +#define LINKTYPE_USB_LINUX_MMAPPED   220  /* full 64 byte header */
> +
> +struct usbmon_packet {
> +uint64_t id; /*  0: URB ID - from submission to callback */
> +unsigned char type;  /*  8: Same as text; extensible. */
> +unsigned char xfer_type; /* ISO (0), Intr, Control, Bulk (3) */
> +unsigned char epnum; /* Endpoint number and transfer direction */
> +unsigned char devnum;/* Device address */
> +uint16_t busnum; /* 12: Bus number */
> +char flag_setup; /* 14: Same as text */
> +char flag_data;  /* 15: Same as text; Binary zero is OK. */
> +int64_t ts_sec;  /* 16: gettimeofday */
> +int32_t ts_usec; /* 24: gettimeofday */
> +int32_t status;  /* 28: */
> +unsigned int length; /* 32: Length of data (submitted or actual) */
> +unsigned int len_cap;/* 36: Delivered length */
> +union {  /* 40: */
> +unsigned char setup[8]; /* Only for Control S-type */
> +struct iso_rec {/* Only for ISO */
> +int32_t error_count;
> +int32_t numdesc;
> +} iso;
> +} s;
> +int32_t interval;/* 48: Only for Interrupt and ISO */
> +int32_t start_frame; /* 52: For ISO */
> +uint32_t xfer_flags; /* 56: copy of URB's transfer_flags */
> +uint32_t ndesc;  /* 60: Actual number of ISO descriptors */
> +};   /* 64 total length */

QEMU_PACKED?

Otherwise:
Reviewed-by: Philippe Mathieu-Daudé

[PATCH v20 06/20] multi-process: setup a machine object for remote device process

2021-01-19 Thread Jagannathan Raman

x-remote-machine object sets up various subsystems of the remote
device process. Instantiate PCI host bridge object and initialize RAM, IO &
PCI memory regions.

Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Signed-off-by: Elena Ufimtseva 
Reviewed-by: Stefan Hajnoczi 
---
 include/hw/pci-host/remote.h |  1 +
 include/hw/remote/machine.h  | 27 +
 hw/remote/machine.c  | 70 
 MAINTAINERS  |  2 ++
 hw/meson.build   |  1 +
 hw/remote/meson.build|  5 
 6 files changed, 106 insertions(+)
 create mode 100644 include/hw/remote/machine.h
 create mode 100644 hw/remote/machine.c
 create mode 100644 hw/remote/meson.build

diff --git a/include/hw/pci-host/remote.h b/include/hw/pci-host/remote.h
index 06b8a83..3dcf6aa 100644
--- a/include/hw/pci-host/remote.h
+++ b/include/hw/pci-host/remote.h
@@ -24,6 +24,7 @@ struct RemotePCIHost {
 
 MemoryRegion *mr_pci_mem;
 MemoryRegion *mr_sys_io;
+MemoryRegion *mr_sys_mem;
 };
 
 #endif
diff --git a/include/hw/remote/machine.h b/include/hw/remote/machine.h
new file mode 100644
index 000..bdfbca4
--- /dev/null
+++ b/include/hw/remote/machine.h
@@ -0,0 +1,27 @@
+/*
+ * Remote machine configuration
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef REMOTE_MACHINE_H
+#define REMOTE_MACHINE_H
+
+#include "qom/object.h"
+#include "hw/boards.h"
+#include "hw/pci-host/remote.h"
+
+struct RemoteMachineState {
+MachineState parent_obj;
+
+RemotePCIHost *host;
+};
+
+#define TYPE_REMOTE_MACHINE "x-remote-machine"
+OBJECT_DECLARE_SIMPLE_TYPE(RemoteMachineState, REMOTE_MACHINE)
+
+#endif
diff --git a/hw/remote/machine.c b/hw/remote/machine.c
new file mode 100644
index 000..9519a6c
--- /dev/null
+++ b/hw/remote/machine.c
@@ -0,0 +1,70 @@
+/*
+ * Machine for remote device
+ *
+ *  This machine type is used by the remote device process in multi-process
+ *  QEMU. QEMU device models depend on parent busses, interrupt controllers,
+ *  memory regions, etc. The remote machine type offers this environment so
+ *  that QEMU device models can be used as remote devices.
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "hw/remote/machine.h"
+#include "exec/address-spaces.h"
+#include "exec/memory.h"
+#include "qapi/error.h"
+
+static void remote_machine_init(MachineState *machine)
+{
+MemoryRegion *system_memory, *system_io, *pci_memory;
+RemoteMachineState *s = REMOTE_MACHINE(machine);
+RemotePCIHost *rem_host;
+
+system_memory = get_system_memory();
+system_io = get_system_io();
+
+pci_memory = g_new(MemoryRegion, 1);
+memory_region_init(pci_memory, NULL, "pci", UINT64_MAX);
+
+rem_host = REMOTE_PCIHOST(qdev_new(TYPE_REMOTE_PCIHOST));
+
+rem_host->mr_pci_mem = pci_memory;
+rem_host->mr_sys_mem = system_memory;
+rem_host->mr_sys_io = system_io;
+
+s->host = rem_host;
+
+object_property_add_child(OBJECT(s), "remote-pcihost", OBJECT(rem_host));
+memory_region_add_subregion_overlap(system_memory, 0x0, pci_memory, -1);
+
+qdev_realize(DEVICE(rem_host), sysbus_get_default(), &error_fatal);
+}
+
+static void remote_machine_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+
+mc->init = remote_machine_init;
+mc->desc = "Experimental remote machine";
+}
+
+static const TypeInfo remote_machine = {
+.name = TYPE_REMOTE_MACHINE,
+.parent = TYPE_MACHINE,
+.instance_size = sizeof(RemoteMachineState),
+.class_init = remote_machine_class_init,
+};
+
+static void remote_machine_register_types(void)
+{
+type_register_static(&remote_machine);
+}
+
+type_init(remote_machine_register_types);
diff --git a/MAINTAINERS b/MAINTAINERS
index db50cbf..3f01a02 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3191,6 +3191,8 @@ F: docs/devel/multi-process.rst
 F: docs/multi-process.rst
 F: hw/pci-host/remote.c
 F: include/hw/pci-host/remote.h
+F: hw/remote/machine.c
+F: include/hw/remote/machine.h
 
 Build and test automation
 -
diff --git a/hw/meson.build b/hw/meson.build
index 010de72..e615d72 100644
--- a/hw/meson.build
+++ b/hw/meson.build
@@ -56,6 +56,7 @@ subdir('moxie')
 subdir('nios2')
 subdir('openrisc')
 subdir('ppc')
+subdir('remote')
 subdir('riscv')
 subdir('rx')
 subdir('s390x')
diff --git a/hw/remote/meson.build b/hw/remote/meson.build
new file mode 100644
index 000..197b038
--- /dev/null
+++ b/hw/remote/meson.build
@@ -0,0 +1,5 @@
+remote_ss = ss.source_set()
+
+remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('machine.c'))
+
+s

[PATCH v20 01/20] multi-process: add the concept description to docs/devel/qemu-multiprocess

2021-01-19 Thread Jagannathan Raman

From: John G Johnson 

Signed-off-by: John G Johnson 
Signed-off-by: Elena Ufimtseva 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 docs/devel/index.rst |   1 +
 docs/devel/multi-process.rst | 966 +++
 MAINTAINERS  |   7 +
 3 files changed, 974 insertions(+)
 create mode 100644 docs/devel/multi-process.rst

diff --git a/docs/devel/index.rst b/docs/devel/index.rst
index ea0e1e1..5ccaf8b 100644
--- a/docs/devel/index.rst
+++ b/docs/devel/index.rst
@@ -36,3 +36,4 @@ Contents:
clocks
qom
block-coroutine-wrapper
+   multi-process
diff --git a/docs/devel/multi-process.rst b/docs/devel/multi-process.rst
new file mode 100644
index 000..6969932
--- /dev/null
+++ b/docs/devel/multi-process.rst
@@ -0,0 +1,966 @@
+This is the design document for multi-process QEMU. It does not
+necessarily reflect the status of the current implementation, which
+may lack features or be considerably different from what is described
+in this document. This document is still useful as a description of
+the goals and general direction of this feature.
+
+Please refer to the following wiki for latest details:
+https://wiki.qemu.org/Features/MultiProcessQEMU
+
+Multi-process QEMU
+===
+
+QEMU is often used as the hypervisor for virtual machines running in the
+Oracle cloud. Since one of the advantages of cloud computing is the
+ability to run many VMs from different tenants in the same cloud
+infrastructure, a guest that compromised its hypervisor could
+potentially use the hypervisor's access privileges to access data it is
+not authorized for.
+
+QEMU can be susceptible to security attacks because it is a large,
+monolithic program that provides many features to the VMs it services.
+Many of these features can be configured out of QEMU, but even a reduced
+configuration QEMU has a large amount of code a guest can potentially
+attack. Separating QEMU reduces the attack surface by aiding to
+limit each component in the system to only access the resources that
+it needs to perform its job.
+
+QEMU services
+-
+
+QEMU can be broadly described as providing three main services. One is a
+VM control point, where VMs can be created, migrated, re-configured, and
+destroyed. A second is to emulate the CPU instructions within the VM,
+often accelerated by HW virtualization features such as Intel's VT
+extensions. Finally, it provides IO services to the VM by emulating HW
+IO devices, such as disk and network devices.
+
+A multi-process QEMU
+
+
+A multi-process QEMU involves separating QEMU services into separate
+host processes. Each of these processes can be given only the privileges
+it needs to provide its service, e.g., a disk service could be given
+access only to the disk images it provides, and not be allowed to
+access other files, or any network devices. An attacker who compromised
+this service would not be able to use this exploit to access files or
+devices beyond what the disk service was given access to.
+
+A QEMU control process would remain, but in multi-process mode, will
+have no direct interfaces to the VM. During VM execution, it would still
+provide the user interface to hot-plug devices or live migrate the VM.
+
+A first step in creating a multi-process QEMU is to separate IO services
+from the main QEMU program, which would continue to provide CPU
+emulation. i.e., the control process would also be the CPU emulation
+process. In a later phase, CPU emulation could be separated from the
+control process.
+
+Separating IO services
+--
+
+Separating IO services into individual host processes is a good place to
+begin for a couple of reasons. One is the sheer number of IO devices QEMU
+can emulate provides a large surface of interfaces which could potentially
+be exploited, and, indeed, have been a source of exploits in the past.
+Another is the modular nature of QEMU device emulation code provides
+interface points where the QEMU functions that perform device emulation
+can be separated from the QEMU functions that manage the emulation of
+guest CPU instructions. The devices emulated in the separate process are
+referred to as remote devices.
+
+QEMU device emulation
+~
+
+QEMU uses an object oriented SW architecture for device emulation code.
+Configured objects are all compiled into the QEMU binary, then objects
+are instantiated by name when used by the guest VM. For example, the
+code to emulate a device named "foo" is always present in QEMU, but its
+instantiation code is only run when the device is included in the target
+VM. (e.g., via the QEMU command line as *-device foo*)
+
+The object model is hierarchical, so device emulation code names its
+parent object (such as "pci-device" for a PCI device) and QEMU will
+instantiate a parent object before calling the device's instantiation
+code.
+
+Current separation models
+

[PATCH v20 20/20] multi-process: perform device reset in the remote process

2021-01-19 Thread Jagannathan Raman

From: Elena Ufimtseva 

Perform device reset in the remote process when QEMU performs
device reset. This is required to reset the internal state
(like registers, etc...) of emulated devices

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 include/hw/remote/mpqemu-link.h |  1 +
 hw/remote/message.c | 22 ++
 hw/remote/proxy.c   | 19 +++
 3 files changed, 42 insertions(+)

diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
index 71d206f..4ec0915 100644
--- a/include/hw/remote/mpqemu-link.h
+++ b/include/hw/remote/mpqemu-link.h
@@ -40,6 +40,7 @@ typedef enum {
 MPQEMU_CMD_BAR_WRITE,
 MPQEMU_CMD_BAR_READ,
 MPQEMU_CMD_SET_IRQFD,
+MPQEMU_CMD_DEVICE_RESET,
 MPQEMU_CMD_MAX,
 } MPQemuCmd;
 
diff --git a/hw/remote/message.c b/hw/remote/message.c
index adab040..11d7298 100644
--- a/hw/remote/message.c
+++ b/hw/remote/message.c
@@ -19,6 +19,7 @@
 #include "exec/memattrs.h"
 #include "hw/remote/memory.h"
 #include "hw/remote/iohub.h"
+#include "sysemu/reset.h"
 
 static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
  MPQemuMsg *msg, Error **errp);
@@ -26,6 +27,8 @@ static void process_config_read(QIOChannel *ioc, PCIDevice 
*dev,
 MPQemuMsg *msg, Error **errp);
 static void process_bar_write(QIOChannel *ioc, MPQemuMsg *msg, Error **errp);
 static void process_bar_read(QIOChannel *ioc, MPQemuMsg *msg, Error **errp);
+static void process_device_reset_msg(QIOChannel *ioc, PCIDevice *dev,
+ Error **errp);
 
 void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
 {
@@ -69,6 +72,9 @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
 case MPQEMU_CMD_SET_IRQFD:
 process_set_irqfd_msg(pci_dev, &msg);
 break;
+case MPQEMU_CMD_DEVICE_RESET:
+process_device_reset_msg(com->ioc, pci_dev, &local_err);
+break;
 default:
 error_setg(&local_err,
"Unknown command (%d) received for device %s"
@@ -206,3 +212,19 @@ fail:
   getpid());
 }
 }
+
+static void process_device_reset_msg(QIOChannel *ioc, PCIDevice *dev,
+ Error **errp)
+{
+DeviceClass *dc = DEVICE_GET_CLASS(dev);
+DeviceState *s = DEVICE(dev);
+MPQemuMsg ret = { 0 };
+
+if (dc->reset) {
+dc->reset(s);
+}
+
+ret.cmd = MPQEMU_CMD_RET;
+
+mpqemu_msg_send(&ret, ioc, errp);
+}
diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
index a082709..4fa4be0 100644
--- a/hw/remote/proxy.c
+++ b/hw/remote/proxy.c
@@ -26,6 +26,7 @@
 #include "util/event_notifier-posix.c"
 
 static void probe_pci_info(PCIDevice *dev, Error **errp);
+static void proxy_device_reset(DeviceState *dev);
 
 static void proxy_intx_update(PCIDevice *pci_dev)
 {
@@ -202,6 +203,8 @@ static void pci_proxy_dev_class_init(ObjectClass *klass, 
void *data)
 k->config_read = pci_proxy_read_config;
 k->config_write = pci_proxy_write_config;
 
+dc->reset = proxy_device_reset;
+
 device_class_set_props(dc, proxy_properties);
 }
 
@@ -358,3 +361,19 @@ static void probe_pci_info(PCIDevice *dev, Error **errp)
 }
 }
 }
+
+static void proxy_device_reset(DeviceState *dev)
+{
+PCIProxyDev *pdev = PCI_PROXY_DEV(dev);
+MPQemuMsg msg = { 0 };
+Error *local_err = NULL;
+
+msg.cmd = MPQEMU_CMD_DEVICE_RESET;
+msg.size = 0;
+
+mpqemu_msg_send_and_await_reply(&msg, pdev, &local_err);
+if (local_err) {
+error_report_err(local_err);
+}
+
+}
-- 
1.8.3.1

[PATCH v20 14/20] multi-process: add proxy communication functions

2021-01-19 Thread Jagannathan Raman

From: Elena Ufimtseva 

Signed-off-by: Elena Ufimtseva 
Signed-off-by: Jagannathan Raman 
Signed-off-by: John G Johnson 
Reviewed-by: Stefan Hajnoczi 
---
 include/hw/remote/mpqemu-link.h |  4 
 hw/remote/mpqemu-link.c | 34 ++
 2 files changed, 38 insertions(+)

diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
index 6ee5bc5..1b35d40 100644
--- a/include/hw/remote/mpqemu-link.h
+++ b/include/hw/remote/mpqemu-link.h
@@ -15,6 +15,8 @@
 #include "qemu/thread.h"
 #include "io/channel.h"
 #include "exec/hwaddr.h"
+#include "io/channel-socket.h"
+#include "hw/remote/proxy.h"
 
 #define REMOTE_MAX_FDS 8
 
@@ -68,6 +70,8 @@ typedef struct {
 bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
 bool mpqemu_msg_recv(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
 
+uint64_t mpqemu_msg_send_and_await_reply(MPQemuMsg *msg, PCIProxyDev *pdev,
+ Error **errp);
 bool mpqemu_msg_valid(MPQemuMsg *msg);
 
 #endif
diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
index 4b25649..88d1f9b 100644
--- a/hw/remote/mpqemu-link.c
+++ b/hw/remote/mpqemu-link.c
@@ -182,6 +182,40 @@ fail:
 return ret;
 }
 
+/*
+ * Send msg and wait for a reply with command code RET_MSG.
+ * Returns the message received of size u64 or UINT64_MAX
+ * on error.
+ * Called from VCPU thread in non-coroutine context.
+ * Used by the Proxy object to communicate to remote processes.
+ */
+uint64_t mpqemu_msg_send_and_await_reply(MPQemuMsg *msg, PCIProxyDev *pdev,
+ Error **errp)
+{
+ERRP_GUARD();
+MPQemuMsg msg_reply = {0};
+uint64_t ret = UINT64_MAX;
+
+assert(!qemu_in_coroutine());
+
+QEMU_LOCK_GUARD(&pdev->io_mutex);
+if (!mpqemu_msg_send(msg, pdev->ioc, errp)) {
+return ret;
+}
+
+if (!mpqemu_msg_recv(&msg_reply, pdev->ioc, errp)) {
+return ret;
+}
+
+if (!mpqemu_msg_valid(&msg_reply)) {
+error_setg(errp, "ERROR: Invalid reply received for command %d",
+ msg->cmd);
+return ret;
+}
+
+return msg_reply.data.u64;
+}
+
 bool mpqemu_msg_valid(MPQemuMsg *msg)
 {
 if (msg->cmd >= MPQEMU_CMD_MAX && msg->cmd < 0) {
-- 
1.8.3.1

[PATCH 8/8] s390x/pci: Prevent ISM device passthrough on older host kernels

2021-01-19 Thread Matthew Rosato

If the underlying host does not provide CLP capabilities, we cannot tell
what type of function is being passed through, which means for ISM devices
we can't properly tell if the vfio I/O region is necessary.  If the ISM
device is allowed to pass through erroneously, it will not function
properly without the I/O region.  Therefore, check for unclassified devices
that do not have MSI-X support and still disallow these from being passed
through, using the same error as known ISM devices when the vfio I/O region
is unavailable.

Signed-off-by: Matthew Rosato 
---
 hw/s390x/s390-pci-bus.c | 13 +
 include/hw/s390x/s390-pci-bus.h |  1 +
 2 files changed, 14 insertions(+)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index 9d5c2c5..0dfdc88 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -1037,6 +1037,19 @@ static void s390_pcihost_plug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 if (pbdev->pft == ZPCI_PFT_ISM) {
 ret = s390_pci_get_zpci_io_region(pbdev);
 }
+/*
+ * If the device type is unclassified, it may be due to the fact
+ * that CLP info was not provided by vfio -- Which means we cannot
+ * tell if this is actually an ISM device, which will not be able
+ * to function properly without proper identification and the I/O
+ * region.  Therefore, attempt to identify the ISM device via the
+ * lack of MSI-X and only in this case prevent the device from
+ * being passed through.
+ */
+else if (pbdev->pft == ZPCI_PFT_UNCLASSIFIED &&
+ !pci_find_capability(pbdev->pdev, PCI_CAP_ID_MSIX)) {
+ret = -EINVAL;
+}
 if (ret) {
 error_setg(errp, "vfio zPCI I/O region support is mandatory "
"for %02x:%02x.%01x", pci_dev_bus_num(pdev),
diff --git a/include/hw/s390x/s390-pci-bus.h b/include/hw/s390x/s390-pci-bus.h
index aaef890..d75aad8 100644
--- a/include/hw/s390x/s390-pci-bus.h
+++ b/include/hw/s390x/s390-pci-bus.h
@@ -44,6 +44,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(S390PCIBusDevice, S390_PCI_DEVICE)
 OBJECT_DECLARE_SIMPLE_TYPE(S390PCIIOMMU, S390_PCI_IOMMU)
 
 /* PCI Function Types */
+#define ZPCI_PFT_UNCLASSIFIED 0
 #define ZPCI_PFT_ISM 5
 
 #define HP_EVENT_TO_CONFIGURED0x0301
-- 
1.8.3.1

1 2 3 4 5 >

1 - 100 of 485 matches

Mail list logo