Re: [PATCH v5 19/23] target/ppc: Implement setbc/setbcr/stnbc/setnbcr instructions

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:21PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Matheus Ferst 
> 
> Implements the following PowerISA v3.1 instructions:
> setbc: Set Boolean Condition
> setbcr: Set Boolean Condition Reverse
> setnbc: Set Negative Boolean Condition
> setnbcr: Set Negative Boolean Condition Reverse
> 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
> v5:
> - Style fix;
> - Use tcg_gen_setcondi_tl instead of tcg_gen_movcond_tl.
> ---
>  target/ppc/insn32.decode   | 10 ++
>  target/ppc/translate/fixedpoint-impl.c.inc | 23 ++
>  2 files changed, 33 insertions(+)
> 
> diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
> index 00ec0f4328..bc69c70493 100644
> --- a/target/ppc/insn32.decode
> +++ b/target/ppc/insn32.decode
> @@ -26,6 +26,9 @@
>  &X  rt ra rb
>  @X  .. rt:5 ra:5 rb:5 .. .  &X
>  
> +&X_bi   rt bi
> +@X_bi   .. rt:5 bi:5 - .. - &X_bi
> +
>  ### Fixed-Point Load Instructions
>  
>  LBZ 100010 . .  @D
> @@ -83,3 +86,10 @@ STDUX   01 . . . 0010110101 -   @X
>  
>  ADDI001110 . .  @D
>  ADDIS   00 . .  @D
> +
> +### Move To/From System Register Instructions
> +
> +SETBC   01 . . - 011000 -   @X_bi
> +SETBCR  01 . . - 011010 -   @X_bi
> +SETNBC  01 . . - 011100 -   @X_bi
> +SETNBCR 01 . . - 00 -   @X_bi
> diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
> b/target/ppc/translate/fixedpoint-impl.c.inc
> index 2d2d874146..204848d017 100644
> --- a/target/ppc/translate/fixedpoint-impl.c.inc
> +++ b/target/ppc/translate/fixedpoint-impl.c.inc
> @@ -204,3 +204,26 @@ static bool trans_PNOP(DisasContext *ctx, arg_PNOP *a)
>  {
>  return true;
>  }
> +
> +static bool do_set_bool_cond(DisasContext *ctx, arg_X_bi *a, bool neg, bool 
> rev)
> +{
> +REQUIRE_INSNS_FLAGS2(ctx, ISA310);
> +uint32_t mask = 0x08 >> (a->bi & 0x03);
> +TCGCond cond = rev ? TCG_COND_EQ : TCG_COND_NE;
> +TCGv temp = tcg_temp_new();
> +
> +tcg_gen_extu_i32_tl(temp, cpu_crf[a->bi >> 2]);
> +tcg_gen_andi_tl(temp, temp, mask);
> +tcg_gen_setcondi_tl(cond, cpu_gpr[a->rt], temp, 0);
> +if(neg) {
> +tcg_gen_neg_tl(cpu_gpr[a->rt], cpu_gpr[a->rt]);
> +}
> +tcg_temp_free(temp);
> +
> +return true;
> +}
> +
> +TRANS(SETBC, do_set_bool_cond, false, false)
> +TRANS(SETBCR, do_set_bool_cond, false, true)
> +TRANS(SETNBC, do_set_bool_cond, true, false)
> +TRANS(SETNBCR, do_set_bool_cond, true, true)

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH v5 16/23] target/ppc: Implement prefixed integer load instructions

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:18PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
>  target/ppc/insn64.decode   | 15 +++
>  target/ppc/translate/fixedpoint-impl.c.inc | 16 
>  2 files changed, 31 insertions(+)
> 
> diff --git a/target/ppc/insn64.decode b/target/ppc/insn64.decode
> index 9aa5097a98..547bd1736f 100644
> --- a/target/ppc/insn64.decode
> +++ b/target/ppc/insn64.decode
> @@ -24,6 +24,21 @@
>  .. rt:5 ra:5    \
>  &PLS_D si=%pls_si
>  
> +### Fixed-Point Load Instructions
> +
> +PLBZ01 10 0--.-- .. \
> +100010 . .  @PLS_D
> +PLHZ01 10 0--.-- .. \
> +101000 . .  @PLS_D
> +PLHA01 10 0--.-- .. \
> +101010 . .  @PLS_D
> +PLWZ01 10 0--.-- .. \
> +10 . .  @PLS_D
> +PLWA01 00 0--.-- .. \
> +101001 . .  @PLS_D
> +PLD 01 00 0--.-- .. \
> +111001 . .  @PLS_D
> +
>  ### Fixed-Point Arithmetic Instructions
>  
>  PADDI   01 10 0--.-- .. \
> diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
> b/target/ppc/translate/fixedpoint-impl.c.inc
> index 6140dd41ca..7687f31d6f 100644
> --- a/target/ppc/translate/fixedpoint-impl.c.inc
> +++ b/target/ppc/translate/fixedpoint-impl.c.inc
> @@ -80,6 +80,16 @@ static bool do_ldst_D(DisasContext *ctx, arg_D *a, bool 
> update, bool store,
>  return do_ldst(ctx, a->rt, a->ra, tcg_constant_tl(a->si), update, store, 
> mop);
>  }
>  
> +static bool do_ldst_PLS_D(DisasContext *ctx, arg_PLS_D *a, bool update,
> +  bool store, MemOp mop)
> +{
> +arg_D d;
> +if (!resolve_PLS_D(ctx, &d, a)) {
> +return true;
> +}
> +return do_ldst_D(ctx, &d, update, store, mop);
> +}
> +
>  static bool do_ldst_X(DisasContext *ctx, arg_X *a, bool update,
>bool store, MemOp mop)
>  {
> @@ -91,35 +101,41 @@ TRANS(LBZ, do_ldst_D, false, false, MO_UB)
>  TRANS(LBZX, do_ldst_X, false, false, MO_UB)
>  TRANS(LBZU, do_ldst_D, true, false, MO_UB)
>  TRANS(LBZUX, do_ldst_X, true, false, MO_UB)
> +TRANS(PLBZ, do_ldst_PLS_D, false, false, MO_UB)
>  
>  /* Load Halfword and Zero */
>  TRANS(LHZ, do_ldst_D, false, false, MO_UW)
>  TRANS(LHZX, do_ldst_X, false, false, MO_UW)
>  TRANS(LHZU, do_ldst_D, true, false, MO_UW)
>  TRANS(LHZUX, do_ldst_X, true, false, MO_UW)
> +TRANS(PLHZ, do_ldst_PLS_D, false, false, MO_UW)
>  
>  /* Load Halfword Algebraic */
>  TRANS(LHA, do_ldst_D, false, false, MO_SW)
>  TRANS(LHAX, do_ldst_X, false, false, MO_SW)
>  TRANS(LHAU, do_ldst_D, true, false, MO_SW)
>  TRANS(LHAXU, do_ldst_X, true, false, MO_SW)
> +TRANS(PLHA, do_ldst_PLS_D, false, false, MO_SW)
>  
>  /* Load Word and Zero */
>  TRANS(LWZ, do_ldst_D, false, false, MO_UL)
>  TRANS(LWZX, do_ldst_X, false, false, MO_UL)
>  TRANS(LWZU, do_ldst_D, true, false, MO_UL)
>  TRANS(LWZUX, do_ldst_X, true, false, MO_UL)
> +TRANS(PLWZ, do_ldst_PLS_D, false, false, MO_UL)
>  
>  /* Load Word Algebraic */
>  TRANS64(LWA, do_ldst_D, false, false, MO_SL)
>  TRANS64(LWAX, do_ldst_X, false, false, MO_SL)
>  TRANS64(LWAUX, do_ldst_X, true, false, MO_SL)
> +TRANS64(PLWA, do_ldst_PLS_D, false, false, MO_SL)
>  
>  /* Load Doubleword */
>  TRANS64(LD, do_ldst_D, false, false, MO_Q)
>  TRANS64(LDX, do_ldst_X, false, false, MO_Q)
>  TRANS64(LDU, do_ldst_D, true, false, MO_Q)
>  TRANS64(LDUX, do_ldst_X, true, false, MO_Q)
> +TRANS64(PLD, do_ldst_PLS_D, false, false, MO_Q)
>  
>  /*
>   * Fixed-Point Arithmetic Instructions

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH] Fix `lxvdsx` (issue #212)

2021-05-17 Thread David Gibson

On Mon, May 17, 2021 at 04:40:32PM -0500, Paul A. Clarke wrote:
> `lxvdsx` is byte-swapping the data it loads, which it should not
> do.  Fix it.
> 
> Fixes #212.
> 
> Fixes: bcb0b7b1a1c05707304f80ca6f523d557816f85c
> Signed-off-by:  Paul A. Clarke ' ...^

I'm having a hard time convincing myself this is correct in all cases.
Have you tested it with all combinations of BE/LE host and BE/LE guest
code?

The description in the ISA is pretty inscrutable, since it's in terms
of the confusing numbering if different element types in BE vs LE
mode.

It looks to me like before bcb0b7b1a1c0 this originally resolved to
MO_Q modified by ctx->default_tcg_memop_mask, which appears to depend
on the current guest endian mode.  That's pretty hard to trace through
the various layers of macros, but for reference, before bcb0b7b1a1c0
this used gen_qemu_ld64_i64(), which appears to be constructed by the
line GEN_QEMU_LOAD_64(ld64,  DEF_MEMOP(MO_Q)) in translate.c.

Richard or Giuseppe, care to weigh in?

> ---
>  target/ppc/translate/vsx-impl.c.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/ppc/translate/vsx-impl.c.inc 
> b/target/ppc/translate/vsx-impl.c.inc
> index b817d31260bb..46f97c029ca8 100644
> --- a/target/ppc/translate/vsx-impl.c.inc
> +++ b/target/ppc/translate/vsx-impl.c.inc
> @@ -162,7 +162,7 @@ static void gen_lxvdsx(DisasContext *ctx)
>  gen_addr_reg_index(ctx, EA);
>  
>  data = tcg_temp_new_i64();
> -tcg_gen_qemu_ld_i64(data, EA, ctx->mem_idx, MO_TEQ);
> +tcg_gen_qemu_ld_i64(data, EA, ctx->mem_idx, MO_LEQ);
>  tcg_gen_gvec_dup_i64(MO_Q, vsr_full_offset(xT(ctx->opcode)), 16, 16, 
> data);
>  
>  tcg_temp_free(EA);

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH v5 11/23] target/ppc: Add infrastructure for prefixed insns

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:13PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> Signed-off-by: Luis Pires 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
>  target/ppc/cpu.h   |  1 +
>  target/ppc/insn32.decode   | 18 
>  target/ppc/insn64.decode   | 18 
>  target/ppc/meson.build |  9 ++
>  target/ppc/translate.c | 34 +++---
>  target/ppc/translate/fixedpoint-impl.c.inc | 18 
>  6 files changed, 94 insertions(+), 4 deletions(-)
>  create mode 100644 target/ppc/insn32.decode
>  create mode 100644 target/ppc/insn64.decode
>  create mode 100644 target/ppc/translate/fixedpoint-impl.c.inc
> 
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index cab33a3680..351fcdf5f8 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -144,6 +144,7 @@ enum {
>  POWERPC_EXCP_ALIGN_PROT= 0x04,  /* Access cross protection boundary  
> */
>  POWERPC_EXCP_ALIGN_BAT = 0x05,  /* Access cross a BAT/seg boundary   
> */
>  POWERPC_EXCP_ALIGN_CACHE   = 0x06,  /* Impossible dcbz access
> */
> +POWERPC_EXCP_ALIGN_INSN= 0x07,  /* Pref. insn x-ing 64-byte boundary 
> */
>  /* Exception subtypes for POWERPC_EXCP_PROGRAM   
> */
>  /* FP exceptions 
> */
>  POWERPC_EXCP_FP= 0x10,
> diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
> new file mode 100644
> index 00..a3a8ae06bf
> --- /dev/null
> +++ b/target/ppc/insn32.decode
> @@ -0,0 +1,18 @@
> +#
> +# Power ISA decode for 32-bit insns (opcode space 0)
> +#
> +# Copyright (c) 2021 Instituto de Pesquisas Eldorado (eldorado.org.br)
> +#
> +# This library is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU Lesser General Public
> +# License as published by the Free Software Foundation; either
> +# version 2.1 of the License, or (at your option) any later version.
> +#
> +# This library is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +# Lesser General Public License for more details.
> +#
> +# You should have received a copy of the GNU Lesser General Public
> +# License along with this library; if not, see 
> .
> +#
> diff --git a/target/ppc/insn64.decode b/target/ppc/insn64.decode
> new file mode 100644
> index 00..a38b1f84dc
> --- /dev/null
> +++ b/target/ppc/insn64.decode
> @@ -0,0 +1,18 @@
> +#
> +# Power ISA decode for 64-bit prefixed insns (opcode space 0 and 1)
> +#
> +# Copyright (c) 2021 Instituto de Pesquisas Eldorado (eldorado.org.br)
> +#
> +# This library is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU Lesser General Public
> +# License as published by the Free Software Foundation; either
> +# version 2.1 of the License, or (at your option) any later version.
> +#
> +# This library is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +# Lesser General Public License for more details.
> +#
> +# You should have received a copy of the GNU Lesser General Public
> +# License along with this library; if not, see 
> .
> +#
> diff --git a/target/ppc/meson.build b/target/ppc/meson.build
> index d1aa7d5d39..512e3a0288 100644
> --- a/target/ppc/meson.build
> +++ b/target/ppc/meson.build
> @@ -17,6 +17,15 @@ ppc_ss.add(files(
>  
>  ppc_ss.add(libdecnumber)
>  
> +gen = [
> +  decodetree.process('insn32.decode',
> + extra_args: '--static-decode=decode_insn32'),
> +  decodetree.process('insn64.decode',
> + extra_args: ['--static-decode=decode_insn64',
> +  '--insnwidth=64']),
> +]
> +ppc_ss.add(gen)
> +
>  ppc_ss.add(when: 'CONFIG_KVM', if_true: files('kvm.c'), if_false: 
> files('kvm-stub.c'))
>  ppc_ss.add(when: 'CONFIG_USER_ONLY', if_true: files('user_only_helper.c'))
>  
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index b1873d2dcc..64d6acb078 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -7776,6 +7776,10 @@ static inline void set_avr64(int regno, TCGv_i64 src, 
> bool high)
>  # define REQUIRE_64BIT(CTX)  REQUIRE_INSNS_FLAGS(CTX, 64B)
>  #endif
>  
> +#include "decode-insn32.c.inc"
> +#include "decode-insn64.c.inc"
> +#include "translate/fixedpoint-impl.c.inc"
> +
>  #include "translate/fp-impl.c.inc"
>  
>  #include "translate/vmx-impl.c.inc"
> @@ -9089,11 +9093,18 @@ static bool ppc_tr_breakpoint_check(DisasContextBase 
> *dcbase,

Re: [PATCH v5 10/23] target/ppc: Move page crossing check to ppc_tr_translate_insn

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:12PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> With prefixed instructions, the number of instructions
> remaining until the page crossing is no longer constant.
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
>  target/ppc/translate.c | 8 +---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index dc0f5fafc2..b1873d2dcc 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -9060,9 +9060,6 @@ static void ppc_tr_init_disas_context(DisasContextBase 
> *dcbase, CPUState *cs)
>  
>  if (ctx->singlestep_enabled & (CPU_SINGLE_STEP | GDBSTUB_SINGLE_STEP)) {
>  ctx->base.max_insns = 1;
> -} else {
> -int bound = -(ctx->base.pc_first | TARGET_PAGE_MASK) / 4;
> -ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
>  }
>  }
>  
> @@ -9117,6 +9114,11 @@ static void ppc_tr_translate_insn(DisasContextBase 
> *dcbase, CPUState *cs)
>  handler->count++;
>  #endif
>  
> +/* End the TB when crossing a page boundary. */
> +if (ctx->base.is_jmp == DISAS_NEXT && !(pc & ~TARGET_PAGE_MASK)) {
> +ctx->base.is_jmp = DISAS_TOO_MANY;
> +}
> +
>  translator_loop_temp_check(&ctx->base);
>  }
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH v5 13/23] target/ppc: Implement PNOP

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:15PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> The illegal suffix behavior matches what was observed in a
> POWER10 DD2.0 machine.
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
> v5:
> - Remove argument set from PNOP;
> - Use no_overlap_group for invalid suffixes.
> ---
>  target/ppc/insn64.decode   | 67 ++
>  target/ppc/translate/fixedpoint-impl.c.inc | 11 
>  2 files changed, 78 insertions(+)
> 
> diff --git a/target/ppc/insn64.decode b/target/ppc/insn64.decode
> index 1965088915..9aa5097a98 100644
> --- a/target/ppc/insn64.decode
> +++ b/target/ppc/insn64.decode
> @@ -28,3 +28,70 @@
>  
>  PADDI   01 10 0--.-- .. \
>  001110 . .  @PLS_D
> +
> +### Prefixed No-operation Instruction
> +
> +@PNOP   01 11 -- 00 \
> +
> +
> +{
> +  [
> +## Invalid suffixes: Branch instruction
> +# bc[l][a]
> +INVALID \
> +01--@PNOP
> +# b[l][a]
> +INVALID \
> +010010--@PNOP
> +# bclr[l]
> +INVALID \
> +010011---01-@PNOP
> +# bcctr[l]
> +INVALID \
> +010011---11-@PNOP
> +# bctar[l]
> +INVALID \
> +010011---100011-@PNOP
> +
> +## Invalid suffixes: rfebb
> +INVALID \
> +010011---0010010010-@PNOP
> +
> +## Invalid suffixes: context synchronizing other than isync
> +# sc
> +INVALID \
> +0100011-@PNOP
> +# scv
> +INVALID \
> +01000101@PNOP
> +# rfscv
> +INVALID \
> +010011---0001010010-@PNOP
> +# rfid
> +INVALID \
> +010011---010010-@PNOP
> +# hrfid
> +INVALID \
> +010011---0100010010-@PNOP
> +# urfid
> +INVALID \
> +010011---0100110010-@PNOP
> +# stop
> +INVALID \
> +010011---0101110010-@PNOP
> +# mtmsr w/ L=0
> +INVALID \
> +01-0-0010010010-@PNOP
> +# mtmsrd w/ L=0
> +INVALID \
> +01-0-0010110010-@PNOP
> +
> +## Invalid suffixes: Service Processor Attention
> +INVALID \
> +001-@PNOP
> +  ]
> +
> +  ## Valid suffixes
> +  PNOP  \
> +@PNOP
> +}
> diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
> b/target/ppc/translate/fixedpoint-impl.c.inc
> index 344a3ed54b..ce034a14a7 100644
> --- a/target/ppc/translate/fixedpoint-impl.c.inc
> +++ b/target/ppc/translate/fixedpoint-impl.c.inc
> @@ -60,3 +60,14 @@ static bool trans_ADDIS(DisasContext *ctx, arg_D *a)
>  a->si <<= 16;
>  return trans_ADDI(ctx, a);
>  }
> +
> +static bool trans_INVALID(DisasContext *ctx, arg_INVALID *a)
> +{
> +gen_invalid(ctx);
> +return true;
> +}
> +
> +static bool trans_PNOP(DisasContext *ctx, arg_PNOP *a)
> +{
> +return true;
> +}

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH v5 09/23] target/ppc: Introduce macros to check isa extensions

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:11PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> These will be used by the decodetree trans_* functions
> to early-exit when the instruction set is not enabled.
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
>  target/ppc/translate.c | 26 ++
>  1 file changed, 26 insertions(+)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index ea200f9637..dc0f5fafc2 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -7750,6 +7750,32 @@ static inline void set_avr64(int regno, TCGv_i64 src, 
> bool high)
>  tcg_gen_st_i64(src, cpu_env, avr64_offset(regno, high));
>  }
>  
> +/*
> + * Helpers for trans_* functions to check for specific insns flags.
> + * Use token pasting to ensure that we use the proper flag with the
> + * proper variable.
> + */
> +#define REQUIRE_INSNS_FLAGS(CTX, NAME) \
> +do {\
> +if (((CTX)->insns_flags & PPC_##NAME) == 0) {   \
> +return false;   \
> +}   \
> +} while (0)
> +
> +#define REQUIRE_INSNS_FLAGS2(CTX, NAME) \
> +do {\
> +if (((CTX)->insns_flags2 & PPC2_##NAME) == 0) { \
> +return false;   \
> +}   \
> +} while (0)
> +
> +/* Then special-case the check for 64-bit so that we elide code for ppc32. */
> +#if TARGET_LONG_BITS == 32
> +# define REQUIRE_64BIT(CTX)  return false
> +#else
> +# define REQUIRE_64BIT(CTX)  REQUIRE_INSNS_FLAGS(CTX, 64B)
> +#endif
> +
>  #include "translate/fp-impl.c.inc"
>  
>  #include "translate/vmx-impl.c.inc"

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH v5 08/23] target/ppc: Use translator_loop_temp_check

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:10PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> The special logging is unnecessary.  It will have been done
> immediately before in the log file.
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 
> Reviewed-by: Bruno Larsen (billionai) 

Applied to ppc-for-6.1, thanks.

> ---
>  target/ppc/translate.c | 6 +-
>  1 file changed, 1 insertion(+), 5 deletions(-)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index e68152810e..ea200f9637 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -9091,11 +9091,7 @@ static void ppc_tr_translate_insn(DisasContextBase 
> *dcbase, CPUState *cs)
>  handler->count++;
>  #endif
>  
> -if (tcg_check_temp_count()) {
> -qemu_log("Opcode %02x %02x %02x %02x (%08x) leaked "
> - "temporaries\n", opc1(ctx->opcode), opc2(ctx->opcode),
> - opc3(ctx->opcode), opc4(ctx->opcode), ctx->opcode);
> -}
> +translator_loop_temp_check(&ctx->base);
>  }
>  
>  static void ppc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH v5 07/23] target/ppc: Mark helper_raise_exception* as noreturn

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:09PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
>  target/ppc/helper.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/target/ppc/helper.h b/target/ppc/helper.h
> index 513066d54d..ea9f2a236c 100644
> --- a/target/ppc/helper.h
> +++ b/target/ppc/helper.h
> @@ -1,5 +1,5 @@
> -DEF_HELPER_FLAGS_3(raise_exception_err, TCG_CALL_NO_WG, void, env, i32, i32)
> -DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_WG, void, env, i32)
> +DEF_HELPER_FLAGS_3(raise_exception_err, TCG_CALL_NO_WG, noreturn, env, i32, 
> i32)
> +DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_WG, noreturn, env, i32)
>  DEF_HELPER_FLAGS_4(tw, TCG_CALL_NO_WG, void, env, tl, tl, i32)
>  #if defined(TARGET_PPC64)
>  DEF_HELPER_FLAGS_4(td, TCG_CALL_NO_WG, void, env, tl, tl, i32)

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH v5 06/23] target/ppc: Tidy exception vs exit_tb

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:08PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> We do not need to emit an exit_tb after an exception,
> as the latter will exit via longjmp.
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
>  target/ppc/translate.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index 05e3c0417a..e68152810e 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -4648,8 +4648,9 @@ static void gen_lookup_and_goto_ptr(DisasContext *ctx)
>  } else if (sse & (CPU_SINGLE_STEP | CPU_BRANCH_STEP)) {
>  uint32_t excp = gen_prep_dbgex(ctx);
>  gen_exception(ctx, excp);
> +} else {
> +tcg_gen_exit_tb(NULL, 0);
>  }
> -tcg_gen_exit_tb(NULL, 0);
>  } else {
>  tcg_gen_lookup_and_goto_ptr();
>  }

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH v5 01/23] target/ppc: Introduce gen_icount_io_start

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:03PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> Create a function to handle the details for interacting with icount.
> 
> Force the exit from the tb via DISAS_TOO_MANY, which allows chaining
> to the next tb, where the code emitted for gen_tb_start() will
> determine if we must exit.  We can thus remove any matching
> conditional call to gen_stop_exception.
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
>  target/ppc/translate.c | 174 +
>  1 file changed, 39 insertions(+), 135 deletions(-)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index d51a1913a7..060ef83bc0 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -304,6 +304,20 @@ static void gen_exception_nip(DisasContext *ctx, 
> uint32_t excp,
>  ctx->base.is_jmp = DISAS_NORETURN;
>  }
>  
> +static void gen_icount_io_start(DisasContext *ctx)
> +{
> +if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> +gen_io_start();
> +/*
> + * An I/O instruction must be last in the TB.
> + * Chain to the next TB, and let the code from gen_tb_start
> + * decide if we need to return to the main loop.
> + * Doing this first also allows this value to be overridden.
> + */
> +ctx->base.is_jmp = DISAS_TOO_MANY;
> +}
> +}
> +
>  /*
>   * Tells the caller what is the appropriate exception to generate and 
> prepares
>   * SPR registers for this exception.
> @@ -540,24 +554,14 @@ void spr_write_ureg(DisasContext *ctx, int sprn, int 
> gprn)
>  #if !defined(CONFIG_USER_ONLY)
>  void spr_read_decr(DisasContext *ctx, int gprn, int sprn)
>  {
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_io_start();
> -}
> +gen_icount_io_start(ctx);
>  gen_helper_load_decr(cpu_gpr[gprn], cpu_env);
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_stop_exception(ctx);
> -}
>  }
>  
>  void spr_write_decr(DisasContext *ctx, int sprn, int gprn)
>  {
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_io_start();
> -}
> +gen_icount_io_start(ctx);
>  gen_helper_store_decr(cpu_env, cpu_gpr[gprn]);
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_stop_exception(ctx);
> -}
>  }
>  #endif
>  
> @@ -565,24 +569,14 @@ void spr_write_decr(DisasContext *ctx, int sprn, int 
> gprn)
>  /* Time base */
>  void spr_read_tbl(DisasContext *ctx, int gprn, int sprn)
>  {
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_io_start();
> -}
> +gen_icount_io_start(ctx);
>  gen_helper_load_tbl(cpu_gpr[gprn], cpu_env);
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_stop_exception(ctx);
> -}
>  }
>  
>  void spr_read_tbu(DisasContext *ctx, int gprn, int sprn)
>  {
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_io_start();
> -}
> +gen_icount_io_start(ctx);
>  gen_helper_load_tbu(cpu_gpr[gprn], cpu_env);
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_stop_exception(ctx);
> -}
>  }
>  
>  void spr_read_atbl(DisasContext *ctx, int gprn, int sprn)
> @@ -598,24 +592,14 @@ void spr_read_atbu(DisasContext *ctx, int gprn, int 
> sprn)
>  #if !defined(CONFIG_USER_ONLY)
>  void spr_write_tbl(DisasContext *ctx, int sprn, int gprn)
>  {
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_io_start();
> -}
> +gen_icount_io_start(ctx);
>  gen_helper_store_tbl(cpu_env, cpu_gpr[gprn]);
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_stop_exception(ctx);
> -}
>  }
>  
>  void spr_write_tbu(DisasContext *ctx, int sprn, int gprn)
>  {
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_io_start();
> -}
> +gen_icount_io_start(ctx);
>  gen_helper_store_tbu(cpu_env, cpu_gpr[gprn]);
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_stop_exception(ctx);
> -}
>  }
>  
>  void spr_write_atbl(DisasContext *ctx, int sprn, int gprn)
> @@ -631,80 +615,45 @@ void spr_write_atbu(DisasContext *ctx, int sprn, int 
> gprn)
>  #if defined(TARGET_PPC64)
>  void spr_read_purr(DisasContext *ctx, int gprn, int sprn)
>  {
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_io_start();
> -}
> +gen_icount_io_start(ctx);
>  gen_helper_load_purr(cpu_gpr[gprn], cpu_env);
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_stop_exception(ctx);
> -}
>  }
>  
>  void spr_write_purr(DisasContext *ctx, int sprn, int gprn)
>  {
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_io_start();
> -}
> +gen_icount_io_start(ctx);
>  gen_helper_store_purr(cpu_env, cpu_gpr[gprn]);
> -if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
> -gen_stop_exception(ctx);
> -}
>  }
>  
>  /* HDECR */

Re: [PATCH v5 05/23] target/ppc: Move single-step check to ppc_tr_tb_stop

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:07PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> When single-stepping, force max_insns to 1 in init_disas
> so that we exit the translation loop immediately.
> 
> Combine the single-step checks in tb_stop, and give the
> gdb exception priority over the cpu exception, just as
> we already do in gen_lookup_and_goto_ptr.
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
>  target/ppc/translate.c | 33 +++--
>  1 file changed, 19 insertions(+), 14 deletions(-)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index 80cd11b3f8..05e3c0417a 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -8992,7 +8992,6 @@ static void ppc_tr_init_disas_context(DisasContextBase 
> *dcbase, CPUState *cs)
>  DisasContext *ctx = container_of(dcbase, DisasContext, base);
>  CPUPPCState *env = cs->env_ptr;
>  uint32_t hflags = ctx->base.tb->flags;
> -int bound;
>  
>  ctx->spr_cb = env->spr_cb;
>  ctx->pr = (hflags >> HFLAGS_PR) & 1;
> @@ -9032,8 +9031,12 @@ static void ppc_tr_init_disas_context(DisasContextBase 
> *dcbase, CPUState *cs)
>  ctx->singlestep_enabled |= GDBSTUB_SINGLE_STEP;
>  }
>  
> -bound = -(ctx->base.pc_first | TARGET_PAGE_MASK) / 4;
> -ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
> +if (ctx->singlestep_enabled & (CPU_SINGLE_STEP | GDBSTUB_SINGLE_STEP)) {
> +ctx->base.max_insns = 1;
> +} else {
> +int bound = -(ctx->base.pc_first | TARGET_PAGE_MASK) / 4;
> +ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
> +}
>  }
>  
>  static void ppc_tr_tb_start(DisasContextBase *db, CPUState *cs)
> @@ -9087,14 +9090,6 @@ static void ppc_tr_translate_insn(DisasContextBase 
> *dcbase, CPUState *cs)
>  handler->count++;
>  #endif
>  
> -/* Check trace mode exceptions */
> -if (unlikely(ctx->singlestep_enabled & CPU_SINGLE_STEP &&
> - (ctx->base.pc_next <= 0x100 || ctx->base.pc_next > 0xF00) &&
> - ctx->base.is_jmp != DISAS_NORETURN)) {
> -uint32_t excp = gen_prep_dbgex(ctx);
> -gen_exception_nip(ctx, excp, ctx->base.pc_next);
> -}
> -
>  if (tcg_check_temp_count()) {
>  qemu_log("Opcode %02x %02x %02x %02x (%08x) leaked "
>   "temporaries\n", opc1(ctx->opcode), opc2(ctx->opcode),
> @@ -9107,6 +9102,7 @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, 
> CPUState *cs)
>  DisasContext *ctx = container_of(dcbase, DisasContext, base);
>  DisasJumpType is_jmp = ctx->base.is_jmp;
>  target_ulong nip = ctx->base.pc_next;
> +int sse;
>  
>  if (is_jmp == DISAS_NORETURN) {
>  /* We have already exited the TB. */
> @@ -9114,7 +9110,8 @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, 
> CPUState *cs)
>  }
>  
>  /* Honor single stepping. */
> -if (unlikely(ctx->base.singlestep_enabled)) {
> +sse = ctx->singlestep_enabled & (CPU_SINGLE_STEP | GDBSTUB_SINGLE_STEP);
> +if (unlikely(sse)) {
>  switch (is_jmp) {
>  case DISAS_TOO_MANY:
>  case DISAS_EXIT_UPDATE:
> @@ -9127,8 +9124,16 @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, 
> CPUState *cs)
>  default:
>  g_assert_not_reached();
>  }
> -gen_debug_exception(ctx);
> -return;
> +
> +if (sse & GDBSTUB_SINGLE_STEP) {
> +gen_debug_exception(ctx);
> +return;
> +}
> +/* else CPU_SINGLE_STEP... */
> +if (nip <= 0x100 || nip > 0xf00) {
> +gen_exception(ctx, gen_prep_dbgex(ctx));
> +return;
> +}
>  }
>  
>  switch (is_jmp) {

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH v5 04/23] target/ppc: Remove DisasContext.exception

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:06PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> Now that we have removed all of the fake exceptions, and all real
> exceptions exit via DISAS_NORETURN, we can remove this field.
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
>  target/ppc/translate.c | 30 --
>  1 file changed, 4 insertions(+), 26 deletions(-)
> 
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index d019454550..80cd11b3f8 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -159,7 +159,6 @@ struct DisasContext {
>  DisasContextBase base;
>  target_ulong cia;  /* current instruction address */
>  uint32_t opcode;
> -uint32_t exception;
>  /* Routine used to access memory */
>  bool pr, hv, dr, le_mode;
>  bool lazy_tlb_flush;
> @@ -261,15 +260,12 @@ static void gen_exception_err(DisasContext *ctx, 
> uint32_t excp, uint32_t error)
>   * These are all synchronous exceptions, we set the PC back to the
>   * faulting instruction
>   */
> -if (ctx->exception == POWERPC_EXCP_NONE) {
> -gen_update_nip(ctx, ctx->cia);
> -}
> +gen_update_nip(ctx, ctx->cia);
>  t0 = tcg_const_i32(excp);
>  t1 = tcg_const_i32(error);
>  gen_helper_raise_exception_err(cpu_env, t0, t1);
>  tcg_temp_free_i32(t0);
>  tcg_temp_free_i32(t1);
> -ctx->exception = excp;
>  ctx->base.is_jmp = DISAS_NORETURN;
>  }
>  
> @@ -281,13 +277,10 @@ static void gen_exception(DisasContext *ctx, uint32_t 
> excp)
>   * These are all synchronous exceptions, we set the PC back to the
>   * faulting instruction
>   */
> -if (ctx->exception == POWERPC_EXCP_NONE) {
> -gen_update_nip(ctx, ctx->cia);
> -}
> +gen_update_nip(ctx, ctx->cia);
>  t0 = tcg_const_i32(excp);
>  gen_helper_raise_exception(cpu_env, t0);
>  tcg_temp_free_i32(t0);
> -ctx->exception = excp;
>  ctx->base.is_jmp = DISAS_NORETURN;
>  }
>  
> @@ -300,7 +293,6 @@ static void gen_exception_nip(DisasContext *ctx, uint32_t 
> excp,
>  t0 = tcg_const_i32(excp);
>  gen_helper_raise_exception(cpu_env, t0);
>  tcg_temp_free_i32(t0);
> -ctx->exception = excp;
>  ctx->base.is_jmp = DISAS_NORETURN;
>  }
>  
> @@ -4993,13 +4985,10 @@ static void gen_scv(DisasContext *ctx)
>  uint32_t lev = (ctx->opcode >> 5) & 0x7F;
>  
>  /* Set the PC back to the faulting instruction. */
> -if (ctx->exception == POWERPC_EXCP_NONE) {
> -gen_update_nip(ctx, ctx->cia);
> -}
> +gen_update_nip(ctx, ctx->cia);
>  gen_helper_scv(cpu_env, tcg_constant_i32(lev));
>  
> -/* This need not be exact, just not POWERPC_EXCP_NONE */
> -ctx->exception = POWERPC_SYSCALL_VECTORED;
> +ctx->base.is_jmp = DISAS_NORETURN;
>  }
>  #endif
>  #endif
> @@ -9005,7 +8994,6 @@ static void ppc_tr_init_disas_context(DisasContextBase 
> *dcbase, CPUState *cs)
>  uint32_t hflags = ctx->base.tb->flags;
>  int bound;
>  
> -ctx->exception = POWERPC_EXCP_NONE;
>  ctx->spr_cb = env->spr_cb;
>  ctx->pr = (hflags >> HFLAGS_PR) & 1;
>  ctx->mem_idx = (hflags >> HFLAGS_DMMU_IDX) & 7;
> @@ -9112,16 +9100,6 @@ static void ppc_tr_translate_insn(DisasContextBase 
> *dcbase, CPUState *cs)
>   "temporaries\n", opc1(ctx->opcode), opc2(ctx->opcode),
>   opc3(ctx->opcode), opc4(ctx->opcode), ctx->opcode);
>  }
> -
> -if (ctx->base.is_jmp == DISAS_NEXT) {
> -switch (ctx->exception) {
> -case POWERPC_EXCP_NONE:
> -break;
> -default:
> -/* Every other ctx->exception should have set NORETURN. */
> -g_assert_not_reached();
> -}
> -}
>  }
>  
>  static void ppc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH v5 03/23] target/ppc: Replace POWERPC_EXCP_BRANCH with DISAS_NORETURN

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:05PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> The translation of branch instructions always results in exit from
> the TB. Remove the synthetic "exception" after no more uses.
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
>  linux-user/ppc/cpu_loop.c | 3 ---
>  target/ppc/cpu.h  | 2 --
>  target/ppc/translate.c| 8 ++--
>  3 files changed, 2 insertions(+), 11 deletions(-)
> 
> diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c
> index fe526693d2..fa91ea0eed 100644
> --- a/linux-user/ppc/cpu_loop.c
> +++ b/linux-user/ppc/cpu_loop.c
> @@ -423,9 +423,6 @@ void cpu_loop(CPUPPCState *env)
>  cpu_abort(cs, "Maintenance exception while in user mode. "
>"Aborting\n");
>  break;
> -case POWERPC_EXCP_BRANCH:   /* branch instruction:   
> */
> -/* We just stopped because of a branch. Go on */
> -break;
>  case POWERPC_EXCP_SYSCALL_USER:
>  /* system call in user-mode emulation */
>  /* WARNING:
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index 9e38df685d..cab33a3680 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -131,8 +131,6 @@ enum {
>  POWERPC_EXCP_SYSCALL_VECTORED = 102, /* scv exception
>  */
>  /* EOL   
> */
>  POWERPC_EXCP_NB   = 103,
> -/* QEMU exceptions: used internally during code translation  
> */
> -POWERPC_EXCP_BRANCH   = 0x201, /* branch instruction 
> */
>  /* QEMU exceptions: special cases we want to stop translation
> */
>  POWERPC_EXCP_SYSCALL_USER = 0x203, /* System call in user mode only  
> */
>  };
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index f57b67be5f..d019454550 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -4692,7 +4692,6 @@ static void gen_b(DisasContext *ctx)
>  {
>  target_ulong li, target;
>  
> -ctx->exception = POWERPC_EXCP_BRANCH;
>  /* sign extend LI */
>  li = LI(ctx->opcode);
>  li = (li ^ 0x0200) - 0x0200;
> @@ -4706,6 +4705,7 @@ static void gen_b(DisasContext *ctx)
>  }
>  gen_update_cfar(ctx, ctx->cia);
>  gen_goto_tb(ctx, 0, target);
> +ctx->base.is_jmp = DISAS_NORETURN;
>  }
>  
>  #define BCOND_IM  0
> @@ -4718,7 +4718,6 @@ static void gen_bcond(DisasContext *ctx, int type)
>  uint32_t bo = BO(ctx->opcode);
>  TCGLabel *l1;
>  TCGv target;
> -ctx->exception = POWERPC_EXCP_BRANCH;
>  
>  if (type == BCOND_LR || type == BCOND_CTR || type == BCOND_TAR) {
>  target = tcg_temp_local_new();
> @@ -4825,6 +4824,7 @@ static void gen_bcond(DisasContext *ctx, int type)
>  gen_set_label(l1);
>  gen_goto_tb(ctx, 1, ctx->base.pc_next);
>  }
> +ctx->base.is_jmp = DISAS_NORETURN;
>  }
>  
>  static void gen_bc(DisasContext *ctx)
> @@ -9102,7 +9102,6 @@ static void ppc_tr_translate_insn(DisasContextBase 
> *dcbase, CPUState *cs)
>  /* Check trace mode exceptions */
>  if (unlikely(ctx->singlestep_enabled & CPU_SINGLE_STEP &&
>   (ctx->base.pc_next <= 0x100 || ctx->base.pc_next > 0xF00) &&
> - ctx->exception != POWERPC_EXCP_BRANCH &&
>   ctx->base.is_jmp != DISAS_NORETURN)) {
>  uint32_t excp = gen_prep_dbgex(ctx);
>  gen_exception_nip(ctx, excp, ctx->base.pc_next);
> @@ -9118,9 +9117,6 @@ static void ppc_tr_translate_insn(DisasContextBase 
> *dcbase, CPUState *cs)
>  switch (ctx->exception) {
>  case POWERPC_EXCP_NONE:
>  break;
> -case POWERPC_EXCP_BRANCH:
> -ctx->base.is_jmp = DISAS_NORETURN;
> -break;
>  default:
>  /* Every other ctx->exception should have set NORETURN. */
>  g_assert_not_reached();

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


Re: [PATCH v5 02/23] target/ppc: Replace POWERPC_EXCP_STOP with DISAS_EXIT_UPDATE

2021-05-17 Thread David Gibson
On Mon, May 17, 2021 at 05:50:04PM -0300, matheus.fe...@eldorado.org.br wrote:
> From: Richard Henderson 
> 
> Remove the synthetic "exception" after no more uses.
> 
> Signed-off-by: Richard Henderson 
> Signed-off-by: Matheus Ferst 

Applied to ppc-for-6.1, thanks.

> ---
>  linux-user/ppc/cpu_loop.c |  3 ---
>  target/ppc/cpu.h  |  1 -
>  target/ppc/translate.c| 24 +++-
>  3 files changed, 7 insertions(+), 21 deletions(-)
> 
> diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c
> index 4a0f6c8dc2..fe526693d2 100644
> --- a/linux-user/ppc/cpu_loop.c
> +++ b/linux-user/ppc/cpu_loop.c
> @@ -423,9 +423,6 @@ void cpu_loop(CPUPPCState *env)
>  cpu_abort(cs, "Maintenance exception while in user mode. "
>"Aborting\n");
>  break;
> -case POWERPC_EXCP_STOP: /* stop translation  
> */
> -/* We did invalidate the instruction cache. Go on */
> -break;
>  case POWERPC_EXCP_BRANCH:   /* branch instruction:   
> */
>  /* We just stopped because of a branch. Go on */
>  break;
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index 99ee1e09b2..9e38df685d 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -132,7 +132,6 @@ enum {
>  /* EOL   
> */
>  POWERPC_EXCP_NB   = 103,
>  /* QEMU exceptions: used internally during code translation  
> */
> -POWERPC_EXCP_STOP = 0x200, /* stop translation   
> */
>  POWERPC_EXCP_BRANCH   = 0x201, /* branch instruction 
> */
>  /* QEMU exceptions: special cases we want to stop translation
> */
>  POWERPC_EXCP_SYSCALL_USER = 0x203, /* System call in user mode only  
> */
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index 060ef83bc0..f57b67be5f 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -369,13 +369,6 @@ static inline void gen_hvpriv_exception(DisasContext 
> *ctx, uint32_t error)
>  gen_exception_err(ctx, POWERPC_EXCP_HV_EMU, POWERPC_EXCP_PRIV | error);
>  }
>  
> -/* Stop translation */
> -static inline void gen_stop_exception(DisasContext *ctx)
> -{
> -gen_update_nip(ctx, ctx->base.pc_next);
> -ctx->exception = POWERPC_EXCP_STOP;
> -}
> -
>  
> /*/
>  /* SPR READ/WRITE CALLBACKS */
>  
> @@ -829,7 +822,7 @@ void spr_write_hid0_601(DisasContext *ctx, int sprn, int 
> gprn)
>  {
>  gen_helper_store_hid0_601(cpu_env, cpu_gpr[gprn]);
>  /* Must stop the translation as endianness may have changed */
> -gen_stop_exception(ctx);
> +ctx->base.is_jmp = DISAS_EXIT_UPDATE;
>  }
>  #endif
>  
> @@ -877,7 +870,7 @@ void spr_write_40x_dbcr0(DisasContext *ctx, int sprn, int 
> gprn)
>  gen_store_spr(sprn, cpu_gpr[gprn]);
>  gen_helper_store_40x_dbcr0(cpu_env, cpu_gpr[gprn]);
>  /* We must stop translation as we may have rebooted */
> -gen_stop_exception(ctx);
> +ctx->base.is_jmp = DISAS_EXIT_UPDATE;
>  }
>  
>  void spr_write_40x_sler(DisasContext *ctx, int sprn, int gprn)
> @@ -4080,7 +4073,7 @@ static void gen_isync(DisasContext *ctx)
>  gen_check_tlb_flush(ctx, false);
>  }
>  tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
> -gen_stop_exception(ctx);
> +ctx->base.is_jmp = DISAS_EXIT_UPDATE;
>  }
>  
>  #define MEMOP_GET_SIZE(x)  (1 << ((x) & MO_SIZE))
> @@ -5312,7 +5305,7 @@ static void gen_mtmsrd(DisasContext *ctx)
>  gen_helper_store_msr(cpu_env, cpu_gpr[rS(ctx->opcode)]);
>  }
>  /* Must stop the translation as machine state (may have) changed */
> -gen_stop_exception(ctx);
> +ctx->base.is_jmp = DISAS_EXIT_UPDATE;
>  #endif /* !defined(CONFIG_USER_ONLY) */
>  }
>  #endif /* defined(TARGET_PPC64) */
> @@ -5355,7 +5348,7 @@ static void gen_mtmsr(DisasContext *ctx)
>  tcg_temp_free(msr);
>  }
>  /* Must stop the translation as machine state (may have) changed */
> -gen_stop_exception(ctx);
> +ctx->base.is_jmp = DISAS_EXIT_UPDATE;
>  #endif
>  }
>  
> @@ -7492,7 +7485,7 @@ static void gen_wrtee(DisasContext *ctx)
>   * Stop translation to have a chance to raise an exception if we
>   * just set msr_ee to 1
>   */
> -gen_stop_exception(ctx);
> +ctx->base.is_jmp = DISAS_EXIT_UPDATE;
>  #endif /* defined(CONFIG_USER_ONLY) */
>  }
>  
> @@ -7506,7 +7499,7 @@ static void gen_wrteei(DisasContext *ctx)
>  if (ctx->opcode & 0x8000) {
>  tcg_gen_ori_tl(cpu_msr, cpu_msr, (1 << MSR_EE));
>  /* Stop translation to have a chance to raise an exception */
> -gen_stop_exception(ctx);
> +ctx->base.is_jmp = DISAS_EXIT_UPDATE;
>  } else {
>  tcg_gen_andi_tl(cpu_msr, cpu_msr, ~(1 << MSR_EE));
>  }
> @@ -9128,9 +9121,6 @@ static void ppc

RE: [PATCH v6 00/10] Fixed some bugs and optimized some codes for COLO

2021-05-17 Thread Zhang, Chen



> -Original Message-
> From: Lukas Straub 
> Sent: Tuesday, May 18, 2021 3:47 AM
> To: Rao, Lei 
> Cc: Zhang, Chen ; lizhij...@cn.fujitsu.com;
> jasow...@redhat.com; quint...@redhat.com; dgilb...@redhat.com;
> pbonz...@redhat.com; qemu-devel@nongnu.org
> Subject: Re: [PATCH v6 00/10] Fixed some bugs and optimized some codes
> for COLO
> 
> On Thu,  8 Apr 2021 23:20:46 -0400
> leirao  wrote:
> 
> > From: Rao, Lei 
> >
> > Changes since v5:
> > --Replaced g_slice_new calls with g_slice_new0.
> >
> > Changes since v4:
> > --Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD in
> colo_bitmap_clear_dirty.
> > --Modify some minor issues about variable definition.
> > --Add some performance test data in the commit message.
> >
> > Changes since v3:
> > --Remove cpu_throttle_stop from mig_throttle_counter_reset.
> >
> > Changes since v2:
> > --Add a function named packet_new_nocopy.
> > --Continue to optimize the function of colo_flush_ram_cache.
> >
> > Changes since v1:
> > --Reset the state of the auto-converge counters at every checkpoint
> instead of directly disabling.
> > --Treat the filter_send function returning zero as a normal case.
> >
> > The series of patches include:
> > Fixed some bugs of qemu crash.
> > Optimized some code to reduce the time of checkpoint.
> > Remove some unnecessary code to improve COLO.
> >
> > Rao, Lei (10):
> >   Remove some duplicate trace code.
> >   Fix the qemu crash when guest shutdown during checkpoint
> >   Optimize the function of filter_send
> >   Remove migrate_set_block_enabled in checkpoint
> >   Add a function named packet_new_nocopy for COLO.
> >   Add the function of colo_compare_cleanup
> >   Reset the auto-converge counter at every checkpoint.
> >   Reduce the PVM stop time during Checkpoint
> >   Add the function of colo_bitmap_clear_dirty
> >   Fixed calculation error of pkt->header_size in fill_pkt_tcp_info()
> >
> >  migration/colo.c  | 10 +++
> >  migration/migration.c |  4 +++
> >  migration/ram.c   | 83
> +--
> >  migration/ram.h   |  1 +
> >  net/colo-compare.c| 25 +++-
> >  net/colo-compare.h|  1 +
> >  net/colo.c| 25 +++-
> >  net/colo.h|  1 +
> >  net/filter-mirror.c   |  8 ++---
> >  net/filter-rewriter.c |  3 +-
> >  net/net.c |  4 +++
> >  softmmu/runstate.c|  1 +
> >  12 files changed, 129 insertions(+), 37 deletions(-)
> >
> 
> I guess Zhang Chen can already take the network-related patches through his
> tree.

Sure, I will queue the patch 1-6 and 10.
Hi Dave, can you take the patch 7-9? Or do you think it's more convenient to 
take all series?

Thanks
Chen 

> 
> Regards,
> Lukas Straub
> 
> --




[Bug 1824616] Re: Build succeeds despite flex/bison missing

2021-05-17 Thread MarcH
The warning was supposedly removed by
https://github.com/qemu/qemu/commit/67953a379ea5 /
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03980.html

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1824616

Title:
  Build succeeds despite flex/bison missing

Status in QEMU:
  Incomplete

Bug description:
  I just built qemu using a fresh install, and "make" would report
  success despite messages of "flex: command not found" and "bison:
  command not found".

  I didn't notice any errors, but I don't know whether that's because
  there's a workaround in case the tools aren't there, or because I
  didn't exercize the code paths that would fail.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1824616/+subscriptions



Re: [PATCH] hw/display/qxl: Set pci rom address aligned with page size

2021-05-17 Thread maobibo
Sorry I do not state the background clearly.

Page size is 16K on my MIPS machine, and it supports running
guest OS in kvm mode and qxl vga card can used for VM. Qxl pci
rom size is 8K, smaller than 16K page size on host system, it
fails to be added into  memslot in kvm mode since size of
the pci memory space is not page aligned. Here is code in linux,
it requires memory_size and guest_phys_addr is page size aligned.

int __kvm_set_memory_region(struct kvm *kvm,
const struct kvm_userspace_memory_region *mem)
{
struct kvm_memory_slot old, new;
struct kvm_memory_slot *tmp;
enum kvm_mr_change change;
int as_id, id;
int r;

r = check_memory_region_flags(mem);
if (r)
return r;

as_id = mem->slot >> 16;
id = (u16)mem->slot;

/* General sanity checks */
if (mem->memory_size & (PAGE_SIZE - 1))
return -EINVAL;
if (mem->guest_phys_addr & (PAGE_SIZE - 1))
return -EINVAL;


regards
bibo, mao

在 2021年05月17日 15:19, Gerd Hoffmann 写道:
> On Sat, May 15, 2021 at 04:06:23PM +0800, Bibo Mao wrote:
>> From: maobibo 
>>
>> pci memory bar size should be aligned with page size, else it will
>> not be effective memslot when running in kvm mode.
>>
>> This patch set qxl pci rom size aligned with page size of host
>> machine.
> 
> What is the exact problem you are trying to fix here?
> 
> take care,
>   Gerd
> 




Re: [PATCH v2 0/4] virtio: Improve boot time of virtio-scsi-pci and virtio-blk-pci

2021-05-17 Thread Michael S. Tsirkin
On Mon, May 17, 2021 at 10:32:59AM +0200, Greg Kurz wrote:
> On Wed, 12 May 2021 17:05:53 +0100
> Stefan Hajnoczi  wrote:
> 
> > On Fri, May 07, 2021 at 06:59:01PM +0200, Greg Kurz wrote:
> > > Now that virtio-scsi-pci and virtio-blk-pci map 1 virtqueue per vCPU,
> > > a serious slow down may be observed on setups with a big enough number
> > > of vCPUs.
> > > 
> > > Exemple with a pseries guest on a bi-POWER9 socket system (128 HW 
> > > threads):
> > > 
> > >   virtio-scsi  virtio-blk
> > > 
> > > 1 0m20.922s   0m21.346s
> > > 2 0m21.230s   0m20.350s
> > > 4 0m21.761s   0m20.997s
> > > 8 0m22.770s   0m20.051s
> > > 160m22.038s   0m19.994s
> > > 320m22.928s   0m20.803s
> > > 640m26.583s   0m22.953s
> > > 128   0m41.273s   0m32.333s
> > > 256   2m4.727s1m16.924s
> > > 384   6m5.563s3m26.186s
> > > 
> > > Both perf and gprof indicate that QEMU is hogging CPUs when setting up
> > > the ioeventfds:
> > > 
> > >  67.88%  swapper [kernel.kallsyms]  [k] power_pmu_enable
> > >   9.47%  qemu-kvm[kernel.kallsyms]  [k] smp_call_function_single
> > >   8.64%  qemu-kvm[kernel.kallsyms]  [k] power_pmu_enable
> > > =>2.79%  qemu-kvmqemu-kvm   [.] 
> > > memory_region_ioeventfd_before
> > > =>2.12%  qemu-kvmqemu-kvm   [.] 
> > > address_space_update_ioeventfds
> > >   0.56%  kworker/8:0-mm  [kernel.kallsyms]  [k] smp_call_function_single
> > > 
> > > address_space_update_ioeventfds() is called when committing an MR
> > > transaction, i.e. for each ioeventfd with the current code base,
> > > and it internally loops on all ioventfds:
> > > 
> > > static void address_space_update_ioeventfds(AddressSpace *as)
> > > {
> > > [...]
> > > FOR_EACH_FLAT_RANGE(fr, view) {
> > > for (i = 0; i < fr->mr->ioeventfd_nb; ++i) {
> > > 
> > > This means that the setup of ioeventfds for these devices has
> > > quadratic time complexity.
> > > 
> > > This series simply changes the device models to extend the transaction
> > > to all virtqueueues, like already done in the past in the generic
> > > code with 710fccf80d78 ("virtio: improve virtio devices initialization
> > > time").
> > > 
> > > Only virtio-scsi and virtio-blk are covered here, but a similar change
> > > might also be beneficial to other device types such as host-scsi-pci,
> > > vhost-user-scsi-pci and vhost-user-blk-pci.
> > > 
> > >   virtio-scsi  virtio-blk
> > > 
> > > 1 0m21.271s   0m22.076s
> > > 2 0m20.912s   0m19.716s
> > > 4 0m20.508s   0m19.310s
> > > 8 0m21.374s   0m20.273s
> > > 160m21.559s   0m21.374s
> > > 320m22.532s   0m21.271s
> > > 640m26.550s   0m22.007s
> > > 128   0m29.115s   0m27.446s
> > > 256   0m44.752s   0m41.004s
> > > 384   1m2.884s0m58.023s
> > > 
> > > This should fix https://bugzilla.redhat.com/show_bug.cgi?id=1927108
> > > which reported the issue for virtio-scsi-pci.
> > > 
> > > Changes since v1:
> > > - Add some comments (Stefan)
> > > - Drop optimization on the error path in patch 2 (Stefan)
> > > 
> > > Changes since RFC:
> > > 
> > > As suggested by Stefan, splimplify the code by directly beginning and
> > > committing the memory transaction from the device model, without all
> > > the virtio specific proxying code and no changes needed in the memory
> > > subsystem.
> > > 
> > > Greg Kurz (4):
> > >   virtio-blk: Fix rollback path in virtio_blk_data_plane_start()
> > >   virtio-blk: Configure all host notifiers in a single MR transaction
> > >   virtio-scsi: Set host notifiers and callbacks separately
> > >   virtio-scsi: Configure all host notifiers in a single MR transaction
> > > 
> > >  hw/block/dataplane/virtio-blk.c | 45 -
> > >  hw/scsi/virtio-scsi-dataplane.c | 72 -
> > >  2 files changed, 97 insertions(+), 20 deletions(-)
> > > 
> > > -- 
> > > 2.26.3
> > > 
> > 
> > Thanks, applied to my block tree:
> > https://gitlab.com/stefanha/qemu/commits/block
> > 
> 
> Hi Stefan,
> 
> It seems that Michael already merged the previous version of this
> patch set with its latest PR.
> 
> https://gitlab.com/qemu-project/qemu/-/commit/6005ee07c380cbde44292f5f6c96e7daa70f4f7d
> 
> It is thus missing the v1->v2 changes. Basically some comments to
> clarify the optimization we're doing with the MR transaction and
> the removal of the optimization on an error path.
> 
> The optimization on the error path isn't needed indeed but it
> doesn't hurt. No need to change that now that the patches are
> upstream.
> 
> I can post a follow-up patch to add the missing comments though.
> While here, I'd even add these comments in the generic
> virtio_device_*_ioeventfd_impl() calls as well, 

Re: [PATCH v2] floppy: remove dead code related to formatting

2021-05-17 Thread John Snow

On 4/27/21 10:28 PM, Alexander Bulekov wrote:

fdctrl_format_sector was added in
baca51faff ("updated floppy driver: formatting code, disk geometry auto detect 
(Jocelyn Mayer)")

The single callsite is guarded by a check:
fdctrl->data_state & FD_STATE_FORMAT

However, the only place where the FD_STATE_FORMAT flag is set (in
fdctrl_handle_format_track) is closely followed by the same flag being
unset, with no possibility to call fdctrl_format_sector in between.

This removes fdctrl_format_sector, the unncessary setting/unsetting
of the FD_STATE_FORMAT flag, and the fdctrl_handle_format_track function
(which is just a stub).

Suggested-by: Hervé Poussineau 
Signed-off-by: Alexander Bulekov 
---



Herve, does it look good to you? I feel bad about deleting code out of a 
device that badly needs attention, but it seems like this code was 
probably not operating correctly to begin with and I don't have the time 
to figure out how to implement it correctly.



I ran through tests/qtest/fdc-test, and ran fdformat on a dummy disk -
nothing exploded, but since I don't use floppies very often, more eyes
definitely won't hurt. In particular, I'm not sure about the
fdctrl_handle_format_track delete - that function has side-effects on
both FDrive and FDCtrl, and it is certainly reachable. If deleting the
whole thing seems wrong, I'll roll-back that change, and we can just
remove the unreachable code..



Yeah, I just had some reservations about allowing a stub to persist that 
touched state and didn't actually seem to invoke the routine it was 
meant to.


It's hard to audit the impact either way, and I don't have a good test 
suite to know what the ramifications are.



  hw/block/fdc.c | 97 --
  1 file changed, 97 deletions(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index a825c2acba..d851d23cc0 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -657,7 +657,6 @@ enum {
  
  enum {

  FD_STATE_MULTI  = 0x01,   /* multi track flag */
-FD_STATE_FORMAT = 0x02,/* format flag */
  };
  
  enum {

@@ -826,7 +825,6 @@ enum {
  };
  
  #define FD_MULTI_TRACK(state) ((state) & FD_STATE_MULTI)

-#define FD_FORMAT_CMD(state) ((state) & FD_STATE_FORMAT)
  
  struct FDCtrl {

  MemoryRegion iomem;
@@ -1942,67 +1940,6 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
  return retval;
  }
  
-static void fdctrl_format_sector(FDCtrl *fdctrl)

-{
-FDrive *cur_drv;
-uint8_t kh, kt, ks;
-
-SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
-cur_drv = get_cur_drv(fdctrl);
-kt = fdctrl->fifo[6];
-kh = fdctrl->fifo[7];
-ks = fdctrl->fifo[8];
-FLOPPY_DPRINTF("format sector at %d %d %02x %02x (%d)\n",
-   GET_CUR_DRV(fdctrl), kh, kt, ks,
-   fd_sector_calc(kh, kt, ks, cur_drv->last_sect,
-  NUM_SIDES(cur_drv)));
-switch (fd_seek(cur_drv, kh, kt, ks, fdctrl->config & FD_CONFIG_EIS)) {
-case 2:
-/* sect too big */
-fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
-fdctrl->fifo[3] = kt;
-fdctrl->fifo[4] = kh;
-fdctrl->fifo[5] = ks;
-return;
-case 3:
-/* track too big */
-fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_EC, 0x00);
-fdctrl->fifo[3] = kt;
-fdctrl->fifo[4] = kh;
-fdctrl->fifo[5] = ks;
-return;
-case 4:
-/* No seek enabled */
-fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, 0x00, 0x00);
-fdctrl->fifo[3] = kt;
-fdctrl->fifo[4] = kh;
-fdctrl->fifo[5] = ks;
-return;
-case 1:
-fdctrl->status0 |= FD_SR0_SEEK;
-break;
-default:
-break;
-}
-memset(fdctrl->fifo, 0, FD_SECTOR_LEN);
-if (cur_drv->blk == NULL ||
-blk_pwrite(cur_drv->blk, fd_offset(cur_drv), fdctrl->fifo,
-   BDRV_SECTOR_SIZE, 0) < 0) {
-FLOPPY_DPRINTF("error formatting sector %d\n", fd_sector(cur_drv));
-fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK, 0x00, 0x00);
-} else {
-if (cur_drv->sect == cur_drv->last_sect) {
-fdctrl->data_state &= ~FD_STATE_FORMAT;
-/* Last sector done */
-fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
-} else {
-/* More to do */
-fdctrl->data_pos = 0;
-fdctrl->data_len = 4;
-}
-}
-}
-
  static void fdctrl_handle_lock(FDCtrl *fdctrl, int direction)
  {
  fdctrl->lock = (fdctrl->fifo[0] & 0x80) ? 1 : 0;
@@ -2110,34 +2047,6 @@ static void fdctrl_handle_readid(FDCtrl *fdctrl, int 
direction)
   (NANOSECONDS_PER_SECOND / 50));
  }
  
-static void fdctrl_handle_format_track(FDCtrl *fdctrl, int direction)

-{
-FDrive *cur_drv;
-
-SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
-cur_drv = get_cur_drv(fdctrl);
-fdctrl->data_state |= FD_STATE_FORMAT;
-if (fdctrl->fifo[0] & 0x80)
- 

[Bug 1912780] Re: QEMU: Null Pointer Failure in fdctrl_read() in hw/block/fdc.c

2021-05-17 Thread John Snow
Took a look at the patch today, I think it might need a change or two
but it should be quick to do. I've asked Thomas to move this issue to
gitlab so I can keep a closer eye on it.

--js

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1912780

Title:
  QEMU: Null Pointer Failure in fdctrl_read() in hw/block/fdc.c

Status in QEMU:
  In Progress

Bug description:
  [via qemu-security list]

  This is Gaoning Pan from Zhejiang University & Ant Security Light-Year Lab.
  I found a Null Pointer issue locates in fdctrl_read() in  hw/block/fdc.c.
  This flaw allows a malicious guest user or process in a denial of service 
condition.

  This issus was discovered in the latest Qemu-5.2.0. When using floppy device, 
there are several
  choices to get specific drive in get_drv(), depending on fdctrl->cur_drv. But 
not all drives are
  initialized properly, leaving fdctrl->drives[0]->blk as NULL. So when the 
drive was used in
  blk_pread(cur_drv->blk, fd_offset(cur_drv), fdctrl->fifo, BDRV_SECTOR_SIZE) 
at line 1918,
  null pointer access triggers, thus denial of service.My reproduced 
environment is as follows:

  Host: ubuntu 18.04
  Guest: ubuntu 18.04

  My boot command is as follows:

qemu-system-x86_64 -enable-kvm -boot c -m 2G -drive 
format=qcow2,file=./ubuntu.img \
 -nic user,hostfwd=tcp:0.0.0.0:-:22 -device floppy,unit=1,drive=mydrive 
\
 -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none -display none

  ASAN output is as follows:
  =
  ==14688==ERROR: AddressSanitizer: SEGV on unknown address 0x034c (pc 
0x5636eee9bbaf bp 0x7ff2a53fdea0 sp 0x7ff2a53fde90 T3)
  ==14688==The signal is caused by a WRITE memory access.
  ==14688==Hint: address points to the zero page.
  #0 0x5636eee9bbae in blk_inc_in_flight ../block/block-backend.c:1356
  #1 0x5636eee9b766 in blk_prw ../block/block-backend.c:1328
  #2 0x5636eee9cd76 in blk_pread ../block/block-backend.c:1491
  #3 0x5636ee1adf24 in fdctrl_read_data ../hw/block/fdc.c:1918
  #4 0x5636ee1a6654 in fdctrl_read ../hw/block/fdc.c:935
  #5 0x5636eebb84c8 in portio_read ../softmmu/ioport.c:179
  #6 0x5636ee9848c5 in memory_region_read_accessor ../softmmu/memory.c:442
  #7 0x5636ee9855c2 in access_with_adjusted_size ../softmmu/memory.c:552
  #8 0x5636ee98f0b7 in memory_region_dispatch_read1 ../softmmu/memory.c:1420
  #9 0x5636ee98f311 in memory_region_dispatch_read ../softmmu/memory.c:1449
  #10 0x5636ee8ff64a in flatview_read_continue ../softmmu/physmem.c:2822
  #11 0x5636ee8ff9e5 in flatview_read ../softmmu/physmem.c:2862
  #12 0x5636ee8ffb83 in address_space_read_full ../softmmu/physmem.c:2875
  #13 0x5636ee8ffdeb in address_space_rw ../softmmu/physmem.c:2903
  #14 0x5636eea6a924 in kvm_handle_io ../accel/kvm/kvm-all.c:2285
  #15 0x5636eea6c5e3 in kvm_cpu_exec ../accel/kvm/kvm-all.c:2531
  #16 0x5636eeca492b in kvm_vcpu_thread_fn ../accel/kvm/kvm-cpus.c:49
  #17 0x5636ef1bc296 in qemu_thread_start ../util/qemu-thread-posix.c:521
  #18 0x7ff337c736da in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
  #19 0x7ff33799ca3e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x121a3e)

  AddressSanitizer can not provide additional info.
  SUMMARY: AddressSanitizer: SEGV ../block/block-backend.c:1356 in 
blk_inc_in_flight
  Thread T3 created by T0 here:
  #0 0x7ff33c580d2f in __interceptor_pthread_create 
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
  #1 0x5636ef1bc673 in qemu_thread_create ../util/qemu-thread-posix.c:558
  #2 0x5636eeca4ce7 in kvm_start_vcpu_thread ../accel/kvm/kvm-cpus.c:73
  #3 0x5636ee9aa965 in qemu_init_vcpu ../softmmu/cpus.c:622
  #4 0x5636ee82a9b4 in x86_cpu_realizefn ../target/i386/cpu.c:6731
  #5 0x5636eed002f4 in device_set_realized ../hw/core/qdev.c:886
  #6 0x5636eecc59bc in property_set_bool ../qom/object.c:2251
  #7 0x5636eecc0c28 in object_property_set ../qom/object.c:1398
  #8 0x5636eecb6fb9 in object_property_set_qobject ../qom/qom-qobject.c:28
  #9 0x5636eecc1175 in object_property_set_bool ../qom/object.c:1465
  #10 0x5636eecfc286 in qdev_realize ../hw/core/qdev.c:399
  #11 0x5636ee739b34 in x86_cpu_new ../hw/i386/x86.c:111
  #12 0x5636ee739d6d in x86_cpus_init ../hw/i386/x86.c:138
  #13 0x5636ee6f843e in pc_init1 ../hw/i386/pc_piix.c:159
  #14 0x5636ee6fab1e in pc_init_v5_2 ../hw/i386/pc_piix.c:438
  #15 0x5636ee1cb4a7 in machine_run_board_init ../hw/core/machine.c:1134
  #16 0x5636ee9c323d in qemu_init ../softmmu/vl.c:4369
  #17 0x5636edd92c71 in main ../softmmu/main.c:49
  #18 0x7ff33789cb96 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

  ==14688==ABORTING

  Reproducer is attached.

  Best regards.
  Gaoning Pan of Zhejiang University & Ant Security Li

Re: [PATCH] fdc: check drive block device before usage (CVE-2021-20196)

2021-05-17 Thread John Snow

On 1/23/21 5:03 AM, P J P wrote:

From: Prasad J Pandit 

While processing ioport command in 'fdctrl_write_dor', device
controller may select a drive which is not initialised with a
block device. This may result in a NULL pointer dereference.
Add checks to avoid it.

Fixes: CVE-2021-20196
Reported-by: Gaoning Pan 
Buglink: https://bugs.launchpad.net/qemu/+bug/1912780
Signed-off-by: Prasad J Pandit 
---
  hw/block/fdc.c | 11 +--
  1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 3636874432..13a9470d19 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -1429,7 +1429,9 @@ static void fdctrl_write_dor(FDCtrl *fdctrl, uint32_t 
value)
  }
  }
  /* Selected drive */
-fdctrl->cur_drv = value & FD_DOR_SELMASK;
+if (fdctrl->drives[value & FD_DOR_SELMASK].blk) {
+fdctrl->cur_drv = value & FD_DOR_SELMASK;
+}


I don't think this is correct. If you look at get_cur_drv(), it uses the 
TDR_BOOTSEL bit to change the logical mappings of "drive 0" or "drive 1" 
to be reversed. You don't check that bit here, so you might be checking 
the wrong drive.


Plus, the TDR bit can change later, so I think you shouldn't actually 
protect the register write like this. Just delete this bit of code. We 
ought to protect the drives when we go to use them instead of preventing 
the registers from getting "the wrong values".


  
  fdctrl->dor = value;

  }
@@ -1894,6 +1896,10 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
  uint32_t pos;
  
  cur_drv = get_cur_drv(fdctrl);

+if (!cur_drv->blk) {
+FLOPPY_DPRINTF("No drive connected\n");
+return 0;
+}


This seems fine ... or at least not worse than the other error handling 
we already have here. (Which seems to be ... basically, none. We just 
ignore the write and do nothing, which seems wrong. I guess it's better 
than a crash... but I don't have the time to do a proper audit of what 
this is SUPPOSED to do in this case.)



  fdctrl->dsr &= ~FD_DSR_PWRDOWN;
  if (!(fdctrl->msr & FD_MSR_RQM) || !(fdctrl->msr & FD_MSR_DIO)) {
  FLOPPY_DPRINTF("error: controller not ready for reading\n");
@@ -2420,7 +2426,8 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t 
value)
  if (pos == FD_SECTOR_LEN - 1 ||
  fdctrl->data_pos == fdctrl->data_len) {
  cur_drv = get_cur_drv(fdctrl);
-if (blk_pwrite(cur_drv->blk, fd_offset(cur_drv), fdctrl->fifo,
+if (cur_drv->blk == NULL
+|| blk_pwrite(cur_drv->blk, fd_offset(cur_drv), fdctrl->fifo,


Seems fine, but if we had a drive for the earlier check, will we really 
be in a situation where we don't have one now?



 BDRV_SECTOR_SIZE, 0) < 0) {
  FLOPPY_DPRINTF("error writing sector %d\n",
 fd_sector(cur_drv));



Ignore the bit I sent earlier about the qtest reproducer not correlating 
to this patch -- it does, I was experiencing an unrelated crash.


--js




Re: [PATCH] target/riscv: Remove obsolete 'CPU unmigratable' comment

2021-05-17 Thread Alistair Francis
On Mon, May 17, 2021 at 5:09 PM Philippe Mathieu-Daudé  wrote:
>
> The RISCV CPU is migratable since commit f7697f0e629
> ("target/riscv: Add basic vmstate description of CPU"),
> so remove an obsolete comment which is now incorrect.
>
> Reported-by: Richard Henderson 
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/cpu.c | 1 -
>  1 file changed, 1 deletion(-)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index 3191fd00822..d459e8427e2 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -638,7 +638,6 @@ static void riscv_cpu_class_init(ObjectClass *c, void 
> *data)
>  cc->disas_set_info = riscv_cpu_disas_set_info;
>  #ifndef CONFIG_USER_ONLY
>  cc->get_phys_page_debug = riscv_cpu_get_phys_page_debug;
> -/* For now, mark unmigratable: */
>  cc->vmsd = &vmstate_riscv_cpu;
>  cc->write_elf64_note = riscv_cpu_write_elf64_note;
>  cc->write_elf32_note = riscv_cpu_write_elf32_note;
> --
> 2.26.3
>
>



[PATCH] Fix `lxvdsx` (issue #212)

2021-05-17 Thread Paul A. Clarke
`lxvdsx` is byte-swapping the data it loads, which it should not
do.  Fix it.

Fixes #212.

Fixes: bcb0b7b1a1c05707304f80ca6f523d557816f85c
Signed-off-by:  Paul A. Clarke mem_idx, MO_TEQ);
+tcg_gen_qemu_ld_i64(data, EA, ctx->mem_idx, MO_LEQ);
 tcg_gen_gvec_dup_i64(MO_Q, vsr_full_offset(xT(ctx->opcode)), 16, 16, data);
 
 tcg_temp_free(EA);
-- 
2.27.0




Re: [PATCH v2] fdc: fix floppy boot for Red Hat Linux 5.2

2021-05-17 Thread John Snow

On 4/27/21 2:10 PM, John Snow wrote:

The image size indicates it's an 81 track floppy disk image, which we
don't have a listing for in the geometry table. When you force the drive
type to 1.44MB, it guesses the reasonably close 18/80. When the drive
type is allowed to auto-detect or set to 2.88, it guesses a very
incorrect geometry.

auto, 144 and 288 drive types get the right geometry with the new entry
in the table.

Reported-by: Michael Tokarev 
Signed-off-by: John Snow 
Reviewed-by: Thomas Huth 

---

V2: I didn't actually stage this, so this is just a re-send to get a
fresh Message-ID to reference in the PR. Added Thomas's R-B.

  hw/block/fdc.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index a825c2acbae..0f0c716d878 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -122,6 +122,7 @@ static const FDFormat fd_formats[] = {
  /* First entry is default format */
  /* 1.44 MB 3"1/2 floppy disks */
  { FLOPPY_DRIVE_TYPE_144, 18, 80, 1, FDRIVE_RATE_500K, }, /* 3.5" 2880 */
+{ FLOPPY_DRIVE_TYPE_144, 18, 81, 1, FDRIVE_RATE_500K, },
  { FLOPPY_DRIVE_TYPE_144, 20, 80, 1, FDRIVE_RATE_500K, }, /* 3.5" 3200 */
  { FLOPPY_DRIVE_TYPE_144, 21, 80, 1, FDRIVE_RATE_500K, },
  { FLOPPY_DRIVE_TYPE_144, 21, 82, 1, FDRIVE_RATE_500K, },



Staged on my floppy branch.

--js




[PATCH v5 23/23] target/ppc: Move cmp/cmpi/cmpl/cmpli to decodetree

2021-05-17 Thread matheus . ferst
From: Matheus Ferst 

Signed-off-by: Matheus Ferst 
---
 target/ppc/insn32.decode   | 14 ++
 target/ppc/translate.c | 52 --
 target/ppc/translate/fixedpoint-impl.c.inc | 31 +
 3 files changed, 45 insertions(+), 52 deletions(-)

diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 93e5d44d9e..9fd8d6b817 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -20,6 +20,10 @@
 &D  rt ra si:int64_t
 @D  .. rt:5 ra:5 si:s16 &D
 
+&D_bf   bf l:bool ra imm
+@D_bfs  .. bf:3 - l:1 ra:5 imm:s16  &D_bf
+@D_bfu  .. bf:3 - l:1 ra:5 imm:16   &D_bf
+
 %ds_si  2:s14  !function=times_4
 @DS .. rt:5 ra:5 .. ..  &D si=%ds_si
 
@@ -36,6 +40,9 @@
 &X_bi   rt bi
 @X_bi   .. rt:5 bi:5 - .. - &X_bi
 
+&X_bfl  bf l:bool ra rb
+@X_bfl  .. bf:3 - l:1 ra:5 rb:5 ..- &X_bfl
+
 ### Fixed-Point Load Instructions
 
 LBZ 100010 . .  @D
@@ -89,6 +96,13 @@ STDU10 . . ..01 @DS
 STDX01 . . . 0010010101 -   @X
 STDUX   01 . . . 0010110101 -   @X
 
+### Fixed-Point Compare Instructions
+
+CMP 01 ... - . . . 00 - @X_bfl
+CMPL01 ... - . . . 10 - @X_bfl
+CMPI001011 ... - . .    @D_bfs
+CMPLI   001010 ... - . .    @D_bfu
+
 ### Fixed-Point Arithmetic Instructions
 
 ADDI001110 . .  @D
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index aef01af396..3fe58d0386 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -1575,54 +1575,6 @@ static inline void gen_set_Rc0(DisasContext *ctx, TCGv 
reg)
 }
 }
 
-/* cmp */
-static void gen_cmp(DisasContext *ctx)
-{
-if ((ctx->opcode & 0x0020) && (ctx->insns_flags & PPC_64B)) {
-gen_op_cmp(cpu_gpr[rA(ctx->opcode)], cpu_gpr[rB(ctx->opcode)],
-   1, crfD(ctx->opcode));
-} else {
-gen_op_cmp32(cpu_gpr[rA(ctx->opcode)], cpu_gpr[rB(ctx->opcode)],
- 1, crfD(ctx->opcode));
-}
-}
-
-/* cmpi */
-static void gen_cmpi(DisasContext *ctx)
-{
-if ((ctx->opcode & 0x0020) && (ctx->insns_flags & PPC_64B)) {
-gen_op_cmpi(cpu_gpr[rA(ctx->opcode)], SIMM(ctx->opcode),
-1, crfD(ctx->opcode));
-} else {
-gen_op_cmpi32(cpu_gpr[rA(ctx->opcode)], SIMM(ctx->opcode),
-  1, crfD(ctx->opcode));
-}
-}
-
-/* cmpl */
-static void gen_cmpl(DisasContext *ctx)
-{
-if ((ctx->opcode & 0x0020) && (ctx->insns_flags & PPC_64B)) {
-gen_op_cmp(cpu_gpr[rA(ctx->opcode)], cpu_gpr[rB(ctx->opcode)],
-   0, crfD(ctx->opcode));
-} else {
-gen_op_cmp32(cpu_gpr[rA(ctx->opcode)], cpu_gpr[rB(ctx->opcode)],
- 0, crfD(ctx->opcode));
-}
-}
-
-/* cmpli */
-static void gen_cmpli(DisasContext *ctx)
-{
-if ((ctx->opcode & 0x0020) && (ctx->insns_flags & PPC_64B)) {
-gen_op_cmpi(cpu_gpr[rA(ctx->opcode)], UIMM(ctx->opcode),
-0, crfD(ctx->opcode));
-} else {
-gen_op_cmpi32(cpu_gpr[rA(ctx->opcode)], UIMM(ctx->opcode),
-  0, crfD(ctx->opcode));
-}
-}
-
 /* cmprb - range comparison: isupper, isaplha, islower*/
 static void gen_cmprb(DisasContext *ctx)
 {
@@ -7725,10 +7677,6 @@ GEN_HANDLER_E(brw, 0x1F, 0x1B, 0x04, 0xF801, 
PPC_NONE, PPC2_ISA310),
 GEN_HANDLER_E(brh, 0x1F, 0x1B, 0x06, 0xF801, PPC_NONE, PPC2_ISA310),
 #endif
 GEN_HANDLER(invalid, 0x00, 0x00, 0x00, 0x, PPC_NONE),
-GEN_HANDLER(cmp, 0x1F, 0x00, 0x00, 0x0040, PPC_INTEGER),
-GEN_HANDLER(cmpi, 0x0B, 0xFF, 0xFF, 0x0040, PPC_INTEGER),
-GEN_HANDLER(cmpl, 0x1F, 0x00, 0x01, 0x0041, PPC_INTEGER),
-GEN_HANDLER(cmpli, 0x0A, 0xFF, 0xFF, 0x0040, PPC_INTEGER),
 #if defined(TARGET_PPC64)
 GEN_HANDLER_E(cmpeqb, 0x1F, 0x00, 0x07, 0x0060, PPC_NONE, PPC2_ISA300),
 #endif
diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
b/target/ppc/translate/fixedpoint-impl.c.inc
index 4f257a931c..49c899 100644
--- a/target/ppc/translate/fixedpoint-impl.c.inc
+++ b/target/ppc/translate/fixedpoint-impl.c.inc
@@ -165,6 +165,37 @@ TRANS64(STDU, do_ldst_D, true, true, MO_Q)
 TRANS64(STDUX, do_ldst_X, true, true, MO_Q)
 TRANS64(PSTD, do_ldst_PLS_D, false, true, MO_Q)
 
+/*
+ * Fixed-Point Compare Instructions
+ */
+
+static bool do_cmp_X(DisasContext *ctx, arg_X_bfl *a, bool s)
+{
+REQUIRE_INSNS_FLAGS(ctx, INTEGER);
+if(a->l && (ctx->insns_flags & PPC_64B)) {
+gen_op_cmp(cpu_gpr[a->ra], cpu_gpr[a->rb], s, a->bf);
+} else {
+gen_op_cmp32(cpu_gpr[a->ra], cpu_gpr[a->rb], s, a->bf);
+}
+r

[PATCH v5 21/23] target/ppc: Implement vcfuged instruction

2021-05-17 Thread matheus . ferst
From: Matheus Ferst 

Signed-off-by: Matheus Ferst 
---
v5:
- New REQUIRE_ALTIVEC macro;
- REQUIRE_INSNS_FLAGS2.
---
 target/ppc/insn32.decode   |  7 
 target/ppc/translate.c |  1 +
 target/ppc/translate/vector-impl.c.inc | 56 ++
 3 files changed, 64 insertions(+)
 create mode 100644 target/ppc/translate/vector-impl.c.inc

diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index d4044d9069..77edf407ab 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -23,6 +23,9 @@
 %ds_si  2:s14  !function=times_4
 @DS .. rt:5 ra:5 .. ..  &D si=%ds_si
 
+&VX vrt vra vrb
+@VX .. vrt:5 vra:5 vrb:5 .. .   &VX
+
 &X  rt ra rb
 @X  .. rt:5 ra:5 rb:5 .. .  &X
 
@@ -97,3 +100,7 @@ SETBC   01 . . - 011000 -   @X_bi
 SETBCR  01 . . - 011010 -   @X_bi
 SETNBC  01 . . - 011100 -   @X_bi
 SETNBCR 01 . . - 00 -   @X_bi
+
+## Vector Bit Manipulation Instruction
+
+VCFUGED 000100 . . . 10101001101@VX
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index bf624edba6..f56ed5866e 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7624,6 +7624,7 @@ static int times_4(DisasContext *ctx, int x)
 #include "translate/vmx-impl.c.inc"
 
 #include "translate/vsx-impl.c.inc"
+#include "translate/vector-impl.c.inc"
 
 #include "translate/dfp-impl.c.inc"
 
diff --git a/target/ppc/translate/vector-impl.c.inc 
b/target/ppc/translate/vector-impl.c.inc
new file mode 100644
index 00..4f986cf53f
--- /dev/null
+++ b/target/ppc/translate/vector-impl.c.inc
@@ -0,0 +1,56 @@
+/*
+ * Power ISA decode for Vector Facility instructions
+ *
+ * Copyright (c) 2021 Instituto de Pesquisas Eldorado (eldorado.org.br)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#define REQUIRE_ALTIVEC(CTX) \
+do {\
+if (unlikely(!(CTX)->altivec_enabled)) {\
+gen_exception((CTX), POWERPC_EXCP_VPU); \
+return true;\
+}   \
+} while (0)
+
+static bool trans_VCFUGED(DisasContext *ctx, arg_VX *a)
+{
+TCGv_i64 tgt, src, mask;
+
+REQUIRE_INSNS_FLAGS2(ctx, ISA310);
+REQUIRE_ALTIVEC(ctx);
+
+tgt = tcg_temp_new_i64();
+src = tcg_temp_new_i64();
+mask = tcg_temp_new_i64();
+
+// centrifuge lower double word
+get_cpu_vsrl(src, a->vra + 32);
+get_cpu_vsrl(mask, a->vrb + 32);
+gen_helper_cfuged(tgt, src, mask);
+set_cpu_vsrl(a->vrt + 32, tgt);
+
+// centrifuge higher double word
+get_cpu_vsrh(src, a->vra + 32);
+get_cpu_vsrh(mask, a->vrb + 32);
+gen_helper_cfuged(tgt, src, mask);
+set_cpu_vsrh(a->vrt + 32, tgt);
+
+tcg_temp_free_i64(tgt);
+tcg_temp_free_i64(src);
+tcg_temp_free_i64(mask);
+
+return true;
+}
-- 
2.25.1




Re: [PATCH v4 0/9] hw/block/fdc: Allow Kconfig-selecting ISA bus/SysBus floppy controllers

2021-05-17 Thread John Snow

On 5/17/21 4:50 PM, Philippe Mathieu-Daudé wrote:

On 5/17/21 9:19 PM, John Snow wrote:

On 5/17/21 2:39 PM, Philippe Mathieu-Daudé wrote:

Missing review: #1

Hi,

The floppy disc controllers pulls in irrelevant devices (sysbus in
an ISA-only machine, ISA bus + isa devices on a sysbus-only machine).

This series clean that by extracting each device in its own file,
adding the corresponding Kconfig symbols: FDC_ISA and FDC_SYSBUS.

Since v3:
- Fix ISA_SUPERIO -> FDC Kconfig dependency (jsnow)

Since v2:
- rebased

Since v1:
- added missing "hw/block/block.h" header (jsnow)
- inlined hardware specific calls (Mark)
- added R-b/A-b tags

Regards,

Phil.

Philippe Mathieu-Daudé (9):
    hw/isa/Kconfig: Fix missing dependency ISA_SUPERIO -> FDC
    hw/block/fdc: Replace disabled fprintf() by trace event
    hw/block/fdc: Declare shared prototypes in fdc-internal.h
    hw/block/fdc: Extract ISA floppy controllers to fdc-isa.c
    hw/block/fdc: Extract SysBus floppy controllers to fdc-sysbus.c
    hw/block/fdc: Add sysbus_fdc_init_drives() method
    hw/sparc/sun4m: Inline sun4m_fdctrl_init()
    hw/block/fdc-sysbus: Add 'dma-channel' property
    hw/mips/jazz: Inline fdctrl_init_sysbus()

   hw/block/fdc-internal.h | 156 +++
   include/hw/block/fdc.h  |   7 +-
   hw/block/fdc-isa.c  | 313 +
   hw/block/fdc-sysbus.c   | 224 +++
   hw/block/fdc.c  | 608 +---
   hw/mips/jazz.c  |  16 ++
   hw/sparc/sun4m.c    |  16 ++
   MAINTAINERS |   3 +
   hw/block/Kconfig    |   8 +
   hw/block/meson.build    |   2 +
   hw/block/trace-events   |   3 +
   hw/i386/Kconfig |   2 +-
   hw/isa/Kconfig  |   7 +-
   hw/mips/Kconfig |   2 +-
   hw/sparc/Kconfig    |   2 +-
   hw/sparc64/Kconfig  |   2 +-
   16 files changed, 759 insertions(+), 612 deletions(-)
   create mode 100644 hw/block/fdc-internal.h
   create mode 100644 hw/block/fdc-isa.c
   create mode 100644 hw/block/fdc-sysbus.c



Hi, tentatively staged:

https://gitlab.com/jsnow/qemu/-/commits/floppy/

pending CI:

https://gitlab.com/jsnow/qemu/-/pipelines/304308461


Not good enough:

qemu-system-sparc: ../hw/block/fdc.c:2356: fdctrl_realize_common:
Assertion `fdctrl->dma' failed.

Forget about it for your next pull request.



Yup, I see. Dropping it from the queue for now. Thanks!

--js




[PATCH v5 22/23] target/ppc: Move addpcis to decodetree

2021-05-17 Thread matheus . ferst
From: Matheus Ferst 

Reviewed-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/insn32.decode   | 6 ++
 target/ppc/translate.c | 9 -
 target/ppc/translate/fixedpoint-impl.c.inc | 7 +++
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 77edf407ab..93e5d44d9e 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -23,6 +23,10 @@
 %ds_si  2:s14  !function=times_4
 @DS .. rt:5 ra:5 .. ..  &D si=%ds_si
 
+&DX rt d
+%dx_d   6:s10 16:5 0:1
+@DX .. rt:5  . .. . .   &DX d=%dx_d
+
 &VX vrt vra vrb
 @VX .. vrt:5 vra:5 vrb:5 .. .   &VX
 
@@ -90,6 +94,8 @@ STDUX   01 . . . 0010110101 -   @X
 ADDI001110 . .  @D
 ADDIS   00 . .  @D
 
+ADDPCIS 010011 . . .. 00010 .   @DX
+
 ## Fixed-Point Logical Instructions
 
 CFUGED  01 . . . 0011011100 -   @X
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index f56ed5866e..aef01af396 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -1865,14 +1865,6 @@ static void gen_addic_(DisasContext *ctx)
 gen_op_addic(ctx, 1);
 }
 
-/* addpcis */
-static void gen_addpcis(DisasContext *ctx)
-{
-target_long d = DX(ctx->opcode);
-
-tcg_gen_movi_tl(cpu_gpr[rD(ctx->opcode)], ctx->base.pc_next + (d << 16));
-}
-
 static inline void gen_op_arith_divw(DisasContext *ctx, TCGv ret, TCGv arg1,
  TCGv arg2, int sign, int compute_ov)
 {
@@ -7745,7 +7737,6 @@ GEN_HANDLER_E(cmprb, 0x1F, 0x00, 0x06, 0x0041, 
PPC_NONE, PPC2_ISA300),
 GEN_HANDLER(isel, 0x1F, 0x0F, 0xFF, 0x0001, PPC_ISEL),
 GEN_HANDLER(addic, 0x0C, 0xFF, 0xFF, 0x, PPC_INTEGER),
 GEN_HANDLER2(addic_, "addic.", 0x0D, 0xFF, 0xFF, 0x, PPC_INTEGER),
-GEN_HANDLER_E(addpcis, 0x13, 0x2, 0xFF, 0x, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER(mulhw, 0x1F, 0x0B, 0x02, 0x0400, PPC_INTEGER),
 GEN_HANDLER(mulhwu, 0x1F, 0x0B, 0x00, 0x0400, PPC_INTEGER),
 GEN_HANDLER(mullw, 0x1F, 0x0B, 0x07, 0x, PPC_INTEGER),
diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
b/target/ppc/translate/fixedpoint-impl.c.inc
index 4038143efb..4f257a931c 100644
--- a/target/ppc/translate/fixedpoint-impl.c.inc
+++ b/target/ppc/translate/fixedpoint-impl.c.inc
@@ -194,6 +194,13 @@ static bool trans_ADDIS(DisasContext *ctx, arg_D *a)
 return trans_ADDI(ctx, a);
 }
 
+static bool trans_ADDPCIS(DisasContext *ctx, arg_DX *a)
+{
+REQUIRE_INSNS_FLAGS2(ctx, ISA300);
+tcg_gen_movi_tl(cpu_gpr[a->rt], ctx->base.pc_next + (a->d<<16));
+return true;
+}
+
 static bool trans_INVALID(DisasContext *ctx, arg_INVALID *a)
 {
 gen_invalid(ctx);
-- 
2.25.1




[PATCH v5 20/23] target/ppc: Implement cfuged instruction

2021-05-17 Thread matheus . ferst
From: Matheus Ferst 

Signed-off-by: Matheus Ferst 
---
v5:
- Comments to explain helper_cfuged implementation.
---
 target/ppc/helper.h|  1 +
 target/ppc/insn32.decode   |  4 ++
 target/ppc/int_helper.c| 62 ++
 target/ppc/translate/fixedpoint-impl.c.inc | 12 +
 4 files changed, 79 insertions(+)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index ea9f2a236c..c517b9f025 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -46,6 +46,7 @@ DEF_HELPER_4(divwe, tl, env, tl, tl, i32)
 DEF_HELPER_FLAGS_1(popcntb, TCG_CALL_NO_RWG_SE, tl, tl)
 DEF_HELPER_FLAGS_2(cmpb, TCG_CALL_NO_RWG_SE, tl, tl, tl)
 DEF_HELPER_3(sraw, tl, env, tl, tl)
+DEF_HELPER_FLAGS_2(cfuged, TCG_CALL_NO_RWG_SE, i64, i64, i64)
 #if defined(TARGET_PPC64)
 DEF_HELPER_FLAGS_2(cmpeqb, TCG_CALL_NO_RWG_SE, i32, tl, tl)
 DEF_HELPER_FLAGS_1(popcntw, TCG_CALL_NO_RWG_SE, tl, tl)
diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index bc69c70493..d4044d9069 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -87,6 +87,10 @@ STDUX   01 . . . 0010110101 -   @X
 ADDI001110 . .  @D
 ADDIS   00 . .  @D
 
+## Fixed-Point Logical Instructions
+
+CFUGED  01 . . . 0011011100 -   @X
+
 ### Move To/From System Register Instructions
 
 SETBC   01 . . - 011000 -   @X_bi
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 41f8477d4b..efa833ef64 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -320,6 +320,68 @@ target_ulong helper_popcntb(target_ulong val)
 }
 #endif
 
+uint64_t helper_cfuged(uint64_t src, uint64_t mask)
+{
+/*
+ * Instead of processing the mask bit-by-bit from the most significant to
+ * the least significant bit, as described in PowerISA, we'll handle it in
+ * blocks of 'n' zeros/ones from LSB to MSB. To avoid the decision to use
+ * ctz or cto, we negate the mask at the end of the loop.
+ */
+target_ulong m, left = 0, right = 0;
+unsigned int n, i = 64;
+bool bit = false; /* tracks if we are processing zeros or ones */
+
+if (mask == 0 || mask == -1) {
+return src;
+}
+
+/* Processes the mask in blocks, from LSB to MSB */
+while (i) {
+/* Find how many bits we should take */
+n = ctz64(mask);
+if (n > i) {
+n = i;
+}
+
+/*
+ * Extracts 'n' trailing bits of src and put them on the leading 'n'
+ * bits of 'right' or 'left', pushing down the previously extracted
+ * values.
+ */
+m = (1ll << n) - 1;
+if (bit) {
+right = ror64(right | (src & m), n);
+} else {
+left = ror64(left | (src & m), n);
+}
+
+/*
+ * Discards the processed bits from 'src' and 'mask'. Note that we are
+ * removing 'n' trailing zeros from 'mask', but the logical shift will
+ * add 'n' leading zeros back, so the population count of 'mask' is 
kept
+ * the same.
+ */
+src >>= n;
+mask >>= n;
+i -= n;
+bit = !bit;
+mask = ~mask;
+}
+
+/*
+ * At the end, right was ror'ed ctpop(mask) times. To put it back in place,
+ * we'll shift it more 64-ctpop(mask) times.
+ */
+if (bit) {
+n = ctpop64(mask);
+} else {
+n = 64 - ctpop64(mask);
+}
+
+return left | (right >> n);
+}
+
 /*/
 /* PowerPC 601 specific instructions (POWER bridge) */
 target_ulong helper_div(CPUPPCState *env, target_ulong arg1, target_ulong arg2)
diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
b/target/ppc/translate/fixedpoint-impl.c.inc
index 204848d017..4038143efb 100644
--- a/target/ppc/translate/fixedpoint-impl.c.inc
+++ b/target/ppc/translate/fixedpoint-impl.c.inc
@@ -227,3 +227,15 @@ TRANS(SETBC, do_set_bool_cond, false, false)
 TRANS(SETBCR, do_set_bool_cond, false, true)
 TRANS(SETNBC, do_set_bool_cond, true, false)
 TRANS(SETNBCR, do_set_bool_cond, true, true)
+
+static bool trans_CFUGED(DisasContext *ctx, arg_X *a)
+{
+REQUIRE_64BIT(ctx);
+REQUIRE_INSNS_FLAGS2(ctx, ISA310);
+#if defined(TARGET_PPC64)
+gen_helper_cfuged(cpu_gpr[a->ra], cpu_gpr[a->rt], cpu_gpr[a->rb]);
+#else
+qemu_build_not_reached();
+#endif
+return true;
+}
-- 
2.25.1




[PATCH v5 18/23] target/ppc: Implement prefixed integer store instructions

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/insn64.decode   | 12 
 target/ppc/translate/fixedpoint-impl.c.inc |  4 
 2 files changed, 16 insertions(+)

diff --git a/target/ppc/insn64.decode b/target/ppc/insn64.decode
index 547bd1736f..72c5944a53 100644
--- a/target/ppc/insn64.decode
+++ b/target/ppc/insn64.decode
@@ -39,6 +39,18 @@ PLWA01 00 0--.-- .. \
 PLD 01 00 0--.-- .. \
 111001 . .  @PLS_D
 
+### Fixed-Point Store Instructions
+
+PSTW01 10 0--.-- .. \
+100100 . .  @PLS_D
+PSTB01 10 0--.-- .. \
+100110 . .  @PLS_D
+PSTH01 10 0--.-- .. \
+101100 . .  @PLS_D
+
+PSTD01 00 0--.-- .. \
+01 . .  @PLS_D
+
 ### Fixed-Point Arithmetic Instructions
 
 PADDI   01 10 0--.-- .. \
diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
b/target/ppc/translate/fixedpoint-impl.c.inc
index adeee33289..2d2d874146 100644
--- a/target/ppc/translate/fixedpoint-impl.c.inc
+++ b/target/ppc/translate/fixedpoint-impl.c.inc
@@ -142,24 +142,28 @@ TRANS(STB, do_ldst_D, false, true, MO_UB)
 TRANS(STBX, do_ldst_X, false, true, MO_UB)
 TRANS(STBU, do_ldst_D, true, true, MO_UB)
 TRANS(STBUX, do_ldst_X, true, true, MO_UB)
+TRANS(PSTB, do_ldst_PLS_D, false, true, MO_UB)
 
 /* Store Halfword */
 TRANS(STH, do_ldst_D, false, true, MO_UW)
 TRANS(STHX, do_ldst_X, false, true, MO_UW)
 TRANS(STHU, do_ldst_D, true, true, MO_UW)
 TRANS(STHUX, do_ldst_X, true, true, MO_UW)
+TRANS(PSTH, do_ldst_PLS_D, false, true, MO_UW)
 
 /* Store Word */
 TRANS(STW, do_ldst_D, false, true, MO_UL)
 TRANS(STWX, do_ldst_X, false, true, MO_UL)
 TRANS(STWU, do_ldst_D, true, true, MO_UL)
 TRANS(STWUX, do_ldst_X, true, true, MO_UL)
+TRANS(PSTW, do_ldst_PLS_D, false, true, MO_UL)
 
 /* Store Doubleword */
 TRANS64(STD, do_ldst_D, false, true, MO_Q)
 TRANS64(STDX, do_ldst_X, false, true, MO_Q)
 TRANS64(STDU, do_ldst_D, true, true, MO_Q)
 TRANS64(STDUX, do_ldst_X, true, true, MO_Q)
+TRANS64(PSTD, do_ldst_PLS_D, false, true, MO_Q)
 
 /*
  * Fixed-Point Arithmetic Instructions
-- 
2.25.1




[PATCH v5 19/23] target/ppc: Implement setbc/setbcr/stnbc/setnbcr instructions

2021-05-17 Thread matheus . ferst
From: Matheus Ferst 

Implements the following PowerISA v3.1 instructions:
setbc: Set Boolean Condition
setbcr: Set Boolean Condition Reverse
setnbc: Set Negative Boolean Condition
setnbcr: Set Negative Boolean Condition Reverse

Signed-off-by: Matheus Ferst 
---
v5:
- Style fix;
- Use tcg_gen_setcondi_tl instead of tcg_gen_movcond_tl.
---
 target/ppc/insn32.decode   | 10 ++
 target/ppc/translate/fixedpoint-impl.c.inc | 23 ++
 2 files changed, 33 insertions(+)

diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 00ec0f4328..bc69c70493 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -26,6 +26,9 @@
 &X  rt ra rb
 @X  .. rt:5 ra:5 rb:5 .. .  &X
 
+&X_bi   rt bi
+@X_bi   .. rt:5 bi:5 - .. - &X_bi
+
 ### Fixed-Point Load Instructions
 
 LBZ 100010 . .  @D
@@ -83,3 +86,10 @@ STDUX   01 . . . 0010110101 -   @X
 
 ADDI001110 . .  @D
 ADDIS   00 . .  @D
+
+### Move To/From System Register Instructions
+
+SETBC   01 . . - 011000 -   @X_bi
+SETBCR  01 . . - 011010 -   @X_bi
+SETNBC  01 . . - 011100 -   @X_bi
+SETNBCR 01 . . - 00 -   @X_bi
diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
b/target/ppc/translate/fixedpoint-impl.c.inc
index 2d2d874146..204848d017 100644
--- a/target/ppc/translate/fixedpoint-impl.c.inc
+++ b/target/ppc/translate/fixedpoint-impl.c.inc
@@ -204,3 +204,26 @@ static bool trans_PNOP(DisasContext *ctx, arg_PNOP *a)
 {
 return true;
 }
+
+static bool do_set_bool_cond(DisasContext *ctx, arg_X_bi *a, bool neg, bool 
rev)
+{
+REQUIRE_INSNS_FLAGS2(ctx, ISA310);
+uint32_t mask = 0x08 >> (a->bi & 0x03);
+TCGCond cond = rev ? TCG_COND_EQ : TCG_COND_NE;
+TCGv temp = tcg_temp_new();
+
+tcg_gen_extu_i32_tl(temp, cpu_crf[a->bi >> 2]);
+tcg_gen_andi_tl(temp, temp, mask);
+tcg_gen_setcondi_tl(cond, cpu_gpr[a->rt], temp, 0);
+if(neg) {
+tcg_gen_neg_tl(cpu_gpr[a->rt], cpu_gpr[a->rt]);
+}
+tcg_temp_free(temp);
+
+return true;
+}
+
+TRANS(SETBC, do_set_bool_cond, false, false)
+TRANS(SETBCR, do_set_bool_cond, false, true)
+TRANS(SETNBC, do_set_bool_cond, true, false)
+TRANS(SETNBCR, do_set_bool_cond, true, true)
-- 
2.25.1




[PATCH v5 17/23] target/ppc: Move D/DS/X-form integer stores to decodetree

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

These are all connected by macros in the legacy decoding.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/insn32.decode   | 22 ++
 target/ppc/translate.c | 85 +-
 target/ppc/translate/fixedpoint-impl.c.inc | 24 ++
 3 files changed, 49 insertions(+), 82 deletions(-)

diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 70f64c235b..00ec0f4328 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -57,6 +57,28 @@ LDU 111010 . . ..01 @DS
 LDX 01 . . . 010101 -   @X
 LDUX01 . . . 110101 -   @X
 
+### Fixed-Point Store Instructions
+
+STB 100110 . .  @D
+STBU100111 . .  @D
+STBX01 . . . 0011010111 -   @X
+STBUX   01 . . . 000111 -   @X
+
+STH 101100 . .  @D
+STHU101101 . .  @D
+STHX01 . . . 0110010111 -   @X
+STHUX   01 . . . 0110110111 -   @X
+
+STW 100100 . .  @D
+STWU100101 . .  @D
+STWX01 . . . 0010010111 -   @X
+STWUX   01 . . . 0010110111 -   @X
+
+STD 10 . . ..00 @DS
+STDU10 . . ..01 @DS
+STDX01 . . . 0010010101 -   @X
+STDUX   01 . . . 0010110101 -   @X
+
 ### Fixed-Point Arithmetic Instructions
 
 ADDI001110 . .  @D
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index e037efcfe1..bf624edba6 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -3385,7 +3385,9 @@ static void glue(gen_qemu_, stop)(DisasContext *ctx,  
  \
 tcg_gen_qemu_st_tl(val, addr, ctx->mem_idx, op);\
 }
 
+#if defined(TARGET_PPC64) || !defined(CONFIG_USER_ONLY)
 GEN_QEMU_STORE_TL(st8,  DEF_MEMOP(MO_UB))
+#endif
 GEN_QEMU_STORE_TL(st16, DEF_MEMOP(MO_UW))
 GEN_QEMU_STORE_TL(st32, DEF_MEMOP(MO_UL))
 
@@ -3518,52 +3520,6 @@ static void gen_lq(DisasContext *ctx)
 #endif
 
 /***  Integer store***/
-#define GEN_ST(name, stop, opc, type) \
-static void glue(gen_, name)(DisasContext *ctx)   \
-{ \
-TCGv EA;  \
-gen_set_access_type(ctx, ACCESS_INT); \
-EA = tcg_temp_new();  \
-gen_addr_imm_index(ctx, EA, 0);   \
-gen_qemu_##stop(ctx, cpu_gpr[rS(ctx->opcode)], EA);   \
-tcg_temp_free(EA);\
-}
-
-#define GEN_STU(name, stop, opc, type)\
-static void glue(gen_, stop##u)(DisasContext *ctx)\
-{ \
-TCGv EA;  \
-if (unlikely(rA(ctx->opcode) == 0)) { \
-gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);   \
-return;   \
-} \
-gen_set_access_type(ctx, ACCESS_INT); \
-EA = tcg_temp_new();  \
-if (type == PPC_64B)  \
-gen_addr_imm_index(ctx, EA, 0x03);\
-else  \
-gen_addr_imm_index(ctx, EA, 0);   \
-gen_qemu_##stop(ctx, cpu_gpr[rS(ctx->opcode)], EA);   \
-tcg_gen_mov_tl(cpu_gpr[rA(ctx->opcode)], EA); \
-tcg_temp_free(EA);\
-}
-
-#define GEN_STUX(name, stop, opc2, opc3, type)\
-static void glue(gen_, name##ux)(DisasContext *ctx)   \
-{ \
-TCGv EA;  \
-if (unlik

[PATCH v5 15/23] target/ppc: Move D/DS/X-form integer loads to decodetree

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

These are all connected by macros in the legacy decoding.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/insn32.decode   |  37 ++
 target/ppc/translate.c | 147 -
 target/ppc/translate/fixedpoint-impl.c.inc |  89 +
 3 files changed, 150 insertions(+), 123 deletions(-)

diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index e7c062d8b4..70f64c235b 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -20,6 +20,43 @@
 &D  rt ra si:int64_t
 @D  .. rt:5 ra:5 si:s16 &D
 
+%ds_si  2:s14  !function=times_4
+@DS .. rt:5 ra:5 .. ..  &D si=%ds_si
+
+&X  rt ra rb
+@X  .. rt:5 ra:5 rb:5 .. .  &X
+
+### Fixed-Point Load Instructions
+
+LBZ 100010 . .  @D
+LBZU100011 . .  @D
+LBZX01 . . . 0001010111 -   @X
+LBZUX   01 . . . 0001110111 -   @X
+
+LHZ 101000 . .  @D
+LHZU101001 . .  @D
+LHZX01 . . . 0100010111 -   @X
+LHZUX   01 . . . 0100110111 -   @X
+
+LHA 101010 . .  @D
+LHAU101011 . .  @D
+LHAX01 . . . 0101010111 -   @X
+LHAXU   01 . . . 0101110111 -   @X
+
+LWZ 10 . .  @D
+LWZU11 . .  @D
+LWZX01 . . . 010111 -   @X
+LWZUX   01 . . . 110111 -   @X
+
+LWA 111010 . . ..10 @DS
+LWAX01 . . . 0101010101 -   @X
+LWAUX   01 . . . 0101110101 -   @X
+
+LD  111010 . . ..00 @DS
+LDU 111010 . . ..01 @DS
+LDX 01 . . . 010101 -   @X
+LDUX01 . . . 110101 -   @X
+
 ### Fixed-Point Arithmetic Instructions
 
 ADDI001110 . .  @D
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 5bf9001141..e037efcfe1 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -3409,54 +3409,6 @@ GEN_QEMU_STORE_64(st64, DEF_MEMOP(MO_Q))
 GEN_QEMU_STORE_64(st64r, BSWAP_MEMOP(MO_Q))
 #endif
 
-#define GEN_LD(name, ldop, opc, type) \
-static void glue(gen_, name)(DisasContext *ctx)   \
-{ \
-TCGv EA;  \
-gen_set_access_type(ctx, ACCESS_INT); \
-EA = tcg_temp_new();  \
-gen_addr_imm_index(ctx, EA, 0);   \
-gen_qemu_##ldop(ctx, cpu_gpr[rD(ctx->opcode)], EA);   \
-tcg_temp_free(EA);\
-}
-
-#define GEN_LDU(name, ldop, opc, type)\
-static void glue(gen_, name##u)(DisasContext *ctx)\
-{ \
-TCGv EA;  \
-if (unlikely(rA(ctx->opcode) == 0 ||  \
- rA(ctx->opcode) == rD(ctx->opcode))) {   \
-gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);   \
-return;   \
-} \
-gen_set_access_type(ctx, ACCESS_INT); \
-EA = tcg_temp_new();  \
-if (type == PPC_64B)  \
-gen_addr_imm_index(ctx, EA, 0x03);\
-else  \
-gen_addr_imm_index(ctx, EA, 0);   \
-gen_qemu_##ldop(ctx, cpu_gpr[rD(ctx->opcode)], EA);   \
-tcg_gen_mov_tl(cpu_gpr[rA(ctx->opcode)], EA); \
-tcg_temp_free(EA);\
-}
-
-#define GEN_LDUX(name, ldop, opc2, opc3, type)\
-static void glue(gen_, name##u

[PATCH v5 16/23] target/ppc: Implement prefixed integer load instructions

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/insn64.decode   | 15 +++
 target/ppc/translate/fixedpoint-impl.c.inc | 16 
 2 files changed, 31 insertions(+)

diff --git a/target/ppc/insn64.decode b/target/ppc/insn64.decode
index 9aa5097a98..547bd1736f 100644
--- a/target/ppc/insn64.decode
+++ b/target/ppc/insn64.decode
@@ -24,6 +24,21 @@
 .. rt:5 ra:5    \
 &PLS_D si=%pls_si
 
+### Fixed-Point Load Instructions
+
+PLBZ01 10 0--.-- .. \
+100010 . .  @PLS_D
+PLHZ01 10 0--.-- .. \
+101000 . .  @PLS_D
+PLHA01 10 0--.-- .. \
+101010 . .  @PLS_D
+PLWZ01 10 0--.-- .. \
+10 . .  @PLS_D
+PLWA01 00 0--.-- .. \
+101001 . .  @PLS_D
+PLD 01 00 0--.-- .. \
+111001 . .  @PLS_D
+
 ### Fixed-Point Arithmetic Instructions
 
 PADDI   01 10 0--.-- .. \
diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
b/target/ppc/translate/fixedpoint-impl.c.inc
index 6140dd41ca..7687f31d6f 100644
--- a/target/ppc/translate/fixedpoint-impl.c.inc
+++ b/target/ppc/translate/fixedpoint-impl.c.inc
@@ -80,6 +80,16 @@ static bool do_ldst_D(DisasContext *ctx, arg_D *a, bool 
update, bool store,
 return do_ldst(ctx, a->rt, a->ra, tcg_constant_tl(a->si), update, store, 
mop);
 }
 
+static bool do_ldst_PLS_D(DisasContext *ctx, arg_PLS_D *a, bool update,
+  bool store, MemOp mop)
+{
+arg_D d;
+if (!resolve_PLS_D(ctx, &d, a)) {
+return true;
+}
+return do_ldst_D(ctx, &d, update, store, mop);
+}
+
 static bool do_ldst_X(DisasContext *ctx, arg_X *a, bool update,
   bool store, MemOp mop)
 {
@@ -91,35 +101,41 @@ TRANS(LBZ, do_ldst_D, false, false, MO_UB)
 TRANS(LBZX, do_ldst_X, false, false, MO_UB)
 TRANS(LBZU, do_ldst_D, true, false, MO_UB)
 TRANS(LBZUX, do_ldst_X, true, false, MO_UB)
+TRANS(PLBZ, do_ldst_PLS_D, false, false, MO_UB)
 
 /* Load Halfword and Zero */
 TRANS(LHZ, do_ldst_D, false, false, MO_UW)
 TRANS(LHZX, do_ldst_X, false, false, MO_UW)
 TRANS(LHZU, do_ldst_D, true, false, MO_UW)
 TRANS(LHZUX, do_ldst_X, true, false, MO_UW)
+TRANS(PLHZ, do_ldst_PLS_D, false, false, MO_UW)
 
 /* Load Halfword Algebraic */
 TRANS(LHA, do_ldst_D, false, false, MO_SW)
 TRANS(LHAX, do_ldst_X, false, false, MO_SW)
 TRANS(LHAU, do_ldst_D, true, false, MO_SW)
 TRANS(LHAXU, do_ldst_X, true, false, MO_SW)
+TRANS(PLHA, do_ldst_PLS_D, false, false, MO_SW)
 
 /* Load Word and Zero */
 TRANS(LWZ, do_ldst_D, false, false, MO_UL)
 TRANS(LWZX, do_ldst_X, false, false, MO_UL)
 TRANS(LWZU, do_ldst_D, true, false, MO_UL)
 TRANS(LWZUX, do_ldst_X, true, false, MO_UL)
+TRANS(PLWZ, do_ldst_PLS_D, false, false, MO_UL)
 
 /* Load Word Algebraic */
 TRANS64(LWA, do_ldst_D, false, false, MO_SL)
 TRANS64(LWAX, do_ldst_X, false, false, MO_SL)
 TRANS64(LWAUX, do_ldst_X, true, false, MO_SL)
+TRANS64(PLWA, do_ldst_PLS_D, false, false, MO_SL)
 
 /* Load Doubleword */
 TRANS64(LD, do_ldst_D, false, false, MO_Q)
 TRANS64(LDX, do_ldst_X, false, false, MO_Q)
 TRANS64(LDU, do_ldst_D, true, false, MO_Q)
 TRANS64(LDUX, do_ldst_X, true, false, MO_Q)
+TRANS64(PLD, do_ldst_PLS_D, false, false, MO_Q)
 
 /*
  * Fixed-Point Arithmetic Instructions
-- 
2.25.1




[PATCH v5 12/23] target/ppc: Move ADDI, ADDIS to decodetree, implement PADDI

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/insn32.decode   |  8 
 target/ppc/insn64.decode   | 12 ++
 target/ppc/translate.c | 29 --
 target/ppc/translate/fixedpoint-impl.c.inc | 44 ++
 4 files changed, 64 insertions(+), 29 deletions(-)

diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index a3a8ae06bf..e7c062d8b4 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -16,3 +16,11 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library; if not, see .
 #
+
+&D  rt ra si:int64_t
+@D  .. rt:5 ra:5 si:s16 &D
+
+### Fixed-Point Arithmetic Instructions
+
+ADDI001110 . .  @D
+ADDIS   00 . .  @D
diff --git a/target/ppc/insn64.decode b/target/ppc/insn64.decode
index a38b1f84dc..1965088915 100644
--- a/target/ppc/insn64.decode
+++ b/target/ppc/insn64.decode
@@ -16,3 +16,15 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library; if not, see .
 #
+
+# Format MLS:D and 8LS:D
+&PLS_D  rt ra si:int64_t r:bool
+%pls_si 32:s18 0:16
+@PLS_D  .. .. ... r:1 .. .. \
+.. rt:5 ra:5    \
+&PLS_D si=%pls_si
+
+### Fixed-Point Arithmetic Instructions
+
+PADDI   01 10 0--.-- .. \
+001110 . .  @PLS_D
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 64d6acb078..5bf9001141 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -1846,19 +1846,6 @@ GEN_INT_ARITH_ADD(addex, 0x05, cpu_ov, 1, 1, 0);
 /* addze  addze.  addzeo  addzeo.*/
 GEN_INT_ARITH_ADD_CONST(addze, 0x06, 0, cpu_ca, 1, 1, 0)
 GEN_INT_ARITH_ADD_CONST(addzeo, 0x16, 0, cpu_ca, 1, 1, 1)
-/* addi */
-static void gen_addi(DisasContext *ctx)
-{
-target_long simm = SIMM(ctx->opcode);
-
-if (rA(ctx->opcode) == 0) {
-/* li case */
-tcg_gen_movi_tl(cpu_gpr[rD(ctx->opcode)], simm);
-} else {
-tcg_gen_addi_tl(cpu_gpr[rD(ctx->opcode)],
-cpu_gpr[rA(ctx->opcode)], simm);
-}
-}
 /* addic  addic.*/
 static inline void gen_op_addic(DisasContext *ctx, bool compute_rc0)
 {
@@ -1878,20 +1865,6 @@ static void gen_addic_(DisasContext *ctx)
 gen_op_addic(ctx, 1);
 }
 
-/* addis */
-static void gen_addis(DisasContext *ctx)
-{
-target_long simm = SIMM(ctx->opcode);
-
-if (rA(ctx->opcode) == 0) {
-/* lis case */
-tcg_gen_movi_tl(cpu_gpr[rD(ctx->opcode)], simm << 16);
-} else {
-tcg_gen_addi_tl(cpu_gpr[rD(ctx->opcode)],
-cpu_gpr[rA(ctx->opcode)], simm << 16);
-}
-}
-
 /* addpcis */
 static void gen_addpcis(DisasContext *ctx)
 {
@@ -7903,10 +7876,8 @@ GEN_HANDLER_E(cmpeqb, 0x1F, 0x00, 0x07, 0x0060, 
PPC_NONE, PPC2_ISA300),
 GEN_HANDLER_E(cmpb, 0x1F, 0x1C, 0x0F, 0x0001, PPC_NONE, PPC2_ISA205),
 GEN_HANDLER_E(cmprb, 0x1F, 0x00, 0x06, 0x0041, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER(isel, 0x1F, 0x0F, 0xFF, 0x0001, PPC_ISEL),
-GEN_HANDLER(addi, 0x0E, 0xFF, 0xFF, 0x, PPC_INTEGER),
 GEN_HANDLER(addic, 0x0C, 0xFF, 0xFF, 0x, PPC_INTEGER),
 GEN_HANDLER2(addic_, "addic.", 0x0D, 0xFF, 0xFF, 0x, PPC_INTEGER),
-GEN_HANDLER(addis, 0x0F, 0xFF, 0xFF, 0x, PPC_INTEGER),
 GEN_HANDLER_E(addpcis, 0x13, 0x2, 0xFF, 0x, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER(mulhw, 0x1F, 0x0B, 0x02, 0x0400, PPC_INTEGER),
 GEN_HANDLER(mulhwu, 0x1F, 0x0B, 0x00, 0x0400, PPC_INTEGER),
diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
b/target/ppc/translate/fixedpoint-impl.c.inc
index be75085cee..344a3ed54b 100644
--- a/target/ppc/translate/fixedpoint-impl.c.inc
+++ b/target/ppc/translate/fixedpoint-impl.c.inc
@@ -16,3 +16,47 @@
  * You should have received a copy of the GNU Lesser General Public
  * License along with this library; if not, see .
  */
+
+/*
+ * Incorporate CIA into the constant when R=1.
+ * Validate that when R=1, RA=0.
+ */
+static bool resolve_PLS_D(DisasContext *ctx, arg_D *d, arg_PLS_D *a)
+{
+d->rt = a->rt;
+d->ra = a->ra;
+d->si = a->si;
+if (a->r) {
+if (unlikely(a->ra != 0)) {
+gen_invalid(ctx);
+return false;
+}
+d->si += ctx->cia;
+}
+return true;
+}
+
+static bool trans_ADDI(DisasContext *ctx, arg_D *a)
+{
+if (a->ra) {
+tcg_gen_addi_tl(cpu_gpr[a->rt], cpu_gpr[a->ra], a->si);
+} else {
+tcg_gen_movi_tl(cpu_gpr[a->rt], a->si);
+}
+return true;
+}
+
+static bool trans_PADDI(DisasContext *ctx, arg_PLS_D *a)
+{
+arg_D d;
+i

[PATCH v5 13/23] target/ppc: Implement PNOP

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

The illegal suffix behavior matches what was observed in a
POWER10 DD2.0 machine.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
v5:
- Remove argument set from PNOP;
- Use no_overlap_group for invalid suffixes.
---
 target/ppc/insn64.decode   | 67 ++
 target/ppc/translate/fixedpoint-impl.c.inc | 11 
 2 files changed, 78 insertions(+)

diff --git a/target/ppc/insn64.decode b/target/ppc/insn64.decode
index 1965088915..9aa5097a98 100644
--- a/target/ppc/insn64.decode
+++ b/target/ppc/insn64.decode
@@ -28,3 +28,70 @@
 
 PADDI   01 10 0--.-- .. \
 001110 . .  @PLS_D
+
+### Prefixed No-operation Instruction
+
+@PNOP   01 11 -- 00 \
+
+
+{
+  [
+## Invalid suffixes: Branch instruction
+# bc[l][a]
+INVALID \
+01--@PNOP
+# b[l][a]
+INVALID \
+010010--@PNOP
+# bclr[l]
+INVALID \
+010011---01-@PNOP
+# bcctr[l]
+INVALID \
+010011---11-@PNOP
+# bctar[l]
+INVALID \
+010011---100011-@PNOP
+
+## Invalid suffixes: rfebb
+INVALID \
+010011---0010010010-@PNOP
+
+## Invalid suffixes: context synchronizing other than isync
+# sc
+INVALID \
+0100011-@PNOP
+# scv
+INVALID \
+01000101@PNOP
+# rfscv
+INVALID \
+010011---0001010010-@PNOP
+# rfid
+INVALID \
+010011---010010-@PNOP
+# hrfid
+INVALID \
+010011---0100010010-@PNOP
+# urfid
+INVALID \
+010011---0100110010-@PNOP
+# stop
+INVALID \
+010011---0101110010-@PNOP
+# mtmsr w/ L=0
+INVALID \
+01-0-0010010010-@PNOP
+# mtmsrd w/ L=0
+INVALID \
+01-0-0010110010-@PNOP
+
+## Invalid suffixes: Service Processor Attention
+INVALID \
+001-@PNOP
+  ]
+
+  ## Valid suffixes
+  PNOP  \
+@PNOP
+}
diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
b/target/ppc/translate/fixedpoint-impl.c.inc
index 344a3ed54b..ce034a14a7 100644
--- a/target/ppc/translate/fixedpoint-impl.c.inc
+++ b/target/ppc/translate/fixedpoint-impl.c.inc
@@ -60,3 +60,14 @@ static bool trans_ADDIS(DisasContext *ctx, arg_D *a)
 a->si <<= 16;
 return trans_ADDI(ctx, a);
 }
+
+static bool trans_INVALID(DisasContext *ctx, arg_INVALID *a)
+{
+gen_invalid(ctx);
+return true;
+}
+
+static bool trans_PNOP(DisasContext *ctx, arg_PNOP *a)
+{
+return true;
+}
-- 
2.25.1




[PATCH v5 14/23] TCG: add tcg_constant_tl

2021-05-17 Thread matheus . ferst
From: Matheus Ferst 

Used in D/DS/X-form load/store implementation.

Signed-off-by: Matheus Ferst 
---
 include/tcg/tcg-op.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/tcg/tcg-op.h b/include/tcg/tcg-op.h
index 2cd1faf9c4..ef8a008ea7 100644
--- a/include/tcg/tcg-op.h
+++ b/include/tcg/tcg-op.h
@@ -1096,6 +1096,7 @@ void tcg_gen_stl_vec(TCGv_vec r, TCGv_ptr base, TCGArg 
offset, TCGType t);
 #define tcg_gen_sextract_tl tcg_gen_sextract_i64
 #define tcg_gen_extract2_tl tcg_gen_extract2_i64
 #define tcg_const_tl tcg_const_i64
+#define tcg_constant_tl tcg_constant_i64
 #define tcg_const_local_tl tcg_const_local_i64
 #define tcg_gen_movcond_tl tcg_gen_movcond_i64
 #define tcg_gen_add2_tl tcg_gen_add2_i64
@@ -1209,6 +1210,7 @@ void tcg_gen_stl_vec(TCGv_vec r, TCGv_ptr base, TCGArg 
offset, TCGType t);
 #define tcg_gen_sextract_tl tcg_gen_sextract_i32
 #define tcg_gen_extract2_tl tcg_gen_extract2_i32
 #define tcg_const_tl tcg_const_i32
+#define tcg_constant_tl tcg_constant_i32
 #define tcg_const_local_tl tcg_const_local_i32
 #define tcg_gen_movcond_tl tcg_gen_movcond_i32
 #define tcg_gen_add2_tl tcg_gen_add2_i32
-- 
2.25.1




[PATCH v5 11/23] target/ppc: Add infrastructure for prefixed insns

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

Signed-off-by: Luis Pires 
Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/cpu.h   |  1 +
 target/ppc/insn32.decode   | 18 
 target/ppc/insn64.decode   | 18 
 target/ppc/meson.build |  9 ++
 target/ppc/translate.c | 34 +++---
 target/ppc/translate/fixedpoint-impl.c.inc | 18 
 6 files changed, 94 insertions(+), 4 deletions(-)
 create mode 100644 target/ppc/insn32.decode
 create mode 100644 target/ppc/insn64.decode
 create mode 100644 target/ppc/translate/fixedpoint-impl.c.inc

diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index cab33a3680..351fcdf5f8 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -144,6 +144,7 @@ enum {
 POWERPC_EXCP_ALIGN_PROT= 0x04,  /* Access cross protection boundary  */
 POWERPC_EXCP_ALIGN_BAT = 0x05,  /* Access cross a BAT/seg boundary   */
 POWERPC_EXCP_ALIGN_CACHE   = 0x06,  /* Impossible dcbz access*/
+POWERPC_EXCP_ALIGN_INSN= 0x07,  /* Pref. insn x-ing 64-byte boundary */
 /* Exception subtypes for POWERPC_EXCP_PROGRAM   */
 /* FP exceptions */
 POWERPC_EXCP_FP= 0x10,
diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
new file mode 100644
index 00..a3a8ae06bf
--- /dev/null
+++ b/target/ppc/insn32.decode
@@ -0,0 +1,18 @@
+#
+# Power ISA decode for 32-bit insns (opcode space 0)
+#
+# Copyright (c) 2021 Instituto de Pesquisas Eldorado (eldorado.org.br)
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, see .
+#
diff --git a/target/ppc/insn64.decode b/target/ppc/insn64.decode
new file mode 100644
index 00..a38b1f84dc
--- /dev/null
+++ b/target/ppc/insn64.decode
@@ -0,0 +1,18 @@
+#
+# Power ISA decode for 64-bit prefixed insns (opcode space 0 and 1)
+#
+# Copyright (c) 2021 Instituto de Pesquisas Eldorado (eldorado.org.br)
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, see .
+#
diff --git a/target/ppc/meson.build b/target/ppc/meson.build
index d1aa7d5d39..512e3a0288 100644
--- a/target/ppc/meson.build
+++ b/target/ppc/meson.build
@@ -17,6 +17,15 @@ ppc_ss.add(files(
 
 ppc_ss.add(libdecnumber)
 
+gen = [
+  decodetree.process('insn32.decode',
+ extra_args: '--static-decode=decode_insn32'),
+  decodetree.process('insn64.decode',
+ extra_args: ['--static-decode=decode_insn64',
+  '--insnwidth=64']),
+]
+ppc_ss.add(gen)
+
 ppc_ss.add(when: 'CONFIG_KVM', if_true: files('kvm.c'), if_false: 
files('kvm-stub.c'))
 ppc_ss.add(when: 'CONFIG_USER_ONLY', if_true: files('user_only_helper.c'))
 
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index b1873d2dcc..64d6acb078 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7776,6 +7776,10 @@ static inline void set_avr64(int regno, TCGv_i64 src, 
bool high)
 # define REQUIRE_64BIT(CTX)  REQUIRE_INSNS_FLAGS(CTX, 64B)
 #endif
 
+#include "decode-insn32.c.inc"
+#include "decode-insn64.c.inc"
+#include "translate/fixedpoint-impl.c.inc"
+
 #include "translate/fp-impl.c.inc"
 
 #include "translate/vmx-impl.c.inc"
@@ -9089,11 +9093,18 @@ static bool ppc_tr_breakpoint_check(DisasContextBase 
*dcbase, CPUState *cs,
 return true;
 }
 
+static bool is_prefix_insn(DisasContext *ctx, uint32_t insn)
+{
+REQUIRE_INSNS_FLAGS2(ctx, ISA310);
+return opc1(insn) == 1;
+}
+
 static void ppc_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
 {
 DisasContext *ctx = container_of(dcbase, DisasContext, base);
 PowerPCCPU *cpu = POWERPC_CPU(cs);
 CP

[PATCH v5 09/23] target/ppc: Introduce macros to check isa extensions

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

These will be used by the decodetree trans_* functions
to early-exit when the instruction set is not enabled.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/translate.c | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index ea200f9637..dc0f5fafc2 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7750,6 +7750,32 @@ static inline void set_avr64(int regno, TCGv_i64 src, 
bool high)
 tcg_gen_st_i64(src, cpu_env, avr64_offset(regno, high));
 }
 
+/*
+ * Helpers for trans_* functions to check for specific insns flags.
+ * Use token pasting to ensure that we use the proper flag with the
+ * proper variable.
+ */
+#define REQUIRE_INSNS_FLAGS(CTX, NAME) \
+do {\
+if (((CTX)->insns_flags & PPC_##NAME) == 0) {   \
+return false;   \
+}   \
+} while (0)
+
+#define REQUIRE_INSNS_FLAGS2(CTX, NAME) \
+do {\
+if (((CTX)->insns_flags2 & PPC2_##NAME) == 0) { \
+return false;   \
+}   \
+} while (0)
+
+/* Then special-case the check for 64-bit so that we elide code for ppc32. */
+#if TARGET_LONG_BITS == 32
+# define REQUIRE_64BIT(CTX)  return false
+#else
+# define REQUIRE_64BIT(CTX)  REQUIRE_INSNS_FLAGS(CTX, 64B)
+#endif
+
 #include "translate/fp-impl.c.inc"
 
 #include "translate/vmx-impl.c.inc"
-- 
2.25.1




[PATCH v3] target/xtensa: clean up unaligned access

2021-05-17 Thread Max Filippov
Xtensa cores may or may not have hardware support for unaligned memory
access. On cores with such support pass MO_UNALN in memory access flags
for all operations that would not raise an exception. Drop condition
from xtensa_cpu_do_unaligned_access and replace it with assertions.
Add a test.

Suggested-by: Philippe Mathieu-Daudé 
Signed-off-by: Max Filippov 
---
Changes v2->v3:
- drop assertion for !XTENSA_OPTION_HW_ALIGNMENT from
  xtensa_cpu_do_unaligned_access to correctly handle acquire/release
  intsructions;
- add tests for acquire/release instructions.

Changes v1->v2:
- correctly handle case of !XCHAL_UNALIGNED_*_EXCEPTION in the test

 target/xtensa/helper.c |  13 +-
 target/xtensa/translate.c  | 108 +++---
 tests/tcg/xtensa/test_load_store.S | 221 +
 3 files changed, 281 insertions(+), 61 deletions(-)
 create mode 100644 tests/tcg/xtensa/test_load_store.S

diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
index eeffee297d15..f18ab383fd89 100644
--- a/target/xtensa/helper.c
+++ b/target/xtensa/helper.c
@@ -270,13 +270,12 @@ void xtensa_cpu_do_unaligned_access(CPUState *cs,
 XtensaCPU *cpu = XTENSA_CPU(cs);
 CPUXtensaState *env = &cpu->env;
 
-if (xtensa_option_enabled(env->config, XTENSA_OPTION_UNALIGNED_EXCEPTION) 
&&
-!xtensa_option_enabled(env->config, XTENSA_OPTION_HW_ALIGNMENT)) {
-cpu_restore_state(CPU(cpu), retaddr, true);
-HELPER(exception_cause_vaddr)(env,
-  env->pc, LOAD_STORE_ALIGNMENT_CAUSE,
-  addr);
-}
+assert(xtensa_option_enabled(env->config,
+ XTENSA_OPTION_UNALIGNED_EXCEPTION));
+cpu_restore_state(CPU(cpu), retaddr, true);
+HELPER(exception_cause_vaddr)(env,
+  env->pc, LOAD_STORE_ALIGNMENT_CAUSE,
+  addr);
 }
 
 bool xtensa_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 0ae4efc48a17..8759bea7ff85 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -339,16 +339,6 @@ static void gen_exception_cause(DisasContext *dc, uint32_t 
cause)
 }
 }
 
-static void gen_exception_cause_vaddr(DisasContext *dc, uint32_t cause,
-TCGv_i32 vaddr)
-{
-TCGv_i32 tpc = tcg_const_i32(dc->pc);
-TCGv_i32 tcause = tcg_const_i32(cause);
-gen_helper_exception_cause_vaddr(cpu_env, tpc, tcause, vaddr);
-tcg_temp_free(tpc);
-tcg_temp_free(tcause);
-}
-
 static void gen_debug_exception(DisasContext *dc, uint32_t cause)
 {
 TCGv_i32 tpc = tcg_const_i32(dc->pc);
@@ -554,20 +544,16 @@ static uint32_t test_exceptions_hpi(DisasContext *dc, 
const OpcodeArg arg[],
 return test_exceptions_sr(dc, arg, par);
 }
 
-static void gen_load_store_alignment(DisasContext *dc, int shift,
-TCGv_i32 addr, bool no_hw_alignment)
+static MemOp gen_load_store_alignment(DisasContext *dc, int shift,
+  TCGv_i32 addr, bool no_hw_alignment)
 {
 if (!option_enabled(dc, XTENSA_OPTION_UNALIGNED_EXCEPTION)) {
 tcg_gen_andi_i32(addr, addr, ~0 << shift);
-} else if (option_enabled(dc, XTENSA_OPTION_HW_ALIGNMENT) &&
-no_hw_alignment) {
-TCGLabel *label = gen_new_label();
-TCGv_i32 tmp = tcg_temp_new_i32();
-tcg_gen_andi_i32(tmp, addr, ~(~0 << shift));
-tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, label);
-gen_exception_cause_vaddr(dc, LOAD_STORE_ALIGNMENT_CAUSE, addr);
-gen_set_label(label);
-tcg_temp_free(tmp);
+}
+if (!no_hw_alignment && option_enabled(dc, XTENSA_OPTION_HW_ALIGNMENT)) {
+return MO_UNALN;
+} else {
+return MO_ALIGN;
 }
 }
 
@@ -1784,10 +1770,11 @@ static void translate_l32e(DisasContext *dc, const 
OpcodeArg arg[],
const uint32_t par[])
 {
 TCGv_i32 addr = tcg_temp_new_i32();
+MemOp al;
 
 tcg_gen_addi_i32(addr, arg[1].in, arg[2].imm);
-gen_load_store_alignment(dc, 2, addr, false);
-tcg_gen_qemu_ld_tl(arg[0].out, addr, dc->ring, MO_TEUL);
+al = gen_load_store_alignment(dc, 2, addr, false);
+tcg_gen_qemu_ld_tl(arg[0].out, addr, dc->ring, MO_TEUL | al);
 tcg_temp_free(addr);
 }
 
@@ -1813,11 +1800,12 @@ static void translate_l32ex(DisasContext *dc, const 
OpcodeArg arg[],
 const uint32_t par[])
 {
 TCGv_i32 addr = tcg_temp_new_i32();
+MemOp al;
 
 tcg_gen_mov_i32(addr, arg[1].in);
-gen_load_store_alignment(dc, 2, addr, true);
+al = gen_load_store_alignment(dc, 2, addr, true);
 gen_check_exclusive(dc, addr, false);
-tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->ring, MO_TEUL);
+tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->ring, MO_TEUL | al);
 tcg_gen_mov_i32(cpu_exclusive_addr, addr);
 tcg_gen_mov_i32(cpu_exclusive_val, arg[0].out);
 tc

[PATCH v5 10/23] target/ppc: Move page crossing check to ppc_tr_translate_insn

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

With prefixed instructions, the number of instructions
remaining until the page crossing is no longer constant.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/translate.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index dc0f5fafc2..b1873d2dcc 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -9060,9 +9060,6 @@ static void ppc_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
 
 if (ctx->singlestep_enabled & (CPU_SINGLE_STEP | GDBSTUB_SINGLE_STEP)) {
 ctx->base.max_insns = 1;
-} else {
-int bound = -(ctx->base.pc_first | TARGET_PAGE_MASK) / 4;
-ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
 }
 }
 
@@ -9117,6 +9114,11 @@ static void ppc_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 handler->count++;
 #endif
 
+/* End the TB when crossing a page boundary. */
+if (ctx->base.is_jmp == DISAS_NEXT && !(pc & ~TARGET_PAGE_MASK)) {
+ctx->base.is_jmp = DISAS_TOO_MANY;
+}
+
 translator_loop_temp_check(&ctx->base);
 }
 
-- 
2.25.1




[PATCH v5 08/23] target/ppc: Use translator_loop_temp_check

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

The special logging is unnecessary.  It will have been done
immediately before in the log file.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
Reviewed-by: Bruno Larsen (billionai) 
---
 target/ppc/translate.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index e68152810e..ea200f9637 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -9091,11 +9091,7 @@ static void ppc_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 handler->count++;
 #endif
 
-if (tcg_check_temp_count()) {
-qemu_log("Opcode %02x %02x %02x %02x (%08x) leaked "
- "temporaries\n", opc1(ctx->opcode), opc2(ctx->opcode),
- opc3(ctx->opcode), opc4(ctx->opcode), ctx->opcode);
-}
+translator_loop_temp_check(&ctx->base);
 }
 
 static void ppc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-- 
2.25.1




[PATCH v5 05/23] target/ppc: Move single-step check to ppc_tr_tb_stop

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

When single-stepping, force max_insns to 1 in init_disas
so that we exit the translation loop immediately.

Combine the single-step checks in tb_stop, and give the
gdb exception priority over the cpu exception, just as
we already do in gen_lookup_and_goto_ptr.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/translate.c | 33 +++--
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 80cd11b3f8..05e3c0417a 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -8992,7 +8992,6 @@ static void ppc_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
 DisasContext *ctx = container_of(dcbase, DisasContext, base);
 CPUPPCState *env = cs->env_ptr;
 uint32_t hflags = ctx->base.tb->flags;
-int bound;
 
 ctx->spr_cb = env->spr_cb;
 ctx->pr = (hflags >> HFLAGS_PR) & 1;
@@ -9032,8 +9031,12 @@ static void ppc_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
 ctx->singlestep_enabled |= GDBSTUB_SINGLE_STEP;
 }
 
-bound = -(ctx->base.pc_first | TARGET_PAGE_MASK) / 4;
-ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
+if (ctx->singlestep_enabled & (CPU_SINGLE_STEP | GDBSTUB_SINGLE_STEP)) {
+ctx->base.max_insns = 1;
+} else {
+int bound = -(ctx->base.pc_first | TARGET_PAGE_MASK) / 4;
+ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
+}
 }
 
 static void ppc_tr_tb_start(DisasContextBase *db, CPUState *cs)
@@ -9087,14 +9090,6 @@ static void ppc_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 handler->count++;
 #endif
 
-/* Check trace mode exceptions */
-if (unlikely(ctx->singlestep_enabled & CPU_SINGLE_STEP &&
- (ctx->base.pc_next <= 0x100 || ctx->base.pc_next > 0xF00) &&
- ctx->base.is_jmp != DISAS_NORETURN)) {
-uint32_t excp = gen_prep_dbgex(ctx);
-gen_exception_nip(ctx, excp, ctx->base.pc_next);
-}
-
 if (tcg_check_temp_count()) {
 qemu_log("Opcode %02x %02x %02x %02x (%08x) leaked "
  "temporaries\n", opc1(ctx->opcode), opc2(ctx->opcode),
@@ -9107,6 +9102,7 @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, 
CPUState *cs)
 DisasContext *ctx = container_of(dcbase, DisasContext, base);
 DisasJumpType is_jmp = ctx->base.is_jmp;
 target_ulong nip = ctx->base.pc_next;
+int sse;
 
 if (is_jmp == DISAS_NORETURN) {
 /* We have already exited the TB. */
@@ -9114,7 +9110,8 @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, 
CPUState *cs)
 }
 
 /* Honor single stepping. */
-if (unlikely(ctx->base.singlestep_enabled)) {
+sse = ctx->singlestep_enabled & (CPU_SINGLE_STEP | GDBSTUB_SINGLE_STEP);
+if (unlikely(sse)) {
 switch (is_jmp) {
 case DISAS_TOO_MANY:
 case DISAS_EXIT_UPDATE:
@@ -9127,8 +9124,16 @@ static void ppc_tr_tb_stop(DisasContextBase *dcbase, 
CPUState *cs)
 default:
 g_assert_not_reached();
 }
-gen_debug_exception(ctx);
-return;
+
+if (sse & GDBSTUB_SINGLE_STEP) {
+gen_debug_exception(ctx);
+return;
+}
+/* else CPU_SINGLE_STEP... */
+if (nip <= 0x100 || nip > 0xf00) {
+gen_exception(ctx, gen_prep_dbgex(ctx));
+return;
+}
 }
 
 switch (is_jmp) {
-- 
2.25.1




[PATCH v5 07/23] target/ppc: Mark helper_raise_exception* as noreturn

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/helper.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 513066d54d..ea9f2a236c 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -1,5 +1,5 @@
-DEF_HELPER_FLAGS_3(raise_exception_err, TCG_CALL_NO_WG, void, env, i32, i32)
-DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_3(raise_exception_err, TCG_CALL_NO_WG, noreturn, env, i32, 
i32)
+DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_WG, noreturn, env, i32)
 DEF_HELPER_FLAGS_4(tw, TCG_CALL_NO_WG, void, env, tl, tl, i32)
 #if defined(TARGET_PPC64)
 DEF_HELPER_FLAGS_4(td, TCG_CALL_NO_WG, void, env, tl, tl, i32)
-- 
2.25.1




[PATCH v5 06/23] target/ppc: Tidy exception vs exit_tb

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

We do not need to emit an exit_tb after an exception,
as the latter will exit via longjmp.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/translate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 05e3c0417a..e68152810e 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -4648,8 +4648,9 @@ static void gen_lookup_and_goto_ptr(DisasContext *ctx)
 } else if (sse & (CPU_SINGLE_STEP | CPU_BRANCH_STEP)) {
 uint32_t excp = gen_prep_dbgex(ctx);
 gen_exception(ctx, excp);
+} else {
+tcg_gen_exit_tb(NULL, 0);
 }
-tcg_gen_exit_tb(NULL, 0);
 } else {
 tcg_gen_lookup_and_goto_ptr();
 }
-- 
2.25.1




[PATCH v5 02/23] target/ppc: Replace POWERPC_EXCP_STOP with DISAS_EXIT_UPDATE

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

Remove the synthetic "exception" after no more uses.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 linux-user/ppc/cpu_loop.c |  3 ---
 target/ppc/cpu.h  |  1 -
 target/ppc/translate.c| 24 +++-
 3 files changed, 7 insertions(+), 21 deletions(-)

diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c
index 4a0f6c8dc2..fe526693d2 100644
--- a/linux-user/ppc/cpu_loop.c
+++ b/linux-user/ppc/cpu_loop.c
@@ -423,9 +423,6 @@ void cpu_loop(CPUPPCState *env)
 cpu_abort(cs, "Maintenance exception while in user mode. "
   "Aborting\n");
 break;
-case POWERPC_EXCP_STOP: /* stop translation  */
-/* We did invalidate the instruction cache. Go on */
-break;
 case POWERPC_EXCP_BRANCH:   /* branch instruction:   */
 /* We just stopped because of a branch. Go on */
 break;
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 99ee1e09b2..9e38df685d 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -132,7 +132,6 @@ enum {
 /* EOL   */
 POWERPC_EXCP_NB   = 103,
 /* QEMU exceptions: used internally during code translation  */
-POWERPC_EXCP_STOP = 0x200, /* stop translation   */
 POWERPC_EXCP_BRANCH   = 0x201, /* branch instruction */
 /* QEMU exceptions: special cases we want to stop translation*/
 POWERPC_EXCP_SYSCALL_USER = 0x203, /* System call in user mode only  */
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 060ef83bc0..f57b67be5f 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -369,13 +369,6 @@ static inline void gen_hvpriv_exception(DisasContext *ctx, 
uint32_t error)
 gen_exception_err(ctx, POWERPC_EXCP_HV_EMU, POWERPC_EXCP_PRIV | error);
 }
 
-/* Stop translation */
-static inline void gen_stop_exception(DisasContext *ctx)
-{
-gen_update_nip(ctx, ctx->base.pc_next);
-ctx->exception = POWERPC_EXCP_STOP;
-}
-
 /*/
 /* SPR READ/WRITE CALLBACKS */
 
@@ -829,7 +822,7 @@ void spr_write_hid0_601(DisasContext *ctx, int sprn, int 
gprn)
 {
 gen_helper_store_hid0_601(cpu_env, cpu_gpr[gprn]);
 /* Must stop the translation as endianness may have changed */
-gen_stop_exception(ctx);
+ctx->base.is_jmp = DISAS_EXIT_UPDATE;
 }
 #endif
 
@@ -877,7 +870,7 @@ void spr_write_40x_dbcr0(DisasContext *ctx, int sprn, int 
gprn)
 gen_store_spr(sprn, cpu_gpr[gprn]);
 gen_helper_store_40x_dbcr0(cpu_env, cpu_gpr[gprn]);
 /* We must stop translation as we may have rebooted */
-gen_stop_exception(ctx);
+ctx->base.is_jmp = DISAS_EXIT_UPDATE;
 }
 
 void spr_write_40x_sler(DisasContext *ctx, int sprn, int gprn)
@@ -4080,7 +4073,7 @@ static void gen_isync(DisasContext *ctx)
 gen_check_tlb_flush(ctx, false);
 }
 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
-gen_stop_exception(ctx);
+ctx->base.is_jmp = DISAS_EXIT_UPDATE;
 }
 
 #define MEMOP_GET_SIZE(x)  (1 << ((x) & MO_SIZE))
@@ -5312,7 +5305,7 @@ static void gen_mtmsrd(DisasContext *ctx)
 gen_helper_store_msr(cpu_env, cpu_gpr[rS(ctx->opcode)]);
 }
 /* Must stop the translation as machine state (may have) changed */
-gen_stop_exception(ctx);
+ctx->base.is_jmp = DISAS_EXIT_UPDATE;
 #endif /* !defined(CONFIG_USER_ONLY) */
 }
 #endif /* defined(TARGET_PPC64) */
@@ -5355,7 +5348,7 @@ static void gen_mtmsr(DisasContext *ctx)
 tcg_temp_free(msr);
 }
 /* Must stop the translation as machine state (may have) changed */
-gen_stop_exception(ctx);
+ctx->base.is_jmp = DISAS_EXIT_UPDATE;
 #endif
 }
 
@@ -7492,7 +7485,7 @@ static void gen_wrtee(DisasContext *ctx)
  * Stop translation to have a chance to raise an exception if we
  * just set msr_ee to 1
  */
-gen_stop_exception(ctx);
+ctx->base.is_jmp = DISAS_EXIT_UPDATE;
 #endif /* defined(CONFIG_USER_ONLY) */
 }
 
@@ -7506,7 +7499,7 @@ static void gen_wrteei(DisasContext *ctx)
 if (ctx->opcode & 0x8000) {
 tcg_gen_ori_tl(cpu_msr, cpu_msr, (1 << MSR_EE));
 /* Stop translation to have a chance to raise an exception */
-gen_stop_exception(ctx);
+ctx->base.is_jmp = DISAS_EXIT_UPDATE;
 } else {
 tcg_gen_andi_tl(cpu_msr, cpu_msr, ~(1 << MSR_EE));
 }
@@ -9128,9 +9121,6 @@ static void ppc_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 case POWERPC_EXCP_BRANCH:
 ctx->base.is_jmp = DISAS_NORETURN;
 break;
-case POWERPC_EXCP_STOP:
-ctx->base.is_jmp = DISAS_EXIT;
-break;
 default:
 /* Every other ctx->exception should have set NORETURN. */
 g_assert_not_reached();

[PATCH v5 03/23] target/ppc: Replace POWERPC_EXCP_BRANCH with DISAS_NORETURN

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

The translation of branch instructions always results in exit from
the TB. Remove the synthetic "exception" after no more uses.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 linux-user/ppc/cpu_loop.c | 3 ---
 target/ppc/cpu.h  | 2 --
 target/ppc/translate.c| 8 ++--
 3 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c
index fe526693d2..fa91ea0eed 100644
--- a/linux-user/ppc/cpu_loop.c
+++ b/linux-user/ppc/cpu_loop.c
@@ -423,9 +423,6 @@ void cpu_loop(CPUPPCState *env)
 cpu_abort(cs, "Maintenance exception while in user mode. "
   "Aborting\n");
 break;
-case POWERPC_EXCP_BRANCH:   /* branch instruction:   */
-/* We just stopped because of a branch. Go on */
-break;
 case POWERPC_EXCP_SYSCALL_USER:
 /* system call in user-mode emulation */
 /* WARNING:
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 9e38df685d..cab33a3680 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -131,8 +131,6 @@ enum {
 POWERPC_EXCP_SYSCALL_VECTORED = 102, /* scv exception 
*/
 /* EOL   */
 POWERPC_EXCP_NB   = 103,
-/* QEMU exceptions: used internally during code translation  */
-POWERPC_EXCP_BRANCH   = 0x201, /* branch instruction */
 /* QEMU exceptions: special cases we want to stop translation*/
 POWERPC_EXCP_SYSCALL_USER = 0x203, /* System call in user mode only  */
 };
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index f57b67be5f..d019454550 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -4692,7 +4692,6 @@ static void gen_b(DisasContext *ctx)
 {
 target_ulong li, target;
 
-ctx->exception = POWERPC_EXCP_BRANCH;
 /* sign extend LI */
 li = LI(ctx->opcode);
 li = (li ^ 0x0200) - 0x0200;
@@ -4706,6 +4705,7 @@ static void gen_b(DisasContext *ctx)
 }
 gen_update_cfar(ctx, ctx->cia);
 gen_goto_tb(ctx, 0, target);
+ctx->base.is_jmp = DISAS_NORETURN;
 }
 
 #define BCOND_IM  0
@@ -4718,7 +4718,6 @@ static void gen_bcond(DisasContext *ctx, int type)
 uint32_t bo = BO(ctx->opcode);
 TCGLabel *l1;
 TCGv target;
-ctx->exception = POWERPC_EXCP_BRANCH;
 
 if (type == BCOND_LR || type == BCOND_CTR || type == BCOND_TAR) {
 target = tcg_temp_local_new();
@@ -4825,6 +4824,7 @@ static void gen_bcond(DisasContext *ctx, int type)
 gen_set_label(l1);
 gen_goto_tb(ctx, 1, ctx->base.pc_next);
 }
+ctx->base.is_jmp = DISAS_NORETURN;
 }
 
 static void gen_bc(DisasContext *ctx)
@@ -9102,7 +9102,6 @@ static void ppc_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 /* Check trace mode exceptions */
 if (unlikely(ctx->singlestep_enabled & CPU_SINGLE_STEP &&
  (ctx->base.pc_next <= 0x100 || ctx->base.pc_next > 0xF00) &&
- ctx->exception != POWERPC_EXCP_BRANCH &&
  ctx->base.is_jmp != DISAS_NORETURN)) {
 uint32_t excp = gen_prep_dbgex(ctx);
 gen_exception_nip(ctx, excp, ctx->base.pc_next);
@@ -9118,9 +9117,6 @@ static void ppc_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 switch (ctx->exception) {
 case POWERPC_EXCP_NONE:
 break;
-case POWERPC_EXCP_BRANCH:
-ctx->base.is_jmp = DISAS_NORETURN;
-break;
 default:
 /* Every other ctx->exception should have set NORETURN. */
 g_assert_not_reached();
-- 
2.25.1




[PATCH v5 04/23] target/ppc: Remove DisasContext.exception

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

Now that we have removed all of the fake exceptions, and all real
exceptions exit via DISAS_NORETURN, we can remove this field.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/translate.c | 30 --
 1 file changed, 4 insertions(+), 26 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index d019454550..80cd11b3f8 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -159,7 +159,6 @@ struct DisasContext {
 DisasContextBase base;
 target_ulong cia;  /* current instruction address */
 uint32_t opcode;
-uint32_t exception;
 /* Routine used to access memory */
 bool pr, hv, dr, le_mode;
 bool lazy_tlb_flush;
@@ -261,15 +260,12 @@ static void gen_exception_err(DisasContext *ctx, uint32_t 
excp, uint32_t error)
  * These are all synchronous exceptions, we set the PC back to the
  * faulting instruction
  */
-if (ctx->exception == POWERPC_EXCP_NONE) {
-gen_update_nip(ctx, ctx->cia);
-}
+gen_update_nip(ctx, ctx->cia);
 t0 = tcg_const_i32(excp);
 t1 = tcg_const_i32(error);
 gen_helper_raise_exception_err(cpu_env, t0, t1);
 tcg_temp_free_i32(t0);
 tcg_temp_free_i32(t1);
-ctx->exception = excp;
 ctx->base.is_jmp = DISAS_NORETURN;
 }
 
@@ -281,13 +277,10 @@ static void gen_exception(DisasContext *ctx, uint32_t 
excp)
  * These are all synchronous exceptions, we set the PC back to the
  * faulting instruction
  */
-if (ctx->exception == POWERPC_EXCP_NONE) {
-gen_update_nip(ctx, ctx->cia);
-}
+gen_update_nip(ctx, ctx->cia);
 t0 = tcg_const_i32(excp);
 gen_helper_raise_exception(cpu_env, t0);
 tcg_temp_free_i32(t0);
-ctx->exception = excp;
 ctx->base.is_jmp = DISAS_NORETURN;
 }
 
@@ -300,7 +293,6 @@ static void gen_exception_nip(DisasContext *ctx, uint32_t 
excp,
 t0 = tcg_const_i32(excp);
 gen_helper_raise_exception(cpu_env, t0);
 tcg_temp_free_i32(t0);
-ctx->exception = excp;
 ctx->base.is_jmp = DISAS_NORETURN;
 }
 
@@ -4993,13 +4985,10 @@ static void gen_scv(DisasContext *ctx)
 uint32_t lev = (ctx->opcode >> 5) & 0x7F;
 
 /* Set the PC back to the faulting instruction. */
-if (ctx->exception == POWERPC_EXCP_NONE) {
-gen_update_nip(ctx, ctx->cia);
-}
+gen_update_nip(ctx, ctx->cia);
 gen_helper_scv(cpu_env, tcg_constant_i32(lev));
 
-/* This need not be exact, just not POWERPC_EXCP_NONE */
-ctx->exception = POWERPC_SYSCALL_VECTORED;
+ctx->base.is_jmp = DISAS_NORETURN;
 }
 #endif
 #endif
@@ -9005,7 +8994,6 @@ static void ppc_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
 uint32_t hflags = ctx->base.tb->flags;
 int bound;
 
-ctx->exception = POWERPC_EXCP_NONE;
 ctx->spr_cb = env->spr_cb;
 ctx->pr = (hflags >> HFLAGS_PR) & 1;
 ctx->mem_idx = (hflags >> HFLAGS_DMMU_IDX) & 7;
@@ -9112,16 +9100,6 @@ static void ppc_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
  "temporaries\n", opc1(ctx->opcode), opc2(ctx->opcode),
  opc3(ctx->opcode), opc4(ctx->opcode), ctx->opcode);
 }
-
-if (ctx->base.is_jmp == DISAS_NEXT) {
-switch (ctx->exception) {
-case POWERPC_EXCP_NONE:
-break;
-default:
-/* Every other ctx->exception should have set NORETURN. */
-g_assert_not_reached();
-}
-}
 }
 
 static void ppc_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
-- 
2.25.1




Re: [PATCH v4 0/9] hw/block/fdc: Allow Kconfig-selecting ISA bus/SysBus floppy controllers

2021-05-17 Thread Philippe Mathieu-Daudé
On 5/17/21 9:19 PM, John Snow wrote:
> On 5/17/21 2:39 PM, Philippe Mathieu-Daudé wrote:
>> Missing review: #1
>>
>> Hi,
>>
>> The floppy disc controllers pulls in irrelevant devices (sysbus in
>> an ISA-only machine, ISA bus + isa devices on a sysbus-only machine).
>>
>> This series clean that by extracting each device in its own file,
>> adding the corresponding Kconfig symbols: FDC_ISA and FDC_SYSBUS.
>>
>> Since v3:
>> - Fix ISA_SUPERIO -> FDC Kconfig dependency (jsnow)
>>
>> Since v2:
>> - rebased
>>
>> Since v1:
>> - added missing "hw/block/block.h" header (jsnow)
>> - inlined hardware specific calls (Mark)
>> - added R-b/A-b tags
>>
>> Regards,
>>
>> Phil.
>>
>> Philippe Mathieu-Daudé (9):
>>    hw/isa/Kconfig: Fix missing dependency ISA_SUPERIO -> FDC
>>    hw/block/fdc: Replace disabled fprintf() by trace event
>>    hw/block/fdc: Declare shared prototypes in fdc-internal.h
>>    hw/block/fdc: Extract ISA floppy controllers to fdc-isa.c
>>    hw/block/fdc: Extract SysBus floppy controllers to fdc-sysbus.c
>>    hw/block/fdc: Add sysbus_fdc_init_drives() method
>>    hw/sparc/sun4m: Inline sun4m_fdctrl_init()
>>    hw/block/fdc-sysbus: Add 'dma-channel' property
>>    hw/mips/jazz: Inline fdctrl_init_sysbus()
>>
>>   hw/block/fdc-internal.h | 156 +++
>>   include/hw/block/fdc.h  |   7 +-
>>   hw/block/fdc-isa.c  | 313 +
>>   hw/block/fdc-sysbus.c   | 224 +++
>>   hw/block/fdc.c  | 608 +---
>>   hw/mips/jazz.c  |  16 ++
>>   hw/sparc/sun4m.c    |  16 ++
>>   MAINTAINERS |   3 +
>>   hw/block/Kconfig    |   8 +
>>   hw/block/meson.build    |   2 +
>>   hw/block/trace-events   |   3 +
>>   hw/i386/Kconfig |   2 +-
>>   hw/isa/Kconfig  |   7 +-
>>   hw/mips/Kconfig |   2 +-
>>   hw/sparc/Kconfig    |   2 +-
>>   hw/sparc64/Kconfig  |   2 +-
>>   16 files changed, 759 insertions(+), 612 deletions(-)
>>   create mode 100644 hw/block/fdc-internal.h
>>   create mode 100644 hw/block/fdc-isa.c
>>   create mode 100644 hw/block/fdc-sysbus.c
>>
> 
> Hi, tentatively staged:
> 
> https://gitlab.com/jsnow/qemu/-/commits/floppy/
> 
> pending CI:
> 
> https://gitlab.com/jsnow/qemu/-/pipelines/304308461

Not good enough:

qemu-system-sparc: ../hw/block/fdc.c:2356: fdctrl_realize_common:
Assertion `fdctrl->dma' failed.

Forget about it for your next pull request.




[PATCH v5 01/23] target/ppc: Introduce gen_icount_io_start

2021-05-17 Thread matheus . ferst
From: Richard Henderson 

Create a function to handle the details for interacting with icount.

Force the exit from the tb via DISAS_TOO_MANY, which allows chaining
to the next tb, where the code emitted for gen_tb_start() will
determine if we must exit.  We can thus remove any matching
conditional call to gen_stop_exception.

Signed-off-by: Richard Henderson 
Signed-off-by: Matheus Ferst 
---
 target/ppc/translate.c | 174 +
 1 file changed, 39 insertions(+), 135 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index d51a1913a7..060ef83bc0 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -304,6 +304,20 @@ static void gen_exception_nip(DisasContext *ctx, uint32_t 
excp,
 ctx->base.is_jmp = DISAS_NORETURN;
 }
 
+static void gen_icount_io_start(DisasContext *ctx)
+{
+if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
+gen_io_start();
+/*
+ * An I/O instruction must be last in the TB.
+ * Chain to the next TB, and let the code from gen_tb_start
+ * decide if we need to return to the main loop.
+ * Doing this first also allows this value to be overridden.
+ */
+ctx->base.is_jmp = DISAS_TOO_MANY;
+}
+}
+
 /*
  * Tells the caller what is the appropriate exception to generate and prepares
  * SPR registers for this exception.
@@ -540,24 +554,14 @@ void spr_write_ureg(DisasContext *ctx, int sprn, int gprn)
 #if !defined(CONFIG_USER_ONLY)
 void spr_read_decr(DisasContext *ctx, int gprn, int sprn)
 {
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_io_start();
-}
+gen_icount_io_start(ctx);
 gen_helper_load_decr(cpu_gpr[gprn], cpu_env);
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_stop_exception(ctx);
-}
 }
 
 void spr_write_decr(DisasContext *ctx, int sprn, int gprn)
 {
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_io_start();
-}
+gen_icount_io_start(ctx);
 gen_helper_store_decr(cpu_env, cpu_gpr[gprn]);
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_stop_exception(ctx);
-}
 }
 #endif
 
@@ -565,24 +569,14 @@ void spr_write_decr(DisasContext *ctx, int sprn, int gprn)
 /* Time base */
 void spr_read_tbl(DisasContext *ctx, int gprn, int sprn)
 {
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_io_start();
-}
+gen_icount_io_start(ctx);
 gen_helper_load_tbl(cpu_gpr[gprn], cpu_env);
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_stop_exception(ctx);
-}
 }
 
 void spr_read_tbu(DisasContext *ctx, int gprn, int sprn)
 {
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_io_start();
-}
+gen_icount_io_start(ctx);
 gen_helper_load_tbu(cpu_gpr[gprn], cpu_env);
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_stop_exception(ctx);
-}
 }
 
 void spr_read_atbl(DisasContext *ctx, int gprn, int sprn)
@@ -598,24 +592,14 @@ void spr_read_atbu(DisasContext *ctx, int gprn, int sprn)
 #if !defined(CONFIG_USER_ONLY)
 void spr_write_tbl(DisasContext *ctx, int sprn, int gprn)
 {
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_io_start();
-}
+gen_icount_io_start(ctx);
 gen_helper_store_tbl(cpu_env, cpu_gpr[gprn]);
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_stop_exception(ctx);
-}
 }
 
 void spr_write_tbu(DisasContext *ctx, int sprn, int gprn)
 {
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_io_start();
-}
+gen_icount_io_start(ctx);
 gen_helper_store_tbu(cpu_env, cpu_gpr[gprn]);
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_stop_exception(ctx);
-}
 }
 
 void spr_write_atbl(DisasContext *ctx, int sprn, int gprn)
@@ -631,80 +615,45 @@ void spr_write_atbu(DisasContext *ctx, int sprn, int gprn)
 #if defined(TARGET_PPC64)
 void spr_read_purr(DisasContext *ctx, int gprn, int sprn)
 {
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_io_start();
-}
+gen_icount_io_start(ctx);
 gen_helper_load_purr(cpu_gpr[gprn], cpu_env);
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_stop_exception(ctx);
-}
 }
 
 void spr_write_purr(DisasContext *ctx, int sprn, int gprn)
 {
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_io_start();
-}
+gen_icount_io_start(ctx);
 gen_helper_store_purr(cpu_env, cpu_gpr[gprn]);
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_stop_exception(ctx);
-}
 }
 
 /* HDECR */
 void spr_read_hdecr(DisasContext *ctx, int gprn, int sprn)
 {
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_io_start();
-}
+gen_icount_io_start(ctx);
 gen_helper_load_hdecr(cpu_gpr[gprn], cpu_env);
-if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
-gen_stop_exception(ctx);
-}
 }
 
 void spr_write_hdecr(DisasContext *ctx, int sprn, int gprn)
 {
-if (tb_cflags(ctx->base.tb) 

[PATCH v5 00/23] Base for adding PowerPC 64-bit instructions

2021-05-17 Thread matheus . ferst
From: Matheus Ferst 

This series provides the basic infrastructure for adding the new 32/64-bit
instructions in Power ISA 3.1 to target/ppc.

v5:
- Rebase on ppc-for-6.1;
- Change copyright line from new files;
- Remove argument set from PNOP;
- Add comments to explain helper_cfuged implementation;
- New REQUIRE_ALTIVEC macro;
- REQUIRE_ALTIVEC and REQUIRE_INSNS_FLAGS2 in trans_CFUGED;
- cmp/cmpi/cmpl/cmpli moved to decodetree.

v4:
- Rebase on ppc-for-6.1;
- Fold do_ldst_D and do_ldst_X;
- Add tcg_const_tl, used to share do_ldst_D and do_ldst_X code;
- Unfold prefixed and non-prefixed loads/stores/addi to let non-prefixed insns 
use the non-prefixed formats;
- PNOP invalid suffixes;
- setbc/setbcr/stnbc/setnbcr implemented;
- cfuged/vcfuged implemented;
- addpcis moved to decodetree.

v3:
- More changes for decodetree.
- Cleanup exception/is_jmp logic to the point exception is removed.
- Fold in Luis' isa check for prefixed insn support.
- Share trans_* between prefixed and non-prefixed instructions.
- Use macros to minimize the trans_* boilerplate.
- Fix decode mistake for STHX/STHXU.

v2:
- Store current pc in ctx instead of insn_size
- Use separate decode files for 32- and 64-bit instructions
- Improvements to the exception/is_jmp logic
- Use translator_loop_temp_check()
- Moved logic to prevent translation from crossing page boundaries
- Additional instructions using decodetree: addis, pnop, loads/stores
- Added check for prefixed insn support in cpu flags

Matheus Ferst (6):
  TCG: add tcg_constant_tl
  target/ppc: Implement setbc/setbcr/stnbc/setnbcr instructions
  target/ppc: Implement cfuged instruction
  target/ppc: Implement vcfuged instruction
  target/ppc: Move addpcis to decodetree
  target/ppc: Move cmp/cmpi/cmpl/cmpli to decodetree

Richard Henderson (17):
  target/ppc: Introduce gen_icount_io_start
  target/ppc: Replace POWERPC_EXCP_STOP with DISAS_EXIT_UPDATE
  target/ppc: Replace POWERPC_EXCP_BRANCH with DISAS_NORETURN
  target/ppc: Remove DisasContext.exception
  target/ppc: Move single-step check to ppc_tr_tb_stop
  target/ppc: Tidy exception vs exit_tb
  target/ppc: Mark helper_raise_exception* as noreturn
  target/ppc: Use translator_loop_temp_check
  target/ppc: Introduce macros to check isa extensions
  target/ppc: Move page crossing check to ppc_tr_translate_insn
  target/ppc: Add infrastructure for prefixed insns
  target/ppc: Move ADDI, ADDIS to decodetree, implement PADDI
  target/ppc: Implement PNOP
  target/ppc: Move D/DS/X-form integer loads to decodetree
  target/ppc: Implement prefixed integer load instructions
  target/ppc: Move D/DS/X-form integer stores to decodetree
  target/ppc: Implement prefixed integer store instructions

 include/tcg/tcg-op.h   |   2 +
 linux-user/ppc/cpu_loop.c  |   6 -
 target/ppc/cpu.h   |   4 +-
 target/ppc/helper.h|   5 +-
 target/ppc/insn32.decode   | 126 
 target/ppc/insn64.decode   | 124 
 target/ppc/int_helper.c|  62 ++
 target/ppc/meson.build |   9 +
 target/ppc/translate.c | 659 +
 target/ppc/translate/fixedpoint-impl.c.inc | 279 +
 target/ppc/translate/vector-impl.c.inc |  56 ++
 11 files changed, 820 insertions(+), 512 deletions(-)
 create mode 100644 target/ppc/insn32.decode
 create mode 100644 target/ppc/insn64.decode
 create mode 100644 target/ppc/translate/fixedpoint-impl.c.inc
 create mode 100644 target/ppc/translate/vector-impl.c.inc

-- 
2.25.1




RE: [RFC PATCH v3 4/9] hw/arm/virt: Initialize the present cpu members

2021-05-17 Thread Salil Mehta
> From: Qemu-arm [mailto:qemu-arm-bounces+salil.mehta=huawei@nongnu.org]
> On Behalf Of Yanan Wang
> Sent: Sunday, May 16, 2021 11:29 AM
> To: Peter Maydell ; Andrew Jones
> ; Michael S . Tsirkin ; Igor Mammedov
> ; Shannon Zhao ; Alistair
> Francis ; David Gibson
> ; qemu-devel@nongnu.org; qemu-...@nongnu.org
> Cc: Song Bao Hua (Barry Song) ; zhukeqian
> ; yangyicong ; Zengtao (B)
> ; Wanghaibin (D) ;
> yuzenghui ; Paolo Bonzini ;
> Philippe Mathieu-Daudé 
> Subject: [RFC PATCH v3 4/9] hw/arm/virt: Initialize the present cpu members
> 
> We create and initialize a cpuobj for each present cpu in
> machvirt_init(). Now we also initialize the cpu member of
> structure CPUArchId for each present cpu in the function.

[...]

>  qdev_realize(DEVICE(cpuobj), NULL, &error_fatal);
> +
> +/*
> + * As ARM cpu hotplug is not supported yet, we initialize
> + * the present cpu members here.
> + */
> +machine->possible_cpus->cpus[n].cpu = cpuobj;


when vcpu Hotplug is not supported yet, what necessitates this change now?





Re: [PATCH V6 6/6] net/net.c: Add handler for COLO passthrough connection

2021-05-17 Thread Lukas Straub
On Tue, 20 Apr 2021 23:15:37 +0800
Zhang Chen  wrote:

> Use connection protocol,src port,dst port,src ip,dst ip as the key
> to bypass certain network traffic in COLO compare.
> 
> Signed-off-by: Zhang Chen 
> ---
>  net/net.c | 160 +-
>  1 file changed, 158 insertions(+), 2 deletions(-)
> 
> diff --git a/net/net.c b/net/net.c
> index 2a6e5f3886..9b0de0f332 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -56,6 +56,8 @@
>  #include "sysemu/sysemu.h"
>  #include "net/filter.h"
>  #include "qapi/string-output-visitor.h"
> +#include "net/colo-compare.h"
> +#include "qom/object_interfaces.h"
>  
>  /* Net bridge is currently not supported for W32. */
>  #if !defined(_WIN32)
> @@ -1196,14 +1198,168 @@ void qmp_netdev_del(const char *id, Error **errp)
>  }
>  }
>  
> +static CompareState *colo_passthrough_check(IPFlowSpec *spec, Error **errp)
> +{
> +Object *container;
> +Object *obj;
> +CompareState *s;
> +
> +if (!spec->object_name) {
> +error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "object-name",
> +   "Need input colo-compare object name");
> +return NULL;
> +}
> +
> +container = object_get_objects_root();
> +obj = object_resolve_path_component(container, spec->object_name);
> +if (!obj) {
> +error_setg(errp, "colo-compare '%s' not found", spec->object_name);
> +return NULL;
> +}
> +
> +s = COLO_COMPARE(obj);
> +
> +if (!getprotobyname(spec->protocol)) {
> +error_setg(errp, "COLO pass through get wrong protocol");
> +return NULL;
> +}
> +
> +if ((spec->source->host && !qemu_isdigit(spec->source->host[0])) ||
> +(spec->destination->host &&
> +!qemu_isdigit(spec->destination->host[0]))) {
> +error_setg(errp, "COLO pass through get wrong IP");
> +return NULL;
> +}
> +
> +if (atoi(spec->source->port) > 65536 || atoi(spec->source->port) < 0 ||
> +atoi(spec->destination->port) > 65536 ||
> +atoi(spec->destination->port) < 0) {
> +error_setg(errp, "COLO pass through get wrong port");
> +return NULL;
> +}
> +
> +return s;
> +}
> +
> +static void compare_passthrough_add(CompareState *s,
> +IPFlowSpec *spec,
> +Error **errp)
> +{
> +COLOPassthroughEntry *pass = NULL, *next = NULL, *origin = NULL;
> +
> +pass = g_new0(COLOPassthroughEntry, 1);
> +
> +pass->l4_protocol = getprotobyname(spec->protocol);
> +pass->src_port = atoi(spec->source->port);
> +pass->dst_port = atoi(spec->destination->port);
> +
> +if (!inet_aton(spec->source->host, &pass->src_ip)) {
> +pass->src_ip.s_addr = 0;
> +}
> +
> +if (!inet_aton(spec->destination->host, &pass->dst_ip)) {
> +pass->dst_ip.s_addr = 0;
> +}
> +
> +qemu_mutex_lock(&s->passthroughlist_mutex);
> +if (!QLIST_EMPTY(&s->passthroughlist)) {
> +QLIST_FOREACH_SAFE(origin, &s->passthroughlist, node, next) {
> +if ((pass->l4_protocol->p_proto == origin->l4_protocol->p_proto) 
> &&
> +(pass->src_port == origin->src_port) &&
> +(pass->dst_port == origin->dst_port) &&
> +(pass->src_ip.s_addr == origin->src_ip.s_addr) &&
> +(pass->dst_ip.s_addr == origin->dst_ip.s_addr)) {
> +error_setg(errp, "The pass through connection already 
> exists");
> +g_free(pass);
> +qemu_mutex_unlock(&s->passthroughlist_mutex);
> +return;
> +}
> +}
> +}

I think this searching for a existing passthrough rule should move into
a function. The function can then be used in compare_passthrough_del
too.

> +QLIST_INSERT_HEAD(&s->passthroughlist, pass, node);
> +qemu_mutex_unlock(&s->passthroughlist_mutex);
> +}
> +
> +static void compare_passthrough_del(CompareState *s,
> +IPFlowSpec *spec,
> +Error **errp)
> +{
> +COLOPassthroughEntry *pass = NULL, *next = NULL, *origin = NULL;
> +
> +pass = g_new0(COLOPassthroughEntry, 1);
> +
> +pass->l4_protocol = getprotobyname(spec->protocol);
> +pass->src_port = atoi(spec->source->port);
> +pass->dst_port = atoi(spec->destination->port);
> +
> +if (!inet_aton(spec->source->host, &pass->src_ip)) {
> +pass->src_ip.s_addr = 0;
> +}
> +
> +if (!inet_aton(spec->destination->host, &pass->dst_ip)) {
> +pass->dst_ip.s_addr = 0;
> +}
> +
> +qemu_mutex_lock(&s->passthroughlist_mutex);
> +if (!QLIST_EMPTY(&s->passthroughlist)) {
> +QLIST_FOREACH_SAFE(origin, &s->passthroughlist, node, next) {
> +if ((pass->l4_protocol->p_proto == origin->l4_protocol->p_proto) 
> &&
> +(pass->src_port == origin->src_port) &&
> +(pass->dst_port == origin->dst_port) &&
> + 

Re: [PATCH V6 1/6] qapi/net: Add IPFlowSpec and QMP command for COLO passthrough

2021-05-17 Thread Lukas Straub
On Tue, 20 Apr 2021 23:15:32 +0800
Zhang Chen  wrote:

> Since the real user scenario does not need COLO to monitor all traffic.
> Add colo-passthrough-add and colo-passthrough-del to maintain
> a COLO network passthrough list. Add IPFlowSpec struct for all QMP commands.
> Except protocol field is necessary, other fields are optional.
> 
> Signed-off-by: Zhang Chen 
> ---
>  net/net.c | 10 
>  qapi/net.json | 68 +++
>  2 files changed, 78 insertions(+)
> 
> diff --git a/net/net.c b/net/net.c
> index edf9b95418..2a6e5f3886 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -1196,6 +1196,16 @@ void qmp_netdev_del(const char *id, Error **errp)
>  }
>  }
>  
> +void qmp_colo_passthrough_add(IPFlowSpec *spec, Error **errp)
> +{
> +/* TODO implement setup passthrough rule */
> +}
> +
> +void qmp_colo_passthrough_del(IPFlowSpec *spec, Error **errp)
> +{
> +/* TODO implement delete passthrough rule */
> +}
> +
>  static void netfilter_print_info(Monitor *mon, NetFilterState *nf)
>  {
>  char *str;
> diff --git a/qapi/net.json b/qapi/net.json
> index af3f5b0fda..f6e4e37526 100644
> --- a/qapi/net.json
> +++ b/qapi/net.json
> @@ -7,6 +7,7 @@
>  ##
>  
>  { 'include': 'common.json' }
> +{ 'include': 'sockets.json' }
>  
>  ##
>  # @set_link:
> @@ -694,3 +695,70 @@
>  ##
>  { 'event': 'FAILOVER_NEGOTIATED',
>'data': {'device-id': 'str'} }
> +
> +##
> +# @IPFlowSpec:

I think something like "@IPFilterRule" is clearer.

> +# IP flow specification.

"IP filter rule specification"

> +# @protocol: Transport layer protocol like TCP/UDP...
> +#
> +# @object-name: Point out the IPflow spec effective range of object,
> +#   If there is no such part, it means global spec.

I think IPFlowSpec should be kept generic, so object-name should not be
part of it. It should move directly to 'colo-passthrough-add' and
'colo-passthrough-del'.

Also please use clearer wording. Proposal:
"@object-name: The id of the colo-compare object to add the filter to."

Again, if other net filters support the new feature in the future, the
wording can always be changed later.

> +# @source: Source address and port.
> +#
> +# @destination: Destination address and port.
> +#
> +# Since: 6.1
> +##
> +{ 'struct': 'IPFlowSpec',
> +  'data': { 'protocol': 'str', '*object-name': 'str',
> +'*source': 'InetSocketAddressBase',
> +'*destination': 'InetSocketAddressBase' } }

I think 'protocol' should be made optional too.

> +##
> +# @colo-passthrough-add:
> +#
> +# Add passthrough entry according to user's needs in COLO-compare.
> +# Source IP/port and destination IP/port both optional, If user just
> +# input parts of infotmation, it will match all.
> +#
> +# Returns: Nothing on success
> +#
> +# Since: 6.1
> +#
> +# Example:
> +#
> +# -> { "execute": "colo-passthrough-add",
> +#  "arguments": { "protocol": "tcp", "object-name": "object0",
> +#  "source": {"host": "192.168.1.1", "port": "1234"},
> +#  "destination": {"host": "192.168.1.2", "port": "4321"} } }
> +# <- { "return": {} }
> +#
> +##
> +{ 'command': 'colo-passthrough-add', 'boxed': true,
> + 'data': 'IPFlowSpec' }
> +
> +##
> +# @colo-passthrough-del:
> +#
> +# Delete passthrough entry according to user's needs in COLO-compare.
> +# Source IP/port and destination IP/port both optional, If user just
> +# input parts of infotmation, it will match all.
> +#
> +# Returns: Nothing on success
> +#
> +# Since: 6.1
> +#
> +# Example:
> +#
> +# -> { "execute": "colo-passthrough-del",
> +#  "arguments": { "protocol": "tcp", "object-name": "object0",
> +#  "source": {"host": "192.168.1.1", "port": "1234"},
> +#  "destination": {"host": "192.168.1.2", "port": "4321"} } }
> +# <- { "return": {} }
> +#
> +##
> +{ 'command': 'colo-passthrough-del', 'boxed': true,
> + 'data': 'IPFlowSpec' }



-- 



pgpXjvC7nZWQX.pgp
Description: OpenPGP digital signature


Re: [PATCH v4 2/2] target/i386: Correct implementation for FCS, FIP, FDS and FDP

2021-05-17 Thread Eduardo Habkost
Hi,

Thanks for the patch, and apologies for not reviewing earlier
versions.

On Fri, May 07, 2021 at 04:00:58PM +0800, Ziqiao Kong wrote:
> Changes since v3:
>  - Split the long patches to series to make review easier.
>  - Fix the coding style problems in v3.
> 
> Changes since v2:
>  - Change the sequence of fpcs, fpds, fpip and fpdp in CPUX86State.
>  - Use stl instead of stw in do_fstenv.
>  - Move variables to floats instruction case block.
>  - Move last accessed memory operand to a temp variable to avoid another load.
>  - Move segment selectors instead of segment base to fpcs and fpds.
>  - Fix some code stype problems for the original code in floats case block.

On the next versions, please include the changelog after a "---"
line, so it won't be included in the final commit.

In addition to the changelog, the actual commit message (the text
above "---") needs to include an explanation for the change.  If
you are fixing a bug, please explain what's the bug you are
fixing.


> 
> Signed-off-by: Ziqiao Kong 
> ---
>  target/i386/cpu.h|  4 +++
>  target/i386/tcg/fpu_helper.c | 48 ++--
>  target/i386/tcg/translate.c  | 45 -
>  3 files changed, 77 insertions(+), 20 deletions(-)
> 
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index 570f916878..241945320b 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -705,6 +705,8 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
>  #define CPUID_7_0_EBX_INVPCID   (1U << 10)
>  /* Restricted Transactional Memory */
>  #define CPUID_7_0_EBX_RTM   (1U << 11)
> +/* Deprecates FPU CS and FPU DS values */
> +#define CPUID_7_0_EBX_FCS_FDS   (1U << 13)
>  /* Memory Protection Extension */
>  #define CPUID_7_0_EBX_MPX   (1U << 14)
>  /* AVX-512 Foundation */
> @@ -1440,6 +1442,8 @@ typedef struct CPUX86State {
>  FPReg fpregs[8];
>  /* KVM-only so far */
>  uint16_t fpop;
> +uint16_t fpcs;
> +uint16_t fpds;
>  uint64_t fpip;
>  uint64_t fpdp;
>  
> diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c
> index 60ed93520a..f1a8717ed8 100644
> --- a/target/i386/tcg/fpu_helper.c
> +++ b/target/i386/tcg/fpu_helper.c
> @@ -766,6 +766,10 @@ void helper_fninit(CPUX86State *env)
>  {
>  env->fpus = 0;
>  env->fpstt = 0;
> +env->fpcs = 0;
> +env->fpip = 0;
> +env->fpds = 0;
> +env->fpdp = 0;
>  cpu_set_fpuc(env, 0x37f);
>  env->fptags[0] = 1;
>  env->fptags[1] = 1;
> @@ -2368,6 +2372,7 @@ static void do_fstenv(CPUX86State *env, target_ulong 
> ptr, int data32,
>  {
>  int fpus, fptag, exp, i;
>  uint64_t mant;
> +uint16_t fpcs, fpds;
>  CPU_LDoubleU tmp;
>  
>  fpus = (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11;
> @@ -2390,24 +2395,39 @@ static void do_fstenv(CPUX86State *env, target_ulong 
> ptr, int data32,
>  }
>  }
>  }
> +
> +/*
> + * If CR0.PE = 1, each instruction saves FCS and FDS into memory. If
> + * CPUID.(EAX=07H,ECX=0H):EBX[bit 13] = 1, the processor deprecates
> + * FCS and FDS; it saves each as H.
> + */
> +if (!(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_FCS_FDS)
> +&& (env->cr[0] & CR0_PE_MASK)) {
> +fpcs = env->fpcs;
> +fpds = env->fpds;


If you want to start supporting this feature flag, I suggest
moving this to a separate patch.  The description of this patch
seems to imply it is just a bug fix, not the implementation of a
new feature flag.

When adding support for a new feature flag in TCG code, you need
to extend TCG_*_FEATURES in target/i386/cpu.c, otherwise the
feature flag will never be enabled by the CPU configuration code.


> +} else {
> +fpcs = 0;
> +fpds = 0;
> +}
> +
>  if (data32) {
>  /* 32 bit */
>  cpu_stl_data_ra(env, ptr, env->fpuc, retaddr);
>  cpu_stl_data_ra(env, ptr + 4, fpus, retaddr);
>  cpu_stl_data_ra(env, ptr + 8, fptag, retaddr);
> -cpu_stl_data_ra(env, ptr + 12, 0, retaddr); /* fpip */
> -cpu_stl_data_ra(env, ptr + 16, 0, retaddr); /* fpcs */
> -cpu_stl_data_ra(env, ptr + 20, 0, retaddr); /* fpoo */
> -cpu_stl_data_ra(env, ptr + 24, 0, retaddr); /* fpos */
> +cpu_stl_data_ra(env, ptr + 12, env->fpip, retaddr); /* fpip */
> +cpu_stl_data_ra(env, ptr + 16, fpcs, retaddr); /* fpcs */
> +cpu_stl_data_ra(env, ptr + 20, env->fpdp, retaddr); /* fpdp */
> +cpu_stl_data_ra(env, ptr + 24, fpds, retaddr); /* fpds */
>  } else {
>  /* 16 bit */
>  cpu_stw_data_ra(env, ptr, env->fpuc, retaddr);
>  cpu_stw_data_ra(env, ptr + 2, fpus, retaddr);
>  cpu_stw_data_ra(env, ptr + 4, fptag, retaddr);
> -cpu_stw_data_ra(env, ptr + 6, 0, retaddr);
> -cpu_stw_data_ra(env, ptr + 8, 0, retaddr);
> -cpu_stw_data_ra(env, ptr + 10, 0, retaddr);
> -cpu_stw

Re: [PATCH v4 1/2] target/i386: Trivial code motion

2021-05-17 Thread Eduardo Habkost
On Fri, May 07, 2021 at 04:00:56PM +0800, Ziqiao Kong wrote:
> Move the float translation case to a new block by a new pair of braces.

If you are just adding braces around the code, do you really need
to reindent all the code?  I don't see any mention of `switch`
statements on style.rst, but I see 235 existing cases where the
brackets are aligned below the `c` in `case`.

In either case, I'm looking for a description of "why", not
"what", but I couldn't find it.  Why are the braces necessary or
useful here?

> 
> Fix some coding style problem for the old code.
> 
> Signed-off-by: Ziqiao Kong 
> ---
>  VERSION |   2 +-
>  target/i386/tcg/translate.c | 953 ++--
>  2 files changed, 481 insertions(+), 474 deletions(-)
> 
> diff --git a/VERSION b/VERSION
> index e479d55a5e..09b254e90c 100644
> --- a/VERSION
> +++ b/VERSION
> @@ -1 +1 @@
> -5.2.95
> +6.0.0
> diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
> index 880bc45561..52e94fe106 100644
> --- a/target/i386/tcg/translate.c
> +++ b/target/i386/tcg/translate.c
> @@ -5838,503 +5838,510 @@ static target_ulong disas_insn(DisasContext *s, 
> CPUState *cpu)
>  //
>  /* floats */
>  case 0xd8 ... 0xdf:
> -if (s->flags & (HF_EM_MASK | HF_TS_MASK)) {
> -/* if CR0.EM or CR0.TS are set, generate an FPU exception */
> -/* XXX: what to do if illegal op ? */
> -gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
> -break;
> -}
> -modrm = x86_ldub_code(env, s);
> -mod = (modrm >> 6) & 3;
> -rm = modrm & 7;
> -op = ((b & 7) << 3) | ((modrm >> 3) & 7);
> -if (mod != 3) {
> -/* memory op */
> -gen_lea_modrm(env, s, modrm);
> -switch(op) {
> -case 0x00 ... 0x07: /* fxxxs */
> -case 0x10 ... 0x17: /* fixxxl */
> -case 0x20 ... 0x27: /* fxxxl */
> -case 0x30 ... 0x37: /* fixxx */
> -{
> -int op1;
> -op1 = op & 7;
> -
> -switch(op >> 4) {
> -case 0:
> -tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
> -s->mem_index, MO_LEUL);
> -gen_helper_flds_FT0(cpu_env, s->tmp2_i32);
> -break;
> -case 1:
> -tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
> -s->mem_index, MO_LEUL);
> -gen_helper_fildl_FT0(cpu_env, s->tmp2_i32);
> -break;
> -case 2:
> -tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0,
> -s->mem_index, MO_LEQ);
> -gen_helper_fldl_FT0(cpu_env, s->tmp1_i64);
> -break;
> -case 3:
> -default:
> -tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
> -s->mem_index, MO_LESW);
> -gen_helper_fildl_FT0(cpu_env, s->tmp2_i32);
> -break;
> -}
> -
> -gen_helper_fp_arith_ST0_FT0(op1);
> -if (op1 == 3) {
> -/* fcomp needs pop */
> -gen_helper_fpop(cpu_env);
> -}
> -}
> +{
> +if (s->flags & (HF_EM_MASK | HF_TS_MASK)) {
> +/* if CR0.EM or CR0.TS are set, generate an FPU exception */
> +/* XXX: what to do if illegal op ? */
> +gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
>  break;
> -case 0x08: /* flds */
> -case 0x0a: /* fsts */
> -case 0x0b: /* fstps */
> -case 0x18 ... 0x1b: /* fildl, fisttpl, fistl, fistpl */
> -case 0x28 ... 0x2b: /* fldl, fisttpll, fstl, fstpl */
> -case 0x38 ... 0x3b: /* filds, fisttps, fists, fistps */
> -switch(op & 7) {
> -case 0:
> -switch(op >> 4) {
> -case 0:
> -tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
> -s->mem_index, MO_LEUL);
> -gen_helper_flds_ST0(cpu_env, s->tmp2_i32);
> -break;
> -case 1:
> -tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
> -s->mem_index, MO_LEUL);
> -gen_helper_fildl_ST0(cpu_env, s->tmp2_i32);
> -break;
> -case 2:
> -tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0,
> -

Re: [PATCH V6 5/6] net/colo-compare: Add passthrough list to CompareState

2021-05-17 Thread Lukas Straub
On Tue, 20 Apr 2021 23:15:36 +0800
Zhang Chen  wrote:

> Add passthrough list for each CompareState.
> 
> Signed-off-by: Zhang Chen 
> ---
>  net/colo-compare.c | 28 
>  net/colo-compare.h | 12 
>  2 files changed, 40 insertions(+)
> 
> diff --git a/net/colo-compare.c b/net/colo-compare.c
> index b51b1437ef..7109e2ed30 100644
> --- a/net/colo-compare.c
> +++ b/net/colo-compare.c
> @@ -141,6 +141,7 @@ static int packet_enqueue(CompareState *s, int mode, 
> Connection **con)
>  ConnectionKey key;
>  Packet *pkt = NULL;
>  Connection *conn;
> +COLOPassthroughEntry *pass, *next;
>  int ret;
>  
>  if (mode == PRIMARY_IN) {
> @@ -160,6 +161,31 @@ static int packet_enqueue(CompareState *s, int mode, 
> Connection **con)
>  }
>  fill_connection_key(pkt, &key);
>  
> +/* Check COLO passthrough specifications */
> +qemu_mutex_lock(&s->passthroughlist_mutex);
> +if (!QLIST_EMPTY(&s->passthroughlist)) {
> +QLIST_FOREACH_SAFE(pass, &s->passthroughlist, node, next) {
> +if (key.ip_proto == pass->l4_protocol->p_proto) {
> +if (pass->src_port == 0 || pass->src_port == key.dst_port) {
> +if (pass->src_ip.s_addr == 0 ||
> +pass->src_ip.s_addr == key.src.s_addr) {
> +if (pass->dst_port == 0 ||
> +pass->dst_port == key.src_port) {
> +if (pass->dst_ip.s_addr == 0 ||
> +pass->dst_ip.s_addr == key.dst.s_addr) {
> +packet_destroy(pkt, NULL);
> +pkt = NULL;
> +qemu_mutex_unlock(&s->passthroughlist_mutex);
> +return -1;
> +}
> +}
> +}
> +}
> +}
> +}
> +}
> +qemu_mutex_unlock(&s->passthroughlist_mutex);
> +
>  conn = connection_get(s->connection_track_table,
>&key,
>&s->conn_list);
> @@ -1225,6 +1251,7 @@ static void colo_compare_complete(UserCreatable *uc, 
> Error **errp)
>  }
>  
>  g_queue_init(&s->conn_list);
> +QLIST_INIT(&s->passthroughlist);
>  
>  s->connection_track_table = g_hash_table_new_full(connection_key_hash,
>connection_key_equal,
> @@ -1237,6 +1264,7 @@ static void colo_compare_complete(UserCreatable *uc, 
> Error **errp)
>  if (!colo_compare_active) {
>  qemu_mutex_init(&event_mtx);
>  qemu_cond_init(&event_complete_cond);
> +qemu_mutex_init(&s->passthroughlist_mutex);

This initializes the mutex only for the first colo-compare object that is 
created. The mutex has to be initialized every time, as it separate for each
colo-compare object.

>  colo_compare_active = true;
>  }
>  QTAILQ_INSERT_TAIL(&net_compares, s, next);
> diff --git a/net/colo-compare.h b/net/colo-compare.h
> index ab649c9dbe..7ca74de840 100644
> --- a/net/colo-compare.h
> +++ b/net/colo-compare.h
> @@ -23,6 +23,7 @@
>  #include "migration/migration.h"
>  #include "sysemu/iothread.h"
>  #include "colo.h"
> +#include 
>  
>  #define TYPE_COLO_COMPARE "colo-compare"
>  typedef struct CompareState CompareState;
> @@ -54,6 +55,15 @@ typedef struct COLOSendEntry {
>  uint8_t *buf;
>  } COLOSendEntry;
>  
> +typedef struct COLOPassthroughEntry {
> +struct protoent *l4_protocol;
> +int src_port;
> +int dst_port;
> +struct in_addr src_ip;
> +struct in_addr dst_ip;
> +QLIST_ENTRY(COLOPassthroughEntry) node;
> +} COLOPassthroughEntry;
> +
>  /*
>   *  + CompareState ++
>   *  |   |
> @@ -110,6 +120,8 @@ struct CompareState {
>  
>  QEMUBH *event_bh;
>  enum colo_event event;
> +QLIST_HEAD(, COLOPassthroughEntry) passthroughlist;
> +QemuMutex passthroughlist_mutex;
>  
>  QTAILQ_ENTRY(CompareState) next;
>  };



-- 



pgpQK46D12cjT.pgp
Description: OpenPGP digital signature


Re: [PATCH v2 00/12] hw: Various Kconfig fixes

2021-05-17 Thread Eduardo Habkost
On Mon, May 17, 2021 at 03:18:56PM -0400, Eduardo Habkost wrote:
> CCing Build system architecture maintainer (Daniel).

Oops, I was misled by the subsection title.  Daniel is
responsible only for the build system documentation.

Do we have any volunteers willing to be listed as reviewers for
build system changes in MAINTAINERS?  meson.build has a
non-trivial amount of code and no maintainers or reviewers at
all.

> 
> On Sat, May 15, 2021 at 07:37:04PM +0200, Philippe Mathieu-Daudé wrote:
> > Various Kconfig fixes when building stand-alone machine binaries.
> 
> Who should merge this once it's ready?
> 
> > 
> > Since v1:
> > - Fixed Pegasos2 machine
> > - Removed SEMIHOSTING related patches (will repost them later)
> > 
> > Philippe Mathieu-Daudé (12):
> >   hw/mem/nvdimm: Use Kconfig 'imply' instead of 'depends on'
> >   hw/ide/Kconfig: Add missing dependency PCI -> IDE_QDEV
> >   hw/arm/Kconfig: Add missing dependency NPCM7XX -> SMBUS
> >   hw/arm/Kconfig: Remove unused DS1338 symbol from i.MX25 PDK Board
> >   hw/arm/Kconfig: Add missing SDHCI symbol to FSL_IMX25
> >   hw/riscv/Kconfig: Add missing dependency MICROCHIP_PFSOC -> SERIAL
> >   hw/riscv/Kconfig: Restrict NUMA to Virt & Spike machines
> >   hw/ppc/Kconfig: Add missing dependency E500 -> DS1338 RTC
> >   hw/pci-host/Kconfig: Add missing dependency MV64361 -> I8259
> >   hw/isa/vt82c686: Add missing Kconfig dependencies (build error)
> >   hw/isa/vt82c686: Add missing Kconfig dependency (runtime error)
> >   hw/ppc/Kconfig: Add dependency PEGASOS2 -> ATI_VGA
> > 
> >  default-configs/devices/ppc-softmmu.mak   | 1 -
> >  default-configs/devices/ppc64-softmmu.mak | 1 -
> >  hw/arm/Kconfig| 4 +++-
> >  hw/char/Kconfig   | 1 +
> >  hw/i386/Kconfig   | 1 +
> >  hw/ide/Kconfig| 2 +-
> >  hw/isa/Kconfig| 4 
> >  hw/mem/Kconfig| 2 --
> >  hw/pci-host/Kconfig   | 1 +
> >  hw/ppc/Kconfig| 3 +++
> >  hw/riscv/Kconfig  | 5 +
> >  hw/riscv/meson.build  | 2 +-
> >  12 files changed, 20 insertions(+), 7 deletions(-)
> > 
> > -- 
> > 2.26.3
> > 
> > 
> > 
> 
> -- 
> Eduardo
> 
> 

-- 
Eduardo




Re: [PATCH V6 4/6] net/colo-compare: Move data structure and define to .h file.

2021-05-17 Thread Lukas Straub
On Tue, 20 Apr 2021 23:15:35 +0800
Zhang Chen  wrote:

> Rename structure with COLO index and move it to .h file,
> It make other modules can reuse COLO code.

Hi,
There are some definitions that don't need to be moved into the header,
more comments below.

In general I think the new passthrough feature can be exclusive to
colo-compare for now and that everything can remain there. If other net
filters implement the feature, we can still move it outside of
colo-compare later.

> Signed-off-by: Zhang Chen 
> ---
>  net/colo-compare.c | 134 +
>  net/colo-compare.h | 106 +++
>  2 files changed, 120 insertions(+), 120 deletions(-)
> 
> diff --git a/net/colo-compare.c b/net/colo-compare.c
> index 9d1ad99941..b51b1437ef 100644
> --- a/net/colo-compare.c
> +++ b/net/colo-compare.c
> @@ -17,44 +17,24 @@
>  #include "qemu/error-report.h"
>  #include "trace.h"
>  #include "qapi/error.h"
> -#include "net/net.h"
>  #include "net/eth.h"
>  #include "qom/object_interfaces.h"
>  #include "qemu/iov.h"
>  #include "qom/object.h"
>  #include "net/queue.h"
> -#include "chardev/char-fe.h"
>  #include "qemu/sockets.h"
> -#include "colo.h"
> -#include "sysemu/iothread.h"
>  #include "net/colo-compare.h"
> -#include "migration/colo.h"
> -#include "migration/migration.h"
>  #include "util.h"
>  
>  #include "block/aio-wait.h"
>  #include "qemu/coroutine.h"
>  
> -#define TYPE_COLO_COMPARE "colo-compare"
> -typedef struct CompareState CompareState;
> -DECLARE_INSTANCE_CHECKER(CompareState, COLO_COMPARE,
> - TYPE_COLO_COMPARE)
> -
>  static QTAILQ_HEAD(, CompareState) net_compares =
> QTAILQ_HEAD_INITIALIZER(net_compares);
>  
>  static NotifierList colo_compare_notifiers =
>  NOTIFIER_LIST_INITIALIZER(colo_compare_notifiers);
>  
> -#define COMPARE_READ_LEN_MAX NET_BUFSIZE
> -#define MAX_QUEUE_SIZE 1024
> -
> -#define COLO_COMPARE_FREE_PRIMARY 0x01
> -#define COLO_COMPARE_FREE_SECONDARY   0x02
> -
> -#define REGULAR_PACKET_CHECK_MS 1000
> -#define DEFAULT_TIME_OUT_MS 3000
> -

These 6 defines should stay here.

>  /* #define DEBUG_COLO_PACKETS */
>  
>  static QemuMutex colo_compare_mutex;
> @@ -64,92 +44,6 @@ static QemuCond event_complete_cond;
>  static int event_unhandled_count;
>  static uint32_t max_queue_size;
>  
> -/*
> - *  + CompareState ++
> - *  |   |
> - *  +---+   +---+ +---+
> - *  |   conn list   + - >  conn + --- >  conn + -- > 
> ..
> - *  +---+   +---+ +---+
> - *  |   | |   | |  |
> - *  +---+ +---v+  +---v++---v+ +---v+
> - *|primary |  |secondary|primary | |secondary
> - *|packet  |  |packet  +|packet  | |packet  +
> - *++  ++++ ++
> - *|   | |  |
> - *+---v+  +---v++---v+ +---v+
> - *|primary |  |secondary|primary | |secondary
> - *|packet  |  |packet  +|packet  | |packet  +
> - *++  ++++ ++
> - *|   | |  |
> - *+---v+  +---v++---v+ +---v+
> - *|primary |  |secondary|primary | |secondary
> - *|packet  |  |packet  +|packet  | |packet  +
> - *++  ++++ ++
> - */
> -
> -typedef struct SendCo {
> -Coroutine *co;
> -struct CompareState *s;
> -CharBackend *chr;
> -GQueue send_list;
> -bool notify_remote_frame;
> -bool done;
> -int ret;
> -} SendCo;

This struct should stay here.

> -typedef struct SendEntry {
> -uint32_t size;
> -uint32_t vnet_hdr_len;
> -uint8_t *buf;
> -} SendEntry;

This struct should stay here.

> -struct CompareState {
> -Object parent;
> -
> -char *pri_indev;
> -char *sec_indev;
> -char *outdev;
> -char *notify_dev;
> -CharBackend chr_pri_in;
> -CharBackend chr_sec_in;
> -CharBackend chr_out;
> -CharBackend chr_notify_dev;
> -SocketReadState pri_rs;
> -SocketReadState sec_rs;
> -SocketReadState notify_rs;
> -SendCo out_sendco;
> -SendCo notify_sendco;
> -bool vnet_hdr;
> -uint64_t compare_timeout;
> -uint32_t expired_scan_cycle;
> -
> -/*
> - * Record the connection that through the NIC
> - * Element type: Connection
> - */
> -GQueue conn_list;
> -/* Record the connection without repetition */
> -GHashTable *connection_track_table;
> -
> -IOThread *iothread;
> -GMainContext *worker_context;
> -QEMUTimer *packet_check_timer;
> -
> -QEMUBH *event_bh

[PATCH v2] target/xtensa: clean up unaligned access

2021-05-17 Thread Max Filippov
Xtensa cores may or may not have hardware support for unaligned memory
access. On cores with such support pass MO_UNALN in memory access flags
for all operations that would not raise an exception. Drop condition
from xtensa_cpu_do_unaligned_access and replace it with assertions.
Add a test.

Suggested-by: Philippe Mathieu-Daudé 
Signed-off-by: Max Filippov 
---
Changes v1->v2:
- correctly handle case of !XCHAL_UNALIGNED_*_EXCEPTION in the test

 target/xtensa/helper.c |  14 +--
 target/xtensa/translate.c  | 108 
 tests/tcg/xtensa/test_load_store.S | 195 +
 3 files changed, 256 insertions(+), 61 deletions(-)
 create mode 100644 tests/tcg/xtensa/test_load_store.S

diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
index eeffee297d15..eceb2958caab 100644
--- a/target/xtensa/helper.c
+++ b/target/xtensa/helper.c
@@ -270,13 +270,13 @@ void xtensa_cpu_do_unaligned_access(CPUState *cs,
 XtensaCPU *cpu = XTENSA_CPU(cs);
 CPUXtensaState *env = &cpu->env;
 
-if (xtensa_option_enabled(env->config, XTENSA_OPTION_UNALIGNED_EXCEPTION) 
&&
-!xtensa_option_enabled(env->config, XTENSA_OPTION_HW_ALIGNMENT)) {
-cpu_restore_state(CPU(cpu), retaddr, true);
-HELPER(exception_cause_vaddr)(env,
-  env->pc, LOAD_STORE_ALIGNMENT_CAUSE,
-  addr);
-}
+assert(xtensa_option_enabled(env->config,
+ XTENSA_OPTION_UNALIGNED_EXCEPTION));
+assert(!xtensa_option_enabled(env->config, XTENSA_OPTION_HW_ALIGNMENT));
+cpu_restore_state(CPU(cpu), retaddr, true);
+HELPER(exception_cause_vaddr)(env,
+  env->pc, LOAD_STORE_ALIGNMENT_CAUSE,
+  addr);
 }
 
 bool xtensa_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 0ae4efc48a17..8759bea7ff85 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -339,16 +339,6 @@ static void gen_exception_cause(DisasContext *dc, uint32_t 
cause)
 }
 }
 
-static void gen_exception_cause_vaddr(DisasContext *dc, uint32_t cause,
-TCGv_i32 vaddr)
-{
-TCGv_i32 tpc = tcg_const_i32(dc->pc);
-TCGv_i32 tcause = tcg_const_i32(cause);
-gen_helper_exception_cause_vaddr(cpu_env, tpc, tcause, vaddr);
-tcg_temp_free(tpc);
-tcg_temp_free(tcause);
-}
-
 static void gen_debug_exception(DisasContext *dc, uint32_t cause)
 {
 TCGv_i32 tpc = tcg_const_i32(dc->pc);
@@ -554,20 +544,16 @@ static uint32_t test_exceptions_hpi(DisasContext *dc, 
const OpcodeArg arg[],
 return test_exceptions_sr(dc, arg, par);
 }
 
-static void gen_load_store_alignment(DisasContext *dc, int shift,
-TCGv_i32 addr, bool no_hw_alignment)
+static MemOp gen_load_store_alignment(DisasContext *dc, int shift,
+  TCGv_i32 addr, bool no_hw_alignment)
 {
 if (!option_enabled(dc, XTENSA_OPTION_UNALIGNED_EXCEPTION)) {
 tcg_gen_andi_i32(addr, addr, ~0 << shift);
-} else if (option_enabled(dc, XTENSA_OPTION_HW_ALIGNMENT) &&
-no_hw_alignment) {
-TCGLabel *label = gen_new_label();
-TCGv_i32 tmp = tcg_temp_new_i32();
-tcg_gen_andi_i32(tmp, addr, ~(~0 << shift));
-tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, label);
-gen_exception_cause_vaddr(dc, LOAD_STORE_ALIGNMENT_CAUSE, addr);
-gen_set_label(label);
-tcg_temp_free(tmp);
+}
+if (!no_hw_alignment && option_enabled(dc, XTENSA_OPTION_HW_ALIGNMENT)) {
+return MO_UNALN;
+} else {
+return MO_ALIGN;
 }
 }
 
@@ -1784,10 +1770,11 @@ static void translate_l32e(DisasContext *dc, const 
OpcodeArg arg[],
const uint32_t par[])
 {
 TCGv_i32 addr = tcg_temp_new_i32();
+MemOp al;
 
 tcg_gen_addi_i32(addr, arg[1].in, arg[2].imm);
-gen_load_store_alignment(dc, 2, addr, false);
-tcg_gen_qemu_ld_tl(arg[0].out, addr, dc->ring, MO_TEUL);
+al = gen_load_store_alignment(dc, 2, addr, false);
+tcg_gen_qemu_ld_tl(arg[0].out, addr, dc->ring, MO_TEUL | al);
 tcg_temp_free(addr);
 }
 
@@ -1813,11 +1800,12 @@ static void translate_l32ex(DisasContext *dc, const 
OpcodeArg arg[],
 const uint32_t par[])
 {
 TCGv_i32 addr = tcg_temp_new_i32();
+MemOp al;
 
 tcg_gen_mov_i32(addr, arg[1].in);
-gen_load_store_alignment(dc, 2, addr, true);
+al = gen_load_store_alignment(dc, 2, addr, true);
 gen_check_exclusive(dc, addr, false);
-tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->ring, MO_TEUL);
+tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->ring, MO_TEUL | al);
 tcg_gen_mov_i32(cpu_exclusive_addr, addr);
 tcg_gen_mov_i32(cpu_exclusive_val, arg[0].out);
 tcg_temp_free(addr);
@@ -1827,18 +1815,19 @@ static void translate_ldst(DisasContext *dc, const 
OpcodeArg arg[],
 

Re: [PATCH 08/21] block/backup: stricter backup_calculate_cluster_size()

2021-05-17 Thread Vladimir Sementsov-Ogievskiy

17.05.2021 19:57, Max Reitz wrote:

On 17.05.21 08:44, Vladimir Sementsov-Ogievskiy wrote:

No reason to tolerate bdrv_get_info() errors except for ENOTSUP. Let's
just error-out, it's simpler and safer.


Hm, doesn’t look that much simpler to me.  Not sure how much safer it is, 
because the point was that in the target_does_cow case, we would like a cluster 
size hint, but it isn’t necessary.  So if we don’t get one, regardless of the 
reason, we use the default cluster size.  I don’t know why ENOTSUP should be 
treated in a special way there.

So I don’t know.



I'm probably OK to drop this for now and don't care. Still, I can share what 
brings me to this:

First I thought that cluster size should be easily available for any driver:

protocol drivers and not-backing-supporting format drivers can set it to 1 or to 
request_alignment, if they don't have a "cluster" in mind.

backing-supporting format drivers should of course provide actual cluster size

And I decided to just add bs->cluster_size variable, set on driver open, to 
simplify the whole thing and make it clean. Then, most this detect-cluster-size 
function would be just dropped.

But it occurs, that there is one driver, that has a good and rather tricky 
reason for ENOTSUP: vmdk can have several extents with different cluster size..

So I give up refactored, and finished with this one patch. It can be simply 
dropped, I am not really a fan of it..




Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
  block/backup.c | 14 +-
  1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/block/backup.c b/block/backup.c
index fe685e411b..fe7a1f1e37 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -367,7 +367,10 @@ static int64_t 
backup_calculate_cluster_size(BlockDriverState *target,
   * targets with a backing file, try to avoid COW if possible.
   */
  ret = bdrv_get_info(target, &bdi);
-    if (ret == -ENOTSUP && !target_does_cow) {
+    if (ret < 0 && ret != -ENOTSUP) {
+    error_setg_errno(errp, -ret, "Failed to get target info");
+    return ret;
+    } else if (ret == -ENOTSUP && !target_does_cow) {
  /* Cluster size is not defined */
  warn_report("The target block device doesn't provide "
  "information about the block size and it doesn't have a "
@@ -376,14 +379,7 @@ static int64_t 
backup_calculate_cluster_size(BlockDriverState *target,
  "this default, the backup may be unusable",
  BACKUP_CLUSTER_SIZE_DEFAULT);
  return BACKUP_CLUSTER_SIZE_DEFAULT;
-    } else if (ret < 0 && !target_does_cow) {
-    error_setg_errno(errp, -ret,
-    "Couldn't determine the cluster size of the target image, "
-    "which has no backing file");
-    error_append_hint(errp,
-    "Aborting, since this may create an unusable destination image\n");
-    return ret;
-    } else if (ret < 0 && target_does_cow) {
+    } else if (ret == -ENOTSUP && target_does_cow) {
  /* Not fatal; just trudge on ahead. */
  return BACKUP_CLUSTER_SIZE_DEFAULT;
  }






--
Best regards,
Vladimir



Re: [PATCH v3] i386: Add ratelimit for bus locks acquired in guest

2021-05-17 Thread Eduardo Habkost
+Stefan

I have a question about ratelimit_set_speed() below:

On Fri, Apr 30, 2021 at 06:33:05PM +0800, Chenyi Qiang wrote:
> A bus lock is acquired through either split locked access to writeback
> (WB) memory or any locked access to non-WB memory. It is typically >1000
> cycles slower than an atomic operation within a cache and can also
> disrupts performance on other cores.
> 
> Virtual Machines can exploit bus locks to degrade the performance of
> system. To address this kind of performance DOS attack coming from the
> VMs, bus lock VM exit is introduced in KVM and it can report the bus
> locks detected in guest. If enabled in KVM, it would exit to the
> userspace to let the user enforce throttling policies once bus locks
> acquired in VMs.
> 
> The availability of bus lock VM exit can be detected through the
> KVM_CAP_X86_BUS_LOCK_EXIT. The returned bitmap contains the potential
> policies supported by KVM. The field KVM_BUS_LOCK_DETECTION_EXIT in
> bitmap is the only supported strategy at present. It indicates that KVM
> will exit to userspace to handle the bus locks.
> 
> This patch adds a ratelimit on the bus locks acquired in guest as a
> mitigation policy.
> 
> Introduce a new field "bus_lock_ratelimit" to record the limited speed
> of bus locks in the target VM. The user can specify it through the
> "bus-lock-ratelimit" as a machine property. In current implementation,
> the default value of the speed is 0 per second, which means no
> restrictions on the bus locks
> 
> As for ratelimit on detected bus locks, simply set the ratelimit
> interval to 1s and restrict the quota of bus lock occurence to the value
> of "bus_lock_ratelimit". A potential alternative is to introduce the
> time slice as a property which can help the user achieve more precise
> control.
> 
> The detail of Bus lock VM exit can be found in spec:
> https://software.intel.com/content/www/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html
> 
> Signed-off-by: Chenyi Qiang 
> 
> ---
> Changes from v2:
>   - do some rename work (bus-lock-ratelimit and BUS_LOCK_TIME_SLICE).
> (Eduardo)
>   - change to register a class property at the x86_machine_class_init()
> and write the gettter/setter for the bus_lock_ratelimit property.
> (Eduardo)
>   - add the lock to access the Ratelimit instance to avoid vcpu thread
> race condition. (Eduardo)
>   - v2: 
> https://lore.kernel.org/qemu-devel/20210420093736.17613-1-chenyi.qi...@intel.com/
> 
> Changes from RFC v1:
>   - Remove the rip info output, as the rip can't reflect the bus lock
> position correctly. (Xiaoyao)
>   - RFC v1: 
> https://lore.kernel.org/qemu-devel/20210317084709.15605-1-chenyi.qi...@intel.com/
[...]
> diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
> index c09b648dff..49b130a649 100644
> --- a/include/hw/i386/x86.h
> +++ b/include/hw/i386/x86.h
> @@ -74,12 +74,21 @@ struct X86MachineState {
>   * will be translated to MSI messages in the address space.
>   */
>  AddressSpace *ioapic_as;
> +
> +/*
> + * Ratelimit enforced on detected bus locks in guest.
> + * The default value of the bus_lock_ratelimit is 0 per second,
> + * which means no limitation on the guest's bus locks.
> + */
> +uint64_t bus_lock_ratelimit;
> +RateLimit bus_lock_ratelimit_ctrl;
>  };
>  
>  #define X86_MACHINE_SMM  "smm"
>  #define X86_MACHINE_ACPI "acpi"
>  #define X86_MACHINE_OEM_ID   "x-oem-id"
>  #define X86_MACHINE_OEM_TABLE_ID "x-oem-table-id"
> +#define X86_MACHINE_BUS_LOCK_RATELIMIT  "bus-lock-ratelimit"
>  
>  #define TYPE_X86_MACHINE   MACHINE_TYPE_NAME("x86")
>  OBJECT_DECLARE_TYPE(X86MachineState, X86MachineClass, X86_MACHINE)
> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
> index 7fe9f52710..19b6c4a7e8 100644
> --- a/target/i386/kvm/kvm.c
> +++ b/target/i386/kvm/kvm.c
> @@ -130,6 +130,9 @@ static bool has_msr_mcg_ext_ctl;
>  static struct kvm_cpuid2 *cpuid_cache;
>  static struct kvm_msr_list *kvm_feature_msrs;
>  
> +#define BUS_LOCK_SLICE_TIME 10ULL /* ns */
> +static QemuMutex bus_lock_ratelimit_lock;
> +
>  int kvm_has_pit_state2(void)
>  {
>  return has_pit_state2;
> @@ -2267,6 +2270,28 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
>  }
>  }
>  
> +if (object_dynamic_cast(OBJECT(ms), TYPE_X86_MACHINE)) {
> +X86MachineState *x86ms = X86_MACHINE(ms);
> +
> +if (x86ms->bus_lock_ratelimit > 0) {
> +ret = kvm_check_extension(s, KVM_CAP_X86_BUS_LOCK_EXIT);
> +if (!(ret & KVM_BUS_LOCK_DETECTION_EXIT)) {
> +error_report("kvm: bus lock detection unsupported");
> +return -ENOTSUP;
> +}
> +ret = kvm_vm_enable_cap(s, KVM_CAP_X86_BUS_LOCK_EXIT, 0,
> +KVM_BUS_LOCK_DETECTION_EXIT);
> +if (ret < 0) {
> +error_report("kvm: Failed to enable bus lo

[PATCH 2/4] paaudio: remove unused stream flags

2021-05-17 Thread Volker Rümelin
In current code there are no calls to pa_stream_get_latency()
or pa_stream_get_time() to receive latency or time information.

Remove the flags PA_STREAM_INTERPOLATE_TIMING and
PA_STREAM_AUTO_TIMING_UPDATE which instruct PulseAudio to
calculate this information in regular intervals.

Signed-off-by: Volker Rümelin 
---
 audio/paaudio.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/audio/paaudio.c b/audio/paaudio.c
index c97b22e970..14b4269c55 100644
--- a/audio/paaudio.c
+++ b/audio/paaudio.c
@@ -463,10 +463,7 @@ static pa_stream *qpa_simple_new (
 
 pa_stream_set_state_callback(stream, stream_state_cb, c);
 
-flags =
-PA_STREAM_INTERPOLATE_TIMING
-| PA_STREAM_AUTO_TIMING_UPDATE
-| PA_STREAM_EARLY_REQUESTS;
+flags = PA_STREAM_EARLY_REQUESTS;
 
 if (dev) {
 /* don't move the stream if the user specified a sink/source */
-- 
2.26.2




[PATCH 1/4] alsaaudio: remove #ifdef DEBUG to avoid bit rot

2021-05-17 Thread Volker Rümelin
Merge the #ifdef DEBUG code with the if statement a few lines
above to avoid bit rot.

Suggested-by: Gerd Hoffmann 
Signed-off-by: Volker Rümelin 
---
 audio/alsaaudio.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
index fcc2f62864..2b9789e647 100644
--- a/audio/alsaaudio.c
+++ b/audio/alsaaudio.c
@@ -34,6 +34,8 @@
 #define AUDIO_CAP "alsa"
 #include "audio_int.h"
 
+#define DEBUG_ALSA 0
+
 struct pollhlp {
 snd_pcm_t *handle;
 struct pollfd *pfds;
@@ -587,16 +589,12 @@ static int alsa_open(bool in, struct alsa_params_req *req,
 
 *handlep = handle;
 
-if (obtfmt != req->fmt ||
- obt->nchannels != req->nchannels ||
- obt->freq != req->freq) {
+if (DEBUG_ALSA || obtfmt != req->fmt ||
+obt->nchannels != req->nchannels || obt->freq != req->freq) {
 dolog ("Audio parameters for %s\n", typ);
 alsa_dump_info(req, obt, obtfmt, apdo);
 }
 
-#ifdef DEBUG
-alsa_dump_info(req, obt, obtfmt, apdo);
-#endif
 return 0;
 
  err:
-- 
2.26.2




[PATCH 0/4] Misc. audio patches

2021-05-17 Thread Volker Rümelin

A small collection of patches for the audio subsystem.

It took me one evening to get a working audio system with JACK.
I never associated the in-(NULL) and out-(NULL) devices in the
patch bay with qemu.

With best regards,
Volker

Volker Rümelin (4):
  alsaaudio: remove #ifdef DEBUG to avoid bit rot
  paaudio: remove unused stream flags
  audio: move code to audio/audio.c
  jackaudio: avoid that the client name contains the word (NULL)

 audio/alsaaudio.c | 10 --
 audio/audio.c |  9 +
 audio/audio_int.h |  2 ++
 audio/jackaudio.c |  3 +--
 audio/paaudio.c   | 10 ++
 5 files changed, 18 insertions(+), 16 deletions(-)

--
2.26.2




Re: [PATCH 05/21] block: rename backup-top to copy-before-write

2021-05-17 Thread Vladimir Sementsov-Ogievskiy

17.05.2021 19:05, Max Reitz wrote:

On 17.05.21 08:44, Vladimir Sementsov-Ogievskiy wrote:

We are going to convert backup_top to full featured public filter,
which can be used in separate of backup job. Start from renaming from
"how it used" to "what it does".


Is this safe?  The name was externally visible in queries after all. (I’m not 
saying it is unsafe, I just don’t know and would like to know whether you’ve 
considered this already.)

(Regardless, renaming files and so on is fine, of course.)


Hmmm. I don't know.

It was visible yes.. But we've never documented it. And if someone depends on name of the 
format of the filter automatically inserted during backup job, it's a kind of 
"undocumented feature" use..

Another change I is changing child from backing to file in 11, from this point 
of view it's unsafe too. But ше even more reasonable than good name: having all 
public filters behave similar is a very good thing.

So, may be it a bit risky, but I think good interface worth that risk. And we always can 
say "sorry guys, but that was not documented, we didn't promise anything".

But I'm OK to go on with "backup-top" and "backing", is someone has strict 
opinion about this.




While updating comments in 283 iotest, drop and rephrase also things
about ".active", as this field is now dropped, and filter doesn't have
"inactive" mode.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
  block/{backup-top.h => copy-before-write.h} |  28 +++---
  block/backup.c  |  22 ++---
  block/{backup-top.c => copy-before-write.c} | 100 ++--
  MAINTAINERS |   4 +-
  block/meson.build   |   2 +-
  tests/qemu-iotests/283  |  35 +++
  tests/qemu-iotests/283.out  |   4 +-
  7 files changed, 95 insertions(+), 100 deletions(-)
  rename block/{backup-top.h => copy-before-write.h} (56%)
  rename block/{backup-top.c => copy-before-write.c} (62%)


[...]


diff --git a/block/backup-top.c b/block/copy-before-write.c
similarity index 62%
rename from block/backup-top.c
rename to block/copy-before-write.c
index 425e3778be..40e91832d7 100644
--- a/block/backup-top.c
+++ b/block/copy-before-write.c


[...]


@@ -32,25 +32,25 @@


[...]


-static coroutine_fn int backup_top_cbw(BlockDriverState *bs, uint64_t offset,
-   uint64_t bytes, BdrvRequestFlags flags)
+static coroutine_fn int cbw_cbw(BlockDriverState *bs, uint64_t offset,
+    uint64_t bytes, BdrvRequestFlags flags)


I’m sure you noticed it, too, but cbw_cbw() is weird.  Perhaps cbw_do_cbw() at 
least?



OK. Maybe even cbw_do_copy_before_write()


--
Best regards,
Vladimir



Re: [PATCH v6 00/10] Fixed some bugs and optimized some codes for COLO

2021-05-17 Thread Lukas Straub
On Thu,  8 Apr 2021 23:20:46 -0400
leirao  wrote:

> From: Rao, Lei 
> 
> Changes since v5:
> --Replaced g_slice_new calls with g_slice_new0.
> 
> Changes since v4:
> --Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD in 
> colo_bitmap_clear_dirty.
> --Modify some minor issues about variable definition.
> --Add some performance test data in the commit message.
> 
> Changes since v3:
> --Remove cpu_throttle_stop from mig_throttle_counter_reset.
> 
> Changes since v2:
> --Add a function named packet_new_nocopy.
> --Continue to optimize the function of colo_flush_ram_cache.
> 
> Changes since v1:
> --Reset the state of the auto-converge counters at every checkpoint 
> instead of directly disabling.
> --Treat the filter_send function returning zero as a normal case.
> 
> The series of patches include:
> Fixed some bugs of qemu crash.
> Optimized some code to reduce the time of checkpoint.
> Remove some unnecessary code to improve COLO.
> 
> Rao, Lei (10):
>   Remove some duplicate trace code.
>   Fix the qemu crash when guest shutdown during checkpoint
>   Optimize the function of filter_send
>   Remove migrate_set_block_enabled in checkpoint
>   Add a function named packet_new_nocopy for COLO.
>   Add the function of colo_compare_cleanup
>   Reset the auto-converge counter at every checkpoint.
>   Reduce the PVM stop time during Checkpoint
>   Add the function of colo_bitmap_clear_dirty
>   Fixed calculation error of pkt->header_size in fill_pkt_tcp_info()
> 
>  migration/colo.c  | 10 +++
>  migration/migration.c |  4 +++
>  migration/ram.c   | 83 
> +--
>  migration/ram.h   |  1 +
>  net/colo-compare.c| 25 +++-
>  net/colo-compare.h|  1 +
>  net/colo.c| 25 +++-
>  net/colo.h|  1 +
>  net/filter-mirror.c   |  8 ++---
>  net/filter-rewriter.c |  3 +-
>  net/net.c |  4 +++
>  softmmu/runstate.c|  1 +
>  12 files changed, 129 insertions(+), 37 deletions(-)
> 

I guess Zhang Chen can already take the network-related patches through his 
tree.

Regards,
Lukas Straub

-- 



pgpLi2cUeRqps.pgp
Description: OpenPGP digital signature


[PATCH 4/4] jackaudio: avoid that the client name contains the word (NULL)

2021-05-17 Thread Volker Rümelin
Currently with jackaudio client name and qemu guest name unset,
the JACK client names are out-(NULL) and in-(NULL). These names
are user visible in the patch bay. Replace the function call to
qemu_get_vm_name() with a call to audio_application_name() which
replaces NULL with "qemu" to have more descriptive names.

Signed-off-by: Volker Rümelin 
---
 audio/jackaudio.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/audio/jackaudio.c b/audio/jackaudio.c
index 3031c4e29b..e7de6d5433 100644
--- a/audio/jackaudio.c
+++ b/audio/jackaudio.c
@@ -26,7 +26,6 @@
 #include "qemu/module.h"
 #include "qemu/atomic.h"
 #include "qemu/main-loop.h"
-#include "qemu-common.h"
 #include "audio.h"
 
 #define AUDIO_CAP "jack"
@@ -412,7 +411,7 @@ static int qjack_client_init(QJackClient *c)
 
 snprintf(client_name, sizeof(client_name), "%s-%s",
 c->out ? "out" : "in",
-c->opt->client_name ? c->opt->client_name : qemu_get_vm_name());
+c->opt->client_name ? c->opt->client_name : audio_application_name());
 
 if (c->opt->exact_name) {
 options |= JackUseExactName;
-- 
2.26.2




[PATCH] target/xtensa: clean up unaligned access

2021-05-17 Thread Max Filippov
Xtensa cores may or may not have hardware support for unaligned memory
access. On cores with such support pass MO_UNALN in memory access flags
for all operations that would not raise an exception. Drop condition
from xtensa_cpu_do_unaligned_access and replace it with assertions.
Add a test.

Suggested-by: Philippe Mathieu-Daudé 
Signed-off-by: Max Filippov 
---
 target/xtensa/helper.c |  14 +--
 target/xtensa/translate.c  | 108 ++--
 tests/tcg/xtensa/test_load_store.S | 156 +
 3 files changed, 217 insertions(+), 61 deletions(-)
 create mode 100644 tests/tcg/xtensa/test_load_store.S

diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
index eeffee297d15..eceb2958caab 100644
--- a/target/xtensa/helper.c
+++ b/target/xtensa/helper.c
@@ -270,13 +270,13 @@ void xtensa_cpu_do_unaligned_access(CPUState *cs,
 XtensaCPU *cpu = XTENSA_CPU(cs);
 CPUXtensaState *env = &cpu->env;
 
-if (xtensa_option_enabled(env->config, XTENSA_OPTION_UNALIGNED_EXCEPTION) 
&&
-!xtensa_option_enabled(env->config, XTENSA_OPTION_HW_ALIGNMENT)) {
-cpu_restore_state(CPU(cpu), retaddr, true);
-HELPER(exception_cause_vaddr)(env,
-  env->pc, LOAD_STORE_ALIGNMENT_CAUSE,
-  addr);
-}
+assert(xtensa_option_enabled(env->config,
+ XTENSA_OPTION_UNALIGNED_EXCEPTION));
+assert(!xtensa_option_enabled(env->config, XTENSA_OPTION_HW_ALIGNMENT));
+cpu_restore_state(CPU(cpu), retaddr, true);
+HELPER(exception_cause_vaddr)(env,
+  env->pc, LOAD_STORE_ALIGNMENT_CAUSE,
+  addr);
 }
 
 bool xtensa_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 0ae4efc48a17..8759bea7ff85 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -339,16 +339,6 @@ static void gen_exception_cause(DisasContext *dc, uint32_t 
cause)
 }
 }
 
-static void gen_exception_cause_vaddr(DisasContext *dc, uint32_t cause,
-TCGv_i32 vaddr)
-{
-TCGv_i32 tpc = tcg_const_i32(dc->pc);
-TCGv_i32 tcause = tcg_const_i32(cause);
-gen_helper_exception_cause_vaddr(cpu_env, tpc, tcause, vaddr);
-tcg_temp_free(tpc);
-tcg_temp_free(tcause);
-}
-
 static void gen_debug_exception(DisasContext *dc, uint32_t cause)
 {
 TCGv_i32 tpc = tcg_const_i32(dc->pc);
@@ -554,20 +544,16 @@ static uint32_t test_exceptions_hpi(DisasContext *dc, 
const OpcodeArg arg[],
 return test_exceptions_sr(dc, arg, par);
 }
 
-static void gen_load_store_alignment(DisasContext *dc, int shift,
-TCGv_i32 addr, bool no_hw_alignment)
+static MemOp gen_load_store_alignment(DisasContext *dc, int shift,
+  TCGv_i32 addr, bool no_hw_alignment)
 {
 if (!option_enabled(dc, XTENSA_OPTION_UNALIGNED_EXCEPTION)) {
 tcg_gen_andi_i32(addr, addr, ~0 << shift);
-} else if (option_enabled(dc, XTENSA_OPTION_HW_ALIGNMENT) &&
-no_hw_alignment) {
-TCGLabel *label = gen_new_label();
-TCGv_i32 tmp = tcg_temp_new_i32();
-tcg_gen_andi_i32(tmp, addr, ~(~0 << shift));
-tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, label);
-gen_exception_cause_vaddr(dc, LOAD_STORE_ALIGNMENT_CAUSE, addr);
-gen_set_label(label);
-tcg_temp_free(tmp);
+}
+if (!no_hw_alignment && option_enabled(dc, XTENSA_OPTION_HW_ALIGNMENT)) {
+return MO_UNALN;
+} else {
+return MO_ALIGN;
 }
 }
 
@@ -1784,10 +1770,11 @@ static void translate_l32e(DisasContext *dc, const 
OpcodeArg arg[],
const uint32_t par[])
 {
 TCGv_i32 addr = tcg_temp_new_i32();
+MemOp al;
 
 tcg_gen_addi_i32(addr, arg[1].in, arg[2].imm);
-gen_load_store_alignment(dc, 2, addr, false);
-tcg_gen_qemu_ld_tl(arg[0].out, addr, dc->ring, MO_TEUL);
+al = gen_load_store_alignment(dc, 2, addr, false);
+tcg_gen_qemu_ld_tl(arg[0].out, addr, dc->ring, MO_TEUL | al);
 tcg_temp_free(addr);
 }
 
@@ -1813,11 +1800,12 @@ static void translate_l32ex(DisasContext *dc, const 
OpcodeArg arg[],
 const uint32_t par[])
 {
 TCGv_i32 addr = tcg_temp_new_i32();
+MemOp al;
 
 tcg_gen_mov_i32(addr, arg[1].in);
-gen_load_store_alignment(dc, 2, addr, true);
+al = gen_load_store_alignment(dc, 2, addr, true);
 gen_check_exclusive(dc, addr, false);
-tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->ring, MO_TEUL);
+tcg_gen_qemu_ld_i32(arg[0].out, addr, dc->ring, MO_TEUL | al);
 tcg_gen_mov_i32(cpu_exclusive_addr, addr);
 tcg_gen_mov_i32(cpu_exclusive_val, arg[0].out);
 tcg_temp_free(addr);
@@ -1827,18 +1815,19 @@ static void translate_ldst(DisasContext *dc, const 
OpcodeArg arg[],
const uint32_t par[])
 {
 TCGv_i32 addr = tcg_temp_new_i32

[PATCH 3/4] audio: move code to audio/audio.c

2021-05-17 Thread Volker Rümelin
Move the code to generate the pa_context_new() application name
argument to a function in audio/audio.c. The new function
audio_application_name() will also be used in the jackaudio
backend.

Signed-off-by: Volker Rümelin 
---
 audio/audio.c | 9 +
 audio/audio_int.h | 2 ++
 audio/paaudio.c   | 5 +
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/audio/audio.c b/audio/audio.c
index 534278edfe..052ca6cb78 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -32,6 +32,7 @@
 #include "qapi/qapi-visit-audio.h"
 #include "qemu/cutils.h"
 #include "qemu/module.h"
+#include "qemu-common.h"
 #include "sysemu/replay.h"
 #include "sysemu/runstate.h"
 #include "ui/qemu-spice.h"
@@ -2172,6 +2173,14 @@ const char *audio_get_id(QEMUSoundCard *card)
 }
 }
 
+const char *audio_application_name(void)
+{
+const char *vm_name;
+
+vm_name = qemu_get_vm_name();
+return vm_name ? vm_name : "qemu";
+}
+
 void audio_rate_start(RateCtl *rate)
 {
 memset(rate, 0, sizeof(RateCtl));
diff --git a/audio/audio_int.h b/audio/audio_int.h
index 06f0913835..6d685e24a3 100644
--- a/audio/audio_int.h
+++ b/audio/audio_int.h
@@ -243,6 +243,8 @@ void *audio_calloc (const char *funcname, int nmemb, size_t 
size);
 
 void audio_run(AudioState *s, const char *msg);
 
+const char *audio_application_name(void);
+
 typedef struct RateCtl {
 int64_t start_ticks;
 int64_t bytes_sent;
diff --git a/audio/paaudio.c b/audio/paaudio.c
index 14b4269c55..75401d5391 100644
--- a/audio/paaudio.c
+++ b/audio/paaudio.c
@@ -2,7 +2,6 @@
 
 #include "qemu/osdep.h"
 #include "qemu/module.h"
-#include "qemu-common.h"
 #include "audio.h"
 #include "qapi/opts-visitor.h"
 
@@ -753,7 +752,6 @@ static int qpa_validate_per_direction_opts(Audiodev *dev,
 /* common */
 static void *qpa_conn_init(const char *server)
 {
-const char *vm_name;
 PAConnection *c = g_malloc0(sizeof(PAConnection));
 QTAILQ_INSERT_TAIL(&pa_conns, c, list);
 
@@ -762,9 +760,8 @@ static void *qpa_conn_init(const char *server)
 goto fail;
 }
 
-vm_name = qemu_get_vm_name();
 c->context = pa_context_new(pa_threaded_mainloop_get_api(c->mainloop),
-vm_name ? vm_name : "qemu");
+audio_application_name());
 if (!c->context) {
 goto fail;
 }
-- 
2.26.2




[Bug 1878250] Re: Assertion failure in iov_from_buf_full through the e1000e

2021-05-17 Thread Thomas Huth
This still triggers with current QEMU development version ... marking as
"Confirmed" ... Alexander, could you please move this ticket to the new
issue tracker at gitlab?

** Changed in: qemu
   Status: New => Confirmed

** Tags added: fuzzer net

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878250

Title:
  Assertion failure in iov_from_buf_full through the e1000e

Status in QEMU:
  Confirmed

Bug description:
  Hello,
  While fuzzing, I found an input that triggers an assertion failure in
  iov_from_buf_full through the e1000e:

  size_t iov_from_buf_full(const struct iovec *, unsigned int, size_t,
  const void *, size_t): Assertion `offset == 0' failed.

  
  #3  0x76866092 in __GI___assert_fail (assertion=0x570c74c0  
"offset == 0", file=0x570c7500  
"/home/alxndr/Development/qemu/util/iov.c", line=0x28, function=0x570c7560 
<__PRETTY_FUNCTION__.iov_from_buf_full> "size_t iov_from_buf_full(const struct 
iovec *, unsigned int, size_t, const void *, size_t)") at assert.c:101
  #4  0x56c5fa5e in iov_from_buf_full (iov=, 
iov_cnt=, offset=, buf=buf@entry=0x7fffbb60, 
bytes=, bytes@entry=0x2) at 
/home/alxndr/Development/qemu/util/iov.c:40
  #5  0x565f585e in iov_from_buf (iov=0x7fffb830, 
iov_cnt=0xb830, offset=0x0, buf=0x7fffbb60, bytes=0x2) at 
/home/alxndr/Development/qemu/include/qemu/iov.h:49
  #6  0x565f585e in net_tx_pkt_update_ip_checksums (pkt=) at /home/alxndr/Development/qemu/hw/net/net_tx_pkt.c:139
  #7  0x56621f9c in e1000e_setup_tx_offloads (core=0x7fffeeb754e0, 
tx=0x7fffeeb95748) at /home/alxndr/Development/qemu/hw/net/e1000e_core.c:638
  #8  0x56621f9c in e1000e_tx_pkt_send (core=0x7fffeeb754e0, 
tx=0x7fffeeb95748, queue_index=) at 
/home/alxndr/Development/qemu/hw/net/e1000e_core.c:658
  #9  0x56621f9c in e1000e_process_tx_desc (core=0x7fffeeb754e0, 
tx=0x7fffeeb95748, dp=, queue_index=) at 
/home/alxndr/Development/qemu/hw/net/e1000e_core.c:743
  #10 0x56621f9c in e1000e_start_xmit (core=, 
txr=) at /home/alxndr/Development/qemu/hw/net/e1000e_core.c:934
  #11 0x5661edb1 in e1000e_set_tdt (core=0x7fffb830, index=0xe06, 
val=0x563) at /home/alxndr/Development/qemu/hw/net/e1000e_core.c:2451
  #12 0x5660f2cd in e1000e_core_write (core=, 
addr=, val=, size=) at 
/home/alxndr/Development/qemu/hw/net/e1000e_core.c:3261
  #13 0x560028d7 in memory_region_write_accessor (mr=, 
addr=, value=, size=, 
shift=, mask=, attrs=...) at 
/home/alxndr/Development/qemu/memory.c:483

  I can reproduce it in qemu 5.0 using:

  cat << EOF | ~/Development/qemu/build/i386-softmmu/qemu-system-i386 -M 
pc-q35-5.0 -nographic -qtest stdio -monitor none -serial none
  outl 0xcf8 0x80001010
  outl 0xcfc 0xe102
  outl 0xcf8 0x80001014
  outl 0xcf8 0x80001004
  outw 0xcfc 0x7
  outl 0xcf8 0x800010a2
  write 0xe10207e8 0x14 0x2d05225f3f5f5e02250013ff
  write 0x26a 0xc 0x08004500feff02007b06
  write 0xe1020098 0x3a2 
0x06ffdf054e411b0002e106ffe1054e411b0002e106ffe3054e411b0002e106ffe5054e411b0002e106ffe7054e411b0002e106ffe9054e411b0002e106ffeb054e411b0002e106ffed054e411b0002e106ffef054e411b0002e106fff1054e411b0002e106fff3054e411b0002e106fff5054e411b0002e106fff7054e411b0002e106fff9054e411b0002e106fffb054e411b0002e106fffd054e411b0002e106054e411b0002e106ff01054e411b0002e106ff03054e411b0002e106ff05054e411b0002e106ff07054e411b0002e106ff09054e411b0002e106ff0b054e411b0002e106ff0d054e411b0002e106ff0f054e411b0002e106ff11054e411b0002e106ff13054e411b0002e106ff15054e411b0002e106ff17054e411b0002e106ff19054e411b0002e106ff1b054e411b0002e106ff1d054e411b0002e106ff1f054e411b0002e106ff21054e411b0002e106ff23054e411b0002e106ff25054e411b0002e106ff27054e411b0002e106ff29054e411b0002e106ff2b054e411b0002e106ff2d054e411b0002e106ff2f054e411b0002e106ff31054e411b0002e106ff33054e411b0002e106ff35054e411b0002e106ff37054e411b0002e106ff39054e411b0002e106ff3b054e411b0002e106ff3d054e411b0002e106ff3f054e411b0002e106ff41054e411b0002e106ff43054e411b0002e106ff45054e411b0002e106ff47054e411b0002e106ff49054e411b0002e106ff4b054e411b0002e106ff4d054e411b0002e106ff4f054e411b0002e106ff51054e411b0002e106ff53054e411b0002e106ff55054e411b0002e106ff57054e411b0002e106ff59054e411b0002e106ff5b054e411b0002e106ff5d054e411b0002e106ff5f054e411b0002e106ff61054e411b0002e106ff6305
  EOF

  I also attached the trac

[Bug 1892962] Re: Segfault in usb_bus_from_device

2021-05-17 Thread Thomas Huth
This does not crash for me anymore, so I guess it has been fixed
already. Could you still reproduce the crash with the latest version of
QEMU?

** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1892962

Title:
  Segfault in usb_bus_from_device

Status in QEMU:
  Incomplete

Bug description:
  Hello,
  Reproducer:

  cat << EOF | ./qemu-system-i386 -machine q35 \
  -device ich9-usb-ehci1,bus=pcie.0,addr=1d.7,\
  multifunction=on,id=ich9-ehci-1 \
  -device ich9-usb-uhci1,bus=pcie.0,addr=1d.0,\
  multifunction=on,masterbus=ich9-ehci-1.0,firstport=0 \
  -device usb-tablet,bus=ich9-ehci-1.0,port=1,usb_version=1 \
  -display none -nodefaults -qtest stdio -accel qtest
  outl 0xcf8 0x8000e803
  outl 0xcfc 0xff00ff00
  outl 0xcf8 0x8000e821
  outb 0xcfc 0xff
  outl 0xff10 0x8500057e
  clock_step
  clock_step
  outb 0xff00 0x49
  write 0x2 0x1 0x40
  write 0x46 0x1 0xfb
  write 0x48 0x1 0x2d
  write 0x4a 0x1 0xe0
  write 0x4c 0x1 0x16
  write 0x4e 0x1 0xfa
  write 0xfa001c 0x1 0x04
  clock_step
  write 0x46 0x1 0xfb
  write 0xfa001d 0x1 0xff
  clock_step
  write 0x8 0x1 0xe0
  write 0xa 0x1 0x16
  write 0x1600e6 0x1 0x9c
  write 0x1600e8 0x1 0xe1
  write 0x1600eb 0x1 0x30
  clock_step
  clock_step
  write 0x10 0x1 0xe0
  write 0x12 0x1 0x16
  write 0x1600e6 0x1 0x9c
  write 0x6 0x1 0x9c
  write 0x8 0x1 0xe1
  write 0xa 0x1 0x40
  write 0xb 0x1 0x30
  clock_step
  write 0x14 0x1 0xe0
  write 0x16 0x1 0x16
  write 0x1600e6 0x1 0x9c
  write 0x6 0x1 0x9c
  clock_step
  write 0x18 0x1 0xe0
  write 0x1a 0x1 0x16
  write 0x1600e6 0x1 0x9c
  write 0x6 0x1 0x9c
  clock_step
  write 0x1c 0x1 0xe0
  write 0x1e 0x1 0x16
  write 0x1600e6 0x1 0x9c
  write 0x6 0x1 0x9c
  clock_step
  write 0x20 0x1 0xe0
  write 0x22 0x1 0x16
  write 0x1600e6 0x1 0x9c
  write 0x6 0x1 0x9c
  clock_step
  EOF

  The trace:

  ...
  [S +0.087589] OK
  [R +0.087596] write 0x1600e6 0x1 0x9c
  OK
  [S +0.087603] OK
  [R +0.087655] write 0x6 0x1 0x9c
  OK
  [S +0.087667] OK
  [R +0.087675] clock_step
  784168@1598406646.189133:usb_uhci_frame_start nr 8
  784168@1598406646.189141:usb_uhci_td_load qh 0x0, td 0x1600e0, ctrl 0x9c0180, 
token 0x30e1
  784168@1598406646.189147:usb_uhci_packet_add token 0x0, td 0x1600e0
  784168@1598406646.189151:usb_packet_state_change bus 0, port 1, ep 0, packet 
0x61143c00, state undef -> setup
  784168@1598406646.189161:usb_packet_state_change bus 0, port 1, ep 0, packet 
0x61143c00, state setup -> complete
  784168@1598406646.189165:usb_uhci_packet_complete_success token 0x0, td 
0x1600e0
  784168@1598406646.189168:usb_uhci_packet_del token 0x0, td 0x1600e0
  784168@1598406646.189174:usb_uhci_td_complete qh 0x0, td 0x1600e0
  784168@1598406646.189179:usb_uhci_td_load qh 0x0, td 0x0, ctrl 0x9c0182, 
token 0x304000e1
  784168@1598406646.189183:usb_uhci_packet_add token 0x0, td 0x0
  784168@1598406646.189187:usb_packet_state_change bus 0, port 1, ep 0, packet 
0x61143d40, state undef -> setup
  /home/alxndr/Development/qemu/general-fuzz/include/hw/usb.h:526:12: runtime 
error: member access within null pointer of type 'USBDevice' (aka 'struct 
USBDevice')
  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior 
/home/alxndr/Development/qemu/general-fuzz/include/hw/usb.h:526:12 in 
  /home/alxndr/Development/qemu/general-fuzz/include/hw/usb.h:526:12: runtime 
error: member access within null pointer of type 'DeviceState' (aka 'struct 
DeviceState')
  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior 
/home/alxndr/Development/qemu/general-fuzz/include/hw/usb.h:526:12 in 
  AddressSanitizer:DEADLYSIGNAL
  =
  ==784168==ERROR: AddressSanitizer: SEGV on unknown address 0x0050 (pc 
0x5599c43df445 bp 0x7ffec2833e50 sp 0x7ffec2833dc0 T0)
  ==784168==The signal is caused by a READ memory access.
  ==784168==Hint: address points to the zero page.
  #0 0x5599c43df445 in usb_bus_from_device 
/home/alxndr/Development/qemu/general-fuzz/include/hw/usb.h:526:12
  #1 0x5599c43ea95c in usb_packet_set_state 
/home/alxndr/Development/qemu/general-fuzz/build/../hw/usb/core.c:549:23
  #2 0x5599c43e8abd in usb_handle_packet 
/home/alxndr/Development/qemu/general-fuzz/build/../hw/usb/core.c:438:17
  #3 0x5599c4b02497 in uhci_handle_td 
/home/alxndr/Development/qemu/general-fuzz/build/../hw/usb/hcd-uhci.c:892:9
  #4 0x5599c4afbd26 in uhci_process_frame 
/home/alxndr/Development/qemu/general-fuzz/build/../hw/usb/hcd-uhci.c:1075:15
  #5 0x5599c4aed2e3 in uhci_frame_timer 
/home/alxndr/Development/qemu/general-fuzz/build/../hw/usb/hcd-uhci.c:1174:9
  #6 0x5599c7620917 in timerlist_run_timers 
/home/alxndr/Development/qemu/general-fuzz/build/../util/qemu-timer.c:572:9
  #7 0x5599c7620e51 in qemu_clock_run_timers 
/home/alxndr/Development/qemu/general-fuzz/build

Re: [PATCH] fdc: check drive block device before usage (CVE-2021-20196)

2021-05-17 Thread John Snow

On 1/23/21 12:52 PM, Alexander Bulekov wrote:

On 210123 1247, Alexander Bulekov wrote:

Hello,
Here is a reproducer for this bug found by the OSS-Fuzz fuzzer:

cat << EOF | qemu-system-i386 -display none -machine accel=qtest \
-m 512M -machine pc -device floppy,unit=1,id=floppy0,drive=disk0 \
-drive id=disk0,file=null-co://,file.read-zeroes=on,if=none,format=raw \
-qtest stdio
outw 0x3f4 0x2500
outb 0x3f5 0x81
outb 0x3f5 0x0
outb 0x3f5 0x0
outb 0x3f5 0x0
outw 0x3f4 0x0
outw 0x3f4 0x4000
outw 0x3f4 0x13
outb 0x3f5 0x1
outw 0x3f2 0x1405
outw 0x3f4 0x0
EOF


Oops there's a mistake there. Fixed:

cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest \
-m 512M -machine pc -device floppy,unit=1,id=floppy0,drive=disk0 \
-drive id=disk0,file=null-co://,file.read-zeroes=on,if=none,format=raw \
-qtest stdio
outw 0x3f4 0x2500
outb 0x3f5 0x81
outb 0x3f5 0x0
outb 0x3f5 0x0
outb 0x3f5 0x0
outw 0x3f2 0x14
outw 0x3f4 0x0
outw 0x3f4 0x4000
outw 0x3f4 0x13
outb 0x3f5 0x1
outw 0x3f2 0x1405
outw 0x3f4 0x0
EOF


-Alex



This actually still triggers after I apply this patch. It's not the same 
bug, or the patch isn't sufficient to address this bug.


--js




Re: [PATCH v2 00/12] hw: Various Kconfig fixes

2021-05-17 Thread Eduardo Habkost
CCing Build system architecture maintainer (Daniel).

On Sat, May 15, 2021 at 07:37:04PM +0200, Philippe Mathieu-Daudé wrote:
> Various Kconfig fixes when building stand-alone machine binaries.

Who should merge this once it's ready?

> 
> Since v1:
> - Fixed Pegasos2 machine
> - Removed SEMIHOSTING related patches (will repost them later)
> 
> Philippe Mathieu-Daudé (12):
>   hw/mem/nvdimm: Use Kconfig 'imply' instead of 'depends on'
>   hw/ide/Kconfig: Add missing dependency PCI -> IDE_QDEV
>   hw/arm/Kconfig: Add missing dependency NPCM7XX -> SMBUS
>   hw/arm/Kconfig: Remove unused DS1338 symbol from i.MX25 PDK Board
>   hw/arm/Kconfig: Add missing SDHCI symbol to FSL_IMX25
>   hw/riscv/Kconfig: Add missing dependency MICROCHIP_PFSOC -> SERIAL
>   hw/riscv/Kconfig: Restrict NUMA to Virt & Spike machines
>   hw/ppc/Kconfig: Add missing dependency E500 -> DS1338 RTC
>   hw/pci-host/Kconfig: Add missing dependency MV64361 -> I8259
>   hw/isa/vt82c686: Add missing Kconfig dependencies (build error)
>   hw/isa/vt82c686: Add missing Kconfig dependency (runtime error)
>   hw/ppc/Kconfig: Add dependency PEGASOS2 -> ATI_VGA
> 
>  default-configs/devices/ppc-softmmu.mak   | 1 -
>  default-configs/devices/ppc64-softmmu.mak | 1 -
>  hw/arm/Kconfig| 4 +++-
>  hw/char/Kconfig   | 1 +
>  hw/i386/Kconfig   | 1 +
>  hw/ide/Kconfig| 2 +-
>  hw/isa/Kconfig| 4 
>  hw/mem/Kconfig| 2 --
>  hw/pci-host/Kconfig   | 1 +
>  hw/ppc/Kconfig| 3 +++
>  hw/riscv/Kconfig  | 5 +
>  hw/riscv/meson.build  | 2 +-
>  12 files changed, 20 insertions(+), 7 deletions(-)
> 
> -- 
> 2.26.3
> 
> 
> 

-- 
Eduardo




Re: [PULL 00/59] Linux user for 6.1 patches

2021-05-17 Thread no-reply
Patchew URL: https://patchew.org/QEMU/20210517181424.8093-1-laur...@vivier.eu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20210517181424.8093-1-laur...@vivier.eu
Subject: [PULL 00/59] Linux user for 6.1 patches

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
   32de74a..367196c  master -> master
 - [tag update]  patchew/20210517174947.1199649-1-phi...@redhat.com -> 
patchew/20210517174947.1199649-1-phi...@redhat.com
 * [new tag] patchew/20210517181424.8093-1-laur...@vivier.eu -> 
patchew/20210517181424.8093-1-laur...@vivier.eu
Switched to a new branch 'test'
7db920b linux-user/elfload: add s390x core dumping support
5b6f11c linux-user/elfload: fix filling psinfo->pr_psargs
2b8cc26 linux-user: Tidy TARGET_NR_rt_sigaction
e1e89de linux-user/alpha: Share code for TARGET_NR_sigaction
9872e82 linux-user/alpha: Define TARGET_ARCH_HAS_KA_RESTORER
49f59b4 linux-user: Honor TARGET_ARCH_HAS_SA_RESTORER in do_syscall
e63cb74 linux-user: Pass ka_restorer to do_sigaction
ce80cea linux-user/alpha: Rename the sigaction restorer field
59a7fe5 linux-user/alpha: Fix rt sigframe return
ede5d61 linux-user: use GDateTime for formatting timestamp for core file
d9c71e6 linux-user: Fix erroneous conversion in copy_file_range
00d88c8 linux-user: Add copy_file_range to strace.list
b563b62 linux-user/s390x: Handle vector regs in signal stack
75cbffb linux-user/s390x: Clean up signal.c
9c32aac linux-user/s390x: Add build asserts for sigset sizes
0bec884 linux-user/s390x: Fix frame_addr corruption in setup_frame
b197ab9 linux-user/s390x: Add stub sigframe argument for last_break
bd5b9e8 linux-user/s390x: Set psw.mask properly for the signal handler
fe8d7a1 linux-user/s390x: Clean up single-use gotos in signal.c
c694fba linux-user/s390x: Tidy save_sigregs
81015fb linux-user/s390x: Use tswap_sigset in setup_rt_frame
2afaee9 linux-user/s390x: Fix sigcontext sregs value
c335465 linux-user/s390x: Fix trace in restore_regs
e488167 linux-user/s390x: Remove restore_sigregs return value
ffa5802 linux-user/s390x: Remove PSW_ADDR_AMODE
f835fe4 linux-user/s390x: Use uint16_t for signal retcode
32267a1 linux-user/s390x: Fix sigframe types
2fd8343 tests/tcg/sparc64: Re-enable linux-test
47a7850 linux-user/sparc: Implement sparc64 rt signals
eb9b8de linux-user/sparc: Implement sparc32 rt signals
6a02eb6 linux-user/sparc: Add 64-bit support to fpu save/restore
7acfaa8 linux-user/sparc: Minor corrections to do_sigreturn
37c8475 linux-user/sparc: Clean up setup_frame
b62d96d linux-user/sparc: Add rwin_save to signal frame
b27662c linux-user/sparc: Save and restore fpu in signal frame
a4a46f6 linux-user/sparc: Clean up get_sigframe
eac9897 linux-user/sparc: Split out save_reg_win
c75a3e5 linux-user/sparc: Use target_pt_regs
104931a linux-user/sparc: Fix the stackframe structure
b6f9c25 linux-user/sparc: Remove target_rt_signal_frame as unused
ed9e640 linux-user/sparc: Remove target_sigcontext as unused
fb62578 linux-user/sparc: Merge sparc64/ into sparc/
ee45b6d linux-user/sparc: Merge sparc64 termbits.h
5d9706c linux-user/sparc: Merge sparc64 target_structs.h
fbdd320 linux-user/sparc: Merge sparc64 target_elf.h
c73cc71 linux-user/sparc: Merge sparc64 target_syscall.h
05a3287 linux-user/sparc: Clean up init_thread
d9551e1 linux-user/sparc: Include TARGET_STACK_BIAS in get_sp_from_cpustate
be699c8 linux-user: Pass CPUArchState to target_restore_altstack
8ad510f linux-user: Pass CPUArchState to do_sigaltstack
5482bec linux-user: Use target_restore_altstack in all sigreturn
ad4e4e2 linux-user: Split out target_restore_altstack
7ab6de0 linux-user: Add strace support for printing arguments of llseek
0ece12d linux-user/arm: Simplify accumulating and raising fpa11 exceptions
5dd2463 linux-user/arm: Do not fill in si_code for fpa11 exceptions
fa4ab02 linux-user/arm: Do not emulate fpa11 in thumb mode
c61b3a7 linux-user/arm: Split out emulate_arm_fpa11
4e217fb linux-user: strace now handles unshare syscall args correctly
cfc582d linux-user: Remove dead code

=== OUTPUT BEGIN ===
1/59 Checking commit cfc582dd467e (linux-user: Remove dead code)
2/59 Checking commit 4e217fb6e89d (linux-user: strace now handles unshare 
syscall args correctly)
3/59 Checking commit c61b3a7d7c99 (linux-user/arm: Split out emulate_arm_fpa11)
4/59 Checking commit fa4ab02afc4d (linux-user/arm: Do not emulate fpa11 in 
thumb mode)
5/59 Checking commit 5dd2463d299b (linux-user/arm: Do not fill in si_code for 
fpa11 exceptions)
6/59 Checking commit 0ece12d2d24a (linux-user/arm: Simplify accumulating and 
raising fpa11 exceptions)
7/59 Checking commit 7ab6de0b0489 (linux-user: Add strac

Re: [PATCH v4 0/9] hw/block/fdc: Allow Kconfig-selecting ISA bus/SysBus floppy controllers

2021-05-17 Thread John Snow

On 5/17/21 2:39 PM, Philippe Mathieu-Daudé wrote:

Missing review: #1

Hi,

The floppy disc controllers pulls in irrelevant devices (sysbus in
an ISA-only machine, ISA bus + isa devices on a sysbus-only machine).

This series clean that by extracting each device in its own file,
adding the corresponding Kconfig symbols: FDC_ISA and FDC_SYSBUS.

Since v3:
- Fix ISA_SUPERIO -> FDC Kconfig dependency (jsnow)

Since v2:
- rebased

Since v1:
- added missing "hw/block/block.h" header (jsnow)
- inlined hardware specific calls (Mark)
- added R-b/A-b tags

Regards,

Phil.

Philippe Mathieu-Daudé (9):
   hw/isa/Kconfig: Fix missing dependency ISA_SUPERIO -> FDC
   hw/block/fdc: Replace disabled fprintf() by trace event
   hw/block/fdc: Declare shared prototypes in fdc-internal.h
   hw/block/fdc: Extract ISA floppy controllers to fdc-isa.c
   hw/block/fdc: Extract SysBus floppy controllers to fdc-sysbus.c
   hw/block/fdc: Add sysbus_fdc_init_drives() method
   hw/sparc/sun4m: Inline sun4m_fdctrl_init()
   hw/block/fdc-sysbus: Add 'dma-channel' property
   hw/mips/jazz: Inline fdctrl_init_sysbus()

  hw/block/fdc-internal.h | 156 +++
  include/hw/block/fdc.h  |   7 +-
  hw/block/fdc-isa.c  | 313 +
  hw/block/fdc-sysbus.c   | 224 +++
  hw/block/fdc.c  | 608 +---
  hw/mips/jazz.c  |  16 ++
  hw/sparc/sun4m.c|  16 ++
  MAINTAINERS |   3 +
  hw/block/Kconfig|   8 +
  hw/block/meson.build|   2 +
  hw/block/trace-events   |   3 +
  hw/i386/Kconfig |   2 +-
  hw/isa/Kconfig  |   7 +-
  hw/mips/Kconfig |   2 +-
  hw/sparc/Kconfig|   2 +-
  hw/sparc64/Kconfig  |   2 +-
  16 files changed, 759 insertions(+), 612 deletions(-)
  create mode 100644 hw/block/fdc-internal.h
  create mode 100644 hw/block/fdc-isa.c
  create mode 100644 hw/block/fdc-sysbus.c



Hi, tentatively staged:

https://gitlab.com/jsnow/qemu/-/commits/floppy/

pending CI:

https://gitlab.com/jsnow/qemu/-/pipelines/304308461

--js




[Bug 1796520] Re: autogen crashes on qemu-sh4-user after 61dedf2af7

2021-05-17 Thread Thomas Huth
** Bug watch removed: Sourceware.org Bugzilla #27543
   https://sourceware.org/bugzilla/show_bug.cgi?id=27543

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1796520

Title:
  autogen crashes on qemu-sh4-user after 61dedf2af7

Status in QEMU:
  Incomplete

Bug description:
  Running "autogen --help" crashes on qemu-sh4-user with:

  (sid-sh4-sbuild)root@nofan:/# autogen --help
  Unhandled trap: 0x180
  pc=0xf64dd2de sr=0x pr=0xf63b9c74 fpscr=0x0008
  spc=0x ssr=0x gbr=0xf61102a8 vbr=0x
  sgr=0x dbr=0x delayed_pc=0xf64dd2a0 fpul=0x0003
  r0=0xf6fc1320 r1=0x r2=0x5dc4 r3=0xf67bfb50
  r4=0xf6fc1230 r5=0xf6fc141c r6=0x03ff r7=0x
  r8=0x0004 r9=0xf63e20bc r10=0xf6fc141c r11=0xf63e28f0
  r12=0xf63e2258 r13=0xf63eae1c r14=0x0804 r15=0xf6fc1220
  r16=0x r17=0x r18=0x r19=0x
  r20=0x r21=0x r22=0x r23=0x
  (sid-sh4-sbuild)root@nofan:/#

  Bi-secting found this commit to be the culprit:

  61dedf2af79fb5866dc7a0f972093682f2185e17 is the first bad commit
  commit 61dedf2af79fb5866dc7a0f972093682f2185e17
  Author: Richard Henderson 
  Date:   Tue Jul 18 10:02:50 2017 -1000

  target/sh4: Add missing FPSCR.PR == 0 checks
  
  Both frchg and fschg require PR == 0, otherwise undefined_operation.
  
  Reviewed-by: Aurelien Jarno 
  Signed-off-by: Richard Henderson 
  Message-Id: <20170718200255.31647-26-...@twiddle.net>
  Signed-off-by: Aurelien Jarno 

  :04 04 980d79b69ae712f23a1e4c56983e97a843153b4a
  1024c109f506c7ad57367c63bc8bbbc8a7a36cd7 M  target

  Reverting 61dedf2af79fb5866dc7a0f972093682f2185e17 fixes the problem
  for me.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1796520/+subscriptions



Re: [PATCH V3 00/22] Live Update

2021-05-17 Thread Alex Williamson
On Mon, 17 May 2021 12:40:43 +0100
Stefan Hajnoczi  wrote:

> On Fri, May 14, 2021 at 11:15:18AM -0400, Steven Sistare wrote:
> > On 5/14/2021 7:53 AM, Stefan Hajnoczi wrote:  
> > > On Thu, May 13, 2021 at 04:21:15PM -0400, Steven Sistare wrote:  
> > >> On 5/12/2021 12:42 PM, Stefan Hajnoczi wrote:  
> > >>> On Fri, May 07, 2021 at 05:24:58AM -0700, Steve Sistare wrote:  
> >  Provide the cprsave and cprload commands for live update.  These save 
> >  and
> >  restore VM state, with minimal guest pause time, so that qemu may be 
> >  updated
> >  to a new version in between.
> > 
> >  cprsave stops the VM and saves vmstate to an ordinary file.  It 
> >  supports two
> >  modes: restart and reboot.  For restart, cprsave exec's the qemu 
> >  binary (or
> >  /usr/bin/qemu-exec if it exists) with the same argv.  qemu restarts in 
> >  a
> >  paused state and waits for the cprload command.  
> > >>>
> > >>> I think cprsave/cprload could be generalized by using QMP to stash the
> > >>> file descriptors. The 'getfd' QMP command already exists and QEMU code
> > >>> already opens fds passed using this mechanism.
> > >>>
> > >>> I haven't checked but it may be possible to drop some patches by reusing
> > >>> QEMU's monitor file descriptor passing since the code already knows how
> > >>> to open from 'getfd' fds.
> > >>>
> > >>> The reason why using QMP is interesting is because it eliminates the
> > >>> need for execve(2). QEMU may be unable to execute a program due to
> > >>> chroot, seccomp, etc.
> > >>>
> > >>> QMP would enable cprsave/cprload to work both with and without
> > >>> execve(2).
> > >>>
> > >>> One tricky thing with this approach might be startup ordering: how to
> > >>> get fds via the QMP monitor in the new process before processing the
> > >>> entire command-line.  
> > >>
> > >> Early on I experimented with a similar approach.  Old qemu passed 
> > >> descriptors to an
> > >> escrow process and exited; new qemu started and retrieved the 
> > >> descriptors from escrow.
> > >> vfio mostly worked after I hacked the kernel to suppress the 
> > >> original-pid owner check.
> > >> I suspect my recent vfio extensions would smooth the rough edges.  
> > > 
> > > I wonder about the reason for VFIO's pid limitation, maybe because it
> > > pins pages from the original process?  
> > 
> > The dma unmap code verifies that the requesting task is the same as the 
> > task that mapped
> > the pages.  We could add an ioctl that passes ownership to a new task.  We 
> > would also need
> > to fix locked memory accounting, which is associated with the mm of the 
> > original task.
> >   
> > > Is this VFIO pid limitation the main reason why you chose to make QEMU
> > > execve(2) the new binary?  
> > 
> > That is one.  Plus, re-attaching to named shared memory for pc.ram causes 
> > the vfio conflict
> > errors I mentioned in the previous email.  We would need to suppress 
> > redundant dma map calls,
> > but allow legitimate dma maps and unmaps in response to the ongoing address 
> > space changes and
> > diff callbacks caused by some drivers. It would be messy and fragile. In 
> > general, it felt like 
> > I was working against vfio rather than with it.
> > 
> > Another big reason is a requirement to preserve anonymous memory for legacy 
> > qemu updates (via
> > code injection which I briefly mentioned in KVM forum).  If we extend cpr 
> > to allow updates 
> > without exec, I still need the exec option.
> >   
> > >> However, the main issue is that guest ram must be backed by named shared 
> > >> memory, and
> > >> we would need to add code to support shared memory for all the secondary 
> > >> memory objects.
> > >> That makes it less interesting for us at this time; we care about 
> > >> updating legacy qemu 
> > >> instances with anonymous guest memory.  
> > > 
> > > Thanks for explaining this more in the other sub-thread. The secondary
> > > memory objects you mentioned are relatively small so I don't think
> > > saving them in the traditional way is a problem.
> > > 
> > > Two approaches for zero-copy memory migration fit into QEMU's existing
> > > migration infrastructure:
> > > 
> > > - Marking RAM blocks that are backed by named memory (tmpfs, hugetlbfs,
> > >   etc) so they are not saved into the savevm file. The existing --object
> > >   memory-backend-file syntax can be used.
> > > 
> > > - Extending the live migration protocol to detect when file descriptor
> > >   passing is available (i.e. UNIX domain socket migration) and using
> > >   that for memory-backend-* objects that have fds.
> > > 
> > > Either of these approaches would handle RAM with existing savevm/migrate
> > > commands.  
> > 
> > Yes, but the vfio issues would still need to be solved, and we would need 
> > new
> > command line options to back existing and future secondary memory objects 
> > with 
> > named shared memory.
> >   
> > > The remaining issue is how to migrate VF

Re: Best approach for supporting snapshots for QEMU's gdbstub?

2021-05-17 Thread Peter Maydell
On Mon, 17 May 2021 at 18:37, Alex Bennée  wrote:
> Luis Machado  writes:
> > Right. We don't support reverse step/next/continue for remote targets.
> > I think this would be the most appropriate way to implement this
> > feature in GDB. But it is not trivial.
>
> You do because ";ReverseStep+;ReverseContinue+" is part of the gdbstub
> negotiation handshake.
>
> Out of interest how is rr implemented? It presents a gdb interface so I
> thought it was some implemented using some remote magic.

AIUI rr just implements the reverse-step/reverse-continue parts
of the gdb remote protocol. It makes them fast by internally to
its implementation saying "ah, you wanted to do a reverse-step,
I can do that by starting from the best available checkpoint and
going forwards" and by automatically creating checkpoints at
points that it thinks will be useful. gdb and the remote protocol
know nothing about these checkpoints -- they are purely created and
managed under the hood by rr as an optimisation so that reverse-step
is decently fast. (Given that it's the rr end that knows best about
what checkpoints  are available, how expensive it is to create a
checkpoint, etc, that seems not unreasonable.)

There are also a handful of rr-specific gdb commands kind of
like the QEMU-specific ones, which the user can use to say
things like "go directly to this point in time T" which the
gdb UI doesn't have a concept of. (Also because rr starts the
gdb for you it gets a chance to feed it a few gdb macro
definitions which I think mostly just make the debugging
experience a bit smoother rather than being critical parts
of the gdb-to-stub communication.)

thanks
-- PMM



[PATCH v2 4/6] python/console_socket: Add a pylint ignore

2021-05-17 Thread John Snow
We manage cleaning up this resource ourselves. Pylint should shush.

Signed-off-by: John Snow 
---
 python/qemu/console_socket.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/python/qemu/console_socket.py b/python/qemu/console_socket.py
index 87237bebef7..8c4ff598ad7 100644
--- a/python/qemu/console_socket.py
+++ b/python/qemu/console_socket.py
@@ -39,6 +39,7 @@ def __init__(self, address: str, file: Optional[str] = None,
 self.connect(address)
 self._logfile = None
 if file:
+# pylint: disable=consider-using-with
 self._logfile = open(file, "bw")
 self._open = True
 self._drain_thread = None
-- 
2.30.2




[Bug 1924738] Re: Failed to restore domain - error load load virtio-balloon:virtio

2021-05-17 Thread Thomas Huth
The QEMU project is currently moving its bug tracking to another system.
For this we need to know how to transfer the bug to the new system if
(if still necessary). Thus we're setting the status to "Incomplete" now.

In the unlikely case that the bug has already been fixed in the final
6.0 release version of QEMU, then please close this ticket as "Fix released".

If it is not fixed yet and you think that this bug report here should be
moved to the new system, then you have two options:

1) If you already have an account on gitlab.com, please open a new ticket
for this problem in our new tracker here:

https://gitlab.com/qemu-project/qemu/-/issues

and then close this ticket here on Launchpad (or let it expire auto-
matically after 60 days). Please mention the URL of this bug ticket on
Launchpad in the new ticket on GitLab.

2) If you don't have an account on gitlab.com and don't intend to get
one, but still would like to keep this ticket opened, then please switch
the state back to "New" or "Confirmed" within the next 60 days (other-
wise it will get closed as "Expired"). We will then eventually migrate
the ticket automatically to the new system (but you won't be the reporter
of the bug in the new system and thus you won't get notified on changes
anymore).

Thank you and sorry for the inconvenience.


** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1924738

Title:
  Failed to restore domain - error load load virtio-balloon:virtio

Status in QEMU:
  Incomplete

Bug description:
  I noticed a domain restore error on my virtual machines.
  I can't reproduce the error on a test virtual machine.

  sudo virsh save linux2020 /var/lib/libvirt/qemu/save/linux2020.save
  Domain 'linux2020' saved to /var/lib/libvirt/qemu/save/linux2020.save

  sudo virsh restore /var/lib/libvirt/qemu/save/linux2020.save
  error: Failed to restore domain from /var/lib/libvirt/qemu/save/linux2020.save
  error: внутренняя ошибка: QEMU неожиданно завершил работу монитора: 
qemu-system-x86_64: -chardev socket,id=charchannel0,fd=52,server,nowait: 
warning: short-form boolean option 'server' deprecated
  Please use server=on instead
  qemu-system-x86_64: -chardev socket,id=charchannel0,fd=52,server,nowait: 
warning: short-form boolean option 'nowait' deprecated
  Please use wait=off instead
  qemu-system-x86_64: -spice 
port=5900,addr=0.0.0.0,disable-ticketing,image-compression=off,seamless-migration=on:
 warning: short-form boolean option 'disable-ticketing' deprecated
  Please use disable-ticketing=on instead
  2021-04-16T09:47:15.037700Z qemu-system-x86_64: VQ 0 size 0x80 < 
last_avail_idx 0x0 - used_idx 0x
  2021-04-16T09:47:15.037737Z qemu-system-x86_64: Failed to load 
virtio-balloon:virtio
  2021-04-16T09:47:15.037744Z qemu-system-x86_64: error while loading state for 
instance 0x0 of device ':00:02.0/virtio-balloon'
  2021-04-16T09:47:15.037849Z qemu-system-x86_64: load of migration failed: 
Operation not permitted

  If in the machine configuration replace
  hvm
  to
  hvm
  the virtual machine is recovering normally

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1924738/+subscriptions



[Bug 1886225] Re: [Feature request] Oracle Solaris 11.4 VM image

2021-05-17 Thread Thomas Huth
I'm closing this since it's very unlikely that we get a Solaris VM
image, since they are not available for free, as far as I know. Maybe
somebody could contribute an illumos-based image one day, but that's
nothing that we have to track in the bug tracker, I think.

** Changed in: qemu
   Status: New => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1886225

Title:
  [Feature request] Oracle Solaris 11.4 VM image

Status in QEMU:
  Invalid

Bug description:
  We already have handy VMs to build QEMU within:

  $ git grep -l basevm.BaseVM
  tests/vm/centos
  tests/vm/fedora
  tests/vm/freebsd
  tests/vm/netbsd
  tests/vm/openbsd
  tests/vm/ubuntu.i386

  Some people have interest in building QEMU on Solaris:
  https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg01429.html

  To help them it would be useful to have a Solaris VM.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1886225/+subscriptions



Re: [PATCH v6 00/25] python: create installable package

2021-05-17 Thread John Snow

On 5/12/21 7:12 PM, John Snow wrote:

Based-on: <20210512214642.2803189-1-js...@redhat.com>
CI: https://gitlab.com/jsnow/qemu/-/pipelines/302010131
GitLab: https://gitlab.com/jsnow/qemu/-/tree/python-package-mk3
MR: https://gitlab.com/jsnow/qemu/-/merge_requests/4


Patchset updated and rebased on top of new linting pre-req series.
(Gitlab branch and MR rebased and updated.)

Based-on: <20210517184808.3562549-1-js...@redhat.com>


I invite you to leave review comments on my mock merge request on
gitlab, submitted against my own mirror. I will, as always, also respond
to feedback on-list.

ABOUT
=

This series factors the python/qemu directory as an installable
package. It does not yet actually change the mechanics of how any other
python source in the tree actually consumes it (yet), beyond the import
path -- some import statements change in a few places.

RATIONALE
=

The primary motivation of this series is primarily to formalize our
dependencies on mypy, flake8, isort, and pylint alongside versions that
are known to work. It does this using the setup.cfg and setup.py
files. It also adds explicitly pinned versions (using Pipfile.lock) of
these dependencies that should behave in a repeatable and known way for
developers and CI environments both. Lastly, it enables those CI checks
such that we can enforce Python coding quality checks via the CI tests.

An auxiliary motivation is that this package is formatted in such a way
that it COULD be uploaded to https://pypi.org/project/qemu and installed
independently of qemu.git with `pip install qemu`, but that button
remains *unpushed* and this series *will not* cause any such
releases. We have time to debate finer points like API guarantees and
versioning even after this series is merged.

Other bits of interest
--

With the python tooling as a proper package, you can install this
package in editable or production mode to a virtual environment, your
local user environment, or your system packages. The primary benefit of
this is to gain access to QMP tooling regardless of CWD, without needing
to battle sys.path (and confounding other python analysis tools).

For example: when developing, you may go to qemu/python/ and run `make
venv` followed by `pipenv shell` to activate a virtual environment that
contains the qemu python packages. These packages will always reflect
the current version of the source files in the tree. When you are
finished, you can simply exit the shell (^d) to remove these packages
from your python environment.

When not developing, you could install a version of this package to your
environment outright to gain access to the QMP and QEMUMachine classes
for lightweight scripting and testing by using pip: "pip install
[--user] ."

TESTING THIS SERIES
===

First of all, nothing should change. Without any intervention,
everything should behave exactly as it did before. The only new
information here comes from how to interact with and run the linters
that will be enforcing code quality standards in this subdirectory.

There are various invocations available that will test subtly different
combinations using subtly different environments. I am assuming some
light knowledge of Python environments and installing Python packages
here. If you have questions, I would be delighted to answer them.

To test the new tests, CD to ./python/ first, and then:

0. Try "make" or "make help" to get a sense of this series.

1. Try "make venv && pipenv shell" to get a venv with the package
installed to it in editable mode. Ctrl+d exits this venv shell. While
in this shell, any python script that uses "from qemu.[qmp|machine]
import ..." should work correctly regardless of where the script is,
or what your CWD is.

This will pull some packages from PyPI and install them into the
virtual environment, leaving your normal environment untouched.

You will need Python 3.6 and pipenv installed on your system to do
this step. For Fedora: "dnf install python36 pipenv" will do the
trick. If you don't have this, skip down to #4 and onwards.

2. Try "make check" while still in the shell to run the Python linters
using the venv built in the previous step. This will run avocado, which
will in turn execute mypy, flake8, isort and pylint with the correct
arguments.

3. Having exited the shell from above, try "make venv-check". This will
create and update the venv if needed, then run 'make check' within the
context of that shell. It should pass as long as the above did. You
should be able to run "make distclean" prior to running "make
venv-check" and have the entire process work start to finish.

4. Still outside of the venv, you may try running "make check". This
will not install anything, but unless you have the right Python
dependencies installed, these tests may fail for you. You might try
using "pip install --user .[devel]" to install the development packages
needed to run the tests successfully

[PATCH v2 2/6] python/machine: use subprocess.DEVNULL instead of open(os.path.devnull)

2021-05-17 Thread John Snow
One less file resource to manage, and it helps quiet some pylint >=
2.8.0 warnings about not using a with-context manager for the open call.

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
---
 python/qemu/machine.py | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/python/qemu/machine.py b/python/qemu/machine.py
index 6e44bda337e..41f51bd27d0 100644
--- a/python/qemu/machine.py
+++ b/python/qemu/machine.py
@@ -223,9 +223,8 @@ def send_fd_scm(self, fd: Optional[int] = None,
 assert fd is not None
 fd_param.append(str(fd))
 
-devnull = open(os.path.devnull, 'rb')
 proc = subprocess.Popen(
-fd_param, stdin=devnull, stdout=subprocess.PIPE,
+fd_param, stdin=subprocess.DEVNULL, stdout=subprocess.PIPE,
 stderr=subprocess.STDOUT, close_fds=False
 )
 output = proc.communicate()[0]
@@ -393,7 +392,6 @@ def _launch(self) -> None:
 """
 Launch the VM and establish a QMP connection
 """
-devnull = open(os.path.devnull, 'rb')
 self._pre_launch()
 self._qemu_full_args = tuple(
 chain(self._wrapper,
@@ -403,7 +401,7 @@ def _launch(self) -> None:
 )
 LOG.debug('VM launch command: %r', ' '.join(self._qemu_full_args))
 self._popen = subprocess.Popen(self._qemu_full_args,
-   stdin=devnull,
+   stdin=subprocess.DEVNULL,
stdout=self._qemu_log_file,
stderr=subprocess.STDOUT,
shell=False,
-- 
2.30.2




[Bug 1886306] Re: qemu running slow when the window is in background

2021-05-17 Thread Thomas Huth
I think there is quite a bit of information missing here? Which host OS
/ distribution are we talking about here? Which parameters were used for
"configure"? Which QEMU version has been used? Is it still reproducible
with the latest version? ... thus I wonder whether this should get
closed, or whether it's worth the effort to move this to the new tracker
at Gitlab?

** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1886306

Title:
  qemu running slow when the window is in background

Status in QEMU:
  Incomplete

Bug description:
  Reported by  on IRC:

  QEMU almost freezes when running with `GDK_BACKEND=x11` set and the
  parameter `gl=on` added to the `-display` option.

  GDK_BACKEND=x11 qemu-system-x86_64 -nodefaults -no-user-config
  -enable-kvm -machine q35 -cpu host -m 4G -display gtk,gl=on -vga std
  -usb -device usb-kbd -drive
  file=/tmp/Win10.qcow2,media=disk,format=qcow2 -drive
  file=~/Downloads/Win10_2004_EnglishInternational_x64.iso,media=cdrom

  Leaving out `GDK_BACKEND=x11` or `gl=on` fixes the issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1886306/+subscriptions



[Bug 1883268] Re: random errors on aarch64 when executing __aarch64_cas8_acq_rel

2021-05-17 Thread Thomas Huth
Thanks for moving the ticket to gitlab! ... so I'm closing this on
Launchpad now.

** Changed in: qemu
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1883268

Title:
  random errors on aarch64 when executing __aarch64_cas8_acq_rel

Status in QEMU:
  Invalid

Bug description:
  Hello,

  Since I upgraded to qemu-5.0 when executing the GCC testsuite,
  I've noticed random failures of g++.dg/ext/sync-4.C.

  I'm attaching the source of the testcase, the binary executable and
  the qemu traces (huge, 111MB!) starting at main (with qemu-aarch64
  -cpu cortex-a57 -R 0 -d
  in_asm,int,exec,cpu,unimp,guest_errors,nochain)

  The traces where generated by a CI build, I built the executable
  manually but I expect it to be the same as the one executed by CI.

  In seems the problem occurs in f13, which leads to a call to abort()

  The preprocessed version of f13/t13 are as follows:
  static bool f13 (void *p) __attribute__ ((noinline));
  static bool f13 (void *p)
  {
return (__sync_bool_compare_and_swap((ditype*)p, 1, 2));
  }
  static void t13 ()
  {
try {
  f13(0);
}
catch (...) {
  return;
}
abort();
  }

  
  When looking at the execution traces at address 0x00400c9c, main calls f13, 
which in turn calls __aarch64_cas8_acq_rel (at 0x00401084)
  __aarch64_cas8_acq_rel returns to f13 (address 0x0040113c), then f13 returns 
to main (0x0040108c) which then calls abort (0x00400ca0)

  I'm not quite sure what's wrong :-(

  I've not noticed such random problems with native aarch64 hardware.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1883268/+subscriptions



[PATCH v2 1/6] python/console_socket: avoid one-letter variable

2021-05-17 Thread John Snow
Fixes pylint warnings.

Signed-off-by: John Snow 
Reviewed-by: Cleber Rosa 
Reviewed-by: Philippe Mathieu-Daudé 
---
 python/qemu/console_socket.py | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/python/qemu/console_socket.py b/python/qemu/console_socket.py
index ac21130e446..87237bebef7 100644
--- a/python/qemu/console_socket.py
+++ b/python/qemu/console_socket.py
@@ -46,11 +46,11 @@ def __init__(self, address: str, file: Optional[str] = None,
 self._drain_thread = self._thread_start()
 
 def __repr__(self) -> str:
-s = super().__repr__()
-s = s.rstrip(">")
-s = "%s,  logfile=%s, drain_thread=%s>" % (s, self._logfile,
-   self._drain_thread)
-return s
+tmp = super().__repr__()
+tmp = tmp.rstrip(">")
+tmp = "%s,  logfile=%s, drain_thread=%s>" % (tmp, self._logfile,
+ self._drain_thread)
+return tmp
 
 def _drain_fn(self) -> None:
 """Drains the socket and runs while the socket is open."""
-- 
2.30.2




[PATCH v2 0/6] Python: delint python library

2021-05-17 Thread John Snow
gitlab CI: https://gitlab.com/jsnow/qemu/-/pipelines/304224309
branch: https://gitlab.com/jsnow/qemu/-/commits/python-package-pre-cleanup

This series serves as a pre-requisite for packaging the python series
and getting the linters running via CI. The first patch fixes a linter
error we've had for a while now; the subsequent ones fix a new warning
that was recently added to pylint 2.8.x.

V2:
 - iotest bits already handled, dropped here.
 - Changed patch #3 based on feedback from Wainer.

John Snow (6):
  python/console_socket: avoid one-letter variable
  python/machine: use subprocess.DEVNULL instead of
open(os.path.devnull)
  python/machine: use subprocess.run instead of subprocess.Popen
  python/console_socket: Add a pylint ignore
  python/machine: Disable pylint warning for open() in _pre_launch
  python/machine: disable warning for Popen in _launch()

 python/qemu/console_socket.py | 11 ++-
 python/qemu/machine.py| 28 ++--
 2 files changed, 24 insertions(+), 15 deletions(-)

-- 
2.30.2





[Bug 1923648] Re: macOS App Nap feature gradually freezes QEMU process

2021-05-17 Thread Thomas Huth
Moved here:
https://gitlab.com/qemu-project/qemu/-/issues/334

** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #334
   https://gitlab.com/qemu-project/qemu/-/issues/334

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1923648

Title:
  macOS App Nap feature gradually freezes QEMU process

Status in QEMU:
  Fix Released

Bug description:
  macOS version: 10.15.2
  QEMU versions: 5.2.0 (from MacPorts)
 5.2.92 (v6.0.0-rc2-23-g9692c7b037)

  If the QEMU window is not visible (hidden, minimized or another
  application is in full screen mode), the QEMU process gradually
  freezes: it still runs, but the VM does not respond to external
  requests such as Telnet or SSH until the QEMU window is visible on the
  desktop.

  This behavior is due to the work of the macOS App Nap function:
  
https://developer.apple.com/library/archive/documentation/Performance/Conceptual/power_efficiency_guidelines_osx/AppNap.html#//apple_ref/doc/uid/TP40013929-CH2-SW1

  It doesn't matter how the process is started -- as a background job or
  as a foreground shell process in case QEMU has a desktop window.

  My VM does not have a display output, only a serial line, most likely
  if the VM was using OpenGL, or playing sound (or any other App Nap
  triggers), then the problem would never have been detected.

  In my case only one starting way without this problem:
  sudo qemu-system-x86_64 -nodefaults \
  -cpu host -accel hvf -smp 1 -m 384 \
  -device virtio-blk-pci,drive=flash0 \
  -drive 
file=/vios-adventerprisek9-m.vmdk.SPA.156-1.T.vmdk,if=none,format=vmdk,id=flash0
 \
  -device e1000,netdev=local -netdev 
tap,id=local,ifname=tap0,script=no,downscript=no \
  -serial stdio -display none

  The typical way from the internet to disable App Nap doesn't work:
  defaults write NSGlobalDomain NSAppSleepDisabled -bool YES

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1923648/+subscriptions



[PATCH v2 6/6] python/machine: disable warning for Popen in _launch()

2021-05-17 Thread John Snow
We handle this resource rather meticulously in
shutdown/kill/wait/__exit__ et al, through the laborious mechanisms in
_do_shutdown().

Quiet this pylint warning here.

Signed-off-by: John Snow 
---
 python/qemu/machine.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/python/qemu/machine.py b/python/qemu/machine.py
index f021127f0fc..06058d89e83 100644
--- a/python/qemu/machine.py
+++ b/python/qemu/machine.py
@@ -407,6 +407,9 @@ def _launch(self) -> None:
   self._args)
 )
 LOG.debug('VM launch command: %r', ' '.join(self._qemu_full_args))
+
+# Cleaning up of this subprocess is guaranteed by _do_shutdown.
+# pylint: disable=consider-using-with
 self._popen = subprocess.Popen(self._qemu_full_args,
stdin=subprocess.DEVNULL,
stdout=self._qemu_log_file,
-- 
2.30.2




[Bug 1885350] Re: RISCV dynamic rounding mode is not behaving correctly

2021-05-17 Thread Thomas Huth
The QEMU project is currently moving its bug tracking to another system.
Is there still anything left to do here? If so, please provide the test case 
and switch the state back to "New" or "Confirmed", or open a new ticket in the 
new bug tracker here: https://gitlab.com/qemu-project/qemu/-/issues

** Changed in: qemu
 Assignee: Alistair Francis (alistair2323) => (unassigned)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1885350

Title:
  RISCV dynamic rounding mode is not behaving correctly

Status in QEMU:
  Incomplete

Bug description:
  Hello,

  I’ve gone through the RISC-V code in latest QEMU release
  (qemu-5.0.0-rc2) and when checking the Floating point encodings I
  found the rounding mode is only updated if the opcode field “rm” is
  changed “ctx->frm == rm”. But according to RISC-V Volume I:
  Unprivileged ISA, there’s a dynamic mode when rm=7 where the rounding
  mode is set with frm value.

  So for the same rm value (=7) and when changing frm value seeking
  different rounding modes, and according to the below code, the
  rounding mode won’t be updated. Please correct me if I got this
  implementation wrong.

  static void gen_set_rm(DisasContext *ctx, int rm)
  {
  TCGv_i32 t0;
  if (ctx->frm == rm) {
  return;
  }
  ctx->frm = rm;
  t0 = tcg_const_i32(rm);
  gen_helper_set_rounding_mode(cpu_env, t0);
  tcg_temp_free_i32(t0);
  }

  
  My testcase:
  I set statically the rm field in the instruction to 7 and before this 
execution I changed the value of frm field in fcsr register. For the 1st time 
it worked (according to the code above, the rm is updated so the round mode 
will also be updated). But when changing fcsr register an re-execute the 
instruction, there's no difference and the rounding mode is the same like the 
previous frm value.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1885350/+subscriptions



Re: [PATCH qemu v19] spapr: Implement Open Firmware client interface

2021-05-17 Thread BALATON Zoltan

On Mon, 17 May 2021, BALATON Zoltan wrote:

On Mon, 17 May 2021, Alexey Kardashevskiy wrote:

On 5/17/21 09:34, BALATON Zoltan wrote:

On Sat, 15 May 2021, BALATON Zoltan wrote:

On Sat, 15 May 2021, BALATON Zoltan wrote:

On Thu, 22 Apr 2021, Alexey Kardashevskiy wrote:


[snip]


vof_claim virt=0x0 size=0xc38 align=0x0 => 0x0
vof_claim virt=0x0 size=0x8000 align=0x8000 => 0x8000
vof_claim virt=0xc0 size=0x18fd62 align=0x0 => 0xc0
vof_claimed 0x0..0xc38 size=0xc38
vof_claimed 0x8000..0x1 size=0x8000
vof_claimed 0xc0..0xd8fd62 size=0x18fd62
vof_avail 0xc38..0x8000 size=0x73c8
vof_avail 0x1..0xc0 size=0xbf
vof_avail 0xd8fd62..0x2000 size=0x1f27029e
via_superio_cfg: unimplemented register 0xf2
via_superio_cfg: unimplemented register 0xf4
via_superio_cfg: unimplemented register 0xf6
via_superio_cfg: unimplemented register 0xf7

[...]


OK, I've found that vof.bin needs to be at address 0 then hypercalls work 
and it tries to query /chosen/qemu.boot-kernel but I get len = -1 for some 
reason. I'm adding the kernel address and size like this:


    uint64_t cells[2];

    cells[0] = cpu_to_be64(pm->kernel_addr);
    cells[1] = cpu_to_be64(pm->kernel_size);
    qemu_fdt_setprop(fdt, "/chosen", "qemu,boot-kernel",
     cells, sizeof(cells));

which is very much like what spapr does but when vof tries to query it I 
get:



spapr_vof_reset() also claims the kernel/initrd/VOF memory and allocates 
the stack,  vof_claim() barfs if there are overlaps.


I've also copied spapr_vof_reset and I don't see an error due to overlap, it 
seems to get past this as seen above. With the latest changes to load it to 
address 0 I see a bit different output:


$ .qemu-system-ppc -M pegasos2 -device ati-vga,romfile="" -cdrom 
morphos-3.15.iso -kernel boot.img -serial stdio -trace enable="vof*" -d 
unimp,guest_errors,int,in_asm

vof_claim virt=0x0 size=0x55f1 align=0x0 => 0x0
vof_claim virt=0x0 size=0x8000 align=0x8000 => 0x8000
vof_claim virt=0xc0 size=0x18fd62 align=0x0 => 0xc0
vof_claimed 0x0..0x55f1 size=0x55f1
vof_claimed 0x8000..0x1 size=0x8000
vof_claimed 0xc0..0xd8fd62 size=0x18fd62
vof_avail 0x55f1..0x8000 size=0x2a0f
vof_avail 0x1..0xc0 size=0xbf
vof_avail 0xd8fd62..0x2000 size=0x1f27029e

The size of the vof area changed for some reason that I don't understand but 
it starts to run anyway and I get some hypercalls:


Raise exception at 0150 => 0008 (01)
hypercall r3=f005 r4=fe7c r5=0001 
r6=0be8 r7= r8=fe78 
r9=fe7c r10=0001 r11= 
r12= nip=0150

vof_finddevice "/chosen" => ph=0x5

Raise exception at 0150 => 0008 (01)
hypercall r3=f005 r4=fe6c r5=0001 
r6=0005 r7=0bf0 r8=fe68 
r9=fe6c r10=0001 r11=ff60 
r12= nip=0150

vof_getprop ph=0x5 "qemu,boot-kernel" => len=-1 []

Then it panics here when I think it would jump to the guest code at this 
point if this was successful. I'm probably missing something that VOF expects 
which may cause problems. At the moment I don't have an initrd loaded and the 
stdout path set becuase I did not figure out how the latter works. Are those 
or anything else needed?



Raise exception at 0150 => 0008 (01)
hypercall r3=f005 r4=fe6c r5=0001 
r6=0005 r7=0bf0 r8=fe68 
r9=fe6c r10=0001 r11=ff60 
r12= nip=0150

vof_getprop ph=0x5 "qemu,boot-kernel" => len=-1 []

then it calls exit and the VM stops. Any idea what could be wrong with the 
above or what to check?


Memory allocation. Another thing I saw was clang/llvm incorrectly 
initializing bss start/end for prom (very early boot) so the prim init code 
in the kernel would memset(0) wrong page and break things. Dunno.


I don't get errors about memory allocation, why do you think that would be a 
problem and where to look for such errors? I'm using your vof.bin, haven't 
recompiled it and using gcc anyway so I don't think I have a compiler 
problem.


I've uploaded my current changes I'm testing with here:

https://osdn.net/projects/qmiga/scm/git/qemu/blobs/pegasos2/hw/ppc/pegasos2.c

and these are the changes

https://osdn.net/projects/qmiga/scm/git/qemu/commits/80c3187758dccffbf167974de98f472ec5c5d03a

in case you can have a look and may spot something obviously wrong. I'm 
running it as above with MorphOS for now as I know that only reads the device 
tree at start up and should not use any other OF services. I'll eventually 
test with Linux too but this seemed simpler for first try and should probably 
work with minimal CI functionality but I hope to find that out when it 
starts.


Sorry, my mistake, I was trying to set qemu.boot-kernel property in the 
bu

[Bug 1924603] Re: Incorrect feature negotiation for vhost-vdpa netdevice

2021-05-17 Thread Thomas Huth
This ticket has been moved here (thanks, Gautam):
https://gitlab.com/qemu-project/qemu/-/issues/331
... thus I'm closing this on Launchpad now.

** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #331
   https://gitlab.com/qemu-project/qemu/-/issues/331

** Changed in: qemu
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1924603

Title:
  Incorrect feature negotiation for vhost-vdpa netdevice

Status in QEMU:
  Invalid

Bug description:
  QEMU cmdline:
  =
  ./x86_64-softmmu/qemu-system-x86_64 -machine accel=kvm -m 2G -hda  
/gautam/centos75_1.qcow2 -name gautam,process=gautam -enable-kvm -netdev 
vhost-vdpa,id=mynet0,vhostdev=/dev/vhost-vdpa-0 -device 
virtio-net-pci,netdev=mynet0,mac=02:AA:BB:DD:00:20,disable-modern=off,page-per-vq=on
 -cpu host --nographic

  Host OS:
  
  Linux kernel 5.11 running on x86 host

  Guest OS:
  ==
  CentOS 7.5

  Root cause analysis:
  =

  For vhost-vdpa netdevice, the feature negotiation results in sending
  the superset of features received from device in call to get_features
  vdpa ops callback.

  During the feature-negotiation phase, the acknowledged feature bits
  are initialized with backend_features  and then checked for supported
  feature bits in vhost_ack_features():

  void vhost_net_ack_features(struct vhost_net *net, uint64_t features)
  {
net->dev.acked_features = net->dev.backend_features;
vhost_ack_features(&net->dev, vhost_net_get_feature_bits(net), features);
  }

   
  The vhost_ack_features() function just builds up on the dev.acked_features 
and never trims it down:

  void vhost_ack_features(struct vhost_dev *hdev, const int *feature_bits, 
uint64_t features)
  { const int *bit = feature_bits;

while (*bit != VHOST_INVALID_FEATURE_BIT) {
 uint64_t bit_mask = (1ULL << *bit);  

  if (features & bit_mask)
   hdev->acked_features |= bit_mask;

  bit++;
 }
  }

  Because of this hdev->acked_features is always minimally equal to the
  value of device features and this is the value that is passed to the
  device in set_features callback:

  static int vhost_dev_set_features(struct vhost_dev *dev, bool enable_log)
  {
 uint64_t *features = dev->acked_features;
 .
 r = dev->vhost_ops->*vhost_set_features*(dev, features);
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1924603/+subscriptions



[PATCH v2 3/6] python/machine: use subprocess.run instead of subprocess.Popen

2021-05-17 Thread John Snow
use run() instead of Popen() -- to assert to pylint that we are not
forgetting to close a long-running program.

Signed-off-by: John Snow 
---
 python/qemu/machine.py | 15 +--
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/python/qemu/machine.py b/python/qemu/machine.py
index 41f51bd27d0..2e55e2c8bd8 100644
--- a/python/qemu/machine.py
+++ b/python/qemu/machine.py
@@ -223,13 +223,16 @@ def send_fd_scm(self, fd: Optional[int] = None,
 assert fd is not None
 fd_param.append(str(fd))
 
-proc = subprocess.Popen(
-fd_param, stdin=subprocess.DEVNULL, stdout=subprocess.PIPE,
-stderr=subprocess.STDOUT, close_fds=False
+proc = subprocess.run(
+fd_param,
+stdin=subprocess.DEVNULL,
+stdout=subprocess.PIPE,
+stderr=subprocess.STDOUT,
+check=False,
+close_fds=False,
 )
-output = proc.communicate()[0]
-if output:
-LOG.debug(output)
+if proc.stdout:
+LOG.debug(proc.stdout)
 
 return proc.returncode
 
-- 
2.30.2




[PATCH v4 1/9] hw/isa/Kconfig: Fix missing dependency ISA_SUPERIO -> FDC

2021-05-17 Thread Philippe Mathieu-Daudé
isa_superio_realize() calls isa_fdc_init_drives(), which is defined
in hw/block/fdc.c, so ISA_SUPERIO needs to select the FDC symbol.

Reported-by: John Snow 
Fixes: c0ff3795143 ("Introduce a CONFIG_ISA_SUPERIO switch for isa-superio.c")
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/isa/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig
index 55e0003ce40..7216f66a54a 100644
--- a/hw/isa/Kconfig
+++ b/hw/isa/Kconfig
@@ -17,6 +17,7 @@ config ISA_SUPERIO
 bool
 select ISA_BUS
 select PCKBD
+select FDC
 
 config PC87312
 bool
-- 
2.26.3




Re: [PATCH v3 3/8] hw/block/fdc: Extract ISA floppy controllers to fdc-isa.c

2021-05-17 Thread Philippe Mathieu-Daudé
On 5/17/21 8:19 PM, John Snow wrote:
> On 5/17/21 2:04 PM, John Snow wrote:
>> On 5/17/21 1:49 PM, Philippe Mathieu-Daudé wrote:
>>> Some machines use floppy controllers via the SysBus interface,
>>> and don't need to pull in all the ISA code.
>>> Extract the ISA specific code to a new unit: fdc-isa.c, and
>>> add a new Kconfig symbol: "FDC_ISA".
>>>
>>> Reviewed-by: John Snow 
>>> Acked-by: Mark Cave-Ayland 
>>> Reviewed-by: Mark Cave-Ayland 
>>> Signed-off-by: Philippe Mathieu-Daudé 
>>
>> Sorry, I'm seeing build failures on this for patch #03:
>>
>> ../../configure --enable-docs; and make -j13
>>
>> ...
>>
>> /usr/bin/ld: libcommon.fa.p/hw_isa_isa-superio.c.o: in function
>> `isa_superio_realize':
>> /home/jsnow/src/qemu/bin/git/../../hw/isa/isa-superio.c:132: undefined
>> reference to `isa_fdc_init_drives'
>> collect2: error: ld returned 1 exit status
>>
>>
> 
> It appears to show up if you enable the mips-softmmu target.

Sorry, fixed in v4...




[PATCH v4 9/9] hw/mips/jazz: Inline fdctrl_init_sysbus()

2021-05-17 Thread Philippe Mathieu-Daudé
There is only one call site for fdctrl_init_sysbus(), and this
function is specific to the jazz machines, not part of the
SYSBUS_FDC API. Move it locally with the machine code, and
remove its declaration in "hw/block/fdc.h".

Suggested-by: Mark Cave-Ayland 
Reviewed-by: Mark Cave-Ayland 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/block/fdc.h |  3 ---
 hw/block/fdc-sysbus.c  | 16 
 hw/mips/jazz.c | 16 
 3 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/include/hw/block/fdc.h b/include/hw/block/fdc.h
index 06612218630..ac99d6bcaa0 100644
--- a/include/hw/block/fdc.h
+++ b/include/hw/block/fdc.h
@@ -1,7 +1,6 @@
 #ifndef HW_FDC_H
 #define HW_FDC_H
 
-#include "exec/hwaddr.h"
 #include "qapi/qapi-types-block.h"
 #include "hw/sysbus.h"
 
@@ -12,8 +11,6 @@
 
 void isa_fdc_init_drives(ISADevice *fdc, DriveInfo **fds);
 void sysbus_fdc_init_drives(SysBusDevice *dev, DriveInfo **fds);
-void fdctrl_init_sysbus(qemu_irq irq, int dma_chann,
-hwaddr mmio_base, DriveInfo **fds);
 
 FloppyDriveType isa_fdc_get_drive_type(ISADevice *fdc, int i);
 int cmos_get_fd_drive_type(FloppyDriveType fd0);
diff --git a/hw/block/fdc-sysbus.c b/hw/block/fdc-sysbus.c
index 74c7c8f2e01..5c7e49bcc3f 100644
--- a/hw/block/fdc-sysbus.c
+++ b/hw/block/fdc-sysbus.c
@@ -103,22 +103,6 @@ void sysbus_fdc_init_drives(SysBusDevice *dev, DriveInfo 
**fds)
 fdctrl_init_drives(&fdc->state.bus, fds);
 }
 
-void fdctrl_init_sysbus(qemu_irq irq, int dma_chann,
-hwaddr mmio_base, DriveInfo **fds)
-{
-DeviceState *dev;
-SysBusDevice *sbd;
-
-dev = qdev_new("sysbus-fdc");
-qdev_prop_set_int32(dev, "dma-channel", dma_chann);
-sbd = SYS_BUS_DEVICE(dev);
-sysbus_realize_and_unref(sbd, &error_fatal);
-sysbus_connect_irq(sbd, 0, irq);
-sysbus_mmio_map(sbd, 0, mmio_base);
-
-sysbus_fdc_init_drives(sbd, fds);
-}
-
 static void sysbus_fdc_common_initfn(Object *obj)
 {
 DeviceState *dev = DEVICE(obj);
diff --git a/hw/mips/jazz.c b/hw/mips/jazz.c
index dba2088ed1a..13f26c5991f 100644
--- a/hw/mips/jazz.c
+++ b/hw/mips/jazz.c
@@ -143,6 +143,22 @@ static void mips_jazz_do_transaction_failed(CPUState *cs, 
hwaddr physaddr,
 }
 #endif /* CONFIG_TCG && !CONFIG_USER_ONLY */
 
+static void fdctrl_init_sysbus(qemu_irq irq, int dma_chann,
+   hwaddr mmio_base, DriveInfo **fds)
+{
+DeviceState *dev;
+SysBusDevice *sbd;
+
+dev = qdev_new("sysbus-fdc");
+qdev_prop_set_int32(dev, "dma-channel", dma_chann);
+sbd = SYS_BUS_DEVICE(dev);
+sysbus_realize_and_unref(sbd, &error_fatal);
+sysbus_connect_irq(sbd, 0, irq);
+sysbus_mmio_map(sbd, 0, mmio_base);
+
+sysbus_fdc_init_drives(sbd, fds);
+}
+
 static void mips_jazz_init(MachineState *machine,
enum jazz_model_e jazz_model)
 {
-- 
2.26.3




[PATCH v4 8/9] hw/block/fdc-sysbus: Add 'dma-channel' property

2021-05-17 Thread Philippe Mathieu-Daudé
QDev properties to be set before the device is realized should
be exposed as a Property with a DEFINE_PROP_XXX() macro, then
accessed with the equivalent qdev_prop_set_xxx() API.

Do this with the FDCtrlSysBus 'dma-channel' property: convert
it to int32_t, default-initialize with DEFINE_PROP_INT32() and
use qdev_prop_set_int32() to set its value in fdctrl_init_sysbus().

Reviewed-by: Mark Cave-Ayland 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/block/fdc-internal.h | 2 +-
 hw/block/fdc-sysbus.c   | 9 ++---
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/hw/block/fdc-internal.h b/hw/block/fdc-internal.h
index 278de725e69..29b318f7525 100644
--- a/hw/block/fdc-internal.h
+++ b/hw/block/fdc-internal.h
@@ -96,7 +96,7 @@ struct FDCtrl {
 qemu_irq irq;
 /* Controller state */
 QEMUTimer *result_timer;
-int dma_chann;
+int32_t dma_chann;
 uint8_t phase;
 IsaDma *dma;
 /* Controller's identification */
diff --git a/hw/block/fdc-sysbus.c b/hw/block/fdc-sysbus.c
index 8f94c2efb63..74c7c8f2e01 100644
--- a/hw/block/fdc-sysbus.c
+++ b/hw/block/fdc-sysbus.c
@@ -106,15 +106,11 @@ void sysbus_fdc_init_drives(SysBusDevice *dev, DriveInfo 
**fds)
 void fdctrl_init_sysbus(qemu_irq irq, int dma_chann,
 hwaddr mmio_base, DriveInfo **fds)
 {
-FDCtrl *fdctrl;
 DeviceState *dev;
 SysBusDevice *sbd;
-FDCtrlSysBus *sys;
 
 dev = qdev_new("sysbus-fdc");
-sys = SYSBUS_FDC(dev);
-fdctrl = &sys->state;
-fdctrl->dma_chann = dma_chann; /* FIXME */
+qdev_prop_set_int32(dev, "dma-channel", dma_chann);
 sbd = SYS_BUS_DEVICE(dev);
 sysbus_realize_and_unref(sbd, &error_fatal);
 sysbus_connect_irq(sbd, 0, irq);
@@ -131,8 +127,6 @@ static void sysbus_fdc_common_initfn(Object *obj)
 FDCtrlSysBus *sys = SYSBUS_FDC(obj);
 FDCtrl *fdctrl = &sys->state;
 
-fdctrl->dma_chann = -1;
-
 qdev_set_legacy_instance_id(dev, 0 /* io */, 2); /* FIXME */
 
 memory_region_init_io(&fdctrl->iomem, obj,
@@ -173,6 +167,7 @@ static Property sysbus_fdc_properties[] = {
 DEFINE_PROP_SIGNED("fallback", FDCtrlSysBus, state.fallback,
 FLOPPY_DRIVE_TYPE_144, qdev_prop_fdc_drive_type,
 FloppyDriveType),
+DEFINE_PROP_INT32("dma-channel", FDCtrlSysBus, state.dma_chann, -1),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.26.3




Re: [PULL 00/16] Trivial branch for 6.1 patches

2021-05-17 Thread Peter Maydell
On Sat, 15 May 2021 at 11:07, Laurent Vivier  wrote:
>
> The following changes since commit 3e9f48bcdabe57f8f90cf19f01bbbf3c86937267:
>
>   Merge remote-tracking branch 
> 'remotes/alistair/tags/pull-riscv-to-apply-20210511' into staging (2021-05-12 
> 17:31:52 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/vivier/qemu.git tags/trivial-branch-for-6.1-pull-request
>
> for you to fetch changes up to 29f9c636894c462fa54fad08049e51877905e93b:
>
>   target/avr: Ignore unimplemented WDR opcode (2021-05-13 19:18:42 +0200)
>
> 
> Pull request trivial-branch 20210515
>
> 



Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/6.1
for any user-visible changes.

-- PMM



<    1   2   3   4   5   6   7   >